1 /* 2 * algif_aead: User-space interface for AEAD algorithms 3 * 4 * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> 5 * 6 * This file provides the user-space API for AEAD ciphers. 7 * 8 * This file is derived from algif_skcipher.c. 9 * 10 * This program is free software; you can redistribute it and/or modify it 11 * under the terms of the GNU General Public License as published by the Free 12 * Software Foundation; either version 2 of the License, or (at your option) 13 * any later version. 14 */ 15 16 #include <crypto/internal/aead.h> 17 #include <crypto/scatterwalk.h> 18 #include <crypto/if_alg.h> 19 #include <linux/init.h> 20 #include <linux/list.h> 21 #include <linux/kernel.h> 22 #include <linux/mm.h> 23 #include <linux/module.h> 24 #include <linux/net.h> 25 #include <net/sock.h> 26 27 struct aead_sg_list { 28 unsigned int cur; 29 struct scatterlist sg[ALG_MAX_PAGES]; 30 }; 31 32 struct aead_async_rsgl { 33 struct af_alg_sgl sgl; 34 struct list_head list; 35 }; 36 37 struct aead_async_req { 38 struct scatterlist *tsgl; 39 struct aead_async_rsgl first_rsgl; 40 struct list_head list; 41 struct kiocb *iocb; 42 unsigned int tsgls; 43 char iv[]; 44 }; 45 46 struct aead_ctx { 47 struct aead_sg_list tsgl; 48 struct aead_async_rsgl first_rsgl; 49 struct list_head list; 50 51 void *iv; 52 53 struct af_alg_completion completion; 54 55 unsigned long used; 56 57 unsigned int len; 58 bool more; 59 bool merge; 60 bool enc; 61 62 size_t aead_assoclen; 63 struct aead_request aead_req; 64 }; 65 66 static inline int aead_sndbuf(struct sock *sk) 67 { 68 struct alg_sock *ask = alg_sk(sk); 69 struct aead_ctx *ctx = ask->private; 70 71 return max_t(int, max_t(int, sk->sk_sndbuf & PAGE_MASK, PAGE_SIZE) - 72 ctx->used, 0); 73 } 74 75 static inline bool aead_writable(struct sock *sk) 76 { 77 return PAGE_SIZE <= aead_sndbuf(sk); 78 } 79 80 static inline bool aead_sufficient_data(struct aead_ctx *ctx) 81 { 82 unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(&ctx->aead_req)); 83 84 return ctx->used >= ctx->aead_assoclen + as; 85 } 86 87 static void aead_reset_ctx(struct aead_ctx *ctx) 88 { 89 struct aead_sg_list *sgl = &ctx->tsgl; 90 91 sg_init_table(sgl->sg, ALG_MAX_PAGES); 92 sgl->cur = 0; 93 ctx->used = 0; 94 ctx->more = 0; 95 ctx->merge = 0; 96 } 97 98 static void aead_put_sgl(struct sock *sk) 99 { 100 struct alg_sock *ask = alg_sk(sk); 101 struct aead_ctx *ctx = ask->private; 102 struct aead_sg_list *sgl = &ctx->tsgl; 103 struct scatterlist *sg = sgl->sg; 104 unsigned int i; 105 106 for (i = 0; i < sgl->cur; i++) { 107 if (!sg_page(sg + i)) 108 continue; 109 110 put_page(sg_page(sg + i)); 111 sg_assign_page(sg + i, NULL); 112 } 113 aead_reset_ctx(ctx); 114 } 115 116 static void aead_wmem_wakeup(struct sock *sk) 117 { 118 struct socket_wq *wq; 119 120 if (!aead_writable(sk)) 121 return; 122 123 rcu_read_lock(); 124 wq = rcu_dereference(sk->sk_wq); 125 if (skwq_has_sleeper(wq)) 126 wake_up_interruptible_sync_poll(&wq->wait, POLLIN | 127 POLLRDNORM | 128 POLLRDBAND); 129 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 130 rcu_read_unlock(); 131 } 132 133 static int aead_wait_for_data(struct sock *sk, unsigned flags) 134 { 135 struct alg_sock *ask = alg_sk(sk); 136 struct aead_ctx *ctx = ask->private; 137 long timeout; 138 DEFINE_WAIT(wait); 139 int err = -ERESTARTSYS; 140 141 if (flags & MSG_DONTWAIT) 142 return -EAGAIN; 143 144 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 145 146 for (;;) { 147 if (signal_pending(current)) 148 break; 149 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); 150 timeout = MAX_SCHEDULE_TIMEOUT; 151 if (sk_wait_event(sk, &timeout, !ctx->more)) { 152 err = 0; 153 break; 154 } 155 } 156 finish_wait(sk_sleep(sk), &wait); 157 158 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 159 160 return err; 161 } 162 163 static void aead_data_wakeup(struct sock *sk) 164 { 165 struct alg_sock *ask = alg_sk(sk); 166 struct aead_ctx *ctx = ask->private; 167 struct socket_wq *wq; 168 169 if (ctx->more) 170 return; 171 if (!ctx->used) 172 return; 173 174 rcu_read_lock(); 175 wq = rcu_dereference(sk->sk_wq); 176 if (skwq_has_sleeper(wq)) 177 wake_up_interruptible_sync_poll(&wq->wait, POLLOUT | 178 POLLRDNORM | 179 POLLRDBAND); 180 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 181 rcu_read_unlock(); 182 } 183 184 static int aead_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) 185 { 186 struct sock *sk = sock->sk; 187 struct alg_sock *ask = alg_sk(sk); 188 struct aead_ctx *ctx = ask->private; 189 unsigned ivsize = 190 crypto_aead_ivsize(crypto_aead_reqtfm(&ctx->aead_req)); 191 struct aead_sg_list *sgl = &ctx->tsgl; 192 struct af_alg_control con = {}; 193 long copied = 0; 194 bool enc = 0; 195 bool init = 0; 196 int err = -EINVAL; 197 198 if (msg->msg_controllen) { 199 err = af_alg_cmsg_send(msg, &con); 200 if (err) 201 return err; 202 203 init = 1; 204 switch (con.op) { 205 case ALG_OP_ENCRYPT: 206 enc = 1; 207 break; 208 case ALG_OP_DECRYPT: 209 enc = 0; 210 break; 211 default: 212 return -EINVAL; 213 } 214 215 if (con.iv && con.iv->ivlen != ivsize) 216 return -EINVAL; 217 } 218 219 lock_sock(sk); 220 if (!ctx->more && ctx->used) 221 goto unlock; 222 223 if (init) { 224 ctx->enc = enc; 225 if (con.iv) 226 memcpy(ctx->iv, con.iv->iv, ivsize); 227 228 ctx->aead_assoclen = con.aead_assoclen; 229 } 230 231 while (size) { 232 size_t len = size; 233 struct scatterlist *sg = NULL; 234 235 /* use the existing memory in an allocated page */ 236 if (ctx->merge) { 237 sg = sgl->sg + sgl->cur - 1; 238 len = min_t(unsigned long, len, 239 PAGE_SIZE - sg->offset - sg->length); 240 err = memcpy_from_msg(page_address(sg_page(sg)) + 241 sg->offset + sg->length, 242 msg, len); 243 if (err) 244 goto unlock; 245 246 sg->length += len; 247 ctx->merge = (sg->offset + sg->length) & 248 (PAGE_SIZE - 1); 249 250 ctx->used += len; 251 copied += len; 252 size -= len; 253 continue; 254 } 255 256 if (!aead_writable(sk)) { 257 /* user space sent too much data */ 258 aead_put_sgl(sk); 259 err = -EMSGSIZE; 260 goto unlock; 261 } 262 263 /* allocate a new page */ 264 len = min_t(unsigned long, size, aead_sndbuf(sk)); 265 while (len) { 266 size_t plen = 0; 267 268 if (sgl->cur >= ALG_MAX_PAGES) { 269 aead_put_sgl(sk); 270 err = -E2BIG; 271 goto unlock; 272 } 273 274 sg = sgl->sg + sgl->cur; 275 plen = min_t(size_t, len, PAGE_SIZE); 276 277 sg_assign_page(sg, alloc_page(GFP_KERNEL)); 278 err = -ENOMEM; 279 if (!sg_page(sg)) 280 goto unlock; 281 282 err = memcpy_from_msg(page_address(sg_page(sg)), 283 msg, plen); 284 if (err) { 285 __free_page(sg_page(sg)); 286 sg_assign_page(sg, NULL); 287 goto unlock; 288 } 289 290 sg->offset = 0; 291 sg->length = plen; 292 len -= plen; 293 ctx->used += plen; 294 copied += plen; 295 sgl->cur++; 296 size -= plen; 297 ctx->merge = plen & (PAGE_SIZE - 1); 298 } 299 } 300 301 err = 0; 302 303 ctx->more = msg->msg_flags & MSG_MORE; 304 if (!ctx->more && !aead_sufficient_data(ctx)) { 305 aead_put_sgl(sk); 306 err = -EMSGSIZE; 307 } 308 309 unlock: 310 aead_data_wakeup(sk); 311 release_sock(sk); 312 313 return err ?: copied; 314 } 315 316 static ssize_t aead_sendpage(struct socket *sock, struct page *page, 317 int offset, size_t size, int flags) 318 { 319 struct sock *sk = sock->sk; 320 struct alg_sock *ask = alg_sk(sk); 321 struct aead_ctx *ctx = ask->private; 322 struct aead_sg_list *sgl = &ctx->tsgl; 323 int err = -EINVAL; 324 325 if (flags & MSG_SENDPAGE_NOTLAST) 326 flags |= MSG_MORE; 327 328 if (sgl->cur >= ALG_MAX_PAGES) 329 return -E2BIG; 330 331 lock_sock(sk); 332 if (!ctx->more && ctx->used) 333 goto unlock; 334 335 if (!size) 336 goto done; 337 338 if (!aead_writable(sk)) { 339 /* user space sent too much data */ 340 aead_put_sgl(sk); 341 err = -EMSGSIZE; 342 goto unlock; 343 } 344 345 ctx->merge = 0; 346 347 get_page(page); 348 sg_set_page(sgl->sg + sgl->cur, page, size, offset); 349 sgl->cur++; 350 ctx->used += size; 351 352 err = 0; 353 354 done: 355 ctx->more = flags & MSG_MORE; 356 if (!ctx->more && !aead_sufficient_data(ctx)) { 357 aead_put_sgl(sk); 358 err = -EMSGSIZE; 359 } 360 361 unlock: 362 aead_data_wakeup(sk); 363 release_sock(sk); 364 365 return err ?: size; 366 } 367 368 #define GET_ASYM_REQ(req, tfm) (struct aead_async_req *) \ 369 ((char *)req + sizeof(struct aead_request) + \ 370 crypto_aead_reqsize(tfm)) 371 372 #define GET_REQ_SIZE(tfm) sizeof(struct aead_async_req) + \ 373 crypto_aead_reqsize(tfm) + crypto_aead_ivsize(tfm) + \ 374 sizeof(struct aead_request) 375 376 static void aead_async_cb(struct crypto_async_request *_req, int err) 377 { 378 struct sock *sk = _req->data; 379 struct alg_sock *ask = alg_sk(sk); 380 struct aead_ctx *ctx = ask->private; 381 struct crypto_aead *tfm = crypto_aead_reqtfm(&ctx->aead_req); 382 struct aead_request *req = aead_request_cast(_req); 383 struct aead_async_req *areq = GET_ASYM_REQ(req, tfm); 384 struct scatterlist *sg = areq->tsgl; 385 struct aead_async_rsgl *rsgl; 386 struct kiocb *iocb = areq->iocb; 387 unsigned int i, reqlen = GET_REQ_SIZE(tfm); 388 389 list_for_each_entry(rsgl, &areq->list, list) { 390 af_alg_free_sg(&rsgl->sgl); 391 if (rsgl != &areq->first_rsgl) 392 sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 393 } 394 395 for (i = 0; i < areq->tsgls; i++) 396 put_page(sg_page(sg + i)); 397 398 sock_kfree_s(sk, areq->tsgl, sizeof(*areq->tsgl) * areq->tsgls); 399 sock_kfree_s(sk, req, reqlen); 400 __sock_put(sk); 401 iocb->ki_complete(iocb, err, err); 402 } 403 404 static int aead_recvmsg_async(struct socket *sock, struct msghdr *msg, 405 int flags) 406 { 407 struct sock *sk = sock->sk; 408 struct alg_sock *ask = alg_sk(sk); 409 struct aead_ctx *ctx = ask->private; 410 struct crypto_aead *tfm = crypto_aead_reqtfm(&ctx->aead_req); 411 struct aead_async_req *areq; 412 struct aead_request *req = NULL; 413 struct aead_sg_list *sgl = &ctx->tsgl; 414 struct aead_async_rsgl *last_rsgl = NULL, *rsgl; 415 unsigned int as = crypto_aead_authsize(tfm); 416 unsigned int i, reqlen = GET_REQ_SIZE(tfm); 417 int err = -ENOMEM; 418 unsigned long used; 419 size_t outlen; 420 size_t usedpages = 0; 421 422 lock_sock(sk); 423 if (ctx->more) { 424 err = aead_wait_for_data(sk, flags); 425 if (err) 426 goto unlock; 427 } 428 429 used = ctx->used; 430 outlen = used; 431 432 if (!aead_sufficient_data(ctx)) 433 goto unlock; 434 435 req = sock_kmalloc(sk, reqlen, GFP_KERNEL); 436 if (unlikely(!req)) 437 goto unlock; 438 439 areq = GET_ASYM_REQ(req, tfm); 440 memset(&areq->first_rsgl, '\0', sizeof(areq->first_rsgl)); 441 INIT_LIST_HEAD(&areq->list); 442 areq->iocb = msg->msg_iocb; 443 memcpy(areq->iv, ctx->iv, crypto_aead_ivsize(tfm)); 444 aead_request_set_tfm(req, tfm); 445 aead_request_set_ad(req, ctx->aead_assoclen); 446 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 447 aead_async_cb, sk); 448 used -= ctx->aead_assoclen + (ctx->enc ? as : 0); 449 450 /* take over all tx sgls from ctx */ 451 areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * sgl->cur, 452 GFP_KERNEL); 453 if (unlikely(!areq->tsgl)) 454 goto free; 455 456 sg_init_table(areq->tsgl, sgl->cur); 457 for (i = 0; i < sgl->cur; i++) 458 sg_set_page(&areq->tsgl[i], sg_page(&sgl->sg[i]), 459 sgl->sg[i].length, sgl->sg[i].offset); 460 461 areq->tsgls = sgl->cur; 462 463 /* create rx sgls */ 464 while (iov_iter_count(&msg->msg_iter)) { 465 size_t seglen = min_t(size_t, iov_iter_count(&msg->msg_iter), 466 (outlen - usedpages)); 467 468 if (list_empty(&areq->list)) { 469 rsgl = &areq->first_rsgl; 470 471 } else { 472 rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 473 if (unlikely(!rsgl)) { 474 err = -ENOMEM; 475 goto free; 476 } 477 } 478 rsgl->sgl.npages = 0; 479 list_add_tail(&rsgl->list, &areq->list); 480 481 /* make one iovec available as scatterlist */ 482 err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 483 if (err < 0) 484 goto free; 485 486 usedpages += err; 487 488 /* chain the new scatterlist with previous one */ 489 if (last_rsgl) 490 af_alg_link_sg(&last_rsgl->sgl, &rsgl->sgl); 491 492 last_rsgl = rsgl; 493 494 /* we do not need more iovecs as we have sufficient memory */ 495 if (outlen <= usedpages) 496 break; 497 498 iov_iter_advance(&msg->msg_iter, err); 499 } 500 err = -EINVAL; 501 /* ensure output buffer is sufficiently large */ 502 if (usedpages < outlen) 503 goto free; 504 505 aead_request_set_crypt(req, areq->tsgl, areq->first_rsgl.sgl.sg, used, 506 areq->iv); 507 err = ctx->enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); 508 if (err) { 509 if (err == -EINPROGRESS) { 510 sock_hold(sk); 511 err = -EIOCBQUEUED; 512 aead_reset_ctx(ctx); 513 goto unlock; 514 } else if (err == -EBADMSG) { 515 aead_put_sgl(sk); 516 } 517 goto free; 518 } 519 aead_put_sgl(sk); 520 521 free: 522 list_for_each_entry(rsgl, &areq->list, list) { 523 af_alg_free_sg(&rsgl->sgl); 524 if (rsgl != &areq->first_rsgl) 525 sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 526 } 527 if (areq->tsgl) 528 sock_kfree_s(sk, areq->tsgl, sizeof(*areq->tsgl) * areq->tsgls); 529 if (req) 530 sock_kfree_s(sk, req, reqlen); 531 unlock: 532 aead_wmem_wakeup(sk); 533 release_sock(sk); 534 return err ? err : outlen; 535 } 536 537 static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags) 538 { 539 struct sock *sk = sock->sk; 540 struct alg_sock *ask = alg_sk(sk); 541 struct aead_ctx *ctx = ask->private; 542 unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(&ctx->aead_req)); 543 struct aead_sg_list *sgl = &ctx->tsgl; 544 struct aead_async_rsgl *last_rsgl = NULL; 545 struct aead_async_rsgl *rsgl, *tmp; 546 int err = -EINVAL; 547 unsigned long used = 0; 548 size_t outlen = 0; 549 size_t usedpages = 0; 550 551 lock_sock(sk); 552 553 /* 554 * AEAD memory structure: For encryption, the tag is appended to the 555 * ciphertext which implies that the memory allocated for the ciphertext 556 * must be increased by the tag length. For decryption, the tag 557 * is expected to be concatenated to the ciphertext. The plaintext 558 * therefore has a memory size of the ciphertext minus the tag length. 559 * 560 * The memory structure for cipher operation has the following 561 * structure: 562 * AEAD encryption input: assoc data || plaintext 563 * AEAD encryption output: cipherntext || auth tag 564 * AEAD decryption input: assoc data || ciphertext || auth tag 565 * AEAD decryption output: plaintext 566 */ 567 568 if (ctx->more) { 569 err = aead_wait_for_data(sk, flags); 570 if (err) 571 goto unlock; 572 } 573 574 used = ctx->used; 575 576 /* 577 * Make sure sufficient data is present -- note, the same check is 578 * is also present in sendmsg/sendpage. The checks in sendpage/sendmsg 579 * shall provide an information to the data sender that something is 580 * wrong, but they are irrelevant to maintain the kernel integrity. 581 * We need this check here too in case user space decides to not honor 582 * the error message in sendmsg/sendpage and still call recvmsg. This 583 * check here protects the kernel integrity. 584 */ 585 if (!aead_sufficient_data(ctx)) 586 goto unlock; 587 588 outlen = used; 589 590 /* 591 * The cipher operation input data is reduced by the associated data 592 * length as this data is processed separately later on. 593 */ 594 used -= ctx->aead_assoclen + (ctx->enc ? as : 0); 595 596 /* convert iovecs of output buffers into scatterlists */ 597 while (iov_iter_count(&msg->msg_iter)) { 598 size_t seglen = min_t(size_t, iov_iter_count(&msg->msg_iter), 599 (outlen - usedpages)); 600 601 if (list_empty(&ctx->list)) { 602 rsgl = &ctx->first_rsgl; 603 } else { 604 rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 605 if (unlikely(!rsgl)) { 606 err = -ENOMEM; 607 goto unlock; 608 } 609 } 610 rsgl->sgl.npages = 0; 611 list_add_tail(&rsgl->list, &ctx->list); 612 613 /* make one iovec available as scatterlist */ 614 err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 615 if (err < 0) 616 goto unlock; 617 usedpages += err; 618 /* chain the new scatterlist with previous one */ 619 if (last_rsgl) 620 af_alg_link_sg(&last_rsgl->sgl, &rsgl->sgl); 621 622 last_rsgl = rsgl; 623 624 /* we do not need more iovecs as we have sufficient memory */ 625 if (outlen <= usedpages) 626 break; 627 iov_iter_advance(&msg->msg_iter, err); 628 } 629 630 err = -EINVAL; 631 /* ensure output buffer is sufficiently large */ 632 if (usedpages < outlen) 633 goto unlock; 634 635 sg_mark_end(sgl->sg + sgl->cur - 1); 636 aead_request_set_crypt(&ctx->aead_req, sgl->sg, ctx->first_rsgl.sgl.sg, 637 used, ctx->iv); 638 aead_request_set_ad(&ctx->aead_req, ctx->aead_assoclen); 639 640 err = af_alg_wait_for_completion(ctx->enc ? 641 crypto_aead_encrypt(&ctx->aead_req) : 642 crypto_aead_decrypt(&ctx->aead_req), 643 &ctx->completion); 644 645 if (err) { 646 /* EBADMSG implies a valid cipher operation took place */ 647 if (err == -EBADMSG) 648 aead_put_sgl(sk); 649 650 goto unlock; 651 } 652 653 aead_put_sgl(sk); 654 err = 0; 655 656 unlock: 657 list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) { 658 af_alg_free_sg(&rsgl->sgl); 659 if (rsgl != &ctx->first_rsgl) 660 sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 661 list_del(&rsgl->list); 662 } 663 INIT_LIST_HEAD(&ctx->list); 664 aead_wmem_wakeup(sk); 665 release_sock(sk); 666 667 return err ? err : outlen; 668 } 669 670 static int aead_recvmsg(struct socket *sock, struct msghdr *msg, size_t ignored, 671 int flags) 672 { 673 return (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) ? 674 aead_recvmsg_async(sock, msg, flags) : 675 aead_recvmsg_sync(sock, msg, flags); 676 } 677 678 static unsigned int aead_poll(struct file *file, struct socket *sock, 679 poll_table *wait) 680 { 681 struct sock *sk = sock->sk; 682 struct alg_sock *ask = alg_sk(sk); 683 struct aead_ctx *ctx = ask->private; 684 unsigned int mask; 685 686 sock_poll_wait(file, sk_sleep(sk), wait); 687 mask = 0; 688 689 if (!ctx->more) 690 mask |= POLLIN | POLLRDNORM; 691 692 if (aead_writable(sk)) 693 mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 694 695 return mask; 696 } 697 698 static struct proto_ops algif_aead_ops = { 699 .family = PF_ALG, 700 701 .connect = sock_no_connect, 702 .socketpair = sock_no_socketpair, 703 .getname = sock_no_getname, 704 .ioctl = sock_no_ioctl, 705 .listen = sock_no_listen, 706 .shutdown = sock_no_shutdown, 707 .getsockopt = sock_no_getsockopt, 708 .mmap = sock_no_mmap, 709 .bind = sock_no_bind, 710 .accept = sock_no_accept, 711 .setsockopt = sock_no_setsockopt, 712 713 .release = af_alg_release, 714 .sendmsg = aead_sendmsg, 715 .sendpage = aead_sendpage, 716 .recvmsg = aead_recvmsg, 717 .poll = aead_poll, 718 }; 719 720 static void *aead_bind(const char *name, u32 type, u32 mask) 721 { 722 return crypto_alloc_aead(name, type, mask); 723 } 724 725 static void aead_release(void *private) 726 { 727 crypto_free_aead(private); 728 } 729 730 static int aead_setauthsize(void *private, unsigned int authsize) 731 { 732 return crypto_aead_setauthsize(private, authsize); 733 } 734 735 static int aead_setkey(void *private, const u8 *key, unsigned int keylen) 736 { 737 return crypto_aead_setkey(private, key, keylen); 738 } 739 740 static void aead_sock_destruct(struct sock *sk) 741 { 742 struct alg_sock *ask = alg_sk(sk); 743 struct aead_ctx *ctx = ask->private; 744 unsigned int ivlen = crypto_aead_ivsize( 745 crypto_aead_reqtfm(&ctx->aead_req)); 746 747 WARN_ON(atomic_read(&sk->sk_refcnt) != 0); 748 aead_put_sgl(sk); 749 sock_kzfree_s(sk, ctx->iv, ivlen); 750 sock_kfree_s(sk, ctx, ctx->len); 751 af_alg_release_parent(sk); 752 } 753 754 static int aead_accept_parent(void *private, struct sock *sk) 755 { 756 struct aead_ctx *ctx; 757 struct alg_sock *ask = alg_sk(sk); 758 unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(private); 759 unsigned int ivlen = crypto_aead_ivsize(private); 760 761 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 762 if (!ctx) 763 return -ENOMEM; 764 memset(ctx, 0, len); 765 766 ctx->iv = sock_kmalloc(sk, ivlen, GFP_KERNEL); 767 if (!ctx->iv) { 768 sock_kfree_s(sk, ctx, len); 769 return -ENOMEM; 770 } 771 memset(ctx->iv, 0, ivlen); 772 773 ctx->len = len; 774 ctx->used = 0; 775 ctx->more = 0; 776 ctx->merge = 0; 777 ctx->enc = 0; 778 ctx->tsgl.cur = 0; 779 ctx->aead_assoclen = 0; 780 af_alg_init_completion(&ctx->completion); 781 sg_init_table(ctx->tsgl.sg, ALG_MAX_PAGES); 782 INIT_LIST_HEAD(&ctx->list); 783 784 ask->private = ctx; 785 786 aead_request_set_tfm(&ctx->aead_req, private); 787 aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, 788 af_alg_complete, &ctx->completion); 789 790 sk->sk_destruct = aead_sock_destruct; 791 792 return 0; 793 } 794 795 static const struct af_alg_type algif_type_aead = { 796 .bind = aead_bind, 797 .release = aead_release, 798 .setkey = aead_setkey, 799 .setauthsize = aead_setauthsize, 800 .accept = aead_accept_parent, 801 .ops = &algif_aead_ops, 802 .name = "aead", 803 .owner = THIS_MODULE 804 }; 805 806 static int __init algif_aead_init(void) 807 { 808 return af_alg_register_type(&algif_type_aead); 809 } 810 811 static void __exit algif_aead_exit(void) 812 { 813 int err = af_alg_unregister_type(&algif_type_aead); 814 BUG_ON(err); 815 } 816 817 module_init(algif_aead_init); 818 module_exit(algif_aead_exit); 819 MODULE_LICENSE("GPL"); 820 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); 821 MODULE_DESCRIPTION("AEAD kernel crypto API user space interface"); 822