6 #include <linux/slab.h>
27 sizeof(
u16) + key->
len > end)
29 ceph_encode_16(p, key->
type);
31 ceph_encode_16(p, key->
len);
32 ceph_encode_copy(p, key->
key, key->
len);
39 key->
type = ceph_decode_16(p);
41 key->
len = ceph_decode_16(p);
46 ceph_decode_copy(p, key->
key, key->
len);
50 dout(
"failed to decode crypto key\n");
57 int blen = inlen * 3 / 4;
61 dout(
"crypto_key_unarmor %s\n", inkey);
76 dout(
"crypto_key_unarmor key %p type %d len %d\n", key,
83 #define AES_KEY_SIZE 16
92 static int ceph_aes_encrypt(
const void *
key,
int key_len,
93 void *
dst,
size_t *dst_len,
94 const void *
src,
size_t src_len)
102 size_t zero_padding = (0x10 - (src_len & 0x0f));
108 memset(pad, zero_padding, zero_padding);
110 *dst_len = src_len + zero_padding;
112 crypto_blkcipher_setkey((
void *)tfm, key, key_len);
114 sg_set_buf(&sg_in[0], src, src_len);
115 sg_set_buf(&sg_in[1], pad, zero_padding);
117 sg_set_buf(sg_out, dst, *dst_len);
118 iv = crypto_blkcipher_crt(tfm)->iv;
119 ivsize = crypto_blkcipher_ivsize(tfm);
121 memcpy(iv, aes_iv, ivsize);
130 ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
131 src_len + zero_padding);
132 crypto_free_blkcipher(tfm);
134 pr_err(
"ceph_aes_crypt failed %d\n", ret);
142 static int ceph_aes_encrypt2(
const void *key,
int key_len,
void *dst,
144 const void *src1,
size_t src1_len,
145 const void *src2,
size_t src2_len)
153 size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f));
159 memset(pad, zero_padding, zero_padding);
161 *dst_len = src1_len + src2_len + zero_padding;
163 crypto_blkcipher_setkey((
void *)tfm, key, key_len);
165 sg_set_buf(&sg_in[0], src1, src1_len);
166 sg_set_buf(&sg_in[1], src2, src2_len);
167 sg_set_buf(&sg_in[2], pad, zero_padding);
169 sg_set_buf(sg_out, dst, *dst_len);
170 iv = crypto_blkcipher_crt(tfm)->iv;
171 ivsize = crypto_blkcipher_ivsize(tfm);
173 memcpy(iv, aes_iv, ivsize);
184 ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
185 src1_len + src2_len + zero_padding);
186 crypto_free_blkcipher(tfm);
188 pr_err(
"ceph_aes_crypt2 failed %d\n", ret);
196 static int ceph_aes_decrypt(
const void *key,
int key_len,
197 void *dst,
size_t *dst_len,
198 const void *src,
size_t src_len)
212 crypto_blkcipher_setkey((
void *)tfm, key, key_len);
215 sg_set_buf(sg_in, src, src_len);
216 sg_set_buf(&sg_out[0], dst, *dst_len);
217 sg_set_buf(&sg_out[1], pad,
sizeof(pad));
219 iv = crypto_blkcipher_crt(tfm)->iv;
220 ivsize = crypto_blkcipher_ivsize(tfm);
222 memcpy(iv, aes_iv, ivsize);
231 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len);
232 crypto_free_blkcipher(tfm);
234 pr_err(
"ceph_aes_decrypt failed %d\n", ret);
238 if (src_len <= *dst_len)
239 last_byte = ((
char *)dst)[src_len - 1];
241 last_byte = pad[src_len - *dst_len - 1];
242 if (last_byte <= 16 && src_len >= last_byte) {
243 *dst_len = src_len - last_byte;
245 pr_err(
"ceph_aes_decrypt got bad padding %d on src len %d\n",
246 last_byte, (
int)src_len);
256 static int ceph_aes_decrypt2(
const void *key,
int key_len,
257 void *dst1,
size_t *dst1_len,
258 void *dst2,
size_t *dst2_len,
259 const void *src,
size_t src_len)
274 sg_set_buf(sg_in, src, src_len);
276 sg_set_buf(&sg_out[0], dst1, *dst1_len);
277 sg_set_buf(&sg_out[1], dst2, *dst2_len);
278 sg_set_buf(&sg_out[2], pad,
sizeof(pad));
280 crypto_blkcipher_setkey((
void *)tfm, key, key_len);
281 iv = crypto_blkcipher_crt(tfm)->iv;
282 ivsize = crypto_blkcipher_ivsize(tfm);
284 memcpy(iv, aes_iv, ivsize);
293 ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len);
294 crypto_free_blkcipher(tfm);
296 pr_err(
"ceph_aes_decrypt failed %d\n", ret);
300 if (src_len <= *dst1_len)
301 last_byte = ((
char *)dst1)[src_len - 1];
302 else if (src_len <= *dst1_len + *dst2_len)
303 last_byte = ((
char *)dst2)[src_len - *dst1_len - 1];
305 last_byte = pad[src_len - *dst1_len - *dst2_len - 1];
306 if (last_byte <= 16 && src_len >= last_byte) {
307 src_len -= last_byte;
309 pr_err(
"ceph_aes_decrypt got bad padding %d on src len %d\n",
310 last_byte, (
int)src_len);
314 if (src_len < *dst1_len) {
318 *dst2_len = src_len - *dst1_len;
332 const void *src,
size_t src_len)
334 switch (secret->
type) {
336 if (*dst_len < src_len)
338 memcpy(dst, src, src_len);
343 return ceph_aes_decrypt(secret->
key, secret->
len, dst,
344 dst_len, src, src_len);
352 void *dst1,
size_t *dst1_len,
353 void *dst2,
size_t *dst2_len,
354 const void *src,
size_t src_len)
358 switch (secret->
type) {
360 if (*dst1_len + *dst2_len < src_len)
362 t =
min(*dst1_len, src_len);
368 t =
min(*dst2_len, src_len);
375 return ceph_aes_decrypt2(secret->
key, secret->
len,
376 dst1, dst1_len, dst2, dst2_len,
385 const void *src,
size_t src_len)
387 switch (secret->
type) {
389 if (*dst_len < src_len)
391 memcpy(dst, src, src_len);
396 return ceph_aes_encrypt(secret->
key, secret->
len, dst,
397 dst_len, src, src_len);
405 const void *src1,
size_t src1_len,
406 const void *src2,
size_t src2_len)
408 switch (secret->
type) {
410 if (*dst_len < src1_len + src2_len)
412 memcpy(dst, src1, src1_len);
413 memcpy(dst + src1_len, src2, src2_len);
414 *dst_len = src1_len + src2_len;
418 return ceph_aes_encrypt2(secret->
key, secret->
len, dst, dst_len,
419 src1, src1_len, src2, src2_len);
429 size_t datalen = prep->datalen;
434 if (datalen <= 0 || datalen > 32767 || !prep->data)
447 p = (
void *)prep->data;
452 key->payload.data =
ckey;
463 return strcmp(key->description, description) == 0;
469 ceph_crypto_key_destroy(ckey);