eCryptfs: added support for the encrypted key type

The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index bb8ec5d4301c07b6775bef03af3075ff23605ebe..b36c5572b3f3739c1cae2d970d14196ed10d8ceb 100644 (file)
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -29,6 +29,7 @@
 #define ECRYPTFS_KERNEL_H
 
 #include <keys/user-type.h>
+#include <keys/encrypted-type.h>
 #include <linux/fs.h>
 #include <linux/fs_stack.h>
 #include <linux/namei.h>
@@ -78,11 +79,47 @@ struct ecryptfs_page_crypt_context {
        } param;
 };
 
+#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+       if (key->type == &key_type_encrypted)
+               return (struct ecryptfs_auth_tok *)
+                       (&((struct encrypted_key_payload *)key->payload.data)->payload_data);
+       else
+               return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+       return request_key(&key_type_encrypted, sig, NULL);
+}
+
+#else
+static inline struct ecryptfs_auth_tok *
+ecryptfs_get_encrypted_key_payload_data(struct key *key)
+{
+       return NULL;
+}
+
+static inline struct key *ecryptfs_get_encrypted_key(char *sig)
+{
+       return ERR_PTR(-ENOKEY);
+}
+
+#endif /* CONFIG_ENCRYPTED_KEYS */
+
 static inline struct ecryptfs_auth_tok *
 ecryptfs_get_key_payload_data(struct key *key)
 {
-       return (struct ecryptfs_auth_tok *)
-               (((struct user_key_payload*)key->payload.data)->data);
+       struct ecryptfs_auth_tok *auth_tok;
+
+       auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
+       if (!auth_tok)
+               return (struct ecryptfs_auth_tok *)
+                       (((struct user_key_payload *)key->payload.data)->data);
+       else
+               return auth_tok;
 }
 
 #define ECRYPTFS_MAX_KEYSET_SIZE 1024

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 27a7fefb83eb07f04d092416654b3b3f4142e55d..2cff13ac8937861d54d4f48acd0e850dcf488e2a 100644 (file)
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1635,11 +1635,14 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
 
        (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
        if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
-               printk(KERN_ERR "Could not find key with description: [%s]\n",
-                      sig);
-               rc = process_request_key_err(PTR_ERR(*auth_tok_key));
-               (*auth_tok_key) = NULL;
-               goto out;
+               (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
+               if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
+                       printk(KERN_ERR "Could not find key with description: [%s]\n",
+                             sig);
+                       rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+                       (*auth_tok_key) = NULL;
+                       goto out;
+               }
        }
        down_write(&(*auth_tok_key)->sem);
        rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);