fscrypt: split up FS_CRYPTO_BLOCK_SIZE · tjh.dev/kernel@63cec13

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fscrypt: split up FS_CRYPTO_BLOCK_SIZE

FS_CRYPTO_BLOCK_SIZE is neither the filesystem block size nor the
granularity of encryption. Rather, it defines two logically separate
constraints that both arise from the block size of the AES cipher:

- The alignment required for the lengths of file contents blocks
- The minimum input/output length for the filenames encryption modes

Since there are way too many things called the "block size", and the
connection with the AES block size is not easily understood, split
FS_CRYPTO_BLOCK_SIZE into two constants FSCRYPT_CONTENTS_ALIGNMENT and
FSCRYPT_FNAME_MIN_MSG_LEN that more clearly describe what they are.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20220405010914.18519-1-ebiggers@kernel.org

Eric Biggers 4 years ago 63cec138 ce522ba9

+26 -9

4 changed files

expand all

crypto

crypto.c

fname.c

ubifs

ubifs.h

include

linux

fscrypt.h

+5 -5

fs/crypto/crypto.c

··· 113 113 114 114 if (WARN_ON_ONCE(len <= 0)) 115 115 return -EINVAL; 116 - if (WARN_ON_ONCE(len % FS_CRYPTO_BLOCK_SIZE != 0)) 116 + if (WARN_ON_ONCE(len % FSCRYPT_CONTENTS_ALIGNMENT != 0)) 117 117 return -EINVAL; 118 118 119 119 fscrypt_generate_iv(&iv, lblk_num, ci); ··· 213 213 * fscrypt_encrypt_block_inplace() - Encrypt a filesystem block in-place 214 214 * @inode: The inode to which this block belongs 215 215 * @page: The page containing the block to encrypt 216 - * @len: Size of block to encrypt. Doesn't need to be a multiple of the 217 - * fs block size, but must be a multiple of FS_CRYPTO_BLOCK_SIZE. 216 + * @len: Size of block to encrypt. This must be a multiple of 217 + * FSCRYPT_CONTENTS_ALIGNMENT. 218 218 * @offs: Byte offset within @page at which the block to encrypt begins 219 219 * @lblk_num: Filesystem logical block number of the block, i.e. the 0-based 220 220 * number of the block within the file ··· 283 283 * fscrypt_decrypt_block_inplace() - Decrypt a filesystem block in-place 284 284 * @inode: The inode to which this block belongs 285 285 * @page: The page containing the block to decrypt 286 - * @len: Size of block to decrypt. Doesn't need to be a multiple of the 287 - * fs block size, but must be a multiple of FS_CRYPTO_BLOCK_SIZE. 286 + * @len: Size of block to decrypt. This must be a multiple of 287 + * FSCRYPT_CONTENTS_ALIGNMENT. 288 288 * @offs: Byte offset within @page at which the block to decrypt begins 289 289 * @lblk_num: Filesystem logical block number of the block, i.e. the 0-based 290 290 * number of the block within the file

+9 -2

fs/crypto/fname.c

··· 19 19 #include "fscrypt_private.h" 20 20 21 21 /* 22 + * The minimum message length (input and output length), in bytes, for all 23 + * filenames encryption modes. Filenames shorter than this will be zero-padded 24 + * before being encrypted. 25 + */ 26 + #define FSCRYPT_FNAME_MIN_MSG_LEN 16 27 + 28 + /* 22 29 * struct fscrypt_nokey_name - identifier for directory entry when key is absent 23 30 * 24 31 * When userspace lists an encrypted directory without access to the key, the ··· 274 267 275 268 if (orig_len > max_len) 276 269 return false; 277 - encrypted_len = max(orig_len, (u32)FS_CRYPTO_BLOCK_SIZE); 270 + encrypted_len = max_t(u32, orig_len, FSCRYPT_FNAME_MIN_MSG_LEN); 278 271 encrypted_len = round_up(encrypted_len, padding); 279 272 *encrypted_len_ret = min(encrypted_len, max_len); 280 273 return true; ··· 357 350 return 0; 358 351 } 359 352 360 - if (iname->len < FS_CRYPTO_BLOCK_SIZE) 353 + if (iname->len < FSCRYPT_FNAME_MIN_MSG_LEN) 361 354 return -EUCLEAN; 362 355 363 356 if (fscrypt_has_encryption_key(inode))

+1 -1

fs/ubifs/ubifs.h

··· 132 132 #define WORST_COMPR_FACTOR 2 133 133 134 134 #ifdef CONFIG_FS_ENCRYPTION 135 - #define UBIFS_CIPHER_BLOCK_SIZE FS_CRYPTO_BLOCK_SIZE 135 + #define UBIFS_CIPHER_BLOCK_SIZE FSCRYPT_CONTENTS_ALIGNMENT 136 136 #else 137 137 #define UBIFS_CIPHER_BLOCK_SIZE 0 138 138 #endif

+11 -1

include/linux/fscrypt.h

··· 18 18 #include <linux/slab.h> 19 19 #include <uapi/linux/fscrypt.h> 20 20 21 - #define FS_CRYPTO_BLOCK_SIZE 16 21 + /* 22 + * The lengths of all file contents blocks must be divisible by this value. 23 + * This is needed to ensure that all contents encryption modes will work, as 24 + * some of the supported modes don't support arbitrarily byte-aligned messages. 25 + * 26 + * Since the needed alignment is 16 bytes, most filesystems will meet this 27 + * requirement naturally, as typical block sizes are powers of 2. However, if a 28 + * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via 29 + * compression), then it will need to pad to this alignment before encryption. 30 + */ 31 + #define FSCRYPT_CONTENTS_ALIGNMENT 16 22 32 23 33 union fscrypt_policy; 24 34 struct fscrypt_info;