1 ext4 crypto: adds more granular error messages to the set key path
3 From: Michael Halcrow <mhalcrow@google.com>
5 Signed-off-by: Michael Halcrow <mhalcrow@google.com>
6 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
8 fs/ext4/crypto.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++--------
9 1 file changed, 67 insertions(+), 10 deletions(-)
11 diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
12 index 904974c..e892d68 100644
13 --- a/fs/ext4/crypto.c
14 +++ b/fs/ext4/crypto.c
15 @@ -606,11 +606,18 @@ static int ext4_get_wrapping_key_from_keyring(
16 payload = (struct encrypted_key_payload *)create_key->payload.data;
17 if (WARN_ON_ONCE(create_key->datalen !=
18 sizeof(struct ecryptfs_auth_tok))) {
20 + "%s: Got auth tok length [%d], expected [%ld]\n",
21 + __func__, create_key->datalen,
22 + sizeof(struct ecryptfs_auth_tok));
25 auth_tok = (struct ecryptfs_auth_tok *)(&(payload)->payload_data);
26 if (WARN_ON_ONCE(!(auth_tok->token.password.flags &
27 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET))) {
29 + "%s: ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET not set in auth_tok->token.password.flags\n",
33 BUILD_BUG_ON(EXT4_MAX_KEY_SIZE < EXT4_AES_256_XTS_KEY_SIZE);
34 @@ -742,8 +749,11 @@ static int ext4_hmac(bool derivation, const char *key, size_t key_size,
37 BUG_ON(dst_size > SHA512_DIGEST_SIZE);
40 + printk(KERN_ERR "%s: crypto_alloc_ahash() returned [%ld]\n",
41 + __func__, PTR_ERR(tfm));
44 req = ahash_request_alloc(tfm, GFP_NOFS);
47 @@ -755,8 +765,11 @@ static int ext4_hmac(bool derivation, const char *key, size_t key_size,
48 ext4_hmac_complete, &ehr);
50 res = crypto_ahash_setkey(tfm, key, key_size);
53 + printk(KERN_ERR "%s: crypto_ahash_setkey() returned [%d]\n",
57 sg_init_one(&sg, src, src_size);
58 ahash_request_set_crypt(req, &sg, hmac, src_size);
59 init_completion(&ehr.completion);
60 @@ -766,13 +779,18 @@ static int ext4_hmac(bool derivation, const char *key, size_t key_size,
61 wait_for_completion(&ehr.completion);
66 + printk(KERN_ERR "%s: crypto_ahash_digest() returned [%d]\n",
70 memcpy(dst, hmac, dst_size);
72 crypto_free_ahash(tfm);
74 ahash_request_free(req);
76 + printk(KERN_ERR "%s: returning [%d]\n", __func__, res);
80 @@ -836,8 +854,11 @@ static int ext4_crypt_wrapper_virt(const char *enc_key, const char *iv,
83 desc.tfm = crypto_alloc_blkcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
84 - if (IS_ERR(desc.tfm))
85 + if (IS_ERR(desc.tfm)) {
86 + printk(KERN_ERR "%s: crypto_alloc_blkcipher() returned [%ld]\n",
87 + __func__, PTR_ERR(desc.tfm));
88 return PTR_ERR(desc.tfm);
92 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY);
93 @@ -846,12 +867,21 @@ static int ext4_crypt_wrapper_virt(const char *enc_key, const char *iv,
94 crypto_blkcipher_set_iv(desc.tfm, iv, EXT4_WRAPPING_IV_SIZE);
95 res = crypto_blkcipher_setkey(desc.tfm, enc_key,
96 EXT4_AES_256_CTR_KEY_SIZE);
100 + "%s: crypto_blkcipher_setkey() returned [%d]\n",
105 res = crypto_blkcipher_encrypt(&desc, &dst, &src, size);
107 res = crypto_blkcipher_decrypt(&desc, &dst, &src, size);
110 + "%s: crypto_blkcipher_*crypt() returned [%d]\n",
114 crypto_free_blkcipher(desc.tfm);
116 @@ -988,8 +1018,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
119 res = ext4_get_wrapping_key(wrapping_key, packet->sig, inode);
122 + ext4_error(inode->i_sb,
123 + "%s: ext4_get_wrapping_key() with packet->sig [%s] returned [%d]\n",
124 + __func__, packet->sig, res);
127 BUG_ON(*key_packet_size != EXT4_FULL_WRAPPED_KEY_PACKET_V0_SIZE);
129 /* Size, type, nonce, and IV */
130 @@ -1005,8 +1039,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
132 EXT4_DERIVATION_TWEAK_NONCE_SIZE,
133 enc_key, EXT4_AES_256_CTR_KEY_SIZE);
136 + ext4_error(inode->i_sb,
137 + "%s: ext4_hmac_derive_key() returned [%d]\n",
142 /* Wrap the data key with the wrapping encryption key */
143 *((uint32_t *)key_packet.mode) = htonl(key->mode);
144 @@ -1019,8 +1057,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
145 EXT4_V0_SERIALIZED_KEY_SIZE, true);
146 memset(enc_key, 0, EXT4_AES_256_CTR_KEY_SIZE);
147 memset(key_packet.raw, 0, EXT4_MAX_KEY_SIZE);
150 + ext4_error(inode->i_sb,
151 + "%s: ext4_crypt_wrapper_virt() returned [%d]\n",
156 /* Calculate the HMAC over the entire packet (except, of
157 * course, the HMAC buffer at the end) */
158 @@ -1029,8 +1071,12 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
160 EXT4_DERIVATION_TWEAK_NONCE_SIZE,
161 int_key, EXT4_HMAC_KEY_SIZE);
164 + ext4_error(inode->i_sb,
165 + "%s: ext4_hmac_derive_key() returned [%d]\n",
169 BUILD_BUG_ON(EXT4_FULL_WRAPPED_KEY_PACKET_V0_SIZE < EXT4_HMAC_SIZE);
170 res = ext4_hmac_integrity(int_key, EXT4_HMAC_KEY_SIZE,
172 @@ -1041,6 +1087,8 @@ static int ext4_wrap_key(char *wrapped_key_packet, size_t *key_packet_size,
173 memset(int_key, 0, EXT4_HMAC_KEY_SIZE);
175 memset(wrapping_key, 0, EXT4_AES_256_XTS_KEY_SIZE);
177 + ext4_error(inode->i_sb, "%s: returning [%d]\n", __func__, res);
181 @@ -1084,8 +1132,12 @@ try_again:
182 ext4_generate_encryption_key(dentry);
183 res = ext4_wrap_key(wrapped_key_packet, &wrapped_key_packet_size,
184 &ei->i_encryption_key, inode);
187 + ext4_error(dentry->d_inode->i_sb,
188 + "%s: ext4_wrap_key() returned [%d]\n", __func__,
192 root_packet[0] = EXT4_PACKET_SET_VERSION_V0;
193 BUILD_BUG_ON(EXT4_PACKET_SET_V0_MAX_SIZE !=
194 (EXT4_PACKET_HEADER_SIZE +
195 @@ -1093,6 +1145,11 @@ try_again:
196 BUG_ON(sizeof(root_packet) != root_packet_size);
197 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION_METADATA, "",
198 root_packet, root_packet_size, 0);
200 + ext4_error(dentry->d_inode->i_sb,
201 + "%s: ext4_xattr_set() returned [%d]\n", __func__,
208 2.1.0.rc2.206.gedb03e5