Commit b4dce619 authored by Milan Broz's avatar Milan Broz

Try to check if AEAD cipher is available through kernel crypto API.

parent d7ddcc07
......@@ -111,6 +111,10 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
const char *in, char *out, size_t length,
const char *iv, size_t iv_length);
/* Check availability of a cipher */
int crypt_cipher_check(const char *name, const char *mode,
const char *integrity, size_t key_length);
/* storage encryption wrappers */
int crypt_storage_init(struct crypt_storage **ctx, uint64_t sector_start,
const char *cipher, const char *cipher_mode,
......
......@@ -22,6 +22,7 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdbool.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
......@@ -51,22 +52,16 @@ struct crypt_cipher {
* ENOTSUP - AF_ALG family not available
* (but cannot check specifically for skcipher API)
*/
int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
const char *mode, const void *key, size_t key_length)
static int _crypt_cipher_init(struct crypt_cipher **ctx,
const void *key, size_t key_length,
struct sockaddr_alg *sa)
{
struct crypt_cipher *h;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
};
h = malloc(sizeof(*h));
if (!h)
return -ENOMEM;
snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
"%s(%s)", mode, name);
h->opfd = -1;
h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (h->tfmfd < 0) {
......@@ -74,14 +69,11 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
return -ENOTSUP;
}
if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
if (bind(h->tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
crypt_cipher_destroy(h);
return -ENOENT;
}
if (!strcmp(name, "cipher_null"))
key_length = 0;
if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
crypt_cipher_destroy(h);
return -EINVAL;
......@@ -97,6 +89,22 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
return 0;
}
int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
const char *mode, const void *key, size_t key_length)
{
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "skcipher",
};
if (!strcmp(name, "cipher_null"))
key_length = 0;
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
return _crypt_cipher_init(ctx, key, key_length, &sa);
}
/* The in/out should be aligned to page boundary */
static int crypt_cipher_crypt(struct crypt_cipher *ctx,
const char *in, char *out, size_t length,
......@@ -191,6 +199,61 @@ void crypt_cipher_destroy(struct crypt_cipher *ctx)
free(ctx);
}
int crypt_cipher_check(const char *name, const char *mode,
const char *integrity, size_t key_length)
{
struct crypt_cipher *c = NULL;
char mode_name[64], *real_mode = NULL, *cipher_iv = NULL, *key, *salg_type;
bool aead;
int r;
struct sockaddr_alg sa = {
.salg_family = AF_ALG,
};
aead = integrity && strcmp(integrity, "none");
/* Remove IV if present */
if (mode) {
strncpy(mode_name, mode, sizeof(mode_name));
mode_name[sizeof(mode_name) - 1] = 0;
cipher_iv = strchr(mode_name, '-');
if (cipher_iv) {
*cipher_iv = '\0';
real_mode = mode_name;
}
}
salg_type = aead ? "aead" : "skcipher";
snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
/* FIXME: this is duplicating a part of devmapper backend */
if (aead && !strcmp(integrity, "poly1305"))
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "rfc7539(%s,%s)", name, integrity);
else if (!real_mode)
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s", name);
else if (aead && !strcmp(real_mode, "ccm"))
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "rfc4309(%s(%s))", real_mode, name);
else
snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", real_mode, name);
key = malloc(key_length);
if (!key)
return -ENOMEM;
r = crypt_backend_rng(key, key_length, CRYPT_RND_NORMAL, 0);
if (r < 0) {
free (key);
return r;
}
r = _crypt_cipher_init(&c, key, key_length, &sa);
if (c)
crypt_cipher_destroy(c);
free(key);
return r;
}
#else /* ENABLE_AF_ALG */
int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
const char *mode, const void *buffer, size_t length)
......@@ -215,4 +278,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
{
return -EINVAL;
}
int crypt_cipher_check(const char *name, const char *mode,
const char *integrity, size_t key_length)
{
return 0;
}
#endif
......@@ -1550,8 +1550,16 @@ static int _crypt_format_luks2(struct crypt_device *cd,
&required_alignment,
&alignment_offset, DEFAULT_DISK_ALIGNMENT);
/* FIXME: we have no way how to check AEAD ciphers,
* only length preserving mode or authenc() composed modes */
/* FIXME: allow this later also for normal ciphers (check AF_ALG availability. */
if (integrity && !integrity_key_size) {
r = crypt_cipher_check(cipher, cipher_mode, integrity, volume_key_size);
if (r < 0) {
log_err(cd, _("Cipher %s-%s (key size %zd bits) is not available."),
cipher, cipher_mode, volume_key_size * 8);
goto out;
}
}
if ((!integrity || integrity_key_size) && !crypt_cipher_wrapped_key(cipher) &&
!INTEGRITY_tag_size(cd, NULL, cipher, cipher_mode)) {
r = LUKS_check_cipher(cd, volume_key_size - integrity_key_size,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment