@@ -281,10 +281,12 @@ ssize_t derive_key_aes(const void *deriving_key, const void *source_key,
static struct cipher ciphers[] = {
{
.name = "AES-128-CBC",
+ .key_length = 16,
.encrypt_block = encrypt_block_aes128_cbc,
.encrypt_fname = encrypt_aes128_cbc_cts,
}, {
.name = "AES-256-XTS",
+ .key_length = 64,
.encrypt_block = encrypt_block_aes256_xts,
.encrypt_fname = encrypt_aes256_cbc_cts,
}
@@ -28,6 +28,7 @@
struct cipher {
const char *name;
+ unsigned int key_length;
ssize_t (*encrypt_block)(const void *plaintext, size_t size,
const void *key, uint64_t block_index,
@@ -188,7 +188,7 @@ static int parse_key_descriptor(const char *desc, __u8 *dst)
return 0;
}
-static int load_master_key(const char *key_file)
+static int load_master_key(const char *key_file, struct cipher *fsc)
{
int kf;
ssize_t keysize;
@@ -208,6 +208,11 @@ static int load_master_key(const char *key_file)
err_msg("loading key from '%s': file is empty", key_file);
goto fail;
}
+ if (keysize < fsc->key_length) {
+ err_msg("key '%s' is too short (at least %u bytes required)",
+ key_file, fsc->key_length);
+ goto fail;
+ }
close(kf);
return 0;
@@ -237,7 +242,7 @@ struct fscrypt_context *init_fscrypt_context(const char *cipher_name,
if (parse_key_descriptor(key_descriptor, master_key_descriptor))
return NULL;
- if (load_master_key(key_file))
+ if (load_master_key(key_file, fscrypt_cipher))
return NULL;
RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE);