1 /* 2 * algif_skcipher: User-space interface for skcipher algorithms 3 * 4 * This file provides the user-space API for symmetric key ciphers. 5 * 6 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License as published by the Free 10 * Software Foundation; either version 2 of the License, or (at your option) 11 * any later version. 12 * 13 * The following concept of the memory management is used: 14 * 15 * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 16 * filled by user space with the data submitted via sendpage/sendmsg. Filling 17 * up the TX SGL does not cause a crypto operation -- the data will only be 18 * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 19 * provide a buffer which is tracked with the RX SGL. 20 * 21 * During the processing of the recvmsg operation, the cipher request is 22 * allocated and prepared. As part of the recvmsg operation, the processed 23 * TX buffers are extracted from the TX SGL into a separate SGL. 24 * 25 * After the completion of the crypto operation, the RX SGL and the cipher 26 * request is released. The extracted TX SGL parts are released together with 27 * the RX SGL release. 28 */ 29 30 #include <crypto/scatterwalk.h> 31 #include <crypto/skcipher.h> 32 #include <crypto/if_alg.h> 33 #include <linux/init.h> 34 #include <linux/list.h> 35 #include <linux/kernel.h> 36 #include <linux/mm.h> 37 #include <linux/module.h> 38 #include <linux/net.h> 39 #include <net/sock.h> 40 41 struct skcipher_tfm { 42 struct crypto_skcipher *skcipher; 43 bool has_key; 44 }; 45 46 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, 47 size_t size) 48 { 49 struct sock *sk = sock->sk; 50 struct alg_sock *ask = alg_sk(sk); 51 struct sock *psk = ask->parent; 52 struct alg_sock *pask = alg_sk(psk); 53 struct skcipher_tfm *skc = pask->private; 54 struct crypto_skcipher *tfm = skc->skcipher; 55 unsigned ivsize = crypto_skcipher_ivsize(tfm); 56 57 return af_alg_sendmsg(sock, msg, size, ivsize); 58 } 59 60 static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 61 size_t ignored, int flags) 62 { 63 struct sock *sk = sock->sk; 64 struct alg_sock *ask = alg_sk(sk); 65 struct sock *psk = ask->parent; 66 struct alg_sock *pask = alg_sk(psk); 67 struct af_alg_ctx *ctx = ask->private; 68 struct skcipher_tfm *skc = pask->private; 69 struct crypto_skcipher *tfm = skc->skcipher; 70 unsigned int bs = crypto_skcipher_blocksize(tfm); 71 struct af_alg_async_req *areq; 72 int err = 0; 73 size_t len = 0; 74 75 /* Allocate cipher request for current operation. */ 76 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 77 crypto_skcipher_reqsize(tfm)); 78 if (IS_ERR(areq)) 79 return PTR_ERR(areq); 80 81 /* convert iovecs of output buffers into RX SGL */ 82 err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); 83 if (err) 84 goto free; 85 86 /* Process only as much RX buffers for which we have TX data */ 87 if (len > ctx->used) 88 len = ctx->used; 89 90 /* 91 * If more buffers are to be expected to be processed, process only 92 * full block size buffers. 93 */ 94 if (ctx->more || len < ctx->used) 95 len -= len % bs; 96 97 /* 98 * Create a per request TX SGL for this request which tracks the 99 * SG entries from the global TX SGL. 100 */ 101 areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); 102 if (!areq->tsgl_entries) 103 areq->tsgl_entries = 1; 104 areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * areq->tsgl_entries, 105 GFP_KERNEL); 106 if (!areq->tsgl) { 107 err = -ENOMEM; 108 goto free; 109 } 110 sg_init_table(areq->tsgl, areq->tsgl_entries); 111 af_alg_pull_tsgl(sk, len, areq->tsgl, 0); 112 113 /* Initialize the crypto operation */ 114 skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); 115 skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, 116 areq->first_rsgl.sgl.sg, len, ctx->iv); 117 118 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 119 /* AIO operation */ 120 areq->iocb = msg->msg_iocb; 121 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 122 CRYPTO_TFM_REQ_MAY_SLEEP, 123 af_alg_async_cb, areq); 124 err = ctx->enc ? 125 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 126 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 127 } else { 128 /* Synchronous operation */ 129 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 130 CRYPTO_TFM_REQ_MAY_SLEEP | 131 CRYPTO_TFM_REQ_MAY_BACKLOG, 132 crypto_req_done, &ctx->wait); 133 err = crypto_wait_req(ctx->enc ? 134 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 135 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req), 136 &ctx->wait); 137 } 138 139 /* AIO operation in progress */ 140 if (err == -EINPROGRESS) { 141 sock_hold(sk); 142 143 /* Remember output size that will be generated. */ 144 areq->outlen = len; 145 146 return -EIOCBQUEUED; 147 } 148 149 free: 150 af_alg_free_areq_sgls(areq); 151 sock_kfree_s(sk, areq, areq->areqlen); 152 153 return err ? err : len; 154 } 155 156 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 157 size_t ignored, int flags) 158 { 159 struct sock *sk = sock->sk; 160 int ret = 0; 161 162 lock_sock(sk); 163 while (msg_data_left(msg)) { 164 int err = _skcipher_recvmsg(sock, msg, ignored, flags); 165 166 /* 167 * This error covers -EIOCBQUEUED which implies that we can 168 * only handle one AIO request. If the caller wants to have 169 * multiple AIO requests in parallel, he must make multiple 170 * separate AIO calls. 171 * 172 * Also return the error if no data has been processed so far. 173 */ 174 if (err <= 0) { 175 if (err == -EIOCBQUEUED || !ret) 176 ret = err; 177 goto out; 178 } 179 180 ret += err; 181 } 182 183 out: 184 af_alg_wmem_wakeup(sk); 185 release_sock(sk); 186 return ret; 187 } 188 189 static struct proto_ops algif_skcipher_ops = { 190 .family = PF_ALG, 191 192 .connect = sock_no_connect, 193 .socketpair = sock_no_socketpair, 194 .getname = sock_no_getname, 195 .ioctl = sock_no_ioctl, 196 .listen = sock_no_listen, 197 .shutdown = sock_no_shutdown, 198 .getsockopt = sock_no_getsockopt, 199 .mmap = sock_no_mmap, 200 .bind = sock_no_bind, 201 .accept = sock_no_accept, 202 .setsockopt = sock_no_setsockopt, 203 204 .release = af_alg_release, 205 .sendmsg = skcipher_sendmsg, 206 .sendpage = af_alg_sendpage, 207 .recvmsg = skcipher_recvmsg, 208 .poll = af_alg_poll, 209 }; 210 211 static int skcipher_check_key(struct socket *sock) 212 { 213 int err = 0; 214 struct sock *psk; 215 struct alg_sock *pask; 216 struct skcipher_tfm *tfm; 217 struct sock *sk = sock->sk; 218 struct alg_sock *ask = alg_sk(sk); 219 220 lock_sock(sk); 221 if (ask->refcnt) 222 goto unlock_child; 223 224 psk = ask->parent; 225 pask = alg_sk(ask->parent); 226 tfm = pask->private; 227 228 err = -ENOKEY; 229 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 230 if (!tfm->has_key) 231 goto unlock; 232 233 if (!pask->refcnt++) 234 sock_hold(psk); 235 236 ask->refcnt = 1; 237 sock_put(psk); 238 239 err = 0; 240 241 unlock: 242 release_sock(psk); 243 unlock_child: 244 release_sock(sk); 245 246 return err; 247 } 248 249 static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 250 size_t size) 251 { 252 int err; 253 254 err = skcipher_check_key(sock); 255 if (err) 256 return err; 257 258 return skcipher_sendmsg(sock, msg, size); 259 } 260 261 static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page, 262 int offset, size_t size, int flags) 263 { 264 int err; 265 266 err = skcipher_check_key(sock); 267 if (err) 268 return err; 269 270 return af_alg_sendpage(sock, page, offset, size, flags); 271 } 272 273 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 274 size_t ignored, int flags) 275 { 276 int err; 277 278 err = skcipher_check_key(sock); 279 if (err) 280 return err; 281 282 return skcipher_recvmsg(sock, msg, ignored, flags); 283 } 284 285 static struct proto_ops