1 // SPDX-License-Identifier: GPL-2.0
11 #include <linux/key-type.h>
14 #include <keys/ceph-type.h>
15 #include <keys/user-type.h>
20  * Set ->key and ->tfm.  The rest of the key should be filled in before
23 static int set_secret(struct ceph_crypto_key *key, void *buf)  in set_secret()  argument
28 	key->key = NULL;  in set_secret()
29 	key->tfm = NULL;  in set_secret()
31 	switch (key->type) {  in set_secret()
37 		return -ENOTSUPP;  in set_secret()
40 	if (!key->len)  in set_secret()
41 		return -EINVAL;  in set_secret()
43 	key->key = kmemdup(buf, key->len, GFP_NOIO);  in set_secret()
44 	if (!key->key) {  in set_secret()
45 		ret = -ENOMEM;  in set_secret()
51 	key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);  in set_secret()
53 	if (IS_ERR(key->tfm)) {  in set_secret()
54 		ret = PTR_ERR(key->tfm);  in set_secret()
55 		key->tfm = NULL;  in set_secret()
59 	ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len);  in set_secret()
66 	ceph_crypto_key_destroy(key);  in set_secret()
74 	return set_secret(dst, src->key);  in ceph_crypto_key_clone()
77 int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end)  in ceph_crypto_key_encode()  argument
79 	if (*p + sizeof(u16) + sizeof(key->created) +  in ceph_crypto_key_encode()
80 	    sizeof(u16) + key->len > end)  in ceph_crypto_key_encode()
81 		return -ERANGE;  in ceph_crypto_key_encode()
82 	ceph_encode_16(p, key->type);  in ceph_crypto_key_encode()
83 	ceph_encode_copy(p, &key->created, sizeof(key->created));  in ceph_crypto_key_encode()
84 	ceph_encode_16(p, key->len);  in ceph_crypto_key_encode()
85 	ceph_encode_copy(p, key->key, key->len);  in ceph_crypto_key_encode()
89 int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end)  in ceph_crypto_key_decode()  argument
93 	ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad);  in ceph_crypto_key_decode()
94 	key->type = ceph_decode_16(p);  in ceph_crypto_key_decode()
95 	ceph_decode_copy(p, &key->created, sizeof(key->created));  in ceph_crypto_key_decode()
96 	key->len = ceph_decode_16(p);  in ceph_crypto_key_decode()
97 	ceph_decode_need(p, end, key->len, bad);  in ceph_crypto_key_decode()
98 	ret = set_secret(key, *p);  in ceph_crypto_key_decode()
99 	memzero_explicit(*p, key->len);  in ceph_crypto_key_decode()
100 	*p += key->len;  in ceph_crypto_key_decode()
104 	dout("failed to decode crypto key\n");  in ceph_crypto_key_decode()
105 	return -EINVAL;  in ceph_crypto_key_decode()
108 int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)  in ceph_crypto_key_unarmor()  argument
118 		return -ENOMEM;  in ceph_crypto_key_unarmor()
126 	ret = ceph_crypto_key_decode(key, &p, p + blen);  in ceph_crypto_key_unarmor()
130 	dout("crypto_key_unarmor key %p type %d len %d\n", key,  in ceph_crypto_key_unarmor()
131 	     key->type, key->len);  in ceph_crypto_key_unarmor()
135 void ceph_crypto_key_destroy(struct ceph_crypto_key *key)  in ceph_crypto_key_destroy()  argument
137 	if (key) {  in ceph_crypto_key_destroy()
138 		kfree_sensitive(key->key);  in ceph_crypto_key_destroy()
139 		key->key = NULL;  in ceph_crypto_key_destroy()
140 		if (key->tfm) {  in ceph_crypto_key_destroy()
141 			crypto_free_sync_skcipher(key->tfm);  in ceph_crypto_key_destroy()
142 			key->tfm = NULL;  in ceph_crypto_key_destroy()
151  * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
152  * in-buffer (msg front).
174 		return -EINVAL;  in setup_sgtable()
189 		sgt->sgl = prealloc_sg;  in setup_sgtable()
190 		sgt->nents = sgt->orig_nents = 1;  in setup_sgtable()
193 	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {  in setup_sgtable()
195 		unsigned int len = min(chunk_len - off, buf_len);  in setup_sgtable()
206 		buf_len -= len;  in setup_sgtable()
215 	if (sgt->orig_nents > 1)  in teardown_sgtable()
219 static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,  in ceph_aes_crypt()  argument
222 	SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);  in ceph_aes_crypt()
226 	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1));  in ceph_aes_crypt()
238 	skcipher_request_set_sync_tfm(req, key->tfm);  in ceph_aes_crypt()
243 	print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1,  in ceph_aes_crypt()
244 		       key->key, key->len, 1);  in ceph_aes_crypt()
266 		pad_byte = *(char *)(buf + in_len - 1);  in ceph_aes_crypt()
269 			*pout_len = in_len - pad_byte;  in ceph_aes_crypt()
273 			ret = -EPERM;  in ceph_aes_crypt()
283 int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,  in ceph_crypt()  argument
286 	switch (key->type) {  in ceph_crypt()
291 		return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len,  in ceph_crypt()
294 		return -ENOTSUPP;  in ceph_crypt()
301 	size_t datalen = prep->datalen;  in ceph_key_preparse()
305 	ret = -EINVAL;  in ceph_key_preparse()
306 	if (datalen <= 0 || datalen > 32767 || !prep->data)  in ceph_key_preparse()
309 	ret = -ENOMEM;  in ceph_key_preparse()
315 	p = (void *)prep->data;  in ceph_key_preparse()
316 	ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen);  in ceph_key_preparse()
320 	prep->payload.data[0] = ckey;  in ceph_key_preparse()
321 	prep->quotalen = datalen;  in ceph_key_preparse()
332 	struct ceph_crypto_key *ckey = prep->payload.data[0];  in ceph_key_free_preparse()
337 static void ceph_key_destroy(struct key *key)  in ceph_key_destroy()  argument
339 	struct ceph_crypto_key *ckey = key->payload.data[0];  in ceph_key_destroy()