eCryptfs: added support for the encrypted key type

The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order to search keys of both 'user' and 'encrypted' types. Signed-off-by: N Roberto Sassu <roberto.sassu@polito.it> Acked-by: N Gianluca Ramunno <ramunno@polito.it> Acked-by: N Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: N Mimi Zohar <zohar@linux.vnet.ibm.com>

eCryptfs: added support for the encrypted key type
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order to search keys of both 'user' and 'encrypted' types. Signed-off-by: N Roberto Sassu <roberto.sassu@polito.it> Acked-by: N Gianluca Ramunno <ramunno@polito.it> Acked-by: N Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: N Mimi Zohar <zohar@linux.vnet.ibm.com>
1252cc3b · Roberto Sassu · Mimi Zohar · 79a73d18 · 1252cc3b · 1252cc3b
显示空白变更内容
内联并排

Showing with 47 addition and 7 deletion

fs/ecryptfs/ecryptfs_kernel.h fs/ecryptfs/ecryptfs_kernel.h +39 -2

fs/ecryptfs/keystore.c fs/ecryptfs/keystore.c +8 -5

未找到文件。
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -29,6 +29,7 @@
 #define ECRYPTFS_KERNEL_H

 #include <keys/user-type.h>
+#include <keys/encrypted-type.h>
 #include <linux/fs.h>
 #include <linux/fs_stack.h>
 #include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
 	} param;
 };

+#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+	if (key->type == &key_type_encrypted)
+		return (struct ecryptfs_auth_tok *)
+			(&((struct encrypted_key_payload *)key->payload.data)->payload_data);
+	else
+		return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+	return request_key(&key_type_encrypted, sig, NULL);
+}
+
+#else
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+	return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+	return ERR_PTR(-ENOKEY);
+}
+
+#endif /* CONFIG_ENCRYPTED_KEYS */
+
 static inline struct ecryptfs_auth_tok *
 ecryptfs_get_key_payload_data(struct key *key)
 {
+	struct ecryptfs_auth_tok *auth_tok;
+
+	auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
+	if (!auth_tok)
 		return (struct ecryptfs_auth_tok *)
-		(((struct user_key_payload*)key->payload.data)->data);
+			(((struct user_key_payload *)key->payload.data)->data);
+	else
+		return auth_tok;
 }

 #define ECRYPTFS_MAX_KEYSET_SIZE 1024

--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1634,6 +1634,8 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
 	int rc = 0;

 	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
+	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
+		(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
 		if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
 			printk(KERN_ERR "Could not find key with description: [%s]\n",
 			      sig);
@@ -1641,6 +1643,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
 			(*auth_tok_key) = NULL;
 			goto out;
 		}
+	}
 	down_write(&(*auth_tok_key)->sem);
 	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
 	if (rc) {