From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <levent.demir@inria.fr>
Received: from mail3-relais-sop.national.inria.fr
 (mail3-relais-sop.national.inria.fr [192.134.164.104])
 (using TLSv1.2 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 27 Apr 2016 15:00:03 +0200 (CEST)
Message-ID: <1461761810.6452.16.camel@inria.fr>
From: levent demir <levent.demir@inria.fr>
Date: Wed, 27 Apr 2016 14:56:50 +0200
In-Reply-To: <56E73AE2.9020404@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [dm-crypt] Cryptesetup and dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi,

I am a PhD student and works and I am working with cryptsetup and a hw
crypto engine. 

I am using an ATMEL board which is able to do AES-ECB mode for example. 

We have implemented an XTS version with all operations (XOR, GF
Multiplication, 2 AES : one for IV one for data...)

My question is can we use the page size instead of the block size of 512
bytes ?

I have read some thread it is written that it could be a security issue
but I don't agree because : 

Now to implement XTS I do as follows basically : 

I take the IV encrypt it with the second part of the key, then I compute
the 32 tweaks values in -for example- an array tweak_buf[512]. 
Then I just have to compute the XOR with plaintext. 
I do a DMA encryption with ECB of the 512 bytes. 
Again I xor the ciphered data with tweak_buf.

Then I have ciphered a whole block of 512 bytes.

Now my question, the hardware is supporting a DMA operation till 4096, 
is it not interesting to encrypt 8 blocks at a time ? 
It is exactly the same operation as encrypting each block
consecutively. 

Of course I need to pre-compute the 8 tweak_buf in a big
tweak_buf[4096].Then in only one DMA operation I will be able to encrypt
4096 bytes with ECB mode. 

I hope you understand what I mean.

Can you tell me if it is possible ? If yes can I use a previous patch, I
have seen that there are some works on it ?

Thank you.