diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2015-04-16 01:56:00 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2015-04-16 01:56:00 -0400 |
| commit | 6ddb2447846a8ece111e316a2863c2355023682d (patch) | |
| tree | e56b2d3100baf35e7d99d79ff411c28bf8c5f4c2 /fs/ext4/crypto_key.c | |
| parent | f348c252320b98e11176074fe04223f22bddaf0d (diff) | |
ext4 crypto: enable encryption feature flag
Also add the test dummy encryption mode flag so we can more easily
test the encryption patches using xfstests.
Signed-off-by: Michael Halcrow <mhalcrow@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/ext4/crypto_key.c')
| -rw-r--r-- | fs/ext4/crypto_key.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c index 572bd97f58dd..c8392af8abbb 100644 --- a/fs/ext4/crypto_key.c +++ b/fs/ext4/crypto_key.c | |||
| @@ -98,6 +98,7 @@ int ext4_generate_encryption_key(struct inode *inode) | |||
| 98 | struct ext4_encryption_key *master_key; | 98 | struct ext4_encryption_key *master_key; |
| 99 | struct ext4_encryption_context ctx; | 99 | struct ext4_encryption_context ctx; |
| 100 | struct user_key_payload *ukp; | 100 | struct user_key_payload *ukp; |
| 101 | struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); | ||
| 101 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | 102 | int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, |
| 102 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, | 103 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, |
| 103 | &ctx, sizeof(ctx)); | 104 | &ctx, sizeof(ctx)); |
| @@ -109,6 +110,20 @@ int ext4_generate_encryption_key(struct inode *inode) | |||
| 109 | } | 110 | } |
| 110 | res = 0; | 111 | res = 0; |
| 111 | 112 | ||
| 113 | if (S_ISREG(inode->i_mode)) | ||
| 114 | crypt_key->mode = ctx.contents_encryption_mode; | ||
| 115 | else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) | ||
| 116 | crypt_key->mode = ctx.filenames_encryption_mode; | ||
| 117 | else { | ||
| 118 | printk(KERN_ERR "ext4 crypto: Unsupported inode type.\n"); | ||
| 119 | BUG(); | ||
| 120 | } | ||
| 121 | crypt_key->size = ext4_encryption_key_size(crypt_key->mode); | ||
| 122 | BUG_ON(!crypt_key->size); | ||
| 123 | if (DUMMY_ENCRYPTION_ENABLED(sbi)) { | ||
| 124 | memset(crypt_key->raw, 0x42, EXT4_AES_256_XTS_KEY_SIZE); | ||
| 125 | goto out; | ||
| 126 | } | ||
| 112 | memcpy(full_key_descriptor, EXT4_KEY_DESC_PREFIX, | 127 | memcpy(full_key_descriptor, EXT4_KEY_DESC_PREFIX, |
| 113 | EXT4_KEY_DESC_PREFIX_SIZE); | 128 | EXT4_KEY_DESC_PREFIX_SIZE); |
| 114 | sprintf(full_key_descriptor + EXT4_KEY_DESC_PREFIX_SIZE, | 129 | sprintf(full_key_descriptor + EXT4_KEY_DESC_PREFIX_SIZE, |
| @@ -129,21 +144,9 @@ int ext4_generate_encryption_key(struct inode *inode) | |||
| 129 | goto out; | 144 | goto out; |
| 130 | } | 145 | } |
| 131 | master_key = (struct ext4_encryption_key *)ukp->data; | 146 | master_key = (struct ext4_encryption_key *)ukp->data; |
| 132 | |||
| 133 | if (S_ISREG(inode->i_mode)) | ||
| 134 | crypt_key->mode = ctx.contents_encryption_mode; | ||
| 135 | else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) | ||
| 136 | crypt_key->mode = ctx.filenames_encryption_mode; | ||
| 137 | else { | ||
| 138 | printk(KERN_ERR "ext4 crypto: Unsupported inode type.\n"); | ||
| 139 | BUG(); | ||
| 140 | } | ||
| 141 | crypt_key->size = ext4_encryption_key_size(crypt_key->mode); | ||
| 142 | BUG_ON(!crypt_key->size); | ||
| 143 | BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE != | 147 | BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE != |
| 144 | EXT4_KEY_DERIVATION_NONCE_SIZE); | 148 | EXT4_KEY_DERIVATION_NONCE_SIZE); |
| 145 | BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE); | 149 | BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE); |
| 146 | BUG_ON(crypt_key->size < EXT4_AES_256_CBC_KEY_SIZE); | ||
| 147 | res = ext4_derive_key_aes(ctx.nonce, master_key->raw, crypt_key->raw); | 150 | res = ext4_derive_key_aes(ctx.nonce, master_key->raw, crypt_key->raw); |
| 148 | out: | 151 | out: |
| 149 | if (keyring_key) | 152 | if (keyring_key) |