Crypto Updates Sent In For Linux 4.19 Kernel, Speck Is Still In The Kernel

Written by Michael Larabel in Linux Kernel on 15 August 2018 at 01:33 PM EDT. 7 Comments
LINUX KERNEL
The Linux kernel's crypto subsystem updates were sent out today with its new feature work for the Linux 4.19 kernel. One change we were curious to see was whether they were going to nuke the Speck cipher code, but they did not.

Back during Linux 4.17, the Crypto updates added the Speck block cipher (and in 4.18, file-system encryption support with Speck was added) which has come under fire since Speck was developed by the US National Security Agency (NSA) and it's speculated that it could be back-doored by the agency but at the very least can't be a fully trusted for encryption.

Earlier this month Google reverted their plans for using Speck as a means of cheap file-system encryption for low-end Android Go devices and instead is developing HPolyC as a new approach and more secure. Google developers said they wouldn't oppose to the Linux kernel's Speck code thus being removed.

There was then an RFC to drop the Speck code from the Linux kernel but as of writing it hasn't been acted upon. With today's Crypto code updates for Linux 4.19 there are no changes to the Speck code. Additionally, as of Linux 4.18 and in 4.19 Git so far, the Speck-based fscrypt support remains so the longer that's in the kernel the increased likelihood that Speck will have to stay mainline as to not break existing support for anyone who may have already tried this method of file-system encryption.

Anyhow, what is found within the crypto code for this pull request to Linux 4.19 are some minor API changes, replacing the insecure VMAC with VMAC64, public key verification for DH/ECDH, improved NEON latency/throughput for 64-bit ARM, a HiSilicon SEC security accelerator driver, and various other changes. The complete list of crypto patches can be found here.

Also not part of this pull request is the new Zinc crypto library that might one day replace the existing Linux crypto APIs, but that's a ways out and for now is just focused on getting the WireGuard secure VPN tunnel into the mainline kernel.
7 Comments
Related News
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"