Blame - fs/ecryptfs/crypto.c - kernel/hikey-linaro

blob: d5c25db4398f0244f0f1d0c1f1e20a55f8f51aa9 [file] [log] [blame]

Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1	/**
				2	* eCryptfs: Linux filesystem encryption layer
				3	*
				4	* Copyright (C) 1997-2004 Erez Zadok
				5	* Copyright (C) 2001-2004 Stony Brook University
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	6	* Copyright (C) 2004-2007 International Business Machines Corp.
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	7	* Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
				8	* Michael C. Thompson <mcthomps@us.ibm.com>
				9	*
				10	* This program is free software; you can redistribute it and/or
				11	* modify it under the terms of the GNU General Public License as
				12	* published by the Free Software Foundation; either version 2 of the
				13	* License, or (at your option) any later version.
				14	*
				15	* This program is distributed in the hope that it will be useful, but
				16	* WITHOUT ANY WARRANTY; without even the implied warranty of
				17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
				18	* General Public License for more details.
				19	*
				20	* You should have received a copy of the GNU General Public License
				21	* along with this program; if not, write to the Free Software
				22	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
				23	* 02111-1307, USA.
				24	*/
				25
				26	#include <linux/fs.h>
				27	#include <linux/mount.h>
				28	#include <linux/pagemap.h>
				29	#include <linux/random.h>
				30	#include <linux/compiler.h>
				31	#include <linux/key.h>
				32	#include <linux/namei.h>
				33	#include <linux/crypto.h>
				34	#include <linux/file.h>
				35	#include <linux/scatterlist.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	36	#include <linux/slab.h>
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	37	#include <asm/unaligned.h>
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	38	#include "ecryptfs_kernel.h"
				39
				40	static int
				41	ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				42	struct page *dst_page, int dst_offset,
				43	struct page *src_page, int src_offset, int size,
				44	unsigned char *iv);
				45	static int
				46	ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				47	struct page *dst_page, int dst_offset,
				48	struct page *src_page, int src_offset, int size,
				49	unsigned char *iv);
				50
				51	/**
				52	* ecryptfs_to_hex
				53	* @dst: Buffer to take hex character representation of contents of
				54	* src; must be at least of size (src_size * 2)
				55	* @src: Buffer to be converted to a hex string respresentation
				56	* @src_size: number of bytes to convert
				57	*/
				58	void ecryptfs_to_hex(char dst, char src, size_t src_size)
				59	{
				60	int x;
				61
				62	for (x = 0; x < src_size; x++)
				63	sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);
				64	}
				65
				66	/**
				67	* ecryptfs_from_hex
				68	* @dst: Buffer to take the bytes from src hex; must be at least of
				69	* size (src_size / 2)
				70	* @src: Buffer to be converted from a hex string respresentation to raw value
				71	* @dst_size: size of dst buffer, or number of hex characters pairs to convert
				72	*/
				73	void ecryptfs_from_hex(char dst, char src, int dst_size)
				74	{
				75	int x;
				76	char tmp[3] = { 0, };
				77
				78	for (x = 0; x < dst_size; x++) {
				79	tmp[0] = src[x * 2];
				80	tmp[1] = src[x * 2 + 1];
				81	dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
				82	}
				83	}
				84
				85	/**
				86	* ecryptfs_calculate_md5 - calculates the md5 of @src
				87	* @dst: Pointer to 16 bytes of allocated memory
				88	* @crypt_stat: Pointer to crypt_stat struct for the current inode
				89	* @src: Data to be md5'd
				90	* @len: Length of @src
				91	*
				92	* Uses the allocated crypto context that crypt_stat references to
				93	* generate the MD5 sum of the contents of src.
				94	*/
				95	static int ecryptfs_calculate_md5(char *dst,
				96	struct ecryptfs_crypt_stat *crypt_stat,
				97	char *src, int len)
				98	{
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	99	struct scatterlist sg;
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	100	struct hash_desc desc = {
				101	.tfm = crypt_stat->hash_tfm,
				102	.flags = CRYPTO_TFM_REQ_MAY_SLEEP
				103	};
				104	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	105
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	106	mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	107	sg_init_one(&sg, (u8 *)src, len);
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	108	if (!desc.tfm) {
				109	desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
				110	CRYPTO_ALG_ASYNC);
				111	if (IS_ERR(desc.tfm)) {
				112	rc = PTR_ERR(desc.tfm);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	113	ecryptfs_printk(KERN_ERR, "Error attempting to "
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	114	"allocate crypto context; rc = [%d]\n",
				115	rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	116	goto out;
				117	}
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	118	crypt_stat->hash_tfm = desc.tfm;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	119	}
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	120	rc = crypto_hash_init(&desc);
				121	if (rc) {
				122	printk(KERN_ERR
				123	"%s: Error initializing crypto hash; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	124	__func__, rc);
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	125	goto out;
				126	}
				127	rc = crypto_hash_update(&desc, &sg, len);
				128	if (rc) {
				129	printk(KERN_ERR
				130	"%s: Error updating crypto hash; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	131	__func__, rc);
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	132	goto out;
				133	}
				134	rc = crypto_hash_final(&desc, dst);
				135	if (rc) {
				136	printk(KERN_ERR
				137	"%s: Error finalizing crypto hash; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	138	__func__, rc);
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	139	goto out;
				140	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	141	out:
Michael Halcrow	8a29f2b	2007-11-05 14:51:04 -0800	[diff] [blame]	142	mutex_unlock(&crypt_stat->cs_hash_tfm_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	143	return rc;
				144	}
				145
Michael Halcrow	cd9d67d	2007-10-16 01:28:04 -0700	[diff] [blame]	146	static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
				147	char *cipher_name,
				148	char *chaining_modifier)
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	149	{
				150	int cipher_name_len = strlen(cipher_name);
				151	int chaining_modifier_len = strlen(chaining_modifier);
				152	int algified_name_len;
				153	int rc;
				154
				155	algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
				156	(*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
Michael Halcrow	7bd473f	2006-11-02 22:06:56 -0800	[diff] [blame]	157	if (!(*algified_name)) {
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	158	rc = -ENOMEM;
				159	goto out;
				160	}
				161	snprintf((*algified_name), algified_name_len, "%s(%s)",
				162	chaining_modifier, cipher_name);
				163	rc = 0;
				164	out:
				165	return rc;
				166	}
				167
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	168	/**
				169	* ecryptfs_derive_iv
				170	* @iv: destination for the derived iv vale
				171	* @crypt_stat: Pointer to crypt_stat struct for the current inode
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	172	* @offset: Offset of the extent whose IV we are to derive
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	173	*
				174	* Generate the initialization vector from the given root IV and page
				175	* offset.
				176	*
				177	* Returns zero on success; non-zero on error.
				178	*/
Michael Halcrow	a34f60f	2009-01-06 14:41:58 -0800	[diff] [blame]	179	int ecryptfs_derive_iv(char iv, struct ecryptfs_crypt_stat crypt_stat,
				180	loff_t offset)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	181	{
				182	int rc = 0;
				183	char dst[MD5_DIGEST_SIZE];
				184	char src[ECRYPTFS_MAX_IV_BYTES + 16];
				185
				186	if (unlikely(ecryptfs_verbosity > 0)) {
				187	ecryptfs_printk(KERN_DEBUG, "root iv:\n");
				188	ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
				189	}
				190	/* TODO: It is probably secure to just cast the least
				191	* significant bits of the root IV into an unsigned long and
				192	* add the offset to that rather than go through all this
				193	* hashing business. -Halcrow */
				194	memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
				195	memset((src + crypt_stat->iv_bytes), 0, 16);
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	196	snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	197	if (unlikely(ecryptfs_verbosity > 0)) {
				198	ecryptfs_printk(KERN_DEBUG, "source:\n");
				199	ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
				200	}
				201	rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
				202	(crypt_stat->iv_bytes + 16));
				203	if (rc) {
				204	ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
				205	"MD5 while generating IV for a page\n");
				206	goto out;
				207	}
				208	memcpy(iv, dst, crypt_stat->iv_bytes);
				209	if (unlikely(ecryptfs_verbosity > 0)) {
				210	ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
				211	ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
				212	}
				213	out:
				214	return rc;
				215	}
				216
				217	/**
				218	* ecryptfs_init_crypt_stat
				219	* @crypt_stat: Pointer to the crypt_stat struct to initialize.
				220	*
				221	* Initialize the crypt_stat structure.
				222	*/
				223	void
				224	ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
				225	{
				226	memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	227	INIT_LIST_HEAD(&crypt_stat->keysig_list);
				228	mutex_init(&crypt_stat->keysig_list_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	229	mutex_init(&crypt_stat->cs_mutex);
				230	mutex_init(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	231	mutex_init(&crypt_stat->cs_hash_tfm_mutex);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	232	crypt_stat->flags \|= ECRYPTFS_STRUCT_INITIALIZED;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	233	}
				234
				235	/**
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	236	* ecryptfs_destroy_crypt_stat
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	237	* @crypt_stat: Pointer to the crypt_stat struct to initialize.
				238	*
				239	* Releases all memory associated with a crypt_stat struct.
				240	*/
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	241	void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	242	{
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	243	struct ecryptfs_key_sig key_sig, key_sig_tmp;
				244
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	245	if (crypt_stat->tfm)
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	246	crypto_free_blkcipher(crypt_stat->tfm);
Michael Halcrow	565d9724	2006-10-30 22:07:17 -0800	[diff] [blame]	247	if (crypt_stat->hash_tfm)
				248	crypto_free_hash(crypt_stat->hash_tfm);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	249	list_for_each_entry_safe(key_sig, key_sig_tmp,
				250	&crypt_stat->keysig_list, crypt_stat_list) {
				251	list_del(&key_sig->crypt_stat_list);
				252	kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
				253	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	254	memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
				255	}
				256
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	257	void ecryptfs_destroy_mount_crypt_stat(
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	258	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				259	{
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	260	struct ecryptfs_global_auth_tok auth_tok, auth_tok_tmp;
				261
				262	if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
				263	return;
				264	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
				265	list_for_each_entry_safe(auth_tok, auth_tok_tmp,
				266	&mount_crypt_stat->global_auth_tok_list,
				267	mount_crypt_stat_list) {
				268	list_del(&auth_tok->mount_crypt_stat_list);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	269	if (auth_tok->global_auth_tok_key
				270	&& !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
				271	key_put(auth_tok->global_auth_tok_key);
				272	kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
				273	}
				274	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	275	memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
				276	}
				277
				278	/**
				279	* virt_to_scatterlist
				280	* @addr: Virtual address
				281	* @size: Size of data; should be an even multiple of the block size
				282	* @sg: Pointer to scatterlist array; set to NULL to obtain only
				283	* the number of scatterlist structs required in array
				284	* @sg_size: Max array size
				285	*
				286	* Fills in a scatterlist array with page references for a passed
				287	* virtual address.
				288	*
				289	* Returns the number of scatterlist structs in array used
				290	*/
				291	int virt_to_scatterlist(const void addr, int size, struct scatterlist sg,
				292	int sg_size)
				293	{
				294	int i = 0;
				295	struct page *pg;
				296	int offset;
				297	int remainder_of_page;
				298
Herbert Xu	68e3f5d	2007-10-27 00:52:07 -0700	[diff] [blame]	299	sg_init_table(sg, sg_size);
				300
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	301	while (size > 0 && i < sg_size) {
				302	pg = virt_to_page(addr);
				303	offset = offset_in_page(addr);
Dan Carpenter	a07c48a	2013-01-26 10:48:42 +0300	[diff] [blame^]	304	sg_set_page(&sg[i], pg, 0, offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	305	remainder_of_page = PAGE_CACHE_SIZE - offset;
				306	if (size >= remainder_of_page) {
Dan Carpenter	a07c48a	2013-01-26 10:48:42 +0300	[diff] [blame^]	307	sg[i].length = remainder_of_page;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	308	addr += remainder_of_page;
				309	size -= remainder_of_page;
				310	} else {
Dan Carpenter	a07c48a	2013-01-26 10:48:42 +0300	[diff] [blame^]	311	sg[i].length = size;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	312	addr += size;
				313	size = 0;
				314	}
				315	i++;
				316	}
				317	if (size > 0)
				318	return -ENOMEM;
				319	return i;
				320	}
				321
				322	/**
				323	* encrypt_scatterlist
				324	* @crypt_stat: Pointer to the crypt_stat struct to initialize.
				325	* @dest_sg: Destination of encrypted data
				326	* @src_sg: Data to be encrypted
				327	* @size: Length of data to be encrypted
				328	* @iv: iv to use during encryption
				329	*
				330	* Returns the number of bytes encrypted; negative value on error
				331	*/
				332	static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
				333	struct scatterlist *dest_sg,
				334	struct scatterlist *src_sg, int size,
				335	unsigned char *iv)
				336	{
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	337	struct blkcipher_desc desc = {
				338	.tfm = crypt_stat->tfm,
				339	.info = iv,
				340	.flags = CRYPTO_TFM_REQ_MAY_SLEEP
				341	};
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	342	int rc = 0;
				343
				344	BUG_ON(!crypt_stat \|\| !crypt_stat->tfm
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	345	\|\| !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	346	if (unlikely(ecryptfs_verbosity > 0)) {
Tyler Hicks	f24b388	2010-11-15 17:36:38 -0600	[diff] [blame]	347	ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	348	crypt_stat->key_size);
				349	ecryptfs_dump_hex(crypt_stat->key,
				350	crypt_stat->key_size);
				351	}
				352	/* Consider doing this once, when the file is opened */
				353	mutex_lock(&crypt_stat->cs_tfm_mutex);
Trevor Highland	8e3a6f1	2008-02-06 01:38:33 -0800	[diff] [blame]	354	if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
				355	rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
				356	crypt_stat->key_size);
				357	crypt_stat->flags \|= ECRYPTFS_KEY_SET;
				358	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	359	if (rc) {
				360	ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
				361	rc);
				362	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				363	rc = -EINVAL;
				364	goto out;
				365	}
				366	ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	367	crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	368	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				369	out:
				370	return rc;
				371	}
				372
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	373	/**
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	374	* ecryptfs_lower_offset_for_extent
				375	*
				376	* Convert an eCryptfs page index into a lower byte offset
				377	*/
Adrian Bunk	7896b63	2008-02-06 01:38:32 -0800	[diff] [blame]	378	static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
				379	struct ecryptfs_crypt_stat *crypt_stat)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	380	{
Tyler Hicks	157f107	2010-02-11 07:10:38 -0600	[diff] [blame]	381	(*offset) = ecryptfs_lower_header_size(crypt_stat)
				382	+ (crypt_stat->extent_size * extent_num);
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	383	}
				384
				385	/**
				386	* ecryptfs_encrypt_extent
				387	* @enc_extent_page: Allocated page into which to encrypt the data in
				388	* @page
				389	* @crypt_stat: crypt_stat containing cryptographic context for the
				390	* encryption operation
				391	* @page: Page containing plaintext data extent to encrypt
				392	* @extent_offset: Page extent offset for use in generating IV
				393	*
				394	* Encrypts one extent of data.
				395	*
				396	* Return zero on success; non-zero otherwise
				397	*/
				398	static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
				399	struct ecryptfs_crypt_stat *crypt_stat,
				400	struct page *page,
				401	unsigned long extent_offset)
				402	{
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	403	loff_t extent_base;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	404	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
				405	int rc;
				406
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	407	extent_base = (((loff_t)page->index)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	408	* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
				409	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
				410	(extent_base + extent_offset));
				411	if (rc) {
Joe Perches	888d57b	2010-11-10 15:46:16 -0800	[diff] [blame]	412	ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
				413	"extent [0x%.16llx]; rc = [%d]\n",
				414	(unsigned long long)(extent_base + extent_offset), rc);
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	415	goto out;
				416	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	417	rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
				418	page, (extent_offset
				419	* crypt_stat->extent_size),
				420	crypt_stat->extent_size, extent_iv);
				421	if (rc < 0) {
				422	printk(KERN_ERR "%s: Error attempting to encrypt page with "
				423	"page->index = [%ld], extent_offset = [%ld]; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	424	"rc = [%d]\n", __func__, page->index, extent_offset,
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	425	rc);
				426	goto out;
				427	}
				428	rc = 0;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	429	out:
				430	return rc;
				431	}
				432
				433	/**
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	434	* ecryptfs_encrypt_page
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	435	* @page: Page mapped from the eCryptfs inode for the file; contains
				436	* decrypted content that needs to be encrypted (to a temporary
				437	* page; not in place) and written out to the lower file
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	438	*
				439	* Encrypt an eCryptfs page. This is done on a per-extent basis. Note
				440	* that eCryptfs pages may straddle the lower pages -- for instance,
				441	* if the file was created on a machine with an 8K page size
				442	* (resulting in an 8K header), and then the file is copied onto a
				443	* host with a 32K page size, then when reading page 0 of the eCryptfs
				444	* file, 24K of page 0 of the lower file will be read and decrypted,
				445	* and then 8K of page 1 of the lower file will be read and decrypted.
				446	*
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	447	* Returns zero on success; negative on error
				448	*/
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	449	int ecryptfs_encrypt_page(struct page *page)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	450	{
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	451	struct inode *ecryptfs_inode;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	452	struct ecryptfs_crypt_stat *crypt_stat;
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	453	char *enc_extent_virt;
				454	struct page *enc_extent_page = NULL;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	455	loff_t extent_offset;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	456	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	457
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	458	ecryptfs_inode = page->mapping->host;
				459	crypt_stat =
				460	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
Tyler Hicks	13a791b	2009-04-13 15:29:27 -0500	[diff] [blame]	461	BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	462	enc_extent_page = alloc_page(GFP_USER);
				463	if (!enc_extent_page) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	464	rc = -ENOMEM;
				465	ecryptfs_printk(KERN_ERR, "Error allocating memory for "
				466	"encrypted extent\n");
				467	goto out;
				468	}
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	469	enc_extent_virt = kmap(enc_extent_page);
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	470	for (extent_offset = 0;
				471	extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
				472	extent_offset++) {
				473	loff_t offset;
				474
				475	rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page,
				476	extent_offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	477	if (rc) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	478	printk(KERN_ERR "%s: Error encrypting extent; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	479	"rc = [%d]\n", __func__, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	480	goto out;
				481	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	482	ecryptfs_lower_offset_for_extent(
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	483	&offset, ((((loff_t)page->index)
				484	* (PAGE_CACHE_SIZE
				485	/ crypt_stat->extent_size))
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	486	+ extent_offset), crypt_stat);
				487	rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
				488	offset, crypt_stat->extent_size);
Tyler Hicks	96a7b9c	2009-09-16 19:04:20 -0500	[diff] [blame]	489	if (rc < 0) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	490	ecryptfs_printk(KERN_ERR, "Error attempting "
				491	"to write lower page; rc = [%d]"
				492	"\n", rc);
				493	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	494	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	495	}
Tyler Hicks	96a7b9c	2009-09-16 19:04:20 -0500	[diff] [blame]	496	rc = 0;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	497	out:
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	498	if (enc_extent_page) {
				499	kunmap(enc_extent_page);
				500	__free_page(enc_extent_page);
				501	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	502	return rc;
				503	}
				504
				505	static int ecryptfs_decrypt_extent(struct page *page,
				506	struct ecryptfs_crypt_stat *crypt_stat,
				507	struct page *enc_extent_page,
				508	unsigned long extent_offset)
				509	{
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	510	loff_t extent_base;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	511	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
				512	int rc;
				513
Michael Halcrow	d6a13c1	2007-10-16 01:28:12 -0700	[diff] [blame]	514	extent_base = (((loff_t)page->index)
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	515	* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
				516	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
				517	(extent_base + extent_offset));
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	518	if (rc) {
Joe Perches	888d57b	2010-11-10 15:46:16 -0800	[diff] [blame]	519	ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
				520	"extent [0x%.16llx]; rc = [%d]\n",
				521	(unsigned long long)(extent_base + extent_offset), rc);
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	522	goto out;
				523	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	524	rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
				525	(extent_offset
				526	* crypt_stat->extent_size),
				527	enc_extent_page, 0,
				528	crypt_stat->extent_size, extent_iv);
				529	if (rc < 0) {
				530	printk(KERN_ERR "%s: Error attempting to decrypt to page with "
				531	"page->index = [%ld], extent_offset = [%ld]; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	532	"rc = [%d]\n", __func__, page->index, extent_offset,
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	533	rc);
				534	goto out;
				535	}
				536	rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	537	out:
				538	return rc;
				539	}
				540
				541	/**
				542	* ecryptfs_decrypt_page
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	543	* @page: Page mapped from the eCryptfs inode for the file; data read
				544	* and decrypted from the lower file will be written into this
				545	* page
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	546	*
				547	* Decrypt an eCryptfs page. This is done on a per-extent basis. Note
				548	* that eCryptfs pages may straddle the lower pages -- for instance,
				549	* if the file was created on a machine with an 8K page size
				550	* (resulting in an 8K header), and then the file is copied onto a
				551	* host with a 32K page size, then when reading page 0 of the eCryptfs
				552	* file, 24K of page 0 of the lower file will be read and decrypted,
				553	* and then 8K of page 1 of the lower file will be read and decrypted.
				554	*
				555	* Returns zero on success; negative on error
				556	*/
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	557	int ecryptfs_decrypt_page(struct page *page)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	558	{
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	559	struct inode *ecryptfs_inode;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	560	struct ecryptfs_crypt_stat *crypt_stat;
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	561	char *enc_extent_virt;
				562	struct page *enc_extent_page = NULL;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	563	unsigned long extent_offset;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	564	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	565
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	566	ecryptfs_inode = page->mapping->host;
				567	crypt_stat =
				568	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
Tyler Hicks	13a791b	2009-04-13 15:29:27 -0500	[diff] [blame]	569	BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	570	enc_extent_page = alloc_page(GFP_USER);
				571	if (!enc_extent_page) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	572	rc = -ENOMEM;
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	573	ecryptfs_printk(KERN_ERR, "Error allocating memory for "
				574	"encrypted extent\n");
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	575	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	576	}
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	577	enc_extent_virt = kmap(enc_extent_page);
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	578	for (extent_offset = 0;
				579	extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
				580	extent_offset++) {
				581	loff_t offset;
				582
				583	ecryptfs_lower_offset_for_extent(
				584	&offset, ((page->index * (PAGE_CACHE_SIZE
				585	/ crypt_stat->extent_size))
				586	+ extent_offset), crypt_stat);
				587	rc = ecryptfs_read_lower(enc_extent_virt, offset,
				588	crypt_stat->extent_size,
				589	ecryptfs_inode);
Tyler Hicks	96a7b9c	2009-09-16 19:04:20 -0500	[diff] [blame]	590	if (rc < 0) {
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	591	ecryptfs_printk(KERN_ERR, "Error attempting "
				592	"to read lower page; rc = [%d]"
				593	"\n", rc);
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	594	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	595	}
Michael Halcrow	0216f7f	2007-10-16 01:28:08 -0700	[diff] [blame]	596	rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page,
				597	extent_offset);
				598	if (rc) {
				599	printk(KERN_ERR "%s: Error encrypting extent; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	600	"rc = [%d]\n", __func__, rc);
Michael Halcrow	16a72c4	2007-10-16 01:28:14 -0700	[diff] [blame]	601	goto out;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	602	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	603	}
				604	out:
Eric Sandeen	7fcba05	2008-07-28 15:46:39 -0700	[diff] [blame]	605	if (enc_extent_page) {
				606	kunmap(enc_extent_page);
				607	__free_page(enc_extent_page);
				608	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	609	return rc;
				610	}
				611
				612	/**
				613	* decrypt_scatterlist
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	614	* @crypt_stat: Cryptographic context
				615	* @dest_sg: The destination scatterlist to decrypt into
				616	* @src_sg: The source scatterlist to decrypt from
				617	* @size: The number of bytes to decrypt
				618	* @iv: The initialization vector to use for the decryption
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	619	*
				620	* Returns the number of bytes decrypted; negative value on error
				621	*/
				622	static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
				623	struct scatterlist *dest_sg,
				624	struct scatterlist *src_sg, int size,
				625	unsigned char *iv)
				626	{
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	627	struct blkcipher_desc desc = {
				628	.tfm = crypt_stat->tfm,
				629	.info = iv,
				630	.flags = CRYPTO_TFM_REQ_MAY_SLEEP
				631	};
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	632	int rc = 0;
				633
				634	/* Consider doing this once, when the file is opened */
				635	mutex_lock(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	636	rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
				637	crypt_stat->key_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	638	if (rc) {
				639	ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
				640	rc);
				641	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				642	rc = -EINVAL;
				643	goto out;
				644	}
				645	ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	646	rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	647	mutex_unlock(&crypt_stat->cs_tfm_mutex);
				648	if (rc) {
				649	ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
				650	rc);
				651	goto out;
				652	}
				653	rc = size;
				654	out:
				655	return rc;
				656	}
				657
				658	/**
				659	* ecryptfs_encrypt_page_offset
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	660	* @crypt_stat: The cryptographic context
				661	* @dst_page: The page to encrypt into
				662	* @dst_offset: The offset in the page to encrypt into
				663	* @src_page: The page to encrypt from
				664	* @src_offset: The offset in the page to encrypt from
				665	* @size: The number of bytes to encrypt
				666	* @iv: The initialization vector to use for the encryption
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	667	*
				668	* Returns the number of bytes encrypted
				669	*/
				670	static int
				671	ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				672	struct page *dst_page, int dst_offset,
				673	struct page *src_page, int src_offset, int size,
				674	unsigned char *iv)
				675	{
				676	struct scatterlist src_sg, dst_sg;
				677
Jens Axboe	60c74f8	2007-10-22 19:43:30 +0200	[diff] [blame]	678	sg_init_table(&src_sg, 1);
				679	sg_init_table(&dst_sg, 1);
				680
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	681	sg_set_page(&src_sg, src_page, size, src_offset);
				682	sg_set_page(&dst_sg, dst_page, size, dst_offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	683	return encrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv);
				684	}
				685
				686	/**
				687	* ecryptfs_decrypt_page_offset
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	688	* @crypt_stat: The cryptographic context
				689	* @dst_page: The page to decrypt into
				690	* @dst_offset: The offset in the page to decrypt into
				691	* @src_page: The page to decrypt from
				692	* @src_offset: The offset in the page to decrypt from
				693	* @size: The number of bytes to decrypt
				694	* @iv: The initialization vector to use for the decryption
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	695	*
				696	* Returns the number of bytes decrypted
				697	*/
				698	static int
				699	ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
				700	struct page *dst_page, int dst_offset,
				701	struct page *src_page, int src_offset, int size,
				702	unsigned char *iv)
				703	{
				704	struct scatterlist src_sg, dst_sg;
				705
Jens Axboe	60c74f8	2007-10-22 19:43:30 +0200	[diff] [blame]	706	sg_init_table(&src_sg, 1);
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	707	sg_set_page(&src_sg, src_page, size, src_offset);
Jens Axboe	60c74f8	2007-10-22 19:43:30 +0200	[diff] [blame]	708
Jens Axboe	642f14903	2007-10-24 11:20:47 +0200	[diff] [blame]	709	sg_init_table(&dst_sg, 1);
				710	sg_set_page(&dst_sg, dst_page, size, dst_offset);
				711
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	712	return decrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv);
				713	}
				714
				715	#define ECRYPTFS_MAX_SCATTERLIST_LEN 4
				716
				717	/**
				718	* ecryptfs_init_crypt_ctx
Uwe Kleine-König	421f91d	2010-06-11 12:17:00 +0200	[diff] [blame]	719	* @crypt_stat: Uninitialized crypt stats structure
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	720	*
				721	* Initialize the crypto context.
				722	*
				723	* TODO: Performance: Keep a cache of initialized cipher contexts;
				724	* only init if needed
				725	*/
				726	int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
				727	{
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	728	char *full_alg_name;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	729	int rc = -EINVAL;
				730
				731	if (!crypt_stat->cipher) {
				732	ecryptfs_printk(KERN_ERR, "No cipher specified\n");
				733	goto out;
				734	}
				735	ecryptfs_printk(KERN_DEBUG,
				736	"Initializing cipher [%s]; strlen = [%d]; "
Tyler Hicks	f24b388	2010-11-15 17:36:38 -0600	[diff] [blame]	737	"key_size_bits = [%zd]\n",
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	738	crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
				739	crypt_stat->key_size << 3);
				740	if (crypt_stat->tfm) {
				741	rc = 0;
				742	goto out;
				743	}
				744	mutex_lock(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	745	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
				746	crypt_stat->cipher, "cbc");
				747	if (rc)
Eric Sandeen	c8161f6	2007-12-22 14:03:26 -0800	[diff] [blame]	748	goto out_unlock;
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	749	crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0,
				750	CRYPTO_ALG_ASYNC);
				751	kfree(full_alg_name);
Akinobu Mita	de88777	2006-11-28 12:29:49 -0800	[diff] [blame]	752	if (IS_ERR(crypt_stat->tfm)) {
				753	rc = PTR_ERR(crypt_stat->tfm);
Tyler Hicks	b0105ea	2009-08-11 00:36:32 -0500	[diff] [blame]	754	crypt_stat->tfm = NULL;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	755	ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
				756	"Error initializing cipher [%s]\n",
				757	crypt_stat->cipher);
Eric Sandeen	c8161f6	2007-12-22 14:03:26 -0800	[diff] [blame]	758	goto out_unlock;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	759	}
Herbert Xu	f1ddcaf	2007-01-27 10:05:15 +1100	[diff] [blame]	760	crypto_blkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	761	rc = 0;
Eric Sandeen	c8161f6	2007-12-22 14:03:26 -0800	[diff] [blame]	762	out_unlock:
				763	mutex_unlock(&crypt_stat->cs_tfm_mutex);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	764	out:
				765	return rc;
				766	}
				767
				768	static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
				769	{
				770	int extent_size_tmp;
				771
				772	crypt_stat->extent_mask = 0xFFFFFFFF;
				773	crypt_stat->extent_shift = 0;
				774	if (crypt_stat->extent_size == 0)
				775	return;
				776	extent_size_tmp = crypt_stat->extent_size;
				777	while ((extent_size_tmp & 0x01) == 0) {
				778	extent_size_tmp >>= 1;
				779	crypt_stat->extent_mask <<= 1;
				780	crypt_stat->extent_shift++;
				781	}
				782	}
				783
				784	void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
				785	{
				786	/* Default values; may be overwritten as we are parsing the
				787	* packets. */
				788	crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
				789	set_extent_mask_and_shift(crypt_stat);
				790	crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	791	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	792	crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	793	else {
				794	if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	795	crypt_stat->metadata_size =
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	796	ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	797	else
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	798	crypt_stat->metadata_size = PAGE_CACHE_SIZE;
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	799	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	800	}
				801
				802	/**
				803	* ecryptfs_compute_root_iv
				804	* @crypt_stats
				805	*
				806	* On error, sets the root IV to all 0's.
				807	*/
				808	int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
				809	{
				810	int rc = 0;
				811	char dst[MD5_DIGEST_SIZE];
				812
				813	BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
				814	BUG_ON(crypt_stat->iv_bytes <= 0);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	815	if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	816	rc = -EINVAL;
				817	ecryptfs_printk(KERN_WARNING, "Session key not valid; "
				818	"cannot generate root IV\n");
				819	goto out;
				820	}
				821	rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
				822	crypt_stat->key_size);
				823	if (rc) {
				824	ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
				825	"MD5 while generating root IV\n");
				826	goto out;
				827	}
				828	memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
				829	out:
				830	if (rc) {
				831	memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	832	crypt_stat->flags \|= ECRYPTFS_SECURITY_WARNING;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	833	}
				834	return rc;
				835	}
				836
				837	static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
				838	{
				839	get_random_bytes(crypt_stat->key, crypt_stat->key_size);
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	840	crypt_stat->flags \|= ECRYPTFS_KEY_VALID;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	841	ecryptfs_compute_root_iv(crypt_stat);
				842	if (unlikely(ecryptfs_verbosity > 0)) {
				843	ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
				844	ecryptfs_dump_hex(crypt_stat->key,
				845	crypt_stat->key_size);
				846	}
				847	}
				848
				849	/**
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	850	* ecryptfs_copy_mount_wide_flags_to_inode_flags
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	851	* @crypt_stat: The inode's cryptographic context
				852	* @mount_crypt_stat: The mount point's cryptographic context
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	853	*
				854	* This function propagates the mount-wide flags to individual inode
				855	* flags.
				856	*/
				857	static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
				858	struct ecryptfs_crypt_stat *crypt_stat,
				859	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				860	{
				861	if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
				862	crypt_stat->flags \|= ECRYPTFS_METADATA_IN_XATTR;
				863	if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
				864	crypt_stat->flags \|= ECRYPTFS_VIEW_AS_ENCRYPTED;
Michael Halcrow	addd65ad	2009-01-06 14:42:00 -0800	[diff] [blame]	865	if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
				866	crypt_stat->flags \|= ECRYPTFS_ENCRYPT_FILENAMES;
				867	if (mount_crypt_stat->flags
				868	& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
				869	crypt_stat->flags \|= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
				870	else if (mount_crypt_stat->flags
				871	& ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
				872	crypt_stat->flags \|= ECRYPTFS_ENCFN_USE_FEK;
				873	}
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	874	}
				875
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	876	static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
				877	struct ecryptfs_crypt_stat *crypt_stat,
				878	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				879	{
				880	struct ecryptfs_global_auth_tok *global_auth_tok;
				881	int rc = 0;
				882
Roland Dreier	aa06117	2009-07-01 15:48:18 -0700	[diff] [blame]	883	mutex_lock(&crypt_stat->keysig_list_mutex);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	884	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
Roland Dreier	aa06117	2009-07-01 15:48:18 -0700	[diff] [blame]	885
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	886	list_for_each_entry(global_auth_tok,
				887	&mount_crypt_stat->global_auth_tok_list,
				888	mount_crypt_stat_list) {
Tyler Hicks	84814d6	2009-03-13 13:51:59 -0700	[diff] [blame]	889	if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
				890	continue;
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	891	rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
				892	if (rc) {
				893	printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	894	goto out;
				895	}
				896	}
Roland Dreier	aa06117	2009-07-01 15:48:18 -0700	[diff] [blame]	897
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	898	out:
Roland Dreier	aa06117	2009-07-01 15:48:18 -0700	[diff] [blame]	899	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
				900	mutex_unlock(&crypt_stat->keysig_list_mutex);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	901	return rc;
				902	}
				903
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	904	/**
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	905	* ecryptfs_set_default_crypt_stat_vals
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	906	* @crypt_stat: The inode's cryptographic context
				907	* @mount_crypt_stat: The mount point's cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	908	*
				909	* Default values in the event that policy does not override them.
				910	*/
				911	static void ecryptfs_set_default_crypt_stat_vals(
				912	struct ecryptfs_crypt_stat *crypt_stat,
				913	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				914	{
Michael Halcrow	1739895	2007-02-12 00:53:45 -0800	[diff] [blame]	915	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
				916	mount_crypt_stat);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	917	ecryptfs_set_default_sizes(crypt_stat);
				918	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
				919	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	920	crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	921	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
				922	crypt_stat->mount_crypt_stat = mount_crypt_stat;
				923	}
				924
				925	/**
				926	* ecryptfs_new_file_context
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	927	* @ecryptfs_inode: The eCryptfs inode
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	928	*
				929	* If the crypto context for the file has not yet been established,
				930	* this is where we do that. Establishing a new crypto context
				931	* involves the following decisions:
				932	* - What cipher to use?
				933	* - What set of authentication tokens to use?
				934	* Here we just worry about getting enough information into the
				935	* authentication tokens so that we know that they are available.
				936	* We associate the available authentication tokens with the new file
				937	* via the set of signatures in the crypt_stat struct. Later, when
				938	* the headers are actually written out, we may again defer to
				939	* userspace to perform the encryption of the session key; for the
				940	* foreseeable future, this will be the case with public key packets.
				941	*
				942	* Returns zero on success; non-zero otherwise
				943	*/
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	944	int ecryptfs_new_file_context(struct inode *ecryptfs_inode)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	945	{
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	946	struct ecryptfs_crypt_stat *crypt_stat =
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	947	&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	948	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
				949	&ecryptfs_superblock_to_private(
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	950	ecryptfs_inode->i_sb)->mount_crypt_stat;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	951	int cipher_name_len;
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	952	int rc = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	953
				954	ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
Michael Halcrow	af655dc	2007-10-16 01:28:00 -0700	[diff] [blame]	955	crypt_stat->flags \|= (ECRYPTFS_ENCRYPTED \| ECRYPTFS_KEY_VALID);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	956	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
				957	mount_crypt_stat);
				958	rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
				959	mount_crypt_stat);
				960	if (rc) {
				961	printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
				962	"to the inode key sigs; rc = [%d]\n", rc);
				963	goto out;
				964	}
				965	cipher_name_len =
				966	strlen(mount_crypt_stat->global_default_cipher_name);
				967	memcpy(crypt_stat->cipher,
				968	mount_crypt_stat->global_default_cipher_name,
				969	cipher_name_len);
				970	crypt_stat->cipher[cipher_name_len] = '\0';
				971	crypt_stat->key_size =
				972	mount_crypt_stat->global_default_cipher_key_size;
				973	ecryptfs_generate_new_key(crypt_stat);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	974	rc = ecryptfs_init_crypt_ctx(crypt_stat);
				975	if (rc)
				976	ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
				977	"context for cipher [%s]: rc = [%d]\n",
				978	crypt_stat->cipher, rc);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	979	out:
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	980	return rc;
				981	}
				982
				983	/**
Tyler Hicks	7a86617	2011-05-02 00:39:54 -0500	[diff] [blame]	984	* ecryptfs_validate_marker - check for the ecryptfs marker
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	985	* @data: The data block in which to check
				986	*
Tyler Hicks	7a86617	2011-05-02 00:39:54 -0500	[diff] [blame]	987	* Returns zero if marker found; -EINVAL if not found
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	988	*/
Tyler Hicks	7a86617	2011-05-02 00:39:54 -0500	[diff] [blame]	989	static int ecryptfs_validate_marker(char *data)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	990	{
				991	u32 m_1, m_2;
				992
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	993	m_1 = get_unaligned_be32(data);
				994	m_2 = get_unaligned_be32(data + 4);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	995	if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
Tyler Hicks	7a86617	2011-05-02 00:39:54 -0500	[diff] [blame]	996	return 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	997	ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
				998	"MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
				999	MAGIC_ECRYPTFS_MARKER);
				1000	ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
				1001	"[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
Tyler Hicks	7a86617	2011-05-02 00:39:54 -0500	[diff] [blame]	1002	return -EINVAL;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1003	}
				1004
				1005	struct ecryptfs_flag_map_elem {
				1006	u32 file_flag;
				1007	u32 local_flag;
				1008	};
				1009
				1010	/* Add support for additional flags by adding elements here. */
				1011	static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
				1012	{0x00000001, ECRYPTFS_ENABLE_HMAC},
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1013	{0x00000002, ECRYPTFS_ENCRYPTED},
Michael Halcrow	addd65ad	2009-01-06 14:42:00 -0800	[diff] [blame]	1014	{0x00000004, ECRYPTFS_METADATA_IN_XATTR},
				1015	{0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1016	};
				1017
				1018	/**
				1019	* ecryptfs_process_flags
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1020	* @crypt_stat: The cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1021	* @page_virt: Source data to be parsed
				1022	* @bytes_read: Updated with the number of bytes read
				1023	*
				1024	* Returns zero on success; non-zero if the flag set is invalid
				1025	*/
				1026	static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
				1027	char page_virt, int bytes_read)
				1028	{
				1029	int rc = 0;
				1030	int i;
				1031	u32 flags;
				1032
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1033	flags = get_unaligned_be32(page_virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1034	for (i = 0; i < ((sizeof(ecryptfs_flag_map)
				1035	/ sizeof(struct ecryptfs_flag_map_elem))); i++)
				1036	if (flags & ecryptfs_flag_map[i].file_flag) {
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1037	crypt_stat->flags \|= ecryptfs_flag_map[i].local_flag;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1038	} else
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1039	crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1040	/* Version is in top 8 bits of the 32-bit flag vector */
				1041	crypt_stat->file_version = ((flags >> 24) & 0xFF);
				1042	(*bytes_read) = 4;
				1043	return rc;
				1044	}
				1045
				1046	/**
				1047	* write_ecryptfs_marker
				1048	* @page_virt: The pointer to in a page to begin writing the marker
				1049	* @written: Number of bytes written
				1050	*
				1051	* Marker = 0x3c81b7f5
				1052	*/
				1053	static void write_ecryptfs_marker(char page_virt, size_t written)
				1054	{
				1055	u32 m_1, m_2;
				1056
				1057	get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
				1058	m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1059	put_unaligned_be32(m_1, page_virt);
				1060	page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2);
				1061	put_unaligned_be32(m_2, page_virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1062	(*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
				1063	}
				1064
Tyler Hicks	f4e60e6	2010-02-11 00:02:32 -0600	[diff] [blame]	1065	void ecryptfs_write_crypt_stat_flags(char *page_virt,
				1066	struct ecryptfs_crypt_stat *crypt_stat,
				1067	size_t *written)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1068	{
				1069	u32 flags = 0;
				1070	int i;
				1071
				1072	for (i = 0; i < ((sizeof(ecryptfs_flag_map)
				1073	/ sizeof(struct ecryptfs_flag_map_elem))); i++)
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1074	if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1075	flags \|= ecryptfs_flag_map[i].file_flag;
				1076	/* Version is in top 8 bits of the 32-bit flag vector */
				1077	flags \|= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1078	put_unaligned_be32(flags, page_virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1079	(*written) = 4;
				1080	}
				1081
				1082	struct ecryptfs_cipher_code_str_map_elem {
				1083	char cipher_str[16];
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1084	u8 cipher_code;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1085	};
				1086
				1087	/* Add support for additional ciphers by adding elements here. The
				1088	* cipher_code is whatever OpenPGP applicatoins use to identify the
				1089	* ciphers. List in order of probability. */
				1090	static struct ecryptfs_cipher_code_str_map_elem
				1091	ecryptfs_cipher_code_str_map[] = {
				1092	{"aes",RFC2440_CIPHER_AES_128 },
				1093	{"blowfish", RFC2440_CIPHER_BLOWFISH},
				1094	{"des3_ede", RFC2440_CIPHER_DES3_EDE},
				1095	{"cast5", RFC2440_CIPHER_CAST_5},
				1096	{"twofish", RFC2440_CIPHER_TWOFISH},
				1097	{"cast6", RFC2440_CIPHER_CAST_6},
				1098	{"aes", RFC2440_CIPHER_AES_192},
				1099	{"aes", RFC2440_CIPHER_AES_256}
				1100	};
				1101
				1102	/**
				1103	* ecryptfs_code_for_cipher_string
Michael Halcrow	9c79f34	2009-01-06 14:41:57 -0800	[diff] [blame]	1104	* @cipher_name: The string alias for the cipher
				1105	* @key_bytes: Length of key in bytes; used for AES code selection
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1106	*
				1107	* Returns zero on no match, or the cipher code on match
				1108	*/
Michael Halcrow	9c79f34	2009-01-06 14:41:57 -0800	[diff] [blame]	1109	u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1110	{
				1111	int i;
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1112	u8 code = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1113	struct ecryptfs_cipher_code_str_map_elem *map =
				1114	ecryptfs_cipher_code_str_map;
				1115
Michael Halcrow	9c79f34	2009-01-06 14:41:57 -0800	[diff] [blame]	1116	if (strcmp(cipher_name, "aes") == 0) {
				1117	switch (key_bytes) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1118	case 16:
				1119	code = RFC2440_CIPHER_AES_128;
				1120	break;
				1121	case 24:
				1122	code = RFC2440_CIPHER_AES_192;
				1123	break;
				1124	case 32:
				1125	code = RFC2440_CIPHER_AES_256;
				1126	}
				1127	} else {
				1128	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
Michael Halcrow	9c79f34	2009-01-06 14:41:57 -0800	[diff] [blame]	1129	if (strcmp(cipher_name, map[i].cipher_str) == 0) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1130	code = map[i].cipher_code;
				1131	break;
				1132	}
				1133	}
				1134	return code;
				1135	}
				1136
				1137	/**
				1138	* ecryptfs_cipher_code_to_string
				1139	* @str: Destination to write out the cipher name
				1140	* @cipher_code: The code to convert to cipher name string
				1141	*
				1142	* Returns zero on success
				1143	*/
Trevor Highland	19e66a6	2008-02-06 01:38:36 -0800	[diff] [blame]	1144	int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1145	{
				1146	int rc = 0;
				1147	int i;
				1148
				1149	str[0] = '\0';
				1150	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
				1151	if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
				1152	strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
				1153	if (str[0] == '\0') {
				1154	ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
				1155	"[%d]\n", cipher_code);
				1156	rc = -EINVAL;
				1157	}
				1158	return rc;
				1159	}
				1160
Tyler Hicks	778aeb4	2011-05-24 04:56:23 -0500	[diff] [blame]	1161	int ecryptfs_read_and_validate_header_region(struct inode *inode)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1162	{
Tyler Hicks	778aeb4	2011-05-24 04:56:23 -0500	[diff] [blame]	1163	u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
				1164	u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1165	int rc;
				1166
Tyler Hicks	778aeb4	2011-05-24 04:56:23 -0500	[diff] [blame]	1167	rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
				1168	inode);
				1169	if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
				1170	return rc >= 0 ? -EINVAL : rc;
				1171	rc = ecryptfs_validate_marker(marker);
				1172	if (!rc)
				1173	ecryptfs_i_size_init(file_size, inode);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1174	return rc;
				1175	}
				1176
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1177	void
				1178	ecryptfs_write_header_metadata(char *virt,
				1179	struct ecryptfs_crypt_stat *crypt_stat,
				1180	size_t *written)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1181	{
				1182	u32 header_extent_size;
				1183	u16 num_header_extents_at_front;
				1184
Michael Halcrow	45eaab7	2007-10-16 01:28:05 -0700	[diff] [blame]	1185	header_extent_size = (u32)crypt_stat->extent_size;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1186	num_header_extents_at_front =
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	1187	(u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1188	put_unaligned_be32(header_extent_size, virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1189	virt += 4;
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1190	put_unaligned_be16(num_header_extents_at_front, virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1191	(*written) = 6;
				1192	}
				1193
Tyler Hicks	3063287	2011-05-24 05:11:12 -0500	[diff] [blame]	1194	struct kmem_cache *ecryptfs_header_cache;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1195
				1196	/**
				1197	* ecryptfs_write_headers_virt
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1198	* @page_virt: The virtual address to write the headers to
Eric Sandeen	87b811c3	2008-10-29 14:01:08 -0700	[diff] [blame]	1199	* @max: The size of memory allocated at page_virt
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1200	* @size: Set to the number of bytes written by this function
				1201	* @crypt_stat: The cryptographic context
				1202	* @ecryptfs_dentry: The eCryptfs dentry
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1203	*
				1204	* Format version: 1
				1205	*
				1206	* Header Extent:
				1207	* Octets 0-7: Unencrypted file size (big-endian)
				1208	* Octets 8-15: eCryptfs special marker
				1209	* Octets 16-19: Flags
				1210	* Octet 16: File format version number (between 0 and 255)
				1211	* Octets 17-18: Reserved
				1212	* Octet 19: Bit 1 (lsb): Reserved
				1213	* Bit 2: Encrypted?
				1214	* Bits 3-8: Reserved
				1215	* Octets 20-23: Header extent size (big-endian)
				1216	* Octets 24-25: Number of header extents at front of file
				1217	* (big-endian)
				1218	* Octet 26: Begin RFC 2440 authentication token packet set
				1219	* Data Extent 0:
				1220	* Lower data (CBC encrypted)
				1221	* Data Extent 1:
				1222	* Lower data (CBC encrypted)
				1223	* ...
				1224	*
				1225	* Returns zero on success
				1226	*/
Eric Sandeen	87b811c3	2008-10-29 14:01:08 -0700	[diff] [blame]	1227	static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
				1228	size_t *size,
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1229	struct ecryptfs_crypt_stat *crypt_stat,
				1230	struct dentry *ecryptfs_dentry)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1231	{
				1232	int rc;
				1233	size_t written;
				1234	size_t offset;
				1235
				1236	offset = ECRYPTFS_FILE_SIZE_BYTES;
				1237	write_ecryptfs_marker((page_virt + offset), &written);
				1238	offset += written;
Tyler Hicks	f4e60e6	2010-02-11 00:02:32 -0600	[diff] [blame]	1239	ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
				1240	&written);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1241	offset += written;
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1242	ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
				1243	&written);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1244	offset += written;
				1245	rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
				1246	ecryptfs_dentry, &written,
Eric Sandeen	87b811c3	2008-10-29 14:01:08 -0700	[diff] [blame]	1247	max - offset);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1248	if (rc)
				1249	ecryptfs_printk(KERN_WARNING, "Error generating key packet "
				1250	"set; rc = [%d]\n", rc);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1251	if (size) {
				1252	offset += written;
				1253	*size = offset;
				1254	}
				1255	return rc;
				1256	}
				1257
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1258	static int
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	1259	ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode,
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1260	char *virt, size_t virt_len)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1261	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1262	int rc;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1263
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	1264	rc = ecryptfs_write_lower(ecryptfs_inode, virt,
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1265	0, virt_len);
Tyler Hicks	96a7b9c	2009-09-16 19:04:20 -0500	[diff] [blame]	1266	if (rc < 0)
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1267	printk(KERN_ERR "%s: Error attempting to write header "
Tyler Hicks	96a7b9c	2009-09-16 19:04:20 -0500	[diff] [blame]	1268	"information to lower file; rc = [%d]\n", __func__, rc);
				1269	else
				1270	rc = 0;
Michael Halcrow	7045660	2007-02-12 00:53:48 -0800	[diff] [blame]	1271	return rc;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1272	}
				1273
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1274	static int
				1275	ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1276	char *page_virt, size_t size)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1277	{
				1278	int rc;
				1279
				1280	rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt,
				1281	size, 0);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1282	return rc;
				1283	}
				1284
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1285	static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
				1286	unsigned int order)
				1287	{
				1288	struct page *page;
				1289
				1290	page = alloc_pages(gfp_mask \| __GFP_ZERO, order);
				1291	if (page)
				1292	return (unsigned long) page_address(page);
				1293	return 0;
				1294	}
				1295
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1296	/**
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1297	* ecryptfs_write_metadata
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	1298	* @ecryptfs_dentry: The eCryptfs dentry, which should be negative
				1299	* @ecryptfs_inode: The newly created eCryptfs inode
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1300	*
				1301	* Write the file headers out. This will likely involve a userspace
				1302	* callout, in which the session key is encrypted with one or more
				1303	* public keys and/or the passphrase necessary to do the encryption is
				1304	* retrieved via a prompt. Exactly what happens at this point should
				1305	* be policy-dependent.
				1306	*
				1307	* Returns zero on success; non-zero on error
				1308	*/
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	1309	int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
				1310	struct inode *ecryptfs_inode)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1311	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1312	struct ecryptfs_crypt_stat *crypt_stat =
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	1313	&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1314	unsigned int order;
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1315	char *virt;
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1316	size_t virt_len;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1317	size_t size = 0;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1318	int rc = 0;
				1319
Michael Halcrow	e2bd99e	2007-02-12 00:53:49 -0800	[diff] [blame]	1320	if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
				1321	if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1322	printk(KERN_ERR "Key is invalid; bailing out\n");
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1323	rc = -EINVAL;
				1324	goto out;
				1325	}
				1326	} else {
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1327	printk(KERN_WARNING "%s: Encrypted flag not set\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1328	__func__);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1329	rc = -EINVAL;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1330	goto out;
				1331	}
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	1332	virt_len = crypt_stat->metadata_size;
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1333	order = get_order(virt_len);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1334	/* Released in this function */
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1335	virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1336	if (!virt) {
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1337	printk(KERN_ERR "%s: Out of memory\n", __func__);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1338	rc = -ENOMEM;
				1339	goto out;
				1340	}
Tyler Hicks	bd4f0fe	2011-02-23 00:14:19 -0600	[diff] [blame]	1341	/* Zeroed page ensures the in-header unencrypted i_size is set to 0 */
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1342	rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
				1343	ecryptfs_dentry);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1344	if (unlikely(rc)) {
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1345	printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1346	__func__, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1347	goto out_free;
				1348	}
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1349	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1350	rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt,
				1351	size);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1352	else
Tyler Hicks	b59db43	2011-11-21 17:31:02 -0600	[diff] [blame]	1353	rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt,
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1354	virt_len);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1355	if (rc) {
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1356	printk(KERN_ERR "%s: Error writing metadata out to lower file; "
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1357	"rc = [%d]\n", __func__, rc);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1358	goto out_free;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1359	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1360	out_free:
Tyler Hicks	8faece5	2009-03-20 01:25:09 -0500	[diff] [blame]	1361	free_pages((unsigned long)virt, order);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1362	out:
				1363	return rc;
				1364	}
				1365
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1366	#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
				1367	#define ECRYPTFS_VALIDATE_HEADER_SIZE 1
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1368	static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1369	char virt, int bytes_read,
				1370	int validate_header_size)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1371	{
				1372	int rc = 0;
				1373	u32 header_extent_size;
				1374	u16 num_header_extents_at_front;
				1375
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1376	header_extent_size = get_unaligned_be32(virt);
				1377	virt += sizeof(__be32);
				1378	num_header_extents_at_front = get_unaligned_be16(virt);
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	1379	crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
				1380	* (size_t)header_extent_size));
Harvey Harrison	29335c6	2008-07-23 21:30:06 -0700	[diff] [blame]	1381	(*bytes_read) = (sizeof(__be32) + sizeof(__be16));
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1382	if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	1383	&& (crypt_stat->metadata_size
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1384	< ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1385	rc = -EINVAL;
Michael Halcrow	cc11bef	2008-02-06 01:38:32 -0800	[diff] [blame]	1386	printk(KERN_WARNING "Invalid header size: [%zd]\n",
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	1387	crypt_stat->metadata_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1388	}
				1389	return rc;
				1390	}
				1391
				1392	/**
				1393	* set_default_header_data
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1394	* @crypt_stat: The cryptographic context
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1395	*
				1396	* For version 0 file format; this function is only for backwards
				1397	* compatibility for files created with the prior versions of
				1398	* eCryptfs.
				1399	*/
				1400	static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
				1401	{
Tyler Hicks	fa3ef1c	2010-02-11 05:09:14 -0600	[diff] [blame]	1402	crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1403	}
				1404
Tyler Hicks	3aeb86e	2011-03-15 14:54:00 -0500	[diff] [blame]	1405	void ecryptfs_i_size_init(const char page_virt, struct inode inode)
				1406	{
				1407	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
				1408	struct ecryptfs_crypt_stat *crypt_stat;
				1409	u64 file_size;
				1410
				1411	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
				1412	mount_crypt_stat =
				1413	&ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
				1414	if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
				1415	file_size = i_size_read(ecryptfs_inode_to_lower(inode));
				1416	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
				1417	file_size += crypt_stat->metadata_size;
				1418	} else
				1419	file_size = get_unaligned_be64(page_virt);
				1420	i_size_write(inode, (loff_t)file_size);
				1421	crypt_stat->flags \|= ECRYPTFS_I_SIZE_INITIALIZED;
				1422	}
				1423
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1424	/**
				1425	* ecryptfs_read_headers_virt
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1426	* @page_virt: The virtual address into which to read the headers
				1427	* @crypt_stat: The cryptographic context
				1428	* @ecryptfs_dentry: The eCryptfs dentry
				1429	* @validate_header_size: Whether to validate the header size while reading
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1430	*
				1431	* Read/parse the header data. The header format is detailed in the
				1432	* comment block for the ecryptfs_write_headers_virt() function.
				1433	*
				1434	* Returns zero on success
				1435	*/
				1436	static int ecryptfs_read_headers_virt(char *page_virt,
				1437	struct ecryptfs_crypt_stat *crypt_stat,
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1438	struct dentry *ecryptfs_dentry,
				1439	int validate_header_size)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1440	{
				1441	int rc = 0;
				1442	int offset;
				1443	int bytes_read;
				1444
				1445	ecryptfs_set_default_sizes(crypt_stat);
				1446	crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
				1447	ecryptfs_dentry->d_sb)->mount_crypt_stat;
				1448	offset = ECRYPTFS_FILE_SIZE_BYTES;
Tyler Hicks	7a86617	2011-05-02 00:39:54 -0500	[diff] [blame]	1449	rc = ecryptfs_validate_marker(page_virt + offset);
				1450	if (rc)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1451	goto out;
Tyler Hicks	3aeb86e	2011-03-15 14:54:00 -0500	[diff] [blame]	1452	if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
				1453	ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1454	offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
				1455	rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
				1456	&bytes_read);
				1457	if (rc) {
				1458	ecryptfs_printk(KERN_WARNING, "Error processing flags\n");
				1459	goto out;
				1460	}
				1461	if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
				1462	ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
				1463	"file version [%d] is supported by this "
				1464	"version of eCryptfs\n",
				1465	crypt_stat->file_version,
				1466	ECRYPTFS_SUPPORTED_FILE_VERSION);
				1467	rc = -EINVAL;
				1468	goto out;
				1469	}
				1470	offset += bytes_read;
				1471	if (crypt_stat->file_version >= 1) {
				1472	rc = parse_header_metadata(crypt_stat, (page_virt + offset),
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1473	&bytes_read, validate_header_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1474	if (rc) {
				1475	ecryptfs_printk(KERN_WARNING, "Error reading header "
				1476	"metadata; rc = [%d]\n", rc);
				1477	}
				1478	offset += bytes_read;
				1479	} else
				1480	set_default_header_data(crypt_stat);
				1481	rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
				1482	ecryptfs_dentry);
				1483	out:
				1484	return rc;
				1485	}
				1486
				1487	/**
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1488	* ecryptfs_read_xattr_region
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1489	* @page_virt: The vitual address into which to read the xattr data
Michael Halcrow	2ed9255	2007-10-16 01:28:10 -0700	[diff] [blame]	1490	* @ecryptfs_inode: The eCryptfs inode
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1491	*
				1492	* Attempts to read the crypto metadata from the extended attribute
				1493	* region of the lower file.
Michael Halcrow	22e78fa	2007-10-16 01:28:02 -0700	[diff] [blame]	1494	*
				1495	* Returns zero on success; non-zero on error
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1496	*/
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1497	int ecryptfs_read_xattr_region(char page_virt, struct inode ecryptfs_inode)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1498	{
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1499	struct dentry *lower_dentry =
				1500	ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1501	ssize_t size;
				1502	int rc = 0;
				1503
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1504	size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME,
				1505	page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1506	if (size < 0) {
Michael Halcrow	25bd817	2008-02-06 01:38:35 -0800	[diff] [blame]	1507	if (unlikely(ecryptfs_verbosity > 0))
				1508	printk(KERN_INFO "Error attempting to read the [%s] "
				1509	"xattr from the lower file; return value = "
				1510	"[%zd]\n", ECRYPTFS_XATTR_NAME, size);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1511	rc = -EINVAL;
				1512	goto out;
				1513	}
				1514	out:
				1515	return rc;
				1516	}
				1517
Tyler Hicks	778aeb4	2011-05-24 04:56:23 -0500	[diff] [blame]	1518	int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
Tyler Hicks	3b06b3e	2011-05-24 03:49:02 -0500	[diff] [blame]	1519	struct inode *inode)
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1520	{
Tyler Hicks	778aeb4	2011-05-24 04:56:23 -0500	[diff] [blame]	1521	u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
				1522	u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1523	int rc;
				1524
Tyler Hicks	778aeb4	2011-05-24 04:56:23 -0500	[diff] [blame]	1525	rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
				1526	ECRYPTFS_XATTR_NAME, file_size,
				1527	ECRYPTFS_SIZE_AND_MARKER_BYTES);
				1528	if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
				1529	return rc >= 0 ? -EINVAL : rc;
				1530	rc = ecryptfs_validate_marker(marker);
				1531	if (!rc)
				1532	ecryptfs_i_size_init(file_size, inode);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1533	return rc;
				1534	}
				1535
				1536	/**
				1537	* ecryptfs_read_metadata
				1538	*
				1539	* Common entry point for reading file metadata. From here, we could
				1540	* retrieve the header information from the header region of the file,
				1541	* the xattr region of the file, or some other repostory that is
				1542	* stored separately from the file itself. The current implementation
				1543	* supports retrieving the metadata information from the file contents
				1544	* and from the xattr region.
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1545	*
				1546	* Returns zero if valid headers found and parsed; non-zero otherwise
				1547	*/
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1548	int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1549	{
Tim Gardner	bb45036	2012-01-12 16:31:55 +0100	[diff] [blame]	1550	int rc;
				1551	char *page_virt;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1552	struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1553	struct ecryptfs_crypt_stat *crypt_stat =
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1554	&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1555	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
				1556	&ecryptfs_superblock_to_private(
				1557	ecryptfs_dentry->d_sb)->mount_crypt_stat;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1558
Michael Halcrow	e77a56d	2007-02-12 00:53:47 -0800	[diff] [blame]	1559	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
				1560	mount_crypt_stat);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1561	/* Read the first page from the underlying file */
Tyler Hicks	3063287	2011-05-24 05:11:12 -0500	[diff] [blame]	1562	page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1563	if (!page_virt) {
				1564	rc = -ENOMEM;
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1565	printk(KERN_ERR "%s: Unable to allocate page_virt\n",
Harvey Harrison	18d1dbf	2008-04-29 00:59:48 -0700	[diff] [blame]	1566	__func__);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1567	goto out;
				1568	}
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1569	rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
				1570	ecryptfs_inode);
Tyler Hicks	96a7b9c	2009-09-16 19:04:20 -0500	[diff] [blame]	1571	if (rc >= 0)
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1572	rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
				1573	ecryptfs_dentry,
				1574	ECRYPTFS_VALIDATE_HEADER_SIZE);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1575	if (rc) {
Tim Gardner	bb45036	2012-01-12 16:31:55 +0100	[diff] [blame]	1576	/* metadata is not in the file header, so try xattrs */
Tyler Hicks	1984c23	2010-02-10 23:17:44 -0600	[diff] [blame]	1577	memset(page_virt, 0, PAGE_CACHE_SIZE);
Michael Halcrow	d7cdc5f	2007-10-16 01:28:10 -0700	[diff] [blame]	1578	rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1579	if (rc) {
				1580	printk(KERN_DEBUG "Valid eCryptfs headers not found in "
Tim Gardner	30373dc	2012-01-12 16:31:55 +0100	[diff] [blame]	1581	"file header region or xattr region, inode %lu\n",
				1582	ecryptfs_inode->i_ino);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1583	rc = -EINVAL;
				1584	goto out;
				1585	}
				1586	rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
				1587	ecryptfs_dentry,
				1588	ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
				1589	if (rc) {
				1590	printk(KERN_DEBUG "Valid eCryptfs headers not found in "
Tim Gardner	30373dc	2012-01-12 16:31:55 +0100	[diff] [blame]	1591	"file xattr region either, inode %lu\n",
				1592	ecryptfs_inode->i_ino);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1593	rc = -EINVAL;
				1594	}
				1595	if (crypt_stat->mount_crypt_stat->flags
				1596	& ECRYPTFS_XATTR_METADATA_ENABLED) {
				1597	crypt_stat->flags \|= ECRYPTFS_METADATA_IN_XATTR;
				1598	} else {
				1599	printk(KERN_WARNING "Attempt to access file with "
				1600	"crypto metadata only in the extended attribute "
				1601	"region, but eCryptfs was mounted without "
				1602	"xattr support enabled. eCryptfs will not treat "
Tim Gardner	30373dc	2012-01-12 16:31:55 +0100	[diff] [blame]	1603	"this like an encrypted file, inode %lu\n",
				1604	ecryptfs_inode->i_ino);
Michael Halcrow	dd2a3b7	2007-02-12 00:53:46 -0800	[diff] [blame]	1605	rc = -EINVAL;
				1606	}
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1607	}
				1608	out:
				1609	if (page_virt) {
				1610	memset(page_virt, 0, PAGE_CACHE_SIZE);
Tyler Hicks	3063287	2011-05-24 05:11:12 -0500	[diff] [blame]	1611	kmem_cache_free(ecryptfs_header_cache, page_virt);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1612	}
				1613	return rc;
				1614	}
				1615
				1616	/**
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1617	* ecryptfs_encrypt_filename - encrypt filename
				1618	*
				1619	* CBC-encrypts the filename. We do not want to encrypt the same
				1620	* filename with the same key and IV, which may happen with hard
				1621	* links, so we prepend random bits to each filename.
				1622	*
				1623	* Returns zero on success; non-zero otherwise
				1624	*/
				1625	static int
				1626	ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
				1627	struct ecryptfs_crypt_stat *crypt_stat,
				1628	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				1629	{
				1630	int rc = 0;
				1631
				1632	filename->encrypted_filename = NULL;
				1633	filename->encrypted_filename_size = 0;
				1634	if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
				1635	\|\| (mount_crypt_stat && (mount_crypt_stat->flags
				1636	& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
				1637	size_t packet_size;
				1638	size_t remaining_bytes;
				1639
				1640	rc = ecryptfs_write_tag_70_packet(
				1641	NULL, NULL,
				1642	&filename->encrypted_filename_size,
				1643	mount_crypt_stat, NULL,
				1644	filename->filename_size);
				1645	if (rc) {
				1646	printk(KERN_ERR "%s: Error attempting to get packet "
				1647	"size for tag 72; rc = [%d]\n", __func__,
				1648	rc);
				1649	filename->encrypted_filename_size = 0;
				1650	goto out;
				1651	}
				1652	filename->encrypted_filename =
				1653	kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
				1654	if (!filename->encrypted_filename) {
				1655	printk(KERN_ERR "%s: Out of memory whilst attempting "
Michael Halcrow	df261c5	2009-01-06 14:42:02 -0800	[diff] [blame]	1656	"to kmalloc [%zd] bytes\n", __func__,
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1657	filename->encrypted_filename_size);
				1658	rc = -ENOMEM;
				1659	goto out;
				1660	}
				1661	remaining_bytes = filename->encrypted_filename_size;
				1662	rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename,
				1663	&remaining_bytes,
				1664	&packet_size,
				1665	mount_crypt_stat,
				1666	filename->filename,
				1667	filename->filename_size);
				1668	if (rc) {
				1669	printk(KERN_ERR "%s: Error attempting to generate "
				1670	"tag 70 packet; rc = [%d]\n", __func__,
				1671	rc);
				1672	kfree(filename->encrypted_filename);
				1673	filename->encrypted_filename = NULL;
				1674	filename->encrypted_filename_size = 0;
				1675	goto out;
				1676	}
				1677	filename->encrypted_filename_size = packet_size;
				1678	} else {
				1679	printk(KERN_ERR "%s: No support for requested filename "
				1680	"encryption method in this release\n", __func__);
Tyler Hicks	df6ad33	2009-08-21 04:27:46 -0500	[diff] [blame]	1681	rc = -EOPNOTSUPP;
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1682	goto out;
				1683	}
				1684	out:
				1685	return rc;
				1686	}
				1687
				1688	static int ecryptfs_copy_filename(char *copied_name, size_t copied_name_size,
				1689	const char *name, size_t name_size)
				1690	{
				1691	int rc = 0;
				1692
Tyler Hicks	fd9fc84	2009-02-06 18:06:51 -0600	[diff] [blame]	1693	(*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1694	if (!(*copied_name)) {
				1695	rc = -ENOMEM;
				1696	goto out;
				1697	}
				1698	memcpy((void )(copied_name), (void *)name, name_size);
				1699	(copied_name)[(name_size)] = '\0'; / Only for convenience
				1700	* in printing out the
				1701	* string in debug
				1702	* messages */
Tyler Hicks	fd9fc84	2009-02-06 18:06:51 -0600	[diff] [blame]	1703	(*copied_name_size) = name_size;
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1704	out:
				1705	return rc;
				1706	}
				1707
				1708	/**
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1709	* ecryptfs_process_key_cipher - Perform key cipher initialization.
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1710	* @key_tfm: Crypto context for key material, set by this function
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1711	* @cipher_name: Name of the cipher
				1712	* @key_size: Size of the key in bytes
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1713	*
				1714	* Returns zero on success. Any crypto_tfm structs allocated here
				1715	* should be released by other functions, such as on a superblock put
				1716	* event, regardless of whether this function succeeds for fails.
				1717	*/
Michael Halcrow	cd9d67d	2007-10-16 01:28:04 -0700	[diff] [blame]	1718	static int
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1719	ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
				1720	char cipher_name, size_t key_size)
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1721	{
				1722	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
Dan Carpenter	ece550f	2010-01-19 12:34:32 +0300	[diff] [blame]	1723	char *full_alg_name = NULL;
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1724	int rc;
				1725
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1726	*key_tfm = NULL;
				1727	if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1728	rc = -EINVAL;
Michael Halcrow	df261c5	2009-01-06 14:42:02 -0800	[diff] [blame]	1729	printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1730	"allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1731	goto out;
				1732	}
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1733	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
				1734	"ecb");
				1735	if (rc)
				1736	goto out;
				1737	*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1738	if (IS_ERR(*key_tfm)) {
				1739	rc = PTR_ERR(*key_tfm);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1740	printk(KERN_ERR "Unable to allocate crypto cipher with name "
Dave Hansen	3826849	2009-08-27 09:47:07 -0700	[diff] [blame]	1741	"[%s]; rc = [%d]\n", full_alg_name, rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1742	goto out;
				1743	}
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1744	crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
				1745	if (*key_size == 0) {
				1746	struct blkcipher_alg alg = crypto_blkcipher_alg(key_tfm);
				1747
				1748	*key_size = alg->max_keysize;
				1749	}
Michael Halcrow	e5d9cbd	2006-10-30 22:07:16 -0800	[diff] [blame]	1750	get_random_bytes(dummy_key, *key_size);
Michael Halcrow	8bba066	2006-10-30 22:07:18 -0800	[diff] [blame]	1751	rc = crypto_blkcipher_setkey(key_tfm, dummy_key, key_size);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1752	if (rc) {
Michael Halcrow	df261c5	2009-01-06 14:42:02 -0800	[diff] [blame]	1753	printk(KERN_ERR "Error attempting to set key of size [%zd] for "
Dave Hansen	3826849	2009-08-27 09:47:07 -0700	[diff] [blame]	1754	"cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
				1755	rc);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1756	rc = -EINVAL;
				1757	goto out;
				1758	}
				1759	out:
Dan Carpenter	ece550f	2010-01-19 12:34:32 +0300	[diff] [blame]	1760	kfree(full_alg_name);
Michael Halcrow	237fead	2006-10-04 02:16:22 -0700	[diff] [blame]	1761	return rc;
				1762	}
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1763
				1764	struct kmem_cache *ecryptfs_key_tfm_cache;
Adrian Bunk	7896b63	2008-02-06 01:38:32 -0800	[diff] [blame]	1765	static struct list_head key_tfm_list;
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1766	struct mutex key_tfm_list_mutex;
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1767
Jerome Marchand	7371a38	2010-08-17 17:24:05 +0200	[diff] [blame]	1768	int __init ecryptfs_init_crypto(void)
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1769	{
				1770	mutex_init(&key_tfm_list_mutex);
				1771	INIT_LIST_HEAD(&key_tfm_list);
				1772	return 0;
				1773	}
				1774
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1775	/**
				1776	* ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
				1777	*
				1778	* Called only at module unload time
				1779	*/
Michael Halcrow	fcd1283	2007-10-16 01:28:01 -0700	[diff] [blame]	1780	int ecryptfs_destroy_crypto(void)
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1781	{
				1782	struct ecryptfs_key_tfm key_tfm, key_tfm_tmp;
				1783
				1784	mutex_lock(&key_tfm_list_mutex);
				1785	list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
				1786	key_tfm_list) {
				1787	list_del(&key_tfm->key_tfm_list);
				1788	if (key_tfm->key_tfm)
				1789	crypto_free_blkcipher(key_tfm->key_tfm);
				1790	kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
				1791	}
				1792	mutex_unlock(&key_tfm_list_mutex);
				1793	return 0;
				1794	}
				1795
				1796	int
				1797	ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm *key_tfm, char cipher_name,
				1798	size_t key_size)
				1799	{
				1800	struct ecryptfs_key_tfm *tmp_tfm;
				1801	int rc = 0;
				1802
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1803	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
				1804
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1805	tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
				1806	if (key_tfm != NULL)
				1807	(*key_tfm) = tmp_tfm;
				1808	if (!tmp_tfm) {
				1809	rc = -ENOMEM;
				1810	printk(KERN_ERR "Error attempting to allocate from "
				1811	"ecryptfs_key_tfm_cache\n");
				1812	goto out;
				1813	}
				1814	mutex_init(&tmp_tfm->key_tfm_mutex);
				1815	strncpy(tmp_tfm->cipher_name, cipher_name,
				1816	ECRYPTFS_MAX_CIPHER_NAME_SIZE);
Eric Sandeen	b886290	2007-12-22 14:03:24 -0800	[diff] [blame]	1817	tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1818	tmp_tfm->key_size = key_size;
Michael Halcrow	5dda699	2007-10-16 01:28:06 -0700	[diff] [blame]	1819	rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
				1820	tmp_tfm->cipher_name,
				1821	&tmp_tfm->key_size);
				1822	if (rc) {
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1823	printk(KERN_ERR "Error attempting to initialize key TFM "
				1824	"cipher with name = [%s]; rc = [%d]\n",
				1825	tmp_tfm->cipher_name, rc);
				1826	kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
				1827	if (key_tfm != NULL)
				1828	(*key_tfm) = NULL;
				1829	goto out;
				1830	}
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1831	list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1832	out:
				1833	return rc;
				1834	}
				1835
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1836	/**
				1837	* ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
				1838	* @cipher_name: the name of the cipher to search for
				1839	* @key_tfm: set to corresponding tfm if found
				1840	*
				1841	* Searches for cached key_tfm matching @cipher_name
				1842	* Must be called with &key_tfm_list_mutex held
				1843	* Returns 1 if found, with @key_tfm set
				1844	* Returns 0 if not found, with @key_tfm set to NULL
				1845	*/
				1846	int ecryptfs_tfm_exists(char cipher_name, struct ecryptfs_key_tfm *key_tfm)
				1847	{
				1848	struct ecryptfs_key_tfm *tmp_key_tfm;
				1849
				1850	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
				1851
				1852	list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
				1853	if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
				1854	if (key_tfm)
				1855	(*key_tfm) = tmp_key_tfm;
				1856	return 1;
				1857	}
				1858	}
				1859	if (key_tfm)
				1860	(*key_tfm) = NULL;
				1861	return 0;
				1862	}
				1863
				1864	/**
				1865	* ecryptfs_get_tfm_and_mutex_for_cipher_name
				1866	*
				1867	* @tfm: set to cached tfm found, or new tfm created
				1868	* @tfm_mutex: set to mutex for cached tfm found, or new tfm created
				1869	* @cipher_name: the name of the cipher to search for and/or add
				1870	*
				1871	* Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
				1872	* Searches for cached item first, and creates new if not found.
				1873	* Returns 0 on success, non-zero if adding new cipher failed
				1874	*/
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1875	int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
				1876	struct mutex **tfm_mutex,
				1877	char *cipher_name)
				1878	{
				1879	struct ecryptfs_key_tfm *key_tfm;
				1880	int rc = 0;
				1881
				1882	(*tfm) = NULL;
				1883	(*tfm_mutex) = NULL;
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1884
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1885	mutex_lock(&key_tfm_list_mutex);
Eric Sandeen	af440f5	2008-02-06 01:38:37 -0800	[diff] [blame]	1886	if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
				1887	rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
				1888	if (rc) {
				1889	printk(KERN_ERR "Error adding new key_tfm to list; "
				1890	"rc = [%d]\n", rc);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1891	goto out;
				1892	}
				1893	}
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1894	(*tfm) = key_tfm->key_tfm;
				1895	(*tfm_mutex) = &key_tfm->key_tfm_mutex;
				1896	out:
Cyrill Gorcunov	71fd517	2008-05-23 13:04:20 -0700	[diff] [blame]	1897	mutex_unlock(&key_tfm_list_mutex);
Michael Halcrow	f4aad16	2007-10-16 01:27:53 -0700	[diff] [blame]	1898	return rc;
				1899	}
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1900
				1901	/* 64 characters forming a 6-bit target field */
				1902	static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
				1903	"EFGHIJKLMNOPQRST"
				1904	"UVWXYZabcdefghij"
				1905	"klmnopqrstuvwxyz");
				1906
				1907	/* We could either offset on every reverse map or just pad some 0x00's
				1908	* at the front here */
Tyler Hicks	0f751e6	2011-11-23 11:31:24 -0600	[diff] [blame]	1909	static const unsigned char filename_rev_map[256] = {
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1910	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
				1911	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
				1912	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
				1913	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
				1914	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
				1915	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
				1916	0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
				1917	0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
				1918	0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
				1919	0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
				1920	0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
				1921	0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
				1922	0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
				1923	0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
				1924	0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
Tyler Hicks	0f751e6	2011-11-23 11:31:24 -0600	[diff] [blame]	1925	0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1926	};
				1927
				1928	/**
				1929	* ecryptfs_encode_for_filename
				1930	* @dst: Destination location for encoded filename
				1931	* @dst_size: Size of the encoded filename in bytes
				1932	* @src: Source location for the filename to encode
				1933	* @src_size: Size of the source in bytes
				1934	*/
Cong Ding	3702875	2012-12-07 22:21:56 +0000	[diff] [blame]	1935	static void ecryptfs_encode_for_filename(unsigned char dst, size_t dst_size,
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	1936	unsigned char *src, size_t src_size)
				1937	{
				1938	size_t num_blocks;
				1939	size_t block_num = 0;
				1940	size_t dst_offset = 0;
				1941	unsigned char last_block[3];
				1942
				1943	if (src_size == 0) {
				1944	(*dst_size) = 0;
				1945	goto out;
				1946	}
				1947	num_blocks = (src_size / 3);
				1948	if ((src_size % 3) == 0) {
				1949	memcpy(last_block, (&src[src_size - 3]), 3);
				1950	} else {
				1951	num_blocks++;
				1952	last_block[2] = 0x00;
				1953	switch (src_size % 3) {
				1954	case 1:
				1955	last_block[0] = src[src_size - 1];
				1956	last_block[1] = 0x00;
				1957	break;
				1958	case 2:
				1959	last_block[0] = src[src_size - 2];
				1960	last_block[1] = src[src_size - 1];
				1961	}
				1962	}
				1963	(dst_size) = (num_blocks 4);
				1964	if (!dst)
				1965	goto out;
				1966	while (block_num < num_blocks) {
				1967	unsigned char *src_block;
				1968	unsigned char dst_block[4];
				1969
				1970	if (block_num == (num_blocks - 1))
				1971	src_block = last_block;
				1972	else
				1973	src_block = &src[block_num * 3];
				1974	dst_block[0] = ((src_block[0] >> 2) & 0x3F);
				1975	dst_block[1] = (((src_block[0] << 4) & 0x30)
				1976	\| ((src_block[1] >> 4) & 0x0F));
				1977	dst_block[2] = (((src_block[1] << 2) & 0x3C)
				1978	\| ((src_block[2] >> 6) & 0x03));
				1979	dst_block[3] = (src_block[2] & 0x3F);
				1980	dst[dst_offset++] = portable_filename_chars[dst_block[0]];
				1981	dst[dst_offset++] = portable_filename_chars[dst_block[1]];
				1982	dst[dst_offset++] = portable_filename_chars[dst_block[2]];
				1983	dst[dst_offset++] = portable_filename_chars[dst_block[3]];
				1984	block_num++;
				1985	}
				1986	out:
				1987	return;
				1988	}
				1989
Tyler Hicks	4a26620	2011-11-05 13:45:08 -0400	[diff] [blame]	1990	static size_t ecryptfs_max_decoded_size(size_t encoded_size)
				1991	{
				1992	/* Not exact; conservatively long. Every block of 4
				1993	* encoded characters decodes into a block of 3
				1994	* decoded characters. This segment of code provides
				1995	* the caller with the maximum amount of allocated
				1996	* space that @dst will need to point to in a
				1997	* subsequent call. */
				1998	return ((encoded_size + 1) * 3) / 4;
				1999	}
				2000
Michael Halcrow	71c11c3	2009-01-06 14:42:05 -0800	[diff] [blame]	2001	/**
				2002	* ecryptfs_decode_from_filename
				2003	* @dst: If NULL, this function only sets @dst_size and returns. If
				2004	* non-NULL, this function decodes the encoded octets in @src
				2005	* into the memory that @dst points to.
				2006	* @dst_size: Set to the size of the decoded string.
				2007	* @src: The encoded set of octets to decode.
				2008	* @src_size: The size of the encoded set of octets to decode.
				2009	*/
				2010	static void
				2011	ecryptfs_decode_from_filename(unsigned char dst, size_t dst_size,
				2012	const unsigned char *src, size_t src_size)
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2013	{
				2014	u8 current_bit_offset = 0;
				2015	size_t src_byte_offset = 0;
				2016	size_t dst_byte_offset = 0;
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2017
				2018	if (dst == NULL) {
Tyler Hicks	4a26620	2011-11-05 13:45:08 -0400	[diff] [blame]	2019	(*dst_size) = ecryptfs_max_decoded_size(src_size);
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2020	goto out;
				2021	}
				2022	while (src_byte_offset < src_size) {
				2023	unsigned char src_byte =
				2024	filename_rev_map[(int)src[src_byte_offset]];
				2025
				2026	switch (current_bit_offset) {
				2027	case 0:
				2028	dst[dst_byte_offset] = (src_byte << 2);
				2029	current_bit_offset = 6;
				2030	break;
				2031	case 6:
				2032	dst[dst_byte_offset++] \|= (src_byte >> 4);
				2033	dst[dst_byte_offset] = ((src_byte & 0xF)
				2034	<< 4);
				2035	current_bit_offset = 4;
				2036	break;
				2037	case 4:
				2038	dst[dst_byte_offset++] \|= (src_byte >> 2);
				2039	dst[dst_byte_offset] = (src_byte << 6);
				2040	current_bit_offset = 2;
				2041	break;
				2042	case 2:
				2043	dst[dst_byte_offset++] \|= (src_byte);
				2044	dst[dst_byte_offset] = 0;
				2045	current_bit_offset = 0;
				2046	break;
				2047	}
				2048	src_byte_offset++;
				2049	}
				2050	(*dst_size) = dst_byte_offset;
				2051	out:
Michael Halcrow	71c11c3	2009-01-06 14:42:05 -0800	[diff] [blame]	2052	return;
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2053	}
				2054
				2055	/**
				2056	* ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text
				2057	* @crypt_stat: The crypt_stat struct associated with the file anem to encode
				2058	* @name: The plaintext name
				2059	* @length: The length of the plaintext
				2060	* @encoded_name: The encypted name
				2061	*
				2062	* Encrypts and encodes a filename into something that constitutes a
				2063	* valid filename for a filesystem, with printable characters.
				2064	*
				2065	* We assume that we have a properly initialized crypto context,
				2066	* pointed to by crypt_stat->tfm.
				2067	*
				2068	* Returns zero on success; non-zero on otherwise
				2069	*/
				2070	int ecryptfs_encrypt_and_encode_filename(
				2071	char **encoded_name,
				2072	size_t *encoded_name_size,
				2073	struct ecryptfs_crypt_stat *crypt_stat,
				2074	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
				2075	const char *name, size_t name_size)
				2076	{
				2077	size_t encoded_name_no_prefix_size;
				2078	int rc = 0;
				2079
				2080	(*encoded_name) = NULL;
				2081	(*encoded_name_size) = 0;
				2082	if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
				2083	\|\| (mount_crypt_stat && (mount_crypt_stat->flags
				2084	& ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) {
				2085	struct ecryptfs_filename *filename;
				2086
				2087	filename = kzalloc(sizeof(*filename), GFP_KERNEL);
				2088	if (!filename) {
				2089	printk(KERN_ERR "%s: Out of memory whilst attempting "
Michael Halcrow	a8f1286	2009-01-06 14:42:03 -0800	[diff] [blame]	2090	"to kzalloc [%zd] bytes\n", __func__,
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2091	sizeof(*filename));
				2092	rc = -ENOMEM;
				2093	goto out;
				2094	}
				2095	filename->filename = (char *)name;
				2096	filename->filename_size = name_size;
				2097	rc = ecryptfs_encrypt_filename(filename, crypt_stat,
				2098	mount_crypt_stat);
				2099	if (rc) {
				2100	printk(KERN_ERR "%s: Error attempting to encrypt "
				2101	"filename; rc = [%d]\n", __func__, rc);
				2102	kfree(filename);
				2103	goto out;
				2104	}
				2105	ecryptfs_encode_for_filename(
				2106	NULL, &encoded_name_no_prefix_size,
				2107	filename->encrypted_filename,
				2108	filename->encrypted_filename_size);
				2109	if ((crypt_stat && (crypt_stat->flags
				2110	& ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
				2111	\|\| (mount_crypt_stat
				2112	&& (mount_crypt_stat->flags
				2113	& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)))
				2114	(*encoded_name_size) =
				2115	(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
				2116	+ encoded_name_no_prefix_size);
				2117	else
				2118	(*encoded_name_size) =
				2119	(ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE
				2120	+ encoded_name_no_prefix_size);
				2121	(encoded_name) = kmalloc((encoded_name_size) + 1, GFP_KERNEL);
				2122	if (!(*encoded_name)) {
				2123	printk(KERN_ERR "%s: Out of memory whilst attempting "
Michael Halcrow	a8f1286	2009-01-06 14:42:03 -0800	[diff] [blame]	2124	"to kzalloc [%zd] bytes\n", __func__,
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2125	(*encoded_name_size));
				2126	rc = -ENOMEM;
				2127	kfree(filename->encrypted_filename);
				2128	kfree(filename);
				2129	goto out;
				2130	}
				2131	if ((crypt_stat && (crypt_stat->flags
				2132	& ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
				2133	\|\| (mount_crypt_stat
				2134	&& (mount_crypt_stat->flags
				2135	& ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
				2136	memcpy((*encoded_name),
				2137	ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
				2138	ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
				2139	ecryptfs_encode_for_filename(
				2140	((*encoded_name)
				2141	+ ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE),
				2142	&encoded_name_no_prefix_size,
				2143	filename->encrypted_filename,
				2144	filename->encrypted_filename_size);
				2145	(*encoded_name_size) =
				2146	(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
				2147	+ encoded_name_no_prefix_size);
				2148	(encoded_name)[(encoded_name_size)] = '\0';
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2149	} else {
Tyler Hicks	df6ad33	2009-08-21 04:27:46 -0500	[diff] [blame]	2150	rc = -EOPNOTSUPP;
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2151	}
				2152	if (rc) {
				2153	printk(KERN_ERR "%s: Error attempting to encode "
				2154	"encrypted filename; rc = [%d]\n", __func__,
				2155	rc);
				2156	kfree((*encoded_name));
				2157	(*encoded_name) = NULL;
				2158	(*encoded_name_size) = 0;
				2159	}
				2160	kfree(filename->encrypted_filename);
				2161	kfree(filename);
				2162	} else {
				2163	rc = ecryptfs_copy_filename(encoded_name,
				2164	encoded_name_size,
				2165	name, name_size);
				2166	}
				2167	out:
				2168	return rc;
				2169	}
				2170
				2171	/**
				2172	* ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
				2173	* @plaintext_name: The plaintext name
				2174	* @plaintext_name_size: The plaintext name size
				2175	* @ecryptfs_dir_dentry: eCryptfs directory dentry
				2176	* @name: The filename in cipher text
				2177	* @name_size: The cipher text name size
				2178	*
				2179	* Decrypts and decodes the filename.
				2180	*
				2181	* Returns zero on error; non-zero otherwise
				2182	*/
				2183	int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
				2184	size_t *plaintext_name_size,
				2185	struct dentry *ecryptfs_dir_dentry,
				2186	const char *name, size_t name_size)
				2187	{
Tyler Hicks	2aac0cf	2009-03-20 02:23:57 -0500	[diff] [blame]	2188	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
				2189	&ecryptfs_superblock_to_private(
				2190	ecryptfs_dir_dentry->d_sb)->mount_crypt_stat;
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2191	char *decoded_name;
				2192	size_t decoded_name_size;
				2193	size_t packet_size;
				2194	int rc = 0;
				2195
Tyler Hicks	2aac0cf	2009-03-20 02:23:57 -0500	[diff] [blame]	2196	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
				2197	&& !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
				2198	&& (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2199	&& (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
				2200	ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) {
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2201	const char *orig_name = name;
				2202	size_t orig_name_size = name_size;
				2203
				2204	name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
				2205	name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
Michael Halcrow	71c11c3	2009-01-06 14:42:05 -0800	[diff] [blame]	2206	ecryptfs_decode_from_filename(NULL, &decoded_name_size,
				2207	name, name_size);
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2208	decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
				2209	if (!decoded_name) {
				2210	printk(KERN_ERR "%s: Out of memory whilst attempting "
Michael Halcrow	df261c5	2009-01-06 14:42:02 -0800	[diff] [blame]	2211	"to kmalloc [%zd] bytes\n", __func__,
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2212	decoded_name_size);
				2213	rc = -ENOMEM;
				2214	goto out;
				2215	}
Michael Halcrow	71c11c3	2009-01-06 14:42:05 -0800	[diff] [blame]	2216	ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
				2217	name, name_size);
Michael Halcrow	51ca58d	2009-01-06 14:41:59 -0800	[diff] [blame]	2218	rc = ecryptfs_parse_tag_70_packet(plaintext_name,
				2219	plaintext_name_size,
				2220	&packet_size,
				2221	mount_crypt_stat,
				2222	decoded_name,
				2223	decoded_name_size);
				2224	if (rc) {
				2225	printk(KERN_INFO "%s: Could not parse tag 70 packet "
				2226	"from filename; copying through filename "
				2227	"as-is\n", __func__);
				2228	rc = ecryptfs_copy_filename(plaintext_name,
				2229	plaintext_name_size,
				2230	orig_name, orig_name_size);
				2231	goto out_free;
				2232	}
				2233	} else {
				2234	rc = ecryptfs_copy_filename(plaintext_name,
				2235	plaintext_name_size,
				2236	name, name_size);
				2237	goto out;
				2238	}
				2239	out_free:
				2240	kfree(decoded_name);
				2241	out:
				2242	return rc;
				2243	}
Tyler Hicks	4a26620	2011-11-05 13:45:08 -0400	[diff] [blame]	2244
				2245	#define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143
				2246
				2247	int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
				2248	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
				2249	{
				2250	struct blkcipher_desc desc;
				2251	struct mutex *tfm_mutex;
				2252	size_t cipher_blocksize;
				2253	int rc;
				2254
				2255	if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
				2256	(*namelen) = lower_namelen;
				2257	return 0;
				2258	}
				2259
				2260	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
				2261	mount_crypt_stat->global_default_fn_cipher_name);
				2262	if (unlikely(rc)) {
				2263	(*namelen) = 0;
				2264	return rc;
				2265	}
				2266
				2267	mutex_lock(tfm_mutex);
				2268	cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm);
				2269	mutex_unlock(tfm_mutex);
				2270
				2271	/* Return an exact amount for the common cases */
				2272	if (lower_namelen == NAME_MAX
				2273	&& (cipher_blocksize == 8 \|\| cipher_blocksize == 16)) {
				2274	(*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16;
				2275	return 0;
				2276	}
				2277
				2278	/* Return a safe estimate for the uncommon cases */
				2279	(*namelen) = lower_namelen;
				2280	(*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
				2281	/* Since this is the max decoded size, subtract 1 "decoded block" len */
				2282	(namelen) = ecryptfs_max_decoded_size(namelen) - 3;
				2283	(*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE;
				2284	(*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES;
				2285	/* Worst case is that the filename is padded nearly a full block size */
				2286	(*namelen) -= cipher_blocksize - 1;
				2287
				2288	if ((*namelen) < 0)
				2289	(*namelen) = 0;
				2290
				2291	return 0;
				2292	}