eCryptfs: add key list structure; search keyring

ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)

{

	memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));

	INIT_LIST_HEAD(&crypt_stat->keysig_list);

	mutex_init(&crypt_stat->keysig_list_mutex);

	mutex_init(&crypt_stat->cs_mutex);

	mutex_init(&crypt_stat->cs_tfm_mutex);

	mutex_init(&crypt_stat->cs_hash_tfm_mutex);

 */

void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)

{

	struct ecryptfs_key_sig *key_sig, *key_sig_tmp;

	if (crypt_stat->tfm)

		crypto_free_blkcipher(crypt_stat->tfm);

	if (crypt_stat->hash_tfm)

		crypto_free_hash(crypt_stat->hash_tfm);

	mutex_lock(&crypt_stat->keysig_list_mutex);

	list_for_each_entry_safe(key_sig, key_sig_tmp,

				 &crypt_stat->keysig_list, crypt_stat_list) {

		list_del(&key_sig->crypt_stat_list);

		kmem_cache_free(ecryptfs_key_sig_cache, key_sig);

	}

	mutex_unlock(&crypt_stat->keysig_list_mutex);

	memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));

}

void ecryptfs_destruct_mount_crypt_stat(

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)

{

	if (mount_crypt_stat->global_auth_tok_key)

		key_put(mount_crypt_stat->global_auth_tok_key);

	if (mount_crypt_stat->global_key_tfm)

		crypto_free_blkcipher(mount_crypt_stat->global_key_tfm);

	struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp;

	if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))

		return;

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	list_for_each_entry_safe(auth_tok, auth_tok_tmp,

				 &mount_crypt_stat->global_auth_tok_list,

				 mount_crypt_stat_list) {

		list_del(&auth_tok->mount_crypt_stat_list);

		mount_crypt_stat->num_global_auth_toks--;

		if (auth_tok->global_auth_tok_key

		    && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))

			key_put(auth_tok->global_auth_tok_key);

		kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);

	}

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

	memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));

}

		crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;

}

static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(

	struct ecryptfs_crypt_stat *crypt_stat,

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)

{

	struct ecryptfs_global_auth_tok *global_auth_tok;

	int rc = 0;

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	list_for_each_entry(global_auth_tok,

			    &mount_crypt_stat->global_auth_tok_list,

			    mount_crypt_stat_list) {

		rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);

		if (rc) {

			printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);

			mutex_unlock(

				&mount_crypt_stat->global_auth_tok_list_mutex);

			goto out;

		}

	}

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

out:

	return rc;

}

/**

 * ecryptfs_set_default_crypt_stat_vals

 * @crypt_stat

/* Associate an authentication token(s) with the file */

int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)

{

	int rc = 0;

	struct ecryptfs_crypt_stat *crypt_stat =

	    &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =

	    &ecryptfs_superblock_to_private(

		    ecryptfs_dentry->d_sb)->mount_crypt_stat;

	int cipher_name_len;

	int rc = 0;

	ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);

	/* See if there are mount crypt options */

	if (mount_crypt_stat->global_auth_tok) {

		ecryptfs_printk(KERN_DEBUG, "Initializing context for new "

				"file using mount_crypt_stat\n");

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	BUG_ON(mount_crypt_stat->num_global_auth_toks == 0);

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

	crypt_stat->flags |= ECRYPTFS_ENCRYPTED;

	crypt_stat->flags |= ECRYPTFS_KEY_VALID;

	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,

						      mount_crypt_stat);

		memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++],

		       mount_crypt_stat->global_auth_tok_sig,

		       ECRYPTFS_SIG_SIZE_HEX);

	rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,

							 mount_crypt_stat);

	if (rc) {

		printk(KERN_ERR "Error attempting to copy mount-wide key sigs "

		       "to the inode key sigs; rc = [%d]\n", rc);

		goto out;

	}

	cipher_name_len =

		strlen(mount_crypt_stat->global_default_cipher_name);

	memcpy(crypt_stat->cipher,

	crypt_stat->key_size =

		mount_crypt_stat->global_default_cipher_key_size;

	ecryptfs_generate_new_key(crypt_stat);

	} else

		/* We should not encounter this scenario since we

		 * should detect lack of global_auth_tok at mount time

		 * TODO: Applies to 0.1 release only; remove in future

		 * release */

		BUG();

	rc = ecryptfs_init_crypt_ctx(crypt_stat);

	if (rc)

		ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "

				"context for cipher [%s]: rc = [%d]\n",

				crypt_stat->cipher, rc);

out:

	return rc;

}

}

/**

 * ecryptfs_process_cipher - Perform cipher initialization.

 * ecryptfs_process_key_cipher - Perform key cipher initialization.

 * @key_tfm: Crypto context for key material, set by this function

 * @cipher_name: Name of the cipher

 * @key_size: Size of the key in bytes

 * event, regardless of whether this function succeeds for fails.

 */

int

ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name,

			size_t *key_size)

ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,

			    char *cipher_name, size_t *key_size)

{

	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];

	char *full_alg_name;

out:

	return rc;

}

struct kmem_cache *ecryptfs_key_tfm_cache;

struct list_head key_tfm_list;

struct mutex key_tfm_list_mutex;

int ecryptfs_init_crypto(void)

{

	mutex_init(&key_tfm_list_mutex);

	INIT_LIST_HEAD(&key_tfm_list);

	return 0;

}

int ecryptfs_destruct_crypto(void)

{

	struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;

	mutex_lock(&key_tfm_list_mutex);

	list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,

				 key_tfm_list) {

		list_del(&key_tfm->key_tfm_list);

		if (key_tfm->key_tfm)

			crypto_free_blkcipher(key_tfm->key_tfm);

		kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);

	}

	mutex_unlock(&key_tfm_list_mutex);

	return 0;

}

int

ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,

			 size_t key_size)

{

	struct ecryptfs_key_tfm *tmp_tfm;

	int rc = 0;

	tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);

	if (key_tfm != NULL)

		(*key_tfm) = tmp_tfm;

	if (!tmp_tfm) {

		rc = -ENOMEM;

		printk(KERN_ERR "Error attempting to allocate from "

		       "ecryptfs_key_tfm_cache\n");

		goto out;

	}

	mutex_init(&tmp_tfm->key_tfm_mutex);

	strncpy(tmp_tfm->cipher_name, cipher_name,

		ECRYPTFS_MAX_CIPHER_NAME_SIZE);

	tmp_tfm->key_size = key_size;

	if ((rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,

					      tmp_tfm->cipher_name,

					      &tmp_tfm->key_size))) {

		printk(KERN_ERR "Error attempting to initialize key TFM "

		       "cipher with name = [%s]; rc = [%d]\n",

		       tmp_tfm->cipher_name, rc);

		kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);

		if (key_tfm != NULL)

			(*key_tfm) = NULL;

		goto out;

	}

	mutex_lock(&key_tfm_list_mutex);

	list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);

	mutex_unlock(&key_tfm_list_mutex);

out:

	return rc;

}

int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,

					       struct mutex **tfm_mutex,

					       char *cipher_name)

{

	struct ecryptfs_key_tfm *key_tfm;

	int rc = 0;

	(*tfm) = NULL;

	(*tfm_mutex) = NULL;

	mutex_lock(&key_tfm_list_mutex);

	list_for_each_entry(key_tfm, &key_tfm_list, key_tfm_list) {

		if (strcmp(key_tfm->cipher_name, cipher_name) == 0) {

			(*tfm) = key_tfm->key_tfm;

			(*tfm_mutex) = &key_tfm->key_tfm_mutex;

			mutex_unlock(&key_tfm_list_mutex);

			goto out;

		}

	}

	mutex_unlock(&key_tfm_list_mutex);

	if ((rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0))) {

		printk(KERN_ERR "Error adding new key_tfm to list; rc = [%d]\n",

		       rc);

		goto out;

	}

	(*tfm) = key_tfm->key_tfm;

	(*tfm_mutex) = &key_tfm->key_tfm_mutex;

out:

	return rc;

}

#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004

#define ECRYPTFS_VERSIONING_POLICY                0x00000008

#define ECRYPTFS_VERSIONING_XATTR                 0x00000010

#define ECRYPTFS_VERSIONING_MULTKEY               0x00000020

#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \

				  | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \

				  | ECRYPTFS_VERSIONING_PUBKEY \

				  | ECRYPTFS_VERSIONING_XATTR)

				  | ECRYPTFS_VERSIONING_XATTR \

				  | ECRYPTFS_VERSIONING_MULTKEY)

#define ECRYPTFS_MAX_PASSWORD_LENGTH 64

#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH

#define ECRYPTFS_SALT_SIZE 8

struct ecryptfs_auth_tok {

	u16 version; /* 8-bit major and 8-bit minor */

	u16 token_type;

#define ECRYPTFS_ENCRYPT_ONLY 0x00000001

	u32 flags;

	struct ecryptfs_session_key session_key;

	u8 reserved[32];

	} token;

} __attribute__ ((packed));

int ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok);

void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);

extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);

extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);

#define ECRYPTFS_MAX_KEYSET_SIZE 1024

#define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32

#define ECRYPTFS_MAX_NUM_ENC_KEYS 64

#define ECRYPTFS_MAX_NUM_KEYSIGS 2 /* TODO: Make this a linked list */

#define ECRYPTFS_MAX_IV_BYTES 16	/* 128 bits */

#define ECRYPTFS_SALT_BYTES 2

#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5

#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43

#define MD5_DIGEST_SIZE 16

struct ecryptfs_key_sig {

	struct list_head crypt_stat_list;

	char keysig[ECRYPTFS_SIG_SIZE_HEX];

};

/**

 * This is the primary struct associated with each encrypted file.

 *

	u32 flags;

	unsigned int file_version;

	size_t iv_bytes;

	size_t num_keysigs;

	size_t header_extent_size;

	size_t num_header_extents_at_front;

	size_t extent_size; /* Data extent size; default is 4096 */

	unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE];

	unsigned char key[ECRYPTFS_MAX_KEY_BYTES];

	unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];

	unsigned char keysigs[ECRYPTFS_MAX_NUM_KEYSIGS][ECRYPTFS_SIG_SIZE_HEX];

	struct list_head keysig_list;

	struct mutex keysig_list_mutex;

	struct mutex cs_tfm_mutex;

	struct mutex cs_hash_tfm_mutex;

	struct mutex cs_mutex;

	struct ecryptfs_crypt_stat *crypt_stat;

};

struct ecryptfs_global_auth_tok {

#define ECRYPTFS_AUTH_TOK_INVALID 0x00000001

	u32 flags;

	struct list_head mount_crypt_stat_list;

	struct key *global_auth_tok_key;

	struct ecryptfs_auth_tok *global_auth_tok;

	unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1];

};

struct ecryptfs_key_tfm {

	struct crypto_blkcipher *key_tfm;

	size_t key_size;

	struct mutex key_tfm_mutex;

	struct list_head key_tfm_list;

	unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];

};

extern struct list_head key_tfm_list;

extern struct mutex key_tfm_list_mutex;

/**

 * This struct is to enable a mount-wide passphrase/salt combo. This

 * is more or less a stopgap to provide similar functionality to other

#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED 0x00000001

#define ECRYPTFS_XATTR_METADATA_ENABLED        0x00000002

#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED        0x00000004

#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED  0x00000008

	u32 flags;

	struct ecryptfs_auth_tok *global_auth_tok;

	struct key *global_auth_tok_key;

	struct list_head global_auth_tok_list;

	struct mutex global_auth_tok_list_mutex;

	size_t num_global_auth_toks;

	size_t global_default_cipher_key_size;

	struct crypto_blkcipher *global_key_tfm;

	struct mutex global_key_tfm_mutex;

	unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE

						 + 1];

	unsigned char global_auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX + 1];

};

/* superblock private data. */

extern struct kmem_cache *ecryptfs_xattr_cache;

extern struct kmem_cache *ecryptfs_lower_page_cache;

extern struct kmem_cache *ecryptfs_key_record_cache;

extern struct kmem_cache *ecryptfs_key_sig_cache;

extern struct kmem_cache *ecryptfs_global_auth_tok_cache;

extern struct kmem_cache *ecryptfs_key_tfm_cache;

int ecryptfs_interpose(struct dentry *hidden_dentry,

		       struct dentry *this_dentry, struct super_block *sb,

ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,

			  unsigned char *src, struct dentry *ecryptfs_dentry);

int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);

int

ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name,

			size_t *key_size);

int ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,

				char *cipher_name, size_t *key_size);

int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);

int ecryptfs_inode_set(struct inode *inode, void *lower_inode);

void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);

ecryptfs_write_header_metadata(char *virt,

			       struct ecryptfs_crypt_stat *crypt_stat,

			       size_t *written);

int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig);

int

ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,

			   char *sig);

int ecryptfs_get_global_auth_tok_for_sig(

	struct ecryptfs_global_auth_tok **global_auth_tok,

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig);

int

ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,

			 size_t key_size);

int ecryptfs_init_crypto(void);

int ecryptfs_destruct_crypto(void);

int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,

					       struct mutex **tfm_mutex,

					       char *cipher_name);

int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,

				      struct ecryptfs_auth_tok **auth_tok,

				      char *sig);

int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start,

			 int num_zeros);

	{ecryptfs_opt_err, NULL}

};

/**

 * ecryptfs_verify_version

 * @version: The version number to confirm

 *

 * Returns zero on good version; non-zero otherwise

 */

static int ecryptfs_verify_version(u16 version)

static int ecryptfs_init_global_auth_toks(

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)

{

	struct ecryptfs_global_auth_tok *global_auth_tok;

	int rc = 0;

	unsigned char major;

	unsigned char minor;

	major = ((version >> 8) & 0xFF);

	minor = (version & 0xFF);

	if (major != ECRYPTFS_VERSION_MAJOR) {

		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "

				"Expected [%d]; got [%d]\n",

				ECRYPTFS_VERSION_MAJOR, major);

		rc = -EINVAL;

		goto out;

	}

	if (minor != ECRYPTFS_VERSION_MINOR) {

		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "

				"Expected [%d]; got [%d]\n",

				ECRYPTFS_VERSION_MINOR, minor);

		rc = -EINVAL;

		goto out;

	list_for_each_entry(global_auth_tok,

			    &mount_crypt_stat->global_auth_tok_list,

			    mount_crypt_stat_list) {

		if ((rc = ecryptfs_keyring_auth_tok_for_sig(

			     &global_auth_tok->global_auth_tok_key,

			     &global_auth_tok->global_auth_tok,

			     global_auth_tok->sig))) {

			printk(KERN_ERR "Could not find valid key in user "

			       "session keyring for sig specified in mount "

			       "option: [%s]\n", global_auth_tok->sig);

			global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;

			rc = 0;

		} else

			global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;

	}

out:

	return rc;

}

static void ecryptfs_init_mount_crypt_stat(

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)

{

	memset((void *)mount_crypt_stat, 0,

	       sizeof(struct ecryptfs_mount_crypt_stat));

	INIT_LIST_HEAD(&mount_crypt_stat->global_auth_tok_list);

	mutex_init(&mount_crypt_stat->global_auth_tok_list_mutex);

	mount_crypt_stat->flags |= ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED;

}

/**

 * ecryptfs_parse_options

 * @sb: The ecryptfs super block

		case ecryptfs_opt_sig:

		case ecryptfs_opt_ecryptfs_sig:

			sig_src = args[0].from;

			sig_dst =

				mount_crypt_stat->global_auth_tok_sig;

			memcpy(sig_dst, sig_src, ECRYPTFS_SIG_SIZE_HEX);

			sig_dst[ECRYPTFS_SIG_SIZE_HEX] = '\0';

			ecryptfs_printk(KERN_DEBUG,

					"The mount_crypt_stat "

					"global_auth_tok_sig set to: "

					"[%s]\n", sig_dst);

			rc = ecryptfs_add_global_auth_tok(mount_crypt_stat,

							  sig_src);

			if (rc) {

				printk(KERN_ERR "Error attempting to register "

				       "global sig; rc = [%d]\n", rc);

				goto out;

			}

			sig_set = 1;

			break;

		case ecryptfs_opt_debug:

	if (!cipher_key_bytes_set) {

		mount_crypt_stat->global_default_cipher_key_size = 0;

	}

	rc = ecryptfs_process_cipher(

		&mount_crypt_stat->global_key_tfm,

		mount_crypt_stat->global_default_cipher_name,

		&mount_crypt_stat->global_default_cipher_key_size);

	if (rc) {

		printk(KERN_ERR "Error attempting to initialize cipher [%s] "

		       "with key size [%Zd] bytes; rc = [%d]\n",

	if ((rc = ecryptfs_add_new_key_tfm(

		     NULL, mount_crypt_stat->global_default_cipher_name,

		     mount_crypt_stat->global_default_cipher_key_size))) {

		printk(KERN_ERR "Error attempting to initialize cipher with "

		       "name = [%s] and key size = [%d]; rc = [%d]\n",

		       mount_crypt_stat->global_default_cipher_name,

		       mount_crypt_stat->global_default_cipher_key_size, rc);

		mount_crypt_stat->global_key_tfm = NULL;

		mount_crypt_stat->global_auth_tok_key = NULL;

		rc = -EINVAL;

		goto out;

	}

	mutex_init(&mount_crypt_stat->global_key_tfm_mutex);

	ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: "

			"[%s]\n", mount_crypt_stat->global_auth_tok_sig);

	/* The reference to this key is held until umount is done The

	 * call to key_put is done in ecryptfs_put_super() */

	auth_tok_key = request_key(&key_type_user,

				   mount_crypt_stat->global_auth_tok_sig,

				   NULL);

	if (!auth_tok_key || IS_ERR(auth_tok_key)) {

		ecryptfs_printk(KERN_ERR, "Could not find key with "

				"description: [%s]\n",

				mount_crypt_stat->global_auth_tok_sig);

		process_request_key_err(PTR_ERR(auth_tok_key));

		rc = -EINVAL;

		goto out;

	if ((rc = ecryptfs_init_global_auth_toks(mount_crypt_stat))) {

		printk(KERN_WARNING "One or more global auth toks could not "

		       "properly register; rc = [%d]\n", rc);

	}

	auth_tok = ecryptfs_get_key_payload_data(auth_tok_key);

	if (ecryptfs_verify_version(auth_tok->version)) {

		ecryptfs_printk(KERN_ERR, "Data structure version mismatch. "

				"Userspace tools must match eCryptfs kernel "

				"module with major version [%d] and minor "

				"version [%d]\n", ECRYPTFS_VERSION_MAJOR,

				ECRYPTFS_VERSION_MINOR);

		rc = -EINVAL;

		goto out;

	}

	if (auth_tok->token_type != ECRYPTFS_PASSWORD

	    && auth_tok->token_type != ECRYPTFS_PRIVATE_KEY) {

		ecryptfs_printk(KERN_ERR, "Invalid auth_tok structure "

				"returned from key query\n");

		rc = -EINVAL;

		goto out;

	}

	mount_crypt_stat->global_auth_tok_key = auth_tok_key;

	mount_crypt_stat->global_auth_tok = auth_tok;

	rc = 0;

out:

	return rc;

}