crypto.c source code [linux/net/ceph/crypto.c]

1	// SPDX-License-Identifier: GPL-2.0
2
3	#include <linux/ceph/ceph_debug.h>
4
5	#include <linux/err.h>
6	#include <linux/scatterlist.h>
7	#include <linux/sched.h>
8	#include <linux/slab.h>
9	#include <crypto/aes.h>
10	#include <crypto/skcipher.h>
11	#include <linux/key-type.h>
12	#include <linux/sched/mm.h>
13
14	#include <keys/ceph-type.h>
15	#include <keys/user-type.h>
16	#include <linux/ceph/decode.h>
17	#include "crypto.h"
18
19	/*
20	* Set ->key and ->tfm. The rest of the key should be filled in before
21	* this function is called.
22	*/
23	static int set_secret(struct ceph_crypto_key key, void* *buf)
24	{
25	unsigned int noio_flag;
26	int ret;
27
28	key->key = NULL;
29	key->tfm = NULL;
30
31	switch (key->type) {
32	case CEPH_CRYPTO_NONE:
33	return `0`; / nothing to do /
34	case CEPH_CRYPTO_AES:
35	break;
36	default:
37	return -ENOTSUPP;
38	}
39
40	if (!key->len)
41	return -EINVAL;
42
43	key->key = kmemdup(p: buf, size: key->len, GFP_NOIO);
44	if (!key->key) {
45	ret = -ENOMEM;
46	goto fail;
47	}
48
49	/ crypto_alloc_sync_skcipher() allocates with GFP_KERNEL /
50	noio_flag = memalloc_noio_save();
51	key->tfm = crypto_alloc_sync_skcipher(alg_name: "cbc(aes)", type: `0`, mask: `0`);
52	memalloc_noio_restore(flags: noio_flag);
53	if (IS_ERR(ptr: key->tfm)) {
54	ret = PTR_ERR(ptr: key->tfm);
55	key->tfm = NULL;
56	goto fail;
57	}
58
59	ret = crypto_sync_skcipher_setkey(tfm: key->tfm, key: key->key, keylen: key->len);
60	if (ret)
61	goto fail;
62
63	return `0`;
64
65	fail:
66	ceph_crypto_key_destroy(key);
67	return ret;
68	}
69
70	int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
71	const struct ceph_crypto_key *src)
72	{
73	memcpy(dst, src, sizeof(struct ceph_crypto_key));
74	return set_secret(key: dst, buf: src->key);
75	}
76
77	int ceph_crypto_key_encode(struct ceph_crypto_key key, void* *p, void* *end)
78	{
79	if (p + sizeof(u16) + sizeof*(key->created) +
80	sizeof(u16) + key->len > end)
81	return -ERANGE;
82	ceph_encode_16(p, v: key->type);
83	ceph_encode_copy(p, s: &key->created, len: sizeof(key->created));
84	ceph_encode_16(p, v: key->len);
85	ceph_encode_copy(p, s: key->key, len: key->len);
86	return `0`;
87	}
88
89	int ceph_crypto_key_decode(struct ceph_crypto_key key, void* *p, void* *end)
90	{
91	int ret;
92
93	ceph_decode_need(p, end, `2`*sizeof(u16) + sizeof(key->created), bad);
94	key->type = ceph_decode_16(p);
95	ceph_decode_copy(p, pv: &key->created, n: sizeof(key->created));
96	key->len = ceph_decode_16(p);
97	ceph_decode_need(p, end, key->len, bad);
98	ret = set_secret(key, buf: *p);
99	memzero_explicit(s: *p, count: key->len);
100	*p += key->len;
101	return ret;
102
103	bad:
104	dout("failed to decode crypto key\n");
105	return -EINVAL;
106	}
107
108	int ceph_crypto_key_unarmor(struct ceph_crypto_key key, const* char *inkey)
109	{
110	int inlen = strlen(inkey);
111	int blen = inlen * `3` / `4`;
112	void buf, p;
113	int ret;
114
115	dout("crypto_key_unarmor %s\n", inkey);
116	buf = kmalloc(size: blen, GFP_NOFS);
117	if (!buf)
118	return -ENOMEM;
119	blen = ceph_unarmor(dst: buf, src: inkey, end: inkey+inlen);
120	if (blen < `0`) {
121	kfree(objp: buf);
122	return blen;
123	}
124
125	p = buf;
126	ret = ceph_crypto_key_decode(key, p: &p, end: p + blen);
127	kfree(objp: buf);
128	if (ret)
129	return ret;
130	dout("crypto_key_unarmor key %p type %d len %d\n", key,
131	key->type, key->len);
132	return `0`;
133	}
134
135	void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
136	{
137	if (key) {
138	kfree_sensitive(objp: key->key);
139	key->key = NULL;
140	if (key->tfm) {
141	crypto_free_sync_skcipher(tfm: key->tfm);
142	key->tfm = NULL;
143	}
144	}
145	}
146
147	static const u8 aes_iv = (u8 )CEPH_AES_IV;
148
149	/*
150	* Should be used for buffers allocated with kvmalloc().
151	* Currently these are encrypt out-buffer (ceph_buffer) and decrypt
152	* in-buffer (msg front).
153	*
154	* Dispose of @sgt with teardown_sgtable().
155	*
156	* @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
157	* in cases where a single sg is sufficient. No attempt to reduce the
158	* number of sgs by squeezing physically contiguous pages together is
159	* made though, for simplicity.
160	*/
161	static int setup_sgtable(struct sg_table sgt, struct* scatterlist *prealloc_sg,
162	const void buf, unsigned* int buf_len)
163	{
164	struct scatterlist *sg;
165	const bool is_vmalloc = is_vmalloc_addr(x: buf);
166	unsigned int off = offset_in_page(buf);
167	unsigned int chunk_cnt = `1`;
168	unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
169	int i;
170	int ret;
171
172	if (buf_len == `0`) {
173	memset(sgt, `0`, sizeof(*sgt));
174	return -EINVAL;
175	}
176
177	if (is_vmalloc) {
178	chunk_cnt = chunk_len >> PAGE_SHIFT;
179	chunk_len = PAGE_SIZE;
180	}
181
182	if (chunk_cnt > `1`) {
183	ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
184	if (ret)
185	return ret;
186	} else {
187	WARN_ON(chunk_cnt != `1`);
188	sg_init_table(prealloc_sg, `1`);
189	sgt->sgl = prealloc_sg;
190	sgt->nents = sgt->orig_nents = `1`;
191	}
192
193	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
194	struct page *page;
195	unsigned int len = min(chunk_len - off, buf_len);
196
197	if (is_vmalloc)
198	page = vmalloc_to_page(addr: buf);
199	else
200	page = virt_to_page(buf);
201
202	sg_set_page(sg, page, len, offset: off);
203
204	off = `0`;
205	buf += len;
206	buf_len -= len;
207	}
208	WARN_ON(buf_len != `0`);
209
210	return `0`;
211	}
212
213	static void teardown_sgtable(struct sg_table *sgt)
214	{
215	if (sgt->orig_nents > `1`)
216	sg_free_table(sgt);
217	}
218
219	static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
220	void buf, int* buf_len, int in_len, int *pout_len)
221	{
222	SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
223	struct sg_table sgt;
224	struct scatterlist prealloc_sg;
225	char iv[AES_BLOCK_SIZE] __aligned(`8`);
226	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - `1`));
227	int crypt_len = encrypt ? in_len + pad_byte : in_len;
228	int ret;
229
230	WARN_ON(crypt_len > buf_len);
231	if (encrypt)
232	memset(buf + in_len, pad_byte, pad_byte);
233	ret = setup_sgtable(sgt: &sgt, prealloc_sg: &prealloc_sg, buf, buf_len: crypt_len);
234	if (ret)
235	return ret;
236
237	memcpy(iv, aes_iv, AES_BLOCK_SIZE);
238	skcipher_request_set_sync_tfm(req, tfm: key->tfm);
239	skcipher_request_set_callback(req, flags: `0`, NULL, NULL);
240	skcipher_request_set_crypt(req, src: sgt.sgl, dst: sgt.sgl, cryptlen: crypt_len, iv);
241
242	/*
243	print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,
244	key->key, key->len, 1);
245	print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1,
246	buf, crypt_len, 1);
247	*/
248	if (encrypt)
249	ret = crypto_skcipher_encrypt(req);
250	else
251	ret = crypto_skcipher_decrypt(req);
252	skcipher_request_zero(req);
253	if (ret) {
254	pr_err("%s %scrypt failed: %d\n", __func__,
255	encrypt ? "en" : "de", ret);
256	goto out_sgt;
257	}
258	/*
259	print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1,
260	buf, crypt_len, 1);
261	*/
262
263	if (encrypt) {
264	*pout_len = crypt_len;
265	} else {
266	pad_byte = (char* *)(buf + in_len - `1`);
267	if (pad_byte > `0` && pad_byte <= AES_BLOCK_SIZE &&
268	in_len >= pad_byte) {
269	*pout_len = in_len - pad_byte;
270	} else {
271	pr_err("%s got bad padding %d on in_len %d\n",
272	__func__, pad_byte, in_len);
273	ret = -EPERM;
274	goto out_sgt;
275	}
276	}
277
278	out_sgt:
279	teardown_sgtable(sgt: &sgt);
280	return ret;
281	}
282
283	int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
284	void buf, int* buf_len, int in_len, int *pout_len)
285	{
286	switch (key->type) {
287	case CEPH_CRYPTO_NONE:
288	*pout_len = in_len;
289	return `0`;
290	case CEPH_CRYPTO_AES:
291	return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len,
292	pout_len);
293	default:
294	return -ENOTSUPP;
295	}
296	}
297
298	static int ceph_key_preparse(struct key_preparsed_payload *prep)
299	{
300	struct ceph_crypto_key *ckey;
301	size_t datalen = prep->datalen;
302	int ret;
303	void *p;
304
305	ret = -EINVAL;
306	if (datalen <= `0` \|\| datalen > `32767` \|\| !prep->data)
307	goto err;
308
309	ret = -ENOMEM;
310	ckey = kmalloc(size: sizeof(*ckey), GFP_KERNEL);
311	if (!ckey)
312	goto err;
313
314	/ TODO ceph_crypto_key_decode should really take const input /
315	p = (void *)prep->data;
316	ret = ceph_crypto_key_decode(key: ckey, p: &p, end: (char*)prep->data+datalen);
317	if (ret < `0`)
318	goto err_ckey;
319
320	prep->payload.data[`0`] = ckey;
321	prep->quotalen = datalen;
322	return `0`;
323
324	err_ckey:
325	kfree(objp: ckey);
326	err:
327	return ret;
328	}
329
330	static void ceph_key_free_preparse(struct key_preparsed_payload *prep)
331	{
332	struct ceph_crypto_key *ckey = prep->payload.data[`0`];
333	ceph_crypto_key_destroy(key: ckey);
334	kfree(objp: ckey);
335	}
336
337	static void ceph_key_destroy(struct key *key)
338	{
339	struct ceph_crypto_key *ckey = key->payload.data[`0`];
340
341	ceph_crypto_key_destroy(key: ckey);
342	kfree(objp: ckey);
343	}
344
345	struct key_type key_type_ceph = {
346	.name = "ceph",
347	.preparse = ceph_key_preparse,
348	.free_preparse = ceph_key_free_preparse,
349	.instantiate = generic_key_instantiate,
350	.destroy = ceph_key_destroy,
351	};
352
353	int __init ceph_crypto_init(void)
354	{
355	return register_key_type(ktype: &key_type_ceph);
356	}
357
358	void ceph_crypto_shutdown(void)
359	{
360	unregister_key_type(ktype: &key_type_ceph);
361	}
362

source code of linux/net/ceph/crypto.c