Commit 1856b9f7 authored by Milan Broz's avatar Milan Broz Committed by Mike Snitzer

dm crypt: fix parsing of extended IV arguments

The dm-crypt cipher specification in a mapping table is defined as:
  cipher[:keycount]-chainmode-ivmode[:ivopts]
or (new crypt API format):
  capi:cipher_api_spec-ivmode[:ivopts]

For ESSIV, the parameter includes hash specification, for example:
aes-cbc-essiv:sha256

The implementation expected that additional IV option to never include
another dash '-' character.

But, with SHA3, there are names like sha3-256; so the mapping table
parser fails:

dmsetup create test --table "0 8 crypt aes-cbc-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0"
  or (new crypt API format)
dmsetup create test --table "0 8 crypt capi:cbc(aes)-essiv:sha3-256 9c1185a5c5e9fc54612808977ee8f5b9e 0 /dev/sdb 0"

  device-mapper: crypt: Ignoring unexpected additional cipher options
  device-mapper: table: 253:0: crypt: Error creating IV
  device-mapper: ioctl: error adding target to table

Fix the dm-crypt constructor to ignore additional dash in IV options and
also remove a bogus warning (that is ignored anyway).

Cc: stable@vger.kernel.org # 4.12+
Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
parent bfeffd15
...@@ -2414,9 +2414,21 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key ...@@ -2414,9 +2414,21 @@ static int crypt_ctr_cipher_new(struct dm_target *ti, char *cipher_in, char *key
* capi:cipher_api_spec-iv:ivopts * capi:cipher_api_spec-iv:ivopts
*/ */
tmp = &cipher_in[strlen("capi:")]; tmp = &cipher_in[strlen("capi:")];
cipher_api = strsep(&tmp, "-");
*ivmode = strsep(&tmp, ":"); /* Separate IV options if present, it can contain another '-' in hash name */
*ivopts = tmp; *ivopts = strrchr(tmp, ':');
if (*ivopts) {
**ivopts = '\0';
(*ivopts)++;
}
/* Parse IV mode */
*ivmode = strrchr(tmp, '-');
if (*ivmode) {
**ivmode = '\0';
(*ivmode)++;
}
/* The rest is crypto API spec */
cipher_api = tmp;
if (*ivmode && !strcmp(*ivmode, "lmk")) if (*ivmode && !strcmp(*ivmode, "lmk"))
cc->tfms_count = 64; cc->tfms_count = 64;
...@@ -2486,11 +2498,8 @@ static int crypt_ctr_cipher_old(struct dm_target *ti, char *cipher_in, char *key ...@@ -2486,11 +2498,8 @@ static int crypt_ctr_cipher_old(struct dm_target *ti, char *cipher_in, char *key
goto bad_mem; goto bad_mem;
chainmode = strsep(&tmp, "-"); chainmode = strsep(&tmp, "-");
*ivopts = strsep(&tmp, "-"); *ivmode = strsep(&tmp, ":");
*ivmode = strsep(&*ivopts, ":"); *ivopts = tmp;
if (tmp)
DMWARN("Ignoring unexpected additional cipher options");
/* /*
* For compatibility with the original dm-crypt mapping format, if * For compatibility with the original dm-crypt mapping format, if
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment