diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2015-05-01 16:56:50 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2015-05-01 16:56:50 -0400 |
| commit | a44cd7a05496d60fd2ba8cca080e3db8f481549b (patch) | |
| tree | dd8d05d845817e4a429804d8ffe09dd68b6881e6 /fs/ext4/crypto_key.c | |
| parent | 5de0b4d0cd153c471640b13aae6ae6d18d0a4603 (diff) | |
ext4 crypto: add padding to filenames before encrypting
This obscures the length of the filenames, to decrease the amount of
information leakage. By default, we pad the filenames to the next 4
byte boundaries. This costs nothing, since the directory entries are
aligned to 4 byte boundaries anyway. Filenames can also be padded to
8, 16, or 32 bytes, which will consume more directory space.
Change-Id: Ibb7a0fb76d2c48e2061240a709358ff40b14f322
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/ext4/crypto_key.c')
| -rw-r--r-- | fs/ext4/crypto_key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c index c8392af8abbb..52170d0b7c40 100644 --- a/fs/ext4/crypto_key.c +++ b/fs/ext4/crypto_key.c | |||
| @@ -110,6 +110,7 @@ int ext4_generate_encryption_key(struct inode *inode) | |||
| 110 | } | 110 | } |
| 111 | res = 0; | 111 | res = 0; |
| 112 | 112 | ||
| 113 | ei->i_crypt_policy_flags = ctx.flags; | ||
| 113 | if (S_ISREG(inode->i_mode)) | 114 | if (S_ISREG(inode->i_mode)) |
| 114 | crypt_key->mode = ctx.contents_encryption_mode; | 115 | crypt_key->mode = ctx.contents_encryption_mode; |
| 115 | else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) | 116 | else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) |