lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Jul 2018 09:46:04 +0800
From:   Xiongfeng Wang <wangxiongfeng2@...wei.com>
To:     Milan Broz <gmazyland@...il.com>, Mark Brown <broonie@...nel.org>
CC:     <agk@...hat.com>, <snitzer@...hat.com>,
        <herbert@...dor.apana.org.au>, <dm-devel@...hat.com>,
        <linux-kernel@...r.kernel.org>, <arnd@...db.de>,
        <jonathan.cameron@...wei.com>
Subject: Re: [PATCH 4/5] crypto: Add IV generation templates

Hi,

On 2018/7/19 1:17, Milan Broz wrote:
> On 18/07/18 18:46, Mark Brown wrote:
>> On Wed, Jul 18, 2018 at 10:16:05AM +0200, Milan Broz wrote:
>>
>>> So we are here again and moving INTERNAL dm-crypt functionality into
>>> cryptoapi.

> (namely TCW and LMK) do much more that IV - they modify encryption mode.
> This was a hack to support some FDE encryption modes (old Truecrypt and loopAES)
> and that should not spread outside dm-crypt (and blame me for this code hacks :).
> 
> 2) If the reason is performance, please provide numbers with the patch.
> What I see now is that the performance is almost the same. So why you are doing it?
> Any real hw that benefits from it?

I add IV templates, such as 'plain()',  'benbi()'
When applying it to the existing algorithm, such as 'aes-cbc', and so on,
it generates new algorithm 'aes-cbc-plain', 'aes-cbc-benbi.
This patch modify the dm-crypt to rely on the new algorithm 'aes-cbc-benbi'.
Dm-crypt passes the whole 'bio' to 'aes-cbc-benbi', rather than divide
the bio into sectors, and alternatively pass each sector to 'aes-cbc'.

Because the internal implementation of the IV template 'benbi()' is still
dividing the whole bio into sectors, so the performance is almost the same.
The purpose of this patch is to let dm-crypt rely on the new algorithm 'aes-cbc-benbi'
and pass the whole bio to the new algorithm.
And then if the hardware driver implements this new algorithm, it can get the data of
the bio at one time, and return the processed data at one time.
I think it will decrease the overhead of passing each sector alternatively.
But the hardware need to implement the new algorithm if it want to benefit from this.

Thanks,
Xiongfeng
> 
> I added 4k sector support in dmcrypt and IMO this helps much more
> than some hw IV accelerations (AFAIK is is already used in some mainframe
> accelerators this way because of performance).
> 
> Milan
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