tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt
Pull fscrypt updates from Ted Ts'o:
"Only bug fixes and cleanups for this merge window"
* tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt:
fscrypt: correct collision claim for digested names
MAINTAINERS: fscrypt: update mailing list, patchwork, and git
ext4: clean up ext4_match() and callers
f2fs: switch to using fscrypt_match_name()
ext4: switch to using fscrypt_match_name()
fscrypt: introduce helper function for filename matching
fscrypt: avoid collisions when presenting long encrypted filenames
f2fs: check entire encrypted bigname when finding a dentry
ubifs: check for consistent encryption contexts in ubifs_lookup()
f2fs: sync f2fs_lookup() with ext4_lookup()
ext4: remove "nokey" check from ext4_lookup()
fscrypt: fix context consistency check when key(s) unavailable
fscrypt: Remove __packed from fscrypt_policy
fscrypt: Move key structure and constants to uapi
fscrypt: remove fscrypt_symlink_data_len()
fscrypt: remove unnecessary checks for NULL operations
+301
-187
+4
-2
MAINTAINERS
+4
-2
MAINTAINERS
···
5417
5417
F: fs/fscache/
5418
5418
F: include/linux/fscache*.h
5419
5419
5420
-
FS-CRYPTO: FILE SYSTEM LEVEL ENCRYPTION SUPPORT
5420
+
FSCRYPT: FILE SYSTEM LEVEL ENCRYPTION SUPPORT
5421
5421
M: Theodore Y. Ts'o <tytso@mit.edu>
5422
5422
M: Jaegeuk Kim <jaegeuk@kernel.org>
5423
-
L: linux-fsdevel@vger.kernel.org
5423
+
L: linux-fscrypt@vger.kernel.org
5424
+
Q: https://patchwork.kernel.org/project/linux-fscrypt/list/
5425
+
T: git git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt.git
5424
5426
S: Supported
5425
5427
F: fs/crypto/
5426
5428
F: include/linux/fscrypt*.h
+70
-20
fs/crypto/fname.c
+70
-20
fs/crypto/fname.c
···
159
159
static const char *lookup_table =
160
160
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
161
161
162
+
#define BASE64_CHARS(nbytes) DIV_ROUND_UP((nbytes) * 4, 3)
163
+
162
164
/**
163
165
* digest_encode() -
164
166
*
···
232
230
int fscrypt_fname_alloc_buffer(const struct inode *inode,
233
231
u32 ilen, struct fscrypt_str *crypto_str)
234
232
{
235
-
unsigned int olen = fscrypt_fname_encrypted_size(inode, ilen);
233
+
u32 olen = fscrypt_fname_encrypted_size(inode, ilen);
234
+
const u32 max_encoded_len =
235
+
max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE),
236
+
1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)));
236
237
237
238
crypto_str->len = olen;
238
-
if (olen < FS_FNAME_CRYPTO_DIGEST_SIZE * 2)
239
-
olen = FS_FNAME_CRYPTO_DIGEST_SIZE * 2;
239
+
olen = max(olen, max_encoded_len);
240
+
240
241
/*
241
242
* Allocated buffer can hold one more character to null-terminate the
242
243
* string
···
271
266
*
272
267
* The caller must have allocated sufficient memory for the @oname string.
273
268
*
269
+
* If the key is available, we'll decrypt the disk name; otherwise, we'll encode
270
+
* it for presentation. Short names are directly base64-encoded, while long
271
+
* names are encoded in fscrypt_digested_name format.
272
+
*
274
273
* Return: 0 on success, -errno on failure
275
274
*/
276
275
int fscrypt_fname_disk_to_usr(struct inode *inode,
···
283
274
struct fscrypt_str *oname)
284
275
{
285
276
const struct qstr qname = FSTR_TO_QSTR(iname);
286
-
char buf[24];
277
+
struct fscrypt_digested_name digested_name;
287
278
288
279
if (fscrypt_is_dot_dotdot(&qname)) {
289
280
oname->name[0] = '.';
···
298
289
if (inode->i_crypt_info)
299
290
return fname_decrypt(inode, iname, oname);
300
291
301
-
if (iname->len <= FS_FNAME_CRYPTO_DIGEST_SIZE) {
292
+
if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) {
302
293
oname->len = digest_encode(iname->name, iname->len,
303
294
oname->name);
304
295
return 0;
305
296
}
306
297
if (hash) {
307
-
memcpy(buf, &hash, 4);
308
-
memcpy(buf + 4, &minor_hash, 4);
298
+
digested_name.hash = hash;
299
+
digested_name.minor_hash = minor_hash;
309
300
} else {
310
-
memset(buf, 0, 8);
301
+
digested_name.hash = 0;
302
+
digested_name.minor_hash = 0;
311
303
}
312
-
memcpy(buf + 8, iname->name + iname->len - 16, 16);
304
+
memcpy(digested_name.digest,
305
+
FSCRYPT_FNAME_DIGEST(iname->name, iname->len),
306
+
FSCRYPT_FNAME_DIGEST_SIZE);
313
307
oname->name[0] = '_';
314
-
oname->len = 1 + digest_encode(buf, 24, oname->name + 1);
308
+
oname->len = 1 + digest_encode((const char *)&digested_name,
309
+
sizeof(digested_name), oname->name + 1);
315
310
return 0;
316
311
}
317
312
EXPORT_SYMBOL(fscrypt_fname_disk_to_usr);
···
349
336
}
350
337
EXPORT_SYMBOL(fscrypt_fname_usr_to_disk);
351
338
339
+
/**
340
+
* fscrypt_setup_filename() - prepare to search a possibly encrypted directory
341
+
* @dir: the directory that will be searched
342
+
* @iname: the user-provided filename being searched for
343
+
* @lookup: 1 if we're allowed to proceed without the key because it's
344
+
* ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
345
+
* proceed without the key because we're going to create the dir_entry.
346
+
* @fname: the filename information to be filled in
347
+
*
348
+
* Given a user-provided filename @iname, this function sets @fname->disk_name
349
+
* to the name that would be stored in the on-disk directory entry, if possible.
350
+
* If the directory is unencrypted this is simply @iname. Else, if we have the
351
+
* directory's encryption key, then @iname is the plaintext, so we encrypt it to
352
+
* get the disk_name.
353
+
*
354
+
* Else, for keyless @lookup operations, @iname is the presented ciphertext, so
355
+
* we decode it to get either the ciphertext disk_name (for short names) or the
356
+
* fscrypt_digested_name (for long names). Non-@lookup operations will be
357
+
* impossible in this case, so we fail them with ENOKEY.
358
+
*
359
+
* If successful, fscrypt_free_filename() must be called later to clean up.
360
+
*
361
+
* Return: 0 on success, -errno on failure
362
+
*/
352
363
int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
353
364
int lookup, struct fscrypt_name *fname)
354
365
{
355
-
int ret = 0, bigname = 0;
366
+
int ret;
367
+
int digested;
356
368
357
369
memset(fname, 0, sizeof(struct fscrypt_name));
358
370
fname->usr_fname = iname;
···
411
373
* We don't have the key and we are doing a lookup; decode the
412
374
* user-supplied name
413
375
*/
414
-
if (iname->name[0] == '_')
415
-
bigname = 1;
416
-
if ((bigname && (iname->len != 33)) || (!bigname && (iname->len > 43)))
417
-
return -ENOENT;
376
+
if (iname->name[0] == '_') {
377
+
if (iname->len !=
378
+
1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)))
379
+
return -ENOENT;
380
+
digested = 1;
381
+
} else {
382
+
if (iname->len >
383
+
BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE))
384
+
return -ENOENT;
385
+
digested = 0;
386
+
}
418
387
419
-
fname->crypto_buf.name = kmalloc(32, GFP_KERNEL);
388
+
fname->crypto_buf.name =
389
+
kmalloc(max_t(size_t, FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE,
390
+
sizeof(struct fscrypt_digested_name)),
391
+
GFP_KERNEL);
420
392
if (fname->crypto_buf.name == NULL)
421
393
return -ENOMEM;
422
394
423
-
ret = digest_decode(iname->name + bigname, iname->len - bigname,
395
+
ret = digest_decode(iname->name + digested, iname->len - digested,
424
396
fname->crypto_buf.name);
425
397
if (ret < 0) {
426
398
ret = -ENOENT;
427
399
goto errout;
428
400
}
429
401
fname->crypto_buf.len = ret;
430
-
if (bigname) {
431
-
memcpy(&fname->hash, fname->crypto_buf.name, 4);
432
-
memcpy(&fname->minor_hash, fname->crypto_buf.name + 4, 4);
402
+
if (digested) {
403
+
const struct fscrypt_digested_name *n =
404
+
(const void *)fname->crypto_buf.name;
405
+
fname->hash = n->hash;
406
+
fname->minor_hash = n->minor_hash;
433
407
} else {
434
408
fname->disk_name.name = fname->crypto_buf.name;
435
409
fname->disk_name.len = fname->crypto_buf.len;
-13
fs/crypto/fscrypt_private.h
-13
fs/crypto/fscrypt_private.h
···
13
13
14
14
#include <linux/fscrypt_supp.h>
15
15
16
-
#define FS_FNAME_CRYPTO_DIGEST_SIZE 32
17
-
18
16
/* Encryption parameters */
19
17
#define FS_XTS_TWEAK_SIZE 16
20
18
#define FS_AES_128_ECB_KEY_SIZE 16
···
20
22
#define FS_AES_256_CBC_KEY_SIZE 32
21
23
#define FS_AES_256_CTS_KEY_SIZE 32
22
24
#define FS_AES_256_XTS_KEY_SIZE 64
23
-
#define FS_MAX_KEY_SIZE 64
24
-
25
-
#define FS_KEY_DESC_PREFIX "fscrypt:"
26
-
#define FS_KEY_DESC_PREFIX_SIZE 8
27
25
28
26
#define FS_KEY_DERIVATION_NONCE_SIZE 16
29
27
···
44
50
} __packed;
45
51
46
52
#define FS_ENCRYPTION_CONTEXT_FORMAT_V1 1
47
-
48
-
/* This is passed in from userspace into the kernel keyring */
49
-
struct fscrypt_key {
50
-
u32 mode;
51
-
u8 raw[FS_MAX_KEY_SIZE];
52
-
u32 size;
53
-
} __packed;
54
53
55
54
/*
56
55
* A pointer to this structure is stored in the file system's in-core
-3
fs/crypto/keyinfo.c
-3
fs/crypto/keyinfo.c
+69
-29
fs/crypto/policy.c
+69
-29
fs/crypto/policy.c
···
34
34
{
35
35
struct fscrypt_context ctx;
36
36
37
-
if (!inode->i_sb->s_cop->set_context)
38
-
return -EOPNOTSUPP;
39
-
40
37
ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
41
38
memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
42
39
FS_KEY_DESCRIPTOR_SIZE);
···
84
87
if (ret == -ENODATA) {
85
88
if (!S_ISDIR(inode->i_mode))
86
89
ret = -ENOTDIR;
87
-
else if (!inode->i_sb->s_cop->empty_dir)
88
-
ret = -EOPNOTSUPP;
89
90
else if (!inode->i_sb->s_cop->empty_dir(inode))
90
91
ret = -ENOTEMPTY;
91
92
else
···
113
118
struct fscrypt_policy policy;
114
119
int res;
115
120
116
-
if (!inode->i_sb->s_cop->get_context ||
117
-
!inode->i_sb->s_cop->is_encrypted(inode))
121
+
if (!inode->i_sb->s_cop->is_encrypted(inode))
118
122
return -ENODATA;
119
123
120
124
res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
···
137
143
}
138
144
EXPORT_SYMBOL(fscrypt_ioctl_get_policy);
139
145
146
+
/**
147
+
* fscrypt_has_permitted_context() - is a file's encryption policy permitted
148
+
* within its directory?
149
+
*
150
+
* @parent: inode for parent directory
151
+
* @child: inode for file being looked up, opened, or linked into @parent
152
+
*
153
+
* Filesystems must call this before permitting access to an inode in a
154
+
* situation where the parent directory is encrypted (either before allowing
155
+
* ->lookup() to succeed, or for a regular file before allowing it to be opened)
156
+
* and before any operation that involves linking an inode into an encrypted
157
+
* directory, including link, rename, and cross rename. It enforces the
158
+
* constraint that within a given encrypted directory tree, all files use the
159
+
* same encryption policy. The pre-access check is needed to detect potentially
160
+
* malicious offline violations of this constraint, while the link and rename
161
+
* checks are needed to prevent online violations of this constraint.
162
+
*
163
+
* Return: 1 if permitted, 0 if forbidden. If forbidden, the caller must fail
164
+
* the filesystem operation with EPERM.
165
+
*/
140
166
int fscrypt_has_permitted_context(struct inode *parent, struct inode *child)
141
167
{
142
-
struct fscrypt_info *parent_ci, *child_ci;
168
+
const struct fscrypt_operations *cops = parent->i_sb->s_cop;
169
+
const struct fscrypt_info *parent_ci, *child_ci;
170
+
struct fscrypt_context parent_ctx, child_ctx;
143
171
int res;
144
-
145
-
if ((parent == NULL) || (child == NULL)) {
146
-
printk(KERN_ERR "parent %p child %p\n", parent, child);
147
-
BUG_ON(1);
148
-
}
149
172
150
173
/* No restrictions on file types which are never encrypted */
151
174
if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
152
175
!S_ISLNK(child->i_mode))
153
176
return 1;
154
177
155
-
/* no restrictions if the parent directory is not encrypted */
156
-
if (!parent->i_sb->s_cop->is_encrypted(parent))
178
+
/* No restrictions if the parent directory is unencrypted */
179
+
if (!cops->is_encrypted(parent))
157
180
return 1;
158
-
/* if the child directory is not encrypted, this is always a problem */
159
-
if (!parent->i_sb->s_cop->is_encrypted(child))
181
+
182
+
/* Encrypted directories must not contain unencrypted files */
183
+
if (!cops->is_encrypted(child))
160
184
return 0;
185
+
186
+
/*
187
+
* Both parent and child are encrypted, so verify they use the same
188
+
* encryption policy. Compare the fscrypt_info structs if the keys are
189
+
* available, otherwise retrieve and compare the fscrypt_contexts.
190
+
*
191
+
* Note that the fscrypt_context retrieval will be required frequently
192
+
* when accessing an encrypted directory tree without the key.
193
+
* Performance-wise this is not a big deal because we already don't
194
+
* really optimize for file access without the key (to the extent that
195
+
* such access is even possible), given that any attempted access
196
+
* already causes a fscrypt_context retrieval and keyring search.
197
+
*
198
+
* In any case, if an unexpected error occurs, fall back to "forbidden".
199
+
*/
200
+
161
201
res = fscrypt_get_encryption_info(parent);
162
202
if (res)
163
203
return 0;
···
200
172
return 0;
201
173
parent_ci = parent->i_crypt_info;
202
174
child_ci = child->i_crypt_info;
203
-
if (!parent_ci && !child_ci)
204
-
return 1;
205
-
if (!parent_ci || !child_ci)
175
+
176
+
if (parent_ci && child_ci) {
177
+
return memcmp(parent_ci->ci_master_key, child_ci->ci_master_key,
178
+
FS_KEY_DESCRIPTOR_SIZE) == 0 &&
179
+
(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
180
+
(parent_ci->ci_filename_mode ==
181
+
child_ci->ci_filename_mode) &&
182
+
(parent_ci->ci_flags == child_ci->ci_flags);
183
+
}
184
+
185
+
res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));
186
+
if (res != sizeof(parent_ctx))
206
187
return 0;
207
188
208
-
return (memcmp(parent_ci->ci_master_key,
209
-
child_ci->ci_master_key,
210
-
FS_KEY_DESCRIPTOR_SIZE) == 0 &&
211
-
(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
212
-
(parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
213
-
(parent_ci->ci_flags == child_ci->ci_flags));
189
+
res = cops->get_context(child, &child_ctx, sizeof(child_ctx));
190
+
if (res != sizeof(child_ctx))
191
+
return 0;
192
+
193
+
return memcmp(parent_ctx.master_key_descriptor,
194
+
child_ctx.master_key_descriptor,
195
+
FS_KEY_DESCRIPTOR_SIZE) == 0 &&
196
+
(parent_ctx.contents_encryption_mode ==
197
+
child_ctx.contents_encryption_mode) &&
198
+
(parent_ctx.filenames_encryption_mode ==
199
+
child_ctx.filenames_encryption_mode) &&
200
+
(parent_ctx.flags == child_ctx.flags);
214
201
}
215
202
EXPORT_SYMBOL(fscrypt_has_permitted_context);
216
203
···
244
201
struct fscrypt_context ctx;
245
202
struct fscrypt_info *ci;
246
203
int res;
247
-
248
-
if (!parent->i_sb->s_cop->set_context)
249
-
return -EOPNOTSUPP;
250
204
251
205
res = fscrypt_get_encryption_info(parent);
252
206
if (res < 0)
+31
-81
fs/ext4/namei.c
+31
-81
fs/ext4/namei.c
···
1237
1237
}
1238
1238
1239
1239
/*
1240
-
* NOTE! unlike strncmp, ext4_match returns 1 for success, 0 for failure.
1240
+
* Test whether a directory entry matches the filename being searched for.
1241
1241
*
1242
-
* `len <= EXT4_NAME_LEN' is guaranteed by caller.
1243
-
* `de != NULL' is guaranteed by caller.
1242
+
* Return: %true if the directory entry matches, otherwise %false.
1244
1243
*/
1245
-
static inline int ext4_match(struct ext4_filename *fname,
1246
-
struct ext4_dir_entry_2 *de)
1244
+
static inline bool ext4_match(const struct ext4_filename *fname,
1245
+
const struct ext4_dir_entry_2 *de)
1247
1246
{
1248
-
const void *name = fname_name(fname);
1249
-
u32 len = fname_len(fname);
1247
+
struct fscrypt_name f;
1250
1248
1251
1249
if (!de->inode)
1252
-
return 0;
1250
+
return false;
1253
1251
1252
+
f.usr_fname = fname->usr_fname;
1253
+
f.disk_name = fname->disk_name;
1254
1254
#ifdef CONFIG_EXT4_FS_ENCRYPTION
1255
-
if (unlikely(!name)) {
1256
-
if (fname->usr_fname->name[0] == '_') {
1257
-
int ret;
1258
-
if (de->name_len < 16)
1259
-
return 0;
1260
-
ret = memcmp(de->name + de->name_len - 16,
1261
-
fname->crypto_buf.name + 8, 16);
1262
-
return (ret == 0) ? 1 : 0;
1263
-
}
1264
-
name = fname->crypto_buf.name;
1265
-
len = fname->crypto_buf.len;
1266
-
}
1255
+
f.crypto_buf = fname->crypto_buf;
1267
1256
#endif
1268
-
if (de->name_len != len)
1269
-
return 0;
1270
-
return (memcmp(de->name, name, len) == 0) ? 1 : 0;
1257
+
return fscrypt_match_name(&f, de->name, de->name_len);
1271
1258
}
1272
1259
1273
1260
/*
···
1268
1281
struct ext4_dir_entry_2 * de;
1269
1282
char * dlimit;
1270
1283
int de_len;
1271
-
int res;
1272
1284
1273
1285
de = (struct ext4_dir_entry_2 *)search_buf;
1274
1286
dlimit = search_buf + buf_size;
1275
1287
while ((char *) de < dlimit) {
1276
1288
/* this code is executed quadratically often */
1277
1289
/* do minimal checking `by hand' */
1278
-
if ((char *) de + de->name_len <= dlimit) {
1279
-
res = ext4_match(fname, de);
1280
-
if (res < 0) {
1281
-
res = -1;
1282
-
goto return_result;
1283
-
}
1284
-
if (res > 0) {
1285
-
/* found a match - just to be sure, do
1286
-
* a full check */
1287
-
if (ext4_check_dir_entry(dir, NULL, de, bh,
1288
-
bh->b_data,
1289
-
bh->b_size, offset)) {
1290
-
res = -1;
1291
-
goto return_result;
1292
-
}
1293
-
*res_dir = de;
1294
-
res = 1;
1295
-
goto return_result;
1296
-
}
1297
-
1290
+
if ((char *) de + de->name_len <= dlimit &&
1291
+
ext4_match(fname, de)) {
1292
+
/* found a match - just to be sure, do
1293
+
* a full check */
1294
+
if (ext4_check_dir_entry(dir, NULL, de, bh, bh->b_data,
1295
+
bh->b_size, offset))
1296
+
return -1;
1297
+
*res_dir = de;
1298
+
return 1;
1298
1299
}
1299
1300
/* prevent looping on a bad block */
1300
1301
de_len = ext4_rec_len_from_disk(de->rec_len,
1301
1302
dir->i_sb->s_blocksize);
1302
-
if (de_len <= 0) {
1303
-
res = -1;
1304
-
goto return_result;
1305
-
}
1303
+
if (de_len <= 0)
1304
+
return -1;
1306
1305
offset += de_len;
1307
1306
de = (struct ext4_dir_entry_2 *) ((char *) de + de_len);
1308
1307
}
1309
-
1310
-
res = 0;
1311
-
return_result:
1312
-
return res;
1308
+
return 0;
1313
1309
}
1314
1310
1315
1311
static int is_dx_internal_node(struct inode *dir, ext4_lblk_t block,
···
1586
1616
if (!IS_ERR(inode) && ext4_encrypted_inode(dir) &&
1587
1617
(S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
1588
1618
!fscrypt_has_permitted_context(dir, inode)) {
1589
-
int nokey = ext4_encrypted_inode(inode) &&
1590
-
!fscrypt_has_encryption_key(inode);
1591
-
if (nokey) {
1592
-
iput(inode);
1593
-
return ERR_PTR(-ENOKEY);
1594
-
}
1595
1619
ext4_warning(inode->i_sb,
1596
1620
"Inconsistent encryption contexts: %lu/%lu",
1597
-
(unsigned long) dir->i_ino,
1598
-
(unsigned long) inode->i_ino);
1621
+
dir->i_ino, inode->i_ino);
1599
1622
iput(inode);
1600
1623
return ERR_PTR(-EPERM);
1601
1624
}
···
1796
1833
int nlen, rlen;
1797
1834
unsigned int offset = 0;
1798
1835
char *top;
1799
-
int res;
1800
1836
1801
1837
de = (struct ext4_dir_entry_2 *)buf;
1802
1838
top = buf + buf_size - reclen;
1803
1839
while ((char *) de <= top) {
1804
1840
if (ext4_check_dir_entry(dir, NULL, de, bh,
1805
-
buf, buf_size, offset)) {
1806
-
res = -EFSCORRUPTED;
1807
-
goto return_result;
1808
-
}
1809
-
/* Provide crypto context and crypto buffer to ext4 match */
1810
-
res = ext4_match(fname, de);
1811
-
if (res < 0)
1812
-
goto return_result;
1813
-
if (res > 0) {
1814
-
res = -EEXIST;
1815
-
goto return_result;
1816
-
}
1841
+
buf, buf_size, offset))
1842
+
return -EFSCORRUPTED;
1843
+
if (ext4_match(fname, de))
1844
+
return -EEXIST;
1817
1845
nlen = EXT4_DIR_REC_LEN(de->name_len);
1818
1846
rlen = ext4_rec_len_from_disk(de->rec_len, buf_size);
1819
1847
if ((de->inode ? rlen - nlen : rlen) >= reclen)
···
1812
1858
de = (struct ext4_dir_entry_2 *)((char *)de + rlen);
1813
1859
offset += rlen;
1814
1860
}
1815
-
1816
1861
if ((char *) de > top)
1817
-
res = -ENOSPC;
1818
-
else {
1819
-
*dest_de = de;
1820
-
res = 0;
1821
-
}
1822
-
return_result:
1823
-
return res;
1862
+
return -ENOSPC;
1863
+
1864
+
*dest_de = de;
1865
+
return 0;
1824
1866
}
1825
1867
1826
1868
void ext4_insert_dentry(struct inode *inode,
+5
-20
fs/f2fs/dir.c
+5
-20
fs/f2fs/dir.c
···
111
111
struct f2fs_dir_entry *de;
112
112
unsigned long bit_pos = 0;
113
113
int max_len = 0;
114
-
struct fscrypt_str de_name = FSTR_INIT(NULL, 0);
115
-
struct fscrypt_str *name = &fname->disk_name;
116
114
117
115
if (max_slots)
118
116
*max_slots = 0;
···
128
130
continue;
129
131
}
130
132
131
-
/* encrypted case */
132
-
de_name.name = d->filename[bit_pos];
133
-
de_name.len = le16_to_cpu(de->name_len);
134
-
135
-
/* show encrypted name */
136
-
if (fname->hash) {
137
-
if (de->hash_code == cpu_to_le32(fname->hash))
138
-
goto found;
139
-
} else if (de_name.len == name->len &&
140
-
de->hash_code == namehash &&
141
-
!memcmp(de_name.name, name->name, name->len))
133
+
if (de->hash_code == namehash &&
134
+
fscrypt_match_name(fname, d->filename[bit_pos],
135
+
le16_to_cpu(de->name_len)))
142
136
goto found;
143
137
144
138
if (max_slots && max_len > *max_slots)
···
160
170
struct f2fs_dir_entry *de = NULL;
161
171
bool room = false;
162
172
int max_slots;
163
-
f2fs_hash_t namehash;
164
-
165
-
if(fname->hash)
166
-
namehash = cpu_to_le32(fname->hash);
167
-
else
168
-
namehash = f2fs_dentry_hash(&name);
173
+
f2fs_hash_t namehash = f2fs_dentry_hash(&name, fname);
169
174
170
175
nbucket = dir_buckets(level, F2FS_I(dir)->i_dir_level);
171
176
nblock = bucket_blocks(level);
···
527
542
528
543
level = 0;
529
544
slots = GET_DENTRY_SLOTS(new_name->len);
530
-
dentry_hash = f2fs_dentry_hash(new_name);
545
+
dentry_hash = f2fs_dentry_hash(new_name, NULL);
531
546
532
547
current_depth = F2FS_I(dir)->i_current_depth;
533
548
if (F2FS_I(dir)->chash == dentry_hash) {
+2
-1
fs/f2fs/f2fs.h
+2
-1
fs/f2fs/f2fs.h
+6
-1
fs/f2fs/hash.c
+6
-1
fs/f2fs/hash.c
···
70
70
*buf++ = pad;
71
71
}
72
72
73
-
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info)
73
+
f2fs_hash_t f2fs_dentry_hash(const struct qstr *name_info,
74
+
struct fscrypt_name *fname)
74
75
{
75
76
__u32 hash;
76
77
f2fs_hash_t f2fs_hash;
···
79
78
__u32 in[8], buf[4];
80
79
const unsigned char *name = name_info->name;
81
80
size_t len = name_info->len;
81
+
82
+
/* encrypted bigname case */
83
+
if (fname && !fname->disk_name.name)
84
+
return cpu_to_le32(fname->hash);
82
85
83
86
if (is_dot_dotdot(name_info))
84
87
return 0;
+2
-2
fs/f2fs/inline.c
+2
-2
fs/f2fs/inline.c
···
296
296
return NULL;
297
297
}
298
298
299
-
namehash = f2fs_dentry_hash(&name);
299
+
namehash = f2fs_dentry_hash(&name, fname);
300
300
301
301
inline_dentry = inline_data_addr(ipage);
302
302
···
533
533
534
534
f2fs_wait_on_page_writeback(ipage, NODE, true);
535
535
536
-
name_hash = f2fs_dentry_hash(new_name);
536
+
name_hash = f2fs_dentry_hash(new_name, NULL);
537
537
make_dentry_ptr(NULL, &d, (void *)dentry_blk, 2);
538
538
f2fs_update_dentry(ino, mode, &d, new_name, name_hash, bit_pos);
539
539
+4
-3
fs/f2fs/namei.c
+4
-3
fs/f2fs/namei.c
···
324
324
if (f2fs_encrypted_inode(dir) &&
325
325
(S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
326
326
!fscrypt_has_permitted_context(dir, inode)) {
327
-
bool nokey = f2fs_encrypted_inode(inode) &&
328
-
!fscrypt_has_encryption_key(inode);
329
-
err = nokey ? -ENOKEY : -EPERM;
327
+
f2fs_msg(inode->i_sb, KERN_WARNING,
328
+
"Inconsistent encryption contexts: %lu/%lu",
329
+
dir->i_ino, inode->i_ino);
330
+
err = -EPERM;
330
331
goto err_out;
331
332
}
332
333
return d_splice_alias(inode, dentry);
+11
fs/ubifs/dir.c
+11
fs/ubifs/dir.c
···
285
285
goto out_dent;
286
286
}
287
287
288
+
if (ubifs_crypt_is_encrypted(dir) &&
289
+
(S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
290
+
!fscrypt_has_permitted_context(dir, inode)) {
291
+
ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
292
+
dir->i_ino, inode->i_ino);
293
+
err = -EPERM;
294
+
goto out_inode;
295
+
}
296
+
288
297
done:
289
298
kfree(dent);
290
299
fscrypt_free_filename(&nm);
···
304
295
d_add(dentry, inode);
305
296
return NULL;
306
297
298
+
out_inode:
299
+
iput(inode);
307
300
out_dent:
308
301
kfree(dent);
309
302
out_fname:
-11
include/linux/fscrypt_common.h
-11
include/linux/fscrypt_common.h
···
46
46
char encrypted_path[1];
47
47
} __packed;
48
48
49
-
/**
50
-
* This function is used to calculate the disk space required to
51
-
* store a filename of length l in encrypted symlink format.
52
-
*/
53
-
static inline u32 fscrypt_symlink_data_len(u32 l)
54
-
{
55
-
if (l < FS_CRYPTO_BLOCK_SIZE)
56
-
l = FS_CRYPTO_BLOCK_SIZE;
57
-
return (l + sizeof(struct fscrypt_symlink_data) - 1);
58
-
}
59
-
60
49
struct fscrypt_str {
61
50
unsigned char *name;
62
51
u32 len;
+9
include/linux/fscrypt_notsupp.h
+9
include/linux/fscrypt_notsupp.h
···
147
147
return -EOPNOTSUPP;
148
148
}
149
149
150
+
static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
151
+
const u8 *de_name, u32 de_name_len)
152
+
{
153
+
/* Encryption support disabled; use standard comparison */
154
+
if (de_name_len != fname->disk_name.len)
155
+
return false;
156
+
return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
157
+
}
158
+
150
159
/* bio.c */
151
160
static inline void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *ctx,
152
161
struct bio *bio)
+74
include/linux/fscrypt_supp.h
+74
include/linux/fscrypt_supp.h
···
57
57
extern int fscrypt_fname_usr_to_disk(struct inode *, const struct qstr *,
58
58
struct fscrypt_str *);
59
59
60
+
#define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32
61
+
62
+
/* Extracts the second-to-last ciphertext block; see explanation below */
63
+
#define FSCRYPT_FNAME_DIGEST(name, len) \
64
+
((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
65
+
FS_CRYPTO_BLOCK_SIZE))
66
+
67
+
#define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE
68
+
69
+
/**
70
+
* fscrypt_digested_name - alternate identifier for an on-disk filename
71
+
*
72
+
* When userspace lists an encrypted directory without access to the key,
73
+
* filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
74
+
* bytes are shown in this abbreviated form (base64-encoded) rather than as the
75
+
* full ciphertext (base64-encoded). This is necessary to allow supporting
76
+
* filenames up to NAME_MAX bytes, since base64 encoding expands the length.
77
+
*
78
+
* To make it possible for filesystems to still find the correct directory entry
79
+
* despite not knowing the full on-disk name, we encode any filesystem-specific
80
+
* 'hash' and/or 'minor_hash' which the filesystem may need for its lookups,
81
+
* followed by the second-to-last ciphertext block of the filename. Due to the
82
+
* use of the CBC-CTS encryption mode, the second-to-last ciphertext block
83
+
* depends on the full plaintext. (Note that ciphertext stealing causes the
84
+
* last two blocks to appear "flipped".) This makes accidental collisions very
85
+
* unlikely: just a 1 in 2^128 chance for two filenames to collide even if they
86
+
* share the same filesystem-specific hashes.
87
+
*
88
+
* However, this scheme isn't immune to intentional collisions, which can be
89
+
* created by anyone able to create arbitrary plaintext filenames and view them
90
+
* without the key. Making the "digest" be a real cryptographic hash like
91
+
* SHA-256 over the full ciphertext would prevent this, although it would be
92
+
* less efficient and harder to implement, especially since the filesystem would
93
+
* need to calculate it for each directory entry examined during a search.
94
+
*/
95
+
struct fscrypt_digested_name {
96
+
u32 hash;
97
+
u32 minor_hash;
98
+
u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
99
+
};
100
+
101
+
/**
102
+
* fscrypt_match_name() - test whether the given name matches a directory entry
103
+
* @fname: the name being searched for
104
+
* @de_name: the name from the directory entry
105
+
* @de_name_len: the length of @de_name in bytes
106
+
*
107
+
* Normally @fname->disk_name will be set, and in that case we simply compare
108
+
* that to the name stored in the directory entry. The only exception is that
109
+
* if we don't have the key for an encrypted directory and a filename in it is
110
+
* very long, then we won't have the full disk_name and we'll instead need to
111
+
* match against the fscrypt_digested_name.
112
+
*
113
+
* Return: %true if the name matches, otherwise %false.
114
+
*/
115
+
static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
116
+
const u8 *de_name, u32 de_name_len)
117
+
{
118
+
if (unlikely(!fname->disk_name.name)) {
119
+
const struct fscrypt_digested_name *n =
120
+
(const void *)fname->crypto_buf.name;
121
+
if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
122
+
return false;
123
+
if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
124
+
return false;
125
+
return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
126
+
n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
127
+
}
128
+
129
+
if (de_name_len != fname->disk_name.len)
130
+
return false;
131
+
return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
132
+
}
133
+
60
134
/* bio.c */
61
135
extern void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *, struct bio *);
62
136
extern void fscrypt_pullback_bio_page(struct page **, bool);
+14
-1
include/uapi/linux/fs.h
+14
-1
include/uapi/linux/fs.h
···
279
279
__u8 filenames_encryption_mode;
280
280
__u8 flags;
281
281
__u8 master_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
282
-
} __packed;
282
+
};
283
283
284
284
#define FS_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct fscrypt_policy)
285
285
#define FS_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16])
286
286
#define FS_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct fscrypt_policy)
287
+
288
+
/* Parameters for passing an encryption key into the kernel keyring */
289
+
#define FS_KEY_DESC_PREFIX "fscrypt:"
290
+
#define FS_KEY_DESC_PREFIX_SIZE 8
291
+
292
+
/* Structure that userspace passes to the kernel keyring */
293
+
#define FS_MAX_KEY_SIZE 64
294
+
295
+
struct fscrypt_key {
296
+
__u32 mode;
297
+
__u8 raw[FS_MAX_KEY_SIZE];
298
+
__u32 size;
299
+
};
287
300
288
301
/*
289
302
* Inode flags (FS_IOC_GETFLAGS / FS_IOC_SETFLAGS)