aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Somers <asomers@FreeBSD.org>2020-07-21 19:18:29 +0000
committerAlan Somers <asomers@FreeBSD.org>2020-07-21 19:18:29 +0000
commitaafaa8b79491b563c628ebe3a4eadb151683ca45 (patch)
tree3fcd8dcc6612a691689d1f04d81e244b3a6588a4
parent716df522b8792692e99f767cef9a4b5e21961b8f (diff)
downloadsrc-aafaa8b79491b563c628ebe3a4eadb151683ca45.tar.gz
src-aafaa8b79491b563c628ebe3a4eadb151683ca45.zip
Fix geli's null cipher, and add a test case
PR: 247954 Submitted by: jhb (sys), asomers (tests) Reviewed by: jhb (tests), asomers (sys) MFC after: 2 weeks Sponsored by: Axcient
Notes
Notes: svn path=/head/; revision=363402
-rw-r--r--sys/geom/eli/g_eli_integrity.c8
-rw-r--r--sys/geom/eli/g_eli_privacy.c8
-rw-r--r--tests/sys/geom/class/eli/onetime_test.sh45
3 files changed, 55 insertions, 6 deletions
diff --git a/sys/geom/eli/g_eli_integrity.c b/sys/geom/eli/g_eli_integrity.c
index ae3ad52d13ff..e4f31046c45b 100644
--- a/sys/geom/eli/g_eli_integrity.c
+++ b/sys/geom/eli/g_eli_integrity.c
@@ -536,13 +536,15 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp)
crp->crp_digest_start = 0;
crp->crp_payload_start = sc->sc_alen;
crp->crp_payload_length = data_secsize;
- crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) == 0) {
crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
encr_secsize);
}
- g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
- sizeof(crp->crp_iv));
+ if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+ crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+ g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+ sizeof(crp->crp_iv));
+ }
g_eli_auth_keygen(sc, dstoff, authkey);
crp->crp_auth_key = authkey;
diff --git a/sys/geom/eli/g_eli_privacy.c b/sys/geom/eli/g_eli_privacy.c
index 7ec73968394a..4a3e91948ebb 100644
--- a/sys/geom/eli/g_eli_privacy.c
+++ b/sys/geom/eli/g_eli_privacy.c
@@ -281,13 +281,15 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp)
crp->crp_payload_start = 0;
crp->crp_payload_length = secsize;
- crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0) {
crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
secsize);
}
- g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
- sizeof(crp->crp_iv));
+ if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+ crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+ g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+ sizeof(crp->crp_iv));
+ }
error = crypto_dispatch(crp);
KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",
diff --git a/tests/sys/geom/class/eli/onetime_test.sh b/tests/sys/geom/class/eli/onetime_test.sh
index 65939db5761c..479d4d771877 100644
--- a/tests/sys/geom/class/eli/onetime_test.sh
+++ b/tests/sys/geom/class/eli/onetime_test.sh
@@ -130,9 +130,54 @@ onetime_d_cleanup()
geli_test_cleanup
}
+atf_test_case onetime cleanup
+onetime_null_head()
+{
+ atf_set "descr" "geli onetime can use the null cipher"
+ atf_set "require.user" "root"
+}
+onetime_null_body()
+{
+ geli_test_setup
+
+ sectors=100
+
+ dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
+
+ secsize=512
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+
+ md=$(attach_md -t malloc -s 100k)
+
+ atf_check -s exit:0 -o ignore -e ignore \
+ geli onetime -e null -s ${secsize} ${md}
+
+ atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
+
+ md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
+ atf_check_equal 0 $?
+ md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
+ atf_check_equal 0 $?
+ md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
+ atf_check_equal 0 $?
+
+ if [ ${md_rnd} != ${md_ddev} ]; then
+ atf_fail "geli did not return the original data"
+ fi
+ if [ ${md_rnd} != ${md_edev} ]; then
+ atf_fail "geli encrypted the data even with the null cipher"
+ fi
+}
+onetime_null_cleanup()
+{
+ geli_test_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case onetime
atf_add_test_case onetime_a
atf_add_test_case onetime_d
+ atf_add_test_case onetime_null
}