1 // SPDX-License-Identifier: GPL-2.0
3 #include <linux/ceph/ceph_debug.h>
6 #include <linux/scatterlist.h>
7 #include <linux/sched.h>
8 #include <linux/slab.h>
9 #include <crypto/aes.h>
10 #include <crypto/skcipher.h>
11 #include <linux/key-type.h>
12 #include <linux/sched/mm.h>
14 #include <keys/ceph-type.h>
15 #include <keys/user-type.h>
16 #include <linux/ceph/decode.h>
20 * Set ->key and ->tfm. The rest of the key should be filled in before
21 * this function is called.
23 static int set_secret(struct ceph_crypto_key
*key
, void *buf
)
25 unsigned int noio_flag
;
32 case CEPH_CRYPTO_NONE
:
33 return 0; /* nothing to do */
43 key
->key
= kmemdup(buf
, key
->len
, GFP_NOIO
);
49 /* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */
50 noio_flag
= memalloc_noio_save();
51 key
->tfm
= crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);
52 memalloc_noio_restore(noio_flag
);
53 if (IS_ERR(key
->tfm
)) {
54 ret
= PTR_ERR(key
->tfm
);
59 ret
= crypto_sync_skcipher_setkey(key
->tfm
, key
->key
, key
->len
);
66 ceph_crypto_key_destroy(key
);
70 int ceph_crypto_key_clone(struct ceph_crypto_key
*dst
,
71 const struct ceph_crypto_key
*src
)
73 memcpy(dst
, src
, sizeof(struct ceph_crypto_key
));
74 return set_secret(dst
, src
->key
);
77 int ceph_crypto_key_encode(struct ceph_crypto_key
*key
, void **p
, void *end
)
79 if (*p
+ sizeof(u16
) + sizeof(key
->created
) +
80 sizeof(u16
) + key
->len
> end
)
82 ceph_encode_16(p
, key
->type
);
83 ceph_encode_copy(p
, &key
->created
, sizeof(key
->created
));
84 ceph_encode_16(p
, key
->len
);
85 ceph_encode_copy(p
, key
->key
, key
->len
);
89 int ceph_crypto_key_decode(struct ceph_crypto_key
*key
, void **p
, void *end
)
93 ceph_decode_need(p
, end
, 2*sizeof(u16
) + sizeof(key
->created
), bad
);
94 key
->type
= ceph_decode_16(p
);
95 ceph_decode_copy(p
, &key
->created
, sizeof(key
->created
));
96 key
->len
= ceph_decode_16(p
);
97 ceph_decode_need(p
, end
, key
->len
, bad
);
98 ret
= set_secret(key
, *p
);
99 memzero_explicit(*p
, key
->len
);
104 dout("failed to decode crypto key\n");
108 int ceph_crypto_key_unarmor(struct ceph_crypto_key
*key
, const char *inkey
)
110 int inlen
= strlen(inkey
);
111 int blen
= inlen
* 3 / 4;
115 dout("crypto_key_unarmor %s\n", inkey
);
116 buf
= kmalloc(blen
, GFP_NOFS
);
119 blen
= ceph_unarmor(buf
, inkey
, inkey
+inlen
);
126 ret
= ceph_crypto_key_decode(key
, &p
, p
+ blen
);
130 dout("crypto_key_unarmor key %p type %d len %d\n", key
,
131 key
->type
, key
->len
);
135 void ceph_crypto_key_destroy(struct ceph_crypto_key
*key
)
138 kfree_sensitive(key
->key
);
141 crypto_free_sync_skcipher(key
->tfm
);
147 static const u8
*aes_iv
= (u8
*)CEPH_AES_IV
;
150 * Should be used for buffers allocated with kvmalloc().
151 * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
152 * in-buffer (msg front).
154 * Dispose of @sgt with teardown_sgtable().
156 * @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
157 * in cases where a single sg is sufficient. No attempt to reduce the
158 * number of sgs by squeezing physically contiguous pages together is
159 * made though, for simplicity.
161 static int setup_sgtable(struct sg_table
*sgt
, struct scatterlist
*prealloc_sg
,
162 const void *buf
, unsigned int buf_len
)
164 struct scatterlist
*sg
;
165 const bool is_vmalloc
= is_vmalloc_addr(buf
);
166 unsigned int off
= offset_in_page(buf
);
167 unsigned int chunk_cnt
= 1;
168 unsigned int chunk_len
= PAGE_ALIGN(off
+ buf_len
);
173 memset(sgt
, 0, sizeof(*sgt
));
178 chunk_cnt
= chunk_len
>> PAGE_SHIFT
;
179 chunk_len
= PAGE_SIZE
;
183 ret
= sg_alloc_table(sgt
, chunk_cnt
, GFP_NOFS
);
187 WARN_ON(chunk_cnt
!= 1);
188 sg_init_table(prealloc_sg
, 1);
189 sgt
->sgl
= prealloc_sg
;
190 sgt
->nents
= sgt
->orig_nents
= 1;
193 for_each_sg(sgt
->sgl
, sg
, sgt
->orig_nents
, i
) {
195 unsigned int len
= min(chunk_len
- off
, buf_len
);
198 page
= vmalloc_to_page(buf
);
200 page
= virt_to_page(buf
);
202 sg_set_page(sg
, page
, len
, off
);
208 WARN_ON(buf_len
!= 0);
213 static void teardown_sgtable(struct sg_table
*sgt
)
215 if (sgt
->orig_nents
> 1)
219 static int ceph_aes_crypt(const struct ceph_crypto_key
*key
, bool encrypt
,
220 void *buf
, int buf_len
, int in_len
, int *pout_len
)
222 SYNC_SKCIPHER_REQUEST_ON_STACK(req
, key
->tfm
);
224 struct scatterlist prealloc_sg
;
225 char iv
[AES_BLOCK_SIZE
] __aligned(8);
226 int pad_byte
= AES_BLOCK_SIZE
- (in_len
& (AES_BLOCK_SIZE
- 1));
227 int crypt_len
= encrypt
? in_len
+ pad_byte
: in_len
;
230 WARN_ON(crypt_len
> buf_len
);
232 memset(buf
+ in_len
, pad_byte
, pad_byte
);
233 ret
= setup_sgtable(&sgt
, &prealloc_sg
, buf
, crypt_len
);
237 memcpy(iv
, aes_iv
, AES_BLOCK_SIZE
);
238 skcipher_request_set_sync_tfm(req
, key
->tfm
);
239 skcipher_request_set_callback(req
, 0, NULL
, NULL
);
240 skcipher_request_set_crypt(req
, sgt
.sgl
, sgt
.sgl
, crypt_len
, iv
);
243 print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,
244 key->key, key->len, 1);
245 print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1,
249 ret
= crypto_skcipher_encrypt(req
);
251 ret
= crypto_skcipher_decrypt(req
);
252 skcipher_request_zero(req
);
254 pr_err("%s %scrypt failed: %d\n", __func__
,
255 encrypt
? "en" : "de", ret
);
259 print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1,
264 *pout_len
= crypt_len
;
266 pad_byte
= *(char *)(buf
+ in_len
- 1);
267 if (pad_byte
> 0 && pad_byte
<= AES_BLOCK_SIZE
&&
268 in_len
>= pad_byte
) {
269 *pout_len
= in_len
- pad_byte
;
271 pr_err("%s got bad padding %d on in_len %d\n",
272 __func__
, pad_byte
, in_len
);
279 teardown_sgtable(&sgt
);
283 int ceph_crypt(const struct ceph_crypto_key
*key
, bool encrypt
,
284 void *buf
, int buf_len
, int in_len
, int *pout_len
)
287 case CEPH_CRYPTO_NONE
:
290 case CEPH_CRYPTO_AES
:
291 return ceph_aes_crypt(key
, encrypt
, buf
, buf_len
, in_len
,
298 static int ceph_key_preparse(struct key_preparsed_payload
*prep
)
300 struct ceph_crypto_key
*ckey
;
301 size_t datalen
= prep
->datalen
;
306 if (datalen
<= 0 || datalen
> 32767 || !prep
->data
)
310 ckey
= kmalloc(sizeof(*ckey
), GFP_KERNEL
);
314 /* TODO ceph_crypto_key_decode should really take const input */
315 p
= (void *)prep
->data
;
316 ret
= ceph_crypto_key_decode(ckey
, &p
, (char*)prep
->data
+datalen
);
320 prep
->payload
.data
[0] = ckey
;
321 prep
->quotalen
= datalen
;
330 static void ceph_key_free_preparse(struct key_preparsed_payload
*prep
)
332 struct ceph_crypto_key
*ckey
= prep
->payload
.data
[0];
333 ceph_crypto_key_destroy(ckey
);
337 static void ceph_key_destroy(struct key
*key
)
339 struct ceph_crypto_key
*ckey
= key
->payload
.data
[0];
341 ceph_crypto_key_destroy(ckey
);
345 struct key_type key_type_ceph
= {
347 .preparse
= ceph_key_preparse
,
348 .free_preparse
= ceph_key_free_preparse
,
349 .instantiate
= generic_key_instantiate
,
350 .destroy
= ceph_key_destroy
,
353 int __init
ceph_crypto_init(void)
355 return register_key_type(&key_type_ceph
);
358 void ceph_crypto_shutdown(void)
360 unregister_key_type(&key_type_ceph
);