2 #include <linux/ceph/ceph_debug.h>
5 #include <linux/scatterlist.h>
6 #include <linux/slab.h>
7 #include <crypto/hash.h>
8 #include <linux/key-type.h>
10 #include <keys/ceph-type.h>
11 #include <linux/ceph/decode.h>
14 int ceph_crypto_key_clone(struct ceph_crypto_key
*dst
,
15 const struct ceph_crypto_key
*src
)
17 memcpy(dst
, src
, sizeof(struct ceph_crypto_key
));
18 dst
->key
= kmemdup(src
->key
, src
->len
, GFP_NOFS
);
24 int ceph_crypto_key_encode(struct ceph_crypto_key
*key
, void **p
, void *end
)
26 if (*p
+ sizeof(u16
) + sizeof(key
->created
) +
27 sizeof(u16
) + key
->len
> end
)
29 ceph_encode_16(p
, key
->type
);
30 ceph_encode_copy(p
, &key
->created
, sizeof(key
->created
));
31 ceph_encode_16(p
, key
->len
);
32 ceph_encode_copy(p
, key
->key
, key
->len
);
36 int ceph_crypto_key_decode(struct ceph_crypto_key
*key
, void **p
, void *end
)
38 ceph_decode_need(p
, end
, 2*sizeof(u16
) + sizeof(key
->created
), bad
);
39 key
->type
= ceph_decode_16(p
);
40 ceph_decode_copy(p
, &key
->created
, sizeof(key
->created
));
41 key
->len
= ceph_decode_16(p
);
42 ceph_decode_need(p
, end
, key
->len
, bad
);
43 key
->key
= kmalloc(key
->len
, GFP_NOFS
);
46 ceph_decode_copy(p
, key
->key
, key
->len
);
50 dout("failed to decode crypto key\n");
54 int ceph_crypto_key_unarmor(struct ceph_crypto_key
*key
, const char *inkey
)
56 int inlen
= strlen(inkey
);
57 int blen
= inlen
* 3 / 4;
61 dout("crypto_key_unarmor %s\n", inkey
);
62 buf
= kmalloc(blen
, GFP_NOFS
);
65 blen
= ceph_unarmor(buf
, inkey
, inkey
+inlen
);
72 ret
= ceph_crypto_key_decode(key
, &p
, p
+ blen
);
76 dout("crypto_key_unarmor key %p type %d len %d\n", key
,
83 #define AES_KEY_SIZE 16
85 static struct crypto_blkcipher
*ceph_crypto_alloc_cipher(void)
87 return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC
);
90 static const u8
*aes_iv
= (u8
*)CEPH_AES_IV
;
93 * Should be used for buffers allocated with ceph_kvmalloc().
94 * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
95 * in-buffer (msg front).
97 * Dispose of @sgt with teardown_sgtable().
99 * @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
100 * in cases where a single sg is sufficient. No attempt to reduce the
101 * number of sgs by squeezing physically contiguous pages together is
102 * made though, for simplicity.
104 static int setup_sgtable(struct sg_table
*sgt
, struct scatterlist
*prealloc_sg
,
105 const void *buf
, unsigned int buf_len
)
107 struct scatterlist
*sg
;
108 const bool is_vmalloc
= is_vmalloc_addr(buf
);
109 unsigned int off
= offset_in_page(buf
);
110 unsigned int chunk_cnt
= 1;
111 unsigned int chunk_len
= PAGE_ALIGN(off
+ buf_len
);
116 memset(sgt
, 0, sizeof(*sgt
));
121 chunk_cnt
= chunk_len
>> PAGE_SHIFT
;
122 chunk_len
= PAGE_SIZE
;
126 ret
= sg_alloc_table(sgt
, chunk_cnt
, GFP_NOFS
);
130 WARN_ON(chunk_cnt
!= 1);
131 sg_init_table(prealloc_sg
, 1);
132 sgt
->sgl
= prealloc_sg
;
133 sgt
->nents
= sgt
->orig_nents
= 1;
136 for_each_sg(sgt
->sgl
, sg
, sgt
->orig_nents
, i
) {
138 unsigned int len
= min(chunk_len
- off
, buf_len
);
141 page
= vmalloc_to_page(buf
);
143 page
= virt_to_page(buf
);
145 sg_set_page(sg
, page
, len
, off
);
151 WARN_ON(buf_len
!= 0);
156 static void teardown_sgtable(struct sg_table
*sgt
)
158 if (sgt
->orig_nents
> 1)
162 static int ceph_aes_encrypt(const void *key
, int key_len
,
163 void *dst
, size_t *dst_len
,
164 const void *src
, size_t src_len
)
166 struct scatterlist sg_in
[2], prealloc_sg
;
167 struct sg_table sg_out
;
168 struct crypto_blkcipher
*tfm
= ceph_crypto_alloc_cipher();
169 struct blkcipher_desc desc
= { .tfm
= tfm
, .flags
= 0 };
173 size_t zero_padding
= (0x10 - (src_len
& 0x0f));
179 memset(pad
, zero_padding
, zero_padding
);
181 *dst_len
= src_len
+ zero_padding
;
183 sg_init_table(sg_in
, 2);
184 sg_set_buf(&sg_in
[0], src
, src_len
);
185 sg_set_buf(&sg_in
[1], pad
, zero_padding
);
186 ret
= setup_sgtable(&sg_out
, &prealloc_sg
, dst
, *dst_len
);
190 crypto_blkcipher_setkey((void *)tfm
, key
, key_len
);
191 iv
= crypto_blkcipher_crt(tfm
)->iv
;
192 ivsize
= crypto_blkcipher_ivsize(tfm
);
193 memcpy(iv
, aes_iv
, ivsize
);
196 print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
198 print_hex_dump(KERN_ERR, "enc src: ", DUMP_PREFIX_NONE, 16, 1,
200 print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
201 pad, zero_padding, 1);
203 ret
= crypto_blkcipher_encrypt(&desc
, sg_out
.sgl
, sg_in
,
204 src_len
+ zero_padding
);
206 pr_err("ceph_aes_crypt failed %d\n", ret
);
210 print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1,
215 teardown_sgtable(&sg_out
);
217 crypto_free_blkcipher(tfm
);
221 static int ceph_aes_encrypt2(const void *key
, int key_len
, void *dst
,
223 const void *src1
, size_t src1_len
,
224 const void *src2
, size_t src2_len
)
226 struct scatterlist sg_in
[3], prealloc_sg
;
227 struct sg_table sg_out
;
228 struct crypto_blkcipher
*tfm
= ceph_crypto_alloc_cipher();
229 struct blkcipher_desc desc
= { .tfm
= tfm
, .flags
= 0 };
233 size_t zero_padding
= (0x10 - ((src1_len
+ src2_len
) & 0x0f));
239 memset(pad
, zero_padding
, zero_padding
);
241 *dst_len
= src1_len
+ src2_len
+ zero_padding
;
243 sg_init_table(sg_in
, 3);
244 sg_set_buf(&sg_in
[0], src1
, src1_len
);
245 sg_set_buf(&sg_in
[1], src2
, src2_len
);
246 sg_set_buf(&sg_in
[2], pad
, zero_padding
);
247 ret
= setup_sgtable(&sg_out
, &prealloc_sg
, dst
, *dst_len
);
251 crypto_blkcipher_setkey((void *)tfm
, key
, key_len
);
252 iv
= crypto_blkcipher_crt(tfm
)->iv
;
253 ivsize
= crypto_blkcipher_ivsize(tfm
);
254 memcpy(iv
, aes_iv
, ivsize
);
257 print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
259 print_hex_dump(KERN_ERR, "enc src1: ", DUMP_PREFIX_NONE, 16, 1,
261 print_hex_dump(KERN_ERR, "enc src2: ", DUMP_PREFIX_NONE, 16, 1,
263 print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
264 pad, zero_padding, 1);
266 ret
= crypto_blkcipher_encrypt(&desc
, sg_out
.sgl
, sg_in
,
267 src1_len
+ src2_len
+ zero_padding
);
269 pr_err("ceph_aes_crypt2 failed %d\n", ret
);
273 print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1,
278 teardown_sgtable(&sg_out
);
280 crypto_free_blkcipher(tfm
);
284 static int ceph_aes_decrypt(const void *key
, int key_len
,
285 void *dst
, size_t *dst_len
,
286 const void *src
, size_t src_len
)
288 struct sg_table sg_in
;
289 struct scatterlist sg_out
[2], prealloc_sg
;
290 struct crypto_blkcipher
*tfm
= ceph_crypto_alloc_cipher();
291 struct blkcipher_desc desc
= { .tfm
= tfm
};
301 sg_init_table(sg_out
, 2);
302 sg_set_buf(&sg_out
[0], dst
, *dst_len
);
303 sg_set_buf(&sg_out
[1], pad
, sizeof(pad
));
304 ret
= setup_sgtable(&sg_in
, &prealloc_sg
, src
, src_len
);
308 crypto_blkcipher_setkey((void *)tfm
, key
, key_len
);
309 iv
= crypto_blkcipher_crt(tfm
)->iv
;
310 ivsize
= crypto_blkcipher_ivsize(tfm
);
311 memcpy(iv
, aes_iv
, ivsize
);
314 print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1,
316 print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
319 ret
= crypto_blkcipher_decrypt(&desc
, sg_out
, sg_in
.sgl
, src_len
);
321 pr_err("ceph_aes_decrypt failed %d\n", ret
);
325 if (src_len
<= *dst_len
)
326 last_byte
= ((char *)dst
)[src_len
- 1];
328 last_byte
= pad
[src_len
- *dst_len
- 1];
329 if (last_byte
<= 16 && src_len
>= last_byte
) {
330 *dst_len
= src_len
- last_byte
;
332 pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n",
333 last_byte
, (int)src_len
);
334 return -EPERM
; /* bad padding */
337 print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1,
342 teardown_sgtable(&sg_in
);
344 crypto_free_blkcipher(tfm
);
348 static int ceph_aes_decrypt2(const void *key
, int key_len
,
349 void *dst1
, size_t *dst1_len
,
350 void *dst2
, size_t *dst2_len
,
351 const void *src
, size_t src_len
)
353 struct sg_table sg_in
;
354 struct scatterlist sg_out
[3], prealloc_sg
;
355 struct crypto_blkcipher
*tfm
= ceph_crypto_alloc_cipher();
356 struct blkcipher_desc desc
= { .tfm
= tfm
};
366 sg_init_table(sg_out
, 3);
367 sg_set_buf(&sg_out
[0], dst1
, *dst1_len
);
368 sg_set_buf(&sg_out
[1], dst2
, *dst2_len
);
369 sg_set_buf(&sg_out
[2], pad
, sizeof(pad
));
370 ret
= setup_sgtable(&sg_in
, &prealloc_sg
, src
, src_len
);
374 crypto_blkcipher_setkey((void *)tfm
, key
, key_len
);
375 iv
= crypto_blkcipher_crt(tfm
)->iv
;
376 ivsize
= crypto_blkcipher_ivsize(tfm
);
377 memcpy(iv
, aes_iv
, ivsize
);
380 print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1,
382 print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
385 ret
= crypto_blkcipher_decrypt(&desc
, sg_out
, sg_in
.sgl
, src_len
);
387 pr_err("ceph_aes_decrypt failed %d\n", ret
);
391 if (src_len
<= *dst1_len
)
392 last_byte
= ((char *)dst1
)[src_len
- 1];
393 else if (src_len
<= *dst1_len
+ *dst2_len
)
394 last_byte
= ((char *)dst2
)[src_len
- *dst1_len
- 1];
396 last_byte
= pad
[src_len
- *dst1_len
- *dst2_len
- 1];
397 if (last_byte
<= 16 && src_len
>= last_byte
) {
398 src_len
-= last_byte
;
400 pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n",
401 last_byte
, (int)src_len
);
402 return -EPERM
; /* bad padding */
405 if (src_len
< *dst1_len
) {
409 *dst2_len
= src_len
- *dst1_len
;
412 print_hex_dump(KERN_ERR, "dec out1: ", DUMP_PREFIX_NONE, 16, 1,
414 print_hex_dump(KERN_ERR, "dec out2: ", DUMP_PREFIX_NONE, 16, 1,
419 teardown_sgtable(&sg_in
);
421 crypto_free_blkcipher(tfm
);
426 int ceph_decrypt(struct ceph_crypto_key
*secret
, void *dst
, size_t *dst_len
,
427 const void *src
, size_t src_len
)
429 switch (secret
->type
) {
430 case CEPH_CRYPTO_NONE
:
431 if (*dst_len
< src_len
)
433 memcpy(dst
, src
, src_len
);
437 case CEPH_CRYPTO_AES
:
438 return ceph_aes_decrypt(secret
->key
, secret
->len
, dst
,
439 dst_len
, src
, src_len
);
446 int ceph_decrypt2(struct ceph_crypto_key
*secret
,
447 void *dst1
, size_t *dst1_len
,
448 void *dst2
, size_t *dst2_len
,
449 const void *src
, size_t src_len
)
453 switch (secret
->type
) {
454 case CEPH_CRYPTO_NONE
:
455 if (*dst1_len
+ *dst2_len
< src_len
)
457 t
= min(*dst1_len
, src_len
);
458 memcpy(dst1
, src
, t
);
463 t
= min(*dst2_len
, src_len
);
464 memcpy(dst2
, src
, t
);
469 case CEPH_CRYPTO_AES
:
470 return ceph_aes_decrypt2(secret
->key
, secret
->len
,
471 dst1
, dst1_len
, dst2
, dst2_len
,
479 int ceph_encrypt(struct ceph_crypto_key
*secret
, void *dst
, size_t *dst_len
,
480 const void *src
, size_t src_len
)
482 switch (secret
->type
) {
483 case CEPH_CRYPTO_NONE
:
484 if (*dst_len
< src_len
)
486 memcpy(dst
, src
, src_len
);
490 case CEPH_CRYPTO_AES
:
491 return ceph_aes_encrypt(secret
->key
, secret
->len
, dst
,
492 dst_len
, src
, src_len
);
499 int ceph_encrypt2(struct ceph_crypto_key
*secret
, void *dst
, size_t *dst_len
,
500 const void *src1
, size_t src1_len
,
501 const void *src2
, size_t src2_len
)
503 switch (secret
->type
) {
504 case CEPH_CRYPTO_NONE
:
505 if (*dst_len
< src1_len
+ src2_len
)
507 memcpy(dst
, src1
, src1_len
);
508 memcpy(dst
+ src1_len
, src2
, src2_len
);
509 *dst_len
= src1_len
+ src2_len
;
512 case CEPH_CRYPTO_AES
:
513 return ceph_aes_encrypt2(secret
->key
, secret
->len
, dst
, dst_len
,
514 src1
, src1_len
, src2
, src2_len
);
521 static int ceph_key_instantiate(struct key
*key
,
522 struct key_preparsed_payload
*prep
)
524 struct ceph_crypto_key
*ckey
;
525 size_t datalen
= prep
->datalen
;
530 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
533 ret
= key_payload_reserve(key
, datalen
);
538 ckey
= kmalloc(sizeof(*ckey
), GFP_KERNEL
);
542 /* TODO ceph_crypto_key_decode should really take const input */
543 p
= (void *)prep
->data
;
544 ret
= ceph_crypto_key_decode(ckey
, &p
, (char*)prep
->data
+datalen
);
548 key
->payload
.data
= ckey
;
557 static int ceph_key_match(const struct key
*key
, const void *description
)
559 return strcmp(key
->description
, description
) == 0;
562 static void ceph_key_destroy(struct key
*key
) {
563 struct ceph_crypto_key
*ckey
= key
->payload
.data
;
565 ceph_crypto_key_destroy(ckey
);
569 struct key_type key_type_ceph
= {
571 .instantiate
= ceph_key_instantiate
,
572 .match
= ceph_key_match
,
573 .destroy
= ceph_key_destroy
,
576 int ceph_crypto_init(void) {
577 return register_key_type(&key_type_ceph
);
580 void ceph_crypto_shutdown(void) {
581 unregister_key_type(&key_type_ceph
);