Loading fs/crypto/Kconfig +9 −0 Original line number Diff line number Diff line Loading @@ -29,3 +29,12 @@ config FS_ENCRYPTION_INLINE_CRYPT depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION help Enable fscrypt to use inline encryption hardware if available. config ENABLE_LEGACY_PFK bool "Legacy method to generate per file key" default n help Enable legacy method to generate aes keys derived from nonce and master key. In private mode the keys will be used by inline crypto hardware to encrypt the file content. fs/crypto/keysetup_v1.c +21 −2 Original line number Diff line number Diff line Loading @@ -302,7 +302,7 @@ static int setup_v1_file_key_direct(struct fscrypt_info *ci, static int setup_v1_file_key_derived(struct fscrypt_info *ci, const u8 *raw_master_key) { u8 *derived_key; u8 *derived_key = NULL; int err; int i; union { Loading Loading @@ -334,7 +334,21 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, ci->ci_hashed_ino = siphash_1u64(ci->ci_inode->i_ino, &ino_hash_key.k); } #if IS_ENABLED(CONFIG_ENABLE_LEGACY_PFK) derived_key = kmalloc(ci->ci_mode->keysize, GFP_NOFS); if (!derived_key) return -ENOMEM; err = derive_key_aes(raw_master_key, ci->ci_nonce, derived_key, ci->ci_mode->keysize); if (err) goto out; memcpy(key_new.bytes, derived_key, ci->ci_mode->keysize); #else memcpy(key_new.bytes, raw_master_key, ci->ci_mode->keysize); #endif for (i = 0; i < ARRAY_SIZE(key_new.words); i++) __cpu_to_be32s(&key_new.words[i]); Loading @@ -344,6 +358,9 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, ci->ci_mode->keysize, false, ci); if (derived_key) kzfree(derived_key); return err; } /* Loading @@ -361,7 +378,9 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, err = fscrypt_set_per_file_enc_key(ci, derived_key); out: if (derived_key) kzfree(derived_key); return err; } Loading Loading
fs/crypto/Kconfig +9 −0 Original line number Diff line number Diff line Loading @@ -29,3 +29,12 @@ config FS_ENCRYPTION_INLINE_CRYPT depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION help Enable fscrypt to use inline encryption hardware if available. config ENABLE_LEGACY_PFK bool "Legacy method to generate per file key" default n help Enable legacy method to generate aes keys derived from nonce and master key. In private mode the keys will be used by inline crypto hardware to encrypt the file content.
fs/crypto/keysetup_v1.c +21 −2 Original line number Diff line number Diff line Loading @@ -302,7 +302,7 @@ static int setup_v1_file_key_direct(struct fscrypt_info *ci, static int setup_v1_file_key_derived(struct fscrypt_info *ci, const u8 *raw_master_key) { u8 *derived_key; u8 *derived_key = NULL; int err; int i; union { Loading Loading @@ -334,7 +334,21 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, ci->ci_hashed_ino = siphash_1u64(ci->ci_inode->i_ino, &ino_hash_key.k); } #if IS_ENABLED(CONFIG_ENABLE_LEGACY_PFK) derived_key = kmalloc(ci->ci_mode->keysize, GFP_NOFS); if (!derived_key) return -ENOMEM; err = derive_key_aes(raw_master_key, ci->ci_nonce, derived_key, ci->ci_mode->keysize); if (err) goto out; memcpy(key_new.bytes, derived_key, ci->ci_mode->keysize); #else memcpy(key_new.bytes, raw_master_key, ci->ci_mode->keysize); #endif for (i = 0; i < ARRAY_SIZE(key_new.words); i++) __cpu_to_be32s(&key_new.words[i]); Loading @@ -344,6 +358,9 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, ci->ci_mode->keysize, false, ci); if (derived_key) kzfree(derived_key); return err; } /* Loading @@ -361,7 +378,9 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, err = fscrypt_set_per_file_enc_key(ci, derived_key); out: if (derived_key) kzfree(derived_key); return err; } Loading
