From patchwork Tue Aug  6 08:02:33 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 170645
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp5351696ile;
 Tue, 6 Aug 2019 01:02:46 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxBzDPaOo/WjpD3QPrXjOpRir1Wu25OTWF4SXSOj6OAYH592h3zXi1LJBRp8Ya2xSkIDi9Z
X-Received: by 2002:aa7:9516:: with SMTP id b22mr2362612pfp.106.1565078566840; 
 Tue, 06 Aug 2019 01:02:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565078566; cv=none;
 d=google.com; s=arc-20160816;
 b=s8mEpEa3kI4BzpMAWgaF59jpGWvr1JeCbpP8TIHWwF838jmb9Q6gHCpuL+VRo+aeVp
 n3AXv0RuE36+wmVaP68TVmTtOyKxpPUeJnFUlKqKbh5ou+0TvhBTn0m58SaNHBgukP95
 6JrNQ1BFj+gCZiKAiD88S5fewORbtBv6obn10eS1zdQMx0EpP6XqUsNoDT1Y+XbBe914
 gH5vs9fwwc42i72mF8tn7jALv7DepPe8MMGEXqrV2H/clTGuSNA5lkoF6SACs43aFjdI
 vjf4+Jh+eHQPFR6mmeSwmEfSUI7sSSm/JOJisKSPtpRxVdbPEn4uAX9fHrh3QbHCA1GW
 FyrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature;
 bh=9eCxiU7trAIwWtoYhqWEWGHnQv1gzwh/Q9h6ScO5S58=;
 b=0rzzx6EpXvfXjRu8B1aZOqr5i6ttpMCC86SX+/TKDYOW7awOgCSP+Zehl0HVeixkZi
 SRaxEU1Jqk9ztW1S7UZvjVtqdUmh7LnN7GnsLqhWcQfLjQHAw3129AojRXywP9aEh9UL
 Uflo9KLfR7zM+dM9caXmFs0DUbkFO/wo2HR5FPw07o9SvnKff6L47/aEVipZCnES5mnX
 tMJmCXwsvpdNiADfdHec00+tZHQNuyECHMRP0+uvDAtQEMJLx/V8D8Ed/i8E2aHpycJi
 MvmJK6k5L+KsYmoZWjtLAurnL93k33sXPTFv7ZjXt0QAZ+anN9AIJ5GT52BP9EIshhxD
 2aSA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="uGsaTM/M";
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 m32si45016256pld.438.2019.08.06.01.02.46; 
 Tue, 06 Aug 2019 01:02:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="uGsaTM/M";
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1727259AbfHFICq (ORCPT <rfc822;sumit.garg@linaro.org>
 + 3 others); Tue, 6 Aug 2019 04:02:46 -0400
Received: from mail-wr1-f66.google.com ([209.85.221.66]:39270 "EHLO
 mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1732160AbfHFICq (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Tue, 6 Aug 2019 04:02:46 -0400
Received: by mail-wr1-f66.google.com with SMTP id x4so33716364wrt.6
 for <linux-crypto@vger.kernel.org>;
 Tue, 06 Aug 2019 01:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=9eCxiU7trAIwWtoYhqWEWGHnQv1gzwh/Q9h6ScO5S58=;
 b=uGsaTM/M2gCO96HNT2CT+L0/NsYOQP5WwmmlN+ya7tI16k5RMO2HwcYWh6H6R3oYHm
 rAzdwy+lnPGdSNHSO1FV3Crk5TwyEYOTLawosrkK1bSB0Ypn33n9eBbZXhy9wY6QNR3S
 amR1DiMRY2rT94FVuPH5ZMNe0BS2+l9qybrY3769M6HE/Fi2yk/NyDTlLcmW4DDJfDRm
 8/3szwCVQVOO/b231zSJdRgRtJQTLJ/3KKLUxisOaBJpzZOBhiIZxOBqyS+o68pY/jBw
 KfuEtggPHIGXBSjQq6RTjYiXzRgy4LhaB1z90bfk5rsi782P9hTmgRJ/c8Be1kI77Sfj
 hwNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=9eCxiU7trAIwWtoYhqWEWGHnQv1gzwh/Q9h6ScO5S58=;
 b=mXvH1BFel9m/gXtvLgWkOIuR/JxWfDOwBrXgNAOlMpMnPysZHpw5ZOJ5PafgrdMGwk
 TPX7O6zingCdnoeRMXfVJCUZE7Yr7aw5qifxNzd+PQegBLpuHK3rZDfMxZBrKWZH14BK
 ZM8B/WxvRZk0eL0KXBLEIFblPLKSUg8dxyO1KPObOqJhoLfG99cwBkyQOj6n/NZf9KN3
 hb2STO/QoFoPZYaAgBG9f0eV99RQqeXRiNMhI84tqKjT/RA4DL4iJYWS15iF7PbqG+DU
 9mq1gzTgp9fmoFZbZ/nNO8TUrftoxfnB3//o5KRI8Ry0IijiFXhoKsbOhyEYT+om5D7B
 mUvw==
X-Gm-Message-State: APjAAAWe55msFvNTomXpY7ZuR5w07lrtE4AT20C4NkU0bsVe4zIMSj14
 RuPhN/XUDs4QKMSN81TxsWq0QOMx6c34sg==
X-Received: by 2002:a5d:4e02:: with SMTP id p2mr3054604wrt.182.1565078563578; 
 Tue, 06 Aug 2019 01:02:43 -0700 (PDT)
Received: from localhost.localdomain ([2a02:587:a407:da00:582f:8334:9cd9:7241])
 by smtp.gmail.com with ESMTPSA id
 g12sm123785475wrv.9.2019.08.06.01.02.41
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 06 Aug 2019 01:02:42 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, agk@redhat.com,
 snitzer@redhat.com, dm-devel@redhat.com, gmazyland@gmail.com,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [RFC PATCH 1/2] md/dm-crypt - restrict EBOIV to cbc(aes)
Date: Tue,  6 Aug 2019 11:02:33 +0300
Message-Id: <20190806080234.27998-2-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190806080234.27998-1-ard.biesheuvel@linaro.org>
References: <20190806080234.27998-1-ard.biesheuvel@linaro.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Support for the EBOIV IV mode was introduced this cycle, and is
explicitly intended for interoperability with BitLocker, which
only uses it combined with AES in CBC mode.

Using EBOIV in combination with any other skcipher or aead mode
is not recommended, and so there is no need to support this.
However, the way the EBOIV support is currently integrated permits
it to be combined with other skcipher or aead modes, and once the
cat is out of the bag, we will need to support it indefinitely.

So let's restrict EBOIV to cbc(aes), and reject attempts to
instantiate it with other modes.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/md/dm-crypt.c | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.17.1

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index d5216bcc4649..a5e8d5bc1581 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -861,6 +861,13 @@ static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti,
 	struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv;
 	struct crypto_cipher *tfm;
 
+	if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags) ||
+	    strcmp("cbc(aes)",
+	           crypto_tfm_alg_name(crypto_skcipher_tfm(any_tfm(cc))))) {
+		ti->error = "Unsupported encryption mode for EBOIV";
+		return -EINVAL;
+	}
+
 	tfm = crypto_alloc_cipher(cc->cipher, 0, 0);
 	if (IS_ERR(tfm)) {
 		ti->error = "Error allocating crypto tfm for EBOIV";