From: Theodore Ts'o <tytso@mit.edu>
Date: Mon, 6 Apr 2015 00:39:57 +0000 (-0400)
Subject: Change filename encryption to use CTS mode
X-Git-Tag: v1.43-WIP-2015-05-18~48
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=f7257a93f965703afafffff826eebf9ef70612e5;p=tools%2Fe2fsprogs.git

Change filename encryption to use CTS mode

Previously we were using a weird hybrid CBC/CTS.  Switch things so we
are using straight CTS; this corresponds to changes made in the latest
ext4 encryption patches.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---

diff --git a/lib/ext2fs/ext2_fs.h b/lib/ext2fs/ext2_fs.h
index 9f069e2..586b5b4 100644
--- a/lib/ext2fs/ext2_fs.h
+++ b/lib/ext2fs/ext2_fs.h
@@ -570,10 +570,12 @@ struct ext2_inode_large {
 #define EXT4_ENCRYPTION_MODE_AES_256_XTS	1
 #define EXT4_ENCRYPTION_MODE_AES_256_GCM	2
 #define EXT4_ENCRYPTION_MODE_AES_256_CBC	3
+#define EXT4_ENCRYPTION_MODE_AES_256_CTS	4
 
 #define EXT4_AES_256_XTS_KEY_SIZE		64
 #define EXT4_AES_256_GCM_KEY_SIZE		32
 #define EXT4_AES_256_CBC_KEY_SIZE		32
+#define EXT4_AES_256_CTS_KEY_SIZE		32
 #define EXT4_MAX_KEY_SIZE			64
 
 #define EXT4_KEY_DESCRIPTOR_SIZE		8
diff --git a/misc/e4crypt.c b/misc/e4crypt.c
index 1e75079..5bceba5 100644
--- a/misc/e4crypt.c
+++ b/misc/e4crypt.c
@@ -92,7 +92,7 @@ static const size_t hexchars_size = 16;
 #define EXT2FS_KEY_DESC_PREFIX "ext4:"
 #define EXT2FS_KEY_DESC_PREFIX_SIZE 5
 
-#define EXT4_IOC_ENCRYPTION_POLICY      _IOW('f', 19, struct ext4_encryption_policy)
+#define EXT4_IOC_SET_ENCRYPTION_POLICY      _IOR('f', 19, struct ext4_encryption_policy)
 
 static void validate_paths(int argc, char *argv[], int path_start_index)
 {
@@ -346,10 +346,10 @@ static void set_policy(struct salt *set_salt,
 		policy.contents_encryption_mode =
 			EXT4_ENCRYPTION_MODE_AES_256_XTS;
 		policy.filenames_encryption_mode =
-			EXT4_ENCRYPTION_MODE_AES_256_CBC;
+			EXT4_ENCRYPTION_MODE_AES_256_CTS;
 		memcpy(policy.master_key_descriptor, salt->key_desc,
 		       EXT4_KEY_DESCRIPTOR_SIZE);
-		rc = ioctl(fd, EXT4_IOC_ENCRYPTION_POLICY, &policy);
+		rc = ioctl(fd, EXT4_IOC_SET_ENCRYPTION_POLICY, &policy);
 		close(fd);
 		if (rc) {
 			printf("Error [%s] setting policy.\nThe key descriptor "
diff --git a/misc/mke2fs.c b/misc/mke2fs.c
index ec450ad..6883103 100644
--- a/misc/mke2fs.c
+++ b/misc/mke2fs.c
@@ -2917,7 +2917,7 @@ int main (int argc, char *argv[])
 		fs->super->s_encrypt_algos[0] =
 			EXT4_ENCRYPTION_MODE_AES_256_XTS;
 		fs->super->s_encrypt_algos[1] =
-			EXT4_ENCRYPTION_MODE_AES_256_CBC;
+			EXT4_ENCRYPTION_MODE_AES_256_CTS;
 	}
 
 	if (EXT2_HAS_RO_COMPAT_FEATURE(fs->super,