1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * algif_hash: User-space interface for hash algorithms |
4 | * |
5 | * This file provides the user-space API for hash algorithms. |
6 | * |
7 | * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> |
8 | */ |
9 | |
10 | #include <crypto/hash.h> |
11 | #include <crypto/if_alg.h> |
12 | #include <linux/init.h> |
13 | #include <linux/kernel.h> |
14 | #include <linux/mm.h> |
15 | #include <linux/module.h> |
16 | #include <linux/net.h> |
17 | #include <net/sock.h> |
18 | |
19 | struct hash_ctx { |
20 | struct af_alg_sgl sgl; |
21 | |
22 | u8 *result; |
23 | |
24 | struct crypto_wait wait; |
25 | |
26 | unsigned int len; |
27 | bool more; |
28 | |
29 | struct ahash_request req; |
30 | }; |
31 | |
32 | static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx) |
33 | { |
34 | unsigned ds; |
35 | |
36 | if (ctx->result) |
37 | return 0; |
38 | |
39 | ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req)); |
40 | |
41 | ctx->result = sock_kmalloc(sk, size: ds, GFP_KERNEL); |
42 | if (!ctx->result) |
43 | return -ENOMEM; |
44 | |
45 | memset(ctx->result, 0, ds); |
46 | |
47 | return 0; |
48 | } |
49 | |
50 | static void hash_free_result(struct sock *sk, struct hash_ctx *ctx) |
51 | { |
52 | unsigned ds; |
53 | |
54 | if (!ctx->result) |
55 | return; |
56 | |
57 | ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req)); |
58 | |
59 | sock_kzfree_s(sk, mem: ctx->result, size: ds); |
60 | ctx->result = NULL; |
61 | } |
62 | |
63 | static int hash_sendmsg(struct socket *sock, struct msghdr *msg, |
64 | size_t ignored) |
65 | { |
66 | struct sock *sk = sock->sk; |
67 | struct alg_sock *ask = alg_sk(sk); |
68 | struct hash_ctx *ctx = ask->private; |
69 | ssize_t copied = 0; |
70 | size_t len, max_pages, npages; |
71 | bool continuing, need_init = false; |
72 | int err; |
73 | |
74 | max_pages = min_t(size_t, ALG_MAX_PAGES, |
75 | DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE)); |
76 | |
77 | lock_sock(sk); |
78 | continuing = ctx->more; |
79 | |
80 | if (!continuing) { |
81 | /* Discard a previous request that wasn't marked MSG_MORE. */ |
82 | hash_free_result(sk, ctx); |
83 | if (!msg_data_left(msg)) |
84 | goto done; /* Zero-length; don't start new req */ |
85 | need_init = true; |
86 | } else if (!msg_data_left(msg)) { |
87 | /* |
88 | * No data - finalise the prev req if MSG_MORE so any error |
89 | * comes out here. |
90 | */ |
91 | if (!(msg->msg_flags & MSG_MORE)) { |
92 | err = hash_alloc_result(sk, ctx); |
93 | if (err) |
94 | goto unlock_free; |
95 | ahash_request_set_crypt(req: &ctx->req, NULL, |
96 | result: ctx->result, nbytes: 0); |
97 | err = crypto_wait_req(err: crypto_ahash_final(req: &ctx->req), |
98 | wait: &ctx->wait); |
99 | if (err) |
100 | goto unlock_free; |
101 | } |
102 | goto done_more; |
103 | } |
104 | |
105 | while (msg_data_left(msg)) { |
106 | ctx->sgl.sgt.sgl = ctx->sgl.sgl; |
107 | ctx->sgl.sgt.nents = 0; |
108 | ctx->sgl.sgt.orig_nents = 0; |
109 | |
110 | err = -EIO; |
111 | npages = iov_iter_npages(i: &msg->msg_iter, maxpages: max_pages); |
112 | if (npages == 0) |
113 | goto unlock_free; |
114 | |
115 | sg_init_table(ctx->sgl.sgl, npages); |
116 | |
117 | ctx->sgl.need_unpin = iov_iter_extract_will_pin(iter: &msg->msg_iter); |
118 | |
119 | err = extract_iter_to_sg(iter: &msg->msg_iter, LONG_MAX, |
120 | sgtable: &ctx->sgl.sgt, sg_max: npages, extraction_flags: 0); |
121 | if (err < 0) |
122 | goto unlock_free; |
123 | len = err; |
124 | sg_mark_end(sg: ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1); |
125 | |
126 | if (!msg_data_left(msg)) { |
127 | err = hash_alloc_result(sk, ctx); |
128 | if (err) |
129 | goto unlock_free; |
130 | } |
131 | |
132 | ahash_request_set_crypt(req: &ctx->req, src: ctx->sgl.sgt.sgl, |
133 | result: ctx->result, nbytes: len); |
134 | |
135 | if (!msg_data_left(msg) && !continuing && |
136 | !(msg->msg_flags & MSG_MORE)) { |
137 | err = crypto_ahash_digest(req: &ctx->req); |
138 | } else { |
139 | if (need_init) { |
140 | err = crypto_wait_req( |
141 | err: crypto_ahash_init(req: &ctx->req), |
142 | wait: &ctx->wait); |
143 | if (err) |
144 | goto unlock_free; |
145 | need_init = false; |
146 | } |
147 | |
148 | if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE)) |
149 | err = crypto_ahash_update(req: &ctx->req); |
150 | else |
151 | err = crypto_ahash_finup(req: &ctx->req); |
152 | continuing = true; |
153 | } |
154 | |
155 | err = crypto_wait_req(err, wait: &ctx->wait); |
156 | if (err) |
157 | goto unlock_free; |
158 | |
159 | copied += len; |
160 | af_alg_free_sg(sgl: &ctx->sgl); |
161 | } |
162 | |
163 | done_more: |
164 | ctx->more = msg->msg_flags & MSG_MORE; |
165 | done: |
166 | err = 0; |
167 | unlock: |
168 | release_sock(sk); |
169 | return copied ?: err; |
170 | |
171 | unlock_free: |
172 | af_alg_free_sg(sgl: &ctx->sgl); |
173 | hash_free_result(sk, ctx); |
174 | ctx->more = false; |
175 | goto unlock; |
176 | } |
177 | |
178 | static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, |
179 | int flags) |
180 | { |
181 | struct sock *sk = sock->sk; |
182 | struct alg_sock *ask = alg_sk(sk); |
183 | struct hash_ctx *ctx = ask->private; |
184 | unsigned ds = crypto_ahash_digestsize(tfm: crypto_ahash_reqtfm(req: &ctx->req)); |
185 | bool result; |
186 | int err; |
187 | |
188 | if (len > ds) |
189 | len = ds; |
190 | else if (len < ds) |
191 | msg->msg_flags |= MSG_TRUNC; |
192 | |
193 | lock_sock(sk); |
194 | result = ctx->result; |
195 | err = hash_alloc_result(sk, ctx); |
196 | if (err) |
197 | goto unlock; |
198 | |
199 | ahash_request_set_crypt(req: &ctx->req, NULL, result: ctx->result, nbytes: 0); |
200 | |
201 | if (!result && !ctx->more) { |
202 | err = crypto_wait_req(err: crypto_ahash_init(req: &ctx->req), |
203 | wait: &ctx->wait); |
204 | if (err) |
205 | goto unlock; |
206 | } |
207 | |
208 | if (!result || ctx->more) { |
209 | ctx->more = false; |
210 | err = crypto_wait_req(err: crypto_ahash_final(req: &ctx->req), |
211 | wait: &ctx->wait); |
212 | if (err) |
213 | goto unlock; |
214 | } |
215 | |
216 | err = memcpy_to_msg(msg, data: ctx->result, len); |
217 | |
218 | unlock: |
219 | hash_free_result(sk, ctx); |
220 | release_sock(sk); |
221 | |
222 | return err ?: len; |
223 | } |
224 | |
225 | static int hash_accept(struct socket *sock, struct socket *newsock, int flags, |
226 | bool kern) |
227 | { |
228 | struct sock *sk = sock->sk; |
229 | struct alg_sock *ask = alg_sk(sk); |
230 | struct hash_ctx *ctx = ask->private; |
231 | struct ahash_request *req = &ctx->req; |
232 | struct crypto_ahash *tfm; |
233 | struct sock *sk2; |
234 | struct alg_sock *ask2; |
235 | struct hash_ctx *ctx2; |
236 | char *state; |
237 | bool more; |
238 | int err; |
239 | |
240 | tfm = crypto_ahash_reqtfm(req); |
241 | state = kmalloc(size: crypto_ahash_statesize(tfm), GFP_KERNEL); |
242 | err = -ENOMEM; |
243 | if (!state) |
244 | goto out; |
245 | |
246 | lock_sock(sk); |
247 | more = ctx->more; |
248 | err = more ? crypto_ahash_export(req, out: state) : 0; |
249 | release_sock(sk); |
250 | |
251 | if (err) |
252 | goto out_free_state; |
253 | |
254 | err = af_alg_accept(sk: ask->parent, newsock, kern); |
255 | if (err) |
256 | goto out_free_state; |
257 | |
258 | sk2 = newsock->sk; |
259 | ask2 = alg_sk(sk: sk2); |
260 | ctx2 = ask2->private; |
261 | ctx2->more = more; |
262 | |
263 | if (!more) |
264 | goto out_free_state; |
265 | |
266 | err = crypto_ahash_import(req: &ctx2->req, in: state); |
267 | if (err) { |
268 | sock_orphan(sk: sk2); |
269 | sock_put(sk: sk2); |
270 | } |
271 | |
272 | out_free_state: |
273 | kfree_sensitive(objp: state); |
274 | |
275 | out: |
276 | return err; |
277 | } |
278 | |
279 | static struct proto_ops algif_hash_ops = { |
280 | .family = PF_ALG, |
281 | |
282 | .connect = sock_no_connect, |
283 | .socketpair = sock_no_socketpair, |
284 | .getname = sock_no_getname, |
285 | .ioctl = sock_no_ioctl, |
286 | .listen = sock_no_listen, |
287 | .shutdown = sock_no_shutdown, |
288 | .mmap = sock_no_mmap, |
289 | .bind = sock_no_bind, |
290 | |
291 | .release = af_alg_release, |
292 | .sendmsg = hash_sendmsg, |
293 | .recvmsg = hash_recvmsg, |
294 | .accept = hash_accept, |
295 | }; |
296 | |
297 | static int hash_check_key(struct socket *sock) |
298 | { |
299 | int err = 0; |
300 | struct sock *psk; |
301 | struct alg_sock *pask; |
302 | struct crypto_ahash *tfm; |
303 | struct sock *sk = sock->sk; |
304 | struct alg_sock *ask = alg_sk(sk); |
305 | |
306 | lock_sock(sk); |
307 | if (!atomic_read(v: &ask->nokey_refcnt)) |
308 | goto unlock_child; |
309 | |
310 | psk = ask->parent; |
311 | pask = alg_sk(sk: ask->parent); |
312 | tfm = pask->private; |
313 | |
314 | err = -ENOKEY; |
315 | lock_sock_nested(sk: psk, SINGLE_DEPTH_NESTING); |
316 | if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) |
317 | goto unlock; |
318 | |
319 | atomic_dec(v: &pask->nokey_refcnt); |
320 | atomic_set(v: &ask->nokey_refcnt, i: 0); |
321 | |
322 | err = 0; |
323 | |
324 | unlock: |
325 | release_sock(sk: psk); |
326 | unlock_child: |
327 | release_sock(sk); |
328 | |
329 | return err; |
330 | } |
331 | |
332 | static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg, |
333 | size_t size) |
334 | { |
335 | int err; |
336 | |
337 | err = hash_check_key(sock); |
338 | if (err) |
339 | return err; |
340 | |
341 | return hash_sendmsg(sock, msg, ignored: size); |
342 | } |
343 | |
344 | static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg, |
345 | size_t ignored, int flags) |
346 | { |
347 | int err; |
348 | |
349 | err = hash_check_key(sock); |
350 | if (err) |
351 | return err; |
352 | |
353 | return hash_recvmsg(sock, msg, len: ignored, flags); |
354 | } |
355 | |
356 | static int hash_accept_nokey(struct socket *sock, struct socket *newsock, |
357 | int flags, bool kern) |
358 | { |
359 | int err; |
360 | |
361 | err = hash_check_key(sock); |
362 | if (err) |
363 | return err; |
364 | |
365 | return hash_accept(sock, newsock, flags, kern); |
366 | } |
367 | |
368 | static struct proto_ops algif_hash_ops_nokey = { |
369 | .family = PF_ALG, |
370 | |
371 | .connect = sock_no_connect, |
372 | .socketpair = sock_no_socketpair, |
373 | .getname = sock_no_getname, |
374 | .ioctl = sock_no_ioctl, |
375 | .listen = sock_no_listen, |
376 | .shutdown = sock_no_shutdown, |
377 | .mmap = sock_no_mmap, |
378 | .bind = sock_no_bind, |
379 | |
380 | .release = af_alg_release, |
381 | .sendmsg = hash_sendmsg_nokey, |
382 | .recvmsg = hash_recvmsg_nokey, |
383 | .accept = hash_accept_nokey, |
384 | }; |
385 | |
386 | static void *hash_bind(const char *name, u32 type, u32 mask) |
387 | { |
388 | return crypto_alloc_ahash(alg_name: name, type, mask); |
389 | } |
390 | |
391 | static void hash_release(void *private) |
392 | { |
393 | crypto_free_ahash(tfm: private); |
394 | } |
395 | |
396 | static int hash_setkey(void *private, const u8 *key, unsigned int keylen) |
397 | { |
398 | return crypto_ahash_setkey(tfm: private, key, keylen); |
399 | } |
400 | |
401 | static void hash_sock_destruct(struct sock *sk) |
402 | { |
403 | struct alg_sock *ask = alg_sk(sk); |
404 | struct hash_ctx *ctx = ask->private; |
405 | |
406 | hash_free_result(sk, ctx); |
407 | sock_kfree_s(sk, mem: ctx, size: ctx->len); |
408 | af_alg_release_parent(sk); |
409 | } |
410 | |
411 | static int hash_accept_parent_nokey(void *private, struct sock *sk) |
412 | { |
413 | struct crypto_ahash *tfm = private; |
414 | struct alg_sock *ask = alg_sk(sk); |
415 | struct hash_ctx *ctx; |
416 | unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm); |
417 | |
418 | ctx = sock_kmalloc(sk, size: len, GFP_KERNEL); |
419 | if (!ctx) |
420 | return -ENOMEM; |
421 | |
422 | ctx->result = NULL; |
423 | ctx->len = len; |
424 | ctx->more = false; |
425 | crypto_init_wait(wait: &ctx->wait); |
426 | |
427 | ask->private = ctx; |
428 | |
429 | ahash_request_set_tfm(req: &ctx->req, tfm); |
430 | ahash_request_set_callback(req: &ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, |
431 | compl: crypto_req_done, data: &ctx->wait); |
432 | |
433 | sk->sk_destruct = hash_sock_destruct; |
434 | |
435 | return 0; |
436 | } |
437 | |
438 | static int hash_accept_parent(void *private, struct sock *sk) |
439 | { |
440 | struct crypto_ahash *tfm = private; |
441 | |
442 | if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) |
443 | return -ENOKEY; |
444 | |
445 | return hash_accept_parent_nokey(private, sk); |
446 | } |
447 | |
448 | static const struct af_alg_type algif_type_hash = { |
449 | .bind = hash_bind, |
450 | .release = hash_release, |
451 | .setkey = hash_setkey, |
452 | .accept = hash_accept_parent, |
453 | .accept_nokey = hash_accept_parent_nokey, |
454 | .ops = &algif_hash_ops, |
455 | .ops_nokey = &algif_hash_ops_nokey, |
456 | .name = "hash" , |
457 | .owner = THIS_MODULE |
458 | }; |
459 | |
460 | static int __init algif_hash_init(void) |
461 | { |
462 | return af_alg_register_type(type: &algif_type_hash); |
463 | } |
464 | |
465 | static void __exit algif_hash_exit(void) |
466 | { |
467 | int err = af_alg_unregister_type(type: &algif_type_hash); |
468 | BUG_ON(err); |
469 | } |
470 | |
471 | module_init(algif_hash_init); |
472 | module_exit(algif_hash_exit); |
473 | MODULE_LICENSE("GPL" ); |
474 | |