Commit | Line | Data |
---|---|---|
b886d83c | 1 | // SPDX-License-Identifier: GPL-2.0-only |
7e70cb49 MZ |
2 | /* |
3 | * Copyright (C) 2010 IBM Corporation | |
4e561d38 | 4 | * Copyright (C) 2010 Politecnico di Torino, Italy |
c9fecf50 | 5 | * TORSEC group -- https://security.polito.it |
7e70cb49 | 6 | * |
4e561d38 | 7 | * Authors: |
7e70cb49 | 8 | * Mimi Zohar <zohar@us.ibm.com> |
4e561d38 | 9 | * Roberto Sassu <roberto.sassu@polito.it> |
7e70cb49 | 10 | * |
5395d312 | 11 | * See Documentation/security/keys/trusted-encrypted.rst |
7e70cb49 MZ |
12 | */ |
13 | ||
14 | #include <linux/uaccess.h> | |
15 | #include <linux/module.h> | |
16 | #include <linux/init.h> | |
17 | #include <linux/slab.h> | |
18 | #include <linux/parser.h> | |
19 | #include <linux/string.h> | |
93ae86e7 | 20 | #include <linux/err.h> |
7e70cb49 MZ |
21 | #include <keys/user-type.h> |
22 | #include <keys/trusted-type.h> | |
23 | #include <keys/encrypted-type.h> | |
24 | #include <linux/key-type.h> | |
25 | #include <linux/random.h> | |
26 | #include <linux/rcupdate.h> | |
27 | #include <linux/scatterlist.h> | |
79a73d18 | 28 | #include <linux/ctype.h> |
456bee98 | 29 | #include <crypto/aes.h> |
7e70cb49 | 30 | #include <crypto/hash.h> |
a24d22b2 | 31 | #include <crypto/sha2.h> |
c3917fd9 | 32 | #include <crypto/skcipher.h> |
fb3bc06a | 33 | #include <crypto/utils.h> |
7e70cb49 | 34 | |
b9703449 | 35 | #include "encrypted.h" |
79a73d18 | 36 | #include "ecryptfs_format.h" |
7e70cb49 | 37 | |
3b1826ce MZ |
38 | static const char KEY_TRUSTED_PREFIX[] = "trusted:"; |
39 | static const char KEY_USER_PREFIX[] = "user:"; | |
7e70cb49 MZ |
40 | static const char hash_alg[] = "sha256"; |
41 | static const char hmac_alg[] = "hmac(sha256)"; | |
42 | static const char blkcipher_alg[] = "cbc(aes)"; | |
4e561d38 | 43 | static const char key_format_default[] = "default"; |
79a73d18 | 44 | static const char key_format_ecryptfs[] = "ecryptfs"; |
9db67581 | 45 | static const char key_format_enc32[] = "enc32"; |
7e70cb49 MZ |
46 | static unsigned int ivsize; |
47 | static int blksize; | |
48 | ||
3b1826ce MZ |
49 | #define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1) |
50 | #define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1) | |
79a73d18 | 51 | #define KEY_ECRYPTFS_DESC_LEN 16 |
3b1826ce MZ |
52 | #define HASH_SIZE SHA256_DIGEST_SIZE |
53 | #define MAX_DATA_SIZE 4096 | |
54 | #define MIN_DATA_SIZE 20 | |
9db67581 | 55 | #define KEY_ENC32_PAYLOAD_LEN 32 |
3b1826ce | 56 | |
64d107d3 | 57 | static struct crypto_shash *hash_tfm; |
7e70cb49 MZ |
58 | |
59 | enum { | |
107dfa2e | 60 | Opt_new, Opt_load, Opt_update, Opt_err |
7e70cb49 MZ |
61 | }; |
62 | ||
4e561d38 | 63 | enum { |
107dfa2e | 64 | Opt_default, Opt_ecryptfs, Opt_enc32, Opt_error |
4e561d38 RS |
65 | }; |
66 | ||
67 | static const match_table_t key_format_tokens = { | |
68 | {Opt_default, "default"}, | |
79a73d18 | 69 | {Opt_ecryptfs, "ecryptfs"}, |
9db67581 | 70 | {Opt_enc32, "enc32"}, |
4e561d38 RS |
71 | {Opt_error, NULL} |
72 | }; | |
73 | ||
7e70cb49 MZ |
74 | static const match_table_t key_tokens = { |
75 | {Opt_new, "new"}, | |
76 | {Opt_load, "load"}, | |
77 | {Opt_update, "update"}, | |
78 | {Opt_err, NULL} | |
79 | }; | |
80 | ||
cd3bc044 YT |
81 | static bool user_decrypted_data = IS_ENABLED(CONFIG_USER_DECRYPTED_DATA); |
82 | module_param(user_decrypted_data, bool, 0); | |
83 | MODULE_PARM_DESC(user_decrypted_data, | |
84 | "Allow instantiation of encrypted keys using provided decrypted data"); | |
85 | ||
7e70cb49 MZ |
86 | static int aes_get_sizes(void) |
87 | { | |
c3917fd9 | 88 | struct crypto_skcipher *tfm; |
7e70cb49 | 89 | |
c3917fd9 | 90 | tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); |
7e70cb49 MZ |
91 | if (IS_ERR(tfm)) { |
92 | pr_err("encrypted_key: failed to alloc_cipher (%ld)\n", | |
93 | PTR_ERR(tfm)); | |
94 | return PTR_ERR(tfm); | |
95 | } | |
c3917fd9 HX |
96 | ivsize = crypto_skcipher_ivsize(tfm); |
97 | blksize = crypto_skcipher_blocksize(tfm); | |
98 | crypto_free_skcipher(tfm); | |
7e70cb49 MZ |
99 | return 0; |
100 | } | |
101 | ||
79a73d18 RS |
102 | /* |
103 | * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key | |
104 | * | |
105 | * The description of a encrypted key with format 'ecryptfs' must contain | |
106 | * exactly 16 hexadecimal characters. | |
107 | * | |
108 | */ | |
109 | static int valid_ecryptfs_desc(const char *ecryptfs_desc) | |
110 | { | |
111 | int i; | |
112 | ||
113 | if (strlen(ecryptfs_desc) != KEY_ECRYPTFS_DESC_LEN) { | |
114 | pr_err("encrypted_key: key description must be %d hexadecimal " | |
115 | "characters long\n", KEY_ECRYPTFS_DESC_LEN); | |
116 | return -EINVAL; | |
117 | } | |
118 | ||
119 | for (i = 0; i < KEY_ECRYPTFS_DESC_LEN; i++) { | |
120 | if (!isxdigit(ecryptfs_desc[i])) { | |
121 | pr_err("encrypted_key: key description must contain " | |
122 | "only hexadecimal characters\n"); | |
123 | return -EINVAL; | |
124 | } | |
125 | } | |
126 | ||
127 | return 0; | |
128 | } | |
129 | ||
7e70cb49 MZ |
130 | /* |
131 | * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key | |
132 | * | |
08fa2aa5 | 133 | * key-type:= "trusted:" | "user:" |
7e70cb49 MZ |
134 | * desc:= master-key description |
135 | * | |
136 | * Verify that 'key-type' is valid and that 'desc' exists. On key update, | |
137 | * only the master key description is permitted to change, not the key-type. | |
138 | * The key-type remains constant. | |
139 | * | |
140 | * On success returns 0, otherwise -EINVAL. | |
141 | */ | |
142 | static int valid_master_desc(const char *new_desc, const char *orig_desc) | |
143 | { | |
794b4bc2 EB |
144 | int prefix_len; |
145 | ||
146 | if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) | |
147 | prefix_len = KEY_TRUSTED_PREFIX_LEN; | |
148 | else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) | |
149 | prefix_len = KEY_USER_PREFIX_LEN; | |
150 | else | |
151 | return -EINVAL; | |
152 | ||
153 | if (!new_desc[prefix_len]) | |
154 | return -EINVAL; | |
155 | ||
156 | if (orig_desc && strncmp(new_desc, orig_desc, prefix_len)) | |
157 | return -EINVAL; | |
158 | ||
7e70cb49 | 159 | return 0; |
7e70cb49 MZ |
160 | } |
161 | ||
162 | /* | |
163 | * datablob_parse - parse the keyctl data | |
164 | * | |
165 | * datablob format: | |
cd3bc044 | 166 | * new [<format>] <master-key name> <decrypted data length> [<decrypted data>] |
4e561d38 RS |
167 | * load [<format>] <master-key name> <decrypted data length> |
168 | * <encrypted iv + data> | |
7e70cb49 MZ |
169 | * update <new-master-key name> |
170 | * | |
171 | * Tokenizes a copy of the keyctl data, returning a pointer to each token, | |
172 | * which is null terminated. | |
173 | * | |
174 | * On success returns 0, otherwise -EINVAL. | |
175 | */ | |
4e561d38 RS |
176 | static int datablob_parse(char *datablob, const char **format, |
177 | char **master_desc, char **decrypted_datalen, | |
cd3bc044 | 178 | char **hex_encoded_iv, char **decrypted_data) |
7e70cb49 MZ |
179 | { |
180 | substring_t args[MAX_OPT_ARGS]; | |
181 | int ret = -EINVAL; | |
182 | int key_cmd; | |
4e561d38 RS |
183 | int key_format; |
184 | char *p, *keyword; | |
7e70cb49 | 185 | |
7103dff0 RS |
186 | keyword = strsep(&datablob, " \t"); |
187 | if (!keyword) { | |
188 | pr_info("encrypted_key: insufficient parameters specified\n"); | |
7e70cb49 | 189 | return ret; |
7103dff0 RS |
190 | } |
191 | key_cmd = match_token(keyword, key_tokens, args); | |
7e70cb49 | 192 | |
79a73d18 | 193 | /* Get optional format: default | ecryptfs */ |
4e561d38 RS |
194 | p = strsep(&datablob, " \t"); |
195 | if (!p) { | |
196 | pr_err("encrypted_key: insufficient parameters specified\n"); | |
197 | return ret; | |
198 | } | |
199 | ||
200 | key_format = match_token(p, key_format_tokens, args); | |
201 | switch (key_format) { | |
79a73d18 | 202 | case Opt_ecryptfs: |
9db67581 | 203 | case Opt_enc32: |
4e561d38 RS |
204 | case Opt_default: |
205 | *format = p; | |
206 | *master_desc = strsep(&datablob, " \t"); | |
207 | break; | |
208 | case Opt_error: | |
209 | *master_desc = p; | |
210 | break; | |
211 | } | |
212 | ||
7103dff0 RS |
213 | if (!*master_desc) { |
214 | pr_info("encrypted_key: master key parameter is missing\n"); | |
7e70cb49 | 215 | goto out; |
7103dff0 | 216 | } |
7e70cb49 | 217 | |
7103dff0 RS |
218 | if (valid_master_desc(*master_desc, NULL) < 0) { |
219 | pr_info("encrypted_key: master key parameter \'%s\' " | |
220 | "is invalid\n", *master_desc); | |
7e70cb49 | 221 | goto out; |
7103dff0 | 222 | } |
7e70cb49 MZ |
223 | |
224 | if (decrypted_datalen) { | |
225 | *decrypted_datalen = strsep(&datablob, " \t"); | |
7103dff0 RS |
226 | if (!*decrypted_datalen) { |
227 | pr_info("encrypted_key: keylen parameter is missing\n"); | |
7e70cb49 | 228 | goto out; |
7103dff0 | 229 | } |
7e70cb49 MZ |
230 | } |
231 | ||
232 | switch (key_cmd) { | |
233 | case Opt_new: | |
7103dff0 RS |
234 | if (!decrypted_datalen) { |
235 | pr_info("encrypted_key: keyword \'%s\' not allowed " | |
236 | "when called from .update method\n", keyword); | |
7e70cb49 | 237 | break; |
7103dff0 | 238 | } |
cd3bc044 | 239 | *decrypted_data = strsep(&datablob, " \t"); |
b4af096b CN |
240 | if (!*decrypted_data) { |
241 | pr_info("encrypted_key: decrypted_data is missing\n"); | |
242 | break; | |
243 | } | |
7e70cb49 MZ |
244 | ret = 0; |
245 | break; | |
246 | case Opt_load: | |
7103dff0 RS |
247 | if (!decrypted_datalen) { |
248 | pr_info("encrypted_key: keyword \'%s\' not allowed " | |
249 | "when called from .update method\n", keyword); | |
7e70cb49 | 250 | break; |
7103dff0 | 251 | } |
7e70cb49 | 252 | *hex_encoded_iv = strsep(&datablob, " \t"); |
7103dff0 RS |
253 | if (!*hex_encoded_iv) { |
254 | pr_info("encrypted_key: hex blob is missing\n"); | |
7e70cb49 | 255 | break; |
7103dff0 | 256 | } |
7e70cb49 MZ |
257 | ret = 0; |
258 | break; | |
259 | case Opt_update: | |
7103dff0 RS |
260 | if (decrypted_datalen) { |
261 | pr_info("encrypted_key: keyword \'%s\' not allowed " | |
262 | "when called from .instantiate method\n", | |
263 | keyword); | |
7e70cb49 | 264 | break; |
7103dff0 | 265 | } |
7e70cb49 MZ |
266 | ret = 0; |
267 | break; | |
268 | case Opt_err: | |
7103dff0 RS |
269 | pr_info("encrypted_key: keyword \'%s\' not recognized\n", |
270 | keyword); | |
7e70cb49 MZ |
271 | break; |
272 | } | |
273 | out: | |
274 | return ret; | |
275 | } | |
276 | ||
277 | /* | |
278 | * datablob_format - format as an ascii string, before copying to userspace | |
279 | */ | |
280 | static char *datablob_format(struct encrypted_key_payload *epayload, | |
281 | size_t asciiblob_len) | |
282 | { | |
283 | char *ascii_buf, *bufp; | |
284 | u8 *iv = epayload->iv; | |
285 | int len; | |
286 | int i; | |
287 | ||
288 | ascii_buf = kmalloc(asciiblob_len + 1, GFP_KERNEL); | |
289 | if (!ascii_buf) | |
290 | goto out; | |
291 | ||
292 | ascii_buf[asciiblob_len] = '\0'; | |
293 | ||
294 | /* copy datablob master_desc and datalen strings */ | |
4e561d38 RS |
295 | len = sprintf(ascii_buf, "%s %s %s ", epayload->format, |
296 | epayload->master_desc, epayload->datalen); | |
7e70cb49 MZ |
297 | |
298 | /* convert the hex encoded iv, encrypted-data and HMAC to ascii */ | |
299 | bufp = &ascii_buf[len]; | |
300 | for (i = 0; i < (asciiblob_len - len) / 2; i++) | |
02473119 | 301 | bufp = hex_byte_pack(bufp, iv[i]); |
7e70cb49 MZ |
302 | out: |
303 | return ascii_buf; | |
304 | } | |
305 | ||
7e70cb49 MZ |
306 | /* |
307 | * request_user_key - request the user key | |
308 | * | |
309 | * Use a user provided key to encrypt/decrypt an encrypted-key. | |
310 | */ | |
146aa8b1 | 311 | static struct key *request_user_key(const char *master_desc, const u8 **master_key, |
3b1826ce | 312 | size_t *master_keylen) |
7e70cb49 | 313 | { |
146aa8b1 | 314 | const struct user_key_payload *upayload; |
7e70cb49 MZ |
315 | struct key *ukey; |
316 | ||
028db3e2 | 317 | ukey = request_key(&key_type_user, master_desc, NULL); |
7e70cb49 MZ |
318 | if (IS_ERR(ukey)) |
319 | goto error; | |
320 | ||
321 | down_read(&ukey->sem); | |
0837e49a | 322 | upayload = user_key_payload_locked(ukey); |
13923d08 EB |
323 | if (!upayload) { |
324 | /* key was revoked before we acquired its semaphore */ | |
325 | up_read(&ukey->sem); | |
326 | key_put(ukey); | |
327 | ukey = ERR_PTR(-EKEYREVOKED); | |
328 | goto error; | |
329 | } | |
7e70cb49 MZ |
330 | *master_key = upayload->data; |
331 | *master_keylen = upayload->datalen; | |
332 | error: | |
333 | return ukey; | |
334 | } | |
335 | ||
64d107d3 EB |
336 | static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen, |
337 | const u8 *buf, unsigned int buflen) | |
7e70cb49 | 338 | { |
64d107d3 EB |
339 | struct crypto_shash *tfm; |
340 | int err; | |
7e70cb49 | 341 | |
3d234b33 | 342 | tfm = crypto_alloc_shash(hmac_alg, 0, 0); |
64d107d3 EB |
343 | if (IS_ERR(tfm)) { |
344 | pr_err("encrypted_key: can't alloc %s transform: %ld\n", | |
345 | hmac_alg, PTR_ERR(tfm)); | |
346 | return PTR_ERR(tfm); | |
7e70cb49 MZ |
347 | } |
348 | ||
64d107d3 EB |
349 | err = crypto_shash_setkey(tfm, key, keylen); |
350 | if (!err) | |
bce395ee | 351 | err = crypto_shash_tfm_digest(tfm, buf, buflen, digest); |
64d107d3 EB |
352 | crypto_free_shash(tfm); |
353 | return err; | |
7e70cb49 MZ |
354 | } |
355 | ||
356 | enum derived_key_type { ENC_KEY, AUTH_KEY }; | |
357 | ||
358 | /* Derive authentication/encryption key from trusted key */ | |
359 | static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, | |
3b1826ce | 360 | const u8 *master_key, size_t master_keylen) |
7e70cb49 MZ |
361 | { |
362 | u8 *derived_buf; | |
363 | unsigned int derived_buf_len; | |
364 | int ret; | |
365 | ||
366 | derived_buf_len = strlen("AUTH_KEY") + 1 + master_keylen; | |
367 | if (derived_buf_len < HASH_SIZE) | |
368 | derived_buf_len = HASH_SIZE; | |
369 | ||
370 | derived_buf = kzalloc(derived_buf_len, GFP_KERNEL); | |
41f1c53e | 371 | if (!derived_buf) |
7e70cb49 | 372 | return -ENOMEM; |
41f1c53e | 373 | |
7e70cb49 MZ |
374 | if (key_type) |
375 | strcpy(derived_buf, "AUTH_KEY"); | |
376 | else | |
377 | strcpy(derived_buf, "ENC_KEY"); | |
378 | ||
379 | memcpy(derived_buf + strlen(derived_buf) + 1, master_key, | |
380 | master_keylen); | |
bce395ee EB |
381 | ret = crypto_shash_tfm_digest(hash_tfm, derived_buf, derived_buf_len, |
382 | derived_key); | |
453431a5 | 383 | kfree_sensitive(derived_buf); |
7e70cb49 MZ |
384 | return ret; |
385 | } | |
386 | ||
c3917fd9 HX |
387 | static struct skcipher_request *init_skcipher_req(const u8 *key, |
388 | unsigned int key_len) | |
7e70cb49 | 389 | { |
c3917fd9 HX |
390 | struct skcipher_request *req; |
391 | struct crypto_skcipher *tfm; | |
7e70cb49 MZ |
392 | int ret; |
393 | ||
c3917fd9 HX |
394 | tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); |
395 | if (IS_ERR(tfm)) { | |
7e70cb49 | 396 | pr_err("encrypted_key: failed to load %s transform (%ld)\n", |
c3917fd9 HX |
397 | blkcipher_alg, PTR_ERR(tfm)); |
398 | return ERR_CAST(tfm); | |
7e70cb49 | 399 | } |
7e70cb49 | 400 | |
c3917fd9 | 401 | ret = crypto_skcipher_setkey(tfm, key, key_len); |
7e70cb49 MZ |
402 | if (ret < 0) { |
403 | pr_err("encrypted_key: failed to setkey (%d)\n", ret); | |
c3917fd9 HX |
404 | crypto_free_skcipher(tfm); |
405 | return ERR_PTR(ret); | |
7e70cb49 | 406 | } |
c3917fd9 HX |
407 | |
408 | req = skcipher_request_alloc(tfm, GFP_KERNEL); | |
409 | if (!req) { | |
410 | pr_err("encrypted_key: failed to allocate request for %s\n", | |
411 | blkcipher_alg); | |
412 | crypto_free_skcipher(tfm); | |
413 | return ERR_PTR(-ENOMEM); | |
414 | } | |
415 | ||
416 | skcipher_request_set_callback(req, 0, NULL, NULL); | |
417 | return req; | |
7e70cb49 MZ |
418 | } |
419 | ||
420 | static struct key *request_master_key(struct encrypted_key_payload *epayload, | |
146aa8b1 | 421 | const u8 **master_key, size_t *master_keylen) |
7e70cb49 | 422 | { |
57cb17e7 | 423 | struct key *mkey = ERR_PTR(-EINVAL); |
7e70cb49 MZ |
424 | |
425 | if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX, | |
426 | KEY_TRUSTED_PREFIX_LEN)) { | |
427 | mkey = request_trusted_key(epayload->master_desc + | |
428 | KEY_TRUSTED_PREFIX_LEN, | |
429 | master_key, master_keylen); | |
430 | } else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX, | |
431 | KEY_USER_PREFIX_LEN)) { | |
432 | mkey = request_user_key(epayload->master_desc + | |
433 | KEY_USER_PREFIX_LEN, | |
434 | master_key, master_keylen); | |
435 | } else | |
436 | goto out; | |
437 | ||
f91c2c5c | 438 | if (IS_ERR(mkey)) { |
f4a0d5ab | 439 | int ret = PTR_ERR(mkey); |
982e617a MZ |
440 | |
441 | if (ret == -ENOTSUPP) | |
442 | pr_info("encrypted_key: key %s not supported", | |
443 | epayload->master_desc); | |
444 | else | |
445 | pr_info("encrypted_key: key %s not found", | |
446 | epayload->master_desc); | |
f91c2c5c RS |
447 | goto out; |
448 | } | |
449 | ||
450 | dump_master_key(*master_key, *master_keylen); | |
7e70cb49 MZ |
451 | out: |
452 | return mkey; | |
453 | } | |
454 | ||
455 | /* Before returning data to userspace, encrypt decrypted data. */ | |
456 | static int derived_key_encrypt(struct encrypted_key_payload *epayload, | |
457 | const u8 *derived_key, | |
3b1826ce | 458 | unsigned int derived_keylen) |
7e70cb49 MZ |
459 | { |
460 | struct scatterlist sg_in[2]; | |
461 | struct scatterlist sg_out[1]; | |
c3917fd9 HX |
462 | struct crypto_skcipher *tfm; |
463 | struct skcipher_request *req; | |
7e70cb49 | 464 | unsigned int encrypted_datalen; |
456bee98 | 465 | u8 iv[AES_BLOCK_SIZE]; |
7e70cb49 MZ |
466 | int ret; |
467 | ||
468 | encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); | |
7e70cb49 | 469 | |
c3917fd9 HX |
470 | req = init_skcipher_req(derived_key, derived_keylen); |
471 | ret = PTR_ERR(req); | |
472 | if (IS_ERR(req)) | |
7e70cb49 MZ |
473 | goto out; |
474 | dump_decrypted_data(epayload); | |
475 | ||
7e70cb49 MZ |
476 | sg_init_table(sg_in, 2); |
477 | sg_set_buf(&sg_in[0], epayload->decrypted_data, | |
478 | epayload->decrypted_datalen); | |
e9ff56ac | 479 | sg_set_page(&sg_in[1], ZERO_PAGE(0), AES_BLOCK_SIZE, 0); |
7e70cb49 MZ |
480 | |
481 | sg_init_table(sg_out, 1); | |
482 | sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen); | |
483 | ||
456bee98 HX |
484 | memcpy(iv, epayload->iv, sizeof(iv)); |
485 | skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv); | |
c3917fd9 HX |
486 | ret = crypto_skcipher_encrypt(req); |
487 | tfm = crypto_skcipher_reqtfm(req); | |
488 | skcipher_request_free(req); | |
489 | crypto_free_skcipher(tfm); | |
7e70cb49 MZ |
490 | if (ret < 0) |
491 | pr_err("encrypted_key: failed to encrypt (%d)\n", ret); | |
492 | else | |
493 | dump_encrypted_data(epayload, encrypted_datalen); | |
494 | out: | |
495 | return ret; | |
496 | } | |
497 | ||
498 | static int datablob_hmac_append(struct encrypted_key_payload *epayload, | |
3b1826ce | 499 | const u8 *master_key, size_t master_keylen) |
7e70cb49 MZ |
500 | { |
501 | u8 derived_key[HASH_SIZE]; | |
502 | u8 *digest; | |
503 | int ret; | |
504 | ||
505 | ret = get_derived_key(derived_key, AUTH_KEY, master_key, master_keylen); | |
506 | if (ret < 0) | |
507 | goto out; | |
508 | ||
4e561d38 | 509 | digest = epayload->format + epayload->datablob_len; |
7e70cb49 | 510 | ret = calc_hmac(digest, derived_key, sizeof derived_key, |
4e561d38 | 511 | epayload->format, epayload->datablob_len); |
7e70cb49 MZ |
512 | if (!ret) |
513 | dump_hmac(NULL, digest, HASH_SIZE); | |
514 | out: | |
a9dd74b2 | 515 | memzero_explicit(derived_key, sizeof(derived_key)); |
7e70cb49 MZ |
516 | return ret; |
517 | } | |
518 | ||
519 | /* verify HMAC before decrypting encrypted key */ | |
520 | static int datablob_hmac_verify(struct encrypted_key_payload *epayload, | |
4e561d38 RS |
521 | const u8 *format, const u8 *master_key, |
522 | size_t master_keylen) | |
7e70cb49 MZ |
523 | { |
524 | u8 derived_key[HASH_SIZE]; | |
525 | u8 digest[HASH_SIZE]; | |
526 | int ret; | |
4e561d38 RS |
527 | char *p; |
528 | unsigned short len; | |
7e70cb49 MZ |
529 | |
530 | ret = get_derived_key(derived_key, AUTH_KEY, master_key, master_keylen); | |
531 | if (ret < 0) | |
532 | goto out; | |
533 | ||
4e561d38 RS |
534 | len = epayload->datablob_len; |
535 | if (!format) { | |
536 | p = epayload->master_desc; | |
537 | len -= strlen(epayload->format) + 1; | |
538 | } else | |
539 | p = epayload->format; | |
540 | ||
541 | ret = calc_hmac(digest, derived_key, sizeof derived_key, p, len); | |
7e70cb49 MZ |
542 | if (ret < 0) |
543 | goto out; | |
0f534e4a EB |
544 | ret = crypto_memneq(digest, epayload->format + epayload->datablob_len, |
545 | sizeof(digest)); | |
7e70cb49 MZ |
546 | if (ret) { |
547 | ret = -EINVAL; | |
548 | dump_hmac("datablob", | |
4e561d38 | 549 | epayload->format + epayload->datablob_len, |
7e70cb49 MZ |
550 | HASH_SIZE); |
551 | dump_hmac("calc", digest, HASH_SIZE); | |
552 | } | |
553 | out: | |
a9dd74b2 | 554 | memzero_explicit(derived_key, sizeof(derived_key)); |
7e70cb49 MZ |
555 | return ret; |
556 | } | |
557 | ||
558 | static int derived_key_decrypt(struct encrypted_key_payload *epayload, | |
559 | const u8 *derived_key, | |
3b1826ce | 560 | unsigned int derived_keylen) |
7e70cb49 MZ |
561 | { |
562 | struct scatterlist sg_in[1]; | |
563 | struct scatterlist sg_out[2]; | |
c3917fd9 HX |
564 | struct crypto_skcipher *tfm; |
565 | struct skcipher_request *req; | |
7e70cb49 | 566 | unsigned int encrypted_datalen; |
456bee98 | 567 | u8 iv[AES_BLOCK_SIZE]; |
e9ff56ac | 568 | u8 *pad; |
7e70cb49 MZ |
569 | int ret; |
570 | ||
e9ff56ac EB |
571 | /* Throwaway buffer to hold the unused zero padding at the end */ |
572 | pad = kmalloc(AES_BLOCK_SIZE, GFP_KERNEL); | |
573 | if (!pad) | |
574 | return -ENOMEM; | |
575 | ||
7e70cb49 | 576 | encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); |
c3917fd9 HX |
577 | req = init_skcipher_req(derived_key, derived_keylen); |
578 | ret = PTR_ERR(req); | |
579 | if (IS_ERR(req)) | |
7e70cb49 MZ |
580 | goto out; |
581 | dump_encrypted_data(epayload, encrypted_datalen); | |
582 | ||
7e70cb49 MZ |
583 | sg_init_table(sg_in, 1); |
584 | sg_init_table(sg_out, 2); | |
585 | sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen); | |
586 | sg_set_buf(&sg_out[0], epayload->decrypted_data, | |
3b1826ce | 587 | epayload->decrypted_datalen); |
e9ff56ac | 588 | sg_set_buf(&sg_out[1], pad, AES_BLOCK_SIZE); |
7e70cb49 | 589 | |
456bee98 HX |
590 | memcpy(iv, epayload->iv, sizeof(iv)); |
591 | skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv); | |
c3917fd9 HX |
592 | ret = crypto_skcipher_decrypt(req); |
593 | tfm = crypto_skcipher_reqtfm(req); | |
594 | skcipher_request_free(req); | |
595 | crypto_free_skcipher(tfm); | |
7e70cb49 MZ |
596 | if (ret < 0) |
597 | goto out; | |
598 | dump_decrypted_data(epayload); | |
599 | out: | |
e9ff56ac | 600 | kfree(pad); |
7e70cb49 MZ |
601 | return ret; |
602 | } | |
603 | ||
604 | /* Allocate memory for decrypted key and datablob. */ | |
605 | static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, | |
4e561d38 | 606 | const char *format, |
7e70cb49 | 607 | const char *master_desc, |
cd3bc044 YT |
608 | const char *datalen, |
609 | const char *decrypted_data) | |
7e70cb49 MZ |
610 | { |
611 | struct encrypted_key_payload *epayload = NULL; | |
612 | unsigned short datablob_len; | |
613 | unsigned short decrypted_datalen; | |
4e561d38 | 614 | unsigned short payload_datalen; |
7e70cb49 | 615 | unsigned int encrypted_datalen; |
4e561d38 | 616 | unsigned int format_len; |
7e70cb49 | 617 | long dlen; |
cd3bc044 | 618 | int i; |
7e70cb49 MZ |
619 | int ret; |
620 | ||
29707b20 | 621 | ret = kstrtol(datalen, 10, &dlen); |
7e70cb49 MZ |
622 | if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE) |
623 | return ERR_PTR(-EINVAL); | |
624 | ||
4e561d38 | 625 | format_len = (!format) ? strlen(key_format_default) : strlen(format); |
7e70cb49 | 626 | decrypted_datalen = dlen; |
4e561d38 | 627 | payload_datalen = decrypted_datalen; |
cd3bc044 YT |
628 | |
629 | if (decrypted_data) { | |
630 | if (!user_decrypted_data) { | |
631 | pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n"); | |
632 | return ERR_PTR(-EINVAL); | |
633 | } | |
5adedd42 | 634 | if (strlen(decrypted_data) != decrypted_datalen * 2) { |
cd3bc044 YT |
635 | pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n"); |
636 | return ERR_PTR(-EINVAL); | |
637 | } | |
638 | for (i = 0; i < strlen(decrypted_data); i++) { | |
639 | if (!isxdigit(decrypted_data[i])) { | |
640 | pr_err("encrypted key: decrypted data provided must contain only hexadecimal characters\n"); | |
641 | return ERR_PTR(-EINVAL); | |
642 | } | |
643 | } | |
644 | } | |
645 | ||
9db67581 DJ |
646 | if (format) { |
647 | if (!strcmp(format, key_format_ecryptfs)) { | |
648 | if (dlen != ECRYPTFS_MAX_KEY_BYTES) { | |
649 | pr_err("encrypted_key: keylen for the ecryptfs format must be equal to %d bytes\n", | |
650 | ECRYPTFS_MAX_KEY_BYTES); | |
651 | return ERR_PTR(-EINVAL); | |
652 | } | |
653 | decrypted_datalen = ECRYPTFS_MAX_KEY_BYTES; | |
654 | payload_datalen = sizeof(struct ecryptfs_auth_tok); | |
655 | } else if (!strcmp(format, key_format_enc32)) { | |
656 | if (decrypted_datalen != KEY_ENC32_PAYLOAD_LEN) { | |
657 | pr_err("encrypted_key: enc32 key payload incorrect length: %d\n", | |
658 | decrypted_datalen); | |
659 | return ERR_PTR(-EINVAL); | |
660 | } | |
79a73d18 | 661 | } |
79a73d18 RS |
662 | } |
663 | ||
7e70cb49 MZ |
664 | encrypted_datalen = roundup(decrypted_datalen, blksize); |
665 | ||
4e561d38 RS |
666 | datablob_len = format_len + 1 + strlen(master_desc) + 1 |
667 | + strlen(datalen) + 1 + ivsize + 1 + encrypted_datalen; | |
7e70cb49 | 668 | |
4e561d38 | 669 | ret = key_payload_reserve(key, payload_datalen + datablob_len |
7e70cb49 MZ |
670 | + HASH_SIZE + 1); |
671 | if (ret < 0) | |
672 | return ERR_PTR(ret); | |
673 | ||
4e561d38 | 674 | epayload = kzalloc(sizeof(*epayload) + payload_datalen + |
7e70cb49 MZ |
675 | datablob_len + HASH_SIZE + 1, GFP_KERNEL); |
676 | if (!epayload) | |
677 | return ERR_PTR(-ENOMEM); | |
678 | ||
4e561d38 | 679 | epayload->payload_datalen = payload_datalen; |
7e70cb49 MZ |
680 | epayload->decrypted_datalen = decrypted_datalen; |
681 | epayload->datablob_len = datablob_len; | |
682 | return epayload; | |
683 | } | |
684 | ||
685 | static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, | |
4e561d38 | 686 | const char *format, const char *hex_encoded_iv) |
7e70cb49 MZ |
687 | { |
688 | struct key *mkey; | |
689 | u8 derived_key[HASH_SIZE]; | |
146aa8b1 | 690 | const u8 *master_key; |
7e70cb49 | 691 | u8 *hmac; |
1f35065a | 692 | const char *hex_encoded_data; |
7e70cb49 | 693 | unsigned int encrypted_datalen; |
3b1826ce | 694 | size_t master_keylen; |
1f35065a | 695 | size_t asciilen; |
7e70cb49 MZ |
696 | int ret; |
697 | ||
698 | encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); | |
1f35065a MZ |
699 | asciilen = (ivsize + 1 + encrypted_datalen + HASH_SIZE) * 2; |
700 | if (strlen(hex_encoded_iv) != asciilen) | |
701 | return -EINVAL; | |
702 | ||
703 | hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2; | |
2b3ff631 MZ |
704 | ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize); |
705 | if (ret < 0) | |
706 | return -EINVAL; | |
707 | ret = hex2bin(epayload->encrypted_data, hex_encoded_data, | |
708 | encrypted_datalen); | |
709 | if (ret < 0) | |
710 | return -EINVAL; | |
7e70cb49 | 711 | |
4e561d38 | 712 | hmac = epayload->format + epayload->datablob_len; |
2b3ff631 MZ |
713 | ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), |
714 | HASH_SIZE); | |
715 | if (ret < 0) | |
716 | return -EINVAL; | |
7e70cb49 MZ |
717 | |
718 | mkey = request_master_key(epayload, &master_key, &master_keylen); | |
719 | if (IS_ERR(mkey)) | |
720 | return PTR_ERR(mkey); | |
721 | ||
4e561d38 | 722 | ret = datablob_hmac_verify(epayload, format, master_key, master_keylen); |
7e70cb49 MZ |
723 | if (ret < 0) { |
724 | pr_err("encrypted_key: bad hmac (%d)\n", ret); | |
725 | goto out; | |
726 | } | |
727 | ||
728 | ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen); | |
729 | if (ret < 0) | |
730 | goto out; | |
731 | ||
732 | ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key); | |
733 | if (ret < 0) | |
734 | pr_err("encrypted_key: failed to decrypt key (%d)\n", ret); | |
735 | out: | |
736 | up_read(&mkey->sem); | |
737 | key_put(mkey); | |
a9dd74b2 | 738 | memzero_explicit(derived_key, sizeof(derived_key)); |
7e70cb49 MZ |
739 | return ret; |
740 | } | |
741 | ||
742 | static void __ekey_init(struct encrypted_key_payload *epayload, | |
4e561d38 RS |
743 | const char *format, const char *master_desc, |
744 | const char *datalen) | |
7e70cb49 | 745 | { |
4e561d38 RS |
746 | unsigned int format_len; |
747 | ||
748 | format_len = (!format) ? strlen(key_format_default) : strlen(format); | |
749 | epayload->format = epayload->payload_data + epayload->payload_datalen; | |
750 | epayload->master_desc = epayload->format + format_len + 1; | |
7e70cb49 MZ |
751 | epayload->datalen = epayload->master_desc + strlen(master_desc) + 1; |
752 | epayload->iv = epayload->datalen + strlen(datalen) + 1; | |
753 | epayload->encrypted_data = epayload->iv + ivsize + 1; | |
4e561d38 | 754 | epayload->decrypted_data = epayload->payload_data; |
7e70cb49 | 755 | |
4e561d38 RS |
756 | if (!format) |
757 | memcpy(epayload->format, key_format_default, format_len); | |
79a73d18 RS |
758 | else { |
759 | if (!strcmp(format, key_format_ecryptfs)) | |
760 | epayload->decrypted_data = | |
761 | ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok *)epayload->payload_data); | |
762 | ||
4e561d38 | 763 | memcpy(epayload->format, format, format_len); |
79a73d18 RS |
764 | } |
765 | ||
7e70cb49 MZ |
766 | memcpy(epayload->master_desc, master_desc, strlen(master_desc)); |
767 | memcpy(epayload->datalen, datalen, strlen(datalen)); | |
768 | } | |
769 | ||
770 | /* | |
771 | * encrypted_init - initialize an encrypted key | |
772 | * | |
cd3bc044 YT |
773 | * For a new key, use either a random number or user-provided decrypted data in |
774 | * case it is provided. A random number is used for the iv in both cases. For | |
775 | * an old key, decrypt the hex encoded data. | |
7e70cb49 MZ |
776 | */ |
777 | static int encrypted_init(struct encrypted_key_payload *epayload, | |
79a73d18 RS |
778 | const char *key_desc, const char *format, |
779 | const char *master_desc, const char *datalen, | |
cd3bc044 | 780 | const char *hex_encoded_iv, const char *decrypted_data) |
7e70cb49 MZ |
781 | { |
782 | int ret = 0; | |
783 | ||
79a73d18 RS |
784 | if (format && !strcmp(format, key_format_ecryptfs)) { |
785 | ret = valid_ecryptfs_desc(key_desc); | |
786 | if (ret < 0) | |
787 | return ret; | |
788 | ||
789 | ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok *)epayload->payload_data, | |
790 | key_desc); | |
791 | } | |
792 | ||
4e561d38 | 793 | __ekey_init(epayload, format, master_desc, datalen); |
cd3bc044 | 794 | if (hex_encoded_iv) { |
4e561d38 | 795 | ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv); |
cd3bc044 YT |
796 | } else if (decrypted_data) { |
797 | get_random_bytes(epayload->iv, ivsize); | |
5adedd42 NV |
798 | ret = hex2bin(epayload->decrypted_data, decrypted_data, |
799 | epayload->decrypted_datalen); | |
cd3bc044 YT |
800 | } else { |
801 | get_random_bytes(epayload->iv, ivsize); | |
802 | get_random_bytes(epayload->decrypted_data, epayload->decrypted_datalen); | |
803 | } | |
7e70cb49 MZ |
804 | return ret; |
805 | } | |
806 | ||
807 | /* | |
808 | * encrypted_instantiate - instantiate an encrypted key | |
809 | * | |
cd3bc044 YT |
810 | * Instantiates the key: |
811 | * - by decrypting an existing encrypted datablob, or | |
812 | * - by creating a new encrypted key based on a kernel random number, or | |
813 | * - using provided decrypted data. | |
7e70cb49 MZ |
814 | * |
815 | * On success, return 0. Otherwise return errno. | |
816 | */ | |
cf7f601c DH |
817 | static int encrypted_instantiate(struct key *key, |
818 | struct key_preparsed_payload *prep) | |
7e70cb49 MZ |
819 | { |
820 | struct encrypted_key_payload *epayload = NULL; | |
821 | char *datablob = NULL; | |
4e561d38 | 822 | const char *format = NULL; |
7e70cb49 MZ |
823 | char *master_desc = NULL; |
824 | char *decrypted_datalen = NULL; | |
825 | char *hex_encoded_iv = NULL; | |
cd3bc044 | 826 | char *decrypted_data = NULL; |
cf7f601c | 827 | size_t datalen = prep->datalen; |
7e70cb49 MZ |
828 | int ret; |
829 | ||
cf7f601c | 830 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
7e70cb49 MZ |
831 | return -EINVAL; |
832 | ||
833 | datablob = kmalloc(datalen + 1, GFP_KERNEL); | |
834 | if (!datablob) | |
835 | return -ENOMEM; | |
836 | datablob[datalen] = 0; | |
cf7f601c | 837 | memcpy(datablob, prep->data, datalen); |
4e561d38 | 838 | ret = datablob_parse(datablob, &format, &master_desc, |
cd3bc044 | 839 | &decrypted_datalen, &hex_encoded_iv, &decrypted_data); |
7e70cb49 MZ |
840 | if (ret < 0) |
841 | goto out; | |
842 | ||
4e561d38 | 843 | epayload = encrypted_key_alloc(key, format, master_desc, |
cd3bc044 | 844 | decrypted_datalen, decrypted_data); |
7e70cb49 MZ |
845 | if (IS_ERR(epayload)) { |
846 | ret = PTR_ERR(epayload); | |
847 | goto out; | |
848 | } | |
79a73d18 | 849 | ret = encrypted_init(epayload, key->description, format, master_desc, |
cd3bc044 | 850 | decrypted_datalen, hex_encoded_iv, decrypted_data); |
7e70cb49 | 851 | if (ret < 0) { |
453431a5 | 852 | kfree_sensitive(epayload); |
7e70cb49 MZ |
853 | goto out; |
854 | } | |
855 | ||
b64cc5fb | 856 | rcu_assign_keypointer(key, epayload); |
7e70cb49 | 857 | out: |
453431a5 | 858 | kfree_sensitive(datablob); |
7e70cb49 MZ |
859 | return ret; |
860 | } | |
861 | ||
862 | static void encrypted_rcu_free(struct rcu_head *rcu) | |
863 | { | |
864 | struct encrypted_key_payload *epayload; | |
865 | ||
866 | epayload = container_of(rcu, struct encrypted_key_payload, rcu); | |
453431a5 | 867 | kfree_sensitive(epayload); |
7e70cb49 MZ |
868 | } |
869 | ||
870 | /* | |
871 | * encrypted_update - update the master key description | |
872 | * | |
873 | * Change the master key description for an existing encrypted key. | |
874 | * The next read will return an encrypted datablob using the new | |
875 | * master key description. | |
876 | * | |
877 | * On success, return 0. Otherwise return errno. | |
878 | */ | |
cf7f601c | 879 | static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) |
7e70cb49 | 880 | { |
146aa8b1 | 881 | struct encrypted_key_payload *epayload = key->payload.data[0]; |
7e70cb49 MZ |
882 | struct encrypted_key_payload *new_epayload; |
883 | char *buf; | |
884 | char *new_master_desc = NULL; | |
4e561d38 | 885 | const char *format = NULL; |
cf7f601c | 886 | size_t datalen = prep->datalen; |
7e70cb49 MZ |
887 | int ret = 0; |
888 | ||
363b02da | 889 | if (key_is_negative(key)) |
096fe9ea | 890 | return -ENOKEY; |
cf7f601c | 891 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
7e70cb49 MZ |
892 | return -EINVAL; |
893 | ||
894 | buf = kmalloc(datalen + 1, GFP_KERNEL); | |
895 | if (!buf) | |
896 | return -ENOMEM; | |
897 | ||
898 | buf[datalen] = 0; | |
cf7f601c | 899 | memcpy(buf, prep->data, datalen); |
cd3bc044 | 900 | ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL, NULL); |
7e70cb49 MZ |
901 | if (ret < 0) |
902 | goto out; | |
903 | ||
904 | ret = valid_master_desc(new_master_desc, epayload->master_desc); | |
