2 * Copyright (C) 2010 IBM Corporation
3 * Copyright (C) 2010 Politecnico di Torino, Italy
4 * TORSEC group -- http://security.polito.it
7 * Mimi Zohar <zohar@us.ibm.com>
8 * Roberto Sassu <roberto.sassu@polito.it>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation, version 2 of the License.
14 * See Documentation/security/keys-trusted-encrypted.txt
17 #include <linux/uaccess.h>
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/slab.h>
21 #include <linux/parser.h>
22 #include <linux/string.h>
23 #include <linux/err.h>
24 #include <keys/user-type.h>
25 #include <keys/trusted-type.h>
26 #include <keys/encrypted-type.h>
27 #include <linux/key-type.h>
28 #include <linux/random.h>
29 #include <linux/rcupdate.h>
30 #include <linux/scatterlist.h>
31 #include <linux/ctype.h>
32 #include <crypto/aes.h>
33 #include <crypto/hash.h>
34 #include <crypto/sha.h>
35 #include <crypto/skcipher.h>
37 #include "encrypted.h"
38 #include "ecryptfs_format.h"
40 static const char KEY_TRUSTED_PREFIX
[] = "trusted:";
41 static const char KEY_USER_PREFIX
[] = "user:";
42 static const char hash_alg
[] = "sha256";
43 static const char hmac_alg
[] = "hmac(sha256)";
44 static const char blkcipher_alg
[] = "cbc(aes)";
45 static const char key_format_default
[] = "default";
46 static const char key_format_ecryptfs
[] = "ecryptfs";
47 static unsigned int ivsize
;
50 #define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
51 #define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
52 #define KEY_ECRYPTFS_DESC_LEN 16
53 #define HASH_SIZE SHA256_DIGEST_SIZE
54 #define MAX_DATA_SIZE 4096
55 #define MIN_DATA_SIZE 20
58 struct shash_desc shash
;
62 static struct crypto_shash
*hashalg
;
63 static struct crypto_shash
*hmacalg
;
66 Opt_err
= -1, Opt_new
, Opt_load
, Opt_update
70 Opt_error
= -1, Opt_default
, Opt_ecryptfs
73 static const match_table_t key_format_tokens
= {
74 {Opt_default
, "default"},
75 {Opt_ecryptfs
, "ecryptfs"},
79 static const match_table_t key_tokens
= {
82 {Opt_update
, "update"},
86 static int aes_get_sizes(void)
88 struct crypto_skcipher
*tfm
;
90 tfm
= crypto_alloc_skcipher(blkcipher_alg
, 0, CRYPTO_ALG_ASYNC
);
92 pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
96 ivsize
= crypto_skcipher_ivsize(tfm
);
97 blksize
= crypto_skcipher_blocksize(tfm
);
98 crypto_free_skcipher(tfm
);
103 * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
105 * The description of a encrypted key with format 'ecryptfs' must contain
106 * exactly 16 hexadecimal characters.
109 static int valid_ecryptfs_desc(const char *ecryptfs_desc
)
113 if (strlen(ecryptfs_desc
) != KEY_ECRYPTFS_DESC_LEN
) {
114 pr_err("encrypted_key: key description must be %d hexadecimal "
115 "characters long\n", KEY_ECRYPTFS_DESC_LEN
);
119 for (i
= 0; i
< KEY_ECRYPTFS_DESC_LEN
; i
++) {
120 if (!isxdigit(ecryptfs_desc
[i
])) {
121 pr_err("encrypted_key: key description must contain "
122 "only hexadecimal characters\n");
131 * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key
133 * key-type:= "trusted:" | "user:"
134 * desc:= master-key description
136 * Verify that 'key-type' is valid and that 'desc' exists. On key update,
137 * only the master key description is permitted to change, not the key-type.
138 * The key-type remains constant.
140 * On success returns 0, otherwise -EINVAL.
142 static int valid_master_desc(const char *new_desc
, const char *orig_desc
)
144 if (!memcmp(new_desc
, KEY_TRUSTED_PREFIX
, KEY_TRUSTED_PREFIX_LEN
)) {
145 if (strlen(new_desc
) == KEY_TRUSTED_PREFIX_LEN
)
148 if (memcmp(new_desc
, orig_desc
, KEY_TRUSTED_PREFIX_LEN
))
150 } else if (!memcmp(new_desc
, KEY_USER_PREFIX
, KEY_USER_PREFIX_LEN
)) {
151 if (strlen(new_desc
) == KEY_USER_PREFIX_LEN
)
154 if (memcmp(new_desc
, orig_desc
, KEY_USER_PREFIX_LEN
))
164 * datablob_parse - parse the keyctl data
167 * new [<format>] <master-key name> <decrypted data length>
168 * load [<format>] <master-key name> <decrypted data length>
169 * <encrypted iv + data>
170 * update <new-master-key name>
172 * Tokenizes a copy of the keyctl data, returning a pointer to each token,
173 * which is null terminated.
175 * On success returns 0, otherwise -EINVAL.
177 static int datablob_parse(char *datablob
, const char **format
,
178 char **master_desc
, char **decrypted_datalen
,
179 char **hex_encoded_iv
)
181 substring_t args
[MAX_OPT_ARGS
];
187 keyword
= strsep(&datablob
, " \t");
189 pr_info("encrypted_key: insufficient parameters specified\n");
192 key_cmd
= match_token(keyword
, key_tokens
, args
);
194 /* Get optional format: default | ecryptfs */
195 p
= strsep(&datablob
, " \t");
197 pr_err("encrypted_key: insufficient parameters specified\n");
201 key_format
= match_token(p
, key_format_tokens
, args
);
202 switch (key_format
) {
206 *master_desc
= strsep(&datablob
, " \t");
214 pr_info("encrypted_key: master key parameter is missing\n");
218 if (valid_master_desc(*master_desc
, NULL
) < 0) {
219 pr_info("encrypted_key: master key parameter \'%s\' "
220 "is invalid\n", *master_desc
);
224 if (decrypted_datalen
) {
225 *decrypted_datalen
= strsep(&datablob
, " \t");
226 if (!*decrypted_datalen
) {
227 pr_info("encrypted_key: keylen parameter is missing\n");
234 if (!decrypted_datalen
) {
235 pr_info("encrypted_key: keyword \'%s\' not allowed "
236 "when called from .update method\n", keyword
);
242 if (!decrypted_datalen
) {
243 pr_info("encrypted_key: keyword \'%s\' not allowed "
244 "when called from .update method\n", keyword
);
247 *hex_encoded_iv
= strsep(&datablob
, " \t");
248 if (!*hex_encoded_iv
) {
249 pr_info("encrypted_key: hex blob is missing\n");
255 if (decrypted_datalen
) {
256 pr_info("encrypted_key: keyword \'%s\' not allowed "
257 "when called from .instantiate method\n",
264 pr_info("encrypted_key: keyword \'%s\' not recognized\n",
273 * datablob_format - format as an ascii string, before copying to userspace
275 static char *datablob_format(struct encrypted_key_payload
*epayload
,
276 size_t asciiblob_len
)
278 char *ascii_buf
, *bufp
;
279 u8
*iv
= epayload
->iv
;
283 ascii_buf
= kmalloc(asciiblob_len
+ 1, GFP_KERNEL
);
287 ascii_buf
[asciiblob_len
] = '\0';
289 /* copy datablob master_desc and datalen strings */
290 len
= sprintf(ascii_buf
, "%s %s %s ", epayload
->format
,
291 epayload
->master_desc
, epayload
->datalen
);
293 /* convert the hex encoded iv, encrypted-data and HMAC to ascii */
294 bufp
= &ascii_buf
[len
];
295 for (i
= 0; i
< (asciiblob_len
- len
) / 2; i
++)
296 bufp
= hex_byte_pack(bufp
, iv
[i
]);
302 * request_user_key - request the user key
304 * Use a user provided key to encrypt/decrypt an encrypted-key.
306 static struct key
*request_user_key(const char *master_desc
, const u8
**master_key
,
307 size_t *master_keylen
)
309 const struct user_key_payload
*upayload
;
312 ukey
= request_key(&key_type_user
, master_desc
, NULL
);
316 down_read(&ukey
->sem
);
317 upayload
= user_key_payload_locked(ukey
);
318 *master_key
= upayload
->data
;
319 *master_keylen
= upayload
->datalen
;
324 static struct sdesc
*alloc_sdesc(struct crypto_shash
*alg
)
329 size
= sizeof(struct shash_desc
) + crypto_shash_descsize(alg
);
330 sdesc
= kmalloc(size
, GFP_KERNEL
);
332 return ERR_PTR(-ENOMEM
);
333 sdesc
->shash
.tfm
= alg
;
334 sdesc
->shash
.flags
= 0x0;
338 static int calc_hmac(u8
*digest
, const u8
*key
, unsigned int keylen
,
339 const u8
*buf
, unsigned int buflen
)
344 sdesc
= alloc_sdesc(hmacalg
);
346 pr_info("encrypted_key: can't alloc %s\n", hmac_alg
);
347 return PTR_ERR(sdesc
);
350 ret
= crypto_shash_setkey(hmacalg
, key
, keylen
);
352 ret
= crypto_shash_digest(&sdesc
->shash
, buf
, buflen
, digest
);
357 static int calc_hash(u8
*digest
, const u8
*buf
, unsigned int buflen
)
362 sdesc
= alloc_sdesc(hashalg
);
364 pr_info("encrypted_key: can't alloc %s\n", hash_alg
);
365 return PTR_ERR(sdesc
);
368 ret
= crypto_shash_digest(&sdesc
->shash
, buf
, buflen
, digest
);
373 enum derived_key_type
{ ENC_KEY
, AUTH_KEY
};
375 /* Derive authentication/encryption key from trusted key */
376 static int get_derived_key(u8
*derived_key
, enum derived_key_type key_type
,
377 const u8
*master_key
, size_t master_keylen
)
380 unsigned int derived_buf_len
;
383 derived_buf_len
= strlen("AUTH_KEY") + 1 + master_keylen
;
384 if (derived_buf_len
< HASH_SIZE
)
385 derived_buf_len
= HASH_SIZE
;
387 derived_buf
= kzalloc(derived_buf_len
, GFP_KERNEL
);
389 pr_err("encrypted_key: out of memory\n");
393 strcpy(derived_buf
, "AUTH_KEY");
395 strcpy(derived_buf
, "ENC_KEY");
397 memcpy(derived_buf
+ strlen(derived_buf
) + 1, master_key
,
399 ret
= calc_hash(derived_key
, derived_buf
, derived_buf_len
);
404 static struct skcipher_request
*init_skcipher_req(const u8
*key
,
405 unsigned int key_len
)
407 struct skcipher_request
*req
;
408 struct crypto_skcipher
*tfm
;
411 tfm
= crypto_alloc_skcipher(blkcipher_alg
, 0, CRYPTO_ALG_ASYNC
);
413 pr_err("encrypted_key: failed to load %s transform (%ld)\n",
414 blkcipher_alg
, PTR_ERR(tfm
));
415 return ERR_CAST(tfm
);
418 ret
= crypto_skcipher_setkey(tfm
, key
, key_len
);
420 pr_err("encrypted_key: failed to setkey (%d)\n", ret
);
421 crypto_free_skcipher(tfm
);
425 req
= skcipher_request_alloc(tfm
, GFP_KERNEL
);
427 pr_err("encrypted_key: failed to allocate request for %s\n",
429 crypto_free_skcipher(tfm
);
430 return ERR_PTR(-ENOMEM
);
433 skcipher_request_set_callback(req
, 0, NULL
, NULL
);
437 static struct key
*request_master_key(struct encrypted_key_payload
*epayload
,
438 const u8
**master_key
, size_t *master_keylen
)
440 struct key
*mkey
= ERR_PTR(-EINVAL
);
442 if (!strncmp(epayload
->master_desc
, KEY_TRUSTED_PREFIX
,
443 KEY_TRUSTED_PREFIX_LEN
)) {
444 mkey
= request_trusted_key(epayload
->master_desc
+
445 KEY_TRUSTED_PREFIX_LEN
,
446 master_key
, master_keylen
);
447 } else if (!strncmp(epayload
->master_desc
, KEY_USER_PREFIX
,
448 KEY_USER_PREFIX_LEN
)) {
449 mkey
= request_user_key(epayload
->master_desc
+
451 master_key
, master_keylen
);
456 int ret
= PTR_ERR(mkey
);
458 if (ret
== -ENOTSUPP
)
459 pr_info("encrypted_key: key %s not supported",
460 epayload
->master_desc
);
462 pr_info("encrypted_key: key %s not found",
463 epayload
->master_desc
);
467 dump_master_key(*master_key
, *master_keylen
);
472 /* Before returning data to userspace, encrypt decrypted data. */
473 static int derived_key_encrypt(struct encrypted_key_payload
*epayload
,
474 const u8
*derived_key
,
475 unsigned int derived_keylen
)
477 struct scatterlist sg_in
[2];
478 struct scatterlist sg_out
[1];
479 struct crypto_skcipher
*tfm
;
480 struct skcipher_request
*req
;
481 unsigned int encrypted_datalen
;
482 u8 iv
[AES_BLOCK_SIZE
];
487 encrypted_datalen
= roundup(epayload
->decrypted_datalen
, blksize
);
488 padlen
= encrypted_datalen
- epayload
->decrypted_datalen
;
490 req
= init_skcipher_req(derived_key
, derived_keylen
);
494 dump_decrypted_data(epayload
);
496 memset(pad
, 0, sizeof pad
);
497 sg_init_table(sg_in
, 2);
498 sg_set_buf(&sg_in
[0], epayload
->decrypted_data
,
499 epayload
->decrypted_datalen
);
500 sg_set_buf(&sg_in
[1], pad
, padlen
);
502 sg_init_table(sg_out
, 1);
503 sg_set_buf(sg_out
, epayload
->encrypted_data
, encrypted_datalen
);
505 memcpy(iv
, epayload
->iv
, sizeof(iv
));
506 skcipher_request_set_crypt(req
, sg_in
, sg_out
, encrypted_datalen
, iv
);
507 ret
= crypto_skcipher_encrypt(req
);
508 tfm
= crypto_skcipher_reqtfm(req
);
509 skcipher_request_free(req
);
510 crypto_free_skcipher(tfm
);
512 pr_err("encrypted_key: failed to encrypt (%d)\n", ret
);
514 dump_encrypted_data(epayload
, encrypted_datalen
);
519 static int datablob_hmac_append(struct encrypted_key_payload
*epayload
,
520 const u8
*master_key
, size_t master_keylen
)
522 u8 derived_key
[HASH_SIZE
];
526 ret
= get_derived_key(derived_key
, AUTH_KEY
, master_key
, master_keylen
);
530 digest
= epayload
->format
+ epayload
->datablob_len
;
531 ret
= calc_hmac(digest
, derived_key
, sizeof derived_key
,
532 epayload
->format
, epayload
->datablob_len
);
534 dump_hmac(NULL
, digest
, HASH_SIZE
);
539 /* verify HMAC before decrypting encrypted key */
540 static int datablob_hmac_verify(struct encrypted_key_payload
*epayload
,
541 const u8
*format
, const u8
*master_key
,
542 size_t master_keylen
)
544 u8 derived_key
[HASH_SIZE
];
545 u8 digest
[HASH_SIZE
];
550 ret
= get_derived_key(derived_key
, AUTH_KEY
, master_key
, master_keylen
);
554 len
= epayload
->datablob_len
;
556 p
= epayload
->master_desc
;
557 len
-= strlen(epayload
->format
) + 1;
559 p
= epayload
->format
;
561 ret
= calc_hmac(digest
, derived_key
, sizeof derived_key
, p
, len
);
564 ret
= memcmp(digest
, epayload
->format
+ epayload
->datablob_len
,
568 dump_hmac("datablob",
569 epayload
->format
+ epayload
->datablob_len
,
571 dump_hmac("calc", digest
, HASH_SIZE
);
577 static int derived_key_decrypt(struct encrypted_key_payload
*epayload
,
578 const u8
*derived_key
,
579 unsigned int derived_keylen
)
581 struct scatterlist sg_in
[1];
582 struct scatterlist sg_out
[2];
583 struct crypto_skcipher
*tfm
;
584 struct skcipher_request
*req
;
585 unsigned int encrypted_datalen
;
586 u8 iv
[AES_BLOCK_SIZE
];
590 encrypted_datalen
= roundup(epayload
->decrypted_datalen
, blksize
);
591 req
= init_skcipher_req(derived_key
, derived_keylen
);
595 dump_encrypted_data(epayload
, encrypted_datalen
);
597 memset(pad
, 0, sizeof pad
);
598 sg_init_table(sg_in
, 1);
599 sg_init_table(sg_out
, 2);
600 sg_set_buf(sg_in
, epayload
->encrypted_data
, encrypted_datalen
);
601 sg_set_buf(&sg_out
[0], epayload
->decrypted_data
,
602 epayload
->decrypted_datalen
);
603 sg_set_buf(&sg_out
[1], pad
, sizeof pad
);
605 memcpy(iv
, epayload
->iv
, sizeof(iv
));
606 skcipher_request_set_crypt(req
, sg_in
, sg_out
, encrypted_datalen
, iv
);
607 ret
= crypto_skcipher_decrypt(req
);
608 tfm
= crypto_skcipher_reqtfm(req
);
609 skcipher_request_free(req
);
610 crypto_free_skcipher(tfm
);
613 dump_decrypted_data(epayload
);
618 /* Allocate memory for decrypted key and datablob. */
619 static struct encrypted_key_payload
*encrypted_key_alloc(struct key
*key
,
621 const char *master_desc
,
624 struct encrypted_key_payload
*epayload
= NULL
;
625 unsigned short datablob_len
;
626 unsigned short decrypted_datalen
;
627 unsigned short payload_datalen
;
628 unsigned int encrypted_datalen
;
629 unsigned int format_len
;
633 ret
= kstrtol(datalen
, 10, &dlen
);
634 if (ret
< 0 || dlen
< MIN_DATA_SIZE
|| dlen
> MAX_DATA_SIZE
)
635 return ERR_PTR(-EINVAL
);
637 format_len
= (!format
) ? strlen(key_format_default
) : strlen(format
);
638 decrypted_datalen
= dlen
;
639 payload_datalen
= decrypted_datalen
;
640 if (format
&& !strcmp(format
, key_format_ecryptfs
)) {
641 if (dlen
!= ECRYPTFS_MAX_KEY_BYTES
) {
642 pr_err("encrypted_key: keylen for the ecryptfs format "
643 "must be equal to %d bytes\n",
644 ECRYPTFS_MAX_KEY_BYTES
);
645 return ERR_PTR(-EINVAL
);
647 decrypted_datalen
= ECRYPTFS_MAX_KEY_BYTES
;
648 payload_datalen
= sizeof(struct ecryptfs_auth_tok
);
651 encrypted_datalen
= roundup(decrypted_datalen
, blksize
);
653 datablob_len
= format_len
+ 1 + strlen(master_desc
) + 1
654 + strlen(datalen
) + 1 + ivsize
+ 1 + encrypted_datalen
;
656 ret
= key_payload_reserve(key
, payload_datalen
+ datablob_len
661 epayload
= kzalloc(sizeof(*epayload
) + payload_datalen
+
662 datablob_len
+ HASH_SIZE
+ 1, GFP_KERNEL
);
664 return ERR_PTR(-ENOMEM
);
666 epayload
->payload_datalen
= payload_datalen
;
667 epayload
->decrypted_datalen
= decrypted_datalen
;
668 epayload
->datablob_len
= datablob_len
;
672 static int encrypted_key_decrypt(struct encrypted_key_payload
*epayload
,
673 const char *format
, const char *hex_encoded_iv
)
676 u8 derived_key
[HASH_SIZE
];
677 const u8
*master_key
;
679 const char *hex_encoded_data
;
680 unsigned int encrypted_datalen
;
681 size_t master_keylen
;
685 encrypted_datalen
= roundup(epayload
->decrypted_datalen
, blksize
);
686 asciilen
= (ivsize
+ 1 + encrypted_datalen
+ HASH_SIZE
) * 2;
687 if (strlen(hex_encoded_iv
) != asciilen
)
690 hex_encoded_data
= hex_encoded_iv
+ (2 * ivsize
) + 2;
691 ret
= hex2bin(epayload
->iv
, hex_encoded_iv
, ivsize
);
694 ret
= hex2bin(epayload
->encrypted_data
, hex_encoded_data
,
699 hmac
= epayload
->format
+ epayload
->datablob_len
;
700 ret
= hex2bin(hmac
, hex_encoded_data
+ (encrypted_datalen
* 2),
705 mkey
= request_master_key(epayload
, &master_key
, &master_keylen
);
707 return PTR_ERR(mkey
);
709 ret
= datablob_hmac_verify(epayload
, format
, master_key
, master_keylen
);
711 pr_err("encrypted_key: bad hmac (%d)\n", ret
);
715 ret
= get_derived_key(derived_key
, ENC_KEY
, master_key
, master_keylen
);
719 ret
= derived_key_decrypt(epayload
, derived_key
, sizeof derived_key
);
721 pr_err("encrypted_key: failed to decrypt key (%d)\n", ret
);
728 static void __ekey_init(struct encrypted_key_payload
*epayload
,
729 const char *format
, const char *master_desc
,
732 unsigned int format_len
;
734 format_len
= (!format
) ? strlen(key_format_default
) : strlen(format
);
735 epayload
->format
= epayload
->payload_data
+ epayload
->payload_datalen
;
736 epayload
->master_desc
= epayload
->format
+ format_len
+ 1;
737 epayload
->datalen
= epayload
->master_desc
+ strlen(master_desc
) + 1;
738 epayload
->iv
= epayload
->datalen
+ strlen(datalen
) + 1;
739 epayload
->encrypted_data
= epayload
->iv
+ ivsize
+ 1;
740 epayload
->decrypted_data
= epayload
->payload_data
;
743 memcpy(epayload
->format
, key_format_default
, format_len
);
745 if (!strcmp(format
, key_format_ecryptfs
))
746 epayload
->decrypted_data
=
747 ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok
*)epayload
->payload_data
);
749 memcpy(epayload
->format
, format
, format_len
);
752 memcpy(epayload
->master_desc
, master_desc
, strlen(master_desc
));
753 memcpy(epayload
->datalen
, datalen
, strlen(datalen
));
757 * encrypted_init - initialize an encrypted key
759 * For a new key, use a random number for both the iv and data
760 * itself. For an old key, decrypt the hex encoded data.
762 static int encrypted_init(struct encrypted_key_payload
*epayload
,
763 const char *key_desc
, const char *format
,
764 const char *master_desc
, const char *datalen
,
765 const char *hex_encoded_iv
)
769 if (format
&& !strcmp(format
, key_format_ecryptfs
)) {
770 ret
= valid_ecryptfs_desc(key_desc
);
774 ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok
*)epayload
->payload_data
,
778 __ekey_init(epayload
, format
, master_desc
, datalen
);
779 if (!hex_encoded_iv
) {
780 get_random_bytes(epayload
->iv
, ivsize
);
782 get_random_bytes(epayload
->decrypted_data
,
783 epayload
->decrypted_datalen
);
785 ret
= encrypted_key_decrypt(epayload
, format
, hex_encoded_iv
);
790 * encrypted_instantiate - instantiate an encrypted key
792 * Decrypt an existing encrypted datablob or create a new encrypted key
793 * based on a kernel random number.
795 * On success, return 0. Otherwise return errno.
797 static int encrypted_instantiate(struct key
*key
,
798 struct key_preparsed_payload
*prep
)
800 struct encrypted_key_payload
*epayload
= NULL
;
801 char *datablob
= NULL
;
802 const char *format
= NULL
;
803 char *master_desc
= NULL
;
804 char *decrypted_datalen
= NULL
;
805 char *hex_encoded_iv
= NULL
;
806 size_t datalen
= prep
->datalen
;
809 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
812 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
815 datablob
[datalen
] = 0;
816 memcpy(datablob
, prep
->data
, datalen
);
817 ret
= datablob_parse(datablob
, &format
, &master_desc
,
818 &decrypted_datalen
, &hex_encoded_iv
);
822 epayload
= encrypted_key_alloc(key
, format
, master_desc
,
824 if (IS_ERR(epayload
)) {
825 ret
= PTR_ERR(epayload
);
828 ret
= encrypted_init(epayload
, key
->description
, format
, master_desc
,
829 decrypted_datalen
, hex_encoded_iv
);
835 rcu_assign_keypointer(key
, epayload
);
841 static void encrypted_rcu_free(struct rcu_head
*rcu
)
843 struct encrypted_key_payload
*epayload
;
845 epayload
= container_of(rcu
, struct encrypted_key_payload
, rcu
);
846 memset(epayload
->decrypted_data
, 0, epayload
->decrypted_datalen
);
851 * encrypted_update - update the master key description
853 * Change the master key description for an existing encrypted key.
854 * The next read will return an encrypted datablob using the new
855 * master key description.
857 * On success, return 0. Otherwise return errno.
859 static int encrypted_update(struct key
*key
, struct key_preparsed_payload
*prep
)
861 struct encrypted_key_payload
*epayload
= key
->payload
.data
[0];
862 struct encrypted_key_payload
*new_epayload
;
864 char *new_master_desc
= NULL
;
865 const char *format
= NULL
;
866 size_t datalen
= prep
->datalen
;
869 if (test_bit(KEY_FLAG_NEGATIVE
, &key
->flags
))
871 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
874 buf
= kmalloc(datalen
+ 1, GFP_KERNEL
);
879 memcpy(buf
, prep
->data
, datalen
);
880 ret
= datablob_parse(buf
, &format
, &new_master_desc
, NULL
, NULL
);
884 ret
= valid_master_desc(new_master_desc
, epayload
->master_desc
);
888 new_epayload
= encrypted_key_alloc(key
, epayload
->format
,
889 new_master_desc
, epayload
->datalen
);
890 if (IS_ERR(new_epayload
)) {
891 ret
= PTR_ERR(new_epayload
);
895 __ekey_init(new_epayload
, epayload
->format
, new_master_desc
,
898 memcpy(new_epayload
->iv
, epayload
->iv
, ivsize
);
899 memcpy(new_epayload
->payload_data
, epayload
->payload_data
,
900 epayload
->payload_datalen
);
902 rcu_assign_keypointer(key
, new_epayload
);
903 call_rcu(&epayload
->rcu
, encrypted_rcu_free
);
910 * encrypted_read - format and copy the encrypted data to userspace
912 * The resulting datablob format is:
913 * <master-key name> <decrypted data length> <encrypted iv> <encrypted data>
915 * On success, return to userspace the encrypted key datablob size.
