From patchwork Thu Mar 16 14:39:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Milan Broz X-Patchwork-Id: 9628427 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 250A960244 for ; Thu, 16 Mar 2017 14:40:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 191742857D for ; Thu, 16 Mar 2017 14:40:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0E03B285EB; Thu, 16 Mar 2017 14:40:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A7A5E2857D for ; Thu, 16 Mar 2017 14:40:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F0F1CC01B3F7; Thu, 16 Mar 2017 14:40:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com F0F1CC01B3F7 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dm-devel-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com F0F1CC01B3F7 Authentication-Results: mx1.redhat.com; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="rayvsO8s" Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ACFA460F83; Thu, 16 Mar 2017 14:40:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 794395EC65; Thu, 16 Mar 2017 14:40:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2GEeCNw029481 for ; Thu, 16 Mar 2017 10:40:12 -0400 Received: by smtp.corp.redhat.com (Postfix) id 211E09128B; Thu, 16 Mar 2017 14:40:12 +0000 (UTC) Delivered-To: dm-devel@redhat.com Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com [10.5.110.32]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 14F3160319 for ; Thu, 16 Mar 2017 14:40:07 +0000 (UTC) Received: from mail-wr0-f195.google.com (mail-wr0-f195.google.com [209.85.128.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D0699C056793 for ; Thu, 16 Mar 2017 14:40:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D0699C056793 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=gmazyland@gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com D0699C056793 Received: by mail-wr0-f195.google.com with SMTP id u108so6192571wrb.2 for ; Thu, 16 Mar 2017 07:40:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=54Fy2vJEwwk7hOiOeerbaXXyi9DqOSQck0HaeZ0YYxw=; b=rayvsO8s8Bh802hmsUYaYJr04ElLAbAQZOH6B3a9UPAXZILbv6lIKbfcu2K/6PrPTy ZPr4a8H57+ou4ruYnZfGkFR2IEw3kbY8sJv9y0FEqzptiQ1asDJJKPPf2IRMQGjVVmHI YOkKxgracA9t1gHdjanui4nCtIcg3Mu9wmpPJnueF2Mmljc/Bi/OKmL8ESC4XU9r2xSD JeXp9wjTylJ+vDTCX7CWd1xPHXcifN9xhgqxbpCTposOiq4uUWclGczLj0KhFTN86qsD sifCkf00AwapQotJ1Q3CQvLL5vBW2xoVxDFJVmus6upqF9bqFe5r13mRIMbCGfwUcyik wMmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=54Fy2vJEwwk7hOiOeerbaXXyi9DqOSQck0HaeZ0YYxw=; b=hWli6UF+I8BNHn9/8RMqZWZK2BPQUfFO8bj2G6ITelVem/gYQTyXLxUHV0pFWQ3coD a16SA/NqxqyFfADKHKKv3imbMttwfddQvPm2cJIzhZWxJzdT3kkVtEgWb+DANV9bGhmV obwwYIFQcKZGD4L0NxKTulvmvud+No416BTP3qy4lGdvlmbHiKS3J72HV0sCLYgjNFQG sBYWbbXnyRt8MUa1e1ZMwXHyNKxKyvf2O/TAWRQrz7+RuPU6ScM06MeWTsSmzxUY/lAe +fuZFXKC3NIlQOaiWhYoIapF5PXOrAFRSKEh1SwgaJFaHAjJdXWq6A4wGXAJipOMMY18 xaXA== X-Gm-Message-State: AFeK/H0wH39Zv0wwmwMrXupbCvCHxgAAosoWOI2qzTDsIMd6PlL8vYckkeJj8ddzLBYlSA== X-Received: by 10.223.183.6 with SMTP id l6mr8184618wre.60.1489675203528; Thu, 16 Mar 2017 07:40:03 -0700 (PDT) Received: from merlot.mazyland.net (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.googlemail.com with ESMTPSA id i203sm4553466wmf.12.2017.03.16.07.40.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Mar 2017 07:40:03 -0700 (PDT) From: Milan Broz To: dm-devel@redhat.com Date: Thu, 16 Mar 2017 15:39:41 +0100 Message-Id: <20170316143944.19843-5-gmazyland@gmail.com> In-Reply-To: <20170316143944.19843-1-gmazyland@gmail.com> References: <20170316143944.19843-1-gmazyland@gmail.com> In-Reply-To: References: X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 16 Mar 2017 14:40:06 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 16 Mar 2017 14:40:06 +0000 (UTC) for IP:'209.85.128.195' DOMAIN:'mail-wr0-f195.google.com' HELO:'mail-wr0-f195.google.com' FROM:'gmazyland@gmail.com' RCPT:'' X-RedHat-Spam-Score: -1.71 (BAYES_50, DCC_REPUT_13_19, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, RCVD_IN_SORBS_SPAM, SPF_PASS) 209.85.128.195 mail-wr0-f195.google.com 209.85.128.195 mail-wr0-f195.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: dm-devel@redhat.com Cc: Milan Broz Subject: [dm-devel] [PATCH 4/7] dm-crypt: Compute HMAC key size in a separate function. X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 16 Mar 2017 14:40:37 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP For composed authenticated modes with HMAC (length-preserving encryption mode like a XTS and HMAC as an authenticator) we have to calculate HMAC digest size (the separate authentication key is as the same size as the HMAC digest). This patch introduces workaround to parse crypto API string to get HMAC algorithm and retrieve digest size from it. Signed-off-by: Milan Broz --- drivers/md/dm-crypt.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 0c7d07e17b81..48e8dfe91c53 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2293,6 +2293,45 @@ static int crypt_ctr_blkdev_cipher(struct crypt_config *cc) return 0; } +/* + * Workaround to parse HMAC algorithm from AEAD crypto API spec. + * The HMAC is needed to calculate tag size (HMAC digest size). + * This should be probably done by crypto-api calls (once available...) + */ +static int crypt_ctr_auth_cipher(struct crypt_config *cc, char *cipher_api) +{ + char *start, *end, *mac_alg = NULL; + struct crypto_ahash *mac; + + if (!strstarts(cipher_api, "authenc(")) + return 0; + + start = strchr(cipher_api, '('); + end = strchr(cipher_api, ','); + if (!start || !end || ++start > end) + return -EINVAL; + + mac_alg = kzalloc(end - start + 1, GFP_KERNEL); + if (!mac_alg) + return -ENOMEM; + strncpy(mac_alg, start, end - start); + + mac = crypto_alloc_ahash(mac_alg, 0, 0); + kfree(mac_alg); + + if (IS_ERR(mac)) + return PTR_ERR(mac); + + cc->key_mac_size = crypto_ahash_digestsize(mac); + crypto_free_ahash(mac); + + cc->authenc_key = kmalloc(crypt_authenckey_size(cc), GFP_KERNEL); + if (!cc->authenc_key) + return -ENOMEM; + + return 0; +} + static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key, char **ivmode, char **ivopts) { @@ -2323,7 +2362,16 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key return ret; } - cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc)); + /* Alloc AEAD, can be used only in new format. */ + if (crypt_integrity_aead(cc)) { + ret = crypt_ctr_auth_cipher(cc, cipher_api); + if (ret < 0) { + ti->error = "Invalid AEAD cipher spec"; + return -ENOMEM; + } + cc->iv_size = crypto_aead_ivsize(any_tfm_aead(cc)); + } else + cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc)); ret = crypt_ctr_blkdev_cipher(cc); if (ret < 0) {