diff options
author | Michael Halcrow <mhalcrow@us.ibm.com> | 2006-10-31 01:07:16 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-10-31 11:07:00 -0500 |
commit | e5d9cbde6ce0001e49994df5fcdcbeff8be8037b (patch) | |
tree | aadfbeae4d48c56a0ca6e9612e87d7340dc3b1a1 | |
parent | 4a279ff1ea1cf325775ada983035123fcdc8e986 (diff) |
[PATCH] eCryptfs: Clean up crypto initialization
Clean up the crypto initialization code; let the crypto API take care of the
key size checks.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/ecryptfs/crypto.c | 66 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 4 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 19 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 13 |
4 files changed, 24 insertions, 78 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index ed35a9712fa1..82e7d02cefae 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -1573,35 +1573,26 @@ out: | |||
1573 | 1573 | ||
1574 | /** | 1574 | /** |
1575 | * ecryptfs_process_cipher - Perform cipher initialization. | 1575 | * ecryptfs_process_cipher - Perform cipher initialization. |
1576 | * @tfm: Crypto context set by this function | ||
1577 | * @key_tfm: Crypto context for key material, set by this function | 1576 | * @key_tfm: Crypto context for key material, set by this function |
1578 | * @cipher_name: Name of the cipher. | 1577 | * @cipher_name: Name of the cipher |
1579 | * @key_size: Size of the key in bytes. | 1578 | * @key_size: Size of the key in bytes |
1580 | * | 1579 | * |
1581 | * Returns zero on success. Any crypto_tfm structs allocated here | 1580 | * Returns zero on success. Any crypto_tfm structs allocated here |
1582 | * should be released by other functions, such as on a superblock put | 1581 | * should be released by other functions, such as on a superblock put |
1583 | * event, regardless of whether this function succeeds for fails. | 1582 | * event, regardless of whether this function succeeds for fails. |
1584 | */ | 1583 | */ |
1585 | int | 1584 | int |
1586 | ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | 1585 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, |
1587 | char *cipher_name, size_t key_size) | 1586 | size_t *key_size) |
1588 | { | 1587 | { |
1589 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; | 1588 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; |
1590 | int rc; | 1589 | int rc; |
1591 | 1590 | ||
1592 | *tfm = *key_tfm = NULL; | 1591 | *key_tfm = NULL; |
1593 | if (key_size > ECRYPTFS_MAX_KEY_BYTES) { | 1592 | if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { |
1594 | rc = -EINVAL; | 1593 | rc = -EINVAL; |
1595 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " | 1594 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " |
1596 | "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES); | 1595 | "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); |
1597 | goto out; | ||
1598 | } | ||
1599 | *tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE | ||
1600 | | CRYPTO_TFM_REQ_WEAK_KEY)); | ||
1601 | if (!(*tfm)) { | ||
1602 | rc = -EINVAL; | ||
1603 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | ||
1604 | "[%s]\n", cipher_name); | ||
1605 | goto out; | 1596 | goto out; |
1606 | } | 1597 | } |
1607 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); | 1598 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); |
@@ -1611,46 +1602,13 @@ ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | |||
1611 | "[%s]\n", cipher_name); | 1602 | "[%s]\n", cipher_name); |
1612 | goto out; | 1603 | goto out; |
1613 | } | 1604 | } |
1614 | if (key_size < crypto_tfm_alg_min_keysize(*tfm)) { | 1605 | if (*key_size == 0) |
1615 | rc = -EINVAL; | 1606 | *key_size = crypto_tfm_alg_max_keysize(*key_tfm); |
1616 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | 1607 | get_random_bytes(dummy_key, *key_size); |
1617 | "supported by cipher [%s] is [%d]\n", key_size, | 1608 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, *key_size); |
1618 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
1619 | goto out; | ||
1620 | } | ||
1621 | if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) { | ||
1622 | rc = -EINVAL; | ||
1623 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | ||
1624 | "supported by cipher [%s] is [%d]\n", key_size, | ||
1625 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
1626 | goto out; | ||
1627 | } | ||
1628 | if (key_size > crypto_tfm_alg_max_keysize(*tfm)) { | ||
1629 | rc = -EINVAL; | ||
1630 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
1631 | "supported by cipher [%s] is [%d]\n", key_size, | ||
1632 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
1633 | goto out; | ||
1634 | } | ||
1635 | if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) { | ||
1636 | rc = -EINVAL; | ||
1637 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
1638 | "supported by cipher [%s] is [%d]\n", key_size, | ||
1639 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
1640 | goto out; | ||
1641 | } | ||
1642 | get_random_bytes(dummy_key, key_size); | ||
1643 | rc = crypto_cipher_setkey(*tfm, dummy_key, key_size); | ||
1644 | if (rc) { | ||
1645 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | ||
1646 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | ||
1647 | rc = -EINVAL; | ||
1648 | goto out; | ||
1649 | } | ||
1650 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size); | ||
1651 | if (rc) { | 1609 | if (rc) { |
1652 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | 1610 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " |
1653 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | 1611 | "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); |
1654 | rc = -EINVAL; | 1612 | rc = -EINVAL; |
1655 | goto out; | 1613 | goto out; |
1656 | } | 1614 | } |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 872c9958531a..4112df9dec50 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -473,8 +473,8 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
473 | unsigned char *src, struct dentry *ecryptfs_dentry); | 473 | unsigned char *src, struct dentry *ecryptfs_dentry); |
474 | int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); | 474 | int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); |
475 | int | 475 | int |
476 | ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | 476 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, |
477 | char *cipher_name, size_t key_size); | 477 | size_t *key_size); |
478 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); | 478 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); |
479 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); | 479 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); |
480 | void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); | 480 | void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index ba454785a0c5..bc706d33559a 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -493,19 +493,16 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
493 | goto out; | 493 | goto out; |
494 | } | 494 | } |
495 | } | 495 | } |
496 | if (password_s_ptr->session_key_encryption_key_bytes | ||
497 | < crypto_tfm_alg_min_keysize(tfm)) { | ||
498 | printk(KERN_WARNING "Session key encryption key is [%d] bytes; " | ||
499 | "minimum keysize for selected cipher is [%d] bytes.\n", | ||
500 | password_s_ptr->session_key_encryption_key_bytes, | ||
501 | crypto_tfm_alg_min_keysize(tfm)); | ||
502 | rc = -EINVAL; | ||
503 | goto out; | ||
504 | } | ||
505 | if (tfm_mutex) | 496 | if (tfm_mutex) |
506 | mutex_lock(tfm_mutex); | 497 | mutex_lock(tfm_mutex); |
507 | crypto_cipher_setkey(tfm, password_s_ptr->session_key_encryption_key, | 498 | rc = crypto_cipher_setkey(tfm, |
508 | crypt_stat->key_size); | 499 | password_s_ptr->session_key_encryption_key, |
500 | crypt_stat->key_size); | ||
501 | if (rc < 0) { | ||
502 | printk(KERN_ERR "Error setting key for crypto context\n"); | ||
503 | rc = -EINVAL; | ||
504 | goto out_free_tfm; | ||
505 | } | ||
509 | /* TODO: virt_to_scatterlist */ | 506 | /* TODO: virt_to_scatterlist */ |
510 | encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); | 507 | encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); |
511 | if (!encrypted_session_key) { | 508 | if (!encrypted_session_key) { |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 5938a232d11b..a65f4865182c 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -208,7 +208,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
208 | char *cipher_name_dst; | 208 | char *cipher_name_dst; |
209 | char *cipher_name_src; | 209 | char *cipher_name_src; |
210 | char *cipher_key_bytes_src; | 210 | char *cipher_key_bytes_src; |
211 | struct crypto_tfm *tmp_tfm; | ||
212 | int cipher_name_len; | 211 | int cipher_name_len; |
213 | 212 | ||
214 | if (!options) { | 213 | if (!options) { |
@@ -305,20 +304,12 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
305 | = '\0'; | 304 | = '\0'; |
306 | } | 305 | } |
307 | if (!cipher_key_bytes_set) { | 306 | if (!cipher_key_bytes_set) { |
308 | mount_crypt_stat->global_default_cipher_key_size = | 307 | mount_crypt_stat->global_default_cipher_key_size = 0; |
309 | ECRYPTFS_DEFAULT_KEY_BYTES; | ||
310 | ecryptfs_printk(KERN_DEBUG, "Cipher key size was not " | ||
311 | "specified. Defaulting to [%d]\n", | ||
312 | mount_crypt_stat-> | ||
313 | global_default_cipher_key_size); | ||
314 | } | 308 | } |
315 | rc = ecryptfs_process_cipher( | 309 | rc = ecryptfs_process_cipher( |
316 | &tmp_tfm, | ||
317 | &mount_crypt_stat->global_key_tfm, | 310 | &mount_crypt_stat->global_key_tfm, |
318 | mount_crypt_stat->global_default_cipher_name, | 311 | mount_crypt_stat->global_default_cipher_name, |
319 | mount_crypt_stat->global_default_cipher_key_size); | 312 | &mount_crypt_stat->global_default_cipher_key_size); |
320 | if (tmp_tfm) | ||
321 | crypto_free_tfm(tmp_tfm); | ||
322 | if (rc) { | 313 | if (rc) { |
323 | printk(KERN_ERR "Error attempting to initialize cipher [%s] " | 314 | printk(KERN_ERR "Error attempting to initialize cipher [%s] " |
324 | "with key size [%Zd] bytes; rc = [%d]\n", | 315 | "with key size [%Zd] bytes; rc = [%d]\n", |