static struct cipher ciphers[] = {
{
.name = "AES-128-CBC",
+ .key_length = 16,
.encrypt_block = encrypt_block_aes128_cbc,
.encrypt_fname = encrypt_aes128_cbc_cts,
}, {
.name = "AES-256-XTS",
+ .key_length = 64,
.encrypt_block = encrypt_block_aes256_xts,
.encrypt_fname = encrypt_aes256_cbc_cts,
}
struct cipher {
const char *name;
+ unsigned int key_length;
ssize_t (*encrypt_block)(const void *plaintext, size_t size,
const void *key, uint64_t block_index,
return 0;
}
-static int load_master_key(const char *key_file)
+static int load_master_key(const char *key_file, struct cipher *fsc)
{
int kf;
ssize_t keysize;
err_msg("loading key from '%s': file is empty", key_file);
goto fail;
}
+ if (keysize < fsc->key_length) {
+ err_msg("key '%s' is too short (at least %u bytes required)",
+ key_file, fsc->key_length);
+ goto fail;
+ }
close(kf);
return 0;
if (parse_key_descriptor(key_descriptor, master_key_descriptor))
return NULL;
- if (load_master_key(key_file))
+ if (load_master_key(key_file, fscrypt_cipher))
return NULL;
RAND_bytes((void *)nonce, FS_KEY_DERIVATION_NONCE_SIZE);
projects / mtd-utils.git / commitdiff