common/encrypt: support verifying ciphertext of IV_INO_LBLK_64 policies
authorEric Biggers <ebiggers@google.com>
Mon, 2 Dec 2019 23:01:54 +0000 (15:01 -0800)
committerEryu Guan <guaneryu@gmail.com>
Fri, 3 Jan 2020 08:33:45 +0000 (16:33 +0800)
commita5d24c8bdf9446a71b5456449b8d74783a0ec032
tree0c5730a397ab37ada1df74fdca1c64081e759c6a
parent799d6b506df73e60d7f942b716aa25fee3fda97a
common/encrypt: support verifying ciphertext of IV_INO_LBLK_64 policies

Update _verify_ciphertext_for_encryption_policy() to support encryption
policies with the IV_INO_LBLK_64 flag set.

This flag modifies the encryption to include the inode number in the IVs
and to use a key derived from the tuple [master_key, fs_uuid, mode_num].
Since the file nonce is *not* included in this key derivation, multiple
files can use the same key.

This flag is supported by v2 encryption policies only -- not by v1.

Signed-off-by: Eric Biggers <ebiggers@google.com>
common/encrypt
src/fscrypt-crypt-util.c