linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au,
	johannes@sipsolutions.net, linux-wireless@vger.kernel.org,
	davem@davemloft.net
Subject: Re: [RFC PATCH 0/3] move WEP implementation to skcipher interface
Date: Fri, 7 Jun 2019 10:59:47 -0700	[thread overview]
Message-ID: <20190607175947.GB648@sol.localdomain> (raw)
In-Reply-To: <20190607144944.13485-1-ard.biesheuvel@linaro.org>

On Fri, Jun 07, 2019 at 04:49:41PM +0200, Ard Biesheuvel wrote:
> One of the issues that I would like to see addressed in the crypto API
> is they way the cipher abstraction is used. In general, a cipher should
> never be used directly, and so it would be much better to clean up the
> existing uses of ciphers outside of the crypto subsystem itself, so that
> we can make the cipher abstraction part of the internal API, only to
> be used by templates or crypto drivers that require them as a callback.
> 
> As a first step, this series moves all users of the 'arc4' cipher to
> the ecb(arc4) skcipher, which happens to be implemented by the same
> driver, and is already a stream cipher, given that ARC4_BLOCK_SIZE
> actually evaluates to 1.
> 
> Next step would be to switch the users of the 'des' and 'aes' ciphers
> to other interfaces that are more appropriate, either ecb(...) or a
> library interface, which may be more appropriate in some cases. In any
> case, the end result should be that ciphers are no longer used outside
> of crypto/ and drivers/crypto/
> 
> This series is presented as an RFC, since I am mostly interested in
> discussing the above, but I prefer to do so in the context of actual
> patches rather than an abstract discussion.
> 
> Ard Biesheuvel (3):
>   net/mac80211: switch to skcipher interface for arc4
>   lib80211/tkip: switch to skcipher interface for arc4
>   lib80211/wep: switch to skcipher interface for arc4
> 

The way the crypto API exposes ARC4 is definitely broken.  It treats it as a
block cipher (with a block size of 1 byte...), when it's actually a stream
cipher.  Also, it violates the API by modifying the key during each encryption.

Since ARC4 is fast in software and is "legacy" crypto that people shouldn't be
using, and the users call it on virtual addresses, perhaps we should instead
remove it from the crypto API and provide a library function arc4_crypt()?  We'd
lose support for ARC4 in three hardware drivers, but are there real users who
really are using ARC4 and need those to get acceptable performance?  Note that
they aren't being used in the cases where the 'cipher' API is currently being
used, so it would only be the current 'skcipher' users that might matter.

Someone could theoretically be using "ecb(arc4)" via AF_ALG or dm-crypt, but it
seems unlikely...

As for removing the "cipher" API entirely, we'd have to consider how to convert
all the current users, not just ARC4, so that would be a somewhat different
discussion.  How do you propose to handle dm-crypt and fscrypt which use the
cipher API to do ESSIV?

- Eric

  parent reply	other threads:[~2019-06-07 17:59 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-07 14:49 [RFC PATCH 0/3] move WEP implementation to skcipher interface Ard Biesheuvel
2019-06-07 14:49 ` [RFC PATCH 1/3] net/mac80211: switch to skcipher interface for arc4 Ard Biesheuvel
2019-06-07 14:49 ` [RFC PATCH 2/3] lib80211/tkip: " Ard Biesheuvel
2019-06-07 14:49 ` [RFC PATCH 3/3] lib80211/wep: " Ard Biesheuvel
2019-06-07 17:59 ` Eric Biggers [this message]
2019-06-07 18:08   ` [RFC PATCH 0/3] move WEP implementation to skcipher interface Ard Biesheuvel
2019-06-07 20:24   ` Marcel Holtmann
2019-06-07 20:27     ` Ard Biesheuvel
2019-06-07 20:45       ` Denis Kenzior
2019-06-07 21:15         ` Eric Biggers
2019-06-07 21:28           ` Denis Kenzior
2019-06-07 21:41             ` Eric Biggers
2019-06-07 21:54               ` Denis Kenzior
2019-06-07 22:40                 ` Eric Biggers
2019-06-07 22:47                   ` Denis Kenzior
2019-06-08 13:03                     ` Sandy Harris
2019-06-08 14:37                       ` Ard Biesheuvel
2019-06-08 15:51                         ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190607175947.GB648@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=johannes@sipsolutions.net \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).