summaryrefslogtreecommitdiff
path: root/fs/crypto/keysetup_v1.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2019-12-10 00:18:27 +0300
committerEric Biggers <ebiggers@google.com>2019-12-31 19:33:50 +0300
commit85af90e57ce9697d36d479124e0bfffb145e39a4 (patch)
tree5082ec8d9d7090a45e40c5a4808b46ac9d8c096b /fs/crypto/keysetup_v1.c
parent393a24a7956ce27d110b06bbd1674408ab8f6132 (diff)
downloadlinux-85af90e57ce9697d36d479124e0bfffb145e39a4.tar.xz
fscrypt: check for appropriate use of DIRECT_KEY flag earlier
FSCRYPT_POLICY_FLAG_DIRECT_KEY is currently only allowed with Adiantum encryption. But FS_IOC_SET_ENCRYPTION_POLICY allowed it in combination with other encryption modes, and an error wasn't reported until later when the encrypted directory was actually used. Fix it to report the error earlier by validating the correct use of the DIRECT_KEY flag in fscrypt_supported_policy(), similar to how we validate the IV_INO_LBLK_64 flag. Link: https://lore.kernel.org/r/20191209211829.239800-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto/keysetup_v1.c')
-rw-r--r--fs/crypto/keysetup_v1.c15
1 files changed, 0 insertions, 15 deletions
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index 5298ef22aa85..3578c1c607c5 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -253,23 +253,8 @@ err_free_dk:
static int setup_v1_file_key_direct(struct fscrypt_info *ci,
const u8 *raw_master_key)
{
- const struct fscrypt_mode *mode = ci->ci_mode;
struct fscrypt_direct_key *dk;
- if (!fscrypt_mode_supports_direct_key(mode)) {
- fscrypt_warn(ci->ci_inode,
- "Direct key mode not allowed with %s",
- mode->friendly_name);
- return -EINVAL;
- }
-
- if (ci->ci_policy.v1.contents_encryption_mode !=
- ci->ci_policy.v1.filenames_encryption_mode) {
- fscrypt_warn(ci->ci_inode,
- "Direct key mode not allowed with different contents and filenames modes");
- return -EINVAL;
- }
-
dk = fscrypt_get_direct_key(ci, raw_master_key);
if (IS_ERR(dk))
return PTR_ERR(dk);