dm crypt: support using encrypted keys

config DM_CRYPT

	tristate "Crypt target support"

	depends on BLK_DEV_DM

	depends on (ENCRYPTED_KEYS || ENCRYPTED_KEYS=n)

	select CRYPTO

	select CRYPTO_CBC

	select CRYPTO_ESSIV

#include <crypto/aead.h>

#include <crypto/authenc.h>

#include <linux/rtnetlink.h> /* for struct rtattr and RTA macros only */

#include <linux/key-type.h>

#include <keys/user-type.h>

#include <keys/encrypted-type.h>

#include <linux/device-mapper.h>

	return false;

}

static int set_key_user(struct crypt_config *cc, struct key *key)

{

	const struct user_key_payload *ukp;

	ukp = user_key_payload_locked(key);

	if (!ukp)

		return -EKEYREVOKED;

	if (cc->key_size != ukp->datalen)

		return -EINVAL;

	memcpy(cc->key, ukp->data, cc->key_size);

	return 0;

}

#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)

static int set_key_encrypted(struct crypt_config *cc, struct key *key)

{

	const struct encrypted_key_payload *ekp;

	ekp = key->payload.data[0];

	if (!ekp)

		return -EKEYREVOKED;

	if (cc->key_size != ekp->decrypted_datalen)

		return -EINVAL;

	memcpy(cc->key, ekp->decrypted_data, cc->key_size);

	return 0;

}

#endif /* CONFIG_ENCRYPTED_KEYS */

static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)

{

	char *new_key_string, *key_desc;

	int ret;

	struct key_type *type;

	struct key *key;

	const struct user_key_payload *ukp;

	int (*set_key)(struct crypt_config *cc, struct key *key);

	/*

	 * Reject key_string with whitespace. dm core currently lacks code for

	if (!key_desc || key_desc == key_string || !strlen(key_desc + 1))

		return -EINVAL;

	if (strncmp(key_string, "logon:", key_desc - key_string + 1) &&

	    strncmp(key_string, "user:", key_desc - key_string + 1))

	if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) {

		type = &key_type_logon;

		set_key = set_key_user;

	} else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) {

		type = &key_type_user;

		set_key = set_key_user;

#if defined(CONFIG_ENCRYPTED_KEYS) || defined(CONFIG_ENCRYPTED_KEYS_MODULE)

	} else if (!strncmp(key_string, "encrypted:", key_desc - key_string + 1)) {

		type = &key_type_encrypted;

		set_key = set_key_encrypted;

#endif

	} else {

		return -EINVAL;

	}

	new_key_string = kstrdup(key_string, GFP_KERNEL);

	if (!new_key_string)

		return -ENOMEM;

	key = request_key(key_string[0] == 'l' ? &key_type_logon : &key_type_user,

			  key_desc + 1, NULL);

	key = request_key(type, key_desc + 1, NULL);

	if (IS_ERR(key)) {

		kzfree(new_key_string);

		return PTR_ERR(key);

	down_read(&key->sem);

	ukp = user_key_payload_locked(key);

	if (!ukp) {

		up_read(&key->sem);

		key_put(key);

		kzfree(new_key_string);

		return -EKEYREVOKED;

	}

	if (cc->key_size != ukp->datalen) {

	ret = set_key(cc, key);

	if (ret < 0) {

		up_read(&key->sem);

		key_put(key);

		kzfree(new_key_string);

		return -EINVAL;

		return ret;

	}

	memcpy(cc->key, ukp->data, cc->key_size);

	up_read(&key->sem);

	key_put(key);

	return (*key_string[0] == ':') ? -EINVAL : strlen(*key_string) >> 1;

}

#endif

#endif /* CONFIG_KEYS */

static int crypt_set_key(struct crypt_config *cc, char *key)

{

static struct target_type crypt_target = {

	.name   = "crypt",

	.version = {1, 20, 0},

	.version = {1, 21, 0},

	.module = THIS_MODULE,

	.ctr    = crypt_ctr,

	.dtr    = crypt_dtr,