| Message ID | 20240730115838.3507302-3-quic_mdalam@quicinc.com (mailing list archive) |
|---|---|
| State | Rejected, archived |
| Delegated to: | Mikulas Patocka |
| Headers | show |
| Series | Add Additional algo mode for inline encryption | expand |
On 7/30/24 1:58 PM, Md Sadre Alam wrote: > Set cc->iv_size to 4 bytes instead of 8 bytes, since > this cc->iv_size is passing as data unit bytes to > blk_crypto_init_key(). Since CQHCI driver having > limitation for data unit bytes to 32-bit only. In dm-crypt, plain64 IV is defined as "little-endian 64bit IV" and was introduced to fix security problem when 32bit "plain" IV overflows and IV is reused. In that case you can move ciphertext sector between places with the same IV (but different offsets) and these will be still correctly decrypted. If I understand it correctly, this reintroduces the same problem here. If you have 32bit only, just use "plain" and do not support plain64 here. (In general, I do not understand why you are sending patches for dm-crypt code that is clearly not upstream. I hope this code will never be accepted.) Milan > > Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com> > --- > drivers/md/dm-crypt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c > index 37add222b169..c0257d961968 100644 > --- a/drivers/md/dm-crypt.c > +++ b/drivers/md/dm-crypt.c > @@ -2490,7 +2490,7 @@ static int crypt_select_inline_crypt_mode(struct dm_target *ti, char *cipher, > } > > if (ivmode == NULL || (strcmp(ivmode, "plain64") == 0)) { > - cc->iv_size = 8; > + cc->iv_size = 4; > } else { > ti->error = "Invalid IV mode for inline_crypt"; > return -EINVAL;
On 7/31/2024 6:11 PM, Milan Broz wrote: > On 7/30/24 1:58 PM, Md Sadre Alam wrote: >> Set cc->iv_size to 4 bytes instead of 8 bytes, since >> this cc->iv_size is passing as data unit bytes to >> blk_crypto_init_key(). Since CQHCI driver having >> limitation for data unit bytes to 32-bit only. > > In dm-crypt, plain64 IV is defined as "little-endian 64bit IV" > and was introduced to fix security problem when 32bit "plain" IV > overflows and IV is reused. > > In that case you can move ciphertext sector between places with > the same IV (but different offsets) and these will be still > correctly decrypted. > > If I understand it correctly, this reintroduces the same problem here. > If you have 32bit only, just use "plain" and do not support plain64 here. > > (In general, I do not understand why you are sending patches > for dm-crypt code that is clearly not upstream. > I hope this code will never be accepted.) Thanks for reviewing. As Mikulas suggested for new target driver for "inline-crypt". Will create new target driver and post it. > > Milan > >> >> Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com> >> --- >> drivers/md/dm-crypt.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c >> index 37add222b169..c0257d961968 100644 >> --- a/drivers/md/dm-crypt.c >> +++ b/drivers/md/dm-crypt.c >> @@ -2490,7 +2490,7 @@ static int crypt_select_inline_crypt_mode(struct dm_target *ti, char *cipher, >> } >> if (ivmode == NULL || (strcmp(ivmode, "plain64") == 0)) { >> - cc->iv_size = 8; >> + cc->iv_size = 4; >> } else { >> ti->error = "Invalid IV mode for inline_crypt"; >> return -EINVAL; >
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 37add222b169..c0257d961968 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2490,7 +2490,7 @@ static int crypt_select_inline_crypt_mode(struct dm_target *ti, char *cipher, } if (ivmode == NULL || (strcmp(ivmode, "plain64") == 0)) { - cc->iv_size = 8; + cc->iv_size = 4; } else { ti->error = "Invalid IV mode for inline_crypt"; return -EINVAL;
Set cc->iv_size to 4 bytes instead of 8 bytes, since this cc->iv_size is passing as data unit bytes to blk_crypto_init_key(). Since CQHCI driver having limitation for data unit bytes to 32-bit only. Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com> --- drivers/md/dm-crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)