Commit | Line | Data |
---|---|---|
fc1b6d6d | 1 | // SPDX-License-Identifier: GPL-2.0 |
5fcb7d47 | 2 | /* |
fc1b6d6d TL |
3 | * net/tipc/crypto.c: TIPC crypto for key handling & packet en/decryption |
4 | * | |
5 | * Copyright (c) 2019, Ericsson AB | |
6 | * All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions are met: | |
10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in the | |
15 | * documentation and/or other materials provided with the distribution. | |
16 | * 3. Neither the names of the copyright holders nor the names of its | |
17 | * contributors may be used to endorse or promote products derived from | |
18 | * this software without specific prior written permission. | |
19 | * | |
20 | * Alternatively, this software may be distributed under the terms of the | |
21 | * GNU General Public License ("GPL") version 2 as published by the Free | |
22 | * Software Foundation. | |
23 | * | |
24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
25 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | |
28 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
29 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
30 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
32 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
33 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
34 | * POSSIBILITY OF SUCH DAMAGE. | |
35 | */ | |
36 | ||
37 | #include <crypto/aead.h> | |
38 | #include <crypto/aes.h> | |
23700da2 | 39 | #include <crypto/rng.h> |
fc1b6d6d | 40 | #include "crypto.h" |
1ef6f7c9 TL |
41 | #include "msg.h" |
42 | #include "bcast.h" | |
fc1b6d6d | 43 | |
daef1ee3 | 44 | #define TIPC_TX_GRACE_PERIOD msecs_to_jiffies(5000) /* 5s */ |
f779bf79 | 45 | #define TIPC_TX_LASTING_TIME msecs_to_jiffies(10000) /* 10s */ |
fc1b6d6d | 46 | #define TIPC_RX_ACTIVE_LIM msecs_to_jiffies(3000) /* 3s */ |
f779bf79 TL |
47 | #define TIPC_RX_PASSIVE_LIM msecs_to_jiffies(15000) /* 15s */ |
48 | ||
fc1b6d6d TL |
49 | #define TIPC_MAX_TFMS_DEF 10 |
50 | #define TIPC_MAX_TFMS_LIM 1000 | |
51 | ||
23700da2 TL |
52 | #define TIPC_REKEYING_INTV_DEF (60 * 24) /* default: 1 day */ |
53 | ||
5fcb7d47 | 54 | /* |
fc1b6d6d TL |
55 | * TIPC Key ids |
56 | */ | |
57 | enum { | |
daef1ee3 TL |
58 | KEY_MASTER = 0, |
59 | KEY_MIN = KEY_MASTER, | |
60 | KEY_1 = 1, | |
fc1b6d6d TL |
61 | KEY_2, |
62 | KEY_3, | |
63 | KEY_MAX = KEY_3, | |
64 | }; | |
65 | ||
5fcb7d47 | 66 | /* |
fc1b6d6d TL |
67 | * TIPC Crypto statistics |
68 | */ | |
69 | enum { | |
70 | STAT_OK, | |
71 | STAT_NOK, | |
72 | STAT_ASYNC, | |
73 | STAT_ASYNC_OK, | |
74 | STAT_ASYNC_NOK, | |
75 | STAT_BADKEYS, /* tx only */ | |
76 | STAT_BADMSGS = STAT_BADKEYS, /* rx only */ | |
77 | STAT_NOKEYS, | |
78 | STAT_SWITCHES, | |
79 | ||
80 | MAX_STATS, | |
81 | }; | |
82 | ||
83 | /* TIPC crypto statistics' header */ | |
84 | static const char *hstats[MAX_STATS] = {"ok", "nok", "async", "async_ok", | |
85 | "async_nok", "badmsgs", "nokeys", | |
86 | "switches"}; | |
87 | ||
88 | /* Max TFMs number per key */ | |
89 | int sysctl_tipc_max_tfms __read_mostly = TIPC_MAX_TFMS_DEF; | |
1ef6f7c9 TL |
90 | /* Key exchange switch, default: on */ |
91 | int sysctl_tipc_key_exchange_enabled __read_mostly = 1; | |
fc1b6d6d | 92 | |
5fcb7d47 | 93 | /* |
fc1b6d6d TL |
94 | * struct tipc_key - TIPC keys' status indicator |
95 | * | |
96 | * 7 6 5 4 3 2 1 0 | |
97 | * +-----+-----+-----+-----+-----+-----+-----+-----+ | |
98 | * key: | (reserved)|passive idx| active idx|pending idx| | |
99 | * +-----+-----+-----+-----+-----+-----+-----+-----+ | |
100 | */ | |
101 | struct tipc_key { | |
102 | #define KEY_BITS (2) | |
103 | #define KEY_MASK ((1 << KEY_BITS) - 1) | |
104 | union { | |
105 | struct { | |
106 | #if defined(__LITTLE_ENDIAN_BITFIELD) | |
107 | u8 pending:2, | |
108 | active:2, | |
109 | passive:2, /* rx only */ | |
110 | reserved:2; | |
111 | #elif defined(__BIG_ENDIAN_BITFIELD) | |
112 | u8 reserved:2, | |
113 | passive:2, /* rx only */ | |
114 | active:2, | |
115 | pending:2; | |
116 | #else | |
117 | #error "Please fix <asm/byteorder.h>" | |
118 | #endif | |
119 | } __packed; | |
120 | u8 keys; | |
121 | }; | |
122 | }; | |
123 | ||
124 | /** | |
125 | * struct tipc_tfm - TIPC TFM structure to form a list of TFMs | |
5fcb7d47 RD |
126 | * @tfm: cipher handle/key |
127 | * @list: linked list of TFMs | |
fc1b6d6d TL |
128 | */ |
129 | struct tipc_tfm { | |
130 | struct crypto_aead *tfm; | |
131 | struct list_head list; | |
132 | }; | |
133 | ||
134 | /** | |
135 | * struct tipc_aead - TIPC AEAD key structure | |
136 | * @tfm_entry: per-cpu pointer to one entry in TFM list | |
137 | * @crypto: TIPC crypto owns this key | |
138 | * @cloned: reference to the source key in case cloning | |
139 | * @users: the number of the key users (TX/RX) | |
140 | * @salt: the key's SALT value | |
141 | * @authsize: authentication tag size (max = 16) | |
142 | * @mode: crypto mode is applied to the key | |
5fcb7d47 | 143 | * @hint: a hint for user key |
fc1b6d6d | 144 | * @rcu: struct rcu_head |
1ef6f7c9 TL |
145 | * @key: the aead key |
146 | * @gen: the key's generation | |
fc1b6d6d TL |
147 | * @seqno: the key seqno (cluster scope) |
148 | * @refcnt: the key reference counter | |
149 | */ | |
150 | struct tipc_aead { | |
151 | #define TIPC_AEAD_HINT_LEN (5) | |
152 | struct tipc_tfm * __percpu *tfm_entry; | |
153 | struct tipc_crypto *crypto; | |
154 | struct tipc_aead *cloned; | |
155 | atomic_t users; | |
156 | u32 salt; | |
157 | u8 authsize; | |
158 | u8 mode; | |
f779bf79 | 159 | char hint[2 * TIPC_AEAD_HINT_LEN + 1]; |
fc1b6d6d | 160 | struct rcu_head rcu; |
1ef6f7c9 TL |
161 | struct tipc_aead_key *key; |
162 | u16 gen; | |
fc1b6d6d TL |
163 | |
164 | atomic64_t seqno ____cacheline_aligned; | |
165 | refcount_t refcnt ____cacheline_aligned; | |
166 | ||
167 | } ____cacheline_aligned; | |
168 | ||
169 | /** | |
170 | * struct tipc_crypto_stats - TIPC Crypto statistics | |
5fcb7d47 | 171 | * @stat: array of crypto statistics |
fc1b6d6d TL |
172 | */ |
173 | struct tipc_crypto_stats { | |
174 | unsigned int stat[MAX_STATS]; | |
175 | }; | |
176 | ||
177 | /** | |
178 | * struct tipc_crypto - TIPC TX/RX crypto structure | |
179 | * @net: struct net | |
180 | * @node: TIPC node (RX) | |
181 | * @aead: array of pointers to AEAD keys for encryption/decryption | |
182 | * @peer_rx_active: replicated peer RX active key index | |
1ef6f7c9 | 183 | * @key_gen: TX/RX key generation |
fc1b6d6d | 184 | * @key: the key states |
1ef6f7c9 TL |
185 | * @skey_mode: session key's mode |
186 | * @skey: received session key | |
187 | * @wq: common workqueue on TX crypto | |
188 | * @work: delayed work sched for TX/RX | |
189 | * @key_distr: key distributing state | |
23700da2 | 190 | * @rekeying_intv: rekeying interval (in minutes) |
fc1b6d6d | 191 | * @stats: the crypto statistics |
f779bf79 | 192 | * @name: the crypto name |
fc1b6d6d TL |
193 | * @sndnxt: the per-peer sndnxt (TX) |
194 | * @timer1: general timer 1 (jiffies) | |
f779bf79 | 195 | * @timer2: general timer 2 (jiffies) |
daef1ee3 TL |
196 | * @working: the crypto is working or not |
197 | * @key_master: flag indicates if master key exists | |
198 | * @legacy_user: flag indicates if a peer joins w/o master key (for bwd comp.) | |
1ef6f7c9 | 199 | * @nokey: no key indication |
5fcb7d47 | 200 | * @flags: combined flags field |
fc1b6d6d TL |
201 | * @lock: tipc_key lock |
202 | */ | |
203 | struct tipc_crypto { | |
204 | struct net *net; | |
205 | struct tipc_node *node; | |
daef1ee3 | 206 | struct tipc_aead __rcu *aead[KEY_MAX + 1]; |
fc1b6d6d | 207 | atomic_t peer_rx_active; |
1ef6f7c9 | 208 | u16 key_gen; |
fc1b6d6d | 209 | struct tipc_key key; |
1ef6f7c9 TL |
210 | u8 skey_mode; |
211 | struct tipc_aead_key *skey; | |
212 | struct workqueue_struct *wq; | |
213 | struct delayed_work work; | |
214 | #define KEY_DISTR_SCHED 1 | |
215 | #define KEY_DISTR_COMPL 2 | |
216 | atomic_t key_distr; | |
23700da2 | 217 | u32 rekeying_intv; |
1ef6f7c9 | 218 | |
fc1b6d6d | 219 | struct tipc_crypto_stats __percpu *stats; |
f779bf79 | 220 | char name[48]; |
fc1b6d6d TL |
221 | |
222 | atomic64_t sndnxt ____cacheline_aligned; | |
223 | unsigned long timer1; | |
224 | unsigned long timer2; | |
daef1ee3 TL |
225 | union { |
226 | struct { | |
227 | u8 working:1; | |
228 | u8 key_master:1; | |
229 | u8 legacy_user:1; | |
1ef6f7c9 | 230 | u8 nokey: 1; |
daef1ee3 TL |
231 | }; |
232 | u8 flags; | |
233 | }; | |
fc1b6d6d TL |
234 | spinlock_t lock; /* crypto lock */ |
235 | ||
236 | } ____cacheline_aligned; | |
237 | ||
238 | /* struct tipc_crypto_tx_ctx - TX context for callbacks */ | |
239 | struct tipc_crypto_tx_ctx { | |
240 | struct tipc_aead *aead; | |
241 | struct tipc_bearer *bearer; | |
242 | struct tipc_media_addr dst; | |
243 | }; | |
244 | ||
245 | /* struct tipc_crypto_rx_ctx - RX context for callbacks */ | |
246 | struct tipc_crypto_rx_ctx { | |
247 | struct tipc_aead *aead; | |
248 | struct tipc_bearer *bearer; | |
249 | }; | |
250 | ||
251 | static struct tipc_aead *tipc_aead_get(struct tipc_aead __rcu *aead); | |
252 | static inline void tipc_aead_put(struct tipc_aead *aead); | |
253 | static void tipc_aead_free(struct rcu_head *rp); | |
254 | static int tipc_aead_users(struct tipc_aead __rcu *aead); | |
255 | static void tipc_aead_users_inc(struct tipc_aead __rcu *aead, int lim); | |
256 | static void tipc_aead_users_dec(struct tipc_aead __rcu *aead, int lim); | |
257 | static void tipc_aead_users_set(struct tipc_aead __rcu *aead, int val); | |
258 | static struct crypto_aead *tipc_aead_tfm_next(struct tipc_aead *aead); | |
259 | static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey, | |
260 | u8 mode); | |
261 | static int tipc_aead_clone(struct tipc_aead **dst, struct tipc_aead *src); | |
262 | static void *tipc_aead_mem_alloc(struct crypto_aead *tfm, | |
263 | unsigned int crypto_ctx_size, | |
264 | u8 **iv, struct aead_request **req, | |
265 | struct scatterlist **sg, int nsg); | |
266 | static int tipc_aead_encrypt(struct tipc_aead *aead, struct sk_buff *skb, | |
267 | struct tipc_bearer *b, | |
268 | struct tipc_media_addr *dst, | |
269 | struct tipc_node *__dnode); | |
270 | static void tipc_aead_encrypt_done(struct crypto_async_request *base, int err); | |
271 | static int tipc_aead_decrypt(struct net *net, struct tipc_aead *aead, | |
272 | struct sk_buff *skb, struct tipc_bearer *b); | |
273 | static void tipc_aead_decrypt_done(struct crypto_async_request *base, int err); | |
274 | static inline int tipc_ehdr_size(struct tipc_ehdr *ehdr); | |
275 | static int tipc_ehdr_build(struct net *net, struct tipc_aead *aead, | |
276 | u8 tx_key, struct sk_buff *skb, | |
277 | struct tipc_crypto *__rx); | |
278 | static inline void tipc_crypto_key_set_state(struct tipc_crypto *c, | |
279 | u8 new_passive, | |
280 | u8 new_active, | |
281 | u8 new_pending); | |
282 | static int tipc_crypto_key_attach(struct tipc_crypto *c, | |
daef1ee3 TL |
283 | struct tipc_aead *aead, u8 pos, |
284 | bool master_key); | |
fc1b6d6d TL |
285 | static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending); |
286 | static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, | |
287 | struct tipc_crypto *rx, | |
daef1ee3 TL |
288 | struct sk_buff *skb, |
289 | u8 tx_key); | |
f779bf79 | 290 | static void tipc_crypto_key_synch(struct tipc_crypto *rx, struct sk_buff *skb); |
fc1b6d6d | 291 | static int tipc_crypto_key_revoke(struct net *net, u8 tx_key); |
daef1ee3 TL |
292 | static inline void tipc_crypto_clone_msg(struct net *net, struct sk_buff *_skb, |
293 | struct tipc_bearer *b, | |
294 | struct tipc_media_addr *dst, | |
295 | struct tipc_node *__dnode, u8 type); | |
fc1b6d6d TL |
296 | static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, |
297 | struct tipc_bearer *b, | |
298 | struct sk_buff **skb, int err); | |
299 | static void tipc_crypto_do_cmd(struct net *net, int cmd); | |
300 | static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf); | |
fc1b6d6d TL |
301 | static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, |
302 | char *buf); | |
1ef6f7c9 TL |
303 | static int tipc_crypto_key_xmit(struct net *net, struct tipc_aead_key *skey, |
304 | u16 gen, u8 mode, u32 dnode); | |
305 | static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr); | |
23700da2 | 306 | static void tipc_crypto_work_tx(struct work_struct *work); |
1ef6f7c9 | 307 | static void tipc_crypto_work_rx(struct work_struct *work); |
23700da2 | 308 | static int tipc_aead_key_generate(struct tipc_aead_key *skey); |
1ef6f7c9 | 309 | |
f779bf79 TL |
310 | #define is_tx(crypto) (!(crypto)->node) |
311 | #define is_rx(crypto) (!is_tx(crypto)) | |
fc1b6d6d TL |
312 | |
313 | #define key_next(cur) ((cur) % KEY_MAX + 1) | |
314 | ||
315 | #define tipc_aead_rcu_ptr(rcu_ptr, lock) \ | |
316 | rcu_dereference_protected((rcu_ptr), lockdep_is_held(lock)) | |
317 | ||
fc1b6d6d TL |
318 | #define tipc_aead_rcu_replace(rcu_ptr, ptr, lock) \ |
319 | do { \ | |
97bc84bb | 320 | struct tipc_aead *__tmp = rcu_dereference_protected((rcu_ptr), \ |
fc1b6d6d TL |
321 | lockdep_is_held(lock)); \ |
322 | rcu_assign_pointer((rcu_ptr), (ptr)); \ | |
323 | tipc_aead_put(__tmp); \ | |
324 | } while (0) | |
325 | ||
326 | #define tipc_crypto_key_detach(rcu_ptr, lock) \ | |
327 | tipc_aead_rcu_replace((rcu_ptr), NULL, lock) | |
328 | ||
329 | /** | |
330 | * tipc_aead_key_validate - Validate a AEAD user key | |
5fcb7d47 RD |
331 | * @ukey: pointer to user key data |
332 | * @info: netlink info pointer | |
fc1b6d6d | 333 | */ |
f779bf79 | 334 | int tipc_aead_key_validate(struct tipc_aead_key *ukey, struct genl_info *info) |
fc1b6d6d TL |
335 | { |
336 | int keylen; | |
337 | ||
338 | /* Check if algorithm exists */ | |
339 | if (unlikely(!crypto_has_alg(ukey->alg_name, 0, 0))) { | |
f779bf79 | 340 | GENL_SET_ERR_MSG(info, "unable to load the algorithm (module existed?)"); |
fc1b6d6d TL |
341 | return -ENODEV; |
342 | } | |
343 | ||
344 | /* Currently, we only support the "gcm(aes)" cipher algorithm */ | |
f779bf79 TL |
345 | if (strcmp(ukey->alg_name, "gcm(aes)")) { |
346 | GENL_SET_ERR_MSG(info, "not supported yet the algorithm"); | |
fc1b6d6d | 347 | return -ENOTSUPP; |
f779bf79 | 348 | } |
fc1b6d6d TL |
349 | |
350 | /* Check if key size is correct */ | |
351 | keylen = ukey->keylen - TIPC_AES_GCM_SALT_SIZE; | |
352 | if (unlikely(keylen != TIPC_AES_GCM_KEY_SIZE_128 && | |
353 | keylen != TIPC_AES_GCM_KEY_SIZE_192 && | |
f779bf79 TL |
354 | keylen != TIPC_AES_GCM_KEY_SIZE_256)) { |
355 | GENL_SET_ERR_MSG(info, "incorrect key length (20, 28 or 36 octets?)"); | |
356 | return -EKEYREJECTED; | |
357 | } | |
fc1b6d6d TL |
358 | |
359 | return 0; | |
360 | } | |
361 | ||
23700da2 TL |
362 | /** |
363 | * tipc_aead_key_generate - Generate new session key | |
364 | * @skey: input/output key with new content | |
365 | * | |
366 | * Return: 0 in case of success, otherwise < 0 | |
367 | */ | |
368 | static int tipc_aead_key_generate(struct tipc_aead_key *skey) | |
369 | { | |
370 | int rc = 0; | |
371 | ||
372 | /* Fill the key's content with a random value via RNG cipher */ | |
373 | rc = crypto_get_default_rng(); | |
374 | if (likely(!rc)) { | |
375 | rc = crypto_rng_get_bytes(crypto_default_rng, skey->key, | |
376 | skey->keylen); | |
377 | crypto_put_default_rng(); | |
378 | } | |
379 | ||
380 | return rc; | |
381 | } | |
382 | ||
fc1b6d6d TL |
383 | static struct tipc_aead *tipc_aead_get(struct tipc_aead __rcu *aead) |
384 | { | |
385 | struct tipc_aead *tmp; | |
386 | ||
387 | rcu_read_lock(); | |
388 | tmp = rcu_dereference(aead); | |
389 | if (unlikely(!tmp || !refcount_inc_not_zero(&tmp->refcnt))) | |
390 | tmp = NULL; | |
391 | rcu_read_unlock(); | |
392 | ||
393 | return tmp; | |
394 | } | |
395 | ||
396 | static inline void tipc_aead_put(struct tipc_aead *aead) | |
397 | { | |
398 | if (aead && refcount_dec_and_test(&aead->refcnt)) | |
399 | call_rcu(&aead->rcu, tipc_aead_free); | |
400 | } | |
401 | ||
402 | /** | |
403 | * tipc_aead_free - Release AEAD key incl. all the TFMs in the list | |
404 | * @rp: rcu head pointer | |
405 | */ | |
406 | static void tipc_aead_free(struct rcu_head *rp) | |
407 | { | |
408 | struct tipc_aead *aead = container_of(rp, struct tipc_aead, rcu); | |
409 | struct tipc_tfm *tfm_entry, *head, *tmp; | |
410 | ||
411 | if (aead->cloned) { | |
412 | tipc_aead_put(aead->cloned); | |
413 | } else { | |
bb8872a1 TL |
414 | head = *get_cpu_ptr(aead->tfm_entry); |
415 | put_cpu_ptr(aead->tfm_entry); | |
fc1b6d6d TL |
416 | list_for_each_entry_safe(tfm_entry, tmp, &head->list, list) { |
417 | crypto_free_aead(tfm_entry->tfm); | |
418 | list_del(&tfm_entry->list); | |
419 | kfree(tfm_entry); | |
420 | } | |
421 | /* Free the head */ | |
422 | crypto_free_aead(head->tfm); | |
423 | list_del(&head->list); | |
424 | kfree(head); | |
425 | } | |
426 | free_percpu(aead->tfm_entry); | |
23224e45 | 427 | kfree_sensitive(aead->key); |
fc1b6d6d TL |
428 | kfree(aead); |
429 | } | |
430 | ||
431 | static int tipc_aead_users(struct tipc_aead __rcu *aead) | |
432 | { | |
433 | struct tipc_aead *tmp; | |
434 | int users = 0; | |
435 | ||
436 | rcu_read_lock(); | |
437 | tmp = rcu_dereference(aead); | |
438 | if (tmp) | |
439 | users = atomic_read(&tmp->users); | |
440 | rcu_read_unlock(); | |
441 | ||
442 | return users; | |
443 | } | |
444 | ||
445 | static void tipc_aead_users_inc(struct tipc_aead __rcu *aead, int lim) | |
446 | { | |
447 | struct tipc_aead *tmp; | |
448 | ||
449 | rcu_read_lock(); | |
450 | tmp = rcu_dereference(aead); | |
451 | if (tmp) | |
452 | atomic_add_unless(&tmp->users, 1, lim); | |
453 | rcu_read_unlock(); | |
454 | } | |
455 | ||
456 | static void tipc_aead_users_dec(struct tipc_aead __rcu *aead, int lim) | |
457 | { | |
458 | struct tipc_aead *tmp; | |
459 | ||
460 | rcu_read_lock(); | |
461 | tmp = rcu_dereference(aead); | |
462 | if (tmp) | |
463 | atomic_add_unless(&rcu_dereference(aead)->users, -1, lim); | |
464 | rcu_read_unlock(); | |
465 | } | |
466 | ||
467 | static void tipc_aead_users_set(struct tipc_aead __rcu *aead, int val) | |
468 | { | |
469 | struct tipc_aead *tmp; | |
470 | int cur; | |
471 | ||
472 | rcu_read_lock(); | |
473 | tmp = rcu_dereference(aead); | |
474 | if (tmp) { | |
475 | do { | |
476 | cur = atomic_read(&tmp->users); | |
477 | if (cur == val) | |
478 | break; | |
479 | } while (atomic_cmpxchg(&tmp->users, cur, val) != cur); | |
480 | } | |
481 | rcu_read_unlock(); | |
482 | } | |
483 | ||
484 | /** | |
485 | * tipc_aead_tfm_next - Move TFM entry to the next one in list and return it | |
5fcb7d47 | 486 | * @aead: the AEAD key pointer |
fc1b6d6d TL |
487 | */ |
488 | static struct crypto_aead *tipc_aead_tfm_next(struct tipc_aead *aead) | |
489 | { | |
bb8872a1 TL |
490 | struct tipc_tfm **tfm_entry; |
491 | struct crypto_aead *tfm; | |
fc1b6d6d | 492 | |
bb8872a1 | 493 | tfm_entry = get_cpu_ptr(aead->tfm_entry); |
fc1b6d6d | 494 | *tfm_entry = list_next_entry(*tfm_entry, list); |
bb8872a1 TL |
495 | tfm = (*tfm_entry)->tfm; |
496 | put_cpu_ptr(tfm_entry); | |
497 | ||
498 | return tfm; | |
fc1b6d6d TL |
499 | } |
500 | ||
501 | /** | |
502 | * tipc_aead_init - Initiate TIPC AEAD | |
503 | * @aead: returned new TIPC AEAD key handle pointer | |
504 | * @ukey: pointer to user key data | |
505 | * @mode: the key mode | |
506 | * | |
507 | * Allocate a (list of) new cipher transformation (TFM) with the specific user | |
508 | * key data if valid. The number of the allocated TFMs can be set via the sysfs | |
509 | * "net/tipc/max_tfms" first. | |
510 | * Also, all the other AEAD data are also initialized. | |
511 | * | |
512 | * Return: 0 if the initiation is successful, otherwise: < 0 | |
513 | */ | |
514 | static int tipc_aead_init(struct tipc_aead **aead, struct tipc_aead_key *ukey, | |
515 | u8 mode) | |
516 | { | |
517 | struct tipc_tfm *tfm_entry, *head; | |
518 | struct crypto_aead *tfm; | |
519 | struct tipc_aead *tmp; | |
520 | int keylen, err, cpu; | |
521 | int tfm_cnt = 0; | |
522 | ||
523 | if (unlikely(*aead)) | |
524 | return -EEXIST; | |
525 | ||
526 | /* Allocate a new AEAD */ | |
86c3a3e9 | 527 | tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); |
fc1b6d6d TL |
528 | if (unlikely(!tmp)) |
529 | return -ENOMEM; | |
530 | ||
531 | /* The key consists of two parts: [AES-KEY][SALT] */ | |
532 | keylen = ukey->keylen - TIPC_AES_GCM_SALT_SIZE; | |
533 | ||
534 | /* Allocate per-cpu TFM entry pointer */ | |
535 | tmp->tfm_entry = alloc_percpu(struct tipc_tfm *); | |
536 | if (!tmp->tfm_entry) { | |
453431a5 | 537 | kfree_sensitive(tmp); |
fc1b6d6d TL |
538 | return -ENOMEM; |
539 | } | |
540 | ||
541 | /* Make a list of TFMs with the user key data */ | |
542 | do { | |
543 | tfm = crypto_alloc_aead(ukey->alg_name, 0, 0); | |
544 | if (IS_ERR(tfm)) { | |
545 | err = PTR_ERR(tfm); | |
546 | break; | |
547 | } | |
548 | ||
549 | if (unlikely(!tfm_cnt && | |
550 | crypto_aead_ivsize(tfm) != TIPC_AES_GCM_IV_SIZE)) { | |
551 | crypto_free_aead(tfm); | |
552 | err = -ENOTSUPP; | |
553 | break; | |
554 | } | |
555 | ||
c33fdc34 | 556 | err = crypto_aead_setauthsize(tfm, TIPC_AES_GCM_TAG_SIZE); |
fc1b6d6d TL |
557 | err |= crypto_aead_setkey(tfm, ukey->key, keylen); |
558 | if (unlikely(err)) { | |
559 | crypto_free_aead(tfm); | |
560 | break; | |
561 | } | |
562 | ||
563 | tfm_entry = kmalloc(sizeof(*tfm_entry), GFP_KERNEL); | |
564 | if (unlikely(!tfm_entry)) { | |
565 | crypto_free_aead(tfm); | |
566 | err = -ENOMEM; | |
567 | break; | |
568 | } | |
569 | INIT_LIST_HEAD(&tfm_entry->list); | |
570 | tfm_entry->tfm = tfm; | |
571 | ||
572 | /* First entry? */ | |
573 | if (!tfm_cnt) { | |
574 | head = tfm_entry; | |
575 | for_each_possible_cpu(cpu) { | |
576 | *per_cpu_ptr(tmp->tfm_entry, cpu) = head; | |
577 | } | |
578 | } else { | |
579 | list_add_tail(&tfm_entry->list, &head->list); | |
580 | } | |
581 | ||
582 | } while (++tfm_cnt < sysctl_tipc_max_tfms); | |
583 | ||
584 | /* Not any TFM is allocated? */ | |
585 | if (!tfm_cnt) { | |
586 | free_percpu(tmp->tfm_entry); | |
453431a5 | 587 | kfree_sensitive(tmp); |
fc1b6d6d TL |
588 | return err; |
589 | } | |
590 | ||
f779bf79 TL |
591 | /* Form a hex string of some last bytes as the key's hint */ |
592 | bin2hex(tmp->hint, ukey->key + keylen - TIPC_AEAD_HINT_LEN, | |
593 | TIPC_AEAD_HINT_LEN); | |
fc1b6d6d TL |
594 | |
595 | /* Initialize the other data */ | |
596 | tmp->mode = mode; | |
597 | tmp->cloned = NULL; | |
598 | tmp->authsize = TIPC_AES_GCM_TAG_SIZE; | |
1ef6f7c9 | 599 | tmp->key = kmemdup(ukey, tipc_aead_key_size(ukey), GFP_KERNEL); |
fc1b6d6d TL |
600 | memcpy(&tmp->salt, ukey->key + keylen, TIPC_AES_GCM_SALT_SIZE); |
601 | atomic_set(&tmp->users, 0); | |
602 | atomic64_set(&tmp->seqno, 0); | |
603 | refcount_set(&tmp->refcnt, 1); | |
604 | ||
605 | *aead = tmp; | |
606 | return 0; | |
607 | } | |
608 | ||
609 | /** | |
610 | * tipc_aead_clone - Clone a TIPC AEAD key | |
611 | * @dst: dest key for the cloning | |
612 | * @src: source key to clone from | |
613 | * | |
614 | * Make a "copy" of the source AEAD key data to the dest, the TFMs list is | |
615 | * common for the keys. | |
616 | * A reference to the source is hold in the "cloned" pointer for the later | |
617 | * freeing purposes. | |
618 | * | |
619 | * Note: this must be done in cluster-key mode only! | |
620 | * Return: 0 in case of success, otherwise < 0 | |
621 | */ | |
622 | static int tipc_aead_clone(struct tipc_aead **dst, struct tipc_aead *src) | |
623 | { | |
624 | struct tipc_aead *aead; | |
625 | int cpu; | |
626 | ||
627 | if (!src) | |
628 | return -ENOKEY; | |
629 | ||
630 | if (src->mode != CLUSTER_KEY) | |
631 | return -EINVAL; | |
632 | ||
633 | if (unlikely(*dst)) | |
634 | return -EEXIST; | |
635 | ||
636 | aead = kzalloc(sizeof(*aead), GFP_ATOMIC); | |
637 | if (unlikely(!aead)) | |
638 | return -ENOMEM; | |
639 | ||
640 | aead->tfm_entry = alloc_percpu_gfp(struct tipc_tfm *, GFP_ATOMIC); | |
641 | if (unlikely(!aead->tfm_entry)) { | |
453431a5 | 642 | kfree_sensitive(aead); |
fc1b6d6d TL |
643 | return -ENOMEM; |
644 | } | |
645 | ||
646 | for_each_possible_cpu(cpu) { | |
647 | *per_cpu_ptr(aead->tfm_entry, cpu) = | |
648 | *per_cpu_ptr(src->tfm_entry, cpu); | |
649 | } | |
650 | ||
651 | memcpy(aead->hint, src->hint, sizeof(src->hint)); | |
652 | aead->mode = src->mode; | |
653 | aead->salt = src->salt; | |
654 | aead->authsize = src->authsize; | |
655 | atomic_set(&aead->users, 0); | |
656 | atomic64_set(&aead->seqno, 0); | |
657 | refcount_set(&aead->refcnt, 1); | |
658 | ||
659 | WARN_ON(!refcount_inc_not_zero(&src->refcnt)); | |
660 | aead->cloned = src; | |
661 | ||
662 | *dst = aead; | |
663 | return 0; | |
664 | } | |
665 | ||
666 | /** | |
667 | * tipc_aead_mem_alloc - Allocate memory for AEAD request operations | |
668 | * @tfm: cipher handle to be registered with the request | |
669 | * @crypto_ctx_size: size of crypto context for callback | |
670 | * @iv: returned pointer to IV data | |
671 | * @req: returned pointer to AEAD request data | |
672 | * @sg: returned pointer to SG lists | |
673 | * @nsg: number of SG lists to be allocated | |
674 | * | |
675 | * Allocate memory to store the crypto context data, AEAD request, IV and SG | |
676 | * lists, the memory layout is as follows: | |
677 | * crypto_ctx || iv || aead_req || sg[] | |
678 | * | |
679 | * Return: the pointer to the memory areas in case of success, otherwise NULL | |
680 | */ | |
681 | static void *tipc_aead_mem_alloc(struct crypto_aead *tfm, | |
682 | unsigned int crypto_ctx_size, | |
683 | u8 **iv, struct aead_request **req, | |
684 | struct scatterlist **sg, int nsg) | |
685 | { | |
686 | unsigned int iv_size, req_size; | |
687 | unsigned int len; | |
688 | u8 *mem; | |
689 | ||
690 | iv_size = crypto_aead_ivsize(tfm); | |
691 | req_size = sizeof(**req) + crypto_aead_reqsize(tfm); | |
692 | ||
693 | len = crypto_ctx_size; | |
694 | len += iv_size; | |
695 | len += crypto_aead_alignmask(tfm) & ~(crypto_tfm_ctx_alignment() - 1); | |
696 | len = ALIGN(len, crypto_tfm_ctx_alignment()); | |
697 | len += req_size; | |
698 | len = ALIGN(len, __alignof__(struct scatterlist)); | |
699 | len += nsg * sizeof(**sg); | |
700 | ||
701 | mem = kmalloc(len, GFP_ATOMIC); | |
702 | if (!mem) | |
703 | return NULL; | |
704 | ||
705 | *iv = (u8 *)PTR_ALIGN(mem + crypto_ctx_size, | |
706 | crypto_aead_alignmask(tfm) + 1); | |
707 | *req = (struct aead_request *)PTR_ALIGN(*iv + iv_size, | |
708 | crypto_tfm_ctx_alignment()); | |
709 | *sg = (struct scatterlist *)PTR_ALIGN((u8 *)*req + req_size, | |
710 | __alignof__(struct scatterlist)); | |
711 | ||
712 | return (void *)mem; | |
713 | } | |
714 | ||
715 | /** | |
716 | * tipc_aead_encrypt - Encrypt a message | |
717 | * @aead: TIPC AEAD key for the message encryption | |
718 | * @skb: the input/output skb | |
719 | * @b: TIPC bearer where the message will be delivered after the encryption | |
720 | * @dst: the destination media address | |
721 | * @__dnode: TIPC dest node if "known" | |
722 | * | |
723 | * Return: | |
637b77fd RD |
724 | * * 0 : if the encryption has completed |
725 | * * -EINPROGRESS/-EBUSY : if a callback will be performed | |
726 | * * < 0 : the encryption has failed | |
fc1b6d6d TL |
727 | */ |
728 | static int tipc_aead_encrypt(struct tipc_aead *aead, struct sk_buff *skb, | |
729 | struct tipc_bearer *b, | |
730 | struct tipc_media_addr *dst, | |
731 | struct tipc_node *__dnode) | |
732 | { | |
733 | struct crypto_aead *tfm = tipc_aead_tfm_next(aead); | |
734 | struct tipc_crypto_tx_ctx *tx_ctx; | |
735 | struct aead_request *req; | |
736 | struct sk_buff *trailer; | |
737 | struct scatterlist *sg; | |
738 | struct tipc_ehdr *ehdr; | |
739 | int ehsz, len, tailen, nsg, rc; | |
740 | void *ctx; | |
741 | u32 salt; | |
742 | u8 *iv; | |
743 | ||
744 | /* Make sure message len at least 4-byte aligned */ | |
745 | len = ALIGN(skb->len, 4); | |
746 | tailen = len - skb->len + aead->authsize; | |
747 | ||
748 | /* Expand skb tail for authentication tag: | |
749 | * As for simplicity, we'd have made sure skb having enough tailroom | |
750 | * for authentication tag @skb allocation. Even when skb is nonlinear | |
751 | * but there is no frag_list, it should be still fine! | |
752 | * Otherwise, we must cow it to be a writable buffer with the tailroom. | |
753 | */ | |
fc1b6d6d TL |
754 | SKB_LINEAR_ASSERT(skb); |
755 | if (tailen > skb_tailroom(skb)) { | |
f779bf79 TL |
756 | pr_debug("TX(): skb tailroom is not enough: %d, requires: %d\n", |
757 | skb_tailroom(skb), tailen); | |
fc1b6d6d | 758 | } |
fc1b6d6d TL |
759 | |
760 | if (unlikely(!skb_cloned(skb) && tailen <= skb_tailroom(skb))) { | |
761 | nsg = 1; | |
762 | trailer = skb; | |
763 | } else { | |
764 | /* TODO: We could avoid skb_cow_data() if skb has no frag_list | |
765 | * e.g. by skb_fill_page_desc() to add another page to the skb | |
766 | * with the wanted tailen... However, page skbs look not often, | |
767 | * so take it easy now! | |
768 | * Cloned skbs e.g. from link_xmit() seems no choice though :( | |
769 | */ | |
770 | nsg = skb_cow_data(skb, tailen, &trailer); | |
771 | if (unlikely(nsg < 0)) { | |
772 | pr_err("TX: skb_cow_data() returned %d\n", nsg); | |
773 | return nsg; | |
774 | } | |
775 | } | |
776 | ||
777 | pskb_put(skb, trailer, tailen); | |
778 | ||
779 | /* Allocate memory for the AEAD operation */ | |
780 | ctx = tipc_aead_mem_alloc(tfm, sizeof(*tx_ctx), &iv, &req, &sg, nsg); | |
781 | if (unlikely(!ctx)) | |
782 | return -ENOMEM; | |
783 | TIPC_SKB_CB(skb)->crypto_ctx = ctx; | |
784 | ||
785 | /* Map skb to the sg lists */ | |
786 | sg_init_table(sg, nsg); | |
787 | rc = skb_to_sgvec(skb, sg, 0, skb->len); | |
788 | if (unlikely(rc < 0)) { | |
789 | pr_err("TX: skb_to_sgvec() returned %d, nsg %d!\n", rc, nsg); | |
790 | goto exit; | |
791 | } | |
792 | ||
793 | /* Prepare IV: [SALT (4 octets)][SEQNO (8 octets)] | |
794 | * In case we're in cluster-key mode, SALT is varied by xor-ing with | |
795 | * the source address (or w0 of id), otherwise with the dest address | |
796 | * if dest is known. | |
797 | */ | |
798 | ehdr = (struct tipc_ehdr *)skb->data; | |
799 | salt = aead->salt; | |
800 | if (aead->mode == CLUSTER_KEY) | |
97bc84bb | 801 | salt ^= __be32_to_cpu(ehdr->addr); |
fc1b6d6d TL |
802 | else if (__dnode) |
803 | salt ^= tipc_node_get_addr(__dnode); | |
804 | memcpy(iv, &salt, 4); | |
805 | memcpy(iv + 4, (u8 *)&ehdr->seqno, 8); | |
806 | ||
807 | /* Prepare request */ | |
808 | ehsz = tipc_ehdr_size(ehdr); | |
809 | aead_request_set_tfm(req, tfm); | |
810 | aead_request_set_ad(req, ehsz); | |
811 | aead_request_set_crypt(req, sg, sg, len - ehsz, iv); | |
812 | ||
813 | /* Set callback function & data */ | |
814 | aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
815 | tipc_aead_encrypt_done, skb); | |
816 | tx_ctx = (struct tipc_crypto_tx_ctx *)ctx; | |
817 | tx_ctx->aead = aead; | |
818 | tx_ctx->bearer = b; | |
819 | memcpy(&tx_ctx->dst, dst, sizeof(*dst)); | |
820 | ||
821 | /* Hold bearer */ | |
822 | if (unlikely(!tipc_bearer_hold(b))) { | |
823 | rc = -ENODEV; | |
824 | goto exit; | |
825 | } | |
826 | ||
827 | /* Now, do encrypt */ | |
828 | rc = crypto_aead_encrypt(req); | |
829 | if (rc == -EINPROGRESS || rc == -EBUSY) | |
830 | return rc; | |
831 | ||
832 | tipc_bearer_put(b); | |
833 | ||
834 | exit: | |
835 | kfree(ctx); | |
836 | TIPC_SKB_CB(skb)->crypto_ctx = NULL; | |
837 | return rc; | |
838 | } | |
839 | ||
840 | static void tipc_aead_encrypt_done(struct crypto_async_request *base, int err) | |
841 | { | |
842 | struct sk_buff *skb = base->data; | |
843 | struct tipc_crypto_tx_ctx *tx_ctx = TIPC_SKB_CB(skb)->crypto_ctx; | |
844 | struct tipc_bearer *b = tx_ctx->bearer; | |
845 | struct tipc_aead *aead = tx_ctx->aead; | |
846 | struct tipc_crypto *tx = aead->crypto; | |
847 | struct net *net = tx->net; | |
848 | ||
849 | switch (err) { | |
850 | case 0: | |
851 | this_cpu_inc(tx->stats->stat[STAT_ASYNC_OK]); | |
f6db9096 | 852 | rcu_read_lock(); |
fc1b6d6d TL |
853 | if (likely(test_bit(0, &b->up))) |
854 | b->media->send_msg(net, skb, b, &tx_ctx->dst); | |
855 | else | |
856 | kfree_skb(skb); | |
f6db9096 | 857 | rcu_read_unlock(); |
fc1b6d6d TL |
858 | break; |
859 | case -EINPROGRESS: | |
860 | return; | |
861 | default: | |
862 | this_cpu_inc(tx->stats->stat[STAT_ASYNC_NOK]); | |
863 | kfree_skb(skb); | |
864 | break; | |
865 | } | |
866 | ||
867 | kfree(tx_ctx); | |
868 | tipc_bearer_put(b); | |
869 | tipc_aead_put(aead); | |
870 | } | |
871 | ||
872 | /** | |
873 | * tipc_aead_decrypt - Decrypt an encrypted message | |
874 | * @net: struct net | |
875 | * @aead: TIPC AEAD for the message decryption | |
876 | * @skb: the input/output skb | |
877 | * @b: TIPC bearer where the message has been received | |
878 | * | |
879 | * Return: | |
637b77fd RD |
880 | * * 0 : if the decryption has completed |
881 | * * -EINPROGRESS/-EBUSY : if a callback will be performed | |
882 | * * < 0 : the decryption has failed | |
fc1b6d6d TL |
883 | */ |
884 | static int tipc_aead_decrypt(struct net *net, struct tipc_aead *aead, | |
885 | struct sk_buff *skb, struct tipc_bearer *b) | |
886 | { | |
887 | struct tipc_crypto_rx_ctx *rx_ctx; | |
888 | struct aead_request *req; | |
889 | struct crypto_aead *tfm; | |
890 | struct sk_buff *unused; | |
891 | struct scatterlist *sg; | |
892 | struct tipc_ehdr *ehdr; | |
893 | int ehsz, nsg, rc; | |
894 | void *ctx; | |
895 | u32 salt; | |
896 | u8 *iv; | |
897 | ||
898 | if (unlikely(!aead)) | |
899 | return -ENOKEY; | |
900 | ||
3cf4375a XL |
901 | nsg = skb_cow_data(skb, 0, &unused); |
902 | if (unlikely(nsg < 0)) { | |
903 | pr_err("RX: skb_cow_data() returned %d\n", nsg); | |
904 | return nsg; | |
fc1b6d6d TL |
905 | } |
906 | ||
907 | /* Allocate memory for the AEAD operation */ | |
908 | tfm = tipc_aead_tfm_next(aead); | |
909 | ctx = tipc_aead_mem_alloc(tfm, sizeof(*rx_ctx), &iv, &req, &sg, nsg); | |
910 | if (unlikely(!ctx)) | |
911 | return -ENOMEM; | |
912 | TIPC_SKB_CB(skb)->crypto_ctx = ctx; | |
913 | ||
914 | /* Map skb to the sg lists */ | |
915 | sg_init_table(sg, nsg); | |
916 | rc = skb_to_sgvec(skb, sg, 0, skb->len); | |
917 | if (unlikely(rc < 0)) { | |
918 | pr_err("RX: skb_to_sgvec() returned %d, nsg %d\n", rc, nsg); | |
919 | goto exit; | |
920 | } | |
921 | ||
922 | /* Reconstruct IV: */ | |
923 | ehdr = (struct tipc_ehdr *)skb->data; | |
924 | salt = aead->salt; | |
925 | if (aead->mode == CLUSTER_KEY) | |
97bc84bb | 926 | salt ^= __be32_to_cpu(ehdr->addr); |
fc1b6d6d TL |
927 | else if (ehdr->destined) |
928 | salt ^= tipc_own_addr(net); | |
929 | memcpy(iv, &salt, 4); | |
930 | memcpy(iv + 4, (u8 *)&ehdr->seqno, 8); | |
931 | ||
932 | /* Prepare request */ | |
933 | ehsz = tipc_ehdr_size(ehdr); | |
934 | aead_request_set_tfm(req, tfm); | |
935 | aead_request_set_ad(req, ehsz); | |
936 | aead_request_set_crypt(req, sg, sg, skb->len - ehsz, iv); | |
937 | ||
938 | /* Set callback function & data */ | |
939 | aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
940 | tipc_aead_decrypt_done, skb); | |
941 | rx_ctx = (struct tipc_crypto_rx_ctx *)ctx; | |
942 | rx_ctx->aead = aead; | |
943 | rx_ctx->bearer = b; | |
944 | ||
945 | /* Hold bearer */ | |
946 | if (unlikely(!tipc_bearer_hold(b))) { | |
947 | rc = -ENODEV; | |
948 | goto exit; | |
949 | } | |
950 | ||
951 | /* Now, do decrypt */ | |
952 | rc = crypto_aead_decrypt(req); | |
953 | if (rc == -EINPROGRESS || rc == -EBUSY) | |
954 | return rc; | |
955 | ||
956 | tipc_bearer_put(b); | |
957 | ||
958 | exit: | |
959 | kfree(ctx); | |
960 | TIPC_SKB_CB(skb)->crypto_ctx = NULL; | |
961 | return rc; | |
962 | } | |
963 | ||
964 | static void tipc_aead_decrypt_done(struct crypto_async_request *base, int err) | |
965 | { | |
966 | struct sk_buff *skb = base->data; | |
967 | struct tipc_crypto_rx_ctx *rx_ctx = TIPC_SKB_CB(skb)->crypto_ctx; | |
968 | struct tipc_bearer *b = rx_ctx->bearer; | |
969 | struct tipc_aead *aead = rx_ctx->aead; | |
970 | struct tipc_crypto_stats __percpu *stats = aead->crypto->stats; | |
971 | struct net *net = aead->crypto->net; | |
972 | ||
973 | switch (err) { | |
974 | case 0: | |
975 | this_cpu_inc(stats->stat[STAT_ASYNC_OK]); | |
976 | break; | |
977 | case -EINPROGRESS: | |
978 | return; | |
979 | default: | |
980 | this_cpu_inc(stats->stat[STAT_ASYNC_NOK]); | |
981 | break; | |
982 | } | |
983 | ||
984 | kfree(rx_ctx); | |
985 | tipc_crypto_rcv_complete(net, aead, b, &skb, err); | |
986 | if (likely(skb)) { | |
987 | if (likely(test_bit(0, &b->up))) | |
988 | tipc_rcv(net, skb, b); | |
989 | else | |
990 | kfree_skb(skb); | |
991 | } | |
992 | ||
993 | tipc_bearer_put(b); | |
994 | } | |
995 | ||
996 | static inline int tipc_ehdr_size(struct tipc_ehdr *ehdr) | |
997 | { | |
998 | return (ehdr->user != LINK_CONFIG) ? EHDR_SIZE : EHDR_CFG_SIZE; | |
999 | } | |
1000 | ||
1001 | /** | |
1002 | * tipc_ehdr_validate - Validate an encryption message | |
1003 | * @skb: the message buffer | |
1004 | * | |
637b77fd | 1005 | * Return: "true" if this is a valid encryption message, otherwise "false" |
fc1b6d6d TL |
1006 | */ |
1007 | bool tipc_ehdr_validate(struct sk_buff *skb) | |
1008 | { | |
1009 | struct tipc_ehdr *ehdr; | |
1010 | int ehsz; | |
1011 | ||
1012 | if (unlikely(!pskb_may_pull(skb, EHDR_MIN_SIZE))) | |
1013 | return false; | |
1014 | ||
1015 | ehdr = (struct tipc_ehdr *)skb->data; | |
1016 | if (unlikely(ehdr->version != TIPC_EVERSION)) | |
1017 | return false; | |
1018 | ehsz = tipc_ehdr_size(ehdr); | |
1019 | if (unlikely(!pskb_may_pull(skb, ehsz))) | |
1020 | return false; | |
1021 | if (unlikely(skb->len <= ehsz + TIPC_AES_GCM_TAG_SIZE)) | |
1022 | return false; | |
fc1b6d6d TL |
1023 | |
1024 | return true; | |
1025 | } | |
1026 | ||
1027 | /** | |
1028 | * tipc_ehdr_build - Build TIPC encryption message header | |
1029 | * @net: struct net | |
1030 | * @aead: TX AEAD key to be used for the message encryption | |
1031 | * @tx_key: key id used for the message encryption | |
1032 | * @skb: input/output message skb | |
1033 | * @__rx: RX crypto handle if dest is "known" | |
1034 | * | |
1035 | * Return: the header size if the building is successful, otherwise < 0 | |
1036 | */ | |
1037 | static int tipc_ehdr_build(struct net *net, struct tipc_aead *aead, | |
1038 | u8 tx_key, struct sk_buff *skb, | |
1039 | struct tipc_crypto *__rx) | |
1040 | { | |
1041 | struct tipc_msg *hdr = buf_msg(skb); | |
1042 | struct tipc_ehdr *ehdr; | |
1043 | u32 user = msg_user(hdr); | |
1044 | u64 seqno; | |
1045 | int ehsz; | |
1046 | ||
1047 | /* Make room for encryption header */ | |
1048 | ehsz = (user != LINK_CONFIG) ? EHDR_SIZE : EHDR_CFG_SIZE; | |
1049 | WARN_ON(skb_headroom(skb) < ehsz); | |
1050 | ehdr = (struct tipc_ehdr *)skb_push(skb, ehsz); | |
1051 | ||
1052 | /* Obtain a seqno first: | |
1053 | * Use the key seqno (= cluster wise) if dest is unknown or we're in | |
1054 | * cluster key mode, otherwise it's better for a per-peer seqno! | |
1055 | */ | |
1056 | if (!__rx || aead->mode == CLUSTER_KEY) | |
1057 | seqno = atomic64_inc_return(&aead->seqno); | |
1058 | else | |
1059 | seqno = atomic64_inc_return(&__rx->sndnxt); | |
1060 | ||
1061 | /* Revoke the key if seqno is wrapped around */ | |
1062 | if (unlikely(!seqno)) | |
1063 | return tipc_crypto_key_revoke(net, tx_key); | |
1064 | ||
1065 | /* Word 1-2 */ | |
1066 | ehdr->seqno = cpu_to_be64(seqno); | |
1067 | ||
1068 | /* Words 0, 3- */ | |
1069 | ehdr->version = TIPC_EVERSION; | |
1070 | ehdr->user = 0; | |
1071 | ehdr->keepalive = 0; | |
1072 | ehdr->tx_key = tx_key; | |
1073 | ehdr->destined = (__rx) ? 1 : 0; | |
1074 | ehdr->rx_key_active = (__rx) ? __rx->key.active : 0; | |
1ef6f7c9 | 1075 | ehdr->rx_nokey = (__rx) ? __rx->nokey : 0; |
daef1ee3 | 1076 | ehdr->master_key = aead->crypto->key_master; |
fc1b6d6d TL |
1077 | ehdr->reserved_1 = 0; |
1078 | ehdr->reserved_2 = 0; | |
1079 | ||
1080 | switch (user) { | |
1081 | case LINK_CONFIG: | |
1082 | ehdr->user = LINK_CONFIG; | |
1083 | memcpy(ehdr->id, tipc_own_id(net), NODE_ID_LEN); | |
1084 | break; | |
1085 | default: | |
1086 | if (user == LINK_PROTOCOL && msg_type(hdr) == STATE_MSG) { | |
1087 | ehdr->user = LINK_PROTOCOL; | |
1088 | ehdr->keepalive = msg_is_keepalive(hdr); | |
1089 | } | |
1090 | ehdr->addr = hdr->hdr[3]; | |
1091 | break; | |
1092 | } | |
1093 | ||
1094 | return ehsz; | |
1095 | } | |
1096 | ||
1097 | static inline void tipc_crypto_key_set_state(struct tipc_crypto *c, | |
1098 | u8 new_passive, | |
1099 | u8 new_active, | |
1100 | u8 new_pending) | |
1101 | { | |
fc1b6d6d TL |
1102 | struct tipc_key old = c->key; |
1103 | char buf[32]; | |
fc1b6d6d TL |
1104 | |
1105 | c->key.keys = ((new_passive & KEY_MASK) << (KEY_BITS * 2)) | | |
1106 | ((new_active & KEY_MASK) << (KEY_BITS)) | | |
1107 | ((new_pending & KEY_MASK)); | |
1108 | ||
f779bf79 TL |
1109 | pr_debug("%s: key changing %s ::%pS\n", c->name, |
1110 | tipc_key_change_dump(old, c->key, buf), | |
1111 | __builtin_return_address(0)); | |
fc1b6d6d TL |
1112 | } |
1113 | ||
1114 | /** | |
1115 | * tipc_crypto_key_init - Initiate a new user / AEAD key | |
1116 | * @c: TIPC crypto to which new key is attached | |
1117 | * @ukey: the user key | |
1118 | * @mode: the key mode (CLUSTER_KEY or PER_NODE_KEY) | |
daef1ee3 | 1119 | * @master_key: specify this is a cluster master key |
fc1b6d6d TL |
1120 | * |
1121 | * A new TIPC AEAD key will be allocated and initiated with the specified user | |
1122 | * key, then attached to the TIPC crypto. | |
1123 | * | |
1124 | * Return: new key id in case of success, otherwise: < 0 | |
1125 | */ | |
1126 | int tipc_crypto_key_init(struct tipc_crypto *c, struct tipc_aead_key *ukey, | |
daef1ee3 | 1127 | u8 mode, bool master_key) |
fc1b6d6d TL |
1128 | { |
1129 | struct tipc_aead *aead = NULL; | |
1130 | int rc = 0; | |
1131 | ||
1132 | /* Initiate with the new user key */ | |
1133 | rc = tipc_aead_init(&aead, ukey, mode); | |
1134 | ||
1135 | /* Attach it to the crypto */ | |
1136 | if (likely(!rc)) { | |
daef1ee3 | 1137 | rc = tipc_crypto_key_attach(c, aead, 0, master_key); |
fc1b6d6d TL |
1138 | if (rc < 0) |
1139 | tipc_aead_free(&aead->rcu); | |
1140 | } | |
1141 | ||
fc1b6d6d TL |
1142 | return rc; |
1143 | } | |
1144 | ||
1145 | /** | |
1146 | * tipc_crypto_key_attach - Attach a new AEAD key to TIPC crypto | |
1147 | * @c: TIPC crypto to which the new AEAD key is attached | |
1148 | * @aead: the new AEAD key pointer | |
1149 | * @pos: desired slot in the crypto key array, = 0 if any! | |
daef1ee3 | 1150 | * @master_key: specify this is a cluster master key |
fc1b6d6d TL |
1151 | * |
1152 | * Return: new key id in case of success, otherwise: -EBUSY | |
1153 | */ | |
1154 | static int tipc_crypto_key_attach(struct tipc_crypto *c, | |
daef1ee3 TL |
1155 | struct tipc_aead *aead, u8 pos, |
1156 | bool master_key) | |
fc1b6d6d | 1157 | { |
fc1b6d6d TL |
1158 | struct tipc_key key; |
1159 | int rc = -EBUSY; | |
f779bf79 | 1160 | u8 new_key; |
fc1b6d6d TL |
1161 | |
1162 | spin_lock_bh(&c->lock); | |
1163 | key = c->key; | |
daef1ee3 TL |
1164 | if (master_key) { |
1165 | new_key = KEY_MASTER; | |
1166 | goto attach; | |
1167 | } | |
fc1b6d6d TL |
1168 | if (key.active && key.passive) |
1169 | goto exit; | |
fc1b6d6d | 1170 | if (key.pending) { |
fc1b6d6d TL |
1171 | if (tipc_aead_users(c->aead[key.pending]) > 0) |
1172 | goto exit; | |
f779bf79 | 1173 | /* if (pos): ok with replacing, will be aligned when needed */ |
fc1b6d6d | 1174 | /* Replace it */ |
f779bf79 | 1175 | new_key = key.pending; |
fc1b6d6d TL |
1176 | } else { |
1177 | if (pos) { | |
1178 | if (key.active && pos != key_next(key.active)) { | |
f779bf79 TL |
1179 | key.passive = pos; |
1180 | new_key = pos; | |
fc1b6d6d TL |
1181 | goto attach; |
1182 | } else if (!key.active && !key.passive) { | |
f779bf79 TL |
1183 | key.pending = pos; |
1184 | new_key = pos; | |
fc1b6d6d TL |
1185 | goto attach; |
1186 | } | |
1187 | } | |
f779bf79 TL |
1188 | key.pending = key_next(key.active ?: key.passive); |
1189 | new_key = key.pending; | |
fc1b6d6d TL |
1190 | } |
1191 | ||
1192 | attach: | |
1193 | aead->crypto = c; | |
1ef6f7c9 | 1194 | aead->gen = (is_tx(c)) ? ++c->key_gen : c->key_gen; |
fc1b6d6d | 1195 | tipc_aead_rcu_replace(c->aead[new_key], aead, &c->lock); |
f779bf79 TL |
1196 | if (likely(c->key.keys != key.keys)) |
1197 | tipc_crypto_key_set_state(c, key.passive, key.active, | |
1198 | key.pending); | |
fc1b6d6d | 1199 | c->working = 1; |
1ef6f7c9 | 1200 | c->nokey = 0; |
daef1ee3 | 1201 | c->key_master |= master_key; |
fc1b6d6d TL |
1202 | rc = new_key; |
1203 | ||
1204 | exit: | |
1205 | spin_unlock_bh(&c->lock); | |
1206 | return rc; | |
1207 | } | |
1208 | ||
1209 | void tipc_crypto_key_flush(struct tipc_crypto *c) | |
1210 | { | |
1ef6f7c9 | 1211 | struct tipc_crypto *tx, *rx; |
fc1b6d6d TL |
1212 | int k; |
1213 | ||
1214 | spin_lock_bh(&c->lock); | |
1ef6f7c9 TL |
1215 | if (is_rx(c)) { |
1216 | /* Try to cancel pending work */ | |
1217 | rx = c; | |
1218 | tx = tipc_net(rx->net)->crypto_tx; | |
1219 | if (cancel_delayed_work(&rx->work)) { | |
1220 | kfree(rx->skey); | |
1221 | rx->skey = NULL; | |
1222 | atomic_xchg(&rx->key_distr, 0); | |
1223 | tipc_node_put(rx->node); | |
1224 | } | |
1225 | /* RX stopping => decrease TX key users if any */ | |
1226 | k = atomic_xchg(&rx->peer_rx_active, 0); | |
1227 | if (k) { | |
1228 | tipc_aead_users_dec(tx->aead[k], 0); | |
1229 | /* Mark the point TX key users changed */ | |
1230 | tx->timer1 = jiffies; | |
1231 | } | |
1232 | } | |
1233 | ||
daef1ee3 | 1234 | c->flags = 0; |
fc1b6d6d TL |
1235 | tipc_crypto_key_set_state(c, 0, 0, 0); |
1236 | for (k = KEY_MIN; k <= KEY_MAX; k++) | |
1237 | tipc_crypto_key_detach(c->aead[k], &c->lock); | |
fc1b6d6d TL |
1238 | atomic64_set(&c->sndnxt, 0); |
1239 | spin_unlock_bh(&c->lock); | |
1240 | } | |
1241 | ||
1242 | /** | |
1243 | * tipc_crypto_key_try_align - Align RX keys if possible | |
1244 | * @rx: RX crypto handle | |
1245 | * @new_pending: new pending slot if aligned (= TX key from peer) | |
1246 | * | |
1247 | * Peer has used an unknown key slot, this only happens when peer has left and | |
1248 | * rejoned, or we are newcomer. | |
1249 | * That means, there must be no active key but a pending key at unaligned slot. | |
1250 | * If so, we try to move the pending key to the new slot. | |
1251 | * Note: A potential passive key can exist, it will be shifted correspondingly! | |
1252 | * | |
1253 | * Return: "true" if key is successfully aligned, otherwise "false" | |
1254 | */ | |
1255 | static bool tipc_crypto_key_try_align(struct tipc_crypto *rx, u8 new_pending) | |
1256 | { | |
1257 | struct tipc_aead *tmp1, *tmp2 = NULL; | |
1258 | struct tipc_key key; | |
1259 | bool aligned = false; | |
1260 | u8 new_passive = 0; | |
1261 | int x; | |
1262 | ||
1263 | spin_lock(&rx->lock); | |
1264 | key = rx->key; | |
1265 | if (key.pending == new_pending) { | |
1266 | aligned = true; | |
1267 | goto exit; | |
1268 | } | |
1269 | if (key.active) | |
1270 | goto exit; | |
1271 | if (!key.pending) | |
1272 | goto exit; | |
1273 | if (tipc_aead_users(rx->aead[key.pending]) > 0) | |
1274 | goto exit; | |
1275 | ||
1276 | /* Try to "isolate" this pending key first */ | |
1277 | tmp1 = tipc_aead_rcu_ptr(rx->aead[key.pending], &rx->lock); | |
1278 | if (!refcount_dec_if_one(&tmp1->refcnt)) | |
1279 | goto exit; | |
1280 | rcu_assign_pointer(rx->aead[key.pending], NULL); | |
1281 | ||
1282 | /* Move passive key if any */ | |
1283 | if (key.passive) { | |
1a271ebb | 1284 | tmp2 = rcu_replace_pointer(rx->aead[key.passive], tmp2, lockdep_is_held(&rx->lock)); |
fc1b6d6d TL |
1285 | x = (key.passive - key.pending + new_pending) % KEY_MAX; |
1286 | new_passive = (x <= 0) ? x + KEY_MAX : x; | |
1287 | } | |
1288 | ||
1289 | /* Re-allocate the key(s) */ | |
1290 | tipc_crypto_key_set_state(rx, new_passive, 0, new_pending); | |
1291 | rcu_assign_pointer(rx->aead[new_pending], tmp1); | |
1292 | if (new_passive) | |
1293 | rcu_assign_pointer(rx->aead[new_passive], tmp2); | |
1294 | refcount_set(&tmp1->refcnt, 1); | |
1295 | aligned = true; | |
f779bf79 TL |
1296 | pr_info_ratelimited("%s: key[%d] -> key[%d]\n", rx->name, key.pending, |
1297 | new_pending); | |
fc1b6d6d TL |
1298 | |
1299 | exit: | |
1300 | spin_unlock(&rx->lock); | |
1301 | return aligned; | |
1302 | } | |
1303 | ||
1304 | /** | |
1305 | * tipc_crypto_key_pick_tx - Pick one TX key for message decryption | |
1306 | * @tx: TX crypto handle | |
1307 | * @rx: RX crypto handle (can be NULL) | |
1308 | * @skb: the message skb which will be decrypted later | |
daef1ee3 | 1309 | * @tx_key: peer TX key id |
fc1b6d6d TL |
1310 | * |
1311 | * This function looks up the existing TX keys and pick one which is suitable | |
1312 | * for the message decryption, that must be a cluster key and not used before | |
1313 | * on the same message (i.e. recursive). | |
1314 | * | |
1315 | * Return: the TX AEAD key handle in case of success, otherwise NULL | |
1316 | */ | |
1317 | static struct tipc_aead *tipc_crypto_key_pick_tx(struct tipc_crypto *tx, | |
1318 | struct tipc_crypto *rx, | |
daef1ee3 TL |
1319 | struct sk_buff *skb, |
1320 | u8 tx_key) | |
fc1b6d6d TL |
1321 | { |
1322 | struct tipc_skb_cb *skb_cb = TIPC_SKB_CB(skb); | |
1323 | struct tipc_aead *aead = NULL; | |
1324 | struct tipc_key key = tx->key; | |
1325 | u8 k, i = 0; | |
1326 | ||
1327 | /* Initialize data if not yet */ | |
1328 | if (!skb_cb->tx_clone_deferred) { | |
1329 | skb_cb->tx_clone_deferred = 1; | |
1330 | memset(&skb_cb->tx_clone_ctx, 0, sizeof(skb_cb->tx_clone_ctx)); | |
1331 | } | |
1332 | ||
1333 | skb_cb->tx_clone_ctx.rx = rx; | |
1334 | if (++skb_cb->tx_clone_ctx.recurs > 2) | |
1335 | return NULL; | |
1336 | ||
1337 | /* Pick one TX key */ | |
1338 | spin_lock(&tx->lock); | |
daef1ee3 TL |
1339 | if (tx_key == KEY_MASTER) { |
1340 | aead = tipc_aead_rcu_ptr(tx->aead[KEY_MASTER], &tx->lock); | |
1341 | goto done; | |
1342 | } | |
fc1b6d6d TL |
1343 | do { |
1344 | k = (i == 0) ? key.pending : | |
1345 | ((i == 1) ? key.active : key.passive); | |
1346 | if (!k) | |
1347 | continue; | |
1348 | aead = tipc_aead_rcu_ptr(tx->aead[k], &tx->lock); | |
1349 | if (!aead) | |
1350 | continue; | |
1351 | if (aead->mode != CLUSTER_KEY || | |
1352 | aead == skb_cb->tx_clone_ctx.last) { | |
1353 | aead = NULL; | |
1354 | continue; | |
1355 | } | |
1356 | /* Ok, found one cluster key */ | |
1357 | skb_cb->tx_clone_ctx.last = aead; | |
1358 | WARN_ON(skb->next); | |
1359 | skb->next = skb_clone(skb, GFP_ATOMIC); | |
1360 | if (unlikely(!skb->next)) | |
1361 | pr_warn("Failed to clone skb for next round if any\n"); | |
fc1b6d6d TL |
1362 | break; |
1363 | } while (++i < 3); | |
daef1ee3 TL |
1364 | |
1365 | done: | |
1366 | if (likely(aead)) | |
1367 | WARN_ON(!refcount_inc_not_zero(&aead->refcnt)); | |
fc1b6d6d TL |
1368 | spin_unlock(&tx->lock); |
1369 | ||
1370 | return aead; | |
1371 | } | |
1372 | ||
1373 | /** | |
1374 | * tipc_crypto_key_synch: Synch own key data according to peer key status | |
1375 | * @rx: RX crypto handle | |
f779bf79 | 1376 | * @skb: TIPCv2 message buffer (incl. the ehdr from peer) |
fc1b6d6d TL |
1377 | * |
1378 | * This function updates the peer node related data as the peer RX active key | |
1379 | * has changed, so the number of TX keys' users on this node are increased and | |
1380 | * decreased correspondingly. | |
1381 | * | |
daef1ee3 | 1382 | * It also considers if peer has no key, then we need to make own master key |
1ef6f7c9 TL |
1383 | * (if any) taking over i.e. starting grace period and also trigger key |
1384 | * distributing process. | |
daef1ee3 | 1385 | * |
fc1b6d6d TL |
1386 | * The "per-peer" sndnxt is also reset when the peer key has switched. |
1387 | */ | |
f779bf79 | 1388 | static void tipc_crypto_key_synch(struct tipc_crypto *rx, struct sk_buff *skb) |
fc1b6d6d | 1389 | { |
f779bf79 TL |
1390 | struct tipc_ehdr *ehdr = (struct tipc_ehdr *)skb_network_header(skb); |
1391 | struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; | |
1392 | struct tipc_msg *hdr = buf_msg(skb); | |
1393 | u32 self = tipc_own_addr(rx->net); | |
1394 | u8 cur, new; | |
1ef6f7c9 | 1395 | unsigned long delay; |
fc1b6d6d | 1396 | |
daef1ee3 TL |
1397 | /* Update RX 'key_master' flag according to peer, also mark "legacy" if |
1398 | * a peer has no master key. | |
1399 | */ | |
1400 | rx->key_master = ehdr->master_key; | |
1401 | if (!rx->key_master) | |
1402 | tx->legacy_user = 1; | |
1403 | ||
1404 | /* For later cases, apply only if message is destined to this node */ | |
f779bf79 | 1405 | if (!ehdr->destined || msg_short(hdr) || msg_destnode(hdr) != self) |
fc1b6d6d TL |
1406 | return; |
1407 | ||
daef1ee3 | 1408 | /* Case 1: Peer has no keys, let's make master key take over */ |
1ef6f7c9 | 1409 | if (ehdr->rx_nokey) { |
daef1ee3 TL |
1410 | /* Set or extend grace period */ |
1411 | tx->timer2 = jiffies; | |
1ef6f7c9 TL |
1412 | /* Schedule key distributing for the peer if not yet */ |
1413 | if (tx->key.keys && | |
1414 | !atomic_cmpxchg(&rx->key_distr, 0, KEY_DISTR_SCHED)) { | |
1415 | get_random_bytes(&delay, 2); | |
1416 | delay %= 5; | |
1417 | delay = msecs_to_jiffies(500 * ++delay); | |
1418 | if (queue_delayed_work(tx->wq, &rx->work, delay)) | |
1419 | tipc_node_get(rx->node); | |
1420 | } | |
1421 | } else { | |
1422 | /* Cancel a pending key distributing if any */ | |
1423 | atomic_xchg(&rx->key_distr, 0); | |
1424 | } | |
daef1ee3 TL |
1425 | |
1426 | /* Case 2: Peer RX active key has changed, let's update own TX users */ | |
f779bf79 TL |
1427 | cur = atomic_read(&rx->peer_rx_active); |
1428 | new = ehdr->rx_key_active; | |
1429 | if (tx->key.keys && | |
1430 | cur != new && | |
1431 | atomic_cmpxchg(&rx->peer_rx_active, cur, new) == cur) { | |
1432 | if (new) | |
1433 | tipc_aead_users_inc(tx->aead[new], INT_MAX); | |
1434 | if (cur) | |
1435 | tipc_aead_users_dec(tx->aead[cur], 0); | |
fc1b6d6d TL |
1436 | |
1437 | atomic64_set(&rx->sndnxt, 0); | |
1438 | /* Mark the point TX key users changed */ | |
1439 | tx->timer1 = jiffies; | |
1440 | ||
f779bf79 TL |
1441 | pr_debug("%s: key users changed %d-- %d++, peer %s\n", |
1442 | tx->name, cur, new, rx->name); | |
fc1b6d6d TL |
1443 | } |
1444 | } | |
1445 | ||
1446 | static int tipc_crypto_key_revoke(struct net *net, u8 tx_key) | |
1447 | { | |
1448 | struct tipc_crypto *tx = tipc_net(net)->crypto_tx; | |
1449 | struct tipc_key key; | |
1450 | ||
1451 | spin_lock(&tx->lock); | |
1452 | key = tx->key; | |
1453 | WARN_ON(!key.active || tx_key != key.active); | |
1454 | ||
1455 | /* Free the active key */ | |
1456 | tipc_crypto_key_set_state(tx, key.passive, 0, key.pending); | |
1457 | tipc_crypto_key_detach(tx->aead[key.active], &tx->lock); | |
1458 | spin_unlock(&tx->lock); | |
1459 | ||
f779bf79 | 1460 | pr_warn("%s: key is revoked\n", tx->name); |
fc1b6d6d TL |
1461 | return -EKEYREVOKED; |
1462 | } | |
1463 | ||
1464 | int tipc_crypto_start(struct tipc_crypto **crypto, struct net *net, | |
1465 | struct tipc_node *node) | |
1466 | { | |
1467 | struct tipc_crypto *c; | |
1468 | ||
1469 | if (*crypto) | |
1470 | return -EEXIST; | |
1471 | ||
1472 | /* Allocate crypto */ | |
86c3a3e9 | 1473 | c = kzalloc(sizeof(*c), GFP_KERNEL); |
fc1b6d6d TL |
1474 | if (!c) |
1475 | return -ENOMEM; | |
1476 | ||
1ef6f7c9 TL |
1477 | /* Allocate workqueue on TX */ |
1478 | if (!node) { | |
1479 | c->wq = alloc_ordered_workqueue("tipc_crypto", 0); | |
1480 | if (!c->wq) { | |
1481 | kfree(c); | |
1482 | return -ENOMEM; | |
1483 | } | |
1484 | } | |
1485 | ||
fc1b6d6d | 1486 | /* Allocate statistic structure */ |
86c3a3e9 | 1487 | c->stats = alloc_percpu(struct tipc_crypto_stats); |
fc1b6d6d | 1488 | if (!c->stats) { |
ac1db7ac YY |
1489 | if (c->wq) |
1490 | destroy_workqueue(c->wq); | |
453431a5 | 1491 | kfree_sensitive(c); |
fc1b6d6d TL |
1492 | return -ENOMEM; |
1493 | } | |
1494 | ||
daef1ee3 | 1495 | c->flags = 0; |
fc1b6d6d TL |
1496 | c->net = net; |
1497 | c->node = node; | |
1ef6f7c9 | 1498 | get_random_bytes(&c->key_gen, 2); |
fc1b6d6d | 1499 | tipc_crypto_key_set_state(c, 0, 0, 0); |
1ef6f7c9 | 1500 | atomic_set(&c->key_distr, 0); |
fc1b6d6d TL |
1501 | atomic_set(&c->peer_rx_active, 0); |
1502 | atomic64_set(&c->sndnxt, 0); | |
1503 | c->timer1 = jiffies; | |
1504 | c->timer2 = jiffies; | |
23700da2 | 1505 | c->rekeying_intv = TIPC_REKEYING_INTV_DEF; |
fc1b6d6d | 1506 | spin_lock_init(&c->lock); |
f779bf79 TL |
1507 | scnprintf(c->name, 48, "%s(%s)", (is_rx(c)) ? "RX" : "TX", |
1508 | (is_rx(c)) ? tipc_node_get_id_str(c->node) : | |
1509 | tipc_own_id_string(c->net)); | |
fc1b6d6d | 1510 | |
1ef6f7c9 TL |
1511 | if (is_rx(c)) |
1512 | INIT_DELAYED_WORK(&c->work, tipc_crypto_work_rx); | |
23700da2 TL |
1513 | else |
1514 | INIT_DELAYED_WORK(&c->work, tipc_crypto_work_tx); | |
1ef6f7c9 | 1515 | |
f779bf79 | 1516 | *crypto = c; |
fc1b6d6d TL |
1517 | return 0; |
1518 | } | |
1519 | ||
1520 | void tipc_crypto_stop(struct tipc_crypto **crypto) | |
1521 | { | |
1ef6f7c9 | 1522 | struct tipc_crypto *c = *crypto; |
fc1b6d6d TL |
1523 | u8 k; |
1524 | ||
f779bf79 | 1525 | if (!c) |
fc1b6d6d TL |
1526 | return; |
1527 | ||
1ef6f7c9 | 1528 | /* Flush any queued works & destroy wq */ |
23700da2 TL |
1529 | if (is_tx(c)) { |
1530 | c->rekeying_intv = 0; | |
1531 | cancel_delayed_work_sync(&c->work); | |
1ef6f7c9 | 1532 | destroy_workqueue(c->wq); |
23700da2 | 1533 | } |
fc1b6d6d TL |
1534 | |
1535 | /* Release AEAD keys */ | |
1ef6f7c9 | 1536 | rcu_read_lock(); |
fc1b6d6d TL |
1537 | for (k = KEY_MIN; k <= KEY_MAX; k++) |
1538 | tipc_aead_put(rcu_dereference(c->aead[k])); | |
1539 | rcu_read_unlock(); | |
f779bf79 | 1540 | pr_debug("%s: has been stopped\n", c->name); |
fc1b6d6d TL |
1541 | |
1542 | /* Free this crypto statistics */ | |
1543 | free_percpu(c->stats); | |
1544 | ||
1545 | *crypto = NULL; | |
453431a5 | 1546 | kfree_sensitive(c); |
fc1b6d6d TL |
1547 | } |
1548 | ||
1549 | void tipc_crypto_timeout(struct tipc_crypto *rx) | |
1550 | { | |
1551 | struct tipc_net *tn = tipc_net(rx->net); | |
1552 | struct tipc_crypto *tx = tn->crypto_tx; | |
1553 | struct tipc_key key; | |
fc1b6d6d TL |
1554 | int cmd; |
1555 | ||
f779bf79 | 1556 | /* TX pending: taking all users & stable -> active */ |
fc1b6d6d TL |
1557 | spin_lock(&tx->lock); |
1558 | key = tx->key; | |
1559 | if (key.active && tipc_aead_users(tx->aead[key.active]) > 0) | |
1560 | goto s1; | |
1561 | if (!key.pending || tipc_aead_users(tx->aead[key.pending]) <= 0) | |
1562 | goto s1; | |
f779bf79 | 1563 | if (time_before(jiffies, tx->timer1 + TIPC_TX_LASTING_TIME)) |
fc1b6d6d TL |
1564 | goto s1; |
1565 | ||
1566 | tipc_crypto_key_set_state(tx, key.passive, key.pending, 0); | |
1567 | if (key.active) | |
1568 | tipc_crypto_key_detach(tx->aead[key.active], &tx->lock); | |
1569 | this_cpu_inc(tx->stats->stat[STAT_SWITCHES]); | |
f779bf79 | 1570 | pr_info("%s: key[%d] is activated\n", tx->name, key.pending); |
fc1b6d6d TL |
1571 | |
1572 | s1: | |
1573 | spin_unlock(&tx->lock); | |
1574 | ||
f779bf79 | 1575 | /* RX pending: having user -> active */ |
fc1b6d6d TL |
1576 | spin_lock(&rx->lock); |
1577 | key = rx->key; | |
1578 | if (!key.pending || tipc_aead_users(rx->aead[key.pending]) <= 0) | |
1579 | goto s2; | |
1580 | ||
f779bf79 TL |
1581 | if (key.active) |
1582 | key.passive = key.active; | |
1583 | key.active = key.pending; | |
1584 | rx->timer2 = jiffies; | |
1585 | tipc_crypto_key_set_state(rx, key.passive, key.active, 0); | |
fc1b6d6d | 1586 | this_cpu_inc(rx->stats->stat[STAT_SWITCHES]); |
f779bf79 | 1587 | pr_info("%s: key[%d] is activated\n", rx->name, key.pending); |
fc1b6d6d TL |
1588 | goto s5; |
1589 | ||
1590 | s2: | |
f779bf79 TL |
1591 | /* RX pending: not working -> remove */ |
1592 | if (!key.pending || tipc_aead_users(rx->aead[key.pending]) > -10) | |
fc1b6d6d TL |
1593 | goto s3; |
1594 | ||
f779bf79 TL |
1595 | tipc_crypto_key_set_state(rx, key.passive, key.active, 0); |
1596 | tipc_crypto_key_detach(rx->aead[key.pending], &rx->lock); | |
1597 | pr_debug("%s: key[%d] is removed\n", rx->name, key.pending); | |
fc1b6d6d TL |
1598 | goto s5; |
1599 | ||
1600 | s3: | |
f779bf79 | 1601 | /* RX active: timed out or no user -> pending */ |
fc1b6d6d TL |
1602 | if (!key.active) |
1603 | goto s4; | |
f779bf79 TL |
1604 | if (time_before(jiffies, rx->timer1 + TIPC_RX_ACTIVE_LIM) && |
1605 | tipc_aead_users(rx->aead[key.active]) > 0) | |
fc1b6d6d TL |
1606 | goto s4; |
1607 | ||
f779bf79 TL |
1608 | if (key.pending) |
1609 | key.passive = key.active; | |
1610 | else | |
1611 | key.pending = key.active; | |
1612 | rx->timer2 = jiffies; | |
1613 | tipc_crypto_key_set_state(rx, key.passive, 0, key.pending); | |
1614 | tipc_aead_users_set(rx->aead[key.pending], 0); | |
1615 | pr_debug("%s: key[%d] is deactivated\n", rx->name, key.active); | |
fc1b6d6d TL |
1616 | goto s5; |
1617 | ||
1618 | s4: | |
f779bf79 TL |
1619 | /* RX passive: outdated or not working -> free */ |
1620 | if (!key.passive) | |
fc1b6d6d | 1621 | goto s5; |
f779bf79 TL |
1622 | if (time_before(jiffies, rx->timer2 + TIPC_RX_PASSIVE_LIM) && |
1623 | tipc_aead_users(rx->aead[key.passive]) > -10) | |
fc1b6d6d TL |
1624 | goto s5; |
1625 | ||
1626 | tipc_crypto_key_set_state(rx, 0, key.active, key.pending); | |
1627 | tipc_crypto_key_detach(rx->aead[key.passive], &rx->lock); | |
f779bf79 | 1628 | pr_debug("%s: key[%d] is freed\n", rx->name, key.passive); |
fc1b6d6d TL |
1629 | |
1630 | s5: | |
1631 | spin_unlock(&rx->lock); | |
1632 | ||
daef1ee3 TL |
1633 | /* Relax it here, the flag will be set again if it really is, but only |
1634 | * when we are not in grace period for safety! | |
1635 | */ | |
1636 | if (time_after(jiffies, tx->timer2 + TIPC_TX_GRACE_PERIOD)) | |
1637 | tx->legacy_user = 0; | |
1638 | ||
fc1b6d6d TL |
1639 | /* Limit max_tfms & do debug commands if needed */ |
1640 | if (likely(sysctl_tipc_max_tfms <= TIPC_MAX_TFMS_LIM)) | |
1641 | return; | |
1642 | ||
1643 | cmd = sysctl_tipc_max_tfms; | |
1644 | sysctl_tipc_max_tfms = TIPC_MAX_TFMS_DEF; | |
1645 | tipc_crypto_do_cmd(rx->net, cmd); | |
1646 | } | |
1647 | ||
daef1ee3 TL |
1648 | static inline void tipc_crypto_clone_msg(struct net *net, struct sk_buff *_skb, |
1649 | struct tipc_bearer *b, | |
1650 | struct tipc_media_addr *dst, | |
1651 | struct tipc_node *__dnode, u8 type) | |
1652 | { | |
1653 | struct sk_buff *skb; | |
1654 | ||
1655 | skb = skb_clone(_skb, GFP_ATOMIC); | |
1656 | if (skb) { | |
1657 | TIPC_SKB_CB(skb)->xmit_type = type; | |
1658 | tipc_crypto_xmit(net, &skb, b, dst, __dnode); | |
1659 | if (skb) | |
1660 | b->media->send_msg(net, skb, b, dst); | |
1661 | } | |
1662 | } | |
1663 | ||
fc1b6d6d TL |
1664 | /** |
1665 | * tipc_crypto_xmit - Build & encrypt TIPC message for xmit | |
1666 | * @net: struct net | |
1667 | * @skb: input/output message skb pointer | |
1668 | * @b: bearer used for xmit later | |
1669 | * @dst: destination media address | |
1670 | * @__dnode: destination node for reference if any | |
1671 | * | |
1672 | * First, build an encryption message header on the top of the message, then | |
daef1ee3 TL |
1673 | * encrypt the original TIPC message by using the pending, master or active |
1674 | * key with this preference order. | |
fc1b6d6d TL |
1675 | * If the encryption is successful, the encrypted skb is returned directly or |
1676 | * via the callback. | |
1677 | * Otherwise, the skb is freed! | |
1678 | * | |
1679 | * Return: | |
637b77fd RD |
1680 | * * 0 : the encryption has succeeded (or no encryption) |
1681 | * * -EINPROGRESS/-EBUSY : the encryption is ongoing, a callback will be made | |
1682 | * * -ENOKEK : the encryption has failed due to no key | |
1683 | * * -EKEYREVOKED : the encryption has failed due to key revoked | |
1684 | * * -ENOMEM : the encryption has failed due to no memory | |
1685 | * * < 0 : the encryption has failed due to other reasons | |
fc1b6d6d TL |
1686 | */ |
1687 | int tipc_crypto_xmit(struct net *net, struct sk_buff **skb, | |
1688 | struct tipc_bearer *b, struct tipc_media_addr *dst, | |
1689 | struct tipc_node *__dnode) | |
1690 | { | |
1691 | struct tipc_crypto *__rx = tipc_node_crypto_rx(__dnode); | |
1692 | struct tipc_crypto *tx = tipc_net(net)->crypto_tx; | |
1693 | struct tipc_crypto_stats __percpu *stats = tx->stats; | |
f779bf79 | 1694 | struct tipc_msg *hdr = buf_msg(*skb); |
fc1b6d6d TL |
1695 | struct tipc_key key = tx->key; |
1696 | struct tipc_aead *aead = NULL; | |
f779bf79 | 1697 | u32 user = msg_user(hdr); |
daef1ee3 TL |
1698 | u32 type = msg_type(hdr); |
1699 | int rc = -ENOKEY; | |
1700 | u8 tx_key = 0; | |
fc1b6d6d TL |
1701 | |
1702 | /* No encryption? */ | |
1703 | if (!tx->working) | |
1704 | return 0; | |
1705 | ||
daef1ee3 | 1706 | /* Pending key if peer has active on it or probing time */ |
fc1b6d6d TL |
1707 | if (unlikely(key.pending)) { |
1708 | tx_key = key.pending; | |
daef1ee3 | 1709 | if (!tx->key_master && !key.active) |
fc1b6d6d TL |
1710 | goto encrypt; |
1711 | if (__rx && atomic_read(&__rx->peer_rx_active) == tx_key) | |
1712 | goto encrypt; | |
daef1ee3 | 1713 | if (TIPC_SKB_CB(*skb)->xmit_type == SKB_PROBING) { |
f779bf79 TL |
1714 | pr_debug("%s: probing for key[%d]\n", tx->name, |
1715 | key.pending); | |
fc1b6d6d | 1716 | goto encrypt; |
f779bf79 | 1717 | } |
daef1ee3 TL |
1718 | if (user == LINK_CONFIG || user == LINK_PROTOCOL) |
1719 | tipc_crypto_clone_msg(net, *skb, b, dst, __dnode, | |
1720 | SKB_PROBING); | |
1721 | } | |
1722 | ||
1723 | /* Master key if this is a *vital* message or in grace period */ | |
1724 | if (tx->key_master) { | |
1725 | tx_key = KEY_MASTER; | |
1726 | if (!key.active) | |
1727 | goto encrypt; | |
1728 | if (TIPC_SKB_CB(*skb)->xmit_type == SKB_GRACING) { | |
1729 | pr_debug("%s: gracing for msg (%d %d)\n", tx->name, | |
1730 | user, type); | |
1731 | goto encrypt; | |
1732 | } | |
1733 | if (user == LINK_CONFIG || | |
1734 | (user == LINK_PROTOCOL && type == RESET_MSG) || | |
1ef6f7c9 | 1735 | (user == MSG_CRYPTO && type == KEY_DISTR_MSG) || |
daef1ee3 TL |
1736 | time_before(jiffies, tx->timer2 + TIPC_TX_GRACE_PERIOD)) { |
1737 | if (__rx && __rx->key_master && | |
1738 | !atomic_read(&__rx->peer_rx_active)) | |
1739 | goto encrypt; | |
1740 | if (!__rx) { | |
1741 | if (likely(!tx->legacy_user)) | |
1742 | goto encrypt; | |
1743 | tipc_crypto_clone_msg(net, *skb, b, dst, | |
1744 | __dnode, SKB_GRACING); | |
fc1b6d6d TL |
1745 | } |
1746 | } | |
1747 | } | |
daef1ee3 | 1748 | |
fc1b6d6d TL |
1749 | /* Else, use the active key if any */ |
1750 | if (likely(key.active)) { | |
1751 | tx_key = key.active; | |
1752 | goto encrypt; | |
1753 | } | |
daef1ee3 | 1754 | |
fc1b6d6d TL |
1755 | goto exit; |
1756 | ||
1757 | encrypt: | |
1758 | aead = tipc_aead_get(tx->aead[tx_key]); | |
1759 | if (unlikely(!aead)) | |
1760 | goto exit; | |
1761 | rc = tipc_ehdr_build(net, aead, tx_key, *skb, __rx); | |
1762 | if (likely(rc > 0)) | |
1763 | rc = tipc_aead_encrypt(aead, *skb, b, dst, __dnode); | |
1764 | ||
1765 | exit: | |
1766 | switch (rc) { | |
1767 | case 0: | |
1768 | this_cpu_inc(stats->stat[STAT_OK]); | |
1769 | break; | |
1770 | case -EINPROGRESS: | |
1771 | case -EBUSY: | |
1772 | this_cpu_inc(stats->stat[STAT_ASYNC]); | |
1773 | *skb = NULL; | |
1774 | return rc; | |
1775 | default: | |
1776 | this_cpu_inc(stats->stat[STAT_NOK]); | |
1777 | if (rc == -ENOKEY) | |
1778 | this_cpu_inc(stats->stat[STAT_NOKEYS]); | |
1779 | else if (rc == -EKEYREVOKED) | |
1780 | this_cpu_inc(stats->stat[STAT_BADKEYS]); | |
1781 | kfree_skb(*skb); | |
1782 | *skb = NULL; | |
1783 | break; | |
1784 | } | |
1785 | ||
1786 | tipc_aead_put(aead); | |
1787 | return rc; | |
1788 | } | |
1789 | ||
1790 | /** | |
1791 | * tipc_crypto_rcv - Decrypt an encrypted TIPC message from peer | |
1792 | * @net: struct net | |
1793 | * @rx: RX crypto handle | |
1794 | * @skb: input/output message skb pointer | |
1795 | * @b: bearer where the message has been received | |
1796 | * | |
1797 | * If the decryption is successful, the decrypted skb is returned directly or | |
1798 | * as the callback, the encryption header and auth tag will be trimed out | |
1799 | * before forwarding to tipc_rcv() via the tipc_crypto_rcv_complete(). | |
1800 | * Otherwise, the skb will be freed! | |
1801 | * Note: RX key(s) can be re-aligned, or in case of no key suitable, TX | |
1802 | * cluster key(s) can be taken for decryption (- recursive). | |
1803 | * | |
1804 | * Return: | |
637b77fd RD |
1805 | * * 0 : the decryption has successfully completed |
1806 | * * -EINPROGRESS/-EBUSY : the decryption is ongoing, a callback will be made | |
1807 | * * -ENOKEY : the decryption has failed due to no key | |
1808 | * * -EBADMSG : the decryption has failed due to bad message | |
1809 | * * -ENOMEM : the decryption has failed due to no memory | |
1810 | * * < 0 : the decryption has failed due to other reasons | |
fc1b6d6d TL |
1811 | */ |
1812 | int tipc_crypto_rcv(struct net *net, struct tipc_crypto *rx, | |
1813 | struct sk_buff **skb, struct tipc_bearer *b) | |
1814 | { | |
1815 | struct tipc_crypto *tx = tipc_net(net)->crypto_tx; | |
1816 | struct tipc_crypto_stats __percpu *stats; | |
1817 | struct tipc_aead *aead = NULL; | |
1818 | struct tipc_key key; | |
1819 | int rc = -ENOKEY; | |
1ef6f7c9 | 1820 | u8 tx_key, n; |
daef1ee3 TL |
1821 | |
1822 | tx_key = ((struct tipc_ehdr *)(*skb)->data)->tx_key; | |
fc1b6d6d TL |
1823 | |
1824 | /* New peer? | |
1825 | * Let's try with TX key (i.e. cluster mode) & verify the skb first! | |
1826 | */ | |
daef1ee3 | 1827 | if (unlikely(!rx || tx_key == KEY_MASTER)) |
fc1b6d6d TL |
1828 | goto pick_tx; |
1829 | ||
f779bf79 | 1830 | /* Pick RX key according to TX key if any */ |
fc1b6d6d | 1831 | key = rx->key; |
f779bf79 TL |
1832 | if (tx_key == key.active || tx_key == key.pending || |
1833 | tx_key == key.passive) | |
fc1b6d6d | 1834 | goto decrypt; |
fc1b6d6d TL |
1835 | |
1836 | /* Unknown key, let's try to align RX key(s) */ | |
1837 | if (tipc_crypto_key_try_align(rx, tx_key)) | |
1838 | goto decrypt; | |
1839 | ||
1840 | pick_tx: | |
1841 | /* No key suitable? Try to pick one from TX... */ | |
daef1ee3 | 1842 | aead = tipc_crypto_key_pick_tx(tx, rx, *skb, tx_key); |
fc1b6d6d TL |
1843 | if (aead) |
1844 | goto decrypt; | |
1845 | goto exit; | |
1846 | ||
1847 | decrypt: | |
1848 | rcu_read_lock(); | |
1849 | if (!aead) | |
1850 | aead = tipc_aead_get(rx->aead[tx_key]); | |
1851 | rc = tipc_aead_decrypt(net, aead, *skb, b); | |
1852 | rcu_read_unlock(); | |
1853 | ||
1854 | exit: | |
1855 | stats = ((rx) ?: tx)->stats; | |
1856 | switch (rc) { | |
1857 | case 0: | |
1858 | this_cpu_inc(stats->stat[STAT_OK]); | |
1859 | break; | |
1860 | case -EINPROGRESS: | |
1861 | case -EBUSY: | |
1862 | this_cpu_inc(stats->stat[STAT_ASYNC]); | |
1863 | *skb = NULL; | |
1864 | return rc; | |
1865 | default: | |
1866 | this_cpu_inc(stats->stat[STAT_NOK]); | |
1867 | if (rc == -ENOKEY) { | |
1868 | kfree_skb(*skb); | |
1869 | *skb = NULL; | |
1ef6f7c9 TL |
1870 | if (rx) { |
1871 | /* Mark rx->nokey only if we dont have a | |
1872 | * pending received session key, nor a newer | |
1873 | * one i.e. in the next slot. | |
1874 | */ | |
1875 | n = key_next(tx_key); | |
1876 | rx->nokey = !(rx->skey || | |
1877 | rcu_access_pointer(rx->aead[n])); | |
1878 | pr_debug_ratelimited("%s: nokey %d, key %d/%x\n", | |
1879 | rx->name, rx->nokey, | |
1880 | tx_key, rx->key.keys); | |
fc1b6d6d | 1881 | tipc_node_put(rx->node); |
1ef6f7c9 | 1882 | } |
fc1b6d6d TL |
1883 | this_cpu_inc(stats->stat[STAT_NOKEYS]); |
1884 | return rc; | |
1885 | } else if (rc == -EBADMSG) { | |
1886 | this_cpu_inc(stats->stat[STAT_BADMSGS]); | |
1887 | } | |
1888 | break; | |
1889 | } | |
1890 | ||
1891 | tipc_crypto_rcv_complete(net, aead, b, skb, rc); | |
1892 | return rc; | |
1893 | } | |
1894 | ||
1895 | static void tipc_crypto_rcv_complete(struct net *net, struct tipc_aead *aead, | |
1896 | struct tipc_bearer *b, | |
1897 | struct sk_buff **skb, int err) | |
1898 | { | |
1899 | struct tipc_skb_cb *skb_cb = TIPC_SKB_CB(*skb); | |
1900 | struct tipc_crypto *rx = aead->crypto; | |
1901 | struct tipc_aead *tmp = NULL; | |
1902 | struct tipc_ehdr *ehdr; | |
1903 | struct tipc_node *n; | |
fc1b6d6d TL |
1904 | |
1905 | /* Is this completed by TX? */ | |
f779bf79 | 1906 | if (unlikely(is_tx(aead->crypto))) { |
fc1b6d6d | 1907 | rx = skb_cb->tx_clone_ctx.rx; |
f779bf79 TL |
1908 | pr_debug("TX->RX(%s): err %d, aead %p, skb->next %p, flags %x\n", |
1909 | (rx) ? tipc_node_get_id_str(rx->node) : "-", err, aead, | |
1910 | (*skb)->next, skb_cb->flags); | |
1911 | pr_debug("skb_cb [recurs %d, last %p], tx->aead [%p %p %p]\n", | |
1912 | skb_cb->tx_clone_ctx.recurs, skb_cb->tx_clone_ctx.last, | |
1913 | aead->crypto->aead[1], aead->crypto->aead[2], | |
1914 | aead->crypto->aead[3]); | |
fc1b6d6d TL |
1915 | if (unlikely(err)) { |
1916 | if (err == -EBADMSG && (*skb)->next) | |
1917 | tipc_rcv(net, (*skb)->next, b); | |
1918 | goto free_skb; | |
1919 | } | |
1920 | ||
1921 | if (likely((*skb)->next)) { | |
1922 | kfree_skb((*skb)->next); | |
1923 | (*skb)->next = NULL; | |
1924 | } | |
1925 | ehdr = (struct tipc_ehdr *)(*skb)->data; | |
1926 | if (!rx) { | |
1927 | WARN_ON(ehdr->user != LINK_CONFIG); | |
1928 | n = tipc_node_create(net, 0, ehdr->id, 0xffffu, 0, | |
1929 | true); | |
1930 | rx = tipc_node_crypto_rx(n); | |
1931 | if (unlikely(!rx)) | |
1932 | goto free_skb; | |
1933 | } | |
1934 | ||
daef1ee3 TL |
1935 | /* Ignore cloning if it was TX master key */ |
1936 | if (ehdr->tx_key == KEY_MASTER) | |
1937 | goto rcv; | |
fc1b6d6d TL |
1938 | if (tipc_aead_clone(&tmp, aead) < 0) |
1939 | goto rcv; | |
2a2403ca | 1940 | WARN_ON(!refcount_inc_not_zero(&tmp->refcnt)); |
daef1ee3 | 1941 | if (tipc_crypto_key_attach(rx, tmp, ehdr->tx_key, false) < 0) { |
fc1b6d6d TL |
1942 | tipc_aead_free(&tmp->rcu); |
1943 | goto rcv; | |
1944 | } | |
1945 | tipc_aead_put(aead); | |
2a2403ca | 1946 | aead = tmp; |
fc1b6d6d TL |
1947 | } |
1948 | ||
1949 | if (unlikely(err)) { | |
97bc84bb | 1950 | tipc_aead_users_dec((struct tipc_aead __force __rcu *)aead, INT_MIN); |
fc1b6d6d TL |
1951 | goto free_skb; |
1952 | } | |
1953 | ||
1954 | /* Set the RX key's user */ | |
97bc84bb | 1955 | tipc_aead_users_set((struct tipc_aead __force __rcu *)aead, 1); |
fc1b6d6d | 1956 | |
fc1b6d6d TL |
1957 | /* Mark this point, RX works */ |
1958 | rx->timer1 = jiffies; | |
1959 | ||
daef1ee3 | 1960 | rcv: |
fc1b6d6d TL |
1961 | /* Remove ehdr & auth. tag prior to tipc_rcv() */ |
1962 | ehdr = (struct tipc_ehdr *)(*skb)->data; | |
f779bf79 TL |
1963 | |
1964 | /* Mark this point, RX passive still works */ | |
1965 | if (rx->key.passive && ehdr->tx_key == rx->key.passive) | |
1966 | rx->timer2 = jiffies; | |
1967 | ||
1968 | skb_reset_network_header(*skb); | |
fc1b6d6d TL |
1969 | skb_pull(*skb, tipc_ehdr_size(ehdr)); |
1970 | pskb_trim(*skb, (*skb)->len - aead->authsize); | |
1971 | ||
1972 | /* Validate TIPCv2 message */ | |
1973 | if (unlikely(!tipc_msg_validate(skb))) { | |
1974 | pr_err_ratelimited("Packet dropped after decryption!\n"); | |
1975 | goto free_skb; | |
1976 | } | |
1977 | ||
f779bf79 TL |
1978 | /* Ok, everything's fine, try to synch own keys according to peers' */ |
1979 | tipc_crypto_key_synch(rx, *skb); | |
fc1b6d6d TL |
1980 | |
1981 | /* Mark skb decrypted */ | |
1982 | skb_cb->decrypted = 1; | |
1983 | ||
1984 | /* Clear clone cxt if any */ | |
1985 | if (likely(!skb_cb->tx_clone_deferred)) | |
1986 | goto exit; | |
1987 | skb_cb->tx_clone_deferred = 0; | |
1988 | memset(&skb_cb->tx_clone_ctx, 0, sizeof(skb_cb->tx_clone_ctx)); | |
1989 | goto exit; | |
1990 | ||
1991 | free_skb: | |
1992 | kfree_skb(*skb); | |
1993 | *skb = NULL; | |
1994 | ||
1995 | exit: | |
1996 | tipc_aead_put(aead); | |
1997 | if (rx) | |
1998 | tipc_node_put(rx->node); | |
1999 | } | |
2000 | ||
2001 | static void tipc_crypto_do_cmd(struct net *net, int cmd) | |
2002 | { | |
2003 | struct tipc_net *tn = tipc_net(net); | |
2004 | struct tipc_crypto *tx = tn->crypto_tx, *rx; | |
2005 | struct list_head *p; | |
2006 | unsigned int stat; | |
2007 | int i, j, cpu; | |
2008 | char buf[200]; | |
2009 | ||
2010 | /* Currently only one command is supported */ | |
2011 | switch (cmd) { | |
2012 | case 0xfff1: | |
2013 | goto print_stats; | |
2014 | default: | |
2015 | return; | |
2016 | } | |
2017 | ||
2018 | print_stats: | |
2019 | /* Print a header */ | |
2020 | pr_info("\n=============== TIPC Crypto Statistics ===============\n\n"); | |
2021 | ||
2022 | /* Print key status */ | |
2023 | pr_info("Key status:\n"); | |
2024 | pr_info("TX(%7.7s)\n%s", tipc_own_id_string(net), | |
2025 | tipc_crypto_key_dump(tx, buf)); | |
2026 | ||
2027 | rcu_read_lock(); | |
2028 | for (p = tn->node_list.next; p != &tn->node_list; p = p->next) { | |
2029 | rx = tipc_node_crypto_rx_by_list(p); | |
2030 | pr_info("RX(%7.7s)\n%s", tipc_node_get_id_str(rx->node), | |
2031 | tipc_crypto_key_dump(rx, buf)); | |
2032 | } | |
2033 | rcu_read_unlock(); | |
2034 | ||
2035 | /* Print crypto statistics */ | |
2036 | for (i = 0, j = 0; i < MAX_STATS; i++) | |
2037 | j += scnprintf(buf + j, 200 - j, "|%11s ", hstats[i]); | |
f779bf79 | 2038 | pr_info("Counter %s", buf); |
fc1b6d6d TL |
2039 | |
2040 | memset(buf, '-', 115); | |
2041 | buf[115] = '\0'; | |
2042 | pr_info("%s\n", buf); | |
2043 | ||
2044 | j = scnprintf(buf, 200, "TX(%7.7s) ", tipc_own_id_string(net)); | |
2045 | for_each_possible_cpu(cpu) { | |
2046 | for (i = 0; i < MAX_STATS; i++) { | |
2047 | stat = per_cpu_ptr(tx->stats, cpu)->stat[i]; | |
2048 | j += scnprintf(buf + j, 200 - j, "|%11d ", stat); | |
2049 | } | |
2050 | pr_info("%s", buf); | |
2051 | j = scnprintf(buf, 200, "%12s", " "); | |
2052 | } | |
2053 | ||
2054 | rcu_read_lock(); | |
2055 | for (p = tn->node_list.next; p != &tn->node_list; p = p->next) { | |
2056 | rx = tipc_node_crypto_rx_by_list(p); | |
2057 | j = scnprintf(buf, 200, "RX(%7.7s) ", | |
2058 | tipc_node_get_id_str(rx->node)); | |
2059 | for_each_possible_cpu(cpu) { | |
2060 | for (i = 0; i < MAX_STATS; i++) { | |
2061 | stat = per_cpu_ptr(rx->stats, cpu)->stat[i]; | |
2062 | j += scnprintf(buf + j, 200 - j, "|%11d ", | |
2063 | stat); | |
2064 | } | |
2065 | pr_info("%s", buf); | |
2066 | j = scnprintf(buf, 200, "%12s", " "); | |
2067 | } | |
2068 | } | |
2069 | rcu_read_unlock(); | |
2070 | ||
2071 | pr_info("\n======================== Done ========================\n"); | |
2072 | } | |
2073 | ||
2074 | static char *tipc_crypto_key_dump(struct tipc_crypto *c, char *buf) | |
2075 | { | |
2076 | struct tipc_key key = c->key; | |
2077 | struct tipc_aead *aead; | |
2078 | int k, i = 0; | |
2079 | char *s; | |
2080 | ||
2081 | for (k = KEY_MIN; k <= KEY_MAX; k++) { | |
daef1ee3 TL |
2082 | if (k == KEY_MASTER) { |
2083 | if (is_rx(c)) | |
2084 | continue; | |
2085 | if (time_before(jiffies, | |
2086 | c->timer2 + TIPC_TX_GRACE_PERIOD)) | |
2087 | s = "ACT"; | |
2088 | else | |
2089 | s = "PAS"; | |
2090 | } else { | |
2091 | if (k == key.passive) | |
2092 | s = "PAS"; | |
2093 | else if (k == key.active) | |
2094 | s = "ACT"; | |
2095 | else if (k == key.pending) | |
2096 | s = "PEN"; | |
2097 | else | |
2098 | s = "-"; | |
2099 | } | |
fc1b6d6d TL |
2100 | i += scnprintf(buf + i, 200 - i, "\tKey%d: %s", k, s); |
2101 | ||
2102 | rcu_read_lock(); | |
2103 | aead = rcu_dereference(c->aead[k]); | |
2104 | if (aead) | |
2105 | i += scnprintf(buf + i, 200 - i, | |
f779bf79 | 2106 | "{\"0x...%s\", \"%s\"}/%d:%d", |
fc1b6d6d TL |
2107 | aead->hint, |
2108 | (aead->mode == CLUSTER_KEY) ? "c" : "p", | |
2109 | atomic_read(&aead->users), | |
2110 | refcount_read(&aead->refcnt)); | |
2111 | rcu_read_unlock(); | |
2112 | i += scnprintf(buf + i, 200 - i, "\n"); | |
2113 | } | |
2114 | ||
f779bf79 | 2115 | if (is_rx(c)) |
fc1b6d6d TL |
2116 | i += scnprintf(buf + i, 200 - i, "\tPeer RX active: %d\n", |
2117 | atomic_read(&c->peer_rx_active)); | |
2118 | ||
2119 | return buf; | |
2120 | } | |
2121 | ||
fc1b6d6d TL |
2122 | static char *tipc_key_change_dump(struct tipc_key old, struct tipc_key new, |
2123 | char *buf) | |
2124 | { | |
2125 | struct tipc_key *key = &old; | |
2126 | int k, i = 0; | |
2127 | char *s; | |
2128 | ||
2129 | /* Output format: "[%s %s %s] -> [%s %s %s]", max len = 32 */ | |
2130 | again: | |
2131 | i += scnprintf(buf + i, 32 - i, "["); | |
daef1ee3 | 2132 | for (k = KEY_1; k <= KEY_3; k++) { |
fc1b6d6d TL |
2133 | if (k == key->passive) |
2134 | s = "pas"; | |
2135 | else if (k == key->active) | |
2136 | s = "act"; | |
2137 | else if (k == key->pending) | |
2138 | s = "pen"; | |
2139 | else | |
2140 | s = "-"; | |
2141 | i += scnprintf(buf + i, 32 - i, | |
daef1ee3 | 2142 | (k != KEY_3) ? "%s " : "%s", s); |
fc1b6d6d TL |
2143 | } |
2144 | if (key != &new) { | |
2145 | i += scnprintf(buf + i, 32 - i, "] -> "); | |
2146 | key = &new; | |
2147 | goto again; | |
2148 | } | |
2149 | i += scnprintf(buf + i, 32 - i, "]"); | |
2150 | return buf; | |
2151 | } | |
1ef6f7c9 TL |
2152 | |
2153 | /** | |
2154 | * tipc_crypto_msg_rcv - Common 'MSG_CRYPTO' processing point | |
2155 | * @net: the struct net | |
2156 | * @skb: the receiving message buffer | |
2157 | */ | |
2158 | void tipc_crypto_msg_rcv(struct net *net, struct sk_buff *skb) | |
2159 | { | |
2160 | struct tipc_crypto *rx; | |
2161 | struct tipc_msg *hdr; | |
2162 | ||
2163 | if (unlikely(skb_linearize(skb))) | |
2164 | goto exit; | |
2165 | ||
2166 | hdr = buf_msg(skb); | |
2167 | rx = tipc_node_crypto_rx_by_addr(net, msg_prevnode(hdr)); | |
2168 | if (unlikely(!rx)) | |
2169 | goto exit; | |
2170 | ||
2171 | switch (msg_type(hdr)) { | |
2172 | case KEY_DISTR_MSG: | |
2173 | if (tipc_crypto_key_rcv(rx, hdr)) | |
2174 | goto exit; | |
2175 | break; | |
2176 | default: | |
2177 | break; | |
2178 | } | |
2179 | ||
2180 | tipc_node_put(rx->node); | |
2181 | ||
2182 | exit: | |
2183 | kfree_skb(skb); | |
2184 | } | |
2185 | ||
2186 | /** | |
2187 | * tipc_crypto_key_distr - Distribute a TX key | |
2188 | * @tx: the TX crypto | |
2189 | * @key: the key's index | |
2190 | * @dest: the destination tipc node, = NULL if distributing to all nodes | |
2191 | * | |
2192 | * Return: 0 in case of success, otherwise < 0 | |
2193 | */ | |
2194 | int tipc_crypto_key_distr(struct tipc_crypto *tx, u8 key, | |
2195 | struct tipc_node *dest) | |
2196 | { | |
2197 | struct tipc_aead *aead; | |
2198 | u32 dnode = tipc_node_get_addr(dest); | |
2199 | int rc = -ENOKEY; | |
2200 | ||
2201 | if (!sysctl_tipc_key_exchange_enabled) | |
2202 | return 0; | |
2203 | ||
2204 | if (key) { | |
2205 | rcu_read_lock(); | |
2206 | aead = tipc_aead_get(tx->aead[key]); | |
2207 | if (likely(aead)) { | |
2208 | rc = tipc_crypto_key_xmit(tx->net, aead->key, | |
2209 | aead->gen, aead->mode, | |
2210 | dnode); | |
2211 | tipc_aead_put(aead); | |
2212 | } | |
2213 | rcu_read_unlock(); | |
2214 | } | |
2215 | ||
2216 | return rc; | |
2217 | } | |
2218 | ||
2219 | /** | |
2220 | * tipc_crypto_key_xmit - Send a session key | |
2221 | * @net: the struct net | |
2222 | * @skey: the session key to be sent | |
2223 | * @gen: the key's generation | |
2224 | * @mode: the key's mode | |
2225 | * @dnode: the destination node address, = 0 if broadcasting to all nodes | |
2226 | * | |
2227 | * The session key 'skey' is packed in a TIPC v2 'MSG_CRYPTO/KEY_DISTR_MSG' | |
2228 | * as its data section, then xmit-ed through the uc/bc link. | |
2229 | * | |
2230 | * Return: 0 in case of success, otherwise < 0 | |
2231 | */ | |
2232 | static int tipc_crypto_key_xmit(struct net *net, struct tipc_aead_key *skey, | |
2233 | u16 gen, u8 mode, u32 dnode) | |
2234 | { | |
2235 | struct sk_buff_head pkts; | |
2236 | struct tipc_msg *hdr; | |
2237 | struct sk_buff *skb; | |
2238 | u16 size, cong_link_cnt; | |
2239 | u8 *data; | |
2240 | int rc; | |
2241 | ||
2242 | size = tipc_aead_key_size(skey); | |
2243 | skb = tipc_buf_acquire(INT_H_SIZE + size, GFP_ATOMIC); | |
2244 | if (!skb) | |
2245 | return -ENOMEM; | |
2246 | ||
2247 | hdr = buf_msg(skb); | |
2248 | tipc_msg_init(tipc_own_addr(net), hdr, MSG_CRYPTO, KEY_DISTR_MSG, | |
2249 | INT_H_SIZE, dnode); | |
2250 | msg_set_size(hdr, INT_H_SIZE + size); | |
2251 | msg_set_key_gen(hdr, gen); | |
2252 | msg_set_key_mode(hdr, mode); | |
2253 | ||
2254 | data = msg_data(hdr); | |
2255 | *((__be32 *)(data + TIPC_AEAD_ALG_NAME)) = htonl(skey->keylen); | |
2256 | memcpy(data, skey->alg_name, TIPC_AEAD_ALG_NAME); | |
2257 | memcpy(data + TIPC_AEAD_ALG_NAME + sizeof(__be32), skey->key, | |
2258 | skey->keylen); | |
2259 | ||
2260 | __skb_queue_head_init(&pkts); | |
2261 | __skb_queue_tail(&pkts, skb); | |
2262 | if (dnode) | |
2263 | rc = tipc_node_xmit(net, &pkts, dnode, 0); | |
2264 | else | |
2265 | rc = tipc_bcast_xmit(net, &pkts, &cong_link_cnt); | |
2266 | ||
2267 | return rc; | |
2268 | } | |
2269 | ||
2270 | /** | |
2271 | * tipc_crypto_key_rcv - Receive a session key | |
2272 | * @rx: the RX crypto | |
2273 | * @hdr: the TIPC v2 message incl. the receiving session key in its data | |
2274 | * | |
2275 | * This function retrieves the session key in the message from peer, then | |
2276 | * schedules a RX work to attach the key to the corresponding RX crypto. | |
2277 | * | |
2278 | * Return: "true" if the key has been scheduled for attaching, otherwise | |
2279 | * "false". | |
2280 | */ | |
2281 | static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr) | |
2282 | { | |
2283 | struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; | |
2284 | struct tipc_aead_key *skey = NULL; | |
2285 | u16 key_gen = msg_key_gen(hdr); | |
2286 | u16 size = msg_data_sz(hdr); | |
2287 | u8 *data = msg_data(hdr); | |
fa40d973 MV |
2288 | unsigned int keylen; |
2289 | ||
2290 | /* Verify whether the size can exist in the packet */ | |
2291 | if (unlikely(size < sizeof(struct tipc_aead_key) + TIPC_AEAD_KEYLEN_MIN)) { | |
2292 | pr_debug("%s: message data size is too small\n", rx->name); | |
2293 | goto exit; | |
2294 | } | |
2295 | ||
2296 | keylen = ntohl(*((__be32 *)(data + TIPC_AEAD_ALG_NAME))); | |
2297 | ||
2298 | /* Verify the supplied size values */ | |
2299 | if (unlikely(size != keylen + sizeof(struct tipc_aead_key) || | |
2300 | keylen > TIPC_AEAD_KEY_SIZE_MAX)) { | |
2301 | pr_debug("%s: invalid MSG_CRYPTO key size\n", rx->name); | |
2302 | goto exit; | |
2303 | } | |
1ef6f7c9 TL |
2304 | |
2305 | spin_lock(&rx->lock); | |
2306 | if (unlikely(rx->skey || (key_gen == rx->key_gen && rx->key.keys))) { | |
2307 | pr_err("%s: key existed <%p>, gen %d vs %d\n", rx->name, | |
2308 | rx->skey, key_gen, rx->key_gen); | |
fa40d973 | 2309 | goto exit_unlock; |
1ef6f7c9 TL |
2310 | } |
2311 | ||
2312 | /* Allocate memory for the key */ | |
2313 | skey = kmalloc(size, GFP_ATOMIC); | |
2314 | if (unlikely(!skey)) { | |
2315 | pr_err("%s: unable to allocate memory for skey\n", rx->name); | |
fa40d973 | 2316 | goto exit_unlock; |
1ef6f7c9 TL |
2317 | } |
2318 | ||
2319 | /* Copy key from msg data */ | |
fa40d973 | 2320 | skey->keylen = keylen; |
1ef6f7c9 TL |
2321 | memcpy(skey->alg_name, data, TIPC_AEAD_ALG_NAME); |
2322 | memcpy(skey->key, data + TIPC_AEAD_ALG_NAME + sizeof(__be32), | |
2323 | skey->keylen); | |
2324 | ||
1ef6f7c9 TL |
2325 | rx->key_gen = key_gen; |
2326 | rx->skey_mode = msg_key_mode(hdr); | |
2327 | rx->skey = skey; | |
2328 | rx->nokey = 0; | |
2329 | mb(); /* for nokey flag */ | |
2330 | ||
fa40d973 | 2331 | exit_unlock: |
1ef6f7c9 TL |
2332 | spin_unlock(&rx->lock); |
2333 | ||
fa40d973 | 2334 | exit: |
1ef6f7c9 TL |
2335 | /* Schedule the key attaching on this crypto */ |
2336 | if (likely(skey && queue_delayed_work(tx->wq, &rx->work, 0))) | |
2337 | return true; | |
2338 | ||
2339 | return false; | |
2340 | } | |
2341 | ||
2342 | /** | |
2343 | * tipc_crypto_work_rx - Scheduled RX works handler | |
2344 | * @work: the struct RX work | |
2345 | * | |
2346 | * The function processes the previous scheduled works i.e. distributing TX key | |
2347 | * or attaching a received session key on RX crypto. | |
2348 | */ | |
2349 | static void tipc_crypto_work_rx(struct work_struct *work) | |
2350 | { | |
2351 | struct delayed_work *dwork = to_delayed_work(work); | |
2352 | struct tipc_crypto *rx = container_of(dwork, struct tipc_crypto, work); | |
2353 | struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; | |
2354 | unsigned long delay = msecs_to_jiffies(5000); | |
2355 | bool resched = false; | |
2356 | u8 key; | |
2357 | int rc; | |
2358 | ||
2359 | /* Case 1: Distribute TX key to peer if scheduled */ | |
2360 | if (atomic_cmpxchg(&rx->key_distr, | |
2361 | KEY_DISTR_SCHED, | |
2362 | KEY_DISTR_COMPL) == KEY_DISTR_SCHED) { | |
2363 | /* Always pick the newest one for distributing */ | |
2364 | key = tx->key.pending ?: tx->key.active; | |
2365 | rc = tipc_crypto_key_distr(tx, key, rx->node); | |
2366 | if (unlikely(rc)) | |
2367 | pr_warn("%s: unable to distr key[%d] to %s, err %d\n", | |
2368 | tx->name, key, tipc_node_get_id_str(rx->node), | |
2369 | rc); | |
2370 | ||
2371 | /* Sched for key_distr releasing */ | |
2372 | resched = true; | |
2373 | } else { | |
2374 | atomic_cmpxchg(&rx->key_distr, KEY_DISTR_COMPL, 0); | |
2375 | } | |
2376 | ||
2377 | /* Case 2: Attach a pending received session key from peer if any */ | |
2378 | if (rx->skey) { | |
2379 | rc = tipc_crypto_key_init(rx, rx->skey, rx->skey_mode, false); | |
2380 | if (unlikely(rc < 0)) | |
2381 | pr_warn("%s: unable to attach received skey, err %d\n", | |
2382 | rx->name, rc); | |
2383 | switch (rc) { | |
2384 | case -EBUSY: | |
2385 | case -ENOMEM: | |
2386 | /* Resched the key attaching */ | |
2387 | resched = true; | |
2388 | break; | |
2389 | default: | |
2390 | synchronize_rcu(); | |
2391 | kfree(rx->skey); | |
2392 | rx->skey = NULL; | |
2393 | break; | |
2394 | } | |
2395 | } | |
2396 | ||
2397 | if (resched && queue_delayed_work(tx->wq, &rx->work, delay)) | |
2398 | return; | |
2399 | ||
2400 | tipc_node_put(rx->node); | |
2401 | } | |
23700da2 TL |
2402 | |
2403 | /** | |
2404 | * tipc_crypto_rekeying_sched - (Re)schedule rekeying w/o new interval | |
2405 | * @tx: TX crypto | |
2406 | * @changed: if the rekeying needs to be rescheduled with new interval | |
2407 | * @new_intv: new rekeying interval (when "changed" = true) | |
2408 | */ | |
2409 | void tipc_crypto_rekeying_sched(struct tipc_crypto *tx, bool changed, | |
2410 | u32 new_intv) | |
2411 | { | |
2412 | unsigned long delay; | |
2413 | bool now = false; | |
2414 | ||
2415 | if (changed) { | |
2416 | if (new_intv == TIPC_REKEYING_NOW) | |
2417 | now = true; | |
2418 | else | |
2419 | tx->rekeying_intv = new_intv; | |
2420 | cancel_delayed_work_sync(&tx->work); | |
2421 | } | |
2422 | ||
2423 | if (tx->rekeying_intv || now) { | |
2424 | delay = (now) ? 0 : tx->rekeying_intv * 60 * 1000; | |
2425 | queue_delayed_work(tx->wq, &tx->work, msecs_to_jiffies(delay)); | |
2426 | } | |
2427 | } | |
2428 | ||
2429 | /** | |
2430 | * tipc_crypto_work_tx - Scheduled TX works handler | |
2431 | * @work: the struct TX work | |
2432 | * | |
2433 | * The function processes the previous scheduled work, i.e. key rekeying, by | |
2434 | * generating a new session key based on current one, then attaching it to the | |
2435 | * TX crypto and finally distributing it to peers. It also re-schedules the | |
2436 | * rekeying if needed. | |
2437 | */ | |
2438 | static void tipc_crypto_work_tx(struct work_struct *work) | |
2439 | { | |
2440 | struct delayed_work *dwork = to_delayed_work(work); | |
2441 | struct tipc_crypto *tx = container_of(dwork, struct tipc_crypto, work); | |
2442 | struct tipc_aead_key *skey = NULL; | |
2443 | struct tipc_key key = tx->key; | |
2444 | struct tipc_aead *aead; | |
2445 | int rc = -ENOMEM; | |
2446 | ||
2447 | if (unlikely(key.pending)) | |
2448 | goto resched; | |
2449 | ||
2450 | /* Take current key as a template */ | |
2451 | rcu_read_lock(); | |
2452 | aead = rcu_dereference(tx->aead[key.active ?: KEY_MASTER]); | |
2453 | if (unlikely(!aead)) { | |
2454 | rcu_read_unlock(); | |
2455 | /* At least one key should exist for securing */ | |
2456 | return; | |
2457 | } | |
2458 | ||
2459 | /* Lets duplicate it first */ | |
86c3a3e9 | 2460 | skey = kmemdup(aead->key, tipc_aead_key_size(aead->key), GFP_KERNEL); |
23700da2 TL |
2461 | rcu_read_unlock(); |
2462 | ||
2463 | /* Now, generate new key, initiate & distribute it */ | |
2464 | if (likely(skey)) { | |
2465 | rc = tipc_aead_key_generate(skey) ?: | |
2466 | tipc_crypto_key_init(tx, skey, PER_NODE_KEY, false); | |
2467 | if (likely(rc > 0)) | |
2468 | rc = tipc_crypto_key_distr(tx, rc, NULL); | |
23224e45 | 2469 | kfree_sensitive(skey); |
23700da2 TL |
2470 | } |
2471 | ||
2472 | if (unlikely(rc)) | |
2473 | pr_warn_ratelimited("%s: rekeying returns %d\n", tx->name, rc); | |
2474 | ||
2475 | resched: | |
2476 | /* Re-schedule rekeying if any */ | |
2477 | tipc_crypto_rekeying_sched(tx, false, 0); | |
2478 | } |