From patchwork Tue Aug 6 08:02:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 170644 Delivered-To: patch@linaro.org Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp5351654ile; Tue, 6 Aug 2019 01:02:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqxMYgFgYaqFILMBtiekcrl/skNKMqshWK65ik1uXPUv92nxaswRjTlR2CFolIXWzIfJFTkB X-Received: by 2002:a17:902:7612:: with SMTP id k18mr1915839pll.48.1565078564704; Tue, 06 Aug 2019 01:02:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565078564; cv=none; d=google.com; s=arc-20160816; b=foSOjumto4x7wb6diD7p5l1zDOMTUMxRrnqbE2lGxPj+zB6OktuKqLmAxb0Wj41ew9 D+kOTxEdaHQQmfhzlflUgY/esVPP2yWMjZtn8SqSW6Usn88GnrpdMz1oj5y0wn9VPep1 uP4RjageYZ6F2HvS+YyHxvezHbqGvGCIByHRhntLv5NiWxvK2H4iCJeDHSDpQvrGjy14 LgNZzy8PMLorzwe793434wr0IcuCZnl13f0IRGMWhyutWjhoGfrwFJLGbxP1vFJ637QD lgbb3SrLGHyJQInGZngYwWHxtn1e+f2FmSnblp5cyFX+ZWRM+D0sen83yV3TXMlTTTQf AcvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=LPxrPr3q5T9XtnaxYFQ5MHNB86Gds1XCyjunFknCBCg=; b=Z2Y7bNyOb5gPmrKMPA0z2V1g0O2BdiWVgsmuctO1Va7dtrScwtJq+y59RBVpTMpKN7 Py7zkeigsZKxZIFy4hElygACyDmS3dt4I4WdIrWV8QS1WrvOmOVGaKNpIyrIzYDH3orT WCS84OpajuQq0NCXLnMrYXy1mPp6TX+7KSSVGgpNkrq7CznrIryG/uD41djYGwsFNhDY EylMU8+5eoM+SUyu6CDFrI+DjtPEJhAvqyphhoGOH0/ipgHbdsdK4MbxTfkdXCkp+zt9 v0tRdclvkJkHvqFUztnicTpw1PGWNFLe4D0z7RgBM3oMOVJ+0QBC4z568f1fZbMgZhGd fQCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RlE497f7; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m32si45016256pld.438.2019.08.06.01.02.44; Tue, 06 Aug 2019 01:02:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RlE497f7; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732045AbfHFICn (ORCPT + 3 others); Tue, 6 Aug 2019 04:02:43 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:39266 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727259AbfHFICn (ORCPT ); Tue, 6 Aug 2019 04:02:43 -0400 Received: by mail-wr1-f65.google.com with SMTP id x4so33716277wrt.6 for ; Tue, 06 Aug 2019 01:02:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=LPxrPr3q5T9XtnaxYFQ5MHNB86Gds1XCyjunFknCBCg=; b=RlE497f7kLUSLf4mV597Si4ml7zHS2egprS8akgckGS4RA1YP4GqcmZHvmPQk4Tgm5 2/pKmkGJlCek74lO5Rd9WHtWeMvI1M7DQtLGH9T+avk/4v4wf6qMZmwcG0FDyFnbFx38 VzDWvZoYnNYcbKmTfDWOA9b3Oh1/uwmQ3O7Yz6n02JvPj04C/PFG1TULau4EJwIPzUTx dJE/FiJqvcV2nwup9SZYXA45CIuLbnp9YMVhTErIKmk5udQ90LKxRf3WBwKTLtS0qrjH 4pqwrkEgAyPtkuC2OR99Vt+MfTYQpgdwcWoz0a12nxUBU9JN1SCpZfBZl93fOtZoGI9s Oq9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=LPxrPr3q5T9XtnaxYFQ5MHNB86Gds1XCyjunFknCBCg=; b=m/g4+C7S0kR4ZPFGYU2ivmN096QfjBXeHT5sR5y3muAqEZAIXj068/eCzXQ4ljjGYA 4U0Im7Ou5i+pOh9a5xuh0FPeu1IZ9rNX6pERF3U5CP3B7c102BM2nouoHqxOqOWmyjdd FO/HBp64KzxMDDYf0Y6HDdq2fdojaMesP8J8k0v2srRI2VSYEc5fvvPiIQGwR+Yjs0op rNLyG2ptCrnpIOM4xU6lXtwm3j+KXddaj0oDpKPUnrz5jSYnQLeJQQUYaMSnR5RVSBEi n1zkzbrz0pzIwa1yQqHLTU8Ehr29l4J6uZ11WpoHAlR2G5XEP4xgzv6HkH7jWovl6lkX souQ== X-Gm-Message-State: APjAAAW55g0vE6a6wBdXxUColJu1hkIwZF1IHVnosRFGiFvw3Lg6W7Bn yQl0BE64qqeemBrvgH5UohGfzy0M53M+cA== X-Received: by 2002:adf:de10:: with SMTP id b16mr2946471wrm.296.1565078561540; Tue, 06 Aug 2019 01:02:41 -0700 (PDT) Received: from localhost.localdomain ([2a02:587:a407:da00:582f:8334:9cd9:7241]) by smtp.gmail.com with ESMTPSA id g12sm123785475wrv.9.2019.08.06.01.02.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Aug 2019 01:02:40 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, agk@redhat.com, snitzer@redhat.com, dm-devel@redhat.com, gmazyland@gmail.com, Ard Biesheuvel Subject: [RFC PATCH 0/2] dm-crypt: get rid of cipher API for EBOIV Date: Tue, 6 Aug 2019 11:02:32 +0300 Message-Id: <20190806080234.27998-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This is a follow-up to the discussion [0] started by regarding adding new uses of the cipher API to dm-crypt. In particular, the discussion was about EBOIV, which is used by BitLocker to generate IVs from byte offsets, to be used for AES encryption in CBC mode. The way EBOIV support is currently integrated does not restrict it at all, which means we may paint ourselves into a corner where we are forced to support unexpected and novel ways users have decided to wire up EBOIV. This may become a maintenance burden going forward, and given that EBOIV uses the same key for generating the IV via AES encryption as the one used for the data, it may produce configurations that are not entirely safe. So let's restrict EBOIV to cbc(aes) (patch #1), to prevent it from being used in arbitrary cipher cocktails, and avoid ending up with a disproportionate maintenance burden on the crypto API side. Patch #2 switches the IV generation to the AES library, which avoids potential key leaks due to the use of aes-generic as the cipher used for IV generation. [0] https://www.redhat.com/archives/dm-devel/2019-July/msg00041.html Ard Biesheuvel (2): md/dm-crypt - restrict EBOIV to cbc(aes) md/dm-crypt - switch to AES library for EBOIV drivers/md/dm-crypt.c | 34 ++++++++------------ 1 file changed, 13 insertions(+), 21 deletions(-) -- 2.17.1