1 // SPDX-License-Identifier: GPL-2.0
11 #include <linux/key-type.h>
14 #include <keys/ceph-type.h>
15 #include <keys/user-type.h>
20  * Set ->key and ->tfm.  The rest of the key should be filled in before
28 	key->key = NULL;  in set_secret()
29 	key->tfm = NULL;  in set_secret()
31 	switch (key->type) {  in set_secret()
36 	default:  in set_secret()
37 		return -ENOTSUPP;  in set_secret()
40 	if (!key->len)  in set_secret()
41 		return -EINVAL;  in set_secret()
43 	key->key = kmemdup(buf, key->len, GFP_NOIO);  in set_secret()
44 	if (!key->key) {  in set_secret()
45 		ret = -ENOMEM;  in set_secret()
51 	key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);  in set_secret()
53 	if (IS_ERR(key->tfm)) {  in set_secret()
54 		ret = PTR_ERR(key->tfm);  in set_secret()
55 		key->tfm = NULL;  in set_secret()
59 	ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len);  in set_secret()
74 	return set_secret(dst, src->key);  in ceph_crypto_key_clone()
81 	ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad);  in ceph_crypto_key_decode()
82 	key->type = ceph_decode_16(p);  in ceph_crypto_key_decode()
83 	ceph_decode_copy(p, &key->created, sizeof(key->created));  in ceph_crypto_key_decode()
84 	key->len = ceph_decode_16(p);  in ceph_crypto_key_decode()
85 	ceph_decode_need(p, end, key->len, bad);  in ceph_crypto_key_decode()
87 	memzero_explicit(*p, key->len);  in ceph_crypto_key_decode()
88 	*p += key->len;  in ceph_crypto_key_decode()
92 	dout("failed to decode crypto key\n");  in ceph_crypto_key_decode()
93 	return -EINVAL;  in ceph_crypto_key_decode()
103 	dout("crypto_key_unarmor %s\n", inkey);  in ceph_crypto_key_unarmor()
106 		return -ENOMEM;  in ceph_crypto_key_unarmor()
118 	dout("crypto_key_unarmor key %p type %d len %d\n", key,  in ceph_crypto_key_unarmor()
119 	     key->type, key->len);  in ceph_crypto_key_unarmor()
126 		kfree_sensitive(key->key);  in ceph_crypto_key_destroy()
127 		key->key = NULL;  in ceph_crypto_key_destroy()
128 		if (key->tfm) {  in ceph_crypto_key_destroy()
129 			crypto_free_sync_skcipher(key->tfm);  in ceph_crypto_key_destroy()
130 			key->tfm = NULL;  in ceph_crypto_key_destroy()
139  * Currently these are encrypt out-buffer (ceph_buffer) and decrypt
140  * in-buffer (msg front).
162 		return -EINVAL;  in setup_sgtable()
177 		sgt->sgl = prealloc_sg;  in setup_sgtable()
178 		sgt->nents = sgt->orig_nents = 1;  in setup_sgtable()
181 	for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) {  in setup_sgtable()
183 		unsigned int len = min(chunk_len - off, buf_len);  in setup_sgtable()
194 		buf_len -= len;  in setup_sgtable()
203 	if (sgt->orig_nents > 1)  in teardown_sgtable()
210 	SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);  in ceph_aes_crypt()
214 	int pad_byte = AES_BLOCK_SIZE - (in_len & (AES_BLOCK_SIZE - 1));  in ceph_aes_crypt()
226 	skcipher_request_set_sync_tfm(req, key->tfm);  in ceph_aes_crypt()
232 		       key->key, key->len, 1);  in ceph_aes_crypt()
254 		pad_byte = *(char *)(buf + in_len - 1);  in ceph_aes_crypt()
257 			*pout_len = in_len - pad_byte;  in ceph_aes_crypt()
261 			ret = -EPERM;  in ceph_aes_crypt()
274 	switch (key->type) {  in ceph_crypt()
281 	default:  in ceph_crypt()
282 		return -ENOTSUPP;  in ceph_crypt()
289 	size_t datalen = prep->datalen;  in ceph_key_preparse()
293 	ret = -EINVAL;  in ceph_key_preparse()
294 	if (datalen <= 0 || datalen > 32767 || !prep->data)  in ceph_key_preparse()
297 	ret = -ENOMEM;  in ceph_key_preparse()
303 	p = (void *)prep->data;  in ceph_key_preparse()
304 	ret = ceph_crypto_key_decode(ckey, &p, (char*)prep->data+datalen);  in ceph_key_preparse()
308 	prep->payload.data[0] = ckey;  in ceph_key_preparse()
309 	prep->quotalen = datalen;  in ceph_key_preparse()
320 	struct ceph_crypto_key *ckey = prep->payload.data[0];  in ceph_key_free_preparse()
327 	struct ceph_crypto_key *ckey = key->payload.data[0];  in ceph_key_destroy()