1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /**
3*4882a593Smuzhiyun * eCryptfs: Linux filesystem encryption layer
4*4882a593Smuzhiyun * In-kernel key management code. Includes functions to parse and
5*4882a593Smuzhiyun * write authentication token-related packets with the underlying
6*4882a593Smuzhiyun * file.
7*4882a593Smuzhiyun *
8*4882a593Smuzhiyun * Copyright (C) 2004-2006 International Business Machines Corp.
9*4882a593Smuzhiyun * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
10*4882a593Smuzhiyun * Michael C. Thompson <mcthomps@us.ibm.com>
11*4882a593Smuzhiyun * Trevor S. Highland <trevor.highland@gmail.com>
12*4882a593Smuzhiyun */
13*4882a593Smuzhiyun
14*4882a593Smuzhiyun #include <crypto/hash.h>
15*4882a593Smuzhiyun #include <crypto/skcipher.h>
16*4882a593Smuzhiyun #include <linux/string.h>
17*4882a593Smuzhiyun #include <linux/pagemap.h>
18*4882a593Smuzhiyun #include <linux/key.h>
19*4882a593Smuzhiyun #include <linux/random.h>
20*4882a593Smuzhiyun #include <linux/scatterlist.h>
21*4882a593Smuzhiyun #include <linux/slab.h>
22*4882a593Smuzhiyun #include "ecryptfs_kernel.h"
23*4882a593Smuzhiyun
24*4882a593Smuzhiyun /**
25*4882a593Smuzhiyun * request_key returned an error instead of a valid key address;
26*4882a593Smuzhiyun * determine the type of error, make appropriate log entries, and
27*4882a593Smuzhiyun * return an error code.
28*4882a593Smuzhiyun */
process_request_key_err(long err_code)29*4882a593Smuzhiyun static int process_request_key_err(long err_code)
30*4882a593Smuzhiyun {
31*4882a593Smuzhiyun int rc = 0;
32*4882a593Smuzhiyun
33*4882a593Smuzhiyun switch (err_code) {
34*4882a593Smuzhiyun case -ENOKEY:
35*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "No key\n");
36*4882a593Smuzhiyun rc = -ENOENT;
37*4882a593Smuzhiyun break;
38*4882a593Smuzhiyun case -EKEYEXPIRED:
39*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Key expired\n");
40*4882a593Smuzhiyun rc = -ETIME;
41*4882a593Smuzhiyun break;
42*4882a593Smuzhiyun case -EKEYREVOKED:
43*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Key revoked\n");
44*4882a593Smuzhiyun rc = -EINVAL;
45*4882a593Smuzhiyun break;
46*4882a593Smuzhiyun default:
47*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Unknown error code: "
48*4882a593Smuzhiyun "[0x%.16lx]\n", err_code);
49*4882a593Smuzhiyun rc = -EINVAL;
50*4882a593Smuzhiyun }
51*4882a593Smuzhiyun return rc;
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun
process_find_global_auth_tok_for_sig_err(int err_code)54*4882a593Smuzhiyun static int process_find_global_auth_tok_for_sig_err(int err_code)
55*4882a593Smuzhiyun {
56*4882a593Smuzhiyun int rc = err_code;
57*4882a593Smuzhiyun
58*4882a593Smuzhiyun switch (err_code) {
59*4882a593Smuzhiyun case -ENOENT:
60*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
61*4882a593Smuzhiyun break;
62*4882a593Smuzhiyun case -EINVAL:
63*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
64*4882a593Smuzhiyun break;
65*4882a593Smuzhiyun default:
66*4882a593Smuzhiyun rc = process_request_key_err(err_code);
67*4882a593Smuzhiyun break;
68*4882a593Smuzhiyun }
69*4882a593Smuzhiyun return rc;
70*4882a593Smuzhiyun }
71*4882a593Smuzhiyun
72*4882a593Smuzhiyun /**
73*4882a593Smuzhiyun * ecryptfs_parse_packet_length
74*4882a593Smuzhiyun * @data: Pointer to memory containing length at offset
75*4882a593Smuzhiyun * @size: This function writes the decoded size to this memory
76*4882a593Smuzhiyun * address; zero on error
77*4882a593Smuzhiyun * @length_size: The number of bytes occupied by the encoded length
78*4882a593Smuzhiyun *
79*4882a593Smuzhiyun * Returns zero on success; non-zero on error
80*4882a593Smuzhiyun */
ecryptfs_parse_packet_length(unsigned char * data,size_t * size,size_t * length_size)81*4882a593Smuzhiyun int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
82*4882a593Smuzhiyun size_t *length_size)
83*4882a593Smuzhiyun {
84*4882a593Smuzhiyun int rc = 0;
85*4882a593Smuzhiyun
86*4882a593Smuzhiyun (*length_size) = 0;
87*4882a593Smuzhiyun (*size) = 0;
88*4882a593Smuzhiyun if (data[0] < 192) {
89*4882a593Smuzhiyun /* One-byte length */
90*4882a593Smuzhiyun (*size) = data[0];
91*4882a593Smuzhiyun (*length_size) = 1;
92*4882a593Smuzhiyun } else if (data[0] < 224) {
93*4882a593Smuzhiyun /* Two-byte length */
94*4882a593Smuzhiyun (*size) = (data[0] - 192) * 256;
95*4882a593Smuzhiyun (*size) += data[1] + 192;
96*4882a593Smuzhiyun (*length_size) = 2;
97*4882a593Smuzhiyun } else if (data[0] == 255) {
98*4882a593Smuzhiyun /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
99*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
100*4882a593Smuzhiyun "supported\n");
101*4882a593Smuzhiyun rc = -EINVAL;
102*4882a593Smuzhiyun goto out;
103*4882a593Smuzhiyun } else {
104*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
105*4882a593Smuzhiyun rc = -EINVAL;
106*4882a593Smuzhiyun goto out;
107*4882a593Smuzhiyun }
108*4882a593Smuzhiyun out:
109*4882a593Smuzhiyun return rc;
110*4882a593Smuzhiyun }
111*4882a593Smuzhiyun
112*4882a593Smuzhiyun /**
113*4882a593Smuzhiyun * ecryptfs_write_packet_length
114*4882a593Smuzhiyun * @dest: The byte array target into which to write the length. Must
115*4882a593Smuzhiyun * have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated.
116*4882a593Smuzhiyun * @size: The length to write.
117*4882a593Smuzhiyun * @packet_size_length: The number of bytes used to encode the packet
118*4882a593Smuzhiyun * length is written to this address.
119*4882a593Smuzhiyun *
120*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
121*4882a593Smuzhiyun */
ecryptfs_write_packet_length(char * dest,size_t size,size_t * packet_size_length)122*4882a593Smuzhiyun int ecryptfs_write_packet_length(char *dest, size_t size,
123*4882a593Smuzhiyun size_t *packet_size_length)
124*4882a593Smuzhiyun {
125*4882a593Smuzhiyun int rc = 0;
126*4882a593Smuzhiyun
127*4882a593Smuzhiyun if (size < 192) {
128*4882a593Smuzhiyun dest[0] = size;
129*4882a593Smuzhiyun (*packet_size_length) = 1;
130*4882a593Smuzhiyun } else if (size < 65536) {
131*4882a593Smuzhiyun dest[0] = (((size - 192) / 256) + 192);
132*4882a593Smuzhiyun dest[1] = ((size - 192) % 256);
133*4882a593Smuzhiyun (*packet_size_length) = 2;
134*4882a593Smuzhiyun } else {
135*4882a593Smuzhiyun /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
136*4882a593Smuzhiyun rc = -EINVAL;
137*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING,
138*4882a593Smuzhiyun "Unsupported packet size: [%zd]\n", size);
139*4882a593Smuzhiyun }
140*4882a593Smuzhiyun return rc;
141*4882a593Smuzhiyun }
142*4882a593Smuzhiyun
143*4882a593Smuzhiyun static int
write_tag_64_packet(char * signature,struct ecryptfs_session_key * session_key,char ** packet,size_t * packet_len)144*4882a593Smuzhiyun write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
145*4882a593Smuzhiyun char **packet, size_t *packet_len)
146*4882a593Smuzhiyun {
147*4882a593Smuzhiyun size_t i = 0;
148*4882a593Smuzhiyun size_t data_len;
149*4882a593Smuzhiyun size_t packet_size_len;
150*4882a593Smuzhiyun char *message;
151*4882a593Smuzhiyun int rc;
152*4882a593Smuzhiyun
153*4882a593Smuzhiyun /*
154*4882a593Smuzhiyun * ***** TAG 64 Packet Format *****
155*4882a593Smuzhiyun * | Content Type | 1 byte |
156*4882a593Smuzhiyun * | Key Identifier Size | 1 or 2 bytes |
157*4882a593Smuzhiyun * | Key Identifier | arbitrary |
158*4882a593Smuzhiyun * | Encrypted File Encryption Key Size | 1 or 2 bytes |
159*4882a593Smuzhiyun * | Encrypted File Encryption Key | arbitrary |
160*4882a593Smuzhiyun */
161*4882a593Smuzhiyun data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
162*4882a593Smuzhiyun + session_key->encrypted_key_size);
163*4882a593Smuzhiyun *packet = kmalloc(data_len, GFP_KERNEL);
164*4882a593Smuzhiyun message = *packet;
165*4882a593Smuzhiyun if (!message) {
166*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
167*4882a593Smuzhiyun rc = -ENOMEM;
168*4882a593Smuzhiyun goto out;
169*4882a593Smuzhiyun }
170*4882a593Smuzhiyun message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
171*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
172*4882a593Smuzhiyun &packet_size_len);
173*4882a593Smuzhiyun if (rc) {
174*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
175*4882a593Smuzhiyun "header; cannot generate packet length\n");
176*4882a593Smuzhiyun goto out;
177*4882a593Smuzhiyun }
178*4882a593Smuzhiyun i += packet_size_len;
179*4882a593Smuzhiyun memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
180*4882a593Smuzhiyun i += ECRYPTFS_SIG_SIZE_HEX;
181*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&message[i],
182*4882a593Smuzhiyun session_key->encrypted_key_size,
183*4882a593Smuzhiyun &packet_size_len);
184*4882a593Smuzhiyun if (rc) {
185*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
186*4882a593Smuzhiyun "header; cannot generate packet length\n");
187*4882a593Smuzhiyun goto out;
188*4882a593Smuzhiyun }
189*4882a593Smuzhiyun i += packet_size_len;
190*4882a593Smuzhiyun memcpy(&message[i], session_key->encrypted_key,
191*4882a593Smuzhiyun session_key->encrypted_key_size);
192*4882a593Smuzhiyun i += session_key->encrypted_key_size;
193*4882a593Smuzhiyun *packet_len = i;
194*4882a593Smuzhiyun out:
195*4882a593Smuzhiyun return rc;
196*4882a593Smuzhiyun }
197*4882a593Smuzhiyun
198*4882a593Smuzhiyun static int
parse_tag_65_packet(struct ecryptfs_session_key * session_key,u8 * cipher_code,struct ecryptfs_message * msg)199*4882a593Smuzhiyun parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
200*4882a593Smuzhiyun struct ecryptfs_message *msg)
201*4882a593Smuzhiyun {
202*4882a593Smuzhiyun size_t i = 0;
203*4882a593Smuzhiyun char *data;
204*4882a593Smuzhiyun size_t data_len;
205*4882a593Smuzhiyun size_t m_size;
206*4882a593Smuzhiyun size_t message_len;
207*4882a593Smuzhiyun u16 checksum = 0;
208*4882a593Smuzhiyun u16 expected_checksum = 0;
209*4882a593Smuzhiyun int rc;
210*4882a593Smuzhiyun
211*4882a593Smuzhiyun /*
212*4882a593Smuzhiyun * ***** TAG 65 Packet Format *****
213*4882a593Smuzhiyun * | Content Type | 1 byte |
214*4882a593Smuzhiyun * | Status Indicator | 1 byte |
215*4882a593Smuzhiyun * | File Encryption Key Size | 1 or 2 bytes |
216*4882a593Smuzhiyun * | File Encryption Key | arbitrary |
217*4882a593Smuzhiyun */
218*4882a593Smuzhiyun message_len = msg->data_len;
219*4882a593Smuzhiyun data = msg->data;
220*4882a593Smuzhiyun if (message_len < 4) {
221*4882a593Smuzhiyun rc = -EIO;
222*4882a593Smuzhiyun goto out;
223*4882a593Smuzhiyun }
224*4882a593Smuzhiyun if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
225*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
226*4882a593Smuzhiyun rc = -EIO;
227*4882a593Smuzhiyun goto out;
228*4882a593Smuzhiyun }
229*4882a593Smuzhiyun if (data[i++]) {
230*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
231*4882a593Smuzhiyun "[%d]\n", data[i-1]);
232*4882a593Smuzhiyun rc = -EIO;
233*4882a593Smuzhiyun goto out;
234*4882a593Smuzhiyun }
235*4882a593Smuzhiyun rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
236*4882a593Smuzhiyun if (rc) {
237*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
238*4882a593Smuzhiyun "rc = [%d]\n", rc);
239*4882a593Smuzhiyun goto out;
240*4882a593Smuzhiyun }
241*4882a593Smuzhiyun i += data_len;
242*4882a593Smuzhiyun if (message_len < (i + m_size)) {
243*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
244*4882a593Smuzhiyun "is shorter than expected\n");
245*4882a593Smuzhiyun rc = -EIO;
246*4882a593Smuzhiyun goto out;
247*4882a593Smuzhiyun }
248*4882a593Smuzhiyun if (m_size < 3) {
249*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR,
250*4882a593Smuzhiyun "The decrypted key is not long enough to "
251*4882a593Smuzhiyun "include a cipher code and checksum\n");
252*4882a593Smuzhiyun rc = -EIO;
253*4882a593Smuzhiyun goto out;
254*4882a593Smuzhiyun }
255*4882a593Smuzhiyun *cipher_code = data[i++];
256*4882a593Smuzhiyun /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
257*4882a593Smuzhiyun session_key->decrypted_key_size = m_size - 3;
258*4882a593Smuzhiyun if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
259*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
260*4882a593Smuzhiyun "the maximum key size [%d]\n",
261*4882a593Smuzhiyun session_key->decrypted_key_size,
262*4882a593Smuzhiyun ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
263*4882a593Smuzhiyun rc = -EIO;
264*4882a593Smuzhiyun goto out;
265*4882a593Smuzhiyun }
266*4882a593Smuzhiyun memcpy(session_key->decrypted_key, &data[i],
267*4882a593Smuzhiyun session_key->decrypted_key_size);
268*4882a593Smuzhiyun i += session_key->decrypted_key_size;
269*4882a593Smuzhiyun expected_checksum += (unsigned char)(data[i++]) << 8;
270*4882a593Smuzhiyun expected_checksum += (unsigned char)(data[i++]);
271*4882a593Smuzhiyun for (i = 0; i < session_key->decrypted_key_size; i++)
272*4882a593Smuzhiyun checksum += session_key->decrypted_key[i];
273*4882a593Smuzhiyun if (expected_checksum != checksum) {
274*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
275*4882a593Smuzhiyun "encryption key; expected [%x]; calculated "
276*4882a593Smuzhiyun "[%x]\n", expected_checksum, checksum);
277*4882a593Smuzhiyun rc = -EIO;
278*4882a593Smuzhiyun }
279*4882a593Smuzhiyun out:
280*4882a593Smuzhiyun return rc;
281*4882a593Smuzhiyun }
282*4882a593Smuzhiyun
283*4882a593Smuzhiyun
284*4882a593Smuzhiyun static int
write_tag_66_packet(char * signature,u8 cipher_code,struct ecryptfs_crypt_stat * crypt_stat,char ** packet,size_t * packet_len)285*4882a593Smuzhiyun write_tag_66_packet(char *signature, u8 cipher_code,
286*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat, char **packet,
287*4882a593Smuzhiyun size_t *packet_len)
288*4882a593Smuzhiyun {
289*4882a593Smuzhiyun size_t i = 0;
290*4882a593Smuzhiyun size_t j;
291*4882a593Smuzhiyun size_t data_len;
292*4882a593Smuzhiyun size_t checksum = 0;
293*4882a593Smuzhiyun size_t packet_size_len;
294*4882a593Smuzhiyun char *message;
295*4882a593Smuzhiyun int rc;
296*4882a593Smuzhiyun
297*4882a593Smuzhiyun /*
298*4882a593Smuzhiyun * ***** TAG 66 Packet Format *****
299*4882a593Smuzhiyun * | Content Type | 1 byte |
300*4882a593Smuzhiyun * | Key Identifier Size | 1 or 2 bytes |
301*4882a593Smuzhiyun * | Key Identifier | arbitrary |
302*4882a593Smuzhiyun * | File Encryption Key Size | 1 or 2 bytes |
303*4882a593Smuzhiyun * | File Encryption Key | arbitrary |
304*4882a593Smuzhiyun */
305*4882a593Smuzhiyun data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
306*4882a593Smuzhiyun *packet = kmalloc(data_len, GFP_KERNEL);
307*4882a593Smuzhiyun message = *packet;
308*4882a593Smuzhiyun if (!message) {
309*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
310*4882a593Smuzhiyun rc = -ENOMEM;
311*4882a593Smuzhiyun goto out;
312*4882a593Smuzhiyun }
313*4882a593Smuzhiyun message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
314*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
315*4882a593Smuzhiyun &packet_size_len);
316*4882a593Smuzhiyun if (rc) {
317*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
318*4882a593Smuzhiyun "header; cannot generate packet length\n");
319*4882a593Smuzhiyun goto out;
320*4882a593Smuzhiyun }
321*4882a593Smuzhiyun i += packet_size_len;
322*4882a593Smuzhiyun memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
323*4882a593Smuzhiyun i += ECRYPTFS_SIG_SIZE_HEX;
324*4882a593Smuzhiyun /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
325*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
326*4882a593Smuzhiyun &packet_size_len);
327*4882a593Smuzhiyun if (rc) {
328*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
329*4882a593Smuzhiyun "header; cannot generate packet length\n");
330*4882a593Smuzhiyun goto out;
331*4882a593Smuzhiyun }
332*4882a593Smuzhiyun i += packet_size_len;
333*4882a593Smuzhiyun message[i++] = cipher_code;
334*4882a593Smuzhiyun memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
335*4882a593Smuzhiyun i += crypt_stat->key_size;
336*4882a593Smuzhiyun for (j = 0; j < crypt_stat->key_size; j++)
337*4882a593Smuzhiyun checksum += crypt_stat->key[j];
338*4882a593Smuzhiyun message[i++] = (checksum / 256) % 256;
339*4882a593Smuzhiyun message[i++] = (checksum % 256);
340*4882a593Smuzhiyun *packet_len = i;
341*4882a593Smuzhiyun out:
342*4882a593Smuzhiyun return rc;
343*4882a593Smuzhiyun }
344*4882a593Smuzhiyun
345*4882a593Smuzhiyun static int
parse_tag_67_packet(struct ecryptfs_key_record * key_rec,struct ecryptfs_message * msg)346*4882a593Smuzhiyun parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
347*4882a593Smuzhiyun struct ecryptfs_message *msg)
348*4882a593Smuzhiyun {
349*4882a593Smuzhiyun size_t i = 0;
350*4882a593Smuzhiyun char *data;
351*4882a593Smuzhiyun size_t data_len;
352*4882a593Smuzhiyun size_t message_len;
353*4882a593Smuzhiyun int rc;
354*4882a593Smuzhiyun
355*4882a593Smuzhiyun /*
356*4882a593Smuzhiyun * ***** TAG 65 Packet Format *****
357*4882a593Smuzhiyun * | Content Type | 1 byte |
358*4882a593Smuzhiyun * | Status Indicator | 1 byte |
359*4882a593Smuzhiyun * | Encrypted File Encryption Key Size | 1 or 2 bytes |
360*4882a593Smuzhiyun * | Encrypted File Encryption Key | arbitrary |
361*4882a593Smuzhiyun */
362*4882a593Smuzhiyun message_len = msg->data_len;
363*4882a593Smuzhiyun data = msg->data;
364*4882a593Smuzhiyun /* verify that everything through the encrypted FEK size is present */
365*4882a593Smuzhiyun if (message_len < 4) {
366*4882a593Smuzhiyun rc = -EIO;
367*4882a593Smuzhiyun printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
368*4882a593Smuzhiyun "message length is [%d]\n", __func__, message_len, 4);
369*4882a593Smuzhiyun goto out;
370*4882a593Smuzhiyun }
371*4882a593Smuzhiyun if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
372*4882a593Smuzhiyun rc = -EIO;
373*4882a593Smuzhiyun printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
374*4882a593Smuzhiyun __func__);
375*4882a593Smuzhiyun goto out;
376*4882a593Smuzhiyun }
377*4882a593Smuzhiyun if (data[i++]) {
378*4882a593Smuzhiyun rc = -EIO;
379*4882a593Smuzhiyun printk(KERN_ERR "%s: Status indicator has non zero "
380*4882a593Smuzhiyun "value [%d]\n", __func__, data[i-1]);
381*4882a593Smuzhiyun
382*4882a593Smuzhiyun goto out;
383*4882a593Smuzhiyun }
384*4882a593Smuzhiyun rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
385*4882a593Smuzhiyun &data_len);
386*4882a593Smuzhiyun if (rc) {
387*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
388*4882a593Smuzhiyun "rc = [%d]\n", rc);
389*4882a593Smuzhiyun goto out;
390*4882a593Smuzhiyun }
391*4882a593Smuzhiyun i += data_len;
392*4882a593Smuzhiyun if (message_len < (i + key_rec->enc_key_size)) {
393*4882a593Smuzhiyun rc = -EIO;
394*4882a593Smuzhiyun printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
395*4882a593Smuzhiyun __func__, message_len, (i + key_rec->enc_key_size));
396*4882a593Smuzhiyun goto out;
397*4882a593Smuzhiyun }
398*4882a593Smuzhiyun if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
399*4882a593Smuzhiyun rc = -EIO;
400*4882a593Smuzhiyun printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
401*4882a593Smuzhiyun "the maximum key size [%d]\n", __func__,
402*4882a593Smuzhiyun key_rec->enc_key_size,
403*4882a593Smuzhiyun ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
404*4882a593Smuzhiyun goto out;
405*4882a593Smuzhiyun }
406*4882a593Smuzhiyun memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
407*4882a593Smuzhiyun out:
408*4882a593Smuzhiyun return rc;
409*4882a593Smuzhiyun }
410*4882a593Smuzhiyun
411*4882a593Smuzhiyun /**
412*4882a593Smuzhiyun * ecryptfs_verify_version
413*4882a593Smuzhiyun * @version: The version number to confirm
414*4882a593Smuzhiyun *
415*4882a593Smuzhiyun * Returns zero on good version; non-zero otherwise
416*4882a593Smuzhiyun */
ecryptfs_verify_version(u16 version)417*4882a593Smuzhiyun static int ecryptfs_verify_version(u16 version)
418*4882a593Smuzhiyun {
419*4882a593Smuzhiyun int rc = 0;
420*4882a593Smuzhiyun unsigned char major;
421*4882a593Smuzhiyun unsigned char minor;
422*4882a593Smuzhiyun
423*4882a593Smuzhiyun major = ((version >> 8) & 0xFF);
424*4882a593Smuzhiyun minor = (version & 0xFF);
425*4882a593Smuzhiyun if (major != ECRYPTFS_VERSION_MAJOR) {
426*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
427*4882a593Smuzhiyun "Expected [%d]; got [%d]\n",
428*4882a593Smuzhiyun ECRYPTFS_VERSION_MAJOR, major);
429*4882a593Smuzhiyun rc = -EINVAL;
430*4882a593Smuzhiyun goto out;
431*4882a593Smuzhiyun }
432*4882a593Smuzhiyun if (minor != ECRYPTFS_VERSION_MINOR) {
433*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
434*4882a593Smuzhiyun "Expected [%d]; got [%d]\n",
435*4882a593Smuzhiyun ECRYPTFS_VERSION_MINOR, minor);
436*4882a593Smuzhiyun rc = -EINVAL;
437*4882a593Smuzhiyun goto out;
438*4882a593Smuzhiyun }
439*4882a593Smuzhiyun out:
440*4882a593Smuzhiyun return rc;
441*4882a593Smuzhiyun }
442*4882a593Smuzhiyun
443*4882a593Smuzhiyun /**
444*4882a593Smuzhiyun * ecryptfs_verify_auth_tok_from_key
445*4882a593Smuzhiyun * @auth_tok_key: key containing the authentication token
446*4882a593Smuzhiyun * @auth_tok: authentication token
447*4882a593Smuzhiyun *
448*4882a593Smuzhiyun * Returns zero on valid auth tok; -EINVAL if the payload is invalid; or
449*4882a593Smuzhiyun * -EKEYREVOKED if the key was revoked before we acquired its semaphore.
450*4882a593Smuzhiyun */
451*4882a593Smuzhiyun static int
ecryptfs_verify_auth_tok_from_key(struct key * auth_tok_key,struct ecryptfs_auth_tok ** auth_tok)452*4882a593Smuzhiyun ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
453*4882a593Smuzhiyun struct ecryptfs_auth_tok **auth_tok)
454*4882a593Smuzhiyun {
455*4882a593Smuzhiyun int rc = 0;
456*4882a593Smuzhiyun
457*4882a593Smuzhiyun (*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
458*4882a593Smuzhiyun if (IS_ERR(*auth_tok)) {
459*4882a593Smuzhiyun rc = PTR_ERR(*auth_tok);
460*4882a593Smuzhiyun *auth_tok = NULL;
461*4882a593Smuzhiyun goto out;
462*4882a593Smuzhiyun }
463*4882a593Smuzhiyun
464*4882a593Smuzhiyun if (ecryptfs_verify_version((*auth_tok)->version)) {
465*4882a593Smuzhiyun printk(KERN_ERR "Data structure version mismatch. Userspace "
466*4882a593Smuzhiyun "tools must match eCryptfs kernel module with major "
467*4882a593Smuzhiyun "version [%d] and minor version [%d]\n",
468*4882a593Smuzhiyun ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
469*4882a593Smuzhiyun rc = -EINVAL;
470*4882a593Smuzhiyun goto out;
471*4882a593Smuzhiyun }
472*4882a593Smuzhiyun if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
473*4882a593Smuzhiyun && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
474*4882a593Smuzhiyun printk(KERN_ERR "Invalid auth_tok structure "
475*4882a593Smuzhiyun "returned from key query\n");
476*4882a593Smuzhiyun rc = -EINVAL;
477*4882a593Smuzhiyun goto out;
478*4882a593Smuzhiyun }
479*4882a593Smuzhiyun out:
480*4882a593Smuzhiyun return rc;
481*4882a593Smuzhiyun }
482*4882a593Smuzhiyun
483*4882a593Smuzhiyun static int
ecryptfs_find_global_auth_tok_for_sig(struct key ** auth_tok_key,struct ecryptfs_auth_tok ** auth_tok,struct ecryptfs_mount_crypt_stat * mount_crypt_stat,char * sig)484*4882a593Smuzhiyun ecryptfs_find_global_auth_tok_for_sig(
485*4882a593Smuzhiyun struct key **auth_tok_key,
486*4882a593Smuzhiyun struct ecryptfs_auth_tok **auth_tok,
487*4882a593Smuzhiyun struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
488*4882a593Smuzhiyun {
489*4882a593Smuzhiyun struct ecryptfs_global_auth_tok *walker;
490*4882a593Smuzhiyun int rc = 0;
491*4882a593Smuzhiyun
492*4882a593Smuzhiyun (*auth_tok_key) = NULL;
493*4882a593Smuzhiyun (*auth_tok) = NULL;
494*4882a593Smuzhiyun mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
495*4882a593Smuzhiyun list_for_each_entry(walker,
496*4882a593Smuzhiyun &mount_crypt_stat->global_auth_tok_list,
497*4882a593Smuzhiyun mount_crypt_stat_list) {
498*4882a593Smuzhiyun if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
499*4882a593Smuzhiyun continue;
500*4882a593Smuzhiyun
501*4882a593Smuzhiyun if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
502*4882a593Smuzhiyun rc = -EINVAL;
503*4882a593Smuzhiyun goto out;
504*4882a593Smuzhiyun }
505*4882a593Smuzhiyun
506*4882a593Smuzhiyun rc = key_validate(walker->global_auth_tok_key);
507*4882a593Smuzhiyun if (rc) {
508*4882a593Smuzhiyun if (rc == -EKEYEXPIRED)
509*4882a593Smuzhiyun goto out;
510*4882a593Smuzhiyun goto out_invalid_auth_tok;
511*4882a593Smuzhiyun }
512*4882a593Smuzhiyun
513*4882a593Smuzhiyun down_write(&(walker->global_auth_tok_key->sem));
514*4882a593Smuzhiyun rc = ecryptfs_verify_auth_tok_from_key(
515*4882a593Smuzhiyun walker->global_auth_tok_key, auth_tok);
516*4882a593Smuzhiyun if (rc)
517*4882a593Smuzhiyun goto out_invalid_auth_tok_unlock;
518*4882a593Smuzhiyun
519*4882a593Smuzhiyun (*auth_tok_key) = walker->global_auth_tok_key;
520*4882a593Smuzhiyun key_get(*auth_tok_key);
521*4882a593Smuzhiyun goto out;
522*4882a593Smuzhiyun }
523*4882a593Smuzhiyun rc = -ENOENT;
524*4882a593Smuzhiyun goto out;
525*4882a593Smuzhiyun out_invalid_auth_tok_unlock:
526*4882a593Smuzhiyun up_write(&(walker->global_auth_tok_key->sem));
527*4882a593Smuzhiyun out_invalid_auth_tok:
528*4882a593Smuzhiyun printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
529*4882a593Smuzhiyun walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
530*4882a593Smuzhiyun key_put(walker->global_auth_tok_key);
531*4882a593Smuzhiyun walker->global_auth_tok_key = NULL;
532*4882a593Smuzhiyun out:
533*4882a593Smuzhiyun mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
534*4882a593Smuzhiyun return rc;
535*4882a593Smuzhiyun }
536*4882a593Smuzhiyun
537*4882a593Smuzhiyun /**
538*4882a593Smuzhiyun * ecryptfs_find_auth_tok_for_sig
539*4882a593Smuzhiyun * @auth_tok: Set to the matching auth_tok; NULL if not found
540*4882a593Smuzhiyun * @crypt_stat: inode crypt_stat crypto context
541*4882a593Smuzhiyun * @sig: Sig of auth_tok to find
542*4882a593Smuzhiyun *
543*4882a593Smuzhiyun * For now, this function simply looks at the registered auth_tok's
544*4882a593Smuzhiyun * linked off the mount_crypt_stat, so all the auth_toks that can be
545*4882a593Smuzhiyun * used must be registered at mount time. This function could
546*4882a593Smuzhiyun * potentially try a lot harder to find auth_tok's (e.g., by calling
547*4882a593Smuzhiyun * out to ecryptfsd to dynamically retrieve an auth_tok object) so
548*4882a593Smuzhiyun * that static registration of auth_tok's will no longer be necessary.
549*4882a593Smuzhiyun *
550*4882a593Smuzhiyun * Returns zero on no error; non-zero on error
551*4882a593Smuzhiyun */
552*4882a593Smuzhiyun static int
ecryptfs_find_auth_tok_for_sig(struct key ** auth_tok_key,struct ecryptfs_auth_tok ** auth_tok,struct ecryptfs_mount_crypt_stat * mount_crypt_stat,char * sig)553*4882a593Smuzhiyun ecryptfs_find_auth_tok_for_sig(
554*4882a593Smuzhiyun struct key **auth_tok_key,
555*4882a593Smuzhiyun struct ecryptfs_auth_tok **auth_tok,
556*4882a593Smuzhiyun struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
557*4882a593Smuzhiyun char *sig)
558*4882a593Smuzhiyun {
559*4882a593Smuzhiyun int rc = 0;
560*4882a593Smuzhiyun
561*4882a593Smuzhiyun rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
562*4882a593Smuzhiyun mount_crypt_stat, sig);
563*4882a593Smuzhiyun if (rc == -ENOENT) {
564*4882a593Smuzhiyun /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
565*4882a593Smuzhiyun * mount_crypt_stat structure, we prevent to use auth toks that
566*4882a593Smuzhiyun * are not inserted through the ecryptfs_add_global_auth_tok
567*4882a593Smuzhiyun * function.
568*4882a593Smuzhiyun */
569*4882a593Smuzhiyun if (mount_crypt_stat->flags
570*4882a593Smuzhiyun & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
571*4882a593Smuzhiyun return -EINVAL;
572*4882a593Smuzhiyun
573*4882a593Smuzhiyun rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
574*4882a593Smuzhiyun sig);
575*4882a593Smuzhiyun }
576*4882a593Smuzhiyun return rc;
577*4882a593Smuzhiyun }
578*4882a593Smuzhiyun
579*4882a593Smuzhiyun /**
580*4882a593Smuzhiyun * write_tag_70_packet can gobble a lot of stack space. We stuff most
581*4882a593Smuzhiyun * of the function's parameters in a kmalloc'd struct to help reduce
582*4882a593Smuzhiyun * eCryptfs' overall stack usage.
583*4882a593Smuzhiyun */
584*4882a593Smuzhiyun struct ecryptfs_write_tag_70_packet_silly_stack {
585*4882a593Smuzhiyun u8 cipher_code;
586*4882a593Smuzhiyun size_t max_packet_size;
587*4882a593Smuzhiyun size_t packet_size_len;
588*4882a593Smuzhiyun size_t block_aligned_filename_size;
589*4882a593Smuzhiyun size_t block_size;
590*4882a593Smuzhiyun size_t i;
591*4882a593Smuzhiyun size_t j;
592*4882a593Smuzhiyun size_t num_rand_bytes;
593*4882a593Smuzhiyun struct mutex *tfm_mutex;
594*4882a593Smuzhiyun char *block_aligned_filename;
595*4882a593Smuzhiyun struct ecryptfs_auth_tok *auth_tok;
596*4882a593Smuzhiyun struct scatterlist src_sg[2];
597*4882a593Smuzhiyun struct scatterlist dst_sg[2];
598*4882a593Smuzhiyun struct crypto_skcipher *skcipher_tfm;
599*4882a593Smuzhiyun struct skcipher_request *skcipher_req;
600*4882a593Smuzhiyun char iv[ECRYPTFS_MAX_IV_BYTES];
601*4882a593Smuzhiyun char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
602*4882a593Smuzhiyun char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
603*4882a593Smuzhiyun struct crypto_shash *hash_tfm;
604*4882a593Smuzhiyun struct shash_desc *hash_desc;
605*4882a593Smuzhiyun };
606*4882a593Smuzhiyun
607*4882a593Smuzhiyun /**
608*4882a593Smuzhiyun * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
609*4882a593Smuzhiyun * @filename: NULL-terminated filename string
610*4882a593Smuzhiyun *
611*4882a593Smuzhiyun * This is the simplest mechanism for achieving filename encryption in
612*4882a593Smuzhiyun * eCryptfs. It encrypts the given filename with the mount-wide
613*4882a593Smuzhiyun * filename encryption key (FNEK) and stores it in a packet to @dest,
614*4882a593Smuzhiyun * which the callee will encode and write directly into the dentry
615*4882a593Smuzhiyun * name.
616*4882a593Smuzhiyun */
617*4882a593Smuzhiyun int
ecryptfs_write_tag_70_packet(char * dest,size_t * remaining_bytes,size_t * packet_size,struct ecryptfs_mount_crypt_stat * mount_crypt_stat,char * filename,size_t filename_size)618*4882a593Smuzhiyun ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
619*4882a593Smuzhiyun size_t *packet_size,
620*4882a593Smuzhiyun struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
621*4882a593Smuzhiyun char *filename, size_t filename_size)
622*4882a593Smuzhiyun {
623*4882a593Smuzhiyun struct ecryptfs_write_tag_70_packet_silly_stack *s;
624*4882a593Smuzhiyun struct key *auth_tok_key = NULL;
625*4882a593Smuzhiyun int rc = 0;
626*4882a593Smuzhiyun
627*4882a593Smuzhiyun s = kzalloc(sizeof(*s), GFP_KERNEL);
628*4882a593Smuzhiyun if (!s)
629*4882a593Smuzhiyun return -ENOMEM;
630*4882a593Smuzhiyun
631*4882a593Smuzhiyun (*packet_size) = 0;
632*4882a593Smuzhiyun rc = ecryptfs_find_auth_tok_for_sig(
633*4882a593Smuzhiyun &auth_tok_key,
634*4882a593Smuzhiyun &s->auth_tok, mount_crypt_stat,
635*4882a593Smuzhiyun mount_crypt_stat->global_default_fnek_sig);
636*4882a593Smuzhiyun if (rc) {
637*4882a593Smuzhiyun printk(KERN_ERR "%s: Error attempting to find auth tok for "
638*4882a593Smuzhiyun "fnek sig [%s]; rc = [%d]\n", __func__,
639*4882a593Smuzhiyun mount_crypt_stat->global_default_fnek_sig, rc);
640*4882a593Smuzhiyun goto out;
641*4882a593Smuzhiyun }
642*4882a593Smuzhiyun rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
643*4882a593Smuzhiyun &s->skcipher_tfm,
644*4882a593Smuzhiyun &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
645*4882a593Smuzhiyun if (unlikely(rc)) {
646*4882a593Smuzhiyun printk(KERN_ERR "Internal error whilst attempting to get "
647*4882a593Smuzhiyun "tfm and mutex for cipher name [%s]; rc = [%d]\n",
648*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_name, rc);
649*4882a593Smuzhiyun goto out;
650*4882a593Smuzhiyun }
651*4882a593Smuzhiyun mutex_lock(s->tfm_mutex);
652*4882a593Smuzhiyun s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm);
653*4882a593Smuzhiyun /* Plus one for the \0 separator between the random prefix
654*4882a593Smuzhiyun * and the plaintext filename */
655*4882a593Smuzhiyun s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
656*4882a593Smuzhiyun s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
657*4882a593Smuzhiyun if ((s->block_aligned_filename_size % s->block_size) != 0) {
658*4882a593Smuzhiyun s->num_rand_bytes += (s->block_size
659*4882a593Smuzhiyun - (s->block_aligned_filename_size
660*4882a593Smuzhiyun % s->block_size));
661*4882a593Smuzhiyun s->block_aligned_filename_size = (s->num_rand_bytes
662*4882a593Smuzhiyun + filename_size);
663*4882a593Smuzhiyun }
664*4882a593Smuzhiyun /* Octet 0: Tag 70 identifier
665*4882a593Smuzhiyun * Octets 1-N1: Tag 70 packet size (includes cipher identifier
666*4882a593Smuzhiyun * and block-aligned encrypted filename size)
667*4882a593Smuzhiyun * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
668*4882a593Smuzhiyun * Octet N2-N3: Cipher identifier (1 octet)
669*4882a593Smuzhiyun * Octets N3-N4: Block-aligned encrypted filename
670*4882a593Smuzhiyun * - Consists of a minimum number of random characters, a \0
671*4882a593Smuzhiyun * separator, and then the filename */
672*4882a593Smuzhiyun s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE
673*4882a593Smuzhiyun + s->block_aligned_filename_size);
674*4882a593Smuzhiyun if (!dest) {
675*4882a593Smuzhiyun (*packet_size) = s->max_packet_size;
676*4882a593Smuzhiyun goto out_unlock;
677*4882a593Smuzhiyun }
678*4882a593Smuzhiyun if (s->max_packet_size > (*remaining_bytes)) {
679*4882a593Smuzhiyun printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
680*4882a593Smuzhiyun "[%zd] available\n", __func__, s->max_packet_size,
681*4882a593Smuzhiyun (*remaining_bytes));
682*4882a593Smuzhiyun rc = -EINVAL;
683*4882a593Smuzhiyun goto out_unlock;
684*4882a593Smuzhiyun }
685*4882a593Smuzhiyun
686*4882a593Smuzhiyun s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
687*4882a593Smuzhiyun if (!s->skcipher_req) {
688*4882a593Smuzhiyun printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
689*4882a593Smuzhiyun "skcipher_request_alloc for %s\n", __func__,
690*4882a593Smuzhiyun crypto_skcipher_driver_name(s->skcipher_tfm));
691*4882a593Smuzhiyun rc = -ENOMEM;
692*4882a593Smuzhiyun goto out_unlock;
693*4882a593Smuzhiyun }
694*4882a593Smuzhiyun
695*4882a593Smuzhiyun skcipher_request_set_callback(s->skcipher_req,
696*4882a593Smuzhiyun CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
697*4882a593Smuzhiyun
698*4882a593Smuzhiyun s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
699*4882a593Smuzhiyun GFP_KERNEL);
700*4882a593Smuzhiyun if (!s->block_aligned_filename) {
701*4882a593Smuzhiyun rc = -ENOMEM;
702*4882a593Smuzhiyun goto out_unlock;
703*4882a593Smuzhiyun }
704*4882a593Smuzhiyun dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
705*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&dest[s->i],
706*4882a593Smuzhiyun (ECRYPTFS_SIG_SIZE
707*4882a593Smuzhiyun + 1 /* Cipher code */
708*4882a593Smuzhiyun + s->block_aligned_filename_size),
709*4882a593Smuzhiyun &s->packet_size_len);
710*4882a593Smuzhiyun if (rc) {
711*4882a593Smuzhiyun printk(KERN_ERR "%s: Error generating tag 70 packet "
712*4882a593Smuzhiyun "header; cannot generate packet length; rc = [%d]\n",
713*4882a593Smuzhiyun __func__, rc);
714*4882a593Smuzhiyun goto out_free_unlock;
715*4882a593Smuzhiyun }
716*4882a593Smuzhiyun s->i += s->packet_size_len;
717*4882a593Smuzhiyun ecryptfs_from_hex(&dest[s->i],
718*4882a593Smuzhiyun mount_crypt_stat->global_default_fnek_sig,
719*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE);
720*4882a593Smuzhiyun s->i += ECRYPTFS_SIG_SIZE;
721*4882a593Smuzhiyun s->cipher_code = ecryptfs_code_for_cipher_string(
722*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_name,
723*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_key_bytes);
724*4882a593Smuzhiyun if (s->cipher_code == 0) {
725*4882a593Smuzhiyun printk(KERN_WARNING "%s: Unable to generate code for "
726*4882a593Smuzhiyun "cipher [%s] with key bytes [%zd]\n", __func__,
727*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_name,
728*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_key_bytes);
729*4882a593Smuzhiyun rc = -EINVAL;
730*4882a593Smuzhiyun goto out_free_unlock;
731*4882a593Smuzhiyun }
732*4882a593Smuzhiyun dest[s->i++] = s->cipher_code;
733*4882a593Smuzhiyun /* TODO: Support other key modules than passphrase for
734*4882a593Smuzhiyun * filename encryption */
735*4882a593Smuzhiyun if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
736*4882a593Smuzhiyun rc = -EOPNOTSUPP;
737*4882a593Smuzhiyun printk(KERN_INFO "%s: Filename encryption only supports "
738*4882a593Smuzhiyun "password tokens\n", __func__);
739*4882a593Smuzhiyun goto out_free_unlock;
740*4882a593Smuzhiyun }
741*4882a593Smuzhiyun s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0);
742*4882a593Smuzhiyun if (IS_ERR(s->hash_tfm)) {
743*4882a593Smuzhiyun rc = PTR_ERR(s->hash_tfm);
744*4882a593Smuzhiyun printk(KERN_ERR "%s: Error attempting to "
745*4882a593Smuzhiyun "allocate hash crypto context; rc = [%d]\n",
746*4882a593Smuzhiyun __func__, rc);
747*4882a593Smuzhiyun goto out_free_unlock;
748*4882a593Smuzhiyun }
749*4882a593Smuzhiyun
750*4882a593Smuzhiyun s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
751*4882a593Smuzhiyun crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
752*4882a593Smuzhiyun if (!s->hash_desc) {
753*4882a593Smuzhiyun rc = -ENOMEM;
754*4882a593Smuzhiyun goto out_release_free_unlock;
755*4882a593Smuzhiyun }
756*4882a593Smuzhiyun
757*4882a593Smuzhiyun s->hash_desc->tfm = s->hash_tfm;
758*4882a593Smuzhiyun
759*4882a593Smuzhiyun rc = crypto_shash_digest(s->hash_desc,
760*4882a593Smuzhiyun (u8 *)s->auth_tok->token.password.session_key_encryption_key,
761*4882a593Smuzhiyun s->auth_tok->token.password.session_key_encryption_key_bytes,
762*4882a593Smuzhiyun s->hash);
763*4882a593Smuzhiyun if (rc) {
764*4882a593Smuzhiyun printk(KERN_ERR
765*4882a593Smuzhiyun "%s: Error computing crypto hash; rc = [%d]\n",
766*4882a593Smuzhiyun __func__, rc);
767*4882a593Smuzhiyun goto out_release_free_unlock;
768*4882a593Smuzhiyun }
769*4882a593Smuzhiyun for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
770*4882a593Smuzhiyun s->block_aligned_filename[s->j] =
771*4882a593Smuzhiyun s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
772*4882a593Smuzhiyun if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
773*4882a593Smuzhiyun == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
774*4882a593Smuzhiyun rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash,
775*4882a593Smuzhiyun ECRYPTFS_TAG_70_DIGEST_SIZE,
776*4882a593Smuzhiyun s->tmp_hash);
777*4882a593Smuzhiyun if (rc) {
778*4882a593Smuzhiyun printk(KERN_ERR
779*4882a593Smuzhiyun "%s: Error computing crypto hash; "
780*4882a593Smuzhiyun "rc = [%d]\n", __func__, rc);
781*4882a593Smuzhiyun goto out_release_free_unlock;
782*4882a593Smuzhiyun }
783*4882a593Smuzhiyun memcpy(s->hash, s->tmp_hash,
784*4882a593Smuzhiyun ECRYPTFS_TAG_70_DIGEST_SIZE);
785*4882a593Smuzhiyun }
786*4882a593Smuzhiyun if (s->block_aligned_filename[s->j] == '\0')
787*4882a593Smuzhiyun s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
788*4882a593Smuzhiyun }
789*4882a593Smuzhiyun memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
790*4882a593Smuzhiyun filename_size);
791*4882a593Smuzhiyun rc = virt_to_scatterlist(s->block_aligned_filename,
792*4882a593Smuzhiyun s->block_aligned_filename_size, s->src_sg, 2);
793*4882a593Smuzhiyun if (rc < 1) {
794*4882a593Smuzhiyun printk(KERN_ERR "%s: Internal error whilst attempting to "
795*4882a593Smuzhiyun "convert filename memory to scatterlist; rc = [%d]. "
796*4882a593Smuzhiyun "block_aligned_filename_size = [%zd]\n", __func__, rc,
797*4882a593Smuzhiyun s->block_aligned_filename_size);
798*4882a593Smuzhiyun goto out_release_free_unlock;
799*4882a593Smuzhiyun }
800*4882a593Smuzhiyun rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
801*4882a593Smuzhiyun s->dst_sg, 2);
802*4882a593Smuzhiyun if (rc < 1) {
803*4882a593Smuzhiyun printk(KERN_ERR "%s: Internal error whilst attempting to "
804*4882a593Smuzhiyun "convert encrypted filename memory to scatterlist; "
805*4882a593Smuzhiyun "rc = [%d]. block_aligned_filename_size = [%zd]\n",
806*4882a593Smuzhiyun __func__, rc, s->block_aligned_filename_size);
807*4882a593Smuzhiyun goto out_release_free_unlock;
808*4882a593Smuzhiyun }
809*4882a593Smuzhiyun /* The characters in the first block effectively do the job
810*4882a593Smuzhiyun * of the IV here, so we just use 0's for the IV. Note the
811*4882a593Smuzhiyun * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
812*4882a593Smuzhiyun * >= ECRYPTFS_MAX_IV_BYTES. */
813*4882a593Smuzhiyun rc = crypto_skcipher_setkey(
814*4882a593Smuzhiyun s->skcipher_tfm,
815*4882a593Smuzhiyun s->auth_tok->token.password.session_key_encryption_key,
816*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_key_bytes);
817*4882a593Smuzhiyun if (rc < 0) {
818*4882a593Smuzhiyun printk(KERN_ERR "%s: Error setting key for crypto context; "
819*4882a593Smuzhiyun "rc = [%d]. s->auth_tok->token.password.session_key_"
820*4882a593Smuzhiyun "encryption_key = [0x%p]; mount_crypt_stat->"
821*4882a593Smuzhiyun "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
822*4882a593Smuzhiyun rc,
823*4882a593Smuzhiyun s->auth_tok->token.password.session_key_encryption_key,
824*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_key_bytes);
825*4882a593Smuzhiyun goto out_release_free_unlock;
826*4882a593Smuzhiyun }
827*4882a593Smuzhiyun skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
828*4882a593Smuzhiyun s->block_aligned_filename_size, s->iv);
829*4882a593Smuzhiyun rc = crypto_skcipher_encrypt(s->skcipher_req);
830*4882a593Smuzhiyun if (rc) {
831*4882a593Smuzhiyun printk(KERN_ERR "%s: Error attempting to encrypt filename; "
832*4882a593Smuzhiyun "rc = [%d]\n", __func__, rc);
833*4882a593Smuzhiyun goto out_release_free_unlock;
834*4882a593Smuzhiyun }
835*4882a593Smuzhiyun s->i += s->block_aligned_filename_size;
836*4882a593Smuzhiyun (*packet_size) = s->i;
837*4882a593Smuzhiyun (*remaining_bytes) -= (*packet_size);
838*4882a593Smuzhiyun out_release_free_unlock:
839*4882a593Smuzhiyun crypto_free_shash(s->hash_tfm);
840*4882a593Smuzhiyun out_free_unlock:
841*4882a593Smuzhiyun kfree_sensitive(s->block_aligned_filename);
842*4882a593Smuzhiyun out_unlock:
843*4882a593Smuzhiyun mutex_unlock(s->tfm_mutex);
844*4882a593Smuzhiyun out:
845*4882a593Smuzhiyun if (auth_tok_key) {
846*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
847*4882a593Smuzhiyun key_put(auth_tok_key);
848*4882a593Smuzhiyun }
849*4882a593Smuzhiyun skcipher_request_free(s->skcipher_req);
850*4882a593Smuzhiyun kfree_sensitive(s->hash_desc);
851*4882a593Smuzhiyun kfree(s);
852*4882a593Smuzhiyun return rc;
853*4882a593Smuzhiyun }
854*4882a593Smuzhiyun
855*4882a593Smuzhiyun struct ecryptfs_parse_tag_70_packet_silly_stack {
856*4882a593Smuzhiyun u8 cipher_code;
857*4882a593Smuzhiyun size_t max_packet_size;
858*4882a593Smuzhiyun size_t packet_size_len;
859*4882a593Smuzhiyun size_t parsed_tag_70_packet_size;
860*4882a593Smuzhiyun size_t block_aligned_filename_size;
861*4882a593Smuzhiyun size_t block_size;
862*4882a593Smuzhiyun size_t i;
863*4882a593Smuzhiyun struct mutex *tfm_mutex;
864*4882a593Smuzhiyun char *decrypted_filename;
865*4882a593Smuzhiyun struct ecryptfs_auth_tok *auth_tok;
866*4882a593Smuzhiyun struct scatterlist src_sg[2];
867*4882a593Smuzhiyun struct scatterlist dst_sg[2];
868*4882a593Smuzhiyun struct crypto_skcipher *skcipher_tfm;
869*4882a593Smuzhiyun struct skcipher_request *skcipher_req;
870*4882a593Smuzhiyun char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
871*4882a593Smuzhiyun char iv[ECRYPTFS_MAX_IV_BYTES];
872*4882a593Smuzhiyun char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
873*4882a593Smuzhiyun };
874*4882a593Smuzhiyun
875*4882a593Smuzhiyun /**
876*4882a593Smuzhiyun * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
877*4882a593Smuzhiyun * @filename: This function kmalloc's the memory for the filename
878*4882a593Smuzhiyun * @filename_size: This function sets this to the amount of memory
879*4882a593Smuzhiyun * kmalloc'd for the filename
880*4882a593Smuzhiyun * @packet_size: This function sets this to the the number of octets
881*4882a593Smuzhiyun * in the packet parsed
882*4882a593Smuzhiyun * @mount_crypt_stat: The mount-wide cryptographic context
883*4882a593Smuzhiyun * @data: The memory location containing the start of the tag 70
884*4882a593Smuzhiyun * packet
885*4882a593Smuzhiyun * @max_packet_size: The maximum legal size of the packet to be parsed
886*4882a593Smuzhiyun * from @data
887*4882a593Smuzhiyun *
888*4882a593Smuzhiyun * Returns zero on success; non-zero otherwise
889*4882a593Smuzhiyun */
890*4882a593Smuzhiyun int
ecryptfs_parse_tag_70_packet(char ** filename,size_t * filename_size,size_t * packet_size,struct ecryptfs_mount_crypt_stat * mount_crypt_stat,char * data,size_t max_packet_size)891*4882a593Smuzhiyun ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
892*4882a593Smuzhiyun size_t *packet_size,
893*4882a593Smuzhiyun struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
894*4882a593Smuzhiyun char *data, size_t max_packet_size)
895*4882a593Smuzhiyun {
896*4882a593Smuzhiyun struct ecryptfs_parse_tag_70_packet_silly_stack *s;
897*4882a593Smuzhiyun struct key *auth_tok_key = NULL;
898*4882a593Smuzhiyun int rc = 0;
899*4882a593Smuzhiyun
900*4882a593Smuzhiyun (*packet_size) = 0;
901*4882a593Smuzhiyun (*filename_size) = 0;
902*4882a593Smuzhiyun (*filename) = NULL;
903*4882a593Smuzhiyun s = kzalloc(sizeof(*s), GFP_KERNEL);
904*4882a593Smuzhiyun if (!s)
905*4882a593Smuzhiyun return -ENOMEM;
906*4882a593Smuzhiyun
907*4882a593Smuzhiyun if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
908*4882a593Smuzhiyun printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
909*4882a593Smuzhiyun "at least [%d]\n", __func__, max_packet_size,
910*4882a593Smuzhiyun ECRYPTFS_TAG_70_MIN_METADATA_SIZE);
911*4882a593Smuzhiyun rc = -EINVAL;
912*4882a593Smuzhiyun goto out;
913*4882a593Smuzhiyun }
914*4882a593Smuzhiyun /* Octet 0: Tag 70 identifier
915*4882a593Smuzhiyun * Octets 1-N1: Tag 70 packet size (includes cipher identifier
916*4882a593Smuzhiyun * and block-aligned encrypted filename size)
917*4882a593Smuzhiyun * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
918*4882a593Smuzhiyun * Octet N2-N3: Cipher identifier (1 octet)
919*4882a593Smuzhiyun * Octets N3-N4: Block-aligned encrypted filename
920*4882a593Smuzhiyun * - Consists of a minimum number of random numbers, a \0
921*4882a593Smuzhiyun * separator, and then the filename */
922*4882a593Smuzhiyun if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
923*4882a593Smuzhiyun printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
924*4882a593Smuzhiyun "tag [0x%.2x]\n", __func__,
925*4882a593Smuzhiyun data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
926*4882a593Smuzhiyun rc = -EINVAL;
927*4882a593Smuzhiyun goto out;
928*4882a593Smuzhiyun }
929*4882a593Smuzhiyun rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
930*4882a593Smuzhiyun &s->parsed_tag_70_packet_size,
931*4882a593Smuzhiyun &s->packet_size_len);
932*4882a593Smuzhiyun if (rc) {
933*4882a593Smuzhiyun printk(KERN_WARNING "%s: Error parsing packet length; "
934*4882a593Smuzhiyun "rc = [%d]\n", __func__, rc);
935*4882a593Smuzhiyun goto out;
936*4882a593Smuzhiyun }
937*4882a593Smuzhiyun s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
938*4882a593Smuzhiyun - ECRYPTFS_SIG_SIZE - 1);
939*4882a593Smuzhiyun if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
940*4882a593Smuzhiyun > max_packet_size) {
941*4882a593Smuzhiyun printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
942*4882a593Smuzhiyun "size is [%zd]\n", __func__, max_packet_size,
943*4882a593Smuzhiyun (1 + s->packet_size_len + 1
944*4882a593Smuzhiyun + s->block_aligned_filename_size));
945*4882a593Smuzhiyun rc = -EINVAL;
946*4882a593Smuzhiyun goto out;
947*4882a593Smuzhiyun }
948*4882a593Smuzhiyun (*packet_size) += s->packet_size_len;
949*4882a593Smuzhiyun ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
950*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE);
951*4882a593Smuzhiyun s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
952*4882a593Smuzhiyun (*packet_size) += ECRYPTFS_SIG_SIZE;
953*4882a593Smuzhiyun s->cipher_code = data[(*packet_size)++];
954*4882a593Smuzhiyun rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
955*4882a593Smuzhiyun if (rc) {
956*4882a593Smuzhiyun printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
957*4882a593Smuzhiyun __func__, s->cipher_code);
958*4882a593Smuzhiyun goto out;
959*4882a593Smuzhiyun }
960*4882a593Smuzhiyun rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
961*4882a593Smuzhiyun &s->auth_tok, mount_crypt_stat,
962*4882a593Smuzhiyun s->fnek_sig_hex);
963*4882a593Smuzhiyun if (rc) {
964*4882a593Smuzhiyun printk(KERN_ERR "%s: Error attempting to find auth tok for "
965*4882a593Smuzhiyun "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
966*4882a593Smuzhiyun rc);
967*4882a593Smuzhiyun goto out;
968*4882a593Smuzhiyun }
969*4882a593Smuzhiyun rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm,
970*4882a593Smuzhiyun &s->tfm_mutex,
971*4882a593Smuzhiyun s->cipher_string);
972*4882a593Smuzhiyun if (unlikely(rc)) {
973*4882a593Smuzhiyun printk(KERN_ERR "Internal error whilst attempting to get "
974*4882a593Smuzhiyun "tfm and mutex for cipher name [%s]; rc = [%d]\n",
975*4882a593Smuzhiyun s->cipher_string, rc);
976*4882a593Smuzhiyun goto out;
977*4882a593Smuzhiyun }
978*4882a593Smuzhiyun mutex_lock(s->tfm_mutex);
979*4882a593Smuzhiyun rc = virt_to_scatterlist(&data[(*packet_size)],
980*4882a593Smuzhiyun s->block_aligned_filename_size, s->src_sg, 2);
981*4882a593Smuzhiyun if (rc < 1) {
982*4882a593Smuzhiyun printk(KERN_ERR "%s: Internal error whilst attempting to "
983*4882a593Smuzhiyun "convert encrypted filename memory to scatterlist; "
984*4882a593Smuzhiyun "rc = [%d]. block_aligned_filename_size = [%zd]\n",
985*4882a593Smuzhiyun __func__, rc, s->block_aligned_filename_size);
986*4882a593Smuzhiyun goto out_unlock;
987*4882a593Smuzhiyun }
988*4882a593Smuzhiyun (*packet_size) += s->block_aligned_filename_size;
989*4882a593Smuzhiyun s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
990*4882a593Smuzhiyun GFP_KERNEL);
991*4882a593Smuzhiyun if (!s->decrypted_filename) {
992*4882a593Smuzhiyun rc = -ENOMEM;
993*4882a593Smuzhiyun goto out_unlock;
994*4882a593Smuzhiyun }
995*4882a593Smuzhiyun rc = virt_to_scatterlist(s->decrypted_filename,
996*4882a593Smuzhiyun s->block_aligned_filename_size, s->dst_sg, 2);
997*4882a593Smuzhiyun if (rc < 1) {
998*4882a593Smuzhiyun printk(KERN_ERR "%s: Internal error whilst attempting to "
999*4882a593Smuzhiyun "convert decrypted filename memory to scatterlist; "
1000*4882a593Smuzhiyun "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1001*4882a593Smuzhiyun __func__, rc, s->block_aligned_filename_size);
1002*4882a593Smuzhiyun goto out_free_unlock;
1003*4882a593Smuzhiyun }
1004*4882a593Smuzhiyun
1005*4882a593Smuzhiyun s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
1006*4882a593Smuzhiyun if (!s->skcipher_req) {
1007*4882a593Smuzhiyun printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1008*4882a593Smuzhiyun "skcipher_request_alloc for %s\n", __func__,
1009*4882a593Smuzhiyun crypto_skcipher_driver_name(s->skcipher_tfm));
1010*4882a593Smuzhiyun rc = -ENOMEM;
1011*4882a593Smuzhiyun goto out_free_unlock;
1012*4882a593Smuzhiyun }
1013*4882a593Smuzhiyun
1014*4882a593Smuzhiyun skcipher_request_set_callback(s->skcipher_req,
1015*4882a593Smuzhiyun CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1016*4882a593Smuzhiyun
1017*4882a593Smuzhiyun /* The characters in the first block effectively do the job of
1018*4882a593Smuzhiyun * the IV here, so we just use 0's for the IV. Note the
1019*4882a593Smuzhiyun * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1020*4882a593Smuzhiyun * >= ECRYPTFS_MAX_IV_BYTES. */
1021*4882a593Smuzhiyun /* TODO: Support other key modules than passphrase for
1022*4882a593Smuzhiyun * filename encryption */
1023*4882a593Smuzhiyun if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1024*4882a593Smuzhiyun rc = -EOPNOTSUPP;
1025*4882a593Smuzhiyun printk(KERN_INFO "%s: Filename encryption only supports "
1026*4882a593Smuzhiyun "password tokens\n", __func__);
1027*4882a593Smuzhiyun goto out_free_unlock;
1028*4882a593Smuzhiyun }
1029*4882a593Smuzhiyun rc = crypto_skcipher_setkey(
1030*4882a593Smuzhiyun s->skcipher_tfm,
1031*4882a593Smuzhiyun s->auth_tok->token.password.session_key_encryption_key,
1032*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_key_bytes);
1033*4882a593Smuzhiyun if (rc < 0) {
1034*4882a593Smuzhiyun printk(KERN_ERR "%s: Error setting key for crypto context; "
1035*4882a593Smuzhiyun "rc = [%d]. s->auth_tok->token.password.session_key_"
1036*4882a593Smuzhiyun "encryption_key = [0x%p]; mount_crypt_stat->"
1037*4882a593Smuzhiyun "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
1038*4882a593Smuzhiyun rc,
1039*4882a593Smuzhiyun s->auth_tok->token.password.session_key_encryption_key,
1040*4882a593Smuzhiyun mount_crypt_stat->global_default_fn_cipher_key_bytes);
1041*4882a593Smuzhiyun goto out_free_unlock;
1042*4882a593Smuzhiyun }
1043*4882a593Smuzhiyun skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
1044*4882a593Smuzhiyun s->block_aligned_filename_size, s->iv);
1045*4882a593Smuzhiyun rc = crypto_skcipher_decrypt(s->skcipher_req);
1046*4882a593Smuzhiyun if (rc) {
1047*4882a593Smuzhiyun printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1048*4882a593Smuzhiyun "rc = [%d]\n", __func__, rc);
1049*4882a593Smuzhiyun goto out_free_unlock;
1050*4882a593Smuzhiyun }
1051*4882a593Smuzhiyun
1052*4882a593Smuzhiyun while (s->i < s->block_aligned_filename_size &&
1053*4882a593Smuzhiyun s->decrypted_filename[s->i] != '\0')
1054*4882a593Smuzhiyun s->i++;
1055*4882a593Smuzhiyun if (s->i == s->block_aligned_filename_size) {
1056*4882a593Smuzhiyun printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
1057*4882a593Smuzhiyun "find valid separator between random characters and "
1058*4882a593Smuzhiyun "the filename\n", __func__);
1059*4882a593Smuzhiyun rc = -EINVAL;
1060*4882a593Smuzhiyun goto out_free_unlock;
1061*4882a593Smuzhiyun }
1062*4882a593Smuzhiyun s->i++;
1063*4882a593Smuzhiyun (*filename_size) = (s->block_aligned_filename_size - s->i);
1064*4882a593Smuzhiyun if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
1065*4882a593Smuzhiyun printk(KERN_WARNING "%s: Filename size is [%zd], which is "
1066*4882a593Smuzhiyun "invalid\n", __func__, (*filename_size));
1067*4882a593Smuzhiyun rc = -EINVAL;
1068*4882a593Smuzhiyun goto out_free_unlock;
1069*4882a593Smuzhiyun }
1070*4882a593Smuzhiyun (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
1071*4882a593Smuzhiyun if (!(*filename)) {
1072*4882a593Smuzhiyun rc = -ENOMEM;
1073*4882a593Smuzhiyun goto out_free_unlock;
1074*4882a593Smuzhiyun }
1075*4882a593Smuzhiyun memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
1076*4882a593Smuzhiyun (*filename)[(*filename_size)] = '\0';
1077*4882a593Smuzhiyun out_free_unlock:
1078*4882a593Smuzhiyun kfree(s->decrypted_filename);
1079*4882a593Smuzhiyun out_unlock:
1080*4882a593Smuzhiyun mutex_unlock(s->tfm_mutex);
1081*4882a593Smuzhiyun out:
1082*4882a593Smuzhiyun if (rc) {
1083*4882a593Smuzhiyun (*packet_size) = 0;
1084*4882a593Smuzhiyun (*filename_size) = 0;
1085*4882a593Smuzhiyun (*filename) = NULL;
1086*4882a593Smuzhiyun }
1087*4882a593Smuzhiyun if (auth_tok_key) {
1088*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
1089*4882a593Smuzhiyun key_put(auth_tok_key);
1090*4882a593Smuzhiyun }
1091*4882a593Smuzhiyun skcipher_request_free(s->skcipher_req);
1092*4882a593Smuzhiyun kfree(s);
1093*4882a593Smuzhiyun return rc;
1094*4882a593Smuzhiyun }
1095*4882a593Smuzhiyun
1096*4882a593Smuzhiyun static int
ecryptfs_get_auth_tok_sig(char ** sig,struct ecryptfs_auth_tok * auth_tok)1097*4882a593Smuzhiyun ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1098*4882a593Smuzhiyun {
1099*4882a593Smuzhiyun int rc = 0;
1100*4882a593Smuzhiyun
1101*4882a593Smuzhiyun (*sig) = NULL;
1102*4882a593Smuzhiyun switch (auth_tok->token_type) {
1103*4882a593Smuzhiyun case ECRYPTFS_PASSWORD:
1104*4882a593Smuzhiyun (*sig) = auth_tok->token.password.signature;
1105*4882a593Smuzhiyun break;
1106*4882a593Smuzhiyun case ECRYPTFS_PRIVATE_KEY:
1107*4882a593Smuzhiyun (*sig) = auth_tok->token.private_key.signature;
1108*4882a593Smuzhiyun break;
1109*4882a593Smuzhiyun default:
1110*4882a593Smuzhiyun printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1111*4882a593Smuzhiyun auth_tok->token_type);
1112*4882a593Smuzhiyun rc = -EINVAL;
1113*4882a593Smuzhiyun }
1114*4882a593Smuzhiyun return rc;
1115*4882a593Smuzhiyun }
1116*4882a593Smuzhiyun
1117*4882a593Smuzhiyun /**
1118*4882a593Smuzhiyun * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1119*4882a593Smuzhiyun * @auth_tok: The key authentication token used to decrypt the session key
1120*4882a593Smuzhiyun * @crypt_stat: The cryptographic context
1121*4882a593Smuzhiyun *
1122*4882a593Smuzhiyun * Returns zero on success; non-zero error otherwise.
1123*4882a593Smuzhiyun */
1124*4882a593Smuzhiyun static int
decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok * auth_tok,struct ecryptfs_crypt_stat * crypt_stat)1125*4882a593Smuzhiyun decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1126*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat)
1127*4882a593Smuzhiyun {
1128*4882a593Smuzhiyun u8 cipher_code = 0;
1129*4882a593Smuzhiyun struct ecryptfs_msg_ctx *msg_ctx;
1130*4882a593Smuzhiyun struct ecryptfs_message *msg = NULL;
1131*4882a593Smuzhiyun char *auth_tok_sig;
1132*4882a593Smuzhiyun char *payload = NULL;
1133*4882a593Smuzhiyun size_t payload_len = 0;
1134*4882a593Smuzhiyun int rc;
1135*4882a593Smuzhiyun
1136*4882a593Smuzhiyun rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1137*4882a593Smuzhiyun if (rc) {
1138*4882a593Smuzhiyun printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1139*4882a593Smuzhiyun auth_tok->token_type);
1140*4882a593Smuzhiyun goto out;
1141*4882a593Smuzhiyun }
1142*4882a593Smuzhiyun rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1143*4882a593Smuzhiyun &payload, &payload_len);
1144*4882a593Smuzhiyun if (rc) {
1145*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1146*4882a593Smuzhiyun goto out;
1147*4882a593Smuzhiyun }
1148*4882a593Smuzhiyun rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1149*4882a593Smuzhiyun if (rc) {
1150*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error sending message to "
1151*4882a593Smuzhiyun "ecryptfsd: %d\n", rc);
1152*4882a593Smuzhiyun goto out;
1153*4882a593Smuzhiyun }
1154*4882a593Smuzhiyun rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1155*4882a593Smuzhiyun if (rc) {
1156*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1157*4882a593Smuzhiyun "from the user space daemon\n");
1158*4882a593Smuzhiyun rc = -EIO;
1159*4882a593Smuzhiyun goto out;
1160*4882a593Smuzhiyun }
1161*4882a593Smuzhiyun rc = parse_tag_65_packet(&(auth_tok->session_key),
1162*4882a593Smuzhiyun &cipher_code, msg);
1163*4882a593Smuzhiyun if (rc) {
1164*4882a593Smuzhiyun printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1165*4882a593Smuzhiyun rc);
1166*4882a593Smuzhiyun goto out;
1167*4882a593Smuzhiyun }
1168*4882a593Smuzhiyun auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1169*4882a593Smuzhiyun memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1170*4882a593Smuzhiyun auth_tok->session_key.decrypted_key_size);
1171*4882a593Smuzhiyun crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1172*4882a593Smuzhiyun rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1173*4882a593Smuzhiyun if (rc) {
1174*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1175*4882a593Smuzhiyun cipher_code)
1176*4882a593Smuzhiyun goto out;
1177*4882a593Smuzhiyun }
1178*4882a593Smuzhiyun crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1179*4882a593Smuzhiyun if (ecryptfs_verbosity > 0) {
1180*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1181*4882a593Smuzhiyun ecryptfs_dump_hex(crypt_stat->key,
1182*4882a593Smuzhiyun crypt_stat->key_size);
1183*4882a593Smuzhiyun }
1184*4882a593Smuzhiyun out:
1185*4882a593Smuzhiyun kfree(msg);
1186*4882a593Smuzhiyun kfree(payload);
1187*4882a593Smuzhiyun return rc;
1188*4882a593Smuzhiyun }
1189*4882a593Smuzhiyun
wipe_auth_tok_list(struct list_head * auth_tok_list_head)1190*4882a593Smuzhiyun static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1191*4882a593Smuzhiyun {
1192*4882a593Smuzhiyun struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1193*4882a593Smuzhiyun struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1194*4882a593Smuzhiyun
1195*4882a593Smuzhiyun list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1196*4882a593Smuzhiyun auth_tok_list_head, list) {
1197*4882a593Smuzhiyun list_del(&auth_tok_list_item->list);
1198*4882a593Smuzhiyun kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1199*4882a593Smuzhiyun auth_tok_list_item);
1200*4882a593Smuzhiyun }
1201*4882a593Smuzhiyun }
1202*4882a593Smuzhiyun
1203*4882a593Smuzhiyun struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1204*4882a593Smuzhiyun
1205*4882a593Smuzhiyun /**
1206*4882a593Smuzhiyun * parse_tag_1_packet
1207*4882a593Smuzhiyun * @crypt_stat: The cryptographic context to modify based on packet contents
1208*4882a593Smuzhiyun * @data: The raw bytes of the packet.
1209*4882a593Smuzhiyun * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1210*4882a593Smuzhiyun * a new authentication token will be placed at the
1211*4882a593Smuzhiyun * end of this list for this packet.
1212*4882a593Smuzhiyun * @new_auth_tok: Pointer to a pointer to memory that this function
1213*4882a593Smuzhiyun * allocates; sets the memory address of the pointer to
1214*4882a593Smuzhiyun * NULL on error. This object is added to the
1215*4882a593Smuzhiyun * auth_tok_list.
1216*4882a593Smuzhiyun * @packet_size: This function writes the size of the parsed packet
1217*4882a593Smuzhiyun * into this memory location; zero on error.
1218*4882a593Smuzhiyun * @max_packet_size: The maximum allowable packet size
1219*4882a593Smuzhiyun *
1220*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
1221*4882a593Smuzhiyun */
1222*4882a593Smuzhiyun static int
parse_tag_1_packet(struct ecryptfs_crypt_stat * crypt_stat,unsigned char * data,struct list_head * auth_tok_list,struct ecryptfs_auth_tok ** new_auth_tok,size_t * packet_size,size_t max_packet_size)1223*4882a593Smuzhiyun parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1224*4882a593Smuzhiyun unsigned char *data, struct list_head *auth_tok_list,
1225*4882a593Smuzhiyun struct ecryptfs_auth_tok **new_auth_tok,
1226*4882a593Smuzhiyun size_t *packet_size, size_t max_packet_size)
1227*4882a593Smuzhiyun {
1228*4882a593Smuzhiyun size_t body_size;
1229*4882a593Smuzhiyun struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1230*4882a593Smuzhiyun size_t length_size;
1231*4882a593Smuzhiyun int rc = 0;
1232*4882a593Smuzhiyun
1233*4882a593Smuzhiyun (*packet_size) = 0;
1234*4882a593Smuzhiyun (*new_auth_tok) = NULL;
1235*4882a593Smuzhiyun /**
1236*4882a593Smuzhiyun * This format is inspired by OpenPGP; see RFC 2440
1237*4882a593Smuzhiyun * packet tag 1
1238*4882a593Smuzhiyun *
1239*4882a593Smuzhiyun * Tag 1 identifier (1 byte)
1240*4882a593Smuzhiyun * Max Tag 1 packet size (max 3 bytes)
1241*4882a593Smuzhiyun * Version (1 byte)
1242*4882a593Smuzhiyun * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1243*4882a593Smuzhiyun * Cipher identifier (1 byte)
1244*4882a593Smuzhiyun * Encrypted key size (arbitrary)
1245*4882a593Smuzhiyun *
1246*4882a593Smuzhiyun * 12 bytes minimum packet size
1247*4882a593Smuzhiyun */
1248*4882a593Smuzhiyun if (unlikely(max_packet_size < 12)) {
1249*4882a593Smuzhiyun printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1250*4882a593Smuzhiyun rc = -EINVAL;
1251*4882a593Smuzhiyun goto out;
1252*4882a593Smuzhiyun }
1253*4882a593Smuzhiyun if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1254*4882a593Smuzhiyun printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1255*4882a593Smuzhiyun ECRYPTFS_TAG_1_PACKET_TYPE);
1256*4882a593Smuzhiyun rc = -EINVAL;
1257*4882a593Smuzhiyun goto out;
1258*4882a593Smuzhiyun }
1259*4882a593Smuzhiyun /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1260*4882a593Smuzhiyun * at end of function upon failure */
1261*4882a593Smuzhiyun auth_tok_list_item =
1262*4882a593Smuzhiyun kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1263*4882a593Smuzhiyun GFP_KERNEL);
1264*4882a593Smuzhiyun if (!auth_tok_list_item) {
1265*4882a593Smuzhiyun printk(KERN_ERR "Unable to allocate memory\n");
1266*4882a593Smuzhiyun rc = -ENOMEM;
1267*4882a593Smuzhiyun goto out;
1268*4882a593Smuzhiyun }
1269*4882a593Smuzhiyun (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1270*4882a593Smuzhiyun rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1271*4882a593Smuzhiyun &length_size);
1272*4882a593Smuzhiyun if (rc) {
1273*4882a593Smuzhiyun printk(KERN_WARNING "Error parsing packet length; "
1274*4882a593Smuzhiyun "rc = [%d]\n", rc);
1275*4882a593Smuzhiyun goto out_free;
1276*4882a593Smuzhiyun }
1277*4882a593Smuzhiyun if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1278*4882a593Smuzhiyun printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1279*4882a593Smuzhiyun rc = -EINVAL;
1280*4882a593Smuzhiyun goto out_free;
1281*4882a593Smuzhiyun }
1282*4882a593Smuzhiyun (*packet_size) += length_size;
1283*4882a593Smuzhiyun if (unlikely((*packet_size) + body_size > max_packet_size)) {
1284*4882a593Smuzhiyun printk(KERN_WARNING "Packet size exceeds max\n");
1285*4882a593Smuzhiyun rc = -EINVAL;
1286*4882a593Smuzhiyun goto out_free;
1287*4882a593Smuzhiyun }
1288*4882a593Smuzhiyun if (unlikely(data[(*packet_size)++] != 0x03)) {
1289*4882a593Smuzhiyun printk(KERN_WARNING "Unknown version number [%d]\n",
1290*4882a593Smuzhiyun data[(*packet_size) - 1]);
1291*4882a593Smuzhiyun rc = -EINVAL;
1292*4882a593Smuzhiyun goto out_free;
1293*4882a593Smuzhiyun }
1294*4882a593Smuzhiyun ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1295*4882a593Smuzhiyun &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1296*4882a593Smuzhiyun *packet_size += ECRYPTFS_SIG_SIZE;
1297*4882a593Smuzhiyun /* This byte is skipped because the kernel does not need to
1298*4882a593Smuzhiyun * know which public key encryption algorithm was used */
1299*4882a593Smuzhiyun (*packet_size)++;
1300*4882a593Smuzhiyun (*new_auth_tok)->session_key.encrypted_key_size =
1301*4882a593Smuzhiyun body_size - (ECRYPTFS_SIG_SIZE + 2);
1302*4882a593Smuzhiyun if ((*new_auth_tok)->session_key.encrypted_key_size
1303*4882a593Smuzhiyun > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1304*4882a593Smuzhiyun printk(KERN_WARNING "Tag 1 packet contains key larger "
1305*4882a593Smuzhiyun "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1306*4882a593Smuzhiyun rc = -EINVAL;
1307*4882a593Smuzhiyun goto out_free;
1308*4882a593Smuzhiyun }
1309*4882a593Smuzhiyun memcpy((*new_auth_tok)->session_key.encrypted_key,
1310*4882a593Smuzhiyun &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1311*4882a593Smuzhiyun (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1312*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags &=
1313*4882a593Smuzhiyun ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1314*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags |=
1315*4882a593Smuzhiyun ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1316*4882a593Smuzhiyun (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1317*4882a593Smuzhiyun (*new_auth_tok)->flags = 0;
1318*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags &=
1319*4882a593Smuzhiyun ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1320*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags &=
1321*4882a593Smuzhiyun ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1322*4882a593Smuzhiyun list_add(&auth_tok_list_item->list, auth_tok_list);
1323*4882a593Smuzhiyun goto out;
1324*4882a593Smuzhiyun out_free:
1325*4882a593Smuzhiyun (*new_auth_tok) = NULL;
1326*4882a593Smuzhiyun memset(auth_tok_list_item, 0,
1327*4882a593Smuzhiyun sizeof(struct ecryptfs_auth_tok_list_item));
1328*4882a593Smuzhiyun kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1329*4882a593Smuzhiyun auth_tok_list_item);
1330*4882a593Smuzhiyun out:
1331*4882a593Smuzhiyun if (rc)
1332*4882a593Smuzhiyun (*packet_size) = 0;
1333*4882a593Smuzhiyun return rc;
1334*4882a593Smuzhiyun }
1335*4882a593Smuzhiyun
1336*4882a593Smuzhiyun /**
1337*4882a593Smuzhiyun * parse_tag_3_packet
1338*4882a593Smuzhiyun * @crypt_stat: The cryptographic context to modify based on packet
1339*4882a593Smuzhiyun * contents.
