From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@google.com>,
dm-devel@redhat.com, linux-fscrypt@vger.kernel.org,
Gilad Ben-Yossef <gilad@benyossef.com>,
Milan Broz <gmazyland@gmail.com>
Subject: [PATCH v6 3/7] md: dm-crypt: infer ESSIV block cipher from cipher string directly
Date: Fri, 28 Jun 2019 17:21:08 +0200 [thread overview]
Message-ID: <20190628152112.914-4-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190628152112.914-1-ard.biesheuvel@linaro.org>
Instead of allocating a crypto skcipher tfm 'foo' and attempting to
infer the encapsulated block cipher from the driver's 'name' field,
directly parse the string that we used to allocated the tfm. These
are always identical (unless the allocation failed, in which case
we bail anyway), but using the string allows us to use it in the
allocation, which is something we will need when switching to the
'essiv' crypto API template.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
drivers/md/dm-crypt.c | 35 +++++++++-----------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 1b16d34bb785..f001f1104cb5 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2321,25 +2321,17 @@ static int crypt_ctr_ivmode(struct dm_target *ti, const char *ivmode)
* The cc->cipher is currently used only in ESSIV.
* This should be probably done by crypto-api calls (once available...)
*/
-static int crypt_ctr_blkdev_cipher(struct crypt_config *cc)
+static int crypt_ctr_blkdev_cipher(struct crypt_config *cc, char *alg_name)
{
- const char *alg_name = NULL;
char *start, *end;
if (crypt_integrity_aead(cc)) {
- alg_name = crypto_tfm_alg_name(crypto_aead_tfm(any_tfm_aead(cc)));
- if (!alg_name)
- return -EINVAL;
if (crypt_integrity_hmac(cc)) {
alg_name = strchr(alg_name, ',');
if (!alg_name)
return -EINVAL;
}
alg_name++;
- } else {
- alg_name = crypto_tfm_alg_name(crypto_skcipher_tfm(any_tfm(cc)));
- if (!alg_name)
- return -EINVAL;
}
start = strchr(alg_name, '(');
@@ -2434,6 +2426,20 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key
if (*ivmode && !strcmp(*ivmode, "lmk"))
cc->tfms_count = 64;
+ if (crypt_integrity_aead(cc)) {
+ ret = crypt_ctr_auth_cipher(cc, cipher_api);
+ if (ret < 0) {
+ ti->error = "Invalid AEAD cipher spec";
+ return -ENOMEM;
+ }
+ }
+
+ ret = crypt_ctr_blkdev_cipher(cc, cipher_api);
+ if (ret < 0) {
+ ti->error = "Cannot allocate cipher string";
+ return -ENOMEM;
+ }
+
cc->key_parts = cc->tfms_count;
/* Allocate cipher */
@@ -2445,21 +2451,10 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key
/* Alloc AEAD, can be used only in new format. */
if (crypt_integrity_aead(cc)) {
- ret = crypt_ctr_auth_cipher(cc, cipher_api);
- if (ret < 0) {
- ti->error = "Invalid AEAD cipher spec";
- return -ENOMEM;
- }
cc->iv_size = crypto_aead_ivsize(any_tfm_aead(cc));
} else
cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc));
- ret = crypt_ctr_blkdev_cipher(cc);
- if (ret < 0) {
- ti->error = "Cannot allocate cipher string";
- return -ENOMEM;
- }
-
return 0;
}
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@google.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-fscrypt@vger.kernel.org,
Gilad Ben-Yossef <gilad@benyossef.com>,
dm-devel@redhat.com, Milan Broz <gmazyland@gmail.com>
Subject: [PATCH v6 3/7] md: dm-crypt: infer ESSIV block cipher from cipher string directly
Date: Fri, 28 Jun 2019 17:21:08 +0200 [thread overview]
Message-ID: <20190628152112.914-4-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190628152112.914-1-ard.biesheuvel@linaro.org>
Instead of allocating a crypto skcipher tfm 'foo' and attempting to
infer the encapsulated block cipher from the driver's 'name' field,
directly parse the string that we used to allocated the tfm. These
are always identical (unless the allocation failed, in which case
we bail anyway), but using the string allows us to use it in the
allocation, which is something we will need when switching to the
'essiv' crypto API template.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
drivers/md/dm-crypt.c | 35 +++++++++-----------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 1b16d34bb785..f001f1104cb5 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2321,25 +2321,17 @@ static int crypt_ctr_ivmode(struct dm_target *ti, const char *ivmode)
* The cc->cipher is currently used only in ESSIV.
* This should be probably done by crypto-api calls (once available...)
*/
-static int crypt_ctr_blkdev_cipher(struct crypt_config *cc)
+static int crypt_ctr_blkdev_cipher(struct crypt_config *cc, char *alg_name)
{
- const char *alg_name = NULL;
char *start, *end;
if (crypt_integrity_aead(cc)) {
- alg_name = crypto_tfm_alg_name(crypto_aead_tfm(any_tfm_aead(cc)));
- if (!alg_name)
- return -EINVAL;
if (crypt_integrity_hmac(cc)) {
alg_name = strchr(alg_name, ',');
if (!alg_name)
return -EINVAL;
}
alg_name++;
- } else {
- alg_name = crypto_tfm_alg_name(crypto_skcipher_tfm(any_tfm(cc)));
- if (!alg_name)
- return -EINVAL;
}
start = strchr(alg_name, '(');
@@ -2434,6 +2426,20 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key
if (*ivmode && !strcmp(*ivmode, "lmk"))
cc->tfms_count = 64;
+ if (crypt_integrity_aead(cc)) {
+ ret = crypt_ctr_auth_cipher(cc, cipher_api);
+ if (ret < 0) {
+ ti->error = "Invalid AEAD cipher spec";
+ return -ENOMEM;
+ }
+ }
+
+ ret = crypt_ctr_blkdev_cipher(cc, cipher_api);
+ if (ret < 0) {
+ ti->error = "Cannot allocate cipher string";
+ return -ENOMEM;
+ }
+
cc->key_parts = cc->tfms_count;
/* Allocate cipher */
@@ -2445,21 +2451,10 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key
/* Alloc AEAD, can be used only in new format. */
if (crypt_integrity_aead(cc)) {
- ret = crypt_ctr_auth_cipher(cc, cipher_api);
- if (ret < 0) {
- ti->error = "Invalid AEAD cipher spec";
- return -ENOMEM;
- }
cc->iv_size = crypto_aead_ivsize(any_tfm_aead(cc));
} else
cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc));
- ret = crypt_ctr_blkdev_cipher(cc);
- if (ret < 0) {
- ti->error = "Cannot allocate cipher string";
- return -ENOMEM;
- }
-
return 0;
}
--
2.20.1
next prev parent reply other threads:[~2019-06-28 15:21 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-28 15:21 [PATCH v6 0/7] crypto: switch to crypto API for ESSIV generation Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel
2019-06-28 15:21 ` [PATCH v6 1/7] crypto: essiv - create wrapper template " Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel
2019-06-29 4:23 ` Eric Biggers
2019-06-29 4:23 ` Eric Biggers
2019-06-28 15:21 ` [PATCH v6 2/7] fs: crypto: invoke crypto API for ESSIV handling Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel
2019-06-28 18:00 ` Eric Biggers
2019-06-28 18:00 ` Eric Biggers
2019-06-28 18:09 ` Ard Biesheuvel
2019-06-28 18:09 ` Ard Biesheuvel
2019-06-28 18:09 ` Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel [this message]
2019-06-28 15:21 ` [PATCH v6 3/7] md: dm-crypt: infer ESSIV block cipher from cipher string directly Ard Biesheuvel
2019-07-01 8:58 ` Milan Broz
2019-07-01 8:58 ` Milan Broz
2019-06-28 15:21 ` [PATCH v6 4/7] md: dm-crypt: switch to ESSIV crypto API template Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel
2019-07-01 8:59 ` Milan Broz
2019-07-01 8:59 ` Milan Broz
2019-07-02 8:07 ` Ard Biesheuvel
2019-07-02 8:07 ` Ard Biesheuvel
2019-07-02 8:07 ` [dm-devel] " Ard Biesheuvel
2019-07-02 16:30 ` Ard Biesheuvel
2019-07-02 16:30 ` Ard Biesheuvel
2019-07-02 16:30 ` Ard Biesheuvel
2019-06-28 15:21 ` [PATCH v6 5/7] crypto: essiv - add test vector for essiv(cbc(aes),aes,sha256) Ard Biesheuvel
2019-06-28 15:21 ` [PATCH v6 5/7] crypto: essiv - add test vector for essiv(cbc(aes), aes, sha256) Ard Biesheuvel
2019-06-28 15:21 ` [PATCH v6 6/7] crypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel
2019-06-28 15:21 ` [PATCH v6 7/7] crypto: arm64/aes - implement accelerated ESSIV/CBC mode Ard Biesheuvel
2019-06-28 15:21 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190628152112.914-4-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=dm-devel@redhat.com \
--cc=ebiggers@google.com \
--cc=gilad@benyossef.com \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.