aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan Broz <mbroz@redhat.com>2009-12-10 18:51:56 -0500
committerAlasdair G Kergon <agk@redhat.com>2009-12-10 18:51:56 -0500
commitb95bf2d3d5a48b095bffe2a0cd8c40453cf59557 (patch)
treebcb6bdd0e5b67eb0aa2277aac125686bb911950a
parent5861f1be00b3b70f8ab5e5a81392a6cf69666cd2 (diff)
dm crypt: separate essiv allocation from initialisation
This patch separates the construction of IV from its initialisation. (For ESSIV it is a hash calculation based on volume key.) Constructor code now preallocates hash tfm and salt array and saves it in a private IV structure. The next patch requires this to reinitialise the wiped IV without reallocating memory when resuming a suspended device. Cc: stable@kernel.org Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
-rw-r--r--drivers/md/dm-crypt.c69
1 files changed, 43 insertions, 26 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 2301d223f2ae..446153a071d6 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -71,11 +71,14 @@ struct crypt_iv_operations {
71 int (*ctr)(struct crypt_config *cc, struct dm_target *ti, 71 int (*ctr)(struct crypt_config *cc, struct dm_target *ti,
72 const char *opts); 72 const char *opts);
73 void (*dtr)(struct crypt_config *cc); 73 void (*dtr)(struct crypt_config *cc);
74 int (*init)(struct crypt_config *cc);
74 int (*generator)(struct crypt_config *cc, u8 *iv, sector_t sector); 75 int (*generator)(struct crypt_config *cc, u8 *iv, sector_t sector);
75}; 76};
76 77
77struct iv_essiv_private { 78struct iv_essiv_private {
78 struct crypto_cipher *tfm; 79 struct crypto_cipher *tfm;
80 struct crypto_hash *hash_tfm;
81 u8 *salt;
79}; 82};
80 83
81struct iv_benbi_private { 84struct iv_benbi_private {
@@ -176,12 +179,38 @@ static int crypt_iv_plain_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
176 return 0; 179 return 0;
177} 180}
178 181
182/* Initialise ESSIV - compute salt but no local memory allocations */
183static int crypt_iv_essiv_init(struct crypt_config *cc)
184{
185 struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
186 struct hash_desc desc;
187 struct scatterlist sg;
188 int err;
189
190 sg_init_one(&sg, cc->key, cc->key_size);
191 desc.tfm = essiv->hash_tfm;
192 desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
193
194 err = crypto_hash_digest(&desc, &sg, cc->key_size, essiv->salt);
195 if (err)
196 return err;
197
198 return crypto_cipher_setkey(essiv->tfm, essiv->salt,
199 crypto_hash_digestsize(essiv->hash_tfm));
200}
201
179static void crypt_iv_essiv_dtr(struct crypt_config *cc) 202static void crypt_iv_essiv_dtr(struct crypt_config *cc)
180{ 203{
181 struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; 204 struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
182 205
183 crypto_free_cipher(essiv->tfm); 206 crypto_free_cipher(essiv->tfm);
184 essiv->tfm = NULL; 207 essiv->tfm = NULL;
208
209 crypto_free_hash(essiv->hash_tfm);
210 essiv->hash_tfm = NULL;
211
212 kzfree(essiv->salt);
213 essiv->salt = NULL;
185} 214}
186 215
187static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, 216static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
@@ -189,9 +218,6 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
189{ 218{
190 struct crypto_cipher *essiv_tfm = NULL; 219 struct crypto_cipher *essiv_tfm = NULL;
191 struct crypto_hash *hash_tfm = NULL; 220 struct crypto_hash *hash_tfm = NULL;
192 struct hash_desc desc;
193 struct scatterlist sg;
194 unsigned int saltsize;
195 u8 *salt = NULL; 221 u8 *salt = NULL;
196 int err; 222 int err;
197 223
@@ -200,7 +226,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
200 return -EINVAL; 226 return -EINVAL;
201 } 227 }
202 228
203 /* Hash the cipher key with the given hash algorithm */ 229 /* Allocate hash algorithm */
204 hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC); 230 hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
205 if (IS_ERR(hash_tfm)) { 231 if (IS_ERR(hash_tfm)) {
206 ti->error = "Error initializing ESSIV hash"; 232 ti->error = "Error initializing ESSIV hash";
@@ -208,27 +234,14 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
208 goto bad; 234 goto bad;
209 } 235 }
210 236
211 saltsize = crypto_hash_digestsize(hash_tfm); 237 salt = kzalloc(crypto_hash_digestsize(hash_tfm), GFP_KERNEL);
212 salt = kzalloc(saltsize, GFP_KERNEL);
213 if (!salt) { 238 if (!salt) {
214 ti->error = "Error kmallocing salt storage in ESSIV"; 239 ti->error = "Error kmallocing salt storage in ESSIV";
215 err = -ENOMEM; 240 err = -ENOMEM;
216 goto bad; 241 goto bad;
217 } 242 }
218 243
219 sg_init_one(&sg, cc->key, cc->key_size); 244 /* Allocate essiv_tfm */
220 desc.tfm = hash_tfm;
221 desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
222 err = crypto_hash_digest(&desc, &sg, cc->key_size, salt);
223 crypto_free_hash(hash_tfm);
224 hash_tfm = NULL;
225
226 if (err) {
227 ti->error = "Error calculating hash in ESSIV";
228 goto bad;
229 }
230
231 /* Setup the essiv_tfm with the given salt */
232 essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC); 245 essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
233 if (IS_ERR(essiv_tfm)) { 246 if (IS_ERR(essiv_tfm)) {
234 ti->error = "Error allocating crypto tfm for ESSIV"; 247 ti->error = "Error allocating crypto tfm for ESSIV";
@@ -242,14 +255,11 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
242 err = -EINVAL; 255 err = -EINVAL;
243 goto bad; 256 goto bad;
244 } 257 }
245 err = crypto_cipher_setkey(essiv_tfm, salt, saltsize);
246 if (err) {
247 ti->error = "Failed to set key for ESSIV cipher";
248 goto bad;
249 }
250 kzfree(salt);
251 258
259 cc->iv_gen_private.essiv.salt = salt;
252 cc->iv_gen_private.essiv.tfm = essiv_tfm; 260 cc->iv_gen_private.essiv.tfm = essiv_tfm;
261 cc->iv_gen_private.essiv.hash_tfm = hash_tfm;
262
253 return 0; 263 return 0;
254 264
255bad: 265bad:
@@ -257,7 +267,7 @@ bad:
257 crypto_free_cipher(essiv_tfm); 267 crypto_free_cipher(essiv_tfm);
258 if (hash_tfm && !IS_ERR(hash_tfm)) 268 if (hash_tfm && !IS_ERR(hash_tfm))
259 crypto_free_hash(hash_tfm); 269 crypto_free_hash(hash_tfm);
260 kzfree(salt); 270 kfree(salt);
261 return err; 271 return err;
262} 272}
263 273
@@ -323,6 +333,7 @@ static struct crypt_iv_operations crypt_iv_plain_ops = {
323static struct crypt_iv_operations crypt_iv_essiv_ops = { 333static struct crypt_iv_operations crypt_iv_essiv_ops = {
324 .ctr = crypt_iv_essiv_ctr, 334 .ctr = crypt_iv_essiv_ctr,
325 .dtr = crypt_iv_essiv_dtr, 335 .dtr = crypt_iv_essiv_dtr,
336 .init = crypt_iv_essiv_init,
326 .generator = crypt_iv_essiv_gen 337 .generator = crypt_iv_essiv_gen
327}; 338};
328 339
@@ -1054,6 +1065,12 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
1054 cc->iv_gen_ops->ctr(cc, ti, ivopts) < 0) 1065 cc->iv_gen_ops->ctr(cc, ti, ivopts) < 0)
1055 goto bad_ivmode; 1066 goto bad_ivmode;
1056 1067
1068 if (cc->iv_gen_ops && cc->iv_gen_ops->init &&
1069 cc->iv_gen_ops->init(cc) < 0) {
1070 ti->error = "Error initialising IV";
1071 goto bad_slab_pool;
1072 }
1073
1057 cc->iv_size = crypto_ablkcipher_ivsize(tfm); 1074 cc->iv_size = crypto_ablkcipher_ivsize(tfm);
1058 if (cc->iv_size) 1075 if (cc->iv_size)
1059 /* at least a 64 bit sector number should fit in our buffer */ 1076 /* at least a 64 bit sector number should fit in our buffer */