aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/keystore.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/keystore.c')
-rw-r--r--fs/ecryptfs/keystore.c224
1 files changed, 128 insertions, 96 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 6bd67e2011f0..9893d1538122 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -25,11 +25,12 @@
25 * 02111-1307, USA. 25 * 02111-1307, USA.
26 */ 26 */
27 27
28#include <crypto/hash.h>
29#include <crypto/skcipher.h>
28#include <linux/string.h> 30#include <linux/string.h>
29#include <linux/pagemap.h> 31#include <linux/pagemap.h>
30#include <linux/key.h> 32#include <linux/key.h>
31#include <linux/random.h> 33#include <linux/random.h>
32#include <linux/crypto.h>
33#include <linux/scatterlist.h> 34#include <linux/scatterlist.h>
34#include <linux/slab.h> 35#include <linux/slab.h>
35#include "ecryptfs_kernel.h" 36#include "ecryptfs_kernel.h"
@@ -601,12 +602,13 @@ struct ecryptfs_write_tag_70_packet_silly_stack {
601 struct ecryptfs_auth_tok *auth_tok; 602 struct ecryptfs_auth_tok *auth_tok;
602 struct scatterlist src_sg[2]; 603 struct scatterlist src_sg[2];
603 struct scatterlist dst_sg[2]; 604 struct scatterlist dst_sg[2];
604 struct blkcipher_desc desc; 605 struct crypto_skcipher *skcipher_tfm;
606 struct skcipher_request *skcipher_req;
605 char iv[ECRYPTFS_MAX_IV_BYTES]; 607 char iv[ECRYPTFS_MAX_IV_BYTES];
606 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 608 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
607 char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 609 char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
608 struct hash_desc hash_desc; 610 struct crypto_shash *hash_tfm;
609 struct scatterlist hash_sg; 611 struct shash_desc *hash_desc;
610}; 612};
611 613
612/** 614/**
@@ -629,14 +631,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
629 struct key *auth_tok_key = NULL; 631 struct key *auth_tok_key = NULL;
630 int rc = 0; 632 int rc = 0;
631 633
632 s = kmalloc(sizeof(*s), GFP_KERNEL); 634 s = kzalloc(sizeof(*s), GFP_KERNEL);
633 if (!s) { 635 if (!s) {
634 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " 636 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
635 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); 637 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
636 rc = -ENOMEM; 638 return -ENOMEM;
637 goto out;
638 } 639 }
639 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
640 (*packet_size) = 0; 640 (*packet_size) = 0;
641 rc = ecryptfs_find_auth_tok_for_sig( 641 rc = ecryptfs_find_auth_tok_for_sig(
642 &auth_tok_key, 642 &auth_tok_key,
@@ -649,7 +649,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
649 goto out; 649 goto out;
650 } 650 }
651 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( 651 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
652 &s->desc.tfm, 652 &s->skcipher_tfm,
653 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); 653 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
654 if (unlikely(rc)) { 654 if (unlikely(rc)) {
655 printk(KERN_ERR "Internal error whilst attempting to get " 655 printk(KERN_ERR "Internal error whilst attempting to get "
@@ -658,7 +658,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
658 goto out; 658 goto out;
659 } 659 }
660 mutex_lock(s->tfm_mutex); 660 mutex_lock(s->tfm_mutex);
661 s->block_size = crypto_blkcipher_blocksize(s->desc.tfm); 661 s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm);
662 /* Plus one for the \0 separator between the random prefix 662 /* Plus one for the \0 separator between the random prefix
663 * and the plaintext filename */ 663 * and the plaintext filename */
664 s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1); 664 s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
@@ -691,6 +691,19 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
691 rc = -EINVAL; 691 rc = -EINVAL;
692 goto out_unlock; 692 goto out_unlock;
693 } 693 }
694
695 s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
696 if (!s->skcipher_req) {
697 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
698 "skcipher_request_alloc for %s\n", __func__,
699 crypto_skcipher_driver_name(s->skcipher_tfm));
700 rc = -ENOMEM;
701 goto out_unlock;
702 }
703
704 skcipher_request_set_callback(s->skcipher_req,
705 CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
706
694 s->block_aligned_filename = kzalloc(s->block_aligned_filename_size, 707 s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
695 GFP_KERNEL); 708 GFP_KERNEL);
696 if (!s->block_aligned_filename) { 709 if (!s->block_aligned_filename) {
@@ -700,7 +713,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
700 rc = -ENOMEM; 713 rc = -ENOMEM;
701 goto out_unlock; 714 goto out_unlock;
702 } 715 }
703 s->i = 0;
704 dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE; 716 dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
705 rc = ecryptfs_write_packet_length(&dest[s->i], 717 rc = ecryptfs_write_packet_length(&dest[s->i],
706 (ECRYPTFS_SIG_SIZE 718 (ECRYPTFS_SIG_SIZE
@@ -738,40 +750,36 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
738 "password tokens\n", __func__); 750 "password tokens\n", __func__);
739 goto out_free_unlock; 751 goto out_free_unlock;
740 } 752 }
741 sg_init_one( 753 s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0);
742 &s->hash_sg, 754 if (IS_ERR(s->hash_tfm)) {
743 (u8 *)s->auth_tok->token.password.session_key_encryption_key, 755 rc = PTR_ERR(s->hash_tfm);
744 s->auth_tok->token.password.session_key_encryption_key_bytes);
745 s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
746 s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
747 CRYPTO_ALG_ASYNC);
748 if (IS_ERR(s->hash_desc.tfm)) {
749 rc = PTR_ERR(s->hash_desc.tfm);
750 printk(KERN_ERR "%s: Error attempting to " 756 printk(KERN_ERR "%s: Error attempting to "
751 "allocate hash crypto context; rc = [%d]\n", 757 "allocate hash crypto context; rc = [%d]\n",
752 __func__, rc); 758 __func__, rc);
753 goto out_free_unlock; 759 goto out_free_unlock;
754 } 760 }
755 rc = crypto_hash_init(&s->hash_desc); 761
756 if (rc) { 762 s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
757 printk(KERN_ERR 763 crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
758 "%s: Error initializing crypto hash; rc = [%d]\n", 764 if (!s->hash_desc) {
759 __func__, rc); 765 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
760 goto out_release_free_unlock; 766 "kmalloc [%zd] bytes\n", __func__,
761 } 767 sizeof(*s->hash_desc) +
762 rc = crypto_hash_update( 768 crypto_shash_descsize(s->hash_tfm));
763 &s->hash_desc, &s->hash_sg, 769 rc = -ENOMEM;
764 s->auth_tok->token.password.session_key_encryption_key_bytes);
765 if (rc) {
766 printk(KERN_ERR
767 "%s: Error updating crypto hash; rc = [%d]\n",
768 __func__, rc);
769 goto out_release_free_unlock; 770 goto out_release_free_unlock;
770 } 771 }
771 rc = crypto_hash_final(&s->hash_desc, s->hash); 772
773 s->hash_desc->tfm = s->hash_tfm;
774 s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
775
776 rc = crypto_shash_digest(s->hash_desc,
777 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
778 s->auth_tok->token.password.session_key_encryption_key_bytes,
779 s->hash);
772 if (rc) { 780 if (rc) {
773 printk(KERN_ERR 781 printk(KERN_ERR
774 "%s: Error finalizing crypto hash; rc = [%d]\n", 782 "%s: Error computing crypto hash; rc = [%d]\n",
775 __func__, rc); 783 __func__, rc);
776 goto out_release_free_unlock; 784 goto out_release_free_unlock;
777 } 785 }
@@ -780,27 +788,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
780 s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)]; 788 s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
781 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE) 789 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
782 == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) { 790 == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
783 sg_init_one(&s->hash_sg, (u8 *)s->hash, 791 rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash,
784 ECRYPTFS_TAG_70_DIGEST_SIZE); 792 ECRYPTFS_TAG_70_DIGEST_SIZE,
785 rc = crypto_hash_init(&s->hash_desc); 793 s->tmp_hash);
786 if (rc) {
787 printk(KERN_ERR
788 "%s: Error initializing crypto hash; "
789 "rc = [%d]\n", __func__, rc);
790 goto out_release_free_unlock;
791 }
792 rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
793 ECRYPTFS_TAG_70_DIGEST_SIZE);
794 if (rc) { 794 if (rc) {
795 printk(KERN_ERR 795 printk(KERN_ERR
796 "%s: Error updating crypto hash; " 796 "%s: Error computing crypto hash; "
797 "rc = [%d]\n", __func__, rc);
798 goto out_release_free_unlock;
799 }
800 rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
801 if (rc) {
802 printk(KERN_ERR
803 "%s: Error finalizing crypto hash; "
804 "rc = [%d]\n", __func__, rc); 797 "rc = [%d]\n", __func__, rc);
805 goto out_release_free_unlock; 798 goto out_release_free_unlock;
806 } 799 }
@@ -834,10 +827,8 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
834 * of the IV here, so we just use 0's for the IV. Note the 827 * of the IV here, so we just use 0's for the IV. Note the
835 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 828 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
836 * >= ECRYPTFS_MAX_IV_BYTES. */ 829 * >= ECRYPTFS_MAX_IV_BYTES. */
837 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); 830 rc = crypto_skcipher_setkey(
838 s->desc.info = s->iv; 831 s->skcipher_tfm,
839 rc = crypto_blkcipher_setkey(
840 s->desc.tfm,
841 s->auth_tok->token.password.session_key_encryption_key, 832 s->auth_tok->token.password.session_key_encryption_key,
842 mount_crypt_stat->global_default_fn_cipher_key_bytes); 833 mount_crypt_stat->global_default_fn_cipher_key_bytes);
843 if (rc < 0) { 834 if (rc < 0) {
@@ -850,8 +841,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
850 mount_crypt_stat->global_default_fn_cipher_key_bytes); 841 mount_crypt_stat->global_default_fn_cipher_key_bytes);
851 goto out_release_free_unlock; 842 goto out_release_free_unlock;
852 } 843 }
853 rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, 844 skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
854 s->block_aligned_filename_size); 845 s->block_aligned_filename_size, s->iv);
846 rc = crypto_skcipher_encrypt(s->skcipher_req);
855 if (rc) { 847 if (rc) {
856 printk(KERN_ERR "%s: Error attempting to encrypt filename; " 848 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
857 "rc = [%d]\n", __func__, rc); 849 "rc = [%d]\n", __func__, rc);
@@ -861,7 +853,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
861 (*packet_size) = s->i; 853 (*packet_size) = s->i;
862 (*remaining_bytes) -= (*packet_size); 854 (*remaining_bytes) -= (*packet_size);
863out_release_free_unlock: 855out_release_free_unlock:
864 crypto_free_hash(s->hash_desc.tfm); 856 crypto_free_shash(s->hash_tfm);
865out_free_unlock: 857out_free_unlock:
866 kzfree(s->block_aligned_filename); 858 kzfree(s->block_aligned_filename);
867out_unlock: 859out_unlock:
@@ -871,6 +863,8 @@ out:
871 up_write(&(auth_tok_key->sem)); 863 up_write(&(auth_tok_key->sem));
872 key_put(auth_tok_key); 864 key_put(auth_tok_key);
873 } 865 }
866 skcipher_request_free(s->skcipher_req);
867 kzfree(s->hash_desc);
874 kfree(s); 868 kfree(s);
875 return rc; 869 return rc;
876} 870}
@@ -888,7 +882,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack {
888 struct ecryptfs_auth_tok *auth_tok; 882 struct ecryptfs_auth_tok *auth_tok;
889 struct scatterlist src_sg[2]; 883 struct scatterlist src_sg[2];
890 struct scatterlist dst_sg[2]; 884 struct scatterlist dst_sg[2];
891 struct blkcipher_desc desc; 885 struct crypto_skcipher *skcipher_tfm;
886 struct skcipher_request *skcipher_req;
892 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; 887 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
893 char iv[ECRYPTFS_MAX_IV_BYTES]; 888 char iv[ECRYPTFS_MAX_IV_BYTES];
894 char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; 889 char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
@@ -922,14 +917,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
922 (*packet_size) = 0; 917 (*packet_size) = 0;
923 (*filename_size) = 0; 918 (*filename_size) = 0;
924 (*filename) = NULL; 919 (*filename) = NULL;
925 s = kmalloc(sizeof(*s), GFP_KERNEL); 920 s = kzalloc(sizeof(*s), GFP_KERNEL);
926 if (!s) { 921 if (!s) {
927 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " 922 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
928 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); 923 "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
929 rc = -ENOMEM; 924 return -ENOMEM;
930 goto out;
931 } 925 }
932 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
933 if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { 926 if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
934 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " 927 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
935 "at least [%d]\n", __func__, max_packet_size, 928 "at least [%d]\n", __func__, max_packet_size,
@@ -992,7 +985,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
992 rc); 985 rc);
993 goto out; 986 goto out;
994 } 987 }
995 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, 988 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm,
996 &s->tfm_mutex, 989 &s->tfm_mutex,
997 s->cipher_string); 990 s->cipher_string);
998 if (unlikely(rc)) { 991 if (unlikely(rc)) {
@@ -1030,12 +1023,23 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1030 __func__, rc, s->block_aligned_filename_size); 1023 __func__, rc, s->block_aligned_filename_size);
1031 goto out_free_unlock; 1024 goto out_free_unlock;
1032 } 1025 }
1026
1027 s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
1028 if (!s->skcipher_req) {
1029 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1030 "skcipher_request_alloc for %s\n", __func__,
1031 crypto_skcipher_driver_name(s->skcipher_tfm));
1032 rc = -ENOMEM;
1033 goto out_free_unlock;
1034 }
1035
1036 skcipher_request_set_callback(s->skcipher_req,
1037 CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1038
1033 /* The characters in the first block effectively do the job of 1039 /* The characters in the first block effectively do the job of
1034 * the IV here, so we just use 0's for the IV. Note the 1040 * the IV here, so we just use 0's for the IV. Note the
1035 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 1041 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1036 * >= ECRYPTFS_MAX_IV_BYTES. */ 1042 * >= ECRYPTFS_MAX_IV_BYTES. */
1037 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
1038 s->desc.info = s->iv;
1039 /* TODO: Support other key modules than passphrase for 1043 /* TODO: Support other key modules than passphrase for
1040 * filename encryption */ 1044 * filename encryption */
1041 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 1045 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
@@ -1044,8 +1048,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1044 "password tokens\n", __func__); 1048 "password tokens\n", __func__);
1045 goto out_free_unlock; 1049 goto out_free_unlock;
1046 } 1050 }
1047 rc = crypto_blkcipher_setkey( 1051 rc = crypto_skcipher_setkey(
1048 s->desc.tfm, 1052 s->skcipher_tfm,
1049 s->auth_tok->token.password.session_key_encryption_key, 1053 s->auth_tok->token.password.session_key_encryption_key,
1050 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1054 mount_crypt_stat->global_default_fn_cipher_key_bytes);
1051 if (rc < 0) { 1055 if (rc < 0) {
@@ -1058,14 +1062,14 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1058 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1062 mount_crypt_stat->global_default_fn_cipher_key_bytes);
1059 goto out_free_unlock; 1063 goto out_free_unlock;
1060 } 1064 }
1061 rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, 1065 skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
1062 s->block_aligned_filename_size); 1066 s->block_aligned_filename_size, s->iv);
1067 rc = crypto_skcipher_decrypt(s->skcipher_req);
1063 if (rc) { 1068 if (rc) {
1064 printk(KERN_ERR "%s: Error attempting to decrypt filename; " 1069 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1065 "rc = [%d]\n", __func__, rc); 1070 "rc = [%d]\n", __func__, rc);
1066 goto out_free_unlock; 1071 goto out_free_unlock;
1067 } 1072 }
1068 s->i = 0;
1069 while (s->decrypted_filename[s->i] != '\0' 1073 while (s->decrypted_filename[s->i] != '\0'
1070 && s->i < s->block_aligned_filename_size) 1074 && s->i < s->block_aligned_filename_size)
1071 s->i++; 1075 s->i++;
@@ -1108,6 +1112,7 @@ out:
1108 up_write(&(auth_tok_key->sem)); 1112 up_write(&(auth_tok_key->sem));
1109 key_put(auth_tok_key); 1113 key_put(auth_tok_key);
1110 } 1114 }
1115 skcipher_request_free(s->skcipher_req);
1111 kfree(s); 1116 kfree(s);
1112 return rc; 1117 return rc;
1113} 1118}
@@ -1667,9 +1672,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1667 struct scatterlist dst_sg[2]; 1672 struct scatterlist dst_sg[2];
1668 struct scatterlist src_sg[2]; 1673 struct scatterlist src_sg[2];
1669 struct mutex *tfm_mutex; 1674 struct mutex *tfm_mutex;
1670 struct blkcipher_desc desc = { 1675 struct crypto_skcipher *tfm;
1671 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 1676 struct skcipher_request *req = NULL;
1672 };
1673 int rc = 0; 1677 int rc = 0;
1674 1678
1675 if (unlikely(ecryptfs_verbosity > 0)) { 1679 if (unlikely(ecryptfs_verbosity > 0)) {
@@ -1680,7 +1684,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1680 auth_tok->token.password.session_key_encryption_key, 1684 auth_tok->token.password.session_key_encryption_key,
1681 auth_tok->token.password.session_key_encryption_key_bytes); 1685 auth_tok->token.password.session_key_encryption_key_bytes);
1682 } 1686 }
1683 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 1687 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
1684 crypt_stat->cipher); 1688 crypt_stat->cipher);
1685 if (unlikely(rc)) { 1689 if (unlikely(rc)) {
1686 printk(KERN_ERR "Internal error whilst attempting to get " 1690 printk(KERN_ERR "Internal error whilst attempting to get "
@@ -1711,8 +1715,20 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1711 goto out; 1715 goto out;
1712 } 1716 }
1713 mutex_lock(tfm_mutex); 1717 mutex_lock(tfm_mutex);
1714 rc = crypto_blkcipher_setkey( 1718 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1715 desc.tfm, auth_tok->token.password.session_key_encryption_key, 1719 if (!req) {
1720 mutex_unlock(tfm_mutex);
1721 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1722 "skcipher_request_alloc for %s\n", __func__,
1723 crypto_skcipher_driver_name(tfm));
1724 rc = -ENOMEM;
1725 goto out;
1726 }
1727
1728 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1729 NULL, NULL);
1730 rc = crypto_skcipher_setkey(
1731 tfm, auth_tok->token.password.session_key_encryption_key,
1716 crypt_stat->key_size); 1732 crypt_stat->key_size);
1717 if (unlikely(rc < 0)) { 1733 if (unlikely(rc < 0)) {
1718 mutex_unlock(tfm_mutex); 1734 mutex_unlock(tfm_mutex);
@@ -1720,8 +1736,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1720 rc = -EINVAL; 1736 rc = -EINVAL;
1721 goto out; 1737 goto out;
1722 } 1738 }
1723 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, 1739 skcipher_request_set_crypt(req, src_sg, dst_sg,
1724 auth_tok->session_key.encrypted_key_size); 1740 auth_tok->session_key.encrypted_key_size,
1741 NULL);
1742 rc = crypto_skcipher_decrypt(req);
1725 mutex_unlock(tfm_mutex); 1743 mutex_unlock(tfm_mutex);
1726 if (unlikely(rc)) { 1744 if (unlikely(rc)) {
1727 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); 1745 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
@@ -1738,6 +1756,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1738 crypt_stat->key_size); 1756 crypt_stat->key_size);
1739 } 1757 }
1740out: 1758out:
1759 skcipher_request_free(req);
1741 return rc; 1760 return rc;
1742} 1761}
1743 1762
@@ -2191,16 +2210,14 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2191 size_t max_packet_size; 2210 size_t max_packet_size;
2192 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 2211 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2193 crypt_stat->mount_crypt_stat; 2212 crypt_stat->mount_crypt_stat;
2194 struct blkcipher_desc desc = { 2213 struct crypto_skcipher *tfm;
2195 .tfm = NULL, 2214 struct skcipher_request *req;
2196 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
2197 };
2198 int rc = 0; 2215 int rc = 0;
2199 2216
2200 (*packet_size) = 0; 2217 (*packet_size) = 0;
2201 ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, 2218 ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2202 ECRYPTFS_SIG_SIZE); 2219 ECRYPTFS_SIG_SIZE);
2203 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 2220 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2204 crypt_stat->cipher); 2221 crypt_stat->cipher);
2205 if (unlikely(rc)) { 2222 if (unlikely(rc)) {
2206 printk(KERN_ERR "Internal error whilst attempting to get " 2223 printk(KERN_ERR "Internal error whilst attempting to get "
@@ -2209,12 +2226,11 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2209 goto out; 2226 goto out;
2210 } 2227 }
2211 if (mount_crypt_stat->global_default_cipher_key_size == 0) { 2228 if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2212 struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2213
2214 printk(KERN_WARNING "No key size specified at mount; " 2229 printk(KERN_WARNING "No key size specified at mount; "
2215 "defaulting to [%d]\n", alg->max_keysize); 2230 "defaulting to [%d]\n",
2231 crypto_skcipher_default_keysize(tfm));
2216 mount_crypt_stat->global_default_cipher_key_size = 2232 mount_crypt_stat->global_default_cipher_key_size =
2217 alg->max_keysize; 2233 crypto_skcipher_default_keysize(tfm);
2218 } 2234 }
2219 if (crypt_stat->key_size == 0) 2235 if (crypt_stat->key_size == 0)
2220 crypt_stat->key_size = 2236 crypt_stat->key_size =
@@ -2284,20 +2300,36 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2284 goto out; 2300 goto out;
2285 } 2301 }
2286 mutex_lock(tfm_mutex); 2302 mutex_lock(tfm_mutex);
2287 rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, 2303 rc = crypto_skcipher_setkey(tfm, session_key_encryption_key,
2288 crypt_stat->key_size); 2304 crypt_stat->key_size);
2289 if (rc < 0) { 2305 if (rc < 0) {
2290 mutex_unlock(tfm_mutex); 2306 mutex_unlock(tfm_mutex);
2291 ecryptfs_printk(KERN_ERR, "Error setting key for crypto " 2307 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2292 "context; rc = [%d]\n", rc); 2308 "context; rc = [%d]\n", rc);
2293 goto out; 2309 goto out;
2294 } 2310 }
2311
2312 req = skcipher_request_alloc(tfm, GFP_KERNEL);
2313 if (!req) {
2314 mutex_unlock(tfm_mutex);
2315 ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst "
2316 "attempting to skcipher_request_alloc for "
2317 "%s\n", crypto_skcipher_driver_name(tfm));
2318 rc = -ENOMEM;
2319 goto out;
2320 }
2321
2322 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
2323 NULL, NULL);
2324
2295 rc = 0; 2325 rc = 0;
2296 ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n", 2326 ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2297 crypt_stat->key_size); 2327 crypt_stat->key_size);
2298 rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, 2328 skcipher_request_set_crypt(req, src_sg, dst_sg,
2299 (*key_rec).enc_key_size); 2329 (*key_rec).enc_key_size, NULL);
2330 rc = crypto_skcipher_encrypt(req);
2300 mutex_unlock(tfm_mutex); 2331 mutex_unlock(tfm_mutex);
2332 skcipher_request_free(req);
2301 if (rc) { 2333 if (rc) {
2302 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); 2334 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2303 goto out; 2335 goto out;
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-26 13:49:54 -0400