1 // SPDX-License-Identifier: GPL-2.0
3 * This contains functions for filename crypto management
5 * Copyright (C) 2015, Google, Inc.
6 * Copyright (C) 2015, Motorola Mobility
8 * Written by Uday Savagaonkar, 2014.
9 * Modified by Jaegeuk Kim, 2015.
11 * This has not yet undergone a rigorous security audit.
14 #include <linux/scatterlist.h>
15 #include <linux/ratelimit.h>
16 #include "fscrypt_private.h"
19 * fname_crypt_complete() - completion callback for filename crypto
20 * @req: The asynchronous cipher request context
21 * @res: The result of the cipher operation
23 static void fname_crypt_complete(struct crypto_async_request
*req
, int res
)
25 struct fscrypt_completion_result
*ecr
= req
->data
;
27 if (res
== -EINPROGRESS
)
30 complete(&ecr
->completion
);
34 * fname_encrypt() - encrypt a filename
36 * The caller must have allocated sufficient memory for the @oname string.
38 * Return: 0 on success, -errno on failure
40 static int fname_encrypt(struct inode
*inode
,
41 const struct qstr
*iname
, struct fscrypt_str
*oname
)
43 struct skcipher_request
*req
= NULL
;
44 DECLARE_FS_COMPLETION_RESULT(ecr
);
45 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
46 struct crypto_skcipher
*tfm
= ci
->ci_ctfm
;
48 char iv
[FS_CRYPTO_BLOCK_SIZE
];
49 struct scatterlist sg
;
50 int padding
= 4 << (ci
->ci_flags
& FS_POLICY_FLAGS_PAD_MASK
);
52 unsigned int cryptlen
;
54 lim
= inode
->i_sb
->s_cop
->max_namelen(inode
);
55 if (iname
->len
<= 0 || iname
->len
> lim
)
59 * Copy the filename to the output buffer for encrypting in-place and
60 * pad it with the needed number of NUL bytes.
62 cryptlen
= max_t(unsigned int, iname
->len
, FS_CRYPTO_BLOCK_SIZE
);
63 cryptlen
= round_up(cryptlen
, padding
);
64 cryptlen
= min(cryptlen
, lim
);
65 memcpy(oname
->name
, iname
->name
, iname
->len
);
66 memset(oname
->name
+ iname
->len
, 0, cryptlen
- iname
->len
);
68 /* Initialize the IV */
69 memset(iv
, 0, FS_CRYPTO_BLOCK_SIZE
);
71 /* Set up the encryption request */
72 req
= skcipher_request_alloc(tfm
, GFP_NOFS
);
74 printk_ratelimited(KERN_ERR
75 "%s: skcipher_request_alloc() failed\n", __func__
);
78 skcipher_request_set_callback(req
,
79 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
80 fname_crypt_complete
, &ecr
);
81 sg_init_one(&sg
, oname
->name
, cryptlen
);
82 skcipher_request_set_crypt(req
, &sg
, &sg
, cryptlen
, iv
);
84 /* Do the encryption */
85 res
= crypto_skcipher_encrypt(req
);
86 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
87 /* Request is being completed asynchronously; wait for it */
88 wait_for_completion(&ecr
.completion
);
91 skcipher_request_free(req
);
93 printk_ratelimited(KERN_ERR
94 "%s: Error (error code %d)\n", __func__
, res
);
98 oname
->len
= cryptlen
;
103 * fname_decrypt() - decrypt a filename
105 * The caller must have allocated sufficient memory for the @oname string.
107 * Return: 0 on success, -errno on failure
109 static int fname_decrypt(struct inode
*inode
,
110 const struct fscrypt_str
*iname
,
111 struct fscrypt_str
*oname
)
113 struct skcipher_request
*req
= NULL
;
114 DECLARE_FS_COMPLETION_RESULT(ecr
);
115 struct scatterlist src_sg
, dst_sg
;
116 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
117 struct crypto_skcipher
*tfm
= ci
->ci_ctfm
;
119 char iv
[FS_CRYPTO_BLOCK_SIZE
];
122 lim
= inode
->i_sb
->s_cop
->max_namelen(inode
);
123 if (iname
->len
<= 0 || iname
->len
> lim
)
126 /* Allocate request */
127 req
= skcipher_request_alloc(tfm
, GFP_NOFS
);
129 printk_ratelimited(KERN_ERR
130 "%s: crypto_request_alloc() failed\n", __func__
);
133 skcipher_request_set_callback(req
,
134 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
135 fname_crypt_complete
, &ecr
);
138 memset(iv
, 0, FS_CRYPTO_BLOCK_SIZE
);
140 /* Create decryption request */
141 sg_init_one(&src_sg
, iname
->name
, iname
->len
);
142 sg_init_one(&dst_sg
, oname
->name
, oname
->len
);
143 skcipher_request_set_crypt(req
, &src_sg
, &dst_sg
, iname
->len
, iv
);
144 res
= crypto_skcipher_decrypt(req
);
145 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
146 wait_for_completion(&ecr
.completion
);
149 skcipher_request_free(req
);
151 printk_ratelimited(KERN_ERR
152 "%s: Error (error code %d)\n", __func__
, res
);
156 oname
->len
= strnlen(oname
->name
, iname
->len
);
160 static const char *lookup_table
=
161 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
163 #define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)
168 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
169 * The encoded string is roughly 4/3 times the size of the input string.
171 static int digest_encode(const char *src
, int len
, char *dst
)
173 int i
= 0, bits
= 0, ac
= 0;
177 ac
+= (((unsigned char) src
[i
]) << bits
);
180 *cp
++ = lookup_table
[ac
& 0x3f];
187 *cp
++ = lookup_table
[ac
& 0x3f];
191 static int digest_decode(const char *src
, int len
, char *dst
)
193 int i
= 0, bits
= 0, ac
= 0;
198 p
= strchr(lookup_table
, src
[i
]);
199 if (p
== NULL
|| src
[i
] == 0)
201 ac
+= (p
- lookup_table
) << bits
;
215 u32
fscrypt_fname_encrypted_size(const struct inode
*inode
, u32 ilen
)
218 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
221 padding
= 4 << (ci
->ci_flags
& FS_POLICY_FLAGS_PAD_MASK
);
222 ilen
= max(ilen
, (u32
)FS_CRYPTO_BLOCK_SIZE
);
223 return round_up(ilen
, padding
);
225 EXPORT_SYMBOL(fscrypt_fname_encrypted_size
);
228 * fscrypt_fname_crypto_alloc_obuff() -
230 * Allocates an output buffer that is sufficient for the crypto operation
231 * specified by the context and the direction.
233 int fscrypt_fname_alloc_buffer(const struct inode
*inode
,
234 u32 ilen
, struct fscrypt_str
*crypto_str
)
236 u32 olen
= fscrypt_fname_encrypted_size(inode
, ilen
);
237 const u32 max_encoded_len
=
238 max_t(u32
, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
),
239 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name
)));
241 crypto_str
->len
= olen
;
242 olen
= max(olen
, max_encoded_len
);
245 * Allocated buffer can hold one more character to null-terminate the
248 crypto_str
->name
= kmalloc(olen
+ 1, GFP_NOFS
);
249 if (!(crypto_str
->name
))
253 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer
);
256 * fscrypt_fname_crypto_free_buffer() -
258 * Frees the buffer allocated for crypto operation.
260 void fscrypt_fname_free_buffer(struct fscrypt_str
*crypto_str
)
264 kfree(crypto_str
->name
);
265 crypto_str
->name
= NULL
;
267 EXPORT_SYMBOL(fscrypt_fname_free_buffer
);
270 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user
273 * The caller must have allocated sufficient memory for the @oname string.
275 * If the key is available, we'll decrypt the disk name; otherwise, we'll encode
276 * it for presentation. Short names are directly base64-encoded, while long
277 * names are encoded in fscrypt_digested_name format.
279 * Return: 0 on success, -errno on failure
281 int fscrypt_fname_disk_to_usr(struct inode
*inode
,
282 u32 hash
, u32 minor_hash
,
283 const struct fscrypt_str
*iname
,
284 struct fscrypt_str
*oname
)
286 const struct qstr qname
= FSTR_TO_QSTR(iname
);
287 struct fscrypt_digested_name digested_name
;
289 if (fscrypt_is_dot_dotdot(&qname
)) {
290 oname
->name
[0] = '.';
291 oname
->name
[iname
->len
- 1] = '.';
292 oname
->len
= iname
->len
;
296 if (iname
->len
< FS_CRYPTO_BLOCK_SIZE
)
299 if (inode
->i_crypt_info
)
300 return fname_decrypt(inode
, iname
, oname
);
302 if (iname
->len
<= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
) {
303 oname
->len
= digest_encode(iname
->name
, iname
->len
,
308 digested_name
.hash
= hash
;
309 digested_name
.minor_hash
= minor_hash
;
311 digested_name
.hash
= 0;
312 digested_name
.minor_hash
= 0;
314 memcpy(digested_name
.digest
,
315 FSCRYPT_FNAME_DIGEST(iname
->name
, iname
->len
),
316 FSCRYPT_FNAME_DIGEST_SIZE
);
317 oname
->name
[0] = '_';
318 oname
->len
= 1 + digest_encode((const char *)&digested_name
,
319 sizeof(digested_name
), oname
->name
+ 1);
322 EXPORT_SYMBOL(fscrypt_fname_disk_to_usr
);
325 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk
328 * The caller must have allocated sufficient memory for the @oname string.