905 | if (ret < 0) | |
906 | goto out; | |
907 | ||
4e561d38 | 908 | new_epayload = encrypted_key_alloc(key, epayload->format, |
cd3bc044 | 909 | new_master_desc, epayload->datalen, NULL); |
7e70cb49 MZ |
910 | if (IS_ERR(new_epayload)) { |
911 | ret = PTR_ERR(new_epayload); | |
912 | goto out; | |
913 | } | |
914 | ||
4e561d38 RS |
915 | __ekey_init(new_epayload, epayload->format, new_master_desc, |
916 | epayload->datalen); | |
7e70cb49 MZ |
917 | |
918 | memcpy(new_epayload->iv, epayload->iv, ivsize); | |
4e561d38 RS |
919 | memcpy(new_epayload->payload_data, epayload->payload_data, |
920 | epayload->payload_datalen); | |
7e70cb49 | 921 | |
ee0b31a2 | 922 | rcu_assign_keypointer(key, new_epayload); |
7e70cb49 MZ |
923 | call_rcu(&epayload->rcu, encrypted_rcu_free); |
924 | out: | |
453431a5 | 925 | kfree_sensitive(buf); |
7e70cb49 MZ |
926 | return ret; |
927 | } | |
928 | ||
929 | /* | |
d3ec10aa | 930 | * encrypted_read - format and copy out the encrypted data |
7e70cb49 MZ |
931 | * |
932 | * The resulting datablob format is: | |
933 | * <master-key name> <decrypted data length> <encrypted iv> <encrypted data> | |
934 | * | |
935 | * On success, return to userspace the encrypted key datablob size. | |
936 | */ | |
d3ec10aa | 937 | static long encrypted_read(const struct key *key, char *buffer, |
7e70cb49 MZ |
938 | size_t buflen) |
939 | { | |
940 | struct encrypted_key_payload *epayload; | |
941 | struct key *mkey; | |
146aa8b1 | 942 | const u8 *master_key; |
3b1826ce | 943 | size_t master_keylen; |
7e70cb49 MZ |
944 | char derived_key[HASH_SIZE]; |
945 | char *ascii_buf; | |
946 | size_t asciiblob_len; | |
947 | int ret; | |
948 | ||
0837e49a | 949 | epayload = dereference_key_locked(key); |
7e70cb49 MZ |
950 | |
951 | /* returns the hex encoded iv, encrypted-data, and hmac as ascii */ | |
952 | asciiblob_len = epayload->datablob_len + ivsize + 1 | |
953 | + roundup(epayload->decrypted_datalen, blksize) | |
954 | + (HASH_SIZE * 2); | |
955 | ||
956 | if (!buffer || buflen < asciiblob_len) | |
957 | return asciiblob_len; | |
958 | ||
959 | mkey = request_master_key(epayload, &master_key, &master_keylen); | |
960 | if (IS_ERR(mkey)) | |
961 | return PTR_ERR(mkey); | |
962 | ||
963 | ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen); | |
964 | if (ret < 0) | |
965 | goto out; | |
966 | ||
967 | ret = derived_key_encrypt(epayload, derived_key, sizeof derived_key); | |
968 | if (ret < 0) | |
969 | goto out; | |
970 | ||
971 | ret = datablob_hmac_append(epayload, master_key, master_keylen); | |
972 | if (ret < 0) | |
973 | goto out; | |
974 | ||
975 | ascii_buf = datablob_format(epayload, asciiblob_len); | |
976 | if (!ascii_buf) { | |
977 | ret = -ENOMEM; | |
978 | goto out; | |
979 | } | |
980 | ||
981 | up_read(&mkey->sem); | |
982 | key_put(mkey); | |
a9dd74b2 | 983 | memzero_explicit(derived_key, sizeof(derived_key)); |
7e70cb49 | 984 | |
d3ec10aa | 985 | memcpy(buffer, ascii_buf, asciiblob_len); |
453431a5 | 986 | kfree_sensitive(ascii_buf); |
7e70cb49 MZ |
987 | |
988 | return asciiblob_len; | |
989 | out: | |
990 | up_read(&mkey->sem); | |
991 | key_put(mkey); | |
a9dd74b2 | 992 | memzero_explicit(derived_key, sizeof(derived_key)); |
7e70cb49 MZ |
993 | return ret; |
994 | } | |
995 | ||
996 | /* | |
a9dd74b2 | 997 | * encrypted_destroy - clear and free the key's payload |
7e70cb49 MZ |
998 | */ |
999 | static void encrypted_destroy(struct key *key) | |
1000 | { | |
453431a5 | 1001 | kfree_sensitive(key->payload.data[0]); |
7e70cb49 MZ |
1002 | } |
1003 | ||
1004 | struct key_type key_type_encrypted = { | |
1005 | .name = "encrypted", | |
1006 | .instantiate = encrypted_instantiate, | |
1007 | .update = encrypted_update, | |
7e70cb49 MZ |
1008 | .destroy = encrypted_destroy, |
1009 | .describe = user_describe, | |
1010 | .read = encrypted_read, | |
1011 | }; | |
1012 | EXPORT_SYMBOL_GPL(key_type_encrypted); | |
1013 | ||
64d107d3 | 1014 | static int __init init_encrypted(void) |
7e70cb49 MZ |
1015 | { |
1016 | int ret; | |
1017 | ||
3d234b33 | 1018 | hash_tfm = crypto_alloc_shash(hash_alg, 0, 0); |
64d107d3 EB |
1019 | if (IS_ERR(hash_tfm)) { |
1020 | pr_err("encrypted_key: can't allocate %s transform: %ld\n", | |
1021 | hash_alg, PTR_ERR(hash_tfm)); | |
1022 | return PTR_ERR(hash_tfm); | |
7e70cb49 MZ |
1023 | } |
1024 | ||
b26bdde5 TI |
1025 | ret = aes_get_sizes(); |
1026 | if (ret < 0) | |
1027 | goto out; | |
7e70cb49 MZ |
1028 | ret = register_key_type(&key_type_encrypted); |
1029 | if (ret < 0) | |
1030 | goto out; | |
b26bdde5 | 1031 | return 0; |
7e70cb49 | 1032 | out: |
64d107d3 | 1033 | crypto_free_shash(hash_tfm); |
7e70cb49 | 1034 | return ret; |
b9703449 | 1035 | |
7e70cb49 MZ |
1036 | } |
1037 | ||
1038 | static void __exit cleanup_encrypted(void) | |
1039 | { | |
64d107d3 | 1040 | crypto_free_shash(hash_tfm); |
7e70cb49 MZ |
1041 | unregister_key_type(&key_type_encrypted); |
1042 | } | |
1043 | ||
1044 | late_initcall(init_encrypted); | |
1045 | module_exit(cleanup_encrypted); | |
1046 | ||
1047 | MODULE_LICENSE("GPL"); |