| blob | 204a48d5a55ca7617070dbe95a2f07080f9b7539 |
1 ext4 crypto: adds more granular error messages to the set key path
3 From: Michael Halcrow <mhalcrow@google.com>
5 Signed-off-by: Michael Halcrow <mhalcrow@google.com>
6 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
7 ---
8 fs/ext4/crypto.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++--------
9 1 file changed, 67 insertions(+), 10 deletions(-)
11 diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
12 index 904974c..e892d68 100644
13 --- a/fs/ext4/crypto.c
14 +++ b/fs/ext4/crypto.c
15 @@ -606,11 +606,18 @@ static int ext4_get_wrapping_key_from_keyring(
16 payload = (struct encrypted_key_payload *)create_key->payload.data;
17 if (WARN_ON_ONCE(create_key->datalen !=
18 sizeof(struct ecryptfs_auth_tok))) {
19 + printk(KERN_ERR
20 + "%s: Got auth tok length [%d], expected [%ld]\n",
21 + __func__, create_key->datalen,
22 + sizeof(struct ecryptfs_auth_tok));
23 return -EINVAL;
24 }
25 auth_tok = (struct ecryptfs_auth_tok *)(&(payload)->payload_data);
26 if (WARN_ON_ONCE(!(auth_tok->token.password.flags &
27 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET))) {
28 + printk(KERN_ERR
29 + "%s: ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET not set in auth_tok->token.password.flags\n",
30 + __func__);
31 return -EINVAL;
32 }
33 BUILD_BUG_ON(EXT4_MAX_KEY_SIZE < EXT4_AES_256_XTS_KEY_SIZE);
34 @@ -742,8 +749,11 @@ static int ext4_hmac(bool derivation, const char *key, size_t key_size,
35 int res = 0;
37 BUG_ON(dst_size > SHA512_DIGEST_SIZE);
38 - if (IS_ERR(tfm))
39 + if (IS_ERR(tfm)) {
40 + printk(KERN_ERR "%s: crypto_alloc_ahash() returned [%ld]\n",
41 + __func__, PTR_ERR(tfm));
42 return PTR_ERR(tfm);
43 + }
44 req = ahash_request_alloc(tfm, GFP_NOFS);
45 if (!req) {
46 res = -ENOMEM;
47 @@ -755,8 +765,11 @@ static int ext4_hmac(bool derivation, const char *key, size_t key_size,
48 ext4_hmac_complete, &ehr);
50 res = crypto_ahash_setkey(tfm, key, key_size);
51 - if (res)
52 + if (res) {
53 + printk(KERN_ERR "%s: crypto_ahash_setkey() returned [%d]\n",
54 + __func__, res);
55 goto out;
56 + }
57 sg_init_one(&sg, src, src_size);
58 ahash_request_set_crypt(req, &sg, hmac, src_size);
59 init_completion(&ehr.completion);
60 @@ -766,13 +779,18 @@ static int ext4_hmac(bool derivation, const char *key, size_t key_size,
61 wait_for_completion(&ehr.completion);
62 res = ehr.res;
63 }
64 - if (res)
65 + if (res) {
66 + printk(KERN_ERR "%s: crypto_ahash_digest() returned [%d]\n",
67 + __func__, res);
68 goto out;
69 + }
70 memcpy(dst, hmac, dst_size);
71 out:
72 crypto_free_ahash(tfm);
73 if (req)
74 ahash_request_free(req);
75 + if (res)
76 + printk(KERN_ERR "%s: returning [%d]\n", __func__, res);
77 return res;
78 }
80 @@ -836,8 +854,11 @@ static int ext4_crypt_wrapper_virt(const char *enc_key, const char *iv,
81 int res = 0;
83 desc.tfm = crypto_alloc_blkcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
84 - if (IS_ERR(desc.tfm))
85 + if (IS_ERR(desc.tfm)) {
86 + printk(KERN_ERR "%s: crypto_alloc_blkcipher() returned [%ld]\n",
87 + __func__, PTR_ERR(desc.tfm));
88 return PTR_ERR(desc.tfm);
89 + }
90 if (!desc.tfm)
91 return -ENOMEM;
92 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY);
93 @@ -846,12 +867,21 @@ static int ext4_crypt_wrapper_virt(const char *enc_key, const char *iv,
94 crypto_blkcipher_set_iv(desc.tfm, iv, EXT4_WRAPPING_IV_SIZE);
95 res = crypto_blkcipher_setkey(desc.tfm, enc_key,
96 EXT4_AES_256_CTR_KEY_SIZE);
97 - if (res)
98 + if (res) {
