blob: 3f4085703e6c7f9c918fcf9129203505e909f71c [file] [log] [blame]
Mimi Zohar7e70cb42010-11-23 18:55:35 -05001/*
2 * Copyright (C) 2010 IBM Corporation
3 *
4 * Author:
5 * Mimi Zohar <zohar@us.ibm.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, version 2 of the License.
10 *
11 * See Documentation/keys-trusted-encrypted.txt
12 */
13
14#include <linux/uaccess.h>
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/slab.h>
18#include <linux/parser.h>
19#include <linux/string.h>
Mimi Zohar93ae86e2010-11-29 16:20:04 -050020#include <linux/err.h>
Mimi Zohar7e70cb42010-11-23 18:55:35 -050021#include <keys/user-type.h>
22#include <keys/trusted-type.h>
23#include <keys/encrypted-type.h>
24#include <linux/key-type.h>
25#include <linux/random.h>
26#include <linux/rcupdate.h>
27#include <linux/scatterlist.h>
28#include <linux/crypto.h>
29#include <crypto/hash.h>
30#include <crypto/sha.h>
31#include <crypto/aes.h>
32
33#include "encrypted_defined.h"
34
35#define KEY_TRUSTED_PREFIX "trusted:"
36#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)
37#define KEY_USER_PREFIX "user:"
38#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)
39
40#define HASH_SIZE SHA256_DIGEST_SIZE
41#define MAX_DATA_SIZE 4096
42#define MIN_DATA_SIZE 20
43
44static const char hash_alg[] = "sha256";
45static const char hmac_alg[] = "hmac(sha256)";
46static const char blkcipher_alg[] = "cbc(aes)";
47static unsigned int ivsize;
48static int blksize;
49
50struct sdesc {
51 struct shash_desc shash;
52 char ctx[];
53};
54
55static struct crypto_shash *hashalg;
56static struct crypto_shash *hmacalg;
57
58enum {
59 Opt_err = -1, Opt_new, Opt_load, Opt_update
60};
61
62static const match_table_t key_tokens = {
63 {Opt_new, "new"},
64 {Opt_load, "load"},
65 {Opt_update, "update"},
66 {Opt_err, NULL}
67};
68
69static int aes_get_sizes(void)
70{
71 struct crypto_blkcipher *tfm;
72
73 tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
74 if (IS_ERR(tfm)) {
75 pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
76 PTR_ERR(tfm));
77 return PTR_ERR(tfm);
78 }
79 ivsize = crypto_blkcipher_ivsize(tfm);
80 blksize = crypto_blkcipher_blocksize(tfm);
81 crypto_free_blkcipher(tfm);
82 return 0;
83}
84
85/*
86 * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key
87 *
88 * key-type:= "trusted:" | "encrypted:"
89 * desc:= master-key description
90 *
91 * Verify that 'key-type' is valid and that 'desc' exists. On key update,
92 * only the master key description is permitted to change, not the key-type.
93 * The key-type remains constant.
94 *
95 * On success returns 0, otherwise -EINVAL.
96 */
97static int valid_master_desc(const char *new_desc, const char *orig_desc)
98{
99 if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) {
100 if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN)
101 goto out;
102 if (orig_desc)
103 if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN))
104 goto out;
105 } else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) {
106 if (strlen(new_desc) == KEY_USER_PREFIX_LEN)
107 goto out;
108 if (orig_desc)
109 if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN))
110 goto out;
111 } else
112 goto out;
113 return 0;
114out:
115 return -EINVAL;
116}
117
118/*
119 * datablob_parse - parse the keyctl data
120 *
121 * datablob format:
122 * new <master-key name> <decrypted data length>
123 * load <master-key name> <decrypted data length> <encrypted iv + data>
124 * update <new-master-key name>
125 *
126 * Tokenizes a copy of the keyctl data, returning a pointer to each token,
127 * which is null terminated.
128 *
129 * On success returns 0, otherwise -EINVAL.
130 */
131static int datablob_parse(char *datablob, char **master_desc,
132 char **decrypted_datalen, char **hex_encoded_iv,
133 char **hex_encoded_data)
134{
135 substring_t args[MAX_OPT_ARGS];
136 int ret = -EINVAL;
137 int key_cmd;
138 char *p;
139
140 p = strsep(&datablob, " \t");
141 if (!p)
142 return ret;
143 key_cmd = match_token(p, key_tokens, args);
144
145 *master_desc = strsep(&datablob, " \t");
146 if (!*master_desc)
147 goto out;
148
149 if (valid_master_desc(*master_desc, NULL) < 0)
150 goto out;
151
152 if (decrypted_datalen) {
153 *decrypted_datalen = strsep(&datablob, " \t");
154 if (!*decrypted_datalen)
155 goto out;
156 }
157
158 switch (key_cmd) {
159 case Opt_new:
160 if (!decrypted_datalen)
161 break;
162 ret = 0;
163 break;
164 case Opt_load:
165 if (!decrypted_datalen)
166 break;
167 *hex_encoded_iv = strsep(&datablob, " \t");
168 if (!*hex_encoded_iv)
169 break;
170 *hex_encoded_data = *hex_encoded_iv + (2 * ivsize) + 2;
171 ret = 0;
172 break;
173 case Opt_update:
174 if (decrypted_datalen)
175 break;
176 ret = 0;
177 break;
178 case Opt_err:
179 break;
180 }
181out:
182 return ret;
183}
184
185/*
186 * datablob_format - format as an ascii string, before copying to userspace
187 */
188static char *datablob_format(struct encrypted_key_payload *epayload,
189 size_t asciiblob_len)
190{
191 char *ascii_buf, *bufp;
192 u8 *iv = epayload->iv;
193 int len;
194 int i;
195
196 ascii_buf = kmalloc(asciiblob_len + 1, GFP_KERNEL);
197 if (!ascii_buf)
198 goto out;
199
200 ascii_buf[asciiblob_len] = '\0';
201
202 /* copy datablob master_desc and datalen strings */
203 len = sprintf(ascii_buf, "%s %s ", epayload->master_desc,
204 epayload->datalen);
205
206 /* convert the hex encoded iv, encrypted-data and HMAC to ascii */
207 bufp = &ascii_buf[len];
208 for (i = 0; i < (asciiblob_len - len) / 2; i++)
209 bufp = pack_hex_byte(bufp, iv[i]);
210out:
211 return ascii_buf;
212}
213
214/*
215 * request_trusted_key - request the trusted key
216 *
217 * Trusted keys are sealed to PCRs and other metadata. Although userspace
218 * manages both trusted/encrypted key-types, like the encrypted key type
219 * data, trusted key type data is not visible decrypted from userspace.
220 */
221static struct key *request_trusted_key(const char *trusted_desc,
222 u8 **master_key,
223 unsigned int *master_keylen)
224{
225 struct trusted_key_payload *tpayload;
226 struct key *tkey;
227
228 tkey = request_key(&key_type_trusted, trusted_desc, NULL);
229 if (IS_ERR(tkey))
230 goto error;
231
232 down_read(&tkey->sem);
233 tpayload = rcu_dereference(tkey->payload.data);
234 *master_key = tpayload->key;
235 *master_keylen = tpayload->key_len;
236error:
237 return tkey;
238}
239
240/*
241 * request_user_key - request the user key
242 *
243 * Use a user provided key to encrypt/decrypt an encrypted-key.
244 */
245static struct key *request_user_key(const char *master_desc, u8 **master_key,
246 unsigned int *master_keylen)
247{
248 struct user_key_payload *upayload;
249 struct key *ukey;
250
251 ukey = request_key(&key_type_user, master_desc, NULL);
252 if (IS_ERR(ukey))
253 goto error;
254
255 down_read(&ukey->sem);
256 upayload = rcu_dereference(ukey->payload.data);
257 *master_key = upayload->data;
258 *master_keylen = upayload->datalen;
259error:
260 return ukey;
261}
262
263static struct sdesc *init_sdesc(struct crypto_shash *alg)
264{
265 struct sdesc *sdesc;
266 int size;
267
268 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
269 sdesc = kmalloc(size, GFP_KERNEL);
270 if (!sdesc)
271 return ERR_PTR(-ENOMEM);
272 sdesc->shash.tfm = alg;
273 sdesc->shash.flags = 0x0;
274 return sdesc;
275}
276
277static int calc_hmac(u8 *digest, const u8 *key, const unsigned int keylen,
278 const u8 *buf, const unsigned int buflen)
279{
280 struct sdesc *sdesc;
281 int ret;
282
283 sdesc = init_sdesc(hmacalg);
284 if (IS_ERR(sdesc)) {
285 pr_info("encrypted_key: can't alloc %s\n", hmac_alg);
286 return PTR_ERR(sdesc);
287 }
288
289 ret = crypto_shash_setkey(hmacalg, key, keylen);
290 if (!ret)
291 ret = crypto_shash_digest(&sdesc->shash, buf, buflen, digest);
292 kfree(sdesc);
293 return ret;
294}
295
296static int calc_hash(u8 *digest, const u8 *buf, const unsigned int buflen)
297{
298 struct sdesc *sdesc;
299 int ret;
300
301 sdesc = init_sdesc(hashalg);
302 if (IS_ERR(sdesc)) {
303 pr_info("encrypted_key: can't alloc %s\n", hash_alg);
304 return PTR_ERR(sdesc);
305 }
306
307 ret = crypto_shash_digest(&sdesc->shash, buf, buflen, digest);
308 kfree(sdesc);
309 return ret;
310}
311
312enum derived_key_type { ENC_KEY, AUTH_KEY };
313
314/* Derive authentication/encryption key from trusted key */
315static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
316 const u8 *master_key,
317 const unsigned int master_keylen)
318{
319 u8 *derived_buf;
320 unsigned int derived_buf_len;
321 int ret;
322
323 derived_buf_len = strlen("AUTH_KEY") + 1 + master_keylen;
324 if (derived_buf_len < HASH_SIZE)
325 derived_buf_len = HASH_SIZE;
326
327 derived_buf = kzalloc(derived_buf_len, GFP_KERNEL);
328 if (!derived_buf) {
329 pr_err("encrypted_key: out of memory\n");
330 return -ENOMEM;
331 }
332 if (key_type)
333 strcpy(derived_buf, "AUTH_KEY");
334 else
335 strcpy(derived_buf, "ENC_KEY");
336
337 memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
338 master_keylen);
339 ret = calc_hash(derived_key, derived_buf, derived_buf_len);
340 kfree(derived_buf);
341 return ret;
342}
343
344static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
345 const unsigned int key_len, const u8 *iv,
346 const unsigned int ivsize)
347{
348 int ret;
349
350 desc->tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
351 if (IS_ERR(desc->tfm)) {
352 pr_err("encrypted_key: failed to load %s transform (%ld)\n",
353 blkcipher_alg, PTR_ERR(desc->tfm));
354 return PTR_ERR(desc->tfm);
355 }
356 desc->flags = 0;
357
358 ret = crypto_blkcipher_setkey(desc->tfm, key, key_len);
359 if (ret < 0) {
360 pr_err("encrypted_key: failed to setkey (%d)\n", ret);
361 crypto_free_blkcipher(desc->tfm);
362 return ret;
363 }
364 crypto_blkcipher_set_iv(desc->tfm, iv, ivsize);
365 return 0;
366}
367
368static struct key *request_master_key(struct encrypted_key_payload *epayload,
369 u8 **master_key,
370 unsigned int *master_keylen)
371{
372 struct key *mkey = NULL;
373
374 if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX,
375 KEY_TRUSTED_PREFIX_LEN)) {
376 mkey = request_trusted_key(epayload->master_desc +
377 KEY_TRUSTED_PREFIX_LEN,
378 master_key, master_keylen);
379 } else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX,
380 KEY_USER_PREFIX_LEN)) {
381 mkey = request_user_key(epayload->master_desc +
382 KEY_USER_PREFIX_LEN,
383 master_key, master_keylen);
384 } else
385 goto out;
386
387 if (IS_ERR(mkey))
388 pr_info("encrypted_key: key %s not found",
389 epayload->master_desc);
390 if (mkey)
391 dump_master_key(*master_key, *master_keylen);
392out:
393 return mkey;
394}
395
396/* Before returning data to userspace, encrypt decrypted data. */
397static int derived_key_encrypt(struct encrypted_key_payload *epayload,
398 const u8 *derived_key,
399 const unsigned int derived_keylen)
400{
401 struct scatterlist sg_in[2];
402 struct scatterlist sg_out[1];
403 struct blkcipher_desc desc;
404 unsigned int encrypted_datalen;
405 unsigned int padlen;
406 char pad[16];
407 int ret;
408
409 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
410 padlen = encrypted_datalen - epayload->decrypted_datalen;
411
412 ret = init_blkcipher_desc(&desc, derived_key, derived_keylen,
413 epayload->iv, ivsize);
414 if (ret < 0)
415 goto out;
416 dump_decrypted_data(epayload);
417
418 memset(pad, 0, sizeof pad);
419 sg_init_table(sg_in, 2);
420 sg_set_buf(&sg_in[0], epayload->decrypted_data,
421 epayload->decrypted_datalen);
422 sg_set_buf(&sg_in[1], pad, padlen);
423
424 sg_init_table(sg_out, 1);
425 sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
426
427 ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, encrypted_datalen);
428 crypto_free_blkcipher(desc.tfm);
429 if (ret < 0)
430 pr_err("encrypted_key: failed to encrypt (%d)\n", ret);
431 else
432 dump_encrypted_data(epayload, encrypted_datalen);
433out:
434 return ret;
435}
436
437static int datablob_hmac_append(struct encrypted_key_payload *epayload,
438 const u8 *master_key,
439 const unsigned int master_keylen)
440{
441 u8 derived_key[HASH_SIZE];
442 u8 *digest;
443 int ret;
444
445 ret = get_derived_key(derived_key, AUTH_KEY, master_key, master_keylen);
446 if (ret < 0)
447 goto out;
448
449 digest = epayload->master_desc + epayload->datablob_len;
450 ret = calc_hmac(digest, derived_key, sizeof derived_key,
451 epayload->master_desc, epayload->datablob_len);
452 if (!ret)
453 dump_hmac(NULL, digest, HASH_SIZE);
454out:
455 return ret;
456}
457
458/* verify HMAC before decrypting encrypted key */
459static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
460 const u8 *master_key,
461 const unsigned int master_keylen)
462{
463 u8 derived_key[HASH_SIZE];
464 u8 digest[HASH_SIZE];
465 int ret;
466
467 ret = get_derived_key(derived_key, AUTH_KEY, master_key, master_keylen);
468 if (ret < 0)
469 goto out;
470
471 ret = calc_hmac(digest, derived_key, sizeof derived_key,
472 epayload->master_desc, epayload->datablob_len);
473 if (ret < 0)
474 goto out;
475 ret = memcmp(digest, epayload->master_desc + epayload->datablob_len,
476 sizeof digest);
477 if (ret) {
478 ret = -EINVAL;
479 dump_hmac("datablob",
480 epayload->master_desc + epayload->datablob_len,
481 HASH_SIZE);
482 dump_hmac("calc", digest, HASH_SIZE);
483 }
484out:
485 return ret;
486}
487
488static int derived_key_decrypt(struct encrypted_key_payload *epayload,
489 const u8 *derived_key,
490 const unsigned int derived_keylen)
491{
492 struct scatterlist sg_in[1];
493 struct scatterlist sg_out[2];
494 struct blkcipher_desc desc;
495 unsigned int encrypted_datalen;
496 char pad[16];
497 int ret;
498
499 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
500 ret = init_blkcipher_desc(&desc, derived_key, derived_keylen,
501 epayload->iv, ivsize);
502 if (ret < 0)
503 goto out;
504 dump_encrypted_data(epayload, encrypted_datalen);
505
506 memset(pad, 0, sizeof pad);
507 sg_init_table(sg_in, 1);
508 sg_init_table(sg_out, 2);
509 sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen);
510 sg_set_buf(&sg_out[0], epayload->decrypted_data,
511 (unsigned int)epayload->decrypted_datalen);
512 sg_set_buf(&sg_out[1], pad, sizeof pad);
513
514 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen);
515 crypto_free_blkcipher(desc.tfm);
516 if (ret < 0)
517 goto out;
518 dump_decrypted_data(epayload);
519out:
520 return ret;
521}
522
523/* Allocate memory for decrypted key and datablob. */
524static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
525 const char *master_desc,
526 const char *datalen)
527{
528 struct encrypted_key_payload *epayload = NULL;
529 unsigned short datablob_len;
530 unsigned short decrypted_datalen;
531 unsigned int encrypted_datalen;
532 long dlen;
533 int ret;
534
535 ret = strict_strtol(datalen, 10, &dlen);
536 if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)
537 return ERR_PTR(-EINVAL);
538
539 decrypted_datalen = dlen;
540 encrypted_datalen = roundup(decrypted_datalen, blksize);
541
542 datablob_len = strlen(master_desc) + 1 + strlen(datalen) + 1
543 + ivsize + 1 + encrypted_datalen;
544
545 ret = key_payload_reserve(key, decrypted_datalen + datablob_len
546 + HASH_SIZE + 1);
547 if (ret < 0)
548 return ERR_PTR(ret);
549
550 epayload = kzalloc(sizeof(*epayload) + decrypted_datalen +
551 datablob_len + HASH_SIZE + 1, GFP_KERNEL);
552 if (!epayload)
553 return ERR_PTR(-ENOMEM);
554
555 epayload->decrypted_datalen = decrypted_datalen;
556 epayload->datablob_len = datablob_len;
557 return epayload;
558}
559
560static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
561 const char *hex_encoded_iv,
562 const char *hex_encoded_data)
563{
564 struct key *mkey;
565 u8 derived_key[HASH_SIZE];
566 u8 *master_key;
567 u8 *hmac;
568 unsigned int master_keylen;
569 unsigned int encrypted_datalen;
570 int ret;
571
572 encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
573 hex2bin(epayload->iv, hex_encoded_iv, ivsize);
574 hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen);
575
576 hmac = epayload->master_desc + epayload->datablob_len;
577 hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE);
578
579 mkey = request_master_key(epayload, &master_key, &master_keylen);
580 if (IS_ERR(mkey))
581 return PTR_ERR(mkey);
582
583 ret = datablob_hmac_verify(epayload, master_key, master_keylen);
584 if (ret < 0) {
585 pr_err("encrypted_key: bad hmac (%d)\n", ret);
586 goto out;
587 }
588
589 ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen);
590 if (ret < 0)
591 goto out;
592
593 ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key);
594 if (ret < 0)
595 pr_err("encrypted_key: failed to decrypt key (%d)\n", ret);
596out:
597 up_read(&mkey->sem);
598 key_put(mkey);
599 return ret;
600}
601
602static void __ekey_init(struct encrypted_key_payload *epayload,
603 const char *master_desc, const char *datalen)
604{
605 epayload->master_desc = epayload->decrypted_data
606 + epayload->decrypted_datalen;
607 epayload->datalen = epayload->master_desc + strlen(master_desc) + 1;
608 epayload->iv = epayload->datalen + strlen(datalen) + 1;
609 epayload->encrypted_data = epayload->iv + ivsize + 1;
610
611 memcpy(epayload->master_desc, master_desc, strlen(master_desc));
612 memcpy(epayload->datalen, datalen, strlen(datalen));
613}
614
615/*
616 * encrypted_init - initialize an encrypted key
617 *
618 * For a new key, use a random number for both the iv and data
619 * itself. For an old key, decrypt the hex encoded data.
620 */
621static int encrypted_init(struct encrypted_key_payload *epayload,
622 const char *master_desc, const char *datalen,
623 const char *hex_encoded_iv,
624 const char *hex_encoded_data)
625{
626 int ret = 0;
627
628 __ekey_init(epayload, master_desc, datalen);
629 if (!hex_encoded_data) {
630 get_random_bytes(epayload->iv, ivsize);
631
632 get_random_bytes(epayload->decrypted_data,
633 epayload->decrypted_datalen);
634 } else
635 ret = encrypted_key_decrypt(epayload, hex_encoded_iv,
636 hex_encoded_data);
637 return ret;
638}
639
640/*
641 * encrypted_instantiate - instantiate an encrypted key
642 *
643 * Decrypt an existing encrypted datablob or create a new encrypted key
644 * based on a kernel random number.
645 *
646 * On success, return 0. Otherwise return errno.
647 */
648static int encrypted_instantiate(struct key *key, const void *data,
649 size_t datalen)
650{
651 struct encrypted_key_payload *epayload = NULL;
652 char *datablob = NULL;
653 char *master_desc = NULL;
654 char *decrypted_datalen = NULL;
655 char *hex_encoded_iv = NULL;
656 char *hex_encoded_data = NULL;
657 int ret;
658
659 if (datalen <= 0 || datalen > 32767 || !data)
660 return -EINVAL;
661
662 datablob = kmalloc(datalen + 1, GFP_KERNEL);
663 if (!datablob)
664 return -ENOMEM;
665 datablob[datalen] = 0;
666 memcpy(datablob, data, datalen);
667 ret = datablob_parse(datablob, &master_desc, &decrypted_datalen,
668 &hex_encoded_iv, &hex_encoded_data);
669 if (ret < 0)
670 goto out;
671
672 epayload = encrypted_key_alloc(key, master_desc, decrypted_datalen);
673 if (IS_ERR(epayload)) {
674 ret = PTR_ERR(epayload);
675 goto out;
676 }
677 ret = encrypted_init(epayload, master_desc, decrypted_datalen,
678 hex_encoded_iv, hex_encoded_data);
679 if (ret < 0) {
680 kfree(epayload);
681 goto out;
682 }
683
684 rcu_assign_pointer(key->payload.data, epayload);
685out:
686 kfree(datablob);
687 return ret;
688}
689
690static void encrypted_rcu_free(struct rcu_head *rcu)
691{
692 struct encrypted_key_payload *epayload;
693
694 epayload = container_of(rcu, struct encrypted_key_payload, rcu);
695 memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
696 kfree(epayload);
697}
698
699/*
700 * encrypted_update - update the master key description
701 *
702 * Change the master key description for an existing encrypted key.
703 * The next read will return an encrypted datablob using the new
704 * master key description.
705 *
706 * On success, return 0. Otherwise return errno.
707 */
708static int encrypted_update(struct key *key, const void *data, size_t datalen)
709{
710 struct encrypted_key_payload *epayload = key->payload.data;
711 struct encrypted_key_payload *new_epayload;
712 char *buf;
713 char *new_master_desc = NULL;
714 int ret = 0;
715
716 if (datalen <= 0 || datalen > 32767 || !data)
717 return -EINVAL;
718
719 buf = kmalloc(datalen + 1, GFP_KERNEL);
720 if (!buf)
721 return -ENOMEM;
722
723 buf[datalen] = 0;
724 memcpy(buf, data, datalen);
725 ret = datablob_parse(buf, &new_master_desc, NULL, NULL, NULL);
726 if (ret < 0)
727 goto out;
728
729 ret = valid_master_desc(new_master_desc, epayload->master_desc);
730 if (ret < 0)
731 goto out;
732
733 new_epayload = encrypted_key_alloc(key, new_master_desc,
734 epayload->datalen);
735 if (IS_ERR(new_epayload)) {
736 ret = PTR_ERR(new_epayload);
737 goto out;
738 }
739
740 __ekey_init(new_epayload, new_master_desc, epayload->datalen);
741
742 memcpy(new_epayload->iv, epayload->iv, ivsize);
743 memcpy(new_epayload->decrypted_data, epayload->decrypted_data,
744 epayload->decrypted_datalen);
745
746 rcu_assign_pointer(key->payload.data, new_epayload);
747 call_rcu(&epayload->rcu, encrypted_rcu_free);
748out:
749 kfree(buf);
750 return ret;
751}
752
753/*
754 * encrypted_read - format and copy the encrypted data to userspace
755 *
756 * The resulting datablob format is:
757 * <master-key name> <decrypted data length> <encrypted iv> <encrypted data>
758 *
759 * On success, return to userspace the encrypted key datablob size.
760 */
761static long encrypted_read(const struct key *key, char __user *buffer,
762 size_t buflen)
763{
764 struct encrypted_key_payload *epayload;
765 struct key *mkey;
766 u8 *master_key;
767 unsigned int master_keylen;
768 char derived_key[HASH_SIZE];
769 char *ascii_buf;
770 size_t asciiblob_len;
771 int ret;
772
773 epayload = rcu_dereference_protected(key->payload.data,
774 rwsem_is_locked(&((struct key *)key)->sem));
775
776 /* returns the hex encoded iv, encrypted-data, and hmac as ascii */
777 asciiblob_len = epayload->datablob_len + ivsize + 1
778 + roundup(epayload->decrypted_datalen, blksize)
779 + (HASH_SIZE * 2);
780
781 if (!buffer || buflen < asciiblob_len)
782 return asciiblob_len;
783
784 mkey = request_master_key(epayload, &master_key, &master_keylen);
785 if (IS_ERR(mkey))
786 return PTR_ERR(mkey);
787
788 ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen);
789 if (ret < 0)
790 goto out;
791
792 ret = derived_key_encrypt(epayload, derived_key, sizeof derived_key);
793 if (ret < 0)
794 goto out;
795
796 ret = datablob_hmac_append(epayload, master_key, master_keylen);
797 if (ret < 0)
798 goto out;
799
800 ascii_buf = datablob_format(epayload, asciiblob_len);
801 if (!ascii_buf) {
802 ret = -ENOMEM;
803 goto out;
804 }
805
806 up_read(&mkey->sem);
807 key_put(mkey);
808
809 if (copy_to_user(buffer, ascii_buf, asciiblob_len) != 0)
810 ret = -EFAULT;
811 kfree(ascii_buf);
812
813 return asciiblob_len;
814out:
815 up_read(&mkey->sem);
816 key_put(mkey);
817 return ret;
818}
819
820/*
821 * encrypted_destroy - before freeing the key, clear the decrypted data
822 *
823 * Before freeing the key, clear the memory containing the decrypted
824 * key data.
825 */
826static void encrypted_destroy(struct key *key)
827{
828 struct encrypted_key_payload *epayload = key->payload.data;
829
830 if (!epayload)
831 return;
832
833 memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
834 kfree(key->payload.data);
835}
836
837struct key_type key_type_encrypted = {
838 .name = "encrypted",
839 .instantiate = encrypted_instantiate,
840 .update = encrypted_update,
841 .match = user_match,
842 .destroy = encrypted_destroy,
843 .describe = user_describe,
844 .read = encrypted_read,
845};
846EXPORT_SYMBOL_GPL(key_type_encrypted);
847
848static void encrypted_shash_release(void)
849{
850 if (hashalg)
851 crypto_free_shash(hashalg);
852 if (hmacalg)
853 crypto_free_shash(hmacalg);
854}
855
856static int __init encrypted_shash_alloc(void)
857{
858 int ret;
859
860 hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC);
861 if (IS_ERR(hmacalg)) {
862 pr_info("encrypted_key: could not allocate crypto %s\n",
863 hmac_alg);
864 return PTR_ERR(hmacalg);
865 }
866
867 hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC);
868 if (IS_ERR(hashalg)) {
869 pr_info("encrypted_key: could not allocate crypto %s\n",
870 hash_alg);
871 ret = PTR_ERR(hashalg);
872 goto hashalg_fail;
873 }
874
875 return 0;
876
877hashalg_fail:
878 crypto_free_shash(hmacalg);
879 return ret;
880}
881
882static int __init init_encrypted(void)
883{
884 int ret;
885
886 ret = encrypted_shash_alloc();
887 if (ret < 0)
888 return ret;
889 ret = register_key_type(&key_type_encrypted);
890 if (ret < 0)
891 goto out;
892 return aes_get_sizes();
893out:
894 encrypted_shash_release();
895 return ret;
896
897}
898
899static void __exit cleanup_encrypted(void)
900{
901 encrypted_shash_release();
902 unregister_key_type(&key_type_encrypted);
903}
904
905late_initcall(init_encrypted);
906module_exit(cleanup_encrypted);
907
908MODULE_LICENSE("GPL");