fscrypto: improved validation when loading inode encryption metadata

- Validate fscrypt_context.format and fscrypt_context.flags.  If
  unrecognized values are set, then the kernel may not know how to
  interpret the encrypted file, so it should fail the operation.

- Validate that AES_256_XTS is used for contents and that AES_256_CTS is
  used for filenames.  It was previously possible for the kernel to
  accept these reversed, though it would have taken manual editing of
  the block device.  This was not intended.

- Fail cleanly rather than BUG()-ing if a file has an unexpected type.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

1 files changed, 0 insertions, 24 deletions

diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h
index cfa6cde25f8e..00813c2a8495 100644
--- a/include/linux/fscrypto.h
+++ b/include/linux/fscrypto.h
@@ -111,23 +111,6 @@ struct fscrypt_completion_result {
 	struct fscrypt_completion_result ecr = { \
 		COMPLETION_INITIALIZER((ecr).completion), 0 }
 
-static inline int fscrypt_key_size(int mode)
-{
-	switch (mode) {
-	case FS_ENCRYPTION_MODE_AES_256_XTS:
-		return FS_AES_256_XTS_KEY_SIZE;
-	case FS_ENCRYPTION_MODE_AES_256_GCM:
-		return FS_AES_256_GCM_KEY_SIZE;
-	case FS_ENCRYPTION_MODE_AES_256_CBC:
-		return FS_AES_256_CBC_KEY_SIZE;
-	case FS_ENCRYPTION_MODE_AES_256_CTS:
-		return FS_AES_256_CTS_KEY_SIZE;
-	default:
-		BUG();
-	}
-	return 0;
-}
-
 #define FS_FNAME_NUM_SCATTER_ENTRIES	4
 #define FS_CRYPTO_BLOCK_SIZE		16
 #define FS_FNAME_CRYPTO_DIGEST_SIZE	32
@@ -202,13 +185,6 @@ static inline bool fscrypt_valid_filenames_enc_mode(u32 mode)
 	return (mode == FS_ENCRYPTION_MODE_AES_256_CTS);
 }
 
-static inline u32 fscrypt_validate_encryption_key_size(u32 mode, u32 size)
-{
-	if (size == fscrypt_key_size(mode))
-		return size;
-	return 0;
-}
-
 static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
 {
 	if (str->len == 1 && str->name[0] == '.')