2011-09-27 07:23:50 +02:00
/*
* Crypto user configuration API .
*
* Copyright ( C ) 2011 secunet Security Networks AG
* Copyright ( C ) 2011 Steffen Klassert < steffen . klassert @ secunet . com >
*
* This program is free software ; you can redistribute it and / or modify it
* under the terms and conditions of the GNU General Public License ,
* version 2 , as published by the Free Software Foundation .
*
* This program is distributed in the hope it will be useful , but WITHOUT
* ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for
* more details .
*
* You should have received a copy of the GNU General Public License along with
* this program ; if not , write to the Free Software Foundation , Inc . ,
* 51 Franklin St - Fifth Floor , Boston , MA 02110 - 1301 USA .
*/
# include <linux/module.h>
# include <linux/crypto.h>
# include <linux/cryptouser.h>
2012-03-29 09:03:47 +02:00
# include <linux/sched.h>
2011-09-27 07:23:50 +02:00
# include <net/netlink.h>
# include <linux/security.h>
# include <net/net_namespace.h>
2012-03-29 09:03:47 +02:00
# include <crypto/internal/skcipher.h>
2015-06-21 19:11:45 +08:00
# include <crypto/internal/rng.h>
2015-06-16 10:30:55 -07:00
# include <crypto/akcipher.h>
2012-03-29 09:03:47 +02:00
2011-09-27 07:23:50 +02:00
# include "internal.h"
2013-02-05 18:19:15 +01:00
# define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
2012-08-28 16:46:54 +03:00
static DEFINE_MUTEX ( crypto_cfg_mutex ) ;
2011-09-27 07:23:50 +02:00
/* The crypto netlink socket */
static struct sock * crypto_nlsk ;
struct crypto_dump_info {
struct sk_buff * in_skb ;
struct sk_buff * out_skb ;
u32 nlmsg_seq ;
u16 nlmsg_flags ;
} ;
static struct crypto_alg * crypto_alg_match ( struct crypto_user_alg * p , int exact )
{
struct crypto_alg * q , * alg = NULL ;
down_read ( & crypto_alg_sem ) ;
list_for_each_entry ( q , & crypto_alg_list , cra_list ) {
2011-10-21 14:37:10 +02:00
int match = 0 ;
2011-09-27 07:23:50 +02:00
if ( ( q - > cra_flags ^ p - > cru_type ) & p - > cru_mask )
continue ;
if ( strlen ( p - > cru_driver_name ) )
match = ! strcmp ( q - > cra_driver_name ,
p - > cru_driver_name ) ;
else if ( ! exact )
match = ! strcmp ( q - > cra_name , p - > cru_name ) ;
2015-04-07 21:27:01 +08:00
if ( ! match )
continue ;
if ( unlikely ( ! crypto_mod_get ( q ) ) )
continue ;
alg = q ;
break ;
2011-09-27 07:23:50 +02:00
}
up_read ( & crypto_alg_sem ) ;
return alg ;
}
2011-09-27 07:48:01 +02:00
static int crypto_report_cipher ( struct sk_buff * skb , struct crypto_alg * alg )
{
struct crypto_report_cipher rcipher ;
2013-02-05 18:19:13 +01:00
strncpy ( rcipher . type , " cipher " , sizeof ( rcipher . type ) ) ;
2011-09-27 07:48:01 +02:00
rcipher . blocksize = alg - > cra_blocksize ;
rcipher . min_keysize = alg - > cra_cipher . cia_min_keysize ;
rcipher . max_keysize = alg - > cra_cipher . cia_max_keysize ;
2012-04-01 20:19:05 -04:00
if ( nla_put ( skb , CRYPTOCFGA_REPORT_CIPHER ,
sizeof ( struct crypto_report_cipher ) , & rcipher ) )
goto nla_put_failure ;
2011-09-27 07:48:01 +02:00
return 0 ;
nla_put_failure :
return - EMSGSIZE ;
}
2011-09-27 07:48:48 +02:00
static int crypto_report_comp ( struct sk_buff * skb , struct crypto_alg * alg )
{
struct crypto_report_comp rcomp ;
2013-02-05 18:19:13 +01:00
strncpy ( rcomp . type , " compression " , sizeof ( rcomp . type ) ) ;
2012-04-01 20:19:05 -04:00
if ( nla_put ( skb , CRYPTOCFGA_REPORT_COMPRESS ,
sizeof ( struct crypto_report_comp ) , & rcomp ) )
goto nla_put_failure ;
2011-09-27 07:48:48 +02:00
return 0 ;
nla_put_failure :
return - EMSGSIZE ;
}
2015-06-16 10:30:55 -07:00
static int crypto_report_akcipher ( struct sk_buff * skb , struct crypto_alg * alg )
{
struct crypto_report_akcipher rakcipher ;
strncpy ( rakcipher . type , " akcipher " , sizeof ( rakcipher . type ) ) ;
if ( nla_put ( skb , CRYPTOCFGA_REPORT_AKCIPHER ,
sizeof ( struct crypto_report_akcipher ) , & rakcipher ) )
goto nla_put_failure ;
return 0 ;
nla_put_failure :
return - EMSGSIZE ;
}
2011-09-27 07:23:50 +02:00
static int crypto_report_one ( struct crypto_alg * alg ,
struct crypto_user_alg * ualg , struct sk_buff * skb )
{
2013-02-05 18:19:13 +01:00
strncpy ( ualg - > cru_name , alg - > cra_name , sizeof ( ualg - > cru_name ) ) ;
strncpy ( ualg - > cru_driver_name , alg - > cra_driver_name ,
sizeof ( ualg - > cru_driver_name ) ) ;
strncpy ( ualg - > cru_module_name , module_name ( alg - > cra_module ) ,
sizeof ( ualg - > cru_module_name ) ) ;
ualg - > cru_type = 0 ;
ualg - > cru_mask = 0 ;
2011-09-27 07:23:50 +02:00
ualg - > cru_flags = alg - > cra_flags ;
ualg - > cru_refcnt = atomic_read ( & alg - > cra_refcnt ) ;
2012-04-01 20:19:05 -04:00
if ( nla_put_u32 ( skb , CRYPTOCFGA_PRIORITY_VAL , alg - > cra_priority ) )
goto nla_put_failure ;
2011-09-27 07:25:05 +02:00
if ( alg - > cra_flags & CRYPTO_ALG_LARVAL ) {
struct crypto_report_larval rl ;
2013-02-05 18:19:13 +01:00
strncpy ( rl . type , " larval " , sizeof ( rl . type ) ) ;
2012-04-01 20:19:05 -04:00
if ( nla_put ( skb , CRYPTOCFGA_REPORT_LARVAL ,
sizeof ( struct crypto_report_larval ) , & rl ) )
goto nla_put_failure ;
2011-09-27 07:25:05 +02:00
goto out ;
}
2011-09-27 07:24:29 +02:00
if ( alg - > cra_type & & alg - > cra_type - > report ) {
if ( alg - > cra_type - > report ( skb , alg ) )
goto nla_put_failure ;
2011-09-27 07:48:01 +02:00
goto out ;
}
switch ( alg - > cra_flags & ( CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL ) ) {
case CRYPTO_ALG_TYPE_CIPHER :
if ( crypto_report_cipher ( skb , alg ) )
goto nla_put_failure ;
2011-09-27 07:48:48 +02:00
break ;
case CRYPTO_ALG_TYPE_COMPRESS :
if ( crypto_report_comp ( skb , alg ) )
goto nla_put_failure ;
2011-09-27 07:48:01 +02:00
break ;
2015-06-16 10:30:55 -07:00
case CRYPTO_ALG_TYPE_AKCIPHER :
if ( crypto_report_akcipher ( skb , alg ) )
goto nla_put_failure ;
break ;
2011-09-27 07:24:29 +02:00
}
2011-09-27 07:25:05 +02:00
out :
2011-09-27 07:23:50 +02:00
return 0 ;
nla_put_failure :
return - EMSGSIZE ;
}
static int crypto_report_alg ( struct crypto_alg * alg ,
struct crypto_dump_info * info )
{
struct sk_buff * in_skb = info - > in_skb ;
struct sk_buff * skb = info - > out_skb ;
struct nlmsghdr * nlh ;
struct crypto_user_alg * ualg ;
int err = 0 ;
2012-09-07 20:12:54 +00:00
nlh = nlmsg_put ( skb , NETLINK_CB ( in_skb ) . portid , info - > nlmsg_seq ,
2011-09-27 07:23:50 +02:00
CRYPTO_MSG_GETALG , sizeof ( * ualg ) , info - > nlmsg_flags ) ;
if ( ! nlh ) {
err = - EMSGSIZE ;
goto out ;
}
ualg = nlmsg_data ( nlh ) ;
err = crypto_report_one ( alg , ualg , skb ) ;
if ( err ) {
nlmsg_cancel ( skb , nlh ) ;
goto out ;
}
nlmsg_end ( skb , nlh ) ;
out :
return err ;
}
static int crypto_report ( struct sk_buff * in_skb , struct nlmsghdr * in_nlh ,
struct nlattr * * attrs )
{
struct crypto_user_alg * p = nlmsg_data ( in_nlh ) ;
struct crypto_alg * alg ;
struct sk_buff * skb ;
struct crypto_dump_info info ;
int err ;
2013-02-05 18:19:15 +01:00
if ( ! null_terminated ( p - > cru_name ) | | ! null_terminated ( p - > cru_driver_name ) )
return - EINVAL ;
2014-11-20 12:44:32 +08:00
alg = crypto_alg_match ( p , 0 ) ;
2011-09-27 07:23:50 +02:00
if ( ! alg )
return - ENOENT ;
2015-04-07 21:27:01 +08:00
err = - ENOMEM ;
2011-09-27 07:23:50 +02:00
skb = nlmsg_new ( NLMSG_DEFAULT_SIZE , GFP_ATOMIC ) ;
if ( ! skb )
2015-04-07 21:27:01 +08:00
goto drop_alg ;
2011-09-27 07:23:50 +02:00
info . in_skb = in_skb ;
info . out_skb = skb ;
info . nlmsg_seq = in_nlh - > nlmsg_seq ;
info . nlmsg_flags = 0 ;
err = crypto_report_alg ( alg , & info ) ;
2015-04-07 21:27:01 +08:00
drop_alg :
crypto_mod_put ( alg ) ;
2011-09-27 07:23:50 +02:00
if ( err )
return err ;
2012-09-07 20:12:54 +00:00
return nlmsg_unicast ( crypto_nlsk , skb , NETLINK_CB ( in_skb ) . portid ) ;
2011-09-27 07:23:50 +02:00
}
static int crypto_dump_report ( struct sk_buff * skb , struct netlink_callback * cb )
{
struct crypto_alg * alg ;
struct crypto_dump_info info ;
int err ;
if ( cb - > args [ 0 ] )
goto out ;
cb - > args [ 0 ] = 1 ;
info . in_skb = cb - > skb ;
info . out_skb = skb ;
info . nlmsg_seq = cb - > nlh - > nlmsg_seq ;
info . nlmsg_flags = NLM_F_MULTI ;
list_for_each_entry ( alg , & crypto_alg_list , cra_list ) {
err = crypto_report_alg ( alg , & info ) ;
if ( err )
goto out_err ;
}
out :
return skb - > len ;
out_err :
return err ;
}
static int crypto_dump_report_done ( struct netlink_callback * cb )
{
return 0 ;
}
static int crypto_update_alg ( struct sk_buff * skb , struct nlmsghdr * nlh ,
struct nlattr * * attrs )
{
struct crypto_alg * alg ;
struct crypto_user_alg * p = nlmsg_data ( nlh ) ;
struct nlattr * priority = attrs [ CRYPTOCFGA_PRIORITY_VAL ] ;
LIST_HEAD ( list ) ;
2014-06-07 19:44:40 -07:00
if ( ! netlink_capable ( skb , CAP_NET_ADMIN ) )
2014-05-08 21:58:12 +08:00
return - EPERM ;
2013-02-05 18:19:15 +01:00
if ( ! null_terminated ( p - > cru_name ) | | ! null_terminated ( p - > cru_driver_name ) )
return - EINVAL ;
2011-09-27 07:23:50 +02:00
if ( priority & & ! strlen ( p - > cru_driver_name ) )
return - EINVAL ;
alg = crypto_alg_match ( p , 1 ) ;
if ( ! alg )
return - ENOENT ;
down_write ( & crypto_alg_sem ) ;
crypto_remove_spawns ( alg , & list , NULL ) ;
if ( priority )
alg - > cra_priority = nla_get_u32 ( priority ) ;
up_write ( & crypto_alg_sem ) ;
2015-04-07 21:27:01 +08:00
crypto_mod_put ( alg ) ;
2011-09-27 07:23:50 +02:00
crypto_remove_final ( & list ) ;
return 0 ;
}
static int crypto_del_alg ( struct sk_buff * skb , struct nlmsghdr * nlh ,
struct nlattr * * attrs )
{
struct crypto_alg * alg ;
struct crypto_user_alg * p = nlmsg_data ( nlh ) ;
2015-04-07 21:27:01 +08:00
int err ;
2011-09-27 07:23:50 +02:00
2014-06-07 19:44:40 -07:00
if ( ! netlink_capable ( skb , CAP_NET_ADMIN ) )
2014-05-08 21:58:12 +08:00
return - EPERM ;
2013-02-05 18:19:15 +01:00
if ( ! null_terminated ( p - > cru_name ) | | ! null_terminated ( p - > cru_driver_name ) )
return - EINVAL ;
2011-09-27 07:23:50 +02:00
alg = crypto_alg_match ( p , 1 ) ;
if ( ! alg )
return - ENOENT ;
/* We can not unregister core algorithms such as aes-generic.
* We would loose the reference in the crypto_alg_list to this algorithm
* if we try to unregister . Unregistering such an algorithm without
* removing the module is not possible , so we restrict to crypto
* instances that are build from templates . */
2015-04-07 21:27:01 +08:00
err = - EINVAL ;
2011-09-27 07:23:50 +02:00
if ( ! ( alg - > cra_flags & CRYPTO_ALG_INSTANCE ) )
2015-04-07 21:27:01 +08:00
goto drop_alg ;
2011-09-27 07:23:50 +02:00
2015-04-07 21:27:01 +08:00
err = - EBUSY ;
if ( atomic_read ( & alg - > cra_refcnt ) > 2 )
goto drop_alg ;
2011-09-27 07:23:50 +02:00
2015-04-07 21:27:01 +08:00
err = crypto_unregister_instance ( ( struct crypto_instance * ) alg ) ;
drop_alg :
crypto_mod_put ( alg ) ;
return err ;
2011-09-27 07:23:50 +02:00
}
2012-03-29 09:03:47 +02:00
static struct crypto_alg * crypto_user_skcipher_alg ( const char * name , u32 type ,
u32 mask )
{
int err ;
struct crypto_alg * alg ;
type = crypto_skcipher_type ( type ) ;
mask = crypto_skcipher_mask ( mask ) ;
for ( ; ; ) {
alg = crypto_lookup_skcipher ( name , type , mask ) ;
if ( ! IS_ERR ( alg ) )
return alg ;
err = PTR_ERR ( alg ) ;
if ( err ! = - EAGAIN )
break ;
2015-10-19 18:23:57 +08:00
if ( fatal_signal_pending ( current ) ) {
2012-03-29 09:03:47 +02:00
err = - EINTR ;
break ;
}
}
return ERR_PTR ( err ) ;
}
2011-09-27 07:23:50 +02:00
static int crypto_add_alg ( struct sk_buff * skb , struct nlmsghdr * nlh ,
struct nlattr * * attrs )
{
2012-01-29 23:39:22 +01:00
int exact = 0 ;
2011-09-27 07:23:50 +02:00
const char * name ;
struct crypto_alg * alg ;
struct crypto_user_alg * p = nlmsg_data ( nlh ) ;
struct nlattr * priority = attrs [ CRYPTOCFGA_PRIORITY_VAL ] ;
2014-06-07 19:44:40 -07:00
if ( ! netlink_capable ( skb , CAP_NET_ADMIN ) )
2014-05-08 21:58:12 +08:00
return - EPERM ;
2013-02-05 18:19:15 +01:00
if ( ! null_terminated ( p - > cru_name ) | | ! null_terminated ( p - > cru_driver_name ) )
return - EINVAL ;
2011-09-27 07:23:50 +02:00
if ( strlen ( p - > cru_driver_name ) )
exact = 1 ;
if ( priority & & ! exact )
return - EINVAL ;
alg = crypto_alg_match ( p , exact ) ;
2015-04-07 21:27:01 +08:00
if ( alg ) {
crypto_mod_put ( alg ) ;
2011-09-27 07:23:50 +02:00
return - EEXIST ;
2015-04-07 21:27:01 +08:00
}
2011-09-27 07:23:50 +02:00
if ( strlen ( p - > cru_driver_name ) )
name = p - > cru_driver_name ;
else
name = p - > cru_name ;
2012-03-29 09:03:47 +02:00
switch ( p - > cru_type & p - > cru_mask & CRYPTO_ALG_TYPE_MASK ) {
case CRYPTO_ALG_TYPE_GIVCIPHER :
case CRYPTO_ALG_TYPE_BLKCIPHER :
case CRYPTO_ALG_TYPE_ABLKCIPHER :
alg = crypto_user_skcipher_alg ( name , p - > cru_type , p - > cru_mask ) ;
break ;
default :
alg = crypto_alg_mod_lookup ( name , p - > cru_type , p - > cru_mask ) ;
}
2011-09-27 07:23:50 +02:00
if ( IS_ERR ( alg ) )
return PTR_ERR ( alg ) ;
down_write ( & crypto_alg_sem ) ;
if ( priority )
alg - > cra_priority = nla_get_u32 ( priority ) ;
up_write ( & crypto_alg_sem ) ;
crypto_mod_put ( alg ) ;
return 0 ;
}
2015-06-21 19:11:45 +08:00
static int crypto_del_rng ( struct sk_buff * skb , struct nlmsghdr * nlh ,
struct nlattr * * attrs )
{
if ( ! netlink_capable ( skb , CAP_NET_ADMIN ) )
return - EPERM ;
return crypto_del_default_rng ( ) ;
}
2011-09-27 07:23:50 +02:00
# define MSGSIZE(type) sizeof(struct type)
static const int crypto_msg_min [ CRYPTO_NR_MSGTYPES ] = {
[ CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE ] = MSGSIZE ( crypto_user_alg ) ,
[ CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE ] = MSGSIZE ( crypto_user_alg ) ,
[ CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE ] = MSGSIZE ( crypto_user_alg ) ,
2015-06-21 19:11:45 +08:00
[ CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE ] = 0 ,
2011-09-27 07:23:50 +02:00
} ;
static const struct nla_policy crypto_policy [ CRYPTOCFGA_MAX + 1 ] = {
[ CRYPTOCFGA_PRIORITY_VAL ] = { . type = NLA_U32 } ,
} ;
# undef MSGSIZE
2013-02-24 14:09:12 +01:00
static const struct crypto_link {
2011-09-27 07:23:50 +02:00
int ( * doit ) ( struct sk_buff * , struct nlmsghdr * , struct nlattr * * ) ;
int ( * dump ) ( struct sk_buff * , struct netlink_callback * ) ;
int ( * done ) ( struct netlink_callback * ) ;
} crypto_dispatch [ CRYPTO_NR_MSGTYPES ] = {
[ CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE ] = { . doit = crypto_add_alg } ,
[ CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE ] = { . doit = crypto_del_alg } ,
[ CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE ] = { . doit = crypto_update_alg } ,
[ CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE ] = { . doit = crypto_report ,
. dump = crypto_dump_report ,
. done = crypto_dump_report_done } ,
2015-06-21 19:11:45 +08:00
[ CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE ] = { . doit = crypto_del_rng } ,
2011-09-27 07:23:50 +02:00
} ;
static int crypto_user_rcv_msg ( struct sk_buff * skb , struct nlmsghdr * nlh )
{
struct nlattr * attrs [ CRYPTOCFGA_MAX + 1 ] ;
2013-02-24 14:09:12 +01:00
const struct crypto_link * link ;
2011-09-27 07:23:50 +02:00
int type , err ;
type = nlh - > nlmsg_type ;
if ( type > CRYPTO_MSG_MAX )
return - EINVAL ;
type - = CRYPTO_MSG_BASE ;
link = & crypto_dispatch [ type ] ;
if ( ( type = = ( CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE ) & &
( nlh - > nlmsg_flags & NLM_F_DUMP ) ) ) {
2012-03-29 09:04:46 +02:00
struct crypto_alg * alg ;
u16 dump_alloc = 0 ;
2011-09-27 07:23:50 +02:00
if ( link - > dump = = NULL )
return - EINVAL ;
2012-03-29 09:04:46 +02:00
2016-02-01 14:27:30 +01:00
down_read ( & crypto_alg_sem ) ;
2012-03-29 09:04:46 +02:00
list_for_each_entry ( alg , & crypto_alg_list , cra_list )
dump_alloc + = CRYPTO_REPORT_MAXSIZE ;
2012-02-24 14:30:15 +00:00
{
struct netlink_dump_control c = {
. dump = link - > dump ,
. done = link - > done ,
2012-03-29 09:04:46 +02:00
. min_dump_alloc = dump_alloc ,
2012-02-24 14:30:15 +00:00
} ;
2016-02-01 14:27:30 +01:00
err = netlink_dump_start ( crypto_nlsk , skb , nlh , & c ) ;
2012-02-24 14:30:15 +00:00
}
2016-02-01 14:27:30 +01:00
up_read ( & crypto_alg_sem ) ;
return err ;
2011-09-27 07:23:50 +02:00
}
err = nlmsg_parse ( nlh , crypto_msg_min [ type ] , attrs , CRYPTOCFGA_MAX ,
crypto_policy ) ;
if ( err < 0 )
return err ;
if ( link - > doit = = NULL )
return - EINVAL ;
return link - > doit ( skb , nlh , attrs ) ;
}
static void crypto_netlink_rcv ( struct sk_buff * skb )
{
mutex_lock ( & crypto_cfg_mutex ) ;
netlink_rcv_skb ( skb , & crypto_user_rcv_msg ) ;
mutex_unlock ( & crypto_cfg_mutex ) ;
}
static int __init crypto_user_init ( void )
{
2012-06-29 06:15:21 +00:00
struct netlink_kernel_cfg cfg = {
. input = crypto_netlink_rcv ,
} ;
2012-09-08 02:53:54 +00:00
crypto_nlsk = netlink_kernel_create ( & init_net , NETLINK_CRYPTO , & cfg ) ;
2011-09-27 07:23:50 +02:00
if ( ! crypto_nlsk )
return - ENOMEM ;
return 0 ;
}
static void __exit crypto_user_exit ( void )
{
netlink_kernel_release ( crypto_nlsk ) ;
}
module_init ( crypto_user_init ) ;
module_exit ( crypto_user_exit ) ;
MODULE_LICENSE ( " GPL " ) ;
MODULE_AUTHOR ( " Steffen Klassert <steffen.klassert@secunet.com> " ) ;
MODULE_DESCRIPTION ( " Crypto userspace configuration API " ) ;
2014-11-24 17:12:45 +01:00
MODULE_ALIAS ( " net-pf-16-proto-21 " ) ;