From: Milan Broz <gmazyland@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Stephan Mueller <smueller@chronox.de>,
Dmitry Vyukov <dvyukov@google.com>,
syzkaller@googlegroups.com, davem@davemloft.net,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
kcc@google.com, glider@google.com, edumazet@google.com,
sasha.levin@oracle.com, keescook@google.com,
Ondrej Kozina <okozina@redhat.com>
Subject: Re: [PATCH 1/2] crypto: af_alg - Add nokey compatibility path
Date: Fri, 8 Jan 2016 19:21:12 +0100 [thread overview]
Message-ID: <568FFE18.6090900@gmail.com> (raw)
In-Reply-To: <20160108124851.GA5425@gondor.apana.org.au>
On 01/08/2016 01:48 PM, Herbert Xu wrote:
> On Mon, Jan 04, 2016 at 01:33:54PM +0100, Milan Broz wrote:
>>
>> - hmac() is now failing the same way (SETKEY after accept())
>> (I initially tested without two patches above, these are not in linux-next yet.)
>> This breaks all cryptsetup TrueCrypt support (and moreover all systems if
>> kernel crypto API is set as a default vcrypto backend - but that's not default).
>
> Yes algif_hash would need the same compatibility patch and I'm
> working on that.
Ok, I fixed this already.
>
>> - cipher_null before worked without setkey, now it requires to set key
>> (either before or after accept().
>> This was actually probably bad workaround in cryptsetup, anyway it will now cause
>> old cryptsetup-reencrypt tool failing with your patches.
>> (Try "cryptsetup benchmark -c cipher_null-ecb". I am not sure what to do here,
>> but not requiring setkey for "cipher" that has no key internally seems ok for me...)
>
> Is cipher_null actually used in production or is this just a
> benchmark? Using the kernel crypto API to perform no encryption
> sounds crazy.
Except benchmarks (I do not care about this) we use cipher_null in cryptsetup-reencrypt
when adding encryption in-place (plaintext-only device is converted
to LUKS, cipher_null is used during conversion for original plainext device,
then offline converted to some real cipher with key).
(It reuses the same logic as re-encryption, IOW volume key change.)
So it is used in production but just for this specific case.
Thanks,
Milan
next prev parent reply other threads:[~2016-01-08 18:21 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-17 12:59 GPF in lrw_crypt Dmitry Vyukov
2015-12-21 22:58 ` Stephan Mueller
2015-12-24 9:39 ` Herbert Xu
2015-12-24 11:03 ` Dmitry Vyukov
2015-12-25 7:40 ` [PATCH v2] crypto: algif_skcipher - Require setkey before accept(2) Herbert Xu
2015-12-28 13:39 ` Dmitry Vyukov
2015-12-29 13:24 ` Herbert Xu
2016-01-02 11:52 ` Milan Broz
2016-01-02 14:41 ` Milan Broz
2016-01-02 20:03 ` Stephan Mueller
2016-01-02 20:18 ` Milan Broz
2016-01-03 1:31 ` Herbert Xu
2016-01-03 9:42 ` Milan Broz
2016-01-04 4:35 ` [PATCH 1/2] crypto: af_alg - Add nokey compatibility path Herbert Xu
2016-01-04 4:36 ` [PATCH 2/2] crypto: algif_skcipher " Herbert Xu
2016-01-04 12:33 ` [PATCH 1/2] crypto: af_alg " Milan Broz
2016-01-08 12:48 ` Herbert Xu
2016-01-08 18:21 ` Milan Broz [this message]
2016-01-09 5:41 ` Herbert Xu
2016-01-09 10:14 ` Milan Broz
2016-01-11 13:26 ` [PATCH 1/2] crypto: skcipher - Add crypto_skcipher_has_setkey Herbert Xu
2016-01-11 13:29 ` [PATCH 2/2] crypto: algif_skcipher - Add key check exception for cipher_null Herbert Xu
2016-01-11 14:59 ` Milan Broz
2016-01-08 13:28 ` [PATCH 1/2] crypto: hash - Add crypto_ahash_has_setkey Herbert Xu
2016-01-08 13:31 ` [PATCH 2/2] crypto: algif_hash - Require setkey before accept(2) Herbert Xu
2016-01-08 13:54 ` kbuild test robot
2016-01-09 10:15 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568FFE18.6090900@gmail.com \
--to=gmazyland@gmail.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=kcc@google.com \
--cc=keescook@google.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=okozina@redhat.com \
--cc=sasha.levin@oracle.com \
--cc=smueller@chronox.de \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).