From patchwork Thu Oct 18 14:37:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 985965 X-Patchwork-Delegate: david.oberhollenzer@sigma-star.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nod.at Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Ev23ecbP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="Qwlwx4ae"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bX9H2QFJz9sBj for ; Fri, 19 Oct 2018 01:53:23 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=KtikZF4VTU31z40roVs13GH7bW8aUQtt4boRpBQNExY=; b=Ev23ecbPJ/AjG0 VD6iB3r94/w2FmJPzYE95rwZK6Hyl8SoRCNXzC5VpT40Zf6EEMoBPlWqP8DzNaTD77XlHkpO35anH cMsu9aAGr7kELnEFigbmwGXuqGWvzUXiXKvI7JEPZSVvmYgNe+G0p8gEmDuTIURRYz8h3wTbshIQP c4Uqr4gZWgLGBcQaQD98h1a5ATCZQC3/OJCCwQzZaM30S4m+6ha5HMvH9oEcaJoPdLxMF/bKd0wKs 38QGGapPmacLng8+PeBFiVovBDjmfQmT/F0TYSSpGyfzJ0X3Pi7cmiQwboEw44PWRoCRMBYMX9cMG rzR3/rYvyWawI5w4Kfqg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9fi-0005gD-Pn; Thu, 18 Oct 2018 14:53:10 +0000 Received: from casper.infradead.org ([85.118.1.10]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9TD-00053K-3I for linux-mtd@bombadil.infradead.org; Thu, 18 Oct 2018 14:40:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=9/8Iuyz62aYHgrZIA4S/ZslMn+o61PsmuWX4OghUZtI=; b=Qwlwx4aeDkppqVT5UOw5f5pIWZ xnCWSTbjxMGNBDQDeBAiBgeMqJG+Fg62wvE2cizE3hTkv+rjBaAE6Uj/ipRaB94Yvt37ql9hLBuKe yp+ZM2R4YFktGkZQVQweuAGIMMx9vBKlAKj/atgyeWqXKrzftdanQsE4hsXsNipwDSClsPjpfe/xG k7mckwPCNvWKDdDriadcBlIQrayYU4yGM5JzhdeF5nduPqkYddAYbn6OxFtC8qgZfOpOHGFGdnWaE /gpKvR7W92lcqT+1IX/uI8GzIS2t3mZWZR0B1a7gLsADWIl7912IXHktkJvar4LzwcOGAADWsV3+6 CoBtBIkw==; Received: from lilium.sigma-star.at ([109.75.188.150]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gD9SC-0002Sx-Pq for linux-mtd@lists.infradead.org; Thu, 18 Oct 2018 14:39:14 +0000 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 24328180347EA; Thu, 18 Oct 2018 16:39:02 +0200 (CEST) From: Richard Weinberger To: linux-mtd@lists.infradead.org Subject: [PATCH 35/42] mkfs.ubifs: Fixup AES-XTS mode Date: Thu, 18 Oct 2018 16:37:11 +0200 Message-Id: <20181018143718.26298-36-richard@nod.at> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018143718.26298-1-richard@nod.at> References: <20181018143718.26298-1-richard@nod.at> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181018_153912_978798_31BD7C3F X-CRM114-Status: GOOD ( 12.45 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Weinberger , david.oberhollenzer@sigma-star.at Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org In XTS mode we don't need ESSIV, just use the block number as tweak. Also apply EVP_EncryptFinal(). Signed-off-by: Richard Weinberger --- ubifs-utils/mkfs.ubifs/crypto.c | 35 +++++++++++++++++++++----------- ubifs-utils/mkfs.ubifs/fscrypt.h | 4 ++++ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 7d35ae7473ba..d0f24e1a5f6f 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -91,6 +91,13 @@ static ssize_t do_encrypt(const EVP_CIPHER *cipher, ciphertext_len = len; + if (cipher == EVP_aes_256_xts()) { + if (EVP_EncryptFinal(ctx, ciphertext + ciphertext_len, &len) != 1) + goto fail_ctx; + + ciphertext_len += len; + } + EVP_CIPHER_CTX_free(ctx); return ciphertext_len; fail_ctx: @@ -128,28 +135,32 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz return ret; } - static ssize_t encrypt_block(const void *plaintext, size_t size, const void *key, uint64_t block_index, void *ciphertext, const EVP_CIPHER *cipher) { - size_t key_len, ret, ivsize; - void *essiv_salt, *iv; + size_t key_len, ivsize; + void *tweak; + struct { + uint64_t index; + uint8_t padding[FS_IV_SIZE - sizeof(uint64_t)]; + } iv; ivsize = EVP_CIPHER_iv_length(cipher); key_len = EVP_CIPHER_key_length(cipher); - iv = alloca(ivsize); - essiv_salt = alloca(ivsize); + iv.index = cpu_to_le64(block_index); + memset(iv.padding, 0, sizeof(iv.padding)); - memset(iv, 0, ivsize); - *((uint64_t *)iv) = cpu_to_le64(block_index); - - gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt); + if (cipher == EVP_aes_256_cbc()) { + tweak = alloca(ivsize); + gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak); + } else { + tweak = &iv; + } - ret = do_encrypt(cipher, plaintext, size, key, key_len, - essiv_salt, ivsize, ciphertext); - return ret; + return do_encrypt(cipher, plaintext, size, key, key_len, tweak, + ivsize, ciphertext); } static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e39d7e105fda..e3cfee50290a 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -93,6 +93,10 @@ struct fscrypt_symlink_data { #define FS_MAX_KEY_SIZE 64 #endif +#ifndef FS_IV_SIZE +#define FS_IV_SIZE 16 +#endif + unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx);