X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=libcfs%2Flibcfs%2Fcrypto%2Fpolicy.c;h=5e744544f6b6e7873208ff48db452777acdb6c42;hb=f18c87cb5362496a4baadaa14265471c992ca06a;hp=bdfc683dba91e2b4eebd6ed5c6d908c02ceb40fa;hpb=a813e81870096bcfecbe12aeeed8e1b0114cd474;p=fs%2Flustre-release.git diff --git a/libcfs/libcfs/crypto/policy.c b/libcfs/libcfs/crypto/policy.c index bdfc683..5e74454 100644 --- a/libcfs/libcfs/crypto/policy.c +++ b/libcfs/libcfs/crypto/policy.c @@ -282,6 +282,25 @@ static int set_encryption_policy(struct inode *inode, return lsi->lsi_cop->set_context(inode, &ctx, ctxsize, NULL); } +/* Tell if an inode's encryption policy has filename encryption */ +bool llcrypt_policy_has_filename_enc(struct inode *inode) +{ + union llcrypt_policy policy; + int err; + + err = llcrypt_get_policy(inode, &policy); + if (err) + return true; + + if ((policy.version == LLCRYPT_POLICY_V1 && + policy.v1.filenames_encryption_mode == LLCRYPT_MODE_NULL) || + (policy.version == LLCRYPT_POLICY_V2 && + policy.v2.filenames_encryption_mode == LLCRYPT_MODE_NULL)) + return false; + return true; +} +EXPORT_SYMBOL(llcrypt_policy_has_filename_enc); + int llcrypt_ioctl_set_policy(struct file *filp, const void __user *arg) { union llcrypt_policy policy; @@ -368,12 +387,27 @@ int llcrypt_ioctl_get_policy(struct file *filp, void __user *arg) } EXPORT_SYMBOL(llcrypt_ioctl_get_policy); +/* Valid filenames_encryption_mode associated with contents_encryption_mode, + * as imposed by llcrypt_valid_enc_modes() + */ +static inline u8 contents2filenames_encmode(u8 contents_encryption_mode) +{ + if (contents_encryption_mode == LLCRYPT_MODE_AES_128_CBC) + return LLCRYPT_MODE_AES_128_CTS; + if (contents_encryption_mode == LLCRYPT_MODE_AES_256_XTS) + return LLCRYPT_MODE_AES_256_CTS; + if (contents_encryption_mode == LLCRYPT_MODE_ADIANTUM) + return LLCRYPT_MODE_ADIANTUM; + return LLCRYPT_MODE_NULL; +} + /* Extended ioctl version; can get policies of any version */ int llcrypt_ioctl_get_policy_ex(struct file *filp, void __user *uarg) { struct llcrypt_get_policy_ex_arg arg; union llcrypt_policy *policy = (union llcrypt_policy *)&arg.policy; size_t policy_size; + struct inode *inode = file_inode(filp); int err; /* arg is policy_size, then policy */ @@ -394,6 +428,33 @@ int llcrypt_ioctl_get_policy_ex(struct file *filp, void __user *uarg) return -EOVERFLOW; arg.policy_size = policy_size; + /* Do not return null filenames_encryption_mode to userspace, as it is + * unknown. Instead, return valid mode associated with + * contents_encryption_mode, as imposed by llcrypt_valid_enc_modes(). + */ + switch (policy->version) { + case LLCRYPT_POLICY_V1: + if (policy->v1.filenames_encryption_mode == LLCRYPT_MODE_NULL) { + policy->v1.filenames_encryption_mode = + contents2filenames_encmode( + policy->v1.contents_encryption_mode); + CWARN("inode %lu: returning policy filenames_encryption_mode as %d, but is in fact null\n", + inode->i_ino, + policy->v1.filenames_encryption_mode); + } + break; + case LLCRYPT_POLICY_V2: + if (policy->v2.filenames_encryption_mode == LLCRYPT_MODE_NULL) { + policy->v2.filenames_encryption_mode = + contents2filenames_encmode( + policy->v2.contents_encryption_mode); + CWARN("inode %lu: returning policy filenames_encryption_mode as %d, but is in fact null\n", + inode->i_ino, + policy->v2.filenames_encryption_mode); + } + break; + } + if (copy_to_user(uarg, &arg, sizeof(arg.policy_size) + policy_size)) return -EFAULT; return 0;