linux-stable/fs/crypto
Daniel Rosenberg 6e1918cfb2 fscrypt: don't allow v1 policies with casefolding
Casefolded encrypted directories will use a new dirhash method that
requires a secret key.  If the directory uses a v2 encryption policy,
it's easy to derive this key from the master key using HKDF.  However,
v1 encryption policies don't provide a way to derive additional keys.

Therefore, don't allow casefolding on directories that use a v1 policy.
Specifically, make it so that trying to enable casefolding on a
directory that has a v1 policy fails, trying to set a v1 policy on a
casefolded directory fails, and trying to open a casefolded directory
that has a v1 policy (if one somehow exists on-disk) fails.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
[EB: improved commit message, updated fscrypt.rst, and other cleanups]
Link: https://lore.kernel.org/r/20200120223201.241390-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-01-22 14:47:15 -08:00
..
bio.c fscrypt: optimize fscrypt_zeroout_range() 2020-01-14 12:50:33 -08:00
crypto.c fscrypt: document gfp_flags for bounce page allocation 2020-01-14 12:51:12 -08:00
fname.c fscrypt: add "fscrypt_" prefix to fname_encrypt() 2020-01-22 14:45:10 -08:00
fscrypt_private.h fscrypt: add "fscrypt_" prefix to fname_encrypt() 2020-01-22 14:45:10 -08:00
hkdf.c fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand() 2019-12-31 10:33:50 -06:00
hooks.c fscrypt: don't allow v1 policies with casefolding 2020-01-22 14:47:15 -08:00
Kconfig fscrypt: Allow modular crypto algorithms 2019-12-31 10:33:51 -06:00
keyring.c fscrypt: don't print name of busy file when removing key 2020-01-22 14:45:08 -08:00
keysetup_v1.c fscrypt: check for appropriate use of DIRECT_KEY flag earlier 2019-12-31 10:33:50 -06:00
keysetup.c fscrypt: check for appropriate use of DIRECT_KEY flag earlier 2019-12-31 10:33:50 -06:00
Makefile fscrypt: add an HKDF-SHA512 implementation 2019-08-12 19:18:50 -07:00
policy.c fscrypt: don't allow v1 policies with casefolding 2020-01-22 14:47:15 -08:00