1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * algif_hash: User-space interface for hash algorithms
4 *
5 * This file provides the user-space API for hash algorithms.
6 *
7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
8 */
9
10 #include <crypto/hash.h>
11 #include <crypto/if_alg.h>
12 #include <linux/init.h>
13 #include <linux/kernel.h>
14 #include <linux/mm.h>
15 #include <linux/module.h>
16 #include <linux/net.h>
17 #include <net/sock.h>
18
19 struct hash_ctx {
20 struct af_alg_sgl sgl;
21
22 u8 *result;
23
24 struct crypto_wait wait;
25
26 unsigned int len;
27 bool more;
28
29 struct ahash_request req;
30 };
31
hash_alloc_result(struct sock * sk,struct hash_ctx * ctx)32 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
33 {
34 unsigned ds;
35
36 if (ctx->result)
37 return 0;
38
39 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
40
41 ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL);
42 if (!ctx->result)
43 return -ENOMEM;
44
45 memset(ctx->result, 0, ds);
46
47 return 0;
48 }
49
hash_free_result(struct sock * sk,struct hash_ctx * ctx)50 static void hash_free_result(struct sock *sk, struct hash_ctx *ctx)
51 {
52 unsigned ds;
53
54 if (!ctx->result)
55 return;
56
57 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
58
59 sock_kzfree_s(sk, ctx->result, ds);
60 ctx->result = NULL;
61 }
62
hash_sendmsg(struct socket * sock,struct msghdr * msg,size_t ignored)63 static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
64 size_t ignored)
65 {
66 int limit = ALG_MAX_PAGES * PAGE_SIZE;
67 struct sock *sk = sock->sk;
68 struct alg_sock *ask = alg_sk(sk);
69 struct hash_ctx *ctx = ask->private;
70 long copied = 0;
71 int err;
72
73 if (limit > sk->sk_sndbuf)
74 limit = sk->sk_sndbuf;
75
76 lock_sock(sk);
77 if (!ctx->more) {
78 if ((msg->msg_flags & MSG_MORE))
79 hash_free_result(sk, ctx);
80
81 err = crypto_wait_req(crypto_ahash_init(&ctx->req), &ctx->wait);
82 if (err)
83 goto unlock;
84 }
85
86 ctx->more = false;
87
88 while (msg_data_left(msg)) {
89 int len = msg_data_left(msg);
90
91 if (len > limit)
92 len = limit;
93
94 len = af_alg_make_sg(&ctx->sgl, &msg->msg_iter, len);
95 if (len < 0) {
96 err = copied ? 0 : len;
97 goto unlock;
98 }
99
100 ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL, len);
101
102 err = crypto_wait_req(crypto_ahash_update(&ctx->req),
103 &ctx->wait);
104 af_alg_free_sg(&ctx->sgl);
105 if (err)
106 goto unlock;
107
108 copied += len;
109 iov_iter_advance(&msg->msg_iter, len);
110 }
111
112 err = 0;
113
114 ctx->more = msg->msg_flags & MSG_MORE;
115 if (!ctx->more) {
116 err = hash_alloc_result(sk, ctx);
117 if (err)
118 goto unlock;
119
120 ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
121 err = crypto_wait_req(crypto_ahash_final(&ctx->req),
122 &ctx->wait);
123 }
124
125 unlock:
126 release_sock(sk);
127
128 return err ?: copied;
129 }
130
hash_sendpage(struct socket * sock,struct page * page,int offset,size_t size,int flags)131 static ssize_t hash_sendpage(struct socket *sock, struct page *page,
132 int offset, size_t size, int flags)
133 {
134 struct sock *sk = sock->sk;
135 struct alg_sock *ask = alg_sk(sk);
136 struct hash_ctx *ctx = ask->private;
137 int err;
138
139 if (flags & MSG_SENDPAGE_NOTLAST)
140 flags |= MSG_MORE;
141
142 lock_sock(sk);
143 sg_init_table(ctx->sgl.sg, 1);
144 sg_set_page(ctx->sgl.sg, page, size, offset);
145
146 if (!(flags & MSG_MORE)) {
147 err = hash_alloc_result(sk, ctx);
148 if (err)
149 goto unlock;
150 } else if (!ctx->more)
151 hash_free_result(sk, ctx);
152
153 ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, ctx->result, size);
154
155 if (!(flags & MSG_MORE)) {
156 if (ctx->more)
157 err = crypto_ahash_finup(&ctx->req);
158 else
159 err = crypto_ahash_digest(&ctx->req);
160 } else {
161 if (!ctx->more) {
162 err = crypto_ahash_init(&ctx->req);
163 err = crypto_wait_req(err, &ctx->wait);
164 if (err)
165 goto unlock;
166 }
167
