aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/ecryptfs/crypto.c92
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h9
-rw-r--r--fs/ecryptfs/keystore.c101
-rw-r--r--fs/ecryptfs/main.c2
4 files changed, 146 insertions, 58 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index f14c5a38215e..2a1b6aa1a4a1 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -123,6 +123,28 @@ out:
123 return rc; 123 return rc;
124} 124}
125 125
126int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
127 char *cipher_name,
128 char *chaining_modifier)
129{
130 int cipher_name_len = strlen(cipher_name);
131 int chaining_modifier_len = strlen(chaining_modifier);
132 int algified_name_len;
133 int rc;
134
135 algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
136 (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
137 if (!(algified_name)) {
138 rc = -ENOMEM;
139 goto out;
140 }
141 snprintf((*algified_name), algified_name_len, "%s(%s)",
142 chaining_modifier, cipher_name);
143 rc = 0;
144out:
145 return rc;
146}
147
126/** 148/**
127 * ecryptfs_derive_iv 149 * ecryptfs_derive_iv
128 * @iv: destination for the derived iv vale 150 * @iv: destination for the derived iv vale
@@ -197,7 +219,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
197void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) 219void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
198{ 220{
199 if (crypt_stat->tfm) 221 if (crypt_stat->tfm)
200 crypto_free_tfm(crypt_stat->tfm); 222 crypto_free_blkcipher(crypt_stat->tfm);
201 if (crypt_stat->hash_tfm) 223 if (crypt_stat->hash_tfm)
202 crypto_free_hash(crypt_stat->hash_tfm); 224 crypto_free_hash(crypt_stat->hash_tfm);
203 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 225 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
@@ -209,7 +231,7 @@ void ecryptfs_destruct_mount_crypt_stat(
209 if (mount_crypt_stat->global_auth_tok_key) 231 if (mount_crypt_stat->global_auth_tok_key)
210 key_put(mount_crypt_stat->global_auth_tok_key); 232 key_put(mount_crypt_stat->global_auth_tok_key);
211 if (mount_crypt_stat->global_key_tfm) 233 if (mount_crypt_stat->global_key_tfm)
212 crypto_free_tfm(mount_crypt_stat->global_key_tfm); 234 crypto_free_blkcipher(mount_crypt_stat->global_key_tfm);
213 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); 235 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
214} 236}
215 237
@@ -275,6 +297,11 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
275 struct scatterlist *src_sg, int size, 297 struct scatterlist *src_sg, int size,
276 unsigned char *iv) 298 unsigned char *iv)
277{ 299{
300 struct blkcipher_desc desc = {
301 .tfm = crypt_stat->tfm,
302 .info = iv,
303 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
304 };
278 int rc = 0; 305 int rc = 0;
279 306
280 BUG_ON(!crypt_stat || !crypt_stat->tfm 307 BUG_ON(!crypt_stat || !crypt_stat->tfm
@@ -288,8 +315,8 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
288 } 315 }
289 /* Consider doing this once, when the file is opened */ 316 /* Consider doing this once, when the file is opened */
290 mutex_lock(&crypt_stat->cs_tfm_mutex); 317 mutex_lock(&crypt_stat->cs_tfm_mutex);
291 rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, 318 rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
292 crypt_stat->key_size); 319 crypt_stat->key_size);
293 if (rc) { 320 if (rc) {
294 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", 321 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
295 rc); 322 rc);
@@ -298,7 +325,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
298 goto out; 325 goto out;
299 } 326 }
300 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); 327 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
301 crypto_cipher_encrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, iv); 328 crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size);
302 mutex_unlock(&crypt_stat->cs_tfm_mutex); 329 mutex_unlock(&crypt_stat->cs_tfm_mutex);
303out: 330out:
304 return rc; 331 return rc;
@@ -681,12 +708,17 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
681 struct scatterlist *src_sg, int size, 708 struct scatterlist *src_sg, int size,
682 unsigned char *iv) 709 unsigned char *iv)
683{ 710{
711 struct blkcipher_desc desc = {
712 .tfm = crypt_stat->tfm,
713 .info = iv,
714 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
715 };
684 int rc = 0; 716 int rc = 0;
685 717
686 /* Consider doing this once, when the file is opened */ 718 /* Consider doing this once, when the file is opened */
687 mutex_lock(&crypt_stat->cs_tfm_mutex); 719 mutex_lock(&crypt_stat->cs_tfm_mutex);
688 rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, 720 rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
689 crypt_stat->key_size); 721 crypt_stat->key_size);
690 if (rc) { 722 if (rc) {
691 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", 723 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
692 rc); 724 rc);
@@ -695,8 +727,7 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
695 goto out; 727 goto out;
696 } 728 }
697 ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); 729 ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
698 rc = crypto_cipher_decrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, 730 rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size);
699 iv);
700 mutex_unlock(&crypt_stat->cs_tfm_mutex); 731 mutex_unlock(&crypt_stat->cs_tfm_mutex);
701 if (rc) { 732 if (rc) {
702 ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n", 733 ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
@@ -765,6 +796,7 @@ ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
765 */ 796 */
766int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) 797int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
767{ 798{
799 char *full_alg_name;
768 int rc = -EINVAL; 800 int rc = -EINVAL;
769 801
770 if (!crypt_stat->cipher) { 802 if (!crypt_stat->cipher) {
@@ -781,16 +813,24 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
781 goto out; 813 goto out;
782 } 814 }
783 mutex_lock(&crypt_stat->cs_tfm_mutex); 815 mutex_lock(&crypt_stat->cs_tfm_mutex);
784 crypt_stat->tfm = crypto_alloc_tfm(crypt_stat->cipher, 816 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
785 ECRYPTFS_DEFAULT_CHAINING_MODE 817 crypt_stat->cipher, "cbc");
786 | CRYPTO_TFM_REQ_WEAK_KEY); 818 if (rc)
787 mutex_unlock(&crypt_stat->cs_tfm_mutex); 819 goto out;
820 crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0,
821 CRYPTO_ALG_ASYNC);
822 kfree(full_alg_name);
788 if (!crypt_stat->tfm) { 823 if (!crypt_stat->tfm) {
789 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " 824 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
790 "Error initializing cipher [%s]\n", 825 "Error initializing cipher [%s]\n",
791 crypt_stat->cipher); 826 crypt_stat->cipher);
827 mutex_unlock(&crypt_stat->cs_tfm_mutex);
792 goto out; 828 goto out;
793 } 829 }
830 crypto_blkcipher_set_flags(crypt_stat->tfm,
831 (ECRYPTFS_DEFAULT_CHAINING_MODE
832 | CRYPTO_TFM_REQ_WEAK_KEY));
833 mutex_unlock(&crypt_stat->cs_tfm_mutex);
794 rc = 0; 834 rc = 0;
795out: 835out:
796 return rc; 836 return rc;
@@ -1588,10 +1628,11 @@ out:
1588 * event, regardless of whether this function succeeds for fails. 1628 * event, regardless of whether this function succeeds for fails.
1589 */ 1629 */
1590int 1630int
1591ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, 1631ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name,
1592 size_t *key_size) 1632 size_t *key_size)
1593{ 1633{
1594 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1634 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1635 char *full_alg_name;
1595 int rc; 1636 int rc;
1596 1637
1597 *key_tfm = NULL; 1638 *key_tfm = NULL;
@@ -1601,17 +1642,26 @@ ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name,
1601 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); 1642 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1602 goto out; 1643 goto out;
1603 } 1644 }
1604 *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); 1645 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
1605 if (!(*key_tfm)) { 1646 "ecb");
1606 rc = -EINVAL; 1647 if (rc)
1648 goto out;
1649 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1650 kfree(full_alg_name);
1651 if (IS_ERR(*key_tfm)) {
1652 rc = PTR_ERR(*key_tfm);
1607 printk(KERN_ERR "Unable to allocate crypto cipher with name " 1653 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1608 "[%s]\n", cipher_name); 1654 "[%s]; rc = [%d]\n", cipher_name, rc);
1609 goto out; 1655 goto out;
1610 } 1656 }
1611 if (*key_size == 0) 1657 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1612 *key_size = crypto_tfm_alg_max_keysize(*key_tfm); 1658 if (*key_size == 0) {
1659 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm);
1660
1661 *key_size = alg->max_keysize;
1662 }
1613 get_random_bytes(dummy_key, *key_size); 1663 get_random_bytes(dummy_key, *key_size);
1614 rc = crypto_cipher_setkey(*key_tfm, dummy_key, *key_size); 1664 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
1615 if (rc) { 1665 if (rc) {
1616 printk(KERN_ERR "Error attempting to set key of size [%Zd] for " 1666 printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
1617 "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); 1667 "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc);
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 840aa010e0d3..199fcda50e1b 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -205,7 +205,7 @@ struct ecryptfs_crypt_stat {
205 size_t extent_shift; 205 size_t extent_shift;
206 unsigned int extent_mask; 206 unsigned int extent_mask;
207 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 207 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
208 struct crypto_tfm *tfm; 208 struct crypto_blkcipher *tfm;
209 struct crypto_hash *hash_tfm; /* Crypto context for generating 209 struct crypto_hash *hash_tfm; /* Crypto context for generating
210 * the initialization vectors */ 210 * the initialization vectors */
211 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE]; 211 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
@@ -245,7 +245,7 @@ struct ecryptfs_mount_crypt_stat {
245 struct ecryptfs_auth_tok *global_auth_tok; 245 struct ecryptfs_auth_tok *global_auth_tok;
246 struct key *global_auth_tok_key; 246 struct key *global_auth_tok_key;
247 size_t global_default_cipher_key_size; 247 size_t global_default_cipher_key_size;
248 struct crypto_tfm *global_key_tfm; 248 struct crypto_blkcipher *global_key_tfm;
249 struct mutex global_key_tfm_mutex; 249 struct mutex global_key_tfm_mutex;
250 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE 250 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
251 + 1]; 251 + 1];
@@ -426,6 +426,9 @@ void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat);
426void ecryptfs_destruct_mount_crypt_stat( 426void ecryptfs_destruct_mount_crypt_stat(
427 struct ecryptfs_mount_crypt_stat *mount_crypt_stat); 427 struct ecryptfs_mount_crypt_stat *mount_crypt_stat);
428int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat); 428int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat);
429int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
430 char *cipher_name,
431 char *chaining_modifier);
429int ecryptfs_write_inode_size_to_header(struct file *lower_file, 432int ecryptfs_write_inode_size_to_header(struct file *lower_file,
430 struct inode *lower_inode, 433 struct inode *lower_inode,
431 struct inode *inode); 434 struct inode *inode);
@@ -474,7 +477,7 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
474 unsigned char *src, struct dentry *ecryptfs_dentry); 477 unsigned char *src, struct dentry *ecryptfs_dentry);
475int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); 478int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
476int 479int
477ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, 480ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name,
478 size_t *key_size); 481 size_t *key_size);
479int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); 482int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
480int ecryptfs_inode_set(struct inode *inode, void *lower_inode); 483int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index bc706d33559a..c3746f56d162 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -458,14 +458,16 @@ out:
458static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, 458static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
459 struct ecryptfs_crypt_stat *crypt_stat) 459 struct ecryptfs_crypt_stat *crypt_stat)
460{ 460{
461 int rc = 0;
462 struct ecryptfs_password *password_s_ptr; 461 struct ecryptfs_password *password_s_ptr;
463 struct crypto_tfm *tfm = NULL;
464 struct scatterlist src_sg[2], dst_sg[2]; 462 struct scatterlist src_sg[2], dst_sg[2];
465 struct mutex *tfm_mutex = NULL; 463 struct mutex *tfm_mutex = NULL;
466 /* TODO: Use virt_to_scatterlist for these */ 464 /* TODO: Use virt_to_scatterlist for these */
467 char *encrypted_session_key; 465 char *encrypted_session_key;
468 char *session_key; 466 char *session_key;
467 struct blkcipher_desc desc = {
468 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
469 };
470 int rc = 0;
469 471
470 password_s_ptr = &auth_tok->token.password; 472 password_s_ptr = &auth_tok->token.password;
471 if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, 473 if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags,
@@ -482,22 +484,32 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
482 if (!strcmp(crypt_stat->cipher, 484 if (!strcmp(crypt_stat->cipher,
483 crypt_stat->mount_crypt_stat->global_default_cipher_name) 485 crypt_stat->mount_crypt_stat->global_default_cipher_name)
484 && crypt_stat->mount_crypt_stat->global_key_tfm) { 486 && crypt_stat->mount_crypt_stat->global_key_tfm) {
485 tfm = crypt_stat->mount_crypt_stat->global_key_tfm; 487 desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm;
486 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; 488 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex;
487 } else { 489 } else {
488 tfm = crypto_alloc_tfm(crypt_stat->cipher, 490 char *full_alg_name;
489 CRYPTO_TFM_REQ_WEAK_KEY); 491
490 if (!tfm) { 492 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
491 printk(KERN_ERR "Error allocating crypto context\n"); 493 crypt_stat->cipher,
492 rc = -ENOMEM; 494 "ecb");
495 if (rc)
496 goto out;
497 desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0,
498 CRYPTO_ALG_ASYNC);
499 kfree(full_alg_name);
500 if (IS_ERR(desc.tfm)) {
501 rc = PTR_ERR(desc.tfm);
502 printk(KERN_ERR "Error allocating crypto context; "
503 "rc = [%d]\n", rc);
493 goto out; 504 goto out;
494 } 505 }
506 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY);
495 } 507 }
496 if (tfm_mutex) 508 if (tfm_mutex)
497 mutex_lock(tfm_mutex); 509 mutex_lock(tfm_mutex);
498 rc = crypto_cipher_setkey(tfm, 510 rc = crypto_blkcipher_setkey(desc.tfm,
499 password_s_ptr->session_key_encryption_key, 511 password_s_ptr->session_key_encryption_key,
500 crypt_stat->key_size); 512 crypt_stat->key_size);
501 if (rc < 0) { 513 if (rc < 0) {
502 printk(KERN_ERR "Error setting key for crypto context\n"); 514 printk(KERN_ERR "Error setting key for crypto context\n");
503 rc = -EINVAL; 515 rc = -EINVAL;
@@ -528,9 +540,12 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
528 auth_tok->session_key.decrypted_key_size = 540 auth_tok->session_key.decrypted_key_size =
529 auth_tok->session_key.encrypted_key_size; 541 auth_tok->session_key.encrypted_key_size;
530 dst_sg[0].length = auth_tok->session_key.encrypted_key_size; 542 dst_sg[0].length = auth_tok->session_key.encrypted_key_size;
531 /* TODO: Handle error condition */ 543 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
532 crypto_cipher_decrypt(tfm, dst_sg, src_sg, 544 auth_tok->session_key.encrypted_key_size);
533 auth_tok->session_key.encrypted_key_size); 545 if (rc) {
546 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
547 goto out_free_memory;
548 }
534 auth_tok->session_key.decrypted_key_size = 549 auth_tok->session_key.decrypted_key_size =
535 auth_tok->session_key.encrypted_key_size; 550 auth_tok->session_key.encrypted_key_size;
536 memcpy(auth_tok->session_key.decrypted_key, session_key, 551 memcpy(auth_tok->session_key.decrypted_key, session_key,
@@ -543,6 +558,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
543 if (ecryptfs_verbosity > 0) 558 if (ecryptfs_verbosity > 0)
544 ecryptfs_dump_hex(crypt_stat->key, 559 ecryptfs_dump_hex(crypt_stat->key,
545 crypt_stat->key_size); 560 crypt_stat->key_size);
561out_free_memory:
546 memset(encrypted_session_key, 0, PAGE_CACHE_SIZE); 562 memset(encrypted_session_key, 0, PAGE_CACHE_SIZE);
547 free_page((unsigned long)encrypted_session_key); 563 free_page((unsigned long)encrypted_session_key);
548 memset(session_key, 0, PAGE_CACHE_SIZE); 564 memset(session_key, 0, PAGE_CACHE_SIZE);
@@ -551,7 +567,7 @@ out_free_tfm:
551 if (tfm_mutex) 567 if (tfm_mutex)
552 mutex_unlock(tfm_mutex); 568 mutex_unlock(tfm_mutex);
553 else 569 else
554 crypto_free_tfm(tfm); 570 crypto_free_blkcipher(desc.tfm);
555out: 571out:
556 return rc; 572 return rc;
557} 573}
@@ -800,19 +816,21 @@ write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok,
800 struct ecryptfs_crypt_stat *crypt_stat, 816 struct ecryptfs_crypt_stat *crypt_stat,
801 struct ecryptfs_key_record *key_rec, size_t *packet_size) 817 struct ecryptfs_key_record *key_rec, size_t *packet_size)
802{ 818{
803 int rc = 0;
804
805 size_t i; 819 size_t i;
806 size_t signature_is_valid = 0; 820 size_t signature_is_valid = 0;
807 size_t encrypted_session_key_valid = 0; 821 size_t encrypted_session_key_valid = 0;
808 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; 822 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
809 struct scatterlist dest_sg[2]; 823 struct scatterlist dest_sg[2];
810 struct scatterlist src_sg[2]; 824 struct scatterlist src_sg[2];
811 struct crypto_tfm *tfm = NULL;
812 struct mutex *tfm_mutex = NULL; 825 struct mutex *tfm_mutex = NULL;
813 size_t key_rec_size; 826 size_t key_rec_size;
814 size_t packet_size_length; 827 size_t packet_size_length;
815 size_t cipher_code; 828 size_t cipher_code;
829 struct blkcipher_desc desc = {
830 .tfm = NULL,
831 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
832 };
833 int rc = 0;
816 834
817 (*packet_size) = 0; 835 (*packet_size) = 0;
818 /* Check for a valid signature on the auth_tok */ 836 /* Check for a valid signature on the auth_tok */
@@ -879,33 +897,48 @@ write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok,
879 if (!strcmp(crypt_stat->cipher, 897 if (!strcmp(crypt_stat->cipher,
880 crypt_stat->mount_crypt_stat->global_default_cipher_name) 898 crypt_stat->mount_crypt_stat->global_default_cipher_name)
881 && crypt_stat->mount_crypt_stat->global_key_tfm) { 899 && crypt_stat->mount_crypt_stat->global_key_tfm) {
882 tfm = crypt_stat->mount_crypt_stat->global_key_tfm; 900 desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm;
883 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; 901 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex;
884 } else 902 } else {
885 tfm = crypto_alloc_tfm(crypt_stat->cipher, 0); 903 char *full_alg_name;
886 if (!tfm) { 904
887 ecryptfs_printk(KERN_ERR, "Could not initialize crypto " 905 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
888 "context for cipher [%s]\n", 906 crypt_stat->cipher,
889 crypt_stat->cipher); 907 "ecb");
890 rc = -EINVAL; 908 if (rc)
891 goto out; 909 goto out;
910 desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0,
911 CRYPTO_ALG_ASYNC);
912 kfree(full_alg_name);
913 if (IS_ERR(desc.tfm)) {
914 rc = PTR_ERR(desc.tfm);
915 ecryptfs_printk(KERN_ERR, "Could not initialize crypto "
916 "context for cipher [%s]; rc = [%d]\n",
917 crypt_stat->cipher, rc);
918 goto out;
919 }
920 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY);
892 } 921 }
893 if (tfm_mutex) 922 if (tfm_mutex)
894 mutex_lock(tfm_mutex); 923 mutex_lock(tfm_mutex);
895 rc = crypto_cipher_setkey(tfm, session_key_encryption_key, 924 rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
896 crypt_stat->key_size); 925 crypt_stat->key_size);
897 if (rc < 0) { 926 if (rc < 0) {
898 if (tfm_mutex) 927 if (tfm_mutex)
899 mutex_unlock(tfm_mutex); 928 mutex_unlock(tfm_mutex);
900 ecryptfs_printk(KERN_ERR, "Error setting key for crypto " 929 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
901 "context\n"); 930 "context; rc = [%d]\n", rc);
902 goto out; 931 goto out;
903 } 932 }
904 rc = 0; 933 rc = 0;
905 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", 934 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
906 crypt_stat->key_size); 935 crypt_stat->key_size);
907 crypto_cipher_encrypt(tfm, dest_sg, src_sg, 936 rc = crypto_blkcipher_encrypt(&desc, dest_sg, src_sg,
908 (*key_rec).enc_key_size); 937 (*key_rec).enc_key_size);
938 if (rc) {
939 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
940 goto out;
941 }
909 if (tfm_mutex) 942 if (tfm_mutex)
910 mutex_unlock(tfm_mutex); 943 mutex_unlock(tfm_mutex);
911 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); 944 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
@@ -968,8 +1001,8 @@ encrypted_session_key_set:
968 (*key_rec).enc_key_size); 1001 (*key_rec).enc_key_size);
969 (*packet_size) += (*key_rec).enc_key_size; 1002 (*packet_size) += (*key_rec).enc_key_size;
970out: 1003out:
971 if (tfm && !tfm_mutex) 1004 if (desc.tfm && !tfm_mutex)
972 crypto_free_tfm(tfm); 1005 crypto_free_blkcipher(desc.tfm);
973 if (rc) 1006 if (rc)
974 (*packet_size) = 0; 1007 (*packet_size) = 0;
975 return rc; 1008 return rc;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index a65f4865182c..a78d87d14baf 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -315,6 +315,8 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
315 "with key size [%Zd] bytes; rc = [%d]\n", 315 "with key size [%Zd] bytes; rc = [%d]\n",
316 mount_crypt_stat->global_default_cipher_name, 316 mount_crypt_stat->global_default_cipher_name,
317 mount_crypt_stat->global_default_cipher_key_size, rc); 317 mount_crypt_stat->global_default_cipher_key_size, rc);
318 mount_crypt_stat->global_key_tfm = NULL;
319 mount_crypt_stat->global_auth_tok_key = NULL;
318 rc = -EINVAL; 320 rc = -EINVAL;
319 goto out; 321 goto out;
320 } 322 }