Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1252cc3b authored by Roberto Sassu's avatar Roberto Sassu Committed by Mimi Zohar
Browse files

eCryptfs: added support for the encrypted key type 



The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.

Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
Acked-by: default avatarGianluca Ramunno <ramunno@polito.it>
Acked-by: default avatarTyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 79a73d18

fs/ecryptfs/ecryptfs_kernel.h

+39 −2
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ 
#define ECRYPTFS_KERNEL_H



#include <keys/user-type.h>

#include <keys/encrypted-type.h>

#include <linux/fs.h>

#include <linux/fs_stack.h>

#include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context { 
	} param;

};



#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)

static inline struct ecryptfs_auth_tok *

ecryptfs_get_encrypted_key_payload_data(struct key *key)

{

	if (key->type == &key_type_encrypted)

		return (struct ecryptfs_auth_tok *)

			(&((struct encrypted_key_payload *)key->payload.data)->payload_data);

	else

		return NULL;

}



static inline struct key *ecryptfs_get_encrypted_key(char *sig)

{

	return request_key(&key_type_encrypted, sig, NULL);

}



#else

static inline struct ecryptfs_auth_tok *

ecryptfs_get_encrypted_key_payload_data(struct key *key)

{

	return NULL;

}



static inline struct key *ecryptfs_get_encrypted_key(char *sig)

{

	return ERR_PTR(-ENOKEY);

}



#endif /* CONFIG_ENCRYPTED_KEYS */



static inline struct ecryptfs_auth_tok *

ecryptfs_get_key_payload_data(struct key *key)

{

	struct ecryptfs_auth_tok *auth_tok;



	auth_tok = ecryptfs_get_encrypted_key_payload_data(key);

	if (!auth_tok)

		return (struct ecryptfs_auth_tok *)

			(((struct user_key_payload *)key->payload.data)->data);

	else

		return auth_tok;

}



#define ECRYPTFS_MAX_KEYSET_SIZE 1024

fs/ecryptfs/keystore.c

+8 −5
Original line number Diff line number Diff line
@@ -1634,6 +1634,8 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, 
	int rc = 0;



	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);

	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {

		(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);

		if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {

			printk(KERN_ERR "Could not find key with description: [%s]\n",

			      sig);
@@ -1641,6 +1643,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, 
			(*auth_tok_key) = NULL;

			goto out;

		}

	}

	down_write(&(*auth_tok_key)->sem);

	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);

	if (rc) {