eCryptfs: removed num_global_auth_toks from ecryptfs_mount_crypt_stat
[linux-2.6.git] / fs / ecryptfs / keystore.c
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27
28 #include <linux/string.h>
29 #include <linux/syscalls.h>
30 #include <linux/pagemap.h>
31 #include <linux/key.h>
32 #include <linux/random.h>
33 #include <linux/crypto.h>
34 #include <linux/scatterlist.h>
35 #include <linux/slab.h>
36 #include "ecryptfs_kernel.h"
37
38 /**
39  * request_key returned an error instead of a valid key address;
40  * determine the type of error, make appropriate log entries, and
41  * return an error code.
42  */
43 static int process_request_key_err(long err_code)
44 {
45         int rc = 0;
46
47         switch (err_code) {
48         case -ENOKEY:
49                 ecryptfs_printk(KERN_WARNING, "No key\n");
50                 rc = -ENOENT;
51                 break;
52         case -EKEYEXPIRED:
53                 ecryptfs_printk(KERN_WARNING, "Key expired\n");
54                 rc = -ETIME;
55                 break;
56         case -EKEYREVOKED:
57                 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
58                 rc = -EINVAL;
59                 break;
60         default:
61                 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
62                                 "[0x%.16lx]\n", err_code);
63                 rc = -EINVAL;
64         }
65         return rc;
66 }
67
68 /**
69  * ecryptfs_parse_packet_length
70  * @data: Pointer to memory containing length at offset
71  * @size: This function writes the decoded size to this memory
72  *        address; zero on error
73  * @length_size: The number of bytes occupied by the encoded length
74  *
75  * Returns zero on success; non-zero on error
76  */
77 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
78                                  size_t *length_size)
79 {
80         int rc = 0;
81
82         (*length_size) = 0;
83         (*size) = 0;
84         if (data[0] < 192) {
85                 /* One-byte length */
86                 (*size) = (unsigned char)data[0];
87                 (*length_size) = 1;
88         } else if (data[0] < 224) {
89                 /* Two-byte length */
90                 (*size) = (((unsigned char)(data[0]) - 192) * 256);
91                 (*size) += ((unsigned char)(data[1]) + 192);
92                 (*length_size) = 2;
93         } else if (data[0] == 255) {
94                 /* Five-byte length; we're not supposed to see this */
95                 ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
96                                 "supported\n");
97                 rc = -EINVAL;
98                 goto out;
99         } else {
100                 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
101                 rc = -EINVAL;
102                 goto out;
103         }
104 out:
105         return rc;
106 }
107
108 /**
109  * ecryptfs_write_packet_length
110  * @dest: The byte array target into which to write the length. Must
111  *        have at least 5 bytes allocated.
112  * @size: The length to write.
113  * @packet_size_length: The number of bytes used to encode the packet
114  *                      length is written to this address.
115  *
116  * Returns zero on success; non-zero on error.
117  */
118 int ecryptfs_write_packet_length(char *dest, size_t size,
119                                  size_t *packet_size_length)
120 {
121         int rc = 0;
122
123         if (size < 192) {
124                 dest[0] = size;
125                 (*packet_size_length) = 1;
126         } else if (size < 65536) {
127                 dest[0] = (((size - 192) / 256) + 192);
128                 dest[1] = ((size - 192) % 256);
129                 (*packet_size_length) = 2;
130         } else {
131                 rc = -EINVAL;
132                 ecryptfs_printk(KERN_WARNING,
133                                 "Unsupported packet size: [%zd]\n", size);
134         }
135         return rc;
136 }
137
138 static int
139 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
140                     char **packet, size_t *packet_len)
141 {
142         size_t i = 0;
143         size_t data_len;
144         size_t packet_size_len;
145         char *message;
146         int rc;
147
148         /*
149          *              ***** TAG 64 Packet Format *****
150          *    | Content Type                       | 1 byte       |
151          *    | Key Identifier Size                | 1 or 2 bytes |
152          *    | Key Identifier                     | arbitrary    |
153          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
154          *    | Encrypted File Encryption Key      | arbitrary    |
155          */
156         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
157                     + session_key->encrypted_key_size);
158         *packet = kmalloc(data_len, GFP_KERNEL);
159         message = *packet;
160         if (!message) {
161                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
162                 rc = -ENOMEM;
163                 goto out;
164         }
165         message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
166         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
167                                           &packet_size_len);
168         if (rc) {
169                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
170                                 "header; cannot generate packet length\n");
171                 goto out;
172         }
173         i += packet_size_len;
174         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
175         i += ECRYPTFS_SIG_SIZE_HEX;
176         rc = ecryptfs_write_packet_length(&message[i],
177                                           session_key->encrypted_key_size,
178                                           &packet_size_len);
179         if (rc) {
180                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
181                                 "header; cannot generate packet length\n");
182                 goto out;
183         }
184         i += packet_size_len;
185         memcpy(&message[i], session_key->encrypted_key,
186                session_key->encrypted_key_size);
187         i += session_key->encrypted_key_size;
188         *packet_len = i;
189 out:
190         return rc;
191 }
192
193 static int
194 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
195                     struct ecryptfs_message *msg)
196 {
197         size_t i = 0;
198         char *data;
199         size_t data_len;
200         size_t m_size;
201         size_t message_len;
202         u16 checksum = 0;
203         u16 expected_checksum = 0;
204         int rc;
205
206         /*
207          *              ***** TAG 65 Packet Format *****
208          *         | Content Type             | 1 byte       |
209          *         | Status Indicator         | 1 byte       |
210          *         | File Encryption Key Size | 1 or 2 bytes |
211          *         | File Encryption Key      | arbitrary    |
212          */
213         message_len = msg->data_len;
214         data = msg->data;
215         if (message_len < 4) {
216                 rc = -EIO;
217                 goto out;
218         }
219         if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
220                 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
221                 rc = -EIO;
222                 goto out;
223         }
224         if (data[i++]) {
225                 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
226                                 "[%d]\n", data[i-1]);
227                 rc = -EIO;
228                 goto out;
229         }
230         rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
231         if (rc) {
232                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
233                                 "rc = [%d]\n", rc);
234                 goto out;
235         }
236         i += data_len;
237         if (message_len < (i + m_size)) {
238                 ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
239                                 "is shorter than expected\n");
240                 rc = -EIO;
241                 goto out;
242         }
243         if (m_size < 3) {
244                 ecryptfs_printk(KERN_ERR,
245                                 "The decrypted key is not long enough to "
246                                 "include a cipher code and checksum\n");
247                 rc = -EIO;
248                 goto out;
249         }
250         *cipher_code = data[i++];
251         /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
252         session_key->decrypted_key_size = m_size - 3;
253         if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
254                 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
255                                 "the maximum key size [%d]\n",
256                                 session_key->decrypted_key_size,
257                                 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
258                 rc = -EIO;
259                 goto out;
260         }
261         memcpy(session_key->decrypted_key, &data[i],
262                session_key->decrypted_key_size);
263         i += session_key->decrypted_key_size;
264         expected_checksum += (unsigned char)(data[i++]) << 8;
265         expected_checksum += (unsigned char)(data[i++]);
266         for (i = 0; i < session_key->decrypted_key_size; i++)
267                 checksum += session_key->decrypted_key[i];
268         if (expected_checksum != checksum) {
269                 ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
270                                 "encryption  key; expected [%x]; calculated "
271                                 "[%x]\n", expected_checksum, checksum);
272                 rc = -EIO;
273         }
274 out:
275         return rc;
276 }
277
278
279 static int
280 write_tag_66_packet(char *signature, u8 cipher_code,
281                     struct ecryptfs_crypt_stat *crypt_stat, char **packet,
282                     size_t *packet_len)
283 {
284         size_t i = 0;
285         size_t j;
286         size_t data_len;
287         size_t checksum = 0;
288         size_t packet_size_len;
289         char *message;
290         int rc;
291
292         /*
293          *              ***** TAG 66 Packet Format *****
294          *         | Content Type             | 1 byte       |
295          *         | Key Identifier Size      | 1 or 2 bytes |
296          *         | Key Identifier           | arbitrary    |
297          *         | File Encryption Key Size | 1 or 2 bytes |
298          *         | File Encryption Key      | arbitrary    |
299          */
300         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
301         *packet = kmalloc(data_len, GFP_KERNEL);
302         message = *packet;
303         if (!message) {
304                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
305                 rc = -ENOMEM;
306                 goto out;
307         }
308         message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
309         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
310                                           &packet_size_len);
311         if (rc) {
312                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
313                                 "header; cannot generate packet length\n");
314                 goto out;
315         }
316         i += packet_size_len;
317         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
318         i += ECRYPTFS_SIG_SIZE_HEX;
319         /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
320         rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
321                                           &packet_size_len);
322         if (rc) {
323                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
324                                 "header; cannot generate packet length\n");
325                 goto out;
326         }
327         i += packet_size_len;
328         message[i++] = cipher_code;
329         memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
330         i += crypt_stat->key_size;
331         for (j = 0; j < crypt_stat->key_size; j++)
332                 checksum += crypt_stat->key[j];
333         message[i++] = (checksum / 256) % 256;
334         message[i++] = (checksum % 256);
335         *packet_len = i;
336 out:
337         return rc;
338 }
339
340 static int
341 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
342                     struct ecryptfs_message *msg)
343 {
344         size_t i = 0;
345         char *data;
346         size_t data_len;
347         size_t message_len;
348         int rc;
349
350         /*
351          *              ***** TAG 65 Packet Format *****
352          *    | Content Type                       | 1 byte       |
353          *    | Status Indicator                   | 1 byte       |
354          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
355          *    | Encrypted File Encryption Key      | arbitrary    |
356          */
357         message_len = msg->data_len;
358         data = msg->data;
359         /* verify that everything through the encrypted FEK size is present */
360         if (message_len < 4) {
361                 rc = -EIO;
362                 printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
363                        "message length is [%d]\n", __func__, message_len, 4);
364                 goto out;
365         }
366         if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
367                 rc = -EIO;
368                 printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
369                        __func__);
370                 goto out;
371         }
372         if (data[i++]) {
373                 rc = -EIO;
374                 printk(KERN_ERR "%s: Status indicator has non zero "
375                        "value [%d]\n", __func__, data[i-1]);
376
377                 goto out;
378         }
379         rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
380                                           &data_len);
381         if (rc) {
382                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
383                                 "rc = [%d]\n", rc);
384                 goto out;
385         }
386         i += data_len;
387         if (message_len < (i + key_rec->enc_key_size)) {
388                 rc = -EIO;
389                 printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
390                        __func__, message_len, (i + key_rec->enc_key_size));
391                 goto out;
392         }
393         if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
394                 rc = -EIO;
395                 printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
396                        "the maximum key size [%d]\n", __func__,
397                        key_rec->enc_key_size,
398                        ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
399                 goto out;
400         }
401         memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
402 out:
403         return rc;
404 }
405
406 static int
407 ecryptfs_find_global_auth_tok_for_sig(
408         struct ecryptfs_global_auth_tok **global_auth_tok,
409         struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
410 {
411         struct ecryptfs_global_auth_tok *walker;
412         int rc = 0;
413
414         (*global_auth_tok) = NULL;
415         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
416         list_for_each_entry(walker,
417                             &mount_crypt_stat->global_auth_tok_list,
418                             mount_crypt_stat_list) {
419                 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
420                         rc = key_validate(walker->global_auth_tok_key);
421                         if (!rc)
422                                 (*global_auth_tok) = walker;
423                         goto out;
424                 }
425         }
426         rc = -EINVAL;
427 out:
428         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
429         return rc;
430 }
431
432 /**
433  * ecryptfs_find_auth_tok_for_sig
434  * @auth_tok: Set to the matching auth_tok; NULL if not found
435  * @crypt_stat: inode crypt_stat crypto context
436  * @sig: Sig of auth_tok to find
437  *
438  * For now, this function simply looks at the registered auth_tok's
439  * linked off the mount_crypt_stat, so all the auth_toks that can be
440  * used must be registered at mount time. This function could
441  * potentially try a lot harder to find auth_tok's (e.g., by calling
442  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
443  * that static registration of auth_tok's will no longer be necessary.
444  *
445  * Returns zero on no error; non-zero on error
446  */
447 static int
448 ecryptfs_find_auth_tok_for_sig(
449         struct key **auth_tok_key,
450         struct ecryptfs_auth_tok **auth_tok,
451         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
452         char *sig)
453 {
454         struct ecryptfs_global_auth_tok *global_auth_tok;
455         int rc = 0;
456
457         (*auth_tok_key) = NULL;
458         (*auth_tok) = NULL;
459         if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
460                                                   mount_crypt_stat, sig)) {
461
462                 /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
463                  * mount_crypt_stat structure, we prevent to use auth toks that
464                  * are not inserted through the ecryptfs_add_global_auth_tok
465                  * function.
466                  */
467                 if (mount_crypt_stat->flags
468                                 & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
469                         return -EINVAL;
470
471                 rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
472                                                        sig);
473         } else
474                 (*auth_tok) = global_auth_tok->global_auth_tok;
475         return rc;
476 }
477
478 /**
479  * write_tag_70_packet can gobble a lot of stack space. We stuff most
480  * of the function's parameters in a kmalloc'd struct to help reduce
481  * eCryptfs' overall stack usage.
482  */
483 struct ecryptfs_write_tag_70_packet_silly_stack {
484         u8 cipher_code;
485         size_t max_packet_size;
486         size_t packet_size_len;
487         size_t block_aligned_filename_size;
488         size_t block_size;
489         size_t i;
490         size_t j;
491         size_t num_rand_bytes;
492         struct mutex *tfm_mutex;
493         char *block_aligned_filename;
494         struct ecryptfs_auth_tok *auth_tok;
495         struct scatterlist src_sg;
496         struct scatterlist dst_sg;
497         struct blkcipher_desc desc;
498         char iv[ECRYPTFS_MAX_IV_BYTES];
499         char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
500         char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
501         struct hash_desc hash_desc;
502         struct scatterlist hash_sg;
503 };
504
505 /**
506  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
507  * @filename: NULL-terminated filename string
508  *
509  * This is the simplest mechanism for achieving filename encryption in
510  * eCryptfs. It encrypts the given filename with the mount-wide
511  * filename encryption key (FNEK) and stores it in a packet to @dest,
512  * which the callee will encode and write directly into the dentry
513  * name.
514  */
515 int
516 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
517                              size_t *packet_size,
518                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
519                              char *filename, size_t filename_size)
520 {
521         struct ecryptfs_write_tag_70_packet_silly_stack *s;
522         struct key *auth_tok_key = NULL;
523         int rc = 0;
524
525         s = kmalloc(sizeof(*s), GFP_KERNEL);
526         if (!s) {
527                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
528                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
529                 rc = -ENOMEM;
530                 goto out;
531         }
532         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
533         (*packet_size) = 0;
534         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
535                 &s->desc.tfm,
536                 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
537         if (unlikely(rc)) {
538                 printk(KERN_ERR "Internal error whilst attempting to get "
539                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
540                        mount_crypt_stat->global_default_fn_cipher_name, rc);
541                 goto out;
542         }
543         mutex_lock(s->tfm_mutex);
544         s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
545         /* Plus one for the \0 separator between the random prefix
546          * and the plaintext filename */
547         s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
548         s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
549         if ((s->block_aligned_filename_size % s->block_size) != 0) {
550                 s->num_rand_bytes += (s->block_size
551                                       - (s->block_aligned_filename_size
552                                          % s->block_size));
553                 s->block_aligned_filename_size = (s->num_rand_bytes
554                                                   + filename_size);
555         }
556         /* Octet 0: Tag 70 identifier
557          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
558          *              and block-aligned encrypted filename size)
559          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
560          * Octet N2-N3: Cipher identifier (1 octet)
561          * Octets N3-N4: Block-aligned encrypted filename
562          *  - Consists of a minimum number of random characters, a \0
563          *    separator, and then the filename */
564         s->max_packet_size = (1                   /* Tag 70 identifier */
565                               + 3                 /* Max Tag 70 packet size */
566                               + ECRYPTFS_SIG_SIZE /* FNEK sig */
567                               + 1                 /* Cipher identifier */
568                               + s->block_aligned_filename_size);
569         if (dest == NULL) {
570                 (*packet_size) = s->max_packet_size;
571                 goto out_unlock;
572         }
573         if (s->max_packet_size > (*remaining_bytes)) {
574                 printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
575                        "[%zd] available\n", __func__, s->max_packet_size,
576                        (*remaining_bytes));
577                 rc = -EINVAL;
578                 goto out_unlock;
579         }
580         s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
581                                             GFP_KERNEL);
582         if (!s->block_aligned_filename) {
583                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
584                        "kzalloc [%zd] bytes\n", __func__,
585                        s->block_aligned_filename_size);
586                 rc = -ENOMEM;
587                 goto out_unlock;
588         }
589         s->i = 0;
590         dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
591         rc = ecryptfs_write_packet_length(&dest[s->i],
592                                           (ECRYPTFS_SIG_SIZE
593                                            + 1 /* Cipher code */
594                                            + s->block_aligned_filename_size),
595                                           &s->packet_size_len);
596         if (rc) {
597                 printk(KERN_ERR "%s: Error generating tag 70 packet "
598                        "header; cannot generate packet length; rc = [%d]\n",
599                        __func__, rc);
600                 goto out_free_unlock;
601         }
602         s->i += s->packet_size_len;
603         ecryptfs_from_hex(&dest[s->i],
604                           mount_crypt_stat->global_default_fnek_sig,
605                           ECRYPTFS_SIG_SIZE);
606         s->i += ECRYPTFS_SIG_SIZE;
607         s->cipher_code = ecryptfs_code_for_cipher_string(
608                 mount_crypt_stat->global_default_fn_cipher_name,
609                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
610         if (s->cipher_code == 0) {
611                 printk(KERN_WARNING "%s: Unable to generate code for "
612                        "cipher [%s] with key bytes [%zd]\n", __func__,
613                        mount_crypt_stat->global_default_fn_cipher_name,
614                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
615                 rc = -EINVAL;
616                 goto out_free_unlock;
617         }
618         dest[s->i++] = s->cipher_code;
619         rc = ecryptfs_find_auth_tok_for_sig(
620                 &auth_tok_key,
621                 &s->auth_tok, mount_crypt_stat,
622                 mount_crypt_stat->global_default_fnek_sig);
623         if (rc) {
624                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
625                        "fnek sig [%s]; rc = [%d]\n", __func__,
626                        mount_crypt_stat->global_default_fnek_sig, rc);
627                 goto out_free_unlock;
628         }
629         /* TODO: Support other key modules than passphrase for
630          * filename encryption */
631         if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
632                 rc = -EOPNOTSUPP;
633                 printk(KERN_INFO "%s: Filename encryption only supports "
634                        "password tokens\n", __func__);
635                 goto out_free_unlock;
636         }
637         sg_init_one(
638                 &s->hash_sg,
639                 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
640                 s->auth_tok->token.password.session_key_encryption_key_bytes);
641         s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
642         s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
643                                              CRYPTO_ALG_ASYNC);
644         if (IS_ERR(s->hash_desc.tfm)) {
645                         rc = PTR_ERR(s->hash_desc.tfm);
646                         printk(KERN_ERR "%s: Error attempting to "
647                                "allocate hash crypto context; rc = [%d]\n",
648                                __func__, rc);
649                         goto out_free_unlock;
650         }
651         rc = crypto_hash_init(&s->hash_desc);
652         if (rc) {
653                 printk(KERN_ERR
654                        "%s: Error initializing crypto hash; rc = [%d]\n",
655                        __func__, rc);
656                 goto out_release_free_unlock;
657         }
658         rc = crypto_hash_update(
659                 &s->hash_desc, &s->hash_sg,
660                 s->auth_tok->token.password.session_key_encryption_key_bytes);
661         if (rc) {
662                 printk(KERN_ERR
663                        "%s: Error updating crypto hash; rc = [%d]\n",
664                        __func__, rc);
665                 goto out_release_free_unlock;
666         }
667         rc = crypto_hash_final(&s->hash_desc, s->hash);
668         if (rc) {
669                 printk(KERN_ERR
670                        "%s: Error finalizing crypto hash; rc = [%d]\n",
671                        __func__, rc);
672                 goto out_release_free_unlock;
673         }
674         for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
675                 s->block_aligned_filename[s->j] =
676                         s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
677                 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
678                     == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
679                         sg_init_one(&s->hash_sg, (u8 *)s->hash,
680                                     ECRYPTFS_TAG_70_DIGEST_SIZE);
681                         rc = crypto_hash_init(&s->hash_desc);
682                         if (rc) {
683                                 printk(KERN_ERR
684                                        "%s: Error initializing crypto hash; "
685                                        "rc = [%d]\n", __func__, rc);
686                                 goto out_release_free_unlock;
687                         }
688                         rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
689                                                 ECRYPTFS_TAG_70_DIGEST_SIZE);
690                         if (rc) {
691                                 printk(KERN_ERR
692                                        "%s: Error updating crypto hash; "
693                                        "rc = [%d]\n", __func__, rc);
694                                 goto out_release_free_unlock;
695                         }
696                         rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
697                         if (rc) {
698                                 printk(KERN_ERR
699                                        "%s: Error finalizing crypto hash; "
700                                        "rc = [%d]\n", __func__, rc);
701                                 goto out_release_free_unlock;
702                         }
703                         memcpy(s->hash, s->tmp_hash,
704                                ECRYPTFS_TAG_70_DIGEST_SIZE);
705                 }
706                 if (s->block_aligned_filename[s->j] == '\0')
707                         s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
708         }
709         memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
710                filename_size);
711         rc = virt_to_scatterlist(s->block_aligned_filename,
712                                  s->block_aligned_filename_size, &s->src_sg, 1);
713         if (rc != 1) {
714                 printk(KERN_ERR "%s: Internal error whilst attempting to "
715                        "convert filename memory to scatterlist; "
716                        "expected rc = 1; got rc = [%d]. "
717                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
718                        s->block_aligned_filename_size);
719                 goto out_release_free_unlock;
720         }
721         rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
722                                  &s->dst_sg, 1);
723         if (rc != 1) {
724                 printk(KERN_ERR "%s: Internal error whilst attempting to "
725                        "convert encrypted filename memory to scatterlist; "
726                        "expected rc = 1; got rc = [%d]. "
727                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
728                        s->block_aligned_filename_size);
729                 goto out_release_free_unlock;
730         }
731         /* The characters in the first block effectively do the job
732          * of the IV here, so we just use 0's for the IV. Note the
733          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
734          * >= ECRYPTFS_MAX_IV_BYTES. */
735         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
736         s->desc.info = s->iv;
737         rc = crypto_blkcipher_setkey(
738                 s->desc.tfm,
739                 s->auth_tok->token.password.session_key_encryption_key,
740                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
741         if (rc < 0) {
742                 printk(KERN_ERR "%s: Error setting key for crypto context; "
743                        "rc = [%d]. s->auth_tok->token.password.session_key_"
744                        "encryption_key = [0x%p]; mount_crypt_stat->"
745                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
746                        rc,
747                        s->auth_tok->token.password.session_key_encryption_key,
748                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
749                 goto out_release_free_unlock;
750         }
751         rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
752                                          s->block_aligned_filename_size);
753         if (rc) {
754                 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
755                        "rc = [%d]\n", __func__, rc);
756                 goto out_release_free_unlock;
757         }
758         s->i += s->block_aligned_filename_size;
759         (*packet_size) = s->i;
760         (*remaining_bytes) -= (*packet_size);
761 out_release_free_unlock:
762         crypto_free_hash(s->hash_desc.tfm);
763 out_free_unlock:
764         kzfree(s->block_aligned_filename);
765 out_unlock:
766         mutex_unlock(s->tfm_mutex);
767 out:
768         if (auth_tok_key)
769                 key_put(auth_tok_key);
770         kfree(s);
771         return rc;
772 }
773
774 struct ecryptfs_parse_tag_70_packet_silly_stack {
775         u8 cipher_code;
776         size_t max_packet_size;
777         size_t packet_size_len;
778         size_t parsed_tag_70_packet_size;
779         size_t block_aligned_filename_size;
780         size_t block_size;
781         size_t i;
782         struct mutex *tfm_mutex;
783         char *decrypted_filename;
784         struct ecryptfs_auth_tok *auth_tok;
785         struct scatterlist src_sg;
786         struct scatterlist dst_sg;
787         struct blkcipher_desc desc;
788         char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
789         char iv[ECRYPTFS_MAX_IV_BYTES];
790         char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
791 };
792
793 /**
794  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
795  * @filename: This function kmalloc's the memory for the filename
796  * @filename_size: This function sets this to the amount of memory
797  *                 kmalloc'd for the filename
798  * @packet_size: This function sets this to the the number of octets
799  *               in the packet parsed
800  * @mount_crypt_stat: The mount-wide cryptographic context
801  * @data: The memory location containing the start of the tag 70
802  *        packet
803  * @max_packet_size: The maximum legal size of the packet to be parsed
804  *                   from @data
805  *
806  * Returns zero on success; non-zero otherwise
807  */
808 int
809 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
810                              size_t *packet_size,
811                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
812                              char *data, size_t max_packet_size)
813 {
814         struct ecryptfs_parse_tag_70_packet_silly_stack *s;
815         struct key *auth_tok_key = NULL;
816         int rc = 0;
817
818         (*packet_size) = 0;
819         (*filename_size) = 0;
820         (*filename) = NULL;
821         s = kmalloc(sizeof(*s), GFP_KERNEL);
822         if (!s) {
823                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
824                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
825                 rc = -ENOMEM;
826                 goto out;
827         }
828         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
829         if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
830                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
831                        "at least [%d]\n", __func__, max_packet_size,
832                         (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
833                 rc = -EINVAL;
834                 goto out;
835         }
836         /* Octet 0: Tag 70 identifier
837          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
838          *              and block-aligned encrypted filename size)
839          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
840          * Octet N2-N3: Cipher identifier (1 octet)
841          * Octets N3-N4: Block-aligned encrypted filename
842          *  - Consists of a minimum number of random numbers, a \0
843          *    separator, and then the filename */
844         if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
845                 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
846                        "tag [0x%.2x]\n", __func__,
847                        data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
848                 rc = -EINVAL;
849                 goto out;
850         }
851         rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
852                                           &s->parsed_tag_70_packet_size,
853                                           &s->packet_size_len);
854         if (rc) {
855                 printk(KERN_WARNING "%s: Error parsing packet length; "
856                        "rc = [%d]\n", __func__, rc);
857                 goto out;
858         }
859         s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
860                                           - ECRYPTFS_SIG_SIZE - 1);
861         if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
862             > max_packet_size) {
863                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
864                        "size is [%zd]\n", __func__, max_packet_size,
865                        (1 + s->packet_size_len + 1
866                         + s->block_aligned_filename_size));
867                 rc = -EINVAL;
868                 goto out;
869         }
870         (*packet_size) += s->packet_size_len;
871         ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
872                         ECRYPTFS_SIG_SIZE);
873         s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
874         (*packet_size) += ECRYPTFS_SIG_SIZE;
875         s->cipher_code = data[(*packet_size)++];
876         rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
877         if (rc) {
878                 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
879                        __func__, s->cipher_code);
880                 goto out;
881         }
882         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
883                                                         &s->tfm_mutex,
884                                                         s->cipher_string);
885         if (unlikely(rc)) {
886                 printk(KERN_ERR "Internal error whilst attempting to get "
887                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
888                        s->cipher_string, rc);
889                 goto out;
890         }
891         mutex_lock(s->tfm_mutex);
892         rc = virt_to_scatterlist(&data[(*packet_size)],
893                                  s->block_aligned_filename_size, &s->src_sg, 1);
894         if (rc != 1) {
895                 printk(KERN_ERR "%s: Internal error whilst attempting to "
896                        "convert encrypted filename memory to scatterlist; "
897                        "expected rc = 1; got rc = [%d]. "
898                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
899                        s->block_aligned_filename_size);
900                 goto out_unlock;
901         }
902         (*packet_size) += s->block_aligned_filename_size;
903         s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
904                                         GFP_KERNEL);
905         if (!s->decrypted_filename) {
906                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
907                        "kmalloc [%zd] bytes\n", __func__,
908                        s->block_aligned_filename_size);
909                 rc = -ENOMEM;
910                 goto out_unlock;
911         }
912         rc = virt_to_scatterlist(s->decrypted_filename,
913                                  s->block_aligned_filename_size, &s->dst_sg, 1);
914         if (rc != 1) {
915                 printk(KERN_ERR "%s: Internal error whilst attempting to "
916                        "convert decrypted filename memory to scatterlist; "
917                        "expected rc = 1; got rc = [%d]. "
918                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
919                        s->block_aligned_filename_size);
920                 goto out_free_unlock;
921         }
922         /* The characters in the first block effectively do the job of
923          * the IV here, so we just use 0's for the IV. Note the
924          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
925          * >= ECRYPTFS_MAX_IV_BYTES. */
926         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
927         s->desc.info = s->iv;
928         rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
929                                             &s->auth_tok, mount_crypt_stat,
930                                             s->fnek_sig_hex);
931         if (rc) {
932                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
933                        "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
934                        rc);
935                 goto out_free_unlock;
936         }
937         /* TODO: Support other key modules than passphrase for
938          * filename encryption */
939         if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
940                 rc = -EOPNOTSUPP;
941                 printk(KERN_INFO "%s: Filename encryption only supports "
942                        "password tokens\n", __func__);
943                 goto out_free_unlock;
944         }
945         rc = crypto_blkcipher_setkey(
946                 s->desc.tfm,
947                 s->auth_tok->token.password.session_key_encryption_key,
948                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
949         if (rc < 0) {
950                 printk(KERN_ERR "%s: Error setting key for crypto context; "
951                        "rc = [%d]. s->auth_tok->token.password.session_key_"
952                        "encryption_key = [0x%p]; mount_crypt_stat->"
953                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
954                        rc,
955                        s->auth_tok->token.password.session_key_encryption_key,
956                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
957                 goto out_free_unlock;
958         }
959         rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
960                                          s->block_aligned_filename_size);
961         if (rc) {
962                 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
963                        "rc = [%d]\n", __func__, rc);
964                 goto out_free_unlock;
965         }
966         s->i = 0;
967         while (s->decrypted_filename[s->i] != '\0'
968                && s->i < s->block_aligned_filename_size)
969                 s->i++;
970         if (s->i == s->block_aligned_filename_size) {
971                 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
972                        "find valid separator between random characters and "
973                        "the filename\n", __func__);
974                 rc = -EINVAL;
975                 goto out_free_unlock;
976         }
977         s->i++;
978         (*filename_size) = (s->block_aligned_filename_size - s->i);
979         if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
980                 printk(KERN_WARNING "%s: Filename size is [%zd], which is "
981                        "invalid\n", __func__, (*filename_size));
982                 rc = -EINVAL;
983                 goto out_free_unlock;
984         }
985         (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
986         if (!(*filename)) {
987                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
988                        "kmalloc [%zd] bytes\n", __func__,
989                        ((*filename_size) + 1));
990                 rc = -ENOMEM;
991                 goto out_free_unlock;
992         }
993         memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
994         (*filename)[(*filename_size)] = '\0';
995 out_free_unlock:
996         kfree(s->decrypted_filename);
997 out_unlock:
998         mutex_unlock(s->tfm_mutex);
999 out:
1000         if (rc) {
1001                 (*packet_size) = 0;
1002                 (*filename_size) = 0;
1003                 (*filename) = NULL;
1004         }
1005         if (auth_tok_key)
1006                 key_put(auth_tok_key);
1007         kfree(s);
1008         return rc;
1009 }
1010
1011 static int
1012 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
1013 {
1014         int rc = 0;
1015
1016         (*sig) = NULL;
1017         switch (auth_tok->token_type) {
1018         case ECRYPTFS_PASSWORD:
1019                 (*sig) = auth_tok->token.password.signature;
1020                 break;
1021         case ECRYPTFS_PRIVATE_KEY:
1022                 (*sig) = auth_tok->token.private_key.signature;
1023                 break;
1024         default:
1025                 printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
1026                        auth_tok->token_type);
1027                 rc = -EINVAL;
1028         }
1029         return rc;
1030 }
1031
1032 /**
1033  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1034  * @auth_tok: The key authentication token used to decrypt the session key
1035  * @crypt_stat: The cryptographic context
1036  *
1037  * Returns zero on success; non-zero error otherwise.
1038  */
1039 static int
1040 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1041                                   struct ecryptfs_crypt_stat *crypt_stat)
1042 {
1043         u8 cipher_code = 0;
1044         struct ecryptfs_msg_ctx *msg_ctx;
1045         struct ecryptfs_message *msg = NULL;
1046         char *auth_tok_sig;
1047         char *payload;
1048         size_t payload_len;
1049         int rc;
1050
1051         rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1052         if (rc) {
1053                 printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1054                        auth_tok->token_type);
1055                 goto out;
1056         }
1057         rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1058                                  &payload, &payload_len);
1059         if (rc) {
1060                 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1061                 goto out;
1062         }
1063         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1064         if (rc) {
1065                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1066                                 "ecryptfsd\n");
1067                 goto out;
1068         }
1069         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1070         if (rc) {
1071                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1072                                 "from the user space daemon\n");
1073                 rc = -EIO;
1074                 goto out;
1075         }
1076         rc = parse_tag_65_packet(&(auth_tok->session_key),
1077                                  &cipher_code, msg);
1078         if (rc) {
1079                 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1080                        rc);
1081                 goto out;
1082         }
1083         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1084         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1085                auth_tok->session_key.decrypted_key_size);
1086         crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1087         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1088         if (rc) {
1089                 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1090                                 cipher_code)
1091                 goto out;
1092         }
1093         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1094         if (ecryptfs_verbosity > 0) {
1095                 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1096                 ecryptfs_dump_hex(crypt_stat->key,
1097                                   crypt_stat->key_size);
1098         }
1099 out:
1100         if (msg)
1101                 kfree(msg);
1102         return rc;
1103 }
1104
1105 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1106 {
1107         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1108         struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1109
1110         list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1111                                  auth_tok_list_head, list) {
1112                 list_del(&auth_tok_list_item->list);
1113                 kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1114                                 auth_tok_list_item);
1115         }
1116 }
1117
1118 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1119
1120 /**
1121  * parse_tag_1_packet
1122  * @crypt_stat: The cryptographic context to modify based on packet contents
1123  * @data: The raw bytes of the packet.
1124  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1125  *                 a new authentication token will be placed at the
1126  *                 end of this list for this packet.
1127  * @new_auth_tok: Pointer to a pointer to memory that this function
1128  *                allocates; sets the memory address of the pointer to
1129  *                NULL on error. This object is added to the
1130  *                auth_tok_list.
1131  * @packet_size: This function writes the size of the parsed packet
1132  *               into this memory location; zero on error.
1133  * @max_packet_size: The maximum allowable packet size
1134  *
1135  * Returns zero on success; non-zero on error.
1136  */
1137 static int
1138 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1139                    unsigned char *data, struct list_head *auth_tok_list,
1140                    struct ecryptfs_auth_tok **new_auth_tok,
1141                    size_t *packet_size, size_t max_packet_size)
1142 {
1143         size_t body_size;
1144         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1145         size_t length_size;
1146         int rc = 0;
1147
1148         (*packet_size) = 0;
1149         (*new_auth_tok) = NULL;
1150         /**
1151          * This format is inspired by OpenPGP; see RFC 2440
1152          * packet tag 1
1153          *
1154          * Tag 1 identifier (1 byte)
1155          * Max Tag 1 packet size (max 3 bytes)
1156          * Version (1 byte)
1157          * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1158          * Cipher identifier (1 byte)
1159          * Encrypted key size (arbitrary)
1160          *
1161          * 12 bytes minimum packet size
1162          */
1163         if (unlikely(max_packet_size < 12)) {
1164                 printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1165                 rc = -EINVAL;
1166                 goto out;
1167         }
1168         if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1169                 printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1170                        ECRYPTFS_TAG_1_PACKET_TYPE);
1171                 rc = -EINVAL;
1172                 goto out;
1173         }
1174         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1175          * at end of function upon failure */
1176         auth_tok_list_item =
1177                 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1178                                   GFP_KERNEL);
1179         if (!auth_tok_list_item) {
1180                 printk(KERN_ERR "Unable to allocate memory\n");
1181                 rc = -ENOMEM;
1182                 goto out;
1183         }
1184         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1185         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1186                                           &length_size);
1187         if (rc) {
1188                 printk(KERN_WARNING "Error parsing packet length; "
1189                        "rc = [%d]\n", rc);
1190                 goto out_free;
1191         }
1192         if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1193                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1194                 rc = -EINVAL;
1195                 goto out_free;
1196         }
1197         (*packet_size) += length_size;
1198         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1199                 printk(KERN_WARNING "Packet size exceeds max\n");
1200                 rc = -EINVAL;
1201                 goto out_free;
1202         }
1203         if (unlikely(data[(*packet_size)++] != 0x03)) {
1204                 printk(KERN_WARNING "Unknown version number [%d]\n",
1205                        data[(*packet_size) - 1]);
1206                 rc = -EINVAL;
1207                 goto out_free;
1208         }
1209         ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1210                         &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1211         *packet_size += ECRYPTFS_SIG_SIZE;
1212         /* This byte is skipped because the kernel does not need to
1213          * know which public key encryption algorithm was used */
1214         (*packet_size)++;
1215         (*new_auth_tok)->session_key.encrypted_key_size =
1216                 body_size - (ECRYPTFS_SIG_SIZE + 2);
1217         if ((*new_auth_tok)->session_key.encrypted_key_size
1218             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1219                 printk(KERN_WARNING "Tag 1 packet contains key larger "
1220                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1221                 rc = -EINVAL;
1222                 goto out;
1223         }
1224         memcpy((*new_auth_tok)->session_key.encrypted_key,
1225                &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1226         (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1227         (*new_auth_tok)->session_key.flags &=
1228                 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1229         (*new_auth_tok)->session_key.flags |=
1230                 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1231         (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1232         (*new_auth_tok)->flags = 0;
1233         (*new_auth_tok)->session_key.flags &=
1234                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1235         (*new_auth_tok)->session_key.flags &=
1236                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1237         list_add(&auth_tok_list_item->list, auth_tok_list);
1238         goto out;
1239 out_free:
1240         (*new_auth_tok) = NULL;
1241         memset(auth_tok_list_item, 0,
1242                sizeof(struct ecryptfs_auth_tok_list_item));
1243         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1244                         auth_tok_list_item);
1245 out:
1246         if (rc)
1247                 (*packet_size) = 0;
1248         return rc;
1249 }
1250
1251 /**
1252  * parse_tag_3_packet
1253  * @crypt_stat: The cryptographic context to modify based on packet
1254  *              contents.
1255  * @data: The raw bytes of the packet.
1256  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1257  *                 a new authentication token will be placed at the end
1258  *                 of this list for this packet.
1259  * @new_auth_tok: Pointer to a pointer to memory that this function
1260  *                allocates; sets the memory address of the pointer to
1261  *                NULL on error. This object is added to the
1262  *                auth_tok_list.
1263  * @packet_size: This function writes the size of the parsed packet
1264  *               into this memory location; zero on error.
1265  * @max_packet_size: maximum number of bytes to parse
1266  *
1267  * Returns zero on success; non-zero on error.
1268  */
1269 static int
1270 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1271                    unsigned char *data, struct list_head *auth_tok_list,
1272                    struct ecryptfs_auth_tok **new_auth_tok,
1273                    size_t *packet_size, size_t max_packet_size)
1274 {
1275         size_t body_size;
1276         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1277         size_t length_size;
1278         int rc = 0;
1279
1280         (*packet_size) = 0;
1281         (*new_auth_tok) = NULL;
1282         /**
1283          *This format is inspired by OpenPGP; see RFC 2440
1284          * packet tag 3
1285          *
1286          * Tag 3 identifier (1 byte)
1287          * Max Tag 3 packet size (max 3 bytes)
1288          * Version (1 byte)
1289          * Cipher code (1 byte)
1290          * S2K specifier (1 byte)
1291          * Hash identifier (1 byte)
1292          * Salt (ECRYPTFS_SALT_SIZE)
1293          * Hash iterations (1 byte)
1294          * Encrypted key (arbitrary)
1295          *
1296          * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1297          */
1298         if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1299                 printk(KERN_ERR "Max packet size too large\n");
1300                 rc = -EINVAL;
1301                 goto out;
1302         }
1303         if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1304                 printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1305                        ECRYPTFS_TAG_3_PACKET_TYPE);
1306                 rc = -EINVAL;
1307                 goto out;
1308         }
1309         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1310          * at end of function upon failure */
1311         auth_tok_list_item =
1312             kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1313         if (!auth_tok_list_item) {
1314                 printk(KERN_ERR "Unable to allocate memory\n");
1315                 rc = -ENOMEM;
1316                 goto out;
1317         }
1318         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1319         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1320                                           &length_size);
1321         if (rc) {
1322                 printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1323                        rc);
1324                 goto out_free;
1325         }
1326         if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1327                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1328                 rc = -EINVAL;
1329                 goto out_free;
1330         }
1331         (*packet_size) += length_size;
1332         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1333                 printk(KERN_ERR "Packet size exceeds max\n");
1334                 rc = -EINVAL;
1335                 goto out_free;
1336         }
1337         (*new_auth_tok)->session_key.encrypted_key_size =
1338                 (body_size - (ECRYPTFS_SALT_SIZE + 5));
1339         if ((*new_auth_tok)->session_key.encrypted_key_size
1340             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1341                 printk(KERN_WARNING "Tag 3 packet contains key larger "
1342                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
1343                 rc = -EINVAL;
1344                 goto out_free;
1345         }
1346         if (unlikely(data[(*packet_size)++] != 0x04)) {
1347                 printk(KERN_WARNING "Unknown version number [%d]\n",
1348                        data[(*packet_size) - 1]);
1349                 rc = -EINVAL;
1350                 goto out_free;
1351         }
1352         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1353                                             (u16)data[(*packet_size)]);
1354         if (rc)
1355                 goto out_free;
1356         /* A little extra work to differentiate among the AES key
1357          * sizes; see RFC2440 */
1358         switch(data[(*packet_size)++]) {
1359         case RFC2440_CIPHER_AES_192:
1360                 crypt_stat->key_size = 24;
1361                 break;
1362         default:
1363                 crypt_stat->key_size =
1364                         (*new_auth_tok)->session_key.encrypted_key_size;
1365         }
1366         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1367         if (rc)
1368                 goto out_free;
1369         if (unlikely(data[(*packet_size)++] != 0x03)) {
1370                 printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1371                 rc = -ENOSYS;
1372                 goto out_free;
1373         }
1374         /* TODO: finish the hash mapping */
1375         switch (data[(*packet_size)++]) {
1376         case 0x01: /* See RFC2440 for these numbers and their mappings */
1377                 /* Choose MD5 */
1378                 memcpy((*new_auth_tok)->token.password.salt,
1379                        &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1380                 (*packet_size) += ECRYPTFS_SALT_SIZE;
1381                 /* This conversion was taken straight from RFC2440 */
1382                 (*new_auth_tok)->token.password.hash_iterations =
1383                         ((u32) 16 + (data[(*packet_size)] & 15))
1384                                 << ((data[(*packet_size)] >> 4) + 6);
1385                 (*packet_size)++;
1386                 /* Friendly reminder:
1387                  * (*new_auth_tok)->session_key.encrypted_key_size =
1388                  *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1389                 memcpy((*new_auth_tok)->session_key.encrypted_key,
1390                        &data[(*packet_size)],
1391                        (*new_auth_tok)->session_key.encrypted_key_size);
1392                 (*packet_size) +=
1393                         (*new_auth_tok)->session_key.encrypted_key_size;
1394                 (*new_auth_tok)->session_key.flags &=
1395                         ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1396                 (*new_auth_tok)->session_key.flags |=
1397                         ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1398                 (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1399                 break;
1400         default:
1401                 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1402                                 "[%d]\n", data[(*packet_size) - 1]);
1403                 rc = -ENOSYS;
1404                 goto out_free;
1405         }
1406         (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1407         /* TODO: Parametarize; we might actually want userspace to
1408          * decrypt the session key. */
1409         (*new_auth_tok)->session_key.flags &=
1410                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1411         (*new_auth_tok)->session_key.flags &=
1412                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1413         list_add(&auth_tok_list_item->list, auth_tok_list);
1414         goto out;
1415 out_free:
1416         (*new_auth_tok) = NULL;
1417         memset(auth_tok_list_item, 0,
1418                sizeof(struct ecryptfs_auth_tok_list_item));
1419         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1420                         auth_tok_list_item);
1421 out:
1422         if (rc)
1423                 (*packet_size) = 0;
1424         return rc;
1425 }
1426
1427 /**
1428  * parse_tag_11_packet
1429  * @data: The raw bytes of the packet
1430  * @contents: This function writes the data contents of the literal
1431  *            packet into this memory location
1432  * @max_contents_bytes: The maximum number of bytes that this function
1433  *                      is allowed to write into contents
1434  * @tag_11_contents_size: This function writes the size of the parsed
1435  *                        contents into this memory location; zero on
1436  *                        error
1437  * @packet_size: This function writes the size of the parsed packet
1438  *               into this memory location; zero on error
1439  * @max_packet_size: maximum number of bytes to parse
1440  *
1441  * Returns zero on success; non-zero on error.
1442  */
1443 static int
1444 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1445                     size_t max_contents_bytes, size_t *tag_11_contents_size,
1446                     size_t *packet_size, size_t max_packet_size)
1447 {
1448         size_t body_size;
1449         size_t length_size;
1450         int rc = 0;
1451
1452         (*packet_size) = 0;
1453         (*tag_11_contents_size) = 0;
1454         /* This format is inspired by OpenPGP; see RFC 2440
1455          * packet tag 11
1456          *
1457          * Tag 11 identifier (1 byte)
1458          * Max Tag 11 packet size (max 3 bytes)
1459          * Binary format specifier (1 byte)
1460          * Filename length (1 byte)
1461          * Filename ("_CONSOLE") (8 bytes)
1462          * Modification date (4 bytes)
1463          * Literal data (arbitrary)
1464          *
1465          * We need at least 16 bytes of data for the packet to even be
1466          * valid.
1467          */
1468         if (max_packet_size < 16) {
1469                 printk(KERN_ERR "Maximum packet size too small\n");
1470                 rc = -EINVAL;
1471                 goto out;
1472         }
1473         if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1474                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1475                 rc = -EINVAL;
1476                 goto out;
1477         }
1478         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1479                                           &length_size);
1480         if (rc) {
1481                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1482                 goto out;
1483         }
1484         if (body_size < 14) {
1485                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1486                 rc = -EINVAL;
1487                 goto out;
1488         }
1489         (*packet_size) += length_size;
1490         (*tag_11_contents_size) = (body_size - 14);
1491         if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1492                 printk(KERN_ERR "Packet size exceeds max\n");
1493                 rc = -EINVAL;
1494                 goto out;
1495         }
1496         if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
1497                 printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
1498                        "expected size\n");
1499                 rc = -EINVAL;
1500                 goto out;
1501         }
1502         if (data[(*packet_size)++] != 0x62) {
1503                 printk(KERN_WARNING "Unrecognizable packet\n");
1504                 rc = -EINVAL;
1505                 goto out;
1506         }
1507         if (data[(*packet_size)++] != 0x08) {
1508                 printk(KERN_WARNING "Unrecognizable packet\n");
1509                 rc = -EINVAL;
1510                 goto out;
1511         }
1512         (*packet_size) += 12; /* Ignore filename and modification date */
1513         memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1514         (*packet_size) += (*tag_11_contents_size);
1515 out:
1516         if (rc) {
1517                 (*packet_size) = 0;
1518                 (*tag_11_contents_size) = 0;
1519         }
1520         return rc;
1521 }
1522
1523 /**
1524  * ecryptfs_verify_version
1525  * @version: The version number to confirm
1526  *
1527  * Returns zero on good version; non-zero otherwise
1528  */
1529 static int ecryptfs_verify_version(u16 version)
1530 {
1531         int rc = 0;
1532         unsigned char major;
1533         unsigned char minor;
1534
1535         major = ((version >> 8) & 0xFF);
1536         minor = (version & 0xFF);
1537         if (major != ECRYPTFS_VERSION_MAJOR) {
1538                 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1539                                 "Expected [%d]; got [%d]\n",
1540                                 ECRYPTFS_VERSION_MAJOR, major);
1541                 rc = -EINVAL;
1542                 goto out;
1543         }
1544         if (minor != ECRYPTFS_VERSION_MINOR) {
1545                 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1546                                 "Expected [%d]; got [%d]\n",
1547                                 ECRYPTFS_VERSION_MINOR, minor);
1548                 rc = -EINVAL;
1549                 goto out;
1550         }
1551 out:
1552         return rc;
1553 }
1554
1555 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1556                                       struct ecryptfs_auth_tok **auth_tok,
1557                                       char *sig)
1558 {
1559         int rc = 0;
1560
1561         (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1562         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1563                 printk(KERN_ERR "Could not find key with description: [%s]\n",
1564                        sig);
1565                 rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1566                 (*auth_tok_key) = NULL;
1567                 goto out;
1568         }
1569         (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
1570         if (ecryptfs_verify_version((*auth_tok)->version)) {
1571                 printk(KERN_ERR
1572                        "Data structure version mismatch. "
1573                        "Userspace tools must match eCryptfs "
1574                        "kernel module with major version [%d] "
1575                        "and minor version [%d]\n",
1576                        ECRYPTFS_VERSION_MAJOR,
1577                        ECRYPTFS_VERSION_MINOR);
1578                 rc = -EINVAL;
1579                 goto out_release_key;
1580         }
1581         if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1582             && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1583                 printk(KERN_ERR "Invalid auth_tok structure "
1584                        "returned from key query\n");
1585                 rc = -EINVAL;
1586                 goto out_release_key;
1587         }
1588 out_release_key:
1589         if (rc) {
1590                 key_put(*auth_tok_key);
1591                 (*auth_tok_key) = NULL;
1592         }
1593 out:
1594         return rc;
1595 }
1596
1597 /**
1598  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1599  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1600  * @crypt_stat: The cryptographic context
1601  *
1602  * Returns zero on success; non-zero error otherwise
1603  */
1604 static int
1605 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1606                                          struct ecryptfs_crypt_stat *crypt_stat)
1607 {
1608         struct scatterlist dst_sg[2];
1609         struct scatterlist src_sg[2];
1610         struct mutex *tfm_mutex;
1611         struct blkcipher_desc desc = {
1612                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
1613         };
1614         int rc = 0;
1615
1616         if (unlikely(ecryptfs_verbosity > 0)) {
1617                 ecryptfs_printk(
1618                         KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1619                         auth_tok->token.password.session_key_encryption_key_bytes);
1620                 ecryptfs_dump_hex(
1621                         auth_tok->token.password.session_key_encryption_key,
1622                         auth_tok->token.password.session_key_encryption_key_bytes);
1623         }
1624         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1625                                                         crypt_stat->cipher);
1626         if (unlikely(rc)) {
1627                 printk(KERN_ERR "Internal error whilst attempting to get "
1628                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1629                        crypt_stat->cipher, rc);
1630                 goto out;
1631         }
1632         rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1633                                  auth_tok->session_key.encrypted_key_size,
1634                                  src_sg, 2);
1635         if (rc < 1 || rc > 2) {
1636                 printk(KERN_ERR "Internal error whilst attempting to convert "
1637                         "auth_tok->session_key.encrypted_key to scatterlist; "
1638                         "expected rc = 1; got rc = [%d]. "
1639                        "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1640                         auth_tok->session_key.encrypted_key_size);
1641                 goto out;
1642         }
1643         auth_tok->session_key.decrypted_key_size =
1644                 auth_tok->session_key.encrypted_key_size;
1645         rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1646                                  auth_tok->session_key.decrypted_key_size,
1647                                  dst_sg, 2);
1648         if (rc < 1 || rc > 2) {
1649                 printk(KERN_ERR "Internal error whilst attempting to convert "
1650                         "auth_tok->session_key.decrypted_key to scatterlist; "
1651                         "expected rc = 1; got rc = [%d]\n", rc);
1652                 goto out;
1653         }
1654         mutex_lock(tfm_mutex);
1655         rc = crypto_blkcipher_setkey(
1656                 desc.tfm, auth_tok->token.password.session_key_encryption_key,
1657                 crypt_stat->key_size);
1658         if (unlikely(rc < 0)) {
1659                 mutex_unlock(tfm_mutex);
1660                 printk(KERN_ERR "Error setting key for crypto context\n");
1661                 rc = -EINVAL;
1662                 goto out;
1663         }
1664         rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1665                                       auth_tok->session_key.encrypted_key_size);
1666         mutex_unlock(tfm_mutex);
1667         if (unlikely(rc)) {
1668                 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1669                 goto out;
1670         }
1671         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1672         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1673                auth_tok->session_key.decrypted_key_size);
1674         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1675         if (unlikely(ecryptfs_verbosity > 0)) {
1676                 ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1677                                 crypt_stat->key_size);
1678                 ecryptfs_dump_hex(crypt_stat->key,
1679                                   crypt_stat->key_size);
1680         }
1681 out:
1682         return rc;
1683 }
1684
1685 /**
1686  * ecryptfs_parse_packet_set
1687  * @crypt_stat: The cryptographic context
1688  * @src: Virtual address of region of memory containing the packets
1689  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1690  *
1691  * Get crypt_stat to have the file's session key if the requisite key
1692  * is available to decrypt the session key.
1693  *
1694  * Returns Zero if a valid authentication token was retrieved and
1695  * processed; negative value for file not encrypted or for error
1696  * conditions.
1697  */
1698 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1699                               unsigned char *src,
1700                               struct dentry *ecryptfs_dentry)
1701 {
1702         size_t i = 0;
1703         size_t found_auth_tok;
1704         size_t next_packet_is_auth_tok_packet;
1705         struct list_head auth_tok_list;
1706         struct ecryptfs_auth_tok *matching_auth_tok;
1707         struct ecryptfs_auth_tok *candidate_auth_tok;
1708         char *candidate_auth_tok_sig;
1709         size_t packet_size;
1710         struct ecryptfs_auth_tok *new_auth_tok;
1711         unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1712         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1713         size_t tag_11_contents_size;
1714         size_t tag_11_packet_size;
1715         struct key *auth_tok_key = NULL;
1716         int rc = 0;
1717
1718         INIT_LIST_HEAD(&auth_tok_list);
1719         /* Parse the header to find as many packets as we can; these will be
1720          * added the our &auth_tok_list */
1721         next_packet_is_auth_tok_packet = 1;
1722         while (next_packet_is_auth_tok_packet) {
1723                 size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1724
1725                 switch (src[i]) {
1726                 case ECRYPTFS_TAG_3_PACKET_TYPE:
1727                         rc = parse_tag_3_packet(crypt_stat,
1728                                                 (unsigned char *)&src[i],
1729                                                 &auth_tok_list, &new_auth_tok,
1730                                                 &packet_size, max_packet_size);
1731                         if (rc) {
1732                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1733                                                 "tag 3 packet\n");
1734                                 rc = -EIO;
1735                                 goto out_wipe_list;
1736                         }
1737                         i += packet_size;
1738                         rc = parse_tag_11_packet((unsigned char *)&src[i],
1739                                                  sig_tmp_space,
1740                                                  ECRYPTFS_SIG_SIZE,
1741                                                  &tag_11_contents_size,
1742                                                  &tag_11_packet_size,
1743                                                  max_packet_size);
1744                         if (rc) {
1745                                 ecryptfs_printk(KERN_ERR, "No valid "
1746                                                 "(ecryptfs-specific) literal "
1747                                                 "packet containing "
1748                                                 "authentication token "
1749                                                 "signature found after "
1750                                                 "tag 3 packet\n");
1751                                 rc = -EIO;
1752                                 goto out_wipe_list;
1753                         }
1754                         i += tag_11_packet_size;
1755                         if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1756                                 ecryptfs_printk(KERN_ERR, "Expected "
1757                                                 "signature of size [%d]; "
1758                                                 "read size [%zd]\n",
1759                                                 ECRYPTFS_SIG_SIZE,
1760                                                 tag_11_contents_size);
1761                                 rc = -EIO;
1762                                 goto out_wipe_list;
1763                         }
1764                         ecryptfs_to_hex(new_auth_tok->token.password.signature,
1765                                         sig_tmp_space, tag_11_contents_size);
1766                         new_auth_tok->token.password.signature[
1767                                 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1768                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1769                         break;
1770                 case ECRYPTFS_TAG_1_PACKET_TYPE:
1771                         rc = parse_tag_1_packet(crypt_stat,
1772                                                 (unsigned char *)&src[i],
1773                                                 &auth_tok_list, &new_auth_tok,
1774                                                 &packet_size, max_packet_size);
1775                         if (rc) {
1776                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1777                                                 "tag 1 packet\n");
1778                                 rc = -EIO;
1779                                 goto out_wipe_list;
1780                         }
1781                         i += packet_size;
1782                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1783                         break;
1784                 case ECRYPTFS_TAG_11_PACKET_TYPE:
1785                         ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1786                                         "(Tag 11 not allowed by itself)\n");
1787                         rc = -EIO;
1788                         goto out_wipe_list;
1789                         break;
1790                 default:
1791                         ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1792                                         "of the file header; hex value of "
1793                                         "character is [0x%.2x]\n", i, src[i]);
1794                         next_packet_is_auth_tok_packet = 0;
1795                 }
1796         }
1797         if (list_empty(&auth_tok_list)) {
1798                 printk(KERN_ERR "The lower file appears to be a non-encrypted "
1799                        "eCryptfs file; this is not supported in this version "
1800                        "of the eCryptfs kernel module\n");
1801                 rc = -EINVAL;
1802                 goto out;
1803         }
1804         /* auth_tok_list contains the set of authentication tokens
1805          * parsed from the metadata. We need to find a matching
1806          * authentication token that has the secret component(s)
1807          * necessary to decrypt the EFEK in the auth_tok parsed from
1808          * the metadata. There may be several potential matches, but
1809          * just one will be sufficient to decrypt to get the FEK. */
1810 find_next_matching_auth_tok:
1811         found_auth_tok = 0;
1812         if (auth_tok_key) {
1813                 key_put(auth_tok_key);
1814                 auth_tok_key = NULL;
1815         }
1816         list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1817                 candidate_auth_tok = &auth_tok_list_item->auth_tok;
1818                 if (unlikely(ecryptfs_verbosity > 0)) {
1819                         ecryptfs_printk(KERN_DEBUG,
1820                                         "Considering cadidate auth tok:\n");
1821                         ecryptfs_dump_auth_tok(candidate_auth_tok);
1822                 }
1823                 rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1824                                                candidate_auth_tok);
1825                 if (rc) {
1826                         printk(KERN_ERR
1827                                "Unrecognized candidate auth tok type: [%d]\n",
1828                                candidate_auth_tok->token_type);
1829                         rc = -EINVAL;
1830                         goto out_wipe_list;
1831                 }
1832                 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1833                                                &matching_auth_tok,
1834                                                crypt_stat->mount_crypt_stat,
1835                                                candidate_auth_tok_sig);
1836                 if (!rc) {
1837                         found_auth_tok = 1;
1838                         goto found_matching_auth_tok;
1839                 }
1840         }
1841         if (!found_auth_tok) {
1842                 ecryptfs_printk(KERN_ERR, "Could not find a usable "
1843                                 "authentication token\n");
1844                 rc = -EIO;
1845                 goto out_wipe_list;
1846         }
1847 found_matching_auth_tok:
1848         if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1849                 memcpy(&(candidate_auth_tok->token.private_key),
1850                        &(matching_auth_tok->token.private_key),
1851                        sizeof(struct ecryptfs_private_key));
1852                 rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1853                                                        crypt_stat);
1854         } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1855                 memcpy(&(candidate_auth_tok->token.password),
1856                        &(matching_auth_tok->token.password),
1857                        sizeof(struct ecryptfs_password));
1858                 rc = decrypt_passphrase_encrypted_session_key(
1859                         candidate_auth_tok, crypt_stat);
1860         }
1861         if (rc) {
1862                 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1863
1864                 ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1865                                 "session key for authentication token with sig "
1866                                 "[%.*s]; rc = [%d]. Removing auth tok "
1867                                 "candidate from the list and searching for "
1868                                 "the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1869                                 candidate_auth_tok_sig, rc);
1870                 list_for_each_entry_safe(auth_tok_list_item,
1871                                          auth_tok_list_item_tmp,
1872                                          &auth_tok_list, list) {
1873                         if (candidate_auth_tok
1874                             == &auth_tok_list_item->auth_tok) {
1875                                 list_del(&auth_tok_list_item->list);
1876                                 kmem_cache_free(
1877                                         ecryptfs_auth_tok_list_item_cache,
1878                                         auth_tok_list_item);
1879                                 goto find_next_matching_auth_tok;
1880                         }
1881                 }
1882                 BUG();
1883         }
1884         rc = ecryptfs_compute_root_iv(crypt_stat);
1885         if (rc) {
1886                 ecryptfs_printk(KERN_ERR, "Error computing "
1887                                 "the root IV\n");
1888                 goto out_wipe_list;
1889         }
1890         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1891         if (rc) {
1892                 ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1893                                 "context for cipher [%s]; rc = [%d]\n",
1894                                 crypt_stat->cipher, rc);
1895         }
1896 out_wipe_list:
1897         wipe_auth_tok_list(&auth_tok_list);
1898 out:
1899         if (auth_tok_key)
1900                 key_put(auth_tok_key);
1901         return rc;
1902 }
1903
1904 static int
1905 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1906                         struct ecryptfs_crypt_stat *crypt_stat,
1907                         struct ecryptfs_key_record *key_rec)
1908 {
1909         struct ecryptfs_msg_ctx *msg_ctx = NULL;
1910         char *payload = NULL;
1911         size_t payload_len;
1912         struct ecryptfs_message *msg;
1913         int rc;
1914
1915         rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1916                                  ecryptfs_code_for_cipher_string(
1917                                          crypt_stat->cipher,
1918                                          crypt_stat->key_size),
1919                                  crypt_stat, &payload, &payload_len);
1920         if (rc) {
1921                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1922                 goto out;
1923         }
1924         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1925         if (rc) {
1926                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1927                                 "ecryptfsd\n");
1928                 goto out;
1929         }
1930         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1931         if (rc) {
1932                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1933                                 "from the user space daemon\n");
1934                 rc = -EIO;
1935                 goto out;
1936         }
1937         rc = parse_tag_67_packet(key_rec, msg);
1938         if (rc)
1939                 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1940         kfree(msg);
1941 out:
1942         kfree(payload);
1943         return rc;
1944 }
1945 /**
1946  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1947  * @dest: Buffer into which to write the packet
1948  * @remaining_bytes: Maximum number of bytes that can be writtn
1949  * @auth_tok: The authentication token used for generating the tag 1 packet
1950  * @crypt_stat: The cryptographic context
1951  * @key_rec: The key record struct for the tag 1 packet
1952  * @packet_size: This function will write the number of bytes that end
1953  *               up constituting the packet; set to zero on error
1954  *
1955  * Returns zero on success; non-zero on error.
1956  */
1957 static int
1958 write_tag_1_packet(char *dest, size_t *remaining_bytes,
1959                    struct ecryptfs_auth_tok *auth_tok,
1960                    struct ecryptfs_crypt_stat *crypt_stat,
1961                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
1962 {
1963         size_t i;
1964         size_t encrypted_session_key_valid = 0;
1965         size_t packet_size_length;
1966         size_t max_packet_size;
1967         int rc = 0;
1968
1969         (*packet_size) = 0;
1970         ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
1971                           ECRYPTFS_SIG_SIZE);
1972         encrypted_session_key_valid = 0;
1973         for (i = 0; i < crypt_stat->key_size; i++)
1974                 encrypted_session_key_valid |=
1975                         auth_tok->session_key.encrypted_key[i];
1976         if (encrypted_session_key_valid) {
1977                 memcpy(key_rec->enc_key,
1978                        auth_tok->session_key.encrypted_key,
1979                        auth_tok->session_key.encrypted_key_size);
1980                 goto encrypted_session_key_set;
1981         }
1982         if (auth_tok->session_key.encrypted_key_size == 0)
1983                 auth_tok->session_key.encrypted_key_size =
1984                         auth_tok->token.private_key.key_size;
1985         rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
1986         if (rc) {
1987                 printk(KERN_ERR "Failed to encrypt session key via a key "
1988                        "module; rc = [%d]\n", rc);
1989                 goto out;
1990         }
1991         if (ecryptfs_verbosity > 0) {
1992                 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
1993                 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
1994         }
1995 encrypted_session_key_set:
1996         /* This format is inspired by OpenPGP; see RFC 2440
1997          * packet tag 1 */
1998         max_packet_size = (1                         /* Tag 1 identifier */
1999                            + 3                       /* Max Tag 1 packet size */
2000                            + 1                       /* Version */
2001                            + ECRYPTFS_SIG_SIZE       /* Key identifier */
2002                            + 1                       /* Cipher identifier */
2003                            + key_rec->enc_key_size); /* Encrypted key size */
2004         if (max_packet_size > (*remaining_bytes)) {
2005                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2006                        "need up to [%td] bytes, but there are only [%td] "
2007                        "available\n", max_packet_size, (*remaining_bytes));
2008                 rc = -EINVAL;
2009                 goto out;
2010         }
2011         dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
2012         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2013                                           (max_packet_size - 4),
2014                                           &packet_size_length);
2015         if (rc) {
2016                 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
2017                                 "header; cannot generate packet length\n");
2018                 goto out;
2019         }
2020         (*packet_size) += packet_size_length;
2021         dest[(*packet_size)++] = 0x03; /* version 3 */
2022         memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
2023         (*packet_size) += ECRYPTFS_SIG_SIZE;
2024         dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
2025         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2026                key_rec->enc_key_size);
2027         (*packet_size) += key_rec->enc_key_size;
2028 out:
2029         if (rc)
2030                 (*packet_size) = 0;
2031         else
2032                 (*remaining_bytes) -= (*packet_size);
2033         return rc;
2034 }
2035
2036 /**
2037  * write_tag_11_packet
2038  * @dest: Target into which Tag 11 packet is to be written
2039  * @remaining_bytes: Maximum packet length
2040  * @contents: Byte array of contents to copy in
2041  * @contents_length: Number of bytes in contents
2042  * @packet_length: Length of the Tag 11 packet written; zero on error
2043  *
2044  * Returns zero on success; non-zero on error.
2045  */
2046 static int
2047 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
2048                     size_t contents_length, size_t *packet_length)
2049 {
2050         size_t packet_size_length;
2051         size_t max_packet_size;
2052         int rc = 0;
2053
2054         (*packet_length) = 0;
2055         /* This format is inspired by OpenPGP; see RFC 2440
2056          * packet tag 11 */
2057         max_packet_size = (1                   /* Tag 11 identifier */
2058                            + 3                 /* Max Tag 11 packet size */
2059                            + 1                 /* Binary format specifier */
2060                            + 1                 /* Filename length */
2061                            + 8                 /* Filename ("_CONSOLE") */
2062                            + 4                 /* Modification date */
2063                            + contents_length); /* Literal data */
2064         if (max_packet_size > (*remaining_bytes)) {
2065                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2066                        "need up to [%td] bytes, but there are only [%td] "
2067                        "available\n", max_packet_size, (*remaining_bytes));
2068                 rc = -EINVAL;
2069                 goto out;
2070         }
2071         dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2072         rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2073                                           (max_packet_size - 4),
2074                                           &packet_size_length);
2075         if (rc) {
2076                 printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2077                        "generate packet length. rc = [%d]\n", rc);
2078                 goto out;
2079         }
2080         (*packet_length) += packet_size_length;
2081         dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2082         dest[(*packet_length)++] = 8;
2083         memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2084         (*packet_length) += 8;
2085         memset(&dest[(*packet_length)], 0x00, 4);
2086         (*packet_length) += 4;
2087         memcpy(&dest[(*packet_length)], contents, contents_length);
2088         (*packet_length) += contents_length;
2089  out:
2090         if (rc)
2091                 (*packet_length) = 0;
2092         else
2093                 (*remaining_bytes) -= (*packet_length);
2094         return rc;
2095 }
2096
2097 /**
2098  * write_tag_3_packet
2099  * @dest: Buffer into which to write the packet
2100  * @remaining_bytes: Maximum number of bytes that can be written
2101  * @auth_tok: Authentication token
2102  * @crypt_stat: The cryptographic context
2103  * @key_rec: encrypted key
2104  * @packet_size: This function will write the number of bytes that end
2105  *               up constituting the packet; set to zero on error
2106  *
2107  * Returns zero on success; non-zero on error.
2108  */
2109 static int
2110 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2111                    struct ecryptfs_auth_tok *auth_tok,
2112                    struct ecryptfs_crypt_stat *crypt_stat,
2113                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
2114 {
2115         size_t i;
2116         size_t encrypted_session_key_valid = 0;
2117         char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2118         struct scatterlist dst_sg[2];
2119         struct scatterlist src_sg[2];
2120         struct mutex *tfm_mutex = NULL;
2121         u8 cipher_code;
2122         size_t packet_size_length;
2123         size_t max_packet_size;
2124         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2125                 crypt_stat->mount_crypt_stat;
2126         struct blkcipher_desc desc = {
2127                 .tfm = NULL,
2128                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
2129         };
2130         int rc = 0;
2131
2132         (*packet_size) = 0;
2133         ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2134                           ECRYPTFS_SIG_SIZE);
2135         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2136                                                         crypt_stat->cipher);
2137         if (unlikely(rc)) {
2138                 printk(KERN_ERR "Internal error whilst attempting to get "
2139                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2140                        crypt_stat->cipher, rc);
2141                 goto out;
2142         }
2143         if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2144                 struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2145
2146                 printk(KERN_WARNING "No key size specified at mount; "
2147                        "defaulting to [%d]\n", alg->max_keysize);
2148                 mount_crypt_stat->global_default_cipher_key_size =
2149                         alg->max_keysize;
2150         }
2151         if (crypt_stat->key_size == 0)
2152                 crypt_stat->key_size =
2153                         mount_crypt_stat->global_default_cipher_key_size;
2154         if (auth_tok->session_key.encrypted_key_size == 0)
2155                 auth_tok->session_key.encrypted_key_size =
2156                         crypt_stat->key_size;
2157         if (crypt_stat->key_size == 24
2158             && strcmp("aes", crypt_stat->cipher) == 0) {
2159                 memset((crypt_stat->key + 24), 0, 8);
2160                 auth_tok->session_key.encrypted_key_size = 32;
2161         } else
2162                 auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2163         key_rec->enc_key_size =
2164                 auth_tok->session_key.encrypted_key_size;
2165         encrypted_session_key_valid = 0;
2166         for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2167                 encrypted_session_key_valid |=
2168                         auth_tok->session_key.encrypted_key[i];
2169         if (encrypted_session_key_valid) {
2170                 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2171                                 "using auth_tok->session_key.encrypted_key, "
2172                                 "where key_rec->enc_key_size = [%zd]\n",
2173                                 key_rec->enc_key_size);
2174                 memcpy(key_rec->enc_key,
2175                        auth_tok->session_key.encrypted_key,
2176                        key_rec->enc_key_size);
2177                 goto encrypted_session_key_set;
2178         }
2179         if (auth_tok->token.password.flags &
2180             ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2181                 ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2182                                 "session key encryption key of size [%d]\n",
2183                                 auth_tok->token.password.
2184                                 session_key_encryption_key_bytes);
2185                 memcpy(session_key_encryption_key,
2186                        auth_tok->token.password.session_key_encryption_key,
2187                        crypt_stat->key_size);
2188                 ecryptfs_printk(KERN_DEBUG,
2189                                 "Cached session key " "encryption key: \n");
2190                 if (ecryptfs_verbosity > 0)
2191                         ecryptfs_dump_hex(session_key_encryption_key, 16);
2192         }
2193         if (unlikely(ecryptfs_verbosity > 0)) {
2194                 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2195                 ecryptfs_dump_hex(session_key_encryption_key, 16);
2196         }
2197         rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2198                                  src_sg, 2);
2199         if (rc < 1 || rc > 2) {
2200                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2201                                 "for crypt_stat session key; expected rc = 1; "
2202                                 "got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2203                                 rc, key_rec->enc_key_size);
2204                 rc = -ENOMEM;
2205                 goto out;
2206         }
2207         rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2208                                  dst_sg, 2);
2209         if (rc < 1 || rc > 2) {
2210                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2211                                 "for crypt_stat encrypted session key; "
2212                                 "expected rc = 1; got rc = [%d]. "
2213                                 "key_rec->enc_key_size = [%zd]\n", rc,
2214                                 key_rec->enc_key_size);
2215                 rc = -ENOMEM;
2216                 goto out;
2217         }
2218         mutex_lock(tfm_mutex);
2219         rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
2220                                      crypt_stat->key_size);
2221         if (rc < 0) {
2222                 mutex_unlock(tfm_mutex);
2223                 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2224                                 "context; rc = [%d]\n", rc);
2225                 goto out;
2226         }
2227         rc = 0;
2228         ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2229                         crypt_stat->key_size);
2230         rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2231                                       (*key_rec).enc_key_size);
2232         mutex_unlock(tfm_mutex);
2233         if (rc) {
2234                 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2235                 goto out;
2236         }
2237         ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2238         if (ecryptfs_verbosity > 0) {
2239                 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2240                                 key_rec->enc_key_size);
2241                 ecryptfs_dump_hex(key_rec->enc_key,
2242                                   key_rec->enc_key_size);
2243         }
2244 encrypted_session_key_set:
2245         /* This format is inspired by OpenPGP; see RFC 2440
2246          * packet tag 3 */
2247         max_packet_size = (1                         /* Tag 3 identifier */
2248                            + 3                       /* Max Tag 3 packet size */
2249                            + 1                       /* Version */
2250                            + 1                       /* Cipher code */
2251                            + 1                       /* S2K specifier */
2252                            + 1                       /* Hash identifier */
2253                            + ECRYPTFS_SALT_SIZE      /* Salt */
2254                            + 1                       /* Hash iterations */
2255                            + key_rec->enc_key_size); /* Encrypted key size */
2256         if (max_packet_size > (*remaining_bytes)) {
2257                 printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2258                        "there are only [%td] available\n", max_packet_size,
2259                        (*remaining_bytes));
2260                 rc = -EINVAL;
2261                 goto out;
2262         }
2263         dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2264         /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2265          * to get the number of octets in the actual Tag 3 packet */
2266         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2267                                           (max_packet_size - 4),
2268                                           &packet_size_length);
2269         if (rc) {
2270                 printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2271                        "generate packet length. rc = [%d]\n", rc);
2272                 goto out;
2273         }
2274         (*packet_size) += packet_size_length;
2275         dest[(*packet_size)++] = 0x04; /* version 4 */
2276         /* TODO: Break from RFC2440 so that arbitrary ciphers can be
2277          * specified with strings */
2278         cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2279                                                       crypt_stat->key_size);
2280         if (cipher_code == 0) {
2281                 ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2282                                 "cipher [%s]\n", crypt_stat->cipher);
2283                 rc = -EINVAL;
2284                 goto out;
2285         }
2286         dest[(*packet_size)++] = cipher_code;
2287         dest[(*packet_size)++] = 0x03;  /* S2K */
2288         dest[(*packet_size)++] = 0x01;  /* MD5 (TODO: parameterize) */
2289         memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2290                ECRYPTFS_SALT_SIZE);
2291         (*packet_size) += ECRYPTFS_SALT_SIZE;   /* salt */
2292         dest[(*packet_size)++] = 0x60;  /* hash iterations (65536) */
2293         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2294                key_rec->enc_key_size);
2295         (*packet_size) += key_rec->enc_key_size;
2296 out:
2297         if (rc)
2298                 (*packet_size) = 0;
2299         else
2300                 (*remaining_bytes) -= (*packet_size);
2301         return rc;
2302 }
2303
2304 struct kmem_cache *ecryptfs_key_record_cache;
2305
2306 /**
2307  * ecryptfs_generate_key_packet_set
2308  * @dest_base: Virtual address from which to write the key record set
2309  * @crypt_stat: The cryptographic context from which the
2310  *              authentication tokens will be retrieved
2311  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2312  *                   for the global parameters
2313  * @len: The amount written
2314  * @max: The maximum amount of data allowed to be written
2315  *
2316  * Generates a key packet set and writes it to the virtual address
2317  * passed in.
2318  *
2319  * Returns zero on success; non-zero on error.
2320  */
2321 int
2322 ecryptfs_generate_key_packet_set(char *dest_base,
2323                                  struct ecryptfs_crypt_stat *crypt_stat,
2324                                  struct dentry *ecryptfs_dentry, size_t *len,
2325                                  size_t max)
2326 {
2327         struct ecryptfs_auth_tok *auth_tok;
2328         struct ecryptfs_global_auth_tok *global_auth_tok;
2329         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2330                 &ecryptfs_superblock_to_private(
2331                         ecryptfs_dentry->d_sb)->mount_crypt_stat;
2332         size_t written;
2333         struct ecryptfs_key_record *key_rec;
2334         struct ecryptfs_key_sig *key_sig;
2335         int rc = 0;
2336
2337         (*len) = 0;
2338         mutex_lock(&crypt_stat->keysig_list_mutex);
2339         key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2340         if (!key_rec) {
2341                 rc = -ENOMEM;
2342                 goto out;
2343         }
2344         list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2345                             crypt_stat_list) {
2346                 memset(key_rec, 0, sizeof(*key_rec));
2347                 rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
2348                                                            mount_crypt_stat,
2349                                                            key_sig->keysig);
2350                 if (rc) {
2351                         printk(KERN_ERR "Error attempting to get the global "
2352                                "auth_tok; rc = [%d]\n", rc);
2353                         goto out_free;
2354                 }
2355                 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2356                         printk(KERN_WARNING
2357                                "Skipping invalid auth tok with sig = [%s]\n",
2358                                global_auth_tok->sig);
2359                         continue;
2360                 }
2361                 auth_tok = global_auth_tok->global_auth_tok;
2362                 if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2363                         rc = write_tag_3_packet((dest_base + (*len)),
2364                                                 &max, auth_tok,
2365                                                 crypt_stat, key_rec,
2366                                                 &written);
2367                         if (rc) {
2368                                 ecryptfs_printk(KERN_WARNING, "Error "
2369                                                 "writing tag 3 packet\n");
2370                                 goto out_free;
2371                         }
2372                         (*len) += written;
2373                         /* Write auth tok signature packet */
2374                         rc = write_tag_11_packet((dest_base + (*len)), &max,
2375                                                  key_rec->sig,
2376                                                  ECRYPTFS_SIG_SIZE, &written);
2377                         if (rc) {
2378                                 ecryptfs_printk(KERN_ERR, "Error writing "
2379                                                 "auth tok signature packet\n");
2380                                 goto out_free;
2381                         }
2382                         (*len) += written;
2383                 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2384                         rc = write_tag_1_packet(dest_base + (*len),
2385                                                 &max, auth_tok,
2386                                                 crypt_stat, key_rec, &written);
2387                         if (rc) {
2388                                 ecryptfs_printk(KERN_WARNING, "Error "
2389                                                 "writing tag 1 packet\n");
2390                                 goto out_free;
2391                         }
2392                         (*len) += written;
2393                 } else {
2394                         ecryptfs_printk(KERN_WARNING, "Unsupported "
2395                                         "authentication token type\n");
2396                         rc = -EINVAL;
2397                         goto out_free;
2398                 }
2399         }
2400         if (likely(max > 0)) {
2401                 dest_base[(*len)] = 0x00;
2402         } else {
2403                 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2404                 rc = -EIO;
2405         }
2406 out_free:
2407         kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2408 out:
2409         if (rc)
2410                 (*len) = 0;
2411         mutex_unlock(&crypt_stat->keysig_list_mutex);
2412         return rc;
2413 }
2414
2415 struct kmem_cache *ecryptfs_key_sig_cache;
2416
2417 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2418 {
2419         struct ecryptfs_key_sig *new_key_sig;
2420
2421         new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2422         if (!new_key_sig) {
2423                 printk(KERN_ERR
2424                        "Error allocating from ecryptfs_key_sig_cache\n");
2425                 return -ENOMEM;
2426         }
2427         memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2428         /* Caller must hold keysig_list_mutex */
2429         list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2430
2431         return 0;
2432 }
2433
2434 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2435
2436 int
2437 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2438                              char *sig, u32 global_auth_tok_flags)
2439 {
2440         struct ecryptfs_global_auth_tok *new_auth_tok;
2441         int rc = 0;
2442
2443         new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2444                                         GFP_KERNEL);
2445         if (!new_auth_tok) {
2446                 rc = -ENOMEM;
2447                 printk(KERN_ERR "Error allocating from "
2448                        "ecryptfs_global_auth_tok_cache\n");
2449                 goto out;
2450         }
2451         memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2452         new_auth_tok->flags = global_auth_tok_flags;
2453         new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2454         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2455         list_add(&new_auth_tok->mount_crypt_stat_list,
2456                  &mount_crypt_stat->global_auth_tok_list);
2457         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2458 out:
2459         return rc;
2460 }
2461