]> git.openfabrics.org - ~shefty/rdma-dev.git/blob - fs/ecryptfs/keystore.c
ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter
[~shefty/rdma-dev.git] / fs / ecryptfs / keystore.c
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27
28 #include <linux/string.h>
29 #include <linux/syscalls.h>
30 #include <linux/pagemap.h>
31 #include <linux/key.h>
32 #include <linux/random.h>
33 #include <linux/crypto.h>
34 #include <linux/scatterlist.h>
35 #include <linux/slab.h>
36 #include "ecryptfs_kernel.h"
37
38 /**
39  * request_key returned an error instead of a valid key address;
40  * determine the type of error, make appropriate log entries, and
41  * return an error code.
42  */
43 static int process_request_key_err(long err_code)
44 {
45         int rc = 0;
46
47         switch (err_code) {
48         case -ENOKEY:
49                 ecryptfs_printk(KERN_WARNING, "No key\n");
50                 rc = -ENOENT;
51                 break;
52         case -EKEYEXPIRED:
53                 ecryptfs_printk(KERN_WARNING, "Key expired\n");
54                 rc = -ETIME;
55                 break;
56         case -EKEYREVOKED:
57                 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
58                 rc = -EINVAL;
59                 break;
60         default:
61                 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
62                                 "[0x%.16x]\n", err_code);
63                 rc = -EINVAL;
64         }
65         return rc;
66 }
67
68 /**
69  * ecryptfs_parse_packet_length
70  * @data: Pointer to memory containing length at offset
71  * @size: This function writes the decoded size to this memory
72  *        address; zero on error
73  * @length_size: The number of bytes occupied by the encoded length
74  *
75  * Returns zero on success; non-zero on error
76  */
77 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
78                                  size_t *length_size)
79 {
80         int rc = 0;
81
82         (*length_size) = 0;
83         (*size) = 0;
84         if (data[0] < 192) {
85                 /* One-byte length */
86                 (*size) = (unsigned char)data[0];
87                 (*length_size) = 1;
88         } else if (data[0] < 224) {
89                 /* Two-byte length */
90                 (*size) = (((unsigned char)(data[0]) - 192) * 256);
91                 (*size) += ((unsigned char)(data[1]) + 192);
92                 (*length_size) = 2;
93         } else if (data[0] == 255) {
94                 /* Five-byte length; we're not supposed to see this */
95                 ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
96                                 "supported\n");
97                 rc = -EINVAL;
98                 goto out;
99         } else {
100                 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
101                 rc = -EINVAL;
102                 goto out;
103         }
104 out:
105         return rc;
106 }
107
108 /**
109  * ecryptfs_write_packet_length
110  * @dest: The byte array target into which to write the length. Must
111  *        have at least 5 bytes allocated.
112  * @size: The length to write.
113  * @packet_size_length: The number of bytes used to encode the packet
114  *                      length is written to this address.
115  *
116  * Returns zero on success; non-zero on error.
117  */
118 int ecryptfs_write_packet_length(char *dest, size_t size,
119                                  size_t *packet_size_length)
120 {
121         int rc = 0;
122
123         if (size < 192) {
124                 dest[0] = size;
125                 (*packet_size_length) = 1;
126         } else if (size < 65536) {
127                 dest[0] = (((size - 192) / 256) + 192);
128                 dest[1] = ((size - 192) % 256);
129                 (*packet_size_length) = 2;
130         } else {
131                 rc = -EINVAL;
132                 ecryptfs_printk(KERN_WARNING,
133                                 "Unsupported packet size: [%d]\n", size);
134         }
135         return rc;
136 }
137
138 static int
139 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
140                     char **packet, size_t *packet_len)
141 {
142         size_t i = 0;
143         size_t data_len;
144         size_t packet_size_len;
145         char *message;
146         int rc;
147
148         /*
149          *              ***** TAG 64 Packet Format *****
150          *    | Content Type                       | 1 byte       |
151          *    | Key Identifier Size                | 1 or 2 bytes |
152          *    | Key Identifier                     | arbitrary    |
153          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
154          *    | Encrypted File Encryption Key      | arbitrary    |
155          */
156         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
157                     + session_key->encrypted_key_size);
158         *packet = kmalloc(data_len, GFP_KERNEL);
159         message = *packet;
160         if (!message) {
161                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
162                 rc = -ENOMEM;
163                 goto out;
164         }
165         message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
166         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
167                                           &packet_size_len);
168         if (rc) {
169                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
170                                 "header; cannot generate packet length\n");
171                 goto out;
172         }
173         i += packet_size_len;
174         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
175         i += ECRYPTFS_SIG_SIZE_HEX;
176         rc = ecryptfs_write_packet_length(&message[i],
177                                           session_key->encrypted_key_size,
178                                           &packet_size_len);
179         if (rc) {
180                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
181                                 "header; cannot generate packet length\n");
182                 goto out;
183         }
184         i += packet_size_len;
185         memcpy(&message[i], session_key->encrypted_key,
186                session_key->encrypted_key_size);
187         i += session_key->encrypted_key_size;
188         *packet_len = i;
189 out:
190         return rc;
191 }
192
193 static int
194 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
195                     struct ecryptfs_message *msg)
196 {
197         size_t i = 0;
198         char *data;
199         size_t data_len;
200         size_t m_size;
201         size_t message_len;
202         u16 checksum = 0;
203         u16 expected_checksum = 0;
204         int rc;
205
206         /*
207          *              ***** TAG 65 Packet Format *****
208          *         | Content Type             | 1 byte       |
209          *         | Status Indicator         | 1 byte       |
210          *         | File Encryption Key Size | 1 or 2 bytes |
211          *         | File Encryption Key      | arbitrary    |
212          */
213         message_len = msg->data_len;
214         data = msg->data;
215         if (message_len < 4) {
216                 rc = -EIO;
217                 goto out;
218         }
219         if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
220                 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
221                 rc = -EIO;
222                 goto out;
223         }
224         if (data[i++]) {
225                 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
226                                 "[%d]\n", data[i-1]);
227                 rc = -EIO;
228                 goto out;
229         }
230         rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
231         if (rc) {
232                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
233                                 "rc = [%d]\n", rc);
234                 goto out;
235         }
236         i += data_len;
237         if (message_len < (i + m_size)) {
238                 ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
239                                 "is shorter than expected\n");
240                 rc = -EIO;
241                 goto out;
242         }
243         if (m_size < 3) {
244                 ecryptfs_printk(KERN_ERR,
245                                 "The decrypted key is not long enough to "
246                                 "include a cipher code and checksum\n");
247                 rc = -EIO;
248                 goto out;
249         }
250         *cipher_code = data[i++];
251         /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
252         session_key->decrypted_key_size = m_size - 3;
253         if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
254                 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
255                                 "the maximum key size [%d]\n",
256                                 session_key->decrypted_key_size,
257                                 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
258                 rc = -EIO;
259                 goto out;
260         }
261         memcpy(session_key->decrypted_key, &data[i],
262                session_key->decrypted_key_size);
263         i += session_key->decrypted_key_size;
264         expected_checksum += (unsigned char)(data[i++]) << 8;
265         expected_checksum += (unsigned char)(data[i++]);
266         for (i = 0; i < session_key->decrypted_key_size; i++)
267                 checksum += session_key->decrypted_key[i];
268         if (expected_checksum != checksum) {
269                 ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
270                                 "encryption  key; expected [%x]; calculated "
271                                 "[%x]\n", expected_checksum, checksum);
272                 rc = -EIO;
273         }
274 out:
275         return rc;
276 }
277
278
279 static int
280 write_tag_66_packet(char *signature, u8 cipher_code,
281                     struct ecryptfs_crypt_stat *crypt_stat, char **packet,
282                     size_t *packet_len)
283 {
284         size_t i = 0;
285         size_t j;
286         size_t data_len;
287         size_t checksum = 0;
288         size_t packet_size_len;
289         char *message;
290         int rc;
291
292         /*
293          *              ***** TAG 66 Packet Format *****
294          *         | Content Type             | 1 byte       |
295          *         | Key Identifier Size      | 1 or 2 bytes |
296          *         | Key Identifier           | arbitrary    |
297          *         | File Encryption Key Size | 1 or 2 bytes |
298          *         | File Encryption Key      | arbitrary    |
299          */
300         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
301         *packet = kmalloc(data_len, GFP_KERNEL);
302         message = *packet;
303         if (!message) {
304                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
305                 rc = -ENOMEM;
306                 goto out;
307         }
308         message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
309         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
310                                           &packet_size_len);
311         if (rc) {
312                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
313                                 "header; cannot generate packet length\n");
314                 goto out;
315         }
316         i += packet_size_len;
317         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
318         i += ECRYPTFS_SIG_SIZE_HEX;
319         /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
320         rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
321                                           &packet_size_len);
322         if (rc) {
323                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
324                                 "header; cannot generate packet length\n");
325                 goto out;
326         }
327         i += packet_size_len;
328         message[i++] = cipher_code;
329         memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
330         i += crypt_stat->key_size;
331         for (j = 0; j < crypt_stat->key_size; j++)
332                 checksum += crypt_stat->key[j];
333         message[i++] = (checksum / 256) % 256;
334         message[i++] = (checksum % 256);
335         *packet_len = i;
336 out:
337         return rc;
338 }
339
340 static int
341 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
342                     struct ecryptfs_message *msg)
343 {
344         size_t i = 0;
345         char *data;
346         size_t data_len;
347         size_t message_len;
348         int rc;
349
350         /*
351          *              ***** TAG 65 Packet Format *****
352          *    | Content Type                       | 1 byte       |
353          *    | Status Indicator                   | 1 byte       |
354          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
355          *    | Encrypted File Encryption Key      | arbitrary    |
356          */
357         message_len = msg->data_len;
358         data = msg->data;
359         /* verify that everything through the encrypted FEK size is present */
360         if (message_len < 4) {
361                 rc = -EIO;
362                 printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
363                        "message length is [%d]\n", __func__, message_len, 4);
364                 goto out;
365         }
366         if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
367                 rc = -EIO;
368                 printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
369                        __func__);
370                 goto out;
371         }
372         if (data[i++]) {
373                 rc = -EIO;
374                 printk(KERN_ERR "%s: Status indicator has non zero "
375                        "value [%d]\n", __func__, data[i-1]);
376
377                 goto out;
378         }
379         rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
380                                           &data_len);
381         if (rc) {
382                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
383                                 "rc = [%d]\n", rc);
384                 goto out;
385         }
386         i += data_len;
387         if (message_len < (i + key_rec->enc_key_size)) {
388                 rc = -EIO;
389                 printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
390                        __func__, message_len, (i + key_rec->enc_key_size));
391                 goto out;
392         }
393         if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
394                 rc = -EIO;
395                 printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
396                        "the maximum key size [%d]\n", __func__,
397                        key_rec->enc_key_size,
398                        ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
399                 goto out;
400         }
401         memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
402 out:
403         return rc;
404 }
405
406 static int
407 ecryptfs_find_global_auth_tok_for_sig(
408         struct ecryptfs_global_auth_tok **global_auth_tok,
409         struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
410 {
411         struct ecryptfs_global_auth_tok *walker;
412         int rc = 0;
413
414         (*global_auth_tok) = NULL;
415         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
416         list_for_each_entry(walker,
417                             &mount_crypt_stat->global_auth_tok_list,
418                             mount_crypt_stat_list) {
419                 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
420                         rc = key_validate(walker->global_auth_tok_key);
421                         if (!rc)
422                                 (*global_auth_tok) = walker;
423                         goto out;
424                 }
425         }
426         rc = -EINVAL;
427 out:
428         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
429         return rc;
430 }
431
432 /**
433  * ecryptfs_find_auth_tok_for_sig
434  * @auth_tok: Set to the matching auth_tok; NULL if not found
435  * @crypt_stat: inode crypt_stat crypto context
436  * @sig: Sig of auth_tok to find
437  *
438  * For now, this function simply looks at the registered auth_tok's
439  * linked off the mount_crypt_stat, so all the auth_toks that can be
440  * used must be registered at mount time. This function could
441  * potentially try a lot harder to find auth_tok's (e.g., by calling
442  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
443  * that static registration of auth_tok's will no longer be necessary.
444  *
445  * Returns zero on no error; non-zero on error
446  */
447 static int
448 ecryptfs_find_auth_tok_for_sig(
449         struct key **auth_tok_key,
450         struct ecryptfs_auth_tok **auth_tok,
451         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
452         char *sig)
453 {
454         struct ecryptfs_global_auth_tok *global_auth_tok;
455         int rc = 0;
456
457         (*auth_tok_key) = NULL;
458         (*auth_tok) = NULL;
459         if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
460                                                   mount_crypt_stat, sig)) {
461
462                 /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
463                  * mount_crypt_stat structure, we prevent to use auth toks that
464                  * are not inserted through the ecryptfs_add_global_auth_tok
465                  * function.
466                  */
467                 if (mount_crypt_stat->flags
468                                 & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
469                         return -EINVAL;
470
471                 rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
472                                                        sig);
473         } else
474                 (*auth_tok) = global_auth_tok->global_auth_tok;
475         return rc;
476 }
477
478 /**
479  * write_tag_70_packet can gobble a lot of stack space. We stuff most
480  * of the function's parameters in a kmalloc'd struct to help reduce
481  * eCryptfs' overall stack usage.
482  */
483 struct ecryptfs_write_tag_70_packet_silly_stack {
484         u8 cipher_code;
485         size_t max_packet_size;
486         size_t packet_size_len;
487         size_t block_aligned_filename_size;
488         size_t block_size;
489         size_t i;
490         size_t j;
491         size_t num_rand_bytes;
492         struct mutex *tfm_mutex;
493         char *block_aligned_filename;
494         struct ecryptfs_auth_tok *auth_tok;
495         struct scatterlist src_sg;
496         struct scatterlist dst_sg;
497         struct blkcipher_desc desc;
498         char iv[ECRYPTFS_MAX_IV_BYTES];
499         char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
500         char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
501         struct hash_desc hash_desc;
502         struct scatterlist hash_sg;
503 };
504
505 /**
506  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
507  * @filename: NULL-terminated filename string
508  *
509  * This is the simplest mechanism for achieving filename encryption in
510  * eCryptfs. It encrypts the given filename with the mount-wide
511  * filename encryption key (FNEK) and stores it in a packet to @dest,
512  * which the callee will encode and write directly into the dentry
513  * name.
514  */
515 int
516 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
517                              size_t *packet_size,
518                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
519                              char *filename, size_t filename_size)
520 {
521         struct ecryptfs_write_tag_70_packet_silly_stack *s;
522         struct key *auth_tok_key = NULL;
523         int rc = 0;
524
525         s = kmalloc(sizeof(*s), GFP_KERNEL);
526         if (!s) {
527                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
528                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
529                 rc = -ENOMEM;
530                 goto out;
531         }
532         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
533         (*packet_size) = 0;
534         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
535                 &s->desc.tfm,
536                 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
537         if (unlikely(rc)) {
538                 printk(KERN_ERR "Internal error whilst attempting to get "
539                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
540                        mount_crypt_stat->global_default_fn_cipher_name, rc);
541                 goto out;
542         }
543         mutex_lock(s->tfm_mutex);
544         s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
545         /* Plus one for the \0 separator between the random prefix
546          * and the plaintext filename */
547         s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
548         s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
549         if ((s->block_aligned_filename_size % s->block_size) != 0) {
550                 s->num_rand_bytes += (s->block_size
551                                       - (s->block_aligned_filename_size
552                                          % s->block_size));
553                 s->block_aligned_filename_size = (s->num_rand_bytes
554                                                   + filename_size);
555         }
556         /* Octet 0: Tag 70 identifier
557          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
558          *              and block-aligned encrypted filename size)
559          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
560          * Octet N2-N3: Cipher identifier (1 octet)
561          * Octets N3-N4: Block-aligned encrypted filename
562          *  - Consists of a minimum number of random characters, a \0
563          *    separator, and then the filename */
564         s->max_packet_size = (1                   /* Tag 70 identifier */
565                               + 3                 /* Max Tag 70 packet size */
566                               + ECRYPTFS_SIG_SIZE /* FNEK sig */
567                               + 1                 /* Cipher identifier */
568                               + s->block_aligned_filename_size);
569         if (dest == NULL) {
570                 (*packet_size) = s->max_packet_size;
571                 goto out_unlock;
572         }
573         if (s->max_packet_size > (*remaining_bytes)) {
574                 printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
575                        "[%zd] available\n", __func__, s->max_packet_size,
576                        (*remaining_bytes));
577                 rc = -EINVAL;
578                 goto out_unlock;
579         }
580         s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
581                                             GFP_KERNEL);
582         if (!s->block_aligned_filename) {
583                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
584                        "kzalloc [%zd] bytes\n", __func__,
585                        s->block_aligned_filename_size);
586                 rc = -ENOMEM;
587                 goto out_unlock;
588         }
589         s->i = 0;
590         dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
591         rc = ecryptfs_write_packet_length(&dest[s->i],
592                                           (ECRYPTFS_SIG_SIZE
593                                            + 1 /* Cipher code */
594                                            + s->block_aligned_filename_size),
595                                           &s->packet_size_len);
596         if (rc) {
597                 printk(KERN_ERR "%s: Error generating tag 70 packet "
598                        "header; cannot generate packet length; rc = [%d]\n",
599                        __func__, rc);
600                 goto out_free_unlock;
601         }
602         s->i += s->packet_size_len;
603         ecryptfs_from_hex(&dest[s->i],
604                           mount_crypt_stat->global_default_fnek_sig,
605                           ECRYPTFS_SIG_SIZE);
606         s->i += ECRYPTFS_SIG_SIZE;
607         s->cipher_code = ecryptfs_code_for_cipher_string(
608                 mount_crypt_stat->global_default_fn_cipher_name,
609                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
610         if (s->cipher_code == 0) {
611                 printk(KERN_WARNING "%s: Unable to generate code for "
612                        "cipher [%s] with key bytes [%zd]\n", __func__,
613                        mount_crypt_stat->global_default_fn_cipher_name,
614                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
615                 rc = -EINVAL;
616                 goto out_free_unlock;
617         }
618         dest[s->i++] = s->cipher_code;
619         rc = ecryptfs_find_auth_tok_for_sig(
620                 &auth_tok_key,
621                 &s->auth_tok, mount_crypt_stat,
622                 mount_crypt_stat->global_default_fnek_sig);
623         if (rc) {
624                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
625                        "fnek sig [%s]; rc = [%d]\n", __func__,
626                        mount_crypt_stat->global_default_fnek_sig, rc);
627                 goto out_free_unlock;
628         }
629         /* TODO: Support other key modules than passphrase for
630          * filename encryption */
631         if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
632                 rc = -EOPNOTSUPP;
633                 printk(KERN_INFO "%s: Filename encryption only supports "
634                        "password tokens\n", __func__);
635                 goto out_free_unlock;
636         }
637         sg_init_one(
638                 &s->hash_sg,
639                 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
640                 s->auth_tok->token.password.session_key_encryption_key_bytes);
641         s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
642         s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
643                                              CRYPTO_ALG_ASYNC);
644         if (IS_ERR(s->hash_desc.tfm)) {
645                         rc = PTR_ERR(s->hash_desc.tfm);
646                         printk(KERN_ERR "%s: Error attempting to "
647                                "allocate hash crypto context; rc = [%d]\n",
648                                __func__, rc);
649                         goto out_free_unlock;
650         }
651         rc = crypto_hash_init(&s->hash_desc);
652         if (rc) {
653                 printk(KERN_ERR
654                        "%s: Error initializing crypto hash; rc = [%d]\n",
655                        __func__, rc);
656                 goto out_release_free_unlock;
657         }
658         rc = crypto_hash_update(
659                 &s->hash_desc, &s->hash_sg,
660                 s->auth_tok->token.password.session_key_encryption_key_bytes);
661         if (rc) {
662                 printk(KERN_ERR
663                        "%s: Error updating crypto hash; rc = [%d]\n",
664                        __func__, rc);
665                 goto out_release_free_unlock;
666         }
667         rc = crypto_hash_final(&s->hash_desc, s->hash);
668         if (rc) {
669                 printk(KERN_ERR
670                        "%s: Error finalizing crypto hash; rc = [%d]\n",
671                        __func__, rc);
672                 goto out_release_free_unlock;
673         }
674         for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
675                 s->block_aligned_filename[s->j] =
676                         s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
677                 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
678                     == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
679                         sg_init_one(&s->hash_sg, (u8 *)s->hash,
680                                     ECRYPTFS_TAG_70_DIGEST_SIZE);
681                         rc = crypto_hash_init(&s->hash_desc);
682                         if (rc) {
683                                 printk(KERN_ERR
684                                        "%s: Error initializing crypto hash; "
685                                        "rc = [%d]\n", __func__, rc);
686                                 goto out_release_free_unlock;
687                         }
688                         rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
689                                                 ECRYPTFS_TAG_70_DIGEST_SIZE);
690                         if (rc) {
691                                 printk(KERN_ERR
692                                        "%s: Error updating crypto hash; "
693                                        "rc = [%d]\n", __func__, rc);
694                                 goto out_release_free_unlock;
695                         }
696                         rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
697                         if (rc) {
698                                 printk(KERN_ERR
699                                        "%s: Error finalizing crypto hash; "
700                                        "rc = [%d]\n", __func__, rc);
701                                 goto out_release_free_unlock;
702                         }
703                         memcpy(s->hash, s->tmp_hash,
704                                ECRYPTFS_TAG_70_DIGEST_SIZE);
705                 }
706                 if (s->block_aligned_filename[s->j] == '\0')
707                         s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
708         }
709         memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
710                filename_size);
711         rc = virt_to_scatterlist(s->block_aligned_filename,
712                                  s->block_aligned_filename_size, &s->src_sg, 1);
713         if (rc != 1) {
714                 printk(KERN_ERR "%s: Internal error whilst attempting to "
715                        "convert filename memory to scatterlist; "
716                        "expected rc = 1; got rc = [%d]. "
717                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
718                        s->block_aligned_filename_size);
719                 goto out_release_free_unlock;
720         }
721         rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
722                                  &s->dst_sg, 1);
723         if (rc != 1) {
724                 printk(KERN_ERR "%s: Internal error whilst attempting to "
725                        "convert encrypted filename memory to scatterlist; "
726                        "expected rc = 1; got rc = [%d]. "
727                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
728                        s->block_aligned_filename_size);
729                 goto out_release_free_unlock;
730         }
731         /* The characters in the first block effectively do the job
732          * of the IV here, so we just use 0's for the IV. Note the
733          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
734          * >= ECRYPTFS_MAX_IV_BYTES. */
735         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
736         s->desc.info = s->iv;
737         rc = crypto_blkcipher_setkey(
738                 s->desc.tfm,
739                 s->auth_tok->token.password.session_key_encryption_key,
740                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
741         if (rc < 0) {
742                 printk(KERN_ERR "%s: Error setting key for crypto context; "
743                        "rc = [%d]. s->auth_tok->token.password.session_key_"
744                        "encryption_key = [0x%p]; mount_crypt_stat->"
745                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
746                        rc,
747                        s->auth_tok->token.password.session_key_encryption_key,
748                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
749                 goto out_release_free_unlock;
750         }
751         rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
752                                          s->block_aligned_filename_size);
753         if (rc) {
754                 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
755                        "rc = [%d]\n", __func__, rc);
756                 goto out_release_free_unlock;
757         }
758         s->i += s->block_aligned_filename_size;
759         (*packet_size) = s->i;
760         (*remaining_bytes) -= (*packet_size);
761 out_release_free_unlock:
762         crypto_free_hash(s->hash_desc.tfm);
763 out_free_unlock:
764         kzfree(s->block_aligned_filename);
765 out_unlock:
766         mutex_unlock(s->tfm_mutex);
767 out:
768         if (auth_tok_key)
769                 key_put(auth_tok_key);
770         kfree(s);
771         return rc;
772 }
773
774 struct ecryptfs_parse_tag_70_packet_silly_stack {
775         u8 cipher_code;
776         size_t max_packet_size;
777         size_t packet_size_len;
778         size_t parsed_tag_70_packet_size;
779         size_t block_aligned_filename_size;
780         size_t block_size;
781         size_t i;
782         struct mutex *tfm_mutex;
783         char *decrypted_filename;
784         struct ecryptfs_auth_tok *auth_tok;
785         struct scatterlist src_sg;
786         struct scatterlist dst_sg;
787         struct blkcipher_desc desc;
788         char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
789         char iv[ECRYPTFS_MAX_IV_BYTES];
790         char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
791 };
792
793 /**
794  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
795  * @filename: This function kmalloc's the memory for the filename
796  * @filename_size: This function sets this to the amount of memory
797  *                 kmalloc'd for the filename
798  * @packet_size: This function sets this to the the number of octets
799  *               in the packet parsed
800  * @mount_crypt_stat: The mount-wide cryptographic context
801  * @data: The memory location containing the start of the tag 70
802  *        packet
803  * @max_packet_size: The maximum legal size of the packet to be parsed
804  *                   from @data
805  *
806  * Returns zero on success; non-zero otherwise
807  */
808 int
809 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
810                              size_t *packet_size,
811                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
812                              char *data, size_t max_packet_size)
813 {
814         struct ecryptfs_parse_tag_70_packet_silly_stack *s;
815         struct key *auth_tok_key = NULL;
816         int rc = 0;
817
818         (*packet_size) = 0;
819         (*filename_size) = 0;
820         (*filename) = NULL;
821         s = kmalloc(sizeof(*s), GFP_KERNEL);
822         if (!s) {
823                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
824                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
825                 rc = -ENOMEM;
826                 goto out;
827         }
828         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
829         if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
830                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
831                        "at least [%d]\n", __func__, max_packet_size,
832                         (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
833                 rc = -EINVAL;
834                 goto out;
835         }
836         /* Octet 0: Tag 70 identifier
837          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
838          *              and block-aligned encrypted filename size)
839          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
840          * Octet N2-N3: Cipher identifier (1 octet)
841          * Octets N3-N4: Block-aligned encrypted filename
842          *  - Consists of a minimum number of random numbers, a \0
843          *    separator, and then the filename */
844         if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
845                 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
846                        "tag [0x%.2x]\n", __func__,
847                        data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
848                 rc = -EINVAL;
849                 goto out;
850         }
851         rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
852                                           &s->parsed_tag_70_packet_size,
853                                           &s->packet_size_len);
854         if (rc) {
855                 printk(KERN_WARNING "%s: Error parsing packet length; "
856                        "rc = [%d]\n", __func__, rc);
857                 goto out;
858         }
859         s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
860                                           - ECRYPTFS_SIG_SIZE - 1);
861         if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
862             > max_packet_size) {
863                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
864                        "size is [%zd]\n", __func__, max_packet_size,
865                        (1 + s->packet_size_len + 1
866                         + s->block_aligned_filename_size));
867                 rc = -EINVAL;
868                 goto out;
869         }
870         (*packet_size) += s->packet_size_len;
871         ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
872                         ECRYPTFS_SIG_SIZE);
873         s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
874         (*packet_size) += ECRYPTFS_SIG_SIZE;
875         s->cipher_code = data[(*packet_size)++];
876         rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
877         if (rc) {
878                 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
879                        __func__, s->cipher_code);
880                 goto out;
881         }
882         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
883                                                         &s->tfm_mutex,
884                                                         s->cipher_string);
885         if (unlikely(rc)) {
886                 printk(KERN_ERR "Internal error whilst attempting to get "
887                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
888                        s->cipher_string, rc);
889                 goto out;
890         }
891         mutex_lock(s->tfm_mutex);
892         rc = virt_to_scatterlist(&data[(*packet_size)],
893                                  s->block_aligned_filename_size, &s->src_sg, 1);
894         if (rc != 1) {
895                 printk(KERN_ERR "%s: Internal error whilst attempting to "
896                        "convert encrypted filename memory to scatterlist; "
897                        "expected rc = 1; got rc = [%d]. "
898                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
899                        s->block_aligned_filename_size);
900                 goto out_unlock;
901         }
902         (*packet_size) += s->block_aligned_filename_size;
903         s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
904                                         GFP_KERNEL);
905         if (!s->decrypted_filename) {
906                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
907                        "kmalloc [%zd] bytes\n", __func__,
908                        s->block_aligned_filename_size);
909                 rc = -ENOMEM;
910                 goto out_unlock;
911         }
912         rc = virt_to_scatterlist(s->decrypted_filename,
913                                  s->block_aligned_filename_size, &s->dst_sg, 1);
914         if (rc != 1) {
915                 printk(KERN_ERR "%s: Internal error whilst attempting to "
916                        "convert decrypted filename memory to scatterlist; "
917                        "expected rc = 1; got rc = [%d]. "
918                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
919                        s->block_aligned_filename_size);
920                 goto out_free_unlock;
921         }
922         /* The characters in the first block effectively do the job of
923          * the IV here, so we just use 0's for the IV. Note the
924          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
925          * >= ECRYPTFS_MAX_IV_BYTES. */
926         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
927         s->desc.info = s->iv;
928         rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
929                                             &s->auth_tok, mount_crypt_stat,
930                                             s->fnek_sig_hex);
931         if (rc) {
932                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
933                        "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
934                        rc);
935                 goto out_free_unlock;
936         }
937         /* TODO: Support other key modules than passphrase for
938          * filename encryption */
939         if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
940                 rc = -EOPNOTSUPP;
941                 printk(KERN_INFO "%s: Filename encryption only supports "
942                        "password tokens\n", __func__);
943                 goto out_free_unlock;
944         }
945         rc = crypto_blkcipher_setkey(
946                 s->desc.tfm,
947                 s->auth_tok->token.password.session_key_encryption_key,
948                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
949         if (rc < 0) {
950                 printk(KERN_ERR "%s: Error setting key for crypto context; "
951                        "rc = [%d]. s->auth_tok->token.password.session_key_"
952                        "encryption_key = [0x%p]; mount_crypt_stat->"
953                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
954                        rc,
955                        s->auth_tok->token.password.session_key_encryption_key,
956                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
957                 goto out_free_unlock;
958         }
959         rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
960                                          s->block_aligned_filename_size);
961         if (rc) {
962                 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
963                        "rc = [%d]\n", __func__, rc);
964                 goto out_free_unlock;
965         }
966         s->i = 0;
967         while (s->decrypted_filename[s->i] != '\0'
968                && s->i < s->block_aligned_filename_size)
969                 s->i++;
970         if (s->i == s->block_aligned_filename_size) {
971                 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
972                        "find valid separator between random characters and "
973                        "the filename\n", __func__);
974                 rc = -EINVAL;
975                 goto out_free_unlock;
976         }
977         s->i++;
978         (*filename_size) = (s->block_aligned_filename_size - s->i);
979         if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
980                 printk(KERN_WARNING "%s: Filename size is [%zd], which is "
981                        "invalid\n", __func__, (*filename_size));
982                 rc = -EINVAL;
983                 goto out_free_unlock;
984         }
985         (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
986         if (!(*filename)) {
987                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
988                        "kmalloc [%zd] bytes\n", __func__,
989                        ((*filename_size) + 1));
990                 rc = -ENOMEM;
991                 goto out_free_unlock;
992         }
993         memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
994         (*filename)[(*filename_size)] = '\0';
995 out_free_unlock:
996         kfree(s->decrypted_filename);
997 out_unlock:
998         mutex_unlock(s->tfm_mutex);
999 out:
1000         if (rc) {
1001                 (*packet_size) = 0;
1002                 (*filename_size) = 0;
1003                 (*filename) = NULL;
1004         }
1005         if (auth_tok_key)
1006                 key_put(auth_tok_key);
1007         kfree(s);
1008         return rc;
1009 }
1010
1011 static int
1012 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1013 {
1014         int rc = 0;
1015
1016         (*sig) = NULL;
1017         switch (auth_tok->token_type) {
1018         case ECRYPTFS_PASSWORD:
1019                 (*sig) = auth_tok->token.password.signature;
1020                 break;
1021         case ECRYPTFS_PRIVATE_KEY:
1022                 (*sig) = auth_tok->token.private_key.signature;
1023                 break;
1024         default:
1025                 printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1026                        auth_tok->token_type);
1027                 rc = -EINVAL;
1028         }
1029         return rc;
1030 }
1031
1032 /**
1033  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1034  * @auth_tok: The key authentication token used to decrypt the session key
1035  * @crypt_stat: The cryptographic context
1036  *
1037  * Returns zero on success; non-zero error otherwise.
1038  */
1039 static int
1040 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1041                                   struct ecryptfs_crypt_stat *crypt_stat)
1042 {
1043         u8 cipher_code = 0;
1044         struct ecryptfs_msg_ctx *msg_ctx;
1045         struct ecryptfs_message *msg = NULL;
1046         char *auth_tok_sig;
1047         char *payload;
1048         size_t payload_len;
1049         int rc;
1050
1051         rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1052         if (rc) {
1053                 printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1054                        auth_tok->token_type);
1055                 goto out;
1056         }
1057         rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1058                                  &payload, &payload_len);
1059         if (rc) {
1060                 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1061                 goto out;
1062         }
1063         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1064         if (rc) {
1065                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1066                                 "ecryptfsd\n");
1067                 goto out;
1068         }
1069         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1070         if (rc) {
1071                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1072                                 "from the user space daemon\n");
1073                 rc = -EIO;
1074                 goto out;
1075         }
1076         rc = parse_tag_65_packet(&(auth_tok->session_key),
1077                                  &cipher_code, msg);
1078         if (rc) {
1079                 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1080                        rc);
1081                 goto out;
1082         }
1083         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1084         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1085                auth_tok->session_key.decrypted_key_size);
1086         crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1087         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1088         if (rc) {
1089                 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1090                                 cipher_code)
1091                 goto out;
1092         }
1093         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1094         if (ecryptfs_verbosity > 0) {
1095                 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1096                 ecryptfs_dump_hex(crypt_stat->key,
1097                                   crypt_stat->key_size);
1098         }
1099 out:
1100         if (msg)
1101                 kfree(msg);
1102         return rc;
1103 }
1104
1105 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1106 {
1107         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1108         struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1109
1110         list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1111                                  auth_tok_list_head, list) {
1112                 list_del(&auth_tok_list_item->list);
1113                 kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1114                                 auth_tok_list_item);
1115         }
1116 }
1117
1118 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1119
1120 /**
1121  * parse_tag_1_packet
1122  * @crypt_stat: The cryptographic context to modify based on packet contents
1123  * @data: The raw bytes of the packet.
1124  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1125  *                 a new authentication token will be placed at the
1126  *                 end of this list for this packet.
1127  * @new_auth_tok: Pointer to a pointer to memory that this function
1128  *                allocates; sets the memory address of the pointer to
1129  *                NULL on error. This object is added to the
1130  *                auth_tok_list.
1131  * @packet_size: This function writes the size of the parsed packet
1132  *               into this memory location; zero on error.
1133  * @max_packet_size: The maximum allowable packet size
1134  *
1135  * Returns zero on success; non-zero on error.
1136  */
1137 static int
1138 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1139                    unsigned char *data, struct list_head *auth_tok_list,
1140                    struct ecryptfs_auth_tok **new_auth_tok,
1141                    size_t *packet_size, size_t max_packet_size)
1142 {
1143         size_t body_size;
1144         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1145         size_t length_size;
1146         int rc = 0;
1147
1148         (*packet_size) = 0;
1149         (*new_auth_tok) = NULL;
1150         /**
1151          * This format is inspired by OpenPGP; see RFC 2440
1152          * packet tag 1
1153          *
1154          * Tag 1 identifier (1 byte)
1155          * Max Tag 1 packet size (max 3 bytes)
1156          * Version (1 byte)
1157          * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1158          * Cipher identifier (1 byte)
1159          * Encrypted key size (arbitrary)
1160          *
1161          * 12 bytes minimum packet size
1162          */
1163         if (unlikely(max_packet_size < 12)) {
1164                 printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1165                 rc = -EINVAL;
1166                 goto out;
1167         }
1168         if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1169                 printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1170                        ECRYPTFS_TAG_1_PACKET_TYPE);
1171                 rc = -EINVAL;
1172                 goto out;
1173         }
1174         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1175          * at end of function upon failure */
1176         auth_tok_list_item =
1177                 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1178                                   GFP_KERNEL);
1179         if (!auth_tok_list_item) {
1180                 printk(KERN_ERR "Unable to allocate memory\n");
1181                 rc = -ENOMEM;
1182                 goto out;
1183         }
1184         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1185         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1186                                           &length_size);
1187         if (rc) {
1188                 printk(KERN_WARNING "Error parsing packet length; "
1189                        "rc = [%d]\n", rc);
1190                 goto out_free;
1191         }
1192         if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1193                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1194                 rc = -EINVAL;
1195                 goto out_free;
1196         }
1197         (*packet_size) += length_size;
1198         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1199                 printk(KERN_WARNING "Packet size exceeds max\n");
1200                 rc = -EINVAL;
1201                 goto out_free;
1202         }
1203         if (unlikely(data[(*packet_size)++] != 0x03)) {
1204                 printk(KERN_WARNING "Unknown version number [%d]\n",
1205                        data[(*packet_size) - 1]);
1206                 rc = -EINVAL;
1207                 goto out_free;
1208         }
1209         ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1210                         &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1211         *packet_size += ECRYPTFS_SIG_SIZE;
1212         /* This byte is skipped because the kernel does not need to
1213          * know which public key encryption algorithm was used */
1214         (*packet_size)++;
1215         (*new_auth_tok)->session_key.encrypted_key_size =
1216                 body_size - (ECRYPTFS_SIG_SIZE + 2);
1217         if ((*new_auth_tok)->session_key.encrypted_key_size
1218             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1219                 printk(KERN_WARNING "Tag 1 packet contains key larger "
1220                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1221                 rc = -EINVAL;
1222                 goto out;
1223         }
1224         memcpy((*new_auth_tok)->session_key.encrypted_key,
1225                &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1226         (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1227         (*new_auth_tok)->session_key.flags &=
1228                 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1229         (*new_auth_tok)->session_key.flags |=
1230                 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1231         (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1232         (*new_auth_tok)->flags = 0;
1233         (*new_auth_tok)->session_key.flags &=
1234                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1235         (*new_auth_tok)->session_key.flags &=
1236                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1237         list_add(&auth_tok_list_item->list, auth_tok_list);
1238         goto out;
1239 out_free:
1240         (*new_auth_tok) = NULL;
1241         memset(auth_tok_list_item, 0,
1242                sizeof(struct ecryptfs_auth_tok_list_item));
1243         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1244                         auth_tok_list_item);
1245 out:
1246         if (rc)
1247                 (*packet_size) = 0;
1248         return rc;
1249 }
1250
1251 /**
1252  * parse_tag_3_packet
1253  * @crypt_stat: The cryptographic context to modify based on packet
1254  *              contents.
1255  * @data: The raw bytes of the packet.
1256  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1257  *                 a new authentication token will be placed at the end
1258  *                 of this list for this packet.
1259  * @new_auth_tok: Pointer to a pointer to memory that this function
1260  *                allocates; sets the memory address of the pointer to
1261  *                NULL on error. This object is added to the
1262  *                auth_tok_list.
1263  * @packet_size: This function writes the size of the parsed packet
1264  *               into this memory location; zero on error.
1265  * @max_packet_size: maximum number of bytes to parse
1266  *
1267  * Returns zero on success; non-zero on error.
