diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-08-04 22:35:44 -0400 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2019-08-12 22:05:19 -0400 |
| commit | 3b6df59bc4d242ac5847592de55d1ff327cd4549 (patch) | |
| tree | 34a904cf036837716404795fe2c7e41172e2b490 /fs/crypto/keyinfo.c | |
| parent | 2336d0deb2d4680349de59d6fbdfc338437be191 (diff) | |
fscrypt: use FSCRYPT_* definitions, not FS_*
Update fs/crypto/ to use the new names for the UAPI constants rather
than the old names, then make the old definitions conditional on
!__KERNEL__.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto/keyinfo.c')
| -rw-r--r-- | fs/crypto/keyinfo.c | 53 |
1 files changed, 27 insertions, 26 deletions
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 212994300233..22345ddede11 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c | |||
| @@ -20,7 +20,7 @@ | |||
| 20 | 20 | ||
| 21 | static struct crypto_shash *essiv_hash_tfm; | 21 | static struct crypto_shash *essiv_hash_tfm; |
| 22 | 22 | ||
| 23 | /* Table of keys referenced by FS_POLICY_FLAG_DIRECT_KEY policies */ | 23 | /* Table of keys referenced by DIRECT_KEY policies */ |
| 24 | static DEFINE_HASHTABLE(fscrypt_master_keys, 6); /* 6 bits = 64 buckets */ | 24 | static DEFINE_HASHTABLE(fscrypt_master_keys, 6); /* 6 bits = 64 buckets */ |
| 25 | static DEFINE_SPINLOCK(fscrypt_master_keys_lock); | 25 | static DEFINE_SPINLOCK(fscrypt_master_keys_lock); |
| 26 | 26 | ||
| @@ -77,7 +77,7 @@ out: | |||
| 77 | */ | 77 | */ |
| 78 | static struct key * | 78 | static struct key * |
| 79 | find_and_lock_process_key(const char *prefix, | 79 | find_and_lock_process_key(const char *prefix, |
| 80 | const u8 descriptor[FS_KEY_DESCRIPTOR_SIZE], | 80 | const u8 descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE], |
| 81 | unsigned int min_keysize, | 81 | unsigned int min_keysize, |
| 82 | const struct fscrypt_key **payload_ret) | 82 | const struct fscrypt_key **payload_ret) |
| 83 | { | 83 | { |
| @@ -87,7 +87,7 @@ find_and_lock_process_key(const char *prefix, | |||
| 87 | const struct fscrypt_key *payload; | 87 | const struct fscrypt_key *payload; |
| 88 | 88 | ||
| 89 | description = kasprintf(GFP_NOFS, "%s%*phN", prefix, | 89 | description = kasprintf(GFP_NOFS, "%s%*phN", prefix, |
| 90 | FS_KEY_DESCRIPTOR_SIZE, descriptor); | 90 | FSCRYPT_KEY_DESCRIPTOR_SIZE, descriptor); |
| 91 | if (!description) | 91 | if (!description) |
| 92 | return ERR_PTR(-ENOMEM); | 92 | return ERR_PTR(-ENOMEM); |
| 93 | 93 | ||
| @@ -105,7 +105,7 @@ find_and_lock_process_key(const char *prefix, | |||
| 105 | payload = (const struct fscrypt_key *)ukp->data; | 105 | payload = (const struct fscrypt_key *)ukp->data; |
| 106 | 106 | ||
| 107 | if (ukp->datalen != sizeof(struct fscrypt_key) || | 107 | if (ukp->datalen != sizeof(struct fscrypt_key) || |
| 108 | payload->size < 1 || payload->size > FS_MAX_KEY_SIZE) { | 108 | payload->size < 1 || payload->size > FSCRYPT_MAX_KEY_SIZE) { |
| 109 | fscrypt_warn(NULL, | 109 | fscrypt_warn(NULL, |
| 110 | "key with description '%s' has invalid payload", | 110 | "key with description '%s' has invalid payload", |
| 111 | key->description); | 111 | key->description); |
| @@ -129,32 +129,32 @@ invalid: | |||
| 129 | } | 129 | } |
| 130 | 130 | ||
| 131 | static struct fscrypt_mode available_modes[] = { | 131 | static struct fscrypt_mode available_modes[] = { |
| 132 | [FS_ENCRYPTION_MODE_AES_256_XTS] = { | 132 | [FSCRYPT_MODE_AES_256_XTS] = { |
| 133 | .friendly_name = "AES-256-XTS", | 133 | .friendly_name = "AES-256-XTS", |
| 134 | .cipher_str = "xts(aes)", | 134 | .cipher_str = "xts(aes)", |
| 135 | .keysize = 64, | 135 | .keysize = 64, |
| 136 | .ivsize = 16, | 136 | .ivsize = 16, |
| 137 | }, | 137 | }, |
| 138 | [FS_ENCRYPTION_MODE_AES_256_CTS] = { | 138 | [FSCRYPT_MODE_AES_256_CTS] = { |
| 139 | .friendly_name = "AES-256-CTS-CBC", | 139 | .friendly_name = "AES-256-CTS-CBC", |
| 140 | .cipher_str = "cts(cbc(aes))", | 140 | .cipher_str = "cts(cbc(aes))", |
| 141 | .keysize = 32, | 141 | .keysize = 32, |
| 142 | .ivsize = 16, | 142 | .ivsize = 16, |
| 143 | }, | 143 | }, |
| 144 | [FS_ENCRYPTION_MODE_AES_128_CBC] = { | 144 | [FSCRYPT_MODE_AES_128_CBC] = { |
| 145 | .friendly_name = "AES-128-CBC", | 145 | .friendly_name = "AES-128-CBC", |
| 146 | .cipher_str = "cbc(aes)", | 146 | .cipher_str = "cbc(aes)", |
| 147 | .keysize = 16, | 147 | .keysize = 16, |
| 148 | .ivsize = 16, | 148 | .ivsize = 16, |
| 149 | .needs_essiv = true, | 149 | .needs_essiv = true, |
| 150 | }, | 150 | }, |
| 151 | [FS_ENCRYPTION_MODE_AES_128_CTS] = { | 151 | [FSCRYPT_MODE_AES_128_CTS] = { |
| 152 | .friendly_name = "AES-128-CTS-CBC", | 152 | .friendly_name = "AES-128-CTS-CBC", |
| 153 | .cipher_str = "cts(cbc(aes))", | 153 | .cipher_str = "cts(cbc(aes))", |
| 154 | .keysize = 16, | 154 | .keysize = 16, |
| 155 | .ivsize = 16, | 155 | .ivsize = 16, |
| 156 | }, | 156 | }, |
| 157 | [FS_ENCRYPTION_MODE_ADIANTUM] = { | 157 | [FSCRYPT_MODE_ADIANTUM] = { |
| 158 | .friendly_name = "Adiantum", | 158 | .friendly_name = "Adiantum", |
| 159 | .cipher_str = "adiantum(xchacha12,aes)", | 159 | .cipher_str = "adiantum(xchacha12,aes)", |
| 160 | .keysize = 32, | 160 | .keysize = 32, |
| @@ -192,7 +192,7 @@ static int find_and_derive_key(const struct inode *inode, | |||
| 192 | const struct fscrypt_key *payload; | 192 | const struct fscrypt_key *payload; |
| 193 | int err; | 193 | int err; |
| 194 | 194 | ||
| 195 | key = find_and_lock_process_key(FS_KEY_DESC_PREFIX, | 195 | key = find_and_lock_process_key(FSCRYPT_KEY_DESC_PREFIX, |
| 196 | ctx->master_key_descriptor, | 196 | ctx->master_key_descriptor, |
| 197 | mode->keysize, &payload); | 197 | mode->keysize, &payload); |
| 198 | if (key == ERR_PTR(-ENOKEY) && inode->i_sb->s_cop->key_prefix) { | 198 | if (key == ERR_PTR(-ENOKEY) && inode->i_sb->s_cop->key_prefix) { |
| @@ -203,7 +203,7 @@ static int find_and_derive_key(const struct inode *inode, | |||
| 203 | if (IS_ERR(key)) | 203 | if (IS_ERR(key)) |
| 204 | return PTR_ERR(key); | 204 | return PTR_ERR(key); |
| 205 | 205 | ||
| 206 | if (ctx->flags & FS_POLICY_FLAG_DIRECT_KEY) { | 206 | if (ctx->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) { |
| 207 | if (mode->ivsize < offsetofend(union fscrypt_iv, nonce)) { | 207 | if (mode->ivsize < offsetofend(union fscrypt_iv, nonce)) { |
| 208 | fscrypt_warn(inode, | 208 | fscrypt_warn(inode, |
| 209 | "Direct key mode not allowed with %s", | 209 | "Direct key mode not allowed with %s", |
| @@ -272,14 +272,14 @@ err_free_tfm: | |||
| 272 | return ERR_PTR(err); | 272 | return ERR_PTR(err); |
| 273 | } | 273 | } |
| 274 | 274 | ||
| 275 | /* Master key referenced by FS_POLICY_FLAG_DIRECT_KEY policy */ | 275 | /* Master key referenced by DIRECT_KEY policy */ |
| 276 | struct fscrypt_master_key { | 276 | struct fscrypt_master_key { |
| 277 | struct hlist_node mk_node; | 277 | struct hlist_node mk_node; |
| 278 | refcount_t mk_refcount; | 278 | refcount_t mk_refcount; |
| 279 | const struct fscrypt_mode *mk_mode; | 279 | const struct fscrypt_mode *mk_mode; |
| 280 | struct crypto_skcipher *mk_ctfm; | 280 | struct crypto_skcipher *mk_ctfm; |
| 281 | u8 mk_descriptor[FS_KEY_DESCRIPTOR_SIZE]; | 281 | u8 mk_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE]; |
| 282 | u8 mk_raw[FS_MAX_KEY_SIZE]; | 282 | u8 mk_raw[FSCRYPT_MAX_KEY_SIZE]; |
| 283 | }; | 283 | }; |
| 284 | 284 | ||
| 285 | static void free_master_key(struct fscrypt_master_key *mk) | 285 | static void free_master_key(struct fscrypt_master_key *mk) |
| @@ -320,13 +320,13 @@ find_or_insert_master_key(struct fscrypt_master_key *to_insert, | |||
| 320 | * raw key, and use crypto_memneq() when comparing raw keys. | 320 | * raw key, and use crypto_memneq() when comparing raw keys. |
| 321 | */ | 321 | */ |
| 322 | 322 | ||
| 323 | BUILD_BUG_ON(sizeof(hash_key) > FS_KEY_DESCRIPTOR_SIZE); | 323 | BUILD_BUG_ON(sizeof(hash_key) > FSCRYPT_KEY_DESCRIPTOR_SIZE); |
| 324 | memcpy(&hash_key, ci->ci_master_key_descriptor, sizeof(hash_key)); | 324 | memcpy(&hash_key, ci->ci_master_key_descriptor, sizeof(hash_key)); |
| 325 | 325 | ||
| 326 | spin_lock(&fscrypt_master_keys_lock); | 326 | spin_lock(&fscrypt_master_keys_lock); |
| 327 | hash_for_each_possible(fscrypt_master_keys, mk, mk_node, hash_key) { | 327 | hash_for_each_possible(fscrypt_master_keys, mk, mk_node, hash_key) { |
| 328 | if (memcmp(ci->ci_master_key_descriptor, mk->mk_descriptor, | 328 | if (memcmp(ci->ci_master_key_descriptor, mk->mk_descriptor, |
| 329 | FS_KEY_DESCRIPTOR_SIZE) != 0) | 329 | FSCRYPT_KEY_DESCRIPTOR_SIZE) != 0) |
| 330 | continue; | 330 | continue; |
| 331 | if (mode != mk->mk_mode) | 331 | if (mode != mk->mk_mode) |
| 332 | continue; | 332 | continue; |
| @@ -370,7 +370,7 @@ fscrypt_get_master_key(const struct fscrypt_info *ci, struct fscrypt_mode *mode, | |||
| 370 | goto err_free_mk; | 370 | goto err_free_mk; |
| 371 | } | 371 | } |
| 372 | memcpy(mk->mk_descriptor, ci->ci_master_key_descriptor, | 372 | memcpy(mk->mk_descriptor, ci->ci_master_key_descriptor, |
| 373 | FS_KEY_DESCRIPTOR_SIZE); | 373 | FSCRYPT_KEY_DESCRIPTOR_SIZE); |
| 374 | memcpy(mk->mk_raw, raw_key, mode->keysize); | 374 | memcpy(mk->mk_raw, raw_key, mode->keysize); |
| 375 | 375 | ||
| 376 | return find_or_insert_master_key(mk, raw_key, mode, ci); | 376 | return find_or_insert_master_key(mk, raw_key, mode, ci); |
| @@ -448,8 +448,8 @@ out: | |||
| 448 | 448 | ||
| 449 | /* | 449 | /* |
| 450 | * Given the encryption mode and key (normally the derived key, but for | 450 | * Given the encryption mode and key (normally the derived key, but for |
| 451 | * FS_POLICY_FLAG_DIRECT_KEY mode it's the master key), set up the inode's | 451 | * DIRECT_KEY mode it's the master key), set up the inode's symmetric cipher |
| 452 | * symmetric cipher transform object(s). | 452 | * transform object(s). |
| 453 | */ | 453 | */ |
| 454 | static int setup_crypto_transform(struct fscrypt_info *ci, | 454 | static int setup_crypto_transform(struct fscrypt_info *ci, |
| 455 | struct fscrypt_mode *mode, | 455 | struct fscrypt_mode *mode, |
| @@ -459,7 +459,7 @@ static int setup_crypto_transform(struct fscrypt_info *ci, | |||
| 459 | struct crypto_skcipher *ctfm; | 459 | struct crypto_skcipher *ctfm; |
| 460 | int err; | 460 | int err; |
| 461 | 461 | ||
| 462 | if (ci->ci_flags & FS_POLICY_FLAG_DIRECT_KEY) { | 462 | if (ci->ci_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) { |
