Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-16 Thread David Gstir
> On 15 Jun 2017, at 22:48, Eric Biggers wrote: > > On Thu, Jun 15, 2017 at 01:41:29PM -0700, Michael Halcrow wrote: >>> static int validate_user_key(struct fscrypt_info *crypt_info, >>> struct fscrypt_context *ctx, u8 *raw_key, >>> -

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-16 Thread David Gstir
> On 15 Jun 2017, at 22:48, Eric Biggers wrote: > > On Thu, Jun 15, 2017 at 01:41:29PM -0700, Michael Halcrow wrote: >>> static int validate_user_key(struct fscrypt_info *crypt_info, >>> struct fscrypt_context *ctx, u8 *raw_key, >>> - const char *prefix)

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-15 Thread Eric Biggers
On Thu, Jun 15, 2017 at 01:41:29PM -0700, Michael Halcrow wrote: > > static int validate_user_key(struct fscrypt_info *crypt_info, > > struct fscrypt_context *ctx, u8 *raw_key, > > - const char *prefix) > > + const char *prefix, int

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-15 Thread Eric Biggers
On Thu, Jun 15, 2017 at 01:41:29PM -0700, Michael Halcrow wrote: > > static int validate_user_key(struct fscrypt_info *crypt_info, > > struct fscrypt_context *ctx, u8 *raw_key, > > - const char *prefix) > > + const char *prefix, int

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-15 Thread Michael Halcrow
On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote: > From: Daniel Walter > > fscrypt provides facilities to use different encryption algorithms which > are selectable by userspace when setting the encryption policy. Currently, > only AES-256-XTS for file contents

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-15 Thread Michael Halcrow
On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote: > From: Daniel Walter > > fscrypt provides facilities to use different encryption algorithms which > are selectable by userspace when setting the encryption policy. Currently, > only AES-256-XTS for file contents and AES-256-CBC-CTS

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-01 Thread Theodore Ts'o
On Wed, May 31, 2017 at 05:57:22PM +0200, David Gstir wrote: > > The 'keysize > sizeof(salt)' check is now pointless and should be removed, > > since > > we decided not to key the ESSIV cipher with 'keysize' bytes, but rather with > > sizeof(salt) bytes. So this function is compatible with any

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-06-01 Thread Theodore Ts'o
On Wed, May 31, 2017 at 05:57:22PM +0200, David Gstir wrote: > > The 'keysize > sizeof(salt)' check is now pointless and should be removed, > > since > > we decided not to key the ESSIV cipher with 'keysize' bytes, but rather with > > sizeof(salt) bytes. So this function is compatible with any

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-05-31 Thread David Gstir
Hi Eric, > On 23 May 2017, at 21:00, Eric Biggers wrote: > > Hi David, > > On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote: >> From: Daniel Walter >> >> fscrypt provides facilities to use different encryption algorithms which >> are

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-05-31 Thread David Gstir
Hi Eric, > On 23 May 2017, at 21:00, Eric Biggers wrote: > > Hi David, > > On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote: >> From: Daniel Walter >> >> fscrypt provides facilities to use different encryption algorithms which >> are selectable by userspace when setting the

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-05-23 Thread Eric Biggers
Hi David, On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote: > From: Daniel Walter > > fscrypt provides facilities to use different encryption algorithms which > are selectable by userspace when setting the encryption policy. Currently, > only AES-256-XTS for

Re: [PATCH v4] fscrypt: Add support for AES-128-CBC

2017-05-23 Thread Eric Biggers
Hi David, On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote: > From: Daniel Walter > > fscrypt provides facilities to use different encryption algorithms which > are selectable by userspace when setting the encryption policy. Currently, > only AES-256-XTS for file contents and

[PATCH v4] fscrypt: Add support for AES-128-CBC

2017-05-22 Thread David Gstir
From: Daniel Walter fscrypt provides facilities to use different encryption algorithms which are selectable by userspace when setting the encryption policy. Currently, only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are implemented. This is a clear

[PATCH v4] fscrypt: Add support for AES-128-CBC

2017-05-22 Thread David Gstir
From: Daniel Walter fscrypt provides facilities to use different encryption algorithms which are selectable by userspace when setting the encryption policy. Currently, only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are implemented. This is a clear case of kernel offers the