1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * algif_hash: User-space interface for hash algorithms 4 * 5 * This file provides the user-space API for hash algorithms. 6 * 7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <crypto/hash.h> 11 #include <crypto/if_alg.h> 12 #include <linux/init.h> 13 #include <linux/kernel.h> 14 #include <linux/mm.h> 15 #include <linux/module.h> 16 #include <linux/net.h> 17 #include <net/sock.h> 18 19 struct hash_ctx { 20 struct af_alg_sgl sgl; 21 22 u8 *result; 23 24 struct crypto_wait wait; 25 26 unsigned int len; 27 bool more; 28 29 struct ahash_request req; 30 }; 31 32 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx) 33 { 34 unsigned ds; 35 36 if (ctx->result) 37 return 0; 38 39 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 40 41 ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL); 42 if (!ctx->result) 43 return -ENOMEM; 44 45 memset(ctx->result, 0, ds); 46 47 return 0; 48 } 49 50 static void hash_free_result(struct sock *sk, struct hash_ctx *ctx) 51 { 52 unsigned ds; 53 54 if (!ctx->result) 55 return; 56 57 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 58 59 sock_kzfree_s(sk, ctx->result, ds); 60 ctx->result = NULL; 61 } 62 63 static int hash_sendmsg(struct socket *sock, struct msghdr *msg, 64 size_t ignored) 65 { 66 struct sock *sk = sock->sk; 67 struct alg_sock *ask = alg_sk(sk); 68 struct hash_ctx *ctx = ask->private; 69 ssize_t copied = 0; 70 size_t len, max_pages, npages; 71 bool continuing = ctx->more, need_init = false; 72 int err; 73 74 max_pages = min_t(size_t, ALG_MAX_PAGES, 75 DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE)); 76 77 lock_sock(sk); 78 if (!continuing) { 79 /* Discard a previous request that wasn't marked MSG_MORE. */ 80 hash_free_result(sk, ctx); 81 if (!msg_data_left(msg)) 82 goto done; /* Zero-length; don't start new req */ 83 need_init = true; 84 } else if (!msg_data_left(msg)) { 85 /* 86 * No data - finalise the prev req if MSG_MORE so any error 87 * comes out here. 88 */ 89 if (!(msg->msg_flags & MSG_MORE)) { 90 err = hash_alloc_result(sk, ctx); 91 if (err) 92 goto unlock_free; 93 ahash_request_set_crypt(&ctx->req, NULL, 94 ctx->result, 0); 95 err = crypto_wait_req(crypto_ahash_final(&ctx->req), 96 &ctx->wait); 97 if (err) 98 goto unlock_free; 99 } 100 goto done_more; 101 } 102 103 while (msg_data_left(msg)) { 104 ctx->sgl.sgt.sgl = ctx->sgl.sgl; 105 ctx->sgl.sgt.nents = 0; 106 ctx->sgl.sgt.orig_nents = 0; 107 108 err = -EIO; 109 npages = iov_iter_npages(&msg->msg_iter, max_pages); 110 if (npages == 0) 111 goto unlock_free; 112 113 sg_init_table(ctx->sgl.sgl, npages); 114 115 ctx->sgl.need_unpin = iov_iter_extract_will_pin(&msg->msg_iter); 116 117 err = extract_iter_to_sg(&msg->msg_iter, LONG_MAX, 118 &ctx->sgl.sgt, npages, 0); 119 if (err < 0) 120 goto unlock_free; 121 len = err; 122 sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1); 123 124 if (!msg_data_left(msg)) { 125 err = hash_alloc_result(sk, ctx); 126 if (err) 127 goto unlock_free; 128 } 129 130 ahash_request_set_crypt(&ctx->req, ctx->sgl.sgt.sgl, 131 ctx->result, len); 132 133 if (!msg_data_left(msg) && !continuing && 134 !(msg->msg_flags & MSG_MORE)) { 135 err = crypto_ahash_digest(&ctx->req); 136 } else { 137 if (need_init) { 138 err = crypto_wait_req( 139 crypto_ahash_init(&ctx->req), 140 &ctx->wait); 141 if (err) 142 goto unlock_free; 143 need_init = false; 144 } 145 146 if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE)) 147 err = crypto_ahash_update(&ctx->req); 148 else 149 err = crypto_ahash_finup(&ctx->req); 150 continuing = true; 151 } 152 153 err = crypto_wait_req(err, &ctx->wait); 154 if (err) 155 goto unlock_free; 156 157 copied += len; 158 af_alg_free_sg(&ctx->sgl); 159 } 160 161 done_more: 162 ctx->more = msg->msg_flags & MSG_MORE; 163 done: 164 err = 0; 165 unlock: 166 release_sock(sk); 167 return copied ?: err; 168 169 unlock_free: 170 af_alg_free_sg(&ctx->sgl); 171 hash_free_result(sk, ctx); 172 ctx->more = false; 173 goto unlock; 174 } 175 176 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 177 int flags) 178 { 179 struct sock *sk = sock->sk; 180 struct alg_sock *ask = alg_sk(sk); 181 struct hash_ctx *ctx = ask->private; 182 unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 183 bool result; 184 int err; 185 186 if (len > ds) 187 len = ds; 188 else if (len < ds) 189 msg->msg_flags |= MSG_TRUNC; 190 191 lock_sock(sk); 192 result = ctx->result; 193 err = hash_alloc_result(sk, ctx); 194 if (err) 195 goto unlock; 196 197 ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); 198 199 if (!result && !ctx->more) { 200 err = crypto_wait_req(crypto_ahash_init(&ctx->req), 201 &ctx->wait); 202 if (err) 203 goto unlock; 204 } 205 206 if (!result || ctx->more) { 207 ctx->more = false; 208 err = crypto_wait_req(crypto_ahash_final(&ctx->req), 209 &ctx->wait); 210 if (err) 211 goto unlock; 212 } 213 214 err = memcpy_to_msg(msg, ctx->result, len); 215 216 unlock: 217 hash_free_result(sk, ctx); 218 release_sock(sk); 219 220 return err ?: len; 221 } 222 223 static int hash_accept(struct socket *sock, struct socket *newsock, int flags, 224 bool kern) 225 { 226 struct sock *sk = sock->sk; 227 struct alg_sock *ask = alg_sk(sk); 228 struct hash_ctx *ctx = ask->private; 229 struct ahash_request *req = &ctx->req; 230 struct crypto_ahash *tfm; 231 struct sock *sk2; 232 struct alg_sock *ask2; 233 struct hash_ctx *ctx2; 234 char *state; 235 bool more; 236 int err; 237 238 tfm = crypto_ahash_reqtfm(req); 239 state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL); 240 err = -ENOMEM; 241 if (!state) 242 goto out; 243 244 lock_sock(sk); 245 more = ctx->more; 246 err = more ? crypto_ahash_export(req, state) : 0; 247 release_sock(sk); 248 249 if (err) 250 goto out_free_state; 251 252 err = af_alg_accept(ask->parent, newsock, kern); 253 if (err) 254 goto out_free_state; 255 256 sk2 = newsock->sk; 257 ask2 = alg_sk(sk2); 258 ctx2 = ask2->private; 259 ctx2->more = more; 260 261 if (!more) 262 goto out_free_state; 263 264 err = crypto_ahash_import(&ctx2->req, state); 265 if (err) { 266 sock_orphan(sk2); 267 sock_put(sk2); 268 } 269 270 out_free_state: 271 kfree_sensitive(state); 272 273 out: 274 return err; 275 } 276 277 static struct proto_ops algif_hash_ops = { 278 .family = PF_ALG, 279 280 .connect = sock_no_connect, 281 .socketpair = sock_no_socketpair, 282 .getname = sock_no_getname, 283 .ioctl = sock_no_ioctl, 284 .listen = sock_no_listen, 285 .shutdown = sock_no_shutdown, 286 .mmap = sock_no_mmap, 287 .bind = sock_no_bind, 288 289 .release = af_alg_release, 290 .sendmsg = hash_sendmsg, 291 .recvmsg = hash_recvmsg, 292 .accept = hash_accept, 293 }; 294 295 static int hash_check_key(struct socket *sock) 296 { 297 int err = 0; 298 struct sock *psk; 299 struct alg_sock *pask; 300 struct crypto_ahash *tfm; 301 struct sock *sk = sock->sk; 302 struct alg_sock *ask = alg_sk(sk); 303 304 lock_sock(sk); 305 if (!atomic_read(&ask->nokey_refcnt)) 306 goto unlock_child; 307 308 psk = ask->parent; 309 pask = alg_sk(ask->parent); 310 tfm = pask->private; 311 312 err = -ENOKEY; 313 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 314 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 315 goto unlock; 316 317 atomic_dec(&pask->nokey_refcnt); 318 atomic_set(&ask->nokey_refcnt, 0); 319 320 err = 0; 321 322 unlock: 323 release_sock(psk); 324 unlock_child: 325 release_sock(sk); 326 327 return err; 328 } 329 330 static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 331 size_t size) 332 { 333 int err; 334 335 err = hash_check_key(sock); 336 if (err) 337 return err; 338 339 return hash_sendmsg(sock, msg, size); 340 } 341 342 static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 343 size_t ignored, int flags) 344 { 345 int err; 346 347 err = hash_check_key(sock); 348 if (err) 349 return err; 350 351 return hash_recvmsg(sock, msg, ignored, flags); 352 } 353 354 static int hash_accept_nokey(struct socket *sock, struct socket *newsock, 355 int flags, bool kern) 356 { 357 int err; 358 359 err = hash_check_key(sock); 360 if (err) 361 return err; 362 363 return hash_accept(sock, newsock, flags, kern); 364 } 365 366 static struct proto_ops algif_hash_ops_nokey = { 367 .family = PF_ALG, 368 369 .connect = sock_no_connect, 370 .socketpair = sock_no_socketpair, 371 .getname = sock_no_getname, 372 .ioctl = sock_no_ioctl, 373 .listen = sock_no_listen, 374 .shutdown = sock_no_shutdown, 375 .mmap = sock_no_mmap, 376 .bind = sock_no_bind, 377 378 .release = af_alg_release, 379 .sendmsg = hash_sendmsg_nokey, 380 .recvmsg = hash_recvmsg_nokey, 381 .accept = hash_accept_nokey, 382 }; 383 384 static void *hash_bind(const char *name, u32 type, u32 mask) 385 { 386 return crypto_alloc_ahash(name, type, mask); 387 } 388 389 static void hash_release(void *private) 390 { 391 crypto_free_ahash(private); 392 } 393 394 static int hash_setkey(void *private, const u8 *key, unsigned int keylen) 395 { 396 return crypto_ahash_setkey(private, key, keylen); 397 } 398 399 static void hash_sock_destruct(struct sock *sk) 400 { 401 struct alg_sock *ask = alg_sk(sk); 402 struct hash_ctx *ctx = ask->private; 403 404 hash_free_result(sk, ctx); 405 sock_kfree_s(sk, ctx, ctx->len); 406 af_alg_release_parent(sk); 407 } 408 409 static int hash_accept_parent_nokey(void *private, struct sock *sk) 410 { 411 struct crypto_ahash *tfm = private; 412 struct alg_sock *ask = alg_sk(sk); 413 struct hash_ctx *ctx; 414 unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm); 415 416 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 417 if (!ctx) 418 return -ENOMEM; 419 420 ctx->result = NULL; 421 ctx->len = len; 422 ctx->more = false; 423 crypto_init_wait(&ctx->wait); 424 425 ask->private = ctx; 426 427 ahash_request_set_tfm(&ctx->req, tfm); 428 ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, 429 crypto_req_done, &ctx->wait); 430 431 sk->sk_destruct = hash_sock_destruct; 432 433 return 0; 434 } 435 436 static int hash_accept_parent(void *private, struct sock *sk) 437 { 438 struct crypto_ahash *tfm = private; 439 440 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 441 return -ENOKEY; 442 443 return hash_accept_parent_nokey(private, sk); 444 } 445 446 static const struct af_alg_type algif_type_hash = { 447 .bind = hash_bind, 448 .release = hash_release, 449 .setkey = hash_setkey, 450 .accept = hash_accept_parent, 451 .accept_nokey = hash_accept_parent_nokey, 452 .ops = &algif_hash_ops, 453 .ops_nokey = &algif_hash_ops_nokey, 454 .name = "hash", 455 .owner = THIS_MODULE 456 }; 457 458 static int __init algif_hash_init(void) 459 { 460 return af_alg_register_type(&algif_type_hash); 461 } 462 463 static void __exit algif_hash_exit(void) 464 { 465 int err = af_alg_unregister_type(&algif_type_hash); 466 BUG_ON(err); 467 } 468 469 module_init(algif_hash_init); 470 module_exit(algif_hash_exit); 471 MODULE_LICENSE("GPL"); 472