lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 23 Aug 2019 16:18:47 +0900
From:   "boojin.kim" <boojin.kim@...sung.com>
To:     "'Herbert Xu'" <herbert@...dor.apana.org.au>
Cc:     "'Herbert Xu'" <herbert@...dor.apana.org.au>,
        "'David S. Miller'" <davem@...emloft.net>,
        "'Eric Biggers'" <ebiggers@...nel.org>,
        "'Theodore Y. Ts'o'" <tytso@....edu>,
        "'Chao Yu'" <chao@...nel.org>,
        "'Jaegeuk Kim'" <jaegeuk@...nel.org>,
        "'Andreas Dilger'" <adilger.kernel@...ger.ca>,
        "'Theodore Ts'o'" <tytso@....edu>, <dm-devel@...hat.com>,
        "'Mike Snitzer'" <snitzer@...hat.com>,
        "'Alasdair Kergon'" <agk@...hat.com>,
        "'Jens Axboe'" <axboe@...nel.dk>,
        "'Krzysztof Kozlowski'" <krzk@...nel.org>,
        "'Kukjin Kim'" <kgene@...nel.org>,
        "'Jaehoon Chung'" <jh80.chung@...sung.com>,
        "'Ulf Hansson'" <ulf.hansson@...aro.org>,
        <linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-fscrypt@...r.kernel.org>, <linux-mmc@...r.kernel.org>,
        <linux-samsung-soc@...r.kernel.org>, <linux-block@...r.kernel.org>,
        <linux-ext4@...r.kernel.org>,
        <linux-f2fs-devel@...ts.sourceforge.net>,
        <linux-samsung-soc@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH 6/9] dm crypt: support diskcipher

On Fri, Aug 23, 2019 at 01:28:37PM +0900, Herbert Xu wrote:
>
> No.  If you're after total offload then the crypto API is not for
> you.  What we can support is the offloading of encryption/decryption
> over many sectors.
>
> Cheers,

FMP doesn't use encrypt/decrypt of crypto API because it doesn't
expose cipher-text to DRAM.
But, Crypto API has many useful features such as cipher management,
cipher allocation with cipher name, key management and test manager.
All these features are useful for FMP.
FMP has been cerified with FIPS as below by using test vectors and
test manager of Crypto API.
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certi
ficate/3255
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-pr
ogram/documents/security-policies/140sp3255.pdf

Can't I use crypto APIs to take advantage of this?
I want to find a good way that FMP can use crypto API.

Thanks
Boojin Kim.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