LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Andrew Morton <akpm@linux-foundation.org>
To: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: linux-kernel@vger.kernel.org, dustin.kirkland@gmail.com,
sandeen@redhat.com, tchicks@us.ibm.com, shaggy@us.ibm.com
Subject: Re: [PATCH 3/5] eCryptfs: Filename Encryption: Encoding and encryption functions
Date: Thu, 6 Nov 2008 14:12:54 -0800 [thread overview]
Message-ID: <20081106141254.ba887466.akpm@linux-foundation.org> (raw)
In-Reply-To: <20081104214120.GC6677@halcrowt61p.austin.ibm.com>
On Tue, 4 Nov 2008 15:41:20 -0600
Michael Halcrow <mhalcrow@us.ibm.com> wrote:
> These functions support encrypting and encoding the filename
> contents. The encrypted filename contents may consist of any ASCII
> characters. This patch includes a custom encoding mechanism to map the
> ASCII characters to a reduced character set that is appropriate for
> filenames.
>
>
> ...
>
> +/* We could either offset on every reverse map or just pad some 0x00's
> + * at the front here */
> +static unsigned char filename_rev_map[] = {
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 39 */
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, /* 47 */
> + 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, /* 55 */
> + 0x0A, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 63 */
> + 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, /* 71 */
> + 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, /* 79 */
> + 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, /* 87 */
> + 0x23, 0x24, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */
> + 0x00, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, /* 103 */
> + 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, /* 111 */
> + 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, /* 119 */
> + 0x3D, 0x3E, 0x3F
> +};
You might as well make this const also if poss. It doesn't make much
difference, apart from putting the table into write-protected memory.
>
> ...
>
> +int ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
> + const unsigned char *src, size_t src_size)
> +{
> + u8 current_bit_offset = 0;
> + size_t src_byte_offset = 0;
> + size_t dst_byte_offset = 0;
> + int rc = 0;
> +
> + if (dst == NULL) {
> + /* Not exact; conservatively long */
> + (*dst_size) = (((src_size + 1) * 3) / 4);
Are you sure about that? The destination will be 0.75 times as long as
the source? Seems risky.
What's this code doing anyway? At a guess, I'd say that it's a special
mode to this function which provides the caller with an estimate of how
much storage needs to be allocated to decode *src. Or maybe that guess
was completely wrong. A comment is needed, methinks.
> + goto out;
> + }
> + while (src_byte_offset < src_size) {
> + unsigned char src_byte =
> + filename_rev_map[(int)src[src_byte_offset]];
> +
> + switch (current_bit_offset) {
> + case 0:
> + dst[dst_byte_offset] = (src_byte << 2);
> + current_bit_offset = 6;
> + break;
> + case 6:
> + dst[dst_byte_offset++] |= (src_byte >> 4);
> + dst[dst_byte_offset] = ((src_byte & 0xF)
> + << 4);
> + current_bit_offset = 4;
> + break;
> + case 4:
> + dst[dst_byte_offset++] |= (src_byte >> 2);
> + dst[dst_byte_offset] = (src_byte << 6);
> + current_bit_offset = 2;
> + break;
> + case 2:
> + dst[dst_byte_offset++] |= (src_byte);
> + dst[dst_byte_offset] = 0;
> + current_bit_offset = 0;
> + break;
> + }
> + src_byte_offset++;
> + }
> + (*dst_size) = dst_byte_offset;
> +out:
> + return rc;
> +}
> +
>
> ...
>
> +int ecryptfs_encrypt_and_encode_filename(
> + char **encoded_name,
> + size_t *encoded_name_size,
> + struct ecryptfs_crypt_stat *crypt_stat,
> + struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
> + const char *name, size_t name_size)
> +{
> + size_t encoded_name_no_prefix_size;
> + int rc = 0;
> +
> + (*encoded_name) = NULL;
> + (*encoded_name_size) = 0;
> + if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
> + || (mount_crypt_stat && (mount_crypt_stat->flags
> + & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) {
> + struct ecryptfs_filename *filename;
> +
> + filename = kzalloc(sizeof(*filename), GFP_KERNEL);
> + if (!filename) {
> + printk(KERN_ERR "%s: Out of memory whilst attempting "
> + "to kzalloc [%d] bytes\n", __func__,
More printk warnings :(
> + sizeof(*filename));
> + rc = -ENOMEM;
> + goto out;
> + }
> + filename->filename = (char *)name;
> + filename->filename_size = name_size;
> + rc = ecryptfs_encrypt_filename(filename, crypt_stat,
> + mount_crypt_stat);
next prev parent reply other threads:[~2008-11-06 22:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-04 21:37 [PATCH 0/5] eCryptfs: Filename Encryption Michael Halcrow
2008-11-04 21:39 ` [PATCH 1/5] eCryptfs: Filename Encryption: Tag 70 packets Michael Halcrow
2008-11-06 22:12 ` Andrew Morton
2008-11-12 17:01 ` [PATCH] eCryptfs: Replace %Z with %z Michael Halcrow
2008-11-12 17:04 ` [PATCH] eCryptfs: Fix data types (int/size_t) Michael Halcrow
2008-11-12 17:06 ` [PATCH] eCryptfs: kerneldoc for ecryptfs_parse_tag_70_packet() Michael Halcrow
2008-11-04 21:39 ` [PATCH 2/5] eCryptfs: Filename Encryption: Header updates Michael Halcrow
2008-11-04 21:41 ` [PATCH 3/5] eCryptfs: Filename Encryption: Encoding and encryption functions Michael Halcrow
2008-11-05 18:17 ` Dave Hansen
2008-11-06 21:01 ` Michael Halcrow
2008-11-06 22:12 ` Andrew Morton [this message]
2008-11-12 17:11 ` [PATCH] eCryptfs: Clean up ecryptfs_decode_from_filename() Michael Halcrow
2008-11-04 21:42 ` [PATCH 4/5] eCryptfs: Filename Encryption: filldir, lookup, and readlink Michael Halcrow
2008-11-04 21:43 ` [PATCH 5/5] eCryptfs: Filename Encryption: mount option Michael Halcrow
2008-11-06 22:13 ` Andrew Morton
2008-11-14 16:47 ` Michael Halcrow
2008-11-05 15:57 ` [PATCH 0/5] eCryptfs: Filename Encryption Pavel Machek
2008-11-06 20:27 ` Michael Halcrow
2008-11-06 20:52 ` Dave Kleikamp
2008-11-06 22:11 ` Michael Halcrow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081106141254.ba887466.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=dustin.kirkland@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhalcrow@us.ibm.com \
--cc=sandeen@redhat.com \
--cc=shaggy@us.ibm.com \
--cc=tchicks@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).