99 + printk(KERN_ERR
100 + "%s: crypto_blkcipher_setkey() returned [%d]\n",
101 + __func__, res);
102 goto out;
103 + }
104 if (enc)
105 res = crypto_blkcipher_encrypt(&desc, &dst, &src, size);
106 else
107 res = crypto_blkcipher_decrypt(&desc, &dst, &src, size);
108 + if (res) {
109 + printk(KERN_ERR
110 + "%s: crypto_blkcipher_*crypt() returned [%d]\n",
111 + __func__, res);
112 + }
113 out:
114 crypto_free_blkcipher(desc.tfm);
115 return res;
116 @@ -988,8 +1018,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
117 return 0;
118 }
119 res = ext4_get_wrapping_key(wrapping_key, packet->sig, inode);
120 - if (res)
121 + if (res) {
122 + ext4_error(inode->i_sb,
123 + "%s: ext4_get_wrapping_key() with packet->sig [%s] returned [%d]\n",
124 + __func__, packet->sig, res);
125 return res;
126 + }
127 BUG_ON(*key_packet_size != EXT4_FULL_WRAPPED_KEY_PACKET_V0_SIZE);
129 /* Size, type, nonce, and IV */
130 @@ -1005,8 +1039,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
131 packet->nonce,
132 EXT4_DERIVATION_TWEAK_NONCE_SIZE,
133 enc_key, EXT4_AES_256_CTR_KEY_SIZE);
134 - if (res)
135 + if (res) {
136 + ext4_error(inode->i_sb,
137 + "%s: ext4_hmac_derive_key() returned [%d]\n",
138 + __func__, res);
139 goto out;
140 + }
142 /* Wrap the data key with the wrapping encryption key */
143 *((uint32_t *)key_packet.mode) = htonl(key->mode);
144 @@ -1019,8 +1057,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
145 EXT4_V0_SERIALIZED_KEY_SIZE, true);
146 memset(enc_key, 0, EXT4_AES_256_CTR_KEY_SIZE);
147 memset(key_packet.raw, 0, EXT4_MAX_KEY_SIZE);
148 - if (res)
149 + if (res) {
150 + ext4_error(inode->i_sb,
151 + "%s: ext4_crypt_wrapper_virt() returned [%d]\n",
152 + __func__, res);
153 goto out;
154 + }
156 /* Calculate the HMAC over the entire packet (except, of
157 * course, the HMAC buffer at the end) */
158 @@ -1029,8 +1071,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
159 packet->nonce,
160 EXT4_DERIVATION_TWEAK_NONCE_SIZE,
161 int_key, EXT4_HMAC_KEY_SIZE);
162 - if (res)
163 + if (res) {
164 + ext4_error(inode->i_sb,
165 + "%s: ext4_hmac_derive_key() returned [%d]\n",
166 + __func__, res);
167 goto out;
168 + }
169 BUILD_BUG_ON(EXT4_FULL_WRAPPED_KEY_PACKET_V0_SIZE < EXT4_HMAC_SIZE);
170 res = ext4_hmac_integrity(int_key, EXT4_HMAC_KEY_SIZE,
171 wrapped_key_packet,
172 @@ -1041,6 +1087,8 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
173 memset(int_key, 0, EXT4_HMAC_KEY_SIZE);
174 out:
175 memset(wrapping_key, 0, EXT4_AES_256_XTS_KEY_SIZE);
176 + if (res)
177 + ext4_error(inode->i_sb, "%s: returning [%d]\n", __func__, res);
178 return res;
179 }
181 @@ -1084,8 +1132,12 @@ try_again:
182 ext4_generate_encryption_key(dentry);
183 res = ext4_wrap_key(wrapped_key_packet, &wrapped_key_packet_size,
184 &ei->i_encryption_key, inode);
185 - if (res)
186 + if (res) {
187 + ext4_error(dentry->d_inode->i_sb,
188 + "%s: ext4_wrap_key() returned [%d]\n", __func__,
189 + res);
190 goto out;
191 + }
192 root_packet[0] = EXT4_PACKET_SET_VERSION_V0;
193 BUILD_BUG_ON(EXT4_PACKET_SET_V0_MAX_SIZE !=
194 (EXT4_PACKET_HEADER_SIZE +
195 @@ -1093,6 +1145,11 @@ try_again:
196 BUG_ON(sizeof(root_packet) != root_packet_size);
197 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION_METADATA, "",
198 root_packet, root_packet_size, 0);
199 + if (res) {
200 + ext4_error(dentry->d_inode->i_sb,
201 + "%s: ext4_xattr_set() returned [%d]\n", __func__,
202 + res);
203 + }
204 out:
205 if (res) {
206 if (res == -EINTR)
207 --
208 2.1.0.rc2.206.gedb03e5