crypto_user_base.c source code [linux/crypto/crypto_user_base.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Crypto user configuration API.
4	*
5	* Copyright (C) 2011 secunet Security Networks AG
6	* Copyright (C) 2011 Steffen Klassert <steffen.klassert@secunet.com>
7	*/
8
9	#include <linux/module.h>
10	#include <linux/crypto.h>
11	#include <linux/cryptouser.h>
12	#include <linux/sched.h>
13	#include <linux/security.h>
14	#include <net/netlink.h>
15	#include <net/net_namespace.h>
16	#include <net/sock.h>
17	#include <crypto/internal/skcipher.h>
18	#include <crypto/internal/rng.h>
19	#include <crypto/akcipher.h>
20	#include <crypto/kpp.h>
21	#include <crypto/internal/cryptouser.h>
22
23	#include "internal.h"
24
25	#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
26
27	static DEFINE_MUTEX(crypto_cfg_mutex);
28
29	struct crypto_dump_info {
30	struct sk_buff *in_skb;
31	struct sk_buff *out_skb;
32	u32 nlmsg_seq;
33	u16 nlmsg_flags;
34	};
35
36	struct crypto_alg crypto_alg_match(struct* crypto_user_alg p, int* exact)
37	{
38	struct crypto_alg q, alg = NULL;
39
40	down_read(sem: &crypto_alg_sem);
41
42	list_for_each_entry(q, &crypto_alg_list, cra_list) {
43	int match = `0`;
44
45	if (crypto_is_larval(alg: q))
46	continue;
47
48	if ((q->cra_flags ^ p->cru_type) & p->cru_mask)
49	continue;
50
51	if (strlen(p->cru_driver_name))
52	match = !strcmp(q->cra_driver_name,
53	p->cru_driver_name);
54	else if (!exact)
55	match = !strcmp(q->cra_name, p->cru_name);
56
57	if (!match)
58	continue;
59
60	if (unlikely(!crypto_mod_get(q)))
61	continue;
62
63	alg = q;
64	break;
65	}
66
67	up_read(sem: &crypto_alg_sem);
68
69	return alg;
70	}
71
72	static int crypto_report_cipher(struct sk_buff skb, struct* crypto_alg *alg)
73	{
74	struct crypto_report_cipher rcipher;
75
76	memset(&rcipher, `0`, sizeof(rcipher));
77
78	strscpy(p: rcipher.type, q: "cipher", size: sizeof(rcipher.type));
79
80	rcipher.blocksize = alg->cra_blocksize;
81	rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
82	rcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
83
84	return nla_put(skb, attrtype: CRYPTOCFGA_REPORT_CIPHER,
85	attrlen: sizeof(rcipher), data: &rcipher);
86	}
87
88	static int crypto_report_comp(struct sk_buff skb, struct* crypto_alg *alg)
89	{
90	struct crypto_report_comp rcomp;
91
92	memset(&rcomp, `0`, sizeof(rcomp));
93
94	strscpy(p: rcomp.type, q: "compression", size: sizeof(rcomp.type));
95
96	return nla_put(skb, attrtype: CRYPTOCFGA_REPORT_COMPRESS, attrlen: sizeof(rcomp), data: &rcomp);
97	}
98
99	static int crypto_report_one(struct crypto_alg *alg,
100	struct crypto_user_alg ualg, struct* sk_buff *skb)
101	{
102	memset(ualg, `0`, sizeof(*ualg));
103
104	strscpy(p: ualg->cru_name, q: alg->cra_name, size: sizeof(ualg->cru_name));
105	strscpy(p: ualg->cru_driver_name, q: alg->cra_driver_name,
106	size: sizeof(ualg->cru_driver_name));
107	strscpy(p: ualg->cru_module_name, module_name(alg->cra_module),
108	size: sizeof(ualg->cru_module_name));
109
110	ualg->cru_type = `0`;
111	ualg->cru_mask = `0`;
112	ualg->cru_flags = alg->cra_flags;
113	ualg->cru_refcnt = refcount_read(r: &alg->cra_refcnt);
114
115	if (nla_put_u32(skb, attrtype: CRYPTOCFGA_PRIORITY_VAL, value: alg->cra_priority))
116	goto nla_put_failure;
117	if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
118	struct crypto_report_larval rl;
119
120	memset(&rl, `0`, sizeof(rl));
121	strscpy(p: rl.type, q: "larval", size: sizeof(rl.type));
122	if (nla_put(skb, attrtype: CRYPTOCFGA_REPORT_LARVAL, attrlen: sizeof(rl), data: &rl))
123	goto nla_put_failure;
124	goto out;
125	}
126
127	if (alg->cra_type && alg->cra_type->report) {
128	if (alg->cra_type->report(skb, alg))
129	goto nla_put_failure;
130
131	goto out;
132	}
133
134	switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_LARVAL)) {
135	case CRYPTO_ALG_TYPE_CIPHER:
136	if (crypto_report_cipher(skb, alg))
137	goto nla_put_failure;
138
139	break;
140	case CRYPTO_ALG_TYPE_COMPRESS:
141	if (crypto_report_comp(skb, alg))
142	goto nla_put_failure;
143
144	break;
145	}
146
147	out:
148	return `0`;
149
150	nla_put_failure:
151	return -EMSGSIZE;
152	}
153
154	static int crypto_report_alg(struct crypto_alg *alg,
155	struct crypto_dump_info *info)
156	{
157	struct sk_buff *in_skb = info->in_skb;
158	struct sk_buff *skb = info->out_skb;
159	struct nlmsghdr *nlh;
160	struct crypto_user_alg *ualg;
161	int err = `0`;
162
163	nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, seq: info->nlmsg_seq,
164	type: CRYPTO_MSG_GETALG, payload: sizeof(*ualg), flags: info->nlmsg_flags);
165	if (!nlh) {
166	err = -EMSGSIZE;
167	goto out;
168	}
169
170	ualg = nlmsg_data(nlh);
171
172	err = crypto_report_one(alg, ualg, skb);
173	if (err) {
174	nlmsg_cancel(skb, nlh);
175	goto out;
176	}
177
178	nlmsg_end(skb, nlh);
179
180	out:
181	return err;
182	}
183
184	static int crypto_report(struct sk_buff in_skb, struct* nlmsghdr *in_nlh,
185	struct nlattr **attrs)
186	{
187	struct net *net = sock_net(sk: in_skb->sk);
188	struct crypto_user_alg *p = nlmsg_data(nlh: in_nlh);
189	struct crypto_alg *alg;
190	struct sk_buff *skb;
191	struct crypto_dump_info info;
192	int err;
193
194	if (!null_terminated(p->cru_name) \|\| !null_terminated(p->cru_driver_name))
195	return -EINVAL;
196
197	alg = crypto_alg_match(p, exact: `0`);
198	if (!alg)
199	return -ENOENT;
200
201	err = -ENOMEM;
202	skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
203	if (!skb)
204	goto drop_alg;
205
206	info.in_skb = in_skb;
207	info.out_skb = skb;
208	info.nlmsg_seq = in_nlh->nlmsg_seq;
209	info.nlmsg_flags = `0`;
210
211	err = crypto_report_alg(alg, info: &info);
212
213	drop_alg:
214	crypto_mod_put(alg);
215
216	if (err) {
217	kfree_skb(skb);
218	return err;
219	}
220
221	return nlmsg_unicast(sk: net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
222	}
223
224	static int crypto_dump_report(struct sk_buff skb, struct* netlink_callback *cb)
225	{
226	const size_t start_pos = cb->args[`0`];
227	size_t pos = `0`;
228	struct crypto_dump_info info;
229	struct crypto_alg *alg;
230	int res;
231
232	info.in_skb = cb->skb;
233	info.out_skb = skb;
234	info.nlmsg_seq = cb->nlh->nlmsg_seq;
235	info.nlmsg_flags = NLM_F_MULTI;
236
237	down_read(sem: &crypto_alg_sem);
238	list_for_each_entry(alg, &crypto_alg_list, cra_list) {
239	if (pos >= start_pos) {
240	res = crypto_report_alg(alg, info: &info);
241	if (res == -EMSGSIZE)
242	break;
243	if (res)
244	goto out;
245	}
246	pos++;
247	}
248	cb->args[`0`] = pos;
249	res = skb->len;
250	out:
251	up_read(sem: &crypto_alg_sem);
252	return res;
253	}
254
255	static int crypto_dump_report_done(struct netlink_callback *cb)
256	{
257	return `0`;
258	}
259
260	static int crypto_update_alg(struct sk_buff skb, struct* nlmsghdr *nlh,
261	struct nlattr **attrs)
262	{
263	struct crypto_alg *alg;
264	struct crypto_user_alg *p = nlmsg_data(nlh);
265	struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
266	LIST_HEAD(list);
267
268	if (!netlink_capable(skb, CAP_NET_ADMIN))
269	return -EPERM;
270
271	if (!null_terminated(p->cru_name) \|\| !null_terminated(p->cru_driver_name))
272	return -EINVAL;
273
274	if (priority && !strlen(p->cru_driver_name))
275	return -EINVAL;
276
277	alg = crypto_alg_match(p, exact: `1`);
278	if (!alg)
279	return -ENOENT;
280
281	down_write(sem: &crypto_alg_sem);
282
283	crypto_remove_spawns(alg, list: &list, NULL);
284
285	if (priority)
286	alg->cra_priority = nla_get_u32(nla: priority);
287
288	up_write(sem: &crypto_alg_sem);
289
290	crypto_mod_put(alg);
291	crypto_remove_final(list: &list);
292
293	return `0`;
294	}
295
296	static int crypto_del_alg(struct sk_buff skb, struct* nlmsghdr *nlh,
297	struct nlattr **attrs)
298	{
299	struct crypto_alg *alg;
300	struct crypto_user_alg *p = nlmsg_data(nlh);
301	int err;
302
303	if (!netlink_capable(skb, CAP_NET_ADMIN))
304	return -EPERM;
305
306	if (!null_terminated(p->cru_name) \|\| !null_terminated(p->cru_driver_name))
307	return -EINVAL;
308
309	alg = crypto_alg_match(p, exact: `1`);
310	if (!alg)
311	return -ENOENT;
312
313	/ We can not unregister core algorithms such as aes-generic.*
314	* We would loose the reference in the crypto_alg_list to this algorithm
315	* if we try to unregister. Unregistering such an algorithm without
316	* removing the module is not possible, so we restrict to crypto
317	* instances that are build from templates. */
318	err = -EINVAL;
319	if (!(alg->cra_flags & CRYPTO_ALG_INSTANCE))
320	goto drop_alg;
321
322	err = -EBUSY;
323	if (refcount_read(r: &alg->cra_refcnt) > `2`)
324	goto drop_alg;
325
326	crypto_unregister_instance(inst: (struct crypto_instance *)alg);
327	err = `0`;
328
329	drop_alg:
330	crypto_mod_put(alg);
331	return err;
332	}
333
334	static int crypto_add_alg(struct sk_buff skb, struct* nlmsghdr *nlh,
335	struct nlattr **attrs)
336	{
337	int exact = `0`;
338	const char *name;
339	struct crypto_alg *alg;
340	struct crypto_user_alg *p = nlmsg_data(nlh);
341	struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
342
343	if (!netlink_capable(skb, CAP_NET_ADMIN))
344	return -EPERM;
345
346	if (!null_terminated(p->cru_name) \|\| !null_terminated(p->cru_driver_name))
347	return -EINVAL;
348
349	if (strlen(p->cru_driver_name))
350	exact = `1`;
351
352	if (priority && !exact)
353	return -EINVAL;
354
355	alg = crypto_alg_match(p, exact);
356	if (alg) {
357	crypto_mod_put(alg);
358	return -EEXIST;
359	}
360
361	if (strlen(p->cru_driver_name))
362	name = p->cru_driver_name;
363	else
364	name = p->cru_name;
365
366	alg = crypto_alg_mod_lookup(name, type: p->cru_type, mask: p->cru_mask);
367	if (IS_ERR(ptr: alg))
368	return PTR_ERR(ptr: alg);
369
370	down_write(sem: &crypto_alg_sem);
371
372	if (priority)
373	alg->cra_priority = nla_get_u32(nla: priority);
374
375	up_write(sem: &crypto_alg_sem);
376
377	crypto_mod_put(alg);
378
379	return `0`;
380	}
381
382	static int crypto_del_rng(struct sk_buff skb, struct* nlmsghdr *nlh,
383	struct nlattr **attrs)
384	{
385	if (!netlink_capable(skb, CAP_NET_ADMIN))
386	return -EPERM;
387	return crypto_del_default_rng();
388	}
389
390	#define MSGSIZE(type) sizeof(struct type)
391
392	static const int crypto_msg_min[CRYPTO_NR_MSGTYPES] = {
393	[CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
394	[CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
395	[CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
396	[CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
397	[CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = `0`,
398	[CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
399	};
400
401	static const struct nla_policy crypto_policy[CRYPTOCFGA_MAX+`1`] = {
402	[CRYPTOCFGA_PRIORITY_VAL] = { .type = NLA_U32},
403	};
404
405	#undef MSGSIZE
406
407	static const struct crypto_link {
408	int (doit)(struct* sk_buff , struct* nlmsghdr , struct* nlattr **);
409	int (dump)(struct* sk_buff , struct* netlink_callback *);
410	int (done)(struct* netlink_callback *);
411	} crypto_dispatch[CRYPTO_NR_MSGTYPES] = {
412	[CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE] = { .doit = crypto_add_alg},
413	[CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE] = { .doit = crypto_del_alg},
414	[CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = { .doit = crypto_update_alg},
415	[CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = { .doit = crypto_report,
416	.dump = crypto_dump_report,
417	.done = crypto_dump_report_done},
418	[CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = { .doit = crypto_del_rng },
419	[CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = { .doit = crypto_reportstat},
420	};
421
422	static int crypto_user_rcv_msg(struct sk_buff skb, struct* nlmsghdr *nlh,
423	struct netlink_ext_ack *extack)
424	{
425	struct net *net = sock_net(sk: skb->sk);
426	struct nlattr *attrs[CRYPTOCFGA_MAX+`1`];
427	const struct crypto_link *link;
428	int type, err;
429
430	type = nlh->nlmsg_type;
431	if (type > CRYPTO_MSG_MAX)
432	return -EINVAL;
433
434	type -= CRYPTO_MSG_BASE;
435	link = &crypto_dispatch[type];
436
437	if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
438	(nlh->nlmsg_flags & NLM_F_DUMP))) {
439	struct crypto_alg *alg;
440	unsigned long dump_alloc = `0`;
441
442	if (link->dump == NULL)
443	return -EINVAL;
444
445	down_read(sem: &crypto_alg_sem);
446	list_for_each_entry(alg, &crypto_alg_list, cra_list)
447	dump_alloc += CRYPTO_REPORT_MAXSIZE;
448	up_read(sem: &crypto_alg_sem);
449
450	{
451	struct netlink_dump_control c = {
452	.dump = link->dump,
453	.done = link->done,
454	.min_dump_alloc = min(dump_alloc, `65535UL`),
455	};
456	err = netlink_dump_start(ssk: net->crypto_nlsk, skb, nlh, control: &c);
457	}
458
459	return err;
460	}
461
462	err = nlmsg_parse_deprecated(nlh, hdrlen: crypto_msg_min[type], tb: attrs,
463	CRYPTOCFGA_MAX, policy: crypto_policy, extack);
464	if (err < `0`)
465	return err;
466
467	if (link->doit == NULL)
468	return -EINVAL;
469
470	return link->doit(skb, nlh, attrs);
471	}
472
473	static void crypto_netlink_rcv(struct sk_buff *skb)
474	{
475	mutex_lock(&crypto_cfg_mutex);
476	netlink_rcv_skb(skb, cb: &crypto_user_rcv_msg);
477	mutex_unlock(lock: &crypto_cfg_mutex);
478	}
479
480	static int __net_init crypto_netlink_init(struct net *net)
481	{
482	struct netlink_kernel_cfg cfg = {
483	.input = crypto_netlink_rcv,
484	};
485
486	net->crypto_nlsk = netlink_kernel_create(net, NETLINK_CRYPTO, cfg: &cfg);
487	return net->crypto_nlsk == NULL ? -ENOMEM : `0`;
488	}
489
490	static void __net_exit crypto_netlink_exit(struct net *net)
491	{
492	netlink_kernel_release(sk: net->crypto_nlsk);
493	net->crypto_nlsk = NULL;
494	}
495
496	static struct pernet_operations crypto_netlink_net_ops = {
497	.init = crypto_netlink_init,
498	.exit = crypto_netlink_exit,
499	};
500
501	static int __init crypto_user_init(void)
502	{
503	return register_pernet_subsys(&crypto_netlink_net_ops);
504	}
505
506	static void __exit crypto_user_exit(void)
507	{
508	unregister_pernet_subsys(&crypto_netlink_net_ops);
509	}
510
511	module_init(crypto_user_init);
512	module_exit(crypto_user_exit);
513	MODULE_LICENSE("GPL");
514	MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
515	MODULE_DESCRIPTION("Crypto userspace configuration API");
516	MODULE_ALIAS("net-pf-16-proto-21");
517

source code of linux/crypto/crypto_user_base.c