]>
Commit | Line | Data |
---|---|---|
400c40cf SM |
1 | /* |
2 | * algif_aead: User-space interface for AEAD algorithms | |
3 | * | |
4 | * Copyright (C) 2014, Stephan Mueller <smueller@chronox.de> | |
5 | * | |
6 | * This file provides the user-space API for AEAD ciphers. | |
7 | * | |
400c40cf SM |
8 | * This program is free software; you can redistribute it and/or modify it |
9 | * under the terms of the GNU General Public License as published by the Free | |
10 | * Software Foundation; either version 2 of the License, or (at your option) | |
11 | * any later version. | |
d887c52d SM |
12 | * |
13 | * The following concept of the memory management is used: | |
14 | * | |
15 | * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is | |
16 | * filled by user space with the data submitted via sendpage/sendmsg. Filling | |
17 | * up the TX SGL does not cause a crypto operation -- the data will only be | |
18 | * tracked by the kernel. Upon receipt of one recvmsg call, the caller must | |
19 | * provide a buffer which is tracked with the RX SGL. | |
20 | * | |
21 | * During the processing of the recvmsg operation, the cipher request is | |
22 | * allocated and prepared. As part of the recvmsg operation, the processed | |
23 | * TX buffers are extracted from the TX SGL into a separate SGL. | |
24 | * | |
25 | * After the completion of the crypto operation, the RX SGL and the cipher | |
26 | * request is released. The extracted TX SGL parts are released together with | |
27 | * the RX SGL release. | |
400c40cf SM |
28 | */ |
29 | ||
83094e5e | 30 | #include <crypto/internal/aead.h> |
400c40cf SM |
31 | #include <crypto/scatterwalk.h> |
32 | #include <crypto/if_alg.h> | |
72548b09 SM |
33 | #include <crypto/skcipher.h> |
34 | #include <crypto/null.h> | |
400c40cf SM |
35 | #include <linux/init.h> |
36 | #include <linux/list.h> | |
37 | #include <linux/kernel.h> | |
38 | #include <linux/mm.h> | |
39 | #include <linux/module.h> | |
40 | #include <linux/net.h> | |
41 | #include <net/sock.h> | |
42 | ||
2a2a251f SM |
43 | struct aead_tfm { |
44 | struct crypto_aead *aead; | |
45 | bool has_key; | |
72548b09 | 46 | struct crypto_skcipher *null_tfm; |
2a2a251f SM |
47 | }; |
48 | ||
d887c52d SM |
49 | static inline bool aead_sufficient_data(struct sock *sk) |
50 | { | |
51 | struct alg_sock *ask = alg_sk(sk); | |
52 | struct sock *psk = ask->parent; | |
53 | struct alg_sock *pask = alg_sk(psk); | |
2d97591e | 54 | struct af_alg_ctx *ctx = ask->private; |
d887c52d SM |
55 | struct aead_tfm *aeadc = pask->private; |
56 | struct crypto_aead *tfm = aeadc->aead; | |
57 | unsigned int as = crypto_aead_authsize(tfm); | |
400c40cf | 58 | |
0c1e16cd SM |
59 | /* |
60 | * The minimum amount of memory needed for an AEAD cipher is | |
61 | * the AAD and in case of decryption the tag. | |
62 | */ | |
63 | return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as); | |
400c40cf SM |
64 | } |
65 | ||
eccd02f3 | 66 | static int aead_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) |
400c40cf SM |
67 | { |
68 | struct sock *sk = sock->sk; | |
69 | struct alg_sock *ask = alg_sk(sk); | |
d887c52d SM |
70 | struct sock *psk = ask->parent; |
71 | struct alg_sock *pask = alg_sk(psk); | |
d887c52d SM |
72 | struct aead_tfm *aeadc = pask->private; |
73 | struct crypto_aead *tfm = aeadc->aead; | |
74 | unsigned int ivsize = crypto_aead_ivsize(tfm); | |
400c40cf | 75 | |
2d97591e | 76 | return af_alg_sendmsg(sock, msg, size, ivsize); |
83094e5e TS |
77 | } |
78 | ||
72548b09 SM |
79 | static int crypto_aead_copy_sgl(struct crypto_skcipher *null_tfm, |
80 | struct scatterlist *src, | |
81 | struct scatterlist *dst, unsigned int len) | |
82 | { | |
83 | SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm); | |
84 | ||
85 | skcipher_request_set_tfm(skreq, null_tfm); | |
86 | skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
87 | NULL, NULL); | |
88 | skcipher_request_set_crypt(skreq, src, dst, len, NULL); | |
89 | ||
90 | return crypto_skcipher_encrypt(skreq); | |
91 | } | |
92 | ||
d887c52d SM |
93 | static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, |
94 | size_t ignored, int flags) | |
400c40cf SM |
95 | { |
96 | struct sock *sk = sock->sk; | |
97 | struct alg_sock *ask = alg_sk(sk); | |
d887c52d SM |
98 | struct sock *psk = ask->parent; |
99 | struct alg_sock *pask = alg_sk(psk); | |
2d97591e | 100 | struct af_alg_ctx *ctx = ask->private; |
d887c52d SM |
101 | struct aead_tfm *aeadc = pask->private; |
102 | struct crypto_aead *tfm = aeadc->aead; | |
72548b09 | 103 | struct crypto_skcipher *null_tfm = aeadc->null_tfm; |
8e1fa89a | 104 | unsigned int i, as = crypto_aead_authsize(tfm); |
2d97591e | 105 | struct af_alg_async_req *areq; |
8e1fa89a SM |
106 | struct af_alg_tsgl *tsgl, *tmp; |
107 | struct scatterlist *rsgl_src, *tsgl_src = NULL; | |
d887c52d SM |
108 | int err = 0; |
109 | size_t used = 0; /* [in] TX bufs to be en/decrypted */ | |
110 | size_t outlen = 0; /* [out] RX bufs produced by kernel */ | |
111 | size_t usedpages = 0; /* [in] RX bufs to be used from user */ | |
112 | size_t processed = 0; /* [in] TX bufs to be consumed */ | |
400c40cf | 113 | |
11edb555 SM |
114 | if (!ctx->used) { |
115 | err = af_alg_wait_for_data(sk, flags); | |
116 | if (err) | |
117 | return err; | |
118 | } | |
119 | ||
400c40cf | 120 | /* |
d887c52d SM |
121 | * Data length provided by caller via sendmsg/sendpage that has not |
122 | * yet been processed. | |
400c40cf | 123 | */ |
400c40cf SM |
124 | used = ctx->used; |
125 | ||
126 | /* | |
127 | * Make sure sufficient data is present -- note, the same check is | |
128 | * is also present in sendmsg/sendpage. The checks in sendpage/sendmsg | |
129 | * shall provide an information to the data sender that something is | |
130 | * wrong, but they are irrelevant to maintain the kernel integrity. | |
131 | * We need this check here too in case user space decides to not honor | |
132 | * the error message in sendmsg/sendpage and still call recvmsg. This | |
133 | * check here protects the kernel integrity. | |
134 | */ | |
d887c52d SM |
135 | if (!aead_sufficient_data(sk)) |
136 | return -EINVAL; | |
400c40cf | 137 | |
0c1e16cd SM |
138 | /* |
139 | * Calculate the minimum output buffer size holding the result of the | |
140 | * cipher operation. When encrypting data, the receiving buffer is | |
141 | * larger by the tag length compared to the input buffer as the | |
142 | * encryption operation generates the tag. For decryption, the input | |
143 | * buffer provides the tag which is consumed resulting in only the | |
144 | * plaintext without a buffer for the tag returned to the caller. | |
145 | */ | |
