git: c7721958ffa1 - main - geliboot: Use the correct IV length for AES-XTS.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Jan 2022 01:22:27 UTC
The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=c7721958ffa1aa81064b74b884e81efbe11d7fe4 commit c7721958ffa1aa81064b74b884e81efbe11d7fe4 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2022-01-14 01:19:54 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-01-14 01:19:54 +0000 geliboot: Use the correct IV length for AES-XTS. - Use AES_XTS_IV_LEN instead of the key length as the IV length. - Use G_ELI_IVKEYLEN as the size of the zeroed iv[] array in g_eli_crypto_cipher() to match geli_io(). PR: 261172 Reported by: Malcolm Matalka <mmatalka@gmail.com>, mikael Reviewed by: markj Sponsored by: FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33884 --- stand/libsa/geli/geliboot.c | 2 +- stand/libsa/geli/geliboot_crypto.c | 9 ++++----- stand/libsa/geli/geliboot_internal.h | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c index 56499e96b295..954a3ec34044 100644 --- a/stand/libsa/geli/geliboot.c +++ b/stand/libsa/geli/geliboot.c @@ -345,7 +345,7 @@ geli_io(struct geli_dev *gdev, geli_op_t enc, off_t offset, u_char *buf, g_eli_key_fill(&gdev->sc, &gkey, keyno); error = geliboot_crypt(gdev->sc.sc_ealgo, enc, pbuf, secsize, - gkey.gek_key, gdev->sc.sc_ekeylen, iv, sizeof(iv)); + gkey.gek_key, gdev->sc.sc_ekeylen, iv); if (error != 0) { explicit_bzero(&gkey, sizeof(gkey)); diff --git a/stand/libsa/geli/geliboot_crypto.c b/stand/libsa/geli/geliboot_crypto.c index 766f908d9037..90c9be30cf03 100644 --- a/stand/libsa/geli/geliboot_crypto.c +++ b/stand/libsa/geli/geliboot_crypto.c @@ -36,7 +36,7 @@ int geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, - const u_char *key, size_t keysize, u_char *iv, size_t ivlen) + const u_char *key, size_t keysize, u_char *iv) { keyInstance aeskey; cipherInstance cipher; @@ -81,7 +81,7 @@ geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, ctxp = &xtsctx; enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8); - enc_xform_aes_xts.reinit(ctxp, iv, ivlen); + enc_xform_aes_xts.reinit(ctxp, iv, AES_XTS_IV_LEN); switch (enc) { case GELI_DECRYPT: @@ -106,11 +106,10 @@ static int g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize, const u_char *key, size_t keysize) { - u_char iv[keysize]; + u_char iv[G_ELI_IVKEYLEN]; explicit_bzero(iv, sizeof(iv)); - return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv, - sizeof(iv))); + return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv)); } int diff --git a/stand/libsa/geli/geliboot_internal.h b/stand/libsa/geli/geliboot_internal.h index 2318690297f8..2af74466179f 100644 --- a/stand/libsa/geli/geliboot_internal.h +++ b/stand/libsa/geli/geliboot_internal.h @@ -68,6 +68,6 @@ struct geli_dev { }; int geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, - const u_char *key, size_t keysize, u_char *iv, size_t ivlen); + const u_char *key, size_t keysize, u_char *iv); #endif /* _GELIBOOT_INTERNAL_H_ */