aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTyler Hicks <tyhicks@linux.vnet.ibm.com>2009-08-21 05:27:46 -0400
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>2009-09-23 10:10:32 -0400
commitdf6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 (patch)
tree5bed7a289830867f2bac4dc05f076b7121e41ae3
parentac22ba23b659e34a5961aec8c945608e471b0d5b (diff)
eCryptfs: Filename encryption only supports password auth tokens
Returns -ENOTSUPP when attempting to use filename encryption with something other than a password authentication token, such as a private token from openssl. Using filename encryption with a userspace eCryptfs key module is a future goal. Until then, this patch handles the situation a little better than simply using a BUG_ON(). Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: ecryptfs-devel@lists.launchpad.net Cc: stable <stable@kernel.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
-rw-r--r--fs/ecryptfs/crypto.c4
-rw-r--r--fs/ecryptfs/keystore.c14
2 files changed, 14 insertions, 4 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index f92370aa5704..bae20ad1a504 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1703,7 +1703,7 @@ ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
1703 } else { 1703 } else {
1704 printk(KERN_ERR "%s: No support for requested filename " 1704 printk(KERN_ERR "%s: No support for requested filename "
1705 "encryption method in this release\n", __func__); 1705 "encryption method in this release\n", __func__);
1706 rc = -ENOTSUPP; 1706 rc = -EOPNOTSUPP;
1707 goto out; 1707 goto out;
1708 } 1708 }
1709out: 1709out:
@@ -2168,7 +2168,7 @@ int ecryptfs_encrypt_and_encode_filename(
2168 (*encoded_name)[(*encoded_name_size)] = '\0'; 2168 (*encoded_name)[(*encoded_name_size)] = '\0';
2169 (*encoded_name_size)++; 2169 (*encoded_name_size)++;
2170 } else { 2170 } else {
2171 rc = -ENOTSUPP; 2171 rc = -EOPNOTSUPP;
2172 } 2172 }
2173 if (rc) { 2173 if (rc) {
2174 printk(KERN_ERR "%s: Error attempting to encode " 2174 printk(KERN_ERR "%s: Error attempting to encode "
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 3a61f056acf6..17164e483ab1 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -612,7 +612,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
612 } 612 }
613 /* TODO: Support other key modules than passphrase for 613 /* TODO: Support other key modules than passphrase for
614 * filename encryption */ 614 * filename encryption */
615 BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); 615 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
616 rc = -EOPNOTSUPP;
617 printk(KERN_INFO "%s: Filename encryption only supports "
618 "password tokens\n", __func__);
619 goto out_free_unlock;
620 }
616 sg_init_one( 621 sg_init_one(
617 &s->hash_sg, 622 &s->hash_sg,
618 (u8 *)s->auth_tok->token.password.session_key_encryption_key, 623 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
@@ -910,7 +915,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
910 } 915 }
911 /* TODO: Support other key modules than passphrase for 916 /* TODO: Support other key modules than passphrase for
912 * filename encryption */ 917 * filename encryption */
913 BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); 918 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
919 rc = -EOPNOTSUPP;
920 printk(KERN_INFO "%s: Filename encryption only supports "
921 "password tokens\n", __func__);
922 goto out_free_unlock;
923 }
914 rc = crypto_blkcipher_setkey( 924 rc = crypto_blkcipher_setkey(
915 s->desc.tfm, 925 s->desc.tfm,
916 s->auth_tok->token.password.session_key_encryption_key, 926 s->auth_tok->token.password.session_key_encryption_key,