[dm-devel] [PATCH v6 2/7] fs: crypto: invoke crypto API for ESSIV handling
Ard Biesheuvel
ard.biesheuvel at linaro.org
Fri Jun 28 18:09:54 UTC 2019
On Fri, 28 Jun 2019 at 20:00, Eric Biggers <ebiggers at kernel.org> wrote:
>
> On Fri, Jun 28, 2019 at 05:21:07PM +0200, Ard Biesheuvel wrote:
> > diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
> > index dcd91a3fbe49..f39667d4316a 100644
> > --- a/fs/crypto/keyinfo.c
> > +++ b/fs/crypto/keyinfo.c
> > @@ -13,14 +13,10 @@
> > #include <linux/hashtable.h>
> > #include <linux/scatterlist.h>
> > #include <linux/ratelimit.h>
> > -#include <crypto/aes.h>
> > #include <crypto/algapi.h>
> > -#include <crypto/sha.h>
> > #include <crypto/skcipher.h>
> > #include "fscrypt_private.h"
> >
> > -static struct crypto_shash *essiv_hash_tfm;
> > -
> > /* Table of keys referenced by FS_POLICY_FLAG_DIRECT_KEY policies */
> > static DEFINE_HASHTABLE(fscrypt_master_keys, 6); /* 6 bits = 64 buckets */
> > static DEFINE_SPINLOCK(fscrypt_master_keys_lock);
> > @@ -144,10 +140,9 @@ static struct fscrypt_mode available_modes[] = {
> > },
> > [FS_ENCRYPTION_MODE_AES_128_CBC] = {
> > .friendly_name = "AES-128-CBC",
> > - .cipher_str = "cbc(aes)",
> > + .cipher_str = "essiv(cbc(aes),aes,sha256)",
> > .keysize = 16,
> > - .ivsize = 16,
> > - .needs_essiv = true,
> > + .ivsize = 8,
> > },
>
> Now that the essiv template takes the same size IV, the .ivsize here needs to be
> left as 16.
>
indeed. Thanks for spotting that.
More information about the dm-devel
mailing list