crypto_fname.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470
  1. /*
  2. * linux/fs/ext4/crypto_fname.c
  3. *
  4. * Copyright (C) 2015, Google, Inc.
  5. *
  6. * This contains functions for filename crypto management in ext4
  7. *
  8. * Written by Uday Savagaonkar, 2014.
  9. *
  10. * This has not yet undergone a rigorous security audit.
  11. *
  12. */
  13. #include <crypto/hash.h>
  14. #include <crypto/sha.h>
  15. #include <keys/encrypted-type.h>
  16. #include <keys/user-type.h>
  17. #include <linux/crypto.h>
  18. #include <linux/gfp.h>
  19. #include <linux/kernel.h>
  20. #include <linux/key.h>
  21. #include <linux/key.h>
  22. #include <linux/list.h>
  23. #include <linux/mempool.h>
  24. #include <linux/random.h>
  25. #include <linux/scatterlist.h>
  26. #include <linux/spinlock_types.h>
  27. #include "ext4.h"
  28. #include "ext4_crypto.h"
  29. #include "xattr.h"
  30. /**
  31. * ext4_dir_crypt_complete() -
  32. */
  33. static void ext4_dir_crypt_complete(struct crypto_async_request *req, int res)
  34. {
  35. struct ext4_completion_result *ecr = req->data;
  36. if (res == -EINPROGRESS)
  37. return;
  38. ecr->res = res;
  39. complete(&ecr->completion);
  40. }
  41. bool ext4_valid_filenames_enc_mode(uint32_t mode)
  42. {
  43. return (mode == EXT4_ENCRYPTION_MODE_AES_256_CTS);
  44. }
  45. static unsigned max_name_len(struct inode *inode)
  46. {
  47. return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
  48. EXT4_NAME_LEN;
  49. }
  50. /**
  51. * ext4_fname_encrypt() -
  52. *
  53. * This function encrypts the input filename, and returns the length of the
  54. * ciphertext. Errors are returned as negative numbers. We trust the caller to
  55. * allocate sufficient memory to oname string.
  56. */
  57. static int ext4_fname_encrypt(struct inode *inode,
  58. const struct qstr *iname,
  59. struct ext4_str *oname)
  60. {
  61. u32 ciphertext_len;
  62. struct ablkcipher_request *req = NULL;
  63. DECLARE_EXT4_COMPLETION_RESULT(ecr);
  64. struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
  65. struct crypto_ablkcipher *tfm = ci->ci_ctfm;
  66. int res = 0;
  67. char iv[EXT4_CRYPTO_BLOCK_SIZE];
  68. struct scatterlist src_sg, dst_sg;
  69. int padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
  70. char *workbuf, buf[32], *alloc_buf = NULL;
  71. unsigned lim = max_name_len(inode);
  72. if (iname->len <= 0 || iname->len > lim)
  73. return -EIO;
  74. ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ?
  75. EXT4_CRYPTO_BLOCK_SIZE : iname->len;
  76. ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding);
  77. ciphertext_len = (ciphertext_len > lim)
  78. ? lim : ciphertext_len;
  79. if (ciphertext_len <= sizeof(buf)) {
  80. workbuf = buf;
  81. } else {
  82. alloc_buf = kmalloc(ciphertext_len, GFP_NOFS);
  83. if (!alloc_buf)
  84. return -ENOMEM;
  85. workbuf = alloc_buf;
  86. }
  87. /* Allocate request */
  88. req = ablkcipher_request_alloc(tfm, GFP_NOFS);
  89. if (!req) {
  90. printk_ratelimited(
  91. KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
  92. kfree(alloc_buf);
  93. return -ENOMEM;
  94. }
  95. ablkcipher_request_set_callback(req,
  96. CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
  97. ext4_dir_crypt_complete, &ecr);
  98. /* Copy the input */
  99. memcpy(workbuf, iname->name, iname->len);
  100. if (iname->len < ciphertext_len)
  101. memset(workbuf + iname->len, 0, ciphertext_len - iname->len);
  102. /* Initialize IV */
  103. memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
  104. /* Create encryption request */
  105. sg_init_one(&src_sg, workbuf, ciphertext_len);
  106. sg_init_one(&dst_sg, oname->name, ciphertext_len);
  107. ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
  108. res = crypto_ablkcipher_encrypt(req);
  109. if (res == -EINPROGRESS || res == -EBUSY) {
  110. BUG_ON(req->base.data != &ecr);
  111. wait_for_completion(&ecr.completion);
  112. res = ecr.res;
  113. }
  114. kfree(alloc_buf);
  115. ablkcipher_request_free(req);
  116. if (res < 0) {
  117. printk_ratelimited(
  118. KERN_ERR "%s: Error (error code %d)\n", __func__, res);
  119. }
  120. oname->len = ciphertext_len;
  121. return res;
  122. }
  123. /*
  124. * ext4_fname_decrypt()
  125. * This function decrypts the input filename, and returns
  126. * the length of the plaintext.
  127. * Errors are returned as negative numbers.
  128. * We trust the caller to allocate sufficient memory to oname string.
  129. */
  130. static int ext4_fname_decrypt(struct inode *inode,
  131. const struct ext4_str *iname,
  132. struct ext4_str *oname)
  133. {
  134. struct ext4_str tmp_in[2], tmp_out[1];
  135. struct ablkcipher_request *req = NULL;
  136. DECLARE_EXT4_COMPLETION_RESULT(ecr);
  137. struct scatterlist src_sg, dst_sg;
  138. struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
  139. struct crypto_ablkcipher *tfm = ci->ci_ctfm;
  140. int res = 0;
  141. char iv[EXT4_CRYPTO_BLOCK_SIZE];
  142. unsigned lim = max_name_len(inode);
  143. if (iname->len <= 0 || iname->len > lim)
  144. return -EIO;
  145. tmp_in[0].name = iname->name;
  146. tmp_in[0].len = iname->len;
  147. tmp_out[0].name = oname->name;
  148. /* Allocate request */
  149. req = ablkcipher_request_alloc(tfm, GFP_NOFS);
  150. if (!req) {
  151. printk_ratelimited(
  152. KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
  153. return -ENOMEM;
  154. }
  155. ablkcipher_request_set_callback(req,
  156. CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
  157. ext4_dir_crypt_complete, &ecr);
  158. /* Initialize IV */
  159. memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
  160. /* Create encryption request */
  161. sg_init_one(&src_sg, iname->name, iname->len);
  162. sg_init_one(&dst_sg, oname->name, oname->len);
  163. ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
  164. res = crypto_ablkcipher_decrypt(req);
  165. if (res == -EINPROGRESS || res == -EBUSY) {
  166. BUG_ON(req->base.data != &ecr);
  167. wait_for_completion(&ecr.completion);
  168. res = ecr.res;
  169. }
  170. ablkcipher_request_free(req);
  171. if (res < 0) {
  172. printk_ratelimited(
  173. KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n",
  174. __func__, res);
  175. return res;
  176. }
  177. oname->len = strnlen(oname->name, iname->len);
  178. return oname->len;
  179. }
  180. static const char *lookup_table =
  181. "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
  182. /**
  183. * ext4_fname_encode_digest() -
  184. *
  185. * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
  186. * The encoded string is roughly 4/3 times the size of the input string.
  187. */
  188. static int digest_encode(const char *src, int len, char *dst)
  189. {
  190. int i = 0, bits = 0, ac = 0;
  191. char *cp = dst;
  192. while (i < len) {
  193. ac += (((unsigned char) src[i]) << bits);
  194. bits += 8;
  195. do {
  196. *cp++ = lookup_table[ac & 0x3f];
  197. ac >>= 6;
  198. bits -= 6;
  199. } while (bits >= 6);
  200. i++;
  201. }
  202. if (bits)
  203. *cp++ = lookup_table[ac & 0x3f];
  204. return cp - dst;
  205. }
  206. static int digest_decode(const char *src, int len, char *dst)
  207. {
  208. int i = 0, bits = 0, ac = 0;
  209. const char *p;
  210. char *cp = dst;
  211. while (i < len) {
  212. p = strchr(lookup_table, src[i]);
  213. if (p == NULL || src[i] == 0)
  214. return -2;
  215. ac += (p - lookup_table) << bits;
  216. bits += 6;
  217. if (bits >= 8) {
  218. *cp++ = ac & 0xff;
  219. ac >>= 8;
  220. bits -= 8;
  221. }
  222. i++;
  223. }
  224. if (ac)
  225. return -1;
  226. return cp - dst;
  227. }
  228. /**
  229. * ext4_fname_crypto_round_up() -
  230. *
  231. * Return: The next multiple of block size
  232. */
  233. u32 ext4_fname_crypto_round_up(u32 size, u32 blksize)
  234. {
  235. return ((size+blksize-1)/blksize)*blksize;
  236. }
  237. unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen)
  238. {
  239. struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
  240. int padding = 32;
  241. if (ci)
  242. padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
  243. if (ilen < EXT4_CRYPTO_BLOCK_SIZE)
  244. ilen = EXT4_CRYPTO_BLOCK_SIZE;
  245. return ext4_fname_crypto_round_up(ilen, padding);
  246. }
  247. /*
  248. * ext4_fname_crypto_alloc_buffer() -
  249. *
  250. * Allocates an output buffer that is sufficient for the crypto operation
  251. * specified by the context and the direction.
  252. */
  253. int ext4_fname_crypto_alloc_buffer(struct inode *inode,
  254. u32 ilen, struct ext4_str *crypto_str)
  255. {
  256. unsigned int olen = ext4_fname_encrypted_size(inode, ilen);
  257. crypto_str->len = olen;
  258. if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2)
  259. olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2;
  260. /* Allocated buffer can hold one more character to null-terminate the
  261. * string */
  262. crypto_str->name = kmalloc(olen+1, GFP_NOFS);
  263. if (!(crypto_str->name))
  264. return -ENOMEM;
  265. return 0;
  266. }
  267. /**
  268. * ext4_fname_crypto_free_buffer() -
  269. *
  270. * Frees the buffer allocated for crypto operation.
  271. */
  272. void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str)
  273. {
  274. if (!crypto_str)
  275. return;
  276. kfree(crypto_str->name);
  277. crypto_str->name = NULL;
  278. }
  279. /**
  280. * ext4_fname_disk_to_usr() - converts a filename from disk space to user space
  281. */
  282. int _ext4_fname_disk_to_usr(struct inode *inode,
  283. struct dx_hash_info *hinfo,
  284. const struct ext4_str *iname,
  285. struct ext4_str *oname)
  286. {
  287. char buf[24];
  288. int ret;
  289. if (iname->len < 3) {
  290. /*Check for . and .. */
  291. if (iname->name[0] == '.' && iname->name[iname->len-1] == '.') {
  292. oname->name[0] = '.';
  293. oname->name[iname->len-1] = '.';
  294. oname->len = iname->len;
  295. return oname->len;
  296. }
  297. }
  298. if (EXT4_I(inode)->i_crypt_info)
  299. return ext4_fname_decrypt(inode, iname, oname);
  300. if (iname->len <= EXT4_FNAME_CRYPTO_DIGEST_SIZE) {
  301. ret = digest_encode(iname->name, iname->len, oname->name);
  302. oname->len = ret;
  303. return ret;
  304. }
  305. if (hinfo) {
  306. memcpy(buf, &hinfo->hash, 4);
  307. memcpy(buf+4, &hinfo->minor_hash, 4);
  308. } else
  309. memset(buf, 0, 8);
  310. memcpy(buf + 8, iname->name + iname->len - 16, 16);
  311. oname->name[0] = '_';
  312. ret = digest_encode(buf, 24, oname->name+1);
  313. oname->len = ret + 1;
  314. return ret + 1;
  315. }
  316. int ext4_fname_disk_to_usr(struct inode *inode,
  317. struct dx_hash_info *hinfo,
  318. const struct ext4_dir_entry_2 *de,
  319. struct ext4_str *oname)
  320. {
  321. struct ext4_str iname = {.name = (unsigned char *) de->name,
  322. .len = de->name_len };
  323. return _ext4_fname_disk_to_usr(inode, hinfo, &iname, oname);
  324. }
  325. /**
  326. * ext4_fname_usr_to_disk() - converts a filename from user space to disk space
  327. */
  328. int ext4_fname_usr_to_disk(struct inode *inode,
  329. const struct qstr *iname,
  330. struct ext4_str *oname)
  331. {
  332. int res;
  333. struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
  334. if (iname->len < 3) {
  335. /*Check for . and .. */
  336. if (iname->name[0] == '.' &&
  337. iname->name[iname->len-1] == '.') {
  338. oname->name[0] = '.';
  339. oname->name[iname->len-1] = '.';
  340. oname->len = iname->len;
  341. return oname->len;
  342. }
  343. }
  344. if (ci) {
  345. res = ext4_fname_encrypt(inode, iname, oname);
  346. return res;
  347. }
  348. /* Without a proper key, a user is not allowed to modify the filenames
  349. * in a directory. Consequently, a user space name cannot be mapped to
  350. * a disk-space name */
  351. return -EACCES;
  352. }
  353. int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
  354. int lookup, struct ext4_filename *fname)
  355. {
  356. struct ext4_crypt_info *ci;
  357. int ret = 0, bigname = 0;
  358. memset(fname, 0, sizeof(struct ext4_filename));
  359. fname->usr_fname = iname;
  360. if (!ext4_encrypted_inode(dir) ||
  361. ((iname->name[0] == '.') &&
  362. ((iname->len == 1) ||
  363. ((iname->name[1] == '.') && (iname->len == 2))))) {
  364. fname->disk_name.name = (unsigned char *) iname->name;
  365. fname->disk_name.len = iname->len;
  366. return 0;
  367. }
  368. ret = ext4_get_encryption_info(dir);
  369. if (ret)
  370. return ret;
  371. ci = EXT4_I(dir)->i_crypt_info;
  372. if (ci) {
  373. ret = ext4_fname_crypto_alloc_buffer(dir, iname->len,
  374. &fname->crypto_buf);
  375. if (ret < 0)
  376. return ret;
  377. ret = ext4_fname_encrypt(dir, iname, &fname->crypto_buf);
  378. if (ret < 0)
  379. goto errout;
  380. fname->disk_name.name = fname->crypto_buf.name;
  381. fname->disk_name.len = fname->crypto_buf.len;
  382. return 0;
  383. }
  384. if (!lookup)
  385. return -EACCES;
  386. /* We don't have the key and we are doing a lookup; decode the
  387. * user-supplied name
  388. */
  389. if (iname->name[0] == '_')
  390. bigname = 1;
  391. if ((bigname && (iname->len != 33)) ||
  392. (!bigname && (iname->len > 43)))
  393. return -ENOENT;
  394. fname->crypto_buf.name = kmalloc(32, GFP_KERNEL);
  395. if (fname->crypto_buf.name == NULL)
  396. return -ENOMEM;
  397. ret = digest_decode(iname->name + bigname, iname->len - bigname,
  398. fname->crypto_buf.name);
  399. if (ret < 0) {
  400. ret = -ENOENT;
  401. goto errout;
  402. }
  403. fname->crypto_buf.len = ret;
  404. if (bigname) {
  405. memcpy(&fname->hinfo.hash, fname->crypto_buf.name, 4);
  406. memcpy(&fname->hinfo.minor_hash, fname->crypto_buf.name + 4, 4);
  407. } else {
  408. fname->disk_name.name = fname->crypto_buf.name;
  409. fname->disk_name.len = fname->crypto_buf.len;
  410. }
  411. return 0;
  412. errout:
  413. kfree(fname->crypto_buf.name);
  414. fname->crypto_buf.name = NULL;
  415. return ret;
  416. }
  417. void ext4_fname_free_filename(struct ext4_filename *fname)
  418. {
  419. kfree(fname->crypto_buf.name);
  420. fname->crypto_buf.name = NULL;
  421. fname->usr_fname = NULL;
  422. fname->disk_name.name = NULL;
  423. }