1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * eCryptfs: Linux filesystem encryption layer 4 * 5 * Copyright (C) 1997-2004 Erez Zadok 6 * Copyright (C) 2001-2004 Stony Brook University 7 * Copyright (C) 2004-2007 International Business Machines Corp. 8 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 9 * Michael C. Thompson <mcthomps@us.ibm.com> 10 */ 11 12#include <crypto/hash.h> 13#include <crypto/skcipher.h> 14#include <linux/fs.h> 15#include <linux/mount.h> 16#include <linux/pagemap.h> 17#include <linux/random.h> 18#include <linux/compiler.h> 19#include <linux/key.h> 20#include <linux/namei.h> 21#include <linux/file.h> 22#include <linux/scatterlist.h> 23#include <linux/slab.h> 24#include <asm/unaligned.h> 25#include <linux/kernel.h> 26#include <linux/xattr.h> 27#include "ecryptfs_kernel.h" 28 29#define DECRYPT 0 30#define ENCRYPT 1 31 32/** 33 * ecryptfs_from_hex 34 * @dst: Buffer to take the bytes from src hex; must be at least of 35 * size (src_size / 2) 36 * @src: Buffer to be converted from a hex string representation to raw value 37 * @dst_size: size of dst buffer, or number of hex characters pairs to convert 38 */ 39void ecryptfs_from_hex(char *dst, char *src, int dst_size) 40{ 41 int x; 42 char tmp[3] = { 0, }; 43 44 for (x = 0; x < dst_size; x++) { 45 tmp[0] = src[x * 2]; 46 tmp[1] = src[x * 2 + 1]; 47 dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16); 48 } 49} 50 51/** 52 * ecryptfs_calculate_md5 - calculates the md5 of @src 53 * @dst: Pointer to 16 bytes of allocated memory 54 * @crypt_stat: Pointer to crypt_stat struct for the current inode 55 * @src: Data to be md5'd 56 * @len: Length of @src 57 * 58 * Uses the allocated crypto context that crypt_stat references to 59 * generate the MD5 sum of the contents of src. 60 */ 61static int ecryptfs_calculate_md5(char *dst, 62 struct ecryptfs_crypt_stat *crypt_stat, 63 char *src, int len) 64{ 65 int rc = crypto_shash_tfm_digest(crypt_stat->hash_tfm, src, len, dst); 66 67 if (rc) { 68 printk(KERN_ERR 69 "%s: Error computing crypto hash; rc = [%d]\n", 70 __func__, rc); 71 goto out; 72 } 73out: 74 return rc; 75} 76 77static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name, 78 char *cipher_name, 79 char *chaining_modifier) 80{ 81 int cipher_name_len = strlen(cipher_name); 82 int chaining_modifier_len = strlen(chaining_modifier); 83 int algified_name_len; 84 int rc; 85 86 algified_name_len = (chaining_modifier_len + cipher_name_len + 3); 87 (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL); 88 if (!(*algified_name)) { 89 rc = -ENOMEM; 90 goto out; 91 } 92 snprintf((*algified_name), algified_name_len, "%s(%s)", 93 chaining_modifier, cipher_name); 94 rc = 0; 95out: 96 return rc; 97} 98 99/** 100 * ecryptfs_derive_iv 101 * @iv: destination for the derived iv vale 102 * @crypt_stat: Pointer to crypt_stat struct for the current inode 103 * @offset: Offset of the extent whose IV we are to derive 104 * 105 * Generate the initialization vector from the given root IV and page 106 * offset. 107 * 108 * Returns zero on success; non-zero on error. 109 */ 110int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, 111 loff_t offset) 112{ 113 int rc = 0; 114 char dst[MD5_DIGEST_SIZE]; 115 char src[ECRYPTFS_MAX_IV_BYTES + 16]; 116 117 if (unlikely(ecryptfs_verbosity > 0)) { 118 ecryptfs_printk(KERN_DEBUG, "root iv:\n"); 119 ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes); 120 } 121 /* TODO: It is probably secure to just cast the least 122 * significant bits of the root IV into an unsigned long and 123 * add the offset to that rather than go through all this 124 * hashing business. -Halcrow */ 125 memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes); 126 memset((src + crypt_stat->iv_bytes), 0, 16); 127 snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset); 128 if (unlikely(ecryptfs_verbosity > 0)) { 129 ecryptfs_printk(KERN_DEBUG, "source:\n"); 130 ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16)); 131 } 132 rc = ecryptfs_calculate_md5(dst, crypt_stat, src, 133 (crypt_stat->iv_bytes + 16)); 134 if (rc) { 135 ecryptfs_printk(KERN_WARNING, "Error attempting to compute " 136 "MD5 while generating IV for a page\n"); 137 goto out; 138 } 139 memcpy(iv, dst, crypt_stat->iv_bytes); 140 if (unlikely(ecryptfs_verbosity > 0)) { 141 ecryptfs_printk(KERN_DEBUG, "derived iv:\n"); 142 ecryptfs_dump_hex(iv, crypt_stat->iv_bytes); 143 } 144out: 145 return rc; 146} 147 148/** 149 * ecryptfs_init_crypt_stat 150 * @crypt_stat: Pointer to the crypt_stat struct to initialize. 151 * 152 * Initialize the crypt_stat structure. 153 */ 154int ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) 155{ 156 struct crypto_shash *tfm; 157 int rc; 158 159 tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0); 160 if (IS_ERR(tfm)) { 161 rc = PTR_ERR(tfm); 162 ecryptfs_printk(KERN_ERR, "Error attempting to " 163 "allocate crypto context; rc = [%d]\n", 164 rc); 165 return rc; 166 } 167 168 memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 169 INIT_LIST_HEAD(&crypt_stat->keysig_list); 170 mutex_init(&crypt_stat->keysig_list_mutex); 171 mutex_init(&crypt_stat->cs_mutex); 172 mutex_init(&crypt_stat->cs_tfm_mutex); 173 crypt_stat->hash_tfm = tfm; 174 crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED; 175 176 return 0; 177} 178 179/** 180 * ecryptfs_destroy_crypt_stat 181 * @crypt_stat: Pointer to the crypt_stat struct to initialize. 182 * 183 * Releases all memory associated with a crypt_stat struct. 184 */ 185void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) 186{ 187 struct ecryptfs_key_sig *key_sig, *key_sig_tmp; 188 189 crypto_free_skcipher(crypt_stat->tfm); 190 crypto_free_shash(crypt_stat->hash_tfm); 191 list_for_each_entry_safe(key_sig, key_sig_tmp, 192 &crypt_stat->keysig_list, crypt_stat_list) { 193 list_del(&key_sig->crypt_stat_list); 194 kmem_cache_free(ecryptfs_key_sig_cache, key_sig); 195 } 196 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 197} 198 199void ecryptfs_destroy_mount_crypt_stat( 200 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 201{ 202 struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp; 203 204 if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED)) 205 return; 206 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 207 list_for_each_entry_safe(auth_tok, auth_tok_tmp, 208 &mount_crypt_stat->global_auth_tok_list, 209 mount_crypt_stat_list) { 210 list_del(&auth_tok->mount_crypt_stat_list); 211 if (!(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID)) 212 key_put(auth_tok->global_auth_tok_key); 213 kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok); 214 } 215 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 216 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); 217} 218 219/** 220 * virt_to_scatterlist 221 * @addr: Virtual address 222 * @size: Size of data; should be an even multiple of the block size 223 * @sg: Pointer to scatterlist array; set to NULL to obtain only 224 * the number of scatterlist structs required in array 225 * @sg_size: Max array size 226 * 227 * Fills in a scatterlist array with page references for a passed 228 * virtual address. 229 * 230 * Returns the number of scatterlist structs in array used 231 */ 232int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg, 233 int sg_size) 234{ 235 int i = 0; 236 struct page *pg; 237 int offset; 238 int remainder_of_page; 239 240 sg_init_table(sg, sg_size); 241 242 while (size > 0 && i < sg_size) { 243 pg = virt_to_page(addr); 244 offset = offset_in_page(addr); 245 sg_set_page(&sg[i], pg, 0, offset); 246 remainder_of_page = PAGE_SIZE - offset; 247 if (size >= remainder_of_page) { 248 sg[i].length = remainder_of_page; 249 addr += remainder_of_page; 250 size -= remainder_of_page; 251 } else { 252 sg[i].length = size; 253 addr += size; 254 size = 0; 255 } 256 i++; 257 } 258 if (size > 0) 259 return -ENOMEM; 260 return i; 261} 262 263/** 264 * crypt_scatterlist 265 * @crypt_stat: Pointer to the crypt_stat struct to initialize. 266 * @dst_sg: Destination of the data after performing the crypto operation 267 * @src_sg: Data to be encrypted or decrypted 268 * @size: Length of data 269 * @iv: IV to use 270 * @op: ENCRYPT or DECRYPT to indicate the desired operation 271 * 272 * Returns the number of bytes encrypted or decrypted; negative value on error 273 */ 274static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, 275 struct scatterlist *dst_sg, 276 struct scatterlist *src_sg, int size, 277 unsigned char *iv, int op) 278{ 279 struct skcipher_request *req = NULL; 280 DECLARE_CRYPTO_WAIT(ecr); 281 int rc = 0; 282 283 if (unlikely(ecryptfs_verbosity > 0)) { 284 ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n", 285 crypt_stat->key_size); 286 ecryptfs_dump_hex(crypt_stat->key, 287 crypt_stat->key_size); 288 } 289 290 mutex_lock(&crypt_stat->cs_tfm_mutex); 291 req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); 292 if (!req) { 293 mutex_unlock(&crypt_stat->cs_tfm_mutex); 294 rc = -ENOMEM; 295 goto out; 296 } 297 298 skcipher_request_set_callback(req, 299 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 300 crypto_req_done, &ecr); 301 /* Consider doing this once, when the file is opened */ 302 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { 303 rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key, 304 crypt_stat->key_size); 305 if (rc) { 306 ecryptfs_printk(KERN_ERR, 307 "Error setting key; rc = [%d]\n", 308 rc); 309 mutex_unlock(&crypt_stat->cs_tfm_mutex); 310 rc = -EINVAL; 311 goto out; 312 } 313 crypt_stat->flags |= ECRYPTFS_KEY_SET; 314 } 315 mutex_unlock(&crypt_stat->cs_tfm_mutex); 316 skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); 317 rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) : 318 crypto_skcipher_decrypt(req); 319 rc = crypto_wait_req(rc, &ecr); 320out: 321 skcipher_request_free(req); 322 return rc; 323} 324 325/* 326 * lower_offset_for_page 327 * 328 * Convert an eCryptfs page index into a lower byte offset 329 */ 330static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, 331 struct page *page) 332{ 333 return ecryptfs_lower_header_size(crypt_stat) + 334 ((loff_t)page->index << PAGE_SHIFT); 335} 336 337/** 338 * crypt_extent 339 * @crypt_stat: crypt_stat containing cryptographic context for the 340 * encryption operation 341 * @dst_page: The page to write the result into 342 * @src_page: The page to read from 343 * @extent_offset: Page extent offset for use in generating IV 344 * @op: ENCRYPT or DECRYPT to indicate the desired operation 345 * 346 * Encrypts or decrypts one extent of data. 347 * 348 * Return zero on success; non-zero otherwise 349 */ 350static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat, 351 struct page *dst_page, 352 struct page *src_page, 353 unsigned long extent_offset, int op) 354{ 355 pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index; 356 loff_t extent_base; 357 char extent_iv[ECRYPTFS_MAX_IV_BYTES]; 358 struct scatterlist src_sg, dst_sg; 359 size_t extent_size = crypt_stat->extent_size; 360 int rc; 361 362 extent_base = (((loff_t)page_index) * (PAGE_SIZE / extent_size)); 363 rc = ecryptfs_derive_iv(extent_iv, crypt_stat, 364 (extent_base + extent_offset)); 365 if (rc) { 366 ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for " 367 "extent [0x%.16llx]; rc = [%d]\n", 368 (unsigned long long)(extent_base + extent_offset), rc); 369 goto out; 370 } 371 372 sg_init_table(&src_sg, 1); 373 sg_init_table(&dst_sg, 1); 374 375 sg_set_page(&src_sg, src_page, extent_size, 376 extent_offset * extent_size); 377 sg_set_page(&dst_sg, dst_page, extent_size, 378 extent_offset * extent_size); 379 380 rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size, 381 extent_iv, op); 382 if (rc < 0) { 383 printk(KERN_ERR "%s: Error attempting to crypt page with " 384 "page_index = [%ld], extent_offset = [%ld]; " 385 "rc = [%d]\n", __func__, page_index, extent_offset, rc); 386 goto out; 387 } 388 rc = 0; 389out: 390 return rc; 391} 392 393/** 394 * ecryptfs_encrypt_page 395 * @page: Page mapped from the eCryptfs inode for the file; contains 396 * decrypted content that needs to be encrypted (to a temporary 397 * page; not in place) and written out to the lower file 398 * 399 * Encrypt an eCryptfs page. This is done on a per-extent basis. Note 400 * that eCryptfs pages may straddle the lower pages -- for instance, 401 * if the file was created on a machine with an 8K page size 402 * (resulting in an 8K header), and then the file is copied onto a 403 * host with a 32K page size, then when reading page 0 of the eCryptfs 404 * file, 24K of page 0 of the lower file will be read and decrypted, 405 * and then 8K of page 1 of the lower file will be read and decrypted. 406 * 407 * Returns zero on success; negative on error 408 */ 409int ecryptfs_encrypt_page(struct page *page) 410{ 411 struct inode *ecryptfs_inode; 412 struct ecryptfs_crypt_stat *crypt_stat; 413 char *enc_extent_virt; 414 struct page *enc_extent_page = NULL; 415 loff_t extent_offset; 416 loff_t lower_offset; 417 int rc = 0; 418 419 ecryptfs_inode = page->mapping->host; 420 crypt_stat = 421 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); 422 BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); 423 enc_extent_page = alloc_page(GFP_USER); 424 if (!enc_extent_page) { 425 rc = -ENOMEM; 426 ecryptfs_printk(KERN_ERR, "Error allocating memory for " 427 "encrypted extent\n"); 428 goto out; 429 } 430 431 for (extent_offset = 0; 432 extent_offset < (PAGE_SIZE / crypt_stat->extent_size); 433 extent_offset++) { 434 rc = crypt_extent(crypt_stat, enc_extent_page, page, 435 extent_offset, ENCRYPT); 436 if (rc) { 437 printk(KERN_ERR "%s: Error encrypting extent; " 438 "rc = [%d]\n", __func__, rc); 439 goto out; 440 } 441 } 442 443 lower_offset = lower_offset_for_page(crypt_stat, page); 444 enc_extent_virt = kmap_local_page(enc_extent_page); 445 rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset, 446 PAGE_SIZE); 447 kunmap_local(enc_extent_virt); 448 if (rc < 0) { 449 ecryptfs_printk(KERN_ERR, 450 "Error attempting to write lower page; rc = [%d]\n", 451 rc); 452 goto out; 453 } 454 rc = 0; 455out: 456 if (enc_extent_page) { 457 __free_page(enc_extent_page); 458 } 459 return rc; 460} 461 462/** 463 * ecryptfs_decrypt_page 464 * @page: Page mapped from the eCryptfs inode for the file; data read 465 * and decrypted from the lower file will be written into this 466 * page 467 * 468 * Decrypt an eCryptfs page. This is done on a per-extent basis. Note 469 * that eCryptfs pages may straddle the lower pages -- for instance, 470 * if the file was created on a machine with an 8K page size 471 * (resulting in an 8K header), and then the file is copied onto a 472 * host with a 32K page size, then when reading page 0 of the eCryptfs 473 * file, 24K of page 0 of the lower file will be read and decrypted, 474 * and then 8K of page 1 of the lower file will be read and decrypted. 475 * 476 * Returns zero on success; negative on error 477 */ 478int ecryptfs_decrypt_page(struct page *page) 479{ 480 struct inode *ecryptfs_inode; 481 struct ecryptfs_crypt_stat *crypt_stat; 482 char *page_virt; 483 unsigned long extent_offset; 484 loff_t lower_offset; 485 int rc = 0; 486 487 ecryptfs_inode = page->mapping->host; 488 crypt_stat = 489 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); 490 BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); 491 492 lower_offset = lower_offset_for_page(crypt_stat, page); 493 page_virt = kmap_local_page(page); 494 rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_SIZE, 495 ecryptfs_inode); 496 kunmap_local(page_virt); 497 if (rc < 0) { 498 ecryptfs_printk(KERN_ERR, 499 "Error attempting to read lower page; rc = [%d]\n", 500 rc); 501 goto out; 502 } 503 504 for (extent_offset = 0; 505 extent_offset < (PAGE_SIZE / crypt_stat->extent_size); 506 extent_offset++) { 507 rc = crypt_extent(crypt_stat, page, page, 508 extent_offset, DECRYPT); 509 if (rc) { 510 printk(KERN_ERR "%s: Error decrypting extent; " 511 "rc = [%d]\n", __func__, rc); 512 goto out; 513 } 514 } 515out: 516 return rc; 517} 518 519#define ECRYPTFS_MAX_SCATTERLIST_LEN 4 520 521/** 522 * ecryptfs_init_crypt_ctx 523 * @crypt_stat: Uninitialized crypt stats structure 524 * 525 * Initialize the crypto context. 526 * 527 * TODO: Performance: Keep a cache of initialized cipher contexts; 528 * only init if needed 529 */ 530int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) 531{ 532 char *full_alg_name; 533 int rc = -EINVAL; 534 535 ecryptfs_printk(KERN_DEBUG, 536 "Initializing cipher [%s]; strlen = [%d]; " 537 "key_size_bits = [%zd]\n", 538 crypt_stat->cipher, (int)strlen(crypt_stat->cipher), 539 crypt_stat->key_size << 3); 540 mutex_lock(&crypt_stat->cs_tfm_mutex); 541 if (crypt_stat->tfm) { 542 rc = 0; 543 goto out_unlock; 544 } 545 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, 546 crypt_stat->cipher, "cbc"); 547 if (rc) 548 goto out_unlock; 549 crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0); 550 if (IS_ERR(crypt_stat->tfm)) { 551 rc = PTR_ERR(crypt_stat->tfm); 552 crypt_stat->tfm = NULL; 553 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " 554 "Error initializing cipher [%s]\n", 555 full_alg_name); 556 goto out_free; 557 } 558 crypto_skcipher_set_flags(crypt_stat->tfm, 559 CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 560 rc = 0; 561out_free: 562 kfree(full_alg_name); 563out_unlock: 564 mutex_unlock(&crypt_stat->cs_tfm_mutex); 565 return rc; 566} 567 568static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat) 569{ 570 int extent_size_tmp; 571 572 crypt_stat->extent_mask = 0xFFFFFFFF; 573 crypt_stat->extent_shift = 0; 574 if (crypt_stat->extent_size == 0) 575 return; 576 extent_size_tmp = crypt_stat->extent_size; 577 while ((extent_size_tmp & 0x01) == 0) { 578 extent_size_tmp >>= 1; 579 crypt_stat->extent_mask <<= 1; 580 crypt_stat->extent_shift++; 581 } 582} 583 584void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat) 585{ 586 /* Default values; may be overwritten as we are parsing the 587 * packets. */ 588 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; 589 set_extent_mask_and_shift(crypt_stat); 590 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; 591 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 592 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 593 else { 594 if (PAGE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) 595 crypt_stat->metadata_size = 596 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 597 else 598 crypt_stat->metadata_size = PAGE_SIZE; 599 } 600} 601 602/* 603 * ecryptfs_compute_root_iv 604 * 605 * On error, sets the root IV to all 0's. 606 */ 607int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) 608{ 609 int rc = 0; 610 char dst[MD5_DIGEST_SIZE]; 611 612 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); 613 BUG_ON(crypt_stat->iv_bytes <= 0); 614 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { 615 rc = -EINVAL; 616 ecryptfs_printk(KERN_WARNING, "Session key not valid; " 617 "cannot generate root IV\n"); 618 goto out; 619 } 620 rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key, 621 crypt_stat->key_size); 622 if (rc) { 623 ecryptfs_printk(KERN_WARNING, "Error attempting to compute " 624 "MD5 while generating root IV\n"); 625 goto out; 626 } 627 memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes); 628out: 629 if (rc) { 630 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); 631 crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING; 632 } 633 return rc; 634} 635 636static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) 637{ 638 get_random_bytes(crypt_stat->key, crypt_stat->key_size); 639 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 640 ecryptfs_compute_root_iv(crypt_stat); 641 if (unlikely(ecryptfs_verbosity > 0)) { 642 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); 643 ecryptfs_dump_hex(crypt_stat->key, 644 crypt_stat->key_size); 645 } 646} 647 648/** 649 * ecryptfs_copy_mount_wide_flags_to_inode_flags 650 * @crypt_stat: The inode's cryptographic context 651 * @mount_crypt_stat: The mount point's cryptographic context 652 * 653 * This function propagates the mount-wide flags to individual inode 654 * flags. 655 */ 656static void ecryptfs_copy_mount_wide_flags_to_inode_flags( 657 struct ecryptfs_crypt_stat *crypt_stat, 658 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 659{ 660 if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) 661 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 662 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) 663 crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; 664 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { 665 crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES; 666 if (mount_crypt_stat->flags 667 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) 668 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK; 669 else if (mount_crypt_stat->flags 670 & ECRYPTFS_GLOBAL_ENCFN_USE_FEK) 671 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK; 672 } 673} 674 675static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( 676 struct ecryptfs_crypt_stat *crypt_stat, 677 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 678{ 679 struct ecryptfs_global_auth_tok *global_auth_tok; 680 int rc = 0; 681 682 mutex_lock(&crypt_stat->keysig_list_mutex); 683 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 684 685 list_for_each_entry(global_auth_tok, 686 &mount_crypt_stat->global_auth_tok_list, 687 mount_crypt_stat_list) { 688 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK) 689 continue; 690 rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig); 691 if (rc) { 692 printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc); 693 goto out; 694 } 695 } 696 697out: 698 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 699 mutex_unlock(&crypt_stat->keysig_list_mutex); 700 return rc; 701} 702 703/** 704 * ecryptfs_set_default_crypt_stat_vals 705 * @crypt_stat: The inode's cryptographic context 706 * @mount_crypt_stat: The mount point's cryptographic context 707 * 708 * Default values in the event that policy does not override them. 709 */ 710static void ecryptfs_set_default_crypt_stat_vals( 711 struct ecryptfs_crypt_stat *crypt_stat, 712 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 713{ 714 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 715 mount_crypt_stat); 716 ecryptfs_set_default_sizes(crypt_stat); 717 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); 718 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; 719 crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID); 720 crypt_stat->file_version = ECRYPTFS_FILE_VERSION; 721 crypt_stat->mount_crypt_stat = mount_crypt_stat; 722} 723 724/** 725 * ecryptfs_new_file_context 726 * @ecryptfs_inode: The eCryptfs inode 727 * 728 * If the crypto context for the file has not yet been established, 729 * this is where we do that. Establishing a new crypto context 730 * involves the following decisions: 731 * - What cipher to use? 732 * - What set of authentication tokens to use? 733 * Here we just worry about getting enough information into the 734 * authentication tokens so that we know that they are available. 735 * We associate the available authentication tokens with the new file 736 * via the set of signatures in the crypt_stat struct. Later, when 737 * the headers are actually written out, we may again defer to 738 * userspace to perform the encryption of the session key; for the 739 * foreseeable future, this will be the case with public key packets. 740 * 741 * Returns zero on success; non-zero otherwise 742 */ 743int ecryptfs_new_file_context(struct inode *ecryptfs_inode) 744{ 745 struct ecryptfs_crypt_stat *crypt_stat = 746 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 747 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 748 &ecryptfs_superblock_to_private( 749 ecryptfs_inode->i_sb)->mount_crypt_stat; 750 int cipher_name_len; 751 int rc = 0; 752 753 ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat); 754 crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID); 755 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 756 mount_crypt_stat); 757 rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat, 758 mount_crypt_stat); 759 if (rc) { 760 printk(KERN_ERR "Error attempting to copy mount-wide key sigs " 761 "to the inode key sigs; rc = [%d]\n", rc); 762 goto out; 763 } 764 cipher_name_len = 765 strlen(mount_crypt_stat->global_default_cipher_name); 766 memcpy(crypt_stat->cipher, 767 mount_crypt_stat->global_default_cipher_name, 768 cipher_name_len); 769 crypt_stat->cipher[cipher_name_len] = '\0'; 770 crypt_stat->key_size = 771 mount_crypt_stat->global_default_cipher_key_size; 772 ecryptfs_generate_new_key(crypt_stat); 773 rc = ecryptfs_init_crypt_ctx(crypt_stat); 774 if (rc) 775 ecryptfs_printk(KERN_ERR, "Error initializing cryptographic " 776 "context for cipher [%s]: rc = [%d]\n", 777 crypt_stat->cipher, rc); 778out: 779 return rc; 780} 781 782/** 783 * ecryptfs_validate_marker - check for the ecryptfs marker 784 * @data: The data block in which to check 785 * 786 * Returns zero if marker found; -EINVAL if not found 787 */ 788static int ecryptfs_validate_marker(char *data) 789{ 790 u32 m_1, m_2; 791 792 m_1 = get_unaligned_be32(data); 793 m_2 = get_unaligned_be32(data + 4); 794 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2) 795 return 0; 796 ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; " 797 "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2, 798 MAGIC_ECRYPTFS_MARKER); 799 ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = " 800 "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER)); 801 return -EINVAL; 802} 803 804struct ecryptfs_flag_map_elem { 805 u32 file_flag; 806 u32 local_flag; 807}; 808 809/* Add support for additional flags by adding elements here. */ 810static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { 811 {0x00000001, ECRYPTFS_ENABLE_HMAC}, 812 {0x00000002, ECRYPTFS_ENCRYPTED}, 813 {0x00000004, ECRYPTFS_METADATA_IN_XATTR}, 814 {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES} 815}; 816 817/** 818 * ecryptfs_process_flags 819 * @crypt_stat: The cryptographic context 820 * @page_virt: Source data to be parsed 821 * @bytes_read: Updated with the number of bytes read 822 */ 823static void ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, 824 char *page_virt, int *bytes_read) 825{ 826 int i; 827 u32 flags; 828 829 flags = get_unaligned_be32(page_virt); 830 for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++) 831 if (flags & ecryptfs_flag_map[i].file_flag) { 832 crypt_stat->flags |= ecryptfs_flag_map[i].local_flag; 833 } else 834 crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag); 835 /* Version is in top 8 bits of the 32-bit flag vector */ 836 crypt_stat->file_version = ((flags >> 24) & 0xFF); 837 (*bytes_read) = 4; 838} 839 840/** 841 * write_ecryptfs_marker 842 * @page_virt: The pointer to in a page to begin writing the marker 843 * @written: Number of bytes written 844 * 845 * Marker = 0x3c81b7f5 846 */ 847static void write_ecryptfs_marker(char *page_virt, size_t *written) 848{ 849 u32 m_1, m_2; 850 851 get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2)); 852 m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER); 853 put_unaligned_be32(m_1, page_virt); 854 page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2); 855 put_unaligned_be32(m_2, page_virt); 856 (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; 857} 858 859void ecryptfs_write_crypt_stat_flags(char *page_virt, 860 struct ecryptfs_crypt_stat *crypt_stat, 861 size_t *written) 862{ 863 u32 flags = 0; 864 int i; 865 866 for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++) 867 if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag) 868 flags |= ecryptfs_flag_map[i].file_flag; 869 /* Version is in top 8 bits of the 32-bit flag vector */ 870 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); 871 put_unaligned_be32(flags, page_virt); 872 (*written) = 4; 873} 874 875struct ecryptfs_cipher_code_str_map_elem { 876 char cipher_str[16]; 877 u8 cipher_code; 878}; 879 880/* Add support for additional ciphers by adding elements here. The 881 * cipher_code is whatever OpenPGP applications use to identify the 882 * ciphers. List in order of probability. */ 883static struct ecryptfs_cipher_code_str_map_elem 884ecryptfs_cipher_code_str_map[] = { 885 {"aes",RFC2440_CIPHER_AES_128 }, 886 {"blowfish", RFC2440_CIPHER_BLOWFISH}, 887 {"des3_ede", RFC2440_CIPHER_DES3_EDE}, 888 {"cast5", RFC2440_CIPHER_CAST_5}, 889 {"twofish", RFC2440_CIPHER_TWOFISH}, 890 {"cast6", RFC2440_CIPHER_CAST_6}, 891 {"aes", RFC2440_CIPHER_AES_192}, 892 {"aes", RFC2440_CIPHER_AES_256} 893}; 894 895/** 896 * ecryptfs_code_for_cipher_string 897 * @cipher_name: The string alias for the cipher 898 * @key_bytes: Length of key in bytes; used for AES code selection 899 * 900 * Returns zero on no match, or the cipher code on match 901 */ 902u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes) 903{ 904 int i; 905 u8 code = 0; 906 struct ecryptfs_cipher_code_str_map_elem *map = 907 ecryptfs_cipher_code_str_map; 908 909 if (strcmp(cipher_name, "aes") == 0) { 910 switch (key_bytes) { 911 case 16: 912 code = RFC2440_CIPHER_AES_128; 913 break; 914 case 24: 915 code = RFC2440_CIPHER_AES_192; 916 break; 917 case 32: 918 code = RFC2440_CIPHER_AES_256; 919 } 920 } else { 921 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) 922 if (strcmp(cipher_name, map[i].cipher_str) == 0) { 923 code = map[i].cipher_code; 924 break; 925 } 926 } 927 return code; 928} 929 930/** 931 * ecryptfs_cipher_code_to_string 932 * @str: Destination to write out the cipher name 933 * @cipher_code: The code to convert to cipher name string 934 * 935 * Returns zero on success 936 */ 937int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code) 938{ 939 int rc = 0; 940 int i; 941 942 str[0] = '\0'; 943 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) 944 if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code) 945 strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str); 946 if (str[0] == '\0') { 947 ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: " 948 "[%d]\n", cipher_code); 949 rc = -EINVAL; 950 } 951 return rc; 952} 953 954int ecryptfs_read_and_validate_header_region(struct inode *inode) 955{ 956 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES]; 957 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES; 958 int rc; 959 960 rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES, 961 inode); 962 if (rc < 0) 963 return rc; 964 else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) 965 return -EINVAL; 966 rc = ecryptfs_validate_marker(marker); 967 if (!rc) 968 ecryptfs_i_size_init(file_size, inode); 969 return rc; 970} 971 972void 973ecryptfs_write_header_metadata(char *virt, 974 struct ecryptfs_crypt_stat *crypt_stat, 975 size_t *written) 976{ 977 u32 header_extent_size; 978 u16 num_header_extents_at_front; 979 980 header_extent_size = (u32)crypt_stat->extent_size; 981 num_header_extents_at_front = 982 (u16)(crypt_stat->metadata_size / crypt_stat->extent_size); 983 put_unaligned_be32(header_extent_size, virt); 984 virt += 4; 985 put_unaligned_be16(num_header_extents_at_front, virt); 986 (*written) = 6; 987} 988 989struct kmem_cache *ecryptfs_header_cache; 990 991/** 992 * ecryptfs_write_headers_virt 993 * @page_virt: The virtual address to write the headers to 994 * @max: The size of memory allocated at page_virt 995 * @size: Set to the number of bytes written by this function 996 * @crypt_stat: The cryptographic context 997 * @ecryptfs_dentry: The eCryptfs dentry 998 * 999 * Format version: 1 1000 * 1001 * Header Extent: 1002 * Octets 0-7: Unencrypted file size (big-endian) 1003 * Octets 8-15: eCryptfs special marker 1004 * Octets 16-19: Flags 1005 * Octet 16: File format version number (between 0 and 255) 1006 * Octets 17-18: Reserved 1007 * Octet 19: Bit 1 (lsb): Reserved 1008 * Bit 2: Encrypted? 1009 * Bits 3-8: Reserved 1010 * Octets 20-23: Header extent size (big-endian) 1011 * Octets 24-25: Number of header extents at front of file 1012 * (big-endian) 1013 * Octet 26: Begin RFC 2440 authentication token packet set 1014 * Data Extent 0: 1015 * Lower data (CBC encrypted) 1016 * Data Extent 1: 1017 * Lower data (CBC encrypted) 1018 * ... 1019 * 1020 * Returns zero on success 1021 */ 1022static int ecryptfs_write_headers_virt(char *page_virt, size_t max, 1023 size_t *size, 1024 struct ecryptfs_crypt_stat *crypt_stat, 1025 struct dentry *ecryptfs_dentry) 1026{ 1027 int rc; 1028 size_t written; 1029 size_t offset; 1030 1031 offset = ECRYPTFS_FILE_SIZE_BYTES; 1032 write_ecryptfs_marker((page_virt + offset), &written); 1033 offset += written; 1034 ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat, 1035 &written); 1036 offset += written; 1037 ecryptfs_write_header_metadata((page_virt + offset), crypt_stat, 1038 &written); 1039 offset += written; 1040 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat, 1041 ecryptfs_dentry, &written, 1042 max - offset); 1043 if (rc) 1044 ecryptfs_printk(KERN_WARNING, "Error generating key packet " 1045 "set; rc = [%d]\n", rc); 1046 if (size) { 1047 offset += written; 1048 *size = offset; 1049 } 1050 return rc; 1051} 1052 1053static int 1054ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode, 1055 char *virt, size_t virt_len) 1056{ 1057 int rc; 1058 1059 rc = ecryptfs_write_lower(ecryptfs_inode, virt, 1060 0, virt_len); 1061 if (rc < 0) 1062 printk(KERN_ERR "%s: Error attempting to write header " 1063 "information to lower file; rc = [%d]\n", __func__, rc); 1064 else 1065 rc = 0; 1066 return rc; 1067} 1068 1069static int 1070ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, 1071 struct inode *ecryptfs_inode, 1072 char *page_virt, size_t size) 1073{ 1074 int rc; 1075 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 1076 struct inode *lower_inode = d_inode(lower_dentry); 1077 1078 if (!(lower_inode->i_opflags & IOP_XATTR)) { 1079 rc = -EOPNOTSUPP; 1080 goto out; 1081 } 1082 1083 inode_lock(lower_inode); 1084 rc = __vfs_setxattr(&nop_mnt_idmap, lower_dentry, lower_inode, 1085 ECRYPTFS_XATTR_NAME, page_virt, size, 0); 1086 if (!rc && ecryptfs_inode) 1087 fsstack_copy_attr_all(ecryptfs_inode, lower_inode); 1088 inode_unlock(lower_inode); 1089out: 1090 return rc; 1091} 1092 1093static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask, 1094 unsigned int order) 1095{ 1096 struct page *page; 1097 1098 page = alloc_pages(gfp_mask | __GFP_ZERO, order); 1099 if (page) 1100 return (unsigned long) page_address(page); 1101 return 0; 1102} 1103 1104/** 1105 * ecryptfs_write_metadata 1106 * @ecryptfs_dentry: The eCryptfs dentry, which should be negative 1107 * @ecryptfs_inode: The newly created eCryptfs inode 1108 * 1109 * Write the file headers out. This will likely involve a userspace 1110 * callout, in which the session key is encrypted with one or more 1111 * public keys and/or the passphrase necessary to do the encryption is 1112 * retrieved via a prompt. Exactly what happens at this point should 1113 * be policy-dependent. 1114 * 1115 * Returns zero on success; non-zero on error 1116 */ 1117int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, 1118 struct inode *ecryptfs_inode) 1119{ 1120 struct ecryptfs_crypt_stat *crypt_stat = 1121 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 1122 unsigned int order; 1123 char *virt; 1124 size_t virt_len; 1125 size_t size = 0; 1126 int rc = 0; 1127 1128 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 1129 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { 1130 printk(KERN_ERR "Key is invalid; bailing out\n"); 1131 rc = -EINVAL; 1132 goto out; 1133 } 1134 } else { 1135 printk(KERN_WARNING "%s: Encrypted flag not set\n", 1136 __func__); 1137 rc = -EINVAL; 1138 goto out; 1139 } 1140 virt_len = crypt_stat->metadata_size; 1141 order = get_order(virt_len); 1142 /* Released in this function */ 1143 virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order); 1144 if (!virt) { 1145 printk(KERN_ERR "%s: Out of memory\n", __func__); 1146 rc = -ENOMEM; 1147 goto out; 1148 } 1149 /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */ 1150 rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat, 1151 ecryptfs_dentry); 1152 if (unlikely(rc)) { 1153 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n", 1154 __func__, rc); 1155 goto out_free; 1156 } 1157 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 1158 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, ecryptfs_inode, 1159 virt, size); 1160 else 1161 rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt, 1162 virt_len); 1163 if (rc) { 1164 printk(KERN_ERR "%s: Error writing metadata out to lower file; " 1165 "rc = [%d]\n", __func__, rc); 1166 goto out_free; 1167 } 1168out_free: 1169 free_pages((unsigned long)virt, order); 1170out: 1171 return rc; 1172} 1173 1174#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0 1175#define ECRYPTFS_VALIDATE_HEADER_SIZE 1 1176static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, 1177 char *virt, int *bytes_read, 1178 int validate_header_size) 1179{ 1180 int rc = 0; 1181 u32 header_extent_size; 1182 u16 num_header_extents_at_front; 1183 1184 header_extent_size = get_unaligned_be32(virt); 1185 virt += sizeof(__be32); 1186 num_header_extents_at_front = get_unaligned_be16(virt); 1187 crypt_stat->metadata_size = (((size_t)num_header_extents_at_front 1188 * (size_t)header_extent_size)); 1189 (*bytes_read) = (sizeof(__be32) + sizeof(__be16)); 1190 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) 1191 && (crypt_stat->metadata_size 1192 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { 1193 rc = -EINVAL; 1194 printk(KERN_WARNING "Invalid header size: [%zd]\n", 1195 crypt_stat->metadata_size); 1196 } 1197 return rc; 1198} 1199 1200/** 1201 * set_default_header_data 1202 * @crypt_stat: The cryptographic context 1203 * 1204 * For version 0 file format; this function is only for backwards 1205 * compatibility for files created with the prior versions of 1206 * eCryptfs. 1207 */ 1208static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) 1209{ 1210 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 1211} 1212 1213void ecryptfs_i_size_init(const char *page_virt, struct inode *inode) 1214{ 1215 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 1216 struct ecryptfs_crypt_stat *crypt_stat; 1217 u64 file_size; 1218 1219 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 1220 mount_crypt_stat = 1221 &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat; 1222 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 1223 file_size = i_size_read(ecryptfs_inode_to_lower(inode)); 1224 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 1225 file_size += crypt_stat->metadata_size; 1226 } else 1227 file_size = get_unaligned_be64(page_virt); 1228 i_size_write(inode, (loff_t)file_size); 1229 crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED; 1230} 1231 1232/** 1233 * ecryptfs_read_headers_virt 1234 * @page_virt: The virtual address into which to read the headers 1235 * @crypt_stat: The cryptographic context 1236 * @ecryptfs_dentry: The eCryptfs dentry 1237 * @validate_header_size: Whether to validate the header size while reading 1238 * 1239 * Read/parse the header data. The header format is detailed in the 1240 * comment block for the ecryptfs_write_headers_virt() function. 1241 * 1242 * Returns zero on success 1243 */ 1244static int ecryptfs_read_headers_virt(char *page_virt, 1245 struct ecryptfs_crypt_stat *crypt_stat, 1246 struct dentry *ecryptfs_dentry, 1247 int validate_header_size) 1248{ 1249 int rc = 0; 1250 int offset; 1251 int bytes_read; 1252 1253 ecryptfs_set_default_sizes(crypt_stat); 1254 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private( 1255 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1256 offset = ECRYPTFS_FILE_SIZE_BYTES; 1257 rc = ecryptfs_validate_marker(page_virt + offset); 1258 if (rc) 1259 goto out; 1260 if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED)) 1261 ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry)); 1262 offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; 1263 ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read); 1264 if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) { 1265 ecryptfs_printk(KERN_WARNING, "File version is [%d]; only " 1266 "file version [%d] is supported by this " 1267 "version of eCryptfs\n", 1268 crypt_stat->file_version, 1269 ECRYPTFS_SUPPORTED_FILE_VERSION); 1270 rc = -EINVAL; 1271 goto out; 1272 } 1273 offset += bytes_read; 1274 if (crypt_stat->file_version >= 1) { 1275 rc = parse_header_metadata(crypt_stat, (page_virt + offset), 1276 &bytes_read, validate_header_size); 1277 if (rc) { 1278 ecryptfs_printk(KERN_WARNING, "Error reading header " 1279 "metadata; rc = [%d]\n", rc); 1280 } 1281 offset += bytes_read; 1282 } else 1283 set_default_header_data(crypt_stat); 1284 rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset), 1285 ecryptfs_dentry); 1286out: 1287 return rc; 1288} 1289 1290/** 1291 * ecryptfs_read_xattr_region 1292 * @page_virt: The vitual address into which to read the xattr data 1293 * @ecryptfs_inode: The eCryptfs inode 1294 * 1295 * Attempts to read the crypto metadata from the extended attribute 1296 * region of the lower file. 1297 * 1298 * Returns zero on success; non-zero on error 1299 */ 1300int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode) 1301{ 1302 struct dentry *lower_dentry = 