xref: /openbmc/linux/fs/ecryptfs/keystore.c (revision 4800cd83)
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27 
28 #include <linux/string.h>
29 #include <linux/syscalls.h>
30 #include <linux/pagemap.h>
31 #include <linux/key.h>
32 #include <linux/random.h>
33 #include <linux/crypto.h>
34 #include <linux/scatterlist.h>
35 #include <linux/slab.h>
36 #include "ecryptfs_kernel.h"
37 
38 /**
39  * request_key returned an error instead of a valid key address;
40  * determine the type of error, make appropriate log entries, and
41  * return an error code.
42  */
43 static int process_request_key_err(long err_code)
44 {
45 	int rc = 0;
46 
47 	switch (err_code) {
48 	case -ENOKEY:
49 		ecryptfs_printk(KERN_WARNING, "No key\n");
50 		rc = -ENOENT;
51 		break;
52 	case -EKEYEXPIRED:
53 		ecryptfs_printk(KERN_WARNING, "Key expired\n");
54 		rc = -ETIME;
55 		break;
56 	case -EKEYREVOKED:
57 		ecryptfs_printk(KERN_WARNING, "Key revoked\n");
58 		rc = -EINVAL;
59 		break;
60 	default:
61 		ecryptfs_printk(KERN_WARNING, "Unknown error code: "
62 				"[0x%.16lx]\n", err_code);
63 		rc = -EINVAL;
64 	}
65 	return rc;
66 }
67 
68 /**
69  * ecryptfs_parse_packet_length
70  * @data: Pointer to memory containing length at offset
71  * @size: This function writes the decoded size to this memory
72  *        address; zero on error
73  * @length_size: The number of bytes occupied by the encoded length
74  *
75  * Returns zero on success; non-zero on error
76  */
77 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
78 				 size_t *length_size)
79 {
80 	int rc = 0;
81 
82 	(*length_size) = 0;
83 	(*size) = 0;
84 	if (data[0] < 192) {
85 		/* One-byte length */
86 		(*size) = (unsigned char)data[0];
87 		(*length_size) = 1;
88 	} else if (data[0] < 224) {
89 		/* Two-byte length */
90 		(*size) = (((unsigned char)(data[0]) - 192) * 256);
91 		(*size) += ((unsigned char)(data[1]) + 192);
92 		(*length_size) = 2;
93 	} else if (data[0] == 255) {
94 		/* Five-byte length; we're not supposed to see this */
95 		ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
96 				"supported\n");
97 		rc = -EINVAL;
98 		goto out;
99 	} else {
100 		ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
101 		rc = -EINVAL;
102 		goto out;
103 	}
104 out:
105 	return rc;
106 }
107 
108 /**
109  * ecryptfs_write_packet_length
110  * @dest: The byte array target into which to write the length. Must
111  *        have at least 5 bytes allocated.
112  * @size: The length to write.
113  * @packet_size_length: The number of bytes used to encode the packet
114  *                      length is written to this address.
115  *
116  * Returns zero on success; non-zero on error.
117  */
118 int ecryptfs_write_packet_length(char *dest, size_t size,
119 				 size_t *packet_size_length)
120 {
121 	int rc = 0;
122 
123 	if (size < 192) {
124 		dest[0] = size;
125 		(*packet_size_length) = 1;
126 	} else if (size < 65536) {
127 		dest[0] = (((size - 192) / 256) + 192);
128 		dest[1] = ((size - 192) % 256);
129 		(*packet_size_length) = 2;
130 	} else {
131 		rc = -EINVAL;
132 		ecryptfs_printk(KERN_WARNING,
133 				"Unsupported packet size: [%zd]\n", size);
134 	}
135 	return rc;
136 }
137 
138 static int
139 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
140 		    char **packet, size_t *packet_len)
141 {
142 	size_t i = 0;
143 	size_t data_len;
144 	size_t packet_size_len;
145 	char *message;
146 	int rc;
147 
148 	/*
149 	 *              ***** TAG 64 Packet Format *****
150 	 *    | Content Type                       | 1 byte       |
151 	 *    | Key Identifier Size                | 1 or 2 bytes |
152 	 *    | Key Identifier                     | arbitrary    |
153 	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
154 	 *    | Encrypted File Encryption Key      | arbitrary    |
155 	 */
156 	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
157 		    + session_key->encrypted_key_size);
158 	*packet = kmalloc(data_len, GFP_KERNEL);
159 	message = *packet;
160 	if (!message) {
161 		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
162 		rc = -ENOMEM;
163 		goto out;
164 	}
165 	message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
166 	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
167 					  &packet_size_len);
168 	if (rc) {
169 		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
170 				"header; cannot generate packet length\n");
171 		goto out;
172 	}
173 	i += packet_size_len;
174 	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
175 	i += ECRYPTFS_SIG_SIZE_HEX;
176 	rc = ecryptfs_write_packet_length(&message[i],
177 					  session_key->encrypted_key_size,
178 					  &packet_size_len);
179 	if (rc) {
180 		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
181 				"header; cannot generate packet length\n");
182 		goto out;
183 	}
184 	i += packet_size_len;
185 	memcpy(&message[i], session_key->encrypted_key,
186 	       session_key->encrypted_key_size);
187 	i += session_key->encrypted_key_size;
188 	*packet_len = i;
189 out:
190 	return rc;
191 }
192 
193 static int
194 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
195 		    struct ecryptfs_message *msg)
196 {
197 	size_t i = 0;
198 	char *data;
199 	size_t data_len;
200 	size_t m_size;
201 	size_t message_len;
202 	u16 checksum = 0;
203 	u16 expected_checksum = 0;
204 	int rc;
205 
206 	/*
207 	 *              ***** TAG 65 Packet Format *****
208 	 *         | Content Type             | 1 byte       |
209 	 *         | Status Indicator         | 1 byte       |
210 	 *         | File Encryption Key Size | 1 or 2 bytes |
211 	 *         | File Encryption Key      | arbitrary    |
212 	 */
213 	message_len = msg->data_len;
214 	data = msg->data;
215 	if (message_len < 4) {
216 		rc = -EIO;
217 		goto out;
218 	}
219 	if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
220 		ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
221 		rc = -EIO;
222 		goto out;
223 	}
224 	if (data[i++]) {
225 		ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
226 				"[%d]\n", data[i-1]);
227 		rc = -EIO;
228 		goto out;
229 	}
230 	rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
231 	if (rc) {
232 		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
233 				"rc = [%d]\n", rc);
234 		goto out;
235 	}
236 	i += data_len;
237 	if (message_len < (i + m_size)) {
238 		ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
239 				"is shorter than expected\n");
240 		rc = -EIO;
241 		goto out;
242 	}
243 	if (m_size < 3) {
244 		ecryptfs_printk(KERN_ERR,
245 				"The decrypted key is not long enough to "
246 				"include a cipher code and checksum\n");
247 		rc = -EIO;
248 		goto out;
249 	}
250 	*cipher_code = data[i++];
251 	/* The decrypted key includes 1 byte cipher code and 2 byte checksum */
252 	session_key->decrypted_key_size = m_size - 3;
253 	if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
254 		ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
255 				"the maximum key size [%d]\n",
256 				session_key->decrypted_key_size,
257 				ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
258 		rc = -EIO;
259 		goto out;
260 	}
261 	memcpy(session_key->decrypted_key, &data[i],
262 	       session_key->decrypted_key_size);
263 	i += session_key->decrypted_key_size;
264 	expected_checksum += (unsigned char)(data[i++]) << 8;
265 	expected_checksum += (unsigned char)(data[i++]);
266 	for (i = 0; i < session_key->decrypted_key_size; i++)
267 		checksum += session_key->decrypted_key[i];
268 	if (expected_checksum != checksum) {
269 		ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
270 				"encryption  key; expected [%x]; calculated "
271 				"[%x]\n", expected_checksum, checksum);
272 		rc = -EIO;
273 	}
274 out:
275 	return rc;
276 }
277 
278 
279 static int
280 write_tag_66_packet(char *signature, u8 cipher_code,
281 		    struct ecryptfs_crypt_stat *crypt_stat, char **packet,
282 		    size_t *packet_len)
283 {
284 	size_t i = 0;
285 	size_t j;
286 	size_t data_len;
287 	size_t checksum = 0;
288 	size_t packet_size_len;
289 	char *message;
290 	int rc;
291 
292 	/*
293 	 *              ***** TAG 66 Packet Format *****
294 	 *         | Content Type             | 1 byte       |
295 	 *         | Key Identifier Size      | 1 or 2 bytes |
296 	 *         | Key Identifier           | arbitrary    |
297 	 *         | File Encryption Key Size | 1 or 2 bytes |
298 	 *         | File Encryption Key      | arbitrary    |
299 	 */
300 	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
301 	*packet = kmalloc(data_len, GFP_KERNEL);
302 	message = *packet;
303 	if (!message) {
304 		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
305 		rc = -ENOMEM;
306 		goto out;
307 	}
308 	message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
309 	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
310 					  &packet_size_len);
311 	if (rc) {
312 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
313 				"header; cannot generate packet length\n");
314 		goto out;
315 	}
316 	i += packet_size_len;
317 	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
318 	i += ECRYPTFS_SIG_SIZE_HEX;
319 	/* The encrypted key includes 1 byte cipher code and 2 byte checksum */
320 	rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
321 					  &packet_size_len);
322 	if (rc) {
323 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
324 				"header; cannot generate packet length\n");
325 		goto out;
326 	}
327 	i += packet_size_len;
328 	message[i++] = cipher_code;
329 	memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
330 	i += crypt_stat->key_size;
331 	for (j = 0; j < crypt_stat->key_size; j++)
332 		checksum += crypt_stat->key[j];
333 	message[i++] = (checksum / 256) % 256;
334 	message[i++] = (checksum % 256);
335 	*packet_len = i;
336 out:
337 	return rc;
338 }
339 
340 static int
341 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
342 		    struct ecryptfs_message *msg)
343 {
344 	size_t i = 0;
345 	char *data;
346 	size_t data_len;
347 	size_t message_len;
348 	int rc;
349 
350 	/*
351 	 *              ***** TAG 65 Packet Format *****
352 	 *    | Content Type                       | 1 byte       |
353 	 *    | Status Indicator                   | 1 byte       |
354 	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
355 	 *    | Encrypted File Encryption Key      | arbitrary    |
356 	 */
357 	message_len = msg->data_len;
358 	data = msg->data;
359 	/* verify that everything through the encrypted FEK size is present */
360 	if (message_len < 4) {
361 		rc = -EIO;
362 		printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
363 		       "message length is [%d]\n", __func__, message_len, 4);
364 		goto out;
365 	}
366 	if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
367 		rc = -EIO;
368 		printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
369 		       __func__);
370 		goto out;
371 	}
372 	if (data[i++]) {
373 		rc = -EIO;
374 		printk(KERN_ERR "%s: Status indicator has non zero "
375 		       "value [%d]\n", __func__, data[i-1]);
376 
377 		goto out;
378 	}
379 	rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
380 					  &data_len);
381 	if (rc) {
382 		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
383 				"rc = [%d]\n", rc);
384 		goto out;
385 	}
386 	i += data_len;
387 	if (message_len < (i + key_rec->enc_key_size)) {
388 		rc = -EIO;
389 		printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
390 		       __func__, message_len, (i + key_rec->enc_key_size));
391 		goto out;
392 	}
393 	if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
394 		rc = -EIO;
395 		printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
396 		       "the maximum key size [%d]\n", __func__,
397 		       key_rec->enc_key_size,
398 		       ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
399 		goto out;
400 	}
401 	memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
402 out:
403 	return rc;
404 }
405 
406 static int
407 ecryptfs_find_global_auth_tok_for_sig(
408 	struct ecryptfs_global_auth_tok **global_auth_tok,
409 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
410 {
411 	struct ecryptfs_global_auth_tok *walker;
412 	int rc = 0;
413 
414 	(*global_auth_tok) = NULL;
415 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
416 	list_for_each_entry(walker,
417 			    &mount_crypt_stat->global_auth_tok_list,
418 			    mount_crypt_stat_list) {
419 		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
420 			rc = key_validate(walker->global_auth_tok_key);
421 			if (!rc)
422 				(*global_auth_tok) = walker;
423 			goto out;
424 		}
425 	}
426 	rc = -EINVAL;
427 out:
428 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
429 	return rc;
430 }
431 
432 /**
433  * ecryptfs_find_auth_tok_for_sig
434  * @auth_tok: Set to the matching auth_tok; NULL if not found
435  * @crypt_stat: inode crypt_stat crypto context
436  * @sig: Sig of auth_tok to find
437  *
438  * For now, this function simply looks at the registered auth_tok's
439  * linked off the mount_crypt_stat, so all the auth_toks that can be
440  * used must be registered at mount time. This function could
441  * potentially try a lot harder to find auth_tok's (e.g., by calling
442  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
443  * that static registration of auth_tok's will no longer be necessary.
444  *
445  * Returns zero on no error; non-zero on error
446  */
447 static int
448 ecryptfs_find_auth_tok_for_sig(
449 	struct key **auth_tok_key,
450 	struct ecryptfs_auth_tok **auth_tok,
451 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
452 	char *sig)
453 {
454 	struct ecryptfs_global_auth_tok *global_auth_tok;
455 	int rc = 0;
456 
457 	(*auth_tok_key) = NULL;
458 	(*auth_tok) = NULL;
459 	if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
460 						  mount_crypt_stat, sig)) {
461 
462 		/* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
463 		 * mount_crypt_stat structure, we prevent to use auth toks that
464 		 * are not inserted through the ecryptfs_add_global_auth_tok
465 		 * function.
466 		 */
467 		if (mount_crypt_stat->flags
468 				& ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
469 			return -EINVAL;
470 
471 		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
472 						       sig);
473 	} else
474 		(*auth_tok) = global_auth_tok->global_auth_tok;
475 	return rc;
476 }
477 
478 /**
479  * write_tag_70_packet can gobble a lot of stack space. We stuff most
480  * of the function's parameters in a kmalloc'd struct to help reduce
481  * eCryptfs' overall stack usage.
482  */
483 struct ecryptfs_write_tag_70_packet_silly_stack {
484 	u8 cipher_code;
485 	size_t max_packet_size;
486 	size_t packet_size_len;
487 	size_t block_aligned_filename_size;
488 	size_t block_size;
489 	size_t i;
490 	size_t j;
491 	size_t num_rand_bytes;
492 	struct mutex *tfm_mutex;
493 	char *block_aligned_filename;
494 	struct ecryptfs_auth_tok *auth_tok;
495 	struct scatterlist src_sg;
496 	struct scatterlist dst_sg;
497 	struct blkcipher_desc desc;
498 	char iv[ECRYPTFS_MAX_IV_BYTES];
499 	char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
500 	char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
501 	struct hash_desc hash_desc;
502 	struct scatterlist hash_sg;
503 };
504 
505 /**
506  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
507  * @filename: NULL-terminated filename string
508  *
509  * This is the simplest mechanism for achieving filename encryption in
510  * eCryptfs. It encrypts the given filename with the mount-wide
511  * filename encryption key (FNEK) and stores it in a packet to @dest,
512  * which the callee will encode and write directly into the dentry
513  * name.
514  */
515 int
516 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
517 			     size_t *packet_size,
518 			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
519 			     char *filename, size_t filename_size)
520 {
521 	struct ecryptfs_write_tag_70_packet_silly_stack *s;
522 	struct key *auth_tok_key = NULL;
523 	int rc = 0;
524 
525 	s = kmalloc(sizeof(*s), GFP_KERNEL);
526 	if (!s) {
527 		printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
528 		       "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
529 		rc = -ENOMEM;
530 		goto out;
531 	}
532 	s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
533 	(*packet_size) = 0;
534 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
535 		&s->desc.tfm,
536 		&s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
537 	if (unlikely(rc)) {
538 		printk(KERN_ERR "Internal error whilst attempting to get "
539 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
540 		       mount_crypt_stat->global_default_fn_cipher_name, rc);
541 		goto out;
542 	}
543 	mutex_lock(s->tfm_mutex);
544 	s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
545 	/* Plus one for the \0 separator between the random prefix
546 	 * and the plaintext filename */
547 	s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
548 	s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
549 	if ((s->block_aligned_filename_size % s->block_size) != 0) {
550 		s->num_rand_bytes += (s->block_size
551 				      - (s->block_aligned_filename_size
552 					 % s->block_size));
553 		s->block_aligned_filename_size = (s->num_rand_bytes
554 						  + filename_size);
555 	}
556 	/* Octet 0: Tag 70 identifier
557 	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
558 	 *              and block-aligned encrypted filename size)
559 	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
560 	 * Octet N2-N3: Cipher identifier (1 octet)
561 	 * Octets N3-N4: Block-aligned encrypted filename
562 	 *  - Consists of a minimum number of random characters, a \0
563 	 *    separator, and then the filename */
564 	s->max_packet_size = (1                   /* Tag 70 identifier */
565 			      + 3                 /* Max Tag 70 packet size */
566 			      + ECRYPTFS_SIG_SIZE /* FNEK sig */
567 			      + 1                 /* Cipher identifier */
568 			      + s->block_aligned_filename_size);
569 	if (dest == NULL) {
570 		(*packet_size) = s->max_packet_size;
571 		goto out_unlock;
572 	}
573 	if (s->max_packet_size > (*remaining_bytes)) {
574 		printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
575 		       "[%zd] available\n", __func__, s->max_packet_size,
576 		       (*remaining_bytes));
577 		rc = -EINVAL;
578 		goto out_unlock;
579 	}
580 	s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
581 					    GFP_KERNEL);
582 	if (!s->block_aligned_filename) {
583 		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
584 		       "kzalloc [%zd] bytes\n", __func__,
585 		       s->block_aligned_filename_size);
586 		rc = -ENOMEM;
587 		goto out_unlock;
588 	}
589 	s->i = 0;
590 	dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
591 	rc = ecryptfs_write_packet_length(&dest[s->i],
592 					  (ECRYPTFS_SIG_SIZE
593 					   + 1 /* Cipher code */
594 					   + s->block_aligned_filename_size),
595 					  &s->packet_size_len);
596 	if (rc) {
597 		printk(KERN_ERR "%s: Error generating tag 70 packet "
598 		       "header; cannot generate packet length; rc = [%d]\n",
599 		       __func__, rc);
600 		goto out_free_unlock;
601 	}
602 	s->i += s->packet_size_len;
603 	ecryptfs_from_hex(&dest[s->i],
604 			  mount_crypt_stat->global_default_fnek_sig,
605 			  ECRYPTFS_SIG_SIZE);
606 	s->i += ECRYPTFS_SIG_SIZE;
607 	s->cipher_code = ecryptfs_code_for_cipher_string(
608 		mount_crypt_stat->global_default_fn_cipher_name,
609 		mount_crypt_stat->global_default_fn_cipher_key_bytes);
610 	if (s->cipher_code == 0) {
611 		printk(KERN_WARNING "%s: Unable to generate code for "
612 		       "cipher [%s] with key bytes [%zd]\n", __func__,
613 		       mount_crypt_stat->global_default_fn_cipher_name,
614 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
615 		rc = -EINVAL;
616 		goto out_free_unlock;
617 	}
618 	dest[s->i++] = s->cipher_code;
619 	rc = ecryptfs_find_auth_tok_for_sig(
620 		&auth_tok_key,
621 		&s->auth_tok, mount_crypt_stat,
622 		mount_crypt_stat->global_default_fnek_sig);
623 	if (rc) {
624 		printk(KERN_ERR "%s: Error attempting to find auth tok for "
625 		       "fnek sig [%s]; rc = [%d]\n", __func__,
626 		       mount_crypt_stat->global_default_fnek_sig, rc);
627 		goto out_free_unlock;
628 	}
629 	/* TODO: Support other key modules than passphrase for
630 	 * filename encryption */
631 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
632 		rc = -EOPNOTSUPP;
633 		printk(KERN_INFO "%s: Filename encryption only supports "
634 		       "password tokens\n", __func__);
635 		goto out_free_unlock;
636 	}
637 	sg_init_one(
638 		&s->hash_sg,
639 		(u8 *)s->auth_tok->token.password.session_key_encryption_key,
640 		s->auth_tok->token.password.session_key_encryption_key_bytes);
641 	s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
642 	s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
643 					     CRYPTO_ALG_ASYNC);
644 	if (IS_ERR(s->hash_desc.tfm)) {
645 			rc = PTR_ERR(s->hash_desc.tfm);
646 			printk(KERN_ERR "%s: Error attempting to "
647 			       "allocate hash crypto context; rc = [%d]\n",
648 			       __func__, rc);
649 			goto out_free_unlock;
650 	}
651 	rc = crypto_hash_init(&s->hash_desc);
652 	if (rc) {
653 		printk(KERN_ERR
654 		       "%s: Error initializing crypto hash; rc = [%d]\n",
655 		       __func__, rc);
656 		goto out_release_free_unlock;
657 	}
658 	rc = crypto_hash_update(
659 		&s->hash_desc, &s->hash_sg,
660 		s->auth_tok->token.password.session_key_encryption_key_bytes);
661 	if (rc) {
662 		printk(KERN_ERR
663 		       "%s: Error updating crypto hash; rc = [%d]\n",
664 		       __func__, rc);
665 		goto out_release_free_unlock;
666 	}
667 	rc = crypto_hash_final(&s->hash_desc, s->hash);
668 	if (rc) {
669 		printk(KERN_ERR
670 		       "%s: Error finalizing crypto hash; rc = [%d]\n",
671 		       __func__, rc);
672 		goto out_release_free_unlock;
673 	}
674 	for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
675 		s->block_aligned_filename[s->j] =
676 			s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
677 		if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
678 		    == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
679 			sg_init_one(&s->hash_sg, (u8 *)s->hash,
680 				    ECRYPTFS_TAG_70_DIGEST_SIZE);
681 			rc = crypto_hash_init(&s->hash_desc);
682 			if (rc) {
683 				printk(KERN_ERR
684 				       "%s: Error initializing crypto hash; "
685 				       "rc = [%d]\n", __func__, rc);
686 				goto out_release_free_unlock;
687 			}
688 			rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
689 						ECRYPTFS_TAG_70_DIGEST_SIZE);
690 			if (rc) {
691 				printk(KERN_ERR
692 				       "%s: Error updating crypto hash; "
693 				       "rc = [%d]\n", __func__, rc);
694 				goto out_release_free_unlock;
695 			}
696 			rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
697 			if (rc) {
698 				printk(KERN_ERR
699 				       "%s: Error finalizing crypto hash; "
700 				       "rc = [%d]\n", __func__, rc);
701 				goto out_release_free_unlock;
702 			}
703 			memcpy(s->hash, s->tmp_hash,
704 			       ECRYPTFS_TAG_70_DIGEST_SIZE);
705 		}
706 		if (s->block_aligned_filename[s->j] == '\0')
707 			s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
708 	}
709 	memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
710 	       filename_size);
711 	rc = virt_to_scatterlist(s->block_aligned_filename,
712 				 s->block_aligned_filename_size, &s->src_sg, 1);
713 	if (rc != 1) {
714 		printk(KERN_ERR "%s: Internal error whilst attempting to "
715 		       "convert filename memory to scatterlist; "
716 		       "expected rc = 1; got rc = [%d]. "
717 		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
718 		       s->block_aligned_filename_size);
719 		goto out_release_free_unlock;
720 	}
721 	rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
722 				 &s->dst_sg, 1);
723 	if (rc != 1) {
724 		printk(KERN_ERR "%s: Internal error whilst attempting to "
725 		       "convert encrypted filename memory to scatterlist; "
726 		       "expected rc = 1; got rc = [%d]. "
727 		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
728 		       s->block_aligned_filename_size);
729 		goto out_release_free_unlock;
730 	}
731 	/* The characters in the first block effectively do the job
732 	 * of the IV here, so we just use 0's for the IV. Note the
733 	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
734 	 * >= ECRYPTFS_MAX_IV_BYTES. */
735 	memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
736 	s->desc.info = s->iv;
737 	rc = crypto_blkcipher_setkey(
738 		s->desc.tfm,
739 		s->auth_tok->token.password.session_key_encryption_key,
740 		mount_crypt_stat->global_default_fn_cipher_key_bytes);
741 	if (rc < 0) {
742 		printk(KERN_ERR "%s: Error setting key for crypto context; "
743 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
744 		       "encryption_key = [0x%p]; mount_crypt_stat->"
745 		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
746 		       rc,
747 		       s->auth_tok->token.password.session_key_encryption_key,
748 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
749 		goto out_release_free_unlock;
750 	}
751 	rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
752 					 s->block_aligned_filename_size);
753 	if (rc) {
754 		printk(KERN_ERR "%s: Error attempting to encrypt filename; "
755 		       "rc = [%d]\n", __func__, rc);
756 		goto out_release_free_unlock;
757 	}
758 	s->i += s->block_aligned_filename_size;
759 	(*packet_size) = s->i;
760 	(*remaining_bytes) -= (*packet_size);
761 out_release_free_unlock:
762 	crypto_free_hash(s->hash_desc.tfm);
763 out_free_unlock:
764 	kzfree(s->block_aligned_filename);
765 out_unlock:
766 	mutex_unlock(s->tfm_mutex);
767 out:
768 	if (auth_tok_key)
769 		key_put(auth_tok_key);
770 	kfree(s);
771 	return rc;
772 }
773 
774 struct ecryptfs_parse_tag_70_packet_silly_stack {
775 	u8 cipher_code;
776 	size_t max_packet_size;
777 	size_t packet_size_len;
778 	size_t parsed_tag_70_packet_size;
779 	size_t block_aligned_filename_size;
780 	size_t block_size;
781 	size_t i;
782 	struct mutex *tfm_mutex;
783 	char *decrypted_filename;
784 	struct ecryptfs_auth_tok *auth_tok;
785 	struct scatterlist src_sg;
786 	struct scatterlist dst_sg;
787 	struct blkcipher_desc desc;
788 	char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
789 	char iv[ECRYPTFS_MAX_IV_BYTES];
790 	char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
791 };
792 
793 /**
794  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
795  * @filename: This function kmalloc's the memory for the filename
796  * @filename_size: This function sets this to the amount of memory
797  *                 kmalloc'd for the filename
798  * @packet_size: This function sets this to the the number of octets
799  *               in the packet parsed
800  * @mount_crypt_stat: The mount-wide cryptographic context
801  * @data: The memory location containing the start of the tag 70
802  *        packet
803  * @max_packet_size: The maximum legal size of the packet to be parsed
804  *                   from @data
805  *
806  * Returns zero on success; non-zero otherwise
807  */
808 int
809 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
810 			     size_t *packet_size,
811 			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
812 			     char *data, size_t max_packet_size)
813 {
814 	struct ecryptfs_parse_tag_70_packet_silly_stack *s;
815 	struct key *auth_tok_key = NULL;
816 	int rc = 0;
817 
818 	(*packet_size) = 0;
819 	(*filename_size) = 0;
820 	(*filename) = NULL;
821 	s = kmalloc(sizeof(*s), GFP_KERNEL);
822 	if (!s) {
823 		printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
824 		       "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
825 		rc = -ENOMEM;
826 		goto out;
827 	}
828 	s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
829 	if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
830 		printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
831 		       "at least [%d]\n", __func__, max_packet_size,
832 			(1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
833 		rc = -EINVAL;
834 		goto out;
835 	}
836 	/* Octet 0: Tag 70 identifier
837 	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
838 	 *              and block-aligned encrypted filename size)
839 	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
840 	 * Octet N2-N3: Cipher identifier (1 octet)
841 	 * Octets N3-N4: Block-aligned encrypted filename
842 	 *  - Consists of a minimum number of random numbers, a \0
843 	 *    separator, and then the filename */
844 	if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
845 		printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
846 		       "tag [0x%.2x]\n", __func__,
847 		       data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
848 		rc = -EINVAL;
849 		goto out;
850 	}
851 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
852 					  &s->parsed_tag_70_packet_size,
853 					  &s->packet_size_len);
854 	if (rc) {
855 		printk(KERN_WARNING "%s: Error parsing packet length; "
856 		       "rc = [%d]\n", __func__, rc);
857 		goto out;
858 	}
859 	s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
860 					  - ECRYPTFS_SIG_SIZE - 1);
861 	if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
862 	    > max_packet_size) {
863 		printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
864 		       "size is [%zd]\n", __func__, max_packet_size,
865 		       (1 + s->packet_size_len + 1
866 			+ s->block_aligned_filename_size));
867 		rc = -EINVAL;
868 		goto out;
869 	}
870 	(*packet_size) += s->packet_size_len;
871 	ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
872 			ECRYPTFS_SIG_SIZE);
873 	s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
874 	(*packet_size) += ECRYPTFS_SIG_SIZE;
875 	s->cipher_code = data[(*packet_size)++];
876 	rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
877 	if (rc) {
878 		printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
879 		       __func__, s->cipher_code);
880 		goto out;
881 	}
882 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
883 							&s->tfm_mutex,
884 							s->cipher_string);
885 	if (unlikely(rc)) {
886 		printk(KERN_ERR "Internal error whilst attempting to get "
887 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
888 		       s->cipher_string, rc);
889 		goto out;
890 	}
891 	mutex_lock(s->tfm_mutex);
892 	rc = virt_to_scatterlist(&data[(*packet_size)],
893 				 s->block_aligned_filename_size, &s->src_sg, 1);
894 	if (rc != 1) {
895 		printk(KERN_ERR "%s: Internal error whilst attempting to "
896 		       "convert encrypted filename memory to scatterlist; "
897 		       "expected rc = 1; got rc = [%d]. "
898 		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
899 		       s->block_aligned_filename_size);
900 		goto out_unlock;
901 	}
902 	(*packet_size) += s->block_aligned_filename_size;
903 	s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
904 					GFP_KERNEL);
905 	if (!s->decrypted_filename) {
906 		printk(KERN_ERR "%s: Out of memory whilst attempting to "
907 		       "kmalloc [%zd] bytes\n", __func__,
908 		       s->block_aligned_filename_size);
909 		rc = -ENOMEM;
910 		goto out_unlock;
911 	}
912 	rc = virt_to_scatterlist(s->decrypted_filename,
913 				 s->block_aligned_filename_size, &s->dst_sg, 1);
914 	if (rc != 1) {
915 		printk(KERN_ERR "%s: Internal error whilst attempting to "
916 		       "convert decrypted filename memory to scatterlist; "
917 		       "expected rc = 1; got rc = [%d]. "
918 		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
919 		       s->block_aligned_filename_size);
920 		goto out_free_unlock;
921 	}
922 	/* The characters in the first block effectively do the job of
923 	 * the IV here, so we just use 0's for the IV. Note the
924 	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
925 	 * >= ECRYPTFS_MAX_IV_BYTES. */
926 	memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
927 	s->desc.info = s->iv;
928 	rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
929 					    &s->auth_tok, mount_crypt_stat,
930 					    s->fnek_sig_hex);
931 	if (rc) {
932 		printk(KERN_ERR "%s: Error attempting to find auth tok for "
933 		       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
934 		       rc);
935 		goto out_free_unlock;
936 	}
937 	/* TODO: Support other key modules than passphrase for
938 	 * filename encryption */
939 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
940 		rc = -EOPNOTSUPP;
941 		printk(KERN_INFO "%s: Filename encryption only supports "
942 		       "password tokens\n", __func__);
943 		goto out_free_unlock;
944 	}
945 	rc = crypto_blkcipher_setkey(
946 		s->desc.tfm,
947 		s->auth_tok->token.password.session_key_encryption_key,
948 		mount_crypt_stat->global_default_fn_cipher_key_bytes);
949 	if (rc < 0) {
950 		printk(KERN_ERR "%s: Error setting key for crypto context; "
951 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
952 		       "encryption_key = [0x%p]; mount_crypt_stat->"
953 		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
954 		       rc,
955 		       s->auth_tok->token.password.session_key_encryption_key,
956 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
957 		goto out_free_unlock;
958 	}
959 	rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
960 					 s->block_aligned_filename_size);
961 	if (rc) {
962 		printk(KERN_ERR "%s: Error attempting to decrypt filename; "
963 		       "rc = [%d]\n", __func__, rc);
964 		goto out_free_unlock;
965 	}
966 	s->i = 0;
967 	while (s->decrypted_filename[s->i] != '\0'
968 	       && s->i < s->block_aligned_filename_size)
969 		s->i++;
970 	if (s->i == s->block_aligned_filename_size) {
971 		printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
972 		       "find valid separator between random characters and "
973 		       "the filename\n", __func__);
974 		rc = -EINVAL;
975 		goto out_free_unlock;
976 	}
977 	s->i++;
978 	(*filename_size) = (s->block_aligned_filename_size - s->i);
979 	if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
980 		printk(KERN_WARNING "%s: Filename size is [%zd], which is "
981 		       "invalid\n", __func__, (*filename_size));
982 		rc = -EINVAL;
983 		goto out_free_unlock;
984 	}
985 	(*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
986 	if (!(*filename)) {
987 		printk(KERN_ERR "%s: Out of memory whilst attempting to "
988 		       "kmalloc [%zd] bytes\n", __func__,
989 		       ((*filename_size) + 1));
990 		rc = -ENOMEM;
991 		goto out_free_unlock;
992 	}
993 	memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
994 	(*filename)[(*filename_size)] = '\0';
995 out_free_unlock:
996 	kfree(s->decrypted_filename);
997 out_unlock:
998 	mutex_unlock(s->tfm_mutex);
999 out:
1000 	if (rc) {
1001 		(*packet_size) = 0;
1002 		(*filename_size) = 0;
1003 		(*filename) = NULL;
1004 	}
1005 	if (auth_tok_key)
1006 		key_put(auth_tok_key);
1007 	kfree(s);
1008 	return rc;
1009 }
1010 
1011 static int
1012 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1013 {
1014 	int rc = 0;
1015 
1016 	(*sig) = NULL;
1017 	switch (auth_tok->token_type) {
1018 	case ECRYPTFS_PASSWORD:
1019 		(*sig) = auth_tok->token.password.signature;
1020 		break;
1021 	case ECRYPTFS_PRIVATE_KEY:
1022 		(*sig) = auth_tok->token.private_key.signature;
1023 		break;
1024 	default:
1025 		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1026 		       auth_tok->token_type);
1027 		rc = -EINVAL;
1028 	}
1029 	return rc;
1030 }
1031 
1032 /**
1033  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1034  * @auth_tok: The key authentication token used to decrypt the session key
1035  * @crypt_stat: The cryptographic context
1036  *
1037  * Returns zero on success; non-zero error otherwise.
1038  */
1039 static int
1040 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1041 				  struct ecryptfs_crypt_stat *crypt_stat)
1042 {
1043 	u8 cipher_code = 0;
1044 	struct ecryptfs_msg_ctx *msg_ctx;
1045 	struct ecryptfs_message *msg = NULL;
1046 	char *auth_tok_sig;
1047 	char *payload;
1048 	size_t payload_len;
1049 	int rc;
1050 
1051 	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1052 	if (rc) {
1053 		printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1054 		       auth_tok->token_type);
1055 		goto out;
1056 	}
1057 	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1058 				 &payload, &payload_len);
1059 	if (rc) {
1060 		ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1061 		goto out;
1062 	}
1063 	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1064 	if (rc) {
1065 		ecryptfs_printk(KERN_ERR, "Error sending message to "
1066 				"ecryptfsd\n");
1067 		goto out;
1068 	}
1069 	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1070 	if (rc) {
1071 		ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1072 				"from the user space daemon\n");
1073 		rc = -EIO;
1074 		goto out;
1075 	}
1076 	rc = parse_tag_65_packet(&(auth_tok->session_key),
1077 				 &cipher_code, msg);
1078 	if (rc) {
1079 		printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1080 		       rc);
1081 		goto out;
1082 	}
1083 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1084 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1085 	       auth_tok->session_key.decrypted_key_size);
1086 	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1087 	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1088 	if (rc) {
1089 		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1090 				cipher_code)
1091 		goto out;
1092 	}
1093 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1094 	if (ecryptfs_verbosity > 0) {
1095 		ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1096 		ecryptfs_dump_hex(crypt_stat->key,
1097 				  crypt_stat->key_size);
1098 	}
1099 out:
1100 	if (msg)
1101 		kfree(msg);
1102 	return rc;
1103 }
1104 
1105 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1106 {
1107 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1108 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1109 
1110 	list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1111 				 auth_tok_list_head, list) {
1112 		list_del(&auth_tok_list_item->list);
1113 		kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1114 				auth_tok_list_item);
1115 	}
1116 }
1117 
1118 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1119 
1120 /**
1121  * parse_tag_1_packet
1122  * @crypt_stat: The cryptographic context to modify based on packet contents
1123  * @data: The raw bytes of the packet.
1124  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1125  *                 a new authentication token will be placed at the
1126  *                 end of this list for this packet.
1127  * @new_auth_tok: Pointer to a pointer to memory that this function
1128  *                allocates; sets the memory address of the pointer to
1129  *                NULL on error. This object is added to the
1130  *                auth_tok_list.
1131  * @packet_size: This function writes the size of the parsed packet
1132  *               into this memory location; zero on error.
1133  * @max_packet_size: The maximum allowable packet size
1134  *
1135  * Returns zero on success; non-zero on error.
1136  */
1137 static int
1138 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1139 		   unsigned char *data, struct list_head *auth_tok_list,
1140 		   struct ecryptfs_auth_tok **new_auth_tok,
1141 		   size_t *packet_size, size_t max_packet_size)
1142 {
1143 	size_t body_size;
1144 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1145 	size_t length_size;
1146 	int rc = 0;
1147 
1148 	(*packet_size) = 0;
1149 	(*new_auth_tok) = NULL;
1150 	/**
1151 	 * This format is inspired by OpenPGP; see RFC 2440
1152 	 * packet tag 1
1153 	 *
1154 	 * Tag 1 identifier (1 byte)
1155 	 * Max Tag 1 packet size (max 3 bytes)
1156 	 * Version (1 byte)
1157 	 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1158 	 * Cipher identifier (1 byte)
1159 	 * Encrypted key size (arbitrary)
1160 	 *
1161 	 * 12 bytes minimum packet size
1162 	 */
1163 	if (unlikely(max_packet_size < 12)) {
1164 		printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1165 		rc = -EINVAL;
1166 		goto out;
1167 	}
1168 	if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1169 		printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1170 		       ECRYPTFS_TAG_1_PACKET_TYPE);
1171 		rc = -EINVAL;
1172 		goto out;
1173 	}
1174 	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1175 	 * at end of function upon failure */
1176 	auth_tok_list_item =
1177 		kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1178 				  GFP_KERNEL);
1179 	if (!auth_tok_list_item) {
1180 		printk(KERN_ERR "Unable to allocate memory\n");
1181 		rc = -ENOMEM;
1182 		goto out;
1183 	}
1184 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1185 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1186 					  &length_size);
1187 	if (rc) {
1188 		printk(KERN_WARNING "Error parsing packet length; "
1189 		       "rc = [%d]\n", rc);
1190 		goto out_free;
1191 	}
1192 	if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1193 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1194 		rc = -EINVAL;
1195 		goto out_free;
1196 	}
1197 	(*packet_size) += length_size;
1198 	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1199 		printk(KERN_WARNING "Packet size exceeds max\n");
1200 		rc = -EINVAL;
1201 		goto out_free;
1202 	}
1203 	if (unlikely(data[(*packet_size)++] != 0x03)) {
1204 		printk(KERN_WARNING "Unknown version number [%d]\n",
1205 		       data[(*packet_size) - 1]);
1206 		rc = -EINVAL;
1207 		goto out_free;
1208 	}
1209 	ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1210 			&data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1211 	*packet_size += ECRYPTFS_SIG_SIZE;
1212 	/* This byte is skipped because the kernel does not need to
1213 	 * know which public key encryption algorithm was used */
1214 	(*packet_size)++;
1215 	(*new_auth_tok)->session_key.encrypted_key_size =
1216 		body_size - (ECRYPTFS_SIG_SIZE + 2);
1217 	if ((*new_auth_tok)->session_key.encrypted_key_size
1218 	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1219 		printk(KERN_WARNING "Tag 1 packet contains key larger "
1220 		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1221 		rc = -EINVAL;
1222 		goto out;
1223 	}
1224 	memcpy((*new_auth_tok)->session_key.encrypted_key,
1225 	       &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1226 	(*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1227 	(*new_auth_tok)->session_key.flags &=
1228 		~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1229 	(*new_auth_tok)->session_key.flags |=
1230 		ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1231 	(*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1232 	(*new_auth_tok)->flags = 0;
1233 	(*new_auth_tok)->session_key.flags &=
1234 		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1235 	(*new_auth_tok)->session_key.flags &=
1236 		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1237 	list_add(&auth_tok_list_item->list, auth_tok_list);
1238 	goto out;
1239 out_free:
1240 	(*new_auth_tok) = NULL;
1241 	memset(auth_tok_list_item, 0,
1242 	       sizeof(struct ecryptfs_auth_tok_list_item));
1243 	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1244 			auth_tok_list_item);
1245 out:
1246 	if (rc)
1247 		(*packet_size) = 0;
1248 	return rc;
1249 }
1250 
1251 /**
1252  * parse_tag_3_packet
1253  * @crypt_stat: The cryptographic context to modify based on packet
1254  *              contents.
1255  * @data: The raw bytes of the packet.
1256  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1257  *                 a new authentication token will be placed at the end
1258  *                 of this list for this packet.
1259  * @new_auth_tok: Pointer to a pointer to memory that this function
1260  *                allocates; sets the memory address of the pointer to
1261  *                NULL on error. This object is added to the
1262  *                auth_tok_list.
1263  * @packet_size: This function writes the size of the parsed packet
1264  *               into this memory location; zero on error.
1265  * @max_packet_size: maximum number of bytes to parse
1266  *
1267  * Returns zero on success; non-zero on error.
1268  */
1269 static int
1270 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1271 		   unsigned char *data, struct list_head *auth_tok_list,
1272 		   struct ecryptfs_auth_tok **new_auth_tok,
1273 		   size_t *packet_size, size_t max_packet_size)
1274 {
1275 	size_t body_size;
1276 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1277 	size_t length_size;
1278 	int rc = 0;
1279 
1280 	(*packet_size) = 0;
1281 	(*new_auth_tok) = NULL;
1282 	/**
1283 	 *This format is inspired by OpenPGP; see RFC 2440
1284 	 * packet tag 3
1285 	 *
1286 	 * Tag 3 identifier (1 byte)
1287 	 * Max Tag 3 packet size (max 3 bytes)
1288 	 * Version (1 byte)
1289 	 * Cipher code (1 byte)
1290 	 * S2K specifier (1 byte)
1291 	 * Hash identifier (1 byte)
1292 	 * Salt (ECRYPTFS_SALT_SIZE)
1293 	 * Hash iterations (1 byte)
1294 	 * Encrypted key (arbitrary)
1295 	 *
1296 	 * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1297 	 */
1298 	if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1299 		printk(KERN_ERR "Max packet size too large\n");
1300 		rc = -EINVAL;
1301 		goto out;
1302 	}
1303 	if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1304 		printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1305 		       ECRYPTFS_TAG_3_PACKET_TYPE);
1306 		rc = -EINVAL;
1307 		goto out;
1308 	}
1309 	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1310 	 * at end of function upon failure */
1311 	auth_tok_list_item =
1312 	    kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1313 	if (!auth_tok_list_item) {
1314 		printk(KERN_ERR "Unable to allocate memory\n");
1315 		rc = -ENOMEM;
1316 		goto out;
1317 	}
1318 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1319 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1320 					  &length_size);
1321 	if (rc) {
1322 		printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1323 		       rc);
1324 		goto out_free;
1325 	}
1326 	if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1327 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1328 		rc = -EINVAL;
1329 		goto out_free;
1330 	}
1331 	(*packet_size) += length_size;
1332 	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1333 		printk(KERN_ERR "Packet size exceeds max\n");
1334 		rc = -EINVAL;
1335 		goto out_free;
1336 	}
1337 	(*new_auth_tok)->session_key.encrypted_key_size =
1338 		(body_size - (ECRYPTFS_SALT_SIZE + 5));
1339 	if ((*new_auth_tok)->session_key.encrypted_key_size
1340 	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1341 		printk(KERN_WARNING "Tag 3 packet contains key larger "
1342 		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1343 		rc = -EINVAL;
1344 		goto out_free;
1345 	}
1346 	if (unlikely(data[(*packet_size)++] != 0x04)) {
1347 		printk(KERN_WARNING "Unknown version number [%d]\n",
1348 		       data[(*packet_size) - 1]);
1349 		rc = -EINVAL;
1350 		goto out_free;
1351 	}
1352 	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1353 					    (u16)data[(*packet_size)]);
1354 	if (rc)
1355 		goto out_free;
1356 	/* A little extra work to differentiate among the AES key
1357 	 * sizes; see RFC2440 */
1358 	switch(data[(*packet_size)++]) {
1359 	case RFC2440_CIPHER_AES_192:
1360 		crypt_stat->key_size = 24;
1361 		break;
1362 	default:
1363 		crypt_stat->key_size =
1364 			(*new_auth_tok)->session_key.encrypted_key_size;
1365 	}
1366 	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1367 	if (rc)
1368 		goto out_free;
1369 	if (unlikely(data[(*packet_size)++] != 0x03)) {
1370 		printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1371 		rc = -ENOSYS;
1372 		goto out_free;
1373 	}
1374 	/* TODO: finish the hash mapping */
1375 	switch (data[(*packet_size)++]) {
1376 	case 0x01: /* See RFC2440 for these numbers and their mappings */
1377 		/* Choose MD5 */
1378 		memcpy((*new_auth_tok)->token.password.salt,
1379 		       &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1380 		(*packet_size) += ECRYPTFS_SALT_SIZE;
1381 		/* This conversion was taken straight from RFC2440 */
1382 		(*new_auth_tok)->token.password.hash_iterations =
1383 			((u32) 16 + (data[(*packet_size)] & 15))
1384 				<< ((data[(*packet_size)] >> 4) + 6);
1385 		(*packet_size)++;
1386 		/* Friendly reminder:
1387 		 * (*new_auth_tok)->session_key.encrypted_key_size =
1388 		 *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1389 		memcpy((*new_auth_tok)->session_key.encrypted_key,
1390 		       &data[(*packet_size)],
1391 		       (*new_auth_tok)->session_key.encrypted_key_size);
1392 		(*packet_size) +=
1393 			(*new_auth_tok)->session_key.encrypted_key_size;
1394 		(*new_auth_tok)->session_key.flags &=
1395 			~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1396 		(*new_auth_tok)->session_key.flags |=
1397 			ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1398 		(*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1399 		break;
1400 	default:
1401 		ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1402 				"[%d]\n", data[(*packet_size) - 1]);
1403 		rc = -ENOSYS;
1404 		goto out_free;
1405 	}
1406 	(*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1407 	/* TODO: Parametarize; we might actually want userspace to
1408 	 * decrypt the session key. */
1409 	(*new_auth_tok)->session_key.flags &=
1410 			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1411 	(*new_auth_tok)->session_key.flags &=
1412 			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1413 	list_add(&auth_tok_list_item->list, auth_tok_list);
1414 	goto out;
1415 out_free:
1416 	(*new_auth_tok) = NULL;
1417 	memset(auth_tok_list_item, 0,
1418 	       sizeof(struct ecryptfs_auth_tok_list_item));
1419 	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1420 			auth_tok_list_item);
1421 out:
1422 	if (rc)
1423 		(*packet_size) = 0;
1424 	return rc;
1425 }
1426 
1427 /**
1428  * parse_tag_11_packet
1429  * @data: The raw bytes of the packet
1430  * @contents: This function writes the data contents of the literal
1431  *            packet into this memory location
1432  * @max_contents_bytes: The maximum number of bytes that this function
1433  *                      is allowed to write into contents
1434  * @tag_11_contents_size: This function writes the size of the parsed
1435  *                        contents into this memory location; zero on
1436  *                        error
1437  * @packet_size: This function writes the size of the parsed packet
1438  *               into this memory location; zero on error
1439  * @max_packet_size: maximum number of bytes to parse
1440  *
1441  * Returns zero on success; non-zero on error.
1442  */
1443 static int
1444 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1445 		    size_t max_contents_bytes, size_t *tag_11_contents_size,
1446 		    size_t *packet_size, size_t max_packet_size)
1447 {
1448 	size_t body_size;
1449 	size_t length_size;
1450 	int rc = 0;
1451 
1452 	(*packet_size) = 0;
1453 	(*tag_11_contents_size) = 0;
1454 	/* This format is inspired by OpenPGP; see RFC 2440
1455 	 * packet tag 11
1456 	 *
1457 	 * Tag 11 identifier (1 byte)
1458 	 * Max Tag 11 packet size (max 3 bytes)
1459 	 * Binary format specifier (1 byte)
1460 	 * Filename length (1 byte)
1461 	 * Filename ("_CONSOLE") (8 bytes)
1462 	 * Modification date (4 bytes)
1463 	 * Literal data (arbitrary)
1464 	 *
1465 	 * We need at least 16 bytes of data for the packet to even be
1466 	 * valid.
1467 	 */
1468 	if (max_packet_size < 16) {
1469 		printk(KERN_ERR "Maximum packet size too small\n");
1470 		rc = -EINVAL;
1471 		goto out;
1472 	}
1473 	if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1474 		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1475 		rc = -EINVAL;
1476 		goto out;
1477 	}
1478 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1479 					  &length_size);
1480 	if (rc) {
1481 		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1482 		goto out;
1483 	}
1484 	if (body_size < 14) {
1485 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1486 		rc = -EINVAL;
1487 		goto out;
1488 	}
1489 	(*packet_size) += length_size;
1490 	(*tag_11_contents_size) = (body_size - 14);
1491 	if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1492 		printk(KERN_ERR "Packet size exceeds max\n");
1493 		rc = -EINVAL;
1494 		goto out;
1495 	}
1496 	if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1497 		printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1498 		       "expected size\n");
1499 		rc = -EINVAL;
1500 		goto out;
1501 	}
1502 	if (data[(*packet_size)++] != 0x62) {
1503 		printk(KERN_WARNING "Unrecognizable packet\n");
1504 		rc = -EINVAL;
1505 		goto out;
1506 	}
1507 	if (data[(*packet_size)++] != 0x08) {
1508 		printk(KERN_WARNING "Unrecognizable packet\n");
1509 		rc = -EINVAL;
1510 		goto out;
1511 	}
1512 	(*packet_size) += 12; /* Ignore filename and modification date */
1513 	memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1514 	(*packet_size) += (*tag_11_contents_size);
1515 out:
1516 	if (rc) {
1517 		(*packet_size) = 0;
1518 		(*tag_11_contents_size) = 0;
1519 	}
1520 	return rc;
1521 }
1522 
1523 /**
1524  * ecryptfs_verify_version
1525  * @version: The version number to confirm
1526  *
1527  * Returns zero on good version; non-zero otherwise
1528  */
1529 static int ecryptfs_verify_version(u16 version)
1530 {
1531 	int rc = 0;
1532 	unsigned char major;
1533 	unsigned char minor;
1534 
1535 	major = ((version >> 8) & 0xFF);
1536 	minor = (version & 0xFF);
1537 	if (major != ECRYPTFS_VERSION_MAJOR) {
1538 		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1539 				"Expected [%d]; got [%d]\n",
1540 				ECRYPTFS_VERSION_MAJOR, major);
1541 		rc = -EINVAL;
1542 		goto out;
1543 	}
1544 	if (minor != ECRYPTFS_VERSION_MINOR) {
1545 		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1546 				"Expected [%d]; got [%d]\n",
1547 				ECRYPTFS_VERSION_MINOR, minor);
1548 		rc = -EINVAL;
1549 		goto out;
1550 	}
1551 out:
1552 	return rc;
1553 }
1554 
1555 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1556 				      struct ecryptfs_auth_tok **auth_tok,
1557 				      char *sig)
1558 {
1559 	int rc = 0;
1560 
1561 	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1562 	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1563 		printk(KERN_ERR "Could not find key with description: [%s]\n",
1564 		       sig);
1565 		rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1566 		goto out;
1567 	}
1568 	(*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
1569 	if (ecryptfs_verify_version((*auth_tok)->version)) {
1570 		printk(KERN_ERR
1571 		       "Data structure version mismatch. "
1572 		       "Userspace tools must match eCryptfs "
1573 		       "kernel module with major version [%d] "
1574 		       "and minor version [%d]\n",
1575 		       ECRYPTFS_VERSION_MAJOR,
1576 		       ECRYPTFS_VERSION_MINOR);
1577 		rc = -EINVAL;
1578 		goto out_release_key;
1579 	}
1580 	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1581 	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1582 		printk(KERN_ERR "Invalid auth_tok structure "
1583 		       "returned from key query\n");
1584 		rc = -EINVAL;
1585 		goto out_release_key;
1586 	}
1587 out_release_key:
1588 	if (rc) {
1589 		key_put(*auth_tok_key);
1590 		(*auth_tok_key) = NULL;
1591 	}
1592 out:
1593 	return rc;
1594 }
1595 
1596 /**
1597  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1598  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1599  * @crypt_stat: The cryptographic context
1600  *
1601  * Returns zero on success; non-zero error otherwise
1602  */
1603 static int
1604 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1605 					 struct ecryptfs_crypt_stat *crypt_stat)
1606 {
1607 	struct scatterlist dst_sg[2];
1608 	struct scatterlist src_sg[2];
1609 	struct mutex *tfm_mutex;
1610 	struct blkcipher_desc desc = {
1611 		.flags = CRYPTO_TFM_REQ_MAY_SLEEP
1612 	};
1613 	int rc = 0;
1614 
1615 	if (unlikely(ecryptfs_verbosity > 0)) {
1616 		ecryptfs_printk(
1617 			KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1618 			auth_tok->token.password.session_key_encryption_key_bytes);
1619 		ecryptfs_dump_hex(
1620 			auth_tok->token.password.session_key_encryption_key,
1621 			auth_tok->token.password.session_key_encryption_key_bytes);
1622 	}
1623 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1624 							crypt_stat->cipher);
1625 	if (unlikely(rc)) {
1626 		printk(KERN_ERR "Internal error whilst attempting to get "
1627 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1628 		       crypt_stat->cipher, rc);
1629 		goto out;
1630 	}
1631 	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1632 				 auth_tok->session_key.encrypted_key_size,
1633 				 src_sg, 2);
1634 	if (rc < 1 || rc > 2) {
1635 		printk(KERN_ERR "Internal error whilst attempting to convert "
1636 			"auth_tok->session_key.encrypted_key to scatterlist; "
1637 			"expected rc = 1; got rc = [%d]. "
1638 		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1639 			auth_tok->session_key.encrypted_key_size);
1640 		goto out;
1641 	}
1642 	auth_tok->session_key.decrypted_key_size =
1643 		auth_tok->session_key.encrypted_key_size;
1644 	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1645 				 auth_tok->session_key.decrypted_key_size,
1646 				 dst_sg, 2);
1647 	if (rc < 1 || rc > 2) {
1648 		printk(KERN_ERR "Internal error whilst attempting to convert "
1649 			"auth_tok->session_key.decrypted_key to scatterlist; "
1650 			"expected rc = 1; got rc = [%d]\n", rc);
1651 		goto out;
1652 	}
1653 	mutex_lock(tfm_mutex);
1654 	rc = crypto_blkcipher_setkey(
1655 		desc.tfm, auth_tok->token.password.session_key_encryption_key,
1656 		crypt_stat->key_size);
1657 	if (unlikely(rc < 0)) {
1658 		mutex_unlock(tfm_mutex);
1659 		printk(KERN_ERR "Error setting key for crypto context\n");
1660 		rc = -EINVAL;
1661 		goto out;
1662 	}
1663 	rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1664 				      auth_tok->session_key.encrypted_key_size);
1665 	mutex_unlock(tfm_mutex);
1666 	if (unlikely(rc)) {
1667 		printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1668 		goto out;
1669 	}
1670 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1671 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1672 	       auth_tok->session_key.decrypted_key_size);
1673 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1674 	if (unlikely(ecryptfs_verbosity > 0)) {
1675 		ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1676 				crypt_stat->key_size);
1677 		ecryptfs_dump_hex(crypt_stat->key,
1678 				  crypt_stat->key_size);
1679 	}
1680 out:
1681 	return rc;
1682 }
1683 
1684 /**
1685  * ecryptfs_parse_packet_set
1686  * @crypt_stat: The cryptographic context
1687  * @src: Virtual address of region of memory containing the packets
1688  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1689  *
1690  * Get crypt_stat to have the file's session key if the requisite key
1691  * is available to decrypt the session key.
1692  *
1693  * Returns Zero if a valid authentication token was retrieved and
1694  * processed; negative value for file not encrypted or for error
1695  * conditions.
1696  */
1697 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1698 			      unsigned char *src,
1699 			      struct dentry *ecryptfs_dentry)
1700 {
1701 	size_t i = 0;
1702 	size_t found_auth_tok;
1703 	size_t next_packet_is_auth_tok_packet;
1704 	struct list_head auth_tok_list;
1705 	struct ecryptfs_auth_tok *matching_auth_tok;
1706 	struct ecryptfs_auth_tok *candidate_auth_tok;
1707 	char *candidate_auth_tok_sig;
1708 	size_t packet_size;
1709 	struct ecryptfs_auth_tok *new_auth_tok;
1710 	unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1711 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1712 	size_t tag_11_contents_size;
1713 	size_t tag_11_packet_size;
1714 	struct key *auth_tok_key = NULL;
1715 	int rc = 0;
1716 
1717 	INIT_LIST_HEAD(&auth_tok_list);
1718 	/* Parse the header to find as many packets as we can; these will be
1719 	 * added the our &auth_tok_list */
1720 	next_packet_is_auth_tok_packet = 1;
1721 	while (next_packet_is_auth_tok_packet) {
1722 		size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1723 
1724 		switch (src[i]) {
1725 		case ECRYPTFS_TAG_3_PACKET_TYPE:
1726 			rc = parse_tag_3_packet(crypt_stat,
1727 						(unsigned char *)&src[i],
1728 						&auth_tok_list, &new_auth_tok,
1729 						&packet_size, max_packet_size);
1730 			if (rc) {
1731 				ecryptfs_printk(KERN_ERR, "Error parsing "
1732 						"tag 3 packet\n");
1733 				rc = -EIO;
1734 				goto out_wipe_list;
1735 			}
1736 			i += packet_size;
1737 			rc = parse_tag_11_packet((unsigned char *)&src[i],
1738 						 sig_tmp_space,
1739 						 ECRYPTFS_SIG_SIZE,
1740 						 &tag_11_contents_size,
1741 						 &tag_11_packet_size,
1742 						 max_packet_size);
1743 			if (rc) {
1744 				ecryptfs_printk(KERN_ERR, "No valid "
1745 						"(ecryptfs-specific) literal "
1746 						"packet containing "
1747 						"authentication token "
1748 						"signature found after "
1749 						"tag 3 packet\n");
1750 				rc = -EIO;
1751 				goto out_wipe_list;
1752 			}
1753 			i += tag_11_packet_size;
1754 			if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1755 				ecryptfs_printk(KERN_ERR, "Expected "
1756 						"signature of size [%d]; "
1757 						"read size [%zd]\n",
1758 						ECRYPTFS_SIG_SIZE,
1759 						tag_11_contents_size);
1760 				rc = -EIO;
1761 				goto out_wipe_list;
1762 			}
1763 			ecryptfs_to_hex(new_auth_tok->token.password.signature,
1764 					sig_tmp_space, tag_11_contents_size);
1765 			new_auth_tok->token.password.signature[
1766 				ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1767 			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1768 			break;
1769 		case ECRYPTFS_TAG_1_PACKET_TYPE:
1770 			rc = parse_tag_1_packet(crypt_stat,
1771 						(unsigned char *)&src[i],
1772 						&auth_tok_list, &new_auth_tok,
1773 						&packet_size, max_packet_size);
1774 			if (rc) {
1775 				ecryptfs_printk(KERN_ERR, "Error parsing "
1776 						"tag 1 packet\n");
1777 				rc = -EIO;
1778 				goto out_wipe_list;
1779 			}
1780 			i += packet_size;
1781 			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1782 			break;
1783 		case ECRYPTFS_TAG_11_PACKET_TYPE:
1784 			ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1785 					"(Tag 11 not allowed by itself)\n");
1786 			rc = -EIO;
1787 			goto out_wipe_list;
1788 			break;
1789 		default:
1790 			ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1791 					"of the file header; hex value of "
1792 					"character is [0x%.2x]\n", i, src[i]);
1793 			next_packet_is_auth_tok_packet = 0;
1794 		}
1795 	}
1796 	if (list_empty(&auth_tok_list)) {
1797 		printk(KERN_ERR "The lower file appears to be a non-encrypted "
1798 		       "eCryptfs file; this is not supported in this version "
1799 		       "of the eCryptfs kernel module\n");
1800 		rc = -EINVAL;
1801 		goto out;
1802 	}
1803 	/* auth_tok_list contains the set of authentication tokens
1804 	 * parsed from the metadata. We need to find a matching
1805 	 * authentication token that has the secret component(s)
1806 	 * necessary to decrypt the EFEK in the auth_tok parsed from
1807 	 * the metadata. There may be several potential matches, but
1808 	 * just one will be sufficient to decrypt to get the FEK. */
1809 find_next_matching_auth_tok:
1810 	found_auth_tok = 0;
1811 	if (auth_tok_key) {
1812 		key_put(auth_tok_key);
1813 		auth_tok_key = NULL;
1814 	}
1815 	list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1816 		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1817 		if (unlikely(ecryptfs_verbosity > 0)) {
1818 			ecryptfs_printk(KERN_DEBUG,
1819 					"Considering cadidate auth tok:\n");
1820 			ecryptfs_dump_auth_tok(candidate_auth_tok);
1821 		}
1822 		rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1823 					       candidate_auth_tok);
1824 		if (rc) {
1825 			printk(KERN_ERR
1826 			       "Unrecognized candidate auth tok type: [%d]\n",
1827 			       candidate_auth_tok->token_type);
1828 			rc = -EINVAL;
1829 			goto out_wipe_list;
1830 		}
1831 		rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1832 					       &matching_auth_tok,
1833 					       crypt_stat->mount_crypt_stat,
1834 					       candidate_auth_tok_sig);
1835 		if (!rc) {
1836 			found_auth_tok = 1;
1837 			goto found_matching_auth_tok;
1838 		}
1839 	}
1840 	if (!found_auth_tok) {
1841 		ecryptfs_printk(KERN_ERR, "Could not find a usable "
1842 				"authentication token\n");
1843 		rc = -EIO;
1844 		goto out_wipe_list;
1845 	}
1846 found_matching_auth_tok:
1847 	if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1848 		memcpy(&(candidate_auth_tok->token.private_key),
1849 		       &(matching_auth_tok->token.private_key),
1850 		       sizeof(struct ecryptfs_private_key));
1851 		rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1852 						       crypt_stat);
1853 	} else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1854 		memcpy(&(candidate_auth_tok->token.password),
1855 		       &(matching_auth_tok->token.password),
1856 		       sizeof(struct ecryptfs_password));
1857 		rc = decrypt_passphrase_encrypted_session_key(
1858 			candidate_auth_tok, crypt_stat);
1859 	}
1860 	if (rc) {
1861 		struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1862 
1863 		ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1864 				"session key for authentication token with sig "
1865 				"[%.*s]; rc = [%d]. Removing auth tok "
1866 				"candidate from the list and searching for "
1867 				"the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1868 				candidate_auth_tok_sig,	rc);
1869 		list_for_each_entry_safe(auth_tok_list_item,
1870 					 auth_tok_list_item_tmp,
1871 					 &auth_tok_list, list) {
1872 			if (candidate_auth_tok
1873 			    == &auth_tok_list_item->auth_tok) {
1874 				list_del(&auth_tok_list_item->list);
1875 				kmem_cache_free(
1876 					ecryptfs_auth_tok_list_item_cache,
1877 					auth_tok_list_item);
1878 				goto find_next_matching_auth_tok;
1879 			}
1880 		}
1881 		BUG();
1882 	}
1883 	rc = ecryptfs_compute_root_iv(crypt_stat);
1884 	if (rc) {
1885 		ecryptfs_printk(KERN_ERR, "Error computing "
1886 				"the root IV\n");
1887 		goto out_wipe_list;
1888 	}
1889 	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1890 	if (rc) {
1891 		ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1892 				"context for cipher [%s]; rc = [%d]\n",
1893 				crypt_stat->cipher, rc);
1894 	}
1895 out_wipe_list:
1896 	wipe_auth_tok_list(&auth_tok_list);
1897 out:
1898 	if (auth_tok_key)
1899 		key_put(auth_tok_key);
1900 	return rc;
1901 }
1902 
1903 static int
1904 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1905 			struct ecryptfs_crypt_stat *crypt_stat,
1906 			struct ecryptfs_key_record *key_rec)
1907 {
1908 	struct ecryptfs_msg_ctx *msg_ctx = NULL;
1909 	char *payload = NULL;
1910 	size_t payload_len;
1911 	struct ecryptfs_message *msg;
1912 	int rc;
1913 
1914 	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1915 				 ecryptfs_code_for_cipher_string(
1916 					 crypt_stat->cipher,
1917 					 crypt_stat->key_size),
1918 				 crypt_stat, &payload, &payload_len);
1919 	if (rc) {
1920 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1921 		goto out;
1922 	}
1923 	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1924 	if (rc) {
1925 		ecryptfs_printk(KERN_ERR, "Error sending message to "
1926 				"ecryptfsd\n");
1927 		goto out;
1928 	}
1929 	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1930 	if (rc) {
1931 		ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1932 				"from the user space daemon\n");
1933 		rc = -EIO;
1934 		goto out;
1935 	}
1936 	rc = parse_tag_67_packet(key_rec, msg);
1937 	if (rc)
1938 		ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1939 	kfree(msg);
1940 out:
1941 	kfree(payload);
1942 	return rc;
1943 }
1944 /**
1945  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1946  * @dest: Buffer into which to write the packet
1947  * @remaining_bytes: Maximum number of bytes that can be writtn
1948  * @auth_tok: The authentication token used for generating the tag 1 packet
1949  * @crypt_stat: The cryptographic context
1950  * @key_rec: The key record struct for the tag 1 packet
1951  * @packet_size: This function will write the number of bytes that end
1952  *               up constituting the packet; set to zero on error
1953  *
1954  * Returns zero on success; non-zero on error.
1955  */
1956 static int
1957 write_tag_1_packet(char *dest, size_t *remaining_bytes,
1958 		   struct ecryptfs_auth_tok *auth_tok,
1959 		   struct ecryptfs_crypt_stat *crypt_stat,
1960 		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
1961 {
1962 	size_t i;
1963 	size_t encrypted_session_key_valid = 0;
1964 	size_t packet_size_length;
1965 	size_t max_packet_size;
1966 	int rc = 0;
1967 
1968 	(*packet_size) = 0;
1969 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
1970 			  ECRYPTFS_SIG_SIZE);
1971 	encrypted_session_key_valid = 0;
1972 	for (i = 0; i < crypt_stat->key_size; i++)
1973 		encrypted_session_key_valid |=
1974 			auth_tok->session_key.encrypted_key[i];
1975 	if (encrypted_session_key_valid) {
1976 		memcpy(key_rec->enc_key,
1977 		       auth_tok->session_key.encrypted_key,
1978 		       auth_tok->session_key.encrypted_key_size);
1979 		goto encrypted_session_key_set;
1980 	}
1981 	if (auth_tok->session_key.encrypted_key_size == 0)
1982 		auth_tok->session_key.encrypted_key_size =
1983 			auth_tok->token.private_key.key_size;
1984 	rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
1985 	if (rc) {
1986 		printk(KERN_ERR "Failed to encrypt session key via a key "
1987 		       "module; rc = [%d]\n", rc);
1988 		goto out;
1989 	}
1990 	if (ecryptfs_verbosity > 0) {
1991 		ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
1992 		ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
1993 	}
1994 encrypted_session_key_set:
1995 	/* This format is inspired by OpenPGP; see RFC 2440
1996 	 * packet tag 1 */
1997 	max_packet_size = (1                         /* Tag 1 identifier */
1998 			   + 3                       /* Max Tag 1 packet size */
1999 			   + 1                       /* Version */
2000 			   + ECRYPTFS_SIG_SIZE       /* Key identifier */
2001 			   + 1                       /* Cipher identifier */
2002 			   + key_rec->enc_key_size); /* Encrypted key size */
2003 	if (max_packet_size > (*remaining_bytes)) {
2004 		printk(KERN_ERR "Packet length larger than maximum allowable; "
2005 		       "need up to [%td] bytes, but there are only [%td] "
2006 		       "available\n", max_packet_size, (*remaining_bytes));
2007 		rc = -EINVAL;
2008 		goto out;
2009 	}
2010 	dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2011 	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2012 					  (max_packet_size - 4),
2013 					  &packet_size_length);
2014 	if (rc) {
2015 		ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2016 				"header; cannot generate packet length\n");
2017 		goto out;
2018 	}
2019 	(*packet_size) += packet_size_length;
2020 	dest[(*packet_size)++] = 0x03; /* version 3 */
2021 	memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2022 	(*packet_size) += ECRYPTFS_SIG_SIZE;
2023 	dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2024 	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2025 	       key_rec->enc_key_size);
2026 	(*packet_size) += key_rec->enc_key_size;
2027 out:
2028 	if (rc)
2029 		(*packet_size) = 0;
2030 	else
2031 		(*remaining_bytes) -= (*packet_size);
2032 	return rc;
2033 }
2034 
2035 /**
2036  * write_tag_11_packet
2037  * @dest: Target into which Tag 11 packet is to be written
2038  * @remaining_bytes: Maximum packet length
2039  * @contents: Byte array of contents to copy in
2040  * @contents_length: Number of bytes in contents
2041  * @packet_length: Length of the Tag 11 packet written; zero on error
2042  *
2043  * Returns zero on success; non-zero on error.
2044  */
2045 static int
2046 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2047 		    size_t contents_length, size_t *packet_length)
2048 {
2049 	size_t packet_size_length;
2050 	size_t max_packet_size;
2051 	int rc = 0;
2052 
2053 	(*packet_length) = 0;
2054 	/* This format is inspired by OpenPGP; see RFC 2440
2055 	 * packet tag 11 */
2056 	max_packet_size = (1                   /* Tag 11 identifier */
2057 			   + 3                 /* Max Tag 11 packet size */
2058 			   + 1                 /* Binary format specifier */
2059 			   + 1                 /* Filename length */
2060 			   + 8                 /* Filename ("_CONSOLE") */
2061 			   + 4                 /* Modification date */
2062 			   + contents_length); /* Literal data */
2063 	if (max_packet_size > (*remaining_bytes)) {
2064 		printk(KERN_ERR "Packet length larger than maximum allowable; "
2065 		       "need up to [%td] bytes, but there are only [%td] "
2066 		       "available\n", max_packet_size, (*remaining_bytes));
2067 		rc = -EINVAL;
2068 		goto out;
2069 	}
2070 	dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2071 	rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2072 					  (max_packet_size - 4),
2073 					  &packet_size_length);
2074 	if (rc) {
2075 		printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2076 		       "generate packet length. rc = [%d]\n", rc);
2077 		goto out;
2078 	}
2079 	(*packet_length) += packet_size_length;
2080 	dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2081 	dest[(*packet_length)++] = 8;
2082 	memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2083 	(*packet_length) += 8;
2084 	memset(&dest[(*packet_length)], 0x00, 4);
2085 	(*packet_length) += 4;
2086 	memcpy(&dest[(*packet_length)], contents, contents_length);
2087 	(*packet_length) += contents_length;
2088  out:
2089 	if (rc)
2090 		(*packet_length) = 0;
2091 	else
2092 		(*remaining_bytes) -= (*packet_length);
2093 	return rc;
2094 }
2095 
2096 /**
2097  * write_tag_3_packet
2098  * @dest: Buffer into which to write the packet
2099  * @remaining_bytes: Maximum number of bytes that can be written
2100  * @auth_tok: Authentication token
2101  * @crypt_stat: The cryptographic context
2102  * @key_rec: encrypted key
2103  * @packet_size: This function will write the number of bytes that end
2104  *               up constituting the packet; set to zero on error
2105  *
2106  * Returns zero on success; non-zero on error.
2107  */
2108 static int
2109 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2110 		   struct ecryptfs_auth_tok *auth_tok,
2111 		   struct ecryptfs_crypt_stat *crypt_stat,
2112 		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2113 {
2114 	size_t i;
2115 	size_t encrypted_session_key_valid = 0;
2116 	char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2117 	struct scatterlist dst_sg[2];
2118 	struct scatterlist src_sg[2];
2119 	struct mutex *tfm_mutex = NULL;
2120 	u8 cipher_code;
2121 	size_t packet_size_length;
2122 	size_t max_packet_size;
2123 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2124 		crypt_stat->mount_crypt_stat;
2125 	struct blkcipher_desc desc = {
2126 		.tfm = NULL,
2127 		.flags = CRYPTO_TFM_REQ_MAY_SLEEP
2128 	};
2129 	int rc = 0;
2130 
2131 	(*packet_size) = 0;
2132 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2133 			  ECRYPTFS_SIG_SIZE);
2134 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2135 							crypt_stat->cipher);
2136 	if (unlikely(rc)) {
2137 		printk(KERN_ERR "Internal error whilst attempting to get "
2138 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2139 		       crypt_stat->cipher, rc);
2140 		goto out;
2141 	}
2142 	if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2143 		struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2144 
2145 		printk(KERN_WARNING "No key size specified at mount; "
2146 		       "defaulting to [%d]\n", alg->max_keysize);
2147 		mount_crypt_stat->global_default_cipher_key_size =
2148 			alg->max_keysize;
2149 	}
2150 	if (crypt_stat->key_size == 0)
2151 		crypt_stat->key_size =
2152 			mount_crypt_stat->global_default_cipher_key_size;
2153 	if (auth_tok->session_key.encrypted_key_size == 0)
2154 		auth_tok->session_key.encrypted_key_size =
2155 			crypt_stat->key_size;
2156 	if (crypt_stat->key_size == 24
2157 	    && strcmp("aes", crypt_stat->cipher) == 0) {
2158 		memset((crypt_stat->key + 24), 0, 8);
2159 		auth_tok->session_key.encrypted_key_size = 32;
2160 	} else
2161 		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2162 	key_rec->enc_key_size =
2163 		auth_tok->session_key.encrypted_key_size;
2164 	encrypted_session_key_valid = 0;
2165 	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2166 		encrypted_session_key_valid |=
2167 			auth_tok->session_key.encrypted_key[i];
2168 	if (encrypted_session_key_valid) {
2169 		ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2170 				"using auth_tok->session_key.encrypted_key, "
2171 				"where key_rec->enc_key_size = [%zd]\n",
2172 				key_rec->enc_key_size);
2173 		memcpy(key_rec->enc_key,
2174 		       auth_tok->session_key.encrypted_key,
2175 		       key_rec->enc_key_size);
2176 		goto encrypted_session_key_set;
2177 	}
2178 	if (auth_tok->token.password.flags &
2179 	    ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2180 		ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2181 				"session key encryption key of size [%d]\n",
2182 				auth_tok->token.password.
2183 				session_key_encryption_key_bytes);
2184 		memcpy(session_key_encryption_key,
2185 		       auth_tok->token.password.session_key_encryption_key,
2186 		       crypt_stat->key_size);
2187 		ecryptfs_printk(KERN_DEBUG,
2188 				"Cached session key " "encryption key: \n");
2189 		if (ecryptfs_verbosity > 0)
2190 			ecryptfs_dump_hex(session_key_encryption_key, 16);
2191 	}
2192 	if (unlikely(ecryptfs_verbosity > 0)) {
2193 		ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2194 		ecryptfs_dump_hex(session_key_encryption_key, 16);
2195 	}
2196 	rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2197 				 src_sg, 2);
2198 	if (rc < 1 || rc > 2) {
2199 		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2200 				"for crypt_stat session key; expected rc = 1; "
2201 				"got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2202 				rc, key_rec->enc_key_size);
2203 		rc = -ENOMEM;
2204 		goto out;
2205 	}
2206 	rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2207 				 dst_sg, 2);
2208 	if (rc < 1 || rc > 2) {
2209 		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2210 				"for crypt_stat encrypted session key; "
2211 				"expected rc = 1; got rc = [%d]. "
2212 				"key_rec->enc_key_size = [%zd]\n", rc,
2213 				key_rec->enc_key_size);
2214 		rc = -ENOMEM;
2215 		goto out;
2216 	}
2217 	mutex_lock(tfm_mutex);
2218 	rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
2219 				     crypt_stat->key_size);
2220 	if (rc < 0) {
2221 		mutex_unlock(tfm_mutex);
2222 		ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2223 				"context; rc = [%d]\n", rc);
2224 		goto out;
2225 	}
2226 	rc = 0;
2227 	ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2228 			crypt_stat->key_size);
2229 	rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2230 				      (*key_rec).enc_key_size);
2231 	mutex_unlock(tfm_mutex);
2232 	if (rc) {
2233 		printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2234 		goto out;
2235 	}
2236 	ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2237 	if (ecryptfs_verbosity > 0) {
2238 		ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2239 				key_rec->enc_key_size);
2240 		ecryptfs_dump_hex(key_rec->enc_key,
2241 				  key_rec->enc_key_size);
2242 	}
2243 encrypted_session_key_set:
2244 	/* This format is inspired by OpenPGP; see RFC 2440
2245 	 * packet tag 3 */
2246 	max_packet_size = (1                         /* Tag 3 identifier */
2247 			   + 3                       /* Max Tag 3 packet size */
2248 			   + 1                       /* Version */
2249 			   + 1                       /* Cipher code */
2250 			   + 1                       /* S2K specifier */
2251 			   + 1                       /* Hash identifier */
2252 			   + ECRYPTFS_SALT_SIZE      /* Salt */
2253 			   + 1                       /* Hash iterations */
2254 			   + key_rec->enc_key_size); /* Encrypted key size */
2255 	if (max_packet_size > (*remaining_bytes)) {
2256 		printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2257 		       "there are only [%td] available\n", max_packet_size,
2258 		       (*remaining_bytes));
2259 		rc = -EINVAL;
2260 		goto out;
2261 	}
2262 	dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2263 	/* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2264 	 * to get the number of octets in the actual Tag 3 packet */
2265 	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2266 					  (max_packet_size - 4),
2267 					  &packet_size_length);
2268 	if (rc) {
2269 		printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2270 		       "generate packet length. rc = [%d]\n", rc);
2271 		goto out;
2272 	}
2273 	(*packet_size) += packet_size_length;
2274 	dest[(*packet_size)++] = 0x04; /* version 4 */
2275 	/* TODO: Break from RFC2440 so that arbitrary ciphers can be
2276 	 * specified with strings */
2277 	cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2278 						      crypt_stat->key_size);
2279 	if (cipher_code == 0) {
2280 		ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2281 				"cipher [%s]\n", crypt_stat->cipher);
2282 		rc = -EINVAL;
2283 		goto out;
2284 	}
2285 	dest[(*packet_size)++] = cipher_code;
2286 	dest[(*packet_size)++] = 0x03;	/* S2K */
2287 	dest[(*packet_size)++] = 0x01;	/* MD5 (TODO: parameterize) */
2288 	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2289 	       ECRYPTFS_SALT_SIZE);
2290 	(*packet_size) += ECRYPTFS_SALT_SIZE;	/* salt */
2291 	dest[(*packet_size)++] = 0x60;	/* hash iterations (65536) */
2292 	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2293 	       key_rec->enc_key_size);
2294 	(*packet_size) += key_rec->enc_key_size;
2295 out:
2296 	if (rc)
2297 		(*packet_size) = 0;
2298 	else
2299 		(*remaining_bytes) -= (*packet_size);
2300 	return rc;
2301 }
2302 
2303 struct kmem_cache *ecryptfs_key_record_cache;
2304 
2305 /**
2306  * ecryptfs_generate_key_packet_set
2307  * @dest_base: Virtual address from which to write the key record set
2308  * @crypt_stat: The cryptographic context from which the
2309  *              authentication tokens will be retrieved
2310  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2311  *                   for the global parameters
2312  * @len: The amount written
2313  * @max: The maximum amount of data allowed to be written
2314  *
2315  * Generates a key packet set and writes it to the virtual address
2316  * passed in.
2317  *
2318  * Returns zero on success; non-zero on error.
2319  */
2320 int
2321 ecryptfs_generate_key_packet_set(char *dest_base,
2322 				 struct ecryptfs_crypt_stat *crypt_stat,
2323 				 struct dentry *ecryptfs_dentry, size_t *len,
2324 				 size_t max)
2325 {
2326 	struct ecryptfs_auth_tok *auth_tok;
2327 	struct ecryptfs_global_auth_tok *global_auth_tok;
2328 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2329 		&ecryptfs_superblock_to_private(
2330 			ecryptfs_dentry->d_sb)->mount_crypt_stat;
2331 	size_t written;
2332 	struct ecryptfs_key_record *key_rec;
2333 	struct ecryptfs_key_sig *key_sig;
2334 	int rc = 0;
2335 
2336 	(*len) = 0;
2337 	mutex_lock(&crypt_stat->keysig_list_mutex);
2338 	key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2339 	if (!key_rec) {
2340 		rc = -ENOMEM;
2341 		goto out;
2342 	}
2343 	list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2344 			    crypt_stat_list) {
2345 		memset(key_rec, 0, sizeof(*key_rec));
2346 		rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
2347 							   mount_crypt_stat,
2348 							   key_sig->keysig);
2349 		if (rc) {
2350 			printk(KERN_ERR "Error attempting to get the global "
2351 			       "auth_tok; rc = [%d]\n", rc);
2352 			goto out_free;
2353 		}
2354 		if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2355 			printk(KERN_WARNING
2356 			       "Skipping invalid auth tok with sig = [%s]\n",
2357 			       global_auth_tok->sig);
2358 			continue;
2359 		}
2360 		auth_tok = global_auth_tok->global_auth_tok;
2361 		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2362 			rc = write_tag_3_packet((dest_base + (*len)),
2363 						&max, auth_tok,
2364 						crypt_stat, key_rec,
2365 						&written);
2366 			if (rc) {
2367 				ecryptfs_printk(KERN_WARNING, "Error "
2368 						"writing tag 3 packet\n");
2369 				goto out_free;
2370 			}
2371 			(*len) += written;
2372 			/* Write auth tok signature packet */
2373 			rc = write_tag_11_packet((dest_base + (*len)), &max,
2374 						 key_rec->sig,
2375 						 ECRYPTFS_SIG_SIZE, &written);
2376 			if (rc) {
2377 				ecryptfs_printk(KERN_ERR, "Error writing "
2378 						"auth tok signature packet\n");
2379 				goto out_free;
2380 			}
2381 			(*len) += written;
2382 		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2383 			rc = write_tag_1_packet(dest_base + (*len),
2384 						&max, auth_tok,
2385 						crypt_stat, key_rec, &written);
2386 			if (rc) {
2387 				ecryptfs_printk(KERN_WARNING, "Error "
2388 						"writing tag 1 packet\n");
2389 				goto out_free;
2390 			}
2391 			(*len) += written;
2392 		} else {
2393 			ecryptfs_printk(KERN_WARNING, "Unsupported "
2394 					"authentication token type\n");
2395 			rc = -EINVAL;
2396 			goto out_free;
2397 		}
2398 	}
2399 	if (likely(max > 0)) {
2400 		dest_base[(*len)] = 0x00;
2401 	} else {
2402 		ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2403 		rc = -EIO;
2404 	}
2405 out_free:
2406 	kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2407 out:
2408 	if (rc)
2409 		(*len) = 0;
2410 	mutex_unlock(&crypt_stat->keysig_list_mutex);
2411 	return rc;
2412 }
2413 
2414 struct kmem_cache *ecryptfs_key_sig_cache;
2415 
2416 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2417 {
2418 	struct ecryptfs_key_sig *new_key_sig;
2419 
2420 	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2421 	if (!new_key_sig) {
2422 		printk(KERN_ERR
2423 		       "Error allocating from ecryptfs_key_sig_cache\n");
2424 		return -ENOMEM;
2425 	}
2426 	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2427 	/* Caller must hold keysig_list_mutex */
2428 	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2429 
2430 	return 0;
2431 }
2432 
2433 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2434 
2435 int
2436 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2437 			     char *sig, u32 global_auth_tok_flags)
2438 {
2439 	struct ecryptfs_global_auth_tok *new_auth_tok;
2440 	int rc = 0;
2441 
2442 	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2443 					GFP_KERNEL);
2444 	if (!new_auth_tok) {
2445 		rc = -ENOMEM;
2446 		printk(KERN_ERR "Error allocating from "
2447 		       "ecryptfs_global_auth_tok_cache\n");
2448 		goto out;
2449 	}
2450 	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2451 	new_auth_tok->flags = global_auth_tok_flags;
2452 	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2453 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2454 	list_add(&new_auth_tok->mount_crypt_stat_list,
2455 		 &mount_crypt_stat->global_auth_tok_list);
2456 	mount_crypt_stat->num_global_auth_toks++;
2457 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2458 out:
2459 	return rc;
2460 }
2461 
2462