• Eric Biggers's avatar
    fscrypt: add support for IV_INO_LBLK_32 policies · e3b1078b
    Eric Biggers authored
    The eMMC inline crypto standard will only specify 32 DUN bits (a.k.a. IV
    bits), unlike UFS's 64.  IV_INO_LBLK_64 is therefore not applicable, but
    an encryption format which uses one key per policy and permits the
    moving of encrypted file contents (as f2fs's garbage collector requires)
    is still desirable.
    
    To support such hardware, add a new encryption format IV_INO_LBLK_32
    that makes the best use of the 32 bits: the IV is set to
    'SipHash-2-4(inode_number) + file_logical_block_number mod 2^32', where
    the SipHash key is derived from the fscrypt master key.  We hash only
    the inode number and not also the block number, because we need to
    maintain contiguity of DUNs to merge bios.
    
    Unlike with IV_INO_LBLK_64, with this format IV reuse is possible; this
    is unavoidable given the size of the DUN.  This means this format should
    only be used where the requirements of the first paragraph apply.
    However, the hash spreads out the IVs in the whole usable range, and the
    use of a keyed hash makes it difficult for an attacker to determine
    which files use which IVs.
    
    Besides the above differences, this flag works like IV_INO_LBLK_64 in
    that on ext4 it is only allowed if the stable_inodes feature has been
    enabled to prevent inode numbers and the filesystem UUID from changing.
    
    Link: https://lore.kernel.org/r/20200515204141.251098-1-ebiggers@kernel.orgReviewed-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Reviewed-by: default avatarPaul Crowley <paulcrowley@google.com>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    e3b1078b
crypto.c 12.4 KB