mkfs.ubifs: Fixup AES-XTS mode

In XTS mode we don't need ESSIV, just use the block number
as tweak.
Also apply EVP_EncryptFinal().

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index 7d35ae7473bac9dc8fa51dca8ab350601f7d3693..d0f24e1a5f6fdefc9cf343f7927ffa1db92a2d77 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -91,6 +91,13 @@ static ssize_t do_encrypt(const EVP_CIPHER *cipher,
 
        ciphertext_len = len;
 
+       if (cipher == EVP_aes_256_xts()) {
+               if (EVP_EncryptFinal(ctx, ciphertext + ciphertext_len, &len) != 1)
+                       goto fail_ctx;
+
+               ciphertext_len += len;
+       }
+
        EVP_CIPHER_CTX_free(ctx);
        return ciphertext_len;
 fail_ctx:
@@ -128,28 +135,32 @@ static size_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, siz
        return ret;
 }
 
-
 static ssize_t encrypt_block(const void *plaintext, size_t size,
                             const void *key, uint64_t block_index,
                             void *ciphertext, const EVP_CIPHER *cipher)
 {
-       size_t key_len, ret, ivsize;
-       void *essiv_salt, *iv;
+       size_t key_len, ivsize;
+       void *tweak;
+       struct {
+               uint64_t index;
+               uint8_t padding[FS_IV_SIZE - sizeof(uint64_t)];
+       } iv;
 
        ivsize = EVP_CIPHER_iv_length(cipher);
        key_len = EVP_CIPHER_key_length(cipher);
 
-       iv = alloca(ivsize);
-       essiv_salt = alloca(ivsize);
+       iv.index = cpu_to_le64(block_index);
+       memset(iv.padding, 0, sizeof(iv.padding));
 
-       memset(iv, 0, ivsize);
-       *((uint64_t *)iv) = cpu_to_le64(block_index);
-
-       gen_essiv_salt(iv, ivsize, key, key_len, essiv_salt);
+       if (cipher == EVP_aes_256_cbc()) {
+               tweak = alloca(ivsize);
+               gen_essiv_salt(&iv, FS_IV_SIZE, key, key_len, tweak);
+       } else {
+               tweak = &iv;
+       }
 
-       ret = do_encrypt(cipher, plaintext, size, key, key_len,
-                        essiv_salt, ivsize, ciphertext);
-       return ret;
+       return do_encrypt(cipher, plaintext, size, key, key_len, tweak,
+                         ivsize, ciphertext);
 }
 
 static ssize_t encrypt_block_aes128_cbc(const void *plaintext, size_t size,

diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.h b/ubifs-utils/mkfs.ubifs/fscrypt.h
index e39d7e105fda493b020324df6639362603883ad9..e3cfee50290ac72aa295649c83f8d977c19ea8d1 100644 (file)
--- a/ubifs-utils/mkfs.ubifs/fscrypt.h
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.h
@@ -93,6 +93,10 @@ struct fscrypt_symlink_data {
 #define FS_MAX_KEY_SIZE        64
 #endif
 
+#ifndef FS_IV_SIZE
+#define FS_IV_SIZE 16
+#endif
+
 unsigned char *calc_fscrypt_subkey(struct fscrypt_context *fctx);
 
 struct fscrypt_context *inherit_fscrypt_context(struct fscrypt_context *fctx);