aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2016-01-24 21:29:33 -0500
committerHerbert Xu <herbert@gondor.apana.org.au>2016-01-27 07:36:18 -0500
commit3095e8e366b471f3bcdbf21c9c72a45718ff8756 (patch)
treed0eeca59d06f37bbe1e4934e694acf9b4463f232 /fs/ecryptfs
parentcf80e0e47e0e7a8994dfadefec0e1395c622817a (diff)
eCryptfs: Use skcipher and shash
This patch replaces uses of ablkcipher and blkcipher with skcipher, and the long obsolete hash interface with shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/crypto.c107
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h12
-rw-r--r--fs/ecryptfs/inode.c1
-rw-r--r--fs/ecryptfs/keystore.c218
-rw-r--r--fs/ecryptfs/main.c1
-rw-r--r--fs/ecryptfs/mmap.c1
-rw-r--r--fs/ecryptfs/super.c1
7 files changed, 180 insertions, 161 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 80d6901493cf..11255cbcb2db 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -23,6 +23,8 @@
23 * 02111-1307, USA. 23 * 02111-1307, USA.
24 */ 24 */
25 25
26#include <crypto/hash.h>
27#include <crypto/skcipher.h>
26#include <linux/fs.h> 28#include <linux/fs.h>
27#include <linux/mount.h> 29#include <linux/mount.h>
28#include <linux/pagemap.h> 30#include <linux/pagemap.h>
@@ -30,7 +32,6 @@
30#include <linux/compiler.h> 32#include <linux/compiler.h>
31#include <linux/key.h> 33#include <linux/key.h>
32#include <linux/namei.h> 34#include <linux/namei.h>
33#include <linux/crypto.h>
34#include <linux/file.h> 35#include <linux/file.h>
35#include <linux/scatterlist.h> 36#include <linux/scatterlist.h>
36#include <linux/slab.h> 37#include <linux/slab.h>
@@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size)
74 } 75 }
75} 76}
76 77
78static int ecryptfs_hash_digest(struct crypto_shash *tfm,
79 char *src, int len, char *dst)
80{
81 SHASH_DESC_ON_STACK(desc, tfm);
82 int err;
83
84 desc->tfm = tfm;
85 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
86 err = crypto_shash_digest(desc, src, len, dst);
87 shash_desc_zero(desc);
88 return err;
89}
90
77/** 91/**
78 * ecryptfs_calculate_md5 - calculates the md5 of @src 92 * ecryptfs_calculate_md5 - calculates the md5 of @src
79 * @dst: Pointer to 16 bytes of allocated memory 93 * @dst: Pointer to 16 bytes of allocated memory
@@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst,
88 struct ecryptfs_crypt_stat *crypt_stat, 102 struct ecryptfs_crypt_stat *crypt_stat,
89 char *src, int len) 103 char *src, int len)
90{ 104{
91 struct scatterlist sg; 105 struct crypto_shash *tfm;
92 struct hash_desc desc = {
93 .tfm = crypt_stat->hash_tfm,
94 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
95 };
96 int rc = 0; 106 int rc = 0;
97 107
98 mutex_lock(&crypt_stat->cs_hash_tfm_mutex); 108 mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
99 sg_init_one(&sg, (u8 *)src, len); 109 tfm = crypt_stat->hash_tfm;
100 if (!desc.tfm) { 110 if (!tfm) {
101 desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, 111 tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
102 CRYPTO_ALG_ASYNC); 112 if (IS_ERR(tfm)) {
103 if (IS_ERR(desc.tfm)) { 113 rc = PTR_ERR(tfm);
104 rc = PTR_ERR(desc.tfm);
105 ecryptfs_printk(KERN_ERR, "Error attempting to " 114 ecryptfs_printk(KERN_ERR, "Error attempting to "
106 "allocate crypto context; rc = [%d]\n", 115 "allocate crypto context; rc = [%d]\n",
107 rc); 116 rc);
108 goto out; 117 goto out;
109 } 118 }
110 crypt_stat->hash_tfm = desc.tfm; 119 crypt_stat->hash_tfm = tfm;
111 }
112 rc = crypto_hash_init(&desc);
113 if (rc) {
114 printk(KERN_ERR
115 "%s: Error initializing crypto hash; rc = [%d]\n",
116 __func__, rc);
117 goto out;
118 } 120 }
119 rc = crypto_hash_update(&desc, &sg, len); 121 rc = ecryptfs_hash_digest(tfm, src, len, dst);
120 if (rc) { 122 if (rc) {
121 printk(KERN_ERR 123 printk(KERN_ERR
122 "%s: Error updating crypto hash; rc = [%d]\n", 124 "%s: Error computing crypto hash; rc = [%d]\n",
123 __func__, rc);
124 goto out;
125 }
126 rc = crypto_hash_final(&desc, dst);
127 if (rc) {
128 printk(KERN_ERR
129 "%s: Error finalizing crypto hash; rc = [%d]\n",
130 __func__, rc); 125 __func__, rc);
131 goto out; 126 goto out;
132 } 127 }
@@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
234{ 229{
235 struct ecryptfs_key_sig *key_sig, *key_sig_tmp; 230 struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
236 231
237 if (crypt_stat->tfm) 232 crypto_free_skcipher(crypt_stat->tfm);
238 crypto_free_ablkcipher(crypt_stat->tfm); 233 crypto_free_shash(crypt_stat->hash_tfm);
239 if (crypt_stat->hash_tfm)
240 crypto_free_hash(crypt_stat->hash_tfm);
241 list_for_each_entry_safe(key_sig, key_sig_tmp, 234 list_for_each_entry_safe(key_sig, key_sig_tmp,
242 &crypt_stat->keysig_list, crypt_stat_list) { 235 &crypt_stat->keysig_list, crypt_stat_list) {
243 list_del(&key_sig->crypt_stat_list); 236 list_del(&key_sig->crypt_stat_list);
@@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
342 struct scatterlist *src_sg, int size, 335 struct scatterlist *src_sg, int size,
343 unsigned char *iv, int op) 336 unsigned char *iv, int op)
344{ 337{
345 struct ablkcipher_request *req = NULL; 338 struct skcipher_request *req = NULL;
346 struct extent_crypt_result ecr; 339 struct extent_crypt_result ecr;
347 int rc = 0; 340 int rc = 0;
348 341
@@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
358 init_completion(&ecr.completion); 351 init_completion(&ecr.completion);
359 352
360 mutex_lock(&crypt_stat->cs_tfm_mutex); 353 mutex_lock(&crypt_stat->cs_tfm_mutex);
361 req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); 354 req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
362 if (!req) { 355 if (!req) {
363 mutex_unlock(&crypt_stat->cs_tfm_mutex); 356 mutex_unlock(&crypt_stat->cs_tfm_mutex);
364 rc = -ENOMEM; 357 rc = -ENOMEM;
365 goto out; 358 goto out;
366 } 359 }
367 360
368 ablkcipher_request_set_callback(req, 361 skcipher_request_set_callback(req,
369 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 362 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
370 extent_crypt_complete, &ecr); 363 extent_crypt_complete, &ecr);
371 /* Consider doing this once, when the file is opened */ 364 /* Consider doing this once, when the file is opened */
372 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { 365 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
373 rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, 366 rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key,
374 crypt_stat->key_size); 367 crypt_stat->key_size);
375 if (rc) { 368 if (rc) {
376 ecryptfs_printk(KERN_ERR, 369 ecryptfs_printk(KERN_ERR,
377 "Error setting key; rc = [%d]\n", 370 "Error setting key; rc = [%d]\n",
@@ -383,9 +376,9 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
383 crypt_stat->flags |= ECRYPTFS_KEY_SET; 376 crypt_stat->flags |= ECRYPTFS_KEY_SET;
384 } 377 }
385 mutex_unlock(&crypt_stat->cs_tfm_mutex); 378 mutex_unlock(&crypt_stat->cs_tfm_mutex);
386 ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); 379 skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv);
387 rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : 380 rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) :
388 crypto_ablkcipher_decrypt(req); 381 crypto_skcipher_decrypt(req);
389 if (rc == -EINPROGRESS || rc == -EBUSY) { 382 if (rc == -EINPROGRESS || rc == -EBUSY) {
390 struct extent_crypt_result *ecr = req->base.data; 383 struct extent_crypt_result *ecr = req->base.data;
391 384
@@ -394,7 +387,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
394 reinit_completion(&ecr->completion); 387 reinit_completion(&ecr->completion);
395 } 388 }
396out: 389out:
397 ablkcipher_request_free(req); 390 skcipher_request_free(req);
398 return rc; 391 return rc;
399} 392}
400 393
@@ -622,7 +615,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
622 crypt_stat->cipher, "cbc"); 615 crypt_stat->cipher, "cbc");
623 if (rc) 616 if (rc)
624 goto out_unlock; 617 goto out_unlock;
625 crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0); 618 crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0);
626 if (IS_ERR(crypt_stat->tfm)) { 619 if (IS_ERR(crypt_stat->tfm)) {
627 rc = PTR_ERR(crypt_stat->tfm); 620 rc = PTR_ERR(crypt_stat->tfm);
628 crypt_stat->tfm = NULL; 621 crypt_stat->tfm = NULL;
@@ -631,7 +624,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
631 full_alg_name); 624 full_alg_name);
632 goto out_free; 625 goto out_free;
633 } 626 }
634 crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); 627 crypto_skcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
635 rc = 0; 628 rc = 0;
636out_free: 629out_free:
637 kfree(full_alg_name); 630 kfree(full_alg_name);
@@ -1591,7 +1584,7 @@ out:
1591 * event, regardless of whether this function succeeds for fails. 1584 * event, regardless of whether this function succeeds for fails.
1592 */ 1585 */
1593static int 1586static int
1594ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, 1587ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm,
1595 char *cipher_name, size_t *key_size) 1588 char *cipher_name, size_t *key_size)
1596{ 1589{
1597 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1590 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
@@ -1609,21 +1602,18 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
1609 "ecb"); 1602 "ecb");
1610 if (rc) 1603 if (rc)
1611 goto out; 1604 goto out;
1612 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); 1605 *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1613 if (IS_ERR(*key_tfm)) { 1606 if (IS_ERR(*key_tfm)) {
1614 rc = PTR_ERR(*key_tfm); 1607 rc = PTR_ERR(*key_tfm);
1615 printk(KERN_ERR "Unable to allocate crypto cipher with name " 1608 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1616 "[%s]; rc = [%d]\n", full_alg_name, rc); 1609 "[%s]; rc = [%d]\n", full_alg_name, rc);
1617 goto out; 1610 goto out;
1618 } 1611 }
1619 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); 1612 crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1620 if (*key_size == 0) { 1613 if (*key_size == 0)
1621 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); 1614 *key_size = crypto_skcipher_default_keysize(*key_tfm);
1622
1623 *key_size = alg->max_keysize;
1624 }
1625 get_random_bytes(dummy_key, *key_size); 1615 get_random_bytes(dummy_key, *key_size);
1626 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); 1616 rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size);
1627 if (rc) { 1617 if (rc) {
1628 printk(KERN_ERR "Error attempting to set key of size [%zd] for " 1618 printk(KERN_ERR "Error attempting to set key of size [%zd] for "
1629 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, 1619 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
@@ -1660,8 +1650,7 @@ int ecryptfs_destroy_crypto(void)
1660 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, 1650 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
1661 key_tfm_list) { 1651 key_tfm_list) {
1662 list_del(&key_tfm->key_tfm_list); 1652 list_del(&key_tfm->key_tfm_list);
1663 if (key_tfm->key_tfm) 1653 crypto_free_skcipher(key_tfm->key_tfm);
1664 crypto_free_blkcipher(key_tfm->key_tfm);
1665 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); 1654 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
1666 } 1655 }
1667 mutex_unlock(&key_tfm_list_mutex); 1656 mutex_unlock(&key_tfm_list_mutex);
@@ -1747,7 +1736,7 @@ int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
1747 * Searches for cached item first, and creates new if not found. 1736 * Searches for cached item first, and creates new if not found.
1748 * Returns 0 on success, non-zero if adding new cipher failed 1737 * Returns 0 on success, non-zero if adding new cipher failed
1749 */ 1738 */
1750int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, 1739int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm,
1751 struct mutex **tfm_mutex, 1740 struct mutex **tfm_mutex,
1752 char *cipher_name) 1741 char *cipher_name)
1753{ 1742{
@@ -2120,7 +2109,7 @@ out:
2120int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, 2109int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2121 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 2110 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
2122{ 2111{
2123 struct blkcipher_desc desc; 2112 struct crypto_skcipher *tfm;
2124 struct mutex *tfm_mutex; 2113 struct mutex *tfm_mutex;
2125 size_t cipher_blocksize; 2114 size_t cipher_blocksize;
2126 int rc; 2115 int rc;
@@ -2130,7 +2119,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2130 return 0; 2119 return 0;
2131 } 2120 }
2132 2121
2133 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 2122 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2134 mount_crypt_stat->global_default_fn_cipher_name); 2123 mount_crypt_stat->global_default_fn_cipher_name);
2135 if (unlikely(rc)) { 2124 if (unlikely(rc)) {
2136 (*namelen) = 0; 2125 (*namelen) = 0;
@@ -2138,7 +2127,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2138 } 2127 }
2139 2128
2140 mutex_lock(tfm_mutex); 2129 mutex_lock(tfm_mutex);
2141 cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); 2130 cipher_blocksize = crypto_skcipher_blocksize(tfm);
2142 mutex_unlock(tfm_mutex); 2131 mutex_unlock(tfm_mutex);
2143 2132
2144 /* Return an exact amount for the common cases */ 2133 /* Return an exact amount for the common cases */
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 7b39260c7bba..b7f81287c688 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -28,6 +28,7 @@
28#ifndef ECRYPTFS_KERNEL_H 28#ifndef ECRYPTFS_KERNEL_H
29#define ECRYPTFS_KERNEL_H 29#define ECRYPTFS_KERNEL_H
30 30
31#include <crypto/skcipher.h>
31#include <keys/user-type.h> 32#include <keys/user-type.h>
32#include <keys/encrypted-type.h> 33#include <keys/encrypted-type.h>
33#include <linux/fs.h> 34#include <linux/fs.h>
@@ -38,7 +39,6 @@
38#include <linux/nsproxy.h> 39#include <linux/nsproxy.h>
39#include <linux/backing-dev.h> 40#include <linux/backing-dev.h>
40#include <linux/ecryptfs.h> 41#include <linux/ecryptfs.h>
41#include <linux/crypto.h>
42 42
43#define ECRYPTFS_DEFAULT_IV_BYTES 16 43#define ECRYPTFS_DEFAULT_IV_BYTES 16
44#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 44#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
@@ -233,9 +233,9 @@ struct ecryptfs_crypt_stat {
233 size_t extent_shift; 233 size_t extent_shift;
234 unsigned int extent_mask; 234 unsigned int extent_mask;
235 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 235 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
236 struct crypto_ablkcipher *tfm; 236 struct crypto_skcipher *tfm;
237 struct crypto_hash *hash_tfm; /* Crypto context for generating 237 struct crypto_shash *hash_tfm; /* Crypto context for generating
238 * the initialization vectors */ 238 * the initialization vectors */
239 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; 239 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
240 unsigned char key[ECRYPTFS_MAX_KEY_BYTES]; 240 unsigned char key[ECRYPTFS_MAX_KEY_BYTES];
241 unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES]; 241 unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];
@@ -309,7 +309,7 @@ struct ecryptfs_global_auth_tok {
309 * keeps a list of crypto API contexts around to use when needed. 309 * keeps a list of crypto API contexts around to use when needed.
310 */ 310 */
311struct ecryptfs_key_tfm { 311struct ecryptfs_key_tfm {
312 struct crypto_blkcipher *key_tfm; 312 struct crypto_skcipher *key_tfm;
313 size_t key_size; 313 size_t key_size;
314 struct mutex key_tfm_mutex; 314 struct mutex key_tfm_mutex;
315 struct list_head key_tfm_list; 315 struct list_head key_tfm_list;
@@ -659,7 +659,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
659int ecryptfs_init_crypto(void); 659int ecryptfs_init_crypto(void);
660int ecryptfs_destroy_crypto(void); 660int ecryptfs_destroy_crypto(void);
661int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm); 661int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm);
662int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, 662int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm,
663 struct mutex **tfm_mutex, 663 struct mutex **tfm_mutex,
664 char *cipher_name); 664 char *cipher_name);
665int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, 665int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 4e685ac1024d..0a8f1b469a63 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -29,7 +29,6 @@
29#include <linux/dcache.h> 29#include <linux/dcache.h>
30#include <linux/namei.h> 30#include <linux/namei.h>
31#include <linux/mount.h> 31#include <linux/mount.h>
32#include <linux/crypto.h>
33#include <linux/fs_stack.h> 32#include <linux/fs_stack.h>
34#include <linux/slab.h> 33#include <linux/slab.h>
35#include <linux/xattr.h> 34#include <linux/xattr.h>
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 6bd67e2011f0..c5c84dfb5b3e 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -25,11 +25,12 @@
25 * 02111-1307, USA. 25 * 02111-1307, USA.
26 */ 26 */
27 27
28#include <crypto/hash.h>
29#include <crypto/skcipher.h>
28#include <linux/string.h> 30#include <linux/string.h>
29#include <linux/pagemap.h> 31#include <linux/pagemap.h>
30#include <linux/key.h> 32#include <linux/key.h>
31#include <linux/random.h> 33#include <linux/random.h>
32#include <linux/crypto.h>
33#include <linux/scatterlist.h> 34#include <linux/scatterlist.h>
34#include <linux/slab.h> 35#include <linux/slab.h>
35#include "ecryptfs_kernel.h" 36#include "ecryptfs_kernel.h"
@@ -601,12 +602,13 @@ struct ecryptfs_write_tag_70_packet_silly_stack {
601 struct ecryptfs_auth_tok *auth_tok; 602 struct ecryptfs_auth_tok *auth_tok;
602 struct scatterlist src_sg[2]; 603 struct scatterlist src_sg[2];
603 struct scatterlist dst_sg[2]; 604 struct scatterlist dst_sg[2];
604 struct blkcipher_desc desc; 605 struct crypto_skcipher *skcipher_tfm;
606 struct skcipher_request *skcipher_req;
605 char iv[ECRYPTFS_MAX_IV_BYTES]; 607 char iv[ECRYPTFS_MAX_IV_BYTES];
606 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 608 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
607 char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 609 char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
608 struct hash_desc hash_desc; 610 struct crypto_shash *hash_tfm;
609 struct scatterlist hash_sg; 611 struct shash_desc *hash_desc;
610}; 612};
611 613
612/** 614/**
@@ -629,14 +631,13 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
629 struct key *auth_tok_key = NULL; 631 struct key *auth_tok_key = NULL;
630 int rc = 0; 632 int rc = 0;
631 633
632 s = kmalloc(sizeof(*s), GFP_KERNEL); 634 s = kzalloc(sizeof(*s), GFP_KERNEL);
633 if (!s) { 635 if (!s) {
634 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " 636 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
635 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); 637 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
636 rc = -ENOMEM; 638 rc = -ENOMEM;
637 goto out; 639 goto out;
638 } 640 }
639 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
640 (*packet_size) = 0; 641 (*packet_size) = 0;
641 rc = ecryptfs_find_auth_tok_for_sig( 642 rc = ecryptfs_find_auth_tok_for_sig(
642 &auth_tok_key, 643 &auth_tok_key,
@@ -649,7 +650,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
649 goto out; 650 goto out;
650 } 651 }
651 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( 652 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
652 &s->desc.tfm, 653 &s->skcipher_tfm,
653 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); 654 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
654 if (unlikely(rc)) { 655 if (unlikely(rc)) {
655 printk(KERN_ERR "Internal error whilst attempting to get " 656 printk(KERN_ERR "Internal error whilst attempting to get "
@@ -658,7 +659,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
658 goto out; 659 goto out;
659 } 660 }
660 mutex_lock(s->tfm_mutex); 661 mutex_lock(s->tfm_mutex);
661 s->block_size = crypto_blkcipher_blocksize(s->desc.tfm); 662 s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm);
662 /* Plus one for the \0 separator between the random prefix 663 /* Plus one for the \0 separator between the random prefix
663 * and the plaintext filename */ 664 * and the plaintext filename */
664 s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1); 665 s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
@@ -691,6 +692,19 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
691 rc = -EINVAL; 692 rc = -EINVAL;
692 goto out_unlock; 693 goto out_unlock;
693 } 694 }
695
696 s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
697 if (!s->skcipher_req) {
698 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
699 "skcipher_request_alloc for %s\n", __func__,
700 crypto_skcipher_driver_name(s->skcipher_tfm));
701 rc = -ENOMEM;
702 goto out_unlock;
703 }
704
705 skcipher_request_set_callback(s->skcipher_req,
706 CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
707
694 s->block_aligned_filename = kzalloc(s->block_aligned_filename_size, 708 s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
695 GFP_KERNEL); 709 GFP_KERNEL);
696 if (!s->block_aligned_filename) { 710 if (!s->block_aligned_filename) {
@@ -700,7 +714,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
700 rc = -ENOMEM; 714 rc = -ENOMEM;
701 goto out_unlock; 715 goto out_unlock;
702 } 716 }
703 s->i = 0;
704 dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE; 717 dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
705 rc = ecryptfs_write_packet_length(&dest[s->i], 718 rc = ecryptfs_write_packet_length(&dest[s->i],
706 (ECRYPTFS_SIG_SIZE 719 (ECRYPTFS_SIG_SIZE
@@ -738,40 +751,36 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
738 "password tokens\n", __func__); 751 "password tokens\n", __func__);
739 goto out_free_unlock; 752 goto out_free_unlock;
740 } 753 }
741 sg_init_one( 754 s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0);
742 &s->hash_sg, 755 if (IS_ERR(s->hash_tfm)) {
743 (u8 *)s->auth_tok->token.password.session_key_encryption_key, 756 rc = PTR_ERR(s->hash_tfm);
744 s->auth_tok->token.password.session_key_encryption_key_bytes);
745 s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
746 s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
747 CRYPTO_ALG_ASYNC);
748 if (IS_ERR(s->hash_desc.tfm)) {
749 rc = PTR_ERR(s->hash_desc.tfm);
750 printk(KERN_ERR "%s: Error attempting to " 757 printk(KERN_ERR "%s: Error attempting to "
751 "allocate hash crypto context; rc = [%d]\n", 758 "allocate hash crypto context; rc = [%d]\n",
752 __func__, rc); 759 __func__, rc);
753 goto out_free_unlock; 760 goto out_free_unlock;
754 } 761 }
755 rc = crypto_hash_init(&s->hash_desc); 762
756 if (rc) { 763 s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
757 printk(KERN_ERR 764 crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
758 "%s: Error initializing crypto hash; rc = [%d]\n", 765 if (!s->hash_desc) {
759 __func__, rc); 766 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
760 goto out_release_free_unlock; 767 "kmalloc [%zd] bytes\n", __func__,
761 } 768 sizeof(*s->hash_desc) +
762 rc = crypto_hash_update( 769 crypto_shash_descsize(s->hash_tfm));
763 &s->hash_desc, &s->hash_sg, 770 rc = -ENOMEM;
764 s->auth_tok->token.password.session_key_encryption_key_bytes);
765 if (rc) {
766 printk(KERN_ERR
767 "%s: Error updating crypto hash; rc = [%d]\n",
768 __func__, rc);
769 goto out_release_free_unlock; 771 goto out_release_free_unlock;
770 } 772 }
771 rc = crypto_hash_final(&s->hash_desc, s->hash); 773
774 s->hash_desc->tfm = s->hash_tfm;
775 s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
776
777 rc = crypto_shash_digest(s->hash_desc,
778 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
779 s->auth_tok->token.password.session_key_encryption_key_bytes,
780 s->hash);
772 if (rc) { 781 if (rc) {
773 printk(KERN_ERR 782 printk(KERN_ERR
774 "%s: Error finalizing crypto hash; rc = [%d]\n", 783 "%s: Error computing crypto hash; rc = [%d]\n",
775 __func__, rc); 784 __func__, rc);
776 goto out_release_free_unlock; 785 goto out_release_free_unlock;
777 } 786 }
@@ -780,27 +789,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
780 s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)]; 789 s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
781 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE) 790 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
782 == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) { 791 == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
783 sg_init_one(&s->hash_sg, (u8 *)s->hash, 792 rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash,
784 ECRYPTFS_TAG_70_DIGEST_SIZE); 793 ECRYPTFS_TAG_70_DIGEST_SIZE,
785 rc = crypto_hash_init(&s->hash_desc); 794 s->tmp_hash);
786 if (rc) {
787 printk(KERN_ERR
788 "%s: Error initializing crypto hash; "
789 "rc = [%d]\n", __func__, rc);
790 goto out_release_free_unlock;
791 }
792 rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
793 ECRYPTFS_TAG_70_DIGEST_SIZE);
794 if (rc) { 795 if (rc) {
795 printk(KERN_ERR 796 printk(KERN_ERR
796 "%s: Error updating crypto hash; " 797 "%s: Error computing crypto hash; "
797 "rc = [%d]\n", __func__, rc);
798 goto out_release_free_unlock;
799 }
800 rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
801 if (rc) {
802 printk(KERN_ERR
803 "%s: Error finalizing crypto hash; "
804 "rc = [%d]\n", __func__, rc); 798 "rc = [%d]\n", __func__, rc);
805 goto out_release_free_unlock; 799 goto out_release_free_unlock;
806 } 800 }
@@ -834,10 +828,8 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
834 * of the IV here, so we just use 0's for the IV. Note the 828 * of the IV here, so we just use 0's for the IV. Note the
835 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 829 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
836 * >= ECRYPTFS_MAX_IV_BYTES. */ 830 * >= ECRYPTFS_MAX_IV_BYTES. */
837 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); 831 rc = crypto_skcipher_setkey(
838 s->desc.info = s->iv; 832 s->skcipher_tfm,
839 rc = crypto_blkcipher_setkey(
840 s->desc.tfm,
841 s->auth_tok->token.password.session_key_encryption_key, 833 s->auth_tok->token.password.session_key_encryption_key,
842 mount_crypt_stat->global_default_fn_cipher_key_bytes); 834 mount_crypt_stat->global_default_fn_cipher_key_bytes);
843 if (rc < 0) { 835 if (rc < 0) {
@@ -850,8 +842,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
850 mount_crypt_stat->global_default_fn_cipher_key_bytes); 842 mount_crypt_stat->global_default_fn_cipher_key_bytes);
851 goto out_release_free_unlock; 843 goto out_release_free_unlock;
852 } 844 }
853 rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, 845 skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
854 s->block_aligned_filename_size); 846 s->block_aligned_filename_size, s->iv);
847 rc = crypto_skcipher_encrypt(s->skcipher_req);
855 if (rc) { 848 if (rc) {
856 printk(KERN_ERR "%s: Error attempting to encrypt filename; " 849 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
857 "rc = [%d]\n", __func__, rc); 850 "rc = [%d]\n", __func__, rc);
@@ -861,7 +854,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
861 (*packet_size) = s->i; 854 (*packet_size) = s->i;
862 (*remaining_bytes) -= (*packet_size); 855 (*remaining_bytes) -= (*packet_size);
863out_release_free_unlock: 856out_release_free_unlock:
864 crypto_free_hash(s->hash_desc.tfm); 857 crypto_free_shash(s->hash_tfm);
865out_free_unlock: 858out_free_unlock:
866 kzfree(s->block_aligned_filename); 859 kzfree(s->block_aligned_filename);
867out_unlock: 860out_unlock:
@@ -871,6 +864,8 @@ out:
871 up_write(&(auth_tok_key->sem)); 864 up_write(&(auth_tok_key->sem));
872 key_put(auth_tok_key); 865 key_put(auth_tok_key);
873 } 866 }
867 skcipher_request_free(s->skcipher_req);
868 kzfree(s->hash_desc);
874 kfree(s); 869 kfree(s);
875 return rc; 870 return rc;
876} 871}
@@ -888,7 +883,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack {
888 struct ecryptfs_auth_tok *auth_tok; 883 struct ecryptfs_auth_tok *auth_tok;
889 struct scatterlist src_sg[2]; 884 struct scatterlist src_sg[2];
890 struct scatterlist dst_sg[2]; 885 struct scatterlist dst_sg[2];
891 struct blkcipher_desc desc; 886 struct crypto_skcipher *skcipher_tfm;
887 struct skcipher_request *skcipher_req;
892 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; 888 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
893 char iv[ECRYPTFS_MAX_IV_BYTES]; 889 char iv[ECRYPTFS_MAX_IV_BYTES];
894 char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; 890 char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
@@ -922,14 +918,13 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
922 (*packet_size) = 0; 918 (*packet_size) = 0;
923 (*filename_size) = 0; 919 (*filename_size) = 0;
924 (*filename) = NULL; 920 (*filename) = NULL;
925 s = kmalloc(sizeof(*s), GFP_KERNEL); 921 s = kzalloc(sizeof(*s), GFP_KERNEL);
926 if (!s) { 922 if (!s) {
927 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " 923 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
928 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); 924 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
929 rc = -ENOMEM; 925 rc = -ENOMEM;
930 goto out; 926 goto out;
931 } 927 }
932 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
933 if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { 928 if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
934 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " 929 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
935 "at least [%d]\n", __func__, max_packet_size, 930 "at least [%d]\n", __func__, max_packet_size,
@@ -992,7 +987,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
992 rc); 987 rc);
993 goto out; 988 goto out;
994 } 989 }
995 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, 990 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm,
996 &s->tfm_mutex, 991 &s->tfm_mutex,
997 s->cipher_string); 992 s->cipher_string);
998 if (unlikely(rc)) { 993 if (unlikely(rc)) {
@@ -1030,12 +1025,23 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1030 __func__, rc, s->block_aligned_filename_size); 1025 __func__, rc, s->block_aligned_filename_size);
1031 goto out_free_unlock; 1026 goto out_free_unlock;
1032 } 1027 }
1028
1029 s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
1030 if (!s->skcipher_req) {
1031 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1032 "skcipher_request_alloc for %s\n", __func__,
1033 crypto_skcipher_driver_name(s->skcipher_tfm));
1034 rc = -ENOMEM;
1035 goto out_free_unlock;
1036 }
1037
1038 skcipher_request_set_callback(s->skcipher_req,
1039 CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1040
1033 /* The characters in the first block effectively do the job of 1041 /* The characters in the first block effectively do the job of
1034 * the IV here, so we just use 0's for the IV. Note the 1042 * the IV here, so we just use 0's for the IV. Note the
1035 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 1043 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1036 * >= ECRYPTFS_MAX_IV_BYTES. */ 1044 * >= ECRYPTFS_MAX_IV_BYTES. */
1037 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
1038 s->desc.info = s->iv;
1039 /* TODO: Support other key modules than passphrase for 1045 /* TODO: Support other key modules than passphrase for
1040 * filename encryption */ 1046 * filename encryption */
1041 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 1047 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
@@ -1044,8 +1050,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1044 "password tokens\n", __func__); 1050 "password tokens\n", __func__);
1045 goto out_free_unlock; 1051 goto out_free_unlock;
1046 } 1052 }
1047 rc = crypto_blkcipher_setkey( 1053 rc = crypto_skcipher_setkey(
1048 s->desc.tfm, 1054 s->skcipher_tfm,
1049 s->auth_tok->token.password.session_key_encryption_key, 1055 s->auth_tok->token.password.session_key_encryption_key,
1050 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1056 mount_crypt_stat->global_default_fn_cipher_key_bytes);
1051 if (rc < 0) { 1057 if (rc < 0) {
@@ -1058,14 +1064,14 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1058 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1064 mount_crypt_stat->global_default_fn_cipher_key_bytes);
1059 goto out_free_unlock; 1065 goto out_free_unlock;
1060 } 1066 }
1061 rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, 1067 skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
1062 s->block_aligned_filename_size); 1068 s->block_aligned_filename_size, s->iv);
1069 rc = crypto_skcipher_decrypt(s->skcipher_req);
1063 if (rc) { 1070 if (rc) {
1064 printk(KERN_ERR "%s: Error attempting to decrypt filename; " 1071 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1065 "rc = [%d]\n", __func__, rc); 1072 "rc = [%d]\n", __func__, rc);
1066 goto out_free_unlock; 1073 goto out_free_unlock;
1067 } 1074 }
1068 s->i = 0;
1069 while (s->decrypted_filename[s->i] != '\0' 1075 while (s->decrypted_filename[s->i] != '\0'
1070 && s->i < s->block_aligned_filename_size) 1076 && s->i < s->block_aligned_filename_size)
1071 s->i++; 1077 s->i++;
@@ -1108,6 +1114,7 @@ out:
1108 up_write(&(auth_tok_key->sem)); 1114 up_write(&(auth_tok_key->sem));
1109 key_put(auth_tok_key); 1115 key_put(auth_tok_key);
1110 } 1116 }
1117 skcipher_request_free(s->skcipher_req);
1111 kfree(s); 1118 kfree(s);
1112 return rc; 1119 return rc;
1113} 1120}
@@ -1667,9 +1674,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1667 struct scatterlist dst_sg[2]; 1674 struct scatterlist dst_sg[2];
1668 struct scatterlist src_sg[2]; 1675 struct scatterlist src_sg[2];
1669 struct mutex *tfm_mutex; 1676 struct mutex *tfm_mutex;
1670 struct blkcipher_desc desc = { 1677 struct crypto_skcipher *tfm;
1671 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 1678 struct skcipher_request *req = NULL;
1672 };
1673 int rc = 0; 1679 int rc = 0;
1674 1680
1675 if (unlikely(ecryptfs_verbosity > 0)) { 1681 if (unlikely(ecryptfs_verbosity > 0)) {
@@ -1680,7 +1686,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1680 auth_tok->token.password.session_key_encryption_key, 1686 auth_tok->token.password.session_key_encryption_key,
1681 auth_tok->token.password.session_key_encryption_key_bytes); 1687 auth_tok->token.password.session_key_encryption_key_bytes);
1682 } 1688 }
1683 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 1689 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
1684 crypt_stat->cipher); 1690 crypt_stat->cipher);
1685 if (unlikely(rc)) { 1691 if (unlikely(rc)) {
1686 printk(KERN_ERR "Internal error whilst attempting to get " 1692 printk(KERN_ERR "Internal error whilst attempting to get "
@@ -1711,8 +1717,20 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1711 goto out; 1717 goto out;
1712 } 1718 }
1713 mutex_lock(tfm_mutex); 1719 mutex_lock(tfm_mutex);
1714 rc = crypto_blkcipher_setkey( 1720 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1715 desc.tfm, auth_tok->token.password.session_key_encryption_key, 1721 if (!req) {
1722 mutex_unlock(tfm_mutex);
1723 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1724 "skcipher_request_alloc for %s\n", __func__,
1725 crypto_skcipher_driver_name(tfm));
1726 rc = -ENOMEM;
1727 goto out;
1728 }
1729
1730 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1731 NULL, NULL);
1732 rc = crypto_skcipher_setkey(
1733 tfm, auth_tok->token.password.session_key_encryption_key,
1716 crypt_stat->key_size); 1734 crypt_stat->key_size);
1717 if (unlikely(rc < 0)) { 1735 if (unlikely(rc < 0)) {
1718 mutex_unlock(tfm_mutex); 1736 mutex_unlock(tfm_mutex);
@@ -1720,8 +1738,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1720 rc = -EINVAL; 1738 rc = -EINVAL;
1721 goto out; 1739 goto out;
1722 } 1740 }
1723 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, 1741 skcipher_request_set_crypt(req, src_sg, dst_sg,
1724 auth_tok->session_key.encrypted_key_size); 1742 auth_tok->session_key.encrypted_key_size,
1743 NULL);
1744 rc = crypto_skcipher_decrypt(req);
1725 mutex_unlock(tfm_mutex); 1745 mutex_unlock(tfm_mutex);
1726 if (unlikely(rc)) { 1746 if (unlikely(rc)) {
1727 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); 1747 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
@@ -1738,6 +1758,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1738 crypt_stat->key_size); 1758 crypt_stat->key_size);
1739 } 1759 }
1740out: 1760out:
1761 skcipher_request_free(req);
1741 return rc; 1762 return rc;
1742} 1763}
1743 1764
@@ -2191,16 +2212,14 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2191 size_t max_packet_size; 2212 size_t max_packet_size;
2192 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 2213 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2193 crypt_stat->mount_crypt_stat; 2214 crypt_stat->mount_crypt_stat;
2194 struct blkcipher_desc desc = { 2215 struct crypto_skcipher *tfm;
2195 .tfm = NULL, 2216 struct skcipher_request *req;
2196 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
2197 };
2198 int rc = 0; 2217 int rc = 0;
2199 2218
2200 (*packet_size) = 0; 2219 (*packet_size) = 0;
2201 ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, 2220 ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2202 ECRYPTFS_SIG_SIZE); 2221 ECRYPTFS_SIG_SIZE);
2203 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 2222 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2204 crypt_stat->cipher); 2223 crypt_stat->cipher);
2205 if (unlikely(rc)) { 2224 if (unlikely(rc)) {
2206 printk(KERN_ERR "Internal error whilst attempting to get " 2225 printk(KERN_ERR "Internal error whilst attempting to get "
@@ -2209,12 +2228,11 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2209 goto out; 2228 goto out;
2210 } 2229 }
2211 if (mount_crypt_stat->global_default_cipher_key_size == 0) { 2230 if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2212 struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2213
2214 printk(KERN_WARNING "No key size specified at mount; " 2231 printk(KERN_WARNING "No key size specified at mount; "
2215 "defaulting to [%d]\n", alg->max_keysize); 2232 "defaulting to [%d]\n",
2233 crypto_skcipher_default_keysize(tfm));
2216 mount_crypt_stat->global_default_cipher_key_size = 2234 mount_crypt_stat->global_default_cipher_key_size =
2217 alg->max_keysize; 2235 crypto_skcipher_default_keysize(tfm);
2218 } 2236 }
2219 if (crypt_stat->key_size == 0) 2237 if (crypt_stat->key_size == 0)
2220 crypt_stat->key_size = 2238 crypt_stat->key_size =
@@ -2284,20 +2302,36 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2284 goto out; 2302 goto out;
2285 } 2303 }
2286 mutex_lock(tfm_mutex); 2304 mutex_lock(tfm_mutex);
2287 rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, 2305 rc = crypto_skcipher_setkey(tfm, session_key_encryption_key,
2288 crypt_stat->key_size); 2306 crypt_stat->key_size);
2289 if (rc < 0) { 2307 if (rc < 0) {
2290 mutex_unlock(tfm_mutex); 2308 mutex_unlock(tfm_mutex);
2291 ecryptfs_printk(KERN_ERR, "Error setting key for crypto " 2309 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2292 "context; rc = [%d]\n", rc); 2310 "context; rc = [%d]\n", rc);
2293 goto out; 2311 goto out;
2294 } 2312 }
2313
2314 req = skcipher_request_alloc(tfm, GFP_KERNEL);
2315 if (!req) {
2316 mutex_unlock(tfm_mutex);
2317 ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst "
2318 "attempting to skcipher_request_alloc for "
2319 "%s\n", crypto_skcipher_driver_name(tfm));
2320 rc = -ENOMEM;
2321 goto out;
2322 }
2323
2324 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
2325 NULL, NULL);
2326
2295 rc = 0; 2327 rc = 0;
2296 ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n", 2328 ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2297 crypt_stat->key_size); 2329 crypt_stat->key_size);
2298 rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, 2330 skcipher_request_set_crypt(req, src_sg, dst_sg,
2299 (*key_rec).enc_key_size); 2331 (*key_rec).enc_key_size, NULL);
2332 rc = crypto_skcipher_encrypt(req);
2300 mutex_unlock(tfm_mutex); 2333 mutex_unlock(tfm_mutex);
2334 skcipher_request_free(req);
2301 if (rc) { 2335 if (rc) {
2302 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); 2336 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2303 goto out; 2337 goto out;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index e25b6b06bacf..8b0b4a73116d 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -29,7 +29,6 @@
29#include <linux/module.h> 29#include <linux/module.h>
30#include <linux/namei.h> 30#include <linux/namei.h>
31#include <linux/skbuff.h> 31#include <linux/skbuff.h>
32#include <linux/crypto.h>
33#include <linux/mount.h> 32#include <linux/mount.h>
34#include <linux/pagemap.h> 33#include <linux/pagemap.h>
35#include <linux/key.h> 34#include <linux/key.h>
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index c6ced4cbf0cf..1f5865263b3e 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -30,7 +30,6 @@
30#include <linux/page-flags.h> 30#include <linux/page-flags.h>
31#include <linux/mount.h> 31#include <linux/mount.h>
32#include <linux/file.h> 32#include <linux/file.h>
33#include <linux/crypto.h>
34#include <linux/scatterlist.h> 33#include <linux/scatterlist.h>
35#include <linux/slab.h> 34#include <linux/slab.h>
36#include <asm/unaligned.h> 35#include <asm/unaligned.h>
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index afa1b81c3418..77a486d3a51b 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -29,7 +29,6 @@
29#include <linux/slab.h> 29#include <linux/slab.h>
30#include <linux/seq_file.h> 30#include <linux/seq_file.h>
31#include <linux/file.h> 31#include <linux/file.h>
32#include <linux/crypto.h>
33#include <linux/statfs.h> 32#include <linux/statfs.h>
34#include <linux/magic.h> 33#include <linux/magic.h>
35#include "ecryptfs_kernel.h" 34#include "ecryptfs_kernel.h"
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 16:38:10 -0500