xref: /openbmc/linux/fs/ecryptfs/keystore.c (revision 9ac8d3fb)
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27 
28 #include <linux/string.h>
29 #include <linux/syscalls.h>
30 #include <linux/pagemap.h>
31 #include <linux/key.h>
32 #include <linux/random.h>
33 #include <linux/crypto.h>
34 #include <linux/scatterlist.h>
35 #include "ecryptfs_kernel.h"
36 
37 /**
38  * request_key returned an error instead of a valid key address;
39  * determine the type of error, make appropriate log entries, and
40  * return an error code.
41  */
42 static int process_request_key_err(long err_code)
43 {
44 	int rc = 0;
45 
46 	switch (err_code) {
47 	case -ENOKEY:
48 		ecryptfs_printk(KERN_WARNING, "No key\n");
49 		rc = -ENOENT;
50 		break;
51 	case -EKEYEXPIRED:
52 		ecryptfs_printk(KERN_WARNING, "Key expired\n");
53 		rc = -ETIME;
54 		break;
55 	case -EKEYREVOKED:
56 		ecryptfs_printk(KERN_WARNING, "Key revoked\n");
57 		rc = -EINVAL;
58 		break;
59 	default:
60 		ecryptfs_printk(KERN_WARNING, "Unknown error code: "
61 				"[0x%.16x]\n", err_code);
62 		rc = -EINVAL;
63 	}
64 	return rc;
65 }
66 
67 /**
68  * ecryptfs_parse_packet_length
69  * @data: Pointer to memory containing length at offset
70  * @size: This function writes the decoded size to this memory
71  *        address; zero on error
72  * @length_size: The number of bytes occupied by the encoded length
73  *
74  * Returns zero on success; non-zero on error
75  */
76 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
77 				 size_t *length_size)
78 {
79 	int rc = 0;
80 
81 	(*length_size) = 0;
82 	(*size) = 0;
83 	if (data[0] < 192) {
84 		/* One-byte length */
85 		(*size) = (unsigned char)data[0];
86 		(*length_size) = 1;
87 	} else if (data[0] < 224) {
88 		/* Two-byte length */
89 		(*size) = (((unsigned char)(data[0]) - 192) * 256);
90 		(*size) += ((unsigned char)(data[1]) + 192);
91 		(*length_size) = 2;
92 	} else if (data[0] == 255) {
93 		/* Five-byte length; we're not supposed to see this */
94 		ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
95 				"supported\n");
96 		rc = -EINVAL;
97 		goto out;
98 	} else {
99 		ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
100 		rc = -EINVAL;
101 		goto out;
102 	}
103 out:
104 	return rc;
105 }
106 
107 /**
108  * ecryptfs_write_packet_length
109  * @dest: The byte array target into which to write the length. Must
110  *        have at least 5 bytes allocated.
111  * @size: The length to write.
112  * @packet_size_length: The number of bytes used to encode the packet
113  *                      length is written to this address.
114  *
115  * Returns zero on success; non-zero on error.
116  */
117 int ecryptfs_write_packet_length(char *dest, size_t size,
118 				 size_t *packet_size_length)
119 {
120 	int rc = 0;
121 
122 	if (size < 192) {
123 		dest[0] = size;
124 		(*packet_size_length) = 1;
125 	} else if (size < 65536) {
126 		dest[0] = (((size - 192) / 256) + 192);
127 		dest[1] = ((size - 192) % 256);
128 		(*packet_size_length) = 2;
129 	} else {
130 		rc = -EINVAL;
131 		ecryptfs_printk(KERN_WARNING,
132 				"Unsupported packet size: [%d]\n", size);
133 	}
134 	return rc;
135 }
136 
137 static int
138 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
139 		    char **packet, size_t *packet_len)
140 {
141 	size_t i = 0;
142 	size_t data_len;
143 	size_t packet_size_len;
144 	char *message;
145 	int rc;
146 
147 	/*
148 	 *              ***** TAG 64 Packet Format *****
149 	 *    | Content Type                       | 1 byte       |
150 	 *    | Key Identifier Size                | 1 or 2 bytes |
151 	 *    | Key Identifier                     | arbitrary    |
152 	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
153 	 *    | Encrypted File Encryption Key      | arbitrary    |
154 	 */
155 	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
156 		    + session_key->encrypted_key_size);
157 	*packet = kmalloc(data_len, GFP_KERNEL);
158 	message = *packet;
159 	if (!message) {
160 		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
161 		rc = -ENOMEM;
162 		goto out;
163 	}
164 	message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
165 	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
166 					  &packet_size_len);
167 	if (rc) {
168 		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
169 				"header; cannot generate packet length\n");
170 		goto out;
171 	}
172 	i += packet_size_len;
173 	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
174 	i += ECRYPTFS_SIG_SIZE_HEX;
175 	rc = ecryptfs_write_packet_length(&message[i],
176 					  session_key->encrypted_key_size,
177 					  &packet_size_len);
178 	if (rc) {
179 		ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
180 				"header; cannot generate packet length\n");
181 		goto out;
182 	}
183 	i += packet_size_len;
184 	memcpy(&message[i], session_key->encrypted_key,
185 	       session_key->encrypted_key_size);
186 	i += session_key->encrypted_key_size;
187 	*packet_len = i;
188 out:
189 	return rc;
190 }
191 
192 static int
193 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
194 		    struct ecryptfs_message *msg)
195 {
196 	size_t i = 0;
197 	char *data;
198 	size_t data_len;
199 	size_t m_size;
200 	size_t message_len;
201 	u16 checksum = 0;
202 	u16 expected_checksum = 0;
203 	int rc;
204 
205 	/*
206 	 *              ***** TAG 65 Packet Format *****
207 	 *         | Content Type             | 1 byte       |
208 	 *         | Status Indicator         | 1 byte       |
209 	 *         | File Encryption Key Size | 1 or 2 bytes |
210 	 *         | File Encryption Key      | arbitrary    |
211 	 */
212 	message_len = msg->data_len;
213 	data = msg->data;
214 	if (message_len < 4) {
215 		rc = -EIO;
216 		goto out;
217 	}
218 	if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
219 		ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
220 		rc = -EIO;
221 		goto out;
222 	}
223 	if (data[i++]) {
224 		ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
225 				"[%d]\n", data[i-1]);
226 		rc = -EIO;
227 		goto out;
228 	}
229 	rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
230 	if (rc) {
231 		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
232 				"rc = [%d]\n", rc);
233 		goto out;
234 	}
235 	i += data_len;
236 	if (message_len < (i + m_size)) {
237 		ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
238 				"is shorter than expected\n");
239 		rc = -EIO;
240 		goto out;
241 	}
242 	if (m_size < 3) {
243 		ecryptfs_printk(KERN_ERR,
244 				"The decrypted key is not long enough to "
245 				"include a cipher code and checksum\n");
246 		rc = -EIO;
247 		goto out;
248 	}
249 	*cipher_code = data[i++];
250 	/* The decrypted key includes 1 byte cipher code and 2 byte checksum */
251 	session_key->decrypted_key_size = m_size - 3;
252 	if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
253 		ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
254 				"the maximum key size [%d]\n",
255 				session_key->decrypted_key_size,
256 				ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
257 		rc = -EIO;
258 		goto out;
259 	}
260 	memcpy(session_key->decrypted_key, &data[i],
261 	       session_key->decrypted_key_size);
262 	i += session_key->decrypted_key_size;
263 	expected_checksum += (unsigned char)(data[i++]) << 8;
264 	expected_checksum += (unsigned char)(data[i++]);
265 	for (i = 0; i < session_key->decrypted_key_size; i++)
266 		checksum += session_key->decrypted_key[i];
267 	if (expected_checksum != checksum) {
268 		ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
269 				"encryption  key; expected [%x]; calculated "
270 				"[%x]\n", expected_checksum, checksum);
271 		rc = -EIO;
272 	}
273 out:
274 	return rc;
275 }
276 
277 
278 static int
279 write_tag_66_packet(char *signature, u8 cipher_code,
280 		    struct ecryptfs_crypt_stat *crypt_stat, char **packet,
281 		    size_t *packet_len)
282 {
283 	size_t i = 0;
284 	size_t j;
285 	size_t data_len;
286 	size_t checksum = 0;
287 	size_t packet_size_len;
288 	char *message;
289 	int rc;
290 
291 	/*
292 	 *              ***** TAG 66 Packet Format *****
293 	 *         | Content Type             | 1 byte       |
294 	 *         | Key Identifier Size      | 1 or 2 bytes |
295 	 *         | Key Identifier           | arbitrary    |
296 	 *         | File Encryption Key Size | 1 or 2 bytes |
297 	 *         | File Encryption Key      | arbitrary    |
298 	 */
299 	data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
300 	*packet = kmalloc(data_len, GFP_KERNEL);
301 	message = *packet;
302 	if (!message) {
303 		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
304 		rc = -ENOMEM;
305 		goto out;
306 	}
307 	message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
308 	rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
309 					  &packet_size_len);
310 	if (rc) {
311 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
312 				"header; cannot generate packet length\n");
313 		goto out;
314 	}
315 	i += packet_size_len;
316 	memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
317 	i += ECRYPTFS_SIG_SIZE_HEX;
318 	/* The encrypted key includes 1 byte cipher code and 2 byte checksum */
319 	rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
320 					  &packet_size_len);
321 	if (rc) {
322 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
323 				"header; cannot generate packet length\n");
324 		goto out;
325 	}
326 	i += packet_size_len;
327 	message[i++] = cipher_code;
328 	memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
329 	i += crypt_stat->key_size;
330 	for (j = 0; j < crypt_stat->key_size; j++)
331 		checksum += crypt_stat->key[j];
332 	message[i++] = (checksum / 256) % 256;
333 	message[i++] = (checksum % 256);
334 	*packet_len = i;
335 out:
336 	return rc;
337 }
338 
339 static int
340 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
341 		    struct ecryptfs_message *msg)
342 {
343 	size_t i = 0;
344 	char *data;
345 	size_t data_len;
346 	size_t message_len;
347 	int rc;
348 
349 	/*
350 	 *              ***** TAG 65 Packet Format *****
351 	 *    | Content Type                       | 1 byte       |
352 	 *    | Status Indicator                   | 1 byte       |
353 	 *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
354 	 *    | Encrypted File Encryption Key      | arbitrary    |
355 	 */
356 	message_len = msg->data_len;
357 	data = msg->data;
358 	/* verify that everything through the encrypted FEK size is present */
359 	if (message_len < 4) {
360 		rc = -EIO;
361 		printk(KERN_ERR "%s: message_len is [%Zd]; minimum acceptable "
362 		       "message length is [%d]\n", __func__, message_len, 4);
363 		goto out;
364 	}
365 	if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
366 		rc = -EIO;
367 		printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
368 		       __func__);
369 		goto out;
370 	}
371 	if (data[i++]) {
372 		rc = -EIO;
373 		printk(KERN_ERR "%s: Status indicator has non zero "
374 		       "value [%d]\n", __func__, data[i-1]);
375 
376 		goto out;
377 	}
378 	rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
379 					  &data_len);
380 	if (rc) {
381 		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
382 				"rc = [%d]\n", rc);
383 		goto out;
384 	}
385 	i += data_len;
386 	if (message_len < (i + key_rec->enc_key_size)) {
387 		rc = -EIO;
388 		printk(KERN_ERR "%s: message_len [%Zd]; max len is [%Zd]\n",
389 		       __func__, message_len, (i + key_rec->enc_key_size));
390 		goto out;
391 	}
392 	if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
393 		rc = -EIO;
394 		printk(KERN_ERR "%s: Encrypted key_size [%Zd] larger than "
395 		       "the maximum key size [%d]\n", __func__,
396 		       key_rec->enc_key_size,
397 		       ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
398 		goto out;
399 	}
400 	memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
401 out:
402 	return rc;
403 }
404 
405 static int
406 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
407 {
408 	int rc = 0;
409 
410 	(*sig) = NULL;
411 	switch (auth_tok->token_type) {
412 	case ECRYPTFS_PASSWORD:
413 		(*sig) = auth_tok->token.password.signature;
414 		break;
415 	case ECRYPTFS_PRIVATE_KEY:
416 		(*sig) = auth_tok->token.private_key.signature;
417 		break;
418 	default:
419 		printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
420 		       auth_tok->token_type);
421 		rc = -EINVAL;
422 	}
423 	return rc;
424 }
425 
426 /**
427  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
428  * @auth_tok: The key authentication token used to decrypt the session key
429  * @crypt_stat: The cryptographic context
430  *
431  * Returns zero on success; non-zero error otherwise.
432  */
433 static int
434 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
435 				  struct ecryptfs_crypt_stat *crypt_stat)
436 {
437 	u8 cipher_code = 0;
438 	struct ecryptfs_msg_ctx *msg_ctx;
439 	struct ecryptfs_message *msg = NULL;
440 	char *auth_tok_sig;
441 	char *payload;
442 	size_t payload_len;
443 	int rc;
444 
445 	rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
446 	if (rc) {
447 		printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
448 		       auth_tok->token_type);
449 		goto out;
450 	}
451 	rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
452 				 &payload, &payload_len);
453 	if (rc) {
454 		ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
455 		goto out;
456 	}
457 	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
458 	if (rc) {
459 		ecryptfs_printk(KERN_ERR, "Error sending message to "
460 				"ecryptfsd\n");
461 		goto out;
462 	}
463 	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
464 	if (rc) {
465 		ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
466 				"from the user space daemon\n");
467 		rc = -EIO;
468 		goto out;
469 	}
470 	rc = parse_tag_65_packet(&(auth_tok->session_key),
471 				 &cipher_code, msg);
472 	if (rc) {
473 		printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
474 		       rc);
475 		goto out;
476 	}
477 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
478 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
479 	       auth_tok->session_key.decrypted_key_size);
480 	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
481 	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
482 	if (rc) {
483 		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
484 				cipher_code)
485 		goto out;
486 	}
487 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
488 	if (ecryptfs_verbosity > 0) {
489 		ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
490 		ecryptfs_dump_hex(crypt_stat->key,
491 				  crypt_stat->key_size);
492 	}
493 out:
494 	if (msg)
495 		kfree(msg);
496 	return rc;
497 }
498 
499 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
500 {
501 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
502 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
503 
504 	list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
505 				 auth_tok_list_head, list) {
506 		list_del(&auth_tok_list_item->list);
507 		kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
508 				auth_tok_list_item);
509 	}
510 }
511 
512 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
513 
514 /**
515  * parse_tag_1_packet
516  * @crypt_stat: The cryptographic context to modify based on packet contents
517  * @data: The raw bytes of the packet.
518  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
519  *                 a new authentication token will be placed at the
520  *                 end of this list for this packet.
521  * @new_auth_tok: Pointer to a pointer to memory that this function
522  *                allocates; sets the memory address of the pointer to
523  *                NULL on error. This object is added to the
524  *                auth_tok_list.
525  * @packet_size: This function writes the size of the parsed packet
526  *               into this memory location; zero on error.
527  * @max_packet_size: The maximum allowable packet size
528  *
529  * Returns zero on success; non-zero on error.
530  */
531 static int
532 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
533 		   unsigned char *data, struct list_head *auth_tok_list,
534 		   struct ecryptfs_auth_tok **new_auth_tok,
535 		   size_t *packet_size, size_t max_packet_size)
536 {
537 	size_t body_size;
538 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
539 	size_t length_size;
540 	int rc = 0;
541 
542 	(*packet_size) = 0;
543 	(*new_auth_tok) = NULL;
544 	/**
545 	 * This format is inspired by OpenPGP; see RFC 2440
546 	 * packet tag 1
547 	 *
548 	 * Tag 1 identifier (1 byte)
549 	 * Max Tag 1 packet size (max 3 bytes)
550 	 * Version (1 byte)
551 	 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
552 	 * Cipher identifier (1 byte)
553 	 * Encrypted key size (arbitrary)
554 	 *
555 	 * 12 bytes minimum packet size
556 	 */
557 	if (unlikely(max_packet_size < 12)) {
558 		printk(KERN_ERR "Invalid max packet size; must be >=12\n");
559 		rc = -EINVAL;
560 		goto out;
561 	}
562 	if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
563 		printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
564 		       ECRYPTFS_TAG_1_PACKET_TYPE);
565 		rc = -EINVAL;
566 		goto out;
567 	}
568 	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
569 	 * at end of function upon failure */
570 	auth_tok_list_item =
571 		kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
572 				  GFP_KERNEL);
573 	if (!auth_tok_list_item) {
574 		printk(KERN_ERR "Unable to allocate memory\n");
575 		rc = -ENOMEM;
576 		goto out;
577 	}
578 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
579 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
580 					  &length_size);
581 	if (rc) {
582 		printk(KERN_WARNING "Error parsing packet length; "
583 		       "rc = [%d]\n", rc);
584 		goto out_free;
585 	}
586 	if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
587 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
588 		rc = -EINVAL;
589 		goto out_free;
590 	}
591 	(*packet_size) += length_size;
592 	if (unlikely((*packet_size) + body_size > max_packet_size)) {
593 		printk(KERN_WARNING "Packet size exceeds max\n");
594 		rc = -EINVAL;
595 		goto out_free;
596 	}
597 	if (unlikely(data[(*packet_size)++] != 0x03)) {
598 		printk(KERN_WARNING "Unknown version number [%d]\n",
599 		       data[(*packet_size) - 1]);
600 		rc = -EINVAL;
601 		goto out_free;
602 	}
603 	ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
604 			&data[(*packet_size)], ECRYPTFS_SIG_SIZE);
605 	*packet_size += ECRYPTFS_SIG_SIZE;
606 	/* This byte is skipped because the kernel does not need to
607 	 * know which public key encryption algorithm was used */
608 	(*packet_size)++;
609 	(*new_auth_tok)->session_key.encrypted_key_size =
610 		body_size - (ECRYPTFS_SIG_SIZE + 2);
611 	if ((*new_auth_tok)->session_key.encrypted_key_size
612 	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
613 		printk(KERN_WARNING "Tag 1 packet contains key larger "
614 		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
615 		rc = -EINVAL;
616 		goto out;
617 	}
618 	memcpy((*new_auth_tok)->session_key.encrypted_key,
619 	       &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
620 	(*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
621 	(*new_auth_tok)->session_key.flags &=
622 		~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
623 	(*new_auth_tok)->session_key.flags |=
624 		ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
625 	(*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
626 	(*new_auth_tok)->flags = 0;
627 	(*new_auth_tok)->session_key.flags &=
628 		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
629 	(*new_auth_tok)->session_key.flags &=
630 		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
631 	list_add(&auth_tok_list_item->list, auth_tok_list);
632 	goto out;
633 out_free:
634 	(*new_auth_tok) = NULL;
635 	memset(auth_tok_list_item, 0,
636 	       sizeof(struct ecryptfs_auth_tok_list_item));
637 	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
638 			auth_tok_list_item);
639 out:
640 	if (rc)
641 		(*packet_size) = 0;
642 	return rc;
643 }
644 
645 /**
646  * parse_tag_3_packet
647  * @crypt_stat: The cryptographic context to modify based on packet
648  *              contents.
649  * @data: The raw bytes of the packet.
650  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
651  *                 a new authentication token will be placed at the end
652  *                 of this list for this packet.
653  * @new_auth_tok: Pointer to a pointer to memory that this function
654  *                allocates; sets the memory address of the pointer to
655  *                NULL on error. This object is added to the
656  *                auth_tok_list.
657  * @packet_size: This function writes the size of the parsed packet
658  *               into this memory location; zero on error.
659  * @max_packet_size: maximum number of bytes to parse
660  *
661  * Returns zero on success; non-zero on error.
662  */
663 static int
664 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
665 		   unsigned char *data, struct list_head *auth_tok_list,
666 		   struct ecryptfs_auth_tok **new_auth_tok,
667 		   size_t *packet_size, size_t max_packet_size)
668 {
669 	size_t body_size;
670 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
671 	size_t length_size;
672 	int rc = 0;
673 
674 	(*packet_size) = 0;
675 	(*new_auth_tok) = NULL;
676 	/**
677 	 *This format is inspired by OpenPGP; see RFC 2440
678 	 * packet tag 3
679 	 *
680 	 * Tag 3 identifier (1 byte)
681 	 * Max Tag 3 packet size (max 3 bytes)
682 	 * Version (1 byte)
683 	 * Cipher code (1 byte)
684 	 * S2K specifier (1 byte)
685 	 * Hash identifier (1 byte)
686 	 * Salt (ECRYPTFS_SALT_SIZE)
687 	 * Hash iterations (1 byte)
688 	 * Encrypted key (arbitrary)
689 	 *
690 	 * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
691 	 */
692 	if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
693 		printk(KERN_ERR "Max packet size too large\n");
694 		rc = -EINVAL;
695 		goto out;
696 	}
697 	if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
698 		printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
699 		       ECRYPTFS_TAG_3_PACKET_TYPE);
700 		rc = -EINVAL;
701 		goto out;
702 	}
703 	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
704 	 * at end of function upon failure */
705 	auth_tok_list_item =
706 	    kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
707 	if (!auth_tok_list_item) {
708 		printk(KERN_ERR "Unable to allocate memory\n");
709 		rc = -ENOMEM;
710 		goto out;
711 	}
712 	(*new_auth_tok) = &auth_tok_list_item->auth_tok;
713 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
714 					  &length_size);
715 	if (rc) {
716 		printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
717 		       rc);
718 		goto out_free;
719 	}
720 	if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
721 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
722 		rc = -EINVAL;
723 		goto out_free;
724 	}
725 	(*packet_size) += length_size;
726 	if (unlikely((*packet_size) + body_size > max_packet_size)) {
727 		printk(KERN_ERR "Packet size exceeds max\n");
728 		rc = -EINVAL;
729 		goto out_free;
730 	}
731 	(*new_auth_tok)->session_key.encrypted_key_size =
732 		(body_size - (ECRYPTFS_SALT_SIZE + 5));
733 	if (unlikely(data[(*packet_size)++] != 0x04)) {
734 		printk(KERN_WARNING "Unknown version number [%d]\n",
735 		       data[(*packet_size) - 1]);
736 		rc = -EINVAL;
737 		goto out_free;
738 	}
739 	ecryptfs_cipher_code_to_string(crypt_stat->cipher,
740 				       (u16)data[(*packet_size)]);
741 	/* A little extra work to differentiate among the AES key
742 	 * sizes; see RFC2440 */
743 	switch(data[(*packet_size)++]) {
744 	case RFC2440_CIPHER_AES_192:
745 		crypt_stat->key_size = 24;
746 		break;
747 	default:
748 		crypt_stat->key_size =
749 			(*new_auth_tok)->session_key.encrypted_key_size;
750 	}
751 	ecryptfs_init_crypt_ctx(crypt_stat);
752 	if (unlikely(data[(*packet_size)++] != 0x03)) {
753 		printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
754 		rc = -ENOSYS;
755 		goto out_free;
756 	}
757 	/* TODO: finish the hash mapping */
758 	switch (data[(*packet_size)++]) {
759 	case 0x01: /* See RFC2440 for these numbers and their mappings */
760 		/* Choose MD5 */
761 		memcpy((*new_auth_tok)->token.password.salt,
762 		       &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
763 		(*packet_size) += ECRYPTFS_SALT_SIZE;
764 		/* This conversion was taken straight from RFC2440 */
765 		(*new_auth_tok)->token.password.hash_iterations =
766 			((u32) 16 + (data[(*packet_size)] & 15))
767 				<< ((data[(*packet_size)] >> 4) + 6);
768 		(*packet_size)++;
769 		/* Friendly reminder:
770 		 * (*new_auth_tok)->session_key.encrypted_key_size =
771 		 *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
772 		memcpy((*new_auth_tok)->session_key.encrypted_key,
773 		       &data[(*packet_size)],
774 		       (*new_auth_tok)->session_key.encrypted_key_size);
775 		(*packet_size) +=
776 			(*new_auth_tok)->session_key.encrypted_key_size;
777 		(*new_auth_tok)->session_key.flags &=
778 			~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
779 		(*new_auth_tok)->session_key.flags |=
780 			ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
781 		(*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
782 		break;
783 	default:
784 		ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
785 				"[%d]\n", data[(*packet_size) - 1]);
786 		rc = -ENOSYS;
787 		goto out_free;
788 	}
789 	(*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
790 	/* TODO: Parametarize; we might actually want userspace to
791 	 * decrypt the session key. */
792 	(*new_auth_tok)->session_key.flags &=
793 			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
794 	(*new_auth_tok)->session_key.flags &=
795 			    ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
796 	list_add(&auth_tok_list_item->list, auth_tok_list);
797 	goto out;
798 out_free:
799 	(*new_auth_tok) = NULL;
800 	memset(auth_tok_list_item, 0,
801 	       sizeof(struct ecryptfs_auth_tok_list_item));
802 	kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
803 			auth_tok_list_item);
804 out:
805 	if (rc)
806 		(*packet_size) = 0;
807 	return rc;
808 }
809 
810 /**
811  * parse_tag_11_packet
812  * @data: The raw bytes of the packet
813  * @contents: This function writes the data contents of the literal
814  *            packet into this memory location
815  * @max_contents_bytes: The maximum number of bytes that this function
816  *                      is allowed to write into contents
817  * @tag_11_contents_size: This function writes the size of the parsed
818  *                        contents into this memory location; zero on
819  *                        error
820  * @packet_size: This function writes the size of the parsed packet
821  *               into this memory location; zero on error
822  * @max_packet_size: maximum number of bytes to parse
823  *
824  * Returns zero on success; non-zero on error.
825  */
826 static int
827 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
828 		    size_t max_contents_bytes, size_t *tag_11_contents_size,
829 		    size_t *packet_size, size_t max_packet_size)
830 {
831 	size_t body_size;
832 	size_t length_size;
833 	int rc = 0;
834 
835 	(*packet_size) = 0;
836 	(*tag_11_contents_size) = 0;
837 	/* This format is inspired by OpenPGP; see RFC 2440
838 	 * packet tag 11
839 	 *
840 	 * Tag 11 identifier (1 byte)
841 	 * Max Tag 11 packet size (max 3 bytes)
842 	 * Binary format specifier (1 byte)
843 	 * Filename length (1 byte)
844 	 * Filename ("_CONSOLE") (8 bytes)
845 	 * Modification date (4 bytes)
846 	 * Literal data (arbitrary)
847 	 *
848 	 * We need at least 16 bytes of data for the packet to even be
849 	 * valid.
850 	 */
851 	if (max_packet_size < 16) {
852 		printk(KERN_ERR "Maximum packet size too small\n");
853 		rc = -EINVAL;
854 		goto out;
855 	}
856 	if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
857 		printk(KERN_WARNING "Invalid tag 11 packet format\n");
858 		rc = -EINVAL;
859 		goto out;
860 	}
861 	rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
862 					  &length_size);
863 	if (rc) {
864 		printk(KERN_WARNING "Invalid tag 11 packet format\n");
865 		goto out;
866 	}
867 	if (body_size < 14) {
868 		printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
869 		rc = -EINVAL;
870 		goto out;
871 	}
872 	(*packet_size) += length_size;
873 	(*tag_11_contents_size) = (body_size - 14);
874 	if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
875 		printk(KERN_ERR "Packet size exceeds max\n");
876 		rc = -EINVAL;
877 		goto out;
878 	}
879 	if (data[(*packet_size)++] != 0x62) {
880 		printk(KERN_WARNING "Unrecognizable packet\n");
881 		rc = -EINVAL;
882 		goto out;
883 	}
884 	if (data[(*packet_size)++] != 0x08) {
885 		printk(KERN_WARNING "Unrecognizable packet\n");
886 		rc = -EINVAL;
887 		goto out;
888 	}
889 	(*packet_size) += 12; /* Ignore filename and modification date */
890 	memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
891 	(*packet_size) += (*tag_11_contents_size);
892 out:
893 	if (rc) {
894 		(*packet_size) = 0;
895 		(*tag_11_contents_size) = 0;
896 	}
897 	return rc;
898 }
899 
900 static int
901 ecryptfs_find_global_auth_tok_for_sig(
902 	struct ecryptfs_global_auth_tok **global_auth_tok,
903 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
904 {
905 	struct ecryptfs_global_auth_tok *walker;
906 	int rc = 0;
907 
908 	(*global_auth_tok) = NULL;
909 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
910 	list_for_each_entry(walker,
911 			    &mount_crypt_stat->global_auth_tok_list,
912 			    mount_crypt_stat_list) {
913 		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
914 			(*global_auth_tok) = walker;
915 			goto out;
916 		}
917 	}
918 	rc = -EINVAL;
919 out:
920 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
921 	return rc;
922 }
923 
924 /**
925  * ecryptfs_verify_version
926  * @version: The version number to confirm
927  *
928  * Returns zero on good version; non-zero otherwise
929  */
930 static int ecryptfs_verify_version(u16 version)
931 {
932 	int rc = 0;
933 	unsigned char major;
934 	unsigned char minor;
935 
936 	major = ((version >> 8) & 0xFF);
937 	minor = (version & 0xFF);
938 	if (major != ECRYPTFS_VERSION_MAJOR) {
939 		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
940 				"Expected [%d]; got [%d]\n",
941 				ECRYPTFS_VERSION_MAJOR, major);
942 		rc = -EINVAL;
943 		goto out;
944 	}
945 	if (minor != ECRYPTFS_VERSION_MINOR) {
946 		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
947 				"Expected [%d]; got [%d]\n",
948 				ECRYPTFS_VERSION_MINOR, minor);
949 		rc = -EINVAL;
950 		goto out;
951 	}
952 out:
953 	return rc;
954 }
955 
956 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
957 				      struct ecryptfs_auth_tok **auth_tok,
958 				      char *sig)
959 {
960 	int rc = 0;
961 
962 	(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
963 	if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
964 		printk(KERN_ERR "Could not find key with description: [%s]\n",
965 		       sig);
966 		rc = process_request_key_err(PTR_ERR(*auth_tok_key));
967 		goto out;
968 	}
969 	(*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
970 	if (ecryptfs_verify_version((*auth_tok)->version)) {
971 		printk(KERN_ERR
972 		       "Data structure version mismatch. "
973 		       "Userspace tools must match eCryptfs "
974 		       "kernel module with major version [%d] "
975 		       "and minor version [%d]\n",
976 		       ECRYPTFS_VERSION_MAJOR,
977 		       ECRYPTFS_VERSION_MINOR);
978 		rc = -EINVAL;
979 		goto out;
980 	}
981 	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
982 	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
983 		printk(KERN_ERR "Invalid auth_tok structure "
984 		       "returned from key query\n");
985 		rc = -EINVAL;
986 		goto out;
987 	}
988 out:
989 	return rc;
990 }
991 
992 /**
993  * ecryptfs_find_auth_tok_for_sig
994  * @auth_tok: Set to the matching auth_tok; NULL if not found
995  * @crypt_stat: inode crypt_stat crypto context
996  * @sig: Sig of auth_tok to find
997  *
998  * For now, this function simply looks at the registered auth_tok's
999  * linked off the mount_crypt_stat, so all the auth_toks that can be
1000  * used must be registered at mount time. This function could
1001  * potentially try a lot harder to find auth_tok's (e.g., by calling
1002  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
1003  * that static registration of auth_tok's will no longer be necessary.
1004  *
1005  * Returns zero on no error; non-zero on error
1006  */
1007 static int
1008 ecryptfs_find_auth_tok_for_sig(
1009 	struct ecryptfs_auth_tok **auth_tok,
1010 	struct ecryptfs_crypt_stat *crypt_stat, char *sig)
1011 {
1012 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1013 		crypt_stat->mount_crypt_stat;
1014 	struct ecryptfs_global_auth_tok *global_auth_tok;
1015 	int rc = 0;
1016 
1017 	(*auth_tok) = NULL;
1018 	if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
1019 						  mount_crypt_stat, sig)) {
1020 		struct key *auth_tok_key;
1021 
1022 		rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok,
1023 						       sig);
1024 	} else
1025 		(*auth_tok) = global_auth_tok->global_auth_tok;
1026 	return rc;
1027 }
1028 
1029 /**
1030  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1031  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1032  * @crypt_stat: The cryptographic context
1033  *
1034  * Returns zero on success; non-zero error otherwise
1035  */
1036 static int
1037 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1038 					 struct ecryptfs_crypt_stat *crypt_stat)
1039 {
1040 	struct scatterlist dst_sg;
1041 	struct scatterlist src_sg;
1042 	struct mutex *tfm_mutex;
1043 	struct blkcipher_desc desc = {
1044 		.flags = CRYPTO_TFM_REQ_MAY_SLEEP
1045 	};
1046 	int rc = 0;
1047 
1048 	sg_init_table(&dst_sg, 1);
1049 	sg_init_table(&src_sg, 1);
1050 
1051 	if (unlikely(ecryptfs_verbosity > 0)) {
1052 		ecryptfs_printk(
1053 			KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1054 			auth_tok->token.password.session_key_encryption_key_bytes);
1055 		ecryptfs_dump_hex(
1056 			auth_tok->token.password.session_key_encryption_key,
1057 			auth_tok->token.password.session_key_encryption_key_bytes);
1058 	}
1059 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1060 							crypt_stat->cipher);
1061 	if (unlikely(rc)) {
1062 		printk(KERN_ERR "Internal error whilst attempting to get "
1063 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1064 		       crypt_stat->cipher, rc);
1065 		goto out;
1066 	}
1067 	rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1068 				 auth_tok->session_key.encrypted_key_size,
1069 				 &src_sg, 1);
1070 	if (rc != 1) {
1071 		printk(KERN_ERR "Internal error whilst attempting to convert "
1072 			"auth_tok->session_key.encrypted_key to scatterlist; "
1073 			"expected rc = 1; got rc = [%d]. "
1074 		       "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1075 			auth_tok->session_key.encrypted_key_size);
1076 		goto out;
1077 	}
1078 	auth_tok->session_key.decrypted_key_size =
1079 		auth_tok->session_key.encrypted_key_size;
1080 	rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1081 				 auth_tok->session_key.decrypted_key_size,
1082 				 &dst_sg, 1);
1083 	if (rc != 1) {
1084 		printk(KERN_ERR "Internal error whilst attempting to convert "
1085 			"auth_tok->session_key.decrypted_key to scatterlist; "
1086 			"expected rc = 1; got rc = [%d]\n", rc);
1087 		goto out;
1088 	}
1089 	mutex_lock(tfm_mutex);
1090 	rc = crypto_blkcipher_setkey(
1091 		desc.tfm, auth_tok->token.password.session_key_encryption_key,
1092 		crypt_stat->key_size);
1093 	if (unlikely(rc < 0)) {
1094 		mutex_unlock(tfm_mutex);
1095 		printk(KERN_ERR "Error setting key for crypto context\n");
1096 		rc = -EINVAL;
1097 		goto out;
1098 	}
1099 	rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg,
1100 				      auth_tok->session_key.encrypted_key_size);
1101 	mutex_unlock(tfm_mutex);
1102 	if (unlikely(rc)) {
1103 		printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1104 		goto out;
1105 	}
1106 	auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1107 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1108 	       auth_tok->session_key.decrypted_key_size);
1109 	crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1110 	if (unlikely(ecryptfs_verbosity > 0)) {
1111 		ecryptfs_printk(KERN_DEBUG, "FEK of size [%d]:\n",
1112 				crypt_stat->key_size);
1113 		ecryptfs_dump_hex(crypt_stat->key,
1114 				  crypt_stat->key_size);
1115 	}
1116 out:
1117 	return rc;
1118 }
1119 
1120 /**
1121  * ecryptfs_parse_packet_set
1122  * @crypt_stat: The cryptographic context
1123  * @src: Virtual address of region of memory containing the packets
1124  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1125  *
1126  * Get crypt_stat to have the file's session key if the requisite key
1127  * is available to decrypt the session key.
1128  *
1129  * Returns Zero if a valid authentication token was retrieved and
1130  * processed; negative value for file not encrypted or for error
1131  * conditions.
1132  */
1133 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1134 			      unsigned char *src,
1135 			      struct dentry *ecryptfs_dentry)
1136 {
1137 	size_t i = 0;
1138 	size_t found_auth_tok;
1139 	size_t next_packet_is_auth_tok_packet;
1140 	struct list_head auth_tok_list;
1141 	struct ecryptfs_auth_tok *matching_auth_tok;
1142 	struct ecryptfs_auth_tok *candidate_auth_tok;
1143 	char *candidate_auth_tok_sig;
1144 	size_t packet_size;
1145 	struct ecryptfs_auth_tok *new_auth_tok;
1146 	unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1147 	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1148 	size_t tag_11_contents_size;
1149 	size_t tag_11_packet_size;
1150 	int rc = 0;
1151 
1152 	INIT_LIST_HEAD(&auth_tok_list);
1153 	/* Parse the header to find as many packets as we can; these will be
1154 	 * added the our &auth_tok_list */
1155 	next_packet_is_auth_tok_packet = 1;
1156 	while (next_packet_is_auth_tok_packet) {
1157 		size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1158 
1159 		switch (src[i]) {
1160 		case ECRYPTFS_TAG_3_PACKET_TYPE:
1161 			rc = parse_tag_3_packet(crypt_stat,
1162 						(unsigned char *)&src[i],
1163 						&auth_tok_list, &new_auth_tok,
1164 						&packet_size, max_packet_size);
1165 			if (rc) {
1166 				ecryptfs_printk(KERN_ERR, "Error parsing "
1167 						"tag 3 packet\n");
1168 				rc = -EIO;
1169 				goto out_wipe_list;
1170 			}
1171 			i += packet_size;
1172 			rc = parse_tag_11_packet((unsigned char *)&src[i],
1173 						 sig_tmp_space,
1174 						 ECRYPTFS_SIG_SIZE,
1175 						 &tag_11_contents_size,
1176 						 &tag_11_packet_size,
1177 						 max_packet_size);
1178 			if (rc) {
1179 				ecryptfs_printk(KERN_ERR, "No valid "
1180 						"(ecryptfs-specific) literal "
1181 						"packet containing "
1182 						"authentication token "
1183 						"signature found after "
1184 						"tag 3 packet\n");
1185 				rc = -EIO;
1186 				goto out_wipe_list;
1187 			}
1188 			i += tag_11_packet_size;
1189 			if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1190 				ecryptfs_printk(KERN_ERR, "Expected "
1191 						"signature of size [%d]; "
1192 						"read size [%d]\n",
1193 						ECRYPTFS_SIG_SIZE,
1194 						tag_11_contents_size);
1195 				rc = -EIO;
1196 				goto out_wipe_list;
1197 			}
1198 			ecryptfs_to_hex(new_auth_tok->token.password.signature,
1199 					sig_tmp_space, tag_11_contents_size);
1200 			new_auth_tok->token.password.signature[
1201 				ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1202 			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1203 			break;
1204 		case ECRYPTFS_TAG_1_PACKET_TYPE:
1205 			rc = parse_tag_1_packet(crypt_stat,
1206 						(unsigned char *)&src[i],
1207 						&auth_tok_list, &new_auth_tok,
1208 						&packet_size, max_packet_size);
1209 			if (rc) {
1210 				ecryptfs_printk(KERN_ERR, "Error parsing "
1211 						"tag 1 packet\n");
1212 				rc = -EIO;
1213 				goto out_wipe_list;
1214 			}
1215 			i += packet_size;
1216 			crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1217 			break;
1218 		case ECRYPTFS_TAG_11_PACKET_TYPE:
1219 			ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1220 					"(Tag 11 not allowed by itself)\n");
1221 			rc = -EIO;
1222 			goto out_wipe_list;
1223 			break;
1224 		default:
1225 			ecryptfs_printk(KERN_DEBUG, "No packet at offset "
1226 					"[%d] of the file header; hex value of "
1227 					"character is [0x%.2x]\n", i, src[i]);
1228 			next_packet_is_auth_tok_packet = 0;
1229 		}
1230 	}
1231 	if (list_empty(&auth_tok_list)) {
1232 		printk(KERN_ERR "The lower file appears to be a non-encrypted "
1233 		       "eCryptfs file; this is not supported in this version "
1234 		       "of the eCryptfs kernel module\n");
1235 		rc = -EINVAL;
1236 		goto out;
1237 	}
1238 	/* auth_tok_list contains the set of authentication tokens
1239 	 * parsed from the metadata. We need to find a matching
1240 	 * authentication token that has the secret component(s)
1241 	 * necessary to decrypt the EFEK in the auth_tok parsed from
1242 	 * the metadata. There may be several potential matches, but
1243 	 * just one will be sufficient to decrypt to get the FEK. */
1244 find_next_matching_auth_tok:
1245 	found_auth_tok = 0;
1246 	list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1247 		candidate_auth_tok = &auth_tok_list_item->auth_tok;
1248 		if (unlikely(ecryptfs_verbosity > 0)) {
1249 			ecryptfs_printk(KERN_DEBUG,
1250 					"Considering cadidate auth tok:\n");
1251 			ecryptfs_dump_auth_tok(candidate_auth_tok);
1252 		}
1253 		rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1254 					       candidate_auth_tok);
1255 		if (rc) {
1256 			printk(KERN_ERR
1257 			       "Unrecognized candidate auth tok type: [%d]\n",
1258 			       candidate_auth_tok->token_type);
1259 			rc = -EINVAL;
1260 			goto out_wipe_list;
1261 		}
1262 		ecryptfs_find_auth_tok_for_sig(&matching_auth_tok, crypt_stat,
1263 					       candidate_auth_tok_sig);
1264 		if (matching_auth_tok) {
1265 			found_auth_tok = 1;
1266 			goto found_matching_auth_tok;
1267 		}
1268 	}
1269 	if (!found_auth_tok) {
1270 		ecryptfs_printk(KERN_ERR, "Could not find a usable "
1271 				"authentication token\n");
1272 		rc = -EIO;
1273 		goto out_wipe_list;
1274 	}
1275 found_matching_auth_tok:
1276 	if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1277 		memcpy(&(candidate_auth_tok->token.private_key),
1278 		       &(matching_auth_tok->token.private_key),
1279 		       sizeof(struct ecryptfs_private_key));
1280 		rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1281 						       crypt_stat);
1282 	} else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1283 		memcpy(&(candidate_auth_tok->token.password),
1284 		       &(matching_auth_tok->token.password),
1285 		       sizeof(struct ecryptfs_password));
1286 		rc = decrypt_passphrase_encrypted_session_key(
1287 			candidate_auth_tok, crypt_stat);
1288 	}
1289 	if (rc) {
1290 		struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1291 
1292 		ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1293 				"session key for authentication token with sig "
1294 				"[%.*s]; rc = [%d]. Removing auth tok "
1295 				"candidate from the list and searching for "
1296 				"the next match.\n", candidate_auth_tok_sig,
1297 				ECRYPTFS_SIG_SIZE_HEX, rc);
1298 		list_for_each_entry_safe(auth_tok_list_item,
1299 					 auth_tok_list_item_tmp,
1300 					 &auth_tok_list, list) {
1301 			if (candidate_auth_tok
1302 			    == &auth_tok_list_item->auth_tok) {
1303 				list_del(&auth_tok_list_item->list);
1304 				kmem_cache_free(
1305 					ecryptfs_auth_tok_list_item_cache,
1306 					auth_tok_list_item);
1307 				goto find_next_matching_auth_tok;
1308 			}
1309 		}
1310 		BUG();
1311 	}
1312 	rc = ecryptfs_compute_root_iv(crypt_stat);
1313 	if (rc) {
1314 		ecryptfs_printk(KERN_ERR, "Error computing "
1315 				"the root IV\n");
1316 		goto out_wipe_list;
1317 	}
1318 	rc = ecryptfs_init_crypt_ctx(crypt_stat);
1319 	if (rc) {
1320 		ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1321 				"context for cipher [%s]; rc = [%d]\n",
1322 				crypt_stat->cipher, rc);
1323 	}
1324 out_wipe_list:
1325 	wipe_auth_tok_list(&auth_tok_list);
1326 out:
1327 	return rc;
1328 }
1329 
1330 static int
1331 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1332 			struct ecryptfs_crypt_stat *crypt_stat,
1333 			struct ecryptfs_key_record *key_rec)
1334 {
1335 	struct ecryptfs_msg_ctx *msg_ctx = NULL;
1336 	char *payload = NULL;
1337 	size_t payload_len;
1338 	struct ecryptfs_message *msg;
1339 	int rc;
1340 
1341 	rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1342 				 ecryptfs_code_for_cipher_string(crypt_stat),
1343 				 crypt_stat, &payload, &payload_len);
1344 	if (rc) {
1345 		ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1346 		goto out;
1347 	}
1348 	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1349 	if (rc) {
1350 		ecryptfs_printk(KERN_ERR, "Error sending message to "
1351 				"ecryptfsd\n");
1352 		goto out;
1353 	}
1354 	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1355 	if (rc) {
1356 		ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1357 				"from the user space daemon\n");
1358 		rc = -EIO;
1359 		goto out;
1360 	}
1361 	rc = parse_tag_67_packet(key_rec, msg);
1362 	if (rc)
1363 		ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1364 	kfree(msg);
1365 out:
1366 	kfree(payload);
1367 	return rc;
1368 }
1369 /**
1370  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1371  * @dest: Buffer into which to write the packet
1372  * @remaining_bytes: Maximum number of bytes that can be writtn
1373  * @auth_tok: The authentication token used for generating the tag 1 packet
1374  * @crypt_stat: The cryptographic context
1375  * @key_rec: The key record struct for the tag 1 packet
1376  * @packet_size: This function will write the number of bytes that end
1377  *               up constituting the packet; set to zero on error
1378  *
1379  * Returns zero on success; non-zero on error.
1380  */
1381 static int
1382 write_tag_1_packet(char *dest, size_t *remaining_bytes,
1383 		   struct ecryptfs_auth_tok *auth_tok,
1384 		   struct ecryptfs_crypt_stat *crypt_stat,
1385 		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
1386 {
1387 	size_t i;
1388 	size_t encrypted_session_key_valid = 0;
1389 	size_t packet_size_length;
1390 	size_t max_packet_size;
1391 	int rc = 0;
1392 
1393 	(*packet_size) = 0;
1394 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
1395 			  ECRYPTFS_SIG_SIZE);
1396 	encrypted_session_key_valid = 0;
1397 	for (i = 0; i < crypt_stat->key_size; i++)
1398 		encrypted_session_key_valid |=
1399 			auth_tok->session_key.encrypted_key[i];
1400 	if (encrypted_session_key_valid) {
1401 		memcpy(key_rec->enc_key,
1402 		       auth_tok->session_key.encrypted_key,
1403 		       auth_tok->session_key.encrypted_key_size);
1404 		goto encrypted_session_key_set;
1405 	}
1406 	if (auth_tok->session_key.encrypted_key_size == 0)
1407 		auth_tok->session_key.encrypted_key_size =
1408 			auth_tok->token.private_key.key_size;
1409 	rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
1410 	if (rc) {
1411 		printk(KERN_ERR "Failed to encrypt session key via a key "
1412 		       "module; rc = [%d]\n", rc);
1413 		goto out;
1414 	}
1415 	if (ecryptfs_verbosity > 0) {
1416 		ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
1417 		ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
1418 	}
1419 encrypted_session_key_set:
1420 	/* This format is inspired by OpenPGP; see RFC 2440
1421 	 * packet tag 1 */
1422 	max_packet_size = (1                         /* Tag 1 identifier */
1423 			   + 3                       /* Max Tag 1 packet size */
1424 			   + 1                       /* Version */
1425 			   + ECRYPTFS_SIG_SIZE       /* Key identifier */
1426 			   + 1                       /* Cipher identifier */
1427 			   + key_rec->enc_key_size); /* Encrypted key size */
1428 	if (max_packet_size > (*remaining_bytes)) {
1429 		printk(KERN_ERR "Packet length larger than maximum allowable; "
1430 		       "need up to [%td] bytes, but there are only [%td] "
1431 		       "available\n", max_packet_size, (*remaining_bytes));
1432 		rc = -EINVAL;
1433 		goto out;
1434 	}
1435 	dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
1436 	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
1437 					  (max_packet_size - 4),
1438 					  &packet_size_length);
1439 	if (rc) {
1440 		ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
1441 				"header; cannot generate packet length\n");
1442 		goto out;
1443 	}
1444 	(*packet_size) += packet_size_length;
1445 	dest[(*packet_size)++] = 0x03; /* version 3 */
1446 	memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
1447 	(*packet_size) += ECRYPTFS_SIG_SIZE;
1448 	dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
1449 	memcpy(&dest[(*packet_size)], key_rec->enc_key,
1450 	       key_rec->enc_key_size);
1451 	(*packet_size) += key_rec->enc_key_size;
1452 out:
1453 	if (rc)
1454 		(*packet_size) = 0;
1455 	else
1456 		(*remaining_bytes) -= (*packet_size);
1457 	return rc;
1458 }
1459 
1460 /**
1461  * write_tag_11_packet
1462  * @dest: Target into which Tag 11 packet is to be written
1463  * @remaining_bytes: Maximum packet length
1464  * @contents: Byte array of contents to copy in
1465  * @contents_length: Number of bytes in contents
1466  * @packet_length: Length of the Tag 11 packet written; zero on error
1467  *
1468  * Returns zero on success; non-zero on error.
1469  */
1470 static int
1471 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
1472 		    size_t contents_length, size_t *packet_length)
1473 {
1474 	size_t packet_size_length;
1475 	size_t max_packet_size;
1476 	int rc = 0;
1477 
1478 	(*packet_length) = 0;
1479 	/* This format is inspired by OpenPGP; see RFC 2440
1480 	 * packet tag 11 */
1481 	max_packet_size = (1                   /* Tag 11 identifier */
1482 			   + 3                 /* Max Tag 11 packet size */
1483 			   + 1                 /* Binary format specifier */
1484 			   + 1                 /* Filename length */
1485 			   + 8                 /* Filename ("_CONSOLE") */
1486 			   + 4                 /* Modification date */
1487 			   + contents_length); /* Literal data */
1488 	if (max_packet_size > (*remaining_bytes)) {
1489 		printk(KERN_ERR "Packet length larger than maximum allowable; "
1490 		       "need up to [%td] bytes, but there are only [%td] "
1491 		       "available\n", max_packet_size, (*remaining_bytes));
1492 		rc = -EINVAL;
1493 		goto out;
1494 	}
1495 	dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
1496 	rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
1497 					  (max_packet_size - 4),
1498 					  &packet_size_length);
1499 	if (rc) {
1500 		printk(KERN_ERR "Error generating tag 11 packet header; cannot "
1501 		       "generate packet length. rc = [%d]\n", rc);
1502 		goto out;
1503 	}
1504 	(*packet_length) += packet_size_length;
1505 	dest[(*packet_length)++] = 0x62; /* binary data format specifier */
1506 	dest[(*packet_length)++] = 8;
1507 	memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
1508 	(*packet_length) += 8;
1509 	memset(&dest[(*packet_length)], 0x00, 4);
1510 	(*packet_length) += 4;
1511 	memcpy(&dest[(*packet_length)], contents, contents_length);
1512 	(*packet_length) += contents_length;
1513  out:
1514 	if (rc)
1515 		(*packet_length) = 0;
1516 	else
1517 		(*remaining_bytes) -= (*packet_length);
1518 	return rc;
1519 }
1520 
1521 /**
1522  * write_tag_3_packet
1523  * @dest: Buffer into which to write the packet
1524  * @remaining_bytes: Maximum number of bytes that can be written
1525  * @auth_tok: Authentication token
1526  * @crypt_stat: The cryptographic context
1527  * @key_rec: encrypted key
1528  * @packet_size: This function will write the number of bytes that end
1529  *               up constituting the packet; set to zero on error
1530  *
1531  * Returns zero on success; non-zero on error.
1532  */
1533 static int
1534 write_tag_3_packet(char *dest, size_t *remaining_bytes,
1535 		   struct ecryptfs_auth_tok *auth_tok,
1536 		   struct ecryptfs_crypt_stat *crypt_stat,
1537 		   struct ecryptfs_key_record *key_rec, size_t *packet_size)
1538 {
1539 	size_t i;
1540 	size_t encrypted_session_key_valid = 0;
1541 	char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
1542 	struct scatterlist dst_sg;
1543 	struct scatterlist src_sg;
1544 	struct mutex *tfm_mutex = NULL;
1545 	u8 cipher_code;
1546 	size_t packet_size_length;
1547 	size_t max_packet_size;
1548 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1549 		crypt_stat->mount_crypt_stat;
1550 	struct blkcipher_desc desc = {
1551 		.tfm = NULL,
1552 		.flags = CRYPTO_TFM_REQ_MAY_SLEEP
1553 	};
1554 	int rc = 0;
1555 
1556 	(*packet_size) = 0;
1557 	ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
1558 			  ECRYPTFS_SIG_SIZE);
1559 	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1560 							crypt_stat->cipher);
1561 	if (unlikely(rc)) {
1562 		printk(KERN_ERR "Internal error whilst attempting to get "
1563 		       "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1564 		       crypt_stat->cipher, rc);
1565 		goto out;
1566 	}
1567 	if (mount_crypt_stat->global_default_cipher_key_size == 0) {
1568 		struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
1569 
1570 		printk(KERN_WARNING "No key size specified at mount; "
1571 		       "defaulting to [%d]\n", alg->max_keysize);
1572 		mount_crypt_stat->global_default_cipher_key_size =
1573 			alg->max_keysize;
1574 	}
1575 	if (crypt_stat->key_size == 0)
1576 		crypt_stat->key_size =
1577 			mount_crypt_stat->global_default_cipher_key_size;
1578 	if (auth_tok->session_key.encrypted_key_size == 0)
1579 		auth_tok->session_key.encrypted_key_size =
1580 			crypt_stat->key_size;
1581 	if (crypt_stat->key_size == 24
1582 	    && strcmp("aes", crypt_stat->cipher) == 0) {
1583 		memset((crypt_stat->key + 24), 0, 8);
1584 		auth_tok->session_key.encrypted_key_size = 32;
1585 	} else
1586 		auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
1587 	key_rec->enc_key_size =
1588 		auth_tok->session_key.encrypted_key_size;
1589 	encrypted_session_key_valid = 0;
1590 	for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
1591 		encrypted_session_key_valid |=
1592 			auth_tok->session_key.encrypted_key[i];
1593 	if (encrypted_session_key_valid) {
1594 		ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
1595 				"using auth_tok->session_key.encrypted_key, "
1596 				"where key_rec->enc_key_size = [%d]\n",
1597 				key_rec->enc_key_size);
1598 		memcpy(key_rec->enc_key,
1599 		       auth_tok->session_key.encrypted_key,
1600 		       key_rec->enc_key_size);
1601 		goto encrypted_session_key_set;
1602 	}
1603 	if (auth_tok->token.password.flags &
1604 	    ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
1605 		ecryptfs_printk(KERN_DEBUG, "Using previously generated "
1606 				"session key encryption key of size [%d]\n",
1607 				auth_tok->token.password.
1608 				session_key_encryption_key_bytes);
1609 		memcpy(session_key_encryption_key,
1610 		       auth_tok->token.password.session_key_encryption_key,
1611 		       crypt_stat->key_size);
1612 		ecryptfs_printk(KERN_DEBUG,
1613 				"Cached session key " "encryption key: \n");
1614 		if (ecryptfs_verbosity > 0)
1615 			ecryptfs_dump_hex(session_key_encryption_key, 16);
1616 	}
1617 	if (unlikely(ecryptfs_verbosity > 0)) {
1618 		ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
1619 		ecryptfs_dump_hex(session_key_encryption_key, 16);
1620 	}
1621 	rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
1622 				 &src_sg, 1);
1623 	if (rc != 1) {
1624 		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
1625 				"for crypt_stat session key; expected rc = 1; "
1626 				"got rc = [%d]. key_rec->enc_key_size = [%d]\n",
1627 				rc, key_rec->enc_key_size);
1628 		rc = -ENOMEM;
1629 		goto out;
1630 	}
1631 	rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
1632 				 &dst_sg, 1);
1633 	if (rc != 1) {
1634 		ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
1635 				"for crypt_stat encrypted session key; "
1636 				"expected rc = 1; got rc = [%d]. "
1637 				"key_rec->enc_key_size = [%d]\n", rc,
1638 				key_rec->enc_key_size);
1639 		rc = -ENOMEM;
1640 		goto out;
1641 	}
1642 	mutex_lock(tfm_mutex);
1643 	rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
1644 				     crypt_stat->key_size);
1645 	if (rc < 0) {
1646 		mutex_unlock(tfm_mutex);
1647 		ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
1648 				"context; rc = [%d]\n", rc);
1649 		goto out;
1650 	}
1651 	rc = 0;
1652 	ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
1653 			crypt_stat->key_size);
1654 	rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg,
1655 				      (*key_rec).enc_key_size);
1656 	mutex_unlock(tfm_mutex);
1657 	if (rc) {
1658 		printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
1659 		goto out;
1660 	}
1661 	ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
1662 	if (ecryptfs_verbosity > 0) {
1663 		ecryptfs_printk(KERN_DEBUG, "EFEK of size [%d]:\n",
1664 				key_rec->enc_key_size);
1665 		ecryptfs_dump_hex(key_rec->enc_key,
1666 				  key_rec->enc_key_size);
1667 	}
1668 encrypted_session_key_set:
1669 	/* This format is inspired by OpenPGP; see RFC 2440
1670 	 * packet tag 3 */
1671 	max_packet_size = (1                         /* Tag 3 identifier */
1672 			   + 3                       /* Max Tag 3 packet size */
1673 			   + 1                       /* Version */
1674 			   + 1                       /* Cipher code */
1675 			   + 1                       /* S2K specifier */
1676 			   + 1                       /* Hash identifier */
1677 			   + ECRYPTFS_SALT_SIZE      /* Salt */
1678 			   + 1                       /* Hash iterations */
1679 			   + key_rec->enc_key_size); /* Encrypted key size */
1680 	if (max_packet_size > (*remaining_bytes)) {
1681 		printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
1682 		       "there are only [%td] available\n", max_packet_size,
1683 		       (*remaining_bytes));
1684 		rc = -EINVAL;
1685 		goto out;
1686 	}
1687 	dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
1688 	/* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
1689 	 * to get the number of octets in the actual Tag 3 packet */
1690 	rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
1691 					  (max_packet_size - 4),
1692 					  &packet_size_length);
1693 	if (rc) {
1694 		printk(KERN_ERR "Error generating tag 3 packet header; cannot "
1695 		       "generate packet length. rc = [%d]\n", rc);
1696 		goto out;
1697 	}
1698 	(*packet_size) += packet_size_length;
1699 	dest[(*packet_size)++] = 0x04; /* version 4 */
1700 	/* TODO: Break from RFC2440 so that arbitrary ciphers can be
1701 	 * specified with strings */
1702 	cipher_code = ecryptfs_code_for_cipher_string(crypt_stat);
1703 	if (cipher_code == 0) {
1704 		ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
1705 				"cipher [%s]\n", crypt_stat->cipher);
1706 		rc = -EINVAL;
1707 		goto out;
1708 	}
1709 	dest[(*packet_size)++] = cipher_code;
1710 	dest[(*packet_size)++] = 0x03;	/* S2K */
1711 	dest[(*packet_size)++] = 0x01;	/* MD5 (TODO: parameterize) */
1712 	memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
1713 	       ECRYPTFS_SALT_SIZE);
1714 	(*packet_size) += ECRYPTFS_SALT_SIZE;	/* salt */
1715 	dest[(*packet_size)++] = 0x60;	/* hash iterations (65536) */
1716 	memcpy(&dest[(*packet_size)], key_rec->enc_key,
1717 	       key_rec->enc_key_size);
1718 	(*packet_size) += key_rec->enc_key_size;
1719 out:
1720 	if (rc)
1721 		(*packet_size) = 0;
1722 	else
1723 		(*remaining_bytes) -= (*packet_size);
1724 	return rc;
1725 }
1726 
1727 struct kmem_cache *ecryptfs_key_record_cache;
1728 
1729 /**
1730  * ecryptfs_generate_key_packet_set
1731  * @dest_base: Virtual address from which to write the key record set
1732  * @crypt_stat: The cryptographic context from which the
1733  *              authentication tokens will be retrieved
1734  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
1735  *                   for the global parameters
1736  * @len: The amount written
1737  * @max: The maximum amount of data allowed to be written
1738  *
1739  * Generates a key packet set and writes it to the virtual address
1740  * passed in.
1741  *
1742  * Returns zero on success; non-zero on error.
1743  */
1744 int
1745 ecryptfs_generate_key_packet_set(char *dest_base,
1746 				 struct ecryptfs_crypt_stat *crypt_stat,
1747 				 struct dentry *ecryptfs_dentry, size_t *len,
1748 				 size_t max)
1749 {
1750 	struct ecryptfs_auth_tok *auth_tok;
1751 	struct ecryptfs_global_auth_tok *global_auth_tok;
1752 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1753 		&ecryptfs_superblock_to_private(
1754 			ecryptfs_dentry->d_sb)->mount_crypt_stat;
1755 	size_t written;
1756 	struct ecryptfs_key_record *key_rec;
1757 	struct ecryptfs_key_sig *key_sig;
1758 	int rc = 0;
1759 
1760 	(*len) = 0;
1761 	mutex_lock(&crypt_stat->keysig_list_mutex);
1762 	key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
1763 	if (!key_rec) {
1764 		rc = -ENOMEM;
1765 		goto out;
1766 	}
1767 	list_for_each_entry(key_sig, &crypt_stat->keysig_list,
1768 			    crypt_stat_list) {
1769 		memset(key_rec, 0, sizeof(*key_rec));
1770 		rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
1771 							   mount_crypt_stat,
1772 							   key_sig->keysig);
1773 		if (rc) {
1774 			printk(KERN_ERR "Error attempting to get the global "
1775 			       "auth_tok; rc = [%d]\n", rc);
1776 			goto out_free;
1777 		}
1778 		if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
1779 			printk(KERN_WARNING
1780 			       "Skipping invalid auth tok with sig = [%s]\n",
1781 			       global_auth_tok->sig);
1782 			continue;
1783 		}
1784 		auth_tok = global_auth_tok->global_auth_tok;
1785 		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
1786 			rc = write_tag_3_packet((dest_base + (*len)),
1787 						&max, auth_tok,
1788 						crypt_stat, key_rec,
1789 						&written);
1790 			if (rc) {
1791 				ecryptfs_printk(KERN_WARNING, "Error "
1792 						"writing tag 3 packet\n");
1793 				goto out_free;
1794 			}
1795 			(*len) += written;
1796 			/* Write auth tok signature packet */
1797 			rc = write_tag_11_packet((dest_base + (*len)), &max,
1798 						 key_rec->sig,
1799 						 ECRYPTFS_SIG_SIZE, &written);
1800 			if (rc) {
1801 				ecryptfs_printk(KERN_ERR, "Error writing "
1802 						"auth tok signature packet\n");
1803 				goto out_free;
1804 			}
1805 			(*len) += written;
1806 		} else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1807 			rc = write_tag_1_packet(dest_base + (*len),
1808 						&max, auth_tok,
1809 						crypt_stat, key_rec, &written);
1810 			if (rc) {
1811 				ecryptfs_printk(KERN_WARNING, "Error "
1812 						"writing tag 1 packet\n");
1813 				goto out_free;
1814 			}
1815 			(*len) += written;
1816 		} else {
1817 			ecryptfs_printk(KERN_WARNING, "Unsupported "
1818 					"authentication token type\n");
1819 			rc = -EINVAL;
1820 			goto out_free;
1821 		}
1822 	}
1823 	if (likely(max > 0)) {
1824 		dest_base[(*len)] = 0x00;
1825 	} else {
1826 		ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
1827 		rc = -EIO;
1828 	}
1829 out_free:
1830 	kmem_cache_free(ecryptfs_key_record_cache, key_rec);
1831 out:
1832 	if (rc)
1833 		(*len) = 0;
1834 	mutex_unlock(&crypt_stat->keysig_list_mutex);
1835 	return rc;
1836 }
1837 
1838 struct kmem_cache *ecryptfs_key_sig_cache;
1839 
1840 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
1841 {
1842 	struct ecryptfs_key_sig *new_key_sig;
1843 	int rc = 0;
1844 
1845 	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
1846 	if (!new_key_sig) {
1847 		rc = -ENOMEM;
1848 		printk(KERN_ERR
1849 		       "Error allocating from ecryptfs_key_sig_cache\n");
1850 		goto out;
1851 	}
1852 	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
1853 	mutex_lock(&crypt_stat->keysig_list_mutex);
1854 	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
1855 	mutex_unlock(&crypt_stat->keysig_list_mutex);
1856 out:
1857 	return rc;
1858 }
1859 
1860 struct kmem_cache *ecryptfs_global_auth_tok_cache;
1861 
1862 int
1863 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
1864 			     char *sig)
1865 {
1866 	struct ecryptfs_global_auth_tok *new_auth_tok;
1867 	int rc = 0;
1868 
1869 	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
1870 					GFP_KERNEL);
1871 	if (!new_auth_tok) {
1872 		rc = -ENOMEM;
1873 		printk(KERN_ERR "Error allocating from "
1874 		       "ecryptfs_global_auth_tok_cache\n");
1875 		goto out;
1876 	}
1877 	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
1878 	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
1879 	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
1880 	list_add(&new_auth_tok->mount_crypt_stat_list,
1881 		 &mount_crypt_stat->global_auth_tok_list);
1882 	mount_crypt_stat->num_global_auth_toks++;
1883 	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
1884 out:
1885 	return rc;
1886 }
1887 
1888