2006-10-04 13:16:22 +04:00
|
|
|
/**
|
|
|
|
* eCryptfs: Linux filesystem encryption layer
|
|
|
|
*
|
|
|
|
* Copyright (C) 1997-2004 Erez Zadok
|
|
|
|
* Copyright (C) 2001-2004 Stony Brook University
|
2007-02-12 11:53:46 +03:00
|
|
|
* Copyright (C) 2004-2007 International Business Machines Corp.
|
2006-10-04 13:16:22 +04:00
|
|
|
* Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
|
|
|
|
* Michael C. Thompson <mcthomps@us.ibm.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License as
|
|
|
|
* published by the Free Software Foundation; either version 2 of the
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
|
|
* 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/mount.h>
|
|
|
|
#include <linux/pagemap.h>
|
|
|
|
#include <linux/random.h>
|
|
|
|
#include <linux/compiler.h>
|
|
|
|
#include <linux/key.h>
|
|
|
|
#include <linux/namei.h>
|
|
|
|
#include <linux/crypto.h>
|
|
|
|
#include <linux/file.h>
|
|
|
|
#include <linux/scatterlist.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 11:04:11 +03:00
|
|
|
#include <linux/slab.h>
|
2008-07-24 08:30:06 +04:00
|
|
|
#include <asm/unaligned.h>
|
2006-10-04 13:16:22 +04:00
|
|
|
#include "ecryptfs_kernel.h"
|
|
|
|
|
|
|
|
static int
|
|
|
|
ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct page *dst_page, int dst_offset,
|
|
|
|
struct page *src_page, int src_offset, int size,
|
|
|
|
unsigned char *iv);
|
|
|
|
static int
|
|
|
|
ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct page *dst_page, int dst_offset,
|
|
|
|
struct page *src_page, int src_offset, int size,
|
|
|
|
unsigned char *iv);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_to_hex
|
|
|
|
* @dst: Buffer to take hex character representation of contents of
|
|
|
|
* src; must be at least of size (src_size * 2)
|
|
|
|
* @src: Buffer to be converted to a hex string respresentation
|
|
|
|
* @src_size: number of bytes to convert
|
|
|
|
*/
|
|
|
|
void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
|
|
|
|
{
|
|
|
|
int x;
|
|
|
|
|
|
|
|
for (x = 0; x < src_size; x++)
|
|
|
|
sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_from_hex
|
|
|
|
* @dst: Buffer to take the bytes from src hex; must be at least of
|
|
|
|
* size (src_size / 2)
|
|
|
|
* @src: Buffer to be converted from a hex string respresentation to raw value
|
|
|
|
* @dst_size: size of dst buffer, or number of hex characters pairs to convert
|
|
|
|
*/
|
|
|
|
void ecryptfs_from_hex(char *dst, char *src, int dst_size)
|
|
|
|
{
|
|
|
|
int x;
|
|
|
|
char tmp[3] = { 0, };
|
|
|
|
|
|
|
|
for (x = 0; x < dst_size; x++) {
|
|
|
|
tmp[0] = src[x * 2];
|
|
|
|
tmp[1] = src[x * 2 + 1];
|
|
|
|
dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_calculate_md5 - calculates the md5 of @src
|
|
|
|
* @dst: Pointer to 16 bytes of allocated memory
|
|
|
|
* @crypt_stat: Pointer to crypt_stat struct for the current inode
|
|
|
|
* @src: Data to be md5'd
|
|
|
|
* @len: Length of @src
|
|
|
|
*
|
|
|
|
* Uses the allocated crypto context that crypt_stat references to
|
|
|
|
* generate the MD5 sum of the contents of src.
|
|
|
|
*/
|
|
|
|
static int ecryptfs_calculate_md5(char *dst,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
char *src, int len)
|
|
|
|
{
|
|
|
|
struct scatterlist sg;
|
2006-10-31 09:07:17 +03:00
|
|
|
struct hash_desc desc = {
|
|
|
|
.tfm = crypt_stat->hash_tfm,
|
|
|
|
.flags = CRYPTO_TFM_REQ_MAY_SLEEP
|
|
|
|
};
|
|
|
|
int rc = 0;
|
2006-10-04 13:16:22 +04:00
|
|
|
|
2006-10-31 09:07:17 +03:00
|
|
|
mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
|
2006-10-04 13:16:22 +04:00
|
|
|
sg_init_one(&sg, (u8 *)src, len);
|
2006-10-31 09:07:17 +03:00
|
|
|
if (!desc.tfm) {
|
|
|
|
desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
|
|
|
|
CRYPTO_ALG_ASYNC);
|
|
|
|
if (IS_ERR(desc.tfm)) {
|
|
|
|
rc = PTR_ERR(desc.tfm);
|
2006-10-04 13:16:22 +04:00
|
|
|
ecryptfs_printk(KERN_ERR, "Error attempting to "
|
2006-10-31 09:07:17 +03:00
|
|
|
"allocate crypto context; rc = [%d]\n",
|
|
|
|
rc);
|
2006-10-04 13:16:22 +04:00
|
|
|
goto out;
|
|
|
|
}
|
2006-10-31 09:07:17 +03:00
|
|
|
crypt_stat->hash_tfm = desc.tfm;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
2007-11-06 01:51:04 +03:00
|
|
|
rc = crypto_hash_init(&desc);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR
|
|
|
|
"%s: Error initializing crypto hash; rc = [%d]\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__, rc);
|
2007-11-06 01:51:04 +03:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = crypto_hash_update(&desc, &sg, len);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR
|
|
|
|
"%s: Error updating crypto hash; rc = [%d]\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__, rc);
|
2007-11-06 01:51:04 +03:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = crypto_hash_final(&desc, dst);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR
|
|
|
|
"%s: Error finalizing crypto hash; rc = [%d]\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__, rc);
|
2007-11-06 01:51:04 +03:00
|
|
|
goto out;
|
|
|
|
}
|
2006-10-04 13:16:22 +04:00
|
|
|
out:
|
2007-11-06 01:51:04 +03:00
|
|
|
mutex_unlock(&crypt_stat->cs_hash_tfm_mutex);
|
2006-10-04 13:16:22 +04:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-10-16 12:28:04 +04:00
|
|
|
static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
|
|
|
|
char *cipher_name,
|
|
|
|
char *chaining_modifier)
|
2006-10-31 09:07:18 +03:00
|
|
|
{
|
|
|
|
int cipher_name_len = strlen(cipher_name);
|
|
|
|
int chaining_modifier_len = strlen(chaining_modifier);
|
|
|
|
int algified_name_len;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
|
|
|
|
(*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
|
2006-11-03 09:06:56 +03:00
|
|
|
if (!(*algified_name)) {
|
2006-10-31 09:07:18 +03:00
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
snprintf((*algified_name), algified_name_len, "%s(%s)",
|
|
|
|
chaining_modifier, cipher_name);
|
|
|
|
rc = 0;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
/**
|
|
|
|
* ecryptfs_derive_iv
|
|
|
|
* @iv: destination for the derived iv vale
|
|
|
|
* @crypt_stat: Pointer to crypt_stat struct for the current inode
|
2007-10-16 12:28:12 +04:00
|
|
|
* @offset: Offset of the extent whose IV we are to derive
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Generate the initialization vector from the given root IV and page
|
|
|
|
* offset.
|
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero on error.
|
|
|
|
*/
|
2009-01-07 01:41:58 +03:00
|
|
|
int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
loff_t offset)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
char dst[MD5_DIGEST_SIZE];
|
|
|
|
char src[ECRYPTFS_MAX_IV_BYTES + 16];
|
|
|
|
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "root iv:\n");
|
|
|
|
ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
|
|
|
|
}
|
|
|
|
/* TODO: It is probably secure to just cast the least
|
|
|
|
* significant bits of the root IV into an unsigned long and
|
|
|
|
* add the offset to that rather than go through all this
|
|
|
|
* hashing business. -Halcrow */
|
|
|
|
memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
|
|
|
|
memset((src + crypt_stat->iv_bytes), 0, 16);
|
2007-10-16 12:28:12 +04:00
|
|
|
snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "source:\n");
|
|
|
|
ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
|
|
|
|
}
|
|
|
|
rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
|
|
|
|
(crypt_stat->iv_bytes + 16));
|
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
|
|
|
|
"MD5 while generating IV for a page\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
memcpy(iv, dst, crypt_stat->iv_bytes);
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
|
|
|
|
ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_init_crypt_stat
|
|
|
|
* @crypt_stat: Pointer to the crypt_stat struct to initialize.
|
|
|
|
*
|
|
|
|
* Initialize the crypt_stat structure.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
|
|
|
memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
|
2007-10-16 12:27:53 +04:00
|
|
|
INIT_LIST_HEAD(&crypt_stat->keysig_list);
|
|
|
|
mutex_init(&crypt_stat->keysig_list_mutex);
|
2006-10-04 13:16:22 +04:00
|
|
|
mutex_init(&crypt_stat->cs_mutex);
|
|
|
|
mutex_init(&crypt_stat->cs_tfm_mutex);
|
2006-10-31 09:07:17 +03:00
|
|
|
mutex_init(&crypt_stat->cs_hash_tfm_mutex);
|
2007-02-12 11:53:49 +03:00
|
|
|
crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2007-10-16 12:28:01 +04:00
|
|
|
* ecryptfs_destroy_crypt_stat
|
2006-10-04 13:16:22 +04:00
|
|
|
* @crypt_stat: Pointer to the crypt_stat struct to initialize.
|
|
|
|
*
|
|
|
|
* Releases all memory associated with a crypt_stat struct.
|
|
|
|
*/
|
2007-10-16 12:28:01 +04:00
|
|
|
void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
2007-10-16 12:27:53 +04:00
|
|
|
struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
if (crypt_stat->tfm)
|
2006-10-31 09:07:18 +03:00
|
|
|
crypto_free_blkcipher(crypt_stat->tfm);
|
2006-10-31 09:07:17 +03:00
|
|
|
if (crypt_stat->hash_tfm)
|
|
|
|
crypto_free_hash(crypt_stat->hash_tfm);
|
2007-10-16 12:27:53 +04:00
|
|
|
list_for_each_entry_safe(key_sig, key_sig_tmp,
|
|
|
|
&crypt_stat->keysig_list, crypt_stat_list) {
|
|
|
|
list_del(&key_sig->crypt_stat_list);
|
|
|
|
kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
|
|
|
|
}
|
2006-10-04 13:16:22 +04:00
|
|
|
memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
|
|
|
|
}
|
|
|
|
|
2007-10-16 12:28:01 +04:00
|
|
|
void ecryptfs_destroy_mount_crypt_stat(
|
2006-10-04 13:16:22 +04:00
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
|
|
|
|
{
|
2007-10-16 12:27:53 +04:00
|
|
|
struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp;
|
|
|
|
|
|
|
|
if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
|
|
|
|
return;
|
|
|
|
mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
|
|
|
|
list_for_each_entry_safe(auth_tok, auth_tok_tmp,
|
|
|
|
&mount_crypt_stat->global_auth_tok_list,
|
|
|
|
mount_crypt_stat_list) {
|
|
|
|
list_del(&auth_tok->mount_crypt_stat_list);
|
|
|
|
mount_crypt_stat->num_global_auth_toks--;
|
|
|
|
if (auth_tok->global_auth_tok_key
|
|
|
|
&& !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
|
|
|
|
key_put(auth_tok->global_auth_tok_key);
|
|
|
|
kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
|
|
|
|
}
|
|
|
|
mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
|
2006-10-04 13:16:22 +04:00
|
|
|
memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* virt_to_scatterlist
|
|
|
|
* @addr: Virtual address
|
|
|
|
* @size: Size of data; should be an even multiple of the block size
|
|
|
|
* @sg: Pointer to scatterlist array; set to NULL to obtain only
|
|
|
|
* the number of scatterlist structs required in array
|
|
|
|
* @sg_size: Max array size
|
|
|
|
*
|
|
|
|
* Fills in a scatterlist array with page references for a passed
|
|
|
|
* virtual address.
|
|
|
|
*
|
|
|
|
* Returns the number of scatterlist structs in array used
|
|
|
|
*/
|
|
|
|
int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
|
|
|
|
int sg_size)
|
|
|
|
{
|
|
|
|
int i = 0;
|
|
|
|
struct page *pg;
|
|
|
|
int offset;
|
|
|
|
int remainder_of_page;
|
|
|
|
|
2007-10-27 11:52:07 +04:00
|
|
|
sg_init_table(sg, sg_size);
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
while (size > 0 && i < sg_size) {
|
|
|
|
pg = virt_to_page(addr);
|
|
|
|
offset = offset_in_page(addr);
|
2007-10-24 13:20:47 +04:00
|
|
|
if (sg)
|
|
|
|
sg_set_page(&sg[i], pg, 0, offset);
|
2006-10-04 13:16:22 +04:00
|
|
|
remainder_of_page = PAGE_CACHE_SIZE - offset;
|
|
|
|
if (size >= remainder_of_page) {
|
|
|
|
if (sg)
|
|
|
|
sg[i].length = remainder_of_page;
|
|
|
|
addr += remainder_of_page;
|
|
|
|
size -= remainder_of_page;
|
|
|
|
} else {
|
|
|
|
if (sg)
|
|
|
|
sg[i].length = size;
|
|
|
|
addr += size;
|
|
|
|
size = 0;
|
|
|
|
}
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
if (size > 0)
|
|
|
|
return -ENOMEM;
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* encrypt_scatterlist
|
|
|
|
* @crypt_stat: Pointer to the crypt_stat struct to initialize.
