From: James Muir <james.muir@graphitesoftware.com>
To: linux-arm-msm@vger.kernel.org
Cc: ecryptfs@vger.kernel.org
Subject: bug: msm8998, ecryptfs, cannot create files due to invalid keysize
Date: Fri, 27 Oct 2017 16:43:12 -0400 [thread overview]
Message-ID: <CAL=R1-=TT+A4cW+y7uNHZrPpK+47pQ_z74ZZzHW=zCgJtBsYOA@mail.gmail.com> (raw)
There were some changes made in the msm linux kernel (msm8998) to add
hw support to ecryptfs.
Unfortunately, those changes break basic ecryptfs usage; e.g.:
maple:/data/local/tmp # dd if=/dev/urandom of=mykey.txt bs=1 count=64
64+0 records in
64+0 records out
64 bytes transferred in 0.003 secs (21333 bytes/sec)
maple:/data/local/tmp # cat mykey.txt | keyctl padd user mykey @us
409613533
maple:/data/local/tmp # keyctl add encrypted 1000000000000000 "new
ecryptfs user:mykey 64" @us
522453367
maple:/data/local/tmp # mkdir Private
maple:/data/local/tmp # mount -t ecryptfs -o
ecryptfs_sig=1000000000000000,ecryptfs_cipher=aes,ecryptfs_key_bytes=32
Private Private maple:/data/local/tmp #
touch Private/foo.txt
touch: 'Private/foo.txt': Invalid argument
It is not possible to create any files inside the ecryptfs mounted directory.
This regression was introduced in the following commit:
https://github.com/sonyxperiadev/kernel/commit/8928f8683bcd0236f5653963deee3bc225fb2206
That commit is also present in aosp (e.g. the Pixel 2 uses the
msm8998; but note that the aosp kernels do not enable ecryptfs).
The msm gerrit id is I453dea289b01bdf49352d5209255966052f5dc1b (sorry
-- I can't seem to find a way to point to the msm gerrit server)
The commit modified several keysize parameters. The problem now is
that an invalid keysize (64 bytes) is passed into an aes setkey
operation (64 is too large). The setkey operation happens in
fs/ecryptfs/keystore.c. The value 64 is a default value set in the
function ecryptfs_fill_auth_tok() in
security/keys/encrypted-keys/ecryptfs_format.c
-James M
next reply other threads:[~2017-10-27 20:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-27 20:43 James Muir [this message]
2017-11-21 15:33 ` bug: msm8998, ecryptfs, cannot create files due to invalid keysize James Muir
2017-11-27 18:04 ` Tyler Hicks
2017-11-28 15:22 ` James Muir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAL=R1-=TT+A4cW+y7uNHZrPpK+47pQ_z74ZZzHW=zCgJtBsYOA@mail.gmail.com' \
--to=james.muir@graphitesoftware.com \
--cc=ecryptfs@vger.kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).