diff --git a/include/keys/ceph-type.h b/include/keys/ceph-type.h new file mode 100644 index 0000000000000000000000000000000000000000..f69c4ac197a0bd53952d8e6b0f89353f7b8effbe --- /dev/null +++ b/include/keys/ceph-type.h @@ -0,0 +1,8 @@ +#ifndef _KEYS_CEPH_TYPE_H +#define _KEYS_CEPH_TYPE_H + +#include + +extern struct key_type key_type_ceph; + +#endif diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index c92bc8d505972ce368c49e8d5eab87d860752bbb..132963abc266282db76a7268f96257fec2d76627 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c @@ -6,7 +6,7 @@ #include #include #include -#include +#include #include #include #include @@ -241,10 +241,9 @@ static int get_secret(struct ceph_crypto_key *dst, const char *name) { struct key *ukey; int key_err; int err = 0; - struct user_key_payload *payload; - void *p; + struct ceph_crypto_key *ckey; - ukey = request_key(&key_type_user, name, NULL); + ukey = request_key(&key_type_ceph, name, NULL); if (!ukey || IS_ERR(ukey)) { /* request_key errors don't map nicely to mount(2) errors; don't even try, but still printk */ @@ -267,9 +266,8 @@ static int get_secret(struct ceph_crypto_key *dst, const char *name) { goto out; } - payload = ukey->payload.data; - p = payload->data; - err = ceph_crypto_key_decode(dst, &p, p + payload->datalen); + ckey = ukey->payload.data; + err = ceph_crypto_key_clone(dst, ckey); if (err) goto out_key; /* pass through, err is 0 */ @@ -583,10 +581,14 @@ static int __init init_ceph_lib(void) if (ret < 0) goto out; - ret = ceph_msgr_init(); + ret = ceph_crypto_init(); if (ret < 0) goto out_debugfs; + ret = ceph_msgr_init(); + if (ret < 0) + goto out_crypto; + pr_info("loaded (mon/osd proto %d/%d, osdmap %d/%d %d/%d)\n", CEPH_MONC_PROTOCOL, CEPH_OSDC_PROTOCOL, CEPH_OSDMAP_VERSION, CEPH_OSDMAP_VERSION_EXT, @@ -594,6 +596,8 @@ static int __init init_ceph_lib(void) return 0; +out_crypto: + ceph_crypto_shutdown(); out_debugfs: ceph_debugfs_cleanup(); out: @@ -604,6 +608,7 @@ static void __exit exit_ceph_lib(void) { dout("exit_ceph_lib\n"); ceph_msgr_exit(); + ceph_crypto_shutdown(); ceph_debugfs_cleanup(); } diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 75f0893fa11fcf999d6ec9efec8e90b8dc08e04e..5a8009c9e0cdfd4cc4b81f5324eadc34f909eb6b 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -5,7 +5,9 @@ #include #include #include +#include +#include #include #include "crypto.h" @@ -421,3 +423,63 @@ int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, return -EINVAL; } } + +int ceph_key_instantiate(struct key *key, const void *data, size_t datalen) +{ + struct ceph_crypto_key *ckey; + int ret; + void *p; + + ret = -EINVAL; + if (datalen <= 0 || datalen > 32767 || !data) + goto err; + + ret = key_payload_reserve(key, datalen); + if (ret < 0) + goto err; + + ret = -ENOMEM; + ckey = kmalloc(sizeof(*ckey), GFP_KERNEL); + if (!ckey) + goto err; + + /* TODO ceph_crypto_key_decode should really take const input */ + p = (void*)data; + ret = ceph_crypto_key_decode(ckey, &p, (char*)data+datalen); + if (ret < 0) + goto err_ckey; + + key->payload.data = ckey; + return 0; + +err_ckey: + kfree(ckey); +err: + return ret; +} + +int ceph_key_match(const struct key *key, const void *description) +{ + return strcmp(key->description, description) == 0; +} + +void ceph_key_destroy(struct key *key) { + struct ceph_crypto_key *ckey = key->payload.data; + + ceph_crypto_key_destroy(ckey); +} + +struct key_type key_type_ceph = { + .name = "ceph", + .instantiate = ceph_key_instantiate, + .match = ceph_key_match, + .destroy = ceph_key_destroy, +}; + +int ceph_crypto_init(void) { + return register_key_type(&key_type_ceph); +} + +void ceph_crypto_shutdown(void) { + unregister_key_type(&key_type_ceph); +} diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h index 6cf6edc91ec4ed35a5b3ef11ec6c9afaf6f4ba90..1919d1550d75ad8793f9b84f8fa63a46b900c4d4 100644 --- a/net/ceph/crypto.h +++ b/net/ceph/crypto.h @@ -42,6 +42,8 @@ extern int ceph_encrypt2(struct ceph_crypto_key *secret, void *dst, size_t *dst_len, const void *src1, size_t src1_len, const void *src2, size_t src2_len); +extern int ceph_crypto_init(void); +extern void ceph_crypto_shutdown(void); /* armor.c */ extern int ceph_armor(char *dst, const char *src, const char *end);