Skip to content

Commit 1d6217a

Browse files
committed
fscrypt: rename FS_KEY_DERIVATION_NONCE_SIZE
The name "FS_KEY_DERIVATION_NONCE_SIZE" is a bit outdated since due to the addition of FSCRYPT_POLICY_FLAG_DIRECT_KEY, the file nonce may now be used as a tweak instead of for key derivation. Also, we're now prefixing the fscrypt constants with "FSCRYPT_" instead of "FS_". Therefore, rename this constant to FSCRYPT_FILE_NONCE_SIZE. Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Eric Biggers <[email protected]>
1 parent e455de3 commit 1d6217a

File tree

6 files changed

+16
-17
lines changed

6 files changed

+16
-17
lines changed

Documentation/filesystems/fscrypt.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1158,7 +1158,7 @@ setxattr() because of the special semantics of the encryption xattr.
11581158
were to be added to or removed from anything other than an empty
11591159
directory.) These structs are defined as follows::
11601160

1161-
#define FS_KEY_DERIVATION_NONCE_SIZE 16
1161+
#define FSCRYPT_FILE_NONCE_SIZE 16
11621162

11631163
#define FSCRYPT_KEY_DESCRIPTOR_SIZE 8
11641164
struct fscrypt_context_v1 {
@@ -1167,7 +1167,7 @@ directory.) These structs are defined as follows::
11671167
u8 filenames_encryption_mode;
11681168
u8 flags;
11691169
u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
1170-
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
1170+
u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
11711171
};
11721172

11731173
#define FSCRYPT_KEY_IDENTIFIER_SIZE 16
@@ -1178,7 +1178,7 @@ directory.) These structs are defined as follows::
11781178
u8 flags;
11791179
u8 __reserved[4];
11801180
u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
1181-
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
1181+
u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
11821182
};
11831183

11841184
The context structs contain the same information as the corresponding

fs/crypto/crypto.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
8484
WARN_ON_ONCE(lblk_num > U32_MAX);
8585
lblk_num = (u32)(ci->ci_hashed_ino + lblk_num);
8686
} else if (flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) {
87-
memcpy(iv->nonce, ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE);
87+
memcpy(iv->nonce, ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE);
8888
}
8989
iv->lblk_num = cpu_to_le64(lblk_num);
9090
}

fs/crypto/fscrypt_private.h

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@
1818

1919
#define CONST_STRLEN(str) (sizeof(str) - 1)
2020

21-
#define FS_KEY_DERIVATION_NONCE_SIZE 16
21+
#define FSCRYPT_FILE_NONCE_SIZE 16
2222

23-
#define FSCRYPT_MIN_KEY_SIZE 16
23+
#define FSCRYPT_MIN_KEY_SIZE 16
2424

2525
#define FSCRYPT_CONTEXT_V1 1
2626
#define FSCRYPT_CONTEXT_V2 2
@@ -31,7 +31,7 @@ struct fscrypt_context_v1 {
3131
u8 filenames_encryption_mode;
3232
u8 flags;
3333
u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
34-
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
34+
u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
3535
};
3636

3737
struct fscrypt_context_v2 {
@@ -41,7 +41,7 @@ struct fscrypt_context_v2 {
4141
u8 flags;
4242
u8 __reserved[4];
4343
u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
44-
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
44+
u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
4545
};
4646

4747
/*
@@ -244,7 +244,7 @@ struct fscrypt_info {
244244
union fscrypt_policy ci_policy;
245245

246246
/* This inode's nonce, copied from the fscrypt_context */
247-
u8 ci_nonce[FS_KEY_DERIVATION_NONCE_SIZE];
247+
u8 ci_nonce[FSCRYPT_FILE_NONCE_SIZE];
248248

249249
/* Hashed inode number. Only set for IV_INO_LBLK_32 */
250250
u32 ci_hashed_ino;
@@ -280,7 +280,7 @@ union fscrypt_iv {
280280
__le64 lblk_num;
281281

282282
/* per-file nonce; only set in DIRECT_KEY mode */
283-
u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE];
283+
u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
284284
};
285285
u8 raw[FSCRYPT_MAX_IV_SIZE];
286286
__le64 dun[FSCRYPT_MAX_IV_SIZE / sizeof(__le64)];

fs/crypto/keysetup.c

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
211211
int err;
212212

213213
err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_DIRHASH_KEY,
214-
ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE,
214+
ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
215215
(u8 *)&ci->ci_dirhash_key,
216216
sizeof(ci->ci_dirhash_key));
217217
if (err)
@@ -292,8 +292,7 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,
292292

293293
err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf,
294294
HKDF_CONTEXT_PER_FILE_ENC_KEY,
295-
ci->ci_nonce,
296-
FS_KEY_DERIVATION_NONCE_SIZE,
295+
ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
297296
derived_key, ci->ci_mode->keysize);
298297
if (err)
299298
return err;
@@ -498,7 +497,7 @@ int fscrypt_get_encryption_info(struct inode *inode)
498497
}
499498

500499
memcpy(crypt_info->ci_nonce, fscrypt_context_nonce(&ctx),
501-
FS_KEY_DERIVATION_NONCE_SIZE);
500+
FSCRYPT_FILE_NONCE_SIZE);
502501

503502
if (!fscrypt_supported_policy(&crypt_info->ci_policy, inode)) {
504503
res = -EINVAL;

fs/crypto/keysetup_v1.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ static DEFINE_SPINLOCK(fscrypt_direct_keys_lock);
4545
* key is longer, then only the first 'derived_keysize' bytes are used.
4646
*/
4747
static int derive_key_aes(const u8 *master_key,
48-
const u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE],
48+
const u8 nonce[FSCRYPT_FILE_NONCE_SIZE],
4949
u8 *derived_key, unsigned int derived_keysize)
5050
{
5151
int res = 0;
@@ -68,7 +68,7 @@ static int derive_key_aes(const u8 *master_key,
6868
skcipher_request_set_callback(req,
6969
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
7070
crypto_req_done, &wait);
71-
res = crypto_skcipher_setkey(tfm, nonce, FS_KEY_DERIVATION_NONCE_SIZE);
71+
res = crypto_skcipher_setkey(tfm, nonce, FSCRYPT_FILE_NONCE_SIZE);
7272
if (res < 0)
7373
goto out;
7474

fs/crypto/policy.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -529,7 +529,7 @@ int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
529529
if (!fscrypt_context_is_valid(&ctx, ret))
530530
return -EINVAL;
531531
if (copy_to_user(arg, fscrypt_context_nonce(&ctx),
532-
FS_KEY_DERIVATION_NONCE_SIZE))
532+
FSCRYPT_FILE_NONCE_SIZE))
533533
return -EFAULT;
534534
return 0;
535535
}

0 commit comments

Comments
 (0)