diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/crypto.c | 69 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 48 |
2 files changed, 79 insertions, 38 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 6051dbfad0d3..7aa2f48978de 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -722,6 +722,11 @@ out: | |||
722 | 722 | ||
723 | /** | 723 | /** |
724 | * decrypt_scatterlist | 724 | * decrypt_scatterlist |
725 | * @crypt_stat: Cryptographic context | ||
726 | * @dest_sg: The destination scatterlist to decrypt into | ||
727 | * @src_sg: The source scatterlist to decrypt from | ||
728 | * @size: The number of bytes to decrypt | ||
729 | * @iv: The initialization vector to use for the decryption | ||
725 | * | 730 | * |
726 | * Returns the number of bytes decrypted; negative value on error | 731 | * Returns the number of bytes decrypted; negative value on error |
727 | */ | 732 | */ |
@@ -763,6 +768,13 @@ out: | |||
763 | 768 | ||
764 | /** | 769 | /** |
765 | * ecryptfs_encrypt_page_offset | 770 | * ecryptfs_encrypt_page_offset |
771 | * @crypt_stat: The cryptographic context | ||
772 | * @dst_page: The page to encrypt into | ||
773 | * @dst_offset: The offset in the page to encrypt into | ||
774 | * @src_page: The page to encrypt from | ||
775 | * @src_offset: The offset in the page to encrypt from | ||
776 | * @size: The number of bytes to encrypt | ||
777 | * @iv: The initialization vector to use for the encryption | ||
766 | * | 778 | * |
767 | * Returns the number of bytes encrypted | 779 | * Returns the number of bytes encrypted |
768 | */ | 780 | */ |
@@ -785,6 +797,13 @@ ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, | |||
785 | 797 | ||
786 | /** | 798 | /** |
787 | * ecryptfs_decrypt_page_offset | 799 | * ecryptfs_decrypt_page_offset |
800 | * @crypt_stat: The cryptographic context | ||
801 | * @dst_page: The page to decrypt into | ||
802 | * @dst_offset: The offset in the page to decrypt into | ||
803 | * @src_page: The page to decrypt from | ||
804 | * @src_offset: The offset in the page to decrypt from | ||
805 | * @size: The number of bytes to decrypt | ||
806 | * @iv: The initialization vector to use for the decryption | ||
788 | * | 807 | * |
789 | * Returns the number of bytes decrypted | 808 | * Returns the number of bytes decrypted |
790 | */ | 809 | */ |
@@ -940,6 +959,8 @@ static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) | |||
940 | 959 | ||
941 | /** | 960 | /** |
942 | * ecryptfs_copy_mount_wide_flags_to_inode_flags | 961 | * ecryptfs_copy_mount_wide_flags_to_inode_flags |
962 | * @crypt_stat: The inode's cryptographic context | ||
963 | * @mount_crypt_stat: The mount point's cryptographic context | ||
943 | * | 964 | * |
944 | * This function propagates the mount-wide flags to individual inode | 965 | * This function propagates the mount-wide flags to individual inode |
945 | * flags. | 966 | * flags. |
@@ -980,7 +1001,8 @@ out: | |||
980 | 1001 | ||
981 | /** | 1002 | /** |
982 | * ecryptfs_set_default_crypt_stat_vals | 1003 | * ecryptfs_set_default_crypt_stat_vals |
983 | * @crypt_stat | 1004 | * @crypt_stat: The inode's cryptographic context |
1005 | * @mount_crypt_stat: The mount point's cryptographic context | ||
984 | * | 1006 | * |
985 | * Default values in the event that policy does not override them. | 1007 | * Default values in the event that policy does not override them. |
986 | */ | 1008 | */ |
@@ -1000,7 +1022,7 @@ static void ecryptfs_set_default_crypt_stat_vals( | |||
1000 | 1022 | ||
1001 | /** | 1023 | /** |
1002 | * ecryptfs_new_file_context | 1024 | * ecryptfs_new_file_context |
1003 | * @ecryptfs_dentry | 1025 | * @ecryptfs_dentry: The eCryptfs dentry |
1004 | * | 1026 | * |
1005 | * If the crypto context for the file has not yet been established, | 1027 | * If the crypto context for the file has not yet been established, |
1006 | * this is where we do that. Establishing a new crypto context | 1028 | * this is where we do that. Establishing a new crypto context |
@@ -1017,7 +1039,6 @@ static void ecryptfs_set_default_crypt_stat_vals( | |||
1017 | * | 1039 | * |
1018 | * Returns zero on success; non-zero otherwise | 1040 | * Returns zero on success; non-zero otherwise |
1019 | */ | 1041 | */ |
1020 | /* Associate an authentication token(s) with the file */ | ||
1021 | int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) | 1042 | int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) |
1022 | { | 1043 | { |
1023 | struct ecryptfs_crypt_stat *crypt_stat = | 1044 | struct ecryptfs_crypt_stat *crypt_stat = |
@@ -1095,7 +1116,7 @@ static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { | |||
1095 | 1116 | ||
1096 | /** | 1117 | /** |
1097 | * ecryptfs_process_flags | 1118 | * ecryptfs_process_flags |
1098 | * @crypt_stat | 1119 | * @crypt_stat: The cryptographic context |
1099 | * @page_virt: Source data to be parsed | 1120 | * @page_virt: Source data to be parsed |
1100 | * @bytes_read: Updated with the number of bytes read | 1121 | * @bytes_read: Updated with the number of bytes read |
1101 | * | 1122 | * |
@@ -1183,7 +1204,7 @@ ecryptfs_cipher_code_str_map[] = { | |||
1183 | 1204 | ||
1184 | /** | 1205 | /** |
1185 | * ecryptfs_code_for_cipher_string | 1206 | * ecryptfs_code_for_cipher_string |
1186 | * @str: The string representing the cipher name | 1207 | * @crypt_stat: The cryptographic context |
1187 | * | 1208 | * |
1188 | * Returns zero on no match, or the cipher code on match | 1209 | * Returns zero on no match, or the cipher code on match |
1189 | */ | 1210 | */ |
@@ -1241,9 +1262,9 @@ int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code) | |||
1241 | 1262 | ||
1242 | /** | 1263 | /** |
1243 | * ecryptfs_read_header_region | 1264 | * ecryptfs_read_header_region |
1244 | * @data | 1265 | * @data: The virtual address to write header region data into |
1245 | * @dentry | 1266 | * @dentry: The lower dentry |
1246 | * @nd | 1267 | * @mnt: The lower VFS mount |
1247 | * | 1268 | * |
1248 | * Returns zero on success; non-zero otherwise | 1269 | * Returns zero on success; non-zero otherwise |
1249 | */ | 1270 | */ |
@@ -1315,9 +1336,10 @@ struct kmem_cache *ecryptfs_header_cache_2; | |||
1315 | 1336 | ||
1316 | /** | 1337 | /** |
1317 | * ecryptfs_write_headers_virt | 1338 | * ecryptfs_write_headers_virt |
1318 | * @page_virt | 1339 | * @page_virt: The virtual address to write the headers to |
1319 | * @crypt_stat | 1340 | * @size: Set to the number of bytes written by this function |
1320 | * @ecryptfs_dentry | 1341 | * @crypt_stat: The cryptographic context |
1342 | * @ecryptfs_dentry: The eCryptfs dentry | ||
1321 | * | 1343 | * |
1322 | * Format version: 1 | 1344 | * Format version: 1 |
1323 | * | 1345 | * |
@@ -1371,9 +1393,9 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t *size, | |||
1371 | return rc; | 1393 | return rc; |
1372 | } | 1394 | } |
1373 | 1395 | ||
1374 | static int ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, | 1396 | static int |
1375 | struct file *lower_file, | 1397 | ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, |
1376 | char *page_virt) | 1398 | struct file *lower_file, char *page_virt) |
1377 | { | 1399 | { |
1378 | mm_segment_t oldfs; | 1400 | mm_segment_t oldfs; |
1379 | int current_header_page; | 1401 | int current_header_page; |
@@ -1415,9 +1437,10 @@ out: | |||
1415 | return rc; | 1437 | return rc; |
1416 | } | 1438 | } |
1417 | 1439 | ||
1418 | static int ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, | 1440 | static int |
1419 | struct ecryptfs_crypt_stat *crypt_stat, | 1441 | ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, |
1420 | char *page_virt, size_t size) | 1442 | struct ecryptfs_crypt_stat *crypt_stat, |
1443 | char *page_virt, size_t size) | ||
1421 | { | 1444 | { |
1422 | int rc; | 1445 | int rc; |
1423 | 1446 | ||
@@ -1428,6 +1451,7 @@ static int ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, | |||
1428 | 1451 | ||
1429 | /** | 1452 | /** |
1430 | * ecryptfs_write_metadata | 1453 | * ecryptfs_write_metadata |
1454 | * @ecryptfs_dentry: The eCryptfs dentry | ||
1431 | * @lower_file: The lower file struct, which was returned from dentry_open | 1455 | * @lower_file: The lower file struct, which was returned from dentry_open |
1432 | * | 1456 | * |
1433 | * Write the file headers out. This will likely involve a userspace | 1457 | * Write the file headers out. This will likely involve a userspace |
@@ -1525,6 +1549,7 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, | |||
1525 | 1549 | ||
1526 | /** | 1550 | /** |
1527 | * set_default_header_data | 1551 | * set_default_header_data |
1552 | * @crypt_stat: The cryptographic context | ||
1528 | * | 1553 | * |
1529 | * For version 0 file format; this function is only for backwards | 1554 | * For version 0 file format; this function is only for backwards |
1530 | * compatibility for files created with the prior versions of | 1555 | * compatibility for files created with the prior versions of |
@@ -1538,6 +1563,10 @@ static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) | |||
1538 | 1563 | ||
1539 | /** | 1564 | /** |
1540 | * ecryptfs_read_headers_virt | 1565 | * ecryptfs_read_headers_virt |
1566 | * @page_virt: The virtual address into which to read the headers | ||
1567 | * @crypt_stat: The cryptographic context | ||
1568 | * @ecryptfs_dentry: The eCryptfs dentry | ||
1569 | * @validate_header_size: Whether to validate the header size while reading | ||
1541 | * | 1570 | * |
1542 | * Read/parse the header data. The header format is detailed in the | 1571 | * Read/parse the header data. The header format is detailed in the |
1543 | * comment block for the ecryptfs_write_headers_virt() function. | 1572 | * comment block for the ecryptfs_write_headers_virt() function. |
@@ -1597,9 +1626,13 @@ out: | |||
1597 | 1626 | ||
1598 | /** | 1627 | /** |
1599 | * ecryptfs_read_xattr_region | 1628 | * ecryptfs_read_xattr_region |
1629 | * @page_virt: The vitual address into which to read the xattr data | ||
1630 | * @ecryptfs_dentry: The eCryptfs dentry | ||
1600 | * | 1631 | * |
1601 | * Attempts to read the crypto metadata from the extended attribute | 1632 | * Attempts to read the crypto metadata from the extended attribute |
1602 | * region of the lower file. | 1633 | * region of the lower file. |
1634 | * | ||
1635 | * Returns zero on success; non-zero on error | ||
1603 | */ | 1636 | */ |
1604 | int ecryptfs_read_xattr_region(char *page_virt, struct dentry *ecryptfs_dentry) | 1637 | int ecryptfs_read_xattr_region(char *page_virt, struct dentry *ecryptfs_dentry) |
1605 | { | 1638 | { |
@@ -1638,6 +1671,8 @@ out: | |||
1638 | 1671 | ||
1639 | /** | 1672 | /** |
1640 | * ecryptfs_read_metadata | 1673 | * ecryptfs_read_metadata |
1674 | * @ecryptfs_dentry: The eCryptfs dentry | ||
1675 | * @lower_file: The lower file from which to read the metadata | ||
1641 | * | 1676 | * |
1642 | * Common entry point for reading file metadata. From here, we could | 1677 | * Common entry point for reading file metadata. From here, we could |
1643 | * retrieve the header information from the header region of the file, | 1678 | * retrieve the header information from the header region of the file, |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 778bdf9e0502..e9cda7afe6be 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -71,7 +71,7 @@ int process_request_key_err(long err_code) | |||
71 | * address; zero on error | 71 | * address; zero on error |
72 | * @length_size: The number of bytes occupied by the encoded length | 72 | * @length_size: The number of bytes occupied by the encoded length |
73 | * | 73 | * |
74 | * Returns Zero on success | 74 | * Returns zero on success; non-zero on error |
75 | */ | 75 | */ |
76 | static int parse_packet_length(unsigned char *data, size_t *size, | 76 | static int parse_packet_length(unsigned char *data, size_t *size, |
