1 2 #include "ceph_debug.h" 3 4 #include <linux/err.h> 5 #include <linux/scatterlist.h> 6 #include <linux/slab.h> 7 #include <crypto/hash.h> 8 9 #include "crypto.h" 10 #include "decode.h" 11 12 int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) 13 { 14 if (*p + sizeof(u16) + sizeof(key->created) + 15 sizeof(u16) + key->len > end) 16 return -ERANGE; 17 ceph_encode_16(p, key->type); 18 ceph_encode_copy(p, &key->created, sizeof(key->created)); 19 ceph_encode_16(p, key->len); 20 ceph_encode_copy(p, key->key, key->len); 21 return 0; 22 } 23 24 int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) 25 { 26 ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad); 27 key->type = ceph_decode_16(p); 28 ceph_decode_copy(p, &key->created, sizeof(key->created)); 29 key->len = ceph_decode_16(p); 30 ceph_decode_need(p, end, key->len, bad); 31 key->key = kmalloc(key->len, GFP_NOFS); 32 if (!key->key) 33 return -ENOMEM; 34 ceph_decode_copy(p, key->key, key->len); 35 return 0; 36 37 bad: 38 dout("failed to decode crypto key\n"); 39 return -EINVAL; 40 } 41 42 int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) 43 { 44 int inlen = strlen(inkey); 45 int blen = inlen * 3 / 4; 46 void *buf, *p; 47 int ret; 48 49 dout("crypto_key_unarmor %s\n", inkey); 50 buf = kmalloc(blen, GFP_NOFS); 51 if (!buf) 52 return -ENOMEM; 53 blen = ceph_unarmor(buf, inkey, inkey+inlen); 54 if (blen < 0) { 55 kfree(buf); 56 return blen; 57 } 58 59 p = buf; 60 ret = ceph_crypto_key_decode(key, &p, p + blen); 61 kfree(buf); 62 if (ret) 63 return ret; 64 dout("crypto_key_unarmor key %p type %d len %d\n", key, 65 key->type, key->len); 66 return 0; 67 } 68 69 70 71 #define AES_KEY_SIZE 16 72 73 static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void) 74 { 75 return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC); 76 } 77 78 const u8 *aes_iv = "cephsageyudagreg"; 79 80 int ceph_aes_encrypt(const void *key, int key_len, void *dst, size_t *dst_len, 81 const void *src, size_t src_len) 82 { 83 struct scatterlist sg_in[2], sg_out[1]; 84 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); 85 struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; 86 int ret; 87 void *iv; 88 int ivsize; 89 size_t zero_padding = (0x10 - (src_len & 0x0f)); 90 char pad[16]; 91 92 if (IS_ERR(tfm)) 93 return PTR_ERR(tfm); 94 95 memset(pad, zero_padding, zero_padding); 96 97 *dst_len = src_len + zero_padding; 98 99 crypto_blkcipher_setkey((void *)tfm, key, key_len); 100 sg_init_table(sg_in, 2); 101 sg_set_buf(&sg_in[0], src, src_len); 102 sg_set_buf(&sg_in[1], pad, zero_padding); 103 sg_init_table(sg_out, 1); 104 sg_set_buf(sg_out, dst, *dst_len); 105 iv = crypto_blkcipher_crt(tfm)->iv; 106 ivsize = crypto_blkcipher_ivsize(tfm); 107 108 memcpy(iv, aes_iv, ivsize); 109 /* 110 print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, 111 key, key_len, 1); 112 print_hex_dump(KERN_ERR, "enc src: ", DUMP_PREFIX_NONE, 16, 1, 113 src, src_len, 1); 114 print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, 115 pad, zero_padding, 1); 116 */ 117 ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, 118 src_len + zero_padding); 119 crypto_free_blkcipher(tfm); 120 if (ret < 0) 121 pr_err("ceph_aes_crypt failed %d\n", ret); 122 /* 123 print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, 124 dst, *dst_len, 1); 125 */ 126 return 0; 127 } 128 129 int ceph_aes_encrypt2(const void *key, int key_len, void *dst, size_t *dst_len, 130 const void *src1, size_t src1_len, 131 const void *src2, size_t src2_len) 132 { 133 struct scatterlist sg_in[3], sg_out[1]; 134 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); 135 struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; 136 int ret; 137 void *iv; 138 int ivsize; 139 size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f)); 140 char pad[16]; 141 142 if (IS_ERR(tfm)) 143 return PTR_ERR(tfm); 144 145 memset(pad, zero_padding, zero_padding); 146 147 *dst_len = src1_len + src2_len + zero_padding; 148 149 crypto_blkcipher_setkey((void *)tfm, key, key_len); 150 sg_init_table(sg_in, 3); 151 sg_set_buf(&sg_in[0], src1, src1_len); 152 sg_set_buf(&sg_in[1], src2, src2_len); 153 sg_set_buf(&sg_in[2], pad, zero_padding); 154 sg_init_table(sg_out, 1); 155 sg_set_buf(sg_out, dst, *dst_len); 156 iv = crypto_blkcipher_crt(tfm)->iv; 157 ivsize = crypto_blkcipher_ivsize(tfm); 158 159 memcpy(iv, aes_iv, ivsize); 160 /* 161 print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, 162 key, key_len, 1); 163 print_hex_dump(KERN_ERR, "enc src1: ", DUMP_PREFIX_NONE, 16, 1, 164 src1, src1_len, 1); 165 print_hex_dump(KERN_ERR, "enc src2: ", DUMP_PREFIX_NONE, 16, 1, 166 src2, src2_len, 1); 167 print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, 168 pad, zero_padding, 1); 169 */ 170 ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, 171 src1_len + src2_len + zero_padding); 172 crypto_free_blkcipher(tfm); 173 if (ret < 0) 174 pr_err("ceph_aes_crypt2 failed %d\n", ret); 175 /* 176 print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, 177 dst, *dst_len, 1); 178 */ 179 return 0; 180 } 181 182 int ceph_aes_decrypt(const void *key, int key_len, void *dst, size_t *dst_len, 183 const void *src, size_t src_len) 184 { 185 struct scatterlist sg_in[1], sg_out[2]; 186 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); 187 struct blkcipher_desc desc = { .tfm = tfm }; 188 char pad[16]; 189 void *iv; 190 int ivsize; 191 int ret; 192 int last_byte; 193 194 if (IS_ERR(tfm)) 195 return PTR_ERR(tfm); 196 197 crypto_blkcipher_setkey((void *)tfm, key, key_len); 198 sg_init_table(sg_in, 1); 199 sg_init_table(sg_out, 2); 200 sg_set_buf(sg_in, src, src_len); 201 sg_set_buf(&sg_out[0], dst, *dst_len); 202 sg_set_buf(&sg_out[1], pad, sizeof(pad)); 203 204 iv = crypto_blkcipher_crt(tfm)->iv; 205 ivsize = crypto_blkcipher_ivsize(tfm); 206 207 memcpy(iv, aes_iv, ivsize); 208 209 /* 210 print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1, 211 key, key_len, 1); 212 print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, 213 src, src_len, 1); 214 */ 215 216 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); 217 crypto_free_blkcipher(tfm); 218 if (ret < 0) { 219 pr_err("ceph_aes_decrypt failed %d\n", ret); 220 return ret; 221 } 222 223 if (src_len <= *dst_len) 224 last_byte = ((char *)dst)[src_len - 1]; 225 else 226 last_byte = pad[src_len - *dst_len - 1]; 227 if (last_byte <= 16 && src_len >= last_byte) { 228 *dst_len = src_len - last_byte; 229 } else { 230 pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n", 231 last_byte, (int)src_len); 232 return -EPERM; /* bad padding */ 233 } 234 /* 235 print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, 236 dst, *dst_len, 1); 237 */ 238 return 0; 239 } 240 241 int ceph_aes_decrypt2(const void *key, int key_len, 242 void *dst1, size_t *dst1_len, 243 void *dst2, size_t *dst2_len, 244 const void *src, size_t src_len) 245 { 246 struct scatterlist sg_in[1], sg_out[3]; 247 struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); 248 struct blkcipher_desc desc = { .tfm = tfm }; 249 char pad[16]; 250 void *iv; 251 int ivsize; 252 int ret; 253 int last_byte; 254 255 if (IS_ERR(tfm)) 256 return PTR_ERR(tfm); 257 258 sg_init_table(sg_in, 1); 259 sg_set_buf(sg_in, src, src_len); 260 sg_init_table(sg_out, 3); 261 sg_set_buf(&sg_out[0], dst1, *dst1_len); 262 sg_set_buf(&sg_out[1], dst2, *dst2_len); 263 sg_set_buf(&sg_out[2], pad, sizeof(pad)); 264 265 crypto_blkcipher_setkey((void *)tfm, key, key_len); 266 iv = crypto_blkcipher_crt(tfm)->iv; 267 ivsize = crypto_blkcipher_ivsize(tfm); 268 269 memcpy(iv, aes_iv, ivsize); 270 271 /* 272 print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1, 273 key, key_len, 1); 274 print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, 275 src, src_len, 1); 276 */ 277 278 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); 279 crypto_free_blkcipher(tfm); 280 if (ret < 0) { 281 pr_err("ceph_aes_decrypt failed %d\n", ret); 282 return ret; 283 } 284 285 if (src_len <= *dst1_len) 286 last_byte = ((char *)dst1)[src_len - 1]; 287 else if (src_len <= *dst1_len + *dst2_len) 288 last_byte = ((char *)dst2)[src_len - *dst1_len - 1]; 289 else 290 last_byte = pad[src_len - *dst1_len - *dst2_len - 1]; 291 if (last_byte <= 16 && src_len >= last_byte) { 292 src_len -= last_byte; 293 } else { 294 pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n", 295 last_byte, (int)src_len); 296 return -EPERM; /* bad padding */ 297 } 298 299 if (src_len < *dst1_len) { 300 *dst1_len = src_len; 301 *dst2_len = 0; 302 } else { 303 *dst2_len = src_len - *dst1_len; 304 } 305 /* 306 print_hex_dump(KERN_ERR, "dec out1: ", DUMP_PREFIX_NONE, 16, 1, 307 dst1, *dst1_len, 1); 308 print_hex_dump(KERN_ERR, "dec out2: ", DUMP_PREFIX_NONE, 16, 1, 309 dst2, *dst2_len, 1); 310 */ 311 312 return 0; 313 } 314 315 316 int ceph_decrypt(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, 317 const void *src, size_t src_len) 318 { 319 switch (secret->type) { 320 case CEPH_CRYPTO_NONE: 321 if (*dst_len < src_len) 322 return -ERANGE; 323 memcpy(dst, src, src_len); 324 *dst_len = src_len; 325 return 0; 326 327 case CEPH_CRYPTO_AES: 328 return ceph_aes_decrypt(secret->key, secret->len, dst, 329 dst_len, src, src_len); 330 331 default: 332 return -EINVAL; 333 } 334 } 335 336 int ceph_decrypt2(struct ceph_crypto_key *secret, 337 void *dst1, size_t *dst1_len, 338 void *dst2, size_t *dst2_len, 339 const void *src, size_t src_len) 340 { 341 size_t t; 342 343 switch (secret->type) { 344 case CEPH_CRYPTO_NONE: 345 if (*dst1_len + *dst2_len < src_len) 346 return -ERANGE; 347 t = min(*dst1_len, src_len); 348 memcpy(dst1, src, t); 349 *dst1_len = t; 350 src += t; 351 src_len -= t; 352 if (src_len) { 353 t = min(*dst2_len, src_len); 354 memcpy(dst2, src, t); 355 *dst2_len = t; 356 } 357 return 0; 358 359 case CEPH_CRYPTO_AES: 360 return ceph_aes_decrypt2(secret->key, secret->len, 361 dst1, dst1_len, dst2, dst2_len, 362 src, src_len); 363 364 default: 365 return -EINVAL; 366 } 367 } 368 369 int ceph_encrypt(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, 370 const void *src, size_t src_len) 371 { 372 switch (secret->type) { 373 case CEPH_CRYPTO_NONE: 374 if (*dst_len < src_len) 375 return -ERANGE; 376 memcpy(dst, src, src_len); 377 *dst_len = src_len; 378 return 0; 379 380 case CEPH_CRYPTO_AES: 381 return ceph_aes_encrypt(secret->key, secret->len, dst, 382 dst_len, src, src_len); 383 384 default: 385 return -EINVAL; 386 } 387 } 388 389 int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, 390 const void *src1, size_t src1_len, 391 const void *src2, size_t src2_len) 392 { 393 switch (secret->type) { 394 case CEPH_CRYPTO_NONE: 395 if (*dst_len < src1_len + src2_len) 396 return -ERANGE; 397 memcpy(dst, src1, src1_len); 398 memcpy(dst + src1_len, src2, src2_len); 399 *dst_len = src1_len + src2_len; 400 return 0; 401 402 case CEPH_CRYPTO_AES: 403 return ceph_aes_encrypt2(secret->key, secret->len, dst, dst_len, 404 src1, src1_len, src2, src2_len); 405 406 default: 407 return -EINVAL; 408 } 409 } 410