algif_skcipher.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * algif_skcipher: User-space interface for skcipher algorithms
  4. *
  5. * This file provides the user-space API for symmetric key ciphers.
  6. *
  7. * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
  8. *
  9. * The following concept of the memory management is used:
  10. *
  11. * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
  12. * filled by user space with the data submitted via sendmsg. Filling up the TX
  13. * SGL does not cause a crypto operation -- the data will only be tracked by
  14. * the kernel. Upon receipt of one recvmsg call, the caller must provide a
  15. * buffer which is tracked with the RX SGL.
  16. *
  17. * During the processing of the recvmsg operation, the cipher request is
  18. * allocated and prepared. As part of the recvmsg operation, the processed
  19. * TX buffers are extracted from the TX SGL into a separate SGL.
  20. *
  21. * After the completion of the crypto operation, the RX SGL and the cipher
  22. * request is released. The extracted TX SGL parts are released together with
  23. * the RX SGL release.
  24. */
  25. #include <crypto/scatterwalk.h>
  26. #include <crypto/skcipher.h>
  27. #include <crypto/if_alg.h>
  28. #include <linux/init.h>
  29. #include <linux/list.h>
  30. #include <linux/kernel.h>
  31. #include <linux/mm.h>
  32. #include <linux/module.h>
  33. #include <linux/net.h>
  34. #include <net/sock.h>
  35. static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
  36. size_t size)
  37. {
  38. struct sock *sk = sock->sk;
  39. struct alg_sock *ask = alg_sk(sk);
  40. struct sock *psk = ask->parent;
  41. struct alg_sock *pask = alg_sk(psk);
  42. struct crypto_skcipher *tfm = pask->private;
  43. unsigned ivsize = crypto_skcipher_ivsize(tfm);
  44. return af_alg_sendmsg(sock, msg, size, ivsize);
  45. }
  46. static int algif_skcipher_export(struct sock *sk, struct skcipher_request *req)
  47. {
  48. struct alg_sock *ask = alg_sk(sk);
  49. struct crypto_skcipher *tfm;
  50. struct af_alg_ctx *ctx;
  51. struct alg_sock *pask;
  52. unsigned statesize;
  53. struct sock *psk;
  54. int err;
  55. if (!(req->base.flags & CRYPTO_SKCIPHER_REQ_NOTFINAL))
  56. return 0;
  57. ctx = ask->private;
  58. psk = ask->parent;
  59. pask = alg_sk(psk);
  60. tfm = pask->private;
  61. statesize = crypto_skcipher_statesize(tfm);
  62. ctx->state = sock_kmalloc(sk, statesize, GFP_ATOMIC);
  63. if (!ctx->state)
  64. return -ENOMEM;
  65. err = crypto_skcipher_export(req, ctx->state);
  66. if (err) {
  67. sock_kzfree_s(sk, ctx->state, statesize);
  68. ctx->state = NULL;
  69. }
  70. return err;
  71. }
  72. static void algif_skcipher_done(void *data, int err)
  73. {
  74. struct af_alg_async_req *areq = data;
  75. struct sock *sk = areq->sk;
  76. if (err)
  77. goto out;
  78. err = algif_skcipher_export(sk, &areq->cra_u.skcipher_req);
  79. out:
  80. af_alg_async_cb(data, err);
  81. }
  82. static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
  83. size_t ignored, int flags)
  84. {
  85. struct sock *sk = sock->sk;
  86. struct alg_sock *ask = alg_sk(sk);
  87. struct sock *psk = ask->parent;
  88. struct alg_sock *pask = alg_sk(psk);
  89. struct af_alg_ctx *ctx = ask->private;
  90. struct crypto_skcipher *tfm = pask->private;
  91. unsigned int bs = crypto_skcipher_chunksize(tfm);
  92. struct af_alg_async_req *areq;
  93. unsigned cflags = 0;
  94. int err = 0;
  95. size_t len = 0;
  96. if (!ctx->init || (ctx->more && ctx->used < bs)) {
  97. err = af_alg_wait_for_data(sk, flags, bs);
  98. if (err)
  99. return err;
  100. }
  101. /* Allocate cipher request for current operation. */
  102. areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
  103. crypto_skcipher_reqsize(tfm));
  104. if (IS_ERR(areq))
  105. return PTR_ERR(areq);
  106. /* convert iovecs of output buffers into RX SGL */
  107. err = af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len);
  108. if (err)
  109. goto free;
  110. /*
  111. * If more buffers are to be expected to be processed, process only
  112. * full block size buffers.
  113. */
  114. if (ctx->more || len < ctx->used) {
  115. if (len < bs) {
  116. err = -EINVAL;
  117. goto free;
  118. }
  119. len -= len % bs;
  120. cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL;
  121. }
  122. /*
  123. * Create a per request TX SGL for this request which tracks the
  124. * SG entries from the global TX SGL.
  125. */
  126. areq->tsgl_entries = af_alg_count_tsgl(sk, len);
  127. if (!areq->tsgl_entries)
  128. areq->tsgl_entries = 1;
  129. areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
  130. areq->tsgl_entries),
  131. GFP_KERNEL);
  132. if (!areq->tsgl) {
  133. err = -ENOMEM;
  134. goto free;
  135. }
  136. sg_init_table(areq->tsgl, areq->tsgl_entries);
  137. af_alg_pull_tsgl(sk, len, areq->tsgl);
  138. /* Initialize the crypto operation */
  139. skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm);
  140. skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl,
  141. areq->first_rsgl.sgl.sgt.sgl, len, ctx->iv);
  142. if (ctx->state) {
  143. err = crypto_skcipher_import(&areq->cra_u.skcipher_req,
  144. ctx->state);
  145. sock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm));
  146. ctx->state = NULL;
  147. if (err)
  148. goto free;
  149. cflags |= CRYPTO_SKCIPHER_REQ_CONT;
  150. }
  151. if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
  152. /* AIO operation */
  153. sock_hold(sk);
  154. areq->iocb = msg->msg_iocb;
  155. /* Remember output size that will be generated. */
  156. areq->outlen = len;
  157. skcipher_request_set_callback(&areq->cra_u.skcipher_req,
  158. cflags |
  159. CRYPTO_TFM_REQ_MAY_SLEEP,
  160. algif_skcipher_done, areq);
  161. err = ctx->enc ?
  162. crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) :
  163. crypto_skcipher_decrypt(&areq->cra_u.skcipher_req);
  164. /* AIO operation in progress */
  165. if (err == -EINPROGRESS)
  166. return -EIOCBQUEUED;
  167. sock_put(sk);
  168. } else {
  169. /* Synchronous operation */
  170. skcipher_request_set_callback(&areq->cra_u.skcipher_req,
  171. cflags |
  172. CRYPTO_TFM_REQ_MAY_SLEEP |
  173. CRYPTO_TFM_REQ_MAY_BACKLOG,
  174. crypto_req_done, &ctx->wait);
  175. err = crypto_wait_req(ctx->enc ?
  176. crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) :
  177. crypto_skcipher_decrypt(&areq->cra_u.skcipher_req),
  178. &ctx->wait);
  179. if (!err)
  180. err = algif_skcipher_export(
  181. sk, &areq->cra_u.skcipher_req);
  182. }
  183. free:
  184. af_alg_free_resources(areq);
  185. return err ? err : len;
  186. }
  187. static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
  188. size_t ignored, int flags)
  189. {
  190. struct sock *sk = sock->sk;
  191. int ret = 0;
  192. lock_sock(sk);
  193. while (msg_data_left(msg)) {
  194. int err = _skcipher_recvmsg(sock, msg, ignored, flags);
  195. /*
  196. * This error covers -EIOCBQUEUED which implies that we can
  197. * only handle one AIO request. If the caller wants to have
  198. * multiple AIO requests in parallel, he must make multiple
  199. * separate AIO calls.
  200. *
  201. * Also return the error if no data has been processed so far.
  202. */
  203. if (err <= 0) {
  204. if (err == -EIOCBQUEUED || !ret)
  205. ret = err;
  206. goto out;
  207. }
  208. ret += err;
  209. }
  210. out:
  211. af_alg_wmem_wakeup(sk);
  212. release_sock(sk);
  213. return ret;
  214. }
  215. static struct proto_ops algif_skcipher_ops = {
  216. .family = PF_ALG,
  217. .connect = sock_no_connect,
  218. .socketpair = sock_no_socketpair,
  219. .getname = sock_no_getname,
  220. .ioctl = sock_no_ioctl,
  221. .listen = sock_no_listen,
  222. .shutdown = sock_no_shutdown,
  223. .mmap = sock_no_mmap,
  224. .bind = sock_no_bind,
  225. .accept = sock_no_accept,
  226. .release = af_alg_release,
  227. .sendmsg = skcipher_sendmsg,
  228. .recvmsg = skcipher_recvmsg,
  229. .poll = af_alg_poll,
  230. };
  231. static int skcipher_check_key(struct socket *sock)
  232. {
  233. int err = 0;
  234. struct sock *psk;
  235. struct alg_sock *pask;
  236. struct crypto_skcipher *tfm;
  237. struct sock *sk = sock->sk;
  238. struct alg_sock *ask = alg_sk(sk);
  239. lock_sock(sk);
  240. if (!atomic_read(&ask->nokey_refcnt))
  241. goto unlock_child;
  242. psk = ask->parent;
  243. pask = alg_sk(ask->parent);
  244. tfm = pask->private;
  245. err = -ENOKEY;
  246. lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
  247. if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  248. goto unlock;
  249. atomic_dec(&pask->nokey_refcnt);
  250. atomic_set(&ask->nokey_refcnt, 0);
  251. err = 0;
  252. unlock:
  253. release_sock(psk);
  254. unlock_child:
  255. release_sock(sk);
  256. return err;
  257. }
  258. static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
  259. size_t size)
  260. {
  261. int err;
  262. err = skcipher_check_key(sock);
  263. if (err)
  264. return err;
  265. return skcipher_sendmsg(sock, msg, size);
  266. }
  267. static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
  268. size_t ignored, int flags)
  269. {
  270. int err;
  271. err = skcipher_check_key(sock);
  272. if (err)
  273. return err;
  274. return skcipher_recvmsg(sock, msg, ignored, flags);
  275. }
  276. static struct proto_ops algif_skcipher_ops_nokey = {
  277. .family = PF_ALG,
  278. .connect = sock_no_connect,
  279. .socketpair = sock_no_socketpair,
  280. .getname = sock_no_getname,
  281. .ioctl = sock_no_ioctl,
  282. .listen = sock_no_listen,
  283. .shutdown = sock_no_shutdown,
  284. .mmap = sock_no_mmap,
  285. .bind = sock_no_bind,
  286. .accept = sock_no_accept,
  287. .release = af_alg_release,
  288. .sendmsg = skcipher_sendmsg_nokey,
  289. .recvmsg = skcipher_recvmsg_nokey,
  290. .poll = af_alg_poll,
  291. };
  292. static void *skcipher_bind(const char *name, u32 type, u32 mask)
  293. {
  294. return crypto_alloc_skcipher(name, type, mask);
  295. }
  296. static void skcipher_release(void *private)
  297. {
  298. crypto_free_skcipher(private);
  299. }
  300. static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
  301. {
  302. return crypto_skcipher_setkey(private, key, keylen);
  303. }
  304. static void skcipher_sock_destruct(struct sock *sk)
  305. {
  306. struct alg_sock *ask = alg_sk(sk);
  307. struct af_alg_ctx *ctx = ask->private;
  308. struct sock *psk = ask->parent;
  309. struct alg_sock *pask = alg_sk(psk);
  310. struct crypto_skcipher *tfm = pask->private;
  311. af_alg_pull_tsgl(sk, ctx->used, NULL);
  312. sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
  313. if (ctx->state)
  314. sock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm));
  315. sock_kfree_s(sk, ctx, ctx->len);
  316. af_alg_release_parent(sk);
  317. }
  318. static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
  319. {
  320. struct af_alg_ctx *ctx;
  321. struct alg_sock *ask = alg_sk(sk);
  322. struct crypto_skcipher *tfm = private;
  323. unsigned int len = sizeof(*ctx);
  324. ctx = sock_kmalloc(sk, len, GFP_KERNEL);
  325. if (!ctx)
  326. return -ENOMEM;
  327. memset(ctx, 0, len);
  328. ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm),
  329. GFP_KERNEL);
  330. if (!ctx->iv) {
  331. sock_kfree_s(sk, ctx, len);
  332. return -ENOMEM;
  333. }
  334. memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm));
  335. INIT_LIST_HEAD(&ctx->tsgl_list);
  336. ctx->len = len;
  337. crypto_init_wait(&ctx->wait);
  338. ask->private = ctx;
  339. sk->sk_destruct = skcipher_sock_destruct;
  340. return 0;
  341. }
  342. static int skcipher_accept_parent(void *private, struct sock *sk)
  343. {
  344. struct crypto_skcipher *tfm = private;
  345. if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  346. return -ENOKEY;
  347. return skcipher_accept_parent_nokey(private, sk);
  348. }
  349. static const struct af_alg_type algif_type_skcipher = {
  350. .bind = skcipher_bind,
  351. .release = skcipher_release,
  352. .setkey = skcipher_setkey,
  353. .accept = skcipher_accept_parent,
  354. .accept_nokey = skcipher_accept_parent_nokey,
  355. .ops = &algif_skcipher_ops,
  356. .ops_nokey = &algif_skcipher_ops_nokey,
  357. .name = "skcipher",
  358. .owner = THIS_MODULE
  359. };
  360. static int __init algif_skcipher_init(void)
  361. {
  362. return af_alg_register_type(&algif_type_skcipher);
  363. }
  364. static void __exit algif_skcipher_exit(void)
  365. {
  366. int err = af_alg_unregister_type(&algif_type_skcipher);
  367. BUG_ON(err);
  368. }
  369. module_init(algif_skcipher_init);
  370. module_exit(algif_skcipher_exit);
  371. MODULE_DESCRIPTION("Userspace interface for skcipher algorithms");
  372. MODULE_LICENSE("GPL");