"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/lib/crypto_backend/crypto_cipher_kernel.c" (13 Jan 2022, 9145 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "crypto_cipher_kernel.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.3.6_vs_2.4.0.

    1 /*
    2  * Linux kernel userspace API crypto backend implementation (skcipher)
    3  *
    4  * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2012-2021 Milan Broz
    6  *
    7  * This file is free software; you can redistribute it and/or
    8  * modify it under the terms of the GNU Lesser General Public
    9  * License as published by the Free Software Foundation; either
   10  * version 2.1 of the License, or (at your option) any later version.
   11  *
   12  * This file is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   15  * Lesser General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU Lesser General Public
   18  * License along with this file; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   20  */
   21 
   22 #include <string.h>
   23 #include <stdlib.h>
   24 #include <stdio.h>
   25 #include <stdbool.h>
   26 #include <errno.h>
   27 #include <unistd.h>
   28 #include <sys/socket.h>
   29 #include <sys/stat.h>
   30 #include "crypto_backend_internal.h"
   31 
   32 #ifdef ENABLE_AF_ALG
   33 
   34 #include <linux/if_alg.h>
   35 
   36 #ifndef AF_ALG
   37 #define AF_ALG 38
   38 #endif
   39 #ifndef SOL_ALG
   40 #define SOL_ALG 279
   41 #endif
   42 
   43 #ifndef ALG_SET_AEAD_AUTHSIZE
   44 #define ALG_SET_AEAD_AUTHSIZE 5
   45 #endif
   46 
   47 /*
   48  * ciphers
   49  *
   50  * ENOENT - algorithm not available
   51  * ENOTSUP - AF_ALG family not available
   52  * (but cannot check specifically for skcipher API)
   53  */
   54 static int _crypt_cipher_init(struct crypt_cipher_kernel *ctx,
   55                   const void *key, size_t key_length,
   56                   size_t tag_length, struct sockaddr_alg *sa)
   57 {
   58     if (!ctx)
   59         return -EINVAL;
   60 
   61     ctx->opfd = -1;
   62     ctx->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
   63     if (ctx->tfmfd < 0) {
   64         crypt_cipher_destroy_kernel(ctx);
   65         return -ENOTSUP;
   66     }
   67 
   68     if (bind(ctx->tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
   69         crypt_cipher_destroy_kernel(ctx);
   70         return -ENOENT;
   71     }
   72 
   73     if (setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
   74         crypt_cipher_destroy_kernel(ctx);
   75         return -EINVAL;
   76     }
   77 
   78     if (tag_length && setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, tag_length) < 0) {
   79         crypt_cipher_destroy_kernel(ctx);
   80         return -EINVAL;
   81     }
   82 
   83     ctx->opfd = accept(ctx->tfmfd, NULL, 0);
   84     if (ctx->opfd < 0) {
   85         crypt_cipher_destroy_kernel(ctx);
   86         return -EINVAL;
   87     }
   88 
   89     return 0;
   90 }
   91 
   92 int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
   93                  const char *mode, const void *key, size_t key_length)
   94 {
   95     struct sockaddr_alg sa = {
   96         .salg_family = AF_ALG,
   97         .salg_type = "skcipher",
   98     };
   99     int r;
  100 
  101     if (!strcmp(name, "cipher_null"))
  102         key_length = 0;
  103 
  104     r = snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
  105     if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
  106         return -EINVAL;
  107 
  108     return _crypt_cipher_init(ctx, key, key_length, 0, &sa);
  109 }
  110 
  111 /* The in/out should be aligned to page boundary */
  112 static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx,
  113                    const char *in, size_t in_length,
  114                    char *out, size_t out_length,
  115                    const char *iv, size_t iv_length,
  116                    uint32_t direction)
  117 {
  118     int r = 0;
  119     ssize_t len;
  120     struct af_alg_iv *alg_iv;
  121     struct cmsghdr *header;
  122     uint32_t *type;
  123     struct iovec iov = {
  124         .iov_base = (void*)(uintptr_t)in,
  125         .iov_len = in_length,
  126     };
  127     int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0;
  128     char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
  129     struct msghdr msg = {
  130         .msg_control = buffer,
  131         .msg_controllen = sizeof(buffer),
  132         .msg_iov = &iov,
  133         .msg_iovlen = 1,
  134     };
  135 
  136     if (!in || !out || !in_length)
  137         return -EINVAL;
  138 
  139     if ((!iv && iv_length) || (iv && !iv_length))
  140         return -EINVAL;
  141 
  142     memset(buffer, 0, sizeof(buffer));
  143 
  144     /* Set encrypt/decrypt operation */
  145     header = CMSG_FIRSTHDR(&msg);
  146     if (!header)
  147         return -EINVAL;
  148 
  149     header->cmsg_level = SOL_ALG;
  150     header->cmsg_type = ALG_SET_OP;
  151     header->cmsg_len = CMSG_LEN(sizeof(*type));
  152     type = (void*)CMSG_DATA(header);
  153     *type = direction;
  154 
  155     /* Set IV */
  156     if (iv) {
  157         header = CMSG_NXTHDR(&msg, header);
  158         if (!header)
  159             return -EINVAL;
  160 
  161         header->cmsg_level = SOL_ALG;
  162         header->cmsg_type = ALG_SET_IV;
  163         header->cmsg_len = iv_msg_size;
  164         alg_iv = (void*)CMSG_DATA(header);
  165         alg_iv->ivlen = iv_length;
  166         memcpy(alg_iv->iv, iv, iv_length);
  167     }
  168 
  169     len = sendmsg(ctx->opfd, &msg, 0);
  170     if (len != (ssize_t)(in_length))
  171         r = -EIO;
  172     else {
  173         len = read(ctx->opfd, out, out_length);
  174         if (len != (ssize_t)out_length)
  175             r = -EIO;
  176     }
  177 
  178     crypt_backend_memzero(buffer, sizeof(buffer));
  179     return r;
  180 }
  181 
  182 int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx,
  183                 const char *in, char *out, size_t length,
  184                 const char *iv, size_t iv_length)
  185 {
  186     return _crypt_cipher_crypt(ctx, in, length, out, length,
  187                    iv, iv_length, ALG_OP_ENCRYPT);
  188 }
  189 
  190 int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx,
  191                 const char *in, char *out, size_t length,
  192                 const char *iv, size_t iv_length)
  193 {
  194     return _crypt_cipher_crypt(ctx, in, length, out, length,
  195                    iv, iv_length, ALG_OP_DECRYPT);
  196 }
  197 
  198 void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx)
  199 {
  200     if (ctx->tfmfd >= 0)
  201         close(ctx->tfmfd);
  202     if (ctx->opfd >= 0)
  203         close(ctx->opfd);
  204 
  205     ctx->tfmfd = -1;
  206     ctx->opfd = -1;
  207 }
  208 
  209 int crypt_cipher_check_kernel(const char *name, const char *mode,
  210                   const char *integrity, size_t key_length)
  211 {
  212     struct crypt_cipher_kernel c;
  213     char mode_name[64], tmp_salg_name[180], *real_mode = NULL, *cipher_iv = NULL, *key;
  214     const char *salg_type;
  215     bool aead;
  216     int r;
  217     struct sockaddr_alg sa = {
  218         .salg_family = AF_ALG,
  219     };
  220 
  221     aead = integrity && strcmp(integrity, "none");
  222 
  223     /* Remove IV if present */
  224     if (mode) {
  225         strncpy(mode_name, mode, sizeof(mode_name));
  226         mode_name[sizeof(mode_name) - 1] = 0;
  227         cipher_iv = strchr(mode_name, '-');
  228         if (cipher_iv) {
  229             *cipher_iv = '\0';
  230             real_mode = mode_name;
  231         }
  232     }
  233 
  234     salg_type = aead ? "aead" : "skcipher";
  235     r = snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
  236     if (r < 0 || (size_t)r >= sizeof(sa.salg_name))
  237         return -EINVAL;
  238 
  239     memset(tmp_salg_name, 0, sizeof(tmp_salg_name));
  240 
  241     /* FIXME: this is duplicating a part of devmapper backend */
  242     if (aead && !strcmp(integrity, "poly1305"))
  243         r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc7539(%s,%s)", name, integrity);
  244     else if (!real_mode)
  245         r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s", name);
  246     else if (aead && !strcmp(real_mode, "ccm"))
  247         r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc4309(%s(%s))", real_mode, name);
  248     else
  249         r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s(%s)", real_mode, name);
  250 
  251     if (r < 0 || (size_t)r >= sizeof(tmp_salg_name))
  252         return -EINVAL;
  253 
  254     memcpy(sa.salg_name, tmp_salg_name, sizeof(sa.salg_name));
  255 
  256     key = malloc(key_length);
  257     if (!key)
  258         return -ENOMEM;
  259 
  260     /* We cannot use RNG yet, any key works here, tweak the first part if it is split key (XTS). */
  261     memset(key, 0xab, key_length);
  262     *key = 0xef;
  263 
  264     r = _crypt_cipher_init(&c, key, key_length, 0, &sa);
  265     crypt_cipher_destroy_kernel(&c);
  266     free(key);
  267 
  268     return r;
  269 }
  270 
  271 int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
  272                    const char *in, char *out, size_t length,
  273                    const char *iv, size_t iv_length,
  274                    const char *tag, size_t tag_length)
  275 {
  276     struct crypt_cipher_kernel c;
  277     struct sockaddr_alg sa = {
  278         .salg_family = AF_ALG,
  279         .salg_type = "aead",
  280         .salg_name = "ccm(aes)",
  281     };
  282     int r;
  283     char buffer[128], ccm_iv[16];
  284 
  285     if (length + tag_length > sizeof(buffer))
  286         return -EINVAL;
  287 
  288     if (iv_length > sizeof(ccm_iv) - 2)
  289         return -EINVAL;
  290 
  291     r = _crypt_cipher_init(&c, key, key_length, tag_length, &sa);
  292     if (r < 0)
  293         return r;
  294 
  295     memcpy(buffer, in, length);
  296     memcpy(buffer + length, tag, tag_length);
  297 
  298     /* CCM IV - RFC3610 */
  299     memset(ccm_iv, 0, sizeof(ccm_iv));
  300     ccm_iv[0] = 15 - iv_length - 1;
  301     memcpy(ccm_iv + 1, iv, iv_length);
  302     memset(ccm_iv + 1 + iv_length, 0, ccm_iv[0] + 1);
  303     iv_length = sizeof(ccm_iv);
  304 
  305     r =  _crypt_cipher_crypt(&c, buffer, length + tag_length, out, length,
  306                  ccm_iv, iv_length, ALG_OP_DECRYPT);
  307 
  308     crypt_cipher_destroy_kernel(&c);
  309     crypt_backend_memzero(buffer, sizeof(buffer));
  310 
  311     return r;
  312 }
  313 
  314 #else /* ENABLE_AF_ALG */
  315 int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
  316                  const char *mode, const void *key, size_t key_length)
  317 {
  318     return -ENOTSUP;
  319 }
  320 
  321 void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx)
  322 {
  323     return;
  324 }
  325 
  326 int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx,
  327                 const char *in, char *out, size_t length,
  328                 const char *iv, size_t iv_length)
  329 {
  330     return -EINVAL;
  331 }
  332 int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx,
  333                 const char *in, char *out, size_t length,
  334                 const char *iv, size_t iv_length)
  335 {
  336     return -EINVAL;
  337 }
  338 int crypt_cipher_check_kernel(const char *name, const char *mode,
  339                   const char *integrity, size_t key_length)
  340 {
  341     /* Cannot check, expect success. */
  342     return 0;
  343 }
  344 int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
  345                    const char *in, char *out, size_t length,
  346                    const char *iv, size_t iv_length,
  347                    const char *tag, size_t tag_length)
  348 {
  349     return -ENOTSUP;
  350 }
  351 #endif