Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
6b3bd08f | 2 | /* |
0b81d077 | 3 | * This contains functions for filename crypto management |
6b3bd08f JK |
4 | * |
5 | * Copyright (C) 2015, Google, Inc. | |
6 | * Copyright (C) 2015, Motorola Mobility | |
7 | * | |
6b3bd08f | 8 | * Written by Uday Savagaonkar, 2014. |
0b81d077 | 9 | * Modified by Jaegeuk Kim, 2015. |
6b3bd08f JK |
10 | * |
11 | * This has not yet undergone a rigorous security audit. | |
12 | */ | |
0b81d077 | 13 | |
6b3bd08f | 14 | #include <linux/scatterlist.h> |
6b3bd08f | 15 | #include <linux/ratelimit.h> |
a575784c | 16 | #include <crypto/skcipher.h> |
3325bea5 | 17 | #include "fscrypt_private.h" |
6b3bd08f | 18 | |
dcf0db9e EB |
19 | static inline bool fscrypt_is_dot_dotdot(const struct qstr *str) |
20 | { | |
21 | if (str->len == 1 && str->name[0] == '.') | |
22 | return true; | |
23 | ||
24 | if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.') | |
25 | return true; | |
26 | ||
27 | return false; | |
28 | } | |
29 | ||
6b3bd08f | 30 | /** |
ef1eb3aa | 31 | * fname_encrypt() - encrypt a filename |
6b3bd08f | 32 | * |
50c961de EB |
33 | * The output buffer must be at least as large as the input buffer. |
34 | * Any extra space is filled with NUL padding before encryption. | |
ef1eb3aa EB |
35 | * |
36 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 37 | */ |
50c961de EB |
38 | int fname_encrypt(struct inode *inode, const struct qstr *iname, |
39 | u8 *out, unsigned int olen) | |
6b3bd08f | 40 | { |
2731a944 | 41 | struct skcipher_request *req = NULL; |
d0082e1a | 42 | DECLARE_CRYPTO_WAIT(wait); |
50c961de | 43 | struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm; |
6b3bd08f | 44 | int res = 0; |
0b81d077 | 45 | char iv[FS_CRYPTO_BLOCK_SIZE]; |
08ae877f | 46 | struct scatterlist sg; |
6b3bd08f | 47 | |
08ae877f EB |
48 | /* |
49 | * Copy the filename to the output buffer for encrypting in-place and | |
50 | * pad it with the needed number of NUL bytes. | |
51 | */ | |
50c961de | 52 | if (WARN_ON(olen < iname->len)) |
76e81d6d | 53 | return -ENOBUFS; |
50c961de EB |
54 | memcpy(out, iname->name, iname->len); |
55 | memset(out + iname->len, 0, olen - iname->len); | |
6b3bd08f | 56 | |
08ae877f EB |
57 | /* Initialize the IV */ |
58 | memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); | |
6b3bd08f | 59 | |
08ae877f | 60 | /* Set up the encryption request */ |
2731a944 | 61 | req = skcipher_request_alloc(tfm, GFP_NOFS); |
6b3bd08f JK |
62 | if (!req) { |
63 | printk_ratelimited(KERN_ERR | |
08ae877f | 64 | "%s: skcipher_request_alloc() failed\n", __func__); |
6b3bd08f JK |
65 | return -ENOMEM; |
66 | } | |
2731a944 | 67 | skcipher_request_set_callback(req, |
6b3bd08f | 68 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, |
d0082e1a | 69 | crypto_req_done, &wait); |
50c961de EB |
70 | sg_init_one(&sg, out, olen); |
71 | skcipher_request_set_crypt(req, &sg, &sg, olen, iv); | |
6b3bd08f | 72 | |
08ae877f | 73 | /* Do the encryption */ |
d0082e1a | 74 | res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); |
2731a944 | 75 | skcipher_request_free(req); |
ef1eb3aa | 76 | if (res < 0) { |
6b3bd08f JK |
77 | printk_ratelimited(KERN_ERR |
78 | "%s: Error (error code %d)\n", __func__, res); | |
ef1eb3aa EB |
79 | return res; |
80 | } | |
0b81d077 | 81 | |
ef1eb3aa | 82 | return 0; |
6b3bd08f JK |
83 | } |
84 | ||
ef1eb3aa EB |
85 | /** |
86 | * fname_decrypt() - decrypt a filename | |
87 | * | |
88 | * The caller must have allocated sufficient memory for the @oname string. | |
89 | * | |
90 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 91 | */ |
0b81d077 JK |
92 | static int fname_decrypt(struct inode *inode, |
93 | const struct fscrypt_str *iname, | |
94 | struct fscrypt_str *oname) | |
6b3bd08f | 95 | { |
2731a944 | 96 | struct skcipher_request *req = NULL; |
d0082e1a | 97 | DECLARE_CRYPTO_WAIT(wait); |
6b3bd08f | 98 | struct scatterlist src_sg, dst_sg; |
0b81d077 | 99 | struct fscrypt_info *ci = inode->i_crypt_info; |
2731a944 | 100 | struct crypto_skcipher *tfm = ci->ci_ctfm; |
6b3bd08f | 101 | int res = 0; |
0b81d077 JK |
102 | char iv[FS_CRYPTO_BLOCK_SIZE]; |
103 | unsigned lim; | |
6b3bd08f | 104 | |
0b81d077 | 105 | lim = inode->i_sb->s_cop->max_namelen(inode); |
6b3bd08f JK |
106 | if (iname->len <= 0 || iname->len > lim) |
107 | return -EIO; | |
108 | ||
109 | /* Allocate request */ | |
2731a944 | 110 | req = skcipher_request_alloc(tfm, GFP_NOFS); |
6b3bd08f JK |
111 | if (!req) { |
112 | printk_ratelimited(KERN_ERR | |
113 | "%s: crypto_request_alloc() failed\n", __func__); | |
114 | return -ENOMEM; | |
115 | } | |
2731a944 | 116 | skcipher_request_set_callback(req, |
6b3bd08f | 117 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, |
d0082e1a | 118 | crypto_req_done, &wait); |
6b3bd08f JK |
119 | |
120 | /* Initialize IV */ | |
0b81d077 | 121 | memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); |
6b3bd08f JK |
122 | |
123 | /* Create decryption request */ | |
124 | sg_init_one(&src_sg, iname->name, iname->len); | |
125 | sg_init_one(&dst_sg, oname->name, oname->len); | |
2731a944 | 126 | skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv); |
d0082e1a | 127 | res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait); |
2731a944 | 128 | skcipher_request_free(req); |
6b3bd08f JK |
129 | if (res < 0) { |
130 | printk_ratelimited(KERN_ERR | |
0b81d077 | 131 | "%s: Error (error code %d)\n", __func__, res); |
6b3bd08f JK |
132 | return res; |
133 | } | |
134 | ||
135 | oname->len = strnlen(oname->name, iname->len); | |
ef1eb3aa | 136 | return 0; |
6b3bd08f JK |
137 | } |
138 | ||
139 | static const char *lookup_table = | |
140 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; | |
141 | ||
17159420 EB |
142 | #define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3) |
143 | ||
6b3bd08f | 144 | /** |
0b81d077 | 145 | * digest_encode() - |
6b3bd08f JK |
146 | * |
147 | * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. | |
148 | * The encoded string is roughly 4/3 times the size of the input string. | |
149 | */ | |
150 | static int digest_encode(const char *src, int len, char *dst) | |
151 | { | |
152 | int i = 0, bits = 0, ac = 0; | |
153 | char *cp = dst; | |
154 | ||
155 | while (i < len) { | |
156 | ac += (((unsigned char) src[i]) << bits); | |
157 | bits += 8; | |
158 | do { | |
159 | *cp++ = lookup_table[ac & 0x3f]; | |
160 | ac >>= 6; | |
161 | bits -= 6; | |
162 | } while (bits >= 6); | |
163 | i++; | |
164 | } | |
165 | if (bits) | |
166 | *cp++ = lookup_table[ac & 0x3f]; | |
167 | return cp - dst; | |
168 | } | |
169 | ||
170 | static int digest_decode(const char *src, int len, char *dst) | |
171 | { | |
172 | int i = 0, bits = 0, ac = 0; | |
173 | const char *p; | |
174 | char *cp = dst; | |
175 | ||
176 | while (i < len) { | |
177 | p = strchr(lookup_table, src[i]); | |
178 | if (p == NULL || src[i] == 0) | |
179 | return -2; | |
180 | ac += (p - lookup_table) << bits; | |
181 | bits += 6; | |
182 | if (bits >= 8) { | |
183 | *cp++ = ac & 0xff; | |
184 | ac >>= 8; | |
185 | bits -= 8; | |
186 | } | |
187 | i++; | |
188 | } | |
189 | if (ac) | |
190 | return -1; | |
191 | return cp - dst; | |
192 | } | |
193 | ||
0b93e1b9 | 194 | u32 fscrypt_fname_encrypted_size(const struct inode *inode, u32 ilen) |
6b3bd08f | 195 | { |
922ec355 | 196 | int padding = 32; |
0b81d077 | 197 | struct fscrypt_info *ci = inode->i_crypt_info; |
922ec355 CY |
198 | |
199 | if (ci) | |
0b81d077 | 200 | padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); |
55be3145 EB |
201 | ilen = max(ilen, (u32)FS_CRYPTO_BLOCK_SIZE); |
202 | return round_up(ilen, padding); | |
6b3bd08f | 203 | } |
0b81d077 | 204 | EXPORT_SYMBOL(fscrypt_fname_encrypted_size); |
6b3bd08f JK |
205 | |
206 | /** | |
0b81d077 | 207 | * fscrypt_fname_crypto_alloc_obuff() - |
6b3bd08f JK |
208 | * |
209 | * Allocates an output buffer that is sufficient for the crypto operation | |
210 | * specified by the context and the direction. | |
211 | */ | |
0b93e1b9 | 212 | int fscrypt_fname_alloc_buffer(const struct inode *inode, |
0b81d077 | 213 | u32 ilen, struct fscrypt_str *crypto_str) |
6b3bd08f | 214 | { |
17159420 EB |
215 | u32 olen = fscrypt_fname_encrypted_size(inode, ilen); |
216 | const u32 max_encoded_len = | |
217 | max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE), | |
218 | 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))); | |
6b3bd08f | 219 | |
6b3bd08f | 220 | crypto_str->len = olen; |
17159420 EB |
221 | olen = max(olen, max_encoded_len); |
222 | ||
0b81d077 JK |
223 | /* |
224 | * Allocated buffer can hold one more character to null-terminate the | |
225 | * string | |
226 | */ | |
6b3bd08f JK |
227 | crypto_str->name = kmalloc(olen + 1, GFP_NOFS); |
228 | if (!(crypto_str->name)) | |
229 | return -ENOMEM; | |
230 | return 0; | |
231 | } | |
0b81d077 | 232 | EXPORT_SYMBOL(fscrypt_fname_alloc_buffer); |
6b3bd08f JK |
233 | |
234 | /** | |
0b81d077 | 235 | * fscrypt_fname_crypto_free_buffer() - |
6b3bd08f JK |
236 | * |
237 | * Frees the buffer allocated for crypto operation. | |
238 | */ | |
0b81d077 | 239 | void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) |
6b3bd08f JK |
240 | { |
241 | if (!crypto_str) | |
242 | return; | |
243 | kfree(crypto_str->name); | |
244 | crypto_str->name = NULL; | |
245 | } | |
0b81d077 | 246 | EXPORT_SYMBOL(fscrypt_fname_free_buffer); |
6b3bd08f JK |
247 | |
248 | /** | |
0b81d077 JK |
249 | * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user |
250 | * space | |
ef1eb3aa EB |
251 | * |
252 | * The caller must have allocated sufficient memory for the @oname string. | |
253 | * | |
17159420 EB |
254 | * If the key is available, we'll decrypt the disk name; otherwise, we'll encode |
255 | * it for presentation. Short names are directly base64-encoded, while long | |
256 | * names are encoded in fscrypt_digested_name format. | |
257 | * | |
ef1eb3aa | 258 | * Return: 0 on success, -errno on failure |
6b3bd08f | 259 | */ |
0b81d077 JK |
260 | int fscrypt_fname_disk_to_usr(struct inode *inode, |
261 | u32 hash, u32 minor_hash, | |
262 | const struct fscrypt_str *iname, | |
263 | struct fscrypt_str *oname) | |
6b3bd08f JK |
264 | { |
265 | const struct qstr qname = FSTR_TO_QSTR(iname); | |
17159420 | 266 | struct fscrypt_digested_name digested_name; |
6b3bd08f | 267 | |
0b81d077 | 268 | if (fscrypt_is_dot_dotdot(&qname)) { |
6b3bd08f JK |
269 | oname->name[0] = '.'; |
270 | oname->name[iname->len - 1] = '.'; | |
271 | oname->len = iname->len; | |
ef1eb3aa | 272 | return 0; |
6b3bd08f JK |
273 | } |
274 | ||
0b81d077 | 275 | if (iname->len < FS_CRYPTO_BLOCK_SIZE) |
1dafa51d | 276 | return -EUCLEAN; |
6b3bd08f | 277 | |
0b81d077 JK |
278 | if (inode->i_crypt_info) |
279 | return fname_decrypt(inode, iname, oname); | |
280 | ||
17159420 | 281 | if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { |
ef1eb3aa EB |
282 | oname->len = digest_encode(iname->name, iname->len, |
283 | oname->name); | |
284 | return 0; | |
6b3bd08f JK |
285 | } |
286 | if (hash) { | |
17159420 EB |
287 | digested_name.hash = hash; |
288 | digested_name.minor_hash = minor_hash; | |
0b81d077 | 289 | } else { |
17159420 EB |
290 | digested_name.hash = 0; |
291 | digested_name.minor_hash = 0; | |
0b81d077 | 292 | } |
17159420 EB |
293 | memcpy(digested_name.digest, |
294 | FSCRYPT_FNAME_DIGEST(iname->name, iname->len), | |
295 | FSCRYPT_FNAME_DIGEST_SIZE); | |
6b3bd08f | 296 | oname->name[0] = '_'; |
17159420 EB |
297 | oname->len = 1 + digest_encode((const char *)&digested_name, |
298 | sizeof(digested_name), oname->name + 1); | |
ef1eb3aa | 299 | return 0; |
6b3bd08f | 300 | } |
0b81d077 | 301 | EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); |
6b3bd08f | 302 | |
17159420 EB |
303 | /** |
304 | * fscrypt_setup_filename() - prepare to search a possibly encrypted directory | |
305 | * @dir: the directory that will be searched | |
306 | * @iname: the user-provided filename being searched for | |
307 | * @lookup: 1 if we're allowed to proceed without the key because it's | |
308 | * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot | |
309 | * proceed without the key because we're going to create the dir_entry. | |
310 | * @fname: the filename information to be filled in | |
311 | * | |
312 | * Given a user-provided filename @iname, this function sets @fname->disk_name | |
313 | * to the name that would be stored in the on-disk directory entry, if possible. | |
314 | * If the directory is unencrypted this is simply @iname. Else, if we have the | |
315 | * directory's encryption key, then @iname is the plaintext, so we encrypt it to | |
316 | * get the disk_name. | |
317 | * | |
318 | * Else, for keyless @lookup operations, @iname is the presented ciphertext, so | |
319 | * we decode it to get either the ciphertext disk_name (for short names) or the | |
320 | * fscrypt_digested_name (for long names). Non-@lookup operations will be | |
321 | * impossible in this case, so we fail them with ENOKEY. | |
322 | * | |
323 | * If successful, fscrypt_free_filename() must be called later to clean up. | |
324 | * | |
325 | * Return: 0 on success, -errno on failure | |
326 | */ | |
0b81d077 JK |
327 | int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, |
328 | int lookup, struct fscrypt_name *fname) | |
6b3bd08f | 329 | { |
17159420 EB |
330 | int ret; |
331 | int digested; | |
6b3bd08f | 332 | |
0b81d077 | 333 | memset(fname, 0, sizeof(struct fscrypt_name)); |
6b3bd08f JK |
334 | fname->usr_fname = iname; |
335 | ||
e0428a26 | 336 | if (!IS_ENCRYPTED(dir) || fscrypt_is_dot_dotdot(iname)) { |
6b3bd08f JK |
337 | fname->disk_name.name = (unsigned char *)iname->name; |
338 | fname->disk_name.len = iname->len; | |
7bf4b557 | 339 | return 0; |
6b3bd08f | 340 | } |
1b53cf98 | 341 | ret = fscrypt_get_encryption_info(dir); |
0b81d077 | 342 | if (ret && ret != -EOPNOTSUPP) |
6b3bd08f | 343 | return ret; |
0b81d077 JK |
344 | |
345 | if (dir->i_crypt_info) { | |
50c961de EB |
346 | unsigned int max_len = dir->i_sb->s_cop->max_namelen(dir); |
347 | ||
348 | if (iname->len > max_len) | |
349 | return -ENAMETOOLONG; | |
350 | ||
351 | fname->crypto_buf.len = | |
352 | min(fscrypt_fname_encrypted_size(dir, iname->len), | |
353 | max_len); | |
354 | fname->crypto_buf.name = kmalloc(fname->crypto_buf.len, | |
355 | GFP_NOFS); | |
356 | if (!fname->crypto_buf.name) | |
357 | return -ENOMEM; | |
358 | ||
359 | ret = fname_encrypt(dir, iname, fname->crypto_buf.name, | |
360 | fname->crypto_buf.len); | |
ef1eb3aa | 361 | if (ret) |
e5e0906b | 362 | goto errout; |
6b3bd08f JK |
363 | fname->disk_name.name = fname->crypto_buf.name; |
364 | fname->disk_name.len = fname->crypto_buf.len; | |
7bf4b557 | 365 | return 0; |
6b3bd08f | 366 | } |
e5e0906b | 367 | if (!lookup) |
54475f53 | 368 | return -ENOKEY; |
6b3bd08f | 369 | |
0b81d077 JK |
370 | /* |
371 | * We don't have the key and we are doing a lookup; decode the | |
6b3bd08f JK |
372 | * user-supplied name |
373 | */ | |
17159420 EB |
374 | if (iname->name[0] == '_') { |
375 | if (iname->len != | |
376 | 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))) | |
377 | return -ENOENT; | |
378 | digested = 1; | |
379 | } else { | |
380 | if (iname->len > | |
381 | BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)) | |
382 | return -ENOENT; | |
383 | digested = 0; | |
384 | } | |
e5e0906b | 385 | |
17159420 EB |
386 | fname->crypto_buf.name = |
387 | kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE, | |
388 | sizeof(struct fscrypt_digested_name)), | |
389 | GFP_KERNEL); | |
e5e0906b JK |
390 | if (fname->crypto_buf.name == NULL) |
391 | return -ENOMEM; | |
0b81d077 | 392 | |
17159420 | 393 | ret = digest_decode(iname->name + digested, iname->len - digested, |
6b3bd08f JK |
394 | fname->crypto_buf.name); |
395 | if (ret < 0) { | |
396 | ret = -ENOENT; | |
e5e0906b | 397 | goto errout; |
6b3bd08f JK |
398 | } |
399 | fname->crypto_buf.len = ret; | |
17159420 EB |
400 | if (digested) { |
401 | const struct fscrypt_digested_name *n = | |
402 | (const void *)fname->crypto_buf.name; | |
403 | fname->hash = n->hash; | |
404 | fname->minor_hash = n->minor_hash; | |
6b3bd08f JK |
405 | } else { |
406 | fname->disk_name.name = fname->crypto_buf.name; | |
407 | fname->disk_name.len = fname->crypto_buf.len; | |
408 | } | |
7bf4b557 | 409 | return 0; |
0b81d077 | 410 | |
e5e0906b | 411 | errout: |
50c961de | 412 | kfree(fname->crypto_buf.name); |
6b3bd08f JK |
413 | return ret; |
414 | } | |
0b81d077 | 415 | EXPORT_SYMBOL(fscrypt_setup_filename); |