77 | size_t *length_size) | 77 | size_t *length_size) |
@@ -106,11 +106,11 @@ out: | |||
106 | 106 | ||
107 | /** | 107 | /** |
108 | * write_packet_length | 108 | * write_packet_length |
109 | * @dest: The byte array target into which to write the | 109 | * @dest: The byte array target into which to write the length. Must |
110 | * length. Must have at least 5 bytes allocated. | 110 | * have at least 5 bytes allocated. |
111 | * @size: The length to write. | 111 | * @size: The length to write. |
112 | * @packet_size_length: The number of bytes used to encode the | 112 | * @packet_size_length: The number of bytes used to encode the packet |
113 | * packet length is written to this address. | 113 | * length is written to this address. |
114 | * | 114 | * |
115 | * Returns zero on success; non-zero on error. | 115 | * Returns zero on success; non-zero on error. |
116 | */ | 116 | */ |
@@ -397,10 +397,11 @@ out: | |||
397 | } | 397 | } |
398 | 398 | ||
399 | /** | 399 | /** |
400 | * decrypt_pki_encrypted_session_key - Decrypt the session key with | 400 | * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok. |
401 | * the given auth_tok. | 401 | * @auth_tok: The key authentication token used to decrypt the session key |
402 | * @crypt_stat: The cryptographic context | ||
402 | * | 403 | * |
403 | * Returns Zero on success; non-zero error otherwise. | 404 | * Returns zero on success; non-zero error otherwise. |
404 | */ | 405 | */ |
405 | static int | 406 | static int |
406 | decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | 407 | decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
@@ -484,18 +485,18 @@ struct kmem_cache *ecryptfs_auth_tok_list_item_cache; | |||
484 | 485 | ||
485 | /** | 486 | /** |
486 | * parse_tag_1_packet | 487 | * parse_tag_1_packet |
487 | * @crypt_stat: The cryptographic context to modify based on packet | 488 | * @crypt_stat: The cryptographic context to modify based on packet contents |
488 | * contents. | ||
489 | * @data: The raw bytes of the packet. | 489 | * @data: The raw bytes of the packet. |
490 | * @auth_tok_list: eCryptfs parses packets into authentication tokens; | 490 | * @auth_tok_list: eCryptfs parses packets into authentication tokens; |
491 | * a new authentication token will be placed at the end | 491 | * a new authentication token will be placed at the |
492 | * of this list for this packet. | 492 | * end of this list for this packet. |
493 | * @new_auth_tok: Pointer to a pointer to memory that this function | 493 | * @new_auth_tok: Pointer to a pointer to memory that this function |
494 | * allocates; sets the memory address of the pointer to | 494 | * allocates; sets the memory address of the pointer to |
495 | * NULL on error. This object is added to the | 495 | * NULL on error. This object is added to the |
496 | * auth_tok_list. | 496 | * auth_tok_list. |
497 | * @packet_size: This function writes the size of the parsed packet | 497 | * @packet_size: This function writes the size of the parsed packet |
498 | * into this memory location; zero on error. | 498 | * into this memory location; zero on error. |
499 | * @max_packet_size: The maximum allowable packet size | ||
499 | * | 500 | * |
500 | * Returns zero on success; non-zero on error. | 501 | * Returns zero on success; non-zero on error. |
501 | */ | 502 | */ |
@@ -996,10 +997,11 @@ ecryptfs_find_auth_tok_for_sig( | |||
996 | } | 997 | } |
997 | 998 | ||
998 | /** | 999 | /** |
999 | * decrypt_passphrase_encrypted_session_key - Decrypt the session key | 1000 | * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok. |
1000 | * with the given auth_tok. | 1001 | * @auth_tok: The passphrase authentication token to use to encrypt the FEK |
1002 | * @crypt_stat: The cryptographic context | ||
1001 | * | 1003 | * |
1002 | * Returns Zero on success; non-zero error otherwise. | 1004 | * Returns zero on success; non-zero error otherwise |
1003 | */ | 1005 | */ |
1004 | static int | 1006 | static int |
