*/
#include <crypto/aes.h>
+#ifdef HAVE_CRYPTO_SHA2_HEADER
+#include <crypto/sha2.h>
+#else
#include <crypto/sha.h>
+#endif
#include <crypto/skcipher.h>
#include <linux/key.h>
#include "llcrypt_private.h"
+#ifdef HAVE_CIPHER_H
+#include <crypto/internal/cipher.h>
+
+MODULE_IMPORT_NS(CRYPTO_INTERNAL);
+#endif
+
static struct crypto_shash *essiv_hash_tfm;
static struct llcrypt_mode available_modes[] = {
+ [LLCRYPT_MODE_NULL] = {
+ .friendly_name = "NULL",
+ .cipher_str = "null",
+ .keysize = 0,
+ .ivsize = 0,
+ },
[LLCRYPT_MODE_AES_256_XTS] = {
.friendly_name = "AES-256-XTS",
.cipher_str = "xts(aes)",
struct crypto_skcipher *tfm;
int err;
+ if (!strcmp(mode->cipher_str, "null"))
+ return NULL;
+
tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0);
if (IS_ERR(tfm)) {
if (PTR_ERR(tfm) == -ENOENT) {
llcrypt_put_direct_key(ci->ci_direct_key);
} else if ((ci->ci_ctfm != NULL || ci->ci_essiv_tfm != NULL) &&
!llcrypt_is_direct_key_policy(&ci->ci_policy)) {
- crypto_free_skcipher(ci->ci_ctfm);
+ if (ci->ci_ctfm)
+ crypto_free_skcipher(ci->ci_ctfm);
crypto_free_cipher(ci->ci_essiv_tfm);
}
memset(&ctx, 0, sizeof(ctx));
ctx.version = LLCRYPT_CONTEXT_V1;
ctx.v1.contents_encryption_mode = LLCRYPT_MODE_AES_256_XTS;
- ctx.v1.filenames_encryption_mode = LLCRYPT_MODE_AES_256_CTS;
+ if (lsi->lsi_flags & LSI_FILENAME_ENC) {
+ ctx.v1.filenames_encryption_mode =
+ LLCRYPT_MODE_AES_256_CTS;
+ } else {
+ llcrypt_warn(inode,
+ "dummy enc: forcing filenames_encryption_mode to null");
+ ctx.v1.filenames_encryption_mode = LLCRYPT_MODE_NULL;
+ }
memset(ctx.v1.master_key_descriptor, 0x42,
LLCRYPT_KEY_DESCRIPTOR_SIZE);
res = sizeof(ctx.v1);
}
EXPORT_SYMBOL_GPL(llcrypt_drop_inode);
-inline bool llcrypt_has_encryption_key(const struct inode *inode)
+bool llcrypt_has_encryption_key(const struct inode *inode)
{
/* pairs with cmpxchg_release() in llcrypt_get_encryption_info() */
return READ_ONCE(llcrypt_info_nocast(inode)) != NULL;