diff options
| author | Michael Halcrow <mhalcrow@us.ibm.com> | 2008-04-29 03:59:51 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 11:06:07 -0400 |
| commit | f66e883eb6186bc43a79581b67aff7d1a69d0ff1 (patch) | |
| tree | 9fc1fb65586ff334a1f8c1afb9a43edf077d338f /fs/ecryptfs/keystore.c | |
| parent | 8bf2debd5f7bf12d122124e34fec14af5b1e8ecf (diff) | |
eCryptfs: integrate eCryptfs device handle into the module.
Update the versioning information. Make the message types generic. Add an
outgoing message queue to the daemon struct. Make the functions to parse
and write the packet lengths available to the rest of the module. Add
functions to create and destroy the daemon structs. Clean up some of the
comments and make the code a little more consistent with itself.
[akpm@linux-foundation.org: printk fixes]
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/keystore.c')
| -rw-r--r-- | fs/ecryptfs/keystore.c | 89 |
1 files changed, 49 insertions, 40 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 682b1b2482c2..e82b457180be 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -65,7 +65,7 @@ static int process_request_key_err(long err_code) | |||
| 65 | } | 65 | } |
| 66 | 66 | ||
| 67 | /** | 67 | /** |
| 68 | * parse_packet_length | 68 | * ecryptfs_parse_packet_length |
| 69 | * @data: Pointer to memory containing length at offset | 69 | * @data: Pointer to memory containing length at offset |
| 70 | * @size: This function writes the decoded size to this memory | 70 | * @size: This function writes the decoded size to this memory |
| 71 | * address; zero on error | 71 | * address; zero on error |
| @@ -73,8 +73,8 @@ static int process_request_key_err(long err_code) | |||
| 73 | * | 73 | * |
| 74 | * Returns zero on success; non-zero on error | 74 | * Returns zero on success; non-zero on error |
| 75 | */ | 75 | */ |
| 76 | static int parse_packet_length(unsigned char *data, size_t *size, | 76 | int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, |
| 77 | size_t *length_size) | 77 | size_t *length_size) |
| 78 | { | 78 | { |
| 79 | int rc = 0; | 79 | int rc = 0; |
| 80 | 80 | ||
| @@ -105,7 +105,7 @@ out: | |||
| 105 | } | 105 | } |
| 106 | 106 | ||
| 107 | /** | 107 | /** |
| 108 | * write_packet_length | 108 | * ecryptfs_write_packet_length |
| 109 | * @dest: The byte array target into which to write the length. Must | 109 | * @dest: The byte array target into which to write the length. Must |
| 110 | * have at least 5 bytes allocated. | 110 | * have at least 5 bytes allocated. |
| 111 | * @size: The length to write. | 111 | * @size: The length to write. |
| @@ -114,8 +114,8 @@ out: | |||
| 114 | * | 114 | * |
| 115 | * Returns zero on success; non-zero on error. | 115 | * Returns zero on success; non-zero on error. |
| 116 | */ | 116 | */ |
| 117 | static int write_packet_length(char *dest, size_t size, | 117 | int ecryptfs_write_packet_length(char *dest, size_t size, |
| 118 | size_t *packet_size_length) | 118 | size_t *packet_size_length) |
| 119 | { | 119 | { |
| 120 | int rc = 0; | 120 | int rc = 0; |
| 121 | 121 | ||
| @@ -162,8 +162,8 @@ write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, | |||
| 162 | goto out; | 162 | goto out; |
| 163 | } | 163 | } |
| 164 | message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; | 164 | message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; |
| 165 | rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, | 165 | rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, |
| 166 | &packet_size_len); | 166 | &packet_size_len); |
| 167 | if (rc) { | 167 | if (rc) { |
| 168 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " | 168 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " |
| 169 | "header; cannot generate packet length\n"); | 169 | "header; cannot generate packet length\n"); |
| @@ -172,8 +172,9 @@ write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, | |||
| 172 | i += packet_size_len; | 172 | i += packet_size_len; |
| 173 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); | 173 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); |
| 174 | i += ECRYPTFS_SIG_SIZE_HEX; | 174 | i += ECRYPTFS_SIG_SIZE_HEX; |
| 175 | rc = write_packet_length(&message[i], session_key->encrypted_key_size, | 175 | rc = ecryptfs_write_packet_length(&message[i], |
| 176 | &packet_size_len); | 176 | session_key->encrypted_key_size, |
| 177 | &packet_size_len); | ||
| 177 | if (rc) { | 178 | if (rc) { |
| 178 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " | 179 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " |
| 179 | "header; cannot generate packet length\n"); | 180 | "header; cannot generate packet length\n"); |
| @@ -225,7 +226,7 @@ parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code, | |||
| 225 | rc = -EIO; | 226 | rc = -EIO; |
| 226 | goto out; | 227 | goto out; |
| 227 | } | 228 | } |
| 228 | rc = parse_packet_length(&data[i], &m_size, &data_len); | 229 | rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len); |
| 229 | if (rc) { | 230 | if (rc) { |
| 230 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " | 231 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " |
| 231 | "rc = [%d]\n", rc); | 232 | "rc = [%d]\n", rc); |
| @@ -304,8 +305,8 @@ write_tag_66_packet(char *signature, u8 cipher_code, | |||
| 304 | goto out; | 305 | goto out; |
| 305 | } | 306 | } |
| 306 | message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; | 307 | message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; |
| 307 | rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, | 308 | rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, |
| 308 | &packet_size_len); | 309 | &packet_size_len); |
| 309 | if (rc) { | 310 | if (rc) { |
| 310 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " | 311 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " |
| 311 | "header; cannot generate packet length\n"); | 312 | "header; cannot generate packet length\n"); |
| @@ -315,8 +316,8 @@ write_tag_66_packet(char *signature, u8 cipher_code, | |||
| 315 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); | 316 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); |
| 316 | i += ECRYPTFS_SIG_SIZE_HEX; | 317 | i += ECRYPTFS_SIG_SIZE_HEX; |
| 317 | /* The encrypted key includes 1 byte cipher code and 2 byte checksum */ | 318 | /* The encrypted key includes 1 byte cipher code and 2 byte checksum */ |
| 318 | rc = write_packet_length(&message[i], crypt_stat->key_size + 3, | 319 | rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3, |
| 319 | &packet_size_len); | 320 | &packet_size_len); |
| 320 | if (rc) { | 321 | if (rc) { |
| 321 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " | 322 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " |
| 322 | "header; cannot generate packet length\n"); | 323 | "header; cannot generate packet length\n"); |
| @@ -357,20 +358,25 @@ parse_tag_67_packet(struct ecryptfs_key_record *key_rec, | |||
| 357 | /* verify that everything through the encrypted FEK size is present */ | 358 | /* verify that everything through the encrypted FEK size is present */ |
| 358 | if (message_len < 4) { | 359 | if (message_len < 4) { |
| 359 | rc = -EIO; | 360 | rc = -EIO; |
| 361 | printk(KERN_ERR "%s: message_len is [%Zd]; minimum acceptable " | ||
| 362 | "message length is [%d]\n", __func__, message_len, 4); | ||
| 360 | goto out; | 363 | goto out; |
| 361 | } | 364 | } |
| 362 | if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { | 365 | if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { |
| 363 | ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_67\n"); | ||
| 364 | rc = -EIO; | 366 | rc = -EIO; |
| 367 | printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n", | ||
| 368 | __func__); | ||
| 365 | goto out; | 369 | goto out; |
| 366 | } | 370 | } |
| 367 | if (data[i++]) { | 371 | if (data[i++]) { |
| 368 | ecryptfs_printk(KERN_ERR, "Status indicator has non zero value" | ||
| 369 | " [%d]\n", data[i-1]); | ||
| 370 | rc = -EIO; | 372 | rc = -EIO; |
| 373 | printk(KERN_ERR "%s: Status indicator has non zero " | ||
| 374 | "value [%d]\n", __func__, data[i-1]); | ||
| 375 | |||
| 371 | goto out; | 376 | goto out; |
| 372 | } | 377 | } |
| 373 | rc = parse_packet_length(&data[i], &key_rec->enc_key_size, &data_len); | 378 | rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size, |
| 379 | &data_len); | ||
| 374 | if (rc) { | 380 | if (rc) { |
| 375 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " | 381 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " |
| 376 | "rc = [%d]\n", rc); | 382 | "rc = [%d]\n", rc); |
| @@ -378,17 +384,17 @@ parse_tag_67_packet(struct ecryptfs_key_record *key_rec, | |||
| 378 | } | 384 | } |
| 379 | i += data_len; | 385 | i += data_len; |
| 380 | if (message_len < (i + key_rec->enc_key_size)) { | 386 | if (message_len < (i + key_rec->enc_key_size)) { |
| 381 | ecryptfs_printk(KERN_ERR, "message_len [%d]; max len is [%d]\n", | ||
| 382 | message_len, (i + key_rec->enc_key_size)); | ||
| 383 | rc = -EIO; | 387 | rc = -EIO; |
| 388 | printk(KERN_ERR "%s: message_len [%Zd]; max len is [%Zd]\n", | ||
| 389 | __func__, message_len, (i + key_rec->enc_key_size)); | ||
| 384 | goto out; | 390 | goto out; |
| 385 | } | 391 | } |
| 386 | if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { | 392 | if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { |
| 387 | ecryptfs_printk(KERN_ERR, "Encrypted key_size [%d] larger than " | ||
| 388 | "the maximum key size [%d]\n", | ||
| 389 | key_rec->enc_key_size, | ||
| 390 | ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); | ||
| 391 | rc = -EIO; | 393 | rc = -EIO; |
| 394 | printk(KERN_ERR "%s: Encrypted key_size [%Zd] larger than " | ||
| 395 | "the maximum key size [%d]\n", __func__, | ||
| 396 | key_rec->enc_key_size, | ||
| 397 | ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); | ||
| 392 | goto out; | 398 | goto out; |
| 393 | } | 399 | } |
| 394 | memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); | 400 | memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); |
| @@ -445,7 +451,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 445 | rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key), | 451 | rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key), |
| 446 | &netlink_message, &netlink_message_length); | 452 | &netlink_message, &netlink_message_length); |
| 447 | if (rc) { | 453 | if (rc) { |
| 448 | ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet"); | 454 | ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n"); |
| 449 | goto out; | 455 | goto out; |
| 450 | } | 456 | } |
| 451 | rc = ecryptfs_send_message(ecryptfs_transport, netlink_message, | 457 | rc = ecryptfs_send_message(ecryptfs_transport, netlink_message, |
| @@ -570,8 +576,8 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 570 | goto out; | 576 | goto out; |
| 571 | } | 577 | } |
| 572 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; | 578 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; |
| 573 | rc = parse_packet_length(&data[(*packet_size)], &body_size, | 579 | rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, |
| 574 | &length_size); | 580 | &length_size); |
| 575 | if (rc) { | 581 | if (rc) { |
| 576 | printk(KERN_WARNING "Error parsing packet length; " | 582 | printk(KERN_WARNING "Error parsing packet length; " |
| 577 | "rc = [%d]\n", rc); | 583 | "rc = [%d]\n", rc); |
| @@ -704,8 +710,8 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 704 | goto out; | 710 | goto out; |
| 705 | } | 711 | } |
| 706 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; | 712 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; |
| 707 | rc = parse_packet_length(&data[(*packet_size)], &body_size, | 713 | rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, |
| 708 | &length_size); | 714 | &length_size); |
| 709 | if (rc) { | 715 | if (rc) { |
| 710 | printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", | 716 | printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", |
| 711 | rc); | 717 | rc); |
| @@ -852,8 +858,8 @@ parse_tag_11_packet(unsigned char *data, unsigned char *contents, | |||
| 852 | rc = -EINVAL; | 858 | rc = -EINVAL; |
| 853 | goto out; | 859 | goto out; |
| 854 | } | 860 | } |
| 855 | rc = parse_packet_length(&data[(*packet_size)], &body_size, | 861 | rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, |
| 856 | &length_size); | 862 | &length_size); |
| 857 | if (rc) { | 863 | if (rc) { |
| 858 | printk(KERN_WARNING "Invalid tag 11 packet format\n"); | 864 | printk(KERN_WARNING "Invalid tag 11 packet format\n"); |
| 859 | goto out; | 865 | goto out; |
| @@ -1405,8 +1411,8 @@ write_tag_1_packet(char *dest, size_t *remaining_bytes, | |||
| 1405 | auth_tok->token.private_key.key_size; | 1411 | auth_tok->token.private_key.key_size; |
| 1406 | rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec); | 1412 | rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec); |
| 1407 | if (rc) { | 1413 | if (rc) { |
| 1408 | ecryptfs_printk(KERN_ERR, "Failed to encrypt session key " | 1414 | printk(KERN_ERR "Failed to encrypt session key via a key " |
| 1409 | "via a pki"); | 1415 | "module; rc = [%d]\n", rc); |
| 1410 | goto out; | 1416 | goto out; |
| 1411 | } | 1417 | } |
| 1412 | if (ecryptfs_verbosity > 0) { | 1418 | if (ecryptfs_verbosity > 0) { |
| @@ -1430,8 +1436,9 @@ encrypted_session_key_set: | |||
| 1430 | goto out; | 1436 | goto out; |
| 1431 | } | 1437 | } |
| 1432 | dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; | 1438 | dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; |
| 1433 | rc = write_packet_length(&dest[(*packet_size)], (max_packet_size - 4), | 1439 | rc = ecryptfs_write_packet_length(&dest[(*packet_size)], |
| 1434 | &packet_size_length); | 1440 | (max_packet_size - 4), |
| 1441 | &packet_size_length); | ||
| 1435 | if (rc) { | 1442 | if (rc) { |
| 1436 | ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet " | 1443 | ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet " |
| 1437 | "header; cannot generate packet length\n"); | 1444 | "header; cannot generate packet length\n"); |
| @@ -1489,8 +1496,9 @@ write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents, | |||
| 1489 | goto out; | 1496 | goto out; |
| 1490 | } | 1497 | } |
| 1491 | dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; | 1498 | dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; |
| 1492 | rc = write_packet_length(&dest[(*packet_length)], | 1499 | rc = ecryptfs_write_packet_length(&dest[(*packet_length)], |
| 1493 | (max_packet_size - 4), &packet_size_length); | 1500 | (max_packet_size - 4), |
| 1501 | &packet_size_length); | ||
| 1494 | if (rc) { | 1502 | if (rc) { |
| 1495 | printk(KERN_ERR "Error generating tag 11 packet header; cannot " | 1503 | printk(KERN_ERR "Error generating tag 11 packet header; cannot " |
| 1496 | "generate packet length. rc = [%d]\n", rc); | 1504 | "generate packet length. rc = [%d]\n", rc); |
| @@ -1682,8 +1690,9 @@ encrypted_session_key_set: | |||
| 1682 | dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; | 1690 | dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; |
| 1683 | /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3) | 1691 | /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3) |
| 1684 | * to get the number of octets in the actual Tag 3 packet */ | 1692 | * to get the number of octets in the actual Tag 3 packet */ |
| 1685 | rc = write_packet_length(&dest[(*packet_size)], (max_packet_size - 4), | 1693 | rc = ecryptfs_write_packet_length(&dest[(*packet_size)], |
| 1686 | &packet_size_length); | 1694 | (max_packet_size - 4), |
| 1695 | &packet_size_length); | ||
| 1687 | if (rc) { | 1696 | if (rc) { |
| 1688 | printk(KERN_ERR "Error generating tag 3 packet header; cannot " | 1697 | printk(KERN_ERR "Error generating tag 3 packet header; cannot " |
| 1689 | "generate packet length. rc = [%d]\n", rc); | 1698 | "generate packet length. rc = [%d]\n", rc); |