1 /* 2 * This contains functions for filename crypto management 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * 7 * Written by Uday Savagaonkar, 2014. 8 * Modified by Jaegeuk Kim, 2015. 9 * 10 * This has not yet undergone a rigorous security audit. 11 */ 12 13 #include <linux/scatterlist.h> 14 #include <linux/ratelimit.h> 15 #include "fscrypt_private.h" 16 17 /** 18 * fname_crypt_complete() - completion callback for filename crypto 19 * @req: The asynchronous cipher request context 20 * @res: The result of the cipher operation 21 */ 22 static void fname_crypt_complete(struct crypto_async_request *req, int res) 23 { 24 struct fscrypt_completion_result *ecr = req->data; 25 26 if (res == -EINPROGRESS) 27 return; 28 ecr->res = res; 29 complete(&ecr->completion); 30 } 31 32 /** 33 * fname_encrypt() - encrypt a filename 34 * 35 * The caller must have allocated sufficient memory for the @oname string. 36 * 37 * Return: 0 on success, -errno on failure 38 */ 39 static int fname_encrypt(struct inode *inode, 40 const struct qstr *iname, struct fscrypt_str *oname) 41 { 42 struct skcipher_request *req = NULL; 43 DECLARE_FS_COMPLETION_RESULT(ecr); 44 struct fscrypt_info *ci = inode->i_crypt_info; 45 struct crypto_skcipher *tfm = ci->ci_ctfm; 46 int res = 0; 47 char iv[FS_CRYPTO_BLOCK_SIZE]; 48 struct scatterlist sg; 49 int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 50 unsigned int lim; 51 unsigned int cryptlen; 52 53 lim = inode->i_sb->s_cop->max_namelen(inode); 54 if (iname->len <= 0 || iname->len > lim) 55 return -EIO; 56 57 /* 58 * Copy the filename to the output buffer for encrypting in-place and 59 * pad it with the needed number of NUL bytes. 60 */ 61 cryptlen = max_t(unsigned int, iname->len, FS_CRYPTO_BLOCK_SIZE); 62 cryptlen = round_up(cryptlen, padding); 63 cryptlen = min(cryptlen, lim); 64 memcpy(oname->name, iname->name, iname->len); 65 memset(oname->name + iname->len, 0, cryptlen - iname->len); 66 67 /* Initialize the IV */ 68 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); 69 70 /* Set up the encryption request */ 71 req = skcipher_request_alloc(tfm, GFP_NOFS); 72 if (!req) { 73 printk_ratelimited(KERN_ERR 74 "%s: skcipher_request_alloc() failed\n", __func__); 75 return -ENOMEM; 76 } 77 skcipher_request_set_callback(req, 78 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 79 fname_crypt_complete, &ecr); 80 sg_init_one(&sg, oname->name, cryptlen); 81 skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv); 82 83 /* Do the encryption */ 84 res = crypto_skcipher_encrypt(req); 85 if (res == -EINPROGRESS || res == -EBUSY) { 86 /* Request is being completed asynchronously; wait for it */ 87 wait_for_completion(&ecr.completion); 88 res = ecr.res; 89 } 90 skcipher_request_free(req); 91 if (res < 0) { 92 printk_ratelimited(KERN_ERR 93 "%s: Error (error code %d)\n", __func__, res); 94 return res; 95 } 96 97 oname->len = cryptlen; 98 return 0; 99 } 100 101 /** 102 * fname_decrypt() - decrypt a filename 103 * 104 * The caller must have allocated sufficient memory for the @oname string. 105 * 106 * Return: 0 on success, -errno on failure 107 */ 108 static int fname_decrypt(struct inode *inode, 109 const struct fscrypt_str *iname, 110 struct fscrypt_str *oname) 111 { 112 struct skcipher_request *req = NULL; 113 DECLARE_FS_COMPLETION_RESULT(ecr); 114 struct scatterlist src_sg, dst_sg; 115 struct fscrypt_info *ci = inode->i_crypt_info; 116 struct crypto_skcipher *tfm = ci->ci_ctfm; 117 int res = 0; 118 char iv[FS_CRYPTO_BLOCK_SIZE]; 119 unsigned lim; 120 121 lim = inode->i_sb->s_cop->max_namelen(inode); 122 if (iname->len <= 0 || iname->len > lim) 123 return -EIO; 124 125 /* Allocate request */ 126 req = skcipher_request_alloc(tfm, GFP_NOFS); 127 if (!req) { 128 printk_ratelimited(KERN_ERR 129 "%s: crypto_request_alloc() failed\n", __func__); 130 return -ENOMEM; 131 } 132 skcipher_request_set_callback(req, 133 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 134 fname_crypt_complete, &ecr); 135 136 /* Initialize IV */ 137 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); 138 139 /* Create decryption request */ 140 sg_init_one(&src_sg, iname->name, iname->len); 141 sg_init_one(&dst_sg, oname->name, oname->len); 142 skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv); 143 res = crypto_skcipher_decrypt(req); 144 if (res == -EINPROGRESS || res == -EBUSY) { 145 wait_for_completion(&ecr.completion); 146 res = ecr.res; 147 } 148 skcipher_request_free(req); 149 if (res < 0) { 150 printk_ratelimited(KERN_ERR 151 "%s: Error (error code %d)\n", __func__, res); 152 return res; 153 } 154 155 oname->len = strnlen(oname->name, iname->len); 156 return 0; 157 } 158 159 static const char *lookup_table = 160 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; 161 162 /** 163 * digest_encode() - 164 * 165 * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. 166 * The encoded string is roughly 4/3 times the size of the input string. 167 */ 168 static int digest_encode(const char *src, int len, char *dst) 169 { 170 int i = 0, bits = 0, ac = 0; 171 char *cp = dst; 172 173 while (i < len) { 174 ac += (((unsigned char) src[i]) << bits); 175 bits += 8; 176 do { 177 *cp++ = lookup_table[ac & 0x3f]; 178 ac >>= 6; 179 bits -= 6; 180 } while (bits >= 6); 181 i++; 182 } 183 if (bits) 184 *cp++ = lookup_table[ac & 0x3f]; 185 return cp - dst; 186 } 187 188 static int digest_decode(const char *src, int len, char *dst) 189 { 190 int i = 0, bits = 0, ac = 0; 191 const char *p; 192 char *cp = dst; 193 194 while (i < len) { 195 p = strchr(lookup_table, src[i]); 196 if (p == NULL || src[i] == 0) 197 return -2; 198 ac += (p - lookup_table) << bits; 199 bits += 6; 200 if (bits >= 8) { 201 *cp++ = ac & 0xff; 202 ac >>= 8; 203 bits -= 8; 204 } 205 i++; 206 } 207 if (ac) 208 return -1; 209 return cp - dst; 210 } 211 212 u32 fscrypt_fname_encrypted_size(const struct inode *inode, u32 ilen) 213 { 214 int padding = 32; 215 struct fscrypt_info *ci = inode->i_crypt_info; 216 217 if (ci) 218 padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 219 ilen = max(ilen, (u32)FS_CRYPTO_BLOCK_SIZE); 220 return round_up(ilen, padding); 221 } 222 EXPORT_SYMBOL(fscrypt_fname_encrypted_size); 223 224 /** 225 * fscrypt_fname_crypto_alloc_obuff() - 226 * 227 * Allocates an output buffer that is sufficient for the crypto operation 228 * specified by the context and the direction. 229 */ 230 int fscrypt_fname_alloc_buffer(const struct inode *inode, 231 u32 ilen, struct fscrypt_str *crypto_str) 232 { 233 unsigned int olen = fscrypt_fname_encrypted_size(inode, ilen); 234 235 crypto_str->len = olen; 236 if (olen < FS_FNAME_CRYPTO_DIGEST_SIZE * 2) 237 olen = FS_FNAME_CRYPTO_DIGEST_SIZE * 2; 238 /* 239 * Allocated buffer can hold one more character to null-terminate the 240 * string 241 */ 242 crypto_str->name = kmalloc(olen + 1, GFP_NOFS); 243 if (!(crypto_str->name)) 244 return -ENOMEM; 245 return 0; 246 } 247 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer); 248 249 /** 250 * fscrypt_fname_crypto_free_buffer() - 251 * 252 * Frees the buffer allocated for crypto operation. 253 */ 254 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 255 { 256 if (!crypto_str) 257 return; 258 kfree(crypto_str->name); 259 crypto_str->name = NULL; 260 } 261 EXPORT_SYMBOL(fscrypt_fname_free_buffer); 262 263 /** 264 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user 265 * space 266 * 267 * The caller must have allocated sufficient memory for the @oname string. 268 * 269 * Return: 0 on success, -errno on failure 270 */ 271 int fscrypt_fname_disk_to_usr(struct inode *inode, 272 u32 hash, u32 minor_hash, 273 const struct fscrypt_str *iname, 274 struct fscrypt_str *oname) 275 { 276 const struct qstr qname = FSTR_TO_QSTR(iname); 277 char buf[24]; 278 279 if (fscrypt_is_dot_dotdot(&qname)) { 280 oname->name[0] = '.'; 281 oname->name[iname->len - 1] = '.'; 282 oname->len = iname->len; 283 return 0; 284 } 285 286 if (iname->len < FS_CRYPTO_BLOCK_SIZE) 287 return -EUCLEAN; 288 289 if (inode->i_crypt_info) 290 return fname_decrypt(inode, iname, oname); 291 292 if (iname->len <= FS_FNAME_CRYPTO_DIGEST_SIZE) { 293 oname->len = digest_encode(iname->name, iname->len, 294 oname->name); 295 return 0; 296 } 297 if (hash) { 298 memcpy(buf, &hash, 4); 299 memcpy(buf + 4, &minor_hash, 4); 300 } else { 301 memset(buf, 0, 8); 302 } 303 memcpy(buf + 8, iname->name + iname->len - 16, 16); 304 oname->name[0] = '_'; 305 oname->len = 1 + digest_encode(buf, 24, oname->name + 1); 306 return 0; 307 } 308 EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); 309 310 /** 311 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk 312 * space 313 * 314 * The caller must have allocated sufficient memory for the @oname string. 315 * 316 * Return: 0 on success, -errno on failure 317 */ 318 int fscrypt_fname_usr_to_disk(struct inode *inode, 319 const struct qstr *iname, 320 struct fscrypt_str *oname) 321 { 322 if (fscrypt_is_dot_dotdot(iname)) { 323 oname->name[0] = '.'; 324 oname->name[iname->len - 1] = '.'; 325 oname->len = iname->len; 326 return 0; 327 } 328 if (inode->i_crypt_info) 329 return fname_encrypt(inode, iname, oname); 330 /* 331 * Without a proper key, a user is not allowed to modify the filenames 332 * in a directory. Consequently, a user space name cannot be mapped to 333 * a disk-space name 334 */ 335 return -ENOKEY; 336 } 337 EXPORT_SYMBOL(fscrypt_fname_usr_to_disk); 338 339 int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, 340 int lookup, struct fscrypt_name *fname) 341 { 342 int ret = 0, bigname = 0; 343 344 memset(fname, 0, sizeof(struct fscrypt_name)); 345 fname->usr_fname = iname; 346 347 if (!dir->i_sb->s_cop->is_encrypted(dir) || 348 fscrypt_is_dot_dotdot(iname)) { 349 fname->disk_name.name = (unsigned char *)iname->name; 350 fname->disk_name.len = iname->len; 351 return 0; 352 } 353 ret = fscrypt_get_crypt_info(dir); 354 if (ret && ret != -EOPNOTSUPP) 355 return ret; 356 357 if (dir->i_crypt_info) { 358 ret = fscrypt_fname_alloc_buffer(dir, iname->len, 359 &fname->crypto_buf); 360 if (ret) 361 return ret; 362 ret = fname_encrypt(dir, iname, &fname->crypto_buf); 363 if (ret) 364 goto errout; 365 fname->disk_name.name = fname->crypto_buf.name; 366 fname->disk_name.len = fname->crypto_buf.len; 367 return 0; 368 } 369 if (!lookup) 370 return -ENOKEY; 371 372 /* 373 * We don't have the key and we are doing a lookup; decode the 374 * user-supplied name 375 */ 376 if (iname->name[0] == '_') 377 bigname = 1; 378 if ((bigname && (iname->len != 33)) || (!bigname && (iname->len > 43))) 379 return -ENOENT; 380 381 fname->crypto_buf.name = kmalloc(32, GFP_KERNEL); 382 if (fname->crypto_buf.name == NULL) 383 return -ENOMEM; 384 385 ret = digest_decode(iname->name + bigname, iname->len - bigname, 386 fname->crypto_buf.name); 387 if (ret < 0) { 388 ret = -ENOENT; 389 goto errout; 390 } 391 fname->crypto_buf.len = ret; 392 if (bigname) { 393 memcpy(&fname->hash, fname->crypto_buf.name, 4); 394 memcpy(&fname->minor_hash, fname->crypto_buf.name + 4, 4); 395 } else { 396 fname->disk_name.name = fname->crypto_buf.name; 397 fname->disk_name.len = fname->crypto_buf.len; 398 } 399 return 0; 400 401 errout: 402 fscrypt_fname_free_buffer(&fname->crypto_buf); 403 return ret; 404 } 405 EXPORT_SYMBOL(fscrypt_setup_filename); 406 407 void fscrypt_free_filename(struct fscrypt_name *fname) 408 { 409 kfree(fname->crypto_buf.name); 410 fname->crypto_buf.name = NULL; 411 fname->usr_fname = NULL; 412 fname->disk_name.name = NULL; 413 } 414 EXPORT_SYMBOL(fscrypt_free_filename); 415