2 * linux/fs/ext4/crypto_fname.c
4 * Copyright (C) 2015, Google, Inc.
6 * This contains functions for filename crypto management in ext4
8 * Written by Uday Savagaonkar, 2014.
10 * This has not yet undergone a rigorous security audit.
14 #include <crypto/hash.h>
15 #include <crypto/sha.h>
16 #include <keys/encrypted-type.h>
17 #include <keys/user-type.h>
18 #include <linux/crypto.h>
19 #include <linux/gfp.h>
20 #include <linux/kernel.h>
21 #include <linux/key.h>
22 #include <linux/key.h>
23 #include <linux/list.h>
24 #include <linux/mempool.h>
25 #include <linux/random.h>
26 #include <linux/scatterlist.h>
27 #include <linux/spinlock_types.h>
30 #include "ext4_crypto.h"
34 * ext4_dir_crypt_complete() -
36 static void ext4_dir_crypt_complete(struct crypto_async_request
*req
, int res
)
38 struct ext4_completion_result
*ecr
= req
->data
;
40 if (res
== -EINPROGRESS
)
43 complete(&ecr
->completion
);
46 bool ext4_valid_filenames_enc_mode(uint32_t mode
)
48 return (mode
== EXT4_ENCRYPTION_MODE_AES_256_CTS
);
52 * ext4_fname_encrypt() -
54 * This function encrypts the input filename, and returns the length of the
55 * ciphertext. Errors are returned as negative numbers. We trust the caller to
56 * allocate sufficient memory to oname string.
58 static int ext4_fname_encrypt(struct ext4_fname_crypto_ctx
*ctx
,
59 const struct qstr
*iname
,
60 struct ext4_str
*oname
)
63 struct ablkcipher_request
*req
= NULL
;
64 DECLARE_EXT4_COMPLETION_RESULT(ecr
);
65 struct crypto_ablkcipher
*tfm
= ctx
->ctfm
;
67 char iv
[EXT4_CRYPTO_BLOCK_SIZE
];
68 struct scatterlist sg
[1];
71 if (iname
->len
<= 0 || iname
->len
> ctx
->lim
)
74 ciphertext_len
= (iname
->len
< EXT4_CRYPTO_BLOCK_SIZE
) ?
75 EXT4_CRYPTO_BLOCK_SIZE
: iname
->len
;
76 ciphertext_len
= (ciphertext_len
> ctx
->lim
)
77 ? ctx
->lim
: ciphertext_len
;
79 /* Allocate request */
80 req
= ablkcipher_request_alloc(tfm
, GFP_NOFS
);
83 KERN_ERR
"%s: crypto_request_alloc() failed\n", __func__
);
86 ablkcipher_request_set_callback(req
,
87 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
88 ext4_dir_crypt_complete
, &ecr
);
90 /* Map the workpage */
91 workbuf
= kmap(ctx
->workpage
);
94 memcpy(workbuf
, iname
->name
, iname
->len
);
95 if (iname
->len
< ciphertext_len
)
96 memset(workbuf
+ iname
->len
, 0, ciphertext_len
- iname
->len
);
99 memset(iv
, 0, EXT4_CRYPTO_BLOCK_SIZE
);
101 /* Create encryption request */
102 sg_init_table(sg
, 1);
103 sg_set_page(sg
, ctx
->workpage
, PAGE_SIZE
, 0);
104 ablkcipher_request_set_crypt(req
, sg
, sg
, iname
->len
, iv
);
105 res
= crypto_ablkcipher_encrypt(req
);
106 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
107 BUG_ON(req
->base
.data
!= &ecr
);
108 wait_for_completion(&ecr
.completion
);
112 /* Copy the result to output */
113 memcpy(oname
->name
, workbuf
, ciphertext_len
);
114 res
= ciphertext_len
;
116 kunmap(ctx
->workpage
);
117 ablkcipher_request_free(req
);
120 KERN_ERR
"%s: Error (error code %d)\n", __func__
, res
);
122 oname
->len
= ciphertext_len
;
127 * ext4_fname_decrypt()
128 * This function decrypts the input filename, and returns
129 * the length of the plaintext.
130 * Errors are returned as negative numbers.
131 * We trust the caller to allocate sufficient memory to oname string.
133 static int ext4_fname_decrypt(struct ext4_fname_crypto_ctx
*ctx
,
134 const struct ext4_str
*iname
,
135 struct ext4_str
*oname
)
137 struct ext4_str tmp_in
[2], tmp_out
[1];
138 struct ablkcipher_request
*req
= NULL
;
139 DECLARE_EXT4_COMPLETION_RESULT(ecr
);
140 struct scatterlist sg
[1];
141 struct crypto_ablkcipher
*tfm
= ctx
->ctfm
;
143 char iv
[EXT4_CRYPTO_BLOCK_SIZE
];
146 if (iname
->len
<= 0 || iname
->len
> ctx
->lim
)
149 tmp_in
[0].name
= iname
->name
;
150 tmp_in
[0].len
= iname
->len
;
151 tmp_out
[0].name
= oname
->name
;
153 /* Allocate request */
154 req
= ablkcipher_request_alloc(tfm
, GFP_NOFS
);
157 KERN_ERR
"%s: crypto_request_alloc() failed\n", __func__
);
160 ablkcipher_request_set_callback(req
,
161 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
162 ext4_dir_crypt_complete
, &ecr
);
164 /* Map the workpage */
165 workbuf
= kmap(ctx
->workpage
);
168 memcpy(workbuf
, iname
->name
, iname
->len
);
171 memset(iv
, 0, EXT4_CRYPTO_BLOCK_SIZE
);
173 /* Create encryption request */
174 sg_init_table(sg
, 1);
175 sg_set_page(sg
, ctx
->workpage
, PAGE_SIZE
, 0);
176 ablkcipher_request_set_crypt(req
, sg
, sg
, iname
->len
, iv
);
177 res
= crypto_ablkcipher_decrypt(req
);
178 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
179 BUG_ON(req
->base
.data
!= &ecr
);
180 wait_for_completion(&ecr
.completion
);
184 /* Copy the result to output */
185 memcpy(oname
->name
, workbuf
, iname
->len
);
188 kunmap(ctx
->workpage
);
189 ablkcipher_request_free(req
);
192 KERN_ERR
"%s: Error in ext4_fname_encrypt (error code %d)\n",
197 oname
->len
= strnlen(oname
->name
, iname
->len
);
201 static const char *lookup_table
=
202 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
205 * ext4_fname_encode_digest() -
207 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
208 * The encoded string is roughly 4/3 times the size of the input string.
210 static int digest_encode(const char *src
, int len
, char *dst
)
212 int i
= 0, bits
= 0, ac
= 0;
216 ac
+= (((unsigned char) src
[i
]) << bits
);
219 *cp
++ = lookup_table
[ac
& 0x3f];
226 *cp
++ = lookup_table
[ac
& 0x3f];
230 static int digest_decode(const char *src
, int len
, char *dst
)
232 int i
= 0, bits
= 0, ac
= 0;
237 p
= strchr(lookup_table
, src
[i
]);
238 if (p
== NULL
|| src
[i
] == 0)
240 ac
+= (p
- lookup_table
) << bits
;
255 * ext4_free_fname_crypto_ctx() -
257 * Frees up a crypto context.
259 void ext4_free_fname_crypto_ctx(struct ext4_fname_crypto_ctx
*ctx
)
261 if (ctx
== NULL
|| IS_ERR(ctx
))
264 if (ctx
->ctfm
&& !IS_ERR(ctx
->ctfm
))
265 crypto_free_ablkcipher(ctx
->ctfm
);
266 if (ctx
->htfm
&& !IS_ERR(ctx
->htfm
))
267 crypto_free_hash(ctx
->htfm
);
268 if (ctx
->workpage
&& !IS_ERR(ctx
->workpage
))
269 __free_page(ctx
->workpage
);
274 * ext4_put_fname_crypto_ctx() -
276 * Return: The crypto context onto free list. If the free list is above a
277 * threshold, completely frees up the context, and returns the memory.
279 * TODO: Currently we directly free the crypto context. Eventually we should
280 * add code it to return to free list. Such an approach will increase
281 * efficiency of directory lookup.
283 void ext4_put_fname_crypto_ctx(struct ext4_fname_crypto_ctx
**ctx
)
285 if (*ctx
== NULL
|| IS_ERR(*ctx
))
287 ext4_free_fname_crypto_ctx(*ctx
);
292 * ext4_search_fname_crypto_ctx() -
294 static struct ext4_fname_crypto_ctx
*ext4_search_fname_crypto_ctx(
295 const struct ext4_encryption_key
*key
)
301 * ext4_alloc_fname_crypto_ctx() -
303 struct ext4_fname_crypto_ctx
*ext4_alloc_fname_crypto_ctx(
304 const struct ext4_encryption_key
*key
)
306 struct ext4_fname_crypto_ctx
*ctx
;
308 ctx
= kmalloc(sizeof(struct ext4_fname_crypto_ctx
), GFP_NOFS
);
310 return ERR_PTR(-ENOMEM
);
311 if (key
->mode
== EXT4_ENCRYPTION_MODE_INVALID
) {
312 /* This will automatically set key mode to invalid
313 * As enum for ENCRYPTION_MODE_INVALID is zero */
314 memset(&ctx
->key
, 0, sizeof(ctx
->key
));
316 memcpy(&ctx
->key
, key
, sizeof(struct ext4_encryption_key
));
318 ctx
->has_valid_key
= (EXT4_ENCRYPTION_MODE_INVALID
== key
->mode
)
320 ctx
->ctfm_key_is_ready
= 0;
323 ctx
->workpage
= NULL
;
328 * ext4_get_fname_crypto_ctx() -
330 * Allocates a free crypto context and initializes it to hold
331 * the crypto material for the inode.
333 * Return: NULL if not encrypted. Error value on error. Valid pointer otherwise.
335 struct ext4_fname_crypto_ctx
*ext4_get_fname_crypto_ctx(
336 struct inode
*inode
, u32 max_ciphertext_len
)
338 struct ext4_fname_crypto_ctx
*ctx
;
339 struct ext4_inode_info
*ei
= EXT4_I(inode
);
342 /* Check if the crypto policy is set on the inode */
343 res
= ext4_encrypted_inode(inode
);
347 if (!ext4_has_encryption_key(inode
))
348 ext4_generate_encryption_key(inode
);
350 /* Get a crypto context based on the key.
351 * A new context is allocated if no context matches the requested key.
353 ctx
= ext4_search_fname_crypto_ctx(&(ei
->i_encryption_key
));
355 ctx
= ext4_alloc_fname_crypto_ctx(&(ei
->i_encryption_key
));
359 if (ctx
->has_valid_key
) {
360 if (ctx
->key
.mode
!= EXT4_ENCRYPTION_MODE_AES_256_CTS
) {
361 printk_once(KERN_WARNING
362 "ext4: unsupported key mode %d\n",
364 return ERR_PTR(-ENOKEY
);
367 /* As a first cut, we will allocate new tfm in every call.
368 * later, we will keep the tfm around, in case the key gets
370 if (ctx
->ctfm
== NULL
) {
371 ctx
->ctfm
= crypto_alloc_ablkcipher("cts(cbc(aes))",
374 if (IS_ERR(ctx
->ctfm
)) {
375 res
= PTR_ERR(ctx
->ctfm
);
377 KERN_DEBUG
"%s: error (%d) allocating crypto tfm\n",
380 ext4_put_fname_crypto_ctx(&ctx
);
383 if (ctx
->ctfm
== NULL
) {
385 KERN_DEBUG
"%s: could not allocate crypto tfm\n",
387 ext4_put_fname_crypto_ctx(&ctx
);
388 return ERR_PTR(-ENOMEM
);
390 if (ctx
->workpage
== NULL
)
391 ctx
->workpage
= alloc_page(GFP_NOFS
);
392 if (IS_ERR(ctx
->workpage
)) {
393 res
= PTR_ERR(ctx
->workpage
);
395 KERN_DEBUG
"%s: error (%d) allocating work page\n",
397 ctx
->workpage
= NULL
;
398 ext4_put_fname_crypto_ctx(&ctx
);
401 if (ctx
->workpage
== NULL
) {
403 KERN_DEBUG
"%s: could not allocate work page\n",
405 ext4_put_fname_crypto_ctx(&ctx
);
406 return ERR_PTR(-ENOMEM
);
408 ctx
->lim
= max_ciphertext_len
;
409 crypto_ablkcipher_clear_flags(ctx
->ctfm
, ~0);
410 crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctx
->ctfm
),
411 CRYPTO_TFM_REQ_WEAK_KEY
);
413 /* If we are lucky, we will get a context that is already
414 * set up with the right key. Else, we will have to
416 if (!ctx
->ctfm_key_is_ready
) {
417 /* Since our crypto objectives for filename encryption
419 * we directly use the inode master key */
420 res
= crypto_ablkcipher_setkey(ctx
->ctfm
,
421 ctx
->key
.raw
, ctx
->key
.size
);
423 ext4_put_fname_crypto_ctx(&ctx
);
424 return ERR_PTR(-EIO
);
426 ctx
->ctfm_key_is_ready
= 1;
428 /* In the current implementation, key should never be
429 * marked "ready" for a context that has just been
430 * allocated. So we should never reach here */
434 if (ctx
->htfm
== NULL
)
435 ctx
->htfm
= crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC
);
436 if (IS_ERR(ctx
->htfm
)) {
437 res
= PTR_ERR(ctx
->htfm
);
438 printk(KERN_DEBUG
"%s: error (%d) allocating hash tfm\n",
441 ext4_put_fname_crypto_ctx(&ctx
);
444 if (ctx
->htfm
== NULL
) {
445 printk(KERN_DEBUG
"%s: could not allocate hash tfm\n",
447 ext4_put_fname_crypto_ctx(&ctx
);
448 return ERR_PTR(-ENOMEM
);
455 * ext4_fname_crypto_round_up() -
457 * Return: The next multiple of block size
459 u32
ext4_fname_crypto_round_up(u32 size
, u32 blksize
)
461 return ((size
+blksize
-1)/blksize
)*blksize
;
465 * ext4_fname_crypto_namelen_on_disk() -
467 int ext4_fname_crypto_namelen_on_disk(struct ext4_fname_crypto_ctx
*ctx
,
474 if (!(ctx
->has_valid_key
))
476 ciphertext_len
= (namelen
< EXT4_CRYPTO_BLOCK_SIZE
) ?
477 EXT4_CRYPTO_BLOCK_SIZE
: namelen
;
478 ciphertext_len
= (ciphertext_len
> ctx
->lim
)
479 ? ctx
->lim
: ciphertext_len
;
480 return (int) ciphertext_len
;
484 * ext4_fname_crypto_alloc_obuff() -
486 * Allocates an output buffer that is sufficient for the crypto operation
487 * specified by the context and the direction.
489 int ext4_fname_crypto_alloc_buffer(struct ext4_fname_crypto_ctx
*ctx
,
490 u32 ilen
, struct ext4_str
*crypto_str
)
496 olen
= ext4_fname_crypto_round_up(ilen
, EXT4_CRYPTO_BLOCK_SIZE
);
497 crypto_str
->len
= olen
;
498 if (olen
< EXT4_FNAME_CRYPTO_DIGEST_SIZE
*2)
499 olen
= EXT4_FNAME_CRYPTO_DIGEST_SIZE
*2;
500 /* Allocated buffer can hold one more character to null-terminate the
502 crypto_str
->name
= kmalloc(olen
+1, GFP_NOFS
);
503 if (!(crypto_str
->name
))
509 * ext4_fname_crypto_free_buffer() -
511 * Frees the buffer allocated for crypto operation.
513 void ext4_fname_crypto_free_buffer(struct ext4_str
*crypto_str
)
517 kfree(crypto_str
->name
);
518 crypto_str
->name
= NULL
;
522 * ext4_fname_disk_to_usr() - converts a filename from disk space to user space
524 int _ext4_fname_disk_to_usr(struct ext4_fname_crypto_ctx
*ctx
,
525 struct dx_hash_info
*hinfo
,
526 const struct ext4_str
*iname
,
527 struct ext4_str
*oname
)
534 if (iname
->len
< 3) {
535 /*Check for . and .. */
536 if (iname
->name
[0] == '.' && iname
->name
[iname
->len
-1] == '.') {
537 oname
->name
[0] = '.';
538 oname
->name
[iname
->len
-1] = '.';
539 oname
->len
= iname
->len
;
543 if (ctx
->has_valid_key
)
544 return ext4_fname_decrypt(ctx
, iname
, oname
);
546 if (iname
->len
<= EXT4_FNAME_CRYPTO_DIGEST_SIZE
) {
547 ret
= digest_encode(iname
->name
, iname
->len
, oname
->name
);
552 memcpy(buf
, &hinfo
->hash
, 4);
553 memcpy(buf
+4, &hinfo
->minor_hash
, 4);
556 memcpy(buf
+ 8, iname
->name
+ iname
->len
- 16, 16);
557 oname
->name
[0] = '_';
558 ret
= digest_encode(buf
, 24, oname
->name
+1);
559 oname
->len
= ret
+ 1;
563 int ext4_fname_disk_to_usr(struct ext4_fname_crypto_ctx
*ctx
,
564 struct dx_hash_info
*hinfo
,
565 const struct ext4_dir_entry_2
*de
,
566 struct ext4_str
*oname
)
568 struct ext4_str iname
= {.name
= (unsigned char *) de
->name
,
569 .len
= de
->name_len
};
571 return _ext4_fname_disk_to_usr(ctx
, hinfo
, &iname
, oname
);
576 * ext4_fname_usr_to_disk() - converts a filename from user space to disk space
578 int ext4_fname_usr_to_disk(struct ext4_fname_crypto_ctx
*ctx
,
579 const struct qstr
*iname
,
580 struct ext4_str
*oname
)
586 if (iname
->len
< 3) {
587 /*Check for . and .. */
588 if (iname
->name
[0] == '.' &&
589 iname
->name
[iname
->len
-1] == '.') {
590 oname
->name
[0] = '.';
591 oname
->name
[iname
->len
-1] = '.';
592 oname
->len
= iname
->len
;
596 if (ctx
->has_valid_key
) {
597 res
= ext4_fname_encrypt(ctx
, iname
, oname
);
600 /* Without a proper key, a user is not allowed to modify the filenames
601 * in a directory. Consequently, a user space name cannot be mapped to
602 * a disk-space name */
607 * Calculate the htree hash from a filename from user space
609 int ext4_fname_usr_to_hash(struct ext4_fname_crypto_ctx
*ctx
,
610 const struct qstr
*iname
,
611 struct dx_hash_info
*hinfo
)
615 char buf
[EXT4_FNAME_CRYPTO_DIGEST_SIZE
+1];
618 ((iname
->name
[0] == '.') &&
619 ((iname
->len
== 1) ||
620 ((iname
->name
[1] == '.') && (iname
->len
== 2))))) {
621 ext4fs_dirhash(iname
->name
, iname
->len
, hinfo
);
625 if (!ctx
->has_valid_key
&& iname
->name
[0] == '_') {
626 if (iname
->len
!= 33)
628 ret
= digest_decode(iname
->name
+1, iname
->len
, buf
);
631 memcpy(&hinfo
->hash
, buf
, 4);
632 memcpy(&hinfo
->minor_hash
, buf
+ 4, 4);
636 if (!ctx
->has_valid_key
&& iname
->name
[0] != '_') {
639 ret
= digest_decode(iname
->name
, iname
->len
, buf
);
640 ext4fs_dirhash(buf
, ret
, hinfo
);
644 /* First encrypt the plaintext name */
645 ret
= ext4_fname_crypto_alloc_buffer(ctx
, iname
->len
, &tmp
);
649 ret
= ext4_fname_encrypt(ctx
, iname
, &tmp
);
651 ext4fs_dirhash(tmp
.name
, tmp
.len
, hinfo
);
655 ext4_fname_crypto_free_buffer(&tmp
);
659 int ext4_fname_match(struct ext4_fname_crypto_ctx
*ctx
, struct ext4_str
*cstr
,
660 int len
, const char * const name
,
661 struct ext4_dir_entry_2
*de
)
664 int bigname
= (*name
== '_');
666 if (ctx
->has_valid_key
) {
667 if (cstr
->name
== NULL
) {
670 ret
= ext4_fname_crypto_alloc_buffer(ctx
, len
, cstr
);
675 ret
= ext4_fname_encrypt(ctx
, &istr
, cstr
);
680 if (cstr
->name
== NULL
) {
681 cstr
->name
= kmalloc(32, GFP_KERNEL
);
682 if (cstr
->name
== NULL
)
684 if ((bigname
&& (len
!= 33)) ||
685 (!bigname
&& (len
> 43)))
687 ret
= digest_decode(name
+bigname
, len
-bigname
,
696 if (de
->name_len
< 16)
698 ret
= memcmp(de
->name
+ de
->name_len
- 16,
700 return (ret
== 0) ? 1 : 0;
703 if (de
->name_len
!= cstr
->len
)
705 ret
= memcmp(de
->name
, cstr
->name
, cstr
->len
);
706 return (ret
== 0) ? 1 : 0;