// SPDX-License-Identifier: GPL-2.0
|
/*
|
* Copyright (C) 2017 Google, Inc.
|
*/
|
|
#include <linux/blk-crypto.h>
|
#include <linux/device-mapper.h>
|
#include <linux/module.h>
|
|
#define DM_MSG_PREFIX "default-key"
|
|
#define DM_DEFAULT_KEY_MAX_WRAPPED_KEY_SIZE 128
|
|
static const struct dm_default_key_cipher {
|
const char *name;
|
enum blk_crypto_mode_num mode_num;
|
int key_size;
|
} dm_default_key_ciphers[] = {
|
{
|
.name = "aes-xts-plain64",
|
.mode_num = BLK_ENCRYPTION_MODE_AES_256_XTS,
|
.key_size = 64,
|
}, {
|
.name = "xchacha12,aes-adiantum-plain64",
|
.mode_num = BLK_ENCRYPTION_MODE_ADIANTUM,
|
.key_size = 32,
|
},
|
};
|
|
/**
|
* struct dm_default_c - private data of a default-key target
|
* @dev: the underlying device
|
* @start: starting sector of the range of @dev which this target actually maps.
|
* For this purpose a "sector" is 512 bytes.
|
* @cipher_string: the name of the encryption algorithm being used
|
* @iv_offset: starting offset for IVs. IVs are generated as if the target were
|
* preceded by @iv_offset 512-byte sectors.
|
* @sector_size: crypto sector size in bytes (usually 4096)
|
* @sector_bits: log2(sector_size)
|
* @key: the encryption key to use
|
* @max_dun: the maximum DUN that may be used (computed from other params)
|
*/
|
struct default_key_c {
|
struct dm_dev *dev;
|
sector_t start;
|
const char *cipher_string;
|
u64 iv_offset;
|
unsigned int sector_size;
|
unsigned int sector_bits;
|
struct blk_crypto_key key;
|
bool is_hw_wrapped;
|
u64 max_dun;
|
};
|
|
static const struct dm_default_key_cipher *
|
lookup_cipher(const char *cipher_string)
|
{
|
int i;
|
|
for (i = 0; i < ARRAY_SIZE(dm_default_key_ciphers); i++) {
|
if (strcmp(cipher_string, dm_default_key_ciphers[i].name) == 0)
|
return &dm_default_key_ciphers[i];
|
}
|
return NULL;
|
}
|
|
static void default_key_dtr(struct dm_target *ti)
|
{
|
struct default_key_c *dkc = ti->private;
|
int err;
|
|
if (dkc->dev) {
|
err = blk_crypto_evict_key(bdev_get_queue(dkc->dev->bdev),
|
&dkc->key);
|
if (err && err != -ENOKEY)
|
DMWARN("Failed to evict crypto key: %d", err);
|
dm_put_device(ti, dkc->dev);
|
}
|
kfree_sensitive(dkc->cipher_string);
|
kfree_sensitive(dkc);
|
}
|
|
static int default_key_ctr_optional(struct dm_target *ti,
|
unsigned int argc, char **argv)
|
{
|
struct default_key_c *dkc = ti->private;
|
struct dm_arg_set as;
|
static const struct dm_arg _args[] = {
|
{0, 4, "Invalid number of feature args"},
|
};
|
unsigned int opt_params;
|
const char *opt_string;
|
bool iv_large_sectors = false;
|
char dummy;
|
int err;
|
|
as.argc = argc;
|
as.argv = argv;
|
|
err = dm_read_arg_group(_args, &as, &opt_params, &ti->error);
|
if (err)
|
return err;
|
|
while (opt_params--) {
|
opt_string = dm_shift_arg(&as);
|
if (!opt_string) {
|
ti->error = "Not enough feature arguments";
|
return -EINVAL;
|
}
|
if (!strcmp(opt_string, "allow_discards")) {
|
ti->num_discard_bios = 1;
|
} else if (sscanf(opt_string, "sector_size:%u%c",
|
&dkc->sector_size, &dummy) == 1) {
|
if (dkc->sector_size < SECTOR_SIZE ||
|
dkc->sector_size > 4096 ||
|
!is_power_of_2(dkc->sector_size)) {
|
ti->error = "Invalid sector_size";
|
return -EINVAL;
|
}
|
} else if (!strcmp(opt_string, "iv_large_sectors")) {
|
iv_large_sectors = true;
|
} else if (!strcmp(opt_string, "wrappedkey_v0")) {
|
dkc->is_hw_wrapped = true;
|
} else {
|
ti->error = "Invalid feature arguments";
|
return -EINVAL;
|
}
|
}
|
|
/* dm-default-key doesn't implement iv_large_sectors=false. */
|
if (dkc->sector_size != SECTOR_SIZE && !iv_large_sectors) {
|
ti->error = "iv_large_sectors must be specified";
|
return -EINVAL;
|
}
|
|
return 0;
|
}
|
|
/*
|
* Construct a default-key mapping:
|
* <cipher> <key> <iv_offset> <dev_path> <start>
|
*
|
* This syntax matches dm-crypt's, but lots of unneeded functionality has been
|
* removed. Also, dm-default-key requires that the "iv_large_sectors" option be
|
* given whenever a non-default sector size is used.
|
*/
|
static int default_key_ctr(struct dm_target *ti, unsigned int argc, char **argv)
|
{
|
struct default_key_c *dkc;
|
const struct dm_default_key_cipher *cipher;
|
u8 raw_key[DM_DEFAULT_KEY_MAX_WRAPPED_KEY_SIZE];
|
unsigned int raw_key_size;
|
unsigned int dun_bytes;
|
unsigned long long tmpll;
|
char dummy;
|
int err;
|
|
if (argc < 5) {
|
ti->error = "Not enough arguments";
|
return -EINVAL;
|
}
|
|
dkc = kzalloc(sizeof(*dkc), GFP_KERNEL);
|
if (!dkc) {
|
ti->error = "Out of memory";
|
return -ENOMEM;
|
}
|
ti->private = dkc;
|
|
/* <cipher> */
|
dkc->cipher_string = kstrdup(argv[0], GFP_KERNEL);
|
if (!dkc->cipher_string) {
|
ti->error = "Out of memory";
|
err = -ENOMEM;
|
goto bad;
|
}
|
cipher = lookup_cipher(dkc->cipher_string);
|
if (!cipher) {
|
ti->error = "Unsupported cipher";
|
err = -EINVAL;
|
goto bad;
|
}
|
|
/* <key> */
|
raw_key_size = strlen(argv[1]);
|
if (raw_key_size > 2 * DM_DEFAULT_KEY_MAX_WRAPPED_KEY_SIZE ||
|
raw_key_size % 2) {
|
ti->error = "Invalid keysize";
|
err = -EINVAL;
|
goto bad;
|
}
|
raw_key_size /= 2;
|
if (hex2bin(raw_key, argv[1], raw_key_size) != 0) {
|
ti->error = "Malformed key string";
|
err = -EINVAL;
|
goto bad;
|
}
|
|
/* <iv_offset> */
|
if (sscanf(argv[2], "%llu%c", &dkc->iv_offset, &dummy) != 1) {
|
ti->error = "Invalid iv_offset sector";
|
err = -EINVAL;
|
goto bad;
|
}
|
|
/* <dev_path> */
|
err = dm_get_device(ti, argv[3], dm_table_get_mode(ti->table),
|
&dkc->dev);
|
if (err) {
|
ti->error = "Device lookup failed";
|
goto bad;
|
}
|
|
/* <start> */
|
if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1 ||
|
tmpll != (sector_t)tmpll) {
|
ti->error = "Invalid start sector";
|
err = -EINVAL;
|
goto bad;
|
}
|
dkc->start = tmpll;
|
|
/* optional arguments */
|
dkc->sector_size = SECTOR_SIZE;
|
if (argc > 5) {
|
err = default_key_ctr_optional(ti, argc - 5, &argv[5]);
|
if (err)
|
goto bad;
|
}
|
dkc->sector_bits = ilog2(dkc->sector_size);
|
if (ti->len & ((dkc->sector_size >> SECTOR_SHIFT) - 1)) {
|
ti->error = "Device size is not a multiple of sector_size";
|
err = -EINVAL;
|
goto bad;
|
}
|
|
dkc->max_dun = (dkc->iv_offset + ti->len - 1) >>
|
(dkc->sector_bits - SECTOR_SHIFT);
|
dun_bytes = DIV_ROUND_UP(fls64(dkc->max_dun), 8);
|
|
err = blk_crypto_init_key(&dkc->key, raw_key, raw_key_size,
|
dkc->is_hw_wrapped, cipher->mode_num,
|
dun_bytes, dkc->sector_size);
|
if (err) {
|
ti->error = "Error initializing blk-crypto key";
|
goto bad;
|
}
|
|
err = blk_crypto_start_using_key(&dkc->key,
|
bdev_get_queue(dkc->dev->bdev));
|
if (err) {
|
ti->error = "Error starting to use blk-crypto";
|
goto bad;
|
}
|
|
ti->num_flush_bios = 1;
|
|
err = 0;
|
goto out;
|
|
bad:
|
default_key_dtr(ti);
|
out:
|
memzero_explicit(raw_key, sizeof(raw_key));
|
return err;
|
}
|
|
static int default_key_map(struct dm_target *ti, struct bio *bio)
|
{
|
const struct default_key_c *dkc = ti->private;
|
sector_t sector_in_target;
|
u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE] = { 0 };
|
|
bio_set_dev(bio, dkc->dev->bdev);
|
|
/*
|
* If the bio is a device-level request which doesn't target a specific
|
* sector, there's nothing more to do.
|
*/
|
if (bio_sectors(bio) == 0)
|
return DM_MAPIO_REMAPPED;
|
|
/* Map the bio's sector to the underlying device. (512-byte sectors) */
|
sector_in_target = dm_target_offset(ti, bio->bi_iter.bi_sector);
|
bio->bi_iter.bi_sector = dkc->start + sector_in_target;
|
|
/*
|
* If the bio should skip dm-default-key (i.e. if it's for an encrypted
|
* file's contents), or if it doesn't have any data (e.g. if it's a
|
* DISCARD request), there's nothing more to do.
|
*/
|
if (bio_should_skip_dm_default_key(bio) || !bio_has_data(bio))
|
return DM_MAPIO_REMAPPED;
|
|
/*
|
* Else, dm-default-key needs to set this bio's encryption context.
|
* It must not already have one.
|
*/
|
if (WARN_ON_ONCE(bio_has_crypt_ctx(bio)))
|
return DM_MAPIO_KILL;
|
|
/* Calculate the DUN and enforce data-unit (crypto sector) alignment. */
|
dun[0] = dkc->iv_offset + sector_in_target; /* 512-byte sectors */
|
if (dun[0] & ((dkc->sector_size >> SECTOR_SHIFT) - 1))
|
return DM_MAPIO_KILL;
|
dun[0] >>= dkc->sector_bits - SECTOR_SHIFT; /* crypto sectors */
|
|
/*
|
* This check isn't necessary as we should have calculated max_dun
|
* correctly, but be safe.
|
*/
|
if (WARN_ON_ONCE(dun[0] > dkc->max_dun))
|
return DM_MAPIO_KILL;
|
|
bio_crypt_set_ctx(bio, &dkc->key, dun, GFP_NOIO);
|
|
return DM_MAPIO_REMAPPED;
|
}
|
|
static void default_key_status(struct dm_target *ti, status_type_t type,
|
unsigned int status_flags, char *result,
|
unsigned int maxlen)
|
{
|
const struct default_key_c *dkc = ti->private;
|
unsigned int sz = 0;
|
int num_feature_args = 0;
|
|
switch (type) {
|
case STATUSTYPE_INFO:
|
result[0] = '\0';
|
break;
|
|
case STATUSTYPE_TABLE:
|
/* Omit the key for now. */
|
DMEMIT("%s - %llu %s %llu", dkc->cipher_string, dkc->iv_offset,
|
dkc->dev->name, (unsigned long long)dkc->start);
|
|
num_feature_args += !!ti->num_discard_bios;
|
if (dkc->sector_size != SECTOR_SIZE)
|
num_feature_args += 2;
|
if (dkc->is_hw_wrapped)
|
num_feature_args += 1;
|
if (num_feature_args != 0) {
|
DMEMIT(" %d", num_feature_args);
|
if (ti->num_discard_bios)
|
DMEMIT(" allow_discards");
|
if (dkc->sector_size != SECTOR_SIZE) {
|
DMEMIT(" sector_size:%u", dkc->sector_size);
|
DMEMIT(" iv_large_sectors");
|
}
|
if (dkc->is_hw_wrapped)
|
DMEMIT(" wrappedkey_v0");
|
}
|
break;
|
}
|
}
|
|
static int default_key_prepare_ioctl(struct dm_target *ti,
|
struct block_device **bdev)
|
{
|
const struct default_key_c *dkc = ti->private;
|
const struct dm_dev *dev = dkc->dev;
|
|
*bdev = dev->bdev;
|
|
/* Only pass ioctls through if the device sizes match exactly. */
|
if (dkc->start != 0 ||
|
ti->len != i_size_read(dev->bdev->bd_inode) >> SECTOR_SHIFT)
|
return 1;
|
return 0;
|
}
|
|
static int default_key_iterate_devices(struct dm_target *ti,
|
iterate_devices_callout_fn fn,
|
void *data)
|
{
|
const struct default_key_c *dkc = ti->private;
|
|
return fn(ti, dkc->dev, dkc->start, ti->len, data);
|
}
|
|
static void default_key_io_hints(struct dm_target *ti,
|
struct queue_limits *limits)
|
{
|
const struct default_key_c *dkc = ti->private;
|
const unsigned int sector_size = dkc->sector_size;
|
|
limits->logical_block_size =
|
max_t(unsigned int, limits->logical_block_size, sector_size);
|
limits->physical_block_size =
|
max_t(unsigned int, limits->physical_block_size, sector_size);
|
limits->io_min = max_t(unsigned int, limits->io_min, sector_size);
|
}
|
|
static struct target_type default_key_target = {
|
.name = "default-key",
|
.version = {2, 1, 0},
|
.features = DM_TARGET_PASSES_CRYPTO,
|
.module = THIS_MODULE,
|
.ctr = default_key_ctr,
|
.dtr = default_key_dtr,
|
.map = default_key_map,
|
.status = default_key_status,
|
.prepare_ioctl = default_key_prepare_ioctl,
|
.iterate_devices = default_key_iterate_devices,
|
.io_hints = default_key_io_hints,
|
};
|
|
static int __init dm_default_key_init(void)
|
{
|
return dm_register_target(&default_key_target);
|
}
|
|
static void __exit dm_default_key_exit(void)
|
{
|
dm_unregister_target(&default_key_target);
|
}
|
|
module_init(dm_default_key_init);
|
module_exit(dm_default_key_exit);
|
|
MODULE_AUTHOR("Paul Lawrence <paullawrence@google.com>");
|
MODULE_AUTHOR("Paul Crowley <paulcrowley@google.com>");
|
MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
|
MODULE_DESCRIPTION(DM_NAME " target for encrypting filesystem metadata");
|
MODULE_LICENSE("GPL");
|
