aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
Diffstat (limited to 'fs')
-rw-r--r--fs/ecryptfs/crypto.c69
-rw-r--r--fs/ecryptfs/keystore.c48
2 files changed, 79 insertions, 38 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 6051dbfad0d3..7aa2f48978de 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -722,6 +722,11 @@ out:
722 722
723/** 723/**
724 * decrypt_scatterlist 724 * decrypt_scatterlist
725 * @crypt_stat: Cryptographic context
726 * @dest_sg: The destination scatterlist to decrypt into
727 * @src_sg: The source scatterlist to decrypt from
728 * @size: The number of bytes to decrypt
729 * @iv: The initialization vector to use for the decryption
725 * 730 *
726 * Returns the number of bytes decrypted; negative value on error 731 * Returns the number of bytes decrypted; negative value on error
727 */ 732 */
@@ -763,6 +768,13 @@ out:
763 768
764/** 769/**
765 * ecryptfs_encrypt_page_offset 770 * ecryptfs_encrypt_page_offset
771 * @crypt_stat: The cryptographic context
772 * @dst_page: The page to encrypt into
773 * @dst_offset: The offset in the page to encrypt into
774 * @src_page: The page to encrypt from
775 * @src_offset: The offset in the page to encrypt from
776 * @size: The number of bytes to encrypt
777 * @iv: The initialization vector to use for the encryption
766 * 778 *
767 * Returns the number of bytes encrypted 779 * Returns the number of bytes encrypted
768 */ 780 */
@@ -785,6 +797,13 @@ ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
785 797
786/** 798/**
787 * ecryptfs_decrypt_page_offset 799 * ecryptfs_decrypt_page_offset
800 * @crypt_stat: The cryptographic context
801 * @dst_page: The page to decrypt into
802 * @dst_offset: The offset in the page to decrypt into
803 * @src_page: The page to decrypt from
804 * @src_offset: The offset in the page to decrypt from
805 * @size: The number of bytes to decrypt
806 * @iv: The initialization vector to use for the decryption
788 * 807 *
789 * Returns the number of bytes decrypted 808 * Returns the number of bytes decrypted
790 */ 809 */
@@ -940,6 +959,8 @@ static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
940 959
941/** 960/**
942 * ecryptfs_copy_mount_wide_flags_to_inode_flags 961 * ecryptfs_copy_mount_wide_flags_to_inode_flags
962 * @crypt_stat: The inode's cryptographic context
963 * @mount_crypt_stat: The mount point's cryptographic context
943 * 964 *
944 * This function propagates the mount-wide flags to individual inode 965 * This function propagates the mount-wide flags to individual inode
945 * flags. 966 * flags.
@@ -980,7 +1001,8 @@ out:
980 1001
981/** 1002/**
982 * ecryptfs_set_default_crypt_stat_vals 1003 * ecryptfs_set_default_crypt_stat_vals
983 * @crypt_stat 1004 * @crypt_stat: The inode's cryptographic context
1005 * @mount_crypt_stat: The mount point's cryptographic context
984 * 1006 *
985 * Default values in the event that policy does not override them. 1007 * Default values in the event that policy does not override them.
986 */ 1008 */
@@ -1000,7 +1022,7 @@ static void ecryptfs_set_default_crypt_stat_vals(
1000 1022
1001/** 1023/**
1002 * ecryptfs_new_file_context 1024 * ecryptfs_new_file_context
1003 * @ecryptfs_dentry 1025 * @ecryptfs_dentry: The eCryptfs dentry
1004 * 1026 *
1005 * If the crypto context for the file has not yet been established, 1027 * If the crypto context for the file has not yet been established,
1006 * this is where we do that. Establishing a new crypto context 1028 * this is where we do that. Establishing a new crypto context
@@ -1017,7 +1039,6 @@ static void ecryptfs_set_default_crypt_stat_vals(
1017 * 1039 *
1018 * Returns zero on success; non-zero otherwise 1040 * Returns zero on success; non-zero otherwise
1019 */ 1041 */
1020/* Associate an authentication token(s) with the file */
1021int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) 1042int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)
1022{ 1043{
1023 struct ecryptfs_crypt_stat *crypt_stat = 1044 struct ecryptfs_crypt_stat *crypt_stat =
@@ -1095,7 +1116,7 @@ static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
1095 1116
1096/** 1117/**
1097 * ecryptfs_process_flags 1118 * ecryptfs_process_flags
1098 * @crypt_stat 1119 * @crypt_stat: The cryptographic context
1099 * @page_virt: Source data to be parsed 1120 * @page_virt: Source data to be parsed
1100 * @bytes_read: Updated with the number of bytes read 1121 * @bytes_read: Updated with the number of bytes read
1101 * 1122 *
@@ -1183,7 +1204,7 @@ ecryptfs_cipher_code_str_map[] = {
1183 1204
1184/** 1205/**
1185 * ecryptfs_code_for_cipher_string 1206 * ecryptfs_code_for_cipher_string
1186 * @str: The string representing the cipher name 1207 * @crypt_stat: The cryptographic context
1187 * 1208 *
1188 * Returns zero on no match, or the cipher code on match 1209 * Returns zero on no match, or the cipher code on match
1189 */ 1210 */
@@ -1241,9 +1262,9 @@ int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code)
1241 1262
1242/** 1263/**
1243 * ecryptfs_read_header_region 1264 * ecryptfs_read_header_region
1244 * @data 1265 * @data: The virtual address to write header region data into
1245 * @dentry 1266 * @dentry: The lower dentry
1246 * @nd 1267 * @mnt: The lower VFS mount
1247 * 1268 *
1248 * Returns zero on success; non-zero otherwise 1269 * Returns zero on success; non-zero otherwise
1249 */ 1270 */
@@ -1315,9 +1336,10 @@ struct kmem_cache *ecryptfs_header_cache_2;
1315 1336
1316/** 1337/**
1317 * ecryptfs_write_headers_virt 1338 * ecryptfs_write_headers_virt
1318 * @page_virt 1339 * @page_virt: The virtual address to write the headers to
1319 * @crypt_stat 1340 * @size: Set to the number of bytes written by this function
1320 * @ecryptfs_dentry 1341 * @crypt_stat: The cryptographic context
1342 * @ecryptfs_dentry: The eCryptfs dentry
1321 * 1343 *
1322 * Format version: 1 1344 * Format version: 1
1323 * 1345 *
@@ -1371,9 +1393,9 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t *size,
1371 return rc; 1393 return rc;
1372} 1394}
1373 1395
1374static int ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, 1396static int
1375 struct file *lower_file, 1397ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat,
1376 char *page_virt) 1398 struct file *lower_file, char *page_virt)
1377{ 1399{
1378 mm_segment_t oldfs; 1400 mm_segment_t oldfs;
1379 int current_header_page; 1401 int current_header_page;
@@ -1415,9 +1437,10 @@ out:
1415 return rc; 1437 return rc;
1416} 1438}
1417 1439
1418static int ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, 1440static int
1419 struct ecryptfs_crypt_stat *crypt_stat, 1441ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1420 char *page_virt, size_t size) 1442 struct ecryptfs_crypt_stat *crypt_stat,
1443 char *page_virt, size_t size)
1421{ 1444{
1422 int rc; 1445 int rc;
1423 1446
@@ -1428,6 +1451,7 @@ static int ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1428 1451
1429/** 1452/**
1430 * ecryptfs_write_metadata 1453 * ecryptfs_write_metadata
1454 * @ecryptfs_dentry: The eCryptfs dentry
1431 * @lower_file: The lower file struct, which was returned from dentry_open 1455 * @lower_file: The lower file struct, which was returned from dentry_open
1432 * 1456 *
1433 * Write the file headers out. This will likely involve a userspace 1457 * Write the file headers out. This will likely involve a userspace
@@ -1525,6 +1549,7 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
1525 1549
1526/** 1550/**
1527 * set_default_header_data 1551 * set_default_header_data
1552 * @crypt_stat: The cryptographic context
1528 * 1553 *
1529 * For version 0 file format; this function is only for backwards 1554 * For version 0 file format; this function is only for backwards
1530 * compatibility for files created with the prior versions of 1555 * compatibility for files created with the prior versions of
@@ -1538,6 +1563,10 @@ static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
1538 1563
1539/** 1564/**
1540 * ecryptfs_read_headers_virt 1565 * ecryptfs_read_headers_virt
1566 * @page_virt: The virtual address into which to read the headers
1567 * @crypt_stat: The cryptographic context
1568 * @ecryptfs_dentry: The eCryptfs dentry
1569 * @validate_header_size: Whether to validate the header size while reading
1541 * 1570 *
1542 * Read/parse the header data. The header format is detailed in the 1571 * Read/parse the header data. The header format is detailed in the
1543 * comment block for the ecryptfs_write_headers_virt() function. 1572 * comment block for the ecryptfs_write_headers_virt() function.
@@ -1597,9 +1626,13 @@ out:
1597 1626
1598/** 1627/**
1599 * ecryptfs_read_xattr_region 1628 * ecryptfs_read_xattr_region
1629 * @page_virt: The vitual address into which to read the xattr data
1630 * @ecryptfs_dentry: The eCryptfs dentry
1600 * 1631 *
1601 * Attempts to read the crypto metadata from the extended attribute 1632 * Attempts to read the crypto metadata from the extended attribute
1602 * region of the lower file. 1633 * region of the lower file.
1634 *
1635 * Returns zero on success; non-zero on error
1603 */ 1636 */
1604int ecryptfs_read_xattr_region(char *page_virt, struct dentry *ecryptfs_dentry) 1637int ecryptfs_read_xattr_region(char *page_virt, struct dentry *ecryptfs_dentry)
1605{ 1638{
@@ -1638,6 +1671,8 @@ out:
1638 1671
1639/** 1672/**
1640 * ecryptfs_read_metadata 1673 * ecryptfs_read_metadata
1674 * @ecryptfs_dentry: The eCryptfs dentry
1675 * @lower_file: The lower file from which to read the metadata
1641 * 1676 *
1642 * Common entry point for reading file metadata. From here, we could 1677 * Common entry point for reading file metadata. From here, we could
1643 * retrieve the header information from the header region of the file, 1678 * retrieve the header information from the header region of the file,
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 778bdf9e0502..e9cda7afe6be 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -71,7 +71,7 @@ int process_request_key_err(long err_code)
71 * address; zero on error 71 * address; zero on error
72 * @length_size: The number of bytes occupied by the encoded length 72 * @length_size: The number of bytes occupied by the encoded length
73 * 73 *
74 * Returns Zero on success 74 * Returns zero on success; non-zero on error
75 */ 75 */
76static int parse_packet_length(unsigned char *data, size_t *size, 76static int parse_packet_length(unsigned char *data, size_t *size,
77 size_t *length_size) 77 size_t *length_size)
@@ -106,11 +106,11 @@ out:
106 106
107/** 107/**
108 * write_packet_length 108 * write_packet_length
109 * @dest: The byte array target into which to write the 109 * @dest: The byte array target into which to write the length. Must
110 * length. Must have at least 5 bytes allocated. 110 * have at least 5 bytes allocated.
111 * @size: The length to write. 111 * @size: The length to write.
112 * @packet_size_length: The number of bytes used to encode the 112 * @packet_size_length: The number of bytes used to encode the packet
113 * packet length is written to this address. 113 * length is written to this address.
114 * 114 *
115 * Returns zero on success; non-zero on error. 115 * Returns zero on success; non-zero on error.
116 */ 116 */
@@ -397,10 +397,11 @@ out:
397} 397}
398 398
399/** 399/**
400 * decrypt_pki_encrypted_session_key - Decrypt the session key with 400 * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
401 * the given auth_tok. 401 * @auth_tok: The key authentication token used to decrypt the session key
402 * @crypt_stat: The cryptographic context
402 * 403 *
403 * Returns Zero on success; non-zero error otherwise. 404 * Returns zero on success; non-zero error otherwise.
404 */ 405 */
405static int 406static int
406decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 407decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
@@ -484,18 +485,18 @@ struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
484 485
485/** 486/**
486 * parse_tag_1_packet 487 * parse_tag_1_packet
487 * @crypt_stat: The cryptographic context to modify based on packet 488 * @crypt_stat: The cryptographic context to modify based on packet contents
488 * contents.
489 * @data: The raw bytes of the packet. 489 * @data: The raw bytes of the packet.
490 * @auth_tok_list: eCryptfs parses packets into authentication tokens; 490 * @auth_tok_list: eCryptfs parses packets into authentication tokens;
491 * a new authentication token will be placed at the end 491 * a new authentication token will be placed at the
492 * of this list for this packet. 492 * end of this list for this packet.
493 * @new_auth_tok: Pointer to a pointer to memory that this function 493 * @new_auth_tok: Pointer to a pointer to memory that this function
494 * allocates; sets the memory address of the pointer to 494 * allocates; sets the memory address of the pointer to
495 * NULL on error. This object is added to the 495 * NULL on error. This object is added to the
496 * auth_tok_list. 496 * auth_tok_list.
