* Re: [PATCH 9/26] eCryptfs: Use skcipher and shash [not found] ` <201601250207.1gdHywwq%fengguang.wu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> @ 2016-01-24 18:10 ` Julia Lawall 2016-01-25 2:29 ` [v2 PATCH " Herbert Xu 0 siblings, 1 reply; 5+ messages in thread From: Julia Lawall @ 2016-01-24 18:10 UTC (permalink / raw) To: Herbert Xu Cc: Linux Crypto Mailing List, Linux Kernel Mailing List, netdev-u79uwXL29TY76Z2rM5mHXA, devel-gWbeCf7V1WCQmaza687I9mD2FQJk+8+b, dm-devel-H+wXaHxf7aLQT0dZR+AlfA, linux-wireless-u79uwXL29TY76Z2rM5mHXA, linux-cifs-u79uwXL29TY76Z2rM5mHXA, ecryptfs-u79uwXL29TY76Z2rM5mHXA, linux-ext4-u79uwXL29TY76Z2rM5mHXA, linux-f2fs-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f, linux-nfs-u79uwXL29TY76Z2rM5mHXA, keyrings-u79uwXL29TY76Z2rM5mHXA, linux-bluetooth-u79uwXL29TY76Z2rM5mHXA, ceph-devel-u79uwXL29TY76Z2rM5mHXA, linux-wpan-u79uwXL29TY76Z2rM5mHXA, linux-afs-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r, drbd-dev-cunTk1MwBs8qoQakbn7OcQ, open-iscsi-/JYPxA39Uh5TLH3MbocFFw, kbuild-all-JC7UmRfGjtg Maybe the goto on line 1726 needs a preceding mutex_unlock? julia On Mon, 25 Jan 2016, kbuild test robot wrote: > Hi Herbert, > > [auto build test WARNING on net/master] > [also build test WARNING on v4.4 next-20160122] > [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] > > url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 > :::::: branch date: 5 hours ago > :::::: commit date: 5 hours ago > > >> fs/ecryptfs/keystore.c:1761:1-7: preceding lock on line 1719 > > git remote add linux-review https://github.com/0day-ci/linux > git remote update linux-review > git checkout 0186bf144c1f96606f491be0e7ed47b79ea0d285 > vim +1761 fs/ecryptfs/keystore.c > > ac97b9f9 Michael Halcrow 2008-11-19 1713 if (rc < 1 || rc > 2) { > f4aad16a Michael Halcrow 2007-10-16 1714 printk(KERN_ERR "Internal error whilst attempting to convert " > f4aad16a Michael Halcrow 2007-10-16 1715 "auth_tok->session_key.decrypted_key to scatterlist; " > f4aad16a Michael Halcrow 2007-10-16 1716 "expected rc = 1; got rc = [%d]\n", rc); > f4aad16a Michael Halcrow 2007-10-16 1717 goto out; > 237fead6 Michael Halcrow 2006-10-04 1718 } > 237fead6 Michael Halcrow 2006-10-04 @1719 mutex_lock(tfm_mutex); > 0186bf14 Herbert Xu 2016-01-24 1720 req = skcipher_request_alloc(tfm, GFP_KERNEL); > 0186bf14 Herbert Xu 2016-01-24 1721 if (!req) { > 0186bf14 Herbert Xu 2016-01-24 1722 printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " > 0186bf14 Herbert Xu 2016-01-24 1723 "skcipher_request_alloc for %s\n", __func__, > 0186bf14 Herbert Xu 2016-01-24 1724 crypto_skcipher_driver_name(tfm)); > 0186bf14 Herbert Xu 2016-01-24 1725 rc = -ENOMEM; > 0186bf14 Herbert Xu 2016-01-24 1726 goto out; > 0186bf14 Herbert Xu 2016-01-24 1727 } > 0186bf14 Herbert Xu 2016-01-24 1728 > 0186bf14 Herbert Xu 2016-01-24 1729 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, > 0186bf14 Herbert Xu 2016-01-24 1730 NULL, NULL); > 0186bf14 Herbert Xu 2016-01-24 1731 rc = crypto_skcipher_setkey( > 0186bf14 Herbert Xu 2016-01-24 1732 tfm, auth_tok->token.password.session_key_encryption_key, > 237fead6 Michael Halcrow 2006-10-04 1733 crypt_stat->key_size); > f4aad16a Michael Halcrow 2007-10-16 1734 if (unlikely(rc < 0)) { > f4aad16a Michael Halcrow 2007-10-16 1735 mutex_unlock(tfm_mutex); > e5d9cbde Michael Halcrow 2006-10-30 1736 printk(KERN_ERR "Error setting key for crypto context\n"); > e5d9cbde Michael Halcrow 2006-10-30 1737 rc = -EINVAL; > f4aad16a Michael Halcrow 2007-10-16 1738 goto out; > 237fead6 Michael Halcrow 2006-10-04 1739 } > 0186bf14 Herbert Xu 2016-01-24 1740 skcipher_request_set_crypt(req, src_sg, dst_sg, > 0186bf14 Herbert Xu 2016-01-24 1741 auth_tok->session_key.encrypted_key_size, > 0186bf14 Herbert Xu 2016-01-24 1742 NULL); > 0186bf14 Herbert Xu 2016-01-24 1743 rc = crypto_skcipher_decrypt(req); > f4aad16a Michael Halcrow 2007-10-16 1744 mutex_unlock(tfm_mutex); > f4aad16a Michael Halcrow 2007-10-16 1745 if (unlikely(rc)) { > 8bba066f Michael Halcrow 2006-10-30 1746 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); > f4aad16a Michael Halcrow 2007-10-16 1747 goto out; > 8bba066f Michael Halcrow 2006-10-30 1748 } > 237fead6 Michael Halcrow 2006-10-04 1749 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; > 237fead6 Michael Halcrow 2006-10-04 1750 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, > 237fead6 Michael Halcrow 2006-10-04 1751 auth_tok->session_key.decrypted_key_size); > e2bd99ec Michael Halcrow 2007-02-12 1752 crypt_stat->flags |= ECRYPTFS_KEY_VALID; > f4aad16a Michael Halcrow 2007-10-16 1753 if (unlikely(ecryptfs_verbosity > 0)) { > f24b3887 Tyler Hicks 2010-11-15 1754 ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n", > f4aad16a Michael Halcrow 2007-10-16 1755 crypt_stat->key_size); > 237fead6 Michael Halcrow 2006-10-04 1756 ecryptfs_dump_hex(crypt_stat->key, > 237fead6 Michael Halcrow 2006-10-04 1757 crypt_stat->key_size); > f4aad16a Michael Halcrow 2007-10-16 1758 } > 237fead6 Michael Halcrow 2006-10-04 1759 out: > 0186bf14 Herbert Xu 2016-01-24 1760 skcipher_request_free(req); > 237fead6 Michael Halcrow 2006-10-04 @1761 return rc; > 237fead6 Michael Halcrow 2006-10-04 1762 } > 237fead6 Michael Halcrow 2006-10-04 1763 > 237fead6 Michael Halcrow 2006-10-04 1764 /** > > :::::: The code at line 1761 was first introduced by commit > :::::: 237fead619984cc48818fe12ee0ceada3f55b012 [PATCH] ecryptfs: fs/Makefile and fs/Kconfig > > :::::: TO: Michael Halcrow <mhalcrow-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> > :::::: CC: Linus Torvalds <torvalds-hNm40g4Ew95AfugRpC6u6w@public.gmane.org> > > --- > 0-DAY kernel test infrastructure Open Source Technology Center > https://lists.01.org/pipermail/kbuild-all Intel Corporation > ^ permalink raw reply [flat|nested] 5+ messages in thread
* [v2 PATCH 9/26] eCryptfs: Use skcipher and shash 2016-01-24 18:10 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Julia Lawall @ 2016-01-25 2:29 ` Herbert Xu 2016-01-29 17:22 ` Tyler Hicks 0 siblings, 1 reply; 5+ messages in thread From: Herbert Xu @ 2016-01-25 2:29 UTC (permalink / raw) To: Julia Lawall Cc: Linux Crypto Mailing List, Linux Kernel Mailing List, netdev, devel, dm-devel, linux-wireless, linux-cifs, ecryptfs, linux-ext4, linux-f2fs-devel, linux-nfs, keyrings, linux-bluetooth, ceph-devel, linux-wpan, linux-afs, drbd-dev, open-iscsi, kbuild-all On Sun, Jan 24, 2016 at 07:10:50PM +0100, Julia Lawall wrote: > Maybe the goto on line 1726 needs a preceding mutex_unlock? Good catch! Thanks. ---8<--- This patch replaces uses of ablkcipher and blkcipher with skcipher, and the long obsolete hash interface with shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 80d6901..11255cb 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -23,6 +23,8 @@ * 02111-1307, USA. */ +#include <crypto/hash.h> +#include <crypto/skcipher.h> #include <linux/fs.h> #include <linux/mount.h> #include <linux/pagemap.h> @@ -30,7 +32,6 @@ #include <linux/compiler.h> #include <linux/key.h> #include <linux/namei.h> -#include <linux/crypto.h> #include <linux/file.h> #include <linux/scatterlist.h> #include <linux/slab.h> @@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size) } } +static int ecryptfs_hash_digest(struct crypto_shash *tfm, + char *src, int len, char *dst) +{ + SHASH_DESC_ON_STACK(desc, tfm); + int err; + + desc->tfm = tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + err = crypto_shash_digest(desc, src, len, dst); + shash_desc_zero(desc); + return err; +} + /** * ecryptfs_calculate_md5 - calculates the md5 of @src * @dst: Pointer to 16 bytes of allocated memory @@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst, struct ecryptfs_crypt_stat *crypt_stat, char *src, int len) { - struct scatterlist sg; - struct hash_desc desc = { - .tfm = crypt_stat->hash_tfm, - .flags = CRYPTO_TFM_REQ_MAY_SLEEP - }; + struct crypto_shash *tfm; int rc = 0; mutex_lock(&crypt_stat->cs_hash_tfm_mutex); - sg_init_one(&sg, (u8 *)src, len); - if (!desc.tfm) { - desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, - CRYPTO_ALG_ASYNC); - if (IS_ERR(desc.tfm)) { - rc = PTR_ERR(desc.tfm); + tfm = crypt_stat->hash_tfm; + if (!tfm) { + tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0); + if (IS_ERR(tfm)) { + rc = PTR_ERR(tfm); ecryptfs_printk(KERN_ERR, "Error attempting to " "allocate crypto context; rc = [%d]\n", rc); goto out; } - crypt_stat->hash_tfm = desc.tfm; - } - rc = crypto_hash_init(&desc); - if (rc) { - printk(KERN_ERR - "%s: Error initializing crypto hash; rc = [%d]\n", - __func__, rc); - goto out; + crypt_stat->hash_tfm = tfm; } - rc = crypto_hash_update(&desc, &sg, len); + rc = ecryptfs_hash_digest(tfm, src, len, dst); if (rc) { printk(KERN_ERR - "%s: Error updating crypto hash; rc = [%d]\n", - __func__, rc); - goto out; - } - rc = crypto_hash_final(&desc, dst); - if (rc) { - printk(KERN_ERR - "%s: Error finalizing crypto hash; rc = [%d]\n", + "%s: Error computing crypto hash; rc = [%d]\n", __func__, rc); goto out; } @@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) { struct ecryptfs_key_sig *key_sig, *key_sig_tmp; - if (crypt_stat->tfm) - crypto_free_ablkcipher(crypt_stat->tfm); - if (crypt_stat->hash_tfm) - crypto_free_hash(crypt_stat->hash_tfm); + crypto_free_skcipher(crypt_stat->tfm); + crypto_free_shash(crypt_stat->hash_tfm); list_for_each_entry_safe(key_sig, key_sig_tmp, &crypt_stat->keysig_list, crypt_stat_list) { list_del(&key_sig->crypt_stat_list); @@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, struct scatterlist *src_sg, int size, unsigned char *iv, int op) { - struct ablkcipher_request *req = NULL; + struct skcipher_request *req = NULL; struct extent_crypt_result ecr; int rc = 0; @@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, init_completion(&ecr.completion); mutex_lock(&crypt_stat->cs_tfm_mutex); - req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); + req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); if (!req) { mutex_unlock(&crypt_stat->cs_tfm_mutex); rc = -ENOMEM; goto out; } - ablkcipher_request_set_callback(req, + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, extent_crypt_complete, &ecr); /* Consider doing this once, when the file is opened */ if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { - rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, - crypt_stat->key_size); + rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key, + crypt_stat->key_size); if (rc) { ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", @@ -383,9 +376,9 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, crypt_stat->flags |= ECRYPTFS_KEY_SET; } mutex_unlock(&crypt_stat->cs_tfm_mutex); - ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); - rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : - crypto_ablkcipher_decrypt(req); + skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); + rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) : + crypto_skcipher_decrypt(req); if (rc == -EINPROGRESS || rc == -EBUSY) { struct extent_crypt_result *ecr = req->base.data; @@ -394,7 +387,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, reinit_completion(&ecr->completion); } out: - ablkcipher_request_free(req); + skcipher_request_free(req); return rc; } @@ -622,7 +615,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) crypt_stat->cipher, "cbc"); if (rc) goto out_unlock; - crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0); + crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0); if (IS_ERR(crypt_stat->tfm)) { rc = PTR_ERR(crypt_stat->tfm); crypt_stat->tfm = NULL; @@ -631,7 +624,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) full_alg_name); goto out_free; } - crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); rc = 0; out_free: kfree(full_alg_name); @@ -1591,7 +1584,7 @@ out: * event, regardless of whether this function succeeds for fails. */ static int -ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, +ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm, char *cipher_name, size_t *key_size) { char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; @@ -1609,21 +1602,18 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, "ecb"); if (rc) goto out; - *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); + *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(*key_tfm)) { rc = PTR_ERR(*key_tfm); printk(KERN_ERR "Unable to allocate crypto cipher with name " "[%s]; rc = [%d]\n", full_alg_name, rc); goto out; } - crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); - if (*key_size == 0) { - struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); - - *key_size = alg->max_keysize; - } + crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); + if (*key_size == 0) + *key_size = crypto_skcipher_default_keysize(*key_tfm); get_random_bytes(dummy_key, *key_size); - rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); + rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size); if (rc) { printk(KERN_ERR "Error attempting to set key of size [%zd] for " "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, @@ -1660,8 +1650,7 @@ int ecryptfs_destroy_crypto(void) list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, key_tfm_list) { list_del(&key_tfm->key_tfm_list); - if (key_tfm->key_tfm) - crypto_free_blkcipher(key_tfm->key_tfm); + crypto_free_skcipher(key_tfm->key_tfm); kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); } mutex_unlock(&key_tfm_list_mutex); @@ -1747,7 +1736,7 @@ int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm) * Searches for cached item first, and creates new if not found. * Returns 0 on success, non-zero if adding new cipher failed */ -int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, +int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, struct mutex **tfm_mutex, char *cipher_name) { @@ -2120,7 +2109,7 @@ out: int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { - struct blkcipher_desc desc; + struct crypto_skcipher *tfm; struct mutex *tfm_mutex; size_t cipher_blocksize; int rc; @@ -2130,7 +2119,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, return 0; } - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); if (unlikely(rc)) { (*namelen) = 0; @@ -2138,7 +2127,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, } mutex_lock(tfm_mutex); - cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); + cipher_blocksize = crypto_skcipher_blocksize(tfm); mutex_unlock(tfm_mutex); /* Return an exact amount for the common cases */ diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 7b39260..b7f8128 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -28,6 +28,7 @@ #ifndef ECRYPTFS_KERNEL_H #define ECRYPTFS_KERNEL_H +#include <crypto/skcipher.h> #include <keys/user-type.h> #include <keys/encrypted-type.h> #include <linux/fs.h> @@ -38,7 +39,6 @@ #include <linux/nsproxy.h> #include <linux/backing-dev.h> #include <linux/ecryptfs.h> -#include <linux/crypto.h> #define ECRYPTFS_DEFAULT_IV_BYTES 16 #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 @@ -233,9 +233,9 @@ struct ecryptfs_crypt_stat { size_t extent_shift; unsigned int extent_mask; struct ecryptfs_mount_crypt_stat *mount_crypt_stat; - struct crypto_ablkcipher *tfm; - struct crypto_hash *hash_tfm; /* Crypto context for generating - * the initialization vectors */ + struct crypto_skcipher *tfm; + struct crypto_shash *hash_tfm; /* Crypto context for generating + * the initialization vectors */ unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; unsigned char key[ECRYPTFS_MAX_KEY_BYTES]; unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES]; @@ -309,7 +309,7 @@ struct ecryptfs_global_auth_tok { * keeps a list of crypto API contexts around to use when needed. */ struct ecryptfs_key_tfm { - struct crypto_blkcipher *key_tfm; + struct crypto_skcipher *key_tfm; size_t key_size; struct mutex key_tfm_mutex; struct list_head key_tfm_list; @@ -659,7 +659,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, int ecryptfs_init_crypto(void); int ecryptfs_destroy_crypto(void); int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm); -int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, +int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, struct mutex **tfm_mutex, char *cipher_name); int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 040aa87..ed74d80 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -29,7 +29,6 @@ #include <linux/dcache.h> #include <linux/namei.h> #include <linux/mount.h> -#include <linux/crypto.h> #include <linux/fs_stack.h> #include <linux/slab.h> #include <linux/xattr.h> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 6bd67e2..c5c84df 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -25,11 +25,12 @@ * 02111-1307, USA. */ +#include <crypto/hash.h> +#include <crypto/skcipher.h> #include <linux/string.h> #include <linux/pagemap.h> #include <linux/key.h> #include <linux/random.h> -#include <linux/crypto.h> #include <linux/scatterlist.h> #include <linux/slab.h> #include "ecryptfs_kernel.h" @@ -601,12 +602,13 @@ struct ecryptfs_write_tag_70_packet_silly_stack { struct ecryptfs_auth_tok *auth_tok; struct scatterlist src_sg[2]; struct scatterlist dst_sg[2]; - struct blkcipher_desc desc; + struct crypto_skcipher *skcipher_tfm; + struct skcipher_request *skcipher_req; char iv[ECRYPTFS_MAX_IV_BYTES]; char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; - struct hash_desc hash_desc; - struct scatterlist hash_sg; + struct crypto_shash *hash_tfm; + struct shash_desc *hash_desc; }; /** @@ -629,14 +631,13 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, struct key *auth_tok_key = NULL; int rc = 0; - s = kmalloc(sizeof(*s), GFP_KERNEL); + s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) { printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); rc = -ENOMEM; goto out; } - s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; (*packet_size) = 0; rc = ecryptfs_find_auth_tok_for_sig( &auth_tok_key, @@ -649,7 +650,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, goto out; } rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( - &s->desc.tfm, + &s->skcipher_tfm, &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); if (unlikely(rc)) { printk(KERN_ERR "Internal error whilst attempting to get " @@ -658,7 +659,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, goto out; } mutex_lock(s->tfm_mutex); - s->block_size = crypto_blkcipher_blocksize(s->desc.tfm); + s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm); /* Plus one for the \0 separator between the random prefix * and the plaintext filename */ s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1); @@ -691,6 +692,19 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, rc = -EINVAL; goto out_unlock; } + + s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); + if (!s->skcipher_req) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "skcipher_request_alloc for %s\n", __func__, + crypto_skcipher_driver_name(s->skcipher_tfm)); + rc = -ENOMEM; + goto out_unlock; + } + + skcipher_request_set_callback(s->skcipher_req, + CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); + s->block_aligned_filename = kzalloc(s->block_aligned_filename_size, GFP_KERNEL); if (!s->block_aligned_filename) { @@ -700,7 +714,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, rc = -ENOMEM; goto out_unlock; } - s->i = 0; dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE; rc = ecryptfs_write_packet_length(&dest[s->i], (ECRYPTFS_SIG_SIZE @@ -738,40 +751,36 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, "password tokens\n", __func__); goto out_free_unlock; } - sg_init_one( - &s->hash_sg, - (u8 *)s->auth_tok->token.password.session_key_encryption_key, - s->auth_tok->token.password.session_key_encryption_key_bytes); - s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; - s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0, - CRYPTO_ALG_ASYNC); - if (IS_ERR(s->hash_desc.tfm)) { - rc = PTR_ERR(s->hash_desc.tfm); + s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0); + if (IS_ERR(s->hash_tfm)) { + rc = PTR_ERR(s->hash_tfm); printk(KERN_ERR "%s: Error attempting to " "allocate hash crypto context; rc = [%d]\n", __func__, rc); goto out_free_unlock; } - rc = crypto_hash_init(&s->hash_desc); - if (rc) { - printk(KERN_ERR - "%s: Error initializing crypto hash; rc = [%d]\n", - __func__, rc); - goto out_release_free_unlock; - } - rc = crypto_hash_update( - &s->hash_desc, &s->hash_sg, - s->auth_tok->token.password.session_key_encryption_key_bytes); - if (rc) { - printk(KERN_ERR - "%s: Error updating crypto hash; rc = [%d]\n", - __func__, rc); + + s->hash_desc = kmalloc(sizeof(*s->hash_desc) + + crypto_shash_descsize(s->hash_tfm), GFP_KERNEL); + if (!s->hash_desc) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "kmalloc [%zd] bytes\n", __func__, + sizeof(*s->hash_desc) + + crypto_shash_descsize(s->hash_tfm)); + rc = -ENOMEM; goto out_release_free_unlock; } - rc = crypto_hash_final(&s->hash_desc, s->hash); + + s->hash_desc->tfm = s->hash_tfm; + s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + + rc = crypto_shash_digest(s->hash_desc, + (u8 *)s->auth_tok->token.password.session_key_encryption_key, + s->auth_tok->token.password.session_key_encryption_key_bytes, + s->hash); if (rc) { printk(KERN_ERR - "%s: Error finalizing crypto hash; rc = [%d]\n", + "%s: Error computing crypto hash; rc = [%d]\n", __func__, rc); goto out_release_free_unlock; } @@ -780,27 +789,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)]; if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE) == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) { - sg_init_one(&s->hash_sg, (u8 *)s->hash, - ECRYPTFS_TAG_70_DIGEST_SIZE); - rc = crypto_hash_init(&s->hash_desc); - if (rc) { - printk(KERN_ERR - "%s: Error initializing crypto hash; " - "rc = [%d]\n", __func__, rc); - goto out_release_free_unlock; - } - rc = crypto_hash_update(&s->hash_desc, &s->hash_sg, - ECRYPTFS_TAG_70_DIGEST_SIZE); + rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash, + ECRYPTFS_TAG_70_DIGEST_SIZE, + s->tmp_hash); if (rc) { printk(KERN_ERR - "%s: Error updating crypto hash; " - "rc = [%d]\n", __func__, rc); - goto out_release_free_unlock; - } - rc = crypto_hash_final(&s->hash_desc, s->tmp_hash); - if (rc) { - printk(KERN_ERR - "%s: Error finalizing crypto hash; " + "%s: Error computing crypto hash; " "rc = [%d]\n", __func__, rc); goto out_release_free_unlock; } @@ -834,10 +828,8 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, * of the IV here, so we just use 0's for the IV. Note the * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES * >= ECRYPTFS_MAX_IV_BYTES. */ - memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); - s->desc.info = s->iv; - rc = crypto_blkcipher_setkey( - s->desc.tfm, + rc = crypto_skcipher_setkey( + s->skcipher_tfm, s->auth_tok->token.password.session_key_encryption_key, mount_crypt_stat->global_default_fn_cipher_key_bytes); if (rc < 0) { @@ -850,8 +842,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, mount_crypt_stat->global_default_fn_cipher_key_bytes); goto out_release_free_unlock; } - rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, - s->block_aligned_filename_size); + skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, + s->block_aligned_filename_size, s->iv); + rc = crypto_skcipher_encrypt(s->skcipher_req); if (rc) { printk(KERN_ERR "%s: Error attempting to encrypt filename; " "rc = [%d]\n", __func__, rc); @@ -861,7 +854,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, (*packet_size) = s->i; (*remaining_bytes) -= (*packet_size); out_release_free_unlock: - crypto_free_hash(s->hash_desc.tfm); + crypto_free_shash(s->hash_tfm); out_free_unlock: kzfree(s->block_aligned_filename); out_unlock: @@ -871,6 +864,8 @@ out: up_write(&(auth_tok_key->sem)); key_put(auth_tok_key); } + skcipher_request_free(s->skcipher_req); + kzfree(s->hash_desc); kfree(s); return rc; } @@ -888,7 +883,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack { struct ecryptfs_auth_tok *auth_tok; struct scatterlist src_sg[2]; struct scatterlist dst_sg[2]; - struct blkcipher_desc desc; + struct crypto_skcipher *skcipher_tfm; + struct skcipher_request *skcipher_req; char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; char iv[ECRYPTFS_MAX_IV_BYTES]; char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; @@ -922,14 +918,13 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, (*packet_size) = 0; (*filename_size) = 0; (*filename) = NULL; - s = kmalloc(sizeof(*s), GFP_KERNEL); + s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) { printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); rc = -ENOMEM; goto out; } - s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " "at least [%d]\n", __func__, max_packet_size, @@ -992,7 +987,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, rc); goto out; } - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm, &s->tfm_mutex, s->cipher_string); if (unlikely(rc)) { @@ -1030,12 +1025,23 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, __func__, rc, s->block_aligned_filename_size); goto out_free_unlock; } + + s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); + if (!s->skcipher_req) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "skcipher_request_alloc for %s\n", __func__, + crypto_skcipher_driver_name(s->skcipher_tfm)); + rc = -ENOMEM; + goto out_free_unlock; + } + + skcipher_request_set_callback(s->skcipher_req, + CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); + /* The characters in the first block effectively do the job of * the IV here, so we just use 0's for the IV. Note the * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES * >= ECRYPTFS_MAX_IV_BYTES. */ - memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); - s->desc.info = s->iv; /* TODO: Support other key modules than passphrase for * filename encryption */ if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { @@ -1044,8 +1050,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, "password tokens\n", __func__); goto out_free_unlock; } - rc = crypto_blkcipher_setkey( - s->desc.tfm, + rc = crypto_skcipher_setkey( + s->skcipher_tfm, s->auth_tok->token.password.session_key_encryption_key, mount_crypt_stat->global_default_fn_cipher_key_bytes); if (rc < 0) { @@ -1058,14 +1064,14 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, mount_crypt_stat->global_default_fn_cipher_key_bytes); goto out_free_unlock; } - rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, - s->block_aligned_filename_size); + skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, + s->block_aligned_filename_size, s->iv); + rc = crypto_skcipher_decrypt(s->skcipher_req); if (rc) { printk(KERN_ERR "%s: Error attempting to decrypt filename; " "rc = [%d]\n", __func__, rc); goto out_free_unlock; } - s->i = 0; while (s->decrypted_filename[s->i] != '\0' && s->i < s->block_aligned_filename_size) s->i++; @@ -1108,6 +1114,7 @@ out: up_write(&(auth_tok_key->sem)); key_put(auth_tok_key); } + skcipher_request_free(s->skcipher_req); kfree(s); return rc; } @@ -1667,9 +1674,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, struct scatterlist dst_sg[2]; struct scatterlist src_sg[2]; struct mutex *tfm_mutex; - struct blkcipher_desc desc = { - .flags = CRYPTO_TFM_REQ_MAY_SLEEP - }; + struct crypto_skcipher *tfm; + struct skcipher_request *req = NULL; int rc = 0; if (unlikely(ecryptfs_verbosity > 0)) { @@ -1680,7 +1686,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, auth_tok->token.password.session_key_encryption_key, auth_tok->token.password.session_key_encryption_key_bytes); } - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, crypt_stat->cipher); if (unlikely(rc)) { printk(KERN_ERR "Internal error whilst attempting to get " @@ -1711,8 +1717,20 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, goto out; } mutex_lock(tfm_mutex); - rc = crypto_blkcipher_setkey( - desc.tfm, auth_tok->token.password.session_key_encryption_key, + req = skcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) { + mutex_unlock(tfm_mutex); + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "skcipher_request_alloc for %s\n", __func__, + crypto_skcipher_driver_name(tfm)); + rc = -ENOMEM; + goto out; + } + + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, + NULL, NULL); + rc = crypto_skcipher_setkey( + tfm, auth_tok->token.password.session_key_encryption_key, crypt_stat->key_size); if (unlikely(rc < 0)) { mutex_unlock(tfm_mutex); @@ -1720,8 +1738,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, rc = -EINVAL; goto out; } - rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, - auth_tok->session_key.encrypted_key_size); + skcipher_request_set_crypt(req, src_sg, dst_sg, + auth_tok->session_key.encrypted_key_size, + NULL); + rc = crypto_skcipher_decrypt(req); mutex_unlock(tfm_mutex); if (unlikely(rc)) { printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); @@ -1738,6 +1758,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, crypt_stat->key_size); } out: + skcipher_request_free(req); return rc; } @@ -2191,16 +2212,14 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, size_t max_packet_size; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = crypt_stat->mount_crypt_stat; - struct blkcipher_desc desc = { - .tfm = NULL, - .flags = CRYPTO_TFM_REQ_MAY_SLEEP - }; + struct crypto_skcipher *tfm; + struct skcipher_request *req; int rc = 0; (*packet_size) = 0; ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, ECRYPTFS_SIG_SIZE); - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, crypt_stat->cipher); if (unlikely(rc)) { printk(KERN_ERR "Internal error whilst attempting to get " @@ -2209,12 +2228,11 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, goto out; } if (mount_crypt_stat->global_default_cipher_key_size == 0) { - struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm); - printk(KERN_WARNING "No key size specified at mount; " - "defaulting to [%d]\n", alg->max_keysize); + "defaulting to [%d]\n", + crypto_skcipher_default_keysize(tfm)); mount_crypt_stat->global_default_cipher_key_size = - alg->max_keysize; + crypto_skcipher_default_keysize(tfm); } if (crypt_stat->key_size == 0) crypt_stat->key_size = @@ -2284,20 +2302,36 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, goto out; } mutex_lock(tfm_mutex); - rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, - crypt_stat->key_size); + rc = crypto_skcipher_setkey(tfm, session_key_encryption_key, + crypt_stat->key_size); if (rc < 0) { mutex_unlock(tfm_mutex); ecryptfs_printk(KERN_ERR, "Error setting key for crypto " "context; rc = [%d]\n", rc); goto out; } + + req = skcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) { + mutex_unlock(tfm_mutex); + ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst " + "attempting to skcipher_request_alloc for " + "%s\n", crypto_skcipher_driver_name(tfm)); + rc = -ENOMEM; + goto out; + } + + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, + NULL, NULL); + rc = 0; ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n", crypt_stat->key_size); - rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, - (*key_rec).enc_key_size); + skcipher_request_set_crypt(req, src_sg, dst_sg, + (*key_rec).enc_key_size, NULL); + rc = crypto_skcipher_encrypt(req); mutex_unlock(tfm_mutex); + skcipher_request_free(req); if (rc) { printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); goto out; diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index e25b6b0..8b0b4a7 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -29,7 +29,6 @@ #include <linux/module.h> #include <linux/namei.h> #include <linux/skbuff.h> -#include <linux/crypto.h> #include <linux/mount.h> #include <linux/pagemap.h> #include <linux/key.h> diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index caba848..36c8b08 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c @@ -30,7 +30,6 @@ #include <linux/page-flags.h> #include <linux/mount.h> #include <linux/file.h> -#include <linux/crypto.h> #include <linux/scatterlist.h> #include <linux/slab.h> #include <asm/unaligned.h> diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c index afa1b81..77a486d 100644 --- a/fs/ecryptfs/super.c +++ b/fs/ecryptfs/super.c @@ -29,7 +29,6 @@ #include <linux/slab.h> #include <linux/seq_file.h> #include <linux/file.h> -#include <linux/crypto.h> #include <linux/statfs.h> #include <linux/magic.h> #include "ecryptfs_kernel.h" -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [v2 PATCH 9/26] eCryptfs: Use skcipher and shash 2016-01-25 2:29 ` [v2 PATCH " Herbert Xu @ 2016-01-29 17:22 ` Tyler Hicks 0 siblings, 0 replies; 5+ messages in thread From: Tyler Hicks @ 2016-01-29 17:22 UTC (permalink / raw) To: Herbert Xu Cc: Julia Lawall, Linux Crypto Mailing List, Linux Kernel Mailing List, netdev, devel, dm-devel, linux-wireless, linux-cifs, ecryptfs, linux-ext4, linux-f2fs-devel, linux-nfs, keyrings, linux-bluetooth, ceph-devel, linux-wpan, linux-afs, drbd-dev, open-iscsi, kbuild-all [-- Attachment #1: Type: text/plain, Size: 32755 bytes --] On 2016-01-25 10:29:33, Herbert Xu wrote: > On Sun, Jan 24, 2016 at 07:10:50PM +0100, Julia Lawall wrote: > > Maybe the goto on line 1726 needs a preceding mutex_unlock? > > Good catch! Thanks. > > ---8<--- > This patch replaces uses of ablkcipher and blkcipher with skcipher, > and the long obsolete hash interface with shash. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Tyler Hicks <tyhicks@canonical.com> I have no problem with you taking this through the cryptodev tree. Thanks! Tyler > > diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c > index 80d6901..11255cb 100644 > --- a/fs/ecryptfs/crypto.c > +++ b/fs/ecryptfs/crypto.c > @@ -23,6 +23,8 @@ > * 02111-1307, USA. > */ > > +#include <crypto/hash.h> > +#include <crypto/skcipher.h> > #include <linux/fs.h> > #include <linux/mount.h> > #include <linux/pagemap.h> > @@ -30,7 +32,6 @@ > #include <linux/compiler.h> > #include <linux/key.h> > #include <linux/namei.h> > -#include <linux/crypto.h> > #include <linux/file.h> > #include <linux/scatterlist.h> > #include <linux/slab.h> > @@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size) > } > } > > +static int ecryptfs_hash_digest(struct crypto_shash *tfm, > + char *src, int len, char *dst) > +{ > + SHASH_DESC_ON_STACK(desc, tfm); > + int err; > + > + desc->tfm = tfm; > + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; > + err = crypto_shash_digest(desc, src, len, dst); > + shash_desc_zero(desc); > + return err; > +} > + > /** > * ecryptfs_calculate_md5 - calculates the md5 of @src > * @dst: Pointer to 16 bytes of allocated memory > @@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst, > struct ecryptfs_crypt_stat *crypt_stat, > char *src, int len) > { > - struct scatterlist sg; > - struct hash_desc desc = { > - .tfm = crypt_stat->hash_tfm, > - .flags = CRYPTO_TFM_REQ_MAY_SLEEP > - }; > + struct crypto_shash *tfm; > int rc = 0; > > mutex_lock(&crypt_stat->cs_hash_tfm_mutex); > - sg_init_one(&sg, (u8 *)src, len); > - if (!desc.tfm) { > - desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, > - CRYPTO_ALG_ASYNC); > - if (IS_ERR(desc.tfm)) { > - rc = PTR_ERR(desc.tfm); > + tfm = crypt_stat->hash_tfm; > + if (!tfm) { > + tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0); > + if (IS_ERR(tfm)) { > + rc = PTR_ERR(tfm); > ecryptfs_printk(KERN_ERR, "Error attempting to " > "allocate crypto context; rc = [%d]\n", > rc); > goto out; > } > - crypt_stat->hash_tfm = desc.tfm; > - } > - rc = crypto_hash_init(&desc); > - if (rc) { > - printk(KERN_ERR > - "%s: Error initializing crypto hash; rc = [%d]\n", > - __func__, rc); > - goto out; > + crypt_stat->hash_tfm = tfm; > } > - rc = crypto_hash_update(&desc, &sg, len); > + rc = ecryptfs_hash_digest(tfm, src, len, dst); > if (rc) { > printk(KERN_ERR > - "%s: Error updating crypto hash; rc = [%d]\n", > - __func__, rc); > - goto out; > - } > - rc = crypto_hash_final(&desc, dst); > - if (rc) { > - printk(KERN_ERR > - "%s: Error finalizing crypto hash; rc = [%d]\n", > + "%s: Error computing crypto hash; rc = [%d]\n", > __func__, rc); > goto out; > } > @@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) > { > struct ecryptfs_key_sig *key_sig, *key_sig_tmp; > > - if (crypt_stat->tfm) > - crypto_free_ablkcipher(crypt_stat->tfm); > - if (crypt_stat->hash_tfm) > - crypto_free_hash(crypt_stat->hash_tfm); > + crypto_free_skcipher(crypt_stat->tfm); > + crypto_free_shash(crypt_stat->hash_tfm); > list_for_each_entry_safe(key_sig, key_sig_tmp, > &crypt_stat->keysig_list, crypt_stat_list) { > list_del(&key_sig->crypt_stat_list); > @@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, > struct scatterlist *src_sg, int size, > unsigned char *iv, int op) > { > - struct ablkcipher_request *req = NULL; > + struct skcipher_request *req = NULL; > struct extent_crypt_result ecr; > int rc = 0; > > @@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, > init_completion(&ecr.completion); > > mutex_lock(&crypt_stat->cs_tfm_mutex); > - req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); > + req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); > if (!req) { > mutex_unlock(&crypt_stat->cs_tfm_mutex); > rc = -ENOMEM; > goto out; > } > > - ablkcipher_request_set_callback(req, > + skcipher_request_set_callback(req, > CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, > extent_crypt_complete, &ecr); > /* Consider doing this once, when the file is opened */ > if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { > - rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, > - crypt_stat->key_size); > + rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key, > + crypt_stat->key_size); > if (rc) { > ecryptfs_printk(KERN_ERR, > "Error setting key; rc = [%d]\n", > @@ -383,9 +376,9 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, > crypt_stat->flags |= ECRYPTFS_KEY_SET; > } > mutex_unlock(&crypt_stat->cs_tfm_mutex); > - ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); > - rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : > - crypto_ablkcipher_decrypt(req); > + skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); > + rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) : > + crypto_skcipher_decrypt(req); > if (rc == -EINPROGRESS || rc == -EBUSY) { > struct extent_crypt_result *ecr = req->base.data; > > @@ -394,7 +387,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, > reinit_completion(&ecr->completion); > } > out: > - ablkcipher_request_free(req); > + skcipher_request_free(req); > return rc; > } > > @@ -622,7 +615,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) > crypt_stat->cipher, "cbc"); > if (rc) > goto out_unlock; > - crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0); > + crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0); > if (IS_ERR(crypt_stat->tfm)) { > rc = PTR_ERR(crypt_stat->tfm); > crypt_stat->tfm = NULL; > @@ -631,7 +624,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) > full_alg_name); > goto out_free; > } > - crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); > + crypto_skcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); > rc = 0; > out_free: > kfree(full_alg_name); > @@ -1591,7 +1584,7 @@ out: > * event, regardless of whether this function succeeds for fails. > */ > static int > -ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, > +ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm, > char *cipher_name, size_t *key_size) > { > char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; > @@ -1609,21 +1602,18 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, > "ecb"); > if (rc) > goto out; > - *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); > + *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); > if (IS_ERR(*key_tfm)) { > rc = PTR_ERR(*key_tfm); > printk(KERN_ERR "Unable to allocate crypto cipher with name " > "[%s]; rc = [%d]\n", full_alg_name, rc); > goto out; > } > - crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); > - if (*key_size == 0) { > - struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); > - > - *key_size = alg->max_keysize; > - } > + crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); > + if (*key_size == 0) > + *key_size = crypto_skcipher_default_keysize(*key_tfm); > get_random_bytes(dummy_key, *key_size); > - rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); > + rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size); > if (rc) { > printk(KERN_ERR "Error attempting to set key of size [%zd] for " > "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, > @@ -1660,8 +1650,7 @@ int ecryptfs_destroy_crypto(void) > list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, > key_tfm_list) { > list_del(&key_tfm->key_tfm_list); > - if (key_tfm->key_tfm) > - crypto_free_blkcipher(key_tfm->key_tfm); > + crypto_free_skcipher(key_tfm->key_tfm); > kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); > } > mutex_unlock(&key_tfm_list_mutex); > @@ -1747,7 +1736,7 @@ int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm) > * Searches for cached item first, and creates new if not found. > * Returns 0 on success, non-zero if adding new cipher failed > */ > -int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, > +int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, > struct mutex **tfm_mutex, > char *cipher_name) > { > @@ -2120,7 +2109,7 @@ out: > int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, > struct ecryptfs_mount_crypt_stat *mount_crypt_stat) > { > - struct blkcipher_desc desc; > + struct crypto_skcipher *tfm; > struct mutex *tfm_mutex; > size_t cipher_blocksize; > int rc; > @@ -2130,7 +2119,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, > return 0; > } > > - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, > + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, > mount_crypt_stat->global_default_fn_cipher_name); > if (unlikely(rc)) { > (*namelen) = 0; > @@ -2138,7 +2127,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, > } > > mutex_lock(tfm_mutex); > - cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); > + cipher_blocksize = crypto_skcipher_blocksize(tfm); > mutex_unlock(tfm_mutex); > > /* Return an exact amount for the common cases */ > diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h > index 7b39260..b7f8128 100644 > --- a/fs/ecryptfs/ecryptfs_kernel.h > +++ b/fs/ecryptfs/ecryptfs_kernel.h > @@ -28,6 +28,7 @@ > #ifndef ECRYPTFS_KERNEL_H > #define ECRYPTFS_KERNEL_H > > +#include <crypto/skcipher.h> > #include <keys/user-type.h> > #include <keys/encrypted-type.h> > #include <linux/fs.h> > @@ -38,7 +39,6 @@ > #include <linux/nsproxy.h> > #include <linux/backing-dev.h> > #include <linux/ecryptfs.h> > -#include <linux/crypto.h> > > #define ECRYPTFS_DEFAULT_IV_BYTES 16 > #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 > @@ -233,9 +233,9 @@ struct ecryptfs_crypt_stat { > size_t extent_shift; > unsigned int extent_mask; > struct ecryptfs_mount_crypt_stat *mount_crypt_stat; > - struct crypto_ablkcipher *tfm; > - struct crypto_hash *hash_tfm; /* Crypto context for generating > - * the initialization vectors */ > + struct crypto_skcipher *tfm; > + struct crypto_shash *hash_tfm; /* Crypto context for generating > + * the initialization vectors */ > unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; > unsigned char key[ECRYPTFS_MAX_KEY_BYTES]; > unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES]; > @@ -309,7 +309,7 @@ struct ecryptfs_global_auth_tok { > * keeps a list of crypto API contexts around to use when needed. > */ > struct ecryptfs_key_tfm { > - struct crypto_blkcipher *key_tfm; > + struct crypto_skcipher *key_tfm; > size_t key_size; > struct mutex key_tfm_mutex; > struct list_head key_tfm_list; > @@ -659,7 +659,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, > int ecryptfs_init_crypto(void); > int ecryptfs_destroy_crypto(void); > int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm); > -int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, > +int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, > struct mutex **tfm_mutex, > char *cipher_name); > int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, > diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c > index 040aa87..ed74d80 100644 > --- a/fs/ecryptfs/inode.c > +++ b/fs/ecryptfs/inode.c > @@ -29,7 +29,6 @@ > #include <linux/dcache.h> > #include <linux/namei.h> > #include <linux/mount.h> > -#include <linux/crypto.h> > #include <linux/fs_stack.h> > #include <linux/slab.h> > #include <linux/xattr.h> > diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c > index 6bd67e2..c5c84df 100644 > --- a/fs/ecryptfs/keystore.c > +++ b/fs/ecryptfs/keystore.c > @@ -25,11 +25,12 @@ > * 02111-1307, USA. > */ > > +#include <crypto/hash.h> > +#include <crypto/skcipher.h> > #include <linux/string.h> > #include <linux/pagemap.h> > #include <linux/key.h> > #include <linux/random.h> > -#include <linux/crypto.h> > #include <linux/scatterlist.h> > #include <linux/slab.h> > #include "ecryptfs_kernel.h" > @@ -601,12 +602,13 @@ struct ecryptfs_write_tag_70_packet_silly_stack { > struct ecryptfs_auth_tok *auth_tok; > struct scatterlist src_sg[2]; > struct scatterlist dst_sg[2]; > - struct blkcipher_desc desc; > + struct crypto_skcipher *skcipher_tfm; > + struct skcipher_request *skcipher_req; > char iv[ECRYPTFS_MAX_IV_BYTES]; > char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; > char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; > - struct hash_desc hash_desc; > - struct scatterlist hash_sg; > + struct crypto_shash *hash_tfm; > + struct shash_desc *hash_desc; > }; > > /** > @@ -629,14 +631,13 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > struct key *auth_tok_key = NULL; > int rc = 0; > > - s = kmalloc(sizeof(*s), GFP_KERNEL); > + s = kzalloc(sizeof(*s), GFP_KERNEL); > if (!s) { > printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " > "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); > rc = -ENOMEM; > goto out; > } > - s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; > (*packet_size) = 0; > rc = ecryptfs_find_auth_tok_for_sig( > &auth_tok_key, > @@ -649,7 +650,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > goto out; > } > rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( > - &s->desc.tfm, > + &s->skcipher_tfm, > &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); > if (unlikely(rc)) { > printk(KERN_ERR "Internal error whilst attempting to get " > @@ -658,7 +659,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > goto out; > } > mutex_lock(s->tfm_mutex); > - s->block_size = crypto_blkcipher_blocksize(s->desc.tfm); > + s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm); > /* Plus one for the \0 separator between the random prefix > * and the plaintext filename */ > s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1); > @@ -691,6 +692,19 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > rc = -EINVAL; > goto out_unlock; > } > + > + s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); > + if (!s->skcipher_req) { > + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " > + "skcipher_request_alloc for %s\n", __func__, > + crypto_skcipher_driver_name(s->skcipher_tfm)); > + rc = -ENOMEM; > + goto out_unlock; > + } > + > + skcipher_request_set_callback(s->skcipher_req, > + CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); > + > s->block_aligned_filename = kzalloc(s->block_aligned_filename_size, > GFP_KERNEL); > if (!s->block_aligned_filename) { > @@ -700,7 +714,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > rc = -ENOMEM; > goto out_unlock; > } > - s->i = 0; > dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE; > rc = ecryptfs_write_packet_length(&dest[s->i], > (ECRYPTFS_SIG_SIZE > @@ -738,40 +751,36 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > "password tokens\n", __func__); > goto out_free_unlock; > } > - sg_init_one( > - &s->hash_sg, > - (u8 *)s->auth_tok->token.password.session_key_encryption_key, > - s->auth_tok->token.password.session_key_encryption_key_bytes); > - s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; > - s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0, > - CRYPTO_ALG_ASYNC); > - if (IS_ERR(s->hash_desc.tfm)) { > - rc = PTR_ERR(s->hash_desc.tfm); > + s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0); > + if (IS_ERR(s->hash_tfm)) { > + rc = PTR_ERR(s->hash_tfm); > printk(KERN_ERR "%s: Error attempting to " > "allocate hash crypto context; rc = [%d]\n", > __func__, rc); > goto out_free_unlock; > } > - rc = crypto_hash_init(&s->hash_desc); > - if (rc) { > - printk(KERN_ERR > - "%s: Error initializing crypto hash; rc = [%d]\n", > - __func__, rc); > - goto out_release_free_unlock; > - } > - rc = crypto_hash_update( > - &s->hash_desc, &s->hash_sg, > - s->auth_tok->token.password.session_key_encryption_key_bytes); > - if (rc) { > - printk(KERN_ERR > - "%s: Error updating crypto hash; rc = [%d]\n", > - __func__, rc); > + > + s->hash_desc = kmalloc(sizeof(*s->hash_desc) + > + crypto_shash_descsize(s->hash_tfm), GFP_KERNEL); > + if (!s->hash_desc) { > + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " > + "kmalloc [%zd] bytes\n", __func__, > + sizeof(*s->hash_desc) + > + crypto_shash_descsize(s->hash_tfm)); > + rc = -ENOMEM; > goto out_release_free_unlock; > } > - rc = crypto_hash_final(&s->hash_desc, s->hash); > + > + s->hash_desc->tfm = s->hash_tfm; > + s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; > + > + rc = crypto_shash_digest(s->hash_desc, > + (u8 *)s->auth_tok->token.password.session_key_encryption_key, > + s->auth_tok->token.password.session_key_encryption_key_bytes, > + s->hash); > if (rc) { > printk(KERN_ERR > - "%s: Error finalizing crypto hash; rc = [%d]\n", > + "%s: Error computing crypto hash; rc = [%d]\n", > __func__, rc); > goto out_release_free_unlock; > } > @@ -780,27 +789,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)]; > if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE) > == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) { > - sg_init_one(&s->hash_sg, (u8 *)s->hash, > - ECRYPTFS_TAG_70_DIGEST_SIZE); > - rc = crypto_hash_init(&s->hash_desc); > - if (rc) { > - printk(KERN_ERR > - "%s: Error initializing crypto hash; " > - "rc = [%d]\n", __func__, rc); > - goto out_release_free_unlock; > - } > - rc = crypto_hash_update(&s->hash_desc, &s->hash_sg, > - ECRYPTFS_TAG_70_DIGEST_SIZE); > + rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash, > + ECRYPTFS_TAG_70_DIGEST_SIZE, > + s->tmp_hash); > if (rc) { > printk(KERN_ERR > - "%s: Error updating crypto hash; " > - "rc = [%d]\n", __func__, rc); > - goto out_release_free_unlock; > - } > - rc = crypto_hash_final(&s->hash_desc, s->tmp_hash); > - if (rc) { > - printk(KERN_ERR > - "%s: Error finalizing crypto hash; " > + "%s: Error computing crypto hash; " > "rc = [%d]\n", __func__, rc); > goto out_release_free_unlock; > } > @@ -834,10 +828,8 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > * of the IV here, so we just use 0's for the IV. Note the > * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES > * >= ECRYPTFS_MAX_IV_BYTES. */ > - memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); > - s->desc.info = s->iv; > - rc = crypto_blkcipher_setkey( > - s->desc.tfm, > + rc = crypto_skcipher_setkey( > + s->skcipher_tfm, > s->auth_tok->token.password.session_key_encryption_key, > mount_crypt_stat->global_default_fn_cipher_key_bytes); > if (rc < 0) { > @@ -850,8 +842,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > mount_crypt_stat->global_default_fn_cipher_key_bytes); > goto out_release_free_unlock; > } > - rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, > - s->block_aligned_filename_size); > + skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, > + s->block_aligned_filename_size, s->iv); > + rc = crypto_skcipher_encrypt(s->skcipher_req); > if (rc) { > printk(KERN_ERR "%s: Error attempting to encrypt filename; " > "rc = [%d]\n", __func__, rc); > @@ -861,7 +854,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, > (*packet_size) = s->i; > (*remaining_bytes) -= (*packet_size); > out_release_free_unlock: > - crypto_free_hash(s->hash_desc.tfm); > + crypto_free_shash(s->hash_tfm); > out_free_unlock: > kzfree(s->block_aligned_filename); > out_unlock: > @@ -871,6 +864,8 @@ out: > up_write(&(auth_tok_key->sem)); > key_put(auth_tok_key); > } > + skcipher_request_free(s->skcipher_req); > + kzfree(s->hash_desc); > kfree(s); > return rc; > } > @@ -888,7 +883,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack { > struct ecryptfs_auth_tok *auth_tok; > struct scatterlist src_sg[2]; > struct scatterlist dst_sg[2]; > - struct blkcipher_desc desc; > + struct crypto_skcipher *skcipher_tfm; > + struct skcipher_request *skcipher_req; > char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; > char iv[ECRYPTFS_MAX_IV_BYTES]; > char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; > @@ -922,14 +918,13 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, > (*packet_size) = 0; > (*filename_size) = 0; > (*filename) = NULL; > - s = kmalloc(sizeof(*s), GFP_KERNEL); > + s = kzalloc(sizeof(*s), GFP_KERNEL); > if (!s) { > printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " > "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); > rc = -ENOMEM; > goto out; > } > - s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; > if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { > printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " > "at least [%d]\n", __func__, max_packet_size, > @@ -992,7 +987,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, > rc); > goto out; > } > - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, > + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm, > &s->tfm_mutex, > s->cipher_string); > if (unlikely(rc)) { > @@ -1030,12 +1025,23 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, > __func__, rc, s->block_aligned_filename_size); > goto out_free_unlock; > } > + > + s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); > + if (!s->skcipher_req) { > + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " > + "skcipher_request_alloc for %s\n", __func__, > + crypto_skcipher_driver_name(s->skcipher_tfm)); > + rc = -ENOMEM; > + goto out_free_unlock; > + } > + > + skcipher_request_set_callback(s->skcipher_req, > + CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); > + > /* The characters in the first block effectively do the job of > * the IV here, so we just use 0's for the IV. Note the > * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES > * >= ECRYPTFS_MAX_IV_BYTES. */ > - memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); > - s->desc.info = s->iv; > /* TODO: Support other key modules than passphrase for > * filename encryption */ > if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { > @@ -1044,8 +1050,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, > "password tokens\n", __func__); > goto out_free_unlock; > } > - rc = crypto_blkcipher_setkey( > - s->desc.tfm, > + rc = crypto_skcipher_setkey( > + s->skcipher_tfm, > s->auth_tok->token.password.session_key_encryption_key, > mount_crypt_stat->global_default_fn_cipher_key_bytes); > if (rc < 0) { > @@ -1058,14 +1064,14 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, > mount_crypt_stat->global_default_fn_cipher_key_bytes); > goto out_free_unlock; > } > - rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, > - s->block_aligned_filename_size); > + skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, > + s->block_aligned_filename_size, s->iv); > + rc = crypto_skcipher_decrypt(s->skcipher_req); > if (rc) { > printk(KERN_ERR "%s: Error attempting to decrypt filename; " > "rc = [%d]\n", __func__, rc); > goto out_free_unlock; > } > - s->i = 0; > while (s->decrypted_filename[s->i] != '\0' > && s->i < s->block_aligned_filename_size) > s->i++; > @@ -1108,6 +1114,7 @@ out: > up_write(&(auth_tok_key->sem)); > key_put(auth_tok_key); > } > + skcipher_request_free(s->skcipher_req); > kfree(s); > return rc; > } > @@ -1667,9 +1674,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, > struct scatterlist dst_sg[2]; > struct scatterlist src_sg[2]; > struct mutex *tfm_mutex; > - struct blkcipher_desc desc = { > - .flags = CRYPTO_TFM_REQ_MAY_SLEEP > - }; > + struct crypto_skcipher *tfm; > + struct skcipher_request *req = NULL; > int rc = 0; > > if (unlikely(ecryptfs_verbosity > 0)) { > @@ -1680,7 +1686,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, > auth_tok->token.password.session_key_encryption_key, > auth_tok->token.password.session_key_encryption_key_bytes); > } > - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, > + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, > crypt_stat->cipher); > if (unlikely(rc)) { > printk(KERN_ERR "Internal error whilst attempting to get " > @@ -1711,8 +1717,20 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, > goto out; > } > mutex_lock(tfm_mutex); > - rc = crypto_blkcipher_setkey( > - desc.tfm, auth_tok->token.password.session_key_encryption_key, > + req = skcipher_request_alloc(tfm, GFP_KERNEL); > + if (!req) { > + mutex_unlock(tfm_mutex); > + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " > + "skcipher_request_alloc for %s\n", __func__, > + crypto_skcipher_driver_name(tfm)); > + rc = -ENOMEM; > + goto out; > + } > + > + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, > + NULL, NULL); > + rc = crypto_skcipher_setkey( > + tfm, auth_tok->token.password.session_key_encryption_key, > crypt_stat->key_size); > if (unlikely(rc < 0)) { > mutex_unlock(tfm_mutex); > @@ -1720,8 +1738,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, > rc = -EINVAL; > goto out; > } > - rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, > - auth_tok->session_key.encrypted_key_size); > + skcipher_request_set_crypt(req, src_sg, dst_sg, > + auth_tok->session_key.encrypted_key_size, > + NULL); > + rc = crypto_skcipher_decrypt(req); > mutex_unlock(tfm_mutex); > if (unlikely(rc)) { > printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); > @@ -1738,6 +1758,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, > crypt_stat->key_size); > } > out: > + skcipher_request_free(req); > return rc; > } > > @@ -2191,16 +2212,14 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, > size_t max_packet_size; > struct ecryptfs_mount_crypt_stat *mount_crypt_stat = > crypt_stat->mount_crypt_stat; > - struct blkcipher_desc desc = { > - .tfm = NULL, > - .flags = CRYPTO_TFM_REQ_MAY_SLEEP > - }; > + struct crypto_skcipher *tfm; > + struct skcipher_request *req; > int rc = 0; > > (*packet_size) = 0; > ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, > ECRYPTFS_SIG_SIZE); > - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, > + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, > crypt_stat->cipher); > if (unlikely(rc)) { > printk(KERN_ERR "Internal error whilst attempting to get " > @@ -2209,12 +2228,11 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, > goto out; > } > if (mount_crypt_stat->global_default_cipher_key_size == 0) { > - struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm); > - > printk(KERN_WARNING "No key size specified at mount; " > - "defaulting to [%d]\n", alg->max_keysize); > + "defaulting to [%d]\n", > + crypto_skcipher_default_keysize(tfm)); > mount_crypt_stat->global_default_cipher_key_size = > - alg->max_keysize; > + crypto_skcipher_default_keysize(tfm); > } > if (crypt_stat->key_size == 0) > crypt_stat->key_size = > @@ -2284,20 +2302,36 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, > goto out; > } > mutex_lock(tfm_mutex); > - rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, > - crypt_stat->key_size); > + rc = crypto_skcipher_setkey(tfm, session_key_encryption_key, > + crypt_stat->key_size); > if (rc < 0) { > mutex_unlock(tfm_mutex); > ecryptfs_printk(KERN_ERR, "Error setting key for crypto " > "context; rc = [%d]\n", rc); > goto out; > } > + > + req = skcipher_request_alloc(tfm, GFP_KERNEL); > + if (!req) { > + mutex_unlock(tfm_mutex); > + ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst " > + "attempting to skcipher_request_alloc for " > + "%s\n", crypto_skcipher_driver_name(tfm)); > + rc = -ENOMEM; > + goto out; > + } > + > + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, > + NULL, NULL); > + > rc = 0; > ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n", > crypt_stat->key_size); > - rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, > - (*key_rec).enc_key_size); > + skcipher_request_set_crypt(req, src_sg, dst_sg, > + (*key_rec).enc_key_size, NULL); > + rc = crypto_skcipher_encrypt(req); > mutex_unlock(tfm_mutex); > + skcipher_request_free(req); > if (rc) { > printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); > goto out; > diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c > index e25b6b0..8b0b4a7 100644 > --- a/fs/ecryptfs/main.c > +++ b/fs/ecryptfs/main.c > @@ -29,7 +29,6 @@ > #include <linux/module.h> > #include <linux/namei.h> > #include <linux/skbuff.h> > -#include <linux/crypto.h> > #include <linux/mount.h> > #include <linux/pagemap.h> > #include <linux/key.h> > diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c > index caba848..36c8b08 100644 > --- a/fs/ecryptfs/mmap.c > +++ b/fs/ecryptfs/mmap.c > @@ -30,7 +30,6 @@ > #include <linux/page-flags.h> > #include <linux/mount.h> > #include <linux/file.h> > -#include <linux/crypto.h> > #include <linux/scatterlist.h> > #include <linux/slab.h> > #include <asm/unaligned.h> > diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c > index afa1b81..77a486d 100644 > --- a/fs/ecryptfs/super.c > +++ b/fs/ecryptfs/super.c > @@ -29,7 +29,6 @@ > #include <linux/slab.h> > #include <linux/seq_file.h> > #include <linux/file.h> > -#include <linux/crypto.h> > #include <linux/statfs.h> > #include <linux/magic.h> > #include "ecryptfs_kernel.h" > -- > Email: Herbert Xu <herbert@gondor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 0/26] crypto: Use skcipher and ahash/shash where possible @ 2016-01-24 13:10 Herbert Xu 2016-01-24 13:17 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Herbert Xu 0 siblings, 1 reply; 5+ messages in thread From: Herbert Xu @ 2016-01-24 13:10 UTC (permalink / raw) To: Linux Crypto Mailing List, Linux Kernel Mailing List, netdev, devel, dm-devel, linux-wireless, linux-cifs, ecryptfs, linux-ext4, linux-f2fs-devel, linux-nfs, keyrings, linux-bluetooth, ceph-devel, linux-wpan, linux-afs, drbd-dev, linux-nfc, open-iscsi Hi: The crypto hash interface has been obsolete for many years and this series converts all remaining users to shash and ahash as appropriate. Despite the name ahash can be used synchronously and is the preferred interface for those dealing with SGs. The blkcipher and ablkcipher interfaces are also being phased out and is being replaced with the merged skcipher interface which is essentially the same as ablkcipher but without the implicit IV generators. This series converts all users of blkcipher and ablkcipher over to skcipher. If you have any objections please shout. Otherwise I would like to take these patches through the cryptodev tree so we can proceed with phasing out the obsolete interfaces. Thanks, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 9/26] eCryptfs: Use skcipher and shash 2016-01-24 13:10 [PATCH 0/26] crypto: Use skcipher and ahash/shash where possible Herbert Xu @ 2016-01-24 13:17 ` Herbert Xu 2016-01-24 13:38 ` kbuild test robot 0 siblings, 1 reply; 5+ messages in thread From: Herbert Xu @ 2016-01-24 13:17 UTC (permalink / raw) To: Linux Crypto Mailing List, Linux Kernel Mailing List, netdev, devel, dm-devel, linux-wireless, linux-cifs, ecryptfs, linux-ext4, linux-f2fs-devel, linux-nfs, keyrings, linux-bluetooth, ceph-devel, linux-wpan, linux-afs, drbd-dev, open-iscsi This patch replaces uses of ablkcipher and blkcipher with skcipher, and the long obsolete hash interface with shash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> --- fs/ecryptfs/crypto.c | 107 +++++++++----------- fs/ecryptfs/ecryptfs_kernel.h | 12 +- fs/ecryptfs/inode.c | 1 fs/ecryptfs/keystore.c | 217 ++++++++++++++++++++++++------------------ fs/ecryptfs/main.c | 1 fs/ecryptfs/mmap.c | 1 fs/ecryptfs/super.c | 1 7 files changed, 179 insertions(+), 161 deletions(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 80d6901..11255cb 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -23,6 +23,8 @@ * 02111-1307, USA. */ +#include <crypto/hash.h> +#include <crypto/skcipher.h> #include <linux/fs.h> #include <linux/mount.h> #include <linux/pagemap.h> @@ -30,7 +32,6 @@ #include <linux/compiler.h> #include <linux/key.h> #include <linux/namei.h> -#include <linux/crypto.h> #include <linux/file.h> #include <linux/scatterlist.h> #include <linux/slab.h> @@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size) } } +static int ecryptfs_hash_digest(struct crypto_shash *tfm, + char *src, int len, char *dst) +{ + SHASH_DESC_ON_STACK(desc, tfm); + int err; + + desc->tfm = tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + err = crypto_shash_digest(desc, src, len, dst); + shash_desc_zero(desc); + return err; +} + /** * ecryptfs_calculate_md5 - calculates the md5 of @src * @dst: Pointer to 16 bytes of allocated memory @@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst, struct ecryptfs_crypt_stat *crypt_stat, char *src, int len) { - struct scatterlist sg; - struct hash_desc desc = { - .tfm = crypt_stat->hash_tfm, - .flags = CRYPTO_TFM_REQ_MAY_SLEEP - }; + struct crypto_shash *tfm; int rc = 0; mutex_lock(&crypt_stat->cs_hash_tfm_mutex); - sg_init_one(&sg, (u8 *)src, len); - if (!desc.tfm) { - desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, - CRYPTO_ALG_ASYNC); - if (IS_ERR(desc.tfm)) { - rc = PTR_ERR(desc.tfm); + tfm = crypt_stat->hash_tfm; + if (!tfm) { + tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0); + if (IS_ERR(tfm)) { + rc = PTR_ERR(tfm); ecryptfs_printk(KERN_ERR, "Error attempting to " "allocate crypto context; rc = [%d]\n", rc); goto out; } - crypt_stat->hash_tfm = desc.tfm; - } - rc = crypto_hash_init(&desc); - if (rc) { - printk(KERN_ERR - "%s: Error initializing crypto hash; rc = [%d]\n", - __func__, rc); - goto out; + crypt_stat->hash_tfm = tfm; } - rc = crypto_hash_update(&desc, &sg, len); + rc = ecryptfs_hash_digest(tfm, src, len, dst); if (rc) { printk(KERN_ERR - "%s: Error updating crypto hash; rc = [%d]\n", - __func__, rc); - goto out; - } - rc = crypto_hash_final(&desc, dst); - if (rc) { - printk(KERN_ERR - "%s: Error finalizing crypto hash; rc = [%d]\n", + "%s: Error computing crypto hash; rc = [%d]\n", __func__, rc); goto out; } @@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) { struct ecryptfs_key_sig *key_sig, *key_sig_tmp; - if (crypt_stat->tfm) - crypto_free_ablkcipher(crypt_stat->tfm); - if (crypt_stat->hash_tfm) - crypto_free_hash(crypt_stat->hash_tfm); + crypto_free_skcipher(crypt_stat->tfm); + crypto_free_shash(crypt_stat->hash_tfm); list_for_each_entry_safe(key_sig, key_sig_tmp, &crypt_stat->keysig_list, crypt_stat_list) { list_del(&key_sig->crypt_stat_list); @@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, struct scatterlist *src_sg, int size, unsigned char *iv, int op) { - struct ablkcipher_request *req = NULL; + struct skcipher_request *req = NULL; struct extent_crypt_result ecr; int rc = 0; @@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, init_completion(&ecr.completion); mutex_lock(&crypt_stat->cs_tfm_mutex); - req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); + req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); if (!req) { mutex_unlock(&crypt_stat->cs_tfm_mutex); rc = -ENOMEM; goto out; } - ablkcipher_request_set_callback(req, + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, extent_crypt_complete, &ecr); /* Consider doing this once, when the file is opened */ if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { - rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, - crypt_stat->key_size); + rc = crypto_skcipher_setkey(crypt_stat->tfm, crypt_stat->key, + crypt_stat->key_size); if (rc) { ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", @@ -383,9 +376,9 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, crypt_stat->flags |= ECRYPTFS_KEY_SET; } mutex_unlock(&crypt_stat->cs_tfm_mutex); - ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); - rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : - crypto_ablkcipher_decrypt(req); + skcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); + rc = op == ENCRYPT ? crypto_skcipher_encrypt(req) : + crypto_skcipher_decrypt(req); if (rc == -EINPROGRESS || rc == -EBUSY) { struct extent_crypt_result *ecr = req->base.data; @@ -394,7 +387,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, reinit_completion(&ecr->completion); } out: - ablkcipher_request_free(req); + skcipher_request_free(req); return rc; } @@ -622,7 +615,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) crypt_stat->cipher, "cbc"); if (rc) goto out_unlock; - crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0); + crypt_stat->tfm = crypto_alloc_skcipher(full_alg_name, 0, 0); if (IS_ERR(crypt_stat->tfm)) { rc = PTR_ERR(crypt_stat->tfm); crypt_stat->tfm = NULL; @@ -631,7 +624,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) full_alg_name); goto out_free; } - crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); rc = 0; out_free: kfree(full_alg_name); @@ -1591,7 +1584,7 @@ out: * event, regardless of whether this function succeeds for fails. */ static int -ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, +ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm, char *cipher_name, size_t *key_size) { char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; @@ -1609,21 +1602,18 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, "ecb"); if (rc) goto out; - *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); + *key_tfm = crypto_alloc_skcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(*key_tfm)) { rc = PTR_ERR(*key_tfm); printk(KERN_ERR "Unable to allocate crypto cipher with name " "[%s]; rc = [%d]\n", full_alg_name, rc); goto out; } - crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); - if (*key_size == 0) { - struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); - - *key_size = alg->max_keysize; - } + crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); + if (*key_size == 0) + *key_size = crypto_skcipher_default_keysize(*key_tfm); get_random_bytes(dummy_key, *key_size); - rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); + rc = crypto_skcipher_setkey(*key_tfm, dummy_key, *key_size); if (rc) { printk(KERN_ERR "Error attempting to set key of size [%zd] for " "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name, @@ -1660,8 +1650,7 @@ int ecryptfs_destroy_crypto(void) list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, key_tfm_list) { list_del(&key_tfm->key_tfm_list); - if (key_tfm->key_tfm) - crypto_free_blkcipher(key_tfm->key_tfm); + crypto_free_skcipher(key_tfm->key_tfm); kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); } mutex_unlock(&key_tfm_list_mutex); @@ -1747,7 +1736,7 @@ int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm) * Searches for cached item first, and creates new if not found. * Returns 0 on success, non-zero if adding new cipher failed */ -int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, +int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, struct mutex **tfm_mutex, char *cipher_name) { @@ -2120,7 +2109,7 @@ out: int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { - struct blkcipher_desc desc; + struct crypto_skcipher *tfm; struct mutex *tfm_mutex; size_t cipher_blocksize; int rc; @@ -2130,7 +2119,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, return 0; } - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); if (unlikely(rc)) { (*namelen) = 0; @@ -2138,7 +2127,7 @@ int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, } mutex_lock(tfm_mutex); - cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); + cipher_blocksize = crypto_skcipher_blocksize(tfm); mutex_unlock(tfm_mutex); /* Return an exact amount for the common cases */ diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 7b39260..b7f8128 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -28,6 +28,7 @@ #ifndef ECRYPTFS_KERNEL_H #define ECRYPTFS_KERNEL_H +#include <crypto/skcipher.h> #include <keys/user-type.h> #include <keys/encrypted-type.h> #include <linux/fs.h> @@ -38,7 +39,6 @@ #include <linux/nsproxy.h> #include <linux/backing-dev.h> #include <linux/ecryptfs.h> -#include <linux/crypto.h> #define ECRYPTFS_DEFAULT_IV_BYTES 16 #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 @@ -233,9 +233,9 @@ struct ecryptfs_crypt_stat { size_t extent_shift; unsigned int extent_mask; struct ecryptfs_mount_crypt_stat *mount_crypt_stat; - struct crypto_ablkcipher *tfm; - struct crypto_hash *hash_tfm; /* Crypto context for generating - * the initialization vectors */ + struct crypto_skcipher *tfm; + struct crypto_shash *hash_tfm; /* Crypto context for generating + * the initialization vectors */ unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; unsigned char key[ECRYPTFS_MAX_KEY_BYTES]; unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES]; @@ -309,7 +309,7 @@ struct ecryptfs_global_auth_tok { * keeps a list of crypto API contexts around to use when needed. */ struct ecryptfs_key_tfm { - struct crypto_blkcipher *key_tfm; + struct crypto_skcipher *key_tfm; size_t key_size; struct mutex key_tfm_mutex; struct list_head key_tfm_list; @@ -659,7 +659,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, int ecryptfs_init_crypto(void); int ecryptfs_destroy_crypto(void); int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm); -int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, +int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_skcipher **tfm, struct mutex **tfm_mutex, char *cipher_name); int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 040aa87..ed74d80 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -29,7 +29,6 @@ #include <linux/dcache.h> #include <linux/namei.h> #include <linux/mount.h> -#include <linux/crypto.h> #include <linux/fs_stack.h> #include <linux/slab.h> #include <linux/xattr.h> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 6bd67e2..ea08b3c 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -25,11 +25,12 @@ * 02111-1307, USA. */ +#include <crypto/hash.h> +#include <crypto/skcipher.h> #include <linux/string.h> #include <linux/pagemap.h> #include <linux/key.h> #include <linux/random.h> -#include <linux/crypto.h> #include <linux/scatterlist.h> #include <linux/slab.h> #include "ecryptfs_kernel.h" @@ -601,12 +602,13 @@ struct ecryptfs_write_tag_70_packet_silly_stack { struct ecryptfs_auth_tok *auth_tok; struct scatterlist src_sg[2]; struct scatterlist dst_sg[2]; - struct blkcipher_desc desc; + struct crypto_skcipher *skcipher_tfm; + struct skcipher_request *skcipher_req; char iv[ECRYPTFS_MAX_IV_BYTES]; char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; char tmp_hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; - struct hash_desc hash_desc; - struct scatterlist hash_sg; + struct crypto_shash *hash_tfm; + struct shash_desc *hash_desc; }; /** @@ -629,14 +631,13 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, struct key *auth_tok_key = NULL; int rc = 0; - s = kmalloc(sizeof(*s), GFP_KERNEL); + s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) { printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); rc = -ENOMEM; goto out; } - s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; (*packet_size) = 0; rc = ecryptfs_find_auth_tok_for_sig( &auth_tok_key, @@ -649,7 +650,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, goto out; } rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( - &s->desc.tfm, + &s->skcipher_tfm, &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); if (unlikely(rc)) { printk(KERN_ERR "Internal error whilst attempting to get " @@ -658,7 +659,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, goto out; } mutex_lock(s->tfm_mutex); - s->block_size = crypto_blkcipher_blocksize(s->desc.tfm); + s->block_size = crypto_skcipher_blocksize(s->skcipher_tfm); /* Plus one for the \0 separator between the random prefix * and the plaintext filename */ s->num_rand_bytes = (ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES + 1); @@ -691,6 +692,19 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, rc = -EINVAL; goto out_unlock; } + + s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); + if (!s->skcipher_req) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "skcipher_request_alloc for %s\n", __func__, + crypto_skcipher_driver_name(s->skcipher_tfm)); + rc = -ENOMEM; + goto out_unlock; + } + + skcipher_request_set_callback(s->skcipher_req, + CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); + s->block_aligned_filename = kzalloc(s->block_aligned_filename_size, GFP_KERNEL); if (!s->block_aligned_filename) { @@ -700,7 +714,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, rc = -ENOMEM; goto out_unlock; } - s->i = 0; dest[s->i++] = ECRYPTFS_TAG_70_PACKET_TYPE; rc = ecryptfs_write_packet_length(&dest[s->i], (ECRYPTFS_SIG_SIZE @@ -738,40 +751,36 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, "password tokens\n", __func__); goto out_free_unlock; } - sg_init_one( - &s->hash_sg, - (u8 *)s->auth_tok->token.password.session_key_encryption_key, - s->auth_tok->token.password.session_key_encryption_key_bytes); - s->hash_desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; - s->hash_desc.tfm = crypto_alloc_hash(ECRYPTFS_TAG_70_DIGEST, 0, - CRYPTO_ALG_ASYNC); - if (IS_ERR(s->hash_desc.tfm)) { - rc = PTR_ERR(s->hash_desc.tfm); + s->hash_tfm = crypto_alloc_shash(ECRYPTFS_TAG_70_DIGEST, 0, 0); + if (IS_ERR(s->hash_tfm)) { + rc = PTR_ERR(s->hash_tfm); printk(KERN_ERR "%s: Error attempting to " "allocate hash crypto context; rc = [%d]\n", __func__, rc); goto out_free_unlock; } - rc = crypto_hash_init(&s->hash_desc); - if (rc) { - printk(KERN_ERR - "%s: Error initializing crypto hash; rc = [%d]\n", - __func__, rc); - goto out_release_free_unlock; - } - rc = crypto_hash_update( - &s->hash_desc, &s->hash_sg, - s->auth_tok->token.password.session_key_encryption_key_bytes); - if (rc) { - printk(KERN_ERR - "%s: Error updating crypto hash; rc = [%d]\n", - __func__, rc); + + s->hash_desc = kmalloc(sizeof(*s->hash_desc) + + crypto_shash_descsize(s->hash_tfm), GFP_KERNEL); + if (!s->hash_desc) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "kmalloc [%zd] bytes\n", __func__, + sizeof(*s->hash_desc) + + crypto_shash_descsize(s->hash_tfm)); + rc = -ENOMEM; goto out_release_free_unlock; } - rc = crypto_hash_final(&s->hash_desc, s->hash); + + s->hash_desc->tfm = s->hash_tfm; + s->hash_desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + + rc = crypto_shash_digest(s->hash_desc, + (u8 *)s->auth_tok->token.password.session_key_encryption_key, + s->auth_tok->token.password.session_key_encryption_key_bytes, + s->hash); if (rc) { printk(KERN_ERR - "%s: Error finalizing crypto hash; rc = [%d]\n", + "%s: Error computing crypto hash; rc = [%d]\n", __func__, rc); goto out_release_free_unlock; } @@ -780,27 +789,12 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, s->hash[(s->j % ECRYPTFS_TAG_70_DIGEST_SIZE)]; if ((s->j % ECRYPTFS_TAG_70_DIGEST_SIZE) == (ECRYPTFS_TAG_70_DIGEST_SIZE - 1)) { - sg_init_one(&s->hash_sg, (u8 *)s->hash, - ECRYPTFS_TAG_70_DIGEST_SIZE); - rc = crypto_hash_init(&s->hash_desc); - if (rc) { - printk(KERN_ERR - "%s: Error initializing crypto hash; " - "rc = [%d]\n", __func__, rc); - goto out_release_free_unlock; - } - rc = crypto_hash_update(&s->hash_desc, &s->hash_sg, - ECRYPTFS_TAG_70_DIGEST_SIZE); + rc = crypto_shash_digest(s->hash_desc, (u8 *)s->hash, + ECRYPTFS_TAG_70_DIGEST_SIZE, + s->tmp_hash); if (rc) { printk(KERN_ERR - "%s: Error updating crypto hash; " - "rc = [%d]\n", __func__, rc); - goto out_release_free_unlock; - } - rc = crypto_hash_final(&s->hash_desc, s->tmp_hash); - if (rc) { - printk(KERN_ERR - "%s: Error finalizing crypto hash; " + "%s: Error computing crypto hash; " "rc = [%d]\n", __func__, rc); goto out_release_free_unlock; } @@ -834,10 +828,8 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, * of the IV here, so we just use 0's for the IV. Note the * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES * >= ECRYPTFS_MAX_IV_BYTES. */ - memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); - s->desc.info = s->iv; - rc = crypto_blkcipher_setkey( - s->desc.tfm, + rc = crypto_skcipher_setkey( + s->skcipher_tfm, s->auth_tok->token.password.session_key_encryption_key, mount_crypt_stat->global_default_fn_cipher_key_bytes); if (rc < 0) { @@ -850,8 +842,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, mount_crypt_stat->global_default_fn_cipher_key_bytes); goto out_release_free_unlock; } - rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, - s->block_aligned_filename_size); + skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, + s->block_aligned_filename_size, s->iv); + rc = crypto_skcipher_encrypt(s->skcipher_req); if (rc) { printk(KERN_ERR "%s: Error attempting to encrypt filename; " "rc = [%d]\n", __func__, rc); @@ -861,7 +854,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, (*packet_size) = s->i; (*remaining_bytes) -= (*packet_size); out_release_free_unlock: - crypto_free_hash(s->hash_desc.tfm); + crypto_free_shash(s->hash_tfm); out_free_unlock: kzfree(s->block_aligned_filename); out_unlock: @@ -871,6 +864,8 @@ out: up_write(&(auth_tok_key->sem)); key_put(auth_tok_key); } + skcipher_request_free(s->skcipher_req); + kzfree(s->hash_desc); kfree(s); return rc; } @@ -888,7 +883,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack { struct ecryptfs_auth_tok *auth_tok; struct scatterlist src_sg[2]; struct scatterlist dst_sg[2]; - struct blkcipher_desc desc; + struct crypto_skcipher *skcipher_tfm; + struct skcipher_request *skcipher_req; char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; char iv[ECRYPTFS_MAX_IV_BYTES]; char cipher_string[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; @@ -922,14 +918,13 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, (*packet_size) = 0; (*filename_size) = 0; (*filename) = NULL; - s = kmalloc(sizeof(*s), GFP_KERNEL); + s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) { printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc " "[%zd] bytes of kernel memory\n", __func__, sizeof(*s)); rc = -ENOMEM; goto out; } - s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " "at least [%d]\n", __func__, max_packet_size, @@ -992,7 +987,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, rc); goto out; } - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->skcipher_tfm, &s->tfm_mutex, s->cipher_string); if (unlikely(rc)) { @@ -1030,12 +1025,23 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, __func__, rc, s->block_aligned_filename_size); goto out_free_unlock; } + + s->skcipher_req = skcipher_request_alloc(s->skcipher_tfm, GFP_KERNEL); + if (!s->skcipher_req) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "skcipher_request_alloc for %s\n", __func__, + crypto_skcipher_driver_name(s->skcipher_tfm)); + rc = -ENOMEM; + goto out_free_unlock; + } + + skcipher_request_set_callback(s->skcipher_req, + CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); + /* The characters in the first block effectively do the job of * the IV here, so we just use 0's for the IV. Note the * constraint that ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES * >= ECRYPTFS_MAX_IV_BYTES. */ - memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); - s->desc.info = s->iv; /* TODO: Support other key modules than passphrase for * filename encryption */ if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { @@ -1044,8 +1050,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, "password tokens\n", __func__); goto out_free_unlock; } - rc = crypto_blkcipher_setkey( - s->desc.tfm, + rc = crypto_skcipher_setkey( + s->skcipher_tfm, s->auth_tok->token.password.session_key_encryption_key, mount_crypt_stat->global_default_fn_cipher_key_bytes); if (rc < 0) { @@ -1058,14 +1064,14 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, mount_crypt_stat->global_default_fn_cipher_key_bytes); goto out_free_unlock; } - rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, - s->block_aligned_filename_size); + skcipher_request_set_crypt(s->skcipher_req, s->src_sg, s->dst_sg, + s->block_aligned_filename_size, s->iv); + rc = crypto_skcipher_decrypt(s->skcipher_req); if (rc) { printk(KERN_ERR "%s: Error attempting to decrypt filename; " "rc = [%d]\n", __func__, rc); goto out_free_unlock; } - s->i = 0; while (s->decrypted_filename[s->i] != '\0' && s->i < s->block_aligned_filename_size) s->i++; @@ -1108,6 +1114,7 @@ out: up_write(&(auth_tok_key->sem)); key_put(auth_tok_key); } + skcipher_request_free(s->skcipher_req); kfree(s); return rc; } @@ -1667,9 +1674,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, struct scatterlist dst_sg[2]; struct scatterlist src_sg[2]; struct mutex *tfm_mutex; - struct blkcipher_desc desc = { - .flags = CRYPTO_TFM_REQ_MAY_SLEEP - }; + struct crypto_skcipher *tfm; + struct skcipher_request *req = NULL; int rc = 0; if (unlikely(ecryptfs_verbosity > 0)) { @@ -1680,7 +1686,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, auth_tok->token.password.session_key_encryption_key, auth_tok->token.password.session_key_encryption_key_bytes); } - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, crypt_stat->cipher); if (unlikely(rc)) { printk(KERN_ERR "Internal error whilst attempting to get " @@ -1711,8 +1717,19 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, goto out; } mutex_lock(tfm_mutex); - rc = crypto_blkcipher_setkey( - desc.tfm, auth_tok->token.password.session_key_encryption_key, + req = skcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) { + printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " + "skcipher_request_alloc for %s\n", __func__, + crypto_skcipher_driver_name(tfm)); + rc = -ENOMEM; + goto out; + } + + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, + NULL, NULL); + rc = crypto_skcipher_setkey( + tfm, auth_tok->token.password.session_key_encryption_key, crypt_stat->key_size); if (unlikely(rc < 0)) { mutex_unlock(tfm_mutex); @@ -1720,8 +1737,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, rc = -EINVAL; goto out; } - rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, - auth_tok->session_key.encrypted_key_size); + skcipher_request_set_crypt(req, src_sg, dst_sg, + auth_tok->session_key.encrypted_key_size, + NULL); + rc = crypto_skcipher_decrypt(req); mutex_unlock(tfm_mutex); if (unlikely(rc)) { printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc); @@ -1738,6 +1757,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, crypt_stat->key_size); } out: + skcipher_request_free(req); return rc; } @@ -2191,16 +2211,14 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, size_t max_packet_size; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = crypt_stat->mount_crypt_stat; - struct blkcipher_desc desc = { - .tfm = NULL, - .flags = CRYPTO_TFM_REQ_MAY_SLEEP - }; + struct crypto_skcipher *tfm; + struct skcipher_request *req; int rc = 0; (*packet_size) = 0; ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, ECRYPTFS_SIG_SIZE); - rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&tfm, &tfm_mutex, crypt_stat->cipher); if (unlikely(rc)) { printk(KERN_ERR "Internal error whilst attempting to get " @@ -2209,12 +2227,11 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, goto out; } if (mount_crypt_stat->global_default_cipher_key_size == 0) { - struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm); - printk(KERN_WARNING "No key size specified at mount; " - "defaulting to [%d]\n", alg->max_keysize); + "defaulting to [%d]\n", + crypto_skcipher_default_keysize(tfm)); mount_crypt_stat->global_default_cipher_key_size = - alg->max_keysize; + crypto_skcipher_default_keysize(tfm); } if (crypt_stat->key_size == 0) crypt_stat->key_size = @@ -2284,20 +2301,36 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, goto out; } mutex_lock(tfm_mutex); - rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, - crypt_stat->key_size); + rc = crypto_skcipher_setkey(tfm, session_key_encryption_key, + crypt_stat->key_size); if (rc < 0) { mutex_unlock(tfm_mutex); ecryptfs_printk(KERN_ERR, "Error setting key for crypto " "context; rc = [%d]\n", rc); goto out; } + + req = skcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) { + mutex_unlock(tfm_mutex); + ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst " + "attempting to skcipher_request_alloc for " + "%s\n", crypto_skcipher_driver_name(tfm)); + rc = -ENOMEM; + goto out; + } + + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, + NULL, NULL); + rc = 0; ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n", crypt_stat->key_size); - rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, - (*key_rec).enc_key_size); + skcipher_request_set_crypt(req, src_sg, dst_sg, + (*key_rec).enc_key_size, NULL); + rc = crypto_skcipher_encrypt(req); mutex_unlock(tfm_mutex); + skcipher_request_free(req); if (rc) { printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc); goto out; diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index e25b6b0..8b0b4a7 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -29,7 +29,6 @@ #include <linux/module.h> #include <linux/namei.h> #include <linux/skbuff.h> -#include <linux/crypto.h> #include <linux/mount.h> #include <linux/pagemap.h> #include <linux/key.h> diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index caba848..36c8b08 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c @@ -30,7 +30,6 @@ #include <linux/page-flags.h> #include <linux/mount.h> #include <linux/file.h> -#include <linux/crypto.h> #include <linux/scatterlist.h> #include <linux/slab.h> #include <asm/unaligned.h> diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c index afa1b81..77a486d 100644 --- a/fs/ecryptfs/super.c +++ b/fs/ecryptfs/super.c @@ -29,7 +29,6 @@ #include <linux/slab.h> #include <linux/seq_file.h> #include <linux/file.h> -#include <linux/crypto.h> #include <linux/statfs.h> #include <linux/magic.h> #include "ecryptfs_kernel.h" ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 9/26] eCryptfs: Use skcipher and shash 2016-01-24 13:17 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Herbert Xu @ 2016-01-24 13:38 ` kbuild test robot 0 siblings, 0 replies; 5+ messages in thread From: kbuild test robot @ 2016-01-24 13:38 UTC (permalink / raw) To: Herbert Xu Cc: kbuild-all, Linux Crypto Mailing List, Linux Kernel Mailing List, netdev, devel, dm-devel, linux-wireless, linux-cifs, ecryptfs, linux-ext4, linux-f2fs-devel, linux-nfs, keyrings, linux-bluetooth, ceph-devel, linux-wpan, linux-afs, drbd-dev, open-iscsi [-- Attachment #1: Type: text/plain, Size: 4963 bytes --] Hi Herbert, [auto build test ERROR on net/master] [also build test ERROR on v4.4 next-20160122] [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 config: x86_64-randconfig-x012-201604 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All error/warnings (new ones prefixed by >>): fs/ecryptfs/crypto.c: In function 'ecryptfs_hash_digest': >> fs/ecryptfs/crypto.c:87:2: error: implicit declaration of function 'shash_desc_zero' [-Werror=implicit-function-declaration] shash_desc_zero(desc); ^ fs/ecryptfs/crypto.c: In function 'ecryptfs_process_key_cipher': >> fs/ecryptfs/crypto.c:1614:15: error: implicit declaration of function 'crypto_skcipher_default_keysize' [-Werror=implicit-function-declaration] *key_size = crypto_skcipher_default_keysize(*key_tfm); ^ cc1: some warnings being treated as errors -- fs/ecryptfs/keystore.c: In function 'ecryptfs_write_tag_70_packet': >> fs/ecryptfs/keystore.c:700:10: error: implicit declaration of function 'crypto_skcipher_driver_name' [-Werror=implicit-function-declaration] crypto_skcipher_driver_name(s->skcipher_tfm)); ^ In file included from include/linux/printk.h:6:0, from include/linux/kernel.h:13, from include/linux/crypto.h:21, from include/crypto/hash.h:16, from fs/ecryptfs/keystore.c:28: >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ >> fs/ecryptfs/keystore.c:698:10: note: in expansion of macro 'KERN_ERR' printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " ^ fs/ecryptfs/keystore.c: In function 'ecryptfs_parse_tag_70_packet': >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ fs/ecryptfs/keystore.c:1031:10: note: in expansion of macro 'KERN_ERR' printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " ^ fs/ecryptfs/keystore.c: In function 'decrypt_passphrase_encrypted_session_key': >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ fs/ecryptfs/keystore.c:1722:10: note: in expansion of macro 'KERN_ERR' printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " ^ fs/ecryptfs/keystore.c: In function 'write_tag_3_packet': >> fs/ecryptfs/keystore.c:2232:10: error: implicit declaration of function 'crypto_skcipher_default_keysize' [-Werror=implicit-function-declaration] crypto_skcipher_default_keysize(tfm)); ^ In file included from fs/ecryptfs/keystore.c:36:0: >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ fs/ecryptfs/ecryptfs_kernel.h:530:27: note: in definition of macro 'ecryptfs_printk' __ecryptfs_printk(type "%s: " fmt, __func__, ## arg); ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ fs/ecryptfs/keystore.c:2316:19: note: in expansion of macro 'KERN_ERR' ecryptfs_printk(KERN_ERR, "Out of kernel memory whilst " ^ cc1: some warnings being treated as errors vim +/shash_desc_zero +87 fs/ecryptfs/crypto.c 81 SHASH_DESC_ON_STACK(desc, tfm); 82 int err; 83 84 desc->tfm = tfm; 85 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 86 err = crypto_shash_digest(desc, src, len, dst); > 87 shash_desc_zero(desc); 88 return err; 89 } 90 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation [-- Attachment #2: .config.gz --] [-- Type: application/octet-stream, Size: 23536 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-01-29 17:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <201601250207.1gdHywwq%fengguang.wu@intel.com>
[not found] ` <201601250207.1gdHywwq%fengguang.wu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-01-24 18:10 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Julia Lawall
2016-01-25 2:29 ` [v2 PATCH " Herbert Xu
2016-01-29 17:22 ` Tyler Hicks
2016-01-24 13:10 [PATCH 0/26] crypto: Use skcipher and ahash/shash where possible Herbert Xu
2016-01-24 13:17 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Herbert Xu
2016-01-24 13:38 ` kbuild test robot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox