android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
978,520 Commits 2 Branches 0 Tags 2.3 GiB
C 97.8%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
68ac723fb1
Go to file
Eric Biggers 68ac723fb1 fscrypt: allow 256-bit master keys with AES-256-XTS 
[ Upstream commit 7f595d6a6cdc336834552069a2e0a4f6d4756ddf ]

fscrypt currently requires a 512-bit master key when AES-256-XTS is
used, since AES-256-XTS keys are 512-bit and fscrypt requires that the
master key be at least as long any key that will be derived from it.

However, this is overly strict because AES-256-XTS doesn't actually have
a 512-bit security strength, but rather 256-bit.  The fact that XTS
takes twice the expected key size is a quirk of the XTS mode.  It is
sufficient to use 256 bits of entropy for AES-256-XTS, provided that it
is first properly expanded into a 512-bit key, which HKDF-SHA512 does.

Therefore, relax the check of the master key size to use the security
strength of the derived key rather than the size of the derived key
(except for v1 encryption policies, which don't use HKDF).

Besides making things more flexible for userspace, this is needed in
order for the use of a KDF which only takes a 256-bit key to be
introduced into the fscrypt key hierarchy.  This will happen with
hardware-wrapped keys support, as all known hardware which supports that
feature uses an SP800-108 KDF using AES-256-CMAC, so the wrapped keys
are wrapped 256-bit AES keys.  Moreover, there is interest in fscrypt
supporting the same type of AES-256-CMAC based KDF in software as an
alternative to HKDF-SHA512.  There is no security problem with such
features, so fix the key length check to work properly with them.

Reviewed-by: Paul Crowley <paulcrowley@google.com>
Link: https://lore.kernel.org/r/20210921030303.5598-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 14:03:54 +01:00
arch x86: Increase exception stack sizes 2021-11-18 14:03:53 +01:00
block block: schedule queue restart after BLK_STS_ZONE_RESOURCE 2021-11-18 14:03:43 +01:00
certs certs: Trigger creation of RSA module signing key if it's not an RSA key 2021-09-15 09:50:29 +02:00
crypto crypto: sm2 - fix a memory leak in sm2 2021-07-14 16:56:06 +02:00
Documentation fscrypt: allow 256-bit master keys with AES-256-XTS 2021-11-18 14:03:54 +01:00
drivers mwifiex: Properly initialize private structure on interface type changes 2021-11-18 14:03:54 +01:00
fs fscrypt: allow 256-bit master keys with AES-256-XTS 2021-11-18 14:03:54 +01:00
include net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 14:03:53 +01:00
init sched/core: Initialize the idle task with preemption disabled 2021-07-14 16:55:50 +02:00
ipc ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry 2021-05-26 12:06:54 +02:00
kernel rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop 2021-11-18 14:03:53 +01:00
lib treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm mm: khugepaged: skip huge page collapse for special files 2021-11-06 14:10:09 +01:00
net net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 14:03:53 +01:00
samples samples: bpf: Fix tracex7 error raised on the missing argument 2021-09-18 13:40:23 +02:00
scripts gcc-plugins/structleak: add makefile var for disabling structleak 2021-10-27 09:56:54 +02:00
security smackfs: Fix use-after-free in netlbl_catmap_walk() 2021-11-18 14:03:53 +01:00
sound ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume 2021-11-18 14:03:49 +01:00
tools fcnal-test: kill hanging ping/nettest binaries on cleanup 2021-11-18 14:03:42 +01:00
usr Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
virt KVM: do not shrink halt_poll_ns below grow_start 2021-10-09 14:40:58 +02:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS f2fs: move ioctl interface definitions to separated file 2021-05-19 10:13:00 +02:00
Makefile Linux 5.10.79 2021-11-12 14:58:35 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.