On Nov 29, 2021, at 19:27, Eric Biggers [off-list ref] wrote:

On Wed, Nov 24, 2021 at 12:06:45PM -0800, Chang S. Bae wrote:

quoted

== Non Use Cases ==

Bare metal disk encryption is the only use case intended by these patches.

If that's the case, why are so many encryption modes being added (ECB, CTR, CBC,
and XTS)?  Wouldn't just XTS be sufficient?

Right, it would reduce the crypt library changes significantly. But it is
clueless whether XTS is sufficient to support DM-crypt, because a user may
select the kernel’s crypto API via ‘capi:', [1].

quoted

* PATCH10-15: For the x86 crypto library, it first prepares the AES-NI code
 to accommodate the new AES implementation. Then incrementally add base
 functions and various modes support -- ECB, CBC, CTR, and XTS. The code
 was found to pass the crypto test.

Did you test with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y?

Yes.

Thanks,
Chang

[1] https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt