lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+_SqcB09GJJoTBm-U7ZwyTjuumyp4QwhLyxj8wbObd47qJOWw@mail.gmail.com> Date: Tue, 19 May 2020 09:33:11 -0700 From: Paul Crowley <paulcrowley@...gle.com> To: Eric Biggers <ebiggers@...nel.org> Cc: linux-fscrypt@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-crypto@...r.kernel.org, linux-mmc@...r.kernel.org, "Theodore Y . Ts'o" <tytso@....edu>, Satya Tangirala <satyat@...gle.com>, Jaegeuk Kim <jaegeuk@...nel.org> Subject: Re: [PATCH] fscrypt: add support for IV_INO_LBLK_32 policies On Fri, 15 May 2020 at 13:50, Eric Biggers <ebiggers@...nel.org> wrote: > > From: Eric Biggers <ebiggers@...gle.com> > > The eMMC inline crypto standard will only specify 32 DUN bits (a.k.a. IV > bits), unlike UFS's 64. IV_INO_LBLK_64 is therefore not applicable, but > an encryption format which uses one key per policy and permits the > moving of encrypted file contents (as f2fs's garbage collector requires) > is still desirable. > > To support such hardware, add a new encryption format IV_INO_LBLK_32 > that makes the best use of the 32 bits: the IV is set to > 'SipHash-2-4(inode_number) + file_logical_block_number mod 2^32', where > the SipHash key is derived from the fscrypt master key. We hash only > the inode number and not also the block number, because we need to > maintain contiguity of DUNs to merge bios. Reviewed-by: Paul Crowley <paulcrowley@...gle.com> This is the best that can be done cryptographically on such hardware.
Powered by blists - more mailing lists