mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 08:02:30 +00:00
aa408f835d
When we allow indexed directories to use both encryption and casefolding, for the dirhash we can't just hash the ciphertext filenames that are stored on-disk (as is done currently) because the dirhash must be case insensitive, but the stored names are case-preserving. Nor can we hash the plaintext names with an unkeyed hash (or a hash keyed with a value stored on-disk like ext4's s_hash_seed), since that would leak information about the names that encryption is meant to protect. Instead, if we can accept a dirhash that's only computable when the fscrypt key is available, we can hash the plaintext names with a keyed hash using a secret key derived from the directory's fscrypt master key. We'll use SipHash-2-4 for this purpose. Prepare for this by deriving a SipHash key for each casefolded encrypted directory. Make sure to handle deriving the key not only when setting up the directory's fscrypt_info, but also in the case where the casefold flag is enabled after the fscrypt_info was already set up. (We could just always derive the key regardless of casefolding, but that would introduce unnecessary overhead for people not using casefolding.) Signed-off-by: Daniel Rosenberg <drosen@google.com> [EB: improved commit message, updated fscrypt.rst, squashed with change that avoids unnecessarily deriving the key, and many other cleanups] Link: https://lore.kernel.org/r/20200120223201.241390-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
---|---|---|
.. | ||
caching | ||
cifs | ||
configfs | ||
ext4 | ||
nfs | ||
9p.txt | ||
adfs.txt | ||
affs.txt | ||
afs.txt | ||
api-summary.rst | ||
autofs-mount-control.txt | ||
autofs.rst | ||
automount-support.txt | ||
befs.txt | ||
bfs.txt | ||
btrfs.txt | ||
ceph.txt | ||
coda.txt | ||
cramfs.txt | ||
dax.txt | ||
debugfs.txt | ||
devpts.txt | ||
directory-locking.rst | ||
dlmfs.txt | ||
dnotify.txt | ||
ecryptfs.txt | ||
efivarfs.txt | ||
erofs.txt | ||
ext2.txt | ||
ext3.txt | ||
f2fs.txt | ||
fiemap.txt | ||
files.txt | ||
fscrypt.rst | ||
fsverity.rst | ||
fuse-io.txt | ||
fuse.txt | ||
gfs2-glocks.txt | ||
gfs2-uevents.txt | ||
gfs2.txt | ||
hfs.txt | ||
hfsplus.txt | ||
hpfs.txt | ||
index.rst | ||
inotify.txt | ||
isofs.txt | ||
journalling.rst | ||
locking.rst | ||
locks.txt | ||
mandatory-locking.txt | ||
mount_api.txt | ||
nilfs2.txt | ||
ntfs.txt | ||
ocfs2-online-filecheck.txt | ||
ocfs2.txt | ||
omfs.txt | ||
orangefs.txt | ||
overlayfs.rst | ||
path-lookup.rst | ||
path-lookup.txt | ||
porting.rst | ||
proc.txt | ||
qnx6.txt | ||
quota.txt | ||
ramfs-rootfs-initramfs.txt | ||
relay.txt | ||
romfs.txt | ||
seq_file.txt | ||
sharedsubtree.txt | ||
splice.rst | ||
spufs.txt | ||
squashfs.txt | ||
sysfs-pci.txt | ||
sysfs-tagging.txt | ||
sysfs.txt | ||
sysv-fs.txt | ||
tmpfs.txt | ||
ubifs-authentication.rst | ||
ubifs.txt | ||
udf.txt | ||
vfat.txt | ||
vfs.rst | ||
virtiofs.rst | ||
xfs-delayed-logging-design.txt | ||
xfs-self-describing-metadata.txt |