crypto_key.c 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. /*
  2. * linux/fs/f2fs/crypto_key.c
  3. *
  4. * Copied from linux/fs/f2fs/crypto_key.c
  5. *
  6. * Copyright (C) 2015, Google, Inc.
  7. *
  8. * This contains encryption key functions for f2fs
  9. *
  10. * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
  11. */
  12. #include <keys/encrypted-type.h>
  13. #include <keys/user-type.h>
  14. #include <linux/random.h>
  15. #include <linux/scatterlist.h>
  16. #include <uapi/linux/keyctl.h>
  17. #include <crypto/hash.h>
  18. #include <linux/f2fs_fs.h>
  19. #include "f2fs.h"
  20. #include "xattr.h"
  21. static void derive_crypt_complete(struct crypto_async_request *req, int rc)
  22. {
  23. struct f2fs_completion_result *ecr = req->data;
  24. if (rc == -EINPROGRESS)
  25. return;
  26. ecr->res = rc;
  27. complete(&ecr->completion);
  28. }
  29. /**
  30. * f2fs_derive_key_aes() - Derive a key using AES-128-ECB
  31. * @deriving_key: Encryption key used for derivatio.
  32. * @source_key: Source key to which to apply derivation.
  33. * @derived_key: Derived key.
  34. *
  35. * Return: Zero on success; non-zero otherwise.
  36. */
  37. static int f2fs_derive_key_aes(char deriving_key[F2FS_AES_128_ECB_KEY_SIZE],
  38. char source_key[F2FS_AES_256_XTS_KEY_SIZE],
  39. char derived_key[F2FS_AES_256_XTS_KEY_SIZE])
  40. {
  41. int res = 0;
  42. struct ablkcipher_request *req = NULL;
  43. DECLARE_F2FS_COMPLETION_RESULT(ecr);
  44. struct scatterlist src_sg, dst_sg;
  45. struct crypto_ablkcipher *tfm = crypto_alloc_ablkcipher("ecb(aes)", 0,
  46. 0);
  47. if (IS_ERR(tfm)) {
  48. res = PTR_ERR(tfm);
  49. tfm = NULL;
  50. goto out;
  51. }
  52. crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
  53. req = ablkcipher_request_alloc(tfm, GFP_NOFS);
  54. if (!req) {
  55. res = -ENOMEM;
  56. goto out;
  57. }
  58. ablkcipher_request_set_callback(req,
  59. CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
  60. derive_crypt_complete, &ecr);
  61. res = crypto_ablkcipher_setkey(tfm, deriving_key,
  62. F2FS_AES_128_ECB_KEY_SIZE);
  63. if (res < 0)
  64. goto out;
  65. sg_init_one(&src_sg, source_key, F2FS_AES_256_XTS_KEY_SIZE);
  66. sg_init_one(&dst_sg, derived_key, F2FS_AES_256_XTS_KEY_SIZE);
  67. ablkcipher_request_set_crypt(req, &src_sg, &dst_sg,
  68. F2FS_AES_256_XTS_KEY_SIZE, NULL);
  69. res = crypto_ablkcipher_encrypt(req);
  70. if (res == -EINPROGRESS || res == -EBUSY) {
  71. wait_for_completion(&ecr.completion);
  72. res = ecr.res;
  73. }
  74. out:
  75. if (req)
  76. ablkcipher_request_free(req);
  77. if (tfm)
  78. crypto_free_ablkcipher(tfm);
  79. return res;
  80. }
  81. static void f2fs_free_crypt_info(struct f2fs_crypt_info *ci)
  82. {
  83. if (!ci)
  84. return;
  85. crypto_free_ablkcipher(ci->ci_ctfm);
  86. kmem_cache_free(f2fs_crypt_info_cachep, ci);
  87. }
  88. void f2fs_free_encryption_info(struct inode *inode, struct f2fs_crypt_info *ci)
  89. {
  90. struct f2fs_inode_info *fi = F2FS_I(inode);
  91. struct f2fs_crypt_info *prev;
  92. if (ci == NULL)
  93. ci = ACCESS_ONCE(fi->i_crypt_info);
  94. if (ci == NULL)
  95. return;
  96. prev = cmpxchg(&fi->i_crypt_info, ci, NULL);
  97. if (prev != ci)
  98. return;
  99. f2fs_free_crypt_info(ci);
  100. }
  101. int f2fs_get_encryption_info(struct inode *inode)
  102. {
  103. struct f2fs_inode_info *fi = F2FS_I(inode);
  104. struct f2fs_crypt_info *crypt_info;
  105. char full_key_descriptor[F2FS_KEY_DESC_PREFIX_SIZE +
  106. (F2FS_KEY_DESCRIPTOR_SIZE * 2) + 1];
  107. struct key *keyring_key = NULL;
  108. struct f2fs_encryption_key *master_key;
  109. struct f2fs_encryption_context ctx;
  110. const struct user_key_payload *ukp;
  111. struct crypto_ablkcipher *ctfm;
  112. const char *cipher_str;
  113. char raw_key[F2FS_MAX_KEY_SIZE];
  114. char mode;
  115. int res;
  116. if (fi->i_crypt_info)
  117. return 0;
  118. res = f2fs_crypto_initialize();
  119. if (res)
  120. return res;
  121. res = f2fs_getxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION,
  122. F2FS_XATTR_NAME_ENCRYPTION_CONTEXT,
  123. &ctx, sizeof(ctx), NULL);
  124. if (res < 0)
  125. return res;
  126. else if (res != sizeof(ctx))
  127. return -EINVAL;
  128. res = 0;
  129. crypt_info = kmem_cache_alloc(f2fs_crypt_info_cachep, GFP_NOFS);
  130. if (!crypt_info)
  131. return -ENOMEM;
  132. crypt_info->ci_flags = ctx.flags;
  133. crypt_info->ci_data_mode = ctx.contents_encryption_mode;
  134. crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
  135. crypt_info->ci_ctfm = NULL;
  136. memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
  137. sizeof(crypt_info->ci_master_key));
  138. if (S_ISREG(inode->i_mode))
  139. mode = crypt_info->ci_data_mode;
  140. else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
  141. mode = crypt_info->ci_filename_mode;
  142. else
  143. BUG();
  144. switch (mode) {
  145. case F2FS_ENCRYPTION_MODE_AES_256_XTS:
  146. cipher_str = "xts(aes)";
  147. break;
  148. case F2FS_ENCRYPTION_MODE_AES_256_CTS:
  149. cipher_str = "cts(cbc(aes))";
  150. break;
  151. default:
  152. printk_once(KERN_WARNING
  153. "f2fs: unsupported key mode %d (ino %u)\n",
  154. mode, (unsigned) inode->i_ino);
  155. res = -ENOKEY;
  156. goto out;
  157. }
  158. memcpy(full_key_descriptor, F2FS_KEY_DESC_PREFIX,
  159. F2FS_KEY_DESC_PREFIX_SIZE);
  160. sprintf(full_key_descriptor + F2FS_KEY_DESC_PREFIX_SIZE,
  161. "%*phN", F2FS_KEY_DESCRIPTOR_SIZE,
  162. ctx.master_key_descriptor);
  163. full_key_descriptor[F2FS_KEY_DESC_PREFIX_SIZE +
  164. (2 * F2FS_KEY_DESCRIPTOR_SIZE)] = '\0';
  165. keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL);
  166. if (IS_ERR(keyring_key)) {
  167. res = PTR_ERR(keyring_key);
  168. keyring_key = NULL;
  169. goto out;
  170. }
  171. if (keyring_key->type != &key_type_logon) {
  172. printk_once(KERN_WARNING "f2fs: key type must be logon\n");
  173. res = -ENOKEY;
  174. goto out;
  175. }
  176. down_read(&keyring_key->sem);
  177. ukp = user_key_payload(keyring_key);
  178. if (!ukp) {
  179. /* key was revoked before we acquired its semaphore */
  180. res = -EKEYREVOKED;
  181. up_read(&keyring_key->sem);
  182. goto out;
  183. }
  184. if (ukp->datalen != sizeof(struct f2fs_encryption_key)) {
  185. res = -EINVAL;
  186. up_read(&keyring_key->sem);
  187. goto out;
  188. }
  189. master_key = (struct f2fs_encryption_key *)ukp->data;
  190. BUILD_BUG_ON(F2FS_AES_128_ECB_KEY_SIZE !=
  191. F2FS_KEY_DERIVATION_NONCE_SIZE);
  192. if (master_key->size != F2FS_AES_256_XTS_KEY_SIZE) {
  193. printk_once(KERN_WARNING
  194. "f2fs: key size incorrect: %d\n",
  195. master_key->size);
  196. res = -ENOKEY;
  197. up_read(&keyring_key->sem);
  198. goto out;
  199. }
  200. res = f2fs_derive_key_aes(ctx.nonce, master_key->raw,
  201. raw_key);
  202. up_read(&keyring_key->sem);
  203. if (res)
  204. goto out;
  205. ctfm = crypto_alloc_ablkcipher(cipher_str, 0, 0);
  206. if (!ctfm || IS_ERR(ctfm)) {
  207. res = ctfm ? PTR_ERR(ctfm) : -ENOMEM;
  208. printk(KERN_DEBUG
  209. "%s: error %d (inode %u) allocating crypto tfm\n",
  210. __func__, res, (unsigned) inode->i_ino);
  211. goto out;
  212. }
  213. crypt_info->ci_ctfm = ctfm;
  214. crypto_ablkcipher_clear_flags(ctfm, ~0);
  215. crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctfm),
  216. CRYPTO_TFM_REQ_WEAK_KEY);
  217. res = crypto_ablkcipher_setkey(ctfm, raw_key,
  218. f2fs_encryption_key_size(mode));
  219. if (res)
  220. goto out;
  221. if (cmpxchg(&fi->i_crypt_info, NULL, crypt_info) == NULL)
  222. crypt_info = NULL;
  223. out:
  224. if (res == -ENOKEY && !S_ISREG(inode->i_mode))
  225. res = 0;
  226. key_put(keyring_key);
  227. f2fs_free_crypt_info(crypt_info);
  228. memzero_explicit(raw_key, sizeof(raw_key));
  229. return res;
  230. }
  231. int f2fs_has_encryption_key(struct inode *inode)
  232. {
  233. struct f2fs_inode_info *fi = F2FS_I(inode);
  234. return (fi->i_crypt_info != NULL);
  235. }