diff options
author | Eric Biggers <ebiggers@google.com> | 2019-08-04 19:35:44 -0700 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2019-08-12 19:05:19 -0700 |
commit | 3b6df59bc4d242ac5847592de55d1ff327cd4549 (patch) | |
tree | 34a904cf036837716404795fe2c7e41172e2b490 /fs/crypto/keyinfo.c | |
parent | fscrypt: use FSCRYPT_ prefix for uapi constants (diff) | |
download | linux-dev-3b6df59bc4d242ac5847592de55d1ff327cd4549.tar.xz linux-dev-3b6df59bc4d242ac5847592de55d1ff327cd4549.zip |
fscrypt: use FSCRYPT_* definitions, not FS_*
Update fs/crypto/ to use the new names for the UAPI constants rather
than the old names, then make the old definitions conditional on
!__KERNEL__.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto/keyinfo.c')
-rw-r--r-- | fs/crypto/keyinfo.c | 53 |
1 files changed, 27 insertions, 26 deletions
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 212994300233..22345ddede11 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -20,7 +20,7 @@ static struct crypto_shash *essiv_hash_tfm; -/* Table of keys referenced by FS_POLICY_FLAG_DIRECT_KEY policies */ +/* Table of keys referenced by DIRECT_KEY policies */ static DEFINE_HASHTABLE(fscrypt_master_keys, 6); /* 6 bits = 64 buckets */ static DEFINE_SPINLOCK(fscrypt_master_keys_lock); @@ -77,7 +77,7 @@ out: */ static struct key * find_and_lock_process_key(const char *prefix, - const u8 descriptor[FS_KEY_DESCRIPTOR_SIZE], + const u8 descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE], unsigned int min_keysize, const struct fscrypt_key **payload_ret) { @@ -87,7 +87,7 @@ find_and_lock_process_key(const char *prefix, const struct fscrypt_key *payload; description = kasprintf(GFP_NOFS, "%s%*phN", prefix, - FS_KEY_DESCRIPTOR_SIZE, descriptor); + FSCRYPT_KEY_DESCRIPTOR_SIZE, descriptor); if (!description) return ERR_PTR(-ENOMEM); @@ -105,7 +105,7 @@ find_and_lock_process_key(const char *prefix, payload = (const struct fscrypt_key *)ukp->data; if (ukp->datalen != sizeof(struct fscrypt_key) || - payload->size < 1 || payload->size > FS_MAX_KEY_SIZE) { + payload->size < 1 || payload->size > FSCRYPT_MAX_KEY_SIZE) { fscrypt_warn(NULL, "key with description '%s' has invalid payload", key->description); @@ -129,32 +129,32 @@ invalid: } static struct fscrypt_mode available_modes[] = { - [FS_ENCRYPTION_MODE_AES_256_XTS] = { + [FSCRYPT_MODE_AES_256_XTS] = { .friendly_name = "AES-256-XTS", .cipher_str = "xts(aes)", .keysize = 64, .ivsize = 16, }, - [FS_ENCRYPTION_MODE_AES_256_CTS] = { + [FSCRYPT_MODE_AES_256_CTS] = { .friendly_name = "AES-256-CTS-CBC", .cipher_str = "cts(cbc(aes))", .keysize = 32, .ivsize = 16, }, - [FS_ENCRYPTION_MODE_AES_128_CBC] = { + [FSCRYPT_MODE_AES_128_CBC] = { .friendly_name = "AES-128-CBC", .cipher_str = "cbc(aes)", .keysize = 16, .ivsize = 16, .needs_essiv = true, }, - [FS_ENCRYPTION_MODE_AES_128_CTS] = { + [FSCRYPT_MODE_AES_128_CTS] = { .friendly_name = "AES-128-CTS-CBC", .cipher_str = "cts(cbc(aes))", .keysize = 16, .ivsize = 16, }, - [FS_ENCRYPTION_MODE_ADIANTUM] = { + [FSCRYPT_MODE_ADIANTUM] = { .friendly_name = "Adiantum", .cipher_str = "adiantum(xchacha12,aes)", .keysize = 32, @@ -192,7 +192,7 @@ static int find_and_derive_key(const struct inode *inode, const struct fscrypt_key *payload; int err; - key = find_and_lock_process_key(FS_KEY_DESC_PREFIX, + key = find_and_lock_process_key(FSCRYPT_KEY_DESC_PREFIX, ctx->master_key_descriptor, mode->keysize, &payload); if (key == ERR_PTR(-ENOKEY) && inode->i_sb->s_cop->key_prefix) { @@ -203,7 +203,7 @@ static int find_and_derive_key(const struct inode *inode, if (IS_ERR(key)) return PTR_ERR(key); - if (ctx->flags & FS_POLICY_FLAG_DIRECT_KEY) { + if (ctx->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) { if (mode->ivsize < offsetofend(union fscrypt_iv, nonce)) { fscrypt_warn(inode, "Direct key mode not allowed with %s", @@ -272,14 +272,14 @@ err_free_tfm: return ERR_PTR(err); } -/* Master key referenced by FS_POLICY_FLAG_DIRECT_KEY policy */ +/* Master key referenced by DIRECT_KEY policy */ struct fscrypt_master_key { struct hlist_node mk_node; refcount_t mk_refcount; const struct fscrypt_mode *mk_mode; struct crypto_skcipher *mk_ctfm; - u8 mk_descriptor[FS_KEY_DESCRIPTOR_SIZE]; - u8 mk_raw[FS_MAX_KEY_SIZE]; + u8 mk_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE]; + u8 mk_raw[FSCRYPT_MAX_KEY_SIZE]; }; static void free_master_key(struct fscrypt_master_key *mk) @@ -320,13 +320,13 @@ find_or_insert_master_key(struct fscrypt_master_key *to_insert, * raw key, and use crypto_memneq() when comparing raw keys. */ - BUILD_BUG_ON(sizeof(hash_key) > FS_KEY_DESCRIPTOR_SIZE); + BUILD_BUG_ON(sizeof(hash_key) > FSCRYPT_KEY_DESCRIPTOR_SIZE); memcpy(&hash_key, ci->ci_master_key_descriptor, sizeof(hash_key)); spin_lock(&fscrypt_master_keys_lock); hash_for_each_possible(fscrypt_master_keys, mk, mk_node, hash_key) { if (memcmp(ci->ci_master_key_descriptor, mk->mk_descriptor, - FS_KEY_DESCRIPTOR_SIZE) != 0) + FSCRYPT_KEY_DESCRIPTOR_SIZE) != 0) continue; if (mode != mk->mk_mode) continue; @@ -370,7 +370,7 @@ fscrypt_get_master_key(const struct fscrypt_info *ci, struct fscrypt_mode *mode, goto err_free_mk; } memcpy(mk->mk_descriptor, ci->ci_master_key_descriptor, - FS_KEY_DESCRIPTOR_SIZE); + FSCRYPT_KEY_DESCRIPTOR_SIZE); memcpy(mk->mk_raw, raw_key, mode->keysize); return find_or_insert_master_key(mk, raw_key, mode, ci); @@ -448,8 +448,8 @@ out: /* * Given the encryption mode and key (normally the derived key, but for - * FS_POLICY_FLAG_DIRECT_KEY mode it's the master key), set up the inode's - * symmetric cipher transform object(s). + * DIRECT_KEY mode it's the master key), set up the inode's symmetric cipher + * transform object(s). */ static int setup_crypto_transform(struct fscrypt_info *ci, struct fscrypt_mode *mode, @@ -459,7 +459,7 @@ static int setup_crypto_transform(struct fscrypt_info *ci, struct crypto_skcipher *ctfm; int err; - if (ci->ci_flags & FS_POLICY_FLAG_DIRECT_KEY) { + if (ci->ci_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) { mk = fscrypt_get_master_key(ci, mode, raw_key, inode); if (IS_ERR(mk)) return PTR_ERR(mk); @@ -476,7 +476,7 @@ static int setup_crypto_transform(struct fscrypt_info *ci, if (mode->needs_essiv) { /* ESSIV implies 16-byte IVs which implies !DIRECT_KEY */ WARN_ON(mode->ivsize != AES_BLOCK_SIZE); - WARN_ON(ci->ci_flags & FS_POLICY_FLAG_DIRECT_KEY); + WARN_ON(ci->ci_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY); err = init_essiv_generator(ci, raw_key, mode->keysize); if (err) { @@ -530,9 +530,10 @@ int fscrypt_get_encryption_info(struct inode *inode) /* Fake up a context for an unencrypted directory */ memset(&ctx, 0, sizeof(ctx)); ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; - ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; - ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; - memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); + ctx.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; + ctx.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; + memset(ctx.master_key_descriptor, 0x42, + FSCRYPT_KEY_DESCRIPTOR_SIZE); } else if (res != sizeof(ctx)) { fscrypt_warn(inode, "Unknown encryption context size (%d bytes)", res); @@ -545,7 +546,7 @@ int fscrypt_get_encryption_info(struct inode *inode) return -EINVAL; } - if (ctx.flags & ~FS_POLICY_FLAGS_VALID) { + if (ctx.flags & ~FSCRYPT_POLICY_FLAGS_VALID) { fscrypt_warn(inode, "Unknown encryption context flags (0x%02x)", ctx.flags); return -EINVAL; @@ -559,7 +560,7 @@ int fscrypt_get_encryption_info(struct inode *inode) crypt_info->ci_data_mode = ctx.contents_encryption_mode; crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; memcpy(crypt_info->ci_master_key_descriptor, ctx.master_key_descriptor, - FS_KEY_DESCRIPTOR_SIZE); + FSCRYPT_KEY_DESCRIPTOR_SIZE); memcpy(crypt_info->ci_nonce, ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); mode = select_encryption_mode(crypt_info, inode); |