497 * @packet_size: This function writes the size of the parsed packet 497 * @packet_size: This function writes the size of the parsed packet
498 * into this memory location; zero on error. 498 * into this memory location; zero on error.
499 * @max_packet_size: The maximum allowable packet size
499 * 500 *
500 * Returns zero on success; non-zero on error. 501 * Returns zero on success; non-zero on error.
501 */ 502 */
@@ -996,10 +997,11 @@ ecryptfs_find_auth_tok_for_sig(
996} 997}
997 998
998/** 999/**
999 * decrypt_passphrase_encrypted_session_key - Decrypt the session key 1000 * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1000 * with the given auth_tok. 1001 * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1002 * @crypt_stat: The cryptographic context
1001 * 1003 *
1002 * Returns Zero on success; non-zero error otherwise. 1004 * Returns zero on success; non-zero error otherwise
1003 */ 1005 */
1004static int 1006static int
1005decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 1007decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
@@ -1102,8 +1104,9 @@ int ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1102 1104
1103/** 1105/**
1104 * ecryptfs_parse_packet_set 1106 * ecryptfs_parse_packet_set
1105 * @dest: The header page in memory 1107 * @crypt_stat: The cryptographic context
1106 * @version: Version of file format, to guide parsing behavior 1108 * @src: Virtual address of region of memory containing the packets
1109 * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1107 * 1110 *
1108 * Get crypt_stat to have the file's session key if the requisite key 1111 * Get crypt_stat to have the file's session key if the requisite key
1109 * is available to decrypt the session key. 1112 * is available to decrypt the session key.
@@ -1354,7 +1357,10 @@ out:
1354/** 1357/**
1355 * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet 1358 * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1356 * @dest: Buffer into which to write the packet 1359 * @dest: Buffer into which to write the packet
1357 * @max: Maximum number of bytes that can be writtn 1360 * @remaining_bytes: Maximum number of bytes that can be writtn
1361 * @auth_tok: The authentication token used for generating the tag 1 packet
1362 * @crypt_stat: The cryptographic context
1363 * @key_rec: The key record struct for the tag 1 packet
1358 * @packet_size: This function will write the number of bytes that end 1364 * @packet_size: This function will write the number of bytes that end
1359 * up constituting the packet; set to zero on error 1365 * up constituting the packet; set to zero on error
1360 * 1366 *
@@ -1441,7 +1447,7 @@ out:
1441/** 1447/**
1442 * write_tag_11_packet 1448 * write_tag_11_packet
1443 * @dest: Target into which Tag 11 packet is to be written 1449 * @dest: Target into which Tag 11 packet is to be written
1444 * @max: Maximum packet length 1450 * @remaining_bytes: Maximum packet length
1445 * @contents: Byte array of contents to copy in 1451 * @contents: Byte array of contents to copy in
1446 * @contents_length: Number of bytes in contents 1452 * @contents_length: Number of bytes in contents
1447 * @packet_length: Length of the Tag 11 packet written; zero on error 1453 * @packet_length: Length of the Tag 11 packet written; zero on error
@@ -1501,7 +1507,7 @@ write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
1501/** 1507/**
1502 * write_tag_3_packet 1508 * write_tag_3_packet
1503 * @dest: Buffer into which to write the packet 1509 * @dest: Buffer into which to write the packet
1504 * @max: Maximum number of bytes that can be written 1510 * @remaining_bytes: Maximum number of bytes that can be written
1505 * @auth_tok: Authentication token 1511 * @auth_tok: Authentication token
1506 * @crypt_stat: The cryptographic context 1512 * @crypt_stat: The cryptographic context
1507 * @key_rec: encrypted key 1513 * @key_rec: encrypted key
@@ -1707,7 +1713,7 @@ struct kmem_cache *ecryptfs_key_record_cache;
1707 1713
1708/** 1714/**
1709 * ecryptfs_generate_key_packet_set 1715 * ecryptfs_generate_key_packet_set
1710 * @dest: Virtual address from which to write the key record set 1716 * @dest_base: Virtual address from which to write the key record set
1711 * @crypt_stat: The cryptographic context from which the 1717 * @crypt_stat: The cryptographic context from which the
1712 * authentication tokens will be retrieved 1718 * authentication tokens will be retrieved
1713 * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat 1719 * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat