From patchwork Thu Jan 5 21:51:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9499717 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3C8CF606B5 for ; Thu, 5 Jan 2017 21:52:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A66027FA9 for ; Thu, 5 Jan 2017 21:52:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E22B2845E; Thu, 5 Jan 2017 21:52:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6527727FA9 for ; Thu, 5 Jan 2017 21:52:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761269AbdAEVwV (ORCPT ); Thu, 5 Jan 2017 16:52:21 -0500 Received: from mail-pg0-f68.google.com ([74.125.83.68]:36641 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1760807AbdAEVwT (ORCPT ); Thu, 5 Jan 2017 16:52:19 -0500 Received: by mail-pg0-f68.google.com with SMTP id 75so3622102pgf.3 for ; Thu, 05 Jan 2017 13:52:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=9KP2y3jvpi4DYNjtFXRDto4rXFvH+PR2383Pn7XBniI=; b=X1/NvOJOnp2H/Q9BOJxMvQBUdCteT+XvmOENJiazTTEqF/6IRMsI+VIzVFpPz+Wpk0 MZXoEf9jtnSgRhcH41PYhAltpDCm/1Zcx8A+b34AOIzSFK+VjP2XgRQ38iynIBD/jzxH pKbgnJ9LODICMHhg4GY8fasgnL0KGsT37766xRPBKFvnbmBHhE0a7Z9Ii8O/3O079hdS MlqmQU3aTWgn9AOaoTf40gL/IjDtBx6BgqrgMh+ohR5sS9zY1yCLU14GJk6SAtxNODpX o/URnUYzPFczmQ8JM9rP5kLGCeYZHuU+Xcgpa+Q27nJP/cMMtwlmCp2YuCDnkcE358dz 6Q1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=9KP2y3jvpi4DYNjtFXRDto4rXFvH+PR2383Pn7XBniI=; b=qyUfr3DULjOaM/Y8CdK3fjGq7+jHYswHqgSgHCLqfaQp2QJJiGtiIl1v4nJ6w8hlhW j9QMi2if56YLew0g6v6nN2p9DdMnKgaTb6j5H/Za4d6IonO0IrKBNmjvFnYRMblrCTVW TgvcG7EK27Xk/S3ZfugsFc2iMJFPwlcd6z9dY6y7UpTvk1OVLfPdDhTJC64DBwOuIStr aFwkcZFvltAuRHEHYPrg5u5rgj6DgiyeusIKzw1NuifQLhlcziG6JGW3frr5IP5GXz52 TYslLnqiI9hGTSYQsRrGOqniFQc9yVpSI30ZqdbXGW0WeczApBSb5vdHPYCVxlIqTMNF x6/A== X-Gm-Message-State: AIkVDXItk6Xc7URO2D26OI6y1xir1dwkS/OrTJ+SVR2a0MPK6RQybF8RcRgAjg1M/0/xng== X-Received: by 10.99.185.1 with SMTP id z1mr135341112pge.179.1483653138488; Thu, 05 Jan 2017 13:52:18 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.131]) by smtp.gmail.com with ESMTPSA id m12sm107361618pfg.92.2017.01.05.13.52.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 05 Jan 2017 13:52:17 -0800 (PST) From: Eric Biggers To: linux-fsdevel@vger.kernel.org Cc: Theodore Ts'o , Jaegeuk Kim , Richard Weinberger , Eric Biggers Subject: [PATCH] fscrypt: make fscrypt_operations.key_prefix a string Date: Thu, 5 Jan 2017 13:51:18 -0800 Message-Id: <20170105215118.108712-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.11.0.390.gc69c2f50cf-goog Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers There was an unnecessary amount of complexity around requesting the filesystem-specific key prefix. It was unclear why; perhaps it was envisioned that different instances of the same filesystem type could use different key prefixes, or that key prefixes could be binary. However, neither of those things were implemented or really make sense at all. So simplify the code by making key_prefix a const char *. Signed-off-by: Eric Biggers Reviewed-by: Richard Weinberger --- fs/crypto/keyinfo.c | 31 +++++++++++-------------------- fs/ext4/ext4.h | 11 ----------- fs/ext4/super.c | 13 +------------ fs/f2fs/f2fs.h | 9 --------- fs/f2fs/super.c | 14 +------------- fs/ubifs/crypto.c | 11 +---------- include/linux/fscrypto.h | 2 +- 7 files changed, 15 insertions(+), 76 deletions(-) diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 95cd4c3b06c3..ba921a5adb74 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -77,26 +77,22 @@ static int derive_key_aes(u8 deriving_key[FS_AES_128_ECB_KEY_SIZE], static