[PATCH 0/1] Check for eCryptfs cipher support at mount time.

[PATCH 0/1] Check for eCryptfs cipher support at mount time.

[Tim Sally]

eCryptfs will mount with any cipher supported by the crypto subsystem,
even if the cipher is not supported by eCryptfs itself. An error will
not occur until a write. This change checks for eCryptfs cipher
support at mount time and will not mount the filesystem if the cipher
is not supported.

The cipher name and blocksize are retrieved from ecryptfs_key_tfm
because it will assign a default block size upon creation if none
is specified in the mount options.

This issue originally reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914

Thanks,

Tim

Tim Sally (1):
  eCryptfs: check for eCryptfs cipher support at mount

 fs/ecryptfs/main.c |   24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

-- 
1.7.10.4

[PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount

[Tim Sally]

The issue occurs when eCryptfs is mounted with a cipher supported by
the crypto subsystem but not by eCryptfs. The mount succeeds and an
error does not occur until a write. This change checks for eCryptfs
cipher support at mount time.

Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914

Signed-off-by: Tim Sally <tsally@atomicpeace.com>
---
 fs/ecryptfs/main.c |   24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index df217dc..4eb1fc6 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
 	char *fnek_src;
 	char *cipher_key_bytes_src;
 	char *fn_cipher_key_bytes_src;
+	struct ecryptfs_key_tfm *key_tfm = NULL;
+	u8 cipher_code;
 
 	*check_ruid = 0;
 
@@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
 			goto out;
 		}
 	}
+
+	if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
+					&key_tfm)) {
+		ecryptfs_printk(KERN_ERR,
+				"Cipher %s was not initalized correctly.\n",
+				mount_crypt_stat->global_default_cipher_name);
+		rc = -EINVAL;
+		mutex_unlock(&key_tfm_list_mutex);
+		goto out;
+	}
+
+	cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name,
+						key_tfm->key_size);
+	if (!cipher_code) {
+		ecryptfs_printk(KERN_ERR,
+				"eCryptfs doesn't support: %s blocksize %zu.\n",
+				key_tfm->cipher_name, key_tfm->key_size);
+		rc = -EINVAL;
+		mutex_unlock(&key_tfm_list_mutex);
+		goto out;
+	}
+
 	mutex_unlock(&key_tfm_list_mutex);
 	rc = ecryptfs_init_global_auth_toks(mount_crypt_stat);
 	if (rc)
-- 
1.7.10.4

Re: [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount

[Tyler Hicks]

[-- Attachment #1: Type: text/plain, Size: 2754 bytes --]

On 2012-07-10 21:05:51, Tim Sally wrote:
> The issue occurs when eCryptfs is mounted with a cipher supported by
> the crypto subsystem but not by eCryptfs. The mount succeeds and an
> error does not occur until a write. This change checks for eCryptfs
> cipher support at mount time.
> 
> Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
> https://bugs.launchpad.net/ecryptfs/+bug/338914

Hey Tim - Thanks for digging this one out of the bug tracker. :)

> 
> Signed-off-by: Tim Sally <tsally@atomicpeace.com>
> ---
>  fs/ecryptfs/main.c |   24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)
> 
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index df217dc..4eb1fc6 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
>  	char *fnek_src;
>  	char *cipher_key_bytes_src;
>  	char *fn_cipher_key_bytes_src;
> +	struct ecryptfs_key_tfm *key_tfm = NULL;
> +	u8 cipher_code;
>  
>  	*check_ruid = 0;
>  
> @@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
>  			goto out;
>  		}
>  	}
> +
> +	if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
> +					&key_tfm)) {
> +		ecryptfs_printk(KERN_ERR,
> +				"Cipher %s was not initalized correctly.\n",
> +				mount_crypt_stat->global_default_cipher_name);
> +		rc = -EINVAL;
> +		mutex_unlock(&key_tfm_list_mutex);
> +		goto out;
> +	}

We already know that the tfm exists because we already checked for its
existence and added it if it didn't exist. We shouldn't need to do it
again here.

> +
> +	cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name,
> +						key_tfm->key_size);
> +	if (!cipher_code) {
> +		ecryptfs_printk(KERN_ERR,
> +				"eCryptfs doesn't support: %s blocksize %zu.\n",
> +				key_tfm->cipher_name, key_tfm->key_size);
> +		rc = -EINVAL;
> +		mutex_unlock(&key_tfm_list_mutex);
> +		goto out;
> +	}

How about just calling

ecryptfs_code_for_cipher_string(mount_crypt_stat->global_default_cipher_name,
			mount_crypt_stat->global_default_cipher_key_size);

even before we lock the key_tfm_list_mutex a little above here? If that
fails, we don't even need to check for the tfm's existence or do
anything else besides error out.

Tyler

> +
>  	mutex_unlock(&key_tfm_list_mutex);
>  	rc = ecryptfs_init_global_auth_toks(mount_crypt_stat);
>  	if (rc)
> -- 
> 1.7.10.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

[PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount

[Tim Sally]

The issue occurs when eCryptfs is mounted with a cipher supported by
the crypto subsystem but not by eCryptfs. The mount succeeds and an
error does not occur until a write. This change checks for eCryptfs
cipher support at mount time.

Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914

Signed-off-by: Tim Sally <tsally@atomicpeace.com>
---
 fs/ecryptfs/main.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index df217dc..aee998d 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -279,6 +279,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
 	char *fnek_src;
 	char *cipher_key_bytes_src;
 	char *fn_cipher_key_bytes_src;
+	u8 cipher_code;
 
 	*check_ruid = 0;
 
@@ -420,6 +421,18 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
 	    && !fn_cipher_key_bytes_set)
 		mount_crypt_stat->global_default_fn_cipher_key_bytes =
 			mount_crypt_stat->global_default_cipher_key_size;
+
+	cipher_code = ecryptfs_code_for_cipher_string(
+		mount_crypt_stat->global_default_cipher_name,
+		mount_crypt_stat->global_default_cipher_key_size);
+	if (!cipher_code) {
+		ecryptfs_printk(KERN_ERR,
+				"eCryptfs doesn't support cipher: %s.",
+				mount_crypt_stat->global_default_cipher_name);
+		rc = -EINVAL;
+		goto out;
+	}
+
 	mutex_lock(&key_tfm_list_mutex);
 	if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
 				 NULL)) {
-- 
1.7.10.4

Re: [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount

[Tyler Hicks]

[-- Attachment #1: Type: text/plain, Size: 2132 bytes --]

On 2012-07-12 19:10:24, Tim Sally wrote:
> The issue occurs when eCryptfs is mounted with a cipher supported by
> the crypto subsystem but not by eCryptfs. The mount succeeds and an
> error does not occur until a write. This change checks for eCryptfs
> cipher support at mount time.
> 
> Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
> https://bugs.launchpad.net/ecryptfs/+bug/338914
> 
> Signed-off-by: Tim Sally <tsally@atomicpeace.com>

Looks good! I've pushed it to the eCryptfs -next branch and it will go
in during the 3.6 merge window.

I'm looking forward to more eCryptfs patches from you. Thanks!

Tyler

> ---
>  fs/ecryptfs/main.c |   13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index df217dc..aee998d 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -279,6 +279,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
>  	char *fnek_src;
>  	char *cipher_key_bytes_src;
>  	char *fn_cipher_key_bytes_src;
> +	u8 cipher_code;
>  
>  	*check_ruid = 0;
>  
> @@ -420,6 +421,18 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
>  	    && !fn_cipher_key_bytes_set)
>  		mount_crypt_stat->global_default_fn_cipher_key_bytes =
>  			mount_crypt_stat->global_default_cipher_key_size;
> +
> +	cipher_code = ecryptfs_code_for_cipher_string(
> +		mount_crypt_stat->global_default_cipher_name,
> +		mount_crypt_stat->global_default_cipher_key_size);
> +	if (!cipher_code) {
> +		ecryptfs_printk(KERN_ERR,
> +				"eCryptfs doesn't support cipher: %s.",
> +				mount_crypt_stat->global_default_cipher_name);
> +		rc = -EINVAL;
> +		goto out;
> +	}
> +
>  	mutex_lock(&key_tfm_list_mutex);
>  	if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
>  				 NULL)) {
> -- 
> 1.7.10.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]