1// SPDX-License-Identifier: GPL-2.0-or-later 2/** 3 * eCryptfs: Linux filesystem encryption layer 4 * In-kernel key management code. Includes functions to parse and 5 * write authentication token-related packets with the underlying 6 * file. 7 * 8 * Copyright (C) 2004-2006 International Business Machines Corp. 9 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 10 * Michael C. Thompson <mcthomps@us.ibm.com> 11 * Trevor S. Highland <trevor.highland@gmail.com> 12 */ 13 14#include <crypto/hash.h> 15#include <crypto/skcipher.h> 16#include <linux/string.h> 17#include <linux/pagemap.h> 18#include <linux/key.h> 19#include <linux/random.h> 20#include <linux/scatterlist.h> 21#include <linux/slab.h> 22#include "ecryptfs_kernel.h" 23 24/** 25 * request_key returned an error instead of a valid key address; 26 * determine the type of error, make appropriate log entries, and 27 * return an error code. 28 */ 29static int process_request_key_err(long err_code) 30{ 31 int rc = 0; 32 33 switch (err_code) { 34 case -ENOKEY: 35 ecryptfs_printk(KERN_WARNING, "No key\n"); 36 rc = -ENOENT; 37 break; 38 case -EKEYEXPIRED: 39 ecryptfs_printk(KERN_WARNING, "Key expired\n"); 40 rc = -ETIME; 41 break; 42 case -EKEYREVOKED: 43 ecryptfs_printk(KERN_WARNING, "Key revoked\n"); 44 rc = -EINVAL; 45 break; 46 default: 47 ecryptfs_printk(KERN_WARNING, "Unknown error code: " 48 "[0x%.16lx]\n", err_code); 49 rc = -EINVAL; 50 } 51 return rc; 52} 53 54static int process_find_global_auth_tok_for_sig_err(int err_code) 55{ 56 int rc = err_code; 57 58 switch (err_code) { 59 case -ENOENT: 60 ecryptfs_printk(KERN_WARNING, "Missing auth tok\n"); 61 break; 62 case -EINVAL: 63 ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n"); 64 break; 65 default: 66 rc = process_request_key_err(err_code); 67 break; 68 } 69 return rc; 70} 71 72/** 73 * ecryptfs_parse_packet_length 74 * @data: Pointer to memory containing length at offset 75 * @size: This function writes the decoded size to this memory 76 * address; zero on error 77 * @length_size: The number of bytes occupied by the encoded length 78 * 79 * Returns zero on success; non-zero on error 80 */ 81int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, 82 size_t *length_size) 83{ 84 int rc = 0; 85 86 (*length_size) = 0; 87 (*size) = 0; 88 if (data[0] < 192) { 89 /* One-byte length */ 90 (*size) = data[0]; 91 (*length_size) = 1; 92 } else if (data[0] < 224) { 93 /* Two-byte length */ 94 (*size) = (data[0] - 192) * 256; 95 (*size) += data[1] + 192; 96 (*length_size) = 2; 97 } else if (data[0] == 255) { 98 /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */ 99 ecryptfs_printk(KERN_ERR, "Five-byte packet length not " 100 "supported\n"); 101 rc = -EINVAL; 102 goto out; 103 } else { 104 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n"); 105 rc = -EINVAL; 106 goto out; 107 } 108out: 109 return rc; 110} 111 112/** 113 * ecryptfs_write_packet_length 114 * @dest: The byte array target into which to write the length. Must 115 * have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated. 116 * @size: The length to write. 117 * @packet_size_length: The number of bytes used to encode the packet 118 * length is written to this address. 119 * 120 * Returns zero on success; non-zero on error. 121 */ 122int ecryptfs_write_packet_length(char *dest, size_t size, 123 size_t *packet_size_length) 124{ 125 int rc = 0; 126 127 if (size < 192) { 128 dest[0] = size; 129 (*packet_size_length) = 1; 130 } else if (size < 65536) { 131 dest[0] = (((size - 192) / 256) + 192); 132 dest[1] = ((size - 192) % 256); 133 (*packet_size_length) = 2; 134 } else { 135 /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */ 136 rc = -EINVAL; 137 ecryptfs_printk(KERN_WARNING, 138 "Unsupported packet size: [%zd]\n", size); 139 } 140 return rc; 141} 142 143static int 144write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, 145 char **packet, size_t *packet_len) 146{ 147 size_t i = 0; 148 size_t data_len; 149 size_t packet_size_len; 150 char *message; 151 int rc; 152 153 /* 154 * ***** TAG 64 Packet Format ***** 155 * | Content Type | 1 byte | 156 * | Key Identifier Size | 1 or 2 bytes | 157 * | Key Identifier | arbitrary | 158 * | Encrypted File Encryption Key Size | 1 or 2 bytes | 159 * | Encrypted File Encryption Key | arbitrary | 160 */ 161 data_len = (5 + ECRYPTFS_SIG_SIZE_HEX 162 + session_key->encrypted_key_size); 163 *packet = kmalloc(data_len, GFP_KERNEL); 164 message = *packet; 165 if (!message) { 166 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n"); 167 rc = -ENOMEM; 168 goto out; 169 } 170 message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; 171 rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, 172 &packet_size_len); 173 if (rc) { 174 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " 175 "header; cannot generate packet length\n"); 176 goto out; 177 } 178 i += packet_size_len; 179 memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); 180 i += ECRYPTFS_SIG_SIZE_HEX; 181 rc = ecryptfs_write_packet_length(&message[i], 182 session_key->encrypted_key_size, 183 &packet_size_len); 184 if (rc) { 185 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " 186 "header; cannot generate packet length\n"); 187 goto out; 188 } 189 i += packet_size_len; 190 memcpy(&message[i], session_key->encrypted_key, 191 session_key->encrypted_key_size); 192 i += session_key->encrypted_key_size; 193 *packet_len = i; 194out: 195 return rc; 196} 197 198static int 199parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code, 200 struct ecryptfs_message *msg) 201{ 202 size_t i = 0; 203 char *data; 204 size_t data_len; 205 size_t m_size; 206 size_t message_len; 207 u16 checksum = 0; 208 u16 expected_checksum = 0; 209 int rc; 210 211 /* 212 * ***** TAG 65 Packet Format ***** 213 * | Content Type | 1 byte | 214 * | Status Indicator | 1 byte | 215 * | File Encryption Key Size | 1 or 2 bytes | 216 * | File Encryption Key | arbitrary | 217 */ 218 message_len = msg->data_len; 219 data = msg->data; 220 if (message_len < 4) { 221 rc = -EIO; 222 goto out; 223 } 224 if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) { 225 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n"); 226 rc = -EIO; 227 goto out; 228 } 229 if (data[i++]) { 230 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value " 231 "[%d]\n", data[i-1]); 232 rc = -EIO; 233 goto out; 234 } 235 rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len); 236 if (rc) { 237 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " 238 "rc = [%d]\n", rc); 239 goto out; 240 } 241 i += data_len; 242 if (message_len < (i + m_size)) { 243 ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd " 244 "is shorter than expected\n"); 245 rc = -EIO; 246 goto out; 247 } 248 if (m_size < 3) { 249 ecryptfs_printk(KERN_ERR, 250 "The decrypted key is not long enough to " 251 "include a cipher code and checksum\n"); 252 rc = -EIO; 253 goto out; 254 } 255 *cipher_code = data[i++]; 256 /* The decrypted key includes 1 byte cipher code and 2 byte checksum */ 257 session_key->decrypted_key_size = m_size - 3; 258 if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) { 259 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than " 260 "the maximum key size [%d]\n", 261 session_key->decrypted_key_size, 262 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); 263 rc = -EIO; 264 goto out; 265 } 266 memcpy(session_key->decrypted_key, &data[i], 267 session_key->decrypted_key_size); 268 i += session_key->decrypted_key_size; 269 expected_checksum += (unsigned char)(data[i++]) << 8; 270 expected_checksum += (unsigned char)(data[i++]); 271 for (i = 0; i < session_key->decrypted_key_size; i++) 272 checksum += session_key->decrypted_key[i]; 273 if (expected_checksum != checksum) { 274 ecryptfs_printk(KERN_ERR, "Invalid checksum for file " 275 "encryption key; expected [%x]; calculated " 276 "[%x]\n", expected_checksum, checksum); 277 rc = -EIO; 278 } 279out: 280 return rc; 281} 282 283 284static int 285write_tag_66_packet(char *signature, u8 cipher_code, 286 struct ecryptfs_crypt_stat *crypt_stat, char **packet, 287 size_t *packet_len) 288{ 289 size_t i = 0; 290 size_t j; 291 size_t data_len; 292 size_t checksum = 0; 293 size_t packet_size_len; 294 char *message; 295 int rc; 296 297 /* 298 * ***** TAG 66 Packet Format ***** 299 * | Content Type | 1 byte | 300 * | Key Identifier Size | 1 or 2 bytes | 301 * | Key Identifier | arbitrary | 302 * | File Encryption Key Size | 1 or 2 bytes | 303 * | File Encryption Key | arbitrary | 304 */ 305 data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size); 306 *packet = kmalloc(data_len, GFP_KERNEL); 307 message = *packet; 308 if (!message) { 309 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n"); 310 rc = -ENOMEM; 311 goto out; 312 } 313 message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; 314 rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, 315 &packet_size_len); 316 if (rc) { 317 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " 318 "header; cannot generate packet length\n"); 319 goto out; 320 } 321 i += packet_size_len; 322 memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); 323 i += ECRYPTFS_SIG_SIZE_HEX; 324 /* The encrypted key includes 1 byte cipher code and 2 byte checksum */ 325 rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3, 326 &packet_size_len); 327 if (rc) { 328 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " 329 "header; cannot generate packet length\n"); 330 goto out; 331 } 332 i += packet_size_len; 333 message[i++] = cipher_code; 334 memcpy(&message[i], crypt_stat->key, crypt_stat->key_size); 335 i += crypt_stat->key_size; 336 for (j = 0; j < crypt_stat->key_size; j++) 337 checksum += crypt_stat->key[j]; 338 message[i++] = (checksum / 256) % 256; 339 message[i++] = (checksum % 256); 340 *packet_len = i; 341out: 342 return rc; 343} 344 345static int 346parse_tag_67_packet(struct ecryptfs_key_record *key_rec, 347 struct ecryptfs_message *msg) 348{ 349 size_t i = 0; 350 char *data; 351 size_t data_len; 352 size_t message_len; 353 int rc; 354 355 /* 356 * ***** TAG 65 Packet Format ***** 357 * | Content Type | 1 byte | 358 * | Status Indicator | 1 byte | 359 * | Encrypted File Encryption Key Size | 1 or 2 bytes | 360 * | Encrypted File Encryption Key | arbitrary | 361 */ 362 message_len = msg->data_len; 363 data = msg->data; 364 /* verify that everything through the encrypted FEK size is present */ 365 if (message_len < 4) { 366 rc = -EIO; 367 printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable " 368 "message length is [%d]\n", __func__, message_len, 4); 369 goto out; 370 } 371 if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { 372 rc = -EIO; 373 printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n", 374 __func__); 375 goto out; 376 } 377 if (data[i++]) { 378 rc = -EIO; 379 printk(KERN_ERR "%s: Status indicator has non zero " 380 "value [%d]\n", __func__, data[i-1]); 381 382 goto out; 383 } 384 rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size, 385 &data_len); 386 if (rc) { 387 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " 388 "rc = [%d]\n", rc); 389 goto out; 390 } 391 i += data_len; 392 if (message_len < (i + key_rec->enc_key_size)) { 393 rc = -EIO; 394 printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n", 395 __func__, message_len, (i + key_rec->enc_key_size)); 396 goto out; 397 } 398 if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { 399 rc = -EIO; 400 printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than " 401 "the maximum key size [%d]\n", __func__, 402 key_rec->enc_key_size, 403 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); 404 goto out; 405 } 406 memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); 407out: 408 return rc; 409} 410 411/** 412 * ecryptfs_verify_version 413 * @version: The version number to confirm 414 * 415 * Returns zero on good version; non-zero otherwise 416 */ 417static int ecryptfs_verify_version(u16 version) 418{ 419 int rc = 0; 420 unsigned char major; 421 unsigned char minor; 422 423 major = ((version >> 8) & 0xFF); 424 minor = (version & 0xFF); 425 if (major != ECRYPTFS_VERSION_MAJOR) { 426 ecryptfs_printk(KERN_ERR, "Major version number mismatch. " 427 "Expected [%d]; got [%d]\n", 428 ECRYPTFS_VERSION_MAJOR, major); 429 rc = -EINVAL; 430 goto out; 431 } 432 if (minor != ECRYPTFS_VERSION_MINOR) { 433 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. " 434 "Expected [%d]; got [%d]\n", 435 ECRYPTFS_VERSION_MINOR, minor); 436 rc = -EINVAL; 437 goto out; 438 } 439out: 440 return rc; 441} 442 443/** 444 * ecryptfs_verify_auth_tok_from_key 445 * @auth_tok_key: key containing the authentication token 446 * @auth_tok: authentication token 447 * 448 * Returns zero on valid auth tok; -EINVAL if the payload is invalid; or 449 * -EKEYREVOKED if the key was revoked before we acquired its semaphore. 450 */ 451static int 452ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key, 453 struct ecryptfs_auth_tok **auth_tok) 454{ 455 int rc = 0; 456 457 (*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key); 458 if (IS_ERR(*auth_tok)) { 459 rc = PTR_ERR(*auth_tok); 460 *auth_tok = NULL; 461 goto out; 462 } 463 464 if (ecryptfs_verify_version((*auth_tok)->version)) { 465 printk(KERN_ERR "Data structure version mismatch. Userspace " 466 "tools must match eCryptfs kernel module with major " 467 "version [%d] and minor version [%d]\n", 468 ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR); 469 rc = -EINVAL; 470 goto out; 471 } 472 if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD 473 && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) { 474 printk(KERN_ERR "Invalid auth_tok structure " 475 "returned from key query\n"); 476 rc = -EINVAL; 477 goto out; 478 } 479out: 480 return rc; 481} 482 483static int 484ecryptfs_find_global_auth_tok_for_sig( 485 struct key **auth_tok_key, 486 struct ecryptfs_auth_tok **auth_tok, 487 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) 488{ 489 struct ecryptfs_global_auth_tok *walker; 490 int rc = 0; 491 492 (*auth_tok_key) = NULL; 493 (*auth_tok) = NULL; 494 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 495 list_for_each_entry(walker, 496 &mount_crypt_stat->global_auth_tok_list, 497 mount_crypt_stat_list) { 498 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX)) 499 continue; 500 501 if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) { 502 rc = -EINVAL; 503 goto out; 504 } 505 506 rc = key_validate(walker->global_auth_tok_key); 507 if (rc) { 508 if (rc == -EKEYEXPIRED) 509 goto out; 510 goto out_invalid_auth_tok; 511 } 512 513 down_write(&(walker->global_auth_tok_key->sem)); 514 rc = ecryptfs_verify_auth_tok_from_key( 515 walker->global_auth_tok_key, auth_tok); 516 if (rc) 517 goto out_invalid_auth_tok_unlock; 518 519 (*auth_tok_key) = walker->global_auth_tok_key; 520 key_get(*auth_tok_key); 521 goto out; 522 } 523 rc = -ENOENT; 524 goto out; 525out_invalid_auth_tok_unlock: 526 up_write(&(walker->global_auth_tok_key->sem)); 527out_invalid_auth_tok: 528 printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig); 529 walker->flags |= ECRYPTFS_AUTH_TOK_INVALID; 530 key_put(walker->global_auth_tok_key); 531 walker->global_auth_tok_key = NULL; 532out: 533 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 534 return rc; 535} 536 537/** 538 * ecryptfs_find_auth_tok_for_sig 539 * @auth_tok: Set to the matching auth_tok; NULL if not found 540 * @crypt_stat: inode crypt_stat crypto context 541 * @sig: Sig of auth_tok to find 542 * 543 * For now, this function simply looks at the registered auth_tok's 544 * linked off the mount_crypt_stat, so all the auth_toks that can be 545 * used must be registered at mount time. This function could 546 * potentially try a lot harder to find auth_tok's (e.g., by calling 547 * out to ecryptfsd to dynamically retrieve an auth_tok object) so 548 * that static registration of auth_tok's will no longer be necessary. 549 * 550 * Returns zero on no error; non-zero on error 551 */ 552static int 553ecryptfs_find_auth_tok_for_sig( 554 struct key **auth_tok_key, 555 struct ecryptfs_auth_tok **auth_tok, 556 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 557 char *sig) 558{ 559 int rc = 0; 560 561 rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok, 562 mount_crypt_stat, sig); 563 if (rc == -ENOENT) { 564 /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the 565 * mount_crypt_stat structure, we prevent to use auth toks that 566 * are not inserted through the ecryptfs_add_global_auth_tok 567 * function. 568 */ 569 if (mount_crypt_stat->flags 570 & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY) 571 return -EINVAL; 572 573 rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok, 574 sig); 575 } 576 return rc; 577} 578 579/** 580 * write_tag_70_packet can gobble a lot of stack space. We stuff most 581 * of the function's parameters in a kmalloc'd struct to help reduce 582 * eCryptfs' overall stack usage. 583 */ 584struct ecryptfs_write_tag_70_packet_silly_stack { 585 u8 cipher_code; 586 size_t max_packet_size; 587 size_t packet_size_len; 588 size_t block_aligned_filename_size; 589 size_t block_size; 590 size_t i; 591 size_t j; 592 size_t num_rand_bytes; 593 struct mutex *tfm_mutex; 594 char *block_aligned_filename; 595 struct ecryptfs_auth_tok *auth_tok; 596 struct scatterlist src_sg[2]; 597 struct scatterlist dst_sg[2]; 598 struct crypto_skcipher *skcipher_tfm; 599 struct skcipher_request *skcipher_req; 600 char iv[ECRYPTFS_MAX_IV_BYTES]; 601 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 602 char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 603 struct crypto_shash *hash_tfm; 604 struct shash_desc *hash_desc; 605}; 606 607/** 608 * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK 609 * @filename: NULL-terminated filename string 610 * 611 * This is the simplest mechanism for achieving filename encryption in 612 * eCryptfs. It encrypts the given filename with the mount-wide 613 * filename encryption key (FNEK) and stores it in a packet to @dest, 614 * which the callee will encode and write directly into the dentry 615 * name. 616 */ 617int 618ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, 619 size_t *packet_size, 620 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 621 char *filename, size_t filename_size) 622{ 623 struct ecryptfs_write_tag_70_packet_silly_stack *s; 624 struct key *auth_tok_key = NULL; 625 int rc = 0; 626 627 s = kzalloc(sizeof(*s), GFP_KERNEL); 628 if (!s) 629 return -ENOMEM; 630 631 (*packet_size) = 0; 632 rc = ecryptfs_find_auth_tok_for_sig( 633 &auth_tok_key, 634 &s->auth_tok, mount_crypt_stat, 635 mount_crypt_stat->global_default_fnek_sig); 636 if (rc) { 637 printk(KERN_ERR "%s: Error attempting to find auth tok for " 638 "fnek sig [%s]; rc = [%d]\n", __func__, 639 mount_crypt_stat->global_default_fnek_sig, rc); 640 goto out; 641 } 642 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( 643 &s->skcipher_tfm, 644 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); 645 if (unlikely(rc)) { 646 printk(KERN_ERR "Internal error whilst attempting to get " 647 "tfm and mutex for cipher name [%s]; rc = [%d]\n", 648 mount_crypt_stat->global_default_fn_cipher_name, rc); 649 goto out; 650 } 651 mutex_lock(s->tfm_mutex); 652 s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm); 653 /* Plus one for the \0 separator between the random prefix 654 * and the plaintext filename */ 655 s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1); 656 s->block_aligned_filename_size = (s->num_rand_bytes + filename_size); 657 if ((s->block_aligned_filename_size % s->block_size) != 0) { 658 s->num_rand_bytes += (s->block_size 659 - (s->block_aligned_filename_size 660 % s->block_size)); 661 s->block_aligned_filename_size = (s->num_rand_bytes 662 + filename_size); 663 } 664 /* Octet 0: Tag 70 identifier 665 * Octets 1-N1: Tag 70 packet size (includes cipher identifier 666 * and block-aligned encrypted filename size) 667 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE) 668 * Octet N2-N3: Cipher identifier (1 octet) 669 * Octets N3-N4: Block-aligned encrypted filename 670 * - Consists of a minimum number of random characters, a \0 671 * separator, and then the filename */ 672 s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE 673 + s->block_aligned_filename_size); 674 if (!dest) { 675 (*packet_size) = s->max_packet_size; 676 goto out_unlock; 677 } 678 if (s->max_packet_size > (*remaining_bytes)) { 679 printk(KERN_WARNING "%s: Require [%zd] bytes to write; only " 680 "[%zd] available\n", __func__, s->max_packet_size, 681 (*remaining_bytes)); 682 rc = -EINVAL; 683 goto out_unlock; 684 } 685 686 s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); 687 if (!s->skcipher_req) { 688 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " 689 "skcipher_request_alloc for %s\n", __func__, 690 crypto_skcipher_driver_name(s->skcipher_tfm)); 691 rc = -ENOMEM; 692 goto out_unlock; 693 } 694 695 skcipher_request_set_callback(s->skcipher_req, 696 CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); 697 698 s->block_aligned_filename = kzalloc(s->block_aligned_filename_size, 699 GFP_KERNEL); 700 if (!s->block_aligned_filename) { 701 rc = -ENOMEM; 702 goto out_unlock; 703 } 704 dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE; 705 rc = ecryptfs_write_packet_length(&dest[s->i], 706 (ECRYPTFS_SIG_SIZE 707 + 1 /* Cipher code */ 708 + s->block_aligned_filename_size), 709 &s->packet_size_len); 710 if (rc) { 711 printk(KERN_ERR "%s: Error generating tag 70 packet " 712 "header; cannot generate packet length; rc = [%d]\n", 713 __func__, rc); 714 goto out_free_unlock; 715 } 716 s->i += s->packet_size_len; 717 ecryptfs_from_hex(&dest[s->i], 718 mount_crypt_stat->global_default_fnek_sig, 719 ECRYPTFS_SIG_SIZE); 720 s->i += ECRYPTFS_SIG_SIZE; 721 s->cipher_code = ecryptfs_code_for_cipher_string( 722 mount_crypt_stat->global_default_fn_cipher_name, 723 mount_crypt_stat->global_default_fn_cipher_key_bytes); 724 if (s->cipher_code == 0) { 725 printk(KERN_WARNING "%s: Unable to generate code for " 726 "cipher [%s] with key bytes [%zd]\n", __func__, 727 mount_crypt_stat->global_default_fn_cipher_name, 728 mount_crypt_stat->global_default_fn_cipher_key_bytes); 729 rc = -EINVAL; 730 goto out_free_unlock; 731 } 732 dest[s->i++] = s->cipher_code; 733 /* TODO: Support other key modules than passphrase for 734 * filename encryption */ 735 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 736 rc = -EOPNOTSUPP; 737 printk(KERN_INFO "%s: Filename encryption only supports " 738 "password tokens\n", __func__); 739 goto out_free_unlock; 740 } 741 s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0); 742 if (IS_ERR(s->hash_tfm)) { 743 rc = PTR_ERR(s->hash_tfm); 744 printk(KERN_ERR "%s: Error attempting to " 745 "allocate hash crypto context; rc = [%d]\n", 746 __func__, rc); 747 goto out_free_unlock; 748 } 749 750 s->hash_desc = kmalloc(sizeof(*s->hash_desc) + 751 crypto_shash_descsize(s->hash_tfm), GFP_KERNEL); 752 if (!s->hash_desc) { 753 rc = -ENOMEM; 754 goto out_release_free_unlock; 755 } 756 757 s->hash_desc->tfm = s->hash_tfm; 758 759 rc = crypto_shash_digest(s->hash_desc, 760 (u8 *)s->auth_tok->token.password.session_key_encryption_key, 761 s->auth_tok->token.password.session_key_encryption_key_bytes, 762 s->hash); 763 if (rc) { 764 printk(KERN_ERR 765 "%s: Error computing crypto hash; rc = [%d]\n", 766 __func__, rc); 767 goto out_release_free_unlock; 768 } 769 for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) { 770 s->block_aligned_filename[s->j] = 771 s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)]; 772 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE) 773 == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) { 774 rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash, 775 ECRYPTFS_TAG_70_DIGEST_SIZE, 776 s->tmp_hash); 777 if (rc) { 778 printk(KERN_ERR 779 "%s: Error computing crypto hash; " 780 "rc = [%d]\n", __func__, rc); 781 goto out_release_free_unlock; 782 } 783 memcpy(s->hash, s->tmp_hash, 784 ECRYPTFS_TAG_70_DIGEST_SIZE); 785 } 786 if (s->block_aligned_filename[s->j] == '\0') 787 s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL; 788 } 789 memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename, 790 filename_size); 791 rc = virt_to_scatterlist(s->block_aligned_filename, 792 s->block_aligned_filename_size, s->src_sg, 2); 793 if (rc < 1) { 794 printk(KERN_ERR "%s: Internal error whilst attempting to " 795 "convert filename memory to scatterlist; rc = [%d]. " 796 "block_aligned_filename_size = [%zd]\n", __func__, rc, 797 s->block_aligned_filename_size); 798 goto out_release_free_unlock; 799 } 800 rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size, 801 s->dst_sg, 2); 802 if (rc < 1) { 803 printk(KERN_ERR "%s: Internal error whilst attempting to " 804 "convert encrypted filename memory to scatterlist; " 805 "rc = [%d]. block_aligned_filename_size = [%zd]\n", 806 __func__, rc, s->block_aligned_filename_size); 807 goto out_release_free_unlock; 808 } 809 /* The characters in the first block effectively do the job 810 * of the IV here, so we just use 0's for the IV. Note the 811 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 812 * >= ECRYPTFS_MAX_IV_BYTES. */ 813 rc = crypto_skcipher_setkey( 814 s->skcipher_tfm, 815 s->auth_tok->token.password.session_key_encryption_key, 816 mount_crypt_stat->global_default_fn_cipher_key_bytes); 817 if (rc < 0) { 818 printk(KERN_ERR "%s: Error setting key for crypto context; " 819 "rc = [%d]. s->auth_tok->token.password.session_key_" 820 "encryption_key = [0x%p]; mount_crypt_stat->" 821 "global_default_fn_cipher_key_bytes = [%zd]\n", __func__, 822 rc, 823 s->auth_tok->token.password.session_key_encryption_key, 824 mount_crypt_stat->global_default_fn_cipher_key_bytes); 825 goto out_release_free_unlock; 826 } 827 skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, 828 s->block_aligned_filename_size, s->iv); 829 rc = crypto_skcipher_encrypt(s->skcipher_req); 830 if (rc) { 831 printk(KERN_ERR "%s: Error attempting to encrypt filename; " 832 "rc = [%d]\n", __func__, rc); 833 goto out_release_free_unlock; 834 } 835 s->i += s->block_aligned_filename_size; 836 (*packet_size) = s->i; 837 (*remaining_bytes) -= (*packet_size); 838out_release_free_unlock: 839 crypto_free_shash(s->hash_tfm); 840out_free_unlock: 841 kfree_sensitive(s->block_aligned_filename); 842out_unlock: 843 mutex_unlock(s->tfm_mutex); 844out: 845 if (auth_tok_key) { 846 up_write(&(auth_tok_key->sem)); 847 key_put(auth_tok_key); 848 } 849 skcipher_request_free(s->skcipher_req); 850 kfree_sensitive(s->hash_desc); 851 kfree(s); 852 return rc; 853} 854 855struct ecryptfs_parse_tag_70_packet_silly_stack { 856 u8 cipher_code; 857 size_t max_packet_size; 858 size_t packet_size_len; 859 size_t parsed_tag_70_packet_size; 860 size_t block_aligned_filename_size; 861 size_t block_size; 862 size_t i; 863 struct mutex *tfm_mutex; 864 char *decrypted_filename; 865 struct ecryptfs_auth_tok *auth_tok; 866 struct scatterlist src_sg[2]; 867 struct scatterlist dst_sg[2]; 868 struct crypto_skcipher *skcipher_tfm; 869 struct skcipher_request *skcipher_req; 870 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; 871 char iv[ECRYPTFS_MAX_IV_BYTES]; 872 char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; 873}; 874 875/** 876 * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet 877 * @filename: This function kmalloc's the memory for the filename 878 * @filename_size: This function sets this to the amount of memory 879 * kmalloc'd for the filename 880 * @packet_size: This function sets this to the the number of octets 881 * in the packet parsed 882 * @mount_crypt_stat: The mount-wide cryptographic context 883 * @data: The memory location containing the start of the tag 70 884 * packet 885 * @max_packet_size: The maximum legal size of the packet to be parsed 886 * from @data 887 * 888 * Returns zero on success; non-zero otherwise 889 */ 890int 891ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, 892 size_t *packet_size, 893 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 894 char *data, size_t max_packet_size) 895{ 896 struct ecryptfs_parse_tag_70_packet_silly_stack *s; 897 struct key *auth_tok_key = NULL; 898 int rc = 0; 899 900 (*packet_size) = 0; 901 (*filename_size) = 0; 902 (*filename) = NULL; 903 s = kzalloc(sizeof(*s), GFP_KERNEL); 904 if (!s) 905 return -ENOMEM; 906 907 if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { 908 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " 909 "at least [%d]\n", __func__, max_packet_size, 910 ECRYPTFS_TAG_70_MIN_METADATA_SIZE); 911 rc = -EINVAL; 912 goto out; 913 } 914 /* Octet 0: Tag 70 identifier 915 * Octets 1-N1: Tag 70 packet size (includes cipher identifier 916 * and block-aligned encrypted filename size) 917 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE) 918 * Octet N2-N3: Cipher identifier (1 octet) 919 * Octets N3-N4: Block-aligned encrypted filename 920 * - Consists of a minimum number of random numbers, a \0 921 * separator, and then the filename */ 922 if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) { 923 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be " 924 "tag [0x%.2x]\n", __func__, 925 data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE); 926 rc = -EINVAL; 927 goto out; 928 } 929 rc = ecryptfs_parse_packet_length(&data[(*packet_size)], 930 &s->parsed_tag_70_packet_size, 931 &s->packet_size_len); 932 if (rc) { 933 printk(KERN_WARNING "%s: Error parsing packet length; " 934 "rc = [%d]\n", __func__, rc); 935 goto out; 936 } 937 s->block_aligned_filename_size = (s->parsed_tag_70_packet_size 938 - ECRYPTFS_SIG_SIZE - 1); 939 if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size) 940 > max_packet_size) { 941 printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet " 942 "size is [%zd]\n", __func__, max_packet_size, 943 (1 + s->packet_size_len + 1 944 + s->block_aligned_filename_size)); 945 rc = -EINVAL; 946 goto out; 947 } 948 (*packet_size) += s->packet_size_len; 949 ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)], 950 ECRYPTFS_SIG_SIZE); 951 s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0'; 952 (*packet_size) += ECRYPTFS_SIG_SIZE; 953 s->cipher_code = data[(*packet_size)++]; 954 rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code); 955 if (rc) { 956 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n", 957 __func__, s->cipher_code); 958 goto out; 959 } 960 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, 961 &s->auth_tok, mount_crypt_stat, 962 s->fnek_sig_hex); 963 if (rc) { 964 printk(KERN_ERR "%s: Error attempting to find auth tok for " 965 "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, 966 rc); 967 goto out; 968 } 969 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm, 970 &s->tfm_mutex, 971 s->cipher_string); 972 if (unlikely(rc)) { 973 printk(KERN_ERR "Internal error whilst attempting to get " 974 "tfm and mutex for cipher name [%s]; rc = [%d]\n", 975 s->cipher_string, rc); 976 goto out; 977 } 978 mutex_lock(s->tfm_mutex); 979 rc = virt_to_scatterlist(&data[(*packet_size)], 980 s->block_aligned_filename_size, s->src_sg, 2); 981 if (rc < 1) { 982 printk(KERN_ERR "%s: Internal error whilst attempting to " 983 "convert encrypted filename memory to scatterlist; " 984 "rc = [%d]. block_aligned_filename_size = [%zd]\n", 985 __func__, rc, s->block_aligned_filename_size); 986 goto out_unlock; 987 } 988 (*packet_size) += s->block_aligned_filename_size; 989 s->decrypted_filename = kmalloc(s->block_aligned_filename_size, 990 GFP_KERNEL); 991 if (!s->decrypted_filename) { 992 rc = -ENOMEM; 993 goto out_unlock; 994 } 995 rc = virt_to_scatterlist(s->decrypted_filename, 996 s->block_aligned_filename_size, s->dst_sg, 2); 997 if (rc < 1) { 998 printk(KERN_ERR "%s: Internal error whilst attempting to " 999 "convert decrypted filename memory to scatterlist; " 1000 "rc = [%d]. block_aligned_filename_size = [%zd]\n", 1001 __func__, rc, s->block_aligned_filename_size); 1002 goto out_free_unlock; 1003 } 1004 1005 s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); 1006 if (!s->skcipher_req) { 1007 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " 1008 "skcipher_request_alloc for %s\n", __func__, 1009 crypto_skcipher_driver_name(s->skcipher_tfm)); 1010 rc = -ENOMEM; 1011 goto out_free_unlock; 1012 } 1013 1014 skcipher_request_set_callback(s->skcipher_req, 1015 CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); 1016 1017 /* The characters in the first block effectively do the job of 1018 * the IV here, so we just use 0's for the IV. Note the 1019 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 1020 * >= ECRYPTFS_MAX_IV_BYTES. */ 1021 /* TODO: Support other key modules than passphrase for 1022 * filename encryption */ 1023 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 1024 rc = -EOPNOTSUPP; 1025 printk(KERN_INFO "%s: Filename encryption only supports " 1026 "password tokens\n", __func__); 1027 goto out_free_unlock; 1028 } 1029 rc = crypto_skcipher_setkey( 1030 s->skcipher_tfm, 1031 s->auth_tok->token.password.session_key_encryption_key, 1032 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1033 if (rc < 0) { 1034 printk(KERN_ERR "%s: Error setting key for crypto context; " 1035 "rc = [%d]. s->auth_tok->token.password.session_key_" 1036 "encryption_key = [0x%p]; mount_crypt_stat->" 1037 "global_default_fn_cipher_key_bytes = [%zd]\n", __func__, 1038 rc, 1039 s->auth_tok->token.password.session_key_encryption_key, 1040 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1041 goto out_free_unlock; 1042 } 1043 skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, 1044 s->block_aligned_filename_size, s->iv); 1045 rc = crypto_skcipher_decrypt(s->skcipher_req); 1046 if (rc) { 1047 printk(KERN_ERR "%s: Error attempting to decrypt filename; " 1048 "rc = [%d]\n", __func__, rc); 1049 goto out_free_unlock; 1050 } 1051 1052 while (s->i < s->block_aligned_filename_size && 1053 s->decrypted_filename[s->i] != '\0') 1054 s->i++; 1055 if (s->i == s->block_aligned_filename_size) { 1056 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not " 1057 "find valid separator between random characters and " 1058 "the filename\n", __func__); 1059 rc = -EINVAL; 1060 goto out_free_unlock; 1061 } 1062 s->i++; 1063 (*filename_size) = (s->block_aligned_filename_size - s->i); 1064 if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) { 1065 printk(KERN_WARNING "%s: Filename size is [%zd], which is " 1066 "invalid\n", __func__, (*filename_size)); 1067 rc = -EINVAL; 1068 goto out_free_unlock; 1069 } 1070 (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL); 1071 if (!(*filename)) { 1072 rc = -ENOMEM; 1073 goto out_free_unlock; 1074 } 1075 memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size)); 1076 (*filename)[(*filename_size)] = '\0'; 1077out_free_unlock: 1078 kfree(s->decrypted_filename); 1079out_unlock: 1080 mutex_unlock(s->tfm_mutex); 1081out: 1082 if (rc) { 1083 (*packet_size) = 0; 1084 (*filename_size) = 0; 1085 (*filename) = NULL; 1086 } 1087 if (auth_tok_key) { 1088 up_write(&(auth_tok_key->sem)); 1089 key_put(auth_tok_key); 1090 } 1091 skcipher_request_free(s->skcipher_req); 1092 kfree(s); 1093 return rc; 1094} 1095 1096static int 1097ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok) 1098{ 1099 int rc = 0; 1100 1101 (*sig) = NULL; 1102 switch (auth_tok->token_type) { 1103 case ECRYPTFS_PASSWORD: 1104 (*sig) = auth_tok->token.password.signature; 1105 break; 1106 case ECRYPTFS_PRIVATE_KEY: 1107 (*sig) = auth_tok->token.private_key.signature; 1108 break; 1109 default: 1110 printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n", 1111 auth_tok->token_type); 1112 rc = -EINVAL; 1113 } 1114 return rc; 1115} 1116 1117/** 1118 * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok. 1119 * @auth_tok: The key authentication token used to decrypt the session key 1120 * @crypt_stat: The cryptographic context 1121 * 1122 * Returns zero on success; non-zero error otherwise. 1123 */ 1124static int 1125decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 1126 struct ecryptfs_crypt_stat *crypt_stat) 1127{ 1128 u8 cipher_code = 0; 1129 struct ecryptfs_msg_ctx *msg_ctx; 1130 struct ecryptfs_message *msg = NULL; 1131 char *auth_tok_sig; 1132 char *payload = NULL; 1133 size_t payload_len = 0; 1134 int rc; 1135 1136 rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok); 1137 if (rc) { 1138 printk(KERN_ERR "Unrecognized auth tok type: [%d]\n", 1139 auth_tok->token_type); 1140 goto out; 1141 } 1142 rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key), 1143 &payload, &payload_len); 1144 if (rc) { 1145 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n"); 1146 goto out; 1147 } 1148 rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); 1149 if (rc) { 1150 ecryptfs_printk(KERN_ERR, "Error sending message to " 1151 "ecryptfsd: %d\n", rc); 1152 goto out; 1153 } 1154 rc = ecryptfs_wait_for_response(msg_ctx, &msg); 1155 if (rc) { 1156 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet " 1157 "from the user space daemon\n"); 1158 rc = -EIO; 1159 goto out; 1160 } 1161 rc = parse_tag_65_packet(&(auth_tok->session_key), 1162 &cipher_code, msg); 1163 if (rc) { 1164 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n", 1165 rc); 1166 goto out; 1167 } 1168 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1169 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, 1170 auth_tok->session_key.decrypted_key_size); 1171 crypt_stat->key_size = auth_tok->session_key.decrypted_key_size; 1172 rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code); 1173 if (rc) { 1174 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n", 1175 cipher_code) 1176 goto out; 1177 } 1178 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 1179 if (ecryptfs_verbosity > 0) { 1180 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); 1181 ecryptfs_dump_hex(crypt_stat->key, 1182 crypt_stat->key_size); 1183 } 1184out: 1185 kfree(msg); 1186 kfree(payload); 1187 return rc; 1188} 1189 1190static void wipe_auth_tok_list(struct list_head *auth_tok_list_head) 1191{ 1192 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 1193 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp; 1194 1195 list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp, 1196 auth_tok_list_head, list) { 1197 list_del(&auth_tok_list_item->list); 1198 kmem_cache_free(ecryptfs_auth_tok_list_item_cache, 1199 auth_tok_list_item); 1200 } 1201} 1202 1203struct kmem_cache *ecryptfs_auth_tok_list_item_cache; 1204 1205/** 1206 * parse_tag_1_packet 1207 * @crypt_stat: The cryptographic context to modify based on packet contents 1208 * @data: The raw bytes of the packet. 1209 * @auth_tok_list: eCryptfs parses packets into authentication tokens; 1210 * a new authentication token will be placed at the 1211 * end of this list for this packet. 1212 * @new_auth_tok: Pointer to a pointer to memory that this function 1213 * allocates; sets the memory address of the pointer to 1214 * NULL on error. This object is added to the 1215 * auth_tok_list. 1216 * @packet_size: This function writes the size of the parsed packet 1217 * into this memory location; zero on error. 1218 * @max_packet_size: The maximum allowable packet size 1219 * 1220 * Returns zero on success; non-zero on error. 1221 */ 1222static int 1223parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, 1224 unsigned char *data, struct list_head *auth_tok_list, 1225 struct ecryptfs_auth_tok **new_auth_tok, 1226 size_t *packet_size, size_t max_packet_size) 1227{ 1228 size_t body_size; 1229 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 1230 size_t length_size; 1231 int rc = 0; 1232 1233 (*packet_size) = 0; 1234 (*new_auth_tok) = NULL; 1235 /** 1236 * This format is inspired by OpenPGP; see RFC 2440 1237 * packet tag 1 1238 * 1239 * Tag 1 identifier (1 byte) 1240 * Max Tag 1 packet size (max 3 bytes) 1241 * Version (1 byte) 1242 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE) 1243 * Cipher identifier (1 byte) 1244 * Encrypted key size (arbitrary) 1245 * 1246 * 12 bytes minimum packet size 1247 */ 1248 if (unlikely(max_packet_size < 12)) { 1249 printk(KERN_ERR "Invalid max packet size; must be >=12\n"); 1250 rc = -EINVAL; 1251 goto out; 1252 } 1253 if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) { 1254 printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n", 1255 ECRYPTFS_TAG_1_PACKET_TYPE); 1256 rc = -EINVAL; 1257 goto out; 1258 } 1259 /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or 1260 * at end of function upon failure */ 1261 auth_tok_list_item = 1262 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, 1263 GFP_KERNEL); 1264 if (!auth_tok_list_item) { 1265 printk(KERN_ERR "Unable to allocate memory\n"); 1266 rc = -ENOMEM; 1267 goto out; 1268 } 1269 (*new_auth_tok) = &auth_tok_list_item->auth_tok; 1270 rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, 1271 &length_size); 1272 if (rc) { 1273 printk(KERN_WARNING "Error parsing packet length; " 1274 "rc = [%d]\n", rc); 1275 goto out_free; 1276 } 1277 if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) { 1278 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size); 1279 rc = -EINVAL; 1280 goto out_free; 1281 } 1282 (*packet_size) += length_size; 1283 if (unlikely((*packet_size) + body_size > max_packet_size)) { 1284 printk(KERN_WARNING "Packet size exceeds max\n"); 1285 rc = -EINVAL; 1286 goto out_free; 1287 } 1288 if (unlikely(data[(*packet_size)++] != 0x03)) { 1289 printk(KERN_WARNING "Unknown version number [%d]\n", 1290 data[(*packet_size) - 1]); 1291 rc = -EINVAL; 1292 goto out_free; 1293 } 1294 ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature, 1295 &data[(*packet_size)], ECRYPTFS_SIG_SIZE); 1296 *packet_size += ECRYPTFS_SIG_SIZE; 1297 /* This byte is skipped because the kernel does not need to 1298 * know which public key encryption algorithm was used */ 1299 (*packet_size)++; 1300 (*new_auth_tok)->session_key.encrypted_key_size = 1301 body_size - (ECRYPTFS_SIG_SIZE + 2); 1302 if ((*new_auth_tok)->session_key.encrypted_key_size 1303 > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { 1304 printk(KERN_WARNING "Tag 1 packet contains key larger " 1305 "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n"); 1306 rc = -EINVAL; 1307 goto out_free; 1308 } 1309 memcpy((*new_auth_tok)->session_key.encrypted_key, 1310 &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2))); 1311 (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size; 1312 (*new_auth_tok)->session_key.flags &= 1313 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1314 (*new_auth_tok)->session_key.flags |= 1315 ECRYPTFS_CONTAINS_ENCRYPTED_KEY; 1316 (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; 1317 (*new_auth_tok)->flags = 0; 1318 (*new_auth_tok)->session_key.flags &= 1319 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 1320 (*new_auth_tok)->session_key.flags &= 1321 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 1322 list_add(&auth_tok_list_item->list, auth_tok_list); 1323 goto out; 1324out_free: 1325 (*new_auth_tok) = NULL; 1326 memset(auth_tok_list_item, 0, 1327 sizeof(struct ecryptfs_auth_tok_list_item)); 1328 kmem_cache_free(ecryptfs_auth_tok_list_item_cache, 1329 auth_tok_list_item); 1330out: 1331 if (rc) 1332 (*packet_size) = 0; 1333 return rc; 1334} 1335 1336/** 1337 * parse_tag_3_packet 1338 * @crypt_stat: The cryptographic context to modify based on packet 1339 * contents. 1340 * @data: The raw bytes of the packet. 1341 * @auth_tok_list: eCryptfs parses packets into authentication tokens; 1342 * a new authentication token will be placed at the end 1343 * of this list for this packet. 1344 * @new_auth_tok: Pointer to a pointer to memory that this function 1345 * allocates; sets the memory address of the pointer to 1346 * NULL on error. This object is added to the 1347 * auth_tok_list. 1348 * @packet_size: This function writes the size of the parsed packet 1349 * into this memory location; zero on error. 1350 * @max_packet_size: maximum number of bytes to parse 1351 * 1352 * Returns zero on success; non-zero on error. 1353 */ 1354static int 1355parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, 1356 unsigned char *data, struct list_head *auth_tok_list, 1357 struct ecryptfs_auth_tok **new_auth_tok, 1358 size_t *packet_size, size_t max_packet_size) 1359{ 1360 size_t body_size; 1361 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 1362 size_t length_size; 1363 int rc = 0; 1364 1365 (*packet_size) = 0; 1366 (*new_auth_tok) = NULL; 1367 /** 1368 *This format is inspired by OpenPGP; see RFC 2440 1369 * packet tag 3 1370 * 1371 * Tag 3 identifier (1 byte) 1372 * Max Tag 3 packet size (max 3 bytes) 1373 * Version (1 byte) 1374 * Cipher code (1 byte) 1375 * S2K specifier (1 byte) 1376 * Hash identifier (1 byte) 1377 * Salt (ECRYPTFS_SALT_SIZE) 1378 * Hash iterations (1 byte) 1379 * Encrypted key (arbitrary) 1380 * 1381 * (ECRYPTFS_SALT_SIZE + 7) minimum packet size 1382 */ 1383 if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) { 1384 printk(KERN_ERR "Max packet size too large\n"); 1385 rc = -EINVAL; 1386 goto out; 1387 } 1388 if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) { 1389 printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n", 1390 ECRYPTFS_TAG_3_PACKET_TYPE); 1391 rc = -EINVAL; 1392 goto out; 1393 } 1394 /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or 1395 * at end of function upon failure */ 1396 auth_tok_list_item = 1397 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL); 1398 if (!auth_tok_list_item) { 1399 printk(KERN_ERR "Unable to allocate memory\n"); 1400 rc = -ENOMEM; 1401 goto out; 1402 } 1403 (*new_auth_tok) = &auth_tok_list_item->auth_tok; 1404 rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, 1405 &length_size); 1406 if (rc) { 1407 printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", 1408 rc); 1409 goto out_free; 1410 } 1411 if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) { 1412 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size); 1413 rc = -EINVAL; 1414 goto out_free; 1415 } 1416 (*packet_size) += length_size; 1417 if (unlikely((*packet_size) + body_size > max_packet_size)) { 1418 printk(KERN_ERR "Packet size exceeds max\n"); 1419 rc = -EINVAL; 1420 goto out_free; 1421 } 1422 (*new_auth_tok)->session_key.encrypted_key_size = 1423 (body_size - (ECRYPTFS_SALT_SIZE + 5)); 1424 if ((*new_auth_tok)->session_key.encrypted_key_size 1425 > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { 1426 printk(KERN_WARNING "Tag 3 packet contains key larger " 1427 "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n"); 1428 rc = -EINVAL; 1429 goto out_free; 1430 } 1431 if (unlikely(data[(*packet_size)++] != 0x04)) { 1432 printk(KERN_WARNING "Unknown version number [%d]\n", 1433 data[(*packet_size) - 1]); 1434 rc = -EINVAL; 1435 goto out_free; 1436 } 1437 rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, 1438 (u16)data[(*packet_size)]); 1439 if (rc) 1440 goto out_free; 1441 /* A little extra work to differentiate among the AES key 1442 * sizes; see RFC2440 */ 1443 switch(data[(*packet_size)++]) { 1444 case RFC2440_CIPHER_AES_192: 1445 crypt_stat->key_size = 24; 1446 break; 1447 default: 1448 crypt_stat->key_size = 1449 (*new_auth_tok)->session_key.encrypted_key_size; 1450 } 1451 rc = ecryptfs_init_crypt_ctx(crypt_stat); 1452 if (rc) 1453 goto out_free; 1454 if (unlikely(data[(*packet_size)++] != 0x03)) { 1455 printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); 1456 rc = -ENOSYS; 1457 goto out_free; 1458 } 1459 /* TODO: finish the hash mapping */ 1460 switch (data[(*packet_size)++]) { 1461 case 0x01: /* See RFC2440 for these numbers and their mappings */ 1462 /* Choose MD5 */ 1463 memcpy((*new_auth_tok)->token.password.salt, 1464 &data[(*packet_size)], ECRYPTFS_SALT_SIZE); 1465 (*packet_size) += ECRYPTFS_SALT_SIZE; 1466 /* This conversion was taken straight from RFC2440 */ 1467 (*new_auth_tok)->token.password.hash_iterations = 1468 ((u32) 16 + (data[(*packet_size)] & 15)) 1469 << ((data[(*packet_size)] >> 4) + 6); 1470 (*packet_size)++; 1471 /* Friendly reminder: 1472 * (*new_auth_tok)->session_key.encrypted_key_size = 1473 * (body_size - (ECRYPTFS_SALT_SIZE + 5)); */ 1474 memcpy((*new_auth_tok)->session_key.encrypted_key, 1475 &data[(*packet_size)], 1476 (*new_auth_tok)->session_key.encrypted_key_size); 1477 (*packet_size) += 1478 (*new_auth_tok)->session_key.encrypted_key_size; 1479 (*new_auth_tok)->session_key.flags &= 1480 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1481 (*new_auth_tok)->session_key.flags |= 1482 ECRYPTFS_CONTAINS_ENCRYPTED_KEY; 1483 (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */ 1484 break; 1485 default: 1486 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: " 1487 "[%d]\n", data[(*packet_size) - 1]); 1488 rc = -ENOSYS; 1489 goto out_free; 1490 } 1491 (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; 1492 /* TODO: Parametarize; we might actually want userspace to 1493 * decrypt the session key. */ 1494 (*new_auth_tok)->session_key.flags &= 1495 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 1496 (*new_auth_tok)->session_key.flags &= 1497 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 1498 list_add(&auth_tok_list_item->list, auth_tok_list); 1499 goto out; 1500out_free: 1501 (*new_auth_tok) = NULL; 1502 memset(auth_tok_list_item, 0, 1503 sizeof(struct ecryptfs_auth_tok_list_item)); 1504 kmem_cache_free(ecryptfs_auth_tok_list_item_cache, 1505 auth_tok_list_item); 1506out: 1507 if (rc) 1508 (*packet_size) = 0; 1509 return rc; 1510} 1511 1512/** 1513 * parse_tag_11_packet 1514 * @data: The raw bytes of the packet 1515 * @contents: This function writes the data contents of the literal 1516 * packet into this memory location 1517 * @max_contents_bytes: The maximum number of bytes that this function 1518 * is allowed to write into contents 1519 * @tag_11_contents_size: This function writes the size of the parsed 1520 * contents into this memory location; zero on 1521 * error 1522 * @packet_size: This function writes the size of the parsed packet 1523 * into this memory location; zero on error 1524 * @max_packet_size: maximum number of bytes to parse 1525 * 1526 * Returns zero on success; non-zero on error. 1527 */ 1528static int 1529parse_tag_11_packet(unsigned char *data, unsigned char *contents, 1530 size_t max_contents_bytes, size_t *tag_11_contents_size, 1531 size_t *packet_size, size_t max_packet_size) 1532{ 1533 size_t body_size; 1534 size_t length_size; 1535 int rc = 0; 1536 1537 (*packet_size) = 0; 1538 (*tag_11_contents_size) = 0; 1539 /* This format is inspired by OpenPGP; see RFC 2440 1540 * packet tag 11 1541 * 1542 * Tag 11 identifier (1 byte) 1543 * Max Tag 11 packet size (max 3 bytes) 1544 * Binary format specifier (1 byte) 1545 * Filename length (1 byte) 1546 * Filename ("_CONSOLE") (8 bytes) 1547 * Modification date (4 bytes) 1548 * Literal data (arbitrary) 1549 * 1550 * We need at least 16 bytes of data for the packet to even be 1551 * valid. 1552 */ 1553 if (max_packet_size < 16) { 1554 printk(KERN_ERR "Maximum packet size too small\n"); 1555 rc = -EINVAL; 1556 goto out; 1557 } 1558 if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) { 1559 printk(KERN_WARNING "Invalid tag 11 packet format\n"); 1560 rc = -EINVAL; 1561 goto out; 1562 } 1563 rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, 1564 &length_size); 1565 if (rc) { 1566 printk(KERN_WARNING "Invalid tag 11 packet format\n"); 1567 goto out; 1568 } 1569 if (body_size < 14) { 1570 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size); 1571 rc = -EINVAL; 1572 goto out; 1573 } 1574 (*packet_size) += length_size; 1575 (*tag_11_contents_size) = (body_size - 14); 1576 if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) { 1577 printk(KERN_ERR "Packet size exceeds max\n"); 1578 rc = -EINVAL; 1579 goto out; 1580 } 1581 if (unlikely((*tag_11_contents_size) > max_contents_bytes)) { 1582 printk(KERN_ERR "Literal data section in tag 11 packet exceeds " 1583 "expected size\n"); 1584 rc = -EINVAL; 1585 goto out; 1586 } 1587 if (data[(*packet_size)++] != 0x62) { 1588 printk(KERN_WARNING "Unrecognizable packet\n"); 1589 rc = -EINVAL; 1590 goto out; 1591 } 1592 if (data[(*packet_size)++] != 0x08) { 1593 printk(KERN_WARNING "Unrecognizable packet\n"); 1594 rc = -EINVAL; 1595 goto out; 1596 } 1597 (*packet_size) += 12; /* Ignore filename and modification date */ 1598 memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size)); 1599 (*packet_size) += (*tag_11_contents_size); 1600out: 1601 if (rc) { 1602 (*packet_size) = 0; 1603 (*tag_11_contents_size) = 0; 1604 } 1605 return rc; 1606} 1607 1608int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, 1609 struct ecryptfs_auth_tok **auth_tok, 1610 char *sig) 1611{ 1612 int rc = 0; 1613 1614 (*auth_tok_key) = request_key(&key_type_user, sig, NULL); 1615 if (IS_ERR(*auth_tok_key)) { 1616 (*auth_tok_key) = ecryptfs_get_encrypted_key(sig); 1617 if (IS_ERR(*auth_tok_key)) { 1618 printk(KERN_ERR "Could not find key with description: [%s]\n", 1619 sig); 1620 rc = process_request_key_err(PTR_ERR(*auth_tok_key)); 1621 (*auth_tok_key) = NULL; 1622 goto out; 1623 } 1624 } 1625 down_write(&(*auth_tok_key)->sem); 1626 rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok); 1627 if (rc) { 1628 up_write(&(*auth_tok_key)->sem); 1629 key_put(*auth_tok_key); 1630 (*auth_tok_key) = NULL; 1631 goto out; 1632 } 1633out: 1634 return rc; 1635} 1636 1637/** 1638 * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok. 1639 * @auth_tok: The passphrase authentication token to use to encrypt the FEK 1640 * @crypt_stat: The cryptographic context 1641 * 1642 * Returns zero on success; non-zero error otherwise 1643 */ 1644static int 1645decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 1646 struct ecryptfs_crypt_stat *crypt_stat) 1647{ 1648 struct scatterlist dst_sg[2]; 1649 struct scatterlist src_sg[2]; 1650 struct mutex *tfm_mutex; 1651 struct crypto_skcipher *tfm; 1652 struct skcipher_request *req = NULL; 1653 int rc = 0; 1654 1655 if (unlikely(ecryptfs_verbosity > 0)) { 1656 ecryptfs_printk( 1657 KERN_DEBUG, "Session key encryption key (size [%d]):\n", 1658 auth_tok->token.password.session_key_encryption_key_bytes); 1659 ecryptfs_dump_hex( 1660 auth_tok->token.password.session_key_encryption_key, 1661 auth_tok->token.password.session_key_encryption_key_bytes); 1662 } 1663 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, 1664 crypt_stat->cipher); 1665 if (unlikely(rc)) { 1666 printk(KERN_ERR "Internal error whilst attempting to get " 1667 "tfm and mutex for cipher name [%s]; rc = [%d]\n", 1668 crypt_stat->cipher, rc); 1669 goto out; 1670 } 1671 rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, 1672 auth_tok->session_key.encrypted_key_size, 1673 src_sg, 2); 1674 if (rc < 1 || rc > 2) { 1675 printk(KERN_ERR "Internal error whilst attempting to convert " 1676 "auth_tok->session_key.encrypted_key to scatterlist; " 1677 "expected rc = 1; got rc = [%d]. " 1678 "auth_tok->session_key.encrypted_key_size = [%d]\n", rc, 1679 auth_tok->session_key.encrypted_key_size); 1680 goto out; 1681 } 1682 auth_tok->session_key.decrypted_key_size = 1683 auth_tok->session_key.encrypted_key_size; 1684 rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, 1685 auth_tok->session_key.decrypted_key_size, 1686 dst_sg, 2); 1687 if (rc < 1 || rc > 2) { 1688 printk(KERN_ERR "Internal error whilst attempting to convert " 1689 "auth_tok->session_key.decrypted_key to scatterlist; " 1690 "expected rc = 1; got rc = [%d]\n", rc); 1691 goto out; 1692 } 1693 mutex_lock(tfm_mutex); 1694 req = skcipher_request_alloc(tfm, GFP_KERNEL); 1695 if (!req) { 1696 mutex_unlock(tfm_mutex); 1697 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " 1698 "skcipher_request_alloc for %s\n", __func__, 1699 crypto_skcipher_driver_name(tfm)); 1700 rc = -ENOMEM; 1701 goto out; 1702 } 1703 1704 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, 1705 NULL, NULL); 1706 rc = crypto_skcipher_setkey( 1707 tfm, auth_tok->token.password.session_key_encryption_key, 1708 crypt_stat->key_size); 1709 if (unlikely(rc < 0)) { 1710 mutex_unlock(tfm_mutex); 1711 printk(KERN_ERR "Error setting key for crypto context\n"); 1712 rc = -EINVAL; 1713 goto out; 1714 } 1715 skcipher_request_set_crypt(req, src_sg, dst_sg, 1716 auth_tok->session_key.encrypted_key_size, 1717 NULL); 1718 rc = crypto_skcipher_decrypt(req); 1719 mutex_unlock(tfm_mutex); 1720 if (unlikely(rc)) { 1721 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); 1722 goto out; 1723 } 1724 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1725 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, 1726 auth_tok->session_key.decrypted_key_size); 1727 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 1728 if (unlikely(ecryptfs_verbosity > 0)) { 1729 ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n", 1730 crypt_stat->key_size); 1731 ecryptfs_dump_hex(crypt_stat->key, 1732 crypt_stat->key_size); 1733 } 1734out: 1735 skcipher_request_free(req); 1736 return rc; 1737} 1738 1739/** 1740 * ecryptfs_parse_packet_set 1741 * @crypt_stat: The cryptographic context 1742 * @src: Virtual address of region of memory containing the packets 1743 * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set 1744 * 1745 * Get crypt_stat to have the file's session key if the requisite key 1746 * is available to decrypt the session key. 1747 * 1748 * Returns Zero if a valid authentication token was retrieved and 1749 * processed; negative value for file not encrypted or for error 1750 * conditions. 1751 */ 1752int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, 1753 unsigned char *src, 1754 struct dentry *ecryptfs_dentry) 1755{ 1756 size_t i = 0; 1757 size_t found_auth_tok; 1758 size_t next_packet_is_auth_tok_packet; 1759 struct list_head auth_tok_list; 1760 struct ecryptfs_auth_tok *matching_auth_tok; 1761 struct ecryptfs_auth_tok *candidate_auth_tok; 1762 char *candidate_auth_tok_sig; 1763 size_t packet_size; 1764 struct ecryptfs_auth_tok *new_auth_tok; 1765 unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE]; 1766 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 1767 size_t tag_11_contents_size; 1768 size_t tag_11_packet_size; 1769 struct key *auth_tok_key = NULL; 1770 int rc = 0; 1771 1772 INIT_LIST_HEAD(&auth_tok_list); 1773 /* Parse the header to find as many packets as we can; these will be 1774 * added the our &auth_tok_list */ 1775 next_packet_is_auth_tok_packet = 1; 1776 while (next_packet_is_auth_tok_packet) { 1777 size_t max_packet_size = ((PAGE_SIZE - 8) - i); 1778 1779 switch (src[i]) { 1780 case ECRYPTFS_TAG_3_PACKET_TYPE: 1781 rc = parse_tag_3_packet(crypt_stat, 1782 (unsigned char *)&src[i], 1783 &auth_tok_list, &new_auth_tok, 1784 &packet_size, max_packet_size); 1785 if (rc) { 1786 ecryptfs_printk(KERN_ERR, "Error parsing " 1787 "tag 3 packet\n"); 1788 rc = -EIO; 1789 goto out_wipe_list; 1790 } 1791 i += packet_size; 1792 rc = parse_tag_11_packet((unsigned char *)&src[i], 1793 sig_tmp_space, 1794 ECRYPTFS_SIG_SIZE, 1795 &tag_11_contents_size, 1796 &tag_11_packet_size, 1797 max_packet_size); 1798 if (rc) { 1799 ecryptfs_printk(KERN_ERR, "No valid " 1800 "(ecryptfs-specific) literal " 1801 "packet containing " 1802 "authentication token " 1803 "signature found after " 1804 "tag 3 packet\n"); 1805 rc = -EIO; 1806 goto out_wipe_list; 1807 } 1808 i += tag_11_packet_size; 1809 if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) { 1810 ecryptfs_printk(KERN_ERR, "Expected " 1811 "signature of size [%d]; " 1812 "read size [%zd]\n", 1813 ECRYPTFS_SIG_SIZE, 1814 tag_11_contents_size); 1815 rc = -EIO; 1816 goto out_wipe_list; 1817 } 1818 ecryptfs_to_hex(new_auth_tok->token.password.signature, 1819 sig_tmp_space, tag_11_contents_size); 1820 new_auth_tok->token.password.signature[ 1821 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; 1822 crypt_stat->flags |= ECRYPTFS_ENCRYPTED; 1823 break; 1824 case ECRYPTFS_TAG_1_PACKET_TYPE: 1825 rc = parse_tag_1_packet(crypt_stat, 1826 (unsigned char *)&src[i], 1827 &auth_tok_list, &new_auth_tok, 1828 &packet_size, max_packet_size); 1829 if (rc) { 1830 ecryptfs_printk(KERN_ERR, "Error parsing " 1831 "tag 1 packet\n"); 1832 rc = -EIO; 1833 goto out_wipe_list; 1834 } 1835 i += packet_size; 1836 crypt_stat->flags |= ECRYPTFS_ENCRYPTED; 1837 break; 1838 case ECRYPTFS_TAG_11_PACKET_TYPE: 1839 ecryptfs_printk(KERN_WARNING, "Invalid packet set " 1840 "(Tag 11 not allowed by itself)\n"); 1841 rc = -EIO; 1842 goto out_wipe_list; 1843 default: 1844 ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] " 1845 "of the file header; hex value of " 1846 "character is [0x%.2x]\n", i, src[i]); 1847 next_packet_is_auth_tok_packet = 0; 1848 } 1849 } 1850 if (list_empty(&auth_tok_list)) { 1851 printk(KERN_ERR "The lower file appears to be a non-encrypted " 1852 "eCryptfs file; this is not supported in this version " 1853 "of the eCryptfs kernel module\n"); 1854 rc = -EINVAL; 1855 goto out; 1856 } 1857 /* auth_tok_list contains the set of authentication tokens 1858 * parsed from the metadata. We need to find a matching 1859 * authentication token that has the secret component(s) 1860 * necessary to decrypt the EFEK in the auth_tok parsed from 1861 * the metadata. There may be several potential matches, but 1862 * just one will be sufficient to decrypt to get the FEK. */ 1863find_next_matching_auth_tok: 1864 found_auth_tok = 0; 1865 list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) { 1866 candidate_auth_tok = &auth_tok_list_item->auth_tok; 1867 if (unlikely(ecryptfs_verbosity > 0)) { 1868 ecryptfs_printk(KERN_DEBUG, 1869 "Considering candidate auth tok:\n"); 1870 ecryptfs_dump_auth_tok(candidate_auth_tok); 1871 } 1872 rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig, 1873 candidate_auth_tok); 1874 if (rc) { 1875 printk(KERN_ERR 1876 "Unrecognized candidate auth tok type: [%d]\n", 1877 candidate_auth_tok->token_type); 1878 rc = -EINVAL; 1879 goto out_wipe_list; 1880 } 1881 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, 1882 &matching_auth_tok, 1883 crypt_stat->mount_crypt_stat, 1884 candidate_auth_tok_sig); 1885 if (!rc) { 1886 found_auth_tok = 1; 1887 goto found_matching_auth_tok; 1888 } 1889 } 1890 if (!found_auth_tok) { 1891 ecryptfs_printk(KERN_ERR, "Could not find a usable " 1892 "authentication token\n"); 1893 rc = -EIO; 1894 goto out_wipe_list; 1895 } 1896found_matching_auth_tok: 1897 if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { 1898 memcpy(&(candidate_auth_tok->token.private_key), 1899 &(matching_auth_tok->token.private_key), 1900 sizeof(struct ecryptfs_private_key)); 1901 up_write(&(auth_tok_key->sem)); 1902 key_put(auth_tok_key); 1903 rc = decrypt_pki_encrypted_session_key(candidate_auth_tok, 1904 crypt_stat); 1905 } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) { 1906 memcpy(&(candidate_auth_tok->token.password), 1907 &(matching_auth_tok->token.password), 1908 sizeof(struct ecryptfs_password)); 1909 up_write(&(auth_tok_key->sem)); 1910 key_put(auth_tok_key); 1911 rc = decrypt_passphrase_encrypted_session_key( 1912 candidate_auth_tok, crypt_stat); 1913 } else { 1914 up_write(&(auth_tok_key->sem)); 1915 key_put(auth_tok_key); 1916 rc = -EINVAL; 1917 } 1918 if (rc) { 1919 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp; 1920 1921 ecryptfs_printk(KERN_WARNING, "Error decrypting the " 1922 "session key for authentication token with sig " 1923 "[%.*s]; rc = [%d]. Removing auth tok " 1924 "candidate from the list and searching for " 1925 "the next match.\n", ECRYPTFS_SIG_SIZE_HEX, 1926 candidate_auth_tok_sig, rc); 1927 list_for_each_entry_safe(auth_tok_list_item, 1928 auth_tok_list_item_tmp, 1929 &auth_tok_list, list) { 1930 if (candidate_auth_tok 1931 == &auth_tok_list_item->auth_tok) { 1932 list_del(&auth_tok_list_item->list); 1933 kmem_cache_free( 1934 ecryptfs_auth_tok_list_item_cache, 1935 auth_tok_list_item); 1936 goto find_next_matching_auth_tok; 1937 } 1938 } 1939 BUG(); 1940 } 1941 rc = ecryptfs_compute_root_iv(crypt_stat); 1942 if (rc) { 1943 ecryptfs_printk(KERN_ERR, "Error computing " 1944 "the root IV\n"); 1945 goto out_wipe_list; 1946 } 1947 rc = ecryptfs_init_crypt_ctx(crypt_stat); 1948 if (rc) { 1949 ecryptfs_printk(KERN_ERR, "Error initializing crypto " 1950 "context for cipher [%s]; rc = [%d]\n", 1951 crypt_stat->cipher, rc); 1952 } 1953out_wipe_list: 1954 wipe_auth_tok_list(&auth_tok_list); 1955out: 1956 return rc; 1957} 1958 1959static int 1960pki_encrypt_session_key(struct key *auth_tok_key, 1961 struct ecryptfs_auth_tok *auth_tok, 1962 struct ecryptfs_crypt_stat *crypt_stat, 1963 struct ecryptfs_key_record *key_rec) 1964{ 1965 struct ecryptfs_msg_ctx *msg_ctx = NULL; 1966 char *payload = NULL; 1967 size_t payload_len = 0; 1968 struct ecryptfs_message *msg; 1969 int rc; 1970 1971 rc = write_tag_66_packet(auth_tok->token.private_key.signature, 1972 ecryptfs_code_for_cipher_string( 1973 crypt_stat->cipher, 1974 crypt_stat->key_size), 1975 crypt_stat, &payload, &payload_len); 1976 up_write(&(auth_tok_key->sem)); 1977 key_put(auth_tok_key); 1978 if (rc) { 1979 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n"); 1980 goto out; 1981 } 1982 rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); 1983 if (rc) { 1984 ecryptfs_printk(KERN_ERR, "Error sending message to " 1985 "ecryptfsd: %d\n", rc); 1986 goto out; 1987 } 1988 rc = ecryptfs_wait_for_response(msg_ctx, &msg); 1989 if (rc) { 1990 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet " 1991 "from the user space daemon\n"); 1992 rc = -EIO; 1993 goto out; 1994 } 1995 rc = parse_tag_67_packet(key_rec, msg); 1996 if (rc) 1997 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n"); 1998 kfree(msg); 1999out: 2000 kfree(payload); 2001 return rc; 2002} 2003/** 2004 * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet 2005 * @dest: Buffer into which to write the packet 2006 * @remaining_bytes: Maximum number of bytes that can be writtn 2007 * @auth_tok_key: The authentication token key to unlock and put when done with 2008 * @auth_tok 2009 * @auth_tok: The authentication token used for generating the tag 1 packet 2010 * @crypt_stat: The cryptographic context 2011 * @key_rec: The key record struct for the tag 1 packet 2012 * @packet_size: This function will write the number of bytes that end 2013 * up constituting the packet; set to zero on error 2014 * 2015 * Returns zero on success; non-zero on error. 2016 */ 2017static int 2018write_tag_1_packet(char *dest, size_t *remaining_bytes, 2019 struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok, 2020 struct ecryptfs_crypt_stat *crypt_stat, 2021 struct ecryptfs_key_record *key_rec, size_t *packet_size) 2022{ 2023 size_t i; 2024 size_t encrypted_session_key_valid = 0; 2025 size_t packet_size_length; 2026 size_t max_packet_size; 2027 int rc = 0; 2028 2029 (*packet_size) = 0; 2030 ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature, 2031 ECRYPTFS_SIG_SIZE); 2032 encrypted_session_key_valid = 0; 2033 for (i = 0; i < crypt_stat->key_size; i++) 2034 encrypted_session_key_valid |= 2035 auth_tok->session_key.encrypted_key[i]; 2036 if (encrypted_session_key_valid) { 2037 memcpy(key_rec->enc_key, 2038 auth_tok->session_key.encrypted_key, 2039 auth_tok->session_key.encrypted_key_size); 2040 up_write(&(auth_tok_key->sem)); 2041 key_put(auth_tok_key); 2042 goto encrypted_session_key_set; 2043 } 2044 if (auth_tok->session_key.encrypted_key_size == 0) 2045 auth_tok->session_key.encrypted_key_size = 2046 auth_tok->token.private_key.key_size; 2047 rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat, 2048 key_rec); 2049 if (rc) { 2050 printk(KERN_ERR "Failed to encrypt session key via a key " 2051 "module; rc = [%d]\n", rc); 2052 goto out; 2053 } 2054 if (ecryptfs_verbosity > 0) { 2055 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n"); 2056 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size); 2057 } 2058encrypted_session_key_set: 2059 /* This format is inspired by OpenPGP; see RFC 2440 2060 * packet tag 1 */ 2061 max_packet_size = (1 /* Tag 1 identifier */ 2062 + 3 /* Max Tag 1 packet size */ 2063 + 1 /* Version */ 2064 + ECRYPTFS_SIG_SIZE /* Key identifier */ 2065 + 1 /* Cipher identifier */ 2066 + key_rec->enc_key_size); /* Encrypted key size */ 2067 if (max_packet_size > (*remaining_bytes)) { 2068 printk(KERN_ERR "Packet length larger than maximum allowable; " 2069 "need up to [%td] bytes, but there are only [%td] " 2070 "available\n", max_packet_size, (*remaining_bytes)); 2071 rc = -EINVAL; 2072 goto out; 2073 } 2074 dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; 2075 rc = ecryptfs_write_packet_length(&dest[(*packet_size)], 2076 (max_packet_size - 4), 2077 &packet_size_length); 2078 if (rc) { 2079 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet " 2080 "header; cannot generate packet length\n"); 2081 goto out; 2082 } 2083 (*packet_size) += packet_size_length; 2084 dest[(*packet_size)++] = 0x03; /* version 3 */ 2085 memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE); 2086 (*packet_size) += ECRYPTFS_SIG_SIZE; 2087 dest[(*packet_size)++] = RFC2440_CIPHER_RSA; 2088 memcpy(&dest[(*packet_size)], key_rec->enc_key, 2089 key_rec->enc_key_size); 2090 (*packet_size) += key_rec->enc_key_size; 2091out: 2092 if (rc) 2093 (*packet_size) = 0; 2094 else 2095 (*remaining_bytes) -= (*packet_size); 2096 return rc; 2097} 2098 2099/** 2100 * write_tag_11_packet 2101 * @dest: Target into which Tag 11 packet is to be written 2102 * @remaining_bytes: Maximum packet length 2103 * @contents: Byte array of contents to copy in 2104 * @contents_length: Number of bytes in contents 2105 * @packet_length: Length of the Tag 11 packet written; zero on error 2106 * 2107 * Returns zero on success; non-zero on error. 2108 */ 2109static int 2110write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents, 2111 size_t contents_length, size_t *packet_length) 2112{ 2113 size_t packet_size_length; 2114 size_t max_packet_size; 2115 int rc = 0; 2116 2117 (*packet_length) = 0; 2118 /* This format is inspired by OpenPGP; see RFC 2440 2119 * packet tag 11 */ 2120 max_packet_size = (1 /* Tag 11 identifier */ 2121 + 3 /* Max Tag 11 packet size */ 2122 + 1 /* Binary format specifier */ 2123 + 1 /* Filename length */ 2124 + 8 /* Filename ("_CONSOLE") */ 2125 + 4 /* Modification date */ 2126 + contents_length); /* Literal data */ 2127 if (max_packet_size > (*remaining_bytes)) { 2128 printk(KERN_ERR "Packet length larger than maximum allowable; " 2129 "need up to [%td] bytes, but there are only [%td] " 2130 "available\n", max_packet_size, (*remaining_bytes)); 2131 rc = -EINVAL; 2132 goto out; 2133 } 2134 dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; 2135 rc = ecryptfs_write_packet_length(&dest[(*packet_length)], 2136 (max_packet_size - 4), 2137 &packet_size_length); 2138 if (rc) { 2139 printk(KERN_ERR "Error generating tag 11 packet header; cannot " 2140 "generate packet length. rc = [%d]\n", rc); 2141 goto out; 2142 } 2143 (*packet_length) += packet_size_length; 2144 dest[(*packet_length)++] = 0x62; /* binary data format specifier */ 2145 dest[(*packet_length)++] = 8; 2146 memcpy(&dest[(*packet_length)], "_CONSOLE", 8); 2147 (*packet_length) += 8; 2148 memset(&dest[(*packet_length)], 0x00, 4); 2149 (*packet_length) += 4; 2150 memcpy(&dest[(*packet_length)], contents, contents_length); 2151 (*packet_length) += contents_length; 2152 out: 2153 if (rc) 2154 (*packet_length) = 0; 2155 else 2156 (*remaining_bytes) -= (*packet_length); 2157 return rc; 2158} 2159 2160/** 2161 * write_tag_3_packet 2162 * @dest: Buffer into which to write the packet 2163 * @remaining_bytes: Maximum number of bytes that can be written 2164 * @auth_tok: Authentication token 2165 * @crypt_stat: The cryptographic context 2166 * @key_rec: encrypted key 2167 * @packet_size: This function will write the number of bytes that end 2168 * up constituting the packet; set to zero on error 2169 * 2170 * Returns zero on success; non-zero on error. 2171 */ 2172static int 2173write_tag_3_packet(char *dest, size_t *remaining_bytes, 2174 struct ecryptfs_auth_tok *auth_tok, 2175 struct ecryptfs_crypt_stat *crypt_stat, 2176 struct ecryptfs_key_record *key_rec, size_t *packet_size) 2177{ 2178 size_t i; 2179 size_t encrypted_session_key_valid = 0; 2180 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; 2181 struct scatterlist dst_sg[2]; 2182 struct scatterlist src_sg[2]; 2183 struct mutex *tfm_mutex = NULL; 2184 u8 cipher_code; 2185 size_t packet_size_length; 2186 size_t max_packet_size; 2187 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 2188 crypt_stat->mount_crypt_stat; 2189 struct crypto_skcipher *tfm; 2190 struct skcipher_request *req; 2191 int rc = 0; 2192 2193 (*packet_size) = 0; 2194 ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, 2195 ECRYPTFS_SIG_SIZE); 2196 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, 2197 crypt_stat->cipher); 2198 if (unlikely(rc)) { 2199 printk(KERN_ERR "Internal error whilst attempting to get " 2200 "tfm and mutex for cipher name [%s]; rc = [%d]\n", 2201 crypt_stat->cipher, rc); 2202 goto out; 2203 } 2204 if (mount_crypt_stat->global_default_cipher_key_size == 0) { 2205 printk(KERN_WARNING "No key size specified at mount; " 2206 "defaulting to [%d]\n", 2207 crypto_skcipher_max_keysize(tfm)); 2208 mount_crypt_stat->global_default_cipher_key_size = 2209 crypto_skcipher_max_keysize(tfm); 2210 } 2211 if (crypt_stat->key_size == 0) 2212 crypt_stat->key_size = 2213 mount_crypt_stat->global_default_cipher_key_size; 2214 if (auth_tok->session_key.encrypted_key_size == 0) 2215 auth_tok->session_key.encrypted_key_size = 2216 crypt_stat->key_size; 2217 if (crypt_stat->key_size == 24 2218 && strcmp("aes", crypt_stat->cipher) == 0) { 2219 memset((crypt_stat->key + 24), 0, 8); 2220 auth_tok->session_key.encrypted_key_size = 32; 2221 } else 2222 auth_tok->session_key.encrypted_key_size = crypt_stat->key_size; 2223 key_rec->enc_key_size = 2224 auth_tok->session_key.encrypted_key_size; 2225 encrypted_session_key_valid = 0; 2226 for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++) 2227 encrypted_session_key_valid |= 2228 auth_tok->session_key.encrypted_key[i]; 2229 if (encrypted_session_key_valid) { 2230 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; " 2231 "using auth_tok->session_key.encrypted_key, " 2232 "where key_rec->enc_key_size = [%zd]\n", 2233 key_rec->enc_key_size); 2234 memcpy(key_rec->enc_key, 2235 auth_tok->session_key.encrypted_key, 2236 key_rec->enc_key_size); 2237 goto encrypted_session_key_set; 2238 } 2239 if (auth_tok->token.password.flags & 2240 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) { 2241 ecryptfs_printk(KERN_DEBUG, "Using previously generated " 2242 "session key encryption key of size [%d]\n", 2243 auth_tok->token.password. 2244 session_key_encryption_key_bytes); 2245 memcpy(session_key_encryption_key, 2246 auth_tok->token.password.session_key_encryption_key, 2247 crypt_stat->key_size); 2248 ecryptfs_printk(KERN_DEBUG, 2249 "Cached session key encryption key:\n"); 2250 if (ecryptfs_verbosity > 0) 2251 ecryptfs_dump_hex(session_key_encryption_key, 16); 2252 } 2253 if (unlikely(ecryptfs_verbosity > 0)) { 2254 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n"); 2255 ecryptfs_dump_hex(session_key_encryption_key, 16); 2256 } 2257 rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, 2258 src_sg, 2); 2259 if (rc < 1 || rc > 2) { 2260 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 2261 "for crypt_stat session key; expected rc = 1; " 2262 "got rc = [%d]. key_rec->enc_key_size = [%zd]\n", 2263 rc, key_rec->enc_key_size); 2264 rc = -ENOMEM; 2265 goto out; 2266 } 2267 rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, 2268 dst_sg, 2); 2269 if (rc < 1 || rc > 2) { 2270 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 2271 "for crypt_stat encrypted session key; " 2272 "expected rc = 1; got rc = [%d]. " 2273 "key_rec->enc_key_size = [%zd]\n", rc, 2274 key_rec->enc_key_size); 2275 rc = -ENOMEM; 2276 goto out; 2277 } 2278 mutex_lock(tfm_mutex); 2279 rc = crypto_skcipher_setkey(tfm, session_key_encryption_key, 2280 crypt_stat->key_size); 2281 if (rc < 0) { 2282 mutex_unlock(tfm_mutex); 2283 ecryptfs_printk(KERN_ERR, "Error setting key for crypto " 2284 "context; rc = [%d]\n", rc); 2285 goto out; 2286 } 2287 2288 req = skcipher_request_alloc(tfm, GFP_KERNEL); 2289 if (!req) { 2290 mutex_unlock(tfm_mutex); 2291 ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst " 2292 "attempting to skcipher_request_alloc for " 2293 "%s\n", crypto_skcipher_driver_name(tfm)); 2294 rc = -ENOMEM; 2295 goto out; 2296 } 2297 2298 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, 2299 NULL, NULL); 2300 2301 rc = 0; 2302 ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n", 2303 crypt_stat->key_size); 2304 skcipher_request_set_crypt(req, src_sg, dst_sg, 2305 (*key_rec).enc_key_size, NULL); 2306 rc = crypto_skcipher_encrypt(req); 2307 mutex_unlock(tfm_mutex); 2308 skcipher_request_free(req); 2309 if (rc) { 2310 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); 2311 goto out; 2312 } 2313 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); 2314 if (ecryptfs_verbosity > 0) { 2315 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n", 2316 key_rec->enc_key_size); 2317 ecryptfs_dump_hex(key_rec->enc_key, 2318 key_rec->enc_key_size); 2319 } 2320encrypted_session_key_set: 2321 /* This format is inspired by OpenPGP; see RFC 2440 2322 * packet tag 3 */ 2323 max_packet_size = (1 /* Tag 3 identifier */ 2324 + 3 /* Max Tag 3 packet size */ 2325 + 1 /* Version */ 2326 + 1 /* Cipher code */ 2327 + 1 /* S2K specifier */ 2328 + 1 /* Hash identifier */ 2329 + ECRYPTFS_SALT_SIZE /* Salt */ 2330 + 1 /* Hash iterations */ 2331 + key_rec->enc_key_size); /* Encrypted key size */ 2332 if (max_packet_size > (*remaining_bytes)) { 2333 printk(KERN_ERR "Packet too large; need up to [%td] bytes, but " 2334 "there are only [%td] available\n", max_packet_size, 2335 (*remaining_bytes)); 2336 rc = -EINVAL; 2337 goto out; 2338 } 2339 dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; 2340 /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3) 2341 * to get the number of octets in the actual Tag 3 packet */ 2342 rc = ecryptfs_write_packet_length(&dest[(*packet_size)], 2343 (max_packet_size - 4), 2344 &packet_size_length); 2345 if (rc) { 2346 printk(KERN_ERR "Error generating tag 3 packet header; cannot " 2347 "generate packet length. rc = [%d]\n", rc); 2348 goto out; 2349 } 2350 (*packet_size) += packet_size_length; 2351 dest[(*packet_size)++] = 0x04; /* version 4 */ 2352 /* TODO: Break from RFC2440 so that arbitrary ciphers can be 2353 * specified with strings */ 2354 cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher, 2355 crypt_stat->key_size); 2356 if (cipher_code == 0) { 2357 ecryptfs_printk(KERN_WARNING, "Unable to generate code for " 2358 "cipher [%s]\n", crypt_stat->cipher); 2359 rc = -EINVAL; 2360 goto out; 2361 } 2362 dest[(*packet_size)++] = cipher_code; 2363 dest[(*packet_size)++] = 0x03; /* S2K */ 2364 dest[(*packet_size)++] = 0x01; /* MD5 (TODO: parameterize) */ 2365 memcpy(&dest[(*packet_size)], auth_tok->token.password.salt, 2366 ECRYPTFS_SALT_SIZE); 2367 (*packet_size) += ECRYPTFS_SALT_SIZE; /* salt */ 2368 dest[(*packet_size)++] = 0x60; /* hash iterations (65536) */ 2369 memcpy(&dest[(*packet_size)], key_rec->enc_key, 2370 key_rec->enc_key_size); 2371 (*packet_size) += key_rec->enc_key_size; 2372out: 2373 if (rc) 2374 (*packet_size) = 0; 2375 else 2376 (*remaining_bytes) -= (*packet_size); 2377 return rc; 2378} 2379 2380struct kmem_cache *ecryptfs_key_record_cache; 2381 2382/** 2383 * ecryptfs_generate_key_packet_set 2384 * @dest_base: Virtual address from which to write the key record set 2385 * @crypt_stat: The cryptographic context from which the 2386 * authentication tokens will be retrieved 2387 * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat 2388 * for the global parameters 2389 * @len: The amount written 2390 * @max: The maximum amount of data allowed to be written 2391 * 2392 * Generates a key packet set and writes it to the virtual address 2393 * passed in. 2394 * 2395 * Returns zero on success; non-zero on error. 2396 */ 2397int 2398ecryptfs_generate_key_packet_set(char *dest_base, 2399 struct ecryptfs_crypt_stat *crypt_stat, 2400 struct dentry *ecryptfs_dentry, size_t *len, 2401 size_t max) 2402{ 2403 struct ecryptfs_auth_tok *auth_tok; 2404 struct key *auth_tok_key = NULL; 2405 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 2406 &ecryptfs_superblock_to_private( 2407 ecryptfs_dentry->d_sb)->mount_crypt_stat; 2408 size_t written; 2409 struct ecryptfs_key_record *key_rec; 2410 struct ecryptfs_key_sig *key_sig; 2411 int rc = 0; 2412 2413 (*len) = 0; 2414 mutex_lock(&crypt_stat->keysig_list_mutex); 2415 key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL); 2416 if (!key_rec) { 2417 rc = -ENOMEM; 2418 goto out; 2419 } 2420 list_for_each_entry(key_sig, &crypt_stat->keysig_list, 2421 crypt_stat_list) { 2422 memset(key_rec, 0, sizeof(*key_rec)); 2423 rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key, 2424 &auth_tok, 2425 mount_crypt_stat, 2426 key_sig->keysig); 2427 if (rc) { 2428 printk(KERN_WARNING "Unable to retrieve auth tok with " 2429 "sig = [%s]\n", key_sig->keysig); 2430 rc = process_find_global_auth_tok_for_sig_err(rc); 2431 goto out_free; 2432 } 2433 if (auth_tok->token_type == ECRYPTFS_PASSWORD) { 2434 rc = write_tag_3_packet((dest_base + (*len)), 2435 &max, auth_tok, 2436 crypt_stat, key_rec, 2437 &written); 2438 up_write(&(auth_tok_key->sem)); 2439 key_put(auth_tok_key); 2440 if (rc) { 2441 ecryptfs_printk(KERN_WARNING, "Error " 2442 "writing tag 3 packet\n"); 2443 goto out_free; 2444 } 2445 (*len) += written; 2446 /* Write auth tok signature packet */ 2447 rc = write_tag_11_packet((dest_base + (*len)), &max, 2448 key_rec->sig, 2449 ECRYPTFS_SIG_SIZE, &written); 2450 if (rc) { 2451 ecryptfs_printk(KERN_ERR, "Error writing " 2452 "auth tok signature packet\n"); 2453 goto out_free; 2454 } 2455 (*len) += written; 2456 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { 2457 rc = write_tag_1_packet(dest_base + (*len), &max, 2458 auth_tok_key, auth_tok, 2459 crypt_stat, key_rec, &written); 2460 if (rc) { 2461 ecryptfs_printk(KERN_WARNING, "Error " 2462 "writing tag 1 packet\n"); 2463 goto out_free; 2464 } 2465 (*len) += written; 2466 } else { 2467 up_write(&(auth_tok_key->sem)); 2468 key_put(auth_tok_key); 2469 ecryptfs_printk(KERN_WARNING, "Unsupported " 2470 "authentication token type\n"); 2471 rc = -EINVAL; 2472 goto out_free; 2473 } 2474 } 2475 if (likely(max > 0)) { 2476 dest_base[(*len)] = 0x00; 2477 } else { 2478 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n"); 2479 rc = -EIO; 2480 } 2481out_free: 2482 kmem_cache_free(ecryptfs_key_record_cache, key_rec); 2483out: 2484 if (rc) 2485 (*len) = 0; 2486 mutex_unlock(&crypt_stat->keysig_list_mutex); 2487 return rc; 2488} 2489 2490struct kmem_cache *ecryptfs_key_sig_cache; 2491 2492int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig) 2493{ 2494 struct ecryptfs_key_sig *new_key_sig; 2495 2496 new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL); 2497 if (!new_key_sig) 2498 return -ENOMEM; 2499 2500 memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); 2501 new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; 2502 /* Caller must hold keysig_list_mutex */ 2503 list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); 2504 2505 return 0; 2506} 2507 2508struct kmem_cache *ecryptfs_global_auth_tok_cache; 2509 2510int 2511ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 2512 char *sig, u32 global_auth_tok_flags) 2513{ 2514 struct ecryptfs_global_auth_tok *new_auth_tok; 2515 2516 new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache, 2517 GFP_KERNEL); 2518 if (!new_auth_tok) 2519 return -ENOMEM; 2520 2521 memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX); 2522 new_auth_tok->flags = global_auth_tok_flags; 2523 new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; 2524 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 2525 list_add(&new_auth_tok->mount_crypt_stat_list, 2526 &mount_crypt_stat->global_auth_tok_list); 2527 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 2528 return 0; 2529} 2530 2531