Re: [PATCH 2/6] md: dm-crypt: Set cc->iv_size to 4 bytes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 7/31/2024 6:11 PM, Milan Broz wrote:
On 7/30/24 1:58 PM, Md Sadre Alam wrote:
Set cc->iv_size to 4 bytes instead of 8 bytes, since
this cc->iv_size is passing as data unit bytes to
blk_crypto_init_key(). Since CQHCI driver having
limitation for data unit bytes to 32-bit only.

In dm-crypt, plain64 IV is defined as "little-endian 64bit IV"
and was introduced to fix security problem when 32bit "plain" IV
overflows and IV is reused.

In that case you can move ciphertext sector between places with
the same IV (but different offsets) and these will be still
correctly decrypted.

If I understand it correctly, this reintroduces the same problem here.
If you have 32bit only, just use "plain" and do not support plain64 here.

(In general, I do not understand why you are sending patches
for dm-crypt code that is clearly not upstream.
I hope this code will never be accepted.)

 Thanks for reviewing. As Mikulas suggested for
 new target driver for "inline-crypt". Will create
 new target driver and post it.


Milan


Signed-off-by: Md Sadre Alam <quic_mdalam@xxxxxxxxxxx>
---
  drivers/md/dm-crypt.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 37add222b169..c0257d961968 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2490,7 +2490,7 @@ static int crypt_select_inline_crypt_mode(struct dm_target *ti, char *cipher,
      }
      if (ivmode == NULL || (strcmp(ivmode, "plain64") == 0)) {
-        cc->iv_size = 8;
+        cc->iv_size = 4;
      } else {
          ti->error = "Invalid IV mode for inline_crypt";
          return -EINVAL;





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux