Merge tag 'v6.6-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
[platform/kernel/linux-starfive.git] / fs / ecryptfs / crypto.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * eCryptfs: Linux filesystem encryption layer
4  *
5  * Copyright (C) 1997-2004 Erez Zadok
6  * Copyright (C) 2001-2004 Stony Brook University
7  * Copyright (C) 2004-2007 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  */
11
12 #include <crypto/hash.h>
13 #include <crypto/skcipher.h>
14 #include <linux/fs.h>
15 #include <linux/mount.h>
16 #include <linux/pagemap.h>
17 #include <linux/random.h>
18 #include <linux/compiler.h>
19 #include <linux/key.h>
20 #include <linux/namei.h>
21 #include <linux/file.h>
22 #include <linux/scatterlist.h>
23 #include <linux/slab.h>
24 #include <asm/unaligned.h>
25 #include <linux/kernel.h>
26 #include <linux/xattr.h>
27 #include "ecryptfs_kernel.h"
28
29 #define DECRYPT         0
30 #define ENCRYPT         1
31
32 /**
33  * ecryptfs_from_hex
34  * @dst: Buffer to take the bytes from src hex; must be at least of
35  *       size (src_size / 2)
36  * @src: Buffer to be converted from a hex string representation to raw value
37  * @dst_size: size of dst buffer, or number of hex characters pairs to convert
38  */
39 void ecryptfs_from_hex(char *dst, char *src, int dst_size)
40 {
41         int x;
42         char tmp[3] = { 0, };
43
44         for (x = 0; x < dst_size; x++) {
45                 tmp[0] = src[x * 2];
46                 tmp[1] = src[x * 2 + 1];
47                 dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
48         }
49 }
50
51 /**
52  * ecryptfs_calculate_md5 - calculates the md5 of @src
53  * @dst: Pointer to 16 bytes of allocated memory
54  * @crypt_stat: Pointer to crypt_stat struct for the current inode
55  * @src: Data to be md5'd
56  * @len: Length of @src
57  *
58  * Uses the allocated crypto context that crypt_stat references to
59  * generate the MD5 sum of the contents of src.
60  */
61 static int ecryptfs_calculate_md5(char *dst,
62                                   struct ecryptfs_crypt_stat *crypt_stat,
63                                   char *src, int len)
64 {
65         int rc = crypto_shash_tfm_digest(crypt_stat->hash_tfm, src, len, dst);
66
67         if (rc) {
68                 printk(KERN_ERR
69                        "%s: Error computing crypto hash; rc = [%d]\n",
70                        __func__, rc);
71                 goto out;
72         }
73 out:
74         return rc;
75 }
76
77 static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
78                                                   char *cipher_name,
79                                                   char *chaining_modifier)
80 {
81         int cipher_name_len = strlen(cipher_name);
82         int chaining_modifier_len = strlen(chaining_modifier);
83         int algified_name_len;
84         int rc;
85
86         algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
87         (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
88         if (!(*algified_name)) {
89                 rc = -ENOMEM;
90                 goto out;
91         }
92         snprintf((*algified_name), algified_name_len, "%s(%s)",
93                  chaining_modifier, cipher_name);
94         rc = 0;
95 out:
96         return rc;
97 }
98
99 /**
100  * ecryptfs_derive_iv
101  * @iv: destination for the derived iv vale
102  * @crypt_stat: Pointer to crypt_stat struct for the current inode
103  * @offset: Offset of the extent whose IV we are to derive
104  *
105  * Generate the initialization vector from the given root IV and page
106  * offset.
107  *
108  * Returns zero on success; non-zero on error.
109  */
110 int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
111                        loff_t offset)
112 {
113         int rc = 0;
114         char dst[MD5_DIGEST_SIZE];
115         char src[ECRYPTFS_MAX_IV_BYTES + 16];
116
117         if (unlikely(ecryptfs_verbosity > 0)) {
118                 ecryptfs_printk(KERN_DEBUG, "root iv:\n");
119                 ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
120         }
121         /* TODO: It is probably secure to just cast the least
122          * significant bits of the root IV into an unsigned long and
123          * add the offset to that rather than go through all this
124          * hashing business. -Halcrow */
125         memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
126         memset((src + crypt_stat->iv_bytes), 0, 16);
127         snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
128         if (unlikely(ecryptfs_verbosity > 0)) {
129                 ecryptfs_printk(KERN_DEBUG, "source:\n");
130                 ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
131         }
132         rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
133                                     (crypt_stat->iv_bytes + 16));
134         if (rc) {
135                 ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
136                                 "MD5 while generating IV for a page\n");
137                 goto out;
138         }
139         memcpy(iv, dst, crypt_stat->iv_bytes);
140         if (unlikely(ecryptfs_verbosity > 0)) {
141                 ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
142                 ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
143         }
144 out:
145         return rc;
146 }
147
148 /**
149  * ecryptfs_init_crypt_stat
150  * @crypt_stat: Pointer to the crypt_stat struct to initialize.
151  *
152  * Initialize the crypt_stat structure.
153  */
154 int ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
155 {
156         struct crypto_shash *tfm;
157         int rc;
158
159         tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
160         if (IS_ERR(tfm)) {
161                 rc = PTR_ERR(tfm);
162                 ecryptfs_printk(KERN_ERR, "Error attempting to "
163                                 "allocate crypto context; rc = [%d]\n",
164                                 rc);
165                 return rc;
166         }
167
168         memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
169         INIT_LIST_HEAD(&crypt_stat->keysig_list);
170         mutex_init(&crypt_stat->keysig_list_mutex);
171         mutex_init(&crypt_stat->cs_mutex);
172         mutex_init(&crypt_stat->cs_tfm_mutex);
173         crypt_stat->hash_tfm = tfm;
174         crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
175
176         return 0;
177 }
178
179 /**
180  * ecryptfs_destroy_crypt_stat
181  * @crypt_stat: Pointer to the crypt_stat struct to initialize.
182  *
183  * Releases all memory associated with a crypt_stat struct.
184  */
185 void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
186 {
187         struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
188
189         crypto_free_skcipher(crypt_stat->tfm);
190         crypto_free_shash(crypt_stat->hash_tfm);
191         list_for_each_entry_safe(key_sig, key_sig_tmp,
192                                  &crypt_stat->keysig_list, crypt_stat_list) {
193                 list_del(&key_sig->crypt_stat_list);
194                 kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
195         }
196         memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
197 }
198
199 void ecryptfs_destroy_mount_crypt_stat(
200         struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
201 {
202         struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp;
203
204         if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
205                 return;
206         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
207         list_for_each_entry_safe(auth_tok, auth_tok_tmp,
208                                  &mount_crypt_stat->global_auth_tok_list,
209                                  mount_crypt_stat_list) {
210                 list_del(&auth_tok->mount_crypt_stat_list);
211                 if (!(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
212                         key_put(auth_tok->global_auth_tok_key);
213                 kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
214         }
215         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
216         memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
217 }
218
219 /**
220  * virt_to_scatterlist
221  * @addr: Virtual address
222  * @size: Size of data; should be an even multiple of the block size
223  * @sg: Pointer to scatterlist array; set to NULL to obtain only
224  *      the number of scatterlist structs required in array
225  * @sg_size: Max array size
226  *
227  * Fills in a scatterlist array with page references for a passed
228  * virtual address.
229  *
230  * Returns the number of scatterlist structs in array used
231  */
232 int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
233                         int sg_size)
234 {
235         int i = 0;
236         struct page *pg;
237         int offset;
238         int remainder_of_page;
239
240         sg_init_table(sg, sg_size);
241
242         while (size > 0 && i < sg_size) {
243                 pg = virt_to_page(addr);
244                 offset = offset_in_page(addr);
245                 sg_set_page(&sg[i], pg, 0, offset);
246                 remainder_of_page = PAGE_SIZE - offset;
247                 if (size >= remainder_of_page) {
248                         sg[i].length = remainder_of_page;
249                         addr += remainder_of_page;
250                         size -= remainder_of_page;
251                 } else {
252                         sg[i].length = size;
253                         addr += size;
254                         size = 0;
255                 }
256                 i++;
257         }
258         if (size > 0)
259                 return -ENOMEM;
260         return i;
261 }
262
263 /**
264  * crypt_scatterlist
265  * @crypt_stat: Pointer to the crypt_stat struct to initialize.
266  * @dst_sg: Destination of the data after performing the crypto operation
267  * @src_sg: Data to be encrypted or decrypted
268  * @size: Length of data
269  * @iv: IV to use
270  * @op: ENCRYPT or DECRYPT to indicate the desired operation
271  *
272  * Returns the number of bytes encrypted or decrypted; negative value on error
273  */
274 static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
275                              struct scatterlist *dst_sg,
276                              struct scatterlist *src_sg, int size,
277                              unsigned char *iv, int op)
278 {
279         struct skcipher_request *req = NULL;
280         DECLARE_CRYPTO_WAIT(ecr);
281         int rc = 0;
282
283         if (unlikely(ecryptfs_verbosity > 0)) {
284                 ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
285                                 crypt_stat->key_size);
286                 ecryptfs_dump_hex(crypt_stat->key,
287                                   crypt_stat->key_size);
288         }
289
290         mutex_lock(&crypt_stat->cs_tfm_mutex);
291         req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
292         if (!req) {
293                 mutex_unlock(&crypt_stat->cs_tfm_mutex);
294                 rc = -ENOMEM;
295                 goto out;
296         }
297
298         skcipher_request_set_callback(req,
299                         CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
300                         crypto_req_done, &ecr);
301         /* Consider doing this once, when the file is opened */
302         if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
303                 rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key,
304                                             crypt_stat->key_size);
305                 if (rc) {
306                         ecryptfs_printk(KERN_ERR,
307                                         "Error setting key; rc = [%d]\n",
308                                         rc);
309                         mutex_unlock(&crypt_stat->cs_tfm_mutex);
310                         rc = -EINVAL;
311                         goto out;
312                 }
313                 crypt_stat->flags |= ECRYPTFS_KEY_SET;
314         }
315         mutex_unlock(&crypt_stat->cs_tfm_mutex);
316         skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv);
317         rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) :
318                              crypto_skcipher_decrypt(req);
319         rc = crypto_wait_req(rc, &ecr);
320 out:
321         skcipher_request_free(req);
322         return rc;
323 }
324
325 /*
326  * lower_offset_for_page
327  *
328  * Convert an eCryptfs page index into a lower byte offset
329  */
330 static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat,
331                                     struct page *page)
332 {
333         return ecryptfs_lower_header_size(crypt_stat) +
334                ((loff_t)page->index << PAGE_SHIFT);
335 }
336
337 /**
338  * crypt_extent
339  * @crypt_stat: crypt_stat containing cryptographic context for the
340  *              encryption operation
341  * @dst_page: The page to write the result into
342  * @src_page: The page to read from
343  * @extent_offset: Page extent offset for use in generating IV
344  * @op: ENCRYPT or DECRYPT to indicate the desired operation
345  *
346  * Encrypts or decrypts one extent of data.
347  *
348  * Return zero on success; non-zero otherwise
349  */
350 static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat,
351                         struct page *dst_page,
352                         struct page *src_page,
353                         unsigned long extent_offset, int op)
354 {
355         pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index;
356         loff_t extent_base;
357         char extent_iv[ECRYPTFS_MAX_IV_BYTES];
358         struct scatterlist src_sg, dst_sg;
359         size_t extent_size = crypt_stat->extent_size;
360         int rc;
361
362         extent_base = (((loff_t)page_index) * (PAGE_SIZE / extent_size));
363         rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
364                                 (extent_base + extent_offset));
365         if (rc) {
366                 ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
367                         "extent [0x%.16llx]; rc = [%d]\n",
368                         (unsigned long long)(extent_base + extent_offset), rc);
369                 goto out;
370         }
371
372         sg_init_table(&src_sg, 1);
373         sg_init_table(&dst_sg, 1);
374
375         sg_set_page(&src_sg, src_page, extent_size,
376                     extent_offset * extent_size);
377         sg_set_page(&dst_sg, dst_page, extent_size,
378                     extent_offset * extent_size);
379
380         rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size,
381                                extent_iv, op);
382         if (rc < 0) {
383                 printk(KERN_ERR "%s: Error attempting to crypt page with "
384                        "page_index = [%ld], extent_offset = [%ld]; "
385                        "rc = [%d]\n", __func__, page_index, extent_offset, rc);
386                 goto out;
387         }
388         rc = 0;
389 out:
390         return rc;
391 }
392
393 /**
394  * ecryptfs_encrypt_page
395  * @page: Page mapped from the eCryptfs inode for the file; contains
396  *        decrypted content that needs to be encrypted (to a temporary
397  *        page; not in place) and written out to the lower file
398  *
399  * Encrypt an eCryptfs page. This is done on a per-extent basis. Note
400  * that eCryptfs pages may straddle the lower pages -- for instance,
401  * if the file was created on a machine with an 8K page size
402  * (resulting in an 8K header), and then the file is copied onto a
403  * host with a 32K page size, then when reading page 0 of the eCryptfs
404  * file, 24K of page 0 of the lower file will be read and decrypted,
405  * and then 8K of page 1 of the lower file will be read and decrypted.
406  *
407  * Returns zero on success; negative on error
408  */
409 int ecryptfs_encrypt_page(struct page *page)
410 {
411         struct inode *ecryptfs_inode;
412         struct ecryptfs_crypt_stat *crypt_stat;
413         char *enc_extent_virt;
414         struct page *enc_extent_page = NULL;
415         loff_t extent_offset;
416         loff_t lower_offset;
417         int rc = 0;
418
419         ecryptfs_inode = page->mapping->host;
420         crypt_stat =
421                 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
422         BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
423         enc_extent_page = alloc_page(GFP_USER);
424         if (!enc_extent_page) {
425                 rc = -ENOMEM;
426                 ecryptfs_printk(KERN_ERR, "Error allocating memory for "
427                                 "encrypted extent\n");
428                 goto out;
429         }
430
431         for (extent_offset = 0;
432              extent_offset < (PAGE_SIZE / crypt_stat->extent_size);
433              extent_offset++) {
434                 rc = crypt_extent(crypt_stat, enc_extent_page, page,
435                                   extent_offset, ENCRYPT);
436                 if (rc) {
437                         printk(KERN_ERR "%s: Error encrypting extent; "
438                                "rc = [%d]\n", __func__, rc);
439                         goto out;
440                 }
441         }
442
443         lower_offset = lower_offset_for_page(crypt_stat, page);
444         enc_extent_virt = kmap_local_page(enc_extent_page);
445         rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset,
446                                   PAGE_SIZE);
447         kunmap_local(enc_extent_virt);
448         if (rc < 0) {
449                 ecryptfs_printk(KERN_ERR,
450                         "Error attempting to write lower page; rc = [%d]\n",
451                         rc);
452                 goto out;
453         }
454         rc = 0;
455 out:
456         if (enc_extent_page) {
457                 __free_page(enc_extent_page);
458         }
459         return rc;
460 }
461
462 /**
463  * ecryptfs_decrypt_page
464  * @page: Page mapped from the eCryptfs inode for the file; data read
465  *        and decrypted from the lower file will be written into this
466  *        page
467  *
468  * Decrypt an eCryptfs page. This is done on a per-extent basis. Note
469  * that eCryptfs pages may straddle the lower pages -- for instance,
470  * if the file was created on a machine with an 8K page size
471  * (resulting in an 8K header), and then the file is copied onto a
472  * host with a 32K page size, then when reading page 0 of the eCryptfs
473  * file, 24K of page 0 of the lower file will be read and decrypted,
474  * and then 8K of page 1 of the lower file will be read and decrypted.
475  *
476  * Returns zero on success; negative on error
477  */
478 int ecryptfs_decrypt_page(struct page *page)
479 {
480         struct inode *ecryptfs_inode;
481         struct ecryptfs_crypt_stat *crypt_stat;
482         char *page_virt;
483         unsigned long extent_offset;
484         loff_t lower_offset;
485         int rc = 0;
486
487         ecryptfs_inode = page->mapping->host;
488         crypt_stat =
489                 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
490         BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
491
492         lower_offset = lower_offset_for_page(crypt_stat, page);
493         page_virt = kmap_local_page(page);
494         rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_SIZE,
495                                  ecryptfs_inode);
496         kunmap_local(page_virt);
497         if (rc < 0) {
498                 ecryptfs_printk(KERN_ERR,
499                         "Error attempting to read lower page; rc = [%d]\n",
500                         rc);
501                 goto out;
502         }
503
504         for (extent_offset = 0;
505              extent_offset < (PAGE_SIZE / crypt_stat->extent_size);
506              extent_offset++) {
507                 rc = crypt_extent(crypt_stat, page, page,
508                                   extent_offset, DECRYPT);
509                 if (rc) {
510                         printk(KERN_ERR "%s: Error decrypting extent; "
511                                "rc = [%d]\n", __func__, rc);
512                         goto out;
513                 }
514         }
515 out:
516         return rc;
517 }
518
519 #define ECRYPTFS_MAX_SCATTERLIST_LEN 4
520
521 /**
522  * ecryptfs_init_crypt_ctx
523  * @crypt_stat: Uninitialized crypt stats structure
524  *
525  * Initialize the crypto context.
526  *
527  * TODO: Performance: Keep a cache of initialized cipher contexts;
528  * only init if needed
529  */
530 int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
531 {
532         char *full_alg_name;
533         int rc = -EINVAL;
534
535         ecryptfs_printk(KERN_DEBUG,
536                         "Initializing cipher [%s]; strlen = [%d]; "
537                         "key_size_bits = [%zd]\n",
538                         crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
539                         crypt_stat->key_size << 3);
540         mutex_lock(&crypt_stat->cs_tfm_mutex);
541         if (crypt_stat->tfm) {
542                 rc = 0;
543                 goto out_unlock;
544         }
545         rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
546                                                     crypt_stat->cipher, "cbc");
547         if (rc)
548                 goto out_unlock;
549         crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0);
550         if (IS_ERR(crypt_stat->tfm)) {
551                 rc = PTR_ERR(crypt_stat->tfm);
552                 crypt_stat->tfm = NULL;
553                 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
554                                 "Error initializing cipher [%s]\n",
555                                 full_alg_name);
556                 goto out_free;
557         }
558         crypto_skcipher_set_flags(crypt_stat->tfm,
559                                   CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
560         rc = 0;
561 out_free:
562         kfree(full_alg_name);
563 out_unlock:
564         mutex_unlock(&crypt_stat->cs_tfm_mutex);
565         return rc;
566 }
567
568 static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
569 {
570         int extent_size_tmp;
571
572         crypt_stat->extent_mask = 0xFFFFFFFF;
573         crypt_stat->extent_shift = 0;
574         if (crypt_stat->extent_size == 0)
575                 return;
576         extent_size_tmp = crypt_stat->extent_size;
577         while ((extent_size_tmp & 0x01) == 0) {
578                 extent_size_tmp >>= 1;
579                 crypt_stat->extent_mask <<= 1;
580                 crypt_stat->extent_shift++;
581         }
582 }
583
584 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
585 {
586         /* Default values; may be overwritten as we are parsing the
587          * packets. */
588         crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
589         set_extent_mask_and_shift(crypt_stat);
590         crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
591         if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
592                 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
593         else {
594                 if (PAGE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
595                         crypt_stat->metadata_size =
596                                 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
597                 else
598                         crypt_stat->metadata_size = PAGE_SIZE;
599         }
600 }
601
602 /*
603  * ecryptfs_compute_root_iv
604  *
605  * On error, sets the root IV to all 0's.
606  */
607 int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
608 {
609         int rc = 0;
610         char dst[MD5_DIGEST_SIZE];
611
612         BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
613         BUG_ON(crypt_stat->iv_bytes <= 0);
614         if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
615                 rc = -EINVAL;
616                 ecryptfs_printk(KERN_WARNING, "Session key not valid; "
617                                 "cannot generate root IV\n");
618                 goto out;
619         }
620         rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
621                                     crypt_stat->key_size);
622         if (rc) {
623                 ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
624                                 "MD5 while generating root IV\n");
625                 goto out;
626         }
627         memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
628 out:
629         if (rc) {
630                 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
631                 crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
632         }
633         return rc;
634 }
635
636 static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
637 {
638         get_random_bytes(crypt_stat->key, crypt_stat->key_size);
639         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
640         ecryptfs_compute_root_iv(crypt_stat);
641         if (unlikely(ecryptfs_verbosity > 0)) {
642                 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
643                 ecryptfs_dump_hex(crypt_stat->key,
644                                   crypt_stat->key_size);
645         }
646 }
647
648 /**
649  * ecryptfs_copy_mount_wide_flags_to_inode_flags
650  * @crypt_stat: The inode's cryptographic context
651  * @mount_crypt_stat: The mount point's cryptographic context
652  *
653  * This function propagates the mount-wide flags to individual inode
654  * flags.
655  */
656 static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
657         struct ecryptfs_crypt_stat *crypt_stat,
658         struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
659 {
660         if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
661                 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
662         if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
663                 crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;
664         if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
665                 crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES;
666                 if (mount_crypt_stat->flags
667                     & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
668                         crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
669                 else if (mount_crypt_stat->flags
670                          & ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
671                         crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK;
672         }
673 }
674
675 static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
676         struct ecryptfs_crypt_stat *crypt_stat,
677         struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
678 {
679         struct ecryptfs_global_auth_tok *global_auth_tok;
680         int rc = 0;
681
682         mutex_lock(&crypt_stat->keysig_list_mutex);
683         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
684
685         list_for_each_entry(global_auth_tok,
686                             &mount_crypt_stat->global_auth_tok_list,
687                             mount_crypt_stat_list) {
688                 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
689                         continue;
690                 rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
691                 if (rc) {
692                         printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
693                         goto out;
694                 }
695         }
696
697 out:
698         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
699         mutex_unlock(&crypt_stat->keysig_list_mutex);
700         return rc;
701 }
702
703 /**
704  * ecryptfs_set_default_crypt_stat_vals
705  * @crypt_stat: The inode's cryptographic context
706  * @mount_crypt_stat: The mount point's cryptographic context
707  *
708  * Default values in the event that policy does not override them.
709  */
710 static void ecryptfs_set_default_crypt_stat_vals(
711         struct ecryptfs_crypt_stat *crypt_stat,
712         struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
713 {
714         ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
715                                                       mount_crypt_stat);
716         ecryptfs_set_default_sizes(crypt_stat);
717         strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
718         crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
719         crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
720         crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
721         crypt_stat->mount_crypt_stat = mount_crypt_stat;
722 }
723
724 /**
725  * ecryptfs_new_file_context
726  * @ecryptfs_inode: The eCryptfs inode
727  *
728  * If the crypto context for the file has not yet been established,
729  * this is where we do that.  Establishing a new crypto context
730  * involves the following decisions:
731  *  - What cipher to use?
732  *  - What set of authentication tokens to use?
733  * Here we just worry about getting enough information into the
734  * authentication tokens so that we know that they are available.
735  * We associate the available authentication tokens with the new file
736  * via the set of signatures in the crypt_stat struct.  Later, when
737  * the headers are actually written out, we may again defer to
738  * userspace to perform the encryption of the session key; for the
739  * foreseeable future, this will be the case with public key packets.
740  *
741  * Returns zero on success; non-zero otherwise
742  */
743 int ecryptfs_new_file_context(struct inode *ecryptfs_inode)
744 {
745         struct ecryptfs_crypt_stat *crypt_stat =
746             &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
747         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
748             &ecryptfs_superblock_to_private(
749                     ecryptfs_inode->i_sb)->mount_crypt_stat;
750         int cipher_name_len;
751         int rc = 0;
752
753         ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
754         crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID);
755         ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
756                                                       mount_crypt_stat);
757         rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
758                                                          mount_crypt_stat);
759         if (rc) {
760                 printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
761                        "to the inode key sigs; rc = [%d]\n", rc);
762                 goto out;
763         }
764         cipher_name_len =
765                 strlen(mount_crypt_stat->global_default_cipher_name);
766         memcpy(crypt_stat->cipher,
767                mount_crypt_stat->global_default_cipher_name,
768                cipher_name_len);
769         crypt_stat->cipher[cipher_name_len] = '\0';
770         crypt_stat->key_size =
771                 mount_crypt_stat->global_default_cipher_key_size;
772         ecryptfs_generate_new_key(crypt_stat);
773         rc = ecryptfs_init_crypt_ctx(crypt_stat);
774         if (rc)
775                 ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
776                                 "context for cipher [%s]: rc = [%d]\n",
777                                 crypt_stat->cipher, rc);
778 out:
779         return rc;
780 }
781
782 /**
783  * ecryptfs_validate_marker - check for the ecryptfs marker
784  * @data: The data block in which to check
785  *
786  * Returns zero if marker found; -EINVAL if not found
787  */
788 static int ecryptfs_validate_marker(char *data)
789 {
790         u32 m_1, m_2;
791
792         m_1 = get_unaligned_be32(data);
793         m_2 = get_unaligned_be32(data + 4);
794         if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
795                 return 0;
796         ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
797                         "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
798                         MAGIC_ECRYPTFS_MARKER);
799         ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
800                         "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
801         return -EINVAL;
802 }
803
804 struct ecryptfs_flag_map_elem {
805         u32 file_flag;
806         u32 local_flag;
807 };
808
809 /* Add support for additional flags by adding elements here. */
810 static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
811         {0x00000001, ECRYPTFS_ENABLE_HMAC},
812         {0x00000002, ECRYPTFS_ENCRYPTED},
813         {0x00000004, ECRYPTFS_METADATA_IN_XATTR},
814         {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
815 };
816
817 /**
818  * ecryptfs_process_flags
819  * @crypt_stat: The cryptographic context
820  * @page_virt: Source data to be parsed
821  * @bytes_read: Updated with the number of bytes read
822  */
823 static void ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
824                                   char *page_virt, int *bytes_read)
825 {
826         int i;
827         u32 flags;
828
829         flags = get_unaligned_be32(page_virt);
830         for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
831                 if (flags & ecryptfs_flag_map[i].file_flag) {
832                         crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
833                 } else
834                         crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
835         /* Version is in top 8 bits of the 32-bit flag vector */
836         crypt_stat->file_version = ((flags >> 24) & 0xFF);
837         (*bytes_read) = 4;
838 }
839
840 /**
841  * write_ecryptfs_marker
842  * @page_virt: The pointer to in a page to begin writing the marker
843  * @written: Number of bytes written
844  *
845  * Marker = 0x3c81b7f5
846  */
847 static void write_ecryptfs_marker(char *page_virt, size_t *written)
848 {
849         u32 m_1, m_2;
850
851         get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
852         m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
853         put_unaligned_be32(m_1, page_virt);
854         page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2);
855         put_unaligned_be32(m_2, page_virt);
856         (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
857 }
858
859 void ecryptfs_write_crypt_stat_flags(char *page_virt,
860                                      struct ecryptfs_crypt_stat *crypt_stat,
861                                      size_t *written)
862 {
863         u32 flags = 0;
864         int i;
865
866         for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
867                 if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
868                         flags |= ecryptfs_flag_map[i].file_flag;
869         /* Version is in top 8 bits of the 32-bit flag vector */
870         flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
871         put_unaligned_be32(flags, page_virt);
872         (*written) = 4;
873 }
874
875 struct ecryptfs_cipher_code_str_map_elem {
876         char cipher_str[16];
877         u8 cipher_code;
878 };
879
880 /* Add support for additional ciphers by adding elements here. The
881  * cipher_code is whatever OpenPGP applications use to identify the
882  * ciphers. List in order of probability. */
883 static struct ecryptfs_cipher_code_str_map_elem
884 ecryptfs_cipher_code_str_map[] = {
885         {"aes",RFC2440_CIPHER_AES_128 },
886         {"blowfish", RFC2440_CIPHER_BLOWFISH},
887         {"des3_ede", RFC2440_CIPHER_DES3_EDE},
888         {"cast5", RFC2440_CIPHER_CAST_5},
889         {"twofish", RFC2440_CIPHER_TWOFISH},
890         {"cast6", RFC2440_CIPHER_CAST_6},
891         {"aes", RFC2440_CIPHER_AES_192},
892         {"aes", RFC2440_CIPHER_AES_256}
893 };
894
895 /**
896  * ecryptfs_code_for_cipher_string
897  * @cipher_name: The string alias for the cipher
898  * @key_bytes: Length of key in bytes; used for AES code selection
899  *
900  * Returns zero on no match, or the cipher code on match
901  */
902 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
903 {
904         int i;
905         u8 code = 0;
906         struct ecryptfs_cipher_code_str_map_elem *map =
907                 ecryptfs_cipher_code_str_map;
908
909         if (strcmp(cipher_name, "aes") == 0) {
910                 switch (key_bytes) {
911                 case 16:
912                         code = RFC2440_CIPHER_AES_128;
913                         break;
914                 case 24:
915                         code = RFC2440_CIPHER_AES_192;
916                         break;
917                 case 32:
918                         code = RFC2440_CIPHER_AES_256;
919                 }
920         } else {
921                 for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
922                         if (strcmp(cipher_name, map[i].cipher_str) == 0) {
923                                 code = map[i].cipher_code;
924                                 break;
925                         }
926         }
927         return code;
928 }
929
930 /**
931  * ecryptfs_cipher_code_to_string
932  * @str: Destination to write out the cipher name
933  * @cipher_code: The code to convert to cipher name string
934  *
935  * Returns zero on success
936  */
937 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
938 {
939         int rc = 0;
940         int i;
941
942         str[0] = '\0';
943         for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
944                 if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
945                         strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
946         if (str[0] == '\0') {
947                 ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
948                                 "[%d]\n", cipher_code);
949                 rc = -EINVAL;
950         }
951         return rc;
952 }
953
954 int ecryptfs_read_and_validate_header_region(struct inode *inode)
955 {
956         u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
957         u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
958         int rc;
959
960         rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
961                                  inode);
962         if (rc < 0)
963                 return rc;
964         else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
965                 return -EINVAL;
966         rc = ecryptfs_validate_marker(marker);
967         if (!rc)
968                 ecryptfs_i_size_init(file_size, inode);
969         return rc;
970 }
971
972 void
973 ecryptfs_write_header_metadata(char *virt,
974                                struct ecryptfs_crypt_stat *crypt_stat,
975                                size_t *written)
976 {
977         u32 header_extent_size;
978         u16 num_header_extents_at_front;
979
980         header_extent_size = (u32)crypt_stat->extent_size;
981         num_header_extents_at_front =
982                 (u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
983         put_unaligned_be32(header_extent_size, virt);
984         virt += 4;
985         put_unaligned_be16(num_header_extents_at_front, virt);
986         (*written) = 6;
987 }
988
989 struct kmem_cache *ecryptfs_header_cache;
990
991 /**
992  * ecryptfs_write_headers_virt
993  * @page_virt: The virtual address to write the headers to
994  * @max: The size of memory allocated at page_virt
995  * @size: Set to the number of bytes written by this function
996  * @crypt_stat: The cryptographic context
997  * @ecryptfs_dentry: The eCryptfs dentry
998  *
999  * Format version: 1
1000  *
1001  *   Header Extent:
1002  *     Octets 0-7:        Unencrypted file size (big-endian)
1003  *     Octets 8-15:       eCryptfs special marker
1004  *     Octets 16-19:      Flags
1005  *      Octet 16:         File format version number (between 0 and 255)
1006  *      Octets 17-18:     Reserved
1007  *      Octet 19:         Bit 1 (lsb): Reserved
1008  *                        Bit 2: Encrypted?
1009  *                        Bits 3-8: Reserved
1010  *     Octets 20-23:      Header extent size (big-endian)
1011  *     Octets 24-25:      Number of header extents at front of file
1012  *                        (big-endian)
1013  *     Octet  26:         Begin RFC 2440 authentication token packet set
1014  *   Data Extent 0:
1015  *     Lower data (CBC encrypted)
1016  *   Data Extent 1:
1017  *     Lower data (CBC encrypted)
1018  *   ...
1019  *
1020  * Returns zero on success
1021  */
1022 static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
1023                                        size_t *size,
1024                                        struct ecryptfs_crypt_stat *crypt_stat,
1025                                        struct dentry *ecryptfs_dentry)
1026 {
1027         int rc;
1028         size_t written;
1029         size_t offset;
1030
1031         offset = ECRYPTFS_FILE_SIZE_BYTES;
1032         write_ecryptfs_marker((page_virt + offset), &written);
1033         offset += written;
1034         ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
1035                                         &written);
1036         offset += written;
1037         ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
1038                                        &written);
1039         offset += written;
1040         rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
1041                                               ecryptfs_dentry, &written,
1042                                               max - offset);
1043         if (rc)
1044                 ecryptfs_printk(KERN_WARNING, "Error generating key packet "
1045                                 "set; rc = [%d]\n", rc);
1046         if (size) {
1047                 offset += written;
1048                 *size = offset;
1049         }
1050         return rc;
1051 }
1052
1053 static int
1054 ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode,
1055                                     char *virt, size_t virt_len)
1056 {
1057         int rc;
1058
1059         rc = ecryptfs_write_lower(ecryptfs_inode, virt,
1060                                   0, virt_len);
1061         if (rc < 0)
1062                 printk(KERN_ERR "%s: Error attempting to write header "
1063                        "information to lower file; rc = [%d]\n", __func__, rc);
1064         else
1065                 rc = 0;
1066         return rc;
1067 }
1068
1069 static int
1070 ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1071                                  struct inode *ecryptfs_inode,
1072                                  char *page_virt, size_t size)
1073 {
1074         int rc;
1075         struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
1076         struct inode *lower_inode = d_inode(lower_dentry);
1077
1078         if (!(lower_inode->i_opflags & IOP_XATTR)) {
1079                 rc = -EOPNOTSUPP;
1080                 goto out;
1081         }
1082
1083         inode_lock(lower_inode);
1084         rc = __vfs_setxattr(&nop_mnt_idmap, lower_dentry, lower_inode,
1085                             ECRYPTFS_XATTR_NAME, page_virt, size, 0);
1086         if (!rc && ecryptfs_inode)
1087                 fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
1088         inode_unlock(lower_inode);
1089 out:
1090         return rc;
1091 }
1092
1093 static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
1094                                                unsigned int order)
1095 {
1096         struct page *page;
1097
1098         page = alloc_pages(gfp_mask | __GFP_ZERO, order);
1099         if (page)
1100                 return (unsigned long) page_address(page);
1101         return 0;
1102 }
1103
1104 /**
1105  * ecryptfs_write_metadata
1106  * @ecryptfs_dentry: The eCryptfs dentry, which should be negative
1107  * @ecryptfs_inode: The newly created eCryptfs inode
1108  *
1109  * Write the file headers out.  This will likely involve a userspace
1110  * callout, in which the session key is encrypted with one or more
1111  * public keys and/or the passphrase necessary to do the encryption is
1112  * retrieved via a prompt.  Exactly what happens at this point should
1113  * be policy-dependent.
1114  *
1115  * Returns zero on success; non-zero on error
1116  */
1117 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
1118                             struct inode *ecryptfs_inode)
1119 {
1120         struct ecryptfs_crypt_stat *crypt_stat =
1121                 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1122         unsigned int order;
1123         char *virt;
1124         size_t virt_len;
1125         size_t size = 0;
1126         int rc = 0;
1127
1128         if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
1129                 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
1130                         printk(KERN_ERR "Key is invalid; bailing out\n");
1131                         rc = -EINVAL;
1132                         goto out;
1133                 }
1134         } else {
1135                 printk(KERN_WARNING "%s: Encrypted flag not set\n",
1136                        __func__);
1137                 rc = -EINVAL;
1138                 goto out;
1139         }
1140         virt_len = crypt_stat->metadata_size;
1141         order = get_order(virt_len);
1142         /* Released in this function */
1143         virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
1144         if (!virt) {
1145                 printk(KERN_ERR "%s: Out of memory\n", __func__);
1146                 rc = -ENOMEM;
1147                 goto out;
1148         }
1149         /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */
1150         rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
1151                                          ecryptfs_dentry);
1152         if (unlikely(rc)) {
1153                 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
1154                        __func__, rc);
1155                 goto out_free;
1156         }
1157         if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1158                 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, ecryptfs_inode,
1159                                                       virt, size);
1160         else
1161                 rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt,
1162                                                          virt_len);
1163         if (rc) {
1164                 printk(KERN_ERR "%s: Error writing metadata out to lower file; "
1165                        "rc = [%d]\n", __func__, rc);
1166                 goto out_free;
1167         }
1168 out_free:
1169         free_pages((unsigned long)virt, order);
1170 out:
1171         return rc;
1172 }
1173
1174 #define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
1175 #define ECRYPTFS_VALIDATE_HEADER_SIZE 1
1176 static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
1177                                  char *virt, int *bytes_read,
1178                                  int validate_header_size)
1179 {
1180         int rc = 0;
1181         u32 header_extent_size;
1182         u16 num_header_extents_at_front;
1183
1184         header_extent_size = get_unaligned_be32(virt);
1185         virt += sizeof(__be32);
1186         num_header_extents_at_front = get_unaligned_be16(virt);
1187         crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
1188                                      * (size_t)header_extent_size));
1189         (*bytes_read) = (sizeof(__be32) + sizeof(__be16));
1190         if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
1191             && (crypt_stat->metadata_size
1192                 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
1193                 rc = -EINVAL;
1194                 printk(KERN_WARNING "Invalid header size: [%zd]\n",
1195                        crypt_stat->metadata_size);
1196         }
1197         return rc;
1198 }
1199
1200 /**
1201  * set_default_header_data
1202  * @crypt_stat: The cryptographic context
1203  *
1204  * For version 0 file format; this function is only for backwards
1205  * compatibility for files created with the prior versions of
1206  * eCryptfs.
1207  */
1208 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
1209 {
1210         crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
1211 }
1212
1213 void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
1214 {
1215         struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1216         struct ecryptfs_crypt_stat *crypt_stat;
1217         u64 file_size;
1218
1219         crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
1220         mount_crypt_stat =
1221                 &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
1222         if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
1223                 file_size = i_size_read(ecryptfs_inode_to_lower(inode));
1224                 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1225                         file_size += crypt_stat->metadata_size;
1226         } else
1227                 file_size = get_unaligned_be64(page_virt);
1228         i_size_write(inode, (loff_t)file_size);
1229         crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
1230 }
1231
1232 /**
1233  * ecryptfs_read_headers_virt
1234  * @page_virt: The virtual address into which to read the headers
1235  * @crypt_stat: The cryptographic context
1236  * @ecryptfs_dentry: The eCryptfs dentry
1237  * @validate_header_size: Whether to validate the header size while reading
1238  *
1239  * Read/parse the header data. The header format is detailed in the
1240  * comment block for the ecryptfs_write_headers_virt() function.
1241  *
1242  * Returns zero on success
1243  */
1244 static int ecryptfs_read_headers_virt(char *page_virt,
1245                                       struct ecryptfs_crypt_stat *crypt_stat,
1246                                       struct dentry *ecryptfs_dentry,
1247                                       int validate_header_size)
1248 {
1249         int rc = 0;
1250         int offset;
1251         int bytes_read;
1252
1253         ecryptfs_set_default_sizes(crypt_stat);
1254         crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
1255                 ecryptfs_dentry->d_sb)->mount_crypt_stat;
1256         offset = ECRYPTFS_FILE_SIZE_BYTES;
1257         rc = ecryptfs_validate_marker(page_virt + offset);
1258         if (rc)
1259                 goto out;
1260         if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
1261                 ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry));
1262         offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
1263         ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read);
1264         if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
1265                 ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
1266                                 "file version [%d] is supported by this "
1267                                 "version of eCryptfs\n",
1268                                 crypt_stat->file_version,
1269                                 ECRYPTFS_SUPPORTED_FILE_VERSION);
1270                 rc = -EINVAL;
1271                 goto out;
1272         }
1273         offset += bytes_read;
1274         if (crypt_stat->file_version >= 1) {
1275                 rc = parse_header_metadata(crypt_stat, (page_virt + offset),
1276                                            &bytes_read, validate_header_size);
1277                 if (rc) {
1278                         ecryptfs_printk(KERN_WARNING, "Error reading header "
1279                                         "metadata; rc = [%d]\n", rc);
1280                 }
1281                 offset += bytes_read;
1282         } else
1283                 set_default_header_data(crypt_stat);
1284         rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
1285                                        ecryptfs_dentry);
1286 out:
1287         return rc;
1288 }
1289
1290 /**
1291  * ecryptfs_read_xattr_region
1292  * @page_virt: The vitual address into which to read the xattr data
1293  * @ecryptfs_inode: The eCryptfs inode
1294  *
1295  * Attempts to read the crypto metadata from the extended attribute
1296  * region of the lower file.
1297  *
1298  * Returns zero on success; non-zero on error
1299  */
1300 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
1301 {
1302         struct dentry *lower_dentry =
1303                 ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_path.dentry;
1304         ssize_t size;
1305         int rc = 0;
1306
1307         size = ecryptfs_getxattr_lower(lower_dentry,
1308                                        ecryptfs_inode_to_lower(ecryptfs_inode),
1309                                        ECRYPTFS_XATTR_NAME,
1310                                        page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
1311         if (size < 0) {
1312                 if (unlikely(ecryptfs_verbosity > 0))
1313                         printk(KERN_INFO "Error attempting to read the [%s] "
1314                                "xattr from the lower file; return value = "
1315                                "[%zd]\n", ECRYPTFS_XATTR_NAME, size);
1316                 rc = -EINVAL;
1317                 goto out;
1318         }
1319 out:
1320         return rc;
1321 }
1322
1323 int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
1324                                             struct inode *inode)
1325 {
1326         u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
1327         u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
1328         int rc;
1329
1330         rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
1331                                      ecryptfs_inode_to_lower(inode),
1332                                      ECRYPTFS_XATTR_NAME, file_size,
1333                                      ECRYPTFS_SIZE_AND_MARKER_BYTES);
1334         if (rc < 0)
1335                 return rc;
1336         else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
1337                 return -EINVAL;
1338         rc = ecryptfs_validate_marker(marker);
1339         if (!rc)
1340                 ecryptfs_i_size_init(file_size, inode);
1341         return rc;
1342 }
1343
1344 /*
1345  * ecryptfs_read_metadata
1346  *
1347  * Common entry point for reading file metadata. From here, we could
1348  * retrieve the header information from the header region of the file,
1349  * the xattr region of the file, or some other repository that is
1350  * stored separately from the file itself. The current implementation
1351  * supports retrieving the metadata information from the file contents
1352  * and from the xattr region.
1353  *
1354  * Returns zero if valid headers found and parsed; non-zero otherwise
1355  */
1356 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
1357 {
1358         int rc;
1359         char *page_virt;
1360         struct inode *ecryptfs_inode = d_inode(ecryptfs_dentry);
1361         struct ecryptfs_crypt_stat *crypt_stat =
1362             &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1363         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1364                 &ecryptfs_superblock_to_private(
1365                         ecryptfs_dentry->d_sb)->mount_crypt_stat;
1366
1367         ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
1368                                                       mount_crypt_stat);
1369         /* Read the first page from the underlying file */
1370         page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
1371         if (!page_virt) {
1372                 rc = -ENOMEM;
1373                 goto out;
1374         }
1375         rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
1376                                  ecryptfs_inode);
1377         if (rc >= 0)
1378                 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1379                                                 ecryptfs_dentry,
1380                                                 ECRYPTFS_VALIDATE_HEADER_SIZE);
1381         if (rc) {
1382                 /* metadata is not in the file header, so try xattrs */
1383                 memset(page_virt, 0, PAGE_SIZE);
1384                 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
1385                 if (rc) {
1386                         printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1387                                "file header region or xattr region, inode %lu\n",
1388                                 ecryptfs_inode->i_ino);
1389                         rc = -EINVAL;
1390                         goto out;
1391                 }
1392                 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1393                                                 ecryptfs_dentry,
1394                                                 ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
1395                 if (rc) {
1396                         printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1397                                "file xattr region either, inode %lu\n",
1398                                 ecryptfs_inode->i_ino);
1399                         rc = -EINVAL;
1400                 }
1401                 if (crypt_stat->mount_crypt_stat->flags
1402                     & ECRYPTFS_XATTR_METADATA_ENABLED) {
1403                         crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
1404                 } else {
1405                         printk(KERN_WARNING "Attempt to access file with "
1406                                "crypto metadata only in the extended attribute "
1407                                "region, but eCryptfs was mounted without "
1408                                "xattr support enabled. eCryptfs will not treat "
1409                                "this like an encrypted file, inode %lu\n",
1410                                 ecryptfs_inode->i_ino);
1411                         rc = -EINVAL;
1412                 }
1413         }
1414 out:
1415         if (page_virt) {
1416                 memset(page_virt, 0, PAGE_SIZE);
1417                 kmem_cache_free(ecryptfs_header_cache, page_virt);
1418         }
1419         return rc;
1420 }
1421
1422 /*
1423  * ecryptfs_encrypt_filename - encrypt filename
1424  *
1425  * CBC-encrypts the filename. We do not want to encrypt the same
1426  * filename with the same key and IV, which may happen with hard
1427  * links, so we prepend random bits to each filename.
1428  *
1429  * Returns zero on success; non-zero otherwise
1430  */
1431 static int
1432 ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
1433                           struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
1434 {
1435         int rc = 0;
1436
1437         filename->encrypted_filename = NULL;
1438         filename->encrypted_filename_size = 0;
1439         if (mount_crypt_stat && (mount_crypt_stat->flags
1440                                      & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
1441                 size_t packet_size;
1442                 size_t remaining_bytes;
1443
1444                 rc = ecryptfs_write_tag_70_packet(
1445                         NULL, NULL,
1446                         &filename->encrypted_filename_size,
1447                         mount_crypt_stat, NULL,
1448                         filename->filename_size);
1449                 if (rc) {
1450                         printk(KERN_ERR "%s: Error attempting to get packet "
1451                                "size for tag 72; rc = [%d]\n", __func__,
1452                                rc);
1453                         filename->encrypted_filename_size = 0;
1454                         goto out;
1455                 }
1456                 filename->encrypted_filename =
1457                         kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
1458                 if (!filename->encrypted_filename) {
1459                         rc = -ENOMEM;
1460                         goto out;
1461                 }
1462                 remaining_bytes = filename->encrypted_filename_size;
1463                 rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename,
1464                                                   &remaining_bytes,
1465                                                   &packet_size,
1466                                                   mount_crypt_stat,
1467                                                   filename->filename,
1468                                                   filename->filename_size);
1469                 if (rc) {
1470                         printk(KERN_ERR "%s: Error attempting to generate "
1471                                "tag 70 packet; rc = [%d]\n", __func__,
1472                                rc);
1473                         kfree(filename->encrypted_filename);
1474                         filename->encrypted_filename = NULL;
1475                         filename->encrypted_filename_size = 0;
1476                         goto out;
1477                 }
1478                 filename->encrypted_filename_size = packet_size;
1479         } else {
1480                 printk(KERN_ERR "%s: No support for requested filename "
1481                        "encryption method in this release\n", __func__);
1482                 rc = -EOPNOTSUPP;
1483                 goto out;
1484         }
1485 out:
1486         return rc;
1487 }
1488
1489 static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
1490                                   const char *name, size_t name_size)
1491 {
1492         int rc = 0;
1493
1494         (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
1495         if (!(*copied_name)) {
1496                 rc = -ENOMEM;
1497                 goto out;
1498         }
1499         memcpy((void *)(*copied_name), (void *)name, name_size);
1500         (*copied_name)[(name_size)] = '\0';     /* Only for convenience
1501                                                  * in printing out the
1502                                                  * string in debug
1503                                                  * messages */
1504         (*copied_name_size) = name_size;
1505 out:
1506         return rc;
1507 }
1508
1509 /**
1510  * ecryptfs_process_key_cipher - Perform key cipher initialization.
1511  * @key_tfm: Crypto context for key material, set by this function
1512  * @cipher_name: Name of the cipher
1513  * @key_size: Size of the key in bytes
1514  *
1515  * Returns zero on success. Any crypto_tfm structs allocated here
1516  * should be released by other functions, such as on a superblock put
1517  * event, regardless of whether this function succeeds for fails.
1518  */
1519 static int
1520 ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm,
1521                             char *cipher_name, size_t *key_size)
1522 {
1523         char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1524         char *full_alg_name = NULL;
1525         int rc;
1526
1527         *key_tfm = NULL;
1528         if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
1529                 rc = -EINVAL;
1530                 printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
1531                       "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1532                 goto out;
1533         }
1534         rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
1535                                                     "ecb");
1536         if (rc)
1537                 goto out;
1538         *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1539         if (IS_ERR(*key_tfm)) {
1540                 rc = PTR_ERR(*key_tfm);
1541                 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1542                        "[%s]; rc = [%d]\n", full_alg_name, rc);
1543                 goto out;
1544         }
1545         crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1546         if (*key_size == 0)
1547                 *key_size = crypto_skcipher_max_keysize(*key_tfm);
1548         get_random_bytes(dummy_key, *key_size);
1549         rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size);
1550         if (rc) {
1551                 printk(KERN_ERR "Error attempting to set key of size [%zd] for "
1552                        "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
1553                        rc);
1554                 rc = -EINVAL;
1555                 goto out;
1556         }
1557 out:
1558         kfree(full_alg_name);
1559         return rc;
1560 }
1561
1562 struct kmem_cache *ecryptfs_key_tfm_cache;
1563 static struct list_head key_tfm_list;
1564 DEFINE_MUTEX(key_tfm_list_mutex);
1565
1566 int __init ecryptfs_init_crypto(void)
1567 {
1568         INIT_LIST_HEAD(&key_tfm_list);
1569         return 0;
1570 }
1571
1572 /**
1573  * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
1574  *
1575  * Called only at module unload time
1576  */
1577 int ecryptfs_destroy_crypto(void)
1578 {
1579         struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;
1580
1581         mutex_lock(&key_tfm_list_mutex);
1582         list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
1583                                  key_tfm_list) {
1584                 list_del(&key_tfm->key_tfm_list);
1585                 crypto_free_skcipher(key_tfm->key_tfm);
1586                 kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
1587         }
1588         mutex_unlock(&key_tfm_list_mutex);
1589         return 0;
1590 }
1591
1592 int
1593 ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
1594                          size_t key_size)
1595 {
1596         struct ecryptfs_key_tfm *tmp_tfm;
1597         int rc = 0;
1598
1599         BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1600
1601         tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
1602         if (key_tfm)
1603                 (*key_tfm) = tmp_tfm;
1604         if (!tmp_tfm) {
1605                 rc = -ENOMEM;
1606                 goto out;
1607         }
1608         mutex_init(&tmp_tfm->key_tfm_mutex);
1609         strncpy(tmp_tfm->cipher_name, cipher_name,
1610                 ECRYPTFS_MAX_CIPHER_NAME_SIZE);
1611         tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
1612         tmp_tfm->key_size = key_size;
1613         rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
1614                                          tmp_tfm->cipher_name,
1615                                          &tmp_tfm->key_size);
1616         if (rc) {
1617                 printk(KERN_ERR "Error attempting to initialize key TFM "
1618                        "cipher with name = [%s]; rc = [%d]\n",
1619                        tmp_tfm->cipher_name, rc);
1620                 kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
1621                 if (key_tfm)
1622                         (*key_tfm) = NULL;
1623                 goto out;
1624         }
1625         list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
1626 out:
1627         return rc;
1628 }
1629
1630 /**
1631  * ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
1632  * @cipher_name: the name of the cipher to search for
1633  * @key_tfm: set to corresponding tfm if found
1634  *
1635  * Searches for cached key_tfm matching @cipher_name
1636  * Must be called with &key_tfm_list_mutex held
1637  * Returns 1 if found, with @key_tfm set
1638  * Returns 0 if not found, with @key_tfm set to NULL
1639  */
1640 int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
1641 {
1642         struct ecryptfs_key_tfm *tmp_key_tfm;
1643
1644         BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1645
1646         list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
1647                 if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
1648                         if (key_tfm)
1649                                 (*key_tfm) = tmp_key_tfm;
1650                         return 1;
1651                 }
1652         }
1653         if (key_tfm)
1654                 (*key_tfm) = NULL;
1655         return 0;
1656 }
1657
1658 /**
1659  * ecryptfs_get_tfm_and_mutex_for_cipher_name
1660  *
1661  * @tfm: set to cached tfm found, or new tfm created
1662  * @tfm_mutex: set to mutex for cached tfm found, or new tfm created
1663  * @cipher_name: the name of the cipher to search for and/or add
1664  *
1665  * Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
1666  * Searches for cached item first, and creates new if not found.
1667  * Returns 0 on success, non-zero if adding new cipher failed
1668  */
1669 int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm,
1670                                                struct mutex **tfm_mutex,
1671                                                char *cipher_name)
1672 {
1673         struct ecryptfs_key_tfm *key_tfm;
1674         int rc = 0;
1675
1676         (*tfm) = NULL;
1677         (*tfm_mutex) = NULL;
1678
1679         mutex_lock(&key_tfm_list_mutex);
1680         if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
1681                 rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
1682                 if (rc) {
1683                         printk(KERN_ERR "Error adding new key_tfm to list; "
1684                                         "rc = [%d]\n", rc);
1685                         goto out;
1686                 }
1687         }
1688         (*tfm) = key_tfm->key_tfm;
1689         (*tfm_mutex) = &key_tfm->key_tfm_mutex;
1690 out:
1691         mutex_unlock(&key_tfm_list_mutex);
1692         return rc;
1693 }
1694
1695 /* 64 characters forming a 6-bit target field */
1696 static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
1697                                                  "EFGHIJKLMNOPQRST"
1698                                                  "UVWXYZabcdefghij"
1699                                                  "klmnopqrstuvwxyz");
1700
1701 /* We could either offset on every reverse map or just pad some 0x00's
1702  * at the front here */
1703 static const unsigned char filename_rev_map[256] = {
1704         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
1705         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
1706         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
1707         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
1708         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
1709         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
1710         0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
1711         0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
1712         0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
1713         0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
1714         0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
1715         0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
1716         0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
1717         0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
1718         0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
1719         0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */
1720 };
1721
1722 /**
1723  * ecryptfs_encode_for_filename
1724  * @dst: Destination location for encoded filename
1725  * @dst_size: Size of the encoded filename in bytes
1726  * @src: Source location for the filename to encode
1727  * @src_size: Size of the source in bytes
1728  */
1729 static void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size,
1730                                   unsigned char *src, size_t src_size)
1731 {
1732         size_t num_blocks;
1733         size_t block_num = 0;
1734         size_t dst_offset = 0;
1735         unsigned char last_block[3];
1736
1737         if (src_size == 0) {
1738                 (*dst_size) = 0;
1739                 goto out;
1740         }
1741         num_blocks = (src_size / 3);
1742         if ((src_size % 3) == 0) {
1743                 memcpy(last_block, (&src[src_size - 3]), 3);
1744         } else {
1745                 num_blocks++;
1746                 last_block[2] = 0x00;
1747                 switch (src_size % 3) {
1748                 case 1:
1749                         last_block[0] = src[src_size - 1];
1750                         last_block[1] = 0x00;
1751                         break;
1752                 case 2:
1753                         last_block[0] = src[src_size - 2];
1754                         last_block[1] = src[src_size - 1];
1755                 }
1756         }
1757         (*dst_size) = (num_blocks * 4);
1758         if (!dst)
1759                 goto out;
1760         while (block_num < num_blocks) {
1761                 unsigned char *src_block;
1762                 unsigned char dst_block[4];
1763
1764                 if (block_num == (num_blocks - 1))
1765                         src_block = last_block;
1766                 else
1767                         src_block = &src[block_num * 3];
1768                 dst_block[0] = ((src_block[0] >> 2) & 0x3F);
1769                 dst_block[1] = (((src_block[0] << 4) & 0x30)
1770                                 | ((src_block[1] >> 4) & 0x0F));
1771                 dst_block[2] = (((src_block[1] << 2) & 0x3C)
1772                                 | ((src_block[2] >> 6) & 0x03));
1773                 dst_block[3] = (src_block[2] & 0x3F);
1774                 dst[dst_offset++] = portable_filename_chars[dst_block[0]];
1775                 dst[dst_offset++] = portable_filename_chars[dst_block[1]];
1776                 dst[dst_offset++] = portable_filename_chars[dst_block[2]];
1777                 dst[dst_offset++] = portable_filename_chars[dst_block[3]];
1778                 block_num++;
1779         }
1780 out:
1781         return;
1782 }
1783
1784 static size_t ecryptfs_max_decoded_size(size_t encoded_size)
1785 {
1786         /* Not exact; conservatively long. Every block of 4
1787          * encoded characters decodes into a block of 3
1788          * decoded characters. This segment of code provides
1789          * the caller with the maximum amount of allocated
1790          * space that @dst will need to point to in a
1791          * subsequent call. */
1792         return ((encoded_size + 1) * 3) / 4;
1793 }
1794
1795 /**
1796  * ecryptfs_decode_from_filename
1797  * @dst: If NULL, this function only sets @dst_size and returns. If
1798  *       non-NULL, this function decodes the encoded octets in @src
1799  *       into the memory that @dst points to.
1800  * @dst_size: Set to the size of the decoded string.
1801  * @src: The encoded set of octets to decode.
1802  * @src_size: The size of the encoded set of octets to decode.
1803  */
1804 static void
1805 ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
1806                               const unsigned char *src, size_t src_size)
1807 {
1808         u8 current_bit_offset = 0;
1809         size_t src_byte_offset = 0;
1810         size_t dst_byte_offset = 0;
1811
1812         if (!dst) {
1813                 (*dst_size) = ecryptfs_max_decoded_size(src_size);
1814                 goto out;
1815         }
1816         while (src_byte_offset < src_size) {
1817                 unsigned char src_byte =
1818                                 filename_rev_map[(int)src[src_byte_offset]];
1819
1820                 switch (current_bit_offset) {
1821                 case 0:
1822                         dst[dst_byte_offset] = (src_byte << 2);
1823                         current_bit_offset = 6;
1824                         break;
1825                 case 6:
1826                         dst[dst_byte_offset++] |= (src_byte >> 4);
1827                         dst[dst_byte_offset] = ((src_byte & 0xF)
1828                                                  << 4);
1829                         current_bit_offset = 4;
1830                         break;
1831                 case 4:
1832                         dst[dst_byte_offset++] |= (src_byte >> 2);
1833                         dst[dst_byte_offset] = (src_byte << 6);
1834                         current_bit_offset = 2;
1835                         break;
1836                 case 2:
1837                         dst[dst_byte_offset++] |= (src_byte);
1838                         current_bit_offset = 0;
1839                         break;
1840                 }
1841                 src_byte_offset++;
1842         }
1843         (*dst_size) = dst_byte_offset;
1844 out:
1845         return;
1846 }
1847
1848 /**
1849  * ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text
1850  * @encoded_name: The encrypted name
1851  * @encoded_name_size: Length of the encrypted name
1852  * @mount_crypt_stat: The crypt_stat struct associated with the file name to encode
1853  * @name: The plaintext name
1854  * @name_size: The length of the plaintext name
1855  *
1856  * Encrypts and encodes a filename into something that constitutes a
1857  * valid filename for a filesystem, with printable characters.
1858  *
1859  * We assume that we have a properly initialized crypto context,
1860  * pointed to by crypt_stat->tfm.
1861  *
1862  * Returns zero on success; non-zero on otherwise
1863  */
1864 int ecryptfs_encrypt_and_encode_filename(
1865         char **encoded_name,
1866         size_t *encoded_name_size,
1867         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
1868         const char *name, size_t name_size)
1869 {
1870         size_t encoded_name_no_prefix_size;
1871         int rc = 0;
1872
1873         (*encoded_name) = NULL;
1874         (*encoded_name_size) = 0;
1875         if (mount_crypt_stat && (mount_crypt_stat->flags
1876                                      & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
1877                 struct ecryptfs_filename *filename;
1878
1879                 filename = kzalloc(sizeof(*filename), GFP_KERNEL);
1880                 if (!filename) {
1881                         rc = -ENOMEM;
1882                         goto out;
1883                 }
1884                 filename->filename = (char *)name;
1885                 filename->filename_size = name_size;
1886                 rc = ecryptfs_encrypt_filename(filename, mount_crypt_stat);
1887                 if (rc) {
1888                         printk(KERN_ERR "%s: Error attempting to encrypt "
1889                                "filename; rc = [%d]\n", __func__, rc);
1890                         kfree(filename);
1891                         goto out;
1892                 }
1893                 ecryptfs_encode_for_filename(
1894                         NULL, &encoded_name_no_prefix_size,
1895                         filename->encrypted_filename,
1896                         filename->encrypted_filename_size);
1897                 if (mount_crypt_stat
1898                         && (mount_crypt_stat->flags
1899                             & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))
1900                         (*encoded_name_size) =
1901                                 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1902                                  + encoded_name_no_prefix_size);
1903                 else
1904                         (*encoded_name_size) =
1905                                 (ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1906                                  + encoded_name_no_prefix_size);
1907                 (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
1908                 if (!(*encoded_name)) {
1909                         rc = -ENOMEM;
1910                         kfree(filename->encrypted_filename);
1911                         kfree(filename);
1912                         goto out;
1913                 }
1914                 if (mount_crypt_stat
1915                         && (mount_crypt_stat->flags
1916                             & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
1917                         memcpy((*encoded_name),
1918                                ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
1919                                ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
1920                         ecryptfs_encode_for_filename(
1921                             ((*encoded_name)
1922                              + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE),
1923                             &encoded_name_no_prefix_size,
1924                             filename->encrypted_filename,
1925                             filename->encrypted_filename_size);
1926                         (*encoded_name_size) =
1927                                 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1928                                  + encoded_name_no_prefix_size);
1929                         (*encoded_name)[(*encoded_name_size)] = '\0';
1930                 } else {
1931                         rc = -EOPNOTSUPP;
1932                 }
1933                 if (rc) {
1934                         printk(KERN_ERR "%s: Error attempting to encode "
1935                                "encrypted filename; rc = [%d]\n", __func__,
1936                                rc);
1937                         kfree((*encoded_name));
1938                         (*encoded_name) = NULL;
1939                         (*encoded_name_size) = 0;
1940                 }
1941                 kfree(filename->encrypted_filename);
1942                 kfree(filename);
1943         } else {
1944                 rc = ecryptfs_copy_filename(encoded_name,
1945                                             encoded_name_size,
1946                                             name, name_size);
1947         }
1948 out:
1949         return rc;
1950 }
1951
1952 static bool is_dot_dotdot(const char *name, size_t name_size)
1953 {
1954         if (name_size == 1 && name[0] == '.')
1955                 return true;
1956         else if (name_size == 2 && name[0] == '.' && name[1] == '.')
1957                 return true;
1958
1959         return false;
1960 }
1961
1962 /**
1963  * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
1964  * @plaintext_name: The plaintext name
1965  * @plaintext_name_size: The plaintext name size
1966  * @sb: Ecryptfs's super_block
1967  * @name: The filename in cipher text
1968  * @name_size: The cipher text name size
1969  *
1970  * Decrypts and decodes the filename.
1971  *
1972  * Returns zero on error; non-zero otherwise
1973  */
1974 int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
1975                                          size_t *plaintext_name_size,
1976                                          struct super_block *sb,
1977                                          const char *name, size_t name_size)
1978 {
1979         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1980                 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
1981         char *decoded_name;
1982         size_t decoded_name_size;
1983         size_t packet_size;
1984         int rc = 0;
1985
1986         if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) &&
1987             !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)) {
1988                 if (is_dot_dotdot(name, name_size)) {
1989                         rc = ecryptfs_copy_filename(plaintext_name,
1990                                                     plaintext_name_size,
1991                                                     name, name_size);
1992                         goto out;
1993                 }
1994
1995                 if (name_size <= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE ||
1996                     strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
1997                             ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)) {
1998                         rc = -EINVAL;
1999                         goto out;
2000                 }
2001
2002                 name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2003                 name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2004                 ecryptfs_decode_from_filename(NULL, &decoded_name_size,
2005                                               name, name_size);
2006                 decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
2007                 if (!decoded_name) {
2008                         rc = -ENOMEM;
2009                         goto out;
2010                 }
2011                 ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
2012                                               name, name_size);
2013                 rc = ecryptfs_parse_tag_70_packet(plaintext_name,
2014                                                   plaintext_name_size,
2015                                                   &packet_size,
2016                                                   mount_crypt_stat,
2017                                                   decoded_name,
2018                                                   decoded_name_size);
2019                 if (rc) {
2020                         ecryptfs_printk(KERN_DEBUG,
2021                                         "%s: Could not parse tag 70 packet from filename\n",
2022                                         __func__);
2023                         goto out_free;
2024                 }
2025         } else {
2026                 rc = ecryptfs_copy_filename(plaintext_name,
2027                                             plaintext_name_size,
2028                                             name, name_size);
2029                 goto out;
2030         }
2031 out_free:
2032         kfree(decoded_name);
2033 out:
2034         return rc;
2035 }
2036
2037 #define ENC_NAME_MAX_BLOCKLEN_8_OR_16   143
2038
2039 int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2040                            struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
2041 {
2042         struct crypto_skcipher *tfm;
2043         struct mutex *tfm_mutex;
2044         size_t cipher_blocksize;
2045         int rc;
2046
2047         if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
2048                 (*namelen) = lower_namelen;
2049                 return 0;
2050         }
2051
2052         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2053                         mount_crypt_stat->global_default_fn_cipher_name);
2054         if (unlikely(rc)) {
2055                 (*namelen) = 0;
2056                 return rc;
2057         }
2058
2059         mutex_lock(tfm_mutex);
2060         cipher_blocksize = crypto_skcipher_blocksize(tfm);
2061         mutex_unlock(tfm_mutex);
2062
2063         /* Return an exact amount for the common cases */
2064         if (lower_namelen == NAME_MAX
2065             && (cipher_blocksize == 8 || cipher_blocksize == 16)) {
2066                 (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16;
2067                 return 0;
2068         }
2069
2070         /* Return a safe estimate for the uncommon cases */
2071         (*namelen) = lower_namelen;
2072         (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2073         /* Since this is the max decoded size, subtract 1 "decoded block" len */
2074         (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3;
2075         (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE;
2076         (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES;
2077         /* Worst case is that the filename is padded nearly a full block size */
2078         (*namelen) -= cipher_blocksize - 1;
2079
2080         if ((*namelen) < 0)
2081                 (*namelen) = 0;
2082
2083         return 0;
2084 }