2 * This contains functions for filename crypto management
4 * Copyright (C) 2015, Google, Inc.
5 * Copyright (C) 2015, Motorola Mobility
7 * Written by Uday Savagaonkar, 2014.
8 * Modified by Jaegeuk Kim, 2015.
10 * This has not yet undergone a rigorous security audit.
13 #include <crypto/hash.h>
14 #include <crypto/sha.h>
15 #include <keys/encrypted-type.h>
16 #include <keys/user-type.h>
17 #include <linux/crypto.h>
18 #include <linux/scatterlist.h>
19 #include <linux/ratelimit.h>
20 #include <linux/fscrypto.h>
22 static u32
size_round_up(size_t size
, size_t blksize
)
24 return ((size
+ blksize
- 1) / blksize
) * blksize
;
28 * dir_crypt_complete() -
30 static void dir_crypt_complete(struct crypto_async_request
*req
, int res
)
32 struct fscrypt_completion_result
*ecr
= req
->data
;
34 if (res
== -EINPROGRESS
)
37 complete(&ecr
->completion
);
43 * This function encrypts the input filename, and returns the length of the
44 * ciphertext. Errors are returned as negative numbers. We trust the caller to
45 * allocate sufficient memory to oname string.
47 static int fname_encrypt(struct inode
*inode
,
48 const struct qstr
*iname
, struct fscrypt_str
*oname
)
51 struct ablkcipher_request
*req
= NULL
;
52 DECLARE_FS_COMPLETION_RESULT(ecr
);
53 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
54 struct crypto_ablkcipher
*tfm
= ci
->ci_ctfm
;
56 char iv
[FS_CRYPTO_BLOCK_SIZE
];
57 struct scatterlist src_sg
, dst_sg
;
58 int padding
= 4 << (ci
->ci_flags
& FS_POLICY_FLAGS_PAD_MASK
);
59 char *workbuf
, buf
[32], *alloc_buf
= NULL
;
62 lim
= inode
->i_sb
->s_cop
->max_namelen(inode
);
63 if (iname
->len
<= 0 || iname
->len
> lim
)
66 ciphertext_len
= (iname
->len
< FS_CRYPTO_BLOCK_SIZE
) ?
67 FS_CRYPTO_BLOCK_SIZE
: iname
->len
;
68 ciphertext_len
= size_round_up(ciphertext_len
, padding
);
69 ciphertext_len
= (ciphertext_len
> lim
) ? lim
: ciphertext_len
;
71 if (ciphertext_len
<= sizeof(buf
)) {
74 alloc_buf
= kmalloc(ciphertext_len
, GFP_NOFS
);
80 /* Allocate request */
81 req
= ablkcipher_request_alloc(tfm
, GFP_NOFS
);
83 printk_ratelimited(KERN_ERR
84 "%s: crypto_request_alloc() failed\n", __func__
);
88 ablkcipher_request_set_callback(req
,
89 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
90 dir_crypt_complete
, &ecr
);
93 memcpy(workbuf
, iname
->name
, iname
->len
);
94 if (iname
->len
< ciphertext_len
)
95 memset(workbuf
+ iname
->len
, 0, ciphertext_len
- iname
->len
);
98 memset(iv
, 0, FS_CRYPTO_BLOCK_SIZE
);
100 /* Create encryption request */
101 sg_init_one(&src_sg
, workbuf
, ciphertext_len
);
102 sg_init_one(&dst_sg
, oname
->name
, ciphertext_len
);
103 ablkcipher_request_set_crypt(req
, &src_sg
, &dst_sg
, ciphertext_len
, iv
);
104 res
= crypto_ablkcipher_encrypt(req
);
105 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
106 wait_for_completion(&ecr
.completion
);
110 ablkcipher_request_free(req
);
112 printk_ratelimited(KERN_ERR
113 "%s: Error (error code %d)\n", __func__
, res
);
115 oname
->len
= ciphertext_len
;
121 * This function decrypts the input filename, and returns
122 * the length of the plaintext.
123 * Errors are returned as negative numbers.
124 * We trust the caller to allocate sufficient memory to oname string.
126 static int fname_decrypt(struct inode
*inode
,
127 const struct fscrypt_str
*iname
,
128 struct fscrypt_str
*oname
)
130 struct ablkcipher_request
*req
= NULL
;
131 DECLARE_FS_COMPLETION_RESULT(ecr
);
132 struct scatterlist src_sg
, dst_sg
;
133 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
134 struct crypto_ablkcipher
*tfm
= ci
->ci_ctfm
;
136 char iv
[FS_CRYPTO_BLOCK_SIZE
];
139 lim
= inode
->i_sb
->s_cop
->max_namelen(inode
);
140 if (iname
->len
<= 0 || iname
->len
> lim
)
143 /* Allocate request */
144 req
= ablkcipher_request_alloc(tfm
, GFP_NOFS
);
146 printk_ratelimited(KERN_ERR
147 "%s: crypto_request_alloc() failed\n", __func__
);
150 ablkcipher_request_set_callback(req
,
151 CRYPTO_TFM_REQ_MAY_BACKLOG
| CRYPTO_TFM_REQ_MAY_SLEEP
,
152 dir_crypt_complete
, &ecr
);
155 memset(iv
, 0, FS_CRYPTO_BLOCK_SIZE
);
157 /* Create decryption request */
158 sg_init_one(&src_sg
, iname
->name
, iname
->len
);
159 sg_init_one(&dst_sg
, oname
->name
, oname
->len
);
160 ablkcipher_request_set_crypt(req
, &src_sg
, &dst_sg
, iname
->len
, iv
);
161 res
= crypto_ablkcipher_decrypt(req
);
162 if (res
== -EINPROGRESS
|| res
== -EBUSY
) {
163 wait_for_completion(&ecr
.completion
);
166 ablkcipher_request_free(req
);
168 printk_ratelimited(KERN_ERR
169 "%s: Error (error code %d)\n", __func__
, res
);
173 oname
->len
= strnlen(oname
->name
, iname
->len
);
177 static const char *lookup_table
=
178 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
183 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
184 * The encoded string is roughly 4/3 times the size of the input string.
186 static int digest_encode(const char *src
, int len
, char *dst
)
188 int i
= 0, bits
= 0, ac
= 0;
192 ac
+= (((unsigned char) src
[i
]) << bits
);
195 *cp
++ = lookup_table
[ac
& 0x3f];
202 *cp
++ = lookup_table
[ac
& 0x3f];
206 static int digest_decode(const char *src
, int len
, char *dst
)
208 int i
= 0, bits
= 0, ac
= 0;
213 p
= strchr(lookup_table
, src
[i
]);
214 if (p
== NULL
|| src
[i
] == 0)
216 ac
+= (p
- lookup_table
) << bits
;
230 u32
fscrypt_fname_encrypted_size(struct inode
*inode
, u32 ilen
)
233 struct fscrypt_info
*ci
= inode
->i_crypt_info
;
236 padding
= 4 << (ci
->ci_flags
& FS_POLICY_FLAGS_PAD_MASK
);
237 if (ilen
< FS_CRYPTO_BLOCK_SIZE
)
238 ilen
= FS_CRYPTO_BLOCK_SIZE
;
239 return size_round_up(ilen
, padding
);
241 EXPORT_SYMBOL(fscrypt_fname_encrypted_size
);
244 * fscrypt_fname_crypto_alloc_obuff() -
246 * Allocates an output buffer that is sufficient for the crypto operation
247 * specified by the context and the direction.
249 int fscrypt_fname_alloc_buffer(struct inode
*inode
,
250 u32 ilen
, struct fscrypt_str
*crypto_str
)
252 unsigned int olen
= fscrypt_fname_encrypted_size(inode
, ilen
);
254 crypto_str
->len
= olen
;
255 if (olen
< FS_FNAME_CRYPTO_DIGEST_SIZE
* 2)
256 olen
= FS_FNAME_CRYPTO_DIGEST_SIZE
* 2;
258 * Allocated buffer can hold one more character to null-terminate the
261 crypto_str
->name
= kmalloc(olen
+ 1, GFP_NOFS
);
262 if (!(crypto_str
->name
))
266 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer
);
269 * fscrypt_fname_crypto_free_buffer() -
271 * Frees the buffer allocated for crypto operation.
273 void fscrypt_fname_free_buffer(struct fscrypt_str
*crypto_str
)
277 kfree(crypto_str
->name
);
278 crypto_str
->name
= NULL
;
280 EXPORT_SYMBOL(fscrypt_fname_free_buffer
);
283 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user
286 int fscrypt_fname_disk_to_usr(struct inode
*inode
,
287 u32 hash
, u32 minor_hash
,
288 const struct fscrypt_str
*iname
,
289 struct fscrypt_str
*oname
)
291 const struct qstr qname
= FSTR_TO_QSTR(iname
);
295 if (fscrypt_is_dot_dotdot(&qname
)) {
296 oname
->name
[0] = '.';
297 oname
->name
[iname
->len
- 1] = '.';
298 oname
->len
= iname
->len
;
302 if (iname
->len
< FS_CRYPTO_BLOCK_SIZE
)
305 if (inode
->i_crypt_info
)
306 return fname_decrypt(inode
, iname
, oname
);
308 if (iname
->len
<= FS_FNAME_CRYPTO_DIGEST_SIZE
) {
309 ret
= digest_encode(iname
->name
, iname
->len
, oname
->name
);
314 memcpy(buf
, &hash
, 4);
315 memcpy(buf
+ 4, &minor_hash
, 4);
319 memcpy(buf
+ 8, iname
->name
+ iname
->len
- 16, 16);
320 oname
->name
[0] = '_';
321 ret
= digest_encode(buf
, 24, oname
->name
+ 1);
322 oname
->len
= ret
+ 1;
325 EXPORT_SYMBOL(fscrypt_fname_disk_to_usr
);
328 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk
331 int fscrypt_fname_usr_to_disk(struct inode
*inode
,
332 const struct qstr
*iname
,
333 struct fscrypt_str
*oname
)
335 if (fscrypt_is_dot_dotdot(iname
)) {
336 oname
->name
[0] = '.';
337 oname
->name
[iname
->len
- 1] = '.';
338 oname
->len
= iname
->len
;
341 if (inode
->i_crypt_info
)
342 return fname_encrypt(inode
, iname
, oname
);
344 * Without a proper key, a user is not allowed to modify the filenames
345 * in a directory. Consequently, a user space name cannot be mapped to
350 EXPORT_SYMBOL(fscrypt_fname_usr_to_disk
);
352 int fscrypt_setup_filename(struct inode
*dir
, const struct qstr
*iname
,
353 int lookup
, struct fscrypt_name
*fname
)
355 int ret
= 0, bigname
= 0;
357 memset(fname
, 0, sizeof(struct fscrypt_name
));
358 fname
->usr_fname
= iname
;
360 if (!dir
->i_sb
->s_cop
->is_encrypted(dir
) ||
361 fscrypt_is_dot_dotdot(iname
)) {
362 fname
->disk_name
.name
= (unsigned char *)iname
->name
;
363 fname
->disk_name
.len
= iname
->len
;
366 ret
= get_crypt_info(dir
);
367 if (ret
&& ret
!= -EOPNOTSUPP
)
370 if (dir
->i_crypt_info
) {
371 ret
= fscrypt_fname_alloc_buffer(dir
, iname
->len
,
375 ret
= fname_encrypt(dir
, iname
, &fname
->crypto_buf
);
378 fname
->disk_name
.name
= fname
->crypto_buf
.name
;
379 fname
->disk_name
.len
= fname
->crypto_buf
.len
;
386 * We don't have the key and we are doing a lookup; decode the
389 if (iname
->name
[0] == '_')
391 if ((bigname
&& (iname
->len
!= 33)) || (!bigname
&& (iname
->len
> 43)))
394 fname
->crypto_buf
.name
= kmalloc(32, GFP_KERNEL
);
395 if (fname
->crypto_buf
.name
== NULL
)
398 ret
= digest_decode(iname
->name
+ bigname
, iname
->len
- bigname
,
399 fname
->crypto_buf
.name
);
404 fname
->crypto_buf
.len
= ret
;
406 memcpy(&fname
->hash
, fname
->crypto_buf
.name
, 4);
407 memcpy(&fname
->minor_hash
, fname
->crypto_buf
.name
+ 4, 4);
409 fname
->disk_name
.name
= fname
->crypto_buf
.name
;
410 fname
->disk_name
.len
= fname
->crypto_buf
.len
;
415 fscrypt_fname_free_buffer(&fname
->crypto_buf
);
418 EXPORT_SYMBOL(fscrypt_setup_filename
);
420 void fscrypt_free_filename(struct fscrypt_name
*fname
)
422 kfree(fname
->crypto_buf
.name
);
423 fname
->crypto_buf
.name
= NULL
;
424 fname
->usr_fname
= NULL
;
425 fname
->disk_name
.name
= NULL
;
427 EXPORT_SYMBOL(fscrypt_free_filename
);