1005 | decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | 1007 | decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
@@ -1102,8 +1104,9 @@ int ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok) | |||
1102 | 1104 | ||
1103 | /** | 1105 | /** |
1104 | * ecryptfs_parse_packet_set | 1106 | * ecryptfs_parse_packet_set |
1105 | * @dest: The header page in memory | 1107 | * @crypt_stat: The cryptographic context |
1106 | * @version: Version of file format, to guide parsing behavior | 1108 | * @src: Virtual address of region of memory containing the packets |
1109 | * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set | ||
1107 | * | 1110 | * |
1108 | * Get crypt_stat to have the file's session key if the requisite key | 1111 | * Get crypt_stat to have the file's session key if the requisite key |
1109 | * is available to decrypt the session key. | 1112 | * is available to decrypt the session key. |
@@ -1354,7 +1357,10 @@ out: | |||
1354 | /** | 1357 | /** |
1355 | * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet | 1358 | * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet |
1356 | * @dest: Buffer into which to write the packet | 1359 | * @dest: Buffer into which to write the packet |
1357 | * @max: Maximum number of bytes that can be writtn | 1360 | * @remaining_bytes: Maximum number of bytes that can be writtn |
1361 | * @auth_tok: The authentication token used for generating the tag 1 packet | ||
1362 | * @crypt_stat: The cryptographic context | ||
1363 | * @key_rec: The key record struct for the tag 1 packet | ||
1358 | * @packet_size: This function will write the number of bytes that end | 1364 | * @packet_size: This function will write the number of bytes that end |
1359 | * up constituting the packet; set to zero on error | 1365 | * up constituting the packet; set to zero on error |
1360 | * | 1366 | * |
@@ -1441,7 +1447,7 @@ out: | |||
1441 | /** | 1447 | /** |
1442 | * write_tag_11_packet | 1448 | * write_tag_11_packet |
1443 | * @dest: Target into which Tag 11 packet is to be written | 1449 | * @dest: Target into which Tag 11 packet is to be written |
1444 | * @max: Maximum packet length | 1450 | * @remaining_bytes: Maximum packet length |
1445 | * @contents: Byte array of contents to copy in | 1451 | * @contents: Byte array of contents to copy in |
1446 | * @contents_length: Number of bytes in contents | 1452 | * @contents_length: Number of bytes in contents |
1447 | * @packet_length: Length of the Tag 11 packet written; zero on error | 1453 | * @packet_length: Length of the Tag 11 packet written; zero on error |
@@ -1501,7 +1507,7 @@ write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents, | |||
1501 | /** | 1507 | /** |
1502 | * write_tag_3_packet | 1508 | * write_tag_3_packet |
1503 | * @dest: Buffer into which to write the packet | 1509 | * @dest: Buffer into which to write the packet |
1504 | * @max: Maximum number of bytes that can be written | 1510 | * @remaining_bytes: Maximum number of bytes that can be written |
1505 | * @auth_tok: Authentication token | 1511 | * @auth_tok: Authentication token |
1506 | * @crypt_stat: The cryptographic context | 1512 | * @crypt_stat: The cryptographic context |
1507 | * @key_rec: encrypted key | 1513 | * @key_rec: encrypted key |
@@ -1707,7 +1713,7 @@ struct kmem_cache *ecryptfs_key_record_cache; | |||
1707 | 1713 | ||
1708 | /** | 1714 | /** |
1709 | * ecryptfs_generate_key_packet_set | 1715 | * ecryptfs_generate_key_packet_set |
1710 | * @dest: Virtual address from which to write the key record set | 1716 | * @dest_base: Virtual address from which to write the key record set |
1711 | * @crypt_stat: The cryptographic context from which the | 1717 | * @crypt_stat: The cryptographic context from which the |
1712 | * authentication tokens will be retrieved | 1718 | * authentication tokens will be retrieved |
1713 | * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat | 1719 | * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat |