netlink: decode NETLINK_CRYPTO crypto_user_alg netlink attributes

* configure.ac (AC_CHECK_TYPES): Check for crypto_report_aead,
crypto_report_blkcipher, crypto_report_cipher, crypto_report_hash,
and crypto_report_rng structures in <linux/cryptouser.h>.
* netlink_crypto.c (decode_crypto_report_generic,
decode_crypto_report_hash, decode_crypto_report_blkcipher,
decode_crypto_report_aead, decode_crypto_report_rng,
decode_crypto_report_cipher): New functions.
(crypto_user_alg_nla_decoders): New array.
(decode_crypto_user_alg): Use it.
* xlat/crypto_nl_attrs.in: New file.
* NEWS: Mention this.

NEWS

@@ -19,6 +19,8 @@ Noteworthy changes in release ?.?? (????-??-??)
   * Implemented decoding of netlink message ack flags.
   * Implemented decoding of nlmsgerr netlink attributes.
   * Implemented basic protocol specific decoding of NETLINK_CRYPTO.
+  * Implemented decoding of crypto_user_alg netlink attributes
+    of NETLINK_CRYPTO.
   * Updated lists of BPF_*, KEY_*, RWF_*, SCM_*, SO_*, and *_MAGIC constants.
   * Added decoding of arch_prctl syscall on x86.
 

configure.ac

@@ -320,6 +320,14 @@ AC_CHECK_TYPES(m4_normalize([
 [#include <sys/types.h>
 #include <linux/fcntl.h>])
 
+AC_CHECK_TYPES(m4_normalize([
+	struct crypto_report_aead,
+	struct crypto_report_blkcipher,
+	struct crypto_report_cipher,
+	struct crypto_report_hash,
+	struct crypto_report_rng
+]),,, [#include <linux/cryptouser.h>])
+
 AC_CHECK_MEMBERS([struct timex.tai],,, [#include <sys/timex.h>])
 
 AC_CHECK_MEMBERS([struct utsname.domainname],,, [#include <sys/utsname.h>])

netlink_crypto.c

@@ -36,6 +36,160 @@
 
 # include <linux/cryptouser.h>
 
+# include "xlat/crypto_nl_attrs.h"
+
+static bool
+decode_crypto_report_generic(struct tcb *const tcp,
+			     const kernel_ulong_t addr,
+			     const unsigned int len,
+			     const void *const opaque_data)
+{
+	tprints("{type=");
+	printstr_ex(tcp, addr, len, QUOTE_0_TERMINATED);
+	tprints("}");
+
+	return true;
+}
+
+static bool
+decode_crypto_report_hash(struct tcb *const tcp,
+			  const kernel_ulong_t addr,
+			  const unsigned int len,
+			  const void *const opaque_data)
+{
+# ifdef HAVE_STRUCT_CRYPTO_REPORT_HASH
+	struct crypto_report_hash rhash;
+
+	if (len < sizeof(rhash))
+		printstrn(tcp, addr, len);
+	else if (!umove_or_printaddr(tcp, addr, &rhash)) {
+		PRINT_FIELD_CSTRING("{", rhash, type);
+		PRINT_FIELD_U(", ", rhash, blocksize);
+		PRINT_FIELD_U(", ", rhash, digestsize);
+		tprints("}");
+	}
+# else
+	printstrn(tcp, addr, len);
+# endif
+
+	return true;
+}
+
+static bool
+decode_crypto_report_blkcipher(struct tcb *const tcp,
+			       const kernel_ulong_t addr,
+			       const unsigned int len,
+			       const void *const opaque_data)
+{
+# ifdef HAVE_STRUCT_CRYPTO_REPORT_BLKCIPHER
+	struct crypto_report_blkcipher rblkcipher;
+
+	if (len < sizeof(rblkcipher))
+		printstrn(tcp, addr, len);
+	else if (!umove_or_printaddr(tcp, addr, &rblkcipher)) {
+		PRINT_FIELD_CSTRING("{", rblkcipher, type);
+		PRINT_FIELD_CSTRING(", ", rblkcipher, geniv);
+		PRINT_FIELD_U(", ", rblkcipher, blocksize);
+		PRINT_FIELD_U(", ", rblkcipher, min_keysize);
+		PRINT_FIELD_U(", ", rblkcipher, max_keysize);
+		PRINT_FIELD_U(", ", rblkcipher, ivsize);
+		tprints("}");
+	}
+# else
+	printstrn(tcp, addr, len);
+# endif
+
+	return true;
+}
+
+static bool
+decode_crypto_report_aead(struct tcb *const tcp,
+			  const kernel_ulong_t addr,
+			  const unsigned int len,
+			  const void *const opaque_data)
+{
+# ifdef HAVE_STRUCT_CRYPTO_REPORT_AEAD
+	struct crypto_report_aead raead;
+
+	if (len < sizeof(raead))
+		printstrn(tcp, addr, len);
+	else if (!umove_or_printaddr(tcp, addr, &raead)) {
+		PRINT_FIELD_CSTRING("{", raead, type);
+		PRINT_FIELD_CSTRING(", ", raead, geniv);
+		PRINT_FIELD_U(", ", raead, blocksize);
+		PRINT_FIELD_U(", ", raead, maxauthsize);
+		PRINT_FIELD_U(", ", raead, ivsize);
+		tprints("}");
+	}
+# else
+	printstrn(tcp, addr, len);
+# endif
+
+	return true;
+}
+
+static bool
+decode_crypto_report_rng(struct tcb *const tcp,
+			 const kernel_ulong_t addr,
+			 const unsigned int len,
+			 const void *const opaque_data)
+{
+# ifdef HAVE_STRUCT_CRYPTO_REPORT_RNG
+	struct crypto_report_rng rrng;
+
+	if (len < sizeof(rrng))
+		printstrn(tcp, addr, len);
+	else if (!umove_or_printaddr(tcp, addr, &rrng)) {
+		PRINT_FIELD_CSTRING("{", rrng, type);
+		PRINT_FIELD_U(", ", rrng, seedsize);
+		tprints("}");
+	}
+# else
+	printstrn(tcp, addr, len);
+# endif
+
+	return true;
+}
+
+static bool
+decode_crypto_report_cipher(struct tcb *const tcp,
+			    const kernel_ulong_t addr,
+			    const unsigned int len,
+			    const void *const opaque_data)
+{
+# ifdef HAVE_STRUCT_CRYPTO_REPORT_CIPHER
+	struct crypto_report_cipher rcipher;
+
+	if (len < sizeof(rcipher))
+		printstrn(tcp, addr, len);
+	else if (!umove_or_printaddr(tcp, addr, &rcipher)) {
+		PRINT_FIELD_CSTRING("{", rcipher, type);
+		PRINT_FIELD_U(", ", rcipher, blocksize);
+		PRINT_FIELD_U(", ", rcipher, min_keysize);
+		PRINT_FIELD_U(", ", rcipher, max_keysize);
+		tprints("}");
+	}
+# else
+	printstrn(tcp, addr, len);
+# endif
+
+	return true;
+}
+
+static const nla_decoder_t crypto_user_alg_nla_decoders[] = {
+	[CRYPTOCFGA_PRIORITY_VAL]	= decode_nla_u32,
+	[CRYPTOCFGA_REPORT_LARVAL]	= decode_crypto_report_generic,
+	[CRYPTOCFGA_REPORT_HASH]	= decode_crypto_report_hash,
+	[CRYPTOCFGA_REPORT_BLKCIPHER]	= decode_crypto_report_blkcipher,
+	[CRYPTOCFGA_REPORT_AEAD]	= decode_crypto_report_aead,
+	[CRYPTOCFGA_REPORT_COMPRESS]	= decode_crypto_report_generic,
+	[CRYPTOCFGA_REPORT_RNG]		= decode_crypto_report_rng,
+	[CRYPTOCFGA_REPORT_CIPHER]	= decode_crypto_report_cipher,
+	[CRYPTOCFGA_REPORT_AKCIPHER]	= decode_crypto_report_generic,
+	[CRYPTOCFGA_REPORT_KPP]		= decode_crypto_report_generic,
+	[CRYPTOCFGA_REPORT_ACOMP]	= decode_crypto_report_generic
+};
+
 static void
 decode_crypto_user_alg(struct tcb *const tcp,
 		       const kernel_ulong_t addr,
@@ -54,6 +208,16 @@ decode_crypto_user_alg(struct tcb *const tcp,
 		PRINT_FIELD_U(", ", alg, cru_refcnt);
 		PRINT_FIELD_X(", ", alg, cru_flags);
 		tprints("}");
+
+		const size_t offset = NLMSG_ALIGN(sizeof(alg));
+		if (len > offset) {
+			tprints(", ");
+			decode_nlattr(tcp, addr + offset, len - offset,
+				      crypto_nl_attrs, "CRYPTOCFGA_???",
+				      crypto_user_alg_nla_decoders,
+				      ARRAY_SIZE(crypto_user_alg_nla_decoders),
+				      NULL);
+		}
 	}
 }
 

xlat/crypto_nl_attrs.in

@@ -0,0 +1,12 @@
+CRYPTOCFGA_UNSPEC		0
+CRYPTOCFGA_PRIORITY_VAL		1
+CRYPTOCFGA_REPORT_LARVAL	2
+CRYPTOCFGA_REPORT_HASH		3
+CRYPTOCFGA_REPORT_BLKCIPHER	4
+CRYPTOCFGA_REPORT_AEAD		5
+CRYPTOCFGA_REPORT_COMPRESS	6
+CRYPTOCFGA_REPORT_RNG		7
+CRYPTOCFGA_REPORT_CIPHER	8
+CRYPTOCFGA_REPORT_AKCIPHER	9
+CRYPTOCFGA_REPORT_KPP		10
+CRYPTOCFGA_REPORT_ACOMP		11