146 | if (ctx->enc) | |
147 | outlen = used + as; | |
148 | else | |
149 | outlen = used - as; | |
19fa7752 | 150 | |
400c40cf SM |
151 | /* |
152 | * The cipher operation input data is reduced by the associated data | |
153 | * length as this data is processed separately later on. | |
154 | */ | |
0c1e16cd | 155 | used -= ctx->aead_assoclen; |
400c40cf | 156 | |
d887c52d | 157 | /* Allocate cipher request for current operation. */ |
2d97591e SM |
158 | areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + |
159 | crypto_aead_reqsize(tfm)); | |
160 | if (IS_ERR(areq)) | |
161 | return PTR_ERR(areq); | |
d887c52d SM |
162 | |
163 | /* convert iovecs of output buffers into RX SGL */ | |
2d97591e SM |
164 | err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages); |
165 | if (err) | |
166 | goto free; | |
400c40cf | 167 | |
d887c52d SM |
168 | /* |
169 | * Ensure output buffer is sufficiently large. If the caller provides | |
170 | * less buffer space, only use the relative required input size. This | |
171 | * allows AIO operation where the caller sent all data to be processed | |
172 | * and the AIO operation performs the operation on the different chunks | |
173 | * of the input data. | |
174 | */ | |
0c1e16cd | 175 | if (usedpages < outlen) { |
d887c52d | 176 | size_t less = outlen - usedpages; |
400c40cf | 177 | |
d887c52d SM |
178 | if (used < less) { |
179 | err = -EINVAL; | |
180 | goto free; | |
181 | } | |
182 | used -= less; | |
183 | outlen -= less; | |
184 | } | |
400c40cf | 185 | |
72548b09 | 186 | processed = used + ctx->aead_assoclen; |
8e1fa89a SM |
187 | list_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) { |
188 | for (i = 0; i < tsgl->cur; i++) { | |
189 | struct scatterlist *process_sg = tsgl->sg + i; | |
190 | ||
191 | if (!(process_sg->length) || !sg_page(process_sg)) | |
192 | continue; | |
193 | tsgl_src = process_sg; | |
194 | break; | |
195 | } | |
196 | if (tsgl_src) | |
197 | break; | |
198 | } | |
199 | if (processed && !tsgl_src) { | |
200 | err = -EFAULT; | |
201 | goto free; | |
202 | } | |
72548b09 | 203 | |
d887c52d | 204 | /* |
72548b09 SM |
205 | * Copy of AAD from source to destination |
206 | * | |
207 | * The AAD is copied to the destination buffer without change. Even | |
208 | * when user space uses an in-place cipher operation, the kernel | |
209 | * will copy the data as it does not see whether such in-place operation | |
210 | * is initiated. | |
211 | * | |
212 | * To ensure efficiency, the following implementation ensure that the | |
213 | * ciphers are invoked to perform a crypto operation in-place. This | |
214 | * is achieved by memory management specified as follows. | |
d887c52d | 215 | */ |
72548b09 SM |
216 | |
217 | /* Use the RX SGL as source (and destination) for crypto op. */ | |
8e1fa89a | 218 | rsgl_src = areq->first_rsgl.sgl.sg; |
72548b09 SM |
219 | |
220 | if (ctx->enc) { | |
221 | /* | |
222 | * Encryption operation - The in-place cipher operation is | |
223 | * achieved by the following operation: | |
224 | * | |
75d11e75 | 225 | * TX SGL: AAD || PT |
72548b09 SM |
226 | * | | |
227 | * | copy | | |
228 | * v v | |
75d11e75 | 229 | * RX SGL: AAD || PT || Tag |
72548b09 | 230 | */ |
8e1fa89a | 231 | err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
72548b09 SM |
232 | areq->first_rsgl.sgl.sg, processed); |
233 | if (err) | |
234 | goto free; | |
2d97591e | 235 | af_alg_pull_tsgl(sk, processed, NULL, 0); |
72548b09 SM |
236 | } else { |
237 | /* | |
238 | * Decryption operation - To achieve an in-place cipher | |
239 | * operation, the following SGL structure is used: | |
240 | * | |
241 | * TX SGL: AAD || CT || Tag | |
242 | * | | ^ | |
243 | * | copy | | Create SGL link. | |
244 | * v v | | |
245 | * RX SGL: AAD || CT ----+ | |
246 | */ | |
247 | ||
248 | /* Copy AAD || CT to RX SGL buffer for in-place operation. */ | |
8e1fa89a | 249 | err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
72548b09 SM |
250 | areq->first_rsgl.sgl.sg, outlen); |
251 | if (err) | |
252 | goto free; | |
253 | ||
254 | /* Create TX SGL for tag and chain it to RX SGL. */ | |
2d97591e SM |
255 | areq->tsgl_entries = af_alg_count_tsgl(sk, processed, |
256 | processed - as); | |
72548b09 SM |
257 | if (!areq->tsgl_entries) |
258 | areq->tsgl_entries = 1; | |
259 | areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * | |
260 | areq->tsgl_entries, | |
261 | GFP_KERNEL); | |
262 | if (!areq->tsgl) { | |
263 | err = -ENOMEM; | |
264 | goto free; | |
265 | } | |
266 | sg_init_table(areq->tsgl, areq->tsgl_entries); | |
267 | ||
268 | /* Release TX SGL, except for tag data and reassign tag data. */ | |
2d97591e | 269 | af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); |
72548b09 SM |
270 | |
271 | /* chain the areq TX SGL holding the tag with RX SGL */ | |
2d97591e | 272 | if (usedpages) { |
72548b09 | 273 | /* RX SGL present */ |
2d97591e | 274 | struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; |
72548b09 SM |
275 | |
276 | sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); | |
277 | sg_chain(sgl_prev->sg, sgl_prev->npages + 1, | |
278 | areq->tsgl); | |
279 | } else | |
280 | /* no RX SGL present (e.g. authentication only) */ | |
8e1fa89a | 281 | rsgl_src = areq->tsgl; |
d887c52d | 282 | } |
d887c52d SM |
283 | |
284 | /* Initialize the crypto operation */ | |
8e1fa89a | 285 | aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, |
d887c52d | 286 | areq->first_rsgl.sgl.sg, used, ctx->iv); |
2d97591e SM |
287 | aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); |
288 | aead_request_set_tfm(&areq->cra_u.aead_req, tfm); | |
d887c52d SM |
289 | |
290 | if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { | |
291 | /* AIO operation */ | |
7d2c3f54 | 292 | sock_hold(sk); |
d887c52d | 293 | areq->iocb = msg->msg_iocb; |
2d97591e | 294 | aead_request_set_callback(&areq->cra_u.aead_req, |
d887c52d | 295 | CRYPTO_TFM_REQ_MAY_BACKLOG, |
2d97591e SM |
296 | af_alg_async_cb, areq); |
297 | err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) : | |
298 | crypto_aead_decrypt(&areq->cra_u.aead_req); | |
7d2c3f54 SM |
299 | |
300 | /* AIO operation in progress */ | |
301 | if (err == -EINPROGRESS || err == -EBUSY) { | |
302 | /* Remember output size that will be generated. */ | |
303 | areq->outlen = outlen; | |
304 | ||
305 | return -EIOCBQUEUED; | |
306 | } | |
307 | ||
308 | sock_put(sk); | |
d887c52d SM |
309 | } else { |
310 | /* Synchronous operation */ | |
2d97591e | 311 | aead_request_set_callback(&areq->cra_u.aead_req, |
d887c52d | 312 | CRYPTO_TFM_REQ_MAY_BACKLOG, |
2c3f8b16 GBY |
313 | crypto_req_done, &ctx->wait); |
314 | err = crypto_wait_req(ctx->enc ? | |
2d97591e SM |
315 | crypto_aead_encrypt(&areq->cra_u.aead_req) : |
316 | crypto_aead_decrypt(&areq->cra_u.aead_req), | |
2c3f8b16 | 317 | &ctx->wait); |
400c40cf SM |
318 | } |
319 | ||
d887c52d SM |
320 | |
321 | free: | |
7d2c3f54 | 322 | af_alg_free_resources(areq); |
400c40cf SM |
323 | |
324 | return err ? err : outlen; | |
325 | } | |
326 | ||
d887c52d SM |
327 | static int aead_recvmsg(struct socket *sock, struct msghdr *msg, |
328 | size_t ignored, int flags) | |
83094e5e | 329 | { |
d887c52d SM |
330 | struct sock *sk = sock->sk; |
331 | int ret = 0; | |
332 | ||
333 | lock_sock(sk); | |
334 | while (msg_data_left(msg)) { | |
335 | int err = _aead_recvmsg(sock, msg, ignored, flags); | |
336 | ||
337 | /* | |
338 | * This error covers -EIOCBQUEUED which implies that we can | |
339 | * only handle one AIO request. If the caller wants to have | |
340 | * multiple AIO requests in parallel, he must make multiple | |
341 | * separate AIO calls. | |
5703c826 SM |
342 | * |
343 | * Also return the error if no data has been processed so far. | |
d887c52d SM |
344 | */ |
345 | if (err <= 0) { | |
5703c826 | 346 | if (err == -EIOCBQUEUED || err == -EBADMSG || !ret) |
d887c52d SM |
347 | ret = err; |
348 | goto out; | |
349 | } | |
350 | ||
351 | ret += err; | |
352 | } | |
353 | ||
354 | out: | |
2d97591e | 355 | af_alg_wmem_wakeup(sk); |
d887c52d SM |
356 | release_sock(sk); |
357 | return ret; | |
83094e5e TS |
358 | } |
359 | ||
400c40cf SM |
360 | static struct proto_ops algif_aead_ops = { |
361 | .family = PF_ALG, | |
362 | ||
363 | .connect = sock_no_connect, | |
364 | .socketpair = sock_no_socketpair, | |
365 | .getname = sock_no_getname, | |
366 | .ioctl = sock_no_ioctl, | |
367 | .listen = sock_no_listen, | |
368 | .shutdown = sock_no_shutdown, | |
369 | .getsockopt = sock_no_getsockopt, | |
370 | .mmap = sock_no_mmap, | |
371 | .bind = sock_no_bind, | |
372 | .accept = sock_no_accept, | |
373 | .setsockopt = sock_no_setsockopt, | |
374 | ||
375 | .release = af_alg_release, | |
376 | .sendmsg = aead_sendmsg, | |
2d97591e | 377 | .sendpage = af_alg_sendpage, |
400c40cf | 378 | .recvmsg = aead_recvmsg, |
2d97591e | 379 | .poll = af_alg_poll, |
400c40cf SM |
380 | }; |
381 | ||
2a2a251f SM |
382 | static int aead_check_key(struct socket *sock) |
383 | { | |
384 | int err = 0; | |
385 | struct sock *psk; | |
386 | struct alg_sock *pask; | |
387 | struct aead_tfm *tfm; | |
388 | struct sock *sk = sock->sk; | |
389 | struct alg_sock *ask = alg_sk(sk); | |
390 | ||
391 | lock_sock(sk); | |
392 | if (ask->refcnt) | |
393 | goto unlock_child; | |
394 | ||
395 | psk = ask->parent; | |
396 | pask = alg_sk(ask->parent); | |
397 | tfm = pask->private; | |
398 | ||
399 | err = -ENOKEY; | |
400 | lock_sock_nested(psk, SINGLE_DEPTH_NESTING); | |
401 | if (!tfm->has_key) | |
402 | goto unlock; | |
403 | ||
404 | if (!pask->refcnt++) | |
405 | sock_hold(psk); | |
406 | ||
407 | ask->refcnt = 1; | |
408 | sock_put(psk); | |
409 | ||
410 | err = 0; | |
411 | ||
412 | unlock: | |
413 | release_sock(psk); | |
414 | unlock_child: | |
415 | release_sock(sk); | |
416 | ||
417 | return err; | |
418 | } | |
419 | ||
420 | static int aead_sendmsg_nokey(struct socket *sock, struct msghdr *msg, | |
421 | size_t size) | |
422 | { | |
423 | int err; | |
424 | ||
425 | err = aead_check_key(sock); | |
426 | if (err) | |
427 | return err; | |
428 | ||
429 | return aead_sendmsg(sock, msg, size); | |
430 | } | |
431 | ||
432 | static ssize_t aead_sendpage_nokey(struct socket *sock, struct page *page, | |
433 | int offset, size_t size, int flags) | |
434 | { | |
435 | int err; | |
436 | ||
437 | err = aead_check_key(sock); | |
438 | if (err) | |
439 | return err; | |
440 | ||
2d97591e | 441 | return af_alg_sendpage(sock, page, offset, size, flags); |
2a2a251f SM |
442 | } |
443 | ||
444 | static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg, | |
445 | size_t ignored, int flags) | |
446 | { | |
447 | int err; | |
448 | ||
449 | err = aead_check_key(sock); | |
450 | if (err) | |
451 | return err; | |
452 | ||
453 | return aead_recvmsg(sock, msg, ignored, flags); | |
454 | } | |
455 | ||
456 | static struct proto_ops algif_aead_ops_nokey = { | |
457 | .family = PF_ALG, | |
458 | ||
459 | .connect = sock_no_connect, | |
460 | .socketpair = sock_no_socketpair, | |
461 | .getname = sock_no_getname, | |
462 | .ioctl = sock_no_ioctl, | |
463 | .listen = sock_no_listen, | |
464 | .shutdown = sock_no_shutdown, | |
465 | .getsockopt = sock_no_getsockopt, | |
466 | .mmap = sock_no_mmap, | |
467 | .bind = sock_no_bind, | |
468 | .accept = sock_no_accept, | |
469 | .setsockopt = sock_no_setsockopt, | |
470 | ||
471 | .release = af_alg_release, | |
472 | .sendmsg = aead_sendmsg_nokey, | |
473 | .sendpage = aead_sendpage_nokey, | |
474 | .recvmsg = aead_recvmsg_nokey, | |
2d97591e | 475 | .poll = af_alg_poll, |
2a2a251f SM |
476 | }; |
477 | ||
400c40cf SM |
478 | static void *aead_bind(const char *name, u32 type, u32 mask) |
479 | { | |
2a2a251f SM |
480 | struct aead_tfm *tfm; |
481 | struct crypto_aead *aead; | |
72548b09 | 482 | struct crypto_skcipher *null_tfm; |
2a2a251f SM |
483 | |
484 | tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); | |
485 | if (!tfm) | |
486 | return ERR_PTR(-ENOMEM); | |
487 | ||
488 | aead = crypto_alloc_aead(name, type, mask); | |
489 | if (IS_ERR(aead)) { | |
490 | kfree(tfm); | |
491 | return ERR_CAST(aead); | |
492 | } | |
493 | ||
72548b09 SM |
494 | null_tfm = crypto_get_default_null_skcipher2(); |
495 | if (IS_ERR(null_tfm)) { | |
496 | crypto_free_aead(aead); | |
497 | kfree(tfm); | |
498 | return ERR_CAST(null_tfm); | |
499 | } | |
500 | ||
2a2a251f | 501 | tfm->aead = aead; |
72548b09 | 502 | tfm->null_tfm = null_tfm; |
2a2a251f SM |
503 | |
504 | return tfm; | |
400c40cf SM |
505 | } |
506 | ||
507 | static void aead_release(void *private) | |
508 | { | |
2a2a251f SM |
509 | struct aead_tfm *tfm = private; |
510 | ||
511 | crypto_free_aead(tfm->aead); | |
512 | kfree(tfm); | |
400c40cf SM |
513 | } |
514 | ||
515 | static int aead_setauthsize(void *private, unsigned int authsize) | |
516 | { | |
2a2a251f SM |
517 | struct aead_tfm *tfm = private; |
518 | ||
519 | return crypto_aead_setauthsize(tfm->aead, authsize); | |
400c40cf SM |
520 | } |
521 | ||
522 | static int aead_setkey(void *private, const u8 *key, unsigned int keylen) | |
523 | { | |
2a2a251f SM |
524 | struct aead_tfm *tfm = private; |
525 | int err; | |
526 | ||
527 | err = crypto_aead_setkey(tfm->aead, key, keylen); | |
528 | tfm->has_key = !err; | |
529 | ||
530 | return err; | |
400c40cf SM |
531 | } |
532 | ||
533 | static void aead_sock_destruct(struct sock *sk) | |
534 | { | |
535 | struct alg_sock *ask = alg_sk(sk); | |
2d97591e | 536 | struct af_alg_ctx *ctx = ask->private; |
d887c52d SM |
537 | struct sock *psk = ask->parent; |
538 | struct alg_sock *pask = alg_sk(psk); | |
539 | struct aead_tfm *aeadc = pask->private; | |
540 | struct crypto_aead *tfm = aeadc->aead; | |
541 | unsigned int ivlen = crypto_aead_ivsize(tfm); | |
400c40cf | 542 | |
2d97591e | 543 | af_alg_pull_tsgl(sk, ctx->used, NULL, 0); |
72548b09 | 544 | crypto_put_default_null_skcipher2(); |
400c40cf SM |
545 | sock_kzfree_s(sk, ctx->iv, ivlen); |
546 | sock_kfree_s(sk, ctx, ctx->len); | |
547 | af_alg_release_parent(sk); | |
548 | } | |
549 | ||
2a2a251f | 550 | static int aead_accept_parent_nokey(void *private, struct sock *sk) |
400c40cf | 551 | { |
2d97591e | 552 | struct af_alg_ctx *ctx; |
400c40cf | 553 | struct alg_sock *ask = alg_sk(sk); |
2a2a251f SM |
554 | struct aead_tfm *tfm = private; |
555 | struct crypto_aead *aead = tfm->aead; | |
d887c52d | 556 | unsigned int len = sizeof(*ctx); |
2a2a251f | 557 | unsigned int ivlen = crypto_aead_ivsize(aead); |
400c40cf SM |
558 | |
559 | ctx = sock_kmalloc(sk, len, GFP_KERNEL); | |
560 | if (!ctx) | |
561 | return -ENOMEM; | |
562 | memset(ctx, 0, len); | |
563 | ||
564 | ctx->iv = sock_kmalloc(sk, ivlen, GFP_KERNEL); | |
565 | if (!ctx->iv) { | |
566 | sock_kfree_s(sk, ctx, len); | |
567 | return -ENOMEM; | |
568 | } | |
569 | memset(ctx->iv, 0, ivlen); | |
570 | ||
d887c52d | 571 | INIT_LIST_HEAD(&ctx->tsgl_list); |
400c40cf SM |
572 | ctx->len = len; |
573 | ctx->used = 0; | |
d887c52d | 574 | ctx->rcvused = 0; |
400c40cf SM |
575 | ctx->more = 0; |
576 | ctx->merge = 0; | |
577 | ctx->enc = 0; | |
400c40cf | 578 | ctx->aead_assoclen = 0; |
2c3f8b16 | 579 | crypto_init_wait(&ctx->wait); |
400c40cf SM |
580 | |
581 | ask->private = ctx; | |
582 | ||
400c40cf SM |
583 | sk->sk_destruct = aead_sock_destruct; |
584 | ||
585 | return 0; | |
586 | } | |
587 | ||
2a2a251f SM |
588 | static int aead_accept_parent(void *private, struct sock *sk) |
589 | { | |
590 | struct aead_tfm *tfm = private; | |
591 | ||
592 | if (!tfm->has_key) | |
593 | return -ENOKEY; | |
594 | ||
595 | return aead_accept_parent_nokey(private, sk); | |
596 | } | |
597 | ||
400c40cf SM |
598 | static const struct af_alg_type algif_type_aead = { |
599 | .bind = aead_bind, | |
600 | .release = aead_release, | |
601 | .setkey = aead_setkey, | |
602 | .setauthsize = aead_setauthsize, | |
603 | .accept = aead_accept_parent, | |
2a2a251f | 604 | .accept_nokey = aead_accept_parent_nokey, |
400c40cf | 605 | .ops = &algif_aead_ops, |
2a2a251f | 606 | .ops_nokey = &algif_aead_ops_nokey, |
400c40cf SM |
607 | .name = "aead", |
608 | .owner = THIS_MODULE | |
609 | }; | |
610 | ||
611 | static int __init algif_aead_init(void) | |
612 | { | |
613 | return af_alg_register_type(&algif_type_aead); | |
614 | } | |
615 | ||
616 | static void __exit algif_aead_exit(void) | |
617 | { | |
618 | int err = af_alg_unregister_type(&algif_type_aead); | |
619 | BUG_ON(err); | |
620 | } | |
621 | ||
622 | module_init(algif_aead_init); | |
623 | module_exit(algif_aead_exit); | |
624 | MODULE_LICENSE("GPL"); | |
625 | MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>"); | |
626 | MODULE_DESCRIPTION("AEAD kernel crypto API user space interface"); |