int ecryptfs_sdp_convert_dek(struct dentry *dentry) {
int rc = 0;
struct inode *inode = dentry->d_inode;
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(inode)->crypt_stat;
dek_t DEK;
rc = dek_decrypt_dek_efs(crypt_stat->userid, &crypt_stat->sdp_dek, &DEK);
if (rc < 0) {
DEK_LOGE("Error converting dek [DEC]; rc = [%d]\n", rc);
goto out;
}
rc = dek_encrypt_dek_efs(crypt_stat->userid, &DEK, &crypt_stat->sdp_dek);
if (rc < 0) {
DEK_LOGE("Error converting dek [ENC]; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_update_crypt_flag(dentry, 1);
if (rc < 0) {
DEK_LOGE("Error converting dek [FLAG]; rc = [%d]\n", rc);
goto out;
}
out:
memset(&DEK, 0, sizeof(dek_t));
return rc;
}
int ecryptfs_get_sdp_dek(unsigned char *sig, int *sig_len, struct ecryptfs_crypt_stat *crypt_stat)
{
int rc = 0;
if(crypt_stat != NULL && (crypt_stat->flags & ECRYPTFS_DEK_SDP_ENABLED)) {
if((crypt_stat->flags & ECRYPTFS_DEK_IS_SENSITIVE)) {
dek_t DEK;
#if ECRYPTFS_DEK_DEBUG
DEK_LOGD("get_sdp_dek: sensitive, dek type: %d\n", crypt_stat->sdp_dek.type);
ecryptfs_dumpkey(crypt_stat->userid, "sdp_dek:", crypt_stat->sdp_dek.buf, crypt_stat->sdp_dek.len);
#endif
if (crypt_stat->sdp_dek.type != DEK_TYPE_PLAIN) {
rc = dek_decrypt_dek_efs(crypt_stat->userid, &crypt_stat->sdp_dek, &DEK);
} else {
DEK_LOGE("Error, DEK already plaintext");
rc = -1;
}
if (rc < 0) {
DEK_LOGE("Error decypting dek; rc = [%d]\n", rc);
rc = -1;
/*
* TODO : olic.moon
* When we return -1 here, ECRYPTFS_ENCRYPTED is somehow gone
* later. then it occurs error while updating EDEK
*/
rc = 0;
memset(&DEK, 0, sizeof(dek_t));
goto out;
}
#if ECRYPTFS_DEK_DEBUG
ecryptfs_dumpkey(crypt_stat->userid, "decrypted:", DEK.buf, DEK.len);
DEK_LOGD("decrypted key size is %d\n", DEK.len);
#endif
memcpy(sig, DEK.buf, DEK.len);
(*sig_len) = DEK.len;
memset(&DEK, 0, sizeof(dek_t));
} else {
#if ECRYPTFS_DEK_DEBUG
DEK_LOGD("file is not sensitive\n");
#endif
}
}
out:
if(!rc)
sdp_mm_set_process_sensitive(current->pid);
return rc;
}
