diff options
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r-- | fs/ecryptfs/crypto.c | 107 |
1 files changed, 13 insertions, 94 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 18c78abba683..ea2afd2ce222 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -924,6 +924,15 @@ static void ecryptfs_copy_mount_wide_flags_to_inode_flags( | |||
924 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; | 924 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; |
925 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | 925 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) |
926 | crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; | 926 | crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; |
927 | if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { | ||
928 | crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES; | ||
929 | if (mount_crypt_stat->flags | ||
930 | & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) | ||
931 | crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK; | ||
932 | else if (mount_crypt_stat->flags | ||
933 | & ECRYPTFS_GLOBAL_ENCFN_USE_FEK) | ||
934 | crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK; | ||
935 | } | ||
927 | } | 936 | } |
928 | 937 | ||
929 | static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( | 938 | static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( |
@@ -1060,7 +1069,8 @@ struct ecryptfs_flag_map_elem { | |||
1060 | static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { | 1069 | static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { |
1061 | {0x00000001, ECRYPTFS_ENABLE_HMAC}, | 1070 | {0x00000001, ECRYPTFS_ENABLE_HMAC}, |
1062 | {0x00000002, ECRYPTFS_ENCRYPTED}, | 1071 | {0x00000002, ECRYPTFS_ENCRYPTED}, |
1063 | {0x00000004, ECRYPTFS_METADATA_IN_XATTR} | 1072 | {0x00000004, ECRYPTFS_METADATA_IN_XATTR}, |
1073 | {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES} | ||
1064 | }; | 1074 | }; |
1065 | 1075 | ||
1066 | /** | 1076 | /** |
@@ -1213,6 +1223,8 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
1213 | &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); | 1223 | &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); |
1214 | int rc; | 1224 | int rc; |
1215 | 1225 | ||
1226 | if (crypt_stat->extent_size == 0) | ||
1227 | crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; | ||
1216 | rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, | 1228 | rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, |
1217 | ecryptfs_inode); | 1229 | ecryptfs_inode); |
1218 | if (rc) { | 1230 | if (rc) { |
@@ -1222,7 +1234,6 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
1222 | } | 1234 | } |
1223 | if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { | 1235 | if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { |
1224 | rc = -EINVAL; | 1236 | rc = -EINVAL; |
1225 | ecryptfs_printk(KERN_DEBUG, "Valid marker not found\n"); | ||
1226 | } | 1237 | } |
1227 | out: | 1238 | out: |
1228 | return rc; | 1239 | return rc; |
@@ -1629,98 +1640,6 @@ out: | |||
1629 | } | 1640 | } |
1630 | 1641 | ||
1631 | /** | 1642 | /** |
1632 | * ecryptfs_encode_filename - converts a plaintext file name to cipher text | ||
1633 | * @crypt_stat: The crypt_stat struct associated with the file anem to encode | ||
1634 | * @name: The plaintext name | ||
1635 | * @length: The length of the plaintext | ||
1636 | * @encoded_name: The encypted name | ||
1637 | * | ||
1638 | * Encrypts and encodes a filename into something that constitutes a | ||
1639 | * valid filename for a filesystem, with printable characters. | ||
1640 | * | ||
1641 | * We assume that we have a properly initialized crypto context, | ||
1642 | * pointed to by crypt_stat->tfm. | ||
1643 | * | ||
1644 | * TODO: Implement filename decoding and decryption here, in place of | ||
1645 | * memcpy. We are keeping the framework around for now to (1) | ||
1646 | * facilitate testing of the components needed to implement filename | ||
1647 | * encryption and (2) to provide a code base from which other | ||
1648 | * developers in the community can easily implement this feature. | ||
1649 | * | ||
1650 | * Returns the length of encoded filename; negative if error | ||
1651 | */ | ||
1652 | int | ||
1653 | ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
1654 | const char *name, int length, char **encoded_name) | ||
1655 | { | ||
1656 | int error = 0; | ||
1657 | |||
1658 | (*encoded_name) = kmalloc(length + 2, GFP_KERNEL); | ||
1659 | if (!(*encoded_name)) { | ||
1660 | error = -ENOMEM; | ||
1661 | goto out; | ||
1662 | } | ||
1663 | /* TODO: Filename encryption is a scheduled feature for a | ||
1664 | * future version of eCryptfs. This function is here only for | ||
1665 | * the purpose of providing a framework for other developers | ||
1666 | * to easily implement filename encryption. Hint: Replace this | ||
1667 | * memcpy() with a call to encrypt and encode the | ||
1668 | * filename, the set the length accordingly. */ | ||
1669 | memcpy((void *)(*encoded_name), (void *)name, length); | ||
1670 | (*encoded_name)[length] = '\0'; | ||
1671 | error = length + 1; | ||
1672 | out: | ||
1673 | return error; | ||
1674 | } | ||
1675 | |||
1676 | /** | ||
1677 | * ecryptfs_decode_filename - converts the cipher text name to plaintext | ||
1678 | * @crypt_stat: The crypt_stat struct associated with the file | ||
1679 | * @name: The filename in cipher text | ||
1680 | * @length: The length of the cipher text name | ||
1681 | * @decrypted_name: The plaintext name | ||
1682 | * | ||
1683 | * Decodes and decrypts the filename. | ||
1684 | * | ||
1685 | * We assume that we have a properly initialized crypto context, | ||
1686 | * pointed to by crypt_stat->tfm. | ||
1687 | * | ||
1688 | * TODO: Implement filename decoding and decryption here, in place of | ||
1689 | * memcpy. We are keeping the framework around for now to (1) | ||
1690 | * facilitate testing of the components needed to implement filename | ||
1691 | * encryption and (2) to provide a code base from which other | ||
1692 | * developers in the community can easily implement this feature. | ||
1693 | * | ||
1694 | * Returns the length of decoded filename; negative if error | ||
1695 | */ | ||
1696 | int | ||
1697 | ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
1698 | const char *name, int length, char **decrypted_name) | ||
1699 | { | ||
1700 | int error = 0; | ||
1701 | |||
1702 | (*decrypted_name) = kmalloc(length + 2, GFP_KERNEL); | ||
1703 | if (!(*decrypted_name)) { | ||
1704 | error = -ENOMEM; | ||
1705 | goto out; | ||
1706 | } | ||
1707 | /* TODO: Filename encryption is a scheduled feature for a | ||
1708 | * future version of eCryptfs. This function is here only for | ||
1709 | * the purpose of providing a framework for other developers | ||
1710 | * to easily implement filename encryption. Hint: Replace this | ||
1711 | * memcpy() with a call to decode and decrypt the | ||
1712 | * filename, the set the length accordingly. */ | ||
1713 | memcpy((void *)(*decrypted_name), (void *)name, length); | ||
1714 | (*decrypted_name)[length + 1] = '\0'; /* Only for convenience | ||
1715 | * in printing out the | ||
1716 | * string in debug | ||
1717 | * messages */ | ||
1718 | error = length; | ||
1719 | out: | ||
1720 | return error; | ||
1721 | } | ||
1722 | |||
1723 | /** | ||
1724 | * ecryptfs_encrypt_filename - encrypt filename | 1643 | * ecryptfs_encrypt_filename - encrypt filename |
1725 | * | 1644 | * |
1726 | * CBC-encrypts the filename. We do not want to encrypt the same | 1645 | * CBC-encrypts the filename. We do not want to encrypt the same |