| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1301395658-28494-7-git-send-email-roberto.sassu@polito.it>
Date: Tue, 29 Mar 2011 12:47:35 +0200
From: Roberto Sassu <roberto.sassu@...ito.it>
To: linux-security-module@...r.kernel.org
Cc: keyrings@...ux-nfs.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, dhowells@...hat.com,
jmorris@...ei.org, zohar@...ux.vnet.ibm.com,
safford@...son.ibm.com, ramunno@...ito.it,
tyhicks@...ux.vnet.ibm.com, kirkland@...onical.com,
ecryptfs-devel@...ts.launchpad.net,
Roberto Sassu <roberto.sassu@...ito.it>
Subject: [PATCH v4 6/6] eCryptfs: added support for the encrypted key type
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.
Signed-off-by: Roberto Sassu <roberto.sassu@...ito.it>
Acked-by: Gianluca Ramunno <ramunno@...ito.it>
Acked-by: Tyler Hicks <tyhicks@...ux.vnet.ibm.com>
---
fs/ecryptfs/ecryptfs_kernel.h | 41 +++++++++++++++++++++++++++++++++++++++--
fs/ecryptfs/keystore.c | 13 ++++++++-----
2 files changed, 47 insertions(+), 7 deletions(-)
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 02e39c8..f7c32d7 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -29,6 +29,7 @@
#define ECRYPTFS_KERNEL_H
#include <keys/user-type.h>
+#include <keys/encrypted-type.h>
#include <linux/fs.h>
#include <linux/fs_stack.h>
#include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
} param;
};
+#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+ if (key->type == &key_type_encrypted)
+ return (struct ecryptfs_auth_tok *)
+ (&((struct encrypted_key_payload *)key->payload.data)->payload_data);
+ else
+ return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+ return request_key(&key_type_encrypted, sig, NULL);
+}
+
+#else
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+ return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+ return ERR_PTR(-ENOKEY);
+}
+
+#endif /* CONFIG_ENCRYPTED_KEYS */
+
static inline struct ecryptfs_auth_tok *
ecryptfs_get_key_payload_data(struct key *key)
{
- return (struct ecryptfs_auth_tok *)
- (((struct user_key_payload*)key->payload.data)->data);
+ struct ecryptfs_auth_tok *auth_tok;
+
+ auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
+ if (!auth_tok)
+ return (struct ecryptfs_auth_tok *)
+ (((struct user_key_payload *)key->payload.data)->data);
+ else
+ return auth_tok;
}
#define ECRYPTFS_MAX_KEYSET_SIZE 1024
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 03e609c..1966d1b 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1639,11 +1639,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
- printk(KERN_ERR "Could not find key with description: [%s]\n",
- sig);
- rc = process_request_key_err(PTR_ERR(*auth_tok_key));
- (*auth_tok_key) = NULL;
- goto out;
+ (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
+ if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
+ printk(KERN_ERR "Could not find key with description: [%s]\n",
+ sig);
+ rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+ (*auth_tok_key) = NULL;
+ goto out;
+ }
}
down_write(&(*auth_tok_key)->sem);
rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
--
1.7.4
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (2061 bytes)
Powered by blists - more mailing lists