xref: /openbmc/linux/fs/ecryptfs/keystore.c (revision 82e6fdd6)
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27 
28 #include <crypto/hash.h>
29 #include <crypto/skcipher.h>
30 #include <linux/string.h>
31 #include <linux/pagemap.h>
32 #include <linux/key.h>
33 #include <linux/random.h>
34 #include <linux/scatterlist.h>
35 #include <linux/slab.h>
36 #include "ecryptfs_kernel.h"
37 
38 /**
39  * request_key returned an error instead of a valid key address;
40  * determine the type of error, make appropriate log entries, and
41  * return an error code.
42  */
43 static int process_request_key_err(long err_code)
44 {
45 	int rc = 0;
46 
47 	switch (err_code) {
48 	case -ENOKEY:
49 		ecryptfs_printk(KERN_WARNING, "No key\n");
50 		rc = -ENOENT;
51 		break;
52 	case -EKEYEXPIRED:
53 		ecryptfs_printk(KERN_WARNING, "Key expired\n");
54 		rc = -ETIME;
55 		break;
56 	case -EKEYREVOKED:
57 		ecryptfs_printk(KERN_WARNING, "Key revoked\n");
58 		rc = -EINVAL;
59 		break;
60 	default:
61 		ecryptfs_printk(KERN_WARNING, "Unknown error code: "
62 				"[0x%.16lx]\n", err_code);
63 		rc = -EINVAL;
64 	}
65 	return rc;
66 }
67 
68 static int process_find_global_auth_tok_for_sig_err(int err_code)
69 {
70 	int rc = err_code;
71 
72 	switch (err_code) {
73 	case -ENOENT:
74 		ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
75 		break;
76 	case -EINVAL:
77 		ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
78 		break;
79 	default:
80 		rc = process_request_key_err(err_code);
81 		break;
82 	}
83 	return rc;
84 }
85 
86 /**
87  * ecryptfs_parse_packet_length
88  * @data: Pointer to memory containing length at offset
89  * @size: This function writes the decoded size to this memory
90  *        address; zero on error
91  * @length_size: The number of bytes occupied by the encoded length
92  *
93  * Returns zero on success; non-zero on error
94  */
95 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
96 				 size_t *length_size)
97 {
98 	int rc = 0;
99 
100 	(*length_size) = 0;
101 	(*size) = 0;
102 	if (data[0] < 192) {
103 		/* One-byte length */
104 		(*size) = data[0];
105 		(*length_size) = 1;
106 	} else if (data[0] < 224) {
107 		/* Two-byte length */
108 		(*size) = (data[0] - 192) * 256;
109 		(*size) += data[1] + 192;
110 		(*length_size) = 2;
111 	} else if (data[0] == 255) {
112 		/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
113 		ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
114 				"supported\n");
115 		rc = -EINVAL;
116 		goto out;
117 	} else {
118 		ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
119 		rc = -EINVAL;
120 		goto out;
121 	}
122 out:
123 	return rc;
124 }
125 
126 /**
127  * ecryptfs_write_packet_length
128  * @dest: The byte array target into which to write the length. Must
129  *        have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated.
130  * @size: The length to write.
131  * @packet_size_length: The number of bytes used to encode the packet
132  *                      length is written to this address.
133  *
134  * Returns zero on success; non-zero on error.
135  */
136 int ecryptfs_write_packet_length(char *dest, size_t size,
137 				 size_t *packet_size_length)
138 {
139 	int rc = 0;
140 
141 	if (size < 192) {
142 		dest[0] = size;
143 		(*packet_size_length) = 1;
144 	} else if (size < 65536) {
145 		dest[0] = (((size - 192) / 256) + 192);
146 		dest[1] = ((size - 192) % 256);
147 		(*packet_size_length) = 2;
148 	} else {
149 		/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
150 		rc = -EINVAL;
151 		ecryptfs_printk(KERN_WARNING,
152 				"Unsupported packet size: [%zd]\n", size);
153 	}
154 	return rc;
155 }
156 
157 static int
158 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
159 		    char **packet, size_t *packet_len)
160 {
161 	size_t i = 0;
162 	size_t data_len;
163 	size_t packet_size_len;
164 	char *message;
165 	int rc;
166 
167 	/*
168 	 *              ***** TAG 64 Packet Format *****
169 	 *    | Content Type                       | 1 byte       |
170 	 *    | Key Identifier Size                | 1 or 2 bytes |
171 	 *    | Key Identifier                     | arbitrary    |
172 	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
173 	 *    | Encrypted File Encryption Key      | arbitrary    |
174 	 */
175 	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
176 		    + session_key->encrypted_key_size);
177 	*packet = kmalloc(data_len, GFP_KERNEL);
178 	message = *packet;
179 	if (!message) {
180 		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
181 		rc = -ENOMEM;
182 		goto out;
183 	}
184 	message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
185 	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
186 					  &packet_size_len);
187 	if (rc) {
188 		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
189 				"header; cannot generate packet length\n");
190 		goto out;
191 	}
192 	i += packet_size_len;
193 	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
194 	i += ECRYPTFS_SIG_SIZE_HEX;
195 	rc = ecryptfs_write_packet_length(&message[i],
196 					  session_key->encrypted_key_size,
197 					  &packet_size_len);
198 	if (rc) {
199 		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
200 				"header; cannot generate packet length\n");
201 		goto out;
202 	}
203 	i += packet_size_len;
204 	memcpy(&message[i], session_key->encrypted_key,
205 	       session_key->encrypted_key_size);
206 	i += session_key->encrypted_key_size;
207 	*packet_len = i;
208 out:
209 	return rc;
210 }
211 
212 static int
213 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
214 		    struct ecryptfs_message *msg)
215 {
216 	size_t i = 0;
217 	char *data;
218 	size_t data_len;
219 	size_t m_size;
220 	size_t message_len;
221 	u16 checksum = 0;
222 	u16 expected_checksum = 0;
223 	int rc;
224 
225 	/*
226 	 *              ***** TAG 65 Packet Format *****
227 	 *         | Content Type             | 1 byte       |
228 	 *         | Status Indicator         | 1 byte       |
229 	 *         | File Encryption Key Size | 1 or 2 bytes |
230 	 *         | File Encryption Key      | arbitrary    |
231 	 */
232 	message_len = msg->data_len;
233 	data = msg->data;
234 	if (message_len < 4) {
235 		rc = -EIO;
236 		goto out;
237 	}
238 	if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
239 		ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
240 		rc = -EIO;
241 		goto out;
242 	}
243 	if (data[i++]) {
244 		ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
245 				"[%d]\n", data[i-1]);
246 		rc = -EIO;
247 		goto out;
248 	}
249 	rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
250 	if (rc) {
251 		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
252 				"rc = [%d]\n", rc);
253 		goto out;
254 	}
255 	i += data_len;
256 	if (message_len < (i + m_size)) {
257 		ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
258 				"is shorter than expected\n");
259 		rc = -EIO;
260 		goto out;
261 	}
262 	if (m_size < 3) {
263 		ecryptfs_printk(KERN_ERR,
264 				"The decrypted key is not long enough to "
265 				"include a cipher code and checksum\n");
266 		rc = -EIO;
267 		goto out;
268 	}
269 	*cipher_code = data[i++];
270 	/* The decrypted key includes 1 byte cipher code and 2 byte checksum */
271 	session_key->decrypted_key_size = m_size - 3;
272 	if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
273 		ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
274 				"the maximum key size [%d]\n",
275 				session_key->decrypted_key_size,
276 				ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
277 		rc = -EIO;
278 		goto out;
279 	}
280 	memcpy(session_key->decrypted_key, &data[i],
281 	       session_key->decrypted_key_size);
282 	i += session_key->decrypted_key_size;
283 	expected_checksum += (unsigned char)(data[i++]) << 8;
284 	expected_checksum += (unsigned char)(data[i++]);
285 	for (i = 0; i < session_key->decrypted_key_size; i++)
286 		checksum += session_key->decrypted_key[i];
287 	if (expected_checksum != checksum) {
288 		ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
289 				"encryption  key; expected [%x]; calculated "
290 				"[%x]\n", expected_checksum, checksum);
291 		rc = -EIO;
292 	}
293 out:
294 	return rc;
295 }
296 
297 
298 static int
299 write_tag_66_packet(char *signature, u8 cipher_code,
300 		    struct ecryptfs_crypt_stat *crypt_stat, char **packet,
301 		    size_t *packet_len)
302 {
303 	size_t i = 0;
304 	size_t j;
305 	size_t data_len;
306 	size_t checksum = 0;
307 	size_t packet_size_len;
308 	char *message;
309 	int rc;
310 
311 	/*
312 	 *              ***** TAG 66 Packet Format *****
313 	 *         | Content Type             | 1 byte       |
314 	 *         | Key Identifier Size      | 1 or 2 bytes |
315 	 *         | Key Identifier           | arbitrary    |
316 	 *         | File Encryption Key Size | 1 or 2 bytes |
317 	 *         | File Encryption Key      | arbitrary    |
318 	 */
319 	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
320 	*packet = kmalloc(data_len, GFP_KERNEL);
321 	message = *packet;
322 	if (!message) {
323 		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
324 		rc = -ENOMEM;
325 		goto out;
326 	}
327 	message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
328 	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
329 					  &packet_size_len);
330 	if (rc) {
331 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
332 				"header; cannot generate packet length\n");
333 		goto out;
334 	}
335 	i += packet_size_len;
336 	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
337 	i += ECRYPTFS_SIG_SIZE_HEX;
338 	/* The encrypted key includes 1 byte cipher code and 2 byte checksum */
339 	rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
340 					  &packet_size_len);
341 	if (rc) {
342 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
343 				"header; cannot generate packet length\n");
344 		goto out;
345 	}
346 	i += packet_size_len;
347 	message[i++] = cipher_code;
348 	memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
349 	i += crypt_stat->key_size;
350 	for (j = 0; j < crypt_stat->key_size; j++)
351 		checksum += crypt_stat->key[j];
352 	message[i++] = (checksum / 256) % 256;
353 	message[i++] = (checksum % 256);
354 	*packet_len = i;
355 out:
356 	return rc;
357 }
358 
359 static int
360 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
361 		    struct ecryptfs_message *msg)
362 {
363 	size_t i = 0;
364 	char *data;
365 	size_t data_len;
366 	size_t message_len;
367 	int rc;
368 
369 	/*
370 	 *              ***** TAG 65 Packet Format *****
371 	 *    | Content Type                       | 1 byte       |
372 	 *    | Status Indicator                   | 1 byte       |
373 	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
374 	 *    | Encrypted File Encryption Key      | arbitrary    |
375 	 */
376 	message_len = msg->data_len;
377 	data = msg->data;
378 	/* verify that everything through the encrypted FEK size is present */
379 	if (message_len < 4) {
380 		rc = -EIO;
381 		printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
382 		       "message length is [%d]\n", __func__, message_len, 4);
383 		goto out;
384 	}
385 	if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
386 		rc = -EIO;
387 		printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
388 		       __func__);
389 		goto out;
390 	}
391 	if (data[i++]) {
392 		rc = -EIO;
393 		printk(KERN_ERR "%s: Status indicator has non zero "
394 		       "value [%d]\n", __func__, data[i-1]);
395 
396 		goto out;
397 	}
398 	rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
399 					  &data_len);
400 	if (rc) {
401 		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
402 				"rc = [%d]\n", rc);
403 		goto out;
404 	}
405 	i += data_len;
406 	if (message_len < (i + key_rec->enc_key_size)) {
407 		rc = -EIO;
408 		printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
409 		       __func__, message_len, (i + key_rec->enc_key_size));
410 		goto out;
411 	}
412 	if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
413 		rc = -EIO;
414 		printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
415 		       "the maximum key size [%d]\n", __func__,
416 		       key_rec->enc_key_size,
417 		       ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
418 		goto out;
419 	}
420 	memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
421 out:
422 	return rc;
423 }
424 
425 /**
426  * ecryptfs_verify_version
427  * @version: The version number to confirm
428  *
429  * Returns zero on good version; non-zero otherwise
430  */
431 static int ecryptfs_verify_version(u16 version)
432 {
433 	int rc = 0;
434 	unsigned char major;
435 	unsigned char minor;
436 
437 	major = ((version >> 8) & 0xFF);
438 	minor = (version & 0xFF);
439 	if (major != ECRYPTFS_VERSION_MAJOR) {
440 		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
441 				"Expected [%d]; got [%d]\n",
442 				ECRYPTFS_VERSION_MAJOR, major);
443 		rc = -EINVAL;
444 		goto out;
445 	}
446 	if (minor != ECRYPTFS_VERSION_MINOR) {
447 		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
448 				"Expected [%d]; got [%d]\n",
449 				ECRYPTFS_VERSION_MINOR, minor);
450 		rc = -EINVAL;
451 		goto out;
452 	}
453 out:
454 	return rc;
455 }
456 
457 /**
458  * ecryptfs_verify_auth_tok_from_key
459  * @auth_tok_key: key containing the authentication token
460  * @auth_tok: authentication token
461  *
462  * Returns zero on valid auth tok; -EINVAL if the payload is invalid; or
463  * -EKEYREVOKED if the key was revoked before we acquired its semaphore.
464  */
465 static int
466 ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
467 				  struct ecryptfs_auth_tok **auth_tok)
468 {
469 	int rc = 0;
470 
471 	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
472 	if (IS_ERR(*auth_tok)) {
473 		rc = PTR_ERR(*auth_tok);
474 		*auth_tok = NULL;
475 		goto out;
476 	}
477 
478 	if (ecryptfs_verify_version((*auth_tok)->version)) {
479 		printk(KERN_ERR "Data structure version mismatch. Userspace "
480 		       "tools must match eCryptfs kernel module with major "
481 		       "version [%d] and minor version [%d]\n",
482 		       ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
483 		rc = -EINVAL;
484 		goto out;
485 	}
486 	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
487 	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
488 		printk(KERN_ERR "Invalid auth_tok structure "
489 		       "returned from key query\n");
490 		rc = -EINVAL;
491 		goto out;
492 	}
493 out:
494 	return rc;
495 }
496 
497 static int
498 ecryptfs_find_global_auth_tok_for_sig(
499 	struct key **auth_tok_key,
500 	struct ecryptfs_auth_tok **auth_tok,
501 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
502 {
503 	struct ecryptfs_global_auth_tok *walker;
504 	int rc = 0;
505 
506 	(*auth_tok_key) = NULL;
507 	(*auth_tok) = NULL;
508 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
509 	list_for_each_entry(walker,
510 			    &mount_crypt_stat->global_auth_tok_list,
511 			    mount_crypt_stat_list) {
512 		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
513 			continue;
514 
515 		if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
516 			rc = -EINVAL;
517 			goto out;
518 		}
519 
520 		rc = key_validate(walker->global_auth_tok_key);
521 		if (rc) {
522 			if (rc == -EKEYEXPIRED)
523 				goto out;
524 			goto out_invalid_auth_tok;
525 		}
526 
527 		down_write(&(walker->global_auth_tok_key->sem));
528 		rc = ecryptfs_verify_auth_tok_from_key(
529 				walker->global_auth_tok_key, auth_tok);
530 		if (rc)
531 			goto out_invalid_auth_tok_unlock;
532 
533 		(*auth_tok_key) = walker->global_auth_tok_key;
534 		key_get(*auth_tok_key);
535 		goto out;
536 	}
537 	rc = -ENOENT;
538 	goto out;
539 out_invalid_auth_tok_unlock:
540 	up_write(&(walker->global_auth_tok_key->sem));
541 out_invalid_auth_tok:
542 	printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
543 	walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
544 	key_put(walker->global_auth_tok_key);
545 	walker->global_auth_tok_key = NULL;
546 out:
547 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
548 	return rc;
549 }
550 
551 /**
552  * ecryptfs_find_auth_tok_for_sig
553  * @auth_tok: Set to the matching auth_tok; NULL if not found
554  * @crypt_stat: inode crypt_stat crypto context
555  * @sig: Sig of auth_tok to find
556  *
557  * For now, this function simply looks at the registered auth_tok's
558  * linked off the mount_crypt_stat, so all the auth_toks that can be
559  * used must be registered at mount time. This function could
560  * potentially try a lot harder to find auth_tok's (e.g., by calling
561  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
562  * that static registration of auth_tok's will no longer be necessary.
563  *
564  * Returns zero on no error; non-zero on error
565  */
566 static int
567 ecryptfs_find_auth_tok_for_sig(
568 	struct key **auth_tok_key,
569 	struct ecryptfs_auth_tok **auth_tok,
570 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
571 	char *sig)
572 {
573 	int rc = 0;
574 
575 	rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
576 						   mount_crypt_stat, sig);
577 	if (rc == -ENOENT) {
578 		/* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
579 		 * mount_crypt_stat structure, we prevent to use auth toks that
580 		 * are not inserted through the ecryptfs_add_global_auth_tok
581 		 * function.
582 		 */
583 		if (mount_crypt_stat->flags
584 				& ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
585 			return -EINVAL;
586 
587 		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
588 						       sig);
589 	}
590 	return rc;
591 }
592 
593 /**
594  * write_tag_70_packet can gobble a lot of stack space. We stuff most
595  * of the function's parameters in a kmalloc'd struct to help reduce
596  * eCryptfs' overall stack usage.
597  */
598 struct ecryptfs_write_tag_70_packet_silly_stack {
599 	u8 cipher_code;
600 	size_t max_packet_size;
601 	size_t packet_size_len;
602 	size_t block_aligned_filename_size;
603 	size_t block_size;
604 	size_t i;
605 	size_t j;
606 	size_t num_rand_bytes;
607 	struct mutex *tfm_mutex;
608 	char *block_aligned_filename;
609 	struct ecryptfs_auth_tok *auth_tok;
610 	struct scatterlist src_sg[2];
611 	struct scatterlist dst_sg[2];
612 	struct crypto_skcipher *skcipher_tfm;
613 	struct skcipher_request *skcipher_req;
614 	char iv[ECRYPTFS_MAX_IV_BYTES];
615 	char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
616 	char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
617 	struct crypto_shash *hash_tfm;
618 	struct shash_desc *hash_desc;
619 };
620 
621 /**
622  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
623  * @filename: NULL-terminated filename string
624  *
625  * This is the simplest mechanism for achieving filename encryption in
626  * eCryptfs. It encrypts the given filename with the mount-wide
627  * filename encryption key (FNEK) and stores it in a packet to @dest,
628  * which the callee will encode and write directly into the dentry
629  * name.
630  */
631 int
632 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
633 			     size_t *packet_size,
634 			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
635 			     char *filename, size_t filename_size)
636 {
637 	struct ecryptfs_write_tag_70_packet_silly_stack *s;
638 	struct key *auth_tok_key = NULL;
639 	int rc = 0;
640 
641 	s = kzalloc(sizeof(*s), GFP_KERNEL);
642 	if (!s)
643 		return -ENOMEM;
644 
645 	(*packet_size) = 0;
646 	rc = ecryptfs_find_auth_tok_for_sig(
647 		&auth_tok_key,
648 		&s->auth_tok, mount_crypt_stat,
649 		mount_crypt_stat->global_default_fnek_sig);
650 	if (rc) {
651 		printk(KERN_ERR "%s: Error attempting to find auth tok for "
652 		       "fnek sig [%s]; rc = [%d]\n", __func__,
653 		       mount_crypt_stat->global_default_fnek_sig, rc);
654 		goto out;
655 	}
656 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
657 		&s->skcipher_tfm,
658 		&s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
659 	if (unlikely(rc)) {
660 		printk(KERN_ERR "Internal error whilst attempting to get "
661 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
662 		       mount_crypt_stat->global_default_fn_cipher_name, rc);
663 		goto out;
664 	}
665 	mutex_lock(s->tfm_mutex);
666 	s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm);
667 	/* Plus one for the \0 separator between the random prefix
668 	 * and the plaintext filename */
669 	s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
670 	s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
671 	if ((s->block_aligned_filename_size % s->block_size) != 0) {
672 		s->num_rand_bytes += (s->block_size
673 				      - (s->block_aligned_filename_size
674 					 % s->block_size));
675 		s->block_aligned_filename_size = (s->num_rand_bytes
676 						  + filename_size);
677 	}
678 	/* Octet 0: Tag 70 identifier
679 	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
680 	 *              and block-aligned encrypted filename size)
681 	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
682 	 * Octet N2-N3: Cipher identifier (1 octet)
683 	 * Octets N3-N4: Block-aligned encrypted filename
684 	 *  - Consists of a minimum number of random characters, a \0
685 	 *    separator, and then the filename */
686 	s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE
687 			      + s->block_aligned_filename_size);
688 	if (!dest) {
689 		(*packet_size) = s->max_packet_size;
690 		goto out_unlock;
691 	}
692 	if (s->max_packet_size > (*remaining_bytes)) {
693 		printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
694 		       "[%zd] available\n", __func__, s->max_packet_size,
695 		       (*remaining_bytes));
696 		rc = -EINVAL;
697 		goto out_unlock;
698 	}
699 
700 	s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
701 	if (!s->skcipher_req) {
702 		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
703 		       "skcipher_request_alloc for %s\n", __func__,
704 		       crypto_skcipher_driver_name(s->skcipher_tfm));
705 		rc = -ENOMEM;
706 		goto out_unlock;
707 	}
708 
709 	skcipher_request_set_callback(s->skcipher_req,
710 				      CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
711 
712 	s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
713 					    GFP_KERNEL);
714 	if (!s->block_aligned_filename) {
715 		rc = -ENOMEM;
716 		goto out_unlock;
717 	}
718 	dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
719 	rc = ecryptfs_write_packet_length(&dest[s->i],
720 					  (ECRYPTFS_SIG_SIZE
721 					   + 1 /* Cipher code */
722 					   + s->block_aligned_filename_size),
723 					  &s->packet_size_len);
724 	if (rc) {
725 		printk(KERN_ERR "%s: Error generating tag 70 packet "
726 		       "header; cannot generate packet length; rc = [%d]\n",
727 		       __func__, rc);
728 		goto out_free_unlock;
729 	}
730 	s->i += s->packet_size_len;
731 	ecryptfs_from_hex(&dest[s->i],
732 			  mount_crypt_stat->global_default_fnek_sig,
733 			  ECRYPTFS_SIG_SIZE);
734 	s->i += ECRYPTFS_SIG_SIZE;
735 	s->cipher_code = ecryptfs_code_for_cipher_string(
736 		mount_crypt_stat->global_default_fn_cipher_name,
737 		mount_crypt_stat->global_default_fn_cipher_key_bytes);
738 	if (s->cipher_code == 0) {
739 		printk(KERN_WARNING "%s: Unable to generate code for "
740 		       "cipher [%s] with key bytes [%zd]\n", __func__,
741 		       mount_crypt_stat->global_default_fn_cipher_name,
742 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
743 		rc = -EINVAL;
744 		goto out_free_unlock;
745 	}
746 	dest[s->i++] = s->cipher_code;
747 	/* TODO: Support other key modules than passphrase for
748 	 * filename encryption */
749 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
750 		rc = -EOPNOTSUPP;
751 		printk(KERN_INFO "%s: Filename encryption only supports "
752 		       "password tokens\n", __func__);
753 		goto out_free_unlock;
754 	}
755 	s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0);
756 	if (IS_ERR(s->hash_tfm)) {
757 			rc = PTR_ERR(s->hash_tfm);
758 			printk(KERN_ERR "%s: Error attempting to "
759 			       "allocate hash crypto context; rc = [%d]\n",
760 			       __func__, rc);
761 			goto out_free_unlock;
762 	}
763 
764 	s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
765 			       crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
766 	if (!s->hash_desc) {
767 		rc = -ENOMEM;
768 		goto out_release_free_unlock;
769 	}
770 
771 	s->hash_desc->tfm = s->hash_tfm;
772 	s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
773 
774 	rc = crypto_shash_digest(s->hash_desc,
775 				 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
776 				 s->auth_tok->token.password.session_key_encryption_key_bytes,
777 				 s->hash);
778 	if (rc) {
779 		printk(KERN_ERR
780 		       "%s: Error computing crypto hash; rc = [%d]\n",
781 		       __func__, rc);
782 		goto out_release_free_unlock;
783 	}
784 	for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
785 		s->block_aligned_filename[s->j] =
786 			s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
787 		if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
788 		    == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
789 			rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash,
790 						ECRYPTFS_TAG_70_DIGEST_SIZE,
791 						s->tmp_hash);
792 			if (rc) {
793 				printk(KERN_ERR
794 				       "%s: Error computing crypto hash; "
795 				       "rc = [%d]\n", __func__, rc);
796 				goto out_release_free_unlock;
797 			}
798 			memcpy(s->hash, s->tmp_hash,
799 			       ECRYPTFS_TAG_70_DIGEST_SIZE);
800 		}
801 		if (s->block_aligned_filename[s->j] == '\0')
802 			s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
803 	}
804 	memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
805 	       filename_size);
806 	rc = virt_to_scatterlist(s->block_aligned_filename,
807 				 s->block_aligned_filename_size, s->src_sg, 2);
808 	if (rc < 1) {
809 		printk(KERN_ERR "%s: Internal error whilst attempting to "
810 		       "convert filename memory to scatterlist; rc = [%d]. "
811 		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
812 		       s->block_aligned_filename_size);
813 		goto out_release_free_unlock;
814 	}
815 	rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
816 				 s->dst_sg, 2);
817 	if (rc < 1) {
818 		printk(KERN_ERR "%s: Internal error whilst attempting to "
819 		       "convert encrypted filename memory to scatterlist; "
820 		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
821 		       __func__, rc, s->block_aligned_filename_size);
822 		goto out_release_free_unlock;
823 	}
824 	/* The characters in the first block effectively do the job
825 	 * of the IV here, so we just use 0's for the IV. Note the
826 	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
827 	 * >= ECRYPTFS_MAX_IV_BYTES. */
828 	rc = crypto_skcipher_setkey(
829 		s->skcipher_tfm,
830 		s->auth_tok->token.password.session_key_encryption_key,
831 		mount_crypt_stat->global_default_fn_cipher_key_bytes);
832 	if (rc < 0) {
833 		printk(KERN_ERR "%s: Error setting key for crypto context; "
834 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
835 		       "encryption_key = [0x%p]; mount_crypt_stat->"
836 		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
837 		       rc,
838 		       s->auth_tok->token.password.session_key_encryption_key,
839 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
840 		goto out_release_free_unlock;
841 	}
842 	skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
843 				   s->block_aligned_filename_size, s->iv);
844 	rc = crypto_skcipher_encrypt(s->skcipher_req);
845 	if (rc) {
846 		printk(KERN_ERR "%s: Error attempting to encrypt filename; "
847 		       "rc = [%d]\n", __func__, rc);
848 		goto out_release_free_unlock;
849 	}
850 	s->i += s->block_aligned_filename_size;
851 	(*packet_size) = s->i;
852 	(*remaining_bytes) -= (*packet_size);
853 out_release_free_unlock:
854 	crypto_free_shash(s->hash_tfm);
855 out_free_unlock:
856 	kzfree(s->block_aligned_filename);
857 out_unlock:
858 	mutex_unlock(s->tfm_mutex);
859 out:
860 	if (auth_tok_key) {
861 		up_write(&(auth_tok_key->sem));
862 		key_put(auth_tok_key);
863 	}
864 	skcipher_request_free(s->skcipher_req);
865 	kzfree(s->hash_desc);
866 	kfree(s);
867 	return rc;
868 }
869 
870 struct ecryptfs_parse_tag_70_packet_silly_stack {
871 	u8 cipher_code;
872 	size_t max_packet_size;
873 	size_t packet_size_len;
874 	size_t parsed_tag_70_packet_size;
875 	size_t block_aligned_filename_size;
876 	size_t block_size;
877 	size_t i;
878 	struct mutex *tfm_mutex;
879 	char *decrypted_filename;
880 	struct ecryptfs_auth_tok *auth_tok;
881 	struct scatterlist src_sg[2];
882 	struct scatterlist dst_sg[2];
883 	struct crypto_skcipher *skcipher_tfm;
884 	struct skcipher_request *skcipher_req;
885 	char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
886 	char iv[ECRYPTFS_MAX_IV_BYTES];
887 	char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
888 };
889 
890 /**
891  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
892  * @filename: This function kmalloc's the memory for the filename
893  * @filename_size: This function sets this to the amount of memory
894  *                 kmalloc'd for the filename
895  * @packet_size: This function sets this to the the number of octets
896  *               in the packet parsed
897  * @mount_crypt_stat: The mount-wide cryptographic context
898  * @data: The memory location containing the start of the tag 70
899  *        packet
900  * @max_packet_size: The maximum legal size of the packet to be parsed
901  *                   from @data
902  *
903  * Returns zero on success; non-zero otherwise
904  */
905 int
906 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
907 			     size_t *packet_size,
908 			     struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
909 			     char *data, size_t max_packet_size)
910 {
911 	struct ecryptfs_parse_tag_70_packet_silly_stack *s;
912 	struct key *auth_tok_key = NULL;
913 	int rc = 0;
914 
915 	(*packet_size) = 0;
916 	(*filename_size) = 0;
917 	(*filename) = NULL;
918 	s = kzalloc(sizeof(*s), GFP_KERNEL);
919 	if (!s)
920 		return -ENOMEM;
921 
922 	if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
923 		printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
924 		       "at least [%d]\n", __func__, max_packet_size,
925 		       ECRYPTFS_TAG_70_MIN_METADATA_SIZE);
926 		rc = -EINVAL;
927 		goto out;
928 	}
929 	/* Octet 0: Tag 70 identifier
930 	 * Octets 1-N1: Tag 70 packet size (includes cipher identifier
931 	 *              and block-aligned encrypted filename size)
932 	 * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
933 	 * Octet N2-N3: Cipher identifier (1 octet)
934 	 * Octets N3-N4: Block-aligned encrypted filename
935 	 *  - Consists of a minimum number of random numbers, a \0
936 	 *    separator, and then the filename */
937 	if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
938 		printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
939 		       "tag [0x%.2x]\n", __func__,
940 		       data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
941 		rc = -EINVAL;
942 		goto out;
943 	}
944 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
945 					  &s->parsed_tag_70_packet_size,
946 					  &s->packet_size_len);
947 	if (rc) {
948 		printk(KERN_WARNING "%s: Error parsing packet length; "
949 		       "rc = [%d]\n", __func__, rc);
950 		goto out;
951 	}
952 	s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
953 					  - ECRYPTFS_SIG_SIZE - 1);
954 	if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
955 	    > max_packet_size) {
956 		printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
957 		       "size is [%zd]\n", __func__, max_packet_size,
958 		       (1 + s->packet_size_len + 1
959 			+ s->block_aligned_filename_size));
960 		rc = -EINVAL;
961 		goto out;
962 	}
963 	(*packet_size) += s->packet_size_len;
964 	ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
965 			ECRYPTFS_SIG_SIZE);
966 	s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
967 	(*packet_size) += ECRYPTFS_SIG_SIZE;
968 	s->cipher_code = data[(*packet_size)++];
969 	rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
970 	if (rc) {
971 		printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
972 		       __func__, s->cipher_code);
973 		goto out;
974 	}
975 	rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
976 					    &s->auth_tok, mount_crypt_stat,
977 					    s->fnek_sig_hex);
978 	if (rc) {
979 		printk(KERN_ERR "%s: Error attempting to find auth tok for "
980 		       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
981 		       rc);
982 		goto out;
983 	}
984 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm,
985 							&s->tfm_mutex,
986 							s->cipher_string);
987 	if (unlikely(rc)) {
988 		printk(KERN_ERR "Internal error whilst attempting to get "
989 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
990 		       s->cipher_string, rc);
991 		goto out;
992 	}
993 	mutex_lock(s->tfm_mutex);
994 	rc = virt_to_scatterlist(&data[(*packet_size)],
995 				 s->block_aligned_filename_size, s->src_sg, 2);
996 	if (rc < 1) {
997 		printk(KERN_ERR "%s: Internal error whilst attempting to "
998 		       "convert encrypted filename memory to scatterlist; "
999 		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1000 		       __func__, rc, s->block_aligned_filename_size);
1001 		goto out_unlock;
1002 	}
1003 	(*packet_size) += s->block_aligned_filename_size;
1004 	s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
1005 					GFP_KERNEL);
1006 	if (!s->decrypted_filename) {
1007 		rc = -ENOMEM;
1008 		goto out_unlock;
1009 	}
1010 	rc = virt_to_scatterlist(s->decrypted_filename,
1011 				 s->block_aligned_filename_size, s->dst_sg, 2);
1012 	if (rc < 1) {
1013 		printk(KERN_ERR "%s: Internal error whilst attempting to "
1014 		       "convert decrypted filename memory to scatterlist; "
1015 		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1016 		       __func__, rc, s->block_aligned_filename_size);
1017 		goto out_free_unlock;
1018 	}
1019 
1020 	s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL);
1021 	if (!s->skcipher_req) {
1022 		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1023 		       "skcipher_request_alloc for %s\n", __func__,
1024 		       crypto_skcipher_driver_name(s->skcipher_tfm));
1025 		rc = -ENOMEM;
1026 		goto out_free_unlock;
1027 	}
1028 
1029 	skcipher_request_set_callback(s->skcipher_req,
1030 				      CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
1031 
1032 	/* The characters in the first block effectively do the job of
1033 	 * the IV here, so we just use 0's for the IV. Note the
1034 	 * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
1035 	 * >= ECRYPTFS_MAX_IV_BYTES. */
1036 	/* TODO: Support other key modules than passphrase for
1037 	 * filename encryption */
1038 	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
1039 		rc = -EOPNOTSUPP;
1040 		printk(KERN_INFO "%s: Filename encryption only supports "
1041 		       "password tokens\n", __func__);
1042 		goto out_free_unlock;
1043 	}
1044 	rc = crypto_skcipher_setkey(
1045 		s->skcipher_tfm,
1046 		s->auth_tok->token.password.session_key_encryption_key,
1047 		mount_crypt_stat->global_default_fn_cipher_key_bytes);
1048 	if (rc < 0) {
1049 		printk(KERN_ERR "%s: Error setting key for crypto context; "
1050 		       "rc = [%d]. s->auth_tok->token.password.session_key_"
1051 		       "encryption_key = [0x%p]; mount_crypt_stat->"
1052 		       "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
1053 		       rc,
1054 		       s->auth_tok->token.password.session_key_encryption_key,
1055 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
1056 		goto out_free_unlock;
1057 	}
1058 	skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg,
1059 				   s->block_aligned_filename_size, s->iv);
1060 	rc = crypto_skcipher_decrypt(s->skcipher_req);
1061 	if (rc) {
1062 		printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1063 		       "rc = [%d]\n", __func__, rc);
1064 		goto out_free_unlock;
1065 	}
1066 	while (s->decrypted_filename[s->i] != '\0'
1067 	       && s->i < s->block_aligned_filename_size)
1068 		s->i++;
1069 	if (s->i == s->block_aligned_filename_size) {
1070 		printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
1071 		       "find valid separator between random characters and "
1072 		       "the filename\n", __func__);
1073 		rc = -EINVAL;
1074 		goto out_free_unlock;
1075 	}
1076 	s->i++;
1077 	(*filename_size) = (s->block_aligned_filename_size - s->i);
1078 	if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
1079 		printk(KERN_WARNING "%s: Filename size is [%zd], which is "
1080 		       "invalid\n", __func__, (*filename_size));
1081 		rc = -EINVAL;
1082 		goto out_free_unlock;
1083 	}
1084 	(*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
1085 	if (!(*filename)) {
1086 		rc = -ENOMEM;
1087 		goto out_free_unlock;
1088 	}
1089 	memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
1090 	(*filename)[(*filename_size)] = '\0';
1091 out_free_unlock:
1092 	kfree(s->decrypted_filename);
1093 out_unlock:
1094 	mutex_unlock(s->tfm_mutex);
1095 out:
1096 	if (rc) {
1097 		(*packet_size) = 0;
1098 		(*filename_size) = 0;
1099 		(*filename) = NULL;
1100 	}
1101 	if (auth_tok_key) {
1102 		up_write(&(auth_tok_key->sem));
1103 		key_put(auth_tok_key);
1104 	}
1105 	skcipher_request_free(s->skcipher_req);
1106 	kfree(s);
1107 	return rc;
1108 }
1109 
1110 static int
1111 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1112 {
1113 	int rc = 0;
1114 
1115 	(*sig) = NULL;
1116 	switch (auth_tok->token_type) {
1117 	case ECRYPTFS_PASSWORD:
1118 		(*sig) = auth_tok->token.password.signature;
1119 		break;
1120 	case ECRYPTFS_PRIVATE_KEY:
1121 		(*sig) = auth_tok->token.private_key.signature;
1122 		break;
1123 	default:
1124 		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1125 		       auth_tok->token_type);
1126 		rc = -EINVAL;
1127 	}
1128 	return rc;
1129 }
1130 
1131 /**
1132  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1133  * @auth_tok: The key authentication token used to decrypt the session key
1134  * @crypt_stat: The cryptographic context
1135  *
1136  * Returns zero on success; non-zero error otherwise.
1137  */
1138 static int
1139 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1140 				  struct ecryptfs_crypt_stat *crypt_stat)
1141 {
1142 	u8 cipher_code = 0;
1143 	struct ecryptfs_msg_ctx *msg_ctx;
1144 	struct ecryptfs_message *msg = NULL;
1145 	char *auth_tok_sig;
1146 	char *payload = NULL;
1147 	size_t payload_len = 0;
1148 	int rc;
1149 
1150 	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1151 	if (rc) {
1152 		printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1153 		       auth_tok->token_type);
1154 		goto out;
1155 	}
1156 	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1157 				 &payload, &payload_len);
1158 	if (rc) {
1159 		ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1160 		goto out;
1161 	}
1162 	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1163 	if (rc) {
1164 		ecryptfs_printk(KERN_ERR, "Error sending message to "
1165 				"ecryptfsd: %d\n", rc);
1166 		goto out;
1167 	}
1168 	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1169 	if (rc) {
1170 		ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1171 				"from the user space daemon\n");
1172 		rc = -EIO;
1173 		goto out;
1174 	}
1175 	rc = parse_tag_65_packet(&(auth_tok->session_key),
1176 				 &cipher_code, msg);
1177 	if (rc) {
1178 		printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1179 		       rc);
1180 		goto out;
1181 	}
1182 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1183 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1184 	       auth_tok->session_key.decrypted_key_size);
1185 	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1186 	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1187 	if (rc) {
1188 		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1189 				cipher_code)
1190 		goto out;
1191 	}
1192 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1193 	if (ecryptfs_verbosity > 0) {
1194 		ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1195 		ecryptfs_dump_hex(crypt_stat->key,
1196 				  crypt_stat->key_size);
1197 	}
1198 out:
1199 	kfree(msg);
1200 	kfree(payload);
1201 	return rc;
1202 }
1203 
1204 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1205 {
1206 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1207 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1208 
1209 	list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1210 				 auth_tok_list_head, list) {
1211 		list_del(&auth_tok_list_item->list);
1212 		kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1213 				auth_tok_list_item);
1214 	}
1215 }
1216 
1217 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1218 
1219 /**
1220  * parse_tag_1_packet
1221  * @crypt_stat: The cryptographic context to modify based on packet contents
1222  * @data: The raw bytes of the packet.
1223  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1224  *                 a new authentication token will be placed at the
1225  *                 end of this list for this packet.
1226  * @new_auth_tok: Pointer to a pointer to memory that this function
1227  *                allocates; sets the memory address of the pointer to
1228  *                NULL on error. This object is added to the
1229  *                auth_tok_list.
1230  * @packet_size: This function writes the size of the parsed packet
1231  *               into this memory location; zero on error.
1232  * @max_packet_size: The maximum allowable packet size
1233  *
1234  * Returns zero on success; non-zero on error.
1235  */
1236 static int
1237 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1238 		   unsigned char *data, struct list_head *auth_tok_list,
1239 		   struct ecryptfs_auth_tok **new_auth_tok,
1240 		   size_t *packet_size, size_t max_packet_size)
1241 {
1242 	size_t body_size;
1243 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1244 	size_t length_size;
1245 	int rc = 0;
1246 
1247 	(*packet_size) = 0;
1248 	(*new_auth_tok) = NULL;
1249 	/**
1250 	 * This format is inspired by OpenPGP; see RFC 2440
1251 	 * packet tag 1
1252 	 *
1253 	 * Tag 1 identifier (1 byte)
1254 	 * Max Tag 1 packet size (max 3 bytes)
1255 	 * Version (1 byte)
1256 	 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1257 	 * Cipher identifier (1 byte)
1258 	 * Encrypted key size (arbitrary)
1259 	 *
1260 	 * 12 bytes minimum packet size
1261 	 */
1262 	if (unlikely(max_packet_size < 12)) {
1263 		printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1264 		rc = -EINVAL;
1265 		goto out;
1266 	}
1267 	if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1268 		printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1269 		       ECRYPTFS_TAG_1_PACKET_TYPE);
1270 		rc = -EINVAL;
1271 		goto out;
1272 	}
1273 	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1274 	 * at end of function upon failure */
1275 	auth_tok_list_item =
1276 		kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1277 				  GFP_KERNEL);
1278 	if (!auth_tok_list_item) {
1279 		printk(KERN_ERR "Unable to allocate memory\n");
1280 		rc = -ENOMEM;
1281 		goto out;
1282 	}
1283 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1284 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1285 					  &length_size);
1286 	if (rc) {
1287 		printk(KERN_WARNING "Error parsing packet length; "
1288 		       "rc = [%d]\n", rc);
1289 		goto out_free;
1290 	}
1291 	if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1292 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1293 		rc = -EINVAL;
1294 		goto out_free;
1295 	}
1296 	(*packet_size) += length_size;
1297 	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1298 		printk(KERN_WARNING "Packet size exceeds max\n");
1299 		rc = -EINVAL;
1300 		goto out_free;
1301 	}
1302 	if (unlikely(data[(*packet_size)++] != 0x03)) {
1303 		printk(KERN_WARNING "Unknown version number [%d]\n",
1304 		       data[(*packet_size) - 1]);
1305 		rc = -EINVAL;
1306 		goto out_free;
1307 	}
1308 	ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1309 			&data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1310 	*packet_size += ECRYPTFS_SIG_SIZE;
1311 	/* This byte is skipped because the kernel does not need to
1312 	 * know which public key encryption algorithm was used */
1313 	(*packet_size)++;
1314 	(*new_auth_tok)->session_key.encrypted_key_size =
1315 		body_size - (ECRYPTFS_SIG_SIZE + 2);
1316 	if ((*new_auth_tok)->session_key.encrypted_key_size
1317 	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1318 		printk(KERN_WARNING "Tag 1 packet contains key larger "
1319 		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1320 		rc = -EINVAL;
1321 		goto out;
1322 	}
1323 	memcpy((*new_auth_tok)->session_key.encrypted_key,
1324 	       &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1325 	(*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1326 	(*new_auth_tok)->session_key.flags &=
1327 		~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1328 	(*new_auth_tok)->session_key.flags |=
1329 		ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1330 	(*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1331 	(*new_auth_tok)->flags = 0;
1332 	(*new_auth_tok)->session_key.flags &=
1333 		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1334 	(*new_auth_tok)->session_key.flags &=
1335 		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1336 	list_add(&auth_tok_list_item->list, auth_tok_list);
1337 	goto out;
1338 out_free:
1339 	(*new_auth_tok) = NULL;
1340 	memset(auth_tok_list_item, 0,
1341 	       sizeof(struct ecryptfs_auth_tok_list_item));
1342 	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1343 			auth_tok_list_item);
1344 out:
1345 	if (rc)
1346 		(*packet_size) = 0;
1347 	return rc;
1348 }
1349 
1350 /**
1351  * parse_tag_3_packet
1352  * @crypt_stat: The cryptographic context to modify based on packet
1353  *              contents.
1354  * @data: The raw bytes of the packet.
1355  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1356  *                 a new authentication token will be placed at the end
1357  *                 of this list for this packet.
1358  * @new_auth_tok: Pointer to a pointer to memory that this function
1359  *                allocates; sets the memory address of the pointer to
1360  *                NULL on error. This object is added to the
1361  *                auth_tok_list.
1362  * @packet_size: This function writes the size of the parsed packet
1363  *               into this memory location; zero on error.
1364  * @max_packet_size: maximum number of bytes to parse
1365  *
1366  * Returns zero on success; non-zero on error.
1367  */
1368 static int
1369 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1370 		   unsigned char *data, struct list_head *auth_tok_list,
1371 		   struct ecryptfs_auth_tok **new_auth_tok,
1372 		   size_t *packet_size, size_t max_packet_size)
1373 {
1374 	size_t body_size;
1375 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1376 	size_t length_size;
1377 	int rc = 0;
1378 
1379 	(*packet_size) = 0;
1380 	(*new_auth_tok) = NULL;
1381 	/**
1382 	 *This format is inspired by OpenPGP; see RFC 2440
1383 	 * packet tag 3
1384 	 *
1385 	 * Tag 3 identifier (1 byte)
1386 	 * Max Tag 3 packet size (max 3 bytes)
1387 	 * Version (1 byte)
1388 	 * Cipher code (1 byte)
1389 	 * S2K specifier (1 byte)
1390 	 * Hash identifier (1 byte)
1391 	 * Salt (ECRYPTFS_SALT_SIZE)
1392 	 * Hash iterations (1 byte)
1393 	 * Encrypted key (arbitrary)
1394 	 *
1395 	 * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1396 	 */
1397 	if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1398 		printk(KERN_ERR "Max packet size too large\n");
1399 		rc = -EINVAL;
1400 		goto out;
1401 	}
1402 	if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1403 		printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1404 		       ECRYPTFS_TAG_3_PACKET_TYPE);
1405 		rc = -EINVAL;
1406 		goto out;
1407 	}
1408 	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1409 	 * at end of function upon failure */
1410 	auth_tok_list_item =
1411 	    kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1412 	if (!auth_tok_list_item) {
1413 		printk(KERN_ERR "Unable to allocate memory\n");
1414 		rc = -ENOMEM;
1415 		goto out;
1416 	}
1417 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
1418 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1419 					  &length_size);
1420 	if (rc) {
1421 		printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1422 		       rc);
1423 		goto out_free;
1424 	}
1425 	if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1426 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1427 		rc = -EINVAL;
1428 		goto out_free;
1429 	}
1430 	(*packet_size) += length_size;
1431 	if (unlikely((*packet_size) + body_size > max_packet_size)) {
1432 		printk(KERN_ERR "Packet size exceeds max\n");
1433 		rc = -EINVAL;
1434 		goto out_free;
1435 	}
1436 	(*new_auth_tok)->session_key.encrypted_key_size =
1437 		(body_size - (ECRYPTFS_SALT_SIZE + 5));
1438 	if ((*new_auth_tok)->session_key.encrypted_key_size
1439 	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1440 		printk(KERN_WARNING "Tag 3 packet contains key larger "
1441 		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1442 		rc = -EINVAL;
1443 		goto out_free;
1444 	}
1445 	if (unlikely(data[(*packet_size)++] != 0x04)) {
1446 		printk(KERN_WARNING "Unknown version number [%d]\n",
1447 		       data[(*packet_size) - 1]);
1448 		rc = -EINVAL;
1449 		goto out_free;
1450 	}
1451 	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1452 					    (u16)data[(*packet_size)]);
1453 	if (rc)
1454 		goto out_free;
1455 	/* A little extra work to differentiate among the AES key
1456 	 * sizes; see RFC2440 */
1457 	switch(data[(*packet_size)++]) {
1458 	case RFC2440_CIPHER_AES_192:
1459 		crypt_stat->key_size = 24;
1460 		break;
1461 	default:
1462 		crypt_stat->key_size =
1463 			(*new_auth_tok)->session_key.encrypted_key_size;
1464 	}
1465 	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1466 	if (rc)
1467 		goto out_free;
1468 	if (unlikely(data[(*packet_size)++] != 0x03)) {
1469 		printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1470 		rc = -ENOSYS;
1471 		goto out_free;
1472 	}
1473 	/* TODO: finish the hash mapping */
1474 	switch (data[(*packet_size)++]) {
1475 	case 0x01: /* See RFC2440 for these numbers and their mappings */
1476 		/* Choose MD5 */
1477 		memcpy((*new_auth_tok)->token.password.salt,
1478 		       &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1479 		(*packet_size) += ECRYPTFS_SALT_SIZE;
1480 		/* This conversion was taken straight from RFC2440 */
1481 		(*new_auth_tok)->token.password.hash_iterations =
1482 			((u32) 16 + (data[(*packet_size)] & 15))
1483 				<< ((data[(*packet_size)] >> 4) + 6);
1484 		(*packet_size)++;
1485 		/* Friendly reminder:
1486 		 * (*new_auth_tok)->session_key.encrypted_key_size =
1487 		 *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1488 		memcpy((*new_auth_tok)->session_key.encrypted_key,
1489 		       &data[(*packet_size)],
1490 		       (*new_auth_tok)->session_key.encrypted_key_size);
1491 		(*packet_size) +=
1492 			(*new_auth_tok)->session_key.encrypted_key_size;
1493 		(*new_auth_tok)->session_key.flags &=
1494 			~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1495 		(*new_auth_tok)->session_key.flags |=
1496 			ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1497 		(*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1498 		break;
1499 	default:
1500 		ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1501 				"[%d]\n", data[(*packet_size) - 1]);
1502 		rc = -ENOSYS;
1503 		goto out_free;
1504 	}
1505 	(*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1506 	/* TODO: Parametarize; we might actually want userspace to
1507 	 * decrypt the session key. */
1508 	(*new_auth_tok)->session_key.flags &=
1509 			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1510 	(*new_auth_tok)->session_key.flags &=
1511 			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1512 	list_add(&auth_tok_list_item->list, auth_tok_list);
1513 	goto out;
1514 out_free:
1515 	(*new_auth_tok) = NULL;
1516 	memset(auth_tok_list_item, 0,
1517 	       sizeof(struct ecryptfs_auth_tok_list_item));
1518 	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1519 			auth_tok_list_item);
1520 out:
1521 	if (rc)
1522 		(*packet_size) = 0;
1523 	return rc;
1524 }
1525 
1526 /**
1527  * parse_tag_11_packet
1528  * @data: The raw bytes of the packet
1529  * @contents: This function writes the data contents of the literal
1530  *            packet into this memory location
1531  * @max_contents_bytes: The maximum number of bytes that this function
1532  *                      is allowed to write into contents
1533  * @tag_11_contents_size: This function writes the size of the parsed
1534  *                        contents into this memory location; zero on
1535  *                        error
1536  * @packet_size: This function writes the size of the parsed packet
1537  *               into this memory location; zero on error
1538  * @max_packet_size: maximum number of bytes to parse
1539  *
1540  * Returns zero on success; non-zero on error.
1541  */
1542 static int
1543 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1544 		    size_t max_contents_bytes, size_t *tag_11_contents_size,
1545 		    size_t *packet_size, size_t max_packet_size)
1546 {
1547 	size_t body_size;
1548 	size_t length_size;
1549 	int rc = 0;
1550 
1551 	(*packet_size) = 0;
1552 	(*tag_11_contents_size) = 0;
1553 	/* This format is inspired by OpenPGP; see RFC 2440
1554 	 * packet tag 11
1555 	 *
1556 	 * Tag 11 identifier (1 byte)
1557 	 * Max Tag 11 packet size (max 3 bytes)
1558 	 * Binary format specifier (1 byte)
1559 	 * Filename length (1 byte)
1560 	 * Filename ("_CONSOLE") (8 bytes)
1561 	 * Modification date (4 bytes)
1562 	 * Literal data (arbitrary)
1563 	 *
1564 	 * We need at least 16 bytes of data for the packet to even be
1565 	 * valid.
1566 	 */
1567 	if (max_packet_size < 16) {
1568 		printk(KERN_ERR "Maximum packet size too small\n");
1569 		rc = -EINVAL;
1570 		goto out;
1571 	}
1572 	if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1573 		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1574 		rc = -EINVAL;
1575 		goto out;
1576 	}
1577 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1578 					  &length_size);
1579 	if (rc) {
1580 		printk(KERN_WARNING "Invalid tag 11 packet format\n");
1581 		goto out;
1582 	}
1583 	if (body_size < 14) {
1584 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1585 		rc = -EINVAL;
1586 		goto out;
1587 	}
1588 	(*packet_size) += length_size;
1589 	(*tag_11_contents_size) = (body_size - 14);
1590 	if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1591 		printk(KERN_ERR "Packet size exceeds max\n");
1592 		rc = -EINVAL;
1593 		goto out;
1594 	}
1595 	if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1596 		printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1597 		       "expected size\n");
1598 		rc = -EINVAL;
1599 		goto out;
1600 	}
1601 	if (data[(*packet_size)++] != 0x62) {
1602 		printk(KERN_WARNING "Unrecognizable packet\n");
1603 		rc = -EINVAL;
1604 		goto out;
1605 	}
1606 	if (data[(*packet_size)++] != 0x08) {
1607 		printk(KERN_WARNING "Unrecognizable packet\n");
1608 		rc = -EINVAL;
1609 		goto out;
1610 	}
1611 	(*packet_size) += 12; /* Ignore filename and modification date */
1612 	memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1613 	(*packet_size) += (*tag_11_contents_size);
1614 out:
1615 	if (rc) {
1616 		(*packet_size) = 0;
1617 		(*tag_11_contents_size) = 0;
1618 	}
1619 	return rc;
1620 }
1621 
1622 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1623 				      struct ecryptfs_auth_tok **auth_tok,
1624 				      char *sig)
1625 {
1626 	int rc = 0;
1627 
1628 	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1629 	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1630 		(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
1631 		if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1632 			printk(KERN_ERR "Could not find key with description: [%s]\n",
1633 			      sig);
1634 			rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1635 			(*auth_tok_key) = NULL;
1636 			goto out;
1637 		}
1638 	}
1639 	down_write(&(*auth_tok_key)->sem);
1640 	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1641 	if (rc) {
1642 		up_write(&(*auth_tok_key)->sem);
1643 		key_put(*auth_tok_key);
1644 		(*auth_tok_key) = NULL;
1645 		goto out;
1646 	}
1647 out:
1648 	return rc;
1649 }
1650 
1651 /**
1652  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1653  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1654  * @crypt_stat: The cryptographic context
1655  *
1656  * Returns zero on success; non-zero error otherwise
1657  */
1658 static int
1659 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1660 					 struct ecryptfs_crypt_stat *crypt_stat)
1661 {
1662 	struct scatterlist dst_sg[2];
1663 	struct scatterlist src_sg[2];
1664 	struct mutex *tfm_mutex;
1665 	struct crypto_skcipher *tfm;
1666 	struct skcipher_request *req = NULL;
1667 	int rc = 0;
1668 
1669 	if (unlikely(ecryptfs_verbosity > 0)) {
1670 		ecryptfs_printk(
1671 			KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1672 			auth_tok->token.password.session_key_encryption_key_bytes);
1673 		ecryptfs_dump_hex(
1674 			auth_tok->token.password.session_key_encryption_key,
1675 			auth_tok->token.password.session_key_encryption_key_bytes);
1676 	}
1677 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
1678 							crypt_stat->cipher);
1679 	if (unlikely(rc)) {
1680 		printk(KERN_ERR "Internal error whilst attempting to get "
1681 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1682 		       crypt_stat->cipher, rc);
1683 		goto out;
1684 	}
1685 	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1686 				 auth_tok->session_key.encrypted_key_size,
1687 				 src_sg, 2);
1688 	if (rc < 1 || rc > 2) {
1689 		printk(KERN_ERR "Internal error whilst attempting to convert "
1690 			"auth_tok->session_key.encrypted_key to scatterlist; "
1691 			"expected rc = 1; got rc = [%d]. "
1692 		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1693 			auth_tok->session_key.encrypted_key_size);
1694 		goto out;
1695 	}
1696 	auth_tok->session_key.decrypted_key_size =
1697 		auth_tok->session_key.encrypted_key_size;
1698 	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1699 				 auth_tok->session_key.decrypted_key_size,
1700 				 dst_sg, 2);
1701 	if (rc < 1 || rc > 2) {
1702 		printk(KERN_ERR "Internal error whilst attempting to convert "
1703 			"auth_tok->session_key.decrypted_key to scatterlist; "
1704 			"expected rc = 1; got rc = [%d]\n", rc);
1705 		goto out;
1706 	}
1707 	mutex_lock(tfm_mutex);
1708 	req = skcipher_request_alloc(tfm, GFP_KERNEL);
1709 	if (!req) {
1710 		mutex_unlock(tfm_mutex);
1711 		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
1712 		       "skcipher_request_alloc for %s\n", __func__,
1713 		       crypto_skcipher_driver_name(tfm));
1714 		rc = -ENOMEM;
1715 		goto out;
1716 	}
1717 
1718 	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1719 				      NULL, NULL);
1720 	rc = crypto_skcipher_setkey(
1721 		tfm, auth_tok->token.password.session_key_encryption_key,
1722 		crypt_stat->key_size);
1723 	if (unlikely(rc < 0)) {
1724 		mutex_unlock(tfm_mutex);
1725 		printk(KERN_ERR "Error setting key for crypto context\n");
1726 		rc = -EINVAL;
1727 		goto out;
1728 	}
1729 	skcipher_request_set_crypt(req, src_sg, dst_sg,
1730 				   auth_tok->session_key.encrypted_key_size,
1731 				   NULL);
1732 	rc = crypto_skcipher_decrypt(req);
1733 	mutex_unlock(tfm_mutex);
1734 	if (unlikely(rc)) {
1735 		printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1736 		goto out;
1737 	}
1738 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1739 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1740 	       auth_tok->session_key.decrypted_key_size);
1741 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1742 	if (unlikely(ecryptfs_verbosity > 0)) {
1743 		ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1744 				crypt_stat->key_size);
1745 		ecryptfs_dump_hex(crypt_stat->key,
1746 				  crypt_stat->key_size);
1747 	}
1748 out:
1749 	skcipher_request_free(req);
1750 	return rc;
1751 }
1752 
1753 /**
1754  * ecryptfs_parse_packet_set
1755  * @crypt_stat: The cryptographic context
1756  * @src: Virtual address of region of memory containing the packets
1757  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1758  *
1759  * Get crypt_stat to have the file's session key if the requisite key
1760  * is available to decrypt the session key.
1761  *
1762  * Returns Zero if a valid authentication token was retrieved and
1763  * processed; negative value for file not encrypted or for error
1764  * conditions.
1765  */
1766 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1767 			      unsigned char *src,
1768 			      struct dentry *ecryptfs_dentry)
1769 {
1770 	size_t i = 0;
1771 	size_t found_auth_tok;
1772 	size_t next_packet_is_auth_tok_packet;
1773 	struct list_head auth_tok_list;
1774 	struct ecryptfs_auth_tok *matching_auth_tok;
1775 	struct ecryptfs_auth_tok *candidate_auth_tok;
1776 	char *candidate_auth_tok_sig;
1777 	size_t packet_size;
1778 	struct ecryptfs_auth_tok *new_auth_tok;
1779 	unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1780 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1781 	size_t tag_11_contents_size;
1782 	size_t tag_11_packet_size;
1783 	struct key *auth_tok_key = NULL;
1784 	int rc = 0;
1785 
1786 	INIT_LIST_HEAD(&auth_tok_list);
1787 	/* Parse the header to find as many packets as we can; these will be
1788 	 * added the our &auth_tok_list */
1789 	next_packet_is_auth_tok_packet = 1;
1790 	while (next_packet_is_auth_tok_packet) {
1791 		size_t max_packet_size = ((PAGE_SIZE - 8) - i);
1792 
1793 		switch (src[i]) {
1794 		case ECRYPTFS_TAG_3_PACKET_TYPE:
1795 			rc = parse_tag_3_packet(crypt_stat,
1796 						(unsigned char *)&src[i],
1797 						&auth_tok_list, &new_auth_tok,
1798 						&packet_size, max_packet_size);
1799 			if (rc) {
1800 				ecryptfs_printk(KERN_ERR, "Error parsing "
1801 						"tag 3 packet\n");
1802 				rc = -EIO;
1803 				goto out_wipe_list;
1804 			}
1805 			i += packet_size;
1806 			rc = parse_tag_11_packet((unsigned char *)&src[i],
1807 						 sig_tmp_space,
1808 						 ECRYPTFS_SIG_SIZE,
1809 						 &tag_11_contents_size,
1810 						 &tag_11_packet_size,
1811 						 max_packet_size);
1812 			if (rc) {
1813 				ecryptfs_printk(KERN_ERR, "No valid "
1814 						"(ecryptfs-specific) literal "
1815 						"packet containing "
1816 						"authentication token "
1817 						"signature found after "
1818 						"tag 3 packet\n");
1819 				rc = -EIO;
1820 				goto out_wipe_list;
1821 			}
1822 			i += tag_11_packet_size;
1823 			if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1824 				ecryptfs_printk(KERN_ERR, "Expected "
1825 						"signature of size [%d]; "
1826 						"read size [%zd]\n",
1827 						ECRYPTFS_SIG_SIZE,
1828 						tag_11_contents_size);
1829 				rc = -EIO;
1830 				goto out_wipe_list;
1831 			}
1832 			ecryptfs_to_hex(new_auth_tok->token.password.signature,
1833 					sig_tmp_space, tag_11_contents_size);
1834 			new_auth_tok->token.password.signature[
1835 				ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1836 			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1837 			break;
1838 		case ECRYPTFS_TAG_1_PACKET_TYPE:
1839 			rc = parse_tag_1_packet(crypt_stat,
1840 						(unsigned char *)&src[i],
1841 						&auth_tok_list, &new_auth_tok,
1842 						&packet_size, max_packet_size);
1843 			if (rc) {
1844 				ecryptfs_printk(KERN_ERR, "Error parsing "
1845 						"tag 1 packet\n");
1846 				rc = -EIO;
1847 				goto out_wipe_list;
1848 			}
1849 			i += packet_size;
1850 			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1851 			break;
1852 		case ECRYPTFS_TAG_11_PACKET_TYPE:
1853 			ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1854 					"(Tag 11 not allowed by itself)\n");
1855 			rc = -EIO;
1856 			goto out_wipe_list;
1857 		default:
1858 			ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1859 					"of the file header; hex value of "
1860 					"character is [0x%.2x]\n", i, src[i]);
1861 			next_packet_is_auth_tok_packet = 0;
1862 		}
1863 	}
1864 	if (list_empty(&auth_tok_list)) {
1865 		printk(KERN_ERR "The lower file appears to be a non-encrypted "
1866 		       "eCryptfs file; this is not supported in this version "
1867 		       "of the eCryptfs kernel module\n");
1868 		rc = -EINVAL;
1869 		goto out;
1870 	}
1871 	/* auth_tok_list contains the set of authentication tokens
1872 	 * parsed from the metadata. We need to find a matching
1873 	 * authentication token that has the secret component(s)
1874 	 * necessary to decrypt the EFEK in the auth_tok parsed from
1875 	 * the metadata. There may be several potential matches, but
1876 	 * just one will be sufficient to decrypt to get the FEK. */
1877 find_next_matching_auth_tok:
1878 	found_auth_tok = 0;
1879 	list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1880 		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1881 		if (unlikely(ecryptfs_verbosity > 0)) {
1882 			ecryptfs_printk(KERN_DEBUG,
1883 					"Considering cadidate auth tok:\n");
1884 			ecryptfs_dump_auth_tok(candidate_auth_tok);
1885 		}
1886 		rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1887 					       candidate_auth_tok);
1888 		if (rc) {
1889 			printk(KERN_ERR
1890 			       "Unrecognized candidate auth tok type: [%d]\n",
1891 			       candidate_auth_tok->token_type);
1892 			rc = -EINVAL;
1893 			goto out_wipe_list;
1894 		}
1895 		rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1896 					       &matching_auth_tok,
1897 					       crypt_stat->mount_crypt_stat,
1898 					       candidate_auth_tok_sig);
1899 		if (!rc) {
1900 			found_auth_tok = 1;
1901 			goto found_matching_auth_tok;
1902 		}
1903 	}
1904 	if (!found_auth_tok) {
1905 		ecryptfs_printk(KERN_ERR, "Could not find a usable "
1906 				"authentication token\n");
1907 		rc = -EIO;
1908 		goto out_wipe_list;
1909 	}
1910 found_matching_auth_tok:
1911 	if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1912 		memcpy(&(candidate_auth_tok->token.private_key),
1913 		       &(matching_auth_tok->token.private_key),
1914 		       sizeof(struct ecryptfs_private_key));
1915 		up_write(&(auth_tok_key->sem));
1916 		key_put(auth_tok_key);
1917 		rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1918 						       crypt_stat);
1919 	} else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1920 		memcpy(&(candidate_auth_tok->token.password),
1921 		       &(matching_auth_tok->token.password),
1922 		       sizeof(struct ecryptfs_password));
1923 		up_write(&(auth_tok_key->sem));
1924 		key_put(auth_tok_key);
1925 		rc = decrypt_passphrase_encrypted_session_key(
1926 			candidate_auth_tok, crypt_stat);
1927 	} else {
1928 		up_write(&(auth_tok_key->sem));
1929 		key_put(auth_tok_key);
1930 		rc = -EINVAL;
1931 	}
1932 	if (rc) {
1933 		struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1934 
1935 		ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1936 				"session key for authentication token with sig "
1937 				"[%.*s]; rc = [%d]. Removing auth tok "
1938 				"candidate from the list and searching for "
1939 				"the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1940 				candidate_auth_tok_sig,	rc);
1941 		list_for_each_entry_safe(auth_tok_list_item,
1942 					 auth_tok_list_item_tmp,
1943 					 &auth_tok_list, list) {
1944 			if (candidate_auth_tok
1945 			    == &auth_tok_list_item->auth_tok) {
1946 				list_del(&auth_tok_list_item->list);
1947 				kmem_cache_free(
1948 					ecryptfs_auth_tok_list_item_cache,
1949 					auth_tok_list_item);
1950 				goto find_next_matching_auth_tok;
1951 			}
1952 		}
1953 		BUG();
1954 	}
1955 	rc = ecryptfs_compute_root_iv(crypt_stat);
1956 	if (rc) {
1957 		ecryptfs_printk(KERN_ERR, "Error computing "
1958 				"the root IV\n");
1959 		goto out_wipe_list;
1960 	}
1961 	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1962 	if (rc) {
1963 		ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1964 				"context for cipher [%s]; rc = [%d]\n",
1965 				crypt_stat->cipher, rc);
1966 	}
1967 out_wipe_list:
1968 	wipe_auth_tok_list(&auth_tok_list);
1969 out:
1970 	return rc;
1971 }
1972 
1973 static int
1974 pki_encrypt_session_key(struct key *auth_tok_key,
1975 			struct ecryptfs_auth_tok *auth_tok,
1976 			struct ecryptfs_crypt_stat *crypt_stat,
1977 			struct ecryptfs_key_record *key_rec)
1978 {
1979 	struct ecryptfs_msg_ctx *msg_ctx = NULL;
1980 	char *payload = NULL;
1981 	size_t payload_len = 0;
1982 	struct ecryptfs_message *msg;
1983 	int rc;
1984 
1985 	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1986 				 ecryptfs_code_for_cipher_string(
1987 					 crypt_stat->cipher,
1988 					 crypt_stat->key_size),
1989 				 crypt_stat, &payload, &payload_len);
1990 	up_write(&(auth_tok_key->sem));
1991 	key_put(auth_tok_key);
1992 	if (rc) {
1993 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1994 		goto out;
1995 	}
1996 	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1997 	if (rc) {
1998 		ecryptfs_printk(KERN_ERR, "Error sending message to "
1999 				"ecryptfsd: %d\n", rc);
2000 		goto out;
2001 	}
2002 	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
2003 	if (rc) {
2004 		ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
2005 				"from the user space daemon\n");
2006 		rc = -EIO;
2007 		goto out;
2008 	}
2009 	rc = parse_tag_67_packet(key_rec, msg);
2010 	if (rc)
2011 		ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
2012 	kfree(msg);
2013 out:
2014 	kfree(payload);
2015 	return rc;
2016 }
2017 /**
2018  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
2019  * @dest: Buffer into which to write the packet
2020  * @remaining_bytes: Maximum number of bytes that can be writtn
2021  * @auth_tok_key: The authentication token key to unlock and put when done with
2022  *                @auth_tok
2023  * @auth_tok: The authentication token used for generating the tag 1 packet
2024  * @crypt_stat: The cryptographic context
2025  * @key_rec: The key record struct for the tag 1 packet
2026  * @packet_size: This function will write the number of bytes that end
2027  *               up constituting the packet; set to zero on error
2028  *
2029  * Returns zero on success; non-zero on error.
2030  */
2031 static int
2032 write_tag_1_packet(char *dest, size_t *remaining_bytes,
2033 		   struct key *auth_tok_key, struct ecryptfs_auth_tok *auth_tok,
2034 		   struct ecryptfs_crypt_stat *crypt_stat,
2035 		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2036 {
2037 	size_t i;
2038 	size_t encrypted_session_key_valid = 0;
2039 	size_t packet_size_length;
2040 	size_t max_packet_size;
2041 	int rc = 0;
2042 
2043 	(*packet_size) = 0;
2044 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
2045 			  ECRYPTFS_SIG_SIZE);
2046 	encrypted_session_key_valid = 0;
2047 	for (i = 0; i < crypt_stat->key_size; i++)
2048 		encrypted_session_key_valid |=
2049 			auth_tok->session_key.encrypted_key[i];
2050 	if (encrypted_session_key_valid) {
2051 		memcpy(key_rec->enc_key,
2052 		       auth_tok->session_key.encrypted_key,
2053 		       auth_tok->session_key.encrypted_key_size);
2054 		up_write(&(auth_tok_key->sem));
2055 		key_put(auth_tok_key);
2056 		goto encrypted_session_key_set;
2057 	}
2058 	if (auth_tok->session_key.encrypted_key_size == 0)
2059 		auth_tok->session_key.encrypted_key_size =
2060 			auth_tok->token.private_key.key_size;
2061 	rc = pki_encrypt_session_key(auth_tok_key, auth_tok, crypt_stat,
2062 				     key_rec);
2063 	if (rc) {
2064 		printk(KERN_ERR "Failed to encrypt session key via a key "
2065 		       "module; rc = [%d]\n", rc);
2066 		goto out;
2067 	}
2068 	if (ecryptfs_verbosity > 0) {
2069 		ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
2070 		ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
2071 	}
2072 encrypted_session_key_set:
2073 	/* This format is inspired by OpenPGP; see RFC 2440
2074 	 * packet tag 1 */
2075 	max_packet_size = (1                         /* Tag 1 identifier */
2076 			   + 3                       /* Max Tag 1 packet size */
2077 			   + 1                       /* Version */
2078 			   + ECRYPTFS_SIG_SIZE       /* Key identifier */
2079 			   + 1                       /* Cipher identifier */
2080 			   + key_rec->enc_key_size); /* Encrypted key size */
2081 	if (max_packet_size > (*remaining_bytes)) {
2082 		printk(KERN_ERR "Packet length larger than maximum allowable; "
2083 		       "need up to [%td] bytes, but there are only [%td] "
2084 		       "available\n", max_packet_size, (*remaining_bytes));
2085 		rc = -EINVAL;
2086 		goto out;
2087 	}
2088 	dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2089 	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2090 					  (max_packet_size - 4),
2091 					  &packet_size_length);
2092 	if (rc) {
2093 		ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2094 				"header; cannot generate packet length\n");
2095 		goto out;
2096 	}
2097 	(*packet_size) += packet_size_length;
2098 	dest[(*packet_size)++] = 0x03; /* version 3 */
2099 	memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2100 	(*packet_size) += ECRYPTFS_SIG_SIZE;
2101 	dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2102 	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2103 	       key_rec->enc_key_size);
2104 	(*packet_size) += key_rec->enc_key_size;
2105 out:
2106 	if (rc)
2107 		(*packet_size) = 0;
2108 	else
2109 		(*remaining_bytes) -= (*packet_size);
2110 	return rc;
2111 }
2112 
2113 /**
2114  * write_tag_11_packet
2115  * @dest: Target into which Tag 11 packet is to be written
2116  * @remaining_bytes: Maximum packet length
2117  * @contents: Byte array of contents to copy in
2118  * @contents_length: Number of bytes in contents
2119  * @packet_length: Length of the Tag 11 packet written; zero on error
2120  *
2121  * Returns zero on success; non-zero on error.
2122  */
2123 static int
2124 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2125 		    size_t contents_length, size_t *packet_length)
2126 {
2127 	size_t packet_size_length;
2128 	size_t max_packet_size;
2129 	int rc = 0;
2130 
2131 	(*packet_length) = 0;
2132 	/* This format is inspired by OpenPGP; see RFC 2440
2133 	 * packet tag 11 */
2134 	max_packet_size = (1                   /* Tag 11 identifier */
2135 			   + 3                 /* Max Tag 11 packet size */
2136 			   + 1                 /* Binary format specifier */
2137 			   + 1                 /* Filename length */
2138 			   + 8                 /* Filename ("_CONSOLE") */
2139 			   + 4                 /* Modification date */
2140 			   + contents_length); /* Literal data */
2141 	if (max_packet_size > (*remaining_bytes)) {
2142 		printk(KERN_ERR "Packet length larger than maximum allowable; "
2143 		       "need up to [%td] bytes, but there are only [%td] "
2144 		       "available\n", max_packet_size, (*remaining_bytes));
2145 		rc = -EINVAL;
2146 		goto out;
2147 	}
2148 	dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2149 	rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2150 					  (max_packet_size - 4),
2151 					  &packet_size_length);
2152 	if (rc) {
2153 		printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2154 		       "generate packet length. rc = [%d]\n", rc);
2155 		goto out;
2156 	}
2157 	(*packet_length) += packet_size_length;
2158 	dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2159 	dest[(*packet_length)++] = 8;
2160 	memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2161 	(*packet_length) += 8;
2162 	memset(&dest[(*packet_length)], 0x00, 4);
2163 	(*packet_length) += 4;
2164 	memcpy(&dest[(*packet_length)], contents, contents_length);
2165 	(*packet_length) += contents_length;
2166  out:
2167 	if (rc)
2168 		(*packet_length) = 0;
2169 	else
2170 		(*remaining_bytes) -= (*packet_length);
2171 	return rc;
2172 }
2173 
2174 /**
2175  * write_tag_3_packet
2176  * @dest: Buffer into which to write the packet
2177  * @remaining_bytes: Maximum number of bytes that can be written
2178  * @auth_tok: Authentication token
2179  * @crypt_stat: The cryptographic context
2180  * @key_rec: encrypted key
2181  * @packet_size: This function will write the number of bytes that end
2182  *               up constituting the packet; set to zero on error
2183  *
2184  * Returns zero on success; non-zero on error.
2185  */
2186 static int
2187 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2188 		   struct ecryptfs_auth_tok *auth_tok,
2189 		   struct ecryptfs_crypt_stat *crypt_stat,
2190 		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
2191 {
2192 	size_t i;
2193 	size_t encrypted_session_key_valid = 0;
2194 	char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2195 	struct scatterlist dst_sg[2];
2196 	struct scatterlist src_sg[2];
2197 	struct mutex *tfm_mutex = NULL;
2198 	u8 cipher_code;
2199 	size_t packet_size_length;
2200 	size_t max_packet_size;
2201 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2202 		crypt_stat->mount_crypt_stat;
2203 	struct crypto_skcipher *tfm;
2204 	struct skcipher_request *req;
2205 	int rc = 0;
2206 
2207 	(*packet_size) = 0;
2208 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2209 			  ECRYPTFS_SIG_SIZE);
2210 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex,
2211 							crypt_stat->cipher);
2212 	if (unlikely(rc)) {
2213 		printk(KERN_ERR "Internal error whilst attempting to get "
2214 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2215 		       crypt_stat->cipher, rc);
2216 		goto out;
2217 	}
2218 	if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2219 		printk(KERN_WARNING "No key size specified at mount; "
2220 		       "defaulting to [%d]\n",
2221 		       crypto_skcipher_default_keysize(tfm));
2222 		mount_crypt_stat->global_default_cipher_key_size =
2223 			crypto_skcipher_default_keysize(tfm);
2224 	}
2225 	if (crypt_stat->key_size == 0)
2226 		crypt_stat->key_size =
2227 			mount_crypt_stat->global_default_cipher_key_size;
2228 	if (auth_tok->session_key.encrypted_key_size == 0)
2229 		auth_tok->session_key.encrypted_key_size =
2230 			crypt_stat->key_size;
2231 	if (crypt_stat->key_size == 24
2232 	    && strcmp("aes", crypt_stat->cipher) == 0) {
2233 		memset((crypt_stat->key + 24), 0, 8);
2234 		auth_tok->session_key.encrypted_key_size = 32;
2235 	} else
2236 		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2237 	key_rec->enc_key_size =
2238 		auth_tok->session_key.encrypted_key_size;
2239 	encrypted_session_key_valid = 0;
2240 	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2241 		encrypted_session_key_valid |=
2242 			auth_tok->session_key.encrypted_key[i];
2243 	if (encrypted_session_key_valid) {
2244 		ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2245 				"using auth_tok->session_key.encrypted_key, "
2246 				"where key_rec->enc_key_size = [%zd]\n",
2247 				key_rec->enc_key_size);
2248 		memcpy(key_rec->enc_key,
2249 		       auth_tok->session_key.encrypted_key,
2250 		       key_rec->enc_key_size);
2251 		goto encrypted_session_key_set;
2252 	}
2253 	if (auth_tok->token.password.flags &
2254 	    ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2255 		ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2256 				"session key encryption key of size [%d]\n",
2257 				auth_tok->token.password.
2258 				session_key_encryption_key_bytes);
2259 		memcpy(session_key_encryption_key,
2260 		       auth_tok->token.password.session_key_encryption_key,
2261 		       crypt_stat->key_size);
2262 		ecryptfs_printk(KERN_DEBUG,
2263 				"Cached session key encryption key:\n");
2264 		if (ecryptfs_verbosity > 0)
2265 			ecryptfs_dump_hex(session_key_encryption_key, 16);
2266 	}
2267 	if (unlikely(ecryptfs_verbosity > 0)) {
2268 		ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2269 		ecryptfs_dump_hex(session_key_encryption_key, 16);
2270 	}
2271 	rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2272 				 src_sg, 2);
2273 	if (rc < 1 || rc > 2) {
2274 		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2275 				"for crypt_stat session key; expected rc = 1; "
2276 				"got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2277 				rc, key_rec->enc_key_size);
2278 		rc = -ENOMEM;
2279 		goto out;
2280 	}
2281 	rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2282 				 dst_sg, 2);
2283 	if (rc < 1 || rc > 2) {
2284 		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2285 				"for crypt_stat encrypted session key; "
2286 				"expected rc = 1; got rc = [%d]. "
2287 				"key_rec->enc_key_size = [%zd]\n", rc,
2288 				key_rec->enc_key_size);
2289 		rc = -ENOMEM;
2290 		goto out;
2291 	}
2292 	mutex_lock(tfm_mutex);
2293 	rc = crypto_skcipher_setkey(tfm, session_key_encryption_key,
2294 				    crypt_stat->key_size);
2295 	if (rc < 0) {
2296 		mutex_unlock(tfm_mutex);
2297 		ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2298 				"context; rc = [%d]\n", rc);
2299 		goto out;
2300 	}
2301 
2302 	req = skcipher_request_alloc(tfm, GFP_KERNEL);
2303 	if (!req) {
2304 		mutex_unlock(tfm_mutex);
2305 		ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst "
2306 				"attempting to skcipher_request_alloc for "
2307 				"%s\n", crypto_skcipher_driver_name(tfm));
2308 		rc = -ENOMEM;
2309 		goto out;
2310 	}
2311 
2312 	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
2313 				      NULL, NULL);
2314 
2315 	rc = 0;
2316 	ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2317 			crypt_stat->key_size);
2318 	skcipher_request_set_crypt(req, src_sg, dst_sg,
2319 				   (*key_rec).enc_key_size, NULL);
2320 	rc = crypto_skcipher_encrypt(req);
2321 	mutex_unlock(tfm_mutex);
2322 	skcipher_request_free(req);
2323 	if (rc) {
2324 		printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2325 		goto out;
2326 	}
2327 	ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2328 	if (ecryptfs_verbosity > 0) {
2329 		ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2330 				key_rec->enc_key_size);
2331 		ecryptfs_dump_hex(key_rec->enc_key,
2332 				  key_rec->enc_key_size);
2333 	}
2334 encrypted_session_key_set:
2335 	/* This format is inspired by OpenPGP; see RFC 2440
2336 	 * packet tag 3 */
2337 	max_packet_size = (1                         /* Tag 3 identifier */
2338 			   + 3                       /* Max Tag 3 packet size */
2339 			   + 1                       /* Version */
2340 			   + 1                       /* Cipher code */
2341 			   + 1                       /* S2K specifier */
2342 			   + 1                       /* Hash identifier */
2343 			   + ECRYPTFS_SALT_SIZE      /* Salt */
2344 			   + 1                       /* Hash iterations */
2345 			   + key_rec->enc_key_size); /* Encrypted key size */
2346 	if (max_packet_size > (*remaining_bytes)) {
2347 		printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2348 		       "there are only [%td] available\n", max_packet_size,
2349 		       (*remaining_bytes));
2350 		rc = -EINVAL;
2351 		goto out;
2352 	}
2353 	dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2354 	/* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2355 	 * to get the number of octets in the actual Tag 3 packet */
2356 	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2357 					  (max_packet_size - 4),
2358 					  &packet_size_length);
2359 	if (rc) {
2360 		printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2361 		       "generate packet length. rc = [%d]\n", rc);
2362 		goto out;
2363 	}
2364 	(*packet_size) += packet_size_length;
2365 	dest[(*packet_size)++] = 0x04; /* version 4 */
2366 	/* TODO: Break from RFC2440 so that arbitrary ciphers can be
2367 	 * specified with strings */
2368 	cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2369 						      crypt_stat->key_size);
2370 	if (cipher_code == 0) {
2371 		ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2372 				"cipher [%s]\n", crypt_stat->cipher);
2373 		rc = -EINVAL;
2374 		goto out;
2375 	}
2376 	dest[(*packet_size)++] = cipher_code;
2377 	dest[(*packet_size)++] = 0x03;	/* S2K */
2378 	dest[(*packet_size)++] = 0x01;	/* MD5 (TODO: parameterize) */
2379 	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2380 	       ECRYPTFS_SALT_SIZE);
2381 	(*packet_size) += ECRYPTFS_SALT_SIZE;	/* salt */
2382 	dest[(*packet_size)++] = 0x60;	/* hash iterations (65536) */
2383 	memcpy(&dest[(*packet_size)], key_rec->enc_key,
2384 	       key_rec->enc_key_size);
2385 	(*packet_size) += key_rec->enc_key_size;
2386 out:
2387 	if (rc)
2388 		(*packet_size) = 0;
2389 	else
2390 		(*remaining_bytes) -= (*packet_size);
2391 	return rc;
2392 }
2393 
2394 struct kmem_cache *ecryptfs_key_record_cache;
2395 
2396 /**
2397  * ecryptfs_generate_key_packet_set
2398  * @dest_base: Virtual address from which to write the key record set
2399  * @crypt_stat: The cryptographic context from which the
2400  *              authentication tokens will be retrieved
2401  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2402  *                   for the global parameters
2403  * @len: The amount written
2404  * @max: The maximum amount of data allowed to be written
2405  *
2406  * Generates a key packet set and writes it to the virtual address
2407  * passed in.
2408  *
2409  * Returns zero on success; non-zero on error.
2410  */
2411 int
2412 ecryptfs_generate_key_packet_set(char *dest_base,
2413 				 struct ecryptfs_crypt_stat *crypt_stat,
2414 				 struct dentry *ecryptfs_dentry, size_t *len,
2415 				 size_t max)
2416 {
2417 	struct ecryptfs_auth_tok *auth_tok;
2418 	struct key *auth_tok_key = NULL;
2419 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2420 		&ecryptfs_superblock_to_private(
2421 			ecryptfs_dentry->d_sb)->mount_crypt_stat;
2422 	size_t written;
2423 	struct ecryptfs_key_record *key_rec;
2424 	struct ecryptfs_key_sig *key_sig;
2425 	int rc = 0;
2426 
2427 	(*len) = 0;
2428 	mutex_lock(&crypt_stat->keysig_list_mutex);
2429 	key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2430 	if (!key_rec) {
2431 		rc = -ENOMEM;
2432 		goto out;
2433 	}
2434 	list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2435 			    crypt_stat_list) {
2436 		memset(key_rec, 0, sizeof(*key_rec));
2437 		rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
2438 							   &auth_tok,
2439 							   mount_crypt_stat,
2440 							   key_sig->keysig);
2441 		if (rc) {
2442 			printk(KERN_WARNING "Unable to retrieve auth tok with "
2443 			       "sig = [%s]\n", key_sig->keysig);
2444 			rc = process_find_global_auth_tok_for_sig_err(rc);
2445 			goto out_free;
2446 		}
2447 		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2448 			rc = write_tag_3_packet((dest_base + (*len)),
2449 						&max, auth_tok,
2450 						crypt_stat, key_rec,
2451 						&written);
2452 			up_write(&(auth_tok_key->sem));
2453 			key_put(auth_tok_key);
2454 			if (rc) {
2455 				ecryptfs_printk(KERN_WARNING, "Error "
2456 						"writing tag 3 packet\n");
2457 				goto out_free;
2458 			}
2459 			(*len) += written;
2460 			/* Write auth tok signature packet */
2461 			rc = write_tag_11_packet((dest_base + (*len)), &max,
2462 						 key_rec->sig,
2463 						 ECRYPTFS_SIG_SIZE, &written);
2464 			if (rc) {
2465 				ecryptfs_printk(KERN_ERR, "Error writing "
2466 						"auth tok signature packet\n");
2467 				goto out_free;
2468 			}
2469 			(*len) += written;
2470 		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2471 			rc = write_tag_1_packet(dest_base + (*len), &max,
2472 						auth_tok_key, auth_tok,
2473 						crypt_stat, key_rec, &written);
2474 			if (rc) {
2475 				ecryptfs_printk(KERN_WARNING, "Error "
2476 						"writing tag 1 packet\n");
2477 				goto out_free;
2478 			}
2479 			(*len) += written;
2480 		} else {
2481 			up_write(&(auth_tok_key->sem));
2482 			key_put(auth_tok_key);
2483 			ecryptfs_printk(KERN_WARNING, "Unsupported "
2484 					"authentication token type\n");
2485 			rc = -EINVAL;
2486 			goto out_free;
2487 		}
2488 	}
2489 	if (likely(max > 0)) {
2490 		dest_base[(*len)] = 0x00;
2491 	} else {
2492 		ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2493 		rc = -EIO;
2494 	}
2495 out_free:
2496 	kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2497 out:
2498 	if (rc)
2499 		(*len) = 0;
2500 	mutex_unlock(&crypt_stat->keysig_list_mutex);
2501 	return rc;
2502 }
2503 
2504 struct kmem_cache *ecryptfs_key_sig_cache;
2505 
2506 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2507 {
2508 	struct ecryptfs_key_sig *new_key_sig;
2509 
2510 	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2511 	if (!new_key_sig)
2512 		return -ENOMEM;
2513 
2514 	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2515 	new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2516 	/* Caller must hold keysig_list_mutex */
2517 	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2518 
2519 	return 0;
2520 }
2521 
2522 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2523 
2524 int
2525 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2526 			     char *sig, u32 global_auth_tok_flags)
2527 {
2528 	struct ecryptfs_global_auth_tok *new_auth_tok;
2529 
2530 	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2531 					GFP_KERNEL);
2532 	if (!new_auth_tok)
2533 		return -ENOMEM;
2534 
2535 	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2536 	new_auth_tok->flags = global_auth_tok_flags;
2537 	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2538 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2539 	list_add(&new_auth_tok->mount_crypt_stat_list,
2540 		 &mount_crypt_stat->global_auth_tok_list);
2541 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2542 	return 0;
2543 }
2544 
2545