1
/**
2
 * eCryptfs: Linux filesystem encryption layer
3
 * In-kernel key management code.  Includes functions to parse and
4
 * write authentication token-related packets with the underlying
5
 * file.
6
 *
7
 * Copyright (C) 2004-2006 International Business Machines Corp.
8
 *   Author(s): Michael A. Halcrow <[email protected]>
9
 *              Michael C. Thompson <[email protected]>
10
 *              Trevor S. Highland <[email protected]>
11
 *
12
 * This program is free software; you can redistribute it and/or
13
 * modify it under the terms of the GNU General Public License as
14
 * published by the Free Software Foundation; either version 2 of the
15
 * License, or (at your option) any later version.
16
 *
17
 * This program is distributed in the hope that it will be useful, but
18
 * WITHOUT ANY WARRANTY; without even the implied warranty of
19
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20
 * General Public License for more details.
21
 *
22
 * You should have received a copy of the GNU General Public License
23
 * along with this program; if not, write to the Free Software
24
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25
 * 02111-1307, USA.
26
 */
27

28
#include <linux/string.h>
29
#include <linux/syscalls.h>
30
#include <linux/pagemap.h>
31
#include <linux/key.h>
32
#include <linux/random.h>
33
#include <linux/crypto.h>
34
#include <linux/scatterlist.h>
35
#include <linux/slab.h>
36
#include "ecryptfs_kernel.h"
37

38
/**
39
 * request_key returned an error instead of a valid key address;
40
 * determine the type of error, make appropriate log entries, and
41
 * return an error code.
42
 */
43
static int process_request_key_err(long err_code)
44
{
45
	int rc = 0;
46

47
	switch (err_code) {
48
	case -ENOKEY:
49
		ecryptfs_printk(KERN_WARNING, "No key\n");
50
		rc = -ENOENT;
51
		break;
52
	case -EKEYEXPIRED:
53
		ecryptfs_printk(KERN_WARNING, "Key expired\n");
54
		rc = -ETIME;
55
		break;
56
	case -EKEYREVOKED:
57
		ecryptfs_printk(KERN_WARNING, "Key revoked\n");
58
		rc = -EINVAL;
59
		break;
60
	default:
61
		ecryptfs_printk(KERN_WARNING, "Unknown error code: "
62
				"[0x%.16lx]\n", err_code);
63
		rc = -EINVAL;
64
	}
65
	return rc;
66
}
67

68
static int process_find_global_auth_tok_for_sig_err(int err_code)
69
{
70
	int rc = err_code;
71

72
	switch (err_code) {
73
	case -ENOENT:
74
		ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
75
		break;
76
	case -EINVAL:
77
		ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
78
		break;
79
	default:
80
		rc = process_request_key_err(err_code);
81
		break;
82
	}
83
	return rc;
84
}
85

86
/**
87
 * ecryptfs_parse_packet_length
88
 * @data: Pointer to memory containing length at offset
89
 * @size: This function writes the decoded size to this memory
90
 *        address; zero on error
91
 * @length_size: The number of bytes occupied by the encoded length
92
 *
93
 * Returns zero on success; non-zero on error
94
 */
95
int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
96
				 size_t *length_size)
97
{
98
	int rc = 0;
99

100
	(*length_size) = 0;
101
	(*size) = 0;
102
	if (data[0] < 192) {
103
		/* One-byte length */
104
		(*size) = (unsigned char)data[0];
105
		(*length_size) = 1;
106
	} else if (data[0] < 224) {
107
		/* Two-byte length */
108
		(*size) = (((unsigned char)(data[0]) - 192) * 256);
109
		(*size) += ((unsigned char)(data[1]) + 192);
110
		(*length_size) = 2;
111
	} else if (data[0] == 255) {
112
		/* Five-byte length; we're not supposed to see this */
113
		ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
114
				"supported\n");
115
		rc = -EINVAL;
116
		goto out;
117
	} else {
118
		ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
119
		rc = -EINVAL;
120
		goto out;
121
	}
122
out:
123
	return rc;
124
}
125

126
/**
127
 * ecryptfs_write_packet_length
128
 * @dest: The byte array target into which to write the length. Must
129
 *        have at least 5 bytes allocated.
130
 * @size: The length to write.
131
 * @packet_size_length: The number of bytes used to encode the packet
132
 *                      length is written to this address.
133
 *
134
 * Returns zero on success; non-zero on error.
135
 */
136
int ecryptfs_write_packet_length(char *dest, size_t size,
137
				 size_t *packet_size_length)
138
{
139
	int rc = 0;
140

141
	if (size < 192) {
142
		dest[0] = size;
143
		(*packet_size_length) = 1;
144
	} else if (size < 65536) {
145
		dest[0] = (((size - 192) / 256) + 192);
146
		dest[1] = ((size - 192) % 256);
147
		(*packet_size_length) = 2;
148
	} else {
149
		rc = -EINVAL;
150
		ecryptfs_printk(KERN_WARNING,
151
				"Unsupported packet size: [%zd]\n", size);
152
	}
153
	return rc;
154
}
155

156
static int
157
write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
158
		    char **packet, size_t *packet_len)
159
{
160
	size_t i = 0;
161
	size_t data_len;
162
	size_t packet_size_len;
163
	char *message;
164
	int rc;
165

166
	/*
167
	 *              ***** TAG 64 Packet Format *****
168
	 *    | Content Type                       | 1 byte       |
169
	 *    | Key Identifier Size                | 1 or 2 bytes |
170
	 *    | Key Identifier                     | arbitrary    |
171
	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
172
	 *    | Encrypted File Encryption Key      | arbitrary    |
173
	 */
174
	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
175
		    + session_key->encrypted_key_size);
176
	*packet = kmalloc(data_len, GFP_KERNEL);
177
	message = *packet;
178
	if (!message) {
179
		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
180
		rc = -ENOMEM;
181
		goto out;
182
	}
183
	message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
184
	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
185
					  &packet_size_len);
186
	if (rc) {
187
		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
188
				"header; cannot generate packet length\n");
189
		goto out;
190
	}
191
	i += packet_size_len;
192
	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
193
	i += ECRYPTFS_SIG_SIZE_HEX;
194
	rc = ecryptfs_write_packet_length(&message[i],
195
					  session_key->encrypted_key_size,
196
					  &packet_size_len);
197
	if (rc) {
198
		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
199
				"header; cannot generate packet length\n");
200
		goto out;
201
	}
202
	i += packet_size_len;
203
	memcpy(&message[i], session_key->encrypted_key,
204
	       session_key->encrypted_key_size);
205
	i += session_key->encrypted_key_size;
206
	*packet_len = i;
207
out:
208
	return rc;
209
}
210

211
static int
212
parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
213
		    struct ecryptfs_message *msg)
214
{
215
	size_t i = 0;
216
	char *data;
217
	size_t data_len;
218
	size_t m_size;
219
	size_t message_len;
220
	u16 checksum = 0;
221
	u16 expected_checksum = 0;
222
	int rc;
223

224
	/*
225
	 *              ***** TAG 65 Packet Format *****
226
	 *         | Content Type             | 1 byte       |
227
	 *         | Status Indicator         | 1 byte       |
228
	 *         | File Encryption Key Size | 1 or 2 bytes |
229
	 *         | File Encryption Key      | arbitrary    |
230
	 */
231
	message_len = msg->data_len;
232
	data = msg->data;
233
	if (message_len < 4) {
234
		rc = -EIO;
235
		goto out;
236
	}
237
	if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
238
		ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
239
		rc = -EIO;
240
		goto out;
241
	}
242
	if (data[i++]) {
243
		ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
244
				"[%d]\n", data[i-1]);
245
		rc = -EIO;
246
		goto out;
247
	}
248
	rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
249
	if (rc) {
250
		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
251
				"rc = [%d]\n", rc);
252
		goto out;
253
	}
254
	i += data_len;
255
	if (message_len < (i + m_size)) {
256
		ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
257
				"is shorter than expected\n");
258
		rc = -EIO;
259
		goto out;
260
	}
261
	if (m_size < 3) {
262
		ecryptfs_printk(KERN_ERR,
263
				"The decrypted key is not long enough to "
264
				"include a cipher code and checksum\n");
265
		rc = -EIO;
266
		goto out;
267
	}
268
	*cipher_code = data[i++];
269
	/* The decrypted key includes 1 byte cipher code and 2 byte checksum */
270
	session_key->decrypted_key_size = m_size - 3;
271
	if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
272
		ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
273
				"the maximum key size [%d]\n",
274
				session_key->decrypted_key_size,
275
				ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
276
		rc = -EIO;
277
		goto out;
278
	}
279
	memcpy(session_key->decrypted_key, &data[i],
280
	       session_key->decrypted_key_size);
281
	i += session_key->decrypted_key_size;
282
	expected_checksum += (unsigned char)(data[i++]) << 8;
283
	expected_checksum += (unsigned char)(data[i++]);
284
	for (i = 0; i < session_key->decrypted_key_size; i++)
285
		checksum += session_key->decrypted_key[i];
286
	if (expected_checksum != checksum) {
287
		ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
288
				"encryption  key; expected [%x]; calculated "
289
				"[%x]\n", expected_checksum, checksum);
290
		rc = -EIO;
291
	}
292
out:
293
	return rc;
294
}
295

296

297
static int
298
write_tag_66_packet(char *signature, u8 cipher_code,
299
		    struct ecryptfs_crypt_stat *crypt_stat, char **packet,
300
		    size_t *packet_len)
301
{
302
	size_t i = 0;
303
	size_t j;
304
	size_t data_len;
305
	size_t checksum = 0;
306
	size_t packet_size_len;
307
	char *message;
308
	int rc;
309

310
	/*
311
	 *              ***** TAG 66 Packet Format *****
312
	 *         | Content Type             | 1 byte       |
313
	 *         | Key Identifier Size      | 1 or 2 bytes |
314
	 *         | Key Identifier           | arbitrary    |
315
	 *         | File Encryption Key Size | 1 or 2 bytes |
316
	 *         | File Encryption Key      | arbitrary    |
317
	 */
318
	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
319
	*packet = kmalloc(data_len, GFP_KERNEL);
320
	message = *packet;
321
	if (!message) {
322
		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
323
		rc = -ENOMEM;
324
		goto out;
325
	}
326
	message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
327
	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
328
					  &packet_size_len);
329
	if (rc) {
330
		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
331
				"header; cannot generate packet length\n");
332
		goto out;
333
	}
334
	i += packet_size_len;
335
	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
336
	i += ECRYPTFS_SIG_SIZE_HEX;
337
	/* The encrypted key includes 1 byte cipher code and 2 byte checksum */
338
	rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
339
					  &packet_size_len);
340
	if (rc) {
341
		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
342
				"header; cannot generate packet length\n");
343
		goto out;
344
	}
345
	i += packet_size_len;
346
	message[i++] = cipher_code;
347
	memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
348
	i += crypt_stat->key_size;
349
	for (j = 0; j < crypt_stat->key_size; j++)
350
		checksum += crypt_stat->key[j];
351
	message[i++] = (checksum / 256) % 256;
352
	message[i++] = (checksum % 256);
353
	*packet_len = i;
354
out:
355
	return rc;
356
}
357

358
static int
359
parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
360
		    struct ecryptfs_message *msg)
361
{
362
	size_t i = 0;
363
	char *data;
364
	size_t data_len;
365
	size_t message_len;
366
	int rc;
367

368
	/*
369
	 *              ***** TAG 65 Packet Format *****
370
	 *    | Content Type                       | 1 byte       |
371
	 *    | Status Indicator                   | 1 byte       |
372
	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
373
	 *    | Encrypted File Encryption Key      | arbitrary    |
374
	 */
375
	message_len = msg->data_len;
376
	data = msg->data;
377
	/* verify that everything through the encrypted FEK size is present */
378
	if (message_len < 4) {
379
		rc = -EIO;
380
		printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
381
		       "message length is [%d]\n", __func__, message_len, 4);
382
		goto out;
383
	}
384
	if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
385
		rc = -EIO;
386
		printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
387
		       __func__);
388
		goto out;
389
	}
390
	if (data[i++]) {
391
		rc = -EIO;
392
		printk(KERN_ERR "%s: Status indicator has non zero "
393
		       "value [%d]\n", __func__, data[i-1]);
394

395
		goto out;
396
	}
397
	rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
398
					  &data_len);
399
	if (rc) {
400
		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
401
				"rc = [%d]\n", rc);
402
		goto out;
403
	}
404
	i += data_len;
405
	if (message_len < (i + key_rec->enc_key_size)) {
406
		rc = -EIO;
407
		printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
408
		       __func__, message_len, (i + key_rec->enc_key_size));
409
		goto out;
410
	}
411
	if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
412
		rc = -EIO;
413
		printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
414
		       "the maximum key size [%d]\n", __func__,
415
		       key_rec->enc_key_size,
416
		       ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
417
		goto out;
418
	}
419
	memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
420
out:
421
	return rc;
422
}
423

424
/**
425
 * ecryptfs_verify_version
426
 * @version: The version number to confirm
427
 *
428
 * Returns zero on good version; non-zero otherwise
429
 */
430
static int ecryptfs_verify_version(u16 version)
431
{
432
	int rc = 0;
433
	unsigned char major;
434
	unsigned char minor;
435

436
	major = ((version >> 8) & 0xFF);
437
	minor = (version & 0xFF);
438
	if (major != ECRYPTFS_VERSION_MAJOR) {
439
		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
440
				"Expected [%d]; got [%d]\n",
441
				ECRYPTFS_VERSION_MAJOR, major);
442
		rc = -EINVAL;
443
		goto out;
444
	}
445
	if (minor != ECRYPTFS_VERSION_MINOR) {
446
		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
447
				"Expected [%d]; got [%d]\n",
448
				ECRYPTFS_VERSION_MINOR, minor);
449
		rc = -EINVAL;
450
		goto out;
451
	}
452
out:
453
	return rc;
454
}
455

456
/**
457
 * ecryptfs_verify_auth_tok_from_key
458
 * @auth_tok_key: key containing the authentication token
459
 * @auth_tok: authentication token
460
 *
461
 * Returns zero on valid auth tok; -EINVAL otherwise
462
 */
463
static int
464
ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
465
				  struct ecryptfs_auth_tok **auth_tok)
466
{
467
	int rc = 0;
468

469
	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
470
	if (ecryptfs_verify_version((*auth_tok)->version)) {
471
		printk(KERN_ERR "Data structure version mismatch. Userspace "
472
		       "tools must match eCryptfs kernel module with major "
473
		       "version [%d] and minor version [%d]\n",
474
		       ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
475
		rc = -EINVAL;
476
		goto out;
477
	}
478
	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
479
	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
480
		printk(KERN_ERR "Invalid auth_tok structure "
481
		       "returned from key query\n");
482
		rc = -EINVAL;
483
		goto out;
484
	}
485
out:
486
	return rc;
487
}
488

489
static int
490
ecryptfs_find_global_auth_tok_for_sig(
491
	struct key **auth_tok_key,
492
	struct ecryptfs_auth_tok **auth_tok,
493
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
494
{
495
	struct ecryptfs_global_auth_tok *walker;
496
	int rc = 0;
497

498
	(*auth_tok_key) = NULL;
499
	(*auth_tok) = NULL;
500
	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
501
	list_for_each_entry(walker,
502
			    &mount_crypt_stat->global_auth_tok_list,
503
			    mount_crypt_stat_list) {
504
		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
505
			continue;
506

507
		if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
508
			rc = -EINVAL;
509
			goto out;
510
		}
511

512
		rc = key_validate(walker->global_auth_tok_key);
513
		if (rc) {
514
			if (rc == -EKEYEXPIRED)
515
				goto out;
516
			goto out_invalid_auth_tok;
517
		}
518

519
		down_write(&(walker->global_auth_tok_key->sem));
520
		rc = ecryptfs_verify_auth_tok_from_key(
521
				walker->global_auth_tok_key, auth_tok);
522
		if (rc)
523
			goto out_invalid_auth_tok_unlock;
524

525
		(*auth_tok_key) = walker->global_auth_tok_key;
526
		key_get(*auth_tok_key);
527
		goto out;
528
	}
529
	rc = -ENOENT;
530
	goto out;
531
out_invalid_auth_tok_unlock:
532
	up_write(&(walker->global_auth_tok_key->sem));
533
out_invalid_auth_tok:
534
	printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
535
	walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
536
	key_put(walker->global_auth_tok_key);
537
	walker->global_auth_tok_key = NULL;
538
out:
539
	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
540
	return rc;
541
}
542

543
/**
544
 * ecryptfs_find_auth_tok_for_sig
545
 * @auth_tok: Set to the matching auth_tok; NULL if not found
546
 * @crypt_stat: inode crypt_stat crypto context
547
 * @sig: Sig of auth_tok to find
548
 *
549
 * For now, this function simply looks at the registered auth_tok's
550
 * linked off the mount_crypt_stat, so all the auth_toks that can be
551
 * used must be registered at mount time. This function could
552
 * potentially try a lot harder to find auth_tok's (e.g., by calling
553
 * out to ecryptfsd to dynamically retrieve an auth_tok object) so
554
 * that static registration of auth_tok's will no longer be necessary.
555
 *
556
 * Returns zero on no error; non-zero on error
557
 */
558
static int
559
ecryptfs_find_auth_tok_for_sig(
560
	struct key **auth_tok_key,
561
	struct ecryptfs_auth_tok **auth_tok,
562
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
563
	char *sig)
564
{
565
	int rc = 0;
566

567
	rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
568
						   mount_crypt_stat, sig);
569
	if (rc == -ENOENT) {
570
		/* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
571
		 * mount_crypt_stat structure, we prevent to use auth toks that
572
		 * are not inserted through the ecryptfs_add_global_auth_tok
573
		 * function.
574
		 */
575
		if (mount_crypt_stat->flags
576
				& ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
577
			return -EINVAL;
578

579
		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
580
						       sig);
581
	}
582
	return rc;
583
}
584

585
/**
586
 * write_tag_70_packet can gobble a lot of stack space. We stuff most
587
 * of the function's parameters in a kmalloc'd struct to help reduce
588
 * eCryptfs' overall stack usage.
589
 */
590
struct ecryptfs_write_tag_70_packet_silly_stack {
591
	u8 cipher_code;
592
	size_t max_packet_size;
593
	size_t packet_size_len;
594
	size_t block_aligned_filename_size;
595
	size_t block_size;
596
	size_t i;
597
	size_t j;
598
	size_t num_rand_bytes;
599
	struct mutex *tfm_mutex;
600
	char *block_aligned_filename;
601
	struct ecryptfs_auth_tok *auth_tok;
602
	struct scatterlist src_sg[2];
603
	struct scatterlist dst_sg[2];
604
	struct blkcipher_desc desc;
605
	char iv[ECRYPTFS_MAX_IV_BYTES];
606
	char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
607
	char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
608
	struct hash_desc hash_desc;
609
	struct scatterlist hash_sg;
610
};
611

612
/**
613
 * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
614
 * @filename: NULL-terminated filename string
615
 *
616
 * This is the simplest mechanism for achieving filename encryption in
617
 * eCryptfs. It encrypts the given filename with the mount-wide
618
 * filename encryption key (FNEK) and stores it in a packet to @dest,
619
 * which the callee will encode and write directly into the dentry
620
 * name.
621
 */
622
int
623
ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
624
			     size_t *packet_size,
625
			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
626
			     char *filename, size_t filename_size)
627
{
628
	struct ecryptfs_write_tag_70_packet_silly_stack *s;
629
	struct key *auth_tok_key = NULL;
630
	int rc = 0;
631

632
	s = kmalloc(sizeof(*s), GFP_KERNEL);
633
	if (!s) {
634
		printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
635
		       "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
636
		rc = -ENOMEM;
637
		goto out;
638
	}
639
	s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
640
	(*packet_size) = 0;
641
	rc = ecryptfs_find_auth_tok_for_sig(
642
		&auth_tok_key,
643
		&s->auth_tok, mount_crypt_stat,
644
		mount_crypt_stat->global_default_fnek_sig);
645
	if (rc) {
646
		printk(KERN_ERR "%s: Error attempting to find auth tok for "
647
		       "fnek sig [%s]; rc = [%d]\n", __func__,
648
		       mount_crypt_stat->global_default_fnek_sig, rc);
649
		goto out;
650
	}
651
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
652
		&s->desc.tfm,
653
		&s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
654
	if (unlikely(rc)) {
655
		printk(KERN_ERR "Internal error whilst attempting to get "
656
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
657
		       mount_crypt_stat->global_default_fn_cipher_name, rc);
658
		goto out;
659
	}
660
	mutex_lock(s->tfm_mutex);
661
	s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
662
	/* Plus one for the \0 separator between the random prefix
663
	 * and the plaintext filename */
664
	s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
665
	s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
666
	if ((s->block_aligned_filename_size % s->block_size) != 0) {
667
		s->num_rand_bytes += (s->block_size
668
				      - (s->block_aligned_filename_size
669
					 % s->block_size));
670
		s->block_aligned_filename_size = (s->num_rand_bytes
671
						  + filename_size);
672
	}
673
	/* Octet 0: Tag 70 identifier
674
	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
675
	 *              and block-aligned encrypted filename size)
676
	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
677
	 * Octet N2-N3: Cipher identifier (1 octet)
678
	 * Octets N3-N4: Block-aligned encrypted filename
679
	 *  - Consists of a minimum number of random characters, a \0
680
	 *    separator, and then the filename */
681
	s->max_packet_size = (1                   /* Tag 70 identifier */
682
			      + 3                 /* Max Tag 70 packet size */
683
			      + ECRYPTFS_SIG_SIZE /* FNEK sig */
684
			      + 1                 /* Cipher identifier */
685
			      + s->block_aligned_filename_size);
686
	if (dest == NULL) {
687
		(*packet_size) = s->max_packet_size;
688
		goto out_unlock;
689
	}
690
	if (s->max_packet_size > (*remaining_bytes)) {
691
		printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
692
		       "[%zd] available\n", __func__, s->max_packet_size,
693
		       (*remaining_bytes));
694
		rc = -EINVAL;
695
		goto out_unlock;
696
	}
697
	s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
698
					    GFP_KERNEL);
699
	if (!s->block_aligned_filename) {
700
		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
701
		       "kzalloc [%zd] bytes\n", __func__,
702
		       s->block_aligned_filename_size);
703
		rc = -ENOMEM;
704
		goto out_unlock;
705
	}
706
	s->i = 0;
707
	dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
708
	rc = ecryptfs_write_packet_length(&dest[s->i],
709
					  (ECRYPTFS_SIG_SIZE
710
					   + 1 /* Cipher code */
711
					   + s->block_aligned_filename_size),
712
					  &s->packet_size_len);
713
	if (rc) {
714
		printk(KERN_ERR "%s: Error generating tag 70 packet "
715
		       "header; cannot generate packet length; rc = [%d]\n",
716
		       __func__, rc);
717
		goto out_free_unlock;
718
	}
719
	s->i += s->packet_size_len;
720
	ecryptfs_from_hex(&dest[s->i],
721
			  mount_crypt_stat->global_default_fnek_sig,
722
			  ECRYPTFS_SIG_SIZE);
723
	s->i += ECRYPTFS_SIG_SIZE;
724
	s->cipher_code = ecryptfs_code_for_cipher_string(
725
		mount_crypt_stat->global_default_fn_cipher_name,
726
		mount_crypt_stat->global_default_fn_cipher_key_bytes);
727
	if (s->cipher_code == 0) {
728
		printk(KERN_WARNING "%s: Unable to generate code for "
729
		       "cipher [%s] with key bytes [%zd]\n", __func__,
730
		       mount_crypt_stat->global_default_fn_cipher_name,
731
		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
732
		rc = -EINVAL;
733
		goto out_free_unlock;
734
	}
735
	dest[s->i++] = s->cipher_code;
736
	/* TODO: Support other key modules than passphrase for
737
	 * filename encryption */
738
	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
739
		rc = -EOPNOTSUPP;
740
		printk(KERN_INFO "%s: Filename encryption only supports "
741
		       "password tokens\n", __func__);
742
		goto out_free_unlock;
743
	}
744
	sg_init_one(
745
		&s->hash_sg,
746
		(u8 *)s->auth_tok->token.password.session_key_encryption_key,
747
		s->auth_tok->token.password.session_key_encryption_key_bytes);
748
	s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
749
	s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
750
					     CRYPTO_ALG_ASYNC);
751
	if (IS_ERR(s->hash_desc.tfm)) {
752
			rc = PTR_ERR(s->hash_desc.tfm);
753
			printk(KERN_ERR "%s: Error attempting to "
754
			       "allocate hash crypto context; rc = [%d]\n",
755
			       __func__, rc);
756
			goto out_free_unlock;
757
	}
758
	rc = crypto_hash_init(&s->hash_desc);
759
	if (rc) {
760
		printk(KERN_ERR
761
		       "%s: Error initializing crypto hash; rc = [%d]\n",
762
		       __func__, rc);
763
		goto out_release_free_unlock;
764
	}
765
	rc = crypto_hash_update(
766
		&s->hash_desc, &s->hash_sg,
767
		s->auth_tok->token.password.session_key_encryption_key_bytes);
768
	if (rc) {
769
		printk(KERN_ERR
770
		       "%s: Error updating crypto hash; rc = [%d]\n",
771
		       __func__, rc);
772
		goto out_release_free_unlock;
773
	}
774
	rc = crypto_hash_final(&s->hash_desc, s->hash);
775
	if (rc) {
776
		printk(KERN_ERR
777
		       "%s: Error finalizing crypto hash; rc = [%d]\n",
778
		       __func__, rc);
779
		goto out_release_free_unlock;
780
	}
781
	for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
782
		s->block_aligned_filename[s->j] =
783
			s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
784
		if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
785
		    == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
786
			sg_init_one(&s->hash_sg, (u8 *)s->hash,
787
				    ECRYPTFS_TAG_70_DIGEST_SIZE);
788
			rc = crypto_hash_init(&s->hash_desc);
789
			if (rc) {
790
				printk(KERN_ERR
791
				       "%s: Error initializing crypto hash; "
792
				       "rc = [%d]\n", __func__, rc);
793
				goto out_release_free_unlock;
794
			}
795
			rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
796
						ECRYPTFS_TAG_70_DIGEST_SIZE);
797
			if (rc) {
798
				printk(KERN_ERR
799
				       "%s: Error updating crypto hash; "
800
				       "rc = [%d]\n", __func__, rc);
801
				goto out_release_free_unlock;
802
			}
803
			rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
804
			if (rc) {
805
				printk(KERN_ERR
806
				       "%s: Error finalizing crypto hash; "
807
				       "rc = [%d]\n", __func__, rc);
808
				goto out_release_free_unlock;
809
			}
810
			memcpy(s->hash, s->tmp_hash,
811
			       ECRYPTFS_TAG_70_DIGEST_SIZE);
812
		}
813
		if (s->block_aligned_filename[s->j] == '\0')
814
			s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
815
	}
816
	memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
817
	       filename_size);
818
	rc = virt_to_scatterlist(s->block_aligned_filename,
819
				 s->block_aligned_filename_size, s->src_sg, 2);
820
	if (rc < 1) {
821
		printk(KERN_ERR "%s: Internal error whilst attempting to "
822
		       "convert filename memory to scatterlist; rc = [%d]. "
823
		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
824
		       s->block_aligned_filename_size);
825
		goto out_release_free_unlock;
826
	}
827
	rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
828
				 s->dst_sg, 2);
829
	if (rc < 1) {
830
		printk(KERN_ERR "%s: Internal error whilst attempting to "
831
		       "convert encrypted filename memory to scatterlist; "
832
		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
833
		       __func__, rc, s->block_aligned_filename_size);
834
		goto out_release_free_unlock;
835
	}
836
	/* The characters in the first block effectively do the job
837
	 * of the IV here, so we just use 0's for the IV. Note the
838
	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
839
	 * >= ECRYPTFS_MAX_IV_BYTES. */
840
	memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
841
	s->desc.info = s->iv;
842
	rc = crypto_blkcipher_setkey(
843
		s->desc.tfm,
844
		s->auth_tok->token.password.session_key_encryption_key,
845
		mount_crypt_stat->global_default_fn_cipher_key_bytes);
846
	if (rc < 0) {
847
		printk(KERN_ERR "%s: Error setting key for crypto context; "
848
		       "rc = [%d]. s->auth_tok->token.password.session_key_"
849
		       "encryption_key = [0x%p]; mount_crypt_stat->"
850
		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
851
		       rc,
852
		       s->auth_tok->token.password.session_key_encryption_key,
853
		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
854
		goto out_release_free_unlock;
855
	}
856
	rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
857
					 s->block_aligned_filename_size);
858
	if (rc) {
859
		printk(KERN_ERR "%s: Error attempting to encrypt filename; "
860
		       "rc = [%d]\n", __func__, rc);
861
		goto out_release_free_unlock;
862
	}
863
	s->i += s->block_aligned_filename_size;
864
	(*packet_size) = s->i;
865
	(*remaining_bytes) -= (*packet_size);
866
out_release_free_unlock:
867
	crypto_free_hash(s->hash_desc.tfm);
868
out_free_unlock:
869
	kzfree(s->block_aligned_filename);
870
out_unlock:
871
	mutex_unlock(s->tfm_mutex);
872
out:
873
	if (auth_tok_key) {
874
		up_write(&(auth_tok_key->sem));
875
		key_put(auth_tok_key);
876
	}
877
	kfree(s);
878
	return rc;
879
}
880

881
struct ecryptfs_parse_tag_70_packet_silly_stack {
882
	u8 cipher_code;
883
	size_t max_packet_size;
884
	size_t packet_size_len;
885
	size_t parsed_tag_70_packet_size;
886
	size_t block_aligned_filename_size;
887
	size_t block_size;
888
	size_t i;
889
	struct mutex *tfm_mutex;
890
	char *decrypted_filename;
891
	struct ecryptfs_auth_tok *auth_tok;
892
	struct scatterlist src_sg[2];
893
	struct scatterlist dst_sg[2];
894
	struct blkcipher_desc desc;
895
	char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
896
	char iv[ECRYPTFS_MAX_IV_BYTES];
897
	char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
898
};
899

900
/**
901
 * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
902
 * @filename: This function kmalloc's the memory for the filename
903
 * @filename_size: This function sets this to the amount of memory
904
 *                 kmalloc'd for the filename
905
 * @packet_size: This function sets this to the the number of octets
906
 *               in the packet parsed
907
 * @mount_crypt_stat: The mount-wide cryptographic context
908
 * @data: The memory location containing the start of the tag 70
909
 *        packet
910
 * @max_packet_size: The maximum legal size of the packet to be parsed
911
 *                   from @data
912
 *
913
 * Returns zero on success; non-zero otherwise
914
 */
915
int
916
ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
917
			     size_t *packet_size,
918
			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
919
			     char *data, size_t max_packet_size)
920
{
921
	struct ecryptfs_parse_tag_70_packet_silly_stack *s;
922
	struct key *auth_tok_key = NULL;
923
	int rc = 0;
924

925
	(*packet_size) = 0;
926
	(*filename_size) = 0;
927
	(*filename) = NULL;
928
	s = kmalloc(sizeof(*s), GFP_KERNEL);
929
	if (!s) {
930
		printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
931
		       "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
932
		rc = -ENOMEM;
933
		goto out;
934
	}
935
	s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
936
	if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
937
		printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
938
		       "at least [%d]\n", __func__, max_packet_size,
939
			(1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
940
		rc = -EINVAL;
941
		goto out;
942
	}
943
	/* Octet 0: Tag 70 identifier
944
	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
945
	 *              and block-aligned encrypted filename size)
946
	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
947
	 * Octet N2-N3: Cipher identifier (1 octet)
948
	 * Octets N3-N4: Block-aligned encrypted filename
949
	 *  - Consists of a minimum number of random numbers, a \0
950
	 *    separator, and then the filename */
951
	if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
952
		printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
953
		       "tag [0x%.2x]\n", __func__,
954
		       data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
955
		rc = -EINVAL;
956
		goto out;
957
	}
958
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
959
					  &s->parsed_tag_70_packet_size,
960
					  &s->packet_size_len);
961
	if (rc) {
962
		printk(KERN_WARNING "%s: Error parsing packet length; "
963
		       "rc = [%d]\n", __func__, rc);
964
		goto out;
965
	}
966
	s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
967
					  - ECRYPTFS_SIG_SIZE - 1);
968
	if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
969
	    > max_packet_size) {
970
		printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
971
		       "size is [%zd]\n", __func__, max_packet_size,
972
		       (1 + s->packet_size_len + 1
973
			+ s->block_aligned_filename_size));
974
		rc = -EINVAL;
975
		goto out;
976
	}
977
	(*packet_size) += s->packet_size_len;
978
	ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
979
			ECRYPTFS_SIG_SIZE);
980
	s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
981
	(*packet_size) += ECRYPTFS_SIG_SIZE;
982
	s->cipher_code = data[(*packet_size)++];
983
	rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
984
	if (rc) {
985
		printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
986
		       __func__, s->cipher_code);
987
		goto out;
988
	}
989
	rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
990
					    &s->auth_tok, mount_crypt_stat,
991
					    s->fnek_sig_hex);
992
	if (rc) {
993
		printk(KERN_ERR "%s: Error attempting to find auth tok for "
994
		       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
995
		       rc);
996
		goto out;
997
	}
998
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
999
							&s->tfm_mutex,
1000
							s->cipher_string);
1001
	if (unlikely(rc)) {
1002
		printk(KERN_ERR "Internal error whilst attempting to get "
1003
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1004
		       s->cipher_string, rc);
1005
		goto out;
1006
	}
1007
	mutex_lock(s->tfm_mutex);
1008
	rc = virt_to_scatterlist(&data[(*packet_size)],
1009
				 s->block_aligned_filename_size, s->src_sg, 2);
1010
	if (rc < 1) {
1011
		printk(KERN_ERR "%s: Internal error whilst attempting to "
1012
		       "convert encrypted filename memory to scatterlist; "
1013
		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1014
		       __func__, rc, s->block_aligned_filename_size);
1015
		goto out_unlock;
1016
	}
1017
	(*packet_size) += s->block_aligned_filename_size;
1018
	s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
1019
					GFP_KERNEL);
1020
	if (!s->decrypted_filename) {
1021
		printk(KERN_ERR "%s: Out of memory whilst attempting to "
1022
		       "kmalloc [%zd] bytes\n", __func__,
1023
		       s->block_aligned_filename_size);
1024
		rc = -ENOMEM;
1025
		goto out_unlock;
1026
	}
1027
	rc = virt_to_scatterlist(s->decrypted_filename,
1028
				 s->block_aligned_filename_size, s->dst_sg, 2);
1029
	if (rc < 1) {
1030
		printk(KERN_ERR "%s: Internal error whilst attempting to "
1031
		       "convert decrypted filename memory to scatterlist; "
1032
		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1033
		       __func__, rc, s->block_aligned_filename_size);
1034
		goto out_free_unlock;
1035
	}
1036
	/* The characters in the first block effectively do the job of
1037
	 * the IV here, so we just use 0's for the IV. Note the
1038
	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1039
	 * >= ECRYPTFS_MAX_IV_BYTES. */
1040
	memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
1041
	s->desc.info = s->iv;
1042
	/* TODO: Support other key modules than passphrase for
1043
	 * filename encryption */
1044
	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1045
		rc = -EOPNOTSUPP;
1046
		printk(KERN_INFO "%s: Filename encryption only supports "
1047
		       "password tokens\n", __func__);
1048
		goto out_free_unlock;
1049
	}
1050
	rc = crypto_blkcipher_setkey(
1051
		s->desc.tfm,
1052
		s->auth_tok->token.password.session_key_encryption_key,
1053
		mount_crypt_stat->global_default_fn_cipher_key_bytes);
1054
	if (rc < 0) {
1055
		printk(KERN_ERR "%s: Error setting key for crypto context; "
1056
		       "rc = [%d]. s->auth_tok->token.password.session_key_"
1057
		       "encryption_key = [0x%p]; mount_crypt_stat->"
1058
		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
1059
		       rc,
1060
		       s->auth_tok->token.password.session_key_encryption_key,
1061
		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
1062
		goto out_free_unlock;
1063
	}
1064
	rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
1065
					 s->block_aligned_filename_size);
1066
	if (rc) {
1067
		printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1068
		       "rc = [%d]\n", __func__, rc);
1069
		goto out_free_unlock;
1070
	}
1071
	s->i = 0;
1072
	while (s->decrypted_filename[s->i] != '\0'
1073
	       && s->i < s->block_aligned_filename_size)
1074
		s->i++;
1075
	if (s->i == s->block_aligned_filename_size) {
1076
		printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
1077
		       "find valid separator between random characters and "
1078
		       "the filename\n", __func__);
1079
		rc = -EINVAL;
1080
		goto out_free_unlock;
1081
	}
1082
	s->i++;
1083
	(*filename_size) = (s->block_aligned_filename_size - s->i);
1084
	if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
1085
		printk(KERN_WARNING "%s: Filename size is [%zd], which is "
1086
		       "invalid\n", __func__, (*filename_size));
1087
		rc = -EINVAL;
1088
		goto out_free_unlock;
1089
	}
1090
	(*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
1091
	if (!(*filename)) {
1092
		printk(KERN_ERR "%s: Out of memory whilst attempting to "
1093
		       "kmalloc [%zd] bytes\n", __func__,
1094
		       ((*filename_size) + 1));
1095
		rc = -ENOMEM;
1096
		goto out_free_unlock;
1097
	}
1098
	memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
1099
	(*filename)[(*filename_size)] = '\0';
1100
out_free_unlock:
1101
	kfree(s->decrypted_filename);
1102
out_unlock:
1103
	mutex_unlock(s->tfm_mutex);
1104
out:
1105
	if (rc) {
1106
		(*packet_size) = 0;
1107
		(*filename_size) = 0;
1108
		(*filename) = NULL;
1109
	}
1110
	if (auth_tok_key) {
1111
		up_write(&(auth_tok_key->sem));
1112
		key_put(auth_tok_key);
1113
	}
1114
	kfree(s);
1115
	return rc;
1116
}
1117

1118
static int
1119
ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1120
{
1121
	int rc = 0;
1122

1123
	(*sig) = NULL;
1124
	switch (auth_tok->token_type) {
1125
	case ECRYPTFS_PASSWORD:
1126
		(*sig) = auth_tok->token.password.signature;
1127
		break;
1128
	case ECRYPTFS_PRIVATE_KEY:
1129
		(*sig) = auth_tok->token.private_key.signature;
1130
		break;
1131
	default:
1132
		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1133
		       auth_tok->token_type);
1134
		rc = -EINVAL;
1135
	}
1136
	return rc;
1137
}
1138

1139
/**
1140
 * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1141
 * @auth_tok: The key authentication token used to decrypt the session key
1142
 * @crypt_stat: The cryptographic context
1143
 *
1144
 * Returns zero on success; non-zero error otherwise.
1145
 */
1146
static int
1147
decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1148
				  struct ecryptfs_crypt_stat *crypt_stat)
1149
{
1150
	u8 cipher_code = 0;
1151
	struct ecryptfs_msg_ctx *msg_ctx;
1152
	struct ecryptfs_message *msg = NULL;
1153
	char *auth_tok_sig;
1154
	char *payload;
1155
	size_t payload_len;
1156
	int rc;
1157

1158
	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1159
	if (rc) {
1160
		printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1161
		       auth_tok->token_type);
1162
		goto out;
1163
	}
1164
	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1165
				 &payload, &payload_len);
1166
	if (rc) {
1167
		ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1168
		goto out;
1169
	}
1170
	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1171
	if (rc) {
1172
		ecryptfs_printk(KERN_ERR, "Error sending message to "
1173
				"ecryptfsd\n");
1174
		goto out;
1175
	}
1176
	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1177
	if (rc) {
1178
		ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1179
				"from the user space daemon\n");
1180
		rc = -EIO;
1181
		goto out;
1182
	}
1183
	rc = parse_tag_65_packet(&(auth_tok->session_key),
1184
				 &cipher_code, msg);
1185
	if (rc) {
1186
		printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1187
		       rc);
1188
		goto out;
1189
	}
1190
	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1191
	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1192
	       auth_tok->session_key.decrypted_key_size);
1193
	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1194
	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1195
	if (rc) {
1196
		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1197
				cipher_code)
1198
		goto out;
1199
	}
1200
	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1201
	if (ecryptfs_verbosity > 0) {
1202
		ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1203
		ecryptfs_dump_hex(crypt_stat->key,
1204
				  crypt_stat->key_size);
1205
	}
1206
out:
1207
	if (msg)
1208
		kfree(msg);
1209
	return rc;
1210
}
1211

1212
static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1213
{
1214
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1215
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1216

1217
	list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1218
				 auth_tok_list_head, list) {
1219
		list_del(&auth_tok_list_item->list);
1220
		kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1221
				auth_tok_list_item);
1222
	}
1223
}
1224

1225
struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1226

1227
/**
1228
 * parse_tag_1_packet
1229
 * @crypt_stat: The cryptographic context to modify based on packet contents
1230
 * @data: The raw bytes of the packet.
1231
 * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1232
 *                 a new authentication token will be placed at the
1233
 *                 end of this list for this packet.
1234
 * @new_auth_tok: Pointer to a pointer to memory that this function
1235
 *                allocates; sets the memory address of the pointer to
1236
 *                NULL on error. This object is added to the
1237
 *                auth_tok_list.
1238
 * @packet_size: This function writes the size of the parsed packet
1239
 *               into this memory location; zero on error.
1240
 * @max_packet_size: The maximum allowable packet size
1241
 *
1242
 * Returns zero on success; non-zero on error.
1243
 */
1244
static int
1245
parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1246
		   unsigned char *data, struct list_head *auth_tok_list,
1247
		   struct ecryptfs_auth_tok **new_auth_tok,
1248
		   size_t *packet_size, size_t max_packet_size)
1249
{
1250
	size_t body_size;
1251
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1252
	size_t length_size;
1253
	int rc = 0;
1254

1255
	(*packet_size) = 0;
1256
	(*new_auth_tok) = NULL;
1257
	/**
1258
	 * This format is inspired by OpenPGP; see RFC 2440
1259
	 * packet tag 1
1260
	 *
1261
	 * Tag 1 identifier (1 byte)
1262
	 * Max Tag 1 packet size (max 3 bytes)
1263
	 * Version (1 byte)
1264
	 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1265
	 * Cipher identifier (1 byte)
1266
	 * Encrypted key size (arbitrary)
1267
	 *
1268
	 * 12 bytes minimum packet size
1269
	 */
1270
	if (unlikely(max_packet_size < 12)) {
1271
		printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1272
		rc = -EINVAL;
1273
		goto out;
1274
	}
1275
	if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1276
		printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1277
		       ECRYPTFS_TAG_1_PACKET_TYPE);
1278
		rc = -EINVAL;
1279
		goto out;
1280
	}
1281
	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1282
	 * at end of function upon failure */
1283
	auth_tok_list_item =
1284
		kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1285
				  GFP_KERNEL);
1286
	if (!auth_tok_list_item) {
1287
		printk(KERN_ERR "Unable to allocate memory\n");
1288
		rc = -ENOMEM;
1289
		goto out;
1290
	}
1291
	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1292
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1293
					  &length_size);
1294
	if (rc) {
1295
		printk(KERN_WARNING "Error parsing packet length; "
1296
		       "rc = [%d]\n", rc);
1297
		goto out_free;
1298
	}
1299
	if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1300
		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1301
		rc = -EINVAL;
1302
		goto out_free;
1303
	}
1304
	(*packet_size) += length_size;
1305
	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1306
		printk(KERN_WARNING "Packet size exceeds max\n");
1307
		rc = -EINVAL;
1308
		goto out_free;
1309
	}
1310
	if (unlikely(data[(*packet_size)++] != 0x03)) {
1311
		printk(KERN_WARNING "Unknown version number [%d]\n",
1312
		       data[(*packet_size) - 1]);
1313
		rc = -EINVAL;
1314
		goto out_free;
1315
	}
1316
	ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1317
			&data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1318
	*packet_size += ECRYPTFS_SIG_SIZE;
1319
	/* This byte is skipped because the kernel does not need to
1320
	 * know which public key encryption algorithm was used */
1321
	(*packet_size)++;
1322
	(*new_auth_tok)->session_key.encrypted_key_size =
1323
		body_size - (ECRYPTFS_SIG_SIZE + 2);
1324
	if ((*new_auth_tok)->session_key.encrypted_key_size
1325
	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1326
		printk(KERN_WARNING "Tag 1 packet contains key larger "
1327
		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1328
		rc = -EINVAL;
1329
		goto out;
1330
	}
1331
	memcpy((*new_auth_tok)->session_key.encrypted_key,
1332
	       &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1333
	(*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1334
	(*new_auth_tok)->session_key.flags &=
1335
		~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1336
	(*new_auth_tok)->session_key.flags |=
1337
		ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1338
	(*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1339
	(*new_auth_tok)->flags = 0;
1340
	(*new_auth_tok)->session_key.flags &=
1341
		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1342
	(*new_auth_tok)->session_key.flags &=
1343
		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1344
	list_add(&auth_tok_list_item->list, auth_tok_list);
1345
	goto out;
1346
out_free:
1347
	(*new_auth_tok) = NULL;
1348
	memset(auth_tok_list_item, 0,
1349
	       sizeof(struct ecryptfs_auth_tok_list_item));
1350
	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1351
			auth_tok_list_item);
1352
out:
1353
	if (rc)
1354
		(*packet_size) = 0;
1355
	return rc;
1356
}
1357

1358
/**
1359
 * parse_tag_3_packet
1360
 * @crypt_stat: The cryptographic context to modify based on packet
1361
 *              contents.
1362
 * @data: The raw bytes of the packet.
1363
 * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1364
 *                 a new authentication token will be placed at the end
1365
 *                 of this list for this packet.
1366
 * @new_auth_tok: Pointer to a pointer to memory that this function
1367
 *                allocates; sets the memory address of the pointer to
1368
 *                NULL on error. This object is added to the
1369
 *                auth_tok_list.
1370
 * @packet_size: This function writes the size of the parsed packet
1371
 *               into this memory location; zero on error.
1372
 * @max_packet_size: maximum number of bytes to parse
1373
 *
1374
 * Returns zero on success; non-zero on error.
1375
 */
1376
static int
1377
parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1378
		   unsigned char *data, struct list_head *auth_tok_list,
1379
		   struct ecryptfs_auth_tok **new_auth_tok,
1380
		   size_t *packet_size, size_t max_packet_size)
1381
{
1382
	size_t body_size;
1383
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1384
	size_t length_size;
1385
	int rc = 0;
1386

1387
	(*packet_size) = 0;
1388
	(*new_auth_tok) = NULL;
1389
	/**
1390
	 *This format is inspired by OpenPGP; see RFC 2440
1391
	 * packet tag 3
1392
	 *
1393
	 * Tag 3 identifier (1 byte)
1394
	 * Max Tag 3 packet size (max 3 bytes)
1395
	 * Version (1 byte)
1396
	 * Cipher code (1 byte)
1397
	 * S2K specifier (1 byte)
1398
	 * Hash identifier (1 byte)
1399
	 * Salt (ECRYPTFS_SALT_SIZE)
1400
	 * Hash iterations (1 byte)
1401
	 * Encrypted key (arbitrary)
1402
	 *
1403
	 * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1404
	 */
1405
	if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1406
		printk(KERN_ERR "Max packet size too large\n");
1407
		rc = -EINVAL;
1408
		goto out;
1409
	}
1410
	if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1411
		printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1412
		       ECRYPTFS_TAG_3_PACKET_TYPE);
1413
		rc = -EINVAL;
1414
		goto out;
1415
	}
1416
	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1417
	 * at end of function upon failure */
1418
	auth_tok_list_item =
1419
	    kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1420
	if (!auth_tok_list_item) {
1421
		printk(KERN_ERR "Unable to allocate memory\n");
1422
		rc = -ENOMEM;
1423
		goto out;
1424
	}
1425
	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1426
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1427
					  &length_size);
1428
	if (rc) {
1429
		printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1430
		       rc);
1431
		goto out_free;
1432
	}
1433
	if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1434
		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1435
		rc = -EINVAL;
1436
		goto out_free;
1437
	}
1438
	(*packet_size) += length_size;
1439
	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1440
		printk(KERN_ERR "Packet size exceeds max\n");
1441
		rc = -EINVAL;
1442
		goto out_free;
1443
	}
1444
	(*new_auth_tok)->session_key.encrypted_key_size =
1445
		(body_size - (ECRYPTFS_SALT_SIZE + 5));
1446
	if ((*new_auth_tok)->session_key.encrypted_key_size
1447
	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1448
		printk(KERN_WARNING "Tag 3 packet contains key larger "
1449
		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1450
		rc = -EINVAL;
1451
		goto out_free;
1452
	}
1453
	if (unlikely(data[(*packet_size)++] != 0x04)) {
1454
		printk(KERN_WARNING "Unknown version number [%d]\n",
1455
		       data[(*packet_size) - 1]);
1456
		rc = -EINVAL;
1457
		goto out_free;
1458
	}
1459
	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1460
					    (u16)data[(*packet_size)]);
1461
	if (rc)
1462
		goto out_free;
1463
	/* A little extra work to differentiate among the AES key
1464
	 * sizes; see RFC2440 */
1465
	switch(data[(*packet_size)++]) {
1466
	case RFC2440_CIPHER_AES_192:
1467
		crypt_stat->key_size = 24;
1468
		break;
1469
	default:
1470
		crypt_stat->key_size =
1471
			(*new_auth_tok)->session_key.encrypted_key_size;
1472
	}
1473
	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1474
	if (rc)
1475
		goto out_free;
1476
	if (unlikely(data[(*packet_size)++] != 0x03)) {
1477
		printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1478
		rc = -ENOSYS;
1479
		goto out_free;
1480
	}
1481
	/* TODO: finish the hash mapping */
1482
	switch (data[(*packet_size)++]) {
1483
	case 0x01: /* See RFC2440 for these numbers and their mappings */
1484
		/* Choose MD5 */
1485
		memcpy((*new_auth_tok)->token.password.salt,
1486
		       &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1487
		(*packet_size) += ECRYPTFS_SALT_SIZE;
1488
		/* This conversion was taken straight from RFC2440 */
1489
		(*new_auth_tok)->token.password.hash_iterations =
1490
			((u32) 16 + (data[(*packet_size)] & 15))
1491
				<< ((data[(*packet_size)] >> 4) + 6);
1492
		(*packet_size)++;
1493
		/* Friendly reminder:
1494
		 * (*new_auth_tok)->session_key.encrypted_key_size =
1495
		 *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1496
		memcpy((*new_auth_tok)->session_key.encrypted_key,
1497
		       &data[(*packet_size)],
1498
		       (*new_auth_tok)->session_key.encrypted_key_size);
1499
		(*packet_size) +=
1500
			(*new_auth_tok)->session_key.encrypted_key_size;
1501
		(*new_auth_tok)->session_key.flags &=
1502
			~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1503
		(*new_auth_tok)->session_key.flags |=
1504
			ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1505
		(*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1506
		break;
1507
	default:
1508
		ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1509
				"[%d]\n", data[(*packet_size) - 1]);
1510
		rc = -ENOSYS;
1511
		goto out_free;
1512
	}
1513
	(*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1514
	/* TODO: Parametarize; we might actually want userspace to
1515
	 * decrypt the session key. */
1516
	(*new_auth_tok)->session_key.flags &=
1517
			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1518
	(*new_auth_tok)->session_key.flags &=
1519
			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1520
	list_add(&auth_tok_list_item->list, auth_tok_list);
1521
	goto out;
1522
out_free:
1523
	(*new_auth_tok) = NULL;
1524
	memset(auth_tok_list_item, 0,
1525
	       sizeof(struct ecryptfs_auth_tok_list_item));
1526
	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1527
			auth_tok_list_item);
1528
out:
1529
	if (rc)
1530
		(*packet_size) = 0;
1531
	return rc;
1532
}
1533

1534
/**
1535
 * parse_tag_11_packet
1536
 * @data: The raw bytes of the packet
1537
 * @contents: This function writes the data contents of the literal
1538
 *            packet into this memory location
1539
 * @max_contents_bytes: The maximum number of bytes that this function
1540
 *                      is allowed to write into contents
1541
 * @tag_11_contents_size: This function writes the size of the parsed
1542
 *                        contents into this memory location; zero on
1543
 *                        error
1544
 * @packet_size: This function writes the size of the parsed packet
1545
 *               into this memory location; zero on error
1546
 * @max_packet_size: maximum number of bytes to parse
1547
 *
1548
 * Returns zero on success; non-zero on error.
1549
 */
1550
static int
1551
parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1552
		    size_t max_contents_bytes, size_t *tag_11_contents_size,
1553
		    size_t *packet_size, size_t max_packet_size)
1554
{
1555
	size_t body_size;
1556
	size_t length_size;
1557
	int rc = 0;
1558

1559
	(*packet_size) = 0;
1560
	(*tag_11_contents_size) = 0;
1561
	/* This format is inspired by OpenPGP; see RFC 2440
1562
	 * packet tag 11
1563
	 *
1564
	 * Tag 11 identifier (1 byte)
1565
	 * Max Tag 11 packet size (max 3 bytes)
1566
	 * Binary format specifier (1 byte)
1567
	 * Filename length (1 byte)
1568
	 * Filename ("_CONSOLE") (8 bytes)
1569
	 * Modification date (4 bytes)
1570
	 * Literal data (arbitrary)
1571
	 *
1572
	 * We need at least 16 bytes of data for the packet to even be
1573
	 * valid.
1574
	 */
1575
	if (max_packet_size < 16) {
1576
		printk(KERN_ERR "Maximum packet size too small\n");
1577
		rc = -EINVAL;
1578
		goto out;
1579
	}
1580
	if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1581
		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1582
		rc = -EINVAL;
1583
		goto out;
1584
	}
1585
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1586
					  &length_size);
1587
	if (rc) {
1588
		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1589
		goto out;
1590
	}
1591
	if (body_size < 14) {
1592
		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1593
		rc = -EINVAL;
1594
		goto out;
1595
	}
1596
	(*packet_size) += length_size;
1597
	(*tag_11_contents_size) = (body_size - 14);
1598
	if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1599
		printk(KERN_ERR "Packet size exceeds max\n");
1600
		rc = -EINVAL;
1601
		goto out;
1602
	}
1603
	if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1604
		printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1605
		       "expected size\n");
1606
		rc = -EINVAL;
1607
		goto out;
1608
	}
1609
	if (data[(*packet_size)++] != 0x62) {
1610
		printk(KERN_WARNING "Unrecognizable packet\n");
1611
		rc = -EINVAL;
1612
		goto out;
1613
	}
1614
	if (data[(*packet_size)++] != 0x08) {
1615
		printk(KERN_WARNING "Unrecognizable packet\n");
1616
		rc = -EINVAL;
1617
		goto out;
1618
	}
1619
	(*packet_size) += 12; /* Ignore filename and modification date */
1620
	memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1621
	(*packet_size) += (*tag_11_contents_size);
1622
out:
1623
	if (rc) {
1624
		(*packet_size) = 0;
1625
		(*tag_11_contents_size) = 0;
1626
	}
1627
	return rc;
1628
}
1629

1630
int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1631
				      struct ecryptfs_auth_tok **auth_tok,
1632
				      char *sig)
1633
{
1634
	int rc = 0;
1635

1636
	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1637
	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1638
		printk(KERN_ERR "Could not find key with description: [%s]\n",
1639
		       sig);
1640
		rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1641
		(*auth_tok_key) = NULL;
1642
		goto out;
1643
	}
1644
	down_write(&(*auth_tok_key)->sem);
1645
	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1646
	if (rc) {
1647
		up_write(&(*auth_tok_key)->sem);
1648
		key_put(*auth_tok_key);
1649
		(*auth_tok_key) = NULL;
1650
		goto out;
1651
	}
1652
out:
1653
	return rc;
1654
}
1655

1656
/**
1657
 * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1658
 * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1659
 * @crypt_stat: The cryptographic context
1660
 *
1661
 * Returns zero on success; non-zero error otherwise
1662
 */
1663
static int
1664
decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1665
					 struct ecryptfs_crypt_stat *crypt_stat)
1666
{
1667
	struct scatterlist dst_sg[2];
1668
	struct scatterlist src_sg[2];
1669
	struct mutex *tfm_mutex;
1670
	struct blkcipher_desc desc = {
1671
		.flags = CRYPTO_TFM_REQ_MAY_SLEEP
1672
	};
1673
	int rc = 0;
1674

1675
	if (unlikely(ecryptfs_verbosity > 0)) {
1676
		ecryptfs_printk(
1677
			KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1678
			auth_tok->token.password.session_key_encryption_key_bytes);
1679
		ecryptfs_dump_hex(
1680
			auth_tok->token.password.session_key_encryption_key,
1681
			auth_tok->token.password.session_key_encryption_key_bytes);
1682
	}
1683
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1684
							crypt_stat->cipher);
1685
	if (unlikely(rc)) {
1686
		printk(KERN_ERR "Internal error whilst attempting to get "
1687
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1688
		       crypt_stat->cipher, rc);
1689
		goto out;
1690
	}
1691
	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1692
				 auth_tok->session_key.encrypted_key_size,
1693
				 src_sg, 2);
1694
	if (rc < 1 || rc > 2) {
1695
		printk(KERN_ERR "Internal error whilst attempting to convert "
1696
			"auth_tok->session_key.encrypted_key to scatterlist; "
1697
			"expected rc = 1; got rc = [%d]. "
1698
		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1699
			auth_tok->session_key.encrypted_key_size);
1700
		goto out;
1701
	}
1702
	auth_tok->session_key.decrypted_key_size =
1703
		auth_tok->session_key.encrypted_key_size;
1704
	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1705
				 auth_tok->session_key.decrypted_key_size,
1706
				 dst_sg, 2);
1707
	if (rc < 1 || rc > 2) {
1708
		printk(KERN_ERR "Internal error whilst attempting to convert "
1709
			"auth_tok->session_key.decrypted_key to scatterlist; "
1710
			"expected rc = 1; got rc = [%d]\n", rc);
1711
		goto out;
1712
	}
1713
	mutex_lock(tfm_mutex);
1714
	rc = crypto_blkcipher_setkey(
1715
		desc.tfm, auth_tok->token.password.session_key_encryption_key,
1716
		crypt_stat->key_size);
1717
	if (unlikely(rc < 0)) {
1718
		mutex_unlock(tfm_mutex);
1719
		printk(KERN_ERR "Error setting key for crypto context\n");
1720
		rc = -EINVAL;
1721
		goto out;
1722
	}
1723
	rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1724
				      auth_tok->session_key.encrypted_key_size);
1725
	mutex_unlock(tfm_mutex);
1726
	if (unlikely(rc)) {
1727
		printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1728
		goto out;
1729
	}
1730
	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1731
	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1732
	       auth_tok->session_key.decrypted_key_size);
1733
	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1734
	if (unlikely(ecryptfs_verbosity > 0)) {
1735
		ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1736
				crypt_stat->key_size);
1737
		ecryptfs_dump_hex(crypt_stat->key,
1738
				  crypt_stat->key_size);
1739
	}
1740
out:
1741
	return rc;
1742
}
1743

1744
/**
1745
 * ecryptfs_parse_packet_set
1746
 * @crypt_stat: The cryptographic context
1747
 * @src: Virtual address of region of memory containing the packets
1748
 * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1749
 *
1750
 * Get crypt_stat to have the file's session key if the requisite key
1751
 * is available to decrypt the session key.
1752
 *
1753
 * Returns Zero if a valid authentication token was retrieved and
1754
 * processed; negative value for file not encrypted or for error
1755
 * conditions.
1756
 */
1757
int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1758
			      unsigned char *src,
1759
			      struct dentry *ecryptfs_dentry)
1760
{
1761
	size_t i = 0;
1762
	size_t found_auth_tok;
1763
	size_t next_packet_is_auth_tok_packet;
1764
	struct list_head auth_tok_list;
1765
	struct ecryptfs_auth_tok *matching_auth_tok;
1766
	struct ecryptfs_auth_tok *candidate_auth_tok;
1767
	char *candidate_auth_tok_sig;
1768
	size_t packet_size;
1769
	struct ecryptfs_auth_tok *new_auth_tok;
1770
	unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1771
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1772
	size_t tag_11_contents_size;
1773
	size_t tag_11_packet_size;
1774
	struct key *auth_tok_key = NULL;
1775
	int rc = 0;
1776

1777
	INIT_LIST_HEAD(&auth_tok_list);
1778
	/* Parse the header to find as many packets as we can; these will be
1779
	 * added the our &auth_tok_list */
1780
	next_packet_is_auth_tok_packet = 1;
1781
	while (next_packet_is_auth_tok_packet) {
1782
		size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1783

1784
		switch (src[i]) {
1785
		case ECRYPTFS_TAG_3_PACKET_TYPE:
1786
			rc = parse_tag_3_packet(crypt_stat,
1787
						(unsigned char *)&src[i],
1788
						&auth_tok_list, &new_auth_tok,
1789
						&packet_size, max_packet_size);
1790
			if (rc) {
1791
				ecryptfs_printk(KERN_ERR, "Error parsing "
1792
						"tag 3 packet\n");
1793
				rc = -EIO;
1794
				goto out_wipe_list;
1795
			}
1796
			i += packet_size;
1797
			rc = parse_tag_11_packet((unsigned char *)&src[i],
1798
						 sig_tmp_space,
1799
						 ECRYPTFS_SIG_SIZE,
1800
						 &tag_11_contents_size,
1801
						 &tag_11_packet_size,
1802
						 max_packet_size);
1803
			if (rc) {
1804
				ecryptfs_printk(KERN_ERR, "No valid "
1805
						"(ecryptfs-specific) literal "
1806
						"packet containing "
1807
						"authentication token "
1808
						"signature found after "
1809
						"tag 3 packet\n");
1810
				rc = -EIO;
1811
				goto out_wipe_list;
1812
			}
1813
			i += tag_11_packet_size;
1814
			if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1815
				ecryptfs_printk(KERN_ERR, "Expected "
1816
						"signature of size [%d]; "
1817
						"read size [%zd]\n",
1818
						ECRYPTFS_SIG_SIZE,
1819
						tag_11_contents_size);
1820
				rc = -EIO;
1821
				goto out_wipe_list;
1822
			}
1823
			ecryptfs_to_hex(new_auth_tok->token.password.signature,
1824
					sig_tmp_space, tag_11_contents_size);
1825
			new_auth_tok->token.password.signature[
1826
				ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1827
			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1828
			break;
1829
		case ECRYPTFS_TAG_1_PACKET_TYPE:
1830
			rc = parse_tag_1_packet(crypt_stat,
1831
						(unsigned char *)&src[i],
1832
						&auth_tok_list, &new_auth_tok,
1833
						&packet_size, max_packet_size);
1834
			if (rc) {
1835
				ecryptfs_printk(KERN_ERR, "Error parsing "
1836
						"tag 1 packet\n");
1837
				rc = -EIO;
1838
				goto out_wipe_list;
1839
			}
1840
			i += packet_size;
1841
			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1842
			break;
1843
		case ECRYPTFS_TAG_11_PACKET_TYPE:
1844
			ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1845
					"(Tag 11 not allowed by itself)\n");
1846
			rc = -EIO;
1847
			goto out_wipe_list;
1848
			break;
1849
		default:
1850
			ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1851
					"of the file header; hex value of "
1852
					"character is [0x%.2x]\n", i, src[i]);
1853
			next_packet_is_auth_tok_packet = 0;
1854
		}
1855
	}
1856
	if (list_empty(&auth_tok_list)) {
1857
		printk(KERN_ERR "The lower file appears to be a non-encrypted "
1858
		       "eCryptfs file; this is not supported in this version "
1859
		       "of the eCryptfs kernel module\n");
1860
		rc = -EINVAL;
1861
		goto out;
1862
	}
1863
	/* auth_tok_list contains the set of authentication tokens
1864
	 * parsed from the metadata. We need to find a matching
1865
	 * authentication token that has the secret component(s)
1866
	 * necessary to decrypt the EFEK in the auth_tok parsed from
1867
	 * the metadata. There may be several potential matches, but
1868
	 * just one will be sufficient to decrypt to get the FEK. */
1869
find_next_matching_auth_tok:
1870
	found_auth_tok = 0;
1871
	if (auth_tok_key) {
1872
		up_write(&(auth_tok_key->sem));
1873
		key_put(auth_tok_key);
1874
		auth_tok_key = NULL;
1875
	}
1876
	list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1877
		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1878
		if (unlikely(ecryptfs_verbosity > 0)) {
1879
			ecryptfs_printk(KERN_DEBUG,
1880
					"Considering cadidate auth tok:\n");
1881
			ecryptfs_dump_auth_tok(candidate_auth_tok);
1882
		}
1883
		rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1884
					       candidate_auth_tok);
1885
		if (rc) {
1886
			printk(KERN_ERR
1887
			       "Unrecognized candidate auth tok type: [%d]\n",
1888
			       candidate_auth_tok->token_type);
1889
			rc = -EINVAL;
1890
			goto out_wipe_list;
1891
		}
1892
		rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1893
					       &matching_auth_tok,
1894
					       crypt_stat->mount_crypt_stat,
1895
					       candidate_auth_tok_sig);
1896
		if (!rc) {
1897
			found_auth_tok = 1;
1898
			goto found_matching_auth_tok;
1899
		}
1900
	}
1901
	if (!found_auth_tok) {
1902
		ecryptfs_printk(KERN_ERR, "Could not find a usable "
1903
				"authentication token\n");
1904
		rc = -EIO;
1905
		goto out_wipe_list;
1906
	}
1907
found_matching_auth_tok:
1908
	if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1909
		memcpy(&(candidate_auth_tok->token.private_key),
1910
		       &(matching_auth_tok->token.private_key),
1911
		       sizeof(struct ecryptfs_private_key));
1912
		rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1913
						       crypt_stat);
1914
	} else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1915
		memcpy(&(candidate_auth_tok->token.password),
1916
		       &(matching_auth_tok->token.password),
1917
		       sizeof(struct ecryptfs_password));
1918
		rc = decrypt_passphrase_encrypted_session_key(
1919
			candidate_auth_tok, crypt_stat);
1920
	}
1921
	if (rc) {
1922
		struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1923

1924
		ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1925
				"session key for authentication token with sig "
1926
				"[%.*s]; rc = [%d]. Removing auth tok "
1927
				"candidate from the list and searching for "
1928
				"the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1929
				candidate_auth_tok_sig,	rc);
1930
		list_for_each_entry_safe(auth_tok_list_item,
1931
					 auth_tok_list_item_tmp,
1932
					 &auth_tok_list, list) {
1933
			if (candidate_auth_tok
1934
			    == &auth_tok_list_item->auth_tok) {
1935
				list_del(&auth_tok_list_item->list);
1936
				kmem_cache_free(
1937
					ecryptfs_auth_tok_list_item_cache,
1938
					auth_tok_list_item);
1939
				goto find_next_matching_auth_tok;
1940
			}
1941
		}
1942
		BUG();
1943
	}
1944
	rc = ecryptfs_compute_root_iv(crypt_stat);
1945
	if (rc) {
1946
		ecryptfs_printk(KERN_ERR, "Error computing "
1947
				"the root IV\n");
1948
		goto out_wipe_list;
1949
	}
1950
	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1951
	if (rc) {
1952
		ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1953
				"context for cipher [%s]; rc = [%d]\n",
1954
				crypt_stat->cipher, rc);
1955
	}
1956
out_wipe_list:
1957
	wipe_auth_tok_list(&auth_tok_list);
1958
out:
1959
	if (auth_tok_key) {
1960
		up_write(&(auth_tok_key->sem));
1961
		key_put(auth_tok_key);
1962
	}
1963
	return rc;
1964
}
1965

1966
static int
1967
pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1968
			struct ecryptfs_crypt_stat *crypt_stat,
1969
			struct ecryptfs_key_record *key_rec)
1970
{
1971
	struct ecryptfs_msg_ctx *msg_ctx = NULL;
1972
	char *payload = NULL;
1973
	size_t payload_len;
1974
	struct ecryptfs_message *msg;
1975
	int rc;
1976

1977
	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1978
				 ecryptfs_code_for_cipher_string(
1979
					 crypt_stat->cipher,
1980
					 crypt_stat->key_size),
1981
				 crypt_stat, &payload, &payload_len);
1982
	if (rc) {
1983
		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1984
		goto out;
1985
	}
1986
	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1987
	if (rc) {
1988
		ecryptfs_printk(KERN_ERR, "Error sending message to "
1989
				"ecryptfsd\n");
1990
		goto out;
1991
	}
1992
	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1993
	if (rc) {
1994
		ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1995
				"from the user space daemon\n");
1996
		rc = -EIO;
1997
		goto out;
1998
	}
1999
	rc = parse_tag_67_packet(key_rec, msg);
2000
	if (rc)
2001
		ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
2002
	kfree(msg);
2003
out:
2004
	kfree(payload);
2005
	return rc;
2006
}
2007
/**
2008
 * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
2009
 * @dest: Buffer into which to write the packet
2010
 * @remaining_bytes: Maximum number of bytes that can be writtn
2011
 * @auth_tok: The authentication token used for generating the tag 1 packet
2012
 * @crypt_stat: The cryptographic context
2013
 * @key_rec: The key record struct for the tag 1 packet
2014
 * @packet_size: This function will write the number of bytes that end
2015
 *               up constituting the packet; set to zero on error
2016
 *
2017
 * Returns zero on success; non-zero on error.
2018
 */
2019
static int
2020
write_tag_1_packet(char *dest, size_t *remaining_bytes,
2021
		   struct ecryptfs_auth_tok *auth_tok,
2022
		   struct ecryptfs_crypt_stat *crypt_stat,
2023
		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2024
{
2025
	size_t i;
2026
	size_t encrypted_session_key_valid = 0;
2027
	size_t packet_size_length;
2028
	size_t max_packet_size;
2029
	int rc = 0;
2030

2031
	(*packet_size) = 0;
2032
	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2033
			  ECRYPTFS_SIG_SIZE);
2034
	encrypted_session_key_valid = 0;
2035
	for (i = 0; i < crypt_stat->key_size; i++)
2036
		encrypted_session_key_valid |=
2037
			auth_tok->session_key.encrypted_key[i];
2038
	if (encrypted_session_key_valid) {
2039
		memcpy(key_rec->enc_key,
2040
		       auth_tok->session_key.encrypted_key,
2041
		       auth_tok->session_key.encrypted_key_size);
2042
		goto encrypted_session_key_set;
2043
	}
2044
	if (auth_tok->session_key.encrypted_key_size == 0)
2045
		auth_tok->session_key.encrypted_key_size =
2046
			auth_tok->token.private_key.key_size;
2047
	rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
2048
	if (rc) {
2049
		printk(KERN_ERR "Failed to encrypt session key via a key "
2050
		       "module; rc = [%d]\n", rc);
2051
		goto out;
2052
	}
2053
	if (ecryptfs_verbosity > 0) {
2054
		ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
2055
		ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
2056
	}
2057
encrypted_session_key_set:
2058
	/* This format is inspired by OpenPGP; see RFC 2440
2059
	 * packet tag 1 */
2060
	max_packet_size = (1                         /* Tag 1 identifier */
2061
			   + 3                       /* Max Tag 1 packet size */
2062
			   + 1                       /* Version */
2063
			   + ECRYPTFS_SIG_SIZE       /* Key identifier */
2064
			   + 1                       /* Cipher identifier */
2065
			   + key_rec->enc_key_size); /* Encrypted key size */
2066
	if (max_packet_size > (*remaining_bytes)) {
2067
		printk(KERN_ERR "Packet length larger than maximum allowable; "
2068
		       "need up to [%td] bytes, but there are only [%td] "
2069
		       "available\n", max_packet_size, (*remaining_bytes));
2070
		rc = -EINVAL;
2071
		goto out;
2072
	}
2073
	dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2074
	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2075
					  (max_packet_size - 4),
2076
					  &packet_size_length);
2077
	if (rc) {
2078
		ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2079
				"header; cannot generate packet length\n");
2080
		goto out;
2081
	}
2082
	(*packet_size) += packet_size_length;
2083
	dest[(*packet_size)++] = 0x03; /* version 3 */
2084
	memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2085
	(*packet_size) += ECRYPTFS_SIG_SIZE;
2086
	dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2087
	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2088
	       key_rec->enc_key_size);
2089
	(*packet_size) += key_rec->enc_key_size;
2090
out:
2091
	if (rc)
2092
		(*packet_size) = 0;
2093
	else
2094
		(*remaining_bytes) -= (*packet_size);
2095
	return rc;
2096
}
2097

2098
/**
2099
 * write_tag_11_packet
2100
 * @dest: Target into which Tag 11 packet is to be written
2101
 * @remaining_bytes: Maximum packet length
2102
 * @contents: Byte array of contents to copy in
2103
 * @contents_length: Number of bytes in contents
2104
 * @packet_length: Length of the Tag 11 packet written; zero on error
2105
 *
2106
 * Returns zero on success; non-zero on error.
2107
 */
2108
static int
2109
write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2110
		    size_t contents_length, size_t *packet_length)
2111
{
2112
	size_t packet_size_length;
2113
	size_t max_packet_size;
2114
	int rc = 0;
2115

2116
	(*packet_length) = 0;
2117
	/* This format is inspired by OpenPGP; see RFC 2440
2118
	 * packet tag 11 */
2119
	max_packet_size = (1                   /* Tag 11 identifier */
2120
			   + 3                 /* Max Tag 11 packet size */
2121
			   + 1                 /* Binary format specifier */
2122
			   + 1                 /* Filename length */
2123
			   + 8                 /* Filename ("_CONSOLE") */
2124
			   + 4                 /* Modification date */
2125
			   + contents_length); /* Literal data */
2126
	if (max_packet_size > (*remaining_bytes)) {
2127
		printk(KERN_ERR "Packet length larger than maximum allowable; "
2128
		       "need up to [%td] bytes, but there are only [%td] "
2129
		       "available\n", max_packet_size, (*remaining_bytes));
2130
		rc = -EINVAL;
2131
		goto out;
2132
	}
2133
	dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2134
	rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2135
					  (max_packet_size - 4),
2136
					  &packet_size_length);
2137
	if (rc) {
2138
		printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2139
		       "generate packet length. rc = [%d]\n", rc);
2140
		goto out;
2141
	}
2142
	(*packet_length) += packet_size_length;
2143
	dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2144
	dest[(*packet_length)++] = 8;
2145
	memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2146
	(*packet_length) += 8;
2147
	memset(&dest[(*packet_length)], 0x00, 4);
2148
	(*packet_length) += 4;
2149
	memcpy(&dest[(*packet_length)], contents, contents_length);
2150
	(*packet_length) += contents_length;
2151
 out:
2152
	if (rc)
2153
		(*packet_length) = 0;
2154
	else
2155
		(*remaining_bytes) -= (*packet_length);
2156
	return rc;
2157
}
2158

2159
/**
2160
 * write_tag_3_packet
2161
 * @dest: Buffer into which to write the packet
2162
 * @remaining_bytes: Maximum number of bytes that can be written
2163
 * @auth_tok: Authentication token
2164
 * @crypt_stat: The cryptographic context
2165
 * @key_rec: encrypted key
2166
 * @packet_size: This function will write the number of bytes that end
2167
 *               up constituting the packet; set to zero on error
2168
 *
2169
 * Returns zero on success; non-zero on error.
2170
 */
2171
static int
2172
write_tag_3_packet(char *dest, size_t *remaining_bytes,
2173
		   struct ecryptfs_auth_tok *auth_tok,
2174
		   struct ecryptfs_crypt_stat *crypt_stat,
2175
		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2176
{
2177
	size_t i;
2178
	size_t encrypted_session_key_valid = 0;
2179
	char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2180
	struct scatterlist dst_sg[2];
2181
	struct scatterlist src_sg[2];
2182
	struct mutex *tfm_mutex = NULL;
2183
	u8 cipher_code;
2184
	size_t packet_size_length;
2185
	size_t max_packet_size;
2186
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2187
		crypt_stat->mount_crypt_stat;
2188
	struct blkcipher_desc desc = {
2189
		.tfm = NULL,
2190
		.flags = CRYPTO_TFM_REQ_MAY_SLEEP
2191
	};
2192
	int rc = 0;
2193

2194
	(*packet_size) = 0;
2195
	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2196
			  ECRYPTFS_SIG_SIZE);
2197
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2198
							crypt_stat->cipher);
2199
	if (unlikely(rc)) {
2200
		printk(KERN_ERR "Internal error whilst attempting to get "
2201
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2202
		       crypt_stat->cipher, rc);
2203
		goto out;
2204
	}
2205
	if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2206
		struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2207

2208
		printk(KERN_WARNING "No key size specified at mount; "
2209
		       "defaulting to [%d]\n", alg->max_keysize);
2210
		mount_crypt_stat->global_default_cipher_key_size =
2211
			alg->max_keysize;
2212
	}
2213
	if (crypt_stat->key_size == 0)
2214
		crypt_stat->key_size =
2215
			mount_crypt_stat->global_default_cipher_key_size;
2216
	if (auth_tok->session_key.encrypted_key_size == 0)
2217
		auth_tok->session_key.encrypted_key_size =
2218
			crypt_stat->key_size;
2219
	if (crypt_stat->key_size == 24
2220
	    && strcmp("aes", crypt_stat->cipher) == 0) {
2221
		memset((crypt_stat->key + 24), 0, 8);
2222
		auth_tok->session_key.encrypted_key_size = 32;
2223
	} else
2224
		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2225
	key_rec->enc_key_size =
2226
		auth_tok->session_key.encrypted_key_size;
2227
	encrypted_session_key_valid = 0;
2228
	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2229
		encrypted_session_key_valid |=
2230
			auth_tok->session_key.encrypted_key[i];
2231
	if (encrypted_session_key_valid) {
2232
		ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2233
				"using auth_tok->session_key.encrypted_key, "
2234
				"where key_rec->enc_key_size = [%zd]\n",
2235
				key_rec->enc_key_size);
2236
		memcpy(key_rec->enc_key,
2237
		       auth_tok->session_key.encrypted_key,
2238
		       key_rec->enc_key_size);
2239
		goto encrypted_session_key_set;
2240
	}
2241
	if (auth_tok->token.password.flags &
2242
	    ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2243
		ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2244
				"session key encryption key of size [%d]\n",
2245
				auth_tok->token.password.
2246
				session_key_encryption_key_bytes);
2247
		memcpy(session_key_encryption_key,
2248
		       auth_tok->token.password.session_key_encryption_key,
2249
		       crypt_stat->key_size);
2250
		ecryptfs_printk(KERN_DEBUG,
2251
				"Cached session key " "encryption key: \n");
2252
		if (ecryptfs_verbosity > 0)
2253
			ecryptfs_dump_hex(session_key_encryption_key, 16);
2254
	}
2255
	if (unlikely(ecryptfs_verbosity > 0)) {
2256
		ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2257
		ecryptfs_dump_hex(session_key_encryption_key, 16);
2258
	}
2259
	rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2260
				 src_sg, 2);
2261
	if (rc < 1 || rc > 2) {
2262
		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2263
				"for crypt_stat session key; expected rc = 1; "
2264
				"got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2265
				rc, key_rec->enc_key_size);
2266
		rc = -ENOMEM;
2267
		goto out;
2268
	}
2269
	rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2270
				 dst_sg, 2);
2271
	if (rc < 1 || rc > 2) {
2272
		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2273
				"for crypt_stat encrypted session key; "
2274
				"expected rc = 1; got rc = [%d]. "
2275
				"key_rec->enc_key_size = [%zd]\n", rc,
2276
				key_rec->enc_key_size);
2277
		rc = -ENOMEM;
2278
		goto out;
2279
	}
2280
	mutex_lock(tfm_mutex);
2281
	rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
2282
				     crypt_stat->key_size);
2283
	if (rc < 0) {
2284
		mutex_unlock(tfm_mutex);
2285
		ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2286
				"context; rc = [%d]\n", rc);
2287
		goto out;
2288
	}
2289
	rc = 0;
2290
	ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2291
			crypt_stat->key_size);
2292
	rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2293
				      (*key_rec).enc_key_size);
2294
	mutex_unlock(tfm_mutex);
2295
	if (rc) {
2296
		printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2297
		goto out;
2298
	}
2299
	ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2300
	if (ecryptfs_verbosity > 0) {
2301
		ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2302
				key_rec->enc_key_size);
2303
		ecryptfs_dump_hex(key_rec->enc_key,
2304
				  key_rec->enc_key_size);
2305
	}
2306
encrypted_session_key_set:
2307
	/* This format is inspired by OpenPGP; see RFC 2440
2308
	 * packet tag 3 */
2309
	max_packet_size = (1                         /* Tag 3 identifier */
2310
			   + 3                       /* Max Tag 3 packet size */
2311
			   + 1                       /* Version */
2312
			   + 1                       /* Cipher code */
2313
			   + 1                       /* S2K specifier */
2314
			   + 1                       /* Hash identifier */
2315
			   + ECRYPTFS_SALT_SIZE      /* Salt */
2316
			   + 1                       /* Hash iterations */
2317
			   + key_rec->enc_key_size); /* Encrypted key size */
2318
	if (max_packet_size > (*remaining_bytes)) {
2319
		printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2320
		       "there are only [%td] available\n", max_packet_size,
2321
		       (*remaining_bytes));
2322
		rc = -EINVAL;
2323
		goto out;
2324
	}
2325
	dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2326
	/* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2327
	 * to get the number of octets in the actual Tag 3 packet */
2328
	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2329
					  (max_packet_size - 4),
2330
					  &packet_size_length);
2331
	if (rc) {
2332
		printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2333
		       "generate packet length. rc = [%d]\n", rc);
2334
		goto out;
2335
	}
2336
	(*packet_size) += packet_size_length;
2337
	dest[(*packet_size)++] = 0x04; /* version 4 */
2338
	/* TODO: Break from RFC2440 so that arbitrary ciphers can be
2339
	 * specified with strings */
2340
	cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2341
						      crypt_stat->key_size);
2342
	if (cipher_code == 0) {
2343
		ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2344
				"cipher [%s]\n", crypt_stat->cipher);
2345
		rc = -EINVAL;
2346
		goto out;
2347
	}
2348
	dest[(*packet_size)++] = cipher_code;
2349
	dest[(*packet_size)++] = 0x03;	/* S2K */
2350
	dest[(*packet_size)++] = 0x01;	/* MD5 (TODO: parameterize) */
2351
	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2352
	       ECRYPTFS_SALT_SIZE);
2353
	(*packet_size) += ECRYPTFS_SALT_SIZE;	/* salt */
2354
	dest[(*packet_size)++] = 0x60;	/* hash iterations (65536) */
2355
	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2356
	       key_rec->enc_key_size);
2357
	(*packet_size) += key_rec->enc_key_size;
2358
out:
2359
	if (rc)
2360
		(*packet_size) = 0;
2361
	else
2362
		(*remaining_bytes) -= (*packet_size);
2363
	return rc;
2364
}
2365

2366
struct kmem_cache *ecryptfs_key_record_cache;
2367

2368
/**
2369
 * ecryptfs_generate_key_packet_set
2370
 * @dest_base: Virtual address from which to write the key record set
2371
 * @crypt_stat: The cryptographic context from which the
2372
 *              authentication tokens will be retrieved
2373
 * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2374
 *                   for the global parameters
2375
 * @len: The amount written
2376
 * @max: The maximum amount of data allowed to be written
2377
 *
2378
 * Generates a key packet set and writes it to the virtual address
2379
 * passed in.
2380
 *
2381
 * Returns zero on success; non-zero on error.
2382
 */
2383
int
2384
ecryptfs_generate_key_packet_set(char *dest_base,
2385
				 struct ecryptfs_crypt_stat *crypt_stat,
2386
				 struct dentry *ecryptfs_dentry, size_t *len,
2387
				 size_t max)
2388
{
2389
	struct ecryptfs_auth_tok *auth_tok;
2390
	struct key *auth_tok_key = NULL;
2391
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2392
		&ecryptfs_superblock_to_private(
2393
			ecryptfs_dentry->d_sb)->mount_crypt_stat;
2394
	size_t written;
2395
	struct ecryptfs_key_record *key_rec;
2396
	struct ecryptfs_key_sig *key_sig;
2397
	int rc = 0;
2398

2399
	(*len) = 0;
2400
	mutex_lock(&crypt_stat->keysig_list_mutex);
2401
	key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2402
	if (!key_rec) {
2403
		rc = -ENOMEM;
2404
		goto out;
2405
	}
2406
	list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2407
			    crypt_stat_list) {
2408
		memset(key_rec, 0, sizeof(*key_rec));
2409
		rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
2410
							   &auth_tok,
2411
							   mount_crypt_stat,
2412
							   key_sig->keysig);
2413
		if (rc) {
2414
			printk(KERN_WARNING "Unable to retrieve auth tok with "
2415
			       "sig = [%s]\n", key_sig->keysig);
2416
			rc = process_find_global_auth_tok_for_sig_err(rc);
2417
			goto out_free;
2418
		}
2419
		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2420
			rc = write_tag_3_packet((dest_base + (*len)),
2421
						&max, auth_tok,
2422
						crypt_stat, key_rec,
2423
						&written);
2424
			if (rc) {
2425
				ecryptfs_printk(KERN_WARNING, "Error "
2426
						"writing tag 3 packet\n");
2427
				goto out_free;
2428
			}
2429
			(*len) += written;
2430
			/* Write auth tok signature packet */
2431
			rc = write_tag_11_packet((dest_base + (*len)), &max,
2432
						 key_rec->sig,
2433
						 ECRYPTFS_SIG_SIZE, &written);
2434
			if (rc) {
2435
				ecryptfs_printk(KERN_ERR, "Error writing "
2436
						"auth tok signature packet\n");
2437
				goto out_free;
2438
			}
2439
			(*len) += written;
2440
		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2441
			rc = write_tag_1_packet(dest_base + (*len),
2442
						&max, auth_tok,
2443
						crypt_stat, key_rec, &written);
2444
			if (rc) {
2445
				ecryptfs_printk(KERN_WARNING, "Error "
2446
						"writing tag 1 packet\n");
2447
				goto out_free;
2448
			}
2449
			(*len) += written;
2450
		} else {
2451
			ecryptfs_printk(KERN_WARNING, "Unsupported "
2452
					"authentication token type\n");
2453
			rc = -EINVAL;
2454
			goto out_free;
2455
		}
2456
		up_write(&(auth_tok_key->sem));
2457
		key_put(auth_tok_key);
2458
		auth_tok_key = NULL;
2459
	}
2460
	if (likely(max > 0)) {
2461
		dest_base[(*len)] = 0x00;
2462
	} else {
2463
		ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2464
		rc = -EIO;
2465
	}
2466
out_free:
2467
	kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2468
out:
2469
	if (rc)
2470
		(*len) = 0;
2471
	if (auth_tok_key) {
2472
		up_write(&(auth_tok_key->sem));
2473
		key_put(auth_tok_key);
2474
	}
2475

2476
	mutex_unlock(&crypt_stat->keysig_list_mutex);
2477
	return rc;
2478
}
2479

2480
struct kmem_cache *ecryptfs_key_sig_cache;
2481

2482
int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2483
{
2484
	struct ecryptfs_key_sig *new_key_sig;
2485

2486
	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2487
	if (!new_key_sig) {
2488
		printk(KERN_ERR
2489
		       "Error allocating from ecryptfs_key_sig_cache\n");
2490
		return -ENOMEM;
2491
	}
2492
	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2493
	new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2494
	/* Caller must hold keysig_list_mutex */
2495
	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2496

2497
	return 0;
2498
}
2499

2500
struct kmem_cache *ecryptfs_global_auth_tok_cache;
2501

2502
int
2503
ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2504
			     char *sig, u32 global_auth_tok_flags)
2505
{
2506
	struct ecryptfs_global_auth_tok *new_auth_tok;
2507
	int rc = 0;
2508

2509
	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2510
					GFP_KERNEL);
2511
	if (!new_auth_tok) {
2512
		rc = -ENOMEM;
2513
		printk(KERN_ERR "Error allocating from "
2514
		       "ecryptfs_global_auth_tok_cache\n");
2515
		goto out;
2516
	}
2517
	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2518
	new_auth_tok->flags = global_auth_tok_flags;
2519
	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2520
	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2521
	list_add(&new_auth_tok->mount_crypt_stat_list,
2522
		 &mount_crypt_stat->global_auth_tok_list);
2523
	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2524
out:
2525
	return rc;
2526
}
2527

2528

2529