c083ebe7d0efb9c5b11de077d7278959d9ee24a1 - kernel/msm-4.9

commit	c083ebe7d0efb9c5b11de077d7278959d9ee24a1	[log] [tgz]
author	Milan Broz <gmazyland@gmail.com>	Thu Mar 16 15:39:44 2017 +0100
committer	Eric Biggers <ebiggers@google.com>	Thu Dec 13 09:34:59 2018 -0800
tree	228b782b6993b9afe641ca31b37f22662692e2c2
parent	e33fa31e300e4f3e6092a95dacf40d23a4e12790 [diff]

BACKPORT: dm crypt: optionally support larger encryption sector size

Add  optional "sector_size"  parameter that specifies encryption sector
size (atomic unit of block device encryption).

Parameter can be in range 512 - 4096 bytes and must be power of two.
For compatibility reasons, the maximal IO must fit into the page limit,
so the limit is set to the minimal page size possible (4096 bytes).

NOTE: this device cannot yet be handled by cryptsetup if this parameter
is set.

IV for the sector is calculated from the 512 bytes sector offset unless
the iv_large_sectors option is used.

Test script using dmsetup:

  DEV="/dev/sdb"
  DEV_SIZE=$(blockdev --getsz $DEV)
  KEY="9c1185a5c5e9fc54612808977ee8f548b2258d31ddadef707ba62c166051b9e3cd0294c27515f2bccee924e8823ca6e124b8fc3167ed478bca702babe4e130ac"
  BLOCK_SIZE=4096

  # dmsetup create test_crypt --table "0 $DEV_SIZE crypt aes-xts-plain64 $KEY 0 $DEV 0 1 sector_size:$BLOCK_SIZE"
  # dmsetup table --showkeys test_crypt

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

(cherry picked from commit 8f0009a225171cc1b76a6b443de5137b26e1374b)

Conflicts:
	Documentation/device-mapper/dm-crypt.txt
	drivers/md/dm-crypt.c

Bug: 112008522

Test: In an x86_64 VM, wrote 0's to a dm-crypt target using Adiantum and
      a fixed key and verified the resulting ciphertext on the device
      matches that produced by the upstream kernel in the same case.
      Did this for both 512 and 4096-byte sectors.

        key=EC0531985A96E87F756035F804D051DFE50036987D9AD706AAF9BDBDD1F5B786
        dmsetup create crypt --table \
            "0 $((1<<17)) crypt xchacha12,aes-adiantum-plain64 $key 0 /dev/vdc 0"
        dd if=/dev/zero bs=4096 count=$((1<<14)) of=/dev/mapper/crypt
        sync && echo 3 > /proc/sys/vm/drop_caches
        head -c $((1<<26)) /dev/vdc | md5sum # 44e24946ce308f3b4495bc2ff9cade8b
        head -c $((1<<26)) /dev/vdc | xz -9 | wc -c
        dmsetup remove crypt

        key=EC0531985A96E87F756035F804D051DFE50036987D9AD706AAF9BDBDD1F5B786
        dmsetup create crypt --table \
            "0 $((1<<17)) crypt xchacha12,aes-adiantum-plain64 $key 0 /dev/vdc 0 2 sector_size:4096 iv_large_sectors"
        dd if=/dev/zero bs=4096 count=$((1<<14)) of=/dev/mapper/crypt
        sync && echo 3 > /proc/sys/vm/drop_caches
        head -c $((1<<26)) /dev/vdc | md5sum # 8aa1cb4f5ebef575b15b5f8d64763118
        head -c $((1<<26)) /dev/vdc | xz -9 | wc -c
        dmsetup remove crypt

Change-Id: Ie247fd41b11adcf8520de0b1554568a1b7155860
Signed-off-by: Eric Biggers <ebiggers@google.com>

2 files changed