| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250401040852.GC56851@sol.localdomain> Date: Mon, 31 Mar 2025 21:08:52 -0700 From: Eric Biggers <ebiggers@...nel.org> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "David S. Miller" <davem@...emloft.net>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linux Crypto Mailing List <linux-crypto@...r.kernel.org> Subject: Re: Chaining is dead On Tue, Apr 01, 2025 at 11:55:02AM +0800, Herbert Xu wrote: > On Mon, Mar 31, 2025 at 08:33:03PM -0700, Eric Biggers wrote: > > > > - It would add the overhead of keyslot management to software crypto > > That seems to be a design error in blk_crypto. Why should we > model the inadequacies of hardware in software? > > If we're going through the software crypto path in blk_crypto, > it should be done as a first-clsas citizen, and not as a poor > man's version of hardware crypto. Interesting seeing this argument coming from you when the whole Crypto API is built around forcing software crypto to use interfaces designed for hardware. Currently the blk-crypto keyslots are "needed" even for blk-crypto-fallback since otherwise it would be necessary to expand the key (crypto_skcipher_setkey() in the Crypto API, or its library equivalent like aes_expandkey() if we switch to that) for every I/O request. The blk-crypto interface could be reworked to support pre-expansion of the key, but that would differ from what actual inline encryption hardware needs. So this is just another case where the needs of hardware vs. software diverge... - Eric
Powered by blists - more mailing lists