| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Jan 2016 14:58:35 +0800 From: Baolin Wang <baolin.wang@...aro.org> To: Milan Broz <gmazyland@...il.com> Cc: Jens Axboe <axboe@...nel.dk>, Alasdair G Kergon <agk@...hat.com>, Mike Snitzer <snitzer@...hat.com>, dm-devel@...hat.com, neilb@...e.com, dan.j.williams@...el.com, martin.petersen@...cle.com, sagig@...lanox.com, Kent Overstreet <kent.overstreet@...il.com>, keith.busch@...el.com, tj@...nel.org, Mark Brown <broonie@...nel.org>, Arnd Bergmann <arnd@...db.de>, linux-block@...r.kernel.org, linux-raid@...r.kernel.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2 0/2] Introduce the bulk IV mode for improving the crypto engine efficiency Hi Milan, On 3 January 2016 at 06:46, Milan Broz <gmazyland@...il.com> wrote: > > Sorry for delay, I tried to compile it. > It doesn't crash now, but it also does not work. > > You usage of IV in XTS mode is not correct - it cannot just work this way, > you have to initialize IV after each block. And just one write not aligned > to your large XTS block will corrupt it. > > Did you tried to _read_ data you write to the device? > > See this test : > > # create device with your patch > $ echo "test"|cryptsetup create -s 512 -c aes-xts-bulk tst /dev/sdg > > # prepare random test file > $ dd if=/dev/urandom of=/src.img bs=1M count=16 > > # now copy the file to the plaintext device and drop caches > $ dd if=/src.img of=/dev/mapper/tst bs=1M count=16 > > $ echo 3 > /proc/sys/vm/drop_caches > > # and verify that we are (not) reading the same data ... > > $ dd if=/dev/mapper/tst of=/dst1.img bs=1M count=16 > > $ sha256sum /src.img /dst1.img > 5401119fa9975bbeebac58e0b2598bc87247a29e62417f9f58fe200b531602ad /src.img > e9bf5efa95031fdb5adf618db141f48ed23f71b12c017b8a0cbe0a694f18b979 /dst1.img > > (I think only first page-sized block is correct, because without direct-io > it writes in page-sized IOs.) > > > ... or just try to mkfs and mount it > $ mkfs -t ext4 /dev/mapper/tst > > mke2fs 1.42.13 (17-May-2015) > Creating filesystem with 262144 4k blocks and 65536 inodes > ... > > $ mount /dev/mapper/tst /mnt/tst > mount: wrong fs type, bad option, bad superblock on /dev/mapper/tst, > missing codepage or helper program, or other error > > > You approach simply does not work. (It will probably work for ECB mode but it is > unusable in real world.) > > > Anyway, I think that you should optimize driver, not add strange hw-dependent > crypto modes to dmcrypt. This is not the first crypto accelerator that is just not > suited for this kind of use. Very grateful for your feedback. I'm sorry I didn't check much data correctness, mostly focus on the encryption speed. It looks like there are something wrong when I follow your test procedure. I will optimize the driver and need to be known much about XTS mode to check why it can not work. Thanks. > > (If it can process batch of chunks of data each with own IV, then it can work > with dmcrypt, but I think such optimized code should be inside crypto API, > not in dmcrypt.) > > Milan -- Baolin.wang Best Regards -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists