diff options
author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2018-10-18 16:37:06 +0200 |
---|---|---|
committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2018-11-01 12:41:03 +0100 |
commit | b9829c7e5b4a0c4e693a79fd0da36fa37e3e1a1a (patch) | |
tree | 8ae2538dead26b79eebce5d6395a59b2dff1e472 /ubifs-utils/mkfs.ubifs | |
parent | 8db55980484ed8820530001fc4a58885adf1d213 (diff) |
mkfs.ubifs: Check length of master key
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'ubifs-utils/mkfs.ubifs')
-rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.c | 2 | ||||
-rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.h | 1 | ||||
-rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.c | 9 |
3 files changed, 10 insertions, 2 deletions
diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index f7b5135..bd32737 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -281,10 +281,12 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key, static struct cipher ciphers[] = { { .name = "AES-128-CBC", + .key_length = 16, .encrypt_block = encrypt_block_aes128_cbc, .encrypt_fname = encrypt_aes128_cbc_cts, }, { .name = "AES-256-XTS", + .key_length = 64, .encrypt_block = encrypt_block_aes256_xts, .encrypt_fname = encrypt_aes256_cbc_cts, } diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index b6a1e00..7fb2d3b 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -28,6 +28,7 @@ struct cipher { const char *name; + unsigned int key_length; ssize_t (*encrypt_block)(const void *plaintext, size_t size, const void *key, uint64_t block_index, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 68001e1..6d1fa4b 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -188,7 +188,7 @@ static int parse_key_descriptor(const char *desc, __u8 *dst) return 0; } -static int load_master_key(const char *key_file) +static int load_master_key(const char *key_file, struct cipher *fsc) { int kf; ssize_t keysize; @@ -208,6 +208,11 @@ static int load_master_key(const char *key_file) err_msg("loading key from '%s': file is empty", key_file); goto fail; } + if (keysize < fsc->key_length) { + err_msg("key '%s' is too short (at least %u bytes required)", + key_file, fsc->key_length); + goto fail; + } close(kf); return 0; @@ -237,7 +242,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, if (parse_key_descriptor(key_descriptor, master_key_descriptor)) return NULL; - if (load_master_key(key_file)) + if (load_master_key(key_file, fscrypt_cipher)) return NULL; RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); |