diff options
Diffstat (limited to 'fs/ecryptfs/crypto.c')
| -rw-r--r-- | fs/ecryptfs/crypto.c | 122 |
1 files changed, 70 insertions, 52 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 2a834255c75d..ea9931281557 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
| @@ -417,17 +417,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, | |||
| 417 | (unsigned long long)(extent_base + extent_offset), rc); | 417 | (unsigned long long)(extent_base + extent_offset), rc); |
| 418 | goto out; | 418 | goto out; |
| 419 | } | 419 | } |
| 420 | if (unlikely(ecryptfs_verbosity > 0)) { | ||
| 421 | ecryptfs_printk(KERN_DEBUG, "Encrypting extent " | ||
| 422 | "with iv:\n"); | ||
| 423 | ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); | ||
| 424 | ecryptfs_printk(KERN_DEBUG, "First 8 bytes before " | ||
| 425 | "encryption:\n"); | ||
| 426 | ecryptfs_dump_hex((char *) | ||
| 427 | (page_address(page) | ||
| 428 | + (extent_offset * crypt_stat->extent_size)), | ||
| 429 | 8); | ||
| 430 | } | ||
| 431 | rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0, | 420 | rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0, |
| 432 | page, (extent_offset | 421 | page, (extent_offset |
| 433 | * crypt_stat->extent_size), | 422 | * crypt_stat->extent_size), |
| @@ -440,14 +429,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, | |||
| 440 | goto out; | 429 | goto out; |
| 441 | } | 430 | } |
| 442 | rc = 0; | 431 | rc = 0; |
| 443 | if (unlikely(ecryptfs_verbosity > 0)) { | ||
| 444 | ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; " | ||
| 445 | "rc = [%d]\n", | ||
| 446 | (unsigned long long)(extent_base + extent_offset), rc); | ||
| 447 | ecryptfs_printk(KERN_DEBUG, "First 8 bytes after " | ||
| 448 | "encryption:\n"); | ||
| 449 | ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8); | ||
| 450 | } | ||
| 451 | out: | 432 | out: |
| 452 | return rc; | 433 | return rc; |
| 453 | } | 434 | } |
| @@ -543,17 +524,6 @@ static int ecryptfs_decrypt_extent(struct page *page, | |||
| 543 | (unsigned long long)(extent_base + extent_offset), rc); | 524 | (unsigned long long)(extent_base + extent_offset), rc); |
| 544 | goto out; | 525 | goto out; |
| 545 | } | 526 | } |
| 546 | if (unlikely(ecryptfs_verbosity > 0)) { | ||
| 547 | ecryptfs_printk(KERN_DEBUG, "Decrypting extent " | ||
| 548 | "with iv:\n"); | ||
| 549 | ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); | ||
| 550 | ecryptfs_printk(KERN_DEBUG, "First 8 bytes before " | ||
| 551 | "decryption:\n"); | ||
| 552 | ecryptfs_dump_hex((char *) | ||
| 553 | (page_address(enc_extent_page) | ||
| 554 | + (extent_offset * crypt_stat->extent_size)), | ||
| 555 | 8); | ||
| 556 | } | ||
| 557 | rc = ecryptfs_decrypt_page_offset(crypt_stat, page, | 527 | rc = ecryptfs_decrypt_page_offset(crypt_stat, page, |
| 558 | (extent_offset | 528 | (extent_offset |
| 559 | * crypt_stat->extent_size), | 529 | * crypt_stat->extent_size), |
| @@ -567,16 +537,6 @@ static int ecryptfs_decrypt_extent(struct page *page, | |||
| 567 | goto out; | 537 | goto out; |
| 568 | } | 538 | } |
| 569 | rc = 0; | 539 | rc = 0; |
| 570 | if (unlikely(ecryptfs_verbosity > 0)) { | ||
| 571 | ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; " | ||
| 572 | "rc = [%d]\n", | ||
| 573 | (unsigned long long)(extent_base + extent_offset), rc); | ||
| 574 | ecryptfs_printk(KERN_DEBUG, "First 8 bytes after " | ||
| 575 | "decryption:\n"); | ||
| 576 | ecryptfs_dump_hex((char *)(page_address(page) | ||
| 577 | + (extent_offset | ||
| 578 | * crypt_stat->extent_size)), 8); | ||
| 579 | } | ||
| 580 | out: | 540 | out: |
| 581 | return rc; | 541 | return rc; |
| 582 | } | 542 | } |
| @@ -1590,8 +1550,8 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, | |||
| 1590 | */ | 1550 | */ |
| 1591 | int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) | 1551 | int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) |
| 1592 | { | 1552 | { |
| 1593 | int rc = 0; | 1553 | int rc; |
| 1594 | char *page_virt = NULL; | 1554 | char *page_virt; |
| 1595 | struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode; | 1555 | struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode; |
| 1596 | struct ecryptfs_crypt_stat *crypt_stat = | 1556 | struct ecryptfs_crypt_stat *crypt_stat = |
| 1597 | &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; | 1557 | &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; |
| @@ -1616,11 +1576,13 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) | |||
| 1616 | ecryptfs_dentry, | 1576 | ecryptfs_dentry, |
| 1617 | ECRYPTFS_VALIDATE_HEADER_SIZE); | 1577 | ECRYPTFS_VALIDATE_HEADER_SIZE); |
| 1618 | if (rc) { | 1578 | if (rc) { |
| 1579 | /* metadata is not in the file header, so try xattrs */ | ||
| 1619 | memset(page_virt, 0, PAGE_CACHE_SIZE); | 1580 | memset(page_virt, 0, PAGE_CACHE_SIZE); |
| 1620 | rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode); | 1581 | rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode); |
| 1621 | if (rc) { | 1582 | if (rc) { |
| 1622 | printk(KERN_DEBUG "Valid eCryptfs headers not found in " | 1583 | printk(KERN_DEBUG "Valid eCryptfs headers not found in " |
| 1623 | "file header region or xattr region\n"); | 1584 | "file header region or xattr region, inode %lu\n", |
| 1585 | ecryptfs_inode->i_ino); | ||
| 1624 | rc = -EINVAL; | 1586 | rc = -EINVAL; |
| 1625 | goto out; | 1587 | goto out; |
| 1626 | } | 1588 | } |
| @@ -1629,7 +1591,8 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) | |||
| 1629 | ECRYPTFS_DONT_VALIDATE_HEADER_SIZE); | 1591 | ECRYPTFS_DONT_VALIDATE_HEADER_SIZE); |
| 1630 | if (rc) { | 1592 | if (rc) { |
| 1631 | printk(KERN_DEBUG "Valid eCryptfs headers not found in " | 1593 | printk(KERN_DEBUG "Valid eCryptfs headers not found in " |
| 1632 | "file xattr region either\n"); | 1594 | "file xattr region either, inode %lu\n", |
| 1595 | ecryptfs_inode->i_ino); | ||
| 1633 | rc = -EINVAL; | 1596 | rc = -EINVAL; |
| 1634 | } | 1597 | } |
| 1635 | if (crypt_stat->mount_crypt_stat->flags | 1598 | if (crypt_stat->mount_crypt_stat->flags |
| @@ -1640,7 +1603,8 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) | |||
| 1640 | "crypto metadata only in the extended attribute " | 1603 | "crypto metadata only in the extended attribute " |
| 1641 | "region, but eCryptfs was mounted without " | 1604 | "region, but eCryptfs was mounted without " |
| 1642 | "xattr support enabled. eCryptfs will not treat " | 1605 | "xattr support enabled. eCryptfs will not treat " |
| 1643 | "this like an encrypted file.\n"); | 1606 | "this like an encrypted file, inode %lu\n", |
| 1607 | ecryptfs_inode->i_ino); | ||
| 1644 | rc = -EINVAL; | 1608 | rc = -EINVAL; |
| 1645 | } | 1609 | } |
| 1646 | } | 1610 | } |
| @@ -2026,6 +1990,17 @@ out: | |||
| 2026 | return; | 1990 | return; |
| 2027 | } | 1991 | } |
| 2028 | 1992 | ||
| 1993 | static size_t ecryptfs_max_decoded_size(size_t encoded_size) | ||
| 1994 | { | ||
| 1995 | /* Not exact; conservatively long. Every block of 4 | ||
| 1996 | * encoded characters decodes into a block of 3 | ||
| 1997 | * decoded characters. This segment of code provides | ||
| 1998 | * the caller with the maximum amount of allocated | ||
| 1999 | * space that @dst will need to point to in a | ||
| 2000 | * subsequent call. */ | ||
| 2001 | return ((encoded_size + 1) * 3) / 4; | ||
| 2002 | } | ||
| 2003 | |||
| 2029 | /** | 2004 | /** |
| 2030 | * ecryptfs_decode_from_filename | 2005 | * ecryptfs_decode_from_filename |
| 2031 | * @dst: If NULL, this function only sets @dst_size and returns. If | 2006 | * @dst: If NULL, this function only sets @dst_size and returns. If |
| @@ -2044,13 +2019,7 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, | |||
| 2044 | size_t dst_byte_offset = 0; | 2019 | size_t dst_byte_offset = 0; |
| 2045 | 2020 | ||
| 2046 | if (dst == NULL) { | 2021 | if (dst == NULL) { |
| 2047 | /* Not exact; conservatively long. Every block of 4 | 2022 | (*dst_size) = ecryptfs_max_decoded_size(src_size); |
| 2048 | * encoded characters decodes into a block of 3 | ||
| 2049 | * decoded characters. This segment of code provides | ||
| 2050 | * the caller with the maximum amount of allocated | ||
| 2051 | * space that @dst will need to point to in a | ||
| 2052 | * subsequent call. */ | ||
| 2053 | (*dst_size) = (((src_size + 1) * 3) / 4); | ||
| 2054 | goto out; | 2023 | goto out; |
| 2055 | } | 2024 | } |
| 2056 | while (src_byte_offset < src_size) { | 2025 | while (src_byte_offset < src_size) { |
| @@ -2275,3 +2244,52 @@ out_free: | |||
| 2275 | out: | 2244 | out: |
| 2276 | return rc; | 2245 | return rc; |
| 2277 | } | 2246 | } |
| 2247 | |||
| 2248 | #define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143 | ||
| 2249 | |||
| 2250 | int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, | ||
| 2251 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat) | ||
| 2252 | { | ||
| 2253 | struct blkcipher_desc desc; | ||
| 2254 | struct mutex *tfm_mutex; | ||
| 2255 | size_t cipher_blocksize; | ||
| 2256 | int rc; | ||
| 2257 | |||
| 2258 | if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) { | ||
| 2259 | (*namelen) = lower_namelen; | ||
| 2260 | return 0; | ||
| 2261 | } | ||
| 2262 | |||
| 2263 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, | ||
| 2264 | mount_crypt_stat->global_default_fn_cipher_name); | ||
| 2265 | if (unlikely(rc)) { | ||
| 2266 | (*namelen) = 0; | ||
| 2267 | return rc; | ||
| 2268 | } | ||
| 2269 | |||
| 2270 | mutex_lock(tfm_mutex); | ||
| 2271 | cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); | ||
| 2272 | mutex_unlock(tfm_mutex); | ||
| 2273 | |||
| 2274 | /* Return an exact amount for the common cases */ | ||
| 2275 | if (lower_namelen == NAME_MAX | ||
| 2276 | && (cipher_blocksize == 8 || cipher_blocksize == 16)) { | ||
| 2277 | (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16; | ||
| 2278 | return 0; | ||
| 2279 | } | ||
| 2280 | |||
| 2281 | /* Return a safe estimate for the uncommon cases */ | ||
| 2282 | (*namelen) = lower_namelen; | ||
| 2283 | (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; | ||
| 2284 | /* Since this is the max decoded size, subtract 1 "decoded block" len */ | ||
| 2285 | (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3; | ||
| 2286 | (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE; | ||
| 2287 | (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES; | ||
| 2288 | /* Worst case is that the filename is padded nearly a full block size */ | ||
| 2289 | (*namelen) -= cipher_blocksize - 1; | ||
| 2290 | |||
| 2291 | if ((*namelen) < 0) | ||
| 2292 | (*namelen) = 0; | ||
| 2293 | |||
| 2294 | return 0; | ||
| 2295 | } | ||