GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-29 10:01:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

eCryptfs: added support for the encrypted key type

Browse source 
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Roberto Sassu 2011-06-27 13:45:45 +02:00 committed by Mimi Zohar
parent 79a73d1887
commit 1252cc3b23
2 changed files with 47 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

41
fs/ecryptfs/ecryptfs_kernel.h
View file

@ -29,6 +29,7 @@
#define ECRYPTFS_KERNEL_H #define ECRYPTFS_KERNEL_H
#include <keys/user-type.h> #include <keys/user-type.h>
#include <keys/encrypted-type.h>
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/fs_stack.h> #include <linux/fs_stack.h>
#include <linux/namei.h> #include <linux/namei.h>
@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
} param; } param;
}; };
#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
static inline struct ecryptfs_auth_tok *
ecryptfs_get_encrypted_key_payload_data(struct key *key)
{
if (key->type == &key_type_encrypted)
return (struct ecryptfs_auth_tok *)
(&((struct encrypted_key_payload *)key->payload.data)->payload_data);
else
return NULL;
}
static inline struct key *ecryptfs_get_encrypted_key(char *sig)
{
return request_key(&key_type_encrypted, sig, NULL);
}
#else
static inline struct ecryptfs_auth_tok *
ecryptfs_get_encrypted_key_payload_data(struct key *key)
{
return NULL;
}
static inline struct key *ecryptfs_get_encrypted_key(char *sig)
{
return ERR_PTR(-ENOKEY);
}
#endif /* CONFIG_ENCRYPTED_KEYS */
static inline struct ecryptfs_auth_tok * static inline struct ecryptfs_auth_tok *
ecryptfs_get_key_payload_data(struct key *key) ecryptfs_get_key_payload_data(struct key *key)
{ {
return (struct ecryptfs_auth_tok *) struct ecryptfs_auth_tok *auth_tok;
(((struct user_key_payload*)key->payload.data)->data);
auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
if (!auth_tok)
return (struct ecryptfs_auth_tok *)
(((struct user_key_payload *)key->payload.data)->data);
else
return auth_tok;
} }
#define ECRYPTFS_MAX_KEYSET_SIZE 1024 #define ECRYPTFS_MAX_KEYSET_SIZE 1024

13
fs/ecryptfs/keystore.c
View file

@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
(*auth_tok_key) = request_key(&key_type_user, sig, NULL); (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
printk(KERN_ERR "Could not find key with description: [%s]\n", (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
sig); if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
rc = process_request_key_err(PTR_ERR(*auth_tok_key)); printk(KERN_ERR "Could not find key with description: [%s]\n",
(*auth_tok_key) = NULL; sig);
goto out; rc = process_request_key_err(PTR_ERR(*auth_tok_key));
(*auth_tok_key) = NULL;
goto out;
}
} }
down_write(&(*auth_tok_key)->sem); down_write(&(*auth_tok_key)->sem);
rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok); rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);