[dm-devel] [PATCH v6 2/7] fs: crypto: invoke crypto API for ESSIV handling
Eric Biggers
ebiggers at kernel.org
Fri Jun 28 18:00:38 UTC 2019
On Fri, Jun 28, 2019 at 05:21:07PM +0200, Ard Biesheuvel wrote:
> diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
> index dcd91a3fbe49..f39667d4316a 100644
> --- a/fs/crypto/keyinfo.c
> +++ b/fs/crypto/keyinfo.c
> @@ -13,14 +13,10 @@
> #include <linux/hashtable.h>
> #include <linux/scatterlist.h>
> #include <linux/ratelimit.h>
> -#include <crypto/aes.h>
> #include <crypto/algapi.h>
> -#include <crypto/sha.h>
> #include <crypto/skcipher.h>
> #include "fscrypt_private.h"
>
> -static struct crypto_shash *essiv_hash_tfm;
> -
> /* Table of keys referenced by FS_POLICY_FLAG_DIRECT_KEY policies */
> static DEFINE_HASHTABLE(fscrypt_master_keys, 6); /* 6 bits = 64 buckets */
> static DEFINE_SPINLOCK(fscrypt_master_keys_lock);
> @@ -144,10 +140,9 @@ static struct fscrypt_mode available_modes[] = {
> },
> [FS_ENCRYPTION_MODE_AES_128_CBC] = {
> .friendly_name = "AES-128-CBC",
> - .cipher_str = "cbc(aes)",
> + .cipher_str = "essiv(cbc(aes),aes,sha256)",
> .keysize = 16,
> - .ivsize = 16,
> - .needs_essiv = true,
> + .ivsize = 8,
> },
Now that the essiv template takes the same size IV, the .ivsize here needs to be
left as 16.
- Eric
More information about the dm-devel
mailing list