From 2651d8e09509a7614a66a25e6489d943fd93376b Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Thu, 18 Oct 2018 16:37:09 +0200 Subject: mkfs.ubifs: Enable Cipher selection No longer hard code AES-128-CBC, we support AES-256-XTS too. Signed-off-by: Richard Weinberger Signed-off-by: David Oberhollenzer --- ubifs-utils/mkfs.ubifs/crypto.c | 7 +++++-- ubifs-utils/mkfs.ubifs/crypto.h | 3 +++ ubifs-utils/mkfs.ubifs/fscrypt.c | 4 ++-- ubifs-utils/mkfs.ubifs/fscrypt.h | 9 ++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 8d113f1..ec41453 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -23,9 +23,8 @@ #include #include -#include "crypto.h" +#include "fscrypt.h" #include "common.h" -#include "mtd_swab.h" static int do_sha256(const unsigned char *in, size_t len, unsigned char *out) { @@ -284,11 +283,15 @@ static struct cipher ciphers[] = { .key_length = 16, .encrypt_block = encrypt_block_aes128_cbc, .encrypt_fname = encrypt_aes128_cbc_cts, + .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_128_CBC, + .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_128_CTS, }, { .name = "AES-256-XTS", .key_length = 64, .encrypt_block = encrypt_block_aes256_xts, .encrypt_fname = encrypt_aes256_cbc_cts, + .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_256_XTS, + .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_256_CTS, } }; diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index 7fb2d3b..c2631dd 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -36,6 +36,9 @@ struct cipher { ssize_t (*encrypt_fname)(const void *plaintext, size_t size, const void *key, void *ciphertext); + + unsigned int fscrypt_block_mode; + unsigned int fscrypt_fname_mode; }; diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 02132e2..2fc0ae8 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -253,8 +253,8 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, new_fctx = xmalloc(sizeof(*new_fctx)); new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; - new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC; - new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS; + new_fctx->contents_encryption_mode = fscrypt_cipher->fscrypt_block_mode; + new_fctx->filenames_encryption_mode = fscrypt_cipher->fscrypt_fname_mode; new_fctx->flags = flags; memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE); diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index b6fb6d1..e39d7e1 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -26,13 +26,20 @@ #include #include "crypto.h" - #ifndef FS_KEY_DESCRIPTOR_SIZE #define FS_KEY_DESCRIPTOR_SIZE 8 #endif #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1 #define FS_KEY_DERIVATION_NONCE_SIZE 16 +#ifndef FS_ENCRYPTION_MODE_AES_256_XTS +#define FS_ENCRYPTION_MODE_AES_256_XTS 1 +#endif + +#ifndef FS_ENCRYPTION_MODE_AES_256_CTS +#define FS_ENCRYPTION_MODE_AES_256_CTS 4 +#endif + #ifndef FS_ENCRYPTION_MODE_AES_128_CBC #define FS_ENCRYPTION_MODE_AES_128_CBC 5 #endif -- cgit v1.2.3