| crypto.c (17398957aa0a05ef62535060b41d103590dcc533) | crypto.c (dd2a3b7ad98f8482cae481cad89dfed5eee48365) |
|---|---|
| 1/** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2004 Erez Zadok 5 * Copyright (C) 2001-2004 Stony Brook University | 1/** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2004 Erez Zadok 5 * Copyright (C) 2001-2004 Stony Brook University |
| 6 * Copyright (C) 2004-2006 International Business Machines Corp. | 6 * Copyright (C) 2004-2007 International Business Machines Corp. |
| 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompson <mcthomps@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 of the 13 * License, or (at your option) any later version. 14 * --- 843 unchanged lines hidden (view full) --- 858 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; 859 set_extent_mask_and_shift(crypt_stat); 860 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; 861 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) { 862 crypt_stat->header_extent_size = 863 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 864 } else 865 crypt_stat->header_extent_size = PAGE_CACHE_SIZE; | 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompson <mcthomps@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 of the 13 * License, or (at your option) any later version. 14 * --- 843 unchanged lines hidden (view full) --- 858 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; 859 set_extent_mask_and_shift(crypt_stat); 860 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; 861 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) { 862 crypt_stat->header_extent_size = 863 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 864 } else 865 crypt_stat->header_extent_size = PAGE_CACHE_SIZE; |
| 866 crypt_stat->num_header_extents_at_front = 1; | 866 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 867 crypt_stat->num_header_extents_at_front = 0; 868 else 869 crypt_stat->num_header_extents_at_front = 1; |
| 867} 868 869/** 870 * ecryptfs_compute_root_iv 871 * @crypt_stats 872 * 873 * On error, sets the root IV to all 0's. 874 */ --- 141 unchanged lines hidden (view full) --- 1016} 1017 1018/** 1019 * contains_ecryptfs_marker - check for the ecryptfs marker 1020 * @data: The data block in which to check 1021 * 1022 * Returns one if marker found; zero if not found 1023 */ | 870} 871 872/** 873 * ecryptfs_compute_root_iv 874 * @crypt_stats 875 * 876 * On error, sets the root IV to all 0's. 877 */ --- 141 unchanged lines hidden (view full) --- 1019} 1020 1021/** 1022 * contains_ecryptfs_marker - check for the ecryptfs marker 1023 * @data: The data block in which to check 1024 * 1025 * Returns one if marker found; zero if not found 1026 */ |
| 1024int contains_ecryptfs_marker(char *data) | 1027static int contains_ecryptfs_marker(char *data) |
| 1025{ 1026 u32 m_1, m_2; 1027 1028 memcpy(&m_1, data, 4); 1029 m_1 = be32_to_cpu(m_1); 1030 memcpy(&m_2, (data + 4), 4); 1031 m_2 = be32_to_cpu(m_2); 1032 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2) --- 9 unchanged lines hidden (view full) --- 1042struct ecryptfs_flag_map_elem { 1043 u32 file_flag; 1044 u32 local_flag; 1045}; 1046 1047/* Add support for additional flags by adding elements here. */ 1048static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { 1049 {0x00000001, ECRYPTFS_ENABLE_HMAC}, | 1028{ 1029 u32 m_1, m_2; 1030 1031 memcpy(&m_1, data, 4); 1032 m_1 = be32_to_cpu(m_1); 1033 memcpy(&m_2, (data + 4), 4); 1034 m_2 = be32_to_cpu(m_2); 1035 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2) --- 9 unchanged lines hidden (view full) --- 1045struct ecryptfs_flag_map_elem { 1046 u32 file_flag; 1047 u32 local_flag; 1048}; 1049 1050/* Add support for additional flags by adding elements here. */ 1051static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { 1052 {0x00000001, ECRYPTFS_ENABLE_HMAC}, |
| 1050 {0x00000002, ECRYPTFS_ENCRYPTED} | 1053 {0x00000002, ECRYPTFS_ENCRYPTED}, 1054 {0x00000004, ECRYPTFS_METADATA_IN_XATTR} |
| 1051}; 1052 1053/** 1054 * ecryptfs_process_flags 1055 * @crypt_stat 1056 * @page_virt: Source data to be parsed 1057 * @bytes_read: Updated with the number of bytes read 1058 * --- 143 unchanged lines hidden (view full) --- 1202/** 1203 * ecryptfs_read_header_region 1204 * @data 1205 * @dentry 1206 * @nd 1207 * 1208 * Returns zero on success; non-zero otherwise 1209 */ | 1055}; 1056 1057/** 1058 * ecryptfs_process_flags 1059 * @crypt_stat 1060 * @page_virt: Source data to be parsed 1061 * @bytes_read: Updated with the number of bytes read 1062 * --- 143 unchanged lines hidden (view full) --- 1206/** 1207 * ecryptfs_read_header_region 1208 * @data 1209 * @dentry 1210 * @nd 1211 * 1212 * Returns zero on success; non-zero otherwise 1213 */ |
| 1210int ecryptfs_read_header_region(char *data, struct dentry *dentry, 1211 struct vfsmount *mnt) | 1214static int ecryptfs_read_header_region(char *data, struct dentry *dentry, 1215 struct vfsmount *mnt) |
| 1212{ 1213 struct file *lower_file; 1214 mm_segment_t oldfs; 1215 int rc; 1216 1217 if ((rc = ecryptfs_open_lower_file(&lower_file, dentry, mnt, 1218 O_RDONLY))) { 1219 printk(KERN_ERR --- 12 unchanged lines hidden (view full) --- 1232 printk(KERN_ERR "Error closing lower_file\n"); 1233 goto out; 1234 } 1235 rc = 0; 1236out: 1237 return rc; 1238} 1239 | 1216{ 1217 struct file *lower_file; 1218 mm_segment_t oldfs; 1219 int rc; 1220 1221 if ((rc = ecryptfs_open_lower_file(&lower_file, dentry, mnt, 1222 O_RDONLY))) { 1223 printk(KERN_ERR --- 12 unchanged lines hidden (view full) --- 1236 printk(KERN_ERR "Error closing lower_file\n"); 1237 goto out; 1238 } 1239 rc = 0; 1240out: 1241 return rc; 1242} 1243 |
| 1244int ecryptfs_read_and_validate_header_region(char *data, struct dentry *dentry, 1245 struct vfsmount *mnt) 1246{ 1247 int rc; 1248 1249 rc = ecryptfs_read_header_region(data, dentry, mnt); 1250 if (rc) 1251 goto out; 1252 if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) 1253 rc = -EINVAL; 1254out: 1255 return rc; 1256} 1257 1258 |
|
| 1240static void 1241write_header_metadata(char *virt, struct ecryptfs_crypt_stat *crypt_stat, 1242 size_t *written) 1243{ 1244 u32 header_extent_size; 1245 u16 num_header_extents_at_front; 1246 1247 header_extent_size = (u32)crypt_stat->header_extent_size; --- 35 unchanged lines hidden (view full) --- 1283 * Data Extent 0: 1284 * Lower data (CBC encrypted) 1285 * Data Extent 1: 1286 * Lower data (CBC encrypted) 1287 * ... 1288 * 1289 * Returns zero on success 1290 */ | 1259static void 1260write_header_metadata(char *virt, struct ecryptfs_crypt_stat *crypt_stat, 1261 size_t *written) 1262{ 1263 u32 header_extent_size; 1264 u16 num_header_extents_at_front; 1265 1266 header_extent_size = (u32)crypt_stat->header_extent_size; --- 35 unchanged lines hidden (view full) --- 1302 * Data Extent 0: 1303 * Lower data (CBC encrypted) 1304 * Data Extent 1: 1305 * Lower data (CBC encrypted) 1306 * ... 1307 * 1308 * Returns zero on success 1309 */ |
| 1291int ecryptfs_write_headers_virt(char *page_virt, 1292 struct ecryptfs_crypt_stat *crypt_stat, 1293 struct dentry *ecryptfs_dentry) | 1310static int ecryptfs_write_headers_virt(char *page_virt, size_t *size, 1311 struct ecryptfs_crypt_stat *crypt_stat, 1312 struct dentry *ecryptfs_dentry) |
| 1294{ 1295 int rc; 1296 size_t written; 1297 size_t offset; 1298 1299 offset = ECRYPTFS_FILE_SIZE_BYTES; 1300 write_ecryptfs_marker((page_virt + offset), &written); 1301 offset += written; 1302 write_ecryptfs_flags((page_virt + offset), crypt_stat, &written); 1303 offset += written; 1304 write_header_metadata((page_virt + offset), crypt_stat, &written); 1305 offset += written; 1306 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat, 1307 ecryptfs_dentry, &written, 1308 PAGE_CACHE_SIZE - offset); 1309 if (rc) 1310 ecryptfs_printk(KERN_WARNING, "Error generating key packet " 1311 "set; rc = [%d]\n", rc); | 1313{ 1314 int rc; 1315 size_t written; 1316 size_t offset; 1317 1318 offset = ECRYPTFS_FILE_SIZE_BYTES; 1319 write_ecryptfs_marker((page_virt + offset), &written); 1320 offset += written; 1321 write_ecryptfs_flags((page_virt + offset), crypt_stat, &written); 1322 offset += written; 1323 write_header_metadata((page_virt + offset), crypt_stat, &written); 1324 offset += written; 1325 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat, 1326 ecryptfs_dentry, &written, 1327 PAGE_CACHE_SIZE - offset); 1328 if (rc) 1329 ecryptfs_printk(KERN_WARNING, "Error generating key packet " 1330 "set; rc = [%d]\n", rc); |
| 1331 if (size) { 1332 offset += written; 1333 *size = offset; 1334 } |
|
| 1312 return rc; 1313} 1314 | 1335 return rc; 1336} 1337 |
| 1338static int ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, 1339 struct file *lower_file, 1340 char *page_virt) 1341{ 1342 mm_segment_t oldfs; 1343 int current_header_page; 1344 int header_pages; 1345 1346 lower_file->f_pos = 0; 1347 oldfs = get_fs(); 1348 set_fs(get_ds()); 1349 lower_file->f_op->write(lower_file, (char __user *)page_virt, 1350 PAGE_CACHE_SIZE, &lower_file->f_pos); 1351 header_pages = ((crypt_stat->header_extent_size 1352 * crypt_stat->num_header_extents_at_front) 1353 / PAGE_CACHE_SIZE); 1354 memset(page_virt, 0, PAGE_CACHE_SIZE); 1355 current_header_page = 1; 1356 while (current_header_page < header_pages) { 1357 lower_file->f_op->write(lower_file, (char __user *)page_virt, 1358 PAGE_CACHE_SIZE, &lower_file->f_pos); 1359 current_header_page++; 1360 } 1361 set_fs(oldfs); 1362 return 0; 1363} 1364 1365static int ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, 1366 struct ecryptfs_crypt_stat *crypt_stat, 1367 char *page_virt, size_t size) 1368{ 1369 int rc; 1370 1371 rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt, 1372 size, 0); 1373 return rc; 1374} 1375 |
|
| 1315/** | 1376/** |
| 1316 * ecryptfs_write_headers | 1377 * ecryptfs_write_metadata |
| 1317 * @lower_file: The lower file struct, which was returned from dentry_open 1318 * 1319 * Write the file headers out. This will likely involve a userspace 1320 * callout, in which the session key is encrypted with one or more 1321 * public keys and/or the passphrase necessary to do the encryption is 1322 * retrieved via a prompt. Exactly what happens at this point should 1323 * be policy-dependent. 1324 * 1325 * Returns zero on success; non-zero on error 1326 */ | 1378 * @lower_file: The lower file struct, which was returned from dentry_open 1379 * 1380 * Write the file headers out. This will likely involve a userspace 1381 * callout, in which the session key is encrypted with one or more 1382 * public keys and/or the passphrase necessary to do the encryption is 1383 * retrieved via a prompt. Exactly what happens at this point should 1384 * be policy-dependent. 1385 * 1386 * Returns zero on success; non-zero on error 1387 */ |
| 1327int ecryptfs_write_headers(struct dentry *ecryptfs_dentry, 1328 struct file *lower_file) | 1388int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, 1389 struct file *lower_file) |
| 1329{ | 1390{ |
| 1330 mm_segment_t oldfs; | |
| 1331 struct ecryptfs_crypt_stat *crypt_stat; 1332 char *page_virt; | 1391 struct ecryptfs_crypt_stat *crypt_stat; 1392 char *page_virt; |
| 1333 int current_header_page; 1334 int header_pages; | 1393 size_t size; |
| 1335 int rc = 0; 1336 1337 crypt_stat = &ecryptfs_inode_to_private( 1338 ecryptfs_dentry->d_inode)->crypt_stat; 1339 if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1340 ECRYPTFS_ENCRYPTED))) { 1341 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1342 ECRYPTFS_KEY_VALID)) { --- 10 unchanged lines hidden (view full) --- 1353 } 1354 /* Released in this function */ 1355 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_0, GFP_USER); 1356 if (!page_virt) { 1357 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 1358 rc = -ENOMEM; 1359 goto out; 1360 } | 1394 int rc = 0; 1395 1396 crypt_stat = &ecryptfs_inode_to_private( 1397 ecryptfs_dentry->d_inode)->crypt_stat; 1398 if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1399 ECRYPTFS_ENCRYPTED))) { 1400 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1401 ECRYPTFS_KEY_VALID)) { --- 10 unchanged lines hidden (view full) --- 1412 } 1413 /* Released in this function */ 1414 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_0, GFP_USER); 1415 if (!page_virt) { 1416 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 1417 rc = -ENOMEM; 1418 goto out; 1419 } |
| 1361 1362 rc = ecryptfs_write_headers_virt(page_virt, crypt_stat, 1363 ecryptfs_dentry); | 1420 rc = ecryptfs_write_headers_virt(page_virt, &size, crypt_stat, 1421 ecryptfs_dentry); |
| 1364 if (unlikely(rc)) { 1365 ecryptfs_printk(KERN_ERR, "Error whilst writing headers\n"); 1366 memset(page_virt, 0, PAGE_CACHE_SIZE); 1367 goto out_free; 1368 } | 1422 if (unlikely(rc)) { 1423 ecryptfs_printk(KERN_ERR, "Error whilst writing headers\n"); 1424 memset(page_virt, 0, PAGE_CACHE_SIZE); 1425 goto out_free; 1426 } |
| 1369 ecryptfs_printk(KERN_DEBUG, 1370 "Writing key packet set to underlying file\n"); 1371 lower_file->f_pos = 0; 1372 oldfs = get_fs(); 1373 set_fs(get_ds()); 1374 ecryptfs_printk(KERN_DEBUG, "Calling lower_file->f_op->" 1375 "write() w/ header page; lower_file->f_pos = " 1376 "[0x%.16x]\n", lower_file->f_pos); 1377 lower_file->f_op->write(lower_file, (char __user *)page_virt, 1378 PAGE_CACHE_SIZE, &lower_file->f_pos); 1379 header_pages = ((crypt_stat->header_extent_size 1380 * crypt_stat->num_header_extents_at_front) 1381 / PAGE_CACHE_SIZE); 1382 memset(page_virt, 0, PAGE_CACHE_SIZE); 1383 current_header_page = 1; 1384 while (current_header_page < header_pages) { 1385 ecryptfs_printk(KERN_DEBUG, "Calling lower_file->f_op->" 1386 "write() w/ zero'd page; lower_file->f_pos = " 1387 "[0x%.16x]\n", lower_file->f_pos); 1388 lower_file->f_op->write(lower_file, (char __user *)page_virt, 1389 PAGE_CACHE_SIZE, &lower_file->f_pos); 1390 current_header_page++; | 1427 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 1428 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, 1429 crypt_stat, page_virt, 1430 size); 1431 else 1432 rc = ecryptfs_write_metadata_to_contents(crypt_stat, lower_file, 1433 page_virt); 1434 if (rc) { 1435 printk(KERN_ERR "Error writing metadata out to lower file; " 1436 "rc = [%d]\n", rc); 1437 goto out_free; |
| 1391 } | 1438 } |
| 1392 set_fs(oldfs); 1393 ecryptfs_printk(KERN_DEBUG, 1394 "Done writing key packet set to underlying file.\n"); | |
| 1395out_free: 1396 kmem_cache_free(ecryptfs_header_cache_0, page_virt); 1397out: 1398 return rc; 1399} 1400 | 1439out_free: 1440 kmem_cache_free(ecryptfs_header_cache_0, page_virt); 1441out: 1442 return rc; 1443} 1444 |
| 1445#define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0 1446#define ECRYPTFS_VALIDATE_HEADER_SIZE 1 |
|
| 1401static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, | 1447static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, |
| 1402 char *virt, int *bytes_read) | 1448 char *virt, int *bytes_read, 1449 int validate_header_size) |
| 1403{ 1404 int rc = 0; 1405 u32 header_extent_size; 1406 u16 num_header_extents_at_front; 1407 1408 memcpy(&header_extent_size, virt, 4); 1409 header_extent_size = be32_to_cpu(header_extent_size); 1410 virt += 4; 1411 memcpy(&num_header_extents_at_front, virt, 2); 1412 num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front); 1413 crypt_stat->header_extent_size = (int)header_extent_size; 1414 crypt_stat->num_header_extents_at_front = 1415 (int)num_header_extents_at_front; 1416 (*bytes_read) = 6; | 1450{ 1451 int rc = 0; 1452 u32 header_extent_size; 1453 u16 num_header_extents_at_front; 1454 1455 memcpy(&header_extent_size, virt, 4); 1456 header_extent_size = be32_to_cpu(header_extent_size); 1457 virt += 4; 1458 memcpy(&num_header_extents_at_front, virt, 2); 1459 num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front); 1460 crypt_stat->header_extent_size = (int)header_extent_size; 1461 crypt_stat->num_header_extents_at_front = 1462 (int)num_header_extents_at_front; 1463 (*bytes_read) = 6; |
| 1417 if ((crypt_stat->header_extent_size 1418 * crypt_stat->num_header_extents_at_front) 1419 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) { | 1464 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) 1465 && ((crypt_stat->header_extent_size 1466 * crypt_stat->num_header_extents_at_front) 1467 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { |
| 1420 rc = -EINVAL; 1421 ecryptfs_printk(KERN_WARNING, "Invalid header extent size: " 1422 "[%d]\n", crypt_stat->header_extent_size); 1423 } 1424 return rc; 1425} 1426 1427/** --- 14 unchanged lines hidden (view full) --- 1442 * 1443 * Read/parse the header data. The header format is detailed in the 1444 * comment block for the ecryptfs_write_headers_virt() function. 1445 * 1446 * Returns zero on success 1447 */ 1448static int ecryptfs_read_headers_virt(char *page_virt, 1449 struct ecryptfs_crypt_stat *crypt_stat, | 1468 rc = -EINVAL; 1469 ecryptfs_printk(KERN_WARNING, "Invalid header extent size: " 1470 "[%d]\n", crypt_stat->header_extent_size); 1471 } 1472 return rc; 1473} 1474 1475/** --- 14 unchanged lines hidden (view full) --- 1490 * 1491 * Read/parse the header data. The header format is detailed in the 1492 * comment block for the ecryptfs_write_headers_virt() function. 1493 * 1494 * Returns zero on success 1495 */ 1496static int ecryptfs_read_headers_virt(char *page_virt, 1497 struct ecryptfs_crypt_stat *crypt_stat, |
