From 12003e5b18ca33807b3f9448309ec92184192b85 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Tue, 16 Apr 2013 23:21:24 -0700 Subject: eCryptfs: Use entire helper page during page crypto operations When encrypting eCryptfs pages and decrypting pages from the lower filesystem, utilize the entire helper page rather than only the first 4096 bytes. This only affects architectures where PAGE_CACHE_SIZE is larger than 4096 bytes. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index f71ec125290d..e8976c004669 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -450,10 +450,11 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0, - page, (extent_offset - * crypt_stat->extent_size), - crypt_stat->extent_size, extent_iv); + rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, + extent_offset * crypt_stat->extent_size, + page, + extent_offset * crypt_stat->extent_size, + crypt_stat->extent_size, extent_iv); if (rc < 0) { printk(KERN_ERR "%s: Error attempting to encrypt page with " "page->index = [%ld], extent_offset = [%ld]; " @@ -520,8 +521,9 @@ int ecryptfs_encrypt_page(struct page *page) * (PAGE_CACHE_SIZE / crypt_stat->extent_size)) + extent_offset), crypt_stat); - rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, - offset, crypt_stat->extent_size); + rc = ecryptfs_write_lower(ecryptfs_inode, (enc_extent_virt + + extent_offset * crypt_stat->extent_size), + offset, crypt_stat->extent_size); if (rc < 0) { ecryptfs_printk(KERN_ERR, "Error attempting " "to write lower page; rc = [%d]" @@ -558,10 +560,10 @@ static int ecryptfs_decrypt_extent(struct page *page, goto out; } rc = ecryptfs_decrypt_page_offset(crypt_stat, page, - (extent_offset - * crypt_stat->extent_size), - enc_extent_page, 0, - crypt_stat->extent_size, extent_iv); + extent_offset * crypt_stat->extent_size, + enc_extent_page, + extent_offset * crypt_stat->extent_size, + crypt_stat->extent_size, extent_iv); if (rc < 0) { printk(KERN_ERR "%s: Error attempting to decrypt to page with " "page->index = [%ld], extent_offset = [%ld]; " @@ -620,9 +622,10 @@ int ecryptfs_decrypt_page(struct page *page) &offset, ((page->index * (PAGE_CACHE_SIZE / crypt_stat->extent_size)) + extent_offset), crypt_stat); - rc = ecryptfs_read_lower(enc_extent_virt, offset, - crypt_stat->extent_size, - ecryptfs_inode); + rc = ecryptfs_read_lower((enc_extent_virt + + extent_offset * crypt_stat->extent_size), + offset, crypt_stat->extent_size, + ecryptfs_inode); if (rc < 0) { ecryptfs_printk(KERN_ERR, "Error attempting " "to read lower page; rc = [%d]" -- cgit v1.2.3 From 0f89617623fed9541ead9497043e907466848a9f Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Mon, 15 Apr 2013 16:16:24 -0700 Subject: eCryptfs: Read/write entire page during page IO When reading and writing encrypted pages, perform IO using the entire page all at once rather than 4096 bytes at a time. This only affects architectures where PAGE_CACHE_SIZE is larger than 4096 bytes. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 66 ++++++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 35 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index e8976c004669..4185584594f5 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -490,6 +490,7 @@ int ecryptfs_encrypt_page(struct page *page) char *enc_extent_virt; struct page *enc_extent_page = NULL; loff_t extent_offset; + loff_t lower_offset; int rc = 0; ecryptfs_inode = page->mapping->host; @@ -503,12 +504,10 @@ int ecryptfs_encrypt_page(struct page *page) "encrypted extent\n"); goto out; } - enc_extent_virt = kmap(enc_extent_page); + for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - loff_t offset; - rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page, extent_offset); if (rc) { @@ -516,25 +515,24 @@ int ecryptfs_encrypt_page(struct page *page) "rc = [%d]\n", __func__, rc); goto out; } - ecryptfs_lower_offset_for_extent( - &offset, ((((loff_t)page->index) - * (PAGE_CACHE_SIZE - / crypt_stat->extent_size)) - + extent_offset), crypt_stat); - rc = ecryptfs_write_lower(ecryptfs_inode, (enc_extent_virt + - extent_offset * crypt_stat->extent_size), - offset, crypt_stat->extent_size); - if (rc < 0) { - ecryptfs_printk(KERN_ERR, "Error attempting " - "to write lower page; rc = [%d]" - "\n", rc); - goto out; - } + } + + ecryptfs_lower_offset_for_extent(&lower_offset, + page->index * (PAGE_CACHE_SIZE / crypt_stat->extent_size), + crypt_stat); + enc_extent_virt = kmap(enc_extent_page); + rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset, + PAGE_CACHE_SIZE); + kunmap(enc_extent_page); + if (rc < 0) { + ecryptfs_printk(KERN_ERR, + "Error attempting to write lower page; rc = [%d]\n", + rc); + goto out; } rc = 0; out: if (enc_extent_page) { - kunmap(enc_extent_page); __free_page(enc_extent_page); } return rc; @@ -599,6 +597,7 @@ int ecryptfs_decrypt_page(struct page *page) char *enc_extent_virt; struct page *enc_extent_page = NULL; unsigned long extent_offset; + loff_t lower_offset; int rc = 0; ecryptfs_inode = page->mapping->host; @@ -612,26 +611,24 @@ int ecryptfs_decrypt_page(struct page *page) "encrypted extent\n"); goto out; } + + ecryptfs_lower_offset_for_extent(&lower_offset, + page->index * (PAGE_CACHE_SIZE / crypt_stat->extent_size), + crypt_stat); enc_extent_virt = kmap(enc_extent_page); + rc = ecryptfs_read_lower(enc_extent_virt, lower_offset, PAGE_CACHE_SIZE, + ecryptfs_inode); + kunmap(enc_extent_page); + if (rc < 0) { + ecryptfs_printk(KERN_ERR, + "Error attempting to read lower page; rc = [%d]\n", + rc); + goto out; + } + for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - loff_t offset; - - ecryptfs_lower_offset_for_extent( - &offset, ((page->index * (PAGE_CACHE_SIZE - / crypt_stat->extent_size)) - + extent_offset), crypt_stat); - rc = ecryptfs_read_lower((enc_extent_virt + - extent_offset * crypt_stat->extent_size), - offset, crypt_stat->extent_size, - ecryptfs_inode); - if (rc < 0) { - ecryptfs_printk(KERN_ERR, "Error attempting " - "to read lower page; rc = [%d]" - "\n", rc); - goto out; - } rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page, extent_offset); if (rc) { @@ -642,7 +639,6 @@ int ecryptfs_decrypt_page(struct page *page) } out: if (enc_extent_page) { - kunmap(enc_extent_page); __free_page(enc_extent_page); } return rc; -- cgit v1.2.3 From 24d15266bd86b7961f309a962fa3aa177a78c49f Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Mon, 15 Apr 2013 17:28:09 -0700 Subject: eCryptfs: Simplify lower file offset calculation Now that lower filesystem IO operations occur for complete PAGE_CACHE_SIZE bytes, the calculation for converting an eCryptfs extent index into a lower file offset can be simplified. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 4185584594f5..3547708fb4e1 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -407,15 +407,15 @@ out: } /** - * ecryptfs_lower_offset_for_extent + * lower_offset_for_page * * Convert an eCryptfs page index into a lower byte offset */ -static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, - struct ecryptfs_crypt_stat *crypt_stat) +static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, + struct page *page) { - (*offset) = ecryptfs_lower_header_size(crypt_stat) - + (crypt_stat->extent_size * extent_num); + return ecryptfs_lower_header_size(crypt_stat) + + (page->index << PAGE_CACHE_SHIFT); } /** @@ -517,9 +517,7 @@ int ecryptfs_encrypt_page(struct page *page) } } - ecryptfs_lower_offset_for_extent(&lower_offset, - page->index * (PAGE_CACHE_SIZE / crypt_stat->extent_size), - crypt_stat); + lower_offset = lower_offset_for_page(crypt_stat, page); enc_extent_virt = kmap(enc_extent_page); rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, lower_offset, PAGE_CACHE_SIZE); @@ -612,9 +610,7 @@ int ecryptfs_decrypt_page(struct page *page) goto out; } - ecryptfs_lower_offset_for_extent(&lower_offset, - page->index * (PAGE_CACHE_SIZE / crypt_stat->extent_size), - crypt_stat); + lower_offset = lower_offset_for_page(crypt_stat, page); enc_extent_virt = kmap(enc_extent_page); rc = ecryptfs_read_lower(enc_extent_virt, lower_offset, PAGE_CACHE_SIZE, ecryptfs_inode); -- cgit v1.2.3 From 28916d1ac1dd658773717e8eddc7c4ceeefc19b8 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Mon, 15 Apr 2013 16:37:27 -0700 Subject: eCryptfs: Accept one offset parameter in page offset crypto functions There is no longer a need to accept different offset values for the source and destination pages when encrypting/decrypting an extent in an eCryptfs page. The two offsets can be collapsed into a single parameter. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 42 ++++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 26 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 3547708fb4e1..ec640ebcdea8 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -39,14 +39,12 @@ static int ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, int dst_offset, - struct page *src_page, int src_offset, int size, - unsigned char *iv); + struct page *dst_page, struct page *src_page, + int offset, int size, unsigned char *iv); static int ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, int dst_offset, - struct page *src_page, int src_offset, int size, - unsigned char *iv); + struct page *dst_page, struct page *src_page, + int offset, int size, unsigned char *iv); /** * ecryptfs_to_hex @@ -450,9 +448,7 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, - extent_offset * crypt_stat->extent_size, - page, + rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, page, extent_offset * crypt_stat->extent_size, crypt_stat->extent_size, extent_iv); if (rc < 0) { @@ -555,9 +551,7 @@ static int ecryptfs_decrypt_extent(struct page *page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = ecryptfs_decrypt_page_offset(crypt_stat, page, - extent_offset * crypt_stat->extent_size, - enc_extent_page, + rc = ecryptfs_decrypt_page_offset(crypt_stat, page, enc_extent_page, extent_offset * crypt_stat->extent_size, crypt_stat->extent_size, extent_iv); if (rc < 0) { @@ -716,9 +710,8 @@ out: * ecryptfs_encrypt_page_offset * @crypt_stat: The cryptographic context * @dst_page: The page to encrypt into - * @dst_offset: The offset in the page to encrypt into * @src_page: The page to encrypt from - * @src_offset: The offset in the page to encrypt from + * @offset: The byte offset into the dst_page and src_page * @size: The number of bytes to encrypt * @iv: The initialization vector to use for the encryption * @@ -726,17 +719,16 @@ out: */ static int ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, int dst_offset, - struct page *src_page, int src_offset, int size, - unsigned char *iv) + struct page *dst_page, struct page *src_page, + int offset, int size, unsigned char *iv) { struct scatterlist src_sg, dst_sg; sg_init_table(&src_sg, 1); sg_init_table(&dst_sg, 1); - sg_set_page(&src_sg, src_page, size, src_offset); - sg_set_page(&dst_sg, dst_page, size, dst_offset); + sg_set_page(&src_sg, src_page, size, offset); + sg_set_page(&dst_sg, dst_page, size, offset); return encrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv); } @@ -744,9 +736,8 @@ ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, * ecryptfs_decrypt_page_offset * @crypt_stat: The cryptographic context * @dst_page: The page to decrypt into - * @dst_offset: The offset in the page to decrypt into * @src_page: The page to decrypt from - * @src_offset: The offset in the page to decrypt from + * @offset: The byte offset into the dst_page and src_page * @size: The number of bytes to decrypt * @iv: The initialization vector to use for the decryption * @@ -754,17 +745,16 @@ ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, */ static int ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, int dst_offset, - struct page *src_page, int src_offset, int size, - unsigned char *iv) + struct page *dst_page, struct page *src_page, + int offset, int size, unsigned char *iv) { struct scatterlist src_sg, dst_sg; sg_init_table(&src_sg, 1); - sg_set_page(&src_sg, src_page, size, src_offset); + sg_set_page(&src_sg, src_page, size, offset); sg_init_table(&dst_sg, 1); - sg_set_page(&dst_sg, dst_page, size, dst_offset); + sg_set_page(&dst_sg, dst_page, size, offset); return decrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv); } -- cgit v1.2.3 From 9c6043f41222b448a314b0b8370f33b579f777ea Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Sat, 6 Apr 2013 00:41:48 -0700 Subject: eCryptfs: Decrypt pages in-place When reading in a page, eCryptfs would allocate a helper page, fill it with encrypted data from the lower filesytem, and then decrypt the data from the encrypted page and store the result in the eCryptfs page cache page. The crypto API supports in-place crypto operations which means that the allocation of the helper page is unnecessary when decrypting. This patch gets rid of the unneeded page allocation by reading encrypted data from the lower filesystem directly into the page cache page. The page cache page is then decrypted in-place. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index ec640ebcdea8..35b409bda841 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -586,8 +586,7 @@ int ecryptfs_decrypt_page(struct page *page) { struct inode *ecryptfs_inode; struct ecryptfs_crypt_stat *crypt_stat; - char *enc_extent_virt; - struct page *enc_extent_page = NULL; + char *page_virt; unsigned long extent_offset; loff_t lower_offset; int rc = 0; @@ -596,19 +595,12 @@ int ecryptfs_decrypt_page(struct page *page) crypt_stat = &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); - enc_extent_page = alloc_page(GFP_USER); - if (!enc_extent_page) { - rc = -ENOMEM; - ecryptfs_printk(KERN_ERR, "Error allocating memory for " - "encrypted extent\n"); - goto out; - } lower_offset = lower_offset_for_page(crypt_stat, page); - enc_extent_virt = kmap(enc_extent_page); - rc = ecryptfs_read_lower(enc_extent_virt, lower_offset, PAGE_CACHE_SIZE, + page_virt = kmap(page); + rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_CACHE_SIZE, ecryptfs_inode); - kunmap(enc_extent_page); + kunmap(page); if (rc < 0) { ecryptfs_printk(KERN_ERR, "Error attempting to read lower page; rc = [%d]\n", @@ -619,7 +611,7 @@ int ecryptfs_decrypt_page(struct page *page) for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page, + rc = ecryptfs_decrypt_extent(page, crypt_stat, page, extent_offset); if (rc) { printk(KERN_ERR "%s: Error encrypting extent; " @@ -628,9 +620,6 @@ int ecryptfs_decrypt_page(struct page *page) } } out: - if (enc_extent_page) { - __free_page(enc_extent_page); - } return rc; } -- cgit v1.2.3 From 00a699400a707953368e970b37bb8765fdb08015 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Fri, 5 Apr 2013 23:26:22 -0700 Subject: eCryptfs: Combine encrypt_scatterlist() and decrypt_scatterlist() These two functions are identical except for a debug printk and whether they call crypto_ablkcipher_encrypt() or crypto_ablkcipher_decrypt(), so they can be safely merged if the caller can indicate if encryption or decryption should occur. The debug printk is useless so it is removed. Two new #define's are created to indicate if an ENCRYPT or DECRYPT operation is desired. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 106 ++++++++++----------------------------------------- 1 file changed, 20 insertions(+), 86 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 35b409bda841..fb54a0182f2e 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -37,6 +37,9 @@ #include #include "ecryptfs_kernel.h" +#define DECRYPT 0 +#define ENCRYPT 1 + static int ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, struct page *dst_page, struct page *src_page, @@ -334,19 +337,20 @@ static void extent_crypt_complete(struct crypto_async_request *req, int rc) } /** - * encrypt_scatterlist + * crypt_scatterlist * @crypt_stat: Pointer to the crypt_stat struct to initialize. - * @dest_sg: Destination of encrypted data - * @src_sg: Data to be encrypted - * @size: Length of data to be encrypted - * @iv: iv to use during encryption + * @dest_sg: Destination of the data after performing the crypto operation + * @src_sg: Data to be encrypted or decrypted + * @size: Length of data + * @iv: IV to use + * @op: ENCRYPT or DECRYPT to indicate the desired operation * - * Returns the number of bytes encrypted; negative value on error + * Returns the number of bytes encrypted or decrypted; negative value on error */ -static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, - struct scatterlist *dest_sg, - struct scatterlist *src_sg, int size, - unsigned char *iv) +static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, + struct scatterlist *dest_sg, + struct scatterlist *src_sg, int size, + unsigned char *iv, int op) { struct ablkcipher_request *req = NULL; struct extent_crypt_result ecr; @@ -389,9 +393,9 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, crypt_stat->flags |= ECRYPTFS_KEY_SET; } mutex_unlock(&crypt_stat->cs_tfm_mutex); - ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); ablkcipher_request_set_crypt(req, src_sg, dest_sg, size, iv); - rc = crypto_ablkcipher_encrypt(req); + rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : + crypto_ablkcipher_decrypt(req); if (rc == -EINPROGRESS || rc == -EBUSY) { struct extent_crypt_result *ecr = req->base.data; @@ -623,78 +627,6 @@ out: return rc; } -/** - * decrypt_scatterlist - * @crypt_stat: Cryptographic context - * @dest_sg: The destination scatterlist to decrypt into - * @src_sg: The source scatterlist to decrypt from - * @size: The number of bytes to decrypt - * @iv: The initialization vector to use for the decryption - * - * Returns the number of bytes decrypted; negative value on error - */ -static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, - struct scatterlist *dest_sg, - struct scatterlist *src_sg, int size, - unsigned char *iv) -{ - struct ablkcipher_request *req = NULL; - struct extent_crypt_result ecr; - int rc = 0; - - BUG_ON(!crypt_stat || !crypt_stat->tfm - || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)); - if (unlikely(ecryptfs_verbosity > 0)) { - ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n", - crypt_stat->key_size); - ecryptfs_dump_hex(crypt_stat->key, - crypt_stat->key_size); - } - - init_completion(&ecr.completion); - - mutex_lock(&crypt_stat->cs_tfm_mutex); - req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS); - if (!req) { - mutex_unlock(&crypt_stat->cs_tfm_mutex); - rc = -ENOMEM; - goto out; - } - - ablkcipher_request_set_callback(req, - CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, - extent_crypt_complete, &ecr); - /* Consider doing this once, when the file is opened */ - if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { - rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key, - crypt_stat->key_size); - if (rc) { - ecryptfs_printk(KERN_ERR, - "Error setting key; rc = [%d]\n", - rc); - mutex_unlock(&crypt_stat->cs_tfm_mutex); - rc = -EINVAL; - goto out; - } - crypt_stat->flags |= ECRYPTFS_KEY_SET; - } - mutex_unlock(&crypt_stat->cs_tfm_mutex); - ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); - ablkcipher_request_set_crypt(req, src_sg, dest_sg, size, iv); - rc = crypto_ablkcipher_decrypt(req); - if (rc == -EINPROGRESS || rc == -EBUSY) { - struct extent_crypt_result *ecr = req->base.data; - - wait_for_completion(&ecr->completion); - rc = ecr->rc; - INIT_COMPLETION(ecr->completion); - } -out: - ablkcipher_request_free(req); - return rc; - -} - /** * ecryptfs_encrypt_page_offset * @crypt_stat: The cryptographic context @@ -718,7 +650,8 @@ ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, sg_set_page(&src_sg, src_page, size, offset); sg_set_page(&dst_sg, dst_page, size, offset); - return encrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv); + return crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, + size, iv, ENCRYPT); } /** @@ -745,7 +678,8 @@ ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, sg_init_table(&dst_sg, 1); sg_set_page(&dst_sg, dst_page, size, offset); - return decrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv); + return crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, + size, iv, DECRYPT); } #define ECRYPTFS_MAX_SCATTERLIST_LEN 4 -- cgit v1.2.3 From a8ca90e2071edb3d3f3272ae73d73411f0b70b54 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Fri, 5 Apr 2013 23:37:51 -0700 Subject: eCryptfs: Combine page_offset crypto functions Combine ecryptfs_encrypt_page_offset() and ecryptfs_decrypt_page_offset(). These two functions are functionally identical so they can be safely merged if the caller can indicate whether an encryption or decryption operation should occur. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 69 ++++++++++++++-------------------------------------- 1 file changed, 18 insertions(+), 51 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index fb54a0182f2e..609efc01d5c2 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -40,14 +40,9 @@ #define DECRYPT 0 #define ENCRYPT 1 -static int -ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, struct page *src_page, - int offset, int size, unsigned char *iv); -static int -ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, +static int crypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, struct page *dst_page, struct page *src_page, - int offset, int size, unsigned char *iv); + int offset, int size, unsigned char *iv, int op); /** * ecryptfs_to_hex @@ -452,9 +447,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, page, - extent_offset * crypt_stat->extent_size, - crypt_stat->extent_size, extent_iv); + rc = crypt_page_offset(crypt_stat, enc_extent_page, page, + (extent_offset * crypt_stat->extent_size), + crypt_stat->extent_size, extent_iv, ENCRYPT); if (rc < 0) { printk(KERN_ERR "%s: Error attempting to encrypt page with " "page->index = [%ld], extent_offset = [%ld]; " @@ -555,9 +550,9 @@ static int ecryptfs_decrypt_extent(struct page *page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = ecryptfs_decrypt_page_offset(crypt_stat, page, enc_extent_page, - extent_offset * crypt_stat->extent_size, - crypt_stat->extent_size, extent_iv); + rc = crypt_page_offset(crypt_stat, page, enc_extent_page, + (extent_offset * crypt_stat->extent_size), + crypt_stat->extent_size, extent_iv, DECRYPT); if (rc < 0) { printk(KERN_ERR "%s: Error attempting to decrypt to page with " "page->index = [%ld], extent_offset = [%ld]; " @@ -628,20 +623,20 @@ out: } /** - * ecryptfs_encrypt_page_offset + * crypt_page_offset * @crypt_stat: The cryptographic context - * @dst_page: The page to encrypt into - * @src_page: The page to encrypt from + * @dst_page: The page to write the result into + * @src_page: The page to read from * @offset: The byte offset into the dst_page and src_page - * @size: The number of bytes to encrypt - * @iv: The initialization vector to use for the encryption + * @size: The number of bytes of data + * @iv: The initialization vector to use for the crypto operation + * @op: ENCRYPT or DECRYPT to indicate the desired operation * - * Returns the number of bytes encrypted + * Returns the number of bytes encrypted or decrypted */ -static int -ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, +static int crypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, struct page *dst_page, struct page *src_page, - int offset, int size, unsigned char *iv) + int offset, int size, unsigned char *iv, int op) { struct scatterlist src_sg, dst_sg; @@ -650,36 +645,8 @@ ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, sg_set_page(&src_sg, src_page, size, offset); sg_set_page(&dst_sg, dst_page, size, offset); - return crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, - size, iv, ENCRYPT); -} - -/** - * ecryptfs_decrypt_page_offset - * @crypt_stat: The cryptographic context - * @dst_page: The page to decrypt into - * @src_page: The page to decrypt from - * @offset: The byte offset into the dst_page and src_page - * @size: The number of bytes to decrypt - * @iv: The initialization vector to use for the decryption - * - * Returns the number of bytes decrypted - */ -static int -ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, struct page *src_page, - int offset, int size, unsigned char *iv) -{ - struct scatterlist src_sg, dst_sg; - - sg_init_table(&src_sg, 1); - sg_set_page(&src_sg, src_page, size, offset); - - sg_init_table(&dst_sg, 1); - sg_set_page(&dst_sg, dst_page, size, offset); - return crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, - size, iv, DECRYPT); + return crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv, op); } #define ECRYPTFS_MAX_SCATTERLIST_LEN 4 -- cgit v1.2.3 From d78de618962d1e9d28c602e3c75991fe9c94e961 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Sat, 6 Apr 2013 00:08:48 -0700 Subject: eCryptfs: Merge ecryptfs_encrypt_extent() and ecryptfs_decrypt_extent() They are identical except if the src_page or dst_page index is used, so they can be merged safely if page_index is conditionally assigned. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 74 ++++++++++++++-------------------------------------- 1 file changed, 20 insertions(+), 54 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 609efc01d5c2..9845d2fd2506 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -416,28 +416,29 @@ static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, } /** - * ecryptfs_encrypt_extent - * @enc_extent_page: Allocated page into which to encrypt the data in - * @page + * crypt_extent + * @dst_page: The page to write the result into * @crypt_stat: crypt_stat containing cryptographic context for the * encryption operation - * @page: Page containing plaintext data extent to encrypt + * @src_page: The page to read from * @extent_offset: Page extent offset for use in generating IV + * @op: ENCRYPT or DECRYPT to indicate the desired operation * - * Encrypts one extent of data. + * Encrypts or decrypts one extent of data. * * Return zero on success; non-zero otherwise */ -static int ecryptfs_encrypt_extent(struct page *enc_extent_page, - struct ecryptfs_crypt_stat *crypt_stat, - struct page *page, - unsigned long extent_offset) +static int crypt_extent(struct page *dst_page, + struct ecryptfs_crypt_stat *crypt_stat, + struct page *src_page, + unsigned long extent_offset, int op) { + pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index; loff_t extent_base; char extent_iv[ECRYPTFS_MAX_IV_BYTES]; int rc; - extent_base = (((loff_t)page->index) + extent_base = (((loff_t)page_index) * (PAGE_CACHE_SIZE / crypt_stat->extent_size)); rc = ecryptfs_derive_iv(extent_iv, crypt_stat, (extent_base + extent_offset)); @@ -447,14 +448,13 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = crypt_page_offset(crypt_stat, enc_extent_page, page, + rc = crypt_page_offset(crypt_stat, dst_page, src_page, (extent_offset * crypt_stat->extent_size), - crypt_stat->extent_size, extent_iv, ENCRYPT); + crypt_stat->extent_size, extent_iv, op); if (rc < 0) { - printk(KERN_ERR "%s: Error attempting to encrypt page with " - "page->index = [%ld], extent_offset = [%ld]; " - "rc = [%d]\n", __func__, page->index, extent_offset, - rc); + printk(KERN_ERR "%s: Error attempting to crypt page with " + "page_index = [%ld], extent_offset = [%ld]; " + "rc = [%d]\n", __func__, page_index, extent_offset, rc); goto out; } rc = 0; @@ -503,8 +503,8 @@ int ecryptfs_encrypt_page(struct page *page) for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page, - extent_offset); + rc = crypt_extent(enc_extent_page, crypt_stat, page, + extent_offset, ENCRYPT); if (rc) { printk(KERN_ERR "%s: Error encrypting extent; " "rc = [%d]\n", __func__, rc); @@ -531,40 +531,6 @@ out: return rc; } -static int ecryptfs_decrypt_extent(struct page *page, - struct ecryptfs_crypt_stat *crypt_stat, - struct page *enc_extent_page, - unsigned long extent_offset) -{ - loff_t extent_base; - char extent_iv[ECRYPTFS_MAX_IV_BYTES]; - int rc; - - extent_base = (((loff_t)page->index) - * (PAGE_CACHE_SIZE / crypt_stat->extent_size)); - rc = ecryptfs_derive_iv(extent_iv, crypt_stat, - (extent_base + extent_offset)); - if (rc) { - ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for " - "extent [0x%.16llx]; rc = [%d]\n", - (unsigned long long)(extent_base + extent_offset), rc); - goto out; - } - rc = crypt_page_offset(crypt_stat, page, enc_extent_page, - (extent_offset * crypt_stat->extent_size), - crypt_stat->extent_size, extent_iv, DECRYPT); - if (rc < 0) { - printk(KERN_ERR "%s: Error attempting to decrypt to page with " - "page->index = [%ld], extent_offset = [%ld]; " - "rc = [%d]\n", __func__, page->index, extent_offset, - rc); - goto out; - } - rc = 0; -out: - return rc; -} - /** * ecryptfs_decrypt_page * @page: Page mapped from the eCryptfs inode for the file; data read @@ -610,8 +576,8 @@ int ecryptfs_decrypt_page(struct page *page) for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - rc = ecryptfs_decrypt_extent(page, crypt_stat, page, - extent_offset); + rc = crypt_extent(page, crypt_stat, page, + extent_offset, DECRYPT); if (rc) { printk(KERN_ERR "%s: Error encrypting extent; " "rc = [%d]\n", __func__, rc); -- cgit v1.2.3 From 406c93df09ae7a345b510cf6619f881b42a3d553 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Mon, 15 Apr 2013 17:49:31 -0700 Subject: eCryptfs: Collapse crypt_page_offset() into crypt_extent() crypt_page_offset() simply initialized the two scatterlists and called crypt_scatterlist() so it is simple enough to move into the only function that calls it. Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 50 ++++++++++++++------------------------------------ 1 file changed, 14 insertions(+), 36 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 9845d2fd2506..9947388ccd8d 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -40,10 +40,6 @@ #define DECRYPT 0 #define ENCRYPT 1 -static int crypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, struct page *src_page, - int offset, int size, unsigned char *iv, int op); - /** * ecryptfs_to_hex * @dst: Buffer to take hex character representation of contents of @@ -436,10 +432,11 @@ static int crypt_extent(struct page *dst_page, pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index; loff_t extent_base; char extent_iv[ECRYPTFS_MAX_IV_BYTES]; + struct scatterlist src_sg, dst_sg; + size_t extent_size = crypt_stat->extent_size; int rc; - extent_base = (((loff_t)page_index) - * (PAGE_CACHE_SIZE / crypt_stat->extent_size)); + extent_base = (((loff_t)page_index) * (PAGE_CACHE_SIZE / extent_size)); rc = ecryptfs_derive_iv(extent_iv, crypt_stat, (extent_base + extent_offset)); if (rc) { @@ -448,9 +445,17 @@ static int crypt_extent(struct page *dst_page, (unsigned long long)(extent_base + extent_offset), rc); goto out; } - rc = crypt_page_offset(crypt_stat, dst_page, src_page, - (extent_offset * crypt_stat->extent_size), - crypt_stat->extent_size, extent_iv, op); + + sg_init_table(&src_sg, 1); + sg_init_table(&dst_sg, 1); + + sg_set_page(&src_sg, src_page, extent_size, + extent_offset * extent_size); + sg_set_page(&dst_sg, dst_page, extent_size, + extent_offset * extent_size); + + rc = crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, extent_size, + extent_iv, op); if (rc < 0) { printk(KERN_ERR "%s: Error attempting to crypt page with " "page_index = [%ld], extent_offset = [%ld]; " @@ -588,33 +593,6 @@ out: return rc; } -/** - * crypt_page_offset - * @crypt_stat: The cryptographic context - * @dst_page: The page to write the result into - * @src_page: The page to read from - * @offset: The byte offset into the dst_page and src_page - * @size: The number of bytes of data - * @iv: The initialization vector to use for the crypto operation - * @op: ENCRYPT or DECRYPT to indicate the desired operation - * - * Returns the number of bytes encrypted or decrypted - */ -static int crypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, - struct page *dst_page, struct page *src_page, - int offset, int size, unsigned char *iv, int op) -{ - struct scatterlist src_sg, dst_sg; - - sg_init_table(&src_sg, 1); - sg_init_table(&dst_sg, 1); - - sg_set_page(&src_sg, src_page, size, offset); - sg_set_page(&dst_sg, dst_page, size, offset); - - return crypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv, op); -} - #define ECRYPTFS_MAX_SCATTERLIST_LEN 4 /** -- cgit v1.2.3 From 0df5ed65c14e2c36ed842fcff58118662009f1a1 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Thu, 23 May 2013 12:08:40 -0700 Subject: eCryptfs: Make extent and scatterlist crypt function parameters similar The 'dest' abbreviation is only used in crypt_scatterlist(), while all other functions in crypto.c use 'dst' so dest_sg should be renamed to dst_sg. The crypt_stat parameter is typically the first parameter in internal eCryptfs functions so crypt_stat and dst_page should be swapped in crypt_extent(). Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'fs/ecryptfs/crypto.c') diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 9947388ccd8d..46a6f6a4a705 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -330,7 +330,7 @@ static void extent_crypt_complete(struct crypto_async_request *req, int rc) /** * crypt_scatterlist * @crypt_stat: Pointer to the crypt_stat struct to initialize. - * @dest_sg: Destination of the data after performing the crypto operation + * @dst_sg: Destination of the data after performing the crypto operation * @src_sg: Data to be encrypted or decrypted * @size: Length of data * @iv: IV to use @@ -339,7 +339,7 @@ static void extent_crypt_complete(struct crypto_async_request *req, int rc) * Returns the number of bytes encrypted or decrypted; negative value on error */ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, - struct scatterlist *dest_sg, + struct scatterlist *dst_sg, struct scatterlist *src_sg, int size, unsigned char *iv, int op) { @@ -384,7 +384,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, crypt_stat->flags |= ECRYPTFS_KEY_SET; } mutex_unlock(&crypt_stat->cs_tfm_mutex); - ablkcipher_request_set_crypt(req, src_sg, dest_sg, size, iv); + ablkcipher_request_set_crypt(req, src_sg, dst_sg, size, iv); rc = op == ENCRYPT ? crypto_ablkcipher_encrypt(req) : crypto_ablkcipher_decrypt(req); if (rc == -EINPROGRESS || rc == -EBUSY) { @@ -413,9 +413,9 @@ static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, /** * crypt_extent - * @dst_page: The page to write the result into * @crypt_stat: crypt_stat containing cryptographic context for the * encryption operation + * @dst_page: The page to write the result into * @src_page: The page to read from * @extent_offset: Page extent offset for use in generating IV * @op: ENCRYPT or DECRYPT to indicate the desired operation @@ -424,8 +424,8 @@ static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, * * Return zero on success; non-zero otherwise */ -static int crypt_extent(struct page *dst_page, - struct ecryptfs_crypt_stat *crypt_stat, +static int crypt_extent(struct ecryptfs_crypt_stat *crypt_stat, + struct page *dst_page, struct page *src_page, unsigned long extent_offset, int op) { @@ -508,7 +508,7 @@ int ecryptfs_encrypt_page(struct page *page) for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - rc = crypt_extent(enc_extent_page, crypt_stat, page, + rc = crypt_extent(crypt_stat, enc_extent_page, page, extent_offset, ENCRYPT); if (rc) { printk(KERN_ERR "%s: Error encrypting extent; " @@ -581,7 +581,7 @@ int ecryptfs_decrypt_page(struct page *page) for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { - rc = crypt_extent(page, crypt_stat, page, + rc = crypt_extent(crypt_stat, page, page, extent_offset, DECRYPT); if (rc) { printk(KERN_ERR "%s: Error encrypting extent; " -- cgit v1.2.3