eCryptfs: added support for the encrypted key type
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order to search keys of both 'user' and 'encrypted' types. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
79a73d1887
commit
1252cc3b23
@ -29,6 +29,7 @@
|
||||
#define ECRYPTFS_KERNEL_H
|
||||
|
||||
#include <keys/user-type.h>
|
||||
#include <keys/encrypted-type.h>
|
||||
#include <linux/fs.h>
|
||||
#include <linux/fs_stack.h>
|
||||
#include <linux/namei.h>
|
||||
@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
|
||||
} param;
|
||||
};
|
||||
|
||||
#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
|
||||
static inline struct ecryptfs_auth_tok *
|
||||
ecryptfs_get_encrypted_key_payload_data(struct key *key)
|
||||
{
|
||||
if (key->type == &key_type_encrypted)
|
||||
return (struct ecryptfs_auth_tok *)
|
||||
(&((struct encrypted_key_payload *)key->payload.data)->payload_data);
|
||||
else
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline struct key *ecryptfs_get_encrypted_key(char *sig)
|
||||
{
|
||||
return request_key(&key_type_encrypted, sig, NULL);
|
||||
}
|
||||
|
||||
#else
|
||||
static inline struct ecryptfs_auth_tok *
|
||||
ecryptfs_get_encrypted_key_payload_data(struct key *key)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline struct key *ecryptfs_get_encrypted_key(char *sig)
|
||||
{
|
||||
return ERR_PTR(-ENOKEY);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_ENCRYPTED_KEYS */
|
||||
|
||||
static inline struct ecryptfs_auth_tok *
|
||||
ecryptfs_get_key_payload_data(struct key *key)
|
||||
{
|
||||
return (struct ecryptfs_auth_tok *)
|
||||
(((struct user_key_payload*)key->payload.data)->data);
|
||||
struct ecryptfs_auth_tok *auth_tok;
|
||||
|
||||
auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
|
||||
if (!auth_tok)
|
||||
return (struct ecryptfs_auth_tok *)
|
||||
(((struct user_key_payload *)key->payload.data)->data);
|
||||
else
|
||||
return auth_tok;
|
||||
}
|
||||
|
||||
#define ECRYPTFS_MAX_KEYSET_SIZE 1024
|
||||
|
@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
|
||||
|
||||
(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
|
||||
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
|
||||
printk(KERN_ERR "Could not find key with description: [%s]\n",
|
||||
sig);
|
||||
rc = process_request_key_err(PTR_ERR(*auth_tok_key));
|
||||
(*auth_tok_key) = NULL;
|
||||
goto out;
|
||||
(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
|
||||
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
|
||||
printk(KERN_ERR "Could not find key with description: [%s]\n",
|
||||
sig);
|
||||
rc = process_request_key_err(PTR_ERR(*auth_tok_key));
|
||||
(*auth_tok_key) = NULL;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
down_write(&(*auth_tok_key)->sem);
|
||||
rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
|
||||
|
Loading…
Reference in New Issue
Block a user