1268  */
1269 static int
1270 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1271                    unsigned char *data, struct list_head *auth_tok_list,
1272                    struct ecryptfs_auth_tok **new_auth_tok,
1273                    size_t *packet_size, size_t max_packet_size)
1274 {
1275         size_t body_size;
1276         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1277         size_t length_size;
1278         int rc = 0;
1279
1280         (*packet_size) = 0;
1281         (*new_auth_tok) = NULL;
1282         /**
1283          *This format is inspired by OpenPGP; see RFC 2440
1284          * packet tag 3
1285          *
1286          * Tag 3 identifier (1 byte)
1287          * Max Tag 3 packet size (max 3 bytes)
1288          * Version (1 byte)
1289          * Cipher code (1 byte)
1290          * S2K specifier (1 byte)
1291          * Hash identifier (1 byte)
1292          * Salt (ECRYPTFS_SALT_SIZE)
1293          * Hash iterations (1 byte)
1294          * Encrypted key (arbitrary)
1295          *
1296          * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1297          */
1298         if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1299                 printk(KERN_ERR "Max packet size too large\n");
1300                 rc = -EINVAL;
1301                 goto out;
1302         }
1303         if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1304                 printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1305                        ECRYPTFS_TAG_3_PACKET_TYPE);
1306                 rc = -EINVAL;
1307                 goto out;
1308         }
1309         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1310          * at end of function upon failure */
1311         auth_tok_list_item =
1312             kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1313         if (!auth_tok_list_item) {
1314                 printk(KERN_ERR "Unable to allocate memory\n");
1315                 rc = -ENOMEM;
1316                 goto out;
1317         }
1318         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1319         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1320                                           &length_size);
1321         if (rc) {
1322                 printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1323                        rc);
1324                 goto out_free;
1325         }
1326         if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1327                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1328                 rc = -EINVAL;
1329                 goto out_free;
1330         }
1331         (*packet_size) += length_size;
1332         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1333                 printk(KERN_ERR "Packet size exceeds max\n");
1334                 rc = -EINVAL;
1335                 goto out_free;
1336         }
1337         (*new_auth_tok)->session_key.encrypted_key_size =
1338                 (body_size - (ECRYPTFS_SALT_SIZE + 5));
1339         if ((*new_auth_tok)->session_key.encrypted_key_size
1340             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1341                 printk(KERN_WARNING "Tag 3 packet contains key larger "
1342                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1343                 rc = -EINVAL;
1344                 goto out_free;
1345         }
1346         if (unlikely(data[(*packet_size)++] != 0x04)) {
1347                 printk(KERN_WARNING "Unknown version number [%d]\n",
1348                        data[(*packet_size) - 1]);
1349                 rc = -EINVAL;
1350                 goto out_free;
1351         }
1352         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1353                                             (u16)data[(*packet_size)]);
1354         if (rc)
1355                 goto out_free;
1356         /* A little extra work to differentiate among the AES key
1357          * sizes; see RFC2440 */
1358         switch(data[(*packet_size)++]) {
1359         case RFC2440_CIPHER_AES_192:
1360                 crypt_stat->key_size = 24;
1361                 break;
1362         default:
1363                 crypt_stat->key_size =
1364                         (*new_auth_tok)->session_key.encrypted_key_size;
1365         }
1366         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1367         if (rc)
1368                 goto out_free;
1369         if (unlikely(data[(*packet_size)++] != 0x03)) {
1370                 printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1371                 rc = -ENOSYS;
1372                 goto out_free;
1373         }
1374         /* TODO: finish the hash mapping */
1375         switch (data[(*packet_size)++]) {
1376         case 0x01: /* See RFC2440 for these numbers and their mappings */
1377                 /* Choose MD5 */
1378                 memcpy((*new_auth_tok)->token.password.salt,
1379                        &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1380                 (*packet_size) += ECRYPTFS_SALT_SIZE;
1381                 /* This conversion was taken straight from RFC2440 */
1382                 (*new_auth_tok)->token.password.hash_iterations =
1383                         ((u32) 16 + (data[(*packet_size)] & 15))
1384                                 << ((data[(*packet_size)] >> 4) + 6);
1385                 (*packet_size)++;
1386                 /* Friendly reminder:
1387                  * (*new_auth_tok)->session_key.encrypted_key_size =
1388                  *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1389                 memcpy((*new_auth_tok)->session_key.encrypted_key,
1390                        &data[(*packet_size)],
1391                        (*new_auth_tok)->session_key.encrypted_key_size);
1392                 (*packet_size) +=
1393                         (*new_auth_tok)->session_key.encrypted_key_size;
1394                 (*new_auth_tok)->session_key.flags &=
1395                         ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1396                 (*new_auth_tok)->session_key.flags |=
1397                         ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1398                 (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1399                 break;
1400         default:
1401                 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1402                                 "[%d]\n", data[(*packet_size) - 1]);
1403                 rc = -ENOSYS;
1404                 goto out_free;
1405         }
1406         (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1407         /* TODO: Parametarize; we might actually want userspace to
1408          * decrypt the session key. */
1409         (*new_auth_tok)->session_key.flags &=
1410                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1411         (*new_auth_tok)->session_key.flags &=
1412                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1413         list_add(&auth_tok_list_item->list, auth_tok_list);
1414         goto out;
1415 out_free:
1416         (*new_auth_tok) = NULL;
1417         memset(auth_tok_list_item, 0,
1418                sizeof(struct ecryptfs_auth_tok_list_item));
1419         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1420                         auth_tok_list_item);
1421 out:
1422         if (rc)
1423                 (*packet_size) = 0;
1424         return rc;
1425 }
1426
1427 /**
1428  * parse_tag_11_packet
1429  * @data: The raw bytes of the packet
1430  * @contents: This function writes the data contents of the literal
1431  *            packet into this memory location
1432  * @max_contents_bytes: The maximum number of bytes that this function
1433  *                      is allowed to write into contents
1434  * @tag_11_contents_size: This function writes the size of the parsed
1435  *                        contents into this memory location; zero on
1436  *                        error
1437  * @packet_size: This function writes the size of the parsed packet
1438  *               into this memory location; zero on error
1439  * @max_packet_size: maximum number of bytes to parse
1440  *
1441  * Returns zero on success; non-zero on error.
1442  */
1443 static int
1444 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1445                     size_t max_contents_bytes, size_t *tag_11_contents_size,
1446                     size_t *packet_size, size_t max_packet_size)
1447 {
1448         size_t body_size;
1449         size_t length_size;
1450         int rc = 0;
1451
1452         (*packet_size) = 0;
1453         (*tag_11_contents_size) = 0;
1454         /* This format is inspired by OpenPGP; see RFC 2440
1455          * packet tag 11
1456          *
1457          * Tag 11 identifier (1 byte)
1458          * Max Tag 11 packet size (max 3 bytes)
1459          * Binary format specifier (1 byte)
1460          * Filename length (1 byte)
1461          * Filename ("_CONSOLE") (8 bytes)
1462          * Modification date (4 bytes)
1463          * Literal data (arbitrary)
1464          *
1465          * We need at least 16 bytes of data for the packet to even be
1466          * valid.
1467          */
1468         if (max_packet_size < 16) {
1469                 printk(KERN_ERR "Maximum packet size too small\n");
1470                 rc = -EINVAL;
1471                 goto out;
1472         }
1473         if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1474                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1475                 rc = -EINVAL;
1476                 goto out;
1477         }
1478         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1479                                           &length_size);
1480         if (rc) {
1481                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1482                 goto out;
1483         }
1484         if (body_size < 14) {
1485                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1486                 rc = -EINVAL;
1487                 goto out;
1488         }
1489         (*packet_size) += length_size;
1490         (*tag_11_contents_size) = (body_size - 14);
1491         if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1492                 printk(KERN_ERR "Packet size exceeds max\n");
1493                 rc = -EINVAL;
1494                 goto out;
1495         }
1496         if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1497                 printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1498                        "expected size\n");
1499                 rc = -EINVAL;
1500                 goto out;
1501         }
1502         if (data[(*packet_size)++] != 0x62) {
1503                 printk(KERN_WARNING "Unrecognizable packet\n");
1504                 rc = -EINVAL;
1505                 goto out;
1506         }
1507         if (data[(*packet_size)++] != 0x08) {
1508                 printk(KERN_WARNING "Unrecognizable packet\n");
1509                 rc = -EINVAL;
1510                 goto out;
1511         }
1512         (*packet_size) += 12; /* Ignore filename and modification date */
1513         memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1514         (*packet_size) += (*tag_11_contents_size);
1515 out:
1516         if (rc) {
1517                 (*packet_size) = 0;
1518                 (*tag_11_contents_size) = 0;
1519         }
1520         return rc;
1521 }
1522
1523 /**
1524  * ecryptfs_verify_version
1525  * @version: The version number to confirm
1526  *
1527  * Returns zero on good version; non-zero otherwise
1528  */
1529 static int ecryptfs_verify_version(u16 version)
1530 {
1531         int rc = 0;
1532         unsigned char major;
1533         unsigned char minor;
1534
1535         major = ((version >> 8) & 0xFF);
1536         minor = (version & 0xFF);
1537         if (major != ECRYPTFS_VERSION_MAJOR) {
1538                 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1539                                 "Expected [%d]; got [%d]\n",
1540                                 ECRYPTFS_VERSION_MAJOR, major);
1541                 rc = -EINVAL;
1542                 goto out;
1543         }
1544         if (minor != ECRYPTFS_VERSION_MINOR) {
1545                 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1546                                 "Expected [%d]; got [%d]\n",
1547                                 ECRYPTFS_VERSION_MINOR, minor);
1548                 rc = -EINVAL;
1549                 goto out;
1550         }
1551 out:
1552         return rc;
1553 }
1554
1555 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1556                                       struct ecryptfs_auth_tok **auth_tok,
1557                                       char *sig)
1558 {
1559         int rc = 0;
1560
1561         (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1562         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1563                 printk(KERN_ERR "Could not find key with description: [%s]\n",
1564                        sig);
1565                 rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1566                 goto out;
1567         }
1568         (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
1569         if (ecryptfs_verify_version((*auth_tok)->version)) {
1570                 printk(KERN_ERR
1571                        "Data structure version mismatch. "
1572                        "Userspace tools must match eCryptfs "
1573                        "kernel module with major version [%d] "
1574                        "and minor version [%d]\n",
1575                        ECRYPTFS_VERSION_MAJOR,
1576                        ECRYPTFS_VERSION_MINOR);
1577                 rc = -EINVAL;
1578                 goto out_release_key;
1579         }
1580         if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1581             && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1582                 printk(KERN_ERR "Invalid auth_tok structure "
1583                        "returned from key query\n");
1584                 rc = -EINVAL;
1585                 goto out_release_key;
1586         }
1587 out_release_key:
1588         if (rc) {
1589                 key_put(*auth_tok_key);
1590                 (*auth_tok_key) = NULL;
1591         }
1592 out:
1593         return rc;
1594 }
1595
1596 /**
1597  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1598  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1599  * @crypt_stat: The cryptographic context
1600  *
1601  * Returns zero on success; non-zero error otherwise
1602  */
1603 static int
1604 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1605                                          struct ecryptfs_crypt_stat *crypt_stat)
1606 {
1607         struct scatterlist dst_sg[2];
1608         struct scatterlist src_sg[2];
1609         struct mutex *tfm_mutex;
1610         struct blkcipher_desc desc = {
1611                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
1612         };
1613         int rc = 0;
1614
1615         if (unlikely(ecryptfs_verbosity > 0)) {
1616                 ecryptfs_printk(
1617                         KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1618                         auth_tok->token.password.session_key_encryption_key_bytes);
1619                 ecryptfs_dump_hex(
1620                         auth_tok->token.password.session_key_encryption_key,
1621                         auth_tok->token.password.session_key_encryption_key_bytes);
1622         }
1623         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1624                                                         crypt_stat->cipher);
1625         if (unlikely(rc)) {
1626                 printk(KERN_ERR "Internal error whilst attempting to get "
1627                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1628                        crypt_stat->cipher, rc);
1629                 goto out;
1630         }
1631         rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1632                                  auth_tok->session_key.encrypted_key_size,
1633                                  src_sg, 2);
1634         if (rc < 1 || rc > 2) {
1635                 printk(KERN_ERR "Internal error whilst attempting to convert "
1636                         "auth_tok->session_key.encrypted_key to scatterlist; "
1637                         "expected rc = 1; got rc = [%d]. "
1638                        "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1639                         auth_tok->session_key.encrypted_key_size);
1640                 goto out;
1641         }
1642         auth_tok->session_key.decrypted_key_size =
1643                 auth_tok->session_key.encrypted_key_size;
1644         rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1645                                  auth_tok->session_key.decrypted_key_size,
1646                                  dst_sg, 2);
1647         if (rc < 1 || rc > 2) {
1648                 printk(KERN_ERR "Internal error whilst attempting to convert "
1649                         "auth_tok->session_key.decrypted_key to scatterlist; "
1650                         "expected rc = 1; got rc = [%d]\n", rc);
1651                 goto out;
1652         }
1653         mutex_lock(tfm_mutex);
1654         rc = crypto_blkcipher_setkey(
1655                 desc.tfm, auth_tok->token.password.session_key_encryption_key,
1656                 crypt_stat->key_size);
1657         if (unlikely(rc < 0)) {
1658                 mutex_unlock(tfm_mutex);
1659                 printk(KERN_ERR "Error setting key for crypto context\n");
1660                 rc = -EINVAL;
1661                 goto out;
1662         }
1663         rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1664                                       auth_tok->session_key.encrypted_key_size);
1665         mutex_unlock(tfm_mutex);
1666         if (unlikely(rc)) {
1667                 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1668                 goto out;
1669         }
1670         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1671         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1672                auth_tok->session_key.decrypted_key_size);
1673         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1674         if (unlikely(ecryptfs_verbosity > 0)) {
1675                 ecryptfs_printk(KERN_DEBUG, "FEK of size [%d]:\n",
1676                                 crypt_stat->key_size);
1677                 ecryptfs_dump_hex(crypt_stat->key,
1678                                   crypt_stat->key_size);
1679         }
1680 out:
1681         return rc;
1682 }
1683
1684 /**
1685  * ecryptfs_parse_packet_set
1686  * @crypt_stat: The cryptographic context
1687  * @src: Virtual address of region of memory containing the packets
1688  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1689  *
1690  * Get crypt_stat to have the file's session key if the requisite key
1691  * is available to decrypt the session key.
1692  *
1693  * Returns Zero if a valid authentication token was retrieved and
1694  * processed; negative value for file not encrypted or for error
1695  * conditions.
1696  */
1697 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1698                               unsigned char *src,
1699                               struct dentry *ecryptfs_dentry)
1700 {
1701         size_t i = 0;
1702         size_t found_auth_tok;
1703         size_t next_packet_is_auth_tok_packet;
1704         struct list_head auth_tok_list;
1705         struct ecryptfs_auth_tok *matching_auth_tok;
1706         struct ecryptfs_auth_tok *candidate_auth_tok;
1707         char *candidate_auth_tok_sig;
1708         size_t packet_size;
1709         struct ecryptfs_auth_tok *new_auth_tok;
1710         unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1711         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1712         size_t tag_11_contents_size;
1713         size_t tag_11_packet_size;
1714         struct key *auth_tok_key = NULL;
1715         int rc = 0;
1716
1717         INIT_LIST_HEAD(&auth_tok_list);
1718         /* Parse the header to find as many packets as we can; these will be
1719          * added the our &auth_tok_list */
1720         next_packet_is_auth_tok_packet = 1;
1721         while (next_packet_is_auth_tok_packet) {
1722                 size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1723
1724                 switch (src[i]) {
1725                 case ECRYPTFS_TAG_3_PACKET_TYPE:
1726                         rc = parse_tag_3_packet(crypt_stat,
1727                                                 (unsigned char *)&src[i],
1728                                                 &auth_tok_list, &new_auth_tok,
1729                                                 &packet_size, max_packet_size);
1730                         if (rc) {
1731                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1732                                                 "tag 3 packet\n");
1733                                 rc = -EIO;
1734                                 goto out_wipe_list;
1735                         }
1736                         i += packet_size;
1737                         rc = parse_tag_11_packet((unsigned char *)&src[i],
1738                                                  sig_tmp_space,
1739                                                  ECRYPTFS_SIG_SIZE,
1740                                                  &tag_11_contents_size,
1741                                                  &tag_11_packet_size,
1742                                                  max_packet_size);
1743                         if (rc) {
1744                                 ecryptfs_printk(KERN_ERR, "No valid "
1745                                                 "(ecryptfs-specific) literal "
1746                                                 "packet containing "
1747                                                 "authentication token "
1748                                                 "signature found after "
1749                                                 "tag 3 packet\n");
1750                                 rc = -EIO;
1751                                 goto out_wipe_list;
1752                         }
1753                         i += tag_11_packet_size;
1754                         if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1755                                 ecryptfs_printk(KERN_ERR, "Expected "
1756                                                 "signature of size [%d]; "
1757                                                 "read size [%d]\n",
1758                                                 ECRYPTFS_SIG_SIZE,
1759                                                 tag_11_contents_size);
1760                                 rc = -EIO;
1761                                 goto out_wipe_list;
1762                         }
1763                         ecryptfs_to_hex(new_auth_tok->token.password.signature,
1764                                         sig_tmp_space, tag_11_contents_size);
1765                         new_auth_tok->token.password.signature[
1766                                 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1767                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1768                         break;
1769                 case ECRYPTFS_TAG_1_PACKET_TYPE:
1770                         rc = parse_tag_1_packet(crypt_stat,
1771                                                 (unsigned char *)&src[i],
1772                                                 &auth_tok_list, &new_auth_tok,
1773                                                 &packet_size, max_packet_size);
1774                         if (rc) {
1775                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1776                                                 "tag 1 packet\n");
1777                                 rc = -EIO;
1778                                 goto out_wipe_list;
1779                         }
1780                         i += packet_size;
1781                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1782                         break;
1783                 case ECRYPTFS_TAG_11_PACKET_TYPE:
1784                         ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1785                                         "(Tag 11 not allowed by itself)\n");
1786                         rc = -EIO;
1787                         goto out_wipe_list;
1788                         break;
1789                 default:
1790                         ecryptfs_printk(KERN_DEBUG, "No packet at offset "
1791                                         "[%d] of the file header; hex value of "
1792                                         "character is [0x%.2x]\n", i, src[i]);
1793                         next_packet_is_auth_tok_packet = 0;
1794                 }
1795         }
1796         if (list_empty(&auth_tok_list)) {
1797                 printk(KERN_ERR "The lower file appears to be a non-encrypted "
1798                        "eCryptfs file; this is not supported in this version "
1799                        "of the eCryptfs kernel module\n");
1800                 rc = -EINVAL;
1801                 goto out;
1802         }
1803         /* auth_tok_list contains the set of authentication tokens
1804          * parsed from the metadata. We need to find a matching
1805          * authentication token that has the secret component(s)
1806          * necessary to decrypt the EFEK in the auth_tok parsed from
1807          * the metadata. There may be several potential matches, but
1808          * just one will be sufficient to decrypt to get the FEK. */
1809 find_next_matching_auth_tok:
1810         found_auth_tok = 0;
1811         if (auth_tok_key) {
1812                 key_put(auth_tok_key);
1813                 auth_tok_key = NULL;
1814         }
1815         list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1816                 candidate_auth_tok = &auth_tok_list_item->auth_tok;
1817                 if (unlikely(ecryptfs_verbosity > 0)) {
1818                         ecryptfs_printk(KERN_DEBUG,
1819                                         "Considering cadidate auth tok:\n");
1820                         ecryptfs_dump_auth_tok(candidate_auth_tok);
1821                 }
1822                 rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1823                                                candidate_auth_tok);
1824                 if (rc) {
1825                         printk(KERN_ERR
1826                                "Unrecognized candidate auth tok type: [%d]\n",
1827                                candidate_auth_tok->token_type);
1828                         rc = -EINVAL;
1829                         goto out_wipe_list;
1830                 }
1831                 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1832                                                &matching_auth_tok,
1833                                                crypt_stat->mount_crypt_stat,
1834                                                candidate_auth_tok_sig);
1835                 if (!rc) {
1836                         found_auth_tok = 1;
1837                         goto found_matching_auth_tok;
1838                 }
1839         }
1840         if (!found_auth_tok) {
1841                 ecryptfs_printk(KERN_ERR, "Could not find a usable "
1842                                 "authentication token\n");
1843                 rc = -EIO;
1844                 goto out_wipe_list;
1845         }
1846 found_matching_auth_tok:
1847         if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1848                 memcpy(&(candidate_auth_tok->token.private_key),
1849                        &(matching_auth_tok->token.private_key),
1850                        sizeof(struct ecryptfs_private_key));
1851                 rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1852                                                        crypt_stat);
1853         } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1854                 memcpy(&(candidate_auth_tok->token.password),
1855                        &(matching_auth_tok->token.password),
1856                        sizeof(struct ecryptfs_password));
1857                 rc = decrypt_passphrase_encrypted_session_key(
1858                         candidate_auth_tok, crypt_stat);
1859         }
1860         if (rc) {
1861                 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1862
1863                 ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1864                                 "session key for authentication token with sig "
1865                                 "[%.*s]; rc = [%d]. Removing auth tok "
1866                                 "candidate from the list and searching for "
1867                                 "the next match.\n", candidate_auth_tok_sig,
1868                                 ECRYPTFS_SIG_SIZE_HEX, rc);
1869                 list_for_each_entry_safe(auth_tok_list_item,
1870                                          auth_tok_list_item_tmp,
1871                                          &auth_tok_list, list) {
1872                         if (candidate_auth_tok
1873                             == &auth_tok_list_item->auth_tok) {
1874                                 list_del(&auth_tok_list_item->list);
1875                                 kmem_cache_free(
1876                                         ecryptfs_auth_tok_list_item_cache,
1877                                         auth_tok_list_item);
1878                                 goto find_next_matching_auth_tok;
1879                         }
1880                 }
1881                 BUG();
1882         }
1883         rc = ecryptfs_compute_root_iv(crypt_stat);
1884         if (rc) {
1885                 ecryptfs_printk(KERN_ERR, "Error computing "
1886                                 "the root IV\n");
1887                 goto out_wipe_list;
1888         }
1889         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1890         if (rc) {
1891                 ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1892                                 "context for cipher [%s]; rc = [%d]\n",
1893                                 crypt_stat->cipher, rc);
1894         }
1895 out_wipe_list:
1896         wipe_auth_tok_list(&auth_tok_list);
1897 out:
1898         if (auth_tok_key)
1899                 key_put(auth_tok_key);
1900         return rc;
1901 }
1902
1903 static int
1904 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1905                         struct ecryptfs_crypt_stat *crypt_stat,
1906                         struct ecryptfs_key_record *key_rec)
1907 {
1908         struct ecryptfs_msg_ctx *msg_ctx = NULL;
1909         char *payload = NULL;
1910         size_t payload_len;
1911         struct ecryptfs_message *msg;
1912         int rc;
1913
1914         rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1915                                  ecryptfs_code_for_cipher_string(
1916                                          crypt_stat->cipher,
1917                                          crypt_stat->key_size),
1918                                  crypt_stat, &payload, &payload_len);
1919         if (rc) {
1920                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1921                 goto out;
1922         }
1923         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1924         if (rc) {
1925                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1926                                 "ecryptfsd\n");
1927                 goto out;
1928         }
1929         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1930         if (rc) {
1931                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1932                                 "from the user space daemon\n");
1933                 rc = -EIO;
1934                 goto out;
1935         }
1936         rc = parse_tag_67_packet(key_rec, msg);
1937         if (rc)
1938                 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1939         kfree(msg);
1940 out:
1941         kfree(payload);
1942         return rc;
1943 }
1944 /**
1945  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1946  * @dest: Buffer into which to write the packet
1947  * @remaining_bytes: Maximum number of bytes that can be writtn
1948  * @auth_tok: The authentication token used for generating the tag 1 packet
1949  * @crypt_stat: The cryptographic context
1950  * @key_rec: The key record struct for the tag 1 packet
1951  * @packet_size: This function will write the number of bytes that end
1952  *               up constituting the packet; set to zero on error
1953  *
1954  * Returns zero on success; non-zero on error.
1955  */
1956 static int
1957 write_tag_1_packet(char *dest, size_t *remaining_bytes,
1958                    struct ecryptfs_auth_tok *auth_tok,
1959                    struct ecryptfs_crypt_stat *crypt_stat,
1960                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
1961 {
1962         size_t i;
1963         size_t encrypted_session_key_valid = 0;
1964         size_t packet_size_length;
1965         size_t max_packet_size;
1966         int rc = 0;
1967
1968         (*packet_size) = 0;
1969         ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
1970                           ECRYPTFS_SIG_SIZE);
1971         encrypted_session_key_valid = 0;
1972         for (i = 0; i < crypt_stat->key_size; i++)
1973                 encrypted_session_key_valid |=
1974                         auth_tok->session_key.encrypted_key[i];
1975         if (encrypted_session_key_valid) {
1976                 memcpy(key_rec->enc_key,
1977                        auth_tok->session_key.encrypted_key,
1978                        auth_tok->session_key.encrypted_key_size);
1979                 goto encrypted_session_key_set;
1980         }
1981         if (auth_tok->session_key.encrypted_key_size == 0)
1982                 auth_tok->session_key.encrypted_key_size =
1983                         auth_tok->token.private_key.key_size;
1984         rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
1985         if (rc) {
1986                 printk(KERN_ERR "Failed to encrypt session key via a key "
1987                        "module; rc = [%d]\n", rc);
1988                 goto out;
1989         }
1990         if (ecryptfs_verbosity > 0) {
1991                 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
1992                 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
1993         }
1994 encrypted_session_key_set:
1995         /* This format is inspired by OpenPGP; see RFC 2440
1996          * packet tag 1 */
1997         max_packet_size = (1                         /* Tag 1 identifier */
1998                            + 3                       /* Max Tag 1 packet size */
1999                            + 1                       /* Version */
2000                            + ECRYPTFS_SIG_SIZE       /* Key identifier */
2001                            + 1                       /* Cipher identifier */
2002                            + key_rec->enc_key_size); /* Encrypted key size */
2003         if (max_packet_size > (*remaining_bytes)) {
2004                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2005                        "need up to [%td] bytes, but there are only [%td] "
2006                        "available\n", max_packet_size, (*remaining_bytes));
2007                 rc = -EINVAL;
2008                 goto out;
2009         }
2010         dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2011         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2012                                           (max_packet_size - 4),
2013                                           &packet_size_length);
2014         if (rc) {
2015                 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2016                                 "header; cannot generate packet length\n");
2017                 goto out;
2018         }
2019         (*packet_size) += packet_size_length;
2020         dest[(*packet_size)++] = 0x03; /* version 3 */
2021         memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2022         (*packet_size) += ECRYPTFS_SIG_SIZE;
2023         dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2024         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2025                key_rec->enc_key_size);
2026         (*packet_size) += key_rec->enc_key_size;
2027 out:
2028         if (rc)
2029                 (*packet_size) = 0;
2030         else
2031                 (*remaining_bytes) -= (*packet_size);
2032         return rc;
2033 }
2034
2035 /**
2036  * write_tag_11_packet
2037  * @dest: Target into which Tag 11 packet is to be written
2038  * @remaining_bytes: Maximum packet length
2039  * @contents: Byte array of contents to copy in
2040  * @contents_length: Number of bytes in contents
2041  * @packet_length: Length of the Tag 11 packet written; zero on error
2042  *
2043  * Returns zero on success; non-zero on error.
2044  */
2045 static int
2046 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2047                     size_t contents_length, size_t *packet_length)
2048 {
2049         size_t packet_size_length;
2050         size_t max_packet_size;
2051         int rc = 0;
2052
2053         (*packet_length) = 0;
2054         /* This format is inspired by OpenPGP; see RFC 2440
2055          * packet tag 11 */
2056         max_packet_size = (1                   /* Tag 11 identifier */
2057                            + 3                 /* Max Tag 11 packet size */
2058                            + 1                 /* Binary format specifier */
2059                            + 1                 /* Filename length */
2060                            + 8                 /* Filename ("_CONSOLE") */
2061                            + 4                 /* Modification date */
2062                            + contents_length); /* Literal data */
2063         if (max_packet_size > (*remaining_bytes)) {
2064                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2065                        "need up to [%td] bytes, but there are only [%td] "
2066                        "available\n", max_packet_size, (*remaining_bytes));
2067                 rc = -EINVAL;
2068                 goto out;
2069         }
2070         dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2071         rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2072                                           (max_packet_size - 4),
2073                                           &packet_size_length);
2074         if (rc) {
2075                 printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2076                        "generate packet length. rc = [%d]\n", rc);
2077                 goto out;
2078         }
2079         (*packet_length) += packet_size_length;
2080         dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2081         dest[(*packet_length)++] = 8;
2082         memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2083         (*packet_length) += 8;
2084         memset(&dest[(*packet_length)], 0x00, 4);
2085         (*packet_length) += 4;
2086         memcpy(&dest[(*packet_length)], contents, contents_length);
2087         (*packet_length) += contents_length;
2088  out:
2089         if (rc)
2090                 (*packet_length) = 0;
2091         else
2092                 (*remaining_bytes) -= (*packet_length);
2093         return rc;
2094 }
2095
2096 /**
2097  * write_tag_3_packet
2098  * @dest: Buffer into which to write the packet
2099  * @remaining_bytes: Maximum number of bytes that can be written
2100  * @auth_tok: Authentication token
2101  * @crypt_stat: The cryptographic context
2102  * @key_rec: encrypted key
2103  * @packet_size: This function will write the number of bytes that end
2104  *               up constituting the packet; set to zero on error
2105  *
2106  * Returns zero on success; non-zero on error.
2107  */
2108 static int
2109 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2110                    struct ecryptfs_auth_tok *auth_tok,
2111                    struct ecryptfs_crypt_stat *crypt_stat,
2112                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
2113 {
2114         size_t i;
2115         size_t encrypted_session_key_valid = 0;
2116         char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2117         struct scatterlist dst_sg[2];
2118         struct scatterlist src_sg[2];
2119         struct mutex *tfm_mutex = NULL;
2120         u8 cipher_code;
2121         size_t packet_size_length;
2122         size_t max_packet_size;
2123         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2124                 crypt_stat->mount_crypt_stat;
2125         struct blkcipher_desc desc = {
2126                 .tfm = NULL,
2127                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
2128         };
2129         int rc = 0;
2130
2131         (*packet_size) = 0;
2132         ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2133                           ECRYPTFS_SIG_SIZE);
2134         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2135                                                         crypt_stat->cipher);
2136         if (unlikely(rc)) {
2137                 printk(KERN_ERR "Internal error whilst attempting to get "
2138                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2139                        crypt_stat->cipher, rc);
2140                 goto out;
2141         }
2142         if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2143                 struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2144
2145                 printk(KERN_WARNING "No key size specified at mount; "
2146                        "defaulting to [%d]\n", alg->max_keysize);
2147                 mount_crypt_stat->global_default_cipher_key_size =
2148                         alg->max_keysize;
2149         }
2150         if (crypt_stat->key_size == 0)
2151                 crypt_stat->key_size =
2152                         mount_crypt_stat->global_default_cipher_key_size;
2153         if (auth_tok->session_key.encrypted_key_size == 0)
2154                 auth_tok->session_key.encrypted_key_size =
2155                         crypt_stat->key_size;
2156         if (crypt_stat->key_size == 24
2157             && strcmp("aes", crypt_stat->cipher) == 0) {
2158                 memset((crypt_stat->key + 24), 0, 8);
2159                 auth_tok->session_key.encrypted_key_size = 32;
2160         } else
2161                 auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2162         key_rec->enc_key_size =
2163                 auth_tok->session_key.encrypted_key_size;
2164         encrypted_session_key_valid = 0;
2165         for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2166                 encrypted_session_key_valid |=
2167                         auth_tok->session_key.encrypted_key[i];
2168         if (encrypted_session_key_valid) {
2169                 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2170                                 "using auth_tok->session_key.encrypted_key, "
2171                                 "where key_rec->enc_key_size = [%d]\n",
2172                                 key_rec->enc_key_size);
2173                 memcpy(key_rec->enc_key,
2174                        auth_tok->session_key.encrypted_key,
2175                        key_rec->enc_key_size);
2176                 goto encrypted_session_key_set;
2177         }
2178         if (auth_tok->token.password.flags &
2179             ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2180                 ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2181                                 "session key encryption key of size [%d]\n",
2182                                 auth_tok->token.password.
2183                                 session_key_encryption_key_bytes);
2184                 memcpy(session_key_encryption_key,
2185                        auth_tok->token.password.session_key_encryption_key,
2186                        crypt_stat->key_size);
2187                 ecryptfs_printk(KERN_DEBUG,
2188                                 "Cached session key " "encryption key: \n");
2189                 if (ecryptfs_verbosity > 0)
2190                         ecryptfs_dump_hex(session_key_encryption_key, 16);
2191         }
2192         if (unlikely(ecryptfs_verbosity > 0)) {
2193                 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2194                 ecryptfs_dump_hex(session_key_encryption_key, 16);
2195         }
2196         rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2197                                  src_sg, 2);
2198         if (rc < 1 || rc > 2) {
2199                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2200                                 "for crypt_stat session key; expected rc = 1; "
2201                                 "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
2202                                 rc, key_rec->enc_key_size);
2203                 rc = -ENOMEM;
2204                 goto out;
2205         }
2206         rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2207                                  dst_sg, 2);
2208         if (rc < 1 || rc > 2) {
2209                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2210                                 "for crypt_stat encrypted session key; "
2211                                 "expected rc = 1; got rc = [%d]. "
2212                                 "key_rec->enc_key_size = [%d]\n", rc,
2213                                 key_rec->enc_key_size);
2214                 rc = -ENOMEM;
2215                 goto out;
2216         }
2217         mutex_lock(tfm_mutex);
2218         rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
2219                                      crypt_stat->key_size);
2220         if (rc < 0) {
2221                 mutex_unlock(tfm_mutex);
2222                 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2223                                 "context; rc = [%d]\n", rc);
2224                 goto out;
2225         }
2226         rc = 0;
2227         ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
2228                         crypt_stat->key_size);
2229         rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2230                                       (*key_rec).enc_key_size);
2231         mutex_unlock(tfm_mutex);
2232         if (rc) {
2233                 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2234                 goto out;
2235         }
2236         ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2237         if (ecryptfs_verbosity > 0) {
2238                 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%d]:\n",
2239                                 key_rec->enc_key_size);
2240                 ecryptfs_dump_hex(key_rec->enc_key,
2241                                   key_rec->enc_key_size);
2242         }
2243 encrypted_session_key_set:
2244         /* This format is inspired by OpenPGP; see RFC 2440
2245          * packet tag 3 */
2246         max_packet_size = (1                         /* Tag 3 identifier */
2247                            + 3                       /* Max Tag 3 packet size */
2248                            + 1                       /* Version */
2249                            + 1                       /* Cipher code */
2250                            + 1                       /* S2K specifier */
2251                            + 1                       /* Hash identifier */
2252                            + ECRYPTFS_SALT_SIZE      /* Salt */
2253                            + 1                       /* Hash iterations */
2254                            + key_rec->enc_key_size); /* Encrypted key size */
2255         if (max_packet_size > (*remaining_bytes)) {
2256                 printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2257                        "there are only [%td] available\n", max_packet_size,
2258                        (*remaining_bytes));
2259                 rc = -EINVAL;
2260                 goto out;
2261         }
2262         dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2263         /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2264          * to get the number of octets in the actual Tag 3 packet */
2265         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2266                                           (max_packet_size - 4),
2267                                           &packet_size_length);
2268         if (rc) {
2269                 printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2270                        "generate packet length. rc = [%d]\n", rc);
2271                 goto out;
2272         }
2273         (*packet_size) += packet_size_length;
2274         dest[(*packet_size)++] = 0x04; /* version 4 */
2275         /* TODO: Break from RFC2440 so that arbitrary ciphers can be
2276          * specified with strings */
2277         cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2278                                                       crypt_stat->key_size);
2279         if (cipher_code == 0) {
2280                 ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2281                                 "cipher [%s]\n", crypt_stat->cipher);
2282                 rc = -EINVAL;
2283                 goto out;
2284         }
2285         dest[(*packet_size)++] = cipher_code;
2286         dest[(*packet_size)++] = 0x03;  /* S2K */
2287         dest[(*packet_size)++] = 0x01;  /* MD5 (TODO: parameterize) */
2288         memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2289                ECRYPTFS_SALT_SIZE);
2290         (*packet_size) += ECRYPTFS_SALT_SIZE;   /* salt */
2291         dest[(*packet_size)++] = 0x60;  /* hash iterations (65536) */
2292         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2293                key_rec->enc_key_size);
2294         (*packet_size) += key_rec->enc_key_size;
2295 out:
2296         if (rc)
2297                 (*packet_size) = 0;
2298         else
2299                 (*remaining_bytes) -= (*packet_size);
2300         return rc;
2301 }
2302
2303 struct kmem_cache *ecryptfs_key_record_cache;
2304
2305 /**
2306  * ecryptfs_generate_key_packet_set
2307  * @dest_base: Virtual address from which to write the key record set
2308  * @crypt_stat: The cryptographic context from which the
2309  *              authentication tokens will be retrieved
2310  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2311  *                   for the global parameters
2312  * @len: The amount written
2313  * @max: The maximum amount of data allowed to be written
2314  *
2315  * Generates a key packet set and writes it to the virtual address
2316  * passed in.
2317  *
2318  * Returns zero on success; non-zero on error.
2319  */
2320 int
2321 ecryptfs_generate_key_packet_set(char *dest_base,
2322                                  struct ecryptfs_crypt_stat *crypt_stat,
2323                                  struct dentry *ecryptfs_dentry, size_t *len,
2324                                  size_t max)
2325 {
2326         struct ecryptfs_auth_tok *auth_tok;
2327         struct ecryptfs_global_auth_tok *global_auth_tok;
2328         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2329                 &ecryptfs_superblock_to_private(
2330                         ecryptfs_dentry->d_sb)->mount_crypt_stat;
2331         size_t written;
2332         struct ecryptfs_key_record *key_rec;
2333         struct ecryptfs_key_sig *key_sig;
2334         int rc = 0;
2335
2336         (*len) = 0;
2337         mutex_lock(&crypt_stat->keysig_list_mutex);
2338         key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2339         if (!key_rec) {
2340                 rc = -ENOMEM;
2341                 goto out;
2342         }
2343         list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2344                             crypt_stat_list) {
2345                 memset(key_rec, 0, sizeof(*key_rec));
2346                 rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
2347                                                            mount_crypt_stat,
2348                                                            key_sig->keysig);
2349                 if (rc) {
2350                         printk(KERN_ERR "Error attempting to get the global "
2351                                "auth_tok; rc = [%d]\n", rc);
2352                         goto out_free;
2353                 }
2354                 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2355                         printk(KERN_WARNING
2356                                "Skipping invalid auth tok with sig = [%s]\n",
2357                                global_auth_tok->sig);
2358                         continue;
2359                 }
2360                 auth_tok = global_auth_tok->global_auth_tok;
2361                 if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2362                         rc = write_tag_3_packet((dest_base + (*len)),
2363                                                 &max, auth_tok,
2364                                                 crypt_stat, key_rec,
2365                                                 &written);
2366                         if (rc) {
2367                                 ecryptfs_printk(KERN_WARNING, "Error "
2368                                                 "writing tag 3 packet\n");
2369                                 goto out_free;
2370                         }
2371                         (*len) += written;
2372                         /* Write auth tok signature packet */
2373                         rc = write_tag_11_packet((dest_base + (*len)), &max,
2374                                                  key_rec->sig,
2375                                                  ECRYPTFS_SIG_SIZE, &written);
2376                         if (rc) {
2377                                 ecryptfs_printk(KERN_ERR, "Error writing "
2378                                                 "auth tok signature packet\n");
2379                                 goto out_free;
2380                         }
2381                         (*len) += written;
2382                 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2383                         rc = write_tag_1_packet(dest_base + (*len),
2384                                                 &max, auth_tok,
2385                                                 crypt_stat, key_rec, &written);
2386                         if (rc) {
2387                                 ecryptfs_printk(KERN_WARNING, "Error "
2388                                                 "writing tag 1 packet\n");
2389                                 goto out_free;
2390                         }
2391                         (*len) += written;
2392                 } else {
2393                         ecryptfs_printk(KERN_WARNING, "Unsupported "
2394                                         "authentication token type\n");
2395                         rc = -EINVAL;
2396                         goto out_free;
2397                 }
2398         }
2399         if (likely(max > 0)) {
2400                 dest_base[(*len)] = 0x00;
2401         } else {
2402                 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2403                 rc = -EIO;
2404         }
2405 out_free:
2406         kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2407 out:
2408         if (rc)
2409                 (*len) = 0;
2410         mutex_unlock(&crypt_stat->keysig_list_mutex);
2411         return rc;
2412 }
2413
2414 struct kmem_cache *ecryptfs_key_sig_cache;
2415
2416 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2417 {
2418         struct ecryptfs_key_sig *new_key_sig;
2419
2420         new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2421         if (!new_key_sig) {
2422                 printk(KERN_ERR
2423                        "Error allocating from ecryptfs_key_sig_cache\n");
2424                 return -ENOMEM;
2425         }
2426         memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2427         /* Caller must hold keysig_list_mutex */
2428         list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2429
2430         return 0;
2431 }
2432
2433 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2434
2435 int
2436 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2437                              char *sig, u32 global_auth_tok_flags)
2438 {
2439         struct ecryptfs_global_auth_tok *new_auth_tok;
2440         int rc = 0;
2441
2442         new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2443                                         GFP_KERNEL);
2444         if (!new_auth_tok) {
2445                 rc = -ENOMEM;
2446                 printk(KERN_ERR "Error allocating from "
2447                        "ecryptfs_global_auth_tok_cache\n");
2448                 goto out;
2449         }
2450         memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2451         new_auth_tok->flags = global_auth_tok_flags;
2452         new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2453         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2454         list_add(&new_auth_tok->mount_crypt_stat_list,
2455                  &mount_crypt_stat->global_auth_tok_list);
2456         mount_crypt_stat->num_global_auth_toks++;
2457         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2458 out:
2459         return rc;
2460 }
2461