1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * In-kernel key management code. Includes functions to parse and 4 * write authentication token-related packets with the underlying 5 * file. 6 * 7 * Copyright (C) 2004-2006 International Business Machines Corp. 8 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 9 * Michael C. Thompson <mcthomps@us.ibm.com> 10 * Trevor S. Highland <trevor.highland@gmail.com> 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License as 14 * published by the Free Software Foundation; either version 2 of the 15 * License, or (at your option) any later version. 16 * 17 * This program is distributed in the hope that it will be useful, but 18 * WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 * General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program; if not, write to the Free Software 24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 25 * 02111-1307, USA. 26 */ 27 28 #include <linux/string.h> 29 #include <linux/syscalls.h> 30 #include <linux/pagemap.h> 31 #include <linux/key.h> 32 #include <linux/random.h> 33 #include <linux/crypto.h> 34 #include <linux/scatterlist.h> 35 #include "ecryptfs_kernel.h" 36 37 /** 38 * request_key returned an error instead of a valid key address; 39 * determine the type of error, make appropriate log entries, and 40 * return an error code. 41 */ 42 int process_request_key_err(long err_code) 43 { 44 int rc = 0; 45 46 switch (err_code) { 47 case ENOKEY: 48 ecryptfs_printk(KERN_WARNING, "No key\n"); 49 rc = -ENOENT; 50 break; 51 case EKEYEXPIRED: 52 ecryptfs_printk(KERN_WARNING, "Key expired\n"); 53 rc = -ETIME; 54 break; 55 case EKEYREVOKED: 56 ecryptfs_printk(KERN_WARNING, "Key revoked\n"); 57 rc = -EINVAL; 58 break; 59 default: 60 ecryptfs_printk(KERN_WARNING, "Unknown error code: " 61 "[0x%.16x]\n", err_code); 62 rc = -EINVAL; 63 } 64 return rc; 65 } 66 67 /** 68 * parse_packet_length 69 * @data: Pointer to memory containing length at offset 70 * @size: This function writes the decoded size to this memory 71 * address; zero on error 72 * @length_size: The number of bytes occupied by the encoded length 73 * 74 * Returns Zero on success 75 */ 76 static int parse_packet_length(unsigned char *data, size_t *size, 77 size_t *length_size) 78 { 79 int rc = 0; 80 81 (*length_size) = 0; 82 (*size) = 0; 83 if (data[0] < 192) { 84 /* One-byte length */ 85 (*size) = (unsigned char)data[0]; 86 (*length_size) = 1; 87 } else if (data[0] < 224) { 88 /* Two-byte length */ 89 (*size) = (((unsigned char)(data[0]) - 192) * 256); 90 (*size) += ((unsigned char)(data[1]) + 192); 91 (*length_size) = 2; 92 } else if (data[0] == 255) { 93 /* Five-byte length; we're not supposed to see this */ 94 ecryptfs_printk(KERN_ERR, "Five-byte packet length not " 95 "supported\n"); 96 rc = -EINVAL; 97 goto out; 98 } else { 99 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n"); 100 rc = -EINVAL; 101 goto out; 102 } 103 out: 104 return rc; 105 } 106 107 /** 108 * write_packet_length 109 * @dest: The byte array target into which to write the 110 * length. Must have at least 5 bytes allocated. 111 * @size: The length to write. 112 * @packet_size_length: The number of bytes used to encode the 113 * packet length is written to this address. 114 * 115 * Returns zero on success; non-zero on error. 116 */ 117 static int write_packet_length(char *dest, size_t size, 118 size_t *packet_size_length) 119 { 120 int rc = 0; 121 122 if (size < 192) { 123 dest[0] = size; 124 (*packet_size_length) = 1; 125 } else if (size < 65536) { 126 dest[0] = (((size - 192) / 256) + 192); 127 dest[1] = ((size - 192) % 256); 128 (*packet_size_length) = 2; 129 } else { 130 rc = -EINVAL; 131 ecryptfs_printk(KERN_WARNING, 132 "Unsupported packet size: [%d]\n", size); 133 } 134 return rc; 135 } 136 137 static int 138 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, 139 char **packet, size_t *packet_len) 140 { 141 size_t i = 0; 142 size_t data_len; 143 size_t packet_size_len; 144 char *message; 145 int rc; 146 147 /* 148 * ***** TAG 64 Packet Format ***** 149 * | Content Type | 1 byte | 150 * | Key Identifier Size | 1 or 2 bytes | 151 * | Key Identifier | arbitrary | 152 * | Encrypted File Encryption Key Size | 1 or 2 bytes | 153 * | Encrypted File Encryption Key | arbitrary | 154 */ 155 data_len = (5 + ECRYPTFS_SIG_SIZE_HEX 156 + session_key->encrypted_key_size); 157 *packet = kmalloc(data_len, GFP_KERNEL); 158 message = *packet; 159 if (!message) { 160 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n"); 161 rc = -ENOMEM; 162 goto out; 163 } 164 message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; 165 rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, 166 &packet_size_len); 167 if (rc) { 168 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " 169 "header; cannot generate packet length\n"); 170 goto out; 171 } 172 i += packet_size_len; 173 memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); 174 i += ECRYPTFS_SIG_SIZE_HEX; 175 rc = write_packet_length(&message[i], session_key->encrypted_key_size, 176 &packet_size_len); 177 if (rc) { 178 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " 179 "header; cannot generate packet length\n"); 180 goto out; 181 } 182 i += packet_size_len; 183 memcpy(&message[i], session_key->encrypted_key, 184 session_key->encrypted_key_size); 185 i += session_key->encrypted_key_size; 186 *packet_len = i; 187 out: 188 return rc; 189 } 190 191 static int 192 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u16 *cipher_code, 193 struct ecryptfs_message *msg) 194 { 195 size_t i = 0; 196 char *data; 197 size_t data_len; 198 size_t m_size; 199 size_t message_len; 200 u16 checksum = 0; 201 u16 expected_checksum = 0; 202 int rc; 203 204 /* 205 * ***** TAG 65 Packet Format ***** 206 * | Content Type | 1 byte | 207 * | Status Indicator | 1 byte | 208 * | File Encryption Key Size | 1 or 2 bytes | 209 * | File Encryption Key | arbitrary | 210 */ 211 message_len = msg->data_len; 212 data = msg->data; 213 if (message_len < 4) { 214 rc = -EIO; 215 goto out; 216 } 217 if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) { 218 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n"); 219 rc = -EIO; 220 goto out; 221 } 222 if (data[i++]) { 223 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value " 224 "[%d]\n", data[i-1]); 225 rc = -EIO; 226 goto out; 227 } 228 rc = parse_packet_length(&data[i], &m_size, &data_len); 229 if (rc) { 230 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " 231 "rc = [%d]\n", rc); 232 goto out; 233 } 234 i += data_len; 235 if (message_len < (i + m_size)) { 236 ecryptfs_printk(KERN_ERR, "The received netlink message is " 237 "shorter than expected\n"); 238 rc = -EIO; 239 goto out; 240 } 241 if (m_size < 3) { 242 ecryptfs_printk(KERN_ERR, 243 "The decrypted key is not long enough to " 244 "include a cipher code and checksum\n"); 245 rc = -EIO; 246 goto out; 247 } 248 *cipher_code = data[i++]; 249 /* The decrypted key includes 1 byte cipher code and 2 byte checksum */ 250 session_key->decrypted_key_size = m_size - 3; 251 if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) { 252 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than " 253 "the maximum key size [%d]\n", 254 session_key->decrypted_key_size, 255 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); 256 rc = -EIO; 257 goto out; 258 } 259 memcpy(session_key->decrypted_key, &data[i], 260 session_key->decrypted_key_size); 261 i += session_key->decrypted_key_size; 262 expected_checksum += (unsigned char)(data[i++]) << 8; 263 expected_checksum += (unsigned char)(data[i++]); 264 for (i = 0; i < session_key->decrypted_key_size; i++) 265 checksum += session_key->decrypted_key[i]; 266 if (expected_checksum != checksum) { 267 ecryptfs_printk(KERN_ERR, "Invalid checksum for file " 268 "encryption key; expected [%x]; calculated " 269 "[%x]\n", expected_checksum, checksum); 270 rc = -EIO; 271 } 272 out: 273 return rc; 274 } 275 276 277 static int 278 write_tag_66_packet(char *signature, size_t cipher_code, 279 struct ecryptfs_crypt_stat *crypt_stat, char **packet, 280 size_t *packet_len) 281 { 282 size_t i = 0; 283 size_t j; 284 size_t data_len; 285 size_t checksum = 0; 286 size_t packet_size_len; 287 char *message; 288 int rc; 289 290 /* 291 * ***** TAG 66 Packet Format ***** 292 * | Content Type | 1 byte | 293 * | Key Identifier Size | 1 or 2 bytes | 294 * | Key Identifier | arbitrary | 295 * | File Encryption Key Size | 1 or 2 bytes | 296 * | File Encryption Key | arbitrary | 297 */ 298 data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size); 299 *packet = kmalloc(data_len, GFP_KERNEL); 300 message = *packet; 301 if (!message) { 302 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n"); 303 rc = -ENOMEM; 304 goto out; 305 } 306 message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; 307 rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, 308 &packet_size_len); 309 if (rc) { 310 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " 311 "header; cannot generate packet length\n"); 312 goto out; 313 } 314 i += packet_size_len; 315 memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); 316 i += ECRYPTFS_SIG_SIZE_HEX; 317 /* The encrypted key includes 1 byte cipher code and 2 byte checksum */ 318 rc = write_packet_length(&message[i], crypt_stat->key_size + 3, 319 &packet_size_len); 320 if (rc) { 321 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " 322 "header; cannot generate packet length\n"); 323 goto out; 324 } 325 i += packet_size_len; 326 message[i++] = cipher_code; 327 memcpy(&message[i], crypt_stat->key, crypt_stat->key_size); 328 i += crypt_stat->key_size; 329 for (j = 0; j < crypt_stat->key_size; j++) 330 checksum += crypt_stat->key[j]; 331 message[i++] = (checksum / 256) % 256; 332 message[i++] = (checksum % 256); 333 *packet_len = i; 334 out: 335 return rc; 336 } 337 338 static int 339 parse_tag_67_packet(struct ecryptfs_key_record *key_rec, 340 struct ecryptfs_message *msg) 341 { 342 size_t i = 0; 343 char *data; 344 size_t data_len; 345 size_t message_len; 346 int rc; 347 348 /* 349 * ***** TAG 65 Packet Format ***** 350 * | Content Type | 1 byte | 351 * | Status Indicator | 1 byte | 352 * | Encrypted File Encryption Key Size | 1 or 2 bytes | 353 * | Encrypted File Encryption Key | arbitrary | 354 */ 355 message_len = msg->data_len; 356 data = msg->data; 357 /* verify that everything through the encrypted FEK size is present */ 358 if (message_len < 4) { 359 rc = -EIO; 360 goto out; 361 } 362 if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { 363 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_67\n"); 364 rc = -EIO; 365 goto out; 366 } 367 if (data[i++]) { 368 ecryptfs_printk(KERN_ERR, "Status indicator has non zero value" 369 " [%d]\n", data[i-1]); 370 rc = -EIO; 371 goto out; 372 } 373 rc = parse_packet_length(&data[i], &key_rec->enc_key_size, &data_len); 374 if (rc) { 375 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " 376 "rc = [%d]\n", rc); 377 goto out; 378 } 379 i += data_len; 380 if (message_len < (i + key_rec->enc_key_size)) { 381 ecryptfs_printk(KERN_ERR, "message_len [%d]; max len is [%d]\n", 382 message_len, (i + key_rec->enc_key_size)); 383 rc = -EIO; 384 goto out; 385 } 386 if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { 387 ecryptfs_printk(KERN_ERR, "Encrypted key_size [%d] larger than " 388 "the maximum key size [%d]\n", 389 key_rec->enc_key_size, 390 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); 391 rc = -EIO; 392 goto out; 393 } 394 memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); 395 out: 396 return rc; 397 } 398 399 /** 400 * decrypt_pki_encrypted_session_key - Decrypt the session key with 401 * the given auth_tok. 402 * 403 * Returns Zero on success; non-zero error otherwise. 404 */ 405 static int decrypt_pki_encrypted_session_key( 406 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 407 struct ecryptfs_auth_tok *auth_tok, 408 struct ecryptfs_crypt_stat *crypt_stat) 409 { 410 u16 cipher_code = 0; 411 struct ecryptfs_msg_ctx *msg_ctx; 412 struct ecryptfs_message *msg = NULL; 413 char *netlink_message; 414 size_t netlink_message_length; 415 int rc; 416 417 rc = write_tag_64_packet(mount_crypt_stat->global_auth_tok_sig, 418 &(auth_tok->session_key), 419 &netlink_message, &netlink_message_length); 420 if (rc) { 421 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet"); 422 goto out; 423 } 424 rc = ecryptfs_send_message(ecryptfs_transport, netlink_message, 425 netlink_message_length, &msg_ctx); 426 if (rc) { 427 ecryptfs_printk(KERN_ERR, "Error sending netlink message\n"); 428 goto out; 429 } 430 rc = ecryptfs_wait_for_response(msg_ctx, &msg); 431 if (rc) { 432 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet " 433 "from the user space daemon\n"); 434 rc = -EIO; 435 goto out; 436 } 437 rc = parse_tag_65_packet(&(auth_tok->session_key), 438 &cipher_code, msg); 439 if (rc) { 440 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n", 441 rc); 442 goto out; 443 } 444 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; 445 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, 446 auth_tok->session_key.decrypted_key_size); 447 crypt_stat->key_size = auth_tok->session_key.decrypted_key_size; 448 rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code); 449 if (rc) { 450 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n", 451 cipher_code) 452 goto out; 453 } 454 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 455 if (ecryptfs_verbosity > 0) { 456 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); 457 ecryptfs_dump_hex(crypt_stat->key, 458 crypt_stat->key_size); 459 } 460 out: 461 if (msg) 462 kfree(msg); 463 return rc; 464 } 465 466 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head) 467 { 468 struct list_head *walker; 469 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 470 471 walker = auth_tok_list_head->next; 472 while (walker != auth_tok_list_head) { 473 auth_tok_list_item = 474 list_entry(walker, struct ecryptfs_auth_tok_list_item, 475 list); 476 walker = auth_tok_list_item->list.next; 477 memset(auth_tok_list_item, 0, 478 sizeof(struct ecryptfs_auth_tok_list_item)); 479 kmem_cache_free(ecryptfs_auth_tok_list_item_cache, 480 auth_tok_list_item); 481 } 482 auth_tok_list_head->next = NULL; 483 } 484 485 struct kmem_cache *ecryptfs_auth_tok_list_item_cache; 486 487 488 /** 489 * parse_tag_1_packet 490 * @crypt_stat: The cryptographic context to modify based on packet 491 * contents. 492 * @data: The raw bytes of the packet. 493 * @auth_tok_list: eCryptfs parses packets into authentication tokens; 494 * a new authentication token will be placed at the end 495 * of this list for this packet. 496 * @new_auth_tok: Pointer to a pointer to memory that this function 497 * allocates; sets the memory address of the pointer to 498 * NULL on error. This object is added to the 499 * auth_tok_list. 500 * @packet_size: This function writes the size of the parsed packet 501 * into this memory location; zero on error. 502 * 503 * Returns zero on success; non-zero on error. 504 */ 505 static int 506 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, 507 unsigned char *data, struct list_head *auth_tok_list, 508 struct ecryptfs_auth_tok **new_auth_tok, 509 size_t *packet_size, size_t max_packet_size) 510 { 511 size_t body_size; 512 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 513 size_t length_size; 514 int rc = 0; 515 516 (*packet_size) = 0; 517 (*new_auth_tok) = NULL; 518 519 /* we check that: 520 * one byte for the Tag 1 ID flag 521 * two bytes for the body size 522 * do not exceed the maximum_packet_size 523 */ 524 if (unlikely((*packet_size) + 3 > max_packet_size)) { 525 ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n"); 526 rc = -EINVAL; 527 goto out; 528 } 529 /* check for Tag 1 identifier - one byte */ 530 if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) { 531 ecryptfs_printk(KERN_ERR, "Enter w/ first byte != 0x%.2x\n", 532 ECRYPTFS_TAG_1_PACKET_TYPE); 533 rc = -EINVAL; 534 goto out; 535 } 536 /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or 537 * at end of function upon failure */ 538 auth_tok_list_item = 539 kmem_cache_alloc(ecryptfs_auth_tok_list_item_cache, 540 GFP_KERNEL); 541 if (!auth_tok_list_item) { 542 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n"); 543 rc = -ENOMEM; 544 goto out; 545 } 546 memset(auth_tok_list_item, 0, 547 sizeof(struct ecryptfs_auth_tok_list_item)); 548 (*new_auth_tok) = &auth_tok_list_item->auth_tok; 549 /* check for body size - one to two bytes 550 * 551 * ***** TAG 1 Packet Format ***** 552 * | version number | 1 byte | 553 * | key ID | 8 bytes | 554 * | public key algorithm | 1 byte | 555 * | encrypted session key | arbitrary | 556 */ 557 rc = parse_packet_length(&data[(*packet_size)], &body_size, 558 &length_size); 559 if (rc) { 560 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " 561 "rc = [%d]\n", rc); 562 goto out_free; 563 } 564 if (unlikely(body_size < (0x02 + ECRYPTFS_SIG_SIZE))) { 565 ecryptfs_printk(KERN_WARNING, "Invalid body size ([%d])\n", 566 body_size); 567 rc = -EINVAL; 568 goto out_free; 569 } 570 (*packet_size) += length_size; 571 if (unlikely((*packet_size) + body_size > max_packet_size)) { 572 ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n"); 573 rc = -EINVAL; 574 goto out_free; 575 } 576 /* Version 3 (from RFC2440) - one byte */ 577 if (unlikely(data[(*packet_size)++] != 0x03)) { 578 ecryptfs_printk(KERN_DEBUG, "Unknown version number " 579 "[%d]\n", data[(*packet_size) - 1]); 580 rc = -EINVAL; 581 goto out_free; 582 } 583 /* Read Signature */ 584 ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature, 585 &data[(*packet_size)], ECRYPTFS_SIG_SIZE); 586 *packet_size += ECRYPTFS_SIG_SIZE; 587 /* This byte is skipped because the kernel does not need to 588 * know which public key encryption algorithm was used */ 589 (*packet_size)++; 590 (*new_auth_tok)->session_key.encrypted_key_size = 591 body_size - (0x02 + ECRYPTFS_SIG_SIZE); 592 if ((*new_auth_tok)->session_key.encrypted_key_size 593 > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { 594 ecryptfs_printk(KERN_ERR, "Tag 1 packet contains key larger " 595 "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES"); 596 rc = -EINVAL; 597 goto out; 598 } 599 ecryptfs_printk(KERN_DEBUG, "Encrypted key size = [%d]\n", 600 (*new_auth_tok)->session_key.encrypted_key_size); 601 memcpy((*new_auth_tok)->session_key.encrypted_key, 602 &data[(*packet_size)], (body_size - 0x02 - ECRYPTFS_SIG_SIZE)); 603 (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size; 604 (*new_auth_tok)->session_key.flags &= 605 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY; 606 (*new_auth_tok)->session_key.flags |= 607 ECRYPTFS_CONTAINS_ENCRYPTED_KEY; 608 (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; 609 (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY; 610 /* TODO: Why are we setting this flag here? Don't we want the 611 * userspace to decrypt the session key? */ 612 (*new_auth_tok)->session_key.flags &= 613 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 614 (*new_auth_tok)->session_key.flags &= 615 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 616 list_add(&auth_tok_list_item->list, auth_tok_list); 617 goto out; 618 out_free: 619 (*new_auth_tok) = NULL; 620 memset(auth_tok_list_item, 0, 621 sizeof(struct ecryptfs_auth_tok_list_item)); 622 kmem_cache_free(ecryptfs_auth_tok_list_item_cache, 623 auth_tok_list_item); 624 out: 625 if (rc) 626 (*packet_size) = 0; 627 return rc; 628 } 629 630 /** 631 * parse_tag_3_packet 632 * @crypt_stat: The cryptographic context to modify based on packet 633 * contents. 634 * @data: The raw bytes of the packet. 635 * @auth_tok_list: eCryptfs parses packets into authentication tokens; 636 * a new authentication token will be placed at the end 637 * of this list for this packet. 638 * @new_auth_tok: Pointer to a pointer to memory that this function 639 * allocates; sets the memory address of the pointer to 640 * NULL on error. This object is added to the 641 * auth_tok_list. 642 * @packet_size: This function writes the size of the parsed packet 643 * into this memory location; zero on error. 644 * @max_packet_size: maximum number of bytes to parse 645 * 646 * Returns zero on success; non-zero on error. 647 */ 648 static int 649 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, 650 unsigned char *data, struct list_head *auth_tok_list, 651 struct ecryptfs_auth_tok **new_auth_tok, 652 size_t *packet_size, size_t max_packet_size) 653 { 654 size_t body_size; 655 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 656 size_t length_size; 657 int rc = 0; 658 659 (*packet_size) = 0; 660 (*new_auth_tok) = NULL; 661 662 /* we check that: 663 * one byte for the Tag 3 ID flag 664 * two bytes for the body size 665 * do not exceed the maximum_packet_size 666 */ 667 if (unlikely((*packet_size) + 3 > max_packet_size)) { 668 ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n"); 669 rc = -EINVAL; 670 goto out; 671 } 672 673 /* check for Tag 3 identifyer - one byte */ 674 if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) { 675 ecryptfs_printk(KERN_ERR, "Enter w/ first byte != 0x%.2x\n", 676 ECRYPTFS_TAG_3_PACKET_TYPE); 677 rc = -EINVAL; 678 goto out; 679 } 680 /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or 681 * at end of function upon failure */ 682 auth_tok_list_item = 683 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL); 684 if (!auth_tok_list_item) { 685 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n"); 686 rc = -ENOMEM; 687 goto out; 688 } 689 (*new_auth_tok) = &auth_tok_list_item->auth_tok; 690 691 /* check for body size - one to two bytes */ 692 rc = parse_packet_length(&data[(*packet_size)], &body_size, 693 &length_size); 694 if (rc) { 695 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " 696 "rc = [%d]\n", rc); 697 goto out_free; 698 } 699 if (unlikely(body_size < (0x05 + ECRYPTFS_SALT_SIZE))) { 700 ecryptfs_printk(KERN_WARNING, "Invalid body size ([%d])\n", 701 body_size); 702 rc = -EINVAL; 703 goto out_free; 704 } 705 (*packet_size) += length_size; 706 707 /* now we know the length of the remainting Tag 3 packet size: 708 * 5 fix bytes for: version string, cipher, S2K ID, hash algo, 709 * number of hash iterations 710 * ECRYPTFS_SALT_SIZE bytes for salt 711 * body_size bytes minus the stuff above is the encrypted key size 712 */ 713 if (unlikely((*packet_size) + body_size > max_packet_size)) { 714 ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n"); 715 rc = -EINVAL; 716 goto out_free; 717 } 718 719 /* There are 5 characters of additional information in the 720 * packet */ 721 (*new_auth_tok)->session_key.encrypted_key_size = 722 body_size - (0x05 + ECRYPTFS_SALT_SIZE); 723 ecryptfs_printk(KERN_DEBUG, "Encrypted key size = [%d]\n", 724 (*new_auth_tok)->session_key.encrypted_key_size); 725 726 /* Version 4 (from RFC2440) - one byte */ 727 if (unlikely(data[(*packet_size)++] != 0x04)) { 728 ecryptfs_printk(KERN_DEBUG, "Unknown version number " 729 "[%d]\n", data[(*packet_size) - 1]); 730 rc = -EINVAL; 731 goto out_free; 732 } 733 734 /* cipher - one byte */ 735 ecryptfs_cipher_code_to_string(crypt_stat->cipher, 736 (u16)data[(*packet_size)]); 737 /* A little extra work to differentiate among the AES key 738 * sizes; see RFC2440 */ 739 switch(data[(*packet_size)++]) { 740 case RFC2440_CIPHER_AES_192: 741 crypt_stat->key_size = 24; 742 break; 743 default: 744 crypt_stat->key_size = 745 (*new_auth_tok)->session_key.encrypted_key_size; 746 } 747 ecryptfs_init_crypt_ctx(crypt_stat); 748 /* S2K identifier 3 (from RFC2440) */ 749 if (unlikely(data[(*packet_size)++] != 0x03)) { 750 ecryptfs_printk(KERN_ERR, "Only S2K ID 3 is currently " 751 "supported\n"); 752 rc = -ENOSYS; 753 goto out_free; 754 } 755 756 /* TODO: finish the hash mapping */ 757 /* hash algorithm - one byte */ 758 switch (data[(*packet_size)++]) { 759 case 0x01: /* See RFC2440 for these numbers and their mappings */ 760 /* Choose MD5 */ 761 /* salt - ECRYPTFS_SALT_SIZE bytes */ 762 memcpy((*new_auth_tok)->token.password.salt, 763 &data[(*packet_size)], ECRYPTFS_SALT_SIZE); 764 (*packet_size) += ECRYPTFS_SALT_SIZE; 765 766 /* This conversion was taken straight from RFC2440 */ 767 /* number of hash iterations - one byte */ 768 (*new_auth_tok)->token.password.hash_iterations = 769 ((u32) 16 + (data[(*packet_size)] & 15)) 770 << ((data[(*packet_size)] >> 4) + 6); 771 (*packet_size)++; 772 773 /* encrypted session key - 774 * (body_size-5-ECRYPTFS_SALT_SIZE) bytes */ 775 memcpy((*new_auth_tok)->session_key.encrypted_key, 776 &data[(*packet_size)], 777 (*new_auth_tok)->session_key.encrypted_key_size); 778 (*packet_size) += 779 (*new_auth_tok)->session_key.encrypted_key_size; 780 (*new_auth_tok)->session_key.flags &= 781 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY; 782 (*new_auth_tok)->session_key.flags |= 783 ECRYPTFS_CONTAINS_ENCRYPTED_KEY; 784 (*new_auth_tok)->token.password.hash_algo = 0x01; 785 break; 786 default: 787 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: " 788 "[%d]\n", data[(*packet_size) - 1]); 789 rc = -ENOSYS; 790 goto out_free; 791 } 792 (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; 793 /* TODO: Parametarize; we might actually want userspace to 794 * decrypt the session key. */ 795 (*new_auth_tok)->session_key.flags &= 796 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 797 (*new_auth_tok)->session_key.flags &= 798 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 799 list_add(&auth_tok_list_item->list, auth_tok_list); 800 goto out; 801 out_free: 802 (*new_auth_tok) = NULL; 803 memset(auth_tok_list_item, 0, 804 sizeof(struct ecryptfs_auth_tok_list_item)); 805 kmem_cache_free(ecryptfs_auth_tok_list_item_cache, 806 auth_tok_list_item); 807 out: 808 if (rc) 809 (*packet_size) = 0; 810 return rc; 811 } 812 813 /** 814 * parse_tag_11_packet 815 * @data: The raw bytes of the packet 816 * @contents: This function writes the data contents of the literal 817 * packet into this memory location 818 * @max_contents_bytes: The maximum number of bytes that this function 819 * is allowed to write into contents 820 * @tag_11_contents_size: This function writes the size of the parsed 821 * contents into this memory location; zero on 822 * error 823 * @packet_size: This function writes the size of the parsed packet 824 * into this memory location; zero on error 825 * @max_packet_size: maximum number of bytes to parse 826 * 827 * Returns zero on success; non-zero on error. 828 */ 829 static int 830 parse_tag_11_packet(unsigned char *data, unsigned char *contents, 831 size_t max_contents_bytes, size_t *tag_11_contents_size, 832 size_t *packet_size, size_t max_packet_size) 833 { 834 size_t body_size; 835 size_t length_size; 836 int rc = 0; 837 838 (*packet_size) = 0; 839 (*tag_11_contents_size) = 0; 840 841 /* check that: 842 * one byte for the Tag 11 ID flag 843 * two bytes for the Tag 11 length 844 * do not exceed the maximum_packet_size 845 */ 846 if (unlikely((*packet_size) + 3 > max_packet_size)) { 847 ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n"); 848 rc = -EINVAL; 849 goto out; 850 } 851 852 /* check for Tag 11 identifyer - one byte */ 853 if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) { 854 ecryptfs_printk(KERN_WARNING, 855 "Invalid tag 11 packet format\n"); 856 rc = -EINVAL; 857 goto out; 858 } 859 860 /* get Tag 11 content length - one or two bytes */ 861 rc = parse_packet_length(&data[(*packet_size)], &body_size, 862 &length_size); 863 if (rc) { 864 ecryptfs_printk(KERN_WARNING, 865 "Invalid tag 11 packet format\n"); 866 goto out; 867 } 868 (*packet_size) += length_size; 869 870 if (body_size < 13) { 871 ecryptfs_printk(KERN_WARNING, "Invalid body size ([%d])\n", 872 body_size); 873 rc = -EINVAL; 874 goto out; 875 } 876 /* We have 13 bytes of surrounding packet values */ 877 (*tag_11_contents_size) = (body_size - 13); 878 879 /* now we know the length of the remainting Tag 11 packet size: 880 * 14 fix bytes for: special flag one, special flag two, 881 * 12 skipped bytes 882 * body_size bytes minus the stuff above is the Tag 11 content 883 */ 884 /* FIXME why is the body size one byte smaller than the actual 885 * size of the body? 886 * this seems to be an error here as well as in 887 * write_tag_11_packet() */ 888 if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) { 889 ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n"); 890 rc = -EINVAL; 891 goto out; 892 } 893 894 /* special flag one - one byte */ 895 if (data[(*packet_size)++] != 0x62) { 896 ecryptfs_printk(KERN_WARNING, "Unrecognizable packet\n"); 897 rc = -EINVAL; 898 goto out; 899 } 900 901 /* special flag two - one byte */ 902 if (data[(*packet_size)++] != 0x08) { 903 ecryptfs_printk(KERN_WARNING, "Unrecognizable packet\n"); 904 rc = -EINVAL; 905 goto out; 906 } 907 908 /* skip the next 12 bytes */ 909 (*packet_size) += 12; /* We don't care about the filename or 910 * the timestamp */ 911 912 /* get the Tag 11 contents - tag_11_contents_size bytes */ 913 memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size)); 914 (*packet_size) += (*tag_11_contents_size); 915 916 out: 917 if (rc) { 918 (*packet_size) = 0; 919 (*tag_11_contents_size) = 0; 920 } 921 return rc; 922 } 923 924 /** 925 * decrypt_session_key - Decrypt the session key with the given auth_tok. 926 * 927 * Returns Zero on success; non-zero error otherwise. 928 */ 929 static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, 930 struct ecryptfs_crypt_stat *crypt_stat) 931 { 932 struct ecryptfs_password *password_s_ptr; 933 struct scatterlist src_sg[2], dst_sg[2]; 934 struct mutex *tfm_mutex = NULL; 935 char *encrypted_session_key; 936 char *session_key; 937 struct blkcipher_desc desc = { 938 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 939 }; 940 int rc = 0; 941 942 password_s_ptr = &auth_tok->token.password; 943 if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) 944 ecryptfs_printk(KERN_DEBUG, "Session key encryption key " 945 "set; skipping key generation\n"); 946 ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" 947 ":\n", 948 password_s_ptr->session_key_encryption_key_bytes); 949 if (ecryptfs_verbosity > 0) 950 ecryptfs_dump_hex(password_s_ptr->session_key_encryption_key, 951 password_s_ptr-> 952 session_key_encryption_key_bytes); 953 if (!strcmp(crypt_stat->cipher, 954 crypt_stat->mount_crypt_stat->global_default_cipher_name) 955 && crypt_stat->mount_crypt_stat->global_key_tfm) { 956 desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm; 957 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; 958 } else { 959 char *full_alg_name; 960 961 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, 962 crypt_stat->cipher, 963 "ecb"); 964 if (rc) 965 goto out; 966 desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0, 967 CRYPTO_ALG_ASYNC); 968 kfree(full_alg_name); 969 if (IS_ERR(desc.tfm)) { 970 rc = PTR_ERR(desc.tfm); 971 printk(KERN_ERR "Error allocating crypto context; " 972 "rc = [%d]\n", rc); 973 goto out; 974 } 975 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY); 976 } 977 if (tfm_mutex) 978 mutex_lock(tfm_mutex); 979 rc = crypto_blkcipher_setkey(desc.tfm, 980 password_s_ptr->session_key_encryption_key, 981 crypt_stat->key_size); 982 if (rc < 0) { 983 printk(KERN_ERR "Error setting key for crypto context\n"); 984 rc = -EINVAL; 985 goto out_free_tfm; 986 } 987 /* TODO: virt_to_scatterlist */ 988 encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); 989 if (!encrypted_session_key) { 990 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 991 rc = -ENOMEM; 992 goto out_free_tfm; 993 } 994 session_key = (char *)__get_free_page(GFP_KERNEL); 995 if (!session_key) { 996 kfree(encrypted_session_key); 997 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 998 rc = -ENOMEM; 999 goto out_free_tfm; 1000 } 1001 memcpy(encrypted_session_key, auth_tok->session_key.encrypted_key, 1002 auth_tok->session_key.encrypted_key_size); 1003 src_sg[0].page = virt_to_page(encrypted_session_key); 1004 src_sg[0].offset = 0; 1005 BUG_ON(auth_tok->session_key.encrypted_key_size > PAGE_CACHE_SIZE); 1006 src_sg[0].length = auth_tok->session_key.encrypted_key_size; 1007 dst_sg[0].page = virt_to_page(session_key); 1008 dst_sg[0].offset = 0; 1009 auth_tok->session_key.decrypted_key_size = 1010 auth_tok->session_key.encrypted_key_size; 1011 dst_sg[0].length = auth_tok->session_key.encrypted_key_size; 1012 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, 1013 auth_tok->session_key.encrypted_key_size); 1014 if (rc) { 1015 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); 1016 goto out_free_memory; 1017 } 1018 auth_tok->session_key.decrypted_key_size = 1019 auth_tok->session_key.encrypted_key_size; 1020 memcpy(auth_tok->session_key.decrypted_key, session_key, 1021 auth_tok->session_key.decrypted_key_size); 1022 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1023 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, 1024 auth_tok->session_key.decrypted_key_size); 1025 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 1026 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); 1027 if (ecryptfs_verbosity > 0) 1028 ecryptfs_dump_hex(crypt_stat->key, 1029 crypt_stat->key_size); 1030 out_free_memory: 1031 memset(encrypted_session_key, 0, PAGE_CACHE_SIZE); 1032 free_page((unsigned long)encrypted_session_key); 1033 memset(session_key, 0, PAGE_CACHE_SIZE); 1034 free_page((unsigned long)session_key); 1035 out_free_tfm: 1036 if (tfm_mutex) 1037 mutex_unlock(tfm_mutex); 1038 else 1039 crypto_free_blkcipher(desc.tfm); 1040 out: 1041 return rc; 1042 } 1043 1044 /** 1045 * ecryptfs_parse_packet_set 1046 * @dest: The header page in memory 1047 * @version: Version of file format, to guide parsing behavior 1048 * 1049 * Get crypt_stat to have the file's session key if the requisite key 1050 * is available to decrypt the session key. 1051 * 1052 * Returns Zero if a valid authentication token was retrieved and 1053 * processed; negative value for file not encrypted or for error 1054 * conditions. 1055 */ 1056 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, 1057 unsigned char *src, 1058 struct dentry *ecryptfs_dentry) 1059 { 1060 size_t i = 0; 1061 size_t found_auth_tok = 0; 1062 size_t next_packet_is_auth_tok_packet; 1063 char sig[ECRYPTFS_SIG_SIZE_HEX]; 1064 struct list_head auth_tok_list; 1065 struct list_head *walker; 1066 struct ecryptfs_auth_tok *chosen_auth_tok = NULL; 1067 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1068 &ecryptfs_superblock_to_private( 1069 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1070 struct ecryptfs_auth_tok *candidate_auth_tok = NULL; 1071 size_t packet_size; 1072 struct ecryptfs_auth_tok *new_auth_tok; 1073 unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE]; 1074 size_t tag_11_contents_size; 1075 size_t tag_11_packet_size; 1076 int rc = 0; 1077 1078 INIT_LIST_HEAD(&auth_tok_list); 1079 /* Parse the header to find as many packets as we can, these will be 1080 * added the our &auth_tok_list */ 1081 next_packet_is_auth_tok_packet = 1; 1082 while (next_packet_is_auth_tok_packet) { 1083 size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i); 1084 1085 switch (src[i]) { 1086 case ECRYPTFS_TAG_3_PACKET_TYPE: 1087 rc = parse_tag_3_packet(crypt_stat, 1088 (unsigned char *)&src[i], 1089 &auth_tok_list, &new_auth_tok, 1090 &packet_size, max_packet_size); 1091 if (rc) { 1092 ecryptfs_printk(KERN_ERR, "Error parsing " 1093 "tag 3 packet\n"); 1094 rc = -EIO; 1095 goto out_wipe_list; 1096 } 1097 i += packet_size; 1098 rc = parse_tag_11_packet((unsigned char *)&src[i], 1099 sig_tmp_space, 1100 ECRYPTFS_SIG_SIZE, 1101 &tag_11_contents_size, 1102 &tag_11_packet_size, 1103 max_packet_size); 1104 if (rc) { 1105 ecryptfs_printk(KERN_ERR, "No valid " 1106 "(ecryptfs-specific) literal " 1107 "packet containing " 1108 "authentication token " 1109 "signature found after " 1110 "tag 3 packet\n"); 1111 rc = -EIO; 1112 goto out_wipe_list; 1113 } 1114 i += tag_11_packet_size; 1115 if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) { 1116 ecryptfs_printk(KERN_ERR, "Expected " 1117 "signature of size [%d]; " 1118 "read size [%d]\n", 1119 ECRYPTFS_SIG_SIZE, 1120 tag_11_contents_size); 1121 rc = -EIO; 1122 goto out_wipe_list; 1123 } 1124 ecryptfs_to_hex(new_auth_tok->token.password.signature, 1125 sig_tmp_space, tag_11_contents_size); 1126 new_auth_tok->token.password.signature[ 1127 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; 1128 crypt_stat->flags |= ECRYPTFS_ENCRYPTED; 1129 break; 1130 case ECRYPTFS_TAG_1_PACKET_TYPE: 1131 rc = parse_tag_1_packet(crypt_stat, 1132 (unsigned char *)&src[i], 1133 &auth_tok_list, &new_auth_tok, 1134 &packet_size, max_packet_size); 1135 if (rc) { 1136 ecryptfs_printk(KERN_ERR, "Error parsing " 1137 "tag 1 packet\n"); 1138 rc = -EIO; 1139 goto out_wipe_list; 1140 } 1141 i += packet_size; 1142 crypt_stat->flags |= ECRYPTFS_ENCRYPTED; 1143 break; 1144 case ECRYPTFS_TAG_11_PACKET_TYPE: 1145 ecryptfs_printk(KERN_WARNING, "Invalid packet set " 1146 "(Tag 11 not allowed by itself)\n"); 1147 rc = -EIO; 1148 goto out_wipe_list; 1149 break; 1150 default: 1151 ecryptfs_printk(KERN_DEBUG, "No packet at offset " 1152 "[%d] of the file header; hex value of " 1153 "character is [0x%.2x]\n", i, src[i]); 1154 next_packet_is_auth_tok_packet = 0; 1155 } 1156 } 1157 if (list_empty(&auth_tok_list)) { 1158 rc = -EINVAL; /* Do not support non-encrypted files in 1159 * the 0.1 release */ 1160 goto out; 1161 } 1162 /* If we have a global auth tok, then we should try to use 1163 * it */ 1164 if (mount_crypt_stat->global_auth_tok) { 1165 memcpy(sig, mount_crypt_stat->global_auth_tok_sig, 1166 ECRYPTFS_SIG_SIZE_HEX); 1167 chosen_auth_tok = mount_crypt_stat->global_auth_tok; 1168 } else 1169 BUG(); /* We should always have a global auth tok in 1170 * the 0.1 release */ 1171 /* Scan list to see if our chosen_auth_tok works */ 1172 list_for_each(walker, &auth_tok_list) { 1173 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 1174 auth_tok_list_item = 1175 list_entry(walker, struct ecryptfs_auth_tok_list_item, 1176 list); 1177 candidate_auth_tok = &auth_tok_list_item->auth_tok; 1178 if (unlikely(ecryptfs_verbosity > 0)) { 1179 ecryptfs_printk(KERN_DEBUG, 1180 "Considering cadidate auth tok:\n"); 1181 ecryptfs_dump_auth_tok(candidate_auth_tok); 1182 } 1183 /* TODO: Replace ECRYPTFS_SIG_SIZE_HEX w/ dynamic value */ 1184 if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD 1185 && !strncmp(candidate_auth_tok->token.password.signature, 1186 sig, ECRYPTFS_SIG_SIZE_HEX)) { 1187 found_auth_tok = 1; 1188 goto leave_list; 1189 /* TODO: Transfer the common salt into the 1190 * crypt_stat salt */ 1191 } else if ((candidate_auth_tok->token_type 1192 == ECRYPTFS_PRIVATE_KEY) 1193 && !strncmp(candidate_auth_tok->token.private_key.signature, 1194 sig, ECRYPTFS_SIG_SIZE_HEX)) { 1195 found_auth_tok = 1; 1196 goto leave_list; 1197 } 1198 } 1199 if (!found_auth_tok) { 1200 ecryptfs_printk(KERN_ERR, "Could not find authentication " 1201 "token on temporary list for sig [%.*s]\n", 1202 ECRYPTFS_SIG_SIZE_HEX, sig); 1203 rc = -EIO; 1204 goto out_wipe_list; 1205 } 1206 leave_list: 1207 rc = -ENOTSUPP; 1208 if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { 1209 memcpy(&(candidate_auth_tok->token.private_key), 1210 &(chosen_auth_tok->token.private_key), 1211 sizeof(struct ecryptfs_private_key)); 1212 rc = decrypt_pki_encrypted_session_key(mount_crypt_stat, 1213 candidate_auth_tok, 1214 crypt_stat); 1215 } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) { 1216 memcpy(&(candidate_auth_tok->token.password), 1217 &(chosen_auth_tok->token.password), 1218 sizeof(struct ecryptfs_password)); 1219 rc = decrypt_session_key(candidate_auth_tok, crypt_stat); 1220 } 1221 if (rc) { 1222 ecryptfs_printk(KERN_ERR, "Error decrypting the " 1223 "session key; rc = [%d]\n", rc); 1224 goto out_wipe_list; 1225 } 1226 rc = ecryptfs_compute_root_iv(crypt_stat); 1227 if (rc) { 1228 ecryptfs_printk(KERN_ERR, "Error computing " 1229 "the root IV\n"); 1230 goto out_wipe_list; 1231 } 1232 rc = ecryptfs_init_crypt_ctx(crypt_stat); 1233 if (rc) { 1234 ecryptfs_printk(KERN_ERR, "Error initializing crypto " 1235 "context for cipher [%s]; rc = [%d]\n", 1236 crypt_stat->cipher, rc); 1237 } 1238 out_wipe_list: 1239 wipe_auth_tok_list(&auth_tok_list); 1240 out: 1241 return rc; 1242 } 1243 static int 1244 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok, 1245 struct ecryptfs_crypt_stat *crypt_stat, 1246 struct ecryptfs_key_record *key_rec) 1247 { 1248 struct ecryptfs_msg_ctx *msg_ctx = NULL; 1249 char *netlink_payload; 1250 size_t netlink_payload_length; 1251 struct ecryptfs_message *msg; 1252 int rc; 1253 1254 rc = write_tag_66_packet(auth_tok->token.private_key.signature, 1255 ecryptfs_code_for_cipher_string(crypt_stat), 1256 crypt_stat, &netlink_payload, 1257 &netlink_payload_length); 1258 if (rc) { 1259 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n"); 1260 goto out; 1261 } 1262 rc = ecryptfs_send_message(ecryptfs_transport, netlink_payload, 1263 netlink_payload_length, &msg_ctx); 1264 if (rc) { 1265 ecryptfs_printk(KERN_ERR, "Error sending netlink message\n"); 1266 goto out; 1267 } 1268 rc = ecryptfs_wait_for_response(msg_ctx, &msg); 1269 if (rc) { 1270 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet " 1271 "from the user space daemon\n"); 1272 rc = -EIO; 1273 goto out; 1274 } 1275 rc = parse_tag_67_packet(key_rec, msg); 1276 if (rc) 1277 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n"); 1278 kfree(msg); 1279 out: 1280 if (netlink_payload) 1281 kfree(netlink_payload); 1282 return rc; 1283 } 1284 /** 1285 * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet 1286 * @dest: Buffer into which to write the packet 1287 * @max: Maximum number of bytes that can be writtn 1288 * @packet_size: This function will write the number of bytes that end 1289 * up constituting the packet; set to zero on error 1290 * 1291 * Returns zero on success; non-zero on error. 1292 */ 1293 static int 1294 write_tag_1_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok, 1295 struct ecryptfs_crypt_stat *crypt_stat, 1296 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 1297 struct ecryptfs_key_record *key_rec, size_t *packet_size) 1298 { 1299 size_t i; 1300 size_t encrypted_session_key_valid = 0; 1301 size_t key_rec_size; 1302 size_t packet_size_length; 1303 int rc = 0; 1304 1305 (*packet_size) = 0; 1306 ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature, 1307 ECRYPTFS_SIG_SIZE); 1308 encrypted_session_key_valid = 0; 1309 for (i = 0; i < crypt_stat->key_size; i++) 1310 encrypted_session_key_valid |= 1311 auth_tok->session_key.encrypted_key[i]; 1312 if (encrypted_session_key_valid) { 1313 memcpy(key_rec->enc_key, 1314 auth_tok->session_key.encrypted_key, 1315 auth_tok->session_key.encrypted_key_size); 1316 goto encrypted_session_key_set; 1317 } 1318 if (auth_tok->session_key.encrypted_key_size == 0) 1319 auth_tok->session_key.encrypted_key_size = 1320 auth_tok->token.private_key.key_size; 1321 rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec); 1322 if (rc) { 1323 ecryptfs_printk(KERN_ERR, "Failed to encrypt session key " 1324 "via a pki"); 1325 goto out; 1326 } 1327 if (ecryptfs_verbosity > 0) { 1328 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n"); 1329 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size); 1330 } 1331 encrypted_session_key_set: 1332 /* Now we have a valid key_rec. Append it to the 1333 * key_rec set. */ 1334 key_rec_size = (sizeof(struct ecryptfs_key_record) 1335 - ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 1336 + (key_rec->enc_key_size)); 1337 /* TODO: Include a packet size limit as a parameter to this 1338 * function once we have multi-packet headers (for versions 1339 * later than 0.1 */ 1340 if (key_rec_size >= ECRYPTFS_MAX_KEYSET_SIZE) { 1341 ecryptfs_printk(KERN_ERR, "Keyset too large\n"); 1342 rc = -EINVAL; 1343 goto out; 1344 } 1345 /* ***** TAG 1 Packet Format ***** 1346 * | version number | 1 byte | 1347 * | key ID | 8 bytes | 1348 * | public key algorithm | 1 byte | 1349 * | encrypted session key | arbitrary | 1350 */ 1351 if ((0x02 + ECRYPTFS_SIG_SIZE + key_rec->enc_key_size) >= max) { 1352 ecryptfs_printk(KERN_ERR, 1353 "Authentication token is too large\n"); 1354 rc = -EINVAL; 1355 goto out; 1356 } 1357 dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; 1358 /* This format is inspired by OpenPGP; see RFC 2440 1359 * packet tag 1 */ 1360 rc = write_packet_length(&dest[(*packet_size)], 1361 (0x02 + ECRYPTFS_SIG_SIZE + 1362 key_rec->enc_key_size), 1363 &packet_size_length); 1364 if (rc) { 1365 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet " 1366 "header; cannot generate packet length\n"); 1367 goto out; 1368 } 1369 (*packet_size) += packet_size_length; 1370 dest[(*packet_size)++] = 0x03; /* version 3 */ 1371 memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE); 1372 (*packet_size) += ECRYPTFS_SIG_SIZE; 1373 dest[(*packet_size)++] = RFC2440_CIPHER_RSA; 1374 memcpy(&dest[(*packet_size)], key_rec->enc_key, 1375 key_rec->enc_key_size); 1376 (*packet_size) += key_rec->enc_key_size; 1377 out: 1378 if (rc) 1379 (*packet_size) = 0; 1380 return rc; 1381 } 1382 1383 /** 1384 * write_tag_11_packet 1385 * @dest: Target into which Tag 11 packet is to be written 1386 * @max: Maximum packet length 1387 * @contents: Byte array of contents to copy in 1388 * @contents_length: Number of bytes in contents 1389 * @packet_length: Length of the Tag 11 packet written; zero on error 1390 * 1391 * Returns zero on success; non-zero on error. 1392 */ 1393 static int 1394 write_tag_11_packet(char *dest, int max, char *contents, size_t contents_length, 1395 size_t *packet_length) 1396 { 1397 size_t packet_size_length; 1398 int rc = 0; 1399 1400 (*packet_length) = 0; 1401 if ((13 + contents_length) > max) { 1402 rc = -EINVAL; 1403 ecryptfs_printk(KERN_ERR, "Packet length larger than " 1404 "maximum allowable\n"); 1405 goto out; 1406 } 1407 /* General packet header */ 1408 /* Packet tag */ 1409 dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; 1410 /* Packet length */ 1411 rc = write_packet_length(&dest[(*packet_length)], 1412 (13 + contents_length), &packet_size_length); 1413 if (rc) { 1414 ecryptfs_printk(KERN_ERR, "Error generating tag 11 packet " 1415 "header; cannot generate packet length\n"); 1416 goto out; 1417 } 1418 (*packet_length) += packet_size_length; 1419 /* Tag 11 specific */ 1420 /* One-octet field that describes how the data is formatted */ 1421 dest[(*packet_length)++] = 0x62; /* binary data */ 1422 /* One-octet filename length followed by filename */ 1423 dest[(*packet_length)++] = 8; 1424 memcpy(&dest[(*packet_length)], "_CONSOLE", 8); 1425 (*packet_length) += 8; 1426 /* Four-octet number indicating modification date */ 1427 memset(&dest[(*packet_length)], 0x00, 4); 1428 (*packet_length) += 4; 1429 /* Remainder is literal data */ 1430 memcpy(&dest[(*packet_length)], contents, contents_length); 1431 (*packet_length) += contents_length; 1432 out: 1433 if (rc) 1434 (*packet_length) = 0; 1435 return rc; 1436 } 1437 1438 /** 1439 * write_tag_3_packet 1440 * @dest: Buffer into which to write the packet 1441 * @max: Maximum number of bytes that can be written 1442 * @auth_tok: Authentication token 1443 * @crypt_stat: The cryptographic context 1444 * @key_rec: encrypted key 1445 * @packet_size: This function will write the number of bytes that end 1446 * up constituting the packet; set to zero on error 1447 * 1448 * Returns zero on success; non-zero on error. 1449 */ 1450 static int 1451 write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok, 1452 struct ecryptfs_crypt_stat *crypt_stat, 1453 struct ecryptfs_key_record *key_rec, size_t *packet_size) 1454 { 1455 size_t i; 1456 size_t encrypted_session_key_valid = 0; 1457 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; 1458 struct scatterlist dest_sg[2]; 1459 struct scatterlist src_sg[2]; 1460 struct mutex *tfm_mutex = NULL; 1461 size_t key_rec_size; 1462 size_t packet_size_length; 1463 size_t cipher_code; 1464 struct blkcipher_desc desc = { 1465 .tfm = NULL, 1466 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 1467 }; 1468 int rc = 0; 1469 1470 (*packet_size) = 0; 1471 ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, 1472 ECRYPTFS_SIG_SIZE); 1473 encrypted_session_key_valid = 0; 1474 for (i = 0; i < crypt_stat->key_size; i++) 1475 encrypted_session_key_valid |= 1476 auth_tok->session_key.encrypted_key[i]; 1477 if (encrypted_session_key_valid) { 1478 memcpy(key_rec->enc_key, 1479 auth_tok->session_key.encrypted_key, 1480 auth_tok->session_key.encrypted_key_size); 1481 goto encrypted_session_key_set; 1482 } 1483 if (auth_tok->session_key.encrypted_key_size == 0) 1484 auth_tok->session_key.encrypted_key_size = 1485 crypt_stat->key_size; 1486 if (crypt_stat->key_size == 24 1487 && strcmp("aes", crypt_stat->cipher) == 0) { 1488 memset((crypt_stat->key + 24), 0, 8); 1489 auth_tok->session_key.encrypted_key_size = 32; 1490 } 1491 key_rec->enc_key_size = 1492 auth_tok->session_key.encrypted_key_size; 1493 if (auth_tok->token.password.flags & 1494 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) { 1495 ecryptfs_printk(KERN_DEBUG, "Using previously generated " 1496 "session key encryption key of size [%d]\n", 1497 auth_tok->token.password. 1498 session_key_encryption_key_bytes); 1499 memcpy(session_key_encryption_key, 1500 auth_tok->token.password.session_key_encryption_key, 1501 crypt_stat->key_size); 1502 ecryptfs_printk(KERN_DEBUG, 1503 "Cached session key " "encryption key: \n"); 1504 if (ecryptfs_verbosity > 0) 1505 ecryptfs_dump_hex(session_key_encryption_key, 16); 1506 } 1507 if (unlikely(ecryptfs_verbosity > 0)) { 1508 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n"); 1509 ecryptfs_dump_hex(session_key_encryption_key, 16); 1510 } 1511 rc = virt_to_scatterlist(crypt_stat->key, 1512 key_rec->enc_key_size, src_sg, 2); 1513 if (!rc) { 1514 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 1515 "for crypt_stat session key\n"); 1516 rc = -ENOMEM; 1517 goto out; 1518 } 1519 rc = virt_to_scatterlist(key_rec->enc_key, 1520 key_rec->enc_key_size, dest_sg, 2); 1521 if (!rc) { 1522 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 1523 "for crypt_stat encrypted session key\n"); 1524 rc = -ENOMEM; 1525 goto out; 1526 } 1527 if (!strcmp(crypt_stat->cipher, 1528 crypt_stat->mount_crypt_stat->global_default_cipher_name) 1529 && crypt_stat->mount_crypt_stat->global_key_tfm) { 1530 desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm; 1531 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; 1532 } else { 1533 char *full_alg_name; 1534 1535 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, 1536 crypt_stat->cipher, 1537 "ecb"); 1538 if (rc) 1539 goto out; 1540 desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0, 1541 CRYPTO_ALG_ASYNC); 1542 kfree(full_alg_name); 1543 if (IS_ERR(desc.tfm)) { 1544 rc = PTR_ERR(desc.tfm); 1545 ecryptfs_printk(KERN_ERR, "Could not initialize crypto " 1546 "context for cipher [%s]; rc = [%d]\n", 1547 crypt_stat->cipher, rc); 1548 goto out; 1549 } 1550 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY); 1551 } 1552 if (tfm_mutex) 1553 mutex_lock(tfm_mutex); 1554 rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, 1555 crypt_stat->key_size); 1556 if (rc < 0) { 1557 if (tfm_mutex) 1558 mutex_unlock(tfm_mutex); 1559 ecryptfs_printk(KERN_ERR, "Error setting key for crypto " 1560 "context; rc = [%d]\n", rc); 1561 goto out; 1562 } 1563 rc = 0; 1564 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", 1565 crypt_stat->key_size); 1566 rc = crypto_blkcipher_encrypt(&desc, dest_sg, src_sg, 1567 (*key_rec).enc_key_size); 1568 if (rc) { 1569 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); 1570 goto out; 1571 } 1572 if (tfm_mutex) 1573 mutex_unlock(tfm_mutex); 1574 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); 1575 if (ecryptfs_verbosity > 0) 1576 ecryptfs_dump_hex(key_rec->enc_key, 1577 key_rec->enc_key_size); 1578 encrypted_session_key_set: 1579 /* Now we have a valid key_rec. Append it to the 1580 * key_rec set. */ 1581 key_rec_size = (sizeof(struct ecryptfs_key_record) 1582 - ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 1583 + (key_rec->enc_key_size)); 1584 /* TODO: Include a packet size limit as a parameter to this 1585 * function once we have multi-packet headers (for versions 1586 * later than 0.1 */ 1587 if (key_rec_size >= ECRYPTFS_MAX_KEYSET_SIZE) { 1588 ecryptfs_printk(KERN_ERR, "Keyset too large\n"); 1589 rc = -EINVAL; 1590 goto out; 1591 } 1592 /* TODO: Packet size limit */ 1593 /* We have 5 bytes of surrounding packet data */ 1594 if ((0x05 + ECRYPTFS_SALT_SIZE 1595 + key_rec->enc_key_size) >= max) { 1596 ecryptfs_printk(KERN_ERR, "Authentication token is too " 1597 "large\n"); 1598 rc = -EINVAL; 1599 goto out; 1600 } 1601 /* This format is inspired by OpenPGP; see RFC 2440 1602 * packet tag 3 */ 1603 dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; 1604 /* ver+cipher+s2k+hash+salt+iter+enc_key */ 1605 rc = write_packet_length(&dest[(*packet_size)], 1606 (0x05 + ECRYPTFS_SALT_SIZE 1607 + key_rec->enc_key_size), 1608 &packet_size_length); 1609 if (rc) { 1610 ecryptfs_printk(KERN_ERR, "Error generating tag 3 packet " 1611 "header; cannot generate packet length\n"); 1612 goto out; 1613 } 1614 (*packet_size) += packet_size_length; 1615 dest[(*packet_size)++] = 0x04; /* version 4 */ 1616 cipher_code = ecryptfs_code_for_cipher_string(crypt_stat); 1617 if (cipher_code == 0) { 1618 ecryptfs_printk(KERN_WARNING, "Unable to generate code for " 1619 "cipher [%s]\n", crypt_stat->cipher); 1620 rc = -EINVAL; 1621 goto out; 1622 } 1623 dest[(*packet_size)++] = cipher_code; 1624 dest[(*packet_size)++] = 0x03; /* S2K */ 1625 dest[(*packet_size)++] = 0x01; /* MD5 (TODO: parameterize) */ 1626 memcpy(&dest[(*packet_size)], auth_tok->token.password.salt, 1627 ECRYPTFS_SALT_SIZE); 1628 (*packet_size) += ECRYPTFS_SALT_SIZE; /* salt */ 1629 dest[(*packet_size)++] = 0x60; /* hash iterations (65536) */ 1630 memcpy(&dest[(*packet_size)], key_rec->enc_key, 1631 key_rec->enc_key_size); 1632 (*packet_size) += key_rec->enc_key_size; 1633 out: 1634 if (desc.tfm && !tfm_mutex) 1635 crypto_free_blkcipher(desc.tfm); 1636 if (rc) 1637 (*packet_size) = 0; 1638 return rc; 1639 } 1640 1641 struct kmem_cache *ecryptfs_key_record_cache; 1642 1643 /** 1644 * ecryptfs_generate_key_packet_set 1645 * @dest: Virtual address from which to write the key record set 1646 * @crypt_stat: The cryptographic context from which the 1647 * authentication tokens will be retrieved 1648 * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat 1649 * for the global parameters 1650 * @len: The amount written 1651 * @max: The maximum amount of data allowed to be written 1652 * 1653 * Generates a key packet set and writes it to the virtual address 1654 * passed in. 1655 * 1656 * Returns zero on success; non-zero on error. 1657 */ 1658 int 1659 ecryptfs_generate_key_packet_set(char *dest_base, 1660 struct ecryptfs_crypt_stat *crypt_stat, 1661 struct dentry *ecryptfs_dentry, size_t *len, 1662 size_t max) 1663 { 1664 struct ecryptfs_auth_tok *auth_tok; 1665 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1666 &ecryptfs_superblock_to_private( 1667 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1668 size_t written; 1669 struct ecryptfs_key_record *key_rec; 1670 int rc = 0; 1671 1672 (*len) = 0; 1673 key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL); 1674 if (!key_rec) { 1675 rc = -ENOMEM; 1676 goto out; 1677 } 1678 if (mount_crypt_stat->global_auth_tok) { 1679 auth_tok = mount_crypt_stat->global_auth_tok; 1680 if (auth_tok->token_type == ECRYPTFS_PASSWORD) { 1681 rc = write_tag_3_packet((dest_base + (*len)), 1682 max, auth_tok, 1683 crypt_stat, key_rec, 1684 &written); 1685 if (rc) { 1686 ecryptfs_printk(KERN_WARNING, "Error " 1687 "writing tag 3 packet\n"); 1688 goto out_free; 1689 } 1690 (*len) += written; 1691 /* Write auth tok signature packet */ 1692 rc = write_tag_11_packet( 1693 (dest_base + (*len)), 1694 (max - (*len)), 1695 key_rec->sig, ECRYPTFS_SIG_SIZE, &written); 1696 if (rc) { 1697 ecryptfs_printk(KERN_ERR, "Error writing " 1698 "auth tok signature packet\n"); 1699 goto out_free; 1700 } 1701 (*len) += written; 1702 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { 1703 rc = write_tag_1_packet(dest_base + (*len), 1704 max, auth_tok, 1705 crypt_stat,mount_crypt_stat, 1706 key_rec, &written); 1707 if (rc) { 1708 ecryptfs_printk(KERN_WARNING, "Error " 1709 "writing tag 1 packet\n"); 1710 goto out_free; 1711 } 1712 (*len) += written; 1713 } else { 1714 ecryptfs_printk(KERN_WARNING, "Unsupported " 1715 "authentication token type\n"); 1716 rc = -EINVAL; 1717 goto out_free; 1718 } 1719 } else 1720 BUG(); 1721 if (likely((max - (*len)) > 0)) { 1722 dest_base[(*len)] = 0x00; 1723 } else { 1724 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n"); 1725 rc = -EIO; 1726 } 1727 1728 out_free: 1729 kmem_cache_free(ecryptfs_key_record_cache, key_rec); 1730 out: 1731 if (rc) 1732 (*len) = 0; 1733 return rc; 1734 } 1735