search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
corrected bug when having additional data in TLS.
[cryptodev-linux.git] / cryptodev_auth.c
blob6e7088a2e0945bcffe9d7cd024ee86e2f17b0392
1 /*
2 * Driver for /dev/crypto device (aka CryptoDev)
3 *
4 * Copyright (c) 2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5 *
6 * This file is part of linux cryptodev.
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 */
23
24 /*
25 * This file handles the AEAD part of /dev/crypto.
26 *
27 */
28
29 #include <crypto/hash.h>
30 #include <linux/crypto.h>
31 #include <linux/mm.h>
32 #include <linux/highmem.h>
33 #include <linux/ioctl.h>
34 #include <linux/random.h>
35 #include <linux/syscalls.h>
36 #include <linux/pagemap.h>
37 #include <linux/poll.h>
38 #include <linux/uaccess.h>
39 #include <crypto/cryptodev.h>
40 #include <crypto/scatterwalk.h>
41 #include <linux/scatterlist.h>
42 #include "cryptodev_int.h"
43 #include "version.h"
44
45
46 /* make cop->src and cop->dst available in scatterlists */
47 static int get_userbuf_aead(struct csession *ses, struct kernel_crypt_auth_op *kcaop,
48 struct scatterlist **auth_sg, struct scatterlist **dst_sg,
49 int *tot_pages)
50 {
51 int dst_pagecount = 0, pagecount;
52 int auth_pagecount = 0;
53 struct crypt_auth_op *caop = &kcaop->caop;
54 int rc;
55
56 if (caop->dst == NULL && caop->auth_src == NULL)
57 return -EINVAL;
58
59 if (ses->alignmask) {
60 if (!IS_ALIGNED((unsigned long)caop->dst, ses->alignmask))
61 dprintk(2, KERN_WARNING, "%s: careful - source address %lx is not %d byte aligned\n",
62 __func__, (unsigned long)caop->dst, ses->alignmask + 1);
63 if (!IS_ALIGNED((unsigned long)caop->auth_src, ses->alignmask))
64 dprintk(2, KERN_WARNING, "%s: careful - source address %lx is not %d byte aligned\n",
65 __func__, (unsigned long)caop->auth_src, ses->alignmask + 1);
66 }
67
68 if (kcaop->dst_len == 0) {
69 dprintk(1, KERN_WARNING, "Destination length cannot be zero\n");
70 return -EINVAL;
71 }
72
73 if (caop->auth_len > 0)
74 auth_pagecount = PAGECOUNT(caop->auth_src, caop->auth_len);
75
76 dst_pagecount = PAGECOUNT(caop->dst, kcaop->dst_len);
77
78 (*tot_pages) = pagecount = auth_pagecount + dst_pagecount;
79
80 rc = adjust_sg_array(ses, pagecount);
81 if (rc)
82 return rc;
83
84 if (auth_pagecount > 0) {
85 rc = __get_userbuf(caop->auth_src, caop->auth_len, 0, auth_pagecount,
86 ses->pages, ses->sg, kcaop->task, kcaop->mm);
87 if (unlikely(rc)) {
88 dprintk(1, KERN_ERR,
89 "failed to get user pages for data input\n");
90 return -EINVAL;
91 }
92 (*auth_sg) = ses->sg;
93 (*dst_sg) = ses->sg + auth_pagecount;
94 } else {
95 (*auth_sg) = NULL;
96 (*dst_sg) = ses->sg;
97 }
98
99 rc = __get_userbuf(caop->dst, kcaop->dst_len, 1, dst_pagecount,
100 ses->pages + auth_pagecount, *dst_sg, kcaop->task, kcaop->mm);
101 if (unlikely(rc)) {
102 release_user_pages(ses->pages, auth_pagecount);
103 dprintk(1, KERN_ERR,
104 "failed to get user pages for data input\n");
105 return -EINVAL;
106 }
107
108 return 0;
109 }
110
111 static int get_userbuf_srtp(struct csession *ses, struct kernel_crypt_auth_op *kcaop,
112 struct scatterlist **auth_sg, struct scatterlist **dst_sg,
113 int *tot_pages)
114 {
115 int pagecount, diff;
116 int auth_pagecount = 0;
117 struct crypt_auth_op *caop = &kcaop->caop;
118 int rc;
119
120 if (caop->dst == NULL && caop->auth_src == NULL)
121 return -EINVAL;
122
123 if (ses->alignmask) {
124 if (!IS_ALIGNED((unsigned long)caop->dst, ses->alignmask))
125 dprintk(2, KERN_WARNING, "%s: careful - source address %lx is not %d byte aligned\n",
126 __func__, (unsigned long)caop->dst, ses->alignmask + 1);
127 if (!IS_ALIGNED((unsigned long)caop->auth_src, ses->alignmask))
128 dprintk(2, KERN_WARNING, "%s: careful - source address %lx is not %d byte aligned\n",
129 __func__, (unsigned long)caop->auth_src, ses->alignmask + 1);
130 }
131
132 if (unlikely(kcaop->dst_len == 0 || caop->auth_len == 0)) {
133 dprintk(1, KERN_WARNING, "Destination length cannot be zero\n");
134 return -EINVAL;
135 }
136
137 /* Note that in SRTP auth data overlap with data to be encrypted (dst)
138 */
139
140 auth_pagecount = PAGECOUNT(caop->auth_src, caop->auth_len);
141 diff = (int)(caop->src - caop->auth_src);
142 if (diff > 256 || diff < 0) {
143 dprintk(1, KERN_WARNING, "auth_src must overlap with src (diff: %d).\n", diff);
144 return -EINVAL;
145 }
146
147 (*tot_pages) = pagecount = auth_pagecount;
148
149 rc = adjust_sg_array(ses, pagecount);
150 if (rc)
151 return rc;
152
153 rc = __get_userbuf(caop->auth_src, caop->auth_len, 1, auth_pagecount,
154 ses->pages, ses->sg, kcaop->task, kcaop->mm);
155 if (unlikely(rc)) {
156 dprintk(1, KERN_ERR,
157 "failed to get user pages for data input\n");
158 return -EINVAL;
159 }
160 (*auth_sg) = ses->sg;
161
162 memcpy(&ses->sg2, ses->sg, sizeof(ses->sg[0]));
163 ses->sg2.offset += diff;
164 (*dst_sg) = &ses->sg2;
165
166 return 0;
167 }
168
169
170 static int fill_kcaop_from_caop(struct kernel_crypt_auth_op *kcaop, struct fcrypt *fcr)
171 {
172 struct crypt_auth_op *caop = &kcaop->caop;
173 struct csession *ses_ptr;
174 int rc;
175
176 /* this also enters ses_ptr->sem */
177 ses_ptr = crypto_get_session_by_sid(fcr, caop->ses);
178 if (unlikely(!ses_ptr)) {
179 dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", caop->ses);
180 return -EINVAL;
181 }
182
183 if (caop->src != caop->dst) {
184 dprintk(2, KERN_ERR,
185 "Non-inplace encryption and decryption is not efficient\n");
186 if (caop->len > sizeof(ses_ptr->buffer)) {
187 dprintk(1, KERN_ERR,
188 "The provided buffer is too large\n");
189 rc = -EINVAL;
190 goto out_unlock;
191 }
192
193 if (unlikely(copy_from_user(ses_ptr->buffer, caop->src, caop->len))) {
194 rc = -EFAULT;
195 goto out_unlock;
196 }
197
198 if (unlikely(copy_to_user(caop->dst, ses_ptr->buffer, caop->len))) {
199 rc = -EFAULT;
200 goto out_unlock;
201 }
202
203 }
204
205 if (caop->tag_len == 0)
206 caop->tag_len = ses_ptr->hdata.digestsize;
207
208 kcaop->ivlen = caop->iv ? ses_ptr->cdata.ivsize : 0;
209
210 if (caop->flags & COP_FLAG_AEAD_TLS_TYPE)
211 kcaop->dst_len = caop->len + ses_ptr->cdata.blocksize /* pad */ + caop->tag_len;
212 else
213 kcaop->dst_len = caop->len;
214
215 kcaop->task = current;
216 kcaop->mm = current->mm;
217
218 if (caop->iv) {
219 rc = copy_from_user(kcaop->iv, caop->iv, kcaop->ivlen);
220 if (unlikely(rc)) {
221 dprintk(1, KERN_ERR,
222 "error copying IV (%d bytes), copy_from_user returned %d for address %lx\n",
223 kcaop->ivlen, rc, (unsigned long)caop->iv);
224 rc = -EFAULT;
225 goto out_unlock;
226 }
227 }
228
229 rc = 0;
230
231 out_unlock:
232 crypto_put_session(ses_ptr);
233 return rc;
234
235 }
236
237 static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcrypt *fcr)
238 {
239 int ret;
240
241 kcaop->caop.len = kcaop->dst_len;
242
243 if (kcaop->ivlen && kcaop->caop.flags & COP_FLAG_WRITE_IV) {
244 ret = copy_to_user(kcaop->caop.iv,
245 kcaop->iv, kcaop->ivlen);
246 if (unlikely(ret)) {
247 dprintk(1, KERN_ERR, "Error in copying to userspace\n");
248 return -EFAULT;
249 }
250 }
251 return 0;
252 }
253
254
255 int kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
256 struct fcrypt *fcr, void __user *arg)
257 {
258 if (unlikely(copy_from_user(&kcaop->caop, arg, sizeof(kcaop->caop)))) {
259 dprintk(1, KERN_ERR, "Error in copying from userspace\n");
260 return -EFAULT;
261 }
262
263 return fill_kcaop_from_caop(kcaop, fcr);
264 }
265
266 int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
267 struct fcrypt *fcr, void __user *arg)
268 {
269 int ret;
270
271 ret = fill_caop_from_kcaop(kcaop, fcr);
272 if (unlikely(ret)) {
273 dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n");
274 return ret;
275 }
276
277 if (unlikely(copy_to_user(arg, &kcaop->caop, sizeof(kcaop->caop)))) {
278 dprintk(1, KERN_ERR, "Error in copying to userspace\n");
279 return -EFAULT;
280 }
281 return 0;
282 }
283
284 static void copy_hash( struct scatterlist *dst_sg, int len, void* hash, int hash_len)
285 {
286 scatterwalk_map_and_copy(hash, dst_sg, len, hash_len, 1);
287 }
288
289 static void read_hash( struct scatterlist *dst_sg, int len, void* hash, int hash_len)
290 {
291 scatterwalk_map_and_copy(hash, dst_sg, len-hash_len, hash_len, 0);
292 }
293
294 static int pad_record( struct scatterlist *dst_sg, int len, int block_size)
295 {
296 uint8_t pad[block_size];
297 int pad_size = block_size - (len % block_size);
298
299 memset(pad, pad_size-1, pad_size);
300
301 scatterwalk_map_and_copy(pad, dst_sg, len, pad_size, 1);
302
303 return pad_size;
304 }
305
306 static int verify_record_pad( struct scatterlist *dst_sg, int len, int block_size)
307 {
308 uint8_t pad[256]; /* the maximum allowed */
309 uint8_t pad_size;
310 int i;
311
312 scatterwalk_map_and_copy(&pad_size, dst_sg, len-1, 1, 0);
313 pad_size++;
314
315 if (pad_size > len)
316 return -ECANCELED;
317
318 scatterwalk_map_and_copy(pad, dst_sg, len-pad_size, pad_size, 0);
319
320 for (i=0;i<pad_size;i++)
321 if (pad[i] != pad_size)
322 return -ECANCELED;
323
324 return 0;
325 }
326
327 static int
328 tls_auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
329 struct scatterlist *auth_sg, uint32_t auth_len,
330 struct scatterlist *dst_sg, uint32_t len)
331 {
332 int ret, fail = 0;
333 struct crypt_auth_op *caop = &kcaop->caop;
334 uint8_t vhash[AALG_MAX_RESULT_LEN];
335 uint8_t hash_output[AALG_MAX_RESULT_LEN];
336
337 /* TLS authenticates the plaintext except for the padding.
338 */
339 if (caop->op == COP_ENCRYPT) {
340 if (ses_ptr->hdata.init != 0) {
341 if (auth_len > 0) {
342 ret = cryptodev_hash_update(&ses_ptr->hdata,
343 auth_sg, auth_len);
344 if (unlikely(ret)) {
345 dprintk(0, KERN_ERR, "cryptodev_hash_update: %d\n", ret);
346 goto out_err;
347 }
348 }
349
350 if (len > 0) {
351 ret = cryptodev_hash_update(&ses_ptr->hdata,
352 dst_sg, len);
353 if (unlikely(ret)) {
354 dprintk(0, KERN_ERR, "cryptodev_hash_update: %d\n", ret);
355 goto out_err;
356 }
357 }
358
359 ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output);
360 if (unlikely(ret)) {
361 dprintk(0, KERN_ERR, "cryptodev_hash_final: %d\n", ret);
362 goto out_err;
363 }
364
365 copy_hash( dst_sg, len, hash_output, caop->tag_len);
366 len += caop->tag_len;
367 }
368
369 if (ses_ptr->cdata.init != 0) {
370 if (ses_ptr->cdata.blocksize > 1) {
371 ret = pad_record(dst_sg, len, ses_ptr->cdata.blocksize);
372 len += ret;
373 }
374
375 ret = cryptodev_cipher_encrypt(&ses_ptr->cdata,
376 dst_sg, dst_sg, len);
377 if (unlikely(ret)) {
378 dprintk(0, KERN_ERR, "cryptodev_cipher_encrypt: %d\n", ret);
379 goto out_err;
380 }
381 }
382 } else {
383 if (ses_ptr->cdata.init != 0) {
384 ret = cryptodev_cipher_decrypt(&ses_ptr->cdata,
385 dst_sg, dst_sg, len);
386
387 if (unlikely(ret)) {
388 dprintk(0, KERN_ERR, "cryptodev_cipher_decrypt: %d\n", ret);
389 goto out_err;
390 }
391
392 if (ses_ptr->cdata.blocksize > 1) {
393 ret = verify_record_pad(dst_sg, len, ses_ptr->cdata.blocksize);
394 if (unlikely(ret)) {
395 dprintk(0, KERN_ERR, "verify_record_pad: %d\n", ret);
396 fail = 1;
397 } else
398 len -= ret;
399 }
400 }
401
402 if (ses_ptr->hdata.init != 0) {
403 if (unlikely(caop->tag_len > sizeof(vhash) || caop->tag_len > len)) {
404 dprintk(1, KERN_ERR, "Illegal tag len size\n");
405 ret = -EINVAL;
406 goto out_err;
407 }
408
409 read_hash( dst_sg, len, vhash, caop->tag_len);
410 len -= caop->tag_len;
411
412 if (auth_len > 0) {
413 ret = cryptodev_hash_update(&ses_ptr->hdata,
414 auth_sg, auth_len);
415 if (unlikely(ret)) {
416 dprintk(0, KERN_ERR, "cryptodev_hash_update: %d\n", ret);
417 goto out_err;
418 }
419 }
420
421 if (len > 0) {
422 ret = cryptodev_hash_update(&ses_ptr->hdata,
423 dst_sg, len);
424 if (unlikely(ret)) {
425 dprintk(0, KERN_ERR, "cryptodev_hash_update: %d\n", ret);
426 goto out_err;
427 }
428 }
429
430 ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output);
431 if (unlikely(ret)) {
432 dprintk(0, KERN_ERR, "cryptodev_hash_final: %d\n", ret);
433 goto out_err;
434 }
435
436 if (memcmp(vhash, hash_output, caop->tag_len) != 0 || fail != 0) {
437 dprintk(1, KERN_ERR, "MAC verification failed\n");
438 ret = -ECANCELED;
439 goto out_err;
440 }
441 }
442 }
443 kcaop->dst_len = len;
444 return 0;
445 out_err:
446 return ret;
447 }
448
449 static int
450 srtp_auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
451 struct scatterlist *auth_sg, uint32_t auth_len,
452 struct scatterlist *dst_sg, uint32_t len)
453 {
454 int ret, fail = 0;
455 struct crypt_auth_op *caop = &kcaop->caop;
456 uint8_t vhash[AALG_MAX_RESULT_LEN];
457 uint8_t hash_output[AALG_MAX_RESULT_LEN];
458
459 /* SRTP authenticates the encrypted data.
460 */
461 if (caop->op == COP_ENCRYPT) {
462 if (ses_ptr->cdata.init != 0) {
463 if (ses_ptr->cdata.stream == 0) {
464 dprintk(0, KERN_ERR, "Only stream modes are allowed in SRTP mode\n");
465 ret = -EINVAL;
466 goto out_err;
467 }
468
469 ret = cryptodev_cipher_encrypt(&ses_ptr->cdata,
470 dst_sg, dst_sg, len);
471 if (unlikely(ret)) {
472 dprintk(0, KERN_ERR, "cryptodev_cipher_encrypt: %d\n", ret);
473 goto out_err;
474 }
475 }
476
477 if (ses_ptr->hdata.init != 0) {
478 if (auth_len > 0) {
479 ret = cryptodev_hash_update(&ses_ptr->hdata,
480 auth_sg, auth_len);
481 if (unlikely(ret)) {
482 dprintk(0, KERN_ERR, "cryptodev_hash_update: %d\n", ret);
483 goto out_err;
484 }
485 }
486
487 ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output);
488 if (unlikely(ret)) {
489 dprintk(0, KERN_ERR, "cryptodev_hash_final: %d\n", ret);
490 goto out_err;
491 }
492
493 if (unlikely(copy_to_user(caop->tag, hash_output, caop->tag_len))) {
494 ret = -EFAULT;
495 goto out_err;
496 }
497 }
498
499 } else {
500 if (ses_ptr->hdata.init != 0) {
501 if (unlikely(caop->tag_len > sizeof(vhash) || caop->tag_len > len)) {
502 dprintk(1, KERN_ERR, "Illegal tag len size\n");
503 ret = -EINVAL;
504 goto out_err;
505 }
506
507 if (unlikely(copy_from_user(vhash, caop->tag, caop->tag_len))) {
508 ret = -EFAULT;
509 goto out_err;
510 }
511
512 ret = cryptodev_hash_update(&ses_ptr->hdata,
513 auth_sg, auth_len);
514 if (unlikely(ret)) {
515 dprintk(0, KERN_ERR, "cryptodev_hash_update: %d\n", ret);
516 goto out_err;
517 }
518
519 ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output);
520 if (unlikely(ret)) {
521 dprintk(0, KERN_ERR, "cryptodev_hash_final: %d\n", ret);
522 goto out_err;
523 }
524
525 if (memcmp(vhash, hash_output, caop->tag_len) != 0 || fail != 0) {
526 dprintk(1, KERN_ERR, "MAC verification failed\n");
527 ret = -ECANCELED;
528 goto out_err;
529 }
530 }
531
532 if (ses_ptr->cdata.init != 0) {
533 if (ses_ptr->cdata.stream == 0) {
534 dprintk(0, KERN_ERR, "Only stream modes are allowed in SRTP mode\n");
535 ret = -EINVAL;
536 goto out_err;
537 }
538
539 ret = cryptodev_cipher_decrypt(&ses_ptr->cdata,
540 dst_sg, dst_sg, len);
541
542 if (unlikely(ret)) {
543 dprintk(0, KERN_ERR, "cryptodev_cipher_decrypt: %d\n", ret);
544 goto out_err;
545 }
546 }
547
548 }
549 kcaop->dst_len = len;
550 return 0;
551 out_err:
552 return ret;
553 }
554
555 /* This is the main crypto function - zero-copy edition */
556 static int
557 __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
558 {
559 struct scatterlist *dst_sg, *auth_sg;
560 struct crypt_auth_op *caop = &kcaop->caop;
561 int ret = 0, pagecount;
562
563 if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
564 ret = get_userbuf_aead(ses_ptr, kcaop, &auth_sg, &dst_sg, &pagecount);
565 if (unlikely(ret)) {
566 dprintk(1, KERN_ERR, "Error getting user pages.\n");
567 return ret;
568 }
569
570 ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
571 dst_sg, caop->len);
572 } else if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
573 ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg, &pagecount);
574 if (unlikely(ret)) {
575 dprintk(1, KERN_ERR, "Error getting user pages.\n");
576 return ret;
577 }
578
579 ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
580 dst_sg, caop->len);
581 } else {
582 dprintk(1, KERN_ERR, "Unsupported flag for authenc\n");
583 return -EINVAL;
584 }
585
586 release_user_pages(ses_ptr->pages, pagecount);
587 return ret;
588 }
589
590
591 int crypto_auth_run(struct fcrypt *fcr, struct kernel_crypt_auth_op *kcaop)
592 {
593 struct csession *ses_ptr;
594 struct crypt_auth_op *caop = &kcaop->caop;
595 int ret;
596
597 if (unlikely(caop->op != COP_ENCRYPT && caop->op != COP_DECRYPT)) {
598 dprintk(1, KERN_DEBUG, "invalid operation op=%u\n", caop->op);
599 return -EINVAL;
600 }
601
602 /* this also enters ses_ptr->sem */
603 ses_ptr = crypto_get_session_by_sid(fcr, caop->ses);
604 if (unlikely(!ses_ptr)) {
605 dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", caop->ses);
606 return -EINVAL;
607 }
608
609 if (unlikely(ses_ptr->cdata.init == 0)) {
610 dprintk(1, KERN_ERR, "cipher context not initialized\n");
611 return -EINVAL;
612 }
613
614 if (ses_ptr->hdata.init != 0) {
615 ret = cryptodev_hash_reset(&ses_ptr->hdata);
616 if (unlikely(ret)) {
617 dprintk(1, KERN_ERR,
618 "error in cryptodev_hash_reset()\n");
619 goto out_unlock;
620 }
621 }
622
623 cryptodev_cipher_set_iv(&ses_ptr->cdata, kcaop->iv,
624 min(ses_ptr->cdata.ivsize, kcaop->ivlen));
625
626 if (likely(caop->len || caop->auth_len)) {
627 ret = __crypto_auth_run_zc(ses_ptr, kcaop);
628 if (unlikely(ret))
629 goto out_unlock;
630 }
631
632 cryptodev_cipher_get_iv(&ses_ptr->cdata, kcaop->iv,
633 min(ses_ptr->cdata.ivsize, kcaop->ivlen));
634
635 out_unlock:
636 mutex_unlock(&ses_ptr->sem);
637 return ret;
638 }
Cryptodev for linux