Message ID | 20201223223841.11311-1-ardb@kernel.org (mailing list archive) |
---|---|
Headers | show |
Series | crypto: x86 - remove XTS and CTR glue helper code | expand |
On Thu, 24 Dec 2020 at 10:33, Milan Broz <gmazyland@gmail.com> wrote: > > On 23/12/2020 23:38, Ard Biesheuvel wrote: > > After applying my performance fixes for AES-NI in XTS mode, the only > > remaining users of the x86 glue helper module are the niche algorithms > > camellia, cast6, serpent and twofish. > > > > It is not clear from the history why all these different versions of these > > algorithms in XTS and CTR modes were added in the first place: the only > > in-kernel references that seem to exist are to cbc(serpent), cbc(camellia) > > and cbc(twofish) in the IPsec stack. The XTS spec only mentions AES, and > > CTR modes don't seem to be widely used either. > > FYI: Serpent, Camellia and Twofish are used in TrueCrypt/VeraCrypt implementation; > cryptsetup and I perhaps even VeraCrypt itself tries to use native dm-crypt mapping. > (They also added Russian GOST Kuznyechik with XTS, but this is not in mainline, > but Debian packages it as gost-crypto-dkms). > > Serpent and Twofish can be also used with LRW and CBC modes (for old containers only). > > Cryptsetup uses crypto userspace API to decrypt the key from header, then it configures > dm-crypt mapping for data. We need both use and in-kernel API here. > > For reference, see this table (my independent implementation of TrueCrypt/VeraCrypt modes, > it should be complete history though): > https://gitlab.com/cryptsetup/cryptsetup/-/blob/master/lib/tcrypt/tcrypt.c#L77 > > If the above still works (I would really like to have way to open old containers) > it is ok to do whatever you want to change here :-) > Thanks Milan. With the XTS code removed from these drivers, the XTS template will be used, which relies on the ECB mode helpers instead. So once we fix those to get rid of the indirect calls, I'd expect XTS to actually improve in performance for these algorithms. > I have no info that CTR is used anywhere related to dm-crypt > (IIRC it can be tricked to be used there but it does not make any sense). > Yes, that was my assumption. Thanks for confirming. -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel