Commit 50c961de authored by Eric Biggers's avatar Eric Biggers Committed by Theodore Ts'o

fscrypt: calculate NUL-padding length in one place only

Currently, when encrypting a filename (either a real filename or a
symlink target) we calculate the amount of NUL-padding twice: once
before encryption and once during encryption in fname_encrypt().  It is
needed before encryption to allocate the needed buffer size as well as
calculate the size the symlink target will take up on-disk before
creating the symlink inode.  Calculating the size during encryption as
well is redundant.

Remove this redundancy by always calculating the exact size beforehand,
and making fname_encrypt() just add as much NUL padding as is needed to
fill the output buffer.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent 0eaab5b1
...@@ -30,39 +30,29 @@ static inline bool fscrypt_is_dot_dotdot(const struct qstr *str) ...@@ -30,39 +30,29 @@ static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
/** /**
* fname_encrypt() - encrypt a filename * fname_encrypt() - encrypt a filename
* *
* The caller must have allocated sufficient memory for the @oname string. * The output buffer must be at least as large as the input buffer.
* Any extra space is filled with NUL padding before encryption.
* *
* Return: 0 on success, -errno on failure * Return: 0 on success, -errno on failure
*/ */
int fname_encrypt(struct inode *inode, int fname_encrypt(struct inode *inode, const struct qstr *iname,
const struct qstr *iname, struct fscrypt_str *oname) u8 *out, unsigned int olen)
{ {
struct skcipher_request *req = NULL; struct skcipher_request *req = NULL;
DECLARE_CRYPTO_WAIT(wait); DECLARE_CRYPTO_WAIT(wait);
struct fscrypt_info *ci = inode->i_crypt_info; struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm;
struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0; int res = 0;
char iv[FS_CRYPTO_BLOCK_SIZE]; char iv[FS_CRYPTO_BLOCK_SIZE];
struct scatterlist sg; struct scatterlist sg;
int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK);
unsigned int lim;
unsigned int cryptlen;
lim = inode->i_sb->s_cop->max_namelen(inode);
if (iname->len <= 0 || iname->len > lim)
return -EIO;
/* /*
* Copy the filename to the output buffer for encrypting in-place and * Copy the filename to the output buffer for encrypting in-place and
* pad it with the needed number of NUL bytes. * pad it with the needed number of NUL bytes.
*/ */
if (WARN_ON(oname->len < iname->len)) if (WARN_ON(olen < iname->len))
return -ENOBUFS; return -ENOBUFS;
cryptlen = max_t(unsigned int, iname->len, FS_CRYPTO_BLOCK_SIZE); memcpy(out, iname->name, iname->len);
cryptlen = round_up(cryptlen, padding); memset(out + iname->len, 0, olen - iname->len);
cryptlen = min3(cryptlen, lim, oname->len);
memcpy(oname->name, iname->name, iname->len);
memset(oname->name + iname->len, 0, cryptlen - iname->len);
/* Initialize the IV */ /* Initialize the IV */
memset(iv, 0, FS_CRYPTO_BLOCK_SIZE); memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
...@@ -77,8 +67,8 @@ int fname_encrypt(struct inode *inode, ...@@ -77,8 +67,8 @@ int fname_encrypt(struct inode *inode,
skcipher_request_set_callback(req, skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
crypto_req_done, &wait); crypto_req_done, &wait);
sg_init_one(&sg, oname->name, cryptlen); sg_init_one(&sg, out, olen);
skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv); skcipher_request_set_crypt(req, &sg, &sg, olen, iv);
/* Do the encryption */ /* Do the encryption */
res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
...@@ -89,7 +79,6 @@ int fname_encrypt(struct inode *inode, ...@@ -89,7 +79,6 @@ int fname_encrypt(struct inode *inode,
return res; return res;
} }
oname->len = cryptlen;
return 0; return 0;
} }
...@@ -354,11 +343,21 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, ...@@ -354,11 +343,21 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
return ret; return ret;
if (dir->i_crypt_info) { if (dir->i_crypt_info) {
ret = fscrypt_fname_alloc_buffer(dir, iname->len, unsigned int max_len = dir->i_sb->s_cop->max_namelen(dir);
&fname->crypto_buf);
if (ret) if (iname->len > max_len)
return ret; return -ENAMETOOLONG;
ret = fname_encrypt(dir, iname, &fname->crypto_buf);
fname->crypto_buf.len =
min(fscrypt_fname_encrypted_size(dir, iname->len),
max_len);
fname->crypto_buf.name = kmalloc(fname->crypto_buf.len,
GFP_NOFS);
if (!fname->crypto_buf.name)
return -ENOMEM;
ret = fname_encrypt(dir, iname, fname->crypto_buf.name,
fname->crypto_buf.len);
if (ret) if (ret)
goto errout; goto errout;
fname->disk_name.name = fname->crypto_buf.name; fname->disk_name.name = fname->crypto_buf.name;
...@@ -410,7 +409,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, ...@@ -410,7 +409,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
return 0; return 0;
errout: errout:
fscrypt_fname_free_buffer(&fname->crypto_buf); kfree(fname->crypto_buf.name);
return ret; return ret;
} }
EXPORT_SYMBOL(fscrypt_setup_filename); EXPORT_SYMBOL(fscrypt_setup_filename);
...@@ -108,8 +108,8 @@ extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx, ...@@ -108,8 +108,8 @@ extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx,
gfp_t gfp_flags); gfp_t gfp_flags);
/* fname.c */ /* fname.c */
extern int fname_encrypt(struct inode *inode, extern int fname_encrypt(struct inode *inode, const struct qstr *iname,
const struct qstr *iname, struct fscrypt_str *oname); u8 *out, unsigned int olen);
/* keyinfo.c */ /* keyinfo.c */
extern void __exit fscrypt_essiv_cleanup(void); extern void __exit fscrypt_essiv_cleanup(void);
......
...@@ -161,7 +161,6 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, ...@@ -161,7 +161,6 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
struct qstr iname = { .name = target, .len = len }; struct qstr iname = { .name = target, .len = len };
struct fscrypt_symlink_data *sd; struct fscrypt_symlink_data *sd;
unsigned int ciphertext_len; unsigned int ciphertext_len;
struct fscrypt_str oname;
err = fscrypt_require_key(inode); err = fscrypt_require_key(inode);
if (err) if (err)
...@@ -178,16 +177,12 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, ...@@ -178,16 +177,12 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
ciphertext_len = disk_link->len - sizeof(*sd); ciphertext_len = disk_link->len - sizeof(*sd);
sd->len = cpu_to_le16(ciphertext_len); sd->len = cpu_to_le16(ciphertext_len);
oname.name = sd->encrypted_path; err = fname_encrypt(inode, &iname, sd->encrypted_path, ciphertext_len);
oname.len = ciphertext_len;
err = fname_encrypt(inode, &iname, &oname);
if (err) { if (err) {
if (!disk_link->name) if (!disk_link->name)
kfree(sd); kfree(sd);
return err; return err;
} }
BUG_ON(oname.len != ciphertext_len);
/* /*
* Null-terminating the ciphertext doesn't make sense, but we still * Null-terminating the ciphertext doesn't make sense, but we still
* count the null terminator in the length, so we might as well * count the null terminator in the length, so we might as well
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment