In XTS mode we don't need ESSIV, just use the block number as tweak. Also apply EVP_EncryptFinal(). Signed-off-by: Richard Weinberger <richard@xxxxxx> --- ubifs-utils/mkfs.ubifs/crypto.c | 35 +++++++++++++++++++++----------- ubifs-utils/mkfs.ubifs/fscrypt.h | 4 ++++ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index 7d35ae7473ba..d0f24e1a5f6f 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -91,6 +91,13 @@ static ssize_t do_encrypt(const EVP_CIPHER *cipher, ciphertext_len = len; + if (cipher == EVP_aes_256_xts()) { + if (EVP_EncryptFinal(ctx, ciphertext + ciphertext_len, &len) != 1) + goto fail_ctx; + + ciphertext_len += len; + } + EVP_CIPHER_CTX_free(ctx); return ciphertext_len; fail_ctx: @@ -128,28 +135,32 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz return ret; } - static ssize_t encrypt_block(const void *plaintext, size_t size, const void *key, uint64_t block_index, void *ciphertext, const EVP_CIPHER *cipher) { - size_t key_len, ret, ivsize; - void *essiv_salt, *iv; + size_t key_len, ivsize; + void *tweak; + struct { + uint64_t index; + uint8_t padding[FS_IV_SIZE - sizeof(uint64_t)]; + } iv; ivsize = EVP_CIPHER_iv_length(cipher); key_len = EVP_CIPHER_key_length(cipher); - iv = alloca(ivsize); - essiv_salt = alloca(ivsize); + iv.index = cpu_to_le64(block_index); + memset(iv.padding, 0, sizeof(iv.padding)); - memset(iv, 0, ivsize); - *((uint64_t *)iv) = cpu_to_le64(block_index); - - gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt); + if (cipher == EVP_aes_256_cbc()) { + tweak = alloca(ivsize); + gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak); + } else { + tweak = &iv; + } - ret = do_encrypt(cipher, plaintext, size, key, key_len, - essiv_salt, ivsize, ciphertext); - return ret; + return do_encrypt(cipher, plaintext, size, key, key_len, tweak, + ivsize, ciphertext); } static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h index e39d7e105fda..e3cfee50290a 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.h +++ b/ubifs-utils/mkfs.ubifs/fscrypt.h @@ -93,6 +93,10 @@ struct fscrypt_symlink_data { #define FS_MAX_KEY_SIZE 64 #endif +#ifndef FS_IV_SIZE +#define FS_IV_SIZE 16 +#endif + unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx); struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx); -- 2.19.1 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/