policy.c (66da65005aa819e0b8d3a08f5ec1491b7690cb67) | policy.c (6b2a51ff03bf0c54cbc699ee85a9a49eb203ebfc) |
---|---|
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Encryption policy functions for per-file encryption support. 4 * 5 * Copyright (C) 2015, Google, Inc. 6 * Copyright (C) 2015, Motorola Mobility. 7 * 8 * Originally written by Michael Halcrow, 2015. --- 47 unchanged lines hidden (view full) --- 56static const union fscrypt_policy * 57fscrypt_get_dummy_policy(struct super_block *sb) 58{ 59 if (!sb->s_cop->get_dummy_policy) 60 return NULL; 61 return sb->s_cop->get_dummy_policy(sb); 62} 63 | 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Encryption policy functions for per-file encryption support. 4 * 5 * Copyright (C) 2015, Google, Inc. 6 * Copyright (C) 2015, Motorola Mobility. 7 * 8 * Originally written by Michael Halcrow, 2015. --- 47 unchanged lines hidden (view full) --- 56static const union fscrypt_policy * 57fscrypt_get_dummy_policy(struct super_block *sb) 58{ 59 if (!sb->s_cop->get_dummy_policy) 60 return NULL; 61 return sb->s_cop->get_dummy_policy(sb); 62} 63 |
64static bool fscrypt_valid_enc_modes(u32 contents_mode, u32 filenames_mode) | 64static bool fscrypt_valid_enc_modes_v1(u32 contents_mode, u32 filenames_mode) |
65{ 66 if (contents_mode == FSCRYPT_MODE_AES_256_XTS && 67 filenames_mode == FSCRYPT_MODE_AES_256_CTS) 68 return true; 69 70 if (contents_mode == FSCRYPT_MODE_AES_128_CBC && 71 filenames_mode == FSCRYPT_MODE_AES_128_CTS) 72 return true; 73 74 if (contents_mode == FSCRYPT_MODE_ADIANTUM && 75 filenames_mode == FSCRYPT_MODE_ADIANTUM) 76 return true; 77 78 return false; 79} 80 | 65{ 66 if (contents_mode == FSCRYPT_MODE_AES_256_XTS && 67 filenames_mode == FSCRYPT_MODE_AES_256_CTS) 68 return true; 69 70 if (contents_mode == FSCRYPT_MODE_AES_128_CBC && 71 filenames_mode == FSCRYPT_MODE_AES_128_CTS) 72 return true; 73 74 if (contents_mode == FSCRYPT_MODE_ADIANTUM && 75 filenames_mode == FSCRYPT_MODE_ADIANTUM) 76 return true; 77 78 return false; 79} 80 |
81static bool fscrypt_valid_enc_modes_v2(u32 contents_mode, u32 filenames_mode) 82{ 83 if (contents_mode == FSCRYPT_MODE_AES_256_XTS && 84 filenames_mode == FSCRYPT_MODE_AES_256_HCTR2) 85 return true; 86 return fscrypt_valid_enc_modes_v1(contents_mode, filenames_mode); 87} 88 |
|
81static bool supported_direct_key_modes(const struct inode *inode, 82 u32 contents_mode, u32 filenames_mode) 83{ 84 const struct fscrypt_mode *mode; 85 86 if (contents_mode != filenames_mode) { 87 fscrypt_warn(inode, 88 "Direct key flag not allowed with different contents and filenames modes"); --- 57 unchanged lines hidden (view full) --- 146 return false; 147 } 148 return true; 149} 150 151static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, 152 const struct inode *inode) 153{ | 89static bool supported_direct_key_modes(const struct inode *inode, 90 u32 contents_mode, u32 filenames_mode) 91{ 92 const struct fscrypt_mode *mode; 93 94 if (contents_mode != filenames_mode) { 95 fscrypt_warn(inode, 96 "Direct key flag not allowed with different contents and filenames modes"); --- 57 unchanged lines hidden (view full) --- 154 return false; 155 } 156 return true; 157} 158 159static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, 160 const struct inode *inode) 161{ |
154 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, | 162 if (!fscrypt_valid_enc_modes_v1(policy->contents_encryption_mode, |
155 policy->filenames_encryption_mode)) { 156 fscrypt_warn(inode, 157 "Unsupported encryption modes (contents %d, filenames %d)", 158 policy->contents_encryption_mode, 159 policy->filenames_encryption_mode); 160 return false; 161 } 162 --- 19 unchanged lines hidden (view full) --- 182 return true; 183} 184 185static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, 186 const struct inode *inode) 187{ 188 int count = 0; 189 | 163 policy->filenames_encryption_mode)) { 164 fscrypt_warn(inode, 165 "Unsupported encryption modes (contents %d, filenames %d)", 166 policy->contents_encryption_mode, 167 policy->filenames_encryption_mode); 168 return false; 169 } 170 --- 19 unchanged lines hidden (view full) --- 190 return true; 191} 192 193static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, 194 const struct inode *inode) 195{ 196 int count = 0; 197 |
190 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, | 198 if (!fscrypt_valid_enc_modes_v2(policy->contents_encryption_mode, |
191 policy->filenames_encryption_mode)) { 192 fscrypt_warn(inode, 193 "Unsupported encryption modes (contents %d, filenames %d)", 194 policy->contents_encryption_mode, 195 policy->filenames_encryption_mode); 196 return false; 197 } 198 --- 644 unchanged lines hidden --- | 199 policy->filenames_encryption_mode)) { 200 fscrypt_warn(inode, 201 "Unsupported encryption modes (contents %d, filenames %d)", 202 policy->contents_encryption_mode, 203 policy->filenames_encryption_mode); 204 return false; 205 } 206 --- 644 unchanged lines hidden --- |