crypto: fix handling of iv generator hash defaults

When opening an existing LUKS volume, if the iv generator is
essiv, then the iv hash algorithm is mandatory to provide. We
must report an error if it is omitted in the cipher mode spec,
not silently default to hash 0 (md5).  If the iv generator is
not essiv, then we explicitly ignore any iv hash algorithm,
rather than report an error, for compatibility with dm-crypt.

When creating a new LUKS volume, if the iv generator is essiv
and no iv hsah algorithm is provided, we should default to
using the sha256 hash.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149
index 52e23d2946..84072513db 100755
--- a/tests/qemu-iotests/149
+++ b/tests/qemu-iotests/149
@@ -153,6 +153,8 @@ def cryptsetup_format(config):
     cipher = config.cipher + "-" + config.mode + "-" + config.ivgen
     if config.ivgen_hash is not None:
         cipher = cipher + ":" + config.ivgen_hash
+    elif config.ivgen == "essiv":
+        cipher = cipher + ":" + "sha256"
     args.extend(["--cipher", cipher])
     if config.mode == "xts":
         args.extend(["--key-size", str(config.keylen * 2)])
@@ -479,6 +481,16 @@ configs = [
                    "6": "slot6",
                    "7": "slot7",
                }),
+
+    # Check handling of default hash alg (sha256) with essiv
+    LUKSConfig("aes-256-cbc-essiv-auto-sha1",
+               "aes", 256, "cbc", "essiv", None, "sha1"),
+
+    # Check that a useless hash provided for 'plain64' iv gen
+    # is ignored and no error raised
+    LUKSConfig("aes-256-cbc-plain64-sha256-sha1",
+               "aes", 256, "cbc", "plain64", "sha256", "sha1"),
+
 ]
 
 blacklist = [