mirror of
https://github.com/adulau/aha.git
synced 2024-12-29 12:16:20 +00:00
eCryptfs: Filename encryption only supports password auth tokens
Returns -ENOTSUPP when attempting to use filename encryption with something other than a password authentication token, such as a private token from openssl. Using filename encryption with a userspace eCryptfs key module is a future goal. Until then, this patch handles the situation a little better than simply using a BUG_ON(). Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: ecryptfs-devel@lists.launchpad.net Cc: stable <stable@kernel.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
This commit is contained in:
parent
ac22ba23b6
commit
df6ad33ba1
2 changed files with 14 additions and 4 deletions
|
@ -1703,7 +1703,7 @@ ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
|
||||||
} else {
|
} else {
|
||||||
printk(KERN_ERR "%s: No support for requested filename "
|
printk(KERN_ERR "%s: No support for requested filename "
|
||||||
"encryption method in this release\n", __func__);
|
"encryption method in this release\n", __func__);
|
||||||
rc = -ENOTSUPP;
|
rc = -EOPNOTSUPP;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
|
@ -2168,7 +2168,7 @@ int ecryptfs_encrypt_and_encode_filename(
|
||||||
(*encoded_name)[(*encoded_name_size)] = '\0';
|
(*encoded_name)[(*encoded_name_size)] = '\0';
|
||||||
(*encoded_name_size)++;
|
(*encoded_name_size)++;
|
||||||
} else {
|
} else {
|
||||||
rc = -ENOTSUPP;
|
rc = -EOPNOTSUPP;
|
||||||
}
|
}
|
||||||
if (rc) {
|
if (rc) {
|
||||||
printk(KERN_ERR "%s: Error attempting to encode "
|
printk(KERN_ERR "%s: Error attempting to encode "
|
||||||
|
|
|
@ -612,7 +612,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
|
||||||
}
|
}
|
||||||
/* TODO: Support other key modules than passphrase for
|
/* TODO: Support other key modules than passphrase for
|
||||||
* filename encryption */
|
* filename encryption */
|
||||||
BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
|
if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
|
||||||
|
rc = -EOPNOTSUPP;
|
||||||
|
printk(KERN_INFO "%s: Filename encryption only supports "
|
||||||
|
"password tokens\n", __func__);
|
||||||
|
goto out_free_unlock;
|
||||||
|
}
|
||||||
sg_init_one(
|
sg_init_one(
|
||||||
&s->hash_sg,
|
&s->hash_sg,
|
||||||
(u8 *)s->auth_tok->token.password.session_key_encryption_key,
|
(u8 *)s->auth_tok->token.password.session_key_encryption_key,
|
||||||
|
@ -910,7 +915,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
|
||||||
}
|
}
|
||||||
/* TODO: Support other key modules than passphrase for
|
/* TODO: Support other key modules than passphrase for
|
||||||
* filename encryption */
|
* filename encryption */
|
||||||
BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
|
if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
|
||||||
|
rc = -EOPNOTSUPP;
|
||||||
|
printk(KERN_INFO "%s: Filename encryption only supports "
|
||||||
|
"password tokens\n", __func__);
|
||||||
|
goto out_free_unlock;
|
||||||
|
}
|
||||||
rc = crypto_blkcipher_setkey(
|
rc = crypto_blkcipher_setkey(
|
||||||
s->desc.tfm,
|
s->desc.tfm,
|
||||||
s->auth_tok->token.password.session_key_encryption_key,
|
s->auth_tok->token.password.session_key_encryption_key,
|
||||||
|
|
Loading…
Reference in a new issue