2 * Copyright (C) 2010 IBM Corporation
3 * Copyright (C) 2010 Politecnico di Torino, Italy
4 * TORSEC group -- http://security.polito.it
7 * Mimi Zohar <zohar@us.ibm.com>
8 * Roberto Sassu <roberto.sassu@polito.it>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation, version 2 of the License.
14 * See Documentation/security/keys-trusted-encrypted.txt
17 #include <linux/uaccess.h>
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/slab.h>
21 #include <linux/parser.h>
22 #include <linux/string.h>
23 #include <linux/err.h>
24 #include <keys/user-type.h>
25 #include <keys/trusted-type.h>
26 #include <keys/encrypted-type.h>
27 #include <linux/key-type.h>
28 #include <linux/random.h>
29 #include <linux/rcupdate.h>
30 #include <linux/scatterlist.h>
31 #include <linux/ctype.h>
32 #include <crypto/hash.h>
33 #include <crypto/sha.h>
34 #include <crypto/skcipher.h>
36 #include "encrypted.h"
37 #include "ecryptfs_format.h"
39 static const char KEY_TRUSTED_PREFIX
[] = "trusted:";
40 static const char KEY_USER_PREFIX
[] = "user:";
41 static const char hash_alg
[] = "sha256";
42 static const char hmac_alg
[] = "hmac(sha256)";
43 static const char blkcipher_alg
[] = "cbc(aes)";
44 static const char key_format_default
[] = "default";
45 static const char key_format_ecryptfs
[] = "ecryptfs";
46 static unsigned int ivsize
;
49 #define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
50 #define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
51 #define KEY_ECRYPTFS_DESC_LEN 16
52 #define HASH_SIZE SHA256_DIGEST_SIZE
53 #define MAX_DATA_SIZE 4096
54 #define MIN_DATA_SIZE 20
57 struct shash_desc shash
;
61 static struct crypto_shash
*hashalg
;
62 static struct crypto_shash
*hmacalg
;
65 Opt_err
= -1, Opt_new
, Opt_load
, Opt_update
69 Opt_error
= -1, Opt_default
, Opt_ecryptfs
72 static const match_table_t key_format_tokens
= {
73 {Opt_default
, "default"},
74 {Opt_ecryptfs
, "ecryptfs"},
78 static const match_table_t key_tokens
= {
81 {Opt_update
, "update"},
85 static int aes_get_sizes(void)
87 struct crypto_skcipher
*tfm
;
89 tfm
= crypto_alloc_skcipher(blkcipher_alg
, 0, CRYPTO_ALG_ASYNC
);
91 pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
95 ivsize
= crypto_skcipher_ivsize(tfm
);
96 blksize
= crypto_skcipher_blocksize(tfm
);
97 crypto_free_skcipher(tfm
);
102 * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
104 * The description of a encrypted key with format 'ecryptfs' must contain
105 * exactly 16 hexadecimal characters.
108 static int valid_ecryptfs_desc(const char *ecryptfs_desc
)
112 if (strlen(ecryptfs_desc
) != KEY_ECRYPTFS_DESC_LEN
) {
113 pr_err("encrypted_key: key description must be %d hexadecimal "
114 "characters long\n", KEY_ECRYPTFS_DESC_LEN
);
118 for (i
= 0; i
< KEY_ECRYPTFS_DESC_LEN
; i
++) {
119 if (!isxdigit(ecryptfs_desc
[i
])) {
120 pr_err("encrypted_key: key description must contain "
121 "only hexadecimal characters\n");
130 * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key
132 * key-type:= "trusted:" | "user:"
133 * desc:= master-key description
135 * Verify that 'key-type' is valid and that 'desc' exists. On key update,
136 * only the master key description is permitted to change, not the key-type.
137 * The key-type remains constant.
139 * On success returns 0, otherwise -EINVAL.
141 static int valid_master_desc(const char *new_desc
, const char *orig_desc
)
143 if (!memcmp(new_desc
, KEY_TRUSTED_PREFIX
, KEY_TRUSTED_PREFIX_LEN
)) {
144 if (strlen(new_desc
) == KEY_TRUSTED_PREFIX_LEN
)
147 if (memcmp(new_desc
, orig_desc
, KEY_TRUSTED_PREFIX_LEN
))
149 } else if (!memcmp(new_desc
, KEY_USER_PREFIX
, KEY_USER_PREFIX_LEN
)) {
150 if (strlen(new_desc
) == KEY_USER_PREFIX_LEN
)
153 if (memcmp(new_desc
, orig_desc
, KEY_USER_PREFIX_LEN
))
163 * datablob_parse - parse the keyctl data
166 * new [<format>] <master-key name> <decrypted data length>
167 * load [<format>] <master-key name> <decrypted data length>
168 * <encrypted iv + data>
169 * update <new-master-key name>
171 * Tokenizes a copy of the keyctl data, returning a pointer to each token,
172 * which is null terminated.
174 * On success returns 0, otherwise -EINVAL.
176 static int datablob_parse(char *datablob
, const char **format
,
177 char **master_desc
, char **decrypted_datalen
,
178 char **hex_encoded_iv
)
180 substring_t args
[MAX_OPT_ARGS
];
186 keyword
= strsep(&datablob
, " \t");
188 pr_info("encrypted_key: insufficient parameters specified\n");
191 key_cmd
= match_token(keyword
, key_tokens
, args
);
193 /* Get optional format: default | ecryptfs */
194 p
= strsep(&datablob
, " \t");
196 pr_err("encrypted_key: insufficient parameters specified\n");
200 key_format
= match_token(p
, key_format_tokens
, args
);
201 switch (key_format
) {
205 *master_desc
= strsep(&datablob
, " \t");
213 pr_info("encrypted_key: master key parameter is missing\n");
217 if (valid_master_desc(*master_desc
, NULL
) < 0) {
218 pr_info("encrypted_key: master key parameter \'%s\' "
219 "is invalid\n", *master_desc
);
223 if (decrypted_datalen
) {
224 *decrypted_datalen
= strsep(&datablob
, " \t");
225 if (!*decrypted_datalen
) {
226 pr_info("encrypted_key: keylen parameter is missing\n");
233 if (!decrypted_datalen
) {
234 pr_info("encrypted_key: keyword \'%s\' not allowed "
235 "when called from .update method\n", keyword
);
241 if (!decrypted_datalen
) {
242 pr_info("encrypted_key: keyword \'%s\' not allowed "
243 "when called from .update method\n", keyword
);
246 *hex_encoded_iv
= strsep(&datablob
, " \t");
247 if (!*hex_encoded_iv
) {
248 pr_info("encrypted_key: hex blob is missing\n");
254 if (decrypted_datalen
) {
255 pr_info("encrypted_key: keyword \'%s\' not allowed "
256 "when called from .instantiate method\n",
263 pr_info("encrypted_key: keyword \'%s\' not recognized\n",
272 * datablob_format - format as an ascii string, before copying to userspace
274 static char *datablob_format(struct encrypted_key_payload
*epayload
,
275 size_t asciiblob_len
)
277 char *ascii_buf
, *bufp
;
278 u8
*iv
= epayload
->iv
;
282 ascii_buf
= kmalloc(asciiblob_len
+ 1, GFP_KERNEL
);
286 ascii_buf
[asciiblob_len
] = '\0';
288 /* copy datablob master_desc and datalen strings */
289 len
= sprintf(ascii_buf
, "%s %s %s ", epayload
->format
,
290 epayload
->master_desc
, epayload
->datalen
);
292 /* convert the hex encoded iv, encrypted-data and HMAC to ascii */
293 bufp
= &ascii_buf
[len
];
294 for (i
= 0; i
< (asciiblob_len
- len
) / 2; i
++)
295 bufp
= hex_byte_pack(bufp
, iv
[i
]);
301 * request_user_key - request the user key
303 * Use a user provided key to encrypt/decrypt an encrypted-key.
305 static struct key
*request_user_key(const char *master_desc
, const u8
**master_key
,
306 size_t *master_keylen
)
308 const struct user_key_payload
*upayload
;
311 ukey
= request_key(&key_type_user
, master_desc
, NULL
);
315 down_read(&ukey
->sem
);
316 upayload
= user_key_payload(ukey
);
317 *master_key
= upayload
->data
;
318 *master_keylen
= upayload
->datalen
;
323 static struct sdesc
*alloc_sdesc(struct crypto_shash
*alg
)
328 size
= sizeof(struct shash_desc
) + crypto_shash_descsize(alg
);
329 sdesc
= kmalloc(size
, GFP_KERNEL
);
331 return ERR_PTR(-ENOMEM
);
332 sdesc
->shash
.tfm
= alg
;
333 sdesc
->shash
.flags
= 0x0;
337 static int calc_hmac(u8
*digest
, const u8
*key
, unsigned int keylen
,
338 const u8
*buf
, unsigned int buflen
)
343 sdesc
= alloc_sdesc(hmacalg
);
345 pr_info("encrypted_key: can't alloc %s\n", hmac_alg
);
346 return PTR_ERR(sdesc
);
349 ret
= crypto_shash_setkey(hmacalg
, key
, keylen
);
351 ret
= crypto_shash_digest(&sdesc
->shash
, buf
, buflen
, digest
);
356 static int calc_hash(u8
*digest
, const u8
*buf
, unsigned int buflen
)
361 sdesc
= alloc_sdesc(hashalg
);
363 pr_info("encrypted_key: can't alloc %s\n", hash_alg
);
364 return PTR_ERR(sdesc
);
367 ret
= crypto_shash_digest(&sdesc
->shash
, buf
, buflen
, digest
);
372 enum derived_key_type
{ ENC_KEY
, AUTH_KEY
};
374 /* Derive authentication/encryption key from trusted key */
375 static int get_derived_key(u8
*derived_key
, enum derived_key_type key_type
,
376 const u8
*master_key
, size_t master_keylen
)
379 unsigned int derived_buf_len
;
382 derived_buf_len
= strlen("AUTH_KEY") + 1 + master_keylen
;
383 if (derived_buf_len
< HASH_SIZE
)
384 derived_buf_len
= HASH_SIZE
;
386 derived_buf
= kzalloc(derived_buf_len
, GFP_KERNEL
);
388 pr_err("encrypted_key: out of memory\n");
392 strcpy(derived_buf
, "AUTH_KEY");
394 strcpy(derived_buf
, "ENC_KEY");
396 memcpy(derived_buf
+ strlen(derived_buf
) + 1, master_key
,
398 ret
= calc_hash(derived_key
, derived_buf
, derived_buf_len
);
403 static struct skcipher_request
*init_skcipher_req(const u8
*key
,
404 unsigned int key_len
)
406 struct skcipher_request
*req
;
407 struct crypto_skcipher
*tfm
;
410 tfm
= crypto_alloc_skcipher(blkcipher_alg
, 0, CRYPTO_ALG_ASYNC
);
412 pr_err("encrypted_key: failed to load %s transform (%ld)\n",
413 blkcipher_alg
, PTR_ERR(tfm
));
414 return ERR_CAST(tfm
);
417 ret
= crypto_skcipher_setkey(tfm
, key
, key_len
);
419 pr_err("encrypted_key: failed to setkey (%d)\n", ret
);
420 crypto_free_skcipher(tfm
);
424 req
= skcipher_request_alloc(tfm
, GFP_KERNEL
);
426 pr_err("encrypted_key: failed to allocate request for %s\n",
428 crypto_free_skcipher(tfm
);
429 return ERR_PTR(-ENOMEM
);
432 skcipher_request_set_callback(req
, 0, NULL
, NULL
);
436 static struct key
*request_master_key(struct encrypted_key_payload
*epayload
,
437 const u8
**master_key
, size_t *master_keylen
)
439 struct key
*mkey
= NULL
;
441 if (!strncmp(epayload
->master_desc
, KEY_TRUSTED_PREFIX
,
442 KEY_TRUSTED_PREFIX_LEN
)) {
443 mkey
= request_trusted_key(epayload
->master_desc
+
444 KEY_TRUSTED_PREFIX_LEN
,
445 master_key
, master_keylen
);
446 } else if (!strncmp(epayload
->master_desc
, KEY_USER_PREFIX
,
447 KEY_USER_PREFIX_LEN
)) {
448 mkey
= request_user_key(epayload
->master_desc
+
450 master_key
, master_keylen
);
455 int ret
= PTR_ERR(mkey
);
457 if (ret
== -ENOTSUPP
)
458 pr_info("encrypted_key: key %s not supported",
459 epayload
->master_desc
);
461 pr_info("encrypted_key: key %s not found",
462 epayload
->master_desc
);
466 dump_master_key(*master_key
, *master_keylen
);
471 /* Before returning data to userspace, encrypt decrypted data. */
472 static int derived_key_encrypt(struct encrypted_key_payload
*epayload
,
473 const u8
*derived_key
,
474 unsigned int derived_keylen
)
476 struct scatterlist sg_in
[2];
477 struct scatterlist sg_out
[1];
478 struct crypto_skcipher
*tfm
;
479 struct skcipher_request
*req
;
480 unsigned int encrypted_datalen
;
485 encrypted_datalen
= roundup(epayload
->decrypted_datalen
, blksize
);
486 padlen
= encrypted_datalen
- epayload
->decrypted_datalen
;
488 req
= init_skcipher_req(derived_key
, derived_keylen
);
492 dump_decrypted_data(epayload
);
494 memset(pad
, 0, sizeof pad
);
495 sg_init_table(sg_in
, 2);
496 sg_set_buf(&sg_in
[0], epayload
->decrypted_data
,
497 epayload
->decrypted_datalen
);
498 sg_set_buf(&sg_in
[1], pad
, padlen
);
500 sg_init_table(sg_out
, 1);
501 sg_set_buf(sg_out
, epayload
->encrypted_data
, encrypted_datalen
);
503 skcipher_request_set_crypt(req
, sg_in
, sg_out
, encrypted_datalen
,
505 ret
= crypto_skcipher_encrypt(req
);
506 tfm
= crypto_skcipher_reqtfm(req
);
507 skcipher_request_free(req
);
508 crypto_free_skcipher(tfm
);
510 pr_err("encrypted_key: failed to encrypt (%d)\n", ret
);
512 dump_encrypted_data(epayload
, encrypted_datalen
);
517 static int datablob_hmac_append(struct encrypted_key_payload
*epayload
,
518 const u8
*master_key
, size_t master_keylen
)
520 u8 derived_key
[HASH_SIZE
];
524 ret
= get_derived_key(derived_key
, AUTH_KEY
, master_key
, master_keylen
);
528 digest
= epayload
->format
+ epayload
->datablob_len
;
529 ret
= calc_hmac(digest
, derived_key
, sizeof derived_key
,
530 epayload
->format
, epayload
->datablob_len
);
532 dump_hmac(NULL
, digest
, HASH_SIZE
);
537 /* verify HMAC before decrypting encrypted key */
538 static int datablob_hmac_verify(struct encrypted_key_payload
*epayload
,
539 const u8
*format
, const u8
*master_key
,
540 size_t master_keylen
)
542 u8 derived_key
[HASH_SIZE
];
543 u8 digest
[HASH_SIZE
];
548 ret
= get_derived_key(derived_key
, AUTH_KEY
, master_key
, master_keylen
);
552 len
= epayload
->datablob_len
;
554 p
= epayload
->master_desc
;
555 len
-= strlen(epayload
->format
) + 1;
557 p
= epayload
->format
;
559 ret
= calc_hmac(digest
, derived_key
, sizeof derived_key
, p
, len
);
562 ret
= memcmp(digest
, epayload
->format
+ epayload
->datablob_len
,
566 dump_hmac("datablob",
567 epayload
->format
+ epayload
->datablob_len
,
569 dump_hmac("calc", digest
, HASH_SIZE
);
575 static int derived_key_decrypt(struct encrypted_key_payload
*epayload
,
576 const u8
*derived_key
,
577 unsigned int derived_keylen
)
579 struct scatterlist sg_in
[1];
580 struct scatterlist sg_out
[2];
581 struct crypto_skcipher
*tfm
;
582 struct skcipher_request
*req
;
583 unsigned int encrypted_datalen
;
587 encrypted_datalen
= roundup(epayload
->decrypted_datalen
, blksize
);
588 req
= init_skcipher_req(derived_key
, derived_keylen
);
592 dump_encrypted_data(epayload
, encrypted_datalen
);
594 memset(pad
, 0, sizeof pad
);
595 sg_init_table(sg_in
, 1);
596 sg_init_table(sg_out
, 2);
597 sg_set_buf(sg_in
, epayload
->encrypted_data
, encrypted_datalen
);
598 sg_set_buf(&sg_out
[0], epayload
->decrypted_data
,
599 epayload
->decrypted_datalen
);
600 sg_set_buf(&sg_out
[1], pad
, sizeof pad
);
602 skcipher_request_set_crypt(req
, sg_in
, sg_out
, encrypted_datalen
,
604 ret
= crypto_skcipher_decrypt(req
);
605 tfm
= crypto_skcipher_reqtfm(req
);
606 skcipher_request_free(req
);
607 crypto_free_skcipher(tfm
);
610 dump_decrypted_data(epayload
);
615 /* Allocate memory for decrypted key and datablob. */
616 static struct encrypted_key_payload
*encrypted_key_alloc(struct key
*key
,
618 const char *master_desc
,
621 struct encrypted_key_payload
*epayload
= NULL
;
622 unsigned short datablob_len
;
623 unsigned short decrypted_datalen
;
624 unsigned short payload_datalen
;
625 unsigned int encrypted_datalen
;
626 unsigned int format_len
;
630 ret
= kstrtol(datalen
, 10, &dlen
);
631 if (ret
< 0 || dlen
< MIN_DATA_SIZE
|| dlen
> MAX_DATA_SIZE
)
632 return ERR_PTR(-EINVAL
);
634 format_len
= (!format
) ? strlen(key_format_default
) : strlen(format
);
635 decrypted_datalen
= dlen
;
636 payload_datalen
= decrypted_datalen
;
637 if (format
&& !strcmp(format
, key_format_ecryptfs
)) {
638 if (dlen
!= ECRYPTFS_MAX_KEY_BYTES
) {
639 pr_err("encrypted_key: keylen for the ecryptfs format "
640 "must be equal to %d bytes\n",
641 ECRYPTFS_MAX_KEY_BYTES
);
642 return ERR_PTR(-EINVAL
);
644 decrypted_datalen
= ECRYPTFS_MAX_KEY_BYTES
;
645 payload_datalen
= sizeof(struct ecryptfs_auth_tok
);
648 encrypted_datalen
= roundup(decrypted_datalen
, blksize
);
650 datablob_len
= format_len
+ 1 + strlen(master_desc
) + 1
651 + strlen(datalen
) + 1 + ivsize
+ 1 + encrypted_datalen
;
653 ret
= key_payload_reserve(key
, payload_datalen
+ datablob_len
658 epayload
= kzalloc(sizeof(*epayload
) + payload_datalen
+
659 datablob_len
+ HASH_SIZE
+ 1, GFP_KERNEL
);
661 return ERR_PTR(-ENOMEM
);
663 epayload
->payload_datalen
= payload_datalen
;
664 epayload
->decrypted_datalen
= decrypted_datalen
;
665 epayload
->datablob_len
= datablob_len
;
669 static int encrypted_key_decrypt(struct encrypted_key_payload
*epayload
,
670 const char *format
, const char *hex_encoded_iv
)
673 u8 derived_key
[HASH_SIZE
];
674 const u8
*master_key
;
676 const char *hex_encoded_data
;
677 unsigned int encrypted_datalen
;
678 size_t master_keylen
;
682 encrypted_datalen
= roundup(epayload
->decrypted_datalen
, blksize
);
683 asciilen
= (ivsize
+ 1 + encrypted_datalen
+ HASH_SIZE
) * 2;
684 if (strlen(hex_encoded_iv
) != asciilen
)
687 hex_encoded_data
= hex_encoded_iv
+ (2 * ivsize
) + 2;
688 ret
= hex2bin(epayload
->iv
, hex_encoded_iv
, ivsize
);
691 ret
= hex2bin(epayload
->encrypted_data
, hex_encoded_data
,
696 hmac
= epayload
->format
+ epayload
->datablob_len
;
697 ret
= hex2bin(hmac
, hex_encoded_data
+ (encrypted_datalen
* 2),
702 mkey
= request_master_key(epayload
, &master_key
, &master_keylen
);
704 return PTR_ERR(mkey
);
706 ret
= datablob_hmac_verify(epayload
, format
, master_key
, master_keylen
);
708 pr_err("encrypted_key: bad hmac (%d)\n", ret
);
712 ret
= get_derived_key(derived_key
, ENC_KEY
, master_key
, master_keylen
);
716 ret
= derived_key_decrypt(epayload
, derived_key
, sizeof derived_key
);
718 pr_err("encrypted_key: failed to decrypt key (%d)\n", ret
);
725 static void __ekey_init(struct encrypted_key_payload
*epayload
,
726 const char *format
, const char *master_desc
,
729 unsigned int format_len
;
731 format_len
= (!format
) ? strlen(key_format_default
) : strlen(format
);
732 epayload
->format
= epayload
->payload_data
+ epayload
->payload_datalen
;
733 epayload
->master_desc
= epayload
->format
+ format_len
+ 1;
734 epayload
->datalen
= epayload
->master_desc
+ strlen(master_desc
) + 1;
735 epayload
->iv
= epayload
->datalen
+ strlen(datalen
) + 1;
736 epayload
->encrypted_data
= epayload
->iv
+ ivsize
+ 1;
737 epayload
->decrypted_data
= epayload
->payload_data
;
740 memcpy(epayload
->format
, key_format_default
, format_len
);
742 if (!strcmp(format
, key_format_ecryptfs
))
743 epayload
->decrypted_data
=
744 ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok
*)epayload
->payload_data
);
746 memcpy(epayload
->format
, format
, format_len
);
749 memcpy(epayload
->master_desc
, master_desc
, strlen(master_desc
));
750 memcpy(epayload
->datalen
, datalen
, strlen(datalen
));
754 * encrypted_init - initialize an encrypted key
756 * For a new key, use a random number for both the iv and data
757 * itself. For an old key, decrypt the hex encoded data.
759 static int encrypted_init(struct encrypted_key_payload
*epayload
,
760 const char *key_desc
, const char *format
,
761 const char *master_desc
, const char *datalen
,
762 const char *hex_encoded_iv
)
766 if (format
&& !strcmp(format
, key_format_ecryptfs
)) {
767 ret
= valid_ecryptfs_desc(key_desc
);
771 ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok
*)epayload
->payload_data
,
775 __ekey_init(epayload
, format
, master_desc
, datalen
);
776 if (!hex_encoded_iv
) {
777 get_random_bytes(epayload
->iv
, ivsize
);
779 get_random_bytes(epayload
->decrypted_data
,
780 epayload
->decrypted_datalen
);
782 ret
= encrypted_key_decrypt(epayload
, format
, hex_encoded_iv
);
787 * encrypted_instantiate - instantiate an encrypted key
789 * Decrypt an existing encrypted datablob or create a new encrypted key
790 * based on a kernel random number.
792 * On success, return 0. Otherwise return errno.
794 static int encrypted_instantiate(struct key
*key
,
795 struct key_preparsed_payload
*prep
)
797 struct encrypted_key_payload
*epayload
= NULL
;
798 char *datablob
= NULL
;
799 const char *format
= NULL
;
800 char *master_desc
= NULL
;
801 char *decrypted_datalen
= NULL
;
802 char *hex_encoded_iv
= NULL
;
803 size_t datalen
= prep
->datalen
;
806 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
809 datablob
= kmalloc(datalen
+ 1, GFP_KERNEL
);
812 datablob
[datalen
] = 0;
813 memcpy(datablob
, prep
->data
, datalen
);
814 ret
= datablob_parse(datablob
, &format
, &master_desc
,
815 &decrypted_datalen
, &hex_encoded_iv
);
819 epayload
= encrypted_key_alloc(key
, format
, master_desc
,
821 if (IS_ERR(epayload
)) {
822 ret
= PTR_ERR(epayload
);
825 ret
= encrypted_init(epayload
, key
->description
, format
, master_desc
,
826 decrypted_datalen
, hex_encoded_iv
);
832 rcu_assign_keypointer(key
, epayload
);
838 static void encrypted_rcu_free(struct rcu_head
*rcu
)
840 struct encrypted_key_payload
*epayload
;
842 epayload
= container_of(rcu
, struct encrypted_key_payload
, rcu
);
843 memset(epayload
->decrypted_data
, 0, epayload
->decrypted_datalen
);
848 * encrypted_update - update the master key description
850 * Change the master key description for an existing encrypted key.
851 * The next read will return an encrypted datablob using the new
852 * master key description.
854 * On success, return 0. Otherwise return errno.
856 static int encrypted_update(struct key
*key
, struct key_preparsed_payload
*prep
)
858 struct encrypted_key_payload
*epayload
= key
->payload
.data
[0];
859 struct encrypted_key_payload
*new_epayload
;
861 char *new_master_desc
= NULL
;
862 const char *format
= NULL
;
863 size_t datalen
= prep
->datalen
;
866 if (test_bit(KEY_FLAG_NEGATIVE
, &key
->flags
))
868 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
871 buf
= kmalloc(datalen
+ 1, GFP_KERNEL
);
876 memcpy(buf
, prep
->data
, datalen
);
877 ret
= datablob_parse(buf
, &format
, &new_master_desc
, NULL
, NULL
);
881 ret
= valid_master_desc(new_master_desc
, epayload
->master_desc
);
885 new_epayload
= encrypted_key_alloc(key
, epayload
->format
,
886 new_master_desc
, epayload
->datalen
);
887 if (IS_ERR(new_epayload
)) {
888 ret
= PTR_ERR(new_epayload
);
892 __ekey_init(new_epayload
, epayload
->format
, new_master_desc
,
895 memcpy(new_epayload
->iv
, epayload
->iv
, ivsize
);
896 memcpy(new_epayload
->payload_data
, epayload
->payload_data
,
897 epayload
->payload_datalen
);
899 rcu_assign_keypointer(key
, new_epayload
);
900 call_rcu(&epayload
->rcu
, encrypted_rcu_free
);
907 * encrypted_read - format and copy the encrypted data to userspace
909 * The resulting datablob format is:
910 * <master-key name> <decrypted data length> <encrypted iv> <encrypted data>
912 * On success, return to userspace the encrypted key datablob size.
914 static long encrypted_read(const struct key
*key
, char __user
*buffer
,
917 struct encrypted_key_payload
*epayload
;
919 const u8
*master_key
;
920 size_t master_keylen
;
921 char derived_key
[HASH_SIZE
];
923 size_t asciiblob_len
;
926 epayload
= rcu_dereference_key(key
);
928 /* returns the hex encoded iv, encrypted-data, and hmac as ascii */
929 asciiblob_len
= epayload
->datablob_len
+ ivsize
+ 1
930 + roundup(epayload
->decrypted_datalen
, blksize
)
933 if (!buffer
|| buflen
< asciiblob_len
)
934 return asciiblob_len
;
936 mkey
= request_master_key(epayload
, &master_key
, &master_keylen
);
938 return PTR_ERR(mkey
);
940 ret
= get_derived_key(derived_key
, ENC_KEY
, master_key
, master_keylen
);
944 ret
= derived_key_encrypt(epayload
, derived_key
, sizeof derived_key
);
948 ret
= datablob_hmac_append(epayload
, master_key
, master_keylen
);
952 ascii_buf
= datablob_format(epayload
, asciiblob_len
);
961 if (copy_to_user(buffer
, ascii_buf
, asciiblob_len
) != 0)
965 return asciiblob_len
;
973 * encrypted_destroy - before freeing the key, clear the decrypted data
975 * Before freeing the key, clear the memory containing the decrypted
978 static void encrypted_destroy(struct key
*key
)
980 struct encrypted_key_payload
*epayload
= key
->payload
.data
[0];
985 memset(epayload
->decrypted_data
, 0, epayload
->decrypted_datalen
);
986 kfree(key
->payload
.data
[0]);
989 struct key_type key_type_encrypted
= {
991 .instantiate
= encrypted_instantiate
,
992 .update
= encrypted_update
,
993 .destroy
= encrypted_destroy
,
994 .describe
= user_describe
,
995 .read
= encrypted_read
,
997 EXPORT_SYMBOL_GPL(key_type_encrypted
);
999 static void encrypted_shash_release(void)
1002 crypto_free_shash(hashalg
);
1004 crypto_free_shash(hmacalg
);
1007 static int __init
encrypted_shash_alloc(void)
1011 hmacalg
= crypto_alloc_shash(hmac_alg
, 0, CRYPTO_ALG_ASYNC
);
1012 if (IS_ERR(hmacalg
)) {
1013 pr_info("encrypted_key: could not allocate crypto %s\n",
1015 return PTR_ERR(hmacalg
);
1018 hashalg
= crypto_alloc_shash(hash_alg
, 0, CRYPTO_ALG_ASYNC
);
1019 if (IS_ERR(hashalg
)) {
1020 pr_info("encrypted_key: could not allocate crypto %s\n",
1022 ret
= PTR_ERR(hashalg
);
1029 crypto_free_shash(hmacalg
);
1033 static int __init
init_encrypted(void)
1037 ret
= encrypted_shash_alloc();
1040 ret
= aes_get_sizes();
1043 ret
= register_key_type(&key_type_encrypted
);
1048 encrypted_shash_release();
1053 static void __exit
cleanup_encrypted(void)
1055 encrypted_shash_release();
1056 unregister_key_type(&key_type_encrypted
);
1059 late_initcall(init_encrypted
);
1060 module_exit(cleanup_encrypted
);
1062 MODULE_LICENSE("GPL");