diff options
author | Sage Weil <sage@newdream.net> | 2010-02-02 19:07:07 -0500 |
---|---|---|
committer | Sage Weil <sage@newdream.net> | 2010-02-10 18:04:46 -0500 |
commit | 8b6e4f2d8b21c25225b1ce8d53a2e03b92cc8522 (patch) | |
tree | a89355726cc37f064629232360574531eec8dc4a | |
parent | c7e337d6490d6f2f5e66ddf1b04d00b0dbd10108 (diff) |
ceph: aes crypto and base64 encode/decode helpers
Helpers to encrypt/decrypt AES and base64.
Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
-rw-r--r-- | fs/ceph/Kconfig | 1 | ||||
-rw-r--r-- | fs/ceph/Makefile | 1 | ||||
-rw-r--r-- | fs/ceph/armor.c | 99 | ||||
-rw-r--r-- | fs/ceph/crypto.c | 408 | ||||
-rw-r--r-- | fs/ceph/crypto.h | 48 |
5 files changed, 557 insertions, 0 deletions
diff --git a/fs/ceph/Kconfig b/fs/ceph/Kconfig index bc1fbd956187..04b8280582a9 100644 --- a/fs/ceph/Kconfig +++ b/fs/ceph/Kconfig | |||
@@ -2,6 +2,7 @@ config CEPH_FS | |||
2 | tristate "Ceph distributed file system (EXPERIMENTAL)" | 2 | tristate "Ceph distributed file system (EXPERIMENTAL)" |
3 | depends on INET && EXPERIMENTAL | 3 | depends on INET && EXPERIMENTAL |
4 | select LIBCRC32C | 4 | select LIBCRC32C |
5 | select CONFIG_CRYPTO_AES | ||
5 | help | 6 | help |
6 | Choose Y or M here to include support for mounting the | 7 | Choose Y or M here to include support for mounting the |
7 | experimental Ceph distributed file system. Ceph is an extremely | 8 | experimental Ceph distributed file system. Ceph is an extremely |
diff --git a/fs/ceph/Makefile b/fs/ceph/Makefile index 47caf2f1b75a..85a588e43e7d 100644 --- a/fs/ceph/Makefile +++ b/fs/ceph/Makefile | |||
@@ -14,6 +14,7 @@ ceph-objs := super.o inode.o dir.o file.o addr.o ioctl.o \ | |||
14 | osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \ | 14 | osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \ |
15 | debugfs.o \ | 15 | debugfs.o \ |
16 | auth.o auth_none.o \ | 16 | auth.o auth_none.o \ |
17 | crypto.o armor.o \ | ||
17 | ceph_fs.o ceph_strings.o ceph_hash.o ceph_frag.o | 18 | ceph_fs.o ceph_strings.o ceph_hash.o ceph_frag.o |
18 | 19 | ||
19 | else | 20 | else |
diff --git a/fs/ceph/armor.c b/fs/ceph/armor.c new file mode 100644 index 000000000000..67b2c030924b --- /dev/null +++ b/fs/ceph/armor.c | |||
@@ -0,0 +1,99 @@ | |||
1 | |||
2 | #include <linux/errno.h> | ||
3 | |||
4 | /* | ||
5 | * base64 encode/decode. | ||
6 | */ | ||
7 | |||
8 | const char *pem_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | ||
9 | |||
10 | static int encode_bits(int c) | ||
11 | { | ||
12 | return pem_key[c]; | ||
13 | } | ||
14 | |||
15 | static int decode_bits(char c) | ||
16 | { | ||
17 | if (c >= 'A' && c <= 'Z') | ||
18 | return c - 'A'; | ||
19 | if (c >= 'a' && c <= 'z') | ||
20 | return c - 'a' + 26; | ||
21 | if (c >= '0' && c <= '9') | ||
22 | return c - '0' + 52; | ||
23 | if (c == '+') | ||
24 | return 62; | ||
25 | if (c == '/') | ||
26 | return 63; | ||
27 | if (c == '=') | ||
28 | return 0; /* just non-negative, please */ | ||
29 | return -EINVAL; | ||
30 | } | ||
31 | |||
32 | int ceph_armor(char *dst, const char *src, const char *end) | ||
33 | { | ||
34 | int olen = 0; | ||
35 | int line = 0; | ||
36 | |||
37 | while (src < end) { | ||
38 | unsigned char a, b, c; | ||
39 | |||
40 | a = *src++; | ||
41 | *dst++ = encode_bits(a >> 2); | ||
42 | if (src < end) { | ||
43 | b = *src++; | ||
44 | *dst++ = encode_bits(((a & 3) << 4) | (b >> 4)); | ||
45 | if (src < end) { | ||
46 | c = *src++; | ||
47 | *dst++ = encode_bits(((b & 15) << 2) | | ||
48 | (c >> 6)); | ||
49 | *dst++ = encode_bits(c & 63); | ||
50 | } else { | ||
51 | *dst++ = encode_bits((b & 15) << 2); | ||
52 | *dst++ = '='; | ||
53 | } | ||
54 | } else { | ||
55 | *dst++ = encode_bits(((a & 3) << 4)); | ||
56 | *dst++ = '='; | ||
57 | *dst++ = '='; | ||
58 | } | ||
59 | olen += 4; | ||
60 | line += 4; | ||
61 | if (line == 64) { | ||
62 | line = 0; | ||
63 | *(dst++) = '\n'; | ||
64 | olen++; | ||
65 | } | ||
66 | } | ||
67 | return olen; | ||
68 | } | ||
69 | |||
70 | int ceph_unarmor(char *dst, const char *src, const char *end) | ||
71 | { | ||
72 | int olen = 0; | ||
73 | |||
74 | while (src < end) { | ||
75 | int a, b, c, d; | ||
76 | |||
77 | if (src < end && src[0] == '\n') | ||
78 | src++; | ||
79 | if (src + 4 > end) | ||
80 | return -EINVAL; | ||
81 | a = decode_bits(src[0]); | ||
82 | b = decode_bits(src[1]); | ||
83 | c = decode_bits(src[2]); | ||
84 | d = decode_bits(src[3]); | ||
85 | if (a < 0 || b < 0 || c < 0 || d < 0) | ||
86 | return -EINVAL; | ||
87 | |||
88 | *dst++ = (a << 2) | (b >> 4); | ||
89 | if (src[2] == '=') | ||
90 | return olen + 1; | ||
91 | *dst++ = ((b & 15) << 4) | (c >> 2); | ||
92 | if (src[3] == '=') | ||
93 | return olen + 2; | ||
94 | *dst++ = ((c & 3) << 6) | d; | ||
95 | olen += 3; | ||
96 | src += 4; | ||
97 | } | ||
98 | return olen; | ||
99 | } | ||
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c new file mode 100644 index 000000000000..291ac288e791 --- /dev/null +++ b/fs/ceph/crypto.c | |||
@@ -0,0 +1,408 @@ | |||
1 | |||
2 | #include "ceph_debug.h" | ||
3 | |||
4 | #include <linux/err.h> | ||
5 | #include <linux/scatterlist.h> | ||
6 | #include <crypto/hash.h> | ||
7 | |||
8 | #include "crypto.h" | ||
9 | #include "decode.h" | ||
10 | |||
11 | int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) | ||
12 | { | ||
13 | if (*p + sizeof(u16) + sizeof(key->created) + | ||
14 | sizeof(u16) + key->len > end) | ||
15 | return -ERANGE; | ||
16 | ceph_encode_16(p, key->type); | ||
17 | ceph_encode_copy(p, &key->created, sizeof(key->created)); | ||
18 | ceph_encode_16(p, key->len); | ||
19 | ceph_encode_copy(p, key->key, key->len); | ||
20 | return 0; | ||
21 | } | ||
22 | |||
23 | int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) | ||
24 | { | ||
25 | ceph_decode_need(p, end, 2*sizeof(u16) + sizeof(key->created), bad); | ||
26 | key->type = ceph_decode_16(p); | ||
27 | ceph_decode_copy(p, &key->created, sizeof(key->created)); | ||
28 | key->len = ceph_decode_16(p); | ||
29 | ceph_decode_need(p, end, key->len, bad); | ||
30 | key->key = kmalloc(key->len, GFP_NOFS); | ||
31 | if (!key->key) | ||
32 | return -ENOMEM; | ||
33 | ceph_decode_copy(p, key->key, key->len); | ||
34 | return 0; | ||
35 | |||
36 | bad: | ||
37 | dout("failed to decode crypto key\n"); | ||
38 | return -EINVAL; | ||
39 | } | ||
40 | |||
41 | int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) | ||
42 | { | ||
43 | int inlen = strlen(inkey); | ||
44 | int blen = inlen * 3 / 4; | ||
45 | void *buf, *p; | ||
46 | int ret; | ||
47 | |||
48 | dout("crypto_key_unarmor %s\n", inkey); | ||
49 | buf = kmalloc(blen, GFP_NOFS); | ||
50 | if (!buf) | ||
51 | return -ENOMEM; | ||
52 | blen = ceph_unarmor(buf, inkey, inkey+inlen); | ||
53 | if (blen < 0) { | ||
54 | kfree(buf); | ||
55 | return blen; | ||
56 | } | ||
57 | |||
58 | p = buf; | ||
59 | ret = ceph_crypto_key_decode(key, &p, p + blen); | ||
60 | kfree(buf); | ||
61 | if (ret) | ||
62 | return ret; | ||
63 | dout("crypto_key_unarmor key %p type %d len %d\n", key, | ||
64 | key->type, key->len); | ||
65 | return 0; | ||
66 | } | ||
67 | |||
68 | |||
69 | |||
70 | #define AES_KEY_SIZE 16 | ||
71 | |||
72 | static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void) | ||
73 | { | ||
74 | return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC); | ||
75 | } | ||
76 | |||
77 | const u8 *aes_iv = "cephsageyudagreg"; | ||
78 | |||
79 | int ceph_aes_encrypt(const void *key, int key_len, void *dst, size_t *dst_len, | ||
80 | const void *src, size_t src_len) | ||
81 | { | ||
82 | struct scatterlist sg_in[2], sg_out[1]; | ||
83 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
84 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; | ||
85 | int ret; | ||
86 | void *iv; | ||
87 | int ivsize; | ||
88 | size_t zero_padding = (0x10 - (src_len & 0x0f)); | ||
89 | char pad[16]; | ||
90 | |||
91 | if (IS_ERR(tfm)) | ||
92 | return PTR_ERR(tfm); | ||
93 | |||
94 | memset(pad, zero_padding, zero_padding); | ||
95 | |||
96 | *dst_len = src_len + zero_padding; | ||
97 | |||
98 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
99 | sg_init_table(sg_in, 2); | ||
100 | sg_set_buf(&sg_in[0], src, src_len); | ||
101 | sg_set_buf(&sg_in[1], pad, zero_padding); | ||
102 | sg_init_table(sg_out, 1); | ||
103 | sg_set_buf(sg_out, dst, *dst_len); | ||
104 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
105 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
106 | |||
107 | memcpy(iv, aes_iv, ivsize); | ||
108 | /* | ||
109 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, | ||
110 | key, key_len, 1); | ||
111 | print_hex_dump(KERN_ERR, "enc src: ", DUMP_PREFIX_NONE, 16, 1, | ||
112 | src, src_len, 1); | ||
113 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, | ||
114 | pad, zero_padding, 1); | ||
115 | */ | ||
116 | ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | ||
117 | src_len + zero_padding); | ||
118 | crypto_free_blkcipher(tfm); | ||
119 | if (ret < 0) | ||
120 | pr_err("ceph_aes_crypt failed %d\n", ret); | ||
121 | /* | ||
122 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, | ||
123 | dst, *dst_len, 1); | ||
124 | */ | ||
125 | return 0; | ||
126 | } | ||
127 | |||
128 | int ceph_aes_encrypt2(const void *key, int key_len, void *dst, size_t *dst_len, | ||
129 | const void *src1, size_t src1_len, | ||
130 | const void *src2, size_t src2_len) | ||
131 | { | ||
132 | struct scatterlist sg_in[3], sg_out[1]; | ||
133 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
134 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; | ||
135 | int ret; | ||
136 | void *iv; | ||
137 | int ivsize; | ||
138 | size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f)); | ||
139 | char pad[16]; | ||
140 | |||
141 | if (IS_ERR(tfm)) | ||
142 | return PTR_ERR(tfm); | ||
143 | |||
144 | memset(pad, zero_padding, zero_padding); | ||
145 | |||
146 | *dst_len = src1_len + src2_len + zero_padding; | ||
147 | |||
148 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
149 | sg_init_table(sg_in, 3); | ||
150 | sg_set_buf(&sg_in[0], src1, src1_len); | ||
151 | sg_set_buf(&sg_in[1], src2, src2_len); | ||
152 | sg_set_buf(&sg_in[2], pad, zero_padding); | ||
153 | sg_init_table(sg_out, 1); | ||
154 | sg_set_buf(sg_out, dst, *dst_len); | ||
155 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
156 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
157 | |||
158 | memcpy(iv, aes_iv, ivsize); | ||
159 | /* | ||
160 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, | ||
161 | key, key_len, 1); | ||
162 | print_hex_dump(KERN_ERR, "enc src1: ", DUMP_PREFIX_NONE, 16, 1, | ||
163 | src1, src1_len, 1); | ||
164 | print_hex_dump(KERN_ERR, "enc src2: ", DUMP_PREFIX_NONE, 16, 1, | ||
165 | src2, src2_len, 1); | ||
166 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, | ||
167 | pad, zero_padding, 1); | ||
168 | */ | ||
169 | ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | ||
170 | src1_len + src2_len + zero_padding); | ||
171 | crypto_free_blkcipher(tfm); | ||
172 | if (ret < 0) | ||
173 | pr_err("ceph_aes_crypt2 failed %d\n", ret); | ||
174 | /* | ||
175 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, | ||
176 | dst, *dst_len, 1); | ||
177 | */ | ||
178 | return 0; | ||
179 | } | ||
180 | |||
181 | int ceph_aes_decrypt(const void *key, int key_len, void *dst, size_t *dst_len, | ||
182 | const void *src, size_t src_len) | ||
183 | { | ||
184 | struct scatterlist sg_in[1], sg_out[2]; | ||
185 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
186 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
187 | char pad[16]; | ||
188 | void *iv; | ||
189 | int ivsize; | ||
190 | int ret; | ||
191 | int last_byte; | ||
192 | |||
193 | if (IS_ERR(tfm)) | ||
194 | return PTR_ERR(tfm); | ||
195 | |||
196 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
197 | sg_init_table(sg_in, 1); | ||
198 | sg_init_table(sg_out, 2); | ||
199 | sg_set_buf(sg_in, src, src_len); | ||
200 | sg_set_buf(&sg_out[0], dst, *dst_len); | ||
201 | sg_set_buf(&sg_out[1], pad, sizeof(pad)); | ||
202 | |||
203 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
204 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
205 | |||
206 | memcpy(iv, aes_iv, ivsize); | ||
207 | |||
208 | /* | ||
209 | print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1, | ||
210 | key, key_len, 1); | ||
211 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, | ||
212 | src, src_len, 1); | ||
213 | */ | ||
214 | |||
215 | ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | ||
216 | crypto_free_blkcipher(tfm); | ||
217 | if (ret < 0) { | ||
218 | pr_err("ceph_aes_decrypt failed %d\n", ret); | ||
219 | return ret; | ||
220 | } | ||
221 | |||
222 | if (src_len <= *dst_len) | ||
223 | last_byte = ((char *)dst)[src_len - 1]; | ||
224 | else | ||
225 | last_byte = pad[src_len - *dst_len - 1]; | ||
226 | if (last_byte <= 16 && src_len >= last_byte) { | ||
227 | *dst_len = src_len - last_byte; | ||
228 | } else { | ||
229 | pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n", | ||
230 | last_byte, (int)src_len); | ||
231 | return -EPERM; /* bad padding */ | ||
232 | } | ||
233 | /* | ||
234 | print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, | ||
235 | dst, *dst_len, 1); | ||
236 | */ | ||
237 | return 0; | ||
238 | } | ||
239 | |||
240 | int ceph_aes_decrypt2(const void *key, int key_len, | ||
241 | void *dst1, size_t *dst1_len, | ||
242 | void *dst2, size_t *dst2_len, | ||
243 | const void *src, size_t src_len) | ||
244 | { | ||
245 | struct scatterlist sg_in[1], sg_out[3]; | ||
246 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
247 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
248 | char pad[16]; | ||
249 | void *iv; | ||
250 | int ivsize; | ||
251 | int ret; | ||
252 | int last_byte; | ||
253 | |||
254 | if (IS_ERR(tfm)) | ||
255 | return PTR_ERR(tfm); | ||
256 | |||
257 | sg_init_table(sg_in, 1); | ||
258 | sg_set_buf(sg_in, src, src_len); | ||
259 | sg_init_table(sg_out, 3); | ||
260 | sg_set_buf(&sg_out[0], dst1, *dst1_len); | ||
261 | sg_set_buf(&sg_out[1], dst2, *dst2_len); | ||
262 | sg_set_buf(&sg_out[2], pad, sizeof(pad)); | ||
263 | |||
264 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
265 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
266 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
267 | |||
268 | memcpy(iv, aes_iv, ivsize); | ||
269 | |||
270 | /* | ||
271 | print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1, | ||
272 | key, key_len, 1); | ||
273 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, | ||
274 | src, src_len, 1); | ||
275 | */ | ||
276 | |||
277 | ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | ||
278 | crypto_free_blkcipher(tfm); | ||
279 | if (ret < 0) { | ||
280 | pr_err("ceph_aes_decrypt failed %d\n", ret); | ||
281 | return ret; | ||
282 | } | ||
283 | |||
284 | if (src_len <= *dst1_len) | ||
285 | last_byte = ((char *)dst1)[src_len - 1]; | ||
286 | else if (src_len <= *dst1_len + *dst2_len) | ||
287 | last_byte = ((char *)dst2)[src_len - *dst1_len - 1]; | ||
288 | else | ||
289 | last_byte = pad[src_len - *dst1_len - *dst2_len - 1]; | ||
290 | if (last_byte <= 16 && src_len >= last_byte) { | ||
291 | src_len -= last_byte; | ||
292 | } else { | ||
293 | pr_err("ceph_aes_decrypt got bad padding %d on src len %d\n", | ||
294 | last_byte, (int)src_len); | ||
295 | return -EPERM; /* bad padding */ | ||
296 | } | ||
297 | |||
298 | if (src_len < *dst1_len) { | ||
299 | *dst1_len = src_len; | ||
300 | *dst2_len = 0; | ||
301 | } else { | ||
302 | *dst2_len = src_len - *dst1_len; | ||
303 | } | ||
304 | /* | ||
305 | print_hex_dump(KERN_ERR, "dec out1: ", DUMP_PREFIX_NONE, 16, 1, | ||
306 | dst1, *dst1_len, 1); | ||
307 | print_hex_dump(KERN_ERR, "dec out2: ", DUMP_PREFIX_NONE, 16, 1, | ||
308 | dst2, *dst2_len, 1); | ||
309 | */ | ||
310 | |||
311 | return 0; | ||
312 | } | ||
313 | |||
314 | |||
315 | int ceph_decrypt(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, | ||
316 | const void *src, size_t src_len) | ||
317 | { | ||
318 | switch (secret->type) { | ||
319 | case CEPH_CRYPTO_NONE: | ||
320 | if (*dst_len < src_len) | ||
321 | return -ERANGE; | ||
322 | memcpy(dst, src, src_len); | ||
323 | *dst_len = src_len; | ||
324 | return 0; | ||
325 | |||
326 | case CEPH_CRYPTO_AES: | ||
327 | return ceph_aes_decrypt(secret->key, secret->len, dst, | ||
328 | dst_len, src, src_len); | ||
329 | |||
330 | default: | ||
331 | return -EINVAL; | ||
332 | } | ||
333 | } | ||
334 | |||
335 | int ceph_decrypt2(struct ceph_crypto_key *secret, | ||
336 | void *dst1, size_t *dst1_len, | ||
337 | void *dst2, size_t *dst2_len, | ||
338 | const void *src, size_t src_len) | ||
339 | { | ||
340 | size_t t; | ||
341 | |||
342 | switch (secret->type) { | ||
343 | case CEPH_CRYPTO_NONE: | ||
344 | if (*dst1_len + *dst2_len < src_len) | ||
345 | return -ERANGE; | ||
346 | t = min(*dst1_len, src_len); | ||
347 | memcpy(dst1, src, t); | ||
348 | *dst1_len = t; | ||
349 | src += t; | ||
350 | src_len -= t; | ||
351 | if (src_len) { | ||
352 | t = min(*dst2_len, src_len); | ||
353 | memcpy(dst2, src, t); | ||
354 | *dst2_len = t; | ||
355 | } | ||
356 | return 0; | ||
357 | |||
358 | case CEPH_CRYPTO_AES: | ||
359 | return ceph_aes_decrypt2(secret->key, secret->len, | ||
360 | dst1, dst1_len, dst2, dst2_len, | ||
361 | src, src_len); | ||
362 | |||
363 | default: | ||
364 | return -EINVAL; | ||
365 | } | ||
366 | } | ||
367 | |||
368 | int ceph_encrypt(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, | ||
369 | const void *src, size_t src_len) | ||
370 | { | ||
371 | switch (secret->type) { | ||
372 | case CEPH_CRYPTO_NONE: | ||
373 | if (*dst_len < src_len) | ||
374 | return -ERANGE; | ||
375 | memcpy(dst, src, src_len); | ||
376 | *dst_len = src_len; | ||
377 | return 0; | ||
378 | |||
379 | case CEPH_CRYPTO_AES: | ||
380 | return ceph_aes_encrypt(secret->key, secret->len, dst, | ||
381 | dst_len, src, src_len); | ||
382 | |||
383 | default: | ||
384 | return -EINVAL; | ||
385 | } | ||
386 | } | ||
387 | |||
388 | int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, | ||
389 | const void *src1, size_t src1_len, | ||
390 | const void *src2, size_t src2_len) | ||
391 | { | ||
392 | switch (secret->type) { | ||
393 | case CEPH_CRYPTO_NONE: | ||
394 | if (*dst_len < src1_len + src2_len) | ||
395 | return -ERANGE; | ||
396 | memcpy(dst, src1, src1_len); | ||
397 | memcpy(dst + src1_len, src2, src2_len); | ||
398 | *dst_len = src1_len + src2_len; | ||
399 | return 0; | ||
400 | |||
401 | case CEPH_CRYPTO_AES: | ||
402 | return ceph_aes_encrypt2(secret->key, secret->len, dst, dst_len, | ||
403 | src1, src1_len, src2, src2_len); | ||
404 | |||
405 | default: | ||
406 | return -EINVAL; | ||
407 | } | ||
408 | } | ||
diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h new file mode 100644 index 000000000000..40b502e6bd89 --- /dev/null +++ b/fs/ceph/crypto.h | |||
@@ -0,0 +1,48 @@ | |||
1 | #ifndef _FS_CEPH_CRYPTO_H | ||
2 | #define _FS_CEPH_CRYPTO_H | ||
3 | |||
4 | #include "types.h" | ||
5 | #include "buffer.h" | ||
6 | |||
7 | /* | ||
8 | * cryptographic secret | ||
9 | */ | ||
10 | struct ceph_crypto_key { | ||
11 | int type; | ||
12 | struct ceph_timespec created; | ||
13 | int len; | ||
14 | void *key; | ||
15 | }; | ||
16 | |||
17 | static inline void ceph_crypto_key_destroy(struct ceph_crypto_key *key) | ||
18 | { | ||
19 | kfree(key->key); | ||
20 | } | ||
21 | |||
22 | extern int ceph_crypto_key_encode(struct ceph_crypto_key *key, | ||
23 | void **p, void *end); | ||
24 | extern int ceph_crypto_key_decode(struct ceph_crypto_key *key, | ||
25 | void **p, void *end); | ||
26 | extern int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *in); | ||
27 | |||
28 | /* crypto.c */ | ||
29 | extern int ceph_decrypt(struct ceph_crypto_key *secret, | ||
30 | void *dst, size_t *dst_len, | ||
31 | const void *src, size_t src_len); | ||
32 | extern int ceph_encrypt(struct ceph_crypto_key *secret, | ||
33 | void *dst, size_t *dst_len, | ||
34 | const void *src, size_t src_len); | ||
35 | extern int ceph_decrypt2(struct ceph_crypto_key *secret, | ||
36 | void *dst1, size_t *dst1_len, | ||
37 | void *dst2, size_t *dst2_len, | ||
38 | const void *src, size_t src_len); | ||
39 | extern int ceph_encrypt2(struct ceph_crypto_key *secret, | ||
40 | void *dst, size_t *dst_len, | ||
41 | const void *src1, size_t src1_len, | ||
42 | const void *src2, size_t src2_len); | ||
43 | |||
44 | /* armor.c */ | ||
45 | extern int ceph_armor(char *dst, const void *src, const void *end); | ||
46 | extern int ceph_unarmor(void *dst, const char *src, const char *end); | ||
47 | |||
48 | #endif | ||