Lines Matching +full:key +full:- +full:1

1 // SPDX-License-Identifier: GPL-2.0
11 #include <linux/key-type.h>
14 #include <keys/ceph-type.h>
15 #include <keys/user-type.h>
20 * Set ->key and ->tfm. The rest of the key should be filled in before
23 static int set_secret(struct ceph_crypto_key *key, void *buf) in set_secret() argument
28 key->key = NULL; in set_secret()
29 key->tfm = NULL; in set_secret()
31 switch (key->type) { in set_secret()
37 return -ENOTSUPP; in set_secret()
40 if (!key->len) in set_secret()
41 return -EINVAL; in set_secret()
43 key->key = kmemdup(buf, key->len, GFP_NOIO); in set_secret()
44 if (!key->key) { in set_secret()
45 ret = -ENOMEM; in set_secret()
51 key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0); in set_secret()
53 if (IS_ERR(key->tfm)) { in set_secret()
54 ret = PTR_ERR(key->tfm); in set_secret()
55 key->tfm = NULL; in set_secret()
59 ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len); in set_secret()
66 ceph_crypto_key_destroy(key); in set_secret()
74 return set_secret(dst, src->key); in ceph_crypto_key_clone()
77 int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) in ceph_crypto_key_encode() argument
79 if (*p + sizeof(u16) + sizeof(key->created) + in ceph_crypto_key_encode()
80 sizeof(u16) + key->len > end) in ceph_crypto_key_encode()
81 return -ERANGE; in ceph_crypto_key_encode()
82 ceph_encode_16(p, key->type); in ceph_crypto_key_encode()
83 ceph_encode_copy(p, &key->created, sizeof(key->created)); in ceph_crypto_key_encode()
84 ceph_encode_16(p, key->len); in ceph_crypto_key_encode()
85 ceph_encode_copy(p, key->key, key->len); in ceph_crypto_key_encode()
89 int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) in ceph_crypto_key_decode() argument
93 ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad); in ceph_crypto_key_decode()
94 key->type = ceph_decode_16(p); in ceph_crypto_key_decode()
95 ceph_decode_copy(p, &key->created, sizeof(key->created)); in ceph_crypto_key_decode()
96 key->len = ceph_decode_16(p); in ceph_crypto_key_decode()
97 ceph_decode_need(p, end, key->len, bad); in ceph_crypto_key_decode()
98 ret = set_secret(key, *p); in ceph_crypto_key_decode()
99 memzero_explicit(*p, key->len); in ceph_crypto_key_decode()
100 *p += key->len; in ceph_crypto_key_decode()
104 dout("failed to decode crypto key\n"); in ceph_crypto_key_decode()
105 return -EINVAL; in ceph_crypto_key_decode()
108 int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) in ceph_crypto_key_unarmor() argument
118 return -ENOMEM; in ceph_crypto_key_unarmor()
126 ret = ceph_crypto_key_decode(key, &p, p + blen); in ceph_crypto_key_unarmor()
130 dout("crypto_key_unarmor key %p type %d len %d\n", key, in ceph_crypto_key_unarmor()
131 key->type, key->len); in ceph_crypto_key_unarmor()
135 void ceph_crypto_key_destroy(struct ceph_crypto_key *key) in ceph_crypto_key_destroy() argument
137 if (key) { in ceph_crypto_key_destroy()
138 kfree_sensitive(key->key); in ceph_crypto_key_destroy()
139 key->key = NULL; in ceph_crypto_key_destroy()
140 if (key->tfm) { in ceph_crypto_key_destroy()
141 crypto_free_sync_skcipher(key->tfm); in ceph_crypto_key_destroy()
142 key->tfm = NULL; in ceph_crypto_key_destroy()
151 * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
152 * in-buffer (msg front).
167 unsigned int chunk_cnt = 1; in setup_sgtable()
174 return -EINVAL; in setup_sgtable()
182 if (chunk_cnt > 1) { in setup_sgtable()
187 WARN_ON(chunk_cnt != 1); in setup_sgtable()
188 sg_init_table(prealloc_sg, 1); in setup_sgtable()
189 sgt->sgl = prealloc_sg; in setup_sgtable()
190 sgt->nents = sgt->orig_nents = 1; in setup_sgtable()
193 for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { in setup_sgtable()
195 unsigned int len = min(chunk_len - off, buf_len); in setup_sgtable()
206 buf_len -= len; in setup_sgtable()
215 if (sgt->orig_nents > 1) in teardown_sgtable()
219 static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt, in ceph_aes_crypt() argument
222 SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm); in ceph_aes_crypt()
226 int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1)); in ceph_aes_crypt()
238 skcipher_request_set_sync_tfm(req, key->tfm); in ceph_aes_crypt()
243 print_hex_dump(KERN_ERR, "key: ", DUMP_PREFIX_NONE, 16, 1, in ceph_aes_crypt()
244 key->key, key->len, 1); in ceph_aes_crypt()
245 print_hex_dump(KERN_ERR, " in: ", DUMP_PREFIX_NONE, 16, 1, in ceph_aes_crypt()
246 buf, crypt_len, 1); in ceph_aes_crypt()
259 print_hex_dump(KERN_ERR, "out: ", DUMP_PREFIX_NONE, 16, 1, in ceph_aes_crypt()
260 buf, crypt_len, 1); in ceph_aes_crypt()
266 pad_byte = *(char *)(buf + in_len - 1); in ceph_aes_crypt()
269 *pout_len = in_len - pad_byte; in ceph_aes_crypt()
273 ret = -EPERM; in ceph_aes_crypt()
283 int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt, in ceph_crypt() argument
286 switch (key->type) { in ceph_crypt()
291 return ceph_aes_crypt(key, encrypt, buf, buf_len, in_len, in ceph_crypt()
294 return -ENOTSUPP; in ceph_crypt()
301 size_t datalen = prep->datalen; in ceph_key_preparse()
305 ret = -EINVAL; in ceph_key_preparse()
306 if (datalen <= 0 || datalen > 32767 || !prep->data) in ceph_key_preparse()
309 ret = -ENOMEM; in ceph_key_preparse()
315 p = (void *)prep->data; in ceph_key_preparse()
316 ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen); in ceph_key_preparse()
320 prep->payload.data[0] = ckey; in ceph_key_preparse()
321 prep->quotalen = datalen; in ceph_key_preparse()
332 struct ceph_crypto_key *ckey = prep->payload.data[0]; in ceph_key_free_preparse()
337 static void ceph_key_destroy(struct key *key) in ceph_key_destroy() argument
339 struct ceph_crypto_key *ckey = key->payload.data[0]; in ceph_key_destroy()