git: 673910f3b8c4 - stable/13 - geliboot: Use the correct IV length for AES-XTS.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Jan 2023 22:10:16 UTC
The branch stable/13 has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=673910f3b8c4606313bd8e56a44ea43508dee0cc
commit 673910f3b8c4606313bd8e56a44ea43508dee0cc
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-01-14 01:19:54 +0000
Commit: Warner Losh <imp@FreeBSD.org>
CommitDate: 2023-01-24 21:49:20 +0000
geliboot: Use the correct IV length for AES-XTS.
- Use AES_XTS_IV_LEN instead of the key length as the IV length.
- Use G_ELI_IVKEYLEN as the size of the zeroed iv[] array in
g_eli_crypto_cipher() to match geli_io().
PR: 261172
Reported by: Malcolm Matalka <mmatalka@gmail.com>, mikael
Reviewed by: markj
Sponsored by: FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33884
(cherry picked from commit c7721958ffa1aa81064b74b884e81efbe11d7fe4)
---
stand/libsa/geli/geliboot.c | 2 +-
stand/libsa/geli/geliboot_crypto.c | 9 ++++-----
stand/libsa/geli/geliboot_internal.h | 2 +-
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c
index aee28e8ec761..f7069e3887ee 100644
--- a/stand/libsa/geli/geliboot.c
+++ b/stand/libsa/geli/geliboot.c
@@ -345,7 +345,7 @@ geli_io(struct geli_dev *gdev, geli_op_t enc, off_t offset, u_char *buf,
g_eli_key_fill(&gdev->sc, &gkey, keyno);
error = geliboot_crypt(gdev->sc.sc_ealgo, enc, pbuf, secsize,
- gkey.gek_key, gdev->sc.sc_ekeylen, iv, sizeof(iv));
+ gkey.gek_key, gdev->sc.sc_ekeylen, iv);
if (error != 0) {
explicit_bzero(&gkey, sizeof(gkey));
diff --git a/stand/libsa/geli/geliboot_crypto.c b/stand/libsa/geli/geliboot_crypto.c
index fcc5d7bcd7fb..2cdd4483d323 100644
--- a/stand/libsa/geli/geliboot_crypto.c
+++ b/stand/libsa/geli/geliboot_crypto.c
@@ -36,7 +36,7 @@
int
geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
- const u_char *key, size_t keysize, u_char *iv, size_t ivlen)
+ const u_char *key, size_t keysize, u_char *iv)
{
keyInstance aeskey;
cipherInstance cipher;
@@ -81,7 +81,7 @@ geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
ctxp = &xtsctx;
enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8);
- enc_xform_aes_xts.reinit(ctxp, iv, ivlen);
+ enc_xform_aes_xts.reinit(ctxp, iv, AES_XTS_IV_LEN);
switch (enc) {
case GELI_DECRYPT:
@@ -110,11 +110,10 @@ static int
g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize)
{
- u_char iv[keysize];
+ u_char iv[G_ELI_IVKEYLEN];
explicit_bzero(iv, sizeof(iv));
- return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv,
- sizeof(iv)));
+ return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
}
int
diff --git a/stand/libsa/geli/geliboot_internal.h b/stand/libsa/geli/geliboot_internal.h
index 2318690297f8..2af74466179f 100644
--- a/stand/libsa/geli/geliboot_internal.h
+++ b/stand/libsa/geli/geliboot_internal.h
@@ -68,6 +68,6 @@ struct geli_dev {
};
int geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
- const u_char *key, size_t keysize, u_char *iv, size_t ivlen);
+ const u_char *key, size_t keysize, u_char *iv);
#endif /* _GELIBOOT_INTERNAL_H_ */