Blame - fs/ecryptfs/crypto.c - kernel/hikey-linaro

blob: e2832bc7869a2ed357ff85763f4ed811af29592e [file] [log] [blame]

Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1	/**
				2	* eCryptfs: Linux filesystem encryption layer
				3	*
				4	* Copyright (C) 1997-2004 Erez Zadok
				5	* Copyright (C) 2001-2004 Stony Brook University
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	6	* Copyright (C) 2004-2007 International Business Machines Corp.
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	7	* Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
				8	* Michael C. Thompson <mcthomps@us.ibm.com>
				9	*
				10	* This program is free software; you can redistribute it and/or
				11	* modify it under the terms of the GNU General Public License as
				12	* published by the Free Software Foundation; either version 2 of the
				13	* License, or (at your option) any later version.
				14	*
				15	* This program is distributed in the hope that it will be useful, but
				16	* WITHOUT ANY WARRANTY; without even the implied warranty of
				17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
				18	* General Public License for more details.
				19	*
				20	* You should have received a copy of the GNU General Public License
				21	* along with this program; if not, write to the Free Software
				22	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
				23	* 02111-1307, USA.
				24	*/
				25
				26	#include <linux/fs.h>
				27	#include <linux/mount.h>
				28	#include <linux/pagemap.h>
				29	#include <linux/random.h>
				30	#include <linux/compiler.h>
				31	#include <linux/key.h>
				32	#include <linux/namei.h>
				33	#include <linux/crypto.h>
				34	#include <linux/file.h>
				35	#include <linux/scatterlist.h>
				36	#include "ecryptfs_kernel.h"
				37
				38	static int
				39	ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				40	struct page *dst_page, int dst_offset,
				41	struct page *src_page, int src_offset, int size,
				42	unsigned char *iv);
				43	static int
				44	ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				45	struct page *dst_page, int dst_offset,
				46	struct page *src_page, int src_offset, int size,
				47	unsigned char *iv);
				48
				49	/**
				50	* ecryptfs_to_hex
				51	* @dst: Buffer to take hex character representation of contents of
				52	* src; must be at least of size (src_size * 2)
				53	* @src: Buffer to be converted to a hex string respresentation
				54	* @src_size: number of bytes to convert
				55	*/
				56	void ecryptfs_to_hex(char dst, char src, size_t src_size)
				57	{
				58	int x;
				59
				60	for (x = 0; x < src_size; x++)
				61	sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);
				62	}
				63
				64	/**
				65	* ecryptfs_from_hex
				66	* @dst: Buffer to take the bytes from src hex; must be at least of
				67	* size (src_size / 2)
				68	* @src: Buffer to be converted from a hex string respresentation to raw value
				69	* @dst_size: size of dst buffer, or number of hex characters pairs to convert
				70	*/
				71	void ecryptfs_from_hex(char dst, char src, int dst_size)
				72	{
				73	int x;
				74	char tmp[3] = { 0, };
				75
				76	for (x = 0; x < dst_size; x++) {
				77	tmp[0] = src[x * 2];
				78	tmp[1] = src[x * 2 + 1];
				79	dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
				80	}
				81	}
				82
				83	/**
				84	* ecryptfs_calculate_md5 - calculates the md5 of @src
				85	* @dst: Pointer to 16 bytes of allocated memory
				86	* @crypt_stat: Pointer to crypt_stat struct for the current inode
				87	* @src: Data to be md5'd
				88	* @len: Length of @src
				89	*
				90	* Uses the allocated crypto context that crypt_stat references to
				91	* generate the MD5 sum of the contents of src.
				92	*/
				93	static int ecryptfs_calculate_md5(char *dst,
				94	struct ecryptfs_crypt_stat *crypt_stat,
				95	char *src, int len)
				96	{
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	97	struct scatterlist sg;
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	98	struct hash_desc desc = {
				99	.tfm = crypt_stat->hash_tfm,
				100	.flags = CRYPTO_TFM_REQ_MAY_SLEEP
				101	};
				102	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	103
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	104	mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	105	sg_init_one(&sg, (u8 *)src, len);
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	106	if (!desc.tfm) {
				107	desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
				108	CRYPTO_ALG_ASYNC);
				109	if (IS_ERR(desc.tfm)) {
				110	rc = PTR_ERR(desc.tfm);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	111	ecryptfs_printk(KERN_ERR, "Error attempting to "
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	112	"allocate crypto context; rc = [%d]\n",
				113	rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	114	goto out;
				115	}
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	116	crypt_stat->hash_tfm = desc.tfm;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	117	}
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	118	rc = crypto_hash_init(&desc);
				119	if (rc) {
				120	printk(KERN_ERR
				121	"%s: Error initializing crypto hash; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	122	__func__, rc);
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	123	goto out;
				124	}
				125	rc = crypto_hash_update(&desc, &sg, len);
				126	if (rc) {
				127	printk(KERN_ERR
				128	"%s: Error updating crypto hash; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	129	__func__, rc);
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	130	goto out;
				131	}
				132	rc = crypto_hash_final(&desc, dst);
				133	if (rc) {
				134	printk(KERN_ERR
				135	"%s: Error finalizing crypto hash; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	136	__func__, rc);
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	137	goto out;
				138	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	139	out:
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	140	mutex_unlock(&crypt_stat->cs_hash_tfm_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	141	return rc;
				142	}
				143
Michael Halcrow	cd9d67d	2007-10-16 01:28:04 -0700	[diff] [blame]	144	static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
				145	char *cipher_name,
				146	char *chaining_modifier)
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	147	{
				148	int cipher_name_len = strlen(cipher_name);
				149	int chaining_modifier_len = strlen(chaining_modifier);
				150	int algified_name_len;
				151	int rc;
				152
				153	algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
				154	(*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
Michael Halcrow	7bd473f	2006-11-02 22:06:56 -0800	[diff] [blame]	155	if (!(*algified_name)) {
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	156	rc = -ENOMEM;
				157	goto out;
				158	}
				159	snprintf((*algified_name), algified_name_len, "%s(%s)",
				160	chaining_modifier, cipher_name);
				161	rc = 0;
				162	out:
				163	return rc;
				164	}
				165
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	166	/**
				167	* ecryptfs_derive_iv
				168	* @iv: destination for the derived iv vale
				169	* @crypt_stat: Pointer to crypt_stat struct for the current inode
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	170	* @offset: Offset of the extent whose IV we are to derive
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	171	*
				172	* Generate the initialization vector from the given root IV and page
				173	* offset.
				174	*
				175	* Returns zero on success; non-zero on error.
				176	*/
				177	static int ecryptfs_derive_iv(char iv, struct ecryptfs_crypt_stat crypt_stat,
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	178	loff_t offset)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	179	{
				180	int rc = 0;
				181	char dst[MD5_DIGEST_SIZE];
				182	char src[ECRYPTFS_MAX_IV_BYTES + 16];
				183
				184	if (unlikely(ecryptfs_verbosity > 0)) {
				185	ecryptfs_printk(KERN_DEBUG, "root iv:\n");
				186	ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
				187	}
				188	/* TODO: It is probably secure to just cast the least
				189	* significant bits of the root IV into an unsigned long and
				190	* add the offset to that rather than go through all this
				191	* hashing business. -Halcrow */
				192	memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
				193	memset((src + crypt_stat->iv_bytes), 0, 16);
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	194	snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	195	if (unlikely(ecryptfs_verbosity > 0)) {
				196	ecryptfs_printk(KERN_DEBUG, "source:\n");
				197	ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
				198	}
				199	rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
				200	(crypt_stat->iv_bytes + 16));
				201	if (rc) {
				202	ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
				203	"MD5 while generating IV for a page\n");
				204	goto out;
				205	}
				206	memcpy(iv, dst, crypt_stat->iv_bytes);
				207	if (unlikely(ecryptfs_verbosity > 0)) {
				208	ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
				209	ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
				210	}
				211	out:
				212	return rc;
				213	}
				214
				215	/**
				216	* ecryptfs_init_crypt_stat
				217	* @crypt_stat: Pointer to the crypt_stat struct to initialize.
				218	*
				219	* Initialize the crypt_stat structure.
				220	*/
				221	void
				222	ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
				223	{
				224	memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	225	INIT_LIST_HEAD(&crypt_stat->keysig_list);
				226	mutex_init(&crypt_stat->keysig_list_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	227	mutex_init(&crypt_stat->cs_mutex);
				228	mutex_init(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	229	mutex_init(&crypt_stat->cs_hash_tfm_mutex);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	230	crypt_stat->flags \|= ECRYPTFS_STRUCT_INITIALIZED;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	231	}
				232
				233	/**
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	234	* ecryptfs_destroy_crypt_stat
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	235	* @crypt_stat: Pointer to the crypt_stat struct to initialize.
				236	*
				237	* Releases all memory associated with a crypt_stat struct.
				238	*/
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	239	void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	240	{
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	241	struct ecryptfs_key_sig key_sig, key_sig_tmp;
				242
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	243	if (crypt_stat->tfm)
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	244	crypto_free_blkcipher(crypt_stat->tfm);
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	245	if (crypt_stat->hash_tfm)
				246	crypto_free_hash(crypt_stat->hash_tfm);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	247	mutex_lock(&crypt_stat->keysig_list_mutex);
				248	list_for_each_entry_safe(key_sig, key_sig_tmp,
				249	&crypt_stat->keysig_list, crypt_stat_list) {
				250	list_del(&key_sig->crypt_stat_list);
				251	kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
				252	}
				253	mutex_unlock(&crypt_stat->keysig_list_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	254	memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
				255	}
				256
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	257	void ecryptfs_destroy_mount_crypt_stat(
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	258	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				259	{
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	260	struct ecryptfs_global_auth_tok auth_tok, auth_tok_tmp;
				261
				262	if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
				263	return;
				264	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
				265	list_for_each_entry_safe(auth_tok, auth_tok_tmp,
				266	&mount_crypt_stat->global_auth_tok_list,
				267	mount_crypt_stat_list) {
				268	list_del(&auth_tok->mount_crypt_stat_list);
				269	mount_crypt_stat->num_global_auth_toks--;
				270	if (auth_tok->global_auth_tok_key
				271	&& !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
				272	key_put(auth_tok->global_auth_tok_key);
				273	kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
				274	}
				275	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	276	memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
				277	}
				278
				279	/**
				280	* virt_to_scatterlist
				281	* @addr: Virtual address
				282	* @size: Size of data; should be an even multiple of the block size
				283	* @sg: Pointer to scatterlist array; set to NULL to obtain only
				284	* the number of scatterlist structs required in array
				285	* @sg_size: Max array size
				286	*
				287	* Fills in a scatterlist array with page references for a passed
				288	* virtual address.
				289	*
				290	* Returns the number of scatterlist structs in array used
				291	*/
				292	int virt_to_scatterlist(const void addr, int size, struct scatterlist sg,
				293	int sg_size)
				294	{
				295	int i = 0;
				296	struct page *pg;
				297	int offset;
				298	int remainder_of_page;
				299
Herbert Xu	68e3f5d	2007-10-27 00:52:07 -0700	[diff] [blame]	300	sg_init_table(sg, sg_size);
				301
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	302	while (size > 0 && i < sg_size) {
				303	pg = virt_to_page(addr);
				304	offset = offset_in_page(addr);
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	305	if (sg)
				306	sg_set_page(&sg[i], pg, 0, offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	307	remainder_of_page = PAGE_CACHE_SIZE - offset;
				308	if (size >= remainder_of_page) {
				309	if (sg)
				310	sg[i].length = remainder_of_page;
				311	addr += remainder_of_page;
				312	size -= remainder_of_page;
				313	} else {
				314	if (sg)
				315	sg[i].length = size;
				316	addr += size;
				317	size = 0;
				318	}
				319	i++;
				320	}
				321	if (size > 0)
				322	return -ENOMEM;
				323	return i;
				324	}
				325
				326	/**
				327	* encrypt_scatterlist
				328	* @crypt_stat: Pointer to the crypt_stat struct to initialize.
				329	* @dest_sg: Destination of encrypted data
				330	* @src_sg: Data to be encrypted
				331	* @size: Length of data to be encrypted
				332	* @iv: iv to use during encryption
				333	*
				334	* Returns the number of bytes encrypted; negative value on error
				335	*/
				336	static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
				337	struct scatterlist *dest_sg,
				338	struct scatterlist *src_sg, int size,
				339	unsigned char *iv)
				340	{
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	341	struct blkcipher_desc desc = {
				342	.tfm = crypt_stat->tfm,
				343	.info = iv,
				344	.flags = CRYPTO_TFM_REQ_MAY_SLEEP
				345	};
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	346	int rc = 0;
				347
				348	BUG_ON(!crypt_stat \|\| !crypt_stat->tfm
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	349	\|\| !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	350	if (unlikely(ecryptfs_verbosity > 0)) {
				351	ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
				352	crypt_stat->key_size);
				353	ecryptfs_dump_hex(crypt_stat->key,
				354	crypt_stat->key_size);
				355	}
				356	/* Consider doing this once, when the file is opened */
				357	mutex_lock(&crypt_stat->cs_tfm_mutex);
Trevor Highland	8e3a6f1	2008-02-06 01:38:33 -0800	[diff] [blame]	358	if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
				359	rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
				360	crypt_stat->key_size);
				361	crypt_stat->flags \|= ECRYPTFS_KEY_SET;
				362	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	363	if (rc) {
				364	ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
				365	rc);
				366	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				367	rc = -EINVAL;
				368	goto out;
				369	}
				370	ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	371	crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	372	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				373	out:
				374	return rc;
				375	}
				376
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	377	/**
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	378	* ecryptfs_lower_offset_for_extent
				379	*
				380	* Convert an eCryptfs page index into a lower byte offset
				381	*/
Adrian Bunk	7896b63	2008-02-06 01:38:32 -0800	[diff] [blame]	382	static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
				383	struct ecryptfs_crypt_stat *crypt_stat)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	384	{
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	385	(*offset) = (crypt_stat->num_header_bytes_at_front
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	386	+ (crypt_stat->extent_size * extent_num));
				387	}
				388
				389	/**
				390	* ecryptfs_encrypt_extent
				391	* @enc_extent_page: Allocated page into which to encrypt the data in
				392	* @page
				393	* @crypt_stat: crypt_stat containing cryptographic context for the
				394	* encryption operation
				395	* @page: Page containing plaintext data extent to encrypt
				396	* @extent_offset: Page extent offset for use in generating IV
				397	*
				398	* Encrypts one extent of data.
				399	*
				400	* Return zero on success; non-zero otherwise
				401	*/
				402	static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
				403	struct ecryptfs_crypt_stat *crypt_stat,
				404	struct page *page,
				405	unsigned long extent_offset)
				406	{
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	407	loff_t extent_base;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	408	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
				409	int rc;
				410
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	411	extent_base = (((loff_t)page->index)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	412	* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
				413	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
				414	(extent_base + extent_offset));
				415	if (rc) {
				416	ecryptfs_printk(KERN_ERR, "Error attempting to "
				417	"derive IV for extent [0x%.16x]; "
				418	"rc = [%d]\n", (extent_base + extent_offset),
				419	rc);
				420	goto out;
				421	}
				422	if (unlikely(ecryptfs_verbosity > 0)) {
				423	ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
				424	"with iv:\n");
				425	ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
				426	ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
				427	"encryption:\n");
				428	ecryptfs_dump_hex((char *)
				429	(page_address(page)
				430	+ (extent_offset * crypt_stat->extent_size)),
				431	8);
				432	}
				433	rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
				434	page, (extent_offset
				435	* crypt_stat->extent_size),
				436	crypt_stat->extent_size, extent_iv);
				437	if (rc < 0) {
				438	printk(KERN_ERR "%s: Error attempting to encrypt page with "
				439	"page->index = [%ld], extent_offset = [%ld]; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	440	"rc = [%d]\n", __func__, page->index, extent_offset,
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	441	rc);
				442	goto out;
				443	}
				444	rc = 0;
				445	if (unlikely(ecryptfs_verbosity > 0)) {
				446	ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
				447	"rc = [%d]\n", (extent_base + extent_offset),
				448	rc);
				449	ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
				450	"encryption:\n");
				451	ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
				452	}
				453	out:
				454	return rc;
				455	}
				456
				457	/**
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	458	* ecryptfs_encrypt_page
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	459	* @page: Page mapped from the eCryptfs inode for the file; contains
				460	* decrypted content that needs to be encrypted (to a temporary
				461	* page; not in place) and written out to the lower file
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	462	*
				463	* Encrypt an eCryptfs page. This is done on a per-extent basis. Note
				464	* that eCryptfs pages may straddle the lower pages -- for instance,
				465	* if the file was created on a machine with an 8K page size
				466	* (resulting in an 8K header), and then the file is copied onto a
				467	* host with a 32K page size, then when reading page 0 of the eCryptfs
				468	* file, 24K of page 0 of the lower file will be read and decrypted,
				469	* and then 8K of page 1 of the lower file will be read and decrypted.
				470	*
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	471	* Returns zero on success; negative on error
				472	*/
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	473	int ecryptfs_encrypt_page(struct page *page)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	474	{
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	475	struct inode *ecryptfs_inode;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	476	struct ecryptfs_crypt_stat *crypt_stat;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	477	char *enc_extent_virt = NULL;
				478	struct page *enc_extent_page;
				479	loff_t extent_offset;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	480	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	481
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	482	ecryptfs_inode = page->mapping->host;
				483	crypt_stat =
				484	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	485	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	486	rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
				487	0, PAGE_CACHE_SIZE);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	488	if (rc)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	489	printk(KERN_ERR "%s: Error attempting to copy "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	490	"page at index [%ld]\n", __func__,
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	491	page->index);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	492	goto out;
				493	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	494	enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
				495	if (!enc_extent_virt) {
				496	rc = -ENOMEM;
				497	ecryptfs_printk(KERN_ERR, "Error allocating memory for "
				498	"encrypted extent\n");
				499	goto out;
				500	}
				501	enc_extent_page = virt_to_page(enc_extent_virt);
				502	for (extent_offset = 0;
				503	extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
				504	extent_offset++) {
				505	loff_t offset;
				506
				507	rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page,
				508	extent_offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	509	if (rc) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	510	printk(KERN_ERR "%s: Error encrypting extent; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	511	"rc = [%d]\n", __func__, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	512	goto out;
				513	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	514	ecryptfs_lower_offset_for_extent(
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	515	&offset, ((((loff_t)page->index)
				516	* (PAGE_CACHE_SIZE
				517	/ crypt_stat->extent_size))
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	518	+ extent_offset), crypt_stat);
				519	rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
				520	offset, crypt_stat->extent_size);
				521	if (rc) {
				522	ecryptfs_printk(KERN_ERR, "Error attempting "
				523	"to write lower page; rc = [%d]"
				524	"\n", rc);
				525	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	526	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	527	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	528	out:
				529	kfree(enc_extent_virt);
				530	return rc;
				531	}
				532
				533	static int ecryptfs_decrypt_extent(struct page *page,
				534	struct ecryptfs_crypt_stat *crypt_stat,
				535	struct page *enc_extent_page,
				536	unsigned long extent_offset)
				537	{
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	538	loff_t extent_base;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	539	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
				540	int rc;
				541
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	542	extent_base = (((loff_t)page->index)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	543	* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
				544	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
				545	(extent_base + extent_offset));
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	546	if (rc) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	547	ecryptfs_printk(KERN_ERR, "Error attempting to "
				548	"derive IV for extent [0x%.16x]; "
				549	"rc = [%d]\n", (extent_base + extent_offset),
				550	rc);
				551	goto out;
				552	}
				553	if (unlikely(ecryptfs_verbosity > 0)) {
				554	ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
				555	"with iv:\n");
				556	ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
				557	ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
				558	"decryption:\n");
				559	ecryptfs_dump_hex((char *)
				560	(page_address(enc_extent_page)
				561	+ (extent_offset * crypt_stat->extent_size)),
				562	8);
				563	}
				564	rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
				565	(extent_offset
				566	* crypt_stat->extent_size),
				567	enc_extent_page, 0,
				568	crypt_stat->extent_size, extent_iv);
				569	if (rc < 0) {
				570	printk(KERN_ERR "%s: Error attempting to decrypt to page with "
				571	"page->index = [%ld], extent_offset = [%ld]; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	572	"rc = [%d]\n", __func__, page->index, extent_offset,
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	573	rc);
				574	goto out;
				575	}
				576	rc = 0;
				577	if (unlikely(ecryptfs_verbosity > 0)) {
				578	ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
				579	"rc = [%d]\n", (extent_base + extent_offset),
				580	rc);
				581	ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
				582	"decryption:\n");
				583	ecryptfs_dump_hex((char *)(page_address(page)
				584	+ (extent_offset
				585	* crypt_stat->extent_size)), 8);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	586	}
				587	out:
				588	return rc;
				589	}
				590
				591	/**
				592	* ecryptfs_decrypt_page
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	593	* @page: Page mapped from the eCryptfs inode for the file; data read
				594	* and decrypted from the lower file will be written into this
				595	* page
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	596	*
				597	* Decrypt an eCryptfs page. This is done on a per-extent basis. Note
				598	* that eCryptfs pages may straddle the lower pages -- for instance,
				599	* if the file was created on a machine with an 8K page size
				600	* (resulting in an 8K header), and then the file is copied onto a
				601	* host with a 32K page size, then when reading page 0 of the eCryptfs
				602	* file, 24K of page 0 of the lower file will be read and decrypted,
				603	* and then 8K of page 1 of the lower file will be read and decrypted.
				604	*
				605	* Returns zero on success; negative on error
				606	*/
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	607	int ecryptfs_decrypt_page(struct page *page)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	608	{
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	609	struct inode *ecryptfs_inode;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	610	struct ecryptfs_crypt_stat *crypt_stat;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	611	char *enc_extent_virt = NULL;
				612	struct page *enc_extent_page;
				613	unsigned long extent_offset;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	614	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	615
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	616	ecryptfs_inode = page->mapping->host;
				617	crypt_stat =
				618	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	619	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	620	rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
				621	PAGE_CACHE_SIZE,
				622	ecryptfs_inode);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	623	if (rc)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	624	printk(KERN_ERR "%s: Error attempting to copy "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	625	"page at index [%ld]\n", __func__,
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	626	page->index);
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	627	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	628	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	629	enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
				630	if (!enc_extent_virt) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	631	rc = -ENOMEM;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	632	ecryptfs_printk(KERN_ERR, "Error allocating memory for "
				633	"encrypted extent\n");
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	634	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	635	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	636	enc_extent_page = virt_to_page(enc_extent_virt);
				637	for (extent_offset = 0;
				638	extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
				639	extent_offset++) {
				640	loff_t offset;
				641
				642	ecryptfs_lower_offset_for_extent(
				643	&offset, ((page->index * (PAGE_CACHE_SIZE
				644	/ crypt_stat->extent_size))
				645	+ extent_offset), crypt_stat);
				646	rc = ecryptfs_read_lower(enc_extent_virt, offset,
				647	crypt_stat->extent_size,
				648	ecryptfs_inode);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	649	if (rc) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	650	ecryptfs_printk(KERN_ERR, "Error attempting "
				651	"to read lower page; rc = [%d]"
				652	"\n", rc);
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	653	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	654	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	655	rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page,
				656	extent_offset);
				657	if (rc) {
				658	printk(KERN_ERR "%s: Error encrypting extent; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	659	"rc = [%d]\n", __func__, rc);
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	660	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	661	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	662	}
				663	out:
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	664	kfree(enc_extent_virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	665	return rc;
				666	}
				667
				668	/**
				669	* decrypt_scatterlist
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	670	* @crypt_stat: Cryptographic context
				671	* @dest_sg: The destination scatterlist to decrypt into
				672	* @src_sg: The source scatterlist to decrypt from
				673	* @size: The number of bytes to decrypt
				674	* @iv: The initialization vector to use for the decryption
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	675	*
				676	* Returns the number of bytes decrypted; negative value on error
				677	*/
				678	static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
				679	struct scatterlist *dest_sg,
				680	struct scatterlist *src_sg, int size,
				681	unsigned char *iv)
				682	{
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	683	struct blkcipher_desc desc = {
				684	.tfm = crypt_stat->tfm,
				685	.info = iv,
				686	.flags = CRYPTO_TFM_REQ_MAY_SLEEP
				687	};
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	688	int rc = 0;
				689
				690	/* Consider doing this once, when the file is opened */
				691	mutex_lock(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	692	rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
				693	crypt_stat->key_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	694	if (rc) {
				695	ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
				696	rc);
				697	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				698	rc = -EINVAL;
				699	goto out;
				700	}
				701	ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	702	rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	703	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				704	if (rc) {
				705	ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
				706	rc);
				707	goto out;
				708	}
				709	rc = size;
				710	out:
				711	return rc;
				712	}
				713
				714	/**
				715	* ecryptfs_encrypt_page_offset
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	716	* @crypt_stat: The cryptographic context
				717	* @dst_page: The page to encrypt into
				718	* @dst_offset: The offset in the page to encrypt into
				719	* @src_page: The page to encrypt from
				720	* @src_offset: The offset in the page to encrypt from
				721	* @size: The number of bytes to encrypt
				722	* @iv: The initialization vector to use for the encryption
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	723	*
				724	* Returns the number of bytes encrypted
				725	*/
				726	static int
				727	ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				728	struct page *dst_page, int dst_offset,
				729	struct page *src_page, int src_offset, int size,
				730	unsigned char *iv)
				731	{
				732	struct scatterlist src_sg, dst_sg;
				733
Jens Axboe	60c74f8	2007-10-22 19:43:30 +0200	[diff] [blame]	734	sg_init_table(&src_sg, 1);
				735	sg_init_table(&dst_sg, 1);
				736
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	737	sg_set_page(&src_sg, src_page, size, src_offset);
				738	sg_set_page(&dst_sg, dst_page, size, dst_offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	739	return encrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv);
				740	}
				741
				742	/**
				743	* ecryptfs_decrypt_page_offset
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	744	* @crypt_stat: The cryptographic context
				745	* @dst_page: The page to decrypt into
				746	* @dst_offset: The offset in the page to decrypt into
				747	* @src_page: The page to decrypt from
				748	* @src_offset: The offset in the page to decrypt from
				749	* @size: The number of bytes to decrypt
				750	* @iv: The initialization vector to use for the decryption
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	751	*
				752	* Returns the number of bytes decrypted
				753	*/
				754	static int
				755	ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				756	struct page *dst_page, int dst_offset,
				757	struct page *src_page, int src_offset, int size,
				758	unsigned char *iv)
				759	{
				760	struct scatterlist src_sg, dst_sg;
				761
Jens Axboe	60c74f8	2007-10-22 19:43:30 +0200	[diff] [blame]	762	sg_init_table(&src_sg, 1);
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	763	sg_set_page(&src_sg, src_page, size, src_offset);
Jens Axboe	60c74f8	2007-10-22 19:43:30 +0200	[diff] [blame]	764
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	765	sg_init_table(&dst_sg, 1);
				766	sg_set_page(&dst_sg, dst_page, size, dst_offset);
				767
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	768	return decrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv);
				769	}
				770
				771	#define ECRYPTFS_MAX_SCATTERLIST_LEN 4
				772
				773	/**
				774	* ecryptfs_init_crypt_ctx
				775	* @crypt_stat: Uninitilized crypt stats structure
				776	*
				777	* Initialize the crypto context.
				778	*
				779	* TODO: Performance: Keep a cache of initialized cipher contexts;
				780	* only init if needed
				781	*/
				782	int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
				783	{
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	784	char *full_alg_name;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	785	int rc = -EINVAL;
				786
				787	if (!crypt_stat->cipher) {
				788	ecryptfs_printk(KERN_ERR, "No cipher specified\n");
				789	goto out;
				790	}
				791	ecryptfs_printk(KERN_DEBUG,
				792	"Initializing cipher [%s]; strlen = [%d]; "
				793	"key_size_bits = [%d]\n",
				794	crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
				795	crypt_stat->key_size << 3);
				796	if (crypt_stat->tfm) {
				797	rc = 0;
				798	goto out;
				799	}
				800	mutex_lock(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	801	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
				802	crypt_stat->cipher, "cbc");
				803	if (rc)
Eric Sandeen	c8161f6	2007-12-22 14:03:26 -0800	[diff] [blame]	804	goto out_unlock;
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	805	crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0,
				806	CRYPTO_ALG_ASYNC);
				807	kfree(full_alg_name);
Akinobu Mita	de88777	2006-11-28 12:29:49 -0800	[diff] [blame]	808	if (IS_ERR(crypt_stat->tfm)) {
				809	rc = PTR_ERR(crypt_stat->tfm);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	810	ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
				811	"Error initializing cipher [%s]\n",
				812	crypt_stat->cipher);
Eric Sandeen	c8161f6	2007-12-22 14:03:26 -0800	[diff] [blame]	813	goto out_unlock;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	814	}
Herbert Xu	f1ddcaf	2007-01-27 10:05:15 +1100	[diff] [blame]	815	crypto_blkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	816	rc = 0;
Eric Sandeen	c8161f6	2007-12-22 14:03:26 -0800	[diff] [blame]	817	out_unlock:
				818	mutex_unlock(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	819	out:
				820	return rc;
				821	}
				822
				823	static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
				824	{
				825	int extent_size_tmp;
				826
				827	crypt_stat->extent_mask = 0xFFFFFFFF;
				828	crypt_stat->extent_shift = 0;
				829	if (crypt_stat->extent_size == 0)
				830	return;
				831	extent_size_tmp = crypt_stat->extent_size;
				832	while ((extent_size_tmp & 0x01) == 0) {
				833	extent_size_tmp >>= 1;
				834	crypt_stat->extent_mask <<= 1;
				835	crypt_stat->extent_shift++;
				836	}
				837	}
				838
				839	void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
				840	{
				841	/* Default values; may be overwritten as we are parsing the
				842	* packets. */
				843	crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
				844	set_extent_mask_and_shift(crypt_stat);
				845	crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	846	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	847	crypt_stat->num_header_bytes_at_front = 0;
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	848	else {
				849	if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	850	crypt_stat->num_header_bytes_at_front =
				851	ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	852	else
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	853	crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE;
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	854	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	855	}
				856
				857	/**
				858	* ecryptfs_compute_root_iv
				859	* @crypt_stats
				860	*
				861	* On error, sets the root IV to all 0's.
				862	*/
				863	int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
				864	{
				865	int rc = 0;
				866	char dst[MD5_DIGEST_SIZE];
				867
				868	BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
				869	BUG_ON(crypt_stat->iv_bytes <= 0);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	870	if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	871	rc = -EINVAL;
				872	ecryptfs_printk(KERN_WARNING, "Session key not valid; "
				873	"cannot generate root IV\n");
				874	goto out;
				875	}
				876	rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
				877	crypt_stat->key_size);
				878	if (rc) {
				879	ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
				880	"MD5 while generating root IV\n");
				881	goto out;
				882	}
				883	memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
				884	out:
				885	if (rc) {
				886	memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	887	crypt_stat->flags \|= ECRYPTFS_SECURITY_WARNING;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	888	}
				889	return rc;
				890	}
				891
				892	static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
				893	{
				894	get_random_bytes(crypt_stat->key, crypt_stat->key_size);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	895	crypt_stat->flags \|= ECRYPTFS_KEY_VALID;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	896	ecryptfs_compute_root_iv(crypt_stat);
				897	if (unlikely(ecryptfs_verbosity > 0)) {
				898	ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
				899	ecryptfs_dump_hex(crypt_stat->key,
				900	crypt_stat->key_size);
				901	}
				902	}
				903
				904	/**
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	905	* ecryptfs_copy_mount_wide_flags_to_inode_flags
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	906	* @crypt_stat: The inode's cryptographic context
				907	* @mount_crypt_stat: The mount point's cryptographic context
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	908	*
				909	* This function propagates the mount-wide flags to individual inode
				910	* flags.
				911	*/
				912	static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
				913	struct ecryptfs_crypt_stat *crypt_stat,
				914	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				915	{
				916	if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
				917	crypt_stat->flags \|= ECRYPTFS_METADATA_IN_XATTR;
				918	if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
				919	crypt_stat->flags \|= ECRYPTFS_VIEW_AS_ENCRYPTED;
				920	}
				921
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	922	static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
				923	struct ecryptfs_crypt_stat *crypt_stat,
				924	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				925	{
				926	struct ecryptfs_global_auth_tok *global_auth_tok;
				927	int rc = 0;
				928
				929	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
				930	list_for_each_entry(global_auth_tok,
				931	&mount_crypt_stat->global_auth_tok_list,
				932	mount_crypt_stat_list) {
				933	rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
				934	if (rc) {
				935	printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
				936	mutex_unlock(
				937	&mount_crypt_stat->global_auth_tok_list_mutex);
				938	goto out;
				939	}
				940	}
				941	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
				942	out:
				943	return rc;
				944	}
				945
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	946	/**
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	947	* ecryptfs_set_default_crypt_stat_vals
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	948	* @crypt_stat: The inode's cryptographic context
				949	* @mount_crypt_stat: The mount point's cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	950	*
				951	* Default values in the event that policy does not override them.
				952	*/
				953	static void ecryptfs_set_default_crypt_stat_vals(
				954	struct ecryptfs_crypt_stat *crypt_stat,
				955	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				956	{
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	957	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
				958	mount_crypt_stat);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	959	ecryptfs_set_default_sizes(crypt_stat);
				960	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
				961	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	962	crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	963	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
				964	crypt_stat->mount_crypt_stat = mount_crypt_stat;
				965	}
				966
				967	/**
				968	* ecryptfs_new_file_context
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	969	* @ecryptfs_dentry: The eCryptfs dentry
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	970	*
				971	* If the crypto context for the file has not yet been established,
				972	* this is where we do that. Establishing a new crypto context
				973	* involves the following decisions:
				974	* - What cipher to use?
				975	* - What set of authentication tokens to use?
				976	* Here we just worry about getting enough information into the
				977	* authentication tokens so that we know that they are available.
				978	* We associate the available authentication tokens with the new file
				979	* via the set of signatures in the crypt_stat struct. Later, when
				980	* the headers are actually written out, we may again defer to
				981	* userspace to perform the encryption of the session key; for the
				982	* foreseeable future, this will be the case with public key packets.
				983	*
				984	* Returns zero on success; non-zero otherwise
				985	*/
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	986	int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)
				987	{
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	988	struct ecryptfs_crypt_stat *crypt_stat =
				989	&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
				990	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
				991	&ecryptfs_superblock_to_private(
				992	ecryptfs_dentry->d_sb)->mount_crypt_stat;
				993	int cipher_name_len;
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	994	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	995
				996	ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
Michael Halcrow	af655dc	2007-10-16 01:28:00 -0700	[diff] [blame]	997	crypt_stat->flags \|= (ECRYPTFS_ENCRYPTED \| ECRYPTFS_KEY_VALID);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	998	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
				999	mount_crypt_stat);
				1000	rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
				1001	mount_crypt_stat);
				1002	if (rc) {
				1003	printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
				1004	"to the inode key sigs; rc = [%d]\n", rc);
				1005	goto out;
				1006	}
				1007	cipher_name_len =
				1008	strlen(mount_crypt_stat->global_default_cipher_name);
				1009	memcpy(crypt_stat->cipher,
				1010	mount_crypt_stat->global_default_cipher_name,
				1011	cipher_name_len);
				1012	crypt_stat->cipher[cipher_name_len] = '\0';
				1013	crypt_stat->key_size =
				1014	mount_crypt_stat->global_default_cipher_key_size;
				1015	ecryptfs_generate_new_key(crypt_stat);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1016	rc = ecryptfs_init_crypt_ctx(crypt_stat);
				1017	if (rc)
				1018	ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
				1019	"context for cipher [%s]: rc = [%d]\n",
				1020	crypt_stat->cipher, rc);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1021	out:
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1022	return rc;
				1023	}
				1024
				1025	/**
				1026	* contains_ecryptfs_marker - check for the ecryptfs marker
				1027	* @data: The data block in which to check
				1028	*
				1029	* Returns one if marker found; zero if not found
				1030	*/
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1031	static int contains_ecryptfs_marker(char *data)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1032	{
				1033	u32 m_1, m_2;
				1034
				1035	memcpy(&m_1, data, 4);
				1036	m_1 = be32_to_cpu(m_1);
				1037	memcpy(&m_2, (data + 4), 4);
				1038	m_2 = be32_to_cpu(m_2);
				1039	if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
				1040	return 1;
				1041	ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
				1042	"MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
				1043	MAGIC_ECRYPTFS_MARKER);
				1044	ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
				1045	"[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
				1046	return 0;
				1047	}
				1048
				1049	struct ecryptfs_flag_map_elem {
				1050	u32 file_flag;
				1051	u32 local_flag;
				1052	};
				1053
				1054	/* Add support for additional flags by adding elements here. */
				1055	static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
				1056	{0x00000001, ECRYPTFS_ENABLE_HMAC},
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1057	{0x00000002, ECRYPTFS_ENCRYPTED},
				1058	{0x00000004, ECRYPTFS_METADATA_IN_XATTR}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1059	};
				1060
				1061	/**
				1062	* ecryptfs_process_flags
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1063	* @crypt_stat: The cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1064	* @page_virt: Source data to be parsed
				1065	* @bytes_read: Updated with the number of bytes read
				1066	*
				1067	* Returns zero on success; non-zero if the flag set is invalid
				1068	*/
				1069	static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
				1070	char page_virt, int bytes_read)
				1071	{
				1072	int rc = 0;
				1073	int i;
				1074	u32 flags;
				1075
				1076	memcpy(&flags, page_virt, 4);
				1077	flags = be32_to_cpu(flags);
				1078	for (i = 0; i < ((sizeof(ecryptfs_flag_map)
				1079	/ sizeof(struct ecryptfs_flag_map_elem))); i++)
				1080	if (flags & ecryptfs_flag_map[i].file_flag) {
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1081	crypt_stat->flags \|= ecryptfs_flag_map[i].local_flag;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1082	} else
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1083	crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1084	/* Version is in top 8 bits of the 32-bit flag vector */
				1085	crypt_stat->file_version = ((flags >> 24) & 0xFF);
				1086	(*bytes_read) = 4;
				1087	return rc;
				1088	}
				1089
				1090	/**
				1091	* write_ecryptfs_marker
				1092	* @page_virt: The pointer to in a page to begin writing the marker
				1093	* @written: Number of bytes written
				1094	*
				1095	* Marker = 0x3c81b7f5
				1096	*/
				1097	static void write_ecryptfs_marker(char page_virt, size_t written)
				1098	{
				1099	u32 m_1, m_2;
				1100
				1101	get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
				1102	m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
				1103	m_1 = cpu_to_be32(m_1);
				1104	memcpy(page_virt, &m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
				1105	m_2 = cpu_to_be32(m_2);
				1106	memcpy(page_virt + (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2), &m_2,
				1107	(MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
				1108	(*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
				1109	}
				1110
				1111	static void
				1112	write_ecryptfs_flags(char page_virt, struct ecryptfs_crypt_stat crypt_stat,
				1113	size_t *written)
				1114	{
				1115	u32 flags = 0;
				1116	int i;
				1117
				1118	for (i = 0; i < ((sizeof(ecryptfs_flag_map)
				1119	/ sizeof(struct ecryptfs_flag_map_elem))); i++)
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1120	if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1121	flags \|= ecryptfs_flag_map[i].file_flag;
				1122	/* Version is in top 8 bits of the 32-bit flag vector */
				1123	flags \|= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
				1124	flags = cpu_to_be32(flags);
				1125	memcpy(page_virt, &flags, 4);
				1126	(*written) = 4;
				1127	}
				1128
				1129	struct ecryptfs_cipher_code_str_map_elem {
				1130	char cipher_str[16];
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1131	u8 cipher_code;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1132	};
				1133
				1134	/* Add support for additional ciphers by adding elements here. The
				1135	* cipher_code is whatever OpenPGP applicatoins use to identify the
				1136	* ciphers. List in order of probability. */
				1137	static struct ecryptfs_cipher_code_str_map_elem
				1138	ecryptfs_cipher_code_str_map[] = {
				1139	{"aes",RFC2440_CIPHER_AES_128 },
				1140	{"blowfish", RFC2440_CIPHER_BLOWFISH},
				1141	{"des3_ede", RFC2440_CIPHER_DES3_EDE},
				1142	{"cast5", RFC2440_CIPHER_CAST_5},
				1143	{"twofish", RFC2440_CIPHER_TWOFISH},
				1144	{"cast6", RFC2440_CIPHER_CAST_6},
				1145	{"aes", RFC2440_CIPHER_AES_192},
				1146	{"aes", RFC2440_CIPHER_AES_256}
				1147	};
				1148
				1149	/**
				1150	* ecryptfs_code_for_cipher_string
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1151	* @crypt_stat: The cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1152	*
				1153	* Returns zero on no match, or the cipher code on match
				1154	*/
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1155	u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1156	{
				1157	int i;
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1158	u8 code = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1159	struct ecryptfs_cipher_code_str_map_elem *map =
				1160	ecryptfs_cipher_code_str_map;
				1161
				1162	if (strcmp(crypt_stat->cipher, "aes") == 0) {
				1163	switch (crypt_stat->key_size) {
				1164	case 16:
				1165	code = RFC2440_CIPHER_AES_128;
				1166	break;
				1167	case 24:
				1168	code = RFC2440_CIPHER_AES_192;
				1169	break;
				1170	case 32:
				1171	code = RFC2440_CIPHER_AES_256;
				1172	}
				1173	} else {
				1174	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
				1175	if (strcmp(crypt_stat->cipher, map[i].cipher_str) == 0){
				1176	code = map[i].cipher_code;
				1177	break;
				1178	}
				1179	}
				1180	return code;
				1181	}
				1182
				1183	/**
				1184	* ecryptfs_cipher_code_to_string
				1185	* @str: Destination to write out the cipher name
				1186	* @cipher_code: The code to convert to cipher name string
				1187	*
				1188	* Returns zero on success
				1189	*/
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1190	int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1191	{
				1192	int rc = 0;
				1193	int i;
				1194
				1195	str[0] = '\0';
				1196	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
				1197	if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
				1198	strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
				1199	if (str[0] == '\0') {
				1200	ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
				1201	"[%d]\n", cipher_code);
				1202	rc = -EINVAL;
				1203	}
				1204	return rc;
				1205	}
				1206
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1207	int ecryptfs_read_and_validate_header_region(char *data,
				1208	struct inode *ecryptfs_inode)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1209	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1210	struct ecryptfs_crypt_stat *crypt_stat =
				1211	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1212	int rc;
				1213
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1214	rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,
				1215	ecryptfs_inode);
				1216	if (rc) {
				1217	printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1218	__func__, rc);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1219	goto out;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1220	}
				1221	if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1222	rc = -EINVAL;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1223	ecryptfs_printk(KERN_DEBUG, "Valid marker not found\n");
				1224	}
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1225	out:
				1226	return rc;
				1227	}
				1228
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1229	void
				1230	ecryptfs_write_header_metadata(char *virt,
				1231	struct ecryptfs_crypt_stat *crypt_stat,
				1232	size_t *written)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1233	{
				1234	u32 header_extent_size;
				1235	u16 num_header_extents_at_front;
				1236
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	1237	header_extent_size = (u32)crypt_stat->extent_size;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1238	num_header_extents_at_front =
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1239	(u16)(crypt_stat->num_header_bytes_at_front
				1240	/ crypt_stat->extent_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1241	header_extent_size = cpu_to_be32(header_extent_size);
				1242	memcpy(virt, &header_extent_size, 4);
				1243	virt += 4;
				1244	num_header_extents_at_front = cpu_to_be16(num_header_extents_at_front);
				1245	memcpy(virt, &num_header_extents_at_front, 2);
				1246	(*written) = 6;
				1247	}
				1248
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1249	struct kmem_cache *ecryptfs_header_cache_1;
				1250	struct kmem_cache *ecryptfs_header_cache_2;
				1251
				1252	/**
				1253	* ecryptfs_write_headers_virt
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1254	* @page_virt: The virtual address to write the headers to
				1255	* @size: Set to the number of bytes written by this function
				1256	* @crypt_stat: The cryptographic context
				1257	* @ecryptfs_dentry: The eCryptfs dentry
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1258	*
				1259	* Format version: 1
				1260	*
				1261	* Header Extent:
				1262	* Octets 0-7: Unencrypted file size (big-endian)
				1263	* Octets 8-15: eCryptfs special marker
				1264	* Octets 16-19: Flags
				1265	* Octet 16: File format version number (between 0 and 255)
				1266	* Octets 17-18: Reserved
				1267	* Octet 19: Bit 1 (lsb): Reserved
				1268	* Bit 2: Encrypted?
				1269	* Bits 3-8: Reserved
				1270	* Octets 20-23: Header extent size (big-endian)
				1271	* Octets 24-25: Number of header extents at front of file
				1272	* (big-endian)
				1273	* Octet 26: Begin RFC 2440 authentication token packet set
				1274	* Data Extent 0:
				1275	* Lower data (CBC encrypted)
				1276	* Data Extent 1:
				1277	* Lower data (CBC encrypted)
				1278	* ...
				1279	*
				1280	* Returns zero on success
				1281	*/
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1282	static int ecryptfs_write_headers_virt(char page_virt, size_t size,
				1283	struct ecryptfs_crypt_stat *crypt_stat,
				1284	struct dentry *ecryptfs_dentry)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1285	{
				1286	int rc;
				1287	size_t written;
				1288	size_t offset;
				1289
				1290	offset = ECRYPTFS_FILE_SIZE_BYTES;
				1291	write_ecryptfs_marker((page_virt + offset), &written);
				1292	offset += written;
				1293	write_ecryptfs_flags((page_virt + offset), crypt_stat, &written);
				1294	offset += written;
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1295	ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
				1296	&written);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1297	offset += written;
				1298	rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
				1299	ecryptfs_dentry, &written,
				1300	PAGE_CACHE_SIZE - offset);
				1301	if (rc)
				1302	ecryptfs_printk(KERN_WARNING, "Error generating key packet "
				1303	"set; rc = [%d]\n", rc);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1304	if (size) {
				1305	offset += written;
				1306	*size = offset;
				1307	}
				1308	return rc;
				1309	}
				1310
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1311	static int
				1312	ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat,
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1313	struct dentry *ecryptfs_dentry,
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1314	char *virt)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1315	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1316	int rc;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1317
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1318	rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt,
				1319	0, crypt_stat->num_header_bytes_at_front);
				1320	if (rc)
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1321	printk(KERN_ERR "%s: Error attempting to write header "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1322	"information to lower file; rc = [%d]\n", __func__,
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1323	rc);
Michael Halcrow	7045660	2007-02-12 00:53:48 -0800	[diff] [blame]	1324	return rc;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1325	}
				1326
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1327	static int
				1328	ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
				1329	struct ecryptfs_crypt_stat *crypt_stat,
				1330	char *page_virt, size_t size)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1331	{
				1332	int rc;
				1333
				1334	rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt,
				1335	size, 0);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1336	return rc;
				1337	}
				1338
				1339	/**
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1340	* ecryptfs_write_metadata
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1341	* @ecryptfs_dentry: The eCryptfs dentry
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1342	*
				1343	* Write the file headers out. This will likely involve a userspace
				1344	* callout, in which the session key is encrypted with one or more
				1345	* public keys and/or the passphrase necessary to do the encryption is
				1346	* retrieved via a prompt. Exactly what happens at this point should
				1347	* be policy-dependent.
				1348	*
				1349	* Returns zero on success; non-zero on error
				1350	*/
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1351	int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1352	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1353	struct ecryptfs_crypt_stat *crypt_stat =
				1354	&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1355	char *virt;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1356	size_t size = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1357	int rc = 0;
				1358
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1359	if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
				1360	if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1361	printk(KERN_ERR "Key is invalid; bailing out\n");
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1362	rc = -EINVAL;
				1363	goto out;
				1364	}
				1365	} else {
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1366	printk(KERN_WARNING "%s: Encrypted flag not set\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1367	__func__);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1368	rc = -EINVAL;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1369	goto out;
				1370	}
				1371	/* Released in this function */
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1372	virt = kzalloc(crypt_stat->num_header_bytes_at_front, GFP_KERNEL);
				1373	if (!virt) {
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1374	printk(KERN_ERR "%s: Out of memory\n", __func__);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1375	rc = -ENOMEM;
				1376	goto out;
				1377	}
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1378	rc = ecryptfs_write_headers_virt(virt, &size, crypt_stat,
				1379	ecryptfs_dentry);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1380	if (unlikely(rc)) {
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1381	printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1382	__func__, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1383	goto out_free;
				1384	}
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1385	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
				1386	rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry,
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1387	crypt_stat, virt, size);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1388	else
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1389	rc = ecryptfs_write_metadata_to_contents(crypt_stat,
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1390	ecryptfs_dentry, virt);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1391	if (rc) {
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1392	printk(KERN_ERR "%s: Error writing metadata out to lower file; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1393	"rc = [%d]\n", __func__, rc);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1394	goto out_free;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1395	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1396	out_free:
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1397	memset(virt, 0, crypt_stat->num_header_bytes_at_front);
				1398	kfree(virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1399	out:
				1400	return rc;
				1401	}
				1402
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1403	#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
				1404	#define ECRYPTFS_VALIDATE_HEADER_SIZE 1
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1405	static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1406	char virt, int bytes_read,
				1407	int validate_header_size)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1408	{
				1409	int rc = 0;
				1410	u32 header_extent_size;
				1411	u16 num_header_extents_at_front;
				1412
Michael Halcrow	ecbdc93	2007-10-16 01:28:14 -0700	[diff] [blame]	1413	memcpy(&header_extent_size, virt, sizeof(u32));
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1414	header_extent_size = be32_to_cpu(header_extent_size);
Michael Halcrow	ecbdc93	2007-10-16 01:28:14 -0700	[diff] [blame]	1415	virt += sizeof(u32);
				1416	memcpy(&num_header_extents_at_front, virt, sizeof(u16));
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1417	num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front);
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1418	crypt_stat->num_header_bytes_at_front =
				1419	(((size_t)num_header_extents_at_front
				1420	* (size_t)header_extent_size));
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	1421	(*bytes_read) = (sizeof(u32) + sizeof(u16));
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1422	if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1423	&& (crypt_stat->num_header_bytes_at_front
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1424	< ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1425	rc = -EINVAL;
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1426	printk(KERN_WARNING "Invalid header size: [%zd]\n",
				1427	crypt_stat->num_header_bytes_at_front);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1428	}
				1429	return rc;
				1430	}
				1431
				1432	/**
				1433	* set_default_header_data
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1434	* @crypt_stat: The cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1435	*
				1436	* For version 0 file format; this function is only for backwards
				1437	* compatibility for files created with the prior versions of
				1438	* eCryptfs.
				1439	*/
				1440	static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
				1441	{
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1442	crypt_stat->num_header_bytes_at_front =
				1443	ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1444	}
				1445
				1446	/**
				1447	* ecryptfs_read_headers_virt
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1448	* @page_virt: The virtual address into which to read the headers
				1449	* @crypt_stat: The cryptographic context
				1450	* @ecryptfs_dentry: The eCryptfs dentry
				1451	* @validate_header_size: Whether to validate the header size while reading
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1452	*
				1453	* Read/parse the header data. The header format is detailed in the
				1454	* comment block for the ecryptfs_write_headers_virt() function.
				1455	*
				1456	* Returns zero on success
				1457	*/
				1458	static int ecryptfs_read_headers_virt(char *page_virt,
				1459	struct ecryptfs_crypt_stat *crypt_stat,
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1460	struct dentry *ecryptfs_dentry,
				1461	int validate_header_size)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1462	{
				1463	int rc = 0;
				1464	int offset;
				1465	int bytes_read;
				1466
				1467	ecryptfs_set_default_sizes(crypt_stat);
				1468	crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
				1469	ecryptfs_dentry->d_sb)->mount_crypt_stat;
				1470	offset = ECRYPTFS_FILE_SIZE_BYTES;
				1471	rc = contains_ecryptfs_marker(page_virt + offset);
				1472	if (rc == 0) {
				1473	rc = -EINVAL;
				1474	goto out;
				1475	}
				1476	offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
				1477	rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
				1478	&bytes_read);
				1479	if (rc) {
				1480	ecryptfs_printk(KERN_WARNING, "Error processing flags\n");
				1481	goto out;
				1482	}
				1483	if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
				1484	ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
				1485	"file version [%d] is supported by this "
				1486	"version of eCryptfs\n",
				1487	crypt_stat->file_version,
				1488	ECRYPTFS_SUPPORTED_FILE_VERSION);
				1489	rc = -EINVAL;
				1490	goto out;
				1491	}
				1492	offset += bytes_read;
				1493	if (crypt_stat->file_version >= 1) {
				1494	rc = parse_header_metadata(crypt_stat, (page_virt + offset),
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1495	&bytes_read, validate_header_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1496	if (rc) {
				1497	ecryptfs_printk(KERN_WARNING, "Error reading header "
				1498	"metadata; rc = [%d]\n", rc);
				1499	}
				1500	offset += bytes_read;
				1501	} else
				1502	set_default_header_data(crypt_stat);
				1503	rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
				1504	ecryptfs_dentry);
				1505	out:
				1506	return rc;
				1507	}
				1508
				1509	/**
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1510	* ecryptfs_read_xattr_region
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1511	* @page_virt: The vitual address into which to read the xattr data
Michael Halcrow	2ed9255	2007-10-16 01:28:10 -0700	[diff] [blame]	1512	* @ecryptfs_inode: The eCryptfs inode
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1513	*
				1514	* Attempts to read the crypto metadata from the extended attribute
				1515	* region of the lower file.
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1516	*
				1517	* Returns zero on success; non-zero on error
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1518	*/
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1519	int ecryptfs_read_xattr_region(char page_virt, struct inode ecryptfs_inode)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1520	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1521	struct dentry *lower_dentry =
				1522	ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1523	ssize_t size;
				1524	int rc = 0;
				1525
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1526	size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME,
				1527	page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1528	if (size < 0) {
Michael Halcrow	25bd817	2008-02-06 01:38:35 -0800	[diff] [blame]	1529	if (unlikely(ecryptfs_verbosity > 0))
				1530	printk(KERN_INFO "Error attempting to read the [%s] "
				1531	"xattr from the lower file; return value = "
				1532	"[%zd]\n", ECRYPTFS_XATTR_NAME, size);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1533	rc = -EINVAL;
				1534	goto out;
				1535	}
				1536	out:
				1537	return rc;
				1538	}
				1539
				1540	int ecryptfs_read_and_validate_xattr_region(char *page_virt,
				1541	struct dentry *ecryptfs_dentry)
				1542	{
				1543	int rc;
				1544
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1545	rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1546	if (rc)
				1547	goto out;
				1548	if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) {
				1549	printk(KERN_WARNING "Valid data found in [%s] xattr, but "
				1550	"the marker is invalid\n", ECRYPTFS_XATTR_NAME);
				1551	rc = -EINVAL;
				1552	}
				1553	out:
				1554	return rc;
				1555	}
				1556
				1557	/**
				1558	* ecryptfs_read_metadata
				1559	*
				1560	* Common entry point for reading file metadata. From here, we could
				1561	* retrieve the header information from the header region of the file,
				1562	* the xattr region of the file, or some other repostory that is
				1563	* stored separately from the file itself. The current implementation
				1564	* supports retrieving the metadata information from the file contents
				1565	* and from the xattr region.
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1566	*
				1567	* Returns zero if valid headers found and parsed; non-zero otherwise
				1568	*/
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1569	int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1570	{
				1571	int rc = 0;
				1572	char *page_virt = NULL;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1573	struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1574	struct ecryptfs_crypt_stat *crypt_stat =
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1575	&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1576	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
				1577	&ecryptfs_superblock_to_private(
				1578	ecryptfs_dentry->d_sb)->mount_crypt_stat;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1579
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1580	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
				1581	mount_crypt_stat);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1582	/* Read the first page from the underlying file */
Christoph Lameter	f7267c0	2006-12-06 20:33:15 -0800	[diff] [blame]	1583	page_virt = kmem_cache_alloc(ecryptfs_header_cache_1, GFP_USER);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1584	if (!page_virt) {
				1585	rc = -ENOMEM;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1586	printk(KERN_ERR "%s: Unable to allocate page_virt\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1587	__func__);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1588	goto out;
				1589	}
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1590	rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
				1591	ecryptfs_inode);
				1592	if (!rc)
				1593	rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
				1594	ecryptfs_dentry,
				1595	ECRYPTFS_VALIDATE_HEADER_SIZE);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1596	if (rc) {
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1597	rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1598	if (rc) {
				1599	printk(KERN_DEBUG "Valid eCryptfs headers not found in "
				1600	"file header region or xattr region\n");
				1601	rc = -EINVAL;
				1602	goto out;
				1603	}
				1604	rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
				1605	ecryptfs_dentry,
				1606	ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
				1607	if (rc) {
				1608	printk(KERN_DEBUG "Valid eCryptfs headers not found in "
				1609	"file xattr region either\n");
				1610	rc = -EINVAL;
				1611	}
				1612	if (crypt_stat->mount_crypt_stat->flags
				1613	& ECRYPTFS_XATTR_METADATA_ENABLED) {
				1614	crypt_stat->flags \|= ECRYPTFS_METADATA_IN_XATTR;
				1615	} else {
				1616	printk(KERN_WARNING "Attempt to access file with "
				1617	"crypto metadata only in the extended attribute "
				1618	"region, but eCryptfs was mounted without "
				1619	"xattr support enabled. eCryptfs will not treat "
				1620	"this like an encrypted file.\n");
				1621	rc = -EINVAL;
				1622	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1623	}
				1624	out:
				1625	if (page_virt) {
				1626	memset(page_virt, 0, PAGE_CACHE_SIZE);
				1627	kmem_cache_free(ecryptfs_header_cache_1, page_virt);
				1628	}
				1629	return rc;
				1630	}
				1631
				1632	/**
				1633	* ecryptfs_encode_filename - converts a plaintext file name to cipher text
				1634	* @crypt_stat: The crypt_stat struct associated with the file anem to encode
				1635	* @name: The plaintext name
				1636	* @length: The length of the plaintext
				1637	* @encoded_name: The encypted name
				1638	*
				1639	* Encrypts and encodes a filename into something that constitutes a
				1640	* valid filename for a filesystem, with printable characters.
				1641	*
				1642	* We assume that we have a properly initialized crypto context,
				1643	* pointed to by crypt_stat->tfm.
				1644	*
				1645	* TODO: Implement filename decoding and decryption here, in place of
				1646	* memcpy. We are keeping the framework around for now to (1)
				1647	* facilitate testing of the components needed to implement filename
				1648	* encryption and (2) to provide a code base from which other
				1649	* developers in the community can easily implement this feature.
				1650	*
				1651	* Returns the length of encoded filename; negative if error
				1652	*/
				1653	int
				1654	ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat,
				1655	const char name, int length, char *encoded_name)
				1656	{
				1657	int error = 0;
				1658
				1659	(*encoded_name) = kmalloc(length + 2, GFP_KERNEL);
				1660	if (!(*encoded_name)) {
				1661	error = -ENOMEM;
				1662	goto out;
				1663	}
				1664	/* TODO: Filename encryption is a scheduled feature for a
				1665	* future version of eCryptfs. This function is here only for
				1666	* the purpose of providing a framework for other developers
				1667	* to easily implement filename encryption. Hint: Replace this
				1668	* memcpy() with a call to encrypt and encode the
				1669	* filename, the set the length accordingly. */
				1670	memcpy((void )(encoded_name), (void *)name, length);
				1671	(*encoded_name)[length] = '\0';
				1672	error = length + 1;
				1673	out:
				1674	return error;
				1675	}
				1676
				1677	/**
				1678	* ecryptfs_decode_filename - converts the cipher text name to plaintext
				1679	* @crypt_stat: The crypt_stat struct associated with the file
				1680	* @name: The filename in cipher text
				1681	* @length: The length of the cipher text name
				1682	* @decrypted_name: The plaintext name
				1683	*
				1684	* Decodes and decrypts the filename.
				1685	*
				1686	* We assume that we have a properly initialized crypto context,
				1687	* pointed to by crypt_stat->tfm.
				1688	*
				1689	* TODO: Implement filename decoding and decryption here, in place of
				1690	* memcpy. We are keeping the framework around for now to (1)
				1691	* facilitate testing of the components needed to implement filename
				1692	* encryption and (2) to provide a code base from which other
				1693	* developers in the community can easily implement this feature.
				1694	*
				1695	* Returns the length of decoded filename; negative if error
				1696	*/
				1697	int
				1698	ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat,
				1699	const char name, int length, char *decrypted_name)
				1700	{
				1701	int error = 0;
				1702
				1703	(*decrypted_name) = kmalloc(length + 2, GFP_KERNEL);
				1704	if (!(*decrypted_name)) {
				1705	error = -ENOMEM;
				1706	goto out;
				1707	}
				1708	/* TODO: Filename encryption is a scheduled feature for a
				1709	* future version of eCryptfs. This function is here only for
				1710	* the purpose of providing a framework for other developers
				1711	* to easily implement filename encryption. Hint: Replace this
				1712	* memcpy() with a call to decode and decrypt the
				1713	* filename, the set the length accordingly. */
				1714	memcpy((void )(decrypted_name), (void *)name, length);
				1715	(decrypted_name)[length + 1] = '\0'; / Only for convenience
				1716	* in printing out the
				1717	* string in debug
				1718	* messages */
				1719	error = length;
				1720	out:
				1721	return error;
				1722	}
				1723
				1724	/**
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1725	* ecryptfs_process_key_cipher - Perform key cipher initialization.
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1726	* @key_tfm: Crypto context for key material, set by this function
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1727	* @cipher_name: Name of the cipher
				1728	* @key_size: Size of the key in bytes
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1729	*
				1730	* Returns zero on success. Any crypto_tfm structs allocated here
				1731	* should be released by other functions, such as on a superblock put
				1732	* event, regardless of whether this function succeeds for fails.
				1733	*/
Michael Halcrow	cd9d67d	2007-10-16 01:28:04 -0700	[diff] [blame]	1734	static int
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1735	ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
				1736	char cipher_name, size_t key_size)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1737	{
				1738	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1739	char *full_alg_name;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1740	int rc;
				1741
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1742	*key_tfm = NULL;
				1743	if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1744	rc = -EINVAL;
				1745	printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum "
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1746	"allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1747	goto out;
				1748	}
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1749	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
				1750	"ecb");
				1751	if (rc)
				1752	goto out;
				1753	*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
				1754	kfree(full_alg_name);
				1755	if (IS_ERR(*key_tfm)) {
				1756	rc = PTR_ERR(*key_tfm);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1757	printk(KERN_ERR "Unable to allocate crypto cipher with name "
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1758	"[%s]; rc = [%d]\n", cipher_name, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1759	goto out;
				1760	}
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1761	crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
				1762	if (*key_size == 0) {
				1763	struct blkcipher_alg alg = crypto_blkcipher_alg(key_tfm);
				1764
				1765	*key_size = alg->max_keysize;
				1766	}
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1767	get_random_bytes(dummy_key, *key_size);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1768	rc = crypto_blkcipher_setkey(key_tfm, dummy_key, key_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1769	if (rc) {
				1770	printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1771	"cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1772	rc = -EINVAL;
				1773	goto out;
				1774	}
				1775	out:
				1776	return rc;
				1777	}
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1778
				1779	struct kmem_cache *ecryptfs_key_tfm_cache;
Adrian Bunk	7896b63	2008-02-06 01:38:32 -0800	[diff] [blame]	1780	static struct list_head key_tfm_list;
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1781	struct mutex key_tfm_list_mutex;
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1782
				1783	int ecryptfs_init_crypto(void)
				1784	{
				1785	mutex_init(&key_tfm_list_mutex);
				1786	INIT_LIST_HEAD(&key_tfm_list);
				1787	return 0;
				1788	}
				1789
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1790	/**
				1791	* ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
				1792	*
				1793	* Called only at module unload time
				1794	*/
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	1795	int ecryptfs_destroy_crypto(void)
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1796	{
				1797	struct ecryptfs_key_tfm key_tfm, key_tfm_tmp;
				1798
				1799	mutex_lock(&key_tfm_list_mutex);
				1800	list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
				1801	key_tfm_list) {
				1802	list_del(&key_tfm->key_tfm_list);
				1803	if (key_tfm->key_tfm)
				1804	crypto_free_blkcipher(key_tfm->key_tfm);
				1805	kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
				1806	}
				1807	mutex_unlock(&key_tfm_list_mutex);
				1808	return 0;
				1809	}
				1810
				1811	int
				1812	ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm *key_tfm, char cipher_name,
				1813	size_t key_size)
				1814	{
				1815	struct ecryptfs_key_tfm *tmp_tfm;
				1816	int rc = 0;
				1817
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1818	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
				1819
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1820	tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
				1821	if (key_tfm != NULL)
				1822	(*key_tfm) = tmp_tfm;
				1823	if (!tmp_tfm) {
				1824	rc = -ENOMEM;
				1825	printk(KERN_ERR "Error attempting to allocate from "
				1826	"ecryptfs_key_tfm_cache\n");
				1827	goto out;
				1828	}
				1829	mutex_init(&tmp_tfm->key_tfm_mutex);
				1830	strncpy(tmp_tfm->cipher_name, cipher_name,
				1831	ECRYPTFS_MAX_CIPHER_NAME_SIZE);
Eric Sandeen	b886290	2007-12-22 14:03:24 -0800	[diff] [blame]	1832	tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1833	tmp_tfm->key_size = key_size;
Michael Halcrow	5dda699	2007-10-16 01:28:06 -0700	[diff] [blame]	1834	rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
				1835	tmp_tfm->cipher_name,
				1836	&tmp_tfm->key_size);
				1837	if (rc) {
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1838	printk(KERN_ERR "Error attempting to initialize key TFM "
				1839	"cipher with name = [%s]; rc = [%d]\n",
				1840	tmp_tfm->cipher_name, rc);
				1841	kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
				1842	if (key_tfm != NULL)
				1843	(*key_tfm) = NULL;
				1844	goto out;
				1845	}
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1846	list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1847	out:
				1848	return rc;
				1849	}
				1850
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1851	/**
				1852	* ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
				1853	* @cipher_name: the name of the cipher to search for
				1854	* @key_tfm: set to corresponding tfm if found
				1855	*
				1856	* Searches for cached key_tfm matching @cipher_name
				1857	* Must be called with &key_tfm_list_mutex held
				1858	* Returns 1 if found, with @key_tfm set
				1859	* Returns 0 if not found, with @key_tfm set to NULL
				1860	*/
				1861	int ecryptfs_tfm_exists(char cipher_name, struct ecryptfs_key_tfm *key_tfm)
				1862	{
				1863	struct ecryptfs_key_tfm *tmp_key_tfm;
				1864
				1865	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
				1866
				1867	list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
				1868	if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
				1869	if (key_tfm)
				1870	(*key_tfm) = tmp_key_tfm;
				1871	return 1;
				1872	}
				1873	}
				1874	if (key_tfm)
				1875	(*key_tfm) = NULL;
				1876	return 0;
				1877	}
				1878
				1879	/**
				1880	* ecryptfs_get_tfm_and_mutex_for_cipher_name
				1881	*
				1882	* @tfm: set to cached tfm found, or new tfm created
				1883	* @tfm_mutex: set to mutex for cached tfm found, or new tfm created
				1884	* @cipher_name: the name of the cipher to search for and/or add
				1885	*
				1886	* Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
				1887	* Searches for cached item first, and creates new if not found.
				1888	* Returns 0 on success, non-zero if adding new cipher failed
				1889	*/
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1890	int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
				1891	struct mutex **tfm_mutex,
				1892	char *cipher_name)
				1893	{
				1894	struct ecryptfs_key_tfm *key_tfm;
				1895	int rc = 0;
				1896
				1897	(*tfm) = NULL;
				1898	(*tfm_mutex) = NULL;
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1899
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1900	mutex_lock(&key_tfm_list_mutex);
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1901	if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
				1902	rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
				1903	if (rc) {
				1904	printk(KERN_ERR "Error adding new key_tfm to list; "
				1905	"rc = [%d]\n", rc);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1906	goto out;
				1907	}
				1908	}
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1909	(*tfm) = key_tfm->key_tfm;
				1910	(*tfm_mutex) = &key_tfm->key_tfm_mutex;
				1911	out:
Cyrill Gorcunov	71fd517	2008-05-23 13:04:20 -0700	[diff] [blame^]	1912	mutex_unlock(&key_tfm_list_mutex);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1913	return rc;
				1914	}