• Eric Biggers's avatar
    fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl · 5a7e2992
    Eric Biggers authored
    Add a new fscrypt ioctl, FS_IOC_GET_ENCRYPTION_KEY_STATUS.  Given a key
    specified by 'struct fscrypt_key_specifier' (the same way a key is
    specified for the other fscrypt key management ioctls), it returns
    status information in a 'struct fscrypt_get_key_status_arg'.
    
    The main motivation for this is that applications need to be able to
    check whether an encrypted directory is "unlocked" or not, so that they
    can add the key if it is not, and avoid adding the key (which may
    involve prompting the user for a passphrase) if it already is.
    
    It's possible to use some workarounds such as checking whether opening a
    regular file fails with ENOKEY, or checking whether the filenames "look
    like gibberish" or not.  However, no workaround is usable in all cases.
    
    Like the other key management ioctls, the keyrings syscalls may seem at
    first to be a good fit for this.  Unfortunately, they are not.  Even if
    we exposed the keyring ID of the ->s_master_keys keyring and gave
    everyone Search permission on it (note: currently the keyrings
    permission system would also allow everyone to "invalidate" the keyring
    too), the fscrypt keys have an additional state that doesn't map cleanly
    to the keyrings API: the secret can be removed, but we can be still
    tracking the files that were using the key, and the removal can be
    re-attempted or the secret added again.
    
    After later patches, some applications will also need a way to determine
    whether a key was added by the current user vs. by some other user.
    Reserved fields are included in fscrypt_get_key_status_arg for this and
    other future extensions.
    Reviewed-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    5a7e2992
keyring.c 16.6 KB