1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * algif_hash: User-space interface for hash algorithms 4 * 5 * This file provides the user-space API for hash algorithms. 6 * 7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <crypto/hash.h> 11 #include <crypto/if_alg.h> 12 #include <linux/init.h> 13 #include <linux/kernel.h> 14 #include <linux/mm.h> 15 #include <linux/module.h> 16 #include <linux/net.h> 17 #include <net/sock.h> 18 19 struct hash_ctx { 20 struct af_alg_sgl sgl; 21 22 u8 *result; 23 24 struct crypto_wait wait; 25 26 unsigned int len; 27 bool more; 28 29 struct ahash_request req; 30 }; 31 32 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx) 33 { 34 unsigned ds; 35 36 if (ctx->result) 37 return 0; 38 39 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 40 41 ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL); 42 if (!ctx->result) 43 return -ENOMEM; 44 45 memset(ctx->result, 0, ds); 46 47 return 0; 48 } 49 50 static void hash_free_result(struct sock *sk, struct hash_ctx *ctx) 51 { 52 unsigned ds; 53 54 if (!ctx->result) 55 return; 56 57 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 58 59 sock_kzfree_s(sk, ctx->result, ds); 60 ctx->result = NULL; 61 } 62 63 static int hash_sendmsg(struct socket *sock, struct msghdr *msg, 64 size_t ignored) 65 { 66 int limit = ALG_MAX_PAGES * PAGE_SIZE; 67 struct sock *sk = sock->sk; 68 struct alg_sock *ask = alg_sk(sk); 69 struct hash_ctx *ctx = ask->private; 70 long copied = 0; 71 int err; 72 73 if (limit > sk->sk_sndbuf) 74 limit = sk->sk_sndbuf; 75 76 lock_sock(sk); 77 if (!ctx->more) { 78 if ((msg->msg_flags & MSG_MORE)) 79 hash_free_result(sk, ctx); 80 81 err = crypto_wait_req(crypto_ahash_init(&ctx->req), &ctx->wait); 82 if (err) 83 goto unlock; 84 } 85 86 ctx->more = false; 87 88 while (msg_data_left(msg)) { 89 int len = msg_data_left(msg); 90 91 if (len > limit) 92 len = limit; 93 94 len = af_alg_make_sg(&ctx->sgl, &msg->msg_iter, len); 95 if (len < 0) { 96 err = copied ? 0 : len; 97 goto unlock; 98 } 99 100 ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL, len); 101 102 err = crypto_wait_req(crypto_ahash_update(&ctx->req), 103 &ctx->wait); 104 af_alg_free_sg(&ctx->sgl); 105 if (err) { 106 iov_iter_revert(&msg->msg_iter, len); 107 goto unlock; 108 } 109 110 copied += len; 111 } 112 113 err = 0; 114 115 ctx->more = msg->msg_flags & MSG_MORE; 116 if (!ctx->more) { 117 err = hash_alloc_result(sk, ctx); 118 if (err) 119 goto unlock; 120 121 ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); 122 err = crypto_wait_req(crypto_ahash_final(&ctx->req), 123 &ctx->wait); 124 } 125 126 unlock: 127 release_sock(sk); 128 129 return err ?: copied; 130 } 131 132 static ssize_t hash_sendpage(struct socket *sock, struct page *page, 133 int offset, size_t size, int flags) 134 { 135 struct sock *sk = sock->sk; 136 struct alg_sock *ask = alg_sk(sk); 137 struct hash_ctx *ctx = ask->private; 138 int err; 139 140 if (flags & MSG_SENDPAGE_NOTLAST) 141 flags |= MSG_MORE; 142 143 lock_sock(sk); 144 sg_init_table(ctx->sgl.sg, 1); 145 sg_set_page(ctx->sgl.sg, page, size, offset); 146 147 if (!(flags & MSG_MORE)) { 148 err = hash_alloc_result(sk, ctx); 149 if (err) 150 goto unlock; 151 } else if (!ctx->more) 152 hash_free_result(sk, ctx); 153 154 ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, ctx->result, size); 155 156 if (!(flags & MSG_MORE)) { 157 if (ctx->more) 158 err = crypto_ahash_finup(&ctx->req); 159 else 160 err = crypto_ahash_digest(&ctx->req); 161 } else { 162 if (!ctx->more) { 163 err = crypto_ahash_init(&ctx->req); 164 err = crypto_wait_req(err, &ctx->wait); 165 if (err) 166 goto unlock; 167 } 168 169 err = crypto_ahash_update(&ctx->req); 170 } 171 172 err = crypto_wait_req(err, &ctx->wait); 173 if (err) 174 goto unlock; 175 176 ctx->more = flags & MSG_MORE; 177 178 unlock: 179 release_sock(sk); 180 181 return err ?: size; 182 } 183 184 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 185 int flags) 186 { 187 struct sock *sk = sock->sk; 188 struct alg_sock *ask = alg_sk(sk); 189 struct hash_ctx *ctx = ask->private; 190 unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 191 bool result; 192 int err; 193 194 if (len > ds) 195 len = ds; 196 else if (len < ds) 197 msg->msg_flags |= MSG_TRUNC; 198 199 lock_sock(sk); 200 result = ctx->result; 201 err = hash_alloc_result(sk, ctx); 202 if (err) 203 goto unlock; 204 205 ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); 206 207 if (!result && !ctx->more) { 208 err = crypto_wait_req(crypto_ahash_init(&ctx->req), 209 &ctx->wait); 210 if (err) 211 goto unlock; 212 } 213 214 if (!result || ctx->more) { 215 ctx->more = false; 216 err = crypto_wait_req(crypto_ahash_final(&ctx->req), 217 &ctx->wait); 218 if (err) 219 goto unlock; 220 } 221 222 err = memcpy_to_msg(msg, ctx->result, len); 223 224 unlock: 225 hash_free_result(sk, ctx); 226 release_sock(sk); 227 228 return err ?: len; 229 } 230 231 static int hash_accept(struct socket *sock, struct socket *newsock, int flags, 232 bool kern) 233 { 234 struct sock *sk = sock->sk; 235 struct alg_sock *ask = alg_sk(sk); 236 struct hash_ctx *ctx = ask->private; 237 struct ahash_request *req = &ctx->req; 238 struct crypto_ahash *tfm; 239 struct sock *sk2; 240 struct alg_sock *ask2; 241 struct hash_ctx *ctx2; 242 char *state; 243 bool more; 244 int err; 245 246 tfm = crypto_ahash_reqtfm(req); 247 state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL); 248 err = -ENOMEM; 249 if (!state) 250 goto out; 251 252 lock_sock(sk); 253 more = ctx->more; 254 err = more ? crypto_ahash_export(req, state) : 0; 255 release_sock(sk); 256 257 if (err) 258 goto out_free_state; 259 260 err = af_alg_accept(ask->parent, newsock, kern); 261 if (err) 262 goto out_free_state; 263 264 sk2 = newsock->sk; 265 ask2 = alg_sk(sk2); 266 ctx2 = ask2->private; 267 ctx2->more = more; 268 269 if (!more) 270 goto out_free_state; 271 272 err = crypto_ahash_import(&ctx2->req, state); 273 if (err) { 274 sock_orphan(sk2); 275 sock_put(sk2); 276 } 277 278 out_free_state: 279 kfree_sensitive(state); 280 281 out: 282 return err; 283 } 284 285 static struct proto_ops algif_hash_ops = { 286 .family = PF_ALG, 287 288 .connect = sock_no_connect, 289 .socketpair = sock_no_socketpair, 290 .getname = sock_no_getname, 291 .ioctl = sock_no_ioctl, 292 .listen = sock_no_listen, 293 .shutdown = sock_no_shutdown, 294 .mmap = sock_no_mmap, 295 .bind = sock_no_bind, 296 297 .release = af_alg_release, 298 .sendmsg = hash_sendmsg, 299 .sendpage = hash_sendpage, 300 .recvmsg = hash_recvmsg, 301 .accept = hash_accept, 302 }; 303 304 static int hash_check_key(struct socket *sock) 305 { 306 int err = 0; 307 struct sock *psk; 308 struct alg_sock *pask; 309 struct crypto_ahash *tfm; 310 struct sock *sk = sock->sk; 311 struct alg_sock *ask = alg_sk(sk); 312 313 lock_sock(sk); 314 if (!atomic_read(&ask->nokey_refcnt)) 315 goto unlock_child; 316 317 psk = ask->parent; 318 pask = alg_sk(ask->parent); 319 tfm = pask->private; 320 321 err = -ENOKEY; 322 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 323 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 324 goto unlock; 325 326 atomic_dec(&pask->nokey_refcnt); 327 atomic_set(&ask->nokey_refcnt, 0); 328 329 err = 0; 330 331 unlock: 332 release_sock(psk); 333 unlock_child: 334 release_sock(sk); 335 336 return err; 337 } 338 339 static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 340 size_t size) 341 { 342 int err; 343 344 err = hash_check_key(sock); 345 if (err) 346 return err; 347 348 return hash_sendmsg(sock, msg, size); 349 } 350 351 static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page, 352 int offset, size_t size, int flags) 353 { 354 int err; 355 356 err = hash_check_key(sock); 357 if (err) 358 return err; 359 360 return hash_sendpage(sock, page, offset, size, flags); 361 } 362 363 static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 364 size_t ignored, int flags) 365 { 366 int err; 367 368 err = hash_check_key(sock); 369 if (err) 370 return err; 371 372 return hash_recvmsg(sock, msg, ignored, flags); 373 } 374 375 static int hash_accept_nokey(struct socket *sock, struct socket *newsock, 376 int flags, bool kern) 377 { 378 int err; 379 380 err = hash_check_key(sock); 381 if (err) 382 return err; 383 384 return hash_accept(sock, newsock, flags, kern); 385 } 386 387 static struct proto_ops algif_hash_ops_nokey = { 388 .family = PF_ALG, 389 390 .connect = sock_no_connect, 391 .socketpair = sock_no_socketpair, 392 .getname = sock_no_getname, 393 .ioctl = sock_no_ioctl, 394 .listen = sock_no_listen, 395 .shutdown = sock_no_shutdown, 396 .mmap = sock_no_mmap, 397 .bind = sock_no_bind, 398 399 .release = af_alg_release, 400 .sendmsg = hash_sendmsg_nokey, 401 .sendpage = hash_sendpage_nokey, 402 .recvmsg = hash_recvmsg_nokey, 403 .accept = hash_accept_nokey, 404 }; 405 406 static void *hash_bind(const char *name, u32 type, u32 mask) 407 { 408 return crypto_alloc_ahash(name, type, mask); 409 } 410 411 static void hash_release(void *private) 412 { 413 crypto_free_ahash(private); 414 } 415 416 static int hash_setkey(void *private, const u8 *key, unsigned int keylen) 417 { 418 return crypto_ahash_setkey(private, key, keylen); 419 } 420 421 static void hash_sock_destruct(struct sock *sk) 422 { 423 struct alg_sock *ask = alg_sk(sk); 424 struct hash_ctx *ctx = ask->private; 425 426 hash_free_result(sk, ctx); 427 sock_kfree_s(sk, ctx, ctx->len); 428 af_alg_release_parent(sk); 429 } 430 431 static int hash_accept_parent_nokey(void *private, struct sock *sk) 432 { 433 struct crypto_ahash *tfm = private; 434 struct alg_sock *ask = alg_sk(sk); 435 struct hash_ctx *ctx; 436 unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm); 437 438 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 439 if (!ctx) 440 return -ENOMEM; 441 442 ctx->result = NULL; 443 ctx->len = len; 444 ctx->more = false; 445 crypto_init_wait(&ctx->wait); 446 447 ask->private = ctx; 448 449 ahash_request_set_tfm(&ctx->req, tfm); 450 ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, 451 crypto_req_done, &ctx->wait); 452 453 sk->sk_destruct = hash_sock_destruct; 454 455 return 0; 456 } 457 458 static int hash_accept_parent(void *private, struct sock *sk) 459 { 460 struct crypto_ahash *tfm = private; 461 462 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 463 return -ENOKEY; 464 465 return hash_accept_parent_nokey(private, sk); 466 } 467 468 static const struct af_alg_type algif_type_hash = { 469 .bind = hash_bind, 470 .release = hash_release, 471 .setkey = hash_setkey, 472 .accept = hash_accept_parent, 473 .accept_nokey = hash_accept_parent_nokey, 474 .ops = &algif_hash_ops, 475 .ops_nokey = &algif_hash_ops_nokey, 476 .name = "hash", 477 .owner = THIS_MODULE 478 }; 479 480 static int __init algif_hash_init(void) 481 { 482 return af_alg_register_type(&algif_type_hash); 483 } 484 485 static void __exit algif_hash_exit(void) 486 { 487 int err = af_alg_unregister_type(&algif_type_hash); 488 BUG_ON(err); 489 } 490 491 module_init(algif_hash_init); 492 module_exit(algif_hash_exit); 493 MODULE_LICENSE("GPL"); 494