1/* 2 * linux/fs/ext4/crypto_fname.c 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * 6 * This contains functions for filename crypto management in ext4 7 * 8 * Written by Uday Savagaonkar, 2014. 9 * 10 * This has not yet undergone a rigorous security audit. 11 * 12 */ 13 14#include <crypto/hash.h> 15#include <crypto/sha.h> 16#include <keys/encrypted-type.h> 17#include <keys/user-type.h> 18#include <linux/crypto.h> 19#include <linux/gfp.h> 20#include <linux/kernel.h> 21#include <linux/key.h> 22#include <linux/key.h> 23#include <linux/list.h> 24#include <linux/mempool.h> 25#include <linux/random.h> 26#include <linux/scatterlist.h> 27#include <linux/spinlock_types.h> 28 29#include "ext4.h" 30#include "ext4_crypto.h" 31#include "xattr.h" 32 33/** 34 * ext4_dir_crypt_complete() - 35 */ 36static void ext4_dir_crypt_complete(struct crypto_async_request *req, int res) 37{ 38 struct ext4_completion_result *ecr = req->data; 39 40 if (res == -EINPROGRESS) 41 return; 42 ecr->res = res; 43 complete(&ecr->completion); 44} 45 46bool ext4_valid_filenames_enc_mode(uint32_t mode) 47{ 48 return (mode == EXT4_ENCRYPTION_MODE_AES_256_CTS); 49} 50 51/** 52 * ext4_fname_encrypt() - 53 * 54 * This function encrypts the input filename, and returns the length of the 55 * ciphertext. Errors are returned as negative numbers. We trust the caller to 56 * allocate sufficient memory to oname string. 57 */ 58static int ext4_fname_encrypt(struct ext4_fname_crypto_ctx *ctx, 59 const struct qstr *iname, 60 struct ext4_str *oname) 61{ 62 u32 ciphertext_len; 63 struct ablkcipher_request *req = NULL; 64 DECLARE_EXT4_COMPLETION_RESULT(ecr); 65 struct crypto_ablkcipher *tfm = ctx->ctfm; 66 int res = 0; 67 char iv[EXT4_CRYPTO_BLOCK_SIZE]; 68 struct scatterlist sg[1]; 69 int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK); 70 char *workbuf; 71 72 if (iname->len <= 0 || iname->len > ctx->lim) 73 return -EIO; 74 75 ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ? 76 EXT4_CRYPTO_BLOCK_SIZE : iname->len; 77 ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding); 78 ciphertext_len = (ciphertext_len > ctx->lim) 79 ? ctx->lim : ciphertext_len; 80 81 /* Allocate request */ 82 req = ablkcipher_request_alloc(tfm, GFP_NOFS); 83 if (!req) { 84 printk_ratelimited( 85 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__); 86 return -ENOMEM; 87 } 88 ablkcipher_request_set_callback(req, 89 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 90 ext4_dir_crypt_complete, &ecr); 91 92 /* Map the workpage */ 93 workbuf = kmap(ctx->workpage); 94 95 /* Copy the input */ 96 memcpy(workbuf, iname->name, iname->len); 97 if (iname->len < ciphertext_len) 98 memset(workbuf + iname->len, 0, ciphertext_len - iname->len); 99 100 /* Initialize IV */ 101 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE); 102 103 /* Create encryption request */ 104 sg_init_table(sg, 1); 105 sg_set_page(sg, ctx->workpage, PAGE_SIZE, 0); 106 ablkcipher_request_set_crypt(req, sg, sg, ciphertext_len, iv); 107 res = crypto_ablkcipher_encrypt(req); 108 if (res == -EINPROGRESS || res == -EBUSY) { 109 BUG_ON(req->base.data != &ecr); 110 wait_for_completion(&ecr.completion); 111 res = ecr.res; 112 } 113 if (res >= 0) { 114 /* Copy the result to output */ 115 memcpy(oname->name, workbuf, ciphertext_len); 116 res = ciphertext_len; 117 } 118 kunmap(ctx->workpage); 119 ablkcipher_request_free(req); 120 if (res < 0) { 121 printk_ratelimited( 122 KERN_ERR "%s: Error (error code %d)\n", __func__, res); 123 } 124 oname->len = ciphertext_len; 125 return res; 126} 127 128/* 129 * ext4_fname_decrypt() 130 * This function decrypts the input filename, and returns 131 * the length of the plaintext. 132 * Errors are returned as negative numbers. 133 * We trust the caller to allocate sufficient memory to oname string. 134 */ 135static int ext4_fname_decrypt(struct ext4_fname_crypto_ctx *ctx, 136 const struct ext4_str *iname, 137 struct ext4_str *oname) 138{ 139 struct ext4_str tmp_in[2], tmp_out[1]; 140 struct ablkcipher_request *req = NULL; 141 DECLARE_EXT4_COMPLETION_RESULT(ecr); 142 struct scatterlist sg[1]; 143 struct crypto_ablkcipher *tfm = ctx->ctfm; 144 int res = 0; 145 char iv[EXT4_CRYPTO_BLOCK_SIZE]; 146 char *workbuf; 147 148 if (iname->len <= 0 || iname->len > ctx->lim) 149 return -EIO; 150 151 tmp_in[0].name = iname->name; 152 tmp_in[0].len = iname->len; 153 tmp_out[0].name = oname->name; 154 155 /* Allocate request */ 156 req = ablkcipher_request_alloc(tfm, GFP_NOFS); 157 if (!req) { 158 printk_ratelimited( 159 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__); 160 return -ENOMEM; 161 } 162 ablkcipher_request_set_callback(req, 163 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 164 ext4_dir_crypt_complete, &ecr); 165 166 /* Map the workpage */ 167 workbuf = kmap(ctx->workpage); 168 169 /* Copy the input */ 170 memcpy(workbuf, iname->name, iname->len); 171 172 /* Initialize IV */ 173 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE); 174 175 /* Create encryption request */ 176 sg_init_table(sg, 1); 177 sg_set_page(sg, ctx->workpage, PAGE_SIZE, 0); 178 ablkcipher_request_set_crypt(req, sg, sg, iname->len, iv); 179 res = crypto_ablkcipher_decrypt(req); 180 if (res == -EINPROGRESS || res == -EBUSY) { 181 BUG_ON(req->base.data != &ecr); 182 wait_for_completion(&ecr.completion); 183 res = ecr.res; 184 } 185 if (res >= 0) { 186 /* Copy the result to output */ 187 memcpy(oname->name, workbuf, iname->len); 188 res = iname->len; 189 } 190 kunmap(ctx->workpage); 191 ablkcipher_request_free(req); 192 if (res < 0) { 193 printk_ratelimited( 194 KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n", 195 __func__, res); 196 return res; 197 } 198 199 oname->len = strnlen(oname->name, iname->len); 200 return oname->len; 201} 202 203static const char *lookup_table = 204 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; 205 206/** 207 * ext4_fname_encode_digest() - 208 * 209 * Encodes the input digest using characters from the set [a-zA-Z0-9_+]. 210 * The encoded string is roughly 4/3 times the size of the input string. 211 */ 212static int digest_encode(const char *src, int len, char *dst) 213{ 214 int i = 0, bits = 0, ac = 0; 215 char *cp = dst; 216 217 while (i < len) { 218 ac += (((unsigned char) src[i]) << bits); 219 bits += 8; 220 do { 221 *cp++ = lookup_table[ac & 0x3f]; 222 ac >>= 6; 223 bits -= 6; 224 } while (bits >= 6); 225 i++; 226 } 227 if (bits) 228 *cp++ = lookup_table[ac & 0x3f]; 229 return cp - dst; 230} 231 232static int digest_decode(const char *src, int len, char *dst) 233{ 234 int i = 0, bits = 0, ac = 0; 235 const char *p; 236 char *cp = dst; 237 238 while (i < len) { 239 p = strchr(lookup_table, src[i]); 240 if (p == NULL || src[i] == 0) 241 return -2; 242 ac += (p - lookup_table) << bits; 243 bits += 6; 244 if (bits >= 8) { 245 *cp++ = ac & 0xff; 246 ac >>= 8; 247 bits -= 8; 248 } 249 i++; 250 } 251 if (ac) 252 return -1; 253 return cp - dst; 254} 255 256/** 257 * ext4_free_fname_crypto_ctx() - 258 * 259 * Frees up a crypto context. 260 */ 261void ext4_free_fname_crypto_ctx(struct ext4_fname_crypto_ctx *ctx) 262{ 263 if (ctx == NULL || IS_ERR(ctx)) 264 return; 265 266 if (ctx->ctfm && !IS_ERR(ctx->ctfm)) 267 crypto_free_ablkcipher(ctx->ctfm); 268 if (ctx->htfm && !IS_ERR(ctx->htfm)) 269 crypto_free_hash(ctx->htfm); 270 if (ctx->workpage && !IS_ERR(ctx->workpage)) 271 __free_page(ctx->workpage); 272 kfree(ctx); 273} 274 275/** 276 * ext4_put_fname_crypto_ctx() - 277 * 278 * Return: The crypto context onto free list. If the free list is above a 279 * threshold, completely frees up the context, and returns the memory. 280 * 281 * TODO: Currently we directly free the crypto context. Eventually we should 282 * add code it to return to free list. Such an approach will increase 283 * efficiency of directory lookup. 284 */ 285void ext4_put_fname_crypto_ctx(struct ext4_fname_crypto_ctx **ctx) 286{ 287 if (*ctx == NULL || IS_ERR(*ctx)) 288 return; 289 ext4_free_fname_crypto_ctx(*ctx); 290 *ctx = NULL; 291} 292 293/** 294 * ext4_search_fname_crypto_ctx() - 295 */ 296static struct ext4_fname_crypto_ctx *ext4_search_fname_crypto_ctx( 297 const struct ext4_encryption_key *key) 298{ 299 return NULL; 300} 301 302/** 303 * ext4_alloc_fname_crypto_ctx() - 304 */ 305struct ext4_fname_crypto_ctx *ext4_alloc_fname_crypto_ctx( 306 const struct ext4_encryption_key *key) 307{ 308 struct ext4_fname_crypto_ctx *ctx; 309 310 ctx = kmalloc(sizeof(struct ext4_fname_crypto_ctx), GFP_NOFS); 311 if (ctx == NULL) 312 return ERR_PTR(-ENOMEM); 313 if (key->mode == EXT4_ENCRYPTION_MODE_INVALID) { 314 /* This will automatically set key mode to invalid 315 * As enum for ENCRYPTION_MODE_INVALID is zero */ 316 memset(&ctx->key, 0, sizeof(ctx->key)); 317 } else { 318 memcpy(&ctx->key, key, sizeof(struct ext4_encryption_key)); 319 } 320 ctx->has_valid_key = (EXT4_ENCRYPTION_MODE_INVALID == key->mode) 321 ? 0 : 1; 322 ctx->ctfm_key_is_ready = 0; 323 ctx->ctfm = NULL; 324 ctx->htfm = NULL; 325 ctx->workpage = NULL; 326 return ctx; 327} 328 329/** 330 * ext4_get_fname_crypto_ctx() - 331 * 332 * Allocates a free crypto context and initializes it to hold 333 * the crypto material for the inode. 334 * 335 * Return: NULL if not encrypted. Error value on error. Valid pointer otherwise. 336 */ 337struct ext4_fname_crypto_ctx *ext4_get_fname_crypto_ctx( 338 struct inode *inode, u32 max_ciphertext_len) 339{ 340 struct ext4_fname_crypto_ctx *ctx; 341 struct ext4_inode_info *ei = EXT4_I(inode); 342 int res; 343 344 /* Check if the crypto policy is set on the inode */ 345 res = ext4_encrypted_inode(inode); 346 if (res == 0) 347 return NULL; 348 349 if (!ext4_has_encryption_key(inode)) 350 ext4_generate_encryption_key(inode); 351 352 /* Get a crypto context based on the key. 353 * A new context is allocated if no context matches the requested key. 354 */ 355 ctx = ext4_search_fname_crypto_ctx(&(ei->i_encryption_key)); 356 if (ctx == NULL) 357 ctx = ext4_alloc_fname_crypto_ctx(&(ei->i_encryption_key)); 358 if (IS_ERR(ctx)) 359 return ctx; 360 361 ctx->flags = ei->i_crypt_policy_flags; 362 if (ctx->has_valid_key) { 363 if (ctx->key.mode != EXT4_ENCRYPTION_MODE_AES_256_CTS) { 364 printk_once(KERN_WARNING 365 "ext4: unsupported key mode %d\n", 366 ctx->key.mode); 367 return ERR_PTR(-ENOKEY); 368 } 369 370 /* As a first cut, we will allocate new tfm in every call. 371 * later, we will keep the tfm around, in case the key gets 372 * re-used */ 373 if (ctx->ctfm == NULL) { 374 ctx->ctfm = crypto_alloc_ablkcipher("cts(cbc(aes))", 375 0, 0); 376 } 377 if (IS_ERR(ctx->ctfm)) { 378 res = PTR_ERR(ctx->ctfm); 379 printk( 380 KERN_DEBUG "%s: error (%d) allocating crypto tfm\n", 381 __func__, res); 382 ctx->ctfm = NULL; 383 ext4_put_fname_crypto_ctx(&ctx); 384 return ERR_PTR(res); 385 } 386 if (ctx->ctfm == NULL) { 387 printk( 388 KERN_DEBUG "%s: could not allocate crypto tfm\n", 389 __func__); 390 ext4_put_fname_crypto_ctx(&ctx); 391 return ERR_PTR(-ENOMEM); 392 } 393 if (ctx->workpage == NULL) 394 ctx->workpage = alloc_page(GFP_NOFS); 395 if (IS_ERR(ctx->workpage)) { 396 res = PTR_ERR(ctx->workpage); 397 printk( 398 KERN_DEBUG "%s: error (%d) allocating work page\n", 399 __func__, res); 400 ctx->workpage = NULL; 401 ext4_put_fname_crypto_ctx(&ctx); 402 return ERR_PTR(res); 403 } 404 if (ctx->workpage == NULL) { 405 printk( 406 KERN_DEBUG "%s: could not allocate work page\n", 407 __func__); 408 ext4_put_fname_crypto_ctx(&ctx); 409 return ERR_PTR(-ENOMEM); 410 } 411 ctx->lim = max_ciphertext_len; 412 crypto_ablkcipher_clear_flags(ctx->ctfm, ~0); 413 crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctx->ctfm), 414 CRYPTO_TFM_REQ_WEAK_KEY); 415 416 /* If we are lucky, we will get a context that is already 417 * set up with the right key. Else, we will have to 418 * set the key */ 419 if (!ctx->ctfm_key_is_ready) { 420 /* Since our crypto objectives for filename encryption 421 * are pretty weak, 422 * we directly use the inode master key */ 423 res = crypto_ablkcipher_setkey(ctx->ctfm, 424 ctx->key.raw, ctx->key.size); 425 if (res) { 426 ext4_put_fname_crypto_ctx(&ctx); 427 return ERR_PTR(-EIO); 428 } 429 ctx->ctfm_key_is_ready = 1; 430 } else { 431 /* In the current implementation, key should never be 432 * marked "ready" for a context that has just been 433 * allocated. So we should never reach here */ 434 BUG(); 435 } 436 } 437 if (ctx->htfm == NULL) 438 ctx->htfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); 439 if (IS_ERR(ctx->htfm)) { 440 res = PTR_ERR(ctx->htfm); 441 printk(KERN_DEBUG "%s: error (%d) allocating hash tfm\n", 442 __func__, res); 443 ctx->htfm = NULL; 444 ext4_put_fname_crypto_ctx(&ctx); 445 return ERR_PTR(res); 446 } 447 if (ctx->htfm == NULL) { 448 printk(KERN_DEBUG "%s: could not allocate hash tfm\n", 449 __func__); 450 ext4_put_fname_crypto_ctx(&ctx); 451 return ERR_PTR(-ENOMEM); 452 } 453 454 return ctx; 455} 456 457/** 458 * ext4_fname_crypto_round_up() - 459 * 460 * Return: The next multiple of block size 461 */ 462u32 ext4_fname_crypto_round_up(u32 size, u32 blksize) 463{ 464 return ((size+blksize-1)/blksize)*blksize; 465} 466 467/** 468 * ext4_fname_crypto_namelen_on_disk() - 469 */ 470int ext4_fname_crypto_namelen_on_disk(struct ext4_fname_crypto_ctx *ctx, 471 u32 namelen) 472{ 473 u32 ciphertext_len; 474 int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK); 475 476 if (ctx == NULL) 477 return -EIO; 478 if (!(ctx->has_valid_key)) 479 return -EACCES; 480 ciphertext_len = (namelen < EXT4_CRYPTO_BLOCK_SIZE) ? 481 EXT4_CRYPTO_BLOCK_SIZE : namelen; 482 ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding); 483 ciphertext_len = (ciphertext_len > ctx->lim) 484 ? ctx->lim : ciphertext_len; 485 return (int) ciphertext_len; 486} 487 488/** 489 * ext4_fname_crypto_alloc_obuff() - 490 * 491 * Allocates an output buffer that is sufficient for the crypto operation 492 * specified by the context and the direction. 493 */ 494int ext4_fname_crypto_alloc_buffer(struct ext4_fname_crypto_ctx *ctx, 495 u32 ilen, struct ext4_str *crypto_str) 496{ 497 unsigned int olen; 498 int padding = 4 << (ctx->flags & EXT4_POLICY_FLAGS_PAD_MASK); 499 500 if (!ctx) 501 return -EIO; 502 if (padding < EXT4_CRYPTO_BLOCK_SIZE) 503 padding = EXT4_CRYPTO_BLOCK_SIZE; 504 olen = ext4_fname_crypto_round_up(ilen, padding); 505 crypto_str->len = olen; 506 if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2) 507 olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2; 508 /* Allocated buffer can hold one more character to null-terminate the 509 * string */ 510 crypto_str->name = kmalloc(olen+1, GFP_NOFS); 511 if (!(crypto_str->name)) 512 return -ENOMEM; 513 return 0; 514} 515 516/** 517 * ext4_fname_crypto_free_buffer() - 518 * 519 * Frees the buffer allocated for crypto operation. 520 */ 521void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str) 522{ 523 if (!crypto_str) 524 return; 525 kfree(crypto_str->name); 526 crypto_str->name = NULL; 527} 528 529/** 530 * ext4_fname_disk_to_usr() - converts a filename from disk space to user space 531 */ 532int _ext4_fname_disk_to_usr(struct ext4_fname_crypto_ctx *ctx, 533 struct dx_hash_info *hinfo, 534 const struct ext4_str *iname, 535 struct ext4_str *oname) 536{ 537 char buf[24]; 538 int ret; 539 540 if (ctx == NULL) 541 return -EIO; 542 if (iname->len < 3) { 543 /*Check for . and .. */ 544 if (iname->name[0] == '.' && iname->name[iname->len-1] == '.') { 545 oname->name[0] = '.'; 546 oname->name[iname->len-1] = '.'; 547 oname->len = iname->len; 548 return oname->len; 549 } 550 } 551 if (ctx->has_valid_key) 552 return ext4_fname_decrypt(ctx, iname, oname); 553 554 if (iname->len <= EXT4_FNAME_CRYPTO_DIGEST_SIZE) { 555 ret = digest_encode(iname->name, iname->len, oname->name); 556 oname->len = ret; 557 return ret; 558 } 559 if (hinfo) { 560 memcpy(buf, &hinfo->hash, 4); 561 memcpy(buf+4, &hinfo->minor_hash, 4); 562 } else 563 memset(buf, 0, 8); 564 memcpy(buf + 8, iname->name + iname->len - 16, 16); 565 oname->name[0] = '_'; 566 ret = digest_encode(buf, 24, oname->name+1); 567 oname->len = ret + 1; 568 return ret + 1; 569} 570 571int ext4_fname_disk_to_usr(struct ext4_fname_crypto_ctx *ctx, 572 struct dx_hash_info *hinfo, 573 const struct ext4_dir_entry_2 *de, 574 struct ext4_str *oname) 575{ 576 struct ext4_str iname = {.name = (unsigned char *) de->name, 577 .len = de->name_len }; 578 579 return _ext4_fname_disk_to_usr(ctx, hinfo, &iname, oname); 580} 581 582 583/** 584 * ext4_fname_usr_to_disk() - converts a filename from user space to disk space 585 */ 586int ext4_fname_usr_to_disk(struct ext4_fname_crypto_ctx *ctx, 587 const struct