diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-10-09 16:34:16 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2019-10-21 13:22:08 -0700 |
| commit | 4006d799d93b159fd834c50999265b5c534a71d5 (patch) | |
| tree | 7f28f0fc26f9b5145dec54ffd8ca1af2a3589453 /fs/crypto/crypto.c | |
| parent | 7d194c2100ad2a6dded545887d02754948ca5241 (diff) | |
fscrypt: invoke crypto API for ESSIV handling
Instead of open-coding the calculations for ESSIV handling, use an ESSIV
skcipher which does all of this under the hood. ESSIV was added to the
crypto API in v5.4.
This is based on a patch from Ard Biesheuvel, but reworked to apply
after all the fscrypt changes that went into v5.4.
Tested with 'kvm-xfstests -c ext4,f2fs -g encrypt', including the
ciphertext verification tests for v1 and v2 encryption policies.
Originally-from: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto/crypto.c')
| -rw-r--r-- | fs/crypto/crypto.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index 32a7ad0098cc..6bc3e4f1e657 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -27,7 +27,6 @@ #include <linux/ratelimit.h> #include <linux/dcache.h> #include <linux/namei.h> -#include <crypto/aes.h> #include <crypto/skcipher.h> #include "fscrypt_private.h" @@ -143,9 +142,6 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, if (fscrypt_is_direct_key_policy(&ci->ci_policy)) memcpy(iv->nonce, ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE); - - if (ci->ci_essiv_tfm != NULL) - crypto_cipher_encrypt_one(ci->ci_essiv_tfm, iv->raw, iv->raw); } /* Encrypt or decrypt a single filesystem block of file contents */ |