diff options
| author | Gilad Broner <gbroner@codeaurora.org> | 2016-01-11 14:07:26 +0200 |
|---|---|---|
| committer | David Keitel <dkeitel@codeaurora.org> | 2016-03-25 16:04:06 -0700 |
| commit | f50a4a1dc7a0196eb94bfaa18abb95dd387fee1e (patch) | |
| tree | 46e88594582b5b69030c0eb224eca30a53f81da5 /security/pfe | |
| parent | 53db8d989d8f077a5c8b2e41370449004b1c9199 (diff) | |
eCryptfs: fixed bug in cipher handling
Cipher was sometimes not treated properly, causing valid
requests belonging to eCryptfs to be treated as regular.
Change-Id: Iabfb93cc4c9e9e167901043482eb99613ed70343
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
Diffstat (limited to 'security/pfe')
| -rw-r--r-- | security/pfe/pfk.c | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/security/pfe/pfk.c b/security/pfe/pfk.c index 911012eeb570..23ea0b9d01b1 100644 --- a/security/pfe/pfk.c +++ b/security/pfe/pfk.c @@ -276,13 +276,13 @@ static int pfk_set_ecryptfs_data(struct inode *inode, void *ecryptfs_data) /** - * pfk_parse_cipher() - translate string cipher to enum - * @cipher: cipher in string as received from ecryptfs + * pfk_parse_cipher() - parse cipher from ecryptfs to enum + * @ecryptfs_data: ecrypfs data * @algo: pointer to store the output enum (can be null) * * return 0 in case of success, error otherwise (i.e not supported cipher) */ -static int pfk_parse_cipher(const unsigned char *cipher, +static int pfk_parse_cipher(const void *ecryptfs_data, enum ice_cryto_algo_mode *algo) { /* @@ -291,11 +291,12 @@ static int pfk_parse_cipher(const unsigned char *cipher, * be introduced */ - if (!cipher) - return -EPERM; + if (!ecryptfs_data) + return -EINVAL; - if (!strcmp(cipher, PFK_SUPPORTED_CIPHER) == 0) { - pr_debug("not supported alghoritm %s\n", cipher); + if (!ecryptfs_cipher_match(ecryptfs_data, + PFK_SUPPORTED_CIPHER, sizeof(PFK_SUPPORTED_CIPHER))) { + pr_debug("ecryptfs alghoritm is not supported by pfk\n"); return -EINVAL; } @@ -427,13 +428,6 @@ int pfk_load_key(const struct bio *bio, struct ice_crypto_setting *ice_setting) goto end; } - cipher = ecryptfs_get_cipher(ecryptfs_data); - if (!cipher) { - pr_err("could not parse key from ecryptfs\n"); - ret = -EINVAL; - goto end; - } - ret = pfk_parse_cipher(cipher, &algo_mode); if (ret != 0) { pr_debug("not supported cipher\n"); @@ -587,7 +581,6 @@ end: static void pfk_open_cb(struct inode *inode, void *ecryptfs_data) { size_t key_size; - const unsigned char *cipher = NULL; if (!pfk_is_ready()) return; @@ -603,13 +596,7 @@ static void pfk_open_cb(struct inode *inode, void *ecryptfs_data) return; } - cipher = ecryptfs_get_cipher(ecryptfs_data); - if (!cipher) { - pr_err("could not parse key from ecryptfs\n"); - return; - } - - if (0 != pfk_parse_cipher(cipher, NULL)) { + if (0 != pfk_parse_cipher(ecryptfs_data, NULL)) { pr_debug("open_cb: not supported cipher\n"); return; } @@ -677,20 +664,21 @@ static void pfk_release_cb(struct inode *inode) pfk_kc_remove_key_with_salt(key, key_size, salt, salt_size); + mutex_lock(&pfk_lock); pfk_set_ecryptfs_data(inode, NULL); mutex_unlock(&pfk_lock); } -static bool pfk_is_cipher_supported_cb(const char *cipher) +static bool pfk_is_cipher_supported_cb(const void *ecryptfs_data) { if (!pfk_is_ready()) return false; - if (!cipher) + if (!ecryptfs_data) return false; - return (pfk_parse_cipher(cipher, NULL)) == 0; + return (pfk_parse_cipher(ecryptfs_data, NULL)) == 0; } static bool pfk_is_hw_crypt_cb(void) @@ -701,12 +689,12 @@ static bool pfk_is_hw_crypt_cb(void) return true; } -static size_t pfk_get_salt_key_size_cb(const char *cipher) +static size_t pfk_get_salt_key_size_cb(const void *ecryptfs_data) { if (!pfk_is_ready()) return 0; - if (!pfk_is_cipher_supported_cb(cipher)) + if (!pfk_is_cipher_supported_cb(ecryptfs_data)) return 0; return PFK_SUPPORTED_SALT_SIZE; |