2fc2b430f5
Typically, the cryptographic APIs that fscrypt uses take keys as byte arrays, which avoids endianness issues. However, siphash_key_t is an exception. It is defined as 'u64 key[2];', i.e. the 128-bit key is expected to be given directly as two 64-bit words in CPU endianness. fscrypt_derive_dirhash_key() and fscrypt_setup_iv_ino_lblk_32_key() forgot to take this into account. Therefore, the SipHash keys used to index encrypted+casefolded directories differ on big endian vs. little endian platforms, as do the SipHash keys used to hash inode numbers for IV_INO_LBLK_32-encrypted directories. This makes such directories non-portable between these platforms. Fix this by always using the little endian order. This is a breaking change for big endian platforms, but this should be fine in practice since these features (encrypt+casefold support, and the IV_INO_LBLK_32 flag) aren't known to actually be used on any big endian platforms yet. Fixes: |
||
---|---|---|
.. | ||
bio.c | ||
crypto.c | ||
fname.c | ||
fscrypt_private.h | ||
hkdf.c | ||
hooks.c | ||
inline_crypt.c | ||
Kconfig | ||
keyring.c | ||
keysetup_v1.c | ||
keysetup.c | ||
Makefile | ||
policy.c |