algif_skcipher_ops_nokey = { 286 .family = PF_ALG, 287 288 .connect = sock_no_connect, 289 .socketpair = sock_no_socketpair, 290 .getname = sock_no_getname, 291 .ioctl = sock_no_ioctl, 292 .listen = sock_no_listen, 293 .shutdown = sock_no_shutdown, 294 .getsockopt = sock_no_getsockopt, 295 .mmap = sock_no_mmap, 296 .bind = sock_no_bind, 297 .accept = sock_no_accept, 298 .setsockopt = sock_no_setsockopt, 299 300 .release = af_alg_release, 301 .sendmsg = skcipher_sendmsg_nokey, 302 .sendpage = skcipher_sendpage_nokey, 303 .recvmsg = skcipher_recvmsg_nokey, 304 .poll = af_alg_poll, 305 }; 306 307 static void *skcipher_bind(const char *name, u32 type, u32 mask) 308 { 309 struct skcipher_tfm *tfm; 310 struct crypto_skcipher *skcipher; 311 312 tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); 313 if (!tfm) 314 return ERR_PTR(-ENOMEM); 315 316 skcipher = crypto_alloc_skcipher(name, type, mask); 317 if (IS_ERR(skcipher)) { 318 kfree(tfm); 319 return ERR_CAST(skcipher); 320 } 321 322 tfm->skcipher = skcipher; 323 324 return tfm; 325 } 326 327 static void skcipher_release(void *private) 328 { 329 struct skcipher_tfm *tfm = private; 330 331 crypto_free_skcipher(tfm->skcipher); 332 kfree(tfm); 333 } 334 335 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) 336 { 337 struct skcipher_tfm *tfm = private; 338 int err; 339 340 err = crypto_skcipher_setkey(tfm->skcipher, key, keylen); 341 tfm->has_key = !err; 342 343 return err; 344 } 345 346 static void skcipher_sock_destruct(struct sock *sk) 347 { 348 struct alg_sock *ask = alg_sk(sk); 349 struct af_alg_ctx *ctx = ask->private; 350 struct sock *psk = ask->parent; 351 struct alg_sock *pask = alg_sk(psk); 352 struct skcipher_tfm *skc = pask->private; 353 struct crypto_skcipher *tfm = skc->skcipher; 354 355 af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 356 sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); 357 sock_kfree_s(sk, ctx, ctx->len); 358 af_alg_release_parent(sk); 359 } 360 361 static int skcipher_accept_parent_nokey(void *private, struct sock *sk) 362 { 363 struct af_alg_ctx *ctx; 364 struct alg_sock *ask = alg_sk(sk); 365 struct skcipher_tfm *tfm = private; 366 struct crypto_skcipher *skcipher = tfm->skcipher; 367 unsigned int len = sizeof(*ctx); 368 369 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 370 if (!ctx) 371 return -ENOMEM; 372 373 ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher), 374 GFP_KERNEL); 375 if (!ctx->iv) { 376 sock_kfree_s(sk, ctx, len); 377 return -ENOMEM; 378 } 379 380 memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher)); 381 382 INIT_LIST_HEAD(&ctx->tsgl_list); 383 ctx->len = len; 384 ctx->used = 0; 385 ctx->rcvused = 0; 386 ctx->more = 0; 387 ctx->merge = 0; 388 ctx->enc = 0; 389 crypto_init_wait(&ctx->wait); 390 391 ask->private = ctx; 392 393 sk->sk_destruct = skcipher_sock_destruct; 394 395 return 0; 396 } 397 398 static int skcipher_accept_parent(void *private, struct sock *sk) 399 { 400 struct skcipher_tfm *tfm = private; 401 402 if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher)) 403 return -ENOKEY; 404 405 return skcipher_accept_parent_nokey(private, sk); 406 } 407 408 static const struct af_alg_type algif_type_skcipher = { 409 .bind = skcipher_bind, 410 .release = skcipher_release, 411 .setkey = skcipher_setkey, 412 .accept = skcipher_accept_parent, 413 .accept_nokey = skcipher_accept_parent_nokey, 414 .ops = &algif_skcipher_ops, 415 .ops_nokey = &algif_skcipher_ops_nokey, 416 .name = "skcipher", 417 .owner = THIS_MODULE 418 }; 419 420 static int __init algif_skcipher_init(void) 421 { 422 return af_alg_register_type(&algif_type_skcipher); 423 } 424 425 static void __exit algif_skcipher_exit(void) 426 { 427 int err = af_alg_unregister_type(&algif_type_skcipher); 428 BUG_ON(err); 429 } 430 431 module_init(algif_skcipher_init); 432 module_exit(algif_skcipher_exit); 433 MODULE_LICENSE("GPL"); 434