lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6ff4d074-7508-4f4c-de06-f36899668168@acm.org>
Date:   Thu, 9 Dec 2021 14:51:59 -0800
From:   Bart Van Assche <bvanassche@....org>
To:     Eric Biggers <ebiggers@...nel.org>, linux-block@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
        linux-scsi@...r.kernel.org, linux-mmc@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Hannes Reinecke <hare@...e.de>
Subject: Re: [PATCH v3 3/3] blk-crypto: show crypto capabilities in sysfs

On 12/7/21 5:35 PM, Eric Biggers wrote:
> +What:		/sys/block/<disk>/queue/crypto/modes/<mode>
> +Date:		December 2021
> +Contact:	linux-block@...r.kernel.org
> +Description:
> +		[RO] For each crypto mode (i.e., encryption/decryption
> +		algorithm) the device supports with inline encryption, a file
> +		will exist at this location.  It will contain a hexadecimal
> +		number that is a bitmask of the supported data unit sizes, in
> +		bytes, for that crypto mode.
> +
> +		Currently, the crypto modes that may be supported are:
> +
> +		   * AES-256-XTS
> +		   * AES-128-CBC-ESSIV
> +		   * Adiantum
> +
> +		For example, if a device supports AES-256-XTS inline encryption
> +		with data unit sizes of 512 and 4096 bytes, the file
> +		/sys/block/<disk>/queue/crypto/modes/AES-256-XTS will exist and
> +		will contain "0x1200".

So a bitmask is used to combine multiple values into a single number? Has it been
considered to report each value separately, e.g. 512\n4096\n instead of 0x1200\n?
I think the former approach is more friendly for shell scripts.

> +struct blk_crypto_attr {
> +	struct attribute attr;
> +	ssize_t (*show)(struct blk_crypto_profile *profile,
> +			struct blk_crypto_attr *attr, char *page);
> +};

It is not clear to me why this structure has been introduced instead of using the
existing kobj_attribute structure?

> +static int __init blk_crypto_sysfs_init(void)
> +{
> +	int i;
> +
> +	BUILD_BUG_ON(BLK_ENCRYPTION_MODE_INVALID != 0);
> +	for (i = 1; i < BLK_ENCRYPTION_MODE_MAX; i++) {
> +		struct blk_crypto_attr *attr = &__blk_crypto_mode_attrs[i];
> +
> +		attr->attr.name = blk_crypto_modes[i].name;
> +		attr->attr.mode = 0444;
> +		attr->show = blk_crypto_mode_show;
> +		blk_crypto_mode_attrs[i - 1] = &attr->attr;
> +	}
> +	return 0;
> +}
> +subsys_initcall(blk_crypto_sysfs_init);

Would it be possible to remove the use of subsys_initcall() if the crypto attributes and
blk_crypto_modes[] would be defined in the same file?

Thanks,

Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