1 /*
2 * linux/fs/ext4/crypto_fname.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains functions for filename crypto management in ext4
7 *
8 * Written by Uday Savagaonkar, 2014.
9 *
10 * This has not yet undergone a rigorous security audit.
11 *
12 */
13
14 #include <crypto/hash.h>
15 #include <crypto/sha.h>
16 #include <keys/encrypted-type.h>
17 #include <keys/user-type.h>
18 #include <linux/crypto.h>
19 #include <linux/gfp.h>
20 #include <linux/kernel.h>
21 #include <linux/key.h>
22 #include <linux/list.h>
23 #include <linux/mempool.h>
24 #include <linux/random.h>
25 #include <linux/scatterlist.h>
26 #include <linux/spinlock_types.h>
27
28 #include "ext4.h"
29 #include "ext4_crypto.h"
30 #include "xattr.h"
31
32 /**
33 * ext4_dir_crypt_complete() -
34 */
ext4_dir_crypt_complete(struct crypto_async_request * req,int res)35 static void ext4_dir_crypt_complete(struct crypto_async_request *req, int res)
36 {
37 struct ext4_completion_result *ecr = req->data;
38
39 if (res == -EINPROGRESS)
40 return;
41 ecr->res = res;
42 complete(&ecr->completion);
43 }
44
max_name_len(struct inode * inode)45 static unsigned max_name_len(struct inode *inode)
46 {
47 return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
48 EXT4_NAME_LEN;
49 }
50
51 /**
52 * ext4_fname_encrypt() -
53 *
54 * This function encrypts the input filename, and returns the length of the
55 * ciphertext. Errors are returned as negative numbers. We trust the caller to
56 * allocate sufficient memory to oname string.
57 */
ext4_fname_encrypt(struct inode * inode,const struct qstr * iname,struct ext4_str * oname)58 static int ext4_fname_encrypt(struct inode *inode,
59 const struct qstr *iname,
60 struct ext4_str *oname)
61 {
62 u32 ciphertext_len;
63 struct ablkcipher_request *req = NULL;
64 DECLARE_EXT4_COMPLETION_RESULT(ecr);
65 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
66 struct crypto_ablkcipher *tfm = ci->ci_ctfm;
67 int res = 0;
68 char iv[EXT4_CRYPTO_BLOCK_SIZE];
69 struct scatterlist src_sg, dst_sg;
70 int padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
71 char *workbuf, buf[32], *alloc_buf = NULL;
72 unsigned lim = max_name_len(inode);
73
74 if (iname->len <= 0 || iname->len > lim)
75 return -EIO;
76
77 ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ?
78 EXT4_CRYPTO_BLOCK_SIZE : iname->len;
79 ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding);
80 ciphertext_len = (ciphertext_len > lim)
81 ? lim : ciphertext_len;
82
83 if (ciphertext_len <= sizeof(buf)) {
84 workbuf = buf;
85 } else {
86 alloc_buf = kmalloc(ciphertext_len, GFP_NOFS);
87 if (!alloc_buf)
88 return -ENOMEM;
89 workbuf = alloc_buf;
90 }
91
92 /* Allocate request */
93 req = ablkcipher_request_alloc(tfm, GFP_NOFS);
94 if (!req) {
95 printk_ratelimited(
96 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
97 kfree(alloc_buf);
98 return -ENOMEM;
99 }
100 ablkcipher_request_set_callback(req,
101 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
102 ext4_dir_crypt_complete, &ecr);
103
104 /* Copy the input */
105 memcpy(workbuf, iname->name, iname->len);
106 if (iname->len < ciphertext_len)
107 memset(workbuf + iname->len, 0, ciphertext_len - iname->len);
108
109 /* Initialize IV */
110 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
111
112 /* Create encryption request */
113 sg_init_one(&src_sg, workbuf, ciphertext_len);
114 sg_init_one(&dst_sg, oname->name, ciphertext_len);
115 ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
116 res = crypto_ablkcipher_encrypt(req);
117 if (res == -EINPROGRESS || res == -EBUSY) {
118 wait_for_completion(&ecr.completion);
119 res = ecr.res;
120 }
121 kfree(alloc_buf);
122 ablkcipher_request_free(req);
123 if (res < 0) {
124 printk_ratelimited(
125 KERN_ERR "%s: Error (error code %d)\n", __func__, res);
126 }
127 oname->len = ciphertext_len;
128 return res;
129 }
130
131 /*
132 * ext4_fname_decrypt()
133 * This function decrypts the input filename, and returns
134 * the length of the plaintext.
135 * Errors are returned as negative numbers.
136 * We trust the caller to allocate sufficient memory to oname string.
137 */
ext4_fname_decrypt(struct inode * inode,const struct ext4_str * iname,struct ext4_str * oname)138 static int ext4_fname_decrypt(struct inode *inode,
139 const struct ext4_str *iname,
140 struct ext4_str *oname)
141 {
142 struct ext4_str tmp_in[2], tmp_out[1];
143 struct ablkcipher_request *req = NULL;
144 DECLARE_EXT4_COMPLETION_RESULT(ecr);
145 struct scatterlist src_sg, dst_sg;
146 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
147 struct crypto_ablkcipher *tfm = ci->ci_ctfm;
148 int res = 0;
149 char iv[EXT4_CRYPTO_BLOCK_SIZE];
150 unsigned lim = max_name_len(inode);
151
152 if (iname->len <= 0 || iname->len > lim)
153 return -EIO;
154
155 tmp_in[0].name = iname->name;
156 tmp_in[0].len = iname->len;
157 tmp_out[0].name = oname->name;
158
159 /* Allocate request */
160 req = ablkcipher_request_alloc(tfm, GFP_NOFS);
161 if (!req) {
162 printk_ratelimited(
163 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
164 return -ENOMEM;
165 }
166 ablkcipher_request_set_callback(req,
167 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
168 ext4_dir_crypt_complete, &ecr);
169
170 /* Initialize IV */
171 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
172
173 /* Create encryption request */
174 sg_init_one(&src_sg, iname->name, iname->len);
175 sg_init_one(&dst_sg, oname->name, oname->len);
176 ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
177 res = crypto_ablkcipher_decrypt(req);
178 if (res == -EINPROGRESS || res == -EBUSY) {
179 wait_for_completion(&ecr.completion);
180 res = ecr.res;
181 }
182 ablkcipher_request_free(req);
183 if (res < 0) {
184 printk_ratelimited(
185 KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n",
186 __func__, res);
187 return res;
188 }
189
190 oname->len = strnlen(oname->name, iname->len);
191 return oname->len;
192 }
193
194 static const char *lookup_table =
195 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
196
197 /**
198 * ext4_fname_encode_digest() -
199 *
200 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
201 * The encoded string is roughly 4/3 times the size of the input string.
202 */
digest_encode(const char * src,int len,char * dst)203 static int digest_encode(const char *src, int len, char *dst)
204 {
205 int i = 0, bits = 0, ac = 0;
206 char *cp = dst;
207
208 while (i < len) {
209 ac += (((unsigned char) src[i]) << bits);
210 bits += 8;
211 do {
212 *cp++ = lookup_table[ac & 0x3f];
213 ac >>= 6;
214 bits -= 6;
215 } while (bits >= 6);
216 i++;
217 }
218 if (bits)
219 *cp++ = lookup_table[ac & 0x3f];
220 return cp - dst;
221 }
222
digest_decode(const char * src,int len,char * dst)223 static int digest_decode(const char *src, int len, char *dst)
224 {
225 int i = 0, bits = 0, ac = 0;
226 const char *p;
227 char *cp = dst;
228
229 while (i < len) {
230 p = strchr(lookup_table, src[i]);
231 if (p == NULL || src[i] == 0)
232 return -2;
233 ac += (p - lookup_table) << bits;
234 bits += 6;
235 if (bits >= 8) {
236 *cp++ = ac & 0xff;
237 ac >>= 8;
238 bits -= 8;
239 }
240 i++;
241 }
242 if (ac)
243 return -1;
244 return cp - dst;
245 }
246
247 /**
248 * ext4_fname_crypto_round_up() -
249 *
250 * Return: The next multiple of block size
251 */
ext4_fname_crypto_round_up(u32 size,u32 blksize)252 u32 ext4_fname_crypto_round_up(u32 size, u32 blksize)
253 {
254 return ((size+blksize-1)/blksize)*blksize;
255 }
256
ext4_fname_encrypted_size(struct inode * inode,u32 ilen)257 unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen)
258 {
259 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
260 int padding = 32;
261
262 if (ci)
263 padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
264 if (ilen < EXT4_CRYPTO_BLOCK_SIZE)
265 ilen = EXT4_CRYPTO_BLOCK_SIZE;
266 return ext4_fname_crypto_round_up(ilen, padding);
267 }
268
269 /*
270 * ext4_fname_crypto_alloc_buffer() -
271 *
272 * Allocates an output buffer that is sufficient for the crypto operation
273 * specified by the context and the direction.
274 */
ext4_fname_crypto_alloc_buffer(struct inode * inode,u32 ilen,struct ext4_str * crypto_str)275 int ext4_fname_crypto_alloc_buffer(struct inode *inode,
276 u32 ilen, struct ext4_str *crypto_str)
277 {
278 unsigned int olen = ext4_fname_encrypted_size(inode, ilen);
279
280 crypto_str->len = olen;
281 if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2)
282 olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2;
283 /* Allocated buffer can hold one more character to null-terminate the
284 * string */
285 crypto_str->name = kmalloc(olen+1, GFP_NOFS);
286 if (!(crypto_str->name))
287 return -ENOMEM;
288 return 0;
289 }
290
291 /**
292 * ext4_fname_crypto_free_buffer() -
293 *
294 * Frees the buffer allocated for crypto operation.
295 */
ext4_fname_crypto_free_buffer(struct ext4_str * crypto_str)296 void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str)
297 {
298 if (!crypto_str)
299 return;
300 kfree(crypto_str->name);
301 crypto_str->name = NULL;
302 }
303
304 /**
305 * ext4_fname_disk_to_usr() - converts a filename from disk space to user space
306 */
_ext4_fname_disk_to_usr(struct inode * inode,struct dx_hash_info * hinfo,const struct ext4_str * iname,struct ext4_str * oname)307 int _ext4_fname_disk_to_usr(struct inode *inode,
308 struct dx_hash_info *hinfo,
309 const struct ext4_str *iname,
310 struct ext4_str *oname)
311 {
312 char buf[24];
313 int ret;
314
315 if (iname->len < 3) {
316 /*Check for . and .. */
317 if (iname->name[0] == '.' && iname->name[iname->len-1] == '.') {
318 oname->name[0] = '.';
319 oname->name[iname->len-1] = '.';
320 oname->len = iname->len;
321 return oname->len;
322 }
323 }
324 if (iname->len < EXT4_CRYPTO_BLOCK_SIZE) {
325 EXT4_ERROR_INODE(inode, "encrypted inode too small");
326 return -EUCLEAN;
327 }
328 if (EXT4_I(inode)->i_crypt_info)
329 return ext4_fname_decrypt(inode, iname, oname);
330
331 if (iname->len <= EXT4_FNAME_CRYPTO_DIGEST_SIZE) {
332 ret = digest_encode(iname->name, iname->len, oname->name);
333 oname->len = ret;
334 return ret;
335 }
336 if (hinfo) {
337 memcpy(buf, &hinfo->hash, 4);
338 memcpy(buf+4, &hinfo->minor_hash, 4);
339 } else
340 memset(buf, 0, 8);
341 memcpy(buf + 8, iname->name + ((iname->len - 17) & ~15), 16);
342 oname->name[0] = '_';
343 ret = digest_encode(buf, 24, oname->name+1);
344 oname->len = ret + 1;
345 return ret + 1;
346 }
347
ext4_fname_disk_to_usr(struct inode * inode,struct dx_hash_info * hinfo,const struct ext4_dir_entry_2 * de,struct ext4_str * oname)348 int ext4_fname_disk_to_usr(struct inode *inode,
349 struct dx_hash_info *hinfo,
350 const struct ext4_dir_entry_2 *de,
351 struct ext4_str *oname)
352 {
353 struct ext4_str iname = {.name = (unsigned char *) de->name,
354 .len = de->name_len };
355
356 return _ext4_fname_disk_to_usr(inode, hinfo, &iname, oname);
357 }
358
359
360 /**
361 * ext4_fname_usr_to_disk() - converts a filename from user space to disk space
362 */
ext4_fname_usr_to_disk(struct inode * inode,const struct qstr * iname,struct ext4_str * oname)363 int ext4_fname_usr_to_disk(struct inode *inode,
364 const struct qstr *iname,
365 struct ext4_str *oname)
366 {
367 int res;
368 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
369
370 if (iname->len < 3) {
371 /*Check for . and .. */
372 if (iname->name[0] == '.' &&
373 iname->name[iname->len-1] == '.') {
374 oname->name[0] = '.';
375 oname->name[iname->len-1] = '.';
376 oname->len = iname->len;
377 return oname->len;
378 }
379 }
380 if (ci) {
381 res = ext4_fname_encrypt(inode, iname, oname);
382 return res;
383 }
384 /* Without a proper key, a user is not allowed to modify the filenames
385 * in a directory. Consequently, a user space name cannot be mapped to
386 * a disk-space name */
387 return -EACCES;
388 }
389
ext4_fname_setup_filename(struct inode * dir,const struct qstr * iname,int lookup,struct ext4_filename * fname)390 int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
391 int lookup, struct ext4_filename *fname)
392 {
393 struct ext4_crypt_info *ci;
394 int ret = 0, bigname = 0;
395
396 memset(fname, 0, sizeof(struct ext4_filename));
397 fname->usr_fname = iname;
398
399 if (!ext4_encrypted_inode(dir) ||
400 ((iname->name[0] == '.') &&
401 ((iname->len == 1) ||
402 ((iname->name[1] == '.') && (iname->len == 2))))) {
403 fname->disk_name.name = (unsigned char *) iname->name;
404 fname->disk_name.len = iname->len;
405 return 0;
406 }
407 ret = ext4_get_encryption_info(dir);
408 if (ret)
409 return ret;
410 ci = EXT4_I(dir)->i_crypt_info;
411 if (ci) {
412 ret = ext4_fname_crypto_alloc_buffer(dir, iname->len,
413 &fname->crypto_buf);
414 if (ret < 0)
415 return ret;
416 ret = ext4_fname_encrypt(dir, iname, &fname->crypto_buf);
417 if (ret < 0)
418 goto errout;
419 fname->disk_name.name = fname->crypto_buf.name;
420 fname->disk_name.len = fname->crypto_buf.len;
421 return 0;
422 }
423 if (!lookup)
424 return -EACCES;
425
426 /* We don't have the key and we are doing a lookup; decode the
427 * user-supplied name
428 */
429 if (iname->name[0] == '_')
430 bigname = 1;
431 if ((bigname && (iname->len != 33)) ||
432 (!bigname && (iname->len > 43)))
433 return -ENOENT;
434
435 fname->crypto_buf.name = kmalloc(32, GFP_KERNEL);
436 if (fname->crypto_buf.name == NULL)
437 return -ENOMEM;
438 ret = digest_decode(iname->name + bigname, iname->len - bigname,
439 fname->crypto_buf.name);
440 if (ret < 0) {
441 ret = -ENOENT;
442 goto errout;
443 }
444 fname->crypto_buf.len = ret;
445 if (bigname) {
446 memcpy(&fname->hinfo.hash, fname->crypto_buf.name, 4);
447 memcpy(&fname->hinfo.minor_hash, fname->crypto_buf.name + 4, 4);
448 } else {
449 fname->disk_name.name = fname->crypto_buf.name;
450 fname->disk_name.len = fname->crypto_buf.len;
451 }
452 return 0;
453 errout:
454 kfree(fname->crypto_buf.name);
455 fname->crypto_buf.name = NULL;
456 return ret;
457 }
458
ext4_fname_free_filename(struct ext4_filename * fname)459 void ext4_fname_free_filename(struct ext4_filename *fname)
460 {
461 kfree(fname->crypto_buf.name);
462 fname->crypto_buf.name = NULL;
463 fname->usr_fname = NULL;
464 fname->disk_name.name = NULL;
465 }
466