1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/*
3
 * eCryptfs: Linux filesystem encryption layer
4
 * In-kernel key management code.  Includes functions to parse and
5
 * write authentication token-related packets with the underlying
6
 * file.
7
 *
8
 * Copyright (C) 2004-2006 International Business Machines Corp.
9
 *   Author(s): Michael A. Halcrow <[email protected]>
10
 *              Michael C. Thompson <[email protected]>
11
 *              Trevor S. Highland <[email protected]>
12
 */
13

14
#include <crypto/hash.h>
15
#include <crypto/skcipher.h>
16
#include <linux/string.h>
17
#include <linux/pagemap.h>
18
#include <linux/key.h>
19
#include <linux/random.h>
20
#include <linux/scatterlist.h>
21
#include <linux/slab.h>
22
#include "ecryptfs_kernel.h"
23

24
/*
25
 * request_key returned an error instead of a valid key address;
26
 * determine the type of error, make appropriate log entries, and
27
 * return an error code.
28
 */
29
static int process_request_key_err(long err_code)
30
{
31
	int rc = 0;
32

33
	switch (err_code) {
34
	case -ENOKEY:
35
		ecryptfs_printk(KERN_WARNING, "No key\n");
36
		rc = -ENOENT;
37
		break;
38
	case -EKEYEXPIRED:
39
		ecryptfs_printk(KERN_WARNING, "Key expired\n");
40
		rc = -ETIME;
41
		break;
42
	case -EKEYREVOKED:
43
		ecryptfs_printk(KERN_WARNING, "Key revoked\n");
44
		rc = -EINVAL;
45
		break;
46
	default:
47
		ecryptfs_printk(KERN_WARNING, "Unknown error code: "
48
				"[0x%.16lx]\n", err_code);
49
		rc = -EINVAL;
50
	}
51
	return rc;
52
}
53

54
static int process_find_global_auth_tok_for_sig_err(int err_code)
55
{
56
	int rc = err_code;
57

58
	switch (err_code) {
59
	case -ENOENT:
60
		ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
61
		break;
62
	case -EINVAL:
63
		ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
64
		break;
65
	default:
66
		rc = process_request_key_err(err_code);
67
		break;
68
	}
69
	return rc;
70
}
71

72
/**
73
 * ecryptfs_parse_packet_length
74
 * @data: Pointer to memory containing length at offset
75
 * @size: This function writes the decoded size to this memory
76
 *        address; zero on error
77
 * @length_size: The number of bytes occupied by the encoded length
78
 *
79
 * Returns zero on success; non-zero on error
80
 */
81
int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
82
				 size_t *length_size)
83
{
84
	int rc = 0;
85

86
	(*length_size) = 0;
87
	(*size) = 0;
88
	if (data[0] < 192) {
89
		/* One-byte length */
90
		(*size) = data[0];
91
		(*length_size) = 1;
92
	} else if (data[0] < 224) {
93
		/* Two-byte length */
94
		(*size) = (data[0] - 192) * 256;
95
		(*size) += data[1] + 192;
96
		(*length_size) = 2;
97
	} else if (data[0] == 255) {
98
		/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
99
		ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
100
				"supported\n");
101
		rc = -EINVAL;
102
		goto out;
103
	} else {
104
		ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
105
		rc = -EINVAL;
106
		goto out;
107
	}
108
out:
109
	return rc;
110
}
111

112
/**
113
 * ecryptfs_write_packet_length
114
 * @dest: The byte array target into which to write the length. Must
115
 *        have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated.
116
 * @size: The length to write.
117
 * @packet_size_length: The number of bytes used to encode the packet
118
 *                      length is written to this address.
119
 *
120
 * Returns zero on success; non-zero on error.
121
 */
122
int ecryptfs_write_packet_length(char *dest, size_t size,
123
				 size_t *packet_size_length)
124
{
125
	int rc = 0;
126

127
	if (size < 192) {
128
		dest[0] = size;
129
		(*packet_size_length) = 1;
130
	} else if (size < 65536) {
131
		dest[0] = (((size - 192) / 256) + 192);
132
		dest[1] = ((size - 192) % 256);
133
		(*packet_size_length) = 2;
134
	} else {
135
		/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
136
		rc = -EINVAL;
137
		ecryptfs_printk(KERN_WARNING,
138
				"Unsupported packet size: [%zd]\n", size);
139
	}
140
	return rc;
141
}
142

143
static int
144
write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
145
		    char **packet, size_t *packet_len)
146
{
147
	size_t i = 0;
148
	size_t data_len;
149
	size_t packet_size_len;
150
	char *message;
151
	int rc;
152

153
	/*
154
	 *              ***** TAG 64 Packet Format *****
155
	 *    | Content Type                       | 1 byte       |
156
	 *    | Key Identifier Size                | 1 or 2 bytes |
157
	 *    | Key Identifier                     | arbitrary    |
158
	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
159
	 *    | Encrypted File Encryption Key      | arbitrary    |
160
	 */
161
	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
162
		    + session_key->encrypted_key_size);
163
	*packet = kmalloc(data_len, GFP_KERNEL);
164
	message = *packet;
165
	if (!message) {
166
		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
167
		rc = -ENOMEM;
168
		goto out;
169
	}
170
	message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
171
	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
172
					  &packet_size_len);
173
	if (rc) {
174
		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
175
				"header; cannot generate packet length\n");
176
		goto out;
177
	}
178
	i += packet_size_len;
179
	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
180
	i += ECRYPTFS_SIG_SIZE_HEX;
181
	rc = ecryptfs_write_packet_length(&message[i],
182
					  session_key->encrypted_key_size,
183
					  &packet_size_len);
184
	if (rc) {
185
		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
186
				"header; cannot generate packet length\n");
187
		goto out;
188
	}
189
	i += packet_size_len;
190
	memcpy(&message[i], session_key->encrypted_key,
191
	       session_key->encrypted_key_size);
192
	i += session_key->encrypted_key_size;
193
	*packet_len = i;
194
out:
195
	return rc;
196
}
197

198
static int
199
parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
200
		    struct ecryptfs_message *msg)
201
{
202
	size_t i = 0;
203
	char *data;
204
	size_t data_len;
205
	size_t m_size;
206
	size_t message_len;
207
	u16 checksum = 0;
208
	u16 expected_checksum = 0;
209
	int rc;
210

211
	/*
212
	 *              ***** TAG 65 Packet Format *****
213
	 *         | Content Type             | 1 byte       |
214
	 *         | Status Indicator         | 1 byte       |
215
	 *         | File Encryption Key Size | 1 or 2 bytes |
216
	 *         | File Encryption Key      | arbitrary    |
217
	 */
218
	message_len = msg->data_len;
219
	data = msg->data;
220
	if (message_len < 4) {
221
		rc = -EIO;
222
		goto out;
223
	}
224
	if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
225
		ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
226
		rc = -EIO;
227
		goto out;
228
	}
229
	if (data[i++]) {
230
		ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
231
				"[%d]\n", data[i-1]);
232
		rc = -EIO;
233
		goto out;
234
	}
235
	rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
236
	if (rc) {
237
		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
238
				"rc = [%d]\n", rc);
239
		goto out;
240
	}
241
	i += data_len;
242
	if (message_len < (i + m_size)) {
243
		ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
244
				"is shorter than expected\n");
245
		rc = -EIO;
246
		goto out;
247
	}
248
	if (m_size < 3) {
249
		ecryptfs_printk(KERN_ERR,
250
				"The decrypted key is not long enough to "
251
				"include a cipher code and checksum\n");
252
		rc = -EIO;
253
		goto out;
254
	}
255
	*cipher_code = data[i++];
256
	/* The decrypted key includes 1 byte cipher code and 2 byte checksum */
257
	session_key->decrypted_key_size = m_size - 3;
258
	if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
259
		ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
260
				"the maximum key size [%d]\n",
261
				session_key->decrypted_key_size,
262
				ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
263
		rc = -EIO;
264
		goto out;
265
	}
266
	memcpy(session_key->decrypted_key, &data[i],
267
	       session_key->decrypted_key_size);
268
	i += session_key->decrypted_key_size;
269
	expected_checksum += (unsigned char)(data[i++]) << 8;
270
	expected_checksum += (unsigned char)(data[i++]);
271
	for (i = 0; i < session_key->decrypted_key_size; i++)
272
		checksum += session_key->decrypted_key[i];
273
	if (expected_checksum != checksum) {
274
		ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
275
				"encryption  key; expected [%x]; calculated "
276
				"[%x]\n", expected_checksum, checksum);
277
		rc = -EIO;
278
	}
279
out:
280
	return rc;
281
}
282

283

284
static int
285
write_tag_66_packet(char *signature, u8 cipher_code,
286
		    struct ecryptfs_crypt_stat *crypt_stat, char **packet,
287
		    size_t *packet_len)
288
{
289
	size_t i = 0;
290
	size_t j;
291
	size_t data_len;
292
	size_t checksum = 0;
293
	size_t packet_size_len;
294
	char *message;
295
	int rc;
296

297
	/*
298
	 *              ***** TAG 66 Packet Format *****
299
	 *         | Content Type             | 1 byte       |
300
	 *         | Key Identifier Size      | 1 or 2 bytes |
301
	 *         | Key Identifier           | arbitrary    |
302
	 *         | File Encryption Key Size | 1 or 2 bytes |
303
	 *         | Cipher Code              | 1 byte       |
304
	 *         | File Encryption Key      | arbitrary    |
305
	 *         | Checksum                 | 2 bytes      |
306
	 */
307
	data_len = (8 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
308
	*packet = kmalloc(data_len, GFP_KERNEL);
309
	message = *packet;
310
	if (!message) {
311
		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
312
		rc = -ENOMEM;
313
		goto out;
314
	}
315
	message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
316
	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
317
					  &packet_size_len);
318
	if (rc) {
319
		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
320
				"header; cannot generate packet length\n");
321
		goto out;
322
	}
323
	i += packet_size_len;
324
	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
325
	i += ECRYPTFS_SIG_SIZE_HEX;
326
	/* The encrypted key includes 1 byte cipher code and 2 byte checksum */
327
	rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
328
					  &packet_size_len);
329
	if (rc) {
330
		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
331
				"header; cannot generate packet length\n");
332
		goto out;
333
	}
334
	i += packet_size_len;
335
	message[i++] = cipher_code;
336
	memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
337
	i += crypt_stat->key_size;
338
	for (j = 0; j < crypt_stat->key_size; j++)
339
		checksum += crypt_stat->key[j];
340
	message[i++] = (checksum / 256) % 256;
341
	message[i++] = (checksum % 256);
342
	*packet_len = i;
343
out:
344
	return rc;
345
}
346

347
static int
348
parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
349
		    struct ecryptfs_message *msg)
350
{
351
	size_t i = 0;
352
	char *data;
353
	size_t data_len;
354
	size_t message_len;
355
	int rc;
356

357
	/*
358
	 *              ***** TAG 65 Packet Format *****
359
	 *    | Content Type                       | 1 byte       |
360
	 *    | Status Indicator                   | 1 byte       |
361
	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
362
	 *    | Encrypted File Encryption Key      | arbitrary    |
363
	 */
364
	message_len = msg->data_len;
365
	data = msg->data;
366
	/* verify that everything through the encrypted FEK size is present */
367
	if (message_len < 4) {
368
		rc = -EIO;
369
		printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
370
		       "message length is [%d]\n", __func__, message_len, 4);
371
		goto out;
372
	}
373
	if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
374
		rc = -EIO;
375
		printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
376
		       __func__);
377
		goto out;
378
	}
379
	if (data[i++]) {
380
		rc = -EIO;
381
		printk(KERN_ERR "%s: Status indicator has non zero "
382
		       "value [%d]\n", __func__, data[i-1]);
383

384
		goto out;
385
	}
386
	rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
387
					  &data_len);
388
	if (rc) {
389
		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
390
				"rc = [%d]\n", rc);
391
		goto out;
392
	}
393
	i += data_len;
394
	if (message_len < (i + key_rec->enc_key_size)) {
395
		rc = -EIO;
396
		printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
397
		       __func__, message_len, (i + key_rec->enc_key_size));
398
		goto out;
399
	}
400
	if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
401
		rc = -EIO;
402
		printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
403
		       "the maximum key size [%d]\n", __func__,
404
		       key_rec->enc_key_size,
405
		       ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
406
		goto out;
407
	}
408
	memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
409
out:
410
	return rc;
411
}
412

413
/**
414
 * ecryptfs_verify_version
415
 * @version: The version number to confirm
416
 *
417
 * Returns zero on good version; non-zero otherwise
418
 */
419
static int ecryptfs_verify_version(u16 version)
420
{
421
	int rc = 0;
422
	unsigned char major;
423
	unsigned char minor;
424

425
	major = ((version >> 8) & 0xFF);
426
	minor = (version & 0xFF);
427
	if (major != ECRYPTFS_VERSION_MAJOR) {
428
		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
429
				"Expected [%d]; got [%d]\n",
430
				ECRYPTFS_VERSION_MAJOR, major);
431
		rc = -EINVAL;
432
		goto out;
433
	}
434
	if (minor != ECRYPTFS_VERSION_MINOR) {
435
		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
436
				"Expected [%d]; got [%d]\n",
437
				ECRYPTFS_VERSION_MINOR, minor);
438
		rc = -EINVAL;
439
		goto out;
440
	}
441
out:
442
	return rc;
443
}
444

445
/**
446
 * ecryptfs_verify_auth_tok_from_key
447
 * @auth_tok_key: key containing the authentication token
448
 * @auth_tok: authentication token
449
 *
450
 * Returns zero on valid auth tok; -EINVAL if the payload is invalid; or
451
 * -EKEYREVOKED if the key was revoked before we acquired its semaphore.
452
 */
453
static int
454
ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
455
				  struct ecryptfs_auth_tok **auth_tok)
456
{
457
	int rc = 0;
458

459
	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
460
	if (IS_ERR(*auth_tok)) {
461
		rc = PTR_ERR(*auth_tok);
462
		*auth_tok = NULL;
463
		goto out;
464
	}
465

466
	if (ecryptfs_verify_version((*auth_tok)->version)) {
467
		printk(KERN_ERR "Data structure version mismatch. Userspace "
468
		       "tools must match eCryptfs kernel module with major "
469
		       "version [%d] and minor version [%d]\n",
470
		       ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
471
		rc = -EINVAL;
472
		goto out;
473
	}
474
	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
475
	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
476
		printk(KERN_ERR "Invalid auth_tok structure "
477
		       "returned from key query\n");
478
		rc = -EINVAL;
479
		goto out;
480
	}
481
out:
482
	return rc;
483
}
484

485
static int
486
ecryptfs_find_global_auth_tok_for_sig(
487
	struct key **auth_tok_key,
488
	struct ecryptfs_auth_tok **auth_tok,
489
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
490
{
491
	struct ecryptfs_global_auth_tok *walker;
492
	int rc = 0;
493

494
	(*auth_tok_key) = NULL;
495
	(*auth_tok) = NULL;
496
	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
497
	list_for_each_entry(walker,
498
			    &mount_crypt_stat->global_auth_tok_list,
499
			    mount_crypt_stat_list) {
500
		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
501
			continue;
502

503
		if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
504
			rc = -EINVAL;
505
			goto out;
506
		}
507

508
		rc = key_validate(walker->global_auth_tok_key);
509
		if (rc) {
510
			if (rc == -EKEYEXPIRED)
511
				goto out;
512
			goto out_invalid_auth_tok;
513
		}
514

515
		down_write(&(walker->global_auth_tok_key->sem));
516
		rc = ecryptfs_verify_auth_tok_from_key(
517
				walker->global_auth_tok_key, auth_tok);
518
		if (rc)
519
			goto out_invalid_auth_tok_unlock;
520

521
		(*auth_tok_key) = walker->global_auth_tok_key;
522
		key_get(*auth_tok_key);
523
		goto out;
524
	}
525
	rc = -ENOENT;
526
	goto out;
527
out_invalid_auth_tok_unlock:
528
	up_write(&(walker->global_auth_tok_key->sem));
529
out_invalid_auth_tok:
530
	printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
531
	walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
532
	key_put(walker->global_auth_tok_key);
533
	walker->global_auth_tok_key = NULL;
534
out:
535
	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
536
	return rc;
537
}
538

539
/**
540
 * ecryptfs_find_auth_tok_for_sig
541
 * @auth_tok_key: key containing the authentication token
542
 * @auth_tok: Set to the matching auth_tok; NULL if not found
543
 * @mount_crypt_stat: inode crypt_stat crypto context
544
 * @sig: Sig of auth_tok to find
545
 *
546
 * For now, this function simply looks at the registered auth_tok's
547
 * linked off the mount_crypt_stat, so all the auth_toks that can be
548
 * used must be registered at mount time. This function could
549
 * potentially try a lot harder to find auth_tok's (e.g., by calling
550
 * out to ecryptfsd to dynamically retrieve an auth_tok object) so
551
 * that static registration of auth_tok's will no longer be necessary.
552
 *
553
 * Returns zero on no error; non-zero on error
554
 */
555
static int
556
ecryptfs_find_auth_tok_for_sig(
557
	struct key **auth_tok_key,
558
	struct ecryptfs_auth_tok **auth_tok,
559
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
560
	char *sig)
561
{
562
	int rc = 0;
563

564
	rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
565
						   mount_crypt_stat, sig);
566
	if (rc == -ENOENT) {
567
		/* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
568
		 * mount_crypt_stat structure, we prevent to use auth toks that
569
		 * are not inserted through the ecryptfs_add_global_auth_tok
570
		 * function.
571
		 */
572
		if (mount_crypt_stat->flags
573
				& ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
574
			return -EINVAL;
575

576
		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
577
						       sig);
578
	}
579
	return rc;
580
}
581

582
/*
583
 * write_tag_70_packet can gobble a lot of stack space. We stuff most
584
 * of the function's parameters in a kmalloc'd struct to help reduce
585
 * eCryptfs' overall stack usage.
586
 */
587
struct ecryptfs_write_tag_70_packet_silly_stack {
588
	u8 cipher_code;
589
	size_t max_packet_size;
590
	size_t packet_size_len;
591
	size_t block_aligned_filename_size;
592
	size_t block_size;
593
	size_t i;
594
	size_t j;
595
	size_t num_rand_bytes;
596
	struct mutex *tfm_mutex;
597
	char *block_aligned_filename;
598
	struct ecryptfs_auth_tok *auth_tok;
599
	struct scatterlist src_sg[2];
600
	struct scatterlist dst_sg[2];
601
	struct crypto_skcipher *skcipher_tfm;
602
	struct skcipher_request *skcipher_req;
603
	char iv[ECRYPTFS_MAX_IV_BYTES];
604
	char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
605
	char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
606
	struct crypto_shash *hash_tfm;
607
	struct shash_desc *hash_desc;
608
};
609

610
/*
611
 * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
612
 * @filename: NULL-terminated filename string
613
 *
614
 * This is the simplest mechanism for achieving filename encryption in
615
 * eCryptfs. It encrypts the given filename with the mount-wide
616
 * filename encryption key (FNEK) and stores it in a packet to @dest,
617
 * which the callee will encode and write directly into the dentry
618
 * name.
619
 */
620
int
621
ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
622
			     size_t *packet_size,
623
			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
624
			     char *filename, size_t filename_size)
625
{
626
	struct ecryptfs_write_tag_70_packet_silly_stack *s;
627
	struct key *auth_tok_key = NULL;
628
	int rc = 0;
629

630
	s = kzalloc(sizeof(*s), GFP_KERNEL);
631
	if (!s)
632
		return -ENOMEM;
633

634
	(*packet_size) = 0;
635
	rc = ecryptfs_find_auth_tok_for_sig(
636
		&auth_tok_key,
637
		&s->auth_tok, mount_crypt_stat,
638
		mount_crypt_stat->global_default_fnek_sig);
639
	if (rc) {
640
		printk(KERN_ERR "%s: Error attempting to find auth tok for "
641
		       "fnek sig [%s]; rc = [%d]\n", __func__,
642
		       mount_crypt_stat->global_default_fnek_sig, rc);
643
		goto out;
644
	}
645
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
646
		&s->skcipher_tfm,
647
		&s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
648
	if (unlikely(rc)) {
649
		printk(KERN_ERR "Internal error whilst attempting to get "
650
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
651
		       mount_crypt_stat->global_default_fn_cipher_name, rc);
652
		goto out;
653
	}
654
	mutex_lock(s->tfm_mutex);
655
	s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm);
656
	/* Plus one for the \0 separator between the random prefix
657
	 * and the plaintext filename */
658
	s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
659
	s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
660
	if ((s->block_aligned_filename_size % s->block_size) != 0) {
661
		s->num_rand_bytes += (s->block_size
662
				      - (s->block_aligned_filename_size
663
					 % s->block_size));
664
		s->block_aligned_filename_size = (s->num_rand_bytes
665
						  + filename_size);
666
	}
667
	/* Octet 0: Tag 70 identifier
668
	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
669
	 *              and block-aligned encrypted filename size)
670
	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
671
	 * Octet N2-N3: Cipher identifier (1 octet)
672
	 * Octets N3-N4: Block-aligned encrypted filename
673
	 *  - Consists of a minimum number of random characters, a \0
674
	 *    separator, and then the filename */
675
	s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE
676
			      + s->block_aligned_filename_size);
677
	if (!dest) {
678
		(*packet_size) = s->max_packet_size;
679
		goto out_unlock;
680
	}
681
	if (s->max_packet_size > (*remaining_bytes)) {
682
		printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
683
		       "[%zd] available\n", __func__, s->max_packet_size,
684
		       (*remaining_bytes));
685
		rc = -EINVAL;
686
		goto out_unlock;
687
	}
688

689
	s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
690
	if (!s->skcipher_req) {
691
		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
692
		       "skcipher_request_alloc for %s\n", __func__,
693
		       crypto_skcipher_driver_name(s->skcipher_tfm));
694
		rc = -ENOMEM;
695
		goto out_unlock;
696
	}
697

698
	skcipher_request_set_callback(s->skcipher_req,
699
				      CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
700

701
	s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
702
					    GFP_KERNEL);
703
	if (!s->block_aligned_filename) {
704
		rc = -ENOMEM;
705
		goto out_unlock;
706
	}
707
	dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
708
	rc = ecryptfs_write_packet_length(&dest[s->i],
709
					  (ECRYPTFS_SIG_SIZE
710
					   + 1 /* Cipher code */
711
					   + s->block_aligned_filename_size),
712
					  &s->packet_size_len);
713
	if (rc) {
714
		printk(KERN_ERR "%s: Error generating tag 70 packet "
715
		       "header; cannot generate packet length; rc = [%d]\n",
716
		       __func__, rc);
717
		goto out_free_unlock;
718
	}
719
	s->i += s->packet_size_len;
720
	ecryptfs_from_hex(&dest[s->i],
721
			  mount_crypt_stat->global_default_fnek_sig,
722
			  ECRYPTFS_SIG_SIZE);
723
	s->i += ECRYPTFS_SIG_SIZE;
724
	s->cipher_code = ecryptfs_code_for_cipher_string(
725
		mount_crypt_stat->global_default_fn_cipher_name,
726
		mount_crypt_stat->global_default_fn_cipher_key_bytes);
727
	if (s->cipher_code == 0) {
728
		printk(KERN_WARNING "%s: Unable to generate code for "
729
		       "cipher [%s] with key bytes [%zd]\n", __func__,
730
		       mount_crypt_stat->global_default_fn_cipher_name,
731
		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
732
		rc = -EINVAL;
733
		goto out_free_unlock;
734
	}
735
	dest[s->i++] = s->cipher_code;
736
	/* TODO: Support other key modules than passphrase for
737
	 * filename encryption */
738
	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
739
		rc = -EOPNOTSUPP;
740
		printk(KERN_INFO "%s: Filename encryption only supports "
741
		       "password tokens\n", __func__);
742
		goto out_free_unlock;
743
	}
744
	s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0);
745
	if (IS_ERR(s->hash_tfm)) {
746
			rc = PTR_ERR(s->hash_tfm);
747
			printk(KERN_ERR "%s: Error attempting to "
748
			       "allocate hash crypto context; rc = [%d]\n",
749
			       __func__, rc);
750
			goto out_free_unlock;
751
	}
752

753
	s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
754
			       crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
755
	if (!s->hash_desc) {
756
		rc = -ENOMEM;
757
		goto out_release_free_unlock;
758
	}
759

760
	s->hash_desc->tfm = s->hash_tfm;
761

762
	rc = crypto_shash_digest(s->hash_desc,
763
				 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
764
				 s->auth_tok->token.password.session_key_encryption_key_bytes,
765
				 s->hash);
766
	if (rc) {
767
		printk(KERN_ERR
768
		       "%s: Error computing crypto hash; rc = [%d]\n",
769
		       __func__, rc);
770
		goto out_release_free_unlock;
771
	}
772
	for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
773
		s->block_aligned_filename[s->j] =
774
			s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
775
		if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
776
		    == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
777
			rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash,
778
						ECRYPTFS_TAG_70_DIGEST_SIZE,
779
						s->tmp_hash);
780
			if (rc) {
781
				printk(KERN_ERR
782
				       "%s: Error computing crypto hash; "
783
				       "rc = [%d]\n", __func__, rc);
784
				goto out_release_free_unlock;
785
			}
786
			memcpy(s->hash, s->tmp_hash,
787
			       ECRYPTFS_TAG_70_DIGEST_SIZE);
788
		}
789
		if (s->block_aligned_filename[s->j] == '\0')
790
			s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
791
	}
792
	memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
793
	       filename_size);
794
	rc = virt_to_scatterlist(s->block_aligned_filename,
795
				 s->block_aligned_filename_size, s->src_sg, 2);
796
	if (rc < 1) {
797
		printk(KERN_ERR "%s: Internal error whilst attempting to "
798
		       "convert filename memory to scatterlist; rc = [%d]. "
799
		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
800
		       s->block_aligned_filename_size);
801
		goto out_release_free_unlock;
802
	}
803
	rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
804
				 s->dst_sg, 2);
805
	if (rc < 1) {
806
		printk(KERN_ERR "%s: Internal error whilst attempting to "
807
		       "convert encrypted filename memory to scatterlist; "
808
		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
809
		       __func__, rc, s->block_aligned_filename_size);
810
		goto out_release_free_unlock;
811
	}
812
	/* The characters in the first block effectively do the job
813
	 * of the IV here, so we just use 0's for the IV. Note the
814
	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
815
	 * >= ECRYPTFS_MAX_IV_BYTES. */
816
	rc = crypto_skcipher_setkey(
817
		s->skcipher_tfm,
818
		s->auth_tok->token.password.session_key_encryption_key,
819
		mount_crypt_stat->global_default_fn_cipher_key_bytes);
820
	if (rc < 0) {
821
		printk(KERN_ERR "%s: Error setting key for crypto context; "
822
		       "rc = [%d]. s->auth_tok->token.password.session_key_"
823
		       "encryption_key = [0x%p]; mount_crypt_stat->"
824
		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
825
		       rc,
826
		       s->auth_tok->token.password.session_key_encryption_key,
827
		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
828
		goto out_release_free_unlock;
829
	}
830
	skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
831
				   s->block_aligned_filename_size, s->iv);
832
	rc = crypto_skcipher_encrypt(s->skcipher_req);
833
	if (rc) {
834
		printk(KERN_ERR "%s: Error attempting to encrypt filename; "
835
		       "rc = [%d]\n", __func__, rc);
836
		goto out_release_free_unlock;
837
	}
838
	s->i += s->block_aligned_filename_size;
839
	(*packet_size) = s->i;
840
	(*remaining_bytes) -= (*packet_size);
841
out_release_free_unlock:
842
	crypto_free_shash(s->hash_tfm);
843
out_free_unlock:
844
	kfree_sensitive(s->block_aligned_filename);
845
out_unlock:
846
	mutex_unlock(s->tfm_mutex);
847
out:
848
	if (auth_tok_key) {
849
		up_write(&(auth_tok_key->sem));
850
		key_put(auth_tok_key);
851
	}
852
	skcipher_request_free(s->skcipher_req);
853
	kfree_sensitive(s->hash_desc);
854
	kfree(s);
855
	return rc;
856
}
857

858
struct ecryptfs_parse_tag_70_packet_silly_stack {
859
	u8 cipher_code;
860
	size_t max_packet_size;
861
	size_t packet_size_len;
862
	size_t parsed_tag_70_packet_size;
863
	size_t block_aligned_filename_size;
864
	size_t block_size;
865
	size_t i;
866
	struct mutex *tfm_mutex;
867
	char *decrypted_filename;
868
	struct ecryptfs_auth_tok *auth_tok;
869
	struct scatterlist src_sg[2];
870
	struct scatterlist dst_sg[2];
871
	struct crypto_skcipher *skcipher_tfm;
872
	struct skcipher_request *skcipher_req;
873
	char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
874
	char iv[ECRYPTFS_MAX_IV_BYTES];
875
	char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
876
};
877

878
/**
879
 * ecryptfs_parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
880
 * @filename: This function kmalloc's the memory for the filename
881
 * @filename_size: This function sets this to the amount of memory
882
 *                 kmalloc'd for the filename
883
 * @packet_size: This function sets this to the the number of octets
884
 *               in the packet parsed
885
 * @mount_crypt_stat: The mount-wide cryptographic context
886
 * @data: The memory location containing the start of the tag 70
887
 *        packet
888
 * @max_packet_size: The maximum legal size of the packet to be parsed
889
 *                   from @data
890
 *
891
 * Returns zero on success; non-zero otherwise
892
 */
893
int
894
ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
895
			     size_t *packet_size,
896
			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
897
			     char *data, size_t max_packet_size)
898
{
899
	struct ecryptfs_parse_tag_70_packet_silly_stack *s;
900
	struct key *auth_tok_key = NULL;
901
	int rc = 0;
902

903
	(*packet_size) = 0;
904
	(*filename_size) = 0;
905
	(*filename) = NULL;
906
	s = kzalloc(sizeof(*s), GFP_KERNEL);
907
	if (!s)
908
		return -ENOMEM;
909

910
	if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
911
		printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
912
		       "at least [%d]\n", __func__, max_packet_size,
913
		       ECRYPTFS_TAG_70_MIN_METADATA_SIZE);
914
		rc = -EINVAL;
915
		goto out;
916
	}
917
	/* Octet 0: Tag 70 identifier
918
	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
919
	 *              and block-aligned encrypted filename size)
920
	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
921
	 * Octet N2-N3: Cipher identifier (1 octet)
922
	 * Octets N3-N4: Block-aligned encrypted filename
923
	 *  - Consists of a minimum number of random numbers, a \0
924
	 *    separator, and then the filename */
925
	if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
926
		printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
927
		       "tag [0x%.2x]\n", __func__,
928
		       data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
929
		rc = -EINVAL;
930
		goto out;
931
	}
932
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
933
					  &s->parsed_tag_70_packet_size,
934
					  &s->packet_size_len);
935
	if (rc) {
936
		printk(KERN_WARNING "%s: Error parsing packet length; "
937
		       "rc = [%d]\n", __func__, rc);
938
		goto out;
939
	}
940
	s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
941
					  - ECRYPTFS_SIG_SIZE - 1);
942
	if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
943
	    > max_packet_size) {
944
		printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
945
		       "size is [%zd]\n", __func__, max_packet_size,
946
		       (1 + s->packet_size_len + 1
947
			+ s->block_aligned_filename_size));
948
		rc = -EINVAL;
949
		goto out;
950
	}
951
	(*packet_size) += s->packet_size_len;
952
	ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
953
			ECRYPTFS_SIG_SIZE);
954
	s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
955
	(*packet_size) += ECRYPTFS_SIG_SIZE;
956
	s->cipher_code = data[(*packet_size)++];
957
	rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
958
	if (rc) {
959
		printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
960
		       __func__, s->cipher_code);
961
		goto out;
962
	}
963
	rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
964
					    &s->auth_tok, mount_crypt_stat,
965
					    s->fnek_sig_hex);
966
	if (rc) {
967
		printk(KERN_ERR "%s: Error attempting to find auth tok for "
968
		       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
969
		       rc);
970
		goto out;
971
	}
972
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm,
973
							&s->tfm_mutex,
974
							s->cipher_string);
975
	if (unlikely(rc)) {
976
		printk(KERN_ERR "Internal error whilst attempting to get "
977
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
978
		       s->cipher_string, rc);
979
		goto out;
980
	}
981
	mutex_lock(s->tfm_mutex);
982
	rc = virt_to_scatterlist(&data[(*packet_size)],
983
				 s->block_aligned_filename_size, s->src_sg, 2);
984
	if (rc < 1) {
985
		printk(KERN_ERR "%s: Internal error whilst attempting to "
986
		       "convert encrypted filename memory to scatterlist; "
987
		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
988
		       __func__, rc, s->block_aligned_filename_size);
989
		goto out_unlock;
990
	}
991
	(*packet_size) += s->block_aligned_filename_size;
992
	s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
993
					GFP_KERNEL);
994
	if (!s->decrypted_filename) {
995
		rc = -ENOMEM;
996
		goto out_unlock;
997
	}
998
	rc = virt_to_scatterlist(s->decrypted_filename,
999
				 s->block_aligned_filename_size, s->dst_sg, 2);
1000
	if (rc < 1) {
1001
		printk(KERN_ERR "%s: Internal error whilst attempting to "
1002
		       "convert decrypted filename memory to scatterlist; "
1003
		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1004
		       __func__, rc, s->block_aligned_filename_size);
1005
		goto out_free_unlock;
1006
	}
1007

1008
	s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
1009
	if (!s->skcipher_req) {
1010
		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1011
		       "skcipher_request_alloc for %s\n", __func__,
1012
		       crypto_skcipher_driver_name(s->skcipher_tfm));
1013
		rc = -ENOMEM;
1014
		goto out_free_unlock;
1015
	}
1016

1017
	skcipher_request_set_callback(s->skcipher_req,
1018
				      CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1019

1020
	/* The characters in the first block effectively do the job of
1021
	 * the IV here, so we just use 0's for the IV. Note the
1022
	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1023
	 * >= ECRYPTFS_MAX_IV_BYTES. */
1024
	/* TODO: Support other key modules than passphrase for
1025
	 * filename encryption */
1026
	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1027
		rc = -EOPNOTSUPP;
1028
		printk(KERN_INFO "%s: Filename encryption only supports "
1029
		       "password tokens\n", __func__);
1030
		goto out_free_unlock;
1031
	}
1032
	rc = crypto_skcipher_setkey(
1033
		s->skcipher_tfm,
1034
		s->auth_tok->token.password.session_key_encryption_key,
1035
		mount_crypt_stat->global_default_fn_cipher_key_bytes);
1036
	if (rc < 0) {
1037
		printk(KERN_ERR "%s: Error setting key for crypto context; "
1038
		       "rc = [%d]. s->auth_tok->token.password.session_key_"
1039
		       "encryption_key = [0x%p]; mount_crypt_stat->"
1040
		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
1041
		       rc,
1042
		       s->auth_tok->token.password.session_key_encryption_key,
1043
		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
1044
		goto out_free_unlock;
1045
	}
1046
	skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
1047
				   s->block_aligned_filename_size, s->iv);
1048
	rc = crypto_skcipher_decrypt(s->skcipher_req);
1049
	if (rc) {
1050
		printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1051
		       "rc = [%d]\n", __func__, rc);
1052
		goto out_free_unlock;
1053
	}
1054

1055
	while (s->i < s->block_aligned_filename_size &&
1056
	       s->decrypted_filename[s->i] != '\0')
1057
		s->i++;
1058
	if (s->i == s->block_aligned_filename_size) {
1059
		printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
1060
		       "find valid separator between random characters and "
1061
		       "the filename\n", __func__);
1062
		rc = -EINVAL;
1063
		goto out_free_unlock;
1064
	}
1065
	s->i++;
1066
	(*filename_size) = (s->block_aligned_filename_size - s->i);
1067
	if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
1068
		printk(KERN_WARNING "%s: Filename size is [%zd], which is "
1069
		       "invalid\n", __func__, (*filename_size));
1070
		rc = -EINVAL;
1071
		goto out_free_unlock;
1072
	}
1073
	(*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
1074
	if (!(*filename)) {
1075
		rc = -ENOMEM;
1076
		goto out_free_unlock;
1077
	}
1078
	memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
1079
	(*filename)[(*filename_size)] = '\0';
1080
out_free_unlock:
1081
	kfree(s->decrypted_filename);
1082
out_unlock:
1083
	mutex_unlock(s->tfm_mutex);
1084
out:
1085
	if (rc) {
1086
		(*packet_size) = 0;
1087
		(*filename_size) = 0;
1088
		(*filename) = NULL;
1089
	}
1090
	if (auth_tok_key) {
1091
		up_write(&(auth_tok_key->sem));
1092
		key_put(auth_tok_key);
1093
	}
1094
	skcipher_request_free(s->skcipher_req);
1095
	kfree(s);
1096
	return rc;
1097
}
1098

1099
static int
1100
ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1101
{
1102
	int rc = 0;
1103

1104
	(*sig) = NULL;
1105
	switch (auth_tok->token_type) {
1106
	case ECRYPTFS_PASSWORD:
1107
		(*sig) = auth_tok->token.password.signature;
1108
		break;
1109
	case ECRYPTFS_PRIVATE_KEY:
1110
		(*sig) = auth_tok->token.private_key.signature;
1111
		break;
1112
	default:
1113
		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1114
		       auth_tok->token_type);
1115
		rc = -EINVAL;
1116
	}
1117
	return rc;
1118
}
1119

1120
/**
1121
 * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1122
 * @auth_tok: The key authentication token used to decrypt the session key
1123
 * @crypt_stat: The cryptographic context
1124
 *
1125
 * Returns zero on success; non-zero error otherwise.
1126
 */
1127
static int
1128
decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1129
				  struct ecryptfs_crypt_stat *crypt_stat)
1130
{
1131
	u8 cipher_code = 0;
1132
	struct ecryptfs_msg_ctx *msg_ctx;
1133
	struct ecryptfs_message *msg = NULL;
1134
	char *auth_tok_sig;
1135
	char *payload = NULL;
1136
	size_t payload_len = 0;
1137
	int rc;
1138

1139
	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1140
	if (rc) {
1141
		printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1142
		       auth_tok->token_type);
1143
		goto out;
1144
	}
1145
	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1146
				 &payload, &payload_len);
1147
	if (rc) {
1148
		ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1149
		goto out;
1150
	}
1151
	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1152
	if (rc) {
1153
		ecryptfs_printk(KERN_ERR, "Error sending message to "
1154
				"ecryptfsd: %d\n", rc);
1155
		goto out;
1156
	}
1157
	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1158
	if (rc) {
1159
		ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1160
				"from the user space daemon\n");
1161
		rc = -EIO;
1162
		goto out;
1163
	}
1164
	rc = parse_tag_65_packet(&(auth_tok->session_key),
1165
				 &cipher_code, msg);
1166
	if (rc) {
1167
		printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1168
		       rc);
1169
		goto out;
1170
	}
1171
	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1172
	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1173
	       auth_tok->session_key.decrypted_key_size);
1174
	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1175
	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1176
	if (rc) {
1177
		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1178
				cipher_code);
1179
		goto out;
1180
	}
1181
	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1182
	if (ecryptfs_verbosity > 0) {
1183
		ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1184
		ecryptfs_dump_hex(crypt_stat->key,
1185
				  crypt_stat->key_size);
1186
	}
1187
out:
1188
	kfree(msg);
1189
	kfree(payload);
1190
	return rc;
1191
}
1192

1193
static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1194
{
1195
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1196
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1197

1198
	list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1199
				 auth_tok_list_head, list) {
1200
		list_del(&auth_tok_list_item->list);
1201
		kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1202
				auth_tok_list_item);
1203
	}
1204
}
1205

1206
struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1207

1208
/**
1209
 * parse_tag_1_packet
1210
 * @crypt_stat: The cryptographic context to modify based on packet contents
1211
 * @data: The raw bytes of the packet.
1212
 * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1213
 *                 a new authentication token will be placed at the
1214
 *                 end of this list for this packet.
1215
 * @new_auth_tok: Pointer to a pointer to memory that this function
1216
 *                allocates; sets the memory address of the pointer to
1217
 *                NULL on error. This object is added to the
1218
 *                auth_tok_list.
1219
 * @packet_size: This function writes the size of the parsed packet
1220
 *               into this memory location; zero on error.
1221
 * @max_packet_size: The maximum allowable packet size
1222
 *
1223
 * Returns zero on success; non-zero on error.
1224
 */
1225
static int
1226
parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1227
		   unsigned char *data, struct list_head *auth_tok_list,
1228
		   struct ecryptfs_auth_tok **new_auth_tok,
1229
		   size_t *packet_size, size_t max_packet_size)
1230
{
1231
	size_t body_size;
1232
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1233
	size_t length_size;
1234
	int rc = 0;
1235

1236
	(*packet_size) = 0;
1237
	(*new_auth_tok) = NULL;
1238
	/**
1239
	 * This format is inspired by OpenPGP; see RFC 2440
1240
	 * packet tag 1
1241
	 *
1242
	 * Tag 1 identifier (1 byte)
1243
	 * Max Tag 1 packet size (max 3 bytes)
1244
	 * Version (1 byte)
1245
	 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1246
	 * Cipher identifier (1 byte)
1247
	 * Encrypted key size (arbitrary)
1248
	 *
1249
	 * 12 bytes minimum packet size
1250
	 */
1251
	if (unlikely(max_packet_size < 12)) {
1252
		printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1253
		rc = -EINVAL;
1254
		goto out;
1255
	}
1256
	if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1257
		printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1258
		       ECRYPTFS_TAG_1_PACKET_TYPE);
1259
		rc = -EINVAL;
1260
		goto out;
1261
	}
1262
	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1263
	 * at end of function upon failure */
1264
	auth_tok_list_item =
1265
		kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1266
				  GFP_KERNEL);
1267
	if (!auth_tok_list_item) {
1268
		printk(KERN_ERR "Unable to allocate memory\n");
1269
		rc = -ENOMEM;
1270
		goto out;
1271
	}
1272
	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1273
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1274
					  &length_size);
1275
	if (rc) {
1276
		printk(KERN_WARNING "Error parsing packet length; "
1277
		       "rc = [%d]\n", rc);
1278
		goto out_free;
1279
	}
1280
	if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1281
		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1282
		rc = -EINVAL;
1283
		goto out_free;
1284
	}
1285
	(*packet_size) += length_size;
1286
	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1287
		printk(KERN_WARNING "Packet size exceeds max\n");
1288
		rc = -EINVAL;
1289
		goto out_free;
1290
	}
1291
	if (unlikely(data[(*packet_size)++] != 0x03)) {
1292
		printk(KERN_WARNING "Unknown version number [%d]\n",
1293
		       data[(*packet_size) - 1]);
1294
		rc = -EINVAL;
1295
		goto out_free;
1296
	}
1297
	ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1298
			&data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1299
	*packet_size += ECRYPTFS_SIG_SIZE;
1300
	/* This byte is skipped because the kernel does not need to
1301
	 * know which public key encryption algorithm was used */
1302
	(*packet_size)++;
1303
	(*new_auth_tok)->session_key.encrypted_key_size =
1304
		body_size - (ECRYPTFS_SIG_SIZE + 2);
1305
	if ((*new_auth_tok)->session_key.encrypted_key_size
1306
	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1307
		printk(KERN_WARNING "Tag 1 packet contains key larger "
1308
		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1309
		rc = -EINVAL;
1310
		goto out_free;
1311
	}
1312
	memcpy((*new_auth_tok)->session_key.encrypted_key,
1313
	       &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1314
	(*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1315
	(*new_auth_tok)->session_key.flags &=
1316
		~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1317
	(*new_auth_tok)->session_key.flags |=
1318
		ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1319
	(*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1320
	(*new_auth_tok)->flags = 0;
1321
	(*new_auth_tok)->session_key.flags &=
1322
		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1323
	(*new_auth_tok)->session_key.flags &=
1324
		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1325
	list_add(&auth_tok_list_item->list, auth_tok_list);
1326
	goto out;
1327
out_free:
1328
	(*new_auth_tok) = NULL;
1329
	memset(auth_tok_list_item, 0,
1330
	       sizeof(struct ecryptfs_auth_tok_list_item));
1331
	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1332
			auth_tok_list_item);
1333
out:
1334
	if (rc)
1335
		(*packet_size) = 0;
1336
	return rc;
1337
}
1338

1339
/**
1340
 * parse_tag_3_packet
1341
 * @crypt_stat: The cryptographic context to modify based on packet
1342
 *              contents.
1343
 * @data: The raw bytes of the packet.
1344
 * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1345
 *                 a new authentication token will be placed at the end
1346
 *                 of this list for this packet.
1347
 * @new_auth_tok: Pointer to a pointer to memory that this function
1348
 *                allocates; sets the memory address of the pointer to
1349
 *                NULL on error. This object is added to the
1350
 *                auth_tok_list.
1351
 * @packet_size: This function writes the size of the parsed packet
1352
 *               into this memory location; zero on error.
1353
 * @max_packet_size: maximum number of bytes to parse
1354
 *
1355
 * Returns zero on success; non-zero on error.
1356
 */
1357
static int
1358
parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1359
		   unsigned char *data, struct list_head *auth_tok_list,
1360
		   struct ecryptfs_auth_tok **new_auth_tok,
1361
		   size_t *packet_size, size_t max_packet_size)
1362
{
1363
	size_t body_size;
1364
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1365
	size_t length_size;
1366
	int rc = 0;
1367

1368
	(*packet_size) = 0;
1369
	(*new_auth_tok) = NULL;
1370
	/**
1371
	 *This format is inspired by OpenPGP; see RFC 2440
1372
	 * packet tag 3
1373
	 *
1374
	 * Tag 3 identifier (1 byte)
1375
	 * Max Tag 3 packet size (max 3 bytes)
1376
	 * Version (1 byte)
1377
	 * Cipher code (1 byte)
1378
	 * S2K specifier (1 byte)
1379
	 * Hash identifier (1 byte)
1380
	 * Salt (ECRYPTFS_SALT_SIZE)
1381
	 * Hash iterations (1 byte)
1382
	 * Encrypted key (arbitrary)
1383
	 *
1384
	 * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1385
	 */
1386
	if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1387
		printk(KERN_ERR "Max packet size too large\n");
1388
		rc = -EINVAL;
1389
		goto out;
1390
	}
1391
	if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1392
		printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1393
		       ECRYPTFS_TAG_3_PACKET_TYPE);
1394
		rc = -EINVAL;
1395
		goto out;
1396
	}
1397
	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1398
	 * at end of function upon failure */
1399
	auth_tok_list_item =
1400
	    kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1401
	if (!auth_tok_list_item) {
1402
		printk(KERN_ERR "Unable to allocate memory\n");
1403
		rc = -ENOMEM;
1404
		goto out;
1405
	}
1406
	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1407
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1408
					  &length_size);
1409
	if (rc) {
1410
		printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1411
		       rc);
1412
		goto out_free;
1413
	}
1414
	if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1415
		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1416
		rc = -EINVAL;
1417
		goto out_free;
1418
	}
1419
	(*packet_size) += length_size;
1420
	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1421
		printk(KERN_ERR "Packet size exceeds max\n");
1422
		rc = -EINVAL;
1423
		goto out_free;
1424
	}
1425
	(*new_auth_tok)->session_key.encrypted_key_size =
1426
		(body_size - (ECRYPTFS_SALT_SIZE + 5));
1427
	if ((*new_auth_tok)->session_key.encrypted_key_size
1428
	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1429
		printk(KERN_WARNING "Tag 3 packet contains key larger "
1430
		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1431
		rc = -EINVAL;
1432
		goto out_free;
1433
	}
1434
	if (unlikely(data[(*packet_size)++] != 0x04)) {
1435
		printk(KERN_WARNING "Unknown version number [%d]\n",
1436
		       data[(*packet_size) - 1]);
1437
		rc = -EINVAL;
1438
		goto out_free;
1439
	}
1440
	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1441
					    (u16)data[(*packet_size)]);
1442
	if (rc)
1443
		goto out_free;
1444
	/* A little extra work to differentiate among the AES key
1445
	 * sizes; see RFC2440 */
1446
	switch(data[(*packet_size)++]) {
1447
	case RFC2440_CIPHER_AES_192:
1448
		crypt_stat->key_size = 24;
1449
		break;
1450
	default:
1451
		crypt_stat->key_size =
1452
			(*new_auth_tok)->session_key.encrypted_key_size;
1453
	}
1454
	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1455
	if (rc)
1456
		goto out_free;
1457
	if (unlikely(data[(*packet_size)++] != 0x03)) {
1458
		printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1459
		rc = -ENOSYS;
1460
		goto out_free;
1461
	}
1462
	/* TODO: finish the hash mapping */
1463
	switch (data[(*packet_size)++]) {
1464
	case 0x01: /* See RFC2440 for these numbers and their mappings */
1465
		/* Choose MD5 */
1466
		memcpy((*new_auth_tok)->token.password.salt,
1467
		       &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1468
		(*packet_size) += ECRYPTFS_SALT_SIZE;
1469
		/* This conversion was taken straight from RFC2440 */
1470
		(*new_auth_tok)->token.password.hash_iterations =
1471
			((u32) 16 + (data[(*packet_size)] & 15))
1472
				<< ((data[(*packet_size)] >> 4) + 6);
1473
		(*packet_size)++;
1474
		/* Friendly reminder:
1475
		 * (*new_auth_tok)->session_key.encrypted_key_size =
1476
		 *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1477
		memcpy((*new_auth_tok)->session_key.encrypted_key,
1478
		       &data[(*packet_size)],
1479
		       (*new_auth_tok)->session_key.encrypted_key_size);
1480
		(*packet_size) +=
1481
			(*new_auth_tok)->session_key.encrypted_key_size;
1482
		(*new_auth_tok)->session_key.flags &=
1483
			~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1484
		(*new_auth_tok)->session_key.flags |=
1485
			ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1486
		(*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1487
		break;
1488
	default:
1489
		ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1490
				"[%d]\n", data[(*packet_size) - 1]);
1491
		rc = -ENOSYS;
1492
		goto out_free;
1493
	}
1494
	(*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1495
	/* TODO: Parametarize; we might actually want userspace to
1496
	 * decrypt the session key. */
1497
	(*new_auth_tok)->session_key.flags &=
1498
			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1499
	(*new_auth_tok)->session_key.flags &=
1500
			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1501
	list_add(&auth_tok_list_item->list, auth_tok_list);
1502
	goto out;
1503
out_free:
1504
	(*new_auth_tok) = NULL;
1505
	memset(auth_tok_list_item, 0,
1506
	       sizeof(struct ecryptfs_auth_tok_list_item));
1507
	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1508
			auth_tok_list_item);
1509
out:
1510
	if (rc)
1511
		(*packet_size) = 0;
1512
	return rc;
1513
}
1514

1515
/**
1516
 * parse_tag_11_packet
1517
 * @data: The raw bytes of the packet
1518
 * @contents: This function writes the data contents of the literal
1519
 *            packet into this memory location
1520
 * @max_contents_bytes: The maximum number of bytes that this function
1521
 *                      is allowed to write into contents
1522
 * @tag_11_contents_size: This function writes the size of the parsed
1523
 *                        contents into this memory location; zero on
1524
 *                        error
1525
 * @packet_size: This function writes the size of the parsed packet
1526
 *               into this memory location; zero on error
1527
 * @max_packet_size: maximum number of bytes to parse
1528
 *
1529
 * Returns zero on success; non-zero on error.
1530
 */
1531
static int
1532
parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1533
		    size_t max_contents_bytes, size_t *tag_11_contents_size,
1534
		    size_t *packet_size, size_t max_packet_size)
1535
{
1536
	size_t body_size;
1537
	size_t length_size;
1538
	int rc = 0;
1539

1540
	(*packet_size) = 0;
1541
	(*tag_11_contents_size) = 0;
1542
	/* This format is inspired by OpenPGP; see RFC 2440
1543
	 * packet tag 11
1544
	 *
1545
	 * Tag 11 identifier (1 byte)
1546
	 * Max Tag 11 packet size (max 3 bytes)
1547
	 * Binary format specifier (1 byte)
1548
	 * Filename length (1 byte)
1549
	 * Filename ("_CONSOLE") (8 bytes)
1550
	 * Modification date (4 bytes)
1551
	 * Literal data (arbitrary)
1552
	 *
1553
	 * We need at least 16 bytes of data for the packet to even be
1554
	 * valid.
1555
	 */
1556
	if (max_packet_size < 16) {
1557
		printk(KERN_ERR "Maximum packet size too small\n");
1558
		rc = -EINVAL;
1559
		goto out;
1560
	}
1561
	if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1562
		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1563
		rc = -EINVAL;
1564
		goto out;
1565
	}
1566
	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1567
					  &length_size);
1568
	if (rc) {
1569
		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1570
		goto out;
1571
	}
1572
	if (body_size < 14) {
1573
		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1574
		rc = -EINVAL;
1575
		goto out;
1576
	}
1577
	(*packet_size) += length_size;
1578
	(*tag_11_contents_size) = (body_size - 14);
1579
	if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1580
		printk(KERN_ERR "Packet size exceeds max\n");
1581
		rc = -EINVAL;
1582
		goto out;
1583
	}
1584
	if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1585
		printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1586
		       "expected size\n");
1587
		rc = -EINVAL;
1588
		goto out;
1589
	}
1590
	if (data[(*packet_size)++] != 0x62) {
1591
		printk(KERN_WARNING "Unrecognizable packet\n");
1592
		rc = -EINVAL;
1593
		goto out;
1594
	}
1595
	if (data[(*packet_size)++] != 0x08) {
1596
		printk(KERN_WARNING "Unrecognizable packet\n");
1597
		rc = -EINVAL;
1598
		goto out;
1599
	}
1600
	(*packet_size) += 12; /* Ignore filename and modification date */
1601
	memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1602
	(*packet_size) += (*tag_11_contents_size);
1603
out:
1604
	if (rc) {
1605
		(*packet_size) = 0;
1606
		(*tag_11_contents_size) = 0;
1607
	}
1608
	return rc;
1609
}
1610

1611
int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1612
				      struct ecryptfs_auth_tok **auth_tok,
1613
				      char *sig)
1614
{
1615
	int rc = 0;
1616

1617
	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1618
	if (IS_ERR(*auth_tok_key)) {
1619
		(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
1620
		if (IS_ERR(*auth_tok_key)) {
1621
			printk(KERN_ERR "Could not find key with description: [%s]\n",
1622
			      sig);
1623
			rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1624
			(*auth_tok_key) = NULL;
1625
			goto out;
1626
		}
1627
	}
1628
	down_write(&(*auth_tok_key)->sem);
1629
	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1630
	if (rc) {
1631
		up_write(&(*auth_tok_key)->sem);
1632
		key_put(*auth_tok_key);
1633
		(*auth_tok_key) = NULL;
1634
		goto out;
1635
	}
1636
out:
1637
	return rc;
1638
}
1639

1640
/**
1641
 * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1642
 * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1643
 * @crypt_stat: The cryptographic context
1644
 *
1645
 * Returns zero on success; non-zero error otherwise
1646
 */
1647
static int
1648
decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1649
					 struct ecryptfs_crypt_stat *crypt_stat)
1650
{
1651
	struct scatterlist dst_sg[2];
1652
	struct scatterlist src_sg[2];
1653
	struct mutex *tfm_mutex;
1654
	struct crypto_skcipher *tfm;
1655
	struct skcipher_request *req = NULL;
1656
	int rc = 0;
1657

1658
	if (unlikely(ecryptfs_verbosity > 0)) {
1659
		ecryptfs_printk(
1660
			KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1661
			auth_tok->token.password.session_key_encryption_key_bytes);
1662
		ecryptfs_dump_hex(
1663
			auth_tok->token.password.session_key_encryption_key,
1664
			auth_tok->token.password.session_key_encryption_key_bytes);
1665
	}
1666
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
1667
							crypt_stat->cipher);
1668
	if (unlikely(rc)) {
1669
		printk(KERN_ERR "Internal error whilst attempting to get "
1670
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1671
		       crypt_stat->cipher, rc);
1672
		goto out;
1673
	}
1674
	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1675
				 auth_tok->session_key.encrypted_key_size,
1676
				 src_sg, 2);
1677
	if (rc < 1 || rc > 2) {
1678
		printk(KERN_ERR "Internal error whilst attempting to convert "
1679
			"auth_tok->session_key.encrypted_key to scatterlist; "
1680
			"expected rc = 1; got rc = [%d]. "
1681
		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1682
			auth_tok->session_key.encrypted_key_size);
1683
		goto out;
1684
	}
1685
	auth_tok->session_key.decrypted_key_size =
1686
		auth_tok->session_key.encrypted_key_size;
1687
	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1688
				 auth_tok->session_key.decrypted_key_size,
1689
				 dst_sg, 2);
1690
	if (rc < 1 || rc > 2) {
1691
		printk(KERN_ERR "Internal error whilst attempting to convert "
1692
			"auth_tok->session_key.decrypted_key to scatterlist; "
1693
			"expected rc = 1; got rc = [%d]\n", rc);
1694
		goto out;
1695
	}
1696
	mutex_lock(tfm_mutex);
1697
	req = skcipher_request_alloc(tfm, GFP_KERNEL);
1698
	if (!req) {
1699
		mutex_unlock(tfm_mutex);
1700
		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1701
		       "skcipher_request_alloc for %s\n", __func__,
1702
		       crypto_skcipher_driver_name(tfm));
1703
		rc = -ENOMEM;
1704
		goto out;
1705
	}
1706

1707
	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1708
				      NULL, NULL);
1709
	rc = crypto_skcipher_setkey(
1710
		tfm, auth_tok->token.password.session_key_encryption_key,
1711
		crypt_stat->key_size);
1712
	if (unlikely(rc < 0)) {
1713
		mutex_unlock(tfm_mutex);
1714
		printk(KERN_ERR "Error setting key for crypto context\n");
1715
		rc = -EINVAL;
1716
		goto out;
1717
	}
1718
	skcipher_request_set_crypt(req, src_sg, dst_sg,
1719
				   auth_tok->session_key.encrypted_key_size,
1720
				   NULL);
1721
	rc = crypto_skcipher_decrypt(req);
1722
	mutex_unlock(tfm_mutex);
1723
	if (unlikely(rc)) {
1724
		printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1725
		goto out;
1726
	}
1727
	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1728
	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1729
	       auth_tok->session_key.decrypted_key_size);
1730
	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1731
	if (unlikely(ecryptfs_verbosity > 0)) {
1732
		ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1733
				crypt_stat->key_size);
1734
		ecryptfs_dump_hex(crypt_stat->key,
1735
				  crypt_stat->key_size);
1736
	}
1737
out:
1738
	skcipher_request_free(req);
1739
	return rc;
1740
}
1741

1742
/**
1743
 * ecryptfs_parse_packet_set
1744
 * @crypt_stat: The cryptographic context
1745
 * @src: Virtual address of region of memory containing the packets
1746
 * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1747
 *
1748
 * Get crypt_stat to have the file's session key if the requisite key
1749
 * is available to decrypt the session key.
1750
 *
1751
 * Returns Zero if a valid authentication token was retrieved and
1752
 * processed; negative value for file not encrypted or for error
1753
 * conditions.
1754
 */
1755
int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1756
			      unsigned char *src,
1757
			      struct dentry *ecryptfs_dentry)
1758
{
1759
	size_t i = 0;
1760
	size_t found_auth_tok;
1761
	size_t next_packet_is_auth_tok_packet;
1762
	struct list_head auth_tok_list;
1763
	struct ecryptfs_auth_tok *matching_auth_tok;
1764
	struct ecryptfs_auth_tok *candidate_auth_tok;
1765
	char *candidate_auth_tok_sig;
1766
	size_t packet_size;
1767
	struct ecryptfs_auth_tok *new_auth_tok;
1768
	unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1769
	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1770
	size_t tag_11_contents_size;
1771
	size_t tag_11_packet_size;
1772
	struct key *auth_tok_key = NULL;
1773
	int rc = 0;
1774

1775
	INIT_LIST_HEAD(&auth_tok_list);
1776
	/* Parse the header to find as many packets as we can; these will be
1777
	 * added the our &auth_tok_list */
1778
	next_packet_is_auth_tok_packet = 1;
1779
	while (next_packet_is_auth_tok_packet) {
1780
		size_t max_packet_size = ((PAGE_SIZE - 8) - i);
1781

1782
		switch (src[i]) {
1783
		case ECRYPTFS_TAG_3_PACKET_TYPE:
1784
			rc = parse_tag_3_packet(crypt_stat,
1785
						(unsigned char *)&src[i],
1786
						&auth_tok_list, &new_auth_tok,
1787
						&packet_size, max_packet_size);
1788
			if (rc) {
1789
				ecryptfs_printk(KERN_ERR, "Error parsing "
1790
						"tag 3 packet\n");
1791
				rc = -EIO;
1792
				goto out_wipe_list;
1793
			}
1794
			i += packet_size;
1795
			rc = parse_tag_11_packet((unsigned char *)&src[i],
1796
						 sig_tmp_space,
1797
						 ECRYPTFS_SIG_SIZE,
1798
						 &tag_11_contents_size,
1799
						 &tag_11_packet_size,
1800
						 max_packet_size);
1801
			if (rc) {
1802
				ecryptfs_printk(KERN_ERR, "No valid "
1803
						"(ecryptfs-specific) literal "
1804
						"packet containing "
1805
						"authentication token "
1806
						"signature found after "
1807
						"tag 3 packet\n");
1808
				rc = -EIO;
1809
				goto out_wipe_list;
1810
			}
1811
			i += tag_11_packet_size;
1812
			if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1813
				ecryptfs_printk(KERN_ERR, "Expected "
1814
						"signature of size [%d]; "
1815
						"read size [%zd]\n",
1816
						ECRYPTFS_SIG_SIZE,
1817
						tag_11_contents_size);
1818
				rc = -EIO;
1819
				goto out_wipe_list;
1820
			}
1821
			ecryptfs_to_hex(new_auth_tok->token.password.signature,
1822
					sig_tmp_space, tag_11_contents_size);
1823
			new_auth_tok->token.password.signature[
1824
				ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1825
			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1826
			break;
1827
		case ECRYPTFS_TAG_1_PACKET_TYPE:
1828
			rc = parse_tag_1_packet(crypt_stat,
1829
						(unsigned char *)&src[i],
1830
						&auth_tok_list, &new_auth_tok,
1831
						&packet_size, max_packet_size);
1832
			if (rc) {
1833
				ecryptfs_printk(KERN_ERR, "Error parsing "
1834
						"tag 1 packet\n");
1835
				rc = -EIO;
1836
				goto out_wipe_list;
1837
			}
1838
			i += packet_size;
1839
			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1840
			break;
1841
		case ECRYPTFS_TAG_11_PACKET_TYPE:
1842
			ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1843
					"(Tag 11 not allowed by itself)\n");
1844
			rc = -EIO;
1845
			goto out_wipe_list;
1846
		default:
1847
			ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1848
					"of the file header; hex value of "
1849
					"character is [0x%.2x]\n", i, src[i]);
1850
			next_packet_is_auth_tok_packet = 0;
1851
		}
1852
	}
1853
	if (list_empty(&auth_tok_list)) {
1854
		printk(KERN_ERR "The lower file appears to be a non-encrypted "
1855
		       "eCryptfs file; this is not supported in this version "
1856
		       "of the eCryptfs kernel module\n");
1857
		rc = -EINVAL;
1858
		goto out;
1859
	}
1860
	/* auth_tok_list contains the set of authentication tokens
1861
	 * parsed from the metadata. We need to find a matching
1862
	 * authentication token that has the secret component(s)
1863
	 * necessary to decrypt the EFEK in the auth_tok parsed from
1864
	 * the metadata. There may be several potential matches, but
1865
	 * just one will be sufficient to decrypt to get the FEK. */
1866
find_next_matching_auth_tok:
1867
	found_auth_tok = 0;
1868
	list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1869
		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1870
		if (unlikely(ecryptfs_verbosity > 0)) {
1871
			ecryptfs_printk(KERN_DEBUG,
1872
					"Considering candidate auth tok:\n");
1873
			ecryptfs_dump_auth_tok(candidate_auth_tok);
1874
		}
1875
		rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1876
					       candidate_auth_tok);
1877
		if (rc) {
1878
			printk(KERN_ERR
1879
			       "Unrecognized candidate auth tok type: [%d]\n",
1880
			       candidate_auth_tok->token_type);
1881
			rc = -EINVAL;
1882
			goto out_wipe_list;
1883
		}
1884
		rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1885
					       &matching_auth_tok,
1886
					       crypt_stat->mount_crypt_stat,
1887
					       candidate_auth_tok_sig);
1888
		if (!rc) {
1889
			found_auth_tok = 1;
1890
			goto found_matching_auth_tok;
1891
		}
1892
	}
1893
	if (!found_auth_tok) {
1894
		ecryptfs_printk(KERN_ERR, "Could not find a usable "
1895
				"authentication token\n");
1896
		rc = -EIO;
1897
		goto out_wipe_list;
1898
	}
1899
found_matching_auth_tok:
1900
	if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1901
		memcpy(&(candidate_auth_tok->token.private_key),
1902
		       &(matching_auth_tok->token.private_key),
1903
		       sizeof(struct ecryptfs_private_key));
1904
		up_write(&(auth_tok_key->sem));
1905
		key_put(auth_tok_key);
1906
		rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1907
						       crypt_stat);
1908
	} else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1909
		memcpy(&(candidate_auth_tok->token.password),
1910
		       &(matching_auth_tok->token.password),
1911
		       sizeof(struct ecryptfs_password));
1912
		up_write(&(auth_tok_key->sem));
1913
		key_put(auth_tok_key);
1914
		rc = decrypt_passphrase_encrypted_session_key(
1915
			candidate_auth_tok, crypt_stat);
1916
	} else {
1917
		up_write(&(auth_tok_key->sem));
1918
		key_put(auth_tok_key);
1919
		rc = -EINVAL;
1920
	}
1921
	if (rc) {
1922
		struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1923

1924
		ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1925
				"session key for authentication token with sig "
1926
				"[%.*s]; rc = [%d]. Removing auth tok "
1927
				"candidate from the list and searching for "
1928
				"the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1929
				candidate_auth_tok_sig,	rc);
1930
		list_for_each_entry_safe(auth_tok_list_item,
1931
					 auth_tok_list_item_tmp,
1932
					 &auth_tok_list, list) {
1933
			if (candidate_auth_tok
1934
			    == &auth_tok_list_item->auth_tok) {
1935
				list_del(&auth_tok_list_item->list);
1936
				kmem_cache_free(
1937
					ecryptfs_auth_tok_list_item_cache,
1938
					auth_tok_list_item);
1939
				goto find_next_matching_auth_tok;
1940
			}
1941
		}
1942
		BUG();
1943
	}
1944
	rc = ecryptfs_compute_root_iv(crypt_stat);
1945
	if (rc) {
1946
		ecryptfs_printk(KERN_ERR, "Error computing "
1947
				"the root IV\n");
1948
		goto out_wipe_list;
1949
	}
1950
	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1951
	if (rc) {
1952
		ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1953
				"context for cipher [%s]; rc = [%d]\n",
1954
				crypt_stat->cipher, rc);
1955
	}
1956
out_wipe_list:
1957
	wipe_auth_tok_list(&auth_tok_list);
1958
out:
1959
	return rc;
1960
}
1961

1962
static int
1963
pki_encrypt_session_key(struct key *auth_tok_key,
1964
			struct ecryptfs_auth_tok *auth_tok,
1965
			struct ecryptfs_crypt_stat *crypt_stat,
1966
			struct ecryptfs_key_record *key_rec)
1967
{
1968
	struct ecryptfs_msg_ctx *msg_ctx = NULL;
1969
	char *payload = NULL;
1970
	size_t payload_len = 0;
1971
	struct ecryptfs_message *msg;
1972
	int rc;
1973

1974
	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1975
				 ecryptfs_code_for_cipher_string(
1976
					 crypt_stat->cipher,
1977
					 crypt_stat->key_size),
1978
				 crypt_stat, &payload, &payload_len);
1979
	up_write(&(auth_tok_key->sem));
1980
	key_put(auth_tok_key);
1981
	if (rc) {
1982
		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1983
		goto out;
1984
	}
1985
	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1986
	if (rc) {
1987
		ecryptfs_printk(KERN_ERR, "Error sending message to "
1988
				"ecryptfsd: %d\n", rc);
1989
		goto out;
1990
	}
1991
	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1992
	if (rc) {
1993
		ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1994
				"from the user space daemon\n");
1995
		rc = -EIO;
1996
		goto out;
1997
	}
1998
	rc = parse_tag_67_packet(key_rec, msg);
1999
	if (rc)
2000
		ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
2001
	kfree(msg);
2002
out:
2003
	kfree(payload);
2004
	return rc;
2005
}
2006
/**
2007
 * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
2008
 * @dest: Buffer into which to write the packet
2009
 * @remaining_bytes: Maximum number of bytes that can be writtn
2010
 * @auth_tok_key: The authentication token key to unlock and put when done with
2011
 *                @auth_tok
2012
 * @auth_tok: The authentication token used for generating the tag 1 packet
2013
 * @crypt_stat: The cryptographic context
2014
 * @key_rec: The key record struct for the tag 1 packet
2015
 * @packet_size: This function will write the number of bytes that end
2016
 *               up constituting the packet; set to zero on error
2017
 *
2018
 * Returns zero on success; non-zero on error.
2019
 */
2020
static int
2021
write_tag_1_packet(char *dest, size_t *remaining_bytes,
2022
		   struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok,
2023
		   struct ecryptfs_crypt_stat *crypt_stat,
2024
		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2025
{
2026
	size_t i;
2027
	size_t encrypted_session_key_valid = 0;
2028
	size_t packet_size_length;
2029
	size_t max_packet_size;
2030
	int rc = 0;
2031

2032
	(*packet_size) = 0;
2033
	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2034
			  ECRYPTFS_SIG_SIZE);
2035
	encrypted_session_key_valid = 0;
2036
	for (i = 0; i < crypt_stat->key_size; i++)
2037
		encrypted_session_key_valid |=
2038
			auth_tok->session_key.encrypted_key[i];
2039
	if (encrypted_session_key_valid) {
2040
		memcpy(key_rec->enc_key,
2041
		       auth_tok->session_key.encrypted_key,
2042
		       auth_tok->session_key.encrypted_key_size);
2043
		up_write(&(auth_tok_key->sem));
2044
		key_put(auth_tok_key);
2045
		goto encrypted_session_key_set;
2046
	}
2047
	if (auth_tok->session_key.encrypted_key_size == 0)
2048
		auth_tok->session_key.encrypted_key_size =
2049
			auth_tok->token.private_key.key_size;
2050
	rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat,
2051
				     key_rec);
2052
	if (rc) {
2053
		printk(KERN_ERR "Failed to encrypt session key via a key "
2054
		       "module; rc = [%d]\n", rc);
2055
		goto out;
2056
	}
2057
	if (ecryptfs_verbosity > 0) {
2058
		ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
2059
		ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
2060
	}
2061
encrypted_session_key_set:
2062
	/* This format is inspired by OpenPGP; see RFC 2440
2063
	 * packet tag 1 */
2064
	max_packet_size = (1                         /* Tag 1 identifier */
2065
			   + 3                       /* Max Tag 1 packet size */
2066
			   + 1                       /* Version */
2067
			   + ECRYPTFS_SIG_SIZE       /* Key identifier */
2068
			   + 1                       /* Cipher identifier */
2069
			   + key_rec->enc_key_size); /* Encrypted key size */
2070
	if (max_packet_size > (*remaining_bytes)) {
2071
		printk(KERN_ERR "Packet length larger than maximum allowable; "
2072
		       "need up to [%td] bytes, but there are only [%td] "
2073
		       "available\n", max_packet_size, (*remaining_bytes));
2074
		rc = -EINVAL;
2075
		goto out;
2076
	}
2077
	dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2078
	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2079
					  (max_packet_size - 4),
2080
					  &packet_size_length);
2081
	if (rc) {
2082
		ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2083
				"header; cannot generate packet length\n");
2084
		goto out;
2085
	}
2086
	(*packet_size) += packet_size_length;
2087
	dest[(*packet_size)++] = 0x03; /* version 3 */
2088
	memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2089
	(*packet_size) += ECRYPTFS_SIG_SIZE;
2090
	dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2091
	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2092
	       key_rec->enc_key_size);
2093
	(*packet_size) += key_rec->enc_key_size;
2094
out:
2095
	if (rc)
2096
		(*packet_size) = 0;
2097
	else
2098
		(*remaining_bytes) -= (*packet_size);
2099
	return rc;
2100
}
2101

2102
/**
2103
 * write_tag_11_packet
2104
 * @dest: Target into which Tag 11 packet is to be written
2105
 * @remaining_bytes: Maximum packet length
2106
 * @contents: Byte array of contents to copy in
2107
 * @contents_length: Number of bytes in contents
2108
 * @packet_length: Length of the Tag 11 packet written; zero on error
2109
 *
2110
 * Returns zero on success; non-zero on error.
2111
 */
2112
static int
2113
write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2114
		    size_t contents_length, size_t *packet_length)
2115
{
2116
	size_t packet_size_length;
2117
	size_t max_packet_size;
2118
	int rc = 0;
2119

2120
	(*packet_length) = 0;
2121
	/* This format is inspired by OpenPGP; see RFC 2440
2122
	 * packet tag 11 */
2123
	max_packet_size = (1                   /* Tag 11 identifier */
2124
			   + 3                 /* Max Tag 11 packet size */
2125
			   + 1                 /* Binary format specifier */
2126
			   + 1                 /* Filename length */
2127
			   + 8                 /* Filename ("_CONSOLE") */
2128
			   + 4                 /* Modification date */
2129
			   + contents_length); /* Literal data */
2130
	if (max_packet_size > (*remaining_bytes)) {
2131
		printk(KERN_ERR "Packet length larger than maximum allowable; "
2132
		       "need up to [%td] bytes, but there are only [%td] "
2133
		       "available\n", max_packet_size, (*remaining_bytes));
2134
		rc = -EINVAL;
2135
		goto out;
2136
	}
2137
	dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2138
	rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2139
					  (max_packet_size - 4),
2140
					  &packet_size_length);
2141
	if (rc) {
2142
		printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2143
		       "generate packet length. rc = [%d]\n", rc);
2144
		goto out;
2145
	}
2146
	(*packet_length) += packet_size_length;
2147
	dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2148
	dest[(*packet_length)++] = 8;
2149
	memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2150
	(*packet_length) += 8;
2151
	memset(&dest[(*packet_length)], 0x00, 4);
2152
	(*packet_length) += 4;
2153
	memcpy(&dest[(*packet_length)], contents, contents_length);
2154
	(*packet_length) += contents_length;
2155
 out:
2156
	if (rc)
2157
		(*packet_length) = 0;
2158
	else
2159
		(*remaining_bytes) -= (*packet_length);
2160
	return rc;
2161
}
2162

2163
/**
2164
 * write_tag_3_packet
2165
 * @dest: Buffer into which to write the packet
2166
 * @remaining_bytes: Maximum number of bytes that can be written
2167
 * @auth_tok: Authentication token
2168
 * @crypt_stat: The cryptographic context
2169
 * @key_rec: encrypted key
2170
 * @packet_size: This function will write the number of bytes that end
2171
 *               up constituting the packet; set to zero on error
2172
 *
2173
 * Returns zero on success; non-zero on error.
2174
 */
2175
static int
2176
write_tag_3_packet(char *dest, size_t *remaining_bytes,
2177
		   struct ecryptfs_auth_tok *auth_tok,
2178
		   struct ecryptfs_crypt_stat *crypt_stat,
2179
		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2180
{
2181
	size_t i;
2182
	size_t encrypted_session_key_valid = 0;
2183
	char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2184
	struct scatterlist dst_sg[2];
2185
	struct scatterlist src_sg[2];
2186
	struct mutex *tfm_mutex = NULL;
2187
	u8 cipher_code;
2188
	size_t packet_size_length;
2189
	size_t max_packet_size;
2190
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2191
		crypt_stat->mount_crypt_stat;
2192
	struct crypto_skcipher *tfm;
2193
	struct skcipher_request *req;
2194
	int rc = 0;
2195

2196
	(*packet_size) = 0;
2197
	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2198
			  ECRYPTFS_SIG_SIZE);
2199
	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2200
							crypt_stat->cipher);
2201
	if (unlikely(rc)) {
2202
		printk(KERN_ERR "Internal error whilst attempting to get "
2203
		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2204
		       crypt_stat->cipher, rc);
2205
		goto out;
2206
	}
2207
	if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2208
		printk(KERN_WARNING "No key size specified at mount; "
2209
		       "defaulting to [%d]\n",
2210
		       crypto_skcipher_max_keysize(tfm));
2211
		mount_crypt_stat->global_default_cipher_key_size =
2212
			crypto_skcipher_max_keysize(tfm);
2213
	}
2214
	if (crypt_stat->key_size == 0)
2215
		crypt_stat->key_size =
2216
			mount_crypt_stat->global_default_cipher_key_size;
2217
	if (auth_tok->session_key.encrypted_key_size == 0)
2218
		auth_tok->session_key.encrypted_key_size =
2219
			crypt_stat->key_size;
2220
	if (crypt_stat->key_size == 24
2221
	    && strcmp("aes", crypt_stat->cipher) == 0) {
2222
		memset((crypt_stat->key + 24), 0, 8);
2223
		auth_tok->session_key.encrypted_key_size = 32;
2224
	} else
2225
		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2226
	key_rec->enc_key_size =
2227
		auth_tok->session_key.encrypted_key_size;
2228
	encrypted_session_key_valid = 0;
2229
	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2230
		encrypted_session_key_valid |=
2231
			auth_tok->session_key.encrypted_key[i];
2232
	if (encrypted_session_key_valid) {
2233
		ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2234
				"using auth_tok->session_key.encrypted_key, "
2235
				"where key_rec->enc_key_size = [%zd]\n",
2236
				key_rec->enc_key_size);
2237
		memcpy(key_rec->enc_key,
2238
		       auth_tok->session_key.encrypted_key,
2239
		       key_rec->enc_key_size);
2240
		goto encrypted_session_key_set;
2241
	}
2242
	if (auth_tok->token.password.flags &
2243
	    ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2244
		ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2245
				"session key encryption key of size [%d]\n",
2246
				auth_tok->token.password.
2247
				session_key_encryption_key_bytes);
2248
		memcpy(session_key_encryption_key,
2249
		       auth_tok->token.password.session_key_encryption_key,
2250
		       crypt_stat->key_size);
2251
		ecryptfs_printk(KERN_DEBUG,
2252
				"Cached session key encryption key:\n");
2253
		if (ecryptfs_verbosity > 0)
2254
			ecryptfs_dump_hex(session_key_encryption_key, 16);
2255
	}
2256
	if (unlikely(ecryptfs_verbosity > 0)) {
2257
		ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2258
		ecryptfs_dump_hex(session_key_encryption_key, 16);
2259
	}
2260
	rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2261
				 src_sg, 2);
2262
	if (rc < 1 || rc > 2) {
2263
		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2264
				"for crypt_stat session key; expected rc = 1; "
2265
				"got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2266
				rc, key_rec->enc_key_size);
2267
		rc = -ENOMEM;
2268
		goto out;
2269
	}
2270
	rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2271
				 dst_sg, 2);
2272
	if (rc < 1 || rc > 2) {
2273
		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2274
				"for crypt_stat encrypted session key; "
2275
				"expected rc = 1; got rc = [%d]. "
2276
				"key_rec->enc_key_size = [%zd]\n", rc,
2277
				key_rec->enc_key_size);
2278
		rc = -ENOMEM;
2279
		goto out;
2280
	}
2281
	mutex_lock(tfm_mutex);
2282
	rc = crypto_skcipher_setkey(tfm, session_key_encryption_key,
2283
				    crypt_stat->key_size);
2284
	if (rc < 0) {
2285
		mutex_unlock(tfm_mutex);
2286
		ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2287
				"context; rc = [%d]\n", rc);
2288
		goto out;
2289
	}
2290

2291
	req = skcipher_request_alloc(tfm, GFP_KERNEL);
2292
	if (!req) {
2293
		mutex_unlock(tfm_mutex);
2294
		ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst "
2295
				"attempting to skcipher_request_alloc for "
2296
				"%s\n", crypto_skcipher_driver_name(tfm));
2297
		rc = -ENOMEM;
2298
		goto out;
2299
	}
2300

2301
	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
2302
				      NULL, NULL);
2303

2304
	rc = 0;
2305
	ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2306
			crypt_stat->key_size);
2307
	skcipher_request_set_crypt(req, src_sg, dst_sg,
2308
				   (*key_rec).enc_key_size, NULL);
2309
	rc = crypto_skcipher_encrypt(req);
2310
	mutex_unlock(tfm_mutex);
2311
	skcipher_request_free(req);
2312
	if (rc) {
2313
		printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2314
		goto out;
2315
	}
2316
	ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2317
	if (ecryptfs_verbosity > 0) {
2318
		ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2319
				key_rec->enc_key_size);
2320
		ecryptfs_dump_hex(key_rec->enc_key,
2321
				  key_rec->enc_key_size);
2322
	}
2323
encrypted_session_key_set:
2324
	/* This format is inspired by OpenPGP; see RFC 2440
2325
	 * packet tag 3 */
2326
	max_packet_size = (1                         /* Tag 3 identifier */
2327
			   + 3                       /* Max Tag 3 packet size */
2328
			   + 1                       /* Version */
2329
			   + 1                       /* Cipher code */
2330
			   + 1                       /* S2K specifier */
2331
			   + 1                       /* Hash identifier */
2332
			   + ECRYPTFS_SALT_SIZE      /* Salt */
2333
			   + 1                       /* Hash iterations */
2334
			   + key_rec->enc_key_size); /* Encrypted key size */
2335
	if (max_packet_size > (*remaining_bytes)) {
2336
		printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2337
		       "there are only [%td] available\n", max_packet_size,
2338
		       (*remaining_bytes));
2339
		rc = -EINVAL;
2340
		goto out;
2341
	}
2342
	dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2343
	/* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2344
	 * to get the number of octets in the actual Tag 3 packet */
2345
	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2346
					  (max_packet_size - 4),
2347
					  &packet_size_length);
2348
	if (rc) {
2349
		printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2350
		       "generate packet length. rc = [%d]\n", rc);
2351
		goto out;
2352
	}
2353
	(*packet_size) += packet_size_length;
2354
	dest[(*packet_size)++] = 0x04; /* version 4 */
2355
	/* TODO: Break from RFC2440 so that arbitrary ciphers can be
2356
	 * specified with strings */
2357
	cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2358
						      crypt_stat->key_size);
2359
	if (cipher_code == 0) {
2360
		ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2361
				"cipher [%s]\n", crypt_stat->cipher);
2362
		rc = -EINVAL;
2363
		goto out;
2364
	}
2365
	dest[(*packet_size)++] = cipher_code;
2366
	dest[(*packet_size)++] = 0x03;	/* S2K */
2367
	dest[(*packet_size)++] = 0x01;	/* MD5 (TODO: parameterize) */
2368
	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2369
	       ECRYPTFS_SALT_SIZE);
2370
	(*packet_size) += ECRYPTFS_SALT_SIZE;	/* salt */
2371
	dest[(*packet_size)++] = 0x60;	/* hash iterations (65536) */
2372
	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2373
	       key_rec->enc_key_size);
2374
	(*packet_size) += key_rec->enc_key_size;
2375
out:
2376
	if (rc)
2377
		(*packet_size) = 0;
2378
	else
2379
		(*remaining_bytes) -= (*packet_size);
2380
	return rc;
2381
}
2382

2383
struct kmem_cache *ecryptfs_key_record_cache;
2384

2385
/**
2386
 * ecryptfs_generate_key_packet_set
2387
 * @dest_base: Virtual address from which to write the key record set
2388
 * @crypt_stat: The cryptographic context from which the
2389
 *              authentication tokens will be retrieved
2390
 * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2391
 *                   for the global parameters
2392
 * @len: The amount written
2393
 * @max: The maximum amount of data allowed to be written
2394
 *
2395
 * Generates a key packet set and writes it to the virtual address
2396
 * passed in.
2397
 *
2398
 * Returns zero on success; non-zero on error.
2399
 */
2400
int
2401
ecryptfs_generate_key_packet_set(char *dest_base,
2402
				 struct ecryptfs_crypt_stat *crypt_stat,
2403
				 struct dentry *ecryptfs_dentry, size_t *len,
2404
				 size_t max)
2405
{
2406
	struct ecryptfs_auth_tok *auth_tok;
2407
	struct key *auth_tok_key = NULL;
2408
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2409
		&ecryptfs_superblock_to_private(
2410
			ecryptfs_dentry->d_sb)->mount_crypt_stat;
2411
	size_t written;
2412
	struct ecryptfs_key_record *key_rec;
2413
	struct ecryptfs_key_sig *key_sig;
2414
	int rc = 0;
2415

2416
	(*len) = 0;
2417
	mutex_lock(&crypt_stat->keysig_list_mutex);
2418
	key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2419
	if (!key_rec) {
2420
		rc = -ENOMEM;
2421
		goto out;
2422
	}
2423
	list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2424
			    crypt_stat_list) {
2425
		memset(key_rec, 0, sizeof(*key_rec));
2426
		rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
2427
							   &auth_tok,
2428
							   mount_crypt_stat,
2429
							   key_sig->keysig);
2430
		if (rc) {
2431
			printk(KERN_WARNING "Unable to retrieve auth tok with "
2432
			       "sig = [%s]\n", key_sig->keysig);
2433
			rc = process_find_global_auth_tok_for_sig_err(rc);
2434
			goto out_free;
2435
		}
2436
		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2437
			rc = write_tag_3_packet((dest_base + (*len)),
2438
						&max, auth_tok,
2439
						crypt_stat, key_rec,
2440
						&written);
2441
			up_write(&(auth_tok_key->sem));
2442
			key_put(auth_tok_key);
2443
			if (rc) {
2444
				ecryptfs_printk(KERN_WARNING, "Error "
2445
						"writing tag 3 packet\n");
2446
				goto out_free;
2447
			}
2448
			(*len) += written;
2449
			/* Write auth tok signature packet */
2450
			rc = write_tag_11_packet((dest_base + (*len)), &max,
2451
						 key_rec->sig,
2452
						 ECRYPTFS_SIG_SIZE, &written);
2453
			if (rc) {
2454
				ecryptfs_printk(KERN_ERR, "Error writing "
2455
						"auth tok signature packet\n");
2456
				goto out_free;
2457
			}
2458
			(*len) += written;
2459
		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2460
			rc = write_tag_1_packet(dest_base + (*len), &max,
2461
						auth_tok_key, auth_tok,
2462
						crypt_stat, key_rec, &written);
2463
			if (rc) {
2464
				ecryptfs_printk(KERN_WARNING, "Error "
2465
						"writing tag 1 packet\n");
2466
				goto out_free;
2467
			}
2468
			(*len) += written;
2469
		} else {
2470
			up_write(&(auth_tok_key->sem));
2471
			key_put(auth_tok_key);
2472
			ecryptfs_printk(KERN_WARNING, "Unsupported "
2473
					"authentication token type\n");
2474
			rc = -EINVAL;
2475
			goto out_free;
2476
		}
2477
	}
2478
	if (likely(max > 0)) {
2479
		dest_base[(*len)] = 0x00;
2480
	} else {
2481
		ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2482
		rc = -EIO;
2483
	}
2484
out_free:
2485
	kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2486
out:
2487
	if (rc)
2488
		(*len) = 0;
2489
	mutex_unlock(&crypt_stat->keysig_list_mutex);
2490
	return rc;
2491
}
2492

2493
struct kmem_cache *ecryptfs_key_sig_cache;
2494

2495
int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2496
{
2497
	struct ecryptfs_key_sig *new_key_sig;
2498

2499
	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2500
	if (!new_key_sig)
2501
		return -ENOMEM;
2502

2503
	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2504
	new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2505
	/* Caller must hold keysig_list_mutex */
2506
	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2507

2508
	return 0;
2509
}
2510

2511
struct kmem_cache *ecryptfs_global_auth_tok_cache;
2512

2513
int
2514
ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2515
			     char *sig, u32 global_auth_tok_flags)
2516
{
2517
	struct ecryptfs_global_auth_tok *new_auth_tok;
2518

2519
	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2520
					GFP_KERNEL);
2521
	if (!new_auth_tok)
2522
		return -ENOMEM;
2523

2524
	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2525
	new_auth_tok->flags = global_auth_tok_flags;
2526
	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2527
	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2528
	list_add(&new_auth_tok->mount_crypt_stat_list,
2529
		 &mount_crypt_stat->global_auth_tok_list);
2530
	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2531
	return 0;
2532
}
2533

2534

2535