lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon,  6 Jul 2020 21:47:25 +0200
From:   Florian Schmaus <>
Cc:     Florian Schmaus <>
Subject: [PATCH 1/3] e4crypt: if salt is explicitly provided to add_key, then use it

Providing -S and a path to 'add_key' previously exhibit an unintuitive
behavior: instead of using the salt explicitly provided by the user,
e4crypt would use the salt obtained via EXT4_IOC_GET_ENCRYPTION_PWSALT
on the path. This was because set_policy() was still called with NULL
as salt.

With this change we now remember the explicitly provided salt (if any)
and use it as argument for set_policy().


e4crypt add_key -S s:my-spicy-salt /foo

will now actually use 'my-spicy-salt' and not something else as salt
for the policy set on /foo.

Signed-off-by: Florian Schmaus <>
 misc/ | 4 +++-
 misc/e4crypt.c    | 8 +++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/misc/ b/misc/
index 75b968a0..32fbd444 100644
--- a/misc/
+++ b/misc/
@@ -48,7 +48,9 @@ values are 4, 8, 16, and 32.
 If one or more directory paths are specified, e4crypt will try to
 set the policy of those directories to use the key just added by the
 .B add_key
+command.  If a salt was explicitly specified, then it will be used
+by the policy of those directories.  Otherwise a directory-specific
+default salt will be used.
 .B e4crypt get_policy \fIpath\fR ...
 Print the policy for the directories specified on the command line.
diff --git a/misc/e4crypt.c b/misc/e4crypt.c
index 2ae6254a..c82c6f8f 100644
--- a/misc/e4crypt.c
+++ b/misc/e4crypt.c
@@ -652,6 +652,7 @@ static void do_help(int argc, char **argv, const struct cmd_desc *cmd);
 static void do_add_key(int argc, char **argv, const struct cmd_desc *cmd)
 	struct salt *salt;
+	struct salt *explicit_salt = NULL;
 	char *keyring = NULL;
 	int i, opt, pad = 4;
 	unsigned j;
@@ -666,8 +667,13 @@ static void do_add_key(int argc, char **argv, const struct cmd_desc *cmd)
 			pad = atoi(optarg);
 		case 'S':
+			if (explicit_salt) {
+				fputs("May only provide -S once\n", stderr);
+				exit(1);
+			}
 			/* Salt value for passphrase. */
 			parse_salt(optarg, 0);
+			explicit_salt = salt_list;
 		case 'v':
 			options |= OPT_VERBOSE;
@@ -703,7 +709,7 @@ static void do_add_key(int argc, char **argv, const struct cmd_desc *cmd)
 		insert_key_into_keyring(keyring, salt);
 	if (optind != argc)
-		set_policy(NULL, pad, argc, argv, optind);
+		set_policy(explicit_salt, pad, argc, argv, optind);

Powered by blists - more mailing lists