diff options
author | Richard Weinberger <richard@nod.at> | 2018-10-18 16:37:09 +0200 |
---|---|---|
committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2018-11-01 12:41:34 +0100 |
commit | 2651d8e09509a7614a66a25e6489d943fd93376b (patch) | |
tree | f1e4c0986c07f81f27bf9b1089234a8eda20ce61 | |
parent | d9421785a18fdfae0ada62ecbfcbbdd28c4e0fde (diff) |
mkfs.ubifs: Enable Cipher selection
No longer hard code AES-128-CBC, we support AES-256-XTS too.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
-rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.c | 7 | ||||
-rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.h | 3 | ||||
-rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.c | 4 | ||||
-rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.h | 9 |
4 files changed, 18 insertions, 5 deletions
diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 8d113f1..ec41453 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -23,9 +23,8 @@ #include <string.h> #include <assert.h> -#include "crypto.h" +#include "fscrypt.h" #include "common.h" -#include "mtd_swab.h" static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) { @@ -284,11 +283,15 @@ static struct cipher ciphers[] = { .key_length = 16, .encrypt_block = encrypt_block_aes128_cbc, .encrypt_fname = encrypt_aes128_cbc_cts, + .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_128_CBC, + .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_128_CTS, }, { .name = "AES-256-XTS", .key_length = 64, .encrypt_block = encrypt_block_aes256_xts, .encrypt_fname = encrypt_aes256_cbc_cts, + .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_256_XTS, + .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_256_CTS, } }; diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index 7fb2d3b..c2631dd 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -36,6 +36,9 @@ struct cipher { ssize_t (*encrypt_fname)(const void *plaintext, size_t size, const void *key, void *ciphertext); + + unsigned int fscrypt_block_mode; + unsigned int fscrypt_fname_mode; }; diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 02132e2..2fc0ae8 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -253,8 +253,8 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, new_fctx = xmalloc(sizeof(*new_fctx)); new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; - new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; - new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; + new_fctx->contents_encryption_mode = fscrypt_cipher->fscrypt_block_mode; + new_fctx->filenames_encryption_mode = fscrypt_cipher->fscrypt_fname_mode; new_fctx->flags = flags; memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index b6fb6d1..e39d7e1 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -26,13 +26,20 @@ #include <sys/types.h> #include "crypto.h" - #ifndef FS_KEY_DESCRIPTOR_SIZE #define FS_KEY_DESCRIPTOR_SIZE 8 #endif #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 #define FS_KEY_DERIVATION_NONCE_SIZE 16 +#ifndef FS_ENCRYPTION_MODE_AES_256_XTS +#define FS_ENCRYPTION_MODE_AES_256_XTS 1 +#endif + +#ifndef FS_ENCRYPTION_MODE_AES_256_CTS +#define FS_ENCRYPTION_MODE_AES_256_CTS 4 +#endif + #ifndef FS_ENCRYPTION_MODE_AES_128_CBC #define FS_ENCRYPTION_MODE_AES_128_CBC 5 #endif |