[kernel] r16452 - in dists/sid/linux-2.6/debian: . patches/features/all patches/series

Ben Hutchings benh at alioth.debian.org
Sun Oct 17 00:10:53 UTC 2010 

Author: benh
Date: Sun Oct 17 00:10:48 2010
New Revision: 16452

Log:
dm-crypt: Add 'plain64' IV (Closes: #600384)

Added:
   dists/sid/linux-2.6/debian/patches/features/all/dm-crypt-add-plain64-iv.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/26

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sat Oct 16 23:56:41 2010	(r16451)
+++ dists/sid/linux-2.6/debian/changelog	Sun Oct 17 00:10:48 2010	(r16452)
@@ -12,6 +12,8 @@
   [ Ben Hutchings ]
   * [x86] radeon: Add quirks to make HP nx6125 and dv5000 laptops resume
     (Closes: #583968)
+  * dm-crypt: Add 'plain64' IV; this avoids watermarking attacks that are
+    possible with 'plain' IV on devices larger than 2TB (Closes: #600384)
 
  -- dann frazier <dannf at debian.org>  Fri, 15 Oct 2010 16:03:12 +0100
 

Added: dists/sid/linux-2.6/debian/patches/features/all/dm-crypt-add-plain64-iv.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/features/all/dm-crypt-add-plain64-iv.patch	Sun Oct 17 00:10:48 2010	(r16452)
@@ -0,0 +1,70 @@
+From: Milan Broz <mbroz at redhat.com>
+Date: Thu, 10 Dec 2009 23:52:25 +0000
+Subject: [PATCH] dm crypt: add plain64 iv
+
+commit 61afef614b013ee1b767cdd10325acae1db1f4d2 upstream.
+
+The default plain IV is 32-bit only.
+
+This plain64 IV provides a compatible mode for encrypted devices bigger
+than 4TB.
+
+Signed-off-by: Milan Broz <mbroz at redhat.com>
+Signed-off-by: Alasdair G Kergon <agk at redhat.com>
+---
+ drivers/md/dm-crypt.c |   18 ++++++++++++++++++
+ 1 files changed, 18 insertions(+), 0 deletions(-)
+
+diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
+index 91e1bf9..a936372 100644
+--- a/drivers/md/dm-crypt.c
++++ b/drivers/md/dm-crypt.c
+@@ -158,6 +158,9 @@ static void kcryptd_queue_crypt(struct dm_crypt_io *io);
+  * plain: the initial vector is the 32-bit little-endian version of the sector
+  *        number, padded with zeros if necessary.
+  *
++ * plain64: the initial vector is the 64-bit little-endian version of the sector
++ *        number, padded with zeros if necessary.
++ *
+  * essiv: "encrypted sector|salt initial vector", the sector number is
+  *        encrypted with the bulk cipher using a salt as key. The salt
+  *        should be derived from the bulk cipher's key via hashing.
+@@ -180,6 +183,15 @@ static int crypt_iv_plain_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
+ 	return 0;
+ }
+ 
++static int crypt_iv_plain64_gen(struct crypt_config *cc, u8 *iv,
++				sector_t sector)
++{
++	memset(iv, 0, cc->iv_size);
++	*(u64 *)iv = cpu_to_le64(sector);
++
++	return 0;
++}
++
+ /* Initialise ESSIV - compute salt but no local memory allocations */
+ static int crypt_iv_essiv_init(struct crypt_config *cc)
+ {
+@@ -342,6 +354,10 @@ static struct crypt_iv_operations crypt_iv_plain_ops = {
+ 	.generator = crypt_iv_plain_gen
+ };
+ 
++static struct crypt_iv_operations crypt_iv_plain64_ops = {
++	.generator = crypt_iv_plain64_gen
++};
++
+ static struct crypt_iv_operations crypt_iv_essiv_ops = {
+ 	.ctr       = crypt_iv_essiv_ctr,
+ 	.dtr       = crypt_iv_essiv_dtr,
+@@ -1063,6 +1079,8 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
+ 		cc->iv_gen_ops = NULL;
+ 	else if (strcmp(ivmode, "plain") == 0)
+ 		cc->iv_gen_ops = &crypt_iv_plain_ops;
++	else if (strcmp(ivmode, "plain64") == 0)
++		cc->iv_gen_ops = &crypt_iv_plain64_ops;
+ 	else if (strcmp(ivmode, "essiv") == 0)
+ 		cc->iv_gen_ops = &crypt_iv_essiv_ops;
+ 	else if (strcmp(ivmode, "benbi") == 0)
+-- 
+1.7.1
+

Modified: dists/sid/linux-2.6/debian/patches/series/26
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/26	Sat Oct 16 23:56:41 2010	(r16451)
+++ dists/sid/linux-2.6/debian/patches/series/26	Sun Oct 17 00:10:48 2010	(r16452)
@@ -2,3 +2,4 @@
 + features/all/xen/pvhvm/0019-xen-do-not-initialize-PV-timers-on-HVM-if-xen_have.patch
 + bugfix/x86/drm-radeon-add-quirk-to-make-HP-nx6125-laptop-resume.patch
 + bugfix/x86/drm-radeon-kms-add-quirk-to-make-HP-DV5000-laptop-resume.patch
++ features/all/dm-crypt-add-plain64-iv.patch

More information about the Kernel-svn-changes mailing list