mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 02:20:40 +00:00
Code Issues Releases Wiki Activity
linux-stable/Documentation/filesystems
History
Eric Biggers 9630d4d0d1 fscrypt: allow 256-bit master keys with AES-256-XTS 
[ Upstream commit 7f595d6a6c ]

fscrypt currently requires a 512-bit master key when AES-256-XTS is
used, since AES-256-XTS keys are 512-bit and fscrypt requires that the
master key be at least as long any key that will be derived from it.

However, this is overly strict because AES-256-XTS doesn't actually have
a 512-bit security strength, but rather 256-bit.  The fact that XTS
takes twice the expected key size is a quirk of the XTS mode.  It is
sufficient to use 256 bits of entropy for AES-256-XTS, provided that it
is first properly expanded into a 512-bit key, which HKDF-SHA512 does.

Therefore, relax the check of the master key size to use the security
strength of the derived key rather than the size of the derived key
(except for v1 encryption policies, which don't use HKDF).

Besides making things more flexible for userspace, this is needed in
order for the use of a KDF which only takes a 256-bit key to be
introduced into the fscrypt key hierarchy.  This will happen with
hardware-wrapped keys support, as all known hardware which supports that
feature uses an SP800-108 KDF using AES-256-CMAC, so the wrapped keys
are wrapped 256-bit AES keys.  Moreover, there is interest in fscrypt
supporting the same type of AES-256-CMAC based KDF in software as an
alternative to HKDF-SHA512.  There is no security problem with such
features, so fix the key length check to work properly with them.

Reviewed-by: Paul Crowley <paulcrowley@google.com>
Link: https://lore.kernel.org/r/20210921030303.5598-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 19:16:11 +01:00
..
caching docs: filesystems: Replace HTTP links with HTTPS ones 2020-07-13 09:33:22 -06:00
cifs ksmbd: update SMB3 multi-channel support in ksmbd.rst 2021-08-13 08:18:15 +09:00
ext4 ext4: Orphan file documentation 2021-08-30 23:36:51 -04:00
nfs nfsd: close cached files prior to a REMOVE or RENAME that would replace target 2020-12-09 09:39:38 -05:00
spufs docs: filesystems: convert spufs/spu_run.txt to ReST 2020-05-05 09:22:24 -06:00
9p.rst Replace HTTP links with HTTPS ones: 9P FILE SYSTEM 2020-07-13 11:28:12 -06:00
adfs.rst docs: filesystems: convert adfs.txt to ReST 2020-03-02 13:58:44 -07:00
affs.rst affs: fix basic permission bits to actually work 2020-08-31 12:20:31 +02:00
afs.rst AFS: Documentation: fix a few typos in afs.rst 2021-01-21 14:06:00 -07:00
api-summary.rst block: move fs/block_dev.c to block/bdev.c 2021-09-07 08:39:40 -06:00
autofs-mount-control.rst Documentation: filesystems: autofs-mount-control: drop doubled words 2020-07-05 14:44:29 -06:00
autofs.rst docs: filesystems: Add mount map description in Content 2019-11-18 12:19:59 -07:00
automount-support.rst docs: filesystems: convert automount-support.txt to ReST 2020-05-05 09:22:21 -06:00
befs.rst docs: filesystems: convert befs.txt to ReST 2020-03-02 14:01:25 -07:00
bfs.rst docs: filesystems: convert bfs.txt to ReST 2020-03-02 14:01:26 -07:00
btrfs.rst docs: filesystems: convert btrfs.txt to ReST 2020-03-02 14:01:28 -07:00
ceph.rst libceph, rbd, ceph: "blacklist" -> "blocklist" 2020-10-12 15:29:26 +02:00
coda.rst Documentation: coda: annotate duplicated words 2020-07-13 10:02:32 -06:00
configfs.rst Documentation: filesystems: configfs: drop doubled word 2020-07-05 14:44:29 -06:00
cramfs.rst docs: filesystems: convert cramfs.txt to ReST 2020-03-02 14:02:07 -07:00
dax.rst docs: convert dax.txt to rst 2021-06-04 11:31:02 -06:00
debugfs.rst debugfs: remove return value of debugfs_create_bool() 2021-05-21 20:59:03 +02:00
devpts.rst docs: filesystems: convert devpts.txt to ReST 2020-05-05 09:22:21 -06:00
directory-locking.rst Documentation: filesystems: directory-locking: drop doubled word 2020-07-05 14:44:29 -06:00
dlmfs.rst ocfs2: replace HTTP links with HTTPS ones 2020-08-07 11:33:22 -07:00
dnotify.rst docs: filesystems: convert dnotify.txt to ReST 2020-05-05 09:22:22 -06:00
ecryptfs.rst docs: prevent warnings due to autosectionlabel 2020-03-20 17:01:29 -06:00
efivarfs.rst docs: filesystems: add info about efivars content 2020-05-25 18:59:59 -06:00
erofs.rst erofs: introduce chunk-based file on-disk format 2021-08-20 22:38:01 +08:00
ext2.rst docs: fix a cross-ref 2021-06-13 17:02:46 -06:00
ext3.rst docs: filesystems: convert ext3.txt to ReST 2020-03-02 14:03:16 -07:00
f2fs.rst f2fs: fix to keep compatibility of fault injection interface 2021-08-17 11:59:05 -07:00
fiemap.rst A lot of bug fixes and cleanups for ext4, including: 2020-06-05 16:19:28 -07:00
files.rst file: Rename fcheck lookup_fd_rcu 2020-12-10 12:40:07 -06:00
fscrypt.rst fscrypt: allow 256-bit master keys with AES-256-XTS 2021-11-18 19:16:11 +01:00
fsverity.rst fs-verity: support reading signature with ioctl 2021-02-07 14:51:19 -08:00
fuse-io.rst docs: filesystems: convert fuse-io.txt to ReST 2020-05-05 09:22:22 -06:00
fuse.rst fuse: update project homepage 2020-09-04 11:32:10 +02:00
gfs2-glocks.rst docs: filesystems: convert gfs2-glocks.txt to ReST 2020-06-02 19:45:05 +02:00
gfs2-uevents.rst docs: filesystems: convert gfs2-uevents.txt to ReST 2020-03-02 14:03:35 -07:00
gfs2.rst Documentation: Update filesystems/gfs2.rst 2020-12-01 00:25:20 +01:00
hfs.rst Replace HTTP links with HTTPS ones: Documentation/filesystems 2020-06-26 11:14:12 -06:00
hfsplus.rst docs: filesystems: convert hfsplus.txt to ReST 2020-03-02 14:03:47 -07:00
hpfs.rst Replace HTTP links with HTTPS ones: Documentation/filesystems 2020-06-26 11:14:12 -06:00
idmappings.rst doc: give a more thorough id handling explanation 2021-08-11 15:28:32 +02:00
index.rst Merge git://github.com/Paragon-Software-Group/linux-ntfs3 2021-09-04 11:15:50 -07:00
inotify.rst docs: filesystems: convert inotify.txt to ReST 2020-03-02 14:03:55 -07:00
isofs.rst docs: filesystems: convert isofs.txt to ReST 2020-03-02 14:04:06 -07:00
journalling.rst jbd2: drop jbd2_fc_init documentation 2020-11-06 23:01:03 -05:00
locking.rst overlayfs update for 5.15 2021-09-02 09:21:27 -07:00
locks.rst docs: filesystems: convert mandatory-locking.txt to ReST 2020-05-05 09:22:22 -06:00
mount_api.rst Documentation: mount_api: change kernel log wording 2020-12-03 15:53:13 -07:00
netfs_library.rst netfs: Documentation for helper library 2021-04-23 10:14:32 +01:00
nilfs2.rst docs: filesystems: convert nilfs2.txt to ReST 2020-03-02 14:04:06 -07:00
ntfs.rst docs: filesystems: convert ntfs.txt to ReST 2020-03-02 14:04:06 -07:00
ntfs3.rst Doc/fs/ntfs3: Fix rst format and make it cleaner 2021-09-20 18:53:12 +03:00
ocfs2-online-filecheck.rst docs: filesystems: convert ocfs2-online-filecheck.txt to ReST 2020-03-02 14:04:06 -07:00
ocfs2.rst ocfs2: replace HTTP links with HTTPS ones 2020-08-07 11:33:22 -07:00
omfs.rst Replace HTTP links with HTTPS ones: OMFS 2020-07-13 11:24:43 -06:00
orangefs.rst docs: orangefs: fix pvfs2tab literal block 2020-04-28 12:35:47 -06:00
overlayfs.rst ovl: skip checking lower file's i_writecount on truncate 2021-08-17 11:47:44 +02:00
path-lookup.rst Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-07-03 11:41:14 -07:00
path-lookup.txt Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
porting.rst Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-07-03 11:41:14 -07:00
proc.rst procfs/dmabuf: add inode number to /proc/*/fdinfo 2021-07-01 11:06:04 -07:00
qnx6.rst docs: filesystems: fix typo in qnx6.rst 2020-04-07 13:20:56 -06:00
quota.rst quota: Fixup http links in quota doc 2020-07-09 08:14:01 +02:00
ramfs-rootfs-initramfs.rst Documentation: Fix intiramfs script name 2021-07-18 23:48:14 +09:00
relay.rst docs: filesystems: convert relay.txt to ReST 2020-03-02 14:04:41 -07:00
romfs.rst docs: filesystems: convert romfs.txt to ReST 2020-03-02 14:04:41 -07:00
seq_file.rst seq_file: document how per-entry resources are managed. 2021-02-26 09:41:05 -08:00
sharedsubtree.rst docs: filesystems: convert sharedsubtree.txt to ReST 2020-05-05 09:22:23 -06:00
splice.rst
squashfs.rst docs: filesystems: convert squashfs.txt to ReST 2020-03-02 14:04:41 -07:00
sysfs.rst Driver Core patches for 5.10-rc1 2020-10-14 16:09:32 -07:00
sysv-fs.rst docs: filesystems: convert sysv-fs.txt to ReST 2020-03-02 14:04:41 -07:00
tmpfs.rst tmpfs: fix Documentation nits 2020-12-15 12:13:39 -08:00
ubifs-authentication.rst docs: ubifs-authentication: Add a top-level heading 2020-09-09 11:53:33 -06:00
ubifs.rst docs: filesystems: convert ubifs.txt to ReST 2020-03-02 14:04:41 -07:00
udf.rst udf: Replace HTTP links with HTTPS ones 2020-07-14 14:37:39 +02:00
vfat.rst docs: filesystems: Fix a mundane typo 2021-03-25 11:51:23 -06:00
vfs.rst vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
virtiofs.rst virtiofs: Add mount option and atime behavior to the doc 2020-04-20 17:01:34 +02:00
xfs-delayed-logging-design.rst docs: filesystems: convert xfs-delayed-logging-design.txt to ReST 2020-05-05 09:22:24 -06:00
xfs-self-describing-metadata.rst New code for 5.8: 2020-06-02 19:21:40 -07:00
zonefs.rst zonefs: document the explicit-open mount option 2020-09-15 18:32:58 +09:00