Commit 73d3864a authored by Herbert Xu's avatar Herbert Xu

crypto: api - Use test infrastructure

This patch makes use of the new testing infrastructure by requiring
algorithms to pass a run-time test before they're made available to
users.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent da7f033d
...@@ -21,6 +21,8 @@ ...@@ -21,6 +21,8 @@
#include "internal.h" #include "internal.h"
static void crypto_remove_final(struct list_head *list);
static LIST_HEAD(crypto_template_list); static LIST_HEAD(crypto_template_list);
void crypto_larval_error(const char *name, u32 type, u32 mask) void crypto_larval_error(const char *name, u32 type, u32 mask)
...@@ -126,23 +128,97 @@ static void crypto_remove_spawns(struct list_head *spawns, ...@@ -126,23 +128,97 @@ static void crypto_remove_spawns(struct list_head *spawns,
} }
} }
static int __crypto_register_alg(struct crypto_alg *alg, static struct crypto_larval *__crypto_register_alg(struct crypto_alg *alg)
struct list_head *list)
{ {
struct crypto_alg *q; struct crypto_alg *q;
struct crypto_larval *larval;
int ret = -EAGAIN; int ret = -EAGAIN;
if (crypto_is_dead(alg)) if (crypto_is_dead(alg))
goto out; goto err;
INIT_LIST_HEAD(&alg->cra_users); INIT_LIST_HEAD(&alg->cra_users);
/* No cheating! */
alg->cra_flags &= ~CRYPTO_ALG_TESTED;
ret = -EEXIST; ret = -EEXIST;
atomic_set(&alg->cra_refcnt, 1); atomic_set(&alg->cra_refcnt, 1);
list_for_each_entry(q, &crypto_alg_list, cra_list) { list_for_each_entry(q, &crypto_alg_list, cra_list) {
if (q == alg) if (q == alg)
goto err;
if (crypto_is_larval(q)) {
if (!strcmp(alg->cra_driver_name, q->cra_driver_name))
goto err;
continue;
}
if (!strcmp(q->cra_driver_name, alg->cra_name) ||
!strcmp(q->cra_name, alg->cra_driver_name))
goto err;
}
larval = crypto_larval_alloc(alg->cra_name,
alg->cra_flags | CRYPTO_ALG_TESTED, 0);
if (IS_ERR(larval))
goto out;
ret = -ENOENT;
larval->adult = crypto_mod_get(alg);
if (!larval->adult)
goto free_larval;
atomic_set(&larval->alg.cra_refcnt, 1);
memcpy(larval->alg.cra_driver_name, alg->cra_driver_name,
CRYPTO_MAX_ALG_NAME);
larval->alg.cra_priority = alg->cra_priority;
list_add(&alg->cra_list, &crypto_alg_list);
list_add(&larval->alg.cra_list, &crypto_alg_list);
out:
return larval;
free_larval:
kfree(larval);
err:
larval = ERR_PTR(ret);
goto out; goto out;
}
void crypto_alg_tested(const char *name, int err)
{
struct crypto_larval *test;
struct crypto_alg *alg;
struct crypto_alg *q;
LIST_HEAD(list);
down_write(&crypto_alg_sem);
list_for_each_entry(q, &crypto_alg_list, cra_list) {
if (!crypto_is_larval(q))
continue;
test = (struct crypto_larval *)q;
if (!strcmp(q->cra_driver_name, name))
goto found;
}
printk(KERN_ERR "alg: Unexpected test result for %s: %d\n", name, err);
goto unlock;
found:
alg = test->adult;
if (err || list_empty(&alg->cra_list))
goto complete;
alg->cra_flags |= CRYPTO_ALG_TESTED;
list_for_each_entry(q, &crypto_alg_list, cra_list) {
if (q == alg)
continue;
if (crypto_is_moribund(q)) if (crypto_is_moribund(q))
continue; continue;
...@@ -178,17 +254,18 @@ static int __crypto_register_alg(struct crypto_alg *alg, ...@@ -178,17 +254,18 @@ static int __crypto_register_alg(struct crypto_alg *alg,
q->cra_priority > alg->cra_priority) q->cra_priority > alg->cra_priority)
continue; continue;
crypto_remove_spawns(&q->cra_users, list, alg->cra_flags); crypto_remove_spawns(&q->cra_users, &list, alg->cra_flags);
} }
list_add(&alg->cra_list, &crypto_alg_list); complete:
complete_all(&test->completion);
crypto_notify(CRYPTO_MSG_ALG_REGISTER, alg); unlock:
ret = 0; up_write(&crypto_alg_sem);
out: crypto_remove_final(&list);
return ret;
} }
EXPORT_SYMBOL_GPL(crypto_alg_tested);
static void crypto_remove_final(struct list_head *list) static void crypto_remove_final(struct list_head *list)
{ {
...@@ -201,9 +278,27 @@ static void crypto_remove_final(struct list_head *list) ...@@ -201,9 +278,27 @@ static void crypto_remove_final(struct list_head *list)
} }
} }
static void crypto_wait_for_test(struct crypto_larval *larval)
{
int err;
err = crypto_probing_notify(CRYPTO_MSG_ALG_REGISTER, larval->adult);
if (err != NOTIFY_STOP) {
if (WARN_ON(err != NOTIFY_DONE))
goto out;
crypto_alg_tested(larval->alg.cra_driver_name, 0);
}
err = wait_for_completion_interruptible(&larval->completion);
WARN_ON(err);
out:
crypto_larval_kill(&larval->alg);
}
int crypto_register_alg(struct crypto_alg *alg) int crypto_register_alg(struct crypto_alg *alg)
{ {
LIST_HEAD(list); struct crypto_larval *larval;
int err; int err;
err = crypto_check_alg(alg); err = crypto_check_alg(alg);
...@@ -211,11 +306,14 @@ int crypto_register_alg(struct crypto_alg *alg) ...@@ -211,11 +306,14 @@ int crypto_register_alg(struct crypto_alg *alg)
return err; return err;
down_write(&crypto_alg_sem); down_write(&crypto_alg_sem);
err = __crypto_register_alg(alg, &list); larval = __crypto_register_alg(alg);
up_write(&crypto_alg_sem); up_write(&crypto_alg_sem);
crypto_remove_final(&list); if (IS_ERR(larval))
return err; return PTR_ERR(larval);
crypto_wait_for_test(larval);
return 0;
} }
EXPORT_SYMBOL_GPL(crypto_register_alg); EXPORT_SYMBOL_GPL(crypto_register_alg);
...@@ -333,8 +431,8 @@ EXPORT_SYMBOL_GPL(crypto_lookup_template); ...@@ -333,8 +431,8 @@ EXPORT_SYMBOL_GPL(crypto_lookup_template);
int crypto_register_instance(struct crypto_template *tmpl, int crypto_register_instance(struct crypto_template *tmpl,
struct crypto_instance *inst) struct crypto_instance *inst)
{ {
LIST_HEAD(list); struct crypto_larval *larval;
int err = -EINVAL; int err;
err = crypto_check_alg(&inst->alg); err = crypto_check_alg(&inst->alg);
if (err) if (err)
...@@ -344,8 +442,8 @@ int crypto_register_instance(struct crypto_template *tmpl, ...@@ -344,8 +442,8 @@ int crypto_register_instance(struct crypto_template *tmpl,
down_write(&crypto_alg_sem); down_write(&crypto_alg_sem);
err = __crypto_register_alg(&inst->alg, &list); larval = __crypto_register_alg(&inst->alg);
if (err) if (IS_ERR(larval))
goto unlock; goto unlock;
hlist_add_head(&inst->list, &tmpl->instances); hlist_add_head(&inst->list, &tmpl->instances);
...@@ -354,7 +452,12 @@ int crypto_register_instance(struct crypto_template *tmpl, ...@@ -354,7 +452,12 @@ int crypto_register_instance(struct crypto_template *tmpl,
unlock: unlock:
up_write(&crypto_alg_sem); up_write(&crypto_alg_sem);
crypto_remove_final(&list); err = PTR_ERR(larval);
if (IS_ERR(larval))
goto err;
crypto_wait_for_test(larval);
err = 0;
err: err:
return err; return err;
......
...@@ -45,6 +45,15 @@ struct cryptomgr_param { ...@@ -45,6 +45,15 @@ struct cryptomgr_param {
char larval[CRYPTO_MAX_ALG_NAME]; char larval[CRYPTO_MAX_ALG_NAME];
char template[CRYPTO_MAX_ALG_NAME]; char template[CRYPTO_MAX_ALG_NAME];
u32 otype;
u32 omask;
};
struct crypto_test_param {
char driver[CRYPTO_MAX_ALG_NAME];
char alg[CRYPTO_MAX_ALG_NAME];
u32 type;
}; };
static int cryptomgr_probe(void *data) static int cryptomgr_probe(void *data)
...@@ -76,8 +85,7 @@ static int cryptomgr_probe(void *data) ...@@ -76,8 +85,7 @@ static int cryptomgr_probe(void *data)
module_put_and_exit(0); module_put_and_exit(0);
err: err:
crypto_larval_error(param->larval, param->type.data.type, crypto_larval_error(param->larval, param->otype, param->omask);
param->type.data.mask);
goto out; goto out;
} }
...@@ -169,13 +177,68 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval) ...@@ -169,13 +177,68 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval)
param->type.attr.rta_len = sizeof(param->type); param->type.attr.rta_len = sizeof(param->type);
param->type.attr.rta_type = CRYPTOA_TYPE; param->type.attr.rta_type = CRYPTOA_TYPE;
param->type.data.type = larval->alg.cra_flags; param->type.data.type = larval->alg.cra_flags & ~CRYPTO_ALG_TESTED;
param->type.data.mask = larval->mask; param->type.data.mask = larval->mask & ~CRYPTO_ALG_TESTED;
param->tb[0] = &param->type.attr; param->tb[0] = &param->type.attr;
param->otype = larval->alg.cra_flags;
param->omask = larval->mask;
memcpy(param->larval, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME); memcpy(param->larval, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME);
thread = kthread_run(cryptomgr_probe, param, "cryptomgr"); thread = kthread_run(cryptomgr_probe, param, "cryptomgr_probe");
if (IS_ERR(thread))
goto err_free_param;
return NOTIFY_STOP;
err_free_param:
kfree(param);
err_put_module:
module_put(THIS_MODULE);
err:
return NOTIFY_OK;
}
static int cryptomgr_test(void *data)
{
struct crypto_test_param *param = data;
u32 type = param->type;
int err = 0;
if (!((type ^ CRYPTO_ALG_TYPE_BLKCIPHER) &
CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV))
goto skiptest;
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER)
goto skiptest;
err = alg_test(param->driver, param->alg, 0, CRYPTO_ALG_TESTED);
skiptest:
crypto_alg_tested(param->driver, err);
kfree(param);
module_put_and_exit(0);
}
static int cryptomgr_schedule_test(struct crypto_alg *alg)
{
struct task_struct *thread;
struct crypto_test_param *param;
if (!try_module_get(THIS_MODULE))
goto err;
param = kzalloc(sizeof(*param), GFP_KERNEL);
if (!param)
goto err_put_module;
memcpy(param->driver, alg->cra_driver_name, sizeof(param->driver));
memcpy(param->alg, alg->cra_name, sizeof(param->alg));
param->type = alg->cra_flags;
thread = kthread_run(cryptomgr_test, param, "cryptomgr_test");
if (IS_ERR(thread)) if (IS_ERR(thread))
goto err_free_param; goto err_free_param;
...@@ -195,6 +258,8 @@ static int cryptomgr_notify(struct notifier_block *this, unsigned long msg, ...@@ -195,6 +258,8 @@ static int cryptomgr_notify(struct notifier_block *this, unsigned long msg,
switch (msg) { switch (msg) {
case CRYPTO_MSG_ALG_REQUEST: case CRYPTO_MSG_ALG_REQUEST:
return cryptomgr_schedule_probe(data); return cryptomgr_schedule_probe(data);
case CRYPTO_MSG_ALG_REGISTER:
return cryptomgr_schedule_test(data);
} }
return NOTIFY_DONE; return NOTIFY_DONE;
......
...@@ -55,6 +55,11 @@ void crypto_mod_put(struct crypto_alg *alg) ...@@ -55,6 +55,11 @@ void crypto_mod_put(struct crypto_alg *alg)
} }
EXPORT_SYMBOL_GPL(crypto_mod_put); EXPORT_SYMBOL_GPL(crypto_mod_put);
static inline int crypto_is_test_larval(struct crypto_larval *larval)
{
return larval->alg.cra_driver_name[0];
}
static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type,
u32 mask) u32 mask)
{ {
...@@ -71,6 +76,7 @@ static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, ...@@ -71,6 +76,7 @@ static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type,
continue; continue;
if (crypto_is_larval(q) && if (crypto_is_larval(q) &&
!crypto_is_test_larval((struct crypto_larval *)q) &&
((struct crypto_larval *)q)->mask != mask) ((struct crypto_larval *)q)->mask != mask)
continue; continue;
...@@ -104,10 +110,8 @@ static void crypto_larval_destroy(struct crypto_alg *alg) ...@@ -104,10 +110,8 @@ static void crypto_larval_destroy(struct crypto_alg *alg)
kfree(larval); kfree(larval);
} }
static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type, struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
u32 mask)
{ {
struct crypto_alg *alg;
struct crypto_larval *larval; struct crypto_larval *larval;
larval = kzalloc(sizeof(*larval), GFP_KERNEL); larval = kzalloc(sizeof(*larval), GFP_KERNEL);
...@@ -119,10 +123,25 @@ static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type, ...@@ -119,10 +123,25 @@ static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type,
larval->alg.cra_priority = -1; larval->alg.cra_priority = -1;
larval->alg.cra_destroy = crypto_larval_destroy; larval->alg.cra_destroy = crypto_larval_destroy;
atomic_set(&larval->alg.cra_refcnt, 2);
strlcpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME); strlcpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME);
init_completion(&larval->completion); init_completion(&larval->completion);
return larval;
}
EXPORT_SYMBOL_GPL(crypto_larval_alloc);
static struct crypto_alg *crypto_larval_add(const char *name, u32 type,
u32 mask)
{
struct crypto_alg *alg;
struct crypto_larval *larval;
larval = crypto_larval_alloc(name, type, mask);
if (IS_ERR(larval))
return ERR_CAST(larval);
atomic_set(&larval->alg.cra_refcnt, 2);
down_write(&crypto_alg_sem); down_write(&crypto_alg_sem);
alg = __crypto_alg_lookup(name, type, mask); alg = __crypto_alg_lookup(name, type, mask);
if (!alg) { if (!alg) {
...@@ -152,14 +171,23 @@ EXPORT_SYMBOL_GPL(crypto_larval_kill); ...@@ -152,14 +171,23 @@ EXPORT_SYMBOL_GPL(crypto_larval_kill);
static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg)
{ {
struct crypto_larval *larval = (void *)alg; struct crypto_larval *larval = (void *)alg;
long timeout;
timeout = wait_for_completion_interruptible_timeout(
&larval->completion, 60 * HZ);
wait_for_completion_interruptible_timeout(&larval->completion, 60 * HZ);
alg = larval->adult; alg = larval->adult;
if (alg) { if (timeout < 0)
if (!crypto_mod_get(alg)) alg = ERR_PTR(-EINTR);
alg = ERR_PTR(-EAGAIN); else if (!timeout)
} else alg = ERR_PTR(-ETIMEDOUT);
else if (!alg)
alg = ERR_PTR(-ENOENT); alg = ERR_PTR(-ENOENT);
else if (crypto_is_test_larval(larval) &&
!(alg->cra_flags & CRYPTO_ALG_TESTED))
alg = ERR_PTR(-EAGAIN);
else if (!crypto_mod_get(alg))
alg = ERR_PTR(-EAGAIN);
crypto_mod_put(&larval->alg); crypto_mod_put(&larval->alg);
return alg; return alg;
...@@ -192,25 +220,40 @@ struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask) ...@@ -192,25 +220,40 @@ struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask)
if (alg) if (alg)
return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg; return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg;
return crypto_larval_alloc(name, type, mask); return crypto_larval_add(name, type, mask);
} }
EXPORT_SYMBOL_GPL(crypto_larval_lookup); EXPORT_SYMBOL_GPL(crypto_larval_lookup);
int crypto_probing_notify(unsigned long val, void *v)
{
int ok;
ok = blocking_notifier_call_chain(&crypto_chain, val, v);
if (ok == NOTIFY_DONE) {
request_module("cryptomgr");
ok = blocking_notifier_call_chain(&crypto_chain, val, v);
}
return ok;
}
EXPORT_SYMBOL_GPL(crypto_probing_notify);
struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask) struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask)
{ {
struct crypto_alg *alg; struct crypto_alg *alg;
struct crypto_alg *larval; struct crypto_alg *larval;
int ok; int ok;
if (!(mask & CRYPTO_ALG_TESTED)) {
type |= CRYPTO_ALG_TESTED;
mask |= CRYPTO_ALG_TESTED;
}
larval = crypto_larval_lookup(name, type, mask); larval = crypto_larval_lookup(name, type, mask);
if (IS_ERR(larval) || !crypto_is_larval(larval)) if (IS_ERR(larval) || !crypto_is_larval(larval))
return larval; return larval;
ok = crypto_notify(CRYPTO_MSG_ALG_REQUEST, larval); ok = crypto_probing_notify(CRYPTO_MSG_ALG_REQUEST, larval);
if (ok == NOTIFY_DONE) {
request_module("cryptomgr");
ok = crypto_notify(CRYPTO_MSG_ALG_REQUEST, larval);
}
if (ok == NOTIFY_STOP) if (ok == NOTIFY_STOP)
alg = crypto_larval_wait(larval); alg = crypto_larval_wait(larval);
......
...@@ -94,9 +94,11 @@ void crypto_exit_digest_ops(struct crypto_tfm *tfm); ...@@ -94,9 +94,11 @@ void crypto_exit_digest_ops(struct crypto_tfm *tfm);
void crypto_exit_cipher_ops(struct crypto_tfm *tfm); void crypto_exit_cipher_ops(struct crypto_tfm *tfm);
void crypto_exit_compress_ops(struct crypto_tfm *tfm); void crypto_exit_compress_ops(struct crypto_tfm *tfm);
struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask);
void crypto_larval_kill(struct crypto_alg *alg); void crypto_larval_kill(struct crypto_alg *alg);
struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask); struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask);
void crypto_larval_error(const char *name, u32 type, u32 mask); void crypto_larval_error(const char *name, u32 type, u32 mask);
void crypto_alg_tested(const char *name, int err);
void crypto_shoot_alg(struct crypto_alg *alg); void crypto_shoot_alg(struct crypto_alg *alg);
struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
...@@ -107,6 +109,7 @@ int crypto_register_instance(struct crypto_template *tmpl, ...@@ -107,6 +109,7 @@ int crypto_register_instance(struct crypto_template *tmpl,
int crypto_register_notifier(struct notifier_block *nb); int crypto_register_notifier(struct notifier_block *nb);
int crypto_unregister_notifier(struct notifier_block *nb); int crypto_unregister_notifier(struct notifier_block *nb);
int crypto_probing_notify(unsigned long val, void *v);
int __init testmgr_init(void); int __init testmgr_init(void);
void testmgr_exit(void); void testmgr_exit(void);
...@@ -142,9 +145,9 @@ static inline int crypto_is_moribund(struct crypto_alg *alg) ...@@ -142,9 +145,9 @@ static inline int crypto_is_moribund(struct crypto_alg *alg)
return alg->cra_flags & (CRYPTO_ALG_DEAD | CRYPTO_ALG_DYING); return alg->cra_flags & (CRYPTO_ALG_DEAD | CRYPTO_ALG_DYING);
} }
static inline int crypto_notify(unsigned long val, void *v) static inline void crypto_notify(unsigned long val, void *v)
{ {
return blocking_notifier_call_chain(&crypto_chain, val, v); blocking_notifier_call_chain(&crypto_chain, val, v);
} }
#endif /* _CRYPTO_INTERNAL_H */ #endif /* _CRYPTO_INTERNAL_H */
......
...@@ -46,6 +46,9 @@ static int c_show(struct seq_file *m, void *p) ...@@ -46,6 +46,9 @@ static int c_show(struct seq_file *m, void *p)
seq_printf(m, "module : %s\n", module_name(alg->cra_module)); seq_printf(m, "module : %s\n", module_name(alg->cra_module));
seq_printf(m, "priority : %d\n", alg->cra_priority); seq_printf(m, "priority : %d\n", alg->cra_priority);
seq_printf(m, "refcnt : %d\n", atomic_read(&alg->cra_refcnt)); seq_printf(m, "refcnt : %d\n", atomic_read(&alg->cra_refcnt));
seq_printf(m, "selftest : %s\n",
(alg->cra_flags & CRYPTO_ALG_TESTED) ?
"passed" : "unknown");
switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) {
case CRYPTO_ALG_TYPE_CIPHER: case CRYPTO_ALG_TYPE_CIPHER:
......
...@@ -60,6 +60,14 @@ ...@@ -60,6 +60,14 @@
*/ */
#define CRYPTO_ALG_GENIV 0x00000200 #define CRYPTO_ALG_GENIV 0x00000200
/*
* Set if the algorithm has passed automated run-time testing. Note that
* if there is no run-time testing for a given algorithm it is considered
* to have passed.
*/
#define CRYPTO_ALG_TESTED 0x00000400
/* /*
* Transform masks and values (for crt_flags). * Transform masks and values (for crt_flags).
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment