From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: Replace Blowfish with AES in vnode disk driver
To: Filip Cernoch <filipcernoch@posteo.net>
Cc: tech@openbsd.org
Date: Tue, 16 Sep 2025 18:22:52 +0200

On Tue, Sep 16, 2025 at 03:50:32PM +0000, Filip Cernoch wrote:
> Hi everyone,
> 
> while reading through vnconfig(8) I noticed that the vnode disk driver
> still uses Blowfish. Apparently this was addressed already quite some 
> time ago by somebody else, however, he proposed Twofish and it never
> got actually replaced in the end, so I rewrote a couple lines for the 
> driver to use AES. I hope I didn't make any rookie mistakes while doing
> so. As a side note though, I wondered whether it would be better to add
> AES as a new option, leaving the Blowfish part in, but I thought it 
> would be better to replace it, so I don't know whether that was good or
> it should've been left in.
> 
> cheers,
> Filip

Does this prevent recovery for all existing disk images which are
encrypted with blowfish?

vnd(4) encryption is legacy, use softraid(4) instead.

bluhm

> Index: vnd.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/vnd.c,v
> diff -u -p -r1.182 vnd.c
> --- vnd.c       15 Sep 2025 10:33:03 -0000      1.182
> +++ vnd.c       16 Sep 2025 15:36:09 -0000
> @@ -65,8 +65,7 @@
>  #include <sys/dkio.h>
>  #include <sys/specdev.h>
>  
> -#include <crypto/blf.h>
> -
> +#include <crypto/aes.h>
>  #include <dev/vndioctl.h>
>  
>  #ifdef VNDDEBUG
> @@ -92,7 +91,7 @@ struct vnd_softc {
>         size_t           sc_ntracks;            /* # of tracks per cylinder */
>         struct vnode    *sc_vp;                 /* vnode */
>         struct ucred    *sc_cred;               /* credentials */
> -       blf_ctx         *sc_keyctx;             /* key context */
> +       aes_ctx         *sc_keyctx;             /* key context */
>  };
>  
>  /* sc_flags */
> @@ -117,25 +116,19 @@ void      vndencryptbuf(struct vnd_softc *, s
>  size_t vndbdevsize(struct vnode *, struct proc *);
>  
>  void
> -vndencrypt(struct vnd_softc *sc, caddr_t addr, size_t size, daddr_t off,
> -    int encrypt)
> +vndencrypt(struct vnd_softc *sc, caddr_t addr, size_t size, daddr_t off, int encrypt)
>  {
> -       int i, bsize;
> -       u_char iv[8];
> -
> +       int i;
>         bsize = dbtob(1);
> -       for (i = 0; i < size/bsize; i++) {
> -               memset(iv, 0, sizeof(iv));
> -               memcpy(iv, &off, sizeof(off));
> -               blf_ecb_encrypt(sc->sc_keyctx, iv, sizeof(iv));
> +       for (i = 0; i < size/bsize; i++) { 
> +               AES_Encrypt_ECB(sc->sc_keyctx, addr, daddr, bsize);     
>                 if (encrypt)
> -                       blf_cbc_encrypt(sc->sc_keyctx, iv, addr, bsize);
> -               else
> -                       blf_cbc_decrypt(sc->sc_keyctx, iv, addr, bsize);
> -
> +                       AES_Encrypt(sc->sc_keyctx, addr, daddr);
> +               else 
> +                       AES_Decrypt(sc->sc_keyctx, addr, daddr);
>                 addr += bsize;
>                 off++;
> -       }
> +       }       
>  }
>  
>  void