diff mbox series

[33/42] mkfs.ubifs: Enable Cipher selection

Message ID 20181018143718.26298-34-richard@nod.at
State Accepted
Delegated to: David Oberhollenzer
Headers show
Series mtd-utils: Add fscrypt support to mkfs.ubifs | expand

Commit Message

Richard Weinberger Oct. 18, 2018, 2:37 p.m. UTC 
No longer hard code AES-128-CBC, we support AES-256-XTS too.

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 ubifs-utils/mkfs.ubifs/crypto.c  | 7 +++++--
 ubifs-utils/mkfs.ubifs/crypto.h  | 3 +++
 ubifs-utils/mkfs.ubifs/fscrypt.c | 4 ++--
 ubifs-utils/mkfs.ubifs/fscrypt.h | 9 ++++++++-
 4 files changed, 18 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index 8d113f198bb2..ec414531e94a 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -23,9 +23,8 @@ 
 #include <string.h>
 #include <assert.h>
 
-#include "crypto.h"
+#include "fscrypt.h"
 #include "common.h"
-#include "mtd_swab.h"
 
 static int do_sha256(const unsigned char *in, size_t len, unsigned char *out)
 {
@@ -284,11 +283,15 @@  static struct cipher ciphers[] = {
 		.key_length = 16,
 		.encrypt_block = encrypt_block_aes128_cbc,
 		.encrypt_fname = encrypt_aes128_cbc_cts,
+		.fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_128_CBC,
+		.fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_128_CTS,
 	}, {
 		.name = "AES-256-XTS",
 		.key_length = 64,
 		.encrypt_block = encrypt_block_aes256_xts,
 		.encrypt_fname = encrypt_aes256_cbc_cts,
+		.fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_256_XTS,
+		.fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_256_CTS,
 	}
 };
 
diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h
index 7fb2d3b8d005..c2631dd0fd89 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.h
+++ b/ubifs-utils/mkfs.ubifs/crypto.h
@@ -36,6 +36,9 @@  struct cipher {
 
 	ssize_t (*encrypt_fname)(const void *plaintext, size_t size,
 				 const void *key, void *ciphertext);
+
+	unsigned int fscrypt_block_mode;
+	unsigned int fscrypt_fname_mode;
 };
 
 
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c
index 02132e205a35..2fc0ae8b3509 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.c
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.c
@@ -253,8 +253,8 @@  struct fscrypt_context *init_fscrypt_context(const char *cipher_name,
 	new_fctx = xmalloc(sizeof(*new_fctx));
 
 	new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
-	new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC;
-	new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS;
+	new_fctx->contents_encryption_mode = fscrypt_cipher->fscrypt_block_mode;
+	new_fctx->filenames_encryption_mode = fscrypt_cipher->fscrypt_fname_mode;
 	new_fctx->flags = flags;
 
 	memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE);
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h
index b6fb6d136e58..e39d7e105fda 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.h
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.h
@@ -26,13 +26,20 @@ 
 #include <sys/types.h>
 #include "crypto.h"
 
-
 #ifndef FS_KEY_DESCRIPTOR_SIZE
 #define FS_KEY_DESCRIPTOR_SIZE  8
 #endif
 #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
 #define FS_KEY_DERIVATION_NONCE_SIZE	16
 
+#ifndef FS_ENCRYPTION_MODE_AES_256_XTS
+#define FS_ENCRYPTION_MODE_AES_256_XTS 1
+#endif
+
+#ifndef FS_ENCRYPTION_MODE_AES_256_CTS
+#define FS_ENCRYPTION_MODE_AES_256_CTS 4
+#endif
+
 #ifndef FS_ENCRYPTION_MODE_AES_128_CBC
 #define FS_ENCRYPTION_MODE_AES_128_CBC 5
 #endif