Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
[linux-2.6] / fs / ecryptfs / keystore.c
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27
28 #include <linux/string.h>
29 #include <linux/syscalls.h>
30 #include <linux/pagemap.h>
31 #include <linux/key.h>
32 #include <linux/random.h>
33 #include <linux/crypto.h>
34 #include <linux/scatterlist.h>
35 #include "ecryptfs_kernel.h"
36
37 /**
38  * request_key returned an error instead of a valid key address;
39  * determine the type of error, make appropriate log entries, and
40  * return an error code.
41  */
42 static int process_request_key_err(long err_code)
43 {
44         int rc = 0;
45
46         switch (err_code) {
47         case -ENOKEY:
48                 ecryptfs_printk(KERN_WARNING, "No key\n");
49                 rc = -ENOENT;
50                 break;
51         case -EKEYEXPIRED:
52                 ecryptfs_printk(KERN_WARNING, "Key expired\n");
53                 rc = -ETIME;
54                 break;
55         case -EKEYREVOKED:
56                 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
57                 rc = -EINVAL;
58                 break;
59         default:
60                 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
61                                 "[0x%.16x]\n", err_code);
62                 rc = -EINVAL;
63         }
64         return rc;
65 }
66
67 /**
68  * ecryptfs_parse_packet_length
69  * @data: Pointer to memory containing length at offset
70  * @size: This function writes the decoded size to this memory
71  *        address; zero on error
72  * @length_size: The number of bytes occupied by the encoded length
73  *
74  * Returns zero on success; non-zero on error
75  */
76 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
77                                  size_t *length_size)
78 {
79         int rc = 0;
80
81         (*length_size) = 0;
82         (*size) = 0;
83         if (data[0] < 192) {
84                 /* One-byte length */
85                 (*size) = (unsigned char)data[0];
86                 (*length_size) = 1;
87         } else if (data[0] < 224) {
88                 /* Two-byte length */
89                 (*size) = (((unsigned char)(data[0]) - 192) * 256);
90                 (*size) += ((unsigned char)(data[1]) + 192);
91                 (*length_size) = 2;
92         } else if (data[0] == 255) {
93                 /* Five-byte length; we're not supposed to see this */
94                 ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
95                                 "supported\n");
96                 rc = -EINVAL;
97                 goto out;
98         } else {
99                 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
100                 rc = -EINVAL;
101                 goto out;
102         }
103 out:
104         return rc;
105 }
106
107 /**
108  * ecryptfs_write_packet_length
109  * @dest: The byte array target into which to write the length. Must
110  *        have at least 5 bytes allocated.
111  * @size: The length to write.
112  * @packet_size_length: The number of bytes used to encode the packet
113  *                      length is written to this address.
114  *
115  * Returns zero on success; non-zero on error.
116  */
117 int ecryptfs_write_packet_length(char *dest, size_t size,
118                                  size_t *packet_size_length)
119 {
120         int rc = 0;
121
122         if (size < 192) {
123                 dest[0] = size;
124                 (*packet_size_length) = 1;
125         } else if (size < 65536) {
126                 dest[0] = (((size - 192) / 256) + 192);
127                 dest[1] = ((size - 192) % 256);
128                 (*packet_size_length) = 2;
129         } else {
130                 rc = -EINVAL;
131                 ecryptfs_printk(KERN_WARNING,
132                                 "Unsupported packet size: [%d]\n", size);
133         }
134         return rc;
135 }
136
137 static int
138 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
139                     char **packet, size_t *packet_len)
140 {
141         size_t i = 0;
142         size_t data_len;
143         size_t packet_size_len;
144         char *message;
145         int rc;
146
147         /*
148          *              ***** TAG 64 Packet Format *****
149          *    | Content Type                       | 1 byte       |
150          *    | Key Identifier Size                | 1 or 2 bytes |
151          *    | Key Identifier                     | arbitrary    |
152          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
153          *    | Encrypted File Encryption Key      | arbitrary    |
154          */
155         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
156                     + session_key->encrypted_key_size);
157         *packet = kmalloc(data_len, GFP_KERNEL);
158         message = *packet;
159         if (!message) {
160                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
161                 rc = -ENOMEM;
162                 goto out;
163         }
164         message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
165         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
166                                           &packet_size_len);
167         if (rc) {
168                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
169                                 "header; cannot generate packet length\n");
170                 goto out;
171         }
172         i += packet_size_len;
173         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
174         i += ECRYPTFS_SIG_SIZE_HEX;
175         rc = ecryptfs_write_packet_length(&message[i],
176                                           session_key->encrypted_key_size,
177                                           &packet_size_len);
178         if (rc) {
179                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
180                                 "header; cannot generate packet length\n");
181                 goto out;
182         }
183         i += packet_size_len;
184         memcpy(&message[i], session_key->encrypted_key,
185                session_key->encrypted_key_size);
186         i += session_key->encrypted_key_size;
187         *packet_len = i;
188 out:
189         return rc;
190 }
191
192 static int
193 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
194                     struct ecryptfs_message *msg)
195 {
196         size_t i = 0;
197         char *data;
198         size_t data_len;
199         size_t m_size;
200         size_t message_len;
201         u16 checksum = 0;
202         u16 expected_checksum = 0;
203         int rc;
204
205         /*
206          *              ***** TAG 65 Packet Format *****
207          *         | Content Type             | 1 byte       |
208          *         | Status Indicator         | 1 byte       |
209          *         | File Encryption Key Size | 1 or 2 bytes |
210          *         | File Encryption Key      | arbitrary    |
211          */
212         message_len = msg->data_len;
213         data = msg->data;
214         if (message_len < 4) {
215                 rc = -EIO;
216                 goto out;
217         }
218         if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
219                 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
220                 rc = -EIO;
221                 goto out;
222         }
223         if (data[i++]) {
224                 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
225                                 "[%d]\n", data[i-1]);
226                 rc = -EIO;
227                 goto out;
228         }
229         rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
230         if (rc) {
231                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
232                                 "rc = [%d]\n", rc);
233                 goto out;
234         }
235         i += data_len;
236         if (message_len < (i + m_size)) {
237                 ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
238                                 "is shorter than expected\n");
239                 rc = -EIO;
240                 goto out;
241         }
242         if (m_size < 3) {
243                 ecryptfs_printk(KERN_ERR,
244                                 "The decrypted key is not long enough to "
245                                 "include a cipher code and checksum\n");
246                 rc = -EIO;
247                 goto out;
248         }
249         *cipher_code = data[i++];
250         /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
251         session_key->decrypted_key_size = m_size - 3;
252         if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
253                 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
254                                 "the maximum key size [%d]\n",
255                                 session_key->decrypted_key_size,
256                                 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
257                 rc = -EIO;
258                 goto out;
259         }
260         memcpy(session_key->decrypted_key, &data[i],
261                session_key->decrypted_key_size);
262         i += session_key->decrypted_key_size;
263         expected_checksum += (unsigned char)(data[i++]) << 8;
264         expected_checksum += (unsigned char)(data[i++]);
265         for (i = 0; i < session_key->decrypted_key_size; i++)
266                 checksum += session_key->decrypted_key[i];
267         if (expected_checksum != checksum) {
268                 ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
269                                 "encryption  key; expected [%x]; calculated "
270                                 "[%x]\n", expected_checksum, checksum);
271                 rc = -EIO;
272         }
273 out:
274         return rc;
275 }
276
277
278 static int
279 write_tag_66_packet(char *signature, u8 cipher_code,
280                     struct ecryptfs_crypt_stat *crypt_stat, char **packet,
281                     size_t *packet_len)
282 {
283         size_t i = 0;
284         size_t j;
285         size_t data_len;
286         size_t checksum = 0;
287         size_t packet_size_len;
288         char *message;
289         int rc;
290
291         /*
292          *              ***** TAG 66 Packet Format *****
293          *         | Content Type             | 1 byte       |
294          *         | Key Identifier Size      | 1 or 2 bytes |
295          *         | Key Identifier           | arbitrary    |
296          *         | File Encryption Key Size | 1 or 2 bytes |
297          *         | File Encryption Key      | arbitrary    |
298          */
299         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
300         *packet = kmalloc(data_len, GFP_KERNEL);
301         message = *packet;
302         if (!message) {
303                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
304                 rc = -ENOMEM;
305                 goto out;
306         }
307         message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
308         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
309                                           &packet_size_len);
310         if (rc) {
311                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
312                                 "header; cannot generate packet length\n");
313                 goto out;
314         }
315         i += packet_size_len;
316         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
317         i += ECRYPTFS_SIG_SIZE_HEX;
318         /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
319         rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
320                                           &packet_size_len);
321         if (rc) {
322                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
323                                 "header; cannot generate packet length\n");
324                 goto out;
325         }
326         i += packet_size_len;
327         message[i++] = cipher_code;
328         memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
329         i += crypt_stat->key_size;
330         for (j = 0; j < crypt_stat->key_size; j++)
331                 checksum += crypt_stat->key[j];
332         message[i++] = (checksum / 256) % 256;
333         message[i++] = (checksum % 256);
334         *packet_len = i;
335 out:
336         return rc;
337 }
338
339 static int
340 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
341                     struct ecryptfs_message *msg)
342 {
343         size_t i = 0;
344         char *data;
345         size_t data_len;
346         size_t message_len;
347         int rc;
348
349         /*
350          *              ***** TAG 65 Packet Format *****
351          *    | Content Type                       | 1 byte       |
352          *    | Status Indicator                   | 1 byte       |
353          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
354          *    | Encrypted File Encryption Key      | arbitrary    |
355          */
356         message_len = msg->data_len;
357         data = msg->data;
358         /* verify that everything through the encrypted FEK size is present */
359         if (message_len < 4) {
360                 rc = -EIO;
361                 printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
362                        "message length is [%d]\n", __func__, message_len, 4);
363                 goto out;
364         }
365         if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
366                 rc = -EIO;
367                 printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
368                        __func__);
369                 goto out;
370         }
371         if (data[i++]) {
372                 rc = -EIO;
373                 printk(KERN_ERR "%s: Status indicator has non zero "
374                        "value [%d]\n", __func__, data[i-1]);
375
376                 goto out;
377         }
378         rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
379                                           &data_len);
380         if (rc) {
381                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
382                                 "rc = [%d]\n", rc);
383                 goto out;
384         }
385         i += data_len;
386         if (message_len < (i + key_rec->enc_key_size)) {
387                 rc = -EIO;
388                 printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
389                        __func__, message_len, (i + key_rec->enc_key_size));
390                 goto out;
391         }
392         if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
393                 rc = -EIO;
394                 printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
395                        "the maximum key size [%d]\n", __func__,
396                        key_rec->enc_key_size,
397                        ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
398                 goto out;
399         }
400         memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
401 out:
402         return rc;
403 }
404
405 static int
406 ecryptfs_find_global_auth_tok_for_sig(
407         struct ecryptfs_global_auth_tok **global_auth_tok,
408         struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
409 {
410         struct ecryptfs_global_auth_tok *walker;
411         int rc = 0;
412
413         (*global_auth_tok) = NULL;
414         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
415         list_for_each_entry(walker,
416                             &mount_crypt_stat->global_auth_tok_list,
417                             mount_crypt_stat_list) {
418                 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
419                         (*global_auth_tok) = walker;
420                         goto out;
421                 }
422         }
423         rc = -EINVAL;
424 out:
425         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
426         return rc;
427 }
428
429 /**
430  * ecryptfs_find_auth_tok_for_sig
431  * @auth_tok: Set to the matching auth_tok; NULL if not found
432  * @crypt_stat: inode crypt_stat crypto context
433  * @sig: Sig of auth_tok to find
434  *
435  * For now, this function simply looks at the registered auth_tok's
436  * linked off the mount_crypt_stat, so all the auth_toks that can be
437  * used must be registered at mount time. This function could
438  * potentially try a lot harder to find auth_tok's (e.g., by calling
439  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
440  * that static registration of auth_tok's will no longer be necessary.
441  *
442  * Returns zero on no error; non-zero on error
443  */
444 static int
445 ecryptfs_find_auth_tok_for_sig(
446         struct ecryptfs_auth_tok **auth_tok,
447         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
448         char *sig)
449 {
450         struct ecryptfs_global_auth_tok *global_auth_tok;
451         int rc = 0;
452
453         (*auth_tok) = NULL;
454         if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
455                                                   mount_crypt_stat, sig)) {
456                 struct key *auth_tok_key;
457
458                 rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok,
459                                                        sig);
460         } else
461                 (*auth_tok) = global_auth_tok->global_auth_tok;
462         return rc;
463 }
464
465 /**
466  * write_tag_70_packet can gobble a lot of stack space. We stuff most
467  * of the function's parameters in a kmalloc'd struct to help reduce
468  * eCryptfs' overall stack usage.
469  */
470 struct ecryptfs_write_tag_70_packet_silly_stack {
471         u8 cipher_code;
472         size_t max_packet_size;
473         size_t packet_size_len;
474         size_t block_aligned_filename_size;
475         size_t block_size;
476         size_t i;
477         size_t j;
478         size_t num_rand_bytes;
479         struct mutex *tfm_mutex;
480         char *block_aligned_filename;
481         struct ecryptfs_auth_tok *auth_tok;
482         struct scatterlist src_sg;
483         struct scatterlist dst_sg;
484         struct blkcipher_desc desc;
485         char iv[ECRYPTFS_MAX_IV_BYTES];
486         char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
487         char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
488         struct hash_desc hash_desc;
489         struct scatterlist hash_sg;
490 };
491
492 /**
493  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
494  * @filename: NULL-terminated filename string
495  *
496  * This is the simplest mechanism for achieving filename encryption in
497  * eCryptfs. It encrypts the given filename with the mount-wide
498  * filename encryption key (FNEK) and stores it in a packet to @dest,
499  * which the callee will encode and write directly into the dentry
500  * name.
501  */
502 int
503 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
504                              size_t *packet_size,
505                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
506                              char *filename, size_t filename_size)
507 {
508         struct ecryptfs_write_tag_70_packet_silly_stack *s;
509         int rc = 0;
510
511         s = kmalloc(sizeof(*s), GFP_KERNEL);
512         if (!s) {
513                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
514                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
515                 goto out;
516         }
517         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
518         (*packet_size) = 0;
519         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
520                 &s->desc.tfm,
521                 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
522         if (unlikely(rc)) {
523                 printk(KERN_ERR "Internal error whilst attempting to get "
524                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
525                        mount_crypt_stat->global_default_fn_cipher_name, rc);
526                 goto out;
527         }
528         mutex_lock(s->tfm_mutex);
529         s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
530         /* Plus one for the \0 separator between the random prefix
531          * and the plaintext filename */
532         s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
533         s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
534         if ((s->block_aligned_filename_size % s->block_size) != 0) {
535                 s->num_rand_bytes += (s->block_size
536                                       - (s->block_aligned_filename_size
537                                          % s->block_size));
538                 s->block_aligned_filename_size = (s->num_rand_bytes
539                                                   + filename_size);
540         }
541         /* Octet 0: Tag 70 identifier
542          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
543          *              and block-aligned encrypted filename size)
544          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
545          * Octet N2-N3: Cipher identifier (1 octet)
546          * Octets N3-N4: Block-aligned encrypted filename
547          *  - Consists of a minimum number of random characters, a \0
548          *    separator, and then the filename */
549         s->max_packet_size = (1                   /* Tag 70 identifier */
550                               + 3                 /* Max Tag 70 packet size */
551                               + ECRYPTFS_SIG_SIZE /* FNEK sig */
552                               + 1                 /* Cipher identifier */
553                               + s->block_aligned_filename_size);
554         if (dest == NULL) {
555                 (*packet_size) = s->max_packet_size;
556                 goto out_unlock;
557         }
558         if (s->max_packet_size > (*remaining_bytes)) {
559                 printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
560                        "[%zd] available\n", __func__, s->max_packet_size,
561                        (*remaining_bytes));
562                 rc = -EINVAL;
563                 goto out_unlock;
564         }
565         s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
566                                             GFP_KERNEL);
567         if (!s->block_aligned_filename) {
568                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
569                        "kzalloc [%zd] bytes\n", __func__,
570                        s->block_aligned_filename_size);
571                 rc = -ENOMEM;
572                 goto out_unlock;
573         }
574         s->i = 0;
575         dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
576         rc = ecryptfs_write_packet_length(&dest[s->i],
577                                           (ECRYPTFS_SIG_SIZE
578                                            + 1 /* Cipher code */
579                                            + s->block_aligned_filename_size),
580                                           &s->packet_size_len);
581         if (rc) {
582                 printk(KERN_ERR "%s: Error generating tag 70 packet "
583                        "header; cannot generate packet length; rc = [%d]\n",
584                        __func__, rc);
585                 goto out_free_unlock;
586         }
587         s->i += s->packet_size_len;
588         ecryptfs_from_hex(&dest[s->i],
589                           mount_crypt_stat->global_default_fnek_sig,
590                           ECRYPTFS_SIG_SIZE);
591         s->i += ECRYPTFS_SIG_SIZE;
592         s->cipher_code = ecryptfs_code_for_cipher_string(
593                 mount_crypt_stat->global_default_fn_cipher_name,
594                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
595         if (s->cipher_code == 0) {
596                 printk(KERN_WARNING "%s: Unable to generate code for "
597                        "cipher [%s] with key bytes [%zd]\n", __func__,
598                        mount_crypt_stat->global_default_fn_cipher_name,
599                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
600                 rc = -EINVAL;
601                 goto out_free_unlock;
602         }
603         dest[s->i++] = s->cipher_code;
604         rc = ecryptfs_find_auth_tok_for_sig(
605                 &s->auth_tok, mount_crypt_stat,
606                 mount_crypt_stat->global_default_fnek_sig);
607         if (rc) {
608                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
609                        "fnek sig [%s]; rc = [%d]\n", __func__,
610                        mount_crypt_stat->global_default_fnek_sig, rc);
611                 goto out_free_unlock;
612         }
613         /* TODO: Support other key modules than passphrase for
614          * filename encryption */
615         BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
616         sg_init_one(
617                 &s->hash_sg,
618                 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
619                 s->auth_tok->token.password.session_key_encryption_key_bytes);
620         s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
621         s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
622                                              CRYPTO_ALG_ASYNC);
623         if (IS_ERR(s->hash_desc.tfm)) {
624                         rc = PTR_ERR(s->hash_desc.tfm);
625                         printk(KERN_ERR "%s: Error attempting to "
626                                "allocate hash crypto context; rc = [%d]\n",
627                                __func__, rc);
628                         goto out_free_unlock;
629         }
630         rc = crypto_hash_init(&s->hash_desc);
631         if (rc) {
632                 printk(KERN_ERR
633                        "%s: Error initializing crypto hash; rc = [%d]\n",
634                        __func__, rc);
635                 goto out_release_free_unlock;
636         }
637         rc = crypto_hash_update(
638                 &s->hash_desc, &s->hash_sg,
639                 s->auth_tok->token.password.session_key_encryption_key_bytes);
640         if (rc) {
641                 printk(KERN_ERR
642                        "%s: Error updating crypto hash; rc = [%d]\n",
643                        __func__, rc);
644                 goto out_release_free_unlock;
645         }
646         rc = crypto_hash_final(&s->hash_desc, s->hash);
647         if (rc) {
648                 printk(KERN_ERR
649                        "%s: Error finalizing crypto hash; rc = [%d]\n",
650                        __func__, rc);
651                 goto out_release_free_unlock;
652         }
653         for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
654                 s->block_aligned_filename[s->j] =
655                         s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
656                 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
657                     == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
658                         sg_init_one(&s->hash_sg, (u8 *)s->hash,
659                                     ECRYPTFS_TAG_70_DIGEST_SIZE);
660                         rc = crypto_hash_init(&s->hash_desc);
661                         if (rc) {
662                                 printk(KERN_ERR
663                                        "%s: Error initializing crypto hash; "
664                                        "rc = [%d]\n", __func__, rc);
665                                 goto out_release_free_unlock;
666                         }
667                         rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
668                                                 ECRYPTFS_TAG_70_DIGEST_SIZE);
669                         if (rc) {
670                                 printk(KERN_ERR
671                                        "%s: Error updating crypto hash; "
672                                        "rc = [%d]\n", __func__, rc);
673                                 goto out_release_free_unlock;
674                         }
675                         rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
676                         if (rc) {
677                                 printk(KERN_ERR
678                                        "%s: Error finalizing crypto hash; "
679                                        "rc = [%d]\n", __func__, rc);
680                                 goto out_release_free_unlock;
681                         }
682                         memcpy(s->hash, s->tmp_hash,
683                                ECRYPTFS_TAG_70_DIGEST_SIZE);
684                 }
685                 if (s->block_aligned_filename[s->j] == '\0')
686                         s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
687         }
688         memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
689                filename_size);
690         rc = virt_to_scatterlist(s->block_aligned_filename,
691                                  s->block_aligned_filename_size, &s->src_sg, 1);
692         if (rc != 1) {
693                 printk(KERN_ERR "%s: Internal error whilst attempting to "
694                        "convert filename memory to scatterlist; "
695                        "expected rc = 1; got rc = [%d]. "
696                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
697                        s->block_aligned_filename_size);
698                 goto out_release_free_unlock;
699         }
700         rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
701                                  &s->dst_sg, 1);
702         if (rc != 1) {
703                 printk(KERN_ERR "%s: Internal error whilst attempting to "
704                        "convert encrypted filename memory to scatterlist; "
705                        "expected rc = 1; got rc = [%d]. "
706                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
707                        s->block_aligned_filename_size);
708                 goto out_release_free_unlock;
709         }
710         /* The characters in the first block effectively do the job
711          * of the IV here, so we just use 0's for the IV. Note the
712          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
713          * >= ECRYPTFS_MAX_IV_BYTES. */
714         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
715         s->desc.info = s->iv;
716         rc = crypto_blkcipher_setkey(
717                 s->desc.tfm,
718                 s->auth_tok->token.password.session_key_encryption_key,
719                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
720         if (rc < 0) {
721                 printk(KERN_ERR "%s: Error setting key for crypto context; "
722                        "rc = [%d]. s->auth_tok->token.password.session_key_"
723                        "encryption_key = [0x%p]; mount_crypt_stat->"
724                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
725                        rc,
726                        s->auth_tok->token.password.session_key_encryption_key,
727                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
728                 goto out_release_free_unlock;
729         }
730         rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
731                                          s->block_aligned_filename_size);
732         if (rc) {
733                 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
734                        "rc = [%d]\n", __func__, rc);
735                 goto out_release_free_unlock;
736         }
737         s->i += s->block_aligned_filename_size;
738         (*packet_size) = s->i;
739         (*remaining_bytes) -= (*packet_size);
740 out_release_free_unlock:
741         crypto_free_hash(s->hash_desc.tfm);
742 out_free_unlock:
743         kzfree(s->block_aligned_filename);
744 out_unlock:
745         mutex_unlock(s->tfm_mutex);
746 out:
747         kfree(s);
748         return rc;
749 }
750
751 struct ecryptfs_parse_tag_70_packet_silly_stack {
752         u8 cipher_code;
753         size_t max_packet_size;
754         size_t packet_size_len;
755         size_t parsed_tag_70_packet_size;
756         size_t block_aligned_filename_size;
757         size_t block_size;
758         size_t i;
759         struct mutex *tfm_mutex;
760         char *decrypted_filename;
761         struct ecryptfs_auth_tok *auth_tok;
762         struct scatterlist src_sg;
763         struct scatterlist dst_sg;
764         struct blkcipher_desc desc;
765         char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
766         char iv[ECRYPTFS_MAX_IV_BYTES];
767         char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
768 };
769
770 /**
771  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
772  * @filename: This function kmalloc's the memory for the filename
773  * @filename_size: This function sets this to the amount of memory
774  *                 kmalloc'd for the filename
775  * @packet_size: This function sets this to the the number of octets
776  *               in the packet parsed
777  * @mount_crypt_stat: The mount-wide cryptographic context
778  * @data: The memory location containing the start of the tag 70
779  *        packet
780  * @max_packet_size: The maximum legal size of the packet to be parsed
781  *                   from @data
782  *
783  * Returns zero on success; non-zero otherwise
784  */
785 int
786 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
787                              size_t *packet_size,
788                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
789                              char *data, size_t max_packet_size)
790 {
791         struct ecryptfs_parse_tag_70_packet_silly_stack *s;
792         int rc = 0;
793
794         (*packet_size) = 0;
795         (*filename_size) = 0;
796         (*filename) = NULL;
797         s = kmalloc(sizeof(*s), GFP_KERNEL);
798         if (!s) {
799                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
800                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
801                 goto out;
802         }
803         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
804         if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
805                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
806                        "at least [%d]\n", __func__, max_packet_size,
807                         (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
808                 rc = -EINVAL;
809                 goto out;
810         }
811         /* Octet 0: Tag 70 identifier
812          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
813          *              and block-aligned encrypted filename size)
814          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
815          * Octet N2-N3: Cipher identifier (1 octet)
816          * Octets N3-N4: Block-aligned encrypted filename
817          *  - Consists of a minimum number of random numbers, a \0
818          *    separator, and then the filename */
819         if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
820                 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
821                        "tag [0x%.2x]\n", __func__,
822                        data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
823                 rc = -EINVAL;
824                 goto out;
825         }
826         rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
827                                           &s->parsed_tag_70_packet_size,
828                                           &s->packet_size_len);
829         if (rc) {
830                 printk(KERN_WARNING "%s: Error parsing packet length; "
831                        "rc = [%d]\n", __func__, rc);
832                 goto out;
833         }
834         s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
835                                           - ECRYPTFS_SIG_SIZE - 1);
836         if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
837             > max_packet_size) {
838                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
839                        "size is [%zd]\n", __func__, max_packet_size,
840                        (1 + s->packet_size_len + 1
841                         + s->block_aligned_filename_size));
842                 rc = -EINVAL;
843                 goto out;
844         }
845         (*packet_size) += s->packet_size_len;
846         ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
847                         ECRYPTFS_SIG_SIZE);
848         s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
849         (*packet_size) += ECRYPTFS_SIG_SIZE;
850         s->cipher_code = data[(*packet_size)++];
851         rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
852         if (rc) {
853                 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
854                        __func__, s->cipher_code);
855                 goto out;
856         }
857         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
858                                                         &s->tfm_mutex,
859                                                         s->cipher_string);
860         if (unlikely(rc)) {
861                 printk(KERN_ERR "Internal error whilst attempting to get "
862                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
863                        s->cipher_string, rc);
864                 goto out;
865         }
866         mutex_lock(s->tfm_mutex);
867         rc = virt_to_scatterlist(&data[(*packet_size)],
868                                  s->block_aligned_filename_size, &s->src_sg, 1);
869         if (rc != 1) {
870                 printk(KERN_ERR "%s: Internal error whilst attempting to "
871                        "convert encrypted filename memory to scatterlist; "
872                        "expected rc = 1; got rc = [%d]. "
873                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
874                        s->block_aligned_filename_size);
875                 goto out_unlock;
876         }
877         (*packet_size) += s->block_aligned_filename_size;
878         s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
879                                         GFP_KERNEL);
880         if (!s->decrypted_filename) {
881                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
882                        "kmalloc [%zd] bytes\n", __func__,
883                        s->block_aligned_filename_size);
884                 rc = -ENOMEM;
885                 goto out_unlock;
886         }
887         rc = virt_to_scatterlist(s->decrypted_filename,
888                                  s->block_aligned_filename_size, &s->dst_sg, 1);
889         if (rc != 1) {
890                 printk(KERN_ERR "%s: Internal error whilst attempting to "
891                        "convert decrypted filename memory to scatterlist; "
892                        "expected rc = 1; got rc = [%d]. "
893                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
894                        s->block_aligned_filename_size);
895                 goto out_free_unlock;
896         }
897         /* The characters in the first block effectively do the job of
898          * the IV here, so we just use 0's for the IV. Note the
899          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
900          * >= ECRYPTFS_MAX_IV_BYTES. */
901         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
902         s->desc.info = s->iv;
903         rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat,
904                                             s->fnek_sig_hex);
905         if (rc) {
906                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
907                        "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
908                        rc);
909                 goto out_free_unlock;
910         }
911         /* TODO: Support other key modules than passphrase for
912          * filename encryption */
913         BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
914         rc = crypto_blkcipher_setkey(
915                 s->desc.tfm,
916                 s->auth_tok->token.password.session_key_encryption_key,
917                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
918         if (rc < 0) {
919                 printk(KERN_ERR "%s: Error setting key for crypto context; "
920                        "rc = [%d]. s->auth_tok->token.password.session_key_"
921                        "encryption_key = [0x%p]; mount_crypt_stat->"
922                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
923                        rc,
924                        s->auth_tok->token.password.session_key_encryption_key,
925                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
926                 goto out_free_unlock;
927         }
928         rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
929                                          s->block_aligned_filename_size);
930         if (rc) {
931                 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
932                        "rc = [%d]\n", __func__, rc);
933                 goto out_free_unlock;
934         }
935         s->i = 0;
936         while (s->decrypted_filename[s->i] != '\0'
937                && s->i < s->block_aligned_filename_size)
938                 s->i++;
939         if (s->i == s->block_aligned_filename_size) {
940                 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
941                        "find valid separator between random characters and "
942                        "the filename\n", __func__);
943                 rc = -EINVAL;
944                 goto out_free_unlock;
945         }
946         s->i++;
947         (*filename_size) = (s->block_aligned_filename_size - s->i);
948         if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
949                 printk(KERN_WARNING "%s: Filename size is [%zd], which is "
950                        "invalid\n", __func__, (*filename_size));
951                 rc = -EINVAL;
952                 goto out_free_unlock;
953         }
954         (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
955         if (!(*filename)) {
956                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
957                        "kmalloc [%zd] bytes\n", __func__,
958                        ((*filename_size) + 1));
959                 rc = -ENOMEM;
960                 goto out_free_unlock;
961         }
962         memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
963         (*filename)[(*filename_size)] = '\0';
964 out_free_unlock:
965         kfree(s->decrypted_filename);
966 out_unlock:
967         mutex_unlock(s->tfm_mutex);
968 out:
969         if (rc) {
970                 (*packet_size) = 0;
971                 (*filename_size) = 0;
972                 (*filename) = NULL;
973         }
974         kfree(s);
975         return rc;
976 }
977
978 static int
979 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
980 {
981         int rc = 0;
982
983         (*sig) = NULL;
984         switch (auth_tok->token_type) {
985         case ECRYPTFS_PASSWORD:
986                 (*sig) = auth_tok->token.password.signature;
987                 break;
988         case ECRYPTFS_PRIVATE_KEY:
989                 (*sig) = auth_tok->token.private_key.signature;
990                 break;
991         default:
992                 printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
993                        auth_tok->token_type);
994                 rc = -EINVAL;
995         }
996         return rc;
997 }
998
999 /**
1000  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1001  * @auth_tok: The key authentication token used to decrypt the session key
1002  * @crypt_stat: The cryptographic context
1003  *
1004  * Returns zero on success; non-zero error otherwise.
1005  */
1006 static int
1007 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1008                                   struct ecryptfs_crypt_stat *crypt_stat)
1009 {
1010         u8 cipher_code = 0;
1011         struct ecryptfs_msg_ctx *msg_ctx;
1012         struct ecryptfs_message *msg = NULL;
1013         char *auth_tok_sig;
1014         char *payload;
1015         size_t payload_len;
1016         int rc;
1017
1018         rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1019         if (rc) {
1020                 printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1021                        auth_tok->token_type);
1022                 goto out;
1023         }
1024         rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1025                                  &payload, &payload_len);
1026         if (rc) {
1027                 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1028                 goto out;
1029         }
1030         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1031         if (rc) {
1032                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1033                                 "ecryptfsd\n");
1034                 goto out;
1035         }
1036         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1037         if (rc) {
1038                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1039                                 "from the user space daemon\n");
1040                 rc = -EIO;
1041                 goto out;
1042         }
1043         rc = parse_tag_65_packet(&(auth_tok->session_key),
1044                                  &cipher_code, msg);
1045         if (rc) {
1046                 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1047                        rc);
1048                 goto out;
1049         }
1050         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1051         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1052                auth_tok->session_key.decrypted_key_size);
1053         crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1054         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1055         if (rc) {
1056                 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1057                                 cipher_code)
1058                 goto out;
1059         }
1060         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1061         if (ecryptfs_verbosity > 0) {
1062                 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1063                 ecryptfs_dump_hex(crypt_stat->key,
1064                                   crypt_stat->key_size);
1065         }
1066 out:
1067         if (msg)
1068                 kfree(msg);
1069         return rc;
1070 }
1071
1072 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1073 {
1074         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1075         struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1076
1077         list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1078                                  auth_tok_list_head, list) {
1079                 list_del(&auth_tok_list_item->list);
1080                 kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1081                                 auth_tok_list_item);
1082         }
1083 }
1084
1085 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1086
1087 /**
1088  * parse_tag_1_packet
1089  * @crypt_stat: The cryptographic context to modify based on packet contents
1090  * @data: The raw bytes of the packet.
1091  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1092  *                 a new authentication token will be placed at the
1093  *                 end of this list for this packet.
1094  * @new_auth_tok: Pointer to a pointer to memory that this function
1095  *                allocates; sets the memory address of the pointer to
1096  *                NULL on error. This object is added to the
1097  *                auth_tok_list.
1098  * @packet_size: This function writes the size of the parsed packet
1099  *               into this memory location; zero on error.
1100  * @max_packet_size: The maximum allowable packet size
1101  *
1102  * Returns zero on success; non-zero on error.
1103  */
1104 static int
1105 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1106                    unsigned char *data, struct list_head *auth_tok_list,
1107                    struct ecryptfs_auth_tok **new_auth_tok,
1108                    size_t *packet_size, size_t max_packet_size)
1109 {
1110         size_t body_size;
1111         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1112         size_t length_size;
1113         int rc = 0;
1114
1115         (*packet_size) = 0;
1116         (*new_auth_tok) = NULL;
1117         /**
1118          * This format is inspired by OpenPGP; see RFC 2440
1119          * packet tag 1
1120          *
1121          * Tag 1 identifier (1 byte)
1122          * Max Tag 1 packet size (max 3 bytes)
1123          * Version (1 byte)
1124          * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1125          * Cipher identifier (1 byte)
1126          * Encrypted key size (arbitrary)
1127          *
1128          * 12 bytes minimum packet size
1129          */
1130         if (unlikely(max_packet_size < 12)) {
1131                 printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1132                 rc = -EINVAL;
1133                 goto out;
1134         }
1135         if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1136                 printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1137                        ECRYPTFS_TAG_1_PACKET_TYPE);
1138                 rc = -EINVAL;
1139                 goto out;
1140         }
1141         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1142          * at end of function upon failure */
1143         auth_tok_list_item =
1144                 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1145                                   GFP_KERNEL);
1146         if (!auth_tok_list_item) {
1147                 printk(KERN_ERR "Unable to allocate memory\n");
1148                 rc = -ENOMEM;
1149                 goto out;
1150         }
1151         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1152         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1153                                           &length_size);
1154         if (rc) {
1155                 printk(KERN_WARNING "Error parsing packet length; "
1156                        "rc = [%d]\n", rc);
1157                 goto out_free;
1158         }
1159         if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1160                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1161                 rc = -EINVAL;
1162                 goto out_free;
1163         }
1164         (*packet_size) += length_size;
1165         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1166                 printk(KERN_WARNING "Packet size exceeds max\n");
1167                 rc = -EINVAL;
1168                 goto out_free;
1169         }
1170         if (unlikely(data[(*packet_size)++] != 0x03)) {
1171                 printk(KERN_WARNING "Unknown version number [%d]\n",
1172                        data[(*packet_size) - 1]);
1173                 rc = -EINVAL;
1174                 goto out_free;
1175         }
1176         ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1177                         &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1178         *packet_size += ECRYPTFS_SIG_SIZE;
1179         /* This byte is skipped because the kernel does not need to
1180          * know which public key encryption algorithm was used */
1181         (*packet_size)++;
1182         (*new_auth_tok)->session_key.encrypted_key_size =
1183                 body_size - (ECRYPTFS_SIG_SIZE + 2);
1184         if ((*new_auth_tok)->session_key.encrypted_key_size
1185             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1186                 printk(KERN_WARNING "Tag 1 packet contains key larger "
1187                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1188                 rc = -EINVAL;
1189                 goto out;
1190         }
1191         memcpy((*new_auth_tok)->session_key.encrypted_key,
1192                &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1193         (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1194         (*new_auth_tok)->session_key.flags &=
1195                 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1196         (*new_auth_tok)->session_key.flags |=
1197                 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1198         (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1199         (*new_auth_tok)->flags = 0;
1200         (*new_auth_tok)->session_key.flags &=
1201                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1202         (*new_auth_tok)->session_key.flags &=
1203                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1204         list_add(&auth_tok_list_item->list, auth_tok_list);
1205         goto out;
1206 out_free:
1207         (*new_auth_tok) = NULL;
1208         memset(auth_tok_list_item, 0,
1209                sizeof(struct ecryptfs_auth_tok_list_item));
1210         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1211                         auth_tok_list_item);
1212 out:
1213         if (rc)
1214                 (*packet_size) = 0;
1215         return rc;
1216 }
1217
1218 /**
1219  * parse_tag_3_packet
1220  * @crypt_stat: The cryptographic context to modify based on packet
1221  *              contents.
1222  * @data: The raw bytes of the packet.
1223  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1224  *                 a new authentication token will be placed at the end
1225  *                 of this list for this packet.
1226  * @new_auth_tok: Pointer to a pointer to memory that this function
1227  *                allocates; sets the memory address of the pointer to
1228  *                NULL on error. This object is added to the
1229  *                auth_tok_list.
1230  * @packet_size: This function writes the size of the parsed packet
1231  *               into this memory location; zero on error.
1232  * @max_packet_size: maximum number of bytes to parse
1233  *
1234  * Returns zero on success; non-zero on error.
1235  */
1236 static int
1237 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1238                    unsigned char *data, struct list_head *auth_tok_list,
1239                    struct ecryptfs_auth_tok **new_auth_tok,
1240                    size_t *packet_size, size_t max_packet_size)
1241 {
1242         size_t body_size;
1243         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1244         size_t length_size;
1245         int rc = 0;
1246
1247         (*packet_size) = 0;
1248         (*new_auth_tok) = NULL;
1249         /**
1250          *This format is inspired by OpenPGP; see RFC 2440
1251          * packet tag 3
1252          *
1253          * Tag 3 identifier (1 byte)
1254          * Max Tag 3 packet size (max 3 bytes)
1255          * Version (1 byte)
1256          * Cipher code (1 byte)
1257          * S2K specifier (1 byte)
1258          * Hash identifier (1 byte)
1259          * Salt (ECRYPTFS_SALT_SIZE)
1260          * Hash iterations (1 byte)
1261          * Encrypted key (arbitrary)
1262          *
1263          * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1264          */
1265         if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1266                 printk(KERN_ERR "Max packet size too large\n");
1267                 rc = -EINVAL;
1268                 goto out;
1269         }
1270         if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1271                 printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1272                        ECRYPTFS_TAG_3_PACKET_TYPE);
1273                 rc = -EINVAL;
1274                 goto out;
1275         }
1276         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1277          * at end of function upon failure */
1278         auth_tok_list_item =
1279             kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1280         if (!auth_tok_list_item) {
1281                 printk(KERN_ERR "Unable to allocate memory\n");
1282                 rc = -ENOMEM;
1283                 goto out;
1284         }
1285         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1286         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1287                                           &length_size);
1288         if (rc) {
1289                 printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1290                        rc);
1291                 goto out_free;
1292         }
1293         if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1294                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1295                 rc = -EINVAL;
1296                 goto out_free;
1297         }
1298         (*packet_size) += length_size;
1299         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1300                 printk(KERN_ERR "Packet size exceeds max\n");
1301                 rc = -EINVAL;
1302                 goto out_free;
1303         }
1304         (*new_auth_tok)->session_key.encrypted_key_size =
1305                 (body_size - (ECRYPTFS_SALT_SIZE + 5));
1306         if (unlikely(data[(*packet_size)++] != 0x04)) {
1307                 printk(KERN_WARNING "Unknown version number [%d]\n",
1308                        data[(*packet_size) - 1]);
1309                 rc = -EINVAL;
1310                 goto out_free;
1311         }
1312         ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1313                                        (u16)data[(*packet_size)]);
1314         /* A little extra work to differentiate among the AES key
1315          * sizes; see RFC2440 */
1316         switch(data[(*packet_size)++]) {
1317         case RFC2440_CIPHER_AES_192:
1318                 crypt_stat->key_size = 24;
1319                 break;
1320         default:
1321                 crypt_stat->key_size =
1322                         (*new_auth_tok)->session_key.encrypted_key_size;
1323         }
1324         ecryptfs_init_crypt_ctx(crypt_stat);
1325         if (unlikely(data[(*packet_size)++] != 0x03)) {
1326                 printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1327                 rc = -ENOSYS;
1328                 goto out_free;
1329         }
1330         /* TODO: finish the hash mapping */
1331         switch (data[(*packet_size)++]) {
1332         case 0x01: /* See RFC2440 for these numbers and their mappings */
1333                 /* Choose MD5 */
1334                 memcpy((*new_auth_tok)->token.password.salt,
1335                        &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1336                 (*packet_size) += ECRYPTFS_SALT_SIZE;
1337                 /* This conversion was taken straight from RFC2440 */
1338                 (*new_auth_tok)->token.password.hash_iterations =
1339                         ((u32) 16 + (data[(*packet_size)] & 15))
1340                                 << ((data[(*packet_size)] >> 4) + 6);
1341                 (*packet_size)++;
1342                 /* Friendly reminder:
1343                  * (*new_auth_tok)->session_key.encrypted_key_size =
1344                  *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1345                 memcpy((*new_auth_tok)->session_key.encrypted_key,
1346                        &data[(*packet_size)],
1347                        (*new_auth_tok)->session_key.encrypted_key_size);
1348                 (*packet_size) +=
1349                         (*new_auth_tok)->session_key.encrypted_key_size;
1350                 (*new_auth_tok)->session_key.flags &=
1351                         ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1352                 (*new_auth_tok)->session_key.flags |=
1353                         ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1354                 (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1355                 break;
1356         default:
1357                 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1358                                 "[%d]\n", data[(*packet_size) - 1]);
1359                 rc = -ENOSYS;
1360                 goto out_free;
1361         }
1362         (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1363         /* TODO: Parametarize; we might actually want userspace to
1364          * decrypt the session key. */
1365         (*new_auth_tok)->session_key.flags &=
1366                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1367         (*new_auth_tok)->session_key.flags &=
1368                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1369         list_add(&auth_tok_list_item->list, auth_tok_list);
1370         goto out;
1371 out_free:
1372         (*new_auth_tok) = NULL;
1373         memset(auth_tok_list_item, 0,
1374                sizeof(struct ecryptfs_auth_tok_list_item));
1375         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1376                         auth_tok_list_item);
1377 out:
1378         if (rc)
1379                 (*packet_size) = 0;
1380         return rc;
1381 }
1382
1383 /**
1384  * parse_tag_11_packet
1385  * @data: The raw bytes of the packet
1386  * @contents: This function writes the data contents of the literal
1387  *            packet into this memory location
1388  * @max_contents_bytes: The maximum number of bytes that this function
1389  *                      is allowed to write into contents
1390  * @tag_11_contents_size: This function writes the size of the parsed
1391  *                        contents into this memory location; zero on
1392  *                        error
1393  * @packet_size: This function writes the size of the parsed packet
1394  *               into this memory location; zero on error
1395  * @max_packet_size: maximum number of bytes to parse
1396  *
1397  * Returns zero on success; non-zero on error.
1398  */
1399 static int
1400 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1401                     size_t max_contents_bytes, size_t *tag_11_contents_size,
1402                     size_t *packet_size, size_t max_packet_size)
1403 {
1404         size_t body_size;
1405         size_t length_size;
1406         int rc = 0;
1407
1408         (*packet_size) = 0;
1409         (*tag_11_contents_size) = 0;
1410         /* This format is inspired by OpenPGP; see RFC 2440
1411          * packet tag 11
1412          *
1413          * Tag 11 identifier (1 byte)
1414          * Max Tag 11 packet size (max 3 bytes)
1415          * Binary format specifier (1 byte)
1416          * Filename length (1 byte)
1417          * Filename ("_CONSOLE") (8 bytes)
1418          * Modification date (4 bytes)
1419          * Literal data (arbitrary)
1420          *
1421          * We need at least 16 bytes of data for the packet to even be
1422          * valid.
1423          */
1424         if (max_packet_size < 16) {
1425                 printk(KERN_ERR "Maximum packet size too small\n");
1426                 rc = -EINVAL;
1427                 goto out;
1428         }
1429         if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1430                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1431                 rc = -EINVAL;
1432                 goto out;
1433         }
1434         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1435                                           &length_size);
1436         if (rc) {
1437                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1438                 goto out;
1439         }
1440         if (body_size < 14) {
1441                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1442                 rc = -EINVAL;
1443                 goto out;
1444         }
1445         (*packet_size) += length_size;
1446         (*tag_11_contents_size) = (body_size - 14);
1447         if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1448                 printk(KERN_ERR "Packet size exceeds max\n");
1449                 rc = -EINVAL;
1450                 goto out;
1451         }
1452         if (data[(*packet_size)++] != 0x62) {
1453                 printk(KERN_WARNING "Unrecognizable packet\n");
1454                 rc = -EINVAL;
1455                 goto out;
1456         }
1457         if (data[(*packet_size)++] != 0x08) {
1458                 printk(KERN_WARNING "Unrecognizable packet\n");
1459                 rc = -EINVAL;
1460                 goto out;
1461         }
1462         (*packet_size) += 12; /* Ignore filename and modification date */
1463         memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1464         (*packet_size) += (*tag_11_contents_size);
1465 out:
1466         if (rc) {
1467                 (*packet_size) = 0;
1468                 (*tag_11_contents_size) = 0;
1469         }
1470         return rc;
1471 }
1472
1473 /**
1474  * ecryptfs_verify_version
1475  * @version: The version number to confirm
1476  *
1477  * Returns zero on good version; non-zero otherwise
1478  */
1479 static int ecryptfs_verify_version(u16 version)
1480 {
1481         int rc = 0;
1482         unsigned char major;
1483         unsigned char minor;
1484
1485         major = ((version >> 8) & 0xFF);
1486         minor = (version & 0xFF);
1487         if (major != ECRYPTFS_VERSION_MAJOR) {
1488                 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1489                                 "Expected [%d]; got [%d]\n",
1490                                 ECRYPTFS_VERSION_MAJOR, major);
1491                 rc = -EINVAL;
1492                 goto out;
1493         }
1494         if (minor != ECRYPTFS_VERSION_MINOR) {
1495                 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1496                                 "Expected [%d]; got [%d]\n",
1497                                 ECRYPTFS_VERSION_MINOR, minor);
1498                 rc = -EINVAL;
1499                 goto out;
1500         }
1501 out:
1502         return rc;
1503 }
1504
1505 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1506                                       struct ecryptfs_auth_tok **auth_tok,
1507                                       char *sig)
1508 {
1509         int rc = 0;
1510
1511         (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1512         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1513                 printk(KERN_ERR "Could not find key with description: [%s]\n",
1514                        sig);
1515                 rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1516                 goto out;
1517         }
1518         (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
1519         if (ecryptfs_verify_version((*auth_tok)->version)) {
1520                 printk(KERN_ERR
1521                        "Data structure version mismatch. "
1522                        "Userspace tools must match eCryptfs "
1523                        "kernel module with major version [%d] "
1524                        "and minor version [%d]\n",
1525                        ECRYPTFS_VERSION_MAJOR,
1526                        ECRYPTFS_VERSION_MINOR);
1527                 rc = -EINVAL;
1528                 goto out;
1529         }
1530         if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1531             && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1532                 printk(KERN_ERR "Invalid auth_tok structure "
1533                        "returned from key query\n");
1534                 rc = -EINVAL;
1535                 goto out;
1536         }
1537 out:
1538         return rc;
1539 }
1540
1541 /**
1542  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1543  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1544  * @crypt_stat: The cryptographic context
1545  *
1546  * Returns zero on success; non-zero error otherwise
1547  */
1548 static int
1549 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1550                                          struct ecryptfs_crypt_stat *crypt_stat)
1551 {
1552         struct scatterlist dst_sg[2];
1553         struct scatterlist src_sg[2];
1554         struct mutex *tfm_mutex;
1555         struct blkcipher_desc desc = {
1556                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
1557         };
1558         int rc = 0;
1559
1560         if (unlikely(ecryptfs_verbosity > 0)) {
1561                 ecryptfs_printk(
1562                         KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1563                         auth_tok->token.password.session_key_encryption_key_bytes);
1564                 ecryptfs_dump_hex(
1565                         auth_tok->token.password.session_key_encryption_key,
1566                         auth_tok->token.password.session_key_encryption_key_bytes);
1567         }
1568         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1569                                                         crypt_stat->cipher);
1570         if (unlikely(rc)) {
1571                 printk(KERN_ERR "Internal error whilst attempting to get "
1572                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1573                        crypt_stat->cipher, rc);
1574                 goto out;
1575         }
1576         rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1577                                  auth_tok->session_key.encrypted_key_size,
1578                                  src_sg, 2);
1579         if (rc < 1 || rc > 2) {
1580                 printk(KERN_ERR "Internal error whilst attempting to convert "
1581                         "auth_tok->session_key.encrypted_key to scatterlist; "
1582                         "expected rc = 1; got rc = [%d]. "
1583                        "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1584                         auth_tok->session_key.encrypted_key_size);
1585                 goto out;
1586         }
1587         auth_tok->session_key.decrypted_key_size =
1588                 auth_tok->session_key.encrypted_key_size;
1589         rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1590                                  auth_tok->session_key.decrypted_key_size,
1591                                  dst_sg, 2);
1592         if (rc < 1 || rc > 2) {
1593                 printk(KERN_ERR "Internal error whilst attempting to convert "
1594                         "auth_tok->session_key.decrypted_key to scatterlist; "
1595                         "expected rc = 1; got rc = [%d]\n", rc);
1596                 goto out;
1597         }
1598         mutex_lock(tfm_mutex);
1599         rc = crypto_blkcipher_setkey(
1600                 desc.tfm, auth_tok->token.password.session_key_encryption_key,
1601                 crypt_stat->key_size);
1602         if (unlikely(rc < 0)) {
1603                 mutex_unlock(tfm_mutex);
1604                 printk(KERN_ERR "Error setting key for crypto context\n");
1605                 rc = -EINVAL;
1606                 goto out;
1607         }
1608         rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1609                                       auth_tok->session_key.encrypted_key_size);
1610         mutex_unlock(tfm_mutex);
1611         if (unlikely(rc)) {
1612                 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1613                 goto out;
1614         }
1615         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1616         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1617                auth_tok->session_key.decrypted_key_size);
1618         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1619         if (unlikely(ecryptfs_verbosity > 0)) {
1620                 ecryptfs_printk(KERN_DEBUG, "FEK of size [%d]:\n",
1621                                 crypt_stat->key_size);
1622                 ecryptfs_dump_hex(crypt_stat->key,
1623                                   crypt_stat->key_size);
1624         }
1625 out:
1626         return rc;
1627 }
1628
1629 /**
1630  * ecryptfs_parse_packet_set
1631  * @crypt_stat: The cryptographic context
1632  * @src: Virtual address of region of memory containing the packets
1633  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1634  *
1635  * Get crypt_stat to have the file's session key if the requisite key
1636  * is available to decrypt the session key.
1637  *
1638  * Returns Zero if a valid authentication token was retrieved and
1639  * processed; negative value for file not encrypted or for error
1640  * conditions.
1641  */
1642 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1643                               unsigned char *src,
1644                               struct dentry *ecryptfs_dentry)
1645 {
1646         size_t i = 0;
1647         size_t found_auth_tok;
1648         size_t next_packet_is_auth_tok_packet;
1649         struct list_head auth_tok_list;
1650         struct ecryptfs_auth_tok *matching_auth_tok;
1651         struct ecryptfs_auth_tok *candidate_auth_tok;
1652         char *candidate_auth_tok_sig;
1653         size_t packet_size;
1654         struct ecryptfs_auth_tok *new_auth_tok;
1655         unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1656         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1657         size_t tag_11_contents_size;
1658         size_t tag_11_packet_size;
1659         int rc = 0;
1660
1661         INIT_LIST_HEAD(&auth_tok_list);
1662         /* Parse the header to find as many packets as we can; these will be
1663          * added the our &auth_tok_list */
1664         next_packet_is_auth_tok_packet = 1;
1665         while (next_packet_is_auth_tok_packet) {
1666                 size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1667
1668                 switch (src[i]) {
1669                 case ECRYPTFS_TAG_3_PACKET_TYPE:
1670                         rc = parse_tag_3_packet(crypt_stat,
1671                                                 (unsigned char *)&src[i],
1672                                                 &auth_tok_list, &new_auth_tok,
1673                                                 &packet_size, max_packet_size);
1674                         if (rc) {
1675                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1676                                                 "tag 3 packet\n");
1677                                 rc = -EIO;
1678                                 goto out_wipe_list;
1679                         }
1680                         i += packet_size;
1681                         rc = parse_tag_11_packet((unsigned char *)&src[i],
1682                                                  sig_tmp_space,
1683                                                  ECRYPTFS_SIG_SIZE,
1684                                                  &tag_11_contents_size,
1685                                                  &tag_11_packet_size,
1686                                                  max_packet_size);
1687                         if (rc) {
1688                                 ecryptfs_printk(KERN_ERR, "No valid "
1689                                                 "(ecryptfs-specific) literal "
1690                                                 "packet containing "
1691                                                 "authentication token "
1692                                                 "signature found after "
1693                                                 "tag 3 packet\n");
1694                                 rc = -EIO;
1695                                 goto out_wipe_list;
1696                         }
1697                         i += tag_11_packet_size;
1698                         if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1699                                 ecryptfs_printk(KERN_ERR, "Expected "
1700                                                 "signature of size [%d]; "
1701                                                 "read size [%d]\n",
1702                                                 ECRYPTFS_SIG_SIZE,
1703                                                 tag_11_contents_size);
1704                                 rc = -EIO;
1705                                 goto out_wipe_list;
1706                         }
1707                         ecryptfs_to_hex(new_auth_tok->token.password.signature,
1708                                         sig_tmp_space, tag_11_contents_size);
1709                         new_auth_tok->token.password.signature[
1710                                 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1711                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1712                         break;
1713                 case ECRYPTFS_TAG_1_PACKET_TYPE:
1714                         rc = parse_tag_1_packet(crypt_stat,
1715                                                 (unsigned char *)&src[i],
1716                                                 &auth_tok_list, &new_auth_tok,
1717                                                 &packet_size, max_packet_size);
1718                         if (rc) {
1719                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1720                                                 "tag 1 packet\n");
1721                                 rc = -EIO;
1722                                 goto out_wipe_list;
1723                         }
1724                         i += packet_size;
1725                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1726                         break;
1727                 case ECRYPTFS_TAG_11_PACKET_TYPE:
1728                         ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1729                                         "(Tag 11 not allowed by itself)\n");
1730                         rc = -EIO;
1731                         goto out_wipe_list;
1732                         break;
1733                 default:
1734                         ecryptfs_printk(KERN_DEBUG, "No packet at offset "
1735                                         "[%d] of the file header; hex value of "
1736                                         "character is [0x%.2x]\n", i, src[i]);
1737                         next_packet_is_auth_tok_packet = 0;
1738                 }
1739         }
1740         if (list_empty(&auth_tok_list)) {
1741                 printk(KERN_ERR "The lower file appears to be a non-encrypted "
1742                        "eCryptfs file; this is not supported in this version "
1743                        "of the eCryptfs kernel module\n");
1744                 rc = -EINVAL;
1745                 goto out;
1746         }
1747         /* auth_tok_list contains the set of authentication tokens
1748          * parsed from the metadata. We need to find a matching
1749          * authentication token that has the secret component(s)
1750          * necessary to decrypt the EFEK in the auth_tok parsed from
1751          * the metadata. There may be several potential matches, but
1752          * just one will be sufficient to decrypt to get the FEK. */
1753 find_next_matching_auth_tok:
1754         found_auth_tok = 0;
1755         list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1756                 candidate_auth_tok = &auth_tok_list_item->auth_tok;
1757                 if (unlikely(ecryptfs_verbosity > 0)) {
1758                         ecryptfs_printk(KERN_DEBUG,
1759                                         "Considering cadidate auth tok:\n");
1760                         ecryptfs_dump_auth_tok(candidate_auth_tok);
1761                 }
1762                 rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1763                                                candidate_auth_tok);
1764                 if (rc) {
1765                         printk(KERN_ERR
1766                                "Unrecognized candidate auth tok type: [%d]\n",
1767                                candidate_auth_tok->token_type);
1768                         rc = -EINVAL;
1769                         goto out_wipe_list;
1770                 }
1771                 ecryptfs_find_auth_tok_for_sig(&matching_auth_tok,
1772                                                crypt_stat->mount_crypt_stat,
1773                                                candidate_auth_tok_sig);
1774                 if (matching_auth_tok) {
1775                         found_auth_tok = 1;
1776                         goto found_matching_auth_tok;
1777                 }
1778         }
1779         if (!found_auth_tok) {
1780                 ecryptfs_printk(KERN_ERR, "Could not find a usable "
1781                                 "authentication token\n");
1782                 rc = -EIO;
1783                 goto out_wipe_list;
1784         }
1785 found_matching_auth_tok:
1786         if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1787                 memcpy(&(candidate_auth_tok->token.private_key),
1788                        &(matching_auth_tok->token.private_key),
1789                        sizeof(struct ecryptfs_private_key));
1790                 rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1791                                                        crypt_stat);
1792         } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1793                 memcpy(&(candidate_auth_tok->token.password),
1794                        &(matching_auth_tok->token.password),
1795                        sizeof(struct ecryptfs_password));
1796                 rc = decrypt_passphrase_encrypted_session_key(
1797                         candidate_auth_tok, crypt_stat);
1798         }
1799         if (rc) {
1800                 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1801
1802                 ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1803                                 "session key for authentication token with sig "
1804                                 "[%.*s]; rc = [%d]. Removing auth tok "
1805                                 "candidate from the list and searching for "
1806                                 "the next match.\n", candidate_auth_tok_sig,
1807                                 ECRYPTFS_SIG_SIZE_HEX, rc);
1808                 list_for_each_entry_safe(auth_tok_list_item,
1809                                          auth_tok_list_item_tmp,
1810                                          &auth_tok_list, list) {
1811                         if (candidate_auth_tok
1812                             == &auth_tok_list_item->auth_tok) {
1813                                 list_del(&auth_tok_list_item->list);
1814                                 kmem_cache_free(
1815                                         ecryptfs_auth_tok_list_item_cache,
1816                                         auth_tok_list_item);
1817                                 goto find_next_matching_auth_tok;
1818                         }
1819                 }
1820                 BUG();
1821         }
1822         rc = ecryptfs_compute_root_iv(crypt_stat);
1823         if (rc) {
1824                 ecryptfs_printk(KERN_ERR, "Error computing "
1825                                 "the root IV\n");
1826                 goto out_wipe_list;
1827         }
1828         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1829         if (rc) {
1830                 ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1831                                 "context for cipher [%s]; rc = [%d]\n",
1832                                 crypt_stat->cipher, rc);
1833         }
1834 out_wipe_list:
1835         wipe_auth_tok_list(&auth_tok_list);
1836 out:
1837         return rc;
1838 }
1839
1840 static int
1841 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1842                         struct ecryptfs_crypt_stat *crypt_stat,
1843                         struct ecryptfs_key_record *key_rec)
1844 {
1845         struct ecryptfs_msg_ctx *msg_ctx = NULL;
1846         char *payload = NULL;
1847         size_t payload_len;
1848         struct ecryptfs_message *msg;
1849         int rc;
1850
1851         rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1852                                  ecryptfs_code_for_cipher_string(
1853                                          crypt_stat->cipher,
1854                                          crypt_stat->key_size),
1855                                  crypt_stat, &payload, &payload_len);
1856         if (rc) {
1857                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1858                 goto out;
1859         }
1860         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1861         if (rc) {
1862                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1863                                 "ecryptfsd\n");
1864                 goto out;
1865         }
1866         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1867         if (rc) {
1868                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1869                                 "from the user space daemon\n");
1870                 rc = -EIO;
1871                 goto out;
1872         }
1873         rc = parse_tag_67_packet(key_rec, msg);
1874         if (rc)
1875                 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1876         kfree(msg);
1877 out:
1878         kfree(payload);
1879         return rc;
1880 }
1881 /**
1882  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1883  * @dest: Buffer into which to write the packet
1884  * @remaining_bytes: Maximum number of bytes that can be writtn
1885  * @auth_tok: The authentication token used for generating the tag 1 packet
1886  * @crypt_stat: The cryptographic context
1887  * @key_rec: The key record struct for the tag 1 packet
1888  * @packet_size: This function will write the number of bytes that end
1889  *               up constituting the packet; set to zero on error
1890  *
1891  * Returns zero on success; non-zero on error.
1892  */
1893 static int
1894 write_tag_1_packet(char *dest, size_t *remaining_bytes,
1895                    struct ecryptfs_auth_tok *auth_tok,
1896                    struct ecryptfs_crypt_stat *crypt_stat,
1897                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
1898 {
1899         size_t i;
1900         size_t encrypted_session_key_valid = 0;
1901         size_t packet_size_length;
1902         size_t max_packet_size;
1903         int rc = 0;
1904
1905         (*packet_size) = 0;
1906         ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
1907                           ECRYPTFS_SIG_SIZE);
1908         encrypted_session_key_valid = 0;
1909         for (i = 0; i < crypt_stat->key_size; i++)
1910                 encrypted_session_key_valid |=
1911                         auth_tok->session_key.encrypted_key[i];
1912         if (encrypted_session_key_valid) {
1913                 memcpy(key_rec->enc_key,
1914                        auth_tok->session_key.encrypted_key,
1915                        auth_tok->session_key.encrypted_key_size);
1916                 goto encrypted_session_key_set;
1917         }
1918         if (auth_tok->session_key.encrypted_key_size == 0)
1919                 auth_tok->session_key.encrypted_key_size =
1920                         auth_tok->token.private_key.key_size;
1921         rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
1922         if (rc) {
1923                 printk(KERN_ERR "Failed to encrypt session key via a key "
1924                        "module; rc = [%d]\n", rc);
1925                 goto out;
1926         }
1927         if (ecryptfs_verbosity > 0) {
1928                 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
1929                 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
1930         }
1931 encrypted_session_key_set:
1932         /* This format is inspired by OpenPGP; see RFC 2440
1933          * packet tag 1 */
1934         max_packet_size = (1                         /* Tag 1 identifier */
1935                            + 3                       /* Max Tag 1 packet size */
1936                            + 1                       /* Version */
1937                            + ECRYPTFS_SIG_SIZE       /* Key identifier */
1938                            + 1                       /* Cipher identifier */
1939                            + key_rec->enc_key_size); /* Encrypted key size */
1940         if (max_packet_size > (*remaining_bytes)) {
1941                 printk(KERN_ERR "Packet length larger than maximum allowable; "
1942                        "need up to [%td] bytes, but there are only [%td] "
1943                        "available\n", max_packet_size, (*remaining_bytes));
1944                 rc = -EINVAL;
1945                 goto out;
1946         }
1947         dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
1948         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
1949                                           (max_packet_size - 4),
1950                                           &packet_size_length);
1951         if (rc) {
1952                 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
1953                                 "header; cannot generate packet length\n");
1954                 goto out;
1955         }
1956         (*packet_size) += packet_size_length;
1957         dest[(*packet_size)++] = 0x03; /* version 3 */
1958         memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
1959         (*packet_size) += ECRYPTFS_SIG_SIZE;
1960         dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
1961         memcpy(&dest[(*packet_size)], key_rec->enc_key,
1962                key_rec->enc_key_size);
1963         (*packet_size) += key_rec->enc_key_size;
1964 out:
1965         if (rc)
1966                 (*packet_size) = 0;
1967         else
1968                 (*remaining_bytes) -= (*packet_size);
1969         return rc;
1970 }
1971
1972 /**
1973  * write_tag_11_packet
1974  * @dest: Target into which Tag 11 packet is to be written
1975  * @remaining_bytes: Maximum packet length
1976  * @contents: Byte array of contents to copy in
1977  * @contents_length: Number of bytes in contents
1978  * @packet_length: Length of the Tag 11 packet written; zero on error
1979  *
1980  * Returns zero on success; non-zero on error.
1981  */
1982 static int
1983 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
1984                     size_t contents_length, size_t *packet_length)
1985 {
1986         size_t packet_size_length;
1987         size_t max_packet_size;
1988         int rc = 0;
1989
1990         (*packet_length) = 0;
1991         /* This format is inspired by OpenPGP; see RFC 2440
1992          * packet tag 11 */
1993         max_packet_size = (1                   /* Tag 11 identifier */
1994                            + 3                 /* Max Tag 11 packet size */
1995                            + 1                 /* Binary format specifier */
1996                            + 1                 /* Filename length */
1997                            + 8                 /* Filename ("_CONSOLE") */
1998                            + 4                 /* Modification date */
1999                            + contents_length); /* Literal data */
2000         if (max_packet_size > (*remaining_bytes)) {
2001                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2002                        "need up to [%td] bytes, but there are only [%td] "
2003                        "available\n", max_packet_size, (*remaining_bytes));
2004                 rc = -EINVAL;
2005                 goto out;
2006         }
2007         dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2008         rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2009                                           (max_packet_size - 4),
2010                                           &packet_size_length);
2011         if (rc) {
2012                 printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2013                        "generate packet length. rc = [%d]\n", rc);
2014                 goto out;
2015         }
2016         (*packet_length) += packet_size_length;
2017         dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2018         dest[(*packet_length)++] = 8;
2019         memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2020         (*packet_length) += 8;
2021         memset(&dest[(*packet_length)], 0x00, 4);
2022         (*packet_length) += 4;
2023         memcpy(&dest[(*packet_length)], contents, contents_length);
2024         (*packet_length) += contents_length;
2025  out:
2026         if (rc)
2027                 (*packet_length) = 0;
2028         else
2029                 (*remaining_bytes) -= (*packet_length);
2030         return rc;
2031 }
2032
2033 /**
2034  * write_tag_3_packet
2035  * @dest: Buffer into which to write the packet
2036  * @remaining_bytes: Maximum number of bytes that can be written
2037  * @auth_tok: Authentication token
2038  * @crypt_stat: The cryptographic context
2039  * @key_rec: encrypted key
2040  * @packet_size: This function will write the number of bytes that end
2041  *               up constituting the packet; set to zero on error
2042  *
2043  * Returns zero on success; non-zero on error.
2044  */
2045 static int
2046 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2047                    struct ecryptfs_auth_tok *auth_tok,
2048                    struct ecryptfs_crypt_stat *crypt_stat,
2049                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
2050 {
2051         size_t i;
2052         size_t encrypted_session_key_valid = 0;
2053         char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2054         struct scatterlist dst_sg[2];
2055         struct scatterlist src_sg[2];
2056         struct mutex *tfm_mutex = NULL;
2057         u8 cipher_code;
2058         size_t packet_size_length;
2059         size_t max_packet_size;
2060         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2061                 crypt_stat->mount_crypt_stat;
2062         struct blkcipher_desc desc = {
2063                 .tfm = NULL,
2064                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
2065         };
2066         int rc = 0;
2067
2068         (*packet_size) = 0;
2069         ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2070                           ECRYPTFS_SIG_SIZE);
2071         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2072                                                         crypt_stat->cipher);
2073         if (unlikely(rc)) {
2074                 printk(KERN_ERR "Internal error whilst attempting to get "
2075                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2076                        crypt_stat->cipher, rc);
2077                 goto out;
2078         }
2079         if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2080                 struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2081
2082                 printk(KERN_WARNING "No key size specified at mount; "
2083                        "defaulting to [%d]\n", alg->max_keysize);
2084                 mount_crypt_stat->global_default_cipher_key_size =
2085                         alg->max_keysize;
2086         }
2087         if (crypt_stat->key_size == 0)
2088                 crypt_stat->key_size =
2089                         mount_crypt_stat->global_default_cipher_key_size;
2090         if (auth_tok->session_key.encrypted_key_size == 0)
2091                 auth_tok->session_key.encrypted_key_size =
2092                         crypt_stat->key_size;
2093         if (crypt_stat->key_size == 24
2094             && strcmp("aes", crypt_stat->cipher) == 0) {
2095                 memset((crypt_stat->key + 24), 0, 8);
2096                 auth_tok->session_key.encrypted_key_size = 32;
2097         } else
2098                 auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2099         key_rec->enc_key_size =
2100                 auth_tok->session_key.encrypted_key_size;
2101         encrypted_session_key_valid = 0;
2102         for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2103                 encrypted_session_key_valid |=
2104                         auth_tok->session_key.encrypted_key[i];
2105         if (encrypted_session_key_valid) {
2106                 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2107                                 "using auth_tok->session_key.encrypted_key, "
2108                                 "where key_rec->enc_key_size = [%d]\n",
2109                                 key_rec->enc_key_size);
2110                 memcpy(key_rec->enc_key,
2111                        auth_tok->session_key.encrypted_key,
2112                        key_rec->enc_key_size);
2113                 goto encrypted_session_key_set;
2114         }
2115         if (auth_tok->token.password.flags &
2116             ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2117                 ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2118                                 "session key encryption key of size [%d]\n",
2119                                 auth_tok->token.password.
2120                                 session_key_encryption_key_bytes);
2121                 memcpy(session_key_encryption_key,
2122                        auth_tok->token.password.session_key_encryption_key,
2123                        crypt_stat->key_size);
2124                 ecryptfs_printk(KERN_DEBUG,
2125                                 "Cached session key " "encryption key: \n");
2126                 if (ecryptfs_verbosity > 0)
2127                         ecryptfs_dump_hex(session_key_encryption_key, 16);
2128         }
2129         if (unlikely(ecryptfs_verbosity > 0)) {
2130                 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2131                 ecryptfs_dump_hex(session_key_encryption_key, 16);
2132         }
2133         rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2134                                  src_sg, 2);
2135         if (rc < 1 || rc > 2) {
2136                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2137                                 "for crypt_stat session key; expected rc = 1; "
2138                                 "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
2139                                 rc, key_rec->enc_key_size);
2140                 rc = -ENOMEM;
2141                 goto out;
2142         }
2143         rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2144                                  dst_sg, 2);
2145         if (rc < 1 || rc > 2) {
2146                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2147                                 "for crypt_stat encrypted session key; "
2148                                 "expected rc = 1; got rc = [%d]. "
2149                                 "key_rec->enc_key_size = [%d]\n", rc,
2150                                 key_rec->enc_key_size);
2151                 rc = -ENOMEM;
2152                 goto out;
2153         }
2154         mutex_lock(tfm_mutex);
2155         rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
2156                                      crypt_stat->key_size);
2157         if (rc < 0) {
2158                 mutex_unlock(tfm_mutex);
2159                 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2160                                 "context; rc = [%d]\n", rc);
2161                 goto out;
2162         }
2163         rc = 0;
2164         ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
2165                         crypt_stat->key_size);
2166         rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2167                                       (*key_rec).enc_key_size);
2168         mutex_unlock(tfm_mutex);
2169         if (rc) {
2170                 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2171                 goto out;
2172         }
2173         ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2174         if (ecryptfs_verbosity > 0) {
2175                 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%d]:\n",
2176                                 key_rec->enc_key_size);
2177                 ecryptfs_dump_hex(key_rec->enc_key,
2178                                   key_rec->enc_key_size);
2179         }
2180 encrypted_session_key_set:
2181         /* This format is inspired by OpenPGP; see RFC 2440
2182          * packet tag 3 */
2183         max_packet_size = (1                         /* Tag 3 identifier */
2184                            + 3                       /* Max Tag 3 packet size */
2185                            + 1                       /* Version */
2186                            + 1                       /* Cipher code */
2187                            + 1                       /* S2K specifier */
2188                            + 1                       /* Hash identifier */
2189                            + ECRYPTFS_SALT_SIZE      /* Salt */
2190                            + 1                       /* Hash iterations */
2191                            + key_rec->enc_key_size); /* Encrypted key size */
2192         if (max_packet_size > (*remaining_bytes)) {
2193                 printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2194                        "there are only [%td] available\n", max_packet_size,
2195                        (*remaining_bytes));
2196                 rc = -EINVAL;
2197                 goto out;
2198         }
2199         dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2200         /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2201          * to get the number of octets in the actual Tag 3 packet */
2202         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2203                                           (max_packet_size - 4),
2204                                           &packet_size_length);
2205         if (rc) {
2206                 printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2207                        "generate packet length. rc = [%d]\n", rc);
2208                 goto out;
2209         }
2210         (*packet_size) += packet_size_length;
2211         dest[(*packet_size)++] = 0x04; /* version 4 */
2212         /* TODO: Break from RFC2440 so that arbitrary ciphers can be
2213          * specified with strings */
2214         cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2215                                                       crypt_stat->key_size);
2216         if (cipher_code == 0) {
2217                 ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2218                                 "cipher [%s]\n", crypt_stat->cipher);
2219                 rc = -EINVAL;
2220                 goto out;
2221         }
2222         dest[(*packet_size)++] = cipher_code;
2223         dest[(*packet_size)++] = 0x03;  /* S2K */
2224         dest[(*packet_size)++] = 0x01;  /* MD5 (TODO: parameterize) */
2225         memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2226                ECRYPTFS_SALT_SIZE);
2227         (*packet_size) += ECRYPTFS_SALT_SIZE;   /* salt */
2228         dest[(*packet_size)++] = 0x60;  /* hash iterations (65536) */
2229         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2230                key_rec->enc_key_size);
2231         (*packet_size) += key_rec->enc_key_size;
2232 out:
2233         if (rc)
2234                 (*packet_size) = 0;
2235         else
2236                 (*remaining_bytes) -= (*packet_size);
2237         return rc;
2238 }
2239
2240 struct kmem_cache *ecryptfs_key_record_cache;
2241
2242 /**
2243  * ecryptfs_generate_key_packet_set
2244  * @dest_base: Virtual address from which to write the key record set
2245  * @crypt_stat: The cryptographic context from which the
2246  *              authentication tokens will be retrieved
2247  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2248  *                   for the global parameters
2249  * @len: The amount written
2250  * @max: The maximum amount of data allowed to be written
2251  *
2252  * Generates a key packet set and writes it to the virtual address
2253  * passed in.
2254  *
2255  * Returns zero on success; non-zero on error.
2256  */
2257 int
2258 ecryptfs_generate_key_packet_set(char *dest_base,
2259                                  struct ecryptfs_crypt_stat *crypt_stat,
2260                                  struct dentry *ecryptfs_dentry, size_t *len,
2261                                  size_t max)
2262 {
2263         struct ecryptfs_auth_tok *auth_tok;
2264         struct ecryptfs_global_auth_tok *global_auth_tok;
2265         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2266                 &ecryptfs_superblock_to_private(
2267                         ecryptfs_dentry->d_sb)->mount_crypt_stat;
2268         size_t written;
2269         struct ecryptfs_key_record *key_rec;
2270         struct ecryptfs_key_sig *key_sig;
2271         int rc = 0;
2272
2273         (*len) = 0;
2274         mutex_lock(&crypt_stat->keysig_list_mutex);
2275         key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2276         if (!key_rec) {
2277                 rc = -ENOMEM;
2278                 goto out;
2279         }
2280         list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2281                             crypt_stat_list) {
2282                 memset(key_rec, 0, sizeof(*key_rec));
2283                 rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
2284                                                            mount_crypt_stat,
2285                                                            key_sig->keysig);
2286                 if (rc) {
2287                         printk(KERN_ERR "Error attempting to get the global "
2288                                "auth_tok; rc = [%d]\n", rc);
2289                         goto out_free;
2290                 }
2291                 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2292                         printk(KERN_WARNING
2293                                "Skipping invalid auth tok with sig = [%s]\n",
2294                                global_auth_tok->sig);
2295                         continue;
2296                 }
2297                 auth_tok = global_auth_tok->global_auth_tok;
2298                 if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2299                         rc = write_tag_3_packet((dest_base + (*len)),
2300                                                 &max, auth_tok,
2301                                                 crypt_stat, key_rec,
2302                                                 &written);
2303                         if (rc) {
2304                                 ecryptfs_printk(KERN_WARNING, "Error "
2305                                                 "writing tag 3 packet\n");
2306                                 goto out_free;
2307                         }
2308                         (*len) += written;
2309                         /* Write auth tok signature packet */
2310                         rc = write_tag_11_packet((dest_base + (*len)), &max,
2311                                                  key_rec->sig,
2312                                                  ECRYPTFS_SIG_SIZE, &written);
2313                         if (rc) {
2314                                 ecryptfs_printk(KERN_ERR, "Error writing "
2315                                                 "auth tok signature packet\n");
2316                                 goto out_free;
2317                         }
2318                         (*len) += written;
2319                 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2320                         rc = write_tag_1_packet(dest_base + (*len),
2321                                                 &max, auth_tok,
2322                                                 crypt_stat, key_rec, &written);
2323                         if (rc) {
2324                                 ecryptfs_printk(KERN_WARNING, "Error "
2325                                                 "writing tag 1 packet\n");
2326                                 goto out_free;
2327                         }
2328                         (*len) += written;
2329                 } else {
2330                         ecryptfs_printk(KERN_WARNING, "Unsupported "
2331                                         "authentication token type\n");
2332                         rc = -EINVAL;
2333                         goto out_free;
2334                 }
2335         }
2336         if (likely(max > 0)) {
2337                 dest_base[(*len)] = 0x00;
2338         } else {
2339                 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2340                 rc = -EIO;
2341         }
2342 out_free:
2343         kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2344 out:
2345         if (rc)
2346                 (*len) = 0;
2347         mutex_unlock(&crypt_stat->keysig_list_mutex);
2348         return rc;
2349 }
2350
2351 struct kmem_cache *ecryptfs_key_sig_cache;
2352
2353 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2354 {
2355         struct ecryptfs_key_sig *new_key_sig;
2356         int rc = 0;
2357
2358         new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2359         if (!new_key_sig) {
2360                 rc = -ENOMEM;
2361                 printk(KERN_ERR
2362                        "Error allocating from ecryptfs_key_sig_cache\n");
2363                 goto out;
2364         }
2365         memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2366         mutex_lock(&crypt_stat->keysig_list_mutex);
2367         list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2368         mutex_unlock(&crypt_stat->keysig_list_mutex);
2369 out:
2370         return rc;
2371 }
2372
2373 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2374
2375 int
2376 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2377                              char *sig, u32 global_auth_tok_flags)
2378 {
2379         struct ecryptfs_global_auth_tok *new_auth_tok;
2380         int rc = 0;
2381
2382         new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2383                                         GFP_KERNEL);
2384         if (!new_auth_tok) {
2385                 rc = -ENOMEM;
2386                 printk(KERN_ERR "Error allocating from "
2387                        "ecryptfs_global_auth_tok_cache\n");
2388                 goto out;
2389         }
2390         memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2391         new_auth_tok->flags = global_auth_tok_flags;
2392         new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2393         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2394         list_add(&new_auth_tok->mount_crypt_stat_list,
2395                  &mount_crypt_stat->global_auth_tok_list);
2396         mount_crypt_stat->num_global_auth_toks++;
2397         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2398 out:
2399         return rc;
2400 }
2401