Merge branch 'topic/hda' into for-linus
[linux-2.6] / fs / ecryptfs / keystore.c
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  * In-kernel key management code.  Includes functions to parse and
4  * write authentication token-related packets with the underlying
5  * file.
6  *
7  * Copyright (C) 2004-2006 International Business Machines Corp.
8  *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
9  *              Michael C. Thompson <mcthomps@us.ibm.com>
10  *              Trevor S. Highland <trevor.highland@gmail.com>
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License as
14  * published by the Free Software Foundation; either version 2 of the
15  * License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful, but
18  * WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
20  * General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25  * 02111-1307, USA.
26  */
27
28 #include <linux/string.h>
29 #include <linux/syscalls.h>
30 #include <linux/pagemap.h>
31 #include <linux/key.h>
32 #include <linux/random.h>
33 #include <linux/crypto.h>
34 #include <linux/scatterlist.h>
35 #include "ecryptfs_kernel.h"
36
37 /**
38  * request_key returned an error instead of a valid key address;
39  * determine the type of error, make appropriate log entries, and
40  * return an error code.
41  */
42 static int process_request_key_err(long err_code)
43 {
44         int rc = 0;
45
46         switch (err_code) {
47         case -ENOKEY:
48                 ecryptfs_printk(KERN_WARNING, "No key\n");
49                 rc = -ENOENT;
50                 break;
51         case -EKEYEXPIRED:
52                 ecryptfs_printk(KERN_WARNING, "Key expired\n");
53                 rc = -ETIME;
54                 break;
55         case -EKEYREVOKED:
56                 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
57                 rc = -EINVAL;
58                 break;
59         default:
60                 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
61                                 "[0x%.16x]\n", err_code);
62                 rc = -EINVAL;
63         }
64         return rc;
65 }
66
67 /**
68  * ecryptfs_parse_packet_length
69  * @data: Pointer to memory containing length at offset
70  * @size: This function writes the decoded size to this memory
71  *        address; zero on error
72  * @length_size: The number of bytes occupied by the encoded length
73  *
74  * Returns zero on success; non-zero on error
75  */
76 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
77                                  size_t *length_size)
78 {
79         int rc = 0;
80
81         (*length_size) = 0;
82         (*size) = 0;
83         if (data[0] < 192) {
84                 /* One-byte length */
85                 (*size) = (unsigned char)data[0];
86                 (*length_size) = 1;
87         } else if (data[0] < 224) {
88                 /* Two-byte length */
89                 (*size) = (((unsigned char)(data[0]) - 192) * 256);
90                 (*size) += ((unsigned char)(data[1]) + 192);
91                 (*length_size) = 2;
92         } else if (data[0] == 255) {
93                 /* Five-byte length; we're not supposed to see this */
94                 ecryptfs_printk(KERN_ERR, "Five-byte packet length not "
95                                 "supported\n");
96                 rc = -EINVAL;
97                 goto out;
98         } else {
99                 ecryptfs_printk(KERN_ERR, "Error parsing packet length\n");
100                 rc = -EINVAL;
101                 goto out;
102         }
103 out:
104         return rc;
105 }
106
107 /**
108  * ecryptfs_write_packet_length
109  * @dest: The byte array target into which to write the length. Must
110  *        have at least 5 bytes allocated.
111  * @size: The length to write.
112  * @packet_size_length: The number of bytes used to encode the packet
113  *                      length is written to this address.
114  *
115  * Returns zero on success; non-zero on error.
116  */
117 int ecryptfs_write_packet_length(char *dest, size_t size,
118                                  size_t *packet_size_length)
119 {
120         int rc = 0;
121
122         if (size < 192) {
123                 dest[0] = size;
124                 (*packet_size_length) = 1;
125         } else if (size < 65536) {
126                 dest[0] = (((size - 192) / 256) + 192);
127                 dest[1] = ((size - 192) % 256);
128                 (*packet_size_length) = 2;
129         } else {
130                 rc = -EINVAL;
131                 ecryptfs_printk(KERN_WARNING,
132                                 "Unsupported packet size: [%d]\n", size);
133         }
134         return rc;
135 }
136
137 static int
138 write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
139                     char **packet, size_t *packet_len)
140 {
141         size_t i = 0;
142         size_t data_len;
143         size_t packet_size_len;
144         char *message;
145         int rc;
146
147         /*
148          *              ***** TAG 64 Packet Format *****
149          *    | Content Type                       | 1 byte       |
150          *    | Key Identifier Size                | 1 or 2 bytes |
151          *    | Key Identifier                     | arbitrary    |
152          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
153          *    | Encrypted File Encryption Key      | arbitrary    |
154          */
155         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
156                     + session_key->encrypted_key_size);
157         *packet = kmalloc(data_len, GFP_KERNEL);
158         message = *packet;
159         if (!message) {
160                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
161                 rc = -ENOMEM;
162                 goto out;
163         }
164         message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
165         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
166                                           &packet_size_len);
167         if (rc) {
168                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
169                                 "header; cannot generate packet length\n");
170                 goto out;
171         }
172         i += packet_size_len;
173         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
174         i += ECRYPTFS_SIG_SIZE_HEX;
175         rc = ecryptfs_write_packet_length(&message[i],
176                                           session_key->encrypted_key_size,
177                                           &packet_size_len);
178         if (rc) {
179                 ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
180                                 "header; cannot generate packet length\n");
181                 goto out;
182         }
183         i += packet_size_len;
184         memcpy(&message[i], session_key->encrypted_key,
185                session_key->encrypted_key_size);
186         i += session_key->encrypted_key_size;
187         *packet_len = i;
188 out:
189         return rc;
190 }
191
192 static int
193 parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
194                     struct ecryptfs_message *msg)
195 {
196         size_t i = 0;
197         char *data;
198         size_t data_len;
199         size_t m_size;
200         size_t message_len;
201         u16 checksum = 0;
202         u16 expected_checksum = 0;
203         int rc;
204
205         /*
206          *              ***** TAG 65 Packet Format *****
207          *         | Content Type             | 1 byte       |
208          *         | Status Indicator         | 1 byte       |
209          *         | File Encryption Key Size | 1 or 2 bytes |
210          *         | File Encryption Key      | arbitrary    |
211          */
212         message_len = msg->data_len;
213         data = msg->data;
214         if (message_len < 4) {
215                 rc = -EIO;
216                 goto out;
217         }
218         if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
219                 ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
220                 rc = -EIO;
221                 goto out;
222         }
223         if (data[i++]) {
224                 ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
225                                 "[%d]\n", data[i-1]);
226                 rc = -EIO;
227                 goto out;
228         }
229         rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len);
230         if (rc) {
231                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
232                                 "rc = [%d]\n", rc);
233                 goto out;
234         }
235         i += data_len;
236         if (message_len < (i + m_size)) {
237                 ecryptfs_printk(KERN_ERR, "The message received from ecryptfsd "
238                                 "is shorter than expected\n");
239                 rc = -EIO;
240                 goto out;
241         }
242         if (m_size < 3) {
243                 ecryptfs_printk(KERN_ERR,
244                                 "The decrypted key is not long enough to "
245                                 "include a cipher code and checksum\n");
246                 rc = -EIO;
247                 goto out;
248         }
249         *cipher_code = data[i++];
250         /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
251         session_key->decrypted_key_size = m_size - 3;
252         if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
253                 ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
254                                 "the maximum key size [%d]\n",
255                                 session_key->decrypted_key_size,
256                                 ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
257                 rc = -EIO;
258                 goto out;
259         }
260         memcpy(session_key->decrypted_key, &data[i],
261                session_key->decrypted_key_size);
262         i += session_key->decrypted_key_size;
263         expected_checksum += (unsigned char)(data[i++]) << 8;
264         expected_checksum += (unsigned char)(data[i++]);
265         for (i = 0; i < session_key->decrypted_key_size; i++)
266                 checksum += session_key->decrypted_key[i];
267         if (expected_checksum != checksum) {
268                 ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
269                                 "encryption  key; expected [%x]; calculated "
270                                 "[%x]\n", expected_checksum, checksum);
271                 rc = -EIO;
272         }
273 out:
274         return rc;
275 }
276
277
278 static int
279 write_tag_66_packet(char *signature, u8 cipher_code,
280                     struct ecryptfs_crypt_stat *crypt_stat, char **packet,
281                     size_t *packet_len)
282 {
283         size_t i = 0;
284         size_t j;
285         size_t data_len;
286         size_t checksum = 0;
287         size_t packet_size_len;
288         char *message;
289         int rc;
290
291         /*
292          *              ***** TAG 66 Packet Format *****
293          *         | Content Type             | 1 byte       |
294          *         | Key Identifier Size      | 1 or 2 bytes |
295          *         | Key Identifier           | arbitrary    |
296          *         | File Encryption Key Size | 1 or 2 bytes |
297          *         | File Encryption Key      | arbitrary    |
298          */
299         data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
300         *packet = kmalloc(data_len, GFP_KERNEL);
301         message = *packet;
302         if (!message) {
303                 ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
304                 rc = -ENOMEM;
305                 goto out;
306         }
307         message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
308         rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
309                                           &packet_size_len);
310         if (rc) {
311                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
312                                 "header; cannot generate packet length\n");
313                 goto out;
314         }
315         i += packet_size_len;
316         memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
317         i += ECRYPTFS_SIG_SIZE_HEX;
318         /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
319         rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3,
320                                           &packet_size_len);
321         if (rc) {
322                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
323                                 "header; cannot generate packet length\n");
324                 goto out;
325         }
326         i += packet_size_len;
327         message[i++] = cipher_code;
328         memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
329         i += crypt_stat->key_size;
330         for (j = 0; j < crypt_stat->key_size; j++)
331                 checksum += crypt_stat->key[j];
332         message[i++] = (checksum / 256) % 256;
333         message[i++] = (checksum % 256);
334         *packet_len = i;
335 out:
336         return rc;
337 }
338
339 static int
340 parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
341                     struct ecryptfs_message *msg)
342 {
343         size_t i = 0;
344         char *data;
345         size_t data_len;
346         size_t message_len;
347         int rc;
348
349         /*
350          *              ***** TAG 65 Packet Format *****
351          *    | Content Type                       | 1 byte       |
352          *    | Status Indicator                   | 1 byte       |
353          *    | Encrypted File Encryption Key Size | 1 or 2 bytes |
354          *    | Encrypted File Encryption Key      | arbitrary    |
355          */
356         message_len = msg->data_len;
357         data = msg->data;
358         /* verify that everything through the encrypted FEK size is present */
359         if (message_len < 4) {
360                 rc = -EIO;
361                 printk(KERN_ERR "%s: message_len is [%zd]; minimum acceptable "
362                        "message length is [%d]\n", __func__, message_len, 4);
363                 goto out;
364         }
365         if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
366                 rc = -EIO;
367                 printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n",
368                        __func__);
369                 goto out;
370         }
371         if (data[i++]) {
372                 rc = -EIO;
373                 printk(KERN_ERR "%s: Status indicator has non zero "
374                        "value [%d]\n", __func__, data[i-1]);
375
376                 goto out;
377         }
378         rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size,
379                                           &data_len);
380         if (rc) {
381                 ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
382                                 "rc = [%d]\n", rc);
383                 goto out;
384         }
385         i += data_len;
386         if (message_len < (i + key_rec->enc_key_size)) {
387                 rc = -EIO;
388                 printk(KERN_ERR "%s: message_len [%zd]; max len is [%zd]\n",
389                        __func__, message_len, (i + key_rec->enc_key_size));
390                 goto out;
391         }
392         if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
393                 rc = -EIO;
394                 printk(KERN_ERR "%s: Encrypted key_size [%zd] larger than "
395                        "the maximum key size [%d]\n", __func__,
396                        key_rec->enc_key_size,
397                        ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
398                 goto out;
399         }
400         memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
401 out:
402         return rc;
403 }
404
405 static int
406 ecryptfs_find_global_auth_tok_for_sig(
407         struct ecryptfs_global_auth_tok **global_auth_tok,
408         struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
409 {
410         struct ecryptfs_global_auth_tok *walker;
411         int rc = 0;
412
413         (*global_auth_tok) = NULL;
414         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
415         list_for_each_entry(walker,
416                             &mount_crypt_stat->global_auth_tok_list,
417                             mount_crypt_stat_list) {
418                 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
419                         (*global_auth_tok) = walker;
420                         goto out;
421                 }
422         }
423         rc = -EINVAL;
424 out:
425         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
426         return rc;
427 }
428
429 /**
430  * ecryptfs_find_auth_tok_for_sig
431  * @auth_tok: Set to the matching auth_tok; NULL if not found
432  * @crypt_stat: inode crypt_stat crypto context
433  * @sig: Sig of auth_tok to find
434  *
435  * For now, this function simply looks at the registered auth_tok's
436  * linked off the mount_crypt_stat, so all the auth_toks that can be
437  * used must be registered at mount time. This function could
438  * potentially try a lot harder to find auth_tok's (e.g., by calling
439  * out to ecryptfsd to dynamically retrieve an auth_tok object) so
440  * that static registration of auth_tok's will no longer be necessary.
441  *
442  * Returns zero on no error; non-zero on error
443  */
444 static int
445 ecryptfs_find_auth_tok_for_sig(
446         struct ecryptfs_auth_tok **auth_tok,
447         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
448         char *sig)
449 {
450         struct ecryptfs_global_auth_tok *global_auth_tok;
451         int rc = 0;
452
453         (*auth_tok) = NULL;
454         if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
455                                                   mount_crypt_stat, sig)) {
456                 struct key *auth_tok_key;
457
458                 rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok,
459                                                        sig);
460         } else
461                 (*auth_tok) = global_auth_tok->global_auth_tok;
462         return rc;
463 }
464
465 /**
466  * write_tag_70_packet can gobble a lot of stack space. We stuff most
467  * of the function's parameters in a kmalloc'd struct to help reduce
468  * eCryptfs' overall stack usage.
469  */
470 struct ecryptfs_write_tag_70_packet_silly_stack {
471         u8 cipher_code;
472         size_t max_packet_size;
473         size_t packet_size_len;
474         size_t block_aligned_filename_size;
475         size_t block_size;
476         size_t i;
477         size_t j;
478         size_t num_rand_bytes;
479         struct mutex *tfm_mutex;
480         char *block_aligned_filename;
481         struct ecryptfs_auth_tok *auth_tok;
482         struct scatterlist src_sg;
483         struct scatterlist dst_sg;
484         struct blkcipher_desc desc;
485         char iv[ECRYPTFS_MAX_IV_BYTES];
486         char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
487         char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
488         struct hash_desc hash_desc;
489         struct scatterlist hash_sg;
490 };
491
492 /**
493  * write_tag_70_packet - Write encrypted filename (EFN) packet against FNEK
494  * @filename: NULL-terminated filename string
495  *
496  * This is the simplest mechanism for achieving filename encryption in
497  * eCryptfs. It encrypts the given filename with the mount-wide
498  * filename encryption key (FNEK) and stores it in a packet to @dest,
499  * which the callee will encode and write directly into the dentry
500  * name.
501  */
502 int
503 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
504                              size_t *packet_size,
505                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
506                              char *filename, size_t filename_size)
507 {
508         struct ecryptfs_write_tag_70_packet_silly_stack *s;
509         int rc = 0;
510
511         s = kmalloc(sizeof(*s), GFP_KERNEL);
512         if (!s) {
513                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
514                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
515                 goto out;
516         }
517         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
518         (*packet_size) = 0;
519         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
520                 &s->desc.tfm,
521                 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
522         if (unlikely(rc)) {
523                 printk(KERN_ERR "Internal error whilst attempting to get "
524                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
525                        mount_crypt_stat->global_default_fn_cipher_name, rc);
526                 goto out;
527         }
528         mutex_lock(s->tfm_mutex);
529         s->block_size = crypto_blkcipher_blocksize(s->desc.tfm);
530         /* Plus one for the \0 separator between the random prefix
531          * and the plaintext filename */
532         s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1);
533         s->block_aligned_filename_size = (s->num_rand_bytes + filename_size);
534         if ((s->block_aligned_filename_size % s->block_size) != 0) {
535                 s->num_rand_bytes += (s->block_size
536                                       - (s->block_aligned_filename_size
537                                          % s->block_size));
538                 s->block_aligned_filename_size = (s->num_rand_bytes
539                                                   + filename_size);
540         }
541         /* Octet 0: Tag 70 identifier
542          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
543          *              and block-aligned encrypted filename size)
544          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
545          * Octet N2-N3: Cipher identifier (1 octet)
546          * Octets N3-N4: Block-aligned encrypted filename
547          *  - Consists of a minimum number of random characters, a \0
548          *    separator, and then the filename */
549         s->max_packet_size = (1                   /* Tag 70 identifier */
550                               + 3                 /* Max Tag 70 packet size */
551                               + ECRYPTFS_SIG_SIZE /* FNEK sig */
552                               + 1                 /* Cipher identifier */
553                               + s->block_aligned_filename_size);
554         if (dest == NULL) {
555                 (*packet_size) = s->max_packet_size;
556                 goto out_unlock;
557         }
558         if (s->max_packet_size > (*remaining_bytes)) {
559                 printk(KERN_WARNING "%s: Require [%zd] bytes to write; only "
560                        "[%zd] available\n", __func__, s->max_packet_size,
561                        (*remaining_bytes));
562                 rc = -EINVAL;
563                 goto out_unlock;
564         }
565         s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
566                                             GFP_KERNEL);
567         if (!s->block_aligned_filename) {
568                 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
569                        "kzalloc [%zd] bytes\n", __func__,
570                        s->block_aligned_filename_size);
571                 rc = -ENOMEM;
572                 goto out_unlock;
573         }
574         s->i = 0;
575         dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE;
576         rc = ecryptfs_write_packet_length(&dest[s->i],
577                                           (ECRYPTFS_SIG_SIZE
578                                            + 1 /* Cipher code */
579                                            + s->block_aligned_filename_size),
580                                           &s->packet_size_len);
581         if (rc) {
582                 printk(KERN_ERR "%s: Error generating tag 70 packet "
583                        "header; cannot generate packet length; rc = [%d]\n",
584                        __func__, rc);
585                 goto out_free_unlock;
586         }
587         s->i += s->packet_size_len;
588         ecryptfs_from_hex(&dest[s->i],
589                           mount_crypt_stat->global_default_fnek_sig,
590                           ECRYPTFS_SIG_SIZE);
591         s->i += ECRYPTFS_SIG_SIZE;
592         s->cipher_code = ecryptfs_code_for_cipher_string(
593                 mount_crypt_stat->global_default_fn_cipher_name,
594                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
595         if (s->cipher_code == 0) {
596                 printk(KERN_WARNING "%s: Unable to generate code for "
597                        "cipher [%s] with key bytes [%zd]\n", __func__,
598                        mount_crypt_stat->global_default_fn_cipher_name,
599                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
600                 rc = -EINVAL;
601                 goto out_free_unlock;
602         }
603         dest[s->i++] = s->cipher_code;
604         rc = ecryptfs_find_auth_tok_for_sig(
605                 &s->auth_tok, mount_crypt_stat,
606                 mount_crypt_stat->global_default_fnek_sig);
607         if (rc) {
608                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
609                        "fnek sig [%s]; rc = [%d]\n", __func__,
610                        mount_crypt_stat->global_default_fnek_sig, rc);
611                 goto out_free_unlock;
612         }
613         /* TODO: Support other key modules than passphrase for
614          * filename encryption */
615         BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
616         sg_init_one(
617                 &s->hash_sg,
618                 (u8 *)s->auth_tok->token.password.session_key_encryption_key,
619                 s->auth_tok->token.password.session_key_encryption_key_bytes);
620         s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
621         s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0,
622                                              CRYPTO_ALG_ASYNC);
623         if (IS_ERR(s->hash_desc.tfm)) {
624                         rc = PTR_ERR(s->hash_desc.tfm);
625                         printk(KERN_ERR "%s: Error attempting to "
626                                "allocate hash crypto context; rc = [%d]\n",
627                                __func__, rc);
628                         goto out_free_unlock;
629         }
630         rc = crypto_hash_init(&s->hash_desc);
631         if (rc) {
632                 printk(KERN_ERR
633                        "%s: Error initializing crypto hash; rc = [%d]\n",
634                        __func__, rc);
635                 goto out_release_free_unlock;
636         }
637         rc = crypto_hash_update(
638                 &s->hash_desc, &s->hash_sg,
639                 s->auth_tok->token.password.session_key_encryption_key_bytes);
640         if (rc) {
641                 printk(KERN_ERR
642                        "%s: Error updating crypto hash; rc = [%d]\n",
643                        __func__, rc);
644                 goto out_release_free_unlock;
645         }
646         rc = crypto_hash_final(&s->hash_desc, s->hash);
647         if (rc) {
648                 printk(KERN_ERR
649                        "%s: Error finalizing crypto hash; rc = [%d]\n",
650                        __func__, rc);
651                 goto out_release_free_unlock;
652         }
653         for (s->j = 0; s->j < (s->num_rand_bytes - 1); s->j++) {
654                 s->block_aligned_filename[s->j] =
655                         s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)];
656                 if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)
657                     == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) {
658                         sg_init_one(&s->hash_sg, (u8 *)s->hash,
659                                     ECRYPTFS_TAG_70_DIGEST_SIZE);
660                         rc = crypto_hash_init(&s->hash_desc);
661                         if (rc) {
662                                 printk(KERN_ERR
663                                        "%s: Error initializing crypto hash; "
664                                        "rc = [%d]\n", __func__, rc);
665                                 goto out_release_free_unlock;
666                         }
667                         rc = crypto_hash_update(&s->hash_desc, &s->hash_sg,
668                                                 ECRYPTFS_TAG_70_DIGEST_SIZE);
669                         if (rc) {
670                                 printk(KERN_ERR
671                                        "%s: Error updating crypto hash; "
672                                        "rc = [%d]\n", __func__, rc);
673                                 goto out_release_free_unlock;
674                         }
675                         rc = crypto_hash_final(&s->hash_desc, s->tmp_hash);
676                         if (rc) {
677                                 printk(KERN_ERR
678                                        "%s: Error finalizing crypto hash; "
679                                        "rc = [%d]\n", __func__, rc);
680                                 goto out_release_free_unlock;
681                         }
682                         memcpy(s->hash, s->tmp_hash,
683                                ECRYPTFS_TAG_70_DIGEST_SIZE);
684                 }
685                 if (s->block_aligned_filename[s->j] == '\0')
686                         s->block_aligned_filename[s->j] = ECRYPTFS_NON_NULL;
687         }
688         memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
689                filename_size);
690         rc = virt_to_scatterlist(s->block_aligned_filename,
691                                  s->block_aligned_filename_size, &s->src_sg, 1);
692         if (rc != 1) {
693                 printk(KERN_ERR "%s: Internal error whilst attempting to "
694                        "convert filename memory to scatterlist; "
695                        "expected rc = 1; got rc = [%d]. "
696                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
697                        s->block_aligned_filename_size);
698                 goto out_release_free_unlock;
699         }
700         rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
701                                  &s->dst_sg, 1);
702         if (rc != 1) {
703                 printk(KERN_ERR "%s: Internal error whilst attempting to "
704                        "convert encrypted filename memory to scatterlist; "
705                        "expected rc = 1; got rc = [%d]. "
706                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
707                        s->block_aligned_filename_size);
708                 goto out_release_free_unlock;
709         }
710         /* The characters in the first block effectively do the job
711          * of the IV here, so we just use 0's for the IV. Note the
712          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
713          * >= ECRYPTFS_MAX_IV_BYTES. */
714         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
715         s->desc.info = s->iv;
716         rc = crypto_blkcipher_setkey(
717                 s->desc.tfm,
718                 s->auth_tok->token.password.session_key_encryption_key,
719                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
720         if (rc < 0) {
721                 printk(KERN_ERR "%s: Error setting key for crypto context; "
722                        "rc = [%d]. s->auth_tok->token.password.session_key_"
723                        "encryption_key = [0x%p]; mount_crypt_stat->"
724                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
725                        rc,
726                        s->auth_tok->token.password.session_key_encryption_key,
727                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
728                 goto out_release_free_unlock;
729         }
730         rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
731                                          s->block_aligned_filename_size);
732         if (rc) {
733                 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
734                        "rc = [%d]\n", __func__, rc);
735                 goto out_release_free_unlock;
736         }
737         s->i += s->block_aligned_filename_size;
738         (*packet_size) = s->i;
739         (*remaining_bytes) -= (*packet_size);
740 out_release_free_unlock:
741         crypto_free_hash(s->hash_desc.tfm);
742 out_free_unlock:
743         memset(s->block_aligned_filename, 0, s->block_aligned_filename_size);
744         kfree(s->block_aligned_filename);
745 out_unlock:
746         mutex_unlock(s->tfm_mutex);
747 out:
748         kfree(s);
749         return rc;
750 }
751
752 struct ecryptfs_parse_tag_70_packet_silly_stack {
753         u8 cipher_code;
754         size_t max_packet_size;
755         size_t packet_size_len;
756         size_t parsed_tag_70_packet_size;
757         size_t block_aligned_filename_size;
758         size_t block_size;
759         size_t i;
760         struct mutex *tfm_mutex;
761         char *decrypted_filename;
762         struct ecryptfs_auth_tok *auth_tok;
763         struct scatterlist src_sg;
764         struct scatterlist dst_sg;
765         struct blkcipher_desc desc;
766         char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
767         char iv[ECRYPTFS_MAX_IV_BYTES];
768         char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
769 };
770
771 /**
772  * parse_tag_70_packet - Parse and process FNEK-encrypted passphrase packet
773  * @filename: This function kmalloc's the memory for the filename
774  * @filename_size: This function sets this to the amount of memory
775  *                 kmalloc'd for the filename
776  * @packet_size: This function sets this to the the number of octets
777  *               in the packet parsed
778  * @mount_crypt_stat: The mount-wide cryptographic context
779  * @data: The memory location containing the start of the tag 70
780  *        packet
781  * @max_packet_size: The maximum legal size of the packet to be parsed
782  *                   from @data
783  *
784  * Returns zero on success; non-zero otherwise
785  */
786 int
787 ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
788                              size_t *packet_size,
789                              struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
790                              char *data, size_t max_packet_size)
791 {
792         struct ecryptfs_parse_tag_70_packet_silly_stack *s;
793         int rc = 0;
794
795         (*packet_size) = 0;
796         (*filename_size) = 0;
797         (*filename) = NULL;
798         s = kmalloc(sizeof(*s), GFP_KERNEL);
799         if (!s) {
800                 printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
801                        "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
802                 goto out;
803         }
804         s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
805         if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) {
806                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
807                        "at least [%d]\n", __func__, max_packet_size,
808                         (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1));
809                 rc = -EINVAL;
810                 goto out;
811         }
812         /* Octet 0: Tag 70 identifier
813          * Octets 1-N1: Tag 70 packet size (includes cipher identifier
814          *              and block-aligned encrypted filename size)
815          * Octets N1-N2: FNEK sig (ECRYPTFS_SIG_SIZE)
816          * Octet N2-N3: Cipher identifier (1 octet)
817          * Octets N3-N4: Block-aligned encrypted filename
818          *  - Consists of a minimum number of random numbers, a \0
819          *    separator, and then the filename */
820         if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) {
821                 printk(KERN_WARNING "%s: Invalid packet tag [0x%.2x]; must be "
822                        "tag [0x%.2x]\n", __func__,
823                        data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE);
824                 rc = -EINVAL;
825                 goto out;
826         }
827         rc = ecryptfs_parse_packet_length(&data[(*packet_size)],
828                                           &s->parsed_tag_70_packet_size,
829                                           &s->packet_size_len);
830         if (rc) {
831                 printk(KERN_WARNING "%s: Error parsing packet length; "
832                        "rc = [%d]\n", __func__, rc);
833                 goto out;
834         }
835         s->block_aligned_filename_size = (s->parsed_tag_70_packet_size
836                                           - ECRYPTFS_SIG_SIZE - 1);
837         if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size)
838             > max_packet_size) {
839                 printk(KERN_WARNING "%s: max_packet_size is [%zd]; real packet "
840                        "size is [%zd]\n", __func__, max_packet_size,
841                        (1 + s->packet_size_len + 1
842                         + s->block_aligned_filename_size));
843                 rc = -EINVAL;
844                 goto out;
845         }
846         (*packet_size) += s->packet_size_len;
847         ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)],
848                         ECRYPTFS_SIG_SIZE);
849         s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
850         (*packet_size) += ECRYPTFS_SIG_SIZE;
851         s->cipher_code = data[(*packet_size)++];
852         rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
853         if (rc) {
854                 printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
855                        __func__, s->cipher_code);
856                 goto out;
857         }
858         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
859                                                         &s->tfm_mutex,
860                                                         s->cipher_string);
861         if (unlikely(rc)) {
862                 printk(KERN_ERR "Internal error whilst attempting to get "
863                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
864                        s->cipher_string, rc);
865                 goto out;
866         }
867         mutex_lock(s->tfm_mutex);
868         rc = virt_to_scatterlist(&data[(*packet_size)],
869                                  s->block_aligned_filename_size, &s->src_sg, 1);
870         if (rc != 1) {
871                 printk(KERN_ERR "%s: Internal error whilst attempting to "
872                        "convert encrypted filename memory to scatterlist; "
873                        "expected rc = 1; got rc = [%d]. "
874                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
875                        s->block_aligned_filename_size);
876                 goto out_unlock;
877         }
878         (*packet_size) += s->block_aligned_filename_size;
879         s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
880                                         GFP_KERNEL);
881         if (!s->decrypted_filename) {
882                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
883                        "kmalloc [%zd] bytes\n", __func__,
884                        s->block_aligned_filename_size);
885                 rc = -ENOMEM;
886                 goto out_unlock;
887         }
888         rc = virt_to_scatterlist(s->decrypted_filename,
889                                  s->block_aligned_filename_size, &s->dst_sg, 1);
890         if (rc != 1) {
891                 printk(KERN_ERR "%s: Internal error whilst attempting to "
892                        "convert decrypted filename memory to scatterlist; "
893                        "expected rc = 1; got rc = [%d]. "
894                        "block_aligned_filename_size = [%zd]\n", __func__, rc,
895                        s->block_aligned_filename_size);
896                 goto out_free_unlock;
897         }
898         /* The characters in the first block effectively do the job of
899          * the IV here, so we just use 0's for the IV. Note the
900          * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES
901          * >= ECRYPTFS_MAX_IV_BYTES. */
902         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
903         s->desc.info = s->iv;
904         rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat,
905                                             s->fnek_sig_hex);
906         if (rc) {
907                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
908                        "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
909                        rc);
910                 goto out_free_unlock;
911         }
912         /* TODO: Support other key modules than passphrase for
913          * filename encryption */
914         BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
915         rc = crypto_blkcipher_setkey(
916                 s->desc.tfm,
917                 s->auth_tok->token.password.session_key_encryption_key,
918                 mount_crypt_stat->global_default_fn_cipher_key_bytes);
919         if (rc < 0) {
920                 printk(KERN_ERR "%s: Error setting key for crypto context; "
921                        "rc = [%d]. s->auth_tok->token.password.session_key_"
922                        "encryption_key = [0x%p]; mount_crypt_stat->"
923                        "global_default_fn_cipher_key_bytes = [%zd]\n", __func__,
924                        rc,
925                        s->auth_tok->token.password.session_key_encryption_key,
926                        mount_crypt_stat->global_default_fn_cipher_key_bytes);
927                 goto out_free_unlock;
928         }
929         rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
930                                          s->block_aligned_filename_size);
931         if (rc) {
932                 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
933                        "rc = [%d]\n", __func__, rc);
934                 goto out_free_unlock;
935         }
936         s->i = 0;
937         while (s->decrypted_filename[s->i] != '\0'
938                && s->i < s->block_aligned_filename_size)
939                 s->i++;
940         if (s->i == s->block_aligned_filename_size) {
941                 printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
942                        "find valid separator between random characters and "
943                        "the filename\n", __func__);
944                 rc = -EINVAL;
945                 goto out_free_unlock;
946         }
947         s->i++;
948         (*filename_size) = (s->block_aligned_filename_size - s->i);
949         if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) {
950                 printk(KERN_WARNING "%s: Filename size is [%zd], which is "
951                        "invalid\n", __func__, (*filename_size));
952                 rc = -EINVAL;
953                 goto out_free_unlock;
954         }
955         (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
956         if (!(*filename)) {
957                 printk(KERN_ERR "%s: Out of memory whilst attempting to "
958                        "kmalloc [%zd] bytes\n", __func__,
959                        ((*filename_size) + 1));
960                 rc = -ENOMEM;
961                 goto out_free_unlock;
962         }
963         memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size));
964         (*filename)[(*filename_size)] = '\0';
965 out_free_unlock:
966         kfree(s->decrypted_filename);
967 out_unlock:
968         mutex_unlock(s->tfm_mutex);
969 out:
970         if (rc) {
971                 (*packet_size) = 0;
972                 (*filename_size) = 0;
973                 (*filename) = NULL;
974         }
975         kfree(s);
976         return rc;
977 }
978
979 static int
980 ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok)
981 {
982         int rc = 0;
983
984         (*sig) = NULL;
985         switch (auth_tok->token_type) {
986         case ECRYPTFS_PASSWORD:
987                 (*sig) = auth_tok->token.password.signature;
988                 break;
989         case ECRYPTFS_PRIVATE_KEY:
990                 (*sig) = auth_tok->token.private_key.signature;
991                 break;
992         default:
993                 printk(KERN_ERR "Cannot get sig for auth_tok of type [%d]\n",
994                        auth_tok->token_type);
995                 rc = -EINVAL;
996         }
997         return rc;
998 }
999
1000 /**
1001  * decrypt_pki_encrypted_session_key - Decrypt the session key with the given auth_tok.
1002  * @auth_tok: The key authentication token used to decrypt the session key
1003  * @crypt_stat: The cryptographic context
1004  *
1005  * Returns zero on success; non-zero error otherwise.
1006  */
1007 static int
1008 decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1009                                   struct ecryptfs_crypt_stat *crypt_stat)
1010 {
1011         u8 cipher_code = 0;
1012         struct ecryptfs_msg_ctx *msg_ctx;
1013         struct ecryptfs_message *msg = NULL;
1014         char *auth_tok_sig;
1015         char *payload;
1016         size_t payload_len;
1017         int rc;
1018
1019         rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
1020         if (rc) {
1021                 printk(KERN_ERR "Unrecognized auth tok type: [%d]\n",
1022                        auth_tok->token_type);
1023                 goto out;
1024         }
1025         rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key),
1026                                  &payload, &payload_len);
1027         if (rc) {
1028                 ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n");
1029                 goto out;
1030         }
1031         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1032         if (rc) {
1033                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1034                                 "ecryptfsd\n");
1035                 goto out;
1036         }
1037         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1038         if (rc) {
1039                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
1040                                 "from the user space daemon\n");
1041                 rc = -EIO;
1042                 goto out;
1043         }
1044         rc = parse_tag_65_packet(&(auth_tok->session_key),
1045                                  &cipher_code, msg);
1046         if (rc) {
1047                 printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
1048                        rc);
1049                 goto out;
1050         }
1051         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1052         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1053                auth_tok->session_key.decrypted_key_size);
1054         crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
1055         rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
1056         if (rc) {
1057                 ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
1058                                 cipher_code)
1059                 goto out;
1060         }
1061         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1062         if (ecryptfs_verbosity > 0) {
1063                 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1064                 ecryptfs_dump_hex(crypt_stat->key,
1065                                   crypt_stat->key_size);
1066         }
1067 out:
1068         if (msg)
1069                 kfree(msg);
1070         return rc;
1071 }
1072
1073 static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
1074 {
1075         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1076         struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1077
1078         list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp,
1079                                  auth_tok_list_head, list) {
1080                 list_del(&auth_tok_list_item->list);
1081                 kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1082                                 auth_tok_list_item);
1083         }
1084 }
1085
1086 struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
1087
1088 /**
1089  * parse_tag_1_packet
1090  * @crypt_stat: The cryptographic context to modify based on packet contents
1091  * @data: The raw bytes of the packet.
1092  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1093  *                 a new authentication token will be placed at the
1094  *                 end of this list for this packet.
1095  * @new_auth_tok: Pointer to a pointer to memory that this function
1096  *                allocates; sets the memory address of the pointer to
1097  *                NULL on error. This object is added to the
1098  *                auth_tok_list.
1099  * @packet_size: This function writes the size of the parsed packet
1100  *               into this memory location; zero on error.
1101  * @max_packet_size: The maximum allowable packet size
1102  *
1103  * Returns zero on success; non-zero on error.
1104  */
1105 static int
1106 parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1107                    unsigned char *data, struct list_head *auth_tok_list,
1108                    struct ecryptfs_auth_tok **new_auth_tok,
1109                    size_t *packet_size, size_t max_packet_size)
1110 {
1111         size_t body_size;
1112         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1113         size_t length_size;
1114         int rc = 0;
1115
1116         (*packet_size) = 0;
1117         (*new_auth_tok) = NULL;
1118         /**
1119          * This format is inspired by OpenPGP; see RFC 2440
1120          * packet tag 1
1121          *
1122          * Tag 1 identifier (1 byte)
1123          * Max Tag 1 packet size (max 3 bytes)
1124          * Version (1 byte)
1125          * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)
1126          * Cipher identifier (1 byte)
1127          * Encrypted key size (arbitrary)
1128          *
1129          * 12 bytes minimum packet size
1130          */
1131         if (unlikely(max_packet_size < 12)) {
1132                 printk(KERN_ERR "Invalid max packet size; must be >=12\n");
1133                 rc = -EINVAL;
1134                 goto out;
1135         }
1136         if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
1137                 printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1138                        ECRYPTFS_TAG_1_PACKET_TYPE);
1139                 rc = -EINVAL;
1140                 goto out;
1141         }
1142         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1143          * at end of function upon failure */
1144         auth_tok_list_item =
1145                 kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,
1146                                   GFP_KERNEL);
1147         if (!auth_tok_list_item) {
1148                 printk(KERN_ERR "Unable to allocate memory\n");
1149                 rc = -ENOMEM;
1150                 goto out;
1151         }
1152         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1153         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1154                                           &length_size);
1155         if (rc) {
1156                 printk(KERN_WARNING "Error parsing packet length; "
1157                        "rc = [%d]\n", rc);
1158                 goto out_free;
1159         }
1160         if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {
1161                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1162                 rc = -EINVAL;
1163                 goto out_free;
1164         }
1165         (*packet_size) += length_size;
1166         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1167                 printk(KERN_WARNING "Packet size exceeds max\n");
1168                 rc = -EINVAL;
1169                 goto out_free;
1170         }
1171         if (unlikely(data[(*packet_size)++] != 0x03)) {
1172                 printk(KERN_WARNING "Unknown version number [%d]\n",
1173                        data[(*packet_size) - 1]);
1174                 rc = -EINVAL;
1175                 goto out_free;
1176         }
1177         ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
1178                         &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
1179         *packet_size += ECRYPTFS_SIG_SIZE;
1180         /* This byte is skipped because the kernel does not need to
1181          * know which public key encryption algorithm was used */
1182         (*packet_size)++;
1183         (*new_auth_tok)->session_key.encrypted_key_size =
1184                 body_size - (ECRYPTFS_SIG_SIZE + 2);
1185         if ((*new_auth_tok)->session_key.encrypted_key_size
1186             > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
1187                 printk(KERN_WARNING "Tag 1 packet contains key larger "
1188                        "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1189                 rc = -EINVAL;
1190                 goto out;
1191         }
1192         memcpy((*new_auth_tok)->session_key.encrypted_key,
1193                &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1194         (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
1195         (*new_auth_tok)->session_key.flags &=
1196                 ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1197         (*new_auth_tok)->session_key.flags |=
1198                 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1199         (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
1200         (*new_auth_tok)->flags = 0;
1201         (*new_auth_tok)->session_key.flags &=
1202                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1203         (*new_auth_tok)->session_key.flags &=
1204                 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1205         list_add(&auth_tok_list_item->list, auth_tok_list);
1206         goto out;
1207 out_free:
1208         (*new_auth_tok) = NULL;
1209         memset(auth_tok_list_item, 0,
1210                sizeof(struct ecryptfs_auth_tok_list_item));
1211         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1212                         auth_tok_list_item);
1213 out:
1214         if (rc)
1215                 (*packet_size) = 0;
1216         return rc;
1217 }
1218
1219 /**
1220  * parse_tag_3_packet
1221  * @crypt_stat: The cryptographic context to modify based on packet
1222  *              contents.
1223  * @data: The raw bytes of the packet.
1224  * @auth_tok_list: eCryptfs parses packets into authentication tokens;
1225  *                 a new authentication token will be placed at the end
1226  *                 of this list for this packet.
1227  * @new_auth_tok: Pointer to a pointer to memory that this function
1228  *                allocates; sets the memory address of the pointer to
1229  *                NULL on error. This object is added to the
1230  *                auth_tok_list.
1231  * @packet_size: This function writes the size of the parsed packet
1232  *               into this memory location; zero on error.
1233  * @max_packet_size: maximum number of bytes to parse
1234  *
1235  * Returns zero on success; non-zero on error.
1236  */
1237 static int
1238 parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
1239                    unsigned char *data, struct list_head *auth_tok_list,
1240                    struct ecryptfs_auth_tok **new_auth_tok,
1241                    size_t *packet_size, size_t max_packet_size)
1242 {
1243         size_t body_size;
1244         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1245         size_t length_size;
1246         int rc = 0;
1247
1248         (*packet_size) = 0;
1249         (*new_auth_tok) = NULL;
1250         /**
1251          *This format is inspired by OpenPGP; see RFC 2440
1252          * packet tag 3
1253          *
1254          * Tag 3 identifier (1 byte)
1255          * Max Tag 3 packet size (max 3 bytes)
1256          * Version (1 byte)
1257          * Cipher code (1 byte)
1258          * S2K specifier (1 byte)
1259          * Hash identifier (1 byte)
1260          * Salt (ECRYPTFS_SALT_SIZE)
1261          * Hash iterations (1 byte)
1262          * Encrypted key (arbitrary)
1263          *
1264          * (ECRYPTFS_SALT_SIZE + 7) minimum packet size
1265          */
1266         if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) {
1267                 printk(KERN_ERR "Max packet size too large\n");
1268                 rc = -EINVAL;
1269                 goto out;
1270         }
1271         if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) {
1272                 printk(KERN_ERR "First byte != 0x%.2x; invalid packet\n",
1273                        ECRYPTFS_TAG_3_PACKET_TYPE);
1274                 rc = -EINVAL;
1275                 goto out;
1276         }
1277         /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1278          * at end of function upon failure */
1279         auth_tok_list_item =
1280             kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL);
1281         if (!auth_tok_list_item) {
1282                 printk(KERN_ERR "Unable to allocate memory\n");
1283                 rc = -ENOMEM;
1284                 goto out;
1285         }
1286         (*new_auth_tok) = &auth_tok_list_item->auth_tok;
1287         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1288                                           &length_size);
1289         if (rc) {
1290                 printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n",
1291                        rc);
1292                 goto out_free;
1293         }
1294         if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) {
1295                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1296                 rc = -EINVAL;
1297                 goto out_free;
1298         }
1299         (*packet_size) += length_size;
1300         if (unlikely((*packet_size) + body_size > max_packet_size)) {
1301                 printk(KERN_ERR "Packet size exceeds max\n");
1302                 rc = -EINVAL;
1303                 goto out_free;
1304         }
1305         (*new_auth_tok)->session_key.encrypted_key_size =
1306                 (body_size - (ECRYPTFS_SALT_SIZE + 5));
1307         if (unlikely(data[(*packet_size)++] != 0x04)) {
1308                 printk(KERN_WARNING "Unknown version number [%d]\n",
1309                        data[(*packet_size) - 1]);
1310                 rc = -EINVAL;
1311                 goto out_free;
1312         }
1313         ecryptfs_cipher_code_to_string(crypt_stat->cipher,
1314                                        (u16)data[(*packet_size)]);
1315         /* A little extra work to differentiate among the AES key
1316          * sizes; see RFC2440 */
1317         switch(data[(*packet_size)++]) {
1318         case RFC2440_CIPHER_AES_192:
1319                 crypt_stat->key_size = 24;
1320                 break;
1321         default:
1322                 crypt_stat->key_size =
1323                         (*new_auth_tok)->session_key.encrypted_key_size;
1324         }
1325         ecryptfs_init_crypt_ctx(crypt_stat);
1326         if (unlikely(data[(*packet_size)++] != 0x03)) {
1327                 printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
1328                 rc = -ENOSYS;
1329                 goto out_free;
1330         }
1331         /* TODO: finish the hash mapping */
1332         switch (data[(*packet_size)++]) {
1333         case 0x01: /* See RFC2440 for these numbers and their mappings */
1334                 /* Choose MD5 */
1335                 memcpy((*new_auth_tok)->token.password.salt,
1336                        &data[(*packet_size)], ECRYPTFS_SALT_SIZE);
1337                 (*packet_size) += ECRYPTFS_SALT_SIZE;
1338                 /* This conversion was taken straight from RFC2440 */
1339                 (*new_auth_tok)->token.password.hash_iterations =
1340                         ((u32) 16 + (data[(*packet_size)] & 15))
1341                                 << ((data[(*packet_size)] >> 4) + 6);
1342                 (*packet_size)++;
1343                 /* Friendly reminder:
1344                  * (*new_auth_tok)->session_key.encrypted_key_size =
1345                  *         (body_size - (ECRYPTFS_SALT_SIZE + 5)); */
1346                 memcpy((*new_auth_tok)->session_key.encrypted_key,
1347                        &data[(*packet_size)],
1348                        (*new_auth_tok)->session_key.encrypted_key_size);
1349                 (*packet_size) +=
1350                         (*new_auth_tok)->session_key.encrypted_key_size;
1351                 (*new_auth_tok)->session_key.flags &=
1352                         ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1353                 (*new_auth_tok)->session_key.flags |=
1354                         ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
1355                 (*new_auth_tok)->token.password.hash_algo = 0x01; /* MD5 */
1356                 break;
1357         default:
1358                 ecryptfs_printk(KERN_ERR, "Unsupported hash algorithm: "
1359                                 "[%d]\n", data[(*packet_size) - 1]);
1360                 rc = -ENOSYS;
1361                 goto out_free;
1362         }
1363         (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
1364         /* TODO: Parametarize; we might actually want userspace to
1365          * decrypt the session key. */
1366         (*new_auth_tok)->session_key.flags &=
1367                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
1368         (*new_auth_tok)->session_key.flags &=
1369                             ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
1370         list_add(&auth_tok_list_item->list, auth_tok_list);
1371         goto out;
1372 out_free:
1373         (*new_auth_tok) = NULL;
1374         memset(auth_tok_list_item, 0,
1375                sizeof(struct ecryptfs_auth_tok_list_item));
1376         kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
1377                         auth_tok_list_item);
1378 out:
1379         if (rc)
1380                 (*packet_size) = 0;
1381         return rc;
1382 }
1383
1384 /**
1385  * parse_tag_11_packet
1386  * @data: The raw bytes of the packet
1387  * @contents: This function writes the data contents of the literal
1388  *            packet into this memory location
1389  * @max_contents_bytes: The maximum number of bytes that this function
1390  *                      is allowed to write into contents
1391  * @tag_11_contents_size: This function writes the size of the parsed
1392  *                        contents into this memory location; zero on
1393  *                        error
1394  * @packet_size: This function writes the size of the parsed packet
1395  *               into this memory location; zero on error
1396  * @max_packet_size: maximum number of bytes to parse
1397  *
1398  * Returns zero on success; non-zero on error.
1399  */
1400 static int
1401 parse_tag_11_packet(unsigned char *data, unsigned char *contents,
1402                     size_t max_contents_bytes, size_t *tag_11_contents_size,
1403                     size_t *packet_size, size_t max_packet_size)
1404 {
1405         size_t body_size;
1406         size_t length_size;
1407         int rc = 0;
1408
1409         (*packet_size) = 0;
1410         (*tag_11_contents_size) = 0;
1411         /* This format is inspired by OpenPGP; see RFC 2440
1412          * packet tag 11
1413          *
1414          * Tag 11 identifier (1 byte)
1415          * Max Tag 11 packet size (max 3 bytes)
1416          * Binary format specifier (1 byte)
1417          * Filename length (1 byte)
1418          * Filename ("_CONSOLE") (8 bytes)
1419          * Modification date (4 bytes)
1420          * Literal data (arbitrary)
1421          *
1422          * We need at least 16 bytes of data for the packet to even be
1423          * valid.
1424          */
1425         if (max_packet_size < 16) {
1426                 printk(KERN_ERR "Maximum packet size too small\n");
1427                 rc = -EINVAL;
1428                 goto out;
1429         }
1430         if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) {
1431                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1432                 rc = -EINVAL;
1433                 goto out;
1434         }
1435         rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size,
1436                                           &length_size);
1437         if (rc) {
1438                 printk(KERN_WARNING "Invalid tag 11 packet format\n");
1439                 goto out;
1440         }
1441         if (body_size < 14) {
1442                 printk(KERN_WARNING "Invalid body size ([%td])\n", body_size);
1443                 rc = -EINVAL;
1444                 goto out;
1445         }
1446         (*packet_size) += length_size;
1447         (*tag_11_contents_size) = (body_size - 14);
1448         if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) {
1449                 printk(KERN_ERR "Packet size exceeds max\n");
1450                 rc = -EINVAL;
1451                 goto out;
1452         }
1453         if (data[(*packet_size)++] != 0x62) {
1454                 printk(KERN_WARNING "Unrecognizable packet\n");
1455                 rc = -EINVAL;
1456                 goto out;
1457         }
1458         if (data[(*packet_size)++] != 0x08) {
1459                 printk(KERN_WARNING "Unrecognizable packet\n");
1460                 rc = -EINVAL;
1461                 goto out;
1462         }
1463         (*packet_size) += 12; /* Ignore filename and modification date */
1464         memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size));
1465         (*packet_size) += (*tag_11_contents_size);
1466 out:
1467         if (rc) {
1468                 (*packet_size) = 0;
1469                 (*tag_11_contents_size) = 0;
1470         }
1471         return rc;
1472 }
1473
1474 /**
1475  * ecryptfs_verify_version
1476  * @version: The version number to confirm
1477  *
1478  * Returns zero on good version; non-zero otherwise
1479  */
1480 static int ecryptfs_verify_version(u16 version)
1481 {
1482         int rc = 0;
1483         unsigned char major;
1484         unsigned char minor;
1485
1486         major = ((version >> 8) & 0xFF);
1487         minor = (version & 0xFF);
1488         if (major != ECRYPTFS_VERSION_MAJOR) {
1489                 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1490                                 "Expected [%d]; got [%d]\n",
1491                                 ECRYPTFS_VERSION_MAJOR, major);
1492                 rc = -EINVAL;
1493                 goto out;
1494         }
1495         if (minor != ECRYPTFS_VERSION_MINOR) {
1496                 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1497                                 "Expected [%d]; got [%d]\n",
1498                                 ECRYPTFS_VERSION_MINOR, minor);
1499                 rc = -EINVAL;
1500                 goto out;
1501         }
1502 out:
1503         return rc;
1504 }
1505
1506 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1507                                       struct ecryptfs_auth_tok **auth_tok,
1508                                       char *sig)
1509 {
1510         int rc = 0;
1511
1512         (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1513         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1514                 printk(KERN_ERR "Could not find key with description: [%s]\n",
1515                        sig);
1516                 rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1517                 goto out;
1518         }
1519         (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
1520         if (ecryptfs_verify_version((*auth_tok)->version)) {
1521                 printk(KERN_ERR
1522                        "Data structure version mismatch. "
1523                        "Userspace tools must match eCryptfs "
1524                        "kernel module with major version [%d] "
1525                        "and minor version [%d]\n",
1526                        ECRYPTFS_VERSION_MAJOR,
1527                        ECRYPTFS_VERSION_MINOR);
1528                 rc = -EINVAL;
1529                 goto out;
1530         }
1531         if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1532             && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1533                 printk(KERN_ERR "Invalid auth_tok structure "
1534                        "returned from key query\n");
1535                 rc = -EINVAL;
1536                 goto out;
1537         }
1538 out:
1539         return rc;
1540 }
1541
1542 /**
1543  * decrypt_passphrase_encrypted_session_key - Decrypt the session key with the given auth_tok.
1544  * @auth_tok: The passphrase authentication token to use to encrypt the FEK
1545  * @crypt_stat: The cryptographic context
1546  *
1547  * Returns zero on success; non-zero error otherwise
1548  */
1549 static int
1550 decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1551                                          struct ecryptfs_crypt_stat *crypt_stat)
1552 {
1553         struct scatterlist dst_sg[2];
1554         struct scatterlist src_sg[2];
1555         struct mutex *tfm_mutex;
1556         struct blkcipher_desc desc = {
1557                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
1558         };
1559         int rc = 0;
1560
1561         if (unlikely(ecryptfs_verbosity > 0)) {
1562                 ecryptfs_printk(
1563                         KERN_DEBUG, "Session key encryption key (size [%d]):\n",
1564                         auth_tok->token.password.session_key_encryption_key_bytes);
1565                 ecryptfs_dump_hex(
1566                         auth_tok->token.password.session_key_encryption_key,
1567                         auth_tok->token.password.session_key_encryption_key_bytes);
1568         }
1569         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
1570                                                         crypt_stat->cipher);
1571         if (unlikely(rc)) {
1572                 printk(KERN_ERR "Internal error whilst attempting to get "
1573                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
1574                        crypt_stat->cipher, rc);
1575                 goto out;
1576         }
1577         rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1578                                  auth_tok->session_key.encrypted_key_size,
1579                                  src_sg, 2);
1580         if (rc < 1 || rc > 2) {
1581                 printk(KERN_ERR "Internal error whilst attempting to convert "
1582                         "auth_tok->session_key.encrypted_key to scatterlist; "
1583                         "expected rc = 1; got rc = [%d]. "
1584                        "auth_tok->session_key.encrypted_key_size = [%d]\n", rc,
1585                         auth_tok->session_key.encrypted_key_size);
1586                 goto out;
1587         }
1588         auth_tok->session_key.decrypted_key_size =
1589                 auth_tok->session_key.encrypted_key_size;
1590         rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1591                                  auth_tok->session_key.decrypted_key_size,
1592                                  dst_sg, 2);
1593         if (rc < 1 || rc > 2) {
1594                 printk(KERN_ERR "Internal error whilst attempting to convert "
1595                         "auth_tok->session_key.decrypted_key to scatterlist; "
1596                         "expected rc = 1; got rc = [%d]\n", rc);
1597                 goto out;
1598         }
1599         mutex_lock(tfm_mutex);
1600         rc = crypto_blkcipher_setkey(
1601                 desc.tfm, auth_tok->token.password.session_key_encryption_key,
1602                 crypt_stat->key_size);
1603         if (unlikely(rc < 0)) {
1604                 mutex_unlock(tfm_mutex);
1605                 printk(KERN_ERR "Error setting key for crypto context\n");
1606                 rc = -EINVAL;
1607                 goto out;
1608         }
1609         rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1610                                       auth_tok->session_key.encrypted_key_size);
1611         mutex_unlock(tfm_mutex);
1612         if (unlikely(rc)) {
1613                 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
1614                 goto out;
1615         }
1616         auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1617         memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1618                auth_tok->session_key.decrypted_key_size);
1619         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1620         if (unlikely(ecryptfs_verbosity > 0)) {
1621                 ecryptfs_printk(KERN_DEBUG, "FEK of size [%d]:\n",
1622                                 crypt_stat->key_size);
1623                 ecryptfs_dump_hex(crypt_stat->key,
1624                                   crypt_stat->key_size);
1625         }
1626 out:
1627         return rc;
1628 }
1629
1630 /**
1631  * ecryptfs_parse_packet_set
1632  * @crypt_stat: The cryptographic context
1633  * @src: Virtual address of region of memory containing the packets
1634  * @ecryptfs_dentry: The eCryptfs dentry associated with the packet set
1635  *
1636  * Get crypt_stat to have the file's session key if the requisite key
1637  * is available to decrypt the session key.
1638  *
1639  * Returns Zero if a valid authentication token was retrieved and
1640  * processed; negative value for file not encrypted or for error
1641  * conditions.
1642  */
1643 int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1644                               unsigned char *src,
1645                               struct dentry *ecryptfs_dentry)
1646 {
1647         size_t i = 0;
1648         size_t found_auth_tok;
1649         size_t next_packet_is_auth_tok_packet;
1650         struct list_head auth_tok_list;
1651         struct ecryptfs_auth_tok *matching_auth_tok;
1652         struct ecryptfs_auth_tok *candidate_auth_tok;
1653         char *candidate_auth_tok_sig;
1654         size_t packet_size;
1655         struct ecryptfs_auth_tok *new_auth_tok;
1656         unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
1657         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1658         size_t tag_11_contents_size;
1659         size_t tag_11_packet_size;
1660         int rc = 0;
1661
1662         INIT_LIST_HEAD(&auth_tok_list);
1663         /* Parse the header to find as many packets as we can; these will be
1664          * added the our &auth_tok_list */
1665         next_packet_is_auth_tok_packet = 1;
1666         while (next_packet_is_auth_tok_packet) {
1667                 size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i);
1668
1669                 switch (src[i]) {
1670                 case ECRYPTFS_TAG_3_PACKET_TYPE:
1671                         rc = parse_tag_3_packet(crypt_stat,
1672                                                 (unsigned char *)&src[i],
1673                                                 &auth_tok_list, &new_auth_tok,
1674                                                 &packet_size, max_packet_size);
1675                         if (rc) {
1676                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1677                                                 "tag 3 packet\n");
1678                                 rc = -EIO;
1679                                 goto out_wipe_list;
1680                         }
1681                         i += packet_size;
1682                         rc = parse_tag_11_packet((unsigned char *)&src[i],
1683                                                  sig_tmp_space,
1684                                                  ECRYPTFS_SIG_SIZE,
1685                                                  &tag_11_contents_size,
1686                                                  &tag_11_packet_size,
1687                                                  max_packet_size);
1688                         if (rc) {
1689                                 ecryptfs_printk(KERN_ERR, "No valid "
1690                                                 "(ecryptfs-specific) literal "
1691                                                 "packet containing "
1692                                                 "authentication token "
1693                                                 "signature found after "
1694                                                 "tag 3 packet\n");
1695                                 rc = -EIO;
1696                                 goto out_wipe_list;
1697                         }
1698                         i += tag_11_packet_size;
1699                         if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1700                                 ecryptfs_printk(KERN_ERR, "Expected "
1701                                                 "signature of size [%d]; "
1702                                                 "read size [%d]\n",
1703                                                 ECRYPTFS_SIG_SIZE,
1704                                                 tag_11_contents_size);
1705                                 rc = -EIO;
1706                                 goto out_wipe_list;
1707                         }
1708                         ecryptfs_to_hex(new_auth_tok->token.password.signature,
1709                                         sig_tmp_space, tag_11_contents_size);
1710                         new_auth_tok->token.password.signature[
1711                                 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1712                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1713                         break;
1714                 case ECRYPTFS_TAG_1_PACKET_TYPE:
1715                         rc = parse_tag_1_packet(crypt_stat,
1716                                                 (unsigned char *)&src[i],
1717                                                 &auth_tok_list, &new_auth_tok,
1718                                                 &packet_size, max_packet_size);
1719                         if (rc) {
1720                                 ecryptfs_printk(KERN_ERR, "Error parsing "
1721                                                 "tag 1 packet\n");
1722                                 rc = -EIO;
1723                                 goto out_wipe_list;
1724                         }
1725                         i += packet_size;
1726                         crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1727                         break;
1728                 case ECRYPTFS_TAG_11_PACKET_TYPE:
1729                         ecryptfs_printk(KERN_WARNING, "Invalid packet set "
1730                                         "(Tag 11 not allowed by itself)\n");
1731                         rc = -EIO;
1732                         goto out_wipe_list;
1733                         break;
1734                 default:
1735                         ecryptfs_printk(KERN_DEBUG, "No packet at offset "
1736                                         "[%d] of the file header; hex value of "
1737                                         "character is [0x%.2x]\n", i, src[i]);
1738                         next_packet_is_auth_tok_packet = 0;
1739                 }
1740         }
1741         if (list_empty(&auth_tok_list)) {
1742                 printk(KERN_ERR "The lower file appears to be a non-encrypted "
1743                        "eCryptfs file; this is not supported in this version "
1744                        "of the eCryptfs kernel module\n");
1745                 rc = -EINVAL;
1746                 goto out;
1747         }
1748         /* auth_tok_list contains the set of authentication tokens
1749          * parsed from the metadata. We need to find a matching
1750          * authentication token that has the secret component(s)
1751          * necessary to decrypt the EFEK in the auth_tok parsed from
1752          * the metadata. There may be several potential matches, but
1753          * just one will be sufficient to decrypt to get the FEK. */
1754 find_next_matching_auth_tok:
1755         found_auth_tok = 0;
1756         list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1757                 candidate_auth_tok = &auth_tok_list_item->auth_tok;
1758                 if (unlikely(ecryptfs_verbosity > 0)) {
1759                         ecryptfs_printk(KERN_DEBUG,
1760                                         "Considering cadidate auth tok:\n");
1761                         ecryptfs_dump_auth_tok(candidate_auth_tok);
1762                 }
1763                 rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig,
1764                                                candidate_auth_tok);
1765                 if (rc) {
1766                         printk(KERN_ERR
1767                                "Unrecognized candidate auth tok type: [%d]\n",
1768                                candidate_auth_tok->token_type);
1769                         rc = -EINVAL;
1770                         goto out_wipe_list;
1771                 }
1772                 ecryptfs_find_auth_tok_for_sig(&matching_auth_tok,
1773                                                crypt_stat->mount_crypt_stat,
1774                                                candidate_auth_tok_sig);
1775                 if (matching_auth_tok) {
1776                         found_auth_tok = 1;
1777                         goto found_matching_auth_tok;
1778                 }
1779         }
1780         if (!found_auth_tok) {
1781                 ecryptfs_printk(KERN_ERR, "Could not find a usable "
1782                                 "authentication token\n");
1783                 rc = -EIO;
1784                 goto out_wipe_list;
1785         }
1786 found_matching_auth_tok:
1787         if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1788                 memcpy(&(candidate_auth_tok->token.private_key),
1789                        &(matching_auth_tok->token.private_key),
1790                        sizeof(struct ecryptfs_private_key));
1791                 rc = decrypt_pki_encrypted_session_key(candidate_auth_tok,
1792                                                        crypt_stat);
1793         } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) {
1794                 memcpy(&(candidate_auth_tok->token.password),
1795                        &(matching_auth_tok->token.password),
1796                        sizeof(struct ecryptfs_password));
1797                 rc = decrypt_passphrase_encrypted_session_key(
1798                         candidate_auth_tok, crypt_stat);
1799         }
1800         if (rc) {
1801                 struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp;
1802
1803                 ecryptfs_printk(KERN_WARNING, "Error decrypting the "
1804                                 "session key for authentication token with sig "
1805                                 "[%.*s]; rc = [%d]. Removing auth tok "
1806                                 "candidate from the list and searching for "
1807                                 "the next match.\n", candidate_auth_tok_sig,
1808                                 ECRYPTFS_SIG_SIZE_HEX, rc);
1809                 list_for_each_entry_safe(auth_tok_list_item,
1810                                          auth_tok_list_item_tmp,
1811                                          &auth_tok_list, list) {
1812                         if (candidate_auth_tok
1813                             == &auth_tok_list_item->auth_tok) {
1814                                 list_del(&auth_tok_list_item->list);
1815                                 kmem_cache_free(
1816                                         ecryptfs_auth_tok_list_item_cache,
1817                                         auth_tok_list_item);
1818                                 goto find_next_matching_auth_tok;
1819                         }
1820                 }
1821                 BUG();
1822         }
1823         rc = ecryptfs_compute_root_iv(crypt_stat);
1824         if (rc) {
1825                 ecryptfs_printk(KERN_ERR, "Error computing "
1826                                 "the root IV\n");
1827                 goto out_wipe_list;
1828         }
1829         rc = ecryptfs_init_crypt_ctx(crypt_stat);
1830         if (rc) {
1831                 ecryptfs_printk(KERN_ERR, "Error initializing crypto "
1832                                 "context for cipher [%s]; rc = [%d]\n",
1833                                 crypt_stat->cipher, rc);
1834         }
1835 out_wipe_list:
1836         wipe_auth_tok_list(&auth_tok_list);
1837 out:
1838         return rc;
1839 }
1840
1841 static int
1842 pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1843                         struct ecryptfs_crypt_stat *crypt_stat,
1844                         struct ecryptfs_key_record *key_rec)
1845 {
1846         struct ecryptfs_msg_ctx *msg_ctx = NULL;
1847         char *payload = NULL;
1848         size_t payload_len;
1849         struct ecryptfs_message *msg;
1850         int rc;
1851
1852         rc = write_tag_66_packet(auth_tok->token.private_key.signature,
1853                                  ecryptfs_code_for_cipher_string(
1854                                          crypt_stat->cipher,
1855                                          crypt_stat->key_size),
1856                                  crypt_stat, &payload, &payload_len);
1857         if (rc) {
1858                 ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
1859                 goto out;
1860         }
1861         rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1862         if (rc) {
1863                 ecryptfs_printk(KERN_ERR, "Error sending message to "
1864                                 "ecryptfsd\n");
1865                 goto out;
1866         }
1867         rc = ecryptfs_wait_for_response(msg_ctx, &msg);
1868         if (rc) {
1869                 ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
1870                                 "from the user space daemon\n");
1871                 rc = -EIO;
1872                 goto out;
1873         }
1874         rc = parse_tag_67_packet(key_rec, msg);
1875         if (rc)
1876                 ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
1877         kfree(msg);
1878 out:
1879         kfree(payload);
1880         return rc;
1881 }
1882 /**
1883  * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
1884  * @dest: Buffer into which to write the packet
1885  * @remaining_bytes: Maximum number of bytes that can be writtn
1886  * @auth_tok: The authentication token used for generating the tag 1 packet
1887  * @crypt_stat: The cryptographic context
1888  * @key_rec: The key record struct for the tag 1 packet
1889  * @packet_size: This function will write the number of bytes that end
1890  *               up constituting the packet; set to zero on error
1891  *
1892  * Returns zero on success; non-zero on error.
1893  */
1894 static int
1895 write_tag_1_packet(char *dest, size_t *remaining_bytes,
1896                    struct ecryptfs_auth_tok *auth_tok,
1897                    struct ecryptfs_crypt_stat *crypt_stat,
1898                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
1899 {
1900         size_t i;
1901         size_t encrypted_session_key_valid = 0;
1902         size_t packet_size_length;
1903         size_t max_packet_size;
1904         int rc = 0;
1905
1906         (*packet_size) = 0;
1907         ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
1908                           ECRYPTFS_SIG_SIZE);
1909         encrypted_session_key_valid = 0;
1910         for (i = 0; i < crypt_stat->key_size; i++)
1911                 encrypted_session_key_valid |=
1912                         auth_tok->session_key.encrypted_key[i];
1913         if (encrypted_session_key_valid) {
1914                 memcpy(key_rec->enc_key,
1915                        auth_tok->session_key.encrypted_key,
1916                        auth_tok->session_key.encrypted_key_size);
1917                 goto encrypted_session_key_set;
1918         }
1919         if (auth_tok->session_key.encrypted_key_size == 0)
1920                 auth_tok->session_key.encrypted_key_size =
1921                         auth_tok->token.private_key.key_size;
1922         rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
1923         if (rc) {
1924                 printk(KERN_ERR "Failed to encrypt session key via a key "
1925                        "module; rc = [%d]\n", rc);
1926                 goto out;
1927         }
1928         if (ecryptfs_verbosity > 0) {
1929                 ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
1930                 ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
1931         }
1932 encrypted_session_key_set:
1933         /* This format is inspired by OpenPGP; see RFC 2440
1934          * packet tag 1 */
1935         max_packet_size = (1                         /* Tag 1 identifier */
1936                            + 3                       /* Max Tag 1 packet size */
1937                            + 1                       /* Version */
1938                            + ECRYPTFS_SIG_SIZE       /* Key identifier */
1939                            + 1                       /* Cipher identifier */
1940                            + key_rec->enc_key_size); /* Encrypted key size */
1941         if (max_packet_size > (*remaining_bytes)) {
1942                 printk(KERN_ERR "Packet length larger than maximum allowable; "
1943                        "need up to [%td] bytes, but there are only [%td] "
1944                        "available\n", max_packet_size, (*remaining_bytes));
1945                 rc = -EINVAL;
1946                 goto out;
1947         }
1948         dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
1949         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
1950                                           (max_packet_size - 4),
1951                                           &packet_size_length);
1952         if (rc) {
1953                 ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
1954                                 "header; cannot generate packet length\n");
1955                 goto out;
1956         }
1957         (*packet_size) += packet_size_length;
1958         dest[(*packet_size)++] = 0x03; /* version 3 */
1959         memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
1960         (*packet_size) += ECRYPTFS_SIG_SIZE;
1961         dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
1962         memcpy(&dest[(*packet_size)], key_rec->enc_key,
1963                key_rec->enc_key_size);
1964         (*packet_size) += key_rec->enc_key_size;
1965 out:
1966         if (rc)
1967                 (*packet_size) = 0;
1968         else
1969                 (*remaining_bytes) -= (*packet_size);
1970         return rc;
1971 }
1972
1973 /**
1974  * write_tag_11_packet
1975  * @dest: Target into which Tag 11 packet is to be written
1976  * @remaining_bytes: Maximum packet length
1977  * @contents: Byte array of contents to copy in
1978  * @contents_length: Number of bytes in contents
1979  * @packet_length: Length of the Tag 11 packet written; zero on error
1980  *
1981  * Returns zero on success; non-zero on error.
1982  */
1983 static int
1984 write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents,
1985                     size_t contents_length, size_t *packet_length)
1986 {
1987         size_t packet_size_length;
1988         size_t max_packet_size;
1989         int rc = 0;
1990
1991         (*packet_length) = 0;
1992         /* This format is inspired by OpenPGP; see RFC 2440
1993          * packet tag 11 */
1994         max_packet_size = (1                   /* Tag 11 identifier */
1995                            + 3                 /* Max Tag 11 packet size */
1996                            + 1                 /* Binary format specifier */
1997                            + 1                 /* Filename length */
1998                            + 8                 /* Filename ("_CONSOLE") */
1999                            + 4                 /* Modification date */
2000                            + contents_length); /* Literal data */
2001         if (max_packet_size > (*remaining_bytes)) {
2002                 printk(KERN_ERR "Packet length larger than maximum allowable; "
2003                        "need up to [%td] bytes, but there are only [%td] "
2004                        "available\n", max_packet_size, (*remaining_bytes));
2005                 rc = -EINVAL;
2006                 goto out;
2007         }
2008         dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
2009         rc = ecryptfs_write_packet_length(&dest[(*packet_length)],
2010                                           (max_packet_size - 4),
2011                                           &packet_size_length);
2012         if (rc) {
2013                 printk(KERN_ERR "Error generating tag 11 packet header; cannot "
2014                        "generate packet length. rc = [%d]\n", rc);
2015                 goto out;
2016         }
2017         (*packet_length) += packet_size_length;
2018         dest[(*packet_length)++] = 0x62; /* binary data format specifier */
2019         dest[(*packet_length)++] = 8;
2020         memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
2021         (*packet_length) += 8;
2022         memset(&dest[(*packet_length)], 0x00, 4);
2023         (*packet_length) += 4;
2024         memcpy(&dest[(*packet_length)], contents, contents_length);
2025         (*packet_length) += contents_length;
2026  out:
2027         if (rc)
2028                 (*packet_length) = 0;
2029         else
2030                 (*remaining_bytes) -= (*packet_length);
2031         return rc;
2032 }
2033
2034 /**
2035  * write_tag_3_packet
2036  * @dest: Buffer into which to write the packet
2037  * @remaining_bytes: Maximum number of bytes that can be written
2038  * @auth_tok: Authentication token
2039  * @crypt_stat: The cryptographic context
2040  * @key_rec: encrypted key
2041  * @packet_size: This function will write the number of bytes that end
2042  *               up constituting the packet; set to zero on error
2043  *
2044  * Returns zero on success; non-zero on error.
2045  */
2046 static int
2047 write_tag_3_packet(char *dest, size_t *remaining_bytes,
2048                    struct ecryptfs_auth_tok *auth_tok,
2049                    struct ecryptfs_crypt_stat *crypt_stat,
2050                    struct ecryptfs_key_record *key_rec, size_t *packet_size)
2051 {
2052         size_t i;
2053         size_t encrypted_session_key_valid = 0;
2054         char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
2055         struct scatterlist dst_sg[2];
2056         struct scatterlist src_sg[2];
2057         struct mutex *tfm_mutex = NULL;
2058         u8 cipher_code;
2059         size_t packet_size_length;
2060         size_t max_packet_size;
2061         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2062                 crypt_stat->mount_crypt_stat;
2063         struct blkcipher_desc desc = {
2064                 .tfm = NULL,
2065                 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
2066         };
2067         int rc = 0;
2068
2069         (*packet_size) = 0;
2070         ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
2071                           ECRYPTFS_SIG_SIZE);
2072         rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex,
2073                                                         crypt_stat->cipher);
2074         if (unlikely(rc)) {
2075                 printk(KERN_ERR "Internal error whilst attempting to get "
2076                        "tfm and mutex for cipher name [%s]; rc = [%d]\n",
2077                        crypt_stat->cipher, rc);
2078                 goto out;
2079         }
2080         if (mount_crypt_stat->global_default_cipher_key_size == 0) {
2081                 struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm);
2082
2083                 printk(KERN_WARNING "No key size specified at mount; "
2084                        "defaulting to [%d]\n", alg->max_keysize);
2085                 mount_crypt_stat->global_default_cipher_key_size =
2086                         alg->max_keysize;
2087         }
2088         if (crypt_stat->key_size == 0)
2089                 crypt_stat->key_size =
2090                         mount_crypt_stat->global_default_cipher_key_size;
2091         if (auth_tok->session_key.encrypted_key_size == 0)
2092                 auth_tok->session_key.encrypted_key_size =
2093                         crypt_stat->key_size;
2094         if (crypt_stat->key_size == 24
2095             && strcmp("aes", crypt_stat->cipher) == 0) {
2096                 memset((crypt_stat->key + 24), 0, 8);
2097                 auth_tok->session_key.encrypted_key_size = 32;
2098         } else
2099                 auth_tok->session_key.encrypted_key_size = crypt_stat->key_size;
2100         key_rec->enc_key_size =
2101                 auth_tok->session_key.encrypted_key_size;
2102         encrypted_session_key_valid = 0;
2103         for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++)
2104                 encrypted_session_key_valid |=
2105                         auth_tok->session_key.encrypted_key[i];
2106         if (encrypted_session_key_valid) {
2107                 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2108                                 "using auth_tok->session_key.encrypted_key, "
2109                                 "where key_rec->enc_key_size = [%d]\n",
2110                                 key_rec->enc_key_size);
2111                 memcpy(key_rec->enc_key,
2112                        auth_tok->session_key.encrypted_key,
2113                        key_rec->enc_key_size);
2114                 goto encrypted_session_key_set;
2115         }
2116         if (auth_tok->token.password.flags &
2117             ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
2118                 ecryptfs_printk(KERN_DEBUG, "Using previously generated "
2119                                 "session key encryption key of size [%d]\n",
2120                                 auth_tok->token.password.
2121                                 session_key_encryption_key_bytes);
2122                 memcpy(session_key_encryption_key,
2123                        auth_tok->token.password.session_key_encryption_key,
2124                        crypt_stat->key_size);
2125                 ecryptfs_printk(KERN_DEBUG,
2126                                 "Cached session key " "encryption key: \n");
2127                 if (ecryptfs_verbosity > 0)
2128                         ecryptfs_dump_hex(session_key_encryption_key, 16);
2129         }
2130         if (unlikely(ecryptfs_verbosity > 0)) {
2131                 ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n");
2132                 ecryptfs_dump_hex(session_key_encryption_key, 16);
2133         }
2134         rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
2135                                  src_sg, 2);
2136         if (rc < 1 || rc > 2) {
2137                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2138                                 "for crypt_stat session key; expected rc = 1; "
2139                                 "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
2140                                 rc, key_rec->enc_key_size);
2141                 rc = -ENOMEM;
2142                 goto out;
2143         }
2144         rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
2145                                  dst_sg, 2);
2146         if (rc < 1 || rc > 2) {
2147                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2148                                 "for crypt_stat encrypted session key; "
2149                                 "expected rc = 1; got rc = [%d]. "
2150                                 "key_rec->enc_key_size = [%d]\n", rc,
2151                                 key_rec->enc_key_size);
2152                 rc = -ENOMEM;
2153                 goto out;
2154         }
2155         mutex_lock(tfm_mutex);
2156         rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
2157                                      crypt_stat->key_size);
2158         if (rc < 0) {
2159                 mutex_unlock(tfm_mutex);
2160                 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
2161                                 "context; rc = [%d]\n", rc);
2162                 goto out;
2163         }
2164         rc = 0;
2165         ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
2166                         crypt_stat->key_size);
2167         rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2168                                       (*key_rec).enc_key_size);
2169         mutex_unlock(tfm_mutex);
2170         if (rc) {
2171                 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
2172                 goto out;
2173         }
2174         ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2175         if (ecryptfs_verbosity > 0) {
2176                 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%d]:\n",
2177                                 key_rec->enc_key_size);
2178                 ecryptfs_dump_hex(key_rec->enc_key,
2179                                   key_rec->enc_key_size);
2180         }
2181 encrypted_session_key_set:
2182         /* This format is inspired by OpenPGP; see RFC 2440
2183          * packet tag 3 */
2184         max_packet_size = (1                         /* Tag 3 identifier */
2185                            + 3                       /* Max Tag 3 packet size */
2186                            + 1                       /* Version */
2187                            + 1                       /* Cipher code */
2188                            + 1                       /* S2K specifier */
2189                            + 1                       /* Hash identifier */
2190                            + ECRYPTFS_SALT_SIZE      /* Salt */
2191                            + 1                       /* Hash iterations */
2192                            + key_rec->enc_key_size); /* Encrypted key size */
2193         if (max_packet_size > (*remaining_bytes)) {
2194                 printk(KERN_ERR "Packet too large; need up to [%td] bytes, but "
2195                        "there are only [%td] available\n", max_packet_size,
2196                        (*remaining_bytes));
2197                 rc = -EINVAL;
2198                 goto out;
2199         }
2200         dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE;
2201         /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3)
2202          * to get the number of octets in the actual Tag 3 packet */
2203         rc = ecryptfs_write_packet_length(&dest[(*packet_size)],
2204                                           (max_packet_size - 4),
2205                                           &packet_size_length);
2206         if (rc) {
2207                 printk(KERN_ERR "Error generating tag 3 packet header; cannot "
2208                        "generate packet length. rc = [%d]\n", rc);
2209                 goto out;
2210         }
2211         (*packet_size) += packet_size_length;
2212         dest[(*packet_size)++] = 0x04; /* version 4 */
2213         /* TODO: Break from RFC2440 so that arbitrary ciphers can be
2214          * specified with strings */
2215         cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher,
2216                                                       crypt_stat->key_size);
2217         if (cipher_code == 0) {
2218                 ecryptfs_printk(KERN_WARNING, "Unable to generate code for "
2219                                 "cipher [%s]\n", crypt_stat->cipher);
2220                 rc = -EINVAL;
2221                 goto out;
2222         }
2223         dest[(*packet_size)++] = cipher_code;
2224         dest[(*packet_size)++] = 0x03;  /* S2K */
2225         dest[(*packet_size)++] = 0x01;  /* MD5 (TODO: parameterize) */
2226         memcpy(&dest[(*packet_size)], auth_tok->token.password.salt,
2227                ECRYPTFS_SALT_SIZE);
2228         (*packet_size) += ECRYPTFS_SALT_SIZE;   /* salt */
2229         dest[(*packet_size)++] = 0x60;  /* hash iterations (65536) */
2230         memcpy(&dest[(*packet_size)], key_rec->enc_key,
2231                key_rec->enc_key_size);
2232         (*packet_size) += key_rec->enc_key_size;
2233 out:
2234         if (rc)
2235                 (*packet_size) = 0;
2236         else
2237                 (*remaining_bytes) -= (*packet_size);
2238         return rc;
2239 }
2240
2241 struct kmem_cache *ecryptfs_key_record_cache;
2242
2243 /**
2244  * ecryptfs_generate_key_packet_set
2245  * @dest_base: Virtual address from which to write the key record set
2246  * @crypt_stat: The cryptographic context from which the
2247  *              authentication tokens will be retrieved
2248  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
2249  *                   for the global parameters
2250  * @len: The amount written
2251  * @max: The maximum amount of data allowed to be written
2252  *
2253  * Generates a key packet set and writes it to the virtual address
2254  * passed in.
2255  *
2256  * Returns zero on success; non-zero on error.
2257  */
2258 int
2259 ecryptfs_generate_key_packet_set(char *dest_base,
2260                                  struct ecryptfs_crypt_stat *crypt_stat,
2261                                  struct dentry *ecryptfs_dentry, size_t *len,
2262                                  size_t max)
2263 {
2264         struct ecryptfs_auth_tok *auth_tok;
2265         struct ecryptfs_global_auth_tok *global_auth_tok;
2266         struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2267                 &ecryptfs_superblock_to_private(
2268                         ecryptfs_dentry->d_sb)->mount_crypt_stat;
2269         size_t written;
2270         struct ecryptfs_key_record *key_rec;
2271         struct ecryptfs_key_sig *key_sig;
2272         int rc = 0;
2273
2274         (*len) = 0;
2275         mutex_lock(&crypt_stat->keysig_list_mutex);
2276         key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
2277         if (!key_rec) {
2278                 rc = -ENOMEM;
2279                 goto out;
2280         }
2281         list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2282                             crypt_stat_list) {
2283                 memset(key_rec, 0, sizeof(*key_rec));
2284                 rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
2285                                                            mount_crypt_stat,
2286                                                            key_sig->keysig);
2287                 if (rc) {
2288                         printk(KERN_ERR "Error attempting to get the global "
2289                                "auth_tok; rc = [%d]\n", rc);
2290                         goto out_free;
2291                 }
2292                 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2293                         printk(KERN_WARNING
2294                                "Skipping invalid auth tok with sig = [%s]\n",
2295                                global_auth_tok->sig);
2296                         continue;
2297                 }
2298                 auth_tok = global_auth_tok->global_auth_tok;
2299                 if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2300                         rc = write_tag_3_packet((dest_base + (*len)),
2301                                                 &max, auth_tok,
2302                                                 crypt_stat, key_rec,
2303                                                 &written);
2304                         if (rc) {
2305                                 ecryptfs_printk(KERN_WARNING, "Error "
2306                                                 "writing tag 3 packet\n");
2307                                 goto out_free;
2308                         }
2309                         (*len) += written;
2310                         /* Write auth tok signature packet */
2311                         rc = write_tag_11_packet((dest_base + (*len)), &max,
2312                                                  key_rec->sig,
2313                                                  ECRYPTFS_SIG_SIZE, &written);
2314                         if (rc) {
2315                                 ecryptfs_printk(KERN_ERR, "Error writing "
2316                                                 "auth tok signature packet\n");
2317                                 goto out_free;
2318                         }
2319                         (*len) += written;
2320                 } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
2321                         rc = write_tag_1_packet(dest_base + (*len),
2322                                                 &max, auth_tok,
2323                                                 crypt_stat, key_rec, &written);
2324                         if (rc) {
2325                                 ecryptfs_printk(KERN_WARNING, "Error "
2326                                                 "writing tag 1 packet\n");
2327                                 goto out_free;
2328                         }
2329                         (*len) += written;
2330                 } else {
2331                         ecryptfs_printk(KERN_WARNING, "Unsupported "
2332                                         "authentication token type\n");
2333                         rc = -EINVAL;
2334                         goto out_free;
2335                 }
2336         }
2337         if (likely(max > 0)) {
2338                 dest_base[(*len)] = 0x00;
2339         } else {
2340                 ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
2341                 rc = -EIO;
2342         }
2343 out_free:
2344         kmem_cache_free(ecryptfs_key_record_cache, key_rec);
2345 out:
2346         if (rc)
2347                 (*len) = 0;
2348         mutex_unlock(&crypt_stat->keysig_list_mutex);
2349         return rc;
2350 }
2351
2352 struct kmem_cache *ecryptfs_key_sig_cache;
2353
2354 int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2355 {
2356         struct ecryptfs_key_sig *new_key_sig;
2357         int rc = 0;
2358
2359         new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
2360         if (!new_key_sig) {
2361                 rc = -ENOMEM;
2362                 printk(KERN_ERR
2363                        "Error allocating from ecryptfs_key_sig_cache\n");
2364                 goto out;
2365         }
2366         memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2367         mutex_lock(&crypt_stat->keysig_list_mutex);
2368         list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2369         mutex_unlock(&crypt_stat->keysig_list_mutex);
2370 out:
2371         return rc;
2372 }
2373
2374 struct kmem_cache *ecryptfs_global_auth_tok_cache;
2375
2376 int
2377 ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2378                              char *sig)
2379 {
2380         struct ecryptfs_global_auth_tok *new_auth_tok;
2381         int rc = 0;
2382
2383         new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
2384                                         GFP_KERNEL);
2385         if (!new_auth_tok) {
2386                 rc = -ENOMEM;
2387                 printk(KERN_ERR "Error allocating from "
2388                        "ecryptfs_global_auth_tok_cache\n");
2389                 goto out;
2390         }
2391         memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
2392         new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2393         mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2394         list_add(&new_auth_tok->mount_crypt_stat_list,
2395                  &mount_crypt_stat->global_auth_tok_list);
2396         mount_crypt_stat->num_global_auth_toks++;
2397         mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2398 out:
2399         return rc;
2400 }
2401