diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/crypto.c | 92 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 9 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 101 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 2 |
4 files changed, 146 insertions, 58 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index f14c5a38215e..2a1b6aa1a4a1 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -123,6 +123,28 @@ out: | |||
123 | return rc; | 123 | return rc; |
124 | } | 124 | } |
125 | 125 | ||
126 | int ecryptfs_crypto_api_algify_cipher_name(char **algified_name, | ||
127 | char *cipher_name, | ||
128 | char *chaining_modifier) | ||
129 | { | ||
130 | int cipher_name_len = strlen(cipher_name); | ||
131 | int chaining_modifier_len = strlen(chaining_modifier); | ||
132 | int algified_name_len; | ||
133 | int rc; | ||
134 | |||
135 | algified_name_len = (chaining_modifier_len + cipher_name_len + 3); | ||
136 | (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL); | ||
137 | if (!(algified_name)) { | ||
138 | rc = -ENOMEM; | ||
139 | goto out; | ||
140 | } | ||
141 | snprintf((*algified_name), algified_name_len, "%s(%s)", | ||
142 | chaining_modifier, cipher_name); | ||
143 | rc = 0; | ||
144 | out: | ||
145 | return rc; | ||
146 | } | ||
147 | |||
126 | /** | 148 | /** |
127 | * ecryptfs_derive_iv | 149 | * ecryptfs_derive_iv |
128 | * @iv: destination for the derived iv vale | 150 | * @iv: destination for the derived iv vale |
@@ -197,7 +219,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | |||
197 | void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | 219 | void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) |
198 | { | 220 | { |
199 | if (crypt_stat->tfm) | 221 | if (crypt_stat->tfm) |
200 | crypto_free_tfm(crypt_stat->tfm); | 222 | crypto_free_blkcipher(crypt_stat->tfm); |
201 | if (crypt_stat->hash_tfm) | 223 | if (crypt_stat->hash_tfm) |
202 | crypto_free_hash(crypt_stat->hash_tfm); | 224 | crypto_free_hash(crypt_stat->hash_tfm); |
203 | memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); | 225 | memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); |
@@ -209,7 +231,7 @@ void ecryptfs_destruct_mount_crypt_stat( | |||
209 | if (mount_crypt_stat->global_auth_tok_key) | 231 | if (mount_crypt_stat->global_auth_tok_key) |
210 | key_put(mount_crypt_stat->global_auth_tok_key); | 232 | key_put(mount_crypt_stat->global_auth_tok_key); |
211 | if (mount_crypt_stat->global_key_tfm) | 233 | if (mount_crypt_stat->global_key_tfm) |
212 | crypto_free_tfm(mount_crypt_stat->global_key_tfm); | 234 | crypto_free_blkcipher(mount_crypt_stat->global_key_tfm); |
213 | memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); | 235 | memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); |
214 | } | 236 | } |
215 | 237 | ||
@@ -275,6 +297,11 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
275 | struct scatterlist *src_sg, int size, | 297 | struct scatterlist *src_sg, int size, |
276 | unsigned char *iv) | 298 | unsigned char *iv) |
277 | { | 299 | { |
300 | struct blkcipher_desc desc = { | ||
301 | .tfm = crypt_stat->tfm, | ||
302 | .info = iv, | ||
303 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
304 | }; | ||
278 | int rc = 0; | 305 | int rc = 0; |
279 | 306 | ||
280 | BUG_ON(!crypt_stat || !crypt_stat->tfm | 307 | BUG_ON(!crypt_stat || !crypt_stat->tfm |
@@ -288,8 +315,8 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
288 | } | 315 | } |
289 | /* Consider doing this once, when the file is opened */ | 316 | /* Consider doing this once, when the file is opened */ |
290 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 317 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
291 | rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, | 318 | rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, |
292 | crypt_stat->key_size); | 319 | crypt_stat->key_size); |
293 | if (rc) { | 320 | if (rc) { |
294 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", | 321 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", |
295 | rc); | 322 | rc); |
@@ -298,7 +325,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
298 | goto out; | 325 | goto out; |
299 | } | 326 | } |
300 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); | 327 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); |
301 | crypto_cipher_encrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, iv); | 328 | crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size); |
302 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | 329 | mutex_unlock(&crypt_stat->cs_tfm_mutex); |
303 | out: | 330 | out: |
304 | return rc; | 331 | return rc; |
@@ -681,12 +708,17 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
681 | struct scatterlist *src_sg, int size, | 708 | struct scatterlist *src_sg, int size, |
682 | unsigned char *iv) | 709 | unsigned char *iv) |
683 | { | 710 | { |
711 | struct blkcipher_desc desc = { | ||
712 | .tfm = crypt_stat->tfm, | ||
713 | .info = iv, | ||
714 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
715 | }; | ||
684 | int rc = 0; | 716 | int rc = 0; |
685 | 717 | ||
686 | /* Consider doing this once, when the file is opened */ | 718 | /* Consider doing this once, when the file is opened */ |
687 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 719 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
688 | rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, | 720 | rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, |
689 | crypt_stat->key_size); | 721 | crypt_stat->key_size); |
690 | if (rc) { | 722 | if (rc) { |
691 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", | 723 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", |
692 | rc); | 724 | rc); |
@@ -695,8 +727,7 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
695 | goto out; | 727 | goto out; |
696 | } | 728 | } |
697 | ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); | 729 | ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); |
698 | rc = crypto_cipher_decrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, | 730 | rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size); |
699 | iv); | ||
700 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | 731 | mutex_unlock(&crypt_stat->cs_tfm_mutex); |
701 | if (rc) { | 732 | if (rc) { |
702 | ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n", | 733 | ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n", |
@@ -765,6 +796,7 @@ ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, | |||
765 | */ | 796 | */ |
766 | int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) | 797 | int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) |
767 | { | 798 | { |
799 | char *full_alg_name; | ||
768 | int rc = -EINVAL; | 800 | int rc = -EINVAL; |
769 | 801 | ||
770 | if (!crypt_stat->cipher) { | 802 | if (!crypt_stat->cipher) { |
@@ -781,16 +813,24 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) | |||
781 | goto out; | 813 | goto out; |
782 | } | 814 | } |
783 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 815 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
784 | crypt_stat->tfm = crypto_alloc_tfm(crypt_stat->cipher, | 816 | rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, |
785 | ECRYPTFS_DEFAULT_CHAINING_MODE | 817 | crypt_stat->cipher, "cbc"); |
786 | | CRYPTO_TFM_REQ_WEAK_KEY); | 818 | if (rc) |
787 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | 819 | goto out; |
820 | crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0, | ||
821 | CRYPTO_ALG_ASYNC); | ||
822 | kfree(full_alg_name); | ||
788 | if (!crypt_stat->tfm) { | 823 | if (!crypt_stat->tfm) { |
789 | ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " | 824 | ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " |
790 | "Error initializing cipher [%s]\n", | 825 | "Error initializing cipher [%s]\n", |
791 | crypt_stat->cipher); | 826 | crypt_stat->cipher); |
827 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | ||
792 | goto out; | 828 | goto out; |
793 | } | 829 | } |
830 | crypto_blkcipher_set_flags(crypt_stat->tfm, | ||
831 | (ECRYPTFS_DEFAULT_CHAINING_MODE | ||
832 | | CRYPTO_TFM_REQ_WEAK_KEY)); | ||
833 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | ||
794 | rc = 0; | 834 | rc = 0; |
795 | out: | 835 | out: |
796 | return rc; | 836 | return rc; |
@@ -1588,10 +1628,11 @@ out: | |||
1588 | * event, regardless of whether this function succeeds for fails. | 1628 | * event, regardless of whether this function succeeds for fails. |
1589 | */ | 1629 | */ |
1590 | int | 1630 | int |
1591 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, | 1631 | ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name, |
1592 | size_t *key_size) | 1632 | size_t *key_size) |
1593 | { | 1633 | { |
1594 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; | 1634 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; |
1635 | char *full_alg_name; | ||
1595 | int rc; | 1636 | int rc; |
1596 | 1637 | ||
1597 | *key_tfm = NULL; | 1638 | *key_tfm = NULL; |
@@ -1601,17 +1642,26 @@ ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, | |||
1601 | "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); | 1642 | "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); |
1602 | goto out; | 1643 | goto out; |
1603 | } | 1644 | } |
1604 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); | 1645 | rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name, |
1605 | if (!(*key_tfm)) { | 1646 | "ecb"); |
1606 | rc = -EINVAL; | 1647 | if (rc) |
1648 | goto out; | ||
1649 | *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); | ||
1650 | kfree(full_alg_name); | ||
1651 | if (IS_ERR(*key_tfm)) { | ||
1652 | rc = PTR_ERR(*key_tfm); | ||
1607 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | 1653 | printk(KERN_ERR "Unable to allocate crypto cipher with name " |
1608 | "[%s]\n", cipher_name); | 1654 | "[%s]; rc = [%d]\n", cipher_name, rc); |
1609 | goto out; | 1655 | goto out; |
1610 | } | 1656 | } |
1611 | if (*key_size == 0) | 1657 | crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); |
1612 | *key_size = crypto_tfm_alg_max_keysize(*key_tfm); | 1658 | if (*key_size == 0) { |
1659 | struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); | ||
1660 | |||
1661 | *key_size = alg->max_keysize; | ||
1662 | } | ||
1613 | get_random_bytes(dummy_key, *key_size); | 1663 | get_random_bytes(dummy_key, *key_size); |
1614 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, *key_size); | 1664 | rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); |
1615 | if (rc) { | 1665 | if (rc) { |
1616 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | 1666 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " |
1617 | "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); | 1667 | "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 840aa010e0d3..199fcda50e1b 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -205,7 +205,7 @@ struct ecryptfs_crypt_stat { | |||
205 | size_t extent_shift; | 205 | size_t extent_shift; |
206 | unsigned int extent_mask; | 206 | unsigned int extent_mask; |
207 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | 207 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; |
208 | struct crypto_tfm *tfm; | 208 | struct crypto_blkcipher *tfm; |
209 | struct crypto_hash *hash_tfm; /* Crypto context for generating | 209 | struct crypto_hash *hash_tfm; /* Crypto context for generating |
210 | * the initialization vectors */ | 210 | * the initialization vectors */ |
211 | unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE]; | 211 | unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE]; |
@@ -245,7 +245,7 @@ struct ecryptfs_mount_crypt_stat { | |||
245 | struct ecryptfs_auth_tok *global_auth_tok; | 245 | struct ecryptfs_auth_tok *global_auth_tok; |
246 | struct key *global_auth_tok_key; | 246 | struct key *global_auth_tok_key; |
247 | size_t global_default_cipher_key_size; | 247 | size_t global_default_cipher_key_size; |
248 | struct crypto_tfm *global_key_tfm; | 248 | struct crypto_blkcipher *global_key_tfm; |
249 | struct mutex global_key_tfm_mutex; | 249 | struct mutex global_key_tfm_mutex; |
250 | unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE | 250 | unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE |
251 | + 1]; | 251 | + 1]; |
@@ -426,6 +426,9 @@ void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat); | |||
426 | void ecryptfs_destruct_mount_crypt_stat( | 426 | void ecryptfs_destruct_mount_crypt_stat( |
427 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat); | 427 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat); |
428 | int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat); | 428 | int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat); |
429 | int ecryptfs_crypto_api_algify_cipher_name(char **algified_name, | ||
430 | char *cipher_name, | ||
431 | char *chaining_modifier); | ||
429 | int ecryptfs_write_inode_size_to_header(struct file *lower_file, | 432 | int ecryptfs_write_inode_size_to_header(struct file *lower_file, |
430 | struct inode *lower_inode, | 433 | struct inode *lower_inode, |
431 | struct inode *inode); | 434 | struct inode *inode); |
@@ -474,7 +477,7 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
474 | unsigned char *src, struct dentry *ecryptfs_dentry); | 477 | unsigned char *src, struct dentry *ecryptfs_dentry); |
475 | int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); | 478 | int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); |
476 | int | 479 | int |
477 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, | 480 | ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name, |
478 | size_t *key_size); | 481 | size_t *key_size); |
479 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); | 482 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); |
480 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); | 483 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index bc706d33559a..c3746f56d162 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -458,14 +458,16 @@ out: | |||
458 | static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | 458 | static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, |
459 | struct ecryptfs_crypt_stat *crypt_stat) | 459 | struct ecryptfs_crypt_stat *crypt_stat) |
460 | { | 460 | { |
461 | int rc = 0; | ||
462 | struct ecryptfs_password *password_s_ptr; | 461 | struct ecryptfs_password *password_s_ptr; |
463 | struct crypto_tfm *tfm = NULL; | ||
464 | struct scatterlist src_sg[2], dst_sg[2]; | 462 | struct scatterlist src_sg[2], dst_sg[2]; |
465 | struct mutex *tfm_mutex = NULL; | 463 | struct mutex *tfm_mutex = NULL; |
466 | /* TODO: Use virt_to_scatterlist for these */ | 464 | /* TODO: Use virt_to_scatterlist for these */ |
467 | char *encrypted_session_key; | 465 | char *encrypted_session_key; |
468 | char *session_key; | 466 | char *session_key; |
467 | struct blkcipher_desc desc = { | ||
468 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
469 | }; | ||
470 | int rc = 0; | ||
469 | 471 | ||
470 | password_s_ptr = &auth_tok->token.password; | 472 | password_s_ptr = &auth_tok->token.password; |
471 | if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, | 473 | if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, |
@@ -482,22 +484,32 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
482 | if (!strcmp(crypt_stat->cipher, | 484 | if (!strcmp(crypt_stat->cipher, |
483 | crypt_stat->mount_crypt_stat->global_default_cipher_name) | 485 | crypt_stat->mount_crypt_stat->global_default_cipher_name) |
484 | && crypt_stat->mount_crypt_stat->global_key_tfm) { | 486 | && crypt_stat->mount_crypt_stat->global_key_tfm) { |
485 | tfm = crypt_stat->mount_crypt_stat->global_key_tfm; | 487 | desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm; |
486 | tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; | 488 | tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; |
487 | } else { | 489 | } else { |
488 | tfm = crypto_alloc_tfm(crypt_stat->cipher, | 490 | char *full_alg_name; |
489 | CRYPTO_TFM_REQ_WEAK_KEY); | 491 | |
490 | if (!tfm) { | 492 | rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, |
491 | printk(KERN_ERR "Error allocating crypto context\n"); | 493 | crypt_stat->cipher, |
492 | rc = -ENOMEM; | 494 | "ecb"); |
495 | if (rc) | ||
496 | goto out; | ||
497 | desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0, | ||
498 | CRYPTO_ALG_ASYNC); | ||
499 | kfree(full_alg_name); | ||
500 | if (IS_ERR(desc.tfm)) { | ||
501 | rc = PTR_ERR(desc.tfm); | ||
502 | printk(KERN_ERR "Error allocating crypto context; " | ||
503 | "rc = [%d]\n", rc); | ||
493 | goto out; | 504 | goto out; |
494 | } | 505 | } |
506 | crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY); | ||
495 | } | 507 | } |
496 | if (tfm_mutex) | 508 | if (tfm_mutex) |
497 | mutex_lock(tfm_mutex); | 509 | mutex_lock(tfm_mutex); |
498 | rc = crypto_cipher_setkey(tfm, | 510 | rc = crypto_blkcipher_setkey(desc.tfm, |
499 | password_s_ptr->session_key_encryption_key, | 511 | password_s_ptr->session_key_encryption_key, |
500 | crypt_stat->key_size); | 512 | crypt_stat->key_size); |
501 | if (rc < 0) { | 513 | if (rc < 0) { |
502 | printk(KERN_ERR "Error setting key for crypto context\n"); | 514 | printk(KERN_ERR "Error setting key for crypto context\n"); |
503 | rc = -EINVAL; | 515 | rc = -EINVAL; |
@@ -528,9 +540,12 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
528 | auth_tok->session_key.decrypted_key_size = | 540 | auth_tok->session_key.decrypted_key_size = |
529 | auth_tok->session_key.encrypted_key_size; | 541 | auth_tok->session_key.encrypted_key_size; |
530 | dst_sg[0].length = auth_tok->session_key.encrypted_key_size; | 542 | dst_sg[0].length = auth_tok->session_key.encrypted_key_size; |
531 | /* TODO: Handle error condition */ | 543 | rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, |
532 | crypto_cipher_decrypt(tfm, dst_sg, src_sg, | 544 | auth_tok->session_key.encrypted_key_size); |
533 | auth_tok->session_key.encrypted_key_size); | 545 | if (rc) { |
546 | printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); | ||
547 | goto out_free_memory; | ||
548 | } | ||
534 | auth_tok->session_key.decrypted_key_size = | 549 | auth_tok->session_key.decrypted_key_size = |
535 | auth_tok->session_key.encrypted_key_size; | 550 | auth_tok->session_key.encrypted_key_size; |
536 | memcpy(auth_tok->session_key.decrypted_key, session_key, | 551 | memcpy(auth_tok->session_key.decrypted_key, session_key, |
@@ -543,6 +558,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
543 | if (ecryptfs_verbosity > 0) | 558 | if (ecryptfs_verbosity > 0) |
544 | ecryptfs_dump_hex(crypt_stat->key, | 559 | ecryptfs_dump_hex(crypt_stat->key, |
545 | crypt_stat->key_size); | 560 | crypt_stat->key_size); |
561 | out_free_memory: | ||
546 | memset(encrypted_session_key, 0, PAGE_CACHE_SIZE); | 562 | memset(encrypted_session_key, 0, PAGE_CACHE_SIZE); |
547 | free_page((unsigned long)encrypted_session_key); | 563 | free_page((unsigned long)encrypted_session_key); |
548 | memset(session_key, 0, PAGE_CACHE_SIZE); | 564 | memset(session_key, 0, PAGE_CACHE_SIZE); |
@@ -551,7 +567,7 @@ out_free_tfm: | |||
551 | if (tfm_mutex) | 567 | if (tfm_mutex) |
552 | mutex_unlock(tfm_mutex); | 568 | mutex_unlock(tfm_mutex); |
553 | else | 569 | else |
554 | crypto_free_tfm(tfm); | 570 | crypto_free_blkcipher(desc.tfm); |
555 | out: | 571 | out: |
556 | return rc; | 572 | return rc; |
557 | } | 573 | } |
@@ -800,19 +816,21 @@ write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok, | |||
800 | struct ecryptfs_crypt_stat *crypt_stat, | 816 | struct ecryptfs_crypt_stat *crypt_stat, |
801 | struct ecryptfs_key_record *key_rec, size_t *packet_size) | 817 | struct ecryptfs_key_record *key_rec, size_t *packet_size) |
802 | { | 818 | { |
803 | int rc = 0; | ||
804 | |||
805 | size_t i; | 819 | size_t i; |
806 | size_t signature_is_valid = 0; | 820 | size_t signature_is_valid = 0; |
807 | size_t encrypted_session_key_valid = 0; | 821 | size_t encrypted_session_key_valid = 0; |
808 | char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; | 822 | char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; |
809 | struct scatterlist dest_sg[2]; | 823 | struct scatterlist dest_sg[2]; |
810 | struct scatterlist src_sg[2]; | 824 | struct scatterlist src_sg[2]; |
811 | struct crypto_tfm *tfm = NULL; | ||
812 | struct mutex *tfm_mutex = NULL; | 825 | struct mutex *tfm_mutex = NULL; |
813 | size_t key_rec_size; | 826 | size_t key_rec_size; |
814 | size_t packet_size_length; | 827 | size_t packet_size_length; |
815 | size_t cipher_code; | 828 | size_t cipher_code; |
829 | struct blkcipher_desc desc = { | ||
830 | .tfm = NULL, | ||
831 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
832 | }; | ||
833 | int rc = 0; | ||
816 | 834 | ||
817 | (*packet_size) = 0; | 835 | (*packet_size) = 0; |
818 | /* Check for a valid signature on the auth_tok */ | 836 | /* Check for a valid signature on the auth_tok */ |
@@ -879,33 +897,48 @@ write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok, | |||
879 | if (!strcmp(crypt_stat->cipher, | 897 | if (!strcmp(crypt_stat->cipher, |
880 | crypt_stat->mount_crypt_stat->global_default_cipher_name) | 898 | crypt_stat->mount_crypt_stat->global_default_cipher_name) |
881 | && crypt_stat->mount_crypt_stat->global_key_tfm) { | 899 | && crypt_stat->mount_crypt_stat->global_key_tfm) { |
882 | tfm = crypt_stat->mount_crypt_stat->global_key_tfm; | 900 | desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm; |
883 | tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; | 901 | tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; |
884 | } else | 902 | } else { |
885 | tfm = crypto_alloc_tfm(crypt_stat->cipher, 0); | 903 | char *full_alg_name; |
886 | if (!tfm) { | 904 | |
887 | ecryptfs_printk(KERN_ERR, "Could not initialize crypto " | 905 | rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, |
888 | "context for cipher [%s]\n", | 906 | crypt_stat->cipher, |
889 | crypt_stat->cipher); | 907 | "ecb"); |
890 | rc = -EINVAL; | 908 | if (rc) |
891 | goto out; | 909 | goto out; |
910 | desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0, | ||
911 | CRYPTO_ALG_ASYNC); | ||
912 | kfree(full_alg_name); | ||
913 | if (IS_ERR(desc.tfm)) { | ||
914 | rc = PTR_ERR(desc.tfm); | ||
915 | ecryptfs_printk(KERN_ERR, "Could not initialize crypto " | ||
916 | "context for cipher [%s]; rc = [%d]\n", | ||
917 | crypt_stat->cipher, rc); | ||
918 | goto out; | ||
919 | } | ||
920 | crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY); | ||
892 | } | 921 | } |
893 | if (tfm_mutex) | 922 | if (tfm_mutex) |
894 | mutex_lock(tfm_mutex); | 923 | mutex_lock(tfm_mutex); |
895 | rc = crypto_cipher_setkey(tfm, session_key_encryption_key, | 924 | rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, |
896 | crypt_stat->key_size); | 925 | crypt_stat->key_size); |
897 | if (rc < 0) { | 926 | if (rc < 0) { |
898 | if (tfm_mutex) | 927 | if (tfm_mutex) |
899 | mutex_unlock(tfm_mutex); | 928 | mutex_unlock(tfm_mutex); |
900 | ecryptfs_printk(KERN_ERR, "Error setting key for crypto " | 929 | ecryptfs_printk(KERN_ERR, "Error setting key for crypto " |
901 | "context\n"); | 930 | "context; rc = [%d]\n", rc); |
902 | goto out; | 931 | goto out; |
903 | } | 932 | } |
904 | rc = 0; | 933 | rc = 0; |
905 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", | 934 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", |
906 | crypt_stat->key_size); | 935 | crypt_stat->key_size); |
907 | crypto_cipher_encrypt(tfm, dest_sg, src_sg, | 936 | rc = crypto_blkcipher_encrypt(&desc, dest_sg, src_sg, |
908 | (*key_rec).enc_key_size); | 937 | (*key_rec).enc_key_size); |
938 | if (rc) { | ||
939 | printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); | ||
940 | goto out; | ||
941 | } | ||
909 | if (tfm_mutex) | 942 | if (tfm_mutex) |
910 | mutex_unlock(tfm_mutex); | 943 | mutex_unlock(tfm_mutex); |
911 | ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); | 944 | ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); |
@@ -968,8 +1001,8 @@ encrypted_session_key_set: | |||
968 | (*key_rec).enc_key_size); | 1001 | (*key_rec).enc_key_size); |
969 | (*packet_size) += (*key_rec).enc_key_size; | 1002 | (*packet_size) += (*key_rec).enc_key_size; |
970 | out: | 1003 | out: |
971 | if (tfm && !tfm_mutex) | 1004 | if (desc.tfm && !tfm_mutex) |
972 | crypto_free_tfm(tfm); | 1005 | crypto_free_blkcipher(desc.tfm); |
973 | if (rc) | 1006 | if (rc) |
974 | (*packet_size) = 0; | 1007 | (*packet_size) = 0; |
975 | return rc; | 1008 | return rc; |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index a65f4865182c..a78d87d14baf 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -315,6 +315,8 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
315 | "with key size [%Zd] bytes; rc = [%d]\n", | 315 | "with key size [%Zd] bytes; rc = [%d]\n", |
316 | mount_crypt_stat->global_default_cipher_name, | 316 | mount_crypt_stat->global_default_cipher_name, |
317 | mount_crypt_stat->global_default_cipher_key_size, rc); | 317 | mount_crypt_stat->global_default_cipher_key_size, rc); |
318 | mount_crypt_stat->global_key_tfm = NULL; | ||
319 | mount_crypt_stat->global_auth_tok_key = NULL; | ||
318 | rc = -EINVAL; | 320 | rc = -EINVAL; |
319 | goto out; | 321 | goto out; |
320 | } | 322 | } |