168 err = crypto_ahash_update(&ctx->req);
169 }
170
171 err = crypto_wait_req(err, &ctx->wait);
172 if (err)
173 goto unlock;
174
175 ctx->more = flags & MSG_MORE;
176
177 unlock:
178 release_sock(sk);
179
180 return err ?: size;
181 }
182
hash_recvmsg(struct socket * sock,struct msghdr * msg,size_t len,int flags)183 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
184 int flags)
185 {
186 struct sock *sk = sock->sk;
187 struct alg_sock *ask = alg_sk(sk);
188 struct hash_ctx *ctx = ask->private;
189 unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req));
190 bool result;
191 int err;
192
193 if (len > ds)
194 len = ds;
195 else if (len < ds)
196 msg->msg_flags |= MSG_TRUNC;
197
198 lock_sock(sk);
199 result = ctx->result;
200 err = hash_alloc_result(sk, ctx);
201 if (err)
202 goto unlock;
203
204 ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
205
206 if (!result && !ctx->more) {
207 err = crypto_wait_req(crypto_ahash_init(&ctx->req),
208 &ctx->wait);
209 if (err)
210 goto unlock;
211 }
212
213 if (!result || ctx->more) {
214 ctx->more = false;
215 err = crypto_wait_req(crypto_ahash_final(&ctx->req),
216 &ctx->wait);
217 if (err)
218 goto unlock;
219 }
220
221 err = memcpy_to_msg(msg, ctx->result, len);
222
223 unlock:
224 hash_free_result(sk, ctx);
225 release_sock(sk);
226
227 return err ?: len;
228 }
229
hash_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)230 static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
231 bool kern)
232 {
233 struct sock *sk = sock->sk;
234 struct alg_sock *ask = alg_sk(sk);
235 struct hash_ctx *ctx = ask->private;
236 struct ahash_request *req = &ctx->req;
237 char state[HASH_MAX_STATESIZE];
238 struct sock *sk2;
239 struct alg_sock *ask2;
240 struct hash_ctx *ctx2;
241 bool more;
242 int err;
243
244 lock_sock(sk);
245 more = ctx->more;
246 err = more ? crypto_ahash_export(req, state) : 0;
247 release_sock(sk);
248
249 if (err)
250 return err;
251
252 err = af_alg_accept(ask->parent, newsock, kern);
253 if (err)
254 return err;
255
256 sk2 = newsock->sk;
257 ask2 = alg_sk(sk2);
258 ctx2 = ask2->private;
259 ctx2->more = more;
260
261 if (!more)
262 return err;
263
264 err = crypto_ahash_import(&ctx2->req, state);
265
266 return err;
267 }
268
269 static struct proto_ops algif_hash_ops = {
270 .family = PF_ALG,
271
272 .connect = sock_no_connect,
273 .socketpair = sock_no_socketpair,
274 .getname = sock_no_getname,
275 .ioctl = sock_no_ioctl,
276 .listen = sock_no_listen,
277 .shutdown = sock_no_shutdown,
278 .mmap = sock_no_mmap,
279 .bind = sock_no_bind,
280
281 .release = af_alg_release,
282 .sendmsg = hash_sendmsg,
283 .sendpage = hash_sendpage,
284 .recvmsg = hash_recvmsg,
285 .accept = hash_accept,
286 };
287
hash_check_key(struct socket * sock)288 static int hash_check_key(struct socket *sock)
289 {
290 int err = 0;
291 struct sock *psk;
292 struct alg_sock *pask;
293 struct crypto_ahash *tfm;
294 struct sock *sk = sock->sk;
295 struct alg_sock *ask = alg_sk(sk);
296
297 lock_sock(sk);
298 if (!atomic_read(&ask->nokey_refcnt))
299 goto unlock_child;
300
301 psk = ask->parent;
302 pask = alg_sk(ask->parent);
303 tfm = pask->private;
304
305 err = -ENOKEY;
306 lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
307 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
308 goto unlock;
309
310 atomic_dec(&pask->nokey_refcnt);
311 atomic_set(&ask->nokey_refcnt, 0);
312
313 err = 0;
314
315 unlock:
316 release_sock(psk);
317 unlock_child:
318 release_sock(sk);
319
320 return err;
321 }
322
hash_sendmsg_nokey(struct socket * sock,struct msghdr * msg,size_t size)323 static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
324 size_t size)
325 {
326 int err;
327
328 err = hash_check_key(sock);
329 if (err)
330 return err;
331
332 return hash_sendmsg(sock, msg, size);
333 }
334
hash_sendpage_nokey(struct socket * sock,struct page * page,int offset,size_t size,int flags)335 static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
336 int offset, size_t size, int flags)
337 {
338 int err;
339
340 err = hash_check_key(sock);
341 if (err)
342 return err;
343
344 return hash_sendpage(sock, page, offset, size, flags);
345 }
346
hash_recvmsg_nokey(struct socket * sock,struct msghdr * msg,size_t ignored,int flags)347 static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
348 size_t ignored, int flags)
349 {
350 int err;
351
352 err = hash_check_key(sock);
353 if (err)
354 return err;
355
356 return hash_recvmsg(sock, msg, ignored, flags);
357 }
358
hash_accept_nokey(struct socket * sock,struct socket * newsock,int flags,bool kern)359 static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
360 int flags, bool kern)
361 {
362 int err;
363
364 err = hash_check_key(sock);
365 if (err)
366 return err;
367
368 return hash_accept(sock, newsock, flags, kern);
369 }
370
371 static struct proto_ops algif_hash_ops_nokey = {
372 .family = PF_ALG,
373
374 .connect = sock_no_connect,
375 .socketpair = sock_no_socketpair,
376 .getname = sock_no_getname,
377 .ioctl = sock_no_ioctl,
378 .listen = sock_no_listen,
379 .shutdown = sock_no_shutdown,
380 .mmap = sock_no_mmap,
381 .bind = sock_no_bind,
382
383 .release = af_alg_release,
384 .sendmsg = hash_sendmsg_nokey,
385 .sendpage = hash_sendpage_nokey,
386 .recvmsg = hash_recvmsg_nokey,
387 .accept = hash_accept_nokey,
388 };
389
hash_bind(const char * name,u32 type,u32 mask)390 static void *hash_bind(const char *name, u32 type, u32 mask)
391 {
392 return crypto_alloc_ahash(name, type, mask);
393 }
394
hash_release(void * private)395 static void hash_release(void *private)
396 {
397 crypto_free_ahash(private);
398 }
399
hash_setkey(void * private,const u8 * key,unsigned int keylen)400 static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
401 {
402 return crypto_ahash_setkey(private, key, keylen);
403 }
404
hash_sock_destruct(struct sock * sk)405 static void hash_sock_destruct(struct sock *sk)
406 {
407 struct alg_sock *ask = alg_sk(sk);
408 struct hash_ctx *ctx = ask->private;
409
410 hash_free_result(sk, ctx);
411 sock_kfree_s(sk, ctx, ctx->len);
412 af_alg_release_parent(sk);
413 }
414
hash_accept_parent_nokey(void * private,struct sock * sk)415 static int hash_accept_parent_nokey(void *private, struct sock *sk)
416 {
417 struct crypto_ahash *tfm = private;
418 struct alg_sock *ask = alg_sk(sk);
419 struct hash_ctx *ctx;
420 unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm);
421
422 ctx = sock_kmalloc(sk, len, GFP_KERNEL);
423 if (!ctx)
424 return -ENOMEM;
425
426 ctx->result = NULL;
427 ctx->len = len;
428 ctx->more = false;
429 crypto_init_wait(&ctx->wait);
430
431 ask->private = ctx;
432
433 ahash_request_set_tfm(&ctx->req, tfm);
434 ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
435 crypto_req_done, &ctx->wait);
436
437 sk->sk_destruct = hash_sock_destruct;
438
439 return 0;
440 }
441
hash_accept_parent(void * private,struct sock * sk)442 static int hash_accept_parent(void *private, struct sock *sk)
443 {
444 struct crypto_ahash *tfm = private;
445
446 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
447 return -ENOKEY;
448
449 return hash_accept_parent_nokey(private, sk);
450 }
451
452 static const struct af_alg_type algif_type_hash = {
453 .bind = hash_bind,
454 .release = hash_release,
455 .setkey = hash_setkey,
456 .accept = hash_accept_parent,
457 .accept_nokey = hash_accept_parent_nokey,
458 .ops = &algif_hash_ops,
459 .ops_nokey = &algif_hash_ops_nokey,
460 .name = "hash",
461 .owner = THIS_MODULE
462 };
463
algif_hash_init(void)464 static int __init algif_hash_init(void)
465 {
466 return af_alg_register_type(&algif_type_hash);
467 }
468
algif_hash_exit(void)469 static void __exit algif_hash_exit(void)
470 {
471 int err = af_alg_unregister_type(&algif_type_hash);
472 BUG_ON(err);
473 }
474
475 module_init(algif_hash_init);
476 module_exit(algif_hash_exit);
477 MODULE_LICENSE("GPL");
478