| Message ID | 20240730115838.3507302-3-quic_mdalam@quicinc.com |
|---|---|
| State | New |
| Headers | show |
| Series | None | expand |
On 7/31/2024 6:11 PM, Milan Broz wrote: > On 7/30/24 1:58 PM, Md Sadre Alam wrote: >> Set cc->iv_size to 4 bytes instead of 8 bytes, since >> this cc->iv_size is passing as data unit bytes to >> blk_crypto_init_key(). Since CQHCI driver having >> limitation for data unit bytes to 32-bit only. > > In dm-crypt, plain64 IV is defined as "little-endian 64bit IV" > and was introduced to fix security problem when 32bit "plain" IV > overflows and IV is reused. > > In that case you can move ciphertext sector between places with > the same IV (but different offsets) and these will be still > correctly decrypted. > > If I understand it correctly, this reintroduces the same problem here. > If you have 32bit only, just use "plain" and do not support plain64 here. > > (In general, I do not understand why you are sending patches > for dm-crypt code that is clearly not upstream. > I hope this code will never be accepted.) Thanks for reviewing. As Mikulas suggested for new target driver for "inline-crypt". Will create new target driver and post it. > > Milan > >> >> Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com> >> --- >> drivers/md/dm-crypt.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c >> index 37add222b169..c0257d961968 100644 >> --- a/drivers/md/dm-crypt.c >> +++ b/drivers/md/dm-crypt.c >> @@ -2490,7 +2490,7 @@ static int crypt_select_inline_crypt_mode(struct dm_target *ti, char *cipher, >> } >> if (ivmode == NULL || (strcmp(ivmode, "plain64") == 0)) { >> - cc->iv_size = 8; >> + cc->iv_size = 4; >> } else { >> ti->error = "Invalid IV mode for inline_crypt"; >> return -EINVAL; >
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 37add222b169..c0257d961968 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2490,7 +2490,7 @@ static int crypt_select_inline_crypt_mode(struct dm_target *ti, char *cipher, } if (ivmode == NULL || (strcmp(ivmode, "plain64") == 0)) { - cc->iv_size = 8; + cc->iv_size = 4; } else { ti->error = "Invalid IV mode for inline_crypt"; return -EINVAL;
Set cc->iv_size to 4 bytes instead of 8 bytes, since this cc->iv_size is passing as data unit bytes to blk_crypto_init_key(). Since CQHCI driver having limitation for data unit bytes to 32-bit only. Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com> --- drivers/md/dm-crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)