eCryptfs: don't encrypt file key with filename key

eCryptfs has file encryption keys (FEK), file encryption key encryption keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is encrypted with one or more FEKEKs and stored in the header of the encrypted file. I noticed that the FEK is also being encrypted by the FNEK. This is a problem if a user wants to use a different FNEK than their FEKEK, as their file contents will still be accessible with the FNEK. This is a minimalistic patch which prevents the FNEKs signatures from being copied to the inode signatures list. Ultimately, it keeps the FEK from being encrypted with a FNEK. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Cc: Serge Hallyn <serue@us.ibm.com> Acked-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

eCryptfs: don't encrypt file key with filename key
eCryptfs has file encryption keys (FEK), file encryption key encryption keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is encrypted with one or more FEKEKs and stored in the header of the encrypted file. I noticed that the FEK is also being encrypted by the FNEK. This is a problem if a user wants to use a different FNEK than their FEKEK, as their file contents will still be accessible with the FNEK. This is a minimalistic patch which prevents the FNEKs signatures from being copied to the inode signatures list. Ultimately, it keeps the FEK from being encrypted with a FNEK. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Cc: Serge Hallyn <serue@us.ibm.com> Acked-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tyler Hicks · Linus Torvalds
1 parent 15e7b87676
Showing 4 changed files with 9 additions and 4 deletions Side-by-side Diff
fs/ecryptfs/crypto.c
fs/ecryptfs/ecryptfs_kernel.h
fs/ecryptfs/keystore.c
fs/ecryptfs/main.c
@@ -946,6 +946,8 @@
 	list_for_each_entry(global_auth_tok,
 			    &mount_crypt_stat->global_auth_tok_list,
 			    mount_crypt_stat_list) {
+		if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
+			continue;
 		rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
 		if (rc) {
 			printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
@@ -328,6 +328,7 @@
  */
 struct ecryptfs_global_auth_tok {
 #define ECRYPTFS_AUTH_TOK_INVALID 0x00000001
+#define ECRYPTFS_AUTH_TOK_FNEK    0x00000002
 	u32 flags;
 	struct list_head mount_crypt_stat_list;
 	struct key *global_auth_tok_key;
@@ -696,7 +697,7 @@
 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig);
 int
 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
-			   char *sig);
+			   char *sig, u32 global_auth_tok_flags);
 int ecryptfs_get_global_auth_tok_for_sig(
 	struct ecryptfs_global_auth_tok **global_auth_tok,
 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig);
@@ -2375,7 +2375,7 @@
  
 int
 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
-			     char *sig)
+			     char *sig, u32 global_auth_tok_flags)
 {
 	struct ecryptfs_global_auth_tok *new_auth_tok;
 	int rc = 0;
@@ -2389,6 +2389,7 @@
 		goto out;
 	}
 	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
+	new_auth_tok->flags = global_auth_tok_flags;
 	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
 	list_add(&new_auth_tok->mount_crypt_stat_list,
@@ -319,7 +319,7 @@
 		case ecryptfs_opt_ecryptfs_sig:
 			sig_src = args[0].from;
 			rc = ecryptfs_add_global_auth_tok(mount_crypt_stat,
-							  sig_src);
+							  sig_src, 0);
 			if (rc) {
 				printk(KERN_ERR "Error attempting to register "
 				       "global sig; rc = [%d]\n", rc);
@@ -370,7 +370,8 @@
 				ECRYPTFS_SIG_SIZE_HEX] = '\0';
 			rc = ecryptfs_add_global_auth_tok(
 				mount_crypt_stat,
-				mount_crypt_stat->global_default_fnek_sig);
+				mount_crypt_stat->global_default_fnek_sig,
+				ECRYPTFS_AUTH_TOK_FNEK);
 			if (rc) {
 				printk(KERN_ERR "Error attempting to register "
 				       "global fnek sig [%s]; rc = [%d]\n",
...	...	@@ -946,6 +946,8 @@
946	946	list_for_each_entry(global_auth_tok,
947	947	&mount_crypt_stat->global_auth_tok_list,
948	948	mount_crypt_stat_list) {
	949	+ if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
	950	+ continue;
949	951	rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
950	952	if (rc) {
951	953	printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
...	...	@@ -328,6 +328,7 @@
328	328	*/
329	329	struct ecryptfs_global_auth_tok {
330	330	#define ECRYPTFS_AUTH_TOK_INVALID 0x00000001
	331	+#define ECRYPTFS_AUTH_TOK_FNEK 0x00000002
331	332	u32 flags;
332	333	struct list_head mount_crypt_stat_list;
333	334	struct key *global_auth_tok_key;
...	...	@@ -696,7 +697,7 @@
696	697	int ecryptfs_add_keysig(struct ecryptfs_crypt_stat crypt_stat, char sig);
697	698	int
698	699	ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
699		- char *sig);
	700	+ char *sig, u32 global_auth_tok_flags);
700	701	int ecryptfs_get_global_auth_tok_for_sig(
701	702	struct ecryptfs_global_auth_tok **global_auth_tok,
702	703	struct ecryptfs_mount_crypt_stat mount_crypt_stat, char sig);
...	...	@@ -2375,7 +2375,7 @@
2375	2375
2376	2376	int
2377	2377	ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2378		- char *sig)
	2378	+ char *sig, u32 global_auth_tok_flags)
2379	2379	{
2380	2380	struct ecryptfs_global_auth_tok *new_auth_tok;
2381	2381	int rc = 0;
...	...	@@ -2389,6 +2389,7 @@
2389	2389	goto out;
2390	2390	}
2391	2391	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
	2392	+ new_auth_tok->flags = global_auth_tok_flags;
2392	2393	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2393	2394	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2394	2395	list_add(&new_auth_tok->mount_crypt_stat_list,
...	...	@@ -319,7 +319,7 @@
319	319	case ecryptfs_opt_ecryptfs_sig:
320	320	sig_src = args[0].from;
321	321	rc = ecryptfs_add_global_auth_tok(mount_crypt_stat,
322		- sig_src);
	322	+ sig_src, 0);
323	323	if (rc) {
324	324	printk(KERN_ERR "Error attempting to register "
325	325	"global sig; rc = [%d]\n", rc);
...	...	@@ -370,7 +370,8 @@
370	370	ECRYPTFS_SIG_SIZE_HEX] = '\0';
371	371	rc = ecryptfs_add_global_auth_tok(
372	372	mount_crypt_stat,
373		- mount_crypt_stat->global_default_fnek_sig);
	373	+ mount_crypt_stat->global_default_fnek_sig,
	374	+ ECRYPTFS_AUTH_TOK_FNEK);
374	375	if (rc) {
375	376	printk(KERN_ERR "Error attempting to register "
376	377	"global fnek sig [%s]; rc = [%d]\n",