^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * algif_aead: User-space interface for AEAD algorithms
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * This file provides the user-space API for AEAD ciphers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * The following concept of the memory management is used:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * filled by user space with the data submitted via sendpage/sendmsg. Filling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * up the TX SGL does not cause a crypto operation -- the data will only be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) * tracked by the kernel. Upon receipt of one recvmsg call, the caller must
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) * provide a buffer which is tracked with the RX SGL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * During the processing of the recvmsg operation, the cipher request is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * allocated and prepared. As part of the recvmsg operation, the processed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * TX buffers are extracted from the TX SGL into a separate SGL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * After the completion of the crypto operation, the RX SGL and the cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * request is released. The extracted TX SGL parts are released together with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) * the RX SGL release.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <crypto/internal/aead.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <crypto/scatterwalk.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <crypto/if_alg.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <crypto/skcipher.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <crypto/null.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <linux/list.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include <linux/mm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include <linux/net.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include <net/sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) struct aead_tfm {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) struct crypto_sync_skcipher *null_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) static inline bool aead_sufficient_data(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) struct alg_sock *ask = alg_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) struct sock *psk = ask->parent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) struct alg_sock *pask = alg_sk(psk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) struct af_alg_ctx *ctx = ask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) struct aead_tfm *aeadc = pask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) struct crypto_aead *tfm = aeadc->aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) unsigned int as = crypto_aead_authsize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) * The minimum amount of memory needed for an AEAD cipher is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) * the AAD and in case of decryption the tag.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) static int aead_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) struct alg_sock *ask = alg_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) struct sock *psk = ask->parent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) struct alg_sock *pask = alg_sk(psk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) struct aead_tfm *aeadc = pask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) struct crypto_aead *tfm = aeadc->aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) unsigned int ivsize = crypto_aead_ivsize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) return af_alg_sendmsg(sock, msg, size, ivsize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) static int crypto_aead_copy_sgl(struct crypto_sync_skcipher *null_tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) struct scatterlist *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) struct scatterlist *dst, unsigned int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) SYNC_SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) skcipher_request_set_sync_tfm(skreq, null_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_SLEEP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) NULL, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) skcipher_request_set_crypt(skreq, src, dst, len, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) return crypto_skcipher_encrypt(skreq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) size_t ignored, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) struct alg_sock *ask = alg_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) struct sock *psk = ask->parent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) struct alg_sock *pask = alg_sk(psk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) struct af_alg_ctx *ctx = ask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) struct aead_tfm *aeadc = pask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) struct crypto_aead *tfm = aeadc->aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) unsigned int i, as = crypto_aead_authsize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) struct af_alg_async_req *areq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) struct af_alg_tsgl *tsgl, *tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) struct scatterlist *rsgl_src, *tsgl_src = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) size_t used = 0; /* [in] TX bufs to be en/decrypted */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) size_t outlen = 0; /* [out] RX bufs produced by kernel */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) size_t usedpages = 0; /* [in] RX bufs to be used from user */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) size_t processed = 0; /* [in] TX bufs to be consumed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) if (!ctx->init || ctx->more) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) err = af_alg_wait_for_data(sk, flags, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) * Data length provided by caller via sendmsg/sendpage that has not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) * yet been processed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) used = ctx->used;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) * Make sure sufficient data is present -- note, the same check is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) * also present in sendmsg/sendpage. The checks in sendpage/sendmsg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) * shall provide an information to the data sender that something is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) * wrong, but they are irrelevant to maintain the kernel integrity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) * We need this check here too in case user space decides to not honor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) * the error message in sendmsg/sendpage and still call recvmsg. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) * check here protects the kernel integrity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) if (!aead_sufficient_data(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) * Calculate the minimum output buffer size holding the result of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) * cipher operation. When encrypting data, the receiving buffer is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) * larger by the tag length compared to the input buffer as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) * encryption operation generates the tag. For decryption, the input
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) * buffer provides the tag which is consumed resulting in only the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) * plaintext without a buffer for the tag returned to the caller.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) if (ctx->enc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) outlen = used + as;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) outlen = used - as;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) * The cipher operation input data is reduced by the associated data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) * length as this data is processed separately later on.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) used -= ctx->aead_assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) /* Allocate cipher request for current operation. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) crypto_aead_reqsize(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) if (IS_ERR(areq))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) return PTR_ERR(areq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) /* convert iovecs of output buffers into RX SGL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) goto free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) * Ensure output buffer is sufficiently large. If the caller provides
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) * less buffer space, only use the relative required input size. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) * allows AIO operation where the caller sent all data to be processed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) * and the AIO operation performs the operation on the different chunks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) * of the input data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) if (usedpages < outlen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) size_t less = outlen - usedpages;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) if (used < less) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) goto free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) used -= less;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) outlen -= less;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) processed = used + ctx->aead_assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) list_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) for (i = 0; i < tsgl->cur; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) struct scatterlist *process_sg = tsgl->sg + i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) if (!(process_sg->length) || !sg_page(process_sg))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) tsgl_src = process_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) if (tsgl_src)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) if (processed && !tsgl_src) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) err = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) goto free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) * Copy of AAD from source to destination
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) * The AAD is copied to the destination buffer without change. Even
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) * when user space uses an in-place cipher operation, the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) * will copy the data as it does not see whether such in-place operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) * is initiated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) * To ensure efficiency, the following implementation ensure that the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) * ciphers are invoked to perform a crypto operation in-place. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) * is achieved by memory management specified as follows.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) /* Use the RX SGL as source (and destination) for crypto op. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) rsgl_src = areq->first_rsgl.sgl.sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) if (ctx->enc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) * Encryption operation - The in-place cipher operation is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) * achieved by the following operation:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) * TX SGL: AAD || PT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) * | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) * | copy |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) * v v
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) * RX SGL: AAD || PT || Tag
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) areq->first_rsgl.sgl.sg, processed);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) goto free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) af_alg_pull_tsgl(sk, processed, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) * Decryption operation - To achieve an in-place cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) * operation, the following SGL structure is used:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) * TX SGL: AAD || CT || Tag
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) * | | ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) * | copy | | Create SGL link.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) * v v |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) * RX SGL: AAD || CT ----+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) /* Copy AAD || CT to RX SGL buffer for in-place operation. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) areq->first_rsgl.sgl.sg, outlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) goto free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) /* Create TX SGL for tag and chain it to RX SGL. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) processed - as);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) if (!areq->tsgl_entries)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) areq->tsgl_entries = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) areq->tsgl_entries),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) if (!areq->tsgl) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) err = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) goto free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) sg_init_table(areq->tsgl, areq->tsgl_entries);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) /* Release TX SGL, except for tag data and reassign tag data. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) /* chain the areq TX SGL holding the tag with RX SGL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) if (usedpages) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) /* RX SGL present */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) sg_chain(sgl_prev->sg, sgl_prev->npages + 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) areq->tsgl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) /* no RX SGL present (e.g. authentication only) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) rsgl_src = areq->tsgl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) /* Initialize the crypto operation */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) areq->first_rsgl.sgl.sg, used, ctx->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) /* AIO operation */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) sock_hold(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) areq->iocb = msg->msg_iocb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) /* Remember output size that will be generated. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) areq->outlen = outlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) aead_request_set_callback(&areq->cra_u.aead_req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) CRYPTO_TFM_REQ_MAY_SLEEP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) af_alg_async_cb, areq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) crypto_aead_decrypt(&areq->cra_u.aead_req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) /* AIO operation in progress */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) if (err == -EINPROGRESS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) return -EIOCBQUEUED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) sock_put(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) /* Synchronous operation */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) aead_request_set_callback(&areq->cra_u.aead_req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) CRYPTO_TFM_REQ_MAY_SLEEP |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) CRYPTO_TFM_REQ_MAY_BACKLOG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) crypto_req_done, &ctx->wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) err = crypto_wait_req(ctx->enc ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) crypto_aead_encrypt(&areq->cra_u.aead_req) :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) crypto_aead_decrypt(&areq->cra_u.aead_req),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) &ctx->wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) af_alg_free_resources(areq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) return err ? err : outlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) static int aead_recvmsg(struct socket *sock, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) size_t ignored, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) while (msg_data_left(msg)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) int err = _aead_recvmsg(sock, msg, ignored, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) * This error covers -EIOCBQUEUED which implies that we can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) * only handle one AIO request. If the caller wants to have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) * multiple AIO requests in parallel, he must make multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) * separate AIO calls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) * Also return the error if no data has been processed so far.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) if (err <= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) if (err == -EIOCBQUEUED || err == -EBADMSG || !ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) ret = err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) ret += err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) af_alg_wmem_wakeup(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) release_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) static struct proto_ops algif_aead_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) .family = PF_ALG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) .connect = sock_no_connect,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) .socketpair = sock_no_socketpair,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) .getname = sock_no_getname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) .ioctl = sock_no_ioctl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) .listen = sock_no_listen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) .shutdown = sock_no_shutdown,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) .mmap = sock_no_mmap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) .bind = sock_no_bind,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) .accept = sock_no_accept,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) .release = af_alg_release,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) .sendmsg = aead_sendmsg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) .sendpage = af_alg_sendpage,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) .recvmsg = aead_recvmsg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) .poll = af_alg_poll,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) static int aead_check_key(struct socket *sock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) struct sock *psk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) struct alg_sock *pask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) struct aead_tfm *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) struct alg_sock *ask = alg_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) lock_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) if (!atomic_read(&ask->nokey_refcnt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) goto unlock_child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) psk = ask->parent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) pask = alg_sk(ask->parent);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) tfm = pask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) err = -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) atomic_dec(&pask->nokey_refcnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) atomic_set(&ask->nokey_refcnt, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) release_sock(psk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) unlock_child:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) release_sock(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) size_t size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) err = aead_check_key(sock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) return aead_sendmsg(sock, msg, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) int offset, size_t size, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) err = aead_check_key(sock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) return af_alg_sendpage(sock, page, offset, size, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) size_t ignored, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) err = aead_check_key(sock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) return aead_recvmsg(sock, msg, ignored, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) static struct proto_ops algif_aead_ops_nokey = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) .family = PF_ALG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) .connect = sock_no_connect,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) .socketpair = sock_no_socketpair,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) .getname = sock_no_getname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) .ioctl = sock_no_ioctl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) .listen = sock_no_listen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) .shutdown = sock_no_shutdown,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) .mmap = sock_no_mmap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) .bind = sock_no_bind,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) .accept = sock_no_accept,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) .release = af_alg_release,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) .sendmsg = aead_sendmsg_nokey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) .sendpage = aead_sendpage_nokey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) .recvmsg = aead_recvmsg_nokey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) .poll = af_alg_poll,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) static void *aead_bind(const char *name, u32 type, u32 mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) struct aead_tfm *tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) struct crypto_aead *aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) struct crypto_sync_skcipher *null_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) if (!tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) return ERR_PTR(-ENOMEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) aead = crypto_alloc_aead(name, type, mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) if (IS_ERR(aead)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) kfree(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) return ERR_CAST(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) null_tfm = crypto_get_default_null_skcipher();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) if (IS_ERR(null_tfm)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) crypto_free_aead(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) kfree(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) return ERR_CAST(null_tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) tfm->aead = aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) tfm->null_tfm = null_tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) return tfm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) static void aead_release(void *private)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) struct aead_tfm *tfm = private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) crypto_free_aead(tfm->aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) crypto_put_default_null_skcipher();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) kfree(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) static int aead_setauthsize(void *private, unsigned int authsize)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) struct aead_tfm *tfm = private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) return crypto_aead_setauthsize(tfm->aead, authsize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) struct aead_tfm *tfm = private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) return crypto_aead_setkey(tfm->aead, key, keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) static void aead_sock_destruct(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) struct alg_sock *ask = alg_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) struct af_alg_ctx *ctx = ask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) struct sock *psk = ask->parent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) struct alg_sock *pask = alg_sk(psk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) struct aead_tfm *aeadc = pask->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) struct crypto_aead *tfm = aeadc->aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) unsigned int ivlen = crypto_aead_ivsize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) sock_kzfree_s(sk, ctx->iv, ivlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) sock_kfree_s(sk, ctx, ctx->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) af_alg_release_parent(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) static int aead_accept_parent_nokey(void *private, struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) struct af_alg_ctx *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) struct alg_sock *ask = alg_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) struct aead_tfm *tfm = private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) struct crypto_aead *aead = tfm->aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) unsigned int len = sizeof(*ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) unsigned int ivlen = crypto_aead_ivsize(aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) ctx = sock_kmalloc(sk, len, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) if (!ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) memset(ctx, 0, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) ctx->iv = sock_kmalloc(sk, ivlen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) if (!ctx->iv) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) sock_kfree_s(sk, ctx, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) memset(ctx->iv, 0, ivlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) INIT_LIST_HEAD(&ctx->tsgl_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) ctx->len = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) crypto_init_wait(&ctx->wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) ask->private = ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) sk->sk_destruct = aead_sock_destruct;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) static int aead_accept_parent(void *private, struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) struct aead_tfm *tfm = private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) return -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) return aead_accept_parent_nokey(private, sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) static const struct af_alg_type algif_type_aead = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) .bind = aead_bind,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) .release = aead_release,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) .setkey = aead_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) .setauthsize = aead_setauthsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) .accept = aead_accept_parent,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) .accept_nokey = aead_accept_parent_nokey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) .ops = &algif_aead_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) .ops_nokey = &algif_aead_ops_nokey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) .name = "aead",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) .owner = THIS_MODULE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) static int __init algif_aead_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) return af_alg_register_type(&algif_type_aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) static void __exit algif_aead_exit(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) int err = af_alg_unregister_type(&algif_type_aead);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) BUG_ON(err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) module_init(algif_aead_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) module_exit(algif_aead_exit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) MODULE_DESCRIPTION("AEAD kernel crypto API user space interface");
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags