aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2009-01-06 17:41:57 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-06 18:59:21 -0500
commit9c79f34f7ee71cd28272332b424ca64b2be006ab (patch)
tree1a818b78d8f0497c4b97a77a6464718dfaaf12c1
parent14bca6c39d8245a0313f55309bfeb6bf60cc17c8 (diff)
eCryptfs: Filename Encryption: Tag 70 packets
This patchset implements filename encryption via a passphrase-derived mount-wide Filename Encryption Key (FNEK) specified as a mount parameter. Each encrypted filename has a fixed prefix indicating that eCryptfs should try to decrypt the filename. When eCryptfs encounters this prefix, it decodes the filename into a tag 70 packet and then decrypts the packet contents using the FNEK, setting the filename to the decrypted filename. Both unencrypted and encrypted filenames can reside in the same lower filesystem. Because filename encryption expands the length of the filename during the encoding stage, eCryptfs will not properly handle filenames that are already near the maximum filename length. In the present implementation, eCryptfs must be able to produce a match against the lower encrypted and encoded filename representation when given a plaintext filename. Therefore, two files having the same plaintext name will encrypt and encode into the same lower filename if they are both encrypted using the same FNEK. This can be changed by finding a way to replace the prepended bytes in the blocked-aligned filename with random characters; they are hashes of the FNEK right now, so that it is possible to deterministically map from a plaintext filename to an encrypted and encoded filename in the lower filesystem. An implementation using random characters will have to decode and decrypt every single directory entry in any given directory any time an event occurs wherein the VFS needs to determine whether a particular file exists in the lower directory and the decrypted and decoded filenames have not yet been extracted for that directory. Thanks to Tyler Hicks and David Kleikamp for assistance in the development of this patchset. This patch: A tag 70 packet contains a filename encrypted with a Filename Encryption Key (FNEK). This patch implements functions for writing and parsing tag 70 packets. This patch also adds definitions and extends structures to support filename encryption. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Cc: Dustin Kirkland <dustin.kirkland@gmail.com> Cc: Eric Sandeen <sandeen@redhat.com> Cc: Tyler Hicks <tchicks@us.ibm.com> Cc: David Kleikamp <shaggy@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/ecryptfs/crypto.c11
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h38
-rw-r--r--fs/ecryptfs/keystore.c634
3 files changed, 613 insertions, 70 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 6046239465a1..485732751f09 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1149,19 +1149,20 @@ ecryptfs_cipher_code_str_map[] = {
1149 1149
1150/** 1150/**
1151 * ecryptfs_code_for_cipher_string 1151 * ecryptfs_code_for_cipher_string
1152 * @crypt_stat: The cryptographic context 1152 * @cipher_name: The string alias for the cipher
1153 * @key_bytes: Length of key in bytes; used for AES code selection
1153 * 1154 *
1154 * Returns zero on no match, or the cipher code on match 1155 * Returns zero on no match, or the cipher code on match
1155 */ 1156 */
1156u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat) 1157u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
1157{ 1158{
1158 int i; 1159 int i;
1159 u8 code = 0; 1160 u8 code = 0;
1160 struct ecryptfs_cipher_code_str_map_elem *map = 1161 struct ecryptfs_cipher_code_str_map_elem *map =
1161 ecryptfs_cipher_code_str_map; 1162 ecryptfs_cipher_code_str_map;
1162 1163
1163 if (strcmp(crypt_stat->cipher, "aes") == 0) { 1164 if (strcmp(cipher_name, "aes") == 0) {
1164 switch (crypt_stat->key_size) { 1165 switch (key_bytes) {
1165 case 16: 1166 case 16:
1166 code = RFC2440_CIPHER_AES_128; 1167 code = RFC2440_CIPHER_AES_128;
1167 break; 1168 break;
@@ -1173,7 +1174,7 @@ u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat)
1173 } 1174 }
1174 } else { 1175 } else {
1175 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) 1176 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
1176 if (strcmp(crypt_stat->cipher, map[i].cipher_str) == 0){ 1177 if (strcmp(cipher_name, map[i].cipher_str) == 0) {
1177 code = map[i].cipher_code; 1178 code = map[i].cipher_code;
1178 break; 1179 break;
1179 } 1180 }
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index a75026d35d16..76a95bd8819b 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -199,6 +199,7 @@ ecryptfs_get_key_payload_data(struct key *key)
199#define ECRYPTFS_DEFAULT_CIPHER "aes" 199#define ECRYPTFS_DEFAULT_CIPHER "aes"
200#define ECRYPTFS_DEFAULT_KEY_BYTES 16 200#define ECRYPTFS_DEFAULT_KEY_BYTES 16
201#define ECRYPTFS_DEFAULT_HASH "md5" 201#define ECRYPTFS_DEFAULT_HASH "md5"
202#define ECRYPTFS_TAG_70_DIGEST ECRYPTFS_DEFAULT_HASH
202#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01 203#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
203#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C 204#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
204#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED 205#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
@@ -206,7 +207,25 @@ ecryptfs_get_key_payload_data(struct key *key)
206#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41 207#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
207#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42 208#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
208#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43 209#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
210#define ECRYPTFS_TAG_70_PACKET_TYPE 0x46 /* FNEK-encrypted filename
211 * as dentry name */
212#define ECRYPTFS_TAG_71_PACKET_TYPE 0x47 /* FNEK-encrypted filename in
213 * metadata */
214#define ECRYPTFS_TAG_72_PACKET_TYPE 0x48 /* FEK-encrypted filename as
215 * dentry name */
216#define ECRYPTFS_TAG_73_PACKET_TYPE 0x49 /* FEK-encrypted filename as
217 * metadata */
218/* Constraint: ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES >=
219 * ECRYPTFS_MAX_IV_BYTES */
220#define ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 16
221#define ECRYPTFS_NON_NULL 0x42 /* A reasonable substitute for NULL */
209#define MD5_DIGEST_SIZE 16 222#define MD5_DIGEST_SIZE 16
223#define ECRYPTFS_TAG_70_DIGEST_SIZE MD5_DIGEST_SIZE
224#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FEK_ENCRYPTED."
225#define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE 23
226#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FNEK_ENCRYPTED."
227#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24
228#define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32)
210 229
211struct ecryptfs_key_sig { 230struct ecryptfs_key_sig {
212 struct list_head crypt_stat_list; 231 struct list_head crypt_stat_list;
@@ -332,13 +351,20 @@ struct ecryptfs_mount_crypt_stat {
332#define ECRYPTFS_XATTR_METADATA_ENABLED 0x00000002 351#define ECRYPTFS_XATTR_METADATA_ENABLED 0x00000002
333#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED 0x00000004 352#define ECRYPTFS_ENCRYPTED_VIEW_ENABLED 0x00000004
334#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED 0x00000008 353#define ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED 0x00000008
354#define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES 0x00000010
355#define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK 0x00000020
356#define ECRYPTFS_GLOBAL_ENCFN_USE_FEK 0x00000040
335 u32 flags; 357 u32 flags;
336 struct list_head global_auth_tok_list; 358 struct list_head global_auth_tok_list;
337 struct mutex global_auth_tok_list_mutex; 359 struct mutex global_auth_tok_list_mutex;
338 size_t num_global_auth_toks; 360 size_t num_global_auth_toks;
339 size_t global_default_cipher_key_size; 361 size_t global_default_cipher_key_size;
362 size_t global_default_fn_cipher_key_bytes;
340 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE 363 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
341 + 1]; 364 + 1];
365 unsigned char global_default_fn_cipher_name[
366 ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
367 char global_default_fnek_sig[ECRYPTFS_SIG_SIZE_HEX + 1];
342}; 368};
343 369
344/* superblock private data. */ 370/* superblock private data. */
@@ -599,7 +625,7 @@ int ecryptfs_read_and_validate_header_region(char *data,
599 struct inode *ecryptfs_inode); 625 struct inode *ecryptfs_inode);
600int ecryptfs_read_and_validate_xattr_region(char *page_virt, 626int ecryptfs_read_and_validate_xattr_region(char *page_virt,
601 struct dentry *ecryptfs_dentry); 627 struct dentry *ecryptfs_dentry);
602u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat); 628u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
603int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code); 629int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
604void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); 630void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
605int ecryptfs_generate_key_packet_set(char *dest_base, 631int ecryptfs_generate_key_packet_set(char *dest_base,
@@ -694,5 +720,15 @@ int ecryptfs_privileged_open(struct file **lower_file,
694 struct vfsmount *lower_mnt, 720 struct vfsmount *lower_mnt,
695 const struct cred *cred); 721 const struct cred *cred);
696int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); 722int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);
723int
724ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
725 size_t *packet_size,
726 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
727 char *filename, size_t filename_size);
728int
729ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
730 size_t *packet_size,
731 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
732 char *data, size_t max_packet_size);
697 733
698#endif /* #ifndef ECRYPTFS_KERNEL_H */ 734#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 0d713b691941..dafceb5560e5 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -403,6 +403,569 @@ out:
403} 403}
404 404
405static int 405static int
406ecryptfs_find_global_auth_tok_for_sig(
407 struct ecryptfs_global_auth_tok **global_auth_tok,
408 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
409{
410 struct ecryptfs_global_auth_tok *walker;
411 int rc = 0;
412
413 (*global_auth_tok) = NULL;
414 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
415 list_for_each_entry(walker,
416 &mount_crypt_stat->global_auth_tok_list,
417 mount_crypt_stat_list) {
418 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
419 (*global_auth_tok) = walker;
420 goto out;
421 }
422 }
423 rc = -EINVAL;
424out:
425 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
426 return rc;
427}
428
429/**
430 * ecryptfs_find_auth_tok_for_sig
431 * @auth_tok: Set to the matching auth_tok; NULL if not found
432 * @crypt_stat: inode crypt_stat crypto context
433 * @sig: Sig of auth_tok to find
434 *
435 * For now, this function simply looks at the registered auth_tok's
436 * linked off the mount_crypt_stat, so all the auth_toks that can be
437 * used must be registered at mount time. This function could
438 * potentially try a lot harder to find auth_tok's (e.g., by calling
439 * out to ecryptfsd to dynamically retrieve an auth_tok object) so
440 * that static registration of auth_tok's will no longer be necessary.
441 *
442 * Returns zero on no error; non-zero on error
443 */
444static int
445ecryptfs_find_auth_tok_for_sig(
446 struct ecryptfs_auth_tok **auth_tok,
447 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
448 char *sig)
449{
450 struct ecryptfs_global_auth_tok *global_auth_tok;
451 int rc = 0;
452
453 (*auth_tok) = NULL;
454 if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
455 mount_crypt_stat, sig)) {
456 struct key *auth_tok_key;
457
458 rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok,
459 sig);
460 } else
461 (*auth_tok) = global_auth_tok->global_auth_tok;
462 return rc;
463}
464
465/**
466 * write_tag_70_packet can gobble a lot of stack space. We stuff most
467 * of the function's parameters in a kmalloc'd struct to help reduce
468 * eCryptfs' overall stack usage.
469 */
470struct ecryptfs_write_tag_70_packet_silly_stack {
471 u8 cipher_code;
472 size_t max_packet_size;
473 size_t packet_size_len;
474 size_t block_aligned_filename_size;
475 size_t block_size;
476 size_t i;
477 size_t j;
478 size_t num_rand_bytes;
479 struct mutex *tfm_mutex;
480 char *block_aligned_filename;
481 struct ecryptfs_auth_tok *auth_tok;
482 struct scatterlist src_sg;
483 struct scatterlist dst_sg;
484 struct blkcipher_desc desc;
485 char iv[ECRYPTFS_MAX_IV_BYTES];
486 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
487 char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
488 struct hash_desc hash_desc;
489 struct scatterlist hash_sg;
490};
491
492/**
493 * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
494 * @filename: NULL-terminated filename string
495 *
496 * This is the simplest mechanism for achieving filename encryption in
497 * eCryptfs. It encrypts the given filename with the mount-wide
498 * filename encryption key (FNEK) and stores it in a packet to @dest,
499 * which the callee will encode and write directly into the dentry
500 * name.
501 */
502int
503ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
504 size_t *packet_size,
505 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
506 char *filename, size_t filename_size)
507{
508 struct ecryptfs_write_tag_70_packet_silly_stack *s;
509 int rc = 0;
510
511 s = kmalloc(sizeof(*s), GFP_KERNEL);
512 if (!s) {
513 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
514 "[%d] bytes of kernel memory\n", __func__, sizeof(*s));
515 goto out;
516 }
517 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
518 (*packet_size) = 0;
519 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
520 &s->desc.tfm,
521 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
522 if (unlikely(rc)) {
523 printk(KERN_ERR "Internal error whilst attempting to get "
524 "tfm and mutex for cipher name [%s]; rc = [%d]\n",
525 mount_crypt_stat->global_default_fn_cipher_name, rc);
526 goto out;
527 }
528 mutex_lock(s->tfm_mutex);
529 s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
530 /* Plus one for the \0 separator between the random prefix
531 * and the plaintext filename */
532 s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
533 s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
534 if ((s->block_aligned_filename_size % s->block_size) != 0) {
535 s->num_rand_bytes += (s->block_size
536 - (s->block_aligned_filename_size
537 % s->block_size));
538 s->block_aligned_filename_size = (s->num_rand_bytes
539 + filename_size);
540 }
541 /* Octet 0: Tag 70 identifier
542 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
543 * and block-aligned encrypted filename size)
544 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
545 * Octet N2-N3: Cipher identifier (1 octet)
546 * Octets N3-N4: Block-aligned encrypted filename
547 * - Consists of a minimum number of random characters, a \0
548 * separator, and then the filename */
549 s->max_packet_size = (1 /* Tag 70 identifier */
550 + 3 /* Max Tag 70 packet size */
551 + ECRYPTFS_SIG_SIZE /* FNEK sig */
552 + 1 /* Cipher identifier */
553 + s->block_aligned_filename_size);
554 if (dest == NULL) {
555 (*packet_size) = s->max_packet_size;
556 goto out_unlock;
557 }
558 if (s->max_packet_size > (*remaining_bytes)) {
559 printk(KERN_WARNING "%s: Require [%d] bytes to write; only "
560 "[%d] available\n", __func__, s->max_packet_size,
561 (*remaining_bytes));
562 rc = -EINVAL;
563 goto out_unlock;
564 }
565 s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
566 GFP_KERNEL);
567 if (!s->block_aligned_filename) {
568 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
569 "kzalloc [%Zd] bytes\n", __func__,
570 s->block_aligned_filename_size);
571 rc = -ENOMEM;
572 goto out_unlock;
573 }
574 s->i = 0;
575 dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
576 rc = ecryptfs_write_packet_length(&dest[s->i],
577 (ECRYPTFS_SIG_SIZE
578 + 1 /* Cipher code */
579 + s->block_aligned_filename_size),
580 &s->packet_size_len);
581 if (rc) {
582 printk(KERN_ERR "%s: Error generating tag 70 packet "
583 "header; cannot generate packet length; rc = [%d]\n",
584 __func__, rc);
585 goto out_free_unlock;
586 }
587 s->i += s->packet_size_len;
588 ecryptfs_from_hex(&dest[s->i],
589 mount_crypt_stat->global_default_fnek_sig,
590 ECRYPTFS_SIG_SIZE);
591 s->i += ECRYPTFS_SIG_SIZE;
592 s->cipher_code = ecryptfs_code_for_cipher_string(
593 mount_crypt_stat->global_default_fn_cipher_name,
594 mount_crypt_stat->global_default_fn_cipher_key_bytes);
595 if (s->cipher_code == 0) {
596 printk(KERN_WARNING "%s: Unable to generate code for "
597 "cipher [%s] with key bytes [%d]\n", __func__,
598 mount_crypt_stat->global_default_fn_cipher_name,
599 mount_crypt_stat->global_default_fn_cipher_key_bytes);
600 rc = -EINVAL;
601 goto out_free_unlock;
602 }
603 dest[s->i++] = s->cipher_code;
604 rc = ecryptfs_find_auth_tok_for_sig(
605 &s->auth_tok, mount_crypt_stat,
606 mount_crypt_stat->global_default_fnek_sig);
607 if (rc) {
608 printk(KERN_ERR "%s: Error attempting to find auth tok for "
609 "fnek sig [%s]; rc = [%d]\n", __func__,
610 mount_crypt_stat->global_default_fnek_sig, rc);
611 goto out_free_unlock;
612 }
613 /* TODO: Support other key modules than passphrase for
614 * filename encryption */
615 BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
616 sg_init_one(
617 &s->hash_sg,
618 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
619 s->auth_tok->token.password.session_key_encryption_key_bytes);
620 s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
621 s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
622 CRYPTO_ALG_ASYNC);
623 if (IS_ERR(s->hash_desc.tfm)) {
624 rc = PTR_ERR(s->hash_desc.tfm);
625 printk(KERN_ERR "%s: Error attempting to "
626 "allocate hash crypto context; rc = [%d]\n",
627 __func__, rc);
628 goto out_free_unlock;
629 }
630 rc = crypto_hash_init(&s->hash_desc);
631 if (rc) {
632 printk(KERN_ERR
633 "%s: Error initializing crypto hash; rc = [%d]\n",
634 __func__, rc);
635 goto out_release_free_unlock;
636 }
637 rc = crypto_hash_update(
638 &s->hash_desc, &s->hash_sg,
639 s->auth_tok->token.password.session_key_encryption_key_bytes);
640 if (rc) {
641 printk(KERN_ERR
642 "%s: Error updating crypto hash; rc = [%d]\n",
643 __func__, rc);
644 goto out_release_free_unlock;
645 }
646 rc = crypto_hash_final(&s->hash_desc, s->hash);
647 if (rc) {
648 printk(KERN_ERR
649 "%s: Error finalizing crypto hash; rc = [%d]\n",
650 __func__, rc);
651 goto out_release_free_unlock;
652 }
653 for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
654 s->block_aligned_filename[s->j] =
655 s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
656 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
657 == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
658 sg_init_one(&s->hash_sg, (u8 *)s->hash,
659 ECRYPTFS_TAG_70_DIGEST_SIZE);
660 rc = crypto_hash_init(&s->hash_desc);
661 if (rc) {
662 printk(KERN_ERR
663 "%s: Error initializing crypto hash; "
664 "rc = [%d]\n", __func__, rc);
665 goto out_release_free_unlock;
666 }
667 rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
668 ECRYPTFS_TAG_70_DIGEST_SIZE);
669 if (rc) {
670 printk(KERN_ERR
671 "%s: Error updating crypto hash; "
672 "rc = [%d]\n", __func__, rc);
673 goto out_release_free_unlock;
674 }
675 rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
676 if (rc) {
677 printk(KERN_ERR
678 "%s: Error finalizing crypto hash; "
679 "rc = [%d]\n", __func__, rc);
680 goto out_release_free_unlock;
681 }
682 memcpy(s->hash, s->tmp_hash,
683 ECRYPTFS_TAG_70_DIGEST_SIZE);
684 }
685 if (s->block_aligned_filename[s->j] == '\0')
686 s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
687 }
688 memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
689 filename_size);
690 rc = virt_to_scatterlist(s->block_aligned_filename,
691 s->block_aligned_filename_size, &s->src_sg, 1);
692 if (rc != 1) {
693 printk(KERN_ERR "%s: Internal error whilst attempting to "
694 "convert filename memory to scatterlist; "
695 "expected rc = 1; got rc = [%d]. "
696 "block_aligned_filename_size = [%d]\n", __func__, rc,
697 s->block_aligned_filename_size);
698 goto out_release_free_unlock;
699 }
700 rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
701 &s->dst_sg, 1);
702 if (rc != 1) {
703 printk(KERN_ERR "%s: Internal error whilst attempting to "
704 "convert encrypted filename memory to scatterlist; "
705 "expected rc = 1; got rc = [%d]. "
706 "block_aligned_filename_size = [%d]\n", __func__, rc,
707 s->block_aligned_filename_size);
708 goto out_release_free_unlock;
709 }
710 /* The characters in the first block effectively do the job
711 * of the IV here, so we just use 0's for the IV. Note the
712 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
713 * >= ECRYPTFS_MAX_IV_BYTES. */
714 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
715 s->desc.info = s->iv;
716 rc = crypto_blkcipher_setkey(
717 s->desc.tfm,
718 s->auth_tok->token.password.session_key_encryption_key,
719 mount_crypt_stat->global_default_fn_cipher_key_bytes);
720 if (rc < 0) {
721 printk(KERN_ERR "%s: Error setting key for crypto context; "
722 "rc = [%d]. s->auth_tok->token.password.session_key_"
723 "encryption_key = [0x%p]; mount_crypt_stat->"
724 "global_default_fn_cipher_key_bytes = [%Zd]\n", __func__,
725 rc,
726 s->auth_tok->token.password.session_key_encryption_key,
727 mount_crypt_stat->global_default_fn_cipher_key_bytes);
728 goto out_release_free_unlock;
729 }
730 rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
731 s->block_aligned_filename_size);
732 if (rc) {
733 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
734 "rc = [%d]\n", __func__, rc);
735 goto out_release_free_unlock;
736 }
737 s->i += s->block_aligned_filename_size;
738 (*packet_size) = s->i;
739 (*remaining_bytes) -= (*packet_size);
740out_release_free_unlock:
741 crypto_free_hash(s->hash_desc.tfm);
742out_free_unlock:
743 memset(s->block_aligned_filename, 0, s->block_aligned_filename_size);
744 kfree(s->block_aligned_filename);
745out_unlock:
746 mutex_unlock(s->tfm_mutex);
747out:
748 kfree(s);
749 return rc;
750}
751
752struct ecryptfs_parse_tag_70_packet_silly_stack {
753 u8 cipher_code;
754 size_t max_packet_size;
755 size_t packet_size_len;
756 size_t parsed_tag_70_packet_size;
757 size_t block_aligned_filename_size;
758 size_t block_size;
759 size_t i;
760 struct mutex *tfm_mutex;
761 char *decrypted_filename;
762 struct ecryptfs_auth_tok *auth_tok;
763 struct scatterlist src_sg;
764 struct scatterlist dst_sg;
765 struct blkcipher_desc desc;
766 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
767 char iv[ECRYPTFS_MAX_IV_BYTES];
768 char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
769};
770
771/**
772 * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
773 * @filename: This function kmalloc's the memory for the filename
774 */
775int
776ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
777 size_t *packet_size,
778 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
779 char *data, size_t max_packet_size)
780{
781 struct ecryptfs_parse_tag_70_packet_silly_stack *s;
782 int rc = 0;
783
784 (*packet_size) = 0;
785 (*filename_size) = 0;
786 (*filename) = NULL;
787 s = kmalloc(sizeof(*s), GFP_KERNEL);
788 if (!s) {
789 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
790 "[%d] bytes of kernel memory\n", __func__, sizeof(*s));
791 goto out;
792 }
793 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
794 if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
795 printk(KERN_WARNING "%s: max_packet_size is [%Zd]; it must be "
796 "at least [%d]\n", __func__, max_packet_size,
797 (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
798 rc = -EINVAL;
799 goto out;
800 }
801 /* Octet 0: Tag 70 identifier
802 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
803 * and block-aligned encrypted filename size)
804 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
805 * Octet N2-N3: Cipher identifier (1 octet)
806 * Octets N3-N4: Block-aligned encrypted filename
807 * - Consists of a minimum number of random numbers, a \0
808 * separator, and then the filename */
809 if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
810 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
811 "tag [0x%.2x]\n", __func__,
812 data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
813 rc = -EINVAL;
814 goto out;
815 }
816 rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
817 &s->parsed_tag_70_packet_size,
818 &s->packet_size_len);
819 if (rc) {
820 printk(KERN_WARNING "%s: Error parsing packet length; "
821 "rc = [%d]\n", __func__, rc);
822 goto out;
823 }
824 s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
825 - ECRYPTFS_SIG_SIZE - 1);
826 if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
827 > max_packet_size) {
828 printk(KERN_WARNING "%s: max_packet_size is [%d]; real packet "
829 "size is [%d]\n", __func__, max_packet_size,
830 (1 + s->packet_size_len + 1
831 + s->block_aligned_filename_size));
832 rc = -EINVAL;
833 goto out;
834 }
835 (*packet_size) += s->packet_size_len;
836 ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
837 ECRYPTFS_SIG_SIZE);
838 s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
839 (*packet_size) += ECRYPTFS_SIG_SIZE;
840 s->cipher_code = data[(*packet_size)++];
841 rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
842 if (rc) {
843 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
844 __func__, s->cipher_code);
845 goto out;
846 }
847 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
848 &s->tfm_mutex,
849 s->cipher_string);
850 if (unlikely(rc)) {
851 printk(KERN_ERR "Internal error whilst attempting to get "
852 "tfm and mutex for cipher name [%s]; rc = [%d]\n",
853 s->cipher_string, rc);
854 goto out;
855 }
856 mutex_lock(s->tfm_mutex);
857 rc = virt_to_scatterlist(&data[(*packet_size)],
858 s->block_aligned_filename_size, &s->src_sg, 1);
859 if (rc != 1) {
860 printk(KERN_ERR "%s: Internal error whilst attempting to "
861 "convert encrypted filename memory to scatterlist; "
862 "expected rc = 1; got rc = [%d]. "
863 "block_aligned_filename_size = [%d]\n", __func__, rc,
864 s->block_aligned_filename_size);
865 goto out_unlock;
866 }
867 (*packet_size) += s->block_aligned_filename_size;
868 s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
869 GFP_KERNEL);
870 if (!s->decrypted_filename) {
871 printk(KERN_ERR "%s: Out of memory whilst attempting to "
872 "kmalloc [%d] bytes\n", __func__,
873 s->block_aligned_filename_size);
874 rc = -ENOMEM;
875 goto out_unlock;
876 }
877 rc = virt_to_scatterlist(s->decrypted_filename,
878 s->block_aligned_filename_size, &s->dst_sg, 1);
879 if (rc != 1) {
880 printk(KERN_ERR "%s: Internal error whilst attempting to "
881 "convert decrypted filename memory to scatterlist; "
882 "expected rc = 1; got rc = [%d]. "
883 "block_aligned_filename_size = [%d]\n", __func__, rc,
884 s->block_aligned_filename_size);
885 goto out_free_unlock;
886 }
887 /* The characters in the first block effectively do the job of
888 * the IV here, so we just use 0's for the IV. Note the
889 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
890 * >= ECRYPTFS_MAX_IV_BYTES. */
891 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
892 s->desc.info = s->iv;
893 rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat,
894 s->fnek_sig_hex);
895 if (rc) {
896 printk(KERN_ERR "%s: Error attempting to find auth tok for "
897 "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
898 rc);
899 goto out_free_unlock;
900 }
901 /* TODO: Support other key modules than passphrase for
902 * filename encryption */
903 BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
904 rc = crypto_blkcipher_setkey(
905 s->desc.tfm,
906 s->auth_tok->token.password.session_key_encryption_key,
907 mount_crypt_stat->global_default_fn_cipher_key_bytes);
908 if (rc < 0) {
909 printk(KERN_ERR "%s: Error setting key for crypto context; "
910 "rc = [%d]. s->auth_tok->token.password.session_key_"
911 "encryption_key = [0x%p]; mount_crypt_stat->"
912 "global_default_fn_cipher_key_bytes = [%Zd]\n", __func__,
913 rc,
914 s->auth_tok->token.password.session_key_encryption_key,
915 mount_crypt_stat->global_default_fn_cipher_key_bytes);
916 goto out_free_unlock;
917 }
918 rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
919 s->block_aligned_filename_size);
920 if (rc) {
921 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
922 "rc = [%d]\n", __func__, rc);
923 goto out_free_unlock;
924 }
925 s->i = 0;
926 while (s->decrypted_filename[s->i] != '\0'
927 && s->i < s->block_aligned_filename_size)
928 s->i++;
929 if (s->i == s->block_aligned_filename_size) {
930 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
931 "find valid separator between random characters and "
932 "the filename\n", __func__);
933 rc = -EINVAL;
934 goto out_free_unlock;
935 }
936 s->i++;
937 (*filename_size) = (s->block_aligned_filename_size - s->i);
938 if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
939 printk(KERN_WARNING "%s: Filename size is [%Zd], which is "
940 "invalid\n", __func__, (*filename_size));
941 rc = -EINVAL;
942 goto out_free_unlock;
943 }
944 (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
945 if (!(*filename)) {
946 printk(KERN_ERR "%s: Out of memory whilst attempting to "
947 "kmalloc [%d] bytes\n", __func__,
948 ((*filename_size) + 1));
949 rc = -ENOMEM;
950 goto out_free_unlock;
951 }
952 memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
953 (*filename)[(*filename_size)] = '\0';
954out_free_unlock:
955 kfree(s->decrypted_filename);
956out_unlock:
957 mutex_unlock(s->tfm_mutex);
958out:
959 if (rc) {
960 (*packet_size) = 0;
961 (*filename_size) = 0;
962 (*filename) = NULL;
963 }
964 kfree(s);
965 return rc;
966}
967
968static int
406ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok) 969ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
407{ 970{
408 int rc = 0; 971 int rc = 0;
@@ -897,30 +1460,6 @@ out:
897 return rc; 1460 return rc;
898} 1461}
899 1462
900static int
901ecryptfs_find_global_auth_tok_for_sig(
902 struct ecryptfs_global_auth_tok **global_auth_tok,
903 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
904{
905 struct ecryptfs_global_auth_tok *walker;
906 int rc = 0;
907
908 (*global_auth_tok) = NULL;
909 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
910 list_for_each_entry(walker,
911 &mount_crypt_stat->global_auth_tok_list,
912 mount_crypt_stat_list) {
913 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
914 (*global_auth_tok) = walker;
915 goto out;
916 }
917 }
918 rc = -EINVAL;
919out:
920 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
921 return rc;
922}
923
924/** 1463/**
925 * ecryptfs_verify_version 1464 * ecryptfs_verify_version
926 * @version: The version number to confirm 1465 * @version: The version number to confirm
@@ -990,43 +1529,6 @@ out:
990} 1529}
991 1530
992/** 1531/**
993 * ecryptfs_find_auth_tok_for_sig
994 * @auth_tok: Set to the matching auth_tok; NULL if not found
995 * @crypt_stat: inode crypt_stat crypto context
996 * @sig: Sig of auth_tok to find
997 *
998 * For now, this function simply looks at the registered auth_tok's
999 * linked off the mount_crypt_stat, so all the auth_toks that can be
1000 * used must be registered at mount time. This function could
1001 * potentially try a lot harder to find auth_tok's (e.g., by calling
1002 * out to ecryptfsd to dynamically retrieve an auth_tok object) so
1003 * that static registration of auth_tok's will no longer be necessary.
1004 *
1005 * Returns zero on no error; non-zero on error
1006 */
1007static int
1008ecryptfs_find_auth_tok_for_sig(
1009 struct ecryptfs_auth_tok **auth_tok,
1010 struct ecryptfs_crypt_stat *crypt_stat, char *sig)
1011{
1012 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1013 crypt_stat->mount_crypt_stat;
1014 struct ecryptfs_global_auth_tok *global_auth_tok;
1015 int rc = 0;
1016
1017 (*auth_tok) = NULL;
1018 if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
1019 mount_crypt_stat, sig)) {
1020 struct key *auth_tok_key;
1021
1022 rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok,
1023 sig);
1024 } else
1025 (*auth_tok) = global_auth_tok->global_auth_tok;
1026 return rc;
1027}
1028
1029/**
1030 * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok. 1532 * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1031 * @auth_tok: The passphrase authentication token to use to encrypt the FEK 1533 * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1032 * @crypt_stat: The cryptographic context 1534 * @crypt_stat: The cryptographic context
@@ -1256,7 +1758,8 @@ find_next_matching_auth_tok:
1256 rc = -EINVAL; 1758 rc = -EINVAL;
1257 goto out_wipe_list; 1759 goto out_wipe_list;
1258 } 1760 }
1259 ecryptfs_find_auth_tok_for_sig(&matching_auth_tok, crypt_stat, 1761 ecryptfs_find_auth_tok_for_sig(&matching_auth_tok,
1762 crypt_stat->mount_crypt_stat,
1260 candidate_auth_tok_sig); 1763 candidate_auth_tok_sig);
1261 if (matching_auth_tok) { 1764 if (matching_auth_tok) {
1262 found_auth_tok = 1; 1765 found_auth_tok = 1;
@@ -1336,7 +1839,9 @@ pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1336 int rc; 1839 int rc;
1337 1840
1338 rc = write_tag_66_packet(auth_tok->token.private_key.signature, 1841 rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1339 ecryptfs_code_for_cipher_string(crypt_stat), 1842 ecryptfs_code_for_cipher_string(
1843 crypt_stat->cipher,
1844 crypt_stat->key_size),
1340 crypt_stat, &payload, &payload_len); 1845 crypt_stat, &payload, &payload_len);
1341 if (rc) { 1846 if (rc) {
1342 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n"); 1847 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
@@ -1696,7 +2201,8 @@ encrypted_session_key_set:
1696 dest[(*packet_size)++] = 0x04; /* version 4 */ 2201 dest[(*packet_size)++] = 0x04; /* version 4 */
1697 /* TODO: Break from RFC2440 so that arbitrary ciphers can be 2202 /* TODO: Break from RFC2440 so that arbitrary ciphers can be
1698 * specified with strings */ 2203 * specified with strings */
1699 cipher_code = ecryptfs_code_for_cipher_string(crypt_stat); 2204 cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2205 crypt_stat->key_size);
1700 if (cipher_code == 0) { 2206 if (cipher_code == 0) {
1701 ecryptfs_printk(KERN_WARNING, "Unable to generate code for " 2207 ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
1702 "cipher [%s]\n", crypt_stat->cipher); 2208 "cipher [%s]\n", crypt_stat->cipher);