1303 ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_path.dentry; 1304 ssize_t size; 1305 int rc = 0; 1306 1307 size = ecryptfs_getxattr_lower(lower_dentry, 1308 ecryptfs_inode_to_lower(ecryptfs_inode), 1309 ECRYPTFS_XATTR_NAME, 1310 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); 1311 if (size < 0) { 1312 if (unlikely(ecryptfs_verbosity > 0)) 1313 printk(KERN_INFO "Error attempting to read the [%s] " 1314 "xattr from the lower file; return value = " 1315 "[%zd]\n", ECRYPTFS_XATTR_NAME, size); 1316 rc = -EINVAL; 1317 goto out; 1318 } 1319out: 1320 return rc; 1321} 1322 1323int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, 1324 struct inode *inode) 1325{ 1326 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES]; 1327 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES; 1328 int rc; 1329 1330 rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), 1331 ecryptfs_inode_to_lower(inode), 1332 ECRYPTFS_XATTR_NAME, file_size, 1333 ECRYPTFS_SIZE_AND_MARKER_BYTES); 1334 if (rc < 0) 1335 return rc; 1336 else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) 1337 return -EINVAL; 1338 rc = ecryptfs_validate_marker(marker); 1339 if (!rc) 1340 ecryptfs_i_size_init(file_size, inode); 1341 return rc; 1342} 1343 1344/* 1345 * ecryptfs_read_metadata 1346 * 1347 * Common entry point for reading file metadata. From here, we could 1348 * retrieve the header information from the header region of the file, 1349 * the xattr region of the file, or some other repository that is 1350 * stored separately from the file itself. The current implementation 1351 * supports retrieving the metadata information from the file contents 1352 * and from the xattr region. 1353 * 1354 * Returns zero if valid headers found and parsed; non-zero otherwise 1355 */ 1356int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) 1357{ 1358 int rc; 1359 char *page_virt; 1360 struct inode *ecryptfs_inode = d_inode(ecryptfs_dentry); 1361 struct ecryptfs_crypt_stat *crypt_stat = 1362 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 1363 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1364 &ecryptfs_superblock_to_private( 1365 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1366 1367 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 1368 mount_crypt_stat); 1369 /* Read the first page from the underlying file */ 1370 page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER); 1371 if (!page_virt) { 1372 rc = -ENOMEM; 1373 goto out; 1374 } 1375 rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size, 1376 ecryptfs_inode); 1377 if (rc >= 0) 1378 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, 1379 ecryptfs_dentry, 1380 ECRYPTFS_VALIDATE_HEADER_SIZE); 1381 if (rc) { 1382 /* metadata is not in the file header, so try xattrs */ 1383 memset(page_virt, 0, PAGE_SIZE); 1384 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode); 1385 if (rc) { 1386 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1387 "file header region or xattr region, inode %lu\n", 1388 ecryptfs_inode->i_ino); 1389 rc = -EINVAL; 1390 goto out; 1391 } 1392 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, 1393 ecryptfs_dentry, 1394 ECRYPTFS_DONT_VALIDATE_HEADER_SIZE); 1395 if (rc) { 1396 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1397 "file xattr region either, inode %lu\n", 1398 ecryptfs_inode->i_ino); 1399 rc = -EINVAL; 1400 } 1401 if (crypt_stat->mount_crypt_stat->flags 1402 & ECRYPTFS_XATTR_METADATA_ENABLED) { 1403 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 1404 } else { 1405 printk(KERN_WARNING "Attempt to access file with " 1406 "crypto metadata only in the extended attribute " 1407 "region, but eCryptfs was mounted without " 1408 "xattr support enabled. eCryptfs will not treat " 1409 "this like an encrypted file, inode %lu\n", 1410 ecryptfs_inode->i_ino); 1411 rc = -EINVAL; 1412 } 1413 } 1414out: 1415 if (page_virt) { 1416 memset(page_virt, 0, PAGE_SIZE); 1417 kmem_cache_free(ecryptfs_header_cache, page_virt); 1418 } 1419 return rc; 1420} 1421 1422/* 1423 * ecryptfs_encrypt_filename - encrypt filename 1424 * 1425 * CBC-encrypts the filename. We do not want to encrypt the same 1426 * filename with the same key and IV, which may happen with hard 1427 * links, so we prepend random bits to each filename. 1428 * 1429 * Returns zero on success; non-zero otherwise 1430 */ 1431static int 1432ecryptfs_encrypt_filename(struct ecryptfs_filename *filename, 1433 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 1434{ 1435 int rc = 0; 1436 1437 filename->encrypted_filename = NULL; 1438 filename->encrypted_filename_size = 0; 1439 if (mount_crypt_stat && (mount_crypt_stat->flags 1440 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) { 1441 size_t packet_size; 1442 size_t remaining_bytes; 1443 1444 rc = ecryptfs_write_tag_70_packet( 1445 NULL, NULL, 1446 &filename->encrypted_filename_size, 1447 mount_crypt_stat, NULL, 1448 filename->filename_size); 1449 if (rc) { 1450 printk(KERN_ERR "%s: Error attempting to get packet " 1451 "size for tag 72; rc = [%d]\n", __func__, 1452 rc); 1453 filename->encrypted_filename_size = 0; 1454 goto out; 1455 } 1456 filename->encrypted_filename = 1457 kmalloc(filename->encrypted_filename_size, GFP_KERNEL); 1458 if (!filename->encrypted_filename) { 1459 rc = -ENOMEM; 1460 goto out; 1461 } 1462 remaining_bytes = filename->encrypted_filename_size; 1463 rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename, 1464 &remaining_bytes, 1465 &packet_size, 1466 mount_crypt_stat, 1467 filename->filename, 1468 filename->filename_size); 1469 if (rc) { 1470 printk(KERN_ERR "%s: Error attempting to generate " 1471 "tag 70 packet; rc = [%d]\n", __func__, 1472 rc); 1473 kfree(filename->encrypted_filename); 1474 filename->encrypted_filename = NULL; 1475 filename->encrypted_filename_size = 0; 1476 goto out; 1477 } 1478 filename->encrypted_filename_size = packet_size; 1479 } else { 1480 printk(KERN_ERR "%s: No support for requested filename " 1481 "encryption method in this release\n", __func__); 1482 rc = -EOPNOTSUPP; 1483 goto out; 1484 } 1485out: 1486 return rc; 1487} 1488 1489static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size, 1490 const char *name, size_t name_size) 1491{ 1492 int rc = 0; 1493 1494 (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL); 1495 if (!(*copied_name)) { 1496 rc = -ENOMEM; 1497 goto out; 1498 } 1499 memcpy((void *)(*copied_name), (void *)name, name_size); 1500 (*copied_name)[(name_size)] = '\0'; /* Only for convenience 1501 * in printing out the 1502 * string in debug 1503 * messages */ 1504 (*copied_name_size) = name_size; 1505out: 1506 return rc; 1507} 1508 1509/** 1510 * ecryptfs_process_key_cipher - Perform key cipher initialization. 1511 * @key_tfm: Crypto context for key material, set by this function 1512 * @cipher_name: Name of the cipher 1513 * @key_size: Size of the key in bytes 1514 * 1515 * Returns zero on success. Any crypto_tfm structs allocated here 1516 * should be released by other functions, such as on a superblock put 1517 * event, regardless of whether this function succeeds for fails. 1518 */ 1519static int 1520ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm, 1521 char *cipher_name, size_t *key_size) 1522{ 1523 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1524 char *full_alg_name = NULL; 1525 int rc; 1526 1527 *key_tfm = NULL; 1528 if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { 1529 rc = -EINVAL; 1530 printk(KERN_ERR "Requested key size is [%zd] bytes; maximum " 1531 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); 1532 goto out; 1533 } 1534 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name, 1535 "ecb"); 1536 if (rc) 1537 goto out; 1538 *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); 1539 if (IS_ERR(*key_tfm)) { 1540 rc = PTR_ERR(*key_tfm); 1541 printk(KERN_ERR "Unable to allocate crypto cipher with name " 1542 "[%s]; rc = [%d]\n", full_alg_name, rc); 1543 goto out; 1544 } 1545 crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1546 if (*key_size == 0) 1547 *key_size = crypto_skcipher_max_keysize(*key_tfm); 1548 get_random_bytes(dummy_key, *key_size); 1549 rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size); 1550 if (rc) { 1551 printk(KERN_ERR "Error attempting to set key of size [%zd] for " 1552 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, 1553 rc); 1554 rc = -EINVAL; 1555 goto out; 1556 } 1557out: 1558 kfree(full_alg_name); 1559 return rc; 1560} 1561 1562struct kmem_cache *ecryptfs_key_tfm_cache; 1563static struct list_head key_tfm_list; 1564DEFINE_MUTEX(key_tfm_list_mutex); 1565 1566int __init ecryptfs_init_crypto(void) 1567{ 1568 INIT_LIST_HEAD(&key_tfm_list); 1569 return 0; 1570} 1571 1572/** 1573 * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list 1574 * 1575 * Called only at module unload time 1576 */ 1577int ecryptfs_destroy_crypto(void) 1578{ 1579 struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp; 1580 1581 mutex_lock(&key_tfm_list_mutex); 1582 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, 1583 key_tfm_list) { 1584 list_del(&key_tfm->key_tfm_list); 1585 crypto_free_skcipher(key_tfm->key_tfm); 1586 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); 1587 } 1588 mutex_unlock(&key_tfm_list_mutex); 1589 return 0; 1590} 1591 1592int 1593ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, 1594 size_t key_size) 1595{ 1596 struct ecryptfs_key_tfm *tmp_tfm; 1597 int rc = 0; 1598 1599 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); 1600 1601 tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL); 1602 if (key_tfm) 1603 (*key_tfm) = tmp_tfm; 1604 if (!tmp_tfm) { 1605 rc = -ENOMEM; 1606 goto out; 1607 } 1608 mutex_init(&tmp_tfm->key_tfm_mutex); 1609 strncpy(tmp_tfm->cipher_name, cipher_name, 1610 ECRYPTFS_MAX_CIPHER_NAME_SIZE); 1611 tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0'; 1612 tmp_tfm->key_size = key_size; 1613 rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm, 1614 tmp_tfm->cipher_name, 1615 &tmp_tfm->key_size); 1616 if (rc) { 1617 printk(KERN_ERR "Error attempting to initialize key TFM " 1618 "cipher with name = [%s]; rc = [%d]\n", 1619 tmp_tfm->cipher_name, rc); 1620 kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm); 1621 if (key_tfm) 1622 (*key_tfm) = NULL; 1623 goto out; 1624 } 1625 list_add(&tmp_tfm->key_tfm_list, &key_tfm_list); 1626out: 1627 return rc; 1628} 1629 1630/** 1631 * ecryptfs_tfm_exists - Search for existing tfm for cipher_name. 1632 * @cipher_name: the name of the cipher to search for 1633 * @key_tfm: set to corresponding tfm if found 1634 * 1635 * Searches for cached key_tfm matching @cipher_name 1636 * Must be called with &key_tfm_list_mutex held 1637 * Returns 1 if found, with @key_tfm set 1638 * Returns 0 if not found, with @key_tfm set to NULL 1639 */ 1640int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm) 1641{ 1642 struct ecryptfs_key_tfm *tmp_key_tfm; 1643 1644 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); 1645 1646 list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) { 1647 if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) { 1648 if (key_tfm) 1649 (*key_tfm) = tmp_key_tfm; 1650 return 1; 1651 } 1652 } 1653 if (key_tfm) 1654 (*key_tfm) = NULL; 1655 return 0; 1656} 1657 1658/** 1659 * ecryptfs_get_tfm_and_mutex_for_cipher_name 1660 * 1661 * @tfm: set to cached tfm found, or new tfm created 1662 * @tfm_mutex: set to mutex for cached tfm found, or new tfm created 1663 * @cipher_name: the name of the cipher to search for and/or add 1664 * 1665 * Sets pointers to @tfm & @tfm_mutex matching @cipher_name. 1666 * Searches for cached item first, and creates new if not found. 1667 * Returns 0 on success, non-zero if adding new cipher failed 1668 */ 1669int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, 1670 struct mutex **tfm_mutex, 1671 char *cipher_name) 1672{ 1673 struct ecryptfs_key_tfm *key_tfm; 1674 int rc = 0; 1675 1676 (*tfm) = NULL; 1677 (*tfm_mutex) = NULL; 1678 1679 mutex_lock(&key_tfm_list_mutex); 1680 if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) { 1681 rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0); 1682 if (rc) { 1683 printk(KERN_ERR "Error adding new key_tfm to list; " 1684 "rc = [%d]\n", rc); 1685 goto out; 1686 } 1687 } 1688 (*tfm) = key_tfm->key_tfm; 1689 (*tfm_mutex) = &key_tfm->key_tfm_mutex; 1690out: 1691 mutex_unlock(&key_tfm_list_mutex); 1692 return rc; 1693} 1694 1695/* 64 characters forming a 6-bit target field */ 1696static unsigned char *portable_filename_chars = ("-.0123456789ABCD" 1697 "EFGHIJKLMNOPQRST" 1698 "UVWXYZabcdefghij" 1699 "klmnopqrstuvwxyz"); 1700 1701/* We could either offset on every reverse map or just pad some 0x00's 1702 * at the front here */ 1703static const unsigned char filename_rev_map[256] = { 1704 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */ 1705 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */ 1706 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */ 1707 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */ 1708 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */ 1709 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */ 1710 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */ 1711 0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */ 1712 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */ 1713 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */ 1714 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */ 1715 0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */ 1716 0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */ 1717 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */ 1718 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */ 1719 0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */ 1720}; 1721 1722/** 1723 * ecryptfs_encode_for_filename 1724 * @dst: Destination location for encoded filename 1725 * @dst_size: Size of the encoded filename in bytes 1726 * @src: Source location for the filename to encode 1727 * @src_size: Size of the source in bytes 1728 */ 1729static void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size, 1730 unsigned char *src, size_t src_size) 1731{ 1732 size_t num_blocks; 1733 size_t block_num = 0; 1734 size_t dst_offset = 0; 1735 unsigned char last_block[3]; 1736 1737 if (src_size == 0) { 1738 (*dst_size) = 0; 1739 goto out; 1740 } 1741 num_blocks = (src_size / 3); 1742 if ((src_size % 3) == 0) { 1743 memcpy(last_block, (&src[src_size - 3]), 3); 1744 } else { 1745 num_blocks++; 1746 last_block[2] = 0x00; 1747 switch (src_size % 3) { 1748 case 1: 1749 last_block[0] = src[src_size - 1]; 1750 last_block[1] = 0x00; 1751 break; 1752 case 2: 1753 last_block[0] = src[src_size - 2]; 1754 last_block[1] = src[src_size - 1]; 1755 } 1756 } 1757 (*dst_size) = (num_blocks * 4); 1758 if (!dst) 1759 goto out; 1760 while (block_num < num_blocks) { 1761 unsigned char *src_block; 1762 unsigned char dst_block[4]; 1763 1764 if (block_num == (num_blocks - 1)) 1765 src_block = last_block; 1766 else 1767 src_block = &src[block_num * 3]; 1768 dst_block[0] = ((src_block[0] >> 2) & 0x3F); 1769 dst_block[1] = (((src_block[0] << 4) & 0x30) 1770 | ((src_block[1] >> 4) & 0x0F)); 1771 dst_block[2] = (((src_block[1] << 2) & 0x3C) 1772 | ((src_block[2] >> 6) & 0x03)); 1773 dst_block[3] = (src_block[2] & 0x3F); 1774 dst[dst_offset++] = portable_filename_chars[dst_block[0]]; 1775 dst[dst_offset++] = portable_filename_chars[dst_block[1]]; 1776 dst[dst_offset++] = portable_filename_chars[dst_block[2]]; 1777 dst[dst_offset++] = portable_filename_chars[dst_block[3]]; 1778 block_num++; 1779 } 1780out: 1781 return; 1782} 1783 1784static size_t ecryptfs_max_decoded_size(size_t encoded_size) 1785{ 1786 /* Not exact; conservatively long. Every block of 4 1787 * encoded characters decodes into a block of 3 1788 * decoded characters. This segment of code provides 1789 * the caller with the maximum amount of allocated 1790 * space that @dst will need to point to in a 1791 * subsequent call. */ 1792 return ((encoded_size + 1) * 3) / 4; 1793} 1794 1795/** 1796 * ecryptfs_decode_from_filename 1797 * @dst: If NULL, this function only sets @dst_size and returns. If 1798 * non-NULL, this function decodes the encoded octets in @src 1799 * into the memory that @dst points to. 1800 * @dst_size: Set to the size of the decoded string. 1801 * @src: The encoded set of octets to decode. 1802 * @src_size: The size of the encoded set of octets to decode. 