95c4e20adc
[ Upstream commit bc155c6c188c2f0c5749993b1405673d25a80389 ] Changes from v1: * removed the default implementation from set_pub_key: it is assumed that an implementation must always have this callback defined as there are no use case for an algorithm, which doesn't need a public key Many akcipher implementations (like ECDSA) support only signature verifications, so they don't have all callbacks defined. Commit78a0324f4a
("crypto: akcipher - default implementations for request callbacks") introduced default callbacks for sign/verify operations, which just return an error code. However, these are not enough, because before calling sign the caller would likely call set_priv_key first on the instantiated transform (as the in-kernel testmgr does). This function does not have a default stub, so the kernel crashes, when trying to set a private key on an akcipher, which doesn't support signature generation. I've noticed this, when trying to add a KAT vector for ECDSA signature to the testmgr. With this patch the testmgr returns an error in dmesg (as it should) instead of crashing the kernel NULL ptr dereference. Fixes:78a0324f4a
("crypto: akcipher - default implementations for request callbacks") Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>
164 lines
4.2 KiB
C
164 lines
4.2 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* Public Key Encryption
|
|
*
|
|
* Copyright (c) 2015, Intel Corporation
|
|
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
*/
|
|
#include <linux/errno.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/seq_file.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/string.h>
|
|
#include <linux/crypto.h>
|
|
#include <linux/compiler.h>
|
|
#include <crypto/algapi.h>
|
|
#include <linux/cryptouser.h>
|
|
#include <net/netlink.h>
|
|
#include <crypto/akcipher.h>
|
|
#include <crypto/internal/akcipher.h>
|
|
#include "internal.h"
|
|
|
|
#ifdef CONFIG_NET
|
|
static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
|
|
{
|
|
struct crypto_report_akcipher rakcipher;
|
|
|
|
memset(&rakcipher, 0, sizeof(rakcipher));
|
|
|
|
strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
|
|
|
|
return nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
|
|
sizeof(rakcipher), &rakcipher);
|
|
}
|
|
#else
|
|
static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
|
|
{
|
|
return -ENOSYS;
|
|
}
|
|
#endif
|
|
|
|
static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
|
|
__maybe_unused;
|
|
|
|
static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
|
|
{
|
|
seq_puts(m, "type : akcipher\n");
|
|
}
|
|
|
|
static void crypto_akcipher_exit_tfm(struct crypto_tfm *tfm)
|
|
{
|
|
struct crypto_akcipher *akcipher = __crypto_akcipher_tfm(tfm);
|
|
struct akcipher_alg *alg = crypto_akcipher_alg(akcipher);
|
|
|
|
alg->exit(akcipher);
|
|
}
|
|
|
|
static int crypto_akcipher_init_tfm(struct crypto_tfm *tfm)
|
|
{
|
|
struct crypto_akcipher *akcipher = __crypto_akcipher_tfm(tfm);
|
|
struct akcipher_alg *alg = crypto_akcipher_alg(akcipher);
|
|
|
|
if (alg->exit)
|
|
akcipher->base.exit = crypto_akcipher_exit_tfm;
|
|
|
|
if (alg->init)
|
|
return alg->init(akcipher);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void crypto_akcipher_free_instance(struct crypto_instance *inst)
|
|
{
|
|
struct akcipher_instance *akcipher = akcipher_instance(inst);
|
|
|
|
akcipher->free(akcipher);
|
|
}
|
|
|
|
static const struct crypto_type crypto_akcipher_type = {
|
|
.extsize = crypto_alg_extsize,
|
|
.init_tfm = crypto_akcipher_init_tfm,
|
|
.free = crypto_akcipher_free_instance,
|
|
#ifdef CONFIG_PROC_FS
|
|
.show = crypto_akcipher_show,
|
|
#endif
|
|
.report = crypto_akcipher_report,
|
|
.maskclear = ~CRYPTO_ALG_TYPE_MASK,
|
|
.maskset = CRYPTO_ALG_TYPE_MASK,
|
|
.type = CRYPTO_ALG_TYPE_AKCIPHER,
|
|
.tfmsize = offsetof(struct crypto_akcipher, base),
|
|
};
|
|
|
|
int crypto_grab_akcipher(struct crypto_akcipher_spawn *spawn, const char *name,
|
|
u32 type, u32 mask)
|
|
{
|
|
spawn->base.frontend = &crypto_akcipher_type;
|
|
return crypto_grab_spawn(&spawn->base, name, type, mask);
|
|
}
|
|
EXPORT_SYMBOL_GPL(crypto_grab_akcipher);
|
|
|
|
struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
|
|
u32 mask)
|
|
{
|
|
return crypto_alloc_tfm(alg_name, &crypto_akcipher_type, type, mask);
|
|
}
|
|
EXPORT_SYMBOL_GPL(crypto_alloc_akcipher);
|
|
|
|
static void akcipher_prepare_alg(struct akcipher_alg *alg)
|
|
{
|
|
struct crypto_alg *base = &alg->base;
|
|
|
|
base->cra_type = &crypto_akcipher_type;
|
|
base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
|
|
base->cra_flags |= CRYPTO_ALG_TYPE_AKCIPHER;
|
|
}
|
|
|
|
static int akcipher_default_op(struct akcipher_request *req)
|
|
{
|
|
return -ENOSYS;
|
|
}
|
|
|
|
static int akcipher_default_set_key(struct crypto_akcipher *tfm,
|
|
const void *key, unsigned int keylen)
|
|
{
|
|
return -ENOSYS;
|
|
}
|
|
|
|
int crypto_register_akcipher(struct akcipher_alg *alg)
|
|
{
|
|
struct crypto_alg *base = &alg->base;
|
|
|
|
if (!alg->sign)
|
|
alg->sign = akcipher_default_op;
|
|
if (!alg->verify)
|
|
alg->verify = akcipher_default_op;
|
|
if (!alg->encrypt)
|
|
alg->encrypt = akcipher_default_op;
|
|
if (!alg->decrypt)
|
|
alg->decrypt = akcipher_default_op;
|
|
if (!alg->set_priv_key)
|
|
alg->set_priv_key = akcipher_default_set_key;
|
|
|
|
akcipher_prepare_alg(alg);
|
|
return crypto_register_alg(base);
|
|
}
|
|
EXPORT_SYMBOL_GPL(crypto_register_akcipher);
|
|
|
|
void crypto_unregister_akcipher(struct akcipher_alg *alg)
|
|
{
|
|
crypto_unregister_alg(&alg->base);
|
|
}
|
|
EXPORT_SYMBOL_GPL(crypto_unregister_akcipher);
|
|
|
|
int akcipher_register_instance(struct crypto_template *tmpl,
|
|
struct akcipher_instance *inst)
|
|
{
|
|
akcipher_prepare_alg(&inst->alg);
|
|
return crypto_register_instance(tmpl, akcipher_crypto_instance(inst));
|
|
}
|
|
EXPORT_SYMBOL_GPL(akcipher_register_instance);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_DESCRIPTION("Generic public key cipher type");
|