On Wed, 19 Jun 2019 at 09:11, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > On Wed, 19 Jun 2019 at 08:56, Milan Broz <gmazyland@xxxxxxxxx> wrote: > > > > On 18/06/2019 23:27, Ard Biesheuvel wrote: > > > This series creates an ESSIV template that produces a skcipher or AEAD > > > transform based on a tuple of the form '<skcipher>,<cipher>,<shash>' > > > (or '<aead>,<cipher>,<shash>' for the AEAD case). It exposes the > > > encapsulated sync or async skcipher/aead by passing through all operations, > > > while using the cipher/shash pair to transform the input IV into an ESSIV > > > output IV. > > > > > > This matches what both users of ESSIV in the kernel do, and so it is proposed > > > as a replacement for those, in patches #2 and #4. > > > > > > This code has been tested using the fscrypt test suggested by Eric > > > (generic/549), as well as the mode-test script suggested by Milan for > > > the dm-crypt case. I also tested the aead case in a virtual machine, > > > but it definitely needs some wider testing from the dm-crypt experts. > > > > Well, I just run "make check" on cyptsetup upstream (32bit VM, Linus' tree > > with this patcheset applied), and get this on the first api test... > > > > Ugh. Thanks for trying. I will have a look today. > > > > Just try > > cryptsetup open --type plain -c aes-cbc-essiv:sha256 /dev/sdd test > > Apologies, this was a rebase error on my part. Could you please apply the hunk below and try again? diff --git a/crypto/essiv.c b/crypto/essiv.c index 029a65afb4d7..5dc2e592077e 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -243,6 +243,8 @@ static int essiv_aead_encrypt(struct aead_request *req) static int essiv_skcipher_decrypt(struct skcipher_request *req) { struct essiv_skcipher_request_ctx *rctx = skcipher_request_ctx(req); + + essiv_skcipher_prepare_subreq(req); return crypto_skcipher_decrypt(&rctx->blockcipher_req); }