diff options
Diffstat (limited to 'fs/ecryptfs/keystore.c')
| -rw-r--r-- | fs/ecryptfs/keystore.c | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 259525c9abb8..a0a7847567e9 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -416,7 +416,9 @@ ecryptfs_find_global_auth_tok_for_sig( | |||
| 416 | &mount_crypt_stat->global_auth_tok_list, | 416 | &mount_crypt_stat->global_auth_tok_list, |
| 417 | mount_crypt_stat_list) { | 417 | mount_crypt_stat_list) { |
| 418 | if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) { | 418 | if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) { |
| 419 | (*global_auth_tok) = walker; | 419 | rc = key_validate(walker->global_auth_tok_key); |
| 420 | if (!rc) | ||
| 421 | (*global_auth_tok) = walker; | ||
| 420 | goto out; | 422 | goto out; |
| 421 | } | 423 | } |
| 422 | } | 424 | } |
| @@ -612,7 +614,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
| 612 | } | 614 | } |
| 613 | /* TODO: Support other key modules than passphrase for | 615 | /* TODO: Support other key modules than passphrase for |
| 614 | * filename encryption */ | 616 | * filename encryption */ |
| 615 | BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); | 617 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |
| 618 | rc = -EOPNOTSUPP; | ||
| 619 | printk(KERN_INFO "%s: Filename encryption only supports " | ||
| 620 | "password tokens\n", __func__); | ||
| 621 | goto out_free_unlock; | ||
| 622 | } | ||
| 616 | sg_init_one( | 623 | sg_init_one( |
| 617 | &s->hash_sg, | 624 | &s->hash_sg, |
| 618 | (u8 *)s->auth_tok->token.password.session_key_encryption_key, | 625 | (u8 *)s->auth_tok->token.password.session_key_encryption_key, |
| @@ -910,7 +917,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
| 910 | } | 917 | } |
| 911 | /* TODO: Support other key modules than passphrase for | 918 | /* TODO: Support other key modules than passphrase for |
| 912 | * filename encryption */ | 919 | * filename encryption */ |
| 913 | BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); | 920 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |
| 921 | rc = -EOPNOTSUPP; | ||
| 922 | printk(KERN_INFO "%s: Filename encryption only supports " | ||
| 923 | "password tokens\n", __func__); | ||
| 924 | goto out_free_unlock; | ||
| 925 | } | ||
| 914 | rc = crypto_blkcipher_setkey( | 926 | rc = crypto_blkcipher_setkey( |
| 915 | s->desc.tfm, | 927 | s->desc.tfm, |
| 916 | s->auth_tok->token.password.session_key_encryption_key, | 928 | s->auth_tok->token.password.session_key_encryption_key, |
| @@ -1316,8 +1328,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 1316 | rc = -EINVAL; | 1328 | rc = -EINVAL; |
| 1317 | goto out_free; | 1329 | goto out_free; |
| 1318 | } | 1330 | } |
| 1319 | ecryptfs_cipher_code_to_string(crypt_stat->cipher, | 1331 | rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, |
| 1320 | (u16)data[(*packet_size)]); | 1332 | (u16)data[(*packet_size)]); |
| 1333 | if (rc) | ||
| 1334 | goto out_free; | ||
| 1321 | /* A little extra work to differentiate among the AES key | 1335 | /* A little extra work to differentiate among the AES key |
| 1322 | * sizes; see RFC2440 */ | 1336 | * sizes; see RFC2440 */ |
| 1323 | switch(data[(*packet_size)++]) { | 1337 | switch(data[(*packet_size)++]) { |
| @@ -1328,7 +1342,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 1328 | crypt_stat->key_size = | 1342 | crypt_stat->key_size = |
| 1329 | (*new_auth_tok)->session_key.encrypted_key_size; | 1343 | (*new_auth_tok)->session_key.encrypted_key_size; |
| 1330 | } | 1344 | } |
| 1331 | ecryptfs_init_crypt_ctx(crypt_stat); | 1345 | rc = ecryptfs_init_crypt_ctx(crypt_stat); |
| 1346 | if (rc) | ||
| 1347 | goto out_free; | ||
| 1332 | if (unlikely(data[(*packet_size)++] != 0x03)) { | 1348 | if (unlikely(data[(*packet_size)++] != 0x03)) { |
| 1333 | printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); | 1349 | printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); |
| 1334 | rc = -ENOSYS; | 1350 | rc = -ENOSYS; |
| @@ -2366,21 +2382,18 @@ struct kmem_cache *ecryptfs_key_sig_cache; | |||
| 2366 | int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig) | 2382 | int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig) |
| 2367 | { | 2383 | { |
| 2368 | struct ecryptfs_key_sig *new_key_sig; | 2384 | struct ecryptfs_key_sig *new_key_sig; |
| 2369 | int rc = 0; | ||
| 2370 | 2385 | ||
| 2371 | new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL); | 2386 | new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL); |
| 2372 | if (!new_key_sig) { | 2387 | if (!new_key_sig) { |
| 2373 | rc = -ENOMEM; | ||
| 2374 | printk(KERN_ERR | 2388 | printk(KERN_ERR |
| 2375 | "Error allocating from ecryptfs_key_sig_cache\n"); | 2389 | "Error allocating from ecryptfs_key_sig_cache\n"); |
| 2376 | goto out; | 2390 | return -ENOMEM; |
| 2377 | } | 2391 | } |
| 2378 | memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); | 2392 | memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); |
| 2379 | mutex_lock(&crypt_stat->keysig_list_mutex); | 2393 | /* Caller must hold keysig_list_mutex */ |
| 2380 | list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); | 2394 | list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); |
| 2381 | mutex_unlock(&crypt_stat->keysig_list_mutex); | 2395 | |
| 2382 | out: | 2396 | return 0; |
| 2383 | return rc; | ||
| 2384 | } | 2397 | } |
| 2385 | 2398 | ||
| 2386 | struct kmem_cache *ecryptfs_global_auth_tok_cache; | 2399 | struct kmem_cache *ecryptfs_global_auth_tok_cache; |