summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan Broz <gmazyland@gmail.com>2017-03-16 15:39:39 +0100
committerMike Snitzer <snitzer@redhat.com>2017-03-24 20:54:19 +0100
commite889f97a3e35a4e8f48ebc04c27031ca8805aa7e (patch)
treec9e5b7a96a83ffadf3363f8f42bb75162f93946a
parentdm crypt: add cryptographic data integrity protection (authenticated encryption) (diff)
downloadlinux-e889f97a3e35a4e8f48ebc04c27031ca8805aa7e.tar.xz
linux-e889f97a3e35a4e8f48ebc04c27031ca8805aa7e.zip
dm crypt: factor IV constructor out to separate function
No functional change. Signed-off-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
-rw-r--r--drivers/md/dm-crypt.c130
1 files changed, 69 insertions, 61 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index e8e570d000f6..aa0aca1aea79 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2196,6 +2196,73 @@ static void crypt_dtr(struct dm_target *ti)
kzfree(cc);
}
+static int crypt_ctr_ivmode(struct dm_target *ti, const char *ivmode)
+{
+ struct crypt_config *cc = ti->private;
+
+ if (crypt_integrity_mode(cc))
+ cc->iv_size = crypto_aead_ivsize(any_tfm_aead(cc));
+ else
+ cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc));
+
+ if (crypt_integrity_hmac(cc)) {
+ cc->authenc_key = kmalloc(crypt_authenckey_size(cc), GFP_KERNEL);
+ if (!cc->authenc_key) {
+ ti->error = "Error allocating authenc key space";
+ return -ENOMEM;
+ }
+ }
+
+ if (cc->iv_size)
+ /* at least a 64 bit sector number should fit in our buffer */
+ cc->iv_size = max(cc->iv_size,
+ (unsigned int)(sizeof(u64) / sizeof(u8)));
+ else if (ivmode) {
+ DMWARN("Selected cipher does not support IVs");
+ ivmode = NULL;
+ }
+
+ /* Choose ivmode, see comments at iv code. */
+ if (ivmode == NULL)
+ cc->iv_gen_ops = NULL;
+ else if (strcmp(ivmode, "plain") == 0)
+ cc->iv_gen_ops = &crypt_iv_plain_ops;
+ else if (strcmp(ivmode, "plain64") == 0)
+ cc->iv_gen_ops = &crypt_iv_plain64_ops;
+ else if (strcmp(ivmode, "essiv") == 0)
+ cc->iv_gen_ops = &crypt_iv_essiv_ops;
+ else if (strcmp(ivmode, "benbi") == 0)
+ cc->iv_gen_ops = &crypt_iv_benbi_ops;
+ else if (strcmp(ivmode, "null") == 0)
+ cc->iv_gen_ops = &crypt_iv_null_ops;
+ else if (strcmp(ivmode, "lmk") == 0) {
+ cc->iv_gen_ops = &crypt_iv_lmk_ops;
+ /*
+ * Version 2 and 3 is recognised according
+ * to length of provided multi-key string.
+ * If present (version 3), last key is used as IV seed.
+ * All keys (including IV seed) are always the same size.
+ */
+ if (cc->key_size % cc->key_parts) {
+ cc->key_parts++;
+ cc->key_extra_size = cc->key_size / cc->key_parts;
+ }
+ } else if (strcmp(ivmode, "tcw") == 0) {
+ cc->iv_gen_ops = &crypt_iv_tcw_ops;
+ cc->key_parts += 2; /* IV + whitening */
+ cc->key_extra_size = cc->iv_size + TCW_WHITENING_SIZE;
+ } else if (strcmp(ivmode, "random") == 0) {
+ cc->iv_gen_ops = &crypt_iv_random_ops;
+ /* Need storage space in integrity fields. */
+ cc->integrity_iv_size = cc->iv_size;
+ } else {
+ ti->error = "Invalid IV mode";
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
static int crypt_ctr_cipher(struct dm_target *ti,
char *cipher_in, char *key)
{
@@ -2205,7 +2272,6 @@ static int crypt_ctr_cipher(struct dm_target *ti,
int ret = -EINVAL;
char dummy;
- /* Convert to crypto api definition? */
if (strchr(cipher_in, '(')) {
ti->error = "Bad cipher specification";
return -EINVAL;
@@ -2276,67 +2342,9 @@ static int crypt_ctr_cipher(struct dm_target *ti,
}
/* Initialize IV */
- if (crypt_integrity_mode(cc))
- cc->iv_size = crypto_aead_ivsize(any_tfm_aead(cc));
- else
- cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc));
-
- if (crypt_integrity_hmac(cc)) {
- cc->authenc_key = kmalloc(crypt_authenckey_size(cc), GFP_KERNEL);
- if (!cc->authenc_key) {
- ret = -ENOMEM;
- ti->error = "Error allocating authenc key space";
- goto bad;
- }
- }
-
- if (cc->iv_size)
- /* at least a 64 bit sector number should fit in our buffer */
- cc->iv_size = max(cc->iv_size,
- (unsigned int)(sizeof(u64) / sizeof(u8)));
- else if (ivmode) {
- DMWARN("Selected cipher does not support IVs");
- ivmode = NULL;
- }
-
- /* Choose ivmode, see comments at iv code. */
- if (ivmode == NULL)
- cc->iv_gen_ops = NULL;
- else if (strcmp(ivmode, "plain") == 0)
- cc->iv_gen_ops = &crypt_iv_plain_ops;
- else if (strcmp(ivmode, "plain64") == 0)
- cc->iv_gen_ops = &crypt_iv_plain64_ops;
- else if (strcmp(ivmode, "essiv") == 0)
- cc->iv_gen_ops = &crypt_iv_essiv_ops;
- else if (strcmp(ivmode, "benbi") == 0)
- cc->iv_gen_ops = &crypt_iv_benbi_ops;
- else if (strcmp(ivmode, "null") == 0)
- cc->iv_gen_ops = &crypt_iv_null_ops;
- else if (strcmp(ivmode, "lmk") == 0) {
- cc->iv_gen_ops = &crypt_iv_lmk_ops;
- /*
- * Version 2 and 3 is recognised according
- * to length of provided multi-key string.
- * If present (version 3), last key is used as IV seed.
- * All keys (including IV seed) are always the same size.
- */
- if (cc->key_size % cc->key_parts) {
- cc->key_parts++;
- cc->key_extra_size = cc->key_size / cc->key_parts;
- }
- } else if (strcmp(ivmode, "tcw") == 0) {
- cc->iv_gen_ops = &crypt_iv_tcw_ops;
- cc->key_parts += 2; /* IV + whitening */
- cc->key_extra_size = cc->iv_size + TCW_WHITENING_SIZE;
- } else if (strcmp(ivmode, "random") == 0) {
- cc->iv_gen_ops = &crypt_iv_random_ops;
- /* Need storage space in integrity fields. */
- cc->integrity_iv_size = cc->iv_size;
- } else {
- ret = -EINVAL;
- ti->error = "Invalid IV mode";
+ ret = crypt_ctr_ivmode(ti, ivmode);
+ if (ret < 0)
goto bad;
- }
/* Initialize and set key */
ret = crypt_set_key(cc, key);