1 /* 2 * algif_skcipher: User-space interface for skcipher algorithms 3 * 4 * This file provides the user-space API for symmetric key ciphers. 5 * 6 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License as published by the Free 10 * Software Foundation; either version 2 of the License, or (at your option) 11 * any later version. 12 * 13 * The following concept of the memory management is used: 14 * 15 * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 16 * filled by user space with the data submitted via sendpage/sendmsg. Filling 17 * up the TX SGL does not cause a crypto operation -- the data will only be 18 * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 19 * provide a buffer which is tracked with the RX SGL. 20 * 21 * During the processing of the recvmsg operation, the cipher request is 22 * allocated and prepared. As part of the recvmsg operation, the processed 23 * TX buffers are extracted from the TX SGL into a separate SGL. 24 * 25 * After the completion of the crypto operation, the RX SGL and the cipher 26 * request is released. The extracted TX SGL parts are released together with 27 * the RX SGL release. 28 */ 29 30 #include <crypto/scatterwalk.h> 31 #include <crypto/skcipher.h> 32 #include <crypto/if_alg.h> 33 #include <linux/init.h> 34 #include <linux/list.h> 35 #include <linux/kernel.h> 36 #include <linux/mm.h> 37 #include <linux/module.h> 38 #include <linux/net.h> 39 #include <net/sock.h> 40 41 struct skcipher_tfm { 42 struct crypto_skcipher *skcipher; 43 bool has_key; 44 }; 45 46 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, 47 size_t size) 48 { 49 struct sock *sk = sock->sk; 50 struct alg_sock *ask = alg_sk(sk); 51 struct sock *psk = ask->parent; 52 struct alg_sock *pask = alg_sk(psk); 53 struct skcipher_tfm *skc = pask->private; 54 struct crypto_skcipher *tfm = skc->skcipher; 55 unsigned ivsize = crypto_skcipher_ivsize(tfm); 56 57 return af_alg_sendmsg(sock, msg, size, ivsize); 58 } 59 60 static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 61 size_t ignored, int flags) 62 { 63 struct sock *sk = sock->sk; 64 struct alg_sock *ask = alg_sk(sk); 65 struct sock *psk = ask->parent; 66 struct alg_sock *pask = alg_sk(psk); 67 struct af_alg_ctx *ctx = ask->private; 68 struct skcipher_tfm *skc = pask->private; 69 struct crypto_skcipher *tfm = skc->skcipher; 70 unsigned int bs = crypto_skcipher_blocksize(tfm); 71 struct af_alg_async_req *areq; 72 int err = 0; 73 size_t len = 0; 74 75 /* Allocate cipher request for current operation. */ 76 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 77 crypto_skcipher_reqsize(tfm)); 78 if (IS_ERR(areq)) 79 return PTR_ERR(areq); 80 81 /* convert iovecs of output buffers into RX SGL */ 82 err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); 83 if (err) 84 goto free; 85 86 /* Process only as much RX buffers for which we have TX data */ 87 if (len > ctx->used) 88 len = ctx->used; 89 90 /* 91 * If more buffers are to be expected to be processed, process only 92 * full block size buffers. 93 */ 94 if (ctx->more || len < ctx->used) 95 len -= len % bs; 96 97 /* 98 * Create a per request TX SGL for this request which tracks the 99 * SG entries from the global TX SGL. 100 */ 101 areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); 102 if (!areq->tsgl_entries) 103 areq->tsgl_entries = 1; 104 areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * areq->tsgl_entries, 105 GFP_KERNEL); 106 if (!areq->tsgl) { 107 err = -ENOMEM; 108 goto free; 109 } 110 sg_init_table(areq->tsgl, areq->tsgl_entries); 111 af_alg_pull_tsgl(sk, len, areq->tsgl, 0); 112 113 /* Initialize the crypto operation */ 114 skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); 115 skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, 116 areq->first_rsgl.sgl.sg, len, ctx->iv); 117 118 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 119 /* AIO operation */ 120 areq->iocb = msg->msg_iocb; 121 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 122 CRYPTO_TFM_REQ_MAY_SLEEP, 123 af_alg_async_cb, areq); 124 err = ctx->enc ? 125 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 126 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 127 } else { 128 /* Synchronous operation */ 129 skcipher_request_set_callback(&areq->cra_u.skcipher_req, 130 CRYPTO_TFM_REQ_MAY_SLEEP | 131 CRYPTO_TFM_REQ_MAY_BACKLOG, 132 af_alg_complete, 133 &ctx->completion); 134 err = af_alg_wait_for_completion(ctx->enc ? 135 crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 136 crypto_skcipher_decrypt(&areq->cra_u.skcipher_req), 137 &ctx->completion); 138 } 139 140 /* AIO operation in progress */ 141 if (err == -EINPROGRESS) { 142 sock_hold(sk); 143 144 /* Remember output size that will be generated. */ 145 areq->outlen = len; 146 147 return -EIOCBQUEUED; 148 } 149 150 free: 151 af_alg_free_areq_sgls(areq); 152 sock_kfree_s(sk, areq, areq->areqlen); 153 154 return err ? err : len; 155 } 156 157 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 158 size_t ignored, int flags) 159 { 160 struct sock *sk = sock->sk; 161 int ret = 0; 162 163 lock_sock(sk); 164 while (msg_data_left(msg)) { 165 int err = _skcipher_recvmsg(sock, msg, ignored, flags); 166 167 /* 168 * This error covers -EIOCBQUEUED which implies that we can 169 * only handle one AIO request. If the caller wants to have 170 * multiple AIO requests in parallel, he must make multiple 171 * separate AIO calls. 172 * 173 * Also return the error if no data has been processed so far. 174 */ 175 if (err <= 0) { 176 if (err == -EIOCBQUEUED || !ret) 177 ret = err; 178 goto out; 179 } 180 181 ret += err; 182 } 183 184 out: 185 af_alg_wmem_wakeup(sk); 186 release_sock(sk); 187 return ret; 188 } 189 190 191 static struct proto_ops algif_skcipher_ops = { 192 .family = PF_ALG, 193 194 .connect = sock_no_connect, 195 .socketpair = sock_no_socketpair, 196 .getname = sock_no_getname, 197 .ioctl = sock_no_ioctl, 198 .listen = sock_no_listen, 199 .shutdown = sock_no_shutdown, 200 .getsockopt = sock_no_getsockopt, 201 .mmap = sock_no_mmap, 202 .bind = sock_no_bind, 203 .accept = sock_no_accept, 204 .setsockopt = sock_no_setsockopt, 205 206 .release = af_alg_release, 207 .sendmsg = skcipher_sendmsg, 208 .sendpage = af_alg_sendpage, 209 .recvmsg = skcipher_recvmsg, 210 .poll = af_alg_poll, 211 }; 212 213 static int skcipher_check_key(struct socket *sock) 214 { 215 int err = 0; 216 struct sock *psk; 217 struct alg_sock *pask; 218 struct skcipher_tfm *tfm; 219 struct sock *sk = sock->sk; 220 struct alg_sock *ask = alg_sk(sk); 221 222 lock_sock(sk); 223 if (ask->refcnt) 224 goto unlock_child; 225 226 psk = ask->parent; 227 pask = alg_sk(ask->parent); 228 tfm = pask->private; 229 230 err = -ENOKEY; 231 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 232 if (!tfm->has_key) 233 goto unlock; 234 235 if (!pask->refcnt++) 236 sock_hold(psk); 237 238 ask->refcnt = 1; 239 sock_put(psk); 240 241 err = 0; 242 243 unlock: 244 release_sock(psk); 245 unlock_child: 246 release_sock(sk); 247 248 return err; 249 } 250 251 static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 252 size_t size) 253 { 254 int err; 255 256 err = skcipher_check_key(sock); 257 if (err) 258 return err; 259 260 return skcipher_sendmsg(sock, msg, size); 261 } 262 263 static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page, 264 int offset, size_t size, int flags) 265 { 266 int err; 267 268 err = skcipher_check_key(sock); 269 if (err) 270 return err; 271 272 return af_alg_sendpage(sock, page, offset, size, flags); 273 } 274 275 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 276 size_t ignored, int flags) 277 { 278 int err; 279 280 err = skcipher_check_key(sock); 281 if (err) 282 return err; 283 284 return skcipher_recvmsg(sock, msg, ignored, flags); 285 } 286 287 static struct proto_ops algif_skcipher_ops_nokey = { 288 .family = PF_ALG, 289 290 .connect = sock_no_connect, 291 .socketpair = sock_no_socketpair, 292 .getname = sock_no_getname, 293 .ioctl = sock_no_ioctl, 294 .listen = sock_no_listen, 295 .shutdown = sock_no_shutdown, 296 .getsockopt = sock_no_getsockopt, 297 .mmap = sock_no_mmap, 298 .bind = sock_no_bind, 299 .accept = sock_no_accept, 300 .setsockopt = sock_no_setsockopt, 301 302 .release = af_alg_release, 303 .sendmsg = skcipher_sendmsg_nokey, 304 .sendpage = skcipher_sendpage_nokey, 305 .recvmsg = skcipher_recvmsg_nokey, 306 .poll = af_alg_poll, 307 }; 308 309 static void *skcipher_bind(const char *name, u32 type, u32 mask) 310 { 311 struct skcipher_tfm *tfm; 312 struct crypto_skcipher *skcipher; 313 314 tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); 315 if (!tfm) 316 return ERR_PTR(-ENOMEM); 317 318 skcipher = crypto_alloc_skcipher(name, type, mask); 319 if (IS_ERR(skcipher)) { 320 kfree(tfm); 321 return ERR_CAST(skcipher); 322 } 323 324 tfm->skcipher = skcipher; 325 326 return tfm; 327 } 328 329 static void skcipher_release(void *private) 330 { 331 struct skcipher_tfm *tfm = private; 332 333 crypto_free_skcipher(tfm->skcipher); 334 kfree(tfm); 335 } 336 337 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) 338 { 339 struct skcipher_tfm *tfm = private; 340 int err; 341 342 err = crypto_skcipher_setkey(tfm->skcipher, key, keylen); 343 tfm->has_key = !err; 344 345 return err; 346 } 347 348 static void skcipher_sock_destruct(struct sock *sk) 349 { 350 struct alg_sock *ask = alg_sk(sk); 351 struct af_alg_ctx *ctx = ask->private; 352 struct sock *psk = ask->parent; 353 struct alg_sock *pask = alg_sk(psk); 354 struct skcipher_tfm *skc = pask->private; 355 struct crypto_skcipher *tfm = skc->skcipher; 356 357 af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 358 sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); 359 sock_kfree_s(sk, ctx, ctx->len); 360 af_alg_release_parent(sk); 361 } 362 363 static int skcipher_accept_parent_nokey(void *private, struct sock *sk) 364 { 365 struct af_alg_ctx *ctx; 366 struct alg_sock *ask = alg_sk(sk); 367 struct skcipher_tfm *tfm = private; 368 struct crypto_skcipher *skcipher = tfm->skcipher; 369 unsigned int len = sizeof(*ctx); 370 371 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 372 if (!ctx) 373 return -ENOMEM; 374 375 ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher), 376 GFP_KERNEL); 377 if (!ctx->iv) { 378 sock_kfree_s(sk, ctx, len); 379 return -ENOMEM; 380 } 381 382 memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher)); 383 384 INIT_LIST_HEAD(&ctx->tsgl_list); 385 ctx->len = len; 386 ctx->used = 0; 387 ctx->rcvused = 0; 388 ctx->more = 0; 389 ctx->merge = 0; 390 ctx->enc = 0; 391 af_alg_init_completion(&ctx->completion); 392 393 ask->private = ctx; 394 395 sk->sk_destruct = skcipher_sock_destruct; 396 397 return 0; 398 } 399 400 static int skcipher_accept_parent(void *private, struct sock *sk) 401 { 402 struct skcipher_tfm *tfm = private; 403 404 if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher)) 405 return -ENOKEY; 406 407 return skcipher_accept_parent_nokey(private, sk); 408 } 409 410 static const struct af_alg_type algif_type_skcipher = { 411 .bind = skcipher_bind, 412 .release = skcipher_release, 413 .setkey = skcipher_setkey, 414 .accept = skcipher_accept_parent, 415 .accept_nokey = skcipher_accept_parent_nokey, 416 .ops = &algif_skcipher_ops, 417 .ops_nokey = &algif_skcipher_ops_nokey, 418 .name = "skcipher", 419 .owner = THIS_MODULE 420 }; 421 422 static int __init algif_skcipher_init(void) 423 { 424 return af_alg_register_type(&algif_type_skcipher); 425 } 426 427 static void __exit algif_skcipher_exit(void) 428 { 429 int err = af_alg_unregister_type(&algif_type_skcipher); 430 BUG_ON(err); 431 } 432 433 module_init(algif_skcipher_init); 434 module_exit(algif_skcipher_exit); 435 MODULE_LICENSE("GPL"); 436