summaryrefslogtreecommitdiff
path: root/ubifs-utils/mkfs.ubifs
diff options
context:
space:
mode:
authorRichard Weinberger <richard@nod.at>2018-10-18 16:37:11 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2018-11-01 12:41:54 +0100
commit922a6e998538a1ea57682d0d3373cb4d19e9dc02 (patch)
tree81479b0c6c753167bd86923dcdcb34307243b7fa /ubifs-utils/mkfs.ubifs
parentc573dc0021310e1956da638ecf654d65043a42ca (diff)
mkfs.ubifs: Fixup AES-XTS mode
In XTS mode we don't need ESSIV, just use the block number as tweak. Also apply EVP_EncryptFinal(). Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs')
-rw-r--r--ubifs-utils/mkfs.ubifs/crypto.c35
-rw-r--r--ubifs-utils/mkfs.ubifs/fscrypt.h4
2 files changed, 27 insertions, 12 deletions
diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index 7d35ae7..d0f24e1 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -91,6 +91,13 @@ static ssize_t do_encrypt(const EVP_CIPHER *cipher,
ciphertext_len = len;
+ if (cipher == EVP_aes_256_xts()) {
+ if (EVP_EncryptFinal(ctx, ciphertext + ciphertext_len, &len) != 1)
+ goto fail_ctx;
+
+ ciphertext_len += len;
+ }
+
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
fail_ctx:
@@ -128,28 +135,32 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz
return ret;
}
-
static ssize_t encrypt_block(const void *plaintext, size_t size,
const void *key, uint64_t block_index,
void *ciphertext, const EVP_CIPHER *cipher)
{
- size_t key_len, ret, ivsize;
- void *essiv_salt, *iv;
+ size_t key_len, ivsize;
+ void *tweak;
+ struct {
+ uint64_t index;
+ uint8_t padding[FS_IV_SIZE - sizeof(uint64_t)];
+ } iv;
ivsize = EVP_CIPHER_iv_length(cipher);
key_len = EVP_CIPHER_key_length(cipher);
- iv = alloca(ivsize);
- essiv_salt = alloca(ivsize);
+ iv.index = cpu_to_le64(block_index);
+ memset(iv.padding, 0, sizeof(iv.padding));
- memset(iv, 0, ivsize);
- *((uint64_t *)iv) = cpu_to_le64(block_index);
-
- gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt);
+ if (cipher == EVP_aes_256_cbc()) {
+ tweak = alloca(ivsize);
+ gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak);
+ } else {
+ tweak = &iv;
+ }
- ret = do_encrypt(cipher, plaintext, size, key, key_len,
- essiv_salt, ivsize, ciphertext);
- return ret;
+ return do_encrypt(cipher, plaintext, size, key, key_len, tweak,
+ ivsize, ciphertext);
}
static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size,
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h
index e39d7e1..e3cfee5 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.h
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.h
@@ -93,6 +93,10 @@ struct fscrypt_symlink_data {
#define FS_MAX_KEY_SIZE 64
#endif
+#ifndef FS_IV_SIZE
+#define FS_IV_SIZE 16
+#endif
+
unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx);
struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx);