diff options
author | Richard Weinberger <richard@nod.at> | 2018-10-18 16:37:11 +0200 |
---|---|---|
committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2018-11-01 12:41:54 +0100 |
commit | 922a6e998538a1ea57682d0d3373cb4d19e9dc02 (patch) | |
tree | 81479b0c6c753167bd86923dcdcb34307243b7fa /ubifs-utils/mkfs.ubifs | |
parent | c573dc0021310e1956da638ecf654d65043a42ca (diff) |
mkfs.ubifs: Fixup AES-XTS mode
In XTS mode we don't need ESSIV, just use the block number
as tweak.
Also apply EVP_EncryptFinal().
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs')
-rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.c | 35 | ||||
-rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.h | 4 |
2 files changed, 27 insertions, 12 deletions
diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 7d35ae7..d0f24e1 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -91,6 +91,13 @@ static ssize_t do_encrypt(const EVP_CIPHER *cipher, ciphertext_len = len; + if (cipher == EVP_aes_256_xts()) { + if (EVP_EncryptFinal(ctx, ciphertext + ciphertext_len, &len) != 1) + goto fail_ctx; + + ciphertext_len += len; + } + EVP_CIPHER_CTX_free(ctx); return ciphertext_len; fail_ctx: @@ -128,28 +135,32 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz return ret; } - static ssize_t encrypt_block(const void *plaintext, size_t size, const void *key, uint64_t block_index, void *ciphertext, const EVP_CIPHER *cipher) { - size_t key_len, ret, ivsize; - void *essiv_salt, *iv; + size_t key_len, ivsize; + void *tweak; + struct { + uint64_t index; + uint8_t padding[FS_IV_SIZE - sizeof(uint64_t)]; + } iv; ivsize = EVP_CIPHER_iv_length(cipher); key_len = EVP_CIPHER_key_length(cipher); - iv = alloca(ivsize); - essiv_salt = alloca(ivsize); + iv.index = cpu_to_le64(block_index); + memset(iv.padding, 0, sizeof(iv.padding)); - memset(iv, 0, ivsize); - *((uint64_t *)iv) = cpu_to_le64(block_index); - - gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt); + if (cipher == EVP_aes_256_cbc()) { + tweak = alloca(ivsize); + gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak); + } else { + tweak = &iv; + } - ret = do_encrypt(cipher, plaintext, size, key, key_len, - essiv_salt, ivsize, ciphertext); - return ret; + return do_encrypt(cipher, plaintext, size, key, key_len, tweak, + ivsize, ciphertext); } static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e39d7e1..e3cfee5 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -93,6 +93,10 @@ struct fscrypt_symlink_data { #define FS_MAX_KEY_SIZE 64 #endif +#ifndef FS_IV_SIZE +#define FS_IV_SIZE 16 +#endif + unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); |