Properly fail in luksFormat if cipher format is missing required IV.

For now, crypto API quietly used cipher witout IV if a cipher algorithm wihtou IV specificaton was used (e.g. aes-xts). This caused fail later during activation. This patch allows only two specific backed use without specified IV (ECB mode and NULL cipher). Also check cipher string early during parsing of CLI options.
2025-12-05 16:00:05 +01:00 · 2018-01-18 21:20:25 +01:00
parent be417d6605
commit aeea93fa95
9 changed files with 36 additions and 26 deletions
--- a/lib/crypto_backend/crypto_storage.c
+++ b/lib/crypto_backend/crypto_storage.c
@@ -64,12 +64,15 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,
 	if (ctx->iv_size < 8)
 		return -ENOENT;

-	if (!iv_name ||
-	    !strcmp(cipher_name, "cipher_null") ||
+	if (!strcmp(cipher_name, "cipher_null") ||
 	    !strcmp(mode_name, "ecb")) {
+		if (iv_name)
+			return -EINVAL;
 		ctx->type = IV_NONE;
 		ctx->iv_size = 0;
 		return 0;
+	} else if (!iv_name) {
+		return -EINVAL;
 	} else if (!strcasecmp(iv_name, "null")) {
 		ctx->type = IV_NULL;
 	} else if (!strcasecmp(iv_name, "plain64")) {
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -179,7 +179,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,

 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
 		return -EINVAL;
-	r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode);
+	r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode, 1);
 	if (r < 0)
 		return r;

@@ -329,7 +329,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,

 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
 		return -EINVAL;
-	r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode);
+	r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode, 1);
 	if (r < 0)
 		return r;

--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -717,7 +717,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 		return -EINVAL;
 	if (!json_object_object_get_ex(jobj_area, "encryption", &jobj1))
 		return -EINVAL;
-	r = crypt_parse_name_and_mode(json_object_get_string(jobj1), cipher, NULL, cipher_mode);
+	r = crypt_parse_name_and_mode(json_object_get_string(jobj1), cipher, NULL, cipher_mode, 1);
 	if (r < 0)
 		return r;

--- a/lib/setup.c
+++ b/lib/setup.c
@@ -660,7 +660,7 @@ static int _crypt_load_luks2(struct crypt_device *cd, int reload)
 	}

 	r = crypt_parse_name_and_mode(LUKS2_get_cipher(&hdr2, CRYPT_DEFAULT_SEGMENT),
-				      tmp_cipher, NULL, tmp_cipher_mode);
+				      tmp_cipher, NULL, tmp_cipher_mode, 0);
 	if (r < 0) {
 		log_dbg("Cannot parse cipher and mode from loaded device.");
 		goto out;
@@ -971,7 +971,7 @@ static int _init_by_name_crypt_none(struct crypt_device *cd)
 	if (r >= 0)
 		r = crypt_parse_name_and_mode(dmd.u.crypt.cipher,
 					      cd->u.none.cipher, NULL,
-					      cd->u.none.cipher_mode);
+					      cd->u.none.cipher_mode, 0);

 	if (!r)
 		cd->u.none.key_size = dmd.u.crypt.vk->keylength;
@@ -1043,7 +1043,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 		goto out;

 	r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, cipher,
-				      &key_nums, cipher_mode);
+				      &key_nums, cipher_mode, 0);
 	if (r < 0) {
 		log_dbg("Cannot parse cipher and mode from active device.");
 		goto out;
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -29,7 +29,7 @@
 #include "utils_crypt.h"

 int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
-			      char *cipher_mode)
+			      char *cipher_mode, int require_iv)
 {
 	if (!s || !cipher || !cipher_mode)
 		return -EINVAL;
@@ -37,7 +37,7 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
 		   cipher, cipher_mode) == 2) {
 		if (!strcmp(cipher_mode, "plain"))
-			strncpy(cipher_mode, "cbc-plain", 10);
+			strcpy(cipher_mode, "cbc-plain");
 		if (key_nums) {
 			char *tmp = strchr(cipher, ':');
 			*key_nums = tmp ? atoi(++tmp) : 1;
@@ -45,20 +45,27 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 				return -EINVAL;
 		}

+		/* Enforce IV */
+		if (require_iv) {
+			char *tmp = strchr(cipher_mode, '-');
+			if (!tmp || tmp[1] == '\0')
+				return -EINVAL;
+		}
+
 		return 0;
 	}

 	/* Short version for "empty" cipher */
-	if (!strcmp(s, "null")) {
-		strncpy(cipher, "cipher_null", MAX_CIPHER_LEN);
-		strncpy(cipher_mode, "ecb", 9);
+	if (!strcmp(s, "null") || !strcmp(s, "cipher_null")) {
+		strcpy(cipher, "cipher_null");
+		strcpy(cipher_mode, "ecb");
 		if (key_nums)
 			*key_nums = 0;
 		return 0;
 	}

 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) {
-		strncpy(cipher_mode, "cbc-plain", 10);
+		strcpy(cipher_mode, "cbc-plain");
 		if (key_nums)
 			*key_nums = 1;
 		return 0;
--- a/lib/utils_crypt.h
+++ b/lib/utils_crypt.h
@@ -38,7 +38,7 @@ struct safe_allocation {
 };

 int crypt_parse_name_and_mode(const char *s, char *cipher,
-			      int *key_nums, char *cipher_mode);
+			      int *key_nums, char *cipher_mode, int require_iv);
 int crypt_parse_hash_integrity_mode(const char *s, char *integrity);
 int crypt_parse_integrity_mode(const char *s, char *integrity,
 			       int *integrity_key_size);
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -175,9 +175,9 @@ static int action_open_plain(void)
 	int r;

 	r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
-				      cipher, NULL, cipher_mode);
+				      cipher, NULL, cipher_mode, 1);
 	if (r < 0) {
-		log_err(_("No known cipher specification pattern detected.\n"));
+		log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
 		goto out;
 	}

@@ -744,9 +744,9 @@ static int action_benchmark(void)
 			opt_pbkdf = CRYPT_KDF_PBKDF2;
 		r = action_benchmark_kdf(opt_pbkdf, opt_hash, key_size);
 	} else if (opt_cipher) {
-		r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
+		r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode, 0);
 		if (r < 0) {
-			log_err(_("No known cipher specification pattern detected.\n"));
+			log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
 			return r;
 		}
 		if ((c  = strchr(cipher_mode, '-')))
@@ -993,9 +993,9 @@ static int action_luksFormat(void)
 		goto out;

 	r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
-				      cipher, NULL, cipher_mode);
+				      cipher, NULL, cipher_mode, 1);
 	if (r < 0) {
-		log_err(_("No known cipher specification pattern detected.\n"));
+		log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
 		goto out;
 	}

--- a/src/cryptsetup_reencrypt.c
+++ b/src/cryptsetup_reencrypt.c
@@ -579,9 +579,9 @@ static int backup_luks_headers(struct reenc_ctx *rc)
 	params2.sector_size = crypt_get_sector_size(cd);

 	if (opt_cipher) {
-		r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
+		r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode, 1);
 		if (r < 0) {
-			log_err(_("No known cipher specification pattern detected.\n"));
+			log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
 			goto out;
 		}
 	}
@@ -647,9 +647,9 @@ static int backup_fake_header(struct reenc_ctx *rc)
 		opt_key_size = DEFAULT_LUKS1_KEYBITS;

 	if (opt_cipher) {
-		r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
+		r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode, 1);
 		if (r < 0) {
-			log_err(_("No known cipher specification pattern detected.\n"));
+			log_err(_("No known cipher specification pattern (cipher-mode-iv) detected.\n"));
 			goto out;
 		}
 	}
--- a/tests/mode-test
+++ b/tests/mode-test
@@ -137,7 +137,7 @@ dmcrypt aes-plain aes-cbc-plain
 # empty cipher
 PASSWORD=""
 dmcrypt null cipher_null-ecb
-dmcrypt cipher_null cipher_null-cbc-plain
+dmcrypt cipher_null cipher_null-ecb
 dmcrypt cipher_null-ecb

 PASSWORD=$PASSWORD1