Properly calculate key sizes (inluding IV seed and whitening) for TCRYPT.

Also prepare code for possible activation through dmcrypt for some CBC container variants.
2025-12-06 08:20:07 +01:00 · 2013-10-20 13:07:24 +02:00
parent 3f66e9fe4b
commit a7e2809466
1 changed files with 85 additions and 74 deletions
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -51,6 +51,7 @@ struct tcrypt_alg {
 		unsigned int iv_size;
 		unsigned int key_offset;
 		unsigned int iv_offset; /* or tweak key offset */
+		unsigned int key_extra_size;
 };

 struct tcrypt_algs {
@@ -66,101 +67,107 @@ struct tcrypt_algs {
 static struct tcrypt_algs tcrypt_cipher[] = {
 /* XTS mode */
 {0,1,64,"aes","xts-plain64",
-	{{"aes",    64,16,0,32}}},
+	{{"aes",    64,16,0,32,0}}},
 {0,1,64,"serpent","xts-plain64",
-	{{"serpent",64,16,0,32}}},
+	{{"serpent",64,16,0,32,0}}},
 {0,1,64,"twofish","xts-plain64",
-	{{"twofish",64,16,0,32}}},
+	{{"twofish",64,16,0,32,0}}},
 {0,2,128,"twofish-aes","xts-plain64",
-	{{"twofish",64,16, 0,64},
-	 {"aes",    64,16,32,96}}},
+	{{"twofish",64,16, 0,64,0},
+	 {"aes",    64,16,32,96,0}}},
 {0,3,192,"serpent-twofish-aes","xts-plain64",
-	{{"serpent",64,16, 0, 96},
-	 {"twofish",64,16,32,128},
-	 {"aes",    64,16,64,160}}},
+	{{"serpent",64,16, 0, 96,0},
+	 {"twofish",64,16,32,128,0},
+	 {"aes",    64,16,64,160,0}}},
 {0,2,128,"aes-serpent","xts-plain64",
-	{{"aes",    64,16, 0,64},
-	 {"serpent",64,16,32,96}}},
+	{{"aes",    64,16, 0,64,0},
+	 {"serpent",64,16,32,96,0}}},
 {0,3,192,"aes-twofish-serpent","xts-plain64",
-	{{"aes",    64,16, 0, 96},
-	 {"twofish",64,16,32,128},
-	 {"serpent",64,16,64,160}}},
+	{{"aes",    64,16, 0, 96,0},
+	 {"twofish",64,16,32,128,0},
+	 {"serpent",64,16,64,160,0}}},
 {0,2,128,"serpent-twofish","xts-plain64",
-	{{"serpent",64,16, 0,64},
-	 {"twofish",64,16,32,96}}},
+	{{"serpent",64,16, 0,64,0},
+	 {"twofish",64,16,32,96,0}}},
+
 /* LRW mode */
 {0,1,48,"aes","lrw-benbi",
-	{{"aes",    48,16,32,0}}},
+	{{"aes",    48,16,32,0,0}}},
 {0,1,48,"serpent","lrw-benbi",
-	{{"serpent",48,16,32,0}}},
+	{{"serpent",48,16,32,0,0}}},
 {0,1,48,"twofish","lrw-benbi",
-	{{"twofish",48,16,32,0}}},
+	{{"twofish",48,16,32,0,0}}},
 {0,2,96,"twofish-aes","lrw-benbi",
-	{{"twofish",48,16,32,0},
-	 {"aes",    48,16,64,0}}},
+	{{"twofish",48,16,32,0,0},
+	 {"aes",    48,16,64,0,0}}},
 {0,3,144,"serpent-twofish-aes","lrw-benbi",
-	{{"serpent",48,16,32,0},
-	 {"twofish",48,16,64,0},
-	 {"aes",    48,16,96,0}}},
+	{{"serpent",48,16,32,0,0},
+	 {"twofish",48,16,64,0,0},
+	 {"aes",    48,16,96,0,0}}},
 {0,2,96,"aes-serpent","lrw-benbi",
-	{{"aes",    48,16,32,0},
-	 {"serpent",48,16,64,0}}},
+	{{"aes",    48,16,32,0,0},
+	 {"serpent",48,16,64,0,0}}},
 {0,3,144,"aes-twofish-serpent","lrw-benbi",
-	{{"aes",    48,16,32,0},
-	 {"twofish",48,16,64,0},
-	 {"serpent",48,16,96,0}}},
+	{{"aes",    48,16,32,0,0},
+	 {"twofish",48,16,64,0,0},
+	 {"serpent",48,16,96,0,0}}},
 {0,2,96,"serpent-twofish", "lrw-benbi",
-	{{"serpent",48,16,32,0},
-	 {"twofish",48,16,64,0}}},
+	{{"serpent",48,16,32,0,0},
+	 {"twofish",48,16,64,0,0}}},
+
 /* Kernel LRW block size is fixed to 16 bytes for GF(2^128)
 * thus cannot be used with blowfish where block is 8 bytes.
 * There also no GF(2^64) support.
 {1,1,64,"blowfish_le","lrw-benbi",
-	 {{"blowfish_le",64,8,32,0}}},
+	 {{"blowfish_le",64,8,32,0,0}}},
 {1,2,112,"blowfish_le-aes","lrw-benbi",
-	 {{"blowfish_le",64, 8,32,0},
-	  {"aes",        48,16,88,0}}},
+	 {{"blowfish_le",64, 8,32,0,0},
+	  {"aes",        48,16,88,0,0}}},
 {1,3,160,"serpent-blowfish_le-aes","lrw-benbi",
-	  {{"serpent",    48,16, 32,0},
-	   {"blowfish_le",64, 8, 64,0},
-	   {"aes",        48,16,120,0}}},*/
-/* CBC + "outer" CBC (both with whitening) */
-{1,1,32,"aes","cbc-tcrypt",
-	{{"aes",    32,16,32,0}}},
-{1,1,32,"serpent","cbc-tcrypt",
-	{{"serpent",32,16,32,0}}},
-{1,1,32,"twofish","cbc-tcrypt",
-	{{"twofish",32,16,32,0}}},
-{1,2,64,"twofish-aes","cbci-tcrypt",
-	{{"twofish",32,16,32,0},
-	 {"aes",    32,16,64,0}}},
-{1,3,96,"serpent-twofish-aes","cbci-tcrypt",
-	{{"serpent",32,16,32,0},
-	 {"twofish",32,16,64,0},
-	 {"aes",    32,16,96,0}}},
-{1,2,64,"aes-serpent","cbci-tcrypt",
-	{{"aes",    32,16,32,0},
-	 {"serpent",32,16,64,0}}},
-{1,3,96,"aes-twofish-serpent", "cbci-tcrypt",
-	{{"aes",    32,16,32,0},
-	 {"twofish",32,16,64,0},
-	 {"serpent",32,16,96,0}}},
-{1,2,64,"serpent-twofish", "cbci-tcrypt",
-	{{"serpent",32,16,32,0},
-	 {"twofish",32,16,64,0}}},
-{1,1,16,"cast5","cbc-tcrypt",
-	{{"cast5",   16,8,32,0}}},
-{1,1,24,"des3_ede","cbc-tcrypt",
-	{{"des3_ede",24,8,32,0}}},
-{1,1,56,"blowfish_le","cbc-tcrypt",
-	{{"blowfish_le",56,8,32,0}}},
-{1,2,88,"blowfish_le-aes","cbc-tcrypt",
-	{{"blowfish_le",56, 8,32,0},
-	 {"aes",        32,16,88,0}}},
-{1,3,120,"serpent-blowfish_le-aes","cbc-tcrypt",
-	{{"serpent",    32,16, 32,0},
-	 {"blowfish_le",56, 8, 64,0},
-	 {"aes",        32,16,120,0}}},
+	  {{"serpent",    48,16, 32,0,0},
+	   {"blowfish_le",64, 8, 64,0,0},
+	   {"aes",        48,16,120,0,0}}},*/
+
+/*
+ * CBC + "outer" CBC (both with whitening)
+ * chain_key_size: alg_keys_bytes + IV_seed_bytes + whitening_bytes
+ */
+{1,1,32+16+16,"aes","cbc-tcw",
+	{{"aes",    32,16,32,0,32}}},
+{1,1,32+16+16,"serpent","cbc-tcw",
+	{{"serpent",32,16,32,0,32}}},
+{1,1,32+16+16,"twofish","cbc-tcw",
+	{{"twofish",32,16,32,0,32}}},
+{1,2,64+16+16,"twofish-aes","cbci-tcrypt",
+	{{"twofish",32,16,32,0,0},
+	 {"aes",    32,16,64,0,32}}},
+{1,3,96+16+16,"serpent-twofish-aes","cbci-tcrypt",
+	{{"serpent",32,16,32,0,0},
+	 {"twofish",32,16,64,0,0},
+	 {"aes",    32,16,96,0,32}}},
+{1,2,64+16+16,"aes-serpent","cbci-tcrypt",
+	{{"aes",    32,16,32,0,0},
+	 {"serpent",32,16,64,0,32}}},
+{1,3,96+16+16,"aes-twofish-serpent", "cbci-tcrypt",
+	{{"aes",    32,16,32,0,0},
+	 {"twofish",32,16,64,0,0},
+	 {"serpent",32,16,96,0,32}}},
+{1,2,64+16+16,"serpent-twofish", "cbci-tcrypt",
+	{{"serpent",32,16,32,0,0},
+	 {"twofish",32,16,64,0,32}}},
+{1,1,16+8+16,"cast5","cbc-tcw",
+	{{"cast5",   16,8,32,0,24}}},
+{1,1,24+8+16,"des3_ede","cbc-tcw",
+	{{"des3_ede",24,8,32,0,24}}},
+{1,1,56+8+16,"blowfish_le","cbc-tcrypt",
+	{{"blowfish_le",56,8,32,0,24}}},
+{1,2,88+16+16,"blowfish_le-aes","cbc-tcrypt",
+	{{"blowfish_le",56, 8,32,0,0},
+	 {"aes",        32,16,88,0,32}}},
+{1,3,120+16+16,"serpent-blowfish_le-aes","cbc-tcrypt",
+	{{"serpent",    32,16, 32,0,0},
+	 {"blowfish_le",56, 8, 64,0,0},
+	 {"aes",        32,16,120,0,32}}},
 {}
 };

@@ -289,6 +296,9 @@ static void TCRYPT_copy_key(struct tcrypt_alg *alg, const char *mode,
 		memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN);
 	} else if (!strncmp(mode, "cbc", 3)) {
 		memcpy(out_key, &key[alg->key_offset], alg->key_size);
+		/* IV + whitening */
+		memcpy(&out_key[alg->key_size], &key[alg->iv_offset],
+		       alg->key_extra_size);
 	}
 }

@@ -712,7 +722,8 @@ int TCRYPT_activate(struct crypt_device *cd,
 		return r;

 	/* Frome here, key size for every cipher must be the same */
-	dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size, NULL);
+	dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size +
+						algs->cipher[0].key_extra_size, NULL);
 	if (!dmd.u.crypt.vk)
 		return -ENOMEM;