| 463 | mk = fscrypt_get_master_key(ci, mode, raw_key, inode); | 463 | mk = fscrypt_get_master_key(ci, mode, raw_key, inode); |
| 464 | if (IS_ERR(mk)) | 464 | if (IS_ERR(mk)) |
| 465 | return PTR_ERR(mk); | 465 | return PTR_ERR(mk); |
| @@ -476,7 +476,7 @@ static int setup_crypto_transform(struct fscrypt_info *ci, | |||
| 476 | if (mode->needs_essiv) { | 476 | if (mode->needs_essiv) { |
| 477 | /* ESSIV implies 16-byte IVs which implies !DIRECT_KEY */ | 477 | /* ESSIV implies 16-byte IVs which implies !DIRECT_KEY */ |
| 478 | WARN_ON(mode->ivsize != AES_BLOCK_SIZE); | 478 | WARN_ON(mode->ivsize != AES_BLOCK_SIZE); |
| 479 | WARN_ON(ci->ci_flags & FS_POLICY_FLAG_DIRECT_KEY); | 479 | WARN_ON(ci->ci_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY); |
| 480 | 480 | ||
| 481 | err = init_essiv_generator(ci, raw_key, mode->keysize); | 481 | err = init_essiv_generator(ci, raw_key, mode->keysize); |
| 482 | if (err) { | 482 | if (err) { |
| @@ -530,9 +530,10 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
| 530 | /* Fake up a context for an unencrypted directory */ | 530 | /* Fake up a context for an unencrypted directory */ |
| 531 | memset(&ctx, 0, sizeof(ctx)); | 531 | memset(&ctx, 0, sizeof(ctx)); |
| 532 | ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; | 532 | ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; |
| 533 | ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; | 533 | ctx.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; |
| 534 | ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; | 534 | ctx.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; |
| 535 | memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); | 535 | memset(ctx.master_key_descriptor, 0x42, |
| 536 | FSCRYPT_KEY_DESCRIPTOR_SIZE); | ||
| 536 | } else if (res != sizeof(ctx)) { | 537 | } else if (res != sizeof(ctx)) { |
| 537 | fscrypt_warn(inode, | 538 | fscrypt_warn(inode, |
| 538 | "Unknown encryption context size (%d bytes)", res); | 539 | "Unknown encryption context size (%d bytes)", res); |
| @@ -545,7 +546,7 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
| 545 | return -EINVAL; | 546 | return -EINVAL; |
| 546 | } | 547 | } |
| 547 | 548 | ||
| 548 | if (ctx.flags & ~FS_POLICY_FLAGS_VALID) { | 549 | if (ctx.flags & ~FSCRYPT_POLICY_FLAGS_VALID) { |
| 549 | fscrypt_warn(inode, "Unknown encryption context flags (0x%02x)", | 550 | fscrypt_warn(inode, "Unknown encryption context flags (0x%02x)", |
| 550 | ctx.flags); | 551 | ctx.flags); |
| 551 | return -EINVAL; | 552 | return -EINVAL; |
| @@ -559,7 +560,7 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
| 559 | crypt_info->ci_data_mode = ctx.contents_encryption_mode; | 560 | crypt_info->ci_data_mode = ctx.contents_encryption_mode; |
| 560 | crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; | 561 | crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; |
| 561 | memcpy(crypt_info->ci_master_key_descriptor, ctx.master_key_descriptor, | 562 | memcpy(crypt_info->ci_master_key_descriptor, ctx.master_key_descriptor, |
| 562 | FS_KEY_DESCRIPTOR_SIZE); | 563 | FSCRYPT_KEY_DESCRIPTOR_SIZE); |
| 563 | memcpy(crypt_info->ci_nonce, ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); | 564 | memcpy(crypt_info->ci_nonce, ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); |
| 564 | 565 | ||
| 565 | mode = select_encryption_mode(crypt_info, inode); | 566 | mode = select_encryption_mode(crypt_info, inode); |