1 /* 2 * algif_skcipher: User-space interface for skcipher algorithms 3 * 4 * This file provides the user-space API for symmetric key ciphers. 5 * 6 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License as published by the Free 10 * Software Foundation; either version 2 of the License, or (at your option) 11 * any later version. 12 * 13 * The following concept of the memory management is used: 14 * 15 * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 16 * filled by user space with the data submitted via sendpage/sendmsg. Filling 17 * up the TX SGL does not cause a crypto operation -- the data will only be 18 * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 19 * provide a buffer which is tracked with the RX SGL. 20 * 21 * During the processing of the recvmsg operation, the cipher request is 22 * allocated and prepared. As part of the recvmsg operation, the processed 23 * TX buffers are extracted from the TX SGL into a separate SGL. 24 * 25 * After the completion of the crypto operation, the RX SGL and the cipher 26 * request is released. The extracted TX SGL parts are released together with 27 * the RX SGL release. 28 */ 29 30 #include <crypto/scatterwalk.h> 31 #include <crypto/skcipher.h> 32 #include <crypto/if_alg.h> 33 #include <linux/init.h> 34 #include <linux/list.h> 35 #include <linux/kernel.h> 36 #include <linux/mm.h> 37 #include <linux/module.h> 38 #include <linux/net.h> 39 #include <net/sock.h> 40 41 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, 42 size_t size) 43 { 44 struct sock *sk = sock->sk; 45 struct alg_sock *ask = alg_sk(sk); 46 struct sock *psk = ask->parent; 47 struct alg_sock *pask = alg_sk(psk); 48 struct crypto_skcipher *tfm = pask->private; 49 unsigned ivsize = crypto_skcipher_ivsize(tfm); 50 51 return af_alg_sendmsg(sock, msg, size, ivsize); 52 } 53 54 static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 55 size_t ignored, int flags) 56 { 57 struct sock *sk = sock->sk; 58 struct alg_sock *ask = alg_sk(sk); 59 struct sock *psk = ask->parent; 60 struct alg_sock *pask = alg_sk(psk); 61 struct af_alg_ctx *ctx = ask->private; 62 struct crypto_skcipher *tfm = pask->private; 63 unsigned int bs = crypto_skcipher_blocksize(tfm); 64 struct af_alg_async_req *areq; 65 int err = 0; 66 size_t len = 0; 67 68 if (!ctx->used) { 69 err = af_alg_wait_for_data(sk, flags); 70 if (err) 71 return err; 72 } 73 74 /* Allocate cipher request for current operation. */ 75 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 76 crypto_skcipher_reqsize(tfm)); 77 if (IS_ERR(areq)) 78 return PTR_ERR(areq); 79 80 /* convert iovecs of output buffers into RX SGL */ 81 err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); 82 if (err) 83 goto free; 84 85 /* Process only as much RX buffers for which we have TX data */ 86 if (len > ctx->used) 87 len = ctx->used; 88 89 /* 90 * If more buffers are to be expected to be processed, process only 91 * full block size buffers. 92 */ 93 if (ctx->more || len < ctx->used) 94 len -= len % bs; 95 96 /* 97 * Create a per request TX SGL for this request which tracks the 98 * SG entries from the global TX SGL. 99 */ 100 areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); 101 if (!areq->tsgl_entries) 102 areq->tsgl_entries = 1; 103 areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), 104 areq->tsgl_entries), 105 GFP_KERNEL); 106 if (!areq->tsgl) { 107 err = -ENOMEM; 108 goto free; 109 } 110 sg_init_table(areq->tsgl, areq->tsgl_entries); 111 af_alg_pull_tsgl(sk, len, areq->tsgl, 0); 112 113 /* Initialize the crypto operation */ 114 skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); 115 skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, 116 areq->first_rsgl.sgl.sg, len, ctx->iv); 117 118 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 119 /* AIO operation */ 120 sock_hold(sk); 121 areq->iocb = msg->msg_iocb; 122 123 /* Remember output size that will be generated. */ 124 areq->outlen = len; 125 126 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 127 CRYPTO_TFM_REQ_MAY_SLEEP, 128 af_alg_async_cb, areq); 129 err = ctx->enc ? 130 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 131 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 132 133 /* AIO operation in progress */ 134 if (err == -EINPROGRESS || err == -EBUSY) 135 return -EIOCBQUEUED; 136 137 sock_put(sk); 138 } else { 139 /* Synchronous operation */ 140 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 141 CRYPTO_TFM_REQ_MAY_SLEEP | 142 CRYPTO_TFM_REQ_MAY_BACKLOG, 143 crypto_req_done, &ctx->wait); 144 err = crypto_wait_req(ctx->enc ? 145 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 146 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req), 147 &ctx->wait); 148 } 149 150 151 free: 152 af_alg_free_resources(areq); 153 154 return err ? err : len; 155 } 156 157 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 158 size_t ignored, int flags) 159 { 160 struct sock *sk = sock->sk; 161 int ret = 0; 162 163 lock_sock(sk); 164 while (msg_data_left(msg)) { 165 int err = _skcipher_recvmsg(sock, msg, ignored, flags); 166 167 /* 168 * This error covers -EIOCBQUEUED which implies that we can 169 * only handle one AIO request. If the caller wants to have 170 * multiple AIO requests in parallel, he must make multiple 171 * separate AIO calls. 172 * 173 * Also return the error if no data has been processed so far. 174 */ 175 if (err <= 0) { 176 if (err == -EIOCBQUEUED || !ret) 177 ret = err; 178 goto out; 179 } 180 181 ret += err; 182 } 183 184 out: 185 af_alg_wmem_wakeup(sk); 186 release_sock(sk); 187 return ret; 188 } 189 190 static struct proto_ops algif_skcipher_ops = { 191 .family = PF_ALG, 192 193 .connect = sock_no_connect, 194 .socketpair = sock_no_socketpair, 195 .getname = sock_no_getname, 196 .ioctl = sock_no_ioctl, 197 .listen = sock_no_listen, 198 .shutdown = sock_no_shutdown, 199 .getsockopt = sock_no_getsockopt, 200 .mmap = sock_no_mmap, 201 .bind = sock_no_bind, 202 .accept = sock_no_accept, 203 .setsockopt = sock_no_setsockopt, 204 205 .release = af_alg_release, 206 .sendmsg = skcipher_sendmsg, 207 .sendpage = af_alg_sendpage, 208 .recvmsg = skcipher_recvmsg, 209 .poll_mask = af_alg_poll_mask, 210 }; 211 212 static int skcipher_check_key(struct socket *sock) 213 { 214 int err = 0; 215 struct sock *psk; 216 struct alg_sock *pask; 217 struct crypto_skcipher *tfm; 218 struct sock *sk = sock->sk; 219 struct alg_sock *ask = alg_sk(sk); 220 221 lock_sock(sk); 222 if (ask->refcnt) 223 goto unlock_child; 224 225 psk = ask->parent; 226 pask = alg_sk(ask->parent); 227 tfm = pask->private; 228 229 err = -ENOKEY; 230 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 231 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 232 goto unlock; 233 234 if (!pask->refcnt++) 235 sock_hold(psk); 236 237 ask->refcnt = 1; 238 sock_put(psk); 239 240 err = 0; 241 242 unlock: 243 release_sock(psk); 244 unlock_child: 245 release_sock(sk); 246 247 return err; 248 } 249 250 static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 251 size_t size) 252 { 253 int err; 254 255 err = skcipher_check_key(sock); 256 if (err) 257 return err; 258 259 return skcipher_sendmsg(sock, msg, size); 260 } 261 262 static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page, 263 int offset, size_t size, int flags) 264 { 265 int err; 266 267 err = skcipher_check_key(sock); 268 if (err) 269 return err; 270 271 return af_alg_sendpage(sock, page, offset, size, flags); 272 } 273 274 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 275 size_t ignored, int flags) 276 { 277 int err; 278 279 err = skcipher_check_key(sock); 280 if (err) 281 return err; 282 283 return skcipher_recvmsg(sock, msg, ignored, flags); 284 } 285 286 static struct proto_ops algif_skcipher_ops_nokey = { 287 .family = PF_ALG, 288 289 .connect = sock_no_connect, 290 .socketpair = sock_no_socketpair, 291 .getname = sock_no_getname, 292 .ioctl = sock_no_ioctl, 293 .listen = sock_no_listen, 294 .shutdown = sock_no_shutdown, 295 .getsockopt = sock_no_getsockopt, 296 .mmap = sock_no_mmap, 297 .bind = sock_no_bind, 298 .accept = sock_no_accept, 299 .setsockopt = sock_no_setsockopt, 300 301 .release = af_alg_release, 302 .sendmsg = skcipher_sendmsg_nokey, 303 .sendpage = skcipher_sendpage_nokey, 304 .recvmsg = skcipher_recvmsg_nokey, 305 .poll_mask = af_alg_poll_mask, 306 }; 307 308 static void *skcipher_bind(const char *name, u32 type, u32 mask) 309 { 310 return crypto_alloc_skcipher(name, type, mask); 311 } 312 313 static void skcipher_release(void *private) 314 { 315 crypto_free_skcipher(private); 316 } 317 318 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) 319 { 320 return crypto_skcipher_setkey(private, key, keylen); 321 } 322 323 static void skcipher_sock_destruct(struct sock *sk) 324 { 325 struct alg_sock *ask = alg_sk(sk); 326 struct af_alg_ctx *ctx = ask->private; 327 struct sock *psk = ask->parent; 328 struct alg_sock *pask = alg_sk(psk); 329 struct crypto_skcipher *tfm = pask->private; 330 331 af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 332 sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); 333 sock_kfree_s(sk, ctx, ctx->len); 334 af_alg_release_parent(sk); 335 } 336 337 static int skcipher_accept_parent_nokey(void *private, struct sock *sk) 338 { 339 struct af_alg_ctx *ctx; 340 struct alg_sock *ask = alg_sk(sk); 341 struct crypto_skcipher *tfm = private; 342 unsigned int len = sizeof(*ctx); 343 344 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 345 if (!ctx) 346 return -ENOMEM; 347 348 ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm), 349 GFP_KERNEL); 350 if (!ctx->iv) { 351 sock_kfree_s(sk, ctx, len); 352 return -ENOMEM; 353 } 354 355 memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm)); 356 357 INIT_LIST_HEAD(&ctx->tsgl_list); 358 ctx->len = len; 359 ctx->used = 0; 360 atomic_set(&ctx->rcvused, 0); 361 ctx->more = 0; 362 ctx->merge = 0; 363 ctx->enc = 0; 364 crypto_init_wait(&ctx->wait); 365 366 ask->private = ctx; 367 368 sk->sk_destruct = skcipher_sock_destruct; 369 370 return 0; 371 } 372 373 static int skcipher_accept_parent(void *private, struct sock *sk) 374 { 375 struct crypto_skcipher *tfm = private; 376 377 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 378 return -ENOKEY; 379 380 return skcipher_accept_parent_nokey(private, sk); 381 } 382 383 static const struct af_alg_type algif_type_skcipher = { 384 .bind = skcipher_bind, 385 .release = skcipher_release, 386 .setkey = skcipher_setkey, 387 .accept = skcipher_accept_parent, 388 .accept_nokey = skcipher_accept_parent_nokey, 389 .ops = &algif_skcipher_ops, 390 .ops_nokey = &algif_skcipher_ops_nokey, 391 .name = "skcipher", 392 .owner = THIS_MODULE 393 }; 394 395 static int __init algif_skcipher_init(void) 396 { 397 return af_alg_register_type(&algif_type_skcipher); 398 } 399 400 static void __exit algif_skcipher_exit(void) 401 { 402 int err = af_alg_unregister_type(&algif_type_skcipher); 403 BUG_ON(err); 404 } 405 406 module_init(algif_skcipher_init); 407 module_exit(algif_skcipher_exit); 408 MODULE_LICENSE("GPL"); 409