Home Explore Help
Register Sign In
dingyu
/
CooCenter-System-kernel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
CooCenter-Sy...
/
fs
/
f2fs
/
crypto_key.c

crypto_key.c 6.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 
  1. /*
    2. 

  2.  * linux/fs/f2fs/crypto_key.c
    3. 

  3.  *
    4. 

  4.  * Copied from linux/fs/f2fs/crypto_key.c
    5. 

  5.  *
    6. 

  6.  * Copyright (C) 2015, Google, Inc.
    7. 

  7.  *
    8. 

  8.  * This contains encryption key functions for f2fs
    9. 

  9.  *
    10. 

  10.  * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
    11. 

  11.  */
    12. 

  12. #include <keys/encrypted-type.h>
    13. 

  13. #include <keys/user-type.h>
    14. 

  14. #include <linux/random.h>
    15. 

  15. #include <linux/scatterlist.h>
    16. 

  16. #include <uapi/linux/keyctl.h>
    17. 

  17. #include <crypto/hash.h>
    18. 

  18. #include <linux/f2fs_fs.h>
    19. 

  19. 

  20. #include "f2fs.h"
    21. 

  21. #include "xattr.h"
    22. 

  22. 

  23. static void derive_crypt_complete(struct crypto_async_request *req, int rc)
    24. 

  24. {
    25. 

  25. 	struct f2fs_completion_result *ecr = req->data;
    26. 

  26. 

  27. 	if (rc == -EINPROGRESS)
    28. 

  28. 		return;
    29. 

  29. 

  30. 	ecr->res = rc;
    31. 

  31. 	complete(&ecr->completion);
    32. 

  32. }
    33. 

  33. 

  34. /**
    35. 

  35.  * f2fs_derive_key_aes() - Derive a key using AES-128-ECB
    36. 

  36.  * @deriving_key: Encryption key used for derivatio.
    37. 

  37.  * @source_key:   Source key to which to apply derivation.
    38. 

  38.  * @derived_key:  Derived key.
    39. 

  39.  *
    40. 

  40.  * Return: Zero on success; non-zero otherwise.
    41. 

  41.  */
    42. 

  42. static int f2fs_derive_key_aes(char deriving_key[F2FS_AES_128_ECB_KEY_SIZE],
    43. 

  43. 				char source_key[F2FS_AES_256_XTS_KEY_SIZE],
    44. 

  44. 				char derived_key[F2FS_AES_256_XTS_KEY_SIZE])
    45. 

  45. {
    46. 

  46. 	int res = 0;
    47. 

  47. 	struct ablkcipher_request *req = NULL;
    48. 

  48. 	DECLARE_F2FS_COMPLETION_RESULT(ecr);
    49. 

  49. 	struct scatterlist src_sg, dst_sg;
    50. 

  50. 	struct crypto_ablkcipher *tfm = crypto_alloc_ablkcipher("ecb(aes)", 0,
    51. 

  51. 								0);
    52. 

  52. 

  53. 	if (IS_ERR(tfm)) {
    54. 

  54. 		res = PTR_ERR(tfm);
    55. 

  55. 		tfm = NULL;
    56. 

  56. 		goto out;
    57. 

  57. 	}
    58. 

  58. 	crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
    59. 

  59. 	req = ablkcipher_request_alloc(tfm, GFP_NOFS);
    60. 

  60. 	if (!req) {
    61. 

  61. 		res = -ENOMEM;
    62. 

  62. 		goto out;
    63. 

  63. 	}
    64. 

  64. 	ablkcipher_request_set_callback(req,
    65. 

  65. 			CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
    66. 

  66. 			derive_crypt_complete, &ecr);
    67. 

  67. 	res = crypto_ablkcipher_setkey(tfm, deriving_key,
    68. 

  68. 				F2FS_AES_128_ECB_KEY_SIZE);
    69. 

  69. 	if (res < 0)
    70. 

  70. 		goto out;
    71. 

  71. 

  72. 	sg_init_one(&src_sg, source_key, F2FS_AES_256_XTS_KEY_SIZE);
    73. 

  73. 	sg_init_one(&dst_sg, derived_key, F2FS_AES_256_XTS_KEY_SIZE);
    74. 

  74. 	ablkcipher_request_set_crypt(req, &src_sg, &dst_sg,
    75. 

  75. 					F2FS_AES_256_XTS_KEY_SIZE, NULL);
    76. 

  76. 	res = crypto_ablkcipher_encrypt(req);
    77. 

  77. 	if (res == -EINPROGRESS || res == -EBUSY) {
    78. 

  78. 		wait_for_completion(&ecr.completion);
    79. 

  79. 		res = ecr.res;
    80. 

  80. 	}
    81. 

  81. out:
    82. 

  82. 	if (req)
    83. 

  83. 		ablkcipher_request_free(req);
    84. 

  84. 	if (tfm)
    85. 

  85. 		crypto_free_ablkcipher(tfm);
    86. 

  86. 	return res;
    87. 

  87. }
    88. 

  88. 

  89. static void f2fs_free_crypt_info(struct f2fs_crypt_info *ci)
    90. 

  90. {
    91. 

  91. 	if (!ci)
    92. 

  92. 		return;
    93. 

  93. 

  94. 	crypto_free_ablkcipher(ci->ci_ctfm);
    95. 

  95. 	kmem_cache_free(f2fs_crypt_info_cachep, ci);
    96. 

  96. }
    97. 

  97. 

  98. void f2fs_free_encryption_info(struct inode *inode, struct f2fs_crypt_info *ci)
    99. 

  99. {
    100. 

  100. 	struct f2fs_inode_info *fi = F2FS_I(inode);
    101. 

  101. 	struct f2fs_crypt_info *prev;
    102. 

  102. 

  103. 	if (ci == NULL)
    104. 

  104. 		ci = ACCESS_ONCE(fi->i_crypt_info);
    105. 

  105. 	if (ci == NULL)
    106. 

  106. 		return;
    107. 

  107. 	prev = cmpxchg(&fi->i_crypt_info, ci, NULL);
    108. 

  108. 	if (prev != ci)
    109. 

  109. 		return;
    110. 

  110. 

  111. 	f2fs_free_crypt_info(ci);
    112. 

  112. }
    113. 

  113. 

  114. int f2fs_get_encryption_info(struct inode *inode)
    115. 

  115. {
    116. 

  116. 	struct f2fs_inode_info *fi = F2FS_I(inode);
    117. 

  117. 	struct f2fs_crypt_info *crypt_info;
    118. 

  118. 	char full_key_descriptor[F2FS_KEY_DESC_PREFIX_SIZE +
    119. 

  119. 				(F2FS_KEY_DESCRIPTOR_SIZE * 2) + 1];
    120. 

  120. 	struct key *keyring_key = NULL;
    121. 

  121. 	struct f2fs_encryption_key *master_key;
    122. 

  122. 	struct f2fs_encryption_context ctx;
    123. 

  123. 	const struct user_key_payload *ukp;
    124. 

  124. 	struct crypto_ablkcipher *ctfm;
    125. 

  125. 	const char *cipher_str;
    126. 

  126. 	char raw_key[F2FS_MAX_KEY_SIZE];
    127. 

  127. 	char mode;
    128. 

  128. 	int res;
    129. 

  129. 

  130. 	if (fi->i_crypt_info)
    131. 

  131. 		return 0;
    132. 

  132. 

  133. 	res = f2fs_crypto_initialize();
    134. 

  134. 	if (res)
    135. 

  135. 		return res;
    136. 

  136. 

  137. 	res = f2fs_getxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION,
    138. 

  138. 				F2FS_XATTR_NAME_ENCRYPTION_CONTEXT,
    139. 

  139. 				&ctx, sizeof(ctx), NULL);
    140. 

  140. 	if (res < 0)
    141. 

  141. 		return res;
    142. 

  142. 	else if (res != sizeof(ctx))
    143. 

  143. 		return -EINVAL;
    144. 

  144. 	res = 0;
    145. 

  145. 

  146. 	crypt_info = kmem_cache_alloc(f2fs_crypt_info_cachep, GFP_NOFS);
    147. 

  147. 	if (!crypt_info)
    148. 

  148. 		return -ENOMEM;
    149. 

  149. 

  150. 	crypt_info->ci_flags = ctx.flags;
    151. 

  151. 	crypt_info->ci_data_mode = ctx.contents_encryption_mode;
    152. 

  152. 	crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
    153. 

  153. 	crypt_info->ci_ctfm = NULL;
    154. 

  154. 	memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
    155. 

  155. 				sizeof(crypt_info->ci_master_key));
    156. 

  156. 	if (S_ISREG(inode->i_mode))
    157. 

  157. 		mode = crypt_info->ci_data_mode;
    158. 

  158. 	else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
    159. 

  159. 		mode = crypt_info->ci_filename_mode;
    160. 

  160. 	else
    161. 

  161. 		BUG();
    162. 

  162. 

  163. 	switch (mode) {
    164. 

  164. 	case F2FS_ENCRYPTION_MODE_AES_256_XTS:
    165. 

  165. 		cipher_str = "xts(aes)";
    166. 

  166. 		break;
    167. 

  167. 	case F2FS_ENCRYPTION_MODE_AES_256_CTS:
    168. 

  168. 		cipher_str = "cts(cbc(aes))";
    169. 

  169. 		break;
    170. 

  170. 	default:
    171. 

  171. 		printk_once(KERN_WARNING
    172. 

  172. 			    "f2fs: unsupported key mode %d (ino %u)\n",
    173. 

  173. 			    mode, (unsigned) inode->i_ino);
    174. 

  174. 		res = -ENOKEY;
    175. 

  175. 		goto out;
    176. 

  176. 	}
    177. 

  177. 

  178. 	memcpy(full_key_descriptor, F2FS_KEY_DESC_PREFIX,
    179. 

  179. 					F2FS_KEY_DESC_PREFIX_SIZE);
    180. 

  180. 	sprintf(full_key_descriptor + F2FS_KEY_DESC_PREFIX_SIZE,
    181. 

  181. 					"%*phN", F2FS_KEY_DESCRIPTOR_SIZE,
    182. 

  182. 					ctx.master_key_descriptor);
    183. 

  183. 	full_key_descriptor[F2FS_KEY_DESC_PREFIX_SIZE +
    184. 

  184. 					(2 * F2FS_KEY_DESCRIPTOR_SIZE)] = '\0';
    185. 

  185. 	keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL);
    186. 

  186. 	if (IS_ERR(keyring_key)) {
    187. 

  187. 		res = PTR_ERR(keyring_key);
    188. 

  188. 		keyring_key = NULL;
    189. 

  189. 		goto out;
    190. 

  190. 	}
    191. 

  191. 	if (keyring_key->type != &key_type_logon) {
    192. 

  192. 		printk_once(KERN_WARNING "f2fs: key type must be logon\n");
    193. 

  193. 		res = -ENOKEY;
    194. 

  194. 		goto out;
    195. 

  195. 	}
    196. 

  196. 	down_read(&keyring_key->sem);
    197. 

  197. 	ukp = user_key_payload(keyring_key);
    198. 

  198. 	if (!ukp) {
    199. 

  199. 		/* key was revoked before we acquired its semaphore */
    200. 

  200. 		res = -EKEYREVOKED;
    201. 

  201. 		up_read(&keyring_key->sem);
    202. 

  202. 		goto out;
    203. 

  203. 	}
    204. 

  204. 	if (ukp->datalen != sizeof(struct f2fs_encryption_key)) {
    205. 

  205. 		res = -EINVAL;
    206. 

  206. 		up_read(&keyring_key->sem);
    207. 

  207. 		goto out;
    208. 

  208. 	}
    209. 

  209. 	master_key = (struct f2fs_encryption_key *)ukp->data;
    210. 

  210. 	BUILD_BUG_ON(F2FS_AES_128_ECB_KEY_SIZE !=
    211. 

  211. 				F2FS_KEY_DERIVATION_NONCE_SIZE);
    212. 

  212. 	if (master_key->size != F2FS_AES_256_XTS_KEY_SIZE) {
    213. 

  213. 		printk_once(KERN_WARNING
    214. 

  214. 				"f2fs: key size incorrect: %d\n",
    215. 

  215. 				master_key->size);
    216. 

  216. 		res = -ENOKEY;
    217. 

  217. 		up_read(&keyring_key->sem);
    218. 

  218. 		goto out;
    219. 

  219. 	}
    220. 

  220. 	res = f2fs_derive_key_aes(ctx.nonce, master_key->raw,
    221. 

  221. 				  raw_key);
    222. 

  222. 	up_read(&keyring_key->sem);
    223. 

  223. 	if (res)
    224. 

  224. 		goto out;
    225. 

  225. 

  226. 	ctfm = crypto_alloc_ablkcipher(cipher_str, 0, 0);
    227. 

  227. 	if (!ctfm || IS_ERR(ctfm)) {
    228. 

  228. 		res = ctfm ? PTR_ERR(ctfm) : -ENOMEM;
    229. 

  229. 		printk(KERN_DEBUG
    230. 

  230. 		       "%s: error %d (inode %u) allocating crypto tfm\n",
    231. 

  231. 		       __func__, res, (unsigned) inode->i_ino);
    232. 

  232. 		goto out;
    233. 

  233. 	}
    234. 

  234. 	crypt_info->ci_ctfm = ctfm;
    235. 

  235. 	crypto_ablkcipher_clear_flags(ctfm, ~0);
    236. 

  236. 	crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctfm),
    237. 

  237. 			     CRYPTO_TFM_REQ_WEAK_KEY);
    238. 

  238. 	res = crypto_ablkcipher_setkey(ctfm, raw_key,
    239. 

  239. 					f2fs_encryption_key_size(mode));
    240. 

  240. 	if (res)
    241. 

  241. 		goto out;
    242. 

  242. 

  243. 	if (cmpxchg(&fi->i_crypt_info, NULL, crypt_info) == NULL)
    244. 

  244. 		crypt_info = NULL;
    245. 

  245. out:
    246. 

  246. 	if (res == -ENOKEY && !S_ISREG(inode->i_mode))
    247. 

  247. 		res = 0;
    248. 

  248. 	key_put(keyring_key);
    249. 

  249. 	f2fs_free_crypt_info(crypt_info);
    250. 

  250. 	memzero_explicit(raw_key, sizeof(raw_key));
    251. 

  251. 	return res;
    252. 

  252. }
    253. 

  253. 

  254. int f2fs_has_encryption_key(struct inode *inode)
    255. 

  255. {
    256. 

  256. 	struct f2fs_inode_info *fi = F2FS_I(inode);
    257. 

  257. 

  258. 	return (fi->i_crypt_info != NULL);
    259. 

  259. }
    260.