xref: /openbmc/linux/fs/ecryptfs/crypto.c (revision 3ddc8b84)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * eCryptfs: Linux filesystem encryption layer
4  *
5  * Copyright (C) 1997-2004 Erez Zadok
6  * Copyright (C) 2001-2004 Stony Brook University
7  * Copyright (C) 2004-2007 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
9  *   		Michael C. Thompson <mcthomps@us.ibm.com>
10  */
11 
12 #include <crypto/hash.h>
13 #include <crypto/skcipher.h>
14 #include <linux/fs.h>
15 #include <linux/mount.h>
16 #include <linux/pagemap.h>
17 #include <linux/random.h>
18 #include <linux/compiler.h>
19 #include <linux/key.h>
20 #include <linux/namei.h>
21 #include <linux/file.h>
22 #include <linux/scatterlist.h>
23 #include <linux/slab.h>
24 #include <asm/unaligned.h>
25 #include <linux/kernel.h>
26 #include <linux/xattr.h>
27 #include "ecryptfs_kernel.h"
28 
29 #define DECRYPT		0
30 #define ENCRYPT		1
31 
32 /**
33  * ecryptfs_from_hex
34  * @dst: Buffer to take the bytes from src hex; must be at least of
35  *       size (src_size / 2)
36  * @src: Buffer to be converted from a hex string representation to raw value
37  * @dst_size: size of dst buffer, or number of hex characters pairs to convert
38  */
39 void ecryptfs_from_hex(char *dst, char *src, int dst_size)
40 {
41 	int x;
42 	char tmp[3] = { 0, };
43 
44 	for (x = 0; x < dst_size; x++) {
45 		tmp[0] = src[x * 2];
46 		tmp[1] = src[x * 2 + 1];
47 		dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
48 	}
49 }
50 
51 /**
52  * ecryptfs_calculate_md5 - calculates the md5 of @src
53  * @dst: Pointer to 16 bytes of allocated memory
54  * @crypt_stat: Pointer to crypt_stat struct for the current inode
55  * @src: Data to be md5'd
56  * @len: Length of @src
57  *
58  * Uses the allocated crypto context that crypt_stat references to
59  * generate the MD5 sum of the contents of src.
60  */
61 static int ecryptfs_calculate_md5(char *dst,
62 				  struct ecryptfs_crypt_stat *crypt_stat,
63 				  char *src, int len)
64 {
65 	int rc = crypto_shash_tfm_digest(crypt_stat->hash_tfm, src, len, dst);
66 
67 	if (rc) {
68 		printk(KERN_ERR
69 		       "%s: Error computing crypto hash; rc = [%d]\n",
70 		       __func__, rc);
71 		goto out;
72 	}
73 out:
74 	return rc;
75 }
76 
77 static int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
78 						  char *cipher_name,
79 						  char *chaining_modifier)
80 {
81 	int cipher_name_len = strlen(cipher_name);
82 	int chaining_modifier_len = strlen(chaining_modifier);
83 	int algified_name_len;
84 	int rc;
85 
86 	algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
87 	(*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
88 	if (!(*algified_name)) {
89 		rc = -ENOMEM;
90 		goto out;
91 	}
92 	snprintf((*algified_name), algified_name_len, "%s(%s)",
93 		 chaining_modifier, cipher_name);
94 	rc = 0;
95 out:
96 	return rc;
97 }
98 
99 /**
100  * ecryptfs_derive_iv
101  * @iv: destination for the derived iv vale
102  * @crypt_stat: Pointer to crypt_stat struct for the current inode
103  * @offset: Offset of the extent whose IV we are to derive
104  *
105  * Generate the initialization vector from the given root IV and page
106  * offset.
107  *
108  * Returns zero on success; non-zero on error.
109  */
110 int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat,
111 		       loff_t offset)
112 {
113 	int rc = 0;
114 	char dst[MD5_DIGEST_SIZE];
115 	char src[ECRYPTFS_MAX_IV_BYTES + 16];
116 
117 	if (unlikely(ecryptfs_verbosity > 0)) {
118 		ecryptfs_printk(KERN_DEBUG, "root iv:\n");
119 		ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
120 	}
121 	/* TODO: It is probably secure to just cast the least
122 	 * significant bits of the root IV into an unsigned long and
123 	 * add the offset to that rather than go through all this
124 	 * hashing business. -Halcrow */
125 	memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
126 	memset((src + crypt_stat->iv_bytes), 0, 16);
127 	snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
128 	if (unlikely(ecryptfs_verbosity > 0)) {
129 		ecryptfs_printk(KERN_DEBUG, "source:\n");
130 		ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
131 	}
132 	rc = ecryptfs_calculate_md5(dst, crypt_stat, src,
133 				    (crypt_stat->iv_bytes + 16));
134 	if (rc) {
135 		ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
136 				"MD5 while generating IV for a page\n");
137 		goto out;
138 	}
139 	memcpy(iv, dst, crypt_stat->iv_bytes);
140 	if (unlikely(ecryptfs_verbosity > 0)) {
141 		ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
142 		ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
143 	}
144 out:
145 	return rc;
146 }
147 
148 /**
149  * ecryptfs_init_crypt_stat
150  * @crypt_stat: Pointer to the crypt_stat struct to initialize.
151  *
152  * Initialize the crypt_stat structure.
153  */
154 int ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
155 {
156 	struct crypto_shash *tfm;
157 	int rc;
158 
159 	tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
160 	if (IS_ERR(tfm)) {
161 		rc = PTR_ERR(tfm);
162 		ecryptfs_printk(KERN_ERR, "Error attempting to "
163 				"allocate crypto context; rc = [%d]\n",
164 				rc);
165 		return rc;
166 	}
167 
168 	memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
169 	INIT_LIST_HEAD(&crypt_stat->keysig_list);
170 	mutex_init(&crypt_stat->keysig_list_mutex);
171 	mutex_init(&crypt_stat->cs_mutex);
172 	mutex_init(&crypt_stat->cs_tfm_mutex);
173 	crypt_stat->hash_tfm = tfm;
174 	crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
175 
176 	return 0;
177 }
178 
179 /**
180  * ecryptfs_destroy_crypt_stat
181  * @crypt_stat: Pointer to the crypt_stat struct to initialize.
182  *
183  * Releases all memory associated with a crypt_stat struct.
184  */
185 void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
186 {
187 	struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
188 
189 	crypto_free_skcipher(crypt_stat->tfm);
190 	crypto_free_shash(crypt_stat->hash_tfm);
191 	list_for_each_entry_safe(key_sig, key_sig_tmp,
192 				 &crypt_stat->keysig_list, crypt_stat_list) {
193 		list_del(&key_sig->crypt_stat_list);
194 		kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
195 	}
196 	memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
197 }
198 
199 void ecryptfs_destroy_mount_crypt_stat(
200 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
201 {
202 	struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp;
203 
204 	if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED))
205 		return;
206 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
207 	list_for_each_entry_safe(auth_tok, auth_tok_tmp,
208 				 &mount_crypt_stat->global_auth_tok_list,
209 				 mount_crypt_stat_list) {
210 		list_del(&auth_tok->mount_crypt_stat_list);
211 		if (!(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
212 			key_put(auth_tok->global_auth_tok_key);
213 		kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok);
214 	}
215 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
216 	memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
217 }
218 
219 /**
220  * virt_to_scatterlist
221  * @addr: Virtual address
222  * @size: Size of data; should be an even multiple of the block size
223  * @sg: Pointer to scatterlist array; set to NULL to obtain only
224  *      the number of scatterlist structs required in array
225  * @sg_size: Max array size
226  *
227  * Fills in a scatterlist array with page references for a passed
228  * virtual address.
229  *
230  * Returns the number of scatterlist structs in array used
231  */
232 int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
233 			int sg_size)
234 {
235 	int i = 0;
236 	struct page *pg;
237 	int offset;
238 	int remainder_of_page;
239 
240 	sg_init_table(sg, sg_size);
241 
242 	while (size > 0 && i < sg_size) {
243 		pg = virt_to_page(addr);
244 		offset = offset_in_page(addr);
245 		sg_set_page(&sg[i], pg, 0, offset);
246 		remainder_of_page = PAGE_SIZE - offset;
247 		if (size >= remainder_of_page) {
248 			sg[i].length = remainder_of_page;
249 			addr += remainder_of_page;
250 			size -= remainder_of_page;
251 		} else {
252 			sg[i].length = size;
253 			addr += size;
254 			size = 0;
255 		}
256 		i++;
257 	}
258 	if (size > 0)
259 		return -ENOMEM;
260 	return i;
261 }
262 
263 /**
264  * crypt_scatterlist
265  * @crypt_stat: Pointer to the crypt_stat struct to initialize.
266  * @dst_sg: Destination of the data after performing the crypto operation
267  * @src_sg: Data to be encrypted or decrypted
268  * @size: Length of data
269  * @iv: IV to use
270  * @op: ENCRYPT or DECRYPT to indicate the desired operation
271  *
272  * Returns the number of bytes encrypted or decrypted; negative value on error
273  */
274 static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
275 			     struct scatterlist *dst_sg,
276 			     struct scatterlist *src_sg, int size,
277 			     unsigned char *iv, int op)
278 {
279 	struct skcipher_request *req = NULL;
280 	DECLARE_CRYPTO_WAIT(ecr);
281 	int rc = 0;
282 
283 	if (unlikely(ecryptfs_verbosity > 0)) {
284 		ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
285 				crypt_stat->key_size);
286 		ecryptfs_dump_hex(crypt_stat->key,
287 				  crypt_stat->key_size);
288 	}
289 
290 	mutex_lock(&crypt_stat->cs_tfm_mutex);
291 	req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
292 	if (!req) {
293 		mutex_unlock(&crypt_stat->cs_tfm_mutex);
294 		rc = -ENOMEM;
295 		goto out;
296 	}
297 
298 	skcipher_request_set_callback(req,
299 			CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
300 			crypto_req_done, &ecr);
301 	/* Consider doing this once, when the file is opened */
302 	if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
303 		rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key,
304 					    crypt_stat->key_size);
305 		if (rc) {
306 			ecryptfs_printk(KERN_ERR,
307 					"Error setting key; rc = [%d]\n",
308 					rc);
309 			mutex_unlock(&crypt_stat->cs_tfm_mutex);
310 			rc = -EINVAL;
311 			goto out;
312 		}
313 		crypt_stat->flags |= ECRYPTFS_KEY_SET;
314 	}
315 	mutex_unlock(&crypt_stat->cs_tfm_mutex);
316 	skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv);
317 	rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) :
318 			     crypto_skcipher_decrypt(req);
319 	rc = crypto_wait_req(rc, &ecr);
320 out:
321 	skcipher_request_free(req);
322 	return rc;
323 }
324 
325 /*
326  * lower_offset_for_page
327  *
328  * Convert an eCryptfs page index into a lower byte offset
329  */
330 static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat,
331 				    struct page *page)
332 {
333 	return ecryptfs_lower_header_size(crypt_stat) +
334 	       ((loff_t)page->index << PAGE_SHIFT);
335 }
336 
337 /**
338  * crypt_extent
339  * @crypt_stat: crypt_stat containing cryptographic context for the
340  *              encryption operation
341  * @dst_page: The page to write the result into
342  * @src_page: The page to read from
343  * @extent_offset: Page extent offset for use in generating IV
344  * @op: ENCRYPT or DECRYPT to indicate the desired operation
345  *
346  * Encrypts or decrypts one extent of data.
347  *
348  * Return zero on success; non-zero otherwise
349  */
350 static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat,
351 			struct page *dst_page,
352 			struct page *src_page,
353 			unsigned long extent_offset, int op)
354 {
355 	pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index;
356 	loff_t extent_base;
357 	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
358 	struct scatterlist src_sg, dst_sg;
359 	size_t extent_size = crypt_stat->extent_size;
360 	int rc;
361 
362 	extent_base = (((loff_t)page_index) * (PAGE_SIZE / extent_size));
363 	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
364 				(extent_base + extent_offset));
365 	if (rc) {
366 		ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
367 			"extent [0x%.16llx]; rc = [%d]\n",
368 			(unsigned long long)(extent_base + extent_offset), rc);
369 		goto out;
370 	}
371 
372 	sg_init_table(&src_sg, 1);
373 	sg_init_table(&dst_sg, 1);
374 
375 	sg_set_page(&src_sg, src_page, extent_size,
376 		    extent_offset * extent_size);
377 	sg_set_page(&dst_sg, dst_page, extent_size,
378 		    extent_offset * extent_size);
379 
380 	rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size,
381 			       extent_iv, op);
382 	if (rc < 0) {
383 		printk(KERN_ERR "%s: Error attempting to crypt page with "
384 		       "page_index = [%ld], extent_offset = [%ld]; "
385 		       "rc = [%d]\n", __func__, page_index, extent_offset, rc);
386 		goto out;
387 	}
388 	rc = 0;
389 out:
390 	return rc;
391 }
392 
393 /**
394  * ecryptfs_encrypt_page
395  * @page: Page mapped from the eCryptfs inode for the file; contains
396  *        decrypted content that needs to be encrypted (to a temporary
397  *        page; not in place) and written out to the lower file
398  *
399  * Encrypt an eCryptfs page. This is done on a per-extent basis. Note
400  * that eCryptfs pages may straddle the lower pages -- for instance,
401  * if the file was created on a machine with an 8K page size
402  * (resulting in an 8K header), and then the file is copied onto a
403  * host with a 32K page size, then when reading page 0 of the eCryptfs
404  * file, 24K of page 0 of the lower file will be read and decrypted,
405  * and then 8K of page 1 of the lower file will be read and decrypted.
406  *
407  * Returns zero on success; negative on error
408  */
409 int ecryptfs_encrypt_page(struct page *page)
410 {
411 	struct inode *ecryptfs_inode;
412 	struct ecryptfs_crypt_stat *crypt_stat;
413 	char *enc_extent_virt;
414 	struct page *enc_extent_page = NULL;
415 	loff_t extent_offset;
416 	loff_t lower_offset;
417 	int rc = 0;
418 
419 	ecryptfs_inode = page->mapping->host;
420 	crypt_stat =
421 		&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
422 	BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
423 	enc_extent_page = alloc_page(GFP_USER);
424 	if (!enc_extent_page) {
425 		rc = -ENOMEM;
426 		ecryptfs_printk(KERN_ERR, "Error allocating memory for "
427 				"encrypted extent\n");
428 		goto out;
429 	}
430 
431 	for (extent_offset = 0;
432 	     extent_offset < (PAGE_SIZE / crypt_stat->extent_size);
433 	     extent_offset++) {
434 		rc = crypt_extent(crypt_stat, enc_extent_page, page,
435 				  extent_offset, ENCRYPT);
436 		if (rc) {
437 			printk(KERN_ERR "%s: Error encrypting extent; "
438 			       "rc = [%d]\n", __func__, rc);
439 			goto out;
440 		}
441 	}
442 
443 	lower_offset = lower_offset_for_page(crypt_stat, page);
444 	enc_extent_virt = kmap_local_page(enc_extent_page);
445 	rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset,
446 				  PAGE_SIZE);
447 	kunmap_local(enc_extent_virt);
448 	if (rc < 0) {
449 		ecryptfs_printk(KERN_ERR,
450 			"Error attempting to write lower page; rc = [%d]\n",
451 			rc);
452 		goto out;
453 	}
454 	rc = 0;
455 out:
456 	if (enc_extent_page) {
457 		__free_page(enc_extent_page);
458 	}
459 	return rc;
460 }
461 
462 /**
463  * ecryptfs_decrypt_page
464  * @page: Page mapped from the eCryptfs inode for the file; data read
465  *        and decrypted from the lower file will be written into this
466  *        page
467  *
468  * Decrypt an eCryptfs page. This is done on a per-extent basis. Note
469  * that eCryptfs pages may straddle the lower pages -- for instance,
470  * if the file was created on a machine with an 8K page size
471  * (resulting in an 8K header), and then the file is copied onto a
472  * host with a 32K page size, then when reading page 0 of the eCryptfs
473  * file, 24K of page 0 of the lower file will be read and decrypted,
474  * and then 8K of page 1 of the lower file will be read and decrypted.
475  *
476  * Returns zero on success; negative on error
477  */
478 int ecryptfs_decrypt_page(struct page *page)
479 {
480 	struct inode *ecryptfs_inode;
481 	struct ecryptfs_crypt_stat *crypt_stat;
482 	char *page_virt;
483 	unsigned long extent_offset;
484 	loff_t lower_offset;
485 	int rc = 0;
486 
487 	ecryptfs_inode = page->mapping->host;
488 	crypt_stat =
489 		&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
490 	BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
491 
492 	lower_offset = lower_offset_for_page(crypt_stat, page);
493 	page_virt = kmap_local_page(page);
494 	rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_SIZE,
495 				 ecryptfs_inode);
496 	kunmap_local(page_virt);
497 	if (rc < 0) {
498 		ecryptfs_printk(KERN_ERR,
499 			"Error attempting to read lower page; rc = [%d]\n",
500 			rc);
501 		goto out;
502 	}
503 
504 	for (extent_offset = 0;
505 	     extent_offset < (PAGE_SIZE / crypt_stat->extent_size);
506 	     extent_offset++) {
507 		rc = crypt_extent(crypt_stat, page, page,
508 				  extent_offset, DECRYPT);
509 		if (rc) {
510 			printk(KERN_ERR "%s: Error decrypting extent; "
511 			       "rc = [%d]\n", __func__, rc);
512 			goto out;
513 		}
514 	}
515 out:
516 	return rc;
517 }
518 
519 #define ECRYPTFS_MAX_SCATTERLIST_LEN 4
520 
521 /**
522  * ecryptfs_init_crypt_ctx
523  * @crypt_stat: Uninitialized crypt stats structure
524  *
525  * Initialize the crypto context.
526  *
527  * TODO: Performance: Keep a cache of initialized cipher contexts;
528  * only init if needed
529  */
530 int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
531 {
532 	char *full_alg_name;
533 	int rc = -EINVAL;
534 
535 	ecryptfs_printk(KERN_DEBUG,
536 			"Initializing cipher [%s]; strlen = [%d]; "
537 			"key_size_bits = [%zd]\n",
538 			crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
539 			crypt_stat->key_size << 3);
540 	mutex_lock(&crypt_stat->cs_tfm_mutex);
541 	if (crypt_stat->tfm) {
542 		rc = 0;
543 		goto out_unlock;
544 	}
545 	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
546 						    crypt_stat->cipher, "cbc");
547 	if (rc)
548 		goto out_unlock;
549 	crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0);
550 	if (IS_ERR(crypt_stat->tfm)) {
551 		rc = PTR_ERR(crypt_stat->tfm);
552 		crypt_stat->tfm = NULL;
553 		ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
554 				"Error initializing cipher [%s]\n",
555 				full_alg_name);
556 		goto out_free;
557 	}
558 	crypto_skcipher_set_flags(crypt_stat->tfm,
559 				  CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
560 	rc = 0;
561 out_free:
562 	kfree(full_alg_name);
563 out_unlock:
564 	mutex_unlock(&crypt_stat->cs_tfm_mutex);
565 	return rc;
566 }
567 
568 static void set_extent_mask_and_shift(struct ecryptfs_crypt_stat *crypt_stat)
569 {
570 	int extent_size_tmp;
571 
572 	crypt_stat->extent_mask = 0xFFFFFFFF;
573 	crypt_stat->extent_shift = 0;
574 	if (crypt_stat->extent_size == 0)
575 		return;
576 	extent_size_tmp = crypt_stat->extent_size;
577 	while ((extent_size_tmp & 0x01) == 0) {
578 		extent_size_tmp >>= 1;
579 		crypt_stat->extent_mask <<= 1;
580 		crypt_stat->extent_shift++;
581 	}
582 }
583 
584 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
585 {
586 	/* Default values; may be overwritten as we are parsing the
587 	 * packets. */
588 	crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
589 	set_extent_mask_and_shift(crypt_stat);
590 	crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
591 	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
592 		crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
593 	else {
594 		if (PAGE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
595 			crypt_stat->metadata_size =
596 				ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
597 		else
598 			crypt_stat->metadata_size = PAGE_SIZE;
599 	}
600 }
601 
602 /*
603  * ecryptfs_compute_root_iv
604  *
605  * On error, sets the root IV to all 0's.
606  */
607 int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
608 {
609 	int rc = 0;
610 	char dst[MD5_DIGEST_SIZE];
611 
612 	BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
613 	BUG_ON(crypt_stat->iv_bytes <= 0);
614 	if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
615 		rc = -EINVAL;
616 		ecryptfs_printk(KERN_WARNING, "Session key not valid; "
617 				"cannot generate root IV\n");
618 		goto out;
619 	}
620 	rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key,
621 				    crypt_stat->key_size);
622 	if (rc) {
623 		ecryptfs_printk(KERN_WARNING, "Error attempting to compute "
624 				"MD5 while generating root IV\n");
625 		goto out;
626 	}
627 	memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
628 out:
629 	if (rc) {
630 		memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
631 		crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
632 	}
633 	return rc;
634 }
635 
636 static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
637 {
638 	get_random_bytes(crypt_stat->key, crypt_stat->key_size);
639 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
640 	ecryptfs_compute_root_iv(crypt_stat);
641 	if (unlikely(ecryptfs_verbosity > 0)) {
642 		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
643 		ecryptfs_dump_hex(crypt_stat->key,
644 				  crypt_stat->key_size);
645 	}
646 }
647 
648 /**
649  * ecryptfs_copy_mount_wide_flags_to_inode_flags
650  * @crypt_stat: The inode's cryptographic context
651  * @mount_crypt_stat: The mount point's cryptographic context
652  *
653  * This function propagates the mount-wide flags to individual inode
654  * flags.
655  */
656 static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
657 	struct ecryptfs_crypt_stat *crypt_stat,
658 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
659 {
660 	if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
661 		crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
662 	if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
663 		crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;
664 	if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
665 		crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES;
666 		if (mount_crypt_stat->flags
667 		    & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
668 			crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
669 		else if (mount_crypt_stat->flags
670 			 & ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
671 			crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK;
672 	}
673 }
674 
675 static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
676 	struct ecryptfs_crypt_stat *crypt_stat,
677 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
678 {
679 	struct ecryptfs_global_auth_tok *global_auth_tok;
680 	int rc = 0;
681 
682 	mutex_lock(&crypt_stat->keysig_list_mutex);
683 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
684 
685 	list_for_each_entry(global_auth_tok,
686 			    &mount_crypt_stat->global_auth_tok_list,
687 			    mount_crypt_stat_list) {
688 		if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
689 			continue;
690 		rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
691 		if (rc) {
692 			printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
693 			goto out;
694 		}
695 	}
696 
697 out:
698 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
699 	mutex_unlock(&crypt_stat->keysig_list_mutex);
700 	return rc;
701 }
702 
703 /**
704  * ecryptfs_set_default_crypt_stat_vals
705  * @crypt_stat: The inode's cryptographic context
706  * @mount_crypt_stat: The mount point's cryptographic context
707  *
708  * Default values in the event that policy does not override them.
709  */
710 static void ecryptfs_set_default_crypt_stat_vals(
711 	struct ecryptfs_crypt_stat *crypt_stat,
712 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
713 {
714 	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
715 						      mount_crypt_stat);
716 	ecryptfs_set_default_sizes(crypt_stat);
717 	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
718 	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
719 	crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
720 	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
721 	crypt_stat->mount_crypt_stat = mount_crypt_stat;
722 }
723 
724 /**
725  * ecryptfs_new_file_context
726  * @ecryptfs_inode: The eCryptfs inode
727  *
728  * If the crypto context for the file has not yet been established,
729  * this is where we do that.  Establishing a new crypto context
730  * involves the following decisions:
731  *  - What cipher to use?
732  *  - What set of authentication tokens to use?
733  * Here we just worry about getting enough information into the
734  * authentication tokens so that we know that they are available.
735  * We associate the available authentication tokens with the new file
736  * via the set of signatures in the crypt_stat struct.  Later, when
737  * the headers are actually written out, we may again defer to
738  * userspace to perform the encryption of the session key; for the
739  * foreseeable future, this will be the case with public key packets.
740  *
741  * Returns zero on success; non-zero otherwise
742  */
743 int ecryptfs_new_file_context(struct inode *ecryptfs_inode)
744 {
745 	struct ecryptfs_crypt_stat *crypt_stat =
746 	    &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
747 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
748 	    &ecryptfs_superblock_to_private(
749 		    ecryptfs_inode->i_sb)->mount_crypt_stat;
750 	int cipher_name_len;
751 	int rc = 0;
752 
753 	ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
754 	crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID);
755 	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
756 						      mount_crypt_stat);
757 	rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat,
758 							 mount_crypt_stat);
759 	if (rc) {
760 		printk(KERN_ERR "Error attempting to copy mount-wide key sigs "
761 		       "to the inode key sigs; rc = [%d]\n", rc);
762 		goto out;
763 	}
764 	cipher_name_len =
765 		strlen(mount_crypt_stat->global_default_cipher_name);
766 	memcpy(crypt_stat->cipher,
767 	       mount_crypt_stat->global_default_cipher_name,
768 	       cipher_name_len);
769 	crypt_stat->cipher[cipher_name_len] = '\0';
770 	crypt_stat->key_size =
771 		mount_crypt_stat->global_default_cipher_key_size;
772 	ecryptfs_generate_new_key(crypt_stat);
773 	rc = ecryptfs_init_crypt_ctx(crypt_stat);
774 	if (rc)
775 		ecryptfs_printk(KERN_ERR, "Error initializing cryptographic "
776 				"context for cipher [%s]: rc = [%d]\n",
777 				crypt_stat->cipher, rc);
778 out:
779 	return rc;
780 }
781 
782 /**
783  * ecryptfs_validate_marker - check for the ecryptfs marker
784  * @data: The data block in which to check
785  *
786  * Returns zero if marker found; -EINVAL if not found
787  */
788 static int ecryptfs_validate_marker(char *data)
789 {
790 	u32 m_1, m_2;
791 
792 	m_1 = get_unaligned_be32(data);
793 	m_2 = get_unaligned_be32(data + 4);
794 	if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
795 		return 0;
796 	ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
797 			"MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
798 			MAGIC_ECRYPTFS_MARKER);
799 	ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
800 			"[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
801 	return -EINVAL;
802 }
803 
804 struct ecryptfs_flag_map_elem {
805 	u32 file_flag;
806 	u32 local_flag;
807 };
808 
809 /* Add support for additional flags by adding elements here. */
810 static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
811 	{0x00000001, ECRYPTFS_ENABLE_HMAC},
812 	{0x00000002, ECRYPTFS_ENCRYPTED},
813 	{0x00000004, ECRYPTFS_METADATA_IN_XATTR},
814 	{0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
815 };
816 
817 /**
818  * ecryptfs_process_flags
819  * @crypt_stat: The cryptographic context
820  * @page_virt: Source data to be parsed
821  * @bytes_read: Updated with the number of bytes read
822  */
823 static void ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
824 				  char *page_virt, int *bytes_read)
825 {
826 	int i;
827 	u32 flags;
828 
829 	flags = get_unaligned_be32(page_virt);
830 	for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
831 		if (flags & ecryptfs_flag_map[i].file_flag) {
832 			crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
833 		} else
834 			crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
835 	/* Version is in top 8 bits of the 32-bit flag vector */
836 	crypt_stat->file_version = ((flags >> 24) & 0xFF);
837 	(*bytes_read) = 4;
838 }
839 
840 /**
841  * write_ecryptfs_marker
842  * @page_virt: The pointer to in a page to begin writing the marker
843  * @written: Number of bytes written
844  *
845  * Marker = 0x3c81b7f5
846  */
847 static void write_ecryptfs_marker(char *page_virt, size_t *written)
848 {
849 	u32 m_1, m_2;
850 
851 	get_random_bytes(&m_1, (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2));
852 	m_2 = (m_1 ^ MAGIC_ECRYPTFS_MARKER);
853 	put_unaligned_be32(m_1, page_virt);
854 	page_virt += (MAGIC_ECRYPTFS_MARKER_SIZE_BYTES / 2);
855 	put_unaligned_be32(m_2, page_virt);
856 	(*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
857 }
858 
859 void ecryptfs_write_crypt_stat_flags(char *page_virt,
860 				     struct ecryptfs_crypt_stat *crypt_stat,
861 				     size_t *written)
862 {
863 	u32 flags = 0;
864 	int i;
865 
866 	for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
867 		if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
868 			flags |= ecryptfs_flag_map[i].file_flag;
869 	/* Version is in top 8 bits of the 32-bit flag vector */
870 	flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
871 	put_unaligned_be32(flags, page_virt);
872 	(*written) = 4;
873 }
874 
875 struct ecryptfs_cipher_code_str_map_elem {
876 	char cipher_str[16];
877 	u8 cipher_code;
878 };
879 
880 /* Add support for additional ciphers by adding elements here. The
881  * cipher_code is whatever OpenPGP applications use to identify the
882  * ciphers. List in order of probability. */
883 static struct ecryptfs_cipher_code_str_map_elem
884 ecryptfs_cipher_code_str_map[] = {
885 	{"aes",RFC2440_CIPHER_AES_128 },
886 	{"blowfish", RFC2440_CIPHER_BLOWFISH},
887 	{"des3_ede", RFC2440_CIPHER_DES3_EDE},
888 	{"cast5", RFC2440_CIPHER_CAST_5},
889 	{"twofish", RFC2440_CIPHER_TWOFISH},
890 	{"cast6", RFC2440_CIPHER_CAST_6},
891 	{"aes", RFC2440_CIPHER_AES_192},
892 	{"aes", RFC2440_CIPHER_AES_256}
893 };
894 
895 /**
896  * ecryptfs_code_for_cipher_string
897  * @cipher_name: The string alias for the cipher
898  * @key_bytes: Length of key in bytes; used for AES code selection
899  *
900  * Returns zero on no match, or the cipher code on match
901  */
902 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
903 {
904 	int i;
905 	u8 code = 0;
906 	struct ecryptfs_cipher_code_str_map_elem *map =
907 		ecryptfs_cipher_code_str_map;
908 
909 	if (strcmp(cipher_name, "aes") == 0) {
910 		switch (key_bytes) {
911 		case 16:
912 			code = RFC2440_CIPHER_AES_128;
913 			break;
914 		case 24:
915 			code = RFC2440_CIPHER_AES_192;
916 			break;
917 		case 32:
918 			code = RFC2440_CIPHER_AES_256;
919 		}
920 	} else {
921 		for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
922 			if (strcmp(cipher_name, map[i].cipher_str) == 0) {
923 				code = map[i].cipher_code;
924 				break;
925 			}
926 	}
927 	return code;
928 }
929 
930 /**
931  * ecryptfs_cipher_code_to_string
932  * @str: Destination to write out the cipher name
933  * @cipher_code: The code to convert to cipher name string
934  *
935  * Returns zero on success
936  */
937 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
938 {
939 	int rc = 0;
940 	int i;
941 
942 	str[0] = '\0';
943 	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
944 		if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
945 			strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
946 	if (str[0] == '\0') {
947 		ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
948 				"[%d]\n", cipher_code);
949 		rc = -EINVAL;
950 	}
951 	return rc;
952 }
953 
954 int ecryptfs_read_and_validate_header_region(struct inode *inode)
955 {
956 	u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
957 	u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
958 	int rc;
959 
960 	rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
961 				 inode);
962 	if (rc < 0)
963 		return rc;
964 	else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
965 		return -EINVAL;
966 	rc = ecryptfs_validate_marker(marker);
967 	if (!rc)
968 		ecryptfs_i_size_init(file_size, inode);
969 	return rc;
970 }
971 
972 void
973 ecryptfs_write_header_metadata(char *virt,
974 			       struct ecryptfs_crypt_stat *crypt_stat,
975 			       size_t *written)
976 {
977 	u32 header_extent_size;
978 	u16 num_header_extents_at_front;
979 
980 	header_extent_size = (u32)crypt_stat->extent_size;
981 	num_header_extents_at_front =
982 		(u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
983 	put_unaligned_be32(header_extent_size, virt);
984 	virt += 4;
985 	put_unaligned_be16(num_header_extents_at_front, virt);
986 	(*written) = 6;
987 }
988 
989 struct kmem_cache *ecryptfs_header_cache;
990 
991 /**
992  * ecryptfs_write_headers_virt
993  * @page_virt: The virtual address to write the headers to
994  * @max: The size of memory allocated at page_virt
995  * @size: Set to the number of bytes written by this function
996  * @crypt_stat: The cryptographic context
997  * @ecryptfs_dentry: The eCryptfs dentry
998  *
999  * Format version: 1
1000  *
1001  *   Header Extent:
1002  *     Octets 0-7:        Unencrypted file size (big-endian)
1003  *     Octets 8-15:       eCryptfs special marker
1004  *     Octets 16-19:      Flags
1005  *      Octet 16:         File format version number (between 0 and 255)
1006  *      Octets 17-18:     Reserved
1007  *      Octet 19:         Bit 1 (lsb): Reserved
1008  *                        Bit 2: Encrypted?
1009  *                        Bits 3-8: Reserved
1010  *     Octets 20-23:      Header extent size (big-endian)
1011  *     Octets 24-25:      Number of header extents at front of file
1012  *                        (big-endian)
1013  *     Octet  26:         Begin RFC 2440 authentication token packet set
1014  *   Data Extent 0:
1015  *     Lower data (CBC encrypted)
1016  *   Data Extent 1:
1017  *     Lower data (CBC encrypted)
1018  *   ...
1019  *
1020  * Returns zero on success
1021  */
1022 static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
1023 				       size_t *size,
1024 				       struct ecryptfs_crypt_stat *crypt_stat,
1025 				       struct dentry *ecryptfs_dentry)
1026 {
1027 	int rc;
1028 	size_t written;
1029 	size_t offset;
1030 
1031 	offset = ECRYPTFS_FILE_SIZE_BYTES;
1032 	write_ecryptfs_marker((page_virt + offset), &written);
1033 	offset += written;
1034 	ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
1035 					&written);
1036 	offset += written;
1037 	ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
1038 				       &written);
1039 	offset += written;
1040 	rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
1041 					      ecryptfs_dentry, &written,
1042 					      max - offset);
1043 	if (rc)
1044 		ecryptfs_printk(KERN_WARNING, "Error generating key packet "
1045 				"set; rc = [%d]\n", rc);
1046 	if (size) {
1047 		offset += written;
1048 		*size = offset;
1049 	}
1050 	return rc;
1051 }
1052 
1053 static int
1054 ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode,
1055 				    char *virt, size_t virt_len)
1056 {
1057 	int rc;
1058 
1059 	rc = ecryptfs_write_lower(ecryptfs_inode, virt,
1060 				  0, virt_len);
1061 	if (rc < 0)
1062 		printk(KERN_ERR "%s: Error attempting to write header "
1063 		       "information to lower file; rc = [%d]\n", __func__, rc);
1064 	else
1065 		rc = 0;
1066 	return rc;
1067 }
1068 
1069 static int
1070 ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1071 				 struct inode *ecryptfs_inode,
1072 				 char *page_virt, size_t size)
1073 {
1074 	int rc;
1075 	struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
1076 	struct inode *lower_inode = d_inode(lower_dentry);
1077 
1078 	if (!(lower_inode->i_opflags & IOP_XATTR)) {
1079 		rc = -EOPNOTSUPP;
1080 		goto out;
1081 	}
1082 
1083 	inode_lock(lower_inode);
1084 	rc = __vfs_setxattr(&nop_mnt_idmap, lower_dentry, lower_inode,
1085 			    ECRYPTFS_XATTR_NAME, page_virt, size, 0);
1086 	if (!rc && ecryptfs_inode)
1087 		fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
1088 	inode_unlock(lower_inode);
1089 out:
1090 	return rc;
1091 }
1092 
1093 static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
1094 					       unsigned int order)
1095 {
1096 	struct page *page;
1097 
1098 	page = alloc_pages(gfp_mask | __GFP_ZERO, order);
1099 	if (page)
1100 		return (unsigned long) page_address(page);
1101 	return 0;
1102 }
1103 
1104 /**
1105  * ecryptfs_write_metadata
1106  * @ecryptfs_dentry: The eCryptfs dentry, which should be negative
1107  * @ecryptfs_inode: The newly created eCryptfs inode
1108  *
1109  * Write the file headers out.  This will likely involve a userspace
1110  * callout, in which the session key is encrypted with one or more
1111  * public keys and/or the passphrase necessary to do the encryption is
1112  * retrieved via a prompt.  Exactly what happens at this point should
1113  * be policy-dependent.
1114  *
1115  * Returns zero on success; non-zero on error
1116  */
1117 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
1118 			    struct inode *ecryptfs_inode)
1119 {
1120 	struct ecryptfs_crypt_stat *crypt_stat =
1121 		&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1122 	unsigned int order;
1123 	char *virt;
1124 	size_t virt_len;
1125 	size_t size = 0;
1126 	int rc = 0;
1127 
1128 	if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
1129 		if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
1130 			printk(KERN_ERR "Key is invalid; bailing out\n");
1131 			rc = -EINVAL;
1132 			goto out;
1133 		}
1134 	} else {
1135 		printk(KERN_WARNING "%s: Encrypted flag not set\n",
1136 		       __func__);
1137 		rc = -EINVAL;
1138 		goto out;
1139 	}
1140 	virt_len = crypt_stat->metadata_size;
1141 	order = get_order(virt_len);
1142 	/* Released in this function */
1143 	virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
1144 	if (!virt) {
1145 		printk(KERN_ERR "%s: Out of memory\n", __func__);
1146 		rc = -ENOMEM;
1147 		goto out;
1148 	}
1149 	/* Zeroed page ensures the in-header unencrypted i_size is set to 0 */
1150 	rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
1151 					 ecryptfs_dentry);
1152 	if (unlikely(rc)) {
1153 		printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
1154 		       __func__, rc);
1155 		goto out_free;
1156 	}
1157 	if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1158 		rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, ecryptfs_inode,
1159 						      virt, size);
1160 	else
1161 		rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt,
1162 							 virt_len);
1163 	if (rc) {
1164 		printk(KERN_ERR "%s: Error writing metadata out to lower file; "
1165 		       "rc = [%d]\n", __func__, rc);
1166 		goto out_free;
1167 	}
1168 out_free:
1169 	free_pages((unsigned long)virt, order);
1170 out:
1171 	return rc;
1172 }
1173 
1174 #define ECRYPTFS_DONT_VALIDATE_HEADER_SIZE 0
1175 #define ECRYPTFS_VALIDATE_HEADER_SIZE 1
1176 static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
1177 				 char *virt, int *bytes_read,
1178 				 int validate_header_size)
1179 {
1180 	int rc = 0;
1181 	u32 header_extent_size;
1182 	u16 num_header_extents_at_front;
1183 
1184 	header_extent_size = get_unaligned_be32(virt);
1185 	virt += sizeof(__be32);
1186 	num_header_extents_at_front = get_unaligned_be16(virt);
1187 	crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
1188 				     * (size_t)header_extent_size));
1189 	(*bytes_read) = (sizeof(__be32) + sizeof(__be16));
1190 	if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
1191 	    && (crypt_stat->metadata_size
1192 		< ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
1193 		rc = -EINVAL;
1194 		printk(KERN_WARNING "Invalid header size: [%zd]\n",
1195 		       crypt_stat->metadata_size);
1196 	}
1197 	return rc;
1198 }
1199 
1200 /**
1201  * set_default_header_data
1202  * @crypt_stat: The cryptographic context
1203  *
1204  * For version 0 file format; this function is only for backwards
1205  * compatibility for files created with the prior versions of
1206  * eCryptfs.
1207  */
1208 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
1209 {
1210 	crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
1211 }
1212 
1213 void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
1214 {
1215 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1216 	struct ecryptfs_crypt_stat *crypt_stat;
1217 	u64 file_size;
1218 
1219 	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
1220 	mount_crypt_stat =
1221 		&ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
1222 	if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
1223 		file_size = i_size_read(ecryptfs_inode_to_lower(inode));
1224 		if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1225 			file_size += crypt_stat->metadata_size;
1226 	} else
1227 		file_size = get_unaligned_be64(page_virt);
1228 	i_size_write(inode, (loff_t)file_size);
1229 	crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
1230 }
1231 
1232 /**
1233  * ecryptfs_read_headers_virt
1234  * @page_virt: The virtual address into which to read the headers
1235  * @crypt_stat: The cryptographic context
1236  * @ecryptfs_dentry: The eCryptfs dentry
1237  * @validate_header_size: Whether to validate the header size while reading
1238  *
1239  * Read/parse the header data. The header format is detailed in the
1240  * comment block for the ecryptfs_write_headers_virt() function.
1241  *
1242  * Returns zero on success
1243  */
1244 static int ecryptfs_read_headers_virt(char *page_virt,
1245 				      struct ecryptfs_crypt_stat *crypt_stat,
1246 				      struct dentry *ecryptfs_dentry,
1247 				      int validate_header_size)
1248 {
1249 	int rc = 0;
1250 	int offset;
1251 	int bytes_read;
1252 
1253 	ecryptfs_set_default_sizes(crypt_stat);
1254 	crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
1255 		ecryptfs_dentry->d_sb)->mount_crypt_stat;
1256 	offset = ECRYPTFS_FILE_SIZE_BYTES;
1257 	rc = ecryptfs_validate_marker(page_virt + offset);
1258 	if (rc)
1259 		goto out;
1260 	if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
1261 		ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry));
1262 	offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
1263 	ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read);
1264 	if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
1265 		ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
1266 				"file version [%d] is supported by this "
1267 				"version of eCryptfs\n",
1268 				crypt_stat->file_version,
1269 				ECRYPTFS_SUPPORTED_FILE_VERSION);
1270 		rc = -EINVAL;
1271 		goto out;
1272 	}
1273 	offset += bytes_read;
1274 	if (crypt_stat->file_version >= 1) {
1275 		rc = parse_header_metadata(crypt_stat, (page_virt + offset),
1276 					   &bytes_read, validate_header_size);
1277 		if (rc) {
1278 			ecryptfs_printk(KERN_WARNING, "Error reading header "
1279 					"metadata; rc = [%d]\n", rc);
1280 		}
1281 		offset += bytes_read;
1282 	} else
1283 		set_default_header_data(crypt_stat);
1284 	rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset),
1285 				       ecryptfs_dentry);
1286 out:
1287 	return rc;
1288 }
1289 
1290 /**
1291  * ecryptfs_read_xattr_region
1292  * @page_virt: The vitual address into which to read the xattr data
1293  * @ecryptfs_inode: The eCryptfs inode
1294  *
1295  * Attempts to read the crypto metadata from the extended attribute
1296  * region of the lower file.
1297  *
1298  * Returns zero on success; non-zero on error
1299  */
1300 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
1301 {
1302 	struct dentry *lower_dentry =
1303 		ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_path.dentry;
1304 	ssize_t size;
1305 	int rc = 0;
1306 
1307 	size = ecryptfs_getxattr_lower(lower_dentry,
1308 				       ecryptfs_inode_to_lower(ecryptfs_inode),
1309 				       ECRYPTFS_XATTR_NAME,
1310 				       page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
1311 	if (size < 0) {
1312 		if (unlikely(ecryptfs_verbosity > 0))
1313 			printk(KERN_INFO "Error attempting to read the [%s] "
1314 			       "xattr from the lower file; return value = "
1315 			       "[%zd]\n", ECRYPTFS_XATTR_NAME, size);
1316 		rc = -EINVAL;
1317 		goto out;
1318 	}
1319 out:
1320 	return rc;
1321 }
1322 
1323 int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
1324 					    struct inode *inode)
1325 {
1326 	u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
1327 	u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
1328 	int rc;
1329 
1330 	rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
1331 				     ecryptfs_inode_to_lower(inode),
1332 				     ECRYPTFS_XATTR_NAME, file_size,
1333 				     ECRYPTFS_SIZE_AND_MARKER_BYTES);
1334 	if (rc < 0)
1335 		return rc;
1336 	else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
1337 		return -EINVAL;
1338 	rc = ecryptfs_validate_marker(marker);
1339 	if (!rc)
1340 		ecryptfs_i_size_init(file_size, inode);
1341 	return rc;
1342 }
1343 
1344 /*
1345  * ecryptfs_read_metadata
1346  *
1347  * Common entry point for reading file metadata. From here, we could
1348  * retrieve the header information from the header region of the file,
1349  * the xattr region of the file, or some other repository that is
1350  * stored separately from the file itself. The current implementation
1351  * supports retrieving the metadata information from the file contents
1352  * and from the xattr region.
1353  *
1354  * Returns zero if valid headers found and parsed; non-zero otherwise
1355  */
1356 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
1357 {
1358 	int rc;
1359 	char *page_virt;
1360 	struct inode *ecryptfs_inode = d_inode(ecryptfs_dentry);
1361 	struct ecryptfs_crypt_stat *crypt_stat =
1362 	    &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1363 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1364 		&ecryptfs_superblock_to_private(
1365 			ecryptfs_dentry->d_sb)->mount_crypt_stat;
1366 
1367 	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
1368 						      mount_crypt_stat);
1369 	/* Read the first page from the underlying file */
1370 	page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
1371 	if (!page_virt) {
1372 		rc = -ENOMEM;
1373 		goto out;
1374 	}
1375 	rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
1376 				 ecryptfs_inode);
1377 	if (rc >= 0)
1378 		rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1379 						ecryptfs_dentry,
1380 						ECRYPTFS_VALIDATE_HEADER_SIZE);
1381 	if (rc) {
1382 		/* metadata is not in the file header, so try xattrs */
1383 		memset(page_virt, 0, PAGE_SIZE);
1384 		rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
1385 		if (rc) {
1386 			printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1387 			       "file header region or xattr region, inode %lu\n",
1388 				ecryptfs_inode->i_ino);
1389 			rc = -EINVAL;
1390 			goto out;
1391 		}
1392 		rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1393 						ecryptfs_dentry,
1394 						ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);
1395 		if (rc) {
1396 			printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1397 			       "file xattr region either, inode %lu\n",
1398 				ecryptfs_inode->i_ino);
1399 			rc = -EINVAL;
1400 		}
1401 		if (crypt_stat->mount_crypt_stat->flags
1402 		    & ECRYPTFS_XATTR_METADATA_ENABLED) {
1403 			crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
1404 		} else {
1405 			printk(KERN_WARNING "Attempt to access file with "
1406 			       "crypto metadata only in the extended attribute "
1407 			       "region, but eCryptfs was mounted without "
1408 			       "xattr support enabled. eCryptfs will not treat "
1409 			       "this like an encrypted file, inode %lu\n",
1410 				ecryptfs_inode->i_ino);
1411 			rc = -EINVAL;
1412 		}
1413 	}
1414 out:
1415 	if (page_virt) {
1416 		memset(page_virt, 0, PAGE_SIZE);
1417 		kmem_cache_free(ecryptfs_header_cache, page_virt);
1418 	}
1419 	return rc;
1420 }
1421 
1422 /*
1423  * ecryptfs_encrypt_filename - encrypt filename
1424  *
1425  * CBC-encrypts the filename. We do not want to encrypt the same
1426  * filename with the same key and IV, which may happen with hard
1427  * links, so we prepend random bits to each filename.
1428  *
1429  * Returns zero on success; non-zero otherwise
1430  */
1431 static int
1432 ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
1433 			  struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
1434 {
1435 	int rc = 0;
1436 
1437 	filename->encrypted_filename = NULL;
1438 	filename->encrypted_filename_size = 0;
1439 	if (mount_crypt_stat && (mount_crypt_stat->flags
1440 				     & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
1441 		size_t packet_size;
1442 		size_t remaining_bytes;
1443 
1444 		rc = ecryptfs_write_tag_70_packet(
1445 			NULL, NULL,
1446 			&filename->encrypted_filename_size,
1447 			mount_crypt_stat, NULL,
1448 			filename->filename_size);
1449 		if (rc) {
1450 			printk(KERN_ERR "%s: Error attempting to get packet "
1451 			       "size for tag 72; rc = [%d]\n", __func__,
1452 			       rc);
1453 			filename->encrypted_filename_size = 0;
1454 			goto out;
1455 		}
1456 		filename->encrypted_filename =
1457 			kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
1458 		if (!filename->encrypted_filename) {
1459 			rc = -ENOMEM;
1460 			goto out;
1461 		}
1462 		remaining_bytes = filename->encrypted_filename_size;
1463 		rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename,
1464 						  &remaining_bytes,
1465 						  &packet_size,
1466 						  mount_crypt_stat,
1467 						  filename->filename,
1468 						  filename->filename_size);
1469 		if (rc) {
1470 			printk(KERN_ERR "%s: Error attempting to generate "
1471 			       "tag 70 packet; rc = [%d]\n", __func__,
1472 			       rc);
1473 			kfree(filename->encrypted_filename);
1474 			filename->encrypted_filename = NULL;
1475 			filename->encrypted_filename_size = 0;
1476 			goto out;
1477 		}
1478 		filename->encrypted_filename_size = packet_size;
1479 	} else {
1480 		printk(KERN_ERR "%s: No support for requested filename "
1481 		       "encryption method in this release\n", __func__);
1482 		rc = -EOPNOTSUPP;
1483 		goto out;
1484 	}
1485 out:
1486 	return rc;
1487 }
1488 
1489 static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
1490 				  const char *name, size_t name_size)
1491 {
1492 	int rc = 0;
1493 
1494 	(*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
1495 	if (!(*copied_name)) {
1496 		rc = -ENOMEM;
1497 		goto out;
1498 	}
1499 	memcpy((void *)(*copied_name), (void *)name, name_size);
1500 	(*copied_name)[(name_size)] = '\0';	/* Only for convenience
1501 						 * in printing out the
1502 						 * string in debug
1503 						 * messages */
1504 	(*copied_name_size) = name_size;
1505 out:
1506 	return rc;
1507 }
1508 
1509 /**
1510  * ecryptfs_process_key_cipher - Perform key cipher initialization.
1511  * @key_tfm: Crypto context for key material, set by this function
1512  * @cipher_name: Name of the cipher
1513  * @key_size: Size of the key in bytes
1514  *
1515  * Returns zero on success. Any crypto_tfm structs allocated here
1516  * should be released by other functions, such as on a superblock put
1517  * event, regardless of whether this function succeeds for fails.
1518  */
1519 static int
1520 ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm,
1521 			    char *cipher_name, size_t *key_size)
1522 {
1523 	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1524 	char *full_alg_name = NULL;
1525 	int rc;
1526 
1527 	*key_tfm = NULL;
1528 	if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
1529 		rc = -EINVAL;
1530 		printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
1531 		      "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1532 		goto out;
1533 	}
1534 	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
1535 						    "ecb");
1536 	if (rc)
1537 		goto out;
1538 	*key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1539 	if (IS_ERR(*key_tfm)) {
1540 		rc = PTR_ERR(*key_tfm);
1541 		printk(KERN_ERR "Unable to allocate crypto cipher with name "
1542 		       "[%s]; rc = [%d]\n", full_alg_name, rc);
1543 		goto out;
1544 	}
1545 	crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1546 	if (*key_size == 0)
1547 		*key_size = crypto_skcipher_max_keysize(*key_tfm);
1548 	get_random_bytes(dummy_key, *key_size);
1549 	rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size);
1550 	if (rc) {
1551 		printk(KERN_ERR "Error attempting to set key of size [%zd] for "
1552 		       "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
1553 		       rc);
1554 		rc = -EINVAL;
1555 		goto out;
1556 	}
1557 out:
1558 	kfree(full_alg_name);
1559 	return rc;
1560 }
1561 
1562 struct kmem_cache *ecryptfs_key_tfm_cache;
1563 static struct list_head key_tfm_list;
1564 DEFINE_MUTEX(key_tfm_list_mutex);
1565 
1566 int __init ecryptfs_init_crypto(void)
1567 {
1568 	INIT_LIST_HEAD(&key_tfm_list);
1569 	return 0;
1570 }
1571 
1572 /**
1573  * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
1574  *
1575  * Called only at module unload time
1576  */
1577 int ecryptfs_destroy_crypto(void)
1578 {
1579 	struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;
1580 
1581 	mutex_lock(&key_tfm_list_mutex);
1582 	list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list,
1583 				 key_tfm_list) {
1584 		list_del(&key_tfm->key_tfm_list);
1585 		crypto_free_skcipher(key_tfm->key_tfm);
1586 		kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm);
1587 	}
1588 	mutex_unlock(&key_tfm_list_mutex);
1589 	return 0;
1590 }
1591 
1592 int
1593 ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
1594 			 size_t key_size)
1595 {
1596 	struct ecryptfs_key_tfm *tmp_tfm;
1597 	int rc = 0;
1598 
1599 	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1600 
1601 	tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
1602 	if (key_tfm)
1603 		(*key_tfm) = tmp_tfm;
1604 	if (!tmp_tfm) {
1605 		rc = -ENOMEM;
1606 		goto out;
1607 	}
1608 	mutex_init(&tmp_tfm->key_tfm_mutex);
1609 	strncpy(tmp_tfm->cipher_name, cipher_name,
1610 		ECRYPTFS_MAX_CIPHER_NAME_SIZE);
1611 	tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
1612 	tmp_tfm->key_size = key_size;
1613 	rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
1614 					 tmp_tfm->cipher_name,
1615 					 &tmp_tfm->key_size);
1616 	if (rc) {
1617 		printk(KERN_ERR "Error attempting to initialize key TFM "
1618 		       "cipher with name = [%s]; rc = [%d]\n",
1619 		       tmp_tfm->cipher_name, rc);
1620 		kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
1621 		if (key_tfm)
1622 			(*key_tfm) = NULL;
1623 		goto out;
1624 	}
1625 	list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
1626 out:
1627 	return rc;
1628 }
1629 
1630 /**
1631  * ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
1632  * @cipher_name: the name of the cipher to search for
1633  * @key_tfm: set to corresponding tfm if found
1634  *
1635  * Searches for cached key_tfm matching @cipher_name
1636  * Must be called with &key_tfm_list_mutex held
1637  * Returns 1 if found, with @key_tfm set
1638  * Returns 0 if not found, with @key_tfm set to NULL
1639  */
1640 int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
1641 {
1642 	struct ecryptfs_key_tfm *tmp_key_tfm;
1643 
1644 	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1645 
1646 	list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
1647 		if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
1648 			if (key_tfm)
1649 				(*key_tfm) = tmp_key_tfm;
1650 			return 1;
1651 		}
1652 	}
1653 	if (key_tfm)
1654 		(*key_tfm) = NULL;
1655 	return 0;
1656 }
1657 
1658 /**
1659  * ecryptfs_get_tfm_and_mutex_for_cipher_name
1660  *
1661  * @tfm: set to cached tfm found, or new tfm created
1662  * @tfm_mutex: set to mutex for cached tfm found, or new tfm created
1663  * @cipher_name: the name of the cipher to search for and/or add
1664  *
1665  * Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
1666  * Searches for cached item first, and creates new if not found.
1667  * Returns 0 on success, non-zero if adding new cipher failed
1668  */
1669 int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm,
1670 					       struct mutex **tfm_mutex,
1671 					       char *cipher_name)
1672 {
1673 	struct ecryptfs_key_tfm *key_tfm;
1674 	int rc = 0;
1675 
1676 	(*tfm) = NULL;
1677 	(*tfm_mutex) = NULL;
1678 
1679 	mutex_lock(&key_tfm_list_mutex);
1680 	if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
1681 		rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
1682 		if (rc) {
1683 			printk(KERN_ERR "Error adding new key_tfm to list; "
1684 					"rc = [%d]\n", rc);
1685 			goto out;
1686 		}
1687 	}
1688 	(*tfm) = key_tfm->key_tfm;
1689 	(*tfm_mutex) = &key_tfm->key_tfm_mutex;
1690 out:
1691 	mutex_unlock(&key_tfm_list_mutex);
1692 	return rc;
1693 }
1694 
1695 /* 64 characters forming a 6-bit target field */
1696 static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
1697 						 "EFGHIJKLMNOPQRST"
1698 						 "UVWXYZabcdefghij"
1699 						 "klmnopqrstuvwxyz");
1700 
1701 /* We could either offset on every reverse map or just pad some 0x00's
1702  * at the front here */
1703 static const unsigned char filename_rev_map[256] = {
1704 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
1705 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
1706 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
1707 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
1708 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
1709 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
1710 	0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
1711 	0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
1712 	0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
1713 	0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
1714 	0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
1715 	0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
1716 	0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
1717 	0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
1718 	0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
1719 	0x3D, 0x3E, 0x3F /* 123 - 255 initialized to 0x00 */
1720 };
1721 
1722 /**
1723  * ecryptfs_encode_for_filename
1724  * @dst: Destination location for encoded filename
1725  * @dst_size: Size of the encoded filename in bytes
1726  * @src: Source location for the filename to encode
1727  * @src_size: Size of the source in bytes
1728  */
1729 static void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size,
1730 				  unsigned char *src, size_t src_size)
1731 {
1732 	size_t num_blocks;
1733 	size_t block_num = 0;
1734 	size_t dst_offset = 0;
1735 	unsigned char last_block[3];
1736 
1737 	if (src_size == 0) {
1738 		(*dst_size) = 0;
1739 		goto out;
1740 	}
1741 	num_blocks = (src_size / 3);
1742 	if ((src_size % 3) == 0) {
1743 		memcpy(last_block, (&src[src_size - 3]), 3);
1744 	} else {
1745 		num_blocks++;
1746 		last_block[2] = 0x00;
1747 		switch (src_size % 3) {
1748 		case 1:
1749 			last_block[0] = src[src_size - 1];
1750 			last_block[1] = 0x00;
1751 			break;
1752 		case 2:
1753 			last_block[0] = src[src_size - 2];
1754 			last_block[1] = src[src_size - 1];
1755 		}
1756 	}
1757 	(*dst_size) = (num_blocks * 4);
1758 	if (!dst)
1759 		goto out;
1760 	while (block_num < num_blocks) {
1761 		unsigned char *src_block;
1762 		unsigned char dst_block[4];
1763 
1764 		if (block_num == (num_blocks - 1))
1765 			src_block = last_block;
1766 		else
1767 			src_block = &src[block_num * 3];
1768 		dst_block[0] = ((src_block[0] >> 2) & 0x3F);
1769 		dst_block[1] = (((src_block[0] << 4) & 0x30)
1770 				| ((src_block[1] >> 4) & 0x0F));
1771 		dst_block[2] = (((src_block[1] << 2) & 0x3C)
1772 				| ((src_block[2] >> 6) & 0x03));
1773 		dst_block[3] = (src_block[2] & 0x3F);
1774 		dst[dst_offset++] = portable_filename_chars[dst_block[0]];
1775 		dst[dst_offset++] = portable_filename_chars[dst_block[1]];
1776 		dst[dst_offset++] = portable_filename_chars[dst_block[2]];
1777 		dst[dst_offset++] = portable_filename_chars[dst_block[3]];
1778 		block_num++;
1779 	}
1780 out:
1781 	return;
1782 }
1783 
1784 static size_t ecryptfs_max_decoded_size(size_t encoded_size)
1785 {
1786 	/* Not exact; conservatively long. Every block of 4
1787 	 * encoded characters decodes into a block of 3
1788 	 * decoded characters. This segment of code provides
1789 	 * the caller with the maximum amount of allocated
1790 	 * space that @dst will need to point to in a
1791 	 * subsequent call. */
1792 	return ((encoded_size + 1) * 3) / 4;
1793 }
1794 
1795 /**
1796  * ecryptfs_decode_from_filename
1797  * @dst: If NULL, this function only sets @dst_size and returns. If
1798  *       non-NULL, this function decodes the encoded octets in @src
1799  *       into the memory that @dst points to.
1800  * @dst_size: Set to the size of the decoded string.
1801  * @src: The encoded set of octets to decode.
1802  * @src_size: The size of the encoded set of octets to decode.
1803  */
1804 static void
1805 ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
1806 			      const unsigned char *src, size_t src_size)
1807 {
1808 	u8 current_bit_offset = 0;
1809 	size_t src_byte_offset = 0;
1810 	size_t dst_byte_offset = 0;
1811 
1812 	if (!dst) {
1813 		(*dst_size) = ecryptfs_max_decoded_size(src_size);
1814 		goto out;
1815 	}
1816 	while (src_byte_offset < src_size) {
1817 		unsigned char src_byte =
1818 				filename_rev_map[(int)src[src_byte_offset]];
1819 
1820 		switch (current_bit_offset) {
1821 		case 0:
1822 			dst[dst_byte_offset] = (src_byte << 2);
1823 			current_bit_offset = 6;
1824 			break;
1825 		case 6:
1826 			dst[dst_byte_offset++] |= (src_byte >> 4);
1827 			dst[dst_byte_offset] = ((src_byte & 0xF)
1828 						 << 4);
1829 			current_bit_offset = 4;
1830 			break;
1831 		case 4:
1832 			dst[dst_byte_offset++] |= (src_byte >> 2);
1833 			dst[dst_byte_offset] = (src_byte << 6);
1834 			current_bit_offset = 2;
1835 			break;
1836 		case 2:
1837 			dst[dst_byte_offset++] |= (src_byte);
1838 			current_bit_offset = 0;
1839 			break;
1840 		}
1841 		src_byte_offset++;
1842 	}
1843 	(*dst_size) = dst_byte_offset;
1844 out:
1845 	return;
1846 }
1847 
1848 /**
1849  * ecryptfs_encrypt_and_encode_filename - converts a plaintext file name to cipher text
1850  * @encoded_name: The encrypted name
1851  * @encoded_name_size: Length of the encrypted name
1852  * @mount_crypt_stat: The crypt_stat struct associated with the file name to encode
1853  * @name: The plaintext name
1854  * @name_size: The length of the plaintext name
1855  *
1856  * Encrypts and encodes a filename into something that constitutes a
1857  * valid filename for a filesystem, with printable characters.
1858  *
1859  * We assume that we have a properly initialized crypto context,
1860  * pointed to by crypt_stat->tfm.
1861  *
1862  * Returns zero on success; non-zero on otherwise
1863  */
1864 int ecryptfs_encrypt_and_encode_filename(
1865 	char **encoded_name,
1866 	size_t *encoded_name_size,
1867 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
1868 	const char *name, size_t name_size)
1869 {
1870 	size_t encoded_name_no_prefix_size;
1871 	int rc = 0;
1872 
1873 	(*encoded_name) = NULL;
1874 	(*encoded_name_size) = 0;
1875 	if (mount_crypt_stat && (mount_crypt_stat->flags
1876 				     & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
1877 		struct ecryptfs_filename *filename;
1878 
1879 		filename = kzalloc(sizeof(*filename), GFP_KERNEL);
1880 		if (!filename) {
1881 			rc = -ENOMEM;
1882 			goto out;
1883 		}
1884 		filename->filename = (char *)name;
1885 		filename->filename_size = name_size;
1886 		rc = ecryptfs_encrypt_filename(filename, mount_crypt_stat);
1887 		if (rc) {
1888 			printk(KERN_ERR "%s: Error attempting to encrypt "
1889 			       "filename; rc = [%d]\n", __func__, rc);
1890 			kfree(filename);
1891 			goto out;
1892 		}
1893 		ecryptfs_encode_for_filename(
1894 			NULL, &encoded_name_no_prefix_size,
1895 			filename->encrypted_filename,
1896 			filename->encrypted_filename_size);
1897 		if (mount_crypt_stat
1898 			&& (mount_crypt_stat->flags
1899 			    & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))
1900 			(*encoded_name_size) =
1901 				(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1902 				 + encoded_name_no_prefix_size);
1903 		else
1904 			(*encoded_name_size) =
1905 				(ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1906 				 + encoded_name_no_prefix_size);
1907 		(*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
1908 		if (!(*encoded_name)) {
1909 			rc = -ENOMEM;
1910 			kfree(filename->encrypted_filename);
1911 			kfree(filename);
1912 			goto out;
1913 		}
1914 		if (mount_crypt_stat
1915 			&& (mount_crypt_stat->flags
1916 			    & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) {
1917 			memcpy((*encoded_name),
1918 			       ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
1919 			       ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE);
1920 			ecryptfs_encode_for_filename(
1921 			    ((*encoded_name)
1922 			     + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE),
1923 			    &encoded_name_no_prefix_size,
1924 			    filename->encrypted_filename,
1925 			    filename->encrypted_filename_size);
1926 			(*encoded_name_size) =
1927 				(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
1928 				 + encoded_name_no_prefix_size);
1929 			(*encoded_name)[(*encoded_name_size)] = '\0';
1930 		} else {
1931 			rc = -EOPNOTSUPP;
1932 		}
1933 		if (rc) {
1934 			printk(KERN_ERR "%s: Error attempting to encode "
1935 			       "encrypted filename; rc = [%d]\n", __func__,
1936 			       rc);
1937 			kfree((*encoded_name));
1938 			(*encoded_name) = NULL;
1939 			(*encoded_name_size) = 0;
1940 		}
1941 		kfree(filename->encrypted_filename);
1942 		kfree(filename);
1943 	} else {
1944 		rc = ecryptfs_copy_filename(encoded_name,
1945 					    encoded_name_size,
1946 					    name, name_size);
1947 	}
1948 out:
1949 	return rc;
1950 }
1951 
1952 static bool is_dot_dotdot(const char *name, size_t name_size)
1953 {
1954 	if (name_size == 1 && name[0] == '.')
1955 		return true;
1956 	else if (name_size == 2 && name[0] == '.' && name[1] == '.')
1957 		return true;
1958 
1959 	return false;
1960 }
1961 
1962 /**
1963  * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
1964  * @plaintext_name: The plaintext name
1965  * @plaintext_name_size: The plaintext name size
1966  * @sb: Ecryptfs's super_block
1967  * @name: The filename in cipher text
1968  * @name_size: The cipher text name size
1969  *
1970  * Decrypts and decodes the filename.
1971  *
1972  * Returns zero on error; non-zero otherwise
1973  */
1974 int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
1975 					 size_t *plaintext_name_size,
1976 					 struct super_block *sb,
1977 					 const char *name, size_t name_size)
1978 {
1979 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1980 		&ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
1981 	char *decoded_name;
1982 	size_t decoded_name_size;
1983 	size_t packet_size;
1984 	int rc = 0;
1985 
1986 	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) &&
1987 	    !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)) {
1988 		if (is_dot_dotdot(name, name_size)) {
1989 			rc = ecryptfs_copy_filename(plaintext_name,
1990 						    plaintext_name_size,
1991 						    name, name_size);
1992 			goto out;
1993 		}
1994 
1995 		if (name_size <= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE ||
1996 		    strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
1997 			    ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)) {
1998 			rc = -EINVAL;
1999 			goto out;
2000 		}
2001 
2002 		name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2003 		name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2004 		ecryptfs_decode_from_filename(NULL, &decoded_name_size,
2005 					      name, name_size);
2006 		decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
2007 		if (!decoded_name) {
2008 			rc = -ENOMEM;
2009 			goto out;
2010 		}
2011 		ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
2012 					      name, name_size);
2013 		rc = ecryptfs_parse_tag_70_packet(plaintext_name,
2014 						  plaintext_name_size,
2015 						  &packet_size,
2016 						  mount_crypt_stat,
2017 						  decoded_name,
2018 						  decoded_name_size);
2019 		if (rc) {
2020 			ecryptfs_printk(KERN_DEBUG,
2021 					"%s: Could not parse tag 70 packet from filename\n",
2022 					__func__);
2023 			goto out_free;
2024 		}
2025 	} else {
2026 		rc = ecryptfs_copy_filename(plaintext_name,
2027 					    plaintext_name_size,
2028 					    name, name_size);
2029 		goto out;
2030 	}
2031 out_free:
2032 	kfree(decoded_name);
2033 out:
2034 	return rc;
2035 }
2036 
2037 #define ENC_NAME_MAX_BLOCKLEN_8_OR_16	143
2038 
2039 int ecryptfs_set_f_namelen(long *namelen, long lower_namelen,
2040 			   struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
2041 {
2042 	struct crypto_skcipher *tfm;
2043 	struct mutex *tfm_mutex;
2044 	size_t cipher_blocksize;
2045 	int rc;
2046 
2047 	if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
2048 		(*namelen) = lower_namelen;
2049 		return 0;
2050 	}
2051 
2052 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2053 			mount_crypt_stat->global_default_fn_cipher_name);
2054 	if (unlikely(rc)) {
2055 		(*namelen) = 0;
2056 		return rc;
2057 	}
2058 
2059 	mutex_lock(tfm_mutex);
2060 	cipher_blocksize = crypto_skcipher_blocksize(tfm);
2061 	mutex_unlock(tfm_mutex);
2062 
2063 	/* Return an exact amount for the common cases */
2064 	if (lower_namelen == NAME_MAX
2065 	    && (cipher_blocksize == 8 || cipher_blocksize == 16)) {
2066 		(*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16;
2067 		return 0;
2068 	}
2069 
2070 	/* Return a safe estimate for the uncommon cases */
2071 	(*namelen) = lower_namelen;
2072 	(*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
2073 	/* Since this is the max decoded size, subtract 1 "decoded block" len */
2074 	(*namelen) = ecryptfs_max_decoded_size(*namelen) - 3;
2075 	(*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE;
2076 	(*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES;
2077 	/* Worst case is that the filename is padded nearly a full block size */
2078 	(*namelen) -= cipher_blocksize - 1;
2079 
2080 	if ((*namelen) < 0)
2081 		(*namelen) = 0;
2082 
2083 	return 0;
2084 }
2085