From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 15 Dec 2016 17:22:41 -0500
Subject: [PATCH] ext4_crypt: pad filenames to 32 bytes, not 16 or 4

This is done in a way that's backwards compatible with old installations
by leaving them with the previous padding settings until factory reset.
---
 ext4_utils/ext4_crypt.cpp | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp
index 95b67a1c..35bd1663 100644
--- a/ext4_utils/ext4_crypt.cpp
+++ b/ext4_utils/ext4_crypt.cpp
@@ -135,7 +135,7 @@ static bool is_dir_empty(const char *dirname, bool *is_empty)
     return true;
 }
 
-static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
+static uint8_t e4crypt_get_policy_flags_old(int filenames_encryption_mode) {
     if (filenames_encryption_mode == EXT4_ENCRYPTION_MODE_AES_256_CTS) {
         // Use legacy padding with our original filenames encryption mode.
         return EXT4_POLICY_FLAGS_PAD_4;
@@ -152,6 +152,15 @@ static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
     return EXT4_POLICY_FLAGS_PAD_16;
 }
 
+static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
+    return EXT4_POLICY_FLAGS_PAD_32;
+}
+
+static bool e4crypt_policy_check(const char *directory, const char *policy,
+                                 size_t policy_length,
+                                 int contents_encryption_mode,
+                                 int filenames_encryption_mode);
+
 static bool e4crypt_policy_set(const char *directory, const char *policy,
                                size_t policy_length,
                                int contents_encryption_mode,
@@ -170,6 +179,14 @@ static bool e4crypt_policy_set(const char *directory, const char *policy,
     }
 
     ext4_encryption_policy eep;
+    memset(&eep, 0, sizeof(ext4_encryption_policy));
+
+    if (ioctl(fd, EXT4_IOC_GET_ENCRYPTION_POLICY, &eep) == 0) {
+        close(fd);
+        return e4crypt_policy_check(directory, policy, policy_length,
+                                    contents_encryption_mode, filenames_encryption_mode);
+    }
+
     eep.version = 0;
     eep.contents_encryption_mode = contents_encryption_mode;
     eep.filenames_encryption_mode = filenames_encryption_mode;
@@ -217,7 +234,9 @@ static bool e4crypt_policy_get(const char *directory, char *policy,
             || (eep.contents_encryption_mode != contents_encryption_mode)
             || (eep.filenames_encryption_mode != filenames_encryption_mode)
             || (eep.flags !=
-                e4crypt_get_policy_flags(filenames_encryption_mode))) {
+                e4crypt_get_policy_flags(filenames_encryption_mode) &&
+                eep.flags !=
+                e4crypt_get_policy_flags_old(filenames_encryption_mode))) {
         LOG(ERROR) << "Failed to find matching encryption policy for " << directory;
         return false;
     }