This first two patches in this patch set introduce public key support
into the eCryptfs kernel module shipping in 2.6.18-rc4-mm2. The last
two patches clean up the flag manipulation code and resolve a compiler
warning.
The userspace code that supports the public key mode of operation is
available in the file labeled
``ecryptfs-util-2.6.18-rc4-mm2++.tar.bz2'':
http://sourceforge.net/project/showfiles.php?group_id=133988&package_id=149785
Notice that the version numbers are incremented; the userspace tools
must be upgraded when running with this patch set. Follow the file
migration instructions in the NOTES section of
Documentation/ecryptfs.txt.
On open of an existing encrypted file, eCryptfs reads the public key
packet from the file header and sends a decrypt request packet via
netlink to the user's daemon. If the file is being created, eCryptfs
sends an encrypt request. The daemon processes the request through the
pluggable PKI module associated with the public key involved in the
request.
For those who wish to try out eCryptfs on older kernels, we are also
keeping backports of eCryptfs in packages under the ``ecryptfs-full''
release section:
http://sourceforge.net/project/showfiles.php?group_id=133988&package_id=198555
Mike
eCryptfs netlink type, header updates, and messaging code to provide
support for userspace callout to perform public key operations.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/ecryptfs_kernel.h | 106 ++++++++-
fs/ecryptfs/messaging.c | 504 +++++++++++++++++++++++++++++++++++++++++
fs/ecryptfs/netlink.c | 255 +++++++++++++++++++++
include/linux/netlink.h | 1
4 files changed, 861 insertions(+), 5 deletions(-)
create mode 100644 fs/ecryptfs/messaging.c
create mode 100644 fs/ecryptfs/netlink.c
0bda420ed8ff3e263c5410199e39f1a04f169ecc
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 349ce2a..8d4e8ef 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -6,6 +6,8 @@
* Copyright (C) 2001-2003 Stony Brook University
* Copyright (C) 2004-2006 International Business Machines Corp.
* Author(s): Michael A. Halcrow <[email protected]>
+ * Trevor S. Highland <[email protected]>
+ * Tyler Hicks <[email protected]>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -28,12 +30,13 @@ #define ECRYPTFS_KERNEL_H
#include <keys/user-type.h>
#include <linux/fs.h>
+#include <linux/hash.h>
#include <linux/scatterlist.h>
/* Version verification for shared data structures w/ userspace */
#define ECRYPTFS_VERSION_MAJOR 0x00
-#define ECRYPTFS_VERSION_MINOR 0x02
-#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x01
+#define ECRYPTFS_VERSION_MINOR 0x03
+#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x02
#define ECRYPTFS_MAX_PASSWORD_LENGTH 64
#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
@@ -48,10 +51,24 @@ #define ECRYPTFS_PASSWORD_SIG_SIZE ECRYP
#define ECRYPTFS_MAX_KEY_BYTES 64
#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
#define ECRYPTFS_DEFAULT_IV_BYTES 16
-#define ECRYPTFS_FILE_VERSION 0x01
+#define ECRYPTFS_FILE_VERSION 0x02
#define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192
#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
+#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
+#define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
+#define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
+#define ECRYPTFS_NLMSG_HELO 100
+#define ECRYPTFS_NLMSG_QUIT 101
+#define ECRYPTFS_NLMSG_REQUEST 102
+#define ECRYPTFS_NLMSG_RESPONSE 103
+#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
+#define ECRYPTFS_DEFAULT_NUM_USERS 4
+#define ECRYPTFS_MAX_NUM_USERS 32768
+#define ECRYPTFS_TRANSPORT_NETLINK 0
+#define ECRYPTFS_TRANSPORT_CONNECTOR 1
+#define ECRYPTFS_TRANSPORT_RELAYFS 2
+#define ECRYPTFS_DEFAULT_TRANSPORT ECRYPTFS_TRANSPORT_NETLINK
#define RFC2440_CIPHER_DES3_EDE 0x02
#define RFC2440_CIPHER_CAST_5 0x03
@@ -65,6 +82,7 @@ #define RFC2440_CIPHER_CAST_6 0x0b
#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag))
#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag))
#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag))
+#define RFC2440_CIPHER_RSA 0x01
/**
* For convenience, we may need to pass around the encrypted session
@@ -100,6 +118,14 @@ #define ECRYPTFS_SESSION_KEY_ENCRYPTION_
u8 salt[ECRYPTFS_SALT_SIZE];
};
+struct ecryptfs_private_key {
+ u32 key_size;
+ u32 data_len;
+ u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
+ char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
+ u8 data[];
+};
+
/* May be a password or a private key */
struct ecryptfs_auth_tok {
u16 version; /* 8-bit major and 8-bit minor */
@@ -111,11 +137,11 @@ #define ECRYPTFS_EXPIRED 0x0000
uid_t uid;
u64 creation_time;
u64 expiration_time;
+ struct ecryptfs_session_key session_key;
union {
struct ecryptfs_password password;
- /* Private key is in future eCryptfs releases */
+ struct ecryptfs_private_key private_key;
} token;
- struct ecryptfs_session_key session_key;
};
void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
@@ -168,8 +194,13 @@ #define ECRYPTFS_FILE_SIZE_BYTES 8
#define ECRYPTFS_DEFAULT_CIPHER "aes"
#define ECRYPTFS_DEFAULT_KEY_BYTES 16
#define ECRYPTFS_DEFAULT_CHAINING_MODE CRYPTO_TFM_MODE_CBC
+#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
+#define ECRYPTFS_TAG_64_PACKET_TYPE 0x40
+#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
+#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
+#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
#define MD5_DIGEST_SIZE 16
/**
@@ -261,6 +292,45 @@ struct ecryptfs_auth_tok_list_item {
struct ecryptfs_auth_tok auth_tok;
};
+struct ecryptfs_message {
+ u32 index;
+ u32 data_len;
+ u8 data[];
+};
+
+struct ecryptfs_msg_ctx {
+#define ECRYPTFS_MSG_CTX_STATE_FREE 0x0001
+#define ECRYPTFS_MSG_CTX_STATE_PENDING 0x0002
+#define ECRYPTFS_MSG_CTX_STATE_DONE 0x0003
+ u32 state;
+ unsigned int index;
+ unsigned int counter;
+ struct ecryptfs_message *msg;
+ struct task_struct *task;
+ struct list_head node;
+ struct mutex mux;
+};
+
+extern struct list_head ecryptfs_msg_ctx_free_list;
+extern struct list_head ecryptfs_msg_ctx_alloc_list;
+extern struct mutex ecryptfs_msg_ctx_lists_mux;
+
+#define ecryptfs_uid_hash(uid) \
+ hash_long((unsigned long)uid, ecryptfs_hash_buckets)
+extern struct hlist_head *ecryptfs_daemon_id_hash;
+extern struct mutex ecryptfs_daemon_id_hash_mux;
+extern int ecryptfs_hash_buckets;
+
+extern unsigned int ecryptfs_msg_counter;
+extern struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
+extern unsigned int ecryptfs_transport;
+
+struct ecryptfs_daemon_id {
+ pid_t pid;
+ uid_t uid;
+ struct hlist_node id_chain;
+};
+
static inline struct ecryptfs_file_info *
ecryptfs_file_to_private(struct file *file)
{
@@ -389,6 +459,9 @@ extern struct super_operations ecryptfs_
extern struct dentry_operations ecryptfs_dops;
extern struct address_space_operations ecryptfs_aops;
extern int ecryptfs_verbosity;
+extern unsigned int ecryptfs_message_buf_len;
+extern signed long ecryptfs_message_wait_timeout;
+extern unsigned int ecryptfs_number_of_users;
extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
extern struct kmem_cache *ecryptfs_file_info_cache;
@@ -475,4 +548,27 @@ int
ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm,
char *cipher_name, size_t key_size);
+int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid);
+int ecryptfs_process_quit(uid_t uid, pid_t pid);
+int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq);
+int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
+ struct ecryptfs_msg_ctx **msg_ctx);
+int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
+ struct ecryptfs_message **emsg);
+int ecryptfs_init_messaging(unsigned int transport);
+void ecryptfs_release_messaging(unsigned int transport);
+
+int ecryptfs_send_netlink(char *data, int data_len,
+ struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
+ u16 msg_flags, pid_t daemon_pid);
+int ecryptfs_init_netlink(void);
+void ecryptfs_release_netlink(void);
+
+int ecryptfs_send_connector(char *data, int data_len,
+ struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
+ u16 msg_flags, pid_t daemon_pid);
+int ecryptfs_init_connector(void);
+void ecryptfs_release_connector(void);
+
+
#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
new file mode 100644
index 0000000..bc6aaab
--- /dev/null
+++ b/fs/ecryptfs/messaging.c
@@ -0,0 +1,504 @@
+/**
+ * eCryptfs: Linux filesystem encryption layer
+ *
+ * Copyright (C) 2004-2006 International Business Machines Corp.
+ * Author(s): Michael A. Halcrow <[email protected]>
+ * Tyler Hicks <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include "ecryptfs_kernel.h"
+
+LIST_HEAD(ecryptfs_msg_ctx_free_list);
+LIST_HEAD(ecryptfs_msg_ctx_alloc_list);
+struct mutex ecryptfs_msg_ctx_lists_mux;
+
+struct hlist_head *ecryptfs_daemon_id_hash;
+struct mutex ecryptfs_daemon_id_hash_mux;
+int ecryptfs_hash_buckets;
+
+unsigned int ecryptfs_msg_counter;
+struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
+
+/**
+ * ecryptfs_acquire_free_msg_ctx
+ * @msg_ctx: The context that was acquired from the free list
+ *
+ * Acquires a context element from the free list and locks the mutex
+ * on the context. Returns zero on success; non-zero on error or upon
+ * failure to acquire a free context element. Be sure to lock the
+ * list mutex before calling.
+ */
+static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx)
+{
+ struct list_head *p;
+ int rc;
+
+ if (list_empty(&ecryptfs_msg_ctx_free_list)) {
+ ecryptfs_printk(KERN_WARNING, "The eCryptfs free "
+ "context list is empty. It may be helpful to "
+ "specify the ecryptfs_message_buf_len "
+ "parameter to be greater than the current "
+ "value of [%d]\n", ecryptfs_message_buf_len);
+ rc = -ENOMEM;
+ goto out;
+ }
+ list_for_each(p, &ecryptfs_msg_ctx_free_list) {
+ *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node);
+ if (mutex_trylock(&(*msg_ctx)->mux)) {
+ (*msg_ctx)->task = current;
+ rc = 0;
+ goto out;
+ }
+ }
+ rc = -ENOMEM;
+out:
+ return rc;
+}
+
+/**
+ * ecryptfs_msg_ctx_free_to_alloc
+ * @msg_ctx: The context to move from the free list to the alloc list
+ *
+ * Be sure to lock the list mutex and the context mutex before
+ * calling.
+ */
+static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx)
+{
+ list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list);
+ msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING;
+ msg_ctx->counter = ++ecryptfs_msg_counter;
+}
+
+/**
+ * ecryptfs_msg_ctx_alloc_to_free
+ * @msg_ctx: The context to move from the alloc list to the free list
+ *
+ * Be sure to lock the list mutex and the context mutex before
+ * calling.
+ */
+static void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx)
+{
+ list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list);
+ if (msg_ctx->msg)
+ kfree(msg_ctx->msg);
+ msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE;
+}
+
+/**
+ * ecryptfs_find_daemon_id
+ * @uid: The user id which maps to the desired daemon id
+ * @id: If return value is zero, points to the desired daemon id
+ * pointer
+ *
+ * Search the hash list for the given user id. Returns zero if the
+ * user id exists in the list; non-zero otherwise. The daemon id hash
+ * mutex should be held before calling this function.
+ */
+static int ecryptfs_find_daemon_id(uid_t uid, struct ecryptfs_daemon_id **id)
+{
+ struct hlist_node *elem;
+ int rc;
+
+ hlist_for_each_entry(*id, elem,
+ &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)],
+ id_chain) {
+ if ((*id)->uid == uid) {
+ rc = 0;
+ goto out;
+ }
+ }
+ rc = -EINVAL;
+out:
+ return rc;
+}
+
+static int ecryptfs_send_raw_message(unsigned int transport, u16 msg_type,
+ pid_t pid)
+{
+ int rc;
+
+ switch(transport) {
+ case ECRYPTFS_TRANSPORT_NETLINK:
+ rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0, pid);
+ break;
+ case ECRYPTFS_TRANSPORT_CONNECTOR:
+ case ECRYPTFS_TRANSPORT_RELAYFS:
+ default:
+ rc = -ENOSYS;
+ }
+ return rc;
+}
+
+/**
+ * ecryptfs_process_helo
+ * @transport: The underlying transport (netlink, etc.)
+ * @uid: The user ID owner of the message
+ * @pid: The process ID for the userspace program that sent the
+ * message
+ *
+ * Adds the uid and pid values to the daemon id hash. If a uid
+ * already has a daemon pid registered, the daemon will be
+ * unregistered before the new daemon id is put into the hash list.
+ * Returns zero after adding a new daemon id to the hash list;
+ * non-zero otherwise.
+ */
+int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid)
+{
+ struct ecryptfs_daemon_id *new_id;
+ struct ecryptfs_daemon_id *old_id;
+ int rc;
+
+ mutex_lock(&ecryptfs_daemon_id_hash_mux);
+ new_id = kmalloc(sizeof(*new_id), GFP_KERNEL);
+ if (!new_id) {
+ rc = -ENOMEM;
+ ecryptfs_printk(KERN_ERR, "Failed to allocate memory; unable "
+ "to register daemon [%d] for user\n", pid, uid);
+ goto unlock;
+ }
+ if (!ecryptfs_find_daemon_id(uid, &old_id)) {
+ printk(KERN_WARNING "Received request from user [%d] "
+ "to register daemon [%d]; unregistering daemon "
+ "[%d]\n", uid, pid, old_id->pid);
+ hlist_del(&old_id->id_chain);
+ rc = ecryptfs_send_raw_message(transport, ECRYPTFS_NLMSG_QUIT,
+ old_id->pid);
+ if (rc)
+ printk(KERN_WARNING "Failed to send QUIT "
+ "message to daemon [%d]; rc = [%d]\n",
+ old_id->pid, rc);
+ kfree(old_id);
+ }
+ new_id->uid = uid;
+ new_id->pid = pid;
+ hlist_add_head(&new_id->id_chain,
+ &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)]);
+ rc = 0;
+unlock:
+ mutex_unlock(&ecryptfs_daemon_id_hash_mux);
+ return rc;
+}
+
+/**
+ * ecryptfs_process_quit
+ * @uid: The user ID owner of the message
+ * @pid: The process ID for the userspace program that sent the
+ * message
+ *
+ * Deletes the corresponding daemon id for the given uid and pid, if
+ * it is the registered that is requesting the deletion. Returns zero
+ * after deleting the desired daemon id; non-zero otherwise.
+ */
+int ecryptfs_process_quit(uid_t uid, pid_t pid)
+{
+ struct ecryptfs_daemon_id *id;
+ int rc;
+
+ mutex_lock(&ecryptfs_daemon_id_hash_mux);
+ if (ecryptfs_find_daemon_id(uid, &id)) {
+ rc = -EINVAL;
+ ecryptfs_printk(KERN_ERR, "Received request from user [%d] to "
+ "unregister unrecognized daemon [%d]\n", uid,
+ pid);
+ goto unlock;
+ }
+ if (id->pid != pid) {
+ rc = -EINVAL;
+ ecryptfs_printk(KERN_WARNING, "Received request from user [%d] "
+ "with pid [%d] to unregister daemon [%d]\n",
+ uid, pid, id->pid);
+ goto unlock;
+ }
+ hlist_del(&id->id_chain);
+ kfree(id);
+ rc = 0;
+unlock:
+ mutex_unlock(&ecryptfs_daemon_id_hash_mux);
+ return rc;
+}
+
+/**
+ * ecryptfs_process_reponse
+ * @msg: The ecryptfs message received
+ * @pid: The process ID of the userspace application that sent the
+ * message
+ * @seq: The sequence number of the message
+ *
+ * Processes a response message after sending a operation request to
+ * userspace. Returns zero upon delivery to desired context element;
+ * non-zero upon delivery failure or error.
+ */
+int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq)
+{
+ struct ecryptfs_daemon_id *id;
+ struct ecryptfs_msg_ctx *msg_ctx;
+ int msg_size;
+ int rc;
+
+ if (msg->index >= ecryptfs_message_buf_len) {
+ rc = -EINVAL;
+ ecryptfs_printk(KERN_ERR, "Attempt to reference "
+ "context buffer at index [%d]; maximum "
+ "allowable is [%d]\n", msg->index,
+ (ecryptfs_message_buf_len - 1));
+ goto out;
+ }
+ msg_ctx = &ecryptfs_msg_ctx_arr[msg->index];
+ mutex_lock(&msg_ctx->mux);
+ if (ecryptfs_find_daemon_id(msg_ctx->task->euid, &id)) {
+ rc = -EBADMSG;
+ ecryptfs_printk(KERN_WARNING, "User [%d] received a "
+ "message response from process [%d] but does "
+ "not have a registered daemon\n",
+ msg_ctx->task->euid, pid);
+ goto wake_up;
+ }
+ if (id->pid != pid) {
+ rc = -EBADMSG;
+ ecryptfs_printk(KERN_ERR, "User [%d] received a "
+ "message response from an unrecognized "
+ "process [%d]\n", msg_ctx->task->euid, pid);
+ goto unlock;
+ }
+ if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
+ rc = -EINVAL;
+ ecryptfs_printk(KERN_WARNING, "Desired context element is not "
+ "pending a response\n");
+ goto unlock;
+ } else if (msg_ctx->counter != seq) {
+ rc = -EINVAL;
+ ecryptfs_printk(KERN_WARNING, "Invalid message sequence; "
+ "expected [%d]; received [%d]\n",
+ msg_ctx->counter, seq);
+ goto unlock;
+ }
+ msg_size = sizeof(*msg) + msg->data_len;
+ msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL);
+ if (!msg_ctx->msg) {
+ rc = -ENOMEM;
+ ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
+ goto unlock;
+ }
+ memcpy(msg_ctx->msg, msg, msg_size);
+ msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE;
+ rc = 0;
+wake_up:
+ wake_up_process(msg_ctx->task);
+unlock:
+ mutex_unlock(&msg_ctx->mux);
+out:
+ return rc;
+}
+
+/**
+ * ecryptfs_send_message
+ * @transport: The transport over which to send the message (i.e.,
+ * netlink)
+ * @data: The data to send
+ * @data_len: The length of data
+ * @msg_ctx: The message context allocated for the send
+ */
+int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
+ struct ecryptfs_msg_ctx **msg_ctx)
+{
+ struct ecryptfs_daemon_id *id;
+ int rc;
+
+ mutex_lock(&ecryptfs_daemon_id_hash_mux);
+ if (ecryptfs_find_daemon_id(current->euid, &id)) {
+ mutex_unlock(&ecryptfs_daemon_id_hash_mux);
+ rc = -ENOTCONN;
+ ecryptfs_printk(KERN_ERR, "User [%d] does not have a daemon "
+ "registered\n", current->euid);
+ goto out;
+ }
+ mutex_unlock(&ecryptfs_daemon_id_hash_mux);
+ mutex_lock(&ecryptfs_msg_ctx_lists_mux);
+ rc = ecryptfs_acquire_free_msg_ctx(msg_ctx);
+ if (rc) {
+ mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
+ ecryptfs_printk(KERN_WARNING, "Could not claim a free "
+ "context element\n");
+ goto out;
+ }
+ ecryptfs_msg_ctx_free_to_alloc(*msg_ctx);
+ mutex_unlock(&(*msg_ctx)->mux);
+ mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
+ switch (transport) {
+ case ECRYPTFS_TRANSPORT_NETLINK:
+ rc = ecryptfs_send_netlink(data, data_len, *msg_ctx,
+ ECRYPTFS_NLMSG_REQUEST, 0, id->pid);
+ break;
+ case ECRYPTFS_TRANSPORT_CONNECTOR:
+ case ECRYPTFS_TRANSPORT_RELAYFS:
+ default:
+ rc = -ENOSYS;
+ }
+ if (rc) {
+ printk(KERN_ERR "Error attempting to send message to userspace "
+ "daemon; rc = [%d]\n", rc);
+ }
+out:
+ return rc;
+}
+
+/**
+ * ecryptfs_wait_for_response
+ * @msg_ctx: The context that was assigned when sending a message
+ * @msg: The incoming message from userspace; not set if rc != 0
+ *
+ * Sleeps until awaken by ecryptfs_receive_message or until the amount
+ * of time exceeds ecryptfs_message_wait_timeout. If zero is
+ * returned, msg will point to a valid message from userspace; a
+ * non-zero value is returned upon failure to receive a message or an
+ * error occurs.
+ */
+int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
+ struct ecryptfs_message **msg)
+{
+ signed long timeout = ecryptfs_message_wait_timeout * HZ;
+ int rc = 0;
+
+sleep:
+ timeout = schedule_timeout_interruptible(timeout);
+ mutex_lock(&ecryptfs_msg_ctx_lists_mux);
+ mutex_lock(&msg_ctx->mux);
+ if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) {
+ if (timeout) {
+ mutex_unlock(&msg_ctx->mux);
+ mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
+ goto sleep;
+ }
+ rc = -ENOMSG;
+ } else {
+ *msg = msg_ctx->msg;
+ msg_ctx->msg = NULL;
+ }
+ ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
+ mutex_unlock(&msg_ctx->mux);
+ mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
+ return rc;
+}
+
+int ecryptfs_init_messaging(unsigned int transport)
+{
+ int i;
+ int rc = 0;
+
+ if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) {
+ ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS;
+ ecryptfs_printk(KERN_WARNING, "Specified number of users is "
+ "too large, defaulting to [%d] users\n",
+ ecryptfs_number_of_users);
+ }
+ mutex_init(&ecryptfs_daemon_id_hash_mux);
+ mutex_lock(&ecryptfs_daemon_id_hash_mux);
+ ecryptfs_hash_buckets = 0;
+ while (ecryptfs_number_of_users >> ++ecryptfs_hash_buckets);
+ ecryptfs_daemon_id_hash = kmalloc(sizeof(struct hlist_head)
+ * ecryptfs_hash_buckets, GFP_KERNEL);
+ if (!ecryptfs_daemon_id_hash) {
+ rc = -ENOMEM;
+ ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
+ goto out;
+ }
+ for (i = 0; i < ecryptfs_hash_buckets; i++)
+ INIT_HLIST_HEAD(&ecryptfs_daemon_id_hash[i]);
+ mutex_unlock(&ecryptfs_daemon_id_hash_mux);
+
+ ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
+ * ecryptfs_message_buf_len), GFP_KERNEL);
+ if (!ecryptfs_msg_ctx_arr) {
+ rc = -ENOMEM;
+ ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
+ goto out;
+ }
+ mutex_init(&ecryptfs_msg_ctx_lists_mux);
+ mutex_lock(&ecryptfs_msg_ctx_lists_mux);
+ ecryptfs_msg_counter = 0;
+ for (i = 0; i < ecryptfs_message_buf_len; i++) {
+ INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node);
+ mutex_init(&ecryptfs_msg_ctx_arr[i].mux);
+ mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
+ ecryptfs_msg_ctx_arr[i].index = i;
+ ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE;
+ ecryptfs_msg_ctx_arr[i].counter = 0;
+ ecryptfs_msg_ctx_arr[i].task = NULL;
+ ecryptfs_msg_ctx_arr[i].msg = NULL;
+ list_add_tail(&ecryptfs_msg_ctx_arr[i].node,
+ &ecryptfs_msg_ctx_free_list);
+ mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
+ }
+ mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
+ switch(transport) {
+ case ECRYPTFS_TRANSPORT_NETLINK:
+ rc = ecryptfs_init_netlink();
+ if (rc)
+ ecryptfs_release_messaging(transport);
+ break;
+ case ECRYPTFS_TRANSPORT_CONNECTOR:
+ case ECRYPTFS_TRANSPORT_RELAYFS:
+ default:
+ rc = -ENOSYS;
+ }
+out:
+ return rc;
+}
+
+void ecryptfs_release_messaging(unsigned int transport)
+{
+ if (ecryptfs_msg_ctx_arr) {
+ int i;
+
+ mutex_lock(&ecryptfs_msg_ctx_lists_mux);
+ for (i = 0; i < ecryptfs_message_buf_len; i++) {
+ mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
+ if (ecryptfs_msg_ctx_arr[i].msg)
+ kfree(ecryptfs_msg_ctx_arr[i].msg);
+ mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
+ }
+ kfree(ecryptfs_msg_ctx_arr);
+ mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
+ }
+ if (ecryptfs_daemon_id_hash) {
+ struct hlist_node *elem;
+ struct ecryptfs_daemon_id *id;
+ int i;
+
+ mutex_lock(&ecryptfs_daemon_id_hash_mux);
+ for (i = 0; i < ecryptfs_hash_buckets; i++) {
+ hlist_for_each_entry(id, elem,
+ &ecryptfs_daemon_id_hash[i],
+ id_chain) {
+ hlist_del(elem);
+ kfree(id);
+ }
+ }
+ kfree(ecryptfs_daemon_id_hash);
+ mutex_unlock(&ecryptfs_daemon_id_hash_mux);
+ }
+ switch(transport) {
+ case ECRYPTFS_TRANSPORT_NETLINK:
+ ecryptfs_release_netlink();
+ break;
+ case ECRYPTFS_TRANSPORT_CONNECTOR:
+ case ECRYPTFS_TRANSPORT_RELAYFS:
+ default:
+ break;
+ }
+ return;
+}
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c
new file mode 100644
index 0000000..aba061d
--- /dev/null
+++ b/fs/ecryptfs/netlink.c
@@ -0,0 +1,255 @@
+/**
+ * eCryptfs: Linux filesystem encryption layer
+ *
+ * Copyright (C) 2004-2006 International Business Machines Corp.
+ * Author(s): Michael A. Halcrow <[email protected]>
+ * Tyler Hicks <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include <net/sock.h>
+#include <linux/hash.h>
+#include <linux/random.h>
+#include "ecryptfs_kernel.h"
+
+static struct sock *ecryptfs_nl_sock;
+
+/**
+ * ecryptfs_send_netlink
+ * @data: The data to include as the payload
+ * @data_len: The byte count of the data
+ * @msg_ctx: The netlink context that will be used to handle the
+ * response message
+ * @msg_type: The type of netlink message to send
+ * @msg_flags: The flags to include in the netlink header
+ * @daemon_pid: The process id of the daemon to send the message to
+ *
+ * Sends the data to the specified daemon pid and uses the netlink
+ * context element to store the data needed for validation upon
+ * receiving the response. The data and the netlink context can be
+ * null if just sending a netlink header is sufficient. Returns zero
+ * upon sending the message; non-zero upon error.
+ */
+int ecryptfs_send_netlink(char *data, int data_len,
+ struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
+ u16 msg_flags, pid_t daemon_pid)
+{
+ struct sk_buff *skb;
+ struct nlmsghdr *nlh;
+ struct ecryptfs_message *msg;
+ size_t payload_len;
+ int rc;
+
+ payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0);
+ skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL);
+ if (!skb) {
+ rc = -ENOMEM;
+ ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n");
+ goto out;
+ }
+ nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0,
+ msg_type, payload_len);
+ nlh->nlmsg_flags = msg_flags;
+ if (msg_ctx && payload_len) {
+ msg = (struct ecryptfs_message *)NLMSG_DATA(nlh);
+ msg->index = msg_ctx->index;
+ msg->data_len = data_len;
+ memcpy(msg->data, data, data_len);
+ }
+ rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0);
+ if (rc < 0) {
+ ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink "
+ "message; rc = [%d]\n", rc);
+ goto out;
+ }
+ rc = 0;
+ goto out;
+nlmsg_failure:
+ rc = -EMSGSIZE;
+ kfree_skb(skb);
+out:
+ return rc;
+}
+
+/**
+ * ecryptfs_process_nl_reponse
+ * @skb: The socket buffer containing the netlink message of state
+ * RESPONSE
+ *
+ * Processes a response message after sending a operation request to
+ * userspace. Attempts to assign the msg to a netlink context element
+ * at the index specified in the msg. The sk_buff and nlmsghdr must
+ * be validated before this function. Returns zero upon delivery to
+ * desired context element; non-zero upon delivery failure or error.
+ */
+static int ecryptfs_process_nl_response(struct sk_buff *skb)
+{
+ struct nlmsghdr *nlh = (struct nlmsghdr*)skb->data;
+ struct ecryptfs_message *msg = NLMSG_DATA(nlh);
+ int rc;
+
+ if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) {
+ rc = -EINVAL;
+ ecryptfs_printk(KERN_ERR, "Received netlink message with "
+ "incorrectly specified data length\n");
+ goto out;
+ }
+ rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->pid,
+ nlh->nlmsg_seq);
+ if (rc)
+ printk(KERN_ERR
+ "Error processing response message; rc = [%d]\n", rc);
+out:
+ return rc;
+}
+
+/**
+ * ecryptfs_process_nl_helo
+ * @skb: The socket buffer containing the nlmsghdr in HELO state
+ *
+ * Gets uid and pid of the skb and adds the values to the daemon id
+ * hash. Returns zero after adding a new daemon id to the hash list;
+ * non-zero otherwise.
+ */
+static int ecryptfs_process_nl_helo(struct sk_buff *skb)
+{
+ int rc;
+
+ rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK,
+ NETLINK_CREDS(skb)->uid,
+ NETLINK_CREDS(skb)->pid);
+ if (rc)
+ printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
+ return rc;
+}
+
+/**
+ * ecryptfs_process_nl_quit
+ * @skb: The socket buffer containing the nlmsghdr in QUIT state
+ *
+ * Gets uid and pid of the skb and deletes the corresponding daemon
+ * id, if it is the registered that is requesting the
+ * deletion. Returns zero after deleting the desired daemon id;
+ * non-zero otherwise.
+ */
+static int ecryptfs_process_nl_quit(struct sk_buff *skb)
+{
+ int rc;
+
+ rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid,
+ NETLINK_CREDS(skb)->pid);
+ if (rc)
+ printk(KERN_WARNING
+ "Error processing QUIT message; rc = [%d]\n", rc);
+ return rc;
+}
+
+/**
+ * ecryptfs_receive_nl_message
+ *
+ * Callback function called by netlink system when a message arrives.
+ * If the message looks to be valid, then an attempt is made to assign
+ * it to its desired netlink context element and wake up the process
+ * that is waiting for a response.
+ */
+static void ecryptfs_receive_nl_message(struct sock *sk, int len)
+{
+ struct sk_buff *skb;
+ struct nlmsghdr *nlh;
+ int rc = 0; /* skb_recv_datagram requires this */
+
+receive:
+ skb = skb_recv_datagram(sk, 0, 0, &rc);
+ if (rc == -EINTR)
+ goto receive;
+ else if (rc < 0) {
+ ecryptfs_printk(KERN_ERR, "Error occurred while "
+ "receiving eCryptfs netlink message; "
+ "rc = [%d]\n", rc);
+ return;
+ }
+ nlh = (struct nlmsghdr *)skb->data;
+ if (!NLMSG_OK(nlh, skb->len)) {
+ ecryptfs_printk(KERN_ERR, "Received corrupt netlink "
+ "message\n");
+ goto free;
+ }
+ switch (nlh->nlmsg_type) {
+ case ECRYPTFS_NLMSG_RESPONSE:
+ if (ecryptfs_process_nl_response(skb)) {
+ ecryptfs_printk(KERN_WARNING, "Failed to "
+ "deliver netlink response to "
+ "requesting operation\n");
+ }
+ break;
+ case ECRYPTFS_NLMSG_HELO:
+ if (ecryptfs_process_nl_helo(skb)) {
+ ecryptfs_printk(KERN_WARNING, "Failed to "
+ "fulfill HELO request\n");
+ }
+ break;
+ case ECRYPTFS_NLMSG_QUIT:
+ if (ecryptfs_process_nl_quit(skb)) {
+ ecryptfs_printk(KERN_WARNING, "Failed to "
+ "fulfill QUIT request\n");
+ }
+ break;
+ default:
+ ecryptfs_printk(KERN_WARNING, "Dropping netlink "
+ "message of unrecognized type [%d]\n",
+ nlh->nlmsg_type);
+ break;
+ }
+free:
+ kfree_skb(skb);
+}
+
+/**
+ * ecryptfs_init_netlink
+ *
+ * Initializes the daemon id hash list, netlink context array, and
+ * necessary locks. Returns zero upon success; non-zero upon error.
+ */
+int ecryptfs_init_netlink(void)
+{
+ int rc;
+
+ ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0,
+ ecryptfs_receive_nl_message,
+ THIS_MODULE);
+ if (!ecryptfs_nl_sock) {
+ rc = -EIO;
+ ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n");
+ goto out;
+ }
+ ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT;
+ rc = 0;
+out:
+ return rc;
+}
+
+/**
+ * ecryptfs_release_netlink
+ *
+ * Frees all memory used by the netlink context array and releases the
+ * netlink socket.
+ */
+void ecryptfs_release_netlink(void)
+{
+ if (ecryptfs_nl_sock && ecryptfs_nl_sock->sk_socket)
+ sock_release(ecryptfs_nl_sock->sk_socket);
+ ecryptfs_nl_sock = NULL;
+}
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index c9921ee..ab7d452 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -22,6 +22,7 @@ #define NETLINK_DNRTMSG 14 /* DECnet ro
#define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
#define NETLINK_GENERIC 16
#define NETLINK_TGT 17 /* SCSI target */
+#define NETLINK_ECRYPTFS 18
#define MAX_LINKS 32
--
1.3.3
Integrate netlink functions into eCryptfs module. Add functions to
read and write public key packets to the lower file header.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/Makefile | 2
fs/ecryptfs/keystore.c | 794 +++++++++++++++++++++++++++++++++++++++++++-----
fs/ecryptfs/main.c | 49 +++
fs/ecryptfs/mmap.c | 91 ------
4 files changed, 768 insertions(+), 168 deletions(-)
0206ff33477d22761c8d4a542880b581e6a98ca7
diff --git a/fs/ecryptfs/Makefile b/fs/ecryptfs/Makefile
index ca65624..1f11072 100644
--- a/fs/ecryptfs/Makefile
+++ b/fs/ecryptfs/Makefile
@@ -4,4 +4,4 @@ #
obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o
-ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o crypto.o keystore.o debug.o
+ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o crypto.o keystore.o messaging.o netlink.o debug.o
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 35ba927..f171bed 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -7,6 +7,7 @@
* Copyright (C) 2004-2006 International Business Machines Corp.
* Author(s): Michael A. Halcrow <[email protected]>
* Michael C. Thompson <[email protected]>
+ * Trevor S. Highland <[email protected]>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -64,26 +65,6 @@ int process_request_key_err(long err_cod
return rc;
}
-static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
-{
- struct list_head *walker;
- struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
-
- walker = auth_tok_list_head->next;
- while (walker != auth_tok_list_head) {
- auth_tok_list_item =
- list_entry(walker, struct ecryptfs_auth_tok_list_item,
- list);
- walker = auth_tok_list_item->list.next;
- memset(auth_tok_list_item, 0,
- sizeof(struct ecryptfs_auth_tok_list_item));
- kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
- auth_tok_list_item);
- }
-}
-
-struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
-
/**
* parse_packet_length
* @data: Pointer to memory containing length at offset
@@ -102,12 +83,12 @@ static int parse_packet_length(unsigned
(*size) = 0;
if (data[0] < 192) {
/* One-byte length */
- (*size) = data[0];
+ (*size) = (unsigned char)data[0];
(*length_size) = 1;
} else if (data[0] < 224) {
/* Two-byte length */
- (*size) = ((data[0] - 192) * 256);
- (*size) += (data[1] + 192);
+ (*size) = (((unsigned char)(data[0]) - 192) * 256);
+ (*size) += ((unsigned char)(data[1]) + 192);
(*length_size) = 2;
} else if (data[0] == 255) {
/* Five-byte length; we're not supposed to see this */
@@ -154,6 +135,500 @@ static int write_packet_length(char *des
return rc;
}
+static int
+write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key,
+ char **packet, size_t *packet_len)
+{
+ size_t i = 0;
+ size_t data_len;
+ size_t packet_size_len;
+ char *message;
+ int rc;
+
+ /*
+ * ***** TAG 64 Packet Format *****
+ * | Content Type | 1 byte |
+ * | Key Identifier Size | 1 or 2 bytes |
+ * | Key Identifier | arbitrary |
+ * | Encrypted File Encryption Key Size | 1 or 2 bytes |
+ * | Encrypted File Encryption Key | arbitrary |
+ */
+ data_len = (5 + ECRYPTFS_SIG_SIZE_HEX
+ + session_key->encrypted_key_size);
+ *packet = kmalloc(data_len, GFP_KERNEL);
+ message = *packet;
+ if (!message) {
+ ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
+ rc = -ENOMEM;
+ goto out;
+ }
+ message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE;
+ rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
+ &packet_size_len);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
+ "header; cannot generate packet length\n");
+ goto out;
+ }
+ i += packet_size_len;
+ memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
+ i += ECRYPTFS_SIG_SIZE_HEX;
+ rc = write_packet_length(&message[i], session_key->encrypted_key_size,
+ &packet_size_len);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet "
+ "header; cannot generate packet length\n");
+ goto out;
+ }
+ i += packet_size_len;
+ memcpy(&message[i], session_key->encrypted_key,
+ session_key->encrypted_key_size);
+ i += session_key->encrypted_key_size;
+ *packet_len = i;
+out:
+ return rc;
+}
+
+static int
+parse_tag_65_packet(struct ecryptfs_session_key *session_key, u16 *cipher_code,
+ struct ecryptfs_message *msg)
+{
+ size_t i = 0;
+ char *data;
+ size_t data_len;
+ size_t m_size;
+ size_t message_len;
+ u16 checksum = 0;
+ u16 expected_checksum = 0;
+ int rc;
+
+ /*
+ * ***** TAG 65 Packet Format *****
+ * | Content Type | 1 byte |
+ * | Status Indicator | 1 byte |
+ * | File Encryption Key Size | 1 or 2 bytes |
+ * | File Encryption Key | arbitrary |
+ */
+ message_len = msg->data_len;
+ data = msg->data;
+ if (message_len < 4) {
+ rc = -EIO;
+ goto out;
+ }
+ if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) {
+ ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_65\n");
+ rc = -EIO;
+ goto out;
+ }
+ if (data[i++]) {
+ ecryptfs_printk(KERN_ERR, "Status indicator has non-zero value "
+ "[%d]\n", data[i-1]);
+ rc = -EIO;
+ goto out;
+ }
+ rc = parse_packet_length(&data[i], &m_size, &data_len);
+ if (rc) {
+ ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
+ "rc = [%d]\n", rc);
+ goto out;
+ }
+ i += data_len;
+ if (message_len < (i + m_size)) {
+ ecryptfs_printk(KERN_ERR, "The received netlink message is "
+ "shorter than expected\n");
+ rc = -EIO;
+ goto out;
+ }
+ if (m_size < 3) {
+ ecryptfs_printk(KERN_ERR,
+ "The decrypted key is not long enough to "
+ "include a cipher code and checksum\n");
+ rc = -EIO;
+ goto out;
+ }
+ *cipher_code = data[i++];
+ /* The decrypted key includes 1 byte cipher code and 2 byte checksum */
+ session_key->decrypted_key_size = m_size - 3;
+ if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) {
+ ecryptfs_printk(KERN_ERR, "key_size [%d] larger than "
+ "the maximum key size [%d]\n",
+ session_key->decrypted_key_size,
+ ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
+ rc = -EIO;
+ goto out;
+ }
+ memcpy(session_key->decrypted_key, &data[i],
+ session_key->decrypted_key_size);
+ i += session_key->decrypted_key_size;
+ expected_checksum += (unsigned char)(data[i++]) << 8;
+ expected_checksum += (unsigned char)(data[i++]);
+ for (i = 0; i < session_key->decrypted_key_size; i++)
+ checksum += session_key->decrypted_key[i];
+ if (expected_checksum != checksum) {
+ ecryptfs_printk(KERN_ERR, "Invalid checksum for file "
+ "encryption key; expected [%x]; calculated "
+ "[%x]\n", expected_checksum, checksum);
+ rc = -EIO;
+ }
+out:
+ return rc;
+}
+
+
+static int
+write_tag_66_packet(char *signature, size_t cipher_code,
+ struct ecryptfs_crypt_stat *crypt_stat, char **packet,
+ size_t *packet_len)
+{
+ size_t i = 0;
+ size_t j;
+ size_t data_len;
+ size_t checksum = 0;
+ size_t packet_size_len;
+ char *message;
+ int rc;
+
+ /*
+ * ***** TAG 66 Packet Format *****
+ * | Content Type | 1 byte |
+ * | Key Identifier Size | 1 or 2 bytes |
+ * | Key Identifier | arbitrary |
+ * | File Encryption Key Size | 1 or 2 bytes |
+ * | File Encryption Key | arbitrary |
+ */
+ data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
+ *packet = kmalloc(data_len, GFP_KERNEL);
+ message = *packet;
+ if (!message) {
+ ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
+ rc = -ENOMEM;
+ goto out;
+ }
+ message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE;
+ rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX,
+ &packet_size_len);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
+ "header; cannot generate packet length\n");
+ goto out;
+ }
+ i += packet_size_len;
+ memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX);
+ i += ECRYPTFS_SIG_SIZE_HEX;
+ /* The encrypted key includes 1 byte cipher code and 2 byte checksum */
+ rc = write_packet_length(&message[i], crypt_stat->key_size + 3,
+ &packet_size_len);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet "
+ "header; cannot generate packet length\n");
+ goto out;
+ }
+ i += packet_size_len;
+ message[i++] = cipher_code;
+ memcpy(&message[i], crypt_stat->key, crypt_stat->key_size);
+ i += crypt_stat->key_size;
+ for (j = 0; j < crypt_stat->key_size; j++)
+ checksum += crypt_stat->key[j];
+ message[i++] = (checksum / 256) % 256;
+ message[i++] = (checksum % 256);
+ *packet_len = i;
+out:
+ return rc;
+}
+
+static int
+parse_tag_67_packet(struct ecryptfs_key_record *key_rec,
+ struct ecryptfs_message *msg)
+{
+ size_t i = 0;
+ char *data;
+ size_t data_len;
+ size_t message_len;
+ int rc;
+
+ /*
+ * ***** TAG 65 Packet Format *****
+ * | Content Type | 1 byte |
+ * | Status Indicator | 1 byte |
+ * | Encrypted File Encryption Key Size | 1 or 2 bytes |
+ * | Encrypted File Encryption Key | arbitrary |
+ */
+ message_len = msg->data_len;
+ data = msg->data;
+ /* verify that everything through the encrypted FEK size is present */
+ if (message_len < 4) {
+ rc = -EIO;
+ goto out;
+ }
+ if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) {
+ ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_67\n");
+ rc = -EIO;
+ goto out;
+ }
+ if (data[i++]) {
+ ecryptfs_printk(KERN_ERR, "Status indicator has non zero value"
+ " [%d]\n", data[i-1]);
+ rc = -EIO;
+ goto out;
+ }
+ rc = parse_packet_length(&data[i], &key_rec->enc_key_size, &data_len);
+ if (rc) {
+ ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
+ "rc = [%d]\n", rc);
+ goto out;
+ }
+ i += data_len;
+ if (message_len < (i + key_rec->enc_key_size)) {
+ ecryptfs_printk(KERN_ERR, "message_len [%d]; max len is [%d]\n",
+ message_len, (i + key_rec->enc_key_size));
+ rc = -EIO;
+ goto out;
+ }
+ if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
+ ecryptfs_printk(KERN_ERR, "Encrypted key_size [%d] larger than "
+ "the maximum key size [%d]\n",
+ key_rec->enc_key_size,
+ ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES);
+ rc = -EIO;
+ goto out;
+ }
+ memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size);
+out:
+ return rc;
+}
+
+/**
+ * decrypt_pki_encrypted_session_key - Decrypt the session key with
+ * the given auth_tok.
+ *
+ * Returns Zero on success; non-zero error otherwise.
+ */
+static int decrypt_pki_encrypted_session_key(
+ struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
+ struct ecryptfs_auth_tok *auth_tok,
+ struct ecryptfs_crypt_stat *crypt_stat)
+{
+ u16 cipher_code = 0;
+ struct ecryptfs_msg_ctx *msg_ctx;
+ struct ecryptfs_message *msg = NULL;
+ char *netlink_message;
+ size_t netlink_message_length;
+ int rc;
+
+ rc = write_tag_64_packet(mount_crypt_stat->global_auth_tok_sig,
+ &(auth_tok->session_key),
+ &netlink_message, &netlink_message_length);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet");
+ goto out;
+ }
+ rc = ecryptfs_send_message(ecryptfs_transport, netlink_message,
+ netlink_message_length, &msg_ctx);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error sending netlink message\n");
+ goto out;
+ }
+ rc = ecryptfs_wait_for_response(msg_ctx, &msg);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Failed to receive tag 65 packet "
+ "from the user space daemon\n");
+ rc = -EIO;
+ goto out;
+ }
+ rc = parse_tag_65_packet(&(auth_tok->session_key),
+ &cipher_code, msg);
+ if (rc) {
+ printk(KERN_ERR "Failed to parse tag 65 packet; rc = [%d]\n",
+ rc);
+ goto out;
+ }
+ auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
+ memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
+ auth_tok->session_key.decrypted_key_size);
+ crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
+ rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
+ cipher_code)
+ goto out;
+ }
+ crypt_stat->flags |= ECRYPTFS_KEY_VALID;
+ if (ecryptfs_verbosity > 0) {
+ ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
+ ecryptfs_dump_hex(crypt_stat->key,
+ crypt_stat->key_size);
+ }
+out:
+ if (msg)
+ kfree(msg);
+ return rc;
+}
+
+static void wipe_auth_tok_list(struct list_head *auth_tok_list_head)
+{
+ struct list_head *walker;
+ struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
+
+ walker = auth_tok_list_head->next;
+ while (walker != auth_tok_list_head) {
+ auth_tok_list_item =
+ list_entry(walker, struct ecryptfs_auth_tok_list_item,
+ list);
+ walker = auth_tok_list_item->list.next;
+ memset(auth_tok_list_item, 0,
+ sizeof(struct ecryptfs_auth_tok_list_item));
+ kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
+ auth_tok_list_item);
+ }
+ auth_tok_list_head->next = NULL;
+}
+
+struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
+
+
+/**
+ * parse_tag_1_packet
+ * @crypt_stat: The cryptographic context to modify based on packet
+ * contents.
+ * @data: The raw bytes of the packet.
+ * @auth_tok_list: eCryptfs parses packets into authentication tokens;
+ * a new authentication token will be placed at the end
+ * of this list for this packet.
+ * @new_auth_tok: Pointer to a pointer to memory that this function
+ * allocates; sets the memory address of the pointer to
+ * NULL on error. This object is added to the
+ * auth_tok_list.
+ * @packet_size: This function writes the size of the parsed packet
+ * into this memory location; zero on error.
+ *
+ * Returns zero on success; non-zero on error.
+ */
+static int
+parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
+ unsigned char *data, struct list_head *auth_tok_list,
+ struct ecryptfs_auth_tok **new_auth_tok,
+ size_t *packet_size, size_t max_packet_size)
+{
+ size_t body_size;
+ struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
+ size_t length_size;
+ int rc = 0;
+
+ (*packet_size) = 0;
+ (*new_auth_tok) = NULL;
+
+ /* we check that:
+ * one byte for the Tag 1 ID flag
+ * two bytes for the body size
+ * do not exceed the maximum_packet_size
+ */
+ if (unlikely((*packet_size) + 3 > max_packet_size)) {
+ ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n");
+ rc = -EINVAL;
+ goto out;
+ }
+ /* check for Tag 1 identifier - one byte */
+ if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {
+ ecryptfs_printk(KERN_ERR, "Enter w/ first byte != 0x%.2x\n",
+ ECRYPTFS_TAG_1_PACKET_TYPE);
+ rc = -EINVAL;
+ goto out;
+ }
+ /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
+ * at end of function upon failure */
+ auth_tok_list_item =
+ kmem_cache_alloc(ecryptfs_auth_tok_list_item_cache,
+ SLAB_KERNEL);
+ if (!auth_tok_list_item) {
+ ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(auth_tok_list_item, 0,
+ sizeof(struct ecryptfs_auth_tok_list_item));
+ (*new_auth_tok) = &auth_tok_list_item->auth_tok;
+ /* check for body size - one to two bytes
+ *
+ * ***** TAG 1 Packet Format *****
+ * | version number | 1 byte |
+ * | key ID | 8 bytes |
+ * | public key algorithm | 1 byte |
+ * | encrypted session key | arbitrary |
+ */
+ rc = parse_packet_length(&data[(*packet_size)], &body_size,
+ &length_size);
+ if (rc) {
+ ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "
+ "rc = [%d]\n", rc);
+ goto out_free;
+ }
+ if (unlikely(body_size < (0x02 + ECRYPTFS_SIG_SIZE))) {
+ ecryptfs_printk(KERN_WARNING, "Invalid body size ([%d])\n",
+ body_size);
+ rc = -EINVAL;
+ goto out_free;
+ }
+ (*packet_size) += length_size;
+ if (unlikely((*packet_size) + body_size > max_packet_size)) {
+ ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n");
+ rc = -EINVAL;
+ goto out_free;
+ }
+ /* Version 3 (from RFC2440) - one byte */
+ if (unlikely(data[(*packet_size)++] != 0x03)) {
+ ecryptfs_printk(KERN_DEBUG, "Unknown version number "
+ "[%d]\n", data[(*packet_size) - 1]);
+ rc = -EINVAL;
+ goto out_free;
+ }
+ /* Read Signature */
+ ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,
+ &data[(*packet_size)], ECRYPTFS_SIG_SIZE);
+ *packet_size += ECRYPTFS_SIG_SIZE;
+ /* This byte is skipped because the kernel does not need to
+ * know which public key encryption algorithm was used */
+ (*packet_size)++;
+ (*new_auth_tok)->session_key.encrypted_key_size =
+ body_size - (0x02 + ECRYPTFS_SIG_SIZE);
+ if ((*new_auth_tok)->session_key.encrypted_key_size
+ > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
+ ecryptfs_printk(KERN_ERR, "Tag 1 packet contains key larger "
+ "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
+ rc = -EINVAL;
+ goto out;
+ }
+ ecryptfs_printk(KERN_DEBUG, "Encrypted key size = [%d]\n",
+ (*new_auth_tok)->session_key.encrypted_key_size);
+ memcpy((*new_auth_tok)->session_key.encrypted_key,
+ &data[(*packet_size)], (body_size - 0x02 - ECRYPTFS_SIG_SIZE));
+ (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;
+ (*new_auth_tok)->session_key.flags &=
+ ~ECRYPTFS_CONTAINS_DECRYPTED_KEY;
+ (*new_auth_tok)->session_key.flags |=
+ ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
+ /* TODO: Use the keyring */
+ (*new_auth_tok)->uid = current->uid;
+ ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY);
+ /* TODO: Why are we setting this flag here? Don't we want the
+ * userspace to decrypt the session key? */
+ ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags,
+ ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
+ ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags,
+ ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
+ list_add(&auth_tok_list_item->list, auth_tok_list);
+ goto out;
+out_free:
+ (*new_auth_tok) = NULL;
+ memset(auth_tok_list_item, 0,
+ sizeof(struct ecryptfs_auth_tok_list_item));
+ kmem_cache_free(ecryptfs_auth_tok_list_item_cache,
+ auth_tok_list_item);
+out:
+ if (rc)
+ (*packet_size) = 0;
+ return rc;
+}
+
/**
* parse_tag_3_packet
* @crypt_stat: The cryptographic context to modify based on packet
@@ -178,10 +653,10 @@ parse_tag_3_packet(struct ecryptfs_crypt
struct ecryptfs_auth_tok **new_auth_tok,
size_t *packet_size, size_t max_packet_size)
{
- int rc = 0;
size_t body_size;
struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
size_t length_size;
+ int rc = 0;
(*packet_size) = 0;
(*new_auth_tok) = NULL;
@@ -362,9 +837,9 @@ parse_tag_11_packet(unsigned char *data,
size_t max_contents_bytes, size_t *tag_11_contents_size,
size_t *packet_size, size_t max_packet_size)
{
- int rc = 0;
size_t body_size;
size_t length_size;
+ int rc = 0;
(*packet_size) = 0;
(*tag_11_contents_size) = 0;
@@ -460,14 +935,13 @@ out:
static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
struct ecryptfs_crypt_stat *crypt_stat)
{
- int rc = 0;
struct ecryptfs_password *password_s_ptr;
struct crypto_tfm *tfm = NULL;
struct scatterlist src_sg[2], dst_sg[2];
struct mutex *tfm_mutex = NULL;
- /* TODO: Use virt_to_scatterlist for these */
char *encrypted_session_key;
char *session_key;
+ int rc = 0;
password_s_ptr = &auth_tok->token.password;
if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags,
@@ -578,7 +1052,6 @@ int ecryptfs_parse_packet_set(struct ecr
struct dentry *ecryptfs_dentry)
{
size_t i = 0;
- int rc = 0;
size_t found_auth_tok = 0;
size_t next_packet_is_auth_tok_packet;
char sig[ECRYPTFS_SIG_SIZE_HEX];
@@ -594,6 +1067,7 @@ int ecryptfs_parse_packet_set(struct ecr
unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
size_t tag_11_contents_size;
size_t tag_11_packet_size;
+ int rc = 0;
INIT_LIST_HEAD(&auth_tok_list);
/* Parse the header to find as many packets as we can, these will be
@@ -648,6 +1122,21 @@ int ecryptfs_parse_packet_set(struct ecr
ECRYPTFS_SET_FLAG(crypt_stat->flags,
ECRYPTFS_ENCRYPTED);
break;
+ case ECRYPTFS_TAG_1_PACKET_TYPE:
+ rc = parse_tag_1_packet(crypt_stat,
+ (unsigned char *)&src[i],
+ &auth_tok_list, &new_auth_tok,
+ &packet_size, max_packet_size);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error parsing "
+ "tag 1 packet\n");
+ rc = -EIO;
+ goto out_wipe_list;
+ }
+ i += packet_size;
+ ECRYPTFS_SET_FLAG(crypt_stat->flags,
+ ECRYPTFS_ENCRYPTED);
+ break;
case ECRYPTFS_TAG_11_PACKET_TYPE:
ecryptfs_printk(KERN_WARNING, "Invalid packet set "
"(Tag 11 not allowed by itself)\n");
@@ -697,30 +1186,47 @@ int ecryptfs_parse_packet_set(struct ecr
/* TODO: Transfer the common salt into the
* crypt_stat salt */
}
+ else if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
+ ECRYPTFS_PRIVATE_KEY))
+ && !strncmp(candidate_auth_tok->token.private_key.signature,
+ sig, ECRYPTFS_SIG_SIZE_HEX)) {
+ found_auth_tok = 1;
+ goto leave_list;
+ }
}
-leave_list:
if (!found_auth_tok) {
ecryptfs_printk(KERN_ERR, "Could not find authentication "
"token on temporary list for sig [%.*s]\n",
ECRYPTFS_SIG_SIZE_HEX, sig);
rc = -EIO;
goto out_wipe_list;
- } else {
+ }
+leave_list:
+ if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
+ ECRYPTFS_PRIVATE_KEY))) {
+ memcpy(&(candidate_auth_tok->token.private_key),
+ &(chosen_auth_tok->token.private_key),
+ sizeof(struct ecryptfs_private_key));
+ rc = decrypt_pki_encrypted_session_key(mount_crypt_stat,
+ candidate_auth_tok,
+ crypt_stat);
+ } else if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
+ ECRYPTFS_PASSWORD))) {
memcpy(&(candidate_auth_tok->token.password),
&(chosen_auth_tok->token.password),
sizeof(struct ecryptfs_password));
rc = decrypt_session_key(candidate_auth_tok, crypt_stat);
- if (rc) {
- ecryptfs_printk(KERN_ERR, "Error decrypting the "
- "session key\n");
- goto out_wipe_list;
- }
- rc = ecryptfs_compute_root_iv(crypt_stat);
- if (rc) {
- ecryptfs_printk(KERN_ERR, "Error computing "
- "the root IV\n");
- goto out_wipe_list;
- }
+ }
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error decrypting the "
+ "session key; rc = [%d]\n", rc);
+ goto out_wipe_list;
+ }
+ rc = ecryptfs_compute_root_iv(crypt_stat);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error computing "
+ "the root IV\n");
+ goto out_wipe_list;
}
rc = ecryptfs_init_crypt_ctx(crypt_stat);
if (rc) {
@@ -733,6 +1239,145 @@ out_wipe_list:
out:
return rc;
}
+static int
+pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
+ struct ecryptfs_crypt_stat *crypt_stat,
+ struct ecryptfs_key_record *key_rec)
+{
+ struct ecryptfs_msg_ctx *msg_ctx = NULL;
+ char *netlink_payload;
+ size_t netlink_payload_length;
+ struct ecryptfs_message *msg;
+ int rc;
+
+ rc = write_tag_66_packet(auth_tok->token.private_key.signature,
+ ecryptfs_code_for_cipher_string(crypt_stat),
+ crypt_stat, &netlink_payload,
+ &netlink_payload_length);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet\n");
+ goto out;
+ }
+ rc = ecryptfs_send_message(ecryptfs_transport, netlink_payload,
+ netlink_payload_length, &msg_ctx);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error sending netlink message\n");
+ goto out;
+ }
+ rc = ecryptfs_wait_for_response(msg_ctx, &msg);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Failed to receive tag 67 packet "
+ "from the user space daemon\n");
+ rc = -EIO;
+ goto out;
+ }
+ rc = parse_tag_67_packet(key_rec, msg);
+ if (rc)
+ ecryptfs_printk(KERN_ERR, "Error parsing tag 67 packet\n");
+ kfree(msg);
+out:
+ if (netlink_payload)
+ kfree(netlink_payload);
+ return rc;
+}
+/**
+ * write_tag_1_packet - Write an RFC2440-compatible tag 1 (public key) packet
+ * @dest: Buffer into which to write the packet
+ * @max: Maximum number of bytes that can be writtn
+ * @packet_size: This function will write the number of bytes that end
+ * up constituting the packet; set to zero on error
+ *
+ * Returns zero on success; non-zero on error.
+ */
+static int
+write_tag_1_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok,
+ struct ecryptfs_crypt_stat *crypt_stat,
+ struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
+ struct ecryptfs_key_record *key_rec, size_t *packet_size)
+{
+ size_t i;
+ size_t encrypted_session_key_valid = 0;
+ size_t key_rec_size;
+ size_t packet_size_length;
+ int rc = 0;
+
+ (*packet_size) = 0;
+ ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature,
+ ECRYPTFS_SIG_SIZE);
+ encrypted_session_key_valid = 0;
+ for (i = 0; i < crypt_stat->key_size; i++)
+ encrypted_session_key_valid |=
+ auth_tok->session_key.encrypted_key[i];
+ if (encrypted_session_key_valid) {
+ memcpy(key_rec->enc_key,
+ auth_tok->session_key.encrypted_key,
+ auth_tok->session_key.encrypted_key_size);
+ goto encrypted_session_key_set;
+ }
+ if (auth_tok->session_key.encrypted_key_size == 0)
+ auth_tok->session_key.encrypted_key_size =
+ auth_tok->token.private_key.key_size;
+ rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Failed to encrypt session key "
+ "via a pki");
+ goto out;
+ }
+ if (ecryptfs_verbosity > 0) {
+ ecryptfs_printk(KERN_DEBUG, "Encrypted key:\n");
+ ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size);
+ }
+encrypted_session_key_set:
+ /* Now we have a valid key_rec. Append it to the
+ * key_rec set. */
+ key_rec_size = (sizeof(struct ecryptfs_key_record)
+ - ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES
+ + (key_rec->enc_key_size));
+ /* TODO: Include a packet size limit as a parameter to this
+ * function once we have multi-packet headers (for versions
+ * later than 0.1 */
+ if (key_rec_size >= ECRYPTFS_MAX_KEYSET_SIZE) {
+ ecryptfs_printk(KERN_ERR, "Keyset too large\n");
+ rc = -EINVAL;
+ goto out;
+ }
+ /* ***** TAG 1 Packet Format *****
+ * | version number | 1 byte |
+ * | key ID | 8 bytes |
+ * | public key algorithm | 1 byte |
+ * | encrypted session key | arbitrary |
+ */
+ if ((0x02 + ECRYPTFS_SIG_SIZE + key_rec->enc_key_size) >= max) {
+ ecryptfs_printk(KERN_ERR,
+ "Authentication token is too large\n");
+ rc = -EINVAL;
+ goto out;
+ }
+ dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE;
+ /* This format is inspired by OpenPGP; see RFC 2440
+ * packet tag 1 */
+ rc = write_packet_length(&dest[(*packet_size)],
+ (0x02 + ECRYPTFS_SIG_SIZE +
+ key_rec->enc_key_size),
+ &packet_size_length);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet "
+ "header; cannot generate packet length\n");
+ goto out;
+ }
+ (*packet_size) += packet_size_length;
+ dest[(*packet_size)++] = 0x03; /* version 3 */
+ memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE);
+ (*packet_size) += ECRYPTFS_SIG_SIZE;
+ dest[(*packet_size)++] = RFC2440_CIPHER_RSA;
+ memcpy(&dest[(*packet_size)], key_rec->enc_key,
+ key_rec->enc_key_size);
+ (*packet_size) += key_rec->enc_key_size;
+out:
+ if (rc)
+ (*packet_size) = 0;
+ return rc;
+}
/**
* write_tag_11_packet
@@ -748,8 +1393,8 @@ static int
write_tag_11_packet(char *dest, int max, char *contents, size_t contents_length,
size_t *packet_length)
{
- int rc = 0;
size_t packet_size_length;
+ int rc = 0;
(*packet_length) = 0;
if ((13 + contents_length) > max) {
@@ -806,10 +1451,7 @@ write_tag_3_packet(char *dest, size_t ma
struct ecryptfs_crypt_stat *crypt_stat,
struct ecryptfs_key_record *key_rec, size_t *packet_size)
{
- int rc = 0;
-
size_t i;
- size_t signature_is_valid = 0;
size_t encrypted_session_key_valid = 0;
char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
struct scatterlist dest_sg[2];
@@ -819,21 +1461,17 @@ write_tag_3_packet(char *dest, size_t ma
size_t key_rec_size;
size_t packet_size_length;
size_t cipher_code;
+ int rc = 0;
(*packet_size) = 0;
- /* Check for a valid signature on the auth_tok */
- for (i = 0; i < ECRYPTFS_SIG_SIZE_HEX; i++)
- signature_is_valid |= auth_tok->token.password.signature[i];
- if (!signature_is_valid)
- BUG();
- ecryptfs_from_hex((*key_rec).sig, auth_tok->token.password.signature,
+ ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature,
ECRYPTFS_SIG_SIZE);
encrypted_session_key_valid = 0;
for (i = 0; i < crypt_stat->key_size; i++)
encrypted_session_key_valid |=
auth_tok->session_key.encrypted_key[i];
if (encrypted_session_key_valid) {
- memcpy((*key_rec).enc_key,
+ memcpy(key_rec->enc_key,
auth_tok->session_key.encrypted_key,
auth_tok->session_key.encrypted_key_size);
goto encrypted_session_key_set;
@@ -846,10 +1484,10 @@ write_tag_3_packet(char *dest, size_t ma
memset((crypt_stat->key + 24), 0, 8);
auth_tok->session_key.encrypted_key_size = 32;
}
- (*key_rec).enc_key_size =
+ key_rec->enc_key_size =
auth_tok->session_key.encrypted_key_size;
- if (ECRYPTFS_CHECK_FLAG(auth_tok->token.password.flags,
- ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)) {
+ if (auth_tok->token.password.flags &
+ ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) {
ecryptfs_printk(KERN_DEBUG, "Using previously generated "
"session key encryption key of size [%d]\n",
auth_tok->token.password.
@@ -867,15 +1505,15 @@ write_tag_3_packet(char *dest, size_t ma
ecryptfs_dump_hex(session_key_encryption_key, 16);
}
rc = virt_to_scatterlist(crypt_stat->key,
- (*key_rec).enc_key_size, src_sg, 2);
+ key_rec->enc_key_size, src_sg, 2);
if (!rc) {
ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
"for crypt_stat session key\n");
rc = -ENOMEM;
goto out;
}
- rc = virt_to_scatterlist((*key_rec).enc_key,
- (*key_rec).enc_key_size, dest_sg, 2);
+ rc = virt_to_scatterlist(key_rec->enc_key,
+ key_rec->enc_key_size, dest_sg, 2);
if (!rc) {
ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
"for crypt_stat encrypted session key\n");
@@ -911,19 +1549,19 @@ write_tag_3_packet(char *dest, size_t ma
ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
crypt_stat->key_size);
crypto_cipher_encrypt(tfm, dest_sg, src_sg,
- (*key_rec).enc_key_size);
+ key_rec->enc_key_size);
if (tfm_mutex)
mutex_unlock(tfm_mutex);
ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
if (ecryptfs_verbosity > 0)
- ecryptfs_dump_hex((*key_rec).enc_key,
- (*key_rec).enc_key_size);
+ ecryptfs_dump_hex(key_rec->enc_key,
+ key_rec->enc_key_size);
encrypted_session_key_set:
/* Now we have a valid key_rec. Append it to the
* key_rec set. */
key_rec_size = (sizeof(struct ecryptfs_key_record)
- ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES
- + ((*key_rec).enc_key_size));
+ + (key_rec->enc_key_size));
/* TODO: Include a packet size limit as a parameter to this
* function once we have multi-packet headers (for versions
* later than 0.1 */
@@ -935,7 +1573,7 @@ encrypted_session_key_set:
/* TODO: Packet size limit */
/* We have 5 bytes of surrounding packet data */
if ((0x05 + ECRYPTFS_SALT_SIZE
- + (*key_rec).enc_key_size) >= max) {
+ + key_rec->enc_key_size) >= max) {
ecryptfs_printk(KERN_ERR, "Authentication token is too "
"large\n");
rc = -EINVAL;
@@ -947,7 +1585,7 @@ encrypted_session_key_set:
/* ver+cipher+s2k+hash+salt+iter+enc_key */
rc = write_packet_length(&dest[(*packet_size)],
(0x05 + ECRYPTFS_SALT_SIZE
- + (*key_rec).enc_key_size),
+ + key_rec->enc_key_size),
&packet_size_length);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error generating tag 3 packet "
@@ -970,9 +1608,9 @@ encrypted_session_key_set:
ECRYPTFS_SALT_SIZE);
(*packet_size) += ECRYPTFS_SALT_SIZE; /* salt */
dest[(*packet_size)++] = 0x60; /* hash iterations (65536) */
- memcpy(&dest[(*packet_size)], (*key_rec).enc_key,
- (*key_rec).enc_key_size);
- (*packet_size) += (*key_rec).enc_key_size;
+ memcpy(&dest[(*packet_size)], key_rec->enc_key,
+ key_rec->enc_key_size);
+ (*packet_size) += key_rec->enc_key_size;
out:
if (tfm && !tfm_mutex)
crypto_free_tfm(tfm);
@@ -1002,13 +1640,13 @@ ecryptfs_generate_key_packet_set(char *d
struct dentry *ecryptfs_dentry, size_t *len,
size_t max)
{
- int rc = 0;
struct ecryptfs_auth_tok *auth_tok;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
size_t written;
struct ecryptfs_key_record key_rec;
+ int rc = 0;
(*len) = 0;
if (mount_crypt_stat->global_auth_tok) {
@@ -1035,20 +1673,24 @@ ecryptfs_generate_key_packet_set(char *d
goto out;
}
(*len) += written;
+ } else if (ECRYPTFS_CHECK_FLAG(auth_tok->flags,
+ ECRYPTFS_PRIVATE_KEY)) {
+ rc = write_tag_1_packet(dest_base + (*len),
+ max, auth_tok,
+ crypt_stat,mount_crypt_stat,
+ &key_rec, &written);
+ if (rc) {
+ ecryptfs_printk(KERN_WARNING, "Error "
+ "writing tag 1 packet\n");
+ goto out;
+ }
+ (*len) += written;
} else {
ecryptfs_printk(KERN_WARNING, "Unsupported "
"authentication token type\n");
rc = -EINVAL;
goto out;
}
- if (rc) {
- ecryptfs_printk(KERN_WARNING, "Error writing "
- "authentication token packet with sig "
- "= [%s]\n",
- mount_crypt_stat->global_auth_tok_sig);
- rc = -EIO;
- goto out;
- }
} else
BUG();
if (likely((max - (*len)) > 0)) {
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 9cb7a72..9aacb75 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -6,6 +6,7 @@
* Copyright (C) 2004-2006 International Business Machines Corp.
* Author(s): Michael A. Halcrow <[email protected]>
* Michael C. Thompson <[email protected]>
+ * Tyler Hicks <[email protected]>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -47,6 +48,43 @@ MODULE_PARM_DESC(ecryptfs_verbosity,
"Initial verbosity level (0 or 1; defaults to "
"0, which is Quiet)");
+/**
+ * Module parameter that defines the number of netlink message buffer
+ * elements
+ */
+unsigned int ecryptfs_message_buf_len = ECRYPTFS_DEFAULT_MSG_CTX_ELEMS;
+
+module_param(ecryptfs_message_buf_len, uint, 0);
+MODULE_PARM_DESC(ecryptfs_message_buf_len,
+ "Number of message buffer elements");
+
+/**
+ * Module parameter that defines the maximum guaranteed amount of time to wait
+ * for a response through netlink. The actual sleep time will be, more than
+ * likely, a small amount greater than this specified value, but only less if
+ * the netlink message successfully arrives.
+ */
+signed long ecryptfs_message_wait_timeout = ECRYPTFS_MAX_MSG_CTX_TTL / HZ;
+
+module_param(ecryptfs_message_wait_timeout, long, 0);
+MODULE_PARM_DESC(ecryptfs_message_wait_timeout,
+ "Maximum number of seconds that an operation will "
+ "sleep while waiting for a message response from "
+ "userspace");
+
+/**
+ * Module parameter that is an estimate of the maximum number of users
+ * that will be concurrently using eCryptfs. Set this to the right
+ * value to balance performance and memory use.
+ */
+unsigned int ecryptfs_number_of_users = ECRYPTFS_DEFAULT_NUM_USERS;
+
+module_param(ecryptfs_number_of_users, uint, 0);
+MODULE_PARM_DESC(ecryptfs_number_of_users, "An estimate of the number of "
+ "concurrent users of eCryptfs");
+
+unsigned int ecryptfs_transport = ECRYPTFS_DEFAULT_TRANSPORT;
+
void __ecryptfs_printk(const char *fmt, ...)
{
va_list args;
@@ -354,7 +392,8 @@ static int ecryptfs_parse_options(struct
rc = -EINVAL;
goto out;
}
- if (!ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PASSWORD)) {
+ if (!ECRYPTFS_CHECK_FLAG(auth_tok->flags,
+ (ECRYPTFS_PASSWORD | ECRYPTFS_PRIVATE_KEY))) {
ecryptfs_printk(KERN_ERR, "Invalid auth_tok structure "
"returned from key\n");
rc = -EINVAL;
@@ -784,6 +823,13 @@ static int __init init_ecryptfs_fs(void)
}
ecryptfs_printk(KERN_DEBUG, "Registering eCryptfs\n");
rc = register_filesystem(&ecryptfs_fs_type);
+ if (rc)
+ goto out;
+ rc = ecryptfs_init_messaging(ecryptfs_transport);
+ if (rc) {
+ ecryptfs_printk(KERN_ERR, "Failure occured while attempting to "
+ "initialize the eCryptfs netlink socket\n");
+ }
out:
return rc;
}
@@ -792,6 +838,7 @@ static void __exit exit_ecryptfs_fs(void
{
int rc;
+ ecryptfs_release_messaging(ecryptfs_transport);
unregister_filesystem(&ecryptfs_fs_type);
rc = ecryptfs_free_kmem_caches();
if (rc)
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 8a4040d..02f8ca1 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -528,90 +528,6 @@ out:
return rc;
}
-static int
-process_new_file(struct ecryptfs_crypt_stat *crypt_stat,
- struct file *file, struct inode *inode)
-{
- struct page *header_page;
- const struct address_space_operations *lower_a_ops;
- struct inode *lower_inode;
- struct file *lower_file;
- char *header_virt;
- int rc = 0;
- int current_header_page = 0;
- int header_pages;
- int more_header_data_to_be_written = 1;
-
- lower_inode = ecryptfs_inode_to_lower(inode);
- lower_file = ecryptfs_file_to_lower(file);
- lower_a_ops = lower_inode->i_mapping->a_ops;
- header_pages = ((crypt_stat->header_extent_size
- * crypt_stat->num_header_extents_at_front)
- / PAGE_CACHE_SIZE);
- BUG_ON(header_pages < 1);
- while (current_header_page < header_pages) {
- rc = ecryptfs_grab_and_map_lower_page(&header_page,
- &header_virt,
- lower_inode,
- current_header_page);
- if (rc) {
- ecryptfs_printk(KERN_ERR, "grab_cache_page for "
- "header page [%d] failed; rc = [%d]\n",
- current_header_page, rc);
- goto out;
- }
- rc = lower_a_ops->prepare_write(lower_file, header_page, 0,
- PAGE_CACHE_SIZE);
- if (rc) {
- ecryptfs_printk(KERN_ERR, "Error preparing to write "
- "header page out; rc = [%d]\n", rc);
- goto out;
- }
- memset(header_virt, 0, PAGE_CACHE_SIZE);
- if (more_header_data_to_be_written) {
- rc = ecryptfs_write_headers_virt(header_virt,
- crypt_stat,
- file->f_dentry);
- if (rc) {
- ecryptfs_printk(KERN_WARNING, "Error "
- "generating header; rc = "
- "[%d]\n", rc);
- rc = -EIO;
- memset(header_virt, 0, PAGE_CACHE_SIZE);
- ecryptfs_unmap_and_release_lower_page(
- header_page);
- goto out;
- }
- if (current_header_page == 0)
- memset(header_virt, 0, 8);
- more_header_data_to_be_written = 0;
- }
- rc = lower_a_ops->commit_write(lower_file, header_page, 0,
- PAGE_CACHE_SIZE);
- ecryptfs_unmap_and_release_lower_page(header_page);
- if (rc < 0) {
- ecryptfs_printk(KERN_ERR,
- "Error commiting header page write; "
- "rc = [%d]\n", rc);
- break;
- }
- current_header_page++;
- }
- if (rc >= 0) {
- rc = 0;
- ecryptfs_printk(KERN_DEBUG, "lower_inode->i_blocks = "
- "[0x%.16x]\n", lower_inode->i_blocks);
- i_size_write(inode, 0);
- lower_inode->i_mtime = lower_inode->i_ctime = CURRENT_TIME;
- mark_inode_dirty_sync(inode);
- }
- ecryptfs_printk(KERN_DEBUG, "Clearing ECRYPTFS_NEW_FILE flag in "
- "crypt_stat at memory location [%p]\n", crypt_stat);
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE);
-out:
- return rc;
-}
-
/**
* ecryptfs_commit_write
* @file: The eCryptfs file object
@@ -643,12 +559,7 @@ static int ecryptfs_commit_write(struct
if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) {
ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in "
"crypt_stat at memory location [%p]\n", crypt_stat);
- rc = process_new_file(crypt_stat, file, inode);
- if (rc) {
- ecryptfs_printk(KERN_ERR, "Error processing new "
- "file; rc = [%d]\n", rc);
- goto out;
- }
+ ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE);
} else
ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
--
1.3.3
Open-code flag checking and manipulation.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/crypto.c | 37 +++++++++++++-------------------
fs/ecryptfs/debug.c | 10 ++++-----
fs/ecryptfs/ecryptfs_kernel.h | 3 ---
fs/ecryptfs/file.c | 17 ++++++---------
fs/ecryptfs/inode.c | 14 +++++-------
fs/ecryptfs/keystore.c | 48 +++++++++++++++++------------------------
fs/ecryptfs/main.c | 3 +--
fs/ecryptfs/mmap.c | 8 +++----
8 files changed, 58 insertions(+), 82 deletions(-)
6c21efe97f4e0c862a962f007349ee0e4b2aff6b
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 39d7ec0..112134a 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -179,7 +179,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs
mutex_init(&crypt_stat->cs_mutex);
mutex_init(&crypt_stat->cs_tfm_mutex);
mutex_init(&crypt_stat->cs_md5_tfm_mutex);
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED);
+ crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
}
/**
@@ -272,8 +272,7 @@ static int encrypt_scatterlist(struct ec
int rc = 0;
BUG_ON(!crypt_stat || !crypt_stat->tfm
- || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
- ECRYPTFS_STRUCT_INITIALIZED));
+ || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
crypt_stat->key_size);
@@ -452,7 +451,7 @@ #define ECRYPTFS_PAGE_STATE_WRITTEN 3
lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);
inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);
crypt_stat = &inode_info->crypt_stat;
- if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) {
+ if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,
ctx->param.lower_file);
if (rc)
@@ -584,7 +583,7 @@ int ecryptfs_decrypt_page(struct file *f
crypt_stat = &(ecryptfs_inode_to_private(
page->mapping->host)->crypt_stat);
lower_inode = ecryptfs_inode_to_lower(page->mapping->host);
- if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) {
+ if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
rc = ecryptfs_do_readpage(file, page, page->index);
if (rc)
ecryptfs_printk(KERN_ERR, "Error attempting to copy "
@@ -834,7 +833,7 @@ int ecryptfs_compute_root_iv(struct ecry
BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
BUG_ON(crypt_stat->iv_bytes <= 0);
- if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID)) {
+ if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
rc = -EINVAL;
ecryptfs_printk(KERN_WARNING, "Session key not valid; "
"cannot generate root IV\n");
@@ -851,8 +850,7 @@ int ecryptfs_compute_root_iv(struct ecry
out:
if (rc) {
memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
- ECRYPTFS_SET_FLAG(crypt_stat->flags,
- ECRYPTFS_SECURITY_WARNING);
+ crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
}
return rc;
}
@@ -860,7 +858,7 @@ out:
static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
{
get_random_bytes(crypt_stat->key, crypt_stat->key_size);
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
+ crypt_stat->flags |= ECRYPTFS_KEY_VALID;
ecryptfs_compute_root_iv(crypt_stat);
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
@@ -882,7 +880,7 @@ static void ecryptfs_set_default_crypt_s
ecryptfs_set_default_sizes(crypt_stat);
strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
+ crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
crypt_stat->mount_crypt_stat = mount_crypt_stat;
}
@@ -922,8 +920,8 @@ int ecryptfs_new_file_context(struct den
if (mount_crypt_stat->global_auth_tok) {
ecryptfs_printk(KERN_DEBUG, "Initializing context for new "
"file using mount_crypt_stat\n");
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
+ crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
+ crypt_stat->flags |= ECRYPTFS_KEY_VALID;
memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++],
mount_crypt_stat->global_auth_tok_sig,
ECRYPTFS_SIG_SIZE_HEX);
@@ -1005,11 +1003,9 @@ static int ecryptfs_process_flags(struct
for (i = 0; i < ((sizeof(ecryptfs_flag_map)
/ sizeof(struct ecryptfs_flag_map_elem))); i++)
if (flags & ecryptfs_flag_map[i].file_flag) {
- ECRYPTFS_SET_FLAG(crypt_stat->flags,
- ecryptfs_flag_map[i].local_flag);
+ crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
} else
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,
- ecryptfs_flag_map[i].local_flag);
+ crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
/* Version is in top 8 bits of the 32-bit flag vector */
crypt_stat->file_version = ((flags >> 24) & 0xFF);
(*bytes_read) = 4;
@@ -1046,8 +1042,7 @@ write_ecryptfs_flags(char *page_virt, st
for (i = 0; i < ((sizeof(ecryptfs_flag_map)
/ sizeof(struct ecryptfs_flag_map_elem))); i++)
- if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
- ecryptfs_flag_map[i].local_flag))
+ if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
flags |= ecryptfs_flag_map[i].file_flag;
/* Version is in top 8 bits of the 32-bit flag vector */
flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
@@ -1271,10 +1266,8 @@ int ecryptfs_write_headers(struct dentry
crypt_stat = &ecryptfs_inode_to_private(
ecryptfs_dentry->d_inode)->crypt_stat;
- if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
- ECRYPTFS_ENCRYPTED))) {
- if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
- ECRYPTFS_KEY_VALID)) {
+ if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
+ if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
ecryptfs_printk(KERN_DEBUG, "Key is "
"invalid; bailing out\n");
rc = -EINVAL;
diff --git a/fs/ecryptfs/debug.c b/fs/ecryptfs/debug.c
index 2261945..9cae01d 100644
--- a/fs/ecryptfs/debug.c
+++ b/fs/ecryptfs/debug.c
@@ -36,7 +36,7 @@ void ecryptfs_dump_auth_tok(struct ecryp
ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n",
auth_tok);
- if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PRIVATE_KEY)) {
+ if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {
ecryptfs_printk(KERN_DEBUG, " * private key type\n");
ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT "
"IN ECRYPTFS VERSION 0.1)\n");
@@ -46,8 +46,8 @@ void ecryptfs_dump_auth_tok(struct ecryp
ECRYPTFS_SALT_SIZE);
salt[ECRYPTFS_SALT_SIZE * 2] = '\0';
ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt);
- if (ECRYPTFS_CHECK_FLAG(auth_tok->token.password.flags,
- ECRYPTFS_PERSISTENT_PASSWORD)) {
+ if (auth_tok->token.password.flags &
+ ECRYPTFS_PERSISTENT_PASSWORD) {
ecryptfs_printk(KERN_DEBUG, " * persistent\n");
}
memcpy(sig, auth_tok->token.password.signature,
@@ -55,12 +55,12 @@ void ecryptfs_dump_auth_tok(struct ecryp
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
ecryptfs_printk(KERN_DEBUG, " * signature = [%s]\n", sig);
}
- if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_CONTAINS_SECRET)) {
+ if (auth_tok->flags & ECRYPTFS_CONTAINS_SECRET) {
ecryptfs_printk(KERN_DEBUG, " * contains secret value\n");
} else {
ecryptfs_printk(KERN_DEBUG, " * lacks secret value\n");
}
- if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_EXPIRED))
+ if (auth_tok->flags & ECRYPTFS_EXPIRED)
ecryptfs_printk(KERN_DEBUG, " * expired\n");
ecryptfs_printk(KERN_DEBUG, " * session_key.flags = [0x%x]\n",
auth_tok->session_key.flags);
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 8d4e8ef..fcf6d8b 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -79,9 +79,6 @@ #define RFC2440_CIPHER_AES_256 0x09
#define RFC2440_CIPHER_TWOFISH 0x0a
#define RFC2440_CIPHER_CAST_6 0x0b
-#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag))
-#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag))
-#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag))
#define RFC2440_CIPHER_RSA 0x01
/**
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index b707a99..6da9363 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -233,11 +233,11 @@ static int ecryptfs_open(struct inode *i
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
- if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) {
+ if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED);
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
+ crypt_stat->flags |= ECRYPTFS_POLICY_APPLIED;
+ crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
}
mutex_unlock(&crypt_stat->cs_mutex);
/* This mntget & dget is undone via fput when the file is released */
@@ -261,7 +261,7 @@ static int ecryptfs_open(struct inode *i
lower_inode = lower_dentry->d_inode;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
+ crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
@@ -272,16 +272,13 @@ static int ecryptfs_open(struct inode *i
rc = -ENOENT;
mutex_unlock(&crypt_stat->cs_mutex);
goto out_puts;
- } else if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
- ECRYPTFS_POLICY_APPLIED)
- || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
- ECRYPTFS_KEY_VALID)) {
+ } else if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
+ || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
rc = ecryptfs_read_headers(ecryptfs_dentry, lower_file);
if (rc) {
ecryptfs_printk(KERN_DEBUG,
"Valid headers not found\n");
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,
- ECRYPTFS_ENCRYPTED);
+ crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
/* At this point, we could just move on and
* have the encrypted data passed through
* as-is to userspace. For release 0.1, we are
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index d8659ff..bfc7f41 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -202,17 +202,15 @@ static int grow_file(struct dentry *ecry
ecryptfs_set_file_lower(&fake_file, lower_file);
rc = ecryptfs_fill_zeros(&fake_file, 1);
if (rc) {
- ECRYPTFS_SET_FLAG(
- ecryptfs_inode_to_private(inode)->crypt_stat.flags,
- ECRYPTFS_SECURITY_WARNING);
+ ecryptfs_inode_to_private(inode)->crypt_stat.flags |=
+ ECRYPTFS_SECURITY_WARNING;
ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros "
"in file; rc = [%d]\n", rc);
goto out;
}
i_size_write(inode, 0);
ecryptfs_write_inode_size_to_header(lower_file, lower_inode, inode);
- ECRYPTFS_SET_FLAG(ecryptfs_inode_to_private(inode)->crypt_stat.flags,
- ECRYPTFS_NEW_FILE);
+ ecryptfs_inode_to_private(inode)->crypt_stat.flags |= ECRYPTFS_NEW_FILE;
out:
return rc;
}
@@ -267,10 +265,10 @@ #endif
lower_inode = tlower_dentry->d_inode;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
+ crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out_fput;
}
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE);
+ crypt_stat->flags |= ECRYPTFS_NEW_FILE;
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
@@ -427,7 +425,7 @@ static struct dentry *ecryptfs_lookup(st
memset(page_virt, 0, PAGE_CACHE_SIZE);
rc = ecryptfs_read_header_region(page_virt, tlower_dentry, nd->mnt);
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
- if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED))
+ if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
ecryptfs_set_default_sizes(crypt_stat);
if (rc) {
rc = 0;
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index f171bed..f8b0841 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -608,13 +608,13 @@ parse_tag_1_packet(struct ecryptfs_crypt
ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
/* TODO: Use the keyring */
(*new_auth_tok)->uid = current->uid;
- ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY);
+ (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY;
/* TODO: Why are we setting this flag here? Don't we want the
* userspace to decrypt the session key? */
- ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags,
- ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
- ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags,
- ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
+ (*new_auth_tok)->session_key.flags &=
+ ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
+ (*new_auth_tok)->session_key.flags &=
+ ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
list_add(&auth_tok_list_item->list, auth_tok_list);
goto out;
out_free:
@@ -795,13 +795,13 @@ parse_tag_3_packet(struct ecryptfs_crypt
}
/* TODO: Use the keyring */
(*new_auth_tok)->uid = current->uid;
- ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PASSWORD);
+ (*new_auth_tok)->flags |= ECRYPTFS_PASSWORD;
/* TODO: Parametarize; we might actually want userspace to
* decrypt the session key. */
- ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags,
- ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
- ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags,
- ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
+ (*new_auth_tok)->session_key.flags &=
+ ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
+ (*new_auth_tok)->session_key.flags &=
+ ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
list_add(&auth_tok_list_item->list, auth_tok_list);
goto out;
out_free:
@@ -944,8 +944,7 @@ static int decrypt_session_key(struct ec
int rc = 0;
password_s_ptr = &auth_tok->token.password;
- if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags,
- ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET))
+ if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)
ecryptfs_printk(KERN_DEBUG, "Session key encryption key "
"set; skipping key generation\n");
ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])"
@@ -1017,7 +1016,7 @@ static int decrypt_session_key(struct ec
auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
auth_tok->session_key.decrypted_key_size);
- ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
+ crypt_stat->flags |= ECRYPTFS_KEY_VALID;
ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
if (ecryptfs_verbosity > 0)
ecryptfs_dump_hex(crypt_stat->key,
@@ -1119,8 +1118,7 @@ int ecryptfs_parse_packet_set(struct ecr
sig_tmp_space, tag_11_contents_size);
new_auth_tok->token.password.signature[
ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
- ECRYPTFS_SET_FLAG(crypt_stat->flags,
- ECRYPTFS_ENCRYPTED);
+ crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
break;
case ECRYPTFS_TAG_1_PACKET_TYPE:
rc = parse_tag_1_packet(crypt_stat,
@@ -1134,8 +1132,7 @@ int ecryptfs_parse_packet_set(struct ecr
goto out_wipe_list;
}
i += packet_size;
- ECRYPTFS_SET_FLAG(crypt_stat->flags,
- ECRYPTFS_ENCRYPTED);
+ crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
break;
case ECRYPTFS_TAG_11_PACKET_TYPE:
ecryptfs_printk(KERN_WARNING, "Invalid packet set "
@@ -1177,8 +1174,7 @@ int ecryptfs_parse_packet_set(struct ecr
ecryptfs_dump_auth_tok(candidate_auth_tok);
}
/* TODO: Replace ECRYPTFS_SIG_SIZE_HEX w/ dynamic value */
- if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
- ECRYPTFS_PASSWORD))
+ if ((candidate_auth_tok->flags & ECRYPTFS_PASSWORD)
&& !strncmp(candidate_auth_tok->token.password.signature,
sig, ECRYPTFS_SIG_SIZE_HEX)) {
found_auth_tok = 1;
@@ -1186,8 +1182,7 @@ int ecryptfs_parse_packet_set(struct ecr
/* TODO: Transfer the common salt into the
* crypt_stat salt */
}
- else if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
- ECRYPTFS_PRIVATE_KEY))
+ else if ((candidate_auth_tok->flags & ECRYPTFS_PRIVATE_KEY)
&& !strncmp(candidate_auth_tok->token.private_key.signature,
sig, ECRYPTFS_SIG_SIZE_HEX)) {
found_auth_tok = 1;
@@ -1202,16 +1197,14 @@ int ecryptfs_parse_packet_set(struct ecr
goto out_wipe_list;
}
leave_list:
- if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
- ECRYPTFS_PRIVATE_KEY))) {
+ if (candidate_auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {
memcpy(&(candidate_auth_tok->token.private_key),
&(chosen_auth_tok->token.private_key),
sizeof(struct ecryptfs_private_key));
rc = decrypt_pki_encrypted_session_key(mount_crypt_stat,
candidate_auth_tok,
crypt_stat);
- } else if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags,
- ECRYPTFS_PASSWORD))) {
+ } else if (candidate_auth_tok->flags & ECRYPTFS_PASSWORD) {
memcpy(&(candidate_auth_tok->token.password),
&(chosen_auth_tok->token.password),
sizeof(struct ecryptfs_password));
@@ -1651,7 +1644,7 @@ ecryptfs_generate_key_packet_set(char *d
(*len) = 0;
if (mount_crypt_stat->global_auth_tok) {
auth_tok = mount_crypt_stat->global_auth_tok;
- if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PASSWORD)) {
+ if (auth_tok->flags & ECRYPTFS_PASSWORD) {
rc = write_tag_3_packet((dest_base + (*len)),
max, auth_tok,
crypt_stat, &key_rec,
@@ -1673,8 +1666,7 @@ ecryptfs_generate_key_packet_set(char *d
goto out;
}
(*len) += written;
- } else if (ECRYPTFS_CHECK_FLAG(auth_tok->flags,
- ECRYPTFS_PRIVATE_KEY)) {
+ } else if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {
rc = write_tag_1_packet(dest_base + (*len),
max, auth_tok,
crypt_stat,mount_crypt_stat,
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 9aacb75..b45ee2c 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -392,8 +392,7 @@ static int ecryptfs_parse_options(struct
rc = -EINVAL;
goto out;
}
- if (!ECRYPTFS_CHECK_FLAG(auth_tok->flags,
- (ECRYPTFS_PASSWORD | ECRYPTFS_PRIVATE_KEY))) {
+ if (!(auth_tok->flags & (ECRYPTFS_PASSWORD | ECRYPTFS_PRIVATE_KEY))) {
ecryptfs_printk(KERN_ERR, "Invalid auth_tok structure "
"returned from key\n");
rc = -EINVAL;
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 02f8ca1..5be06ac 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -279,8 +279,8 @@ static int ecryptfs_readpage(struct file
crypt_stat =
&ecryptfs_inode_to_private(file->f_dentry->d_inode)->crypt_stat;
if (!crypt_stat
- || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)
- || ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) {
+ || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)
+ || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) {
ecryptfs_printk(KERN_DEBUG,
"Passing through unencrypted page\n");
rc = ecryptfs_do_readpage(file, page, page->index);
@@ -556,10 +556,10 @@ static int ecryptfs_commit_write(struct
mutex_lock(&lower_inode->i_mutex);
crypt_stat =
&ecryptfs_inode_to_private(file->f_dentry->d_inode)->crypt_stat;
- if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) {
+ if (crypt_stat->flags & ECRYPTFS_NEW_FILE) {
ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in "
"crypt_stat at memory location [%p]\n", crypt_stat);
- ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE);
+ crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE);
} else
ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
--
1.3.3
filldir()'s inode number is now type u64 instead of ino_t.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/file.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
5cecf3b66f0e7ec3fcf953edbf4bf14d1a030a83
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 6da9363..6d6c62c 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -135,7 +135,7 @@ struct ecryptfs_getdents_callback {
/* Inspired by generic filldir in fs/readir.c */
static int
ecryptfs_filldir(void *dirent, const char *name, int namelen, loff_t offset,
- ino_t ino, unsigned int d_type)
+ u64 ino, unsigned int d_type)
{
struct ecryptfs_crypt_stat *crypt_stat;
struct ecryptfs_getdents_callback *buf =
--
1.3.3
On Thu, 24 Aug 2006 13:18:32 -0500
Michael Halcrow <[email protected]> wrote:
> eCryptfs netlink type, header updates, and messaging code to provide
> support for userspace callout to perform public key operations.
>
That tells us (with maximum terseness) what it does. We're left to our own
devices to work out why it does this, how it does it and why it does it in
the way in which it does it? This leads to dumb questions ;)
- We have a great clod of key mangement code in-kernel. Why is that not
suitable (or growable) for public key management?
- Is it appropriate that new infrastructure for public key management be
private to a particular fs?
- I see code in there in which the kernel "knows" about specific
userspace processes. By uid and pid. What's all that doing and why is
it done that way?
What happens if one of these daemons exits without sending a quit message?
- It uses netlink to transport keys. What are the security implications
of this? (Can they be sniffed, for example?)
- _why_ does it use netlink?
It's obvious that a string of design decisions have gone into all of this.
Please tell us about them. Please also tell us the answers to all the
other questions I'd have asked if I knew enough about this to ask them.
> * Author(s): Michael A. Halcrow <[email protected]>
> + * Trevor S. Highland <[email protected]>
> + * Tyler Hicks <[email protected]>
Do we have signoffs from Trevor and Tyler?
On Thu, Aug 24, 2006 at 08:54:19PM -0700, Andrew Morton wrote:
> On Thu, 24 Aug 2006 13:18:32 -0500
> Michael Halcrow <[email protected]> wrote:
> > eCryptfs netlink type, header updates, and messaging code to
> > provide support for userspace callout to perform public key
> > operations.
>
> That tells us (with maximum terseness) what it does. We're left to
> our own devices to work out why it does this, how it does it and why
> it does it in the way in which it does it? This leads to dumb
> questions ;)
There is a design document in the works; it's in the ecryptfs-util
userspace tarball, under doc/design_doc/. It still needs some fleshing
out to encompass userspace components. I'll go ahead and summarize the
design for this patch set.
Each inode has a unique File Encryption Key (FEK). Under passphrase, a
File Encryption Key Encryption Key (FEKEK) is generated from a
salt/passphrase combo on mount. This FEKEK encrypts each FEK and
writes it into the header of each file using the packet format
specified in RFC 2440. This is all symmetric key encryption, so it can
all be done via the kernel crypto API.
These new patches introduce public key encryption of the FEK. There is
no asymmetric key encryption support in the kernel crypto API, so
eCryptfs pushes the FEK encryption and decryption out to a userspace
daemon. After considering our requirements and determining the
complexity of using various transport mechanisms, we settled on
netlink for this communication.
eCryptfs stores authentication tokens into the kernel keyring. These
tokens correlate with individual keys. For passphrase mode of
operation, the authentication token contains the symmetric FEKEK. For
public key, the authentication token contains a PKI type and an opaque
data blob managed by individual PKI modules in userspace.
Each user who opens a file under an eCryptfs partition mounted in
public key mode must be running a daemon. That daemon has the user's
credentials and has access to all of the keys to which the user should
have access. The daemon, when started, initializes the pluggable PKI
modules available on the system and registers itself with the eCryptfs
kernel module. Userspace utilities register public key authentication
tokens into the user session keyring. These authentication tokens
correlate key signatures with PKI modules and PKI blobs. The PKI blobs
contain PKI-specific information necessary for the PKI module to carry
out asymmetric key encryption and decryption.
When the eCryptfs module parses the header of an existing file and
finds a Tag 1 (Public Key) packet (see RFC 2440), it reads in the
public key identifier (signature). The asymmetrically encrypted FEK is
in the Tag 1 packet; eCryptfs puts together a decrypt request packet
containing the signature and the encrypted FEK, then it passes it to
the daemon registered for the current->euid via a netlink unicast to
the PID of the daemon, which was registered at the time the daemon was
started by the user.
The daemon actually just makes calls to libecryptfs, which implements
request packet parsing and manages PKI modules. libecryptfs grabs the
public key authentication token for the given signature from the user
session keyring. This auth tok tells libecryptfs which PKI module
should receive the request. libecryptfs then makes a decrypt() call to
the PKI module, and it passes along the PKI block from the auth
tok. The PKI uses the blob to figure out how it should decrypt the
data passed to it; it performs the decryption and passes the decrypted
data back to libecryptfs. libecryptfs then puts together a reply
packet with the decrypted FEK and passes that back to the eCryptfs
module.
The eCryptfs module manages these request callouts to userspace code
via message context structs. The module maintains an array of message
context structs and places the elements of the array on two lists: a
free and an allocated list. When eCryptfs wants to make a request, it
moves a msg ctx from the free list to the allocated list, sets its
state to pending, and fires off the message to the user's registered
daemon.
When eCryptfs receives a netlink message (via the callback), it
correlates the msg ctx struct in the alloc list with the data in the
message itself. The msg->index contains the offset of the array of msg
ctx structs. It verifies that the registered daemon PID is the same as
the PID of the process that sent the message. It also validates a
sequence number between the received packet and the msg ctx. Then, it
copies the contents of the message (the reply packet) into the msg ctx
struct, sets the state in the msg ctx to done, and wakes up the
process that was sleeping while waiting for the reply.
The sleeping process was whatever was performing the sys_open(). This
process originally called ecryptfs_send_message(); it is now in
ecryptfs_wait_for_response(). When it wakes up and sees that the msg
ctx state was set to done, it returns a pointer to the message
contents (the reply packet) and returns. If all went well, this packet
contains the decrypted FEK, which is then copied into the crypt_stat
struct, and life continues as normal.
The case for creation of a new file is very similar, only instead of
a decrypt request, eCryptfs sends out an encrypt request.
> - We have a great clod of key mangement code in-kernel. Why is that
> not suitable (or growable) for public key management?
eCryptfs uses Howells' keyring to store persistent key data and PKI
state information. It defers public key cryptographic transformations
to userspace code. The userspace data manipulation request really is
orthogonal to key management in and of itself. What eCryptfs basically
needs is a secure way to communicate with a particular daemon for a
particular task doing a syscall, based on the UID. Nothing running
under another UID should be able to access that channel of
communication.
> - Is it appropriate that new infrastructure for public key
> management be private to a particular fs?
The messaging.c file contains a lot of code that, perhaps, could be
extracted into a separate kernel service. In essence, this would be a
sort of request/reply mechanism that would involve a userspace
daemon. I am not aware of anything that does quite what eCryptfs does,
so I was not aware of any existing tools to do just what we wanted.
> - I see code in there in which the kernel "knows" about specific
> userspace processes. By uid and pid. What's all that doing and why is
> it done that way?
I hope the explanation I give above is sufficient.
> What happens if one of these daemons exits without sending a quit
> message?
There is a stale uid<->pid association in the hash table for that
user. When the user registers a new daemon, eCryptfs cleans up the old
association and generates a new one. See ecryptfs_process_helo().
> - It uses netlink to transport keys. What are the security implications
> of this? (Can they be sniffed, for example?)
On further reflection, I think the code we sent is vulnerable to one
particular attack in the event that a daemon dies without sending a
QUIT message (an unlikely scenario, but still possible):
1) Bob registers his daemon; eCryptfs correlates the
NETLINK_CREDS(skb)->uid with NETLINK_CREDS(skb)->pid,
2) Alice determines the PID for Bob's daemon (BOB-PID),
3) Bob's daemon dies without sending a QUIT,
4) Alice runs a rogue daemon over and over again until the rogue
daemon's PID matches BOB-PID,
5) Bob creates a new file,
6) The module sends the newly generated FEK to the rogue daemon,
7) The rogue daemon obliges the encrypt request and stores off the
FEK for Bob's new file,
8) The reply comes through and the module only checks the
NETLINK_CREDS(skb)->pid; the module thinks that everything is well
and moves forward.
I think the solution to this is, quite simply, to check the uid as
well as the pid from the netlink credentials. The rogue daemon will
still get the FEK, but that FEK will never be used because the file
create attempt will fail.
The included patch makes this correction.
> - _why_ does it use netlink?
Netlink provides the transport mechanism that would minimize the
complexity of the implementation, given that we can have multiple
daemons (one per user). I explored the possibility of using relayfs,
but that would involve having to introduce control channels and a
protocol for creating and tearing down channels for the daemons. We do
not have to worry about any of that with netlink.
---
Check the uid as well as the pid to authenticate a message from
userspace.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/ecryptfs_kernel.h | 3 ++-
fs/ecryptfs/messaging.c | 10 +++++++++-
fs/ecryptfs/netlink.c | 4 ++--
3 files changed, 13 insertions(+), 4 deletions(-)
52cb76eae1dd6c8fe66ff02d4cfaba5714b20074
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index fcf6d8b..c61ef97 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -547,7 +547,8 @@ ecryptfs_process_cipher(struct crypto_tf
int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid);
int ecryptfs_process_quit(uid_t uid, pid_t pid);
-int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq);
+int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t uid,
+ pid_t pid, u32 seq);
int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
struct ecryptfs_msg_ctx **msg_ctx);
int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index bc6aaab..2242d76 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -242,7 +242,8 @@ unlock:
* userspace. Returns zero upon delivery to desired context element;
* non-zero upon delivery failure or error.
*/
-int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq)
+int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t uid,
+ pid_t pid, u32 seq)
{
struct ecryptfs_daemon_id *id;
struct ecryptfs_msg_ctx *msg_ctx;
@@ -267,6 +268,13 @@ int ecryptfs_process_response(struct ecr
msg_ctx->task->euid, pid);
goto wake_up;
}
+ if (msg_ctx->task->euid != uid) {
+ rc = -EBADMSG;
+ ecryptfs_printk(KERN_WARNING, "Received message from user "
+ "[%d]; expected message from user [%d]\n",
+ uid, msg_ctx->task->euid);
+ goto unlock;
+ }
if (id->pid != pid) {
rc = -EBADMSG;
ecryptfs_printk(KERN_ERR, "User [%d] received a "
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c
index aba061d..e3aa225 100644
--- a/fs/ecryptfs/netlink.c
+++ b/fs/ecryptfs/netlink.c
@@ -107,8 +107,8 @@ static int ecryptfs_process_nl_response(
"incorrectly specified data length\n");
goto out;
}
- rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->pid,
- nlh->nlmsg_seq);
+ rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid,
+ NETLINK_CREDS(skb)->pid, nlh->nlmsg_seq);
if (rc)
printk(KERN_ERR
"Error processing response message; rc = [%d]\n", rc);
--
1.3.3
Michael Halcrow <[email protected]> wrote:
> Open-code flag checking and manipulation.
That looks reasonable.
Acked-By: David Howells <[email protected]>
Michael Halcrow <[email protected]> wrote:
> filldir()'s inode number is now type u64 instead of ino_t.
Acked-By: David Howells <[email protected]>
Michael Halcrow <[email protected]> wrote:
> filldir()'s inode number is now type u64 instead of ino_t.
Btw, in ecryptfs_interpose(), you have:
inode = iget(sb, lower_inode->i_ino);
But you have to be *very* *very* careful doing that. i_ino may be ambiguous.
My suggestions to make i_ino bigger were turned down by Al Viro; and even it
were bigger, it might still not be unique.
David
On Fri, Aug 25, 2006 at 10:51:17PM +0100, David Howells wrote:
> Michael Halcrow <[email protected]> wrote:
> > filldir()'s inode number is now type u64 instead of ino_t.
>
> Btw, in ecryptfs_interpose(), you have:
>
> inode = iget(sb, lower_inode->i_ino);
>
> But you have to be *very* *very* careful doing that. i_ino may be
> ambiguous. My suggestions to make i_ino bigger were turned down by
> Al Viro; and even it were bigger, it might still not be unique.
Is this the case as long as we stay under the same mountpoint?
Mike
Michael Halcrow <[email protected]> wrote:
> > > filldir()'s inode number is now type u64 instead of ino_t.
> >
> > Btw, in ecryptfs_interpose(), you have:
> >
> > inode = iget(sb, lower_inode->i_ino);
> >
> > But you have to be *very* *very* careful doing that. i_ino may be
> > ambiguous. My suggestions to make i_ino bigger were turned down by
> > Al Viro; and even it were bigger, it might still not be unique.
>
> Is this the case as long as we stay under the same mountpoint?
Yes.
Imagine, for a moment, that you are running on a 32-bit system, and that you
are using, say, XFS, and that XFS has 64-bit inode numbers. i_ino is 32-bits,
so clearly XFS can't place its full inode number in there.
What XFS can do is:
(1) Use iget5 to do its own inode search and set, disregarding i_ino for that
purpose.
(2) Place just the lower 32-bits of the inode number in i_ino.
(3) Return the 64-bit inode number directly through the getattr() and
readdir() ops, without recourse to i_ino.
(4) Ignore i_ino entirely, except for spicing up printk()'s.
Now, consider, say, NFS. NFS now puts some or all of 64-bit inode numbers in
the i_ino field, but it actually differentiates inodes using iget5 and
comparing file handles - which it really can't represent in i_ino.
It doesn't actually check that the server hasn't given it two fileids the same,
so even with a 64-bit i_ino, you just have to hope that you can get unique
values.
And, in fact, imagine the following scenario:
(1) An NFS inode with fileid N is in the client's icache, and this corresponds
to some remote file on the server.
(2) The remote file is then deleted (but the client isn't told).
(3) A new remote file is created that would has the same fileid (N), but a
different file handle.
(4) The client looks up the new remote file under a different name (so
different dentry), and sets up a client inode for it with the new
filehandle.
(5) The client will now have two NFS inodes from the server with the same
fileid, but with different filehandles. As far as the NFS client
filesystem is concerned, they are _different_ files, but as far as
eCryptFS is concerned, they are the _same_ because is passed the lower
i_ino to iget().
I think what you need to do is actually simple. Use iget5 to look up your
inode, using the _pointer_ to the lower inode as the key. Then just fill in
i_ino from the lower inode. The lower inode can't escape whilst you have it
pinned, so the pointer is, in effect, invariant whilst you are using it.
David
On Fri, 25 Aug 2006 14:18:37 -0500
Michael Halcrow <[email protected]> wrote:
> > - _why_ does it use netlink?
>
> Netlink provides the transport mechanism that would minimize the
> complexity of the implementation, given that we can have multiple
> daemons (one per user). I explored the possibility of using relayfs,
> but that would involve having to introduce control channels and a
> protocol for creating and tearing down channels for the daemons. We do
> not have to worry about any of that with netlink.
I'd have thought that a more appropriate communication mechanism would be
something which uses a file descriptor: a pipe, or a /dev node or whatever.
That way, the endpoints are more tightly defined and the
daemon-didnt-send-quit problem gets solved. In fact, the quit message
might become unneeded: just use close()?
On Fri, Aug 25, 2006 at 11:59:06PM +0100, David Howells wrote:
> I think what you need to do is actually simple. Use iget5 to look
> up your inode, using the _pointer_ to the lower inode as the key.
> Then just fill in i_ino from the lower inode. The lower inode can't
> escape whilst you have it pinned, so the pointer is, in effect,
> invariant whilst you are using it.
Is this the right approach?
Note that I used to depend on iget() to wind up calling
ecryptfs_read_inode(); it looks like iget5_locked() does not make that
call, so I broke the inode initialization code out into
ecryptfs_init_inode(). I now call it explicitly if the I_NEW flag is
set, and ecryptfs_read_inode() is now a no-op.
I have not tested this under a condition when there is an i_ino
conflict, so the ecryptfs_inode_test() code has not been exercised,
but I know that the candidate_lower_inode pointer is being set right,
so that this would work.
---
Modify inode number generation to account for differences in the inode
number data type sizes in lower filesystems.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/ecryptfs_kernel.h | 4 +++-
fs/ecryptfs/inode.c | 15 +++++++++++++++
fs/ecryptfs/main.c | 14 +++++++-------
fs/ecryptfs/super.c | 11 +++++++----
4 files changed, 32 insertions(+), 12 deletions(-)
e61cf76bd76643eee6299dc1331a6e2f2d9e01e2
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index c61ef97..6e4f46e 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -567,6 +567,8 @@ int ecryptfs_send_connector(char *data,
u16 msg_flags, pid_t daemon_pid);
int ecryptfs_init_connector(void);
void ecryptfs_release_connector(void);
-
+int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
+int ecryptfs_inode_set(struct inode *inode, void *ignored);
+void ecryptfs_init_inode(struct inode *inode);
#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index bfc7f41..331d6d2 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -1022,6 +1022,21 @@ out:
return rc;
}
+int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
+{
+ if (ecryptfs_inode_to_private(inode) &&
+ (ecryptfs_inode_to_lower(inode)
+ == (struct inode *)candidate_lower_inode))
+ return 1;
+ else
+ return 0;
+}
+
+int ecryptfs_inode_set(struct inode *inode, void *ignored)
+{
+ return 0;
+}
+
struct inode_operations ecryptfs_symlink_iops = {
.readlink = ecryptfs_readlink,
.follow_link = ecryptfs_follow_link,
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index d7a1672..98839bc 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -106,9 +106,6 @@ void __ecryptfs_printk(const char *fmt,
*
* Interposes upper and lower dentries.
*
- * This function will allocate an ecryptfs_inode through the call to
- * iget(sb, lower_inode->i_ino).
- *
* Returns zero on success; non-zero otherwise
*/
int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
@@ -123,14 +120,17 @@ int ecryptfs_interpose(struct dentry *lo
rc = -EXDEV;
goto out;
}
- inode = iget(sb, lower_inode->i_ino);
+ inode = iget5_locked(sb, lower_inode->i_ino, ecryptfs_inode_test,
+ ecryptfs_inode_set, lower_inode);
if (!inode) {
rc = -EACCES;
goto out;
}
- /* This check is required here because if we failed to allocated the
- * required space for an inode_info_cache struct, then the only way
- * we know we failed, is by the pointer being NULL */
+ inode->i_ino = lower_inode->i_ino;
+ if (inode->i_state & I_NEW) {
+ ecryptfs_init_inode(inode);
+ unlock_new_inode(inode);
+ }
if (!ecryptfs_inode_to_private(inode)) {
ecryptfs_printk(KERN_ERR, "Out of memory. Failure to "
"allocate memory in ecryptfs_read_inode.\n");
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index f4f06ea..9caae2c 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -78,18 +78,19 @@ static void ecryptfs_destroy_inode(struc
}
/**
- * ecryptfs_read_inode
+ * ecryptfs_init_inode
* @inode: The ecryptfs inode
*
* Set up the ecryptfs inode.
*/
-static void ecryptfs_read_inode(struct inode *inode)
+void ecryptfs_init_inode(struct inode *inode)
{
/* This is where we setup the self-reference in the vfs_inode's
* i_private. That way we don't have to walk the list again. */
ecryptfs_set_inode_private(inode,
- list_entry(inode, struct ecryptfs_inode_info,
- vfs_inode));
+ container_of(inode,
+ struct ecryptfs_inode_info,
+ vfs_inode));
ecryptfs_set_inode_lower(inode, NULL);
inode->i_version++;
inode->i_op = &ecryptfs_main_iops;
@@ -97,6 +98,8 @@ static void ecryptfs_read_inode(struct i
inode->i_mapping->a_ops = &ecryptfs_aops;
}
+static void ecryptfs_read_inode(struct inode *inode) { }
+
/**
* ecryptfs_put_super
* @sb: Pointer to the ecryptfs super block
--
1.3.3
Michael Halcrow <[email protected]> wrote:
> Note that I used to depend on iget() to wind up calling
> ecryptfs_read_inode(); it looks like iget5_locked() does not make that
> call,
Exactly so. iget5_locked() returns with a new inode in a partially
constructed state, thus obviating the need for read_inode(). If you look at
the implementation of iget():
static inline struct inode *iget(struct super_block *sb,
unsigned long ino)
{
struct inode *inode = iget_locked(sb, ino);
if (inode && (inode->i_state & I_NEW)) {
sb->s_op->read_inode(inode);
unlock_new_inode(inode);
}
return inode;
}
You can see that read_inode() is _only_ used there and can be dispensed with
if you're using iget_locked() or iget5_locked() directly. This gives you more
control over what data you have available when initialising an inode.
> + inode = iget5_locked(sb, lower_inode->i_ino, ecryptfs_inode_test,
> + ecryptfs_inode_set, lower_inode);
The second argument of iget5_locked() is a hash value. I would use
lower_inode not lower_inode->i_ino as the former is fundamental to your search
and the latter irrelevant.
> + inode->i_ino = lower_inode->i_ino;
> + if (inode->i_state & I_NEW) {
> + ecryptfs_init_inode(inode);
> + unlock_new_inode(inode);
> + }
Shouldn't the setting of i_ino be inside the if-statement?
You should set the lower inode pointer in ecryptfs_inode_set() so that the
ecryptfs inode is linked to the lower inode whilst inode_lock is held (see
get_new_inode()). You could also set i_ino there too. Consider this bit of
pseudocode:
int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
{
ecryptfs_set_lower_inode(inode, lower_inode);
inode->i_ino = lower_inode->i_ino;
return 0;
}
David
On Thu, Aug 31, 2006 at 11:30:31AM +0100, David Howells wrote:
> Michael Halcrow <[email protected]> wrote:
> > + inode = iget5_locked(sb, lower_inode->i_ino, ecryptfs_inode_test,
> > + ecryptfs_inode_set, lower_inode);
>
> The second argument of iget5_locked() is a hash value. I would use
> lower_inode not lower_inode->i_ino as the former is fundamental to
> your search and the latter irrelevant.
Is it safe to assume that a pointer will always be equal to or smaller
than an unsigned long for all architectures? Casting a pointer to an
unsigned long, in general, makes me a bit uncomfortable.
> > + inode->i_ino = lower_inode->i_ino;
> > + if (inode->i_state & I_NEW) {
> > + ecryptfs_init_inode(inode);
> > + unlock_new_inode(inode);
> > + }
>
> Shouldn't the setting of i_ino be inside the if-statement?
>
> You should set the lower inode pointer in ecryptfs_inode_set() so
> that the ecryptfs inode is linked to the lower inode whilst
> inode_lock is held (see get_new_inode()). You could also set i_ino
> there too. Consider this bit of pseudocode:
>
> int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
> {
> ecryptfs_set_lower_inode(inode, lower_inode);
> inode->i_ino = lower_inode->i_ino;
> return 0;
> }
Dave Chinner told me that XFS uses 32-bit inode numbers on 32-bit
machines, so I imagine that this patch really is only helpful for NFS.
How does this look?
---
Modify inode number generation to account for differences in the inode
number data type sizes in lower filesystems.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/ecryptfs_kernel.h | 3 +++
fs/ecryptfs/inode.c | 23 +++++++++++++++++++++++
fs/ecryptfs/main.c | 16 +++++++---------
fs/ecryptfs/super.c | 12 ++++--------
4 files changed, 37 insertions(+), 17 deletions(-)
62dee692ac7e88898f329e389ebd3178fce428a3
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 349ce2a..860af16 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -474,5 +474,8 @@ int ecryptfs_truncate(struct dentry *den
int
ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm,
char *cipher_name, size_t key_size);
+int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
+int ecryptfs_inode_set(struct inode *inode, void *ignored);
+void ecryptfs_init_inode(struct inode *inode);
#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index d8659ff..642a260 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -1024,6 +1024,29 @@ out:
return rc;
}
+int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
+{
+ if (ecryptfs_inode_to_private(inode) &&
+ (ecryptfs_inode_to_lower(inode)
+ == (struct inode *)candidate_lower_inode))
+ return 1;
+ else
+ return 0;
+}
+
+int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
+{
+ /* This is where we setup the self-reference in the vfs_inode's
+ * i_private. That way we don't have to walk the list again. */
+ ecryptfs_set_inode_private(inode,
+ container_of(inode,
+ struct ecryptfs_inode_info,
+ vfs_inode));
+ ecryptfs_set_inode_lower(inode, igrab((struct inode *)lower_inode));
+ inode->i_ino = ((struct inode *)lower_inode)->i_ino;
+ return 0;
+}
+
struct inode_operations ecryptfs_symlink_iops = {
.readlink = ecryptfs_readlink,
.follow_link = ecryptfs_follow_link,
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index f7ea912..83e920c 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -68,9 +68,6 @@ void __ecryptfs_printk(const char *fmt,
*
* Interposes upper and lower dentries.
*
- * This function will allocate an ecryptfs_inode through the call to
- * iget(sb, lower_inode->i_ino).
- *
* Returns zero on success; non-zero otherwise
*/
int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
@@ -85,22 +82,23 @@ int ecryptfs_interpose(struct dentry *lo
rc = -EXDEV;
goto out;
}
- inode = iget(sb, lower_inode->i_ino);
+ inode = iget5_locked(sb, (unsigned long)lower_inode,
+ ecryptfs_inode_test, ecryptfs_inode_set,
+ lower_inode);
if (!inode) {
rc = -EACCES;
goto out;
}
- /* This check is required here because if we failed to allocated the
- * required space for an inode_info_cache struct, then the only way
- * we know we failed, is by the pointer being NULL */
+ if (inode->i_state & I_NEW) {
+ ecryptfs_init_inode(inode);
+ unlock_new_inode(inode);
+ }
if (!ecryptfs_inode_to_private(inode)) {
ecryptfs_printk(KERN_ERR, "Out of memory. Failure to "
"allocate memory in ecryptfs_read_inode.\n");
rc = -ENOMEM;
goto out;
}
- if (!ecryptfs_inode_to_lower(inode))
- ecryptfs_set_inode_lower(inode, igrab(lower_inode));
if (S_ISLNK(lower_inode->i_mode))
inode->i_op = &ecryptfs_symlink_iops;
else if (S_ISDIR(lower_inode->i_mode))
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index f4f06ea..f2bfac3 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -78,25 +78,21 @@ static void ecryptfs_destroy_inode(struc
}
/**
- * ecryptfs_read_inode
+ * ecryptfs_init_inode
* @inode: The ecryptfs inode
*
* Set up the ecryptfs inode.
*/
-static void ecryptfs_read_inode(struct inode *inode)
+void ecryptfs_init_inode(struct inode *inode)
{
- /* This is where we setup the self-reference in the vfs_inode's
- * i_private. That way we don't have to walk the list again. */
- ecryptfs_set_inode_private(inode,
- list_entry(inode, struct ecryptfs_inode_info,
- vfs_inode));
- ecryptfs_set_inode_lower(inode, NULL);
inode->i_version++;
inode->i_op = &ecryptfs_main_iops;
inode->i_fop = &ecryptfs_main_fops;
inode->i_mapping->a_ops = &ecryptfs_aops;
}
+static void ecryptfs_read_inode(struct inode *inode) { }
+
/**
* ecryptfs_put_super
* @sb: Pointer to the ecryptfs super block
--
1.3.3
Michael Halcrow <[email protected]> wrote:
> Is it safe to assume that a pointer will always be equal to or smaller
> than an unsigned long for all architectures?
I presume you're talking about the sizes of the types. Inside the Linux
kernel:
sizeof(void *) == sizeof(unsigned long)
must always hold true. There are too many things that depend on it to do
otherwise.
> Casting a pointer to an unsigned long, in general, makes me a bit
> uncomfortable.
Pointers are just numbers that are used in a particular way. Go and look in
linux/err.h:-)
> Dave Chinner told me that XFS uses 32-bit inode numbers on 32-bit
> machines, so I imagine that this patch really is only helpful for NFS.
At the moment, maybe, but they could always change it. And what about Reiser4?
> +int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
> +{
> + if (ecryptfs_inode_to_private(inode) &&
Is this part of the condition actually necessary? Can you not guarantee that
this will always be true?
> + ecryptfs_set_inode_lower(inode, igrab((struct inode *)lower_inode));
igrab() might fail. I would recommend doing it before calling iget5_unlocked()
and drop the extraneous reference to lower_inode afterwards if the eCryptFS
inode returned is already set up.
You're also casting lower_inode twice. Whilst there's nothing actually wrong
with that, it might look better if you assigned it to its own variable at the
top of the function and only do the cast once.
> +static void ecryptfs_read_inode(struct inode *inode) { }
> +
You shouldn't need that any more. Just leave the read_inode op pointer unset.
The NULL pointer exception handler will let you know if anyone tries to access
it (which they shouldn't - only *you* should call iget*() on your own inodes).
Looks good otherwise. Just the igrab() thing is a real problem.
David
On Wed, Sep 06, 2006 at 10:44:45AM +0100, David Howells wrote:
> Michael Halcrow <[email protected]> wrote:
> > +int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
> > +{
> > + if (ecryptfs_inode_to_private(inode) &&
>
> Is this part of the condition actually necessary? Can you not
> guarantee that this will always be true?
This check is not needed, as far as I can tell. I think I am going to
go the conservative route and convert the check to a BUG_ON() for now.
> > + ecryptfs_set_inode_lower(inode, igrab((struct inode *)lower_inode));
>
> igrab() might fail. I would recommend doing it before calling
> iget5_unlocked() and drop the extraneous reference to lower_inode
> afterwards if the eCryptFS inode returned is already set up.
<snip>
> > +static void ecryptfs_read_inode(struct inode *inode) { }
>
> You shouldn't need that any more. Just leave the read_inode op
> pointer unset. The NULL pointer exception handler will let you know
> if anyone tries to access it (which they shouldn't - only *you*
> should call iget*() on your own inodes).
>
> Looks good otherwise. Just the igrab() thing is a real problem.
How's this?
---
Modify inode number generation to account for differences in the inode
number data type sizes in lower filesystems.
Signed-off-by: Michael Halcrow <[email protected]>
---
fs/ecryptfs/ecryptfs_kernel.h | 3 +++
fs/ecryptfs/inode.c | 16 ++++++++++++++++
fs/ecryptfs/main.c | 29 +++++++++++++----------------
fs/ecryptfs/super.c | 18 ++++++++++--------
4 files changed, 42 insertions(+), 24 deletions(-)
f260d0b3dad0dadcb8a70b9f3e251a5aae1360f0
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 349ce2a..85660da 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -474,5 +474,8 @@ int ecryptfs_truncate(struct dentry *den
int
ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm,
char *cipher_name, size_t key_size);
+int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
+int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
+void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index d8659ff..96b05a6 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -1024,6 +1024,22 @@ out:
return rc;
}
+int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
+{
+ BUG_ON(!ecryptfs_inode_to_private(inode));
+ if ((ecryptfs_inode_to_lower(inode)
+ == (struct inode *)candidate_lower_inode))
+ return 1;
+ else
+ return 0;
+}
+
+int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
+{
+ ecryptfs_init_inode(inode, (struct inode *)lower_inode);
+ return 0;
+}
+
struct inode_operations ecryptfs_symlink_iops = {
.readlink = ecryptfs_readlink,
.follow_link = ecryptfs_follow_link,
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index f7ea912..ecf9faf 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -68,39 +68,36 @@ void __ecryptfs_printk(const char *fmt,
*
* Interposes upper and lower dentries.
*
- * This function will allocate an ecryptfs_inode through the call to
- * iget(sb, lower_inode->i_ino).
- *
* Returns zero on success; non-zero otherwise
*/
int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
struct super_block *sb, int flag)
{
struct inode *lower_inode;
- int rc = 0;
struct inode *inode;
+ int rc = 0;
lower_inode = lower_dentry->d_inode;
if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) {
rc = -EXDEV;
goto out;
}
- inode = iget(sb, lower_inode->i_ino);
- if (!inode) {
- rc = -EACCES;
+ if (!igrab(lower_inode)) {
+ rc = -ESTALE;
goto out;
}
- /* This check is required here because if we failed to allocated the
- * required space for an inode_info_cache struct, then the only way
- * we know we failed, is by the pointer being NULL */
- if (!ecryptfs_inode_to_private(inode)) {
- ecryptfs_printk(KERN_ERR, "Out of memory. Failure to "
- "allocate memory in ecryptfs_read_inode.\n");
- rc = -ENOMEM;
+ inode = iget5_locked(sb, (unsigned long)lower_inode,
+ ecryptfs_inode_test, ecryptfs_inode_set,
+ lower_inode);
+ if (!inode) {
+ rc = -EACCES;
+ iput(lower_inode);
goto out;
}
- if (!ecryptfs_inode_to_lower(inode))
- ecryptfs_set_inode_lower(inode, igrab(lower_inode));
+ if (inode->i_state & I_NEW)
+ unlock_new_inode(inode);
+ else
+ iput(lower_inode);
if (S_ISLNK(lower_inode->i_mode))
inode->i_op = &ecryptfs_symlink_iops;
else if (S_ISDIR(lower_inode->i_mode))
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index f4f06ea..9edadac 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -78,19 +78,22 @@ static void ecryptfs_destroy_inode(struc
}
/**
- * ecryptfs_read_inode
+ * ecryptfs_init_inode
* @inode: The ecryptfs inode
*
* Set up the ecryptfs inode.
*/
-static void ecryptfs_read_inode(struct inode *inode)
+void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode)
{
- /* This is where we setup the self-reference in the vfs_inode's
- * i_private. That way we don't have to walk the list again. */
+ /* This is where we setup the self-reference in the
+ * vfs_inode's i_private. That way we don't have to walk the
+ * list again. */
ecryptfs_set_inode_private(inode,
- list_entry(inode, struct ecryptfs_inode_info,
- vfs_inode));
- ecryptfs_set_inode_lower(inode, NULL);
+ container_of(inode,
+ struct ecryptfs_inode_info,
+ vfs_inode));
+ ecryptfs_set_inode_lower(inode, lower_inode);
+ inode->i_ino = lower_inode->i_ino;
inode->i_version++;
inode->i_op = &ecryptfs_main_iops;
inode->i_fop = &ecryptfs_main_fops;
@@ -192,7 +195,6 @@ out:
struct super_operations ecryptfs_sops = {
.alloc_inode = ecryptfs_alloc_inode,
.destroy_inode = ecryptfs_destroy_inode,
- .read_inode = ecryptfs_read_inode,
.drop_inode = generic_delete_inode,
.put_super = ecryptfs_put_super,
.statfs = ecryptfs_statfs,
--
1.3.3
Michael Halcrow <[email protected]> wrote:
> How's this?
Looks good.
Acked-By: David Howells <[email protected]>