b7e7cf7a66
fscrypt provides facilities to use different encryption algorithms which are selectable by userspace when setting the encryption policy. Currently, only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are implemented. This is a clear case of kernel offers the mechanism and userspace selects a policy. Similar to what dm-crypt and ecryptfs have. This patch adds support for using AES-128-CBC for file contents and AES-128-CBC-CTS for file name encryption. To mitigate watermarking attacks, IVs are generated using the ESSIV algorithm. While AES-CBC is actually slightly less secure than AES-XTS from a security point of view, there is more widespread hardware support. Using AES-CBC gives us the acceptable performance while still providing a moderate level of security for persistent storage. Especially low-powered embedded devices with crypto accelerators such as CAAM or CESA often only support AES-CBC. Since using AES-CBC over AES-XTS is basically thought of a last resort, we use AES-128-CBC over AES-256-CBC since it has less encryption rounds and yields noticeable better performance starting from a file size of just a few kB. Signed-off-by: Daniel Walter <dwalter@sigma-star.at> [david@sigma-star.at: addressed review comments] Signed-off-by: David Gstir <david@sigma-star.at> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
17 lines
442 B
Plaintext
17 lines
442 B
Plaintext
config FS_ENCRYPTION
|
|
tristate "FS Encryption (Per-file encryption)"
|
|
select CRYPTO
|
|
select CRYPTO_AES
|
|
select CRYPTO_CBC
|
|
select CRYPTO_ECB
|
|
select CRYPTO_XTS
|
|
select CRYPTO_CTS
|
|
select CRYPTO_CTR
|
|
select CRYPTO_SHA256
|
|
select KEYS
|
|
help
|
|
Enable encryption of files and directories. This
|
|
feature is similar to ecryptfs, but it is more memory
|
|
efficient since it avoids caching the encrypted and
|
|
decrypted pages in the page cache.
|