1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * algif_hash: User-space interface for hash algorithms
4 *
5 * This file provides the user-space API for hash algorithms.
6 *
7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
8 */
9
10#include <crypto/hash.h>
11#include <crypto/if_alg.h>
12#include <linux/init.h>
13#include <linux/kernel.h>
14#include <linux/mm.h>
15#include <linux/module.h>
16#include <linux/net.h>
17#include <net/sock.h>
18
19struct hash_ctx {
20 struct af_alg_sgl sgl;
21
22 u8 *result;
23
24 struct crypto_wait wait;
25
26 unsigned int len;
27 bool more;
28
29 struct ahash_request req;
30};
31
32static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
33{
34 unsigned ds;
35
36 if (ctx->result)
37 return 0;
38
39 ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req));
40
41 ctx->result = sock_kmalloc(sk, size: ds, GFP_KERNEL);
42 if (!ctx->result)
43 return -ENOMEM;
44
45 memset(ctx->result, 0, ds);
46
47 return 0;
48}
49
50static void hash_free_result(struct sock *sk, struct hash_ctx *ctx)
51{
52 unsigned ds;
53
54 if (!ctx->result)
55 return;
56
57 ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req));
58
59 sock_kzfree_s(sk, mem: ctx->result, size: ds);
60 ctx->result = NULL;
61}
62
63static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
64 size_t ignored)
65{
66 struct sock *sk = sock->sk;
67 struct alg_sock *ask = alg_sk(sk);
68 struct hash_ctx *ctx = ask->private;
69 ssize_t copied = 0;
70 size_t len, max_pages, npages;
71 bool continuing, need_init = false;
72 int err;
73
74 max_pages = min_t(size_t, ALG_MAX_PAGES,
75 DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE));
76
77 lock_sock(sk);
78 continuing = ctx->more;
79
80 if (!continuing) {
81 /* Discard a previous request that wasn't marked MSG_MORE. */
82 hash_free_result(sk, ctx);
83 if (!msg_data_left(msg))
84 goto done; /* Zero-length; don't start new req */
85 need_init = true;
86 } else if (!msg_data_left(msg)) {
87 /*
88 * No data - finalise the prev req if MSG_MORE so any error
89 * comes out here.
90 */
91 if (!(msg->msg_flags & MSG_MORE)) {
92 err = hash_alloc_result(sk, ctx);
93 if (err)
94 goto unlock_free;
95 ahash_request_set_crypt(req: &ctx->req, NULL,
96 result: ctx->result, nbytes: 0);
97 err = crypto_wait_req(err: crypto_ahash_final(req: &ctx->req),
98 wait: &ctx->wait);
99 if (err)
100 goto unlock_free;
101 }
102 goto done_more;
103 }
104
105 while (msg_data_left(msg)) {
106 ctx->sgl.sgt.sgl = ctx->sgl.sgl;
107 ctx->sgl.sgt.nents = 0;
108 ctx->sgl.sgt.orig_nents = 0;
109
110 err = -EIO;
111 npages = iov_iter_npages(i: &msg->msg_iter, maxpages: max_pages);
112 if (npages == 0)
113 goto unlock_free;
114
115 sg_init_table(ctx->sgl.sgl, npages);
116
117 ctx->sgl.need_unpin = iov_iter_extract_will_pin(iter: &msg->msg_iter);
118
119 err = extract_iter_to_sg(iter: &msg->msg_iter, LONG_MAX,
120 sgtable: &ctx->sgl.sgt, sg_max: npages, extraction_flags: 0);
121 if (err < 0)
122 goto unlock_free;
123 len = err;
124 sg_mark_end(sg: ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1);
125
126 if (!msg_data_left(msg)) {
127 err = hash_alloc_result(sk, ctx);
128 if (err)
129 goto unlock_free;
130 }
131
132 ahash_request_set_crypt(req: &ctx->req, src: ctx->sgl.sgt.sgl,
133 result: ctx->result, nbytes: len);
134
135 if (!msg_data_left(msg) && !continuing &&
136 !(msg->msg_flags & MSG_MORE)) {
137 err = crypto_ahash_digest(req: &ctx->req);
138 } else {
139 if (need_init) {
140 err = crypto_wait_req(
141 err: crypto_ahash_init(req: &ctx->req),
142 wait: &ctx->wait);
143 if (err)
144 goto unlock_free;
145 need_init = false;
146 }
147
148 if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE))
149 err = crypto_ahash_update(req: &ctx->req);
150 else
151 err = crypto_ahash_finup(req: &ctx->req);
152 continuing = true;
153 }
154
155 err = crypto_wait_req(err, wait: &ctx->wait);
156 if (err)
157 goto unlock_free;
158
159 copied += len;
160 af_alg_free_sg(sgl: &ctx->sgl);
161 }
162
163done_more:
164 ctx->more = msg->msg_flags & MSG_MORE;
165done:
166 err = 0;
167unlock:
168 release_sock(sk);
169 return copied ?: err;
170
171unlock_free:
172 af_alg_free_sg(sgl: &ctx->sgl);
173 hash_free_result(sk, ctx);
174 ctx->more = false;
175 goto unlock;
176}
177
178static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
179 int flags)
180{
181 struct sock *sk = sock->sk;
182 struct alg_sock *ask = alg_sk(sk);
183 struct hash_ctx *ctx = ask->private;
184 unsigned ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req));
185 bool result;
186 int err;
187
188 if (len > ds)
189 len = ds;
190 else if (len < ds)
191 msg->msg_flags |= MSG_TRUNC;
192
193 lock_sock(sk);
194 result = ctx->result;
195 err = hash_alloc_result(sk, ctx);
196 if (err)
197 goto unlock;
198
199 ahash_request_set_crypt(req: &ctx->req, NULL, result: ctx->result, nbytes: 0);
200
201 if (!result && !ctx->more) {
202 err = crypto_wait_req(err: crypto_ahash_init(req: &ctx->req),
203 wait: &ctx->wait);
204 if (err)
205 goto unlock;
206 }
207
208 if (!result || ctx->more) {
209 ctx->more = false;
210 err = crypto_wait_req(err: crypto_ahash_final(req: &ctx->req),
211 wait: &ctx->wait);
212 if (err)
213 goto unlock;
214 }
215
216 err = memcpy_to_msg(msg, data: ctx->result, len);
217
218unlock:
219 hash_free_result(sk, ctx);
220 release_sock(sk);
221
222 return err ?: len;
223}
224
225static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
226 bool kern)
227{
228 struct sock *sk = sock->sk;
229 struct alg_sock *ask = alg_sk(sk);
230 struct hash_ctx *ctx = ask->private;
231 struct ahash_request *req = &ctx->req;
232 struct crypto_ahash *tfm;
233 struct sock *sk2;
234 struct alg_sock *ask2;
235 struct hash_ctx *ctx2;
236 char *state;
237 bool more;
238 int err;
239
240 tfm = crypto_ahash_reqtfm(req);
241 state = kmalloc(size: crypto_ahash_statesize(tfm), GFP_KERNEL);
242 err = -ENOMEM;
243 if (!state)
244 goto out;
245
246 lock_sock(sk);
247 more = ctx->more;
248 err = more ? crypto_ahash_export(req, out: state) : 0;
249 release_sock(sk);
250
251 if (err)
252 goto out_free_state;
253
254 err = af_alg_accept(sk: ask->parent, newsock, kern);
255 if (err)
256 goto out_free_state;
257
258 sk2 = newsock->sk;
259 ask2 = alg_sk(sk: sk2);
260 ctx2 = ask2->private;
261 ctx2->more = more;
262
263 if (!more)
264 goto out_free_state;
265
266 err = crypto_ahash_import(req: &ctx2->req, in: state);
267 if (err) {
268 sock_orphan(sk: sk2);
269 sock_put(sk: sk2);
270 }
271
272out_free_state:
273 kfree_sensitive(objp: state);
274
275out:
276 return err;
277}
278
279static struct proto_ops algif_hash_ops = {
280 .family = PF_ALG,
281
282 .connect = sock_no_connect,
283 .socketpair = sock_no_socketpair,
284 .getname = sock_no_getname,
285 .ioctl = sock_no_ioctl,
286 .listen = sock_no_listen,
287 .shutdown = sock_no_shutdown,
288 .mmap = sock_no_mmap,
289 .bind = sock_no_bind,
290
291 .release = af_alg_release,
292 .sendmsg = hash_sendmsg,
293 .recvmsg = hash_recvmsg,
294 .accept = hash_accept,
295};
296
297static int hash_check_key(struct socket *sock)
298{
299 int err = 0;
300 struct sock *psk;
301 struct alg_sock *pask;
302 struct crypto_ahash *tfm;
303 struct sock *sk = sock->sk;
304 struct alg_sock *ask = alg_sk(sk);
305
306 lock_sock(sk);
307 if (!atomic_read(v: &ask->nokey_refcnt))
308 goto unlock_child;
309
310 psk = ask->parent;
311 pask = alg_sk(sk: ask->parent);
312 tfm = pask->private;
313
314 err = -ENOKEY;
315 lock_sock_nested(sk: psk, SINGLE_DEPTH_NESTING);
316 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
317 goto unlock;
318
319 atomic_dec(v: &pask->nokey_refcnt);
320 atomic_set(v: &ask->nokey_refcnt, i: 0);
321
322 err = 0;
323
324unlock:
325 release_sock(sk: psk);
326unlock_child:
327 release_sock(sk);
328
329 return err;
330}
331
332static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
333 size_t size)
334{
335 int err;
336
337 err = hash_check_key(sock);
338 if (err)
339 return err;
340
341 return hash_sendmsg(sock, msg, ignored: size);
342}
343
344static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
345 size_t ignored, int flags)
346{
347 int err;
348
349 err = hash_check_key(sock);
350 if (err)
351 return err;
352
353 return hash_recvmsg(sock, msg, len: ignored, flags);
354}
355
356static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
357 int flags, bool kern)
358{
359 int err;
360
361 err = hash_check_key(sock);
362 if (err)
363 return err;
364
365 return hash_accept(sock, newsock, flags, kern);
366}
367
368static struct proto_ops algif_hash_ops_nokey = {
369 .family = PF_ALG,
370
371 .connect = sock_no_connect,
372 .socketpair = sock_no_socketpair,
373 .getname = sock_no_getname,
374 .ioctl = sock_no_ioctl,
375 .listen = sock_no_listen,
376 .shutdown = sock_no_shutdown,
377 .mmap = sock_no_mmap,
378 .bind = sock_no_bind,
379
380 .release = af_alg_release,
381 .sendmsg = hash_sendmsg_nokey,
382 .recvmsg = hash_recvmsg_nokey,
383 .accept = hash_accept_nokey,
384};
385
386static void *hash_bind(const char *name, u32 type, u32 mask)
387{
388 return crypto_alloc_ahash(alg_name: name, type, mask);
389}
390
391static void hash_release(void *private)
392{
393 crypto_free_ahash(tfm: private);
394}
395
396static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
397{
398 return crypto_ahash_setkey(tfm: private, key, keylen);
399}
400
401static void hash_sock_destruct(struct sock *sk)
402{
403 struct alg_sock *ask = alg_sk(sk);
404 struct hash_ctx *ctx = ask->private;
405
406 hash_free_result(sk, ctx);
407 sock_kfree_s(sk, mem: ctx, size: ctx->len);
408 af_alg_release_parent(sk);
409}
410
411static int hash_accept_parent_nokey(void *private, struct sock *sk)
412{
413 struct crypto_ahash *tfm = private;
414 struct alg_sock *ask = alg_sk(sk);
415 struct hash_ctx *ctx;
416 unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm);
417
418 ctx = sock_kmalloc(sk, size: len, GFP_KERNEL);
419 if (!ctx)
420 return -ENOMEM;
421
422 ctx->result = NULL;
423 ctx->len = len;
424 ctx->more = false;
425 crypto_init_wait(wait: &ctx->wait);
426
427 ask->private = ctx;
428
429 ahash_request_set_tfm(req: &ctx->req, tfm);
430 ahash_request_set_callback(req: &ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
431 compl: crypto_req_done, data: &ctx->wait);
432
433 sk->sk_destruct = hash_sock_destruct;
434
435 return 0;
436}
437
438static int hash_accept_parent(void *private, struct sock *sk)
439{
440 struct crypto_ahash *tfm = private;
441
442 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
443 return -ENOKEY;
444
445 return hash_accept_parent_nokey(private, sk);
446}
447
448static const struct af_alg_type algif_type_hash = {
449 .bind = hash_bind,
450 .release = hash_release,
451 .setkey = hash_setkey,
452 .accept = hash_accept_parent,
453 .accept_nokey = hash_accept_parent_nokey,
454 .ops = &algif_hash_ops,
455 .ops_nokey = &algif_hash_ops_nokey,
456 .name = "hash",
457 .owner = THIS_MODULE
458};
459
460static int __init algif_hash_init(void)
461{
462 return af_alg_register_type(type: &algif_type_hash);
463}
464
465static void __exit algif_hash_exit(void)
466{
467 int err = af_alg_unregister_type(type: &algif_type_hash);
468 BUG_ON(err);
469}
470
471module_init(algif_hash_init);
472module_exit(algif_hash_exit);
473MODULE_LICENSE("GPL");
474

source code of linux/crypto/algif_hash.c