Commit 979aec77 authored by Milan Broz's avatar Milan Broz

Fix activation using (UNSECURE) ECB mode.

Apparently there are some people using ECB.

This mode by design do not use any IV, unfortunately
kernel dmcrypt allows to specify them (but userspace crypto api don't).

Let support activation as it was in previous version.

Should fix issue#238.
parent b789b011
......@@ -55,8 +55,8 @@ static int int_log2(unsigned int x)
static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,
const char *cipher_name, const char *iv_name,
char *key, size_t key_length)
const char *cipher_name, const char *mode_name,
const char *iv_name, char *key, size_t key_length)
memset(ctx, 0, sizeof(*ctx));
......@@ -64,7 +64,9 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,
if (ctx->iv_size < 0)
return -ENOENT;
if (!iv_name || !strcmp(cipher_name, "cipher_null")) {
if (!iv_name ||
!strcmp(cipher_name, "cipher_null") ||
!strcmp(mode_name, "ecb")) {
ctx->type = IV_NONE;
ctx->iv_size = 0;
return 0;
......@@ -214,7 +216,7 @@ int crypt_storage_init(struct crypt_storage **ctx,
return r;
r = crypt_sector_iv_init(&s->cipher_iv, cipher, cipher_iv, key, key_length);
r = crypt_sector_iv_init(&s->cipher_iv, cipher, mode_name, cipher_iv, key, key_length);
if (r) {
return r;
......@@ -471,6 +471,13 @@ static void LUKS_fix_header_compatible(struct luks_phdr *header)
/* Old cryptsetup expects "sha1", gcrypt allows case insensistive names,
* so always convert hash to lower case in header */
_to_lower(header->hashSpec, LUKS_HASHSPEC_L);
/* ECB mode does not use IV but dmcrypt silently allows it.
* Drop any IV here if ECB is used (that is not secure anyway).*/
if (!strncmp(header->cipherMode, "ecb-", 4)) {
memset(header->cipherMode, 0, LUKS_CIPHERMODE_L);
strcpy(header->cipherMode, "ecb");
int LUKS_read_phdr_backup(const char *backup_file,
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment