fscrypt: check for appropriate use of DIRECT_KEY flag earlier

FSCRYPT_POLICY_FLAG_DIRECT_KEY is currently only allowed with Adiantum encryption. But FS_IOC_SET_ENCRYPTION_POLICY allowed it in combination with other encryption modes, and an error wasn't reported until later when the encrypted directory was actually used. Fix it to report the error earlier by validating the correct use of the DIRECT_KEY flag in fscrypt_supported_policy(), similar to how we validate the IV_INO_LBLK_64 flag. Link: https://lore.kernel.org/r/20191209211829.239800-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>
author: Eric Biggers <ebiggers@google.com> 2019-12-09 13:18:27 -0800
committer: Eric Biggers <ebiggers@google.com> 2019-12-31 10:33:50 -0600
commit: 85af90e57ce9697d36d479124e0bfffb145e39a4 (patch)
tree: 5082ec8d9d7090a45e40c5a4808b46ac9d8c096b /fs/crypto/fscrypt_private.h
parent: 393a24a7956ce27d110b06bbd1674408ab8f6132 (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index 37c418d23962..41b061cdf06e 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -448,11 +448,7 @@ struct fscrypt_mode {
 	int logged_impl_name;
 };
 
-static inline bool
-fscrypt_mode_supports_direct_key(const struct fscrypt_mode *mode)
-{
-	return mode->ivsize >= offsetofend(union fscrypt_iv, nonce);
-}
+extern struct fscrypt_mode fscrypt_modes[];
 
 extern struct crypto_skcipher *
 fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
author	Eric Biggers <ebiggers@google.com>	2019-12-09 13:18:27 -0800
committer	Eric Biggers <ebiggers@google.com>	2019-12-31 10:33:50 -0600
commit	85af90e57ce9697d36d479124e0bfffb145e39a4 (patch)
tree	5082ec8d9d7090a45e40c5a4808b46ac9d8c096b /fs/crypto/fscrypt_private.h
parent	393a24a7956ce27d110b06bbd1674408ab8f6132 (diff)