int validate_user_key(struct fscrypt_info *crypt_info, struct fscrypt_context *ctx, u8 *raw_key, - u8 *prefix, int prefix_size) + const char *prefix) { - u8 *full_key_descriptor; + char *description; struct key *keyring_key; struct fscrypt_key *master_key; const struct user_key_payload *ukp; - int full_key_len = prefix_size + (FS_KEY_DESCRIPTOR_SIZE * 2) + 1; int res; - full_key_descriptor = kmalloc(full_key_len, GFP_NOFS); - if (!full_key_descriptor) + description = kasprintf(GFP_NOFS, "%s%*phN", prefix, + FS_KEY_DESCRIPTOR_SIZE, + ctx->master_key_descriptor); + if (!description) return -ENOMEM; - memcpy(full_key_descriptor, prefix, prefix_size); - sprintf(full_key_descriptor + prefix_size, - "%*phN", FS_KEY_DESCRIPTOR_SIZE, - ctx->master_key_descriptor); - full_key_descriptor[full_key_len - 1] = '\0'; - keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL); - kfree(full_key_descriptor); + keyring_key = request_key(&key_type_logon, description, NULL); + kfree(description); if (IS_ERR(keyring_key)) return PTR_ERR(keyring_key); @@ -253,15 +249,10 @@ int fscrypt_get_crypt_info(struct inode *inode) goto got_key; } - res = validate_user_key(crypt_info, &ctx, raw_key, - FS_KEY_DESC_PREFIX, FS_KEY_DESC_PREFIX_SIZE); + res = validate_user_key(crypt_info, &ctx, raw_key, FS_KEY_DESC_PREFIX); if (res && inode->i_sb->s_cop->key_prefix) { - u8 *prefix = NULL; - int prefix_size, res2; - - prefix_size = inode->i_sb->s_cop->key_prefix(inode, &prefix); - res2 = validate_user_key(crypt_info, &ctx, raw_key, - prefix, prefix_size); + int res2 = validate_user_key(crypt_info, &ctx, raw_key, + inode->i_sb->s_cop->key_prefix); if (res2) { if (res2 == -ENOKEY) res = -ENOKEY; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 2163c1e69f2a..6bcb9622fdf9 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1343,11 +1343,6 @@ struct ext4_super_block { /* Number of quota types we support */ #define EXT4_MAXQUOTAS 3 -#ifdef CONFIG_EXT4_FS_ENCRYPTION -#define EXT4_KEY_DESC_PREFIX "ext4:" -#define EXT4_KEY_DESC_PREFIX_SIZE 5 -#endif - /* * fourth extended-fs super-block data in memory */ @@ -1517,12 +1512,6 @@ struct ext4_sb_info { /* Barrier between changing inodes' journal flags and writepages ops. */ struct percpu_rw_semaphore s_journal_flag_rwsem; - - /* Encryption support */ -#ifdef CONFIG_EXT4_FS_ENCRYPTION - u8 key_prefix[EXT4_KEY_DESC_PREFIX_SIZE]; - u8 key_prefix_size; -#endif }; static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 66845a08a87a..9d15a6293124 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1100,12 +1100,6 @@ static int ext4_get_context(struct inode *inode, void *ctx, size_t len) EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); } -static int ext4_key_prefix(struct inode *inode, u8 **key) -{ - *key = EXT4_SB(inode->i_sb)->key_prefix; - return EXT4_SB(inode->i_sb)->key_prefix_size; -} - static int ext4_prepare_context(struct inode *inode) { return ext4_convert_inline_data(inode); @@ -1180,8 +1174,8 @@ static unsigned ext4_max_namelen(struct inode *inode) } static struct fscrypt_operations ext4_cryptops = { + .key_prefix = "ext4:", .get_context = ext4_get_context, - .key_prefix = ext4_key_prefix, .prepare_context = ext4_prepare_context, .set_context = ext4_set_context, .dummy_context = ext4_dummy_context, @@ -4218,11 +4212,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); kfree(orig_data); -#ifdef CONFIG_EXT4_FS_ENCRYPTION - memcpy(sbi->key_prefix, EXT4_KEY_DESC_PREFIX, - EXT4_KEY_DESC_PREFIX_SIZE); - sbi->key_prefix_size = EXT4_KEY_DESC_PREFIX_SIZE; -#endif return 0; cantfind_ext4: diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 2da8c3aa0ce5..93d38d854a41 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -760,10 +760,6 @@ enum { MAX_TIME, }; -#ifdef CONFIG_F2FS_FS_ENCRYPTION -#define F2FS_KEY_DESC_PREFIX "f2fs:" -#define F2FS_KEY_DESC_PREFIX_SIZE 5 -#endif struct f2fs_sb_info { struct super_block *sb; /* pointer to VFS super block */ struct proc_dir_entry *s_proc; /* proc entry */ @@ -771,11 +767,6 @@ struct f2fs_sb_info { int valid_super_block; /* valid super block no */ unsigned long s_flag; /* flags for sbi */ -#ifdef CONFIG_F2FS_FS_ENCRYPTION - u8 key_prefix[F2FS_KEY_DESC_PREFIX_SIZE]; - u8 key_prefix_size; -#endif - #ifdef CONFIG_BLK_DEV_ZONED unsigned int blocks_per_blkz; /* F2FS blocks per zone */ unsigned int log_blocks_per_blkz; /* log2 F2FS blocks per zone */ diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 702638e21c76..739192d95e71 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1156,12 +1156,6 @@ static int f2fs_get_context(struct inode *inode, void *ctx, size_t len) ctx, len, NULL); } -static int f2fs_key_prefix(struct inode *inode, u8 **key) -{ - *key = F2FS_I_SB(inode)->key_prefix; - return F2FS_I_SB(inode)->key_prefix_size; -} - static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len, void *fs_data) { @@ -1177,8 +1171,8 @@ static unsigned f2fs_max_namelen(struct inode *inode) } static struct fscrypt_operations f2fs_cryptops = { + .key_prefix = "f2fs:", .get_context = f2fs_get_context, - .key_prefix = f2fs_key_prefix, .set_context = f2fs_set_context, .is_encrypted = f2fs_encrypted_inode, .empty_dir = f2fs_empty_dir, @@ -1518,12 +1512,6 @@ static void init_sb_info(struct f2fs_sb_info *sbi) mutex_init(&sbi->wio_mutex[NODE]); mutex_init(&sbi->wio_mutex[DATA]); spin_lock_init(&sbi->cp_lock); - -#ifdef CONFIG_F2FS_FS_ENCRYPTION - memcpy(sbi->key_prefix, F2FS_KEY_DESC_PREFIX, - F2FS_KEY_DESC_PREFIX_SIZE); - sbi->key_prefix_size = F2FS_KEY_DESC_PREFIX_SIZE; -#endif } static int init_percpu_info(struct f2fs_sb_info *sbi) diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c index 3402720f2b28..6335abcf98df 100644 --- a/fs/ubifs/crypto.c +++ b/fs/ubifs/crypto.c @@ -26,15 +26,6 @@ static unsigned int ubifs_crypt_max_namelen(struct inode *inode) return UBIFS_MAX_NLEN; } -static int ubifs_key_prefix(struct inode *inode, u8 **key) -{ - static char prefix[] = "ubifs:"; - - *key = prefix; - - return sizeof(prefix) - 1; -} - int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn, unsigned int in_len, unsigned int *out_len, int block) { @@ -88,10 +79,10 @@ int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn, struct fscrypt_operations ubifs_crypt_operations = { .flags = FS_CFLG_OWN_PAGES, + .key_prefix = "ubifs:", .get_context = ubifs_crypt_get_context, .set_context = ubifs_crypt_set_context, .is_encrypted = __ubifs_crypt_is_encrypted, .empty_dir = ubifs_crypt_empty_dir, .max_namelen = ubifs_crypt_max_namelen, - .key_prefix = ubifs_key_prefix, }; diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h index 2a2815702095..de7b1e0cd56e 100644 --- a/include/linux/fscrypto.h +++ b/include/linux/fscrypto.h @@ -86,8 +86,8 @@ struct fscrypt_name { */ struct fscrypt_operations { unsigned int flags; + const char *key_prefix; int (*get_context)(struct inode *, void *, size_t); - int (*key_prefix)(struct inode *, u8 **); int (*prepare_context)(struct inode *); int (*set_context)(struct inode *, const void *, size_t, void *); int (*dummy_context)(struct inode *);