diff options
| author | Nathan Huckleberry <nhuck@google.com> | 2022-05-20 18:15:01 +0000 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-06-10 16:40:18 +0800 |
| commit | 6b2a51ff03bf0c54cbc699ee85a9a49eb203ebfc (patch) | |
| tree | 8110bcd6c9baaedb35a031ae2529b2e47fa74269 /fs/crypto/fscrypt_private.h | |
| parent | 9d2c0b485c46c7c5f781067c60300def5d1365cb (diff) | |
| download | lwn-6b2a51ff03bf0c54cbc699ee85a9a49eb203ebfc.tar.gz lwn-6b2a51ff03bf0c54cbc699ee85a9a49eb203ebfc.zip | |
fscrypt: Add HCTR2 support for filename encryption
HCTR2 is a tweakable, length-preserving encryption mode that is intended
for use on CPUs with dedicated crypto instructions. HCTR2 has the
property that a bitflip in the plaintext changes the entire ciphertext.
This property fixes a known weakness with filename encryption: when two
filenames in the same directory share a prefix of >= 16 bytes, with
AES-CTS-CBC their encrypted filenames share a common substring, leaking
information. HCTR2 does not have this problem.
More information on HCTR2 can be found here: "Length-preserving
encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdf
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'fs/crypto/fscrypt_private.h')
| -rw-r--r-- | fs/crypto/fscrypt_private.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 6b4c8094cc7b..f5be777d8279 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -31,7 +31,7 @@ #define FSCRYPT_CONTEXT_V2 2 /* Keep this in sync with include/uapi/linux/fscrypt.h */ -#define FSCRYPT_MODE_MAX FSCRYPT_MODE_ADIANTUM +#define FSCRYPT_MODE_MAX FSCRYPT_MODE_AES_256_HCTR2 struct fscrypt_context_v1 { u8 version; /* FSCRYPT_CONTEXT_V1 */ |