aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ubifs-utils/mkfs.ubifs/crypto.c2
-rw-r--r--ubifs-utils/mkfs.ubifs/crypto.h1
-rw-r--r--ubifs-utils/mkfs.ubifs/fscrypt.c9
3 files changed, 10 insertions, 2 deletions
diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index f7b5135..bd32737 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -281,10 +281,12 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key,
static struct cipher ciphers[] = {
{
.name = "AES-128-CBC",
+ .key_length = 16,
.encrypt_block = encrypt_block_aes128_cbc,
.encrypt_fname = encrypt_aes128_cbc_cts,
}, {
.name = "AES-256-XTS",
+ .key_length = 64,
.encrypt_block = encrypt_block_aes256_xts,
.encrypt_fname = encrypt_aes256_cbc_cts,
}
diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h
index b6a1e00..7fb2d3b 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.h
+++ b/ubifs-utils/mkfs.ubifs/crypto.h
@@ -28,6 +28,7 @@
struct cipher {
const char *name;
+ unsigned int key_length;
ssize_t (*encrypt_block)(const void *plaintext, size_t size,
const void *key, uint64_t block_index,
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c
index 68001e1..6d1fa4b 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.c
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.c
@@ -188,7 +188,7 @@ static int parse_key_descriptor(const char *desc, __u8 *dst)
return 0;
}
-static int load_master_key(const char *key_file)
+static int load_master_key(const char *key_file, struct cipher *fsc)
{
int kf;
ssize_t keysize;
@@ -208,6 +208,11 @@ static int load_master_key(const char *key_file)
err_msg("loading key from '%s': file is empty", key_file);
goto fail;
}
+ if (keysize < fsc->key_length) {
+ err_msg("key '%s' is too short (at least %u bytes required)",
+ key_file, fsc->key_length);
+ goto fail;
+ }
close(kf);
return 0;
@@ -237,7 +242,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name,
if (parse_key_descriptor(key_descriptor, master_key_descriptor))
return NULL;
- if (load_master_key(key_file))
+ if (load_master_key(key_file, fscrypt_cipher))
return NULL;
RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE);