linux_old1/fs/crypto
Eric Biggers 5a7e29924d fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
Add a new fscrypt ioctl, FS_IOC_GET_ENCRYPTION_KEY_STATUS.  Given a key
specified by 'struct fscrypt_key_specifier' (the same way a key is
specified for the other fscrypt key management ioctls), it returns
status information in a 'struct fscrypt_get_key_status_arg'.

The main motivation for this is that applications need to be able to
check whether an encrypted directory is "unlocked" or not, so that they
can add the key if it is not, and avoid adding the key (which may
involve prompting the user for a passphrase) if it already is.

It's possible to use some workarounds such as checking whether opening a
regular file fails with ENOKEY, or checking whether the filenames "look
like gibberish" or not.  However, no workaround is usable in all cases.

Like the other key management ioctls, the keyrings syscalls may seem at
first to be a good fit for this.  Unfortunately, they are not.  Even if
we exposed the keyring ID of the ->s_master_keys keyring and gave
everyone Search permission on it (note: currently the keyrings
permission system would also allow everyone to "invalidate" the keyring
too), the fscrypt keys have an additional state that doesn't map cleanly
to the keyrings API: the secret can be removed, but we can be still
tracking the files that were using the key, and the removal can be
re-attempted or the secret added again.

After later patches, some applications will also need a way to determine
whether a key was added by the current user vs. by some other user.
Reserved fields are included in fscrypt_get_key_status_arg for this and
other future extensions.

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-08-12 19:18:50 -07:00
..
Kconfig fscrypt: remove selection of CONFIG_CRYPTO_SHA256 2019-06-27 10:29:33 -07:00
Makefile fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl 2019-08-12 19:06:13 -07:00
bio.c fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio() 2019-05-28 10:27:53 -07:00
crypto.c fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl 2019-08-12 19:06:13 -07:00
fname.c fscrypt: use FSCRYPT_* definitions, not FS_* 2019-08-12 19:05:19 -07:00
fscrypt_private.h fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl 2019-08-12 19:18:49 -07:00
hooks.c fscrypt: make fscrypt_msg() take inode instead of super_block 2019-08-12 19:04:44 -07:00
keyring.c fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl 2019-08-12 19:18:50 -07:00
keysetup.c fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl 2019-08-12 19:18:49 -07:00
keysetup_v1.c fscrypt: move v1 policy key setup to keysetup_v1.c 2019-08-12 19:06:00 -07:00
policy.c fscrypt: use FSCRYPT_* definitions, not FS_* 2019-08-12 19:05:19 -07:00