diff options
| author | Richard Weinberger <richard@nod.at> | 2018-10-18 16:37:09 +0200 | 
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2018-11-01 12:41:34 +0100 | 
| commit | 2651d8e09509a7614a66a25e6489d943fd93376b (patch) | |
| tree | f1e4c0986c07f81f27bf9b1089234a8eda20ce61 /ubifs-utils | |
| parent | d9421785a18fdfae0ada62ecbfcbbdd28c4e0fde (diff) | |
mkfs.ubifs: Enable Cipher selection
No longer hard code AES-128-CBC, we support AES-256-XTS too.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'ubifs-utils')
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.c | 7 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.h | 3 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.c | 4 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.h | 9 | 
4 files changed, 18 insertions, 5 deletions
| diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 8d113f1..ec41453 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -23,9 +23,8 @@  #include <string.h>  #include <assert.h> -#include "crypto.h" +#include "fscrypt.h"  #include "common.h" -#include "mtd_swab.h"  static int do_sha256(const unsigned char *in, size_t len, unsigned char *out)  { @@ -284,11 +283,15 @@ static struct cipher ciphers[] = {  		.key_length = 16,  		.encrypt_block = encrypt_block_aes128_cbc,  		.encrypt_fname = encrypt_aes128_cbc_cts, +		.fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_128_CBC, +		.fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_128_CTS,  	}, {  		.name = "AES-256-XTS",  		.key_length = 64,  		.encrypt_block = encrypt_block_aes256_xts,  		.encrypt_fname = encrypt_aes256_cbc_cts, +		.fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_256_XTS, +		.fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_256_CTS,  	}  }; diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index 7fb2d3b..c2631dd 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -36,6 +36,9 @@ struct cipher {  	ssize_t (*encrypt_fname)(const void *plaintext, size_t size,  				 const void *key, void *ciphertext); + +	unsigned int fscrypt_block_mode; +	unsigned int fscrypt_fname_mode;  }; diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 02132e2..2fc0ae8 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -253,8 +253,8 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name,  	new_fctx = xmalloc(sizeof(*new_fctx));  	new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; -	new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; -	new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; +	new_fctx->contents_encryption_mode = fscrypt_cipher->fscrypt_block_mode; +	new_fctx->filenames_encryption_mode = fscrypt_cipher->fscrypt_fname_mode;  	new_fctx->flags = flags;  	memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index b6fb6d1..e39d7e1 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -26,13 +26,20 @@  #include <sys/types.h>  #include "crypto.h" -  #ifndef FS_KEY_DESCRIPTOR_SIZE  #define FS_KEY_DESCRIPTOR_SIZE  8  #endif  #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1  #define FS_KEY_DERIVATION_NONCE_SIZE	16 +#ifndef FS_ENCRYPTION_MODE_AES_256_XTS +#define FS_ENCRYPTION_MODE_AES_256_XTS 1 +#endif + +#ifndef FS_ENCRYPTION_MODE_AES_256_CTS +#define FS_ENCRYPTION_MODE_AES_256_CTS 4 +#endif +  #ifndef FS_ENCRYPTION_MODE_AES_128_CBC  #define FS_ENCRYPTION_MODE_AES_128_CBC 5  #endif | 
