search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bumped version to 0.7
[cryptodev-linux.git] / cryptodev_main.c
blobf3ccc069a80af5deda8c7a02711fd57fbef5557a
1 /*
2 * Driver for /dev/crypto device (aka CryptoDev)
3 *
4 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
5 * Copyright (c) 2009,2010 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6 *
7 * This file is part of linux cryptodev.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 */
24
25 /*
26 * Device /dev/crypto provides an interface for
27 * accessing kernel CryptoAPI algorithms (ciphers,
28 * hashes) from userspace programs.
29 *
30 * /dev/crypto interface was originally introduced in
31 * OpenBSD and this module attempts to keep the API.
32 *
33 */
34
35 #include <linux/crypto.h>
36 #include <linux/mm.h>
37 #include <linux/highmem.h>
38 #include <linux/ioctl.h>
39 #include <linux/random.h>
40 #include <linux/syscalls.h>
41 #include <linux/pagemap.h>
42 #include <linux/uaccess.h>
43 #include "cryptodev.h"
44 #include <linux/scatterlist.h>
45 #include "cryptodev_int.h"
46 #include "version.h"
47
48 MODULE_AUTHOR("Nikos Mavrogiannopoulos <nmav@gnutls.org>");
49 MODULE_DESCRIPTION("CryptoDev driver");
50 MODULE_LICENSE("GPL");
51
52 /* ====== Compile-time config ====== */
53
54 #define CRYPTODEV_STATS
55
56 /* ====== Module parameters ====== */
57
58 int cryptodev_verbosity;
59 module_param(cryptodev_verbosity, int, 0644);
60 MODULE_PARM_DESC(cryptodev_verbosity, "0: normal, 1: verbose, 2: debug");
61
62 #ifdef CRYPTODEV_STATS
63 static int enable_stats;
64 module_param(enable_stats, int, 0644);
65 MODULE_PARM_DESC(enable_stats, "collect statictics about cryptodev usage");
66 #endif
67
68 /* ====== CryptoAPI ====== */
69 struct fcrypt {
70 struct list_head list;
71 struct mutex sem;
72 };
73
74 struct crypt_priv {
75 struct fcrypt fcrypt;
76 };
77
78 #define FILL_SG(sg, ptr, len) \
79 do { \
80 (sg)->page = virt_to_page(ptr); \
81 (sg)->offset = offset_in_page(ptr); \
82 (sg)->length = len; \
83 (sg)->dma_address = 0; \
84 } while (0)
85
86 struct csession {
87 struct list_head entry;
88 struct mutex sem;
89 struct cipher_data cdata;
90 struct hash_data hdata;
91 uint32_t sid;
92 #ifdef CRYPTODEV_STATS
93 #if !((COP_ENCRYPT < 2) && (COP_DECRYPT < 2))
94 #error Struct csession.stat uses COP_{ENCRYPT,DECRYPT} as indices. Do something!
95 #endif
96 unsigned long long stat[2];
97 size_t stat_max_size, stat_count;
98 #endif
99 int array_size;
100 struct page **pages;
101 struct scatterlist *sg;
102 };
103
104 /* Prepare session for future use. */
105 static int
106 crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
107 {
108 struct csession *ses_new = NULL, *ses_ptr;
109 int ret = 0;
110 const char *alg_name = NULL;
111 const char *hash_name = NULL;
112 int hmac_mode = 1;
113
114 /* Does the request make sense? */
115 if (unlikely(!sop->cipher && !sop->mac)) {
116 dprintk(1, KERN_DEBUG, "Both 'cipher' and 'mac' unset.\n");
117 return -EINVAL;
118 }
119
120 switch (sop->cipher) {
121 case 0:
122 break;
123 case CRYPTO_DES_CBC:
124 alg_name = "cbc(des)";
125 break;
126 case CRYPTO_3DES_CBC:
127 alg_name = "cbc(des3_ede)";
128 break;
129 case CRYPTO_BLF_CBC:
130 alg_name = "cbc(blowfish)";
131 break;
132 case CRYPTO_AES_CBC:
133 alg_name = "cbc(aes)";
134 break;
135 case CRYPTO_CAMELLIA_CBC:
136 alg_name = "cbc(camelia)";
137 break;
138 case CRYPTO_AES_CTR:
139 alg_name = "ctr(aes)";
140 break;
141 case CRYPTO_NULL:
142 alg_name = "ecb(cipher_null)";
143 break;
144 default:
145 dprintk(1, KERN_DEBUG, "%s: bad cipher: %d\n", __func__,
146 sop->cipher);
147 return -EINVAL;
148 }
149
150 switch (sop->mac) {
151 case 0:
152 break;
153 case CRYPTO_MD5_HMAC:
154 hash_name = "hmac(md5)";
155 break;
156 case CRYPTO_RIPEMD160_HMAC:
157 hash_name = "hmac(rmd160)";
158 break;
159 case CRYPTO_SHA1_HMAC:
160 hash_name = "hmac(sha1)";
161 break;
162 case CRYPTO_SHA2_256_HMAC:
163 hash_name = "hmac(sha256)";
164 break;
165 case CRYPTO_SHA2_384_HMAC:
166 hash_name = "hmac(sha384)";
167 break;
168 case CRYPTO_SHA2_512_HMAC:
169 hash_name = "hmac(sha512)";
170 break;
171
172 /* non-hmac cases */
173 case CRYPTO_MD5:
174 hash_name = "md5";
175 hmac_mode = 0;
176 break;
177 case CRYPTO_RIPEMD160:
178 hash_name = "rmd160";
179 hmac_mode = 0;
180 break;
181 case CRYPTO_SHA1:
182 hash_name = "sha1";
183 hmac_mode = 0;
184 break;
185 case CRYPTO_SHA2_256:
186 hash_name = "sha256";
187 hmac_mode = 0;
188 break;
189 case CRYPTO_SHA2_384:
190 hash_name = "sha384";
191 hmac_mode = 0;
192 break;
193 case CRYPTO_SHA2_512:
194 hash_name = "sha512";
195 hmac_mode = 0;
196 break;
197
198 default:
199 dprintk(1, KERN_DEBUG, "%s: bad mac: %d\n", __func__,
200 sop->mac);
201 return -EINVAL;
202 }
203
204 /* Create a session and put it to the list. */
205 ses_new = kzalloc(sizeof(*ses_new), GFP_KERNEL);
206 if (!ses_new)
207 return -ENOMEM;
208
209 /* Set-up crypto transform. */
210 if (alg_name) {
211 uint8_t keyp[CRYPTO_CIPHER_MAX_KEY_LEN];
212
213 if (unlikely(sop->keylen > CRYPTO_CIPHER_MAX_KEY_LEN)) {
214 dprintk(1, KERN_DEBUG,
215 "Setting key failed for %s-%zu.\n",
216 alg_name, (size_t)sop->keylen*8);
217 ret = -EINVAL;
218 goto error_cipher;
219 }
220
221 if (unlikely(copy_from_user(keyp, sop->key, sop->keylen))) {
222 ret = -EFAULT;
223 goto error_cipher;
224 }
225
226 ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, keyp,
227 sop->keylen);
228 if (ret < 0) {
229 dprintk(1, KERN_DEBUG,
230 "%s: Failed to load cipher for %s\n",
231 __func__, alg_name);
232 ret = -EINVAL;
233 goto error_cipher;
234 }
235 }
236
237 if (hash_name) {
238 uint8_t keyp[CRYPTO_HMAC_MAX_KEY_LEN];
239
240 if (unlikely(sop->mackeylen > CRYPTO_HMAC_MAX_KEY_LEN)) {
241 dprintk(1, KERN_DEBUG,
242 "Setting key failed for %s-%zu.\n",
243 alg_name, (size_t)sop->mackeylen*8);
244 ret = -EINVAL;
245 goto error_hash;
246 }
247
248 if (unlikely(copy_from_user(keyp, sop->mackey,
249 sop->mackeylen))) {
250 ret = -EFAULT;
251 goto error_hash;
252 }
253
254 ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode,
255 keyp, sop->mackeylen);
256 if (ret != 0) {
257 dprintk(1, KERN_DEBUG,
258 "%s: Failed to load hash for %s\n",
259 __func__, hash_name);
260 ret = -EINVAL;
261 goto error_hash;
262 }
263 }
264
265 ses_new->array_size = DEFAULT_PREALLOC_PAGES;
266 dprintk(2, KERN_DEBUG, "%s: preallocating for %d user pages\n",
267 __func__, ses_new->array_size);
268 ses_new->pages = kzalloc(ses_new->array_size *
269 sizeof(struct page *), GFP_KERNEL);
270 ses_new->sg = kzalloc(ses_new->array_size *
271 sizeof(struct scatterlist), GFP_KERNEL);
272 if (ses_new->sg == NULL || ses_new->pages == NULL) {
273 dprintk(0, KERN_DEBUG, "Memory error\n");
274 ret = -ENOMEM;
275 goto error_hash;
276 }
277
278 /* put the new session to the list */
279 get_random_bytes(&ses_new->sid, sizeof(ses_new->sid));
280 mutex_init(&ses_new->sem);
281
282 mutex_lock(&fcr->sem);
283 restart:
284 list_for_each_entry(ses_ptr, &fcr->list, entry) {
285 /* Check for duplicate SID */
286 if (unlikely(ses_new->sid == ses_ptr->sid)) {
287 get_random_bytes(&ses_new->sid, sizeof(ses_new->sid));
288 /* Unless we have a broken RNG this
289 shouldn't loop forever... ;-) */
290 goto restart;
291 }
292 }
293
294 list_add(&ses_new->entry, &fcr->list);
295 mutex_unlock(&fcr->sem);
296
297 /* Fill in some values for the user. */
298 sop->ses = ses_new->sid;
299
300 return 0;
301
302 error_hash:
303 cryptodev_cipher_deinit(&ses_new->cdata);
304 kfree(ses_new->sg);
305 kfree(ses_new->pages);
306 error_cipher:
307 kfree(ses_new);
308
309 return ret;
310
311 }
312
313 /* Everything that needs to be done when remowing a session. */
314 static inline void
315 crypto_destroy_session(struct csession *ses_ptr)
316 {
317 if (!mutex_trylock(&ses_ptr->sem)) {
318 dprintk(2, KERN_DEBUG, "Waiting for semaphore of sid=0x%08X\n",
319 ses_ptr->sid);
320 mutex_lock(&ses_ptr->sem);
321 }
322 dprintk(2, KERN_DEBUG, "Removed session 0x%08X\n", ses_ptr->sid);
323 #if defined(CRYPTODEV_STATS)
324 if (enable_stats)
325 dprintk(2, KERN_DEBUG,
326 "Usage in Bytes: enc=%llu, dec=%llu, \
327 max=%zu, avg=%lu, cnt=%zu\n",
328 ses_ptr->stat[COP_ENCRYPT], ses_ptr->stat[COP_DECRYPT],
329 ses_ptr->stat_max_size, ses_ptr->stat_count > 0
330 ? ((unsigned long)(ses_ptr->stat[COP_ENCRYPT]+
331 ses_ptr->stat[COP_DECRYPT]) /
332 ses_ptr->stat_count) : 0,
333 ses_ptr->stat_count);
334 #endif
335 cryptodev_cipher_deinit(&ses_ptr->cdata);
336 cryptodev_hash_deinit(&ses_ptr->hdata);
337 dprintk(2, KERN_DEBUG, "%s: freeing space for %d user pages\n",
338 __func__, ses_ptr->array_size);
339 kfree(ses_ptr->pages);
340 kfree(ses_ptr->sg);
341 mutex_unlock(&ses_ptr->sem);
342 kfree(ses_ptr);
343 }
344
345 /* Look up a session by ID and remove. */
346 static int
347 crypto_finish_session(struct fcrypt *fcr, uint32_t sid)
348 {
349 struct csession *tmp, *ses_ptr;
350 struct list_head *head;
351 int ret = 0;
352
353 mutex_lock(&fcr->sem);
354 head = &fcr->list;
355 list_for_each_entry_safe(ses_ptr, tmp, head, entry) {
356 if (ses_ptr->sid == sid) {
357 list_del(&ses_ptr->entry);
358 crypto_destroy_session(ses_ptr);
359 break;
360 }
361 }
362
363 if (unlikely(!ses_ptr)) {
364 dprintk(1, KERN_ERR, "Session with sid=0x%08X not found!\n",
365 sid);
366 ret = -ENOENT;
367 }
368 mutex_unlock(&fcr->sem);
369
370 return ret;
371 }
372
373 /* Remove all sessions when closing the file */
374 static int
375 crypto_finish_all_sessions(struct fcrypt *fcr)
376 {
377 struct csession *tmp, *ses_ptr;
378 struct list_head *head;
379
380 mutex_lock(&fcr->sem);
381
382 head = &fcr->list;
383 list_for_each_entry_safe(ses_ptr, tmp, head, entry) {
384 list_del(&ses_ptr->entry);
385 crypto_destroy_session(ses_ptr);
386 }
387 mutex_unlock(&fcr->sem);
388
389 return 0;
390 }
391
392 /* Look up session by session ID. The returned session is locked. */
393 static struct csession *
394 crypto_get_session_by_sid(struct fcrypt *fcr, uint32_t sid)
395 {
396 struct csession *ses_ptr;
397
398 mutex_lock(&fcr->sem);
399 list_for_each_entry(ses_ptr, &fcr->list, entry) {
400 if (ses_ptr->sid == sid) {
401 mutex_lock(&ses_ptr->sem);
402 break;
403 }
404 }
405 mutex_unlock(&fcr->sem);
406
407 return ses_ptr;
408 }
409
410 static int
411 hash_n_crypt(struct csession *ses_ptr, struct crypt_op *cop,
412 struct scatterlist *src_sg, struct scatterlist *dst_sg,
413 uint32_t len)
414 {
415 int ret;
416
417 /* Always hash before encryption and after decryption. Maybe
418 * we should introduce a flag to switch... TBD later on.
419 */
420 if (cop->op == COP_ENCRYPT) {
421 if (ses_ptr->hdata.init != 0) {
422 ret = cryptodev_hash_update(&ses_ptr->hdata,
423 src_sg, len);
424 if (unlikely(ret))
425 goto out_err;
426 }
427 if (ses_ptr->cdata.init != 0) {
428 ret = cryptodev_cipher_encrypt(&ses_ptr->cdata,
429 src_sg, dst_sg, len);
430
431 if (unlikely(ret))
432 goto out_err;
433 }
434 } else {
435 if (ses_ptr->cdata.init != 0) {
436 ret = cryptodev_cipher_decrypt(&ses_ptr->cdata,
437 src_sg, dst_sg, len);
438
439 if (unlikely(ret))
440 goto out_err;
441 }
442
443 if (ses_ptr->hdata.init != 0) {
444 ret = cryptodev_hash_update(&ses_ptr->hdata,
445 dst_sg, len);
446 if (unlikely(ret))
447 goto out_err;
448 }
449 }
450 return 0;
451 out_err:
452 dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n", ret);
453 return ret;
454 }
455
456
457 /* This is the main crypto function - feed it with plaintext
458 and get a ciphertext (or vice versa :-) */
459 static int
460 __crypto_run_std(struct csession *ses_ptr, struct crypt_op *cop)
461 {
462 char *data;
463 char __user *src, *dst;
464 struct scatterlist sg;
465 size_t nbytes, bufsize;
466 int ret = 0;
467
468 nbytes = cop->len;
469 data = (char *)__get_free_page(GFP_KERNEL);
470
471 if (unlikely(!data))
472 return -ENOMEM;
473
474 bufsize = PAGE_SIZE < nbytes ? PAGE_SIZE : nbytes;
475
476 src = cop->src;
477 dst = cop->dst;
478
479 while (nbytes > 0) {
480 size_t current_len = nbytes > bufsize ? bufsize : nbytes;
481
482 if (unlikely(copy_from_user(data, src, current_len))) {
483 ret = -EFAULT;
484 break;
485 }
486
487 sg_init_one(&sg, data, current_len);
488
489 ret = hash_n_crypt(ses_ptr, cop, &sg, &sg, current_len);
490
491 if (unlikely(ret))
492 break;
493
494 if (ses_ptr->cdata.init != 0) {
495 if (unlikely(copy_to_user(dst, data, current_len))) {
496 ret = -EFAULT;
497 break;
498 }
499 }
500
501 dst += current_len;
502 nbytes -= current_len;
503 src += current_len;
504 }
505
506 free_page((unsigned long)data);
507 return ret;
508 }
509
510 void release_user_pages(struct page **pg, int pagecount)
511 {
512 while (pagecount--) {
513 if (!PageReserved(pg[pagecount]))
514 SetPageDirty(pg[pagecount]);
515 page_cache_release(pg[pagecount]);
516 }
517 }
518
519 /* offset of buf in it's first page */
520 #define PAGEOFFSET(buf) ((unsigned long)buf & ~PAGE_MASK)
521
522 /* fetch the pages addr resides in into pg and initialise sg with them */
523 int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
524 int pgcount, struct page **pg, struct scatterlist *sg)
525 {
526 int ret, pglen, i = 0;
527 struct scatterlist *sgp;
528
529 down_write(&current->mm->mmap_sem);
530 ret = get_user_pages(current, current->mm,
531 (unsigned long)addr, pgcount, write, 0, pg, NULL);
532 up_write(&current->mm->mmap_sem);
533 if (ret != pgcount)
534 return -EINVAL;
535
536 sg_init_table(sg, pgcount);
537
538 pglen = min((ptrdiff_t)(PAGE_SIZE - PAGEOFFSET(addr)), (ptrdiff_t)len);
539 sg_set_page(sg, pg[i++], pglen, PAGEOFFSET(addr));
540
541 len -= pglen;
542 for (sgp = sg_next(sg); len; sgp = sg_next(sgp)) {
543 pglen = min((uint32_t)PAGE_SIZE, len);
544 sg_set_page(sgp, pg[i++], pglen, 0);
545 len -= pglen;
546 }
547 sg_mark_end(sg_last(sg, pgcount));
548 return 0;
549 }
550
551 /* make cop->src and cop->dst available in scatterlists */
552 static int get_userbuf(struct csession *ses,
553 struct crypt_op *cop, struct scatterlist **src_sg,
554 struct scatterlist **dst_sg, int *tot_pages)
555 {
556 int src_pagecount, dst_pagecount = 0, pagecount, write_src = 1;
557
558 if (cop->src == NULL)
559 return -EINVAL;
560
561 src_pagecount = PAGECOUNT(cop->src, cop->len);
562 if (!ses->cdata.init) { /* hashing only */
563 write_src = 0;
564 } else if (cop->src != cop->dst) { /* non-in-situ transformation */
565 if (cop->dst == NULL)
566 return -EINVAL;
567
568 dst_pagecount = PAGECOUNT(cop->dst, cop->len);
569 write_src = 0;
570 }
571 (*tot_pages) = pagecount = src_pagecount + dst_pagecount;
572
573 if (pagecount > ses->array_size) {
574 struct scatterlist *sg;
575 struct page **pages;
576 int array_size;
577
578 for (array_size = ses->array_size; array_size < pagecount;
579 array_size *= 2)
580 ;
581
582 dprintk(2, KERN_DEBUG, "%s: reallocating to %d elements\n",
583 __func__, array_size);
584 pages = krealloc(ses->pages, array_size * sizeof(struct page *),
585 GFP_KERNEL);
586 if (pages == NULL)
587 return -ENOMEM;
588 ses->pages = pages;
589 sg = krealloc(ses->sg, array_size * sizeof(struct scatterlist),
590 GFP_KERNEL);
591 if (sg == NULL)
592 return -ENOMEM;
593 ses->sg = sg;
594 ses->array_size = array_size;
595 }
596
597 if (__get_userbuf(cop->src, cop->len, write_src,
598 src_pagecount, ses->pages, ses->sg)) {
599 dprintk(1, KERN_ERR,
600 "failed to get user pages for data input\n");
601 return -EINVAL;
602 }
603 (*src_sg) = (*dst_sg) = ses->sg;
604
605 if (dst_pagecount) {
606 (*dst_sg) = ses->sg + src_pagecount;
607
608 if (__get_userbuf(cop->dst, cop->len, 1, dst_pagecount,
609 ses->pages + src_pagecount, *dst_sg)) {
610 dprintk(1, KERN_ERR,
611 "failed to get user pages for data output\n");
612 release_user_pages(ses->pages, src_pagecount);
613 return -EINVAL;
614 }
615 }
616 return 0;
617 }
618
619 /* This is the main crypto function - zero-copy edition */
620 static int
621 __crypto_run_zc(struct csession *ses_ptr, struct crypt_op *cop)
622 {
623 struct scatterlist *src_sg, *dst_sg;
624 int ret = 0, pagecount;
625
626 ret = get_userbuf(ses_ptr, cop, &src_sg, &dst_sg, &pagecount);
627 if (unlikely(ret)) {
628 dprintk(1, KERN_ERR, "Error getting user pages. \
629 Falling back to non zero copy.\n");
630 return __crypto_run_std(ses_ptr, cop);
631 }
632
633 ret = hash_n_crypt(ses_ptr, cop, src_sg, dst_sg, cop->len);
634
635 release_user_pages(ses_ptr->pages, pagecount);
636 return ret;
637 }
638
639 static int crypto_run(struct fcrypt *fcr, struct crypt_op *cop)
640 {
641 struct csession *ses_ptr;
642 uint8_t hash_output[AALG_MAX_RESULT_LEN];
643 int ret;
644
645 if (unlikely(cop->op != COP_ENCRYPT && cop->op != COP_DECRYPT)) {
646 dprintk(1, KERN_DEBUG, "invalid operation op=%u\n", cop->op);
647 return -EINVAL;
648 }
649
650 /* this also enters ses_ptr->sem */
651 ses_ptr = crypto_get_session_by_sid(fcr, cop->ses);
652 if (unlikely(!ses_ptr)) {
653 dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", cop->ses);
654 return -EINVAL;
655 }
656
657 if (ses_ptr->hdata.init != 0 && !(cop->flags & COP_FLAG_UPDATE) &&
658 !(cop->flags & COP_FLAG_FINAL)) {
659 ret = cryptodev_hash_reset(&ses_ptr->hdata);
660 if (unlikely(ret)) {
661 dprintk(1, KERN_ERR,
662 "error in cryptodev_hash_reset()\n");
663 goto out_unlock;
664 }
665 }
666
667 if (ses_ptr->cdata.init != 0) {
668 int blocksize = ses_ptr->cdata.blocksize;
669
670 if (unlikely(cop->len % blocksize)) {
671 dprintk(1, KERN_ERR,
672 "data size (%u) isn't a multiple \
673 of block size (%u)\n",
674 cop->len, blocksize);
675 ret = -EINVAL;
676 goto out_unlock;
677 }
678
679 if (cop->iv) {
680 uint8_t iv[EALG_MAX_BLOCK_LEN];
681
682 ret = copy_from_user(iv, cop->iv,
683 min((int)sizeof(iv), (ses_ptr->cdata.ivsize)));
684 if (unlikely(ret)) {
685 dprintk(1, KERN_ERR,
686 "error copying IV (%d bytes)\n",
687 min((int)sizeof(iv),
688 (ses_ptr->cdata.ivsize)));
689 ret = -EFAULT;
690 goto out_unlock;
691 }
692
693 cryptodev_cipher_set_iv(&ses_ptr->cdata, iv,
694 ses_ptr->cdata.ivsize);
695 }
696 }
697
698 if (cop->len != 0) {
699 ret = __crypto_run_zc(ses_ptr, cop);
700 if (unlikely(ret))
701 goto out_unlock;
702 }
703
704 if (ses_ptr->hdata.init != 0 &&
705 ((cop->flags & COP_FLAG_FINAL) ||
706 (!(cop->flags & COP_FLAG_UPDATE) || cop->len == 0))) {
707 ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output);
708 if (unlikely(ret)) {
709 dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n", ret);
710 goto out_unlock;
711 }
712
713 if (unlikely(copy_to_user(cop->mac, hash_output,
714 ses_ptr->hdata.digestsize))) {
715 ret = -EFAULT;
716 goto out_unlock;
717 }
718 }
719
720 #if defined(CRYPTODEV_STATS)
721 if (enable_stats) {
722 /* this is safe - we check cop->op at the function entry */
723 ses_ptr->stat[cop->op] += cop->len;
724 if (ses_ptr->stat_max_size < cop->len)
725 ses_ptr->stat_max_size = cop->len;
726 ses_ptr->stat_count++;
727 }
728 #endif
729
730 out_unlock:
731 mutex_unlock(&ses_ptr->sem);
732 return ret;
733 }
734
735 /* ====== /dev/crypto ====== */
736
737 static int
738 cryptodev_open(struct inode *inode, struct file *filp)
739 {
740 struct crypt_priv *pcr;
741
742 pcr = kmalloc(sizeof(*pcr), GFP_KERNEL);
743 if (!pcr)
744 return -ENOMEM;
745
746 memset(pcr, 0, sizeof(*pcr));
747 mutex_init(&pcr->fcrypt.sem);
748 INIT_LIST_HEAD(&pcr->fcrypt.list);
749
750 filp->private_data = pcr;
751 return 0;
752 }
753
754 static int
755 cryptodev_release(struct inode *inode, struct file *filp)
756 {
757 struct crypt_priv *pcr = filp->private_data;
758
759 if (pcr) {
760 crypto_finish_all_sessions(&pcr->fcrypt);
761 kfree(pcr);
762 filp->private_data = NULL;
763 }
764
765 return 0;
766 }
767
768 static int
769 clonefd(struct file *filp)
770 {
771 int ret;
772 ret = get_unused_fd();
773 if (ret >= 0) {
774 get_file(filp);
775 fd_install(ret, filp);
776 }
777
778 return ret;
779 }
780
781 static long
782 cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
783 {
784 void __user *arg = (void __user *)arg_;
785 int __user *p = arg;
786 struct session_op sop;
787 struct crypt_op cop;
788 struct crypt_priv *pcr = filp->private_data;
789 struct fcrypt *fcr;
790 uint32_t ses;
791 int ret, fd;
792
793 if (unlikely(!pcr))
794 BUG();
795
796 fcr = &pcr->fcrypt;
797
798 switch (cmd) {
799 case CIOCASYMFEAT:
800 return put_user(0, p);
801 case CRIOGET:
802 fd = clonefd(filp);
803 ret = put_user(fd, p);
804 if (unlikely(ret)) {
805 sys_close(fd);
806 return ret;
807 }
808 return ret;
809 case CIOCGSESSION:
810 if (unlikely(copy_from_user(&sop, arg, sizeof(sop))))
811 return -EFAULT;
812
813 ret = crypto_create_session(fcr, &sop);
814 if (unlikely(ret))
815 return ret;
816 ret = copy_to_user(arg, &sop, sizeof(sop));
817 if (unlikely(ret)) {
818 crypto_finish_session(fcr, sop.ses);
819 return -EFAULT;
820 }
821 return ret;
822 case CIOCFSESSION:
823 ret = get_user(ses, (uint32_t __user *)arg);
824 if (unlikely(ret))
825 return ret;
826 ret = crypto_finish_session(fcr, ses);
827 return ret;
828 case CIOCCRYPT:
829 if (unlikely(copy_from_user(&cop, arg, sizeof(cop))))
830 return -EFAULT;
831
832 ret = crypto_run(fcr, &cop);
833 if (unlikely(ret))
834 return ret;
835 if (unlikely(copy_to_user(arg, &cop, sizeof(cop))))
836 return -EFAULT;
837 return 0;
838
839 default:
840 return -EINVAL;
841 }
842 }
843
844 /* compatibility code for 32bit userlands */
845 #ifdef CONFIG_COMPAT
846
847 static inline void
848 compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
849 {
850 sop->cipher = compat->cipher;
851 sop->mac = compat->mac;
852 sop->keylen = compat->keylen;
853
854 sop->key = compat_ptr(compat->key);
855 sop->mackeylen = compat->mackeylen;
856 sop->mackey = compat_ptr(compat->mackey);
857 sop->ses = compat->ses;
858 }
859
860 static inline void
861 session_op_to_compat(struct session_op *sop, struct compat_session_op *compat)
862 {
863 compat->cipher = sop->cipher;
864 compat->mac = sop->mac;
865 compat->keylen = sop->keylen;
866
867 compat->key = ptr_to_compat(sop->key);
868 compat->mackeylen = sop->mackeylen;
869 compat->mackey = ptr_to_compat(sop->mackey);
870 compat->ses = sop->ses;
871 }
872
873 static inline void
874 compat_to_crypt_op(struct compat_crypt_op *compat, struct crypt_op *cop)
875 {
876 cop->ses = compat->ses;
877 cop->op = compat->op;
878 cop->flags = compat->flags;
879 cop->len = compat->len;
880
881 cop->src = compat_ptr(compat->src);
882 cop->dst = compat_ptr(compat->dst);
883 cop->mac = compat_ptr(compat->mac);
884 cop->iv = compat_ptr(compat->iv);
