Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull fscrypt updates from Eric Biggers:
"A couple bug fixes for fs/crypto/:

- Fix handling of major dirhash values that happen to be 0.

- Fix cases where keys were derived differently on big endian systems
than on little endian systems (affecting some newer features only)"

* tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt:
fscrypt: fix derivation of SipHash keys on big endian CPUs
fscrypt: don't ignore minor_hash when hash is 0

Linus Torvalds 4 years ago a58e2035 a60c538e

+35 -15

2 changed files

expand all

crypto

fname.c

keysetup.c

+3 -7

fs/crypto/fname.c

··· 344 344 offsetof(struct fscrypt_nokey_name, sha256)); 345 345 BUILD_BUG_ON(BASE64_CHARS(FSCRYPT_NOKEY_NAME_MAX) > NAME_MAX); 346 346 347 - if (hash) { 348 - nokey_name.dirhash[0] = hash; 349 - nokey_name.dirhash[1] = minor_hash; 350 - } else { 351 - nokey_name.dirhash[0] = 0; 352 - nokey_name.dirhash[1] = 0; 353 - } 347 + nokey_name.dirhash[0] = hash; 348 + nokey_name.dirhash[1] = minor_hash; 349 + 354 350 if (iname->len <= sizeof(nokey_name.bytes)) { 355 351 memcpy(nokey_name.bytes, iname->name, iname->len); 356 352 size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]);

+32 -8

fs/crypto/keysetup.c

··· 210 210 return err; 211 211 } 212 212 213 + /* 214 + * Derive a SipHash key from the given fscrypt master key and the given 215 + * application-specific information string. 216 + * 217 + * Note that the KDF produces a byte array, but the SipHash APIs expect the key 218 + * as a pair of 64-bit words. Therefore, on big endian CPUs we have to do an 219 + * endianness swap in order to get the same results as on little endian CPUs. 220 + */ 221 + static int fscrypt_derive_siphash_key(const struct fscrypt_master_key *mk, 222 + u8 context, const u8 *info, 223 + unsigned int infolen, siphash_key_t *key) 224 + { 225 + int err; 226 + 227 + err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, context, info, infolen, 228 + (u8 *)key, sizeof(*key)); 229 + if (err) 230 + return err; 231 + 232 + BUILD_BUG_ON(sizeof(*key) != 16); 233 + BUILD_BUG_ON(ARRAY_SIZE(key->key) != 2); 234 + le64_to_cpus(&key->key[0]); 235 + le64_to_cpus(&key->key[1]); 236 + return 0; 237 + } 238 + 213 239 int fscrypt_derive_dirhash_key(struct fscrypt_info *ci, 214 240 const struct fscrypt_master_key *mk) 215 241 { 216 242 int err; 217 243 218 - err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_DIRHASH_KEY, 219 - ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE, 220 - (u8 *)&ci->ci_dirhash_key, 221 - sizeof(ci->ci_dirhash_key)); 244 + err = fscrypt_derive_siphash_key(mk, HKDF_CONTEXT_DIRHASH_KEY, 245 + ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE, 246 + &ci->ci_dirhash_key); 222 247 if (err) 223 248 return err; 224 249 ci->ci_dirhash_key_initialized = true; ··· 278 253 if (mk->mk_ino_hash_key_initialized) 279 254 goto unlock; 280 255 281 - err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, 282 - HKDF_CONTEXT_INODE_HASH_KEY, NULL, 0, 283 - (u8 *)&mk->mk_ino_hash_key, 284 - sizeof(mk->mk_ino_hash_key)); 256 + err = fscrypt_derive_siphash_key(mk, 257 + HKDF_CONTEXT_INODE_HASH_KEY, 258 + NULL, 0, &mk->mk_ino_hash_key); 285 259 if (err) 286 260 goto unlock; 287 261 /* pairs with smp_load_acquire() above */