Eric Lee / smarc-ti-linux-kernel

3
Download as
Browse Code ยป

Commit 942080643bce061c3dd9d5718d3b745dcb39a8bc

Authored by Michael Halcrow
Committed by Tyler Hicks
1 parent 831115af5c
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

eCryptfs: Remove buggy and unnecessary write in file name decode routine 

Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
end of the allocated buffer during encrypted filename decoding. This
fix corrects the issue by getting rid of the unnecessary 0 write when
the current bit offset is 2.

Signed-off-by: Michael Halcrow <mhalcrow@google.com>
Reported-by: Dmitry Chernenkov <dmitryc@google.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org # v2.6.29+: 51ca58d eCryptfs: Filename Encryption: Encoding and encryption functions
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

Showing 1 changed file with 0 additions and 1 deletions Inline Diff

fs/ecryptfs/crypto.c
Diff comments   View file @ 9420806
1 /** 1 /**
2 * eCryptfs: Linux filesystem encryption layer 2 * eCryptfs: Linux filesystem encryption layer
3 * 3 *
4 * Copyright (C) 1997-2004 Erez Zadok 4 * Copyright (C) 1997-2004 Erez Zadok
5 * Copyright (C) 2001-2004 Stony Brook University 5 * Copyright (C) 2001-2004 Stony Brook University
6 * Copyright (C) 2004-2007 International Business Machines Corp. 6 * Copyright (C) 2004-2007 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompson <mcthomps@us.ibm.com> 8 * Michael C. Thompson <mcthomps@us.ibm.com>
9 * 9 *
10 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as 11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 of the 12 * published by the Free Software Foundation; either version 2 of the
13 * License, or (at your option) any later version. 13 * License, or (at your option) any later version.
14 * 14 *
15 * This program is distributed in the hope that it will be useful, but 15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of 16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details. 18 * General Public License for more details.
19 * 19 *
20 * You should have received a copy of the GNU General Public License 20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software 21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
23 * 02111-1307, USA. 23 * 02111-1307, USA.
24 */ 24 */
25 25
26 #include <linux/fs.h> 26 #include <linux/fs.h>
27 #include <linux/mount.h> 27 #include <linux/mount.h>
28 #include <linux/pagemap.h> 28 #include <linux/pagemap.h>
29 #include <linux/random.h> 29 #include <linux/random.h>
30 #include <linux/compiler.h> 30 #include <linux/compiler.h>
31 #include <linux/key.h> 31 #include <linux/key.h>
32 #include <linux/namei.h> 32 #include <linux/namei.h>
33 #include <linux/crypto.h> 33 #include <linux/crypto.h>
34 #include <linux/file.h> 34 #include <linux/file.h>
35 #include <linux/scatterlist.h> 35 #include <linux/scatterlist.h>
36 #include <linux/slab.h> 36 #include <linux/slab.h>
37 #include <asm/unaligned.h> 37 #include <asm/unaligned.h>
38 #include "ecryptfs_kernel.h" 38 #include "ecryptfs_kernel.h"
39 39
40 #define DECRYPT 0 40 #define DECRYPT 0
41 #define ENCRYPT 1 41 #define ENCRYPT 1
42 42
43 /** 43 /**
44 * ecryptfs_to_hex 44 * ecryptfs_to_hex
45 * @dst: Buffer to take hex character representation of contents of 45 * @dst: Buffer to take hex character representation of contents of
46 * src; must be at least of size (src_size * 2) 46 * src; must be at least of size (src_size * 2)
47 * @src: Buffer to be converted to a hex string respresentation 47 * @src: Buffer to be converted to a hex string respresentation
48 * @src_size: number of bytes to convert 48 * @src_size: number of bytes to convert
49 */ 49 */
50 void ecryptfs_to_hex(char *dst, char *src, size_t src_size) 50 void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
51 { 51 {
52 int x; 52 int x;
53 53
54 for (x = 0; x < src_size; x++) 54 for (x = 0; x < src_size; x++)
55 sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]); 55 sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);
56 } 56 }
57 57
58 /** 58 /**
59 * ecryptfs_from_hex 59 * ecryptfs_from_hex
60 * @dst: Buffer to take the bytes from src hex; must be at least of 60 * @dst: Buffer to take the bytes from src hex; must be at least of
61 * size (src_size / 2) 61 * size (src_size / 2)
62 * @src: Buffer to be converted from a hex string respresentation to raw value 62 * @src: Buffer to be converted from a hex string respresentation to raw value
63 * @dst_size: size of dst buffer, or number of hex characters pairs to convert 63 * @dst_size: size of dst buffer, or number of hex characters pairs to convert
64 */ 64 */
65 void ecryptfs_from_hex(char *dst, char *src, int dst_size) 65 void ecryptfs_from_hex(char *dst, char *src, int dst_size)
66 { 66 {
67 int x; 67 int x;
68 char tmp[3] = { 0, }; 68 char tmp[3] = { 0, };
69 69
70 for (x = 0; x < dst_size; x++) { 70 for (x = 0; x < dst_size; x++) {
71 tmp[0] = src[x * 2]; 71 tmp[0] = src[x * 2];
72 tmp[1] = src[x * 2 + 1]; 72 tmp[1] = src[x * 2 + 1];
73 dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16); 73 dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
74 } 74 }
75 } 75 }
76 76
77 /** 77 /**
78 * ecryptfs_calculate_md5 - calculates the md5 of @src 78 * ecryptfs_calculate_md5 - calculates the md5 of @src
79 * @dst: Pointer to 16 bytes of allocated memory 79 * @dst: Pointer to 16 bytes of allocated memory
80 * @crypt_stat: Pointer to crypt_stat struct for the current inode 80 * @crypt_stat: Pointer to crypt_stat struct for the current inode
81 * @src: Data to be md5'd 81 * @src: Data to be md5'd
82 * @len: Length of @src 82 * @len: Length of @src
83 * 83 *
84 * Uses the allocated crypto context that crypt_stat references to 84 * Uses the allocated crypto context that crypt_stat references to
85 * generate the MD5 sum of the contents of src. 85 * generate the MD5 sum of the contents of src.
86 */ 86 */
87 static int ecryptfs_calculate_md5(char *dst, 87 static int ecryptfs_calculate_md5(char *dst,
88 struct ecryptfs_crypt_stat *crypt_stat, 88 struct ecryptfs_crypt_stat *crypt_stat,
89 char *src, int len) 89 char *src, int len)
90 { 90 {
91 struct scatterlist sg; 91 struct scatterlist sg;
92 struct hash_desc desc = { 92 struct hash_desc desc = {
93 .tfm = crypt_stat->hash_tfm, 93 .tfm = crypt_stat->hash_tfm,
94 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 94 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
95 }; 95 };
96 int rc = 0; 96 int rc = 0;
97 97
98 mutex_lock(&crypt_stat->cs_hash_tfm_mutex); 98 mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
99 sg_init_one(&sg, (u8 *)src, len); 99 sg_init_one(&sg, (u8 *)src, len);
100 if (!desc.tfm) { 100 if (!desc.tfm) {
101 desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, 101 desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
102 CRYPTO_ALG_ASYNC); 102 CRYPTO_ALG_ASYNC);
103 if (IS_ERR(desc.tfm)) { 103 if (IS_ERR(desc.tfm)) {
104 rc = PTR_ERR(desc.tfm); 104 rc = PTR_ERR(desc.tfm);
105 ecryptfs_printk(KERN_ERR, "Error attempting to " 105 ecryptfs_printk(KERN_ERR, "Error attempting to "
106 "allocate crypto context; rc = [%d]\n", 106 "allocate crypto context; rc = [%d]\n",
107 rc); 107 rc);
108 goto out; 108 goto out;
109 } 109 }
110 crypt_stat->hash_tfm = desc.tfm; 110 crypt_stat->hash_tfm = desc.tfm;
111 } 111 }
112 rc = crypto_hash_init(&desc); 112 rc = crypto_hash_init(&desc);
113 if (rc) { 113 if (rc) {
114 printk(KERN_ERR 114 printk(KERN_ERR
115 "%s: Error initializing crypto hash; rc = [%d]\n", 115 "%s: Error initializing crypto hash; rc = [%d]\n",
116 __func__, rc); 116 __func__, rc);
117 goto out; 117 goto out;
118 } 118 }
119 rc = crypto_hash_update(&desc, &sg, len); 119 rc = crypto_hash_update(&desc, &sg, len);
120 if (rc) { 120 if (rc) {
121 printk(KERN_ERR 121 printk(KERN_ERR
122 "%s: Error updating crypto hash; rc = [%d]\n", 122 "%s: Error updating crypto hash; rc = [%d]\n",
123 __func__, rc); 123 __func__, rc);
124 goto out; 124 goto out;
125 } 125 }
126 rc = crypto_hash_final(&desc, dst); 126 rc = crypto_hash_final(&desc, dst);
127 if (rc) { 127 if (rc) {
128 printk(KERN_ERR 128 printk(KERN_ERR
129 "%s: Error finalizing crypto hash; rc = [%d]\n", 129 "%s: Error finalizing crypto hash; rc = [%d]\n",
130 __func__, rc); 130 __func__, rc);
131 goto out; 131 goto out;
132 } 132 }
133 out: 133 out:
134 mutex_unlock(&crypt_stat->cs_hash_tfm_mutex); 134 mutex_unlock(&crypt_stat->cs_hash_tfm_mutex);
135 return rc; 135 return rc;
136 } 136 }
137 137
138 static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name, 138 static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
139 char *cipher_name, 139 char *cipher_name,
140 char *chaining_modifier) 140 char *chaining_modifier)
141 { 141 {
142 int cipher_name_len = strlen(cipher_name); 142 int cipher_name_len = strlen(cipher_name);
143 int chaining_modifier_len = strlen(chaining_modifier); 143 int chaining_modifier_len = strlen(chaining_modifier);
144 int algified_name_len; 144 int algified_name_len;
145 int rc; 145 int rc;
146 146
147 algified_name_len = (chaining_modifier_len + cipher_name_len + 3); 147 algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
148 (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL); 148 (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
149 if (!(*algified_name)) { 149 if (!(*algified_name)) {
150 rc = -ENOMEM; 150 rc = -ENOMEM;
151 goto out; 151 goto out;
152 } 152 }
153 snprintf((*algified_name), algified_name_len, "%s(%s)", 153 snprintf((*algified_name), algified_name_len, "%s(%s)",
154 chaining_modifier, cipher_name); 154 chaining_modifier, cipher_name);
155 rc = 0; 155 rc = 0;
156 out: 156 out:
157 return rc; 157 return rc;
158 } 158 }
159 159
160 /** 160 /**
161 * ecryptfs_derive_iv 161 * ecryptfs_derive_iv
162 * @iv: destination for the derived iv vale 162 * @iv: destination for the derived iv vale
163 * @crypt_stat: Pointer to crypt_stat struct for the current inode 163 * @crypt_stat: Pointer to crypt_stat struct for the current inode
164 * @offset: Offset of the extent whose IV we are to derive 164 * @offset: Offset of the extent whose IV we are to derive
165 * 165 *
166 * Generate the initialization vector from the given root IV and page 166 * Generate the initialization vector from the given root IV and page
167 * offset. 167 * offset.
168 * 168 *
169 * Returns zero on success; non-zero on error. 169 * Returns zero on success; non-zero on error.
170 */ 170 */
171 int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, 171 int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
172 loff_t offset) 172 loff_t offset)
173 { 173 {
174 int rc = 0; 174 int rc = 0;
175 char dst[MD5_DIGEST_SIZE]; 175 char dst[MD5_DIGEST_SIZE];
176 char src[ECRYPTFS_MAX_IV_BYTES + 16]; 176 char src[ECRYPTFS_MAX_IV_BYTES + 16];
177 177
178 if (unlikely(ecryptfs_verbosity > 0)) { 178 if (unlikely(ecryptfs_verbosity > 0)) {
179 ecryptfs_printk(KERN_DEBUG, "root iv:\n"); 179 ecryptfs_printk(KERN_DEBUG, "root iv:\n");
180 ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes); 180 ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
181 } 181 }
182 /* TODO: It is probably secure to just cast the least 182 /* TODO: It is probably secure to just cast the least
183 * significant bits of the root IV into an unsigned long and 183 * significant bits of the root IV into an unsigned long and
184 * add the offset to that rather than go through all this 184 * add the offset to that rather than go through all this
185 * hashing business. -Halcrow */ 185 * hashing business. -Halcrow */
186 memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes); 186 memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
187 memset((src + crypt_stat->iv_bytes), 0, 16); 187 memset((src + crypt_stat->iv_bytes), 0, 16);
188 snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset); 188 snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
189 if (unlikely(ecryptfs_verbosity > 0)) { 189 if (unlikely(ecryptfs_verbosity > 0)) {
190 ecryptfs_printk(KERN_DEBUG, "source:\n"); 190 ecryptfs_printk(KERN_DEBUG, "source:\n");
191 ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16)); 191 ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
192 } 192 }
193 rc = ecryptfs_calculate_md5(dst, crypt_stat, src, 193 rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
194 (crypt_stat->iv_bytes + 16)); 194 (crypt_stat->iv_bytes + 16));
195 if (rc) { 195 if (rc) {
196 ecryptfs_printk(KERN_WARNING, "Error attempting to compute " 196 ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
197 "MD5 while generating IV for a page\n"); 197 "MD5 while generating IV for a page\n");
198 goto out; 198 goto out;
199 } 199 }
200 memcpy(iv, dst, crypt_stat->iv_bytes); 200 memcpy(iv, dst, crypt_stat->iv_bytes);
201 if (unlikely(ecryptfs_verbosity > 0)) { 201 if (unlikely(ecryptfs_verbosity > 0)) {
202 ecryptfs_printk(KERN_DEBUG, "derived iv:\n"); 202 ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
203 ecryptfs_dump_hex(iv, crypt_stat->iv_bytes); 203 ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
204 } 204 }
205 out: 205 out:
206 return rc; 206 return rc;
207 } 207 }
208 208
209 /** 209 /**
210 * ecryptfs_init_crypt_stat 210 * ecryptfs_init_crypt_stat
211 * @crypt_stat: Pointer to the crypt_stat struct to initialize. 211 * @crypt_stat: Pointer to the crypt_stat struct to initialize.
212 * 212 *
213 * Initialize the crypt_stat structure. 213 * Initialize the crypt_stat structure.
214 */ 214 */
215 void 215 void
216 ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) 216 ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
217 { 217 {
218 memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 218 memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
219 INIT_LIST_HEAD(&crypt_stat->keysig_list); 219 INIT_LIST_HEAD(&crypt_stat->keysig_list);
220 mutex_init(&crypt_stat->keysig_list_mutex); 220 mutex_init(&crypt_stat->keysig_list_mutex);
221 mutex_init(&crypt_stat->cs_mutex); 221 mutex_init(&crypt_stat->cs_mutex);
222 mutex_init(&crypt_stat->cs_tfm_mutex); 222 mutex_init(&crypt_stat->cs_tfm_mutex);
223 mutex_init(&crypt_stat->cs_hash_tfm_mutex); 223 mutex_init(&crypt_stat->cs_hash_tfm_mutex);
224 crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED; 224 crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
225 } 225 }
226 226
227 /** 227 /**
228 * ecryptfs_destroy_crypt_stat 228 * ecryptfs_destroy_crypt_stat
229 * @crypt_stat: Pointer to the crypt_stat struct to initialize. 229 * @crypt_stat: Pointer to the crypt_stat struct to initialize.
230 * 230 *
231 * Releases all memory associated with a crypt_stat struct. 231 * Releases all memory associated with a crypt_stat struct.
232 */ 232 */
233 void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) 233 void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
234 { 234 {
235 struct ecryptfs_key_sig *key_sig, *key_sig_tmp; 235 struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
236 236
237 if (crypt_stat->tfm) 237 if (crypt_stat->tfm)
238 crypto_free_ablkcipher(crypt_stat->tfm); 238 crypto_free_ablkcipher(crypt_stat->tfm);
239 if (crypt_stat->hash_tfm) 239 if (crypt_stat->hash_tfm)
240 crypto_free_hash(crypt_stat->hash_tfm); 240 crypto_free_hash(crypt_stat->hash_tfm);
241 list_for_each_entry_safe(key_sig, key_sig_tmp, 241 list_for_each_entry_safe(key_sig, key_sig_tmp,
242 &crypt_stat->keysig_list, crypt_stat_list) { 242 &crypt_stat->keysig_list, crypt_stat_list) {
243 list_del(&key_sig->crypt_stat_list); 243 list_del(&key_sig->crypt_stat_list);
244 kmem_cache_free(ecryptfs_key_sig_cache, key_sig); 244 kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
245 } 245 }
246 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 246 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
247 } 247 }
248 248
249 void ecryptfs_destroy_mount_crypt_stat( 249 void ecryptfs_destroy_mount_crypt_stat(
250 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 250 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
251 { 251 {
252 struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp; 252 struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp;
253 253
254 if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED)) 254 if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
255 return; 255 return;
256 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 256 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
257 list_for_each_entry_safe(auth_tok, auth_tok_tmp, 257 list_for_each_entry_safe(auth_tok, auth_tok_tmp,
258 &mount_crypt_stat->global_auth_tok_list, 258 &mount_crypt_stat->global_auth_tok_list,
259 mount_crypt_stat_list) { 259 mount_crypt_stat_list) {
260 list_del(&auth_tok->mount_crypt_stat_list); 260 list_del(&auth_tok->mount_crypt_stat_list);
261 if (auth_tok->global_auth_tok_key 261 if (auth_tok->global_auth_tok_key
262 && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID)) 262 && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
263 key_put(auth_tok->global_auth_tok_key); 263 key_put(auth_tok->global_auth_tok_key);
264 kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok); 264 kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
265 } 265 }
266 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 266 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
267 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); 267 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
268 } 268 }
269 269
270 /** 270 /**
271 * virt_to_scatterlist 271 * virt_to_scatterlist
272 * @addr: Virtual address 272 * @addr: Virtual address
273 * @size: Size of data; should be an even multiple of the block size 273 * @size: Size of data; should be an even multiple of the block size
274 * @sg: Pointer to scatterlist array; set to NULL to obtain only 274 * @sg: Pointer to scatterlist array; set to NULL to obtain only
275 * the number of scatterlist structs required in array 275 * the number of scatterlist structs required in array
276 * @sg_size: Max array size 276 * @sg_size: Max array size
277 * 277 *
278 * Fills in a scatterlist array with page references for a passed 278 * Fills in a scatterlist array with page references for a passed
279 * virtual address. 279 * virtual address.
280 * 280 *
281 * Returns the number of scatterlist structs in array used 281 * Returns the number of scatterlist structs in array used
282 */ 282 */
283 int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg, 283 int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
284 int sg_size) 284 int sg_size)
285 { 285 {
286 int i = 0; 286 int i = 0;
287 struct page *pg; 287 struct page *pg;
288 int offset; 288 int offset;
289 int remainder_of_page; 289 int remainder_of_page;
290 290
291 sg_init_table(sg, sg_size); 291 sg_init_table(sg, sg_size);
292 292
293 while (size > 0 && i < sg_size) { 293 while (size > 0 && i < sg_size) {
294 pg = virt_to_page(addr); 294 pg = virt_to_page(addr);
295 offset = offset_in_page(addr); 295 offset = offset_in_page(addr);
296 sg_set_page(&sg[i], pg, 0, offset); 296 sg_set_page(&sg[i], pg, 0, offset);
297 remainder_of_page = PAGE_CACHE_SIZE - offset; 297 remainder_of_page = PAGE_CACHE_SIZE - offset;
298 if (size >= remainder_of_page) { 298 if (size >= remainder_of_page) {
299 sg[i].length = remainder_of_page; 299 sg[i].length = remainder_of_page;
300 addr += remainder_of_page; 300 addr += remainder_of_page;
301 size -= remainder_of_page; 301 size -= remainder_of_page;
302 } else { 302 } else {
303 sg[i].length = size; 303 sg[i].length = size;
304 addr += size; 304 addr += size;
305 size = 0; 305 size = 0;
306 } 306 }
307 i++; 307 i++;
308 } 308 }
309 if (size > 0) 309 if (size > 0)
310 return -ENOMEM; 310 return -ENOMEM;
311 return i; 311 return i;
312 } 312 }
313 313
314 struct extent_crypt_result { 314 struct extent_crypt_result {
315 struct completion completion; 315 struct completion completion;
316 int rc; 316 int rc;
317 }; 317 };
318 318
319 static void extent_crypt_complete(struct crypto_async_request *req, int rc) 319 static void extent_crypt_complete(struct crypto_async_request *req, int rc)
320 { 320 {
321 struct extent_crypt_result *ecr = req->data; 321 struct extent_crypt_result *ecr = req->data;
322 322
323 if (rc == -EINPROGRESS) 323 if (rc == -EINPROGRESS)
324 return; 324 return;
325 325
326 ecr->rc = rc; 326 ecr->rc = rc;
327 complete(&ecr->completion); 327 complete(&ecr->completion);
328 } 328 }
329 329
330 /** 330 /**
331 * crypt_scatterlist 331 * crypt_scatterlist
332 * @crypt_stat: Pointer to the crypt_stat struct to initialize. 332 * @crypt_stat: Pointer to the crypt_stat struct to initialize.
333 * @dst_sg: Destination of the data after performing the crypto operation 333 * @dst_sg: Destination of the data after performing the crypto operation
334 * @src_sg: Data to be encrypted or decrypted 334 * @src_sg: Data to be encrypted or decrypted
335 * @size: Length of data 335 * @size: Length of data
336 * @iv: IV to use 336 * @iv: IV to use
337 * @op: ENCRYPT or DECRYPT to indicate the desired operation 337 * @op: ENCRYPT or DECRYPT to indicate the desired operation
338 * 338 *
339 * Returns the number of bytes encrypted or decrypted; negative value on error 339 * Returns the number of bytes encrypted or decrypted; negative value on error
340 */ 340 */
341 static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, 341 static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
342 struct scatterlist *dst_sg, 342 struct scatterlist *dst_sg,
343 struct scatterlist *src_sg, int size, 343 struct scatterlist *src_sg, int size,
344 unsigned char *iv, int op) 344 unsigned char *iv, int op)
345 { 345 {
346 struct ablkcipher_request *req = NULL; 346 struct ablkcipher_request *req = NULL;
347 struct extent_crypt_result ecr; 347 struct extent_crypt_result ecr;
348 int rc = 0; 348 int rc = 0;
349 349
350 BUG_ON(!crypt_stat || !crypt_stat->tfm 350 BUG_ON(!crypt_stat || !crypt_stat->tfm
351 || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)); 351 || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
352 if (unlikely(ecryptfs_verbosity > 0)) { 352 if (unlikely(ecryptfs_verbosity > 0)) {
353 ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n", 353 ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
354 crypt_stat->key_size); 354 crypt_stat->key_size);
355 ecryptfs_dump_hex(crypt_stat->key, 355 ecryptfs_dump_hex(crypt_stat->key,
356 crypt_stat->key_size); 356 crypt_stat->key_size);
357 } 357 }
358 358
359 init_completion(&ecr.completion); 359 init_completion(&ecr.completion);
360 360
361 mutex_lock(&crypt_stat->cs_tfm_mutex); 361 mutex_lock(&crypt_stat->cs_tfm_mutex);
362 req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); 362 req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
363 if (!req) { 363 if (!req) {
364 mutex_unlock(&crypt_stat->cs_tfm_mutex); 364 mutex_unlock(&crypt_stat->cs_tfm_mutex);
365 rc = -ENOMEM; 365 rc = -ENOMEM;
366 goto out; 366 goto out;
367 } 367 }
368 368
369 ablkcipher_request_set_callback(req, 369 ablkcipher_request_set_callback(req,
370 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 370 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
371 extent_crypt_complete, &ecr); 371 extent_crypt_complete, &ecr);
372 /* Consider doing this once, when the file is opened */ 372 /* Consider doing this once, when the file is opened */
373 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { 373 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
374 rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, 374 rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
375 crypt_stat->key_size); 375 crypt_stat->key_size);
376 if (rc) { 376 if (rc) {
377 ecryptfs_printk(KERN_ERR, 377 ecryptfs_printk(KERN_ERR,
378 "Error setting key; rc = [%d]\n", 378 "Error setting key; rc = [%d]\n",
379 rc); 379 rc);
380 mutex_unlock(&crypt_stat->cs_tfm_mutex); 380 mutex_unlock(&crypt_stat->cs_tfm_mutex);
381 rc = -EINVAL; 381 rc = -EINVAL;
382 goto out; 382 goto out;
383 } 383 }
384 crypt_stat->flags |= ECRYPTFS_KEY_SET; 384 crypt_stat->flags |= ECRYPTFS_KEY_SET;
385 } 385 }
386 mutex_unlock(&crypt_stat->cs_tfm_mutex); 386 mutex_unlock(&crypt_stat->cs_tfm_mutex);
387 ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); 387 ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv);
388 rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : 388 rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) :
389 crypto_ablkcipher_decrypt(req); 389 crypto_ablkcipher_decrypt(req);
390 if (rc == -EINPROGRESS || rc == -EBUSY) { 390 if (rc == -EINPROGRESS || rc == -EBUSY) {
391 struct extent_crypt_result *ecr = req->base.data; 391 struct extent_crypt_result *ecr = req->base.data;
392 392
393 wait_for_completion(&ecr->completion); 393 wait_for_completion(&ecr->completion);
394 rc = ecr->rc; 394 rc = ecr->rc;
395 reinit_completion(&ecr->completion); 395 reinit_completion(&ecr->completion);
396 } 396 }
397 out: 397 out:
398 ablkcipher_request_free(req); 398 ablkcipher_request_free(req);
399 return rc; 399 return rc;
400 } 400 }
401 401
402 /** 402 /**
403 * lower_offset_for_page 403 * lower_offset_for_page
404 * 404 *
405 * Convert an eCryptfs page index into a lower byte offset 405 * Convert an eCryptfs page index into a lower byte offset
406 */ 406 */
407 static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, 407 static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat,
408 struct page *page) 408 struct page *page)
409 { 409 {
410 return ecryptfs_lower_header_size(crypt_stat) + 410 return ecryptfs_lower_header_size(crypt_stat) +
411 ((loff_t)page->index << PAGE_CACHE_SHIFT); 411 ((loff_t)page->index << PAGE_CACHE_SHIFT);
412 } 412 }
413 413
414 /** 414 /**
415 * crypt_extent 415 * crypt_extent
416 * @crypt_stat: crypt_stat containing cryptographic context for the 416 * @crypt_stat: crypt_stat containing cryptographic context for the
417 * encryption operation 417 * encryption operation
418 * @dst_page: The page to write the result into 418 * @dst_page: The page to write the result into
419 * @src_page: The page to read from 419 * @src_page: The page to read from
420 * @extent_offset: Page extent offset for use in generating IV 420 * @extent_offset: Page extent offset for use in generating IV
421 * @op: ENCRYPT or DECRYPT to indicate the desired operation 421 * @op: ENCRYPT or DECRYPT to indicate the desired operation
422 * 422 *
423 * Encrypts or decrypts one extent of data. 423 * Encrypts or decrypts one extent of data.
424 * 424 *
425 * Return zero on success; non-zero otherwise 425 * Return zero on success; non-zero otherwise
426 */ 426 */
427 static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat, 427 static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat,
428 struct page *dst_page, 428 struct page *dst_page,
429 struct page *src_page, 429 struct page *src_page,
430 unsigned long extent_offset, int op) 430 unsigned long extent_offset, int op)
431 { 431 {
432 pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index; 432 pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index;
433 loff_t extent_base; 433 loff_t extent_base;
434 char extent_iv[ECRYPTFS_MAX_IV_BYTES]; 434 char extent_iv[ECRYPTFS_MAX_IV_BYTES];
435 struct scatterlist src_sg, dst_sg; 435 struct scatterlist src_sg, dst_sg;
436 size_t extent_size = crypt_stat->extent_size; 436 size_t extent_size = crypt_stat->extent_size;
437 int rc; 437 int rc;
438 438
439 extent_base = (((loff_t)page_index) * (PAGE_CACHE_SIZE / extent_size)); 439 extent_base = (((loff_t)page_index) * (PAGE_CACHE_SIZE / extent_size));
440 rc = ecryptfs_derive_iv(extent_iv, crypt_stat, 440 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
441 (extent_base + extent_offset)); 441 (extent_base + extent_offset));
442 if (rc) { 442 if (rc) {
443 ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for " 443 ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
444 "extent [0x%.16llx]; rc = [%d]\n", 444 "extent [0x%.16llx]; rc = [%d]\n",
445 (unsigned long long)(extent_base + extent_offset), rc); 445 (unsigned long long)(extent_base + extent_offset), rc);
446 goto out; 446 goto out;
447 } 447 }
448 448
449 sg_init_table(&src_sg, 1); 449 sg_init_table(&src_sg, 1);
450 sg_init_table(&dst_sg, 1); 450 sg_init_table(&dst_sg, 1);
451 451
452 sg_set_page(&src_sg, src_page, extent_size, 452 sg_set_page(&src_sg, src_page, extent_size,
453 extent_offset * extent_size); 453 extent_offset * extent_size);
454 sg_set_page(&dst_sg, dst_page, extent_size, 454 sg_set_page(&dst_sg, dst_page, extent_size,
455 extent_offset * extent_size); 455 extent_offset * extent_size);
456 456
457 rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size, 457 rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size,
458 extent_iv, op); 458 extent_iv, op);
459 if (rc < 0) { 459 if (rc < 0) {
460 printk(KERN_ERR "%s: Error attempting to crypt page with " 460 printk(KERN_ERR "%s: Error attempting to crypt page with "
461 "page_index = [%ld], extent_offset = [%ld]; " 461 "page_index = [%ld], extent_offset = [%ld]; "
462 "rc = [%d]\n", __func__, page_index, extent_offset, rc); 462 "rc = [%d]\n", __func__, page_index, extent_offset, rc);
463 goto out; 463 goto out;
464 } 464 }
465 rc = 0; 465 rc = 0;
466 out: 466 out:
467 return rc; 467 return rc;
468 } 468 }
469 469
470 /** 470 /**
471 * ecryptfs_encrypt_page 471 * ecryptfs_encrypt_page
472 * @page: Page mapped from the eCryptfs inode for the file; contains 472 * @page: Page mapped from the eCryptfs inode for the file; contains
473 * decrypted content that needs to be encrypted (to a temporary 473 * decrypted content that needs to be encrypted (to a temporary
474 * page; not in place) and written out to the lower file 474 * page; not in place) and written out to the lower file
475 * 475 *
476 * Encrypt an eCryptfs page. This is done on a per-extent basis. Note 476 * Encrypt an eCryptfs page. This is done on a per-extent basis. Note
477 * that eCryptfs pages may straddle the lower pages -- for instance, 477 * that eCryptfs pages may straddle the lower pages -- for instance,
478 * if the file was created on a machine with an 8K page size 478 * if the file was created on a machine with an 8K page size
479 * (resulting in an 8K header), and then the file is copied onto a 479 * (resulting in an 8K header), and then the file is copied onto a
480 * host with a 32K page size, then when reading page 0 of the eCryptfs 480 * host with a 32K page size, then when reading page 0 of the eCryptfs
481 * file, 24K of page 0 of the lower file will be read and decrypted, 481 * file, 24K of page 0 of the lower file will be read and decrypted,
482 * and then 8K of page 1 of the lower file will be read and decrypted. 482 * and then 8K of page 1 of the lower file will be read and decrypted.
483 * 483 *
484 * Returns zero on success; negative on error 484 * Returns zero on success; negative on error
485 */ 485 */
486 int ecryptfs_encrypt_page(struct page *page) 486 int ecryptfs_encrypt_page(struct page *page)
487 { 487 {
488 struct inode *ecryptfs_inode; 488 struct inode *ecryptfs_inode;
489 struct ecryptfs_crypt_stat *crypt_stat; 489 struct ecryptfs_crypt_stat *crypt_stat;
490 char *enc_extent_virt; 490 char *enc_extent_virt;
491 struct page *enc_extent_page = NULL; 491 struct page *enc_extent_page = NULL;
492 loff_t extent_offset; 492 loff_t extent_offset;
493 loff_t lower_offset; 493 loff_t lower_offset;
494 int rc = 0; 494 int rc = 0;
495 495
496 ecryptfs_inode = page->mapping->host; 496 ecryptfs_inode = page->mapping->host;
497 crypt_stat = 497 crypt_stat =
498 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); 498 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
499 BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); 499 BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
500 enc_extent_page = alloc_page(GFP_USER); 500 enc_extent_page = alloc_page(GFP_USER);
501 if (!enc_extent_page) { 501 if (!enc_extent_page) {
502 rc = -ENOMEM; 502 rc = -ENOMEM;
503 ecryptfs_printk(KERN_ERR, "Error allocating memory for " 503 ecryptfs_printk(KERN_ERR, "Error allocating memory for "
504 "encrypted extent\n"); 504 "encrypted extent\n");
505 goto out; 505 goto out;
506 } 506 }
507 507
508 for (extent_offset = 0; 508 for (extent_offset = 0;
509 extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); 509 extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
510 extent_offset++) { 510 extent_offset++) {
511 rc = crypt_extent(crypt_stat, enc_extent_page, page, 511 rc = crypt_extent(crypt_stat, enc_extent_page, page,
512 extent_offset, ENCRYPT); 512 extent_offset, ENCRYPT);
513 if (rc) { 513 if (rc) {
514 printk(KERN_ERR "%s: Error encrypting extent; " 514 printk(KERN_ERR "%s: Error encrypting extent; "
515 "rc = [%d]\n", __func__, rc); 515 "rc = [%d]\n", __func__, rc);
516 goto out; 516 goto out;
517 } 517 }
518 } 518 }
519 519
520 lower_offset = lower_offset_for_page(crypt_stat, page); 520 lower_offset = lower_offset_for_page(crypt_stat, page);
521 enc_extent_virt = kmap(enc_extent_page); 521 enc_extent_virt = kmap(enc_extent_page);
522 rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset, 522 rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset,
523 PAGE_CACHE_SIZE); 523 PAGE_CACHE_SIZE);
524 kunmap(enc_extent_page); 524 kunmap(enc_extent_page);
525 if (rc < 0) { 525 if (rc < 0) {
526 ecryptfs_printk(KERN_ERR, 526 ecryptfs_printk(KERN_ERR,
527 "Error attempting to write lower page; rc = [%d]\n", 527 "Error attempting to write lower page; rc = [%d]\n",
528 rc); 528 rc);
529 goto out; 529 goto out;
530 } 530 }
531 rc = 0; 531 rc = 0;
532 out: 532 out:
533 if (enc_extent_page) { 533 if (enc_extent_page) {
534 __free_page(enc_extent_page); 534 __free_page(enc_extent_page);
535 } 535 }
536 return rc; 536 return rc;
537 } 537 }
538 538
539 /** 539 /**
540 * ecryptfs_decrypt_page 540 * ecryptfs_decrypt_page
541 * @page: Page mapped from the eCryptfs inode for the file; data read 541 * @page: Page mapped from the eCryptfs inode for the file; data read
542 * and decrypted from the lower file will be written into this 542 * and decrypted from the lower file will be written into this
543 * page 543 * page
544 * 544 *
545 * Decrypt an eCryptfs page. This is done on a per-extent basis. Note 545 * Decrypt an eCryptfs page. This is done on a per-extent basis. Note
546 * that eCryptfs pages may straddle the lower pages -- for instance, 546 * that eCryptfs pages may straddle the lower pages -- for instance,
547 * if the file was created on a machine with an 8K page size 547 * if the file was created on a machine with an 8K page size
548 * (resulting in an 8K header), and then the file is copied onto a 548 * (resulting in an 8K header), and then the file is copied onto a
549 * host with a 32K page size, then when reading page 0 of the eCryptfs 549 * host with a 32K page size, then when reading page 0 of the eCryptfs
550 * file, 24K of page 0 of the lower file will be read and decrypted, 550 * file, 24K of page 0 of the lower file will be read and decrypted,
551 * and then 8K of page 1 of the lower file will be read and decrypted. 551 * and then 8K of page 1 of the lower file will be read and decrypted.
552 * 552 *
553 * Returns zero on success; negative on error 553 * Returns zero on success; negative on error
554 */ 554 */
555 int ecryptfs_decrypt_page(struct page *page) 555 int ecryptfs_decrypt_page(struct page *page)
556 { 556 {
557 struct inode *ecryptfs_inode; 557 struct inode *ecryptfs_inode;
558 struct ecryptfs_crypt_stat *crypt_stat; 558 struct ecryptfs_crypt_stat *crypt_stat;
559 char *page_virt; 559 char *page_virt;
560 unsigned long extent_offset; 560 unsigned long extent_offset;
561 loff_t lower_offset; 561 loff_t lower_offset;
562 int rc = 0; 562 int rc = 0;
563 563
564 ecryptfs_inode = page->mapping->host; 564 ecryptfs_inode = page->mapping->host;
565 crypt_stat = 565 crypt_stat =
566 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); 566 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
567 BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); 567 BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
568 568
569 lower_offset = lower_offset_for_page(crypt_stat, page); 569 lower_offset = lower_offset_for_page(crypt_stat, page);
570 page_virt = kmap(page); 570 page_virt = kmap(page);
571 rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_CACHE_SIZE, 571 rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_CACHE_SIZE,
572 ecryptfs_inode); 572 ecryptfs_inode);
573 kunmap(page); 573 kunmap(page);
574 if (rc < 0) { 574 if (rc < 0) {
575 ecryptfs_printk(KERN_ERR, 575 ecryptfs_printk(KERN_ERR,
576 "Error attempting to read lower page; rc = [%d]\n", 576 "Error attempting to read lower page; rc = [%d]\n",
577 rc); 577 rc);
578 goto out; 578 goto out;
579 } 579 }
580 580
581 for (extent_offset = 0; 581 for (extent_offset = 0;
582 extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); 582 extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
583 extent_offset++) { 583 extent_offset++) {
584 rc = crypt_extent(crypt_stat, page, page, 584 rc = crypt_extent(crypt_stat, page, page,
585 extent_offset, DECRYPT); 585 extent_offset, DECRYPT);
586 if (rc) { 586 if (rc) {
587 printk(KERN_ERR "%s: Error encrypting extent; " 587 printk(KERN_ERR "%s: Error encrypting extent; "
588 "rc = [%d]\n", __func__, rc); 588 "rc = [%d]\n", __func__, rc);
589 goto out; 589 goto out;
590 } 590 }
591 } 591 }
592 out: 592 out:
593 return rc; 593 return rc;
594 } 594 }
595 595
596 #define ECRYPTFS_MAX_SCATTERLIST_LEN 4 596 #define ECRYPTFS_MAX_SCATTERLIST_LEN 4
597 597
598 /** 598 /**
599 * ecryptfs_init_crypt_ctx 599 * ecryptfs_init_crypt_ctx
600 * @crypt_stat: Uninitialized crypt stats structure 600 * @crypt_stat: Uninitialized crypt stats structure
601 * 601 *
602 * Initialize the crypto context. 602 * Initialize the crypto context.
603 * 603 *
604 * TODO: Performance: Keep a cache of initialized cipher contexts; 604 * TODO: Performance: Keep a cache of initialized cipher contexts;
605 * only init if needed 605 * only init if needed
606 */ 606 */
607 int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) 607 int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
608 { 608 {
609 char *full_alg_name; 609 char *full_alg_name;
610 int rc = -EINVAL; 610 int rc = -EINVAL;
611 611
612 ecryptfs_printk(KERN_DEBUG, 612 ecryptfs_printk(KERN_DEBUG,
613 "Initializing cipher [%s]; strlen = [%d]; " 613 "Initializing cipher [%s]; strlen = [%d]; "
614 "key_size_bits = [%zd]\n", 614 "key_size_bits = [%zd]\n",
615 crypt_stat->cipher, (int)strlen(crypt_stat->cipher), 615 crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
616 crypt_stat->key_size << 3); 616 crypt_stat->key_size << 3);
617 mutex_lock(&crypt_stat->cs_tfm_mutex); 617 mutex_lock(&crypt_stat->cs_tfm_mutex);
618 if (crypt_stat->tfm) { 618 if (crypt_stat->tfm) {
619 rc = 0; 619 rc = 0;
620 goto out_unlock; 620 goto out_unlock;
621 } 621 }
622 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, 622 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
623 crypt_stat->cipher, "cbc"); 623 crypt_stat->cipher, "cbc");
624 if (rc) 624 if (rc)
625 goto out_unlock; 625 goto out_unlock;
626 crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0); 626 crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0);
627 if (IS_ERR(crypt_stat->tfm)) { 627 if (IS_ERR(crypt_stat->tfm)) {
628 rc = PTR_ERR(crypt_stat->tfm); 628 rc = PTR_ERR(crypt_stat->tfm);
629 crypt_stat->tfm = NULL; 629 crypt_stat->tfm = NULL;
630 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " 630 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
631 "Error initializing cipher [%s]\n", 631 "Error initializing cipher [%s]\n",
632 full_alg_name); 632 full_alg_name);
633 goto out_free; 633 goto out_free;
634 } 634 }
635 crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); 635 crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
636 rc = 0; 636 rc = 0;
637 out_free: 637 out_free:
638 kfree(full_alg_name); 638 kfree(full_alg_name);
639 out_unlock: 639 out_unlock:
640 mutex_unlock(&crypt_stat->cs_tfm_mutex); 640 mutex_unlock(&crypt_stat->cs_tfm_mutex);
641 return rc; 641 return rc;
642 } 642 }
643 643
644 static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat) 644 static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
645 { 645 {
646 int extent_size_tmp; 646 int extent_size_tmp;
647 647
648 crypt_stat->extent_mask = 0xFFFFFFFF; 648 crypt_stat->extent_mask = 0xFFFFFFFF;
649 crypt_stat->extent_shift = 0; 649 crypt_stat->extent_shift = 0;
650 if (crypt_stat->extent_size == 0) 650 if (crypt_stat->extent_size == 0)
651 return; 651 return;
652 extent_size_tmp = crypt_stat->extent_size; 652 extent_size_tmp = crypt_stat->extent_size;
653 while ((extent_size_tmp & 0x01) == 0) { 653 while ((extent_size_tmp & 0x01) == 0) {
654 extent_size_tmp >>= 1; 654 extent_size_tmp >>= 1;
655 crypt_stat->extent_mask <<= 1; 655 crypt_stat->extent_mask <<= 1;
656 crypt_stat->extent_shift++; 656 crypt_stat->extent_shift++;
657 } 657 }
658 } 658 }
659 659
660 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat) 660 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
661 { 661 {
662 /* Default values; may be overwritten as we are parsing the 662 /* Default values; may be overwritten as we are parsing the
663 * packets. */ 663 * packets. */
664 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; 664 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
665 set_extent_mask_and_shift(crypt_stat); 665 set_extent_mask_and_shift(crypt_stat);
666 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; 666 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
667 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 667 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
668 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 668 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
669 else { 669 else {
670 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) 670 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
671 crypt_stat->metadata_size = 671 crypt_stat->metadata_size =
672 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 672 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
673 else 673 else
674 crypt_stat->metadata_size = PAGE_CACHE_SIZE; 674 crypt_stat->metadata_size = PAGE_CACHE_SIZE;
675 } 675 }
676 } 676 }
677 677
678 /** 678 /**
679 * ecryptfs_compute_root_iv 679 * ecryptfs_compute_root_iv
680 * @crypt_stats 680 * @crypt_stats
681 * 681 *
682 * On error, sets the root IV to all 0's. 682 * On error, sets the root IV to all 0's.
683 */ 683 */
684 int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) 684 int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
685 { 685 {
686 int rc = 0; 686 int rc = 0;
687 char dst[MD5_DIGEST_SIZE]; 687 char dst[MD5_DIGEST_SIZE];
688 688
689 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); 689 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
690 BUG_ON(crypt_stat->iv_bytes <= 0); 690 BUG_ON(crypt_stat->iv_bytes <= 0);
691 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { 691 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
692 rc = -EINVAL; 692 rc = -EINVAL;
693 ecryptfs_printk(KERN_WARNING, "Session key not valid; " 693 ecryptfs_printk(KERN_WARNING, "Session key not valid; "
694 "cannot generate root IV\n"); 694 "cannot generate root IV\n");
695 goto out; 695 goto out;
696 } 696 }
697 rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key, 697 rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
698 crypt_stat->key_size); 698 crypt_stat->key_size);
699 if (rc) { 699 if (rc) {
700 ecryptfs_printk(KERN_WARNING, "Error attempting to compute " 700 ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
701 "MD5 while generating root IV\n"); 701 "MD5 while generating root IV\n");
702 goto out; 702 goto out;
703 } 703 }
704 memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes); 704 memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
705 out: 705 out:
706 if (rc) { 706 if (rc) {
707 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); 707 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
708 crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING; 708 crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
709 } 709 }
710 return rc; 710 return rc;
711 } 711 }
712 712
713 static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) 713 static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
714 { 714 {
715 get_random_bytes(crypt_stat->key, crypt_stat->key_size); 715 get_random_bytes(crypt_stat->key, crypt_stat->key_size);
716 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 716 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
717 ecryptfs_compute_root_iv(crypt_stat); 717 ecryptfs_compute_root_iv(crypt_stat);
718 if (unlikely(ecryptfs_verbosity > 0)) { 718 if (unlikely(ecryptfs_verbosity > 0)) {
719 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); 719 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
720 ecryptfs_dump_hex(crypt_stat->key, 720 ecryptfs_dump_hex(crypt_stat->key,
721 crypt_stat->key_size); 721 crypt_stat->key_size);
722 } 722 }
723 } 723 }
724 724
725 /** 725 /**
726 * ecryptfs_copy_mount_wide_flags_to_inode_flags 726 * ecryptfs_copy_mount_wide_flags_to_inode_flags
727 * @crypt_stat: The inode's cryptographic context 727 * @crypt_stat: The inode's cryptographic context
728 * @mount_crypt_stat: The mount point's cryptographic context 728 * @mount_crypt_stat: The mount point's cryptographic context
729 * 729 *
730 * This function propagates the mount-wide flags to individual inode 730 * This function propagates the mount-wide flags to individual inode
731 * flags. 731 * flags.
732 */ 732 */
733 static void ecryptfs_copy_mount_wide_flags_to_inode_flags( 733 static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
734 struct ecryptfs_crypt_stat *crypt_stat, 734 struct ecryptfs_crypt_stat *crypt_stat,
735 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 735 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
736 { 736 {
737 if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) 737 if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
738 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 738 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
739 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) 739 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
740 crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; 740 crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;
741 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { 741 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
742 crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES; 742 crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES;
743 if (mount_crypt_stat->flags 743 if (mount_crypt_stat->flags
744 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) 744 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
745 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK; 745 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
746 else if (mount_crypt_stat->flags 746 else if (mount_crypt_stat->flags
747 & ECRYPTFS_GLOBAL_ENCFN_USE_FEK) 747 & ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
748 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK; 748 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK;
749 } 749 }
750 } 750 }
751 751
752 static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( 752 static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
753 struct ecryptfs_crypt_stat *crypt_stat, 753 struct ecryptfs_crypt_stat *crypt_stat,
754 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 754 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
755 { 755 {
756 struct ecryptfs_global_auth_tok *global_auth_tok; 756 struct ecryptfs_global_auth_tok *global_auth_tok;
757 int rc = 0; 757 int rc = 0;
758 758
759 mutex_lock(&crypt_stat->keysig_list_mutex); 759 mutex_lock(&crypt_stat->keysig_list_mutex);
760 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 760 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
761 761
762 list_for_each_entry(global_auth_tok, 762 list_for_each_entry(global_auth_tok,
763 &mount_crypt_stat->global_auth_tok_list, 763 &mount_crypt_stat->global_auth_tok_list,
764 mount_crypt_stat_list) { 764 mount_crypt_stat_list) {
765 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK) 765 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
766 continue; 766 continue;
767 rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig); 767 rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
768 if (rc) { 768 if (rc) {
769 printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc); 769 printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
770 goto out; 770 goto out;
771 } 771 }
772 } 772 }
773 773
774 out: 774 out:
775 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 775 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
776 mutex_unlock(&crypt_stat->keysig_list_mutex); 776 mutex_unlock(&crypt_stat->keysig_list_mutex);
777 return rc; 777 return rc;
778 } 778 }
779 779
780 /** 780 /**
781 * ecryptfs_set_default_crypt_stat_vals 781 * ecryptfs_set_default_crypt_stat_vals
782 * @crypt_stat: The inode's cryptographic context 782 * @crypt_stat: The inode's cryptographic context
783 * @mount_crypt_stat: The mount point's cryptographic context 783 * @mount_crypt_stat: The mount point's cryptographic context
784 * 784 *
785 * Default values in the event that policy does not override them. 785 * Default values in the event that policy does not override them.
786 */ 786 */
787 static void ecryptfs_set_default_crypt_stat_vals( 787 static void ecryptfs_set_default_crypt_stat_vals(
788 struct ecryptfs_crypt_stat *crypt_stat, 788 struct ecryptfs_crypt_stat *crypt_stat,
789 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 789 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
790 { 790 {
791 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 791 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
792 mount_crypt_stat); 792 mount_crypt_stat);
793 ecryptfs_set_default_sizes(crypt_stat); 793 ecryptfs_set_default_sizes(crypt_stat);
794 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); 794 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
795 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; 795 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
796 crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID); 796 crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
797 crypt_stat->file_version = ECRYPTFS_FILE_VERSION; 797 crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
798 crypt_stat->mount_crypt_stat = mount_crypt_stat; 798 crypt_stat->mount_crypt_stat = mount_crypt_stat;
799 } 799 }
800 800
801 /** 801 /**
802 * ecryptfs_new_file_context 802 * ecryptfs_new_file_context
803 * @ecryptfs_inode: The eCryptfs inode 803 * @ecryptfs_inode: The eCryptfs inode
804 * 804 *
805 * If the crypto context for the file has not yet been established, 805 * If the crypto context for the file has not yet been established,
806 * this is where we do that. Establishing a new crypto context 806 * this is where we do that. Establishing a new crypto context
807 * involves the following decisions: 807 * involves the following decisions:
808 * - What cipher to use? 808 * - What cipher to use?
809 * - What set of authentication tokens to use? 809 * - What set of authentication tokens to use?
810 * Here we just worry about getting enough information into the 810 * Here we just worry about getting enough information into the
811 * authentication tokens so that we know that they are available. 811 * authentication tokens so that we know that they are available.
812 * We associate the available authentication tokens with the new file 812 * We associate the available authentication tokens with the new file
813 * via the set of signatures in the crypt_stat struct. Later, when 813 * via the set of signatures in the crypt_stat struct. Later, when
814 * the headers are actually written out, we may again defer to 814 * the headers are actually written out, we may again defer to
815 * userspace to perform the encryption of the session key; for the 815 * userspace to perform the encryption of the session key; for the
816 * foreseeable future, this will be the case with public key packets. 816 * foreseeable future, this will be the case with public key packets.
817 * 817 *
818 * Returns zero on success; non-zero otherwise 818 * Returns zero on success; non-zero otherwise
819 */ 819 */
820 int ecryptfs_new_file_context(struct inode *ecryptfs_inode) 820 int ecryptfs_new_file_context(struct inode *ecryptfs_inode)
821 { 821 {
822 struct ecryptfs_crypt_stat *crypt_stat = 822 struct ecryptfs_crypt_stat *crypt_stat =
823 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 823 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
824 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 824 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
825 &ecryptfs_superblock_to_private( 825 &ecryptfs_superblock_to_private(
826 ecryptfs_inode->i_sb)->mount_crypt_stat; 826 ecryptfs_inode->i_sb)->mount_crypt_stat;
827 int cipher_name_len; 827 int cipher_name_len;
828 int rc = 0; 828 int rc = 0;
829 829
830 ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat); 830 ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
831 crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID); 831 crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID);
832 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 832 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
833 mount_crypt_stat); 833 mount_crypt_stat);
834 rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat, 834 rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
835 mount_crypt_stat); 835 mount_crypt_stat);
836 if (rc) { 836 if (rc) {
837 printk(KERN_ERR "Error attempting to copy mount-wide key sigs " 837 printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
838 "to the inode key sigs; rc = [%d]\n", rc); 838 "to the inode key sigs; rc = [%d]\n", rc);
839 goto out; 839 goto out;
840 } 840 }
841 cipher_name_len = 841 cipher_name_len =
842 strlen(mount_crypt_stat->global_default_cipher_name); 842 strlen(mount_crypt_stat->global_default_cipher_name);
843 memcpy(crypt_stat->cipher, 843 memcpy(crypt_stat->cipher,
844 mount_crypt_stat->global_default_cipher_name, 844 mount_crypt_stat->global_default_cipher_name,
845 cipher_name_len); 845 cipher_name_len);
846 crypt_stat->cipher[cipher_name_len] = '\0'; 846 crypt_stat->cipher[cipher_name_len] = '\0';
847 crypt_stat->key_size = 847 crypt_stat->key_size =
848 mount_crypt_stat->global_default_cipher_key_size; 848 mount_crypt_stat->global_default_cipher_key_size;
849 ecryptfs_generate_new_key(crypt_stat); 849 ecryptfs_generate_new_key(crypt_stat);
850 rc = ecryptfs_init_crypt_ctx(crypt_stat); 850 rc = ecryptfs_init_crypt_ctx(crypt_stat);
851 if (rc) 851 if (rc)
852 ecryptfs_printk(KERN_ERR, "Error initializing cryptographic " 852 ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
853 "context for cipher [%s]: rc = [%d]\n", 853 "context for cipher [%s]: rc = [%d]\n",
854 crypt_stat->cipher, rc); 854 crypt_stat->cipher, rc);
855 out: 855 out:
856 return rc; 856 return rc;
857 } 857 }
858 858
859 /** 859 /**
860 * ecryptfs_validate_marker - check for the ecryptfs marker 860 * ecryptfs_validate_marker - check for the ecryptfs marker
861 * @data: The data block in which to check 861 * @data: The data block in which to check
862 * 862 *
863 * Returns zero if marker found; -EINVAL if not found 863 * Returns zero if marker found; -EINVAL if not found
864 */ 864 */
865 static int ecryptfs_validate_marker(char *data) 865 static int ecryptfs_validate_marker(char *data)
866 { 866 {
867 u32 m_1, m_2; 867 u32 m_1, m_2;
868 868
869 m_1 = get_unaligned_be32(data); 869 m_1 = get_unaligned_be32(data);
870 m_2 = get_unaligned_be32(data + 4); 870 m_2 = get_unaligned_be32(data + 4);
871 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2) 871 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
872 return 0; 872 return 0;
873 ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; " 873 ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
874 "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2, 874 "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
875 MAGIC_ECRYPTFS_MARKER); 875 MAGIC_ECRYPTFS_MARKER);
876 ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = " 876 ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
877 "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER)); 877 "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
878 return -EINVAL; 878 return -EINVAL;
879 } 879 }
880 880
881 struct ecryptfs_flag_map_elem { 881 struct ecryptfs_flag_map_elem {
882 u32 file_flag; 882 u32 file_flag;
883 u32 local_flag; 883 u32 local_flag;
884 }; 884 };
885 885
886 /* Add support for additional flags by adding elements here. */ 886 /* Add support for additional flags by adding elements here. */
887 static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { 887 static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
888 {0x00000001, ECRYPTFS_ENABLE_HMAC}, 888 {0x00000001, ECRYPTFS_ENABLE_HMAC},
889 {0x00000002, ECRYPTFS_ENCRYPTED}, 889 {0x00000002, ECRYPTFS_ENCRYPTED},
890 {0x00000004, ECRYPTFS_METADATA_IN_XATTR}, 890 {0x00000004, ECRYPTFS_METADATA_IN_XATTR},
891 {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES} 891 {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
892 }; 892 };
893 893
894 /** 894 /**
895 * ecryptfs_process_flags 895 * ecryptfs_process_flags
896 * @crypt_stat: The cryptographic context 896 * @crypt_stat: The cryptographic context
897 * @page_virt: Source data to be parsed 897 * @page_virt: Source data to be parsed
898 * @bytes_read: Updated with the number of bytes read 898 * @bytes_read: Updated with the number of bytes read
899 * 899 *
900 * Returns zero on success; non-zero if the flag set is invalid 900 * Returns zero on success; non-zero if the flag set is invalid
901 */ 901 */
902 static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, 902 static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
903 char *page_virt, int *bytes_read) 903 char *page_virt, int *bytes_read)
904 { 904 {
905 int rc = 0; 905 int rc = 0;
906 int i; 906 int i;
907 u32 flags; 907 u32 flags;
908 908
909 flags = get_unaligned_be32(page_virt); 909 flags = get_unaligned_be32(page_virt);
910 for (i = 0; i < ((sizeof(ecryptfs_flag_map) 910 for (i = 0; i < ((sizeof(ecryptfs_flag_map)
911 / sizeof(struct ecryptfs_flag_map_elem))); i++) 911 / sizeof(struct ecryptfs_flag_map_elem))); i++)
912 if (flags & ecryptfs_flag_map[i].file_flag) { 912 if (flags & ecryptfs_flag_map[i].file_flag) {
913 crypt_stat->flags |= ecryptfs_flag_map[i].local_flag; 913 crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
914 } else 914 } else
915 crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag); 915 crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
916 /* Version is in top 8 bits of the 32-bit flag vector */ 916 /* Version is in top 8 bits of the 32-bit flag vector */
917 crypt_stat->file_version = ((flags >> 24) & 0xFF); 917 crypt_stat->file_version = ((flags >> 24) & 0xFF);
918 (*bytes_read) = 4; 918 (*bytes_read) = 4;
919 return rc; 919 return rc;
920 } 920 }
921 921
922 /** 922 /**
923 * write_ecryptfs_marker 923 * write_ecryptfs_marker
924 * @page_virt: The pointer to in a page to begin writing the marker 924 * @page_virt: The pointer to in a page to begin writing the marker
925 * @written: Number of bytes written 925 * @written: Number of bytes written
926 * 926 *
927 * Marker = 0x3c81b7f5 927 * Marker = 0x3c81b7f5
928 */ 928 */
929 static void write_ecryptfs_marker(char *page_virt, size_t *written) 929 static void write_ecryptfs_marker(char *page_virt, size_t *written)
930 { 930 {
931 u32 m_1, m_2; 931 u32 m_1, m_2;
932 932
933 get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2)); 933 get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
934 m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER); 934 m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
935 put_unaligned_be32(m_1, page_virt); 935 put_unaligned_be32(m_1, page_virt);
936 page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2); 936 page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2);
937 put_unaligned_be32(m_2, page_virt); 937 put_unaligned_be32(m_2, page_virt);
938 (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; 938 (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
939 } 939 }
940 940
941 void ecryptfs_write_crypt_stat_flags(char *page_virt, 941 void ecryptfs_write_crypt_stat_flags(char *page_virt,
942 struct ecryptfs_crypt_stat *crypt_stat, 942 struct ecryptfs_crypt_stat *crypt_stat,
943 size_t *written) 943 size_t *written)
944 { 944 {
945 u32 flags = 0; 945 u32 flags = 0;
946 int i; 946 int i;
947 947
948 for (i = 0; i < ((sizeof(ecryptfs_flag_map) 948 for (i = 0; i < ((sizeof(ecryptfs_flag_map)
949 / sizeof(struct ecryptfs_flag_map_elem))); i++) 949 / sizeof(struct ecryptfs_flag_map_elem))); i++)
950 if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag) 950 if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
951 flags |= ecryptfs_flag_map[i].file_flag; 951 flags |= ecryptfs_flag_map[i].file_flag;
952 /* Version is in top 8 bits of the 32-bit flag vector */ 952 /* Version is in top 8 bits of the 32-bit flag vector */
953 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); 953 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
954 put_unaligned_be32(flags, page_virt); 954 put_unaligned_be32(flags, page_virt);
955 (*written) = 4; 955 (*written) = 4;
956 } 956 }
957 957
958 struct ecryptfs_cipher_code_str_map_elem { 958 struct ecryptfs_cipher_code_str_map_elem {
959 char cipher_str[16]; 959 char cipher_str[16];
960 u8 cipher_code; 960 u8 cipher_code;
961 }; 961 };
962 962
963 /* Add support for additional ciphers by adding elements here. The 963 /* Add support for additional ciphers by adding elements here. The
964 * cipher_code is whatever OpenPGP applicatoins use to identify the 964 * cipher_code is whatever OpenPGP applicatoins use to identify the
965 * ciphers. List in order of probability. */ 965 * ciphers. List in order of probability. */
966 static struct ecryptfs_cipher_code_str_map_elem 966 static struct ecryptfs_cipher_code_str_map_elem
967 ecryptfs_cipher_code_str_map[] = { 967 ecryptfs_cipher_code_str_map[] = {
968 {"aes",RFC2440_CIPHER_AES_128 }, 968 {"aes",RFC2440_CIPHER_AES_128 },
969 {"blowfish", RFC2440_CIPHER_BLOWFISH}, 969 {"blowfish", RFC2440_CIPHER_BLOWFISH},
970 {"des3_ede", RFC2440_CIPHER_DES3_EDE}, 970 {"des3_ede", RFC2440_CIPHER_DES3_EDE},
971 {"cast5", RFC2440_CIPHER_CAST_5}, 971 {"cast5", RFC2440_CIPHER_CAST_5},
972 {"twofish", RFC2440_CIPHER_TWOFISH}, 972 {"twofish", RFC2440_CIPHER_TWOFISH},
973 {"cast6", RFC2440_CIPHER_CAST_6}, 973 {"cast6", RFC2440_CIPHER_CAST_6},
974 {"aes", RFC2440_CIPHER_AES_192}, 974 {"aes", RFC2440_CIPHER_AES_192},
975 {"aes", RFC2440_CIPHER_AES_256} 975 {"aes", RFC2440_CIPHER_AES_256}
976 }; 976 };
977 977
978 /** 978 /**
979 * ecryptfs_code_for_cipher_string 979 * ecryptfs_code_for_cipher_string
980 * @cipher_name: The string alias for the cipher 980 * @cipher_name: The string alias for the cipher
981 * @key_bytes: Length of key in bytes; used for AES code selection 981 * @key_bytes: Length of key in bytes; used for AES code selection
982 * 982 *
983 * Returns zero on no match, or the cipher code on match 983 * Returns zero on no match, or the cipher code on match
984 */ 984 */
985 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes) 985 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
986 { 986 {
987 int i; 987 int i;
988 u8 code = 0; 988 u8 code = 0;
989 struct ecryptfs_cipher_code_str_map_elem *map = 989 struct ecryptfs_cipher_code_str_map_elem *map =
990 ecryptfs_cipher_code_str_map; 990 ecryptfs_cipher_code_str_map;
991 991
992 if (strcmp(cipher_name, "aes") == 0) { 992 if (strcmp(cipher_name, "aes") == 0) {
993 switch (key_bytes) { 993 switch (key_bytes) {
994 case 16: 994 case 16:
995 code = RFC2440_CIPHER_AES_128; 995 code = RFC2440_CIPHER_AES_128;
996 break; 996 break;
997 case 24: 997 case 24:
998 code = RFC2440_CIPHER_AES_192; 998 code = RFC2440_CIPHER_AES_192;
999 break; 999 break;
1000 case 32: 1000 case 32:
1001 code = RFC2440_CIPHER_AES_256; 1001 code = RFC2440_CIPHER_AES_256;
1002 } 1002 }
1003 } else { 1003 } else {
1004 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) 1004 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
1005 if (strcmp(cipher_name, map[i].cipher_str) == 0) { 1005 if (strcmp(cipher_name, map[i].cipher_str) == 0) {
1006 code = map[i].cipher_code; 1006 code = map[i].cipher_code;
1007 break; 1007 break;
1008 } 1008 }
1009 } 1009 }
1010 return code; 1010 return code;
1011 } 1011 }
1012 1012
1013 /** 1013 /**
1014 * ecryptfs_cipher_code_to_string 1014 * ecryptfs_cipher_code_to_string
1015 * @str: Destination to write out the cipher name 1015 * @str: Destination to write out the cipher name
1016 * @cipher_code: The code to convert to cipher name string 1016 * @cipher_code: The code to convert to cipher name string
1017 * 1017 *
1018 * Returns zero on success 1018 * Returns zero on success
1019 */ 1019 */
1020 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code) 1020 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
1021 { 1021 {
1022 int rc = 0; 1022 int rc = 0;
1023 int i; 1023 int i;
1024 1024
1025 str[0] = '\0'; 1025 str[0] = '\0';
1026 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) 1026 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
1027 if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code) 1027 if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
1028 strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str); 1028 strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
1029 if (str[0] == '\0') { 1029 if (str[0] == '\0') {
1030 ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: " 1030 ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
1031 "[%d]\n", cipher_code); 1031 "[%d]\n", cipher_code);
1032 rc = -EINVAL; 1032 rc = -EINVAL;
1033 } 1033 }
1034 return rc; 1034 return rc;
1035 } 1035 }
1036 1036
1037 int ecryptfs_read_and_validate_header_region(struct inode *inode) 1037 int ecryptfs_read_and_validate_header_region(struct inode *inode)
1038 { 1038 {
1039 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES]; 1039 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
1040 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES; 1040 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
1041 int rc; 1041 int rc;
1042 1042
1043 rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES, 1043 rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
1044 inode); 1044 inode);
1045 if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) 1045 if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
1046 return rc >= 0 ? -EINVAL : rc; 1046 return rc >= 0 ? -EINVAL : rc;
1047 rc = ecryptfs_validate_marker(marker); 1047 rc = ecryptfs_validate_marker(marker);
1048 if (!rc) 1048 if (!rc)
1049 ecryptfs_i_size_init(file_size, inode); 1049 ecryptfs_i_size_init(file_size, inode);
1050 return rc; 1050 return rc;
1051 } 1051 }
1052 1052
1053 void 1053 void
1054 ecryptfs_write_header_metadata(char *virt, 1054 ecryptfs_write_header_metadata(char *virt,
1055 struct ecryptfs_crypt_stat *crypt_stat, 1055 struct ecryptfs_crypt_stat *crypt_stat,
1056 size_t *written) 1056 size_t *written)
1057 { 1057 {
1058 u32 header_extent_size; 1058 u32 header_extent_size;
1059 u16 num_header_extents_at_front; 1059 u16 num_header_extents_at_front;
1060 1060
1061 header_extent_size = (u32)crypt_stat->extent_size; 1061 header_extent_size = (u32)crypt_stat->extent_size;
1062 num_header_extents_at_front = 1062 num_header_extents_at_front =
1063 (u16)(crypt_stat->metadata_size / crypt_stat->extent_size); 1063 (u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
1064 put_unaligned_be32(header_extent_size, virt); 1064 put_unaligned_be32(header_extent_size, virt);
1065 virt += 4; 1065 virt += 4;
1066 put_unaligned_be16(num_header_extents_at_front, virt); 1066 put_unaligned_be16(num_header_extents_at_front, virt);
1067 (*written) = 6; 1067 (*written) = 6;
1068 } 1068 }
1069 1069
1070 struct kmem_cache *ecryptfs_header_cache; 1070 struct kmem_cache *ecryptfs_header_cache;
1071 1071
1072 /** 1072 /**
1073 * ecryptfs_write_headers_virt 1073 * ecryptfs_write_headers_virt
1074 * @page_virt: The virtual address to write the headers to 1074 * @page_virt: The virtual address to write the headers to
1075 * @max: The size of memory allocated at page_virt 1075 * @max: The size of memory allocated at page_virt
1076 * @size: Set to the number of bytes written by this function 1076 * @size: Set to the number of bytes written by this function
1077 * @crypt_stat: The cryptographic context 1077 * @crypt_stat: The cryptographic context
1078 * @ecryptfs_dentry: The eCryptfs dentry 1078 * @ecryptfs_dentry: The eCryptfs dentry
1079 * 1079 *
1080 * Format version: 1 1080 * Format version: 1
1081 * 1081 *
1082 * Header Extent: 1082 * Header Extent:
1083 * Octets 0-7: Unencrypted file size (big-endian) 1083 * Octets 0-7: Unencrypted file size (big-endian)
1084 * Octets 8-15: eCryptfs special marker 1084 * Octets 8-15: eCryptfs special marker
1085 * Octets 16-19: Flags 1085 * Octets 16-19: Flags
1086 * Octet 16: File format version number (between 0 and 255) 1086 * Octet 16: File format version number (between 0 and 255)
1087 * Octets 17-18: Reserved 1087 * Octets 17-18: Reserved
1088 * Octet 19: Bit 1 (lsb): Reserved 1088 * Octet 19: Bit 1 (lsb): Reserved
1089 * Bit 2: Encrypted? 1089 * Bit 2: Encrypted?
1090 * Bits 3-8: Reserved 1090 * Bits 3-8: Reserved
1091 * Octets 20-23: Header extent size (big-endian) 1091 * Octets 20-23: Header extent size (big-endian)
1092 * Octets 24-25: Number of header extents at front of file 1092 * Octets 24-25: Number of header extents at front of file
1093 * (big-endian) 1093 * (big-endian)
1094 * Octet 26: Begin RFC 2440 authentication token packet set 1094 * Octet 26: Begin RFC 2440 authentication token packet set
1095 * Data Extent 0: 1095 * Data Extent 0:
1096 * Lower data (CBC encrypted) 1096 * Lower data (CBC encrypted)
1097 * Data Extent 1: 1097 * Data Extent 1:
1098 * Lower data (CBC encrypted) 1098 * Lower data (CBC encrypted)
1099 * ... 1099 * ...
1100 * 1100 *
1101 * Returns zero on success 1101 * Returns zero on success
1102 */ 1102 */
1103 static int ecryptfs_write_headers_virt(char *page_virt, size_t max, 1103 static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
1104 size_t *size, 1104 size_t *size,
1105 struct ecryptfs_crypt_stat *crypt_stat, 1105 struct ecryptfs_crypt_stat *crypt_stat,
1106 struct dentry *ecryptfs_dentry) 1106 struct dentry *ecryptfs_dentry)
1107 { 1107 {
1108 int rc; 1108 int rc;
1109 size_t written; 1109 size_t written;
1110 size_t offset; 1110 size_t offset;
1111 1111
1112 offset = ECRYPTFS_FILE_SIZE_BYTES; 1112 offset = ECRYPTFS_FILE_SIZE_BYTES;
1113 write_ecryptfs_marker((page_virt + offset), &written); 1113 write_ecryptfs_marker((page_virt + offset), &written);
1114 offset += written; 1114 offset += written;
1115 ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat, 1115 ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
1116 &written); 1116 &written);
1117 offset += written; 1117 offset += written;
1118 ecryptfs_write_header_metadata((page_virt + offset), crypt_stat, 1118 ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
1119 &written); 1119 &written);
1120 offset += written; 1120 offset += written;
1121 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat, 1121 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
1122 ecryptfs_dentry, &written, 1122 ecryptfs_dentry, &written,
1123 max - offset); 1123 max - offset);
1124 if (rc) 1124 if (rc)
1125 ecryptfs_printk(KERN_WARNING, "Error generating key packet " 1125 ecryptfs_printk(KERN_WARNING, "Error generating key packet "
1126 "set; rc = [%d]\n", rc); 1126 "set; rc = [%d]\n", rc);
1127 if (size) { 1127 if (size) {
1128 offset += written; 1128 offset += written;
1129 *size = offset; 1129 *size = offset;
1130 } 1130 }
1131 return rc; 1131 return rc;
1132 } 1132 }
1133 1133
1134 static int 1134 static int
1135 ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode, 1135 ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode,
1136 char *virt, size_t virt_len) 1136 char *virt, size_t virt_len)
1137 { 1137 {
1138 int rc; 1138 int rc;
1139 1139
1140 rc = ecryptfs_write_lower(ecryptfs_inode, virt, 1140 rc = ecryptfs_write_lower(ecryptfs_inode, virt,
1141 0, virt_len); 1141 0, virt_len);
1142 if (rc < 0) 1142 if (rc < 0)
1143 printk(KERN_ERR "%s: Error attempting to write header " 1143 printk(KERN_ERR "%s: Error attempting to write header "
1144 "information to lower file; rc = [%d]\n", __func__, rc); 1144 "information to lower file; rc = [%d]\n", __func__, rc);
1145 else 1145 else
1146 rc = 0; 1146 rc = 0;
1147 return rc; 1147 return rc;
1148 } 1148 }
1149 1149
1150 static int 1150 static int
1151 ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, 1151 ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1152 char *page_virt, size_t size) 1152 char *page_virt, size_t size)
1153 { 1153 {
1154 int rc; 1154 int rc;
1155 1155
1156 rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt, 1156 rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt,
1157 size, 0); 1157 size, 0);
1158 return rc; 1158 return rc;
1159 } 1159 }
1160 1160
1161 static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask, 1161 static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
1162 unsigned int order) 1162 unsigned int order)
1163 { 1163 {
1164 struct page *page; 1164 struct page *page;
1165 1165
1166 page = alloc_pages(gfp_mask | __GFP_ZERO, order); 1166 page = alloc_pages(gfp_mask | __GFP_ZERO, order);
1167 if (page) 1167 if (page)
1168 return (unsigned long) page_address(page); 1168 return (unsigned long) page_address(page);
1169 return 0; 1169 return 0;
1170 } 1170 }
1171 1171
1172 /** 1172 /**
1173 * ecryptfs_write_metadata 1173 * ecryptfs_write_metadata
1174 * @ecryptfs_dentry: The eCryptfs dentry, which should be negative 1174 * @ecryptfs_dentry: The eCryptfs dentry, which should be negative
1175 * @ecryptfs_inode: The newly created eCryptfs inode 1175 * @ecryptfs_inode: The newly created eCryptfs inode
1176 * 1176 *
1177 * Write the file headers out. This will likely involve a userspace 1177 * Write the file headers out. This will likely involve a userspace
1178 * callout, in which the session key is encrypted with one or more 1178 * callout, in which the session key is encrypted with one or more
1179 * public keys and/or the passphrase necessary to do the encryption is 1179 * public keys and/or the passphrase necessary to do the encryption is
1180 * retrieved via a prompt. Exactly what happens at this point should 1180 * retrieved via a prompt. Exactly what happens at this point should
1181 * be policy-dependent. 1181 * be policy-dependent.
1182 * 1182 *
1183 * Returns zero on success; non-zero on error 1183 * Returns zero on success; non-zero on error
1184 */ 1184 */
1185 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, 1185 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
1186 struct inode *ecryptfs_inode) 1186 struct inode *ecryptfs_inode)
1187 { 1187 {
1188 struct ecryptfs_crypt_stat *crypt_stat = 1188 struct ecryptfs_crypt_stat *crypt_stat =
1189 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 1189 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1190 unsigned int order; 1190 unsigned int order;
1191 char *virt; 1191 char *virt;
1192 size_t virt_len; 1192 size_t virt_len;
1193 size_t size = 0; 1193 size_t size = 0;
1194 int rc = 0; 1194 int rc = 0;
1195 1195
1196 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 1196 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
1197 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { 1197 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
1198 printk(KERN_ERR "Key is invalid; bailing out\n"); 1198 printk(KERN_ERR "Key is invalid; bailing out\n");
1199 rc = -EINVAL; 1199 rc = -EINVAL;
1200 goto out; 1200 goto out;
1201 } 1201 }
1202 } else { 1202 } else {
1203 printk(KERN_WARNING "%s: Encrypted flag not set\n", 1203 printk(KERN_WARNING "%s: Encrypted flag not set\n",
1204 __func__); 1204 __func__);
1205 rc = -EINVAL; 1205 rc = -EINVAL;
1206 goto out; 1206 goto out;
1207 } 1207 }
1208 virt_len = crypt_stat->metadata_size; 1208 virt_len = crypt_stat->metadata_size;
1209 order = get_order(virt_len); 1209 order = get_order(virt_len);
1210 /* Released in this function */ 1210 /* Released in this function */
1211 virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order); 1211 virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
1212 if (!virt) { 1212 if (!virt) {
1213 printk(KERN_ERR "%s: Out of memory\n", __func__); 1213 printk(KERN_ERR "%s: Out of memory\n", __func__);
1214 rc = -ENOMEM; 1214 rc = -ENOMEM;
1215 goto out; 1215 goto out;
1216 } 1216 }
1217 /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */ 1217 /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */
1218 rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat, 1218 rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
1219 ecryptfs_dentry); 1219 ecryptfs_dentry);
1220 if (unlikely(rc)) { 1220 if (unlikely(rc)) {
1221 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n", 1221 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
1222 __func__, rc); 1222 __func__, rc);
1223 goto out_free; 1223 goto out_free;
1224 } 1224 }
1225 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 1225 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1226 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt, 1226 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt,
1227 size); 1227 size);
1228 else 1228 else
1229 rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt, 1229 rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt,
1230 virt_len); 1230 virt_len);
1231 if (rc) { 1231 if (rc) {
1232 printk(KERN_ERR "%s: Error writing metadata out to lower file; " 1232 printk(KERN_ERR "%s: Error writing metadata out to lower file; "
1233 "rc = [%d]\n", __func__, rc); 1233 "rc = [%d]\n", __func__, rc);
1234 goto out_free; 1234 goto out_free;
1235 } 1235 }
1236 out_free: 1236 out_free:
1237 free_pages((unsigned long)virt, order); 1237 free_pages((unsigned long)virt, order);
1238 out: 1238 out:
1239 return rc; 1239 return rc;
1240 } 1240 }
1241 1241
1242 #define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0 1242 #define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
1243 #define ECRYPTFS_VALIDATE_HEADER_SIZE 1 1243 #define ECRYPTFS_VALIDATE_HEADER_SIZE 1
1244 static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, 1244 static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
1245 char *virt, int *bytes_read, 1245 char *virt, int *bytes_read,
1246 int validate_header_size) 1246 int validate_header_size)
1247 { 1247 {
1248 int rc = 0; 1248 int rc = 0;
1249 u32 header_extent_size; 1249 u32 header_extent_size;
1250 u16 num_header_extents_at_front; 1250 u16 num_header_extents_at_front;
1251 1251
1252 header_extent_size = get_unaligned_be32(virt); 1252 header_extent_size = get_unaligned_be32(virt);
1253 virt += sizeof(__be32); 1253 virt += sizeof(__be32);
1254 num_header_extents_at_front = get_unaligned_be16(virt); 1254 num_header_extents_at_front = get_unaligned_be16(virt);
1255 crypt_stat->metadata_size = (((size_t)num_header_extents_at_front 1255 crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
1256 * (size_t)header_extent_size)); 1256 * (size_t)header_extent_size));
1257 (*bytes_read) = (sizeof(__be32) + sizeof(__be16)); 1257 (*bytes_read) = (sizeof(__be32) + sizeof(__be16));
1258 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) 1258 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
1259 && (crypt_stat->metadata_size 1259 && (crypt_stat->metadata_size
1260 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { 1260 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
1261 rc = -EINVAL; 1261 rc = -EINVAL;
1262 printk(KERN_WARNING "Invalid header size: [%zd]\n", 1262 printk(KERN_WARNING "Invalid header size: [%zd]\n",
1263 crypt_stat->metadata_size); 1263 crypt_stat->metadata_size);
1264 } 1264 }
1265 return rc; 1265 return rc;
1266 } 1266 }
1267 1267
1268 /** 1268 /**
1269 * set_default_header_data 1269 * set_default_header_data
1270 * @crypt_stat: The cryptographic context 1270 * @crypt_stat: The cryptographic context
1271 * 1271 *
1272 * For version 0 file format; this function is only for backwards 1272 * For version 0 file format; this function is only for backwards
1273 * compatibility for files created with the prior versions of 1273 * compatibility for files created with the prior versions of
1274 * eCryptfs. 1274 * eCryptfs.
1275 */ 1275 */
1276 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) 1276 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
1277 { 1277 {
1278 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 1278 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
1279 } 1279 }
1280 1280
1281 void ecryptfs_i_size_init(const char *page_virt, struct inode *inode) 1281 void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
1282 { 1282 {
1283 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 1283 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1284 struct ecryptfs_crypt_stat *crypt_stat; 1284 struct ecryptfs_crypt_stat *crypt_stat;
1285 u64 file_size; 1285 u64 file_size;
1286 1286
1287 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 1287 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
1288 mount_crypt_stat = 1288 mount_crypt_stat =
1289 &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat; 1289 &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
1290 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 1290 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
1291 file_size = i_size_read(ecryptfs_inode_to_lower(inode)); 1291 file_size = i_size_read(ecryptfs_inode_to_lower(inode));
1292 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 1292 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1293 file_size += crypt_stat->metadata_size; 1293 file_size += crypt_stat->metadata_size;
1294 } else 1294 } else
1295 file_size = get_unaligned_be64(page_virt); 1295 file_size = get_unaligned_be64(page_virt);
1296 i_size_write(inode, (loff_t)file_size); 1296 i_size_write(inode, (loff_t)file_size);
1297 crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED; 1297 crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
1298 } 1298 }
1299 1299
1300 /** 1300 /**
1301 * ecryptfs_read_headers_virt 1301 * ecryptfs_read_headers_virt
1302 * @page_virt: The virtual address into which to read the headers 1302 * @page_virt: The virtual address into which to read the headers
1303 * @crypt_stat: The cryptographic context 1303 * @crypt_stat: The cryptographic context
1304 * @ecryptfs_dentry: The eCryptfs dentry 1304 * @ecryptfs_dentry: The eCryptfs dentry
1305 * @validate_header_size: Whether to validate the header size while reading 1305 * @validate_header_size: Whether to validate the header size while reading
1306 * 1306 *
1307 * Read/parse the header data. The header format is detailed in the 1307 * Read/parse the header data. The header format is detailed in the
1308 * comment block for the ecryptfs_write_headers_virt() function. 1308 * comment block for the ecryptfs_write_headers_virt() function.
1309 * 1309 *
1310 * Returns zero on success 1310 * Returns zero on success
1311 */ 1311 */
1312 static int ecryptfs_read_headers_virt(char *page_virt, 1312 static int ecryptfs_read_headers_virt(char *page_virt,
1313 struct ecryptfs_crypt_stat *crypt_stat, 1313 struct ecryptfs_crypt_stat *crypt_stat,
1314 struct dentry *ecryptfs_dentry, 1314 struct dentry *ecryptfs_dentry,
1315 int validate_header_size) 1315 int validate_header_size)
1316 { 1316 {
1317 int rc = 0; 1317 int rc = 0;
1318 int offset; 1318 int offset;
1319 int bytes_read; 1319 int bytes_read;
1320 1320
1321 ecryptfs_set_default_sizes(crypt_stat); 1321 ecryptfs_set_default_sizes(crypt_stat);
1322 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private( 1322 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
1323 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1323 ecryptfs_dentry->d_sb)->mount_crypt_stat;
1324 offset = ECRYPTFS_FILE_SIZE_BYTES; 1324 offset = ECRYPTFS_FILE_SIZE_BYTES;
1325 rc = ecryptfs_validate_marker(page_virt + offset); 1325 rc = ecryptfs_validate_marker(page_virt + offset);
1326 if (rc) 1326 if (rc)
1327 goto out; 1327 goto out;
1328 if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED)) 1328 if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
1329 ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode); 1329 ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
1330 offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; 1330 offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
1331 rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset), 1331 rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
1332 &bytes_read); 1332 &bytes_read);
1333 if (rc) { 1333 if (rc) {
1334 ecryptfs_printk(KERN_WARNING, "Error processing flags\n"); 1334 ecryptfs_printk(KERN_WARNING, "Error processing flags\n");
1335 goto out; 1335 goto out;
1336 } 1336 }
1337 if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) { 1337 if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
1338 ecryptfs_printk(KERN_WARNING, "File version is [%d]; only " 1338 ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
1339 "file version [%d] is supported by this " 1339 "file version [%d] is supported by this "
1340 "version of eCryptfs\n", 1340 "version of eCryptfs\n",
1341 crypt_stat->file_version, 1341 crypt_stat->file_version,
1342 ECRYPTFS_SUPPORTED_FILE_VERSION); 1342 ECRYPTFS_SUPPORTED_FILE_VERSION);
1343 rc = -EINVAL; 1343 rc = -EINVAL;
1344 goto out; 1344 goto out;
1345 } 1345 }
1346 offset += bytes_read; 1346 offset += bytes_read;
1347 if (crypt_stat->file_version >= 1) { 1347 if (crypt_stat->file_version >= 1) {
1348 rc = parse_header_metadata(crypt_stat, (page_virt + offset), 1348 rc = parse_header_metadata(crypt_stat, (page_virt + offset),
1349 &bytes_read, validate_header_size); 1349 &bytes_read, validate_header_size);
1350 if (rc) { 1350 if (rc) {
1351 ecryptfs_printk(KERN_WARNING, "Error reading header " 1351 ecryptfs_printk(KERN_WARNING, "Error reading header "
1352 "metadata; rc = [%d]\n", rc); 1352 "metadata; rc = [%d]\n", rc);
1353 } 1353 }
1354 offset += bytes_read; 1354 offset += bytes_read;
1355 } else 1355 } else
1356 set_default_header_data(crypt_stat); 1356 set_default_header_data(crypt_stat);
1357 rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset), 1357 rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
1358 ecryptfs_dentry); 1358 ecryptfs_dentry);
1359 out: 1359 out:
1360 return rc; 1360 return rc;
1361 } 1361 }
1362 1362
1363 /** 1363 /**
1364 * ecryptfs_read_xattr_region 1364 * ecryptfs_read_xattr_region
1365 * @page_virt: The vitual address into which to read the xattr data 1365 * @page_virt: The vitual address into which to read the xattr data
1366 * @ecryptfs_inode: The eCryptfs inode 1366 * @ecryptfs_inode: The eCryptfs inode
1367 * 1367 *
1368 * Attempts to read the crypto metadata from the extended attribute 1368 * Attempts to read the crypto metadata from the extended attribute
1369 * region of the lower file. 1369 * region of the lower file.
1370 * 1370 *
1371 * Returns zero on success; non-zero on error 1371 * Returns zero on success; non-zero on error
1372 */ 1372 */
1373 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode) 1373 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
1374 { 1374 {
1375 struct dentry *lower_dentry = 1375 struct dentry *lower_dentry =
1376 ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry; 1376 ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry;
1377 ssize_t size; 1377 ssize_t size;
1378 int rc = 0; 1378 int rc = 0;
1379 1379
1380 size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME, 1380 size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME,
1381 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); 1381 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
1382 if (size < 0) { 1382 if (size < 0) {
1383 if (unlikely(ecryptfs_verbosity > 0)) 1383 if (unlikely(ecryptfs_verbosity > 0))
1384 printk(KERN_INFO "Error attempting to read the [%s] " 1384 printk(KERN_INFO "Error attempting to read the [%s] "
1385 "xattr from the lower file; return value = " 1385 "xattr from the lower file; return value = "
1386 "[%zd]\n", ECRYPTFS_XATTR_NAME, size); 1386 "[%zd]\n", ECRYPTFS_XATTR_NAME, size);
1387 rc = -EINVAL; 1387 rc = -EINVAL;
1388 goto out; 1388 goto out;
1389 } 1389 }
1390 out: 1390 out:
1391 return rc; 1391 return rc;
1392 } 1392 }
1393 1393
1394 int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, 1394 int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
1395 struct inode *inode) 1395 struct inode *inode)
1396 { 1396 {
1397 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES]; 1397 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
1398 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES; 1398 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
1399 int rc; 1399 int rc;
1400 1400
1401 rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), 1401 rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
1402 ECRYPTFS_XATTR_NAME, file_size, 1402 ECRYPTFS_XATTR_NAME, file_size,
1403 ECRYPTFS_SIZE_AND_MARKER_BYTES); 1403 ECRYPTFS_SIZE_AND_MARKER_BYTES);
1404 if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) 1404 if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
1405 return rc >= 0 ? -EINVAL : rc; 1405 return rc >= 0 ? -EINVAL : rc;
1406 rc = ecryptfs_validate_marker(marker); 1406 rc = ecryptfs_validate_marker(marker);
1407 if (!rc) 1407 if (!rc)
1408 ecryptfs_i_size_init(file_size, inode); 1408 ecryptfs_i_size_init(file_size, inode);
1409 return rc; 1409 return rc;
1410 } 1410 }
1411 1411
1412 /** 1412 /**
1413 * ecryptfs_read_metadata 1413 * ecryptfs_read_metadata
1414 * 1414 *
1415 * Common entry point for reading file metadata. From here, we could 1415 * Common entry point for reading file metadata. From here, we could
1416 * retrieve the header information from the header region of the file, 1416 * retrieve the header information from the header region of the file,
1417 * the xattr region of the file, or some other repostory that is 1417 * the xattr region of the file, or some other repostory that is
1418 * stored separately from the file itself. The current implementation 1418 * stored separately from the file itself. The current implementation
1419 * supports retrieving the metadata information from the file contents 1419 * supports retrieving the metadata information from the file contents
1420 * and from the xattr region. 1420 * and from the xattr region.
1421 * 1421 *
1422 * Returns zero if valid headers found and parsed; non-zero otherwise 1422 * Returns zero if valid headers found and parsed; non-zero otherwise
1423 */ 1423 */
1424 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) 1424 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
1425 { 1425 {
1426 int rc; 1426 int rc;
1427 char *page_virt; 1427 char *page_virt;
1428 struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode; 1428 struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
1429 struct ecryptfs_crypt_stat *crypt_stat = 1429 struct ecryptfs_crypt_stat *crypt_stat =
1430 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 1430 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1431 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1431 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1432 &ecryptfs_superblock_to_private( 1432 &ecryptfs_superblock_to_private(
1433 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1433 ecryptfs_dentry->d_sb)->mount_crypt_stat;
1434 1434
1435 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 1435 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
1436 mount_crypt_stat); 1436 mount_crypt_stat);
1437 /* Read the first page from the underlying file */ 1437 /* Read the first page from the underlying file */
1438 page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER); 1438 page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
1439 if (!page_virt) { 1439 if (!page_virt) {
1440 rc = -ENOMEM; 1440 rc = -ENOMEM;
1441 printk(KERN_ERR "%s: Unable to allocate page_virt\n", 1441 printk(KERN_ERR "%s: Unable to allocate page_virt\n",
1442 __func__); 1442 __func__);
1443 goto out; 1443 goto out;
1444 } 1444 }
1445 rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size, 1445 rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
1446 ecryptfs_inode); 1446 ecryptfs_inode);
1447 if (rc >= 0) 1447 if (rc >= 0)
1448 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, 1448 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1449 ecryptfs_dentry, 1449 ecryptfs_dentry,
1450 ECRYPTFS_VALIDATE_HEADER_SIZE); 1450 ECRYPTFS_VALIDATE_HEADER_SIZE);
1451 if (rc) { 1451 if (rc) {
1452 /* metadata is not in the file header, so try xattrs */ 1452 /* metadata is not in the file header, so try xattrs */
1453 memset(page_virt, 0, PAGE_CACHE_SIZE); 1453 memset(page_virt, 0, PAGE_CACHE_SIZE);
1454 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode); 1454 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
1455 if (rc) { 1455 if (rc) {
1456 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1456 printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1457 "file header region or xattr region, inode %lu\n", 1457 "file header region or xattr region, inode %lu\n",
1458 ecryptfs_inode->i_ino); 1458 ecryptfs_inode->i_ino);
1459 rc = -EINVAL; 1459 rc = -EINVAL;
1460 goto out; 1460 goto out;
1461 } 1461 }
1462 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, 1462 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1463 ecryptfs_dentry, 1463 ecryptfs_dentry,
1464 ECRYPTFS_DONT_VALIDATE_HEADER_SIZE); 1464 ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
1465 if (rc) { 1465 if (rc) {
1466 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1466 printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1467 "file xattr region either, inode %lu\n", 1467 "file xattr region either, inode %lu\n",
1468 ecryptfs_inode->i_ino); 1468 ecryptfs_inode->i_ino);
1469 rc = -EINVAL; 1469 rc = -EINVAL;
1470 } 1470 }
1471 if (crypt_stat->mount_crypt_stat->flags 1471 if (crypt_stat->mount_crypt_stat->flags
1472 & ECRYPTFS_XATTR_METADATA_ENABLED) { 1472 & ECRYPTFS_XATTR_METADATA_ENABLED) {
1473 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 1473 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
1474 } else { 1474 } else {
1475 printk(KERN_WARNING "Attempt to access file with " 1475 printk(KERN_WARNING "Attempt to access file with "
1476 "crypto metadata only in the extended attribute " 1476 "crypto metadata only in the extended attribute "
1477 "region, but eCryptfs was mounted without " 1477 "region, but eCryptfs was mounted without "
1478 "xattr support enabled. eCryptfs will not treat " 1478 "xattr support enabled. eCryptfs will not treat "
1479 "this like an encrypted file, inode %lu\n", 1479 "this like an encrypted file, inode %lu\n",
1480 ecryptfs_inode->i_ino); 1480 ecryptfs_inode->i_ino);
1481 rc = -EINVAL; 1481 rc = -EINVAL;
1482 } 1482 }
1483 } 1483 }
1484 out: 1484 out:
1485 if (page_virt) { 1485 if (page_virt) {
1486 memset(page_virt, 0, PAGE_CACHE_SIZE); 1486 memset(page_virt, 0, PAGE_CACHE_SIZE);
1487 kmem_cache_free(ecryptfs_header_cache, page_virt); 1487 kmem_cache_free(ecryptfs_header_cache, page_virt);
1488 } 1488 }
1489 return rc; 1489 return rc;
1490 } 1490 }
1491 1491
1492 /** 1492 /**
1493 * ecryptfs_encrypt_filename - encrypt filename 1493 * ecryptfs_encrypt_filename - encrypt filename
1494 * 1494 *
1495 * CBC-encrypts the filename. We do not want to encrypt the same 1495 * CBC-encrypts the filename. We do not want to encrypt the same
1496 * filename with the same key and IV, which may happen with hard 1496 * filename with the same key and IV, which may happen with hard
1497 * links, so we prepend random bits to each filename. 1497 * links, so we prepend random bits to each filename.
1498 * 1498 *
1499 * Returns zero on success; non-zero otherwise 1499 * Returns zero on success; non-zero otherwise
1500 */ 1500 */
1501 static int 1501 static int
1502 ecryptfs_encrypt_filename(struct ecryptfs_filename *filename, 1502 ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
1503 struct ecryptfs_crypt_stat *crypt_stat, 1503 struct ecryptfs_crypt_stat *crypt_stat,
1504 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 1504 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
1505 { 1505 {
1506 int rc = 0; 1506 int rc = 0;
1507 1507
1508 filename->encrypted_filename = NULL; 1508 filename->encrypted_filename = NULL;
1509 filename->encrypted_filename_size = 0; 1509 filename->encrypted_filename_size = 0;
1510 if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) 1510 if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
1511 || (mount_crypt_stat && (mount_crypt_stat->flags 1511 || (mount_crypt_stat && (mount_crypt_stat->flags
1512 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) { 1512 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
1513 size_t packet_size; 1513 size_t packet_size;
1514 size_t remaining_bytes; 1514 size_t remaining_bytes;
1515 1515
1516 rc = ecryptfs_write_tag_70_packet( 1516 rc = ecryptfs_write_tag_70_packet(
1517 NULL, NULL, 1517 NULL, NULL,
1518 &filename->encrypted_filename_size, 1518 &filename->encrypted_filename_size,
1519 mount_crypt_stat, NULL, 1519 mount_crypt_stat, NULL,
1520 filename->filename_size); 1520 filename->filename_size);
1521 if (rc) { 1521 if (rc) {
1522 printk(KERN_ERR "%s: Error attempting to get packet " 1522 printk(KERN_ERR "%s: Error attempting to get packet "
1523 "size for tag 72; rc = [%d]\n", __func__, 1523 "size for tag 72; rc = [%d]\n", __func__,
1524 rc); 1524 rc);
1525 filename->encrypted_filename_size = 0; 1525 filename->encrypted_filename_size = 0;
1526 goto out; 1526 goto out;
1527 } 1527 }
1528 filename->encrypted_filename = 1528 filename->encrypted_filename =
1529 kmalloc(filename->encrypted_filename_size, GFP_KERNEL); 1529 kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
1530 if (!filename->encrypted_filename) { 1530 if (!filename->encrypted_filename) {
1531 printk(KERN_ERR "%s: Out of memory whilst attempting " 1531 printk(KERN_ERR "%s: Out of memory whilst attempting "
1532 "to kmalloc [%zd] bytes\n", __func__, 1532 "to kmalloc [%zd] bytes\n", __func__,
1533 filename->encrypted_filename_size); 1533 filename->encrypted_filename_size);
1534 rc = -ENOMEM; 1534 rc = -ENOMEM;
1535 goto out; 1535 goto out;
1536 } 1536 }
1537 remaining_bytes = filename->encrypted_filename_size; 1537 remaining_bytes = filename->encrypted_filename_size;
1538 rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename, 1538 rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename,
1539 &remaining_bytes, 1539 &remaining_bytes,
1540 &packet_size, 1540 &packet_size,
1541 mount_crypt_stat, 1541 mount_crypt_stat,
1542 filename->filename, 1542 filename->filename,
1543 filename->filename_size); 1543 filename->filename_size);
1544 if (rc) { 1544 if (rc) {
1545 printk(KERN_ERR "%s: Error attempting to generate " 1545 printk(KERN_ERR "%s: Error attempting to generate "
1546 "tag 70 packet; rc = [%d]\n", __func__, 1546 "tag 70 packet; rc = [%d]\n", __func__,
1547 rc); 1547 rc);
1548 kfree(filename->encrypted_filename); 1548 kfree(filename->encrypted_filename);
1549 filename->encrypted_filename = NULL; 1549 filename->encrypted_filename = NULL;
1550 filename->encrypted_filename_size = 0; 1550 filename->encrypted_filename_size = 0;
1551 goto out; 1551 goto out;
1552 } 1552 }
1553 filename->encrypted_filename_size = packet_size; 1553 filename->encrypted_filename_size = packet_size;
1554 } else { 1554 } else {
1555 printk(KERN_ERR "%s: No support for requested filename " 1555 printk(KERN_ERR "%s: No support for requested filename "
1556 "encryption method in this release\n", __func__); 1556 "encryption method in this release\n", __func__);
1557 rc = -EOPNOTSUPP; 1557 rc = -EOPNOTSUPP;
1558 goto out; 1558 goto out;
1559 } 1559 }
1560 out: 1560 out:
1561 return rc; 1561 return rc;
1562 } 1562 }
1563 1563
1564 static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size, 1564 static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
1565 const char *name, size_t name_size) 1565 const char *name, size_t name_size)
1566 { 1566 {
1567 int rc = 0; 1567 int rc = 0;
1568 1568
1569 (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL); 1569 (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
1570 if (!(*copied_name)) { 1570 if (!(*copied_name)) {
1571 rc = -ENOMEM; 1571 rc = -ENOMEM;
1572 goto out; 1572 goto out;
1573 } 1573 }
1574 memcpy((void *)(*copied_name), (void *)name, name_size); 1574 memcpy((void *)(*copied_name), (void *)name, name_size);
1575 (*copied_name)[(name_size)] = '\0'; /* Only for convenience 1575 (*copied_name)[(name_size)] = '\0'; /* Only for convenience
1576 * in printing out the 1576 * in printing out the
1577 * string in debug 1577 * string in debug
1578 * messages */ 1578 * messages */
1579 (*copied_name_size) = name_size; 1579 (*copied_name_size) = name_size;
1580 out: 1580 out:
1581 return rc; 1581 return rc;
1582 } 1582 }
1583 1583
1584 /** 1584 /**
1585 * ecryptfs_process_key_cipher - Perform key cipher initialization. 1585 * ecryptfs_process_key_cipher - Perform key cipher initialization.
1586 * @key_tfm: Crypto context for key material, set by this function 1586 * @key_tfm: Crypto context for key material, set by this function
1587 * @cipher_name: Name of the cipher 1587 * @cipher_name: Name of the cipher
1588 * @key_size: Size of the key in bytes 1588 * @key_size: Size of the key in bytes
1589 * 1589 *
1590 * Returns zero on success. Any crypto_tfm structs allocated here 1590 * Returns zero on success. Any crypto_tfm structs allocated here
1591 * should be released by other functions, such as on a superblock put 1591 * should be released by other functions, such as on a superblock put
1592 * event, regardless of whether this function succeeds for fails. 1592 * event, regardless of whether this function succeeds for fails.
1593 */ 1593 */
1594 static int 1594 static int
1595 ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, 1595 ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
1596 char *cipher_name, size_t *key_size) 1596 char *cipher_name, size_t *key_size)
1597 { 1597 {
1598 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1598 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1599 char *full_alg_name = NULL; 1599 char *full_alg_name = NULL;
1600 int rc; 1600 int rc;
1601 1601
1602 *key_tfm = NULL; 1602 *key_tfm = NULL;
1603 if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { 1603 if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
1604 rc = -EINVAL; 1604 rc = -EINVAL;
1605 printk(KERN_ERR "Requested key size is [%zd] bytes; maximum " 1605 printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
1606 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); 1606 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1607 goto out; 1607 goto out;
1608 } 1608 }
1609 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name, 1609 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
1610 "ecb"); 1610 "ecb");
1611 if (rc) 1611 if (rc)
1612 goto out; 1612 goto out;
1613 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); 1613 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1614 if (IS_ERR(*key_tfm)) { 1614 if (IS_ERR(*key_tfm)) {
1615 rc = PTR_ERR(*key_tfm); 1615 rc = PTR_ERR(*key_tfm);
1616 printk(KERN_ERR "Unable to allocate crypto cipher with name " 1616 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1617 "[%s]; rc = [%d]\n", full_alg_name, rc); 1617 "[%s]; rc = [%d]\n", full_alg_name, rc);
1618 goto out; 1618 goto out;
1619 } 1619 }
1620 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); 1620 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1621 if (*key_size == 0) { 1621 if (*key_size == 0) {
1622 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); 1622 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm);
1623 1623
1624 *key_size = alg->max_keysize; 1624 *key_size = alg->max_keysize;
1625 } 1625 }
1626 get_random_bytes(dummy_key, *key_size); 1626 get_random_bytes(dummy_key, *key_size);
1627 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); 1627 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
1628 if (rc) { 1628 if (rc) {
1629 printk(KERN_ERR "Error attempting to set key of size [%zd] for " 1629 printk(KERN_ERR "Error attempting to set key of size [%zd] for "
1630 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, 1630 "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
1631 rc); 1631 rc);
1632 rc = -EINVAL; 1632 rc = -EINVAL;
1633 goto out; 1633 goto out;
1634 } 1634 }
1635 out: 1635 out:
1636 kfree(full_alg_name); 1636 kfree(full_alg_name);
1637 return rc; 1637 return rc;
1638 } 1638 }
1639 1639
1640 struct kmem_cache *ecryptfs_key_tfm_cache; 1640 struct kmem_cache *ecryptfs_key_tfm_cache;
1641 static struct list_head key_tfm_list; 1641 static struct list_head key_tfm_list;
1642 struct mutex key_tfm_list_mutex; 1642 struct mutex key_tfm_list_mutex;
1643 1643
1644 int __init ecryptfs_init_crypto(void) 1644 int __init ecryptfs_init_crypto(void)
1645 { 1645 {
1646 mutex_init(&key_tfm_list_mutex); 1646 mutex_init(&key_tfm_list_mutex);
1647 INIT_LIST_HEAD(&key_tfm_list); 1647 INIT_LIST_HEAD(&key_tfm_list);
1648 return 0; 1648 return 0;
1649 } 1649 }
1650 1650
1651 /** 1651 /**
1652 * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list 1652 * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
1653 * 1653 *
1654 * Called only at module unload time 1654 * Called only at module unload time
1655 */ 1655 */
1656 int ecryptfs_destroy_crypto(void) 1656 int ecryptfs_destroy_crypto(void)
1657 { 1657 {
1658 struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp; 1658 struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;
1659 1659
1660 mutex_lock(&key_tfm_list_mutex); 1660 mutex_lock(&key_tfm_list_mutex);
1661 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, 1661 list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
1662 key_tfm_list) { 1662 key_tfm_list) {
1663 list_del(&key_tfm->key_tfm_list); 1663 list_del(&key_tfm->key_tfm_list);
1664 if (key_tfm->key_tfm) 1664 if (key_tfm->key_tfm)
1665 crypto_free_blkcipher(key_tfm->key_tfm); 1665 crypto_free_blkcipher(key_tfm->key_tfm);
1666 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); 1666 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
1667 } 1667 }
1668 mutex_unlock(&key_tfm_list_mutex); 1668 mutex_unlock(&key_tfm_list_mutex);
1669 return 0; 1669 return 0;
1670 } 1670 }
1671 1671
1672 int 1672 int
1673 ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, 1673 ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
1674 size_t key_size) 1674 size_t key_size)
1675 { 1675 {
1676 struct ecryptfs_key_tfm *tmp_tfm; 1676 struct ecryptfs_key_tfm *tmp_tfm;
1677 int rc = 0; 1677 int rc = 0;
1678 1678
1679 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); 1679 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1680 1680
1681 tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL); 1681 tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
1682 if (key_tfm != NULL) 1682 if (key_tfm != NULL)
1683 (*key_tfm) = tmp_tfm; 1683 (*key_tfm) = tmp_tfm;
1684 if (!tmp_tfm) { 1684 if (!tmp_tfm) {
1685 rc = -ENOMEM; 1685 rc = -ENOMEM;
1686 printk(KERN_ERR "Error attempting to allocate from " 1686 printk(KERN_ERR "Error attempting to allocate from "
1687 "ecryptfs_key_tfm_cache\n"); 1687 "ecryptfs_key_tfm_cache\n");
1688 goto out; 1688 goto out;
1689 } 1689 }
1690 mutex_init(&tmp_tfm->key_tfm_mutex); 1690 mutex_init(&tmp_tfm->key_tfm_mutex);
1691 strncpy(tmp_tfm->cipher_name, cipher_name, 1691 strncpy(tmp_tfm->cipher_name, cipher_name,
1692 ECRYPTFS_MAX_CIPHER_NAME_SIZE); 1692 ECRYPTFS_MAX_CIPHER_NAME_SIZE);
1693 tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0'; 1693 tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
1694 tmp_tfm->key_size = key_size; 1694 tmp_tfm->key_size = key_size;
1695 rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm, 1695 rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
1696 tmp_tfm->cipher_name, 1696 tmp_tfm->cipher_name,
1697 &tmp_tfm->key_size); 1697 &tmp_tfm->key_size);
1698 if (rc) { 1698 if (rc) {
1699 printk(KERN_ERR "Error attempting to initialize key TFM " 1699 printk(KERN_ERR "Error attempting to initialize key TFM "
1700 "cipher with name = [%s]; rc = [%d]\n", 1700 "cipher with name = [%s]; rc = [%d]\n",
1701 tmp_tfm->cipher_name, rc); 1701 tmp_tfm->cipher_name, rc);
1702 kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm); 1702 kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
1703 if (key_tfm != NULL) 1703 if (key_tfm != NULL)
1704 (*key_tfm) = NULL; 1704 (*key_tfm) = NULL;
1705 goto out; 1705 goto out;
1706 } 1706 }
1707 list_add(&tmp_tfm->key_tfm_list, &key_tfm_list); 1707 list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
1708 out: 1708 out:
1709 return rc; 1709 return rc;
1710 } 1710 }
1711 1711
1712 /** 1712 /**
1713 * ecryptfs_tfm_exists - Search for existing tfm for cipher_name. 1713 * ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
1714 * @cipher_name: the name of the cipher to search for 1714 * @cipher_name: the name of the cipher to search for
1715 * @key_tfm: set to corresponding tfm if found 1715 * @key_tfm: set to corresponding tfm if found
1716 * 1716 *
1717 * Searches for cached key_tfm matching @cipher_name 1717 * Searches for cached key_tfm matching @cipher_name
1718 * Must be called with &key_tfm_list_mutex held 1718 * Must be called with &key_tfm_list_mutex held
1719 * Returns 1 if found, with @key_tfm set 1719 * Returns 1 if found, with @key_tfm set
1720 * Returns 0 if not found, with @key_tfm set to NULL 1720 * Returns 0 if not found, with @key_tfm set to NULL
1721 */ 1721 */
1722 int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm) 1722 int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
1723 { 1723 {
1724 struct ecryptfs_key_tfm *tmp_key_tfm; 1724 struct ecryptfs_key_tfm *tmp_key_tfm;
1725 1725
1726 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); 1726 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1727 1727
1728 list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) { 1728 list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
1729 if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) { 1729 if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
1730 if (key_tfm) 1730 if (key_tfm)
1731 (*key_tfm) = tmp_key_tfm; 1731 (*key_tfm) = tmp_key_tfm;
1732 return 1; 1732 return 1;
1733 } 1733 }
1734 } 1734 }
1735 if (key_tfm) 1735 if (key_tfm)
1736 (*key_tfm) = NULL; 1736 (*key_tfm) = NULL;
1737 return 0; 1737 return 0;
1738 } 1738 }
1739 1739
1740 /** 1740 /**
1741 * ecryptfs_get_tfm_and_mutex_for_cipher_name 1741 * ecryptfs_get_tfm_and_mutex_for_cipher_name
1742 * 1742 *
1743 * @tfm: set to cached tfm found, or new tfm created 1743 * @tfm: set to cached tfm found, or new tfm created
1744 * @tfm_mutex: set to mutex for cached tfm found, or new tfm created 1744 * @tfm_mutex: set to mutex for cached tfm found, or new tfm created
1745 * @cipher_name: the name of the cipher to search for and/or add 1745 * @cipher_name: the name of the cipher to search for and/or add
1746 * 1746 *
1747 * Sets pointers to @tfm & @tfm_mutex matching @cipher_name. 1747 * Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
1748 * Searches for cached item first, and creates new if not found. 1748 * Searches for cached item first, and creates new if not found.
1749 * Returns 0 on success, non-zero if adding new cipher failed 1749 * Returns 0 on success, non-zero if adding new cipher failed
1750 */ 1750 */
1751 int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, 1751 int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
1752 struct mutex **tfm_mutex, 1752 struct mutex **tfm_mutex,
1753 char *cipher_name) 1753 char *cipher_name)
1754 { 1754 {
1755 struct ecryptfs_key_tfm *key_tfm; 1755 struct ecryptfs_key_tfm *key_tfm;
1756 int rc = 0; 1756 int rc = 0;
1757 1757
1758 (*tfm) = NULL; 1758 (*tfm) = NULL;
1759 (*tfm_mutex) = NULL; 1759 (*tfm_mutex) = NULL;
1760 1760
1761 mutex_lock(&key_tfm_list_mutex); 1761 mutex_lock(&key_tfm_list_mutex);
1762 if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) { 1762 if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
1763 rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0); 1763 rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
1764 if (rc) { 1764 if (rc) {
1765 printk(KERN_ERR "Error adding new key_tfm to list; " 1765 printk(KERN_ERR "Error adding new key_tfm to list; "
1766 "rc = [%d]\n", rc); 1766 "rc = [%d]\n", rc);
1767 goto out; 1767 goto out;
1768 } 1768 }
1769 } 1769 }
1770 (*tfm) = key_tfm->key_tfm; 1770 (*tfm) = key_tfm->key_tfm;
1771 (*tfm_mutex) = &key_tfm->key_tfm_mutex; 1771 (*tfm_mutex) = &key_tfm->key_tfm_mutex;
1772 out: 1772 out:
1773 mutex_unlock(&key_tfm_list_mutex); 1773 mutex_unlock(&key_tfm_list_mutex);
1774 return rc; 1774 return rc;
1775 } 1775 }
1776 1776
1777 /* 64 characters forming a 6-bit target field */ 1777 /* 64 characters forming a 6-bit target field */
1778 static unsigned char *portable_filename_chars = ("-.0123456789ABCD" 1778 static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
1779 "EFGHIJKLMNOPQRST" 1779 "EFGHIJKLMNOPQRST"
1780 "UVWXYZabcdefghij" 1780 "UVWXYZabcdefghij"
1781 "klmnopqrstuvwxyz"); 1781 "klmnopqrstuvwxyz");
1782 1782
1783 /* We could either offset on every reverse map or just pad some 0x00's 1783 /* We could either offset on every reverse map or just pad some 0x00's
1784 * at the front here */ 1784 * at the front here */
1785 static const unsigned char filename_rev_map[256] = { 1785 static const unsigned char filename_rev_map[256] = {
1786 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */ 1786 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
1787 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */ 1787 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
1788 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */ 1788 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
1789 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */ 1789 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
1790 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */ 1790 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
1791 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */ 1791 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
1792 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */ 1792 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
1793 0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */ 1793 0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
1794 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */ 1794 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
1795 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */ 1795 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
1796 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */ 1796 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
1797 0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */ 1797 0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
1798 0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */ 1798 0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
1799 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */ 1799 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
1800 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */ 1800 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
1801 0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */ 1801 0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */
1802 }; 1802 };
1803 1803
1804 /** 1804 /**
1805 * ecryptfs_encode_for_filename 1805 * ecryptfs_encode_for_filename
1806 * @dst: Destination location for encoded filename 1806 * @dst: Destination location for encoded filename
1807 * @dst_size: Size of the encoded filename in bytes 1807 * @dst_size: Size of the encoded filename in bytes
1808 * @src: Source location for the filename to encode 1808 * @src: Source location for the filename to encode
1809 * @src_size: Size of the source in bytes 1809 * @src_size: Size of the source in bytes
1810 */ 1810 */
1811 static void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size, 1811 static void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size,
1812 unsigned char *src, size_t src_size) 1812 unsigned char *src, size_t src_size)
1813 { 1813 {
1814 size_t num_blocks; 1814 size_t num_blocks;
1815 size_t block_num = 0; 1815 size_t block_num = 0;
1816 size_t dst_offset = 0; 1816 size_t dst_offset = 0;
1817 unsigned char last_block[3]; 1817 unsigned char last_block[3];
1818 1818
1819 if (src_size == 0) { 1819 if (src_size == 0) {
1820 (*dst_size) = 0; 1820 (*dst_size) = 0;
1821 goto out; 1821 goto out;
1822 } 1822 }
1823 num_blocks = (src_size / 3); 1823 num_blocks = (src_size / 3);
1824 if ((src_size % 3) == 0) { 1824 if ((src_size % 3) == 0) {
1825 memcpy(last_block, (&src[src_size - 3]), 3); 1825 memcpy(last_block, (&src[src_size - 3]), 3);
1826 } else { 1826 } else {
1827 num_blocks++; 1827 num_blocks++;
1828 last_block[2] = 0x00; 1828 last_block[2] = 0x00;
1829 switch (src_size % 3) { 1829 switch (src_size % 3) {
1830 case 1: 1830 case 1:
1831 last_block[0] = src[src_size - 1]; 1831 last_block[0] = src[src_size - 1];
1832 last_block[1] = 0x00; 1832 last_block[1] = 0x00;
1833 break; 1833 break;
1834 case 2: 1834 case 2:
1835 last_block[0] = src[src_size - 2]; 1835 last_block[0] = src[src_size - 2];
1836 last_block[1] = src[src_size - 1]; 1836 last_block[1] = src[src_size - 1];
1837 } 1837 }
1838 } 1838 }
1839 (*dst_size) = (num_blocks * 4); 1839 (*dst_size) = (num_blocks * 4);
1840 if (!dst) 1840 if (!dst)
1841 goto out; 1841 goto out;
1842 while (block_num < num_blocks) { 1842 while (block_num < num_blocks) {
1843 unsigned char *src_block; 1843 unsigned char *src_block;
1844 unsigned char dst_block[4]; 1844 unsigned char dst_block[4];
1845 1845
1846 if (block_num == (num_blocks - 1)) 1846 if (block_num == (num_blocks - 1))
1847 src_block = last_block; 1847 src_block = last_block;
1848 else 1848 else
1849 src_block = &src[block_num * 3]; 1849 src_block = &src[block_num * 3];
1850 dst_block[0] = ((src_block[0] >> 2) & 0x3F); 1850 dst_block[0] = ((src_block[0] >> 2) & 0x3F);
1851 dst_block[1] = (((src_block[0] << 4) & 0x30) 1851 dst_block[1] = (((src_block[0] << 4) & 0x30)
1852 | ((src_block[1] >> 4) & 0x0F)); 1852 | ((src_block[1] >> 4) & 0x0F));
1853 dst_block[2] = (((src_block[1] << 2) & 0x3C) 1853 dst_block[2] = (((src_block[1] << 2) & 0x3C)
1854 | ((src_block[2] >> 6) & 0x03)); 1854 | ((src_block[2] >> 6) & 0x03));
1855 dst_block[3] = (src_block[2] & 0x3F); 1855 dst_block[3] = (src_block[2] & 0x3F);
1856 dst[dst_offset++] = portable_filename_chars[dst_block[0]]; 1856 dst[dst_offset++] = portable_filename_chars[dst_block[0]];
1857 dst[dst_offset++] = portable_filename_chars[dst_block[1]]; 1857 dst[dst_offset++] = portable_filename_chars[dst_block[1]];
1858 dst[dst_offset++] = portable_filename_chars[dst_block[2]]; 1858 dst[dst_offset++] = portable_filename_chars[dst_block[2]];
1859 dst[dst_offset++] = portable_filename_chars[dst_block[3]]; 1859 dst[dst_offset++] = portable_filename_chars[dst_block[3]];
1860 block_num++; 1860 block_num++;
1861 } 1861 }
1862 out: 1862 out:
1863 return; 1863 return;
1864 } 1864 }
1865 1865
1866 static size_t ecryptfs_max_decoded_size(size_t encoded_size) 1866 static size_t ecryptfs_max_decoded_size(size_t encoded_size)
1867 { 1867 {
1868 /* Not exact; conservatively long. Every block of 4 1868 /* Not exact; conservatively long. Every block of 4
1869 * encoded characters decodes into a block of 3 1869 * encoded characters decodes into a block of 3
1870 * decoded characters. This segment of code provides 1870 * decoded characters. This segment of code provides
1871 * the caller with the maximum amount of allocated 1871 * the caller with the maximum amount of allocated
1872 * space that @dst will need to point to in a 1872 * space that @dst will need to point to in a
1873 * subsequent call. */ 1873 * subsequent call. */
1874 return ((encoded_size + 1) * 3) / 4; 1874 return ((encoded_size + 1) * 3) / 4;
1875 } 1875 }
1876 1876
1877 /** 1877 /**
1878 * ecryptfs_decode_from_filename 1878 * ecryptfs_decode_from_filename
1879 * @dst: If NULL, this function only sets @dst_size and returns. If 1879 * @dst: If NULL, this function only sets @dst_size and returns. If
1880 * non-NULL, this function decodes the encoded octets in @src 1880 * non-NULL, this function decodes the encoded octets in @src
1881 * into the memory that @dst points to. 1881 * into the memory that @dst points to.
1882 * @dst_size: Set to the size of the decoded string. 1882 * @dst_size: Set to the size of the decoded string.
1883 * @src: The encoded set of octets to decode. 1883 * @src: The encoded set of octets to decode.
1884 * @src_size: The size of the encoded set of octets to decode. 1884 * @src_size: The size of the encoded set of octets to decode.
1885 */ 1885 */
1886 static void 1886 static void
1887 ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, 1887 ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
1888 const unsigned char *src, size_t src_size) 1888 const unsigned char *src, size_t src_size)
1889 { 1889 {
1890 u8 current_bit_offset = 0; 1890 u8 current_bit_offset = 0;
1891 size_t src_byte_offset = 0; 1891 size_t src_byte_offset = 0;
1892 size_t dst_byte_offset = 0; 1892 size_t dst_byte_offset = 0;
1893 1893
1894 if (dst == NULL) { 1894 if (dst == NULL) {
1895 (*dst_size) = ecryptfs_max_decoded_size(src_size); 1895 (*dst_size) = ecryptfs_max_decoded_size(src_size);
1896 goto out; 1896 goto out;
1897 } 1897 }
1898 while (src_byte_offset < src_size) { 1898 while (src_byte_offset < src_size) {
1899 unsigned char src_byte = 1899 unsigned char src_byte =
1900 filename_rev_map[(int)src[src_byte_offset]]; 1900 filename_rev_map[(int)src[src_byte_offset]];
1901 1901
1902 switch (current_bit_offset) { 1902 switch (current_bit_offset) {
1903 case 0: 1903 case 0:
1904 dst[dst_byte_offset] = (src_byte << 2); 1904 dst[dst_byte_offset] = (src_byte << 2);
1905 current_bit_offset = 6; 1905 current_bit_offset = 6;
1906 break; 1906 break;
1907 case 6: 1907 case 6:
1908 dst[dst_byte_offset++] |= (src_byte >> 4); 1908 dst[dst_byte_offset++] |= (src_byte >> 4);
1909 dst[dst_byte_offset] = ((src_byte & 0xF) 1909 dst[dst_byte_offset] = ((src_byte & 0xF)
1910 << 4); 1910 << 4);
1911 current_bit_offset = 4; 1911 current_bit_offset = 4;
1912 break; 1912 break;
1913 case 4: 1913 case 4:
1914 dst[dst_byte_offset++] |= (src_byte >> 2); 1914 dst[dst_byte_offset++] |= (src_byte >> 2);
1915 dst[dst_byte_offset] = (src_byte << 6); 1915 dst[dst_byte_offset] = (src_byte << 6);
1916 current_bit_offset = 2; 1916 current_bit_offset = 2;
1917 break; 1917 break;
1918 case 2: 1918 case 2:
1919 dst[dst_byte_offset++] |= (src_byte); 1919 dst[dst_byte_offset++] |= (src_byte);
1920 dst[dst_byte_offset] = 0;
1921 current_bit_offset = 0; 1920 current_bit_offset = 0;
1922 break; 1921 break;
1923 } 1922 }
1924 src_byte_offset++; 1923 src_byte_offset++;
1925 } 1924 }
1926 (*dst_size) = dst_byte_offset; 1925 (*dst_size) = dst_byte_offset;
1927 out: 1926 out:
1928 return; 1927 return;
1929 } 1928 }
1930 1929
1931 /** 1930 /**
1932 * ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text 1931 * ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text
1933 * @crypt_stat: The crypt_stat struct associated with the file anem to encode 1932 * @crypt_stat: The crypt_stat struct associated with the file anem to encode
1934 * @name: The plaintext name 1933 * @name: The plaintext name
1935 * @length: The length of the plaintext 1934 * @length: The length of the plaintext
1936 * @encoded_name: The encypted name 1935 * @encoded_name: The encypted name
1937 * 1936 *
1938 * Encrypts and encodes a filename into something that constitutes a 1937 * Encrypts and encodes a filename into something that constitutes a
1939 * valid filename for a filesystem, with printable characters. 1938 * valid filename for a filesystem, with printable characters.
1940 * 1939 *
1941 * We assume that we have a properly initialized crypto context, 1940 * We assume that we have a properly initialized crypto context,
1942 * pointed to by crypt_stat->tfm. 1941 * pointed to by crypt_stat->tfm.
1943 * 1942 *
1944 * Returns zero on success; non-zero on otherwise 1943 * Returns zero on success; non-zero on otherwise
1945 */ 1944 */
1946 int ecryptfs_encrypt_and_encode_filename( 1945 int ecryptfs_encrypt_and_encode_filename(
1947 char **encoded_name, 1946 char **encoded_name,
1948 size_t *encoded_name_size, 1947 size_t *encoded_name_size,
1949 struct ecryptfs_crypt_stat *crypt_stat, 1948 struct ecryptfs_crypt_stat *crypt_stat,
1950 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 1949 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
1951 const char *name, size_t name_size) 1950 const char *name, size_t name_size)
1952 { 1951 {
1953 size_t encoded_name_no_prefix_size; 1952 size_t encoded_name_no_prefix_size;
1954 int rc = 0; 1953 int rc = 0;
1955 1954
1956 (*encoded_name) = NULL; 1955 (*encoded_name) = NULL;
1957 (*encoded_name_size) = 0; 1956 (*encoded_name_size) = 0;
1958 if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES)) 1957 if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
1959 || (mount_crypt_stat && (mount_crypt_stat->flags 1958 || (mount_crypt_stat && (mount_crypt_stat->flags
1960 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) { 1959 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) {
1961 struct ecryptfs_filename *filename; 1960 struct ecryptfs_filename *filename;
1962 1961
1963 filename = kzalloc(sizeof(*filename), GFP_KERNEL); 1962 filename = kzalloc(sizeof(*filename), GFP_KERNEL);
1964 if (!filename) { 1963 if (!filename) {
1965 printk(KERN_ERR "%s: Out of memory whilst attempting " 1964 printk(KERN_ERR "%s: Out of memory whilst attempting "
1966 "to kzalloc [%zd] bytes\n", __func__, 1965 "to kzalloc [%zd] bytes\n", __func__,
1967 sizeof(*filename)); 1966 sizeof(*filename));
1968 rc = -ENOMEM; 1967 rc = -ENOMEM;
1969 goto out; 1968 goto out;
1970 } 1969 }
1971 filename->filename = (char *)name; 1970 filename->filename = (char *)name;
1972 filename->filename_size = name_size; 1971 filename->filename_size = name_size;
1973 rc = ecryptfs_encrypt_filename(filename, crypt_stat, 1972 rc = ecryptfs_encrypt_filename(filename, crypt_stat,
1974 mount_crypt_stat); 1973 mount_crypt_stat);
1975 if (rc) { 1974 if (rc) {
1976 printk(KERN_ERR "%s: Error attempting to encrypt " 1975 printk(KERN_ERR "%s: Error attempting to encrypt "
1977 "filename; rc = [%d]\n", __func__, rc); 1976 "filename; rc = [%d]\n", __func__, rc);
1978 kfree(filename); 1977 kfree(filename);
1979 goto out; 1978 goto out;
1980 } 1979 }
1981 ecryptfs_encode_for_filename( 1980 ecryptfs_encode_for_filename(
1982 NULL, &encoded_name_no_prefix_size, 1981 NULL, &encoded_name_no_prefix_size,
1983 filename->encrypted_filename, 1982 filename->encrypted_filename,
1984 filename->encrypted_filename_size); 1983 filename->encrypted_filename_size);
1985 if ((crypt_stat && (crypt_stat->flags 1984 if ((crypt_stat && (crypt_stat->flags
1986 & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) 1985 & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
1987 || (mount_crypt_stat 1986 || (mount_crypt_stat
1988 && (mount_crypt_stat->flags 1987 && (mount_crypt_stat->flags
1989 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) 1988 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)))
1990 (*encoded_name_size) = 1989 (*encoded_name_size) =
1991 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1990 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1992 + encoded_name_no_prefix_size); 1991 + encoded_name_no_prefix_size);
1993 else 1992 else
1994 (*encoded_name_size) = 1993 (*encoded_name_size) =
1995 (ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1994 (ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1996 + encoded_name_no_prefix_size); 1995 + encoded_name_no_prefix_size);
1997 (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL); 1996 (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
1998 if (!(*encoded_name)) { 1997 if (!(*encoded_name)) {
1999 printk(KERN_ERR "%s: Out of memory whilst attempting " 1998 printk(KERN_ERR "%s: Out of memory whilst attempting "
2000 "to kzalloc [%zd] bytes\n", __func__, 1999 "to kzalloc [%zd] bytes\n", __func__,
2001 (*encoded_name_size)); 2000 (*encoded_name_size));
2002 rc = -ENOMEM; 2001 rc = -ENOMEM;
2003 kfree(filename->encrypted_filename); 2002 kfree(filename->encrypted_filename);
2004 kfree(filename); 2003 kfree(filename);
2005 goto out; 2004 goto out;
2006 } 2005 }
2007 if ((crypt_stat && (crypt_stat->flags 2006 if ((crypt_stat && (crypt_stat->flags
2008 & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) 2007 & ECRYPTFS_ENCFN_USE_MOUNT_FNEK))
2009 || (mount_crypt_stat 2008 || (mount_crypt_stat
2010 && (mount_crypt_stat->flags 2009 && (mount_crypt_stat->flags
2011 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) { 2010 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) {
2012 memcpy((*encoded_name), 2011 memcpy((*encoded_name),
2013 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, 2012 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
2014 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE); 2013 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
2015 ecryptfs_encode_for_filename( 2014 ecryptfs_encode_for_filename(
2016 ((*encoded_name) 2015 ((*encoded_name)
2017 + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE), 2016 + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE),
2018 &encoded_name_no_prefix_size, 2017 &encoded_name_no_prefix_size,
2019 filename->encrypted_filename, 2018 filename->encrypted_filename,
2020 filename->encrypted_filename_size); 2019 filename->encrypted_filename_size);
2021 (*encoded_name_size) = 2020 (*encoded_name_size) =
2022 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 2021 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
2023 + encoded_name_no_prefix_size); 2022 + encoded_name_no_prefix_size);
2024 (*encoded_name)[(*encoded_name_size)] = '\0'; 2023 (*encoded_name)[(*encoded_name_size)] = '\0';
2025 } else { 2024 } else {
2026 rc = -EOPNOTSUPP; 2025 rc = -EOPNOTSUPP;
2027 } 2026 }
2028 if (rc) { 2027 if (rc) {
2029 printk(KERN_ERR "%s: Error attempting to encode " 2028 printk(KERN_ERR "%s: Error attempting to encode "
2030 "encrypted filename; rc = [%d]\n", __func__, 2029 "encrypted filename; rc = [%d]\n", __func__,
2031 rc); 2030 rc);
2032 kfree((*encoded_name)); 2031 kfree((*encoded_name));
2033 (*encoded_name) = NULL; 2032 (*encoded_name) = NULL;
2034 (*encoded_name_size) = 0; 2033 (*encoded_name_size) = 0;
2035 } 2034 }
2036 kfree(filename->encrypted_filename); 2035 kfree(filename->encrypted_filename);
2037 kfree(filename); 2036 kfree(filename);
2038 } else { 2037 } else {
2039 rc = ecryptfs_copy_filename(encoded_name, 2038 rc = ecryptfs_copy_filename(encoded_name,
2040 encoded_name_size, 2039 encoded_name_size,
2041 name, name_size); 2040 name, name_size);
2042 } 2041 }
2043 out: 2042 out:
2044 return rc; 2043 return rc;
2045 } 2044 }
2046 2045
2047 /** 2046 /**
2048 * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext 2047 * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
2049 * @plaintext_name: The plaintext name 2048 * @plaintext_name: The plaintext name
2050 * @plaintext_name_size: The plaintext name size 2049 * @plaintext_name_size: The plaintext name size
2051 * @ecryptfs_dir_dentry: eCryptfs directory dentry 2050 * @ecryptfs_dir_dentry: eCryptfs directory dentry
2052 * @name: The filename in cipher text 2051 * @name: The filename in cipher text
2053 * @name_size: The cipher text name size 2052 * @name_size: The cipher text name size
2054 * 2053 *
2055 * Decrypts and decodes the filename. 2054 * Decrypts and decodes the filename.
2056 * 2055 *
2057 * Returns zero on error; non-zero otherwise 2056 * Returns zero on error; non-zero otherwise
2058 */ 2057 */
2059 int ecryptfs_decode_and_decrypt_filename(char **plaintext_name, 2058 int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
2060 size_t *plaintext_name_size, 2059 size_t *plaintext_name_size,
2061 struct super_block *sb, 2060 struct super_block *sb,
2062 const char *name, size_t name_size) 2061 const char *name, size_t name_size)
2063 { 2062 {
2064 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 2063 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2065 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat; 2064 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
2066 char *decoded_name; 2065 char *decoded_name;
2067 size_t decoded_name_size; 2066 size_t decoded_name_size;
2068 size_t packet_size; 2067 size_t packet_size;
2069 int rc = 0; 2068 int rc = 0;
2070 2069
2071 if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) 2070 if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
2072 && !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) 2071 && !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
2073 && (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) 2072 && (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
2074 && (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, 2073 && (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
2075 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) { 2074 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) {
2076 const char *orig_name = name; 2075 const char *orig_name = name;
2077 size_t orig_name_size = name_size; 2076 size_t orig_name_size = name_size;
2078 2077
2079 name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 2078 name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2080 name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 2079 name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2081 ecryptfs_decode_from_filename(NULL, &decoded_name_size, 2080 ecryptfs_decode_from_filename(NULL, &decoded_name_size,
2082 name, name_size); 2081 name, name_size);
2083 decoded_name = kmalloc(decoded_name_size, GFP_KERNEL); 2082 decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
2084 if (!decoded_name) { 2083 if (!decoded_name) {
2085 printk(KERN_ERR "%s: Out of memory whilst attempting " 2084 printk(KERN_ERR "%s: Out of memory whilst attempting "
2086 "to kmalloc [%zd] bytes\n", __func__, 2085 "to kmalloc [%zd] bytes\n", __func__,
2087 decoded_name_size); 2086 decoded_name_size);
2088 rc = -ENOMEM; 2087 rc = -ENOMEM;
2089 goto out; 2088 goto out;
2090 } 2089 }
2091 ecryptfs_decode_from_filename(decoded_name, &decoded_name_size, 2090 ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
2092 name, name_size); 2091 name, name_size);
2093 rc = ecryptfs_parse_tag_70_packet(plaintext_name, 2092 rc = ecryptfs_parse_tag_70_packet(plaintext_name,
2094 plaintext_name_size, 2093 plaintext_name_size,
2095 &packet_size, 2094 &packet_size,
2096 mount_crypt_stat, 2095 mount_crypt_stat,
2097 decoded_name, 2096 decoded_name,
2098 decoded_name_size); 2097 decoded_name_size);
2099 if (rc) { 2098 if (rc) {
2100 printk(KERN_INFO "%s: Could not parse tag 70 packet " 2099 printk(KERN_INFO "%s: Could not parse tag 70 packet "
2101 "from filename; copying through filename " 2100 "from filename; copying through filename "
2102 "as-is\n", __func__); 2101 "as-is\n", __func__);
2103 rc = ecryptfs_copy_filename(plaintext_name, 2102 rc = ecryptfs_copy_filename(plaintext_name,
2104 plaintext_name_size, 2103 plaintext_name_size,
2105 orig_name, orig_name_size); 2104 orig_name, orig_name_size);
2106 goto out_free; 2105 goto out_free;
2107 } 2106 }
2108 } else { 2107 } else {
2109 rc = ecryptfs_copy_filename(plaintext_name, 2108 rc = ecryptfs_copy_filename(plaintext_name,
2110 plaintext_name_size, 2109 plaintext_name_size,
2111 name, name_size); 2110 name, name_size);
2112 goto out; 2111 goto out;
2113 } 2112 }
2114 out_free: 2113 out_free:
2115 kfree(decoded_name); 2114 kfree(decoded_name);
2116 out: 2115 out:
2117 return rc; 2116 return rc;
2118 } 2117 }
2119 2118
2120 #define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143 2119 #define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143
2121 2120
2122 int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, 2121 int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2123 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 2122 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
2124 { 2123 {
2125 struct blkcipher_desc desc; 2124 struct blkcipher_desc desc;
2126 struct mutex *tfm_mutex; 2125 struct mutex *tfm_mutex;
2127 size_t cipher_blocksize; 2126 size_t cipher_blocksize;
2128 int rc; 2127 int rc;
2129 2128
2130 if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) { 2129 if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
2131 (*namelen) = lower_namelen; 2130 (*namelen) = lower_namelen;
2132 return 0; 2131 return 0;
2133 } 2132 }
2134 2133
2135 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 2134 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2136 mount_crypt_stat->global_default_fn_cipher_name); 2135 mount_crypt_stat->global_default_fn_cipher_name);
2137 if (unlikely(rc)) { 2136 if (unlikely(rc)) {
2138 (*namelen) = 0; 2137 (*namelen) = 0;
2139 return rc; 2138 return rc;
2140 } 2139 }
2141 2140
2142 mutex_lock(tfm_mutex); 2141 mutex_lock(tfm_mutex);
2143 cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); 2142 cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm);
2144 mutex_unlock(tfm_mutex); 2143 mutex_unlock(tfm_mutex);
2145 2144
2146 /* Return an exact amount for the common cases */ 2145 /* Return an exact amount for the common cases */
2147 if (lower_namelen == NAME_MAX 2146 if (lower_namelen == NAME_MAX
2148 && (cipher_blocksize == 8 || cipher_blocksize == 16)) { 2147 && (cipher_blocksize == 8 || cipher_blocksize == 16)) {
2149 (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16; 2148 (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16;
2150 return 0; 2149 return 0;
2151 } 2150 }
2152 2151
2153 /* Return a safe estimate for the uncommon cases */ 2152 /* Return a safe estimate for the uncommon cases */
2154 (*namelen) = lower_namelen; 2153 (*namelen) = lower_namelen;
2155 (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 2154 (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2156 /* Since this is the max decoded size, subtract 1 "decoded block" len */ 2155 /* Since this is the max decoded size, subtract 1 "decoded block" len */
2157 (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3; 2156 (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3;
2158 (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE; 2157 (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE;
2159 (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES; 2158 (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES;
2160 /* Worst case is that the filename is padded nearly a full block size */ 2159 /* Worst case is that the filename is padded nearly a full block size */
2161 (*namelen) -= cipher_blocksize - 1; 2160 (*namelen) -= cipher_blocksize - 1;
2162 2161
2163 if ((*namelen) < 0) 2162 if ((*namelen) < 0)
2164 (*namelen) = 0; 2163 (*namelen) = 0;
2165 2164
2166 return 0; 2165 return 0;
2167 } 2166 }
2168 2167