Custom Search
Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - C index
The Linux kernel configuration item CONFIG_CRYPTO_ESSIV has multiple definitions:
crypto/KconfigThe configuration item CONFIG_CRYPTO_ESSIV:
(none)essivEncrypted Salt-Sector IV generator
This IV generator is used in some cases by fscrypt and/or dm-crypt. It uses the hash of the block encryption key as the symmetric key for a block encryption pass applied to the input IV, making low entropy IV sources more suitable for block encryption.
This driver implements a crypto API template that can be instantiated either as an skcipher or as an AEAD (depending on the type of the first template argument), and which defers encryption and decryption requests to the encapsulated cipher after applying ESSIV to the input IV. Note that in the AEAD case, it is assumed that the keys are presented in the same format used by the authenc template, and that the IV appears at the end of the authenticated associated data (AAD) region (which is how dm-crypt uses it.)
Note that the use of ESSIV is not recommended for new deployments, and so this only needs to be enabled when interoperability with existing encrypted volumes of filesystems is required, or when building for a particular system that requires it (e.g., when the SoC in question has accelerated CBC but not XTS, making CBC combined with ESSIV the only feasible mode for h/w accelerated block encryption)
crypto/KconfigThe configuration item CONFIG_CRYPTO_ESSIV:
(none)essivEncrypted salt-sector initialization vector (ESSIV) is an IV generation method that is used in some cases by fscrypt and/or dm-crypt. It uses the hash of the block encryption key as the symmetric key for a block encryption pass applied to the input IV, making low entropy IV sources more suitable for block encryption.
This driver implements a crypto API template that can be instantiated either as an skcipher or as an AEAD (depending on the type of the first template argument), and which defers encryption and decryption requests to the encapsulated cipher after applying ESSIV to the input IV. Note that in the AEAD case, it is assumed that the keys are presented in the same format used by the authenc template, and that the IV appears at the end of the authenticated associated data (AAD) region (which is how dm-crypt uses it.)
Note that the use of ESSIV is not recommended for new deployments, and so this only needs to be enabled when interoperability with existing encrypted volumes of filesystems is required, or when building for a particular system that requires it (e.g., when the SoC in question has accelerated CBC but not XTS, making CBC combined with ESSIV the only feasible mode for h/w accelerated block encryption)
Raw data from LKDDb:
lkddb module essiv CONFIG_CRYPTO_ESSIV : crypto/Kconfig : "Encrypted Salt-Sector IV Generator" # in 5.4–5.19, 6.0–6.14, 6.15-rc+HEADThis page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).
The data is retrived from:
Popular queries:
Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - C index
Automatically generated (in year 2025). See also LKDDb sources on GitLab