|
|
|
|
* @dest_sg: Destination of encrypted data
|
|
|
|
* @src_sg: Data to be encrypted
|
|
|
|
* @size: Length of data to be encrypted
|
|
|
|
* @iv: iv to use during encryption
|
|
|
|
*
|
|
|
|
* Returns the number of bytes encrypted; negative value on error
|
|
|
|
*/
|
|
|
|
static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct scatterlist *dest_sg,
|
|
|
|
struct scatterlist *src_sg, int size,
|
|
|
|
unsigned char *iv)
|
|
|
|
{
|
2006-10-31 09:07:18 +03:00
|
|
|
struct blkcipher_desc desc = {
|
|
|
|
.tfm = crypt_stat->tfm,
|
|
|
|
.info = iv,
|
|
|
|
.flags = CRYPTO_TFM_REQ_MAY_SLEEP
|
|
|
|
};
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
BUG_ON(!crypt_stat || !crypt_stat->tfm
|
2007-02-12 11:53:49 +03:00
|
|
|
|| !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
|
2006-10-04 13:16:22 +04:00
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
|
|
|
|
crypt_stat->key_size);
|
|
|
|
ecryptfs_dump_hex(crypt_stat->key,
|
|
|
|
crypt_stat->key_size);
|
|
|
|
}
|
|
|
|
/* Consider doing this once, when the file is opened */
|
|
|
|
mutex_lock(&crypt_stat->cs_tfm_mutex);
|
2008-02-06 12:38:33 +03:00
|
|
|
if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
|
|
|
|
rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
|
|
|
|
crypt_stat->key_size);
|
|
|
|
crypt_stat->flags |= ECRYPTFS_KEY_SET;
|
|
|
|
}
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
|
|
|
|
rc);
|
|
|
|
mutex_unlock(&crypt_stat->cs_tfm_mutex);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
|
2006-10-31 09:07:18 +03:00
|
|
|
crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size);
|
2006-10-04 13:16:22 +04:00
|
|
|
mutex_unlock(&crypt_stat->cs_tfm_mutex);
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-10-16 12:28:08 +04:00
|
|
|
/**
|
|
|
|
* ecryptfs_lower_offset_for_extent
|
|
|
|
*
|
|
|
|
* Convert an eCryptfs page index into a lower byte offset
|
|
|
|
*/
|
2008-02-06 12:38:32 +03:00
|
|
|
static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat)
|
2007-10-16 12:28:08 +04:00
|
|
|
{
|
2010-02-11 16:10:38 +03:00
|
|
|
(*offset) = ecryptfs_lower_header_size(crypt_stat)
|
|
|
|
+ (crypt_stat->extent_size * extent_num);
|
2007-10-16 12:28:08 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_encrypt_extent
|
|
|
|
* @enc_extent_page: Allocated page into which to encrypt the data in
|
|
|
|
* @page
|
|
|
|
* @crypt_stat: crypt_stat containing cryptographic context for the
|
|
|
|
* encryption operation
|
|
|
|
* @page: Page containing plaintext data extent to encrypt
|
|
|
|
* @extent_offset: Page extent offset for use in generating IV
|
|
|
|
*
|
|
|
|
* Encrypts one extent of data.
|
|
|
|
*
|
|
|
|
* Return zero on success; non-zero otherwise
|
|
|
|
*/
|
|
|
|
static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct page *page,
|
|
|
|
unsigned long extent_offset)
|
|
|
|
{
|
2007-10-16 12:28:12 +04:00
|
|
|
loff_t extent_base;
|
2007-10-16 12:28:08 +04:00
|
|
|
char extent_iv[ECRYPTFS_MAX_IV_BYTES];
|
|
|
|
int rc;
|
|
|
|
|
2007-10-16 12:28:12 +04:00
|
|
|
extent_base = (((loff_t)page->index)
|
2007-10-16 12:28:08 +04:00
|
|
|
* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
|
|
|
|
rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
|
|
|
|
(extent_base + extent_offset));
|
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_ERR, "Error attempting to "
|
|
|
|
"derive IV for extent [0x%.16x]; "
|
|
|
|
"rc = [%d]\n", (extent_base + extent_offset),
|
|
|
|
rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
|
|
|
|
"with iv:\n");
|
|
|
|
ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
|
|
|
|
"encryption:\n");
|
|
|
|
ecryptfs_dump_hex((char *)
|
|
|
|
(page_address(page)
|
|
|
|
+ (extent_offset * crypt_stat->extent_size)),
|
|
|
|
8);
|
|
|
|
}
|
|
|
|
rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
|
|
|
|
page, (extent_offset
|
|
|
|
* crypt_stat->extent_size),
|
|
|
|
crypt_stat->extent_size, extent_iv);
|
|
|
|
if (rc < 0) {
|
|
|
|
printk(KERN_ERR "%s: Error attempting to encrypt page with "
|
|
|
|
"page->index = [%ld], extent_offset = [%ld]; "
|
2008-04-29 11:59:48 +04:00
|
|
|
"rc = [%d]\n", __func__, page->index, extent_offset,
|
2007-10-16 12:28:08 +04:00
|
|
|
rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = 0;
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
|
|
|
|
"rc = [%d]\n", (extent_base + extent_offset),
|
|
|
|
rc);
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
|
|
|
|
"encryption:\n");
|
|
|
|
ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
/**
|
|
|
|
* ecryptfs_encrypt_page
|
2007-10-16 12:28:08 +04:00
|
|
|
* @page: Page mapped from the eCryptfs inode for the file; contains
|
|
|
|
* decrypted content that needs to be encrypted (to a temporary
|
|
|
|
* page; not in place) and written out to the lower file
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Encrypt an eCryptfs page. This is done on a per-extent basis. Note
|
|
|
|
* that eCryptfs pages may straddle the lower pages -- for instance,
|
|
|
|
* if the file was created on a machine with an 8K page size
|
|
|
|
* (resulting in an 8K header), and then the file is copied onto a
|
|
|
|
* host with a 32K page size, then when reading page 0 of the eCryptfs
|
|
|
|
* file, 24K of page 0 of the lower file will be read and decrypted,
|
|
|
|
* and then 8K of page 1 of the lower file will be read and decrypted.
|
|
|
|
*
|
|
|
|
* Returns zero on success; negative on error
|
|
|
|
*/
|
2007-10-16 12:28:08 +04:00
|
|
|
int ecryptfs_encrypt_page(struct page *page)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
2007-10-16 12:28:08 +04:00
|
|
|
struct inode *ecryptfs_inode;
|
2006-10-04 13:16:22 +04:00
|
|
|
struct ecryptfs_crypt_stat *crypt_stat;
|
2008-07-29 02:46:39 +04:00
|
|
|
char *enc_extent_virt;
|
|
|
|
struct page *enc_extent_page = NULL;
|
2007-10-16 12:28:08 +04:00
|
|
|
loff_t extent_offset;
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc = 0;
|
2007-10-16 12:28:08 +04:00
|
|
|
|
|
|
|
ecryptfs_inode = page->mapping->host;
|
|
|
|
crypt_stat =
|
|
|
|
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
|
2009-04-14 00:29:27 +04:00
|
|
|
BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
|
2008-07-29 02:46:39 +04:00
|
|
|
enc_extent_page = alloc_page(GFP_USER);
|
|
|
|
if (!enc_extent_page) {
|
2007-10-16 12:28:08 +04:00
|
|
|
rc = -ENOMEM;
|
|
|
|
ecryptfs_printk(KERN_ERR, "Error allocating memory for "
|
|
|
|
"encrypted extent\n");
|
|
|
|
goto out;
|
|
|
|
}
|
2008-07-29 02:46:39 +04:00
|
|
|
enc_extent_virt = kmap(enc_extent_page);
|
2007-10-16 12:28:08 +04:00
|
|
|
for (extent_offset = 0;
|
|
|
|
extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
|
|
|
|
extent_offset++) {
|
|
|
|
loff_t offset;
|
|
|
|
|
|
|
|
rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page,
|
|
|
|
extent_offset);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
2007-10-16 12:28:08 +04:00
|
|
|
printk(KERN_ERR "%s: Error encrypting extent; "
|
2008-04-29 11:59:48 +04:00
|
|
|
"rc = [%d]\n", __func__, rc);
|
2006-10-04 13:16:22 +04:00
|
|
|
goto out;
|
|
|
|
}
|
2007-10-16 12:28:08 +04:00
|
|
|
ecryptfs_lower_offset_for_extent(
|
2007-10-16 12:28:12 +04:00
|
|
|
&offset, ((((loff_t)page->index)
|
|
|
|
* (PAGE_CACHE_SIZE
|
|
|
|
/ crypt_stat->extent_size))
|
2007-10-16 12:28:08 +04:00
|
|
|
+ extent_offset), crypt_stat);
|
|
|
|
rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
|
|
|
|
offset, crypt_stat->extent_size);
|
2009-09-17 04:04:20 +04:00
|
|
|
if (rc < 0) {
|
2007-10-16 12:28:08 +04:00
|
|
|
ecryptfs_printk(KERN_ERR, "Error attempting "
|
|
|
|
"to write lower page; rc = [%d]"
|
|
|
|
"\n", rc);
|
|
|
|
goto out;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
}
|
2009-09-17 04:04:20 +04:00
|
|
|
rc = 0;
|
2007-10-16 12:28:08 +04:00
|
|
|
out:
|
2008-07-29 02:46:39 +04:00
|
|
|
if (enc_extent_page) {
|
|
|
|
kunmap(enc_extent_page);
|
|
|
|
__free_page(enc_extent_page);
|
|
|
|
}
|
2007-10-16 12:28:08 +04:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ecryptfs_decrypt_extent(struct page *page,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct page *enc_extent_page,
|
|
|
|
unsigned long extent_offset)
|
|
|
|
{
|
2007-10-16 12:28:12 +04:00
|
|
|
loff_t extent_base;
|
2007-10-16 12:28:08 +04:00
|
|
|
char extent_iv[ECRYPTFS_MAX_IV_BYTES];
|
|
|
|
int rc;
|
|
|
|
|
2007-10-16 12:28:12 +04:00
|
|
|
extent_base = (((loff_t)page->index)
|
2007-10-16 12:28:08 +04:00
|
|
|
* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
|
|
|
|
rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
|
|
|
|
(extent_base + extent_offset));
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
2007-10-16 12:28:08 +04:00
|
|
|
ecryptfs_printk(KERN_ERR, "Error attempting to "
|
|
|
|
"derive IV for extent [0x%.16x]; "
|
|
|
|
"rc = [%d]\n", (extent_base + extent_offset),
|
|
|
|
rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
|
|
|
|
"with iv:\n");
|
|
|
|
ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
|
|
|
|
"decryption:\n");
|
|
|
|
ecryptfs_dump_hex((char *)
|
|
|
|
(page_address(enc_extent_page)
|
|
|
|
+ (extent_offset * crypt_stat->extent_size)),
|
|
|
|
8);
|
|
|
|
}
|
|
|
|
rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
|
|
|
|
(extent_offset
|
|
|
|
* crypt_stat->extent_size),
|
|
|
|
enc_extent_page, 0,
|
|
|
|
crypt_stat->extent_size, extent_iv);
|
|
|
|
if (rc < 0) {
|
|
|
|
printk(KERN_ERR "%s: Error attempting to decrypt to page with "
|
|
|
|
"page->index = [%ld], extent_offset = [%ld]; "
|
2008-04-29 11:59:48 +04:00
|
|
|
"rc = [%d]\n", __func__, page->index, extent_offset,
|
2007-10-16 12:28:08 +04:00
|
|
|
rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = 0;
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
|
|
|
|
"rc = [%d]\n", (extent_base + extent_offset),
|
|
|
|
rc);
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
|
|
|
|
"decryption:\n");
|
|
|
|
ecryptfs_dump_hex((char *)(page_address(page)
|
|
|
|
+ (extent_offset
|
|
|
|
* crypt_stat->extent_size)), 8);
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_decrypt_page
|
2007-10-16 12:28:08 +04:00
|
|
|
* @page: Page mapped from the eCryptfs inode for the file; data read
|
|
|
|
* and decrypted from the lower file will be written into this
|
|
|
|
* page
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Decrypt an eCryptfs page. This is done on a per-extent basis. Note
|
|
|
|
* that eCryptfs pages may straddle the lower pages -- for instance,
|
|
|
|
* if the file was created on a machine with an 8K page size
|
|
|
|
* (resulting in an 8K header), and then the file is copied onto a
|
|
|
|
* host with a 32K page size, then when reading page 0 of the eCryptfs
|
|
|
|
* file, 24K of page 0 of the lower file will be read and decrypted,
|
|
|
|
* and then 8K of page 1 of the lower file will be read and decrypted.
|
|
|
|
*
|
|
|
|
* Returns zero on success; negative on error
|
|
|
|
*/
|
2007-10-16 12:28:08 +04:00
|
|
|
int ecryptfs_decrypt_page(struct page *page)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
2007-10-16 12:28:08 +04:00
|
|
|
struct inode *ecryptfs_inode;
|
2006-10-04 13:16:22 +04:00
|
|
|
struct ecryptfs_crypt_stat *crypt_stat;
|
2008-07-29 02:46:39 +04:00
|
|
|
char *enc_extent_virt;
|
|
|
|
struct page *enc_extent_page = NULL;
|
2007-10-16 12:28:08 +04:00
|
|
|
unsigned long extent_offset;
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc = 0;
|
|
|
|
|
2007-10-16 12:28:08 +04:00
|
|
|
ecryptfs_inode = page->mapping->host;
|
|
|
|
crypt_stat =
|
|
|
|
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
|
2009-04-14 00:29:27 +04:00
|
|
|
BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
|
2008-07-29 02:46:39 +04:00
|
|
|
enc_extent_page = alloc_page(GFP_USER);
|
|
|
|
if (!enc_extent_page) {
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -ENOMEM;
|
2007-10-16 12:28:08 +04:00
|
|
|
ecryptfs_printk(KERN_ERR, "Error allocating memory for "
|
|
|
|
"encrypted extent\n");
|
2007-10-16 12:28:14 +04:00
|
|
|
goto out;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
2008-07-29 02:46:39 +04:00
|
|
|
enc_extent_virt = kmap(enc_extent_page);
|
2007-10-16 12:28:08 +04:00
|
|
|
for (extent_offset = 0;
|
|
|
|
extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
|
|
|
|
extent_offset++) {
|
|
|
|
loff_t offset;
|
|
|
|
|
|
|
|
ecryptfs_lower_offset_for_extent(
|
|
|
|
&offset, ((page->index * (PAGE_CACHE_SIZE
|
|
|
|
/ crypt_stat->extent_size))
|
|
|
|
+ extent_offset), crypt_stat);
|
|
|
|
rc = ecryptfs_read_lower(enc_extent_virt, offset,
|
|
|
|
crypt_stat->extent_size,
|
|
|
|
ecryptfs_inode);
|
2009-09-17 04:04:20 +04:00
|
|
|
if (rc < 0) {
|
2007-10-16 12:28:08 +04:00
|
|
|
ecryptfs_printk(KERN_ERR, "Error attempting "
|
|
|
|
"to read lower page; rc = [%d]"
|
|
|
|
"\n", rc);
|
2007-10-16 12:28:14 +04:00
|
|
|
goto out;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
2007-10-16 12:28:08 +04:00
|
|
|
rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page,
|
|
|
|
extent_offset);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "%s: Error encrypting extent; "
|
2008-04-29 11:59:48 +04:00
|
|
|
"rc = [%d]\n", __func__, rc);
|
2007-10-16 12:28:14 +04:00
|
|
|
goto out;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
out:
|
2008-07-29 02:46:39 +04:00
|
|
|
if (enc_extent_page) {
|
|
|
|
kunmap(enc_extent_page);
|
|
|
|
__free_page(enc_extent_page);
|
|
|
|
}
|
2006-10-04 13:16:22 +04:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* decrypt_scatterlist
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: Cryptographic context
|
|
|
|
* @dest_sg: The destination scatterlist to decrypt into
|
|
|
|
* @src_sg: The source scatterlist to decrypt from
|
|
|
|
* @size: The number of bytes to decrypt
|
|
|
|
* @iv: The initialization vector to use for the decryption
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Returns the number of bytes decrypted; negative value on error
|
|
|
|
*/
|
|
|
|
static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct scatterlist *dest_sg,
|
|
|
|
struct scatterlist *src_sg, int size,
|
|
|
|
unsigned char *iv)
|
|
|
|
{
|
2006-10-31 09:07:18 +03:00
|
|
|
struct blkcipher_desc desc = {
|
|
|
|
.tfm = crypt_stat->tfm,
|
|
|
|
.info = iv,
|
|
|
|
.flags = CRYPTO_TFM_REQ_MAY_SLEEP
|
|
|
|
};
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
/* Consider doing this once, when the file is opened */
|
|
|
|
mutex_lock(&crypt_stat->cs_tfm_mutex);
|
2006-10-31 09:07:18 +03:00
|
|
|
rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
|
|
|
|
crypt_stat->key_size);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
|
|
|
|
rc);
|
|
|
|
mutex_unlock(&crypt_stat->cs_tfm_mutex);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
|
2006-10-31 09:07:18 +03:00
|
|
|
rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size);
|
2006-10-04 13:16:22 +04:00
|
|
|
mutex_unlock(&crypt_stat->cs_tfm_mutex);
|
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
|
|
|
|
rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = size;
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_encrypt_page_offset
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: The cryptographic context
|
|
|
|
* @dst_page: The page to encrypt into
|
|
|
|
* @dst_offset: The offset in the page to encrypt into
|
|
|
|
* @src_page: The page to encrypt from
|
|
|
|
* @src_offset: The offset in the page to encrypt from
|
|
|
|
* @size: The number of bytes to encrypt
|
|
|
|
* @iv: The initialization vector to use for the encryption
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Returns the number of bytes encrypted
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct page *dst_page, int dst_offset,
|
|
|
|
struct page *src_page, int src_offset, int size,
|
|
|
|
unsigned char *iv)
|
|
|
|
{
|
|
|
|
struct scatterlist src_sg, dst_sg;
|
|
|
|
|
2007-10-22 21:43:30 +04:00
|
|
|
sg_init_table(&src_sg, 1);
|
|
|
|
sg_init_table(&dst_sg, 1);
|
|
|
|
|
2007-10-24 13:20:47 +04:00
|
|
|
sg_set_page(&src_sg, src_page, size, src_offset);
|
|
|
|
sg_set_page(&dst_sg, dst_page, size, dst_offset);
|
2006-10-04 13:16:22 +04:00
|
|
|
return encrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_decrypt_page_offset
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: The cryptographic context
|
|
|
|
* @dst_page: The page to decrypt into
|
|
|
|
* @dst_offset: The offset in the page to decrypt into
|
|
|
|
* @src_page: The page to decrypt from
|
|
|
|
* @src_offset: The offset in the page to decrypt from
|
|
|
|
* @size: The number of bytes to decrypt
|
|
|
|
* @iv: The initialization vector to use for the decryption
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Returns the number of bytes decrypted
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct page *dst_page, int dst_offset,
|
|
|
|
struct page *src_page, int src_offset, int size,
|
|
|
|
unsigned char *iv)
|
|
|
|
{
|
|
|
|
struct scatterlist src_sg, dst_sg;
|
|
|
|
|
2007-10-22 21:43:30 +04:00
|
|
|
sg_init_table(&src_sg, 1);
|
2007-10-24 13:20:47 +04:00
|
|
|
sg_set_page(&src_sg, src_page, size, src_offset);
|
|
|
|
|
2007-10-22 21:43:30 +04:00
|
|
|
sg_init_table(&dst_sg, 1);
|
2007-10-24 13:20:47 +04:00
|
|
|
sg_set_page(&dst_sg, dst_page, size, dst_offset);
|
2007-10-22 21:43:30 +04:00
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
return decrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv);
|
|
|
|
}
|
|
|
|
|
|
|
|
#define ECRYPTFS_MAX_SCATTERLIST_LEN 4
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_init_crypt_ctx
|
|
|
|
* @crypt_stat: Uninitilized crypt stats structure
|
|
|
|
*
|
|
|
|
* Initialize the crypto context.
|
|
|
|
*
|
|
|
|
* TODO: Performance: Keep a cache of initialized cipher contexts;
|
|
|
|
* only init if needed
|
|
|
|
*/
|
|
|
|
int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
2006-10-31 09:07:18 +03:00
|
|
|
char *full_alg_name;
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc = -EINVAL;
|
|
|
|
|
|
|
|
if (!crypt_stat->cipher) {
|
|
|
|
ecryptfs_printk(KERN_ERR, "No cipher specified\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
ecryptfs_printk(KERN_DEBUG,
|
|
|
|
"Initializing cipher [%s]; strlen = [%d]; "
|
|
|
|
"key_size_bits = [%d]\n",
|
|
|
|
crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
|
|
|
|
crypt_stat->key_size << 3);
|
|
|
|
if (crypt_stat->tfm) {
|
|
|
|
rc = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
mutex_lock(&crypt_stat->cs_tfm_mutex);
|
2006-10-31 09:07:18 +03:00
|
|
|
rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
|
|
|
|
crypt_stat->cipher, "cbc");
|
|
|
|
if (rc)
|
2007-12-23 01:03:26 +03:00
|
|
|
goto out_unlock;
|
2006-10-31 09:07:18 +03:00
|
|
|
crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0,
|
|
|
|
CRYPTO_ALG_ASYNC);
|
|
|
|
kfree(full_alg_name);
|
2006-11-28 23:29:49 +03:00
|
|
|
if (IS_ERR(crypt_stat->tfm)) {
|
|
|
|
rc = PTR_ERR(crypt_stat->tfm);
|
2009-08-11 09:36:32 +04:00
|
|
|
crypt_stat->tfm = NULL;
|
2006-10-04 13:16:22 +04:00
|
|
|
ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
|
|
|
|
"Error initializing cipher [%s]\n",
|
|
|
|
crypt_stat->cipher);
|
2007-12-23 01:03:26 +03:00
|
|
|
goto out_unlock;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
2007-01-27 02:05:15 +03:00
|
|
|
crypto_blkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = 0;
|
2007-12-23 01:03:26 +03:00
|
|
|
out_unlock:
|
|
|
|
mutex_unlock(&crypt_stat->cs_tfm_mutex);
|
2006-10-04 13:16:22 +04:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
|
|
|
int extent_size_tmp;
|
|
|
|
|
|
|
|
crypt_stat->extent_mask = 0xFFFFFFFF;
|
|
|
|
crypt_stat->extent_shift = 0;
|
|
|
|
if (crypt_stat->extent_size == 0)
|
|
|
|
return;
|
|
|
|
extent_size_tmp = crypt_stat->extent_size;
|
|
|
|
while ((extent_size_tmp & 0x01) == 0) {
|
|
|
|
extent_size_tmp >>= 1;
|
|
|
|
crypt_stat->extent_mask <<= 1;
|
|
|
|
crypt_stat->extent_shift++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
|
|
|
/* Default values; may be overwritten as we are parsing the
|
|
|
|
* packets. */
|
|
|
|
crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
|
|
|
|
set_extent_mask_and_shift(crypt_stat);
|
|
|
|
crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
|
2007-02-12 11:53:46 +03:00
|
|
|
if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
|
2010-02-11 14:09:14 +03:00
|
|
|
crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
|
2007-10-16 12:28:05 +04:00
|
|
|
else {
|
|
|
|
if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
|
2010-02-11 14:09:14 +03:00
|
|
|
crypt_stat->metadata_size =
|
2008-02-06 12:38:32 +03:00
|
|
|
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
|
2007-10-16 12:28:05 +04:00
|
|
|
else
|
2010-02-11 14:09:14 +03:00
|
|
|
crypt_stat->metadata_size = PAGE_CACHE_SIZE;
|
2007-10-16 12:28:05 +04:00
|
|
|
}
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_compute_root_iv
|
|
|
|
* @crypt_stats
|
|
|
|
*
|
|
|
|
* On error, sets the root IV to all 0's.
|
|
|
|
*/
|
|
|
|
int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
char dst[MD5_DIGEST_SIZE];
|
|
|
|
|
|
|
|
BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
|
|
|
|
BUG_ON(crypt_stat->iv_bytes <= 0);
|
2007-02-12 11:53:49 +03:00
|
|
|
if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -EINVAL;
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Session key not valid; "
|
|
|
|
"cannot generate root IV\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
|
|
|
|
crypt_stat->key_size);
|
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
|
|
|
|
"MD5 while generating root IV\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
|
|
|
|
out:
|
|
|
|
if (rc) {
|
|
|
|
memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
|
2007-02-12 11:53:49 +03:00
|
|
|
crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
|
|
|
get_random_bytes(crypt_stat->key, crypt_stat->key_size);
|
2007-02-12 11:53:49 +03:00
|
|
|
crypt_stat->flags |= ECRYPTFS_KEY_VALID;
|
2006-10-04 13:16:22 +04:00
|
|
|
ecryptfs_compute_root_iv(crypt_stat);
|
|
|
|
if (unlikely(ecryptfs_verbosity > 0)) {
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
|
|
|
|
ecryptfs_dump_hex(crypt_stat->key,
|
|
|
|
crypt_stat->key_size);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
[PATCH] eCryptfs: xattr flags and mount options
This patch set introduces the ability to store cryptographic metadata into an
lower file extended attribute rather than the lower file header region.
This patch set implements two new mount options:
ecryptfs_xattr_metadata
- When set, newly created files will have their cryptographic
metadata stored in the extended attribute region of the file rather
than the header.
When storing the data in the file header, there is a minimum of 8KB
reserved for the header information for each file, making each file at
least 12KB in size. This can take up a lot of extra disk space if the user
creates a lot of small files. By storing the data in the extended
attribute, each file will only occupy at least of 4KB of space.
As the eCryptfs metadata set becomes larger with new features such as
multi-key associations, most popular filesystems will not be able to store
all of the information in the xattr region in some cases due to space
constraints. However, the majority of users will only ever associate one
key per file, so most users will be okay with storing their data in the
xattr region.
This option should be used with caution. I want to emphasize that the
xattr must be maintained under all circumstances, or the file will be
rendered permanently unrecoverable. The last thing I want is for a user to
forget to set an xattr flag in a backup utility, only to later discover
that their backups are worthless.
ecryptfs_encrypted_view
- When set, this option causes eCryptfs to present applications a
view of encrypted files as if the cryptographic metadata were
stored in the file header, whether the metadata is actually stored
in the header or in the extended attributes.
No matter what eCryptfs winds up doing in the lower filesystem, I want
to preserve a baseline format compatibility for the encrypted files. As of
right now, the metadata may be in the file header or in an xattr. There is
no reason why the metadata could not be put in a separate file in future
versions.
Without the compatibility mode, backup utilities would have to know to
back up the metadata file along with the files. The semantics of eCryptfs
have always been that the lower files are self-contained units of encrypted
data, and the only additional information required to decrypt any given
eCryptfs file is the key. That is what has always been emphasized about
eCryptfs lower files, and that is what users expect. Providing the
encrypted view option will provide a way to userspace applications wherein
they can always get to the same old familiar eCryptfs encrypted files,
regardless of what eCryptfs winds up doing with the metadata behind the
scenes.
This patch:
Add extended attribute support to version bit vector, flags to indicate when
xattr or encrypted view modes are enabled, and support for the new mount
options.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 11:53:45 +03:00
|
|
|
/**
|
|
|
|
* ecryptfs_copy_mount_wide_flags_to_inode_flags
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: The inode's cryptographic context
|
|
|
|
* @mount_crypt_stat: The mount point's cryptographic context
|
[PATCH] eCryptfs: xattr flags and mount options
This patch set introduces the ability to store cryptographic metadata into an
lower file extended attribute rather than the lower file header region.
This patch set implements two new mount options:
ecryptfs_xattr_metadata
- When set, newly created files will have their cryptographic
metadata stored in the extended attribute region of the file rather
than the header.
When storing the data in the file header, there is a minimum of 8KB
reserved for the header information for each file, making each file at
least 12KB in size. This can take up a lot of extra disk space if the user
creates a lot of small files. By storing the data in the extended
attribute, each file will only occupy at least of 4KB of space.
As the eCryptfs metadata set becomes larger with new features such as
multi-key associations, most popular filesystems will not be able to store
all of the information in the xattr region in some cases due to space
constraints. However, the majority of users will only ever associate one
key per file, so most users will be okay with storing their data in the
xattr region.
This option should be used with caution. I want to emphasize that the
xattr must be maintained under all circumstances, or the file will be
rendered permanently unrecoverable. The last thing I want is for a user to
forget to set an xattr flag in a backup utility, only to later discover
that their backups are worthless.
ecryptfs_encrypted_view
- When set, this option causes eCryptfs to present applications a
view of encrypted files as if the cryptographic metadata were
stored in the file header, whether the metadata is actually stored
in the header or in the extended attributes.
No matter what eCryptfs winds up doing in the lower filesystem, I want
to preserve a baseline format compatibility for the encrypted files. As of
right now, the metadata may be in the file header or in an xattr. There is
no reason why the metadata could not be put in a separate file in future
versions.
Without the compatibility mode, backup utilities would have to know to
back up the metadata file along with the files. The semantics of eCryptfs
have always been that the lower files are self-contained units of encrypted
data, and the only additional information required to decrypt any given
eCryptfs file is the key. That is what has always been emphasized about
eCryptfs lower files, and that is what users expect. Providing the
encrypted view option will provide a way to userspace applications wherein
they can always get to the same old familiar eCryptfs encrypted files,
regardless of what eCryptfs winds up doing with the metadata behind the
scenes.
This patch:
Add extended attribute support to version bit vector, flags to indicate when
xattr or encrypted view modes are enabled, and support for the new mount
options.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 11:53:45 +03:00
|
|
|
*
|
|
|
|
* This function propagates the mount-wide flags to individual inode
|
|
|
|
* flags.
|
|
|
|
*/
|
|
|
|
static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
|
|
|
|
{
|
|
|
|
if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
|
|
|
|
crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
|
|
|
|
if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
|
|
|
|
crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;
|
2009-01-07 01:42:00 +03:00
|
|
|
if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
|
|
|
|
crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES;
|
|
|
|
if (mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
|
|
|
|
crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
|
|
|
|
else if (mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
|
|
|
|
crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK;
|
|
|
|
}
|
[PATCH] eCryptfs: xattr flags and mount options
This patch set introduces the ability to store cryptographic metadata into an
lower file extended attribute rather than the lower file header region.
This patch set implements two new mount options:
ecryptfs_xattr_metadata
- When set, newly created files will have their cryptographic
metadata stored in the extended attribute region of the file rather
than the header.
When storing the data in the file header, there is a minimum of 8KB
reserved for the header information for each file, making each file at
least 12KB in size. This can take up a lot of extra disk space if the user
creates a lot of small files. By storing the data in the extended
attribute, each file will only occupy at least of 4KB of space.
As the eCryptfs metadata set becomes larger with new features such as
multi-key associations, most popular filesystems will not be able to store
all of the information in the xattr region in some cases due to space
constraints. However, the majority of users will only ever associate one
key per file, so most users will be okay with storing their data in the
xattr region.
This option should be used with caution. I want to emphasize that the
xattr must be maintained under all circumstances, or the file will be
rendered permanently unrecoverable. The last thing I want is for a user to
forget to set an xattr flag in a backup utility, only to later discover
that their backups are worthless.
ecryptfs_encrypted_view
- When set, this option causes eCryptfs to present applications a
view of encrypted files as if the cryptographic metadata were
stored in the file header, whether the metadata is actually stored
in the header or in the extended attributes.
No matter what eCryptfs winds up doing in the lower filesystem, I want
to preserve a baseline format compatibility for the encrypted files. As of
right now, the metadata may be in the file header or in an xattr. There is
no reason why the metadata could not be put in a separate file in future
versions.
Without the compatibility mode, backup utilities would have to know to
back up the metadata file along with the files. The semantics of eCryptfs
have always been that the lower files are self-contained units of encrypted
data, and the only additional information required to decrypt any given
eCryptfs file is the key. That is what has always been emphasized about
eCryptfs lower files, and that is what users expect. Providing the
encrypted view option will provide a way to userspace applications wherein
they can always get to the same old familiar eCryptfs encrypted files,
regardless of what eCryptfs winds up doing with the metadata behind the
scenes.
This patch:
Add extended attribute support to version bit vector, flags to indicate when
xattr or encrypted view modes are enabled, and support for the new mount
options.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 11:53:45 +03:00
|
|
|
}
|
|
|
|
|
2007-10-16 12:27:53 +04:00
|
|
|
static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
|
|
|
|
{
|
|
|
|
struct ecryptfs_global_auth_tok *global_auth_tok;
|
|
|
|
int rc = 0;
|
|
|
|
|
2009-07-02 02:48:18 +04:00
|
|
|
mutex_lock(&crypt_stat->keysig_list_mutex);
|
2007-10-16 12:27:53 +04:00
|
|
|
mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
|
2009-07-02 02:48:18 +04:00
|
|
|
|
2007-10-16 12:27:53 +04:00
|
|
|
list_for_each_entry(global_auth_tok,
|
|
|
|
&mount_crypt_stat->global_auth_tok_list,
|
|
|
|
mount_crypt_stat_list) {
|
2009-03-13 23:51:59 +03:00
|
|
|
if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
|
|
|
|
continue;
|
2007-10-16 12:27:53 +04:00
|
|
|
rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
2009-07-02 02:48:18 +04:00
|
|
|
|
2007-10-16 12:27:53 +04:00
|
|
|
out:
|
2009-07-02 02:48:18 +04:00
|
|
|
mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
|
|
|
|
mutex_unlock(&crypt_stat->keysig_list_mutex);
|
2007-10-16 12:27:53 +04:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
/**
|
|
|
|
* ecryptfs_set_default_crypt_stat_vals
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: The inode's cryptographic context
|
|
|
|
* @mount_crypt_stat: The mount point's cryptographic context
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Default values in the event that policy does not override them.
|
|
|
|
*/
|
|
|
|
static void ecryptfs_set_default_crypt_stat_vals(
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
|
|
|
|
{
|
[PATCH] eCryptfs: xattr flags and mount options
This patch set introduces the ability to store cryptographic metadata into an
lower file extended attribute rather than the lower file header region.
This patch set implements two new mount options:
ecryptfs_xattr_metadata
- When set, newly created files will have their cryptographic
metadata stored in the extended attribute region of the file rather
than the header.
When storing the data in the file header, there is a minimum of 8KB
reserved for the header information for each file, making each file at
least 12KB in size. This can take up a lot of extra disk space if the user
creates a lot of small files. By storing the data in the extended
attribute, each file will only occupy at least of 4KB of space.
As the eCryptfs metadata set becomes larger with new features such as
multi-key associations, most popular filesystems will not be able to store
all of the information in the xattr region in some cases due to space
constraints. However, the majority of users will only ever associate one
key per file, so most users will be okay with storing their data in the
xattr region.
This option should be used with caution. I want to emphasize that the
xattr must be maintained under all circumstances, or the file will be
rendered permanently unrecoverable. The last thing I want is for a user to
forget to set an xattr flag in a backup utility, only to later discover
that their backups are worthless.
ecryptfs_encrypted_view
- When set, this option causes eCryptfs to present applications a
view of encrypted files as if the cryptographic metadata were
stored in the file header, whether the metadata is actually stored
in the header or in the extended attributes.
No matter what eCryptfs winds up doing in the lower filesystem, I want
to preserve a baseline format compatibility for the encrypted files. As of
right now, the metadata may be in the file header or in an xattr. There is
no reason why the metadata could not be put in a separate file in future
versions.
Without the compatibility mode, backup utilities would have to know to
back up the metadata file along with the files. The semantics of eCryptfs
have always been that the lower files are self-contained units of encrypted
data, and the only additional information required to decrypt any given
eCryptfs file is the key. That is what has always been emphasized about
eCryptfs lower files, and that is what users expect. Providing the
encrypted view option will provide a way to userspace applications wherein
they can always get to the same old familiar eCryptfs encrypted files,
regardless of what eCryptfs winds up doing with the metadata behind the
scenes.
This patch:
Add extended attribute support to version bit vector, flags to indicate when
xattr or encrypted view modes are enabled, and support for the new mount
options.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 11:53:45 +03:00
|
|
|
ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
|
|
|
|
mount_crypt_stat);
|
2006-10-04 13:16:22 +04:00
|
|
|
ecryptfs_set_default_sizes(crypt_stat);
|
|
|
|
strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
|
|
|
|
crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
|
2007-02-12 11:53:49 +03:00
|
|
|
crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
|
2006-10-04 13:16:22 +04:00
|
|
|
crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
|
|
|
|
crypt_stat->mount_crypt_stat = mount_crypt_stat;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_new_file_context
|
2007-10-16 12:28:02 +04:00
|
|
|
* @ecryptfs_dentry: The eCryptfs dentry
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* If the crypto context for the file has not yet been established,
|
|
|
|
* this is where we do that. Establishing a new crypto context
|
|
|
|
* involves the following decisions:
|
|
|
|
* - What cipher to use?
|
|
|
|
* - What set of authentication tokens to use?
|
|
|
|
* Here we just worry about getting enough information into the
|
|
|
|
* authentication tokens so that we know that they are available.
|
|
|
|
* We associate the available authentication tokens with the new file
|
|
|
|
* via the set of signatures in the crypt_stat struct. Later, when
|
|
|
|
* the headers are actually written out, we may again defer to
|
|
|
|
* userspace to perform the encryption of the session key; for the
|
|
|
|
* foreseeable future, this will be the case with public key packets.
|
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero otherwise
|
|
|
|
*/
|
|
|
|
int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)
|
|
|
|
{
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat =
|
|
|
|
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
|
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
|
|
|
|
&ecryptfs_superblock_to_private(
|
|
|
|
ecryptfs_dentry->d_sb)->mount_crypt_stat;
|
|
|
|
int cipher_name_len;
|
2007-10-16 12:27:53 +04:00
|
|
|
int rc = 0;
|
2006-10-04 13:16:22 +04:00
|
|
|
|
|
|
|
ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
|
2007-10-16 12:28:00 +04:00
|
|
|
crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID);
|
2007-10-16 12:27:53 +04:00
|
|
|
ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
|
|
|
|
mount_crypt_stat);
|
|
|
|
rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
|
|
|
|
mount_crypt_stat);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
|
|
|
|
"to the inode key sigs; rc = [%d]\n", rc);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
cipher_name_len =
|
|
|
|
strlen(mount_crypt_stat->global_default_cipher_name);
|
|
|
|
memcpy(crypt_stat->cipher,
|
|
|
|
mount_crypt_stat->global_default_cipher_name,
|
|
|
|
cipher_name_len);
|
|
|
|
crypt_stat->cipher[cipher_name_len] = '\0';
|
|
|
|
crypt_stat->key_size =
|
|
|
|
mount_crypt_stat->global_default_cipher_key_size;
|
|
|
|
ecryptfs_generate_new_key(crypt_stat);
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = ecryptfs_init_crypt_ctx(crypt_stat);
|
|
|
|
if (rc)
|
|
|
|
ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
|
|
|
|
"context for cipher [%s]: rc = [%d]\n",
|
|
|
|
crypt_stat->cipher, rc);
|
2007-10-16 12:27:53 +04:00
|
|
|
out:
|
2006-10-04 13:16:22 +04:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* contains_ecryptfs_marker - check for the ecryptfs marker
|
|
|
|
* @data: The data block in which to check
|
|
|
|
*
|
|
|
|
* Returns one if marker found; zero if not found
|
|
|
|
*/
|
2007-02-12 11:53:46 +03:00
|
|
|
static int contains_ecryptfs_marker(char *data)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
u32 m_1, m_2;
|
|
|
|
|
2008-07-24 08:30:06 +04:00
|
|
|
m_1 = get_unaligned_be32(data);
|
|
|
|
m_2 = get_unaligned_be32(data + 4);
|
2006-10-04 13:16:22 +04:00
|
|
|
if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
|
|
|
|
return 1;
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
|
|
|
|
"MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
|
|
|
|
MAGIC_ECRYPTFS_MARKER);
|
|
|
|
ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
|
|
|
|
"[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct ecryptfs_flag_map_elem {
|
|
|
|
u32 file_flag;
|
|
|
|
u32 local_flag;
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Add support for additional flags by adding elements here. */
|
|
|
|
static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
|
|
|
|
{0x00000001, ECRYPTFS_ENABLE_HMAC},
|
2007-02-12 11:53:46 +03:00
|
|
|
{0x00000002, ECRYPTFS_ENCRYPTED},
|
2009-01-07 01:42:00 +03:00
|
|
|
{0x00000004, ECRYPTFS_METADATA_IN_XATTR},
|
|
|
|
{0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
|
2006-10-04 13:16:22 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_process_flags
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: The cryptographic context
|
2006-10-04 13:16:22 +04:00
|
|
|
* @page_virt: Source data to be parsed
|
|
|
|
* @bytes_read: Updated with the number of bytes read
|
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero if the flag set is invalid
|
|
|
|
*/
|
|
|
|
static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
char *page_virt, int *bytes_read)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
int i;
|
|
|
|
u32 flags;
|
|
|
|
|
2008-07-24 08:30:06 +04:00
|
|
|
flags = get_unaligned_be32(page_virt);
|
2006-10-04 13:16:22 +04:00
|
|
|
for (i = 0; i < ((sizeof(ecryptfs_flag_map)
|
|
|
|
/ sizeof(struct ecryptfs_flag_map_elem))); i++)
|
|
|
|
if (flags & ecryptfs_flag_map[i].file_flag) {
|
2007-02-12 11:53:49 +03:00
|
|
|
crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
|
2006-10-04 13:16:22 +04:00
|
|
|
} else
|
2007-02-12 11:53:49 +03:00
|
|
|
crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
|
2006-10-04 13:16:22 +04:00
|
|
|
/* Version is in top 8 bits of the 32-bit flag vector */
|
|
|
|
crypt_stat->file_version = ((flags >> 24) & 0xFF);
|
|
|
|
(*bytes_read) = 4;
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* write_ecryptfs_marker
|
|
|
|
* @page_virt: The pointer to in a page to begin writing the marker
|
|
|
|
* @written: Number of bytes written
|
|
|
|
*
|
|
|
|
* Marker = 0x3c81b7f5
|
|
|
|
*/
|
|
|
|
static void write_ecryptfs_marker(char *page_virt, size_t *written)
|
|
|
|
{
|
|
|
|
u32 m_1, m_2;
|
|
|
|
|
|
|
|
get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
|
|
|
|
m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
|
2008-07-24 08:30:06 +04:00
|
|
|
put_unaligned_be32(m_1, page_virt);
|
|
|
|
page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2);
|
|
|
|
put_unaligned_be32(m_2, page_virt);
|
2006-10-04 13:16:22 +04:00
|
|
|
(*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
|
|
|
|
}
|
|
|
|
|
2010-02-11 09:02:32 +03:00
|
|
|
void ecryptfs_write_crypt_stat_flags(char *page_virt,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
size_t *written)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
u32 flags = 0;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < ((sizeof(ecryptfs_flag_map)
|
|
|
|
/ sizeof(struct ecryptfs_flag_map_elem))); i++)
|
2007-02-12 11:53:49 +03:00
|
|
|
if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
|
2006-10-04 13:16:22 +04:00
|
|
|
flags |= ecryptfs_flag_map[i].file_flag;
|
|
|
|
/* Version is in top 8 bits of the 32-bit flag vector */
|
|
|
|
flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
|
2008-07-24 08:30:06 +04:00
|
|
|
put_unaligned_be32(flags, page_virt);
|
2006-10-04 13:16:22 +04:00
|
|
|
(*written) = 4;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct ecryptfs_cipher_code_str_map_elem {
|
|
|
|
char cipher_str[16];
|
2008-02-06 12:38:36 +03:00
|
|
|
u8 cipher_code;
|
2006-10-04 13:16:22 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
/* Add support for additional ciphers by adding elements here. The
|
|
|
|
* cipher_code is whatever OpenPGP applicatoins use to identify the
|
|
|
|
* ciphers. List in order of probability. */
|
|
|
|
static struct ecryptfs_cipher_code_str_map_elem
|
|
|
|
ecryptfs_cipher_code_str_map[] = {
|
|
|
|
{"aes",RFC2440_CIPHER_AES_128 },
|
|
|
|
{"blowfish", RFC2440_CIPHER_BLOWFISH},
|
|
|
|
{"des3_ede", RFC2440_CIPHER_DES3_EDE},
|
|
|
|
{"cast5", RFC2440_CIPHER_CAST_5},
|
|
|
|
{"twofish", RFC2440_CIPHER_TWOFISH},
|
|
|
|
{"cast6", RFC2440_CIPHER_CAST_6},
|
|
|
|
{"aes", RFC2440_CIPHER_AES_192},
|
|
|
|
{"aes", RFC2440_CIPHER_AES_256}
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_code_for_cipher_string
|
2009-01-07 01:41:57 +03:00
|
|
|
* @cipher_name: The string alias for the cipher
|
|
|
|
* @key_bytes: Length of key in bytes; used for AES code selection
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Returns zero on no match, or the cipher code on match
|
|
|
|
*/
|
2009-01-07 01:41:57 +03:00
|
|
|
u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int i;
|
2008-02-06 12:38:36 +03:00
|
|
|
u8 code = 0;
|
2006-10-04 13:16:22 +04:00
|
|
|
struct ecryptfs_cipher_code_str_map_elem *map =
|
|
|
|
ecryptfs_cipher_code_str_map;
|
|
|
|
|
2009-01-07 01:41:57 +03:00
|
|
|
if (strcmp(cipher_name, "aes") == 0) {
|
|
|
|
switch (key_bytes) {
|
2006-10-04 13:16:22 +04:00
|
|
|
case 16:
|
|
|
|
code = RFC2440_CIPHER_AES_128;
|
|
|
|
break;
|
|
|
|
case 24:
|
|
|
|
code = RFC2440_CIPHER_AES_192;
|
|
|
|
break;
|
|
|
|
case 32:
|
|
|
|
code = RFC2440_CIPHER_AES_256;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
|
2009-01-07 01:41:57 +03:00
|
|
|
if (strcmp(cipher_name, map[i].cipher_str) == 0) {
|
2006-10-04 13:16:22 +04:00
|
|
|
code = map[i].cipher_code;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return code;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_cipher_code_to_string
|
|
|
|
* @str: Destination to write out the cipher name
|
|
|
|
* @cipher_code: The code to convert to cipher name string
|
|
|
|
*
|
|
|
|
* Returns zero on success
|
|
|
|
*/
|
2008-02-06 12:38:36 +03:00
|
|
|
int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
str[0] = '\0';
|
|
|
|
for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
|
|
|
|
if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
|
|
|
|
strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
|
|
|
|
if (str[0] == '\0') {
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
|
|
|
|
"[%d]\n", cipher_code);
|
|
|
|
rc = -EINVAL;
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-10-16 12:28:10 +04:00
|
|
|
int ecryptfs_read_and_validate_header_region(char *data,
|
|
|
|
struct inode *ecryptfs_inode)
|
2007-02-12 11:53:46 +03:00
|
|
|
{
|
2007-10-16 12:28:10 +04:00
|
|
|
struct ecryptfs_crypt_stat *crypt_stat =
|
|
|
|
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
|
2007-02-12 11:53:46 +03:00
|
|
|
int rc;
|
|
|
|
|
2009-01-07 01:42:00 +03:00
|
|
|
if (crypt_stat->extent_size == 0)
|
|
|
|
crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
|
2007-10-16 12:28:10 +04:00
|
|
|
rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,
|
|
|
|
ecryptfs_inode);
|
2009-09-17 04:04:20 +04:00
|
|
|
if (rc < 0) {
|
2007-10-16 12:28:10 +04:00
|
|
|
printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__, rc);
|
2007-02-12 11:53:46 +03:00
|
|
|
goto out;
|
2007-10-16 12:28:10 +04:00
|
|
|
}
|
|
|
|
if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {
|
2007-02-12 11:53:46 +03:00
|
|
|
rc = -EINVAL;
|
2009-09-17 04:04:20 +04:00
|
|
|
} else
|
|
|
|
rc = 0;
|
2007-02-12 11:53:46 +03:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-02-12 11:53:47 +03:00
|
|
|
void
|
|
|
|
ecryptfs_write_header_metadata(char *virt,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
size_t *written)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
u32 header_extent_size;
|
|
|
|
u16 num_header_extents_at_front;
|
|
|
|
|
2007-10-16 12:28:05 +04:00
|
|
|
header_extent_size = (u32)crypt_stat->extent_size;
|
2006-10-04 13:16:22 +04:00
|
|
|
num_header_extents_at_front =
|
2010-02-11 14:09:14 +03:00
|
|
|
(u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
|
2008-07-24 08:30:06 +04:00
|
|
|
put_unaligned_be32(header_extent_size, virt);
|
2006-10-04 13:16:22 +04:00
|
|
|
virt += 4;
|
2008-07-24 08:30:06 +04:00
|
|
|
put_unaligned_be16(num_header_extents_at_front, virt);
|
2006-10-04 13:16:22 +04:00
|
|
|
(*written) = 6;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct kmem_cache *ecryptfs_header_cache_1;
|
|
|
|
struct kmem_cache *ecryptfs_header_cache_2;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_write_headers_virt
|
2007-10-16 12:28:02 +04:00
|
|
|
* @page_virt: The virtual address to write the headers to
|
ecryptfs: fix memory corruption when storing crypto info in xattrs
When ecryptfs allocates space to write crypto headers into, before copying
it out to file headers or to xattrs, it looks at the value of
crypt_stat->num_header_bytes_at_front to determine how much space it
needs. This is also used as the file offset to the actual encrypted data,
so for xattr-stored crypto info, the value was zero.
So, we kzalloc'd 0 bytes, and then ran off to write to that memory.
(Which returned as ZERO_SIZE_PTR, so we explode quickly).
The right answer is to always allocate a page to write into; the current
code won't ever write more than that (this is enforced by the
(PAGE_CACHE_SIZE - offset) length in the call to
ecryptfs_generate_key_packet_set). To be explicit about this, we now send
in a "max" parameter, rather than magically using PAGE_CACHE_SIZE there.
Also, since the pointer we pass down the callchain eventually gets the
virt_to_page() treatment, we should be using a alloc_page variant, not
kzalloc (see also 7fcba054373d5dfc43d26e243a5c9b92069972ee)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-30 00:01:08 +03:00
|
|
|
* @max: The size of memory allocated at page_virt
|
2007-10-16 12:28:02 +04:00
|
|
|
* @size: Set to the number of bytes written by this function
|
|
|
|
* @crypt_stat: The cryptographic context
|
|
|
|
* @ecryptfs_dentry: The eCryptfs dentry
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Format version: 1
|
|
|
|
*
|
|
|
|
* Header Extent:
|
|
|
|
* Octets 0-7: Unencrypted file size (big-endian)
|
|
|
|
* Octets 8-15: eCryptfs special marker
|
|
|
|
* Octets 16-19: Flags
|
|
|
|
* Octet 16: File format version number (between 0 and 255)
|
|
|
|
* Octets 17-18: Reserved
|
|
|
|
* Octet 19: Bit 1 (lsb): Reserved
|
|
|
|
* Bit 2: Encrypted?
|
|
|
|
* Bits 3-8: Reserved
|
|
|
|
* Octets 20-23: Header extent size (big-endian)
|
|
|
|
* Octets 24-25: Number of header extents at front of file
|
|
|
|
* (big-endian)
|
|
|
|
* Octet 26: Begin RFC 2440 authentication token packet set
|
|
|
|
* Data Extent 0:
|
|
|
|
* Lower data (CBC encrypted)
|
|
|
|
* Data Extent 1:
|
|
|
|
* Lower data (CBC encrypted)
|
|
|
|
* ...
|
|
|
|
*
|
|
|
|
* Returns zero on success
|
|
|
|
*/
|
ecryptfs: fix memory corruption when storing crypto info in xattrs
When ecryptfs allocates space to write crypto headers into, before copying
it out to file headers or to xattrs, it looks at the value of
crypt_stat->num_header_bytes_at_front to determine how much space it
needs. This is also used as the file offset to the actual encrypted data,
so for xattr-stored crypto info, the value was zero.
So, we kzalloc'd 0 bytes, and then ran off to write to that memory.
(Which returned as ZERO_SIZE_PTR, so we explode quickly).
The right answer is to always allocate a page to write into; the current
code won't ever write more than that (this is enforced by the
(PAGE_CACHE_SIZE - offset) length in the call to
ecryptfs_generate_key_packet_set). To be explicit about this, we now send
in a "max" parameter, rather than magically using PAGE_CACHE_SIZE there.
Also, since the pointer we pass down the callchain eventually gets the
virt_to_page() treatment, we should be using a alloc_page variant, not
kzalloc (see also 7fcba054373d5dfc43d26e243a5c9b92069972ee)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-30 00:01:08 +03:00
|
|
|
static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
|
|
|
|
size_t *size,
|
2007-02-12 11:53:46 +03:00
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct dentry *ecryptfs_dentry)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
size_t written;
|
|
|
|
size_t offset;
|
|
|
|
|
|
|
|
offset = ECRYPTFS_FILE_SIZE_BYTES;
|
|
|
|
write_ecryptfs_marker((page_virt + offset), &written);
|
|
|
|
offset += written;
|
2010-02-11 09:02:32 +03:00
|
|
|
ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
|
|
|
|
&written);
|
2006-10-04 13:16:22 +04:00
|
|
|
offset += written;
|
2007-02-12 11:53:47 +03:00
|
|
|
ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
|
|
|
|
&written);
|
2006-10-04 13:16:22 +04:00
|
|
|
offset += written;
|
|
|
|
rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
|
|
|
|
ecryptfs_dentry, &written,
|
ecryptfs: fix memory corruption when storing crypto info in xattrs
When ecryptfs allocates space to write crypto headers into, before copying
it out to file headers or to xattrs, it looks at the value of
crypt_stat->num_header_bytes_at_front to determine how much space it
needs. This is also used as the file offset to the actual encrypted data,
so for xattr-stored crypto info, the value was zero.
So, we kzalloc'd 0 bytes, and then ran off to write to that memory.
(Which returned as ZERO_SIZE_PTR, so we explode quickly).
The right answer is to always allocate a page to write into; the current
code won't ever write more than that (this is enforced by the
(PAGE_CACHE_SIZE - offset) length in the call to
ecryptfs_generate_key_packet_set). To be explicit about this, we now send
in a "max" parameter, rather than magically using PAGE_CACHE_SIZE there.
Also, since the pointer we pass down the callchain eventually gets the
virt_to_page() treatment, we should be using a alloc_page variant, not
kzalloc (see also 7fcba054373d5dfc43d26e243a5c9b92069972ee)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-30 00:01:08 +03:00
|
|
|
max - offset);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc)
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Error generating key packet "
|
|
|
|
"set; rc = [%d]\n", rc);
|
2007-02-12 11:53:46 +03:00
|
|
|
if (size) {
|
|
|
|
offset += written;
|
|
|
|
*size = offset;
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-10-16 12:28:02 +04:00
|
|
|
static int
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
ecryptfs_write_metadata_to_contents(struct dentry *ecryptfs_dentry,
|
|
|
|
char *virt, size_t virt_len)
|
2007-02-12 11:53:46 +03:00
|
|
|
{
|
2007-10-16 12:28:10 +04:00
|
|
|
int rc;
|
2007-02-12 11:53:46 +03:00
|
|
|
|
2008-02-06 12:38:32 +03:00
|
|
|
rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt,
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
0, virt_len);
|
2009-09-17 04:04:20 +04:00
|
|
|
if (rc < 0)
|
2007-10-16 12:28:10 +04:00
|
|
|
printk(KERN_ERR "%s: Error attempting to write header "
|
2009-09-17 04:04:20 +04:00
|
|
|
"information to lower file; rc = [%d]\n", __func__, rc);
|
|
|
|
else
|
|
|
|
rc = 0;
|
2007-02-12 11:53:48 +03:00
|
|
|
return rc;
|
2007-02-12 11:53:46 +03:00
|
|
|
}
|
|
|
|
|
2007-10-16 12:28:02 +04:00
|
|
|
static int
|
|
|
|
ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
|
|
|
|
char *page_virt, size_t size)
|
2007-02-12 11:53:46 +03:00
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt,
|
|
|
|
size, 0);
|
2006-10-04 13:16:22 +04:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
|
|
|
|
unsigned int order)
|
|
|
|
{
|
|
|
|
struct page *page;
|
|
|
|
|
|
|
|
page = alloc_pages(gfp_mask | __GFP_ZERO, order);
|
|
|
|
if (page)
|
|
|
|
return (unsigned long) page_address(page);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
/**
|
2007-02-12 11:53:46 +03:00
|
|
|
* ecryptfs_write_metadata
|
2007-10-16 12:28:02 +04:00
|
|
|
* @ecryptfs_dentry: The eCryptfs dentry
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Write the file headers out. This will likely involve a userspace
|
|
|
|
* callout, in which the session key is encrypted with one or more
|
|
|
|
* public keys and/or the passphrase necessary to do the encryption is
|
|
|
|
* retrieved via a prompt. Exactly what happens at this point should
|
|
|
|
* be policy-dependent.
|
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero on error
|
|
|
|
*/
|
2007-10-16 12:28:10 +04:00
|
|
|
int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
2007-10-16 12:28:10 +04:00
|
|
|
struct ecryptfs_crypt_stat *crypt_stat =
|
|
|
|
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
unsigned int order;
|
2008-02-06 12:38:32 +03:00
|
|
|
char *virt;
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
size_t virt_len;
|
2007-10-16 12:28:10 +04:00
|
|
|
size_t size = 0;
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc = 0;
|
|
|
|
|
2007-02-12 11:53:49 +03:00
|
|
|
if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
|
|
|
|
if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
|
2007-10-16 12:28:10 +04:00
|
|
|
printk(KERN_ERR "Key is invalid; bailing out\n");
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
} else {
|
2008-02-06 12:38:32 +03:00
|
|
|
printk(KERN_WARNING "%s: Encrypted flag not set\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__);
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
2010-02-11 14:09:14 +03:00
|
|
|
virt_len = crypt_stat->metadata_size;
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
order = get_order(virt_len);
|
2006-10-04 13:16:22 +04:00
|
|
|
/* Released in this function */
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
|
2008-02-06 12:38:32 +03:00
|
|
|
if (!virt) {
|
2008-04-29 11:59:48 +04:00
|
|
|
printk(KERN_ERR "%s: Out of memory\n", __func__);
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
|
|
|
|
ecryptfs_dentry);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (unlikely(rc)) {
|
2008-02-06 12:38:32 +03:00
|
|
|
printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__, rc);
|
2006-10-04 13:16:22 +04:00
|
|
|
goto out_free;
|
|
|
|
}
|
2007-02-12 11:53:46 +03:00
|
|
|
if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt,
|
|
|
|
size);
|
2007-02-12 11:53:46 +03:00
|
|
|
else
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
rc = ecryptfs_write_metadata_to_contents(ecryptfs_dentry, virt,
|
|
|
|
virt_len);
|
2007-02-12 11:53:46 +03:00
|
|
|
if (rc) {
|
2008-02-06 12:38:32 +03:00
|
|
|
printk(KERN_ERR "%s: Error writing metadata out to lower file; "
|
2008-04-29 11:59:48 +04:00
|
|
|
"rc = [%d]\n", __func__, rc);
|
2007-02-12 11:53:46 +03:00
|
|
|
goto out_free;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
out_free:
|
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-20 09:25:09 +03:00
|
|
|
free_pages((unsigned long)virt, order);
|
2006-10-04 13:16:22 +04:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2007-02-12 11:53:46 +03:00
|
|
|
#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
|
|
|
|
#define ECRYPTFS_VALIDATE_HEADER_SIZE 1
|
2006-10-04 13:16:22 +04:00
|
|
|
static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
|
2007-02-12 11:53:46 +03:00
|
|
|
char *virt, int *bytes_read,
|
|
|
|
int validate_header_size)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
u32 header_extent_size;
|
|
|
|
u16 num_header_extents_at_front;
|
|
|
|
|
2008-07-24 08:30:06 +04:00
|
|
|
header_extent_size = get_unaligned_be32(virt);
|
|
|
|
virt += sizeof(__be32);
|
|
|
|
num_header_extents_at_front = get_unaligned_be16(virt);
|
2010-02-11 14:09:14 +03:00
|
|
|
crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
|
|
|
|
* (size_t)header_extent_size));
|
2008-07-24 08:30:06 +04:00
|
|
|
(*bytes_read) = (sizeof(__be32) + sizeof(__be16));
|
2007-02-12 11:53:46 +03:00
|
|
|
if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
|
2010-02-11 14:09:14 +03:00
|
|
|
&& (crypt_stat->metadata_size
|
2007-02-12 11:53:46 +03:00
|
|
|
< ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -EINVAL;
|
2008-02-06 12:38:32 +03:00
|
|
|
printk(KERN_WARNING "Invalid header size: [%zd]\n",
|
2010-02-11 14:09:14 +03:00
|
|
|
crypt_stat->metadata_size);
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* set_default_header_data
|
2007-10-16 12:28:02 +04:00
|
|
|
* @crypt_stat: The cryptographic context
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* For version 0 file format; this function is only for backwards
|
|
|
|
* compatibility for files created with the prior versions of
|
|
|
|
* eCryptfs.
|
|
|
|
*/
|
|
|
|
static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
|
|
|
|
{
|
2010-02-11 14:09:14 +03:00
|
|
|
crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_read_headers_virt
|
2007-10-16 12:28:02 +04:00
|
|
|
* @page_virt: The virtual address into which to read the headers
|
|
|
|
* @crypt_stat: The cryptographic context
|
|
|
|
* @ecryptfs_dentry: The eCryptfs dentry
|
|
|
|
* @validate_header_size: Whether to validate the header size while reading
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Read/parse the header data. The header format is detailed in the
|
|
|
|
* comment block for the ecryptfs_write_headers_virt() function.
|
|
|
|
*
|
|
|
|
* Returns zero on success
|
|
|
|
*/
|
|
|
|
static int ecryptfs_read_headers_virt(char *page_virt,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
2007-02-12 11:53:46 +03:00
|
|
|
struct dentry *ecryptfs_dentry,
|
|
|
|
int validate_header_size)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
int offset;
|
|
|
|
int bytes_read;
|
|
|
|
|
|
|
|
ecryptfs_set_default_sizes(crypt_stat);
|
|
|
|
crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
|
|
|
|
ecryptfs_dentry->d_sb)->mount_crypt_stat;
|
|
|
|
offset = ECRYPTFS_FILE_SIZE_BYTES;
|
|
|
|
rc = contains_ecryptfs_marker(page_virt + offset);
|
|
|
|
if (rc == 0) {
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
|
|
|
|
rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
|
|
|
|
&bytes_read);
|
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Error processing flags\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
|
|
|
|
ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
|
|
|
|
"file version [%d] is supported by this "
|
|
|
|
"version of eCryptfs\n",
|
|
|
|
crypt_stat->file_version,
|
|
|
|
ECRYPTFS_SUPPORTED_FILE_VERSION);
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
offset += bytes_read;
|
|
|
|
if (crypt_stat->file_version >= 1) {
|
|
|
|
rc = parse_header_metadata(crypt_stat, (page_virt + offset),
|
2007-02-12 11:53:46 +03:00
|
|
|
&bytes_read, validate_header_size);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
|
|
|
ecryptfs_printk(KERN_WARNING, "Error reading header "
|
|
|
|
"metadata; rc = [%d]\n", rc);
|
|
|
|
}
|
|
|
|
offset += bytes_read;
|
|
|
|
} else
|
|
|
|
set_default_header_data(crypt_stat);
|
|
|
|
rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
|
|
|
|
ecryptfs_dentry);
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2007-02-12 11:53:46 +03:00
|
|
|
* ecryptfs_read_xattr_region
|
2007-10-16 12:28:02 +04:00
|
|
|
* @page_virt: The vitual address into which to read the xattr data
|
2007-10-16 12:28:10 +04:00
|
|
|
* @ecryptfs_inode: The eCryptfs inode
|
2007-02-12 11:53:46 +03:00
|
|
|
*
|
|
|
|
* Attempts to read the crypto metadata from the extended attribute
|
|
|
|
* region of the lower file.
|
2007-10-16 12:28:02 +04:00
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero on error
|
2007-02-12 11:53:46 +03:00
|
|
|
*/
|
2007-10-16 12:28:10 +04:00
|
|
|
int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
|
2007-02-12 11:53:46 +03:00
|
|
|
{
|
2007-10-16 12:28:10 +04:00
|
|
|
struct dentry *lower_dentry =
|
|
|
|
ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry;
|
2007-02-12 11:53:46 +03:00
|
|
|
ssize_t size;
|
|
|
|
int rc = 0;
|
|
|
|
|
2007-10-16 12:28:10 +04:00
|
|
|
size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME,
|
|
|
|
page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
|
2007-02-12 11:53:46 +03:00
|
|
|
if (size < 0) {
|
2008-02-06 12:38:35 +03:00
|
|
|
if (unlikely(ecryptfs_verbosity > 0))
|
|
|
|
printk(KERN_INFO "Error attempting to read the [%s] "
|
|
|
|
"xattr from the lower file; return value = "
|
|
|
|
"[%zd]\n", ECRYPTFS_XATTR_NAME, size);
|
2007-02-12 11:53:46 +03:00
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
int ecryptfs_read_and_validate_xattr_region(char *page_virt,
|
|
|
|
struct dentry *ecryptfs_dentry)
|
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
2007-10-16 12:28:10 +04:00
|
|
|
rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode);
|
2007-02-12 11:53:46 +03:00
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) {
|
|
|
|
printk(KERN_WARNING "Valid data found in [%s] xattr, but "
|
|
|
|
"the marker is invalid\n", ECRYPTFS_XATTR_NAME);
|
|
|
|
rc = -EINVAL;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_read_metadata
|
|
|
|
*
|
|
|
|
* Common entry point for reading file metadata. From here, we could
|
|
|
|
* retrieve the header information from the header region of the file,
|
|
|
|
* the xattr region of the file, or some other repostory that is
|
|
|
|
* stored separately from the file itself. The current implementation
|
|
|
|
* supports retrieving the metadata information from the file contents
|
|
|
|
* and from the xattr region.
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Returns zero if valid headers found and parsed; non-zero otherwise
|
|
|
|
*/
|
2007-10-16 12:28:10 +04:00
|
|
|
int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
char *page_virt = NULL;
|
2007-10-16 12:28:10 +04:00
|
|
|
struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
|
2006-10-04 13:16:22 +04:00
|
|
|
struct ecryptfs_crypt_stat *crypt_stat =
|
2007-10-16 12:28:10 +04:00
|
|
|
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
|
2007-02-12 11:53:47 +03:00
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
|
|
|
|
&ecryptfs_superblock_to_private(
|
|
|
|
ecryptfs_dentry->d_sb)->mount_crypt_stat;
|
2006-10-04 13:16:22 +04:00
|
|
|
|
2007-02-12 11:53:47 +03:00
|
|
|
ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
|
|
|
|
mount_crypt_stat);
|
2006-10-04 13:16:22 +04:00
|
|
|
/* Read the first page from the underlying file */
|
2006-12-07 07:33:15 +03:00
|
|
|
page_virt = kmem_cache_alloc(ecryptfs_header_cache_1, GFP_USER);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (!page_virt) {
|
|
|
|
rc = -ENOMEM;
|
2007-10-16 12:28:10 +04:00
|
|
|
printk(KERN_ERR "%s: Unable to allocate page_virt\n",
|
2008-04-29 11:59:48 +04:00
|
|
|
__func__);
|
2006-10-04 13:16:22 +04:00
|
|
|
goto out;
|
|
|
|
}
|
2007-10-16 12:28:10 +04:00
|
|
|
rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
|
|
|
|
ecryptfs_inode);
|
2009-09-17 04:04:20 +04:00
|
|
|
if (rc >= 0)
|
2007-10-16 12:28:10 +04:00
|
|
|
rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
|
|
|
|
ecryptfs_dentry,
|
|
|
|
ECRYPTFS_VALIDATE_HEADER_SIZE);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
2010-02-11 08:17:44 +03:00
|
|
|
memset(page_virt, 0, PAGE_CACHE_SIZE);
|
2007-10-16 12:28:10 +04:00
|
|
|
rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
|
2007-02-12 11:53:46 +03:00
|
|
|
if (rc) {
|
|
|
|
printk(KERN_DEBUG "Valid eCryptfs headers not found in "
|
|
|
|
"file header region or xattr region\n");
|
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
|
|
|
|
ecryptfs_dentry,
|
|
|
|
ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_DEBUG "Valid eCryptfs headers not found in "
|
|
|
|
"file xattr region either\n");
|
|
|
|
rc = -EINVAL;
|
|
|
|
}
|
|
|
|
if (crypt_stat->mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_XATTR_METADATA_ENABLED) {
|
|
|
|
crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
|
|
|
|
} else {
|
|
|
|
printk(KERN_WARNING "Attempt to access file with "
|
|
|
|
"crypto metadata only in the extended attribute "
|
|
|
|
"region, but eCryptfs was mounted without "
|
|
|
|
"xattr support enabled. eCryptfs will not treat "
|
|
|
|
"this like an encrypted file.\n");
|
|
|
|
rc = -EINVAL;
|
|
|
|
}
|
2006-10-04 13:16:22 +04:00
|
|
|
}
|
|
|
|
out:
|
|
|
|
if (page_virt) {
|
|
|
|
memset(page_virt, 0, PAGE_CACHE_SIZE);
|
|
|
|
kmem_cache_free(ecryptfs_header_cache_1, page_virt);
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2009-01-07 01:41:59 +03:00
|
|
|
/**
|
|
|
|
* ecryptfs_encrypt_filename - encrypt filename
|
|
|
|
*
|
|
|
|
* CBC-encrypts the filename. We do not want to encrypt the same
|
|
|
|
* filename with the same key and IV, which may happen with hard
|
|
|
|
* links, so we prepend random bits to each filename.
|
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero otherwise
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
filename->encrypted_filename = NULL;
|
|
|
|
filename->encrypted_filename_size = 0;
|
|
|
|
if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
|
|
|
|
|| (mount_crypt_stat && (mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
|
|
|
|
size_t packet_size;
|
|
|
|
size_t remaining_bytes;
|
|
|
|
|
|
|
|
rc = ecryptfs_write_tag_70_packet(
|
|
|
|
NULL, NULL,
|
|
|
|
&filename->encrypted_filename_size,
|
|
|
|
mount_crypt_stat, NULL,
|
|
|
|
filename->filename_size);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "%s: Error attempting to get packet "
|
|
|
|
"size for tag 72; rc = [%d]\n", __func__,
|
|
|
|
rc);
|
|
|
|
filename->encrypted_filename_size = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
filename->encrypted_filename =
|
|
|
|
kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
|
|
|
|
if (!filename->encrypted_filename) {
|
|
|
|
printk(KERN_ERR "%s: Out of memory whilst attempting "
|
2009-01-07 01:42:02 +03:00
|
|
|
"to kmalloc [%zd] bytes\n", __func__,
|
2009-01-07 01:41:59 +03:00
|
|
|
filename->encrypted_filename_size);
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
remaining_bytes = filename->encrypted_filename_size;
|
|
|
|
rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename,
|
|
|
|
&remaining_bytes,
|
|
|
|
&packet_size,
|
|
|
|
mount_crypt_stat,
|
|
|
|
filename->filename,
|
|
|
|
filename->filename_size);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "%s: Error attempting to generate "
|
|
|
|
"tag 70 packet; rc = [%d]\n", __func__,
|
|
|
|
rc);
|
|
|
|
kfree(filename->encrypted_filename);
|
|
|
|
filename->encrypted_filename = NULL;
|
|
|
|
filename->encrypted_filename_size = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
filename->encrypted_filename_size = packet_size;
|
|
|
|
} else {
|
|
|
|
printk(KERN_ERR "%s: No support for requested filename "
|
|
|
|
"encryption method in this release\n", __func__);
|
2009-08-21 13:27:46 +04:00
|
|
|
rc = -EOPNOTSUPP;
|
2009-01-07 01:41:59 +03:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
|
|
|
|
const char *name, size_t name_size)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
2009-02-07 03:06:51 +03:00
|
|
|
(*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
|
2009-01-07 01:41:59 +03:00
|
|
|
if (!(*copied_name)) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
memcpy((void *)(*copied_name), (void *)name, name_size);
|
|
|
|
(*copied_name)[(name_size)] = '\0'; /* Only for convenience
|
|
|
|
* in printing out the
|
|
|
|
* string in debug
|
|
|
|
* messages */
|
2009-02-07 03:06:51 +03:00
|
|
|
(*copied_name_size) = name_size;
|
2009-01-07 01:41:59 +03:00
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2006-10-04 13:16:22 +04:00
|
|
|
/**
|
2007-10-16 12:27:53 +04:00
|
|
|
* ecryptfs_process_key_cipher - Perform key cipher initialization.
|
2006-10-04 13:16:22 +04:00
|
|
|
* @key_tfm: Crypto context for key material, set by this function
|
2006-10-31 09:07:16 +03:00
|
|
|
* @cipher_name: Name of the cipher
|
|
|
|
* @key_size: Size of the key in bytes
|
2006-10-04 13:16:22 +04:00
|
|
|
*
|
|
|
|
* Returns zero on success. Any crypto_tfm structs allocated here
|
|
|
|
* should be released by other functions, such as on a superblock put
|
|
|
|
* event, regardless of whether this function succeeds for fails.
|
|
|
|
*/
|
2007-10-16 12:28:04 +04:00
|
|
|
static int
|
2007-10-16 12:27:53 +04:00
|
|
|
ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
|
|
|
|
char *cipher_name, size_t *key_size)
|
2006-10-04 13:16:22 +04:00
|
|
|
{
|
|
|
|
char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
|
2010-01-19 12:34:32 +03:00
|
|
|
char *full_alg_name = NULL;
|
2006-10-04 13:16:22 +04:00
|
|
|
int rc;
|
|
|
|
|
2006-10-31 09:07:16 +03:00
|
|
|
*key_tfm = NULL;
|
|
|
|
if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -EINVAL;
|
2009-01-07 01:42:02 +03:00
|
|
|
printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
|
2006-10-31 09:07:16 +03:00
|
|
|
"allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
|
2006-10-04 13:16:22 +04:00
|
|
|
goto out;
|
|
|
|
}
|
2006-10-31 09:07:18 +03:00
|
|
|
rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
|
|
|
|
"ecb");
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
|
|
|
|
if (IS_ERR(*key_tfm)) {
|
|
|
|
rc = PTR_ERR(*key_tfm);
|
2006-10-04 13:16:22 +04:00
|
|
|
printk(KERN_ERR "Unable to allocate crypto cipher with name "
|
2009-08-27 20:47:07 +04:00
|
|
|
"[%s]; rc = [%d]\n", full_alg_name, rc);
|
2006-10-04 13:16:22 +04:00
|
|
|
goto out;
|
|
|
|
}
|
2006-10-31 09:07:18 +03:00
|
|
|
crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
|
|
|
|
if (*key_size == 0) {
|
|
|
|
struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm);
|
|
|
|
|
|
|
|
*key_size = alg->max_keysize;
|
|
|
|
}
|
2006-10-31 09:07:16 +03:00
|
|
|
get_random_bytes(dummy_key, *key_size);
|
2006-10-31 09:07:18 +03:00
|
|
|
rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
|
2006-10-04 13:16:22 +04:00
|
|
|
if (rc) {
|
2009-01-07 01:42:02 +03:00
|
|
|
printk(KERN_ERR "Error attempting to set key of size [%zd] for "
|
2009-08-27 20:47:07 +04:00
|
|
|
"cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
|
|
|
|
rc);
|
2006-10-04 13:16:22 +04:00
|
|
|
rc = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
out:
|
2010-01-19 12:34:32 +03:00
|
|
|
kfree(full_alg_name);
|
2006-10-04 13:16:22 +04:00
|
|
|
return rc;
|
|
|
|
}
|
2007-10-16 12:27:53 +04:00
|
|
|
|
|
|
|
struct kmem_cache *ecryptfs_key_tfm_cache;
|
2008-02-06 12:38:32 +03:00
|
|
|
static struct list_head key_tfm_list;
|
2008-02-06 12:38:37 +03:00
|
|
|
struct mutex key_tfm_list_mutex;
|
2007-10-16 12:27:53 +04:00
|
|
|
|
|
|
|
int ecryptfs_init_crypto(void)
|
|
|
|
{
|
|
|
|
mutex_init(&key_tfm_list_mutex);
|
|
|
|
INIT_LIST_HEAD(&key_tfm_list);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-02-06 12:38:37 +03:00
|
|
|
/**
|
|
|
|
* ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
|
|
|
|
*
|
|
|
|
* Called only at module unload time
|
|
|
|
*/
|
2007-10-16 12:28:01 +04:00
|
|
|
int ecryptfs_destroy_crypto(void)
|
2007-10-16 12:27:53 +04:00
|
|
|
{
|
|
|
|
struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;
|
|
|
|
|
|
|
|
mutex_lock(&key_tfm_list_mutex);
|
|
|
|
list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
|
|
|
|
key_tfm_list) {
|
|
|
|
list_del(&key_tfm->key_tfm_list);
|
|
|
|
if (key_tfm->key_tfm)
|
|
|
|
crypto_free_blkcipher(key_tfm->key_tfm);
|
|
|
|
kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
|
|
|
|
}
|
|
|
|
mutex_unlock(&key_tfm_list_mutex);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
|
|
|
|
size_t key_size)
|
|
|
|
{
|
|
|
|
struct ecryptfs_key_tfm *tmp_tfm;
|
|
|
|
int rc = 0;
|
|
|
|
|
2008-02-06 12:38:37 +03:00
|
|
|
BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
|
|
|
|
|
2007-10-16 12:27:53 +04:00
|
|
|
tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
|
|
|
|
if (key_tfm != NULL)
|
|
|
|
(*key_tfm) = tmp_tfm;
|
|
|
|
if (!tmp_tfm) {
|
|
|
|
rc = -ENOMEM;
|
|
|
|
printk(KERN_ERR "Error attempting to allocate from "
|
|
|
|
"ecryptfs_key_tfm_cache\n");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
mutex_init(&tmp_tfm->key_tfm_mutex);
|
|
|
|
strncpy(tmp_tfm->cipher_name, cipher_name,
|
|
|
|
ECRYPTFS_MAX_CIPHER_NAME_SIZE);
|
2007-12-23 01:03:24 +03:00
|
|
|
tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
|
2007-10-16 12:27:53 +04:00
|
|
|
tmp_tfm->key_size = key_size;
|
2007-10-16 12:28:06 +04:00
|
|
|
rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
|
|
|
|
tmp_tfm->cipher_name,
|
|
|
|
&tmp_tfm->key_size);
|
|
|
|
if (rc) {
|
2007-10-16 12:27:53 +04:00
|
|
|
printk(KERN_ERR "Error attempting to initialize key TFM "
|
|
|
|
"cipher with name = [%s]; rc = [%d]\n",
|
|
|
|
tmp_tfm->cipher_name, rc);
|
|
|
|
kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
|
|
|
|
if (key_tfm != NULL)
|
|
|
|
(*key_tfm) = NULL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2008-02-06 12:38:37 +03:00
|
|
|
/**
|
|
|
|
* ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
|
|
|
|
* @cipher_name: the name of the cipher to search for
|
|
|
|
* @key_tfm: set to corresponding tfm if found
|
|
|
|
*
|
|
|
|
* Searches for cached key_tfm matching @cipher_name
|
|
|
|
* Must be called with &key_tfm_list_mutex held
|
|
|
|
* Returns 1 if found, with @key_tfm set
|
|
|
|
* Returns 0 if not found, with @key_tfm set to NULL
|
|
|
|
*/
|
|
|
|
int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
|
|
|
|
{
|
|
|
|
struct ecryptfs_key_tfm *tmp_key_tfm;
|
|
|
|
|
|
|
|
BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
|
|
|
|
|
|
|
|
list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
|
|
|
|
if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
|
|
|
|
if (key_tfm)
|
|
|
|
(*key_tfm) = tmp_key_tfm;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (key_tfm)
|
|
|
|
(*key_tfm) = NULL;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_get_tfm_and_mutex_for_cipher_name
|
|
|
|
*
|
|
|
|
* @tfm: set to cached tfm found, or new tfm created
|
|
|
|
* @tfm_mutex: set to mutex for cached tfm found, or new tfm created
|
|
|
|
* @cipher_name: the name of the cipher to search for and/or add
|
|
|
|
*
|
|
|
|
* Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
|
|
|
|
* Searches for cached item first, and creates new if not found.
|
|
|
|
* Returns 0 on success, non-zero if adding new cipher failed
|
|
|
|
*/
|
2007-10-16 12:27:53 +04:00
|
|
|
int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
|
|
|
|
struct mutex **tfm_mutex,
|
|
|
|
char *cipher_name)
|
|
|
|
{
|
|
|
|
struct ecryptfs_key_tfm *key_tfm;
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
(*tfm) = NULL;
|
|
|
|
(*tfm_mutex) = NULL;
|
2008-02-06 12:38:37 +03:00
|
|
|
|
2007-10-16 12:27:53 +04:00
|
|
|
mutex_lock(&key_tfm_list_mutex);
|
2008-02-06 12:38:37 +03:00
|
|
|
if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
|
|
|
|
rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "Error adding new key_tfm to list; "
|
|
|
|
"rc = [%d]\n", rc);
|
2007-10-16 12:27:53 +04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(*tfm) = key_tfm->key_tfm;
|
|
|
|
(*tfm_mutex) = &key_tfm->key_tfm_mutex;
|
|
|
|
out:
|
2008-05-24 00:04:20 +04:00
|
|
|
mutex_unlock(&key_tfm_list_mutex);
|
2007-10-16 12:27:53 +04:00
|
|
|
return rc;
|
|
|
|
}
|
2009-01-07 01:41:59 +03:00
|
|
|
|
|
|
|
/* 64 characters forming a 6-bit target field */
|
|
|
|
static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
|
|
|
|
"EFGHIJKLMNOPQRST"
|
|
|
|
"UVWXYZabcdefghij"
|
|
|
|
"klmnopqrstuvwxyz");
|
|
|
|
|
|
|
|
/* We could either offset on every reverse map or just pad some 0x00's
|
|
|
|
* at the front here */
|
2009-01-07 01:42:05 +03:00
|
|
|
static const unsigned char filename_rev_map[] = {
|
2009-01-07 01:41:59 +03:00
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
|
|
|
|
0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
|
|
|
|
0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
|
|
|
|
0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
|
|
|
|
0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
|
|
|
|
0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
|
|
|
|
0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
|
|
|
|
0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
|
|
|
|
0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
|
|
|
|
0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
|
|
|
|
0x3D, 0x3E, 0x3F
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_encode_for_filename
|
|
|
|
* @dst: Destination location for encoded filename
|
|
|
|
* @dst_size: Size of the encoded filename in bytes
|
|
|
|
* @src: Source location for the filename to encode
|
|
|
|
* @src_size: Size of the source in bytes
|
|
|
|
*/
|
|
|
|
void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size,
|
|
|
|
unsigned char *src, size_t src_size)
|
|
|
|
{
|
|
|
|
size_t num_blocks;
|
|
|
|
size_t block_num = 0;
|
|
|
|
size_t dst_offset = 0;
|
|
|
|
unsigned char last_block[3];
|
|
|
|
|
|
|
|
if (src_size == 0) {
|
|
|
|
(*dst_size) = 0;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
num_blocks = (src_size / 3);
|
|
|
|
if ((src_size % 3) == 0) {
|
|
|
|
memcpy(last_block, (&src[src_size - 3]), 3);
|
|
|
|
} else {
|
|
|
|
num_blocks++;
|
|
|
|
last_block[2] = 0x00;
|
|
|
|
switch (src_size % 3) {
|
|
|
|
case 1:
|
|
|
|
last_block[0] = src[src_size - 1];
|
|
|
|
last_block[1] = 0x00;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
last_block[0] = src[src_size - 2];
|
|
|
|
last_block[1] = src[src_size - 1];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
(*dst_size) = (num_blocks * 4);
|
|
|
|
if (!dst)
|
|
|
|
goto out;
|
|
|
|
while (block_num < num_blocks) {
|
|
|
|
unsigned char *src_block;
|
|
|
|
unsigned char dst_block[4];
|
|
|
|
|
|
|
|
if (block_num == (num_blocks - 1))
|
|
|
|
src_block = last_block;
|
|
|
|
else
|
|
|
|
src_block = &src[block_num * 3];
|
|
|
|
dst_block[0] = ((src_block[0] >> 2) & 0x3F);
|
|
|
|
dst_block[1] = (((src_block[0] << 4) & 0x30)
|
|
|
|
| ((src_block[1] >> 4) & 0x0F));
|
|
|
|
dst_block[2] = (((src_block[1] << 2) & 0x3C)
|
|
|
|
| ((src_block[2] >> 6) & 0x03));
|
|
|
|
dst_block[3] = (src_block[2] & 0x3F);
|
|
|
|
dst[dst_offset++] = portable_filename_chars[dst_block[0]];
|
|
|
|
dst[dst_offset++] = portable_filename_chars[dst_block[1]];
|
|
|
|
dst[dst_offset++] = portable_filename_chars[dst_block[2]];
|
|
|
|
dst[dst_offset++] = portable_filename_chars[dst_block[3]];
|
|
|
|
block_num++;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-01-07 01:42:05 +03:00
|
|
|
/**
|
|
|
|
* ecryptfs_decode_from_filename
|
|
|
|
* @dst: If NULL, this function only sets @dst_size and returns. If
|
|
|
|
* non-NULL, this function decodes the encoded octets in @src
|
|
|
|
* into the memory that @dst points to.
|
|
|
|
* @dst_size: Set to the size of the decoded string.
|
|
|
|
* @src: The encoded set of octets to decode.
|
|
|
|
* @src_size: The size of the encoded set of octets to decode.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
|
|
|
|
const unsigned char *src, size_t src_size)
|
2009-01-07 01:41:59 +03:00
|
|
|
{
|
|
|
|
u8 current_bit_offset = 0;
|
|
|
|
size_t src_byte_offset = 0;
|
|
|
|
size_t dst_byte_offset = 0;
|
|
|
|
|
|
|
|
if (dst == NULL) {
|
2009-01-07 01:42:05 +03:00
|
|
|
/* Not exact; conservatively long. Every block of 4
|
|
|
|
* encoded characters decodes into a block of 3
|
|
|
|
* decoded characters. This segment of code provides
|
|
|
|
* the caller with the maximum amount of allocated
|
|
|
|
* space that @dst will need to point to in a
|
|
|
|
* subsequent call. */
|
2009-01-07 01:41:59 +03:00
|
|
|
(*dst_size) = (((src_size + 1) * 3) / 4);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
while (src_byte_offset < src_size) {
|
|
|
|
unsigned char src_byte =
|
|
|
|
filename_rev_map[(int)src[src_byte_offset]];
|
|
|
|
|
|
|
|
switch (current_bit_offset) {
|
|
|
|
case 0:
|
|
|
|
dst[dst_byte_offset] = (src_byte << 2);
|
|
|
|
current_bit_offset = 6;
|
|
|
|
break;
|
|
|
|
case 6:
|
|
|
|
dst[dst_byte_offset++] |= (src_byte >> 4);
|
|
|
|
dst[dst_byte_offset] = ((src_byte & 0xF)
|
|
|
|
<< 4);
|
|
|
|
current_bit_offset = 4;
|
|
|
|
break;
|
|
|
|
case 4:
|
|
|
|
dst[dst_byte_offset++] |= (src_byte >> 2);
|
|
|
|
dst[dst_byte_offset] = (src_byte << 6);
|
|
|
|
current_bit_offset = 2;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
dst[dst_byte_offset++] |= (src_byte);
|
|
|
|
dst[dst_byte_offset] = 0;
|
|
|
|
current_bit_offset = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
src_byte_offset++;
|
|
|
|
}
|
|
|
|
(*dst_size) = dst_byte_offset;
|
|
|
|
out:
|
2009-01-07 01:42:05 +03:00
|
|
|
return;
|
2009-01-07 01:41:59 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text
|
|
|
|
* @crypt_stat: The crypt_stat struct associated with the file anem to encode
|
|
|
|
* @name: The plaintext name
|
|
|
|
* @length: The length of the plaintext
|
|
|
|
* @encoded_name: The encypted name
|
|
|
|
*
|
|
|
|
* Encrypts and encodes a filename into something that constitutes a
|
|
|
|
* valid filename for a filesystem, with printable characters.
|
|
|
|
*
|
|
|
|
* We assume that we have a properly initialized crypto context,
|
|
|
|
* pointed to by crypt_stat->tfm.
|
|
|
|
*
|
|
|
|
* Returns zero on success; non-zero on otherwise
|
|
|
|
*/
|
|
|
|
int ecryptfs_encrypt_and_encode_filename(
|
|
|
|
char **encoded_name,
|
|
|
|
size_t *encoded_name_size,
|
|
|
|
struct ecryptfs_crypt_stat *crypt_stat,
|
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
|
|
|
|
const char *name, size_t name_size)
|
|
|
|
{
|
|
|
|
size_t encoded_name_no_prefix_size;
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
(*encoded_name) = NULL;
|
|
|
|
(*encoded_name_size) = 0;
|
|
|
|
if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
|
|
|
|
|| (mount_crypt_stat && (mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) {
|
|
|
|
struct ecryptfs_filename *filename;
|
|
|
|
|
|
|
|
filename = kzalloc(sizeof(*filename), GFP_KERNEL);
|
|
|
|
if (!filename) {
|
|
|
|
printk(KERN_ERR "%s: Out of memory whilst attempting "
|
2009-01-07 01:42:03 +03:00
|
|
|
"to kzalloc [%zd] bytes\n", __func__,
|
2009-01-07 01:41:59 +03:00
|
|
|
sizeof(*filename));
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
filename->filename = (char *)name;
|
|
|
|
filename->filename_size = name_size;
|
|
|
|
rc = ecryptfs_encrypt_filename(filename, crypt_stat,
|
|
|
|
mount_crypt_stat);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "%s: Error attempting to encrypt "
|
|
|
|
"filename; rc = [%d]\n", __func__, rc);
|
|
|
|
kfree(filename);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
ecryptfs_encode_for_filename(
|
|
|
|
NULL, &encoded_name_no_prefix_size,
|
|
|
|
filename->encrypted_filename,
|
|
|
|
filename->encrypted_filename_size);
|
|
|
|
if ((crypt_stat && (crypt_stat->flags
|
|
|
|
& ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
|
|
|
|
|| (mount_crypt_stat
|
|
|
|
&& (mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)))
|
|
|
|
(*encoded_name_size) =
|
|
|
|
(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
|
|
|
|
+ encoded_name_no_prefix_size);
|
|
|
|
else
|
|
|
|
(*encoded_name_size) =
|
|
|
|
(ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE
|
|
|
|
+ encoded_name_no_prefix_size);
|
|
|
|
(*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
|
|
|
|
if (!(*encoded_name)) {
|
|
|
|
printk(KERN_ERR "%s: Out of memory whilst attempting "
|
2009-01-07 01:42:03 +03:00
|
|
|
"to kzalloc [%zd] bytes\n", __func__,
|
2009-01-07 01:41:59 +03:00
|
|
|
(*encoded_name_size));
|
|
|
|
rc = -ENOMEM;
|
|
|
|
kfree(filename->encrypted_filename);
|
|
|
|
kfree(filename);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if ((crypt_stat && (crypt_stat->flags
|
|
|
|
& ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
|
|
|
|
|| (mount_crypt_stat
|
|
|
|
&& (mount_crypt_stat->flags
|
|
|
|
& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
|
|
|
|
memcpy((*encoded_name),
|
|
|
|
ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
|
|
|
|
ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
|
|
|
|
ecryptfs_encode_for_filename(
|
|
|
|
((*encoded_name)
|
|
|
|
+ ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE),
|
|
|
|
&encoded_name_no_prefix_size,
|
|
|
|
filename->encrypted_filename,
|
|
|
|
filename->encrypted_filename_size);
|
|
|
|
(*encoded_name_size) =
|
|
|
|
(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
|
|
|
|
+ encoded_name_no_prefix_size);
|
|
|
|
(*encoded_name)[(*encoded_name_size)] = '\0';
|
|
|
|
(*encoded_name_size)++;
|
|
|
|
} else {
|
2009-08-21 13:27:46 +04:00
|
|
|
rc = -EOPNOTSUPP;
|
2009-01-07 01:41:59 +03:00
|
|
|
}
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_ERR "%s: Error attempting to encode "
|
|
|
|
"encrypted filename; rc = [%d]\n", __func__,
|
|
|
|
rc);
|
|
|
|
kfree((*encoded_name));
|
|
|
|
(*encoded_name) = NULL;
|
|
|
|
(*encoded_name_size) = 0;
|
|
|
|
}
|
|
|
|
kfree(filename->encrypted_filename);
|
|
|
|
kfree(filename);
|
|
|
|
} else {
|
|
|
|
rc = ecryptfs_copy_filename(encoded_name,
|
|
|
|
encoded_name_size,
|
|
|
|
name, name_size);
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
|
|
|
|
* @plaintext_name: The plaintext name
|
|
|
|
* @plaintext_name_size: The plaintext name size
|
|
|
|
* @ecryptfs_dir_dentry: eCryptfs directory dentry
|
|
|
|
* @name: The filename in cipher text
|
|
|
|
* @name_size: The cipher text name size
|
|
|
|
*
|
|
|
|
* Decrypts and decodes the filename.
|
|
|
|
*
|
|
|
|
* Returns zero on error; non-zero otherwise
|
|
|
|
*/
|
|
|
|
int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
|
|
|
|
size_t *plaintext_name_size,
|
|
|
|
struct dentry *ecryptfs_dir_dentry,
|
|
|
|
const char *name, size_t name_size)
|
|
|
|
{
|
2009-03-20 10:23:57 +03:00
|
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
|
|
|
|
&ecryptfs_superblock_to_private(
|
|
|
|
ecryptfs_dir_dentry->d_sb)->mount_crypt_stat;
|
2009-01-07 01:41:59 +03:00
|
|
|
char *decoded_name;
|
|
|
|
size_t decoded_name_size;
|
|
|
|
size_t packet_size;
|
|
|
|
int rc = 0;
|
|
|
|
|
2009-03-20 10:23:57 +03:00
|
|
|
if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
|
|
|
|
&& !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
|
|
|
|
&& (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
|
2009-01-07 01:41:59 +03:00
|
|
|
&& (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
|
|
|
|
ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) {
|
|
|
|
const char *orig_name = name;
|
|
|
|
size_t orig_name_size = name_size;
|
|
|
|
|
|
|
|
name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
|
|
|
|
name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
|
2009-01-07 01:42:05 +03:00
|
|
|
ecryptfs_decode_from_filename(NULL, &decoded_name_size,
|
|
|
|
name, name_size);
|
2009-01-07 01:41:59 +03:00
|
|
|
decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
|
|
|
|
if (!decoded_name) {
|
|
|
|
printk(KERN_ERR "%s: Out of memory whilst attempting "
|
2009-01-07 01:42:02 +03:00
|
|
|
"to kmalloc [%zd] bytes\n", __func__,
|
2009-01-07 01:41:59 +03:00
|
|
|
decoded_name_size);
|
|
|
|
rc = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
2009-01-07 01:42:05 +03:00
|
|
|
ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
|
|
|
|
name, name_size);
|
2009-01-07 01:41:59 +03:00
|
|
|
rc = ecryptfs_parse_tag_70_packet(plaintext_name,
|
|
|
|
plaintext_name_size,
|
|
|
|
&packet_size,
|
|
|
|
mount_crypt_stat,
|
|
|
|
decoded_name,
|
|
|
|
decoded_name_size);
|
|
|
|
if (rc) {
|
|
|
|
printk(KERN_INFO "%s: Could not parse tag 70 packet "
|
|
|
|
"from filename; copying through filename "
|
|
|
|
"as-is\n", __func__);
|
|
|
|
rc = ecryptfs_copy_filename(plaintext_name,
|
|
|
|
plaintext_name_size,
|
|
|
|
orig_name, orig_name_size);
|
|
|
|
goto out_free;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
rc = ecryptfs_copy_filename(plaintext_name,
|
|
|
|
plaintext_name_size,
|
|
|
|
name, name_size);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
out_free:
|
|
|
|
kfree(decoded_name);
|
|
|
|
out:
|
|
|
|
return rc;
|
|
|
|
}
|