Commit | Line | Data |
---|---|---|
fc1b6d6d TL |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /** | |
3 | * net/tipc/crypto.c: TIPC crypto for key handling & packet en/decryption | |
4 | * | |
5 | * Copyright (c) 2019, Ericsson AB | |
6 | * All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions are met: | |
10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | |
15 | * documentation and/or other materials provided with the distribution. | |
16 | * 3. Neither the names of the copyright holders nor the names of its | |
17 | * contributors may be used to endorse or promote products derived from | |
18 | * this software without specific prior written permission. | |
19 | * | |
20 | * Alternatively, this software may be distributed under the terms of the | |
21 | * GNU General Public License ("GPL") version 2 as published by the Free | |
22 | * Software Foundation. | |
23 | * | |
24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
25 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | |
28 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
29 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
30 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
32 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
33 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
34 | * POSSIBILITY OF SUCH DAMAGE. | |
35 | */ | |
36 | ||
37 | #include <crypto/aead.h> | |
38 | #include <crypto/aes.h> | |
39 | #include "crypto.h" | |
1ef6f7c9 TL |
40 | #include "msg.h" |
41 | #include "bcast.h" | |
fc1b6d6d | 42 | |
daef1ee3 | 43 | #define TIPC_TX_GRACE_PERIOD msecs_to_jiffies(5000) /* 5s */ |
f779bf79 | 44 | #define TIPC_TX_LASTING_TIME msecs_to_jiffies(10000) /* 10s */ |
fc1b6d6d | 45 | #define TIPC_RX_ACTIVE_LIM msecs_to_jiffies(3000) /* 3s */ |
f779bf79 TL |
46 | #define TIPC_RX_PASSIVE_LIM msecs_to_jiffies(15000) /* 15s */ |
47 | ||
fc1b6d6d TL |
48 | #define TIPC_MAX_TFMS_DEF 10 |
49 | #define TIPC_MAX_TFMS_LIM 1000 | |
50 | ||
51 | /** | |
52 | * TIPC Key ids | |
53 | */ | |
54 | enum { | |
daef1ee3 TL |
55 | KEY_MASTER = 0, |
56 | KEY_MIN = KEY_MASTER, | |
57 | KEY_1 = 1, | |
fc1b6d6d TL |
58 | KEY_2, |
59 | KEY_3, | |
60 | KEY_MAX = KEY_3, | |
61 | }; | |
62 | ||
63 | /** | |
64 | * TIPC Crypto statistics | |
65 | */ | |
66 | enum { | |
67 | STAT_OK, | |
68 | STAT_NOK, | |
69 | STAT_ASYNC, | |
70 | STAT_ASYNC_OK, | |
71 | STAT_ASYNC_NOK, | |
72 | STAT_BADKEYS, /* tx only */ | |
73 | STAT_BADMSGS = STAT_BADKEYS, /* rx only */ | |
74 | STAT_NOKEYS, | |
75 | STAT_SWITCHES, | |
76 | ||
77 | MAX_STATS, | |
78 | }; | |
79 | ||
80 | /* TIPC crypto statistics' header */ | |
81 | static const char *hstats[MAX_STATS] = {"ok", "nok", "async", "async_ok", | |
82 | "async_nok", "badmsgs", "nokeys", | |
83 | "switches"}; | |
84 | ||
85 | /* Max TFMs number per key */ | |
86 | int sysctl_tipc_max_tfms __read_mostly = TIPC_MAX_TFMS_DEF; | |
1ef6f7c9 TL |
87 | /* Key exchange switch, default: on */ |
88 | int sysctl_tipc_key_exchange_enabled __read_mostly = 1; | |
fc1b6d6d TL |
89 | |
90 | /** | |
91 | * struct tipc_key - TIPC keys' status indicator | |
92 | * | |
93 | * 7 6 5 4 3 2 1 0 | |
94 | * +-----+-----+-----+-----+-----+-----+-----+-----+ | |
95 | * key: | (reserved)|passive idx| active idx|pending idx| | |
96 | * +-----+-----+-----+-----+-----+-----+-----+-----+ | |
97 | */ | |
98 | struct tipc_key { | |
99 | #define KEY_BITS (2) | |
100 | #define KEY_MASK ((1 << KEY_BITS) - 1) | |
101 | union { | |
102 | struct { | |
103 | #if defined(__LITTLE_ENDIAN_BITFIELD) | |
104 | u8 pending:2, | |
105 | active:2, | |
106 | passive:2, /* rx only */ | |
107 | reserved:2; | |
108 | #elif defined(__BIG_ENDIAN_BITFIELD) | |
109 | u8 reserved:2, | |
110 | passive:2, /* rx only */ | |
111 | active:2, | |
112 | pending:2; | |
113 | #else | |
114 | #error "Please fix <asm/byteorder.h>" | |
115 | #endif | |
116 | } __packed; | |
117 | u8 keys; | |
118 | }; | |
119 | }; | |
120 | ||
121 | /** | |
122 | * struct tipc_tfm - TIPC TFM structure to form a list of TFMs | |
123 | */ | |
124 | struct tipc_tfm { | |
125 | struct crypto_aead *tfm; | |
126 | struct list_head list; | |
127 | }; | |
128 | ||
129 | /** | |
130 | * struct tipc_aead - TIPC AEAD key structure | |
131 | * @tfm_entry: per-cpu pointer to one entry in TFM list | |
132 | * @crypto: TIPC crypto owns this key | |
133 | * @cloned: reference to the source key in case cloning | |
134 | * @users: the number of the key users (TX/RX) | |
135 | * @salt: the key's SALT value | |
136 | * @authsize: authentication tag size (max = 16) | |
137 | * @mode: crypto mode is applied to the key | |
138 | * @hint[]: a hint for user key | |
139 | * @rcu: struct rcu_head | |
1ef6f7c9 TL |
140 | * @key: the aead key |
141 | * @gen: the key's generation | |
fc1b6d6d TL |
142 | * @seqno: the key seqno (cluster scope) |
143 | * @refcnt: the key reference counter | |
144 | */ | |
145 | struct tipc_aead { | |
146 | #define TIPC_AEAD_HINT_LEN (5) | |
147 | struct tipc_tfm * __percpu *tfm_entry; | |
148 | struct tipc_crypto *crypto; | |
149 | struct tipc_aead *cloned; | |
150 | atomic_t users; | |
151 | u32 salt; | |
152 | u8 authsize; | |
153 | u8 mode; | |
f779bf79 | 154 | char hint[2 * TIPC_AEAD_HINT_LEN + 1]; |
fc1b6d6d | 155 | struct rcu_head rcu; |
1ef6f7c9 TL |
156 | struct tipc_aead_key *key; |
157 | u16 gen; | |
fc1b6d6d TL |
158 | |
159 | atomic64_t seqno ____cacheline_aligned; | |
160 | refcount_t refcnt ____cacheline_aligned; | |
161 | ||
162 | } ____cacheline_aligned; | |
163 | ||
164 | /** | |
165 | * struct tipc_crypto_stats - TIPC Crypto statistics | |
166 | */ | |
167 | struct tipc_crypto_stats { | |
168 | unsigned int stat[MAX_STATS]; | |
169 | }; | |
170 | ||
171 | /** | |
172 | * struct tipc_crypto - TIPC TX/RX crypto structure | |
173 | * @net: struct net | |
174 | * @node: TIPC node (RX) | |
175 | * @aead: array of pointers to AEAD keys for encryption/decryption | |
176 | * @peer_rx_active: replicated peer RX active key index | |
1ef6f7c9 | 177 | * @key_gen: TX/RX key generation |
fc1b6d6d | 178 | * @key: the key states |
1ef6f7c9 TL |
179 | * @skey_mode: session key's mode |
180 | * @skey: received session key | |
181 | * @wq: common workqueue on TX crypto | |
182 | * @work: delayed work sched for TX/RX | |
183 | * @key_distr: key distributing state | |
fc1b6d6d | 184 | * @stats: the crypto statistics |
f779bf79 | 185 | * @name: the crypto name |
fc1b6d6d TL |
186 | * @sndnxt: the per-peer sndnxt (TX) |
187 | * @timer1: general timer 1 (jiffies) | |
f779bf79 | 188 | * @timer2: general timer 2 (jiffies) |
daef1ee3 TL |
189 | * @working: the crypto is working or not |
190 | * @key_master: flag indicates if master key exists | |
191 | * @legacy_user: flag indicates if a peer joins w/o master key (for bwd comp.) | |
1ef6f7c9 | 192 | * @nokey: no key indication |
fc1b6d6d TL |
193 | * @lock: tipc_key lock |
194 | */ | |
195 | struct tipc_crypto { | |
196 | struct net *net; | |
197 | struct tipc_node *node; | |
daef1ee3 | 198 | struct tipc_aead __rcu *aead[KEY_MAX + 1]; |
fc1b6d6d | 199 | atomic_t peer_rx_active; |
1ef6f7c9 | 200 | u16 key_gen; |
fc1b6d6d | 201 | struct tipc_key key; |
1ef6f7c9 TL |
202 | u8 skey_mode; |
203 | struct tipc_aead_key *skey; | |
204 | struct workqueue_struct *wq; | |
205 | struct delayed_work work; | |
206 | #define KEY_DISTR_SCHED 1 | |
207 | #define KEY_DISTR_COMPL 2 | |
208 | atomic_t key_distr; | |
209 | ||
fc1b6d6d | 210 | struct tipc_crypto_stats __percpu *stats; |
f779bf79 | 211 | char name[48]; |
fc1b6d6d TL |
212 | |
213 | atomic64_t sndnxt ____cacheline_aligned; | |
214 | unsigned long timer1; | |
215 | unsigned long timer2; | |
daef1ee3 TL |
216 | union { |
217 | struct { | |
218 | u8 working:1; | |
219 | u8 key_master:1; | |
220 | u8 legacy_user:1; | |
1ef6f7c9 | 221 | u8 nokey: 1; |
daef1ee3 TL |
222 | }; |
223 | u8 flags; | |
224 | }; | |
fc1b6d6d TL |
225 | spinlock_t lock; /* crypto lock */ |
226 | ||
227 | } ____cacheline_aligned; | |
228 | ||
229 | /* struct tipc_crypto_tx_ctx - TX context for callbacks */ | |
230 | struct tipc_crypto_tx_ctx { | |
231 | struct tipc_aead *aead; | |
232 | struct tipc_bearer *bearer; | |
233 | struct tipc_media_addr dst; | |
234 | }; | |
235 | ||
236 | /* struct tipc_crypto_rx_ctx - RX context for callbacks */ | |
237 | struct tipc_crypto_rx_ctx { | |
238 | struct tipc_aead *aead; | |
239 | struct tipc_bearer *bearer; | |
240 | }; | |
241 | ||
242 | static struct tipc_aead *tipc_aead_get(struct tipc_aead __rcu *aead); | |
243 | static inline void tipc_aead_put(struct tipc_aead *aead); | |
244 | static void tipc_aead_free(struct rcu_head *rp); | |
245 | static int tipc_aead_users(struct tipc_aead __rcu *aead); | |
246 | static void tipc_aead_users_inc(struct tipc_aead __rcu *aead, int lim); | |
247 | static void tipc_aead_users_dec(struct tipc_aead __rcu *aead, int lim); | |
248 | static void tipc_aead_users_set(struct tipc_aead __rcu *aead, int val); | |
249 | static struct crypto_aead *tipc_aead_tfm_next(struct tipc_aead *aead); | |
250 | static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey, | |
251 | u8 mode); | |
252 | static int tipc_aead_clone(struct tipc_aead **dst, struct tipc_aead *src); | |
253 | static void *tipc_aead_mem_alloc(struct crypto_aead *tfm, | |
254 | unsigned int crypto_ctx_size, | |
255 | u8 **iv, struct aead_request **req, | |
256 | struct scatterlist **sg, int nsg); | |
257 | static int tipc_aead_encrypt(struct tipc_aead *aead, struct sk_buff *skb, | |
258 | struct tipc_bearer *b, | |
259 | struct tipc_media_addr *dst, | |
260 | struct tipc_node *__dnode); | |
261 | static void tipc_aead_encrypt_done(struct crypto_async_request *base, int err); | |
262 | static int tipc_aead_decrypt(struct net *net, struct tipc_aead *aead, | |
263 | struct sk_buff *skb, struct tipc_bearer *b); | |
264 | static void tipc_aead_decrypt_done(struct crypto_async_request *base, int err); | |
265 | static inline int tipc_ehdr_size(struct tipc_ehdr *ehdr); | |
266 | static int tipc_ehdr_build(struct net *net, struct tipc_aead *aead, | |
267 | u8 tx_key, struct sk_buff *skb, | |
268 | struct tipc_crypto *__rx); | |
269 | static inline void tipc_crypto_key_set_state(struct tipc_crypto *c, | |
270 | u8 new_passive, | |
271 | u8 new_active, | |
272 | u8 new_pending); | |
273 | static int tipc_crypto_key_attach(struct tipc_crypto *c, | |
daef1ee3 TL |
274 | struct tipc_aead *aead, u8 pos, |
275 | bool master_key); | |
fc1b6d6d TL |
276 | static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending); |
277 | static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, | |
278 | struct tipc_crypto *rx, | |
daef1ee3 TL |
279 | struct sk_buff *skb, |
280 | u8 tx_key); | |
f779bf79 | 281 | static void tipc_crypto_key_synch(struct tipc_crypto *rx, struct sk_buff *skb); |
fc1b6d6d | 282 | static int tipc_crypto_key_revoke(struct net *net, u8 tx_key); |
daef1ee3 TL |
283 | static inline void tipc_crypto_clone_msg(struct net *net, struct sk_buff *_skb, |
284 | struct tipc_bearer *b, | |
285 | struct tipc_media_addr *dst, | |
286 | struct tipc_node *__dnode, u8 type); | |
fc1b6d6d TL |
287 | static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, |
288 | struct tipc_bearer *b, | |
289 | struct sk_buff **skb, int err); | |
290 | static void tipc_crypto_do_cmd(struct net *net, int cmd); | |
291 | static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf); | |
fc1b6d6d TL |
292 | static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, |
293 | char *buf); | |
1ef6f7c9 TL |
294 | static int tipc_crypto_key_xmit(struct net *net, struct tipc_aead_key *skey, |
295 | u16 gen, u8 mode, u32 dnode); | |
296 | static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr); | |
297 | static void tipc_crypto_work_rx(struct work_struct *work); | |
298 | ||
f779bf79 TL |
299 | #define is_tx(crypto) (!(crypto)->node) |
300 | #define is_rx(crypto) (!is_tx(crypto)) | |
fc1b6d6d TL |
301 | |
302 | #define key_next(cur) ((cur) % KEY_MAX + 1) | |
303 | ||
304 | #define tipc_aead_rcu_ptr(rcu_ptr, lock) \ | |
305 | rcu_dereference_protected((rcu_ptr), lockdep_is_held(lock)) | |
306 | ||
fc1b6d6d TL |
307 | #define tipc_aead_rcu_replace(rcu_ptr, ptr, lock) \ |
308 | do { \ | |
309 | typeof(rcu_ptr) __tmp = rcu_dereference_protected((rcu_ptr), \ | |
310 | lockdep_is_held(lock)); \ | |
311 | rcu_assign_pointer((rcu_ptr), (ptr)); \ | |
312 | tipc_aead_put(__tmp); \ | |
313 | } while (0) | |
314 | ||
315 | #define tipc_crypto_key_detach(rcu_ptr, lock) \ | |
316 | tipc_aead_rcu_replace((rcu_ptr), NULL, lock) | |
317 | ||
318 | /** | |
319 | * tipc_aead_key_validate - Validate a AEAD user key | |
320 | */ | |
f779bf79 | 321 | int tipc_aead_key_validate(struct tipc_aead_key *ukey, struct genl_info *info) |
fc1b6d6d TL |
322 | { |
323 | int keylen; | |
324 | ||
325 | /* Check if algorithm exists */ | |
326 | if (unlikely(!crypto_has_alg(ukey->alg_name, 0, 0))) { | |
f779bf79 | 327 | GENL_SET_ERR_MSG(info, "unable to load the algorithm (module existed?)"); |
fc1b6d6d TL |
328 | return -ENODEV; |
329 | } | |
330 | ||
331 | /* Currently, we only support the "gcm(aes)" cipher algorithm */ | |
f779bf79 TL |
332 | if (strcmp(ukey->alg_name, "gcm(aes)")) { |
333 | GENL_SET_ERR_MSG(info, "not supported yet the algorithm"); | |
fc1b6d6d | 334 | return -ENOTSUPP; |
f779bf79 | 335 | } |
fc1b6d6d TL |
336 | |
337 | /* Check if key size is correct */ | |
338 | keylen = ukey->keylen - TIPC_AES_GCM_SALT_SIZE; | |
339 | if (unlikely(keylen != TIPC_AES_GCM_KEY_SIZE_128 && | |
340 | keylen != TIPC_AES_GCM_KEY_SIZE_192 && | |
f779bf79 TL |
341 | keylen != TIPC_AES_GCM_KEY_SIZE_256)) { |
342 | GENL_SET_ERR_MSG(info, "incorrect key length (20, 28 or 36 octets?)"); | |
343 | return -EKEYREJECTED; | |
344 | } | |
fc1b6d6d TL |
345 | |
346 | return 0; | |
347 | } | |
348 | ||
349 | static struct tipc_aead *tipc_aead_get(struct tipc_aead __rcu *aead) | |
350 | { | |
351 | struct tipc_aead *tmp; | |
352 | ||
353 | rcu_read_lock(); | |
354 | tmp = rcu_dereference(aead); | |
355 | if (unlikely(!tmp || !refcount_inc_not_zero(&tmp->refcnt))) | |
356 | tmp = NULL; | |
357 | rcu_read_unlock(); | |
358 | ||
359 | return tmp; | |
360 | } | |
361 | ||
362 | static inline void tipc_aead_put(struct tipc_aead *aead) | |
363 | { | |
364 | if (aead && refcount_dec_and_test(&aead->refcnt)) | |
365 | call_rcu(&aead->rcu, tipc_aead_free); | |
366 | } | |
367 | ||
368 | /** | |
369 | * tipc_aead_free - Release AEAD key incl. all the TFMs in the list | |
370 | * @rp: rcu head pointer | |
371 | */ | |
372 | static void tipc_aead_free(struct rcu_head *rp) | |
373 | { | |
374 | struct tipc_aead *aead = container_of(rp, struct tipc_aead, rcu); | |
375 | struct tipc_tfm *tfm_entry, *head, *tmp; | |
376 | ||
377 | if (aead->cloned) { | |
378 | tipc_aead_put(aead->cloned); | |
379 | } else { | |
bb8872a1 TL |
380 | head = *get_cpu_ptr(aead->tfm_entry); |
381 | put_cpu_ptr(aead->tfm_entry); | |
fc1b6d6d TL |
382 | list_for_each_entry_safe(tfm_entry, tmp, &head->list, list) { |
383 | crypto_free_aead(tfm_entry->tfm); | |
384 | list_del(&tfm_entry->list); | |
385 | kfree(tfm_entry); | |
386 | } | |
387 | /* Free the head */ | |
388 | crypto_free_aead(head->tfm); | |
389 | list_del(&head->list); | |
390 | kfree(head); | |
391 | } | |
392 | free_percpu(aead->tfm_entry); | |
1ef6f7c9 | 393 | kzfree(aead->key); |
fc1b6d6d TL |
394 | kfree(aead); |
395 | } | |
396 | ||
397 | static int tipc_aead_users(struct tipc_aead __rcu *aead) | |
398 | { | |
399 | struct tipc_aead *tmp; | |
400 | int users = 0; | |
401 | ||
402 | rcu_read_lock(); | |
403 | tmp = rcu_dereference(aead); | |
404 | if (tmp) | |
405 | users = atomic_read(&tmp->users); | |
406 | rcu_read_unlock(); | |
407 | ||
408 | return users; | |
409 | } | |
410 | ||
411 | static void tipc_aead_users_inc(struct tipc_aead __rcu *aead, int lim) | |
412 | { | |
413 | struct tipc_aead *tmp; | |
414 | ||
415 | rcu_read_lock(); | |
416 | tmp = rcu_dereference(aead); | |
417 | if (tmp) | |
418 | atomic_add_unless(&tmp->users, 1, lim); | |
419 | rcu_read_unlock(); | |
420 | } | |
421 | ||
422 | static void tipc_aead_users_dec(struct tipc_aead __rcu *aead, int lim) | |
423 | { | |
424 | struct tipc_aead *tmp; | |
425 | ||
426 | rcu_read_lock(); | |
427 | tmp = rcu_dereference(aead); | |
428 | if (tmp) | |
429 | atomic_add_unless(&rcu_dereference(aead)->users, -1, lim); | |
430 | rcu_read_unlock(); | |
431 | } | |
432 | ||
433 | static void tipc_aead_users_set(struct tipc_aead __rcu *aead, int val) | |
434 | { | |
435 | struct tipc_aead *tmp; | |
436 | int cur; | |
437 | ||
438 | rcu_read_lock(); | |
439 | tmp = rcu_dereference(aead); | |
440 | if (tmp) { | |
441 | do { | |
442 | cur = atomic_read(&tmp->users); | |
443 | if (cur == val) | |
444 | break; | |
445 | } while (atomic_cmpxchg(&tmp->users, cur, val) != cur); | |
446 | } | |
447 | rcu_read_unlock(); | |
448 | } | |
449 | ||
450 | /** | |
451 | * tipc_aead_tfm_next - Move TFM entry to the next one in list and return it | |
452 | */ | |
453 | static struct crypto_aead *tipc_aead_tfm_next(struct tipc_aead *aead) | |
454 | { | |
bb8872a1 TL |
455 | struct tipc_tfm **tfm_entry; |
456 | struct crypto_aead *tfm; | |
fc1b6d6d | 457 | |
bb8872a1 | 458 | tfm_entry = get_cpu_ptr(aead->tfm_entry); |
fc1b6d6d | 459 | *tfm_entry = list_next_entry(*tfm_entry, list); |
bb8872a1 TL |
460 | tfm = (*tfm_entry)->tfm; |
461 | put_cpu_ptr(tfm_entry); | |
462 | ||
463 | return tfm; | |
fc1b6d6d TL |
464 | } |
465 | ||
466 | /** | |
467 | * tipc_aead_init - Initiate TIPC AEAD | |
468 | * @aead: returned new TIPC AEAD key handle pointer | |
469 | * @ukey: pointer to user key data | |
470 | * @mode: the key mode | |
471 | * | |
472 | * Allocate a (list of) new cipher transformation (TFM) with the specific user | |
473 | * key data if valid. The number of the allocated TFMs can be set via the sysfs | |
474 | * "net/tipc/max_tfms" first. | |
475 | * Also, all the other AEAD data are also initialized. | |
476 | * | |
477 | * Return: 0 if the initiation is successful, otherwise: < 0 | |
478 | */ | |
479 | static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey, | |
480 | u8 mode) | |
481 | { | |
482 | struct tipc_tfm *tfm_entry, *head; | |
483 | struct crypto_aead *tfm; | |
484 | struct tipc_aead *tmp; | |
485 | int keylen, err, cpu; | |
486 | int tfm_cnt = 0; | |
487 | ||
488 | if (unlikely(*aead)) | |
489 | return -EEXIST; | |
490 | ||
491 | /* Allocate a new AEAD */ | |
492 | tmp = kzalloc(sizeof(*tmp), GFP_ATOMIC); | |
493 | if (unlikely(!tmp)) | |
494 | return -ENOMEM; | |
495 | ||
496 | /* The key consists of two parts: [AES-KEY][SALT] */ | |
497 | keylen = ukey->keylen - TIPC_AES_GCM_SALT_SIZE; | |
498 | ||
499 | /* Allocate per-cpu TFM entry pointer */ | |
500 | tmp->tfm_entry = alloc_percpu(struct tipc_tfm *); | |
501 | if (!tmp->tfm_entry) { | |
453431a5 | 502 | kfree_sensitive(tmp); |
fc1b6d6d TL |
503 | return -ENOMEM; |
504 | } | |
505 | ||
506 | /* Make a list of TFMs with the user key data */ | |
507 | do { | |
508 | tfm = crypto_alloc_aead(ukey->alg_name, 0, 0); | |
509 | if (IS_ERR(tfm)) { | |
510 | err = PTR_ERR(tfm); | |
511 | break; | |
512 | } | |
513 | ||
514 | if (unlikely(!tfm_cnt && | |
515 | crypto_aead_ivsize(tfm) != TIPC_AES_GCM_IV_SIZE)) { | |
516 | crypto_free_aead(tfm); | |
517 | err = -ENOTSUPP; | |
518 | break; | |
519 | } | |
520 | ||
c33fdc34 | 521 | err = crypto_aead_setauthsize(tfm, TIPC_AES_GCM_TAG_SIZE); |
fc1b6d6d TL |
522 | err |= crypto_aead_setkey(tfm, ukey->key, keylen); |
523 | if (unlikely(err)) { | |
524 | crypto_free_aead(tfm); | |
525 | break; | |
526 | } | |
527 | ||
528 | tfm_entry = kmalloc(sizeof(*tfm_entry), GFP_KERNEL); | |
529 | if (unlikely(!tfm_entry)) { | |
530 | crypto_free_aead(tfm); | |
531 | err = -ENOMEM; | |
532 | break; | |
533 | } | |
534 | INIT_LIST_HEAD(&tfm_entry->list); | |
535 | tfm_entry->tfm = tfm; | |
536 | ||
537 | /* First entry? */ | |
538 | if (!tfm_cnt) { | |
539 | head = tfm_entry; | |
540 | for_each_possible_cpu(cpu) { | |
541 | *per_cpu_ptr(tmp->tfm_entry, cpu) = head; | |
542 | } | |
543 | } else { | |
544 | list_add_tail(&tfm_entry->list, &head->list); | |
545 | } | |
546 | ||
547 | } while (++tfm_cnt < sysctl_tipc_max_tfms); | |
548 | ||
549 | /* Not any TFM is allocated? */ | |
550 | if (!tfm_cnt) { | |
551 | free_percpu(tmp->tfm_entry); | |
453431a5 | 552 | kfree_sensitive(tmp); |
fc1b6d6d TL |
553 | return err; |
554 | } | |
555 | ||
f779bf79 TL |
556 | /* Form a hex string of some last bytes as the key's hint */ |
557 | bin2hex(tmp->hint, ukey->key + keylen - TIPC_AEAD_HINT_LEN, | |
558 | TIPC_AEAD_HINT_LEN); | |
fc1b6d6d TL |
559 | |
560 | /* Initialize the other data */ | |
561 | tmp->mode = mode; | |
562 | tmp->cloned = NULL; | |
563 | tmp->authsize = TIPC_AES_GCM_TAG_SIZE; | |
1ef6f7c9 | 564 | tmp->key = kmemdup(ukey, tipc_aead_key_size(ukey), GFP_KERNEL); |
fc1b6d6d TL |
565 | memcpy(&tmp->salt, ukey->key + keylen, TIPC_AES_GCM_SALT_SIZE); |
566 | atomic_set(&tmp->users, 0); | |
567 | atomic64_set(&tmp->seqno, 0); | |
568 | refcount_set(&tmp->refcnt, 1); | |
569 | ||
570 | *aead = tmp; | |
571 | return 0; | |
572 | } | |
573 | ||
574 | /** | |
575 | * tipc_aead_clone - Clone a TIPC AEAD key | |
576 | * @dst: dest key for the cloning | |
577 | * @src: source key to clone from | |
578 | * | |
579 | * Make a "copy" of the source AEAD key data to the dest, the TFMs list is | |
580 | * common for the keys. | |
581 | * A reference to the source is hold in the "cloned" pointer for the later | |
582 | * freeing purposes. | |
583 | * | |
584 | * Note: this must be done in cluster-key mode only! | |
585 | * Return: 0 in case of success, otherwise < 0 | |
586 | */ | |
587 | static int tipc_aead_clone(struct tipc_aead **dst, struct tipc_aead *src) | |
588 | { | |
589 | struct tipc_aead *aead; | |
590 | int cpu; | |
591 | ||
592 | if (!src) | |
593 | return -ENOKEY; | |
594 | ||
595 | if (src->mode != CLUSTER_KEY) | |
596 | return -EINVAL; | |
597 | ||
598 | if (unlikely(*dst)) | |
599 | return -EEXIST; | |
600 | ||
601 | aead = kzalloc(sizeof(*aead), GFP_ATOMIC); | |
602 | if (unlikely(!aead)) | |
603 | return -ENOMEM; | |
604 | ||
605 | aead->tfm_entry = alloc_percpu_gfp(struct tipc_tfm *, GFP_ATOMIC); | |
606 | if (unlikely(!aead->tfm_entry)) { | |
453431a5 | 607 | kfree_sensitive(aead); |
fc1b6d6d TL |
608 | return -ENOMEM; |
609 | } | |
610 | ||
611 | for_each_possible_cpu(cpu) { | |
612 | *per_cpu_ptr(aead->tfm_entry, cpu) = | |
613 | *per_cpu_ptr(src->tfm_entry, cpu); | |
614 | } | |
615 | ||
616 | memcpy(aead->hint, src->hint, sizeof(src->hint)); | |
617 | aead->mode = src->mode; | |
618 | aead->salt = src->salt; | |
619 | aead->authsize = src->authsize; | |
620 | atomic_set(&aead->users, 0); | |
621 | atomic64_set(&aead->seqno, 0); | |
622 | refcount_set(&aead->refcnt, 1); | |
623 | ||
624 | WARN_ON(!refcount_inc_not_zero(&src->refcnt)); | |
625 | aead->cloned = src; | |
626 | ||
627 | *dst = aead; | |
628 | return 0; | |
629 | } | |
630 | ||
631 | /** | |
632 | * tipc_aead_mem_alloc - Allocate memory for AEAD request operations | |
633 | * @tfm: cipher handle to be registered with the request | |
634 | * @crypto_ctx_size: size of crypto context for callback | |
635 | * @iv: returned pointer to IV data | |
636 | * @req: returned pointer to AEAD request data | |
637 | * @sg: returned pointer to SG lists | |
638 | * @nsg: number of SG lists to be allocated | |
639 | * | |
640 | * Allocate memory to store the crypto context data, AEAD request, IV and SG | |
641 | * lists, the memory layout is as follows: | |
642 | * crypto_ctx || iv || aead_req || sg[] | |
643 | * | |
644 | * Return: the pointer to the memory areas in case of success, otherwise NULL | |
645 | */ | |
646 | static void *tipc_aead_mem_alloc(struct crypto_aead *tfm, | |
647 | unsigned int crypto_ctx_size, | |
648 | u8 **iv, struct aead_request **req, | |
649 | struct scatterlist **sg, int nsg) | |
650 | { | |
651 | unsigned int iv_size, req_size; | |
652 | unsigned int len; | |
653 | u8 *mem; | |
654 | ||
655 | iv_size = crypto_aead_ivsize(tfm); | |
656 | req_size = sizeof(**req) + crypto_aead_reqsize(tfm); | |
657 | ||
658 | len = crypto_ctx_size; | |
659 | len += iv_size; | |
660 | len += crypto_aead_alignmask(tfm) & ~(crypto_tfm_ctx_alignment() - 1); | |
661 | len = ALIGN(len, crypto_tfm_ctx_alignment()); | |
662 | len += req_size; | |
663 | len = ALIGN(len, __alignof__(struct scatterlist)); | |
664 | len += nsg * sizeof(**sg); | |
665 | ||
666 | mem = kmalloc(len, GFP_ATOMIC); | |
667 | if (!mem) | |
668 | return NULL; | |
669 | ||
670 | *iv = (u8 *)PTR_ALIGN(mem + crypto_ctx_size, | |
671 | crypto_aead_alignmask(tfm) + 1); | |
672 | *req = (struct aead_request *)PTR_ALIGN(*iv + iv_size, | |
673 | crypto_tfm_ctx_alignment()); | |
674 | *sg = (struct scatterlist *)PTR_ALIGN((u8 *)*req + req_size, | |
675 | __alignof__(struct scatterlist)); | |
676 | ||
677 | return (void *)mem; | |
678 | } | |
679 | ||
680 | /** | |
681 | * tipc_aead_encrypt - Encrypt a message | |
682 | * @aead: TIPC AEAD key for the message encryption | |
683 | * @skb: the input/output skb | |
684 | * @b: TIPC bearer where the message will be delivered after the encryption | |
685 | * @dst: the destination media address | |
686 | * @__dnode: TIPC dest node if "known" | |
687 | * | |
688 | * Return: | |
689 | * 0 : if the encryption has completed | |
690 | * -EINPROGRESS/-EBUSY : if a callback will be performed | |
691 | * < 0 : the encryption has failed | |
692 | */ | |
693 | static int tipc_aead_encrypt(struct tipc_aead *aead, struct sk_buff *skb, | |
694 | struct tipc_bearer *b, | |
695 | struct tipc_media_addr *dst, | |
696 | struct tipc_node *__dnode) | |
697 | { | |
698 | struct crypto_aead *tfm = tipc_aead_tfm_next(aead); | |
699 | struct tipc_crypto_tx_ctx *tx_ctx; | |
700 | struct aead_request *req; | |
701 | struct sk_buff *trailer; | |
702 | struct scatterlist *sg; | |
703 | struct tipc_ehdr *ehdr; | |
704 | int ehsz, len, tailen, nsg, rc; | |
705 | void *ctx; | |
706 | u32 salt; | |
707 | u8 *iv; | |
708 | ||
709 | /* Make sure message len at least 4-byte aligned */ | |
710 | len = ALIGN(skb->len, 4); | |
711 | tailen = len - skb->len + aead->authsize; | |
712 | ||
713 | /* Expand skb tail for authentication tag: | |
714 | * As for simplicity, we'd have made sure skb having enough tailroom | |
715 | * for authentication tag @skb allocation. Even when skb is nonlinear | |
716 | * but there is no frag_list, it should be still fine! | |
717 | * Otherwise, we must cow it to be a writable buffer with the tailroom. | |
718 | */ | |
fc1b6d6d TL |
719 | SKB_LINEAR_ASSERT(skb); |
720 | if (tailen > skb_tailroom(skb)) { | |
f779bf79 TL |
721 | pr_debug("TX(): skb tailroom is not enough: %d, requires: %d\n", |
722 | skb_tailroom(skb), tailen); | |
fc1b6d6d | 723 | } |
fc1b6d6d TL |
724 | |
725 | if (unlikely(!skb_cloned(skb) && tailen <= skb_tailroom(skb))) { | |
726 | nsg = 1; | |
727 | trailer = skb; | |
728 | } else { | |
729 | /* TODO: We could avoid skb_cow_data() if skb has no frag_list | |
730 | * e.g. by skb_fill_page_desc() to add another page to the skb | |
731 | * with the wanted tailen... However, page skbs look not often, | |
732 | * so take it easy now! | |
733 | * Cloned skbs e.g. from link_xmit() seems no choice though :( | |
734 | */ | |
735 | nsg = skb_cow_data(skb, tailen, &trailer); | |
736 | if (unlikely(nsg < 0)) { | |
737 | pr_err("TX: skb_cow_data() returned %d\n", nsg); | |
738 | return nsg; | |
739 | } | |
740 | } | |
741 | ||
742 | pskb_put(skb, trailer, tailen); | |
743 | ||
744 | /* Allocate memory for the AEAD operation */ | |
745 | ctx = tipc_aead_mem_alloc(tfm, sizeof(*tx_ctx), &iv, &req, &sg, nsg); | |
746 | if (unlikely(!ctx)) | |
747 | return -ENOMEM; | |
748 | TIPC_SKB_CB(skb)->crypto_ctx = ctx; | |
749 | ||
750 | /* Map skb to the sg lists */ | |
751 | sg_init_table(sg, nsg); | |
752 | rc = skb_to_sgvec(skb, sg, 0, skb->len); | |
753 | if (unlikely(rc < 0)) { | |
754 | pr_err("TX: skb_to_sgvec() returned %d, nsg %d!\n", rc, nsg); | |
755 | goto exit; | |
756 | } | |
757 | ||
758 | /* Prepare IV: [SALT (4 octets)][SEQNO (8 octets)] | |
759 | * In case we're in cluster-key mode, SALT is varied by xor-ing with | |
760 | * the source address (or w0 of id), otherwise with the dest address | |
761 | * if dest is known. | |
762 | */ | |
763 | ehdr = (struct tipc_ehdr *)skb->data; | |
764 | salt = aead->salt; | |
765 | if (aead->mode == CLUSTER_KEY) | |
766 | salt ^= ehdr->addr; /* __be32 */ | |
767 | else if (__dnode) | |
768 | salt ^= tipc_node_get_addr(__dnode); | |
769 | memcpy(iv, &salt, 4); | |
770 | memcpy(iv + 4, (u8 *)&ehdr->seqno, 8); | |
771 | ||
772 | /* Prepare request */ | |
773 | ehsz = tipc_ehdr_size(ehdr); | |
774 | aead_request_set_tfm(req, tfm); | |
775 | aead_request_set_ad(req, ehsz); | |
776 | aead_request_set_crypt(req, sg, sg, len - ehsz, iv); | |
777 | ||
778 | /* Set callback function & data */ | |
779 | aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
780 | tipc_aead_encrypt_done, skb); | |
781 | tx_ctx = (struct tipc_crypto_tx_ctx *)ctx; | |
782 | tx_ctx->aead = aead; | |
783 | tx_ctx->bearer = b; | |
784 | memcpy(&tx_ctx->dst, dst, sizeof(*dst)); | |
785 | ||
786 | /* Hold bearer */ | |
787 | if (unlikely(!tipc_bearer_hold(b))) { | |
788 | rc = -ENODEV; | |
789 | goto exit; | |
790 | } | |
791 | ||
792 | /* Now, do encrypt */ | |
793 | rc = crypto_aead_encrypt(req); | |
794 | if (rc == -EINPROGRESS || rc == -EBUSY) | |
795 | return rc; | |
796 | ||
797 | tipc_bearer_put(b); | |
798 | ||
799 | exit: | |
800 | kfree(ctx); | |
801 | TIPC_SKB_CB(skb)->crypto_ctx = NULL; | |
802 | return rc; | |
803 | } | |
804 | ||
805 | static void tipc_aead_encrypt_done(struct crypto_async_request *base, int err) | |
806 | { | |
807 | struct sk_buff *skb = base->data; | |
808 | struct tipc_crypto_tx_ctx *tx_ctx = TIPC_SKB_CB(skb)->crypto_ctx; | |
809 | struct tipc_bearer *b = tx_ctx->bearer; | |
810 | struct tipc_aead *aead = tx_ctx->aead; | |
811 | struct tipc_crypto *tx = aead->crypto; | |
812 | struct net *net = tx->net; | |
813 | ||
814 | switch (err) { | |
815 | case 0: | |
816 | this_cpu_inc(tx->stats->stat[STAT_ASYNC_OK]); | |
f6db9096 | 817 | rcu_read_lock(); |
fc1b6d6d TL |
818 | if (likely(test_bit(0, &b->up))) |
819 | b->media->send_msg(net, skb, b, &tx_ctx->dst); | |
820 | else | |
821 | kfree_skb(skb); | |
f6db9096 | 822 | rcu_read_unlock(); |
fc1b6d6d TL |
823 | break; |
824 | case -EINPROGRESS: | |
825 | return; | |
826 | default: | |
827 | this_cpu_inc(tx->stats->stat[STAT_ASYNC_NOK]); | |
828 | kfree_skb(skb); | |
829 | break; | |
830 | } | |
831 | ||
832 | kfree(tx_ctx); | |
833 | tipc_bearer_put(b); | |
834 | tipc_aead_put(aead); | |
835 | } | |
836 | ||
837 | /** | |
838 | * tipc_aead_decrypt - Decrypt an encrypted message | |
839 | * @net: struct net | |
840 | * @aead: TIPC AEAD for the message decryption | |
841 | * @skb: the input/output skb | |
842 | * @b: TIPC bearer where the message has been received | |
843 | * | |
844 | * Return: | |
845 | * 0 : if the decryption has completed | |
846 | * -EINPROGRESS/-EBUSY : if a callback will be performed | |
847 | * < 0 : the decryption has failed | |
848 | */ | |
849 | static int tipc_aead_decrypt(struct net *net, struct tipc_aead *aead, | |
850 | struct sk_buff *skb, struct tipc_bearer *b) | |
851 | { | |
852 | struct tipc_crypto_rx_ctx *rx_ctx; | |
853 | struct aead_request *req; | |
854 | struct crypto_aead *tfm; | |
855 | struct sk_buff *unused; | |
856 | struct scatterlist *sg; | |
857 | struct tipc_ehdr *ehdr; | |
858 | int ehsz, nsg, rc; | |
859 | void *ctx; | |
860 | u32 salt; | |
861 | u8 *iv; | |
862 | ||
863 | if (unlikely(!aead)) | |
864 | return -ENOKEY; | |
865 | ||
866 | /* Cow skb data if needed */ | |
867 | if (likely(!skb_cloned(skb) && | |
868 | (!skb_is_nonlinear(skb) || !skb_has_frag_list(skb)))) { | |
869 | nsg = 1 + skb_shinfo(skb)->nr_frags; | |
870 | } else { | |
871 | nsg = skb_cow_data(skb, 0, &unused); | |
872 | if (unlikely(nsg < 0)) { | |
873 | pr_err("RX: skb_cow_data() returned %d\n", nsg); | |
874 | return nsg; | |
875 | } | |
876 | } | |
877 | ||
878 | /* Allocate memory for the AEAD operation */ | |
879 | tfm = tipc_aead_tfm_next(aead); | |
880 | ctx = tipc_aead_mem_alloc(tfm, sizeof(*rx_ctx), &iv, &req, &sg, nsg); | |
881 | if (unlikely(!ctx)) | |
882 | return -ENOMEM; | |
883 | TIPC_SKB_CB(skb)->crypto_ctx = ctx; | |
884 | ||
885 | /* Map skb to the sg lists */ | |
886 | sg_init_table(sg, nsg); | |
887 | rc = skb_to_sgvec(skb, sg, 0, skb->len); | |
888 | if (unlikely(rc < 0)) { | |
889 | pr_err("RX: skb_to_sgvec() returned %d, nsg %d\n", rc, nsg); | |
890 | goto exit; | |
891 | } | |
892 | ||
893 | /* Reconstruct IV: */ | |
894 | ehdr = (struct tipc_ehdr *)skb->data; | |
895 | salt = aead->salt; | |
896 | if (aead->mode == CLUSTER_KEY) | |
897 | salt ^= ehdr->addr; /* __be32 */ | |
898 | else if (ehdr->destined) | |
899 | salt ^= tipc_own_addr(net); | |
900 | memcpy(iv, &salt, 4); | |
901 | memcpy(iv + 4, (u8 *)&ehdr->seqno, 8); | |
902 | ||
903 | /* Prepare request */ | |
904 | ehsz = tipc_ehdr_size(ehdr); | |
905 | aead_request_set_tfm(req, tfm); | |
906 | aead_request_set_ad(req, ehsz); | |
907 | aead_request_set_crypt(req, sg, sg, skb->len - ehsz, iv); | |
908 | ||
909 | /* Set callback function & data */ | |
910 | aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
911 | tipc_aead_decrypt_done, skb); | |
912 | rx_ctx = (struct tipc_crypto_rx_ctx *)ctx; | |
913 | rx_ctx->aead = aead; | |
914 | rx_ctx->bearer = b; | |
915 | ||
916 | /* Hold bearer */ | |
917 | if (unlikely(!tipc_bearer_hold(b))) { | |
918 | rc = -ENODEV; | |
919 | goto exit; | |
920 | } | |
921 | ||
922 | /* Now, do decrypt */ | |
923 | rc = crypto_aead_decrypt(req); | |
924 | if (rc == -EINPROGRESS || rc == -EBUSY) | |
925 | return rc; | |
926 | ||
927 | tipc_bearer_put(b); | |
928 | ||
929 | exit: | |
930 | kfree(ctx); | |
931 | TIPC_SKB_CB(skb)->crypto_ctx = NULL; | |
932 | return rc; | |
933 | } | |
934 | ||
935 | static void tipc_aead_decrypt_done(struct crypto_async_request *base, int err) | |
936 | { | |
937 | struct sk_buff *skb = base->data; | |
938 | struct tipc_crypto_rx_ctx *rx_ctx = TIPC_SKB_CB(skb)->crypto_ctx; | |
939 | struct tipc_bearer *b = rx_ctx->bearer; | |
940 | struct tipc_aead *aead = rx_ctx->aead; | |
941 | struct tipc_crypto_stats __percpu *stats = aead->crypto->stats; | |
942 | struct net *net = aead->crypto->net; | |
943 | ||
944 | switch (err) { | |
945 | case 0: | |
946 | this_cpu_inc(stats->stat[STAT_ASYNC_OK]); | |
947 | break; | |
948 | case -EINPROGRESS: | |
949 | return; | |
950 | default: | |
951 | this_cpu_inc(stats->stat[STAT_ASYNC_NOK]); | |
952 | break; | |
953 | } | |
954 | ||
955 | kfree(rx_ctx); | |
956 | tipc_crypto_rcv_complete(net, aead, b, &skb, err); | |
957 | if (likely(skb)) { | |
958 | if (likely(test_bit(0, &b->up))) | |
959 | tipc_rcv(net, skb, b); | |
960 | else | |
961 | kfree_skb(skb); | |
962 | } | |
963 | ||
964 | tipc_bearer_put(b); | |
965 | } | |
966 | ||
967 | static inline int tipc_ehdr_size(struct tipc_ehdr *ehdr) | |
968 | { | |
969 | return (ehdr->user != LINK_CONFIG) ? EHDR_SIZE : EHDR_CFG_SIZE; | |
970 | } | |
971 | ||
972 | /** | |
973 | * tipc_ehdr_validate - Validate an encryption message | |
974 | * @skb: the message buffer | |
975 | * | |
976 | * Returns "true" if this is a valid encryption message, otherwise "false" | |
977 | */ | |
978 | bool tipc_ehdr_validate(struct sk_buff *skb) | |
979 | { | |
980 | struct tipc_ehdr *ehdr; | |
981 | int ehsz; | |
982 | ||
983 | if (unlikely(!pskb_may_pull(skb, EHDR_MIN_SIZE))) | |
984 | return false; | |
985 | ||
986 | ehdr = (struct tipc_ehdr *)skb->data; | |
987 | if (unlikely(ehdr->version != TIPC_EVERSION)) | |
988 | return false; | |
989 | ehsz = tipc_ehdr_size(ehdr); | |
990 | if (unlikely(!pskb_may_pull(skb, ehsz))) | |
991 | return false; | |
992 | if (unlikely(skb->len <= ehsz + TIPC_AES_GCM_TAG_SIZE)) | |
993 | return false; | |
fc1b6d6d TL |
994 | |
995 | return true; | |
996 | } | |
997 | ||
998 | /** | |
999 | * tipc_ehdr_build - Build TIPC encryption message header | |
1000 | * @net: struct net | |
1001 | * @aead: TX AEAD key to be used for the message encryption | |
1002 | * @tx_key: key id used for the message encryption | |
1003 | * @skb: input/output message skb | |
1004 | * @__rx: RX crypto handle if dest is "known" | |
1005 | * | |
1006 | * Return: the header size if the building is successful, otherwise < 0 | |
1007 | */ | |
1008 | static int tipc_ehdr_build(struct net *net, struct tipc_aead *aead, | |
1009 | u8 tx_key, struct sk_buff *skb, | |
1010 | struct tipc_crypto *__rx) | |
1011 | { | |
1012 | struct tipc_msg *hdr = buf_msg(skb); | |
1013 | struct tipc_ehdr *ehdr; | |
1014 | u32 user = msg_user(hdr); | |
1015 | u64 seqno; | |
1016 | int ehsz; | |
1017 | ||
1018 | /* Make room for encryption header */ | |
1019 | ehsz = (user != LINK_CONFIG) ? EHDR_SIZE : EHDR_CFG_SIZE; | |
1020 | WARN_ON(skb_headroom(skb) < ehsz); | |
1021 | ehdr = (struct tipc_ehdr *)skb_push(skb, ehsz); | |
1022 | ||
1023 | /* Obtain a seqno first: | |
1024 | * Use the key seqno (= cluster wise) if dest is unknown or we're in | |
1025 | * cluster key mode, otherwise it's better for a per-peer seqno! | |
1026 | */ | |
1027 | if (!__rx || aead->mode == CLUSTER_KEY) | |
1028 | seqno = atomic64_inc_return(&aead->seqno); | |
1029 | else | |
1030 | seqno = atomic64_inc_return(&__rx->sndnxt); | |
1031 | ||
1032 | /* Revoke the key if seqno is wrapped around */ | |
1033 | if (unlikely(!seqno)) | |
1034 | return tipc_crypto_key_revoke(net, tx_key); | |
1035 | ||
1036 | /* Word 1-2 */ | |
1037 | ehdr->seqno = cpu_to_be64(seqno); | |
1038 | ||
1039 | /* Words 0, 3- */ | |
1040 | ehdr->version = TIPC_EVERSION; | |
1041 | ehdr->user = 0; | |
1042 | ehdr->keepalive = 0; | |
1043 | ehdr->tx_key = tx_key; | |
1044 | ehdr->destined = (__rx) ? 1 : 0; | |
1045 | ehdr->rx_key_active = (__rx) ? __rx->key.active : 0; | |
1ef6f7c9 | 1046 | ehdr->rx_nokey = (__rx) ? __rx->nokey : 0; |
daef1ee3 | 1047 | ehdr->master_key = aead->crypto->key_master; |
fc1b6d6d TL |
1048 | ehdr->reserved_1 = 0; |
1049 | ehdr->reserved_2 = 0; | |
1050 | ||
1051 | switch (user) { | |
1052 | case LINK_CONFIG: | |
1053 | ehdr->user = LINK_CONFIG; | |
1054 | memcpy(ehdr->id, tipc_own_id(net), NODE_ID_LEN); | |
1055 | break; | |
1056 | default: | |
1057 | if (user == LINK_PROTOCOL && msg_type(hdr) == STATE_MSG) { | |
1058 | ehdr->user = LINK_PROTOCOL; | |
1059 | ehdr->keepalive = msg_is_keepalive(hdr); | |
1060 | } | |
1061 | ehdr->addr = hdr->hdr[3]; | |
1062 | break; | |
1063 | } | |
1064 | ||
1065 | return ehsz; | |
1066 | } | |
1067 | ||
1068 | static inline void tipc_crypto_key_set_state(struct tipc_crypto *c, | |
1069 | u8 new_passive, | |
1070 | u8 new_active, | |
1071 | u8 new_pending) | |
1072 | { | |
fc1b6d6d TL |
1073 | struct tipc_key old = c->key; |
1074 | char buf[32]; | |
fc1b6d6d TL |
1075 | |
1076 | c->key.keys = ((new_passive & KEY_MASK) << (KEY_BITS * 2)) | | |
1077 | ((new_active & KEY_MASK) << (KEY_BITS)) | | |
1078 | ((new_pending & KEY_MASK)); | |
1079 | ||
f779bf79 TL |
1080 | pr_debug("%s: key changing %s ::%pS\n", c->name, |
1081 | tipc_key_change_dump(old, c->key, buf), | |
1082 | __builtin_return_address(0)); | |
fc1b6d6d TL |
1083 | } |
1084 | ||
1085 | /** | |
1086 | * tipc_crypto_key_init - Initiate a new user / AEAD key | |
1087 | * @c: TIPC crypto to which new key is attached | |
1088 | * @ukey: the user key | |
1089 | * @mode: the key mode (CLUSTER_KEY or PER_NODE_KEY) | |
daef1ee3 | 1090 | * @master_key: specify this is a cluster master key |
fc1b6d6d TL |
1091 | * |
1092 | * A new TIPC AEAD key will be allocated and initiated with the specified user | |
1093 | * key, then attached to the TIPC crypto. | |
1094 | * | |
1095 | * Return: new key id in case of success, otherwise: < 0 | |
1096 | */ | |
1097 | int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey, | |
daef1ee3 | 1098 | u8 mode, bool master_key) |
fc1b6d6d TL |
1099 | { |
1100 | struct tipc_aead *aead = NULL; | |
1101 | int rc = 0; | |
1102 | ||
1103 | /* Initiate with the new user key */ | |
1104 | rc = tipc_aead_init(&aead, ukey, mode); | |
1105 | ||
1106 | /* Attach it to the crypto */ | |
1107 | if (likely(!rc)) { | |
daef1ee3 | 1108 | rc = tipc_crypto_key_attach(c, aead, 0, master_key); |
fc1b6d6d TL |
1109 | if (rc < 0) |
1110 | tipc_aead_free(&aead->rcu); | |
1111 | } | |
1112 | ||
fc1b6d6d TL |
1113 | return rc; |
1114 | } | |
1115 | ||
1116 | /** | |
1117 | * tipc_crypto_key_attach - Attach a new AEAD key to TIPC crypto | |
1118 | * @c: TIPC crypto to which the new AEAD key is attached | |
1119 | * @aead: the new AEAD key pointer | |
1120 | * @pos: desired slot in the crypto key array, = 0 if any! | |
daef1ee3 | 1121 | * @master_key: specify this is a cluster master key |
fc1b6d6d TL |
1122 | * |
1123 | * Return: new key id in case of success, otherwise: -EBUSY | |
1124 | */ | |
1125 | static int tipc_crypto_key_attach(struct tipc_crypto *c, | |
daef1ee3 TL |
1126 | struct tipc_aead *aead, u8 pos, |
1127 | bool master_key) | |
fc1b6d6d | 1128 | { |
fc1b6d6d TL |
1129 | struct tipc_key key; |
1130 | int rc = -EBUSY; | |
f779bf79 | 1131 | u8 new_key; |
fc1b6d6d TL |
1132 | |
1133 | spin_lock_bh(&c->lock); | |
1134 | key = c->key; | |
daef1ee3 TL |
1135 | if (master_key) { |
1136 | new_key = KEY_MASTER; | |
1137 | goto attach; | |
1138 | } | |
fc1b6d6d TL |
1139 | if (key.active && key.passive) |
1140 | goto exit; | |
fc1b6d6d | 1141 | if (key.pending) { |
fc1b6d6d TL |
1142 | if (tipc_aead_users(c->aead[key.pending]) > 0) |
1143 | goto exit; | |
f779bf79 | 1144 | /* if (pos): ok with replacing, will be aligned when needed */ |
fc1b6d6d | 1145 | /* Replace it */ |
f779bf79 | 1146 | new_key = key.pending; |
fc1b6d6d TL |
1147 | } else { |
1148 | if (pos) { | |
1149 | if (key.active && pos != key_next(key.active)) { | |
f779bf79 TL |
1150 | key.passive = pos; |
1151 | new_key = pos; | |
fc1b6d6d TL |
1152 | goto attach; |
1153 | } else if (!key.active && !key.passive) { | |
f779bf79 TL |
1154 | key.pending = pos; |
1155 | new_key = pos; | |
fc1b6d6d TL |
1156 | goto attach; |
1157 | } | |
1158 | } | |
f779bf79 TL |
1159 | key.pending = key_next(key.active ?: key.passive); |
1160 | new_key = key.pending; | |
fc1b6d6d TL |
1161 | } |
1162 | ||
1163 | attach: | |
1164 | aead->crypto = c; | |
1ef6f7c9 | 1165 | aead->gen = (is_tx(c)) ? ++c->key_gen : c->key_gen; |
fc1b6d6d | 1166 | tipc_aead_rcu_replace(c->aead[new_key], aead, &c->lock); |
f779bf79 TL |
1167 | if (likely(c->key.keys != key.keys)) |
1168 | tipc_crypto_key_set_state(c, key.passive, key.active, | |
1169 | key.pending); | |
fc1b6d6d | 1170 | c->working = 1; |
1ef6f7c9 | 1171 | c->nokey = 0; |
daef1ee3 | 1172 | c->key_master |= master_key; |
fc1b6d6d TL |
1173 | rc = new_key; |
1174 | ||
1175 | exit: | |
1176 | spin_unlock_bh(&c->lock); | |
1177 | return rc; | |
1178 | } | |
1179 | ||
1180 | void tipc_crypto_key_flush(struct tipc_crypto *c) | |
1181 | { | |
1ef6f7c9 | 1182 | struct tipc_crypto *tx, *rx; |
fc1b6d6d TL |
1183 | int k; |
1184 | ||
1185 | spin_lock_bh(&c->lock); | |
1ef6f7c9 TL |
1186 | if (is_rx(c)) { |
1187 | /* Try to cancel pending work */ | |
1188 | rx = c; | |
1189 | tx = tipc_net(rx->net)->crypto_tx; | |
1190 | if (cancel_delayed_work(&rx->work)) { | |
1191 | kfree(rx->skey); | |
1192 | rx->skey = NULL; | |
1193 | atomic_xchg(&rx->key_distr, 0); | |
1194 | tipc_node_put(rx->node); | |
1195 | } | |
1196 | /* RX stopping => decrease TX key users if any */ | |
1197 | k = atomic_xchg(&rx->peer_rx_active, 0); | |
1198 | if (k) { | |
1199 | tipc_aead_users_dec(tx->aead[k], 0); | |
1200 | /* Mark the point TX key users changed */ | |
1201 | tx->timer1 = jiffies; | |
1202 | } | |
1203 | } | |
1204 | ||
daef1ee3 | 1205 | c->flags = 0; |
fc1b6d6d TL |
1206 | tipc_crypto_key_set_state(c, 0, 0, 0); |
1207 | for (k = KEY_MIN; k <= KEY_MAX; k++) | |
1208 | tipc_crypto_key_detach(c->aead[k], &c->lock); | |
fc1b6d6d TL |
1209 | atomic64_set(&c->sndnxt, 0); |
1210 | spin_unlock_bh(&c->lock); | |
1211 | } | |
1212 | ||
1213 | /** | |
1214 | * tipc_crypto_key_try_align - Align RX keys if possible | |
1215 | * @rx: RX crypto handle | |
1216 | * @new_pending: new pending slot if aligned (= TX key from peer) | |
1217 | * | |
1218 | * Peer has used an unknown key slot, this only happens when peer has left and | |
1219 | * rejoned, or we are newcomer. | |
1220 | * That means, there must be no active key but a pending key at unaligned slot. | |
1221 | * If so, we try to move the pending key to the new slot. | |
1222 | * Note: A potential passive key can exist, it will be shifted correspondingly! | |
1223 | * | |
1224 | * Return: "true" if key is successfully aligned, otherwise "false" | |
1225 | */ | |
1226 | static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending) | |
1227 | { | |
1228 | struct tipc_aead *tmp1, *tmp2 = NULL; | |
1229 | struct tipc_key key; | |
1230 | bool aligned = false; | |
1231 | u8 new_passive = 0; | |
1232 | int x; | |
1233 | ||
1234 | spin_lock(&rx->lock); | |
1235 | key = rx->key; | |
1236 | if (key.pending == new_pending) { | |
1237 | aligned = true; | |
1238 | goto exit; | |
1239 | } | |
1240 | if (key.active) | |
1241 | goto exit; | |
1242 | if (!key.pending) | |
1243 | goto exit; | |
1244 | if (tipc_aead_users(rx->aead[key.pending]) > 0) | |
1245 | goto exit; | |
1246 | ||
1247 | /* Try to "isolate" this pending key first */ | |
1248 | tmp1 = tipc_aead_rcu_ptr(rx->aead[key.pending], &rx->lock); | |
1249 | if (!refcount_dec_if_one(&tmp1->refcnt)) | |
1250 | goto exit; | |
1251 | rcu_assign_pointer(rx->aead[key.pending], NULL); | |
1252 | ||
1253 | /* Move passive key if any */ | |
1254 | if (key.passive) { | |
1a271ebb | 1255 | tmp2 = rcu_replace_pointer(rx->aead[key.passive], tmp2, lockdep_is_held(&rx->lock)); |
fc1b6d6d TL |
1256 | x = (key.passive - key.pending + new_pending) % KEY_MAX; |
1257 | new_passive = (x <= 0) ? x + KEY_MAX : x; | |
1258 | } | |
1259 | ||
1260 | /* Re-allocate the key(s) */ | |
1261 | tipc_crypto_key_set_state(rx, new_passive, 0, new_pending); | |
1262 | rcu_assign_pointer(rx->aead[new_pending], tmp1); | |
1263 | if (new_passive) | |
1264 | rcu_assign_pointer(rx->aead[new_passive], tmp2); | |
1265 | refcount_set(&tmp1->refcnt, 1); | |
1266 | aligned = true; | |
f779bf79 TL |
1267 | pr_info_ratelimited("%s: key[%d] -> key[%d]\n", rx->name, key.pending, |
1268 | new_pending); | |
fc1b6d6d TL |
1269 | |
1270 | exit: | |
1271 | spin_unlock(&rx->lock); | |
1272 | return aligned; | |
1273 | } | |
1274 | ||
1275 | /** | |
1276 | * tipc_crypto_key_pick_tx - Pick one TX key for message decryption | |
1277 | * @tx: TX crypto handle | |
1278 | * @rx: RX crypto handle (can be NULL) | |
1279 | * @skb: the message skb which will be decrypted later | |
daef1ee3 | 1280 | * @tx_key: peer TX key id |
fc1b6d6d TL |
1281 | * |
1282 | * This function looks up the existing TX keys and pick one which is suitable | |
1283 | * for the message decryption, that must be a cluster key and not used before | |
1284 | * on the same message (i.e. recursive). | |
1285 | * | |
1286 | * Return: the TX AEAD key handle in case of success, otherwise NULL | |
1287 | */ | |
1288 | static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, | |
1289 | struct tipc_crypto *rx, | |
daef1ee3 TL |
1290 | struct sk_buff *skb, |
1291 | u8 tx_key) | |
fc1b6d6d TL |
1292 | { |
1293 | struct tipc_skb_cb *skb_cb = TIPC_SKB_CB(skb); | |
1294 | struct tipc_aead *aead = NULL; | |
1295 | struct tipc_key key = tx->key; | |
1296 | u8 k, i = 0; | |
1297 | ||
1298 | /* Initialize data if not yet */ | |
1299 | if (!skb_cb->tx_clone_deferred) { | |
1300 | skb_cb->tx_clone_deferred = 1; | |
1301 | memset(&skb_cb->tx_clone_ctx, 0, sizeof(skb_cb->tx_clone_ctx)); | |
1302 | } | |
1303 | ||
1304 | skb_cb->tx_clone_ctx.rx = rx; | |
1305 | if (++skb_cb->tx_clone_ctx.recurs > 2) | |
1306 | return NULL; | |
1307 | ||
1308 | /* Pick one TX key */ | |
1309 | spin_lock(&tx->lock); | |
daef1ee3 TL |
1310 | if (tx_key == KEY_MASTER) { |
1311 | aead = tipc_aead_rcu_ptr(tx->aead[KEY_MASTER], &tx->lock); | |
1312 | goto done; | |
1313 | } | |
fc1b6d6d TL |
1314 | do { |
1315 | k = (i == 0) ? key.pending : | |
1316 | ((i == 1) ? key.active : key.passive); | |
1317 | if (!k) | |
1318 | continue; | |
1319 | aead = tipc_aead_rcu_ptr(tx->aead[k], &tx->lock); | |
1320 | if (!aead) | |
1321 | continue; | |
1322 | if (aead->mode != CLUSTER_KEY || | |
1323 | aead == skb_cb->tx_clone_ctx.last) { | |
1324 | aead = NULL; | |
1325 | continue; | |
1326 | } | |
1327 | /* Ok, found one cluster key */ | |
1328 | skb_cb->tx_clone_ctx.last = aead; | |
1329 | WARN_ON(skb->next); | |
1330 | skb->next = skb_clone(skb, GFP_ATOMIC); | |
1331 | if (unlikely(!skb->next)) | |
1332 | pr_warn("Failed to clone skb for next round if any\n"); | |
fc1b6d6d TL |
1333 | break; |
1334 | } while (++i < 3); | |
daef1ee3 TL |
1335 | |
1336 | done: | |
1337 | if (likely(aead)) | |
1338 | WARN_ON(!refcount_inc_not_zero(&aead->refcnt)); | |
fc1b6d6d TL |
1339 | spin_unlock(&tx->lock); |
1340 | ||
1341 | return aead; | |
1342 | } | |
1343 | ||
1344 | /** | |
1345 | * tipc_crypto_key_synch: Synch own key data according to peer key status | |
1346 | * @rx: RX crypto handle | |
f779bf79 | 1347 | * @skb: TIPCv2 message buffer (incl. the ehdr from peer) |
fc1b6d6d TL |
1348 | * |
1349 | * This function updates the peer node related data as the peer RX active key | |
1350 | * has changed, so the number of TX keys' users on this node are increased and | |
1351 | * decreased correspondingly. | |
1352 | * | |
daef1ee3 | 1353 | * It also considers if peer has no key, then we need to make own master key |
1ef6f7c9 TL |
1354 | * (if any) taking over i.e. starting grace period and also trigger key |
1355 | * distributing process. | |
daef1ee3 | 1356 | * |
fc1b6d6d TL |
1357 | * The "per-peer" sndnxt is also reset when the peer key has switched. |
1358 | */ | |
f779bf79 | 1359 | static void tipc_crypto_key_synch(struct tipc_crypto *rx, struct sk_buff *skb) |
fc1b6d6d | 1360 | { |
f779bf79 TL |
1361 | struct tipc_ehdr *ehdr = (struct tipc_ehdr *)skb_network_header(skb); |
1362 | struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; | |
1363 | struct tipc_msg *hdr = buf_msg(skb); | |
1364 | u32 self = tipc_own_addr(rx->net); | |
1365 | u8 cur, new; | |
1ef6f7c9 | 1366 | unsigned long delay; |
fc1b6d6d | 1367 | |
daef1ee3 TL |
1368 | /* Update RX 'key_master' flag according to peer, also mark "legacy" if |
1369 | * a peer has no master key. | |
1370 | */ | |
1371 | rx->key_master = ehdr->master_key; | |
1372 | if (!rx->key_master) | |
1373 | tx->legacy_user = 1; | |
1374 | ||
1375 | /* For later cases, apply only if message is destined to this node */ | |
f779bf79 | 1376 | if (!ehdr->destined || msg_short(hdr) || msg_destnode(hdr) != self) |
fc1b6d6d TL |
1377 | return; |
1378 | ||
daef1ee3 | 1379 | /* Case 1: Peer has no keys, let's make master key take over */ |
1ef6f7c9 | 1380 | if (ehdr->rx_nokey) { |
daef1ee3 TL |
1381 | /* Set or extend grace period */ |
1382 | tx->timer2 = jiffies; | |
1ef6f7c9 TL |
1383 | /* Schedule key distributing for the peer if not yet */ |
1384 | if (tx->key.keys && | |
1385 | !atomic_cmpxchg(&rx->key_distr, 0, KEY_DISTR_SCHED)) { | |
1386 | get_random_bytes(&delay, 2); | |
1387 | delay %= 5; | |
1388 | delay = msecs_to_jiffies(500 * ++delay); | |
1389 | if (queue_delayed_work(tx->wq, &rx->work, delay)) | |
1390 | tipc_node_get(rx->node); | |
1391 | } | |
1392 | } else { | |
1393 | /* Cancel a pending key distributing if any */ | |
1394 | atomic_xchg(&rx->key_distr, 0); | |
1395 | } | |
daef1ee3 TL |
1396 | |
1397 | /* Case 2: Peer RX active key has changed, let's update own TX users */ | |
f779bf79 TL |
1398 | cur = atomic_read(&rx->peer_rx_active); |
1399 | new = ehdr->rx_key_active; | |
1400 | if (tx->key.keys && | |
1401 | cur != new && | |
1402 | atomic_cmpxchg(&rx->peer_rx_active, cur, new) == cur) { | |
1403 | if (new) | |
1404 | tipc_aead_users_inc(tx->aead[new], INT_MAX); | |
1405 | if (cur) | |
1406 | tipc_aead_users_dec(tx->aead[cur], 0); | |
fc1b6d6d TL |
1407 | |
1408 | atomic64_set(&rx->sndnxt, 0); | |
1409 | /* Mark the point TX key users changed */ | |
1410 | tx->timer1 = jiffies; | |
1411 | ||
f779bf79 TL |
1412 | pr_debug("%s: key users changed %d-- %d++, peer %s\n", |
1413 | tx->name, cur, new, rx->name); | |
fc1b6d6d TL |
1414 | } |
1415 | } | |
1416 | ||
1417 | static int tipc_crypto_key_revoke(struct net *net, u8 tx_key) | |
1418 | { | |
1419 | struct tipc_crypto *tx = tipc_net(net)->crypto_tx; | |
1420 | struct tipc_key key; | |
1421 | ||
1422 | spin_lock(&tx->lock); | |
1423 | key = tx->key; | |
1424 | WARN_ON(!key.active || tx_key != key.active); | |
1425 | ||
1426 | /* Free the active key */ | |
1427 | tipc_crypto_key_set_state(tx, key.passive, 0, key.pending); | |
1428 | tipc_crypto_key_detach(tx->aead[key.active], &tx->lock); | |
1429 | spin_unlock(&tx->lock); | |
1430 | ||
f779bf79 | 1431 | pr_warn("%s: key is revoked\n", tx->name); |
fc1b6d6d TL |
1432 | return -EKEYREVOKED; |
1433 | } | |
1434 | ||
1435 | int tipc_crypto_start(struct tipc_crypto **crypto, struct net *net, | |
1436 | struct tipc_node *node) | |
1437 | { | |
1438 | struct tipc_crypto *c; | |
1439 | ||
1440 | if (*crypto) | |
1441 | return -EEXIST; | |
1442 | ||
1443 | /* Allocate crypto */ | |
1444 | c = kzalloc(sizeof(*c), GFP_ATOMIC); | |
1445 | if (!c) | |
1446 | return -ENOMEM; | |
1447 | ||
1ef6f7c9 TL |
1448 | /* Allocate workqueue on TX */ |
1449 | if (!node) { | |
1450 | c->wq = alloc_ordered_workqueue("tipc_crypto", 0); | |
1451 | if (!c->wq) { | |
1452 | kfree(c); | |
1453 | return -ENOMEM; | |
1454 | } | |
1455 | } | |
1456 | ||
fc1b6d6d TL |
1457 | /* Allocate statistic structure */ |
1458 | c->stats = alloc_percpu_gfp(struct tipc_crypto_stats, GFP_ATOMIC); | |
1459 | if (!c->stats) { | |
453431a5 | 1460 | kfree_sensitive(c); |
fc1b6d6d TL |
1461 | return -ENOMEM; |
1462 | } | |
1463 | ||
daef1ee3 | 1464 | c->flags = 0; |
fc1b6d6d TL |
1465 | c->net = net; |
1466 | c->node = node; | |
1ef6f7c9 | 1467 | get_random_bytes(&c->key_gen, 2); |
fc1b6d6d | 1468 | tipc_crypto_key_set_state(c, 0, 0, 0); |
1ef6f7c9 | 1469 | atomic_set(&c->key_distr, 0); |
fc1b6d6d TL |
1470 | atomic_set(&c->peer_rx_active, 0); |
1471 | atomic64_set(&c->sndnxt, 0); | |
1472 | c->timer1 = jiffies; | |
1473 | c->timer2 = jiffies; | |
1474 | spin_lock_init(&c->lock); | |
f779bf79 TL |
1475 | scnprintf(c->name, 48, "%s(%s)", (is_rx(c)) ? "RX" : "TX", |
1476 | (is_rx(c)) ? tipc_node_get_id_str(c->node) : | |
1477 | tipc_own_id_string(c->net)); | |
fc1b6d6d | 1478 | |
1ef6f7c9 TL |
1479 | if (is_rx(c)) |
1480 | INIT_DELAYED_WORK(&c->work, tipc_crypto_work_rx); | |
1481 | ||
f779bf79 | 1482 | *crypto = c; |
fc1b6d6d TL |
1483 | return 0; |
1484 | } | |
1485 | ||
1486 | void tipc_crypto_stop(struct tipc_crypto **crypto) | |
1487 | { | |
1ef6f7c9 | 1488 | struct tipc_crypto *c = *crypto; |
fc1b6d6d TL |
1489 | u8 k; |
1490 | ||
f779bf79 | 1491 | if (!c) |
fc1b6d6d TL |
1492 | return; |
1493 | ||
1ef6f7c9 TL |
1494 | /* Flush any queued works & destroy wq */ |
1495 | if (is_tx(c)) | |
1496 | destroy_workqueue(c->wq); | |
fc1b6d6d TL |
1497 | |
1498 | /* Release AEAD keys */ | |
1ef6f7c9 | 1499 | rcu_read_lock(); |
fc1b6d6d TL |
1500 | for (k = KEY_MIN; k <= KEY_MAX; k++) |
1501 | tipc_aead_put(rcu_dereference(c->aead[k])); | |
1502 | rcu_read_unlock(); | |
f779bf79 | 1503 | pr_debug("%s: has been stopped\n", c->name); |
fc1b6d6d TL |
1504 | |
1505 | /* Free this crypto statistics */ | |
1506 | free_percpu(c->stats); | |
1507 | ||
1508 | *crypto = NULL; | |
453431a5 | 1509 | kfree_sensitive(c); |
fc1b6d6d TL |
1510 | } |
1511 | ||
1512 | void tipc_crypto_timeout(struct tipc_crypto *rx) | |
1513 | { | |
1514 | struct tipc_net *tn = tipc_net(rx->net); | |
1515 | struct tipc_crypto *tx = tn->crypto_tx; | |
1516 | struct tipc_key key; | |
fc1b6d6d TL |
1517 | int cmd; |
1518 | ||
f779bf79 | 1519 | /* TX pending: taking all users & stable -> active */ |
fc1b6d6d TL |
1520 | spin_lock(&tx->lock); |
1521 | key = tx->key; | |
1522 | if (key.active && tipc_aead_users(tx->aead[key.active]) > 0) | |
1523 | goto s1; | |
1524 | if (!key.pending || tipc_aead_users(tx->aead[key.pending]) <= 0) | |
1525 | goto s1; | |
f779bf79 | 1526 | if (time_before(jiffies, tx->timer1 + TIPC_TX_LASTING_TIME)) |
fc1b6d6d TL |
1527 | goto s1; |
1528 | ||
1529 | tipc_crypto_key_set_state(tx, key.passive, key.pending, 0); | |
1530 | if (key.active) | |
1531 | tipc_crypto_key_detach(tx->aead[key.active], &tx->lock); | |
1532 | this_cpu_inc(tx->stats->stat[STAT_SWITCHES]); | |
f779bf79 | 1533 | pr_info("%s: key[%d] is activated\n", tx->name, key.pending); |
fc1b6d6d TL |
1534 | |
1535 | s1: | |
1536 | spin_unlock(&tx->lock); | |
1537 | ||
f779bf79 | 1538 | /* RX pending: having user -> active */ |
fc1b6d6d TL |
1539 | spin_lock(&rx->lock); |
1540 | key = rx->key; | |
1541 | if (!key.pending || tipc_aead_users(rx->aead[key.pending]) <= 0) | |
1542 | goto s2; | |
1543 | ||
f779bf79 TL |
1544 | if (key.active) |
1545 | key.passive = key.active; | |
1546 | key.active = key.pending; | |
1547 | rx->timer2 = jiffies; | |
1548 | tipc_crypto_key_set_state(rx, key.passive, key.active, 0); | |
fc1b6d6d | 1549 | this_cpu_inc(rx->stats->stat[STAT_SWITCHES]); |
f779bf79 | 1550 | pr_info("%s: key[%d] is activated\n", rx->name, key.pending); |
fc1b6d6d TL |
1551 | goto s5; |
1552 | ||
1553 | s2: | |
f779bf79 TL |
1554 | /* RX pending: not working -> remove */ |
1555 | if (!key.pending || tipc_aead_users(rx->aead[key.pending]) > -10) | |
fc1b6d6d TL |
1556 | goto s3; |
1557 | ||
f779bf79 TL |
1558 | tipc_crypto_key_set_state(rx, key.passive, key.active, 0); |
1559 | tipc_crypto_key_detach(rx->aead[key.pending], &rx->lock); | |
1560 | pr_debug("%s: key[%d] is removed\n", rx->name, key.pending); | |
fc1b6d6d TL |
1561 | goto s5; |
1562 | ||
1563 | s3: | |
f779bf79 | 1564 | /* RX active: timed out or no user -> pending */ |
fc1b6d6d TL |
1565 | if (!key.active) |
1566 | goto s4; | |
f779bf79 TL |
1567 | if (time_before(jiffies, rx->timer1 + TIPC_RX_ACTIVE_LIM) && |
1568 | tipc_aead_users(rx->aead[key.active]) > 0) | |
fc1b6d6d TL |
1569 | goto s4; |
1570 | ||
f779bf79 TL |
1571 | if (key.pending) |
1572 | key.passive = key.active; | |
1573 | else | |
1574 | key.pending = key.active; | |
1575 | rx->timer2 = jiffies; | |
1576 | tipc_crypto_key_set_state(rx, key.passive, 0, key.pending); | |
1577 | tipc_aead_users_set(rx->aead[key.pending], 0); | |
1578 | pr_debug("%s: key[%d] is deactivated\n", rx->name, key.active); | |
fc1b6d6d TL |
1579 | goto s5; |
1580 | ||
1581 | s4: | |
f779bf79 TL |
1582 | /* RX passive: outdated or not working -> free */ |
1583 | if (!key.passive) | |
fc1b6d6d | 1584 | goto s5; |
f779bf79 TL |
1585 | if (time_before(jiffies, rx->timer2 + TIPC_RX_PASSIVE_LIM) && |
1586 | tipc_aead_users(rx->aead[key.passive]) > -10) | |
fc1b6d6d TL |
1587 | goto s5; |
1588 | ||
1589 | tipc_crypto_key_set_state(rx, 0, key.active, key.pending); | |
1590 | tipc_crypto_key_detach(rx->aead[key.passive], &rx->lock); | |
f779bf79 | 1591 | pr_debug("%s: key[%d] is freed\n", rx->name, key.passive); |
fc1b6d6d TL |
1592 | |
1593 | s5: | |
1594 | spin_unlock(&rx->lock); | |
1595 | ||
daef1ee3 TL |
1596 | /* Relax it here, the flag will be set again if it really is, but only |
1597 | * when we are not in grace period for safety! | |
1598 | */ | |
1599 | if (time_after(jiffies, tx->timer2 + TIPC_TX_GRACE_PERIOD)) | |
1600 | tx->legacy_user = 0; | |
1601 | ||
fc1b6d6d TL |
1602 | /* Limit max_tfms & do debug commands if needed */ |
1603 | if (likely(sysctl_tipc_max_tfms <= TIPC_MAX_TFMS_LIM)) | |
1604 | return; | |
1605 | ||
1606 | cmd = sysctl_tipc_max_tfms; | |
1607 | sysctl_tipc_max_tfms = TIPC_MAX_TFMS_DEF; | |
1608 | tipc_crypto_do_cmd(rx->net, cmd); | |
1609 | } | |
1610 | ||
daef1ee3 TL |
1611 | static inline void tipc_crypto_clone_msg(struct net *net, struct sk_buff *_skb, |
1612 | struct tipc_bearer *b, | |
1613 | struct tipc_media_addr *dst, | |
1614 | struct tipc_node *__dnode, u8 type) | |
1615 | { | |
1616 | struct sk_buff *skb; | |
1617 | ||
1618 | skb = skb_clone(_skb, GFP_ATOMIC); | |
1619 | if (skb) { | |
1620 | TIPC_SKB_CB(skb)->xmit_type = type; | |
1621 | tipc_crypto_xmit(net, &skb, b, dst, __dnode); | |
1622 | if (skb) | |
1623 | b->media->send_msg(net, skb, b, dst); | |
1624 | } | |
1625 | } | |
1626 | ||
fc1b6d6d TL |
1627 | /** |
1628 | * tipc_crypto_xmit - Build & encrypt TIPC message for xmit | |
1629 | * @net: struct net | |
1630 | * @skb: input/output message skb pointer | |
1631 | * @b: bearer used for xmit later | |
1632 | * @dst: destination media address | |
1633 | * @__dnode: destination node for reference if any | |
1634 | * | |
1635 | * First, build an encryption message header on the top of the message, then | |
daef1ee3 TL |
1636 | * encrypt the original TIPC message by using the pending, master or active |
1637 | * key with this preference order. | |
fc1b6d6d TL |
1638 | * If the encryption is successful, the encrypted skb is returned directly or |
1639 | * via the callback. | |
1640 | * Otherwise, the skb is freed! | |
1641 | * | |
1642 | * Return: | |
1643 | * 0 : the encryption has succeeded (or no encryption) | |
1644 | * -EINPROGRESS/-EBUSY : the encryption is ongoing, a callback will be made | |
1645 | * -ENOKEK : the encryption has failed due to no key | |
1646 | * -EKEYREVOKED : the encryption has failed due to key revoked | |
1647 | * -ENOMEM : the encryption has failed due to no memory | |
1648 | * < 0 : the encryption has failed due to other reasons | |
1649 | */ | |
1650 | int tipc_crypto_xmit(struct net *net, struct sk_buff **skb, | |
1651 | struct tipc_bearer *b, struct tipc_media_addr *dst, | |
1652 | struct tipc_node *__dnode) | |
1653 | { | |
1654 | struct tipc_crypto *__rx = tipc_node_crypto_rx(__dnode); | |
1655 | struct tipc_crypto *tx = tipc_net(net)->crypto_tx; | |
1656 | struct tipc_crypto_stats __percpu *stats = tx->stats; | |
f779bf79 | 1657 | struct tipc_msg *hdr = buf_msg(*skb); |
fc1b6d6d TL |
1658 | struct tipc_key key = tx->key; |
1659 | struct tipc_aead *aead = NULL; | |
f779bf79 | 1660 | u32 user = msg_user(hdr); |
daef1ee3 TL |
1661 | u32 type = msg_type(hdr); |
1662 | int rc = -ENOKEY; | |
1663 | u8 tx_key = 0; | |
fc1b6d6d TL |
1664 | |
1665 | /* No encryption? */ | |
1666 | if (!tx->working) | |
1667 | return 0; | |
1668 | ||
daef1ee3 | 1669 | /* Pending key if peer has active on it or probing time */ |
fc1b6d6d TL |
1670 | if (unlikely(key.pending)) { |
1671 | tx_key = key.pending; | |
daef1ee3 | 1672 | if (!tx->key_master && !key.active) |
fc1b6d6d TL |
1673 | goto encrypt; |
1674 | if (__rx && atomic_read(&__rx->peer_rx_active) == tx_key) | |
1675 | goto encrypt; | |
daef1ee3 | 1676 | if (TIPC_SKB_CB(*skb)->xmit_type == SKB_PROBING) { |
f779bf79 TL |
1677 | pr_debug("%s: probing for key[%d]\n", tx->name, |
1678 | key.pending); | |
fc1b6d6d | 1679 | goto encrypt; |
f779bf79 | 1680 | } |
daef1ee3 TL |
1681 | if (user == LINK_CONFIG || user == LINK_PROTOCOL) |
1682 | tipc_crypto_clone_msg(net, *skb, b, dst, __dnode, | |
1683 | SKB_PROBING); | |
1684 | } | |
1685 | ||
1686 | /* Master key if this is a *vital* message or in grace period */ | |
1687 | if (tx->key_master) { | |
1688 | tx_key = KEY_MASTER; | |
1689 | if (!key.active) | |
1690 | goto encrypt; | |
1691 | if (TIPC_SKB_CB(*skb)->xmit_type == SKB_GRACING) { | |
1692 | pr_debug("%s: gracing for msg (%d %d)\n", tx->name, | |
1693 | user, type); | |
1694 | goto encrypt; | |
1695 | } | |
1696 | if (user == LINK_CONFIG || | |
1697 | (user == LINK_PROTOCOL && type == RESET_MSG) || | |
1ef6f7c9 | 1698 | (user == MSG_CRYPTO && type == KEY_DISTR_MSG) || |
daef1ee3 TL |
1699 | time_before(jiffies, tx->timer2 + TIPC_TX_GRACE_PERIOD)) { |
1700 | if (__rx && __rx->key_master && | |
1701 | !atomic_read(&__rx->peer_rx_active)) | |
1702 | goto encrypt; | |
1703 | if (!__rx) { | |
1704 | if (likely(!tx->legacy_user)) | |
1705 | goto encrypt; | |
1706 | tipc_crypto_clone_msg(net, *skb, b, dst, | |
1707 | __dnode, SKB_GRACING); | |
fc1b6d6d TL |
1708 | } |
1709 | } | |
1710 | } | |
daef1ee3 | 1711 | |
fc1b6d6d TL |
1712 | /* Else, use the active key if any */ |
1713 | if (likely(key.active)) { | |
1714 | tx_key = key.active; | |
1715 | goto encrypt; | |
1716 | } | |
daef1ee3 | 1717 | |
fc1b6d6d TL |
1718 | goto exit; |
1719 | ||
1720 | encrypt: | |
1721 | aead = tipc_aead_get(tx->aead[tx_key]); | |
1722 | if (unlikely(!aead)) | |
1723 | goto exit; | |
1724 | rc = tipc_ehdr_build(net, aead, tx_key, *skb, __rx); | |
1725 | if (likely(rc > 0)) | |
1726 | rc = tipc_aead_encrypt(aead, *skb, b, dst, __dnode); | |
1727 | ||
1728 | exit: | |
1729 | switch (rc) { | |
1730 | case 0: | |
1731 | this_cpu_inc(stats->stat[STAT_OK]); | |
1732 | break; | |
1733 | case -EINPROGRESS: | |
1734 | case -EBUSY: | |
1735 | this_cpu_inc(stats->stat[STAT_ASYNC]); | |
1736 | *skb = NULL; | |
1737 | return rc; | |
1738 | default: | |
1739 | this_cpu_inc(stats->stat[STAT_NOK]); | |
1740 | if (rc == -ENOKEY) | |
1741 | this_cpu_inc(stats->stat[STAT_NOKEYS]); | |
1742 | else if (rc == -EKEYREVOKED) | |
1743 | this_cpu_inc(stats->stat[STAT_BADKEYS]); | |
1744 | kfree_skb(*skb); | |
1745 | *skb = NULL; | |
1746 | break; | |
1747 | } | |
1748 | ||
1749 | tipc_aead_put(aead); | |
1750 | return rc; | |
1751 | } | |
1752 | ||
1753 | /** | |
1754 | * tipc_crypto_rcv - Decrypt an encrypted TIPC message from peer | |
1755 | * @net: struct net | |
1756 | * @rx: RX crypto handle | |
1757 | * @skb: input/output message skb pointer | |
1758 | * @b: bearer where the message has been received | |
1759 | * | |
1760 | * If the decryption is successful, the decrypted skb is returned directly or | |
1761 | * as the callback, the encryption header and auth tag will be trimed out | |
1762 | * before forwarding to tipc_rcv() via the tipc_crypto_rcv_complete(). | |
1763 | * Otherwise, the skb will be freed! | |
1764 | * Note: RX key(s) can be re-aligned, or in case of no key suitable, TX | |
1765 | * cluster key(s) can be taken for decryption (- recursive). | |
1766 | * | |
1767 | * Return: | |
1768 | * 0 : the decryption has successfully completed | |
1769 | * -EINPROGRESS/-EBUSY : the decryption is ongoing, a callback will be made | |
1770 | * -ENOKEY : the decryption has failed due to no key | |
1771 | * -EBADMSG : the decryption has failed due to bad message | |
1772 | * -ENOMEM : the decryption has failed due to no memory | |
1773 | * < 0 : the decryption has failed due to other reasons | |
1774 | */ | |
1775 | int tipc_crypto_rcv(struct net *net, struct tipc_crypto *rx, | |
1776 | struct sk_buff **skb, struct tipc_bearer *b) | |
1777 | { | |
1778 | struct tipc_crypto *tx = tipc_net(net)->crypto_tx; | |
1779 | struct tipc_crypto_stats __percpu *stats; | |
1780 | struct tipc_aead *aead = NULL; | |
1781 | struct tipc_key key; | |
1782 | int rc = -ENOKEY; | |
1ef6f7c9 | 1783 | u8 tx_key, n; |
daef1ee3 TL |
1784 | |
1785 | tx_key = ((struct tipc_ehdr *)(*skb)->data)->tx_key; | |
fc1b6d6d TL |
1786 | |
1787 | /* New peer? | |
1788 | * Let's try with TX key (i.e. cluster mode) & verify the skb first! | |
1789 | */ | |
daef1ee3 | 1790 | if (unlikely(!rx || tx_key == KEY_MASTER)) |
fc1b6d6d TL |
1791 | goto pick_tx; |
1792 | ||
f779bf79 | 1793 | /* Pick RX key according to TX key if any */ |
fc1b6d6d | 1794 | key = rx->key; |
f779bf79 TL |
1795 | if (tx_key == key.active || tx_key == key.pending || |
1796 | tx_key == key.passive) | |
fc1b6d6d | 1797 | goto decrypt; |
fc1b6d6d TL |
1798 | |
1799 | /* Unknown key, let's try to align RX key(s) */ | |
1800 | if (tipc_crypto_key_try_align(rx, tx_key)) | |
1801 | goto decrypt; | |
1802 | ||
1803 | pick_tx: | |
1804 | /* No key suitable? Try to pick one from TX... */ | |
daef1ee3 | 1805 | aead = tipc_crypto_key_pick_tx(tx, rx, *skb, tx_key); |
fc1b6d6d TL |
1806 | if (aead) |
1807 | goto decrypt; | |
1808 | goto exit; | |
1809 | ||
1810 | decrypt: | |
1811 | rcu_read_lock(); | |
1812 | if (!aead) | |
1813 | aead = tipc_aead_get(rx->aead[tx_key]); | |
1814 | rc = tipc_aead_decrypt(net, aead, *skb, b); | |
1815 | rcu_read_unlock(); | |
1816 | ||
1817 | exit: | |
1818 | stats = ((rx) ?: tx)->stats; | |
1819 | switch (rc) { | |
1820 | case 0: | |
1821 | this_cpu_inc(stats->stat[STAT_OK]); | |
1822 | break; | |
1823 | case -EINPROGRESS: | |
1824 | case -EBUSY: | |
1825 | this_cpu_inc(stats->stat[STAT_ASYNC]); | |
1826 | *skb = NULL; | |
1827 | return rc; | |
1828 | default: | |
1829 | this_cpu_inc(stats->stat[STAT_NOK]); | |
1830 | if (rc == -ENOKEY) { | |
1831 | kfree_skb(*skb); | |
1832 | *skb = NULL; | |
1ef6f7c9 TL |
1833 | if (rx) { |
1834 | /* Mark rx->nokey only if we dont have a | |
1835 | * pending received session key, nor a newer | |
1836 | * one i.e. in the next slot. | |
1837 | */ | |
1838 | n = key_next(tx_key); | |
1839 | rx->nokey = !(rx->skey || | |
1840 | rcu_access_pointer(rx->aead[n])); | |
1841 | pr_debug_ratelimited("%s: nokey %d, key %d/%x\n", | |
1842 | rx->name, rx->nokey, | |
1843 | tx_key, rx->key.keys); | |
fc1b6d6d | 1844 | tipc_node_put(rx->node); |
1ef6f7c9 | 1845 | } |
fc1b6d6d TL |
1846 | this_cpu_inc(stats->stat[STAT_NOKEYS]); |
1847 | return rc; | |
1848 | } else if (rc == -EBADMSG) { | |
1849 | this_cpu_inc(stats->stat[STAT_BADMSGS]); | |
1850 | } | |
1851 | break; | |
1852 | } | |
1853 | ||
1854 | tipc_crypto_rcv_complete(net, aead, b, skb, rc); | |
1855 | return rc; | |
1856 | } | |
1857 | ||
1858 | static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, | |
1859 | struct tipc_bearer *b, | |
1860 | struct sk_buff **skb, int err) | |
1861 | { | |
1862 | struct tipc_skb_cb *skb_cb = TIPC_SKB_CB(*skb); | |
1863 | struct tipc_crypto *rx = aead->crypto; | |
1864 | struct tipc_aead *tmp = NULL; | |
1865 | struct tipc_ehdr *ehdr; | |
1866 | struct tipc_node *n; | |
fc1b6d6d TL |
1867 | |
1868 | /* Is this completed by TX? */ | |
f779bf79 | 1869 | if (unlikely(is_tx(aead->crypto))) { |
fc1b6d6d | 1870 | rx = skb_cb->tx_clone_ctx.rx; |
f779bf79 TL |
1871 | pr_debug("TX->RX(%s): err %d, aead %p, skb->next %p, flags %x\n", |
1872 | (rx) ? tipc_node_get_id_str(rx->node) : "-", err, aead, | |
1873 | (*skb)->next, skb_cb->flags); | |
1874 | pr_debug("skb_cb [recurs %d, last %p], tx->aead [%p %p %p]\n", | |
1875 | skb_cb->tx_clone_ctx.recurs, skb_cb->tx_clone_ctx.last, | |
1876 | aead->crypto->aead[1], aead->crypto->aead[2], | |
1877 | aead->crypto->aead[3]); | |
fc1b6d6d TL |
1878 | if (unlikely(err)) { |
1879 | if (err == -EBADMSG && (*skb)->next) | |
1880 | tipc_rcv(net, (*skb)->next, b); | |
1881 | goto free_skb; | |
1882 | } | |
1883 | ||
1884 | if (likely((*skb)->next)) { | |
1885 | kfree_skb((*skb)->next); | |
1886 | (*skb)->next = NULL; | |
1887 | } | |
1888 | ehdr = (struct tipc_ehdr *)(*skb)->data; | |
1889 | if (!rx) { | |
1890 | WARN_ON(ehdr->user != LINK_CONFIG); | |
1891 | n = tipc_node_create(net, 0, ehdr->id, 0xffffu, 0, | |
1892 | true); | |
1893 | rx = tipc_node_crypto_rx(n); | |
1894 | if (unlikely(!rx)) | |
1895 | goto free_skb; | |
1896 | } | |
1897 | ||
daef1ee3 TL |
1898 | /* Ignore cloning if it was TX master key */ |
1899 | if (ehdr->tx_key == KEY_MASTER) | |
1900 | goto rcv; | |
fc1b6d6d TL |
1901 | if (tipc_aead_clone(&tmp, aead) < 0) |
1902 | goto rcv; | |
daef1ee3 | 1903 | if (tipc_crypto_key_attach(rx, tmp, ehdr->tx_key, false) < 0) { |
fc1b6d6d TL |
1904 | tipc_aead_free(&tmp->rcu); |
1905 | goto rcv; | |
1906 | } | |
1907 | tipc_aead_put(aead); | |
1908 | aead = tipc_aead_get(tmp); | |
1909 | } | |
1910 | ||
1911 | if (unlikely(err)) { | |
1912 | tipc_aead_users_dec(aead, INT_MIN); | |
1913 | goto free_skb; | |
1914 | } | |
1915 | ||
1916 | /* Set the RX key's user */ | |
1917 | tipc_aead_users_set(aead, 1); | |
1918 | ||
fc1b6d6d TL |
1919 | /* Mark this point, RX works */ |
1920 | rx->timer1 = jiffies; | |
1921 | ||
daef1ee3 | 1922 | rcv: |
fc1b6d6d TL |
1923 | /* Remove ehdr & auth. tag prior to tipc_rcv() */ |
1924 | ehdr = (struct tipc_ehdr *)(*skb)->data; | |
f779bf79 TL |
1925 | |
1926 | /* Mark this point, RX passive still works */ | |
1927 | if (rx->key.passive && ehdr->tx_key == rx->key.passive) | |
1928 | rx->timer2 = jiffies; | |
1929 | ||
1930 | skb_reset_network_header(*skb); | |
fc1b6d6d TL |
1931 | skb_pull(*skb, tipc_ehdr_size(ehdr)); |
1932 | pskb_trim(*skb, (*skb)->len - aead->authsize); | |
1933 | ||
1934 | /* Validate TIPCv2 message */ | |
1935 | if (unlikely(!tipc_msg_validate(skb))) { | |
1936 | pr_err_ratelimited("Packet dropped after decryption!\n"); | |
1937 | goto free_skb; | |
1938 | } | |
1939 | ||
f779bf79 TL |
1940 | /* Ok, everything's fine, try to synch own keys according to peers' */ |
1941 | tipc_crypto_key_synch(rx, *skb); | |
fc1b6d6d TL |
1942 | |
1943 | /* Mark skb decrypted */ | |
1944 | skb_cb->decrypted = 1; | |
1945 | ||
1946 | /* Clear clone cxt if any */ | |
1947 | if (likely(!skb_cb->tx_clone_deferred)) | |
1948 | goto exit; | |
1949 | skb_cb->tx_clone_deferred = 0; | |
1950 | memset(&skb_cb->tx_clone_ctx, 0, sizeof(skb_cb->tx_clone_ctx)); | |
1951 | goto exit; | |
1952 | ||
1953 | free_skb: | |
1954 | kfree_skb(*skb); | |
1955 | *skb = NULL; | |
1956 | ||
1957 | exit: | |
1958 | tipc_aead_put(aead); | |
1959 | if (rx) | |
1960 | tipc_node_put(rx->node); | |
1961 | } | |
1962 | ||
1963 | static void tipc_crypto_do_cmd(struct net *net, int cmd) | |
1964 | { | |
1965 | struct tipc_net *tn = tipc_net(net); | |
1966 | struct tipc_crypto *tx = tn->crypto_tx, *rx; | |
1967 | struct list_head *p; | |
1968 | unsigned int stat; | |
1969 | int i, j, cpu; | |
1970 | char buf[200]; | |
1971 | ||
1972 | /* Currently only one command is supported */ | |
1973 | switch (cmd) { | |
1974 | case 0xfff1: | |
1975 | goto print_stats; | |
1976 | default: | |
1977 | return; | |
1978 | } | |
1979 | ||
1980 | print_stats: | |
1981 | /* Print a header */ | |
1982 | pr_info("\n=============== TIPC Crypto Statistics ===============\n\n"); | |
1983 | ||
1984 | /* Print key status */ | |
1985 | pr_info("Key status:\n"); | |
1986 | pr_info("TX(%7.7s)\n%s", tipc_own_id_string(net), | |
1987 | tipc_crypto_key_dump(tx, buf)); | |
1988 | ||
1989 | rcu_read_lock(); | |
1990 | for (p = tn->node_list.next; p != &tn->node_list; p = p->next) { | |
1991 | rx = tipc_node_crypto_rx_by_list(p); | |
1992 | pr_info("RX(%7.7s)\n%s", tipc_node_get_id_str(rx->node), | |
1993 | tipc_crypto_key_dump(rx, buf)); | |
1994 | } | |
1995 | rcu_read_unlock(); | |
1996 | ||
1997 | /* Print crypto statistics */ | |
1998 | for (i = 0, j = 0; i < MAX_STATS; i++) | |
1999 | j += scnprintf(buf + j, 200 - j, "|%11s ", hstats[i]); | |
f779bf79 | 2000 | pr_info("Counter %s", buf); |
fc1b6d6d TL |
2001 | |
2002 | memset(buf, '-', 115); | |
2003 | buf[115] = '\0'; | |
2004 | pr_info("%s\n", buf); | |
2005 | ||
2006 | j = scnprintf(buf, 200, "TX(%7.7s) ", tipc_own_id_string(net)); | |
2007 | for_each_possible_cpu(cpu) { | |
2008 | for (i = 0; i < MAX_STATS; i++) { | |
2009 | stat = per_cpu_ptr(tx->stats, cpu)->stat[i]; | |
2010 | j += scnprintf(buf + j, 200 - j, "|%11d ", stat); | |
2011 | } | |
2012 | pr_info("%s", buf); | |
2013 | j = scnprintf(buf, 200, "%12s", " "); | |
2014 | } | |
2015 | ||
2016 | rcu_read_lock(); | |
2017 | for (p = tn->node_list.next; p != &tn->node_list; p = p->next) { | |
2018 | rx = tipc_node_crypto_rx_by_list(p); | |
2019 | j = scnprintf(buf, 200, "RX(%7.7s) ", | |
2020 | tipc_node_get_id_str(rx->node)); | |
2021 | for_each_possible_cpu(cpu) { | |
2022 | for (i = 0; i < MAX_STATS; i++) { | |
2023 | stat = per_cpu_ptr(rx->stats, cpu)->stat[i]; | |
2024 | j += scnprintf(buf + j, 200 - j, "|%11d ", | |
2025 | stat); | |
2026 | } | |
2027 | pr_info("%s", buf); | |
2028 | j = scnprintf(buf, 200, "%12s", " "); | |
2029 | } | |
2030 | } | |
2031 | rcu_read_unlock(); | |
2032 | ||
2033 | pr_info("\n======================== Done ========================\n"); | |
2034 | } | |
2035 | ||
2036 | static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf) | |
2037 | { | |
2038 | struct tipc_key key = c->key; | |
2039 | struct tipc_aead *aead; | |
2040 | int k, i = 0; | |
2041 | char *s; | |
2042 | ||
2043 | for (k = KEY_MIN; k <= KEY_MAX; k++) { | |
daef1ee3 TL |
2044 | if (k == KEY_MASTER) { |
2045 | if (is_rx(c)) | |
2046 | continue; | |
2047 | if (time_before(jiffies, | |
2048 | c->timer2 + TIPC_TX_GRACE_PERIOD)) | |
2049 | s = "ACT"; | |
2050 | else | |
2051 | s = "PAS"; | |
2052 | } else { | |
2053 | if (k == key.passive) | |
2054 | s = "PAS"; | |
2055 | else if (k == key.active) | |
2056 | s = "ACT"; | |
2057 | else if (k == key.pending) | |
2058 | s = "PEN"; | |
2059 | else | |
2060 | s = "-"; | |
2061 | } | |
fc1b6d6d TL |
2062 | i += scnprintf(buf + i, 200 - i, "\tKey%d: %s", k, s); |
2063 | ||
2064 | rcu_read_lock(); | |
2065 | aead = rcu_dereference(c->aead[k]); | |
2066 | if (aead) | |
2067 | i += scnprintf(buf + i, 200 - i, | |
f779bf79 | 2068 | "{\"0x...%s\", \"%s\"}/%d:%d", |
fc1b6d6d TL |
2069 | aead->hint, |
2070 | (aead->mode == CLUSTER_KEY) ? "c" : "p", | |
2071 | atomic_read(&aead->users), | |
2072 | refcount_read(&aead->refcnt)); | |
2073 | rcu_read_unlock(); | |
2074 | i += scnprintf(buf + i, 200 - i, "\n"); | |
2075 | } | |
2076 | ||
f779bf79 | 2077 | if (is_rx(c)) |
fc1b6d6d TL |
2078 | i += scnprintf(buf + i, 200 - i, "\tPeer RX active: %d\n", |
2079 | atomic_read(&c->peer_rx_active)); | |
2080 | ||
2081 | return buf; | |
2082 | } | |
2083 | ||
fc1b6d6d TL |
2084 | static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, |
2085 | char *buf) | |
2086 | { | |
2087 | struct tipc_key *key = &old; | |
2088 | int k, i = 0; | |
2089 | char *s; | |
2090 | ||
2091 | /* Output format: "[%s %s %s] -> [%s %s %s]", max len = 32 */ | |
2092 | again: | |
2093 | i += scnprintf(buf + i, 32 - i, "["); | |
daef1ee3 | 2094 | for (k = KEY_1; k <= KEY_3; k++) { |
fc1b6d6d TL |
2095 | if (k == key->passive) |
2096 | s = "pas"; | |
2097 | else if (k == key->active) | |
2098 | s = "act"; | |
2099 | else if (k == key->pending) | |
2100 | s = "pen"; | |
2101 | else | |
2102 | s = "-"; | |
2103 | i += scnprintf(buf + i, 32 - i, | |
daef1ee3 | 2104 | (k != KEY_3) ? "%s " : "%s", s); |
fc1b6d6d TL |
2105 | } |
2106 | if (key != &new) { | |
2107 | i += scnprintf(buf + i, 32 - i, "] -> "); | |
2108 | key = &new; | |
2109 | goto again; | |
2110 | } | |
2111 | i += scnprintf(buf + i, 32 - i, "]"); | |
2112 | return buf; | |
2113 | } | |
1ef6f7c9 TL |
2114 | |
2115 | /** | |
2116 | * tipc_crypto_msg_rcv - Common 'MSG_CRYPTO' processing point | |
2117 | * @net: the struct net | |
2118 | * @skb: the receiving message buffer | |
2119 | */ | |
2120 | void tipc_crypto_msg_rcv(struct net *net, struct sk_buff *skb) | |
2121 | { | |
2122 | struct tipc_crypto *rx; | |
2123 | struct tipc_msg *hdr; | |
2124 | ||
2125 | if (unlikely(skb_linearize(skb))) | |
2126 | goto exit; | |
2127 | ||
2128 | hdr = buf_msg(skb); | |
2129 | rx = tipc_node_crypto_rx_by_addr(net, msg_prevnode(hdr)); | |
2130 | if (unlikely(!rx)) | |
2131 | goto exit; | |
2132 | ||
2133 | switch (msg_type(hdr)) { | |
2134 | case KEY_DISTR_MSG: | |
2135 | if (tipc_crypto_key_rcv(rx, hdr)) | |
2136 | goto exit; | |
2137 | break; | |
2138 | default: | |
2139 | break; | |
2140 | } | |
2141 | ||
2142 | tipc_node_put(rx->node); | |
2143 | ||
2144 | exit: | |
2145 | kfree_skb(skb); | |
2146 | } | |
2147 | ||
2148 | /** | |
2149 | * tipc_crypto_key_distr - Distribute a TX key | |
2150 | * @tx: the TX crypto | |
2151 | * @key: the key's index | |
2152 | * @dest: the destination tipc node, = NULL if distributing to all nodes | |
2153 | * | |
2154 | * Return: 0 in case of success, otherwise < 0 | |
2155 | */ | |
2156 | int tipc_crypto_key_distr(struct tipc_crypto *tx, u8 key, | |
2157 | struct tipc_node *dest) | |
2158 | { | |
2159 | struct tipc_aead *aead; | |
2160 | u32 dnode = tipc_node_get_addr(dest); | |
2161 | int rc = -ENOKEY; | |
2162 | ||
2163 | if (!sysctl_tipc_key_exchange_enabled) | |
2164 | return 0; | |
2165 | ||
2166 | if (key) { | |
2167 | rcu_read_lock(); | |
2168 | aead = tipc_aead_get(tx->aead[key]); | |
2169 | if (likely(aead)) { | |
2170 | rc = tipc_crypto_key_xmit(tx->net, aead->key, | |
2171 | aead->gen, aead->mode, | |
2172 | dnode); | |
2173 | tipc_aead_put(aead); | |
2174 | } | |
2175 | rcu_read_unlock(); | |
2176 | } | |
2177 | ||
2178 | return rc; | |
2179 | } | |
2180 | ||
2181 | /** | |
2182 | * tipc_crypto_key_xmit - Send a session key | |
2183 | * @net: the struct net | |
2184 | * @skey: the session key to be sent | |
2185 | * @gen: the key's generation | |
2186 | * @mode: the key's mode | |
2187 | * @dnode: the destination node address, = 0 if broadcasting to all nodes | |
2188 | * | |
2189 | * The session key 'skey' is packed in a TIPC v2 'MSG_CRYPTO/KEY_DISTR_MSG' | |
2190 | * as its data section, then xmit-ed through the uc/bc link. | |
2191 | * | |
2192 | * Return: 0 in case of success, otherwise < 0 | |
2193 | */ | |
2194 | static int tipc_crypto_key_xmit(struct net *net, struct tipc_aead_key *skey, | |
2195 | u16 gen, u8 mode, u32 dnode) | |
2196 | { | |
2197 | struct sk_buff_head pkts; | |
2198 | struct tipc_msg *hdr; | |
2199 | struct sk_buff *skb; | |
2200 | u16 size, cong_link_cnt; | |
2201 | u8 *data; | |
2202 | int rc; | |
2203 | ||
2204 | size = tipc_aead_key_size(skey); | |
2205 | skb = tipc_buf_acquire(INT_H_SIZE + size, GFP_ATOMIC); | |
2206 | if (!skb) | |
2207 | return -ENOMEM; | |
2208 | ||
2209 | hdr = buf_msg(skb); | |
2210 | tipc_msg_init(tipc_own_addr(net), hdr, MSG_CRYPTO, KEY_DISTR_MSG, | |
2211 | INT_H_SIZE, dnode); | |
2212 | msg_set_size(hdr, INT_H_SIZE + size); | |
2213 | msg_set_key_gen(hdr, gen); | |
2214 | msg_set_key_mode(hdr, mode); | |
2215 | ||
2216 | data = msg_data(hdr); | |
2217 | *((__be32 *)(data + TIPC_AEAD_ALG_NAME)) = htonl(skey->keylen); | |
2218 | memcpy(data, skey->alg_name, TIPC_AEAD_ALG_NAME); | |
2219 | memcpy(data + TIPC_AEAD_ALG_NAME + sizeof(__be32), skey->key, | |
2220 | skey->keylen); | |
2221 | ||
2222 | __skb_queue_head_init(&pkts); | |
2223 | __skb_queue_tail(&pkts, skb); | |
2224 | if (dnode) | |
2225 | rc = tipc_node_xmit(net, &pkts, dnode, 0); | |
2226 | else | |
2227 | rc = tipc_bcast_xmit(net, &pkts, &cong_link_cnt); | |
2228 | ||
2229 | return rc; | |
2230 | } | |
2231 | ||
2232 | /** | |
2233 | * tipc_crypto_key_rcv - Receive a session key | |
2234 | * @rx: the RX crypto | |
2235 | * @hdr: the TIPC v2 message incl. the receiving session key in its data | |
2236 | * | |
2237 | * This function retrieves the session key in the message from peer, then | |
2238 | * schedules a RX work to attach the key to the corresponding RX crypto. | |
2239 | * | |
2240 | * Return: "true" if the key has been scheduled for attaching, otherwise | |
2241 | * "false". | |
2242 | */ | |
2243 | static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr) | |
2244 | { | |
2245 | struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; | |
2246 | struct tipc_aead_key *skey = NULL; | |
2247 | u16 key_gen = msg_key_gen(hdr); | |
2248 | u16 size = msg_data_sz(hdr); | |
2249 | u8 *data = msg_data(hdr); | |
2250 | ||
2251 | spin_lock(&rx->lock); | |
2252 | if (unlikely(rx->skey || (key_gen == rx->key_gen && rx->key.keys))) { | |
2253 | pr_err("%s: key existed <%p>, gen %d vs %d\n", rx->name, | |
2254 | rx->skey, key_gen, rx->key_gen); | |
2255 | goto exit; | |
2256 | } | |
2257 | ||
2258 | /* Allocate memory for the key */ | |
2259 | skey = kmalloc(size, GFP_ATOMIC); | |
2260 | if (unlikely(!skey)) { | |
2261 | pr_err("%s: unable to allocate memory for skey\n", rx->name); | |
2262 | goto exit; | |
2263 | } | |
2264 | ||
2265 | /* Copy key from msg data */ | |
2266 | skey->keylen = ntohl(*((__be32 *)(data + TIPC_AEAD_ALG_NAME))); | |
2267 | memcpy(skey->alg_name, data, TIPC_AEAD_ALG_NAME); | |
2268 | memcpy(skey->key, data + TIPC_AEAD_ALG_NAME + sizeof(__be32), | |
2269 | skey->keylen); | |
2270 | ||
2271 | /* Sanity check */ | |
2272 | if (unlikely(size != tipc_aead_key_size(skey))) { | |
2273 | kfree(skey); | |
2274 | skey = NULL; | |
2275 | goto exit; | |
2276 | } | |
2277 | ||
2278 | rx->key_gen = key_gen; | |
2279 | rx->skey_mode = msg_key_mode(hdr); | |
2280 | rx->skey = skey; | |
2281 | rx->nokey = 0; | |
2282 | mb(); /* for nokey flag */ | |
2283 | ||
2284 | exit: | |
2285 | spin_unlock(&rx->lock); | |
2286 | ||
2287 | /* Schedule the key attaching on this crypto */ | |
2288 | if (likely(skey && queue_delayed_work(tx->wq, &rx->work, 0))) | |
2289 | return true; | |
2290 | ||
2291 | return false; | |
2292 | } | |
2293 | ||
2294 | /** | |
2295 | * tipc_crypto_work_rx - Scheduled RX works handler | |
2296 | * @work: the struct RX work | |
2297 | * | |
2298 | * The function processes the previous scheduled works i.e. distributing TX key | |
2299 | * or attaching a received session key on RX crypto. | |
2300 | */ | |
2301 | static void tipc_crypto_work_rx(struct work_struct *work) | |
2302 | { | |
2303 | struct delayed_work *dwork = to_delayed_work(work); | |
2304 | struct tipc_crypto *rx = container_of(dwork, struct tipc_crypto, work); | |
2305 | struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; | |
2306 | unsigned long delay = msecs_to_jiffies(5000); | |
2307 | bool resched = false; | |
2308 | u8 key; | |
2309 | int rc; | |
2310 | ||
2311 | /* Case 1: Distribute TX key to peer if scheduled */ | |
2312 | if (atomic_cmpxchg(&rx->key_distr, | |
2313 | KEY_DISTR_SCHED, | |
2314 | KEY_DISTR_COMPL) == KEY_DISTR_SCHED) { | |
2315 | /* Always pick the newest one for distributing */ | |
2316 | key = tx->key.pending ?: tx->key.active; | |
2317 | rc = tipc_crypto_key_distr(tx, key, rx->node); | |
2318 | if (unlikely(rc)) | |
2319 | pr_warn("%s: unable to distr key[%d] to %s, err %d\n", | |
2320 | tx->name, key, tipc_node_get_id_str(rx->node), | |
2321 | rc); | |
2322 | ||
2323 | /* Sched for key_distr releasing */ | |
2324 | resched = true; | |
2325 | } else { | |
2326 | atomic_cmpxchg(&rx->key_distr, KEY_DISTR_COMPL, 0); | |
2327 | } | |
2328 | ||
2329 | /* Case 2: Attach a pending received session key from peer if any */ | |
2330 | if (rx->skey) { | |
2331 | rc = tipc_crypto_key_init(rx, rx->skey, rx->skey_mode, false); | |
2332 | if (unlikely(rc < 0)) | |
2333 | pr_warn("%s: unable to attach received skey, err %d\n", | |
2334 | rx->name, rc); | |
2335 | switch (rc) { | |
2336 | case -EBUSY: | |
2337 | case -ENOMEM: | |
2338 | /* Resched the key attaching */ | |
2339 | resched = true; | |
2340 | break; | |
2341 | default: | |
2342 | synchronize_rcu(); | |
2343 | kfree(rx->skey); | |
2344 | rx->skey = NULL; | |
2345 | break; | |
2346 | } | |
2347 | } | |
2348 | ||
2349 | if (resched && queue_delayed_work(tx->wq, &rx->work, delay)) | |
2350 | return; | |
2351 | ||
2352 | tipc_node_put(rx->node); | |
2353 | } |