mkfs.ubifs: Enable Cipher selection

No longer hard code AES-128-CBC, we support AES-256-XTS too.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index 8d113f198bb283ecade7a542ad3dd5a2d959152f..ec414531e94a46d8dd9354998fe4b78c0eb182de 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -23,9 +23,8 @@
 #include <string.h>
 #include <assert.h>
 
-#include "crypto.h"
+#include "fscrypt.h"
 #include "common.h"
-#include "mtd_swab.h"
 
 static int do_sha256(const unsigned char *in, size_t len, unsigned char *out)
 {
@@ -284,11 +283,15 @@ static struct cipher ciphers[] = {
                .key_length = 16,
                .encrypt_block = encrypt_block_aes128_cbc,
                .encrypt_fname = encrypt_aes128_cbc_cts,
+               .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_128_CBC,
+               .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_128_CTS,
        }, {
                .name = "AES-256-XTS",
                .key_length = 64,
                .encrypt_block = encrypt_block_aes256_xts,
                .encrypt_fname = encrypt_aes256_cbc_cts,
+               .fscrypt_block_mode = FS_ENCRYPTION_MODE_AES_256_XTS,
+               .fscrypt_fname_mode = FS_ENCRYPTION_MODE_AES_256_CTS,
        }
 };
 

diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h
index 7fb2d3b8d005405cb53c4c65ca4654b508d5d85e..c2631dd0fd89b5fad88ac997b4e8654bb6908c08 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/crypto.h
+++ b/ubifs-utils/mkfs.ubifs/crypto.h
@@ -36,6 +36,9 @@ struct cipher {
 
        ssize_t (*encrypt_fname)(const void *plaintext, size_t size,
                                 const void *key, void *ciphertext);
+
+       unsigned int fscrypt_block_mode;
+       unsigned int fscrypt_fname_mode;
 };
 
 

diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c
index 02132e205a35b7208eaaa38facb3f0005e7fdea9..2fc0ae8b35098c076f48f7caad363de2cd3fa935 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/fscrypt.c
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.c
@@ -253,8 +253,8 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name,
        new_fctx = xmalloc(sizeof(*new_fctx));
 
        new_fctx->format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
-       new_fctx->contents_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CBC;
-       new_fctx->filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_128_CTS;
+       new_fctx->contents_encryption_mode = fscrypt_cipher->fscrypt_block_mode;
+       new_fctx->filenames_encryption_mode = fscrypt_cipher->fscrypt_fname_mode;
        new_fctx->flags = flags;
 
        memcpy(&new_fctx->nonce, nonce, FS_KEY_DERIVATION_NONCE_SIZE);

diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h
index b6fb6d136e584002f3de445ce682f03765da4d4a..e39d7e105fda493b020324df6639362603883ad9 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/fscrypt.h
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.h
@@ -26,13 +26,20 @@
 #include <sys/types.h>
 #include "crypto.h"
 
-
 #ifndef FS_KEY_DESCRIPTOR_SIZE
 #define FS_KEY_DESCRIPTOR_SIZE  8
 #endif
 #define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
 #define FS_KEY_DERIVATION_NONCE_SIZE   16
 
+#ifndef FS_ENCRYPTION_MODE_AES_256_XTS
+#define FS_ENCRYPTION_MODE_AES_256_XTS 1
+#endif
+
+#ifndef FS_ENCRYPTION_MODE_AES_256_CTS
+#define FS_ENCRYPTION_MODE_AES_256_CTS 4
+#endif
+
 #ifndef FS_ENCRYPTION_MODE_AES_128_CBC
 #define FS_ENCRYPTION_MODE_AES_128_CBC 5
 #endif