From aee683b9e77e17237b0e146025c3d363c9203634 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Wed, 6 Oct 2010 18:31:06 +0200 Subject: ecryptfs: release keys loaded in ecryptfs_keyring_auth_tok_for_sig() This patch allows keys requested in the function ecryptfs_keyring_auth_tok_for_sig()to be released when they are no longer required. In particular keys are directly released in the same function if the obtained authentication token is not valid. Further, a new function parameter 'auth_tok_key' has been added to ecryptfs_find_auth_tok_for_sig() in order to provide callers the key pointer to be passed to key_put(). Signed-off-by: Roberto Sassu Cc: Dustin Kirkland Cc: James Morris [Tyler: Initialize auth_tok_key to NULL in ecryptfs_parse_packet_set] Signed-off-by: Tyler Hicks --- fs/ecryptfs/keystore.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'fs/ecryptfs/keystore.c') diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 73811cfa2ea4..b85c6a7770a8 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -446,6 +446,7 @@ out: */ static int ecryptfs_find_auth_tok_for_sig( + struct key **auth_tok_key, struct ecryptfs_auth_tok **auth_tok, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) @@ -453,12 +454,12 @@ ecryptfs_find_auth_tok_for_sig( struct ecryptfs_global_auth_tok *global_auth_tok; int rc = 0; + (*auth_tok_key) = NULL; (*auth_tok) = NULL; if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, mount_crypt_stat, sig)) { - struct key *auth_tok_key; - rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok, + rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok, sig); } else (*auth_tok) = global_auth_tok->global_auth_tok; @@ -509,6 +510,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, char *filename, size_t filename_size) { struct ecryptfs_write_tag_70_packet_silly_stack *s; + struct key *auth_tok_key = NULL; int rc = 0; s = kmalloc(sizeof(*s), GFP_KERNEL); @@ -606,6 +608,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, } dest[s->i++] = s->cipher_code; rc = ecryptfs_find_auth_tok_for_sig( + &auth_tok_key, &s->auth_tok, mount_crypt_stat, mount_crypt_stat->global_default_fnek_sig); if (rc) { @@ -753,6 +756,8 @@ out_free_unlock: out_unlock: mutex_unlock(s->tfm_mutex); out: + if (auth_tok_key) + key_put(auth_tok_key); kfree(s); return rc; } @@ -798,6 +803,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, char *data, size_t max_packet_size) { struct ecryptfs_parse_tag_70_packet_silly_stack *s; + struct key *auth_tok_key = NULL; int rc = 0; (*packet_size) = 0; @@ -910,7 +916,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, * >= ECRYPTFS_MAX_IV_BYTES. */ memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); s->desc.info = s->iv; - rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat, + rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, + &s->auth_tok, mount_crypt_stat, s->fnek_sig_hex); if (rc) { printk(KERN_ERR "%s: Error attempting to find auth tok for " @@ -986,6 +993,8 @@ out: (*filename_size) = 0; (*filename) = NULL; } + if (auth_tok_key) + key_put(auth_tok_key); kfree(s); return rc; } @@ -1557,14 +1566,19 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR); rc = -EINVAL; - goto out; + goto out_release_key; } if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) { printk(KERN_ERR "Invalid auth_tok structure " "returned from key query\n"); rc = -EINVAL; - goto out; + goto out_release_key; + } +out_release_key: + if (rc) { + key_put(*auth_tok_key); + (*auth_tok_key) = NULL; } out: return rc; @@ -1688,6 +1702,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_auth_tok_list_item *auth_tok_list_item; size_t tag_11_contents_size; size_t tag_11_packet_size; + struct key *auth_tok_key = NULL; int rc = 0; INIT_LIST_HEAD(&auth_tok_list); @@ -1784,6 +1799,10 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, * just one will be sufficient to decrypt to get the FEK. */ find_next_matching_auth_tok: found_auth_tok = 0; + if (auth_tok_key) { + key_put(auth_tok_key); + auth_tok_key = NULL; + } list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) { candidate_auth_tok = &auth_tok_list_item->auth_tok; if (unlikely(ecryptfs_verbosity > 0)) { @@ -1800,7 +1819,8 @@ find_next_matching_auth_tok: rc = -EINVAL; goto out_wipe_list; } - ecryptfs_find_auth_tok_for_sig(&matching_auth_tok, + ecryptfs_find_auth_tok_for_sig(&auth_tok_key, + &matching_auth_tok, crypt_stat->mount_crypt_stat, candidate_auth_tok_sig); if (matching_auth_tok) { @@ -1866,6 +1886,8 @@ found_matching_auth_tok: out_wipe_list: wipe_auth_tok_list(&auth_tok_list); out: + if (auth_tok_key) + key_put(auth_tok_key); return rc; } -- cgit v1.2.2 From 39fac853a758306285404368fbe392408057b136 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Wed, 6 Oct 2010 18:31:15 +0200 Subject: ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig() This patch replaces the check of the 'matching_auth_tok' pointer with the exit status of ecryptfs_find_auth_tok_for_sig(). This avoids to use authentication tokens obtained through the function ecryptfs_keyring_auth_tok_for_sig which are not valid. Signed-off-by: Roberto Sassu Cc: Dustin Kirkland Cc: James Morris Signed-off-by: Tyler Hicks --- fs/ecryptfs/keystore.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/ecryptfs/keystore.c') diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index b85c6a7770a8..e7f029f00c6b 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1819,11 +1819,11 @@ find_next_matching_auth_tok: rc = -EINVAL; goto out_wipe_list; } - ecryptfs_find_auth_tok_for_sig(&auth_tok_key, + rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, &matching_auth_tok, crypt_stat->mount_crypt_stat, candidate_auth_tok_sig); - if (matching_auth_tok) { + if (!rc) { found_auth_tok = 1; goto found_matching_auth_tok; } -- cgit v1.2.2 From f16feb5119a87f5e683be7e8916c060abfb0e8d6 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Wed, 6 Oct 2010 18:31:32 +0200 Subject: ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to force ecryptfs to use only authentication tokens which signature has been specified at mount time with parameters 'ecryptfs_sig' and 'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and the encrypted view modes, it's possible to make available to users only files encrypted with the specified authentication token. Signed-off-by: Roberto Sassu Cc: Dustin Kirkland Cc: James Morris [Tyler: Clean up coding style errors found by checkpatch] Signed-off-by: Tyler Hicks --- fs/ecryptfs/keystore.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'fs/ecryptfs/keystore.c') diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index e7f029f00c6b..b1f6858a5223 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -459,6 +459,15 @@ ecryptfs_find_auth_tok_for_sig( if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, mount_crypt_stat, sig)) { + /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the + * mount_crypt_stat structure, we prevent to use auth toks that + * are not inserted through the ecryptfs_add_global_auth_tok + * function. + */ + if (mount_crypt_stat->flags + & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY) + return -EINVAL; + rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok, sig); } else -- cgit v1.2.2