Thomas Gleixner | 2874c5f | 2019-05-27 08:55:01 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 2 | /* |
| 3 | * algif_aead: User-space interface for AEAD algorithms |
| 4 | * |
| 5 | * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> |
| 6 | * |
| 7 | * This file provides the user-space API for AEAD ciphers. |
| 8 | * |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 9 | * The following concept of the memory management is used: |
| 10 | * |
| 11 | * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is |
| 12 | * filled by user space with the data submitted via sendpage/sendmsg. Filling |
| 13 | * up the TX SGL does not cause a crypto operation -- the data will only be |
| 14 | * tracked by the kernel. Upon receipt of one recvmsg call, the caller must |
| 15 | * provide a buffer which is tracked with the RX SGL. |
| 16 | * |
| 17 | * During the processing of the recvmsg operation, the cipher request is |
| 18 | * allocated and prepared. As part of the recvmsg operation, the processed |
| 19 | * TX buffers are extracted from the TX SGL into a separate SGL. |
| 20 | * |
| 21 | * After the completion of the crypto operation, the RX SGL and the cipher |
| 22 | * request is released. The extracted TX SGL parts are released together with |
| 23 | * the RX SGL release. |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 24 | */ |
| 25 | |
Tadeusz Struk | 83094e5e | 2016-03-11 11:50:33 -0800 | [diff] [blame] | 26 | #include <crypto/internal/aead.h> |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 27 | #include <crypto/scatterwalk.h> |
| 28 | #include <crypto/if_alg.h> |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 29 | #include <crypto/skcipher.h> |
| 30 | #include <crypto/null.h> |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 31 | #include <linux/init.h> |
| 32 | #include <linux/list.h> |
| 33 | #include <linux/kernel.h> |
| 34 | #include <linux/mm.h> |
| 35 | #include <linux/module.h> |
| 36 | #include <linux/net.h> |
| 37 | #include <net/sock.h> |
| 38 | |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 39 | struct aead_tfm { |
| 40 | struct crypto_aead *aead; |
Kees Cook | 8d60539 | 2018-09-18 19:10:51 -0700 | [diff] [blame] | 41 | struct crypto_sync_skcipher *null_tfm; |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 42 | }; |
| 43 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 44 | static inline bool aead_sufficient_data(struct sock *sk) |
| 45 | { |
| 46 | struct alg_sock *ask = alg_sk(sk); |
| 47 | struct sock *psk = ask->parent; |
| 48 | struct alg_sock *pask = alg_sk(psk); |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 49 | struct af_alg_ctx *ctx = ask->private; |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 50 | struct aead_tfm *aeadc = pask->private; |
| 51 | struct crypto_aead *tfm = aeadc->aead; |
| 52 | unsigned int as = crypto_aead_authsize(tfm); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 53 | |
Stephan Mueller | 0c1e16c | 2016-12-05 15:26:19 +0100 | [diff] [blame] | 54 | /* |
| 55 | * The minimum amount of memory needed for an AEAD cipher is |
| 56 | * the AAD and in case of decryption the tag. |
| 57 | */ |
| 58 | return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 59 | } |
| 60 | |
Linus Torvalds | eccd02f | 2015-04-15 14:09:46 -0700 | [diff] [blame] | 61 | static int aead_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 62 | { |
| 63 | struct sock *sk = sock->sk; |
| 64 | struct alg_sock *ask = alg_sk(sk); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 65 | struct sock *psk = ask->parent; |
| 66 | struct alg_sock *pask = alg_sk(psk); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 67 | struct aead_tfm *aeadc = pask->private; |
| 68 | struct crypto_aead *tfm = aeadc->aead; |
| 69 | unsigned int ivsize = crypto_aead_ivsize(tfm); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 70 | |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 71 | return af_alg_sendmsg(sock, msg, size, ivsize); |
Tadeusz Struk | 83094e5e | 2016-03-11 11:50:33 -0800 | [diff] [blame] | 72 | } |
| 73 | |
Kees Cook | 8d60539 | 2018-09-18 19:10:51 -0700 | [diff] [blame] | 74 | static int crypto_aead_copy_sgl(struct crypto_sync_skcipher *null_tfm, |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 75 | struct scatterlist *src, |
| 76 | struct scatterlist *dst, unsigned int len) |
| 77 | { |
Kees Cook | 8d60539 | 2018-09-18 19:10:51 -0700 | [diff] [blame] | 78 | SYNC_SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm); |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 79 | |
Kees Cook | 8d60539 | 2018-09-18 19:10:51 -0700 | [diff] [blame] | 80 | skcipher_request_set_sync_tfm(skreq, null_tfm); |
Herbert Xu | cbdad1f | 2020-07-31 17:03:50 +1000 | [diff] [blame] | 81 | skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_SLEEP, |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 82 | NULL, NULL); |
| 83 | skcipher_request_set_crypt(skreq, src, dst, len, NULL); |
| 84 | |
| 85 | return crypto_skcipher_encrypt(skreq); |
| 86 | } |
| 87 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 88 | static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, |
| 89 | size_t ignored, int flags) |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 90 | { |
| 91 | struct sock *sk = sock->sk; |
| 92 | struct alg_sock *ask = alg_sk(sk); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 93 | struct sock *psk = ask->parent; |
| 94 | struct alg_sock *pask = alg_sk(psk); |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 95 | struct af_alg_ctx *ctx = ask->private; |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 96 | struct aead_tfm *aeadc = pask->private; |
| 97 | struct crypto_aead *tfm = aeadc->aead; |
Kees Cook | 8d60539 | 2018-09-18 19:10:51 -0700 | [diff] [blame] | 98 | struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm; |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 99 | unsigned int i, as = crypto_aead_authsize(tfm); |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 100 | struct af_alg_async_req *areq; |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 101 | struct af_alg_tsgl *tsgl, *tmp; |
| 102 | struct scatterlist *rsgl_src, *tsgl_src = NULL; |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 103 | int err = 0; |
| 104 | size_t used = 0; /* [in] TX bufs to be en/decrypted */ |
| 105 | size_t outlen = 0; /* [out] RX bufs produced by kernel */ |
| 106 | size_t usedpages = 0; /* [in] RX bufs to be used from user */ |
| 107 | size_t processed = 0; /* [in] TX bufs to be consumed */ |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 108 | |
Herbert Xu | f3c802a | 2020-05-30 00:23:49 +1000 | [diff] [blame] | 109 | if (!ctx->init || ctx->more) { |
| 110 | err = af_alg_wait_for_data(sk, flags, 0); |
Stephan Mueller | 11edb55 | 2017-11-29 12:02:23 +0100 | [diff] [blame] | 111 | if (err) |
| 112 | return err; |
| 113 | } |
| 114 | |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 115 | /* |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 116 | * Data length provided by caller via sendmsg/sendpage that has not |
| 117 | * yet been processed. |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 118 | */ |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 119 | used = ctx->used; |
| 120 | |
| 121 | /* |
| 122 | * Make sure sufficient data is present -- note, the same check is |
Randy Dunlap | 4eb57bc | 2020-07-30 19:39:19 -0700 | [diff] [blame] | 123 | * also present in sendmsg/sendpage. The checks in sendpage/sendmsg |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 124 | * shall provide an information to the data sender that something is |
| 125 | * wrong, but they are irrelevant to maintain the kernel integrity. |
| 126 | * We need this check here too in case user space decides to not honor |
| 127 | * the error message in sendmsg/sendpage and still call recvmsg. This |
