Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9079675e authored by Neeraj Soni's avatar Neeraj Soni Committed by Blagovest Kolenichev
Browse files

fscrypt: support legacy inline crypto mode 



Add support for legacy inline crypto mode in new v2 FBE
framework to make on disk data format compatible
to new v2 framework.

Change-Id: I3c1384604ee8e022db151299850b0dc330b6a17d
Signed-off-by: default avatarNeeraj Soni <neersoni@codeaurora.org>
parent d798a470

fs/crypto/crypto.c

+8 −1
Original line number Diff line number Diff line
@@ -74,9 +74,16 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, 
{

	u8 flags = fscrypt_policy_flags(&ci->ci_policy);



	bool inlinecrypt = false;



#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT

	inlinecrypt = ci->ci_inlinecrypt;

#endif

	memset(iv, 0, ci->ci_mode->ivsize);



	if (flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) {

	if (flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 ||

		((fscrypt_policy_contents_mode(&ci->ci_policy) ==

		  FSCRYPT_MODE_PRIVATE) && inlinecrypt)) {

		WARN_ON_ONCE((u32)lblk_num != lblk_num);

		lblk_num |= (u64)ci->ci_inode->i_ino << 32;

	} else if (flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) {

fs/crypto/fscrypt_private.h

+4 −0
Original line number Diff line number Diff line
@@ -245,6 +245,10 @@ static inline bool fscrypt_valid_enc_modes(u32 contents_mode, 
	    filenames_mode == FSCRYPT_MODE_ADIANTUM)

		return true;



	if (contents_mode == FSCRYPT_MODE_PRIVATE &&

		filenames_mode == FSCRYPT_MODE_AES_256_CTS)

		return true;



	return false;

}

fs/crypto/keyring.c

+1 −1
Original line number Diff line number Diff line
@@ -652,7 +652,7 @@ int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg) 
			goto out_wipe_secret;



		err = -EINVAL;

		if (arg.__flags)

		if (arg.__flags & ~__FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED)

			goto out_wipe_secret;

		break;

	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:

fs/crypto/keysetup.c

+7 −0
Original line number Diff line number Diff line
@@ -47,6 +47,13 @@ struct fscrypt_mode fscrypt_modes[] = { 
		.ivsize = 32,

		.blk_crypto_mode = BLK_ENCRYPTION_MODE_ADIANTUM,

	},

	[FSCRYPT_MODE_PRIVATE] = {

		.friendly_name = "ice",

		.cipher_str = "xts(aes)",

		.keysize = 64,

		.ivsize = 16,

		.blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_256_XTS,

	},

};



static struct fscrypt_mode *

fs/crypto/keysetup_v1.c

+12 −0
Original line number Diff line number Diff line
@@ -284,6 +284,18 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, 
	u8 *derived_key;

	int err;



	/*Support legacy ice based content encryption mode*/

	if ((fscrypt_policy_contents_mode(&ci->ci_policy) ==

					  FSCRYPT_MODE_PRIVATE) &&

					  fscrypt_using_inline_encryption(ci)) {



		err = fscrypt_prepare_inline_crypt_key(&ci->ci_key,

						       raw_master_key,

						       ci->ci_mode->keysize,

						       false,

						       ci);

		return err;

	}

	/*

	 * This cannot be a stack buffer because it will be passed to the

	 * scatterlist crypto API during derive_key_aes().