eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 11:20:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix bad parsing of capi:xts(aes)-plain

Browse Source 
Corrent logic confuses it with aes-plain (capi:xts(aes)-plain
does not work in luksFormat).
For CAPI format we need to skip this test.
This commit is contained in:
Milan Broz
2024-05-09 15:45:04 +02:00
parent d590c74a0e
commit 8f4a149ed3
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/utils_crypt.c
View File

@@ -28,15 +28,17 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
cipher, cipher_mode) == 2) { cipher, cipher_mode) == 2) {
if (!strcmp(cipher_mode, "plain"))
strcpy(cipher_mode, "cbc-plain");
if (!strncmp(cipher, "capi:", 5)) { if (!strncmp(cipher, "capi:", 5)) {
/* CAPI must not use internal cipher driver names with dash */ /* CAPI must not use internal cipher driver names with dash */
if (strchr(cipher_mode, ')')) if (strchr(cipher_mode, ')'))
return -EINVAL; return -EINVAL;
if (key_nums) if (key_nums)
*key_nums = 1; *key_nums = 1;
} else if (key_nums) { return 0;
}
if (!strcmp(cipher_mode, "plain"))
strcpy(cipher_mode, "cbc-plain");
if (key_nums) {
char *tmp = strchr(cipher, ':'); char *tmp = strchr(cipher, ':');
*key_nums = tmp ? atoi(++tmp) : 1; *key_nums = tmp ? atoi(++tmp) : 1;
if (!*key_nums) if (!*key_nums)
@@ -56,6 +58,7 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
} }
if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) { if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) {
if (strncmp(cipher, "capi:", 5))
strcpy(cipher_mode, "cbc-plain"); strcpy(cipher_mode, "cbc-plain");
if (key_nums) if (key_nums)
*key_nums = 1; *key_nums = 1;

4
tests/mode-test
View File

@@ -218,6 +218,10 @@ if dm_crypt_capi_support ; then
dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail
$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail $CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail
$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail $CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail
# Do not confuse aes-plain with capi:xts(plain)-plain
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail
$CRYPTSETUP close "$DEV_NAME"_tstdev || fail
echo [OK] echo [OK]
else else
echo [N/A] echo [N/A]