[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1309175148-6651-8-git-send-email-roberto.sassu@polito.it>
Date: Mon, 27 Jun 2011 13:45:45 +0200
From: Roberto Sassu <roberto.sassu@...ito.it>
To: linux-security-module@...r.kernel.org
Cc: keyrings@...ux-nfs.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, dhowells@...hat.com,
jmorris@...ei.org, zohar@...ux.vnet.ibm.com,
safford@...son.ibm.com, ramunno@...ito.it,
tyhicks@...ux.vnet.ibm.com, kirkland@...onical.com,
ecryptfs-devel@...ts.launchpad.net,
Roberto Sassu <roberto.sassu@...ito.it>
Subject: [PATCH v5 7/7] eCryptfs: added support for the encrypted key type
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.
Signed-off-by: Roberto Sassu <roberto.sassu@...ito.it>
Acked-by: Gianluca Ramunno <ramunno@...ito.it>
Acked-by: Tyler Hicks <tyhicks@...ux.vnet.ibm.com>
---
fs/ecryptfs/ecryptfs_kernel.h | 41 +++++++++++++++++++++++++++++++++++++++--
fs/ecryptfs/keystore.c | 13 ++++++++-----
2 files changed, 47 insertions(+), 7 deletions(-)
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index bb8ec5d..b36c557 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -29,6 +29,7 @@
#define ECRYPTFS_KERNEL_H
#include <keys/user-type.h>
+#include <keys/encrypted-type.h>
#include <linux/fs.h>
#include <linux/fs_stack.h>
#include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
} param;
};
+#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+ if (key->type == &key_type_encrypted)
+ return (struct ecryptfs_auth_tok *)
+ (&((struct encrypted_key_payload *)key->payload.data)->payload_data);
+ else
+ return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+ return request_key(&key_type_encrypted, sig, NULL);
+}
+
+#else
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+ return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+ return ERR_PTR(-ENOKEY);
+}
+
+#endif /* CONFIG_ENCRYPTED_KEYS */
+
static inline struct ecryptfs_auth_tok *
ecryptfs_get_key_payload_data(struct key *key)
{
- return (struct ecryptfs_auth_tok *)
- (((struct user_key_payload*)key->payload.data)->data);
+ struct ecryptfs_auth_tok *auth_tok;
+
+ auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
+ if (!auth_tok)
+ return (struct ecryptfs_auth_tok *)
+ (((struct user_key_payload *)key->payload.data)->data);
+ else
+ return auth_tok;
}
#define ECRYPTFS_MAX_KEYSET_SIZE 1024
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 27a7fef..2cff13a 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
- printk(KERN_ERR "Could not find key with description: [%s]\n",
- sig);
- rc = process_request_key_err(PTR_ERR(*auth_tok_key));
- (*auth_tok_key) = NULL;
- goto out;
+ (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
+ if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
+ printk(KERN_ERR "Could not find key with description: [%s]\n",
+ sig);
+ rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+ (*auth_tok_key) = NULL;
+ goto out;
+ }
}
down_write(&(*auth_tok_key)->sem);
rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
--
1.7.4.4
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (2061 bytes)
Powered by blists - more mailing lists