0001
0002
0003
0004
0005
0006
0007
0008
0009 #include <linux/module.h>
0010 #include <linux/crypto.h>
0011 #include <linux/cryptouser.h>
0012 #include <linux/sched.h>
0013 #include <linux/security.h>
0014 #include <net/netlink.h>
0015 #include <net/net_namespace.h>
0016 #include <net/sock.h>
0017 #include <crypto/internal/skcipher.h>
0018 #include <crypto/internal/rng.h>
0019 #include <crypto/akcipher.h>
0020 #include <crypto/kpp.h>
0021 #include <crypto/internal/cryptouser.h>
0022
0023 #include "internal.h"
0024
0025 #define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
0026
0027 static DEFINE_MUTEX(crypto_cfg_mutex);
0028
0029 struct crypto_dump_info {
0030 struct sk_buff *in_skb;
0031 struct sk_buff *out_skb;
0032 u32 nlmsg_seq;
0033 u16 nlmsg_flags;
0034 };
0035
0036 struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact)
0037 {
0038 struct crypto_alg *q, *alg = NULL;
0039
0040 down_read(&crypto_alg_sem);
0041
0042 list_for_each_entry(q, &crypto_alg_list, cra_list) {
0043 int match = 0;
0044
0045 if (crypto_is_larval(q))
0046 continue;
0047
0048 if ((q->cra_flags ^ p->cru_type) & p->cru_mask)
0049 continue;
0050
0051 if (strlen(p->cru_driver_name))
0052 match = !strcmp(q->cra_driver_name,
0053 p->cru_driver_name);
0054 else if (!exact)
0055 match = !strcmp(q->cra_name, p->cru_name);
0056
0057 if (!match)
0058 continue;
0059
0060 if (unlikely(!crypto_mod_get(q)))
0061 continue;
0062
0063 alg = q;
0064 break;
0065 }
0066
0067 up_read(&crypto_alg_sem);
0068
0069 return alg;
0070 }
0071
0072 static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg)
0073 {
0074 struct crypto_report_cipher rcipher;
0075
0076 memset(&rcipher, 0, sizeof(rcipher));
0077
0078 strscpy(rcipher.type, "cipher", sizeof(rcipher.type));
0079
0080 rcipher.blocksize = alg->cra_blocksize;
0081 rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
0082 rcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
0083
0084 return nla_put(skb, CRYPTOCFGA_REPORT_CIPHER,
0085 sizeof(rcipher), &rcipher);
0086 }
0087
0088 static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
0089 {
0090 struct crypto_report_comp rcomp;
0091
0092 memset(&rcomp, 0, sizeof(rcomp));
0093
0094 strscpy(rcomp.type, "compression", sizeof(rcomp.type));
0095
0096 return nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(rcomp), &rcomp);
0097 }
0098
0099 static int crypto_report_one(struct crypto_alg *alg,
0100 struct crypto_user_alg *ualg, struct sk_buff *skb)
0101 {
0102 memset(ualg, 0, sizeof(*ualg));
0103
0104 strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
0105 strscpy(ualg->cru_driver_name, alg->cra_driver_name,
0106 sizeof(ualg->cru_driver_name));
0107 strscpy(ualg->cru_module_name, module_name(alg->cra_module),
0108 sizeof(ualg->cru_module_name));
0109
0110 ualg->cru_type = 0;
0111 ualg->cru_mask = 0;
0112 ualg->cru_flags = alg->cra_flags;
0113 ualg->cru_refcnt = refcount_read(&alg->cra_refcnt);
0114
0115 if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority))
0116 goto nla_put_failure;
0117 if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
0118 struct crypto_report_larval rl;
0119
0120 memset(&rl, 0, sizeof(rl));
0121 strscpy(rl.type, "larval", sizeof(rl.type));
0122 if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, sizeof(rl), &rl))
0123 goto nla_put_failure;
0124 goto out;
0125 }
0126
0127 if (alg->cra_type && alg->cra_type->report) {