| 128 | * check here protects the kernel integrity. |
| 129 | */ |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 130 | if (!aead_sufficient_data(sk)) |
| 131 | return -EINVAL; |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 132 | |
Stephan Mueller | 0c1e16c | 2016-12-05 15:26:19 +0100 | [diff] [blame] | 133 | /* |
| 134 | * Calculate the minimum output buffer size holding the result of the |
| 135 | * cipher operation. When encrypting data, the receiving buffer is |
| 136 | * larger by the tag length compared to the input buffer as the |
| 137 | * encryption operation generates the tag. For decryption, the input |
| 138 | * buffer provides the tag which is consumed resulting in only the |
| 139 | * plaintext without a buffer for the tag returned to the caller. |
| 140 | */ |
| 141 | if (ctx->enc) |
| 142 | outlen = used + as; |
| 143 | else |
| 144 | outlen = used - as; |
Herbert Xu | 19fa775 | 2015-05-27 17:24:41 +0800 | [diff] [blame] | 145 | |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 146 | /* |
| 147 | * The cipher operation input data is reduced by the associated data |
| 148 | * length as this data is processed separately later on. |
| 149 | */ |
Stephan Mueller | 0c1e16c | 2016-12-05 15:26:19 +0100 | [diff] [blame] | 150 | used -= ctx->aead_assoclen; |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 151 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 152 | /* Allocate cipher request for current operation. */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 153 | areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + |
| 154 | crypto_aead_reqsize(tfm)); |
| 155 | if (IS_ERR(areq)) |
| 156 | return PTR_ERR(areq); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 157 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 158 | /* convert iovecs of output buffers into RX SGL */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 159 | err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages); |
| 160 | if (err) |
| 161 | goto free; |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 162 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 163 | /* |
| 164 | * Ensure output buffer is sufficiently large. If the caller provides |
| 165 | * less buffer space, only use the relative required input size. This |
| 166 | * allows AIO operation where the caller sent all data to be processed |
| 167 | * and the AIO operation performs the operation on the different chunks |
| 168 | * of the input data. |
| 169 | */ |
Stephan Mueller | 0c1e16c | 2016-12-05 15:26:19 +0100 | [diff] [blame] | 170 | if (usedpages < outlen) { |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 171 | size_t less = outlen - usedpages; |
| 172 | |
| 173 | if (used < less) { |
| 174 | err = -EINVAL; |
| 175 | goto free; |
| 176 | } |
| 177 | used -= less; |
| 178 | outlen -= less; |
Stephan Mueller | 0c1e16c | 2016-12-05 15:26:19 +0100 | [diff] [blame] | 179 | } |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 180 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 181 | processed = used + ctx->aead_assoclen; |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 182 | list_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) { |
| 183 | for (i = 0; i < tsgl->cur; i++) { |
| 184 | struct scatterlist *process_sg = tsgl->sg + i; |
| 185 | |
| 186 | if (!(process_sg->length) || !sg_page(process_sg)) |
| 187 | continue; |
| 188 | tsgl_src = process_sg; |
| 189 | break; |
| 190 | } |
| 191 | if (tsgl_src) |
| 192 | break; |
| 193 | } |
| 194 | if (processed && !tsgl_src) { |
| 195 | err = -EFAULT; |
| 196 | goto free; |
| 197 | } |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 198 | |
| 199 | /* |
| 200 | * Copy of AAD from source to destination |
| 201 | * |
| 202 | * The AAD is copied to the destination buffer without change. Even |
| 203 | * when user space uses an in-place cipher operation, the kernel |
| 204 | * will copy the data as it does not see whether such in-place operation |
| 205 | * is initiated. |
| 206 | * |
| 207 | * To ensure efficiency, the following implementation ensure that the |
| 208 | * ciphers are invoked to perform a crypto operation in-place. This |
| 209 | * is achieved by memory management specified as follows. |
| 210 | */ |
| 211 | |
| 212 | /* Use the RX SGL as source (and destination) for crypto op. */ |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 213 | rsgl_src = areq->first_rsgl.sgl.sg; |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 214 | |
| 215 | if (ctx->enc) { |
| 216 | /* |
| 217 | * Encryption operation - The in-place cipher operation is |
| 218 | * achieved by the following operation: |
| 219 | * |
Stephan Mueller | 75d11e7 | 2017-08-09 16:20:00 +0200 | [diff] [blame] | 220 | * TX SGL: AAD || PT |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 221 | * | | |
| 222 | * | copy | |
| 223 | * v v |
Stephan Mueller | 75d11e7 | 2017-08-09 16:20:00 +0200 | [diff] [blame] | 224 | * RX SGL: AAD || PT || Tag |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 225 | */ |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 226 | err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 227 | areq->first_rsgl.sgl.sg, processed); |
| 228 | if (err) |
| 229 | goto free; |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 230 | af_alg_pull_tsgl(sk, processed, NULL, 0); |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 231 | } else { |
| 232 | /* |
| 233 | * Decryption operation - To achieve an in-place cipher |
| 234 | * operation, the following SGL structure is used: |
| 235 | * |
| 236 | * TX SGL: AAD || CT || Tag |
| 237 | * | | ^ |
| 238 | * | copy | | Create SGL link. |
| 239 | * v v | |
| 240 | * RX SGL: AAD || CT ----+ |
| 241 | */ |
| 242 | |
| 243 | /* Copy AAD || CT to RX SGL buffer for in-place operation. */ |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 244 | err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 245 | areq->first_rsgl.sgl.sg, outlen); |
| 246 | if (err) |
| 247 | goto free; |
| 248 | |
| 249 | /* Create TX SGL for tag and chain it to RX SGL. */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 250 | areq->tsgl_entries = af_alg_count_tsgl(sk, processed, |
| 251 | processed - as); |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 252 | if (!areq->tsgl_entries) |
| 253 | areq->tsgl_entries = 1; |
Kees Cook | 76e43e3 | 2018-06-12 14:28:11 -0700 | [diff] [blame] | 254 | areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), |
| 255 | areq->tsgl_entries), |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 256 | GFP_KERNEL); |
| 257 | if (!areq->tsgl) { |
| 258 | err = -ENOMEM; |
| 259 | goto free; |
| 260 | } |
| 261 | sg_init_table(areq->tsgl, areq->tsgl_entries); |
| 262 | |
| 263 | /* Release TX SGL, except for tag data and reassign tag data. */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 264 | af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 265 | |
| 266 | /* chain the areq TX SGL holding the tag with RX SGL */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 267 | if (usedpages) { |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 268 | /* RX SGL present */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 269 | struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 270 | |
| 271 | sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); |
| 272 | sg_chain(sgl_prev->sg, sgl_prev->npages + 1, |
| 273 | areq->tsgl); |
| 274 | } else |
| 275 | /* no RX SGL present (e.g. authentication only) */ |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 276 | rsgl_src = areq->tsgl; |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 277 | } |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 278 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 279 | /* Initialize the crypto operation */ |
Stephan Mueller | 8e1fa89 | 2017-11-10 11:04:52 +0100 | [diff] [blame] | 280 | aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 281 | areq->first_rsgl.sgl.sg, used, ctx->iv); |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 282 | aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); |
| 283 | aead_request_set_tfm(&areq->cra_u.aead_req, tfm); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 284 | |
| 285 | if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { |
| 286 | /* AIO operation */ |
Stephan Mueller | 7d2c3f5 | 2017-11-10 13:20:55 +0100 | [diff] [blame] | 287 | sock_hold(sk); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 288 | areq->iocb = msg->msg_iocb; |
Stephan Mueller | d53c513 | 2017-12-08 11:50:37 +0100 | [diff] [blame] | 289 | |
| 290 | /* Remember output size that will be generated. */ |
| 291 | areq->outlen = outlen; |
| 292 | |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 293 | aead_request_set_callback(&areq->cra_u.aead_req, |
Herbert Xu | cbdad1f | 2020-07-31 17:03:50 +1000 | [diff] [blame] | 294 | CRYPTO_TFM_REQ_MAY_SLEEP, |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 295 | af_alg_async_cb, areq); |
| 296 | err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) : |
| 297 | crypto_aead_decrypt(&areq->cra_u.aead_req); |
Stephan Mueller | 7d2c3f5 | 2017-11-10 13:20:55 +0100 | [diff] [blame] | 298 | |
| 299 | /* AIO operation in progress */ |
Herbert Xu | cbdad1f | 2020-07-31 17:03:50 +1000 | [diff] [blame] | 300 | if (err == -EINPROGRESS) |
Stephan Mueller | 7d2c3f5 | 2017-11-10 13:20:55 +0100 | [diff] [blame] | 301 | return -EIOCBQUEUED; |
Stephan Mueller | 7d2c3f5 | 2017-11-10 13:20:55 +0100 | [diff] [blame] | 302 | |
| 303 | sock_put(sk); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 304 | } else { |
| 305 | /* Synchronous operation */ |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 306 | aead_request_set_callback(&areq->cra_u.aead_req, |
Herbert Xu | cbdad1f | 2020-07-31 17:03:50 +1000 | [diff] [blame] | 307 | CRYPTO_TFM_REQ_MAY_SLEEP | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 308 | CRYPTO_TFM_REQ_MAY_BACKLOG, |
Gilad Ben-Yossef | 2c3f8b1 | 2017-10-18 08:00:39 +0100 | [diff] [blame] | 309 | crypto_req_done, &ctx->wait); |
| 310 | err = crypto_wait_req(ctx->enc ? |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 311 | crypto_aead_encrypt(&areq->cra_u.aead_req) : |
| 312 | crypto_aead_decrypt(&areq->cra_u.aead_req), |
Gilad Ben-Yossef | 2c3f8b1 | 2017-10-18 08:00:39 +0100 | [diff] [blame] | 313 | &ctx->wait); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 314 | } |
| 315 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 316 | |
| 317 | free: |
Stephan Mueller | 7d2c3f5 | 2017-11-10 13:20:55 +0100 | [diff] [blame] | 318 | af_alg_free_resources(areq); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 319 | |
| 320 | return err ? err : outlen; |
| 321 | } |
| 322 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 323 | static int aead_recvmsg(struct socket *sock, struct msghdr *msg, |
| 324 | size_t ignored, int flags) |
Tadeusz Struk | 83094e5e | 2016-03-11 11:50:33 -0800 | [diff] [blame] | 325 | { |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 326 | struct sock *sk = sock->sk; |
| 327 | int ret = 0; |
| 328 | |
| 329 | lock_sock(sk); |
| 330 | while (msg_data_left(msg)) { |
| 331 | int err = _aead_recvmsg(sock, msg, ignored, flags); |
| 332 | |
| 333 | /* |
| 334 | * This error covers -EIOCBQUEUED which implies that we can |
| 335 | * only handle one AIO request. If the caller wants to have |
| 336 | * multiple AIO requests in parallel, he must make multiple |
| 337 | * separate AIO calls. |
Stephan Mueller | 5703c82 | 2017-07-30 14:31:18 +0200 | [diff] [blame] | 338 | * |
| 339 | * Also return the error if no data has been processed so far. |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 340 | */ |
| 341 | if (err <= 0) { |
Stephan Mueller | 5703c82 | 2017-07-30 14:31:18 +0200 | [diff] [blame] | 342 | if (err == -EIOCBQUEUED || err == -EBADMSG || !ret) |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 343 | ret = err; |
| 344 | goto out; |
| 345 | } |
| 346 | |
| 347 | ret += err; |
| 348 | } |
| 349 | |
| 350 | out: |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 351 | af_alg_wmem_wakeup(sk); |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 352 | release_sock(sk); |
| 353 | return ret; |
Tadeusz Struk | 83094e5e | 2016-03-11 11:50:33 -0800 | [diff] [blame] | 354 | } |
| 355 | |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 356 | static struct proto_ops algif_aead_ops = { |
| 357 | .family = PF_ALG, |
| 358 | |
| 359 | .connect = sock_no_connect, |
| 360 | .socketpair = sock_no_socketpair, |
| 361 | .getname = sock_no_getname, |
| 362 | .ioctl = sock_no_ioctl, |
| 363 | .listen = sock_no_listen, |
| 364 | .shutdown = sock_no_shutdown, |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 365 | .mmap = sock_no_mmap, |
| 366 | .bind = sock_no_bind, |
| 367 | .accept = sock_no_accept, |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 368 | |
| 369 | .release = af_alg_release, |
| 370 | .sendmsg = aead_sendmsg, |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 371 | .sendpage = af_alg_sendpage, |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 372 | .recvmsg = aead_recvmsg, |
Linus Torvalds | a11e1d4 | 2018-06-28 09:43:44 -0700 | [diff] [blame] | 373 | .poll = af_alg_poll, |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 374 | }; |
| 375 | |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 376 | static int aead_check_key(struct socket *sock) |
| 377 | { |
| 378 | int err = 0; |
| 379 | struct sock *psk; |
| 380 | struct alg_sock *pask; |
| 381 | struct aead_tfm *tfm; |
| 382 | struct sock *sk = sock->sk; |
| 383 | struct alg_sock *ask = alg_sk(sk); |
| 384 | |
| 385 | lock_sock(sk); |
Herbert Xu | 34c86f4 | 2020-06-08 16:48:43 +1000 | [diff] [blame] | 386 | if (!atomic_read(&ask->nokey_refcnt)) |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 387 | goto unlock_child; |
| 388 | |
| 389 | psk = ask->parent; |
| 390 | pask = alg_sk(ask->parent); |
| 391 | tfm = pask->private; |
| 392 | |
| 393 | err = -ENOKEY; |
| 394 | lock_sock_nested(psk, SINGLE_DEPTH_NESTING); |
Eric Biggers | dc26c17 | 2018-01-03 11:16:30 -0800 | [diff] [blame] | 395 | if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY) |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 396 | goto unlock; |
| 397 | |
Herbert Xu | 34c86f4 | 2020-06-08 16:48:43 +1000 | [diff] [blame] | 398 | atomic_dec(&pask->nokey_refcnt); |
| 399 | atomic_set(&ask->nokey_refcnt, 0); |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 400 | |
| 401 | err = 0; |
| 402 | |
| 403 | unlock: |
| 404 | release_sock(psk); |
| 405 | unlock_child: |
| 406 | release_sock(sk); |
| 407 | |
| 408 | return err; |
| 409 | } |
| 410 | |
| 411 | static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg, |
| 412 | size_t size) |
| 413 | { |
| 414 | int err; |
| 415 | |
| 416 | err = aead_check_key(sock); |
| 417 | if (err) |
| 418 | return err; |
| 419 | |
| 420 | return aead_sendmsg(sock, msg, size); |
| 421 | } |
| 422 | |
| 423 | static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page, |
| 424 | int offset, size_t size, int flags) |
| 425 | { |
| 426 | int err; |
| 427 | |
| 428 | err = aead_check_key(sock); |
| 429 | if (err) |
| 430 | return err; |
| 431 | |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 432 | return af_alg_sendpage(sock, page, offset, size, flags); |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 433 | } |
| 434 | |
| 435 | static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg, |
| 436 | size_t ignored, int flags) |
| 437 | { |
| 438 | int err; |
| 439 | |
| 440 | err = aead_check_key(sock); |
| 441 | if (err) |
| 442 | return err; |
| 443 | |
| 444 | return aead_recvmsg(sock, msg, ignored, flags); |
| 445 | } |
| 446 | |
| 447 | static struct proto_ops algif_aead_ops_nokey = { |
| 448 | .family = PF_ALG, |
| 449 | |
| 450 | .connect = sock_no_connect, |
| 451 | .socketpair = sock_no_socketpair, |
| 452 | .getname = sock_no_getname, |
| 453 | .ioctl = sock_no_ioctl, |
| 454 | .listen = sock_no_listen, |
| 455 | .shutdown = sock_no_shutdown, |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 456 | .mmap = sock_no_mmap, |
| 457 | .bind = sock_no_bind, |
| 458 | .accept = sock_no_accept, |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 459 | |
| 460 | .release = af_alg_release, |
| 461 | .sendmsg = aead_sendmsg_nokey, |
| 462 | .sendpage = aead_sendpage_nokey, |
| 463 | .recvmsg = aead_recvmsg_nokey, |
Linus Torvalds | a11e1d4 | 2018-06-28 09:43:44 -0700 | [diff] [blame] | 464 | .poll = af_alg_poll, |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 465 | }; |
| 466 | |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 467 | static void *aead_bind(const char *name, u32 type, u32 mask) |
| 468 | { |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 469 | struct aead_tfm *tfm; |
| 470 | struct crypto_aead *aead; |
Kees Cook | 8d60539 | 2018-09-18 19:10:51 -0700 | [diff] [blame] | 471 | struct crypto_sync_skcipher *null_tfm; |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 472 | |
| 473 | tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); |
| 474 | if (!tfm) |
| 475 | return ERR_PTR(-ENOMEM); |
| 476 | |
| 477 | aead = crypto_alloc_aead(name, type, mask); |
| 478 | if (IS_ERR(aead)) { |
| 479 | kfree(tfm); |
| 480 | return ERR_CAST(aead); |
| 481 | } |
| 482 | |
Eric Biggers | 3a2d4fb | 2017-12-07 10:56:34 -0800 | [diff] [blame] | 483 | null_tfm = crypto_get_default_null_skcipher(); |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 484 | if (IS_ERR(null_tfm)) { |
| 485 | crypto_free_aead(aead); |
| 486 | kfree(tfm); |
| 487 | return ERR_CAST(null_tfm); |
| 488 | } |
| 489 | |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 490 | tfm->aead = aead; |
Stephan Mueller | 72548b0 | 2017-07-30 14:32:58 +0200 | [diff] [blame] | 491 | tfm->null_tfm = null_tfm; |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 492 | |
| 493 | return tfm; |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 494 | } |
| 495 | |
| 496 | static void aead_release(void *private) |
| 497 | { |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 498 | struct aead_tfm *tfm = private; |
| 499 | |
| 500 | crypto_free_aead(tfm->aead); |
Eric Biggers | 3a2d4fb | 2017-12-07 10:56:34 -0800 | [diff] [blame] | 501 | crypto_put_default_null_skcipher(); |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 502 | kfree(tfm); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 503 | } |
| 504 | |
| 505 | static int aead_setauthsize(void *private, unsigned int authsize) |
| 506 | { |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 507 | struct aead_tfm *tfm = private; |
| 508 | |
| 509 | return crypto_aead_setauthsize(tfm->aead, authsize); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 510 | } |
| 511 | |
| 512 | static int aead_setkey(void *private, const u8 *key, unsigned int keylen) |
| 513 | { |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 514 | struct aead_tfm *tfm = private; |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 515 | |
Eric Biggers | dc26c17 | 2018-01-03 11:16:30 -0800 | [diff] [blame] | 516 | return crypto_aead_setkey(tfm->aead, key, keylen); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 517 | } |
| 518 | |
| 519 | static void aead_sock_destruct(struct sock *sk) |
| 520 | { |
| 521 | struct alg_sock *ask = alg_sk(sk); |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 522 | struct af_alg_ctx *ctx = ask->private; |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 523 | struct sock *psk = ask->parent; |
| 524 | struct alg_sock *pask = alg_sk(psk); |
| 525 | struct aead_tfm *aeadc = pask->private; |
| 526 | struct crypto_aead *tfm = aeadc->aead; |
| 527 | unsigned int ivlen = crypto_aead_ivsize(tfm); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 528 | |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 529 | af_alg_pull_tsgl(sk, ctx->used, NULL, 0); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 530 | sock_kzfree_s(sk, ctx->iv, ivlen); |
| 531 | sock_kfree_s(sk, ctx, ctx->len); |
| 532 | af_alg_release_parent(sk); |
| 533 | } |
| 534 | |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 535 | static int aead_accept_parent_nokey(void *private, struct sock *sk) |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 536 | { |
Stephan Mueller | 2d97591 | 2017-08-02 07:56:19 +0200 | [diff] [blame] | 537 | struct af_alg_ctx *ctx; |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 538 | struct alg_sock *ask = alg_sk(sk); |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 539 | struct aead_tfm *tfm = private; |
| 540 | struct crypto_aead *aead = tfm->aead; |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 541 | unsigned int len = sizeof(*ctx); |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 542 | unsigned int ivlen = crypto_aead_ivsize(aead); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 543 | |
| 544 | ctx = sock_kmalloc(sk, len, GFP_KERNEL); |
| 545 | if (!ctx) |
| 546 | return -ENOMEM; |
| 547 | memset(ctx, 0, len); |
| 548 | |
| 549 | ctx->iv = sock_kmalloc(sk, ivlen, GFP_KERNEL); |
| 550 | if (!ctx->iv) { |
| 551 | sock_kfree_s(sk, ctx, len); |
| 552 | return -ENOMEM; |
| 553 | } |
| 554 | memset(ctx->iv, 0, ivlen); |
| 555 | |
Stephan Mueller | d887c52 | 2017-06-25 17:12:59 +0200 | [diff] [blame] | 556 | INIT_LIST_HEAD(&ctx->tsgl_list); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 557 | ctx->len = len; |
Gilad Ben-Yossef | 2c3f8b1 | 2017-10-18 08:00:39 +0100 | [diff] [blame] | 558 | crypto_init_wait(&ctx->wait); |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 559 | |
| 560 | ask->private = ctx; |
| 561 | |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 562 | sk->sk_destruct = aead_sock_destruct; |
| 563 | |
| 564 | return 0; |
| 565 | } |
| 566 | |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 567 | static int aead_accept_parent(void *private, struct sock *sk) |
| 568 | { |
| 569 | struct aead_tfm *tfm = private; |
| 570 | |
Eric Biggers | dc26c17 | 2018-01-03 11:16:30 -0800 | [diff] [blame] | 571 | if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY) |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 572 | return -ENOKEY; |
| 573 | |
| 574 | return aead_accept_parent_nokey(private, sk); |
| 575 | } |
| 576 | |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 577 | static const struct af_alg_type algif_type_aead = { |
| 578 | .bind = aead_bind, |
| 579 | .release = aead_release, |
| 580 | .setkey = aead_setkey, |
| 581 | .setauthsize = aead_setauthsize, |
| 582 | .accept = aead_accept_parent, |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 583 | .accept_nokey = aead_accept_parent_nokey, |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 584 | .ops = &algif_aead_ops, |
Stephan Mueller | 2a2a251 | 2017-04-24 11:15:23 +0200 | [diff] [blame] | 585 | .ops_nokey = &algif_aead_ops_nokey, |
Stephan Mueller | 400c40c | 2015-02-28 20:50:00 +0100 | [diff] [blame] | 586 | .name = "aead", |
| 587 | .owner = THIS_MODULE |
| 588 | }; |
| 589 | |
| 590 | static int __init algif_aead_init(void) |
| 591 | { |
| 592 | return af_alg_register_type(&algif_type_aead); |
| 593 | } |
| 594 | |
| 595 | static void __exit algif_aead_exit(void) |
| 596 | { |
| 597 | int err = af_alg_unregister_type(&algif_type_aead); |
| 598 | BUG_ON(err); |
| 599 | } |
| 600 | |
| 601 | module_init(algif_aead_init); |
| 602 | module_exit(algif_aead_exit); |
| 603 | MODULE_LICENSE("GPL"); |
| 604 | MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); |
| 605 | MODULE_DESCRIPTION("AEAD kernel crypto API user space interface"); |