xref: /openbmc/linux/crypto/algif_hash.c (revision e9b7b8b3)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * algif_hash: User-space interface for hash algorithms
4  *
5  * This file provides the user-space API for hash algorithms.
6  *
7  * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
8  */
9 
10 #include <crypto/hash.h>
11 #include <crypto/if_alg.h>
12 #include <linux/init.h>
13 #include <linux/kernel.h>
14 #include <linux/mm.h>
15 #include <linux/module.h>
16 #include <linux/net.h>
17 #include <net/sock.h>
18 
19 struct hash_ctx {
20 	struct af_alg_sgl sgl;
21 
22 	u8 *result;
23 
24 	struct crypto_wait wait;
25 
26 	unsigned int len;
27 	bool more;
28 
29 	struct ahash_request req;
30 };
31 
32 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
33 {
34 	unsigned ds;
35 
36 	if (ctx->result)
37 		return 0;
38 
39 	ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
40 
41 	ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL);
42 	if (!ctx->result)
43 		return -ENOMEM;
44 
45 	memset(ctx->result, 0, ds);
46 
47 	return 0;
48 }
49 
50 static void hash_free_result(struct sock *sk, struct hash_ctx *ctx)
51 {
52 	unsigned ds;
53 
54 	if (!ctx->result)
55 		return;
56 
57 	ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
58 
59 	sock_kzfree_s(sk, ctx->result, ds);
60 	ctx->result = NULL;
61 }
62 
63 static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
64 			size_t ignored)
65 {
66 	struct sock *sk = sock->sk;
67 	struct alg_sock *ask = alg_sk(sk);
68 	struct hash_ctx *ctx = ask->private;
69 	ssize_t copied = 0;
70 	size_t len, max_pages, npages;
71 	bool continuing, need_init = false;
72 	int err;
73 
74 	max_pages = min_t(size_t, ALG_MAX_PAGES,
75 			  DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE));
76 
77 	lock_sock(sk);
78 	continuing = ctx->more;
79 
80 	if (!continuing) {
81 		/* Discard a previous request that wasn't marked MSG_MORE. */
82 		hash_free_result(sk, ctx);
83 		if (!msg_data_left(msg))
84 			goto done; /* Zero-length; don't start new req */
85 		need_init = true;
86 	} else if (!msg_data_left(msg)) {
87 		/*
88 		 * No data - finalise the prev req if MSG_MORE so any error
89 		 * comes out here.
90 		 */
91 		if (!(msg->msg_flags & MSG_MORE)) {
92 			err = hash_alloc_result(sk, ctx);
93 			if (err)
94 				goto unlock_free;
95 			ahash_request_set_crypt(&ctx->req, NULL,
96 						ctx->result, 0);
97 			err = crypto_wait_req(crypto_ahash_final(&ctx->req),
98 					      &ctx->wait);
99 			if (err)
100 				goto unlock_free;
101 		}
102 		goto done_more;
103 	}
104 
105 	while (msg_data_left(msg)) {
106 		ctx->sgl.sgt.sgl = ctx->sgl.sgl;
107 		ctx->sgl.sgt.nents = 0;
108 		ctx->sgl.sgt.orig_nents = 0;
109 
110 		err = -EIO;
111 		npages = iov_iter_npages(&msg->msg_iter, max_pages);
112 		if (npages == 0)
113 			goto unlock_free;
114 
115 		sg_init_table(ctx->sgl.sgl, npages);
116 
117 		ctx->sgl.need_unpin = iov_iter_extract_will_pin(&msg->msg_iter);
118 
119 		err = extract_iter_to_sg(&msg->msg_iter, LONG_MAX,
120 					 &ctx->sgl.sgt, npages, 0);
121 		if (err < 0)
122 			goto unlock_free;
123 		len = err;
124 		sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1);
125 
126 		if (!msg_data_left(msg)) {
127 			err = hash_alloc_result(sk, ctx);
128 			if (err)
129 				goto unlock_free;
130 		}
131 
132 		ahash_request_set_crypt(&ctx->req, ctx->sgl.sgt.sgl,
133 					ctx->result, len);
134 
135 		if (!msg_data_left(msg) && !continuing &&
136 		    !(msg->msg_flags & MSG_MORE)) {
137 			err = crypto_ahash_digest(&ctx->req);
138 		} else {
139 			if (need_init) {
140 				err = crypto_wait_req(
141 					crypto_ahash_init(&ctx->req),
142 					&ctx->wait);
143 				if (err)
144 					goto unlock_free;
145 				need_init = false;
146 			}
147 
148 			if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE))
149 				err = crypto_ahash_update(&ctx->req);
150 			else
151 				err = crypto_ahash_finup(&ctx->req);
152 			continuing = true;
153 		}
154 
155 		err = crypto_wait_req(err, &ctx->wait);
156 		if (err)
157 			goto unlock_free;
158 
159 		copied += len;
160 		af_alg_free_sg(&ctx->sgl);
161 	}
162 
163 done_more:
164 	ctx->more = msg->msg_flags & MSG_MORE;
165 done:
166 	err = 0;
167 unlock:
168 	release_sock(sk);
169 	return copied ?: err;
170 
171 unlock_free:
172 	af_alg_free_sg(&ctx->sgl);
173 	hash_free_result(sk, ctx);
174 	ctx->more = false;
175 	goto unlock;
176 }
177 
178 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
179 			int flags)
180 {
181 	struct sock *sk = sock->sk;
182 	struct alg_sock *ask = alg_sk(sk);
183 	struct hash_ctx *ctx = ask->private;
184 	unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
185 	bool result;
186 	int err;
187 
188 	if (len > ds)
189 		len = ds;
190 	else if (len < ds)
191 		msg->msg_flags |= MSG_TRUNC;
192 
193 	lock_sock(sk);
194 	result = ctx->result;
195 	err = hash_alloc_result(sk, ctx);
196 	if (err)
197 		goto unlock;
198 
199 	ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
200 
201 	if (!result && !ctx->more) {
202 		err = crypto_wait_req(crypto_ahash_init(&ctx->req),
203 				      &ctx->wait);
204 		if (err)
205 			goto unlock;
206 	}
207 
208 	if (!result || ctx->more) {
209 		ctx->more = false;
210 		err = crypto_wait_req(crypto_ahash_final(&ctx->req),
211 				      &ctx->wait);
212 		if (err)
213 			goto unlock;
214 	}
215 
216 	err = memcpy_to_msg(msg, ctx->result, len);
217 
218 unlock:
219 	hash_free_result(sk, ctx);
220 	release_sock(sk);
221 
222 	return err ?: len;
223 }
224 
225 static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
226 		       bool kern)
227 {
228 	struct sock *sk = sock->sk;
229 	struct alg_sock *ask = alg_sk(sk);
230 	struct hash_ctx *ctx = ask->private;
231 	struct ahash_request *req = &ctx->req;
232 	struct crypto_ahash *tfm;
233 	struct sock *sk2;
234 	struct alg_sock *ask2;
235 	struct hash_ctx *ctx2;
236 	char *state;
237 	bool more;
238 	int err;
239 
240 	tfm = crypto_ahash_reqtfm(req);
241 	state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL);
242 	err = -ENOMEM;
243 	if (!state)
244 		goto out;
245 
246 	lock_sock(sk);
247 	more = ctx->more;
248 	err = more ? crypto_ahash_export(req, state) : 0;
249 	release_sock(sk);
250 
251 	if (err)
252 		goto out_free_state;
253 
254 	err = af_alg_accept(ask->parent, newsock, kern);
255 	if (err)
256 		goto out_free_state;
257 
258 	sk2 = newsock->sk;
259 	ask2 = alg_sk(sk2);
260 	ctx2 = ask2->private;
261 	ctx2->more = more;
262 
263 	if (!more)
264 		goto out_free_state;
265 
266 	err = crypto_ahash_import(&ctx2->req, state);
267 	if (err) {
268 		sock_orphan(sk2);
269 		sock_put(sk2);
270 	}
271 
272 out_free_state:
273 	kfree_sensitive(state);
274 
275 out:
276 	return err;
277 }
278 
279 static struct proto_ops algif_hash_ops = {
280 	.family		=	PF_ALG,
281 
282 	.connect	=	sock_no_connect,
283 	.socketpair	=	sock_no_socketpair,
284 	.getname	=	sock_no_getname,
285 	.ioctl		=	sock_no_ioctl,
286 	.listen		=	sock_no_listen,
287 	.shutdown	=	sock_no_shutdown,
288 	.mmap		=	sock_no_mmap,
289 	.bind		=	sock_no_bind,
290 
291 	.release	=	af_alg_release,
292 	.sendmsg	=	hash_sendmsg,
293 	.recvmsg	=	hash_recvmsg,
294 	.accept		=	hash_accept,
295 };
296 
297 static int hash_check_key(struct socket *sock)
298 {
299 	int err = 0;
300 	struct sock *psk;
301 	struct alg_sock *pask;
302 	struct crypto_ahash *tfm;
303 	struct sock *sk = sock->sk;
304 	struct alg_sock *ask = alg_sk(sk);
305 
306 	lock_sock(sk);
307 	if (!atomic_read(&ask->nokey_refcnt))
308 		goto unlock_child;
309 
310 	psk = ask->parent;
311 	pask = alg_sk(ask->parent);
312 	tfm = pask->private;
313 
314 	err = -ENOKEY;
315 	lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
316 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
317 		goto unlock;
318 
319 	atomic_dec(&pask->nokey_refcnt);
320 	atomic_set(&ask->nokey_refcnt, 0);
321 
322 	err = 0;
323 
324 unlock:
325 	release_sock(psk);
326 unlock_child:
327 	release_sock(sk);
328 
329 	return err;
330 }
331 
332 static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
333 			      size_t size)
334 {
335 	int err;
336 
337 	err = hash_check_key(sock);
338 	if (err)
339 		return err;
340 
341 	return hash_sendmsg(sock, msg, size);
342 }
343 
344 static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
345 			      size_t ignored, int flags)
346 {
347 	int err;
348 
349 	err = hash_check_key(sock);
350 	if (err)
351 		return err;
352 
353 	return hash_recvmsg(sock, msg, ignored, flags);
354 }
355 
356 static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
357 			     int flags, bool kern)
358 {
359 	int err;
360 
361 	err = hash_check_key(sock);
362 	if (err)
363 		return err;
364 
365 	return hash_accept(sock, newsock, flags, kern);
366 }
367 
368 static struct proto_ops algif_hash_ops_nokey = {
369 	.family		=	PF_ALG,
370 
371 	.connect	=	sock_no_connect,
372 	.socketpair	=	sock_no_socketpair,
373 	.getname	=	sock_no_getname,
374 	.ioctl		=	sock_no_ioctl,
375 	.listen		=	sock_no_listen,
376 	.shutdown	=	sock_no_shutdown,
377 	.mmap		=	sock_no_mmap,
378 	.bind		=	sock_no_bind,
379 
380 	.release	=	af_alg_release,
381 	.sendmsg	=	hash_sendmsg_nokey,
382 	.recvmsg	=	hash_recvmsg_nokey,
383 	.accept		=	hash_accept_nokey,
384 };
385 
386 static void *hash_bind(const char *name, u32 type, u32 mask)
387 {
388 	return crypto_alloc_ahash(name, type, mask);
389 }
390 
391 static void hash_release(void *private)
392 {
393 	crypto_free_ahash(private);
394 }
395 
396 static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
397 {
398 	return crypto_ahash_setkey(private, key, keylen);
399 }
400 
401 static void hash_sock_destruct(struct sock *sk)
402 {
403 	struct alg_sock *ask = alg_sk(sk);
404 	struct hash_ctx *ctx = ask->private;
405 
406 	hash_free_result(sk, ctx);
407 	sock_kfree_s(sk, ctx, ctx->len);
408 	af_alg_release_parent(sk);
409 }
410 
411 static int hash_accept_parent_nokey(void *private, struct sock *sk)
412 {
413 	struct crypto_ahash *tfm = private;
414 	struct alg_sock *ask = alg_sk(sk);
415 	struct hash_ctx *ctx;
416 	unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm);
417 
418 	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
419 	if (!ctx)
420 		return -ENOMEM;
421 
422 	ctx->result = NULL;
423 	ctx->len = len;
424 	ctx->more = false;
425 	crypto_init_wait(&ctx->wait);
426 
427 	ask->private = ctx;
428 
429 	ahash_request_set_tfm(&ctx->req, tfm);
430 	ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
431 				   crypto_req_done, &ctx->wait);
432 
433 	sk->sk_destruct = hash_sock_destruct;
434 
435 	return 0;
436 }
437 
438 static int hash_accept_parent(void *private, struct sock *sk)
439 {
440 	struct crypto_ahash *tfm = private;
441 
442 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
443 		return -ENOKEY;
444 
445 	return hash_accept_parent_nokey(private, sk);
446 }
447 
448 static const struct af_alg_type algif_type_hash = {
449 	.bind		=	hash_bind,
450 	.release	=	hash_release,
451 	.setkey		=	hash_setkey,
452 	.accept		=	hash_accept_parent,
453 	.accept_nokey	=	hash_accept_parent_nokey,
454 	.ops		=	&algif_hash_ops,
455 	.ops_nokey	=	&algif_hash_ops_nokey,
456 	.name		=	"hash",
457 	.owner		=	THIS_MODULE
458 };
459 
460 static int __init algif_hash_init(void)
461 {
462 	return af_alg_register_type(&algif_type_hash);
463 }
464 
465 static void __exit algif_hash_exit(void)
466 {
467 	int err = af_alg_unregister_type(&algif_type_hash);
468 	BUG_ON(err);
469 }
470 
471 module_init(algif_hash_init);
472 module_exit(algif_hash_exit);
473 MODULE_LICENSE("GPL");
474