FROMLIST: fscrypt: use 32 bytes of encrypted filename
If we use only 16 bytes, due to how CBC works, if the names have the
same beginning, their last ciphertext block (16 bytes) may be identical.
It happens when two file names share the first 16k bytes and both have
length withn 16 * n + 13 and 16 * n + 16.
Instead use 32 bytes to build the filenames from encrypted data when
directory is scrambled.
The drawback is the scrambled filenames change after applying the patch.
Consider an encrypted directory with:
ls -il
total 8
1177380 -rw-r--r--. 1 root root 0 Apr 18 12:10
system@framework@boot-telephony-common.art.crc
1177379 -rw-r--r--. 1 root root 0 Apr 18 12:10
system@framework@boot-telephony-common.oat.crc
Once the key is invalidated, without the patch, ls -li produces:
1177379 -rw-r--r--. 1 root root 0 Apr 18 12:10
_a1Psh01n8FdhC8s9pUywlAyFzlz7n6C3
1177379 -rw-r--r--. 1 root root 0 Apr 18 12:10
_wJS,0akq14ehC8s9pUywlAyFzlz7n6C3
Both files show with the same inode.
After the patch, the names are different, but the inode information is
now correct:
ls -li
1177380 -rw-r--r--. 1 root root 0 Apr 18 12:10
_a1Psh01n8FtxbeglW8BqhuthSUxMqh6cFKwz2nSJDXCIXMXOvfqLcD
1177379 -rw-r--r--. 1 root root 0 Apr 18 12:10
_wJS,0akq14eJcuQks7f2Vsg,zE0Jdz98FKwz2nSJDXCIXMXOvfqLcD
Original patch at https://patchwork.kernel.org/patch/9686309/,
move changes from crypto/fname.c to ext4/crypto_fname.c.
BUG=b:37189798
TEST=With same_inode.sh from b/37189798@64, check similar files shows
different inodes and rm -rf is working.
Change-Id: Iaa41967c8287401ae5b87234576bcc8837a33fc1
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/483309
2 files changed
