aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2006-10-31 01:07:16 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-10-31 11:07:00 -0500
commite5d9cbde6ce0001e49994df5fcdcbeff8be8037b (patch)
treeaadfbeae4d48c56a0ca6e9612e87d7340dc3b1a1
parent4a279ff1ea1cf325775ada983035123fcdc8e986 (diff)
[PATCH] eCryptfs: Clean up crypto initialization
Clean up the crypto initialization code; let the crypto API take care of the key size checks. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/ecryptfs/crypto.c66
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h4
-rw-r--r--fs/ecryptfs/keystore.c19
-rw-r--r--fs/ecryptfs/main.c13
4 files changed, 24 insertions, 78 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index ed35a9712fa1..82e7d02cefae 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1573,35 +1573,26 @@ out:
1573 1573
1574/** 1574/**
1575 * ecryptfs_process_cipher - Perform cipher initialization. 1575 * ecryptfs_process_cipher - Perform cipher initialization.
1576 * @tfm: Crypto context set by this function
1577 * @key_tfm: Crypto context for key material, set by this function 1576 * @key_tfm: Crypto context for key material, set by this function
1578 * @cipher_name: Name of the cipher. 1577 * @cipher_name: Name of the cipher
1579 * @key_size: Size of the key in bytes. 1578 * @key_size: Size of the key in bytes
1580 * 1579 *
1581 * Returns zero on success. Any crypto_tfm structs allocated here 1580 * Returns zero on success. Any crypto_tfm structs allocated here
1582 * should be released by other functions, such as on a superblock put 1581 * should be released by other functions, such as on a superblock put
1583 * event, regardless of whether this function succeeds for fails. 1582 * event, regardless of whether this function succeeds for fails.
1584 */ 1583 */
1585int 1584int
1586ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, 1585ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name,
1587 char *cipher_name, size_t key_size) 1586 size_t *key_size)
1588{ 1587{
1589 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1588 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1590 int rc; 1589 int rc;
1591 1590
1592 *tfm = *key_tfm = NULL; 1591 *key_tfm = NULL;
1593 if (key_size > ECRYPTFS_MAX_KEY_BYTES) { 1592 if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
1594 rc = -EINVAL; 1593 rc = -EINVAL;
1595 printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " 1594 printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum "
1596 "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES); 1595 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1597 goto out;
1598 }
1599 *tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE
1600 | CRYPTO_TFM_REQ_WEAK_KEY));
1601 if (!(*tfm)) {
1602 rc = -EINVAL;
1603 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1604 "[%s]\n", cipher_name);
1605 goto out; 1596 goto out;
1606 } 1597 }
1607 *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); 1598 *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY);
@@ -1611,46 +1602,13 @@ ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm,
1611 "[%s]\n", cipher_name); 1602 "[%s]\n", cipher_name);
1612 goto out; 1603 goto out;
1613 } 1604 }
1614 if (key_size < crypto_tfm_alg_min_keysize(*tfm)) { 1605 if (*key_size == 0)
1615 rc = -EINVAL; 1606 *key_size = crypto_tfm_alg_max_keysize(*key_tfm);
1616 printk(KERN_ERR "Request key size is [%Zd]; minimum key size " 1607 get_random_bytes(dummy_key, *key_size);
1617 "supported by cipher [%s] is [%d]\n", key_size, 1608 rc = crypto_cipher_setkey(*key_tfm, dummy_key, *key_size);
1618 cipher_name, crypto_tfm_alg_min_keysize(*tfm));
1619 goto out;
1620 }
1621 if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) {
1622 rc = -EINVAL;
1623 printk(KERN_ERR "Request key size is [%Zd]; minimum key size "
1624 "supported by cipher [%s] is [%d]\n", key_size,
1625 cipher_name, crypto_tfm_alg_min_keysize(*key_tfm));
1626 goto out;
1627 }
1628 if (key_size > crypto_tfm_alg_max_keysize(*tfm)) {
1629 rc = -EINVAL;
1630 printk(KERN_ERR "Request key size is [%Zd]; maximum key size "
1631 "supported by cipher [%s] is [%d]\n", key_size,
1632 cipher_name, crypto_tfm_alg_min_keysize(*tfm));
1633 goto out;
1634 }
1635 if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) {
1636 rc = -EINVAL;
1637 printk(KERN_ERR "Request key size is [%Zd]; maximum key size "
1638 "supported by cipher [%s] is [%d]\n", key_size,
1639 cipher_name, crypto_tfm_alg_min_keysize(*key_tfm));
1640 goto out;
1641 }
1642 get_random_bytes(dummy_key, key_size);
1643 rc = crypto_cipher_setkey(*tfm, dummy_key, key_size);
1644 if (rc) {
1645 printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
1646 "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc);
1647 rc = -EINVAL;
1648 goto out;
1649 }
1650 rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size);
1651 if (rc) { 1609 if (rc) {
1652 printk(KERN_ERR "Error attempting to set key of size [%Zd] for " 1610 printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
1653 "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); 1611 "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc);
1654 rc = -EINVAL; 1612 rc = -EINVAL;
1655 goto out; 1613 goto out;
1656 } 1614 }
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 872c9958531a..4112df9dec50 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -473,8 +473,8 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
473 unsigned char *src, struct dentry *ecryptfs_dentry); 473 unsigned char *src, struct dentry *ecryptfs_dentry);
474int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); 474int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
475int 475int
476ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, 476ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name,
477 char *cipher_name, size_t key_size); 477 size_t *key_size);
478int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); 478int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
479int ecryptfs_inode_set(struct inode *inode, void *lower_inode); 479int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
480void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); 480void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index ba454785a0c5..bc706d33559a 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -493,19 +493,16 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
493 goto out; 493 goto out;
494 } 494 }
495 } 495 }
496 if (password_s_ptr->session_key_encryption_key_bytes
497 < crypto_tfm_alg_min_keysize(tfm)) {
498 printk(KERN_WARNING "Session key encryption key is [%d] bytes; "
499 "minimum keysize for selected cipher is [%d] bytes.\n",
500 password_s_ptr->session_key_encryption_key_bytes,
501 crypto_tfm_alg_min_keysize(tfm));
502 rc = -EINVAL;
503 goto out;
504 }
505 if (tfm_mutex) 496 if (tfm_mutex)
506 mutex_lock(tfm_mutex); 497 mutex_lock(tfm_mutex);
507 crypto_cipher_setkey(tfm, password_s_ptr->session_key_encryption_key, 498 rc = crypto_cipher_setkey(tfm,
508 crypt_stat->key_size); 499 password_s_ptr->session_key_encryption_key,
500 crypt_stat->key_size);
501 if (rc < 0) {
502 printk(KERN_ERR "Error setting key for crypto context\n");
503 rc = -EINVAL;
504 goto out_free_tfm;
505 }
509 /* TODO: virt_to_scatterlist */ 506 /* TODO: virt_to_scatterlist */
510 encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); 507 encrypted_session_key = (char *)__get_free_page(GFP_KERNEL);
511 if (!encrypted_session_key) { 508 if (!encrypted_session_key) {
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 5938a232d11b..a65f4865182c 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -208,7 +208,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
208 char *cipher_name_dst; 208 char *cipher_name_dst;
209 char *cipher_name_src; 209 char *cipher_name_src;
210 char *cipher_key_bytes_src; 210 char *cipher_key_bytes_src;
211 struct crypto_tfm *tmp_tfm;
212 int cipher_name_len; 211 int cipher_name_len;
213 212
214 if (!options) { 213 if (!options) {
@@ -305,20 +304,12 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
305 = '\0'; 304 = '\0';
306 } 305 }
307 if (!cipher_key_bytes_set) { 306 if (!cipher_key_bytes_set) {
308 mount_crypt_stat->global_default_cipher_key_size = 307 mount_crypt_stat->global_default_cipher_key_size = 0;
309 ECRYPTFS_DEFAULT_KEY_BYTES;
310 ecryptfs_printk(KERN_DEBUG, "Cipher key size was not "
311 "specified. Defaulting to [%d]\n",
312 mount_crypt_stat->
313 global_default_cipher_key_size);
314 } 308 }
315 rc = ecryptfs_process_cipher( 309 rc = ecryptfs_process_cipher(
316 &tmp_tfm,
317 &mount_crypt_stat->global_key_tfm, 310 &mount_crypt_stat->global_key_tfm,
318 mount_crypt_stat->global_default_cipher_name, 311 mount_crypt_stat->global_default_cipher_name,
319 mount_crypt_stat->global_default_cipher_key_size); 312 &mount_crypt_stat->global_default_cipher_key_size);
320 if (tmp_tfm)
321 crypto_free_tfm(tmp_tfm);
322 if (rc) { 313 if (rc) {
323 printk(KERN_ERR "Error attempting to initialize cipher [%s] " 314 printk(KERN_ERR "Error attempting to initialize cipher [%s] "
324 "with key size [%Zd] bytes; rc = [%d]\n", 315 "with key size [%Zd] bytes; rc = [%d]\n",