Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
6b3bd08f | 2 | /* |
0b81d077 | 3 | * This contains functions for filename crypto management |
6b3bd08f JK |
4 | * |
5 | * Copyright (C) 2015, Google, Inc. | |
6 | * Copyright (C) 2015, Motorola Mobility | |
7 | * | |
6b3bd08f | 8 | * Written by Uday Savagaonkar, 2014. |
0b81d077 | 9 | * Modified by Jaegeuk Kim, 2015. |
6b3bd08f JK |
10 | * |
11 | * This has not yet undergone a rigorous security audit. | |
12 | */ | |
0b81d077 | 13 | |
6b3bd08f | 14 | #include <linux/scatterlist.h> |
a575784c | 15 | #include <crypto/skcipher.h> |
3325bea5 | 16 | #include "fscrypt_private.h" |
6b3bd08f | 17 | |
dcf0db9e EB |
18 | static inline bool fscrypt_is_dot_dotdot(const struct qstr *str) |
19 | { | |
20 | if (str->len == 1 && str->name[0] == '.') | |
21 | return true; | |
22 | ||
23 | if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.') | |
24 | return true; | |
25 | ||
26 | return false; | |
27 | } | |
28 | ||
6b3bd08f | 29 | /** |
ef1eb3aa | 30 | * fname_encrypt() - encrypt a filename |
6b3bd08f | 31 | * |
50c961de EB |
32 | * The output buffer must be at least as large as the input buffer. |
33 | * Any extra space is filled with NUL padding before encryption. | |
ef1eb3aa EB |
34 | * |
35 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 36 | */ |
8a4ab0b8 | 37 | int fname_encrypt(const struct inode *inode, const struct qstr *iname, |
50c961de | 38 | u8 *out, unsigned int olen) |
6b3bd08f | 39 | { |
2731a944 | 40 | struct skcipher_request *req = NULL; |
d0082e1a | 41 | DECLARE_CRYPTO_WAIT(wait); |
8a4ab0b8 | 42 | const struct fscrypt_info *ci = inode->i_crypt_info; |
8094c3ce EB |
43 | struct crypto_skcipher *tfm = ci->ci_ctfm; |
44 | union fscrypt_iv iv; | |
08ae877f | 45 | struct scatterlist sg; |
8094c3ce | 46 | int res; |
6b3bd08f | 47 | |
08ae877f EB |
48 | /* |
49 | * Copy the filename to the output buffer for encrypting in-place and | |
50 | * pad it with the needed number of NUL bytes. | |
51 | */ | |
50c961de | 52 | if (WARN_ON(olen < iname->len)) |
76e81d6d | 53 | return -ENOBUFS; |
50c961de EB |
54 | memcpy(out, iname->name, iname->len); |
55 | memset(out + iname->len, 0, olen - iname->len); | |
6b3bd08f | 56 | |
08ae877f | 57 | /* Initialize the IV */ |
8094c3ce | 58 | fscrypt_generate_iv(&iv, 0, ci); |
6b3bd08f | 59 | |
08ae877f | 60 | /* Set up the encryption request */ |
2731a944 | 61 | req = skcipher_request_alloc(tfm, GFP_NOFS); |
c90fd775 | 62 | if (!req) |
6b3bd08f | 63 | return -ENOMEM; |
2731a944 | 64 | skcipher_request_set_callback(req, |
6b3bd08f | 65 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, |
d0082e1a | 66 | crypto_req_done, &wait); |
50c961de | 67 | sg_init_one(&sg, out, olen); |
8094c3ce | 68 | skcipher_request_set_crypt(req, &sg, &sg, olen, &iv); |
6b3bd08f | 69 | |
08ae877f | 70 | /* Do the encryption */ |
d0082e1a | 71 | res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); |
2731a944 | 72 | skcipher_request_free(req); |
ef1eb3aa | 73 | if (res < 0) { |
886da8b3 | 74 | fscrypt_err(inode, "Filename encryption failed: %d", res); |
ef1eb3aa EB |
75 | return res; |
76 | } | |
0b81d077 | 77 | |
ef1eb3aa | 78 | return 0; |
6b3bd08f JK |
79 | } |
80 | ||
ef1eb3aa EB |
81 | /** |
82 | * fname_decrypt() - decrypt a filename | |
83 | * | |
