xref: /openbmc/linux/crypto/algif_skcipher.c (revision 60772e48)
1 /*
2  * algif_skcipher: User-space interface for skcipher algorithms
3  *
4  * This file provides the user-space API for symmetric key ciphers.
5  *
6  * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms of the GNU General Public License as published by the Free
10  * Software Foundation; either version 2 of the License, or (at your option)
11  * any later version.
12  *
13  * The following concept of the memory management is used:
14  *
15  * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
16  * filled by user space with the data submitted via sendpage/sendmsg. Filling
17  * up the TX SGL does not cause a crypto operation -- the data will only be
18  * tracked by the kernel. Upon receipt of one recvmsg call, the caller must
19  * provide a buffer which is tracked with the RX SGL.
20  *
21  * During the processing of the recvmsg operation, the cipher request is
22  * allocated and prepared. As part of the recvmsg operation, the processed
23  * TX buffers are extracted from the TX SGL into a separate SGL.
24  *
25  * After the completion of the crypto operation, the RX SGL and the cipher
26  * request is released. The extracted TX SGL parts are released together with
27  * the RX SGL release.
28  */
29 
30 #include <crypto/scatterwalk.h>
31 #include <crypto/skcipher.h>
32 #include <crypto/if_alg.h>
33 #include <linux/init.h>
34 #include <linux/list.h>
35 #include <linux/kernel.h>
36 #include <linux/mm.h>
37 #include <linux/module.h>
38 #include <linux/net.h>
39 #include <net/sock.h>
40 
41 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
42 			    size_t size)
43 {
44 	struct sock *sk = sock->sk;
45 	struct alg_sock *ask = alg_sk(sk);
46 	struct sock *psk = ask->parent;
47 	struct alg_sock *pask = alg_sk(psk);
48 	struct crypto_skcipher *tfm = pask->private;
49 	unsigned ivsize = crypto_skcipher_ivsize(tfm);
50 
51 	return af_alg_sendmsg(sock, msg, size, ivsize);
52 }
53 
54 static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
55 			     size_t ignored, int flags)
56 {
57 	struct sock *sk = sock->sk;
58 	struct alg_sock *ask = alg_sk(sk);
59 	struct sock *psk = ask->parent;
60 	struct alg_sock *pask = alg_sk(psk);
61 	struct af_alg_ctx *ctx = ask->private;
62 	struct crypto_skcipher *tfm = pask->private;
63 	unsigned int bs = crypto_skcipher_blocksize(tfm);
64 	struct af_alg_async_req *areq;
65 	int err = 0;
66 	size_t len = 0;
67 
68 	if (!ctx->used) {
69 		err = af_alg_wait_for_data(sk, flags);
70 		if (err)
71 			return err;
72 	}
73 
74 	/* Allocate cipher request for current operation. */
75 	areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
76 				     crypto_skcipher_reqsize(tfm));
77 	if (IS_ERR(areq))
78 		return PTR_ERR(areq);
79 
80 	/* convert iovecs of output buffers into RX SGL */
81 	err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len);
82 	if (err)
83 		goto free;
84 
85 	/* Process only as much RX buffers for which we have TX data */
86 	if (len > ctx->used)
87 		len = ctx->used;
88 
89 	/*
90 	 * If more buffers are to be expected to be processed, process only
91 	 * full block size buffers.
92 	 */
93 	if (ctx->more || len < ctx->used)
94 		len -= len % bs;
95 
96 	/*
97 	 * Create a per request TX SGL for this request which tracks the
98 	 * SG entries from the global TX SGL.
99 	 */
100 	areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0);
101 	if (!areq->tsgl_entries)
102 		areq->tsgl_entries = 1;
103 	areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * areq->tsgl_entries,
104 				  GFP_KERNEL);
105 	if (!areq->tsgl) {
106 		err = -ENOMEM;
107 		goto free;
108 	}
109 	sg_init_table(areq->tsgl, areq->tsgl_entries);
110 	af_alg_pull_tsgl(sk, len, areq->tsgl, 0);
111 
112 	/* Initialize the crypto operation */
113 	skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm);
114 	skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl,
115 				   areq->first_rsgl.sgl.sg, len, ctx->iv);
116 
117 	if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
118 		/* AIO operation */
119 		sock_hold(sk);
120 		areq->iocb = msg->msg_iocb;
121 
122 		/* Remember output size that will be generated. */
123 		areq->outlen = len;
124 
125 		skcipher_request_set_callback(&areq->cra_u.skcipher_req,
126 					      CRYPTO_TFM_REQ_MAY_SLEEP,
127 					      af_alg_async_cb, areq);
128 		err = ctx->enc ?
129 			crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) :
130 			crypto_skcipher_decrypt(&areq->cra_u.skcipher_req);
131 
132 		/* AIO operation in progress */
133 		if (err == -EINPROGRESS || err == -EBUSY)
134 			return -EIOCBQUEUED;
135 
136 		sock_put(sk);
137 	} else {
138 		/* Synchronous operation */
139 		skcipher_request_set_callback(&areq->cra_u.skcipher_req,
140 					      CRYPTO_TFM_REQ_MAY_SLEEP |
141 					      CRYPTO_TFM_REQ_MAY_BACKLOG,
142 					      crypto_req_done, &ctx->wait);
143 		err = crypto_wait_req(ctx->enc ?
144 			crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) :
145 			crypto_skcipher_decrypt(&areq->cra_u.skcipher_req),
146 						 &ctx->wait);
147 	}
148 
149 
150 free:
151 	af_alg_free_resources(areq);
152 
153 	return err ? err : len;
154 }
155 
156 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
157 			    size_t ignored, int flags)
158 {
159 	struct sock *sk = sock->sk;
160 	int ret = 0;
161 
162 	lock_sock(sk);
163 	while (msg_data_left(msg)) {
164 		int err = _skcipher_recvmsg(sock, msg, ignored, flags);
165 
166 		/*
167 		 * This error covers -EIOCBQUEUED which implies that we can
168 		 * only handle one AIO request. If the caller wants to have
169 		 * multiple AIO requests in parallel, he must make multiple
170 		 * separate AIO calls.
171 		 *
172 		 * Also return the error if no data has been processed so far.
173 		 */
174 		if (err <= 0) {
175 			if (err == -EIOCBQUEUED || !ret)
176 				ret = err;
177 			goto out;
178 		}
179 
180 		ret += err;
181 	}
182 
183 out:
184 	af_alg_wmem_wakeup(sk);
185 	release_sock(sk);
186 	return ret;
187 }
188 
189 static struct proto_ops algif_skcipher_ops = {
190 	.family		=	PF_ALG,
191 
192 	.connect	=	sock_no_connect,
193 	.socketpair	=	sock_no_socketpair,
194 	.getname	=	sock_no_getname,
195 	.ioctl		=	sock_no_ioctl,
196 	.listen		=	sock_no_listen,
197 	.shutdown	=	sock_no_shutdown,
198 	.getsockopt	=	sock_no_getsockopt,
199 	.mmap		=	sock_no_mmap,
200 	.bind		=	sock_no_bind,
201 	.accept		=	sock_no_accept,
202 	.setsockopt	=	sock_no_setsockopt,
203 
204 	.release	=	af_alg_release,
205 	.sendmsg	=	skcipher_sendmsg,
206 	.sendpage	=	af_alg_sendpage,
207 	.recvmsg	=	skcipher_recvmsg,
208 	.poll		=	af_alg_poll,
209 };
210 
211 static int skcipher_check_key(struct socket *sock)
212 {
213 	int err = 0;
214 	struct sock *psk;
215 	struct alg_sock *pask;
216 	struct crypto_skcipher *tfm;
217 	struct sock *sk = sock->sk;
218 	struct alg_sock *ask = alg_sk(sk);
219 
220 	lock_sock(sk);
221 	if (ask->refcnt)
222 		goto unlock_child;
223 
224 	psk = ask->parent;
225 	pask = alg_sk(ask->parent);
226 	tfm = pask->private;
227 
228 	err = -ENOKEY;
229 	lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
230 	if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
231 		goto unlock;
232 
233 	if (!pask->refcnt++)
234 		sock_hold(psk);
235 
236 	ask->refcnt = 1;
237 	sock_put(psk);
238 
239 	err = 0;
240 
241 unlock:
242 	release_sock(psk);
243 unlock_child:
244 	release_sock(sk);
245 
246 	return err;
247 }
248 
249 static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
250 				  size_t size)
251 {
252 	int err;
253 
254 	err = skcipher_check_key(sock);
255 	if (err)
256 		return err;
257 
258 	return skcipher_sendmsg(sock, msg, size);
259 }
260 
261 static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
262 				       int offset, size_t size, int flags)
263 {
264 	int err;
265 
266 	err = skcipher_check_key(sock);
267 	if (err)
268 		return err;
269 
270 	return af_alg_sendpage(sock, page, offset, size, flags);
271 }
272 
273 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
274 				  size_t ignored, int flags)
275 {
276 	int err;
277 
278 	err = skcipher_check_key(sock);
279 	if (err)
280 		return err;
281 
282 	return skcipher_recvmsg(sock, msg, ignored, flags);
283 }
284 
285 static struct proto_ops algif_skcipher_ops_nokey = {
286 	.family		=	PF_ALG,
287 
288 	.connect	=	sock_no_connect,
289 	.socketpair	=	sock_no_socketpair,
290 	.getname	=	sock_no_getname,
291 	.ioctl		=	sock_no_ioctl,
292 	.listen		=	sock_no_listen,
293 	.shutdown	=	sock_no_shutdown,
294 	.getsockopt	=	sock_no_getsockopt,
295 	.mmap		=	sock_no_mmap,
296 	.bind		=	sock_no_bind,
297 	.accept		=	sock_no_accept,
298 	.setsockopt	=	sock_no_setsockopt,
299 
300 	.release	=	af_alg_release,
301 	.sendmsg	=	skcipher_sendmsg_nokey,
302 	.sendpage	=	skcipher_sendpage_nokey,
303 	.recvmsg	=	skcipher_recvmsg_nokey,
304 	.poll		=	af_alg_poll,
305 };
306 
307 static void *skcipher_bind(const char *name, u32 type, u32 mask)
308 {
309 	return crypto_alloc_skcipher(name, type, mask);
310 }
311 
312 static void skcipher_release(void *private)
313 {
314 	crypto_free_skcipher(private);
315 }
316 
317 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
318 {
319 	return crypto_skcipher_setkey(private, key, keylen);
320 }
321 
322 static void skcipher_sock_destruct(struct sock *sk)
323 {
324 	struct alg_sock *ask = alg_sk(sk);
325 	struct af_alg_ctx *ctx = ask->private;
326 	struct sock *psk = ask->parent;
327 	struct alg_sock *pask = alg_sk(psk);
328 	struct crypto_skcipher *tfm = pask->private;
329 
330 	af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
331 	sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
332 	sock_kfree_s(sk, ctx, ctx->len);
333 	af_alg_release_parent(sk);
334 }
335 
336 static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
337 {
338 	struct af_alg_ctx *ctx;
339 	struct alg_sock *ask = alg_sk(sk);
340 	struct crypto_skcipher *tfm = private;
341 	unsigned int len = sizeof(*ctx);
342 
343 	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
344 	if (!ctx)
345 		return -ENOMEM;
346 
347 	ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm),
348 			       GFP_KERNEL);
349 	if (!ctx->iv) {
350 		sock_kfree_s(sk, ctx, len);
351 		return -ENOMEM;
352 	}
353 
354 	memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm));
355 
356 	INIT_LIST_HEAD(&ctx->tsgl_list);
357 	ctx->len = len;
358 	ctx->used = 0;
359 	atomic_set(&ctx->rcvused, 0);
360 	ctx->more = 0;
361 	ctx->merge = 0;
362 	ctx->enc = 0;
363 	crypto_init_wait(&ctx->wait);
364 
365 	ask->private = ctx;
366 
367 	sk->sk_destruct = skcipher_sock_destruct;
368 
369 	return 0;
370 }
371 
372 static int skcipher_accept_parent(void *private, struct sock *sk)
373 {
374 	struct crypto_skcipher *tfm = private;
375 
376 	if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
377 		return -ENOKEY;
378 
379 	return skcipher_accept_parent_nokey(private, sk);
380 }
381 
382 static const struct af_alg_type algif_type_skcipher = {
383 	.bind		=	skcipher_bind,
384 	.release	=	skcipher_release,
385 	.setkey		=	skcipher_setkey,
386 	.accept		=	skcipher_accept_parent,
387 	.accept_nokey	=	skcipher_accept_parent_nokey,
388 	.ops		=	&algif_skcipher_ops,
389 	.ops_nokey	=	&algif_skcipher_ops_nokey,
390 	.name		=	"skcipher",
391 	.owner		=	THIS_MODULE
392 };
393 
394 static int __init algif_skcipher_init(void)
395 {
396 	return af_alg_register_type(&algif_type_skcipher);
397 }
398 
399 static void __exit algif_skcipher_exit(void)
400 {
401 	int err = af_alg_unregister_type(&algif_type_skcipher);
402 	BUG_ON(err);
403 }
404 
405 module_init(algif_skcipher_init);
406 module_exit(algif_skcipher_exit);
407 MODULE_LICENSE("GPL");
408