1803 */ 1804static void 1805ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, 1806 const unsigned char *src, size_t src_size) 1807{ 1808 u8 current_bit_offset = 0; 1809 size_t src_byte_offset = 0; 1810 size_t dst_byte_offset = 0; 1811 1812 if (!dst) { 1813 (*dst_size) = ecryptfs_max_decoded_size(src_size); 1814 goto out; 1815 } 1816 while (src_byte_offset < src_size) { 1817 unsigned char src_byte = 1818 filename_rev_map[(int)src[src_byte_offset]]; 1819 1820 switch (current_bit_offset) { 1821 case 0: 1822 dst[dst_byte_offset] = (src_byte << 2); 1823 current_bit_offset = 6; 1824 break; 1825 case 6: 1826 dst[dst_byte_offset++] |= (src_byte >> 4); 1827 dst[dst_byte_offset] = ((src_byte & 0xF) 1828 << 4); 1829 current_bit_offset = 4; 1830 break; 1831 case 4: 1832 dst[dst_byte_offset++] |= (src_byte >> 2); 1833 dst[dst_byte_offset] = (src_byte << 6); 1834 current_bit_offset = 2; 1835 break; 1836 case 2: 1837 dst[dst_byte_offset++] |= (src_byte); 1838 current_bit_offset = 0; 1839 break; 1840 } 1841 src_byte_offset++; 1842 } 1843 (*dst_size) = dst_byte_offset; 1844out: 1845 return; 1846} 1847 1848/** 1849 * ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text 1850 * @encoded_name: The encrypted name 1851 * @encoded_name_size: Length of the encrypted name 1852 * @mount_crypt_stat: The crypt_stat struct associated with the file name to encode 1853 * @name: The plaintext name 1854 * @name_size: The length of the plaintext name 1855 * 1856 * Encrypts and encodes a filename into something that constitutes a 1857 * valid filename for a filesystem, with printable characters. 1858 * 1859 * We assume that we have a properly initialized crypto context, 1860 * pointed to by crypt_stat->tfm. 1861 * 1862 * Returns zero on success; non-zero on otherwise 1863 */ 1864int ecryptfs_encrypt_and_encode_filename( 1865 char **encoded_name, 1866 size_t *encoded_name_size, 1867 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 1868 const char *name, size_t name_size) 1869{ 1870 size_t encoded_name_no_prefix_size; 1871 int rc = 0; 1872 1873 (*encoded_name) = NULL; 1874 (*encoded_name_size) = 0; 1875 if (mount_crypt_stat && (mount_crypt_stat->flags 1876 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) { 1877 struct ecryptfs_filename *filename; 1878 1879 filename = kzalloc(sizeof(*filename), GFP_KERNEL); 1880 if (!filename) { 1881 rc = -ENOMEM; 1882 goto out; 1883 } 1884 filename->filename = (char *)name; 1885 filename->filename_size = name_size; 1886 rc = ecryptfs_encrypt_filename(filename, mount_crypt_stat); 1887 if (rc) { 1888 printk(KERN_ERR "%s: Error attempting to encrypt " 1889 "filename; rc = [%d]\n", __func__, rc); 1890 kfree(filename); 1891 goto out; 1892 } 1893 ecryptfs_encode_for_filename( 1894 NULL, &encoded_name_no_prefix_size, 1895 filename->encrypted_filename, 1896 filename->encrypted_filename_size); 1897 if (mount_crypt_stat 1898 && (mount_crypt_stat->flags 1899 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) 1900 (*encoded_name_size) = 1901 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1902 + encoded_name_no_prefix_size); 1903 else 1904 (*encoded_name_size) = 1905 (ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1906 + encoded_name_no_prefix_size); 1907 (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL); 1908 if (!(*encoded_name)) { 1909 rc = -ENOMEM; 1910 kfree(filename->encrypted_filename); 1911 kfree(filename); 1912 goto out; 1913 } 1914 if (mount_crypt_stat 1915 && (mount_crypt_stat->flags 1916 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) { 1917 memcpy((*encoded_name), 1918 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, 1919 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE); 1920 ecryptfs_encode_for_filename( 1921 ((*encoded_name) 1922 + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE), 1923 &encoded_name_no_prefix_size, 1924 filename->encrypted_filename, 1925 filename->encrypted_filename_size); 1926 (*encoded_name_size) = 1927 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1928 + encoded_name_no_prefix_size); 1929 (*encoded_name)[(*encoded_name_size)] = '\0'; 1930 } else { 1931 rc = -EOPNOTSUPP; 1932 } 1933 if (rc) { 1934 printk(KERN_ERR "%s: Error attempting to encode " 1935 "encrypted filename; rc = [%d]\n", __func__, 1936 rc); 1937 kfree((*encoded_name)); 1938 (*encoded_name) = NULL; 1939 (*encoded_name_size) = 0; 1940 } 1941 kfree(filename->encrypted_filename); 1942 kfree(filename); 1943 } else { 1944 rc = ecryptfs_copy_filename(encoded_name, 1945 encoded_name_size, 1946 name, name_size); 1947 } 1948out: 1949 return rc; 1950} 1951 1952/** 1953 * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext 1954 * @plaintext_name: The plaintext name 1955 * @plaintext_name_size: The plaintext name size 1956 * @sb: Ecryptfs's super_block 1957 * @name: The filename in cipher text 1958 * @name_size: The cipher text name size 1959 * 1960 * Decrypts and decodes the filename. 1961 * 1962 * Returns zero on error; non-zero otherwise 1963 */ 1964int ecryptfs_decode_and_decrypt_filename(char **plaintext_name, 1965 size_t *plaintext_name_size, 1966 struct super_block *sb, 1967 const char *name, size_t name_size) 1968{ 1969 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1970 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat; 1971 char *decoded_name; 1972 size_t decoded_name_size; 1973 size_t packet_size; 1974 int rc = 0; 1975 1976 if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) && 1977 !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)) { 1978 if (is_dot_dotdot(name, name_size)) { 1979 rc = ecryptfs_copy_filename(plaintext_name, 1980 plaintext_name_size, 1981 name, name_size); 1982 goto out; 1983 } 1984 1985 if (name_size <= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE || 1986 strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, 1987 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)) { 1988 rc = -EINVAL; 1989 goto out; 1990 } 1991 1992 name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 1993 name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 1994 ecryptfs_decode_from_filename(NULL, &decoded_name_size, 1995 name, name_size); 1996 decoded_name = kmalloc(decoded_name_size, GFP_KERNEL); 1997 if (!decoded_name) { 1998 rc = -ENOMEM; 1999 goto out; 2000 } 2001 ecryptfs_decode_from_filename(decoded_name, &decoded_name_size, 2002 name, name_size); 2003 rc = ecryptfs_parse_tag_70_packet(plaintext_name, 2004 plaintext_name_size, 2005 &packet_size, 2006 mount_crypt_stat, 2007 decoded_name, 2008 decoded_name_size); 2009 if (rc) { 2010 ecryptfs_printk(KERN_DEBUG, 2011 "%s: Could not parse tag 70 packet from filename\n", 2012 __func__); 2013 goto out_free; 2014 } 2015 } else { 2016 rc = ecryptfs_copy_filename(plaintext_name, 2017 plaintext_name_size, 2018 name, name_size); 2019 goto out; 2020 } 2021out_free: 2022 kfree(decoded_name); 2023out: 2024 return rc; 2025} 2026 2027#define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143 2028 2029int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, 2030 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 2031{ 2032 struct crypto_skcipher *tfm; 2033 struct mutex *tfm_mutex; 2034 size_t cipher_blocksize; 2035 int rc; 2036 2037 if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) { 2038 (*namelen) = lower_namelen; 2039 return 0; 2040 } 2041 2042 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, 2043 mount_crypt_stat->global_default_fn_cipher_name); 2044 if (unlikely(rc)) { 2045 (*namelen) = 0; 2046 return rc; 2047 } 2048 2049 mutex_lock(tfm_mutex); 2050 cipher_blocksize = crypto_skcipher_blocksize(tfm); 2051 mutex_unlock(tfm_mutex); 2052 2053 /* Return an exact amount for the common cases */ 2054 if (lower_namelen == NAME_MAX 2055 && (cipher_blocksize == 8 || cipher_blocksize == 16)) { 2056 (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16; 2057 return 0; 2058 } 2059 2060 /* Return a safe estimate for the uncommon cases */ 2061 (*namelen) = lower_namelen; 2062 (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 2063 /* Since this is the max decoded size, subtract 1 "decoded block" len */ 2064 (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3; 2065 (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE; 2066 (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES; 2067 /* Worst case is that the filename is padded nearly a full block size */ 2068 (*namelen) -= cipher_blocksize - 1; 2069 2070 if ((*namelen) < 0) 2071 (*namelen) = 0; 2072 2073 return 0; 2074} 2075