~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/fs/ecryptfs/keystore.c

Version: ~ [ linux-5.11 ] ~ [ linux-5.10.17 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.99 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.176 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.221 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.257 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.257 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /**
  2  * eCryptfs: Linux filesystem encryption layer
  3  * In-kernel key management code.  Includes functions to parse and
  4  * write authentication token-related packets with the underlying
  5  * file.
  6  *
  7  * Copyright (C) 2004-2006 International Business Machines Corp.
  8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
  9  *              Michael C. Thompson <mcthomps@us.ibm.com>
 10  *              Trevor S. Highland <trevor.highland@gmail.com>
 11  *
 12  * This program is free software; you can redistribute it and/or
 13  * modify it under the terms of the GNU General Public License as
 14  * published by the Free Software Foundation; either version 2 of the
 15  * License, or (at your option) any later version.
 16  *
 17  * This program is distributed in the hope that it will be useful, but
 18  * WITHOUT ANY WARRANTY; without even the implied warranty of
 19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 20  * General Public License for more details.
 21  *
 22  * You should have received a copy of the GNU General Public License
 23  * along with this program; if not, write to the Free Software
 24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 25  * 02111-1307, USA.
 26  */
 27 
 28 #include <crypto/hash.h>
 29 #include <crypto/skcipher.h>
 30 #include <linux/string.h>
 31 #include <linux/pagemap.h>
 32 #include <linux/key.h>
 33 #include <linux/random.h>
 34 #include <linux/scatterlist.h>
 35 #include <linux/slab.h>
 36 #include "ecryptfs_kernel.h"
 37 
 38 /**
 39  * request_key returned an error instead of a valid key address;
 40  * determine the type of error, make appropriate log entries, and
 41  * return an error code.
 42  */
 43 static int process_request_key_err(long err_code)
 44 {
 45         int rc = 0;
 46 
 47         switch (err_code) {
 48         case -ENOKEY:
 49                 ecryptfs_printk(KERN_WARNING, "No key\n");
 50                 rc = -ENOENT;
 51                 break;
 52         case -EKEYEXPIRED:
 53                 ecryptfs_printk(KERN_WARNING, "Key expired\n");
 54                 rc = -ETIME;
 55                 break;
 56         case -EKEYREVOKED:
 57                 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
 58                 rc = -EINVAL;
 59                 break;
 60         default:
 61                 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
 62                                 "[0x%.16lx]\n", err_code);
 63                 rc = -EINVAL;
 64         }
 65         return rc;
 66 }
 67 
 68 static int process_find_global_auth_tok_for_sig_err(int err_code)
 69 {
 70         int rc = err_code;
 71 
 72         switch (err_code) {
 73         case -ENOENT:
 74                 ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
 75                 break;
 76         case -EINVAL:
 77                 ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
 78                 break;
 79         default:
 80                 rc = process_request_key_err(err_code);
 81                 break;
 82         }
 83         return rc;
 84 }
 85 
 86 /**
 87  * ecryptfs_parse_packet_length
 88  * @data: Pointer to memory containing length at offset
 89  * @size: This function writes the decoded size to this memory
 90  *        address; zero on error
 91  * @length_size: The number of bytes occupied by the encoded length
 92  *
 93  * Returns zero on success; non-zero on error
 94  */
 95 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
 96                                  size_t *length_size)
 97 {
 98         int rc = 0;
 99 
100         (*length_size) = 0;
101         (*size) = 0;
102         if (data[0] < 192) {
103                 /* One-byte length */
104                 (*size) = data[0];
105                 (*length_size) = 1;
106         } else if (data[0] < 224) {
107                 /* Two-byte length */
108                 (*size) = (data[0] - 192) * 256;
109                 (*size) += data[1] + 192;
110                 (*length_size) = 2;
111         } else if (data[0] == 255) {
112                 /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
113                 ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
114                                 "supported\n");
115                 rc = -EINVAL;
116                 goto out;
117         } else {
118                 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
119                 rc = -EINVAL;
120                 goto out;
121         }
122 out:
123         return rc;
124 }
125 
126 /**
127  * ecryptfs_write_packet_length
128  * @dest: The byte array target into which to write the length. Must
129  *        have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated.
130  * @size: The length to write.
131  * @packet_size_length: The number of bytes used to encode the packet
132  *                      length is written to this address.
133  *
134  * Returns zero on success; non-zero on error.
135  */
136 int ecryptfs_write_packet_length(char *dest, size_t size,
137                                  size_t *packet_size_length)
138 {
139         int rc = 0;
140 
141         if (size < 192) {
142                 dest[0] = size;
143                 (*packet_size_length) = 1;
144         } else if (size < 65536) {
145                 dest[0] = (((size - 192) / 256) + 192);
146                 dest[1] = ((size - 192) % 256);
147                 (*packet_size_length) = 2;
148         } else {
149                 /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
150                 rc = -EINVAL;
151                 ecryptfs_printk(KERN_WARNING,
152                                 "Unsupported packet size: [%zd]\n", size);
153         }
154         return rc;
155 }
156 
157 static int
158 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
159                     char **packet, size_t *packet_len)
160 {
161         size_t i = 0;
162         size_t data_len;
163         size_t packet_size_len;
164         char *message;
165         int rc;
166 
167         /*
168          *              ***** TAG 64 Packet Format *****
169          *    | Content Type                       | 1 byte       |
170          *    | Key Identifier Size                | 1 or 2 bytes |
171          *    | Key Identifier                     | arbitrary    |
172          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
173          *    | Encrypted File Encryption Key      | arbitrary    |
174          */
175         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
176                     + session_key->encrypted_key_size);
177         *packet = kmalloc(data_len, GFP_KERNEL);
178         message = *packet;
179         if (!message) {
180                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
181                 rc = -ENOMEM;
182                 goto out;
183         }
184         message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
185         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
186                                           &packet_size_len);
187         if (rc) {
188                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
189                                 "header; cannot generate packet length\n");
190                 goto out;
191         }
192         i += packet_size_len;
193         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
194         i += ECRYPTFS_SIG_SIZE_HEX;
195         rc = ecryptfs_write_packet_length(&message[i],
196                                           session_key->encrypted_key_size,
197                                           &packet_size_len);
198         if (rc) {
199                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
200                                 "header; cannot generate packet length\n");
201                 goto out;
202         }
203         i += packet_size_len;
204         memcpy(&message[i], session_key->encrypted_key,
205                session_key->encrypted_key_size);
206         i += session_key->encrypted_key_size;
207         *packet_len = i;
208 out:
209         return rc;
210 }
211 
212 static int
213 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
214                     struct ecryptfs_message *msg)
215 {
216         size_t i = 0;
217         char *data;
218         size_t data_len;
219         size_t m_size;
220         size_t message_len;
221         u16 checksum = 0;
222         u16 expected_checksum = 0;
223         int rc;
224 
225         /*
226          *              ***** TAG 65 Packet Format *****
227          *         | Content Type             | 1 byte       |
228          *         | Status Indicator         | 1 byte       |
229          *         | File Encryption Key Size | 1 or 2 bytes |
230          *         | File Encryption Key      | arbitrary    |
231          */
232         message_len = msg->data_len;
233         data = msg->data;
234         if (message_len < 4) {
235                 rc = -EIO;
236                 goto out;
237         }
238         if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
239                 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
240                 rc = -EIO;
241                 goto out;
242         }
243         if (data[i++]) {
244                 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
245                                 "[%d]\n", data[i-1]);
246                 rc = -EIO;
247                 goto out;
248         }
249         rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
250         if (rc) {
251                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
252                                 "rc = [%d]\n", rc);
253                 goto out;
254         }
255         i += data_len;
256         if (message_len < (i + m_size)) {
257                 ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
258                                 "is shorter than expected\n");
259                 rc = -EIO;
260                 goto out;
261         }
262         if (m_size < 3) {
263                 ecryptfs_printk(KERN_ERR,
264                                 "The decrypted key is not long enough to "
265                                 "include a cipher code and checksum\n");
266                 rc = -EIO;
267                 goto out;
268         }
269         *cipher_code = data[i++];
270         /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
271         session_key->decrypted_key_size = m_size - 3;
272         if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
273                 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
274                                 "the maximum key size [%d]\n",
275                                 session_key->decrypted_key_size,
276                                 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
277                 rc = -EIO;
278                 goto out;
279         }
280         memcpy(session_key->decrypted_key, &data[i],
281                session_key->decrypted_key_size);
282         i += session_key->decrypted_key_size;
283         expected_checksum += (unsigned char)(data[i++]) << 8;
284         expected_checksum += (unsigned char)(data[i++]);
285         for (i = 0; i < session_key->decrypted_key_size; i++)
286                 checksum += session_key->decrypted_key[i];
287         if (expected_checksum != checksum) {
288                 ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
289                                 "encryption  key; expected [%x]; calculated "
290                                 "[%x]\n", expected_checksum, checksum);
291                 rc = -EIO;
292         }
293 out:
294         return rc;
295 }
296 
297 
298 static int
299 write_tag_66_packet(char *signature, u8 cipher_code,
300                     struct ecryptfs_crypt_stat *crypt_stat, char **packet,
301                     size_t *packet_len)
302 {
303         size_t i = 0;
304         size_t j;
305         size_t data_len;
306         size_t checksum = 0;
307         size_t packet_size_len;
308         char *message;
309         int rc;
310 
311         /*
312          *              ***** TAG 66 Packet Format *****
313          *         | Content Type             | 1 byte       |
314          *         | Key Identifier Size      | 1 or 2 bytes |
315          *         | Key Identifier           | arbitrary    |
316          *         | File Encryption Key Size | 1 or 2 bytes |
317          *         | File Encryption Key      | arbitrary    |
318          */
319         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
320         *packet = kmalloc(data_len, GFP_KERNEL);
321         message = *packet;
322         if (!message) {
323                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
324                 rc = -ENOMEM;
325                 goto out;
326         }
327         message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
328         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
329                                           &packet_size_len);
330         if (rc) {
331                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
332                                 "header; cannot generate packet length\n");
333                 goto out;
334         }
335         i += packet_size_len;
336         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
337         i += ECRYPTFS_SIG_SIZE_HEX;
338         /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
339         rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
340                                           &packet_size_len);
341         if (rc) {
342                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
343                                 "header; cannot generate packet length\n");
344                 goto out;
345         }
346         i += packet_size_len;
347         message[i++] = cipher_code;
348         memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
349         i += crypt_stat->key_size;
350         for (j = 0; j < crypt_stat->key_size; j++)
351                 checksum += crypt_stat->key[j];
352         message[i++] = (checksum / 256) % 256;
353         message[i++] = (checksum % 256);
354         *packet_len = i;
355 out:
356         return rc;
357 }
358 
359 static int
360 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
361                     struct ecryptfs_message *msg)
362 {
363         size_t i = 0;
364         char *data;
365         size_t data_len;
366         size_t message_len;
367         int rc;
368 
369         /*
370          *              ***** TAG 65 Packet Format *****
371          *    | Content Type                       | 1 byte       |
372          *    | Status Indicator                   | 1 byte       |
373          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
374          *    | Encrypted File Encryption Key      | arbitrary    |
375          */
376         message_len = msg->data_len;
377         data = msg->data;
378         /* verify that everything through the encrypted FEK size is present */
379         if (message_len < 4) {
380                 rc = -EIO;
381                 printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
382                        "message length is [%d]\n", __func__, message_len, 4);
383                 goto out;
384         }
385         if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
386                 rc = -EIO;
387                 printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
388                        __func__);
389                 goto out;
390         }
391         if (data[i++]) {
392                 rc = -EIO;
393                 printk(KERN_ERR "%s: Status indicator has non zero "
394                        "value [%d]\n", __func__, data[i-1]);
395 
396                 goto out;
397         }
398         rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
399                                           &data_len);
400         if (rc) {
401                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
402                                 "rc = [%d]\n", rc);
403                 goto out;
404         }
405         i += data_len;
406         if (message_len < (i + key_rec->enc_key_size)) {
407                 rc = -EIO;
408                 printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
409                        __func__, message_len, (i + key_rec->enc_key_size));
410                 goto out;
411         }
412         if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
413                 rc = -EIO;
414                 printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
415                        "the maximum key size [%d]\n", __func__,
416                        key_rec->enc_key_size,
417                        ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
418                 goto out;
419         }
420         memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
421 out:
422         return rc;
423 }
424 
425 /**
426  * ecryptfs_verify_version
427  * @version: The version number to confirm
428  *
429  * Returns zero on good version; non-zero otherwise
430  */
431 static int ecryptfs_verify_version(u16 version)
432 {
433         int rc = 0;
434         unsigned char major;
435         unsigned char minor;
436 
437         major = ((version >> 8) & 0xFF);
438         minor = (version & 0xFF);
439         if (major != ECRYPTFS_VERSION_MAJOR) {
440                 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
441                                 "Expected [%d]; got [%d]\n",
442                                 ECRYPTFS_VERSION_MAJOR, major);
443                 rc = -EINVAL;
444                 goto out;
445         }
446         if (minor != ECRYPTFS_VERSION_MINOR) {
447                 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
448                                 "Expected [%d]; got [%d]\n",
449                                 ECRYPTFS_VERSION_MINOR, minor);
450                 rc = -EINVAL;
451                 goto out;
452         }
453 out:
454         return rc;
455 }
456 
457 /**
458  * ecryptfs_verify_auth_tok_from_key
459  * @auth_tok_key: key containing the authentication token
460  * @auth_tok: authentication token
461  *
462  * Returns zero on valid auth tok; -EINVAL if the payload is invalid; or
463  * -EKEYREVOKED if the key was revoked before we acquired its semaphore.
464  */
465 static int
466 ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
467                                   struct ecryptfs_auth_tok **auth_tok)
468 {
469         int rc = 0;
470 
471         (*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
472         if (IS_ERR(*auth_tok)) {
473                 rc = PTR_ERR(*auth_tok);
474                 *auth_tok = NULL;
475                 goto out;
476         }
477 
478         if (ecryptfs_verify_version((*auth_tok)->version)) {
479                 printk(KERN_ERR "Data structure version mismatch. Userspace "
480                        "tools must match eCryptfs kernel module with major "
481                        "version [%d] and minor version [%d]\n",
482                        ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
483                 rc = -EINVAL;
484                 goto out;
485         }
486         if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
487             && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
488                 printk(KERN_ERR "Invalid auth_tok structure "
489                        "returned from key query\n");
490                 rc = -EINVAL;
491                 goto out;
492         }
493 out:
494         return rc;
495 }
496 
497 static int
498 ecryptfs_find_global_auth_tok_for_sig(
499         struct key **auth_tok_key,
500         struct ecryptfs_auth_tok **auth_tok,
501         struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
502 {
503         struct ecryptfs_global_auth_tok *walker;
504         int rc = 0;
505 
506         (*auth_tok_key) = NULL;
507         (*auth_tok) = NULL;
508         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
509         list_for_each_entry(walker,
510                             &mount_crypt_stat->global_auth_tok_list,
511                             mount_crypt_stat_list) {
512                 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
513                         continue;
514 
515                 if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
516                         rc = -EINVAL;
517                         goto out;
518                 }
519 
520                 rc = key_validate(walker->global_auth_tok_key);
521                 if (rc) {
522                         if (rc == -EKEYEXPIRED)
523                                 goto out;
524                         goto out_invalid_auth_tok;
525                 }
526 
527                 down_write(&(walker->global_auth_tok_key->sem));
528                 rc = ecryptfs_verify_auth_tok_from_key(
529                                 walker->global_auth_tok_key, auth_tok);
530                 if (rc)
531                         goto out_invalid_auth_tok_unlock;
532 
533                 (*auth_tok_key) = walker->global_auth_tok_key;
534                 key_get(*auth_tok_key);
535                 goto out;
536         }
537         rc = -ENOENT;
538         goto out;
539 out_invalid_auth_tok_unlock:
540         up_write(&(walker->global_auth_tok_key->sem));
541 out_invalid_auth_tok:
542         printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
543         walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
544         key_put(walker->global_auth_tok_key);
545         walker->global_auth_tok_key = NULL;
546 out:
547         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
548         return rc;
549 }
550 
551 /**
552  * ecryptfs_find_auth_tok_for_sig
553  * @auth_tok: Set to the matching auth_tok; NULL if not found
554  * @crypt_stat: inode crypt_stat crypto context
555  * @sig: Sig of auth_tok to find
556  *
557  * For now, this function simply looks at the registered auth_tok's
558  * linked off the mount_crypt_stat, so all the auth_toks that can be
559  * used must be registered at mount time. This function could
560  * potentially try a lot harder to find auth_tok's (e.g., by calling
561  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
562  * that static registration of auth_tok's will no longer be necessary.
563  *
564  * Returns zero on no error; non-zero on error
565  */
566 static int
567 ecryptfs_find_auth_tok_for_sig(
568         struct key **auth_tok_key,
569         struct ecryptfs_auth_tok **auth_tok,
570         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
571         char *sig)
572 {
573         int rc = 0;
574 
575         rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
576                                                    mount_crypt_stat, sig);
577         if (rc == -ENOENT) {
578                 /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
579                  * mount_crypt_stat structure, we prevent to use auth toks that
580                  * are not inserted through the ecryptfs_add_global_auth_tok
581                  * function.
582                  */
583                 if (mount_crypt_stat->flags
584                                 & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
585                         return -EINVAL;
586 
587                 rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
588                                                        sig);
589         }
590         return rc;
591 }
592 
593 /**
594  * write_tag_70_packet can gobble a lot of stack space. We stuff most
595  * of the function's parameters in a kmalloc'd struct to help reduce
596  * eCryptfs' overall stack usage.
597  */
598 struct ecryptfs_write_tag_70_packet_silly_stack {
599         u8 cipher_code;
600         size_t max_packet_size;
601         size_t packet_size_len;
602         size_t block_aligned_filename_size;
603         size_t block_size;
604         size_t i;
605         size_t j;
606         size_t num_rand_bytes;
607         struct mutex *tfm_mutex;
608         char *block_aligned_filename;
609         struct ecryptfs_auth_tok *auth_tok;
610         struct scatterlist src_sg[2];
611         struct scatterlist dst_sg[2];
612         struct crypto_skcipher *skcipher_tfm;
613         struct skcipher_request *skcipher_req;
614         char iv[ECRYPTFS_MAX_IV_BYTES];
615         char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
616         char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
617         struct crypto_shash *hash_tfm;
618         struct shash_desc *hash_desc;
619 };
620 
621 /**
622  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
623  * @filename: NULL-terminated filename string
624  *
625  * This is the simplest mechanism for achieving filename encryption in
626  * eCryptfs. It encrypts the given filename with the mount-wide
627  * filename encryption key (FNEK) and stores it in a packet to @dest,
628  * which the callee will encode and write directly into the dentry
629  * name.
630  */
631 int
632 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
633                              size_t *packet_size,
634                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
635                              char *filename, size_t filename_size)
636 {
637         struct ecryptfs_write_tag_70_packet_silly_stack *s;
638         struct key *auth_tok_key = NULL;
639         int rc = 0;
640 
641         s = kzalloc(sizeof(*s), GFP_KERNEL);
642         if (!s)
643                 return -ENOMEM;
644 
645         (*packet_size) = 0;
646         rc = ecryptfs_find_auth_tok_for_sig(
647                 &auth_tok_key,
648                 &s->auth_tok, mount_crypt_stat,
649                 mount_crypt_stat->global_default_fnek_sig);
650         if (rc) {
651                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
652                        "fnek sig [%s]; rc = [%d]\n", __func__,
653                        mount_crypt_stat->global_default_fnek_sig, rc);
654                 goto out;
655         }
656         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
657                 &s->skcipher_tfm,
658                 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
659         if (unlikely(rc)) {
660                 printk(KERN_ERR "Internal error whilst attempting to get "
661                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
662                        mount_crypt_stat->global_default_fn_cipher_name, rc);
663                 goto out;
664         }
665         mutex_lock(s->tfm_mutex);
666         s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm);
667         /* Plus one for the \0 separator between the random prefix
668          * and the plaintext filename */
669         s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
670         s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
671         if ((s->block_aligned_filename_size % s->block_size) != 0) {
672                 s->num_rand_bytes += (s->block_size
673                                       - (s->block_aligned_filename_size
674                                          % s->block_size));
675                 s->block_aligned_filename_size = (s->num_rand_bytes
676                                                   + filename_size);
677         }
678         /* Octet 0: Tag 70 identifier
679          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
680          *              and block-aligned encrypted filename size)
681          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
682          * Octet N2-N3: Cipher identifier (1 octet)
683          * Octets N3-N4: Block-aligned encrypted filename
684          *  - Consists of a minimum number of random characters, a \0
685          *    separator, and then the filename */
686         s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE
687                               + s->block_aligned_filename_size);
688         if (!dest) {
689                 (*packet_size) = s->max_packet_size;
690                 goto out_unlock;
691         }
692         if (s->max_packet_size > (*remaining_bytes)) {
693                 printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
694                        "[%zd] available\n", __func__, s->max_packet_size,
695                        (*remaining_bytes));
696                 rc = -EINVAL;
697                 goto out_unlock;
698         }
699 
700         s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
701         if (!s->skcipher_req) {
702                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
703                        "skcipher_request_alloc for %s\n", __func__,
704                        crypto_skcipher_driver_name(s->skcipher_tfm));
705                 rc = -ENOMEM;
706                 goto out_unlock;
707         }
708 
709         skcipher_request_set_callback(s->skcipher_req,
710                                       CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
711 
712         s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
713                                             GFP_KERNEL);
714         if (!s->block_aligned_filename) {
715                 rc = -ENOMEM;
716                 goto out_unlock;
717         }
718         dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
719         rc = ecryptfs_write_packet_length(&dest[s->i],
720                                           (ECRYPTFS_SIG_SIZE
721                                            + 1 /* Cipher code */
722                                            + s->block_aligned_filename_size),
723                                           &s->packet_size_len);
724         if (rc) {
725                 printk(KERN_ERR "%s: Error generating tag 70 packet "
726                        "header; cannot generate packet length; rc = [%d]\n",
727                        __func__, rc);
728                 goto out_free_unlock;
729         }
730         s->i += s->packet_size_len;
731         ecryptfs_from_hex(&dest[s->i],
732                           mount_crypt_stat->global_default_fnek_sig,
733                           ECRYPTFS_SIG_SIZE);
734         s->i += ECRYPTFS_SIG_SIZE;
735         s->cipher_code = ecryptfs_code_for_cipher_string(
736                 mount_crypt_stat->global_default_fn_cipher_name,
737                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
738         if (s->cipher_code == 0) {
739                 printk(KERN_WARNING "%s: Unable to generate code for "
740                        "cipher [%s] with key bytes [%zd]\n", __func__,
741                        mount_crypt_stat->global_default_fn_cipher_name,
742                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
743                 rc = -EINVAL;
744                 goto out_free_unlock;
745         }
746         dest[s->i++] = s->cipher_code;
747         /* TODO: Support other key modules than passphrase for
748          * filename encryption */
749         if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
750                 rc = -EOPNOTSUPP;
751                 printk(KERN_INFO "%s: Filename encryption only supports "
752                        "password tokens\n", __func__);
753                 goto out_free_unlock;
754         }
755         s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0);
756         if (IS_ERR(s->hash_tfm)) {
757                         rc = PTR_ERR(s->hash_tfm);
758                         printk(KERN_ERR "%s: Error attempting to "
759                                "allocate hash crypto context; rc = [%d]\n",
760                                __func__, rc);
761                         goto out_free_unlock;
762         }
763 
764         s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
765                                crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
766         if (!s->hash_desc) {
767                 rc = -ENOMEM;
768                 goto out_release_free_unlock;
769         }
770 
771         s->hash_desc->tfm = s->hash_tfm;
772         s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
773 
774         rc = crypto_shash_digest(s->hash_desc,
775                                  (u8 *)s->auth_tok->token.password.session_key_encryption_key,
776                                  s->auth_tok->token.password.session_key_encryption_key_bytes,
777                                  s->hash);
778         if (rc) {
779                 printk(KERN_ERR
780                        "%s: Error computing crypto hash; rc = [%d]\n",
781                        __func__, rc);
782                 goto out_release_free_unlock;
783         }
784         for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
785                 s->block_aligned_filename[s->j] =
786                         s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
787                 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
788                     == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
789                         rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash,
790                                                 ECRYPTFS_TAG_70_DIGEST_SIZE,
791                                                 s->tmp_hash);
792                         if (rc) {
793                                 printk(KERN_ERR
794                                        "%s: Error computing crypto hash; "
795                                        "rc = [%d]\n", __func__, rc);
796                                 goto out_release_free_unlock;
797                         }
798                         memcpy(s->hash, s->tmp_hash,
799                                ECRYPTFS_TAG_70_DIGEST_SIZE);
800                 }
801                 if (s->block_aligned_filename[s->j] == '\0')
802                         s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
803         }
804         memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
805                filename_size);
806         rc = virt_to_scatterlist(s->block_aligned_filename,
807                                  s->block_aligned_filename_size, s->src_sg, 2);
808         if (rc < 1) {
809                 printk(KERN_ERR "%s: Internal error whilst attempting to "
810                        "convert filename memory to scatterlist; rc = [%d]. "
811                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
812                        s->block_aligned_filename_size);
813                 goto out_release_free_unlock;
814         }
815         rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
816                                  s->dst_sg, 2);
817         if (rc < 1) {
818                 printk(KERN_ERR "%s: Internal error whilst attempting to "
819                        "convert encrypted filename memory to scatterlist; "
820                        "rc = [%d]. block_aligned_filename_size = [%zd]\n",
821                        __func__, rc, s->block_aligned_filename_size);
822                 goto out_release_free_unlock;
823         }
824         /* The characters in the first block effectively do the job
825          * of the IV here, so we just use 0's for the IV. Note the
826          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
827          * >= ECRYPTFS_MAX_IV_BYTES. */
828         rc = crypto_skcipher_setkey(
829                 s->skcipher_tfm,
830                 s->auth_tok->token.password.session_key_encryption_key,
831                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
832         if (rc < 0) {
833                 printk(KERN_ERR "%s: Error setting key for crypto context; "
834                        "rc = [%d]. s->auth_tok->token.password.session_key_"
835                        "encryption_key = [0x%p]; mount_crypt_stat->"
836                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
837                        rc,
838                        s->auth_tok->token.password.session_key_encryption_key,
839                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
840                 goto out_release_free_unlock;
841         }
842         skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
843                                    s->block_aligned_filename_size, s->iv);
844         rc = crypto_skcipher_encrypt(s->skcipher_req);
845         if (rc) {
846                 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
847                        "rc = [%d]\n", __func__, rc);
848                 goto out_release_free_unlock;
849         }
850         s->i += s->block_aligned_filename_size;
851         (*packet_size) = s->i;
852         (*remaining_bytes) -= (*packet_size);
853 out_release_free_unlock:
854         crypto_free_shash(s->hash_tfm);
855 out_free_unlock:
856         kzfree(s->block_aligned_filename);
857 out_unlock:
858         mutex_unlock(s->tfm_mutex);
859 out:
860         if (auth_tok_key) {
861                 up_write(&(auth_tok_key->sem));
862                 key_put(auth_tok_key);
863         }
864         skcipher_request_free(s->skcipher_req);
865         kzfree(s->hash_desc);
866         kfree(s);
867         return rc;
868 }
869 
870 struct ecryptfs_parse_tag_70_packet_silly_stack {
871         u8 cipher_code;
872         size_t max_packet_size;
873         size_t packet_size_len;
874         size_t parsed_tag_70_packet_size;
875         size_t block_aligned_filename_size;
876         size_t block_size;
877         size_t i;
878         struct mutex *tfm_mutex;
879         char *decrypted_filename;
880         struct ecryptfs_auth_tok *auth_tok;
881         struct scatterlist src_sg[2];
882         struct scatterlist dst_sg[2];
883         struct crypto_skcipher *skcipher_tfm;
884         struct skcipher_request *skcipher_req;
885         char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
886         char iv[ECRYPTFS_MAX_IV_BYTES];
887         char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
888 };
889 
890 /**
891  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
892  * @filename: This function kmalloc's the memory for the filename
893  * @filename_size: This function sets this to the amount of memory
894  *                 kmalloc'd for the filename
895  * @packet_size: This function sets this to the the number of octets
896  *               in the packet parsed
897  * @mount_crypt_stat: The mount-wide cryptographic context
898  * @data: The memory location containing the start of the tag 70
899  *        packet
900  * @max_packet_size: The maximum legal size of the packet to be parsed
901  *                   from @data
902  *
903  * Returns zero on success; non-zero otherwise
904  */
905 int
906 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
907                              size_t *packet_size,
908                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
909                              char *data, size_t max_packet_size)
910 {
911         struct ecryptfs_parse_tag_70_packet_silly_stack *s;
912         struct key *auth_tok_key = NULL;
913         int rc = 0;
914 
915         (*packet_size) = 0;
916         (*filename_size) = 0;
917         (*filename) = NULL;
918         s = kzalloc(sizeof(*s), GFP_KERNEL);
919         if (!s)
920                 return -ENOMEM;
921 
922         if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
923                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
924                        "at least [%d]\n", __func__, max_packet_size,
925                        ECRYPTFS_TAG_70_MIN_METADATA_SIZE);
926                 rc = -EINVAL;
927                 goto out;
928         }
929         /* Octet 0: Tag 70 identifier
930          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
931          *              and block-aligned encrypted filename size)
932          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
933          * Octet N2-N3: Cipher identifier (1 octet)
934          * Octets N3-N4: Block-aligned encrypted filename
935          *  - Consists of a minimum number of random numbers, a \0
936          *    separator, and then the filename */
937         if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
938                 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
939                        "tag [0x%.2x]\n", __func__,
940                        data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
941                 rc = -EINVAL;
942                 goto out;
943         }
944         rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
945                                           &s->parsed_tag_70_packet_size,
946                                           &s->packet_size_len);
947         if (rc) {
948                 printk(KERN_WARNING "%s: Error parsing packet length; "
949                        "rc = [%d]\n", __func__, rc);
950                 goto out;
951         }
952         s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
953                                           - ECRYPTFS_SIG_SIZE - 1);
954         if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
955             > max_packet_size) {
956                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
957                        "size is [%zd]\n", __func__, max_packet_size,
958                        (1 + s->packet_size_len + 1
959                         + s->block_aligned_filename_size));
960                 rc = -EINVAL;
961                 goto out;
962         }
963         (*packet_size) += s->packet_size_len;
964         ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
965                         ECRYPTFS_SIG_SIZE);
966         s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
967         (*packet_size) += ECRYPTFS_SIG_SIZE;
968         s->cipher_code = data[(*packet_size)++];
969         rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
970         if (rc) {
971                 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
972                        __func__, s->cipher_code);
973                 goto out;
974         }
975         rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
976                                             &s->auth_tok, mount_crypt_stat,
977                                             s->fnek_sig_hex);
978         if (rc) {
979                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
980                        "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
981                        rc);
982                 goto out;
983         }
984         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm,
985                                                         &s->tfm_mutex,
986                                                         s->cipher_string);
987         if (unlikely(rc)) {
988                 printk(KERN_ERR "Internal error whilst attempting to get "
989                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
990                        s->cipher_string, rc);
991                 goto out;
992         }
993         mutex_lock(s->tfm_mutex);
994         rc = virt_to_scatterlist(&data[(*packet_size)],
995                                  s->block_aligned_filename_size, s->src_sg, 2);
996         if (rc < 1) {
997                 printk(KERN_ERR "%s: Internal error whilst attempting to "
998                        "convert encrypted filename memory to scatterlist; "
999                        "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1000                        __func__, rc, s->block_aligned_filename_size);
1001                 goto out_unlock;
1002         }
1003         (*packet_size) += s->block_aligned_filename_size;
1004         s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
1005                                         GFP_KERNEL);
1006         if (!s->decrypted_filename) {
1007                 rc = -ENOMEM;
1008                 goto out_unlock;
1009         }
1010         rc = virt_to_scatterlist(s->decrypted_filename,
1011                                  s->block_aligned_filename_size, s->dst_sg, 2);
1012         if (rc < 1) {
1013                 printk(KERN_ERR "%s: Internal error whilst attempting to "
1014                        "convert decrypted filename memory to scatterlist; "
1015                        "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1016                        __func__, rc, s->block_aligned_filename_size);
1017                 goto out_free_unlock;
1018         }
1019 
1020         s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
1021         if (!s->skcipher_req) {
1022                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1023                        "skcipher_request_alloc for %s\n", __func__,
1024                        crypto_skcipher_driver_name(s->skcipher_tfm));
1025                 rc = -ENOMEM;
1026                 goto out_free_unlock;
1027         }
1028 
1029         skcipher_request_set_callback(s->skcipher_req,
1030                                       CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1031 
1032         /* The characters in the first block effectively do the job of
1033          * the IV here, so we just use 0's for the IV. Note the
1034          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1035          * >= ECRYPTFS_MAX_IV_BYTES. */
1036         /* TODO: Support other key modules than passphrase for
1037          * filename encryption */
1038         if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1039                 rc = -EOPNOTSUPP;
1040                 printk(KERN_INFO "%s: Filename encryption only supports "
1041                        "password tokens\n", __func__);
1042                 goto out_free_unlock;
1043         }
1044         rc = crypto_skcipher_setkey(
1045                 s->skcipher_tfm,
1046                 s->auth_tok->token.password.session_key_encryption_key,
1047                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
1048         if (rc < 0) {
1049                 printk(KERN_ERR "%s: Error setting key for crypto context; "
1050                        "rc = [%d]. s->auth_tok->token.password.session_key_"
1051                        "encryption_key = [0x%p]; mount_crypt_stat->"
1052                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
1053                        rc,
1054                        s->auth_tok->token.password.session_key_encryption_key,
1055                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
1056                 goto out_free_unlock;
1057         }
1058         skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
1059                                    s->block_aligned_filename_size, s->iv);
1060         rc = crypto_skcipher_decrypt(s->skcipher_req);
1061         if (rc) {
1062                 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1063                        "rc = [%d]\n", __func__, rc);
1064                 goto out_free_unlock;
1065         }
1066         while (s->decrypted_filename[s->i] != '\0'
1067                && s->i < s->block_aligned_filename_size)
1068                 s->i++;
1069         if (s->i == s->block_aligned_filename_size) {
1070                 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
1071                        "find valid separator between random characters and "
1072                        "the filename\n", __func__);
1073                 rc = -EINVAL;
1074                 goto out_free_unlock;
1075         }
1076         s->i++;
1077         (*filename_size) = (s->block_aligned_filename_size - s->i);
1078         if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
1079                 printk(KERN_WARNING "%s: Filename size is [%zd], which is "
1080                        "invalid\n", __func__, (*filename_size));
1081                 rc = -EINVAL;
1082                 goto out_free_unlock;
1083         }
1084         (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
1085         if (!(*filename)) {
1086                 rc = -ENOMEM;
1087                 goto out_free_unlock;
1088         }
1089         memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
1090         (*filename)[(*filename_size)] = '\0';
1091 out_free_unlock:
1092         kfree(s->decrypted_filename);
1093 out_unlock:
1094         mutex_unlock(s->tfm_mutex);
1095 out:
1096         if (rc) {
1097                 (*packet_size) = 0;
1098                 (*filename_size) = 0;
1099                 (*filename) = NULL;
1100         }
1101         if (auth_tok_key) {
1102                 up_write(&(auth_tok_key->sem));
1103                 key_put(auth_tok_key);
1104         }
1105         skcipher_request_free(s->skcipher_req);
1106         kfree(s);
1107         return rc;
1108 }
1109 
1110 static int
1111 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1112 {
1113         int rc = 0;
1114 
1115         (*sig) = NULL;
1116         switch (auth_tok->token_type) {
1117         case ECRYPTFS_PASSWORD:
1118                 (*sig) = auth_tok->token.password.signature;
1119                 break;
1120         case ECRYPTFS_PRIVATE_KEY:
1121                 (*sig) = auth_tok->token.private_key.signature;
1122                 break;
1123         default:
1124                 printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1125                        auth_tok->token_type);
1126                 rc = -EINVAL;
1127         }
1128         return rc;
1129 }
1130 
1131 /**
1132  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1133  * @auth_tok: The key authentication token used to decrypt the session key
1134  * @crypt_stat: The cryptographic context
1135  *
1136  * Returns zero on success; non-zero error otherwise.
1137  */
1138 static int
1139 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1140                                   struct ecryptfs_crypt_stat *crypt_stat)
1141 {
1142         u8 cipher_code = 0;
1143         struct ecryptfs_msg_ctx *msg_ctx;
1144         struct ecryptfs_message *msg = NULL;
1145         char *auth_tok_sig;
1146         char *payload = NULL;
1147         size_t payload_len = 0;
1148         int rc;
1149 
1150         rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1151         if (rc) {
1152                 printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1153                        auth_tok->token_type);
1154                 goto out;
1155         }
1156         rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1157                                  &payload, &payload_len);
1158         if (rc) {
1159                 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1160                 goto out;
1161         }
1162         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1163         if (rc) {
1164                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1165                                 "ecryptfsd: %d\n", rc);
1166                 goto out;
1167         }
1168         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1169         if (rc) {
1170                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1171                                 "from the user space daemon\n");
1172                 rc = -EIO;
1173                 goto out;
1174         }
1175         rc = parse_tag_65_packet(&(auth_tok->session_key),
1176                                  &cipher_code, msg);
1177         if (rc) {
1178                 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1179                        rc);
1180                 goto out;
1181         }
1182         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1183         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1184                auth_tok->session_key.decrypted_key_size);
1185         crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1186         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1187         if (rc) {
1188                 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1189                                 cipher_code)
1190                 goto out;
1191         }
1192         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1193         if (ecryptfs_verbosity > 0) {
1194                 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1195                 ecryptfs_dump_hex(crypt_stat->key,
1196                                   crypt_stat->key_size);
1197         }
1198 out:
1199         kfree(msg);
1200         kfree(payload);
1201         return rc;
1202 }
1203 
1204 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1205 {
1206         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1207         struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1208 
1209         list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1210                                  auth_tok_list_head, list) {
1211                 list_del(&auth_tok_list_item->list);
1212                 kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1213                                 auth_tok_list_item);
1214         }
1215 }
1216 
1217 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1218 
1219 /**
1220  * parse_tag_1_packet
1221  * @crypt_stat: The cryptographic context to modify based on packet contents
1222  * @data: The raw bytes of the packet.
1223  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1224  *                 a new authentication token will be placed at the
1225  *                 end of this list for this packet.
1226  * @new_auth_tok: Pointer to a pointer to memory that this function
1227  *                allocates; sets the memory address of the pointer to
1228  *                NULL on error. This object is added to the
1229  *                auth_tok_list.
1230  * @packet_size: This function writes the size of the parsed packet
1231  *               into this memory location; zero on error.
1232  * @max_packet_size: The maximum allowable packet size
1233  *
1234  * Returns zero on success; non-zero on error.
1235  */
1236 static int
1237 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1238                    unsigned char *data, struct list_head *auth_tok_list,
1239                    struct ecryptfs_auth_tok **new_auth_tok,
1240                    size_t *packet_size, size_t max_packet_size)
1241 {
1242         size_t body_size;
1243         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1244         size_t length_size;
1245         int rc = 0;
1246 
1247         (*packet_size) = 0;
1248         (*new_auth_tok) = NULL;
1249         /**
1250          * This format is inspired by OpenPGP; see RFC 2440
1251          * packet tag 1
1252          *
1253          * Tag 1 identifier (1 byte)
1254          * Max Tag 1 packet size (max 3 bytes)
1255          * Version (1 byte)
1256          * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1257          * Cipher identifier (1 byte)
1258          * Encrypted key size (arbitrary)
1259          *
1260          * 12 bytes minimum packet size
1261          */
1262         if (unlikely(max_packet_size < 12)) {
1263                 printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1264                 rc = -EINVAL;
1265                 goto out;
1266         }
1267         if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1268                 printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1269                        ECRYPTFS_TAG_1_PACKET_TYPE);
1270                 rc = -EINVAL;
1271                 goto out;
1272         }
1273         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1274          * at end of function upon failure */
1275         auth_tok_list_item =
1276                 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1277                                   GFP_KERNEL);
1278         if (!auth_tok_list_item) {
1279                 printk(KERN_ERR "Unable to allocate memory\n");
1280                 rc = -ENOMEM;
1281                 goto out;
1282         }
1283         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1284         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1285                                           &length_size);
1286         if (rc) {
1287                 printk(KERN_WARNING "Error parsing packet length; "
1288                        "rc = [%d]\n", rc);
1289                 goto out_free;
1290         }
1291         if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1292                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1293                 rc = -EINVAL;
1294                 goto out_free;
1295         }
1296         (*packet_size) += length_size;
1297         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1298                 printk(KERN_WARNING "Packet size exceeds max\n");
1299                 rc = -EINVAL;
1300                 goto out_free;
1301         }
1302         if (unlikely(data[(*packet_size)++] != 0x03)) {
1303                 printk(KERN_WARNING "Unknown version number [%d]\n",
1304                        data[(*packet_size) - 1]);
1305                 rc = -EINVAL;
1306                 goto out_free;
1307         }
1308         ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1309                         &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1310         *packet_size += ECRYPTFS_SIG_SIZE;
1311         /* This byte is skipped because the kernel does not need to
1312          * know which public key encryption algorithm was used */
1313         (*packet_size)++;
1314         (*new_auth_tok)->session_key.encrypted_key_size =
1315                 body_size - (ECRYPTFS_SIG_SIZE + 2);
1316         if ((*new_auth_tok)->session_key.encrypted_key_size
1317             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1318                 printk(KERN_WARNING "Tag 1 packet contains key larger "
1319                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1320                 rc = -EINVAL;
1321                 goto out;
1322         }
1323         memcpy((*new_auth_tok)->session_key.encrypted_key,
1324                &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1325         (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1326         (*new_auth_tok)->session_key.flags &=
1327                 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1328         (*new_auth_tok)->session_key.flags |=
1329                 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1330         (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1331         (*new_auth_tok)->flags = 0;
1332         (*new_auth_tok)->session_key.flags &=
1333                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1334         (*new_auth_tok)->session_key.flags &=
1335                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1336         list_add(&auth_tok_list_item->list, auth_tok_list);
1337         goto out;
1338 out_free:
1339         (*new_auth_tok) = NULL;
1340         memset(auth_tok_list_item, 0,
1341                sizeof(struct ecryptfs_auth_tok_list_item));
1342         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1343                         auth_tok_list_item);
1344 out:
1345         if (rc)
1346                 (*packet_size) = 0;
1347         return rc;
1348 }
1349 
1350 /**
1351  * parse_tag_3_packet
1352  * @crypt_stat: The cryptographic context to modify based on packet
1353  *              contents.
1354  * @data: The raw bytes of the packet.
1355  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1356  *                 a new authentication token will be placed at the end
1357  *                 of this list for this packet.
1358  * @new_auth_tok: Pointer to a pointer to memory that this function
1359  *                allocates; sets the memory address of the pointer to
1360  *                NULL on error. This object is added to the
1361  *                auth_tok_list.
1362  * @packet_size: This function writes the size of the parsed packet
1363  *               into this memory location; zero on error.
1364  * @max_packet_size: maximum number of bytes to parse
1365  *
1366  * Returns zero on success; non-zero on error.
1367  */
1368 static int
1369 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1370                    unsigned char *data, struct list_head *auth_tok_list,
1371                    struct ecryptfs_auth_tok **new_auth_tok,
1372                    size_t *packet_size, size_t max_packet_size)
1373 {
1374         size_t body_size;
1375         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1376         size_t length_size;
1377         int rc = 0;
1378 
1379         (*packet_size) = 0;
1380         (*new_auth_tok) = NULL;
1381         /**
1382          *This format is inspired by OpenPGP; see RFC 2440
1383          * packet tag 3
1384          *
1385          * Tag 3 identifier (1 byte)
1386          * Max Tag 3 packet size (max 3 bytes)
1387          * Version (1 byte)
1388          * Cipher code (1 byte)
1389          * S2K specifier (1 byte)
1390          * Hash identifier (1 byte)
1391          * Salt (ECRYPTFS_SALT_SIZE)
1392          * Hash iterations (1 byte)
1393          * Encrypted key (arbitrary)
1394          *
1395          * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1396          */
1397         if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1398                 printk(KERN_ERR "Max packet size too large\n");
1399                 rc = -EINVAL;
1400                 goto out;
1401         }
1402         if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1403                 printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1404                        ECRYPTFS_TAG_3_PACKET_TYPE);
1405                 rc = -EINVAL;
1406                 goto out;
1407         }
1408         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1409          * at end of function upon failure */
1410         auth_tok_list_item =
1411             kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1412         if (!auth_tok_list_item) {
1413                 printk(KERN_ERR "Unable to allocate memory\n");
1414                 rc = -ENOMEM;
1415                 goto out;
1416         }
1417         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1418         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1419                                           &length_size);
1420         if (rc) {
1421                 printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1422                        rc);
1423                 goto out_free;
1424         }
1425         if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1426                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1427                 rc = -EINVAL;
1428                 goto out_free;
1429         }
1430         (*packet_size) += length_size;
1431         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1432                 printk(KERN_ERR "Packet size exceeds max\n");
1433                 rc = -EINVAL;
1434                 goto out_free;
1435         }
1436         (*new_auth_tok)->session_key.encrypted_key_size =
1437                 (body_size - (ECRYPTFS_SALT_SIZE + 5));
1438         if ((*new_auth_tok)->session_key.encrypted_key_size
1439             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1440                 printk(KERN_WARNING "Tag 3 packet contains key larger "
1441                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1442                 rc = -EINVAL;
1443                 goto out_free;
1444         }
1445         if (unlikely(data[(*packet_size)++] != 0x04)) {
1446                 printk(KERN_WARNING "Unknown version number [%d]\n",
1447                        data[(*packet_size) - 1]);
1448                 rc = -EINVAL;
1449                 goto out_free;
1450         }
1451         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1452                                             (u16)data[(*packet_size)]);
1453         if (rc)
1454                 goto out_free;
1455         /* A little extra work to differentiate among the AES key
1456          * sizes; see RFC2440 */
1457         switch(data[(*packet_size)++]) {
1458         case RFC2440_CIPHER_AES_192:
1459                 crypt_stat->key_size = 24;
1460                 break;
1461         default:
1462                 crypt_stat->key_size =
1463                         (*new_auth_tok)->session_key.encrypted_key_size;
1464         }
1465         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1466         if (rc)
1467                 goto out_free;
1468         if (unlikely(data[(*packet_size)++] != 0x03)) {
1469                 printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1470                 rc = -ENOSYS;
1471                 goto out_free;
1472         }
1473         /* TODO: finish the hash mapping */
1474         switch (data[(*packet_size)++]) {
1475         case 0x01: /* See RFC2440 for these numbers and their mappings */
1476                 /* Choose MD5 */
1477                 memcpy((*new_auth_tok)->token.password.salt,
1478                        &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1479                 (*packet_size) += ECRYPTFS_SALT_SIZE;
1480                 /* This conversion was taken straight from RFC2440 */
1481                 (*new_auth_tok)->token.password.hash_iterations =
1482                         ((u32) 16 + (data[(*packet_size)] & 15))
1483                                 << ((data[(*packet_size)] >> 4) + 6);
1484                 (*packet_size)++;
1485                 /* Friendly reminder:
1486                  * (*new_auth_tok)->session_key.encrypted_key_size =
1487                  *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1488                 memcpy((*new_auth_tok)->session_key.encrypted_key,
1489                        &data[(*packet_size)],
1490                        (*new_auth_tok)->session_key.encrypted_key_size);
1491                 (*packet_size) +=
1492                         (*new_auth_tok)->session_key.encrypted_key_size;
1493                 (*new_auth_tok)->session_key.flags &=
1494                         ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1495                 (*new_auth_tok)->session_key.flags |=
1496                         ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1497                 (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1498                 break;
1499         default:
1500                 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1501                                 "[%d]\n", data[(*packet_size) - 1]);
1502                 rc = -ENOSYS;
1503                 goto out_free;
1504         }
1505         (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1506         /* TODO: Parametarize; we might actually want userspace to
1507          * decrypt the session key. */
1508         (*new_auth_tok)->session_key.flags &=
1509                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1510         (*new_auth_tok)->session_key.flags &=
1511                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1512         list_add(&auth_tok_list_item->list, auth_tok_list);
1513         goto out;
1514 out_free:
1515         (*new_auth_tok) = NULL;
1516         memset(auth_tok_list_item, 0,
1517                sizeof(struct ecryptfs_auth_tok_list_item));
1518         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1519                         auth_tok_list_item);
1520 out:
1521         if (rc)
1522                 (*packet_size) = 0;
1523         return rc;
1524 }
1525 
1526 /**
1527  * parse_tag_11_packet
1528  * @data: The raw bytes of the packet
1529  * @contents: This function writes the data contents of the literal
1530  *            packet into this memory location
1531  * @max_contents_bytes: The maximum number of bytes that this function
1532  *                      is allowed to write into contents
1533  * @tag_11_contents_size: This function writes the size of the parsed
1534  *                        contents into this memory location; zero on
1535  *                        error
1536  * @packet_size: This function writes the size of the parsed packet
1537  *               into this memory location; zero on error
1538  * @max_packet_size: maximum number of bytes to parse
1539  *
1540  * Returns zero on success; non-zero on error.
1541  */
1542 static int
1543 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1544                     size_t max_contents_bytes, size_t *tag_11_contents_size,
1545                     size_t *packet_size, size_t max_packet_size)
1546 {
1547         size_t body_size;
1548         size_t length_size;
1549         int rc = 0;
1550 
1551         (*packet_size) = 0;
1552         (*tag_11_contents_size) = 0;
1553         /* This format is inspired by OpenPGP; see RFC 2440
1554          * packet tag 11
1555          *
1556          * Tag 11 identifier (1 byte)
1557          * Max Tag 11 packet size (max 3 bytes)
1558          * Binary format specifier (1 byte)
1559          * Filename length (1 byte)
1560          * Filename ("_CONSOLE") (8 bytes)
1561          * Modification date (4 bytes)
1562          * Literal data (arbitrary)
1563          *
1564          * We need at least 16 bytes of data for the packet to even be
1565          * valid.
1566          */
1567         if (max_packet_size < 16) {
1568                 printk(KERN_ERR "Maximum packet size too small\n");
1569                 rc = -EINVAL;
1570                 goto out;
1571         }
1572         if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1573                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1574                 rc = -EINVAL;
1575                 goto out;
1576         }
1577         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1578                                           &length_size);
1579         if (rc) {
1580                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1581                 goto out;
1582         }
1583         if (body_size < 14) {
1584                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1585                 rc = -EINVAL;
1586                 goto out;
1587         }
1588         (*packet_size) += length_size;
1589         (*tag_11_contents_size) = (body_size - 14);
1590         if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1591                 printk(KERN_ERR "Packet size exceeds max\n");
1592                 rc = -EINVAL;
1593                 goto out;
1594         }
1595         if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1596                 printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1597                        "expected size\n");
1598                 rc = -EINVAL;
1599                 goto out;
1600         }
1601         if (data[(*packet_size)++] != 0x62) {
1602                 printk(KERN_WARNING "Unrecognizable packet\n");
1603                 rc = -EINVAL;
1604                 goto out;
1605         }
1606         if (data[(*packet_size)++] != 0x08) {
1607                 printk(KERN_WARNING "Unrecognizable packet\n");
1608                 rc = -EINVAL;
1609                 goto out;
1610         }
1611         (*packet_size) += 12; /* Ignore filename and modification date */
1612         memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1613         (*packet_size) += (*tag_11_contents_size);
1614 out:
1615         if (rc) {
1616                 (*packet_size) = 0;
1617                 (*tag_11_contents_size) = 0;
1618         }
1619         return rc;
1620 }
1621 
1622 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1623                                       struct ecryptfs_auth_tok **auth_tok,
1624                                       char *sig)
1625 {
1626         int rc = 0;
1627 
1628         (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1629         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1630                 (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
1631                 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1632                         printk(KERN_ERR "Could not find key with description: [%s]\n",
1633                               sig);
1634                         rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1635                         (*auth_tok_key) = NULL;
1636                         goto out;
1637                 }
1638         }
1639         down_write(&(*auth_tok_key)->sem);
1640         rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1641         if (rc) {
1642                 up_write(&(*auth_tok_key)->sem);
1643                 key_put(*auth_tok_key);
1644                 (*auth_tok_key) = NULL;
1645                 goto out;
1646         }
1647 out:
1648         return rc;
1649 }
1650 
1651 /**
1652  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1653  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1654  * @crypt_stat: The cryptographic context
1655  *
1656  * Returns zero on success; non-zero error otherwise
1657  */
1658 static int
1659 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1660                                          struct ecryptfs_crypt_stat *crypt_stat)
1661 {
1662         struct scatterlist dst_sg[2];
1663         struct scatterlist src_sg[2];
1664         struct mutex *tfm_mutex;
1665         struct crypto_skcipher *tfm;
1666         struct skcipher_request *req = NULL;
1667         int rc = 0;
1668 
1669         if (unlikely(ecryptfs_verbosity > 0)) {
1670                 ecryptfs_printk(
1671                         KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1672                         auth_tok->token.password.session_key_encryption_key_bytes);
1673                 ecryptfs_dump_hex(
1674                         auth_tok->token.password.session_key_encryption_key,
1675                         auth_tok->token.password.session_key_encryption_key_bytes);
1676         }
1677         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
1678                                                         crypt_stat->cipher);
1679         if (unlikely(rc)) {
1680                 printk(KERN_ERR "Internal error whilst attempting to get "
1681                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1682                        crypt_stat->cipher, rc);
1683                 goto out;
1684         }
1685         rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1686                                  auth_tok->session_key.encrypted_key_size,
1687                                  src_sg, 2);
1688         if (rc < 1 || rc > 2) {
1689                 printk(KERN_ERR "Internal error whilst attempting to convert "
1690                         "auth_tok->session_key.encrypted_key to scatterlist; "
1691                         "expected rc = 1; got rc = [%d]. "
1692                        "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1693                         auth_tok->session_key.encrypted_key_size);
1694                 goto out;
1695         }
1696         auth_tok->session_key.decrypted_key_size =
1697                 auth_tok->session_key.encrypted_key_size;
1698         rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1699                                  auth_tok->session_key.decrypted_key_size,
1700                                  dst_sg, 2);
1701         if (rc < 1 || rc > 2) {
1702                 printk(KERN_ERR "Internal error whilst attempting to convert "
1703                         "auth_tok->session_key.decrypted_key to scatterlist; "
1704                         "expected rc = 1; got rc = [%d]\n", rc);
1705                 goto out;
1706         }
1707         mutex_lock(tfm_mutex);
1708         req = skcipher_request_alloc(tfm, GFP_KERNEL);
1709         if (!req) {
1710                 mutex_unlock(tfm_mutex);
1711                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1712                        "skcipher_request_alloc for %s\n", __func__,
1713                        crypto_skcipher_driver_name(tfm));
1714                 rc = -ENOMEM;
1715                 goto out;
1716         }
1717 
1718         skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1719                                       NULL, NULL);
1720         rc = crypto_skcipher_setkey(
1721                 tfm, auth_tok->token.password.session_key_encryption_key,
1722                 crypt_stat->key_size);
1723         if (unlikely(rc < 0)) {
1724                 mutex_unlock(tfm_mutex);
1725                 printk(KERN_ERR "Error setting key for crypto context\n");
1726                 rc = -EINVAL;
1727                 goto out;
1728         }
1729         skcipher_request_set_crypt(req, src_sg, dst_sg,
1730                                    auth_tok->session_key.encrypted_key_size,
1731                                    NULL);
1732         rc = crypto_skcipher_decrypt(req);
1733         mutex_unlock(tfm_mutex);
1734         if (unlikely(rc)) {
1735                 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1736                 goto out;
1737         }
1738         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1739         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1740                auth_tok->session_key.decrypted_key_size);
1741         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1742         if (unlikely(ecryptfs_verbosity > 0)) {
1743                 ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1744                                 crypt_stat->key_size);
1745                 ecryptfs_dump_hex(crypt_stat->key,
1746                                   crypt_stat->key_size);
1747         }
1748 out:
1749         skcipher_request_free(req);
1750         return rc;
1751 }
1752 
1753 /**
1754  * ecryptfs_parse_packet_set
1755  * @crypt_stat: The cryptographic context
1756  * @src: Virtual address of region of memory containing the packets
1757  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1758  *
1759  * Get crypt_stat to have the file's session key if the requisite key
1760  * is available to decrypt the session key.
1761  *
1762  * Returns Zero if a valid authentication token was retrieved and
1763  * processed; negative value for file not encrypted or for error
1764  * conditions.
1765  */
1766 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1767                               unsigned char *src,
1768                               struct dentry *ecryptfs_dentry)
1769 {
1770         size_t i = 0;
1771         size_t found_auth_tok;
1772         size_t next_packet_is_auth_tok_packet;
1773         struct list_head auth_tok_list;
1774         struct ecryptfs_auth_tok *matching_auth_tok;
1775         struct ecryptfs_auth_tok *candidate_auth_tok;
1776         char *candidate_auth_tok_sig;
1777         size_t packet_size;
1778         struct ecryptfs_auth_tok *new_auth_tok;
1779         unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1780         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1781         size_t tag_11_contents_size;
1782         size_t tag_11_packet_size;
1783         struct key *auth_tok_key = NULL;
1784         int rc = 0;
1785 
1786         INIT_LIST_HEAD(&auth_tok_list);
1787         /* Parse the header to find as many packets as we can; these will be
1788          * added the our &auth_tok_list */
1789         next_packet_is_auth_tok_packet = 1;
1790         while (next_packet_is_auth_tok_packet) {
1791                 size_t max_packet_size = ((PAGE_SIZE - 8) - i);
1792 
1793                 switch (src[i]) {
1794                 case ECRYPTFS_TAG_3_PACKET_TYPE:
1795                         rc = parse_tag_3_packet(crypt_stat,
1796                                                 (unsigned char *)&src[i],
1797                                                 &auth_tok_list, &new_auth_tok,
1798                                                 &packet_size, max_packet_size);
1799                         if (rc) {
1800                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1801                                                 "tag 3 packet\n");
1802                                 rc = -EIO;
1803                                 goto out_wipe_list;
1804                         }
1805                         i += packet_size;
1806                         rc = parse_tag_11_packet((unsigned char *)&src[i],
1807                                                  sig_tmp_space,
1808                                                  ECRYPTFS_SIG_SIZE,
1809                                                  &tag_11_contents_size,
1810                                                  &tag_11_packet_size,
1811                                                  max_packet_size);
1812                         if (rc) {
1813                                 ecryptfs_printk(KERN_ERR, "No valid "
1814                                                 "(ecryptfs-specific) literal "
1815                                                 "packet containing "
1816                                                 "authentication token "
1817                                                 "signature found after "
1818                                                 "tag 3 packet\n");
1819                                 rc = -EIO;
1820                                 goto out_wipe_list;
1821                         }
1822                         i += tag_11_packet_size;
1823                         if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1824                                 ecryptfs_printk(KERN_ERR, "Expected "
1825                                                 "signature of size [%d]; "
1826                                                 "read size [%zd]\n",
1827                                                 ECRYPTFS_SIG_SIZE,
1828                                                 tag_11_contents_size);
1829                                 rc = -EIO;
1830                                 goto out_wipe_list;
1831                         }
1832                         ecryptfs_to_hex(new_auth_tok->token.password.signature,
1833                                         sig_tmp_space, tag_11_contents_size);
1834                         new_auth_tok->token.password.signature[
1835                                 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1836                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1837                         break;
1838                 case ECRYPTFS_TAG_1_PACKET_TYPE:
1839                         rc = parse_tag_1_packet(crypt_stat,
1840                                                 (unsigned char *)&src[i],
1841                                                 &auth_tok_list, &new_auth_tok,
1842                                                 &packet_size, max_packet_size);
1843                         if (rc) {
1844                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1845                                                 "tag 1 packet\n");
1846                                 rc = -EIO;
1847                                 goto out_wipe_list;
1848                         }
1849                         i += packet_size;
1850                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1851                         break;
1852                 case ECRYPTFS_TAG_11_PACKET_TYPE:
1853                         ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1854                                         "(Tag 11 not allowed by itself)\n");
1855                         rc = -EIO;
1856                         goto out_wipe_list;
1857                 default:
1858                         ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1859                                         "of the file header; hex value of "
1860                                         "character is [0x%.2x]\n", i, src[i]);
1861                         next_packet_is_auth_tok_packet = 0;
1862                 }
1863         }
1864         if (list_empty(&auth_tok_list)) {
1865                 printk(KERN_ERR "The lower file appears to be a non-encrypted "
1866                        "eCryptfs file; this is not supported in this version "
1867                        "of the eCryptfs kernel module\n");
1868                 rc = -EINVAL;
1869                 goto out;
1870         }
1871         /* auth_tok_list contains the set of authentication tokens
1872          * parsed from the metadata. We need to find a matching
1873          * authentication token that has the secret component(s)
1874          * necessary to decrypt the EFEK in the auth_tok parsed from
1875          * the metadata. There may be several potential matches, but
1876          * just one will be sufficient to decrypt to get the FEK. */
1877 find_next_matching_auth_tok:
1878         found_auth_tok = 0;
1879         list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1880                 candidate_auth_tok = &auth_tok_list_item->auth_tok;
1881                 if (unlikely(ecryptfs_verbosity > 0)) {
1882                         ecryptfs_printk(KERN_DEBUG,
1883                                         "Considering candidate auth tok:\n");
1884                         ecryptfs_dump_auth_tok(candidate_auth_tok);
1885                 }
1886                 rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1887                                                candidate_auth_tok);
1888                 if (rc) {
1889                         printk(KERN_ERR
1890                                "Unrecognized candidate auth tok type: [%d]\n",
1891                                candidate_auth_tok->token_type);
1892                         rc = -EINVAL;
1893                         goto out_wipe_list;
1894                 }
1895                 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1896                                                &matching_auth_tok,
1897                                                crypt_stat->mount_crypt_stat,
1898                                                candidate_auth_tok_sig);
1899                 if (!rc) {
1900                         found_auth_tok = 1;
1901                         goto found_matching_auth_tok;
1902                 }
1903         }
1904         if (!found_auth_tok) {
1905                 ecryptfs_printk(KERN_ERR, "Could not find a usable "
1906                                 "authentication token\n");
1907                 rc = -EIO;
1908                 goto out_wipe_list;
1909         }
1910 found_matching_auth_tok:
1911         if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1912                 memcpy(&(candidate_auth_tok->token.private_key),
1913                        &(matching_auth_tok->token.private_key),
1914                        sizeof(struct ecryptfs_private_key));
1915                 up_write(&(auth_tok_key->sem));
1916                 key_put(auth_tok_key);
1917                 rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1918                                                        crypt_stat);
1919         } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1920                 memcpy(&(candidate_auth_tok->token.password),
1921                        &(matching_auth_tok->token.password),
1922                        sizeof(struct ecryptfs_password));
1923                 up_write(&(auth_tok_key->sem));
1924                 key_put(auth_tok_key);
1925                 rc = decrypt_passphrase_encrypted_session_key(
1926                         candidate_auth_tok, crypt_stat);
1927         } else {
1928                 up_write(&(auth_tok_key->sem));
1929                 key_put(auth_tok_key);
1930                 rc = -EINVAL;
1931         }
1932         if (rc) {
1933                 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1934 
1935                 ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1936                                 "session key for authentication token with sig "
1937                                 "[%.*s]; rc = [%d]. Removing auth tok "
1938                                 "candidate from the list and searching for "
1939                                 "the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1940                                 candidate_auth_tok_sig, rc);
1941                 list_for_each_entry_safe(auth_tok_list_item,
1942                                          auth_tok_list_item_tmp,
1943                                          &auth_tok_list, list) {
1944                         if (candidate_auth_tok
1945                             == &auth_tok_list_item->auth_tok) {
1946                                 list_del(&auth_tok_list_item->list);
1947                                 kmem_cache_free(
1948                                         ecryptfs_auth_tok_list_item_cache,
1949                                         auth_tok_list_item);
1950                                 goto find_next_matching_auth_tok;
1951                         }
1952                 }
1953                 BUG();
1954         }
1955         rc = ecryptfs_compute_root_iv(crypt_stat);
1956         if (rc) {
1957                 ecryptfs_printk(KERN_ERR, "Error computing "
1958                                 "the root IV\n");
1959                 goto out_wipe_list;
1960         }
1961         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1962         if (rc) {
1963                 ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1964                                 "context for cipher [%s]; rc = [%d]\n",
1965                                 crypt_stat->cipher, rc);
1966         }
1967 out_wipe_list:
1968         wipe_auth_tok_list(&auth_tok_list);
1969 out:
1970         return rc;
1971 }
1972 
1973 static int
1974 pki_encrypt_session_key(struct key *auth_tok_key,
1975                         struct ecryptfs_auth_tok *auth_tok,
1976                         struct ecryptfs_crypt_stat *crypt_stat,
1977                         struct ecryptfs_key_record *key_rec)
1978 {
1979         struct ecryptfs_msg_ctx *msg_ctx = NULL;
1980         char *payload = NULL;
1981         size_t payload_len = 0;
1982         struct ecryptfs_message *msg;
1983         int rc;
1984 
1985         rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1986                                  ecryptfs_code_for_cipher_string(
1987                                          crypt_stat->cipher,
1988                                          crypt_stat->key_size),
1989                                  crypt_stat, &payload, &payload_len);
1990         up_write(&(auth_tok_key->sem));
1991         key_put(auth_tok_key);
1992         if (rc) {
1993                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1994                 goto out;
1995         }
1996         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1997         if (rc) {
1998                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1999                                 "ecryptfsd: %d\n", rc);
2000                 goto out;
2001         }
2002         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
2003         if (rc) {
2004                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
2005                                 "from the user space daemon\n");
2006                 rc = -EIO;
2007                 goto out;
2008         }
2009         rc = parse_tag_67_packet(key_rec, msg);
2010         if (rc)
2011                 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
2012         kfree(msg);
2013 out:
2014         kfree(payload);
2015         return rc;
2016 }
2017 /**
2018  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
2019  * @dest: Buffer into which to write the packet
2020  * @remaining_bytes: Maximum number of bytes that can be writtn
2021  * @auth_tok_key: The authentication token key to unlock and put when done with
2022  *                @auth_tok
2023  * @auth_tok: The authentication token used for generating the tag 1 packet
2024  * @crypt_stat: The cryptographic context
2025  * @key_rec: The key record struct for the tag 1 packet
2026  * @packet_size: This function will write the number of bytes that end
2027  *               up constituting the packet; set to zero on error
2028  *
2029  * Returns zero on success; non-zero on error.
2030  */
2031 static int
2032 write_tag_1_packet(char *dest, size_t *remaining_bytes,
2033                    struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok,
2034                    struct ecryptfs_crypt_stat *crypt_stat,
2035                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
2036 {
2037         size_t i;
2038         size_t encrypted_session_key_valid = 0;
2039         size_t packet_size_length;
2040         size_t max_packet_size;
2041         int rc = 0;
2042 
2043         (*packet_size) = 0;
2044         ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2045                           ECRYPTFS_SIG_SIZE);
2046         encrypted_session_key_valid = 0;
2047         for (i = 0; i < crypt_stat->key_size; i++)
2048                 encrypted_session_key_valid |=
2049                         auth_tok->session_key.encrypted_key[i];
2050         if (encrypted_session_key_valid) {
2051                 memcpy(key_rec->enc_key,
2052                        auth_tok->session_key.encrypted_key,
2053                        auth_tok->session_key.encrypted_key_size);
2054                 up_write(&(auth_tok_key->sem));
2055                 key_put(auth_tok_key);
2056                 goto encrypted_session_key_set;
2057         }
2058         if (auth_tok->session_key.encrypted_key_size == 0)
2059                 auth_tok->session_key.encrypted_key_size =
2060                         auth_tok->token.private_key.key_size;
2061         rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat,
2062                                      key_rec);
2063         if (rc) {
2064                 printk(KERN_ERR "Failed to encrypt session key via a key "
2065                        "module; rc = [%d]\n", rc);
2066                 goto out;
2067         }
2068         if (ecryptfs_verbosity > 0) {
2069                 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
2070                 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
2071         }
2072 encrypted_session_key_set:
2073         /* This format is inspired by OpenPGP; see RFC 2440
2074          * packet tag 1 */
2075         max_packet_size = (1                         /* Tag 1 identifier */
2076                            + 3                       /* Max Tag 1 packet size */
2077                            + 1                       /* Version */
2078                            + ECRYPTFS_SIG_SIZE       /* Key identifier */
2079                            + 1                       /* Cipher identifier */
2080                            + key_rec->enc_key_size); /* Encrypted key size */
2081         if (max_packet_size > (*remaining_bytes)) {
2082                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2083                        "need up to [%td] bytes, but there are only [%td] "
2084                        "available\n", max_packet_size, (*remaining_bytes));
2085                 rc = -EINVAL;
2086                 goto out;
2087         }
2088         dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2089         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2090                                           (max_packet_size - 4),
2091                                           &packet_size_length);
2092         if (rc) {
2093                 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2094                                 "header; cannot generate packet length\n");
2095                 goto out;
2096         }
2097         (*packet_size) += packet_size_length;
2098         dest[(*packet_size)++] = 0x03; /* version 3 */
2099         memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2100         (*packet_size) += ECRYPTFS_SIG_SIZE;
2101         dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2102         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2103                key_rec->enc_key_size);
2104         (*packet_size) += key_rec->enc_key_size;
2105 out:
2106         if (rc)
2107                 (*packet_size) = 0;
2108         else
2109                 (*remaining_bytes) -= (*packet_size);
2110         return rc;
2111 }
2112 
2113 /**
2114  * write_tag_11_packet
2115  * @dest: Target into which Tag 11 packet is to be written
2116  * @remaining_bytes: Maximum packet length
2117  * @contents: Byte array of contents to copy in
2118  * @contents_length: Number of bytes in contents
2119  * @packet_length: Length of the Tag 11 packet written; zero on error
2120  *
2121  * Returns zero on success; non-zero on error.
2122  */
2123 static int
2124 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2125                     size_t contents_length, size_t *packet_length)
2126 {
2127         size_t packet_size_length;
2128         size_t max_packet_size;
2129         int rc = 0;
2130 
2131         (*packet_length) = 0;
2132         /* This format is inspired by OpenPGP; see RFC 2440
2133          * packet tag 11 */
2134         max_packet_size = (1                   /* Tag 11 identifier */
2135                            + 3                 /* Max Tag 11 packet size */
2136                            + 1                 /* Binary format specifier */
2137                            + 1                 /* Filename length */
2138                            + 8                 /* Filename ("_CONSOLE") */
2139                            + 4                 /* Modification date */
2140                            + contents_length); /* Literal data */
2141         if (max_packet_size > (*remaining_bytes)) {
2142                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2143                        "need up to [%td] bytes, but there are only [%td] "
2144                        "available\n", max_packet_size, (*remaining_bytes));
2145                 rc = -EINVAL;
2146                 goto out;
2147         }
2148         dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2149         rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2150                                           (max_packet_size - 4),
2151                                           &packet_size_length);
2152         if (rc) {
2153                 printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2154                        "generate packet length. rc = [%d]\n", rc);
2155                 goto out;
2156         }
2157         (*packet_length) += packet_size_length;
2158         dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2159         dest[(*packet_length)++] = 8;
2160         memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2161         (*packet_length) += 8;
2162         memset(&dest[(*packet_length)], 0x00, 4);
2163         (*packet_length) += 4;
2164         memcpy(&dest[(*packet_length)], contents, contents_length);
2165         (*packet_length) += contents_length;
2166  out:
2167         if (rc)
2168                 (*packet_length) = 0;
2169         else
2170                 (*remaining_bytes) -= (*packet_length);
2171         return rc;
2172 }
2173 
2174 /**
2175  * write_tag_3_packet
2176  * @dest: Buffer into which to write the packet
2177  * @remaining_bytes: Maximum number of bytes that can be written
2178  * @auth_tok: Authentication token
2179  * @crypt_stat: The cryptographic context
2180  * @key_rec: encrypted key
2181  * @packet_size: This function will write the number of bytes that end
2182  *               up constituting the packet; set to zero on error
2183  *
2184  * Returns zero on success; non-zero on error.
2185  */
2186 static int
2187 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2188                    struct ecryptfs_auth_tok *auth_tok,
2189                    struct ecryptfs_crypt_stat *crypt_stat,
2190                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
2191 {
2192         size_t i;
2193         size_t encrypted_session_key_valid = 0;
2194         char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2195         struct scatterlist dst_sg[2];
2196         struct scatterlist src_sg[2];
2197         struct mutex *tfm_mutex = NULL;
2198         u8 cipher_code;
2199         size_t packet_size_length;
2200         size_t max_packet_size;
2201         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2202                 crypt_stat->mount_crypt_stat;
2203         struct crypto_skcipher *tfm;
2204         struct skcipher_request *req;
2205         int rc = 0;
2206 
2207         (*packet_size) = 0;
2208         ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2209                           ECRYPTFS_SIG_SIZE);
2210         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2211                                                         crypt_stat->cipher);
2212         if (unlikely(rc)) {
2213                 printk(KERN_ERR "Internal error whilst attempting to get "
2214                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2215                        crypt_stat->cipher, rc);
2216                 goto out;
2217         }
2218         if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2219                 printk(KERN_WARNING "No key size specified at mount; "
2220                        "defaulting to [%d]\n",
2221                        crypto_skcipher_default_keysize(tfm));
2222                 mount_crypt_stat->global_default_cipher_key_size =
2223                         crypto_skcipher_default_keysize(tfm);
2224         }
2225         if (crypt_stat->key_size == 0)
2226                 crypt_stat->key_size =
2227                         mount_crypt_stat->global_default_cipher_key_size;
2228         if (auth_tok->session_key.encrypted_key_size == 0)
2229                 auth_tok->session_key.encrypted_key_size =
2230                         crypt_stat->key_size;
2231         if (crypt_stat->key_size == 24
2232             && strcmp("aes", crypt_stat->cipher) == 0) {
2233                 memset((crypt_stat->key + 24), 0, 8);
2234                 auth_tok->session_key.encrypted_key_size = 32;
2235         } else
2236                 auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2237         key_rec->enc_key_size =
2238                 auth_tok->session_key.encrypted_key_size;
2239         encrypted_session_key_valid = 0;
2240         for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2241                 encrypted_session_key_valid |=
2242                         auth_tok->session_key.encrypted_key[i];
2243         if (encrypted_session_key_valid) {
2244                 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2245                                 "using auth_tok->session_key.encrypted_key, "
2246                                 "where key_rec->enc_key_size = [%zd]\n",
2247                                 key_rec->enc_key_size);
2248                 memcpy(key_rec->enc_key,
2249                        auth_tok->session_key.encrypted_key,
2250                        key_rec->enc_key_size);
2251                 goto encrypted_session_key_set;
2252         }
2253         if (auth_tok->token.password.flags &
2254             ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2255                 ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2256                                 "session key encryption key of size [%d]\n",
2257                                 auth_tok->token.password.
2258                                 session_key_encryption_key_bytes);
2259                 memcpy(session_key_encryption_key,
2260                        auth_tok->token.password.session_key_encryption_key,
2261                        crypt_stat->key_size);
2262                 ecryptfs_printk(KERN_DEBUG,
2263                                 "Cached session key encryption key:\n");
2264                 if (ecryptfs_verbosity > 0)
2265                         ecryptfs_dump_hex(session_key_encryption_key, 16);
2266         }
2267         if (unlikely(ecryptfs_verbosity > 0)) {
2268                 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2269                 ecryptfs_dump_hex(session_key_encryption_key, 16);
2270         }
2271         rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2272                                  src_sg, 2);
2273         if (rc < 1 || rc > 2) {
2274                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2275                                 "for crypt_stat session key; expected rc = 1; "
2276                                 "got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2277                                 rc, key_rec->enc_key_size);
2278                 rc = -ENOMEM;
2279                 goto out;
2280         }
2281         rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2282                                  dst_sg, 2);
2283         if (rc < 1 || rc > 2) {
2284                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2285                                 "for crypt_stat encrypted session key; "
2286                                 "expected rc = 1; got rc = [%d]. "
2287                                 "key_rec->enc_key_size = [%zd]\n", rc,
2288                                 key_rec->enc_key_size);
2289                 rc = -ENOMEM;
2290                 goto out;
2291         }
2292         mutex_lock(tfm_mutex);
2293         rc = crypto_skcipher_setkey(tfm, session_key_encryption_key,
2294                                     crypt_stat->key_size);
2295         if (rc < 0) {
2296                 mutex_unlock(tfm_mutex);
2297                 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2298                                 "context; rc = [%d]\n", rc);
2299                 goto out;
2300         }
2301 
2302         req = skcipher_request_alloc(tfm, GFP_KERNEL);
2303         if (!req) {
2304                 mutex_unlock(tfm_mutex);
2305                 ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst "
2306                                 "attempting to skcipher_request_alloc for "
2307                                 "%s\n", crypto_skcipher_driver_name(tfm));
2308                 rc = -ENOMEM;
2309                 goto out;
2310         }
2311 
2312         skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
2313                                       NULL, NULL);
2314 
2315         rc = 0;
2316         ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2317                         crypt_stat->key_size);
2318         skcipher_request_set_crypt(req, src_sg, dst_sg,
2319                                    (*key_rec).enc_key_size, NULL);
2320         rc = crypto_skcipher_encrypt(req);
2321         mutex_unlock(tfm_mutex);
2322         skcipher_request_free(req);
2323         if (rc) {
2324                 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2325                 goto out;
2326         }
2327         ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2328         if (ecryptfs_verbosity > 0) {
2329                 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2330                                 key_rec->enc_key_size);
2331                 ecryptfs_dump_hex(key_rec->enc_key,
2332                                   key_rec->enc_key_size);
2333         }
2334 encrypted_session_key_set:
2335         /* This format is inspired by OpenPGP; see RFC 2440
2336          * packet tag 3 */
2337         max_packet_size = (1                         /* Tag 3 identifier */
2338                            + 3                       /* Max Tag 3 packet size */
2339                            + 1                       /* Version */
2340                            + 1                       /* Cipher code */
2341                            + 1                       /* S2K specifier */
2342                            + 1                       /* Hash identifier */
2343                            + ECRYPTFS_SALT_SIZE      /* Salt */
2344                            + 1                       /* Hash iterations */
2345                            + key_rec->enc_key_size); /* Encrypted key size */
2346         if (max_packet_size > (*remaining_bytes)) {
2347                 printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2348                        "there are only [%td] available\n", max_packet_size,
2349                        (*remaining_bytes));
2350                 rc = -EINVAL;
2351                 goto out;
2352         }
2353         dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2354         /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2355          * to get the number of octets in the actual Tag 3 packet */
2356         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2357                                           (max_packet_size - 4),
2358                                           &packet_size_length);
2359         if (rc) {
2360                 printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2361                        "generate packet length. rc = [%d]\n", rc);
2362                 goto out;
2363         }
2364         (*packet_size) += packet_size_length;
2365         dest[(*packet_size)++] = 0x04; /* version 4 */
2366         /* TODO: Break from RFC2440 so that arbitrary ciphers can be
2367          * specified with strings */
2368         cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2369                                                       crypt_stat->key_size);
2370         if (cipher_code == 0) {
2371                 ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2372                                 "cipher [%s]\n", crypt_stat->cipher);
2373                 rc = -EINVAL;
2374                 goto out;
2375         }
2376         dest[(*packet_size)++] = cipher_code;
2377         dest[(*packet_size)++] = 0x03;  /* S2K */
2378         dest[(*packet_size)++] = 0x01;  /* MD5 (TODO: parameterize) */
2379         memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2380                ECRYPTFS_SALT_SIZE);
2381         (*packet_size) += ECRYPTFS_SALT_SIZE;   /* salt */
2382         dest[(*packet_size)++] = 0x60;  /* hash iterations (65536) */
2383         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2384                key_rec->enc_key_size);
2385         (*packet_size) += key_rec->enc_key_size;
2386 out:
2387         if (rc)
2388                 (*packet_size) = 0;
2389         else
2390                 (*remaining_bytes) -= (*packet_size);
2391         return rc;
2392 }
2393 
2394 struct kmem_cache *ecryptfs_key_record_cache;
2395 
2396 /**
2397  * ecryptfs_generate_key_packet_set
2398  * @dest_base: Virtual address from which to write the key record set
2399  * @crypt_stat: The cryptographic context from which the
2400  *              authentication tokens will be retrieved
2401  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2402  *                   for the global parameters
2403  * @len: The amount written
2404  * @max: The maximum amount of data allowed to be written
2405  *
2406  * Generates a key packet set and writes it to the virtual address
2407  * passed in.
2408  *
2409  * Returns zero on success; non-zero on error.
2410  */
2411 int
2412 ecryptfs_generate_key_packet_set(char *dest_base,
2413                                  struct ecryptfs_crypt_stat *crypt_stat,
2414                                  struct dentry *ecryptfs_dentry, size_t *len,
2415                                  size_t max)
2416 {
2417         struct ecryptfs_auth_tok *auth_tok;
2418         struct key *auth_tok_key = NULL;
2419         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2420                 &ecryptfs_superblock_to_private(
2421                         ecryptfs_dentry->d_sb)->mount_crypt_stat;
2422         size_t written;
2423         struct ecryptfs_key_record *key_rec;
2424         struct ecryptfs_key_sig *key_sig;
2425         int rc = 0;
2426 
2427         (*len) = 0;
2428         mutex_lock(&crypt_stat->keysig_list_mutex);
2429         key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2430         if (!key_rec) {
2431                 rc = -ENOMEM;
2432                 goto out;
2433         }
2434         list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2435                             crypt_stat_list) {
2436                 memset(key_rec, 0, sizeof(*key_rec));
2437                 rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
2438                                                            &auth_tok,
2439                                                            mount_crypt_stat,
2440                                                            key_sig->keysig);
2441                 if (rc) {
2442                         printk(KERN_WARNING "Unable to retrieve auth tok with "
2443                                "sig = [%s]\n", key_sig->keysig);
2444                         rc = process_find_global_auth_tok_for_sig_err(rc);
2445                         goto out_free;
2446                 }
2447                 if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2448                         rc = write_tag_3_packet((dest_base + (*len)),
2449                                                 &max, auth_tok,
2450                                                 crypt_stat, key_rec,
2451                                                 &written);
2452                         up_write(&(auth_tok_key->sem));
2453                         key_put(auth_tok_key);
2454                         if (rc) {
2455                                 ecryptfs_printk(KERN_WARNING, "Error "
2456                                                 "writing tag 3 packet\n");
2457                                 goto out_free;
2458                         }
2459                         (*len) += written;
2460                         /* Write auth tok signature packet */
2461                         rc = write_tag_11_packet((dest_base + (*len)), &max,
2462                                                  key_rec->sig,
2463                                                  ECRYPTFS_SIG_SIZE, &written);
2464                         if (rc) {
2465                                 ecryptfs_printk(KERN_ERR, "Error writing "
2466                                                 "auth tok signature packet\n");
2467                                 goto out_free;
2468                         }
2469                         (*len) += written;
2470                 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2471                         rc = write_tag_1_packet(dest_base + (*len), &max,
2472                                                 auth_tok_key, auth_tok,
2473                                                 crypt_stat, key_rec, &written);
2474                         if (rc) {
2475                                 ecryptfs_printk(KERN_WARNING, "Error "
2476                                                 "writing tag 1 packet\n");
2477                                 goto out_free;
2478                         }
2479                         (*len) += written;
2480                 } else {
2481                         up_write(&(auth_tok_key->sem));
2482                         key_put(auth_tok_key);
2483                         ecryptfs_printk(KERN_WARNING, "Unsupported "
2484                                         "authentication token type\n");
2485                         rc = -EINVAL;
2486                         goto out_free;
2487                 }
2488         }
2489         if (likely(max > 0)) {
2490                 dest_base[(*len)] = 0x00;
2491         } else {
2492                 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2493                 rc = -EIO;
2494         }
2495 out_free:
2496         kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2497 out:
2498         if (rc)
2499                 (*len) = 0;
2500         mutex_unlock(&crypt_stat->keysig_list_mutex);
2501         return rc;
2502 }
2503 
2504 struct kmem_cache *ecryptfs_key_sig_cache;
2505 
2506 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2507 {
2508         struct ecryptfs_key_sig *new_key_sig;
2509 
2510         new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2511         if (!new_key_sig)
2512                 return -ENOMEM;
2513 
2514         memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2515         new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2516         /* Caller must hold keysig_list_mutex */
2517         list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2518 
2519         return 0;
2520 }
2521 
2522 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2523 
2524 int
2525 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2526                              char *sig, u32 global_auth_tok_flags)
2527 {
2528         struct ecryptfs_global_auth_tok *new_auth_tok;
2529 
2530         new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2531                                         GFP_KERNEL);
2532         if (!new_auth_tok)
2533                 return -ENOMEM;
2534 
2535         memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2536         new_auth_tok->flags = global_auth_tok_flags;
2537         new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2538         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2539         list_add(&new_auth_tok->mount_crypt_stat_list,
2540                  &mount_crypt_stat->global_auth_tok_list);
2541         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2542         return 0;
2543 }
2544 
2545 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp