Path: blob/master/security/keys/encrypted-keys/encrypted.c
29520 views
// SPDX-License-Identifier: GPL-2.0-only1/*2* Copyright (C) 2010 IBM Corporation3* Copyright (C) 2010 Politecnico di Torino, Italy4* TORSEC group -- https://security.polito.it5*6* Authors:7* Mimi Zohar <[email protected]>8* Roberto Sassu <[email protected]>9*10* See Documentation/security/keys/trusted-encrypted.rst11*/1213#include <linux/uaccess.h>14#include <linux/module.h>15#include <linux/init.h>16#include <linux/slab.h>17#include <linux/parser.h>18#include <linux/string.h>19#include <linux/err.h>20#include <keys/user-type.h>21#include <keys/trusted-type.h>22#include <keys/encrypted-type.h>23#include <linux/key-type.h>24#include <linux/random.h>25#include <linux/rcupdate.h>26#include <linux/scatterlist.h>27#include <linux/ctype.h>28#include <crypto/aes.h>29#include <crypto/sha2.h>30#include <crypto/skcipher.h>31#include <crypto/utils.h>3233#include "encrypted.h"34#include "ecryptfs_format.h"3536static const char KEY_TRUSTED_PREFIX[] = "trusted:";37static const char KEY_USER_PREFIX[] = "user:";38static const char blkcipher_alg[] = "cbc(aes)";39static const char key_format_default[] = "default";40static const char key_format_ecryptfs[] = "ecryptfs";41static const char key_format_enc32[] = "enc32";42static unsigned int ivsize;43static int blksize;4445#define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1)46#define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1)47#define KEY_ECRYPTFS_DESC_LEN 1648#define HASH_SIZE SHA256_DIGEST_SIZE49#define MAX_DATA_SIZE 409650#define MIN_DATA_SIZE 2051#define KEY_ENC32_PAYLOAD_LEN 325253enum {54Opt_new, Opt_load, Opt_update, Opt_err55};5657enum {58Opt_default, Opt_ecryptfs, Opt_enc32, Opt_error59};6061static const match_table_t key_format_tokens = {62{Opt_default, "default"},63{Opt_ecryptfs, "ecryptfs"},64{Opt_enc32, "enc32"},65{Opt_error, NULL}66};6768static const match_table_t key_tokens = {69{Opt_new, "new"},70{Opt_load, "load"},71{Opt_update, "update"},72{Opt_err, NULL}73};7475static bool user_decrypted_data = IS_ENABLED(CONFIG_USER_DECRYPTED_DATA);76module_param(user_decrypted_data, bool, 0);77MODULE_PARM_DESC(user_decrypted_data,78"Allow instantiation of encrypted keys using provided decrypted data");7980static int aes_get_sizes(void)81{82struct crypto_skcipher *tfm;8384tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);85if (IS_ERR(tfm)) {86pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",87PTR_ERR(tfm));88return PTR_ERR(tfm);89}90ivsize = crypto_skcipher_ivsize(tfm);91blksize = crypto_skcipher_blocksize(tfm);92crypto_free_skcipher(tfm);93return 0;94}9596/*97* valid_ecryptfs_desc - verify the description of a new/loaded encrypted key98*99* The description of a encrypted key with format 'ecryptfs' must contain100* exactly 16 hexadecimal characters.101*102*/103static int valid_ecryptfs_desc(const char *ecryptfs_desc)104{105int i;106107if (strlen(ecryptfs_desc) != KEY_ECRYPTFS_DESC_LEN) {108pr_err("encrypted_key: key description must be %d hexadecimal "109"characters long\n", KEY_ECRYPTFS_DESC_LEN);110return -EINVAL;111}112113for (i = 0; i < KEY_ECRYPTFS_DESC_LEN; i++) {114if (!isxdigit(ecryptfs_desc[i])) {115pr_err("encrypted_key: key description must contain "116"only hexadecimal characters\n");117return -EINVAL;118}119}120121return 0;122}123124/*125* valid_master_desc - verify the 'key-type:desc' of a new/updated master-key126*127* key-type:= "trusted:" | "user:"128* desc:= master-key description129*130* Verify that 'key-type' is valid and that 'desc' exists. On key update,131* only the master key description is permitted to change, not the key-type.132* The key-type remains constant.133*134* On success returns 0, otherwise -EINVAL.135*/136static int valid_master_desc(const char *new_desc, const char *orig_desc)137{138int prefix_len;139140if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))141prefix_len = KEY_TRUSTED_PREFIX_LEN;142else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))143prefix_len = KEY_USER_PREFIX_LEN;144else145return -EINVAL;146147if (!new_desc[prefix_len])148return -EINVAL;149150if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))151return -EINVAL;152153return 0;154}155156/*157* datablob_parse - parse the keyctl data158*159* datablob format:160* new [<format>] <master-key name> <decrypted data length> [<decrypted data>]161* load [<format>] <master-key name> <decrypted data length>162* <encrypted iv + data>163* update <new-master-key name>164*165* Tokenizes a copy of the keyctl data, returning a pointer to each token,166* which is null terminated.167*168* On success returns 0, otherwise -EINVAL.169*/170static int datablob_parse(char *datablob, const char **format,171char **master_desc, char **decrypted_datalen,172char **hex_encoded_iv, char **decrypted_data)173{174substring_t args[MAX_OPT_ARGS];175int ret = -EINVAL;176int key_cmd;177int key_format;178char *p, *keyword;179180keyword = strsep(&datablob, " \t");181if (!keyword) {182pr_info("encrypted_key: insufficient parameters specified\n");183return ret;184}185key_cmd = match_token(keyword, key_tokens, args);186187/* Get optional format: default | ecryptfs */188p = strsep(&datablob, " \t");189if (!p) {190pr_err("encrypted_key: insufficient parameters specified\n");191return ret;192}193194key_format = match_token(p, key_format_tokens, args);195switch (key_format) {196case Opt_ecryptfs:197case Opt_enc32:198case Opt_default:199*format = p;200*master_desc = strsep(&datablob, " \t");201break;202case Opt_error:203*master_desc = p;204break;205}206207if (!*master_desc) {208pr_info("encrypted_key: master key parameter is missing\n");209goto out;210}211212if (valid_master_desc(*master_desc, NULL) < 0) {213pr_info("encrypted_key: master key parameter \'%s\' "214"is invalid\n", *master_desc);215goto out;216}217218if (decrypted_datalen) {219*decrypted_datalen = strsep(&datablob, " \t");220if (!*decrypted_datalen) {221pr_info("encrypted_key: keylen parameter is missing\n");222goto out;223}224}225226switch (key_cmd) {227case Opt_new:228if (!decrypted_datalen) {229pr_info("encrypted_key: keyword \'%s\' not allowed "230"when called from .update method\n", keyword);231break;232}233*decrypted_data = strsep(&datablob, " \t");234ret = 0;235break;236case Opt_load:237if (!decrypted_datalen) {238pr_info("encrypted_key: keyword \'%s\' not allowed "239"when called from .update method\n", keyword);240break;241}242*hex_encoded_iv = strsep(&datablob, " \t");243if (!*hex_encoded_iv) {244pr_info("encrypted_key: hex blob is missing\n");245break;246}247ret = 0;248break;249case Opt_update:250if (decrypted_datalen) {251pr_info("encrypted_key: keyword \'%s\' not allowed "252"when called from .instantiate method\n",253keyword);254break;255}256ret = 0;257break;258case Opt_err:259pr_info("encrypted_key: keyword \'%s\' not recognized\n",260keyword);261break;262}263out:264return ret;265}266267/*268* datablob_format - format as an ascii string, before copying to userspace269*/270static char *datablob_format(struct encrypted_key_payload *epayload,271size_t asciiblob_len)272{273char *ascii_buf, *bufp;274u8 *iv = epayload->iv;275int len;276int i;277278ascii_buf = kmalloc(asciiblob_len + 1, GFP_KERNEL);279if (!ascii_buf)280goto out;281282ascii_buf[asciiblob_len] = '\0';283284/* copy datablob master_desc and datalen strings */285len = sprintf(ascii_buf, "%s %s %s ", epayload->format,286epayload->master_desc, epayload->datalen);287288/* convert the hex encoded iv, encrypted-data and HMAC to ascii */289bufp = &ascii_buf[len];290for (i = 0; i < (asciiblob_len - len) / 2; i++)291bufp = hex_byte_pack(bufp, iv[i]);292out:293return ascii_buf;294}295296/*297* request_user_key - request the user key298*299* Use a user provided key to encrypt/decrypt an encrypted-key.300*/301static struct key *request_user_key(const char *master_desc, const u8 **master_key,302size_t *master_keylen)303{304const struct user_key_payload *upayload;305struct key *ukey;306307ukey = request_key(&key_type_user, master_desc, NULL);308if (IS_ERR(ukey))309goto error;310311down_read(&ukey->sem);312upayload = user_key_payload_locked(ukey);313if (!upayload) {314/* key was revoked before we acquired its semaphore */315up_read(&ukey->sem);316key_put(ukey);317ukey = ERR_PTR(-EKEYREVOKED);318goto error;319}320*master_key = upayload->data;321*master_keylen = upayload->datalen;322error:323return ukey;324}325326enum derived_key_type { ENC_KEY, AUTH_KEY };327328/* Derive authentication/encryption key from trusted key */329static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,330const u8 *master_key, size_t master_keylen)331{332u8 *derived_buf;333unsigned int derived_buf_len;334335derived_buf_len = strlen("AUTH_KEY") + 1 + master_keylen;336if (derived_buf_len < HASH_SIZE)337derived_buf_len = HASH_SIZE;338339derived_buf = kzalloc(derived_buf_len, GFP_KERNEL);340if (!derived_buf)341return -ENOMEM;342343if (key_type)344strcpy(derived_buf, "AUTH_KEY");345else346strcpy(derived_buf, "ENC_KEY");347348memcpy(derived_buf + strlen(derived_buf) + 1, master_key,349master_keylen);350sha256(derived_buf, derived_buf_len, derived_key);351kfree_sensitive(derived_buf);352return 0;353}354355static struct skcipher_request *init_skcipher_req(const u8 *key,356unsigned int key_len)357{358struct skcipher_request *req;359struct crypto_skcipher *tfm;360int ret;361362tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);363if (IS_ERR(tfm)) {364pr_err("encrypted_key: failed to load %s transform (%ld)\n",365blkcipher_alg, PTR_ERR(tfm));366return ERR_CAST(tfm);367}368369ret = crypto_skcipher_setkey(tfm, key, key_len);370if (ret < 0) {371pr_err("encrypted_key: failed to setkey (%d)\n", ret);372crypto_free_skcipher(tfm);373return ERR_PTR(ret);374}375376req = skcipher_request_alloc(tfm, GFP_KERNEL);377if (!req) {378pr_err("encrypted_key: failed to allocate request for %s\n",379blkcipher_alg);380crypto_free_skcipher(tfm);381return ERR_PTR(-ENOMEM);382}383384skcipher_request_set_callback(req, 0, NULL, NULL);385return req;386}387388static struct key *request_master_key(struct encrypted_key_payload *epayload,389const u8 **master_key, size_t *master_keylen)390{391struct key *mkey = ERR_PTR(-EINVAL);392393if (!strncmp(epayload->master_desc, KEY_TRUSTED_PREFIX,394KEY_TRUSTED_PREFIX_LEN)) {395mkey = request_trusted_key(epayload->master_desc +396KEY_TRUSTED_PREFIX_LEN,397master_key, master_keylen);398} else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX,399KEY_USER_PREFIX_LEN)) {400mkey = request_user_key(epayload->master_desc +401KEY_USER_PREFIX_LEN,402master_key, master_keylen);403} else404goto out;405406if (IS_ERR(mkey)) {407int ret = PTR_ERR(mkey);408409if (ret == -ENOTSUPP)410pr_info("encrypted_key: key %s not supported",411epayload->master_desc);412else413pr_info("encrypted_key: key %s not found",414epayload->master_desc);415goto out;416}417418dump_master_key(*master_key, *master_keylen);419out:420return mkey;421}422423/* Before returning data to userspace, encrypt decrypted data. */424static int derived_key_encrypt(struct encrypted_key_payload *epayload,425const u8 *derived_key,426unsigned int derived_keylen)427{428struct scatterlist sg_in[2];429struct scatterlist sg_out[1];430struct crypto_skcipher *tfm;431struct skcipher_request *req;432unsigned int encrypted_datalen;433u8 iv[AES_BLOCK_SIZE];434int ret;435436encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);437438req = init_skcipher_req(derived_key, derived_keylen);439ret = PTR_ERR(req);440if (IS_ERR(req))441goto out;442dump_decrypted_data(epayload);443444sg_init_table(sg_in, 2);445sg_set_buf(&sg_in[0], epayload->decrypted_data,446epayload->decrypted_datalen);447sg_set_page(&sg_in[1], ZERO_PAGE(0), AES_BLOCK_SIZE, 0);448449sg_init_table(sg_out, 1);450sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);451452memcpy(iv, epayload->iv, sizeof(iv));453skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);454ret = crypto_skcipher_encrypt(req);455tfm = crypto_skcipher_reqtfm(req);456skcipher_request_free(req);457crypto_free_skcipher(tfm);458if (ret < 0)459pr_err("encrypted_key: failed to encrypt (%d)\n", ret);460else461dump_encrypted_data(epayload, encrypted_datalen);462out:463return ret;464}465466static int datablob_hmac_append(struct encrypted_key_payload *epayload,467const u8 *master_key, size_t master_keylen)468{469u8 derived_key[HASH_SIZE];470u8 *digest;471int ret;472473ret = get_derived_key(derived_key, AUTH_KEY, master_key, master_keylen);474if (ret < 0)475goto out;476477digest = epayload->format + epayload->datablob_len;478hmac_sha256_usingrawkey(derived_key, sizeof(derived_key),479epayload->format, epayload->datablob_len,480digest);481dump_hmac(NULL, digest, HASH_SIZE);482out:483memzero_explicit(derived_key, sizeof(derived_key));484return ret;485}486487/* verify HMAC before decrypting encrypted key */488static int datablob_hmac_verify(struct encrypted_key_payload *epayload,489const u8 *format, const u8 *master_key,490size_t master_keylen)491{492u8 derived_key[HASH_SIZE];493u8 digest[HASH_SIZE];494int ret;495char *p;496unsigned short len;497498ret = get_derived_key(derived_key, AUTH_KEY, master_key, master_keylen);499if (ret < 0)500goto out;501502len = epayload->datablob_len;503if (!format) {504p = epayload->master_desc;505len -= strlen(epayload->format) + 1;506} else507p = epayload->format;508509hmac_sha256_usingrawkey(derived_key, sizeof(derived_key), p, len,510digest);511ret = crypto_memneq(digest, epayload->format + epayload->datablob_len,512sizeof(digest));513if (ret) {514ret = -EINVAL;515dump_hmac("datablob",516epayload->format + epayload->datablob_len,517HASH_SIZE);518dump_hmac("calc", digest, HASH_SIZE);519}520out:521memzero_explicit(derived_key, sizeof(derived_key));522return ret;523}524525static int derived_key_decrypt(struct encrypted_key_payload *epayload,526const u8 *derived_key,527unsigned int derived_keylen)528{529struct scatterlist sg_in[1];530struct scatterlist sg_out[2];531struct crypto_skcipher *tfm;532struct skcipher_request *req;533unsigned int encrypted_datalen;534u8 iv[AES_BLOCK_SIZE];535u8 *pad;536int ret;537538/* Throwaway buffer to hold the unused zero padding at the end */539pad = kmalloc(AES_BLOCK_SIZE, GFP_KERNEL);540if (!pad)541return -ENOMEM;542543encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);544req = init_skcipher_req(derived_key, derived_keylen);545ret = PTR_ERR(req);546if (IS_ERR(req))547goto out;548dump_encrypted_data(epayload, encrypted_datalen);549550sg_init_table(sg_in, 1);551sg_init_table(sg_out, 2);552sg_set_buf(sg_in, epayload->encrypted_data, encrypted_datalen);553sg_set_buf(&sg_out[0], epayload->decrypted_data,554epayload->decrypted_datalen);555sg_set_buf(&sg_out[1], pad, AES_BLOCK_SIZE);556557memcpy(iv, epayload->iv, sizeof(iv));558skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);559ret = crypto_skcipher_decrypt(req);560tfm = crypto_skcipher_reqtfm(req);561skcipher_request_free(req);562crypto_free_skcipher(tfm);563if (ret < 0)564goto out;565dump_decrypted_data(epayload);566out:567kfree(pad);568return ret;569}570571/* Allocate memory for decrypted key and datablob. */572static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,573const char *format,574const char *master_desc,575const char *datalen,576const char *decrypted_data)577{578struct encrypted_key_payload *epayload = NULL;579unsigned short datablob_len;580unsigned short decrypted_datalen;581unsigned short payload_datalen;582unsigned int encrypted_datalen;583unsigned int format_len;584long dlen;585int i;586int ret;587588ret = kstrtol(datalen, 10, &dlen);589if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE)590return ERR_PTR(-EINVAL);591592format_len = (!format) ? strlen(key_format_default) : strlen(format);593decrypted_datalen = dlen;594payload_datalen = decrypted_datalen;595596if (decrypted_data) {597if (!user_decrypted_data) {598pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n");599return ERR_PTR(-EINVAL);600}601if (strlen(decrypted_data) != decrypted_datalen * 2) {602pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n");603return ERR_PTR(-EINVAL);604}605for (i = 0; i < strlen(decrypted_data); i++) {606if (!isxdigit(decrypted_data[i])) {607pr_err("encrypted key: decrypted data provided must contain only hexadecimal characters\n");608return ERR_PTR(-EINVAL);609}610}611}612613if (format) {614if (!strcmp(format, key_format_ecryptfs)) {615if (dlen != ECRYPTFS_MAX_KEY_BYTES) {616pr_err("encrypted_key: keylen for the ecryptfs format must be equal to %d bytes\n",617ECRYPTFS_MAX_KEY_BYTES);618return ERR_PTR(-EINVAL);619}620decrypted_datalen = ECRYPTFS_MAX_KEY_BYTES;621payload_datalen = sizeof(struct ecryptfs_auth_tok);622} else if (!strcmp(format, key_format_enc32)) {623if (decrypted_datalen != KEY_ENC32_PAYLOAD_LEN) {624pr_err("encrypted_key: enc32 key payload incorrect length: %d\n",625decrypted_datalen);626return ERR_PTR(-EINVAL);627}628}629}630631encrypted_datalen = roundup(decrypted_datalen, blksize);632633datablob_len = format_len + 1 + strlen(master_desc) + 1634+ strlen(datalen) + 1 + ivsize + 1 + encrypted_datalen;635636ret = key_payload_reserve(key, payload_datalen + datablob_len637+ HASH_SIZE + 1);638if (ret < 0)639return ERR_PTR(ret);640641epayload = kzalloc(sizeof(*epayload) + payload_datalen +642datablob_len + HASH_SIZE + 1, GFP_KERNEL);643if (!epayload)644return ERR_PTR(-ENOMEM);645646epayload->payload_datalen = payload_datalen;647epayload->decrypted_datalen = decrypted_datalen;648epayload->datablob_len = datablob_len;649return epayload;650}651652static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,653const char *format, const char *hex_encoded_iv)654{655struct key *mkey;656u8 derived_key[HASH_SIZE];657const u8 *master_key;658u8 *hmac;659const char *hex_encoded_data;660unsigned int encrypted_datalen;661size_t master_keylen;662size_t asciilen;663int ret;664665encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);666asciilen = (ivsize + 1 + encrypted_datalen + HASH_SIZE) * 2;667if (strlen(hex_encoded_iv) != asciilen)668return -EINVAL;669670hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;671ret = hex2bin(epayload->iv, hex_encoded_iv, ivsize);672if (ret < 0)673return -EINVAL;674ret = hex2bin(epayload->encrypted_data, hex_encoded_data,675encrypted_datalen);676if (ret < 0)677return -EINVAL;678679hmac = epayload->format + epayload->datablob_len;680ret = hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),681HASH_SIZE);682if (ret < 0)683return -EINVAL;684685mkey = request_master_key(epayload, &master_key, &master_keylen);686if (IS_ERR(mkey))687return PTR_ERR(mkey);688689ret = datablob_hmac_verify(epayload, format, master_key, master_keylen);690if (ret < 0) {691pr_err("encrypted_key: bad hmac (%d)\n", ret);692goto out;693}694695ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen);696if (ret < 0)697goto out;698699ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key);700if (ret < 0)701pr_err("encrypted_key: failed to decrypt key (%d)\n", ret);702out:703up_read(&mkey->sem);704key_put(mkey);705memzero_explicit(derived_key, sizeof(derived_key));706return ret;707}708709static void __ekey_init(struct encrypted_key_payload *epayload,710const char *format, const char *master_desc,711const char *datalen)712{713unsigned int format_len;714715format_len = (!format) ? strlen(key_format_default) : strlen(format);716epayload->format = epayload->payload_data + epayload->payload_datalen;717epayload->master_desc = epayload->format + format_len + 1;718epayload->datalen = epayload->master_desc + strlen(master_desc) + 1;719epayload->iv = epayload->datalen + strlen(datalen) + 1;720epayload->encrypted_data = epayload->iv + ivsize + 1;721epayload->decrypted_data = epayload->payload_data;722723if (!format)724memcpy(epayload->format, key_format_default, format_len);725else {726if (!strcmp(format, key_format_ecryptfs))727epayload->decrypted_data =728ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok *)epayload->payload_data);729730memcpy(epayload->format, format, format_len);731}732733memcpy(epayload->master_desc, master_desc, strlen(master_desc));734memcpy(epayload->datalen, datalen, strlen(datalen));735}736737/*738* encrypted_init - initialize an encrypted key739*740* For a new key, use either a random number or user-provided decrypted data in741* case it is provided. A random number is used for the iv in both cases. For742* an old key, decrypt the hex encoded data.743*/744static int encrypted_init(struct encrypted_key_payload *epayload,745const char *key_desc, const char *format,746const char *master_desc, const char *datalen,747const char *hex_encoded_iv, const char *decrypted_data)748{749int ret = 0;750751if (format && !strcmp(format, key_format_ecryptfs)) {752ret = valid_ecryptfs_desc(key_desc);753if (ret < 0)754return ret;755756ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok *)epayload->payload_data,757key_desc);758}759760__ekey_init(epayload, format, master_desc, datalen);761if (hex_encoded_iv) {762ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv);763} else if (decrypted_data) {764get_random_bytes(epayload->iv, ivsize);765ret = hex2bin(epayload->decrypted_data, decrypted_data,766epayload->decrypted_datalen);767} else {768get_random_bytes(epayload->iv, ivsize);769get_random_bytes(epayload->decrypted_data, epayload->decrypted_datalen);770}771return ret;772}773774/*775* encrypted_instantiate - instantiate an encrypted key776*777* Instantiates the key:778* - by decrypting an existing encrypted datablob, or779* - by creating a new encrypted key based on a kernel random number, or780* - using provided decrypted data.781*782* On success, return 0. Otherwise return errno.783*/784static int encrypted_instantiate(struct key *key,785struct key_preparsed_payload *prep)786{787struct encrypted_key_payload *epayload = NULL;788char *datablob = NULL;789const char *format = NULL;790char *master_desc = NULL;791char *decrypted_datalen = NULL;792char *hex_encoded_iv = NULL;793char *decrypted_data = NULL;794size_t datalen = prep->datalen;795int ret;796797if (datalen <= 0 || datalen > 32767 || !prep->data)798return -EINVAL;799800datablob = kmalloc(datalen + 1, GFP_KERNEL);801if (!datablob)802return -ENOMEM;803datablob[datalen] = 0;804memcpy(datablob, prep->data, datalen);805ret = datablob_parse(datablob, &format, &master_desc,806&decrypted_datalen, &hex_encoded_iv, &decrypted_data);807if (ret < 0)808goto out;809810epayload = encrypted_key_alloc(key, format, master_desc,811decrypted_datalen, decrypted_data);812if (IS_ERR(epayload)) {813ret = PTR_ERR(epayload);814goto out;815}816ret = encrypted_init(epayload, key->description, format, master_desc,817decrypted_datalen, hex_encoded_iv, decrypted_data);818if (ret < 0) {819kfree_sensitive(epayload);820goto out;821}822823rcu_assign_keypointer(key, epayload);824out:825kfree_sensitive(datablob);826return ret;827}828829static void encrypted_rcu_free(struct rcu_head *rcu)830{831struct encrypted_key_payload *epayload;832833epayload = container_of(rcu, struct encrypted_key_payload, rcu);834kfree_sensitive(epayload);835}836837/*838* encrypted_update - update the master key description839*840* Change the master key description for an existing encrypted key.841* The next read will return an encrypted datablob using the new842* master key description.843*844* On success, return 0. Otherwise return errno.845*/846static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)847{848struct encrypted_key_payload *epayload = key->payload.data[0];849struct encrypted_key_payload *new_epayload;850char *buf;851char *new_master_desc = NULL;852const char *format = NULL;853size_t datalen = prep->datalen;854int ret = 0;855856if (key_is_negative(key))857return -ENOKEY;858if (datalen <= 0 || datalen > 32767 || !prep->data)859return -EINVAL;860861buf = kmalloc(datalen + 1, GFP_KERNEL);862if (!buf)863return -ENOMEM;864865buf[datalen] = 0;866memcpy(buf, prep->data, datalen);867ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL, NULL);868if (ret < 0)869goto out;870871ret = valid_master_desc(new_master_desc, epayload->master_desc);872if (ret < 0)873goto out;874875new_epayload = encrypted_key_alloc(key, epayload->format,876new_master_desc, epayload->datalen, NULL);877if (IS_ERR(new_epayload)) {878ret = PTR_ERR(new_epayload);879goto out;880}881882__ekey_init(new_epayload, epayload->format, new_master_desc,883epayload->datalen);884885memcpy(new_epayload->iv, epayload->iv, ivsize);886memcpy(new_epayload->payload_data, epayload->payload_data,887epayload->payload_datalen);888889rcu_assign_keypointer(key, new_epayload);890call_rcu(&epayload->rcu, encrypted_rcu_free);891out:892kfree_sensitive(buf);893return ret;894}895896/*897* encrypted_read - format and copy out the encrypted data898*899* The resulting datablob format is:900* <master-key name> <decrypted data length> <encrypted iv> <encrypted data>901*902* On success, return to userspace the encrypted key datablob size.903*/904static long encrypted_read(const struct key *key, char *buffer,905size_t buflen)906{907struct encrypted_key_payload *epayload;908struct key *mkey;909const u8 *master_key;910size_t master_keylen;911char derived_key[HASH_SIZE];912char *ascii_buf;913size_t asciiblob_len;914int ret;915916epayload = dereference_key_locked(key);917918/* returns the hex encoded iv, encrypted-data, and hmac as ascii */919asciiblob_len = epayload->datablob_len + ivsize + 1920+ roundup(epayload->decrypted_datalen, blksize)921+ (HASH_SIZE * 2);922923if (!buffer || buflen < asciiblob_len)924return asciiblob_len;925926mkey = request_master_key(epayload, &master_key, &master_keylen);927if (IS_ERR(mkey))928return PTR_ERR(mkey);929930ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen);931if (ret < 0)932goto out;933934ret = derived_key_encrypt(epayload, derived_key, sizeof derived_key);935if (ret < 0)936goto out;937938ret = datablob_hmac_append(epayload, master_key, master_keylen);939if (ret < 0)940goto out;941942ascii_buf = datablob_format(epayload, asciiblob_len);943if (!ascii_buf) {944ret = -ENOMEM;945goto out;946}947948up_read(&mkey->sem);949key_put(mkey);950memzero_explicit(derived_key, sizeof(derived_key));951952memcpy(buffer, ascii_buf, asciiblob_len);953kfree_sensitive(ascii_buf);954955return asciiblob_len;956out:957up_read(&mkey->sem);958key_put(mkey);959memzero_explicit(derived_key, sizeof(derived_key));960return ret;961}962963/*964* encrypted_destroy - clear and free the key's payload965*/966static void encrypted_destroy(struct key *key)967{968kfree_sensitive(key->payload.data[0]);969}970971struct key_type key_type_encrypted = {972.name = "encrypted",973.instantiate = encrypted_instantiate,974.update = encrypted_update,975.destroy = encrypted_destroy,976.describe = user_describe,977.read = encrypted_read,978};979EXPORT_SYMBOL_GPL(key_type_encrypted);980981static int __init init_encrypted(void)982{983int ret;984985ret = aes_get_sizes();986if (ret < 0)987return ret;988return register_key_type(&key_type_encrypted);989}990991static void __exit cleanup_encrypted(void)992{993unregister_key_type(&key_type_encrypted);994}995996late_initcall(init_encrypted);997module_exit(cleanup_encrypted);998999MODULE_DESCRIPTION("Encrypted key type");1000MODULE_LICENSE("GPL");100110021003