fscrypt: don't allow v1 policies with casefolding - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Daniel Rosenberg <drosen@google.com>	2020-01-20 14:31:56 -0800
committer	Eric Biggers <ebiggers@google.com>	2020-01-22 14:47:15 -0800
commit	6e1918cfb263acacd3fc9239127732b69de64695 (patch)
tree	f568fcd5fbed7df8ff441c664f18be933593ebd7 /usr
parent	1b3b827ee5230a73c8ed1b2cd8d53b4bd001268b (diff)
download	linux-6e1918cfb263acacd3fc9239127732b69de64695.tar.bz2

fscrypt: don't allow v1 policies with casefolding

Casefolded encrypted directories will use a new dirhash method that requires a secret key. If the directory uses a v2 encryption policy, it's easy to derive this key from the master key using HKDF. However, v1 encryption policies don't provide a way to derive additional keys. Therefore, don't allow casefolding on directories that use a v1 policy. Specifically, make it so that trying to enable casefolding on a directory that has a v1 policy fails, trying to set a v1 policy on a casefolded directory fails, and trying to open a casefolded directory that has a v1 policy (if one somehow exists on-disk) fails. Signed-off-by: Daniel Rosenberg <drosen@google.com> [EB: improved commit message, updated fscrypt.rst, and other cleanups] Link: https://lore.kernel.org/r/20200120223201.241390-2-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>

Diffstat (limited to 'usr')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: