aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2007-02-12 03:53:43 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-02-12 12:48:36 -0500
commit88b4a07e6610f4c93b08b0bb103318218db1e9f6 (patch)
tree32e2f2650bd4841ba6b2fafc724c2806219351b4 /fs/ecryptfs
parentb5d5dfbd59577aed72263f22e28d3eaf98e1c6e5 (diff)
[PATCH] eCryptfs: Public key transport mechanism
This is the transport code for public key functionality in eCryptfs. It manages encryption/decryption request queues with a transport mechanism. Currently, netlink is the only implemented transport. Each inode has a unique File Encryption Key (FEK). Under passphrase, a File Encryption Key Encryption Key (FEKEK) is generated from a salt/passphrase combo on mount. This FEKEK encrypts each FEK and writes it into the header of each file using the packet format specified in RFC 2440. This is all symmetric key encryption, so it can all be done via the kernel crypto API. These new patches introduce public key encryption of the FEK. There is no asymmetric key encryption support in the kernel crypto API, so eCryptfs pushes the FEK encryption and decryption out to a userspace daemon. After considering our requirements and determining the complexity of using various transport mechanisms, we settled on netlink for this communication. eCryptfs stores authentication tokens into the kernel keyring. These tokens correlate with individual keys. For passphrase mode of operation, the authentication token contains the symmetric FEKEK. For public key, the authentication token contains a PKI type and an opaque data blob managed by individual PKI modules in userspace. Each user who opens a file under an eCryptfs partition mounted in public key mode must be running a daemon. That daemon has the user's credentials and has access to all of the keys to which the user should have access. The daemon, when started, initializes the pluggable PKI modules available on the system and registers itself with the eCryptfs kernel module. Userspace utilities register public key authentication tokens into the user session keyring. These authentication tokens correlate key signatures with PKI modules and PKI blobs. The PKI blobs contain PKI-specific information necessary for the PKI module to carry out asymmetric key encryption and decryption. When the eCryptfs module parses the header of an existing file and finds a Tag 1 (Public Key) packet (see RFC 2440), it reads in the public key identifier (signature). The asymmetrically encrypted FEK is in the Tag 1 packet; eCryptfs puts together a decrypt request packet containing the signature and the encrypted FEK, then it passes it to the daemon registered for the current->euid via a netlink unicast to the PID of the daemon, which was registered at the time the daemon was started by the user. The daemon actually just makes calls to libecryptfs, which implements request packet parsing and manages PKI modules. libecryptfs grabs the public key authentication token for the given signature from the user session keyring. This auth tok tells libecryptfs which PKI module should receive the request. libecryptfs then makes a decrypt() call to the PKI module, and it passes along the PKI block from the auth tok. The PKI uses the blob to figure out how it should decrypt the data passed to it; it performs the decryption and passes the decrypted data back to libecryptfs. libecryptfs then puts together a reply packet with the decrypted FEK and passes that back to the eCryptfs module. The eCryptfs module manages these request callouts to userspace code via message context structs. The module maintains an array of message context structs and places the elements of the array on two lists: a free and an allocated list. When eCryptfs wants to make a request, it moves a msg ctx from the free list to the allocated list, sets its state to pending, and fires off the message to the user's registered daemon. When eCryptfs receives a netlink message (via the callback), it correlates the msg ctx struct in the alloc list with the data in the message itself. The msg->index contains the offset of the array of msg ctx structs. It verifies that the registered daemon PID is the same as the PID of the process that sent the message. It also validates a sequence number between the received packet and the msg ctx. Then, it copies the contents of the message (the reply packet) into the msg ctx struct, sets the state in the msg ctx to done, and wakes up the process that was sleeping while waiting for the reply. The sleeping process was whatever was performing the sys_open(). This process originally called ecryptfs_send_message(); it is now in ecryptfs_wait_for_response(). When it wakes up and sees that the msg ctx state was set to done, it returns a pointer to the message contents (the reply packet) and returns. If all went well, this packet contains the decrypted FEK, which is then copied into the crypt_stat struct, and life continues as normal. The case for creation of a new file is very similar, only instead of a decrypt request, eCryptfs sends out an encrypt request. > - We have a great clod of key mangement code in-kernel. Why is that > not suitable (or growable) for public key management? eCryptfs uses Howells' keyring to store persistent key data and PKI state information. It defers public key cryptographic transformations to userspace code. The userspace data manipulation request really is orthogonal to key management in and of itself. What eCryptfs basically needs is a secure way to communicate with a particular daemon for a particular task doing a syscall, based on the UID. Nothing running under another UID should be able to access that channel of communication. > - Is it appropriate that new infrastructure for public key > management be private to a particular fs? The messaging.c file contains a lot of code that, perhaps, could be extracted into a separate kernel service. In essence, this would be a sort of request/reply mechanism that would involve a userspace daemon. I am not aware of anything that does quite what eCryptfs does, so I was not aware of any existing tools to do just what we wanted. > What happens if one of these daemons exits without sending a quit > message? There is a stale uid<->pid association in the hash table for that user. When the user registers a new daemon, eCryptfs cleans up the old association and generates a new one. See ecryptfs_process_helo(). > - _why_ does it use netlink? Netlink provides the transport mechanism that would minimize the complexity of the implementation, given that we can have multiple daemons (one per user). I explored the possibility of using relayfs, but that would involve having to introduce control channels and a protocol for creating and tearing down channels for the daemons. We do not have to worry about any of that with netlink. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h101
-rw-r--r--fs/ecryptfs/messaging.c505
-rw-r--r--fs/ecryptfs/netlink.c255
3 files changed, 858 insertions, 3 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 0f897109759b..508648efa447 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -6,6 +6,8 @@
6 * Copyright (C) 2001-2003 Stony Brook University 6 * Copyright (C) 2001-2003 Stony Brook University
7 * Copyright (C) 2004-2006 International Business Machines Corp. 7 * Copyright (C) 2004-2006 International Business Machines Corp.
8 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
9 * Trevor S. Highland <trevor.highland@gmail.com>
10 * Tyler Hicks <tyhicks@ou.edu>
9 * 11 *
10 * This program is free software; you can redistribute it and/or 12 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as 13 * modify it under the terms of the GNU General Public License as
@@ -35,7 +37,7 @@
35/* Version verification for shared data structures w/ userspace */ 37/* Version verification for shared data structures w/ userspace */
36#define ECRYPTFS_VERSION_MAJOR 0x00 38#define ECRYPTFS_VERSION_MAJOR 0x00
37#define ECRYPTFS_VERSION_MINOR 0x04 39#define ECRYPTFS_VERSION_MINOR 0x04
38#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x01 40#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x02
39/* These flags indicate which features are supported by the kernel 41/* These flags indicate which features are supported by the kernel
40 * module; userspace tools such as the mount helper read 42 * module; userspace tools such as the mount helper read
41 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine 43 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine
@@ -60,10 +62,24 @@
60#define ECRYPTFS_MAX_KEY_BYTES 64 62#define ECRYPTFS_MAX_KEY_BYTES 64
61#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 63#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
62#define ECRYPTFS_DEFAULT_IV_BYTES 16 64#define ECRYPTFS_DEFAULT_IV_BYTES 16
63#define ECRYPTFS_FILE_VERSION 0x01 65#define ECRYPTFS_FILE_VERSION 0x02
64#define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192 66#define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192
65#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 67#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
66#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 68#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
69#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
70#define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
71#define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
72#define ECRYPTFS_NLMSG_HELO 100
73#define ECRYPTFS_NLMSG_QUIT 101
74#define ECRYPTFS_NLMSG_REQUEST 102
75#define ECRYPTFS_NLMSG_RESPONSE 103
76#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
77#define ECRYPTFS_DEFAULT_NUM_USERS 4
78#define ECRYPTFS_MAX_NUM_USERS 32768
79#define ECRYPTFS_TRANSPORT_NETLINK 0
80#define ECRYPTFS_TRANSPORT_CONNECTOR 1
81#define ECRYPTFS_TRANSPORT_RELAYFS 2
82#define ECRYPTFS_DEFAULT_TRANSPORT ECRYPTFS_TRANSPORT_NETLINK
67 83
68#define RFC2440_CIPHER_DES3_EDE 0x02 84#define RFC2440_CIPHER_DES3_EDE 0x02
69#define RFC2440_CIPHER_CAST_5 0x03 85#define RFC2440_CIPHER_CAST_5 0x03
@@ -77,6 +93,7 @@
77#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag)) 93#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag))
78#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag)) 94#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag))
79#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag)) 95#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag))
96#define RFC2440_CIPHER_RSA 0x01
80 97
81/** 98/**
82 * For convenience, we may need to pass around the encrypted session 99 * For convenience, we may need to pass around the encrypted session
@@ -114,6 +131,14 @@ struct ecryptfs_password {
114 131
115enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY}; 132enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
116 133
134struct ecryptfs_private_key {
135 u32 key_size;
136 u32 data_len;
137 u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
138 char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
139 u8 data[];
140};
141
117/* May be a password or a private key */ 142/* May be a password or a private key */
118struct ecryptfs_auth_tok { 143struct ecryptfs_auth_tok {
119 u16 version; /* 8-bit major and 8-bit minor */ 144 u16 version; /* 8-bit major and 8-bit minor */
@@ -123,7 +148,7 @@ struct ecryptfs_auth_tok {
123 u8 reserved[32]; 148 u8 reserved[32];
124 union { 149 union {
125 struct ecryptfs_password password; 150 struct ecryptfs_password password;
126 /* Private key is in future eCryptfs releases */ 151 struct ecryptfs_private_key private_key;
127 } token; 152 } token;
128} __attribute__ ((packed)); 153} __attribute__ ((packed));
129 154
@@ -177,8 +202,13 @@ ecryptfs_get_key_payload_data(struct key *key)
177#define ECRYPTFS_DEFAULT_CIPHER "aes" 202#define ECRYPTFS_DEFAULT_CIPHER "aes"
178#define ECRYPTFS_DEFAULT_KEY_BYTES 16 203#define ECRYPTFS_DEFAULT_KEY_BYTES 16
179#define ECRYPTFS_DEFAULT_HASH "md5" 204#define ECRYPTFS_DEFAULT_HASH "md5"
205#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
180#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C 206#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
181#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED 207#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
208#define ECRYPTFS_TAG_64_PACKET_TYPE 0x40
209#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
210#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
211#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
182#define MD5_DIGEST_SIZE 16 212#define MD5_DIGEST_SIZE 16
183 213
184/** 214/**
@@ -271,6 +301,45 @@ struct ecryptfs_auth_tok_list_item {
271 struct ecryptfs_auth_tok auth_tok; 301 struct ecryptfs_auth_tok auth_tok;
272}; 302};
273 303
304struct ecryptfs_message {
305 u32 index;
306 u32 data_len;
307 u8 data[];
308};
309
310struct ecryptfs_msg_ctx {
311#define ECRYPTFS_MSG_CTX_STATE_FREE 0x0001
312#define ECRYPTFS_MSG_CTX_STATE_PENDING 0x0002
313#define ECRYPTFS_MSG_CTX_STATE_DONE 0x0003
314 u32 state;
315 unsigned int index;
316 unsigned int counter;
317 struct ecryptfs_message *msg;
318 struct task_struct *task;
319 struct list_head node;
320 struct mutex mux;
321};
322
323extern struct list_head ecryptfs_msg_ctx_free_list;
324extern struct list_head ecryptfs_msg_ctx_alloc_list;
325extern struct mutex ecryptfs_msg_ctx_lists_mux;
326
327#define ecryptfs_uid_hash(uid) \
328 hash_long((unsigned long)uid, ecryptfs_hash_buckets)
329extern struct hlist_head *ecryptfs_daemon_id_hash;
330extern struct mutex ecryptfs_daemon_id_hash_mux;
331extern int ecryptfs_hash_buckets;
332
333extern unsigned int ecryptfs_msg_counter;
334extern struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
335extern unsigned int ecryptfs_transport;
336
337struct ecryptfs_daemon_id {
338 pid_t pid;
339 uid_t uid;
340 struct hlist_node id_chain;
341};
342
274static inline struct ecryptfs_file_info * 343static inline struct ecryptfs_file_info *
275ecryptfs_file_to_private(struct file *file) 344ecryptfs_file_to_private(struct file *file)
276{ 345{
@@ -391,6 +460,9 @@ extern struct super_operations ecryptfs_sops;
391extern struct dentry_operations ecryptfs_dops; 460extern struct dentry_operations ecryptfs_dops;
392extern struct address_space_operations ecryptfs_aops; 461extern struct address_space_operations ecryptfs_aops;
393extern int ecryptfs_verbosity; 462extern int ecryptfs_verbosity;
463extern unsigned int ecryptfs_message_buf_len;
464extern signed long ecryptfs_message_wait_timeout;
465extern unsigned int ecryptfs_number_of_users;
394 466
395extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache; 467extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
396extern struct kmem_cache *ecryptfs_file_info_cache; 468extern struct kmem_cache *ecryptfs_file_info_cache;
@@ -484,4 +556,27 @@ int ecryptfs_open_lower_file(struct file **lower_file,
484 struct vfsmount *lower_mnt, int flags); 556 struct vfsmount *lower_mnt, int flags);
485int ecryptfs_close_lower_file(struct file *lower_file); 557int ecryptfs_close_lower_file(struct file *lower_file);
486 558
559int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid);
560int ecryptfs_process_quit(uid_t uid, pid_t pid);
561int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq);
562int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
563 struct ecryptfs_msg_ctx **msg_ctx);
564int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
565 struct ecryptfs_message **emsg);
566int ecryptfs_init_messaging(unsigned int transport);
567void ecryptfs_release_messaging(unsigned int transport);
568
569int ecryptfs_send_netlink(char *data, int data_len,
570 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
571 u16 msg_flags, pid_t daemon_pid);
572int ecryptfs_init_netlink(void);
573void ecryptfs_release_netlink(void);
574
575int ecryptfs_send_connector(char *data, int data_len,
576 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
577 u16 msg_flags, pid_t daemon_pid);
578int ecryptfs_init_connector(void);
579void ecryptfs_release_connector(void);
580
581
487#endif /* #ifndef ECRYPTFS_KERNEL_H */ 582#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
new file mode 100644
index 000000000000..c22b32fc8e8c
--- /dev/null
+++ b/fs/ecryptfs/messaging.c
@@ -0,0 +1,505 @@
1/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 2004-2006 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
20 * 02111-1307, USA.
21 */
22
23#include "ecryptfs_kernel.h"
24
25LIST_HEAD(ecryptfs_msg_ctx_free_list);
26LIST_HEAD(ecryptfs_msg_ctx_alloc_list);
27struct mutex ecryptfs_msg_ctx_lists_mux;
28
29struct hlist_head *ecryptfs_daemon_id_hash;
30struct mutex ecryptfs_daemon_id_hash_mux;
31int ecryptfs_hash_buckets;
32
33unsigned int ecryptfs_msg_counter;
34struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
35
36/**
37 * ecryptfs_acquire_free_msg_ctx
38 * @msg_ctx: The context that was acquired from the free list
39 *
40 * Acquires a context element from the free list and locks the mutex
41 * on the context. Returns zero on success; non-zero on error or upon
42 * failure to acquire a free context element. Be sure to lock the
43 * list mutex before calling.
44 */
45static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx)
46{
47 struct list_head *p;
48 int rc;
49
50 if (list_empty(&ecryptfs_msg_ctx_free_list)) {
51 ecryptfs_printk(KERN_WARNING, "The eCryptfs free "
52 "context list is empty. It may be helpful to "
53 "specify the ecryptfs_message_buf_len "
54 "parameter to be greater than the current "
55 "value of [%d]\n", ecryptfs_message_buf_len);
56 rc = -ENOMEM;
57 goto out;
58 }
59 list_for_each(p, &ecryptfs_msg_ctx_free_list) {
60 *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node);
61 if (mutex_trylock(&(*msg_ctx)->mux)) {
62 (*msg_ctx)->task = current;
63 rc = 0;
64 goto out;
65 }
66 }
67 rc = -ENOMEM;
68out:
69 return rc;
70}
71
72/**
73 * ecryptfs_msg_ctx_free_to_alloc
74 * @msg_ctx: The context to move from the free list to the alloc list
75 *
76 * Be sure to lock the list mutex and the context mutex before
77 * calling.
78 */
79static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx)
80{
81 list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list);
82 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING;
83 msg_ctx->counter = ++ecryptfs_msg_counter;
84}
85
86/**
87 * ecryptfs_msg_ctx_alloc_to_free
88 * @msg_ctx: The context to move from the alloc list to the free list
89 *
90 * Be sure to lock the list mutex and the context mutex before
91 * calling.
92 */
93static void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx)
94{
95 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list);
96 if (msg_ctx->msg)
97 kfree(msg_ctx->msg);
98 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE;
99}
100
101/**
102 * ecryptfs_find_daemon_id
103 * @uid: The user id which maps to the desired daemon id
104 * @id: If return value is zero, points to the desired daemon id
105 * pointer
106 *
107 * Search the hash list for the given user id. Returns zero if the
108 * user id exists in the list; non-zero otherwise. The daemon id hash
109 * mutex should be held before calling this function.
110 */
111static int ecryptfs_find_daemon_id(uid_t uid, struct ecryptfs_daemon_id **id)
112{
113 struct hlist_node *elem;
114 int rc;
115
116 hlist_for_each_entry(*id, elem,
117 &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)],
118 id_chain) {
119 if ((*id)->uid == uid) {
120 rc = 0;
121 goto out;
122 }
123 }
124 rc = -EINVAL;
125out:
126 return rc;
127}
128
129static int ecryptfs_send_raw_message(unsigned int transport, u16 msg_type,
130 pid_t pid)
131{
132 int rc;
133
134 switch(transport) {
135 case ECRYPTFS_TRANSPORT_NETLINK:
136 rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0, pid);
137 break;
138 case ECRYPTFS_TRANSPORT_CONNECTOR:
139 case ECRYPTFS_TRANSPORT_RELAYFS:
140 default:
141 rc = -ENOSYS;
142 }
143 return rc;
144}
145
146/**
147 * ecryptfs_process_helo
148 * @transport: The underlying transport (netlink, etc.)
149 * @uid: The user ID owner of the message
150 * @pid: The process ID for the userspace program that sent the
151 * message
152 *
153 * Adds the uid and pid values to the daemon id hash. If a uid
154 * already has a daemon pid registered, the daemon will be
155 * unregistered before the new daemon id is put into the hash list.
156 * Returns zero after adding a new daemon id to the hash list;
157 * non-zero otherwise.
158 */
159int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid)
160{
161 struct ecryptfs_daemon_id *new_id;
162 struct ecryptfs_daemon_id *old_id;
163 int rc;
164
165 mutex_lock(&ecryptfs_daemon_id_hash_mux);
166 new_id = kmalloc(sizeof(*new_id), GFP_KERNEL);
167 if (!new_id) {
168 rc = -ENOMEM;
169 ecryptfs_printk(KERN_ERR, "Failed to allocate memory; unable "
170 "to register daemon [%d] for user\n", pid, uid);
171 goto unlock;
172 }
173 if (!ecryptfs_find_daemon_id(uid, &old_id)) {
174 printk(KERN_WARNING "Received request from user [%d] "
175 "to register daemon [%d]; unregistering daemon "
176 "[%d]\n", uid, pid, old_id->pid);
177 hlist_del(&old_id->id_chain);
178 rc = ecryptfs_send_raw_message(transport, ECRYPTFS_NLMSG_QUIT,
179 old_id->pid);
180 if (rc)
181 printk(KERN_WARNING "Failed to send QUIT "
182 "message to daemon [%d]; rc = [%d]\n",
183 old_id->pid, rc);
184 kfree(old_id);
185 }
186 new_id->uid = uid;
187 new_id->pid = pid;
188 hlist_add_head(&new_id->id_chain,
189 &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)]);
190 rc = 0;
191unlock:
192 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
193 return rc;
194}
195
196/**
197 * ecryptfs_process_quit
198 * @uid: The user ID owner of the message
199 * @pid: The process ID for the userspace program that sent the
200 * message
201 *
202 * Deletes the corresponding daemon id for the given uid and pid, if
203 * it is the registered that is requesting the deletion. Returns zero
204 * after deleting the desired daemon id; non-zero otherwise.
205 */
206int ecryptfs_process_quit(uid_t uid, pid_t pid)
207{
208 struct ecryptfs_daemon_id *id;
209 int rc;
210
211 mutex_lock(&ecryptfs_daemon_id_hash_mux);
212 if (ecryptfs_find_daemon_id(uid, &id)) {
213 rc = -EINVAL;
214 ecryptfs_printk(KERN_ERR, "Received request from user [%d] to "
215 "unregister unrecognized daemon [%d]\n", uid,
216 pid);
217 goto unlock;
218 }
219 if (id->pid != pid) {
220 rc = -EINVAL;
221 ecryptfs_printk(KERN_WARNING, "Received request from user [%d] "
222 "with pid [%d] to unregister daemon [%d]\n",
223 uid, pid, id->pid);
224 goto unlock;
225 }
226 hlist_del(&id->id_chain);
227 kfree(id);
228 rc = 0;
229unlock:
230 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
231 return rc;
232}
233
234/**
235 * ecryptfs_process_reponse
236 * @msg: The ecryptfs message received; the caller should sanity check
237 * msg->data_len
238 * @pid: The process ID of the userspace application that sent the
239 * message
240 * @seq: The sequence number of the message
241 *
242 * Processes a response message after sending a operation request to
243 * userspace. Returns zero upon delivery to desired context element;
244 * non-zero upon delivery failure or error.
245 */
246int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq)
247{
248 struct ecryptfs_daemon_id *id;
249 struct ecryptfs_msg_ctx *msg_ctx;
250 int msg_size;
251 int rc;
252
253 if (msg->index >= ecryptfs_message_buf_len) {
254 rc = -EINVAL;
255 ecryptfs_printk(KERN_ERR, "Attempt to reference "
256 "context buffer at index [%d]; maximum "
257 "allowable is [%d]\n", msg->index,
258 (ecryptfs_message_buf_len - 1));
259 goto out;
260 }
261 msg_ctx = &ecryptfs_msg_ctx_arr[msg->index];
262 mutex_lock(&msg_ctx->mux);
263 if (ecryptfs_find_daemon_id(msg_ctx->task->euid, &id)) {
264 rc = -EBADMSG;
265 ecryptfs_printk(KERN_WARNING, "User [%d] received a "
266 "message response from process [%d] but does "
267 "not have a registered daemon\n",
268 msg_ctx->task->euid, pid);
269 goto wake_up;
270 }
271 if (id->pid != pid) {
272 rc = -EBADMSG;
273 ecryptfs_printk(KERN_ERR, "User [%d] received a "
274 "message response from an unrecognized "
275 "process [%d]\n", msg_ctx->task->euid, pid);
276 goto unlock;
277 }
278 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
279 rc = -EINVAL;
280 ecryptfs_printk(KERN_WARNING, "Desired context element is not "
281 "pending a response\n");
282 goto unlock;
283 } else if (msg_ctx->counter != seq) {
284 rc = -EINVAL;
285 ecryptfs_printk(KERN_WARNING, "Invalid message sequence; "
286 "expected [%d]; received [%d]\n",
287 msg_ctx->counter, seq);
288 goto unlock;
289 }
290 msg_size = sizeof(*msg) + msg->data_len;
291 msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL);
292 if (!msg_ctx->msg) {
293 rc = -ENOMEM;
294 ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
295 goto unlock;
296 }
297 memcpy(msg_ctx->msg, msg, msg_size);
298 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE;
299 rc = 0;
300wake_up:
301 wake_up_process(msg_ctx->task);
302unlock:
303 mutex_unlock(&msg_ctx->mux);
304out:
305 return rc;
306}
307
308/**
309 * ecryptfs_send_message
310 * @transport: The transport over which to send the message (i.e.,
311 * netlink)
312 * @data: The data to send
313 * @data_len: The length of data
314 * @msg_ctx: The message context allocated for the send
315 */
316int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
317 struct ecryptfs_msg_ctx **msg_ctx)
318{
319 struct ecryptfs_daemon_id *id;
320 int rc;
321
322 mutex_lock(&ecryptfs_daemon_id_hash_mux);
323 if (ecryptfs_find_daemon_id(current->euid, &id)) {
324 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
325 rc = -ENOTCONN;
326 ecryptfs_printk(KERN_ERR, "User [%d] does not have a daemon "
327 "registered\n", current->euid);
328 goto out;
329 }
330 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
331 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
332 rc = ecryptfs_acquire_free_msg_ctx(msg_ctx);
333 if (rc) {
334 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
335 ecryptfs_printk(KERN_WARNING, "Could not claim a free "
336 "context element\n");
337 goto out;
338 }
339 ecryptfs_msg_ctx_free_to_alloc(*msg_ctx);
340 mutex_unlock(&(*msg_ctx)->mux);
341 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
342 switch (transport) {
343 case ECRYPTFS_TRANSPORT_NETLINK:
344 rc = ecryptfs_send_netlink(data, data_len, *msg_ctx,
345 ECRYPTFS_NLMSG_REQUEST, 0, id->pid);
346 break;
347 case ECRYPTFS_TRANSPORT_CONNECTOR:
348 case ECRYPTFS_TRANSPORT_RELAYFS:
349 default:
350 rc = -ENOSYS;
351 }
352 if (rc) {
353 printk(KERN_ERR "Error attempting to send message to userspace "
354 "daemon; rc = [%d]\n", rc);
355 }
356out:
357 return rc;
358}
359
360/**
361 * ecryptfs_wait_for_response
362 * @msg_ctx: The context that was assigned when sending a message
363 * @msg: The incoming message from userspace; not set if rc != 0
364 *
365 * Sleeps until awaken by ecryptfs_receive_message or until the amount
366 * of time exceeds ecryptfs_message_wait_timeout. If zero is
367 * returned, msg will point to a valid message from userspace; a
368 * non-zero value is returned upon failure to receive a message or an
369 * error occurs.
370 */
371int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
372 struct ecryptfs_message **msg)
373{
374 signed long timeout = ecryptfs_message_wait_timeout * HZ;
375 int rc = 0;
376
377sleep:
378 timeout = schedule_timeout_interruptible(timeout);
379 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
380 mutex_lock(&msg_ctx->mux);
381 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) {
382 if (timeout) {
383 mutex_unlock(&msg_ctx->mux);
384 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
385 goto sleep;
386 }
387 rc = -ENOMSG;
388 } else {
389 *msg = msg_ctx->msg;
390 msg_ctx->msg = NULL;
391 }
392 ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
393 mutex_unlock(&msg_ctx->mux);
394 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
395 return rc;
396}
397
398int ecryptfs_init_messaging(unsigned int transport)
399{
400 int i;
401 int rc = 0;
402
403 if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) {
404 ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS;
405 ecryptfs_printk(KERN_WARNING, "Specified number of users is "
406 "too large, defaulting to [%d] users\n",
407 ecryptfs_number_of_users);
408 }
409 mutex_init(&ecryptfs_daemon_id_hash_mux);
410 mutex_lock(&ecryptfs_daemon_id_hash_mux);
411 ecryptfs_hash_buckets = 0;
412 while (ecryptfs_number_of_users >> ++ecryptfs_hash_buckets);
413 ecryptfs_daemon_id_hash = kmalloc(sizeof(struct hlist_head)
414 * ecryptfs_hash_buckets, GFP_KERNEL);
415 if (!ecryptfs_daemon_id_hash) {
416 rc = -ENOMEM;
417 ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
418 goto out;
419 }
420 for (i = 0; i < ecryptfs_hash_buckets; i++)
421 INIT_HLIST_HEAD(&ecryptfs_daemon_id_hash[i]);
422 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
423
424 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
425 * ecryptfs_message_buf_len), GFP_KERNEL);
426 if (!ecryptfs_msg_ctx_arr) {
427 rc = -ENOMEM;
428 ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
429 goto out;
430 }
431 mutex_init(&ecryptfs_msg_ctx_lists_mux);
432 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
433 ecryptfs_msg_counter = 0;
434 for (i = 0; i < ecryptfs_message_buf_len; i++) {
435 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node);
436 mutex_init(&ecryptfs_msg_ctx_arr[i].mux);
437 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
438 ecryptfs_msg_ctx_arr[i].index = i;
439 ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE;
440 ecryptfs_msg_ctx_arr[i].counter = 0;
441 ecryptfs_msg_ctx_arr[i].task = NULL;
442 ecryptfs_msg_ctx_arr[i].msg = NULL;
443 list_add_tail(&ecryptfs_msg_ctx_arr[i].node,
444 &ecryptfs_msg_ctx_free_list);
445 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
446 }
447 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
448 switch(transport) {
449 case ECRYPTFS_TRANSPORT_NETLINK:
450 rc = ecryptfs_init_netlink();
451 if (rc)
452 ecryptfs_release_messaging(transport);
453 break;
454 case ECRYPTFS_TRANSPORT_CONNECTOR:
455 case ECRYPTFS_TRANSPORT_RELAYFS:
456 default:
457 rc = -ENOSYS;
458 }
459out:
460 return rc;
461}
462
463void ecryptfs_release_messaging(unsigned int transport)
464{
465 if (ecryptfs_msg_ctx_arr) {
466 int i;
467
468 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
469 for (i = 0; i < ecryptfs_message_buf_len; i++) {
470 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
471 if (ecryptfs_msg_ctx_arr[i].msg)
472 kfree(ecryptfs_msg_ctx_arr[i].msg);
473 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
474 }
475 kfree(ecryptfs_msg_ctx_arr);
476 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
477 }
478 if (ecryptfs_daemon_id_hash) {
479 struct hlist_node *elem;
480 struct ecryptfs_daemon_id *id;
481 int i;
482
483 mutex_lock(&ecryptfs_daemon_id_hash_mux);
484 for (i = 0; i < ecryptfs_hash_buckets; i++) {
485 hlist_for_each_entry(id, elem,
486 &ecryptfs_daemon_id_hash[i],
487 id_chain) {
488 hlist_del(elem);
489 kfree(id);
490 }
491 }
492 kfree(ecryptfs_daemon_id_hash);
493 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
494 }
495 switch(transport) {
496 case ECRYPTFS_TRANSPORT_NETLINK:
497 ecryptfs_release_netlink();
498 break;
499 case ECRYPTFS_TRANSPORT_CONNECTOR:
500 case ECRYPTFS_TRANSPORT_RELAYFS:
501 default:
502 break;
503 }
504 return;
505}
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c
new file mode 100644
index 000000000000..aba061d62118
--- /dev/null
+++ b/fs/ecryptfs/netlink.c
@@ -0,0 +1,255 @@
1/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 2004-2006 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
20 * 02111-1307, USA.
21 */
22
23#include <net/sock.h>
24#include <linux/hash.h>
25#include <linux/random.h>
26#include "ecryptfs_kernel.h"
27
28static struct sock *ecryptfs_nl_sock;
29
30/**
31 * ecryptfs_send_netlink
32 * @data: The data to include as the payload
33 * @data_len: The byte count of the data
34 * @msg_ctx: The netlink context that will be used to handle the
35 * response message
36 * @msg_type: The type of netlink message to send
37 * @msg_flags: The flags to include in the netlink header
38 * @daemon_pid: The process id of the daemon to send the message to
39 *
40 * Sends the data to the specified daemon pid and uses the netlink
41 * context element to store the data needed for validation upon
42 * receiving the response. The data and the netlink context can be
43 * null if just sending a netlink header is sufficient. Returns zero
44 * upon sending the message; non-zero upon error.
45 */
46int ecryptfs_send_netlink(char *data, int data_len,
47 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
48 u16 msg_flags, pid_t daemon_pid)
49{
50 struct sk_buff *skb;
51 struct nlmsghdr *nlh;
52 struct ecryptfs_message *msg;
53 size_t payload_len;
54 int rc;
55
56 payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0);
57 skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL);
58 if (!skb) {
59 rc = -ENOMEM;
60 ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n");
61 goto out;
62 }
63 nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0,
64 msg_type, payload_len);
65 nlh->nlmsg_flags = msg_flags;
66 if (msg_ctx && payload_len) {
67 msg = (struct ecryptfs_message *)NLMSG_DATA(nlh);
68 msg->index = msg_ctx->index;
69 msg->data_len = data_len;
70 memcpy(msg->data, data, data_len);
71 }
72 rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0);
73 if (rc < 0) {
74 ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink "
75 "message; rc = [%d]\n", rc);
76 goto out;
77 }
78 rc = 0;
79 goto out;
80nlmsg_failure:
81 rc = -EMSGSIZE;
82 kfree_skb(skb);
83out:
84 return rc;
85}
86
87/**
88 * ecryptfs_process_nl_reponse
89 * @skb: The socket buffer containing the netlink message of state
90 * RESPONSE
91 *
92 * Processes a response message after sending a operation request to
93 * userspace. Attempts to assign the msg to a netlink context element
94 * at the index specified in the msg. The sk_buff and nlmsghdr must
95 * be validated before this function. Returns zero upon delivery to
96 * desired context element; non-zero upon delivery failure or error.
97 */
98static int ecryptfs_process_nl_response(struct sk_buff *skb)
99{
100 struct nlmsghdr *nlh = (struct nlmsghdr*)skb->data;
101 struct ecryptfs_message *msg = NLMSG_DATA(nlh);
102 int rc;
103
104 if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) {
105 rc = -EINVAL;
106 ecryptfs_printk(KERN_ERR, "Received netlink message with "
107 "incorrectly specified data length\n");
108 goto out;
109 }
110 rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->pid,
111 nlh->nlmsg_seq);
112 if (rc)
113 printk(KERN_ERR
114 "Error processing response message; rc = [%d]\n", rc);
115out:
116 return rc;
117}
118
119/**
120 * ecryptfs_process_nl_helo
121 * @skb: The socket buffer containing the nlmsghdr in HELO state
122 *
123 * Gets uid and pid of the skb and adds the values to the daemon id
124 * hash. Returns zero after adding a new daemon id to the hash list;
125 * non-zero otherwise.
126 */
127static int ecryptfs_process_nl_helo(struct sk_buff *skb)
128{
129 int rc;
130
131 rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK,
132 NETLINK_CREDS(skb)->uid,
133 NETLINK_CREDS(skb)->pid);
134 if (rc)
135 printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
136 return rc;
137}
138
139/**
140 * ecryptfs_process_nl_quit
141 * @skb: The socket buffer containing the nlmsghdr in QUIT state
142 *
143 * Gets uid and pid of the skb and deletes the corresponding daemon
144 * id, if it is the registered that is requesting the
145 * deletion. Returns zero after deleting the desired daemon id;
146 * non-zero otherwise.
147 */
148static int ecryptfs_process_nl_quit(struct sk_buff *skb)
149{
150 int rc;
151
152 rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid,
153 NETLINK_CREDS(skb)->pid);
154 if (rc)
155 printk(KERN_WARNING
156 "Error processing QUIT message; rc = [%d]\n", rc);
157 return rc;
158}
159
160/**
161 * ecryptfs_receive_nl_message
162 *
163 * Callback function called by netlink system when a message arrives.
164 * If the message looks to be valid, then an attempt is made to assign
165 * it to its desired netlink context element and wake up the process
166 * that is waiting for a response.
167 */
168static void ecryptfs_receive_nl_message(struct sock *sk, int len)
169{
170 struct sk_buff *skb;
171 struct nlmsghdr *nlh;
172 int rc = 0; /* skb_recv_datagram requires this */
173
174receive:
175 skb = skb_recv_datagram(sk, 0, 0, &rc);
176 if (rc == -EINTR)
177 goto receive;
178 else if (rc < 0) {
179 ecryptfs_printk(KERN_ERR, "Error occurred while "
180 "receiving eCryptfs netlink message; "
181 "rc = [%d]\n", rc);
182 return;
183 }
184 nlh = (struct nlmsghdr *)skb->data;
185 if (!NLMSG_OK(nlh, skb->len)) {
186 ecryptfs_printk(KERN_ERR, "Received corrupt netlink "
187 "message\n");
188 goto free;
189 }
190 switch (nlh->nlmsg_type) {
191 case ECRYPTFS_NLMSG_RESPONSE:
192 if (ecryptfs_process_nl_response(skb)) {
193 ecryptfs_printk(KERN_WARNING, "Failed to "
194 "deliver netlink response to "
195 "requesting operation\n");
196 }
197 break;
198 case ECRYPTFS_NLMSG_HELO:
199 if (ecryptfs_process_nl_helo(skb)) {
200 ecryptfs_printk(KERN_WARNING, "Failed to "
201 "fulfill HELO request\n");
202 }
203 break;
204 case ECRYPTFS_NLMSG_QUIT:
205 if (ecryptfs_process_nl_quit(skb)) {
206 ecryptfs_printk(KERN_WARNING, "Failed to "
207 "fulfill QUIT request\n");
208 }
209 break;
210 default:
211 ecryptfs_printk(KERN_WARNING, "Dropping netlink "
212 "message of unrecognized type [%d]\n",
213 nlh->nlmsg_type);
214 break;
215 }
216free:
217 kfree_skb(skb);
218}
219
220/**
221 * ecryptfs_init_netlink
222 *
223 * Initializes the daemon id hash list, netlink context array, and
224 * necessary locks. Returns zero upon success; non-zero upon error.
225 */
226int ecryptfs_init_netlink(void)
227{
228 int rc;
229
230 ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0,
231 ecryptfs_receive_nl_message,
232 THIS_MODULE);
233 if (!ecryptfs_nl_sock) {
234 rc = -EIO;
235 ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n");
236 goto out;
237 }
238 ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT;
239 rc = 0;
240out:
241 return rc;
242}
243
244/**
245 * ecryptfs_release_netlink
246 *
247 * Frees all memory used by the netlink context array and releases the
248 * netlink socket.
249 */
250void ecryptfs_release_netlink(void)
251{
252 if (ecryptfs_nl_sock && ecryptfs_nl_sock->sk_socket)
253 sock_release(ecryptfs_nl_sock->sk_socket);
254 ecryptfs_nl_sock = NULL;
255}