2015-04-26 00:12:50 -07:00
|
|
|
/*
|
2016-10-12 17:18:56 -07:00
|
|
|
* This contains functions for filename crypto management
|
2015-04-26 00:12:50 -07:00
|
|
|
*
|
|
|
|
|
* Copyright (C) 2015, Google, Inc.
|
|
|
|
|
* Copyright (C) 2015, Motorola Mobility
|
|
|
|
|
*
|
|
|
|
|
* Written by Uday Savagaonkar, 2014.
|
2016-10-12 17:18:56 -07:00
|
|
|
* Modified by Jaegeuk Kim, 2015.
|
2015-04-26 00:12:50 -07:00
|
|
|
*
|
|
|
|
|
* This has not yet undergone a rigorous security audit.
|
|
|
|
|
*/
|
2016-10-12 17:18:56 -07:00
|
|
|
|
2015-04-26 00:12:50 -07:00
|
|
|
#include <linux/scatterlist.h>
|
|
|
|
|
#include <linux/ratelimit.h>
|
2018-01-05 10:45:00 -08:00
|
|
|
#include <crypto/skcipher.h>
|
2017-03-08 15:24:43 -08:00
|
|
|
#include "fscrypt_private.h"
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2018-01-05 10:44:59 -08:00
|
|
|
static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
|
|
|
|
|
{
|
|
|
|
|
if (str->len == 1 && str->name[0] == '.')
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-26 00:12:50 -07:00
|
|
|
/**
|
2016-12-01 10:44:44 -08:00
|
|
|
* fname_encrypt() - encrypt a filename
|
2015-04-26 00:12:50 -07:00
|
|
|
*
|
2018-01-11 23:30:08 -05:00
|
|
|
* The output buffer must be at least as large as the input buffer.
|
|
|
|
|
* Any extra space is filled with NUL padding before encryption.
|
2016-12-01 10:44:44 -08:00
|
|
|
*
|
|
|
|
|
* Return: 0 on success, -errno on failure
|
2015-04-26 00:12:50 -07:00
|
|
|
*/
|
2018-01-11 23:30:08 -05:00
|
|
|
int fname_encrypt(struct inode *inode, const struct qstr *iname,
|
|
|
|
|
u8 *out, unsigned int olen)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
2016-10-12 17:18:56 -07:00
|
|
|
struct skcipher_request *req = NULL;
|
2017-10-18 08:00:44 +01:00
|
|
|
DECLARE_CRYPTO_WAIT(wait);
|
2018-01-11 23:30:08 -05:00
|
|
|
struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm;
|
2015-04-26 00:12:50 -07:00
|
|
|
int res = 0;
|
2016-10-12 17:18:56 -07:00
|
|
|
char iv[FS_CRYPTO_BLOCK_SIZE];
|
2016-12-01 10:44:44 -08:00
|
|
|
struct scatterlist sg;
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-12-01 10:44:44 -08:00
|
|
|
/*
|
|
|
|
|
* Copy the filename to the output buffer for encrypting in-place and
|
|
|
|
|
* pad it with the needed number of NUL bytes.
|
|
|
|
|
*/
|
2018-01-11 23:30:08 -05:00
|
|
|
if (WARN_ON(olen < iname->len))
|
fscrypt: new helper functions for ->symlink()
Currently, filesystems supporting fscrypt need to implement some tricky
logic when creating encrypted symlinks, including handling a peculiar
on-disk format (struct fscrypt_symlink_data) and correctly calculating
the size of the encrypted symlink. Introduce helper functions to make
things a bit easier:
- fscrypt_prepare_symlink() computes and validates the size the symlink
target will require on-disk.
- fscrypt_encrypt_symlink() creates the encrypted target if needed.
The new helpers actually fix some subtle bugs. First, when checking
whether the symlink target was too long, filesystems didn't account for
the fact that the NUL padding is meant to be truncated if it would cause
the maximum length to be exceeded, as is done for filenames in
directories. Consequently users would receive ENAMETOOLONG when
creating symlinks close to what is supposed to be the maximum length.
For example, with EXT4 with a 4K block size, the maximum symlink target
length in an encrypted directory is supposed to be 4093 bytes (in
comparison to 4095 in an unencrypted directory), but in
FS_POLICY_FLAGS_PAD_32-mode only up to 4064 bytes were accepted.
Second, symlink targets of "." and ".." were not being encrypted, even
though they should be, as these names are special in *directory entries*
but not in symlink targets. Fortunately, we can fix this simply by
starting to encrypt them, as old kernels already accept them in
encrypted form.
Third, the output string length the filesystems were providing when
doing the actual encryption was incorrect, as it was forgotten to
exclude 'sizeof(struct fscrypt_symlink_data)'. Fortunately though, this
bug didn't make a difference.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2018-01-05 10:45:01 -08:00
|
|
|
return -ENOBUFS;
|
2018-01-11 23:30:08 -05:00
|
|
|
memcpy(out, iname->name, iname->len);
|
|
|
|
|
memset(out + iname->len, 0, olen - iname->len);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-12-01 10:44:44 -08:00
|
|
|
/* Initialize the IV */
|
|
|
|
|
memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-12-01 10:44:44 -08:00
|
|
|
/* Set up the encryption request */
|
2016-10-12 17:18:56 -07:00
|
|
|
req = skcipher_request_alloc(tfm, GFP_NOFS);
|
2018-04-30 15:51:38 -07:00
|
|
|
if (!req)
|
2015-04-26 00:12:50 -07:00
|
|
|
return -ENOMEM;
|
2016-10-12 17:18:56 -07:00
|
|
|
skcipher_request_set_callback(req,
|
2015-04-26 00:12:50 -07:00
|
|
|
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
|
2017-10-18 08:00:44 +01:00
|
|
|
crypto_req_done, &wait);
|
2018-01-11 23:30:08 -05:00
|
|
|
sg_init_one(&sg, out, olen);
|
|
|
|
|
skcipher_request_set_crypt(req, &sg, &sg, olen, iv);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-12-01 10:44:44 -08:00
|
|
|
/* Do the encryption */
|
2017-10-18 08:00:44 +01:00
|
|
|
res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
|
2016-10-12 17:18:56 -07:00
|
|
|
skcipher_request_free(req);
|
2016-12-01 10:44:44 -08:00
|
|
|
if (res < 0) {
|
2018-04-30 15:51:47 -07:00
|
|
|
fscrypt_err(inode->i_sb,
|
|
|
|
|
"Filename encryption failed for inode %lu: %d",
|
|
|
|
|
inode->i_ino, res);
|
2016-12-01 10:44:44 -08:00
|
|
|
return res;
|
|
|
|
|
}
|
2016-10-12 17:18:56 -07:00
|
|
|
|
2016-12-01 10:44:44 -08:00
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
|
|
|
|
|
2016-12-01 10:44:44 -08:00
|
|
|
/**
|
|
|
|
|
* fname_decrypt() - decrypt a filename
|
|
|
|
|
*
|
|
|
|
|
* The caller must have allocated sufficient memory for the @oname string.
|
|
|
|
|
*
|
|
|
|
|
* Return: 0 on success, -errno on failure
|
2015-04-26 00:12:50 -07:00
|
|
|
*/
|
2016-10-12 17:18:56 -07:00
|
|
|
static int fname_decrypt(struct inode *inode,
|
|
|
|
|
const struct fscrypt_str *iname,
|
|
|
|
|
struct fscrypt_str *oname)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
2016-10-12 17:18:56 -07:00
|
|
|
struct skcipher_request *req = NULL;
|
2017-10-18 08:00:44 +01:00
|
|
|
DECLARE_CRYPTO_WAIT(wait);
|
2015-04-26 00:12:50 -07:00
|
|
|
struct scatterlist src_sg, dst_sg;
|
2018-04-30 15:51:42 -07:00
|
|
|
struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm;
|
2015-04-26 00:12:50 -07:00
|
|
|
int res = 0;
|
2016-10-12 17:18:56 -07:00
|
|
|
char iv[FS_CRYPTO_BLOCK_SIZE];
|
2015-04-26 00:12:50 -07:00
|
|
|
|
|
|
|
|
/* Allocate request */
|
2016-10-12 17:18:56 -07:00
|
|
|
req = skcipher_request_alloc(tfm, GFP_NOFS);
|
2018-04-30 15:51:38 -07:00
|
|
|
if (!req)
|
2015-04-26 00:12:50 -07:00
|
|
|
return -ENOMEM;
|
2016-10-12 17:18:56 -07:00
|
|
|
skcipher_request_set_callback(req,
|
2015-04-26 00:12:50 -07:00
|
|
|
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
|
2017-10-18 08:00:44 +01:00
|
|
|
crypto_req_done, &wait);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
|
|
|
|
/* Initialize IV */
|
2016-10-12 17:18:56 -07:00
|
|
|
memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
|
|
|
|
/* Create decryption request */
|
|
|
|
|
sg_init_one(&src_sg, iname->name, iname->len);
|
|
|
|
|
sg_init_one(&dst_sg, oname->name, oname->len);
|
2016-10-12 17:18:56 -07:00
|
|
|
skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
|
2017-10-18 08:00:44 +01:00
|
|
|
res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
|
2016-10-12 17:18:56 -07:00
|
|
|
skcipher_request_free(req);
|
2015-04-26 00:12:50 -07:00
|
|
|
if (res < 0) {
|
2018-04-30 15:51:47 -07:00
|
|
|
fscrypt_err(inode->i_sb,
|
|
|
|
|
"Filename decryption failed for inode %lu: %d",
|
|
|
|
|
inode->i_ino, res);
|
2015-04-26 00:12:50 -07:00
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
oname->len = strnlen(oname->name, iname->len);
|
2016-12-01 10:44:44 -08:00
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *lookup_table =
|
|
|
|
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
|
|
|
|
|
|
2017-04-24 10:00:10 -07:00
|
|
|
#define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)
|
|
|
|
|
|
2015-04-26 00:12:50 -07:00
|
|
|
/**
|
2016-10-12 17:18:56 -07:00
|
|
|
* digest_encode() -
|
2015-04-26 00:12:50 -07:00
|
|
|
*
|
|
|
|
|
* Encodes the input digest using characters from the set [a-zA-Z0-9_+].
|
|
|
|
|
* The encoded string is roughly 4/3 times the size of the input string.
|
|
|
|
|
*/
|
|
|
|
|
static int digest_encode(const char *src, int len, char *dst)
|
|
|
|
|
{
|
|
|
|
|
int i = 0, bits = 0, ac = 0;
|
|
|
|
|
char *cp = dst;
|
|
|
|
|
|
|
|
|
|
while (i < len) {
|
|
|
|
|
ac += (((unsigned char) src[i]) << bits);
|
|
|
|
|
bits += 8;
|
|
|
|
|
do {
|
|
|
|
|
*cp++ = lookup_table[ac & 0x3f];
|
|
|
|
|
ac >>= 6;
|
|
|
|
|
bits -= 6;
|
|
|
|
|
} while (bits >= 6);
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
if (bits)
|
|
|
|
|
*cp++ = lookup_table[ac & 0x3f];
|
|
|
|
|
return cp - dst;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int digest_decode(const char *src, int len, char *dst)
|
|
|
|
|
{
|
|
|
|
|
int i = 0, bits = 0, ac = 0;
|
|
|
|
|
const char *p;
|
|
|
|
|
char *cp = dst;
|
|
|
|
|
|
|
|
|
|
while (i < len) {
|
|
|
|
|
p = strchr(lookup_table, src[i]);
|
|
|
|
|
if (p == NULL || src[i] == 0)
|
|
|
|
|
return -2;
|
|
|
|
|
ac += (p - lookup_table) << bits;
|
|
|
|
|
bits += 6;
|
|
|
|
|
if (bits >= 8) {
|
|
|
|
|
*cp++ = ac & 0xff;
|
|
|
|
|
ac >>= 8;
|
|
|
|
|
bits -= 8;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
if (ac)
|
|
|
|
|
return -1;
|
|
|
|
|
return cp - dst;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-11 23:30:08 -05:00
|
|
|
bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
|
|
|
|
|
u32 max_len, u32 *encrypted_len_ret)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
2018-01-11 23:30:08 -05:00
|
|
|
int padding = 4 << (inode->i_crypt_info->ci_flags &
|
|
|
|
|
FS_POLICY_FLAGS_PAD_MASK);
|
|
|
|
|
u32 encrypted_len;
|
|
|
|
|
|
|
|
|
|
if (orig_len > max_len)
|
|
|
|
|
return false;
|
|
|
|
|
encrypted_len = max(orig_len, (u32)FS_CRYPTO_BLOCK_SIZE);
|
|
|
|
|
encrypted_len = round_up(encrypted_len, padding);
|
|
|
|
|
*encrypted_len_ret = min(encrypted_len, max_len);
|
|
|
|
|
return true;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2018-01-11 23:30:08 -05:00
|
|
|
* fscrypt_fname_alloc_buffer - allocate a buffer for presented filenames
|
2015-04-26 00:12:50 -07:00
|
|
|
*
|
2018-01-11 23:30:08 -05:00
|
|
|
* Allocate a buffer that is large enough to hold any decrypted or encoded
|
|
|
|
|
* filename (null-terminated), for the given maximum encrypted filename length.
|
|
|
|
|
*
|
|
|
|
|
* Return: 0 on success, -errno on failure
|
2015-04-26 00:12:50 -07:00
|
|
|
*/
|
2017-03-08 15:24:43 -08:00
|
|
|
int fscrypt_fname_alloc_buffer(const struct inode *inode,
|
2018-01-11 23:30:08 -05:00
|
|
|
u32 max_encrypted_len,
|
|
|
|
|
struct fscrypt_str *crypto_str)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
2017-04-24 10:00:10 -07:00
|
|
|
const u32 max_encoded_len =
|
|
|
|
|
max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE),
|
|
|
|
|
1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)));
|
2018-01-11 23:30:08 -05:00
|
|
|
u32 max_presented_len;
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2018-01-11 23:30:08 -05:00
|
|
|
max_presented_len = max(max_encoded_len, max_encrypted_len);
|
2017-04-24 10:00:10 -07:00
|
|
|
|
2018-01-11 23:30:08 -05:00
|
|
|
crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);
|
|
|
|
|
if (!crypto_str->name)
|
2015-04-26 00:12:50 -07:00
|
|
|
return -ENOMEM;
|
2018-01-11 23:30:08 -05:00
|
|
|
crypto_str->len = max_presented_len;
|
2015-04-26 00:12:50 -07:00
|
|
|
return 0;
|
|
|
|
|
}
|
2016-10-12 17:18:56 -07:00
|
|
|
EXPORT_SYMBOL(fscrypt_fname_alloc_buffer);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
|
|
|
|
/**
|
2018-01-11 23:30:08 -05:00
|
|
|
* fscrypt_fname_free_buffer - free the buffer for presented filenames
|
2015-04-26 00:12:50 -07:00
|
|
|
*
|
2018-01-11 23:30:08 -05:00
|
|
|
* Free the buffer allocated by fscrypt_fname_alloc_buffer().
|
2015-04-26 00:12:50 -07:00
|
|
|
*/
|
2016-10-12 17:18:56 -07:00
|
|
|
void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
|
|
|
|
if (!crypto_str)
|
|
|
|
|
return;
|
|
|
|
|
kfree(crypto_str->name);
|
|
|
|
|
crypto_str->name = NULL;
|
|
|
|
|
}
|
2016-10-12 17:18:56 -07:00
|
|
|
EXPORT_SYMBOL(fscrypt_fname_free_buffer);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
|
|
|
|
/**
|
2016-10-12 17:18:56 -07:00
|
|
|
* fscrypt_fname_disk_to_usr() - converts a filename from disk space to user
|
|
|
|
|
* space
|
2016-12-01 10:44:44 -08:00
|
|
|
*
|
|
|
|
|
* The caller must have allocated sufficient memory for the @oname string.
|
|
|
|
|
*
|
2017-04-24 10:00:10 -07:00
|
|
|
* If the key is available, we'll decrypt the disk name; otherwise, we'll encode
|
|
|
|
|
* it for presentation. Short names are directly base64-encoded, while long
|
|
|
|
|
* names are encoded in fscrypt_digested_name format.
|
|
|
|
|
*
|
2016-12-01 10:44:44 -08:00
|
|
|
* Return: 0 on success, -errno on failure
|
2015-04-26 00:12:50 -07:00
|
|
|
*/
|
2016-10-12 17:18:56 -07:00
|
|
|
int fscrypt_fname_disk_to_usr(struct inode *inode,
|
|
|
|
|
u32 hash, u32 minor_hash,
|
|
|
|
|
const struct fscrypt_str *iname,
|
|
|
|
|
struct fscrypt_str *oname)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
|
|
|
|
const struct qstr qname = FSTR_TO_QSTR(iname);
|
2017-04-24 10:00:10 -07:00
|
|
|
struct fscrypt_digested_name digested_name;
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-10-12 17:18:56 -07:00
|
|
|
if (fscrypt_is_dot_dotdot(&qname)) {
|
2015-04-26 00:12:50 -07:00
|
|
|
oname->name[0] = '.';
|
|
|
|
|
oname->name[iname->len - 1] = '.';
|
|
|
|
|
oname->len = iname->len;
|
2016-12-01 10:44:44 -08:00
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
|
|
|
|
|
2016-10-12 17:18:56 -07:00
|
|
|
if (iname->len < FS_CRYPTO_BLOCK_SIZE)
|
|
|
|
|
return -EUCLEAN;
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-10-12 17:18:56 -07:00
|
|
|
if (inode->i_crypt_info)
|
|
|
|
|
return fname_decrypt(inode, iname, oname);
|
|
|
|
|
|
2017-04-24 10:00:10 -07:00
|
|
|
if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) {
|
2016-12-01 10:44:44 -08:00
|
|
|
oname->len = digest_encode(iname->name, iname->len,
|
|
|
|
|
oname->name);
|
|
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
|
|
|
|
if (hash) {
|
2017-04-24 10:00:10 -07:00
|
|
|
digested_name.hash = hash;
|
|
|
|
|
digested_name.minor_hash = minor_hash;
|
2016-10-12 17:18:56 -07:00
|
|
|
} else {
|
2017-04-24 10:00:10 -07:00
|
|
|
digested_name.hash = 0;
|
|
|
|
|
digested_name.minor_hash = 0;
|
2016-10-12 17:18:56 -07:00
|
|
|
}
|
2017-04-24 10:00:10 -07:00
|
|
|
memcpy(digested_name.digest,
|
|
|
|
|
FSCRYPT_FNAME_DIGEST(iname->name, iname->len),
|
|
|
|
|
FSCRYPT_FNAME_DIGEST_SIZE);
|
2015-04-26 00:12:50 -07:00
|
|
|
oname->name[0] = '_';
|
2017-04-24 10:00:10 -07:00
|
|
|
oname->len = 1 + digest_encode((const char *)&digested_name,
|
|
|
|
|
sizeof(digested_name), oname->name + 1);
|
2016-12-01 10:44:44 -08:00
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
2016-10-12 17:18:56 -07:00
|
|
|
EXPORT_SYMBOL(fscrypt_fname_disk_to_usr);
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2017-04-24 10:00:10 -07:00
|
|
|
/**
|
|
|
|
|
* fscrypt_setup_filename() - prepare to search a possibly encrypted directory
|
|
|
|
|
* @dir: the directory that will be searched
|
|
|
|
|
* @iname: the user-provided filename being searched for
|
|
|
|
|
* @lookup: 1 if we're allowed to proceed without the key because it's
|
|
|
|
|
* ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
|
|
|
|
|
* proceed without the key because we're going to create the dir_entry.
|
|
|
|
|
* @fname: the filename information to be filled in
|
|
|
|
|
*
|
|
|
|
|
* Given a user-provided filename @iname, this function sets @fname->disk_name
|
|
|
|
|
* to the name that would be stored in the on-disk directory entry, if possible.
|
|
|
|
|
* If the directory is unencrypted this is simply @iname. Else, if we have the
|
|
|
|
|
* directory's encryption key, then @iname is the plaintext, so we encrypt it to
|
|
|
|
|
* get the disk_name.
|
|
|
|
|
*
|
|
|
|
|
* Else, for keyless @lookup operations, @iname is the presented ciphertext, so
|
|
|
|
|
* we decode it to get either the ciphertext disk_name (for short names) or the
|
|
|
|
|
* fscrypt_digested_name (for long names). Non-@lookup operations will be
|
|
|
|
|
* impossible in this case, so we fail them with ENOKEY.
|
|
|
|
|
*
|
|
|
|
|
* If successful, fscrypt_free_filename() must be called later to clean up.
|
|
|
|
|
*
|
|
|
|
|
* Return: 0 on success, -errno on failure
|
|
|
|
|
*/
|
2016-10-12 17:18:56 -07:00
|
|
|
int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
|
|
|
|
|
int lookup, struct fscrypt_name *fname)
|
2015-04-26 00:12:50 -07:00
|
|
|
{
|
2017-04-24 10:00:10 -07:00
|
|
|
int ret;
|
|
|
|
|
int digested;
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-10-12 17:18:56 -07:00
|
|
|
memset(fname, 0, sizeof(struct fscrypt_name));
|
2015-04-26 00:12:50 -07:00
|
|
|
fname->usr_fname = iname;
|
|
|
|
|
|
2017-10-09 12:15:36 -07:00
|
|
|
if (!IS_ENCRYPTED(dir) || fscrypt_is_dot_dotdot(iname)) {
|
2015-04-26 00:12:50 -07:00
|
|
|
fname->disk_name.name = (unsigned char *)iname->name;
|
|
|
|
|
fname->disk_name.len = iname->len;
|
2015-05-13 18:20:54 +08:00
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
fscrypt: remove broken support for detecting keyring key revocation
Filesystem encryption ostensibly supported revoking a keyring key that
had been used to "unlock" encrypted files, causing those files to become
"locked" again. This was, however, buggy for several reasons, the most
severe of which was that when key revocation happened to be detected for
an inode, its fscrypt_info was immediately freed, even while other
threads could be using it for encryption or decryption concurrently.
This could be exploited to crash the kernel or worse.
This patch fixes the use-after-free by removing the code which detects
the keyring key having been revoked, invalidated, or expired. Instead,
an encrypted inode that is "unlocked" now simply remains unlocked until
it is evicted from memory. Note that this is no worse than the case for
block device-level encryption, e.g. dm-crypt, and it still remains
possible for a privileged user to evict unused pages, inodes, and
dentries by running 'sync; echo 3 > /proc/sys/vm/drop_caches', or by
simply unmounting the filesystem. In fact, one of those actions was
already needed anyway for key revocation to work even somewhat sanely.
This change is not expected to break any applications.
In the future I'd like to implement a real API for fscrypt key
revocation that interacts sanely with ongoing filesystem operations ---
waiting for existing operations to complete and blocking new operations,
and invalidating and sanitizing key material and plaintext from the VFS
caches. But this is a hard problem, and for now this bug must be fixed.
This bug affected almost all versions of ext4, f2fs, and ubifs
encryption, and it was potentially reachable in any kernel configured
with encryption support (CONFIG_EXT4_ENCRYPTION=y,
CONFIG_EXT4_FS_ENCRYPTION=y, CONFIG_F2FS_FS_ENCRYPTION=y, or
CONFIG_UBIFS_FS_ENCRYPTION=y). Note that older kernels did not use the
shared fs/crypto/ code, but due to the potential security implications
of this bug, it may still be worthwhile to backport this fix to them.
Fixes: b7236e21d55f ("ext4 crypto: reorganize how we store keys in the inode")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Acked-by: Michael Halcrow <mhalcrow@google.com>
2017-02-21 15:07:11 -08:00
|
|
|
ret = fscrypt_get_encryption_info(dir);
|
2018-04-30 15:51:41 -07:00
|
|
|
if (ret)
|
2015-04-26 00:12:50 -07:00
|
|
|
return ret;
|
2016-10-12 17:18:56 -07:00
|
|
|
|
|
|
|
|
if (dir->i_crypt_info) {
|
2018-01-11 23:30:08 -05:00
|
|
|
if (!fscrypt_fname_encrypted_size(dir, iname->len,
|
2018-04-30 15:51:44 -07:00
|
|
|
dir->i_sb->s_cop->max_namelen,
|
2018-01-11 23:30:08 -05:00
|
|
|
&fname->crypto_buf.len))
|
2018-01-11 23:30:08 -05:00
|
|
|
return -ENAMETOOLONG;
|
|
|
|
|
fname->crypto_buf.name = kmalloc(fname->crypto_buf.len,
|
|
|
|
|
GFP_NOFS);
|
|
|
|
|
if (!fname->crypto_buf.name)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
ret = fname_encrypt(dir, iname, fname->crypto_buf.name,
|
|
|
|
|
fname->crypto_buf.len);
|
2016-12-01 10:44:44 -08:00
|
|
|
if (ret)
|
2015-05-28 17:06:40 -07:00
|
|
|
goto errout;
|
2015-04-26 00:12:50 -07:00
|
|
|
fname->disk_name.name = fname->crypto_buf.name;
|
|
|
|
|
fname->disk_name.len = fname->crypto_buf.len;
|
2015-05-13 18:20:54 +08:00
|
|
|
return 0;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
2015-05-28 17:06:40 -07:00
|
|
|
if (!lookup)
|
2017-03-08 15:24:43 -08:00
|
|
|
return -ENOKEY;
|
2015-04-26 00:12:50 -07:00
|
|
|
|
2016-10-12 17:18:56 -07:00
|
|
|
/*
|
|
|
|
|
* We don't have the key and we are doing a lookup; decode the
|
2015-04-26 00:12:50 -07:00
|
|
|
* user-supplied name
|
|
|
|
|
*/
|
2017-04-24 10:00:10 -07:00
|
|
|
if (iname->name[0] == '_') {
|
|
|
|
|
if (iname->len !=
|
|
|
|
|
1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)))
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
digested = 1;
|
|
|
|
|
} else {
|
|
|
|
|
if (iname->len >
|
|
|
|
|
BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE))
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
digested = 0;
|
|
|
|
|
}
|
2015-05-28 17:06:40 -07:00
|
|
|
|
2017-04-24 10:00:10 -07:00
|
|
|
fname->crypto_buf.name =
|
|
|
|
|
kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE,
|
|
|
|
|
sizeof(struct fscrypt_digested_name)),
|
|
|
|
|
GFP_KERNEL);
|
2015-05-28 17:06:40 -07:00
|
|
|
if (fname->crypto_buf.name == NULL)
|
|
|
|
|
return -ENOMEM;
|
2016-10-12 17:18:56 -07:00
|
|
|
|
2017-04-24 10:00:10 -07:00
|
|
|
ret = digest_decode(iname->name + digested, iname->len - digested,
|
2015-04-26 00:12:50 -07:00
|
|
|
fname->crypto_buf.name);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
ret = -ENOENT;
|
2015-05-28 17:06:40 -07:00
|
|
|
goto errout;
|
2015-04-26 00:12:50 -07:00
|
|
|
}
|
|
|
|
|
fname->crypto_buf.len = ret;
|
2017-04-24 10:00:10 -07:00
|
|
|
if (digested) {
|
|
|
|
|
const struct fscrypt_digested_name *n =
|
|
|
|
|
(const void *)fname->crypto_buf.name;
|
|
|
|
|
fname->hash = n->hash;
|
|
|
|
|
fname->minor_hash = n->minor_hash;
|
2015-04-26 00:12:50 -07:00
|
|
|
} else {
|
|
|
|
|
fname->disk_name.name = fname->crypto_buf.name;
|
|
|
|
|
fname->disk_name.len = fname->crypto_buf.len;
|
|
|
|
|
}
|
2015-05-13 18:20:54 +08:00
|
|
|
return 0;
|
2016-10-12 17:18:56 -07:00
|
|
|
|
2015-05-28 17:06:40 -07:00
|
|
|
errout:
|
2018-01-11 23:30:08 -05:00
|
|
|
kfree(fname->crypto_buf.name);
|
2015-04-26 00:12:50 -07:00
|
|
|
return ret;
|
|
|
|
|
}
|
2016-10-12 17:18:56 -07:00
|
|
|
EXPORT_SYMBOL(fscrypt_setup_filename);
|
