Re: [PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-26 Thread Eric Biggers
Hi David, On Wed, Apr 26, 2017 at 08:18:51AM +0200, David Gstir wrote: > > 3.) It's always keying the ESSIV transform using a 256-bit AES key. It's > > still > >secure of course, but I'm not sure it's what you intended, given that > > it's > >used in combination with AES-128. I really

Re: [PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-26 Thread Eric Biggers
Hi David, On Wed, Apr 26, 2017 at 08:18:51AM +0200, David Gstir wrote: > > 3.) It's always keying the ESSIV transform using a 256-bit AES key. It's > > still > >secure of course, but I'm not sure it's what you intended, given that > > it's > >used in combination with AES-128. I really

Re: [PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-26 Thread David Gstir
Hi Eric! Thanks for the feedback! > On 25 Apr 2017, at 22:10, Eric Biggers wrote: > > Hi Daniel and David, > > On Tue, Apr 25, 2017 at 04:41:00PM +0200, David Gstir wrote: >> @@ -147,17 +148,28 @@ int fscrypt_do_page_crypto(const struct inode *inode, >>

Re: [PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-26 Thread David Gstir
Hi Eric! Thanks for the feedback! > On 25 Apr 2017, at 22:10, Eric Biggers wrote: > > Hi Daniel and David, > > On Tue, Apr 25, 2017 at 04:41:00PM +0200, David Gstir wrote: >> @@ -147,17 +148,28 @@ int fscrypt_do_page_crypto(const struct inode *inode, >> fscrypt_direction_t rw, >> { >>

Re: [PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-25 Thread Eric Biggers
Hi Daniel and David, On Tue, Apr 25, 2017 at 04:41:00PM +0200, David Gstir wrote: > @@ -147,17 +148,28 @@ int fscrypt_do_page_crypto(const struct inode *inode, > fscrypt_direction_t rw, > { > struct { > __le64 index; > - u8 padding[FS_XTS_TWEAK_SIZE -

Re: [PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-25 Thread Eric Biggers
Hi Daniel and David, On Tue, Apr 25, 2017 at 04:41:00PM +0200, David Gstir wrote: > @@ -147,17 +148,28 @@ int fscrypt_do_page_crypto(const struct inode *inode, > fscrypt_direction_t rw, > { > struct { > __le64 index; > - u8 padding[FS_XTS_TWEAK_SIZE -

[PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-25 Thread David Gstir
From: Daniel Walter fscrypt provides facilities to use different encryption algorithms which are selectable by userspace when setting the encryption policy. Currently, only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are implemented. This is a clear

[PATCH v2] fscrypt: Add support for AES-128-CBC

2017-04-25 Thread David Gstir
From: Daniel Walter fscrypt provides facilities to use different encryption algorithms which are selectable by userspace when setting the encryption policy. Currently, only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are implemented. This is a clear case of kernel offers the