84 | * The caller must have allocated sufficient memory for the @oname string. | |
85 | * | |
86 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 87 | */ |
8a4ab0b8 EB |
88 | static int fname_decrypt(const struct inode *inode, |
89 | const struct fscrypt_str *iname, | |
90 | struct fscrypt_str *oname) | |
6b3bd08f | 91 | { |
2731a944 | 92 | struct skcipher_request *req = NULL; |
d0082e1a | 93 | DECLARE_CRYPTO_WAIT(wait); |
6b3bd08f | 94 | struct scatterlist src_sg, dst_sg; |
8a4ab0b8 | 95 | const struct fscrypt_info *ci = inode->i_crypt_info; |
8094c3ce EB |
96 | struct crypto_skcipher *tfm = ci->ci_ctfm; |
97 | union fscrypt_iv iv; | |
98 | int res; | |
6b3bd08f | 99 | |
6b3bd08f | 100 | /* Allocate request */ |
2731a944 | 101 | req = skcipher_request_alloc(tfm, GFP_NOFS); |
c90fd775 | 102 | if (!req) |
6b3bd08f | 103 | return -ENOMEM; |
2731a944 | 104 | skcipher_request_set_callback(req, |
6b3bd08f | 105 | CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, |
d0082e1a | 106 | crypto_req_done, &wait); |
6b3bd08f JK |
107 | |
108 | /* Initialize IV */ | |
8094c3ce | 109 | fscrypt_generate_iv(&iv, 0, ci); |
6b3bd08f JK |
110 | |
111 | /* Create decryption request */ | |
112 | sg_init_one(&src_sg, iname->name, iname->len); | |
113 | sg_init_one(&dst_sg, oname->name, oname->len); | |
8094c3ce | 114 | skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, &iv); |
d0082e1a | 115 | res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait); |
2731a944 | 116 | skcipher_request_free(req); |
6b3bd08f | 117 | if (res < 0) { |
886da8b3 | 118 | fscrypt_err(inode, "Filename decryption failed: %d", res); |
6b3bd08f JK |
119 | return res; |
120 | } | |
121 | ||
122 | oname->len = strnlen(oname->name, iname->len); | |
ef1eb3aa | 123 | return 0; |
6b3bd08f JK |
124 | } |
125 | ||
1c5100a2 | 126 | static const char lookup_table[65] = |
6b3bd08f JK |
127 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; |
128 | ||
17159420 EB |
129 | #define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3) |
130 | ||
6b3bd08f | 131 | /** |
1c5100a2 | 132 | * base64_encode() - |
6b3bd08f | 133 | * |
1c5100a2 | 134 | * Encodes the input string using characters from the set [A-Za-z0-9+,]. |
6b3bd08f | 135 | * The encoded string is roughly 4/3 times the size of the input string. |
1c5100a2 EB |
136 | * |
137 | * Return: length of the encoded string | |
6b3bd08f | 138 | */ |
1c5100a2 | 139 | static int base64_encode(const u8 *src, int len, char *dst) |
6b3bd08f | 140 | { |
1c5100a2 | 141 | int i, bits = 0, ac = 0; |
6b3bd08f JK |
142 | char *cp = dst; |
143 | ||
1c5100a2 EB |
144 | for (i = 0; i < len; i++) { |
145 | ac += src[i] << bits; | |
6b3bd08f JK |
146 | bits += 8; |
147 | do { | |
148 | *cp++ = lookup_table[ac & 0x3f]; | |
149 | ac >>= 6; | |
150 | bits -= 6; | |
151 | } while (bits >= 6); | |
6b3bd08f JK |
152 | } |
153 | if (bits) | |
154 | *cp++ = lookup_table[ac & 0x3f]; | |
155 | return cp - dst; | |
156 | } | |
157 | ||
1c5100a2 | 158 | static int base64_decode(const char *src, int len, u8 *dst) |
6b3bd08f | 159 | { |
1c5100a2 | 160 | int i, bits = 0, ac = 0; |
6b3bd08f | 161 | const char *p; |
1c5100a2 | 162 | u8 *cp = dst; |
6b3bd08f | 163 | |
1c5100a2 | 164 | for (i = 0; i < len; i++) { |
6b3bd08f JK |
165 | p = strchr(lookup_table, src[i]); |
166 | if (p == NULL || src[i] == 0) | |
167 | return -2; | |
168 | ac += (p - lookup_table) << bits; | |
169 | bits += 6; | |
170 | if (bits >= 8) { | |
171 | *cp++ = ac & 0xff; | |
172 | ac >>= 8; | |
173 | bits -= 8; | |
174 | } | |
6b3bd08f JK |
175 | } |
176 | if (ac) | |
177 | return -1; | |
178 | return cp - dst; | |
179 | } | |
180 | ||
b9db0b4a EB |
181 | bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len, |
182 | u32 max_len, u32 *encrypted_len_ret) | |
6b3bd08f | 183 | { |
5dae460c EB |
184 | const struct fscrypt_info *ci = inode->i_crypt_info; |
185 | int padding = 4 << (fscrypt_policy_flags(&ci->ci_policy) & | |
3b6df59b | 186 | FSCRYPT_POLICY_FLAGS_PAD_MASK); |
b9db0b4a EB |
187 | u32 encrypted_len; |
188 | ||
189 | if (orig_len > max_len) | |
190 | return false; | |
191 | encrypted_len = max(orig_len, (u32)FS_CRYPTO_BLOCK_SIZE); | |
192 | encrypted_len = round_up(encrypted_len, padding); | |
193 | *encrypted_len_ret = min(encrypted_len, max_len); | |
194 | return true; | |
6b3bd08f JK |
195 | } |
196 | ||
197 | /** | |
2cbadadc | 198 | * fscrypt_fname_alloc_buffer - allocate a buffer for presented filenames |
6b3bd08f | 199 | * |
2cbadadc EB |
200 | * Allocate a buffer that is large enough to hold any decrypted or encoded |
201 | * filename (null-terminated), for the given maximum encrypted filename length. | |
202 | * | |
203 | * Return: 0 on success, -errno on failure | |
6b3bd08f | 204 | */ |
0b93e1b9 | 205 | int fscrypt_fname_alloc_buffer(const struct inode *inode, |
2cbadadc EB |
206 | u32 max_encrypted_len, |
207 | struct fscrypt_str *crypto_str) | |
6b3bd08f | 208 | { |
17159420 EB |
209 | const u32 max_encoded_len = |
210 | max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE), | |
211 | 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))); | |
2cbadadc | 212 | u32 max_presented_len; |
6b3bd08f | 213 | |
2cbadadc | 214 | max_presented_len = max(max_encoded_len, max_encrypted_len); |
17159420 | 215 | |
2cbadadc EB |
216 | crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS); |
217 | if (!crypto_str->name) | |
6b3bd08f | 218 | return -ENOMEM; |
2cbadadc | 219 | crypto_str->len = max_presented_len; |
6b3bd08f JK |
220 | return 0; |
221 | } | |
0b81d077 | 222 | EXPORT_SYMBOL(fscrypt_fname_alloc_buffer); |
6b3bd08f JK |
223 | |
224 | /** | |
2cbadadc | 225 | * fscrypt_fname_free_buffer - free the buffer for presented filenames |
6b3bd08f | 226 | * |
2cbadadc | 227 | * Free the buffer allocated by fscrypt_fname_alloc_buffer(). |
6b3bd08f | 228 | */ |
0b81d077 | 229 | void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) |
6b3bd08f JK |
230 | { |
231 | if (!crypto_str) | |
232 | return; | |
233 | kfree(crypto_str->name); | |
234 | crypto_str->name = NULL; | |
235 | } | |
0b81d077 | 236 | EXPORT_SYMBOL(fscrypt_fname_free_buffer); |
6b3bd08f JK |
237 | |
238 | /** | |
0b81d077 JK |
239 | * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user |
240 | * space | |
ef1eb3aa EB |
241 | * |
242 | * The caller must have allocated sufficient memory for the @oname string. | |
243 | * | |
17159420 EB |
244 | * If the key is available, we'll decrypt the disk name; otherwise, we'll encode |
245 | * it for presentation. Short names are directly base64-encoded, while long | |
246 | * names are encoded in fscrypt_digested_name format. | |
247 | * | |
ef1eb3aa | 248 | * Return: 0 on success, -errno on failure |
6b3bd08f | 249 | */ |
8a4ab0b8 EB |
250 | int fscrypt_fname_disk_to_usr(const struct inode *inode, |
251 | u32 hash, u32 minor_hash, | |
252 | const struct fscrypt_str *iname, | |
253 | struct fscrypt_str *oname) | |
6b3bd08f JK |
254 | { |
255 | const struct qstr qname = FSTR_TO_QSTR(iname); | |
17159420 | 256 | struct fscrypt_digested_name digested_name; |
6b3bd08f | 257 | |
0b81d077 | 258 | if (fscrypt_is_dot_dotdot(&qname)) { |
6b3bd08f JK |
259 | oname->name[0] = '.'; |
260 | oname->name[iname->len - 1] = '.'; | |
261 | oname->len = iname->len; | |
ef1eb3aa | 262 | return 0; |
6b3bd08f JK |
263 | } |
264 | ||
0b81d077 | 265 | if (iname->len < FS_CRYPTO_BLOCK_SIZE) |
1dafa51d | 266 | return -EUCLEAN; |
6b3bd08f | 267 | |
e37a784d | 268 | if (fscrypt_has_encryption_key(inode)) |
0b81d077 JK |
269 | return fname_decrypt(inode, iname, oname); |
270 | ||
17159420 | 271 | if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { |
1c5100a2 | 272 | oname->len = base64_encode(iname->name, iname->len, |
ef1eb3aa EB |
273 | oname->name); |
274 | return 0; | |
6b3bd08f JK |
275 | } |
276 | if (hash) { | |
17159420 EB |
277 | digested_name.hash = hash; |
278 | digested_name.minor_hash = minor_hash; | |
0b81d077 | 279 | } else { |
17159420 EB |
280 | digested_name.hash = 0; |
281 | digested_name.minor_hash = 0; | |
0b81d077 | 282 | } |
17159420 EB |
283 | memcpy(digested_name.digest, |
284 | FSCRYPT_FNAME_DIGEST(iname->name, iname->len), | |
285 | FSCRYPT_FNAME_DIGEST_SIZE); | |
6b3bd08f | 286 | oname->name[0] = '_'; |
1c5100a2 | 287 | oname->len = 1 + base64_encode((const u8 *)&digested_name, |
17159420 | 288 | sizeof(digested_name), oname->name + 1); |
ef1eb3aa | 289 | return 0; |
6b3bd08f | 290 | } |
0b81d077 | 291 | EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); |
6b3bd08f | 292 | |
17159420 EB |
293 | /** |
294 | * fscrypt_setup_filename() - prepare to search a possibly encrypted directory | |
295 | * @dir: the directory that will be searched | |
296 | * @iname: the user-provided filename being searched for | |
297 | * @lookup: 1 if we're allowed to proceed without the key because it's | |
298 | * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot | |
299 | * proceed without the key because we're going to create the dir_entry. | |
300 | * @fname: the filename information to be filled in | |
301 | * | |
302 | * Given a user-provided filename @iname, this function sets @fname->disk_name | |
303 | * to the name that would be stored in the on-disk directory entry, if possible. | |
304 | * If the directory is unencrypted this is simply @iname. Else, if we have the | |
305 | * directory's encryption key, then @iname is the plaintext, so we encrypt it to | |
306 | * get the disk_name. | |
307 | * | |
308 | * Else, for keyless @lookup operations, @iname is the presented ciphertext, so | |
309 | * we decode it to get either the ciphertext disk_name (for short names) or the | |
310 | * fscrypt_digested_name (for long names). Non-@lookup operations will be | |
311 | * impossible in this case, so we fail them with ENOKEY. | |
312 | * | |
313 | * If successful, fscrypt_free_filename() must be called later to clean up. | |
314 | * | |
315 | * Return: 0 on success, -errno on failure | |
316 | */ | |
0b81d077 JK |
317 | int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, |
318 | int lookup, struct fscrypt_name *fname) | |
6b3bd08f | 319 | { |
17159420 EB |
320 | int ret; |
321 | int digested; | |
6b3bd08f | 322 | |
0b81d077 | 323 | memset(fname, 0, sizeof(struct fscrypt_name)); |
6b3bd08f JK |
324 | fname->usr_fname = iname; |
325 | ||
e0428a26 | 326 | if (!IS_ENCRYPTED(dir) || fscrypt_is_dot_dotdot(iname)) { |
6b3bd08f JK |
327 | fname->disk_name.name = (unsigned char *)iname->name; |
328 | fname->disk_name.len = iname->len; | |
7bf4b557 | 329 | return 0; |
6b3bd08f | 330 | } |
1b53cf98 | 331 | ret = fscrypt_get_encryption_info(dir); |
17bfde60 | 332 | if (ret) |
6b3bd08f | 333 | return ret; |
0b81d077 | 334 | |
e37a784d | 335 | if (fscrypt_has_encryption_key(dir)) { |
b9db0b4a | 336 | if (!fscrypt_fname_encrypted_size(dir, iname->len, |
e12ee683 | 337 | dir->i_sb->s_cop->max_namelen, |
b9db0b4a | 338 | &fname->crypto_buf.len)) |
50c961de | 339 | return -ENAMETOOLONG; |
50c961de EB |
340 | fname->crypto_buf.name = kmalloc(fname->crypto_buf.len, |
341 | GFP_NOFS); | |
342 | if (!fname->crypto_buf.name) | |
343 | return -ENOMEM; | |
344 | ||
345 | ret = fname_encrypt(dir, iname, fname->crypto_buf.name, | |
346 | fname->crypto_buf.len); | |
ef1eb3aa | 347 | if (ret) |
e5e0906b | 348 | goto errout; |
6b3bd08f JK |
349 | fname->disk_name.name = fname->crypto_buf.name; |
350 | fname->disk_name.len = fname->crypto_buf.len; | |
7bf4b557 | 351 | return 0; |
6b3bd08f | 352 | } |
e5e0906b | 353 | if (!lookup) |
54475f53 | 354 | return -ENOKEY; |
b01531db | 355 | fname->is_ciphertext_name = true; |
6b3bd08f | 356 | |
0b81d077 JK |
357 | /* |
358 | * We don't have the key and we are doing a lookup; decode the | |
6b3bd08f JK |
359 | * user-supplied name |
360 | */ | |
17159420 EB |
361 | if (iname->name[0] == '_') { |
362 | if (iname->len != | |
363 | 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))) | |
364 | return -ENOENT; | |
365 | digested = 1; | |
366 | } else { | |
367 | if (iname->len > | |
368 | BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)) | |
369 | return -ENOENT; | |
370 | digested = 0; | |
371 | } | |
e5e0906b | 372 | |
17159420 EB |
373 | fname->crypto_buf.name = |
374 | kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE, | |
375 | sizeof(struct fscrypt_digested_name)), | |
376 | GFP_KERNEL); | |
e5e0906b JK |
377 | if (fname->crypto_buf.name == NULL) |
378 | return -ENOMEM; | |
0b81d077 | 379 | |
1c5100a2 EB |
380 | ret = base64_decode(iname->name + digested, iname->len - digested, |
381 | fname->crypto_buf.name); | |
6b3bd08f JK |
382 | if (ret < 0) { |
383 | ret = -ENOENT; | |
e5e0906b | 384 | goto errout; |
6b3bd08f JK |
385 | } |
386 | fname->crypto_buf.len = ret; | |
17159420 EB |
387 | if (digested) { |
388 | const struct fscrypt_digested_name *n = | |
389 | (const void *)fname->crypto_buf.name; | |
390 | fname->hash = n->hash; | |
391 | fname->minor_hash = n->minor_hash; | |
6b3bd08f JK |
392 | } else { |
393 | fname->disk_name.name = fname->crypto_buf.name; | |
394 | fname->disk_name.len = fname->crypto_buf.len; | |
395 | } | |
7bf4b557 | 396 | return 0; |
0b81d077 | 397 | |
e5e0906b | 398 | errout: |
50c961de | 399 | kfree(fname->crypto_buf.name); |
6b3bd08f JK |
400 | return ret; |
401 | } | |
0b81d077 | 402 | EXPORT_SYMBOL(fscrypt_setup_filename); |