1 /* 2 * algif_skcipher: User-space interface for skcipher algorithms 3 * 4 * This file provides the user-space API for symmetric key ciphers. 5 * 6 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License as published by the Free 10 * Software Foundation; either version 2 of the License, or (at your option) 11 * any later version. 12 * 13 * The following concept of the memory management is used: 14 * 15 * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 16 * filled by user space with the data submitted via sendpage/sendmsg. Filling 17 * up the TX SGL does not cause a crypto operation -- the data will only be 18 * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 19 * provide a buffer which is tracked with the RX SGL. 20 * 21 * During the processing of the recvmsg operation, the cipher request is 22 * allocated and prepared. As part of the recvmsg operation, the processed 23 * TX buffers are extracted from the TX SGL into a separate SGL. 24 * 25 * After the completion of the crypto operation, the RX SGL and the cipher 26 * request is released. The extracted TX SGL parts are released together with 27 * the RX SGL release. 28 */ 29 30 #include <crypto/scatterwalk.h> 31 #include <crypto/skcipher.h> 32 #include <crypto/if_alg.h> 33 #include <linux/init.h> 34 #include <linux/list.h> 35 #include <linux/kernel.h> 36 #include <linux/mm.h> 37 #include <linux/module.h> 38 #include <linux/net.h> 39 #include <net/sock.h> 40 41 struct skcipher_tfm { 42 struct crypto_skcipher *skcipher; 43 bool has_key; 44 }; 45 46 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, 47 size_t size) 48 { 49 struct sock *sk = sock->sk; 50 struct alg_sock *ask = alg_sk(sk); 51 struct sock *psk = ask->parent; 52 struct alg_sock *pask = alg_sk(psk); 53 struct skcipher_tfm *skc = pask->private; 54 struct crypto_skcipher *tfm = skc->skcipher; 55 unsigned ivsize = crypto_skcipher_ivsize(tfm); 56 57 return af_alg_sendmsg(sock, msg, size, ivsize); 58 } 59 60 static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 61 size_t ignored, int flags) 62 { 63 struct sock *sk = sock->sk; 64 struct alg_sock *ask = alg_sk(sk); 65 struct sock *psk = ask->parent; 66 struct alg_sock *pask = alg_sk(psk); 67 struct af_alg_ctx *ctx = ask->private; 68 struct skcipher_tfm *skc = pask->private; 69 struct crypto_skcipher *tfm = skc->skcipher; 70 unsigned int bs = crypto_skcipher_blocksize(tfm); 71 struct af_alg_async_req *areq; 72 int err = 0; 73 size_t len = 0; 74 75 /* Allocate cipher request for current operation. */ 76 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 77 crypto_skcipher_reqsize(tfm)); 78 if (IS_ERR(areq)) 79 return PTR_ERR(areq); 80 81 /* convert iovecs of output buffers into RX SGL */ 82 err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); 83 if (err) 84 goto free; 85 86 /* Process only as much RX buffers for which we have TX data */ 87 if (len > ctx->used) 88 len = ctx->used; 89 90 /* 91 * If more buffers are to be expected to be processed, process only 92 * full block size buffers. 93 */ 94 if (ctx->more || len < ctx->used) 95 len -= len % bs; 96 97 /* 98 * Create a per request TX SGL for this request which tracks the 99 * SG entries from the global TX SGL. 100 */ 101 areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); 102 if (!areq->tsgl_entries) 103 areq->tsgl_entries = 1; 104 areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * areq->tsgl_entries, 105 GFP_KERNEL); 106 if (!areq->tsgl) { 107 err = -ENOMEM; 108 goto free; 109 } 110 sg_init_table(areq->tsgl, areq->tsgl_entries); 111 af_alg_pull_tsgl(sk, len, areq->tsgl, 0); 112 113 /* Initialize the crypto operation */ 114 skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); 115 skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, 116 areq->first_rsgl.sgl.sg, len, ctx->iv); 117 118 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 119 /* AIO operation */ 120 areq->iocb = msg->msg_iocb; 121 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 122 CRYPTO_TFM_REQ_MAY_SLEEP, 123 af_alg_async_cb, areq); 124 err = ctx->enc ? 125 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 126 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 127 } else { 128 /* Synchronous operation */ 129 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 130 CRYPTO_TFM_REQ_MAY_SLEEP | 131 CRYPTO_TFM_REQ_MAY_BACKLOG, 132 crypto_req_done, &ctx->wait); 133 err = crypto_wait_req(ctx->enc ? 134 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 135 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req), 136 &ctx->wait); 137 } 138 139 /* AIO operation in progress */ 140 if (err == -EINPROGRESS) { 141 sock_hold(sk); 142 143 /* Remember output size that will be generated. */ 144 areq->outlen = len; 145 146 return -EIOCBQUEUED; 147 } 148 149 free: 150 af_alg_free_areq_sgls(areq); 151 sock_kfree_s(sk, areq, areq->areqlen); 152 153 return err ? err : len; 154 } 155 156 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 157 size_t ignored, int flags) 158 { 159 struct sock *sk = sock->sk; 160 int ret = 0; 161 162 lock_sock(sk); 163 while (msg_data_left(msg)) { 164 int err = _skcipher_recvmsg(sock, msg, ignored, flags); 165 166 /* 167 * This error covers -EIOCBQUEUED which implies that we can 168 * only handle one AIO request. If the caller wants to have 169 * multiple AIO requests in parallel, he must make multiple 170 * separate AIO calls. 171 * 172 * Also return the error if no data has been processed so far. 173 */ 174 if (err <= 0) { 175 if (err == -EIOCBQUEUED || !ret) 176 ret = err; 177 goto out; 178 } 179 180 ret += err; 181 } 182 183 out: 184 af_alg_wmem_wakeup(sk); 185 release_sock(sk); 186 return ret; 187 } 188 189 190 static struct proto_ops algif_skcipher_ops = { 191 .family = PF_ALG, 192 193 .connect = sock_no_connect, 194 .socketpair = sock_no_socketpair, 195 .getname = sock_no_getname, 196 .ioctl = sock_no_ioctl, 197 .listen = sock_no_listen, 198 .shutdown = sock_no_shutdown, 199 .getsockopt = sock_no_getsockopt, 200 .mmap = sock_no_mmap, 201 .bind = sock_no_bind, 202 .accept = sock_no_accept, 203 .setsockopt = sock_no_setsockopt, 204 205 .release = af_alg_release, 206 .sendmsg = skcipher_sendmsg, 207 .sendpage = af_alg_sendpage, 208 .recvmsg = skcipher_recvmsg, 209 .poll = af_alg_poll, 210 }; 211 212 static int skcipher_check_key(struct socket *sock) 213 { 214 int err = 0; 215 struct sock *psk; 216 struct alg_sock *pask; 217 struct skcipher_tfm *tfm; 218 struct sock *sk = sock->sk; 219 struct alg_sock *ask = alg_sk(sk); 220 221 lock_sock(sk); 222 if (ask->refcnt) 223 goto unlock_child; 224 225 psk = ask->parent; 226 pask = alg_sk(ask->parent); 227 tfm = pask->private; 228 229 err = -ENOKEY; 230 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 231 if (!tfm->has_key) 232 goto unlock; 233 234 if (!pask->refcnt++) 235 sock_hold(psk); 236 237 ask->refcnt = 1; 238 sock_put(psk); 239 240 err = 0; 241 242 unlock: 243 release_sock(psk); 244 unlock_child: 245 release_sock(sk); 246 247 return err; 248 } 249 250 static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 251 size_t size) 252 { 253 int err; 254 255 err = skcipher_check_key(sock); 256 if (err) 257 return err; 258 259 return skcipher_sendmsg(sock, msg, size); 260 } 261 262 static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page, 263 int offset, size_t size, int flags) 264 { 265 int err; 266 267 err = skcipher_check_key(sock); 268 if (err) 269 return err; 270 271 return af_alg_sendpage(sock, page, offset, size, flags); 272 } 273 274 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 275 size_t ignored, int flags) 276 { 277 int err; 278 279 err = skcipher_check_key(sock); 280 if (err) 281 return err; 282 283 return skcipher_recvmsg(sock, msg, ignored, flags); 284 } 285 286 static struct proto_ops algif_skcipher_ops_nokey = { 287 .family = PF_ALG, 288 289 .connect = sock_no_connect, 290 .socketpair = sock_no_socketpair, 291 .getname = sock_no_getname, 292 .ioctl = sock_no_ioctl, 293 .listen = sock_no_listen, 294 .shutdown = sock_no_shutdown, 295 .getsockopt = sock_no_getsockopt, 296 .mmap = sock_no_mmap, 297 .bind = sock_no_bind, 298 .accept = sock_no_accept, 299 .setsockopt = sock_no_setsockopt, 300 301 .release = af_alg_release, 302 .sendmsg = skcipher_sendmsg_nokey, 303 .sendpage = skcipher_sendpage_nokey, 304 .recvmsg = skcipher_recvmsg_nokey, 305 .poll = af_alg_poll, 306 }; 307 308 static void *skcipher_bind(const char *name, u32 type, u32 mask) 309 { 310 struct skcipher_tfm *tfm; 311 struct crypto_skcipher *skcipher; 312 313 tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); 314 if (!tfm) 315 return ERR_PTR(-ENOMEM); 316 317 skcipher = crypto_alloc_skcipher(name, type, mask); 318 if (IS_ERR(skcipher)) { 319 kfree(tfm); 320 return ERR_CAST(skcipher); 321 } 322 323 tfm->skcipher = skcipher; 324 325 return tfm; 326 } 327 328 static void skcipher_release(void *private) 329 { 330 struct skcipher_tfm *tfm = private; 331 332 crypto_free_skcipher(tfm->skcipher); 333 kfree(tfm); 334 } 335 336 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) 337 { 338 struct skcipher_tfm *tfm = private; 339 int err; 340 341 err = crypto_skcipher_setkey(tfm->skcipher, key, keylen); 342 tfm->has_key = !err; 343 344 return err; 345 } 346 347 static void skcipher_sock_destruct(struct sock *sk) 348 { 349 struct alg_sock *ask = alg_sk(sk); 350 struct af_alg_ctx *ctx = ask->private; 351 struct sock *psk = ask->parent; 352 struct alg_sock *pask = alg_sk(psk); 353 struct skcipher_tfm *skc = pask->private; 354 struct crypto_skcipher *tfm = skc->skcipher; 355 356 af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 357 sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); 358 sock_kfree_s(sk, ctx, ctx->len); 359 af_alg_release_parent(sk); 360 } 361 362 static int skcipher_accept_parent_nokey(void *private, struct sock *sk) 363 { 364 struct af_alg_ctx *ctx; 365 struct alg_sock *ask = alg_sk(sk); 366 struct skcipher_tfm *tfm = private; 367 struct crypto_skcipher *skcipher = tfm->skcipher; 368 unsigned int len = sizeof(*ctx); 369 370 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 371 if (!ctx) 372 return -ENOMEM; 373 374 ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher), 375 GFP_KERNEL); 376 if (!ctx->iv) { 377 sock_kfree_s(sk, ctx, len); 378 return -ENOMEM; 379 } 380 381 memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher)); 382 383 INIT_LIST_HEAD(&ctx->tsgl_list); 384 ctx->len = len; 385 ctx->used = 0; 386 ctx->rcvused = 0; 387 ctx->more = 0; 388 ctx->merge = 0; 389 ctx->enc = 0; 390 crypto_init_wait(&ctx->wait); 391 392 ask->private = ctx; 393 394 sk->sk_destruct = skcipher_sock_destruct; 395 396 return 0; 397 } 398 399 static int skcipher_accept_parent(void *private, struct sock *sk) 400 { 401 struct skcipher_tfm *tfm = private; 402 403 if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher)) 404 return -ENOKEY; 405 406 return skcipher_accept_parent_nokey(private, sk); 407 } 408 409 static const struct af_alg_type algif_type_skcipher = { 410 .bind = skcipher_bind, 411 .release = skcipher_release, 412 .setkey = skcipher_setkey, 413 .accept = skcipher_accept_parent, 414 .accept_nokey = skcipher_accept_parent_nokey, 415 .ops = &algif_skcipher_ops, 416 .ops_nokey = &algif_skcipher_ops_nokey, 417 .name = "skcipher", 418 .owner = THIS_MODULE 419 }; 420 421 static int __init algif_skcipher_init(void) 422 { 423 return af_alg_register_type(&algif_type_skcipher); 424 } 425 426 static void __exit algif_skcipher_exit(void) 427 { 428 int err = af_alg_unregister_type(&algif_type_skcipher); 429 BUG_ON(err); 430 } 431 432 module_init(algif_skcipher_init); 433 module_exit(algif_skcipher_exit); 434 MODULE_LICENSE("GPL"); 435