diff options
Diffstat (limited to 'ubifs-utils')
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.c | 2 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/crypto.h | 1 | ||||
| -rw-r--r-- | ubifs-utils/mkfs.ubifs/fscrypt.c | 9 | 
3 files changed, 10 insertions, 2 deletions
| diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index f7b5135..bd32737 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -281,10 +281,12 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key,  static struct cipher ciphers[] = {  	{  		.name = "AES-128-CBC", +		.key_length = 16,  		.encrypt_block = encrypt_block_aes128_cbc,  		.encrypt_fname = encrypt_aes128_cbc_cts,  	}, {  		.name = "AES-256-XTS", +		.key_length = 64,  		.encrypt_block = encrypt_block_aes256_xts,  		.encrypt_fname = encrypt_aes256_cbc_cts,  	} diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index b6a1e00..7fb2d3b 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -28,6 +28,7 @@  struct cipher {  	const char *name; +	unsigned int key_length;  	ssize_t (*encrypt_block)(const void *plaintext, size_t size,  				 const void *key, uint64_t block_index, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 68001e1..6d1fa4b 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -188,7 +188,7 @@ static int parse_key_descriptor(const char *desc, __u8 *dst)  	return 0;  } -static int load_master_key(const char *key_file) +static int load_master_key(const char *key_file, struct cipher *fsc)  {  	int kf;  	ssize_t keysize; @@ -208,6 +208,11 @@ static int load_master_key(const char *key_file)  		err_msg("loading key from '%s': file is empty", key_file);  		goto fail;  	} +	if (keysize < fsc->key_length) { +		err_msg("key '%s' is too short (at least %u bytes required)", +			key_file, fsc->key_length); +		goto fail; +	}  	close(kf);  	return 0; @@ -237,7 +242,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name,  	if (parse_key_descriptor(key_descriptor, master_key_descriptor))  		return NULL; -	if (load_master_key(key_file)) +	if (load_master_key(key_file, fscrypt_cipher))  		return NULL;  	RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); | 
