eCryptfs: added support for the encrypted key type

The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order to search keys of both 'user' and 'encrypted' types. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Roberto Sassu <roberto.sassu@polito.it> 2011-06-27 07:45:45 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-06-27 09:11:21 -0400
commit: 1252cc3b232e582e887623dc5f70979418caaaa2 (patch)
tree: bd3a266d7c53ce46a37a7907d7a2b6c8bcb8a6ae /fs/ecryptfs
parent: 79a73d188726b473ca3bf483244bc96096831905 (diff)
2 files changed, 47 insertions, 7 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index bb8ec5d4301c..b36c5572b3f3 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -29,6 +29,7 @@
 #define ECRYPTFS_KERNEL_H
 #include <keys/user-type.h>
+#include <keys/encrypted-type.h>
 #include <linux/fs.h>
 #include <linux/fs_stack.h>
 #include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
        } param;
 };
+#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+        if (key->type == &key_type_encrypted)
+                return (struct ecryptfs_auth_tok *)
+                        (&((struct encrypted_key_payload *)key->payload.data)->payload_data);
+        else
+                return NULL;
+}
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+        return request_key(&key_type_encrypted, sig, NULL);
+}
+#else
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+        return NULL;
+}
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+        return ERR_PTR(-ENOKEY);
+}
+#endif /* CONFIG_ENCRYPTED_KEYS */
 static inline struct ecryptfs_auth_tok *
 ecryptfs_get_key_payload_data(struct key *key)
 {
-        return (struct ecryptfs_auth_tok *)
+        struct ecryptfs_auth_tok *auth_tok;
-                (((struct user_key_payload*)key->payload.data)->data);
+        auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
+        if (!auth_tok)
+                return (struct ecryptfs_auth_tok *)
+                        (((struct user_key_payload *)key->payload.data)->data);
+        else
+                return auth_tok;
 }
 #define ECRYPTFS_MAX_KEYSET_SIZE 1024
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 27a7fefb83eb..2cff13ac8937 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
        (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
        if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
-                printk(KERN_ERR "Could not find key with description: [%s]\n",
+                (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
-                       sig);
+                if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
-                rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+                        printk(KERN_ERR "Could not find key with description: [%s]\n",
-                (*auth_tok_key) = NULL;
+                              sig);
-                goto out;
+                        rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+                        (*auth_tok_key) = NULL;
+                        goto out;
+                }
        }
        down_write(&(*auth_tok_key)->sem);
        rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
author	Roberto Sassu <roberto.sassu@polito.it>	2011-06-27 07:45:45 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-06-27 09:11:21 -0400
commit	1252cc3b232e582e887623dc5f70979418caaaa2 (patch)
tree	bd3a266d7c53ce46a37a7907d7a2b6c8bcb8a6ae /fs/ecryptfs
parent	79a73d188726b473ca3bf483244bc96096831905 (diff)

diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index bb8ec5d4301c..b36c5572b3f3 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -29,6 +29,7 @@
29	#define ECRYPTFS_KERNEL_H	29	#define ECRYPTFS_KERNEL_H
30		30
31	#include <keys/user-type.h>	31	#include <keys/user-type.h>
		32	#include <keys/encrypted-type.h>
32	#include <linux/fs.h>	33	#include <linux/fs.h>
33	#include <linux/fs_stack.h>	34	#include <linux/fs_stack.h>
34	#include <linux/namei.h>	35	#include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
78	} param;	79	} param;
79	};	80	};
80		81
		82	#if defined(CONFIG_ENCRYPTED_KEYS) \|\| defined(CONFIG_ENCRYPTED_KEYS_MODULE)
		83	static inline struct ecryptfs_auth_tok *
		84	ecryptfs_get_encrypted_key_payload_data(struct key *key)
		85	{
		86	if (key->type == &key_type_encrypted)
		87	return (struct ecryptfs_auth_tok *)
		88	(&((struct encrypted_key_payload *)key->payload.data)->payload_data);
		89	else
		90	return NULL;
		91	}
		92
		93	static inline struct key ecryptfs_get_encrypted_key(char sig)
		94	{
		95	return request_key(&key_type_encrypted, sig, NULL);
		96	}
		97
		98	#else
		99	static inline struct ecryptfs_auth_tok *
		100	ecryptfs_get_encrypted_key_payload_data(struct key *key)
		101	{
		102	return NULL;
		103	}
		104
		105	static inline struct key ecryptfs_get_encrypted_key(char sig)
		106	{
		107	return ERR_PTR(-ENOKEY);
		108	}
		109
		110	#endif /* CONFIG_ENCRYPTED_KEYS */
		111
81	static inline struct ecryptfs_auth_tok *	112	static inline struct ecryptfs_auth_tok *
82	ecryptfs_get_key_payload_data(struct key *key)	113	ecryptfs_get_key_payload_data(struct key *key)
83	{	114	{
84	return (struct ecryptfs_auth_tok *)	115	struct ecryptfs_auth_tok *auth_tok;
85	(((struct user_key_payload*)key->payload.data)->data);	116
		117	auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
		118	if (!auth_tok)
		119	return (struct ecryptfs_auth_tok *)
		120	(((struct user_key_payload *)key->payload.data)->data);
		121	else
		122	return auth_tok;
86	}	123	}
87		124
88	#define ECRYPTFS_MAX_KEYSET_SIZE 1024	125	#define ECRYPTFS_MAX_KEYSET_SIZE 1024


diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 27a7fefb83eb..2cff13ac8937 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c
@@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1635		1635
1636	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);	1636	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1637	if (!(auth_tok_key) \|\| IS_ERR(auth_tok_key)) {	1637	if (!(auth_tok_key) \|\| IS_ERR(auth_tok_key)) {
1638	printk(KERN_ERR "Could not find key with description: [%s]\n",	1638	(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
1639	sig);	1639	if (!(auth_tok_key) \|\| IS_ERR(auth_tok_key)) {
1640	rc = process_request_key_err(PTR_ERR(*auth_tok_key));	1640	printk(KERN_ERR "Could not find key with description: [%s]\n",
1641	(*auth_tok_key) = NULL;	1641	sig);
1642	goto out;	1642	rc = process_request_key_err(PTR_ERR(*auth_tok_key));
		1643	(*auth_tok_key) = NULL;
		1644	goto out;
		1645	}
1643	}	1646	}
1644	down_write(&(*auth_tok_key)->sem);	1647	down_write(&(*auth_tok_key)->sem);
1645	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);	1648	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);