From: David Oberhollenzer <david.oberhollenzer@xxxxxxxxxxxxx> Signed-off-by: David Oberhollenzer <david.oberhollenzer@xxxxxxxxxxxxx> Signed-off-by: Richard Weinberger <richard@xxxxxx> --- ubifs-utils/mkfs.ubifs/crypto.c | 2 ++ ubifs-utils/mkfs.ubifs/crypto.h | 1 + ubifs-utils/mkfs.ubifs/fscrypt.c | 9 +++++++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c index f7b51357c04a..bd3273767a5b 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.c +++ b/ubifs-utils/mkfs.ubifs/crypto.c @@ -281,10 +281,12 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key, static struct cipher ciphers[] = { { .name = "AES-128-CBC", + .key_length = 16, .encrypt_block = encrypt_block_aes128_cbc, .encrypt_fname = encrypt_aes128_cbc_cts, }, { .name = "AES-256-XTS", + .key_length = 64, .encrypt_block = encrypt_block_aes256_xts, .encrypt_fname = encrypt_aes256_cbc_cts, } diff --git a/ubifs-utils/mkfs.ubifs/crypto.h b/ubifs-utils/mkfs.ubifs/crypto.h index b6a1e004f46d..7fb2d3b8d005 100644 --- a/ubifs-utils/mkfs.ubifs/crypto.h +++ b/ubifs-utils/mkfs.ubifs/crypto.h @@ -28,6 +28,7 @@ struct cipher { const char *name; + unsigned int key_length; ssize_t (*encrypt_block)(const void *plaintext, size_t size, const void *key, uint64_t block_index, diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c index 68001e1d88f4..6d1fa4ba9d3f 100644 --- a/ubifs-utils/mkfs.ubifs/fscrypt.c +++ b/ubifs-utils/mkfs.ubifs/fscrypt.c @@ -188,7 +188,7 @@ static int parse_key_descriptor(const char *desc, __u8 *dst) return 0; } -static int load_master_key(const char *key_file) +static int load_master_key(const char *key_file, struct cipher *fsc) { int kf; ssize_t keysize; @@ -208,6 +208,11 @@ static int load_master_key(const char *key_file) err_msg("loading key from '%s': file is empty", key_file); goto fail; } + if (keysize < fsc->key_length) { + err_msg("key '%s' is too short (at least %u bytes required)", + key_file, fsc->key_length); + goto fail; + } close(kf); return 0; @@ -237,7 +242,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name, if (parse_key_descriptor(key_descriptor, master_key_descriptor)) return NULL; - if (load_master_key(key_file)) + if (load_master_key(key_file, fscrypt_cipher)) return NULL; RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE); -- 2.19.1 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/