Commit f8d33fac authored by Eric Biggers's avatar Eric Biggers Committed by Herbert Xu

crypto: skcipher - prevent using skciphers without setting key

Similar to what was done for the hash API, update the skcipher API to
track whether each transform has been keyed, and reject
encryption/decryption if a key is needed but one hasn't been set.

This isn't as important as the equivalent fix for the hash API because
symmetric ciphers almost always require a key (the "null cipher" is the
only exception), so are unlikely to be used without one.  Still,
tracking the key will prevent accidental unkeyed use.  algif_skcipher
also had to track the key anyway, so the new flag replaces that and
simplifies the algif_skcipher implementation.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 4e1d14bc
...@@ -38,11 +38,6 @@ ...@@ -38,11 +38,6 @@
#include <linux/net.h> #include <linux/net.h>
#include <net/sock.h> #include <net/sock.h>
struct skcipher_tfm {
struct crypto_skcipher *skcipher;
bool has_key;
};
static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
size_t size) size_t size)
{ {
...@@ -50,8 +45,7 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, ...@@ -50,8 +45,7 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
struct alg_sock *ask = alg_sk(sk); struct alg_sock *ask = alg_sk(sk);
struct sock *psk = ask->parent; struct sock *psk = ask->parent;
struct alg_sock *pask = alg_sk(psk); struct alg_sock *pask = alg_sk(psk);
struct skcipher_tfm *skc = pask->private; struct crypto_skcipher *tfm = pask->private;
struct crypto_skcipher *tfm = skc->skcipher;
unsigned ivsize = crypto_skcipher_ivsize(tfm); unsigned ivsize = crypto_skcipher_ivsize(tfm);
return af_alg_sendmsg(sock, msg, size, ivsize); return af_alg_sendmsg(sock, msg, size, ivsize);
...@@ -65,8 +59,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, ...@@ -65,8 +59,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
struct sock *psk = ask->parent; struct sock *psk = ask->parent;
struct alg_sock *pask = alg_sk(psk); struct alg_sock *pask = alg_sk(psk);
struct af_alg_ctx *ctx = ask->private; struct af_alg_ctx *ctx = ask->private;
struct skcipher_tfm *skc = pask->private; struct crypto_skcipher *tfm = pask->private;
struct crypto_skcipher *tfm = skc->skcipher;
unsigned int bs = crypto_skcipher_blocksize(tfm); unsigned int bs = crypto_skcipher_blocksize(tfm);
struct af_alg_async_req *areq; struct af_alg_async_req *areq;
int err = 0; int err = 0;
...@@ -221,7 +214,7 @@ static int skcipher_check_key(struct socket *sock) ...@@ -221,7 +214,7 @@ static int skcipher_check_key(struct socket *sock)
int err = 0; int err = 0;
struct sock *psk; struct sock *psk;
struct alg_sock *pask; struct alg_sock *pask;
struct skcipher_tfm *tfm; struct crypto_skcipher *tfm;
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk); struct alg_sock *ask = alg_sk(sk);
...@@ -235,7 +228,7 @@ static int skcipher_check_key(struct socket *sock) ...@@ -235,7 +228,7 @@ static int skcipher_check_key(struct socket *sock)
err = -ENOKEY; err = -ENOKEY;
lock_sock_nested(psk, SINGLE_DEPTH_NESTING); lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key) if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
goto unlock; goto unlock;
if (!pask->refcnt++) if (!pask->refcnt++)
...@@ -314,41 +307,17 @@ static struct proto_ops algif_skcipher_ops_nokey = { ...@@ -314,41 +307,17 @@ static struct proto_ops algif_skcipher_ops_nokey = {
static void *skcipher_bind(const char *name, u32 type, u32 mask) static void *skcipher_bind(const char *name, u32 type, u32 mask)
{ {
struct skcipher_tfm *tfm; return crypto_alloc_skcipher(name, type, mask);
struct crypto_skcipher *skcipher;
tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
if (!tfm)
return ERR_PTR(-ENOMEM);
skcipher = crypto_alloc_skcipher(name, type, mask);
if (IS_ERR(skcipher)) {
kfree(tfm);
return ERR_CAST(skcipher);
}
tfm->skcipher = skcipher;
return tfm;
} }
static void skcipher_release(void *private) static void skcipher_release(void *private)
{ {
struct skcipher_tfm *tfm = private; crypto_free_skcipher(private);
crypto_free_skcipher(tfm->skcipher);
kfree(tfm);
} }
static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
{ {
struct skcipher_tfm *tfm = private; return crypto_skcipher_setkey(private, key, keylen);
int err;
err = crypto_skcipher_setkey(tfm->skcipher, key, keylen);
tfm->has_key = !err;
return err;
} }
static void skcipher_sock_destruct(struct sock *sk) static void skcipher_sock_destruct(struct sock *sk)
...@@ -357,8 +326,7 @@ static void skcipher_sock_destruct(struct sock *sk) ...@@ -357,8 +326,7 @@ static void skcipher_sock_destruct(struct sock *sk)
struct af_alg_ctx *ctx = ask->private; struct af_alg_ctx *ctx = ask->private;
struct sock *psk = ask->parent; struct sock *psk = ask->parent;
struct alg_sock *pask = alg_sk(psk); struct alg_sock *pask = alg_sk(psk);
struct skcipher_tfm *skc = pask->private; struct crypto_skcipher *tfm = pask->private;
struct crypto_skcipher *tfm = skc->skcipher;
af_alg_pull_tsgl(sk, ctx->used, NULL, 0); af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
...@@ -370,22 +338,21 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk) ...@@ -370,22 +338,21 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
{ {
struct af_alg_ctx *ctx; struct af_alg_ctx *ctx;
struct alg_sock *ask = alg_sk(sk); struct alg_sock *ask = alg_sk(sk);
struct skcipher_tfm *tfm = private; struct crypto_skcipher *tfm = private;
struct crypto_skcipher *skcipher = tfm->skcipher;
unsigned int len = sizeof(*ctx); unsigned int len = sizeof(*ctx);
ctx = sock_kmalloc(sk, len, GFP_KERNEL); ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx) if (!ctx)
return -ENOMEM; return -ENOMEM;
ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher), ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm),
GFP_KERNEL); GFP_KERNEL);
if (!ctx->iv) { if (!ctx->iv) {
sock_kfree_s(sk, ctx, len); sock_kfree_s(sk, ctx, len);
return -ENOMEM; return -ENOMEM;
} }
memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher)); memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm));
INIT_LIST_HEAD(&ctx->tsgl_list); INIT_LIST_HEAD(&ctx->tsgl_list);
ctx->len = len; ctx->len = len;
...@@ -405,9 +372,9 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk) ...@@ -405,9 +372,9 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
static int skcipher_accept_parent(void *private, struct sock *sk) static int skcipher_accept_parent(void *private, struct sock *sk)
{ {
struct skcipher_tfm *tfm = private; struct crypto_skcipher *tfm = private;
if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher)) if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY; return -ENOKEY;
return skcipher_accept_parent_nokey(private, sk); return skcipher_accept_parent_nokey(private, sk);
......
...@@ -598,8 +598,11 @@ static int skcipher_setkey_blkcipher(struct crypto_skcipher *tfm, ...@@ -598,8 +598,11 @@ static int skcipher_setkey_blkcipher(struct crypto_skcipher *tfm,
err = crypto_blkcipher_setkey(blkcipher, key, keylen); err = crypto_blkcipher_setkey(blkcipher, key, keylen);
crypto_skcipher_set_flags(tfm, crypto_blkcipher_get_flags(blkcipher) & crypto_skcipher_set_flags(tfm, crypto_blkcipher_get_flags(blkcipher) &
CRYPTO_TFM_RES_MASK); CRYPTO_TFM_RES_MASK);
if (err)
return err; return err;
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
} }
static int skcipher_crypt_blkcipher(struct skcipher_request *req, static int skcipher_crypt_blkcipher(struct skcipher_request *req,
...@@ -674,6 +677,9 @@ static int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm) ...@@ -674,6 +677,9 @@ static int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm)
skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher); skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher);
skcipher->keysize = calg->cra_blkcipher.max_keysize; skcipher->keysize = calg->cra_blkcipher.max_keysize;
if (skcipher->keysize)
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY);
return 0; return 0;
} }
...@@ -692,8 +698,11 @@ static int skcipher_setkey_ablkcipher(struct crypto_skcipher *tfm, ...@@ -692,8 +698,11 @@ static int skcipher_setkey_ablkcipher(struct crypto_skcipher *tfm,
crypto_skcipher_set_flags(tfm, crypto_skcipher_set_flags(tfm,
crypto_ablkcipher_get_flags(ablkcipher) & crypto_ablkcipher_get_flags(ablkcipher) &
CRYPTO_TFM_RES_MASK); CRYPTO_TFM_RES_MASK);
if (err)
return err; return err;
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
} }
static int skcipher_crypt_ablkcipher(struct skcipher_request *req, static int skcipher_crypt_ablkcipher(struct skcipher_request *req,
...@@ -767,6 +776,9 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm) ...@@ -767,6 +776,9 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
sizeof(struct ablkcipher_request); sizeof(struct ablkcipher_request);
skcipher->keysize = calg->cra_ablkcipher.max_keysize; skcipher->keysize = calg->cra_ablkcipher.max_keysize;
if (skcipher->keysize)
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY);
return 0; return 0;
} }
...@@ -796,6 +808,7 @@ static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, ...@@ -796,6 +808,7 @@ static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
{ {
struct skcipher_alg *cipher = crypto_skcipher_alg(tfm); struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
unsigned long alignmask = crypto_skcipher_alignmask(tfm); unsigned long alignmask = crypto_skcipher_alignmask(tfm);
int err;
if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) { if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
...@@ -803,9 +816,15 @@ static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, ...@@ -803,9 +816,15 @@ static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
} }
if ((unsigned long)key & alignmask) if ((unsigned long)key & alignmask)
return skcipher_setkey_unaligned(tfm, key, keylen); err = skcipher_setkey_unaligned(tfm, key, keylen);
else
err = cipher->setkey(tfm, key, keylen);
if (err)
return err;
return cipher->setkey(tfm, key, keylen); crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
} }
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm) static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
...@@ -834,6 +853,9 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm) ...@@ -834,6 +853,9 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
skcipher->ivsize = alg->ivsize; skcipher->ivsize = alg->ivsize;
skcipher->keysize = alg->max_keysize; skcipher->keysize = alg->max_keysize;
if (skcipher->keysize)
crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY);
if (alg->exit) if (alg->exit)
skcipher->base.exit = crypto_skcipher_exit_tfm; skcipher->base.exit = crypto_skcipher_exit_tfm;
......
...@@ -401,11 +401,6 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm, ...@@ -401,11 +401,6 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
return tfm->setkey(tfm, key, keylen); return tfm->setkey(tfm, key, keylen);
} }
static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm)
{
return tfm->keysize;
}
static inline unsigned int crypto_skcipher_default_keysize( static inline unsigned int crypto_skcipher_default_keysize(
struct crypto_skcipher *tfm) struct crypto_skcipher *tfm)
{ {
...@@ -442,6 +437,9 @@ static inline int crypto_skcipher_encrypt(struct skcipher_request *req) ...@@ -442,6 +437,9 @@ static inline int crypto_skcipher_encrypt(struct skcipher_request *req)
{ {
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY;
return tfm->encrypt(req); return tfm->encrypt(req);
} }
...@@ -460,6 +458,9 @@ static inline int crypto_skcipher_decrypt(struct skcipher_request *req) ...@@ -460,6 +458,9 @@ static inline int crypto_skcipher_decrypt(struct skcipher_request *req)
{ {
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY;
return tfm->decrypt(req); return tfm->decrypt(req);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment