Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / a44cd7a05496d60fd2ba8cca080e3db8f481549b^! / . / fs / ext4 / crypto_fname.c
commita44cd7a05496d60fd2ba8cca080e3db8f481549b[log] [tgz]
authorTheodore Ts'o <tytso@mit.edu>Fri May 01 16:56:50 2015 -0400
committerTheodore Ts'o <tytso@mit.edu>Fri May 01 16:56:50 2015 -0400
treedd8d05d845817e4a429804d8ffe09dd68b6881e6
parent5de0b4d0cd153c471640b13aae6ae6d18d0a4603 [diff] [blame]
ext4 crypto: add padding to filenames before encrypting

This obscures the length of the filenames, to decrease the amount of
information leakage.  By default, we pad the filenames to the next 4
byte boundaries.  This costs nothing, since the directory entries are
aligned to 4 byte boundaries anyway.  Filenames can also be padded to
8, 16, or 32 bytes, which will consume more directory space.

Change-Id: Ibb7a0fb76d2c48e2061240a709358ff40b14f322
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
index 7a877e6..fded02f 100644
--- a/fs/ext4/crypto_fname.c
+++ b/fs/ext4/crypto_fname.c

@@ -66,6 +66,7 @@
 	int res = 0;
 	char iv[EXT4_CRYPTO_BLOCK_SIZE];
 	struct scatterlist sg[1];
+	int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK);
 	char *workbuf;
 
 	if (iname->len <= 0 || iname->len > ctx->lim)
@@ -73,6 +74,7 @@
 
 	ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ?
 		EXT4_CRYPTO_BLOCK_SIZE : iname->len;
+	ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding);
 	ciphertext_len = (ciphertext_len > ctx->lim)
 			? ctx->lim : ciphertext_len;
 
@@ -101,7 +103,7 @@
 	/* Create encryption request */
 	sg_init_table(sg, 1);
 	sg_set_page(sg, ctx->workpage, PAGE_SIZE, 0);
-	ablkcipher_request_set_crypt(req, sg, sg, iname->len, iv);
+	ablkcipher_request_set_crypt(req, sg, sg, ciphertext_len, iv);
 	res = crypto_ablkcipher_encrypt(req);
 	if (res == -EINPROGRESS || res == -EBUSY) {
 		BUG_ON(req->base.data != &ecr);
@@ -356,6 +358,7 @@
 	if (IS_ERR(ctx))
 		return ctx;
 
+	ctx->flags = ei->i_crypt_policy_flags;
 	if (ctx->has_valid_key) {
 		if (ctx->key.mode != EXT4_ENCRYPTION_MODE_AES_256_CTS) {
 			printk_once(KERN_WARNING
@@ -468,6 +471,7 @@
 				      u32 namelen)
 {
 	u32 ciphertext_len;
+	int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK);
 
 	if (ctx == NULL)
 		return -EIO;
@@ -475,6 +479,7 @@
 		return -EACCES;
 	ciphertext_len = (namelen < EXT4_CRYPTO_BLOCK_SIZE) ?
 		EXT4_CRYPTO_BLOCK_SIZE : namelen;
+	ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding);
 	ciphertext_len = (ciphertext_len > ctx->lim)
 			? ctx->lim : ciphertext_len;
 	return (int) ciphertext_len;
@@ -490,10 +495,13 @@
 				   u32 ilen, struct ext4_str *crypto_str)
 {
 	unsigned int olen;
+	int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK);
 
 	if (!ctx)
 		return -EIO;
-	olen = ext4_fname_crypto_round_up(ilen, EXT4_CRYPTO_BLOCK_SIZE);
+	if (padding < EXT4_CRYPTO_BLOCK_SIZE)
+		padding = EXT4_CRYPTO_BLOCK_SIZE;
+	olen = ext4_fname_crypto_round_up(ilen, padding);
 	crypto_str->len = olen;
 	if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2)
 		olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2;