]>
Commit | Line | Data |
---|---|---|
8b6e4f2d | 1 | |
3d14c5d2 | 2 | #include <linux/ceph/ceph_debug.h> |
8b6e4f2d SW |
3 | |
4 | #include <linux/err.h> | |
5 | #include <linux/scatterlist.h> | |
5a0e3ad6 | 6 | #include <linux/slab.h> |
e59dd982 HX |
7 | #include <crypto/aes.h> |
8 | #include <crypto/skcipher.h> | |
4b2a58ab | 9 | #include <linux/key-type.h> |
8b6e4f2d | 10 | |
4b2a58ab | 11 | #include <keys/ceph-type.h> |
7c3bec0a | 12 | #include <keys/user-type.h> |
3d14c5d2 | 13 | #include <linux/ceph/decode.h> |
8b6e4f2d | 14 | #include "crypto.h" |
8b6e4f2d | 15 | |
7af3ea18 ID |
16 | /* |
17 | * Set ->key and ->tfm. The rest of the key should be filled in before | |
18 | * this function is called. | |
19 | */ | |
20 | static int set_secret(struct ceph_crypto_key *key, void *buf) | |
21 | { | |
22 | unsigned int noio_flag; | |
23 | int ret; | |
24 | ||
25 | key->key = NULL; | |
26 | key->tfm = NULL; | |
27 | ||
28 | switch (key->type) { | |
29 | case CEPH_CRYPTO_NONE: | |
30 | return 0; /* nothing to do */ | |
31 | case CEPH_CRYPTO_AES: | |
32 | break; | |
33 | default: | |
34 | return -ENOTSUPP; | |
35 | } | |
36 | ||
37 | WARN_ON(!key->len); | |
38 | key->key = kmemdup(buf, key->len, GFP_NOIO); | |
39 | if (!key->key) { | |
40 | ret = -ENOMEM; | |
41 | goto fail; | |
42 | } | |
43 | ||
44 | /* crypto_alloc_skcipher() allocates with GFP_KERNEL */ | |
45 | noio_flag = memalloc_noio_save(); | |
46 | key->tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC); | |
47 | memalloc_noio_restore(noio_flag); | |
48 | if (IS_ERR(key->tfm)) { | |
49 | ret = PTR_ERR(key->tfm); | |
50 | key->tfm = NULL; | |
51 | goto fail; | |
52 | } | |
53 | ||
54 | ret = crypto_skcipher_setkey(key->tfm, key->key, key->len); | |
55 | if (ret) | |
56 | goto fail; | |
57 | ||
58 | return 0; | |
59 | ||
60 | fail: | |
61 | ceph_crypto_key_destroy(key); | |
62 | return ret; | |
63 | } | |
64 | ||
8323c3aa TV |
65 | int ceph_crypto_key_clone(struct ceph_crypto_key *dst, |
66 | const struct ceph_crypto_key *src) | |
67 | { | |
68 | memcpy(dst, src, sizeof(struct ceph_crypto_key)); | |
7af3ea18 | 69 | return set_secret(dst, src->key); |
8323c3aa TV |
70 | } |
71 | ||
8b6e4f2d SW |
72 | int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) |
73 | { | |
74 | if (*p + sizeof(u16) + sizeof(key->created) + | |
75 | sizeof(u16) + key->len > end) | |
76 | return -ERANGE; | |
77 | ceph_encode_16(p, key->type); | |
78 | ceph_encode_copy(p, &key->created, sizeof(key->created)); | |
79 | ceph_encode_16(p, key->len); | |
80 | ceph_encode_copy(p, key->key, key->len); | |
81 | return 0; | |
82 | } | |
83 | ||
84 | int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) | |
85 | { | |
7af3ea18 ID |
86 | int ret; |
87 | ||
8b6e4f2d SW |
88 | ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad); |
89 | key->type = ceph_decode_16(p); | |
90 | ceph_decode_copy(p, &key->created, sizeof(key->created)); | |
91 | key->len = ceph_decode_16(p); | |
92 | ceph_decode_need(p, end, key->len, bad); | |
7af3ea18 ID |
93 | ret = set_secret(key, *p); |
94 | *p += key->len; | |
95 | return ret; | |
8b6e4f2d SW |
96 | |
97 | bad: | |
98 | dout("failed to decode crypto key\n"); | |
99 | return -EINVAL; | |
100 | } | |
101 | ||
102 | int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) | |
103 | { | |
104 | int inlen = strlen(inkey); | |
105 | int blen = inlen * 3 / 4; | |
106 | void *buf, *p; | |
107 | int ret; | |
108 | ||
109 | dout("crypto_key_unarmor %s\n", inkey); | |
110 | buf = kmalloc(blen, GFP_NOFS); | |
111 | if (!buf) | |
112 | return -ENOMEM; | |
113 | blen = ceph_unarmor(buf, inkey, inkey+inlen); | |
114 | if (blen < 0) { | |
115 | kfree(buf); | |
116 | return blen; | |
117 | } | |
118 | ||
119 | p = buf; | |
120 | ret = ceph_crypto_key_decode(key, &p, p + blen); | |
121 | kfree(buf); | |
122 | if (ret) | |
123 | return ret; | |
124 | dout("crypto_key_unarmor key %p type %d len %d\n", key, | |
125 | key->type, key->len); | |
126 | return 0; | |
127 | } | |
128 | ||
6db2304a ID |
129 | void ceph_crypto_key_destroy(struct ceph_crypto_key *key) |
130 | { | |
131 | if (key) { | |
132 | kfree(key->key); | |
133 | key->key = NULL; | |
7af3ea18 ID |
134 | crypto_free_skcipher(key->tfm); |
135 | key->tfm = NULL; | |
6db2304a ID |
136 | } |
137 | } | |
138 | ||
cbbfe499 | 139 | static const u8 *aes_iv = (u8 *)CEPH_AES_IV; |
8b6e4f2d | 140 | |
aaef3170 ID |
141 | /* |
142 | * Should be used for buffers allocated with ceph_kvmalloc(). | |
143 | * Currently these are encrypt out-buffer (ceph_buffer) and decrypt | |
144 | * in-buffer (msg front). | |
145 | * | |
146 | * Dispose of @sgt with teardown_sgtable(). | |
147 | * | |
148 | * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() | |
149 | * in cases where a single sg is sufficient. No attempt to reduce the | |
150 | * number of sgs by squeezing physically contiguous pages together is | |
151 | * made though, for simplicity. | |
152 | */ | |
153 | static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, | |
154 | const void *buf, unsigned int buf_len) | |
155 | { | |
156 | struct scatterlist *sg; | |
157 | const bool is_vmalloc = is_vmalloc_addr(buf); | |
158 | unsigned int off = offset_in_page(buf); | |
159 | unsigned int chunk_cnt = 1; | |
160 | unsigned int chunk_len = PAGE_ALIGN(off + buf_len); | |
161 | int i; | |
162 | int ret; | |
163 | ||
164 | if (buf_len == 0) { | |
165 | memset(sgt, 0, sizeof(*sgt)); | |
166 | return -EINVAL; | |
167 | } | |
168 | ||
169 | if (is_vmalloc) { | |
170 | chunk_cnt = chunk_len >> PAGE_SHIFT; | |
171 | chunk_len = PAGE_SIZE; | |
172 | } | |
173 | ||
174 | if (chunk_cnt > 1) { | |
175 | ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); | |
176 | if (ret) | |
177 | return ret; | |
178 | } else { | |
179 | WARN_ON(chunk_cnt != 1); | |
180 | sg_init_table(prealloc_sg, 1); | |
181 | sgt->sgl = prealloc_sg; | |
182 | sgt->nents = sgt->orig_nents = 1; | |
183 | } | |
184 | ||
185 | for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { | |
186 | struct page *page; | |
187 | unsigned int len = min(chunk_len - off, buf_len); | |
188 | ||
189 | if (is_vmalloc) | |
190 | page = vmalloc_to_page(buf); | |
191 | else | |
192 | page = virt_to_page(buf); | |
193 | ||
194 | sg_set_page(sg, page, len, off); | |
195 | ||
196 | off = 0; | |
197 | buf += len; | |
198 | buf_len -= len; | |
199 | } | |
200 | WARN_ON(buf_len != 0); | |
201 | ||
202 | return 0; | |
203 | } | |
204 | ||
205 | static void teardown_sgtable(struct sg_table *sgt) | |
206 | { | |
207 | if (sgt->orig_nents > 1) | |
208 | sg_free_table(sgt); | |
209 | } | |
210 | ||
a45f795c ID |
211 | static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt, |
212 | void *buf, int buf_len, int in_len, int *pout_len) | |
213 | { | |
7af3ea18 | 214 | SKCIPHER_REQUEST_ON_STACK(req, key->tfm); |
a45f795c ID |
215 | struct sg_table sgt; |
216 | struct scatterlist prealloc_sg; | |
124f930b | 217 | char iv[AES_BLOCK_SIZE] __aligned(8); |
a45f795c ID |
218 | int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1)); |
219 | int crypt_len = encrypt ? in_len + pad_byte : in_len; | |
220 | int ret; | |
221 | ||
a45f795c ID |
222 | WARN_ON(crypt_len > buf_len); |
223 | if (encrypt) | |
224 | memset(buf + in_len, pad_byte, pad_byte); | |
225 | ret = setup_sgtable(&sgt, &prealloc_sg, buf, crypt_len); | |
226 | if (ret) | |
7af3ea18 | 227 | return ret; |
a45f795c | 228 | |
a45f795c | 229 | memcpy(iv, aes_iv, AES_BLOCK_SIZE); |
7af3ea18 | 230 | skcipher_request_set_tfm(req, key->tfm); |
a45f795c ID |
231 | skcipher_request_set_callback(req, 0, NULL, NULL); |
232 | skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv); | |
233 | ||
234 | /* | |
235 | print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1, | |
236 | key->key, key->len, 1); | |
237 | print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1, | |
238 | buf, crypt_len, 1); | |
239 | */ | |
240 | if (encrypt) | |
241 | ret = crypto_skcipher_encrypt(req); | |
242 | else | |
243 | ret = crypto_skcipher_decrypt(req); | |
244 | skcipher_request_zero(req); | |
245 | if (ret) { | |
246 | pr_err("%s %scrypt failed: %d\n", __func__, | |
247 | encrypt ? "en" : "de", ret); | |
248 | goto out_sgt; | |
249 | } | |
250 | /* | |
251 | print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1, | |
252 | buf, crypt_len, 1); | |
253 | */ | |
254 | ||
255 | if (encrypt) { | |
256 | *pout_len = crypt_len; | |
257 | } else { | |
258 | pad_byte = *(char *)(buf + in_len - 1); | |
259 | if (pad_byte > 0 && pad_byte <= AES_BLOCK_SIZE && | |
260 | in_len >= pad_byte) { | |
261 | *pout_len = in_len - pad_byte; | |
262 | } else { | |
263 | pr_err("%s got bad padding %d on in_len %d\n", | |
264 | __func__, pad_byte, in_len); | |
265 | ret = -EPERM; | |
266 | goto out_sgt; | |
267 | } | |
268 | } | |
269 | ||
270 | out_sgt: | |
271 | teardown_sgtable(&sgt); | |
a45f795c ID |
272 | return ret; |
273 | } | |
274 | ||
275 | int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt, | |
276 | void *buf, int buf_len, int in_len, int *pout_len) | |
277 | { | |
278 | switch (key->type) { | |
279 | case CEPH_CRYPTO_NONE: | |
280 | *pout_len = in_len; | |
281 | return 0; | |
282 | case CEPH_CRYPTO_AES: | |
283 | return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len, | |
284 | pout_len); | |
285 | default: | |
286 | return -ENOTSUPP; | |
287 | } | |
288 | } | |
289 | ||
efa64c09 | 290 | static int ceph_key_preparse(struct key_preparsed_payload *prep) |
4b2a58ab TV |
291 | { |
292 | struct ceph_crypto_key *ckey; | |
cf7f601c | 293 | size_t datalen = prep->datalen; |
4b2a58ab TV |
294 | int ret; |
295 | void *p; | |
296 | ||
297 | ret = -EINVAL; | |
cf7f601c | 298 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
4b2a58ab TV |
299 | goto err; |
300 | ||
4b2a58ab TV |
301 | ret = -ENOMEM; |
302 | ckey = kmalloc(sizeof(*ckey), GFP_KERNEL); | |
303 | if (!ckey) | |
304 | goto err; | |
305 | ||
306 | /* TODO ceph_crypto_key_decode should really take const input */ | |
cf7f601c DH |
307 | p = (void *)prep->data; |
308 | ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen); | |
4b2a58ab TV |
309 | if (ret < 0) |
310 | goto err_ckey; | |
311 | ||
146aa8b1 | 312 | prep->payload.data[0] = ckey; |
efa64c09 | 313 | prep->quotalen = datalen; |
4b2a58ab TV |
314 | return 0; |
315 | ||
316 | err_ckey: | |
317 | kfree(ckey); | |
318 | err: | |
319 | return ret; | |
320 | } | |
321 | ||
efa64c09 DH |
322 | static void ceph_key_free_preparse(struct key_preparsed_payload *prep) |
323 | { | |
146aa8b1 | 324 | struct ceph_crypto_key *ckey = prep->payload.data[0]; |
efa64c09 DH |
325 | ceph_crypto_key_destroy(ckey); |
326 | kfree(ckey); | |
327 | } | |
328 | ||
efa64c09 DH |
329 | static void ceph_key_destroy(struct key *key) |
330 | { | |
146aa8b1 | 331 | struct ceph_crypto_key *ckey = key->payload.data[0]; |
4b2a58ab TV |
332 | |
333 | ceph_crypto_key_destroy(ckey); | |
f0666b1a | 334 | kfree(ckey); |
4b2a58ab TV |
335 | } |
336 | ||
337 | struct key_type key_type_ceph = { | |
338 | .name = "ceph", | |
efa64c09 DH |
339 | .preparse = ceph_key_preparse, |
340 | .free_preparse = ceph_key_free_preparse, | |
341 | .instantiate = generic_key_instantiate, | |
4b2a58ab TV |
342 | .destroy = ceph_key_destroy, |
343 | }; | |
344 | ||
345 | int ceph_crypto_init(void) { | |
346 | return register_key_type(&key_type_ceph); | |
347 | } | |
348 | ||
349 | void ceph_crypto_shutdown(void) { | |
350 | unregister_key_type(&key_type_ceph); | |
351 | } |