~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/keys/dh.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-or-later
  2 /* Crypto operations using stored keys
  3  *
  4  * Copyright (c) 2016, Intel Corporation
  5  */
  6 
  7 #include <linux/slab.h>
  8 #include <linux/uaccess.h>
  9 #include <linux/scatterlist.h>
 10 #include <linux/crypto.h>
 11 #include <crypto/hash.h>
 12 #include <crypto/kpp.h>
 13 #include <crypto/dh.h>
 14 #include <crypto/kdf_sp800108.h>
 15 #include <keys/user-type.h>
 16 #include "internal.h"
 17 
 18 static ssize_t dh_data_from_key(key_serial_t keyid, const void **data)
 19 {
 20         struct key *key;
 21         key_ref_t key_ref;
 22         long status;
 23         ssize_t ret;
 24 
 25         key_ref = lookup_user_key(keyid, 0, KEY_NEED_READ);
 26         if (IS_ERR(key_ref)) {
 27                 ret = -ENOKEY;
 28                 goto error;
 29         }
 30 
 31         key = key_ref_to_ptr(key_ref);
 32 
 33         ret = -EOPNOTSUPP;
 34         if (key->type == &key_type_user) {
 35                 down_read(&key->sem);
 36                 status = key_validate(key);
 37                 if (status == 0) {
 38                         const struct user_key_payload *payload;
 39                         uint8_t *duplicate;
 40 
 41                         payload = user_key_payload_locked(key);
 42 
 43                         duplicate = kmemdup(payload->data, payload->datalen,
 44                                             GFP_KERNEL);
 45                         if (duplicate) {
 46                                 *data = duplicate;
 47                                 ret = payload->datalen;
 48                         } else {
 49                                 ret = -ENOMEM;
 50                         }
 51                 }
 52                 up_read(&key->sem);
 53         }
 54 
 55         key_put(key);
 56 error:
 57         return ret;
 58 }
 59 
 60 static void dh_free_data(struct dh *dh)
 61 {
 62         kfree_sensitive(dh->key);
 63         kfree_sensitive(dh->p);
 64         kfree_sensitive(dh->g);
 65 }
 66 
 67 static int kdf_alloc(struct crypto_shash **hash, char *hashname)
 68 {
 69         struct crypto_shash *tfm;
 70 
 71         /* allocate synchronous hash */
 72         tfm = crypto_alloc_shash(hashname, 0, 0);
 73         if (IS_ERR(tfm)) {
 74                 pr_info("could not allocate digest TFM handle %s\n", hashname);
 75                 return PTR_ERR(tfm);
 76         }
 77 
 78         if (crypto_shash_digestsize(tfm) == 0) {
 79                 crypto_free_shash(tfm);
 80                 return -EINVAL;
 81         }
 82 
 83         *hash = tfm;
 84 
 85         return 0;
 86 }
 87 
 88 static void kdf_dealloc(struct crypto_shash *hash)
 89 {
 90         if (hash)
 91                 crypto_free_shash(hash);
 92 }
 93 
 94 static int keyctl_dh_compute_kdf(struct crypto_shash *hash,
 95                                  char __user *buffer, size_t buflen,
 96                                  uint8_t *kbuf, size_t kbuflen)
 97 {
 98         struct kvec kbuf_iov = { .iov_base = kbuf, .iov_len = kbuflen };
 99         uint8_t *outbuf = NULL;
100         int ret;
101         size_t outbuf_len = roundup(buflen, crypto_shash_digestsize(hash));
102 
103         outbuf = kmalloc(outbuf_len, GFP_KERNEL);
104         if (!outbuf) {
105                 ret = -ENOMEM;
106                 goto err;
107         }
108 
109         ret = crypto_kdf108_ctr_generate(hash, &kbuf_iov, 1, outbuf, outbuf_len);
110         if (ret)
111                 goto err;
112 
113         ret = buflen;
114         if (copy_to_user(buffer, outbuf, buflen) != 0)
115                 ret = -EFAULT;
116 
117 err:
118         kfree_sensitive(outbuf);
119         return ret;
120 }
121 
122 long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
123                          char __user *buffer, size_t buflen,
124                          struct keyctl_kdf_params *kdfcopy)
125 {
126         long ret;
127         ssize_t dlen;
128         int secretlen;
129         int outlen;
130         struct keyctl_dh_params pcopy;
131         struct dh dh_inputs;
132         struct scatterlist outsg;
133         DECLARE_CRYPTO_WAIT(compl);
134         struct crypto_kpp *tfm;
135         struct kpp_request *req;
136         uint8_t *secret;
137         uint8_t *outbuf;
138         struct crypto_shash *hash = NULL;
139 
140         if (!params || (!buffer && buflen)) {
141                 ret = -EINVAL;
142                 goto out1;
143         }
144         if (copy_from_user(&pcopy, params, sizeof(pcopy)) != 0) {
145                 ret = -EFAULT;
146                 goto out1;
147         }
148 
149         if (kdfcopy) {
150                 char *hashname;
151 
152                 if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) {
153                         ret = -EINVAL;
154                         goto out1;
155                 }
156 
157                 if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN ||
158                     kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) {
159                         ret = -EMSGSIZE;
160                         goto out1;
161                 }
162 
163                 /* get KDF name string */
164                 hashname = strndup_user(kdfcopy->hashname, CRYPTO_MAX_ALG_NAME);
165                 if (IS_ERR(hashname)) {
166                         ret = PTR_ERR(hashname);
167                         goto out1;
168                 }
169 
170                 /* allocate KDF from the kernel crypto API */
171                 ret = kdf_alloc(&hash, hashname);
172                 kfree(hashname);
173                 if (ret)
174                         goto out1;
175         }
176 
177         memset(&dh_inputs, 0, sizeof(dh_inputs));
178 
179         dlen = dh_data_from_key(pcopy.prime, &dh_inputs.p);
180         if (dlen < 0) {
181                 ret = dlen;
182                 goto out1;
183         }
184         dh_inputs.p_size = dlen;
185 
186         dlen = dh_data_from_key(pcopy.base, &dh_inputs.g);
187         if (dlen < 0) {
188                 ret = dlen;
189                 goto out2;
190         }
191         dh_inputs.g_size = dlen;
192 
193         dlen = dh_data_from_key(pcopy.private, &dh_inputs.key);
194         if (dlen < 0) {
195                 ret = dlen;
196                 goto out2;
197         }
198         dh_inputs.key_size = dlen;
199 
200         secretlen = crypto_dh_key_len(&dh_inputs);
201         secret = kmalloc(secretlen, GFP_KERNEL);
202         if (!secret) {
203                 ret = -ENOMEM;
204                 goto out2;
205         }
206         ret = crypto_dh_encode_key(secret, secretlen, &dh_inputs);
207         if (ret)
208                 goto out3;
209 
210         tfm = crypto_alloc_kpp("dh", 0, 0);
211         if (IS_ERR(tfm)) {
212                 ret = PTR_ERR(tfm);
213                 goto out3;
214         }
215 
216         ret = crypto_kpp_set_secret(tfm, secret, secretlen);
217         if (ret)
218                 goto out4;
219 
220         outlen = crypto_kpp_maxsize(tfm);
221 
222         if (!kdfcopy) {
223                 /*
224                  * When not using a KDF, buflen 0 is used to read the
225                  * required buffer length
226                  */
227                 if (buflen == 0) {
228                         ret = outlen;
229                         goto out4;
230                 } else if (outlen > buflen) {
231                         ret = -EOVERFLOW;
232                         goto out4;
233                 }
234         }
235 
236         outbuf = kzalloc(kdfcopy ? (outlen + kdfcopy->otherinfolen) : outlen,
237                          GFP_KERNEL);
238         if (!outbuf) {
239                 ret = -ENOMEM;
240                 goto out4;
241         }
242 
243         sg_init_one(&outsg, outbuf, outlen);
244 
245         req = kpp_request_alloc(tfm, GFP_KERNEL);
246         if (!req) {
247                 ret = -ENOMEM;
248                 goto out5;
249         }
250 
251         kpp_request_set_input(req, NULL, 0);
252         kpp_request_set_output(req, &outsg, outlen);
253         kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
254                                  CRYPTO_TFM_REQ_MAY_SLEEP,
255                                  crypto_req_done, &compl);
256 
257         /*
258          * For DH, generate_public_key and generate_shared_secret are
259          * the same calculation
260          */
261         ret = crypto_kpp_generate_public_key(req);
262         ret = crypto_wait_req(ret, &compl);
263         if (ret)
264                 goto out6;
265 
266         if (kdfcopy) {
267                 /*
268                  * Concatenate SP800-56A otherinfo past DH shared secret -- the
269                  * input to the KDF is (DH shared secret || otherinfo)
270                  */
271                 if (copy_from_user(outbuf + req->dst_len, kdfcopy->otherinfo,
272                                    kdfcopy->otherinfolen) != 0) {
273                         ret = -EFAULT;
274                         goto out6;
275                 }
276 
277                 ret = keyctl_dh_compute_kdf(hash, buffer, buflen, outbuf,
278                                             req->dst_len + kdfcopy->otherinfolen);
279         } else if (copy_to_user(buffer, outbuf, req->dst_len) == 0) {
280                 ret = req->dst_len;
281         } else {
282                 ret = -EFAULT;
283         }
284 
285 out6:
286         kpp_request_free(req);
287 out5:
288         kfree_sensitive(outbuf);
289 out4:
290         crypto_free_kpp(tfm);
291 out3:
292         kfree_sensitive(secret);
293 out2:
294         dh_free_data(&dh_inputs);
295 out1:
296         kdf_dealloc(hash);
297         return ret;
298 }
299 
300 long keyctl_dh_compute(struct keyctl_dh_params __user *params,
301                        char __user *buffer, size_t buflen,
302                        struct keyctl_kdf_params __user *kdf)
303 {
304         struct keyctl_kdf_params kdfcopy;
305 
306         if (!kdf)
307                 return __keyctl_dh_compute(params, buffer, buflen, NULL);
308 
309         if (copy_from_user(&kdfcopy, kdf, sizeof(kdfcopy)) != 0)
310                 return -EFAULT;
311 
312         return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy);
313 }
314 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php