summaryrefslogtreecommitdiffstats
path: root/crypto/af_alg.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-12-14 12:31:09 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2022-12-14 12:31:09 -0800
commit64e7003c6b85626a533a67c1ba938b75a3db24e6 (patch)
tree5e3e776d23a9520f51251b4838d4aa66d920dbff /crypto/af_alg.c
parent48ea09cddae0b794cde2070f106ef676703dbcd3 (diff)
parent453de3eb08c4b7e31b3019a4b0cc3ebce51a6219 (diff)
downloadlinux-64e7003c6b85626a533a67c1ba938b75a3db24e6.tar.bz2
Merge tag 'v6.2-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "API: - Optimise away self-test overhead when they are disabled - Support symmetric encryption via keyring keys in af_alg - Flip hwrng default_quality, the default is now maximum entropy Algorithms: - Add library version of aesgcm - CFI fixes for assembly code - Add arm/arm64 accelerated versions of sm3/sm4 Drivers: - Remove assumption on arm64 that kmalloc is DMA-aligned - Fix selftest failures in rockchip - Add support for RK3328/RK3399 in rockchip - Add deflate support in qat - Merge ux500 into stm32 - Add support for TEE for PCI ID 0x14CA in ccp - Add mt7986 support in mtk - Add MaxLinear platform support in inside-secure - Add NPCM8XX support in npcm" * tag 'v6.2-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (184 commits) crypto: ux500/cryp - delete driver crypto: stm32/cryp - enable for use with Ux500 crypto: stm32 - enable drivers to be used on Ux500 dt-bindings: crypto: Let STM32 define Ux500 CRYP hwrng: geode - Fix PCI device refcount leak hwrng: amd - Fix PCI device refcount leak crypto: qce - Set DMA alignment explicitly crypto: octeontx2 - Set DMA alignment explicitly crypto: octeontx - Set DMA alignment explicitly crypto: keembay - Set DMA alignment explicitly crypto: safexcel - Set DMA alignment explicitly crypto: hisilicon/hpre - Set DMA alignment explicitly crypto: chelsio - Set DMA alignment explicitly crypto: ccree - Set DMA alignment explicitly crypto: ccp - Set DMA alignment explicitly crypto: cavium - Set DMA alignment explicitly crypto: img-hash - Fix variable dereferenced before check 'hdev->req' crypto: arm64/ghash-ce - use frame_push/pop macros consistently crypto: arm64/crct10dif - use frame_push/pop macros consistently crypto: arm64/aes-modes - use frame_push/pop macros consistently ...
Diffstat (limited to 'crypto/af_alg.c')
-rw-r--r--crypto/af_alg.c135
1 files changed, 134 insertions, 1 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index e893c0f6c879..0a4fa2a429e2 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -12,6 +12,8 @@
#include <linux/crypto.h>
#include <linux/init.h>
#include <linux/kernel.h>
+#include <linux/key.h>
+#include <linux/key-type.h>
#include <linux/list.h>
#include <linux/module.h>
#include <linux/net.h>
@@ -19,6 +21,10 @@
#include <linux/sched.h>
#include <linux/sched/signal.h>
#include <linux/security.h>
+#include <linux/string.h>
+#include <keys/user-type.h>
+#include <keys/trusted-type.h>
+#include <keys/encrypted-type.h>
struct alg_type_list {
const struct af_alg_type *type;
@@ -222,6 +228,129 @@ out:
return err;
}
+#ifdef CONFIG_KEYS
+
+static const u8 *key_data_ptr_user(const struct key *key,
+ unsigned int *datalen)
+{
+ const struct user_key_payload *ukp;
+
+ ukp = user_key_payload_locked(key);
+ if (IS_ERR_OR_NULL(ukp))
+ return ERR_PTR(-EKEYREVOKED);
+
+ *datalen = key->datalen;
+
+ return ukp->data;
+}
+
+static const u8 *key_data_ptr_encrypted(const struct key *key,
+ unsigned int *datalen)
+{
+ const struct encrypted_key_payload *ekp;
+
+ ekp = dereference_key_locked(key);
+ if (IS_ERR_OR_NULL(ekp))
+ return ERR_PTR(-EKEYREVOKED);
+
+ *datalen = ekp->decrypted_datalen;
+
+ return ekp->decrypted_data;
+}
+
+static const u8 *key_data_ptr_trusted(const struct key *key,
+ unsigned int *datalen)
+{
+ const struct trusted_key_payload *tkp;
+
+ tkp = dereference_key_locked(key);
+ if (IS_ERR_OR_NULL(tkp))
+ return ERR_PTR(-EKEYREVOKED);
+
+ *datalen = tkp->key_len;
+
+ return tkp->key;
+}
+
+static struct key *lookup_key(key_serial_t serial)
+{
+ key_ref_t key_ref;
+
+ key_ref = lookup_user_key(serial, 0, KEY_NEED_SEARCH);
+ if (IS_ERR(key_ref))
+ return ERR_CAST(key_ref);
+
+ return key_ref_to_ptr(key_ref);
+}
+
+static int alg_setkey_by_key_serial(struct alg_sock *ask, sockptr_t optval,
+ unsigned int optlen)
+{
+ const struct af_alg_type *type = ask->type;
+ u8 *key_data = NULL;
+ unsigned int key_datalen;
+ key_serial_t serial;
+ struct key *key;
+ const u8 *ret;
+ int err;
+
+ if (optlen != sizeof(serial))
+ return -EINVAL;
+
+ if (copy_from_sockptr(&serial, optval, optlen))
+ return -EFAULT;
+
+ key = lookup_key(serial);
+ if (IS_ERR(key))
+ return PTR_ERR(key);
+
+ down_read(&key->sem);
+
+ ret = ERR_PTR(-ENOPROTOOPT);
+ if (!strcmp(key->type->name, "user") ||
+ !strcmp(key->type->name, "logon")) {
+ ret = key_data_ptr_user(key, &key_datalen);
+ } else if (IS_REACHABLE(CONFIG_ENCRYPTED_KEYS) &&
+ !strcmp(key->type->name, "encrypted")) {
+ ret = key_data_ptr_encrypted(key, &key_datalen);
+ } else if (IS_REACHABLE(CONFIG_TRUSTED_KEYS) &&
+ !strcmp(key->type->name, "trusted")) {
+ ret = key_data_ptr_trusted(key, &key_datalen);
+ }
+
+ if (IS_ERR(ret)) {
+ up_read(&key->sem);
+ return PTR_ERR(ret);
+ }
+
+ key_data = sock_kmalloc(&ask->sk, key_datalen, GFP_KERNEL);
+ if (!key_data) {
+ up_read(&key->sem);
+ return -ENOMEM;
+ }
+
+ memcpy(key_data, ret, key_datalen);
+
+ up_read(&key->sem);
+
+ err = type->setkey(ask->private, key_data, key_datalen);
+
+ sock_kzfree_s(&ask->sk, key_data, key_datalen);
+
+ return err;
+}
+
+#else
+
+static inline int alg_setkey_by_key_serial(struct alg_sock *ask,
+ sockptr_t optval,
+ unsigned int optlen)
+{
+ return -ENOPROTOOPT;
+}
+
+#endif
+
static int alg_setsockopt(struct socket *sock, int level, int optname,
sockptr_t optval, unsigned int optlen)
{
@@ -242,12 +371,16 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
switch (optname) {
case ALG_SET_KEY:
+ case ALG_SET_KEY_BY_KEY_SERIAL:
if (sock->state == SS_CONNECTED)
goto unlock;
if (!type->setkey)
goto unlock;
- err = alg_setkey(sk, optval, optlen);
+ if (optname == ALG_SET_KEY_BY_KEY_SERIAL)
+ err = alg_setkey_by_key_serial(ask, optval, optlen);
+ else
+ err = alg_setkey(sk, optval, optlen);
break;
case ALG_SET_AEAD_AUTHSIZE:
if (sock->state == SS_CONNECTED)