1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * algif_hash: User-space interface for hash algorithms 4 * 5 * This file provides the user-space API for hash algorithms. 6 * 7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <crypto/hash.h> 11 #include <crypto/if_alg.h> 12 #include <linux/init.h> 13 #include <linux/kernel.h> 14 #include <linux/mm.h> 15 #include <linux/module.h> 16 #include <linux/net.h> 17 #include <net/sock.h> 18 19 struct hash_ctx { 20 struct af_alg_sgl sgl; 21 22 u8 *result; 23 24 struct crypto_wait wait; 25 26 unsigned int len; 27 bool more; 28 29 struct ahash_request req; 30 }; 31 32 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx) 33 { 34 unsigned ds; 35 36 if (ctx->result) 37 return 0; 38 39 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 40 41 ctx->result = sock_kmalloc(sk, ds, GFP_KERNEL); 42 if (!ctx->result) 43 return -ENOMEM; 44 45 memset(ctx->result, 0, ds); 46 47 return 0; 48 } 49 50 static void hash_free_result(struct sock *sk, struct hash_ctx *ctx) 51 { 52 unsigned ds; 53 54 if (!ctx->result) 55 return; 56 57 ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 58 59 sock_kzfree_s(sk, ctx->result, ds); 60 ctx->result = NULL; 61 } 62 63 static int hash_sendmsg(struct socket *sock, struct msghdr *msg, 64 size_t ignored) 65 { 66 struct sock *sk = sock->sk; 67 struct alg_sock *ask = alg_sk(sk); 68 struct hash_ctx *ctx = ask->private; 69 ssize_t copied = 0; 70 size_t len, max_pages, npages; 71 bool continuing, need_init = false; 72 int err; 73 74 max_pages = min_t(size_t, ALG_MAX_PAGES, 75 DIV_ROUND_UP(sk->sk_sndbuf, PAGE_SIZE)); 76 77 lock_sock(sk); 78 continuing = ctx->more; 79 80 if (!continuing) { 81 /* Discard a previous request that wasn't marked MSG_MORE. */ 82 hash_free_result(sk, ctx); 83 if (!msg_data_left(msg)) 84 goto done; /* Zero-length; don't start new req */ 85 need_init = true; 86 } else if (!msg_data_left(msg)) { 87 /* 88 * No data - finalise the prev req if MSG_MORE so any error 89 * comes out here. 90 */ 91 if (!(msg->msg_flags & MSG_MORE)) { 92 err = hash_alloc_result(sk, ctx); 93 if (err) 94 goto unlock_free; 95 ahash_request_set_crypt(&ctx->req, NULL, 96 ctx->result, 0); 97 err = crypto_wait_req(crypto_ahash_final(&ctx->req), 98 &ctx->wait); 99 if (err) 100 goto unlock_free; 101 } 102 goto done_more; 103 } 104 105 while (msg_data_left(msg)) { 106 ctx->sgl.sgt.sgl = ctx->sgl.sgl; 107 ctx->sgl.sgt.nents = 0; 108 ctx->sgl.sgt.orig_nents = 0; 109 110 err = -EIO; 111 npages = iov_iter_npages(&msg->msg_iter, max_pages); 112 if (npages == 0) 113 goto unlock_free; 114 115 sg_init_table(ctx->sgl.sgl, npages); 116 117 ctx->sgl.need_unpin = iov_iter_extract_will_pin(&msg->msg_iter); 118 119 err = extract_iter_to_sg(&msg->msg_iter, LONG_MAX, 120 &ctx->sgl.sgt, npages, 0); 121 if (err < 0) 122 goto unlock_free; 123 len = err; 124 sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1); 125 126 if (!msg_data_left(msg)) { 127 err = hash_alloc_result(sk, ctx); 128 if (err) 129 goto unlock_free; 130 } 131 132 ahash_request_set_crypt(&ctx->req, ctx->sgl.sgt.sgl, 133 ctx->result, len); 134 135 if (!msg_data_left(msg) && !continuing && 136 !(msg->msg_flags & MSG_MORE)) { 137 err = crypto_ahash_digest(&ctx->req); 138 } else { 139 if (need_init) { 140 err = crypto_wait_req( 141 crypto_ahash_init(&ctx->req), 142 &ctx->wait); 143 if (err) 144 goto unlock_free; 145 need_init = false; 146 } 147 148 if (msg_data_left(msg) || (msg->msg_flags & MSG_MORE)) 149 err = crypto_ahash_update(&ctx->req); 150 else 151 err = crypto_ahash_finup(&ctx->req); 152 continuing = true; 153 } 154 155 err = crypto_wait_req(err, &ctx->wait); 156 if (err) 157 goto unlock_free; 158 159 copied += len; 160 af_alg_free_sg(&ctx->sgl); 161 } 162 163 done_more: 164 ctx->more = msg->msg_flags & MSG_MORE; 165 done: 166 err = 0; 167 unlock: 168 release_sock(sk); 169 return copied ?: err; 170 171 unlock_free: 172 af_alg_free_sg(&ctx->sgl); 173 hash_free_result(sk, ctx); 174 ctx->more = false; 175 goto unlock; 176 } 177 178 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, 179 int flags) 180 { 181 struct sock *sk = sock->sk; 182 struct alg_sock *ask = alg_sk(sk); 183 struct hash_ctx *ctx = ask->private; 184 unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); 185 bool result; 186 int err; 187 188 if (len > ds) 189 len = ds; 190 else if (len < ds) 191 msg->msg_flags |= MSG_TRUNC; 192 193 lock_sock(sk); 194 result = ctx->result; 195 err = hash_alloc_result(sk, ctx); 196 if (err) 197 goto unlock; 198 199 ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); 200 201 if (!result && !ctx->more) { 202 err = crypto_wait_req(crypto_ahash_init(&ctx->req), 203 &ctx->wait); 204 if (err) 205 goto unlock; 206 } 207 208 if (!result || ctx->more) { 209 ctx->more = false; 210 err = crypto_wait_req(crypto_ahash_final(&ctx->req), 211 &ctx->wait); 212 if (err) 213 goto unlock; 214 } 215 216 err = memcpy_to_msg(msg, ctx->result, len); 217 218 unlock: 219 hash_free_result(sk, ctx); 220 release_sock(sk); 221 222 return err ?: len; 223 } 224 225 static int hash_accept(struct socket *sock, struct socket *newsock, int flags, 226 bool kern) 227 { 228 struct sock *sk = sock->sk; 229 struct alg_sock *ask = alg_sk(sk); 230 struct hash_ctx *ctx = ask->private; 231 struct ahash_request *req = &ctx->req; 232 struct crypto_ahash *tfm; 233 struct sock *sk2; 234 struct alg_sock *ask2; 235 struct hash_ctx *ctx2; 236 char *state; 237 bool more; 238 int err; 239 240 tfm = crypto_ahash_reqtfm(req); 241 state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL); 242 err = -ENOMEM; 243 if (!state) 244 goto out; 245 246 lock_sock(sk); 247 more = ctx->more; 248 err = more ? crypto_ahash_export(req, state) : 0; 249 release_sock(sk); 250 251 if (err) 252 goto out_free_state; 253 254 err = af_alg_accept(ask->parent, newsock, kern); 255 if (err) 256 goto out_free_state; 257 258 sk2 = newsock->sk; 259 ask2 = alg_sk(sk2); 260 ctx2 = ask2->private; 261 ctx2->more = more; 262 263 if (!more) 264 goto out_free_state; 265 266 err = crypto_ahash_import(&ctx2->req, state); 267 if (err) { 268 sock_orphan(sk2); 269 sock_put(sk2); 270 } 271 272 out_free_state: 273 kfree_sensitive(state); 274 275 out: 276 return err; 277 } 278 279 static struct proto_ops algif_hash_ops = { 280 .family = PF_ALG, 281 282 .connect = sock_no_connect, 283 .socketpair = sock_no_socketpair, 284 .getname = sock_no_getname, 285 .ioctl = sock_no_ioctl, 286 .listen = sock_no_listen, 287 .shutdown = sock_no_shutdown, 288 .mmap = sock_no_mmap, 289 .bind = sock_no_bind, 290 291 .release = af_alg_release, 292 .sendmsg = hash_sendmsg, 293 .recvmsg = hash_recvmsg, 294 .accept = hash_accept, 295 }; 296 297 static int hash_check_key(struct socket *sock) 298 { 299 int err = 0; 300 struct sock *psk; 301 struct alg_sock *pask; 302 struct crypto_ahash *tfm; 303 struct sock *sk = sock->sk; 304 struct alg_sock *ask = alg_sk(sk); 305 306 lock_sock(sk); 307 if (!atomic_read(&ask->nokey_refcnt)) 308 goto unlock_child; 309 310 psk = ask->parent; 311 pask = alg_sk(ask->parent); 312 tfm = pask->private; 313 314 err = -ENOKEY; 315 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 316 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 317 goto unlock; 318 319 atomic_dec(&pask->nokey_refcnt); 320 atomic_set(&ask->nokey_refcnt, 0); 321 322 err = 0; 323 324 unlock: 325 release_sock(psk); 326 unlock_child: 327 release_sock(sk); 328 329 return err; 330 } 331 332 static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg, 333 size_t size) 334 { 335 int err; 336 337 err = hash_check_key(sock); 338 if (err) 339 return err; 340 341 return hash_sendmsg(sock, msg, size); 342 } 343 344 static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg, 345 size_t ignored, int flags) 346 { 347 int err; 348 349 err = hash_check_key(sock); 350 if (err) 351 return err; 352 353 return hash_recvmsg(sock, msg, ignored, flags); 354 } 355 356 static int hash_accept_nokey(struct socket *sock, struct socket *newsock, 357 int flags, bool kern) 358 { 359 int err; 360 361 err = hash_check_key(sock); 362 if (err) 363 return err; 364 365 return hash_accept(sock, newsock, flags, kern); 366 } 367 368 static struct proto_ops algif_hash_ops_nokey = { 369 .family = PF_ALG, 370 371 .connect = sock_no_connect, 372 .socketpair = sock_no_socketpair, 373 .getname = sock_no_getname, 374 .ioctl = sock_no_ioctl, 375 .listen = sock_no_listen, 376 .shutdown = sock_no_shutdown, 377 .mmap = sock_no_mmap, 378 .bind = sock_no_bind, 379 380 .release = af_alg_release, 381 .sendmsg = hash_sendmsg_nokey, 382 .recvmsg = hash_recvmsg_nokey, 383 .accept = hash_accept_nokey, 384 }; 385 386 static void *hash_bind(const char *name, u32 type, u32 mask) 387 { 388 return crypto_alloc_ahash(name, type, mask); 389 } 390 391 static void hash_release(void *private) 392 { 393 crypto_free_ahash(private); 394 } 395 396 static int hash_setkey(void *private, const u8 *key, unsigned int keylen) 397 { 398 return crypto_ahash_setkey(private, key, keylen); 399 } 400 401 static void hash_sock_destruct(struct sock *sk) 402 { 403 struct alg_sock *ask = alg_sk(sk); 404 struct hash_ctx *ctx = ask->private; 405 406 hash_free_result(sk, ctx); 407 sock_kfree_s(sk, ctx, ctx->len); 408 af_alg_release_parent(sk); 409 } 410 411 static int hash_accept_parent_nokey(void *private, struct sock *sk) 412 { 413 struct crypto_ahash *tfm = private; 414 struct alg_sock *ask = alg_sk(sk); 415 struct hash_ctx *ctx; 416 unsigned int len = sizeof(*ctx) + crypto_ahash_reqsize(tfm); 417 418 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 419 if (!ctx) 420 return -ENOMEM; 421 422 ctx->result = NULL; 423 ctx->len = len; 424 ctx->more = false; 425 crypto_init_wait(&ctx->wait); 426 427 ask->private = ctx; 428 429 ahash_request_set_tfm(&ctx->req, tfm); 430 ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, 431 crypto_req_done, &ctx->wait); 432 433 sk->sk_destruct = hash_sock_destruct; 434 435 return 0; 436 } 437 438 static int hash_accept_parent(void *private, struct sock *sk) 439 { 440 struct crypto_ahash *tfm = private; 441 442 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 443 return -ENOKEY; 444 445 return hash_accept_parent_nokey(private, sk); 446 } 447 448 static const struct af_alg_type algif_type_hash = { 449 .bind = hash_bind, 450 .release = hash_release, 451 .setkey = hash_setkey, 452 .accept = hash_accept_parent, 453 .accept_nokey = hash_accept_parent_nokey, 454 .ops = &algif_hash_ops, 455 .ops_nokey = &algif_hash_ops_nokey, 456 .name = "hash", 457 .owner = THIS_MODULE 458 }; 459 460 static int __init algif_hash_init(void) 461 { 462 return af_alg_register_type(&algif_type_hash); 463 } 464 465 static void __exit algif_hash_exit(void) 466 { 467 int err = af_alg_unregister_type(&algif_type_hash); 468 BUG_ON(err); 469 } 470 471 module_init(algif_hash_init); 472 module_exit(algif_hash_exit); 473 MODULE_LICENSE("GPL"); 474