1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * algif_skcipher: User-space interface for skcipher algorithms 4 * 5 * This file provides the user-space API for symmetric key ciphers. 6 * 7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 8 * 9 * The following concept of the memory management is used: 10 * 11 * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 12 * filled by user space with the data submitted via sendpage/sendmsg. Filling 13 * up the TX SGL does not cause a crypto operation -- the data will only be 14 * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 15 * provide a buffer which is tracked with the RX SGL. 16 * 17 * During the processing of the recvmsg operation, the cipher request is 18 * allocated and prepared. As part of the recvmsg operation, the processed 19 * TX buffers are extracted from the TX SGL into a separate SGL. 20 * 21 * After the completion of the crypto operation, the RX SGL and the cipher 22 * request is released. The extracted TX SGL parts are released together with 23 * the RX SGL release. 24 */ 25 26 #include <crypto/scatterwalk.h> 27 #include <crypto/skcipher.h> 28 #include <crypto/if_alg.h> 29 #include <linux/init.h> 30 #include <linux/list.h> 31 #include <linux/kernel.h> 32 #include <linux/mm.h> 33 #include <linux/module.h> 34 #include <linux/net.h> 35 #include <net/sock.h> 36 37 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, 38 size_t size) 39 { 40 struct sock *sk = sock->sk; 41 struct alg_sock *ask = alg_sk(sk); 42 struct sock *psk = ask->parent; 43 struct alg_sock *pask = alg_sk(psk); 44 struct crypto_skcipher *tfm = pask->private; 45 unsigned ivsize = crypto_skcipher_ivsize(tfm); 46 47 return af_alg_sendmsg(sock, msg, size, ivsize); 48 } 49 50 static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 51 size_t ignored, int flags) 52 { 53 struct sock *sk = sock->sk; 54 struct alg_sock *ask = alg_sk(sk); 55 struct sock *psk = ask->parent; 56 struct alg_sock *pask = alg_sk(psk); 57 struct af_alg_ctx *ctx = ask->private; 58 struct crypto_skcipher *tfm = pask->private; 59 unsigned int bs = crypto_skcipher_chunksize(tfm); 60 struct af_alg_async_req *areq; 61 int err = 0; 62 size_t len = 0; 63 64 if (!ctx->init || (ctx->more && ctx->used < bs)) { 65 err = af_alg_wait_for_data(sk, flags, bs); 66 if (err) 67 return err; 68 } 69 70 /* Allocate cipher request for current operation. */ 71 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 72 crypto_skcipher_reqsize(tfm)); 73 if (IS_ERR(areq)) 74 return PTR_ERR(areq); 75 76 /* convert iovecs of output buffers into RX SGL */ 77 err = af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len); 78 if (err) 79 goto free; 80 81 /* 82 * If more buffers are to be expected to be processed, process only 83 * full block size buffers. 84 */ 85 if (ctx->more || len < ctx->used) 86 len -= len % bs; 87 88 /* 89 * Create a per request TX SGL for this request which tracks the 90 * SG entries from the global TX SGL. 91 */ 92 areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); 93 if (!areq->tsgl_entries) 94 areq->tsgl_entries = 1; 95 areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), 96 areq->tsgl_entries), 97 GFP_KERNEL); 98 if (!areq->tsgl) { 99 err = -ENOMEM; 100 goto free; 101 } 102 sg_init_table(areq->tsgl, areq->tsgl_entries); 103 af_alg_pull_tsgl(sk, len, areq->tsgl, 0); 104 105 /* Initialize the crypto operation */ 106 skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); 107 skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, 108 areq->first_rsgl.sgl.sg, len, ctx->iv); 109 110 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 111 /* AIO operation */ 112 sock_hold(sk); 113 areq->iocb = msg->msg_iocb; 114 115 /* Remember output size that will be generated. */ 116 areq->outlen = len; 117 118 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 119 CRYPTO_TFM_REQ_MAY_SLEEP, 120 af_alg_async_cb, areq); 121 err = ctx->enc ? 122 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 123 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 124 125 /* AIO operation in progress */ 126 if (err == -EINPROGRESS || err == -EBUSY) 127 return -EIOCBQUEUED; 128 129 sock_put(sk); 130 } else { 131 /* Synchronous operation */ 132 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 133 CRYPTO_TFM_REQ_MAY_SLEEP | 134 CRYPTO_TFM_REQ_MAY_BACKLOG, 135 crypto_req_done, &ctx->wait); 136 err = crypto_wait_req(ctx->enc ? 137 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 138 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req), 139 &ctx->wait); 140 } 141 142 143 free: 144 af_alg_free_resources(areq); 145 146 return err ? err : len; 147 } 148 149 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 150 size_t ignored, int flags) 151 { 152 struct sock *sk = sock->sk; 153 int ret = 0; 154 155 lock_sock(sk); 156 while (msg_data_left(msg)) { 157 int err = _skcipher_recvmsg(sock, msg, ignored, flags); 158 159 /* 160 * This error covers -EIOCBQUEUED which implies that we can 161 * only handle one AIO request. If the caller wants to have 162 * multiple AIO requests in parallel, he must make multiple 163 * separate AIO calls. 164 * 165 * Also return the error if no data has been processed so far. 166 */ 167 if (err <= 0) { 168 if (err == -EIOCBQUEUED || !ret) 169 ret = err; 170 goto out; 171 } 172 173 ret += err; 174 } 175 176 out: 177 af_alg_wmem_wakeup(sk); 178 release_sock(sk); 179 return ret; 180 } 181 182 static struct proto_ops algif_skcipher_ops = { 183 .family = PF_ALG, 184 185 .connect = sock_no_connect, 186 .socketpair = sock_no_socketpair, 187 .getname = sock_no_getname, 188 .ioctl = sock_no_ioctl, 189 .listen = sock_no_listen, 190 .shutdown = sock_no_shutdown, 191 .mmap = sock_no_mmap, 192 .bind = sock_no_bind, 193 .accept = sock_no_accept, 194 195 .release = af_alg_release, 196 .sendmsg = skcipher_sendmsg, 197 .sendpage = af_alg_sendpage, 198 .recvmsg = skcipher_recvmsg, 199 .poll = af_alg_poll, 200 }; 201 202 static int skcipher_check_key(struct socket *sock) 203 { 204 int err = 0; 205 struct sock *psk; 206 struct alg_sock *pask; 207 struct crypto_skcipher *tfm; 208 struct sock *sk = sock->sk; 209 struct alg_sock *ask = alg_sk(sk); 210 211 lock_sock(sk); 212 if (!atomic_read(&ask->nokey_refcnt)) 213 goto unlock_child; 214 215 psk = ask->parent; 216 pask = alg_sk(ask->parent); 217 tfm = pask->private; 218 219 err = -ENOKEY; 220 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 221 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 222 goto unlock; 223 224 atomic_dec(&pask->nokey_refcnt); 225 atomic_set(&ask->nokey_refcnt, 0); 226 227 err = 0; 228 229 unlock: 230 release_sock(psk); 231 unlock_child: 232 release_sock(sk); 233 234 return err; 235 } 236 237 static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 238 size_t size) 239 { 240 int err; 241 242 err = skcipher_check_key(sock); 243 if (err) 244 return err; 245 246 return skcipher_sendmsg(sock, msg, size); 247 } 248 249 static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page, 250 int offset, size_t size, int flags) 251 { 252 int err; 253 254 err = skcipher_check_key(sock); 255 if (err) 256 return err; 257 258 return af_alg_sendpage(sock, page, offset, size, flags); 259 } 260 261 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 262 size_t ignored, int flags) 263 { 264 int err; 265 266 err = skcipher_check_key(sock); 267 if (err) 268 return err; 269 270 return skcipher_recvmsg(sock, msg, ignored, flags); 271 } 272 273 static struct proto_ops algif_skcipher_ops_nokey = { 274 .family = PF_ALG, 275 276 .connect = sock_no_connect, 277 .socketpair = sock_no_socketpair, 278 .getname = sock_no_getname, 279 .ioctl = sock_no_ioctl, 280 .listen = sock_no_listen, 281 .shutdown = sock_no_shutdown, 282 .mmap = sock_no_mmap, 283 .bind = sock_no_bind, 284 .accept = sock_no_accept, 285 286 .release = af_alg_release, 287 .sendmsg = skcipher_sendmsg_nokey, 288 .sendpage = skcipher_sendpage_nokey, 289 .recvmsg = skcipher_recvmsg_nokey, 290 .poll = af_alg_poll, 291 }; 292 293 static void *skcipher_bind(const char *name, u32 type, u32 mask) 294 { 295 return crypto_alloc_skcipher(name, type, mask); 296 } 297 298 static void skcipher_release(void *private) 299 { 300 crypto_free_skcipher(private); 301 } 302 303 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) 304 { 305 return crypto_skcipher_setkey(private, key, keylen); 306 } 307 308 static void skcipher_sock_destruct(struct sock *sk) 309 { 310 struct alg_sock *ask = alg_sk(sk); 311 struct af_alg_ctx *ctx = ask->private; 312 struct sock *psk = ask->parent; 313 struct alg_sock *pask = alg_sk(psk); 314 struct crypto_skcipher *tfm = pask->private; 315 316 af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 317 sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); 318 sock_kfree_s(sk, ctx, ctx->len); 319 af_alg_release_parent(sk); 320 } 321 322 static int skcipher_accept_parent_nokey(void *private, struct sock *sk) 323 { 324 struct af_alg_ctx *ctx; 325 struct alg_sock *ask = alg_sk(sk); 326 struct crypto_skcipher *tfm = private; 327 unsigned int len = sizeof(*ctx); 328 329 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 330 if (!ctx) 331 return -ENOMEM; 332 memset(ctx, 0, len); 333 334 ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm), 335 GFP_KERNEL); 336 if (!ctx->iv) { 337 sock_kfree_s(sk, ctx, len); 338 return -ENOMEM; 339 } 340 memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm)); 341 342 INIT_LIST_HEAD(&ctx->tsgl_list); 343 ctx->len = len; 344 crypto_init_wait(&ctx->wait); 345 346 ask->private = ctx; 347 348 sk->sk_destruct = skcipher_sock_destruct; 349 350 return 0; 351 } 352 353 static int skcipher_accept_parent(void *private, struct sock *sk) 354 { 355 struct crypto_skcipher *tfm = private; 356 357 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 358 return -ENOKEY; 359 360 return skcipher_accept_parent_nokey(private, sk); 361 } 362 363 static const struct af_alg_type algif_type_skcipher = { 364 .bind = skcipher_bind, 365 .release = skcipher_release, 366 .setkey = skcipher_setkey, 367 .accept = skcipher_accept_parent, 368 .accept_nokey = skcipher_accept_parent_nokey, 369 .ops = &algif_skcipher_ops, 370 .ops_nokey = &algif_skcipher_ops_nokey, 371 .name = "skcipher", 372 .owner = THIS_MODULE 373 }; 374 375 static int __init algif_skcipher_init(void) 376 { 377 return af_alg_register_type(&algif_type_skcipher); 378 } 379 380 static void __exit algif_skcipher_exit(void) 381 { 382 int err = af_alg_unregister_type(&algif_type_skcipher); 383 BUG_ON(err); 384 } 385 386 module_init(algif_skcipher_init); 387 module_exit(algif_skcipher_exit); 388 MODULE_LICENSE("GPL"); 389