917 static long encrypted_read(const struct key
*key
, char __user
*buffer
,
920 struct encrypted_key_payload
*epayload
;
922 const u8
*master_key
;
923 size_t master_keylen
;
924 char derived_key
[HASH_SIZE
];
926 size_t asciiblob_len
;
929 epayload
= dereference_key_locked(key
);
931 /* returns the hex encoded iv, encrypted-data, and hmac as ascii */
932 asciiblob_len
= epayload
->datablob_len
+ ivsize
+ 1
933 + roundup(epayload
->decrypted_datalen
, blksize
)
936 if (!buffer
|| buflen
< asciiblob_len
)
937 return asciiblob_len
;
939 mkey
= request_master_key(epayload
, &master_key
, &master_keylen
);
941 return PTR_ERR(mkey
);
943 ret
= get_derived_key(derived_key
, ENC_KEY
, master_key
, master_keylen
);
947 ret
= derived_key_encrypt(epayload
, derived_key
, sizeof derived_key
);
951 ret
= datablob_hmac_append(epayload
, master_key
, master_keylen
);
955 ascii_buf
= datablob_format(epayload
, asciiblob_len
);
964 if (copy_to_user(buffer
, ascii_buf
, asciiblob_len
) != 0)
968 return asciiblob_len
;
976 * encrypted_destroy - before freeing the key, clear the decrypted data
978 * Before freeing the key, clear the memory containing the decrypted
981 static void encrypted_destroy(struct key
*key
)
983 struct encrypted_key_payload
*epayload
= key
->payload
.data
[0];
988 memzero_explicit(epayload
->decrypted_data
, epayload
->decrypted_datalen
);
989 kfree(key
->payload
.data
[0]);
992 struct key_type key_type_encrypted
= {
994 .instantiate
= encrypted_instantiate
,
995 .update
= encrypted_update
,
996 .destroy
= encrypted_destroy
,
997 .describe
= user_describe
,
998 .read
= encrypted_read
,
1000 EXPORT_SYMBOL_GPL(key_type_encrypted
);
1002 static void encrypted_shash_release(void)
1005 crypto_free_shash(hashalg
);
1007 crypto_free_shash(hmacalg
);
1010 static int __init
encrypted_shash_alloc(void)
1014 hmacalg
= crypto_alloc_shash(hmac_alg
, 0, CRYPTO_ALG_ASYNC
);
1015 if (IS_ERR(hmacalg
)) {
1016 pr_info("encrypted_key: could not allocate crypto %s\n",
1018 return PTR_ERR(hmacalg
);
1021 hashalg
= crypto_alloc_shash(hash_alg
, 0, CRYPTO_ALG_ASYNC
);
1022 if (IS_ERR(hashalg
)) {
1023 pr_info("encrypted_key: could not allocate crypto %s\n",
1025 ret
= PTR_ERR(hashalg
);
1032 crypto_free_shash(hmacalg
);
1036 static int __init
init_encrypted(void)
1040 ret
= encrypted_shash_alloc();
1043 ret
= aes_get_sizes();
1046 ret
= register_key_type(&key_type_encrypted
);
1051 encrypted_shash_release();
1056 static void __exit
cleanup_encrypted(void)
1058 encrypted_shash_release();
1059 unregister_key_type(&key_type_encrypted
);
1062 late_initcall(init_encrypted
);
1063 module_exit(cleanup_encrypted
);
1065 MODULE_LICENSE("GPL");