search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updated the install target for cryptodev module
[cryptodev-linux.git] / ioctl.c
bloba81b6014a43f2ad7981807bfdbab315dbae44004
1 /*
2 * Driver for /dev/crypto device (aka CryptoDev)
3 *
4 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
5 * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6 * Copyright (c) 2010 Phil Sutter
7 *
8 * This file is part of linux cryptodev.
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24 */
25
26 /*
27 * Device /dev/crypto provides an interface for
28 * accessing kernel CryptoAPI algorithms (ciphers,
29 * hashes) from userspace programs.
30 *
31 * /dev/crypto interface was originally introduced in
32 * OpenBSD and this module attempts to keep the API.
33 *
34 */
35
36 #include <crypto/hash.h>
37 #include <linux/crypto.h>
38 #include <linux/mm.h>
39 #include <linux/highmem.h>
40 #include <linux/ioctl.h>
41 #include <linux/random.h>
42 #include <linux/syscalls.h>
43 #include <linux/pagemap.h>
44 #include <linux/poll.h>
45 #include <linux/uaccess.h>
46 #include <crypto/cryptodev.h>
47 #include <linux/scatterlist.h>
48 #include "cryptodev_int.h"
49 #include "zc.h"
50 #include "version.h"
51
52 MODULE_AUTHOR("Nikos Mavrogiannopoulos <nmav@gnutls.org>");
53 MODULE_DESCRIPTION("CryptoDev driver");
54 MODULE_LICENSE("GPL");
55
56 /* ====== Compile-time config ====== */
57
58 /* Default (pre-allocated) and maximum size of the job queue.
59 * These are free, pending and done items all together. */
60 #define DEF_COP_RINGSIZE 16
61 #define MAX_COP_RINGSIZE 64
62
63 /* ====== Module parameters ====== */
64
65 int cryptodev_verbosity;
66 module_param(cryptodev_verbosity, int, 0644);
67 MODULE_PARM_DESC(cryptodev_verbosity, "0: normal, 1: verbose, 2: debug");
68
69 /* ====== CryptoAPI ====== */
70 struct todo_list_item {
71 struct list_head __hook;
72 struct kernel_crypt_op kcop;
73 int result;
74 };
75
76 struct locked_list {
77 struct list_head list;
78 struct mutex lock;
79 };
80
81 struct crypt_priv {
82 struct fcrypt fcrypt;
83 struct locked_list free, todo, done;
84 int itemcount;
85 struct work_struct cryptask;
86 wait_queue_head_t user_waiter;
87 };
88
89 #define FILL_SG(sg, ptr, len) \
90 do { \
91 (sg)->page = virt_to_page(ptr); \
92 (sg)->offset = offset_in_page(ptr); \
93 (sg)->length = len; \
94 (sg)->dma_address = 0; \
95 } while (0)
96
97 /* cryptodev's own workqueue, keeps crypto tasks from disturbing the force */
98 static struct workqueue_struct *cryptodev_wq;
99
100 /* Prepare session for future use. */
101 static int
102 crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
103 {
104 struct csession *ses_new = NULL, *ses_ptr;
105 int ret = 0;
106 const char *alg_name = NULL;
107 const char *hash_name = NULL;
108 int hmac_mode = 1, stream = 0, aead = 0;
109
110 /* Does the request make sense? */
111 if (unlikely(!sop->cipher && !sop->mac)) {
112 dprintk(1, KERN_DEBUG, "Both 'cipher' and 'mac' unset.\n");
113 return -EINVAL;
114 }
115
116 switch (sop->cipher) {
117 case 0:
118 break;
119 case CRYPTO_DES_CBC:
120 alg_name = "cbc(des)";
121 break;
122 case CRYPTO_3DES_CBC:
123 alg_name = "cbc(des3_ede)";
124 break;
125 case CRYPTO_BLF_CBC:
126 alg_name = "cbc(blowfish)";
127 break;
128 case CRYPTO_AES_CBC:
129 alg_name = "cbc(aes)";
130 break;
131 case CRYPTO_AES_ECB:
132 alg_name = "ecb(aes)";
133 break;
134 case CRYPTO_CAMELLIA_CBC:
135 alg_name = "cbc(camellia)";
136 break;
137 case CRYPTO_AES_CTR:
138 alg_name = "ctr(aes)";
139 stream = 1;
140 break;
141 case CRYPTO_AES_GCM:
142 alg_name = "gcm(aes)";
143 stream = 1;
144 aead = 1;
145 break;
146 case CRYPTO_NULL:
147 alg_name = "ecb(cipher_null)";
148 stream = 1;
149 break;
150 default:
151 dprintk(1, KERN_DEBUG, "bad cipher: %d\n", sop->cipher);
152 return -EINVAL;
153 }
154
155 switch (sop->mac) {
156 case 0:
157 break;
158 case CRYPTO_MD5_HMAC:
159 hash_name = "hmac(md5)";
160 break;
161 case CRYPTO_RIPEMD160_HMAC:
162 hash_name = "hmac(rmd160)";
163 break;
164 case CRYPTO_SHA1_HMAC:
165 hash_name = "hmac(sha1)";
166 break;
167 case CRYPTO_SHA2_256_HMAC:
168 hash_name = "hmac(sha256)";
169 break;
170 case CRYPTO_SHA2_384_HMAC:
171 hash_name = "hmac(sha384)";
172 break;
173 case CRYPTO_SHA2_512_HMAC:
174 hash_name = "hmac(sha512)";
175 break;
176
177 /* non-hmac cases */
178 case CRYPTO_MD5:
179 hash_name = "md5";
180 hmac_mode = 0;
181 break;
182 case CRYPTO_RIPEMD160:
183 hash_name = "rmd160";
184 hmac_mode = 0;
185 break;
186 case CRYPTO_SHA1:
187 hash_name = "sha1";
188 hmac_mode = 0;
189 break;
190 case CRYPTO_SHA2_256:
191 hash_name = "sha256";
192 hmac_mode = 0;
193 break;
194 case CRYPTO_SHA2_384:
195 hash_name = "sha384";
196 hmac_mode = 0;
197 break;
198 case CRYPTO_SHA2_512:
199 hash_name = "sha512";
200 hmac_mode = 0;
201 break;
202 default:
203 dprintk(1, KERN_DEBUG, "bad mac: %d\n", sop->mac);
204 return -EINVAL;
205 }
206
207 /* Create a session and put it to the list. */
208 ses_new = kzalloc(sizeof(*ses_new), GFP_KERNEL);
209 if (!ses_new)
210 return -ENOMEM;
211
212 /* Set-up crypto transform. */
213 if (alg_name) {
214 uint8_t keyp[CRYPTO_CIPHER_MAX_KEY_LEN];
215
216 if (unlikely(sop->keylen > CRYPTO_CIPHER_MAX_KEY_LEN)) {
217 dprintk(1, KERN_DEBUG,
218 "Setting key failed for %s-%zu.\n",
219 alg_name, (size_t)sop->keylen*8);
220 ret = -EINVAL;
221 goto error_cipher;
222 }
223
224 if (unlikely(copy_from_user(keyp, sop->key, sop->keylen))) {
225 ret = -EFAULT;
226 goto error_cipher;
227 }
228
229 ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, keyp,
230 sop->keylen, stream, aead);
231 if (ret < 0) {
232 dprintk(1, KERN_DEBUG,
233 "Failed to load cipher for %s\n", alg_name);
234 ret = -EINVAL;
235 goto error_cipher;
236 }
237 }
238
239 if (hash_name && aead == 0) {
240 uint8_t keyp[CRYPTO_HMAC_MAX_KEY_LEN];
241
242 if (unlikely(sop->mackeylen > CRYPTO_HMAC_MAX_KEY_LEN)) {
243 dprintk(1, KERN_DEBUG,
244 "Setting key failed for %s-%zu.\n",
245 alg_name, (size_t)sop->mackeylen*8);
246 ret = -EINVAL;
247 goto error_hash;
248 }
249
250 if (sop->mackey && unlikely(copy_from_user(keyp, sop->mackey,
251 sop->mackeylen))) {
252 ret = -EFAULT;
253 goto error_hash;
254 }
255
256 ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode,
257 keyp, sop->mackeylen);
258 if (ret != 0) {
259 dprintk(1, KERN_DEBUG, "Failed to load hash for %s\n", hash_name);
260 ret = -EINVAL;
261 goto error_hash;
262 }
263 }
264
265 ses_new->alignmask = max(ses_new->cdata.alignmask,
266 ses_new->hdata.alignmask);
267 dprintk(2, KERN_DEBUG, "got alignmask %d\n", ses_new->alignmask);
268
269 ses_new->array_size = DEFAULT_PREALLOC_PAGES;
270 dprintk(2, KERN_DEBUG, "preallocating for %d user pages\n",
271 ses_new->array_size);
272 ses_new->pages = kzalloc(ses_new->array_size *
273 sizeof(struct page *), GFP_KERNEL);
274 ses_new->sg = kzalloc(ses_new->array_size *
275 sizeof(struct scatterlist), GFP_KERNEL);
276 if (ses_new->sg == NULL || ses_new->pages == NULL) {
277 dprintk(0, KERN_DEBUG, "Memory error\n");
278 ret = -ENOMEM;
279 goto error_hash;
280 }
281
282 /* put the new session to the list */
283 get_random_bytes(&ses_new->sid, sizeof(ses_new->sid));
284 mutex_init(&ses_new->sem);
285
286 mutex_lock(&fcr->sem);
287 restart:
288 list_for_each_entry(ses_ptr, &fcr->list, entry) {
289 /* Check for duplicate SID */
290 if (unlikely(ses_new->sid == ses_ptr->sid)) {
291 get_random_bytes(&ses_new->sid, sizeof(ses_new->sid));
292 /* Unless we have a broken RNG this
293 shouldn't loop forever... ;-) */
294 goto restart;
295 }
296 }
297
298 list_add(&ses_new->entry, &fcr->list);
299 mutex_unlock(&fcr->sem);
300
301 /* Fill in some values for the user. */
302 sop->ses = ses_new->sid;
303
304 return 0;
305
306 error_hash:
307 cryptodev_cipher_deinit(&ses_new->cdata);
308 kfree(ses_new->sg);
309 kfree(ses_new->pages);
310 error_cipher:
311 kfree(ses_new);
312
313 return ret;
314
315 }
316
317 /* Everything that needs to be done when remowing a session. */
318 static inline void
319 crypto_destroy_session(struct csession *ses_ptr)
320 {
321 if (!mutex_trylock(&ses_ptr->sem)) {
322 dprintk(2, KERN_DEBUG, "Waiting for semaphore of sid=0x%08X\n",
323 ses_ptr->sid);
324 mutex_lock(&ses_ptr->sem);
325 }
326 dprintk(2, KERN_DEBUG, "Removed session 0x%08X\n", ses_ptr->sid);
327 cryptodev_cipher_deinit(&ses_ptr->cdata);
328 cryptodev_hash_deinit(&ses_ptr->hdata);
329 dprintk(2, KERN_DEBUG, "freeing space for %d user pages\n",
330 ses_ptr->array_size);
331 kfree(ses_ptr->pages);
332 kfree(ses_ptr->sg);
333 mutex_unlock(&ses_ptr->sem);
334 kfree(ses_ptr);
335 }
336
337 /* Look up a session by ID and remove. */
338 static int
339 crypto_finish_session(struct fcrypt *fcr, uint32_t sid)
340 {
341 struct csession *tmp, *ses_ptr;
342 struct list_head *head;
343 int ret = 0;
344
345 mutex_lock(&fcr->sem);
346 head = &fcr->list;
347 list_for_each_entry_safe(ses_ptr, tmp, head, entry) {
348 if (ses_ptr->sid == sid) {
349 list_del(&ses_ptr->entry);
350 crypto_destroy_session(ses_ptr);
351 break;
352 }
353 }
354
355 if (unlikely(!ses_ptr)) {
356 dprintk(1, KERN_ERR, "Session with sid=0x%08X not found!\n",
357 sid);
358 ret = -ENOENT;
359 }
360 mutex_unlock(&fcr->sem);
361
362 return ret;
363 }
364
365 /* Remove all sessions when closing the file */
366 static int
367 crypto_finish_all_sessions(struct fcrypt *fcr)
368 {
369 struct csession *tmp, *ses_ptr;
370 struct list_head *head;
371
372 mutex_lock(&fcr->sem);
373
374 head = &fcr->list;
375 list_for_each_entry_safe(ses_ptr, tmp, head, entry) {
376 list_del(&ses_ptr->entry);
377 crypto_destroy_session(ses_ptr);
378 }
379 mutex_unlock(&fcr->sem);
380
381 return 0;
382 }
383
384 /* Look up session by session ID. The returned session is locked. */
385 struct csession *
386 crypto_get_session_by_sid(struct fcrypt *fcr, uint32_t sid)
387 {
388 struct csession *ses_ptr, *retval = NULL;
389
390 if (unlikely(fcr == NULL))
391 return NULL;
392
393 mutex_lock(&fcr->sem);
394 list_for_each_entry(ses_ptr, &fcr->list, entry) {
395 if (ses_ptr->sid == sid) {
396 mutex_lock(&ses_ptr->sem);
397 retval = ses_ptr;
398 break;
399 }
400 }
401 mutex_unlock(&fcr->sem);
402
403 return retval;
404 }
405
406 static void cryptask_routine(struct work_struct *work)
407 {
408 struct crypt_priv *pcr = container_of(work, struct crypt_priv, cryptask);
409 struct todo_list_item *item;
410 LIST_HEAD(tmp);
411
412 /* fetch all pending jobs into the temporary list */
413 mutex_lock(&pcr->todo.lock);
414 list_cut_position(&tmp, &pcr->todo.list, pcr->todo.list.prev);
415 mutex_unlock(&pcr->todo.lock);
416
417 /* handle each job locklessly */
418 list_for_each_entry(item, &tmp, __hook) {
419 item->result = crypto_run(&pcr->fcrypt, &item->kcop);
420 if (unlikely(item->result))
421 dprintk(0, KERN_ERR, "crypto_run() failed: %d\n",
422 item->result);
423 }
424
425 /* push all handled jobs to the done list at once */
426 mutex_lock(&pcr->done.lock);
427 list_splice_tail(&tmp, &pcr->done.list);
428 mutex_unlock(&pcr->done.lock);
429
430 /* wake for POLLIN */
431 wake_up_interruptible(&pcr->user_waiter);
432 }
433
434 /* ====== /dev/crypto ====== */
435
436 static int
437 cryptodev_open(struct inode *inode, struct file *filp)
438 {
439 struct todo_list_item *tmp;
440 struct crypt_priv *pcr;
441 int i;
442
443 pcr = kmalloc(sizeof(*pcr), GFP_KERNEL);
444 if (!pcr)
445 return -ENOMEM;
446
447 memset(pcr, 0, sizeof(*pcr));
448 mutex_init(&pcr->fcrypt.sem);
449 INIT_LIST_HEAD(&pcr->fcrypt.list);
450
451 INIT_LIST_HEAD(&pcr->free.list);
452 INIT_LIST_HEAD(&pcr->todo.list);
453 INIT_LIST_HEAD(&pcr->done.list);
454 INIT_WORK(&pcr->cryptask, cryptask_routine);
455 mutex_init(&pcr->free.lock);
456 mutex_init(&pcr->todo.lock);
457 mutex_init(&pcr->done.lock);
458 init_waitqueue_head(&pcr->user_waiter);
459
460 for (i = 0; i < DEF_COP_RINGSIZE; i++) {
461 tmp = kzalloc(sizeof(struct todo_list_item), GFP_KERNEL);
462 if (!tmp)
463 return -ENOMEM;
464 pcr->itemcount++;
465 dprintk(2, KERN_DEBUG, "allocated new item at %lx\n",
466 (unsigned long)tmp);
467 list_add(&tmp->__hook, &pcr->free.list);
468 }
469
470 filp->private_data = pcr;
471 dprintk(2, KERN_DEBUG,
472 "Cryptodev handle initialised, %d elements in queue\n",
473 DEF_COP_RINGSIZE);
474 return 0;
475 }
476
477 static int
478 cryptodev_release(struct inode *inode, struct file *filp)
479 {
480 struct crypt_priv *pcr = filp->private_data;
481 struct todo_list_item *item, *item_safe;
482 int items_freed = 0;
483
484 if (!pcr)
485 return 0;
486
487 cancel_work_sync(&pcr->cryptask);
488
489 mutex_destroy(&pcr->todo.lock);
490 mutex_destroy(&pcr->done.lock);
491 mutex_destroy(&pcr->free.lock);
492
493 list_splice_tail(&pcr->todo.list, &pcr->free.list);
494 list_splice_tail(&pcr->done.list, &pcr->free.list);
495
496 list_for_each_entry_safe(item, item_safe, &pcr->free.list, __hook) {
497 dprintk(2, KERN_DEBUG, "freeing item at %lx\n",
498 (unsigned long)item);
499 list_del(&item->__hook);
500 kfree(item);
501 items_freed++;
502
503 }
504 if (items_freed != pcr->itemcount) {
505 dprintk(0, KERN_ERR,
506 "freed %d items, but %d should exist!\n",
507 items_freed, pcr->itemcount);
508 }
509
510 crypto_finish_all_sessions(&pcr->fcrypt);
511 kfree(pcr);
512 filp->private_data = NULL;
513
514 dprintk(2, KERN_DEBUG,
515 "Cryptodev handle deinitialised, %d elements freed\n",
516 items_freed);
517 return 0;
518 }
519
520 static int
521 clonefd(struct file *filp)
522 {
523 int ret;
524 ret = get_unused_fd();
525 if (ret >= 0) {
526 get_file(filp);
527 fd_install(ret, filp);
528 }
529
530 return ret;
531 }
532
533 /* enqueue a job for asynchronous completion
534 *
535 * returns:
536 * -EBUSY when there are no free queue slots left
537 * (and the number of slots has reached it MAX_COP_RINGSIZE)
538 * -EFAULT when there was a memory allocation error
539 * 0 on success */
540 static int crypto_async_run(struct crypt_priv *pcr, struct kernel_crypt_op *kcop)
541 {
542 struct todo_list_item *item = NULL;
543
544 mutex_lock(&pcr->free.lock);
545 if (likely(!list_empty(&pcr->free.list))) {
546 item = list_first_entry(&pcr->free.list,
547 struct todo_list_item, __hook);
548 list_del(&item->__hook);
549 } else if (pcr->itemcount < MAX_COP_RINGSIZE) {
550 pcr->itemcount++;
551 } else {
552 mutex_unlock(&pcr->free.lock);
553 return -EBUSY;
554 }
555 mutex_unlock(&pcr->free.lock);
556
557 if (unlikely(!item)) {
558 item = kzalloc(sizeof(struct todo_list_item), GFP_KERNEL);
559 if (unlikely(!item))
560 return -EFAULT;
561 dprintk(1, KERN_INFO, "increased item count to %d\n",
562 pcr->itemcount);
563 }
564
565 memcpy(&item->kcop, kcop, sizeof(struct kernel_crypt_op));
566
567 mutex_lock(&pcr->todo.lock);
568 list_add_tail(&item->__hook, &pcr->todo.list);
569 mutex_unlock(&pcr->todo.lock);
570
571 queue_work(cryptodev_wq, &pcr->cryptask);
572 return 0;
573 }
574
575 /* get the first completed job from the "done" queue
576 *
577 * returns:
578 * -EBUSY if no completed jobs are ready (yet)
579 * the return value of crypto_run() otherwise */
580 static int crypto_async_fetch(struct crypt_priv *pcr,
581 struct kernel_crypt_op *kcop)
582 {
583 struct todo_list_item *item;
584 int retval;
585
586 mutex_lock(&pcr->done.lock);
587 if (list_empty(&pcr->done.list)) {
588 mutex_unlock(&pcr->done.lock);
589 return -EBUSY;
590 }
591 item = list_first_entry(&pcr->done.list, struct todo_list_item, __hook);
592 list_del(&item->__hook);
593 mutex_unlock(&pcr->done.lock);
594
595 memcpy(kcop, &item->kcop, sizeof(struct kernel_crypt_op));
596 retval = item->result;
597
598 mutex_lock(&pcr->free.lock);
599 list_add_tail(&item->__hook, &pcr->free.list);
600 mutex_unlock(&pcr->free.lock);
601
602 /* wake for POLLOUT */
603 wake_up_interruptible(&pcr->user_waiter);
604
605 return retval;
606 }
607
608 /* this function has to be called from process context */
609 static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
610 {
611 struct crypt_op *cop = &kcop->cop;
612 struct csession *ses_ptr;
613 int rc;
614
615 /* this also enters ses_ptr->sem */
616 ses_ptr = crypto_get_session_by_sid(fcr, cop->ses);
617 if (unlikely(!ses_ptr)) {
618 dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", cop->ses);
619 return -EINVAL;
620 }
621 kcop->ivlen = cop->iv ? ses_ptr->cdata.ivsize : 0;
622 kcop->digestsize = 0; /* will be updated during operation */
623
624 crypto_put_session(ses_ptr);
625
626 kcop->task = current;
627 kcop->mm = current->mm;
628
629 if (cop->iv) {
630 rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
631 if (unlikely(rc)) {
632 dprintk(1, KERN_ERR,
633 "error copying IV (%d bytes), copy_from_user returned %d for address %lx\n",
634 kcop->ivlen, rc, (unsigned long)cop->iv);
635 return -EFAULT;
636 }
637 }
638
639 return 0;
640 }
641
642 /* this function has to be called from process context */
643 static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
644 {
645 int ret;
646
647 if (kcop->digestsize) {
648 ret = copy_to_user(kcop->cop.mac,
649 kcop->hash_output, kcop->digestsize);
650 if (unlikely(ret))
651 return -EFAULT;
652 }
653 if (kcop->ivlen && kcop->cop.flags & COP_FLAG_WRITE_IV) {
654 ret = copy_to_user(kcop->cop.iv,
655 kcop->iv, kcop->ivlen);
656 if (unlikely(ret))
657 return -EFAULT;
658 }
659 return 0;
660 }
661
662 static int kcop_from_user(struct kernel_crypt_op *kcop,
663 struct fcrypt *fcr, void __user *arg)
664 {
665 if (unlikely(copy_from_user(&kcop->cop, arg, sizeof(kcop->cop))))
666 return -EFAULT;
667
668 return fill_kcop_from_cop(kcop, fcr);
669 }
670
671 static int kcop_to_user(struct kernel_crypt_op *kcop,
672 struct fcrypt *fcr, void __user *arg)
673 {
674 int ret;
675
676 ret = fill_cop_from_kcop(kcop, fcr);
677 if (unlikely(ret)) {
678 dprintk(1, KERN_ERR, "Error in fill_cop_from_kcop\n");
679 return ret;
680 }
681
682 if (unlikely(copy_to_user(arg, &kcop->cop, sizeof(kcop->cop)))) {
683 dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
684 return -EFAULT;
685 }
686 return 0;
687 }
688
689 static inline void tfm_info_to_alg_info(struct alg_info *dst, struct crypto_tfm *tfm)
690 {
691 snprintf(dst->cra_name, CRYPTODEV_MAX_ALG_NAME,
692 "%s", crypto_tfm_alg_name(tfm));
693 snprintf(dst->cra_driver_name, CRYPTODEV_MAX_ALG_NAME,
694 "%s", crypto_tfm_alg_driver_name(tfm));
695 }
696
697 static unsigned int is_known_accelerated(struct crypto_tfm *tfm)
698 {
699 const char* name = crypto_tfm_alg_driver_name(tfm);
700
701 if (name == NULL)
702 return 1; /* assume accelerated */
703
704 if (strstr(name, "-talitos"))
705 return 1;
706 else if (strncmp(name, "mv-", 3) == 0)
707 return 1;
708 else if (strstr(name, "geode"))
709 return 1;
710 else if (strstr(name, "hifn"))
711 return 1;
712 else if (strstr(name, "-ixp4xx"))
713 return 1;
714 else if (strstr(name, "-omap"))
715 return 1;
716 else if (strstr(name, "-picoxcell"))
717 return 1;
718 else if (strstr(name, "-s5p"))
719 return 1;
720 else if (strstr(name, "-ppc4xx"))
721 return 1;
722 else if (strstr(name, "-caam"))
723 return 1;
724 else if (strstr(name, "-n2"))
725 return 1;
726
727 return 0;
728 }
729
730 static int get_session_info(struct fcrypt *fcr, struct session_info_op *siop)
731 {
732 struct csession *ses_ptr;
733 struct crypto_tfm *tfm;
734
735 /* this also enters ses_ptr->sem */
736 ses_ptr = crypto_get_session_by_sid(fcr, siop->ses);
737 if (unlikely(!ses_ptr)) {
738 dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", siop->ses);
739 return -EINVAL;
740 }
741
742 siop->flags = 0;
743
744 if (ses_ptr->cdata.init) {
745 if (ses_ptr->cdata.aead == 0) {
746 tfm = crypto_ablkcipher_tfm(ses_ptr->cdata.async.s);
747 } else {
748 tfm = crypto_aead_tfm(ses_ptr->cdata.async.as);
749 }
750 tfm_info_to_alg_info(&siop->cipher_info, tfm);
751 #ifdef CRYPTO_ALG_KERN_DRIVER_ONLY
752 if (tfm->__crt_alg->cra_flags & CRYPTO_ALG_KERN_DRIVER_ONLY)
753 siop->flags |= SIOP_FLAG_KERNEL_DRIVER_ONLY;
754 #else
755 if (is_known_accelerated(tfm))
756 siop->flags |= SIOP_FLAG_KERNEL_DRIVER_ONLY;
757 #endif
758 }
759 if (ses_ptr->hdata.init) {
760 tfm = crypto_ahash_tfm(ses_ptr->hdata.async.s);
761 tfm_info_to_alg_info(&siop->hash_info, tfm);
762 #ifdef CRYPTO_ALG_KERN_DRIVER_ONLY
763 if (tfm->__crt_alg->cra_flags & CRYPTO_ALG_KERN_DRIVER_ONLY)
764 siop->flags |= SIOP_FLAG_KERNEL_DRIVER_ONLY;
765 #else
766 if (is_known_accelerated(tfm))
767 siop->flags |= SIOP_FLAG_KERNEL_DRIVER_ONLY;
768 #endif
769 }
770
771 siop->alignmask = ses_ptr->alignmask;
772
773 crypto_put_session(ses_ptr);
774 return 0;
775 }
776
777 static long
778 cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
779 {
780 void __user *arg = (void __user *)arg_;
781 int __user *p = arg;
782 struct session_op sop;
783 struct kernel_crypt_op kcop;
784 struct kernel_crypt_auth_op kcaop;
785 struct crypt_priv *pcr = filp->private_data;
786 struct fcrypt *fcr;
787 struct session_info_op siop;
788 uint32_t ses;
789 int ret, fd;
790
791 if (unlikely(!pcr))
792 BUG();
793
794 fcr = &pcr->fcrypt;
795
796 switch (cmd) {
797 case CIOCASYMFEAT:
798 return put_user(0, p);
799 case CRIOGET:
800 fd = clonefd(filp);
801 ret = put_user(fd, p);
802 if (unlikely(ret)) {
803 sys_close(fd);
804 return ret;
805 }
806 return ret;
807 case CIOCGSESSION:
808 if (unlikely(copy_from_user(&sop, arg, sizeof(sop))))
809 return -EFAULT;
810
811 ret = crypto_create_session(fcr, &sop);
812 if (unlikely(ret))
813 return ret;
814 ret = copy_to_user(arg, &sop, sizeof(sop));
815 if (unlikely(ret)) {
816 crypto_finish_session(fcr, sop.ses);
817 return -EFAULT;
818 }
819 return ret;
820 case CIOCFSESSION:
821 ret = get_user(ses, (uint32_t __user *)arg);
822 if (unlikely(ret))
823 return ret;
824 ret = crypto_finish_session(fcr, ses);
825 return ret;
826 case CIOCGSESSINFO:
827 if (unlikely(copy_from_user(&siop, arg, sizeof(siop))))
828 return -EFAULT;
829
830 ret = get_session_info(fcr, &siop);
831 if (unlikely(ret))
832 return ret;
833 return copy_to_user(arg, &siop, sizeof(siop));
834 case CIOCCRYPT:
835 if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
836 dprintk(1, KERN_WARNING, "Error copying from user\n");
837 return ret;
838 }
839
840 ret = crypto_run(fcr, &kcop);
841 if (unlikely(ret)) {
842 dprintk(1, KERN_WARNING, "Error in crypto_run\n");
843 return ret;
844 }
845
846 return kcop_to_user(&kcop, fcr, arg);
847 case CIOCAUTHCRYPT:
848 if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) {
849 dprintk(1, KERN_WARNING, "Error copying from user\n");
850 return ret;
851 }
852
853 ret = crypto_auth_run(fcr, &kcaop);
854 if (unlikely(ret)) {
855 dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n");
856 return ret;
857 }
858 return kcaop_to_user(&kcaop, fcr, arg);
859 case CIOCASYNCCRYPT:
860 if (unlikely(ret = kcop_from_user(&kcop, fcr, arg)))
861 return ret;
862
863 return crypto_async_run(pcr, &kcop);
864 case CIOCASYNCFETCH:
865 ret = crypto_async_fetch(pcr, &kcop);
866 if (unlikely(ret))
867 return ret;
868
869 return kcop_to_user(&kcop, fcr, arg);
870 default:
871 return -EINVAL;
872 }
873 }
874
875 /* compatibility code for 32bit userlands */
876 #ifdef CONFIG_COMPAT
877
878 static inline void
879 compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
880 {
881 sop->cipher = compat->cipher;
882 sop->mac = compat->mac;
883 sop->keylen = compat->keylen;
884
885 sop->key = compat_ptr(compat->key);
886 sop->mackeylen = compat->mackeylen;
887 sop->mackey = compat_ptr(compat->mackey);
888 sop->ses = compat->ses;
889 }
890
891 static inline void
892 session_op_to_compat(struct session_op *sop, struct compat_session_op *compat)
893 {
894 compat->cipher = sop->cipher;
895 compat->mac = sop->mac;
896 compat->keylen = sop->keylen;
897
898 compat->key = ptr_to_compat(sop->key);
899 compat->mackeylen = sop->mackeylen;
900 compat->mackey = ptr_to_compat(sop->mackey);
901 compat->ses = sop->ses;
902 }
903
904 static inline void
905 compat_to_crypt_op(struct compat_crypt_op *compat, struct crypt_op *cop)
906 {
907 cop->ses = compat->ses;
908 cop->op = compat->op;
909 cop->flags = compat->flags;
910 cop->len = compat->len;
911
912 cop->src = compat_ptr(compat->src);
913 cop->dst = compat_ptr(compat->dst);
914 cop->mac = compat_ptr(compat->mac);
915 cop->iv = compat_ptr(compat->iv);
916 }
917
918 static inline void
919 crypt_op_to_compat(struct crypt_op *cop, struct compat_crypt_op *compat)
920 {
921 compat->ses = cop->ses;
922 compat->op = cop->op;
923 compat->flags = cop->flags;
924 compat->len = cop->len;
925
926 compat->src = ptr_to_compat(cop->src);
927 compat->dst = ptr_to_compat(cop->dst);
928 compat->mac = ptr_to_compat(cop->mac);
929 compat->iv = ptr_to_compat(cop->iv);
930 }
931
932 static int compat_kcop_from_user(struct kernel_crypt_op *kcop,
933 struct fcrypt *fcr, void __user *arg)
934 {
935 struct compat_crypt_op compat_cop;
936
937 if (unlikely(copy_from_user(&compat_cop, arg, sizeof(compat_cop))))
938 return -EFAULT;
939 compat_to_crypt_op(&compat_cop, &kcop->cop);
940
941 return fill_kcop_from_cop(kcop, fcr);
942 }
943
944 static int compat_kcop_to_user(struct kernel_crypt_op *kcop,
945 struct fcrypt *fcr, void __user *arg)
946 {
947 int ret;
948 struct compat_crypt_op compat_cop;
949
950 ret = fill_cop_from_kcop(kcop, fcr);
951 if (unlikely(ret)) {
952 dprintk(1, KERN_WARNING, "Error in fill_cop_from_kcop\n");
953 return ret;
954 }
955 crypt_op_to_compat(&kcop->cop, &compat_cop);
956
957 if (unlikely(copy_to_user(arg, &compat_cop, sizeof(compat_cop)))) {
958 dprintk(1, KERN_WARNING, "Error copying to user\n");
959 return -EFAULT;
960 }
961 return 0;
962 }
963
964 static long
965 cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
966 {
967 void __user *arg = (void __user *)arg_;
968 struct crypt_priv *pcr = file->private_data;
969 struct fcrypt *fcr;
970 struct session_op sop;
971 struct compat_session_op compat_sop;
972 struct kernel_crypt_op kcop;
973 int ret;
974
975 if (unlikely(!pcr))
976 BUG();
977
978 fcr = &pcr->fcrypt;
979
980 switch (cmd) {
981 case CIOCASYMFEAT:
982 case CRIOGET:
983 case CIOCFSESSION:
984 case CIOCGSESSINFO:
985 return cryptodev_ioctl(file, cmd, arg_);
986
987 case COMPAT_CIOCGSESSION:
988 if (unlikely(copy_from_user(&compat_sop, arg,
989 sizeof(compat_sop))))
990 return -EFAULT;
991 compat_to_session_op(&compat_sop, &sop);
992
993 ret = crypto_create_session(fcr, &sop);
994 if (unlikely(ret))
995 return ret;
996
997 session_op_to_compat(&sop, &compat_sop);
998 ret = copy_to_user(arg, &compat_sop, sizeof(compat_sop));
999 if (unlikely(ret)) {
1000 crypto_finish_session(fcr, sop.ses);
1001 return -EFAULT;
1002 }
1003 return ret;
1004
1005 case COMPAT_CIOCCRYPT:
1006 ret = compat_kcop_from_user(&kcop, fcr, arg);
1007 if (unlikely(ret))
1008 return ret;
1009
1010 ret = crypto_run(fcr, &kcop);
1011 if (unlikely(ret))
1012 return ret;
1013
1014 return compat_kcop_to_user(&kcop, fcr, arg);
1015 case COMPAT_CIOCASYNCCRYPT:
1016 if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg)))
1017 return ret;
1018
1019 return crypto_async_run(pcr, &kcop);
1020 case COMPAT_CIOCASYNCFETCH:
1021 ret = crypto_async_fetch(pcr, &kcop);
1022 if (unlikely(ret))
1023 return ret;
1024
1025 return compat_kcop_to_user(&kcop, fcr, arg);
1026
1027 default:
1028 return -EINVAL;
1029 }
1030 }
1031
1032 #endif /* CONFIG_COMPAT */
1033
1034 static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
1035 {
1036 struct crypt_priv *pcr = file->private_data;
1037 int ret = 0;
1038
1039 poll_wait(file, &pcr->user_waiter, wait);
1040
1041 if (!list_empty_careful(&pcr->done.list))
1042 ret |= POLLIN | POLLRDNORM;
1043 if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE)
1044 ret |= POLLOUT | POLLWRNORM;
1045
1046 return ret;
1047 }
1048
1049 static const struct file_operations cryptodev_fops = {
1050 .owner = THIS_MODULE,
1051 .open = cryptodev_open,
1052 .release = cryptodev_release,
1053 .unlocked_ioctl = cryptodev_ioctl,
1054 #ifdef CONFIG_COMPAT
1055 .compat_ioctl = cryptodev_compat_ioctl,
1056 #endif /* CONFIG_COMPAT */
1057 .poll = cryptodev_poll,
1058 };
1059
1060 static struct miscdevice cryptodev = {
1061 .minor = MISC_DYNAMIC_MINOR,
1062 .name = "crypto",
1063 .fops = &cryptodev_fops,
1064 .mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH,
1065 };
1066
1067 static int __init
1068 cryptodev_register(void)
1069 {
1070 int rc;
1071
1072 rc = misc_register(&cryptodev);
1073 if (unlikely(rc)) {
1074 printk(KERN_ERR PFX "registration of /dev/crypto failed\n");
1075 return rc;
1076 }
1077
1078 return 0;
1079 }
1080
1081 static void __exit
1082 cryptodev_deregister(void)
1083 {
1084 misc_deregister(&cryptodev);
1085 }
1086
1087 /* ====== Module init/exit ====== */
1088 static int __init init_cryptodev(void)
1089 {
1090 int rc;
1091
1092 cryptodev_wq = create_workqueue("cryptodev_queue");
1093 if (unlikely(!cryptodev_wq)) {
1094 printk(KERN_ERR PFX "failed to allocate the cryptodev workqueue\n");
1095 return -EFAULT;
1096 }
1097
1098 rc = cryptodev_register();
1099 if (unlikely(rc)) {
1100 destroy_workqueue(cryptodev_wq);
1101 return rc;
1102 }
1103
1104 printk(KERN_INFO PFX "driver %s loaded.\n", VERSION);
1105
1106 return 0;
1107 }
1108
1109 static void __exit exit_cryptodev(void)
1110 {
1111 flush_workqueue(cryptodev_wq);
1112 destroy_workqueue(cryptodev_wq);
1113
1114 cryptodev_deregister();
1115 printk(KERN_INFO PFX "driver unloaded.\n");
1116 }
1117
1118 module_init(init_cryptodev);
1119 module_exit(exit_cryptodev);
1120
Cryptodev for linux