int ecryptfs_sdp_convert_dek(struct dentry *dentry) { int rc = 0; struct inode *inode = dentry->d_inode; struct ecryptfs_crypt_stat *crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; dek_t DEK; rc = dek_decrypt_dek_efs(crypt_stat->userid, &crypt_stat->sdp_dek, &DEK); if (rc < 0) { DEK_LOGE("Error converting dek [DEC]; rc = [%d]\n", rc); goto out; } rc = dek_encrypt_dek_efs(crypt_stat->userid, &DEK, &crypt_stat->sdp_dek); if (rc < 0) { DEK_LOGE("Error converting dek [ENC]; rc = [%d]\n", rc); goto out; } rc = ecryptfs_update_crypt_flag(dentry, 1); if (rc < 0) { DEK_LOGE("Error converting dek [FLAG]; rc = [%d]\n", rc); goto out; } out: memset(&DEK, 0, sizeof(dek_t)); return rc; }
int ecryptfs_get_sdp_dek(unsigned char *sig, int *sig_len, struct ecryptfs_crypt_stat *crypt_stat) { int rc = 0; if(crypt_stat != NULL && (crypt_stat->flags & ECRYPTFS_DEK_SDP_ENABLED)) { if((crypt_stat->flags & ECRYPTFS_DEK_IS_SENSITIVE)) { dek_t DEK; #if ECRYPTFS_DEK_DEBUG DEK_LOGD("get_sdp_dek: sensitive, dek type: %d\n", crypt_stat->sdp_dek.type); ecryptfs_dumpkey(crypt_stat->userid, "sdp_dek:", crypt_stat->sdp_dek.buf, crypt_stat->sdp_dek.len); #endif if (crypt_stat->sdp_dek.type != DEK_TYPE_PLAIN) { rc = dek_decrypt_dek_efs(crypt_stat->userid, &crypt_stat->sdp_dek, &DEK); } else { DEK_LOGE("Error, DEK already plaintext"); rc = -1; } if (rc < 0) { DEK_LOGE("Error decypting dek; rc = [%d]\n", rc); rc = -1; /* * TODO : olic.moon * When we return -1 here, ECRYPTFS_ENCRYPTED is somehow gone * later. then it occurs error while updating EDEK */ rc = 0; memset(&DEK, 0, sizeof(dek_t)); goto out; } #if ECRYPTFS_DEK_DEBUG ecryptfs_dumpkey(crypt_stat->userid, "decrypted:", DEK.buf, DEK.len); DEK_LOGD("decrypted key size is %d\n", DEK.len); #endif memcpy(sig, DEK.buf, DEK.len); (*sig_len) = DEK.len; memset(&DEK, 0, sizeof(dek_t)); } else { #if ECRYPTFS_DEK_DEBUG DEK_LOGD("file is not sensitive\n"); #endif } } out: if(!rc) sdp_mm_set_process_sensitive(current->pid); return rc; }