fname.c 10.8 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * This contains functions for filename crypto management
4 5 6 7 8
 *
 * Copyright (C) 2015, Google, Inc.
 * Copyright (C) 2015, Motorola Mobility
 *
 * Written by Uday Savagaonkar, 2014.
9
 * Modified by Jaegeuk Kim, 2015.
10 11 12
 *
 * This has not yet undergone a rigorous security audit.
 */
13

14 15
#include <linux/scatterlist.h>
#include <linux/ratelimit.h>
16
#include <crypto/skcipher.h>
17
#include "fscrypt_private.h"
18

19 20 21 22 23 24 25 26 27 28 29
static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
{
	if (str->len == 1 && str->name[0] == '.')
		return true;

	if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
		return true;

	return false;
}

30
/**
31
 * fname_encrypt() - encrypt a filename
32
 *
33 34
 * The output buffer must be at least as large as the input buffer.
 * Any extra space is filled with NUL padding before encryption.
35 36
 *
 * Return: 0 on success, -errno on failure
37
 */
38 39
int fname_encrypt(struct inode *inode, const struct qstr *iname,
		  u8 *out, unsigned int olen)
40
{
H
Herbert Xu 已提交
41
	struct skcipher_request *req = NULL;
42
	DECLARE_CRYPTO_WAIT(wait);
43
	struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm;
44
	int res = 0;
45
	char iv[FS_CRYPTO_BLOCK_SIZE];
46
	struct scatterlist sg;
47

48 49 50 51
	/*
	 * Copy the filename to the output buffer for encrypting in-place and
	 * pad it with the needed number of NUL bytes.
	 */
52
	if (WARN_ON(olen < iname->len))
53
		return -ENOBUFS;
54 55
	memcpy(out, iname->name, iname->len);
	memset(out + iname->len, 0, olen - iname->len);
56

57 58
	/* Initialize the IV */
	memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
59

60
	/* Set up the encryption request */
H
Herbert Xu 已提交
61
	req = skcipher_request_alloc(tfm, GFP_NOFS);
62
	if (!req)
63
		return -ENOMEM;
H
Herbert Xu 已提交
64
	skcipher_request_set_callback(req,
65
			CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
66
			crypto_req_done, &wait);
67 68
	sg_init_one(&sg, out, olen);
	skcipher_request_set_crypt(req, &sg, &sg, olen, iv);
69

70
	/* Do the encryption */
71
	res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
H
Herbert Xu 已提交
72
	skcipher_request_free(req);
73
	if (res < 0) {
74 75
		printk_ratelimited(KERN_ERR
				"%s: Error (error code %d)\n", __func__, res);
76 77
		return res;
	}
78

79
	return 0;
80 81
}

82 83 84 85 86 87
/**
 * fname_decrypt() - decrypt a filename
 *
 * The caller must have allocated sufficient memory for the @oname string.
 *
 * Return: 0 on success, -errno on failure
88
 */
89 90 91
static int fname_decrypt(struct inode *inode,
				const struct fscrypt_str *iname,
				struct fscrypt_str *oname)
92
{
H
Herbert Xu 已提交
93
	struct skcipher_request *req = NULL;
94
	DECLARE_CRYPTO_WAIT(wait);
95
	struct scatterlist src_sg, dst_sg;
96
	struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm;
97
	int res = 0;
98
	char iv[FS_CRYPTO_BLOCK_SIZE];
99 100

	/* Allocate request */
H
Herbert Xu 已提交
101
	req = skcipher_request_alloc(tfm, GFP_NOFS);
102
	if (!req)
103
		return -ENOMEM;
H
Herbert Xu 已提交
104
	skcipher_request_set_callback(req,
105
		CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
106
		crypto_req_done, &wait);
107 108

	/* Initialize IV */
109
	memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
110 111 112 113

	/* Create decryption request */
	sg_init_one(&src_sg, iname->name, iname->len);
	sg_init_one(&dst_sg, oname->name, oname->len);
H
Herbert Xu 已提交
114
	skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
115
	res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
H
Herbert Xu 已提交
116
	skcipher_request_free(req);
117 118
	if (res < 0) {
		printk_ratelimited(KERN_ERR
119
				"%s: Error (error code %d)\n", __func__, res);
120 121 122 123
		return res;
	}

	oname->len = strnlen(oname->name, iname->len);
124
	return 0;
125 126 127 128 129
}

static const char *lookup_table =
	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";

130 131
#define BASE64_CHARS(nbytes)	DIV_ROUND_UP((nbytes) * 4, 3)

132
/**
133
 * digest_encode() -
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181
 *
 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
 * The encoded string is roughly 4/3 times the size of the input string.
 */
static int digest_encode(const char *src, int len, char *dst)
{
	int i = 0, bits = 0, ac = 0;
	char *cp = dst;

	while (i < len) {
		ac += (((unsigned char) src[i]) << bits);
		bits += 8;
		do {
			*cp++ = lookup_table[ac & 0x3f];
			ac >>= 6;
			bits -= 6;
		} while (bits >= 6);
		i++;
	}
	if (bits)
		*cp++ = lookup_table[ac & 0x3f];
	return cp - dst;
}

static int digest_decode(const char *src, int len, char *dst)
{
	int i = 0, bits = 0, ac = 0;
	const char *p;
	char *cp = dst;

	while (i < len) {
		p = strchr(lookup_table, src[i]);
		if (p == NULL || src[i] == 0)
			return -2;
		ac += (p - lookup_table) << bits;
		bits += 6;
		if (bits >= 8) {
			*cp++ = ac & 0xff;
			ac >>= 8;
			bits -= 8;
		}
		i++;
	}
	if (ac)
		return -1;
	return cp - dst;
}

182 183
bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
				  u32 max_len, u32 *encrypted_len_ret)
184
{
185 186 187 188 189 190 191 192 193 194
	int padding = 4 << (inode->i_crypt_info->ci_flags &
			    FS_POLICY_FLAGS_PAD_MASK);
	u32 encrypted_len;

	if (orig_len > max_len)
		return false;
	encrypted_len = max(orig_len, (u32)FS_CRYPTO_BLOCK_SIZE);
	encrypted_len = round_up(encrypted_len, padding);
	*encrypted_len_ret = min(encrypted_len, max_len);
	return true;
195 196 197
}

/**
198
 * fscrypt_fname_alloc_buffer - allocate a buffer for presented filenames
199
 *
200 201 202 203
 * Allocate a buffer that is large enough to hold any decrypted or encoded
 * filename (null-terminated), for the given maximum encrypted filename length.
 *
 * Return: 0 on success, -errno on failure
204
 */
205
int fscrypt_fname_alloc_buffer(const struct inode *inode,
206 207
			       u32 max_encrypted_len,
			       struct fscrypt_str *crypto_str)
208
{
209 210 211
	const u32 max_encoded_len =
		max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE),
		      1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)));
212
	u32 max_presented_len;
213

214
	max_presented_len = max(max_encoded_len, max_encrypted_len);
215

216 217
	crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);
	if (!crypto_str->name)
218
		return -ENOMEM;
219
	crypto_str->len = max_presented_len;
220 221
	return 0;
}
222
EXPORT_SYMBOL(fscrypt_fname_alloc_buffer);
223 224

/**
225
 * fscrypt_fname_free_buffer - free the buffer for presented filenames
226
 *
227
 * Free the buffer allocated by fscrypt_fname_alloc_buffer().
228
 */
229
void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
230 231 232 233 234 235
{
	if (!crypto_str)
		return;
	kfree(crypto_str->name);
	crypto_str->name = NULL;
}
236
EXPORT_SYMBOL(fscrypt_fname_free_buffer);
237 238

/**
239 240
 * fscrypt_fname_disk_to_usr() - converts a filename from disk space to user
 * space
241 242 243
 *
 * The caller must have allocated sufficient memory for the @oname string.
 *
244 245 246 247
 * If the key is available, we'll decrypt the disk name; otherwise, we'll encode
 * it for presentation.  Short names are directly base64-encoded, while long
 * names are encoded in fscrypt_digested_name format.
 *
248
 * Return: 0 on success, -errno on failure
249
 */
250 251 252 253
int fscrypt_fname_disk_to_usr(struct inode *inode,
			u32 hash, u32 minor_hash,
			const struct fscrypt_str *iname,
			struct fscrypt_str *oname)
254 255
{
	const struct qstr qname = FSTR_TO_QSTR(iname);
256
	struct fscrypt_digested_name digested_name;
257

258
	if (fscrypt_is_dot_dotdot(&qname)) {
259 260 261
		oname->name[0] = '.';
		oname->name[iname->len - 1] = '.';
		oname->len = iname->len;
262
		return 0;
263 264
	}

265
	if (iname->len < FS_CRYPTO_BLOCK_SIZE)
266
		return -EUCLEAN;
267

268 269 270
	if (inode->i_crypt_info)
		return fname_decrypt(inode, iname, oname);

271
	if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) {
272 273 274
		oname->len = digest_encode(iname->name, iname->len,
					   oname->name);
		return 0;
275 276
	}
	if (hash) {
277 278
		digested_name.hash = hash;
		digested_name.minor_hash = minor_hash;
279
	} else {
280 281
		digested_name.hash = 0;
		digested_name.minor_hash = 0;
282
	}
283 284 285
	memcpy(digested_name.digest,
	       FSCRYPT_FNAME_DIGEST(iname->name, iname->len),
	       FSCRYPT_FNAME_DIGEST_SIZE);
286
	oname->name[0] = '_';
287 288
	oname->len = 1 + digest_encode((const char *)&digested_name,
				       sizeof(digested_name), oname->name + 1);
289
	return 0;
290
}
291
EXPORT_SYMBOL(fscrypt_fname_disk_to_usr);
292

293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316
/**
 * fscrypt_setup_filename() - prepare to search a possibly encrypted directory
 * @dir: the directory that will be searched
 * @iname: the user-provided filename being searched for
 * @lookup: 1 if we're allowed to proceed without the key because it's
 *	->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
 *	proceed without the key because we're going to create the dir_entry.
 * @fname: the filename information to be filled in
 *
 * Given a user-provided filename @iname, this function sets @fname->disk_name
 * to the name that would be stored in the on-disk directory entry, if possible.
 * If the directory is unencrypted this is simply @iname.  Else, if we have the
 * directory's encryption key, then @iname is the plaintext, so we encrypt it to
 * get the disk_name.
 *
 * Else, for keyless @lookup operations, @iname is the presented ciphertext, so
 * we decode it to get either the ciphertext disk_name (for short names) or the
 * fscrypt_digested_name (for long names).  Non-@lookup operations will be
 * impossible in this case, so we fail them with ENOKEY.
 *
 * If successful, fscrypt_free_filename() must be called later to clean up.
 *
 * Return: 0 on success, -errno on failure
 */
317 318
int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
			      int lookup, struct fscrypt_name *fname)
319
{
320 321
	int ret;
	int digested;
322

323
	memset(fname, 0, sizeof(struct fscrypt_name));
324 325
	fname->usr_fname = iname;

326
	if (!IS_ENCRYPTED(dir) || fscrypt_is_dot_dotdot(iname)) {
327 328
		fname->disk_name.name = (unsigned char *)iname->name;
		fname->disk_name.len = iname->len;
329
		return 0;
330
	}
331
	ret = fscrypt_get_encryption_info(dir);
332
	if (ret)
333
		return ret;
334 335

	if (dir->i_crypt_info) {
336 337 338
		if (!fscrypt_fname_encrypted_size(dir, iname->len,
						  dir->i_sb->s_cop->max_namelen(dir),
						  &fname->crypto_buf.len))
339 340 341 342 343 344 345 346
			return -ENAMETOOLONG;
		fname->crypto_buf.name = kmalloc(fname->crypto_buf.len,
						 GFP_NOFS);
		if (!fname->crypto_buf.name)
			return -ENOMEM;

		ret = fname_encrypt(dir, iname, fname->crypto_buf.name,
				    fname->crypto_buf.len);
347
		if (ret)
348
			goto errout;
349 350
		fname->disk_name.name = fname->crypto_buf.name;
		fname->disk_name.len = fname->crypto_buf.len;
351
		return 0;
352
	}
353
	if (!lookup)
354
		return -ENOKEY;
355

356 357
	/*
	 * We don't have the key and we are doing a lookup; decode the
358 359
	 * user-supplied name
	 */
360 361 362 363 364 365 366 367 368 369 370
	if (iname->name[0] == '_') {
		if (iname->len !=
		    1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)))
			return -ENOENT;
		digested = 1;
	} else {
		if (iname->len >
		    BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE))
			return -ENOENT;
		digested = 0;
	}
371

372 373 374 375
	fname->crypto_buf.name =
		kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE,
			      sizeof(struct fscrypt_digested_name)),
			GFP_KERNEL);
376 377
	if (fname->crypto_buf.name == NULL)
		return -ENOMEM;
378

379
	ret = digest_decode(iname->name + digested, iname->len - digested,
380 381 382
				fname->crypto_buf.name);
	if (ret < 0) {
		ret = -ENOENT;
383
		goto errout;
384 385
	}
	fname->crypto_buf.len = ret;
386 387 388 389 390
	if (digested) {
		const struct fscrypt_digested_name *n =
			(const void *)fname->crypto_buf.name;
		fname->hash = n->hash;
		fname->minor_hash = n->minor_hash;
391 392 393 394
	} else {
		fname->disk_name.name = fname->crypto_buf.name;
		fname->disk_name.len = fname->crypto_buf.len;
	}
395
	return 0;
396

397
errout:
398
	kfree(fname->crypto_buf.name);
399 400
	return ret;
}
401
EXPORT_SYMBOL(fscrypt_setup_filename);