+ ecryptfs-set-the-key-size-from-the-default-for-the-mount.patch added to -mm tree

akpm@xxxxxxxx · Tue, 20 Jun 2006 17:37:36 -0700

The patch titled

     ecryptfs: set the key size from the default for the mount

has been added to the -mm tree.  Its filename is

     ecryptfs-set-the-key-size-from-the-default-for-the-mount.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: ecryptfs: set the key size from the default for the mount
From: Mike Halcrow <mhalcrow@xxxxxxxxxx>


Remove the hard-coded key size and use the one specified through the mount
parameter.

Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 fs/ecryptfs/crypto.c |   34 +++++++++++++++++++++-------------
 1 files changed, 21 insertions(+), 13 deletions(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-set-the-key-size-from-the-default-for-the-mount fs/ecryptfs/crypto.c

--- 25/fs/ecryptfs/crypto.c~ecryptfs-set-the-key-size-from-the-default-for-the-mount	Tue Jun 20 17:37:35 2006
+++ 25-akpm/fs/ecryptfs/crypto.c	Tue Jun 20 17:37:35 2006
@@ -730,8 +730,10 @@ int ecryptfs_init_crypt_ctx(struct ecryp
 		goto out;
 	}
 	ecryptfs_printk(KERN_DEBUG,
-			"Initializing cipher [%s]; strlen = [%d]\n",
-			crypt_stat->cipher, (int)strlen(crypt_stat->cipher));
+			"Initializing cipher [%s]; strlen = [%d]; "
+			"key_size_bits = [%d]\n",
+			crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
+			crypt_stat->key_size_bits);
 	if (crypt_stat->tfm) {
 		rc = 0;
 		goto out;
@@ -816,6 +818,18 @@ out:
 	return rc;
 }
 
+static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
+{
+	get_random_bytes(crypt_stat->key, (crypt_stat->key_size_bits >> 3));
+	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
+	ecryptfs_compute_root_iv(crypt_stat);
+	if (unlikely(ecryptfs_verbosity > 0)) {
+		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
+		ecryptfs_dump_hex(crypt_stat->key,
+				  crypt_stat->key_size_bits / 8);
+	}
+}
+
 /**
  * ecryptfs_set_default_crypt_stat_vals
  * @crypt_stat
@@ -825,19 +839,10 @@ out:
 static void
 ecryptfs_set_default_crypt_stat_vals(struct ecryptfs_crypt_stat *crypt_stat)
 {
-	int key_size_bits = ECRYPTFS_DEFAULT_KEY_BYTES * 8;
-
 	ecryptfs_set_default_sizes(crypt_stat);
 	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
-	crypt_stat->key_size_bits = key_size_bits;
-	get_random_bytes(crypt_stat->key, key_size_bits / 8);
-	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
-	ecryptfs_compute_root_iv(crypt_stat);
-	if (unlikely(ecryptfs_verbosity > 0)) {
-		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
-		ecryptfs_dump_hex(crypt_stat->key,
-				  crypt_stat->key_size_bits / 8);
-	}
+	crypt_stat->key_size_bits = ECRYPTFS_DEFAULT_KEY_BYTES << 3;
+	ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
 	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
 }
 
@@ -887,6 +892,9 @@ int ecryptfs_new_file_context(struct den
 		       mount_crypt_stat->global_default_cipher_name,
 		       cipher_name_len);
 		crypt_stat->cipher[cipher_name_len] = '\0';
+		crypt_stat->key_size_bits =
+			mount_crypt_stat->global_default_cipher_key_bits;
+		ecryptfs_generate_new_key(crypt_stat);
 	} else
 		/* We should not encounter this scenario since we
 		 * should detect lack of global_auth_tok at mount time
_

Patches currently in -mm which might be from mhalcrow@xxxxxxxxxx are

ecryptfs-fs-makefile-and-fs-kconfig.patch
ecryptfs-fs-makefile-and-fs-kconfig-remove-ecrypt_debug-from-fs-kconfig.patch
ecryptfs-documentation.patch
ecryptfs-makefile.patch
ecryptfs-main-module-functions.patch
ecryptfs-main-module-functions-uint16_t-u16.patch
ecryptfs-header-declarations.patch
ecryptfs-header-declarations-update.patch
ecryptfs-header-declarations-update-convert-signed-data-types-to-unsigned-data-types.patch
ecryptfs-header-declarations-remove-unnecessary-ifndefs.patch
ecryptfs-superblock-operations.patch
ecryptfs-dentry-operations.patch
ecryptfs-file-operations.patch
ecryptfs-file-operations-remove-null-==-syntax.patch
ecryptfs-file-operations-remove-extraneous-read-of-inode-size-from-header.patch
ecryptfs-file-operations-fix.patch
ecryptfs-file-operations-fix-premature-release-of-file_info-memory.patch
ecryptfs-inode-operations.patch
ecryptfs-mmap-operations.patch
mark-address_space_operations-const-vs-ecryptfs-mmap-operations.patch
ecryptfs-keystore.patch
ecryptfs-crypto-functions.patch
ecryptfs-debug-functions.patch
ecryptfs-alpha-build-fix.patch
ecryptfs-convert-assert-to-bug_on.patch
ecryptfs-remove-unnecessary-null-checks.patch
ecryptfs-rewrite-ecryptfs_fsync.patch
ecryptfs-overhaul-file-locking.patch
ecryptfs-dont-muck-with-the-existing-nameidata-structures.patch
ecryptfs-asm-scatterlisth-linux-scatterlisth.patch
ecryptfs-support-for-larger-maximum-key-size.patch
ecryptfs-add-codes-for-additional-ciphers.patch
ecryptfs-unencrypted-key-size-based-on-encrypted-key-size.patch
ecryptfs-packet-and-key-management-update-for-variable-key-size.patch
ecryptfs-add-ecryptfs_-prefix-to-mount-options-key-size-parameter.patch
ecryptfs-set-the-key-size-from-the-default-for-the-mount.patch
ecryptfs-check-for-weak-keys.patch
ecryptfs-add-define-values-for-cipher-codes-from-rfc2440-openpgp.patch
ecryptfs-convert-bits-to-bytes.patch
ecryptfs-more-elegant-aes-key-size-manipulation.patch
ecryptfs-more-elegant-aes-key-size-manipulation-tidy.patch
ecryptfs-more-intelligent-use-of-tfm-objects.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




