]>
Commit | Line | Data |
---|---|---|
8b6e4f2d SW |
1 | |
2 | #include "ceph_debug.h" | |
3 | ||
4 | #include <linux/err.h> | |
5 | #include <linux/scatterlist.h> | |
5a0e3ad6 | 6 | #include <linux/slab.h> |
8b6e4f2d SW |
7 | #include <crypto/hash.h> |
8 | ||
9 | #include "crypto.h" | |
10 | #include "decode.h" | |
11 | ||
12 | int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) | |
13 | { | |
14 | if (*p + sizeof(u16) + sizeof(key->created) + | |
15 | sizeof(u16) + key->len > end) | |
16 | return -ERANGE; | |
17 | ceph_encode_16(p, key->type); | |
18 | ceph_encode_copy(p, &key->created, sizeof(key->created)); | |
19 | ceph_encode_16(p, key->len); | |
20 | ceph_encode_copy(p, key->key, key->len); | |
21 | return 0; | |
22 | } | |
23 | ||
24 | int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) | |
25 | { | |
26 | ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad); | |
27 | key->type = ceph_decode_16(p); | |
28 | ceph_decode_copy(p, &key->created, sizeof(key->created)); | |
29 | key->len = ceph_decode_16(p); | |
30 | ceph_decode_need(p, end, key->len, bad); | |
31 | key->key = kmalloc(key->len, GFP_NOFS); | |
32 | if (!key->key) | |
33 | return -ENOMEM; | |
34 | ceph_decode_copy(p, key->key, key->len); | |
35 | return 0; | |
36 | ||
37 | bad: | |
38 | dout("failed to decode crypto key\n"); | |
39 | return -EINVAL; | |
40 | } | |
41 | ||
42 | int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) | |
43 | { | |
44 | int inlen = strlen(inkey); | |
45 | int blen = inlen * 3 / 4; | |
46 | void *buf, *p; | |
47 | int ret; | |
48 | ||
49 | dout("crypto_key_unarmor %s\n", inkey); | |
50 | buf = kmalloc(blen, GFP_NOFS); | |
51 | if (!buf) | |
52 | return -ENOMEM; | |
53 | blen = ceph_unarmor(buf, inkey, inkey+inlen); | |
54 | if (blen < 0) { | |
55 | kfree(buf); | |
56 | return blen; | |
57 | } | |
58 | ||
59 | p = buf; | |
60 | ret = ceph_crypto_key_decode(key, &p, p + blen); | |
61 | kfree(buf); | |
62 | if (ret) | |
63 | return ret; | |
64 | dout("crypto_key_unarmor key %p type %d len %d\n", key, | |
65 | key->type, key->len); | |
66 | return 0; | |
67 | } | |
68 | ||
69 | ||
70 | ||
71 | #define AES_KEY_SIZE 16 | |
72 | ||
73 | static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void) | |
74 | { | |
75 | return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC); | |
76 | } | |
77 | ||
cd84db6e | 78 | static const u8 *aes_iv = "cephsageyudagreg"; |
8b6e4f2d | 79 | |
cd84db6e YS |
80 | static int ceph_aes_encrypt(const void *key, int key_len, |
81 | void *dst, size_t *dst_len, | |
82 | const void *src, size_t src_len) | |
8b6e4f2d SW |
83 | { |
84 | struct scatterlist sg_in[2], sg_out[1]; | |
85 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | |
86 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; | |
87 | int ret; | |
88 | void *iv; | |
89 | int ivsize; | |
90 | size_t zero_padding = (0x10 - (src_len & 0x0f)); | |
91 | char pad[16]; | |
92 | ||
93 | if (IS_ERR(tfm)) | |
94 | return PTR_ERR(tfm); | |
95 | ||
96 | memset(pad, zero_padding, zero_padding); | |
97 | ||
98 | *dst_len = src_len + zero_padding; | |
99 | ||
100 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
101 | sg_init_table(sg_in, 2); | |
102 | sg_set_buf(&sg_in[0], src, src_len); | |
103 | sg_set_buf(&sg_in[1], pad, zero_padding); | |
104 | sg_init_table(sg_out, 1); | |
105 | sg_set_buf(sg_out, dst, *dst_len); | |
106 | iv = crypto_blkcipher_crt(tfm)->iv; | |
107 | ivsize = crypto_blkcipher_ivsize(tfm); | |
108 | ||
109 | memcpy(iv, aes_iv, ivsize); | |
110 | /* | |
111 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, | |
112 | key, key_len, 1); | |
113 | print_hex_dump(KERN_ERR, "enc src: ", DUMP_PREFIX_NONE, 16, 1, | |
114 | src, src_len, 1); | |
115 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, | |
116 | pad, zero_padding, 1); | |
117 | */ | |
118 | ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | |
119 | src_len + zero_padding); | |
120 | crypto_free_blkcipher(tfm); | |
121 | if (ret < 0) | |
122 | pr_err("ceph_aes_crypt failed %d\n", ret); | |
123 | /* | |
124 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, | |
125 | dst, *dst_len, 1); | |
126 | */ | |
127 | return 0; | |
128 | } | |
129 | ||
cd84db6e YS |
130 | static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, |
131 | size_t *dst_len, | |
132 | const void *src1, size_t src1_len, | |
133 | const void *src2, size_t src2_len) | |
8b6e4f2d SW |
134 | { |
135 | struct scatterlist sg_in[3], sg_out[1]; | |
136 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | |
137 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; | |
138 | int ret; | |
139 | void *iv; | |
140 | int ivsize; | |
141 | size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f)); | |
142 | char pad[16]; | |
143 | ||
144 | if (IS_ERR(tfm)) | |
145 | return PTR_ERR(tfm); | |
146 | ||
147 | memset(pad, zero_padding, zero_padding); | |
148 | ||
149 | *dst_len = src1_len + src2_len + zero_padding; | |
150 | ||
151 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
152 | sg_init_table(sg_in, 3); | |
153 | sg_set_buf(&sg_in[0], src1, src1_len); | |
154 | sg_set_buf(&sg_in[1], src2, src2_len); | |
155 | sg_set_buf(&sg_in[2], pad, zero_padding); | |
156 | sg_init_table(sg_out, 1); | |
157 | sg_set_buf(sg_out, dst, *dst_len); | |
158 | iv = crypto_blkcipher_crt(tfm)->iv; | |
159 | ivsize = crypto_blkcipher_ivsize(tfm); | |
160 | ||
161 | memcpy(iv, aes_iv, ivsize); | |
162 | /* | |
163 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, | |
164 | key, key_len, 1); | |
165 | print_hex_dump(KERN_ERR, "enc src1: ", DUMP_PREFIX_NONE, 16, 1, | |
166 | src1, src1_len, 1); | |
167 | print_hex_dump(KERN_ERR, "enc src2: ", DUMP_PREFIX_NONE, 16, 1, | |
168 | src2, src2_len, 1); | |
169 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, | |
170 | pad, zero_padding, 1); | |
171 | */ | |
172 | ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | |
173 | src1_len + src2_len + zero_padding); | |
174 | crypto_free_blkcipher(tfm); | |
175 | if (ret < 0) | |
176 | pr_err("ceph_aes_crypt2 failed %d\n", ret); | |
177 | /* | |
178 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, | |
179 | dst, *dst_len, 1); | |
180 | */ | |
181 | return 0; | |
182 | } | |
183 | ||
cd84db6e YS |
184 | static int ceph_aes_decrypt(const void *key, int key_len, |
185 | void *dst, size_t *dst_len, | |
186 | const void *src, size_t src_len) | |
8b6e4f2d SW |
187 | { |
188 | struct scatterlist sg_in[1], sg_out[2]; | |
189 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | |
190 | struct blkcipher_desc desc = { .tfm = tfm }; | |
191 | char pad[16]; | |
192 | void *iv; | |
193 | int ivsize; | |
194 | int ret; | |
195 | int last_byte; | |
196 | ||
197 | if (IS_ERR(tfm)) | |
198 | return PTR_ERR(tfm); | |
199 | ||
200 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
201 | sg_init_table(sg_in, 1); | |
202 | sg_init_table(sg_out, 2); | |
203 | sg_set_buf(sg_in, src, src_len); | |
204 | sg_set_buf(&sg_out[0], dst, *dst_len); | |
205 | sg_set_buf(&sg_out[1], pad, sizeof(pad)); | |
206 | ||
207 | iv = crypto_blkcipher_crt(tfm)->iv; | |
208 | ivsize = crypto_blkcipher_ivsize(tfm); | |
209 | ||
210 | memcpy(iv, aes_iv, ivsize); | |
211 | ||
212 | /* | |
213 | print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1, | |
214 | key, key_len, 1); | |
215 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, | |
216 | src, src_len, 1); | |
217 | */ | |
218 | ||
219 | ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | |
220 | crypto_free_blkcipher(tfm); | |
221 | if (ret < 0) { | |
222 | pr_err("ceph_aes_decrypt failed %d\n", ret); | |
223 | return ret; | |
224 | } | |
225 | ||
226 | if (src_len <= *dst_len) | |
227 | last_byte = ((char *)dst)[src_len - 1]; | |
228 | else | |
229 | last_byte = pad[src_len - *dst_len - 1]; | |
230 | if (last_byte <= 16 && src_len >= last_byte) { | |
231 | *dst_len = src_len - last_byte; | |
232 | } else { | |
233 | pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n", | |
234 | last_byte, (int)src_len); | |
235 | return -EPERM; /* bad padding */ | |
236 | } | |
237 | /* | |
238 | print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, | |
239 | dst, *dst_len, 1); | |
240 | */ | |
241 | return 0; | |
242 | } | |
243 | ||
cd84db6e YS |
244 | static int ceph_aes_decrypt2(const void *key, int key_len, |
245 | void *dst1, size_t *dst1_len, | |
246 | void *dst2, size_t *dst2_len, | |
247 | const void *src, size_t src_len) | |
8b6e4f2d SW |
248 | { |
249 | struct scatterlist sg_in[1], sg_out[3]; | |
250 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | |
251 | struct blkcipher_desc desc = { .tfm = tfm }; | |
252 | char pad[16]; | |
253 | void *iv; | |
254 | int ivsize; | |
255 | int ret; | |
256 | int last_byte; | |
257 | ||
258 | if (IS_ERR(tfm)) | |
259 | return PTR_ERR(tfm); | |
260 | ||
261 | sg_init_table(sg_in, 1); | |
262 | sg_set_buf(sg_in, src, src_len); | |
263 | sg_init_table(sg_out, 3); | |
264 | sg_set_buf(&sg_out[0], dst1, *dst1_len); | |
265 | sg_set_buf(&sg_out[1], dst2, *dst2_len); | |
266 | sg_set_buf(&sg_out[2], pad, sizeof(pad)); | |
267 | ||
268 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
269 | iv = crypto_blkcipher_crt(tfm)->iv; | |
270 | ivsize = crypto_blkcipher_ivsize(tfm); | |
271 | ||
272 | memcpy(iv, aes_iv, ivsize); | |
273 | ||
274 | /* | |
275 | print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1, | |
276 | key, key_len, 1); | |
277 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, | |
278 | src, src_len, 1); | |
279 | */ | |
280 | ||
281 | ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | |
282 | crypto_free_blkcipher(tfm); | |
283 | if (ret < 0) { | |
284 | pr_err("ceph_aes_decrypt failed %d\n", ret); | |
285 | return ret; | |
286 | } | |
287 | ||
288 | if (src_len <= *dst1_len) | |
289 | last_byte = ((char *)dst1)[src_len - 1]; | |
290 | else if (src_len <= *dst1_len + *dst2_len) | |
291 | last_byte = ((char *)dst2)[src_len - *dst1_len - 1]; | |
292 | else | |
293 | last_byte = pad[src_len - *dst1_len - *dst2_len - 1]; | |
294 | if (last_byte <= 16 && src_len >= last_byte) { | |
295 | src_len -= last_byte; | |
296 | } else { | |
297 | pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n", | |
298 | last_byte, (int)src_len); | |
299 | return -EPERM; /* bad padding */ | |
300 | } | |
301 | ||
302 | if (src_len < *dst1_len) { | |
303 | *dst1_len = src_len; | |
304 | *dst2_len = 0; | |
305 | } else { | |
306 | *dst2_len = src_len - *dst1_len; | |
307 | } | |
308 | /* | |
309 | print_hex_dump(KERN_ERR, "dec out1: ", DUMP_PREFIX_NONE, 16, 1, | |
310 | dst1, *dst1_len, 1); | |
311 | print_hex_dump(KERN_ERR, "dec out2: ", DUMP_PREFIX_NONE, 16, 1, | |
312 | dst2, *dst2_len, 1); | |
313 | */ | |
314 | ||
315 | return 0; | |
316 | } | |
317 | ||
318 | ||
319 | int ceph_decrypt(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, | |
320 | const void *src, size_t src_len) | |
321 | { | |
322 | switch (secret->type) { | |
323 | case CEPH_CRYPTO_NONE: | |
324 | if (*dst_len < src_len) | |
325 | return -ERANGE; | |
326 | memcpy(dst, src, src_len); | |
327 | *dst_len = src_len; | |
328 | return 0; | |
329 | ||
330 | case CEPH_CRYPTO_AES: | |
331 | return ceph_aes_decrypt(secret->key, secret->len, dst, | |
332 | dst_len, src, src_len); | |
333 | ||
334 | default: | |
335 | return -EINVAL; | |
336 | } | |
337 | } | |
338 | ||
339 | int ceph_decrypt2(struct ceph_crypto_key *secret, | |
340 | void *dst1, size_t *dst1_len, | |
341 | void *dst2, size_t *dst2_len, | |
342 | const void *src, size_t src_len) | |
343 | { | |
344 | size_t t; | |
345 | ||
346 | switch (secret->type) { | |
347 | case CEPH_CRYPTO_NONE: | |
348 | if (*dst1_len + *dst2_len < src_len) | |
349 | return -ERANGE; | |
350 | t = min(*dst1_len, src_len); | |
351 | memcpy(dst1, src, t); | |
352 | *dst1_len = t; | |
353 | src += t; | |
354 | src_len -= t; | |
355 | if (src_len) { | |
356 | t = min(*dst2_len, src_len); | |
357 | memcpy(dst2, src, t); | |
358 | *dst2_len = t; | |
359 | } | |
360 | return 0; | |
361 | ||
362 | case CEPH_CRYPTO_AES: | |
363 | return ceph_aes_decrypt2(secret->key, secret->len, | |
364 | dst1, dst1_len, dst2, dst2_len, | |
365 | src, src_len); | |
366 | ||
367 | default: | |
368 | return -EINVAL; | |
369 | } | |
370 | } | |
371 | ||
372 | int ceph_encrypt(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, | |
373 | const void *src, size_t src_len) | |
374 | { | |
375 | switch (secret->type) { | |
376 | case CEPH_CRYPTO_NONE: | |
377 | if (*dst_len < src_len) | |
378 | return -ERANGE; | |
379 | memcpy(dst, src, src_len); | |
380 | *dst_len = src_len; | |
381 | return 0; | |
382 | ||
383 | case CEPH_CRYPTO_AES: | |
384 | return ceph_aes_encrypt(secret->key, secret->len, dst, | |
385 | dst_len, src, src_len); | |
386 | ||
387 | default: | |
388 | return -EINVAL; | |
389 | } | |
390 | } | |
391 | ||
392 | int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, | |
393 | const void *src1, size_t src1_len, | |
394 | const void *src2, size_t src2_len) | |
395 | { | |
396 | switch (secret->type) { | |
397 | case CEPH_CRYPTO_NONE: | |
398 | if (*dst_len < src1_len + src2_len) | |
399 | return -ERANGE; | |
400 | memcpy(dst, src1, src1_len); | |
401 | memcpy(dst + src1_len, src2, src2_len); | |
402 | *dst_len = src1_len + src2_len; | |
403 | return 0; | |
404 | ||
405 | case CEPH_CRYPTO_AES: | |
406 | return ceph_aes_encrypt2(secret->key, secret->len, dst, dst_len, | |
407 | src1, src1_len, src2, src2_len); | |
408 | ||
409 | default: | |
410 | return -EINVAL; | |
411 | } | |
412 | } |