Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c8bc35f2 authored by Eric Biggers's avatar Eric Biggers Committed by Lee Jones
Browse files

BACKPORT: fscrypt: rename FS_KEY_DERIVATION_NONCE_SIZE 

The name "FS_KEY_DERIVATION_NONCE_SIZE" is a bit outdated since due to
the addition of FSCRYPT_POLICY_FLAG_DIRECT_KEY, the file nonce may now
be used as a tweak instead of for key derivation.  Also, we're now
prefixing the fscrypt constants with "FSCRYPT_" instead of "FS_".

Therefore, rename this constant to FSCRYPT_FILE_NONCE_SIZE.

Bug: 254441685
Link: https://lore.kernel.org/r/20200708215722.147154-1-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
[Lee: Back-ported to solve a dependency issue]
(cherry picked from commit 1d6217a4f9905917ee63315c8ea3d63833792f51)
Signed-off-by: default avatarLee Jones <joneslee@google.com>
Change-Id: I5eae506505d9432b95dabf620b79a6b8ca1e0d6a
parent 0aad5861

Documentation/filesystems/fscrypt.rst

+3 −3
Original line number Diff line number Diff line
@@ -1158,7 +1158,7 @@ setxattr() because of the special semantics of the encryption xattr. 
were to be added to or removed from anything other than an empty

directory.)  These structs are defined as follows::



    #define FS_KEY_DERIVATION_NONCE_SIZE 16

    #define FSCRYPT_FILE_NONCE_SIZE 16



    #define FSCRYPT_KEY_DESCRIPTOR_SIZE  8

    struct fscrypt_context_v1 {
@@ -1167,7 +1167,7 @@ directory.) These structs are defined as follows:: 
            u8 filenames_encryption_mode;

            u8 flags;

            u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];

            u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

            u8 nonce[FSCRYPT_FILE_NONCE_SIZE];

    };



    #define FSCRYPT_KEY_IDENTIFIER_SIZE  16
@@ -1178,7 +1178,7 @@ directory.) These structs are defined as follows:: 
            u8 flags;

            u8 __reserved[4];

            u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];

            u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

            u8 nonce[FSCRYPT_FILE_NONCE_SIZE];

    };



The context structs contain the same information as the corresponding

fs/crypto/crypto.c

+1 −1
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, 
		WARN_ON_ONCE(lblk_num > U32_MAX);

		lblk_num = (u32)(ci->ci_hashed_ino + lblk_num);

	} else if (flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) {

		memcpy(iv->nonce, ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE);

		memcpy(iv->nonce, ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE);

	}

	iv->lblk_num = cpu_to_le64(lblk_num);

}

fs/crypto/fscrypt_private.h

+6 −6
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ 


#define CONST_STRLEN(str)	(sizeof(str) - 1)



#define FS_KEY_DERIVATION_NONCE_SIZE	16

#define FSCRYPT_FILE_NONCE_SIZE	16



#define FSCRYPT_MIN_KEY_SIZE	16

#define FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE	128
@@ -36,7 +36,7 @@ struct fscrypt_context_v1 { 
	u8 filenames_encryption_mode;

	u8 flags;

	u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];

	u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

	u8 nonce[FSCRYPT_FILE_NONCE_SIZE];

};



struct fscrypt_context_v2 {
@@ -46,7 +46,7 @@ struct fscrypt_context_v2 { 
	u8 flags;

	u8 __reserved[4];

	u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];

	u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

	u8 nonce[FSCRYPT_FILE_NONCE_SIZE];

};



/*
@@ -249,7 +249,7 @@ struct fscrypt_info { 
	union fscrypt_policy ci_policy;



	/* This inode's nonce, copied from the fscrypt_context */

	u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE];

	u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];



	/* Hashed inode number.  Only set for IV_INO_LBLK_32 */

	u32 ci_hashed_ino;
@@ -285,7 +285,7 @@ union fscrypt_iv { 
		__le64 lblk_num;



		/* per-file nonce; only set in DIRECT_KEY mode */

		u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];

		u8 nonce[FSCRYPT_FILE_NONCE_SIZE];

	};

	u8 raw[FSCRYPT_MAX_IV_SIZE];

	__le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];

fs/crypto/keysetup.c

+3 −4
Original line number Diff line number Diff line
@@ -246,7 +246,7 @@ int fscrypt_derive_dirhash_key(struct fscrypt_info *ci, 
	int err;



	err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_DIRHASH_KEY,

				  ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE,

				  ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,

				  (u8 *)&ci->ci_dirhash_key,

				  sizeof(ci->ci_dirhash_key));

	if (err)
@@ -335,8 +335,7 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci, 


		err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf,

					  HKDF_CONTEXT_PER_FILE_ENC_KEY,

					  ci->ci_nonce,

					  FS_KEY_DERIVATION_NONCE_SIZE,

					  ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,

					  derived_key, ci->ci_mode->keysize);

		if (err)

			return err;
@@ -545,7 +544,7 @@ int fscrypt_get_encryption_info(struct inode *inode) 
	}



	memcpy(crypt_info->ci_nonce, fscrypt_context_nonce(&ctx),

	       FS_KEY_DERIVATION_NONCE_SIZE);

	       FSCRYPT_FILE_NONCE_SIZE);



	if (!fscrypt_supported_policy(&crypt_info->ci_policy, inode)) {

		res = -EINVAL;

fs/crypto/keysetup_v1.c

+2 −2
Original line number Diff line number Diff line
@@ -45,7 +45,7 @@ static DEFINE_SPINLOCK(fscrypt_direct_keys_lock); 
 * key is longer, then only the first 'derived_keysize' bytes are used.

 */

static int derive_key_aes(const u8 *master_key,

			  const u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE],

			  const u8 nonce[FSCRYPT_FILE_NONCE_SIZE],

			  u8 *derived_key, unsigned int derived_keysize)

{

	int res = 0;
@@ -68,7 +68,7 @@ static int derive_key_aes(const u8 *master_key, 
	skcipher_request_set_callback(req,

			CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,

			crypto_req_done, &wait);

	res = crypto_skcipher_setkey(tfm, nonce, FS_KEY_DERIVATION_NONCE_SIZE);

	res = crypto_skcipher_setkey(tfm, nonce, FSCRYPT_FILE_NONCE_SIZE);

	if (res < 0)

		goto out;