885 }
886
887 static inline void
888 crypt_op_to_compat(struct crypt_op *cop, struct compat_crypt_op *compat)
889 {
890 compat->ses = cop->ses;
891 compat->op = cop->op;
892 compat->flags = cop->flags;
893 compat->len = cop->len;
894
895 compat->src = ptr_to_compat(cop->src);
896 compat->dst = ptr_to_compat(cop->dst);
897 compat->mac = ptr_to_compat(cop->mac);
898 compat->iv = ptr_to_compat(cop->iv);
899 }
900
901 static long
902 cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
903 {
904 void __user *arg = (void __user *)arg_;
905 struct fcrypt *fcr = file->private_data;
906 struct session_op sop;
907 struct compat_session_op compat_sop;
908 struct crypt_op cop;
909 struct compat_crypt_op compat_cop;
910 int ret;
911
912 if (unlikely(!fcr))
913 BUG();
914
915 switch (cmd) {
916 case CIOCASYMFEAT:
917 case CRIOGET:
918 case CIOCFSESSION:
919 return cryptodev_ioctl(file, cmd, arg_);
920
921 case COMPAT_CIOCGSESSION:
922 if (unlikely(copy_from_user(&compat_sop, arg,
923 sizeof(compat_sop))))
924 return -EFAULT;
925 compat_to_session_op(&compat_sop, &sop);
926
927 ret = crypto_create_session(fcr, &sop);
928 if (unlikely(ret))
929 return ret;
930
931 session_op_to_compat(&sop, &compat_sop);
932 ret = copy_to_user(arg, &compat_sop, sizeof(compat_sop));
933 if (unlikely(ret)) {
934 crypto_finish_session(fcr, sop.ses);
935 return -EFAULT;
936 }
937 return ret;
938
939 case COMPAT_CIOCCRYPT:
940 if (unlikely(copy_from_user(&compat_cop, arg,
941 sizeof(compat_cop))))
942 return -EFAULT;
943
944 compat_to_crypt_op(&compat_cop, &cop);
945
946 ret = crypto_run(fcr, &cop);
947 if (unlikely(ret))
948 return ret;
949
950 crypt_op_to_compat(&cop, &compat_cop);
951 if (unlikely(copy_to_user(arg, &compat_cop,
952 sizeof(compat_cop))))
953 return -EFAULT;
954 return 0;
955
956 default:
957 return -EINVAL;
958 }
959 }
960
961 #endif /* CONFIG_COMPAT */
962
963 static const struct file_operations cryptodev_fops = {
964 .owner = THIS_MODULE,
965 .open = cryptodev_open,
966 .release = cryptodev_release,
967 .unlocked_ioctl = cryptodev_ioctl,
968 #ifdef CONFIG_COMPAT
969 .compat_ioctl = cryptodev_compat_ioctl,
970 #endif /* CONFIG_COMPAT */
971 };
972
973 static struct miscdevice cryptodev = {
974 .minor = MISC_DYNAMIC_MINOR,
975 .name = "crypto",
976 .fops = &cryptodev_fops,
977 };
978
979 static int __init
980 cryptodev_register(void)
981 {
982 int rc;
983
984 rc = misc_register(&cryptodev);
985 if (unlikely(rc)) {
986 printk(KERN_ERR PFX "registration of /dev/crypto failed\n");
987 return rc;
988 }
989
990 return 0;
991 }
992
993 static void __exit
994 cryptodev_deregister(void)
995 {
996 misc_deregister(&cryptodev);
997 }
998
999 /* ====== Module init/exit ====== */
1000 static int __init init_cryptodev(void)
1001 {
1002 int rc;
1003
1004 rc = cryptodev_register();
1005 if (unlikely(rc))
1006 return rc;
1007
1008 printk(KERN_INFO PFX "driver %s loaded.\n", VERSION);
1009
1010 return 0;
1011 }
1012
1013 static void __exit exit_cryptodev(void)
1014 {
1015 cryptodev_deregister();
1016 printk(KERN_INFO PFX "driver unloaded.\n");
1017 }
1018
1019 module_init(init_cryptodev);
1020 module_exit(exit_cryptodev);
1021
Cryptodev for linux