From f3906957675e466bbe7fa97a725f56c7c494d4a5 Mon Sep 17 00:00:00 2001

From: Milan Broz <gmazyland@gmail.com>

Date: Tue, 21 Jul 2020 14:14:54 +0200

Subject: [PATCH] Fix crypto backend to properly handle ECB mode.

Despite it should be never used, it should still work :)

Bug introduced in version 2.3.2.

---

 lib/crypto_backend/crypto_storage.c | 2 +-

 tests/compat-test2                  | 9 +++++++++

 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/crypto_backend/crypto_storage.c b/lib/crypto_backend/crypto_storage.c

index 8b6c19c..92dbae7 100644

--- a/lib/crypto_backend/crypto_storage.c

+++ b/lib/crypto_backend/crypto_storage.c

@@ -64,7 +64,7 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,

 	memset(ctx, 0, sizeof(*ctx));

 	ctx->iv_size = crypt_cipher_ivsize(cipher_name, mode_name);

-	if (ctx->iv_size < 8)

+	if (ctx->iv_size < 0 || (strcmp(mode_name, "ecb") && ctx->iv_size < 8))

 		return -ENOENT;

 	if (!strcmp(cipher_name, "cipher_null") ||

diff --git a/tests/compat-test2 b/tests/compat-test2

index 0fad999..c3852cd 100755

--- a/tests/compat-test2

+++ b/tests/compat-test2

@@ -1023,5 +1023,14 @@ echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher

 [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:"    | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail

 [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail

+prepare "[42] Some encryption compatibility mode tests" wipe

+CIPHERS="aes-ecb aes-cbc-null aes-cbc-plain64 aes-cbc-essiv:sha256 aes-xts-plain64"

+key_size=256

+for cipher in $CIPHERS ; do

+	echo -n "[$cipher/$key_size]"

+	$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --cipher $cipher --key-size $key_size || fail

+done

+echo

+

 remove_mapping

 exit 0

-- 

1.8.3.1