From 8f4a149ed3de2991ba0c8639a56ddd4978cbc82d Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Thu, 9 May 2024 15:45:04 +0200
Subject: [PATCH] Fix bad parsing of capi:xts(aes)-plain

Corrent logic confuses it with aes-plain (capi:xts(aes)-plain
does not work in luksFormat).
For CAPI format we need to skip this test.
---
 lib/utils_crypt.c | 11 +++++++----
 tests/mode-test   |  4 ++++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c
index cb87e8f2..7d906da8 100644
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -28,15 +28,17 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 
 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
 		   cipher, cipher_mode) == 2) {
-		if (!strcmp(cipher_mode, "plain"))
-			strcpy(cipher_mode, "cbc-plain");
 		if (!strncmp(cipher, "capi:", 5)) {
 			/* CAPI must not use internal cipher driver names with dash */
 			if (strchr(cipher_mode, ')'))
 				return -EINVAL;
 			if (key_nums)
 				*key_nums = 1;
-		} else if (key_nums) {
+			return 0;
+		}
+		if (!strcmp(cipher_mode, "plain"))
+			strcpy(cipher_mode, "cbc-plain");
+		if (key_nums) {
 			char *tmp = strchr(cipher, ':');
 			*key_nums = tmp ? atoi(++tmp) : 1;
 			if (!*key_nums)
@@ -56,7 +58,8 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 	}
 
 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) {
-		strcpy(cipher_mode, "cbc-plain");
+		if (strncmp(cipher, "capi:", 5))
+			strcpy(cipher_mode, "cbc-plain");
 		if (key_nums)
 			*key_nums = 1;
 		return 0;
diff --git a/tests/mode-test b/tests/mode-test
index 3ce8791a..c9c8c055 100755
--- a/tests/mode-test
+++ b/tests/mode-test
@@ -218,6 +218,10 @@ if dm_crypt_capi_support ; then
 	dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail
 	$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail
 	$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail
+
+	# Do not confuse aes-plain with capi:xts(plain)-plain
+	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail
+	$CRYPTSETUP close "$DEV_NAME"_tstdev || fail
 	echo [OK]
 else
 	echo [N/A]