1 /* 2 * This contains functions for filename crypto management 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility 6 * 7 * Written by Uday Savagaonkar, 2014. 8 * Modified by Jaegeuk Kim, 2015. 9 * 10 * This has not yet undergone a rigorous security audit. 11 */ 12 13 #include <linux/scatterlist.h> 14 #include <linux/ratelimit.h> 15 #include "fscrypt_private.h" 16 17 /** 18 * fname_crypt_complete() - completion callback for filename crypto 19 * @req: The asynchronous cipher request context 20 * @res: The result of the cipher operation 21 */ 22 static void fname_crypt_complete(struct crypto_async_request *req, int res) 23 { 24 struct fscrypt_completion_result *ecr = req->data; 25 26 if (res == -EINPROGRESS) 27 return; 28 ecr->res = res; 29 complete(&ecr->completion); 30 } 31 32 /** 33 * fname_encrypt() - encrypt a filename 34 * 35 * The caller must have allocated sufficient memory for the @oname string. 36 * 37 * Return: 0 on success, -errno on failure 38 */ 39 static int fname_encrypt(struct inode *inode, 40 const struct qstr *iname, struct fscrypt_str *oname) 41 { 42 struct skcipher_request *req = NULL; 43 DECLARE_FS_COMPLETION_RESULT(ecr); 44 struct fscrypt_info *ci = inode->i_crypt_info; 45 struct crypto_skcipher *tfm = ci->ci_ctfm; 46 int res = 0; 47 char iv[FS_CRYPTO_BLOCK_SIZE]; 48 struct scatterlist sg; 49 int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 50 unsigned int lim; 51 unsigned int cryptlen; 52 53 lim = inode->i_sb->s_cop->max_namelen(inode); 54 if (iname->len <= 0 || iname->len > lim) 55 return -EIO; 56 57 /* 58 * Copy the filename to the output buffer for encrypting in-place and 59 * pad it with the needed number of NUL bytes. 60 */ 61 cryptlen = max_t(unsigned int, iname->len, FS_CRYPTO_BLOCK_SIZE); 62 cryptlen = round_up(cryptlen, padding); 63 cryptlen = min(cryptlen, lim); 64 memcpy(oname->name, iname->name, iname->len); 65 memset(oname->name + iname->len, 0, cryptlen - iname->len); 66 67 /* Initialize the IV */ 68 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); 69 70 /* Set up the encryption request */ 71 req = skcipher_request_alloc(tfm, GFP_NOFS); 72 if (!req) { 73 printk_ratelimited(KERN_ERR 74 "%s: skcipher_request_alloc() failed\n", __func__); 75 return -ENOMEM; 76 } 77 skcipher_request_set_callback(req, 78 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 79 fname_crypt_complete, &ecr); 80 sg_init_one(&sg, oname->name, cryptlen); 81 skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv); 82 83 /* Do the encryption */ 84 res = crypto_skcipher_encrypt(req); 85 if (res == -EINPROGRESS || res == -EBUSY) { 86 /* Request is being completed asynchronously; wait for it */ 87 wait_for_completion(&ecr.completion); 88 res = ecr.res; 89 } 90 skcipher_request_free(req); 91 if (res < 0) { 92 printk_ratelimited(KERN_ERR 93 "%s: Error (error code %d)\n", __func__, res); 94 return res; 95 } 96 97 oname->len = cryptlen; 98 return 0; 99 } 100 101 /** 102 * fname_decrypt() - decrypt a filename 103 * 104 * The caller must have allocated sufficient memory for the @oname string. 105 * 106 * Return: 0 on success, -errno on failure 107 */ 108 static int fname_decrypt(struct inode *inode, 109 const struct fscrypt_str *iname, 110 struct fscrypt_str *oname) 111 { 112 struct skcipher_request *req = NULL; 113 DECLARE_FS_COMPLETION_RESULT(ecr); 114 struct scatterlist src_sg, dst_sg; 115 struct fscrypt_info *ci = inode->i_crypt_info; 116 struct crypto_skcipher *tfm = ci->ci_ctfm; 117 int res = 0; 118 char iv[FS_CRYPTO_BLOCK_SIZE]; 119 unsigned lim; 120 121 lim = inode->i_sb->s_cop->max_namelen(inode); 122 if (iname->len <= 0 || iname->len > lim) 123 return -EIO; 124 125 /* Allocate request */ 126 req = skcipher_request_alloc(tfm, GFP_NOFS); 127 if (!req) { 128 printk_ratelimited(KERN_ERR 129 "%s: crypto_request_alloc() failed\n", __func__); 130 return -ENOMEM; 131 } 132 skcipher_request_set_callback(req, 133 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 134 fname_crypt_complete, &ecr); 135 136 /* Initialize IV */ 137 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); 138 139 /* Create decryption request */ 140 sg_init_one(&src_sg, iname->name, iname->len); 141 sg_init_one(&dst_sg, oname->name, oname->len); 142 skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv); 143 res = crypto_skcipher_decrypt(req); 144 if (res == -EINPROGRESS || res == -EBUSY) { 145 wait_for_completion(&ecr.completion); 146 res = ecr.res; 147 } 148 skcipher_request_free(req); 149 if (res < 0) { 150 printk_ratelimited(KERN_ERR 151 "%s: Error (error code %d)\n", __func__, res); 152 return res; 153 } 154 155 oname->len = strnlen(oname->name, iname->len); 156 return 0; 157 } 158 159 static const char *lookup_table = 160 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; 161 162 #define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3) 163 164 /** 165 * digest_encode() - 166 * 167 * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. 168 * The encoded string is roughly 4/3 times the size of the input string. 169 */ 170 static int digest_encode(const char *src, int len, char *dst) 171 { 172 int i = 0, bits = 0, ac = 0; 173 char *cp = dst; 174 175 while (i < len) { 176 ac += (((unsigned char) src[i]) << bits); 177 bits += 8; 178 do { 179 *cp++ = lookup_table[ac & 0x3f]; 180 ac >>= 6; 181 bits -= 6; 182 } while (bits >= 6); 183 i++; 184 } 185 if (bits) 186 *cp++ = lookup_table[ac & 0x3f]; 187 return cp - dst; 188 } 189 190 static int digest_decode(const char *src, int len, char *dst) 191 { 192 int i = 0, bits = 0, ac = 0; 193 const char *p; 194 char *cp = dst; 195 196 while (i < len) { 197 p = strchr(lookup_table, src[i]); 198 if (p == NULL || src[i] == 0) 199 return -2; 200 ac += (p - lookup_table) << bits; 201 bits += 6; 202 if (bits >= 8) { 203 *cp++ = ac & 0xff; 204 ac >>= 8; 205 bits -= 8; 206 } 207 i++; 208 } 209 if (ac) 210 return -1; 211 return cp - dst; 212 } 213 214 u32 fscrypt_fname_encrypted_size(const struct inode *inode, u32 ilen) 215 { 216 int padding = 32; 217 struct fscrypt_info *ci = inode->i_crypt_info; 218 219 if (ci) 220 padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 221 ilen = max(ilen, (u32)FS_CRYPTO_BLOCK_SIZE); 222 return round_up(ilen, padding); 223 } 224 EXPORT_SYMBOL(fscrypt_fname_encrypted_size); 225 226 /** 227 * fscrypt_fname_crypto_alloc_obuff() - 228 * 229 * Allocates an output buffer that is sufficient for the crypto operation 230 * specified by the context and the direction. 231 */ 232 int fscrypt_fname_alloc_buffer(const struct inode *inode, 233 u32 ilen, struct fscrypt_str *crypto_str) 234 { 235 u32 olen = fscrypt_fname_encrypted_size(inode, ilen); 236 const u32 max_encoded_len = 237 max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE), 238 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))); 239 240 crypto_str->len = olen; 241 olen = max(olen, max_encoded_len); 242 243 /* 244 * Allocated buffer can hold one more character to null-terminate the 245 * string 246 */ 247 crypto_str->name = kmalloc(olen + 1, GFP_NOFS); 248 if (!(crypto_str->name)) 249 return -ENOMEM; 250 return 0; 251 } 252 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer); 253 254 /** 255 * fscrypt_fname_crypto_free_buffer() - 256 * 257 * Frees the buffer allocated for crypto operation. 258 */ 259 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 260 { 261 if (!crypto_str) 262 return; 263 kfree(crypto_str->name); 264 crypto_str->name = NULL; 265 } 266 EXPORT_SYMBOL(fscrypt_fname_free_buffer); 267 268 /** 269 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user 270 * space 271 * 272 * The caller must have allocated sufficient memory for the @oname string. 273 * 274 * If the key is available, we'll decrypt the disk name; otherwise, we'll encode 275 * it for presentation. Short names are directly base64-encoded, while long 276 * names are encoded in fscrypt_digested_name format. 277 * 278 * Return: 0 on success, -errno on failure 279 */ 280 int fscrypt_fname_disk_to_usr(struct inode *inode, 281 u32 hash, u32 minor_hash, 282 const struct fscrypt_str *iname, 283 struct fscrypt_str *oname) 284 { 285 const struct qstr qname = FSTR_TO_QSTR(iname); 286 struct fscrypt_digested_name digested_name; 287 288 if (fscrypt_is_dot_dotdot(&qname)) { 289 oname->name[0] = '.'; 290 oname->name[iname->len - 1] = '.'; 291 oname->len = iname->len; 292 return 0; 293 } 294 295 if (iname->len < FS_CRYPTO_BLOCK_SIZE) 296 return -EUCLEAN; 297 298 if (inode->i_crypt_info) 299 return fname_decrypt(inode, iname, oname); 300 301 if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { 302 oname->len = digest_encode(iname->name, iname->len, 303 oname->name); 304 return 0; 305 } 306 if (hash) { 307 digested_name.hash = hash; 308 digested_name.minor_hash = minor_hash; 309 } else { 310 digested_name.hash = 0; 311 digested_name.minor_hash = 0; 312 } 313 memcpy(digested_name.digest, 314 FSCRYPT_FNAME_DIGEST(iname->name, iname->len), 315 FSCRYPT_FNAME_DIGEST_SIZE); 316 oname->name[0] = '_'; 317 oname->len = 1 + digest_encode((const char *)&digested_name, 318 sizeof(digested_name), oname->name + 1); 319 return 0; 320 } 321 EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); 322 323 /** 324 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk 325 * space 326 * 327 * The caller must have allocated sufficient memory for the @oname string. 328 * 329 * Return: 0 on success, -errno on failure 330 */ 331 int fscrypt_fname_usr_to_disk(struct inode *inode, 332 const struct qstr *iname, 333 struct fscrypt_str *oname) 334 { 335 if (fscrypt_is_dot_dotdot(iname)) { 336 oname->name[0] = '.'; 337 oname->name[iname->len - 1] = '.'; 338 oname->len = iname->len; 339 return 0; 340 } 341 if (inode->i_crypt_info) 342 return fname_encrypt(inode, iname, oname); 343 /* 344 * Without a proper key, a user is not allowed to modify the filenames 345 * in a directory. Consequently, a user space name cannot be mapped to 346 * a disk-space name 347 */ 348 return -ENOKEY; 349 } 350 EXPORT_SYMBOL(fscrypt_fname_usr_to_disk); 351 352 /** 353 * fscrypt_setup_filename() - prepare to search a possibly encrypted directory 354 * @dir: the directory that will be searched 355 * @iname: the user-provided filename being searched for 356 * @lookup: 1 if we're allowed to proceed without the key because it's 357 * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot 358 * proceed without the key because we're going to create the dir_entry. 359 * @fname: the filename information to be filled in 360 * 361 * Given a user-provided filename @iname, this function sets @fname->disk_name 362 * to the name that would be stored in the on-disk directory entry, if possible. 363 * If the directory is unencrypted this is simply @iname. Else, if we have the 364 * directory's encryption key, then @iname is the plaintext, so we encrypt it to 365 * get the disk_name. 366 * 367 * Else, for keyless @lookup operations, @iname is the presented ciphertext, so 368 * we decode it to get either the ciphertext disk_name (for short names) or the 369 * fscrypt_digested_name (for long names). Non-@lookup operations will be 370 * impossible in this case, so we fail them with ENOKEY. 371 * 372 * If successful, fscrypt_free_filename() must be called later to clean up. 373 * 374 * Return: 0 on success, -errno on failure 375 */ 376 int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, 377 int lookup, struct fscrypt_name *fname) 378 { 379 int ret; 380 int digested; 381 382 memset(fname, 0, sizeof(struct fscrypt_name)); 383 fname->usr_fname = iname; 384 385 if (!dir->i_sb->s_cop->is_encrypted(dir) || 386 fscrypt_is_dot_dotdot(iname)) { 387 fname->disk_name.name = (unsigned char *)iname->name; 388 fname->disk_name.len = iname->len; 389 return 0; 390 } 391 ret = fscrypt_get_encryption_info(dir); 392 if (ret && ret != -EOPNOTSUPP) 393 return ret; 394 395 if (dir->i_crypt_info) { 396 ret = fscrypt_fname_alloc_buffer(dir, iname->len, 397 &fname->crypto_buf); 398 if (ret) 399 return ret; 400 ret = fname_encrypt(dir, iname, &fname->crypto_buf); 401 if (ret) 402 goto errout; 403 fname->disk_name.name = fname->crypto_buf.name; 404 fname->disk_name.len = fname->crypto_buf.len; 405 return 0; 406 } 407 if (!lookup) 408 return -ENOKEY; 409 410 /* 411 * We don't have the key and we are doing a lookup; decode the 412 * user-supplied name 413 */ 414 if (iname->name[0] == '_') { 415 if (iname->len != 416 1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name))) 417 return -ENOENT; 418 digested = 1; 419 } else { 420 if (iname->len > 421 BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)) 422 return -ENOENT; 423 digested = 0; 424 } 425 426 fname->crypto_buf.name = 427 kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE, 428 sizeof(struct fscrypt_digested_name)), 429 GFP_KERNEL); 430 if (fname->crypto_buf.name == NULL) 431 return -ENOMEM; 432 433 ret = digest_decode(iname->name + digested, iname->len - digested, 434 fname->crypto_buf.name); 435 if (ret < 0) { 436 ret = -ENOENT; 437 goto errout; 438 } 439 fname->crypto_buf.len = ret; 440 if (digested) { 441 const struct fscrypt_digested_name *n = 442 (const void *)fname->crypto_buf.name; 443 fname->hash = n->hash; 444 fname->minor_hash = n->minor_hash; 445 } else { 446 fname->disk_name.name = fname->crypto_buf.name; 447 fname->disk_name.len = fname->crypto_buf.len; 448 } 449 return 0; 450 451 errout: 452 fscrypt_fname_free_buffer(&fname->crypto_buf); 453 return ret; 454 } 455 EXPORT_SYMBOL(fscrypt_setup_filename); 456 457 void fscrypt_free_filename(struct fscrypt_name *fname) 458 { 459 kfree(fname->crypto_buf.name); 460 fname->crypto_buf.name = NULL; 461 fname->usr_fname = NULL; 462 fname->disk_name.name = NULL; 463 } 464 EXPORT_SYMBOL(fscrypt_free_filename); 465