Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / linux / drivers / md / dm-default-key.c
blob: 1d6b5acbdf67dfe48eb4b526bbb6a59d07515ed5 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 2017 Google, Inc.
4 */
5
6#include <linux/blk-crypto.h>
7#include <linux/device-mapper.h>
8#include <linux/module.h>
9
10#define DM_MSG_PREFIX "default-key"
11
12#define DM_DEFAULT_KEY_MAX_WRAPPED_KEY_SIZE 128
13
14static const struct dm_default_key_cipher {
15 const char *name;
16 enum blk_crypto_mode_num mode_num;
17 int key_size;
18} dm_default_key_ciphers[] = {
19 {
20 .name = "aes-xts-plain64",
21 .mode_num = BLK_ENCRYPTION_MODE_AES_256_XTS,
22 .key_size = 64,
23 }, {
24 .name = "xchacha12,aes-adiantum-plain64",
25 .mode_num = BLK_ENCRYPTION_MODE_ADIANTUM,
26 .key_size = 32,
27 },
28};
29
30/**
31 * struct dm_default_c - private data of a default-key target
32 * @dev: the underlying device
33 * @start: starting sector of the range of @dev which this target actually maps.
34 * For this purpose a "sector" is 512 bytes.
35 * @cipher_string: the name of the encryption algorithm being used
36 * @iv_offset: starting offset for IVs. IVs are generated as if the target were
37 * preceded by @iv_offset 512-byte sectors.
38 * @sector_size: crypto sector size in bytes (usually 4096)
39 * @sector_bits: log2(sector_size)
40 * @key: the encryption key to use
41 * @max_dun: the maximum DUN that may be used (computed from other params)
42 */
43struct default_key_c {
44 struct dm_dev *dev;
45 sector_t start;
46 const char *cipher_string;
47 u64 iv_offset;
48 unsigned int sector_size;
49 unsigned int sector_bits;
50 struct blk_crypto_key key;
51 bool is_hw_wrapped;
52 u64 max_dun;
53};
54
55static const struct dm_default_key_cipher *
56lookup_cipher(const char *cipher_string)
57{
58 int i;
59
60 for (i = 0; i < ARRAY_SIZE(dm_default_key_ciphers); i++) {
61 if (strcmp(cipher_string, dm_default_key_ciphers[i].name) == 0)
62 return &dm_default_key_ciphers[i];
63 }
64 return NULL;
65}
66
67static void default_key_dtr(struct dm_target *ti)
68{
69 struct default_key_c *dkc = ti->private;
70
71 if (dkc->dev) {
72 blk_crypto_evict_key(bdev_get_queue(dkc->dev->bdev), &dkc->key);
73 dm_put_device(ti, dkc->dev);
74 }
75 kzfree(dkc->cipher_string);
76 kzfree(dkc);
77}
78
79static int default_key_ctr_optional(struct dm_target *ti,
80 unsigned int argc, char **argv)
81{
82 struct default_key_c *dkc = ti->private;
83 struct dm_arg_set as;
84 static const struct dm_arg _args[] = {
85 {0, 4, "Invalid number of feature args"},
86 };
87 unsigned int opt_params;
88 const char *opt_string;
89 bool iv_large_sectors = false;
90 char dummy;
91 int err;
92
93 as.argc = argc;
94 as.argv = argv;
95
96 err = dm_read_arg_group(_args, &as, &opt_params, &ti->error);
97 if (err)
98 return err;
99
100 while (opt_params--) {
101 opt_string = dm_shift_arg(&as);
102 if (!opt_string) {
103 ti->error = "Not enough feature arguments";
104 return -EINVAL;
105 }
106 if (!strcmp(opt_string, "allow_discards")) {
107 ti->num_discard_bios = 1;
108 } else if (sscanf(opt_string, "sector_size:%u%c",
109 &dkc->sector_size, &dummy) == 1) {
110 if (dkc->sector_size < SECTOR_SIZE ||
111 dkc->sector_size > 4096 ||
112 !is_power_of_2(dkc->sector_size)) {
113 ti->error = "Invalid sector_size";
114 return -EINVAL;
115 }
116 } else if (!strcmp(opt_string, "iv_large_sectors")) {
117 iv_large_sectors = true;
118 } else if (!strcmp(opt_string, "wrappedkey_v0")) {
119 dkc->is_hw_wrapped = true;
120 } else {
121 ti->error = "Invalid feature arguments";
122 return -EINVAL;
123 }
124 }
125
126 /* dm-default-key doesn't implement iv_large_sectors=false. */
127 if (dkc->sector_size != SECTOR_SIZE && !iv_large_sectors) {
128 ti->error = "iv_large_sectors must be specified";
129 return -EINVAL;
130 }
131
132 return 0;
133}
134
135/*
136 * Construct a default-key mapping:
137 * <cipher> <key> <iv_offset> <dev_path> <start>
138 *
139 * This syntax matches dm-crypt's, but lots of unneeded functionality has been
140 * removed. Also, dm-default-key requires that the "iv_large_sectors" option be
141 * given whenever a non-default sector size is used.
142 */
143static int default_key_ctr(struct dm_target *ti, unsigned int argc, char **argv)
144{
145 struct default_key_c *dkc;
146 const struct dm_default_key_cipher *cipher;
147 u8 raw_key[DM_DEFAULT_KEY_MAX_WRAPPED_KEY_SIZE];
148 unsigned int raw_key_size;
149 unsigned int dun_bytes;
150 unsigned long long tmpll;
151 char dummy;
152 int err;
153
154 if (argc < 5) {
155 ti->error = "Not enough arguments";
156 return -EINVAL;
157 }
158
159 dkc = kzalloc(sizeof(*dkc), GFP_KERNEL);
160 if (!dkc) {
161 ti->error = "Out of memory";
162 return -ENOMEM;
163 }
164 ti->private = dkc;
165
166 /* <cipher> */
167 dkc->cipher_string = kstrdup(argv[0], GFP_KERNEL);
168 if (!dkc->cipher_string) {
169 ti->error = "Out of memory";
170 err = -ENOMEM;
171 goto bad;
172 }
173 cipher = lookup_cipher(dkc->cipher_string);
174 if (!cipher) {
175 ti->error = "Unsupported cipher";
176 err = -EINVAL;
177 goto bad;
178 }
179
180 /* <key> */
181 raw_key_size = strlen(argv[1]);
182 if (raw_key_size > 2 * DM_DEFAULT_KEY_MAX_WRAPPED_KEY_SIZE ||
183 raw_key_size % 2) {
184 ti->error = "Invalid keysize";
185 err = -EINVAL;
186 goto bad;
187 }
188 raw_key_size /= 2;
189 if (hex2bin(raw_key, argv[1], raw_key_size) != 0) {
190 ti->error = "Malformed key string";
191 err = -EINVAL;
192 goto bad;
193 }
194
195 /* <iv_offset> */
196 if (sscanf(argv[2], "%llu%c", &dkc->iv_offset, &dummy) != 1) {
197 ti->error = "Invalid iv_offset sector";
198 err = -EINVAL;
199 goto bad;
200 }
201
202 /* <dev_path> */
203 err = dm_get_device(ti, argv[3], dm_table_get_mode(ti->table),
204 &dkc->dev);
205 if (err) {
206 ti->error = "Device lookup failed";
207 goto bad;
208 }
209
210 /* <start> */
211 if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1 ||
212 tmpll != (sector_t)tmpll) {
213 ti->error = "Invalid start sector";
214 err = -EINVAL;
215 goto bad;
216 }
217 dkc->start = tmpll;
218
219 /* optional arguments */
220 dkc->sector_size = SECTOR_SIZE;
221 if (argc > 5) {
222 err = default_key_ctr_optional(ti, argc - 5, &argv[5]);
223 if (err)
224 goto bad;
225 }
226 dkc->sector_bits = ilog2(dkc->sector_size);
227 if (ti->len & ((dkc->sector_size >> SECTOR_SHIFT) - 1)) {
228 ti->error = "Device size is not a multiple of sector_size";
229 err = -EINVAL;
230 goto bad;
231 }
232
233 dkc->max_dun = (dkc->iv_offset + ti->len - 1) >>
234 (dkc->sector_bits - SECTOR_SHIFT);
235 dun_bytes = DIV_ROUND_UP(fls64(dkc->max_dun), 8);
236
237 err = blk_crypto_init_key(&dkc->key, raw_key, raw_key_size,
238 dkc->is_hw_wrapped, cipher->mode_num,
239 dun_bytes, dkc->sector_size);
240 if (err) {
241 ti->error = "Error initializing blk-crypto key";
242 goto bad;
243 }
244
245 err = blk_crypto_start_using_key(&dkc->key,
246 bdev_get_queue(dkc->dev->bdev));
247 if (err) {
248 ti->error = "Error starting to use blk-crypto";
249 goto bad;
250 }
251
252 ti->num_flush_bios = 1;
253
254 err = 0;
255 goto out;
256
257bad:
258 default_key_dtr(ti);
259out:
260 memzero_explicit(raw_key, sizeof(raw_key));
261 return err;
262}
263
264static int default_key_map(struct dm_target *ti, struct bio *bio)
265{
266 const struct default_key_c *dkc = ti->private;
267 sector_t sector_in_target;
268 u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE] = { 0 };
269
270 bio_set_dev(bio, dkc->dev->bdev);
271
272 /*
273 * If the bio is a device-level request which doesn't target a specific
274 * sector, there's nothing more to do.
275 */
276 if (bio_sectors(bio) == 0)
277 return DM_MAPIO_REMAPPED;
278
279 /* Map the bio's sector to the underlying device. (512-byte sectors) */
280 sector_in_target = dm_target_offset(ti, bio->bi_iter.bi_sector);
281 bio->bi_iter.bi_sector = dkc->start + sector_in_target;
282
283 /*
284 * If the bio should skip dm-default-key (i.e. if it's for an encrypted
285 * file's contents), or if it doesn't have any data (e.g. if it's a
286 * DISCARD request), there's nothing more to do.
287 */
288 if (bio_should_skip_dm_default_key(bio) || !bio_has_data(bio))
289 return DM_MAPIO_REMAPPED;
290
291 /*
292 * Else, dm-default-key needs to set this bio's encryption context.
293 * It must not already have one.
294 */
295 if (WARN_ON_ONCE(bio_has_crypt_ctx(bio)))
296 return DM_MAPIO_KILL;
297
298 /* Calculate the DUN and enforce data-unit (crypto sector) alignment. */
299 dun[0] = dkc->iv_offset + sector_in_target; /* 512-byte sectors */
300 if (dun[0] & ((dkc->sector_size >> SECTOR_SHIFT) - 1))
301 return DM_MAPIO_KILL;
302 dun[0] >>= dkc->sector_bits - SECTOR_SHIFT; /* crypto sectors */
303
304 /*
305 * This check isn't necessary as we should have calculated max_dun
306 * correctly, but be safe.
307 */
308 if (WARN_ON_ONCE(dun[0] > dkc->max_dun))
309 return DM_MAPIO_KILL;
310
311 bio_crypt_set_ctx(bio, &dkc->key, dun, GFP_NOIO);
312
313 return DM_MAPIO_REMAPPED;
314}
315
316static void default_key_status(struct dm_target *ti, status_type_t type,
317 unsigned int status_flags, char *result,
318 unsigned int maxlen)
319{
320 const struct default_key_c *dkc = ti->private;
321 unsigned int sz = 0;
322 int num_feature_args = 0;
323
324 switch (type) {
325 case STATUSTYPE_INFO:
326 result[0] = '\0';
327 break;
328
329 case STATUSTYPE_TABLE:
330 /* Omit the key for now. */
331 DMEMIT("%s - %llu %s %llu", dkc->cipher_string, dkc->iv_offset,
332 dkc->dev->name, (unsigned long long)dkc->start);
333
334 num_feature_args += !!ti->num_discard_bios;
335 if (dkc->sector_size != SECTOR_SIZE)
336 num_feature_args += 2;
337 if (dkc->is_hw_wrapped)
338 num_feature_args += 1;
339 if (num_feature_args != 0) {
340 DMEMIT(" %d", num_feature_args);
341 if (ti->num_discard_bios)
342 DMEMIT(" allow_discards");
343 if (dkc->sector_size != SECTOR_SIZE) {
344 DMEMIT(" sector_size:%u", dkc->sector_size);
345 DMEMIT(" iv_large_sectors");
346 }
347 if (dkc->is_hw_wrapped)
348 DMEMIT(" wrappedkey_v0");
349 }
350 break;
351 }
352}
353
354static int default_key_prepare_ioctl(struct dm_target *ti,
355 struct block_device **bdev)
356{
357 const struct default_key_c *dkc = ti->private;
358 const struct dm_dev *dev = dkc->dev;
359
360 *bdev = dev->bdev;
361
362 /* Only pass ioctls through if the device sizes match exactly. */
363 if (dkc->start != 0 ||
364 ti->len != i_size_read(dev->bdev->bd_inode) >> SECTOR_SHIFT)
365 return 1;
366 return 0;
367}
368
369static int default_key_iterate_devices(struct dm_target *ti,
370 iterate_devices_callout_fn fn,
371 void *data)
372{
373 const struct default_key_c *dkc = ti->private;
374
375 return fn(ti, dkc->dev, dkc->start, ti->len, data);
376}
377
378static void default_key_io_hints(struct dm_target *ti,
379 struct queue_limits *limits)
380{
381 const struct default_key_c *dkc = ti->private;
382 const unsigned int sector_size = dkc->sector_size;
383
384 limits->logical_block_size =
385 max_t(unsigned int, limits->logical_block_size, sector_size);
386 limits->physical_block_size =
387 max_t(unsigned int, limits->physical_block_size, sector_size);
388 limits->io_min = max_t(unsigned int, limits->io_min, sector_size);
389}
390
391static struct target_type default_key_target = {
392 .name = "default-key",
393 .version = {2, 1, 0},
394 .features = DM_TARGET_PASSES_CRYPTO,
395 .module = THIS_MODULE,
396 .ctr = default_key_ctr,
397 .dtr = default_key_dtr,
398 .map = default_key_map,
399 .status = default_key_status,
400 .prepare_ioctl = default_key_prepare_ioctl,
401 .iterate_devices = default_key_iterate_devices,
402 .io_hints = default_key_io_hints,
403};
404
405static int __init dm_default_key_init(void)
406{
407 return dm_register_target(&default_key_target);
408}
409
410static void __exit dm_default_key_exit(void)
411{
412 dm_unregister_target(&default_key_target);
413}
414
415module_init(dm_default_key_init);
416module_exit(dm_default_key_exit);
417
418MODULE_AUTHOR("Paul Lawrence <paullawrence@google.com>");
419MODULE_AUTHOR("Paul Crowley <paulcrowley@google.com>");
420MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
421MODULE_DESCRIPTION(DM_NAME " target for encrypting filesystem metadata");
422MODULE_LICENSE("GPL");