1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 2017 Google, Inc.
4 */
5
6 #include <linux/blk-crypto.h>
7 #include <linux/device-mapper.h>
8 #include <linux/module.h>
9
10 #define DM_MSG_PREFIX "default-key"
11
12 static const struct dm_default_key_cipher {
13 const char *name;
14 enum blk_crypto_mode_num mode_num;
15 int key_size;
16 } dm_default_key_ciphers[] = {
17 {
18 .name = "aes-xts-plain64",
19 .mode_num = BLK_ENCRYPTION_MODE_AES_256_XTS,
20 .key_size = 64,
21 }, {
22 .name = "xchacha12,aes-adiantum-plain64",
23 .mode_num = BLK_ENCRYPTION_MODE_ADIANTUM,
24 .key_size = 32,
25 },
26 };
27
28 /**
29 * struct dm_default_c - private data of a default-key target
30 * @dev: the underlying device
31 * @start: starting sector of the range of @dev which this target actually maps.
32 * For this purpose a "sector" is 512 bytes.
33 * @cipher_string: the name of the encryption algorithm being used
34 * @iv_offset: starting offset for IVs. IVs are generated as if the target were
35 * preceded by @iv_offset 512-byte sectors.
36 * @sector_size: crypto sector size in bytes (usually 4096)
37 * @sector_bits: log2(sector_size)
38 * @key: the encryption key to use
39 * @max_dun: the maximum DUN that may be used (computed from other params)
40 */
41 struct default_key_c {
42 struct dm_dev *dev;
43 sector_t start;
44 const char *cipher_string;
45 u64 iv_offset;
46 unsigned int sector_size;
47 unsigned int sector_bits;
48 struct blk_crypto_key key;
49 enum blk_crypto_key_type key_type;
50 u64 max_dun;
51 };
52
53 static const struct dm_default_key_cipher *
lookup_cipher(const char * cipher_string)54 lookup_cipher(const char *cipher_string)
55 {
56 int i;
57
58 for (i = 0; i < ARRAY_SIZE(dm_default_key_ciphers); i++) {
59 if (strcmp(cipher_string, dm_default_key_ciphers[i].name) == 0)
60 return &dm_default_key_ciphers[i];
61 }
62 return NULL;
63 }
64
default_key_dtr(struct dm_target * ti)65 static void default_key_dtr(struct dm_target *ti)
66 {
67 struct default_key_c *dkc = ti->private;
68 struct blk_crypto_key *blk_key = &dkc->key;
69
70 if (dkc->dev) {
71 if (blk_key->size > 0)
72 blk_crypto_evict_key(dkc->dev->bdev, blk_key);
73 dm_put_device(ti, dkc->dev);
74 }
75 kfree_sensitive(dkc->cipher_string);
76 kfree_sensitive(dkc);
77 }
78
default_key_ctr_optional(struct dm_target * ti,unsigned int argc,char ** argv)79 static int default_key_ctr_optional(struct dm_target *ti,
80 unsigned int argc, char **argv)
81 {
82 struct default_key_c *dkc = ti->private;
83 struct dm_arg_set as;
84 static const struct dm_arg _args[] = {
85 {0, 4, "Invalid number of feature args"},
86 };
87 unsigned int opt_params;
88 const char *opt_string;
89 bool iv_large_sectors = false;
90 char dummy;
91 int err;
92
93 as.argc = argc;
94 as.argv = argv;
95
96 err = dm_read_arg_group(_args, &as, &opt_params, &ti->error);
97 if (err)
98 return err;
99
100 while (opt_params--) {
101 opt_string = dm_shift_arg(&as);
102 if (!opt_string) {
103 ti->error = "Not enough feature arguments";
104 return -EINVAL;
105 }
106 if (!strcmp(opt_string, "allow_discards")) {
107 ti->num_discard_bios = 1;
108 } else if (sscanf(opt_string, "sector_size:%u%c",
109 &dkc->sector_size, &dummy) == 1) {
110 if (dkc->sector_size < SECTOR_SIZE ||
111 dkc->sector_size > 4096 ||
112 !is_power_of_2(dkc->sector_size)) {
113 ti->error = "Invalid sector_size";
114 return -EINVAL;
115 }
116 } else if (!strcmp(opt_string, "iv_large_sectors")) {
117 iv_large_sectors = true;
118 } else if (!strcmp(opt_string, "wrappedkey_v0")) {
119 dkc->key_type = BLK_CRYPTO_KEY_TYPE_HW_WRAPPED;
120 } else {
121 ti->error = "Invalid feature arguments";
122 return -EINVAL;
123 }
124 }
125
126 /* dm-default-key doesn't implement iv_large_sectors=false. */
127 if (dkc->sector_size != SECTOR_SIZE && !iv_large_sectors) {
128 ti->error = "iv_large_sectors must be specified";
129 return -EINVAL;
130 }
131
132 return 0;
133 }
134
135 /*
136 * Construct a default-key mapping:
137 * <cipher> <key> <iv_offset> <dev_path> <start>
138 *
139 * This syntax matches dm-crypt's, but lots of unneeded functionality has been
140 * removed. Also, dm-default-key requires that the "iv_large_sectors" option be
141 * given whenever a non-default sector size is used.
142 */
default_key_ctr(struct dm_target * ti,unsigned int argc,char ** argv)143 static int default_key_ctr(struct dm_target *ti, unsigned int argc, char **argv)
144 {
145 struct default_key_c *dkc;
146 const struct dm_default_key_cipher *cipher;
147 u8 raw_key[BLK_CRYPTO_MAX_ANY_KEY_SIZE];
148 unsigned int raw_key_size;
149 unsigned int dun_bytes;
150 unsigned long long tmpll;
151 char dummy;
152 int err;
153
154 if (argc < 5) {
155 ti->error = "Not enough arguments";
156 return -EINVAL;
157 }
158
159 dkc = kzalloc(sizeof(*dkc), GFP_KERNEL);
160 if (!dkc) {
161 ti->error = "Out of memory";
162 return -ENOMEM;
163 }
164 ti->private = dkc;
165 dkc->key_type = BLK_CRYPTO_KEY_TYPE_STANDARD;
166
167 /* <cipher> */
168 dkc->cipher_string = kstrdup(argv[0], GFP_KERNEL);
169 if (!dkc->cipher_string) {
170 ti->error = "Out of memory";
171 err = -ENOMEM;
172 goto bad;
173 }
174 cipher = lookup_cipher(dkc->cipher_string);
175 if (!cipher) {
176 ti->error = "Unsupported cipher";
177 err = -EINVAL;
178 goto bad;
179 }
180
181 /* <key> */
182 raw_key_size = strlen(argv[1]);
183 if (raw_key_size > 2 * BLK_CRYPTO_MAX_ANY_KEY_SIZE ||
184 raw_key_size % 2) {
185 ti->error = "Invalid keysize";
186 err = -EINVAL;
187 goto bad;
188 }
189 raw_key_size /= 2;
190 if (hex2bin(raw_key, argv[1], raw_key_size) != 0) {
191 ti->error = "Malformed key string";
192 err = -EINVAL;
193 goto bad;
194 }
195
196 /* <iv_offset> */
197 if (sscanf(argv[2], "%llu%c", &dkc->iv_offset, &dummy) != 1) {
198 ti->error = "Invalid iv_offset sector";
199 err = -EINVAL;
200 goto bad;
201 }
202
203 /* <dev_path> */
204 err = dm_get_device(ti, argv[3], dm_table_get_mode(ti->table),
205 &dkc->dev);
206 if (err) {
207 ti->error = "Device lookup failed";
208 goto bad;
209 }
210
211 /* <start> */
212 if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1 ||
213 tmpll != (sector_t)tmpll) {
214 ti->error = "Invalid start sector";
215 err = -EINVAL;
216 goto bad;
217 }
218 dkc->start = tmpll;
219
220 if (bdev_is_zoned(dkc->dev->bdev)) {
221 /*
222 * All zone append writes to a zone of a zoned block device will
223 * have the same BIO sector, the start of the zone. When the
224 * cypher IV mode uses sector values, all data targeting a
225 * zone will be encrypted using the first sector numbers of the
226 * zone. This will not result in write errors but will
227 * cause most reads to fail as reads will use the sector values
228 * for the actual data locations, resulting in IV mismatch.
229 * To avoid this problem, ask DM core to emulate zone append
230 * operations with regular writes.
231 */
232 DMDEBUG("Zone append operations will be emulated");
233 ti->emulate_zone_append = true;
234 }
235
236 /* optional arguments */
237 dkc->sector_size = SECTOR_SIZE;
238 if (argc > 5) {
239 err = default_key_ctr_optional(ti, argc - 5, &argv[5]);
240 if (err)
241 goto bad;
242 }
243 dkc->sector_bits = ilog2(dkc->sector_size);
244 if (ti->len & ((dkc->sector_size >> SECTOR_SHIFT) - 1)) {
245 ti->error = "Device size is not a multiple of sector_size";
246 err = -EINVAL;
247 goto bad;
248 }
249
250 dkc->max_dun = (dkc->iv_offset + ti->len - 1) >>
251 (dkc->sector_bits - SECTOR_SHIFT);
252 dun_bytes = DIV_ROUND_UP(fls64(dkc->max_dun), 8);
253
254 err = blk_crypto_init_key(&dkc->key, raw_key, raw_key_size,
255 dkc->key_type, cipher->mode_num,
256 dun_bytes, dkc->sector_size);
257 if (err) {
258 ti->error = "Error initializing blk-crypto key";
259 goto bad;
260 }
261
262 err = blk_crypto_start_using_key(dkc->dev->bdev, &dkc->key);
263 if (err) {
264 ti->error = "Error starting to use blk-crypto";
265 goto bad;
266 }
267
268 ti->num_flush_bios = 1;
269
270 err = 0;
271 goto out;
272
273 bad:
274 default_key_dtr(ti);
275 out:
276 memzero_explicit(raw_key, sizeof(raw_key));
277 return err;
278 }
279
default_key_map(struct dm_target * ti,struct bio * bio)280 static int default_key_map(struct dm_target *ti, struct bio *bio)
281 {
282 const struct default_key_c *dkc = ti->private;
283 sector_t sector_in_target;
284 u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE] = { 0 };
285
286 bio_set_dev(bio, dkc->dev->bdev);
287
288 /*
289 * If the bio is a device-level request which doesn't target a specific
290 * sector, there's nothing more to do.
291 */
292 if (bio_sectors(bio) == 0)
293 return DM_MAPIO_REMAPPED;
294
295 /* Map the bio's sector to the underlying device. (512-byte sectors) */
296 sector_in_target = dm_target_offset(ti, bio->bi_iter.bi_sector);
297 bio->bi_iter.bi_sector = dkc->start + sector_in_target;
298
299 /*
300 * If the bio should skip dm-default-key (i.e. if it's for an encrypted
301 * file's contents), or if it doesn't have any data (e.g. if it's a
302 * DISCARD request), there's nothing more to do.
303 */
304 if (bio_should_skip_dm_default_key(bio) || !bio_has_data(bio))
305 return DM_MAPIO_REMAPPED;
306
307 /*
308 * Else, dm-default-key needs to set this bio's encryption context.
309 * It must not already have one.
310 */
311 if (WARN_ON_ONCE(bio_has_crypt_ctx(bio)))
312 return DM_MAPIO_KILL;
313
314 /* Calculate the DUN and enforce data-unit (crypto sector) alignment. */
315 dun[0] = dkc->iv_offset + sector_in_target; /* 512-byte sectors */
316 if (dun[0] & ((dkc->sector_size >> SECTOR_SHIFT) - 1))
317 return DM_MAPIO_KILL;
318 dun[0] >>= dkc->sector_bits - SECTOR_SHIFT; /* crypto sectors */
319
320 /*
321 * This check isn't necessary as we should have calculated max_dun
322 * correctly, but be safe.
323 */
324 if (WARN_ON_ONCE(dun[0] > dkc->max_dun))
325 return DM_MAPIO_KILL;
326
327 bio_crypt_set_ctx(bio, &dkc->key, dun, GFP_NOIO);
328
329 return DM_MAPIO_REMAPPED;
330 }
331
default_key_status(struct dm_target * ti,status_type_t type,unsigned int status_flags,char * result,unsigned int maxlen)332 static void default_key_status(struct dm_target *ti, status_type_t type,
333 unsigned int status_flags, char *result,
334 unsigned int maxlen)
335 {
336 const struct default_key_c *dkc = ti->private;
337 unsigned int sz = 0;
338 int num_feature_args = 0;
339
340 switch (type) {
341 case STATUSTYPE_INFO:
342 case STATUSTYPE_IMA:
343 result[0] = '\0';
344 break;
345
346 case STATUSTYPE_TABLE:
347 /* Omit the key for now. */
348 DMEMIT("%s - %llu %s %llu", dkc->cipher_string, dkc->iv_offset,
349 dkc->dev->name, (unsigned long long)dkc->start);
350
351 num_feature_args += !!ti->num_discard_bios;
352 if (dkc->sector_size != SECTOR_SIZE)
353 num_feature_args += 2;
354 if (dkc->key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED)
355 num_feature_args += 1;
356 if (num_feature_args != 0) {
357 DMEMIT(" %d", num_feature_args);
358 if (ti->num_discard_bios)
359 DMEMIT(" allow_discards");
360 if (dkc->sector_size != SECTOR_SIZE) {
361 DMEMIT(" sector_size:%u", dkc->sector_size);
362 DMEMIT(" iv_large_sectors");
363 }
364 if (dkc->key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED)
365 DMEMIT(" wrappedkey_v0");
366 }
367 break;
368 }
369 }
370
default_key_prepare_ioctl(struct dm_target * ti,struct block_device ** bdev)371 static int default_key_prepare_ioctl(struct dm_target *ti,
372 struct block_device **bdev)
373 {
374 const struct default_key_c *dkc = ti->private;
375 const struct dm_dev *dev = dkc->dev;
376
377 *bdev = dev->bdev;
378
379 /* Only pass ioctls through if the device sizes match exactly. */
380 if (dkc->start != 0 ||
381 ti->len != bdev_nr_sectors(dev->bdev))
382 return 1;
383 return 0;
384 }
385
default_key_iterate_devices(struct dm_target * ti,iterate_devices_callout_fn fn,void * data)386 static int default_key_iterate_devices(struct dm_target *ti,
387 iterate_devices_callout_fn fn,
388 void *data)
389 {
390 const struct default_key_c *dkc = ti->private;
391
392 return fn(ti, dkc->dev, dkc->start, ti->len, data);
393 }
394
default_key_io_hints(struct dm_target * ti,struct queue_limits * limits)395 static void default_key_io_hints(struct dm_target *ti,
396 struct queue_limits *limits)
397 {
398 const struct default_key_c *dkc = ti->private;
399 const unsigned int sector_size = dkc->sector_size;
400
401 limits->logical_block_size =
402 max_t(unsigned int, limits->logical_block_size, sector_size);
403 limits->physical_block_size =
404 max_t(unsigned int, limits->physical_block_size, sector_size);
405 limits->io_min = max_t(unsigned int, limits->io_min, sector_size);
406 }
407
408 #ifdef CONFIG_BLK_DEV_ZONED
default_key_report_zones(struct dm_target * ti,struct dm_report_zones_args * args,unsigned int nr_zones)409 static int default_key_report_zones(struct dm_target *ti,
410 struct dm_report_zones_args *args, unsigned int nr_zones)
411 {
412 struct default_key_c *dkc = ti->private;
413
414 return dm_report_zones(dkc->dev->bdev, dkc->start,
415 dkc->start + dm_target_offset(ti, args->next_sector),
416 args, nr_zones);
417 }
418 #else
419 #define default_key_report_zones NULL
420 #endif
421
422 static struct target_type default_key_target = {
423 .name = "default-key",
424 .version = {2, 1, 0},
425 .features = DM_TARGET_PASSES_CRYPTO | DM_TARGET_ZONED_HM,
426 .report_zones = default_key_report_zones,
427 .module = THIS_MODULE,
428 .ctr = default_key_ctr,
429 .dtr = default_key_dtr,
430 .map = default_key_map,
431 .status = default_key_status,
432 .prepare_ioctl = default_key_prepare_ioctl,
433 .iterate_devices = default_key_iterate_devices,
434 .io_hints = default_key_io_hints,
435 };
436
dm_default_key_init(void)437 static int __init dm_default_key_init(void)
438 {
439 return dm_register_target(&default_key_target);
440 }
441
dm_default_key_exit(void)442 static void __exit dm_default_key_exit(void)
443 {
444 dm_unregister_target(&default_key_target);
445 }
446
447 module_init(dm_default_key_init);
448 module_exit(dm_default_key_exit);
449
450 MODULE_AUTHOR("Paul Lawrence <paullawrence@google.com>");
451 MODULE_AUTHOR("Paul Crowley <paulcrowley@google.com>");
452 MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
453 MODULE_DESCRIPTION(DM_NAME " target for encrypting filesystem metadata");
454 MODULE_LICENSE("GPL");
455