[linux-block.git] / net / ceph / crypto.c

// SPDX-License-Identifier: GPL-2.0

#include <linux/ceph/ceph_debug.h>

#include <linux/err.h>
#include <linux/scatterlist.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <crypto/aes.h>
#include <crypto/skcipher.h>
#include <linux/key-type.h>
#include <linux/sched/mm.h>

#include <keys/ceph-type.h>
#include <keys/user-type.h>
#include <linux/ceph/decode.h>
#include "crypto.h"

/*
 * Set ->key and ->tfm.  The rest of the key should be filled in before
 * this function is called.
 */
static int set_secret(struct ceph_crypto_key *key, void *buf)
{
	unsigned int noio_flag;
	int ret;

	key->key = NULL;
	key->tfm = NULL;

	switch (key->type) {
	case CEPH_CRYPTO_NONE:
		return 0; /* nothing to do */
	case CEPH_CRYPTO_AES:
		break;
	default:
		return -ENOTSUPP;
	}

	if (!key->len)
		return -EINVAL;

	key->key = kmemdup(buf, key->len, GFP_NOIO);
	if (!key->key) {
		ret = -ENOMEM;
		goto fail;
	}

	/* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */
	noio_flag = memalloc_noio_save();
	key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);
	memalloc_noio_restore(noio_flag);
	if (IS_ERR(key->tfm)) {
		ret = PTR_ERR(key->tfm);
		key->tfm = NULL;
		goto fail;
	}

	ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len);
	if (ret)
		goto fail;

	return 0;

fail:
	ceph_crypto_key_destroy(key);
	return ret;
}

int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
			  const struct ceph_crypto_key *src)
{
	memcpy(dst, src, sizeof(struct ceph_crypto_key));
	return set_secret(dst, src->key);
}

int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end)
{
	if (*p + sizeof(u16) + sizeof(key->created) +
	    sizeof(u16) + key->len > end)
		return -ERANGE;
	ceph_encode_16(p, key->type);
	ceph_encode_copy(p, &key->created, sizeof(key->created));
	ceph_encode_16(p, key->len);
	ceph_encode_copy(p, key->key, key->len);
	return 0;
}

int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end)
{
	int ret;

	ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad);
	key->type = ceph_decode_16(p);
	ceph_decode_copy(p, &key->created, sizeof(key->created));
	key->len = ceph_decode_16(p);
	ceph_decode_need(p, end, key->len, bad);
	ret = set_secret(key, *p);
	memzero_explicit(*p, key->len);
	*p += key->len;
	return ret;

bad:
	dout("failed to decode crypto key\n");
	return -EINVAL;
}

int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)
{
	int inlen = strlen(inkey);
	int blen = inlen * 3 / 4;
	void *buf, *p;
	int ret;

	dout("crypto_key_unarmor %s\n", inkey);
	buf = kmalloc(blen, GFP_NOFS);
	if (!buf)
		return -ENOMEM;
	blen = ceph_unarmor(buf, inkey, inkey+inlen);
	if (blen < 0) {
		kfree(buf);
		return blen;
	}

	p = buf;
	ret = ceph_crypto_key_decode(key, &p, p + blen);
	kfree(buf);
	if (ret)
		return ret;
	dout("crypto_key_unarmor key %p type %d len %d\n", key,
	     key->type, key->len);
	return 0;
}

void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
{
	if (key) {
		kfree_sensitive(key->key);
		key->key = NULL;
		if (key->tfm) {
			crypto_free_sync_skcipher(key->tfm);
			key->tfm = NULL;
		}
	}
}

static const u8 *aes_iv = (u8 *)CEPH_AES_IV;

/*
 * Should be used for buffers allocated with kvmalloc().
 * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
 * in-buffer (msg front).
 *
 * Dispose of @sgt with teardown_sgtable().
 *
 * @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
 * in cases where a single sg is sufficient.  No attempt to reduce the
 * number of sgs by squeezing physically contiguous pages together is
 * made though, for simplicity.
 */
static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg,
			 const void *buf, unsigned int buf_len)
{
	struct scatterlist *sg;
	const bool is_vmalloc = is_vmalloc_addr(buf);
	unsigned int off = offset_in_page(buf);
	unsigned int chunk_cnt = 1;
	unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
	int i;
	int ret;

	if (buf_len == 0) {
		memset(sgt, 0, sizeof(*sgt));
		return -EINVAL;
	}

	if (is_vmalloc) {
		chunk_cnt = chunk_len >> PAGE_SHIFT;
		chunk_len = PAGE_SIZE;
	}

	if (chunk_cnt > 1) {
		ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
		if (ret)
			return ret;
	} else {
		WARN_ON(chunk_cnt != 1);
		sg_init_table(prealloc_sg, 1);
		sgt->sgl = prealloc_sg;
		sgt->nents = sgt->orig_nents = 1;
	}

	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
		struct page *page;
		unsigned int len = min(chunk_len - off, buf_len);

		if (is_vmalloc)
			page = vmalloc_to_page(buf);
		else
			page = virt_to_page(buf);

		sg_set_page(sg, page, len, off);

		off = 0;
		buf += len;
		buf_len -= len;
	}
	WARN_ON(buf_len != 0);

	return 0;
}

static void teardown_sgtable(struct sg_table *sgt)
{
	if (sgt->orig_nents > 1)
		sg_free_table(sgt);
}

static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
			  void *buf, int buf_len, int in_len, int *pout_len)
{
	SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
	struct sg_table sgt;
	struct scatterlist prealloc_sg;
	char iv[AES_BLOCK_SIZE] __aligned(8);
	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1));
	int crypt_len = encrypt ? in_len + pad_byte : in_len;
	int ret;

	WARN_ON(crypt_len > buf_len);
	if (encrypt)
		memset(buf + in_len, pad_byte, pad_byte);
	ret = setup_sgtable(&sgt, &prealloc_sg, buf, crypt_len);
	if (ret)
		return ret;

	memcpy(iv, aes_iv, AES_BLOCK_SIZE);
	skcipher_request_set_sync_tfm(req, key->tfm);
	skcipher_request_set_callback(req, 0, NULL, NULL);
	skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);

	/*
	print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,
		       key->key, key->len, 1);
	print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1,
		       buf, crypt_len, 1);
	*/
	if (encrypt)
		ret = crypto_skcipher_encrypt(req);
	else
		ret = crypto_skcipher_decrypt(req);
	skcipher_request_zero(req);
	if (ret) {
		pr_err("%s %scrypt failed: %d\n", __func__,
		       encrypt ? "en" : "de", ret);
		goto out_sgt;
	}
	/*
	print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1,
		       buf, crypt_len, 1);
	*/

	if (encrypt) {
		*pout_len = crypt_len;
	} else {
		pad_byte = *(char *)(buf + in_len - 1);
		if (pad_byte > 0 && pad_byte <= AES_BLOCK_SIZE &&
		    in_len >= pad_byte) {
			*pout_len = in_len - pad_byte;
		} else {
			pr_err("%s got bad padding %d on in_len %d\n",
			       __func__, pad_byte, in_len);
			ret = -EPERM;
			goto out_sgt;
		}
	}

out_sgt:
	teardown_sgtable(&sgt);
	return ret;
}

int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
	       void *buf, int buf_len, int in_len, int *pout_len)
{
	switch (key->type) {
	case CEPH_CRYPTO_NONE:
		*pout_len = in_len;
		return 0;
	case CEPH_CRYPTO_AES:
		return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len,
				      pout_len);
	default:
		return -ENOTSUPP;
	}
}

static int ceph_key_preparse(struct key_preparsed_payload *prep)
{
	struct ceph_crypto_key *ckey;
	size_t datalen = prep->datalen;
	int ret;
	void *p;

	ret = -EINVAL;
	if (datalen <= 0 || datalen > 32767 || !prep->data)
		goto err;

	ret = -ENOMEM;
	ckey = kmalloc(sizeof(*ckey), GFP_KERNEL);
	if (!ckey)
		goto err;

	/* TODO ceph_crypto_key_decode should really take const input */
	p = (void *)prep->data;
	ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen);
	if (ret < 0)
		goto err_ckey;

	prep->payload.data[0] = ckey;
	prep->quotalen = datalen;
	return 0;

err_ckey:
	kfree(ckey);
err:
	return ret;
}

static void ceph_key_free_preparse(struct key_preparsed_payload *prep)
{
	struct ceph_crypto_key *ckey = prep->payload.data[0];
	ceph_crypto_key_destroy(ckey);
	kfree(ckey);
}

static void ceph_key_destroy(struct key *key)
{
	struct ceph_crypto_key *ckey = key->payload.data[0];

	ceph_crypto_key_destroy(ckey);
	kfree(ckey);
}

struct key_type key_type_ceph = {
	.name		= "ceph",
	.preparse	= ceph_key_preparse,
	.free_preparse	= ceph_key_free_preparse,
	.instantiate	= generic_key_instantiate,
	.destroy	= ceph_key_destroy,
};

int __init ceph_crypto_init(void)
{
	return register_key_type(&key_type_ceph);
}

void ceph_crypto_shutdown(void)
{
	unregister_key_type(&key_type_ceph);
}
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
8b6e4f2d	2
3d14c5d2	3	#include <linux/ceph/ceph_debug.h>
8b6e4f2d SW	4
	5	#include <linux/err.h>
	6	#include <linux/scatterlist.h>
7fea24c6	7	#include <linux/sched.h>
5a0e3ad6	8	#include <linux/slab.h>
e59dd982 HX	9	#include <crypto/aes.h>
e59dd982 HX	10	#include <crypto/skcipher.h>
4b2a58ab	11	#include <linux/key-type.h>
5b3cc15a	12	#include <linux/sched/mm.h>
8b6e4f2d	13
4b2a58ab	14	#include <keys/ceph-type.h>
7c3bec0a	15	#include <keys/user-type.h>
3d14c5d2	16	#include <linux/ceph/decode.h>
8b6e4f2d	17	#include "crypto.h"
8b6e4f2d	18
7af3ea18 ID	19	/*
	20	* Set ->key and ->tfm. The rest of the key should be filled in before
	21	* this function is called.
	22	*/
	23	static int set_secret(struct ceph_crypto_key key, void buf)
	24	{
	25	unsigned int noio_flag;
	26	int ret;
	27
	28	key->key = NULL;
	29	key->tfm = NULL;
	30
	31	switch (key->type) {
	32	case CEPH_CRYPTO_NONE:
	33	return 0; /* nothing to do */
	34	case CEPH_CRYPTO_AES:
	35	break;
	36	default:
	37	return -ENOTSUPP;
	38	}
	39
b1127085 EB	40	if (!key->len)
	41	return -EINVAL;
	42
7af3ea18 ID	43	key->key = kmemdup(buf, key->len, GFP_NOIO);
	44	if (!key->key) {
	45	ret = -ENOMEM;
	46	goto fail;
	47	}
	48
69d6302b	49	/* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */
7af3ea18	50	noio_flag = memalloc_noio_save();
69d6302b	51	key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);
7af3ea18 ID	52	memalloc_noio_restore(noio_flag);
	53	if (IS_ERR(key->tfm)) {
	54	ret = PTR_ERR(key->tfm);
	55	key->tfm = NULL;
	56	goto fail;
	57	}
	58
69d6302b	59	ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len);
7af3ea18 ID	60	if (ret)
	61	goto fail;
	62
	63	return 0;
	64
	65	fail:
	66	ceph_crypto_key_destroy(key);
	67	return ret;
	68	}
	69
8323c3aa TV	70	int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
	71	const struct ceph_crypto_key *src)
	72	{
	73	memcpy(dst, src, sizeof(struct ceph_crypto_key));
7af3ea18	74	return set_secret(dst, src->key);
8323c3aa TV	75	}
8323c3aa TV	76
8b6e4f2d SW	77	int ceph_crypto_key_encode(struct ceph_crypto_key key, void p, void end)
	78	{
	79	if (*p + sizeof(u16) + sizeof(key->created) +
	80	sizeof(u16) + key->len > end)
	81	return -ERANGE;
	82	ceph_encode_16(p, key->type);
	83	ceph_encode_copy(p, &key->created, sizeof(key->created));
	84	ceph_encode_16(p, key->len);
	85	ceph_encode_copy(p, key->key, key->len);
	86	return 0;
	87	}
	88
	89	int ceph_crypto_key_decode(struct ceph_crypto_key key, void p, void end)
	90	{
7af3ea18 ID	91	int ret;
7af3ea18 ID	92
8b6e4f2d SW	93	ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad);
	94	key->type = ceph_decode_16(p);
	95	ceph_decode_copy(p, &key->created, sizeof(key->created));
	96	key->len = ceph_decode_16(p);
	97	ceph_decode_need(p, end, key->len, bad);
7af3ea18	98	ret = set_secret(key, *p);
10f42b3e	99	memzero_explicit(*p, key->len);
7af3ea18 ID	100	*p += key->len;
7af3ea18 ID	101	return ret;
8b6e4f2d SW	102
	103	bad:
	104	dout("failed to decode crypto key\n");
	105	return -EINVAL;
	106	}
	107
	108	int ceph_crypto_key_unarmor(struct ceph_crypto_key key, const char inkey)
	109	{
	110	int inlen = strlen(inkey);
	111	int blen = inlen * 3 / 4;
	112	void buf, p;
	113	int ret;
	114
	115	dout("crypto_key_unarmor %s\n", inkey);
	116	buf = kmalloc(blen, GFP_NOFS);
	117	if (!buf)
	118	return -ENOMEM;
	119	blen = ceph_unarmor(buf, inkey, inkey+inlen);
	120	if (blen < 0) {
	121	kfree(buf);
	122	return blen;
	123	}
	124
	125	p = buf;
	126	ret = ceph_crypto_key_decode(key, &p, p + blen);
	127	kfree(buf);
	128	if (ret)
	129	return ret;
	130	dout("crypto_key_unarmor key %p type %d len %d\n", key,
	131	key->type, key->len);
	132	return 0;
	133	}
	134
6db2304a ID	135	void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
	136	{
	137	if (key) {
10f42b3e	138	kfree_sensitive(key->key);
6db2304a	139	key->key = NULL;
e8c99200 JJB	140	if (key->tfm) {
	141	crypto_free_sync_skcipher(key->tfm);
	142	key->tfm = NULL;
	143	}
6db2304a ID	144	}
	145	}
	146
cbbfe499	147	static const u8 aes_iv = (u8 )CEPH_AES_IV;
8b6e4f2d	148
aaef3170	149	/*
a421ef30	150	* Should be used for buffers allocated with kvmalloc().
aaef3170 ID	151	* Currently these are encrypt out-buffer (ceph_buffer) and decrypt
	152	* in-buffer (msg front).
	153	*
	154	* Dispose of @sgt with teardown_sgtable().
	155	*
	156	* @prealloc_sg is to avoid memory allocation inside sg_alloc_table()
	157	* in cases where a single sg is sufficient. No attempt to reduce the
	158	* number of sgs by squeezing physically contiguous pages together is
	159	* made though, for simplicity.
	160	*/
	161	static int setup_sgtable(struct sg_table sgt, struct scatterlist prealloc_sg,
	162	const void *buf, unsigned int buf_len)
	163	{
	164	struct scatterlist *sg;
	165	const bool is_vmalloc = is_vmalloc_addr(buf);
	166	unsigned int off = offset_in_page(buf);
	167	unsigned int chunk_cnt = 1;
	168	unsigned int chunk_len = PAGE_ALIGN(off + buf_len);
	169	int i;
	170	int ret;
	171
	172	if (buf_len == 0) {
	173	memset(sgt, 0, sizeof(*sgt));
	174	return -EINVAL;
	175	}
	176
	177	if (is_vmalloc) {
	178	chunk_cnt = chunk_len >> PAGE_SHIFT;
	179	chunk_len = PAGE_SIZE;
	180	}
	181
	182	if (chunk_cnt > 1) {
	183	ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS);
	184	if (ret)
	185	return ret;
	186	} else {
	187	WARN_ON(chunk_cnt != 1);
	188	sg_init_table(prealloc_sg, 1);
	189	sgt->sgl = prealloc_sg;
	190	sgt->nents = sgt->orig_nents = 1;
	191	}
	192
	193	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {
	194	struct page *page;
	195	unsigned int len = min(chunk_len - off, buf_len);
	196
	197	if (is_vmalloc)
	198	page = vmalloc_to_page(buf);
	199	else
	200	page = virt_to_page(buf);
	201
	202	sg_set_page(sg, page, len, off);
	203
	204	off = 0;
	205	buf += len;
	206	buf_len -= len;
	207	}
	208	WARN_ON(buf_len != 0);
	209
	210	return 0;
	211	}
	212
	213	static void teardown_sgtable(struct sg_table *sgt)
	214	{
215	if (sgt->orig_nents > 1)
216	sg_free_table(sgt);
217	}
218
a45f795c ID	219	static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
	220	void buf, int buf_len, int in_len, int pout_len)
	221	{
69d6302b	222	SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
a45f795c ID	223	struct sg_table sgt;
a45f795c ID	224	struct scatterlist prealloc_sg;
124f930b	225	char iv[AES_BLOCK_SIZE] __aligned(8);
a45f795c ID	226	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1));
	227	int crypt_len = encrypt ? in_len + pad_byte : in_len;
	228	int ret;
	229
a45f795c ID	230	WARN_ON(crypt_len > buf_len);
	231	if (encrypt)
	232	memset(buf + in_len, pad_byte, pad_byte);
	233	ret = setup_sgtable(&sgt, &prealloc_sg, buf, crypt_len);
	234	if (ret)
7af3ea18	235	return ret;
a45f795c	236
a45f795c	237	memcpy(iv, aes_iv, AES_BLOCK_SIZE);
69d6302b	238	skcipher_request_set_sync_tfm(req, key->tfm);
a45f795c ID	239	skcipher_request_set_callback(req, 0, NULL, NULL);
	240	skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);
	241
	242	/*
	243	print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,
	244	key->key, key->len, 1);
	245	print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1,
	246	buf, crypt_len, 1);
	247	*/
	248	if (encrypt)
	249	ret = crypto_skcipher_encrypt(req);
	250	else
	251	ret = crypto_skcipher_decrypt(req);
	252	skcipher_request_zero(req);
	253	if (ret) {
	254	pr_err("%s %scrypt failed: %d\n", __func__,
	255	encrypt ? "en" : "de", ret);
	256	goto out_sgt;
	257	}
	258	/*
	259	print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1,
	260	buf, crypt_len, 1);
	261	*/
	262
	263	if (encrypt) {
	264	*pout_len = crypt_len;
	265	} else {
	266	pad_byte = (char )(buf + in_len - 1);
	267	if (pad_byte > 0 && pad_byte <= AES_BLOCK_SIZE &&
	268	in_len >= pad_byte) {
	269	*pout_len = in_len - pad_byte;
	270	} else {
	271	pr_err("%s got bad padding %d on in_len %d\n",
	272	__func__, pad_byte, in_len);
	273	ret = -EPERM;
	274	goto out_sgt;
	275	}
	276	}
	277
	278	out_sgt:
	279	teardown_sgtable(&sgt);
a45f795c ID	280	return ret;
	281	}
	282
	283	int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
	284	void buf, int buf_len, int in_len, int pout_len)
	285	{
	286	switch (key->type) {
	287	case CEPH_CRYPTO_NONE:
	288	*pout_len = in_len;
	289	return 0;
	290	case CEPH_CRYPTO_AES:
	291	return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len,
	292	pout_len);
	293	default:
	294	return -ENOTSUPP;
	295	}
	296	}
	297
efa64c09	298	static int ceph_key_preparse(struct key_preparsed_payload *prep)
4b2a58ab TV	299	{
4b2a58ab TV	300	struct ceph_crypto_key *ckey;
cf7f601c	301	size_t datalen = prep->datalen;
4b2a58ab TV	302	int ret;
	303	void *p;
	304
	305	ret = -EINVAL;
cf7f601c	306	if (datalen <= 0 \|\| datalen > 32767 \|\| !prep->data)
4b2a58ab TV	307	goto err;
4b2a58ab TV	308
4b2a58ab TV	309	ret = -ENOMEM;
	310	ckey = kmalloc(sizeof(*ckey), GFP_KERNEL);
	311	if (!ckey)
	312	goto err;
	313
	314	/* TODO ceph_crypto_key_decode should really take const input */
cf7f601c DH	315	p = (void *)prep->data;
cf7f601c DH	316	ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen);
4b2a58ab TV	317	if (ret < 0)
	318	goto err_ckey;
	319
146aa8b1	320	prep->payload.data[0] = ckey;
efa64c09	321	prep->quotalen = datalen;
4b2a58ab TV	322	return 0;
	323
	324	err_ckey:
	325	kfree(ckey);
	326	err:
	327	return ret;
	328	}
	329
efa64c09 DH	330	static void ceph_key_free_preparse(struct key_preparsed_payload *prep)
efa64c09 DH	331	{
146aa8b1	332	struct ceph_crypto_key *ckey = prep->payload.data[0];
efa64c09 DH	333	ceph_crypto_key_destroy(ckey);
	334	kfree(ckey);
	335	}
	336
efa64c09 DH	337	static void ceph_key_destroy(struct key *key)
efa64c09 DH	338	{
146aa8b1	339	struct ceph_crypto_key *ckey = key->payload.data[0];
4b2a58ab TV	340
4b2a58ab TV	341	ceph_crypto_key_destroy(ckey);
f0666b1a	342	kfree(ckey);
4b2a58ab TV	343	}
	344
	345	struct key_type key_type_ceph = {
	346	.name = "ceph",
efa64c09 DH	347	.preparse = ceph_key_preparse,
	348	.free_preparse = ceph_key_free_preparse,
	349	.instantiate = generic_key_instantiate,
4b2a58ab TV	350	.destroy = ceph_key_destroy,
	351	};
	352
57a35dfb CX	353	int __init ceph_crypto_init(void)
57a35dfb CX	354	{
4b2a58ab TV	355	return register_key_type(&key_type_ceph);
	356	}
	357
57a35dfb CX	358	void ceph_crypto_shutdown(void)
57a35dfb CX	359	{
4b2a58ab TV	360	unregister_key_type(&key_type_ceph);
4b2a58ab TV	361	}