From owner-svn-src-head@freebsd.org  Tue Jul 21 19:18:30 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id EC953365481;
 Tue, 21 Jul 2020 19:18:30 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BB7ft5x5Xz46TT;
 Tue, 21 Jul 2020 19:18:30 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AFA6523583;
 Tue, 21 Jul 2020 19:18:30 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 06LJIUD7097711;
 Tue, 21 Jul 2020 19:18:30 GMT (envelope-from asomers@FreeBSD.org)
Received: (from asomers@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 06LJIUuc097708;
 Tue, 21 Jul 2020 19:18:30 GMT (envelope-from asomers@FreeBSD.org)
Message-Id: <202007211918.06LJIUuc097708@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: asomers set sender to
 asomers@FreeBSD.org using -f
From: Alan Somers <asomers@FreeBSD.org>
Date: Tue, 21 Jul 2020 19:18:30 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r363402 - in head: sys/geom/eli tests/sys/geom/class/eli
X-SVN-Group: head
X-SVN-Commit-Author: asomers
X-SVN-Commit-Paths: in head: sys/geom/eli tests/sys/geom/class/eli
X-SVN-Commit-Revision: 363402
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 19:18:31 -0000

Author: asomers
Date: Tue Jul 21 19:18:29 2020
New Revision: 363402
URL: https://svnweb.freebsd.org/changeset/base/363402

Log:
  Fix geli's null cipher, and add a test case
  
  PR:		247954
  Submitted by:	jhb (sys), asomers (tests)
  Reviewed by:	jhb (tests), asomers (sys)
  MFC after:	2 weeks
  Sponsored by:	Axcient

Modified:
  head/sys/geom/eli/g_eli_integrity.c
  head/sys/geom/eli/g_eli_privacy.c
  head/tests/sys/geom/class/eli/onetime_test.sh

Modified: head/sys/geom/eli/g_eli_integrity.c
==============================================================================
--- head/sys/geom/eli/g_eli_integrity.c	Tue Jul 21 17:34:05 2020	(r363401)
+++ head/sys/geom/eli/g_eli_integrity.c	Tue Jul 21 19:18:29 2020	(r363402)
@@ -536,13 +536,15 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp
 		crp->crp_digest_start = 0;
 		crp->crp_payload_start = sc->sc_alen;
 		crp->crp_payload_length = data_secsize;
-		crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
 		if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) == 0) {
 			crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
 			    encr_secsize);
 		}
-		g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
-		    sizeof(crp->crp_iv));
+		if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+			crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+			g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+			sizeof(crp->crp_iv));
+		}
 
 		g_eli_auth_keygen(sc, dstoff, authkey);
 		crp->crp_auth_key = authkey;

Modified: head/sys/geom/eli/g_eli_privacy.c
==============================================================================
--- head/sys/geom/eli/g_eli_privacy.c	Tue Jul 21 17:34:05 2020	(r363401)
+++ head/sys/geom/eli/g_eli_privacy.c	Tue Jul 21 19:18:29 2020	(r363402)
@@ -281,13 +281,15 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *
 
 		crp->crp_payload_start = 0;
 		crp->crp_payload_length = secsize;
-		crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
 		if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0) {
 			crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
 			    secsize);
 		}
-		g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
-		    sizeof(crp->crp_iv));
+		if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+			crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+			g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+			sizeof(crp->crp_iv));
+		}
 
 		error = crypto_dispatch(crp);
 		KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",

Modified: head/tests/sys/geom/class/eli/onetime_test.sh
==============================================================================
--- head/tests/sys/geom/class/eli/onetime_test.sh	Tue Jul 21 17:34:05 2020	(r363401)
+++ head/tests/sys/geom/class/eli/onetime_test.sh	Tue Jul 21 19:18:29 2020	(r363402)
@@ -130,9 +130,54 @@ onetime_d_cleanup()
 	geli_test_cleanup
 }
 
+atf_test_case onetime cleanup
+onetime_null_head()
+{
+	atf_set "descr" "geli onetime can use the null cipher"
+	atf_set "require.user" "root"
+}
+onetime_null_body()
+{
+	geli_test_setup
+
+	sectors=100
+
+	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
+
+	secsize=512
+	ealgo=${cipher%%:*}
+	keylen=${cipher##*:}
+
+	md=$(attach_md -t malloc -s 100k)
+
+	atf_check -s exit:0 -o ignore -e ignore \
+		geli onetime -e null -s ${secsize} ${md}
+
+	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
+
+	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
+	atf_check_equal 0 $?
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
+	atf_check_equal 0 $?
+	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
+	atf_check_equal 0 $?
+
+	if [ ${md_rnd} != ${md_ddev} ]; then
+		atf_fail "geli did not return the original data"
+	fi
+	if [ ${md_rnd} != ${md_edev} ]; then
+		atf_fail "geli encrypted the data even with the null cipher"
+	fi
+}
+onetime_null_cleanup()
+{
+	geli_test_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case onetime
 	atf_add_test_case onetime_a
 	atf_add_test_case onetime_d
+	atf_add_test_case onetime_null
 }