ext4 crypto: add padding to filenames before encrypting

This obscures the length of the filenames, to decrease the amount of information leakage. By default, we pad the filenames to the next 4 byte boundaries. This costs nothing, since the directory entries are aligned to 4 byte boundaries anyway. Filenames can also be padded to 8, 16, or 32 bytes, which will consume more directory space. Change-Id: Ibb7a0fb76d2c48e2061240a709358ff40b14f322 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
author: Theodore Ts'o <tytso@mit.edu> 2015-05-01 16:56:50 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2015-05-01 16:56:50 -0400
commit: a44cd7a05496d60fd2ba8cca080e3db8f481549b (patch)
tree: dd8d05d845817e4a429804d8ffe09dd68b6881e6 /fs/ext4/ext4.h
parent: 5de0b4d0cd153c471640b13aae6ae6d18d0a4603 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index dfb113816672..bca1bdc67725 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -911,6 +911,7 @@ struct ext4_inode_info {
        /* on-disk additional length */
        __u16 i_extra_isize;
+        char i_crypt_policy_flags;
        /* Indicate the inline data space. */
        u16 i_inline_off;
author	Theodore Ts'o <tytso@mit.edu>	2015-05-01 16:56:50 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2015-05-01 16:56:50 -0400
commit	a44cd7a05496d60fd2ba8cca080e3db8f481549b (patch)
tree	dd8d05d845817e4a429804d8ffe09dd68b6881e6 /fs/ext4/ext4.h
parent	5de0b4d0cd153c471640b13aae6ae6d18d0a4603 (diff)

diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index dfb113816672..bca1bdc67725 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h
@@ -911,6 +911,7 @@ struct ext4_inode_info {
911		911
912	/* on-disk additional length */	912	/* on-disk additional length */
913	__u16 i_extra_isize;	913	__u16 i_extra_isize;
		914	char i_crypt_policy_flags;
914		915
915	/* Indicate the inline data space. */	916	/* Indicate the inline data space. */
916	u16 i_inline_off;	917	u16 i_inline_off;