2 * algif_kpp: User-space interface for key protocol primitives algorithms
4 * Copyright (C) 2018 - 2020, Stephan Mueller <smueller@chronox.de>
6 * This file provides the user-space API for key protocol primitives.
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
13 * The following concept of the memory management is used:
15 * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
16 * filled by user space with the data submitted via sendpage/sendmsg. Filling
17 * up the TX SGL does not cause a crypto operation -- the data will only be
18 * tracked by the kernel. Upon receipt of one recvmsg call, the caller must
19 * provide a buffer which is tracked with the RX SGL.
21 * During the processing of the recvmsg operation, the cipher request is
22 * allocated and prepared. As part of the recvmsg operation, the processed
23 * TX buffers are extracted from the TX SGL into a separate SGL.
25 * After the completion of the crypto operation, the RX SGL and the cipher
26 * request is released. The extracted TX SGL parts are released together with
30 #include <crypto/dh.h>
31 #include <crypto/ecdh.h>
32 #include <crypto/kpp.h>
33 #include <crypto/rng.h>
34 #include <crypto/if_alg.h>
35 #include <crypto/scatterwalk.h>
36 #include <linux/init.h>
37 #include <linux/kernel.h>
38 #include <linux/list.h>
40 #include <linux/module.h>
41 #include <linux/net.h>
45 struct crypto_kpp *kpp;
48 #define KPP_NO_PARAMS 0
49 #define KPP_DH_PARAMS 1
50 #define KPP_ECDH_PARAMS 2
51 int has_params; /* Type of KPP mechanism */
54 static int kpp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
56 return af_alg_sendmsg(sock, msg, size, 0);
59 static inline int kpp_cipher_op(struct af_alg_ctx *ctx,
60 struct af_alg_async_req *areq)
64 return crypto_kpp_generate_public_key(&areq->cra_u.kpp_req);
66 return crypto_kpp_compute_shared_secret(&areq->cra_u.kpp_req);
72 static int _kpp_recvmsg(struct socket *sock, struct msghdr *msg,
73 size_t ignored, int flags)
75 struct sock *sk = sock->sk;
76 struct alg_sock *ask = alg_sk(sk);
77 struct sock *psk = ask->parent;
78 struct alg_sock *pask = alg_sk(psk);
79 struct af_alg_ctx *ctx = ask->private;
80 struct kpp_tfm *kpp = pask->private;
81 struct crypto_kpp *tfm = kpp->kpp;
82 struct af_alg_async_req *areq;
89 err = af_alg_wait_for_data(sk, flags, 0);
94 maxsize = crypto_kpp_maxsize(tfm);
98 /* Allocate cipher request for current operation. */
99 areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
100 crypto_kpp_reqsize(tfm));
102 return PTR_ERR(areq);
104 /* convert iovecs of output buffers into RX SGL */
105 err = af_alg_get_rsgl(sk, msg, flags, areq, maxsize, &len);
109 /* ensure output buffer is sufficiently large */
116 * Create a per request TX SGL for this request which tracks the
117 * SG entries from the global TX SGL.
119 if (ctx->op == ALG_OP_SSGEN) {
122 areq->tsgl_entries = af_alg_count_tsgl(sk, used, 0);
123 if (!areq->tsgl_entries)
124 areq->tsgl_entries = 1;
125 areq->tsgl = sock_kmalloc(
126 sk, sizeof(*areq->tsgl) * areq->tsgl_entries,
132 sg_init_table(areq->tsgl, areq->tsgl_entries);
133 af_alg_pull_tsgl(sk, used, areq->tsgl, 0);
136 /* Initialize the crypto operation */
137 kpp_request_set_input(&areq->cra_u.kpp_req, areq->tsgl, used);
138 kpp_request_set_output(&areq->cra_u.kpp_req, areq->first_rsgl.sgl.sg,
140 kpp_request_set_tfm(&areq->cra_u.kpp_req, tfm);
142 if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
145 areq->iocb = msg->msg_iocb;
147 /* Remember output size that will be generated. */
150 kpp_request_set_callback(&areq->cra_u.kpp_req,
151 CRYPTO_TFM_REQ_MAY_SLEEP,
152 af_alg_async_cb, areq);
153 err = kpp_cipher_op(ctx, areq);
155 /* AIO operation in progress */
156 if (err == -EINPROGRESS || err == -EBUSY)
161 /* Synchronous operation */
162 kpp_request_set_callback(&areq->cra_u.kpp_req,
163 CRYPTO_TFM_REQ_MAY_SLEEP |
164 CRYPTO_TFM_REQ_MAY_BACKLOG,
167 err = crypto_wait_req(kpp_cipher_op(ctx, areq), &ctx->wait);
171 af_alg_free_resources(areq);
173 return err ? err : len;
176 static int kpp_recvmsg(struct socket *sock, struct msghdr *msg,
177 size_t ignored, int flags)
179 struct sock *sk = sock->sk;
180 struct alg_sock *ask = alg_sk(sk);
181 struct sock *psk = ask->parent;
182 struct alg_sock *pask = alg_sk(psk);
183 struct kpp_tfm *kpp = pask->private;
184 struct crypto_kpp *tfm = kpp->kpp;
190 while (msg_data_left(msg)) {
191 err = _kpp_recvmsg(sock, msg, ignored, flags);
194 * This error covers -EIOCBQUEUED which implies that we can
195 * only handle one AIO request. If the caller wants to have
196 * multiple AIO requests in parallel, he must make multiple
197 * separate AIO calls.
200 if (err == -EIOCBQUEUED || err == -EBADMSG || !ret)
208 * The caller must provide crypto_kpp_maxsize per request.
209 * If he provides more, we conclude that multiple kpp
210 * operations are requested.
212 iov_iter_advance(&msg->msg_iter,
213 crypto_kpp_maxsize(tfm) - err);
218 af_alg_wmem_wakeup(sk);
223 static struct proto_ops algif_kpp_ops = {
226 .connect = sock_no_connect,
227 .socketpair = sock_no_socketpair,
228 .getname = sock_no_getname,
229 .ioctl = sock_no_ioctl,
230 .listen = sock_no_listen,
231 .shutdown = sock_no_shutdown,
232 .mmap = sock_no_mmap,
233 .bind = sock_no_bind,
234 .accept = sock_no_accept,
236 .release = af_alg_release,
237 .sendmsg = kpp_sendmsg,
238 .sendpage = af_alg_sendpage,
239 .recvmsg = kpp_recvmsg,
243 static int kpp_check_key(struct socket *sock)
246 struct alg_sock *pask;
248 struct sock *sk = sock->sk;
249 struct alg_sock *ask = alg_sk(sk);
253 if (!atomic_read(&ask->refcnt))
257 pask = alg_sk(ask->parent);
260 lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
261 if (!tfm->has_key || (tfm->has_params == KPP_NO_PARAMS)) {
266 atomic_dec(&pask->refcnt);
267 atomic_set(&ask->refcnt, 0);
279 static int kpp_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
284 err = kpp_check_key(sock);
288 return kpp_sendmsg(sock, msg, size);
291 static ssize_t kpp_sendpage_nokey(struct socket *sock, struct page *page,
292 int offset, size_t size, int flags)
296 err = kpp_check_key(sock);
300 return af_alg_sendpage(sock, page, offset, size, flags);
303 static int kpp_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
304 size_t ignored, int flags)
308 err = kpp_check_key(sock);
312 return kpp_recvmsg(sock, msg, ignored, flags);
315 static struct proto_ops algif_kpp_ops_nokey = {
318 .connect = sock_no_connect,
319 .socketpair = sock_no_socketpair,
320 .getname = sock_no_getname,
321 .ioctl = sock_no_ioctl,
322 .listen = sock_no_listen,
323 .shutdown = sock_no_shutdown,
324 .mmap = sock_no_mmap,
325 .bind = sock_no_bind,
326 .accept = sock_no_accept,
328 .release = af_alg_release,
329 .sendmsg = kpp_sendmsg_nokey,
330 .sendpage = kpp_sendpage_nokey,
331 .recvmsg = kpp_recvmsg_nokey,
335 static void *kpp_bind(const char *name, u32 type, u32 mask)
338 struct crypto_kpp *kpp;
340 tfm = kmalloc(sizeof(*tfm), GFP_KERNEL);
342 return ERR_PTR(-ENOMEM);
344 kpp = crypto_alloc_kpp(name, type, mask);
347 return ERR_CAST(kpp);
351 tfm->has_key = false;
352 tfm->has_params = KPP_NO_PARAMS;
357 static void kpp_release(void *private)
359 struct kpp_tfm *tfm = private;
360 struct crypto_kpp *kpp = tfm->kpp;
362 crypto_free_kpp(kpp);
366 static int kpp_dh_set_secret(struct crypto_kpp *tfm, struct dh *params)
368 char *packed_key = NULL;
369 unsigned int packed_key_len;
372 packed_key_len = crypto_dh_key_len(params);
373 packed_key = kmalloc(packed_key_len, GFP_KERNEL);
377 ret = crypto_dh_encode_key(packed_key, packed_key_len, params);
381 ret = crypto_kpp_set_secret(tfm, packed_key, packed_key_len);
388 static int kpp_dh_set_privkey(struct crypto_kpp *tfm, const u8 *key,
400 return kpp_dh_set_secret(tfm, ¶ms);
403 static int kpp_ecdh_set_secret(struct crypto_kpp *tfm, struct ecdh *params)
405 char *packed_key = NULL;
406 unsigned int packed_key_len;
409 packed_key_len = crypto_ecdh_key_len(params);
410 packed_key = kmalloc(packed_key_len, GFP_KERNEL);
414 ret = crypto_ecdh_encode_key(packed_key, packed_key_len, params);
418 ret = crypto_kpp_set_secret(tfm, packed_key, packed_key_len);
425 static int kpp_ecdh_set_privkey(struct crypto_kpp *tfm, const u8 *key,
428 struct ecdh params = {
434 return kpp_ecdh_set_secret(tfm, ¶ms);
437 static int kpp_setprivkey(void *private, const u8 *key, unsigned int keylen)
439 struct kpp_tfm *kpp = private;
440 struct crypto_kpp *tfm = kpp->kpp;
443 if (kpp->has_params == KPP_NO_PARAMS)
446 /* The DH code cannot generate private keys. ECDH can do that */
447 if ((!key || !keylen) && (kpp->has_params == KPP_DH_PARAMS)) {
448 kpp->has_key = false;
452 switch (kpp->has_params) {
454 err = kpp_dh_set_privkey(tfm, key, keylen);
456 case KPP_ECDH_PARAMS:
457 err = kpp_ecdh_set_privkey(tfm, key, keylen);
465 /* Return the maximum size of the kpp operation. */
467 err = crypto_kpp_maxsize(tfm);
472 static int kpp_dh_setparams_pkcs3(void *private, const u8 *params,
473 unsigned int paramslen)
475 struct kpp_tfm *kpp = private;
476 struct crypto_kpp *tfm = kpp->kpp;
479 /* If parameters were already set, disallow setting them again. */
480 if (kpp->has_params != KPP_NO_PARAMS)
483 err = crypto_kpp_set_params(tfm, params, paramslen);
485 kpp->has_params = KPP_DH_PARAMS;
486 /* Return the maximum size of the kpp operation. */
487 err = crypto_kpp_maxsize(tfm);
489 kpp->has_params = KPP_NO_PARAMS;
494 static int kpp_ecdh_setcurve(void *private, const u8 *curveid,
495 unsigned int curveidlen)
497 struct kpp_tfm *kpp = private;
498 struct crypto_kpp *tfm = kpp->kpp;
500 struct ecdh params = {
505 /* If parameters were already set, disallow setting them again. */
506 if (kpp->has_params != KPP_NO_PARAMS)
509 if (curveidlen != sizeof(unsigned long))
512 err = kstrtou16(curveid, 10, ¶ms.curve_id);
516 err = kpp_ecdh_set_secret(tfm, ¶ms);
518 kpp->has_params = KPP_ECDH_PARAMS;
519 /* Return the maximum size of the kpp operation. */
520 err = crypto_kpp_maxsize(tfm);
522 kpp->has_params = KPP_NO_PARAMS;
527 static void kpp_sock_destruct(struct sock *sk)
529 struct alg_sock *ask = alg_sk(sk);
530 struct af_alg_ctx *ctx = ask->private;
532 af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
533 sock_kfree_s(sk, ctx, ctx->len);
534 af_alg_release_parent(sk);
537 static int kpp_accept_parent_nokey(void *private, struct sock *sk)
539 struct af_alg_ctx *ctx;
540 struct alg_sock *ask = alg_sk(sk);
541 unsigned int len = sizeof(*ctx);
543 ctx = sock_kmalloc(sk, len, GFP_KERNEL);
547 INIT_LIST_HEAD(&ctx->tsgl_list);
550 atomic_set(&ctx->rcvused, 0);
554 crypto_init_wait(&ctx->wait);
558 sk->sk_destruct = kpp_sock_destruct;
563 static int kpp_accept_parent(void *private, struct sock *sk)
565 struct kpp_tfm *tfm = private;
567 if (!tfm->has_key || (tfm->has_params == KPP_NO_PARAMS))
570 return kpp_accept_parent_nokey(private, sk);
573 static const struct af_alg_type algif_type_kpp = {
575 .release = kpp_release,
576 .setkey = kpp_setprivkey,
578 .dhparams = kpp_dh_setparams_pkcs3,
579 .ecdhcurve = kpp_ecdh_setcurve,
581 .accept = kpp_accept_parent,
582 .accept_nokey = kpp_accept_parent_nokey,
583 .ops = &algif_kpp_ops,
584 .ops_nokey = &algif_kpp_ops_nokey,
589 static int __init algif_kpp_init(void)
591 return af_alg_register_type(&algif_type_kpp);
594 static void __exit algif_kpp_exit(void)
596 int err = af_alg_unregister_type(&algif_type_kpp);
601 module_init(algif_kpp_init);
602 module_exit(algif_kpp_exit);
603 MODULE_LICENSE("GPL");
604 MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
605 MODULE_DESCRIPTION("Key protocol primitives kernel crypto API user space interface");
projects / platform / kernel / linux-starfive.git / blob