9848856fe1
* refs/heads/tmp-3f51ea2
Linux 4.4.133
x86/kexec: Avoid double free_page() upon do_kexec_load() failure
hfsplus: stop workqueue when fill_super() failed
cfg80211: limit wiphy names to 128 bytes
gpio: rcar: Add Runtime PM handling for interrupts
time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
dmaengine: ensure dmaengine helpers check valid callback
scsi: zfcp: fix infinite iteration on ERP ready list
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
scsi: libsas: defer ata device eh commands to libata
s390: use expoline thunks in the BPF JIT
s390: extend expoline to BC instructions
s390: move spectre sysfs attribute code
s390/kernel: use expoline for indirect branches
s390/lib: use expoline for indirect branches
s390: move expoline assembler macros to a header
s390: add assembler macros for CPU alternatives
ext2: fix a block leak
tcp: purge write queue in tcp_connect_init()
sock_diag: fix use-after-free read in __sk_free
packet: in packet_snd start writing at link layer allocation
net: test tailroom before appending to linear skb
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
btrfs: fix crash when trying to resume balance without the resume flag
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
mm: don't allow deferred pages with NEED_PER_CPU_KM
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
procfs: fix pthread cross-thread naming if !PR_DUMPABLE
proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
cpufreq: intel_pstate: Enable HWP by default
signals: avoid unnecessary taking of sighand->siglock
mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read
mm: filemap: remove redundant code in do_read_cache_page
proc: meminfo: estimate available memory more conservatively
vmscan: do not force-scan file lru if its absolute size is small
powerpc: Don't preempt_disable() in show_cpuinfo()
cpuidle: coupled: remove unused define cpuidle_coupled_lock
powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
powerpc/powernv: Remove OPALv2 firmware define and references
powerpc/powernv: panic() on OPAL < V3
spi: pxa2xx: Allow 64-bit DMA
ALSA: control: fix a redundant-copy issue
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
kernel/exit.c: avoid undefined behaviour when calling wait4()
futex: futex_wake_op, fix sign_extend32 sign bits
pipe: cap initial pipe capacity according to pipe-max-size limit
l2tp: revert "l2tp: fix missing print session offset info"
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
lockd: lost rollback of set_grace_period() in lockd_down_net()
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
futex: Remove duplicated code and fix undefined behaviour
futex: Remove unnecessary warning from get_futex_key
arm64: Add work around for Arm Cortex-A55 Erratum 1024718
arm64: introduce mov_q macro to move a constant into a 64-bit register
audit: move calcs after alloc and check when logging set loginuid
ALSA: timer: Call notifier in the same spinlock
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
tcp: ignore Fast Open on repair mode
bonding: do not allow rlb updates to invalid mac
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
net: support compat 64-bit time in {s,g}etsockopt
net_sched: fq: take care of throttled flows before reuse
net/mlx4_en: Verify coalescing parameters are in range
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
dccp: fix tasklet usage
bridge: check iface upper dev when setting master via ioctl
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
BACKPORT, FROMLIST: fscrypt: add Speck128/256 support
cgroup: Disable IRQs while holding css_set_lock
Revert "cgroup: Disable IRQs while holding css_set_lock"
cgroup: Disable IRQs while holding css_set_lock
ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
x86: vdso: Fix leaky vdso linker with CC=clang.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Fix path to clang.
UPSTREAM: dm bufio: avoid sleeping while holding the dm_bufio lock
ANDROID: sdcardfs: Don't d_drop in d_revalidate
Conflicts:
arch/arm64/include/asm/cputype.h
fs/ext4/crypto.c
fs/ext4/ext4.h
kernel/cgroup.c
mm/vmscan.c
Change-Id: Ic10c5722b6439af1cf423fd949c493f786764d7e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
393 lines
11 KiB
C
393 lines
11 KiB
C
/*
|
|
* linux/fs/ext4/crypto_key.c
|
|
*
|
|
* Copyright (C) 2015, Google, Inc.
|
|
*
|
|
* This contains encryption key functions for ext4
|
|
*
|
|
* Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
|
|
*/
|
|
|
|
#include <keys/encrypted-type.h>
|
|
#include <keys/user-type.h>
|
|
#include <linux/random.h>
|
|
#include <linux/scatterlist.h>
|
|
#include <uapi/linux/keyctl.h>
|
|
|
|
#include "ext4.h"
|
|
#include "ext4_ice.h"
|
|
#include "xattr.h"
|
|
|
|
static void derive_crypt_complete(struct crypto_async_request *req, int rc)
|
|
{
|
|
struct ext4_completion_result *ecr = req->data;
|
|
|
|
if (rc == -EINPROGRESS)
|
|
return;
|
|
|
|
ecr->res = rc;
|
|
complete(&ecr->completion);
|
|
}
|
|
|
|
/**
|
|
* ext4_derive_key_v1() - Derive a key using AES-128-ECB
|
|
* @deriving_key: Encryption key used for derivation.
|
|
* @source_key: Source key to which to apply derivation.
|
|
* @derived_key: Derived key.
|
|
*
|
|
* Return: 0 on success, -errno on failure
|
|
*/
|
|
static int ext4_derive_key_v1(const char deriving_key[EXT4_AES_128_ECB_KEY_SIZE],
|
|
const char source_key[EXT4_AES_256_XTS_KEY_SIZE],
|
|
char derived_key[EXT4_AES_256_XTS_KEY_SIZE])
|
|
{
|
|
int res = 0;
|
|
struct ablkcipher_request *req = NULL;
|
|
DECLARE_EXT4_COMPLETION_RESULT(ecr);
|
|
struct scatterlist src_sg, dst_sg;
|
|
struct crypto_ablkcipher *tfm = crypto_alloc_ablkcipher("ecb(aes)", 0,
|
|
0);
|
|
|
|
if (IS_ERR(tfm)) {
|
|
res = PTR_ERR(tfm);
|
|
tfm = NULL;
|
|
goto out;
|
|
}
|
|
crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
|
|
req = ablkcipher_request_alloc(tfm, GFP_NOFS);
|
|
if (!req) {
|
|
res = -ENOMEM;
|
|
goto out;
|
|
}
|
|
ablkcipher_request_set_callback(req,
|
|
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
|
|
derive_crypt_complete, &ecr);
|
|
res = crypto_ablkcipher_setkey(tfm, deriving_key,
|
|
EXT4_AES_128_ECB_KEY_SIZE);
|
|
if (res < 0)
|
|
goto out;
|
|
sg_init_one(&src_sg, source_key, EXT4_AES_256_XTS_KEY_SIZE);
|
|
sg_init_one(&dst_sg, derived_key, EXT4_AES_256_XTS_KEY_SIZE);
|
|
ablkcipher_request_set_crypt(req, &src_sg, &dst_sg,
|
|
EXT4_AES_256_XTS_KEY_SIZE, NULL);
|
|
res = crypto_ablkcipher_encrypt(req);
|
|
if (res == -EINPROGRESS || res == -EBUSY) {
|
|
wait_for_completion(&ecr.completion);
|
|
res = ecr.res;
|
|
}
|
|
|
|
out:
|
|
if (req)
|
|
ablkcipher_request_free(req);
|
|
if (tfm)
|
|
crypto_free_ablkcipher(tfm);
|
|
return res;
|
|
}
|
|
|
|
/**
|
|
* ext4_derive_key_v2() - Derive a key non-reversibly
|
|
* @nonce: the nonce associated with the file
|
|
* @master_key: the master key referenced by the file
|
|
* @derived_key: (output) the resulting derived key
|
|
*
|
|
* This function computes the following:
|
|
* derived_key[0:127] = AES-256-ENCRYPT(master_key[0:255], nonce)
|
|
* derived_key[128:255] = AES-256-ENCRYPT(master_key[0:255], nonce ^ 0x01)
|
|
* derived_key[256:383] = AES-256-ENCRYPT(master_key[256:511], nonce)
|
|
* derived_key[384:511] = AES-256-ENCRYPT(master_key[256:511], nonce ^ 0x01)
|
|
*
|
|
* 'nonce ^ 0x01' denotes flipping the low order bit of the last byte.
|
|
*
|
|
* Unlike the v1 algorithm, the v2 algorithm is "non-reversible", meaning that
|
|
* compromising a derived key does not also compromise the master key.
|
|
*
|
|
* Return: 0 on success, -errno on failure
|
|
*/
|
|
static int ext4_derive_key_v2(const char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE],
|
|
const char master_key[EXT4_MAX_KEY_SIZE],
|
|
char derived_key[EXT4_MAX_KEY_SIZE])
|
|
{
|
|
const int noncelen = EXT4_KEY_DERIVATION_NONCE_SIZE;
|
|
struct crypto_cipher *tfm;
|
|
int err;
|
|
int i;
|
|
|
|
/*
|
|
* Since we only use each transform for a small number of encryptions,
|
|
* requesting just "aes" turns out to be significantly faster than
|
|
* "ecb(aes)", by about a factor of two.
|
|
*/
|
|
tfm = crypto_alloc_cipher("aes", 0, 0);
|
|
if (IS_ERR(tfm))
|
|
return PTR_ERR(tfm);
|
|
|
|
BUILD_BUG_ON(4 * EXT4_KEY_DERIVATION_NONCE_SIZE != EXT4_MAX_KEY_SIZE);
|
|
BUILD_BUG_ON(2 * EXT4_AES_256_ECB_KEY_SIZE != EXT4_MAX_KEY_SIZE);
|
|
for (i = 0; i < 2; i++) {
|
|
memcpy(derived_key, nonce, noncelen);
|
|
memcpy(derived_key + noncelen, nonce, noncelen);
|
|
derived_key[2 * noncelen - 1] ^= 0x01;
|
|
err = crypto_cipher_setkey(tfm, master_key,
|
|
EXT4_AES_256_ECB_KEY_SIZE);
|
|
if (err)
|
|
break;
|
|
crypto_cipher_encrypt_one(tfm, derived_key, derived_key);
|
|
crypto_cipher_encrypt_one(tfm, derived_key + noncelen,
|
|
derived_key + noncelen);
|
|
master_key += EXT4_AES_256_ECB_KEY_SIZE;
|
|
derived_key += 2 * noncelen;
|
|
}
|
|
crypto_free_cipher(tfm);
|
|
return err;
|
|
}
|
|
|
|
/**
|
|
* ext4_derive_key() - Derive a per-file key from a nonce and master key
|
|
* @ctx: the encryption context associated with the file
|
|
* @master_key: the master key referenced by the file
|
|
* @derived_key: (output) the resulting derived key
|
|
*
|
|
* Return: 0 on success, -errno on failure
|
|
*/
|
|
static int ext4_derive_key(const struct ext4_encryption_context *ctx,
|
|
const char master_key[EXT4_MAX_KEY_SIZE],
|
|
char derived_key[EXT4_MAX_KEY_SIZE])
|
|
{
|
|
BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE != EXT4_KEY_DERIVATION_NONCE_SIZE);
|
|
BUILD_BUG_ON(EXT4_AES_256_XTS_KEY_SIZE != EXT4_MAX_KEY_SIZE);
|
|
|
|
/*
|
|
* Although the key derivation algorithm is logically independent of the
|
|
* choice of encryption modes, in this kernel it is bundled with HEH
|
|
* encryption of filenames, which is another crypto improvement that
|
|
* requires an on-disk format change and requires userspace to specify
|
|
* different encryption policies.
|
|
*/
|
|
if (ctx->filenames_encryption_mode == EXT4_ENCRYPTION_MODE_AES_256_HEH)
|
|
return ext4_derive_key_v2(ctx->nonce, master_key, derived_key);
|
|
else
|
|
return ext4_derive_key_v1(ctx->nonce, master_key, derived_key);
|
|
}
|
|
|
|
void ext4_free_crypt_info(struct ext4_crypt_info *ci)
|
|
{
|
|
if (!ci)
|
|
return;
|
|
|
|
if (ci->ci_keyring_key)
|
|
key_put(ci->ci_keyring_key);
|
|
crypto_free_ablkcipher(ci->ci_ctfm);
|
|
kmem_cache_free(ext4_crypt_info_cachep, ci);
|
|
}
|
|
|
|
void ext4_free_encryption_info(struct inode *inode,
|
|
struct ext4_crypt_info *ci)
|
|
{
|
|
struct ext4_inode_info *ei = EXT4_I(inode);
|
|
struct ext4_crypt_info *prev;
|
|
|
|
if (ci == NULL)
|
|
ci = ACCESS_ONCE(ei->i_crypt_info);
|
|
if (ci == NULL)
|
|
return;
|
|
prev = cmpxchg(&ei->i_crypt_info, ci, NULL);
|
|
if (prev != ci)
|
|
return;
|
|
|
|
ext4_free_crypt_info(ci);
|
|
}
|
|
|
|
static int ext4_default_data_encryption_mode(void)
|
|
{
|
|
return ext4_is_ice_enabled() ? EXT4_ENCRYPTION_MODE_PRIVATE :
|
|
EXT4_ENCRYPTION_MODE_AES_256_XTS;
|
|
}
|
|
|
|
int _ext4_get_encryption_info(struct inode *inode)
|
|
{
|
|
struct ext4_inode_info *ei = EXT4_I(inode);
|
|
struct ext4_crypt_info *crypt_info;
|
|
char full_key_descriptor[EXT4_KEY_DESC_PREFIX_SIZE +
|
|
(EXT4_KEY_DESCRIPTOR_SIZE * 2) + 1];
|
|
struct key *keyring_key = NULL;
|
|
struct ext4_encryption_key *master_key;
|
|
struct ext4_encryption_context ctx;
|
|
const struct user_key_payload *ukp;
|
|
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
|
|
struct crypto_ablkcipher *ctfm;
|
|
const char *cipher_str;
|
|
int for_fname = 0;
|
|
int mode;
|
|
int res;
|
|
|
|
res = ext4_init_crypto();
|
|
if (res)
|
|
return res;
|
|
|
|
retry:
|
|
crypt_info = ACCESS_ONCE(ei->i_crypt_info);
|
|
if (crypt_info) {
|
|
if (!crypt_info->ci_keyring_key ||
|
|
key_validate(crypt_info->ci_keyring_key) == 0)
|
|
return 0;
|
|
ext4_free_encryption_info(inode, crypt_info);
|
|
goto retry;
|
|
}
|
|
|
|
res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
|
|
EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
|
|
&ctx, sizeof(ctx));
|
|
if (res < 0) {
|
|
if (!DUMMY_ENCRYPTION_ENABLED(sbi))
|
|
return res;
|
|
ctx.contents_encryption_mode =
|
|
ext4_default_data_encryption_mode();
|
|
ctx.filenames_encryption_mode =
|
|
EXT4_ENCRYPTION_MODE_AES_256_CTS;
|
|
ctx.flags = 0;
|
|
} else if (res != sizeof(ctx))
|
|
return -EINVAL;
|
|
res = 0;
|
|
|
|
crypt_info = kmem_cache_alloc(ext4_crypt_info_cachep, GFP_KERNEL);
|
|
if (!crypt_info)
|
|
return -ENOMEM;
|
|
|
|
crypt_info->ci_flags = ctx.flags;
|
|
crypt_info->ci_data_mode = ctx.contents_encryption_mode;
|
|
crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
|
|
crypt_info->ci_ctfm = NULL;
|
|
crypt_info->ci_keyring_key = NULL;
|
|
memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
|
|
sizeof(crypt_info->ci_master_key));
|
|
if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
|
|
for_fname = 1;
|
|
else if (!S_ISREG(inode->i_mode))
|
|
BUG();
|
|
mode = for_fname ? crypt_info->ci_filename_mode :
|
|
crypt_info->ci_data_mode;
|
|
switch (mode) {
|
|
case EXT4_ENCRYPTION_MODE_AES_256_XTS:
|
|
cipher_str = "xts(aes)";
|
|
break;
|
|
case EXT4_ENCRYPTION_MODE_AES_256_CTS:
|
|
cipher_str = "cts(cbc(aes))";
|
|
break;
|
|
case EXT4_ENCRYPTION_MODE_PRIVATE:
|
|
cipher_str = "bugon";
|
|
case EXT4_ENCRYPTION_MODE_AES_256_HEH:
|
|
cipher_str = "heh(aes)";
|
|
break;
|
|
case EXT4_ENCRYPTION_MODE_SPECK128_256_XTS:
|
|
cipher_str = "xts(speck128)";
|
|
break;
|
|
case EXT4_ENCRYPTION_MODE_SPECK128_256_CTS:
|
|
cipher_str = "cts(cbc(speck128))";
|
|
break;
|
|
default:
|
|
printk_once(KERN_WARNING
|
|
"ext4: unsupported key mode %d (ino %u)\n",
|
|
mode, (unsigned) inode->i_ino);
|
|
res = -ENOKEY;
|
|
goto out;
|
|
}
|
|
if (DUMMY_ENCRYPTION_ENABLED(sbi)) {
|
|
memset(crypt_info->ci_raw_key, 0x42, EXT4_AES_256_XTS_KEY_SIZE);
|
|
goto got_key;
|
|
}
|
|
memcpy(full_key_descriptor, EXT4_KEY_DESC_PREFIX,
|
|
EXT4_KEY_DESC_PREFIX_SIZE);
|
|
sprintf(full_key_descriptor + EXT4_KEY_DESC_PREFIX_SIZE,
|
|
"%*phN", EXT4_KEY_DESCRIPTOR_SIZE,
|
|
ctx.master_key_descriptor);
|
|
full_key_descriptor[EXT4_KEY_DESC_PREFIX_SIZE +
|
|
(2 * EXT4_KEY_DESCRIPTOR_SIZE)] = '\0';
|
|
keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL);
|
|
if (IS_ERR(keyring_key)) {
|
|
res = PTR_ERR(keyring_key);
|
|
keyring_key = NULL;
|
|
goto out;
|
|
}
|
|
crypt_info->ci_keyring_key = keyring_key;
|
|
if (keyring_key->type != &key_type_logon) {
|
|
printk_once(KERN_WARNING
|
|
"ext4: key type must be logon\n");
|
|
res = -ENOKEY;
|
|
goto out;
|
|
}
|
|
down_read(&keyring_key->sem);
|
|
ukp = user_key_payload(keyring_key);
|
|
if (!ukp) {
|
|
/* key was revoked before we acquired its semaphore */
|
|
res = -EKEYREVOKED;
|
|
up_read(&keyring_key->sem);
|
|
goto out;
|
|
}
|
|
if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
|
|
res = -EINVAL;
|
|
up_read(&keyring_key->sem);
|
|
goto out;
|
|
}
|
|
master_key = (struct ext4_encryption_key *)ukp->data;
|
|
BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
|
|
EXT4_KEY_DERIVATION_NONCE_SIZE);
|
|
if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
|
|
printk_once(KERN_WARNING
|
|
"ext4: key size incorrect: %d\n",
|
|
master_key->size);
|
|
res = -ENOKEY;
|
|
up_read(&keyring_key->sem);
|
|
goto out;
|
|
}
|
|
res = ext4_derive_key(&ctx, master_key->raw,
|
|
crypt_info->ci_raw_key);
|
|
up_read(&keyring_key->sem);
|
|
if (res)
|
|
goto out;
|
|
got_key:
|
|
if (for_fname ||
|
|
(crypt_info->ci_data_mode != EXT4_ENCRYPTION_MODE_PRIVATE)) {
|
|
ctfm = crypto_alloc_ablkcipher(cipher_str, 0, 0);
|
|
if (!ctfm || IS_ERR(ctfm)) {
|
|
res = ctfm ? PTR_ERR(ctfm) : -ENOMEM;
|
|
pr_debug("%s: error %d (inode %u) allocating crypto tfm\n",
|
|
__func__, res, (unsigned) inode->i_ino);
|
|
goto out;
|
|
}
|
|
crypt_info->ci_ctfm = ctfm;
|
|
crypto_ablkcipher_clear_flags(ctfm, ~0);
|
|
crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctfm),
|
|
CRYPTO_TFM_REQ_WEAK_KEY);
|
|
res = crypto_ablkcipher_setkey(ctfm, crypt_info->ci_raw_key,
|
|
ext4_encryption_key_size(mode));
|
|
if (res)
|
|
goto out;
|
|
memzero_explicit(crypt_info->ci_raw_key,
|
|
sizeof(crypt_info->ci_raw_key));
|
|
} else if (!ext4_is_ice_enabled()) {
|
|
pr_warn("%s: ICE support not available\n",
|
|
__func__);
|
|
res = -EINVAL;
|
|
goto out;
|
|
}
|
|
if (cmpxchg(&ei->i_crypt_info, NULL, crypt_info) != NULL) {
|
|
ext4_free_crypt_info(crypt_info);
|
|
goto retry;
|
|
}
|
|
return 0;
|
|
|
|
out:
|
|
if (res == -ENOKEY)
|
|
res = 0;
|
|
memzero_explicit(crypt_info->ci_raw_key,
|
|
sizeof(crypt_info->ci_raw_key));
|
|
ext4_free_crypt_info(crypt_info);
|
|
return res;
|
|
}
|
|
|
|
int ext4_has_encryption_key(struct inode *inode)
|
|
{
|
|
struct ext4_inode_info *ei = EXT4_I(inode);
|
|
|
|
return (ei->i_crypt_info != NULL);
|
|
}
|