| 1450 struct dentry *ecryptfs_dentry) | 1498 struct dentry *ecryptfs_dentry, 1499 int validate_header_size) |
| 1451{ 1452 int rc = 0; 1453 int offset; 1454 int bytes_read; 1455 1456 ecryptfs_set_default_sizes(crypt_stat); 1457 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private( 1458 ecryptfs_dentry->d_sb)->mount_crypt_stat; --- 17 unchanged lines hidden (view full) --- 1476 crypt_stat->file_version, 1477 ECRYPTFS_SUPPORTED_FILE_VERSION); 1478 rc = -EINVAL; 1479 goto out; 1480 } 1481 offset += bytes_read; 1482 if (crypt_stat->file_version >= 1) { 1483 rc = parse_header_metadata(crypt_stat, (page_virt + offset), | 1500{ 1501 int rc = 0; 1502 int offset; 1503 int bytes_read; 1504 1505 ecryptfs_set_default_sizes(crypt_stat); 1506 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private( 1507 ecryptfs_dentry->d_sb)->mount_crypt_stat; --- 17 unchanged lines hidden (view full) --- 1525 crypt_stat->file_version, 1526 ECRYPTFS_SUPPORTED_FILE_VERSION); 1527 rc = -EINVAL; 1528 goto out; 1529 } 1530 offset += bytes_read; 1531 if (crypt_stat->file_version >= 1) { 1532 rc = parse_header_metadata(crypt_stat, (page_virt + offset), |
| 1484 &bytes_read); | 1533 &bytes_read, validate_header_size); |
| 1485 if (rc) { 1486 ecryptfs_printk(KERN_WARNING, "Error reading header " 1487 "metadata; rc = [%d]\n", rc); 1488 } 1489 offset += bytes_read; 1490 } else 1491 set_default_header_data(crypt_stat); 1492 rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset), 1493 ecryptfs_dentry); 1494out: 1495 return rc; 1496} 1497 1498/** | 1534 if (rc) { 1535 ecryptfs_printk(KERN_WARNING, "Error reading header " 1536 "metadata; rc = [%d]\n", rc); 1537 } 1538 offset += bytes_read; 1539 } else 1540 set_default_header_data(crypt_stat); 1541 rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset), 1542 ecryptfs_dentry); 1543out: 1544 return rc; 1545} 1546 1547/** |
| 1499 * ecryptfs_read_headers | 1548 * ecryptfs_read_xattr_region |
| 1500 * | 1549 * |
| 1550 * Attempts to read the crypto metadata from the extended attribute 1551 * region of the lower file. 1552 */ 1553int ecryptfs_read_xattr_region(char *page_virt, struct dentry *ecryptfs_dentry) 1554{ 1555 ssize_t size; 1556 int rc = 0; 1557 1558 size = ecryptfs_getxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, 1559 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); 1560 if (size < 0) { 1561 printk(KERN_DEBUG "Error attempting to read the [%s] " 1562 "xattr from the lower file; return value = [%zd]\n", 1563 ECRYPTFS_XATTR_NAME, size); 1564 rc = -EINVAL; 1565 goto out; 1566 } 1567out: 1568 return rc; 1569} 1570 1571int ecryptfs_read_and_validate_xattr_region(char *page_virt, 1572 struct dentry *ecryptfs_dentry) 1573{ 1574 int rc; 1575 1576 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry); 1577 if (rc) 1578 goto out; 1579 if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) { 1580 printk(KERN_WARNING "Valid data found in [%s] xattr, but " 1581 "the marker is invalid\n", ECRYPTFS_XATTR_NAME); 1582 rc = -EINVAL; 1583 } 1584out: 1585 return rc; 1586} 1587 1588/** 1589 * ecryptfs_read_metadata 1590 * 1591 * Common entry point for reading file metadata. From here, we could 1592 * retrieve the header information from the header region of the file, 1593 * the xattr region of the file, or some other repostory that is 1594 * stored separately from the file itself. The current implementation 1595 * supports retrieving the metadata information from the file contents 1596 * and from the xattr region. 1597 * |
