/* TCRYPT PBKDF variants */
static struct {
unsigned int legacy:1;
- char *name;
- char *hash;
+ const char *name;
+ const char *hash;
unsigned int iterations;
} tcrypt_kdf[] = {
{ 0, "pbkdf2", "ripemd160", 2000 },
const char *key, struct tcrypt_phdr *hdr)
{
struct crypt_cipher *cipher[ciphers->chain_count];
- int bs = ciphers->cipher[0].iv_size;
+ unsigned int bs = ciphers->cipher[0].iv_size;
char *buf = (char*)&hdr->e, iv[bs], iv_old[bs];
- int i, j, r = -EINVAL;
+ unsigned int i, j;
+ int r = -EINVAL;
remove_whitening(buf, &key[8]);
/* Implements CBC with chained ciphers in loop inside */
for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
memcpy(iv_old, &buf[i], bs);
- for (j = ciphers->chain_count - 1; j >= 0; j--) {
- r = crypt_cipher_decrypt(cipher[j], &buf[i], &buf[i],
+ for (j = ciphers->chain_count; j > 0; j--) {
+ r = crypt_cipher_decrypt(cipher[j - 1], &buf[i], &buf[i],
bs, NULL, 0);
if (r < 0)
goto out;
j %= TCRYPT_KEY_POOL_LEN;
}
- crc = 0;
+ memset(&crc, 0, sizeof(crc));
memset(data, 0, TCRYPT_KEYFILE_LEN);
return 0;
unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {};
size_t passphrase_size;
char *key;
- int r = -EINVAL, i, legacy_modes, skipped = 0;
+ unsigned int i, skipped = 0;
+ int r = -EINVAL, legacy_modes;
if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
return -ENOMEM;
{
char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX];
struct device *device = NULL;
- int i, r;
+ unsigned int i;
+ int r;
struct tcrypt_algs *algs;
struct crypt_dm_active_device dmd = {
.target = DM_CRYPT,
if (!dmd.u.crypt.vk)
return -ENOMEM;
- for (i = algs->chain_count - 1; i >= 0; i--) {
- if (i == 0) {
+ for (i = algs->chain_count; i > 0; i--) {
+ if (i == 1) {
strncpy(dm_name, name, sizeof(dm_name));
dmd.flags = flags;
} else {
- snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i);
+ snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
}
snprintf(cipher, sizeof(cipher), "%s-%s",
- algs->cipher[i].name, algs->mode);
+ algs->cipher[i-1].name, algs->mode);
- copy_key(&algs->cipher[i], algs->mode, dmd.u.crypt.vk->key, hdr->d.keys);
+ copy_key(&algs->cipher[i-1], algs->mode, dmd.u.crypt.vk->key, hdr->d.keys);
- if ((algs->chain_count - 1) != i) {
+ if (algs->chain_count != i) {
snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
- dm_get_dir(), name, i + 1);
+ dm_get_dir(), name, i);
r = device_alloc(&device, dm_dev_name);
if (r)
break;
struct volume_key **vk)
{
struct tcrypt_algs *algs;
- int i, key_index;
+ unsigned int i, key_index;
if (!hdr->d.version) {
log_err(cd, _("This function is not supported without TCRYPT header load."));