1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * algif_hash: User-space interface for hash algorithms |
4 | * |
5 | * This file provides the user-space API for hash algorithms. |
6 | * |
7 | * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> |
8 | */ |
9 | |
10 | #include <crypto/hash.h> |
11 | #include <crypto/if_alg.h> |
12 | #include <linux/init.h> |
13 | #include <linux/kernel.h> |
14 | #include <linux/mm.h> |
15 | #include <linux/module.h> |
16 | #include <linux/net.h> |
17 | #include <net/sock.h> |
18 | |
19 | struct hash_ctx { |
20 | struct af_alg_sgl sgl; |
21 | |
22 | u8 *result; |
23 | |
24 | struct crypto_wait wait; |
25 | |
26 | unsigned int len; |
27 | bool more; |
28 | |
29 | struct ahash_request req; |
30 | }; |
31 | |
32 | static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx) |
33 | { |
34 | unsigned ds; |
35 | |
36 | if (ctx->result) |
37 | return 0; |
38 | |
39 | ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req)); |
40 | |
41 | ctx->result = sock_kmalloc(sk, size: ds, GFP_KERNEL); |
42 | if (!ctx->result) |
43 | return -ENOMEM; |
44 | |
45 | memset(ctx->result, 0, ds); |
46 | |
47 | return 0; |
48 | } |
49 | |
50 | static void hash_free_result(struct sock *sk, struct hash_ctx *ctx) |
51 | { |
52 | unsigned ds; |
53 | |
54 | if (!ctx->result) |
55 | return; |
56 | |
57 | ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req)); |
58 | |
59 | sock_kzfree_s(sk, mem: ctx->result, size: ds); |
60 | ctx->result = NULL; |
61 | } |
62 | |
63 | static int hash_sendmsg(struct socket *sock, struct msghdr *msg, |
64 | size_t ignored) |
65 | { |
66 | struct sock *sk = sock->sk; |
67 | struct alg_sock *ask = alg_sk(sk); |
68 | struct hash_ctx *ctx = ask->private; |
69 | ssize_t copied = 0; |
70 | size_t len, max_pages, npages; |
71 | bool continuing, need_init = false; |
72 | int err; |
73 | |
74 | max_pages = min_t(size_t, ALG_MAX_PAGES, |
75 | DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE)); |
76 | |
77 | lock_sock(sk); |
78 | continuing = ctx->more; |
79 | |
80 | if (!continuing) { |
81 | /* Discard a previous request that wasn't marked MSG_MORE. */ |
82 | hash_free_result(sk, ctx); |
83 | if (!msg_data_left(msg)) |
84 | goto done; /* Zero-length; don't start new req */ |
85 | need_init = true; |
86 | } else if (!msg_data_left(msg)) { |
87 | /* |
88 | * No data - finalise the prev req if MSG_MORE so any error |
89 | * comes out here. |
90 | */ |
91 | if (!(msg->msg_flags & MSG_MORE)) { |
92 | err = hash_alloc_result(sk, ctx); |
93 | if (err) |
94 | goto unlock_free_result; |
95 | ahash_request_set_crypt(req: &ctx->req, NULL, |
96 | result: ctx->result, nbytes: 0); |
97 | err = crypto_wait_req(err: crypto_ahash_final(req: &ctx->req), |
98 | wait: &ctx->wait); |
99 | if (err) |
100 | goto unlock_free_result; |
101 | } |
102 | goto done_more; |
103 | } |
104 | |
105 | while (msg_data_left(msg)) { |
106 | ctx->sgl.sgt.sgl = ctx->sgl.sgl; |
107 | ctx->sgl.sgt.nents = 0; |
108 | ctx->sgl.sgt.orig_nents = 0; |
109 | |
110 | err = -EIO; |
111 | npages = iov_iter_npages(i: &msg->msg_iter, maxpages: max_pages); |
112 | if (npages == 0) |
113 | goto unlock_free; |
114 | |
115 | sg_init_table(ctx->sgl.sgl, npages); |
116 | |
117 | ctx->sgl.need_unpin = iov_iter_extract_will_pin(iter: &msg->msg_iter); |
118 | |
119 | err = extract_iter_to_sg(iter: &msg->msg_iter, LONG_MAX, |
120 | sgtable: &ctx->sgl.sgt, sg_max: npages, extraction_flags: 0); |
121 | if (err < 0) |
122 | goto unlock_free; |
123 | len = err; |
124 | sg_mark_end(sg: ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1); |
125 | |
126 | if (!msg_data_left(msg)) { |
127 | err = hash_alloc_result(sk, ctx); |
128 | if (err) |
129 | goto unlock_free; |
130 | } |
131 | |
132 | ahash_request_set_crypt(req: &ctx->req, src: ctx->sgl.sgt.sgl, |
133 | result: ctx->result, nbytes: len); |
134 | |
135 | if (!msg_data_left(msg) && !continuing && |
136 | !(msg->msg_flags & MSG_MORE)) { |
137 | err = crypto_ahash_digest(req: &ctx->req); |
138 | } else { |
139 | if (need_init) { |
140 | err = crypto_wait_req( |
141 | err: crypto_ahash_init(req: &ctx->req), |
142 | wait: &ctx->wait); |
143 | if (err) |
144 | goto unlock_free; |
145 | need_init = false; |
146 | } |
147 | |
148 | if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE)) |
149 | err = crypto_ahash_update(req: &ctx->req); |
150 | else |
151 | err = crypto_ahash_finup(req: &ctx->req); |
152 | continuing = true; |
153 | } |
154 | |
155 | err = crypto_wait_req(err, wait: &ctx->wait); |
156 | if (err) |
157 | goto unlock_free; |
158 | |
159 | copied += len; |
160 | af_alg_free_sg(sgl: &ctx->sgl); |
161 | } |
162 | |
163 | done_more: |
164 | ctx->more = msg->msg_flags & MSG_MORE; |
165 | done: |
166 | err = 0; |
167 | unlock: |
168 | release_sock(sk); |
169 | return copied ?: err; |
170 | |
171 | unlock_free: |
172 | af_alg_free_sg(sgl: &ctx->sgl); |
173 | unlock_free_result: |
174 | hash_free_result(sk, ctx); |
175 | ctx->more = false; |
176 | goto unlock; |
177 | } |
178 | |
179 | static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, |
180 | int flags) |
181 | { |
182 | struct sock *sk = sock->sk; |
183 | struct alg_sock *ask = alg_sk(sk); |
184 | struct hash_ctx *ctx = ask->private; |
185 | unsigned ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req)); |
186 | bool result; |
187 | int err; |
188 | |
189 | if (len > ds) |
190 | len = ds; |
191 | else if (len < ds) |
192 | msg->msg_flags |= MSG_TRUNC; |
193 | |
194 | lock_sock(sk); |
195 | result = ctx->result; |
196 | err = hash_alloc_result(sk, ctx); |
197 | if (err) |
198 | goto unlock; |
199 | |
200 | ahash_request_set_crypt(req: &ctx->req, NULL, result: ctx->result, nbytes: 0); |
201 | |
202 | if (!result && !ctx->more) { |
203 | err = crypto_wait_req(err: crypto_ahash_init(req: &ctx->req), |
204 | wait: &ctx->wait); |
205 | if (err) |
206 | goto unlock; |
207 | } |
208 | |
209 | if (!result || ctx->more) { |
210 | ctx->more = false; |
211 | err = crypto_wait_req(err: crypto_ahash_final(req: &ctx->req), |
212 | wait: &ctx->wait); |
213 | if (err) |
214 | goto unlock; |
215 | } |
216 | |
217 | err = memcpy_to_msg(msg, data: ctx->result, len); |
218 | |
219 | unlock: |
220 | hash_free_result(sk, ctx); |
221 | release_sock(sk); |
222 | |
223 | return err ?: len; |
224 | } |
225 | |
226 | static int hash_accept(struct socket *sock, struct socket *newsock, int flags, |
227 | bool kern) |
228 | { |
229 | struct sock *sk = sock->sk; |
230 | struct alg_sock *ask = alg_sk(sk); |
231 | struct hash_ctx *ctx = ask->private; |
232 | struct ahash_request *req = &ctx->req; |
233 | struct crypto_ahash *tfm; |
234 | struct sock *sk2; |
235 | struct alg_sock *ask2; |
236 | struct hash_ctx *ctx2; |
237 | char *state; |
238 | bool more; |
239 | int err; |
240 | |
241 | tfm = crypto_ahash_reqtfm(req); |
242 | state = kmalloc(size: crypto_ahash_statesize(tfm), GFP_KERNEL); |
243 | err = -ENOMEM; |
244 | if (!state) |
245 | goto out; |
246 | |
247 | lock_sock(sk); |
248 | more = ctx->more; |
249 | err = more ? crypto_ahash_export(req, out: state) : 0; |
250 | release_sock(sk); |
251 | |
252 | if (err) |
253 | goto out_free_state; |
254 | |
255 | err = af_alg_accept(sk: ask->parent, newsock, kern); |
256 | if (err) |
257 | goto out_free_state; |
258 | |
259 | sk2 = newsock->sk; |
260 | ask2 = alg_sk(sk: sk2); |
261 | ctx2 = ask2->private; |
262 | ctx2->more = more; |
263 | |
264 | if (!more) |
265 | goto out_free_state; |
266 | |
267 | err = crypto_ahash_import(req: &ctx2->req, in: state); |
268 | if (err) { |
269 | sock_orphan(sk: sk2); |
270 | sock_put(sk: sk2); |
271 | } |
272 | |
273 | out_free_state: |
274 | kfree_sensitive(objp: state); |
275 | |
276 | out: |
277 | return err; |
278 | } |
279 | |
280 | static struct proto_ops algif_hash_ops = { |
281 | .family = PF_ALG, |
282 | |
283 | .connect = sock_no_connect, |
284 | .socketpair = sock_no_socketpair, |
285 | .getname = sock_no_getname, |
286 | .ioctl = sock_no_ioctl, |
287 | .listen = sock_no_listen, |
288 | .shutdown = sock_no_shutdown, |
289 | .mmap = sock_no_mmap, |
290 | .bind = sock_no_bind, |
291 | |
292 | .release = af_alg_release, |
293 | .sendmsg = hash_sendmsg, |
294 | .recvmsg = hash_recvmsg, |
295 | .accept = hash_accept, |
296 | }; |
297 | |
298 | static int hash_check_key(struct socket *sock) |
299 | { |
300 | int err = 0; |
301 | struct sock *psk; |
302 | struct alg_sock *pask; |
303 | struct crypto_ahash *tfm; |
304 | struct sock *sk = sock->sk; |
305 | struct alg_sock *ask = alg_sk(sk); |
306 | |
307 | lock_sock(sk); |
308 | if (!atomic_read(v: &ask->nokey_refcnt)) |
309 | goto unlock_child; |
310 | |
311 | psk = ask->parent; |
312 | pask = alg_sk(sk: ask->parent); |
313 | tfm = pask->private; |
314 | |
315 | err = -ENOKEY; |
316 | lock_sock_nested(sk: psk, SINGLE_DEPTH_NESTING); |
317 | if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) |
318 | goto unlock; |
319 | |
320 | atomic_dec(v: &pask->nokey_refcnt); |
321 | atomic_set(v: &ask->nokey_refcnt, i: 0); |
322 | |
323 | err = 0; |
324 | |
325 | unlock: |
326 | release_sock(sk: psk); |
327 | unlock_child: |
328 | release_sock(sk); |
329 | |
330 | return err; |
331 | } |
332 | |
333 | static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg, |
334 | size_t size) |
335 | { |
336 | int err; |
337 | |
338 | err = hash_check_key(sock); |
339 | if (err) |
340 | return err; |
341 | |
342 | return hash_sendmsg(sock, msg, ignored: size); |
343 | } |
344 | |
345 | static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg, |
346 | size_t ignored, int flags) |
347 | { |
348 | int err; |
349 | |
350 | err = hash_check_key(sock); |
351 | if (err) |
352 | return err; |
353 | |
354 | return hash_recvmsg(sock, msg, len: ignored, flags); |
355 | } |
356 | |
357 | static int hash_accept_nokey(struct socket *sock, struct socket *newsock, |
358 | int flags, bool kern) |
359 | { |
360 | int err; |
361 | |
362 | err = hash_check_key(sock); |
363 | if (err) |
364 | return err; |
365 | |
366 | return hash_accept(sock, newsock, flags, kern); |
367 | } |
368 | |
369 | static struct proto_ops algif_hash_ops_nokey = { |
370 | .family = PF_ALG, |
371 | |
372 | .connect = sock_no_connect, |
373 | .socketpair = sock_no_socketpair, |
374 | .getname = sock_no_getname, |
375 | .ioctl = sock_no_ioctl, |
376 | .listen = sock_no_listen, |
377 | .shutdown = sock_no_shutdown, |
378 | .mmap = sock_no_mmap, |
379 | .bind = sock_no_bind, |
380 | |
381 | .release = af_alg_release, |
382 | .sendmsg = hash_sendmsg_nokey, |
383 | .recvmsg = hash_recvmsg_nokey, |
384 | .accept = hash_accept_nokey, |
385 | }; |
386 | |
387 | static void *hash_bind(const char *name, u32 type, u32 mask) |
388 | { |
389 | return crypto_alloc_ahash(alg_name: name, type, mask); |
390 | } |
391 | |
392 | static void hash_release(void *private) |
393 | { |
394 | crypto_free_ahash(tfm: private); |
395 | } |
396 | |
397 | static int hash_setkey(void *private, const u8 *key, unsigned int keylen) |
398 | { |
399 | return crypto_ahash_setkey(tfm: private, key, keylen); |
400 | } |
401 | |
402 | static void hash_sock_destruct(struct sock *sk) |
403 | { |
404 | struct alg_sock *ask = alg_sk(sk); |
405 | struct hash_ctx *ctx = ask->private; |
406 | |
407 | hash_free_result(sk, ctx); |
408 | sock_kfree_s(sk, mem: ctx, size: ctx->len); |
409 | af_alg_release_parent(sk); |
410 | } |
411 | |
412 | static int hash_accept_parent_nokey(void *private, struct sock *sk) |
413 | { |
414 | struct crypto_ahash *tfm = private; |
415 | struct alg_sock *ask = alg_sk(sk); |
416 | struct hash_ctx *ctx; |
417 | unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm); |
418 | |
419 | ctx = sock_kmalloc(sk, size: len, GFP_KERNEL); |
420 | if (!ctx) |
421 | return -ENOMEM; |
422 | |
423 | ctx->result = NULL; |
424 | ctx->len = len; |
425 | ctx->more = false; |
426 | crypto_init_wait(wait: &ctx->wait); |
427 | |
428 | ask->private = ctx; |
429 | |
430 | ahash_request_set_tfm(req: &ctx->req, tfm); |
431 | ahash_request_set_callback(req: &ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, |
432 | compl: crypto_req_done, data: &ctx->wait); |
433 | |
434 | sk->sk_destruct = hash_sock_destruct; |
435 | |
436 | return 0; |
437 | } |
438 | |
439 | static int hash_accept_parent(void *private, struct sock *sk) |
440 | { |
441 | struct crypto_ahash *tfm = private; |
442 | |
443 | if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) |
444 | return -ENOKEY; |
445 | |
446 | return hash_accept_parent_nokey(private, sk); |
447 | } |
448 | |
449 | static const struct af_alg_type algif_type_hash = { |
450 | .bind = hash_bind, |
451 | .release = hash_release, |
452 | .setkey = hash_setkey, |
453 | .accept = hash_accept_parent, |
454 | .accept_nokey = hash_accept_parent_nokey, |
455 | .ops = &algif_hash_ops, |
456 | .ops_nokey = &algif_hash_ops_nokey, |
457 | .name = "hash" , |
458 | .owner = THIS_MODULE |
459 | }; |
460 | |
461 | static int __init algif_hash_init(void) |
462 | { |
463 | return af_alg_register_type(type: &algif_type_hash); |
464 | } |
465 | |
466 | static void __exit algif_hash_exit(void) |
467 | { |
468 | int err = af_alg_unregister_type(type: &algif_type_hash); |
469 | BUG_ON(err); |
470 | } |
471 | |
472 | module_init(algif_hash_init); |
473 | module_exit(algif_hash_exit); |
474 | MODULE_LICENSE("GPL" ); |
475 | |