xref: /openbmc/linux/crypto/algif_hash.c (revision b4f63bbf)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * algif_hash: User-space interface for hash algorithms
4  *
5  * This file provides the user-space API for hash algorithms.
6  *
7  * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
8  */
9 
10 #include <crypto/hash.h>
11 #include <crypto/if_alg.h>
12 #include <linux/init.h>
13 #include <linux/kernel.h>
14 #include <linux/mm.h>
15 #include <linux/module.h>
16 #include <linux/net.h>
17 #include <net/sock.h>
18 
19 struct hash_ctx {
20 	struct af_alg_sgl sgl;
21 
22 	u8 *result;
23 
24 	struct crypto_wait wait;
25 
26 	unsigned int len;
27 	bool more;
28 
29 	struct ahash_request req;
30 };
31 
32 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
33 {
34 	unsigned ds;
35 
36 	if (ctx->result)
37 		return 0;
38 
39 	ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
40 
41 	ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL);
42 	if (!ctx->result)
43 		return -ENOMEM;
44 
45 	memset(ctx->result, 0, ds);
46 
47 	return 0;
48 }
49 
50 static void hash_free_result(struct sock *sk, struct hash_ctx *ctx)
51 {
52 	unsigned ds;
53 
54 	if (!ctx->result)
55 		return;
56 
57 	ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
58 
59 	sock_kzfree_s(sk, ctx->result, ds);
60 	ctx->result = NULL;
61 }
62 
63 static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
64 			size_t ignored)
65 {
66 	struct sock *sk = sock->sk;
67 	struct alg_sock *ask = alg_sk(sk);
68 	struct hash_ctx *ctx = ask->private;
69 	ssize_t copied = 0;
70 	size_t len, max_pages, npages;
71 	bool continuing = ctx->more, need_init = false;
72 	int err;
73 
74 	max_pages = min_t(size_t, ALG_MAX_PAGES,
75 			  DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE));
76 
77 	lock_sock(sk);
78 	if (!continuing) {
79 		/* Discard a previous request that wasn't marked MSG_MORE. */
80 		hash_free_result(sk, ctx);
81 		if (!msg_data_left(msg))
82 			goto done; /* Zero-length; don't start new req */
83 		need_init = true;
84 	} else if (!msg_data_left(msg)) {
85 		/*
86 		 * No data - finalise the prev req if MSG_MORE so any error
87 		 * comes out here.
88 		 */
89 		if (!(msg->msg_flags & MSG_MORE)) {
90 			err = hash_alloc_result(sk, ctx);
91 			if (err)
92 				goto unlock_free;
93 			ahash_request_set_crypt(&ctx->req, NULL,
94 						ctx->result, 0);
95 			err = crypto_wait_req(crypto_ahash_final(&ctx->req),
96 					      &ctx->wait);
97 			if (err)
98 				goto unlock_free;
99 		}
100 		goto done_more;
101 	}
102 
103 	while (msg_data_left(msg)) {
104 		ctx->sgl.sgt.sgl = ctx->sgl.sgl;
105 		ctx->sgl.sgt.nents = 0;
106 		ctx->sgl.sgt.orig_nents = 0;
107 
108 		err = -EIO;
109 		npages = iov_iter_npages(&msg->msg_iter, max_pages);
110 		if (npages == 0)
111 			goto unlock_free;
112 
113 		sg_init_table(ctx->sgl.sgl, npages);
114 
115 		ctx->sgl.need_unpin = iov_iter_extract_will_pin(&msg->msg_iter);
116 
117 		err = extract_iter_to_sg(&msg->msg_iter, LONG_MAX,
118 					 &ctx->sgl.sgt, npages, 0);
119 		if (err < 0)
120 			goto unlock_free;
121 		len = err;
122 		sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1);
123 
124 		if (!msg_data_left(msg)) {
125 			err = hash_alloc_result(sk, ctx);
126 			if (err)
127 				goto unlock_free;
128 		}
129 
130 		ahash_request_set_crypt(&ctx->req, ctx->sgl.sgt.sgl,
131 					ctx->result, len);
132 
133 		if (!msg_data_left(msg) && !continuing &&
134 		    !(msg->msg_flags & MSG_MORE)) {
135 			err = crypto_ahash_digest(&ctx->req);
136 		} else {
137 			if (need_init) {
138 				err = crypto_wait_req(
139 					crypto_ahash_init(&ctx->req),
140 					&ctx->wait);
141 				if (err)
142 					goto unlock_free;
143 				need_init = false;
144 			}
145 
146 			if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE))
147 				err = crypto_ahash_update(&ctx->req);
148 			else
149 				err = crypto_ahash_finup(&ctx->req);
150 			continuing = true;
151 		}
152 
153 		err = crypto_wait_req(err, &ctx->wait);
154 		if (err)
155 			goto unlock_free;
156 
157 		copied += len;
158 		af_alg_free_sg(&ctx->sgl);
159 	}
160 
161 done_more:
162 	ctx->more = msg->msg_flags & MSG_MORE;
163 done:
164 	err = 0;
165 unlock:
166 	release_sock(sk);
167 	return copied ?: err;
168 
169 unlock_free:
170 	af_alg_free_sg(&ctx->sgl);
171 	hash_free_result(sk, ctx);
172 	ctx->more = false;
173 	goto unlock;
174 }
175 
176 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
177 			int flags)
178 {
179 	struct sock *sk = sock->sk;
180 	struct alg_sock *ask = alg_sk(sk);
181 	struct hash_ctx *ctx = ask->private;
182 	unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
183 	bool result;
184 	int err;
185 
186 	if (len > ds)
187 		len = ds;
188 	else if (len < ds)
189 		msg->msg_flags |= MSG_TRUNC;
190 
191 	lock_sock(sk);
192 	result = ctx->result;
193 	err = hash_alloc_result(sk, ctx);
194 	if (err)
195 		goto unlock;
196 
197 	ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
198 
199 	if (!result && !ctx->more) {
200 		err = crypto_wait_req(crypto_ahash_init(&ctx->req),
201 				      &ctx->wait);
202 		if (err)
203 			goto unlock;
204 	}
205 
206 	if (!result || ctx->more) {
207 		ctx->more = false;
208 		err = crypto_wait_req(crypto_ahash_final(&ctx->req),
209 				      &ctx->wait);
210 		if (err)
211 			goto unlock;
212 	}
213 
214 	err = memcpy_to_msg(msg, ctx->result, len);
215 
216 unlock:
217 	hash_free_result(sk, ctx);
218 	release_sock(sk);
219 
220 	return err ?: len;
221 }
222 
223 static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
224 		       bool kern)
225 {
226 	struct sock *sk = sock->sk;
227 	struct alg_sock *ask = alg_sk(sk);
228 	struct hash_ctx *ctx = ask->private;
229 	struct ahash_request *req = &ctx->req;
230 	struct crypto_ahash *tfm;
231 	struct sock *sk2;
232 	struct alg_sock *ask2;
233 	struct hash_ctx *ctx2;
234 	char *state;
235 	bool more;
236 	int err;
237 
238 	tfm = crypto_ahash_reqtfm(req);
239 	state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL);
240 	err = -ENOMEM;
241 	if (!state)
242 		goto out;
243 
244 	lock_sock(sk);
245 	more = ctx->more;
246 	err = more ? crypto_ahash_export(req, state) : 0;
247 	release_sock(sk);
248 
249 	if (err)
250 		goto out_free_state;
251 
252 	err = af_alg_accept(ask->parent, newsock, kern);
253 	if (err)
254 		goto out_free_state;
255 
256 	sk2 = newsock->sk;
257 	ask2 = alg_sk(sk2);
258 	ctx2 = ask2->private;
259 	ctx2->more = more;
260 
261 	if (!more)
262 		goto out_free_state;
263 
264 	err = crypto_ahash_import(&ctx2->req, state);
265 	if (err) {
266 		sock_orphan(sk2);
267 		sock_put(sk2);
268 	}
269 
270 out_free_state:
271 	kfree_sensitive(state);
272 
273 out:
274 	return err;
275 }
276 
277 static struct proto_ops algif_hash_ops = {
278 	.family		=	PF_ALG,
279 
280 	.connect	=	sock_no_connect,
281 	.socketpair	=	sock_no_socketpair,
282 	.getname	=	sock_no_getname,
283 	.ioctl		=	sock_no_ioctl,
284 	.listen		=	sock_no_listen,
285 	.shutdown	=	sock_no_shutdown,
286 	.mmap		=	sock_no_mmap,
287 	.bind		=	sock_no_bind,
288 
289 	.release	=	af_alg_release,
290 	.sendmsg	=	hash_sendmsg,
291 	.recvmsg	=	hash_recvmsg,
292 	.accept		=	hash_accept,
293 };
294 
295 static int hash_check_key(struct socket *sock)
296 {
297 	int err = 0;
298 	struct sock *psk;
299 	struct alg_sock *pask;
300 	struct crypto_ahash *tfm;
301 	struct sock *sk = sock->sk;
302 	struct alg_sock *ask = alg_sk(sk);
303 
304 	lock_sock(sk);
305 	if (!atomic_read(&ask->nokey_refcnt))
306 		goto unlock_child;
307 
308 	psk = ask->parent;
309 	pask = alg_sk(ask->parent);
310 	tfm = pask->private;
311 
312 	err = -ENOKEY;
313 	lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
314 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
315 		goto unlock;
316 
317 	atomic_dec(&pask->nokey_refcnt);
318 	atomic_set(&ask->nokey_refcnt, 0);
319 
320 	err = 0;
321 
322 unlock:
323 	release_sock(psk);
324 unlock_child:
325 	release_sock(sk);
326 
327 	return err;
328 }
329 
330 static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
331 			      size_t size)
332 {
333 	int err;
334 
335 	err = hash_check_key(sock);
336 	if (err)
337 		return err;
338 
339 	return hash_sendmsg(sock, msg, size);
340 }
341 
342 static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
343 			      size_t ignored, int flags)
344 {
345 	int err;
346 
347 	err = hash_check_key(sock);
348 	if (err)
349 		return err;
350 
351 	return hash_recvmsg(sock, msg, ignored, flags);
352 }
353 
354 static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
355 			     int flags, bool kern)
356 {
357 	int err;
358 
359 	err = hash_check_key(sock);
360 	if (err)
361 		return err;
362 
363 	return hash_accept(sock, newsock, flags, kern);
364 }
365 
366 static struct proto_ops algif_hash_ops_nokey = {
367 	.family		=	PF_ALG,
368 
369 	.connect	=	sock_no_connect,
370 	.socketpair	=	sock_no_socketpair,
371 	.getname	=	sock_no_getname,
372 	.ioctl		=	sock_no_ioctl,
373 	.listen		=	sock_no_listen,
374 	.shutdown	=	sock_no_shutdown,
375 	.mmap		=	sock_no_mmap,
376 	.bind		=	sock_no_bind,
377 
378 	.release	=	af_alg_release,
379 	.sendmsg	=	hash_sendmsg_nokey,
380 	.recvmsg	=	hash_recvmsg_nokey,
381 	.accept		=	hash_accept_nokey,
382 };
383 
384 static void *hash_bind(const char *name, u32 type, u32 mask)
385 {
386 	return crypto_alloc_ahash(name, type, mask);
387 }
388 
389 static void hash_release(void *private)
390 {
391 	crypto_free_ahash(private);
392 }
393 
394 static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
395 {
396 	return crypto_ahash_setkey(private, key, keylen);
397 }
398 
399 static void hash_sock_destruct(struct sock *sk)
400 {
401 	struct alg_sock *ask = alg_sk(sk);
402 	struct hash_ctx *ctx = ask->private;
403 
404 	hash_free_result(sk, ctx);
405 	sock_kfree_s(sk, ctx, ctx->len);
406 	af_alg_release_parent(sk);
407 }
408 
409 static int hash_accept_parent_nokey(void *private, struct sock *sk)
410 {
411 	struct crypto_ahash *tfm = private;
412 	struct alg_sock *ask = alg_sk(sk);
413 	struct hash_ctx *ctx;
414 	unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm);
415 
416 	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
417 	if (!ctx)
418 		return -ENOMEM;
419 
420 	ctx->result = NULL;
421 	ctx->len = len;
422 	ctx->more = false;
423 	crypto_init_wait(&ctx->wait);
424 
425 	ask->private = ctx;
426 
427 	ahash_request_set_tfm(&ctx->req, tfm);
428 	ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
429 				   crypto_req_done, &ctx->wait);
430 
431 	sk->sk_destruct = hash_sock_destruct;
432 
433 	return 0;
434 }
435 
436 static int hash_accept_parent(void *private, struct sock *sk)
437 {
438 	struct crypto_ahash *tfm = private;
439 
440 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
441 		return -ENOKEY;
442 
443 	return hash_accept_parent_nokey(private, sk);
444 }
445 
446 static const struct af_alg_type algif_type_hash = {
447 	.bind		=	hash_bind,
448 	.release	=	hash_release,
449 	.setkey		=	hash_setkey,
450 	.accept		=	hash_accept_parent,
451 	.accept_nokey	=	hash_accept_parent_nokey,
452 	.ops		=	&algif_hash_ops,
453 	.ops_nokey	=	&algif_hash_ops_nokey,
454 	.name		=	"hash",
455 	.owner		=	THIS_MODULE
456 };
457 
458 static int __init algif_hash_init(void)
459 {
460 	return af_alg_register_type(&algif_type_hash);
461 }
462 
463 static void __exit algif_hash_exit(void)
464 {
465 	int err = af_alg_unregister_type(&algif_type_hash);
466 	BUG_ON(err);
467 }
468 
469 module_init(algif_hash_init);
470 module_exit(algif_hash_exit);
471 MODULE_LICENSE("GPL");
472