[thirdparty/kernel/stable-queue.git] / releases / 2.6.31.2 / ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch

From df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Date: Fri, 21 Aug 2009 04:27:46 -0500
Subject: eCryptfs: Filename encryption only supports password auth tokens

From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

commit df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 upstream.

Returns -ENOTSUPP when attempting to use filename encryption with
something other than a password authentication token, such as a private
token from openssl.  Using filename encryption with a userspace eCryptfs
key module is a future goal.  Until then, this patch handles the
situation a little better than simply using a BUG_ON().

Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: ecryptfs-devel@lists.launchpad.net
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/ecryptfs/crypto.c   |    4 ++--
 fs/ecryptfs/keystore.c |   14 ++++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1703,7 +1703,7 @@ ecryptfs_encrypt_filename(struct ecryptf
 	} else {
 		printk(KERN_ERR "%s: No support for requested filename "
 		       "encryption method in this release\n", __func__);
-		rc = -ENOTSUPP;
+		rc = -EOPNOTSUPP;
 		goto out;
 	}
 out:
@@ -2167,7 +2167,7 @@ int ecryptfs_encrypt_and_encode_filename
 			(*encoded_name)[(*encoded_name_size)] = '\0';
 			(*encoded_name_size)++;
 		} else {
-			rc = -ENOTSUPP;
+			rc = -EOPNOTSUPP;
 		}
 		if (rc) {
 			printk(KERN_ERR "%s: Error attempting to encode "
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -612,7 +612,12 @@ ecryptfs_write_tag_70_packet(char *dest,
 	}
 	/* TODO: Support other key modules than passphrase for
 	 * filename encryption */
-	BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
+	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
+		rc = -EOPNOTSUPP;
+		printk(KERN_INFO "%s: Filename encryption only supports "
+		       "password tokens\n", __func__);
+		goto out_free_unlock;
+	}
 	sg_init_one(
 		&s->hash_sg,
 		(u8 *)s->auth_tok->token.password.session_key_encryption_key,
@@ -910,7 +915,12 @@ ecryptfs_parse_tag_70_packet(char **file
 	}
 	/* TODO: Support other key modules than passphrase for
 	 * filename encryption */
-	BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
+	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
+		rc = -EOPNOTSUPP;
+		printk(KERN_INFO "%s: Filename encryption only supports "
+		       "password tokens\n", __func__);
+		goto out_free_unlock;
+	}
 	rc = crypto_blkcipher_setkey(
 		s->desc.tfm,
 		s->auth_tok->token.password.session_key_encryption_key,
Commit	Line	Data
62cfa3fd GKH	1	From df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 Mon Sep 17 00:00:00 2001
	2	From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	3	Date: Fri, 21 Aug 2009 04:27:46 -0500
	4	Subject: eCryptfs: Filename encryption only supports password auth tokens
	5
	6	From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	7
	8	commit df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 upstream.
	9
	10	Returns -ENOTSUPP when attempting to use filename encryption with
	11	something other than a password authentication token, such as a private
	12	token from openssl. Using filename encryption with a userspace eCryptfs
	13	key module is a future goal. Until then, this patch handles the
	14	situation a little better than simply using a BUG_ON().
	15
	16	Acked-by: Serge Hallyn <serue@us.ibm.com>
	17	Cc: ecryptfs-devel@lists.launchpad.net
	18	Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	19	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	20
	21	---
	22	fs/ecryptfs/crypto.c \| 4 ++--
	23	fs/ecryptfs/keystore.c \| 14 ++++++++++++--
	24	2 files changed, 14 insertions(+), 4 deletions(-)
	25
	26	--- a/fs/ecryptfs/crypto.c
	27	+++ b/fs/ecryptfs/crypto.c
	28	@@ -1703,7 +1703,7 @@ ecryptfs_encrypt_filename(struct ecryptf
	29	} else {
	30	printk(KERN_ERR "%s: No support for requested filename "
	31	"encryption method in this release\n", __func__);
	32	- rc = -ENOTSUPP;
	33	+ rc = -EOPNOTSUPP;
	34	goto out;
	35	}
	36	out:
	37	@@ -2167,7 +2167,7 @@ int ecryptfs_encrypt_and_encode_filename
	38	(encoded_name)[(encoded_name_size)] = '\0';
	39	(*encoded_name_size)++;
	40	} else {
	41	- rc = -ENOTSUPP;
	42	+ rc = -EOPNOTSUPP;
	43	}
	44	if (rc) {
	45	printk(KERN_ERR "%s: Error attempting to encode "
	46	--- a/fs/ecryptfs/keystore.c
	47	+++ b/fs/ecryptfs/keystore.c
	48	@@ -612,7 +612,12 @@ ecryptfs_write_tag_70_packet(char *dest,
	49	}
	50	/* TODO: Support other key modules than passphrase for
	51	* filename encryption */
	52	- BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
	53	+ if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
	54	+ rc = -EOPNOTSUPP;
	55	+ printk(KERN_INFO "%s: Filename encryption only supports "
	56	+ "password tokens\n", __func__);
	57	+ goto out_free_unlock;
	58	+ }
	59	sg_init_one(
	60	&s->hash_sg,
	61	(u8 *)s->auth_tok->token.password.session_key_encryption_key,
	62	@@ -910,7 +915,12 @@ ecryptfs_parse_tag_70_packet(char **file
	63	}
	64	/* TODO: Support other key modules than passphrase for
65	* filename encryption */
66	- BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
67	+ if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
68	+ rc = -EOPNOTSUPP;
69	+ printk(KERN_INFO "%s: Filename encryption only supports "
70	+ "password tokens\n", __func__);
71	+ goto out_free_unlock;
72	+ }
73	rc = crypto_blkcipher_setkey(
74	s->desc.tfm,
75	s->auth_tok->token.password.session_key_encryption_key,