Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
8b6e4f2d | 2 | |
3d14c5d2 | 3 | #include <linux/ceph/ceph_debug.h> |
8b6e4f2d SW |
4 | |
5 | #include <linux/err.h> | |
6 | #include <linux/scatterlist.h> | |
7fea24c6 | 7 | #include <linux/sched.h> |
5a0e3ad6 | 8 | #include <linux/slab.h> |
e59dd982 HX |
9 | #include <crypto/aes.h> |
10 | #include <crypto/skcipher.h> | |
4b2a58ab | 11 | #include <linux/key-type.h> |
5b3cc15a | 12 | #include <linux/sched/mm.h> |
8b6e4f2d | 13 | |
4b2a58ab | 14 | #include <keys/ceph-type.h> |
7c3bec0a | 15 | #include <keys/user-type.h> |
3d14c5d2 | 16 | #include <linux/ceph/decode.h> |
8b6e4f2d | 17 | #include "crypto.h" |
8b6e4f2d | 18 | |
7af3ea18 ID |
19 | /* |
20 | * Set ->key and ->tfm. The rest of the key should be filled in before | |
21 | * this function is called. | |
22 | */ | |
23 | static int set_secret(struct ceph_crypto_key *key, void *buf) | |
24 | { | |
25 | unsigned int noio_flag; | |
26 | int ret; | |
27 | ||
28 | key->key = NULL; | |
29 | key->tfm = NULL; | |
30 | ||
31 | switch (key->type) { | |
32 | case CEPH_CRYPTO_NONE: | |
33 | return 0; /* nothing to do */ | |
34 | case CEPH_CRYPTO_AES: | |
35 | break; | |
36 | default: | |
37 | return -ENOTSUPP; | |
38 | } | |
39 | ||
b1127085 EB |
40 | if (!key->len) |
41 | return -EINVAL; | |
42 | ||
7af3ea18 ID |
43 | key->key = kmemdup(buf, key->len, GFP_NOIO); |
44 | if (!key->key) { | |
45 | ret = -ENOMEM; | |
46 | goto fail; | |
47 | } | |
48 | ||
69d6302b | 49 | /* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */ |
7af3ea18 | 50 | noio_flag = memalloc_noio_save(); |
69d6302b | 51 | key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0); |
7af3ea18 ID |
52 | memalloc_noio_restore(noio_flag); |
53 | if (IS_ERR(key->tfm)) { | |
54 | ret = PTR_ERR(key->tfm); | |
55 | key->tfm = NULL; | |
56 | goto fail; | |
57 | } | |
58 | ||
69d6302b | 59 | ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len); |
7af3ea18 ID |
60 | if (ret) |
61 | goto fail; | |
62 | ||
63 | return 0; | |
64 | ||
65 | fail: | |
66 | ceph_crypto_key_destroy(key); | |
67 | return ret; | |
68 | } | |
69 | ||
8323c3aa TV |
70 | int ceph_crypto_key_clone(struct ceph_crypto_key *dst, |
71 | const struct ceph_crypto_key *src) | |
72 | { | |
73 | memcpy(dst, src, sizeof(struct ceph_crypto_key)); | |
7af3ea18 | 74 | return set_secret(dst, src->key); |
8323c3aa TV |
75 | } |
76 | ||
8b6e4f2d SW |
77 | int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) |
78 | { | |
79 | if (*p + sizeof(u16) + sizeof(key->created) + | |
80 | sizeof(u16) + key->len > end) | |
81 | return -ERANGE; | |
82 | ceph_encode_16(p, key->type); | |
83 | ceph_encode_copy(p, &key->created, sizeof(key->created)); | |
84 | ceph_encode_16(p, key->len); | |
85 | ceph_encode_copy(p, key->key, key->len); | |
86 | return 0; | |
87 | } | |
88 | ||
89 | int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) | |
90 | { | |
7af3ea18 ID |
91 | int ret; |
92 | ||
8b6e4f2d SW |
93 | ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad); |
94 | key->type = ceph_decode_16(p); | |
95 | ceph_decode_copy(p, &key->created, sizeof(key->created)); | |
96 | key->len = ceph_decode_16(p); | |
97 | ceph_decode_need(p, end, key->len, bad); | |
7af3ea18 | 98 | ret = set_secret(key, *p); |
10f42b3e | 99 | memzero_explicit(*p, key->len); |
7af3ea18 ID |
100 | *p += key->len; |
101 | return ret; | |
8b6e4f2d SW |
102 | |
103 | bad: | |
104 | dout("failed to decode crypto key\n"); | |
105 | return -EINVAL; | |
106 | } | |
107 | ||
108 | int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) | |
109 | { | |
110 | int inlen = strlen(inkey); | |
111 | int blen = inlen * 3 / 4; | |
112 | void *buf, *p; | |
113 | int ret; | |
114 | ||
115 | dout("crypto_key_unarmor %s\n", inkey); | |
116 | buf = kmalloc(blen, GFP_NOFS); | |
117 | if (!buf) | |
118 | return -ENOMEM; | |
119 | blen = ceph_unarmor(buf, inkey, inkey+inlen); | |
120 | if (blen < 0) { | |
121 | kfree(buf); | |
122 | return blen; | |
123 | } | |
124 | ||
125 | p = buf; | |
126 | ret = ceph_crypto_key_decode(key, &p, p + blen); | |
127 | kfree(buf); | |
128 | if (ret) | |
129 | return ret; | |
130 | dout("crypto_key_unarmor key %p type %d len %d\n", key, | |
131 | key->type, key->len); | |
132 | return 0; | |
133 | } | |
134 | ||
6db2304a ID |
135 | void ceph_crypto_key_destroy(struct ceph_crypto_key *key) |
136 | { | |
137 | if (key) { | |
10f42b3e | 138 | kfree_sensitive(key->key); |
6db2304a | 139 | key->key = NULL; |
e8c99200 JJB |
140 | if (key->tfm) { |
141 | crypto_free_sync_skcipher(key->tfm); | |
142 | key->tfm = NULL; | |
143 | } | |
6db2304a ID |
144 | } |
145 | } | |
146 | ||
cbbfe499 | 147 | static const u8 *aes_iv = (u8 *)CEPH_AES_IV; |
8b6e4f2d | 148 | |
aaef3170 | 149 | /* |
a421ef30 | 150 | * Should be used for buffers allocated with kvmalloc(). |
aaef3170 ID |
151 | * Currently these are encrypt out-buffer (ceph_buffer) and decrypt |
152 | * in-buffer (msg front). | |
153 | * | |
154 | * Dispose of @sgt with teardown_sgtable(). | |
155 | * | |
156 | * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() | |
157 | * in cases where a single sg is sufficient. No attempt to reduce the | |
158 | * number of sgs by squeezing physically contiguous pages together is | |
159 | * made though, for simplicity. | |
160 | */ | |
161 | static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, | |
162 | const void *buf, unsigned int buf_len) | |
163 | { | |
164 | struct scatterlist *sg; | |
165 | const bool is_vmalloc = is_vmalloc_addr(buf); | |
166 | unsigned int off = offset_in_page(buf); | |
167 | unsigned int chunk_cnt = 1; | |
168 | unsigned int chunk_len = PAGE_ALIGN(off + buf_len); | |
169 | int i; | |
170 | int ret; | |
171 | ||
172 | if (buf_len == 0) { | |
173 | memset(sgt, 0, sizeof(*sgt)); | |
174 | return -EINVAL; | |
175 | } | |
176 | ||
177 | if (is_vmalloc) { | |
178 | chunk_cnt = chunk_len >> PAGE_SHIFT; | |
179 | chunk_len = PAGE_SIZE; | |
180 | } | |
181 | ||
182 | if (chunk_cnt > 1) { | |
183 | ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); | |
184 | if (ret) | |
185 | return ret; | |
186 | } else { | |
187 | WARN_ON(chunk_cnt != 1); | |
188 | sg_init_table(prealloc_sg, 1); | |
189 | sgt->sgl = prealloc_sg; | |
190 | sgt->nents = sgt->orig_nents = 1; | |
191 | } | |
192 | ||
193 | for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { | |
194 | struct page *page; | |
195 | unsigned int len = min(chunk_len - off, buf_len); | |
196 | ||
197 | if (is_vmalloc) | |
198 | page = vmalloc_to_page(buf); | |
199 | else | |
200 | page = virt_to_page(buf); | |
201 | ||
202 | sg_set_page(sg, page, len, off); | |
203 | ||
204 | off = 0; | |
205 | buf += len; | |
206 | buf_len -= len; | |
207 | } | |
208 | WARN_ON(buf_len != 0); | |
209 | ||
210 | return 0; | |
211 | } | |
212 | ||
213 | static void teardown_sgtable(struct sg_table *sgt) | |
214 | { | |
215 | if (sgt->orig_nents > 1) | |
216 | sg_free_table(sgt); | |
217 | } | |
218 | ||
a45f795c ID |
219 | static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt, |
220 | void *buf, int buf_len, int in_len, int *pout_len) | |
221 | { | |
69d6302b | 222 | SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm); |
a45f795c ID |
223 | struct sg_table sgt; |
224 | struct scatterlist prealloc_sg; | |
124f930b | 225 | char iv[AES_BLOCK_SIZE] __aligned(8); |
a45f795c ID |
226 | int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1)); |
227 | int crypt_len = encrypt ? in_len + pad_byte : in_len; | |
228 | int ret; | |
229 | ||
a45f795c ID |
230 | WARN_ON(crypt_len > buf_len); |
231 | if (encrypt) | |
232 | memset(buf + in_len, pad_byte, pad_byte); | |
233 | ret = setup_sgtable(&sgt, &prealloc_sg, buf, crypt_len); | |
234 | if (ret) | |
7af3ea18 | 235 | return ret; |
a45f795c | 236 | |
a45f795c | 237 | memcpy(iv, aes_iv, AES_BLOCK_SIZE); |
69d6302b | 238 | skcipher_request_set_sync_tfm(req, key->tfm); |
a45f795c ID |
239 | skcipher_request_set_callback(req, 0, NULL, NULL); |
240 | skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv); | |
241 | ||
242 | /* | |
243 | print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1, | |
244 | key->key, key->len, 1); | |
245 | print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1, | |
246 | buf, crypt_len, 1); | |
247 | */ | |
248 | if (encrypt) | |
249 | ret = crypto_skcipher_encrypt(req); | |
250 | else | |
251 | ret = crypto_skcipher_decrypt(req); | |
252 | skcipher_request_zero(req); | |
253 | if (ret) { | |
254 | pr_err("%s %scrypt failed: %d\n", __func__, | |
255 | encrypt ? "en" : "de", ret); | |
256 | goto out_sgt; | |
257 | } | |
258 | /* | |
259 | print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1, | |
260 | buf, crypt_len, 1); | |
261 | */ | |
262 | ||
263 | if (encrypt) { | |
264 | *pout_len = crypt_len; | |
265 | } else { | |
266 | pad_byte = *(char *)(buf + in_len - 1); | |
267 | if (pad_byte > 0 && pad_byte <= AES_BLOCK_SIZE && | |
268 | in_len >= pad_byte) { | |
269 | *pout_len = in_len - pad_byte; | |
270 | } else { | |
271 | pr_err("%s got bad padding %d on in_len %d\n", | |
272 | __func__, pad_byte, in_len); | |
273 | ret = -EPERM; | |
274 | goto out_sgt; | |
275 | } | |
276 | } | |
277 | ||
278 | out_sgt: | |
279 | teardown_sgtable(&sgt); | |
a45f795c ID |
280 | return ret; |
281 | } | |
282 | ||
283 | int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt, | |
284 | void *buf, int buf_len, int in_len, int *pout_len) | |
285 | { | |
286 | switch (key->type) { | |
287 | case CEPH_CRYPTO_NONE: | |
288 | *pout_len = in_len; | |
289 | return 0; | |
290 | case CEPH_CRYPTO_AES: | |
291 | return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len, | |
292 | pout_len); | |
293 | default: | |
294 | return -ENOTSUPP; | |
295 | } | |
296 | } | |
297 | ||
efa64c09 | 298 | static int ceph_key_preparse(struct key_preparsed_payload *prep) |
4b2a58ab TV |
299 | { |
300 | struct ceph_crypto_key *ckey; | |
cf7f601c | 301 | size_t datalen = prep->datalen; |
4b2a58ab TV |
302 | int ret; |
303 | void *p; | |
304 | ||
305 | ret = -EINVAL; | |
cf7f601c | 306 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
4b2a58ab TV |
307 | goto err; |
308 | ||
4b2a58ab TV |
309 | ret = -ENOMEM; |
310 | ckey = kmalloc(sizeof(*ckey), GFP_KERNEL); | |
311 | if (!ckey) | |
312 | goto err; | |
313 | ||
314 | /* TODO ceph_crypto_key_decode should really take const input */ | |
cf7f601c DH |
315 | p = (void *)prep->data; |
316 | ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen); | |
4b2a58ab TV |
317 | if (ret < 0) |
318 | goto err_ckey; | |
319 | ||
146aa8b1 | 320 | prep->payload.data[0] = ckey; |
efa64c09 | 321 | prep->quotalen = datalen; |
4b2a58ab TV |
322 | return 0; |
323 | ||
324 | err_ckey: | |
325 | kfree(ckey); | |
326 | err: | |
327 | return ret; | |
328 | } | |
329 | ||
efa64c09 DH |
330 | static void ceph_key_free_preparse(struct key_preparsed_payload *prep) |
331 | { | |
146aa8b1 | 332 | struct ceph_crypto_key *ckey = prep->payload.data[0]; |
efa64c09 DH |
333 | ceph_crypto_key_destroy(ckey); |
334 | kfree(ckey); | |
335 | } | |
336 | ||
efa64c09 DH |
337 | static void ceph_key_destroy(struct key *key) |
338 | { | |
146aa8b1 | 339 | struct ceph_crypto_key *ckey = key->payload.data[0]; |
4b2a58ab TV |
340 | |
341 | ceph_crypto_key_destroy(ckey); | |
f0666b1a | 342 | kfree(ckey); |
4b2a58ab TV |
343 | } |
344 | ||
345 | struct key_type key_type_ceph = { | |
346 | .name = "ceph", | |
efa64c09 DH |
347 | .preparse = ceph_key_preparse, |
348 | .free_preparse = ceph_key_free_preparse, | |
349 | .instantiate = generic_key_instantiate, | |
4b2a58ab TV |
350 | .destroy = ceph_key_destroy, |
351 | }; | |
352 | ||
57a35dfb CX |
353 | int __init ceph_crypto_init(void) |
354 | { | |
4b2a58ab TV |
355 | return register_key_type(&key_type_ceph); |
356 | } | |
357 | ||
57a35dfb CX |
358 | void ceph_crypto_shutdown(void) |
359 | { | |
4b2a58ab TV |
360 | unregister_key_type(&key_type_ceph); |
361 | } |