• Michael Halcrow's avatar
    eCryptfs: Filename Encryption: Tag 70 packets · 9c79f34f
    Michael Halcrow authored
    This patchset implements filename encryption via a passphrase-derived
    mount-wide Filename Encryption Key (FNEK) specified as a mount parameter.
    Each encrypted filename has a fixed prefix indicating that eCryptfs should
    try to decrypt the filename.  When eCryptfs encounters this prefix, it
    decodes the filename into a tag 70 packet and then decrypts the packet
    contents using the FNEK, setting the filename to the decrypted filename.
    Both unencrypted and encrypted filenames can reside in the same lower
    filesystem.
    
    Because filename encryption expands the length of the filename during the
    encoding stage, eCryptfs will not properly handle filenames that are
    already near the maximum filename length.
    
    In the present implementation, eCryptfs must be able to produce a match
    against the lower encrypted and encoded filename representation when given
    a plaintext filename.  Therefore, two files having the same plaintext name
    will encrypt and encode into the same lower filename if they are both
    encrypted using the same FNEK.  This can be changed by finding a way to
    replace the prepended bytes in the blocked-aligned filename with random
    characters; they are hashes of the FNEK right now, so that it is possible
    to deterministically map from a plaintext filename to an encrypted and
    encoded filename in the lower filesystem.  An implementation using random
    characters will have to decode and decrypt every single directory entry in
    any given directory any time an event occurs wherein the VFS needs to
    determine whether a particular file exists in the lower directory and the
    decrypted and decoded filenames have not yet been extracted for that
    directory.
    
    Thanks to Tyler Hicks and David Kleikamp for assistance in the development
    of this patchset.
    
    This patch:
    
    A tag 70 packet contains a filename encrypted with a Filename Encryption
    Key (FNEK).  This patch implements functions for writing and parsing tag
    70 packets.  This patch also adds definitions and extends structures to
    support filename encryption.
    Signed-off-by: default avatarMichael Halcrow <mhalcrow@us.ibm.com>
    Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
    Cc: Eric Sandeen <sandeen@redhat.com>
    Cc: Tyler Hicks <tchicks@us.ibm.com>
    Cc: David Kleikamp <shaggy@us.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    9c79f34f
keystore.c 75.3 KB