aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r--fs/ecryptfs/crypto.c134
1 files changed, 57 insertions, 77 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 80d6901493cf..64026e53722a 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -23,6 +23,8 @@
23 * 02111-1307, USA. 23 * 02111-1307, USA.
24 */ 24 */
25 25
26#include <crypto/hash.h>
27#include <crypto/skcipher.h>
26#include <linux/fs.h> 28#include <linux/fs.h>
27#include <linux/mount.h> 29#include <linux/mount.h>
28#include <linux/pagemap.h> 30#include <linux/pagemap.h>
@@ -30,7 +32,6 @@
30#include <linux/compiler.h> 32#include <linux/compiler.h>
31#include <linux/key.h> 33#include <linux/key.h>
32#include <linux/namei.h> 34#include <linux/namei.h>
33#include <linux/crypto.h>
34#include <linux/file.h> 35#include <linux/file.h>
35#include <linux/scatterlist.h> 36#include <linux/scatterlist.h>
36#include <linux/slab.h> 37#include <linux/slab.h>
@@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size)
74 } 75 }
75} 76}
76 77
78static int ecryptfs_hash_digest(struct crypto_shash *tfm,
79 char *src, int len, char *dst)
80{
81 SHASH_DESC_ON_STACK(desc, tfm);
82 int err;
83
84 desc->tfm = tfm;
85 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
86 err = crypto_shash_digest(desc, src, len, dst);
87 shash_desc_zero(desc);
88 return err;
89}
90
77/** 91/**
78 * ecryptfs_calculate_md5 - calculates the md5 of @src 92 * ecryptfs_calculate_md5 - calculates the md5 of @src
79 * @dst: Pointer to 16 bytes of allocated memory 93 * @dst: Pointer to 16 bytes of allocated memory
@@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst,
88 struct ecryptfs_crypt_stat *crypt_stat, 102 struct ecryptfs_crypt_stat *crypt_stat,
89 char *src, int len) 103 char *src, int len)
90{ 104{
91 struct scatterlist sg; 105 struct crypto_shash *tfm;
92 struct hash_desc desc = {
93 .tfm = crypt_stat->hash_tfm,
94 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
95 };
96 int rc = 0; 106 int rc = 0;
97 107
98 mutex_lock(&crypt_stat->cs_hash_tfm_mutex); 108 mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
99 sg_init_one(&sg, (u8 *)src, len); 109 tfm = crypt_stat->hash_tfm;
100 if (!desc.tfm) { 110 if (!tfm) {
101 desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, 111 tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
102 CRYPTO_ALG_ASYNC); 112 if (IS_ERR(tfm)) {
103 if (IS_ERR(desc.tfm)) { 113 rc = PTR_ERR(tfm);
104 rc = PTR_ERR(desc.tfm);
105 ecryptfs_printk(KERN_ERR, "Error attempting to " 114 ecryptfs_printk(KERN_ERR, "Error attempting to "
106 "allocate crypto context; rc = [%d]\n", 115 "allocate crypto context; rc = [%d]\n",
107 rc); 116 rc);
108 goto out; 117 goto out;
109 } 118 }
110 crypt_stat->hash_tfm = desc.tfm; 119 crypt_stat->hash_tfm = tfm;
111 }
112 rc = crypto_hash_init(&desc);
113 if (rc) {
114 printk(KERN_ERR
115 "%s: Error initializing crypto hash; rc = [%d]\n",
116 __func__, rc);
117 goto out;
118 } 120 }
119 rc = crypto_hash_update(&desc, &sg, len); 121 rc = ecryptfs_hash_digest(tfm, src, len, dst);
120 if (rc) { 122 if (rc) {
121 printk(KERN_ERR 123 printk(KERN_ERR
122 "%s: Error updating crypto hash; rc = [%d]\n", 124 "%s: Error computing crypto hash; rc = [%d]\n",
123 __func__, rc);
124 goto out;
125 }
126 rc = crypto_hash_final(&desc, dst);
127 if (rc) {
128 printk(KERN_ERR
129 "%s: Error finalizing crypto hash; rc = [%d]\n",
130 __func__, rc); 125 __func__, rc);
131 goto out; 126 goto out;
132 } 127 }
@@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
234{ 229{
235 struct ecryptfs_key_sig *key_sig, *key_sig_tmp; 230 struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
236 231
237 if (crypt_stat->tfm) 232 crypto_free_skcipher(crypt_stat->tfm);
238 crypto_free_ablkcipher(crypt_stat->tfm); 233 crypto_free_shash(crypt_stat->hash_tfm);
239 if (crypt_stat->hash_tfm)
240 crypto_free_hash(crypt_stat->hash_tfm);
241 list_for_each_entry_safe(key_sig, key_sig_tmp, 234 list_for_each_entry_safe(key_sig, key_sig_tmp,
242 &crypt_stat->keysig_list, crypt_stat_list) { 235 &crypt_stat->keysig_list, crypt_stat_list) {
243 list_del(&key_sig->crypt_stat_list); 236 list_del(&key_sig->crypt_stat_list);
@@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
342 struct scatterlist *src_sg, int size, 335 struct scatterlist *src_sg, int size,
343 unsigned char *iv, int op) 336 unsigned char *iv, int op)
344{ 337{
345 struct ablkcipher_request *req = NULL; 338 struct skcipher_request *req = NULL;
346 struct extent_crypt_result ecr; 339 struct extent_crypt_result ecr;
347 int rc = 0; 340 int rc = 0;
348 341
@@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
358 init_completion(&ecr.completion); 351 init_completion(&ecr.completion);
359 352
360 mutex_lock(&crypt_stat->cs_tfm_mutex); 353 mutex_lock(&crypt_stat->cs_tfm_mutex);
361 req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); 354 req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
362 if (!req) { 355 if (!req) {
363 mutex_unlock(&crypt_stat->cs_tfm_mutex); 356 mutex_unlock(&crypt_stat->cs_tfm_mutex);
364 rc = -ENOMEM; 357 rc = -ENOMEM;
365 goto out; 358 goto out;
366 } 359 }
367 360
368 ablkcipher_request_set_callback(req, 361 skcipher_request_set_callback(req,
369 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 362 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
370 extent_crypt_complete, &ecr); 363 extent_crypt_complete, &ecr);
371 /* Consider doing this once, when the file is opened */ 364 /* Consider doing this once, when the file is opened */
372 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { 365 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
373 rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, 366 rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key,
374 crypt_stat->key_size); 367 crypt_stat->key_size);
375 if (rc) { 368 if (rc) {
376 ecryptfs_printk(KERN_ERR, 369 ecryptfs_printk(KERN_ERR,
377 "Error setting key; rc = [%d]\n", 370 "Error setting key; rc = [%d]\n",
@@ -383,9 +376,9 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
383 crypt_stat->flags |= ECRYPTFS_KEY_SET; 376 crypt_stat->flags |= ECRYPTFS_KEY_SET;
384 } 377 }
385 mutex_unlock(&crypt_stat->cs_tfm_mutex); 378 mutex_unlock(&crypt_stat->cs_tfm_mutex);
386 ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); 379 skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv);
387 rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : 380 rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) :
388 crypto_ablkcipher_decrypt(req); 381 crypto_skcipher_decrypt(req);
389 if (rc == -EINPROGRESS || rc == -EBUSY) { 382 if (rc == -EINPROGRESS || rc == -EBUSY) {
390 struct extent_crypt_result *ecr = req->base.data; 383 struct extent_crypt_result *ecr = req->base.data;
391 384
@@ -394,7 +387,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
394 reinit_completion(&ecr->completion); 387 reinit_completion(&ecr->completion);
395 } 388 }
396out: 389out:
397 ablkcipher_request_free(req); 390 skcipher_request_free(req);
398 return rc; 391 return rc;
399} 392}
400 393
@@ -622,7 +615,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
622 crypt_stat->cipher, "cbc"); 615 crypt_stat->cipher, "cbc");
623 if (rc) 616 if (rc)
624 goto out_unlock; 617 goto out_unlock;
625 crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0); 618 crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0);
626 if (IS_ERR(crypt_stat->tfm)) { 619 if (IS_ERR(crypt_stat->tfm)) {
627 rc = PTR_ERR(crypt_stat->tfm); 620 rc = PTR_ERR(crypt_stat->tfm);
628 crypt_stat->tfm = NULL; 621 crypt_stat->tfm = NULL;
@@ -631,7 +624,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
631 full_alg_name); 624 full_alg_name);
632 goto out_free; 625 goto out_free;
633 } 626 }
634 crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); 627 crypto_skcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
635 rc = 0; 628 rc = 0;
636out_free: 629out_free:
637 kfree(full_alg_name); 630 kfree(full_alg_name);
@@ -1499,16 +1492,14 @@ out:
1499 */ 1492 */
1500static int 1493static int
1501ecryptfs_encrypt_filename(struct ecryptfs_filename *filename, 1494ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
1502 struct ecryptfs_crypt_stat *crypt_stat,
1503 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 1495 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
1504{ 1496{
1505 int rc = 0; 1497 int rc = 0;
1506 1498
1507 filename->encrypted_filename = NULL; 1499 filename->encrypted_filename = NULL;
1508 filename->encrypted_filename_size = 0; 1500 filename->encrypted_filename_size = 0;
1509 if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) 1501 if (mount_crypt_stat && (mount_crypt_stat->flags
1510 || (mount_crypt_stat && (mount_crypt_stat->flags 1502 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
1511 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
1512 size_t packet_size; 1503 size_t packet_size;
1513 size_t remaining_bytes; 1504 size_t remaining_bytes;
1514 1505
@@ -1591,7 +1582,7 @@ out:
1591 * event, regardless of whether this function succeeds for fails. 1582 * event, regardless of whether this function succeeds for fails.
1592 */ 1583 */
1593static int 1584static int
1594ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, 1585ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm,
1595 char *cipher_name, size_t *key_size) 1586 char *cipher_name, size_t *key_size)
1596{ 1587{
1597 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1588 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
@@ -1609,21 +1600,18 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
1609 "ecb"); 1600 "ecb");
1610 if (rc) 1601 if (rc)
1611 goto out; 1602 goto out;
1612 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); 1603 *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1613 if (IS_ERR(*key_tfm)) { 1604 if (IS_ERR(*key_tfm)) {
1614 rc = PTR_ERR(*key_tfm); 1605 rc = PTR_ERR(*key_tfm);
1615 printk(KERN_ERR "Unable to allocate crypto cipher with name " 1606 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1616 "[%s]; rc = [%d]\n", full_alg_name, rc); 1607 "[%s]; rc = [%d]\n", full_alg_name, rc);
1617 goto out; 1608 goto out;
1618 } 1609 }
1619 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); 1610 crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1620 if (*key_size == 0) { 1611 if (*key_size == 0)
1621 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); 1612 *key_size = crypto_skcipher_default_keysize(*key_tfm);
1622
1623 *key_size = alg->max_keysize;
1624 }
1625 get_random_bytes(dummy_key, *key_size); 1613 get_random_bytes(dummy_key, *key_size);
1626 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); 1614 rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size);
1627 if (rc) { 1615 if (rc) {
1628 printk(KERN_ERR "Error attempting to set key of size [%zd] for " 1616 printk(KERN_ERR "Error attempting to set key of size [%zd] for "
1629 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, 1617 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
@@ -1660,8 +1648,7 @@ int ecryptfs_destroy_crypto(void)
1660 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, 1648 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
1661 key_tfm_list) { 1649 key_tfm_list) {
1662 list_del(&key_tfm->key_tfm_list); 1650 list_del(&key_tfm->key_tfm_list);
1663 if (key_tfm->key_tfm) 1651 crypto_free_skcipher(key_tfm->key_tfm);
1664 crypto_free_blkcipher(key_tfm->key_tfm);
1665 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); 1652 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
1666 } 1653 }
1667 mutex_unlock(&key_tfm_list_mutex); 1654 mutex_unlock(&key_tfm_list_mutex);
@@ -1747,7 +1734,7 @@ int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
1747 * Searches for cached item first, and creates new if not found. 1734 * Searches for cached item first, and creates new if not found.
1748 * Returns 0 on success, non-zero if adding new cipher failed 1735 * Returns 0 on success, non-zero if adding new cipher failed
1749 */ 1736 */
1750int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, 1737int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm,
1751 struct mutex **tfm_mutex, 1738 struct mutex **tfm_mutex,
1752 char *cipher_name) 1739 char *cipher_name)
1753{ 1740{
@@ -1944,7 +1931,6 @@ out:
1944int ecryptfs_encrypt_and_encode_filename( 1931int ecryptfs_encrypt_and_encode_filename(
1945 char **encoded_name, 1932 char **encoded_name,
1946 size_t *encoded_name_size, 1933 size_t *encoded_name_size,
1947 struct ecryptfs_crypt_stat *crypt_stat,
1948 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 1934 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
1949 const char *name, size_t name_size) 1935 const char *name, size_t name_size)
1950{ 1936{
@@ -1953,9 +1939,8 @@ int ecryptfs_encrypt_and_encode_filename(
1953 1939
1954 (*encoded_name) = NULL; 1940 (*encoded_name) = NULL;
1955 (*encoded_name_size) = 0; 1941 (*encoded_name_size) = 0;
1956 if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES)) 1942 if (mount_crypt_stat && (mount_crypt_stat->flags
1957 || (mount_crypt_stat && (mount_crypt_stat->flags 1943 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
1958 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) {
1959 struct ecryptfs_filename *filename; 1944 struct ecryptfs_filename *filename;
1960 1945
1961 filename = kzalloc(sizeof(*filename), GFP_KERNEL); 1946 filename = kzalloc(sizeof(*filename), GFP_KERNEL);
@@ -1968,8 +1953,7 @@ int ecryptfs_encrypt_and_encode_filename(
1968 } 1953 }
1969 filename->filename = (char *)name; 1954 filename->filename = (char *)name;
1970 filename->filename_size = name_size; 1955 filename->filename_size = name_size;
1971 rc = ecryptfs_encrypt_filename(filename, crypt_stat, 1956 rc = ecryptfs_encrypt_filename(filename, mount_crypt_stat);
1972 mount_crypt_stat);
1973 if (rc) { 1957 if (rc) {
1974 printk(KERN_ERR "%s: Error attempting to encrypt " 1958 printk(KERN_ERR "%s: Error attempting to encrypt "
1975 "filename; rc = [%d]\n", __func__, rc); 1959 "filename; rc = [%d]\n", __func__, rc);
@@ -1980,11 +1964,9 @@ int ecryptfs_encrypt_and_encode_filename(
1980 NULL, &encoded_name_no_prefix_size, 1964 NULL, &encoded_name_no_prefix_size,
1981 filename->encrypted_filename, 1965 filename->encrypted_filename,
1982 filename->encrypted_filename_size); 1966 filename->encrypted_filename_size);
1983 if ((crypt_stat && (crypt_stat->flags 1967 if (mount_crypt_stat
1984 & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
1985 || (mount_crypt_stat
1986 && (mount_crypt_stat->flags 1968 && (mount_crypt_stat->flags
1987 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) 1969 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))
1988 (*encoded_name_size) = 1970 (*encoded_name_size) =
1989 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1971 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1990 + encoded_name_no_prefix_size); 1972 + encoded_name_no_prefix_size);
@@ -2002,11 +1984,9 @@ int ecryptfs_encrypt_and_encode_filename(
2002 kfree(filename); 1984 kfree(filename);
2003 goto out; 1985 goto out;
2004 } 1986 }
2005 if ((crypt_stat && (crypt_stat->flags 1987 if (mount_crypt_stat
2006 & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
2007 || (mount_crypt_stat
2008 && (mount_crypt_stat->flags 1988 && (mount_crypt_stat->flags
2009 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) { 1989 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
2010 memcpy((*encoded_name), 1990 memcpy((*encoded_name),
2011 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, 1991 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
2012 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE); 1992 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
@@ -2120,7 +2100,7 @@ out:
2120int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, 2100int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2121 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 2101 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
2122{ 2102{
2123 struct blkcipher_desc desc; 2103 struct crypto_skcipher *tfm;
2124 struct mutex *tfm_mutex; 2104 struct mutex *tfm_mutex;
2125 size_t cipher_blocksize; 2105 size_t cipher_blocksize;
2126 int rc; 2106 int rc;
@@ -2130,7 +2110,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2130 return 0; 2110 return 0;
2131 } 2111 }
2132 2112
2133 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 2113 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2134 mount_crypt_stat->global_default_fn_cipher_name); 2114 mount_crypt_stat->global_default_fn_cipher_name);
2135 if (unlikely(rc)) { 2115 if (unlikely(rc)) {
2136 (*namelen) = 0; 2116 (*namelen) = 0;
@@ -2138,7 +2118,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2138 } 2118 }
2139 2119
2140 mutex_lock(tfm_mutex); 2120 mutex_lock(tfm_mutex);
2141 cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); 2121 cipher_blocksize = crypto_skcipher_blocksize(tfm);
2142 mutex_unlock(tfm_mutex); 2122 mutex_unlock(tfm_mutex);
2143 2123
2144 /* Return an exact amount for the common cases */ 2124 /* Return an exact amount for the common cases */
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-26 05:30:56 -0400