]>
Commit | Line | Data |
---|---|---|
62cfa3fd GKH |
1 | From df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 Mon Sep 17 00:00:00 2001 |
2 | From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
3 | Date: Fri, 21 Aug 2009 04:27:46 -0500 | |
4 | Subject: eCryptfs: Filename encryption only supports password auth tokens | |
5 | ||
6 | From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
7 | ||
8 | commit df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 upstream. | |
9 | ||
10 | Returns -ENOTSUPP when attempting to use filename encryption with | |
11 | something other than a password authentication token, such as a private | |
12 | token from openssl. Using filename encryption with a userspace eCryptfs | |
13 | key module is a future goal. Until then, this patch handles the | |
14 | situation a little better than simply using a BUG_ON(). | |
15 | ||
16 | Acked-by: Serge Hallyn <serue@us.ibm.com> | |
17 | Cc: ecryptfs-devel@lists.launchpad.net | |
18 | Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
19 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
20 | ||
21 | --- | |
22 | fs/ecryptfs/crypto.c | 4 ++-- | |
23 | fs/ecryptfs/keystore.c | 14 ++++++++++++-- | |
24 | 2 files changed, 14 insertions(+), 4 deletions(-) | |
25 | ||
26 | --- a/fs/ecryptfs/crypto.c | |
27 | +++ b/fs/ecryptfs/crypto.c | |
28 | @@ -1703,7 +1703,7 @@ ecryptfs_encrypt_filename(struct ecryptf | |
29 | } else { | |
30 | printk(KERN_ERR "%s: No support for requested filename " | |
31 | "encryption method in this release\n", __func__); | |
32 | - rc = -ENOTSUPP; | |
33 | + rc = -EOPNOTSUPP; | |
34 | goto out; | |
35 | } | |
36 | out: | |
37 | @@ -2167,7 +2167,7 @@ int ecryptfs_encrypt_and_encode_filename | |
38 | (*encoded_name)[(*encoded_name_size)] = '\0'; | |
39 | (*encoded_name_size)++; | |
40 | } else { | |
41 | - rc = -ENOTSUPP; | |
42 | + rc = -EOPNOTSUPP; | |
43 | } | |
44 | if (rc) { | |
45 | printk(KERN_ERR "%s: Error attempting to encode " | |
46 | --- a/fs/ecryptfs/keystore.c | |
47 | +++ b/fs/ecryptfs/keystore.c | |
48 | @@ -612,7 +612,12 @@ ecryptfs_write_tag_70_packet(char *dest, | |
49 | } | |
50 | /* TODO: Support other key modules than passphrase for | |
51 | * filename encryption */ | |
52 | - BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); | |
53 | + if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | |
54 | + rc = -EOPNOTSUPP; | |
55 | + printk(KERN_INFO "%s: Filename encryption only supports " | |
56 | + "password tokens\n", __func__); | |
57 | + goto out_free_unlock; | |
58 | + } | |
59 | sg_init_one( | |
60 | &s->hash_sg, | |
61 | (u8 *)s->auth_tok->token.password.session_key_encryption_key, | |
62 | @@ -910,7 +915,12 @@ ecryptfs_parse_tag_70_packet(char **file | |
63 | } | |
64 | /* TODO: Support other key modules than passphrase for | |
65 | * filename encryption */ | |
66 | - BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); | |
67 | + if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | |
68 | + rc = -EOPNOTSUPP; | |
69 | + printk(KERN_INFO "%s: Filename encryption only supports " | |
70 | + "password tokens\n", __func__); | |
71 | + goto out_free_unlock; | |
72 | + } | |
73 | rc = crypto_blkcipher_setkey( | |
74 | s->desc.tfm, | |
75 | s->auth_tok->token.password.session_key_encryption_key, |