Commit 84814d64 authored by Tyler Hicks's avatar Tyler Hicks Committed by Linus Torvalds
Browse files

eCryptfs: don't encrypt file key with filename key 



eCryptfs has file encryption keys (FEK), file encryption key encryption
keys (FEKEK), and filename encryption keys (FNEK).  The per-file FEK is
encrypted with one or more FEKEKs and stored in the header of the
encrypted file.  I noticed that the FEK is also being encrypted by the
FNEK.  This is a problem if a user wants to use a different FNEK than
their FEKEK, as their file contents will still be accessible with the
FNEK.

This is a minimalistic patch which prevents the FNEKs signatures from
being copied to the inode signatures list.  Ultimately, it keeps the FEK
from being encrypted with a FNEK.

Signed-off-by: default avatarTyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Acked-by: default avatarDustin Kirkland <kirkland@canonical.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 15e7b876

fs/ecryptfs/crypto.c

+2 −0
Original line number Diff line number Diff line
@@ -946,6 +946,8 @@ static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( 
	list_for_each_entry(global_auth_tok,

			    &mount_crypt_stat->global_auth_tok_list,

			    mount_crypt_stat_list) {

		if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)

			continue;

		rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);

		if (rc) {

			printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);

fs/ecryptfs/ecryptfs_kernel.h

+2 −1
Original line number Diff line number Diff line
@@ -328,6 +328,7 @@ struct ecryptfs_dentry_info { 
 */

struct ecryptfs_global_auth_tok {

#define ECRYPTFS_AUTH_TOK_INVALID 0x00000001

#define ECRYPTFS_AUTH_TOK_FNEK    0x00000002

	u32 flags;

	struct list_head mount_crypt_stat_list;

	struct key *global_auth_tok_key;
@@ -696,7 +697,7 @@ ecryptfs_write_header_metadata(char *virt, 
int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig);

int

ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,

			   char *sig);

			   char *sig, u32 global_auth_tok_flags);

int ecryptfs_get_global_auth_tok_for_sig(

	struct ecryptfs_global_auth_tok **global_auth_tok,

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig);

fs/ecryptfs/keystore.c

+2 −1
Original line number Diff line number Diff line
@@ -2375,7 +2375,7 @@ struct kmem_cache *ecryptfs_global_auth_tok_cache; 


int

ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,

			     char *sig)

			     char *sig, u32 global_auth_tok_flags)

{

	struct ecryptfs_global_auth_tok *new_auth_tok;

	int rc = 0;
@@ -2389,6 +2389,7 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 
		goto out;

	}

	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);

	new_auth_tok->flags = global_auth_tok_flags;

	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	list_add(&new_auth_tok->mount_crypt_stat_list,

fs/ecryptfs/main.c

+3 −2
Original line number Diff line number Diff line
@@ -319,7 +319,7 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) 
		case ecryptfs_opt_ecryptfs_sig:

			sig_src = args[0].from;

			rc = ecryptfs_add_global_auth_tok(mount_crypt_stat,

							  sig_src);

							  sig_src, 0);

			if (rc) {

				printk(KERN_ERR "Error attempting to register "

				       "global sig; rc = [%d]\n", rc);
@@ -370,7 +370,8 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) 
				ECRYPTFS_SIG_SIZE_HEX] = '\0';

			rc = ecryptfs_add_global_auth_tok(

				mount_crypt_stat,

				mount_crypt_stat->global_default_fnek_sig);

				mount_crypt_stat->global_default_fnek_sig,

				ECRYPTFS_AUTH_TOK_FNEK);

			if (rc) {

				printk(KERN_ERR "Error attempting to register "

				       "global fnek sig [%s]; rc = [%d]\n",

CRA Git | Maintained and supported by SUSTech CRA and CCSE