2 * This contains functions for filename crypto management
4 * Copyright (C) 2015, Google, Inc.
5 * Copyright (C) 2015, Motorola Mobility
7 * Written by Uday Savagaonkar, 2014.
8 * Modified by Jaegeuk Kim, 2015.
10 * This has not yet undergone a rigorous security audit.
13 #include <linux/scatterlist.h>
14 #include <linux/ratelimit.h>
15 #include "fscrypt_private.h"
18 * fname_crypt_complete() - completion callback for filename crypto
19 * @req: The asynchronous cipher request context
20 * @res: The result of the cipher operation
22 static void fname_crypt_complete(struct crypto_async_request
*req
, int res
)
24 struct fscrypt_completion_result
*ecr
= req
->data
;
26 if (res
== -EINPROGRESS
)
29 complete(&ecr
->completion
);
33 * fname_encrypt() - encrypt a filename
35 * The caller must have allocated sufficient memory for the @oname string.
37 * Return: 0 on success, -errno on failure
39 static int fname_encrypt(struct inode
*inode
,
40 const struct qstr
*iname
, struct fscrypt_str
*oname
)
42 struct skcipher_request
*req
= NULL
;
43 DECLARE_FS_COMPLETION_RESULT(ecr
);
44 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
45 struct crypto_skcipher
*tfm
= ci
->ci_ctfm
;
47 char iv
[FS_CRYPTO_BLOCK_SIZE
];
48 struct scatterlist sg
;
49 int padding
= 4 << (ci
->ci_flags
& FS_POLICY_FLAGS_PAD_MASK
);
51 unsigned int cryptlen
;
53 lim
= inode
->i_sb
->s_cop
->max_namelen(inode
);
54 if (iname
->len
<= 0 || iname
->len
> lim
)
58 * Copy the filename to the output buffer for encrypting in-place and
59 * pad it with the needed number of NUL bytes.
61 cryptlen
= max_t(unsigned int, iname
->len
, FS_CRYPTO_BLOCK_SIZE
);
62 cryptlen
= round_up(cryptlen
, padding
);
63 cryptlen
= min(cryptlen
, lim
);
64 memcpy(oname
->name
, iname
->name
, iname
->len
);
65 memset(oname
->name
+ iname
->len
, 0, cryptlen
- iname
->len
);
67 /* Initialize the IV */
68 memset(iv
, 0, FS_CRYPTO_BLOCK_SIZE
);
70 /* Set up the encryption request */
71 req
= skcipher_request_alloc(tfm
, GFP_NOFS
);
73 printk_ratelimited(KERN_ERR
74 "%s: skcipher_request_alloc() failed\n", __func__
);
77 skcipher_request_set_callback(req
,
78 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
79 fname_crypt_complete
, &ecr
);
80 sg_init_one(&sg
, oname
->name
, cryptlen
);
81 skcipher_request_set_crypt(req
, &sg
, &sg
, cryptlen
, iv
);
83 /* Do the encryption */
84 res
= crypto_skcipher_encrypt(req
);
85 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
86 /* Request is being completed asynchronously; wait for it */
87 wait_for_completion(&ecr
.completion
);
90 skcipher_request_free(req
);
92 printk_ratelimited(KERN_ERR
93 "%s: Error (error code %d)\n", __func__
, res
);
97 oname
->len
= cryptlen
;
102 * fname_decrypt() - decrypt a filename
104 * The caller must have allocated sufficient memory for the @oname string.
106 * Return: 0 on success, -errno on failure
108 static int fname_decrypt(struct inode
*inode
,
109 const struct fscrypt_str
*iname
,
110 struct fscrypt_str
*oname
)
112 struct skcipher_request
*req
= NULL
;
113 DECLARE_FS_COMPLETION_RESULT(ecr
);
114 struct scatterlist src_sg
, dst_sg
;
115 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
116 struct crypto_skcipher
*tfm
= ci
->ci_ctfm
;
118 char iv
[FS_CRYPTO_BLOCK_SIZE
];
121 lim
= inode
->i_sb
->s_cop
->max_namelen(inode
);
122 if (iname
->len
<= 0 || iname
->len
> lim
)
125 /* Allocate request */
126 req
= skcipher_request_alloc(tfm
, GFP_NOFS
);
128 printk_ratelimited(KERN_ERR
129 "%s: crypto_request_alloc() failed\n", __func__
);
132 skcipher_request_set_callback(req
,
133 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
134 fname_crypt_complete
, &ecr
);
137 memset(iv
, 0, FS_CRYPTO_BLOCK_SIZE
);
139 /* Create decryption request */
140 sg_init_one(&src_sg
, iname
->name
, iname
->len
);
141 sg_init_one(&dst_sg
, oname
->name
, oname
->len
);
142 skcipher_request_set_crypt(req
, &src_sg
, &dst_sg
, iname
->len
, iv
);
143 res
= crypto_skcipher_decrypt(req
);
144 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
145 wait_for_completion(&ecr
.completion
);
148 skcipher_request_free(req
);
150 printk_ratelimited(KERN_ERR
151 "%s: Error (error code %d)\n", __func__
, res
);
155 oname
->len
= strnlen(oname
->name
, iname
->len
);
159 static const char *lookup_table
=
160 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
162 #define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)
167 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
168 * The encoded string is roughly 4/3 times the size of the input string.
170 static int digest_encode(const char *src
, int len
, char *dst
)
172 int i
= 0, bits
= 0, ac
= 0;
176 ac
+= (((unsigned char) src
[i
]) << bits
);
179 *cp
++ = lookup_table
[ac
& 0x3f];
186 *cp
++ = lookup_table
[ac
& 0x3f];
190 static int digest_decode(const char *src
, int len
, char *dst
)
192 int i
= 0, bits
= 0, ac
= 0;
197 p
= strchr(lookup_table
, src
[i
]);
198 if (p
== NULL
|| src
[i
] == 0)
200 ac
+= (p
- lookup_table
) << bits
;
214 u32
fscrypt_fname_encrypted_size(const struct inode
*inode
, u32 ilen
)
217 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
220 padding
= 4 << (ci
->ci_flags
& FS_POLICY_FLAGS_PAD_MASK
);
221 ilen
= max(ilen
, (u32
)FS_CRYPTO_BLOCK_SIZE
);
222 return round_up(ilen
, padding
);
224 EXPORT_SYMBOL(fscrypt_fname_encrypted_size
);
227 * fscrypt_fname_crypto_alloc_obuff() -
229 * Allocates an output buffer that is sufficient for the crypto operation
230 * specified by the context and the direction.
232 int fscrypt_fname_alloc_buffer(const struct inode
*inode
,
233 u32 ilen
, struct fscrypt_str
*crypto_str
)
235 u32 olen
= fscrypt_fname_encrypted_size(inode
, ilen
);
236 const u32 max_encoded_len
=
237 max_t(u32
, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
),
238 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name
)));
240 crypto_str
->len
= olen
;
241 olen
= max(olen
, max_encoded_len
);
244 * Allocated buffer can hold one more character to null-terminate the
247 crypto_str
->name
= kmalloc(olen
+ 1, GFP_NOFS
);
248 if (!(crypto_str
->name
))
252 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer
);
255 * fscrypt_fname_crypto_free_buffer() -
257 * Frees the buffer allocated for crypto operation.
259 void fscrypt_fname_free_buffer(struct fscrypt_str
*crypto_str
)
263 kfree(crypto_str
->name
);
264 crypto_str
->name
= NULL
;
266 EXPORT_SYMBOL(fscrypt_fname_free_buffer
);
269 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user
272 * The caller must have allocated sufficient memory for the @oname string.
274 * If the key is available, we'll decrypt the disk name; otherwise, we'll encode
275 * it for presentation. Short names are directly base64-encoded, while long
276 * names are encoded in fscrypt_digested_name format.
278 * Return: 0 on success, -errno on failure
280 int fscrypt_fname_disk_to_usr(struct inode
*inode
,
281 u32 hash
, u32 minor_hash
,
282 const struct fscrypt_str
*iname
,
283 struct fscrypt_str
*oname
)
285 const struct qstr qname
= FSTR_TO_QSTR(iname
);
286 struct fscrypt_digested_name digested_name
;
288 if (fscrypt_is_dot_dotdot(&qname
)) {
289 oname
->name
[0] = '.';
290 oname
->name
[iname
->len
- 1] = '.';
291 oname
->len
= iname
->len
;
295 if (iname
->len
< FS_CRYPTO_BLOCK_SIZE
)
298 if (inode
->i_crypt_info
)
299 return fname_decrypt(inode
, iname
, oname
);
301 if (iname
->len
<= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
) {
302 oname
->len
= digest_encode(iname
->name
, iname
->len
,
307 digested_name
.hash
= hash
;
308 digested_name
.minor_hash
= minor_hash
;
310 digested_name
.hash
= 0;
311 digested_name
.minor_hash
= 0;
313 memcpy(digested_name
.digest
,
314 FSCRYPT_FNAME_DIGEST(iname
->name
, iname
->len
),
315 FSCRYPT_FNAME_DIGEST_SIZE
);
316 oname
->name
[0] = '_';
317 oname
->len
= 1 + digest_encode((const char *)&digested_name
,
318 sizeof(digested_name
), oname
->name
+ 1);
321 EXPORT_SYMBOL(fscrypt_fname_disk_to_usr
);
324 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk
327 * The caller must have allocated sufficient memory for the @oname string.
329 * Return: 0 on success, -errno on failure
331 int fscrypt_fname_usr_to_disk(struct inode
*inode
,
332 const struct qstr
*iname
,
333 struct fscrypt_str
*oname
)
335 if (fscrypt_is_dot_dotdot(iname
)) {
336 oname
->name
[0] = '.';
337 oname
->name
[iname
->len
- 1] = '.';
338 oname
->len
= iname
->len
;
341 if (inode
->i_crypt_info
)
342 return fname_encrypt(inode
, iname
, oname
);
344 * Without a proper key, a user is not allowed to modify the filenames
345 * in a directory. Consequently, a user space name cannot be mapped to
350 EXPORT_SYMBOL(fscrypt_fname_usr_to_disk
);
353 * fscrypt_setup_filename() - prepare to search a possibly encrypted directory
354 * @dir: the directory that will be searched
355 * @iname: the user-provided filename being searched for
356 * @lookup: 1 if we're allowed to proceed without the key because it's
357 * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
358 * proceed without the key because we're going to create the dir_entry.
359 * @fname: the filename information to be filled in
361 * Given a user-provided filename @iname, this function sets @fname->disk_name
362 * to the name that would be stored in the on-disk directory entry, if possible.
363 * If the directory is unencrypted this is simply @iname. Else, if we have the
364 * directory's encryption key, then @iname is the plaintext, so we encrypt it to
367 * Else, for keyless @lookup operations, @iname is the presented ciphertext, so
368 * we decode it to get either the ciphertext disk_name (for short names) or the
369 * fscrypt_digested_name (for long names). Non-@lookup operations will be
370 * impossible in this case, so we fail them with ENOKEY.
372 * If successful, fscrypt_free_filename() must be called later to clean up.
374 * Return: 0 on success, -errno on failure
376 int fscrypt_setup_filename(struct inode
*dir
, const struct qstr
*iname
,
377 int lookup
, struct fscrypt_name
*fname
)
382 memset(fname
, 0, sizeof(struct fscrypt_name
));
383 fname
->usr_fname
= iname
;
385 if (!dir
->i_sb
->s_cop
->is_encrypted(dir
) ||
386 fscrypt_is_dot_dotdot(iname
)) {
387 fname
->disk_name
.name
= (unsigned char *)iname
->name
;
388 fname
->disk_name
.len
= iname
->len
;
391 ret
= fscrypt_get_encryption_info(dir
);
392 if (ret
&& ret
!= -EOPNOTSUPP
)
395 if (dir
->i_crypt_info
) {
396 ret
= fscrypt_fname_alloc_buffer(dir
, iname
->len
,
400 ret
= fname_encrypt(dir
, iname
, &fname
->crypto_buf
);
403 fname
->disk_name
.name
= fname
->crypto_buf
.name
;
404 fname
->disk_name
.len
= fname
->crypto_buf
.len
;
411 * We don't have the key and we are doing a lookup; decode the
414 if (iname
->name
[0] == '_') {
416 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name
)))
421 BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
))
426 fname
->crypto_buf
.name
=
427 kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
,
428 sizeof(struct fscrypt_digested_name
)),
430 if (fname
->crypto_buf
.name
== NULL
)
433 ret
= digest_decode(iname
->name
+ digested
, iname
->len
- digested
,
434 fname
->crypto_buf
.name
);
439 fname
->crypto_buf
.len
= ret
;
441 const struct fscrypt_digested_name
*n
=
442 (const void *)fname
->crypto_buf
.name
;
443 fname
->hash
= n
->hash
;
444 fname
->minor_hash
= n
->minor_hash
;
446 fname
->disk_name
.name
= fname
->crypto_buf
.name
;
447 fname
->disk_name
.len
= fname
->crypto_buf
.len
;
452 fscrypt_fname_free_buffer(&fname
->crypto_buf
);
455 EXPORT_SYMBOL(fscrypt_setup_filename
);