qstr *iname, 588 struct ext4_str *oname) 589{ 590 int res; 591 592 if (ctx == NULL) 593 return -EIO; 594 if (iname->len < 3) { 595 /*Check for . and .. */ 596 if (iname->name[0] == '.' && 597 iname->name[iname->len-1] == '.') { 598 oname->name[0] = '.'; 599 oname->name[iname->len-1] = '.'; 600 oname->len = iname->len; 601 return oname->len; 602 } 603 } 604 if (ctx->has_valid_key) { 605 res = ext4_fname_encrypt(ctx, iname, oname); 606 return res; 607 } 608 /* Without a proper key, a user is not allowed to modify the filenames 609 * in a directory. Consequently, a user space name cannot be mapped to 610 * a disk-space name */ 611 return -EACCES; 612} 613 614/* 615 * Calculate the htree hash from a filename from user space 616 */ 617int ext4_fname_usr_to_hash(struct ext4_fname_crypto_ctx *ctx, 618 const struct qstr *iname, 619 struct dx_hash_info *hinfo) 620{ 621 struct ext4_str tmp; 622 int ret = 0; 623 char buf[EXT4_FNAME_CRYPTO_DIGEST_SIZE+1]; 624 625 if (!ctx || 626 ((iname->name[0] == '.') && 627 ((iname->len == 1) || 628 ((iname->name[1] == '.') && (iname->len == 2))))) { 629 ext4fs_dirhash(iname->name, iname->len, hinfo); 630 return 0; 631 } 632 633 if (!ctx->has_valid_key && iname->name[0] == '_') { 634 if (iname->len != 33) 635 return -ENOENT; 636 ret = digest_decode(iname->name+1, iname->len, buf); 637 if (ret != 24) 638 return -ENOENT; 639 memcpy(&hinfo->hash, buf, 4); 640 memcpy(&hinfo->minor_hash, buf + 4, 4); 641 return 0; 642 } 643 644 if (!ctx->has_valid_key && iname->name[0] != '_') { 645 if (iname->len > 43) 646 return -ENOENT; 647 ret = digest_decode(iname->name, iname->len, buf); 648 ext4fs_dirhash(buf, ret, hinfo); 649 return 0; 650 } 651 652 /* First encrypt the plaintext name */ 653 ret = ext4_fname_crypto_alloc_buffer(ctx, iname->len, &tmp); 654 if (ret < 0) 655 return ret; 656 657 ret = ext4_fname_encrypt(ctx, iname, &tmp); 658 if (ret >= 0) { 659 ext4fs_dirhash(tmp.name, tmp.len, hinfo); 660 ret = 0; 661 } 662 663 ext4_fname_crypto_free_buffer(&tmp); 664 return ret; 665} 666 667int ext4_fname_match(struct ext4_fname_crypto_ctx *ctx, struct ext4_str *cstr, 668 int len, const char * const name, 669 struct ext4_dir_entry_2 *de) 670{ 671 int ret = -ENOENT; 672 int bigname = (*name == '_'); 673 674 if (ctx->has_valid_key) { 675 if (cstr->name == NULL) { 676 struct qstr istr; 677 678 ret = ext4_fname_crypto_alloc_buffer(ctx, len, cstr); 679 if (ret < 0) 680 goto errout; 681 istr.name = name; 682 istr.len = len; 683 ret = ext4_fname_encrypt(ctx, &istr, cstr); 684 if (ret < 0) 685 goto errout; 686 } 687 } else { 688 if (cstr->name == NULL) { 689 cstr->name = kmalloc(32, GFP_KERNEL); 690 if (cstr->name == NULL) 691 return -ENOMEM; 692 if ((bigname && (len != 33)) || 693 (!bigname && (len > 43))) 694 goto errout; 695 ret = digest_decode(name+bigname, len-bigname, 696 cstr->name); 697 if (ret < 0) { 698 ret = -ENOENT; 699 goto errout; 700 } 701 cstr->len = ret; 702 } 703 if (bigname) { 704 if (de->name_len < 16) 705 return 0; 706 ret = memcmp(de->name + de->name_len - 16, 707 cstr->name + 8, 16); 708 return (ret == 0) ? 1 : 0; 709 } 710 } 711 if (de->name_len != cstr->len) 712 return 0; 713 ret = memcmp(de->name, cstr->name, cstr->len); 714 return (ret == 0) ? 1 : 0; 715errout: 716 kfree(cstr->name); 717 cstr->name = NULL; 718 return ret; 719} 720