]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
6b3bd08f | 2 | /* |
0b81d077 | 3 | * This contains functions for filename crypto management |
6b3bd08f JK |
4 | * |
5 | * Copyright (C) 2015, Google, Inc. | |
6 | * Copyright (C) 2015, Motorola Mobility | |
7 | * | |
6b3bd08f | 8 | * Written by Uday Savagaonkar, 2014. |
0b81d077 | 9 | * Modified by Jaegeuk Kim, 2015. |
6b3bd08f JK |
10 | * |
11 | * This has not yet undergone a rigorous security audit. | |
12 | */ | |
0b81d077 | 13 | |
6b3bd08f | 14 | #include <linux/scatterlist.h> |
6b3bd08f | 15 | #include <linux/ratelimit.h> |
3325bea5 | 16 | #include "fscrypt_private.h" |
6b3bd08f | 17 | |
6b3bd08f | 18 | /** |
53fd7550 EB |
19 | * fname_crypt_complete() - completion callback for filename crypto |
20 | * @req: The asynchronous cipher request context | |
21 | * @res: The result of the cipher operation | |
6b3bd08f | 22 | */ |
53fd7550 | 23 | static void fname_crypt_complete(struct crypto_async_request *req, int res) |
6b3bd08f | 24 | { |
0b81d077 | 25 | struct fscrypt_completion_result *ecr = req->data; |
6b3bd08f JK |
26 | |
27 | if (res == -EINPROGRESS) | |
28 | return; | |
29 | ecr->res = res; | |
30 | complete(&ecr->completion); | |
31 | } | |
32 | ||
6b3bd08f | 33 | /** |
ef1eb3aa | 34 | * fname_encrypt() - encrypt a filename |
6b3bd08f | 35 | * |
ef1eb3aa EB |
36 | * The caller must have allocated sufficient memory for the @oname string. |
37 | * | |
38 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 39 | */ |
0b81d077 JK |
40 | static int fname_encrypt(struct inode *inode, |
41 | const struct qstr *iname, struct fscrypt_str *oname) | |
6b3bd08f | 42 | { |
2731a944 | 43 | struct skcipher_request *req = NULL; |
0b81d077 JK |
44 | DECLARE_FS_COMPLETION_RESULT(ecr); |
45 | struct fscrypt_info *ci = inode->i_crypt_info; | |
2731a944 | 46 | struct crypto_skcipher *tfm = ci->ci_ctfm; |
6b3bd08f | 47 | int res = 0; |
0b81d077 | 48 | char iv[FS_CRYPTO_BLOCK_SIZE]; |
08ae877f | 49 | struct scatterlist sg; |
0b81d077 | 50 | int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); |
08ae877f EB |
51 | unsigned int lim; |
52 | unsigned int cryptlen; | |
6b3bd08f | 53 | |
0b81d077 | 54 | lim = inode->i_sb->s_cop->max_namelen(inode); |
6b3bd08f JK |
55 | if (iname->len <= 0 || iname->len > lim) |
56 | return -EIO; | |
57 | ||
08ae877f EB |
58 | /* |
59 | * Copy the filename to the output buffer for encrypting in-place and | |
60 | * pad it with the needed number of NUL bytes. | |
61 | */ | |
62 | cryptlen = max_t(unsigned int, iname->len, FS_CRYPTO_BLOCK_SIZE); | |
63 | cryptlen = round_up(cryptlen, padding); | |
64 | cryptlen = min(cryptlen, lim); | |
65 | memcpy(oname->name, iname->name, iname->len); | |
66 | memset(oname->name + iname->len, 0, cryptlen - iname->len); | |
6b3bd08f | 67 | |
08ae877f EB |
68 | /* Initialize the IV */ |
69 | memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); | |
6b3bd08f | 70 | |
08ae877f | 71 | /* Set up the encryption request */ |
2731a944 | 72 | req = skcipher_request_alloc(tfm, GFP_NOFS); |
6b3bd08f JK |
73 | if (!req) { |
74 | printk_ratelimited(KERN_ERR | |
08ae877f | 75 | "%s: skcipher_request_alloc() failed\n", __func__); |
6b3bd08f JK |
76 | return -ENOMEM; |
77 | } | |
2731a944 | 78 | skcipher_request_set_callback(req, |
6b3bd08f | 79 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, |
53fd7550 | 80 | fname_crypt_complete, &ecr); |
08ae877f EB |
81 | sg_init_one(&sg, oname->name, cryptlen); |
82 | skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv); | |
6b3bd08f | 83 | |
08ae877f | 84 | /* Do the encryption */ |
2731a944 | 85 | res = crypto_skcipher_encrypt(req); |
6b3bd08f | 86 | if (res == -EINPROGRESS || res == -EBUSY) { |
08ae877f | 87 | /* Request is being completed asynchronously; wait for it */ |
6b3bd08f JK |
88 | wait_for_completion(&ecr.completion); |
89 | res = ecr.res; | |
90 | } | |
2731a944 | 91 | skcipher_request_free(req); |
ef1eb3aa | 92 | if (res < 0) { |
6b3bd08f JK |
93 | printk_ratelimited(KERN_ERR |
94 | "%s: Error (error code %d)\n", __func__, res); | |
ef1eb3aa EB |
95 | return res; |
96 | } | |
0b81d077 | 97 | |
08ae877f | 98 | oname->len = cryptlen; |
ef1eb3aa | 99 | return 0; |
6b3bd08f JK |
100 | } |
101 | ||
ef1eb3aa EB |
102 | /** |
103 | * fname_decrypt() - decrypt a filename | |
104 | * | |
105 | * The caller must have allocated sufficient memory for the @oname string. | |
106 | * | |
107 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 108 | */ |
0b81d077 JK |
109 | static int fname_decrypt(struct inode *inode, |
110 | const struct fscrypt_str *iname, | |
111 | struct fscrypt_str *oname) | |
6b3bd08f | 112 | { |
2731a944 | 113 | struct skcipher_request *req = NULL; |
0b81d077 | 114 | DECLARE_FS_COMPLETION_RESULT(ecr); |
6b3bd08f | 115 | struct scatterlist src_sg, dst_sg; |
0b81d077 | 116 | struct fscrypt_info *ci = inode->i_crypt_info; |
2731a944 | 117 | struct crypto_skcipher *tfm = ci->ci_ctfm; |
6b3bd08f | 118 | int res = 0; |
0b81d077 JK |
119 | char iv[FS_CRYPTO_BLOCK_SIZE]; |
120 | unsigned lim; | |
6b3bd08f | 121 | |
0b81d077 | 122 | lim = inode->i_sb->s_cop->max_namelen(inode); |
6b3bd08f JK |
123 | if (iname->len <= 0 || iname->len > lim) |
124 | return -EIO; | |
125 | ||
126 | /* Allocate request */ | |
2731a944 | 127 | req = skcipher_request_alloc(tfm, GFP_NOFS); |
6b3bd08f JK |
128 | if (!req) { |
129 | printk_ratelimited(KERN_ERR | |
130 | "%s: crypto_request_alloc() failed\n", __func__); | |
131 | return -ENOMEM; | |
132 | } | |
2731a944 | 133 | skcipher_request_set_callback(req, |
6b3bd08f | 134 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, |
53fd7550 | 135 | fname_crypt_complete, &ecr); |
6b3bd08f JK |
136 | |
137 | /* Initialize IV */ | |
0b81d077 | 138 | memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); |
6b3bd08f JK |
139 | |
140 | /* Create decryption request */ | |
141 | sg_init_one(&src_sg, iname->name, iname->len); | |
142 | sg_init_one(&dst_sg, oname->name, oname->len); | |
2731a944 HX |
143 | skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv); |
144 | res = crypto_skcipher_decrypt(req); | |
6b3bd08f | 145 | if (res == -EINPROGRESS || res == -EBUSY) { |
6b3bd08f JK |
146 | wait_for_completion(&ecr.completion); |
147 | res = ecr.res; | |
148 | } | |
2731a944 | 149 | skcipher_request_free(req); |
6b3bd08f JK |
150 | if (res < 0) { |
151 | printk_ratelimited(KERN_ERR | |
0b81d077 | 152 | "%s: Error (error code %d)\n", __func__, res); |
6b3bd08f JK |
153 | return res; |
154 | } | |
155 | ||
156 | oname->len = strnlen(oname->name, iname->len); | |
ef1eb3aa | 157 | return 0; |
6b3bd08f JK |
158 | } |
159 | ||
160 | static const char *lookup_table = | |
161 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; | |
162 | ||
17159420 EB |
163 | #define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3) |
164 | ||
6b3bd08f | 165 | /** |
0b81d077 | 166 | * digest_encode() - |
6b3bd08f JK |
167 | * |
168 | * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. | |
169 | * The encoded string is roughly 4/3 times the size of the input string. | |
170 | */ | |
171 | static int digest_encode(const char *src, int len, char *dst) | |
172 | { | |
173 | int i = 0, bits = 0, ac = 0; | |
174 | char *cp = dst; | |
175 | ||
176 | while (i < len) { | |
177 | ac += (((unsigned char) src[i]) << bits); | |
178 | bits += 8; | |
179 | do { | |
180 | *cp++ = lookup_table[ac & 0x3f]; | |
181 | ac >>= 6; | |
182 | bits -= 6; | |
183 | } while (bits >= 6); | |
184 | i++; | |
185 | } | |
186 | if (bits) | |
187 | *cp++ = lookup_table[ac & 0x3f]; | |
188 | return cp - dst; | |
189 | } | |
190 | ||
191 | static int digest_decode(const char *src, int len, char *dst) | |
192 | { | |
193 | int i = 0, bits = 0, ac = 0; | |
194 | const char *p; | |
195 | char *cp = dst; | |
196 | ||
197 | while (i < len) { | |
198 | p = strchr(lookup_table, src[i]); | |
199 | if (p == NULL || src[i] == 0) | |
200 | return -2; | |
201 | ac += (p - lookup_table) << bits; | |
202 | bits += 6; | |
203 | if (bits >= 8) { | |
204 | *cp++ = ac & 0xff; | |
205 | ac >>= 8; | |
206 | bits -= 8; | |
207 | } | |
208 | i++; | |
209 | } | |
210 | if (ac) | |
211 | return -1; | |
212 | return cp - dst; | |
213 | } | |
214 | ||
0b93e1b9 | 215 | u32 fscrypt_fname_encrypted_size(const struct inode *inode, u32 ilen) |
6b3bd08f | 216 | { |
922ec355 | 217 | int padding = 32; |
0b81d077 | 218 | struct fscrypt_info *ci = inode->i_crypt_info; |
922ec355 CY |
219 | |
220 | if (ci) | |
0b81d077 | 221 | padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); |
55be3145 EB |
222 | ilen = max(ilen, (u32)FS_CRYPTO_BLOCK_SIZE); |
223 | return round_up(ilen, padding); | |
6b3bd08f | 224 | } |
0b81d077 | 225 | EXPORT_SYMBOL(fscrypt_fname_encrypted_size); |
6b3bd08f JK |
226 | |
227 | /** | |
0b81d077 | 228 | * fscrypt_fname_crypto_alloc_obuff() - |
6b3bd08f JK |
229 | * |
230 | * Allocates an output buffer that is sufficient for the crypto operation | |
231 | * specified by the context and the direction. | |
232 | */ | |
0b93e1b9 | 233 | int fscrypt_fname_alloc_buffer(const struct inode *inode, |
0b81d077 | 234 | u32 ilen, struct fscrypt_str *crypto_str) |
6b3bd08f | 235 | { |
17159420 EB |
236 | u32 olen = fscrypt_fname_encrypted_size(inode, ilen); |
237 | const u32 max_encoded_len = | |
238 | max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE), | |
239 | 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))); | |
6b3bd08f | 240 | |
6b3bd08f | 241 | crypto_str->len = olen; |
17159420 EB |
242 | olen = max(olen, max_encoded_len); |
243 | ||
0b81d077 JK |
244 | /* |
245 | * Allocated buffer can hold one more character to null-terminate the | |
246 | * string | |
247 | */ | |
6b3bd08f JK |
248 | crypto_str->name = kmalloc(olen + 1, GFP_NOFS); |
249 | if (!(crypto_str->name)) | |
250 | return -ENOMEM; | |
251 | return 0; | |
252 | } | |
0b81d077 | 253 | EXPORT_SYMBOL(fscrypt_fname_alloc_buffer); |
6b3bd08f JK |
254 | |
255 | /** | |
0b81d077 | 256 | * fscrypt_fname_crypto_free_buffer() - |
6b3bd08f JK |
257 | * |
258 | * Frees the buffer allocated for crypto operation. | |
259 | */ | |
0b81d077 | 260 | void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) |
6b3bd08f JK |
261 | { |
262 | if (!crypto_str) | |
263 | return; | |
264 | kfree(crypto_str->name); | |
265 | crypto_str->name = NULL; | |
266 | } | |
0b81d077 | 267 | EXPORT_SYMBOL(fscrypt_fname_free_buffer); |
6b3bd08f JK |
268 | |
269 | /** | |
0b81d077 JK |
270 | * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user |
271 | * space | |
ef1eb3aa EB |
272 | * |
273 | * The caller must have allocated sufficient memory for the @oname string. | |
274 | * | |
17159420 EB |
275 | * If the key is available, we'll decrypt the disk name; otherwise, we'll encode |
276 | * it for presentation. Short names are directly base64-encoded, while long | |
277 | * names are encoded in fscrypt_digested_name format. | |
278 | * | |
ef1eb3aa | 279 | * Return: 0 on success, -errno on failure |
6b3bd08f | 280 | */ |
0b81d077 JK |
281 | int fscrypt_fname_disk_to_usr(struct inode *inode, |
282 | u32 hash, u32 minor_hash, | |
283 | const struct fscrypt_str *iname, | |
284 | struct fscrypt_str *oname) | |
6b3bd08f JK |
285 | { |
286 | const struct qstr qname = FSTR_TO_QSTR(iname); | |
17159420 | 287 | struct fscrypt_digested_name digested_name; |
6b3bd08f | 288 | |
0b81d077 | 289 | if (fscrypt_is_dot_dotdot(&qname)) { |
6b3bd08f JK |
290 | oname->name[0] = '.'; |
291 | oname->name[iname->len - 1] = '.'; | |
292 | oname->len = iname->len; | |
ef1eb3aa | 293 | return 0; |
6b3bd08f JK |
294 | } |
295 | ||
0b81d077 | 296 | if (iname->len < FS_CRYPTO_BLOCK_SIZE) |
1dafa51d | 297 | return -EUCLEAN; |
6b3bd08f | 298 | |
0b81d077 JK |
299 | if (inode->i_crypt_info) |
300 | return fname_decrypt(inode, iname, oname); | |
301 | ||
17159420 | 302 | if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { |
ef1eb3aa EB |
303 | oname->len = digest_encode(iname->name, iname->len, |
304 | oname->name); | |
305 | return 0; | |
6b3bd08f JK |
306 | } |
307 | if (hash) { | |
17159420 EB |
308 | digested_name.hash = hash; |
309 | digested_name.minor_hash = minor_hash; | |
0b81d077 | 310 | } else { |
17159420 EB |
311 | digested_name.hash = 0; |
312 | digested_name.minor_hash = 0; | |
0b81d077 | 313 | } |
17159420 EB |
314 | memcpy(digested_name.digest, |
315 | FSCRYPT_FNAME_DIGEST(iname->name, iname->len), | |
316 | FSCRYPT_FNAME_DIGEST_SIZE); | |
6b3bd08f | 317 | oname->name[0] = '_'; |
17159420 EB |
318 | oname->len = 1 + digest_encode((const char *)&digested_name, |
319 | sizeof(digested_name), oname->name + 1); | |
ef1eb3aa | 320 | return 0; |
6b3bd08f | 321 | } |
0b81d077 | 322 | EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); |
6b3bd08f JK |
323 | |
324 | /** | |
0b81d077 JK |
325 | * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk |
326 | * space | |
ef1eb3aa EB |
327 | * |
328 | * The caller must have allocated sufficient memory for the @oname string. | |
329 | * | |
330 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 331 | */ |
0b81d077 | 332 | int fscrypt_fname_usr_to_disk(struct inode *inode, |
6b3bd08f | 333 | const struct qstr *iname, |
0b81d077 | 334 | struct fscrypt_str *oname) |
6b3bd08f | 335 | { |
0b81d077 | 336 | if (fscrypt_is_dot_dotdot(iname)) { |
6b3bd08f JK |
337 | oname->name[0] = '.'; |
338 | oname->name[iname->len - 1] = '.'; | |
339 | oname->len = iname->len; | |
ef1eb3aa | 340 | return 0; |
6b3bd08f | 341 | } |
0b81d077 JK |
342 | if (inode->i_crypt_info) |
343 | return fname_encrypt(inode, iname, oname); | |
344 | /* | |
345 | * Without a proper key, a user is not allowed to modify the filenames | |
6b3bd08f | 346 | * in a directory. Consequently, a user space name cannot be mapped to |
0b81d077 JK |
347 | * a disk-space name |
348 | */ | |
54475f53 | 349 | return -ENOKEY; |
6b3bd08f | 350 | } |
0b81d077 | 351 | EXPORT_SYMBOL(fscrypt_fname_usr_to_disk); |
6b3bd08f | 352 | |
17159420 EB |
353 | /** |
354 | * fscrypt_setup_filename() - prepare to search a possibly encrypted directory | |
355 | * @dir: the directory that will be searched | |
356 | * @iname: the user-provided filename being searched for | |
357 | * @lookup: 1 if we're allowed to proceed without the key because it's | |
358 | * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot | |
359 | * proceed without the key because we're going to create the dir_entry. | |
360 | * @fname: the filename information to be filled in | |
361 | * | |
362 | * Given a user-provided filename @iname, this function sets @fname->disk_name | |
363 | * to the name that would be stored in the on-disk directory entry, if possible. | |
364 | * If the directory is unencrypted this is simply @iname. Else, if we have the | |
365 | * directory's encryption key, then @iname is the plaintext, so we encrypt it to | |
366 | * get the disk_name. | |
367 | * | |
368 | * Else, for keyless @lookup operations, @iname is the presented ciphertext, so | |
369 | * we decode it to get either the ciphertext disk_name (for short names) or the | |
370 | * fscrypt_digested_name (for long names). Non-@lookup operations will be | |
371 | * impossible in this case, so we fail them with ENOKEY. | |
372 | * | |
373 | * If successful, fscrypt_free_filename() must be called later to clean up. | |
374 | * | |
375 | * Return: 0 on success, -errno on failure | |
376 | */ | |
0b81d077 JK |
377 | int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, |
378 | int lookup, struct fscrypt_name *fname) | |
6b3bd08f | 379 | { |
17159420 EB |
380 | int ret; |
381 | int digested; | |
6b3bd08f | 382 | |
0b81d077 | 383 | memset(fname, 0, sizeof(struct fscrypt_name)); |
6b3bd08f JK |
384 | fname->usr_fname = iname; |
385 | ||
0b81d077 JK |
386 | if (!dir->i_sb->s_cop->is_encrypted(dir) || |
387 | fscrypt_is_dot_dotdot(iname)) { | |
6b3bd08f JK |
388 | fname->disk_name.name = (unsigned char *)iname->name; |
389 | fname->disk_name.len = iname->len; | |
7bf4b557 | 390 | return 0; |
6b3bd08f | 391 | } |
1b53cf98 | 392 | ret = fscrypt_get_encryption_info(dir); |
0b81d077 | 393 | if (ret && ret != -EOPNOTSUPP) |
6b3bd08f | 394 | return ret; |
0b81d077 JK |
395 | |
396 | if (dir->i_crypt_info) { | |
397 | ret = fscrypt_fname_alloc_buffer(dir, iname->len, | |
398 | &fname->crypto_buf); | |
ef1eb3aa | 399 | if (ret) |
7bf4b557 | 400 | return ret; |
0b81d077 | 401 | ret = fname_encrypt(dir, iname, &fname->crypto_buf); |
ef1eb3aa | 402 | if (ret) |
e5e0906b | 403 | goto errout; |
6b3bd08f JK |
404 | fname->disk_name.name = fname->crypto_buf.name; |
405 | fname->disk_name.len = fname->crypto_buf.len; | |
7bf4b557 | 406 | return 0; |
6b3bd08f | 407 | } |
e5e0906b | 408 | if (!lookup) |
54475f53 | 409 | return -ENOKEY; |
6b3bd08f | 410 | |
0b81d077 JK |
411 | /* |
412 | * We don't have the key and we are doing a lookup; decode the | |
6b3bd08f JK |
413 | * user-supplied name |
414 | */ | |
17159420 EB |
415 | if (iname->name[0] == '_') { |
416 | if (iname->len != | |
417 | 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))) | |
418 | return -ENOENT; | |
419 | digested = 1; | |
420 | } else { | |
421 | if (iname->len > | |
422 | BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)) | |
423 | return -ENOENT; | |
424 | digested = 0; | |
425 | } | |
e5e0906b | 426 | |
17159420 EB |
427 | fname->crypto_buf.name = |
428 | kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE, | |
429 | sizeof(struct fscrypt_digested_name)), | |
430 | GFP_KERNEL); | |
e5e0906b JK |
431 | if (fname->crypto_buf.name == NULL) |
432 | return -ENOMEM; | |
0b81d077 | 433 | |
17159420 | 434 | ret = digest_decode(iname->name + digested, iname->len - digested, |
6b3bd08f JK |
435 | fname->crypto_buf.name); |
436 | if (ret < 0) { | |
437 | ret = -ENOENT; | |
e5e0906b | 438 | goto errout; |
6b3bd08f JK |
439 | } |
440 | fname->crypto_buf.len = ret; | |
17159420 EB |
441 | if (digested) { |
442 | const struct fscrypt_digested_name *n = | |
443 | (const void *)fname->crypto_buf.name; | |
444 | fname->hash = n->hash; | |
445 | fname->minor_hash = n->minor_hash; | |
6b3bd08f JK |
446 | } else { |
447 | fname->disk_name.name = fname->crypto_buf.name; | |
448 | fname->disk_name.len = fname->crypto_buf.len; | |
449 | } | |
7bf4b557 | 450 | return 0; |
0b81d077 | 451 | |
e5e0906b | 452 | errout: |
0b81d077 | 453 | fscrypt_fname_free_buffer(&fname->crypto_buf); |
6b3bd08f JK |
454 | return ret; |
455 | } | |
0b81d077 | 456 | EXPORT_SYMBOL(fscrypt_setup_filename); |