0128 if (alg->cra_type->report(skb, alg))
0129 goto nla_put_failure;
0130
0131 goto out;
0132 }
0133
0134 switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) {
0135 case CRYPTO_ALG_TYPE_CIPHER:
0136 if (crypto_report_cipher(skb, alg))
0137 goto nla_put_failure;
0138
0139 break;
0140 case CRYPTO_ALG_TYPE_COMPRESS:
0141 if (crypto_report_comp(skb, alg))
0142 goto nla_put_failure;
0143
0144 break;
0145 }
0146
0147 out:
0148 return 0;
0149
0150 nla_put_failure:
0151 return -EMSGSIZE;
0152 }
0153
0154 static int crypto_report_alg(struct crypto_alg *alg,
0155 struct crypto_dump_info *info)
0156 {
0157 struct sk_buff *in_skb = info->in_skb;
0158 struct sk_buff *skb = info->out_skb;
0159 struct nlmsghdr *nlh;
0160 struct crypto_user_alg *ualg;
0161 int err = 0;
0162
0163 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, info->nlmsg_seq,
0164 CRYPTO_MSG_GETALG, sizeof(*ualg), info->nlmsg_flags);
0165 if (!nlh) {
0166 err = -EMSGSIZE;
0167 goto out;
0168 }
0169
0170 ualg = nlmsg_data(nlh);
0171
0172 err = crypto_report_one(alg, ualg, skb);
0173 if (err) {
0174 nlmsg_cancel(skb, nlh);
0175 goto out;
0176 }
0177
0178 nlmsg_end(skb, nlh);
0179
0180 out:
0181 return err;
0182 }
0183
0184 static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
0185 struct nlattr **attrs)
0186 {
0187 struct net *net = sock_net(in_skb->sk);
0188 struct crypto_user_alg *p = nlmsg_data(in_nlh);
0189 struct crypto_alg *alg;
0190 struct sk_buff *skb;
0191 struct crypto_dump_info info;
0192 int err;
0193
0194 if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
0195 return -EINVAL;
0196
0197 alg = crypto_alg_match(p, 0);
0198 if (!alg)
0199 return -ENOENT;
0200
0201 err = -ENOMEM;
0202 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
0203 if (!skb)
0204 goto drop_alg;
0205
0206 info.in_skb = in_skb;
0207 info.out_skb = skb;
0208 info.nlmsg_seq = in_nlh->nlmsg_seq;
0209 info.nlmsg_flags = 0;
0210
0211 err = crypto_report_alg(alg, &info);
0212
0213 drop_alg:
0214 crypto_mod_put(alg);
0215
0216 if (err) {
0217 kfree_skb(skb);
0218 return err;
0219 }
0220
0221 return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
0222 }
0223
0224 static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb)
0225 {
0226 const size_t start_pos = cb->args[0];
0227 size_t pos = 0;
0228 struct crypto_dump_info info;
0229 struct crypto_alg *alg;
0230 int res;
0231
0232 info.in_skb = cb->skb;
0233 info.out_skb = skb;
0234 info.nlmsg_seq = cb->nlh->nlmsg_seq;
0235 info.nlmsg_flags = NLM_F_MULTI;
0236
0237 down_read(&crypto_alg_sem);
0238 list_for_each_entry(alg, &crypto_alg_list, cra_list) {
0239 if (pos >= start_pos) {
0240 res = crypto_report_alg(alg, &info);
0241 if (res == -EMSGSIZE)
0242 break;
0243 if (res)
0244 goto out;
0245 }
0246 pos++;
0247 }
0248 cb->args[0] = pos;
0249 res = skb->len;
0250 out:
0251 up_read(&crypto_alg_sem);
0252 return res;
0253 }
0254
0255 static int crypto_dump_report_done(struct netlink_callback *cb)
0256 {
0257 return 0;
0258 }
0259
0260 static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
0261 struct nlattr **attrs)
0262 {
0263 struct crypto_alg *alg;
0264 struct crypto_user_alg *p = nlmsg_data(nlh);
0265 struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
0266 LIST_HEAD(list);
0267
0268 if (!netlink_capable(skb, CAP_NET_ADMIN))
0269 return -EPERM;
0270
0271 if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
0272 return -EINVAL;
0273
0274 if (priority && !strlen(p->cru_driver_name))
0275 return -EINVAL;
0276
0277 alg = crypto_alg_match(p, 1);
0278 if (!alg)
0279 return -ENOENT;
0280
0281 down_write(&crypto_alg_sem);
0282
0283 crypto_remove_spawns(alg, &list, NULL);
0284
0285 if (priority)
0286 alg->cra_priority = nla_get_u32(priority);
0287
0288 up_write(&crypto_alg_sem);
0289
0290 crypto_mod_put(alg);
0291 crypto_remove_final(&list);
0292
0293 return 0;
0294 }
0295
0296 static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
0297 struct nlattr **attrs)
0298 {
0299 struct crypto_alg *alg;
0300 struct crypto_user_alg *p = nlmsg_data(nlh);
0301 int err;
0302
0303 if (!netlink_capable(skb, CAP_NET_ADMIN))
0304 return -EPERM;
0305
0306 if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
0307 return -EINVAL;
0308
0309 alg = crypto_alg_match(p, 1);
0310 if (!alg)
0311 return -ENOENT;
0312
0313
0314
0315
0316
0317
0318 err = -EINVAL;
0319 if (!(alg->cra_flags & CRYPTO_ALG_INSTANCE))
0320 goto drop_alg;
0321
0322 err = -EBUSY;
0323 if (refcount_read(&alg->cra_refcnt) > 2)
0324 goto drop_alg;
0325
0326 crypto_unregister_instance((struct crypto_instance *)alg);
0327 err = 0;
0328
0329 drop_alg:
0330 crypto_mod_put(alg);
0331 return err;
0332 }
0333
0334 static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
0335 struct nlattr **attrs)
0336 {
0337 int exact = 0;
0338 const char *name;
0339 struct crypto_alg *alg;
0340 struct crypto_user_alg *p = nlmsg_data(nlh);
0341 struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
0342
0343 if (!netlink_capable(skb, CAP_NET_ADMIN))
0344 return -EPERM;
0345
0346 if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
0347 return -EINVAL;
0348
0349 if (strlen(p->cru_driver_name))
0350 exact = 1;
0351
0352 if (priority && !exact)
0353 return -EINVAL;
0354
0355 alg = crypto_alg_match(p, exact);
0356 if (alg) {
0357 crypto_mod_put(alg);
0358 return -EEXIST;
0359 }
0360
0361 if (strlen(p->cru_driver_name))
0362 name = p->cru_driver_name;
0363 else
0364 name = p->cru_name;
0365
0366 alg = crypto_alg_mod_lookup(name, p->cru_type, p->cru_mask);
0367 if (IS_ERR(alg))
0368 return PTR_ERR(alg);
0369
0370 down_write(&crypto_alg_sem);
0371
0372 if (priority)
0373 alg->cra_priority = nla_get_u32(priority);
0374
0375 up_write(&crypto_alg_sem);
0376
0377 crypto_mod_put(alg);
0378
0379 return 0;
0380 }
0381
0382 static int crypto_del_rng(struct sk_buff *skb, struct nlmsghdr *nlh,
0383 struct nlattr **attrs)
0384 {
0385 if (!netlink_capable(skb, CAP_NET_ADMIN))
0386 return -EPERM;
0387 return crypto_del_default_rng();
0388 }
0389
0390 #define MSGSIZE(type) sizeof(struct type)
0391
0392 static const int crypto_msg_min[CRYPTO_NR_MSGTYPES] = {
0393 [CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
0394 [CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
0395 [CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
0396 [CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
0397 [CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = 0,
0398 [CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
0399 };
0400
0401 static const struct nla_policy crypto_policy[CRYPTOCFGA_MAX+1] = {
0402 [CRYPTOCFGA_PRIORITY_VAL] = { .type = NLA_U32},
0403 };
0404
0405 #undef MSGSIZE
0406
0407 static const struct crypto_link {
0408 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
0409 int (*dump)(struct sk_buff *, struct netlink_callback *);
0410 int (*done)(struct netlink_callback *);
0411 } crypto_dispatch[CRYPTO_NR_MSGTYPES] = {
0412 [CRYPTO_MSG_NEWALG - CRYPTO_MSG_BASE] = { .doit = crypto_add_alg},
0413 [CRYPTO_MSG_DELALG - CRYPTO_MSG_BASE] = { .doit = crypto_del_alg},
0414 [CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = { .doit = crypto_update_alg},
0415 [CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = { .doit = crypto_report,
0416 .dump = crypto_dump_report,
0417 .done = crypto_dump_report_done},
0418 [CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = { .doit = crypto_del_rng },
0419 [CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = { .doit = crypto_reportstat},
0420 };
0421
0422 static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
0423 struct netlink_ext_ack *extack)
0424 {
0425 struct net *net = sock_net(skb->sk);
0426 struct nlattr *attrs[CRYPTOCFGA_MAX+1];
0427 const struct crypto_link *link;
0428 int type, err;
0429
0430 type = nlh->nlmsg_type;
0431 if (type > CRYPTO_MSG_MAX)
0432 return -EINVAL;
0433
0434 type -= CRYPTO_MSG_BASE;
0435 link = &crypto_dispatch[type];
0436
0437 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
0438 (nlh->nlmsg_flags & NLM_F_DUMP))) {
0439 struct crypto_alg *alg;
0440 unsigned long dump_alloc = 0;
0441
0442 if (link->dump == NULL)
0443 return -EINVAL;
0444
0445 down_read(&crypto_alg_sem);
0446 list_for_each_entry(alg, &crypto_alg_list, cra_list)
0447 dump_alloc += CRYPTO_REPORT_MAXSIZE;
0448 up_read(&crypto_alg_sem);
0449
0450 {
0451 struct netlink_dump_control c = {
0452 .dump = link->dump,
0453 .done = link->done,
0454 .min_dump_alloc = min(dump_alloc, 65535UL),
0455 };
0456 err = netlink_dump_start(net->crypto_nlsk, skb, nlh, &c);
0457 }
0458
0459 return err;
0460 }
0461
0462 err = nlmsg_parse_deprecated(nlh, crypto_msg_min[type], attrs,
0463 CRYPTOCFGA_MAX, crypto_policy, extack);
0464 if (err < 0)
0465 return err;
0466
0467 if (link->doit == NULL)
0468 return -EINVAL;
0469
0470 return link->doit(skb, nlh, attrs);
0471 }
0472
0473 static void crypto_netlink_rcv(struct sk_buff *skb)
0474 {
0475 mutex_lock(&crypto_cfg_mutex);
0476 netlink_rcv_skb(skb, &crypto_user_rcv_msg);
0477 mutex_unlock(&crypto_cfg_mutex);
0478 }
0479
0480 static int __net_init crypto_netlink_init(struct net *net)
0481 {
0482 struct netlink_kernel_cfg cfg = {
0483 .input = crypto_netlink_rcv,
0484 };
0485
0486 net->crypto_nlsk = netlink_kernel_create(net, NETLINK_CRYPTO, &cfg);
0487 return net->crypto_nlsk == NULL ? -ENOMEM : 0;
0488 }
0489
0490 static void __net_exit crypto_netlink_exit(struct net *net)
0491 {
0492 netlink_kernel_release(net->crypto_nlsk);
0493 net->crypto_nlsk = NULL;
0494 }
0495
0496 static struct pernet_operations crypto_netlink_net_ops = {
0497 .init = crypto_netlink_init,
0498 .exit = crypto_netlink_exit,
0499 };
0500
0501 static int __init crypto_user_init(void)
0502 {
0503 return register_pernet_subsys(&crypto_netlink_net_ops);
0504 }
0505
0506 static void __exit crypto_user_exit(void)
0507 {
0508 unregister_pernet_subsys(&crypto_netlink_net_ops);
0509 }
0510
0511 module_init(crypto_user_init);
0512 module_exit(crypto_user_exit);
0513 MODULE_LICENSE("GPL");
0514 MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
0515 MODULE_DESCRIPTION("Crypto userspace configuration API");
0516 MODULE_ALIAS("net-pf-16-proto-21");
