1 /* 2 * This contains functions for filename crypto management 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * 7 * Written by Uday Savagaonkar, 2014. 8 * Modified by Jaegeuk Kim, 2015. 9 * 10 * This has not yet undergone a rigorous security audit. 11 */ 12 13 #include <linux/scatterlist.h> 14 #include <linux/ratelimit.h> 15 #include <linux/fscrypto.h> 16 17 /** 18 * fname_crypt_complete() - completion callback for filename crypto 19 * @req: The asynchronous cipher request context 20 * @res: The result of the cipher operation 21 */ 22 static void fname_crypt_complete(struct crypto_async_request *req, int res) 23 { 24 struct fscrypt_completion_result *ecr = req->data; 25 26 if (res == -EINPROGRESS) 27 return; 28 ecr->res = res; 29 complete(&ecr->completion); 30 } 31 32 /** 33 * fname_encrypt() - encrypt a filename 34 * 35 * The caller must have allocated sufficient memory for the @oname string. 36 * 37 * Return: 0 on success, -errno on failure 38 */ 39 static int fname_encrypt(struct inode *inode, 40 const struct qstr *iname, struct fscrypt_str *oname) 41 { 42 u32 ciphertext_len; 43 struct skcipher_request *req = NULL; 44 DECLARE_FS_COMPLETION_RESULT(ecr); 45 struct fscrypt_info *ci = inode->i_crypt_info; 46 struct crypto_skcipher *tfm = ci->ci_ctfm; 47 int res = 0; 48 char iv[FS_CRYPTO_BLOCK_SIZE]; 49 struct scatterlist src_sg, dst_sg; 50 int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 51 char *workbuf, buf[32], *alloc_buf = NULL; 52 unsigned lim; 53 54 lim = inode->i_sb->s_cop->max_namelen(inode); 55 if (iname->len <= 0 || iname->len > lim) 56 return -EIO; 57 58 ciphertext_len = max(iname->len, (u32)FS_CRYPTO_BLOCK_SIZE); 59 ciphertext_len = round_up(ciphertext_len, padding); 60 ciphertext_len = min(ciphertext_len, lim); 61 62 if (ciphertext_len <= sizeof(buf)) { 63 workbuf = buf; 64 } else { 65 alloc_buf = kmalloc(ciphertext_len, GFP_NOFS); 66 if (!alloc_buf) 67 return -ENOMEM; 68 workbuf = alloc_buf; 69 } 70 71 /* Allocate request */ 72 req = skcipher_request_alloc(tfm, GFP_NOFS); 73 if (!req) { 74 printk_ratelimited(KERN_ERR 75 "%s: crypto_request_alloc() failed\n", __func__); 76 kfree(alloc_buf); 77 return -ENOMEM; 78 } 79 skcipher_request_set_callback(req, 80 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 81 fname_crypt_complete, &ecr); 82 83 /* Copy the input */ 84 memcpy(workbuf, iname->name, iname->len); 85 if (iname->len < ciphertext_len) 86 memset(workbuf + iname->len, 0, ciphertext_len - iname->len); 87 88 /* Initialize IV */ 89 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); 90 91 /* Create encryption request */ 92 sg_init_one(&src_sg, workbuf, ciphertext_len); 93 sg_init_one(&dst_sg, oname->name, ciphertext_len); 94 skcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv); 95 res = crypto_skcipher_encrypt(req); 96 if (res == -EINPROGRESS || res == -EBUSY) { 97 wait_for_completion(&ecr.completion); 98 res = ecr.res; 99 } 100 kfree(alloc_buf); 101 skcipher_request_free(req); 102 if (res < 0) { 103 printk_ratelimited(KERN_ERR 104 "%s: Error (error code %d)\n", __func__, res); 105 return res; 106 } 107 108 oname->len = ciphertext_len; 109 return 0; 110 } 111 112 /** 113 * fname_decrypt() - decrypt a filename 114 * 115 * The caller must have allocated sufficient memory for the @oname string. 116 * 117 * Return: 0 on success, -errno on failure 118 */ 119 static int fname_decrypt(struct inode *inode, 120 const struct fscrypt_str *iname, 121 struct fscrypt_str *oname) 122 { 123 struct skcipher_request *req = NULL; 124 DECLARE_FS_COMPLETION_RESULT(ecr); 125 struct scatterlist src_sg, dst_sg; 126 struct fscrypt_info *ci = inode->i_crypt_info; 127 struct crypto_skcipher *tfm = ci->ci_ctfm; 128 int res = 0; 129 char iv[FS_CRYPTO_BLOCK_SIZE]; 130 unsigned lim; 131 132 lim = inode->i_sb->s_cop->max_namelen(inode); 133 if (iname->len <= 0 || iname->len > lim) 134 return -EIO; 135 136 /* Allocate request */ 137 req = skcipher_request_alloc(tfm, GFP_NOFS); 138 if (!req) { 139 printk_ratelimited(KERN_ERR 140 "%s: crypto_request_alloc() failed\n", __func__); 141 return -ENOMEM; 142 } 143 skcipher_request_set_callback(req, 144 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 145 fname_crypt_complete, &ecr); 146 147 /* Initialize IV */ 148 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); 149 150 /* Create decryption request */ 151 sg_init_one(&src_sg, iname->name, iname->len); 152 sg_init_one(&dst_sg, oname->name, oname->len); 153 skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv); 154 res = crypto_skcipher_decrypt(req); 155 if (res == -EINPROGRESS || res == -EBUSY) { 156 wait_for_completion(&ecr.completion); 157 res = ecr.res; 158 } 159 skcipher_request_free(req); 160 if (res < 0) { 161 printk_ratelimited(KERN_ERR 162 "%s: Error (error code %d)\n", __func__, res); 163 return res; 164 } 165 166 oname->len = strnlen(oname->name, iname->len); 167 return 0; 168 } 169 170 static const char *lookup_table = 171 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; 172 173 /** 174 * digest_encode() - 175 * 176 * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. 177 * The encoded string is roughly 4/3 times the size of the input string. 178 */ 179 static int digest_encode(const char *src, int len, char *dst) 180 { 181 int i = 0, bits = 0, ac = 0; 182 char *cp = dst; 183 184 while (i < len) { 185 ac += (((unsigned char) src[i]) << bits); 186 bits += 8; 187 do { 188 *cp++ = lookup_table[ac & 0x3f]; 189 ac >>= 6; 190 bits -= 6; 191 } while (bits >= 6); 192 i++; 193 } 194 if (bits) 195 *cp++ = lookup_table[ac & 0x3f]; 196 return cp - dst; 197 } 198 199 static int digest_decode(const char *src, int len, char *dst) 200 { 201 int i = 0, bits = 0, ac = 0; 202 const char *p; 203 char *cp = dst; 204 205 while (i < len) { 206 p = strchr(lookup_table, src[i]); 207 if (p == NULL || src[i] == 0) 208 return -2; 209 ac += (p - lookup_table) << bits; 210 bits += 6; 211 if (bits >= 8) { 212 *cp++ = ac & 0xff; 213 ac >>= 8; 214 bits -= 8; 215 } 216 i++; 217 } 218 if (ac) 219 return -1; 220 return cp - dst; 221 } 222 223 u32 fscrypt_fname_encrypted_size(struct inode *inode, u32 ilen) 224 { 225 int padding = 32; 226 struct fscrypt_info *ci = inode->i_crypt_info; 227 228 if (ci) 229 padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 230 ilen = max(ilen, (u32)FS_CRYPTO_BLOCK_SIZE); 231 return round_up(ilen, padding); 232 } 233 EXPORT_SYMBOL(fscrypt_fname_encrypted_size); 234 235 /** 236 * fscrypt_fname_crypto_alloc_obuff() - 237 * 238 * Allocates an output buffer that is sufficient for the crypto operation 239 * specified by the context and the direction. 240 */ 241 int fscrypt_fname_alloc_buffer(struct inode *inode, 242 u32 ilen, struct fscrypt_str *crypto_str) 243 { 244 unsigned int olen = fscrypt_fname_encrypted_size(inode, ilen); 245 246 crypto_str->len = olen; 247 if (olen < FS_FNAME_CRYPTO_DIGEST_SIZE * 2) 248 olen = FS_FNAME_CRYPTO_DIGEST_SIZE * 2; 249 /* 250 * Allocated buffer can hold one more character to null-terminate the 251 * string 252 */ 253 crypto_str->name = kmalloc(olen + 1, GFP_NOFS); 254 if (!(crypto_str->name)) 255 return -ENOMEM; 256 return 0; 257 } 258 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer); 259 260 /** 261 * fscrypt_fname_crypto_free_buffer() - 262 * 263 * Frees the buffer allocated for crypto operation. 264 */ 265 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 266 { 267 if (!crypto_str) 268 return; 269 kfree(crypto_str->name); 270 crypto_str->name = NULL; 271 } 272 EXPORT_SYMBOL(fscrypt_fname_free_buffer); 273 274 /** 275 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user 276 * space 277 * 278 * The caller must have allocated sufficient memory for the @oname string. 279 * 280 * Return: 0 on success, -errno on failure 281 */ 282 int fscrypt_fname_disk_to_usr(struct inode *inode, 283 u32 hash, u32 minor_hash, 284 const struct fscrypt_str *iname, 285 struct fscrypt_str *oname) 286 { 287 const struct qstr qname = FSTR_TO_QSTR(iname); 288 char buf[24]; 289 290 if (fscrypt_is_dot_dotdot(&qname)) { 291 oname->name[0] = '.'; 292 oname->name[iname->len - 1] = '.'; 293 oname->len = iname->len; 294 return 0; 295 } 296 297 if (iname->len < FS_CRYPTO_BLOCK_SIZE) 298 return -EUCLEAN; 299 300 if (inode->i_crypt_info) 301 return fname_decrypt(inode, iname, oname); 302 303 if (iname->len <= FS_FNAME_CRYPTO_DIGEST_SIZE) { 304 oname->len = digest_encode(iname->name, iname->len, 305 oname->name); 306 return 0; 307 } 308 if (hash) { 309 memcpy(buf, &hash, 4); 310 memcpy(buf + 4, &minor_hash, 4); 311 } else { 312 memset(buf, 0, 8); 313 } 314 memcpy(buf + 8, iname->name + iname->len - 16, 16); 315 oname->name[0] = '_'; 316 oname->len = 1 + digest_encode(buf, 24, oname->name + 1); 317 return 0; 318 } 319 EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); 320 321 /** 322 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk 323 * space 324 * 325 * The caller must have allocated sufficient memory for the @oname string. 326 * 327 * Return: 0 on success, -errno on failure 328 */ 329 int fscrypt_fname_usr_to_disk(struct inode *inode, 330 const struct qstr *iname, 331 struct fscrypt_str *oname) 332 { 333 if (fscrypt_is_dot_dotdot(iname)) { 334 oname->name[0] = '.'; 335 oname->name[iname->len - 1] = '.'; 336 oname->len = iname->len; 337 return 0; 338 } 339 if (inode->i_crypt_info) 340 return fname_encrypt(inode, iname, oname); 341 /* 342 * Without a proper key, a user is not allowed to modify the filenames 343 * in a directory. Consequently, a user space name cannot be mapped to 344 * a disk-space name 345 */ 346 return -EACCES; 347 } 348 EXPORT_SYMBOL(fscrypt_fname_usr_to_disk); 349 350 int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, 351 int lookup, struct fscrypt_name *fname) 352 { 353 int ret = 0, bigname = 0; 354 355 memset(fname, 0, sizeof(struct fscrypt_name)); 356 fname->usr_fname = iname; 357 358 if (!dir->i_sb->s_cop->is_encrypted(dir) || 359 fscrypt_is_dot_dotdot(iname)) { 360 fname->disk_name.name = (unsigned char *)iname->name; 361 fname->disk_name.len = iname->len; 362 return 0; 363 } 364 ret = get_crypt_info(dir); 365 if (ret && ret != -EOPNOTSUPP) 366 return ret; 367 368 if (dir->i_crypt_info) { 369 ret = fscrypt_fname_alloc_buffer(dir, iname->len, 370 &fname->crypto_buf); 371 if (ret) 372 return ret; 373 ret = fname_encrypt(dir, iname, &fname->crypto_buf); 374 if (ret) 375 goto errout; 376 fname->disk_name.name = fname->crypto_buf.name; 377 fname->disk_name.len = fname->crypto_buf.len; 378 return 0; 379 } 380 if (!lookup) 381 return -EACCES; 382 383 /* 384 * We don't have the key and we are doing a lookup; decode the 385 * user-supplied name 386 */ 387 if (iname->name[0] == '_') 388 bigname = 1; 389 if ((bigname && (iname->len != 33)) || (!bigname && (iname->len > 43))) 390 return -ENOENT; 391 392 fname->crypto_buf.name = kmalloc(32, GFP_KERNEL); 393 if (fname->crypto_buf.name == NULL) 394 return -ENOMEM; 395 396 ret = digest_decode(iname->name + bigname, iname->len - bigname, 397 fname->crypto_buf.name); 398 if (ret < 0) { 399 ret = -ENOENT; 400 goto errout; 401 } 402 fname->crypto_buf.len = ret; 403 if (bigname) { 404 memcpy(&fname->hash, fname->crypto_buf.name, 4); 405 memcpy(&fname->minor_hash, fname->crypto_buf.name + 4, 4); 406 } else { 407 fname->disk_name.name = fname->crypto_buf.name; 408 fname->disk_name.len = fname->crypto_buf.len; 409 } 410 return 0; 411 412 errout: 413 fscrypt_fname_free_buffer(&fname->crypto_buf); 414 return ret; 415 } 416 EXPORT_SYMBOL(fscrypt_setup_filename); 417 418 void fscrypt_free_filename(struct fscrypt_name *fname) 419 { 420 kfree(fname->crypto_buf.name); 421 fname->crypto_buf.name = NULL; 422 fname->usr_fname = NULL; 423 fname->disk_name.name = NULL; 424 } 425 EXPORT_SYMBOL(fscrypt_free_filename); 426