1340*4882a593Smuzhiyun * @data: The raw bytes of the packet.
1341*4882a593Smuzhiyun * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1342*4882a593Smuzhiyun * a new authentication token will be placed at the end
1343*4882a593Smuzhiyun * of this list for this packet.
1344*4882a593Smuzhiyun * @new_auth_tok: Pointer to a pointer to memory that this function
1345*4882a593Smuzhiyun * allocates; sets the memory address of the pointer to
1346*4882a593Smuzhiyun * NULL on error. This object is added to the
1347*4882a593Smuzhiyun * auth_tok_list.
1348*4882a593Smuzhiyun * @packet_size: This function writes the size of the parsed packet
1349*4882a593Smuzhiyun * into this memory location; zero on error.
1350*4882a593Smuzhiyun * @max_packet_size: maximum number of bytes to parse
1351*4882a593Smuzhiyun *
1352*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
1353*4882a593Smuzhiyun */
1354*4882a593Smuzhiyun static int
parse_tag_3_packet(struct ecryptfs_crypt_stat * crypt_stat,unsigned char * data,struct list_head * auth_tok_list,struct ecryptfs_auth_tok ** new_auth_tok,size_t * packet_size,size_t max_packet_size)1355*4882a593Smuzhiyun parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1356*4882a593Smuzhiyun unsigned char *data, struct list_head *auth_tok_list,
1357*4882a593Smuzhiyun struct ecryptfs_auth_tok **new_auth_tok,
1358*4882a593Smuzhiyun size_t *packet_size, size_t max_packet_size)
1359*4882a593Smuzhiyun {
1360*4882a593Smuzhiyun size_t body_size;
1361*4882a593Smuzhiyun struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1362*4882a593Smuzhiyun size_t length_size;
1363*4882a593Smuzhiyun int rc = 0;
1364*4882a593Smuzhiyun
1365*4882a593Smuzhiyun (*packet_size) = 0;
1366*4882a593Smuzhiyun (*new_auth_tok) = NULL;
1367*4882a593Smuzhiyun /**
1368*4882a593Smuzhiyun *This format is inspired by OpenPGP; see RFC 2440
1369*4882a593Smuzhiyun * packet tag 3
1370*4882a593Smuzhiyun *
1371*4882a593Smuzhiyun * Tag 3 identifier (1 byte)
1372*4882a593Smuzhiyun * Max Tag 3 packet size (max 3 bytes)
1373*4882a593Smuzhiyun * Version (1 byte)
1374*4882a593Smuzhiyun * Cipher code (1 byte)
1375*4882a593Smuzhiyun * S2K specifier (1 byte)
1376*4882a593Smuzhiyun * Hash identifier (1 byte)
1377*4882a593Smuzhiyun * Salt (ECRYPTFS_SALT_SIZE)
1378*4882a593Smuzhiyun * Hash iterations (1 byte)
1379*4882a593Smuzhiyun * Encrypted key (arbitrary)
1380*4882a593Smuzhiyun *
1381*4882a593Smuzhiyun * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1382*4882a593Smuzhiyun */
1383*4882a593Smuzhiyun if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1384*4882a593Smuzhiyun printk(KERN_ERR "Max packet size too large\n");
1385*4882a593Smuzhiyun rc = -EINVAL;
1386*4882a593Smuzhiyun goto out;
1387*4882a593Smuzhiyun }
1388*4882a593Smuzhiyun if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1389*4882a593Smuzhiyun printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1390*4882a593Smuzhiyun ECRYPTFS_TAG_3_PACKET_TYPE);
1391*4882a593Smuzhiyun rc = -EINVAL;
1392*4882a593Smuzhiyun goto out;
1393*4882a593Smuzhiyun }
1394*4882a593Smuzhiyun /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1395*4882a593Smuzhiyun * at end of function upon failure */
1396*4882a593Smuzhiyun auth_tok_list_item =
1397*4882a593Smuzhiyun kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1398*4882a593Smuzhiyun if (!auth_tok_list_item) {
1399*4882a593Smuzhiyun printk(KERN_ERR "Unable to allocate memory\n");
1400*4882a593Smuzhiyun rc = -ENOMEM;
1401*4882a593Smuzhiyun goto out;
1402*4882a593Smuzhiyun }
1403*4882a593Smuzhiyun (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1404*4882a593Smuzhiyun rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1405*4882a593Smuzhiyun &length_size);
1406*4882a593Smuzhiyun if (rc) {
1407*4882a593Smuzhiyun printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1408*4882a593Smuzhiyun rc);
1409*4882a593Smuzhiyun goto out_free;
1410*4882a593Smuzhiyun }
1411*4882a593Smuzhiyun if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1412*4882a593Smuzhiyun printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1413*4882a593Smuzhiyun rc = -EINVAL;
1414*4882a593Smuzhiyun goto out_free;
1415*4882a593Smuzhiyun }
1416*4882a593Smuzhiyun (*packet_size) += length_size;
1417*4882a593Smuzhiyun if (unlikely((*packet_size) + body_size > max_packet_size)) {
1418*4882a593Smuzhiyun printk(KERN_ERR "Packet size exceeds max\n");
1419*4882a593Smuzhiyun rc = -EINVAL;
1420*4882a593Smuzhiyun goto out_free;
1421*4882a593Smuzhiyun }
1422*4882a593Smuzhiyun (*new_auth_tok)->session_key.encrypted_key_size =
1423*4882a593Smuzhiyun (body_size - (ECRYPTFS_SALT_SIZE + 5));
1424*4882a593Smuzhiyun if ((*new_auth_tok)->session_key.encrypted_key_size
1425*4882a593Smuzhiyun > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1426*4882a593Smuzhiyun printk(KERN_WARNING "Tag 3 packet contains key larger "
1427*4882a593Smuzhiyun "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1428*4882a593Smuzhiyun rc = -EINVAL;
1429*4882a593Smuzhiyun goto out_free;
1430*4882a593Smuzhiyun }
1431*4882a593Smuzhiyun if (unlikely(data[(*packet_size)++] != 0x04)) {
1432*4882a593Smuzhiyun printk(KERN_WARNING "Unknown version number [%d]\n",
1433*4882a593Smuzhiyun data[(*packet_size) - 1]);
1434*4882a593Smuzhiyun rc = -EINVAL;
1435*4882a593Smuzhiyun goto out_free;
1436*4882a593Smuzhiyun }
1437*4882a593Smuzhiyun rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1438*4882a593Smuzhiyun (u16)data[(*packet_size)]);
1439*4882a593Smuzhiyun if (rc)
1440*4882a593Smuzhiyun goto out_free;
1441*4882a593Smuzhiyun /* A little extra work to differentiate among the AES key
1442*4882a593Smuzhiyun * sizes; see RFC2440 */
1443*4882a593Smuzhiyun switch(data[(*packet_size)++]) {
1444*4882a593Smuzhiyun case RFC2440_CIPHER_AES_192:
1445*4882a593Smuzhiyun crypt_stat->key_size = 24;
1446*4882a593Smuzhiyun break;
1447*4882a593Smuzhiyun default:
1448*4882a593Smuzhiyun crypt_stat->key_size =
1449*4882a593Smuzhiyun (*new_auth_tok)->session_key.encrypted_key_size;
1450*4882a593Smuzhiyun }
1451*4882a593Smuzhiyun rc = ecryptfs_init_crypt_ctx(crypt_stat);
1452*4882a593Smuzhiyun if (rc)
1453*4882a593Smuzhiyun goto out_free;
1454*4882a593Smuzhiyun if (unlikely(data[(*packet_size)++] != 0x03)) {
1455*4882a593Smuzhiyun printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1456*4882a593Smuzhiyun rc = -ENOSYS;
1457*4882a593Smuzhiyun goto out_free;
1458*4882a593Smuzhiyun }
1459*4882a593Smuzhiyun /* TODO: finish the hash mapping */
1460*4882a593Smuzhiyun switch (data[(*packet_size)++]) {
1461*4882a593Smuzhiyun case 0x01: /* See RFC2440 for these numbers and their mappings */
1462*4882a593Smuzhiyun /* Choose MD5 */
1463*4882a593Smuzhiyun memcpy((*new_auth_tok)->token.password.salt,
1464*4882a593Smuzhiyun &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1465*4882a593Smuzhiyun (*packet_size) += ECRYPTFS_SALT_SIZE;
1466*4882a593Smuzhiyun /* This conversion was taken straight from RFC2440 */
1467*4882a593Smuzhiyun (*new_auth_tok)->token.password.hash_iterations =
1468*4882a593Smuzhiyun ((u32) 16 + (data[(*packet_size)] & 15))
1469*4882a593Smuzhiyun << ((data[(*packet_size)] >> 4) + 6);
1470*4882a593Smuzhiyun (*packet_size)++;
1471*4882a593Smuzhiyun /* Friendly reminder:
1472*4882a593Smuzhiyun * (*new_auth_tok)->session_key.encrypted_key_size =
1473*4882a593Smuzhiyun * (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1474*4882a593Smuzhiyun memcpy((*new_auth_tok)->session_key.encrypted_key,
1475*4882a593Smuzhiyun &data[(*packet_size)],
1476*4882a593Smuzhiyun (*new_auth_tok)->session_key.encrypted_key_size);
1477*4882a593Smuzhiyun (*packet_size) +=
1478*4882a593Smuzhiyun (*new_auth_tok)->session_key.encrypted_key_size;
1479*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags &=
1480*4882a593Smuzhiyun ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1481*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags |=
1482*4882a593Smuzhiyun ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1483*4882a593Smuzhiyun (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1484*4882a593Smuzhiyun break;
1485*4882a593Smuzhiyun default:
1486*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1487*4882a593Smuzhiyun "[%d]\n", data[(*packet_size) - 1]);
1488*4882a593Smuzhiyun rc = -ENOSYS;
1489*4882a593Smuzhiyun goto out_free;
1490*4882a593Smuzhiyun }
1491*4882a593Smuzhiyun (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1492*4882a593Smuzhiyun /* TODO: Parametarize; we might actually want userspace to
1493*4882a593Smuzhiyun * decrypt the session key. */
1494*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags &=
1495*4882a593Smuzhiyun ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1496*4882a593Smuzhiyun (*new_auth_tok)->session_key.flags &=
1497*4882a593Smuzhiyun ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1498*4882a593Smuzhiyun list_add(&auth_tok_list_item->list, auth_tok_list);
1499*4882a593Smuzhiyun goto out;
1500*4882a593Smuzhiyun out_free:
1501*4882a593Smuzhiyun (*new_auth_tok) = NULL;
1502*4882a593Smuzhiyun memset(auth_tok_list_item, 0,
1503*4882a593Smuzhiyun sizeof(struct ecryptfs_auth_tok_list_item));
1504*4882a593Smuzhiyun kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1505*4882a593Smuzhiyun auth_tok_list_item);
1506*4882a593Smuzhiyun out:
1507*4882a593Smuzhiyun if (rc)
1508*4882a593Smuzhiyun (*packet_size) = 0;
1509*4882a593Smuzhiyun return rc;
1510*4882a593Smuzhiyun }
1511*4882a593Smuzhiyun
1512*4882a593Smuzhiyun /**
1513*4882a593Smuzhiyun * parse_tag_11_packet
1514*4882a593Smuzhiyun * @data: The raw bytes of the packet
1515*4882a593Smuzhiyun * @contents: This function writes the data contents of the literal
1516*4882a593Smuzhiyun * packet into this memory location
1517*4882a593Smuzhiyun * @max_contents_bytes: The maximum number of bytes that this function
1518*4882a593Smuzhiyun * is allowed to write into contents
1519*4882a593Smuzhiyun * @tag_11_contents_size: This function writes the size of the parsed
1520*4882a593Smuzhiyun * contents into this memory location; zero on
1521*4882a593Smuzhiyun * error
1522*4882a593Smuzhiyun * @packet_size: This function writes the size of the parsed packet
1523*4882a593Smuzhiyun * into this memory location; zero on error
1524*4882a593Smuzhiyun * @max_packet_size: maximum number of bytes to parse
1525*4882a593Smuzhiyun *
1526*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
1527*4882a593Smuzhiyun */
1528*4882a593Smuzhiyun static int
parse_tag_11_packet(unsigned char * data,unsigned char * contents,size_t max_contents_bytes,size_t * tag_11_contents_size,size_t * packet_size,size_t max_packet_size)1529*4882a593Smuzhiyun parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1530*4882a593Smuzhiyun size_t max_contents_bytes, size_t *tag_11_contents_size,
1531*4882a593Smuzhiyun size_t *packet_size, size_t max_packet_size)
1532*4882a593Smuzhiyun {
1533*4882a593Smuzhiyun size_t body_size;
1534*4882a593Smuzhiyun size_t length_size;
1535*4882a593Smuzhiyun int rc = 0;
1536*4882a593Smuzhiyun
1537*4882a593Smuzhiyun (*packet_size) = 0;
1538*4882a593Smuzhiyun (*tag_11_contents_size) = 0;
1539*4882a593Smuzhiyun /* This format is inspired by OpenPGP; see RFC 2440
1540*4882a593Smuzhiyun * packet tag 11
1541*4882a593Smuzhiyun *
1542*4882a593Smuzhiyun * Tag 11 identifier (1 byte)
1543*4882a593Smuzhiyun * Max Tag 11 packet size (max 3 bytes)
1544*4882a593Smuzhiyun * Binary format specifier (1 byte)
1545*4882a593Smuzhiyun * Filename length (1 byte)
1546*4882a593Smuzhiyun * Filename ("_CONSOLE") (8 bytes)
1547*4882a593Smuzhiyun * Modification date (4 bytes)
1548*4882a593Smuzhiyun * Literal data (arbitrary)
1549*4882a593Smuzhiyun *
1550*4882a593Smuzhiyun * We need at least 16 bytes of data for the packet to even be
1551*4882a593Smuzhiyun * valid.
1552*4882a593Smuzhiyun */
1553*4882a593Smuzhiyun if (max_packet_size < 16) {
1554*4882a593Smuzhiyun printk(KERN_ERR "Maximum packet size too small\n");
1555*4882a593Smuzhiyun rc = -EINVAL;
1556*4882a593Smuzhiyun goto out;
1557*4882a593Smuzhiyun }
1558*4882a593Smuzhiyun if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1559*4882a593Smuzhiyun printk(KERN_WARNING "Invalid tag 11 packet format\n");
1560*4882a593Smuzhiyun rc = -EINVAL;
1561*4882a593Smuzhiyun goto out;
1562*4882a593Smuzhiyun }
1563*4882a593Smuzhiyun rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1564*4882a593Smuzhiyun &length_size);
1565*4882a593Smuzhiyun if (rc) {
1566*4882a593Smuzhiyun printk(KERN_WARNING "Invalid tag 11 packet format\n");
1567*4882a593Smuzhiyun goto out;
1568*4882a593Smuzhiyun }
1569*4882a593Smuzhiyun if (body_size < 14) {
1570*4882a593Smuzhiyun printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1571*4882a593Smuzhiyun rc = -EINVAL;
1572*4882a593Smuzhiyun goto out;
1573*4882a593Smuzhiyun }
1574*4882a593Smuzhiyun (*packet_size) += length_size;
1575*4882a593Smuzhiyun (*tag_11_contents_size) = (body_size - 14);
1576*4882a593Smuzhiyun if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1577*4882a593Smuzhiyun printk(KERN_ERR "Packet size exceeds max\n");
1578*4882a593Smuzhiyun rc = -EINVAL;
1579*4882a593Smuzhiyun goto out;
1580*4882a593Smuzhiyun }
1581*4882a593Smuzhiyun if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1582*4882a593Smuzhiyun printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1583*4882a593Smuzhiyun "expected size\n");
1584*4882a593Smuzhiyun rc = -EINVAL;
1585*4882a593Smuzhiyun goto out;
1586*4882a593Smuzhiyun }
1587*4882a593Smuzhiyun if (data[(*packet_size)++] != 0x62) {
1588*4882a593Smuzhiyun printk(KERN_WARNING "Unrecognizable packet\n");
1589*4882a593Smuzhiyun rc = -EINVAL;
1590*4882a593Smuzhiyun goto out;
1591*4882a593Smuzhiyun }
1592*4882a593Smuzhiyun if (data[(*packet_size)++] != 0x08) {
1593*4882a593Smuzhiyun printk(KERN_WARNING "Unrecognizable packet\n");
1594*4882a593Smuzhiyun rc = -EINVAL;
1595*4882a593Smuzhiyun goto out;
1596*4882a593Smuzhiyun }
1597*4882a593Smuzhiyun (*packet_size) += 12; /* Ignore filename and modification date */
1598*4882a593Smuzhiyun memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1599*4882a593Smuzhiyun (*packet_size) += (*tag_11_contents_size);
1600*4882a593Smuzhiyun out:
1601*4882a593Smuzhiyun if (rc) {
1602*4882a593Smuzhiyun (*packet_size) = 0;
1603*4882a593Smuzhiyun (*tag_11_contents_size) = 0;
1604*4882a593Smuzhiyun }
1605*4882a593Smuzhiyun return rc;
1606*4882a593Smuzhiyun }
1607*4882a593Smuzhiyun
ecryptfs_keyring_auth_tok_for_sig(struct key ** auth_tok_key,struct ecryptfs_auth_tok ** auth_tok,char * sig)1608*4882a593Smuzhiyun int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1609*4882a593Smuzhiyun struct ecryptfs_auth_tok **auth_tok,
1610*4882a593Smuzhiyun char *sig)
1611*4882a593Smuzhiyun {
1612*4882a593Smuzhiyun int rc = 0;
1613*4882a593Smuzhiyun
1614*4882a593Smuzhiyun (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1615*4882a593Smuzhiyun if (IS_ERR(*auth_tok_key)) {
1616*4882a593Smuzhiyun (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
1617*4882a593Smuzhiyun if (IS_ERR(*auth_tok_key)) {
1618*4882a593Smuzhiyun printk(KERN_ERR "Could not find key with description: [%s]\n",
1619*4882a593Smuzhiyun sig);
1620*4882a593Smuzhiyun rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1621*4882a593Smuzhiyun (*auth_tok_key) = NULL;
1622*4882a593Smuzhiyun goto out;
1623*4882a593Smuzhiyun }
1624*4882a593Smuzhiyun }
1625*4882a593Smuzhiyun down_write(&(*auth_tok_key)->sem);
1626*4882a593Smuzhiyun rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1627*4882a593Smuzhiyun if (rc) {
1628*4882a593Smuzhiyun up_write(&(*auth_tok_key)->sem);
1629*4882a593Smuzhiyun key_put(*auth_tok_key);
1630*4882a593Smuzhiyun (*auth_tok_key) = NULL;
1631*4882a593Smuzhiyun goto out;
1632*4882a593Smuzhiyun }
1633*4882a593Smuzhiyun out:
1634*4882a593Smuzhiyun return rc;
1635*4882a593Smuzhiyun }
1636*4882a593Smuzhiyun
1637*4882a593Smuzhiyun /**
1638*4882a593Smuzhiyun * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1639*4882a593Smuzhiyun * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1640*4882a593Smuzhiyun * @crypt_stat: The cryptographic context
1641*4882a593Smuzhiyun *
1642*4882a593Smuzhiyun * Returns zero on success; non-zero error otherwise
1643*4882a593Smuzhiyun */
1644*4882a593Smuzhiyun static int
decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok * auth_tok,struct ecryptfs_crypt_stat * crypt_stat)1645*4882a593Smuzhiyun decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1646*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat)
1647*4882a593Smuzhiyun {
1648*4882a593Smuzhiyun struct scatterlist dst_sg[2];
1649*4882a593Smuzhiyun struct scatterlist src_sg[2];
1650*4882a593Smuzhiyun struct mutex *tfm_mutex;
1651*4882a593Smuzhiyun struct crypto_skcipher *tfm;
1652*4882a593Smuzhiyun struct skcipher_request *req = NULL;
1653*4882a593Smuzhiyun int rc = 0;
1654*4882a593Smuzhiyun
1655*4882a593Smuzhiyun if (unlikely(ecryptfs_verbosity > 0)) {
1656*4882a593Smuzhiyun ecryptfs_printk(
1657*4882a593Smuzhiyun KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1658*4882a593Smuzhiyun auth_tok->token.password.session_key_encryption_key_bytes);
1659*4882a593Smuzhiyun ecryptfs_dump_hex(
1660*4882a593Smuzhiyun auth_tok->token.password.session_key_encryption_key,
1661*4882a593Smuzhiyun auth_tok->token.password.session_key_encryption_key_bytes);
1662*4882a593Smuzhiyun }
1663*4882a593Smuzhiyun rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
1664*4882a593Smuzhiyun crypt_stat->cipher);
1665*4882a593Smuzhiyun if (unlikely(rc)) {
1666*4882a593Smuzhiyun printk(KERN_ERR "Internal error whilst attempting to get "
1667*4882a593Smuzhiyun "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1668*4882a593Smuzhiyun crypt_stat->cipher, rc);
1669*4882a593Smuzhiyun goto out;
1670*4882a593Smuzhiyun }
1671*4882a593Smuzhiyun rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1672*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size,
1673*4882a593Smuzhiyun src_sg, 2);
1674*4882a593Smuzhiyun if (rc < 1 || rc > 2) {
1675*4882a593Smuzhiyun printk(KERN_ERR "Internal error whilst attempting to convert "
1676*4882a593Smuzhiyun "auth_tok->session_key.encrypted_key to scatterlist; "
1677*4882a593Smuzhiyun "expected rc = 1; got rc = [%d]. "
1678*4882a593Smuzhiyun "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1679*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size);
1680*4882a593Smuzhiyun goto out;
1681*4882a593Smuzhiyun }
1682*4882a593Smuzhiyun auth_tok->session_key.decrypted_key_size =
1683*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size;
1684*4882a593Smuzhiyun rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1685*4882a593Smuzhiyun auth_tok->session_key.decrypted_key_size,
1686*4882a593Smuzhiyun dst_sg, 2);
1687*4882a593Smuzhiyun if (rc < 1 || rc > 2) {
1688*4882a593Smuzhiyun printk(KERN_ERR "Internal error whilst attempting to convert "
1689*4882a593Smuzhiyun "auth_tok->session_key.decrypted_key to scatterlist; "
1690*4882a593Smuzhiyun "expected rc = 1; got rc = [%d]\n", rc);
1691*4882a593Smuzhiyun goto out;
1692*4882a593Smuzhiyun }
1693*4882a593Smuzhiyun mutex_lock(tfm_mutex);
1694*4882a593Smuzhiyun req = skcipher_request_alloc(tfm, GFP_KERNEL);
1695*4882a593Smuzhiyun if (!req) {
1696*4882a593Smuzhiyun mutex_unlock(tfm_mutex);
1697*4882a593Smuzhiyun printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1698*4882a593Smuzhiyun "skcipher_request_alloc for %s\n", __func__,
1699*4882a593Smuzhiyun crypto_skcipher_driver_name(tfm));
1700*4882a593Smuzhiyun rc = -ENOMEM;
1701*4882a593Smuzhiyun goto out;
1702*4882a593Smuzhiyun }
1703*4882a593Smuzhiyun
1704*4882a593Smuzhiyun skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1705*4882a593Smuzhiyun NULL, NULL);
1706*4882a593Smuzhiyun rc = crypto_skcipher_setkey(
1707*4882a593Smuzhiyun tfm, auth_tok->token.password.session_key_encryption_key,
1708*4882a593Smuzhiyun crypt_stat->key_size);
1709*4882a593Smuzhiyun if (unlikely(rc < 0)) {
1710*4882a593Smuzhiyun mutex_unlock(tfm_mutex);
1711*4882a593Smuzhiyun printk(KERN_ERR "Error setting key for crypto context\n");
1712*4882a593Smuzhiyun rc = -EINVAL;
1713*4882a593Smuzhiyun goto out;
1714*4882a593Smuzhiyun }
1715*4882a593Smuzhiyun skcipher_request_set_crypt(req, src_sg, dst_sg,
1716*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size,
1717*4882a593Smuzhiyun NULL);
1718*4882a593Smuzhiyun rc = crypto_skcipher_decrypt(req);
1719*4882a593Smuzhiyun mutex_unlock(tfm_mutex);
1720*4882a593Smuzhiyun if (unlikely(rc)) {
1721*4882a593Smuzhiyun printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1722*4882a593Smuzhiyun goto out;
1723*4882a593Smuzhiyun }
1724*4882a593Smuzhiyun auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1725*4882a593Smuzhiyun memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1726*4882a593Smuzhiyun auth_tok->session_key.decrypted_key_size);
1727*4882a593Smuzhiyun crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1728*4882a593Smuzhiyun if (unlikely(ecryptfs_verbosity > 0)) {
1729*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1730*4882a593Smuzhiyun crypt_stat->key_size);
1731*4882a593Smuzhiyun ecryptfs_dump_hex(crypt_stat->key,
1732*4882a593Smuzhiyun crypt_stat->key_size);
1733*4882a593Smuzhiyun }
1734*4882a593Smuzhiyun out:
1735*4882a593Smuzhiyun skcipher_request_free(req);
1736*4882a593Smuzhiyun return rc;
1737*4882a593Smuzhiyun }
1738*4882a593Smuzhiyun
1739*4882a593Smuzhiyun /**
1740*4882a593Smuzhiyun * ecryptfs_parse_packet_set
1741*4882a593Smuzhiyun * @crypt_stat: The cryptographic context
1742*4882a593Smuzhiyun * @src: Virtual address of region of memory containing the packets
1743*4882a593Smuzhiyun * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1744*4882a593Smuzhiyun *
1745*4882a593Smuzhiyun * Get crypt_stat to have the file's session key if the requisite key
1746*4882a593Smuzhiyun * is available to decrypt the session key.
1747*4882a593Smuzhiyun *
1748*4882a593Smuzhiyun * Returns Zero if a valid authentication token was retrieved and
1749*4882a593Smuzhiyun * processed; negative value for file not encrypted or for error
1750*4882a593Smuzhiyun * conditions.
1751*4882a593Smuzhiyun */
ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat * crypt_stat,unsigned char * src,struct dentry * ecryptfs_dentry)1752*4882a593Smuzhiyun int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1753*4882a593Smuzhiyun unsigned char *src,
1754*4882a593Smuzhiyun struct dentry *ecryptfs_dentry)
1755*4882a593Smuzhiyun {
1756*4882a593Smuzhiyun size_t i = 0;
1757*4882a593Smuzhiyun size_t found_auth_tok;
1758*4882a593Smuzhiyun size_t next_packet_is_auth_tok_packet;
1759*4882a593Smuzhiyun struct list_head auth_tok_list;
1760*4882a593Smuzhiyun struct ecryptfs_auth_tok *matching_auth_tok;
1761*4882a593Smuzhiyun struct ecryptfs_auth_tok *candidate_auth_tok;
1762*4882a593Smuzhiyun char *candidate_auth_tok_sig;
1763*4882a593Smuzhiyun size_t packet_size;
1764*4882a593Smuzhiyun struct ecryptfs_auth_tok *new_auth_tok;
1765*4882a593Smuzhiyun unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1766*4882a593Smuzhiyun struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1767*4882a593Smuzhiyun size_t tag_11_contents_size;
1768*4882a593Smuzhiyun size_t tag_11_packet_size;
1769*4882a593Smuzhiyun struct key *auth_tok_key = NULL;
1770*4882a593Smuzhiyun int rc = 0;
1771*4882a593Smuzhiyun
1772*4882a593Smuzhiyun INIT_LIST_HEAD(&auth_tok_list);
1773*4882a593Smuzhiyun /* Parse the header to find as many packets as we can; these will be
1774*4882a593Smuzhiyun * added the our &auth_tok_list */
1775*4882a593Smuzhiyun next_packet_is_auth_tok_packet = 1;
1776*4882a593Smuzhiyun while (next_packet_is_auth_tok_packet) {
1777*4882a593Smuzhiyun size_t max_packet_size = ((PAGE_SIZE - 8) - i);
1778*4882a593Smuzhiyun
1779*4882a593Smuzhiyun switch (src[i]) {
1780*4882a593Smuzhiyun case ECRYPTFS_TAG_3_PACKET_TYPE:
1781*4882a593Smuzhiyun rc = parse_tag_3_packet(crypt_stat,
1782*4882a593Smuzhiyun (unsigned char *)&src[i],
1783*4882a593Smuzhiyun &auth_tok_list, &new_auth_tok,
1784*4882a593Smuzhiyun &packet_size, max_packet_size);
1785*4882a593Smuzhiyun if (rc) {
1786*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error parsing "
1787*4882a593Smuzhiyun "tag 3 packet\n");
1788*4882a593Smuzhiyun rc = -EIO;
1789*4882a593Smuzhiyun goto out_wipe_list;
1790*4882a593Smuzhiyun }
1791*4882a593Smuzhiyun i += packet_size;
1792*4882a593Smuzhiyun rc = parse_tag_11_packet((unsigned char *)&src[i],
1793*4882a593Smuzhiyun sig_tmp_space,
1794*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE,
1795*4882a593Smuzhiyun &tag_11_contents_size,
1796*4882a593Smuzhiyun &tag_11_packet_size,
1797*4882a593Smuzhiyun max_packet_size);
1798*4882a593Smuzhiyun if (rc) {
1799*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "No valid "
1800*4882a593Smuzhiyun "(ecryptfs-specific) literal "
1801*4882a593Smuzhiyun "packet containing "
1802*4882a593Smuzhiyun "authentication token "
1803*4882a593Smuzhiyun "signature found after "
1804*4882a593Smuzhiyun "tag 3 packet\n");
1805*4882a593Smuzhiyun rc = -EIO;
1806*4882a593Smuzhiyun goto out_wipe_list;
1807*4882a593Smuzhiyun }
1808*4882a593Smuzhiyun i += tag_11_packet_size;
1809*4882a593Smuzhiyun if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1810*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Expected "
1811*4882a593Smuzhiyun "signature of size [%d]; "
1812*4882a593Smuzhiyun "read size [%zd]\n",
1813*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE,
1814*4882a593Smuzhiyun tag_11_contents_size);
1815*4882a593Smuzhiyun rc = -EIO;
1816*4882a593Smuzhiyun goto out_wipe_list;
1817*4882a593Smuzhiyun }
1818*4882a593Smuzhiyun ecryptfs_to_hex(new_auth_tok->token.password.signature,
1819*4882a593Smuzhiyun sig_tmp_space, tag_11_contents_size);
1820*4882a593Smuzhiyun new_auth_tok->token.password.signature[
1821*4882a593Smuzhiyun ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1822*4882a593Smuzhiyun crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1823*4882a593Smuzhiyun break;
1824*4882a593Smuzhiyun case ECRYPTFS_TAG_1_PACKET_TYPE:
1825*4882a593Smuzhiyun rc = parse_tag_1_packet(crypt_stat,
1826*4882a593Smuzhiyun (unsigned char *)&src[i],
1827*4882a593Smuzhiyun &auth_tok_list, &new_auth_tok,
1828*4882a593Smuzhiyun &packet_size, max_packet_size);
1829*4882a593Smuzhiyun if (rc) {
1830*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error parsing "
1831*4882a593Smuzhiyun "tag 1 packet\n");
1832*4882a593Smuzhiyun rc = -EIO;
1833*4882a593Smuzhiyun goto out_wipe_list;
1834*4882a593Smuzhiyun }
1835*4882a593Smuzhiyun i += packet_size;
1836*4882a593Smuzhiyun crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1837*4882a593Smuzhiyun break;
1838*4882a593Smuzhiyun case ECRYPTFS_TAG_11_PACKET_TYPE:
1839*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1840*4882a593Smuzhiyun "(Tag 11 not allowed by itself)\n");
1841*4882a593Smuzhiyun rc = -EIO;
1842*4882a593Smuzhiyun goto out_wipe_list;
1843*4882a593Smuzhiyun default:
1844*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1845*4882a593Smuzhiyun "of the file header; hex value of "
1846*4882a593Smuzhiyun "character is [0x%.2x]\n", i, src[i]);
1847*4882a593Smuzhiyun next_packet_is_auth_tok_packet = 0;
1848*4882a593Smuzhiyun }
1849*4882a593Smuzhiyun }
1850*4882a593Smuzhiyun if (list_empty(&auth_tok_list)) {
1851*4882a593Smuzhiyun printk(KERN_ERR "The lower file appears to be a non-encrypted "
1852*4882a593Smuzhiyun "eCryptfs file; this is not supported in this version "
1853*4882a593Smuzhiyun "of the eCryptfs kernel module\n");
1854*4882a593Smuzhiyun rc = -EINVAL;
1855*4882a593Smuzhiyun goto out;
1856*4882a593Smuzhiyun }
1857*4882a593Smuzhiyun /* auth_tok_list contains the set of authentication tokens
1858*4882a593Smuzhiyun * parsed from the metadata. We need to find a matching
1859*4882a593Smuzhiyun * authentication token that has the secret component(s)
1860*4882a593Smuzhiyun * necessary to decrypt the EFEK in the auth_tok parsed from
1861*4882a593Smuzhiyun * the metadata. There may be several potential matches, but
1862*4882a593Smuzhiyun * just one will be sufficient to decrypt to get the FEK. */
1863*4882a593Smuzhiyun find_next_matching_auth_tok:
1864*4882a593Smuzhiyun found_auth_tok = 0;
1865*4882a593Smuzhiyun list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1866*4882a593Smuzhiyun candidate_auth_tok = &auth_tok_list_item->auth_tok;
1867*4882a593Smuzhiyun if (unlikely(ecryptfs_verbosity > 0)) {
1868*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG,
1869*4882a593Smuzhiyun "Considering candidate auth tok:\n");
1870*4882a593Smuzhiyun ecryptfs_dump_auth_tok(candidate_auth_tok);
1871*4882a593Smuzhiyun }
1872*4882a593Smuzhiyun rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1873*4882a593Smuzhiyun candidate_auth_tok);
1874*4882a593Smuzhiyun if (rc) {
1875*4882a593Smuzhiyun printk(KERN_ERR
1876*4882a593Smuzhiyun "Unrecognized candidate auth tok type: [%d]\n",
1877*4882a593Smuzhiyun candidate_auth_tok->token_type);
1878*4882a593Smuzhiyun rc = -EINVAL;
1879*4882a593Smuzhiyun goto out_wipe_list;
1880*4882a593Smuzhiyun }
1881*4882a593Smuzhiyun rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1882*4882a593Smuzhiyun &matching_auth_tok,
1883*4882a593Smuzhiyun crypt_stat->mount_crypt_stat,
1884*4882a593Smuzhiyun candidate_auth_tok_sig);
1885*4882a593Smuzhiyun if (!rc) {
1886*4882a593Smuzhiyun found_auth_tok = 1;
1887*4882a593Smuzhiyun goto found_matching_auth_tok;
1888*4882a593Smuzhiyun }
1889*4882a593Smuzhiyun }
1890*4882a593Smuzhiyun if (!found_auth_tok) {
1891*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Could not find a usable "
1892*4882a593Smuzhiyun "authentication token\n");
1893*4882a593Smuzhiyun rc = -EIO;
1894*4882a593Smuzhiyun goto out_wipe_list;
1895*4882a593Smuzhiyun }
1896*4882a593Smuzhiyun found_matching_auth_tok:
1897*4882a593Smuzhiyun if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1898*4882a593Smuzhiyun memcpy(&(candidate_auth_tok->token.private_key),
1899*4882a593Smuzhiyun &(matching_auth_tok->token.private_key),
1900*4882a593Smuzhiyun sizeof(struct ecryptfs_private_key));
1901*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
1902*4882a593Smuzhiyun key_put(auth_tok_key);
1903*4882a593Smuzhiyun rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1904*4882a593Smuzhiyun crypt_stat);
1905*4882a593Smuzhiyun } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1906*4882a593Smuzhiyun memcpy(&(candidate_auth_tok->token.password),
1907*4882a593Smuzhiyun &(matching_auth_tok->token.password),
1908*4882a593Smuzhiyun sizeof(struct ecryptfs_password));
1909*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
1910*4882a593Smuzhiyun key_put(auth_tok_key);
1911*4882a593Smuzhiyun rc = decrypt_passphrase_encrypted_session_key(
1912*4882a593Smuzhiyun candidate_auth_tok, crypt_stat);
1913*4882a593Smuzhiyun } else {
1914*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
1915*4882a593Smuzhiyun key_put(auth_tok_key);
1916*4882a593Smuzhiyun rc = -EINVAL;
1917*4882a593Smuzhiyun }
1918*4882a593Smuzhiyun if (rc) {
1919*4882a593Smuzhiyun struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1920*4882a593Smuzhiyun
1921*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1922*4882a593Smuzhiyun "session key for authentication token with sig "
1923*4882a593Smuzhiyun "[%.*s]; rc = [%d]. Removing auth tok "
1924*4882a593Smuzhiyun "candidate from the list and searching for "
1925*4882a593Smuzhiyun "the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1926*4882a593Smuzhiyun candidate_auth_tok_sig, rc);
1927*4882a593Smuzhiyun list_for_each_entry_safe(auth_tok_list_item,
1928*4882a593Smuzhiyun auth_tok_list_item_tmp,
1929*4882a593Smuzhiyun &auth_tok_list, list) {
1930*4882a593Smuzhiyun if (candidate_auth_tok
1931*4882a593Smuzhiyun == &auth_tok_list_item->auth_tok) {
1932*4882a593Smuzhiyun list_del(&auth_tok_list_item->list);
1933*4882a593Smuzhiyun kmem_cache_free(
1934*4882a593Smuzhiyun ecryptfs_auth_tok_list_item_cache,
1935*4882a593Smuzhiyun auth_tok_list_item);
1936*4882a593Smuzhiyun goto find_next_matching_auth_tok;
1937*4882a593Smuzhiyun }
1938*4882a593Smuzhiyun }
1939*4882a593Smuzhiyun BUG();
1940*4882a593Smuzhiyun }
1941*4882a593Smuzhiyun rc = ecryptfs_compute_root_iv(crypt_stat);
1942*4882a593Smuzhiyun if (rc) {
1943*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error computing "
1944*4882a593Smuzhiyun "the root IV\n");
1945*4882a593Smuzhiyun goto out_wipe_list;
1946*4882a593Smuzhiyun }
1947*4882a593Smuzhiyun rc = ecryptfs_init_crypt_ctx(crypt_stat);
1948*4882a593Smuzhiyun if (rc) {
1949*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1950*4882a593Smuzhiyun "context for cipher [%s]; rc = [%d]\n",
1951*4882a593Smuzhiyun crypt_stat->cipher, rc);
1952*4882a593Smuzhiyun }
1953*4882a593Smuzhiyun out_wipe_list:
1954*4882a593Smuzhiyun wipe_auth_tok_list(&auth_tok_list);
1955*4882a593Smuzhiyun out:
1956*4882a593Smuzhiyun return rc;
1957*4882a593Smuzhiyun }
1958*4882a593Smuzhiyun
1959*4882a593Smuzhiyun static int
pki_encrypt_session_key(struct key * auth_tok_key,struct ecryptfs_auth_tok * auth_tok,struct ecryptfs_crypt_stat * crypt_stat,struct ecryptfs_key_record * key_rec)1960*4882a593Smuzhiyun pki_encrypt_session_key(struct key *auth_tok_key,
1961*4882a593Smuzhiyun struct ecryptfs_auth_tok *auth_tok,
1962*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat,
1963*4882a593Smuzhiyun struct ecryptfs_key_record *key_rec)
1964*4882a593Smuzhiyun {
1965*4882a593Smuzhiyun struct ecryptfs_msg_ctx *msg_ctx = NULL;
1966*4882a593Smuzhiyun char *payload = NULL;
1967*4882a593Smuzhiyun size_t payload_len = 0;
1968*4882a593Smuzhiyun struct ecryptfs_message *msg;
1969*4882a593Smuzhiyun int rc;
1970*4882a593Smuzhiyun
1971*4882a593Smuzhiyun rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1972*4882a593Smuzhiyun ecryptfs_code_for_cipher_string(
1973*4882a593Smuzhiyun crypt_stat->cipher,
1974*4882a593Smuzhiyun crypt_stat->key_size),
1975*4882a593Smuzhiyun crypt_stat, &payload, &payload_len);
1976*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
1977*4882a593Smuzhiyun key_put(auth_tok_key);
1978*4882a593Smuzhiyun if (rc) {
1979*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1980*4882a593Smuzhiyun goto out;
1981*4882a593Smuzhiyun }
1982*4882a593Smuzhiyun rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1983*4882a593Smuzhiyun if (rc) {
1984*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error sending message to "
1985*4882a593Smuzhiyun "ecryptfsd: %d\n", rc);
1986*4882a593Smuzhiyun goto out;
1987*4882a593Smuzhiyun }
1988*4882a593Smuzhiyun rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1989*4882a593Smuzhiyun if (rc) {
1990*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1991*4882a593Smuzhiyun "from the user space daemon\n");
1992*4882a593Smuzhiyun rc = -EIO;
1993*4882a593Smuzhiyun goto out;
1994*4882a593Smuzhiyun }
1995*4882a593Smuzhiyun rc = parse_tag_67_packet(key_rec, msg);
1996*4882a593Smuzhiyun if (rc)
1997*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1998*4882a593Smuzhiyun kfree(msg);
1999*4882a593Smuzhiyun out:
2000*4882a593Smuzhiyun kfree(payload);
2001*4882a593Smuzhiyun return rc;
2002*4882a593Smuzhiyun }
2003*4882a593Smuzhiyun /**
2004*4882a593Smuzhiyun * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
2005*4882a593Smuzhiyun * @dest: Buffer into which to write the packet
2006*4882a593Smuzhiyun * @remaining_bytes: Maximum number of bytes that can be writtn
2007*4882a593Smuzhiyun * @auth_tok_key: The authentication token key to unlock and put when done with
2008*4882a593Smuzhiyun * @auth_tok
2009*4882a593Smuzhiyun * @auth_tok: The authentication token used for generating the tag 1 packet
2010*4882a593Smuzhiyun * @crypt_stat: The cryptographic context
2011*4882a593Smuzhiyun * @key_rec: The key record struct for the tag 1 packet
2012*4882a593Smuzhiyun * @packet_size: This function will write the number of bytes that end
2013*4882a593Smuzhiyun * up constituting the packet; set to zero on error
2014*4882a593Smuzhiyun *
2015*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
2016*4882a593Smuzhiyun */
2017*4882a593Smuzhiyun static int
write_tag_1_packet(char * dest,size_t * remaining_bytes,struct key * auth_tok_key,struct ecryptfs_auth_tok * auth_tok,struct ecryptfs_crypt_stat * crypt_stat,struct ecryptfs_key_record * key_rec,size_t * packet_size)2018*4882a593Smuzhiyun write_tag_1_packet(char *dest, size_t *remaining_bytes,
2019*4882a593Smuzhiyun struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok,
2020*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat,
2021*4882a593Smuzhiyun struct ecryptfs_key_record *key_rec, size_t *packet_size)
2022*4882a593Smuzhiyun {
2023*4882a593Smuzhiyun size_t i;
2024*4882a593Smuzhiyun size_t encrypted_session_key_valid = 0;
2025*4882a593Smuzhiyun size_t packet_size_length;
2026*4882a593Smuzhiyun size_t max_packet_size;
2027*4882a593Smuzhiyun int rc = 0;
2028*4882a593Smuzhiyun
2029*4882a593Smuzhiyun (*packet_size) = 0;
2030*4882a593Smuzhiyun ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2031*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE);
2032*4882a593Smuzhiyun encrypted_session_key_valid = 0;
2033*4882a593Smuzhiyun for (i = 0; i < crypt_stat->key_size; i++)
2034*4882a593Smuzhiyun encrypted_session_key_valid |=
2035*4882a593Smuzhiyun auth_tok->session_key.encrypted_key[i];
2036*4882a593Smuzhiyun if (encrypted_session_key_valid) {
2037*4882a593Smuzhiyun memcpy(key_rec->enc_key,
2038*4882a593Smuzhiyun auth_tok->session_key.encrypted_key,
2039*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size);
2040*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
2041*4882a593Smuzhiyun key_put(auth_tok_key);
2042*4882a593Smuzhiyun goto encrypted_session_key_set;
2043*4882a593Smuzhiyun }
2044*4882a593Smuzhiyun if (auth_tok->session_key.encrypted_key_size == 0)
2045*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size =
2046*4882a593Smuzhiyun auth_tok->token.private_key.key_size;
2047*4882a593Smuzhiyun rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat,
2048*4882a593Smuzhiyun key_rec);
2049*4882a593Smuzhiyun if (rc) {
2050*4882a593Smuzhiyun printk(KERN_ERR "Failed to encrypt session key via a key "
2051*4882a593Smuzhiyun "module; rc = [%d]\n", rc);
2052*4882a593Smuzhiyun goto out;
2053*4882a593Smuzhiyun }
2054*4882a593Smuzhiyun if (ecryptfs_verbosity > 0) {
2055*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
2056*4882a593Smuzhiyun ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
2057*4882a593Smuzhiyun }
2058*4882a593Smuzhiyun encrypted_session_key_set:
2059*4882a593Smuzhiyun /* This format is inspired by OpenPGP; see RFC 2440
2060*4882a593Smuzhiyun * packet tag 1 */
2061*4882a593Smuzhiyun max_packet_size = (1 /* Tag 1 identifier */
2062*4882a593Smuzhiyun + 3 /* Max Tag 1 packet size */
2063*4882a593Smuzhiyun + 1 /* Version */
2064*4882a593Smuzhiyun + ECRYPTFS_SIG_SIZE /* Key identifier */
2065*4882a593Smuzhiyun + 1 /* Cipher identifier */
2066*4882a593Smuzhiyun + key_rec->enc_key_size); /* Encrypted key size */
2067*4882a593Smuzhiyun if (max_packet_size > (*remaining_bytes)) {
2068*4882a593Smuzhiyun printk(KERN_ERR "Packet length larger than maximum allowable; "
2069*4882a593Smuzhiyun "need up to [%td] bytes, but there are only [%td] "
2070*4882a593Smuzhiyun "available\n", max_packet_size, (*remaining_bytes));
2071*4882a593Smuzhiyun rc = -EINVAL;
2072*4882a593Smuzhiyun goto out;
2073*4882a593Smuzhiyun }
2074*4882a593Smuzhiyun dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2075*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2076*4882a593Smuzhiyun (max_packet_size - 4),
2077*4882a593Smuzhiyun &packet_size_length);
2078*4882a593Smuzhiyun if (rc) {
2079*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2080*4882a593Smuzhiyun "header; cannot generate packet length\n");
2081*4882a593Smuzhiyun goto out;
2082*4882a593Smuzhiyun }
2083*4882a593Smuzhiyun (*packet_size) += packet_size_length;
2084*4882a593Smuzhiyun dest[(*packet_size)++] = 0x03; /* version 3 */
2085*4882a593Smuzhiyun memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2086*4882a593Smuzhiyun (*packet_size) += ECRYPTFS_SIG_SIZE;
2087*4882a593Smuzhiyun dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2088*4882a593Smuzhiyun memcpy(&dest[(*packet_size)], key_rec->enc_key,
2089*4882a593Smuzhiyun key_rec->enc_key_size);
2090*4882a593Smuzhiyun (*packet_size) += key_rec->enc_key_size;
2091*4882a593Smuzhiyun out:
2092*4882a593Smuzhiyun if (rc)
2093*4882a593Smuzhiyun (*packet_size) = 0;
2094*4882a593Smuzhiyun else
2095*4882a593Smuzhiyun (*remaining_bytes) -= (*packet_size);
2096*4882a593Smuzhiyun return rc;
2097*4882a593Smuzhiyun }
2098*4882a593Smuzhiyun
2099*4882a593Smuzhiyun /**
2100*4882a593Smuzhiyun * write_tag_11_packet
2101*4882a593Smuzhiyun * @dest: Target into which Tag 11 packet is to be written
2102*4882a593Smuzhiyun * @remaining_bytes: Maximum packet length
2103*4882a593Smuzhiyun * @contents: Byte array of contents to copy in
2104*4882a593Smuzhiyun * @contents_length: Number of bytes in contents
2105*4882a593Smuzhiyun * @packet_length: Length of the Tag 11 packet written; zero on error
2106*4882a593Smuzhiyun *
2107*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
2108*4882a593Smuzhiyun */
2109*4882a593Smuzhiyun static int
write_tag_11_packet(char * dest,size_t * remaining_bytes,char * contents,size_t contents_length,size_t * packet_length)2110*4882a593Smuzhiyun write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2111*4882a593Smuzhiyun size_t contents_length, size_t *packet_length)
2112*4882a593Smuzhiyun {
2113*4882a593Smuzhiyun size_t packet_size_length;
2114*4882a593Smuzhiyun size_t max_packet_size;
2115*4882a593Smuzhiyun int rc = 0;
2116*4882a593Smuzhiyun
2117*4882a593Smuzhiyun (*packet_length) = 0;
2118*4882a593Smuzhiyun /* This format is inspired by OpenPGP; see RFC 2440
2119*4882a593Smuzhiyun * packet tag 11 */
2120*4882a593Smuzhiyun max_packet_size = (1 /* Tag 11 identifier */
2121*4882a593Smuzhiyun + 3 /* Max Tag 11 packet size */
2122*4882a593Smuzhiyun + 1 /* Binary format specifier */
2123*4882a593Smuzhiyun + 1 /* Filename length */
2124*4882a593Smuzhiyun + 8 /* Filename ("_CONSOLE") */
2125*4882a593Smuzhiyun + 4 /* Modification date */
2126*4882a593Smuzhiyun + contents_length); /* Literal data */
2127*4882a593Smuzhiyun if (max_packet_size > (*remaining_bytes)) {
2128*4882a593Smuzhiyun printk(KERN_ERR "Packet length larger than maximum allowable; "
2129*4882a593Smuzhiyun "need up to [%td] bytes, but there are only [%td] "
2130*4882a593Smuzhiyun "available\n", max_packet_size, (*remaining_bytes));
2131*4882a593Smuzhiyun rc = -EINVAL;
2132*4882a593Smuzhiyun goto out;
2133*4882a593Smuzhiyun }
2134*4882a593Smuzhiyun dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2135*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2136*4882a593Smuzhiyun (max_packet_size - 4),
2137*4882a593Smuzhiyun &packet_size_length);
2138*4882a593Smuzhiyun if (rc) {
2139*4882a593Smuzhiyun printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2140*4882a593Smuzhiyun "generate packet length. rc = [%d]\n", rc);
2141*4882a593Smuzhiyun goto out;
2142*4882a593Smuzhiyun }
2143*4882a593Smuzhiyun (*packet_length) += packet_size_length;
2144*4882a593Smuzhiyun dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2145*4882a593Smuzhiyun dest[(*packet_length)++] = 8;
2146*4882a593Smuzhiyun memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2147*4882a593Smuzhiyun (*packet_length) += 8;
2148*4882a593Smuzhiyun memset(&dest[(*packet_length)], 0x00, 4);
2149*4882a593Smuzhiyun (*packet_length) += 4;
2150*4882a593Smuzhiyun memcpy(&dest[(*packet_length)], contents, contents_length);
2151*4882a593Smuzhiyun (*packet_length) += contents_length;
2152*4882a593Smuzhiyun out:
2153*4882a593Smuzhiyun if (rc)
2154*4882a593Smuzhiyun (*packet_length) = 0;
2155*4882a593Smuzhiyun else
2156*4882a593Smuzhiyun (*remaining_bytes) -= (*packet_length);
2157*4882a593Smuzhiyun return rc;
2158*4882a593Smuzhiyun }
2159*4882a593Smuzhiyun
2160*4882a593Smuzhiyun /**
2161*4882a593Smuzhiyun * write_tag_3_packet
2162*4882a593Smuzhiyun * @dest: Buffer into which to write the packet
2163*4882a593Smuzhiyun * @remaining_bytes: Maximum number of bytes that can be written
2164*4882a593Smuzhiyun * @auth_tok: Authentication token
2165*4882a593Smuzhiyun * @crypt_stat: The cryptographic context
2166*4882a593Smuzhiyun * @key_rec: encrypted key
2167*4882a593Smuzhiyun * @packet_size: This function will write the number of bytes that end
2168*4882a593Smuzhiyun * up constituting the packet; set to zero on error
2169*4882a593Smuzhiyun *
2170*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
2171*4882a593Smuzhiyun */
2172*4882a593Smuzhiyun static int
write_tag_3_packet(char * dest,size_t * remaining_bytes,struct ecryptfs_auth_tok * auth_tok,struct ecryptfs_crypt_stat * crypt_stat,struct ecryptfs_key_record * key_rec,size_t * packet_size)2173*4882a593Smuzhiyun write_tag_3_packet(char *dest, size_t *remaining_bytes,
2174*4882a593Smuzhiyun struct ecryptfs_auth_tok *auth_tok,
2175*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat,
2176*4882a593Smuzhiyun struct ecryptfs_key_record *key_rec, size_t *packet_size)
2177*4882a593Smuzhiyun {
2178*4882a593Smuzhiyun size_t i;
2179*4882a593Smuzhiyun size_t encrypted_session_key_valid = 0;
2180*4882a593Smuzhiyun char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2181*4882a593Smuzhiyun struct scatterlist dst_sg[2];
2182*4882a593Smuzhiyun struct scatterlist src_sg[2];
2183*4882a593Smuzhiyun struct mutex *tfm_mutex = NULL;
2184*4882a593Smuzhiyun u8 cipher_code;
2185*4882a593Smuzhiyun size_t packet_size_length;
2186*4882a593Smuzhiyun size_t max_packet_size;
2187*4882a593Smuzhiyun struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2188*4882a593Smuzhiyun crypt_stat->mount_crypt_stat;
2189*4882a593Smuzhiyun struct crypto_skcipher *tfm;
2190*4882a593Smuzhiyun struct skcipher_request *req;
2191*4882a593Smuzhiyun int rc = 0;
2192*4882a593Smuzhiyun
2193*4882a593Smuzhiyun (*packet_size) = 0;
2194*4882a593Smuzhiyun ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2195*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE);
2196*4882a593Smuzhiyun rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2197*4882a593Smuzhiyun crypt_stat->cipher);
2198*4882a593Smuzhiyun if (unlikely(rc)) {
2199*4882a593Smuzhiyun printk(KERN_ERR "Internal error whilst attempting to get "
2200*4882a593Smuzhiyun "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2201*4882a593Smuzhiyun crypt_stat->cipher, rc);
2202*4882a593Smuzhiyun goto out;
2203*4882a593Smuzhiyun }
2204*4882a593Smuzhiyun if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2205*4882a593Smuzhiyun printk(KERN_WARNING "No key size specified at mount; "
2206*4882a593Smuzhiyun "defaulting to [%d]\n",
2207*4882a593Smuzhiyun crypto_skcipher_max_keysize(tfm));
2208*4882a593Smuzhiyun mount_crypt_stat->global_default_cipher_key_size =
2209*4882a593Smuzhiyun crypto_skcipher_max_keysize(tfm);
2210*4882a593Smuzhiyun }
2211*4882a593Smuzhiyun if (crypt_stat->key_size == 0)
2212*4882a593Smuzhiyun crypt_stat->key_size =
2213*4882a593Smuzhiyun mount_crypt_stat->global_default_cipher_key_size;
2214*4882a593Smuzhiyun if (auth_tok->session_key.encrypted_key_size == 0)
2215*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size =
2216*4882a593Smuzhiyun crypt_stat->key_size;
2217*4882a593Smuzhiyun if (crypt_stat->key_size == 24
2218*4882a593Smuzhiyun && strcmp("aes", crypt_stat->cipher) == 0) {
2219*4882a593Smuzhiyun memset((crypt_stat->key + 24), 0, 8);
2220*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size = 32;
2221*4882a593Smuzhiyun } else
2222*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2223*4882a593Smuzhiyun key_rec->enc_key_size =
2224*4882a593Smuzhiyun auth_tok->session_key.encrypted_key_size;
2225*4882a593Smuzhiyun encrypted_session_key_valid = 0;
2226*4882a593Smuzhiyun for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2227*4882a593Smuzhiyun encrypted_session_key_valid |=
2228*4882a593Smuzhiyun auth_tok->session_key.encrypted_key[i];
2229*4882a593Smuzhiyun if (encrypted_session_key_valid) {
2230*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2231*4882a593Smuzhiyun "using auth_tok->session_key.encrypted_key, "
2232*4882a593Smuzhiyun "where key_rec->enc_key_size = [%zd]\n",
2233*4882a593Smuzhiyun key_rec->enc_key_size);
2234*4882a593Smuzhiyun memcpy(key_rec->enc_key,
2235*4882a593Smuzhiyun auth_tok->session_key.encrypted_key,
2236*4882a593Smuzhiyun key_rec->enc_key_size);
2237*4882a593Smuzhiyun goto encrypted_session_key_set;
2238*4882a593Smuzhiyun }
2239*4882a593Smuzhiyun if (auth_tok->token.password.flags &
2240*4882a593Smuzhiyun ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2241*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2242*4882a593Smuzhiyun "session key encryption key of size [%d]\n",
2243*4882a593Smuzhiyun auth_tok->token.password.
2244*4882a593Smuzhiyun session_key_encryption_key_bytes);
2245*4882a593Smuzhiyun memcpy(session_key_encryption_key,
2246*4882a593Smuzhiyun auth_tok->token.password.session_key_encryption_key,
2247*4882a593Smuzhiyun crypt_stat->key_size);
2248*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG,
2249*4882a593Smuzhiyun "Cached session key encryption key:\n");
2250*4882a593Smuzhiyun if (ecryptfs_verbosity > 0)
2251*4882a593Smuzhiyun ecryptfs_dump_hex(session_key_encryption_key, 16);
2252*4882a593Smuzhiyun }
2253*4882a593Smuzhiyun if (unlikely(ecryptfs_verbosity > 0)) {
2254*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2255*4882a593Smuzhiyun ecryptfs_dump_hex(session_key_encryption_key, 16);
2256*4882a593Smuzhiyun }
2257*4882a593Smuzhiyun rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2258*4882a593Smuzhiyun src_sg, 2);
2259*4882a593Smuzhiyun if (rc < 1 || rc > 2) {
2260*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2261*4882a593Smuzhiyun "for crypt_stat session key; expected rc = 1; "
2262*4882a593Smuzhiyun "got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2263*4882a593Smuzhiyun rc, key_rec->enc_key_size);
2264*4882a593Smuzhiyun rc = -ENOMEM;
2265*4882a593Smuzhiyun goto out;
2266*4882a593Smuzhiyun }
2267*4882a593Smuzhiyun rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2268*4882a593Smuzhiyun dst_sg, 2);
2269*4882a593Smuzhiyun if (rc < 1 || rc > 2) {
2270*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2271*4882a593Smuzhiyun "for crypt_stat encrypted session key; "
2272*4882a593Smuzhiyun "expected rc = 1; got rc = [%d]. "
2273*4882a593Smuzhiyun "key_rec->enc_key_size = [%zd]\n", rc,
2274*4882a593Smuzhiyun key_rec->enc_key_size);
2275*4882a593Smuzhiyun rc = -ENOMEM;
2276*4882a593Smuzhiyun goto out;
2277*4882a593Smuzhiyun }
2278*4882a593Smuzhiyun mutex_lock(tfm_mutex);
2279*4882a593Smuzhiyun rc = crypto_skcipher_setkey(tfm, session_key_encryption_key,
2280*4882a593Smuzhiyun crypt_stat->key_size);
2281*4882a593Smuzhiyun if (rc < 0) {
2282*4882a593Smuzhiyun mutex_unlock(tfm_mutex);
2283*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2284*4882a593Smuzhiyun "context; rc = [%d]\n", rc);
2285*4882a593Smuzhiyun goto out;
2286*4882a593Smuzhiyun }
2287*4882a593Smuzhiyun
2288*4882a593Smuzhiyun req = skcipher_request_alloc(tfm, GFP_KERNEL);
2289*4882a593Smuzhiyun if (!req) {
2290*4882a593Smuzhiyun mutex_unlock(tfm_mutex);
2291*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst "
2292*4882a593Smuzhiyun "attempting to skcipher_request_alloc for "
2293*4882a593Smuzhiyun "%s\n", crypto_skcipher_driver_name(tfm));
2294*4882a593Smuzhiyun rc = -ENOMEM;
2295*4882a593Smuzhiyun goto out;
2296*4882a593Smuzhiyun }
2297*4882a593Smuzhiyun
2298*4882a593Smuzhiyun skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
2299*4882a593Smuzhiyun NULL, NULL);
2300*4882a593Smuzhiyun
2301*4882a593Smuzhiyun rc = 0;
2302*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2303*4882a593Smuzhiyun crypt_stat->key_size);
2304*4882a593Smuzhiyun skcipher_request_set_crypt(req, src_sg, dst_sg,
2305*4882a593Smuzhiyun (*key_rec).enc_key_size, NULL);
2306*4882a593Smuzhiyun rc = crypto_skcipher_encrypt(req);
2307*4882a593Smuzhiyun mutex_unlock(tfm_mutex);
2308*4882a593Smuzhiyun skcipher_request_free(req);
2309*4882a593Smuzhiyun if (rc) {
2310*4882a593Smuzhiyun printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2311*4882a593Smuzhiyun goto out;
2312*4882a593Smuzhiyun }
2313*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2314*4882a593Smuzhiyun if (ecryptfs_verbosity > 0) {
2315*4882a593Smuzhiyun ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2316*4882a593Smuzhiyun key_rec->enc_key_size);
2317*4882a593Smuzhiyun ecryptfs_dump_hex(key_rec->enc_key,
2318*4882a593Smuzhiyun key_rec->enc_key_size);
2319*4882a593Smuzhiyun }
2320*4882a593Smuzhiyun encrypted_session_key_set:
2321*4882a593Smuzhiyun /* This format is inspired by OpenPGP; see RFC 2440
2322*4882a593Smuzhiyun * packet tag 3 */
2323*4882a593Smuzhiyun max_packet_size = (1 /* Tag 3 identifier */
2324*4882a593Smuzhiyun + 3 /* Max Tag 3 packet size */
2325*4882a593Smuzhiyun + 1 /* Version */
2326*4882a593Smuzhiyun + 1 /* Cipher code */
2327*4882a593Smuzhiyun + 1 /* S2K specifier */
2328*4882a593Smuzhiyun + 1 /* Hash identifier */
2329*4882a593Smuzhiyun + ECRYPTFS_SALT_SIZE /* Salt */
2330*4882a593Smuzhiyun + 1 /* Hash iterations */
2331*4882a593Smuzhiyun + key_rec->enc_key_size); /* Encrypted key size */
2332*4882a593Smuzhiyun if (max_packet_size > (*remaining_bytes)) {
2333*4882a593Smuzhiyun printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2334*4882a593Smuzhiyun "there are only [%td] available\n", max_packet_size,
2335*4882a593Smuzhiyun (*remaining_bytes));
2336*4882a593Smuzhiyun rc = -EINVAL;
2337*4882a593Smuzhiyun goto out;
2338*4882a593Smuzhiyun }
2339*4882a593Smuzhiyun dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2340*4882a593Smuzhiyun /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2341*4882a593Smuzhiyun * to get the number of octets in the actual Tag 3 packet */
2342*4882a593Smuzhiyun rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2343*4882a593Smuzhiyun (max_packet_size - 4),
2344*4882a593Smuzhiyun &packet_size_length);
2345*4882a593Smuzhiyun if (rc) {
2346*4882a593Smuzhiyun printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2347*4882a593Smuzhiyun "generate packet length. rc = [%d]\n", rc);
2348*4882a593Smuzhiyun goto out;
2349*4882a593Smuzhiyun }
2350*4882a593Smuzhiyun (*packet_size) += packet_size_length;
2351*4882a593Smuzhiyun dest[(*packet_size)++] = 0x04; /* version 4 */
2352*4882a593Smuzhiyun /* TODO: Break from RFC2440 so that arbitrary ciphers can be
2353*4882a593Smuzhiyun * specified with strings */
2354*4882a593Smuzhiyun cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2355*4882a593Smuzhiyun crypt_stat->key_size);
2356*4882a593Smuzhiyun if (cipher_code == 0) {
2357*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2358*4882a593Smuzhiyun "cipher [%s]\n", crypt_stat->cipher);
2359*4882a593Smuzhiyun rc = -EINVAL;
2360*4882a593Smuzhiyun goto out;
2361*4882a593Smuzhiyun }
2362*4882a593Smuzhiyun dest[(*packet_size)++] = cipher_code;
2363*4882a593Smuzhiyun dest[(*packet_size)++] = 0x03; /* S2K */
2364*4882a593Smuzhiyun dest[(*packet_size)++] = 0x01; /* MD5 (TODO: parameterize) */
2365*4882a593Smuzhiyun memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2366*4882a593Smuzhiyun ECRYPTFS_SALT_SIZE);
2367*4882a593Smuzhiyun (*packet_size) += ECRYPTFS_SALT_SIZE; /* salt */
2368*4882a593Smuzhiyun dest[(*packet_size)++] = 0x60; /* hash iterations (65536) */
2369*4882a593Smuzhiyun memcpy(&dest[(*packet_size)], key_rec->enc_key,
2370*4882a593Smuzhiyun key_rec->enc_key_size);
2371*4882a593Smuzhiyun (*packet_size) += key_rec->enc_key_size;
2372*4882a593Smuzhiyun out:
2373*4882a593Smuzhiyun if (rc)
2374*4882a593Smuzhiyun (*packet_size) = 0;
2375*4882a593Smuzhiyun else
2376*4882a593Smuzhiyun (*remaining_bytes) -= (*packet_size);
2377*4882a593Smuzhiyun return rc;
2378*4882a593Smuzhiyun }
2379*4882a593Smuzhiyun
2380*4882a593Smuzhiyun struct kmem_cache *ecryptfs_key_record_cache;
2381*4882a593Smuzhiyun
2382*4882a593Smuzhiyun /**
2383*4882a593Smuzhiyun * ecryptfs_generate_key_packet_set
2384*4882a593Smuzhiyun * @dest_base: Virtual address from which to write the key record set
2385*4882a593Smuzhiyun * @crypt_stat: The cryptographic context from which the
2386*4882a593Smuzhiyun * authentication tokens will be retrieved
2387*4882a593Smuzhiyun * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2388*4882a593Smuzhiyun * for the global parameters
2389*4882a593Smuzhiyun * @len: The amount written
2390*4882a593Smuzhiyun * @max: The maximum amount of data allowed to be written
2391*4882a593Smuzhiyun *
2392*4882a593Smuzhiyun * Generates a key packet set and writes it to the virtual address
2393*4882a593Smuzhiyun * passed in.
2394*4882a593Smuzhiyun *
2395*4882a593Smuzhiyun * Returns zero on success; non-zero on error.
2396*4882a593Smuzhiyun */
2397*4882a593Smuzhiyun int
ecryptfs_generate_key_packet_set(char * dest_base,struct ecryptfs_crypt_stat * crypt_stat,struct dentry * ecryptfs_dentry,size_t * len,size_t max)2398*4882a593Smuzhiyun ecryptfs_generate_key_packet_set(char *dest_base,
2399*4882a593Smuzhiyun struct ecryptfs_crypt_stat *crypt_stat,
2400*4882a593Smuzhiyun struct dentry *ecryptfs_dentry, size_t *len,
2401*4882a593Smuzhiyun size_t max)
2402*4882a593Smuzhiyun {
2403*4882a593Smuzhiyun struct ecryptfs_auth_tok *auth_tok;
2404*4882a593Smuzhiyun struct key *auth_tok_key = NULL;
2405*4882a593Smuzhiyun struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2406*4882a593Smuzhiyun &ecryptfs_superblock_to_private(
2407*4882a593Smuzhiyun ecryptfs_dentry->d_sb)->mount_crypt_stat;
2408*4882a593Smuzhiyun size_t written;
2409*4882a593Smuzhiyun struct ecryptfs_key_record *key_rec;
2410*4882a593Smuzhiyun struct ecryptfs_key_sig *key_sig;
2411*4882a593Smuzhiyun int rc = 0;
2412*4882a593Smuzhiyun
2413*4882a593Smuzhiyun (*len) = 0;
2414*4882a593Smuzhiyun mutex_lock(&crypt_stat->keysig_list_mutex);
2415*4882a593Smuzhiyun key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2416*4882a593Smuzhiyun if (!key_rec) {
2417*4882a593Smuzhiyun rc = -ENOMEM;
2418*4882a593Smuzhiyun goto out;
2419*4882a593Smuzhiyun }
2420*4882a593Smuzhiyun list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2421*4882a593Smuzhiyun crypt_stat_list) {
2422*4882a593Smuzhiyun memset(key_rec, 0, sizeof(*key_rec));
2423*4882a593Smuzhiyun rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
2424*4882a593Smuzhiyun &auth_tok,
2425*4882a593Smuzhiyun mount_crypt_stat,
2426*4882a593Smuzhiyun key_sig->keysig);
2427*4882a593Smuzhiyun if (rc) {
2428*4882a593Smuzhiyun printk(KERN_WARNING "Unable to retrieve auth tok with "
2429*4882a593Smuzhiyun "sig = [%s]\n", key_sig->keysig);
2430*4882a593Smuzhiyun rc = process_find_global_auth_tok_for_sig_err(rc);
2431*4882a593Smuzhiyun goto out_free;
2432*4882a593Smuzhiyun }
2433*4882a593Smuzhiyun if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2434*4882a593Smuzhiyun rc = write_tag_3_packet((dest_base + (*len)),
2435*4882a593Smuzhiyun &max, auth_tok,
2436*4882a593Smuzhiyun crypt_stat, key_rec,
2437*4882a593Smuzhiyun &written);
2438*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
2439*4882a593Smuzhiyun key_put(auth_tok_key);
2440*4882a593Smuzhiyun if (rc) {
2441*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Error "
2442*4882a593Smuzhiyun "writing tag 3 packet\n");
2443*4882a593Smuzhiyun goto out_free;
2444*4882a593Smuzhiyun }
2445*4882a593Smuzhiyun (*len) += written;
2446*4882a593Smuzhiyun /* Write auth tok signature packet */
2447*4882a593Smuzhiyun rc = write_tag_11_packet((dest_base + (*len)), &max,
2448*4882a593Smuzhiyun key_rec->sig,
2449*4882a593Smuzhiyun ECRYPTFS_SIG_SIZE, &written);
2450*4882a593Smuzhiyun if (rc) {
2451*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error writing "
2452*4882a593Smuzhiyun "auth tok signature packet\n");
2453*4882a593Smuzhiyun goto out_free;
2454*4882a593Smuzhiyun }
2455*4882a593Smuzhiyun (*len) += written;
2456*4882a593Smuzhiyun } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2457*4882a593Smuzhiyun rc = write_tag_1_packet(dest_base + (*len), &max,
2458*4882a593Smuzhiyun auth_tok_key, auth_tok,
2459*4882a593Smuzhiyun crypt_stat, key_rec, &written);
2460*4882a593Smuzhiyun if (rc) {
2461*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Error "
2462*4882a593Smuzhiyun "writing tag 1 packet\n");
2463*4882a593Smuzhiyun goto out_free;
2464*4882a593Smuzhiyun }
2465*4882a593Smuzhiyun (*len) += written;
2466*4882a593Smuzhiyun } else {
2467*4882a593Smuzhiyun up_write(&(auth_tok_key->sem));
2468*4882a593Smuzhiyun key_put(auth_tok_key);
2469*4882a593Smuzhiyun ecryptfs_printk(KERN_WARNING, "Unsupported "
2470*4882a593Smuzhiyun "authentication token type\n");
2471*4882a593Smuzhiyun rc = -EINVAL;
2472*4882a593Smuzhiyun goto out_free;
2473*4882a593Smuzhiyun }
2474*4882a593Smuzhiyun }
2475*4882a593Smuzhiyun if (likely(max > 0)) {
2476*4882a593Smuzhiyun dest_base[(*len)] = 0x00;
2477*4882a593Smuzhiyun } else {
2478*4882a593Smuzhiyun ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2479*4882a593Smuzhiyun rc = -EIO;
2480*4882a593Smuzhiyun }
2481*4882a593Smuzhiyun out_free:
2482*4882a593Smuzhiyun kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2483*4882a593Smuzhiyun out:
2484*4882a593Smuzhiyun if (rc)
2485*4882a593Smuzhiyun (*len) = 0;
2486*4882a593Smuzhiyun mutex_unlock(&crypt_stat->keysig_list_mutex);
2487*4882a593Smuzhiyun return rc;
2488*4882a593Smuzhiyun }
2489*4882a593Smuzhiyun
2490*4882a593Smuzhiyun struct kmem_cache *ecryptfs_key_sig_cache;
2491*4882a593Smuzhiyun
ecryptfs_add_keysig(struct ecryptfs_crypt_stat * crypt_stat,char * sig)2492*4882a593Smuzhiyun int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2493*4882a593Smuzhiyun {
2494*4882a593Smuzhiyun struct ecryptfs_key_sig *new_key_sig;
2495*4882a593Smuzhiyun
2496*4882a593Smuzhiyun new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2497*4882a593Smuzhiyun if (!new_key_sig)
2498*4882a593Smuzhiyun return -ENOMEM;
2499*4882a593Smuzhiyun
2500*4882a593Smuzhiyun memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2501*4882a593Smuzhiyun new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2502*4882a593Smuzhiyun /* Caller must hold keysig_list_mutex */
2503*4882a593Smuzhiyun list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2504*4882a593Smuzhiyun
2505*4882a593Smuzhiyun return 0;
2506*4882a593Smuzhiyun }
2507*4882a593Smuzhiyun
2508*4882a593Smuzhiyun struct kmem_cache *ecryptfs_global_auth_tok_cache;
2509*4882a593Smuzhiyun
2510*4882a593Smuzhiyun int
ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat * mount_crypt_stat,char * sig,u32 global_auth_tok_flags)2511*4882a593Smuzhiyun ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2512*4882a593Smuzhiyun char *sig, u32 global_auth_tok_flags)
2513*4882a593Smuzhiyun {
2514*4882a593Smuzhiyun struct ecryptfs_global_auth_tok *new_auth_tok;
2515*4882a593Smuzhiyun
2516*4882a593Smuzhiyun new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2517*4882a593Smuzhiyun GFP_KERNEL);
2518*4882a593Smuzhiyun if (!new_auth_tok)
2519*4882a593Smuzhiyun return -ENOMEM;
2520*4882a593Smuzhiyun
2521*4882a593Smuzhiyun memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2522*4882a593Smuzhiyun new_auth_tok->flags = global_auth_tok_flags;
2523*4882a593Smuzhiyun new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2524*4882a593Smuzhiyun mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2525*4882a593Smuzhiyun list_add(&new_auth_tok->mount_crypt_stat_list,
2526*4882a593Smuzhiyun &mount_crypt_stat->global_auth_tok_list);
2527*4882a593Smuzhiyun mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2528*4882a593Smuzhiyun return 0;
2529*4882a593Smuzhiyun }
2530*4882a593Smuzhiyun
2531