1
2
3
4
5
6
7
8
9
10
11
12
13
14#include <linux/namei.h>
15#include <linux/scatterlist.h>
16#include <crypto/hash.h>
17#include <crypto/sha2.h>
18#include <crypto/skcipher.h>
19#include "fscrypt_private.h"
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51struct fscrypt_nokey_name {
52 u32 dirhash[2];
53 u8 bytes[149];
54 u8 sha256[SHA256_DIGEST_SIZE];
55};
56
57
58
59
60
61
62#define FSCRYPT_NOKEY_NAME_MAX offsetofend(struct fscrypt_nokey_name, sha256)
63
64
65#define FSCRYPT_NOKEY_NAME_MAX_ENCODED \
66 FSCRYPT_BASE64URL_CHARS(FSCRYPT_NOKEY_NAME_MAX)
67
68static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
69{
70 if (str->len == 1 && str->name[0] == '.')
71 return true;
72
73 if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
74 return true;
75
76 return false;
77}
78
79
80
81
82
83
84
85
86
87
88
89
90int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
91 u8 *out, unsigned int olen)
92{
93 struct skcipher_request *req = NULL;
94 DECLARE_CRYPTO_WAIT(wait);
95 const struct fscrypt_info *ci = inode->i_crypt_info;
96 struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
97 union fscrypt_iv iv;
98 struct scatterlist sg;
99 int res;
100
101
102
103
104
105 if (WARN_ON(olen < iname->len))
106 return -ENOBUFS;
107 memcpy(out, iname->name, iname->len);
108 memset(out + iname->len, 0, olen - iname->len);
109
110
111 fscrypt_generate_iv(&iv, 0, ci);
112
113
114 req = skcipher_request_alloc(tfm, GFP_NOFS);
115 if (!req)
116 return -ENOMEM;
117 skcipher_request_set_callback(req,
118 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
119 crypto_req_done, &wait);
120 sg_init_one(&sg, out, olen);
121 skcipher_request_set_crypt(req, &sg, &sg, olen, &iv);
122
123
124 res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
125 skcipher_request_free(req);
126 if (res < 0) {
127 fscrypt_err(inode, "Filename encryption failed: %d", res);
128 return res;
129 }
130
131 return 0;
132}
133
134
135
136
137
138
139
140
141
142
143
144static int fname_decrypt(const struct inode *inode,
145 const struct fscrypt_str *iname,
146 struct fscrypt_str *oname)
147{
148 struct skcipher_request *req = NULL;
149 DECLARE_CRYPTO_WAIT(wait);
150 struct scatterlist src_sg, dst_sg;
151 const struct fscrypt_info *ci = inode->i_crypt_info;
152 struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
153 union fscrypt_iv iv;
154 int res;
155
156
157 req = skcipher_request_alloc(tfm, GFP_NOFS);
158 if (!req)
159 return -ENOMEM;
160 skcipher_request_set_callback(req,
161 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
162 crypto_req_done, &wait);
163
164
165 fscrypt_generate_iv(&iv, 0, ci);
166
167
168 sg_init_one(&src_sg, iname->name, iname->len);
169 sg_init_one(&dst_sg, oname->name, oname->len);
170 skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, &iv);
171 res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
172 skcipher_request_free(req);
173 if (res < 0) {
174 fscrypt_err(inode, "Filename decryption failed: %d", res);
175 return res;
176 }
177
178 oname->len = strnlen(oname->name, iname->len);
179 return 0;
180}
181
182static const char base64url_table[65] =
183 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
184
185#define FSCRYPT_BASE64URL_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201static int fscrypt_base64url_encode(const u8 *src, int srclen, char *dst)
202{
203 u32 ac = 0;
204 int bits = 0;
205 int i;
206 char *cp = dst;
207
208 for (i = 0; i < srclen; i++) {
209 ac = (ac << 8) | src[i];
210 bits += 8;
211 do {
212 bits -= 6;
213 *cp++ = base64url_table[(ac >> bits) & 0x3f];
214 } while (bits >= 6);
215 }
216 if (bits)
217 *cp++ = base64url_table[(ac << (6 - bits)) & 0x3f];
218 return cp - dst;
219}
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236static int fscrypt_base64url_decode(const char *src, int srclen, u8 *dst)
237{
238 u32 ac = 0;
239 int bits = 0;
240 int i;
241 u8 *bp = dst;
242
243 for (i = 0; i < srclen; i++) {
244 const char *p = strchr(base64url_table, src[i]);
245
246 if (p == NULL || src[i] == 0)
247 return -1;
248 ac = (ac << 6) | (p - base64url_table);
249 bits += 6;
250 if (bits >= 8) {
251 bits -= 8;
252 *bp++ = (u8)(ac >> bits);
253 }
254 }
255 if (ac & ((1 << bits) - 1))
256 return -1;
257 return bp - dst;
258}
259
260bool fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,
261 u32 orig_len, u32 max_len,
262 u32 *encrypted_len_ret)
263{
264 int padding = 4 << (fscrypt_policy_flags(policy) &
265 FSCRYPT_POLICY_FLAGS_PAD_MASK);
266 u32 encrypted_len;
267
268 if (orig_len > max_len)
269 return false;
270 encrypted_len = max(orig_len, (u32)FS_CRYPTO_BLOCK_SIZE);
271 encrypted_len = round_up(encrypted_len, padding);
272 *encrypted_len_ret = min(encrypted_len, max_len);
273 return true;
274}
275
276
277
278
279
280
281
282
283
284
285
286
287int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
288 struct fscrypt_str *crypto_str)
289{
290 u32 max_presented_len = max_t(u32, FSCRYPT_NOKEY_NAME_MAX_ENCODED,
291 max_encrypted_len);
292
293 crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);
294 if (!crypto_str->name)
295 return -ENOMEM;
296 crypto_str->len = max_presented_len;
297 return 0;
298}
299EXPORT_SYMBOL(fscrypt_fname_alloc_buffer);
300
301
302
303
304
305
306
307void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
308{
309 if (!crypto_str)
310 return;
311 kfree(crypto_str->name);
312 crypto_str->name = NULL;
313}
314EXPORT_SYMBOL(fscrypt_fname_free_buffer);
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337int fscrypt_fname_disk_to_usr(const struct inode *inode,
338 u32 hash, u32 minor_hash,
339 const struct fscrypt_str *iname,
340 struct fscrypt_str *oname)
341{
342 const struct qstr qname = FSTR_TO_QSTR(iname);
343 struct fscrypt_nokey_name nokey_name;
344 u32 size;
345
346 if (fscrypt_is_dot_dotdot(&qname)) {
347 oname->name[0] = '.';
348 oname->name[iname->len - 1] = '.';
349 oname->len = iname->len;
350 return 0;
351 }
352
353 if (iname->len < FS_CRYPTO_BLOCK_SIZE)
354 return -EUCLEAN;
355
356 if (fscrypt_has_encryption_key(inode))
357 return fname_decrypt(inode, iname, oname);
358
359
360
361
362
363 BUILD_BUG_ON(offsetofend(struct fscrypt_nokey_name, dirhash) !=
364 offsetof(struct fscrypt_nokey_name, bytes));
365 BUILD_BUG_ON(offsetofend(struct fscrypt_nokey_name, bytes) !=
366 offsetof(struct fscrypt_nokey_name, sha256));
367 BUILD_BUG_ON(FSCRYPT_NOKEY_NAME_MAX_ENCODED > NAME_MAX);
368
369 nokey_name.dirhash[0] = hash;
370 nokey_name.dirhash[1] = minor_hash;
371
372 if (iname->len <= sizeof(nokey_name.bytes)) {
373 memcpy(nokey_name.bytes, iname->name, iname->len);
374 size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]);
375 } else {
376 memcpy(nokey_name.bytes, iname->name, sizeof(nokey_name.bytes));
377
378 sha256(&iname->name[sizeof(nokey_name.bytes)],
379 iname->len - sizeof(nokey_name.bytes),
380 nokey_name.sha256);
381 size = FSCRYPT_NOKEY_NAME_MAX;
382 }
383 oname->len = fscrypt_base64url_encode((const u8 *)&nokey_name, size,
384 oname->name);
385 return 0;
386}
387EXPORT_SYMBOL(fscrypt_fname_disk_to_usr);
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
413 int lookup, struct fscrypt_name *fname)
414{
415 struct fscrypt_nokey_name *nokey_name;
416 int ret;
417
418 memset(fname, 0, sizeof(struct fscrypt_name));
419 fname->usr_fname = iname;
420
421 if (!IS_ENCRYPTED(dir) || fscrypt_is_dot_dotdot(iname)) {
422 fname->disk_name.name = (unsigned char *)iname->name;
423 fname->disk_name.len = iname->len;
424 return 0;
425 }
426 ret = fscrypt_get_encryption_info(dir, lookup);
427 if (ret)
428 return ret;
429
430 if (fscrypt_has_encryption_key(dir)) {
431 if (!fscrypt_fname_encrypted_size(&dir->i_crypt_info->ci_policy,
432 iname->len, NAME_MAX,
433 &fname->crypto_buf.len))
434 return -ENAMETOOLONG;
435 fname->crypto_buf.name = kmalloc(fname->crypto_buf.len,
436 GFP_NOFS);
437 if (!fname->crypto_buf.name)
438 return -ENOMEM;
439
440 ret = fscrypt_fname_encrypt(dir, iname, fname->crypto_buf.name,
441 fname->crypto_buf.len);
442 if (ret)
443 goto errout;
444 fname->disk_name.name = fname->crypto_buf.name;
445 fname->disk_name.len = fname->crypto_buf.len;
446 return 0;
447 }
448 if (!lookup)
449 return -ENOKEY;
450 fname->is_nokey_name = true;
451
452
453
454
455
456
457 if (iname->len > FSCRYPT_NOKEY_NAME_MAX_ENCODED)
458 return -ENOENT;
459
460 fname->crypto_buf.name = kmalloc(FSCRYPT_NOKEY_NAME_MAX, GFP_KERNEL);
461 if (fname->crypto_buf.name == NULL)
462 return -ENOMEM;
463
464 ret = fscrypt_base64url_decode(iname->name, iname->len,
465 fname->crypto_buf.name);
466 if (ret < (int)offsetof(struct fscrypt_nokey_name, bytes[1]) ||
467 (ret > offsetof(struct fscrypt_nokey_name, sha256) &&
468 ret != FSCRYPT_NOKEY_NAME_MAX)) {
469 ret = -ENOENT;
470 goto errout;
471 }
472 fname->crypto_buf.len = ret;
473
474 nokey_name = (void *)fname->crypto_buf.name;
475 fname->hash = nokey_name->dirhash[0];
476 fname->minor_hash = nokey_name->dirhash[1];
477 if (ret != FSCRYPT_NOKEY_NAME_MAX) {
478
479 fname->disk_name.name = nokey_name->bytes;
480 fname->disk_name.len =
481 ret - offsetof(struct fscrypt_nokey_name, bytes);
482 }
483 return 0;
484
485errout:
486 kfree(fname->crypto_buf.name);
487 return ret;
488}
489EXPORT_SYMBOL(fscrypt_setup_filename);
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505bool fscrypt_match_name(const struct fscrypt_name *fname,
506 const u8 *de_name, u32 de_name_len)
507{
508 const struct fscrypt_nokey_name *nokey_name =
509 (const void *)fname->crypto_buf.name;
510 u8 digest[SHA256_DIGEST_SIZE];
511
512 if (likely(fname->disk_name.name)) {
513 if (de_name_len != fname->disk_name.len)
514 return false;
515 return !memcmp(de_name, fname->disk_name.name, de_name_len);
516 }
517 if (de_name_len <= sizeof(nokey_name->bytes))
518 return false;
519 if (memcmp(de_name, nokey_name->bytes, sizeof(nokey_name->bytes)))
520 return false;
521 sha256(&de_name[sizeof(nokey_name->bytes)],
522 de_name_len - sizeof(nokey_name->bytes), digest);
523 return !memcmp(digest, nokey_name->sha256, sizeof(digest));
524}
525EXPORT_SYMBOL_GPL(fscrypt_match_name);
526
527
528
529
530
531
532
533
534
535
536
537
538u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name)
539{
540 const struct fscrypt_info *ci = dir->i_crypt_info;
541
542 WARN_ON(!ci->ci_dirhash_key_initialized);
543
544 return siphash(name->name, name->len, &ci->ci_dirhash_key);
545}
546EXPORT_SYMBOL_GPL(fscrypt_fname_siphash);
547
548
549
550
551
552int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
553{
554 struct dentry *dir;
555 int err;
556 int valid;
557
558
559
560
561
562
563 if (!(dentry->d_flags & DCACHE_NOKEY_NAME))
564 return 1;
565
566
567
568
569
570
571
572
573
574
575
576
577
578 if (flags & LOOKUP_RCU)
579 return -ECHILD;
580
581 dir = dget_parent(dentry);
582
583
584
585
586 err = fscrypt_get_encryption_info(d_inode(dir), true);
587 valid = !fscrypt_has_encryption_key(d_inode(dir));
588 dput(dir);
589
590 if (err < 0)
591 return err;
592
593 return valid;
594}
595EXPORT_SYMBOL_GPL(fscrypt_d_revalidate);
596