| dm-crypt.c (b491f90ddff013e0be058297a8f704c59932c1fd) | dm-crypt.c (e3290b9491ff5b7ee40f9e0a4c06821988a2a2bf) |
|---|---|
| 1/* 2 * Copyright (C) 2003 Jana Saout <jana@saout.de> 3 * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org> 4 * Copyright (C) 2006-2020 Red Hat, Inc. All rights reserved. 5 * Copyright (C) 2013-2020 Milan Broz <gmazyland@gmail.com> 6 * 7 * This file is released under the GPL. 8 */ --- 23 unchanged lines hidden (view full) --- 32#include <crypto/algapi.h> 33#include <crypto/skcipher.h> 34#include <crypto/aead.h> 35#include <crypto/authenc.h> 36#include <linux/rtnetlink.h> /* for struct rtattr and RTA macros only */ 37#include <linux/key-type.h> 38#include <keys/user-type.h> 39#include <keys/encrypted-type.h> | 1/* 2 * Copyright (C) 2003 Jana Saout <jana@saout.de> 3 * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org> 4 * Copyright (C) 2006-2020 Red Hat, Inc. All rights reserved. 5 * Copyright (C) 2013-2020 Milan Broz <gmazyland@gmail.com> 6 * 7 * This file is released under the GPL. 8 */ --- 23 unchanged lines hidden (view full) --- 32#include <crypto/algapi.h> 33#include <crypto/skcipher.h> 34#include <crypto/aead.h> 35#include <crypto/authenc.h> 36#include <linux/rtnetlink.h> /* for struct rtattr and RTA macros only */ 37#include <linux/key-type.h> 38#include <keys/user-type.h> 39#include <keys/encrypted-type.h> |
| 40#include <keys/trusted-type.h> |
|
| 40 41#include <linux/device-mapper.h> 42 43#define DM_MSG_PREFIX "crypt" 44 45/* 46 * context holding the current state of a multi-part conversion 47 */ --- 80 unchanged lines hidden (view full) --- 128 * and encrypts / decrypts at the same time. 129 */ 130enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID, 131 DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD, 132 DM_CRYPT_NO_READ_WORKQUEUE, DM_CRYPT_NO_WRITE_WORKQUEUE, 133 DM_CRYPT_WRITE_INLINE }; 134 135enum cipher_flags { | 41 42#include <linux/device-mapper.h> 43 44#define DM_MSG_PREFIX "crypt" 45 46/* 47 * context holding the current state of a multi-part conversion 48 */ --- 80 unchanged lines hidden (view full) --- 129 * and encrypts / decrypts at the same time. 130 */ 131enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID, 132 DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD, 133 DM_CRYPT_NO_READ_WORKQUEUE, DM_CRYPT_NO_WRITE_WORKQUEUE, 134 DM_CRYPT_WRITE_INLINE }; 135 136enum cipher_flags { |
| 136 CRYPT_MODE_INTEGRITY_AEAD, /* Use authenticated mode for cihper */ | 137 CRYPT_MODE_INTEGRITY_AEAD, /* Use authenticated mode for cipher */ |
| 137 CRYPT_IV_LARGE_SECTORS, /* Calculate IV from sector_size, not 512B sectors */ 138 CRYPT_ENCRYPT_PREPROCESS, /* Must preprocess data for encryption (elephant) */ 139}; 140 141/* 142 * The fields in here must be read only after initialization. 143 */ 144struct crypt_config { --- 1331 unchanged lines hidden (view full) --- 1476 kcryptd_async_done, dmreq_of_req(cc, ctx->r.req)); 1477 1478 return 0; 1479} 1480 1481static int crypt_alloc_req_aead(struct crypt_config *cc, 1482 struct convert_context *ctx) 1483{ | 138 CRYPT_IV_LARGE_SECTORS, /* Calculate IV from sector_size, not 512B sectors */ 139 CRYPT_ENCRYPT_PREPROCESS, /* Must preprocess data for encryption (elephant) */ 140}; 141 142/* 143 * The fields in here must be read only after initialization. 144 */ 145struct crypt_config { --- 1331 unchanged lines hidden (view full) --- 1477 kcryptd_async_done, dmreq_of_req(cc, ctx->r.req)); 1478 1479 return 0; 1480} 1481 1482static int crypt_alloc_req_aead(struct crypt_config *cc, 1483 struct convert_context *ctx) 1484{ |
| 1484 if (!ctx->r.req) { 1485 ctx->r.req = mempool_alloc(&cc->req_pool, in_interrupt() ? GFP_ATOMIC : GFP_NOIO); 1486 if (!ctx->r.req) | 1485 if (!ctx->r.req_aead) { 1486 ctx->r.req_aead = mempool_alloc(&cc->req_pool, in_interrupt() ? GFP_ATOMIC : GFP_NOIO); 1487 if (!ctx->r.req_aead) |
| 1487 return -ENOMEM; 1488 } 1489 1490 aead_request_set_tfm(ctx->r.req_aead, cc->cipher_tfm.tfms_aead[0]); 1491 1492 /* 1493 * Use REQ_MAY_BACKLOG so a cipher driver internally backlogs 1494 * requests if driver request queue is full. --- 936 unchanged lines hidden (view full) --- 2431 if (cc->key_size != ukp->datalen) 2432 return -EINVAL; 2433 2434 memcpy(cc->key, ukp->data, cc->key_size); 2435 2436 return 0; 2437} 2438 | 1488 return -ENOMEM; 1489 } 1490 1491 aead_request_set_tfm(ctx->r.req_aead, cc->cipher_tfm.tfms_aead[0]); 1492 1493 /* 1494 * Use REQ_MAY_BACKLOG so a cipher driver internally backlogs 1495 * requests if driver request queue is full. --- 936 unchanged lines hidden (view full) --- 2432 if (cc->key_size != ukp->datalen) 2433 return -EINVAL; 2434 2435 memcpy(cc->key, ukp->data, cc->key_size); 2436 2437 return 0; 2438} 2439 |
| 2439#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE) | |
| 2440static int set_key_encrypted(struct crypt_config *cc, struct key *key) 2441{ 2442 const struct encrypted_key_payload *ekp; 2443 2444 ekp = key->payload.data[0]; 2445 if (!ekp) 2446 return -EKEYREVOKED; 2447 2448 if (cc->key_size != ekp->decrypted_datalen) 2449 return -EINVAL; 2450 2451 memcpy(cc->key, ekp->decrypted_data, cc->key_size); 2452 2453 return 0; 2454} | 2440static int set_key_encrypted(struct crypt_config *cc, struct key *key) 2441{ 2442 const struct encrypted_key_payload *ekp; 2443 2444 ekp = key->payload.data[0]; 2445 if (!ekp) 2446 return -EKEYREVOKED; 2447 2448 if (cc->key_size != ekp->decrypted_datalen) 2449 return -EINVAL; 2450 2451 memcpy(cc->key, ekp->decrypted_data, cc->key_size); 2452 2453 return 0; 2454} |
| 2455#endif /* CONFIG_ENCRYPTED_KEYS */ | |
| 2456 | 2455 |
| 2456static int set_key_trusted(struct crypt_config *cc, struct key *key) 2457{ 2458 const struct trusted_key_payload *tkp; 2459 2460 tkp = key->payload.data[0]; 2461 if (!tkp) 2462 return -EKEYREVOKED; 2463 2464 if (cc->key_size != tkp->key_len) 2465 return -EINVAL; 2466 2467 memcpy(cc->key, tkp->key, cc->key_size); 2468 2469 return 0; 2470} 2471 |
|
| 2457static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string) 2458{ 2459 char *new_key_string, *key_desc; 2460 int ret; 2461 struct key_type *type; 2462 struct key *key; 2463 int (*set_key)(struct crypt_config *cc, struct key *key); 2464 --- 12 unchanged lines hidden (view full) --- 2477 return -EINVAL; 2478 2479 if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) { 2480 type = &key_type_logon; 2481 set_key = set_key_user; 2482 } else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) { 2483 type = &key_type_user; 2484 set_key = set_key_user; | 2472static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string) 2473{ 2474 char *new_key_string, *key_desc; 2475 int ret; 2476 struct key_type *type; 2477 struct key *key; 2478 int (*set_key)(struct crypt_config *cc, struct key *key); 2479 --- 12 unchanged lines hidden (view full) --- 2492 return -EINVAL; 2493 2494 if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) { 2495 type = &key_type_logon; 2496 set_key = set_key_user; 2497 } else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) { 2498 type = &key_type_user; 2499 set_key = set_key_user; |
| 2485#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE) 2486 } else if (!strncmp(key_string, "encrypted:", key_desc - key_string + 1)) { | 2500 } else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) && 2501 !strncmp(key_string, "encrypted:", key_desc - key_string + 1)) { |
| 2487 type = &key_type_encrypted; 2488 set_key = set_key_encrypted; | 2502 type = &key_type_encrypted; 2503 set_key = set_key_encrypted; |
| 2489#endif | 2504 } else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) && 2505 !strncmp(key_string, "trusted:", key_desc - key_string + 1)) { 2506 type = &key_type_trusted; 2507 set_key = set_key_trusted; |
| 2490 } else { 2491 return -EINVAL; 2492 } 2493 2494 new_key_string = kstrdup(key_string, GFP_KERNEL); 2495 if (!new_key_string) 2496 return -ENOMEM; 2497 --- 613 unchanged lines hidden (view full) --- 3111 return -EINVAL; 3112 } 3113 } 3114 3115 return 0; 3116} 3117 3118#ifdef CONFIG_BLK_DEV_ZONED | 2508 } else { 2509 return -EINVAL; 2510 } 2511 2512 new_key_string = kstrdup(key_string, GFP_KERNEL); 2513 if (!new_key_string) 2514 return -ENOMEM; 2515 --- 613 unchanged lines hidden (view full) --- 3129 return -EINVAL; 3130 } 3131 } 3132 3133 return 0; 3134} 3135 3136#ifdef CONFIG_BLK_DEV_ZONED |
| 3119 | |
| 3120static int crypt_report_zones(struct dm_target *ti, 3121 struct dm_report_zones_args *args, unsigned int nr_zones) 3122{ 3123 struct crypt_config *cc = ti->private; 3124 sector_t sector = cc->start + dm_target_offset(ti, args->next_sector); 3125 3126 args->start = cc->start; 3127 return blkdev_report_zones(cc->dev->bdev, sector, nr_zones, 3128 dm_report_zones_cb, args); 3129} | 3137static int crypt_report_zones(struct dm_target *ti, 3138 struct dm_report_zones_args *args, unsigned int nr_zones) 3139{ 3140 struct crypt_config *cc = ti->private; 3141 sector_t sector = cc->start + dm_target_offset(ti, args->next_sector); 3142 3143 args->start = cc->start; 3144 return blkdev_report_zones(cc->dev->bdev, sector, nr_zones, 3145 dm_report_zones_cb, args); 3146} |
| 3130 | 3147#else 3148#define crypt_report_zones NULL |
| 3131#endif 3132 3133/* 3134 * Construct an encryption mapping: 3135 * <cipher> [<key>|:<key_size>:<user|logon>:<key_description>] <iv_offset> <dev_path> <start> 3136 */ 3137static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) 3138{ --- 414 unchanged lines hidden (view full) --- 3553 max_t(unsigned, limits->logical_block_size, cc->sector_size); 3554 limits->physical_block_size = 3555 max_t(unsigned, limits->physical_block_size, cc->sector_size); 3556 limits->io_min = max_t(unsigned, limits->io_min, cc->sector_size); 3557} 3558 3559static struct target_type crypt_target = { 3560 .name = "crypt", | 3149#endif 3150 3151/* 3152 * Construct an encryption mapping: 3153 * <cipher> [<key>|:<key_size>:<user|logon>:<key_description>] <iv_offset> <dev_path> <start> 3154 */ 3155static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) 3156{ --- 414 unchanged lines hidden (view full) --- 3571 max_t(unsigned, limits->logical_block_size, cc->sector_size); 3572 limits->physical_block_size = 3573 max_t(unsigned, limits->physical_block_size, cc->sector_size); 3574 limits->io_min = max_t(unsigned, limits->io_min, cc->sector_size); 3575} 3576 3577static struct target_type crypt_target = { 3578 .name = "crypt", |
| 3561 .version = {1, 22, 0}, | 3579 .version = {1, 23, 0}, |
| 3562 .module = THIS_MODULE, 3563 .ctr = crypt_ctr, 3564 .dtr = crypt_dtr, | 3580 .module = THIS_MODULE, 3581 .ctr = crypt_ctr, 3582 .dtr = crypt_dtr, |
| 3565#ifdef CONFIG_BLK_DEV_ZONED | |
| 3566 .features = DM_TARGET_ZONED_HM, 3567 .report_zones = crypt_report_zones, | 3583 .features = DM_TARGET_ZONED_HM, 3584 .report_zones = crypt_report_zones, |
| 3568#endif | |
| 3569 .map = crypt_map, 3570 .status = crypt_status, 3571 .postsuspend = crypt_postsuspend, 3572 .preresume = crypt_preresume, 3573 .resume = crypt_resume, 3574 .message = crypt_message, 3575 .iterate_devices = crypt_iterate_devices, 3576 .io_hints = crypt_io_hints, --- 24 unchanged lines hidden --- | 3585 .map = crypt_map, 3586 .status = crypt_status, 3587 .postsuspend = crypt_postsuspend, 3588 .preresume = crypt_preresume, 3589 .resume = crypt_resume, 3590 .message = crypt_message, 3591 .iterate_devices = crypt_iterate_devices, 3592 .io_hints = crypt_io_hints, --- 24 unchanged lines hidden --- |