330 * Return: 0 on success, -errno on failure
332 int fscrypt_fname_usr_to_disk(struct inode
*inode
,
333 const struct qstr
*iname
,
334 struct fscrypt_str
*oname
)
336 if (fscrypt_is_dot_dotdot(iname
)) {
337 oname
->name
[0] = '.';
338 oname
->name
[iname
->len
- 1] = '.';
339 oname
->len
= iname
->len
;
342 if (inode
->i_crypt_info
)
343 return fname_encrypt(inode
, iname
, oname
);
345 * Without a proper key, a user is not allowed to modify the filenames
346 * in a directory. Consequently, a user space name cannot be mapped to
351 EXPORT_SYMBOL(fscrypt_fname_usr_to_disk
);
354 * fscrypt_setup_filename() - prepare to search a possibly encrypted directory
355 * @dir: the directory that will be searched
356 * @iname: the user-provided filename being searched for
357 * @lookup: 1 if we're allowed to proceed without the key because it's
358 * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
359 * proceed without the key because we're going to create the dir_entry.
360 * @fname: the filename information to be filled in
362 * Given a user-provided filename @iname, this function sets @fname->disk_name
363 * to the name that would be stored in the on-disk directory entry, if possible.
364 * If the directory is unencrypted this is simply @iname. Else, if we have the
365 * directory's encryption key, then @iname is the plaintext, so we encrypt it to
368 * Else, for keyless @lookup operations, @iname is the presented ciphertext, so
369 * we decode it to get either the ciphertext disk_name (for short names) or the
370 * fscrypt_digested_name (for long names). Non-@lookup operations will be
371 * impossible in this case, so we fail them with ENOKEY.
373 * If successful, fscrypt_free_filename() must be called later to clean up.
375 * Return: 0 on success, -errno on failure
377 int fscrypt_setup_filename(struct inode
*dir
, const struct qstr
*iname
,
378 int lookup
, struct fscrypt_name
*fname
)
383 memset(fname
, 0, sizeof(struct fscrypt_name
));
384 fname
->usr_fname
= iname
;
386 if (!dir
->i_sb
->s_cop
->is_encrypted(dir
) ||
387 fscrypt_is_dot_dotdot(iname
)) {
388 fname
->disk_name
.name
= (unsigned char *)iname
->name
;
389 fname
->disk_name
.len
= iname
->len
;
392 ret
= fscrypt_get_encryption_info(dir
);
393 if (ret
&& ret
!= -EOPNOTSUPP
)
396 if (dir
->i_crypt_info
) {
397 ret
= fscrypt_fname_alloc_buffer(dir
, iname
->len
,
401 ret
= fname_encrypt(dir
, iname
, &fname
->crypto_buf
);
404 fname
->disk_name
.name
= fname
->crypto_buf
.name
;
405 fname
->disk_name
.len
= fname
->crypto_buf
.len
;
412 * We don't have the key and we are doing a lookup; decode the
415 if (iname
->name
[0] == '_') {
417 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name
)))
422 BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
))
427 fname
->crypto_buf
.name
=
428 kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
,
429 sizeof(struct fscrypt_digested_name
)),
431 if (fname
->crypto_buf
.name
== NULL
)
434 ret
= digest_decode(iname
->name
+ digested
, iname
->len
- digested
,
435 fname
->crypto_buf
.name
);
440 fname
->crypto_buf
.len
= ret
;
442 const struct fscrypt_digested_name
*n
=
443 (const void *)fname
->crypto_buf
.name
;
444 fname
->hash
= n
->hash
;
445 fname
->minor_hash
= n
->minor_hash
;
447 fname
->disk_name
.name
= fname
->crypto_buf
.name
;
448 fname
->disk_name
.len
= fname
->crypto_buf
.len
;
453 fscrypt_fname_free_buffer(&fname
->crypto_buf
);
456 EXPORT_SYMBOL(fscrypt_setup_filename
);