f2fs_io: Add get file name encryption mode

commit 1531853eb7
category: bugfix
issue: #I6VAS0
CVE: NA

Signed-off-by: DongSenhao <dongsenhao2@huawei.com>
---------------------------------------

This patch add an ioctl to get filename encryption mode.

Signed-off-by: Robin Hsu <robinhsu@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Signed-off-by: dongsenhao <dongsenhao2@huawei.com>
This commit is contained in:
Robin Hsu 2021-04-19 16:45:25 +08:00 committed by dongsenhao
parent 92c2ac3998
commit 8d2dfb7edd
2 changed files with 99 additions and 0 deletions

View File

@ -1096,6 +1096,68 @@ static void do_compress(int argc, char **argv, const struct cmd_desc *cmd)
exit(0);
}
#define get_filename_encrypt_mode_desc "get file name encrypt mode"
#define get_filename_encrypt_mode_help \
"f2fs_io filename_encrypt_mode [file or directory path]\n\n" \
"Get the file name encription mode of the given file/directory.\n" \
static void do_get_filename_encrypt_mode (int argc, char **argv,
const struct cmd_desc *cmd)
{
static const char *enc_name[] = {
"invalid", /* FS_ENCRYPTION_MODE_INVALID (0) */
"aes-256-xts", /* FS_ENCRYPTION_MODE_AES_256_XTS (1) */
"aes-256-gcm", /* FS_ENCRYPTION_MODE_AES_256_GCM (2) */
"aes-256-cbc", /* FS_ENCRYPTION_MODE_AES_256_CBC (3) */
"aes-256-cts", /* FS_ENCRYPTION_MODE_AES_256_CTS (4) */
"aes-128-cbc", /* FS_ENCRYPTION_MODE_AES_128_CBC (5) */
"aes-128-cts", /* FS_ENCRYPTION_MODE_AES_128_CTS (6) */
"speck128-256-xts", /* FS_ENCRYPTION_MODE_SPECK128_256_XTS (7) */
"speck128-256-cts", /* FS_ENCRYPTION_MODE_SPECK128_256_CTS (8) */
"adiantum", /* FS_ENCRYPTION_MODE_ADIANTUM (9) */
};
int fd, mode, ret;
struct fscrypt_get_policy_ex_arg arg;
if (argc != 2) {
fputs("Excess arguments\n\n", stderr);
fputs(cmd->cmd_help, stderr);
exit(1);
}
fd = xopen(argv[1], O_RDONLY, 0);
arg.policy_size = sizeof(arg.policy);
ret = ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY_EX, &arg);
if (ret != 0 && errno == ENOTTY)
ret = ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY, arg.policy.v1);
close(fd);
if (ret) {
perror("FS_IOC_GET_ENCRYPTION_POLICY|_EX");
exit(1);
}
switch (arg.policy.version) {
case FSCRYPT_POLICY_V1:
mode = arg.policy.v1.filenames_encryption_mode;
break;
case FSCRYPT_POLICY_V2:
mode = arg.policy.v2.filenames_encryption_mode;
break;
default:
printf("Do not support policy version: %d\n",
arg.policy.version);
exit(1);
}
if (mode >= sizeof(enc_name)/sizeof(enc_name[0])) {
printf("Do not support algorithm: %d\n", mode);
exit(1);
}
printf ("%s\n", enc_name[mode]);
exit(0);
}
#define CMD_HIDDEN 0x0001
#define CMD(name) { #name, do_##name, name##_desc, name##_help, 0 }
#define _CMD(name) { #name, do_##name, NULL, NULL, CMD_HIDDEN }
@ -1125,6 +1187,7 @@ const struct cmd_desc cmd_list[] = {
CMD(set_coption),
CMD(decompress),
CMD(compress),
CMD(get_filename_encrypt_mode),
{ NULL, NULL, NULL, NULL, 0 }
};

View File

@ -91,6 +91,42 @@ typedef u32 __be32;
#define F2FS_IOC_DECOMPRESS_FILE _IO(F2FS_IOCTL_MAGIC, 23)
#define F2FS_IOC_COMPRESS_FILE _IO(F2FS_IOCTL_MAGIC, 24)
#ifndef FS_IOC_GET_ENCRYPTION_POLICY
#define FSCRYPT_POLICY_V1 0
#define FSCRYPT_KEY_DESCRIPTOR_SIZE 8
struct fscrypt_policy_v1 {
__u8 version;
__u8 contents_encryption_mode;
__u8 filenames_encryption_mode;
__u8 flags;
__u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
};
#define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy_v1)
#endif
#ifndef FS_IOC_GET_ENCRYPTION_POLICY_EX
#define FSCRYPT_POLICY_V2 2
#define FSCRYPT_KEY_IDENTIFIER_SIZE 16
struct fscrypt_policy_v2 {
__u8 version;
__u8 contents_encryption_mode;
__u8 filenames_encryption_mode;
__u8 flags;
__u8 __reserved[4];
__u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
};
/* Struct passed to FS_IOC_GET_ENCRYPTION_POLICY_EX */
struct fscrypt_get_policy_ex_arg {
__u64 policy_size; /* input/output */
union {
__u8 version;
struct fscrypt_policy_v1 v1;
struct fscrypt_policy_v2 v2;
} policy; /* output */
};
#define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9]) /* size + version */
#endif
#define F2FS_IOC_SET_ENCRYPTION_POLICY FS_IOC_SET_ENCRYPTION_POLICY
#define F2FS_IOC_GET_ENCRYPTION_POLICY FS_IOC_GET_ENCRYPTION_POLICY
#define F2FS_IOC_GET_ENCRYPTION_PWSALT FS_IOC_GET_ENCRYPTION_PWSALT