|
| 1501 * Returns zero if valid headers found and parsed; non-zero otherwise 1502 */ | 1598 * Returns zero if valid headers found and parsed; non-zero otherwise 1599 */ |
| 1503int ecryptfs_read_headers(struct dentry *ecryptfs_dentry, 1504 struct file *lower_file) | 1600int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry, 1601 struct file *lower_file) |
| 1505{ 1506 int rc = 0; 1507 char *page_virt = NULL; 1508 mm_segment_t oldfs; 1509 ssize_t bytes_read; 1510 struct ecryptfs_crypt_stat *crypt_stat = 1511 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; 1512 --- 12 unchanged lines hidden (view full) --- 1525 ECRYPTFS_DEFAULT_EXTENT_SIZE, 1526 &lower_file->f_pos); 1527 set_fs(oldfs); 1528 if (bytes_read != ECRYPTFS_DEFAULT_EXTENT_SIZE) { 1529 rc = -EINVAL; 1530 goto out; 1531 } 1532 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, | 1602{ 1603 int rc = 0; 1604 char *page_virt = NULL; 1605 mm_segment_t oldfs; 1606 ssize_t bytes_read; 1607 struct ecryptfs_crypt_stat *crypt_stat = 1608 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; 1609 --- 12 unchanged lines hidden (view full) --- 1622 ECRYPTFS_DEFAULT_EXTENT_SIZE, 1623 &lower_file->f_pos); 1624 set_fs(oldfs); 1625 if (bytes_read != ECRYPTFS_DEFAULT_EXTENT_SIZE) { 1626 rc = -EINVAL; 1627 goto out; 1628 } 1629 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, |
| 1533 ecryptfs_dentry); | 1630 ecryptfs_dentry, 1631 ECRYPTFS_VALIDATE_HEADER_SIZE); |
| 1534 if (rc) { | 1632 if (rc) { |
| 1535 ecryptfs_printk(KERN_DEBUG, "Valid eCryptfs headers not " 1536 "found\n"); 1537 rc = -EINVAL; | 1633 rc = ecryptfs_read_xattr_region(page_virt, 1634 ecryptfs_dentry); 1635 if (rc) { 1636 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1637 "file header region or xattr region\n"); 1638 rc = -EINVAL; 1639 goto out; 1640 } 1641 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, 1642 ecryptfs_dentry, 1643 ECRYPTFS_DONT_VALIDATE_HEADER_SIZE); 1644 if (rc) { 1645 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1646 "file xattr region either\n"); 1647 rc = -EINVAL; 1648 } 1649 if (crypt_stat->mount_crypt_stat->flags 1650 & ECRYPTFS_XATTR_METADATA_ENABLED) { 1651 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 1652 } else { 1653 printk(KERN_WARNING "Attempt to access file with " 1654 "crypto metadata only in the extended attribute " 1655 "region, but eCryptfs was mounted without " 1656 "xattr support enabled. eCryptfs will not treat " 1657 "this like an encrypted file.\n"); 1658 rc = -EINVAL; 1659 } |
| 1538 } 1539out: 1540 if (page_virt) { 1541 memset(page_virt, 0, PAGE_CACHE_SIZE); 1542 kmem_cache_free(ecryptfs_header_cache_1, page_virt); 1543 } 1544 return rc; 1545} --- 147 unchanged lines hidden --- | 1660 } 1661out: 1662 if (page_virt) { 1663 memset(page_virt, 0, PAGE_CACHE_SIZE); 1664 kmem_cache_free(ecryptfs_header_cache_1, page_virt); 1665 } 1666 return rc; 1667} --- 147 unchanged lines hidden --- |