"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/lib/crypto_backend/crypto_cipher_kernel.c" (13 Jan 2022, 9145 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "crypto_cipher_kernel.c" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
2.3.6_vs_2.4.0.
1 /*
2 * Linux kernel userspace API crypto backend implementation (skcipher)
3 *
4 * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2012-2021 Milan Broz
6 *
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 */
21
22 #include <string.h>
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <stdbool.h>
26 #include <errno.h>
27 #include <unistd.h>
28 #include <sys/socket.h>
29 #include <sys/stat.h>
30 #include "crypto_backend_internal.h"
31
32 #ifdef ENABLE_AF_ALG
33
34 #include <linux/if_alg.h>
35
36 #ifndef AF_ALG
37 #define AF_ALG 38
38 #endif
39 #ifndef SOL_ALG
40 #define SOL_ALG 279
41 #endif
42
43 #ifndef ALG_SET_AEAD_AUTHSIZE
44 #define ALG_SET_AEAD_AUTHSIZE 5
45 #endif
46
47 /*
48 * ciphers
49 *
50 * ENOENT - algorithm not available
51 * ENOTSUP - AF_ALG family not available
52 * (but cannot check specifically for skcipher API)
53 */
54 static int _crypt_cipher_init(struct crypt_cipher_kernel *ctx,
55 const void *key, size_t key_length,
56 size_t tag_length, struct sockaddr_alg *sa)
57 {
58 if (!ctx)
59 return -EINVAL;
60
61 ctx->opfd = -1;
62 ctx->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
63 if (ctx->tfmfd < 0) {
64 crypt_cipher_destroy_kernel(ctx);
65 return -ENOTSUP;
66 }
67
68 if (bind(ctx->tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
69 crypt_cipher_destroy_kernel(ctx);
70 return -ENOENT;
71 }
72
73 if (setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
74 crypt_cipher_destroy_kernel(ctx);
75 return -EINVAL;
76 }
77
78 if (tag_length && setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, tag_length) < 0) {
79 crypt_cipher_destroy_kernel(ctx);
80 return -EINVAL;
81 }
82
83 ctx->opfd = accept(ctx->tfmfd, NULL, 0);
84 if (ctx->opfd < 0) {
85 crypt_cipher_destroy_kernel(ctx);
86 return -EINVAL;
87 }
88
89 return 0;
90 }
91
92 int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
93 const char *mode, const void *key, size_t key_length)
94 {
95 struct sockaddr_alg sa = {
96 .salg_family = AF_ALG,
97 .salg_type = "skcipher",
98 };
99 int r;
100
101 if (!strcmp(name, "cipher_null"))
102 key_length = 0;
103
104 r = snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
105 if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
106 return -EINVAL;
107
108 return _crypt_cipher_init(ctx, key, key_length, 0, &sa);
109 }
110
111 /* The in/out should be aligned to page boundary */
112 static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx,
113 const char *in, size_t in_length,
114 char *out, size_t out_length,
115 const char *iv, size_t iv_length,
116 uint32_t direction)
117 {
118 int r = 0;
119 ssize_t len;
120 struct af_alg_iv *alg_iv;
121 struct cmsghdr *header;
122 uint32_t *type;
123 struct iovec iov = {
124 .iov_base = (void*)(uintptr_t)in,
125 .iov_len = in_length,
126 };
127 int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0;
128 char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
129 struct msghdr msg = {
130 .msg_control = buffer,
131 .msg_controllen = sizeof(buffer),
132 .msg_iov = &iov,
133 .msg_iovlen = 1,
134 };
135
136 if (!in || !out || !in_length)
137 return -EINVAL;
138
139 if ((!iv && iv_length) || (iv && !iv_length))
140 return -EINVAL;
141
142 memset(buffer, 0, sizeof(buffer));
143
144 /* Set encrypt/decrypt operation */
145 header = CMSG_FIRSTHDR(&msg);
146 if (!header)
147 return -EINVAL;
148
149 header->cmsg_level = SOL_ALG;
150 header->cmsg_type = ALG_SET_OP;
151 header->cmsg_len = CMSG_LEN(sizeof(*type));
152 type = (void*)CMSG_DATA(header);
153 *type = direction;
154
155 /* Set IV */
156 if (iv) {
157 header = CMSG_NXTHDR(&msg, header);
158 if (!header)
159 return -EINVAL;
160
161 header->cmsg_level = SOL_ALG;
162 header->cmsg_type = ALG_SET_IV;
163 header->cmsg_len = iv_msg_size;
164 alg_iv = (void*)CMSG_DATA(header);
165 alg_iv->ivlen = iv_length;
166 memcpy(alg_iv->iv, iv, iv_length);
167 }
168
169 len = sendmsg(ctx->opfd, &msg, 0);
170 if (len != (ssize_t)(in_length))
171 r = -EIO;
172 else {
173 len = read(ctx->opfd, out, out_length);
174 if (len != (ssize_t)out_length)
175 r = -EIO;
176 }
177
178 crypt_backend_memzero(buffer, sizeof(buffer));
179 return r;
180 }
181
182 int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx,
183 const char *in, char *out, size_t length,
184 const char *iv, size_t iv_length)
185 {
186 return _crypt_cipher_crypt(ctx, in, length, out, length,
187 iv, iv_length, ALG_OP_ENCRYPT);
188 }
189
190 int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx,
191 const char *in, char *out, size_t length,
192 const char *iv, size_t iv_length)
193 {
194 return _crypt_cipher_crypt(ctx, in, length, out, length,
195 iv, iv_length, ALG_OP_DECRYPT);
196 }
197
198 void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx)
199 {
200 if (ctx->tfmfd >= 0)
201 close(ctx->tfmfd);
202 if (ctx->opfd >= 0)
203 close(ctx->opfd);
204
205 ctx->tfmfd = -1;
206 ctx->opfd = -1;
207 }
208
209 int crypt_cipher_check_kernel(const char *name, const char *mode,
210 const char *integrity, size_t key_length)
211 {
212 struct crypt_cipher_kernel c;
213 char mode_name[64], tmp_salg_name[180], *real_mode = NULL, *cipher_iv = NULL, *key;
214 const char *salg_type;
215 bool aead;
216 int r;
217 struct sockaddr_alg sa = {
218 .salg_family = AF_ALG,
219 };
220
221 aead = integrity && strcmp(integrity, "none");
222
223 /* Remove IV if present */
224 if (mode) {
225 strncpy(mode_name, mode, sizeof(mode_name));
226 mode_name[sizeof(mode_name) - 1] = 0;
227 cipher_iv = strchr(mode_name, '-');
228 if (cipher_iv) {
229 *cipher_iv = '\0';
230 real_mode = mode_name;
231 }
232 }
233
234 salg_type = aead ? "aead" : "skcipher";
235 r = snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
236 if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
237 return -EINVAL;
238
239 memset(tmp_salg_name, 0, sizeof(tmp_salg_name));
240
241 /* FIXME: this is duplicating a part of devmapper backend */
242 if (aead && !strcmp(integrity, "poly1305"))
243 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc7539(%s,%s)", name, integrity);
244 else if (!real_mode)
245 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s", name);
246 else if (aead && !strcmp(real_mode, "ccm"))
247 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc4309(%s(%s))", real_mode, name);
248 else
249 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s(%s)", real_mode, name);
250
251 if (r < 0 || (size_t)r >= sizeof(tmp_salg_name))
252 return -EINVAL;
253
254 memcpy(sa.salg_name, tmp_salg_name, sizeof(sa.salg_name));
255
256 key = malloc(key_length);
257 if (!key)
258 return -ENOMEM;
259
260 /* We cannot use RNG yet, any key works here, tweak the first part if it is split key (XTS). */
261 memset(key, 0xab, key_length);
262 *key = 0xef;
263
264 r = _crypt_cipher_init(&c, key, key_length, 0, &sa);
265 crypt_cipher_destroy_kernel(&c);
266 free(key);
267
268 return r;
269 }
270
271 int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
272 const char *in, char *out, size_t length,
273 const char *iv, size_t iv_length,
274 const char *tag, size_t tag_length)
275 {
276 struct crypt_cipher_kernel c;
277 struct sockaddr_alg sa = {
278 .salg_family = AF_ALG,
279 .salg_type = "aead",
280 .salg_name = "ccm(aes)",
281 };
282 int r;
283 char buffer[128], ccm_iv[16];
284
285 if (length + tag_length > sizeof(buffer))
286 return -EINVAL;
287
288 if (iv_length > sizeof(ccm_iv) - 2)
289 return -EINVAL;
290
291 r = _crypt_cipher_init(&c, key, key_length, tag_length, &sa);
292 if (r < 0)
293 return r;
294
295 memcpy(buffer, in, length);
296 memcpy(buffer + length, tag, tag_length);
297
298 /* CCM IV - RFC3610 */
299 memset(ccm_iv, 0, sizeof(ccm_iv));
300 ccm_iv[0] = 15 - iv_length - 1;
301 memcpy(ccm_iv + 1, iv, iv_length);
302 memset(ccm_iv + 1 + iv_length, 0, ccm_iv[0] + 1);
303 iv_length = sizeof(ccm_iv);
304
305 r = _crypt_cipher_crypt(&c, buffer, length + tag_length, out, length,
306 ccm_iv, iv_length, ALG_OP_DECRYPT);
307
308 crypt_cipher_destroy_kernel(&c);
309 crypt_backend_memzero(buffer, sizeof(buffer));
310
311 return r;
312 }
313
314 #else /* ENABLE_AF_ALG */
315 int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
316 const char *mode, const void *key, size_t key_length)
317 {
318 return -ENOTSUP;
319 }
320
321 void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx)
322 {
323 return;
324 }
325
326 int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx,
327 const char *in, char *out, size_t length,
328 const char *iv, size_t iv_length)
329 {
330 return -EINVAL;
331 }
332 int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx,
333 const char *in, char *out, size_t length,
334 const char *iv, size_t iv_length)
335 {
336 return -EINVAL;
337 }
338 int crypt_cipher_check_kernel(const char *name, const char *mode,
339 const char *integrity, size_t key_length)
340 {
341 /* Cannot check, expect success. */
342 return 0;
343 }
344 int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
345 const char *in, char *out, size_t length,
346 const char *iv, size_t iv_length,
347 const char *tag, size_t tag_length)
348 {
349 return -ENOTSUP;
350 }
351 #endif