algif_hash.c 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * algif_hash: User-space interface for hash algorithms
  4. *
  5. * This file provides the user-space API for hash algorithms.
  6. *
  7. * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
  8. */
  9. #include <crypto/hash.h>
  10. #include <crypto/if_alg.h>
  11. #include <linux/init.h>
  12. #include <linux/kernel.h>
  13. #include <linux/mm.h>
  14. #include <linux/module.h>
  15. #include <linux/net.h>
  16. #include <net/sock.h>
  17. struct hash_ctx {
  18. struct af_alg_sgl sgl;
  19. u8 *result;
  20. struct crypto_wait wait;
  21. unsigned int len;
  22. bool more;
  23. struct ahash_request req;
  24. };
  25. static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
  26. {
  27. unsigned ds;
  28. if (ctx->result)
  29. return 0;
  30. ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
  31. ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL);
  32. if (!ctx->result)
  33. return -ENOMEM;
  34. memset(ctx->result, 0, ds);
  35. return 0;
  36. }
  37. static void hash_free_result(struct sock *sk, struct hash_ctx *ctx)
  38. {
  39. unsigned ds;
  40. if (!ctx->result)
  41. return;
  42. ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
  43. sock_kzfree_s(sk, ctx->result, ds);
  44. ctx->result = NULL;
  45. }
  46. static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
  47. size_t ignored)
  48. {
  49. struct sock *sk = sock->sk;
  50. struct alg_sock *ask = alg_sk(sk);
  51. struct hash_ctx *ctx = ask->private;
  52. ssize_t copied = 0;
  53. size_t len, max_pages, npages;
  54. bool continuing, need_init = false;
  55. int err;
  56. max_pages = min_t(size_t, ALG_MAX_PAGES,
  57. DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE));
  58. lock_sock(sk);
  59. continuing = ctx->more;
  60. if (!continuing) {
  61. /* Discard a previous request that wasn't marked MSG_MORE. */
  62. hash_free_result(sk, ctx);
  63. if (!msg_data_left(msg))
  64. goto done; /* Zero-length; don't start new req */
  65. need_init = true;
  66. } else if (!msg_data_left(msg)) {
  67. /*
  68. * No data - finalise the prev req if MSG_MORE so any error
  69. * comes out here.
  70. */
  71. if (!(msg->msg_flags & MSG_MORE)) {
  72. err = hash_alloc_result(sk, ctx);
  73. if (err)
  74. goto unlock_free_result;
  75. ahash_request_set_crypt(&ctx->req, NULL,
  76. ctx->result, 0);
  77. err = crypto_wait_req(crypto_ahash_final(&ctx->req),
  78. &ctx->wait);
  79. if (err)
  80. goto unlock_free_result;
  81. }
  82. goto done_more;
  83. }
  84. while (msg_data_left(msg)) {
  85. ctx->sgl.sgt.sgl = ctx->sgl.sgl;
  86. ctx->sgl.sgt.nents = 0;
  87. ctx->sgl.sgt.orig_nents = 0;
  88. err = -EIO;
  89. npages = iov_iter_npages(&msg->msg_iter, max_pages);
  90. if (npages == 0)
  91. goto unlock_free;
  92. sg_init_table(ctx->sgl.sgl, npages);
  93. ctx->sgl.need_unpin = iov_iter_extract_will_pin(&msg->msg_iter);
  94. err = extract_iter_to_sg(&msg->msg_iter, LONG_MAX,
  95. &ctx->sgl.sgt, npages, 0);
  96. if (err < 0)
  97. goto unlock_free;
  98. len = err;
  99. sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1);
  100. if (!msg_data_left(msg)) {
  101. err = hash_alloc_result(sk, ctx);
  102. if (err)
  103. goto unlock_free;
  104. }
  105. ahash_request_set_crypt(&ctx->req, ctx->sgl.sgt.sgl,
  106. ctx->result, len);
  107. if (!msg_data_left(msg) && !continuing &&
  108. !(msg->msg_flags & MSG_MORE)) {
  109. err = crypto_ahash_digest(&ctx->req);
  110. } else {
  111. if (need_init) {
  112. err = crypto_wait_req(
  113. crypto_ahash_init(&ctx->req),
  114. &ctx->wait);
  115. if (err)
  116. goto unlock_free;
  117. need_init = false;
  118. }
  119. if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE))
  120. err = crypto_ahash_update(&ctx->req);
  121. else
  122. err = crypto_ahash_finup(&ctx->req);
  123. continuing = true;
  124. }
  125. err = crypto_wait_req(err, &ctx->wait);
  126. if (err)
  127. goto unlock_free;
  128. copied += len;
  129. af_alg_free_sg(&ctx->sgl);
  130. }
  131. done_more:
  132. ctx->more = msg->msg_flags & MSG_MORE;
  133. done:
  134. err = 0;
  135. unlock:
  136. release_sock(sk);
  137. return copied ?: err;
  138. unlock_free:
  139. af_alg_free_sg(&ctx->sgl);
  140. unlock_free_result:
  141. hash_free_result(sk, ctx);
  142. ctx->more = false;
  143. goto unlock;
  144. }
  145. static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
  146. int flags)
  147. {
  148. struct sock *sk = sock->sk;
  149. struct alg_sock *ask = alg_sk(sk);
  150. struct hash_ctx *ctx = ask->private;
  151. unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
  152. bool result;
  153. int err;
  154. if (len > ds)
  155. len = ds;
  156. else if (len < ds)
  157. msg->msg_flags |= MSG_TRUNC;
  158. lock_sock(sk);
  159. result = ctx->result;
  160. err = hash_alloc_result(sk, ctx);
  161. if (err)
  162. goto unlock;
  163. ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
  164. if (!result && !ctx->more) {
  165. err = crypto_wait_req(crypto_ahash_init(&ctx->req),
  166. &ctx->wait);
  167. if (err)
  168. goto unlock;
  169. }
  170. if (!result || ctx->more) {
  171. ctx->more = false;
  172. err = crypto_wait_req(crypto_ahash_final(&ctx->req),
  173. &ctx->wait);
  174. if (err)
  175. goto unlock;
  176. }
  177. err = memcpy_to_msg(msg, ctx->result, len);
  178. unlock:
  179. hash_free_result(sk, ctx);
  180. release_sock(sk);
  181. return err ?: len;
  182. }
  183. static int hash_accept(struct socket *sock, struct socket *newsock,
  184. struct proto_accept_arg *arg)
  185. {
  186. struct sock *sk = sock->sk;
  187. struct alg_sock *ask = alg_sk(sk);
  188. struct hash_ctx *ctx = ask->private;
  189. struct ahash_request *req = &ctx->req;
  190. struct crypto_ahash *tfm;
  191. struct sock *sk2;
  192. struct alg_sock *ask2;
  193. struct hash_ctx *ctx2;
  194. char *state;
  195. bool more;
  196. int err;
  197. tfm = crypto_ahash_reqtfm(req);
  198. state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL);
  199. err = -ENOMEM;
  200. if (!state)
  201. goto out;
  202. lock_sock(sk);
  203. more = ctx->more;
  204. err = more ? crypto_ahash_export(req, state) : 0;
  205. release_sock(sk);
  206. if (err)
  207. goto out_free_state;
  208. err = af_alg_accept(ask->parent, newsock, arg);
  209. if (err)
  210. goto out_free_state;
  211. sk2 = newsock->sk;
  212. ask2 = alg_sk(sk2);
  213. ctx2 = ask2->private;
  214. ctx2->more = more;
  215. if (!more)
  216. goto out_free_state;
  217. err = crypto_ahash_import(&ctx2->req, state);
  218. out_free_state:
  219. kfree_sensitive(state);
  220. out:
  221. return err;
  222. }
  223. static struct proto_ops algif_hash_ops = {
  224. .family = PF_ALG,
  225. .connect = sock_no_connect,
  226. .socketpair = sock_no_socketpair,
  227. .getname = sock_no_getname,
  228. .ioctl = sock_no_ioctl,
  229. .listen = sock_no_listen,
  230. .shutdown = sock_no_shutdown,
  231. .mmap = sock_no_mmap,
  232. .bind = sock_no_bind,
  233. .release = af_alg_release,
  234. .sendmsg = hash_sendmsg,
  235. .recvmsg = hash_recvmsg,
  236. .accept = hash_accept,
  237. };
  238. static int hash_check_key(struct socket *sock)
  239. {
  240. int err = 0;
  241. struct sock *psk;
  242. struct alg_sock *pask;
  243. struct crypto_ahash *tfm;
  244. struct sock *sk = sock->sk;
  245. struct alg_sock *ask = alg_sk(sk);
  246. lock_sock(sk);
  247. if (!atomic_read(&ask->nokey_refcnt))
  248. goto unlock_child;
  249. psk = ask->parent;
  250. pask = alg_sk(ask->parent);
  251. tfm = pask->private;
  252. err = -ENOKEY;
  253. lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
  254. if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  255. goto unlock;
  256. atomic_dec(&pask->nokey_refcnt);
  257. atomic_set(&ask->nokey_refcnt, 0);
  258. err = 0;
  259. unlock:
  260. release_sock(psk);
  261. unlock_child:
  262. release_sock(sk);
  263. return err;
  264. }
  265. static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
  266. size_t size)
  267. {
  268. int err;
  269. err = hash_check_key(sock);
  270. if (err)
  271. return err;
  272. return hash_sendmsg(sock, msg, size);
  273. }
  274. static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
  275. size_t ignored, int flags)
  276. {
  277. int err;
  278. err = hash_check_key(sock);
  279. if (err)
  280. return err;
  281. return hash_recvmsg(sock, msg, ignored, flags);
  282. }
  283. static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
  284. struct proto_accept_arg *arg)
  285. {
  286. int err;
  287. err = hash_check_key(sock);
  288. if (err)
  289. return err;
  290. return hash_accept(sock, newsock, arg);
  291. }
  292. static struct proto_ops algif_hash_ops_nokey = {
  293. .family = PF_ALG,
  294. .connect = sock_no_connect,
  295. .socketpair = sock_no_socketpair,
  296. .getname = sock_no_getname,
  297. .ioctl = sock_no_ioctl,
  298. .listen = sock_no_listen,
  299. .shutdown = sock_no_shutdown,
  300. .mmap = sock_no_mmap,
  301. .bind = sock_no_bind,
  302. .release = af_alg_release,
  303. .sendmsg = hash_sendmsg_nokey,
  304. .recvmsg = hash_recvmsg_nokey,
  305. .accept = hash_accept_nokey,
  306. };
  307. static void *hash_bind(const char *name, u32 type, u32 mask)
  308. {
  309. return crypto_alloc_ahash(name, type, mask);
  310. }
  311. static void hash_release(void *private)
  312. {
  313. crypto_free_ahash(private);
  314. }
  315. static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
  316. {
  317. return crypto_ahash_setkey(private, key, keylen);
  318. }
  319. static void hash_sock_destruct(struct sock *sk)
  320. {
  321. struct alg_sock *ask = alg_sk(sk);
  322. struct hash_ctx *ctx = ask->private;
  323. hash_free_result(sk, ctx);
  324. sock_kfree_s(sk, ctx, ctx->len);
  325. af_alg_release_parent(sk);
  326. }
  327. static int hash_accept_parent_nokey(void *private, struct sock *sk)
  328. {
  329. struct crypto_ahash *tfm = private;
  330. struct alg_sock *ask = alg_sk(sk);
  331. struct hash_ctx *ctx;
  332. unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm);
  333. ctx = sock_kmalloc(sk, len, GFP_KERNEL);
  334. if (!ctx)
  335. return -ENOMEM;
  336. memset(ctx, 0, len);
  337. ctx->len = len;
  338. crypto_init_wait(&ctx->wait);
  339. ask->private = ctx;
  340. ahash_request_set_tfm(&ctx->req, tfm);
  341. ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  342. crypto_req_done, &ctx->wait);
  343. sk->sk_destruct = hash_sock_destruct;
  344. return 0;
  345. }
  346. static int hash_accept_parent(void *private, struct sock *sk)
  347. {
  348. struct crypto_ahash *tfm = private;
  349. if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  350. return -ENOKEY;
  351. return hash_accept_parent_nokey(private, sk);
  352. }
  353. static const struct af_alg_type algif_type_hash = {
  354. .bind = hash_bind,
  355. .release = hash_release,
  356. .setkey = hash_setkey,
  357. .accept = hash_accept_parent,
  358. .accept_nokey = hash_accept_parent_nokey,
  359. .ops = &algif_hash_ops,
  360. .ops_nokey = &algif_hash_ops_nokey,
  361. .name = "hash",
  362. .owner = THIS_MODULE
  363. };
  364. static int __init algif_hash_init(void)
  365. {
  366. return af_alg_register_type(&algif_type_hash);
  367. }
  368. static void __exit algif_hash_exit(void)
  369. {
  370. int err = af_alg_unregister_type(&algif_type_hash);
  371. BUG_ON(err);
  372. }
  373. module_init(algif_hash_init);
  374. module_exit(algif_hash_exit);
  375. MODULE_DESCRIPTION("Userspace interface for hash algorithms");
  376. MODULE_LICENSE("GPL");