^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * eCryptfs: Linux filesystem encryption layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (C) 1997-2004 Erez Zadok
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Copyright (C) 2001-2004 Stony Brook University
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Copyright (C) 2004-2007 International Business Machines Corp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Michael C. Thompson <mcthomps@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <crypto/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <crypto/skcipher.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/pagemap.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/random.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/compiler.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/key.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/namei.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/scatterlist.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <asm/unaligned.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <linux/xattr.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include "ecryptfs_kernel.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #define DECRYPT 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #define ENCRYPT 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) * ecryptfs_from_hex
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * @dst: Buffer to take the bytes from src hex; must be at least of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) * size (src_size / 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) * @src: Buffer to be converted from a hex string representation to raw value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) * @dst_size: size of dst buffer, or number of hex characters pairs to convert
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) void ecryptfs_from_hex(char *dst, char *src, int dst_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) int x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) char tmp[3] = { 0, };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) for (x = 0; x < dst_size; x++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) tmp[0] = src[x * 2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) tmp[1] = src[x * 2 + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) * ecryptfs_calculate_md5 - calculates the md5 of @src
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) * @dst: Pointer to 16 bytes of allocated memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) * @crypt_stat: Pointer to crypt_stat struct for the current inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) * @src: Data to be md5'd
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) * @len: Length of @src
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) * Uses the allocated crypto context that crypt_stat references to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) * generate the MD5 sum of the contents of src.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) static int ecryptfs_calculate_md5(char *dst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) char *src, int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) int rc = crypto_shash_tfm_digest(crypt_stat->hash_tfm, src, len, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) printk(KERN_ERR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) "%s: Error computing crypto hash; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) char *cipher_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) char *chaining_modifier)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) int cipher_name_len = strlen(cipher_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) int chaining_modifier_len = strlen(chaining_modifier);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) int algified_name_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) if (!(*algified_name)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) snprintf((*algified_name), algified_name_len, "%s(%s)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) chaining_modifier, cipher_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) * ecryptfs_derive_iv
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) * @iv: destination for the derived iv vale
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) * @crypt_stat: Pointer to crypt_stat struct for the current inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) * @offset: Offset of the extent whose IV we are to derive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) * Generate the initialization vector from the given root IV and page
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) * offset.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * Returns zero on success; non-zero on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) loff_t offset)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) char dst[MD5_DIGEST_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) char src[ECRYPTFS_MAX_IV_BYTES + 16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) if (unlikely(ecryptfs_verbosity > 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) ecryptfs_printk(KERN_DEBUG, "root iv:\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) /* TODO: It is probably secure to just cast the least
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) * significant bits of the root IV into an unsigned long and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) * add the offset to that rather than go through all this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) * hashing business. -Halcrow */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) memset((src + crypt_stat->iv_bytes), 0, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) if (unlikely(ecryptfs_verbosity > 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) ecryptfs_printk(KERN_DEBUG, "source:\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) (crypt_stat->iv_bytes + 16));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) "MD5 while generating IV for a page\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) memcpy(iv, dst, crypt_stat->iv_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) if (unlikely(ecryptfs_verbosity > 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) * ecryptfs_init_crypt_stat
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) * @crypt_stat: Pointer to the crypt_stat struct to initialize.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) * Initialize the crypt_stat structure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) int ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) struct crypto_shash *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) if (IS_ERR(tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) rc = PTR_ERR(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) ecryptfs_printk(KERN_ERR, "Error attempting to "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) "allocate crypto context; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) INIT_LIST_HEAD(&crypt_stat->keysig_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) mutex_init(&crypt_stat->keysig_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) mutex_init(&crypt_stat->cs_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) mutex_init(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) crypt_stat->hash_tfm = tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) * ecryptfs_destroy_crypt_stat
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) * @crypt_stat: Pointer to the crypt_stat struct to initialize.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) * Releases all memory associated with a crypt_stat struct.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) crypto_free_skcipher(crypt_stat->tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) crypto_free_shash(crypt_stat->hash_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) list_for_each_entry_safe(key_sig, key_sig_tmp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) &crypt_stat->keysig_list, crypt_stat_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) list_del(&key_sig->crypt_stat_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) void ecryptfs_destroy_mount_crypt_stat(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) list_for_each_entry_safe(auth_tok, auth_tok_tmp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) &mount_crypt_stat->global_auth_tok_list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) mount_crypt_stat_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) list_del(&auth_tok->mount_crypt_stat_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) if (!(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) key_put(auth_tok->global_auth_tok_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) * virt_to_scatterlist
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) * @addr: Virtual address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) * @size: Size of data; should be an even multiple of the block size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) * @sg: Pointer to scatterlist array; set to NULL to obtain only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) * the number of scatterlist structs required in array
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) * @sg_size: Max array size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) * Fills in a scatterlist array with page references for a passed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) * virtual address.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) * Returns the number of scatterlist structs in array used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) int sg_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) int i = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) struct page *pg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) int offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) int remainder_of_page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) sg_init_table(sg, sg_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) while (size > 0 && i < sg_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) pg = virt_to_page(addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) offset = offset_in_page(addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) sg_set_page(&sg[i], pg, 0, offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) remainder_of_page = PAGE_SIZE - offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) if (size >= remainder_of_page) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) sg[i].length = remainder_of_page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) addr += remainder_of_page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) size -= remainder_of_page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) sg[i].length = size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) addr += size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) i++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) if (size > 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) return i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) struct extent_crypt_result {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) struct completion completion;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) static void extent_crypt_complete(struct crypto_async_request *req, int rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) struct extent_crypt_result *ecr = req->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) if (rc == -EINPROGRESS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) ecr->rc = rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) complete(&ecr->completion);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) * crypt_scatterlist
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) * @crypt_stat: Pointer to the crypt_stat struct to initialize.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) * @dst_sg: Destination of the data after performing the crypto operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) * @src_sg: Data to be encrypted or decrypted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) * @size: Length of data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) * @iv: IV to use
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) * @op: ENCRYPT or DECRYPT to indicate the desired operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) * Returns the number of bytes encrypted or decrypted; negative value on error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) struct scatterlist *dst_sg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) struct scatterlist *src_sg, int size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) unsigned char *iv, int op)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) struct skcipher_request *req = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) struct extent_crypt_result ecr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) BUG_ON(!crypt_stat || !crypt_stat->tfm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) if (unlikely(ecryptfs_verbosity > 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) crypt_stat->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) ecryptfs_dump_hex(crypt_stat->key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) crypt_stat->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) init_completion(&ecr.completion);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) mutex_lock(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) if (!req) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) mutex_unlock(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) skcipher_request_set_callback(req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) extent_crypt_complete, &ecr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) /* Consider doing this once, when the file is opened */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) crypt_stat->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) ecryptfs_printk(KERN_ERR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) "Error setting key; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) mutex_unlock(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) crypt_stat->flags |= ECRYPTFS_KEY_SET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) mutex_unlock(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) crypto_skcipher_decrypt(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) if (rc == -EINPROGRESS || rc == -EBUSY) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) struct extent_crypt_result *ecr = req->base.data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) wait_for_completion(&ecr->completion);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) rc = ecr->rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) reinit_completion(&ecr->completion);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) skcipher_request_free(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) * lower_offset_for_page
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) * Convert an eCryptfs page index into a lower byte offset
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) struct page *page)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) return ecryptfs_lower_header_size(crypt_stat) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) ((loff_t)page->index << PAGE_SHIFT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) * crypt_extent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) * @crypt_stat: crypt_stat containing cryptographic context for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) * encryption operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) * @dst_page: The page to write the result into
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) * @src_page: The page to read from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) * @extent_offset: Page extent offset for use in generating IV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) * @op: ENCRYPT or DECRYPT to indicate the desired operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) * Encrypts or decrypts one extent of data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) * Return zero on success; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) struct page *dst_page,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) struct page *src_page,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) unsigned long extent_offset, int op)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) loff_t extent_base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) char extent_iv[ECRYPTFS_MAX_IV_BYTES];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) struct scatterlist src_sg, dst_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) size_t extent_size = crypt_stat->extent_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) extent_base = (((loff_t)page_index) * (PAGE_SIZE / extent_size));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) (extent_base + extent_offset));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) "extent [0x%.16llx]; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) (unsigned long long)(extent_base + extent_offset), rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) sg_init_table(&src_sg, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) sg_init_table(&dst_sg, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) sg_set_page(&src_sg, src_page, extent_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) extent_offset * extent_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) sg_set_page(&dst_sg, dst_page, extent_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) extent_offset * extent_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) extent_iv, op);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) if (rc < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) printk(KERN_ERR "%s: Error attempting to crypt page with "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) "page_index = [%ld], extent_offset = [%ld]; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) "rc = [%d]\n", __func__, page_index, extent_offset, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) * ecryptfs_encrypt_page
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) * @page: Page mapped from the eCryptfs inode for the file; contains
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) * decrypted content that needs to be encrypted (to a temporary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) * page; not in place) and written out to the lower file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) * Encrypt an eCryptfs page. This is done on a per-extent basis. Note
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) * that eCryptfs pages may straddle the lower pages -- for instance,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) * if the file was created on a machine with an 8K page size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) * (resulting in an 8K header), and then the file is copied onto a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) * host with a 32K page size, then when reading page 0 of the eCryptfs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) * file, 24K of page 0 of the lower file will be read and decrypted,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) * and then 8K of page 1 of the lower file will be read and decrypted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) * Returns zero on success; negative on error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) int ecryptfs_encrypt_page(struct page *page)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) struct inode *ecryptfs_inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) struct ecryptfs_crypt_stat *crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) char *enc_extent_virt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) struct page *enc_extent_page = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) loff_t extent_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) loff_t lower_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) ecryptfs_inode = page->mapping->host;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) enc_extent_page = alloc_page(GFP_USER);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) if (!enc_extent_page) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) ecryptfs_printk(KERN_ERR, "Error allocating memory for "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) "encrypted extent\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) for (extent_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) extent_offset < (PAGE_SIZE / crypt_stat->extent_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) extent_offset++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) rc = crypt_extent(crypt_stat, enc_extent_page, page,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) extent_offset, ENCRYPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) printk(KERN_ERR "%s: Error encrypting extent; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) "rc = [%d]\n", __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) lower_offset = lower_offset_for_page(crypt_stat, page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) enc_extent_virt = kmap(enc_extent_page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) kunmap(enc_extent_page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) if (rc < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) ecryptfs_printk(KERN_ERR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) "Error attempting to write lower page; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) if (enc_extent_page) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) __free_page(enc_extent_page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) * ecryptfs_decrypt_page
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) * @page: Page mapped from the eCryptfs inode for the file; data read
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) * and decrypted from the lower file will be written into this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) * page
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) * Decrypt an eCryptfs page. This is done on a per-extent basis. Note
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) * that eCryptfs pages may straddle the lower pages -- for instance,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) * if the file was created on a machine with an 8K page size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) * (resulting in an 8K header), and then the file is copied onto a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) * host with a 32K page size, then when reading page 0 of the eCryptfs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) * file, 24K of page 0 of the lower file will be read and decrypted,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) * and then 8K of page 1 of the lower file will be read and decrypted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) * Returns zero on success; negative on error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) int ecryptfs_decrypt_page(struct page *page)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) struct inode *ecryptfs_inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) struct ecryptfs_crypt_stat *crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) char *page_virt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) unsigned long extent_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) loff_t lower_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) ecryptfs_inode = page->mapping->host;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) lower_offset = lower_offset_for_page(crypt_stat, page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) page_virt = kmap(page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) ecryptfs_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) kunmap(page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) if (rc < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) ecryptfs_printk(KERN_ERR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) "Error attempting to read lower page; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) for (extent_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) extent_offset < (PAGE_SIZE / crypt_stat->extent_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) extent_offset++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) rc = crypt_extent(crypt_stat, page, page,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) extent_offset, DECRYPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) printk(KERN_ERR "%s: Error encrypting extent; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) "rc = [%d]\n", __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) #define ECRYPTFS_MAX_SCATTERLIST_LEN 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) * ecryptfs_init_crypt_ctx
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) * @crypt_stat: Uninitialized crypt stats structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) * Initialize the crypto context.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) * TODO: Performance: Keep a cache of initialized cipher contexts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) * only init if needed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) char *full_alg_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) int rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) ecryptfs_printk(KERN_DEBUG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) "Initializing cipher [%s]; strlen = [%d]; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) "key_size_bits = [%zd]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) crypt_stat->key_size << 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) mutex_lock(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) if (crypt_stat->tfm) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) crypt_stat->cipher, "cbc");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) if (IS_ERR(crypt_stat->tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) rc = PTR_ERR(crypt_stat->tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) crypt_stat->tfm = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) "Error initializing cipher [%s]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) full_alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) goto out_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) crypto_skcipher_set_flags(crypt_stat->tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) out_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) kfree(full_alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) mutex_unlock(&crypt_stat->cs_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) int extent_size_tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) crypt_stat->extent_mask = 0xFFFFFFFF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) crypt_stat->extent_shift = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) if (crypt_stat->extent_size == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) extent_size_tmp = crypt_stat->extent_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) while ((extent_size_tmp & 0x01) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) extent_size_tmp >>= 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) crypt_stat->extent_mask <<= 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) crypt_stat->extent_shift++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) /* Default values; may be overwritten as we are parsing the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) * packets. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) set_extent_mask_and_shift(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) if (PAGE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) crypt_stat->metadata_size =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) crypt_stat->metadata_size = PAGE_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) * ecryptfs_compute_root_iv
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) * @crypt_stats
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) * On error, sets the root IV to all 0's.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) char dst[MD5_DIGEST_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) BUG_ON(crypt_stat->iv_bytes <= 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) ecryptfs_printk(KERN_WARNING, "Session key not valid; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) "cannot generate root IV\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) crypt_stat->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) "MD5 while generating root IV\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) get_random_bytes(crypt_stat->key, crypt_stat->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) crypt_stat->flags |= ECRYPTFS_KEY_VALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) ecryptfs_compute_root_iv(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) if (unlikely(ecryptfs_verbosity > 0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) ecryptfs_dump_hex(crypt_stat->key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) crypt_stat->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) * ecryptfs_copy_mount_wide_flags_to_inode_flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) * @crypt_stat: The inode's cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) * @mount_crypt_stat: The mount point's cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) * This function propagates the mount-wide flags to individual inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) * flags.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) if (mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) else if (mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) & ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) struct ecryptfs_global_auth_tok *global_auth_tok;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) mutex_lock(&crypt_stat->keysig_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) list_for_each_entry(global_auth_tok,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) &mount_crypt_stat->global_auth_tok_list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) mount_crypt_stat_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) mutex_unlock(&crypt_stat->keysig_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) * ecryptfs_set_default_crypt_stat_vals
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) * @crypt_stat: The inode's cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) * @mount_crypt_stat: The mount point's cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) * Default values in the event that policy does not override them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) static void ecryptfs_set_default_crypt_stat_vals(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) mount_crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) ecryptfs_set_default_sizes(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) crypt_stat->mount_crypt_stat = mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) * ecryptfs_new_file_context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) * @ecryptfs_inode: The eCryptfs inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) * If the crypto context for the file has not yet been established,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) * this is where we do that. Establishing a new crypto context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) * involves the following decisions:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) * - What cipher to use?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) * - What set of authentication tokens to use?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) * Here we just worry about getting enough information into the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) * authentication tokens so that we know that they are available.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) * We associate the available authentication tokens with the new file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) * via the set of signatures in the crypt_stat struct. Later, when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) * the headers are actually written out, we may again defer to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) * userspace to perform the encryption of the session key; for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) * foreseeable future, this will be the case with public key packets.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) * Returns zero on success; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) int ecryptfs_new_file_context(struct inode *ecryptfs_inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) struct ecryptfs_crypt_stat *crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) &ecryptfs_superblock_to_private(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) ecryptfs_inode->i_sb)->mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) int cipher_name_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) mount_crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) mount_crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) "to the inode key sigs; rc = [%d]\n", rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) cipher_name_len =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) strlen(mount_crypt_stat->global_default_cipher_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) memcpy(crypt_stat->cipher,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) mount_crypt_stat->global_default_cipher_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) cipher_name_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) crypt_stat->cipher[cipher_name_len] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) crypt_stat->key_size =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) mount_crypt_stat->global_default_cipher_key_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) ecryptfs_generate_new_key(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) rc = ecryptfs_init_crypt_ctx(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) "context for cipher [%s]: rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) crypt_stat->cipher, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) * ecryptfs_validate_marker - check for the ecryptfs marker
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) * @data: The data block in which to check
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) * Returns zero if marker found; -EINVAL if not found
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) static int ecryptfs_validate_marker(char *data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) u32 m_1, m_2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) m_1 = get_unaligned_be32(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) m_2 = get_unaligned_be32(data + 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) MAGIC_ECRYPTFS_MARKER);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) struct ecryptfs_flag_map_elem {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) u32 file_flag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) u32 local_flag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836) /* Add support for additional flags by adding elements here. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) {0x00000001, ECRYPTFS_ENABLE_HMAC},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) {0x00000002, ECRYPTFS_ENCRYPTED},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) {0x00000004, ECRYPTFS_METADATA_IN_XATTR},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) * ecryptfs_process_flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) * @crypt_stat: The cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) * @page_virt: Source data to be parsed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) * @bytes_read: Updated with the number of bytes read
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) static void ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) char *page_virt, int *bytes_read)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) u32 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) flags = get_unaligned_be32(page_virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) if (flags & ecryptfs_flag_map[i].file_flag) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) /* Version is in top 8 bits of the 32-bit flag vector */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) crypt_stat->file_version = ((flags >> 24) & 0xFF);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) (*bytes_read) = 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) * write_ecryptfs_marker
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) * @page_virt: The pointer to in a page to begin writing the marker
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) * @written: Number of bytes written
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) * Marker = 0x3c81b7f5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) static void write_ecryptfs_marker(char *page_virt, size_t *written)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) u32 m_1, m_2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879) m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) put_unaligned_be32(m_1, page_virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) put_unaligned_be32(m_2, page_virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883) (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) void ecryptfs_write_crypt_stat_flags(char *page_virt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) size_t *written)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) u32 flags = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) flags |= ecryptfs_flag_map[i].file_flag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) /* Version is in top 8 bits of the 32-bit flag vector */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) put_unaligned_be32(flags, page_virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) (*written) = 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) struct ecryptfs_cipher_code_str_map_elem {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903) char cipher_str[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) u8 cipher_code;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907) /* Add support for additional ciphers by adding elements here. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) * cipher_code is whatever OpenPGP applications use to identify the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) * ciphers. List in order of probability. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) static struct ecryptfs_cipher_code_str_map_elem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911) ecryptfs_cipher_code_str_map[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) {"aes",RFC2440_CIPHER_AES_128 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913) {"blowfish", RFC2440_CIPHER_BLOWFISH},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) {"des3_ede", RFC2440_CIPHER_DES3_EDE},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) {"cast5", RFC2440_CIPHER_CAST_5},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) {"twofish", RFC2440_CIPHER_TWOFISH},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) {"cast6", RFC2440_CIPHER_CAST_6},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918) {"aes", RFC2440_CIPHER_AES_192},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) {"aes", RFC2440_CIPHER_AES_256}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923) * ecryptfs_code_for_cipher_string
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924) * @cipher_name: The string alias for the cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) * @key_bytes: Length of key in bytes; used for AES code selection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) * Returns zero on no match, or the cipher code on match
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929) u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932) u8 code = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) struct ecryptfs_cipher_code_str_map_elem *map =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) ecryptfs_cipher_code_str_map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) if (strcmp(cipher_name, "aes") == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) switch (key_bytes) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938) case 16:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) code = RFC2440_CIPHER_AES_128;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941) case 24:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942) code = RFC2440_CIPHER_AES_192;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) case 32:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945) code = RFC2440_CIPHER_AES_256;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949) if (strcmp(cipher_name, map[i].cipher_str) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) code = map[i].cipher_code;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) return code;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958) * ecryptfs_cipher_code_to_string
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) * @str: Destination to write out the cipher name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960) * @cipher_code: The code to convert to cipher name string
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) * Returns zero on success
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964) int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969) str[0] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972) strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973) if (str[0] == '\0') {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) "[%d]\n", cipher_code);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981) int ecryptfs_read_and_validate_header_region(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983) u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987) rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988) inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991) else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993) rc = ecryptfs_validate_marker(marker);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) ecryptfs_i_size_init(file_size, inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) ecryptfs_write_header_metadata(char *virt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) size_t *written)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) u32 header_extent_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) u16 num_header_extents_at_front;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) header_extent_size = (u32)crypt_stat->extent_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) num_header_extents_at_front =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) (u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) put_unaligned_be32(header_extent_size, virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) virt += 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) put_unaligned_be16(num_header_extents_at_front, virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) (*written) = 6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) struct kmem_cache *ecryptfs_header_cache;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) * ecryptfs_write_headers_virt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) * @page_virt: The virtual address to write the headers to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) * @max: The size of memory allocated at page_virt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) * @size: Set to the number of bytes written by this function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) * @crypt_stat: The cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) * @ecryptfs_dentry: The eCryptfs dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) * Format version: 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) * Header Extent:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) * Octets 0-7: Unencrypted file size (big-endian)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) * Octets 8-15: eCryptfs special marker
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) * Octets 16-19: Flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) * Octet 16: File format version number (between 0 and 255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) * Octets 17-18: Reserved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) * Octet 19: Bit 1 (lsb): Reserved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) * Bit 2: Encrypted?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) * Bits 3-8: Reserved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) * Octets 20-23: Header extent size (big-endian)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) * Octets 24-25: Number of header extents at front of file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) * (big-endian)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040) * Octet 26: Begin RFC 2440 authentication token packet set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) * Data Extent 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) * Lower data (CBC encrypted)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043) * Data Extent 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) * Lower data (CBC encrypted)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) * ...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047) * Returns zero on success
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) size_t *size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) struct dentry *ecryptfs_dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) size_t written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056) size_t offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058) offset = ECRYPTFS_FILE_SIZE_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) write_ecryptfs_marker((page_virt + offset), &written);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) offset += written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) &written);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063) offset += written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) &written);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066) offset += written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) ecryptfs_dentry, &written,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069) max - offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) ecryptfs_printk(KERN_WARNING, "Error generating key packet "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) "set; rc = [%d]\n", rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) if (size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074) offset += written;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) *size = offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) char *virt, size_t virt_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) rc = ecryptfs_write_lower(ecryptfs_inode, virt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) 0, virt_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) printk(KERN_ERR "%s: Error attempting to write header "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) "information to lower file; rc = [%d]\n", __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098) struct inode *ecryptfs_inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) char *page_virt, size_t size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) struct inode *lower_inode = d_inode(lower_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) if (!(lower_inode->i_opflags & IOP_XATTR)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106) rc = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) inode_lock(lower_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) page_virt, size, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) if (!rc && ecryptfs_inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) inode_unlock(lower_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) unsigned int order)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) struct page *page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) page = alloc_pages(gfp_mask | __GFP_ZERO, order);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126) if (page)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) return (unsigned long) page_address(page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) * ecryptfs_write_metadata
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133) * @ecryptfs_dentry: The eCryptfs dentry, which should be negative
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134) * @ecryptfs_inode: The newly created eCryptfs inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) * Write the file headers out. This will likely involve a userspace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) * callout, in which the session key is encrypted with one or more
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) * public keys and/or the passphrase necessary to do the encryption is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139) * retrieved via a prompt. Exactly what happens at this point should
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140) * be policy-dependent.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) * Returns zero on success; non-zero on error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) struct inode *ecryptfs_inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) struct ecryptfs_crypt_stat *crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) unsigned int order;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) char *virt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) size_t virt_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152) size_t size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) printk(KERN_ERR "Key is invalid; bailing out\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162) printk(KERN_WARNING "%s: Encrypted flag not set\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) virt_len = crypt_stat->metadata_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) order = get_order(virt_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169) /* Released in this function */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170) virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) if (!virt) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172) printk(KERN_ERR "%s: Out of memory\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) ecryptfs_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) if (unlikely(rc)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180) printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) goto out_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184) if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, ecryptfs_inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) virt, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) virt_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) printk(KERN_ERR "%s: Error writing metadata out to lower file; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) "rc = [%d]\n", __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) goto out_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) out_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) free_pages((unsigned long)virt, order);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) #define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) #define ECRYPTFS_VALIDATE_HEADER_SIZE 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) char *virt, int *bytes_read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) int validate_header_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208) u32 header_extent_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) u16 num_header_extents_at_front;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) header_extent_size = get_unaligned_be32(virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) virt += sizeof(__be32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) num_header_extents_at_front = get_unaligned_be16(virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) * (size_t)header_extent_size));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) (*bytes_read) = (sizeof(__be32) + sizeof(__be16));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) && (crypt_stat->metadata_size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) printk(KERN_WARNING "Invalid header size: [%zd]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) crypt_stat->metadata_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) * set_default_header_data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) * @crypt_stat: The cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) * For version 0 file format; this function is only for backwards
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232) * compatibility for files created with the prior versions of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) * eCryptfs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) struct ecryptfs_crypt_stat *crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) u64 file_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) mount_crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) file_size = i_size_read(ecryptfs_inode_to_lower(inode));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251) if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) file_size += crypt_stat->metadata_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254) file_size = get_unaligned_be64(page_virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) i_size_write(inode, (loff_t)file_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260) * ecryptfs_read_headers_virt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) * @page_virt: The virtual address into which to read the headers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) * @crypt_stat: The cryptographic context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) * @ecryptfs_dentry: The eCryptfs dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) * @validate_header_size: Whether to validate the header size while reading
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266) * Read/parse the header data. The header format is detailed in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) * comment block for the ecryptfs_write_headers_virt() function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) * Returns zero on success
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) static int ecryptfs_read_headers_virt(char *page_virt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) struct ecryptfs_crypt_stat *crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273) struct dentry *ecryptfs_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274) int validate_header_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277) int offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) int bytes_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) ecryptfs_set_default_sizes(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) ecryptfs_dentry->d_sb)->mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) offset = ECRYPTFS_FILE_SIZE_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) rc = ecryptfs_validate_marker(page_virt + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288) ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291) if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) "file version [%d] is supported by this "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) "version of eCryptfs\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) crypt_stat->file_version,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) ECRYPTFS_SUPPORTED_FILE_VERSION);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300) offset += bytes_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) if (crypt_stat->file_version >= 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) rc = parse_header_metadata(crypt_stat, (page_virt + offset),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303) &bytes_read, validate_header_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305) ecryptfs_printk(KERN_WARNING, "Error reading header "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) "metadata; rc = [%d]\n", rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308) offset += bytes_read;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) set_default_header_data(crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311) rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) ecryptfs_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) * ecryptfs_read_xattr_region
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319) * @page_virt: The vitual address into which to read the xattr data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) * @ecryptfs_inode: The eCryptfs inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) * Attempts to read the crypto metadata from the extended attribute
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) * region of the lower file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325) * Returns zero on success; non-zero on error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327) int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329) struct dentry *lower_dentry =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330) ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_path.dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331) ssize_t size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) size = ecryptfs_getxattr_lower(lower_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) ecryptfs_inode_to_lower(ecryptfs_inode),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) ECRYPTFS_XATTR_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337) page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) if (size < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) if (unlikely(ecryptfs_verbosity > 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) printk(KERN_INFO "Error attempting to read the [%s] "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341) "xattr from the lower file; return value = "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342) "[%zd]\n", ECRYPTFS_XATTR_NAME, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354) u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) ecryptfs_inode_to_lower(inode),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359) ECRYPTFS_XATTR_NAME, file_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360) ECRYPTFS_SIZE_AND_MARKER_BYTES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) rc = ecryptfs_validate_marker(marker);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367) ecryptfs_i_size_init(file_size, inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) * ecryptfs_read_metadata
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374) * Common entry point for reading file metadata. From here, we could
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375) * retrieve the header information from the header region of the file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) * the xattr region of the file, or some other repository that is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377) * stored separately from the file itself. The current implementation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378) * supports retrieving the metadata information from the file contents
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379) * and from the xattr region.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) * Returns zero if valid headers found and parsed; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383) int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386) char *page_virt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) struct inode *ecryptfs_inode = d_inode(ecryptfs_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388) struct ecryptfs_crypt_stat *crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389) &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) &ecryptfs_superblock_to_private(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392) ecryptfs_dentry->d_sb)->mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) mount_crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396) /* Read the first page from the underlying file */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397) page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) if (!page_virt) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402) rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) ecryptfs_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404) if (rc >= 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405) rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406) ecryptfs_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) ECRYPTFS_VALIDATE_HEADER_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409) /* metadata is not in the file header, so try xattrs */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410) memset(page_virt, 0, PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413) printk(KERN_DEBUG "Valid eCryptfs headers not found in "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) "file header region or xattr region, inode %lu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) ecryptfs_inode->i_ino);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) ecryptfs_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421) ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423) printk(KERN_DEBUG "Valid eCryptfs headers not found in "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424) "file xattr region either, inode %lu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) ecryptfs_inode->i_ino);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428) if (crypt_stat->mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429) & ECRYPTFS_XATTR_METADATA_ENABLED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430) crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432) printk(KERN_WARNING "Attempt to access file with "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) "crypto metadata only in the extended attribute "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) "region, but eCryptfs was mounted without "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) "xattr support enabled. eCryptfs will not treat "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436) "this like an encrypted file, inode %lu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437) ecryptfs_inode->i_ino);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) if (page_virt) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) memset(page_virt, 0, PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) kmem_cache_free(ecryptfs_header_cache, page_virt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) * ecryptfs_encrypt_filename - encrypt filename
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) * CBC-encrypts the filename. We do not want to encrypt the same
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453) * filename with the same key and IV, which may happen with hard
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454) * links, so we prepend random bits to each filename.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456) * Returns zero on success; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459) ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460) struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464) filename->encrypted_filename = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465) filename->encrypted_filename_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466) if (mount_crypt_stat && (mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467) & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468) size_t packet_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) size_t remaining_bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) rc = ecryptfs_write_tag_70_packet(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472) NULL, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) &filename->encrypted_filename_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474) mount_crypt_stat, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475) filename->filename_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) printk(KERN_ERR "%s: Error attempting to get packet "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478) "size for tag 72; rc = [%d]\n", __func__,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480) filename->encrypted_filename_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483) filename->encrypted_filename =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485) if (!filename->encrypted_filename) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) remaining_bytes = filename->encrypted_filename_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490) rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) &remaining_bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492) &packet_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493) mount_crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) filename->filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495) filename->filename_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497) printk(KERN_ERR "%s: Error attempting to generate "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498) "tag 70 packet; rc = [%d]\n", __func__,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500) kfree(filename->encrypted_filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) filename->encrypted_filename = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502) filename->encrypted_filename_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505) filename->encrypted_filename_size = packet_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507) printk(KERN_ERR "%s: No support for requested filename "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) "encryption method in this release\n", __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509) rc = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517) const char *name, size_t name_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) if (!(*copied_name)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) memcpy((void *)(*copied_name), (void *)name, name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) (*copied_name)[(name_size)] = '\0'; /* Only for convenience
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528) * in printing out the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529) * string in debug
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) * messages */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531) (*copied_name_size) = name_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537) * ecryptfs_process_key_cipher - Perform key cipher initialization.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) * @key_tfm: Crypto context for key material, set by this function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) * @cipher_name: Name of the cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540) * @key_size: Size of the key in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) * Returns zero on success. Any crypto_tfm structs allocated here
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543) * should be released by other functions, such as on a superblock put
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544) * event, regardless of whether this function succeeds for fails.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) char *cipher_name, size_t *key_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550) char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551) char *full_alg_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554) *key_tfm = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557) printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558) "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561) rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562) "ecb");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565) *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566) if (IS_ERR(*key_tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) rc = PTR_ERR(*key_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568) printk(KERN_ERR "Unable to allocate crypto cipher with name "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569) "[%s]; rc = [%d]\n", full_alg_name, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572) crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573) if (*key_size == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574) *key_size = crypto_skcipher_max_keysize(*key_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575) get_random_bytes(dummy_key, *key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) printk(KERN_ERR "Error attempting to set key of size [%zd] for "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585) kfree(full_alg_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589) struct kmem_cache *ecryptfs_key_tfm_cache;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590) static struct list_head key_tfm_list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) struct mutex key_tfm_list_mutex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593) int __init ecryptfs_init_crypto(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595) mutex_init(&key_tfm_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596) INIT_LIST_HEAD(&key_tfm_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601) * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) * Called only at module unload time
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605) int ecryptfs_destroy_crypto(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609) mutex_lock(&key_tfm_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610) list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611) key_tfm_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) list_del(&key_tfm->key_tfm_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613) crypto_free_skcipher(key_tfm->key_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614) kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616) mutex_unlock(&key_tfm_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) size_t key_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) struct ecryptfs_key_tfm *tmp_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630) if (key_tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631) (*key_tfm) = tmp_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632) if (!tmp_tfm) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636) mutex_init(&tmp_tfm->key_tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637) strncpy(tmp_tfm->cipher_name, cipher_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638) ECRYPTFS_MAX_CIPHER_NAME_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) tmp_tfm->key_size = key_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642) tmp_tfm->cipher_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643) &tmp_tfm->key_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645) printk(KERN_ERR "Error attempting to initialize key TFM "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) "cipher with name = [%s]; rc = [%d]\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647) tmp_tfm->cipher_name, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648) kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) if (key_tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650) (*key_tfm) = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653) list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) * ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660) * @cipher_name: the name of the cipher to search for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661) * @key_tfm: set to corresponding tfm if found
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) * Searches for cached key_tfm matching @cipher_name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664) * Must be called with &key_tfm_list_mutex held
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) * Returns 1 if found, with @key_tfm set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666) * Returns 0 if not found, with @key_tfm set to NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668) int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670) struct ecryptfs_key_tfm *tmp_key_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674) list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676) if (key_tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) (*key_tfm) = tmp_key_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) if (key_tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682) (*key_tfm) = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687) * ecryptfs_get_tfm_and_mutex_for_cipher_name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689) * @tfm: set to cached tfm found, or new tfm created
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) * @tfm_mutex: set to mutex for cached tfm found, or new tfm created
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) * @cipher_name: the name of the cipher to search for and/or add
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) * Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694) * Searches for cached item first, and creates new if not found.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695) * Returns 0 on success, non-zero if adding new cipher failed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697) int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698) struct mutex **tfm_mutex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699) char *cipher_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) struct ecryptfs_key_tfm *key_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704) (*tfm) = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705) (*tfm_mutex) = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707) mutex_lock(&key_tfm_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708) if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) printk(KERN_ERR "Error adding new key_tfm to list; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) "rc = [%d]\n", rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716) (*tfm) = key_tfm->key_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717) (*tfm_mutex) = &key_tfm->key_tfm_mutex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) mutex_unlock(&key_tfm_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723) /* 64 characters forming a 6-bit target field */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) "EFGHIJKLMNOPQRST"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726) "UVWXYZabcdefghij"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727) "klmnopqrstuvwxyz");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729) /* We could either offset on every reverse map or just pad some 0x00's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) * at the front here */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731) static const unsigned char filename_rev_map[256] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739) 0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740) 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742) 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) 0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) 0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745) 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746) 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) 0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751) * ecryptfs_encode_for_filename
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) * @dst: Destination location for encoded filename
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753) * @dst_size: Size of the encoded filename in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754) * @src: Source location for the filename to encode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755) * @src_size: Size of the source in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757) static void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758) unsigned char *src, size_t src_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760) size_t num_blocks;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) size_t block_num = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) size_t dst_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763) unsigned char last_block[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765) if (src_size == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) (*dst_size) = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769) num_blocks = (src_size / 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770) if ((src_size % 3) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771) memcpy(last_block, (&src[src_size - 3]), 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) num_blocks++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) last_block[2] = 0x00;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775) switch (src_size % 3) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776) case 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777) last_block[0] = src[src_size - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778) last_block[1] = 0x00;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) case 2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781) last_block[0] = src[src_size - 2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) last_block[1] = src[src_size - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785) (*dst_size) = (num_blocks * 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786) if (!dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) while (block_num < num_blocks) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789) unsigned char *src_block;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790) unsigned char dst_block[4];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792) if (block_num == (num_blocks - 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793) src_block = last_block;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795) src_block = &src[block_num * 3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796) dst_block[0] = ((src_block[0] >> 2) & 0x3F);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797) dst_block[1] = (((src_block[0] << 4) & 0x30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798) | ((src_block[1] >> 4) & 0x0F));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) dst_block[2] = (((src_block[1] << 2) & 0x3C)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800) | ((src_block[2] >> 6) & 0x03));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801) dst_block[3] = (src_block[2] & 0x3F);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) dst[dst_offset++] = portable_filename_chars[dst_block[0]];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) dst[dst_offset++] = portable_filename_chars[dst_block[1]];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804) dst[dst_offset++] = portable_filename_chars[dst_block[2]];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805) dst[dst_offset++] = portable_filename_chars[dst_block[3]];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) block_num++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812) static size_t ecryptfs_max_decoded_size(size_t encoded_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814) /* Not exact; conservatively long. Every block of 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815) * encoded characters decodes into a block of 3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) * decoded characters. This segment of code provides
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817) * the caller with the maximum amount of allocated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818) * space that @dst will need to point to in a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) * subsequent call. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820) return ((encoded_size + 1) * 3) / 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824) * ecryptfs_decode_from_filename
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825) * @dst: If NULL, this function only sets @dst_size and returns. If
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) * non-NULL, this function decodes the encoded octets in @src
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827) * into the memory that @dst points to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828) * @dst_size: Set to the size of the decoded string.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829) * @src: The encoded set of octets to decode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830) * @src_size: The size of the encoded set of octets to decode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) static void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833) ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834) const unsigned char *src, size_t src_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836) u8 current_bit_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837) size_t src_byte_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) size_t dst_byte_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840) if (!dst) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841) (*dst_size) = ecryptfs_max_decoded_size(src_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844) while (src_byte_offset < src_size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845) unsigned char src_byte =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846) filename_rev_map[(int)src[src_byte_offset]];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848) switch (current_bit_offset) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) case 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) dst[dst_byte_offset] = (src_byte << 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851) current_bit_offset = 6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853) case 6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) dst[dst_byte_offset++] |= (src_byte >> 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855) dst[dst_byte_offset] = ((src_byte & 0xF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) << 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857) current_bit_offset = 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859) case 4:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860) dst[dst_byte_offset++] |= (src_byte >> 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861) dst[dst_byte_offset] = (src_byte << 6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862) current_bit_offset = 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864) case 2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865) dst[dst_byte_offset++] |= (src_byte);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866) current_bit_offset = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869) src_byte_offset++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) (*dst_size) = dst_byte_offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) * ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) * @crypt_stat: The crypt_stat struct associated with the file anem to encode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879) * @name: The plaintext name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880) * @length: The length of the plaintext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881) * @encoded_name: The encypted name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883) * Encrypts and encodes a filename into something that constitutes a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884) * valid filename for a filesystem, with printable characters.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886) * We assume that we have a properly initialized crypto context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887) * pointed to by crypt_stat->tfm.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889) * Returns zero on success; non-zero on otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891) int ecryptfs_encrypt_and_encode_filename(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892) char **encoded_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893) size_t *encoded_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) const char *name, size_t name_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) size_t encoded_name_no_prefix_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900) (*encoded_name) = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) (*encoded_name_size) = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) if (mount_crypt_stat && (mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904) struct ecryptfs_filename *filename;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) filename = kzalloc(sizeof(*filename), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) if (!filename) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) filename->filename = (char *)name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912) filename->filename_size = name_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913) rc = ecryptfs_encrypt_filename(filename, mount_crypt_stat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) printk(KERN_ERR "%s: Error attempting to encrypt "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916) "filename; rc = [%d]\n", __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) kfree(filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) ecryptfs_encode_for_filename(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921) NULL, &encoded_name_no_prefix_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922) filename->encrypted_filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) filename->encrypted_filename_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) if (mount_crypt_stat
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925) && (mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926) & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) (*encoded_name_size) =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928) (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) + encoded_name_no_prefix_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931) (*encoded_name_size) =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) (ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) + encoded_name_no_prefix_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934) (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935) if (!(*encoded_name)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) kfree(filename->encrypted_filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) kfree(filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941) if (mount_crypt_stat
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942) && (mount_crypt_stat->flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943) & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) memcpy((*encoded_name),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945) ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) ecryptfs_encode_for_filename(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948) ((*encoded_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949) + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950) &encoded_name_no_prefix_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951) filename->encrypted_filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952) filename->encrypted_filename_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953) (*encoded_name_size) =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955) + encoded_name_no_prefix_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956) (*encoded_name)[(*encoded_name_size)] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) rc = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961) printk(KERN_ERR "%s: Error attempting to encode "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) "encrypted filename; rc = [%d]\n", __func__,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964) kfree((*encoded_name));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) (*encoded_name) = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) (*encoded_name_size) = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968) kfree(filename->encrypted_filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) kfree(filename);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971) rc = ecryptfs_copy_filename(encoded_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972) encoded_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973) name, name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) static bool is_dot_dotdot(const char *name, size_t name_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981) if (name_size == 1 && name[0] == '.')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983) else if (name_size == 2 && name[0] == '.' && name[1] == '.')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990) * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) * @plaintext_name: The plaintext name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) * @plaintext_name_size: The plaintext name size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993) * @ecryptfs_dir_dentry: eCryptfs directory dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994) * @name: The filename in cipher text
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) * @name_size: The cipher text name size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997) * Decrypts and decodes the filename.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999) * Returns zero on error; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001) int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) size_t *plaintext_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004) const char *name, size_t name_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007) &ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2008) char *decoded_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2009) size_t decoded_name_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2010) size_t packet_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2011) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2012)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2013) if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2014) !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2015) if (is_dot_dotdot(name, name_size)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2016) rc = ecryptfs_copy_filename(plaintext_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2017) plaintext_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2018) name, name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2019) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2020) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2021)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2022) if (name_size <= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2023) strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2024) ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2025) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2026) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2027) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2028)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2029) name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2030) name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2031) ecryptfs_decode_from_filename(NULL, &decoded_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2032) name, name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2033) decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2034) if (!decoded_name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2035) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2036) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2037) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2038) ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2039) name, name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2040) rc = ecryptfs_parse_tag_70_packet(plaintext_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2041) plaintext_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2042) &packet_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2043) mount_crypt_stat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2044) decoded_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2045) decoded_name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2046) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2047) ecryptfs_printk(KERN_DEBUG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2048) "%s: Could not parse tag 70 packet from filename\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2049) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2050) goto out_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2051) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2052) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2053) rc = ecryptfs_copy_filename(plaintext_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2054) plaintext_name_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2055) name, name_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2056) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2057) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2058) out_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2059) kfree(decoded_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2060) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2061) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2062) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2063)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2064) #define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2065)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2066) int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2067) struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2068) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2069) struct crypto_skcipher *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2070) struct mutex *tfm_mutex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2071) size_t cipher_blocksize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2072) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2073)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2074) if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2075) (*namelen) = lower_namelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2076) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2077) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2078)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2079) rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2080) mount_crypt_stat->global_default_fn_cipher_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2081) if (unlikely(rc)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2082) (*namelen) = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2083) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2084) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2086) mutex_lock(tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2087) cipher_blocksize = crypto_skcipher_blocksize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2088) mutex_unlock(tfm_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2089)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2090) /* Return an exact amount for the common cases */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2091) if (lower_namelen == NAME_MAX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2092) && (cipher_blocksize == 8 || cipher_blocksize == 16)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2093) (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2094) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2095) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2096)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2097) /* Return a safe estimate for the uncommon cases */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2098) (*namelen) = lower_namelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2099) (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2100) /* Since this is the max decoded size, subtract 1 "decoded block" len */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2101) (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2102) (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2103) (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2104) /* Worst case is that the filename is padded nearly a full block size */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2105) (*namelen) -= cipher_blocksize - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2107) if ((*namelen) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2108) (*namelen) = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2110) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2111) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags