crypto_fname.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438
  1. /*
  2. * linux/fs/f2fs/crypto_fname.c
  3. *
  4. * Copied from linux/fs/ext4/crypto.c
  5. *
  6. * Copyright (C) 2015, Google, Inc.
  7. * Copyright (C) 2015, Motorola Mobility
  8. *
  9. * This contains functions for filename crypto management in f2fs
  10. *
  11. * Written by Uday Savagaonkar, 2014.
  12. *
  13. * Adjust f2fs dentry structure
  14. * Jaegeuk Kim, 2015.
  15. *
  16. * This has not yet undergone a rigorous security audit.
  17. */
  18. #include <crypto/hash.h>
  19. #include <crypto/sha.h>
  20. #include <keys/encrypted-type.h>
  21. #include <keys/user-type.h>
  22. #include <linux/crypto.h>
  23. #include <linux/gfp.h>
  24. #include <linux/kernel.h>
  25. #include <linux/key.h>
  26. #include <linux/list.h>
  27. #include <linux/mempool.h>
  28. #include <linux/random.h>
  29. #include <linux/scatterlist.h>
  30. #include <linux/spinlock_types.h>
  31. #include <linux/f2fs_fs.h>
  32. #include <linux/ratelimit.h>
  33. #include "f2fs.h"
  34. #include "f2fs_crypto.h"
  35. #include "xattr.h"
  36. /**
  37. * f2fs_dir_crypt_complete() -
  38. */
  39. static void f2fs_dir_crypt_complete(struct crypto_async_request *req, int res)
  40. {
  41. struct f2fs_completion_result *ecr = req->data;
  42. if (res == -EINPROGRESS)
  43. return;
  44. ecr->res = res;
  45. complete(&ecr->completion);
  46. }
  47. bool f2fs_valid_filenames_enc_mode(uint32_t mode)
  48. {
  49. return (mode == F2FS_ENCRYPTION_MODE_AES_256_CTS);
  50. }
  51. static unsigned max_name_len(struct inode *inode)
  52. {
  53. return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
  54. F2FS_NAME_LEN;
  55. }
  56. /**
  57. * f2fs_fname_encrypt() -
  58. *
  59. * This function encrypts the input filename, and returns the length of the
  60. * ciphertext. Errors are returned as negative numbers. We trust the caller to
  61. * allocate sufficient memory to oname string.
  62. */
  63. static int f2fs_fname_encrypt(struct inode *inode,
  64. const struct qstr *iname, struct f2fs_str *oname)
  65. {
  66. u32 ciphertext_len;
  67. struct ablkcipher_request *req = NULL;
  68. DECLARE_F2FS_COMPLETION_RESULT(ecr);
  69. struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
  70. struct crypto_ablkcipher *tfm = ci->ci_ctfm;
  71. int res = 0;
  72. char iv[F2FS_CRYPTO_BLOCK_SIZE];
  73. struct scatterlist src_sg, dst_sg;
  74. int padding = 4 << (ci->ci_flags & F2FS_POLICY_FLAGS_PAD_MASK);
  75. char *workbuf, buf[32], *alloc_buf = NULL;
  76. unsigned lim = max_name_len(inode);
  77. if (iname->len <= 0 || iname->len > lim)
  78. return -EIO;
  79. ciphertext_len = (iname->len < F2FS_CRYPTO_BLOCK_SIZE) ?
  80. F2FS_CRYPTO_BLOCK_SIZE : iname->len;
  81. ciphertext_len = f2fs_fname_crypto_round_up(ciphertext_len, padding);
  82. ciphertext_len = (ciphertext_len > lim) ? lim : ciphertext_len;
  83. if (ciphertext_len <= sizeof(buf)) {
  84. workbuf = buf;
  85. } else {
  86. alloc_buf = kmalloc(ciphertext_len, GFP_NOFS);
  87. if (!alloc_buf)
  88. return -ENOMEM;
  89. workbuf = alloc_buf;
  90. }
  91. /* Allocate request */
  92. req = ablkcipher_request_alloc(tfm, GFP_NOFS);
  93. if (!req) {
  94. printk_ratelimited(KERN_ERR
  95. "%s: crypto_request_alloc() failed\n", __func__);
  96. kfree(alloc_buf);
  97. return -ENOMEM;
  98. }
  99. ablkcipher_request_set_callback(req,
  100. CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
  101. f2fs_dir_crypt_complete, &ecr);
  102. /* Copy the input */
  103. memcpy(workbuf, iname->name, iname->len);
  104. if (iname->len < ciphertext_len)
  105. memset(workbuf + iname->len, 0, ciphertext_len - iname->len);
  106. /* Initialize IV */
  107. memset(iv, 0, F2FS_CRYPTO_BLOCK_SIZE);
  108. /* Create encryption request */
  109. sg_init_one(&src_sg, workbuf, ciphertext_len);
  110. sg_init_one(&dst_sg, oname->name, ciphertext_len);
  111. ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
  112. res = crypto_ablkcipher_encrypt(req);
  113. if (res == -EINPROGRESS || res == -EBUSY) {
  114. wait_for_completion(&ecr.completion);
  115. res = ecr.res;
  116. }
  117. kfree(alloc_buf);
  118. ablkcipher_request_free(req);
  119. if (res < 0) {
  120. printk_ratelimited(KERN_ERR
  121. "%s: Error (error code %d)\n", __func__, res);
  122. }
  123. oname->len = ciphertext_len;
  124. return res;
  125. }
  126. /*
  127. * f2fs_fname_decrypt()
  128. * This function decrypts the input filename, and returns
  129. * the length of the plaintext.
  130. * Errors are returned as negative numbers.
  131. * We trust the caller to allocate sufficient memory to oname string.
  132. */
  133. static int f2fs_fname_decrypt(struct inode *inode,
  134. const struct f2fs_str *iname, struct f2fs_str *oname)
  135. {
  136. struct ablkcipher_request *req = NULL;
  137. DECLARE_F2FS_COMPLETION_RESULT(ecr);
  138. struct scatterlist src_sg, dst_sg;
  139. struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
  140. struct crypto_ablkcipher *tfm = ci->ci_ctfm;
  141. int res = 0;
  142. char iv[F2FS_CRYPTO_BLOCK_SIZE];
  143. unsigned lim = max_name_len(inode);
  144. if (iname->len <= 0 || iname->len > lim)
  145. return -EIO;
  146. /* Allocate request */
  147. req = ablkcipher_request_alloc(tfm, GFP_NOFS);
  148. if (!req) {
  149. printk_ratelimited(KERN_ERR
  150. "%s: crypto_request_alloc() failed\n", __func__);
  151. return -ENOMEM;
  152. }
  153. ablkcipher_request_set_callback(req,
  154. CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
  155. f2fs_dir_crypt_complete, &ecr);
  156. /* Initialize IV */
  157. memset(iv, 0, F2FS_CRYPTO_BLOCK_SIZE);
  158. /* Create decryption request */
  159. sg_init_one(&src_sg, iname->name, iname->len);
  160. sg_init_one(&dst_sg, oname->name, oname->len);
  161. ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
  162. res = crypto_ablkcipher_decrypt(req);
  163. if (res == -EINPROGRESS || res == -EBUSY) {
  164. wait_for_completion(&ecr.completion);
  165. res = ecr.res;
  166. }
  167. ablkcipher_request_free(req);
  168. if (res < 0) {
  169. printk_ratelimited(KERN_ERR
  170. "%s: Error in f2fs_fname_decrypt (error code %d)\n",
  171. __func__, res);
  172. return res;
  173. }
  174. oname->len = strnlen(oname->name, iname->len);
  175. return oname->len;
  176. }
  177. static const char *lookup_table =
  178. "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
  179. /**
  180. * f2fs_fname_encode_digest() -
  181. *
  182. * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
  183. * The encoded string is roughly 4/3 times the size of the input string.
  184. */
  185. static int digest_encode(const char *src, int len, char *dst)
  186. {
  187. int i = 0, bits = 0, ac = 0;
  188. char *cp = dst;
  189. while (i < len) {
  190. ac += (((unsigned char) src[i]) << bits);
  191. bits += 8;
  192. do {
  193. *cp++ = lookup_table[ac & 0x3f];
  194. ac >>= 6;
  195. bits -= 6;
  196. } while (bits >= 6);
  197. i++;
  198. }
  199. if (bits)
  200. *cp++ = lookup_table[ac & 0x3f];
  201. return cp - dst;
  202. }
  203. static int digest_decode(const char *src, int len, char *dst)
  204. {
  205. int i = 0, bits = 0, ac = 0;
  206. const char *p;
  207. char *cp = dst;
  208. while (i < len) {
  209. p = strchr(lookup_table, src[i]);
  210. if (p == NULL || src[i] == 0)
  211. return -2;
  212. ac += (p - lookup_table) << bits;
  213. bits += 6;
  214. if (bits >= 8) {
  215. *cp++ = ac & 0xff;
  216. ac >>= 8;
  217. bits -= 8;
  218. }
  219. i++;
  220. }
  221. if (ac)
  222. return -1;
  223. return cp - dst;
  224. }
  225. /**
  226. * f2fs_fname_crypto_round_up() -
  227. *
  228. * Return: The next multiple of block size
  229. */
  230. u32 f2fs_fname_crypto_round_up(u32 size, u32 blksize)
  231. {
  232. return ((size + blksize - 1) / blksize) * blksize;
  233. }
  234. /**
  235. * f2fs_fname_crypto_alloc_obuff() -
  236. *
  237. * Allocates an output buffer that is sufficient for the crypto operation
  238. * specified by the context and the direction.
  239. */
  240. int f2fs_fname_crypto_alloc_buffer(struct inode *inode,
  241. u32 ilen, struct f2fs_str *crypto_str)
  242. {
  243. unsigned int olen;
  244. int padding = 16;
  245. struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
  246. if (ci)
  247. padding = 4 << (ci->ci_flags & F2FS_POLICY_FLAGS_PAD_MASK);
  248. if (padding < F2FS_CRYPTO_BLOCK_SIZE)
  249. padding = F2FS_CRYPTO_BLOCK_SIZE;
  250. olen = f2fs_fname_crypto_round_up(ilen, padding);
  251. crypto_str->len = olen;
  252. if (olen < F2FS_FNAME_CRYPTO_DIGEST_SIZE * 2)
  253. olen = F2FS_FNAME_CRYPTO_DIGEST_SIZE * 2;
  254. /* Allocated buffer can hold one more character to null-terminate the
  255. * string */
  256. crypto_str->name = kmalloc(olen + 1, GFP_NOFS);
  257. if (!(crypto_str->name))
  258. return -ENOMEM;
  259. return 0;
  260. }
  261. /**
  262. * f2fs_fname_crypto_free_buffer() -
  263. *
  264. * Frees the buffer allocated for crypto operation.
  265. */
  266. void f2fs_fname_crypto_free_buffer(struct f2fs_str *crypto_str)
  267. {
  268. if (!crypto_str)
  269. return;
  270. kfree(crypto_str->name);
  271. crypto_str->name = NULL;
  272. }
  273. /**
  274. * f2fs_fname_disk_to_usr() - converts a filename from disk space to user space
  275. */
  276. int f2fs_fname_disk_to_usr(struct inode *inode,
  277. f2fs_hash_t *hash,
  278. const struct f2fs_str *iname,
  279. struct f2fs_str *oname)
  280. {
  281. const struct qstr qname = FSTR_TO_QSTR(iname);
  282. char buf[24];
  283. int ret;
  284. if (is_dot_dotdot(&qname)) {
  285. oname->name[0] = '.';
  286. oname->name[iname->len - 1] = '.';
  287. oname->len = iname->len;
  288. return oname->len;
  289. }
  290. if (F2FS_I(inode)->i_crypt_info)
  291. return f2fs_fname_decrypt(inode, iname, oname);
  292. if (iname->len <= F2FS_FNAME_CRYPTO_DIGEST_SIZE) {
  293. ret = digest_encode(iname->name, iname->len, oname->name);
  294. oname->len = ret;
  295. return ret;
  296. }
  297. if (hash) {
  298. memcpy(buf, hash, 4);
  299. memset(buf + 4, 0, 4);
  300. } else
  301. memset(buf, 0, 8);
  302. memcpy(buf + 8, iname->name + ((iname->len - 17) & ~15), 16);
  303. oname->name[0] = '_';
  304. ret = digest_encode(buf, 24, oname->name + 1);
  305. oname->len = ret + 1;
  306. return ret + 1;
  307. }
  308. /**
  309. * f2fs_fname_usr_to_disk() - converts a filename from user space to disk space
  310. */
  311. int f2fs_fname_usr_to_disk(struct inode *inode,
  312. const struct qstr *iname,
  313. struct f2fs_str *oname)
  314. {
  315. int res;
  316. struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
  317. if (is_dot_dotdot(iname)) {
  318. oname->name[0] = '.';
  319. oname->name[iname->len - 1] = '.';
  320. oname->len = iname->len;
  321. return oname->len;
  322. }
  323. if (ci) {
  324. res = f2fs_fname_encrypt(inode, iname, oname);
  325. return res;
  326. }
  327. /* Without a proper key, a user is not allowed to modify the filenames
  328. * in a directory. Consequently, a user space name cannot be mapped to
  329. * a disk-space name */
  330. return -EACCES;
  331. }
  332. int f2fs_fname_setup_filename(struct inode *dir, const struct qstr *iname,
  333. int lookup, struct f2fs_filename *fname)
  334. {
  335. struct f2fs_crypt_info *ci;
  336. int ret = 0, bigname = 0;
  337. memset(fname, 0, sizeof(struct f2fs_filename));
  338. fname->usr_fname = iname;
  339. if (!f2fs_encrypted_inode(dir) || is_dot_dotdot(iname)) {
  340. fname->disk_name.name = (unsigned char *)iname->name;
  341. fname->disk_name.len = iname->len;
  342. return 0;
  343. }
  344. ret = f2fs_get_encryption_info(dir);
  345. if (ret)
  346. return ret;
  347. ci = F2FS_I(dir)->i_crypt_info;
  348. if (ci) {
  349. ret = f2fs_fname_crypto_alloc_buffer(dir, iname->len,
  350. &fname->crypto_buf);
  351. if (ret < 0)
  352. return ret;
  353. ret = f2fs_fname_encrypt(dir, iname, &fname->crypto_buf);
  354. if (ret < 0)
  355. goto errout;
  356. fname->disk_name.name = fname->crypto_buf.name;
  357. fname->disk_name.len = fname->crypto_buf.len;
  358. return 0;
  359. }
  360. if (!lookup)
  361. return -EACCES;
  362. /* We don't have the key and we are doing a lookup; decode the
  363. * user-supplied name
  364. */
  365. if (iname->name[0] == '_')
  366. bigname = 1;
  367. if ((bigname && (iname->len != 33)) ||
  368. (!bigname && (iname->len > 43)))
  369. return -ENOENT;
  370. fname->crypto_buf.name = kmalloc(32, GFP_KERNEL);
  371. if (fname->crypto_buf.name == NULL)
  372. return -ENOMEM;
  373. ret = digest_decode(iname->name + bigname, iname->len - bigname,
  374. fname->crypto_buf.name);
  375. if (ret < 0) {
  376. ret = -ENOENT;
  377. goto errout;
  378. }
  379. fname->crypto_buf.len = ret;
  380. if (bigname) {
  381. memcpy(&fname->hash, fname->crypto_buf.name, 4);
  382. } else {
  383. fname->disk_name.name = fname->crypto_buf.name;
  384. fname->disk_name.len = fname->crypto_buf.len;
  385. }
  386. return 0;
  387. errout:
  388. f2fs_fname_crypto_free_buffer(&fname->crypto_buf);
  389. return ret;
  390. }
  391. void f2fs_fname_free_filename(struct f2fs_filename *fname)
  392. {
  393. kfree(fname->crypto_buf.name);
  394. fname->crypto_buf.name = NULL;
  395. fname->usr_fname = NULL;
  396. fname->disk_name.name = NULL;
  397. }