projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
merge G903WVLU1CQI1 changes
[GitHub/LineageOS/android_kernel_samsung_universal7580.git] / security / sdp / pub_crypto_emul.c
1 /*
2 * Copyright (c) 2015 Samsung Electronics Co., Ltd.
3 *
4 * Sensitive Data Protection
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 #include <crypto/internal/hash.h>
21 #include <crypto/scatterwalk.h>
22 #include <linux/init.h>
23 #include <linux/kernel.h>
24 #include <linux/module.h>
25 #include <linux/string.h>
26 #include <linux/interrupt.h>
27 #include <linux/wakelock.h>
28 #include <linux/sched.h>
29 #include <linux/netlink.h>
30 #include <linux/net.h>
31 #include <net/netlink.h>
32 #include <net/sock.h>
33 #include <net/net_namespace.h>
34 #include <linux/types.h>
35 #include <linux/wait.h>
36 #include <linux/slab.h>
37 #include <linux/spinlock.h>
38 #include <linux/audit.h>
39 #include <linux/jiffies.h>
40
41 #include <linux/version.h>
42 #include <sdp/pub_crypto_emul.h>
43
44 #define NETLINK_FIPS_CRYPTO 29
45 #define PUB_CRYPTO_PID_SET 3001
46 #define PUB_CRYPTO_RESULT 3002
47
48 #define RESULT_ARRAY_MAX_LEN 100
49
50 #define CRYPTO_MAX_TIMEOUT HZ/5
51
52 #define PUB_CRYPTO_REQ_TIMEOUT 3000
53
54 pub_crypto_control_t g_pub_crypto_control;
55
56 DEFINE_MUTEX(crypto_send_mutex);
57 static int user_fipscryptod_pid = 0;
58 static struct sock* crypto_sock = NULL;
59
60 static int pub_crypto_request_get_msg(pub_crypto_request_t *req, char **msg);
61 static void request_send(pub_crypto_control_t *con,
62 pub_crypto_request_t *req);
63 static void request_wait_answer(pub_crypto_control_t *con,
64 pub_crypto_request_t *req);
65 static pub_crypto_request_t *request_find(pub_crypto_control_t *con,
66 u32 request_id);
67 static pub_crypto_request_t *request_alloc(u32 opcode);
68 static void request_free(pub_crypto_control_t *con, pub_crypto_request_t *req);
69 static void req_dump(pub_crypto_request_t *req, const char *msg);
70 static void dump(unsigned char *buf, int len, const char *msg);
71
72 /* Debug */
73 #define PUB_CRYPTO_DEBUG 0
74
75 #if PUB_CRYPTO_DEBUG
76 #define PUB_CRYPTO_LOGD(FMT, ...) printk("SDP_PUB_CRYPTO[%d] : %s " FMT , current->pid, __func__, ##__VA_ARGS__)
77 #else
78 #define PUB_CRYPTO_LOGD(FMT, ...)
79 #endif /* PUB_CRYPTO_DEBUG */
80 #define PUB_CRYPTO_LOGE(FMT, ...) printk("SDP_PUB_CRYPTO[%d] : %s " FMT , current->pid, __func__, ##__VA_ARGS__)
81 #define PUB_CRYPTO_LOGI(FMT, ...) printk("SDP_PUB_CRYPTO[%d] : %s " FMT , current->pid, __func__, ##__VA_ARGS__)
82
83 //static char* process_crypto_request(u8 opcode, char* send_msg,
84 // int send_msg_size, int* result_len, int* ret) {
85 static int __do_dek_crypt(pub_crypto_request_t *req, char *ret) {
86 int rc = 0;
87
88 struct sk_buff *skb_in = NULL;
89 struct sk_buff *skb_out = NULL;
90 struct nlmsghdr *nlh = NULL;
91
92 char *nl_msg = NULL;
93 int nl_msg_size = 0;
94
95 PUB_CRYPTO_LOGD("====================== \t entred\n");
96
97 if(req == NULL) {
98 PUB_CRYPTO_LOGE("invalid request\n");
99 return -1;
100 }
101
102 request_send(&g_pub_crypto_control, req);
103
104 nl_msg_size = pub_crypto_request_get_msg(req, &nl_msg);
105 if(nl_msg_size <= 0) {
106 PUB_CRYPTO_LOGE("invalid opcode %d\n", req->opcode);
107 return -1;
108 }
109
110 // sending netlink message
111 skb_in = nlmsg_new(nl_msg_size, 0);
112 if (!skb_in) {
113 PUB_CRYPTO_LOGE("Failed to allocate new skb: \n");
114 return -1;
115 }
116
117 nlh = nlmsg_put(skb_in, 0, 0, NLMSG_DONE, nl_msg_size, 0);
118 NETLINK_CB(skb_in).dst_group = 0;
119 memcpy(nlmsg_data(nlh), nl_msg, nl_msg_size);
120
121 mutex_lock(&crypto_send_mutex);
122 rc = nlmsg_unicast(crypto_sock, skb_in, user_fipscryptod_pid);
123 mutex_unlock(&crypto_send_mutex);
124
125 if (rc < 0) {
126 PUB_CRYPTO_LOGE("Error while sending bak to user, err id: %d\n", rc);
127 return -1;
128 }
129
130 /*
131 * In a very rare case, response comes before request gets into pending list.
132 */
133 if(req->state != PUB_CRYPTO_REQ_FINISHED)
134 request_wait_answer(&g_pub_crypto_control, req);
135 else
136 PUB_CRYPTO_LOGE("request already finished, skip waiting\n");
137
138 skb_out = skb_dequeue(&crypto_sock->sk_receive_queue);
139
140 if(req->state != PUB_CRYPTO_REQ_FINISHED) {
141 PUB_CRYPTO_LOGE("FIPS_CRYPTO_ERROR!!!\n");
142 /*
143 * TODO :
144 * Request not finished by an interrupt or abort.
145 */
146 rc = -EINTR;
147 goto out;
148 }
149
150 if(req->aborted) {
151 PUB_CRYPTO_LOGE("Request aborted!!!\n");
152 rc = -ETIMEDOUT;
153 goto out;
154 }
155
156 if(req->result.ret < 0) {
157 PUB_CRYPTO_LOGE("failed to opcode(%d)!!!\n", req->opcode);
158 rc = req->result.ret;
159 goto out;
160 }
161
162 switch(req->opcode) {
163 case OP_DH_ENC:
164 case OP_DH_DEC:
165 case OP_ECDH_ENC:
166 case OP_ECDH_DEC:
167 dump(req->result.dek.buf, req->result.dek.len, "req->result.dek");
168 memcpy(ret, &(req->result.dek), sizeof(dek_t));
169 //dump(req->result.dek.buf, req->result.dek.len, "req->result.dek");
170 rc = 0;
171 break;
172 case OP_RSA_ENC:
173 case OP_RSA_DEC:
174 memcpy(ret, &(req->result.dek), sizeof(dek_t));
175 rc = 0;
176 break;
177 default:
178 PUB_CRYPTO_LOGE("Not supported opcode(%d)!!!\n", req->opcode);
179 rc = -EOPNOTSUPP;
180 break;
181 }
182
183 out:
184 if(skb_out) {
185 kfree_skb(skb_out);
186 }
187 if(rc != 0)
188 req_dump(req, "failed");
189
190 return rc;
191 }
192
193
194 static int pub_crypto_recv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
195 {
196 void *data;
197 u16 msg_type = nlh->nlmsg_type;
198 u32 err = 0;
199 struct audit_status *status_get = NULL;
200 u16 len = 0;
201
202 data = NLMSG_DATA(nlh);
203 len = ntohs(*(uint16_t*) (data+1));
204 switch (msg_type) {
205 case PUB_CRYPTO_PID_SET:
206 status_get = (struct audit_status *)data;
207 user_fipscryptod_pid = status_get->pid;
208 PUB_CRYPTO_LOGE("crypto_receive_msg: pid = %d\n", user_fipscryptod_pid);
209 break;
210 case PUB_CRYPTO_RESULT:
211 {
212 result_t *result = (result_t *)data;
213 pub_crypto_request_t *req = NULL;
214
215 req = request_find(&g_pub_crypto_control, result->request_id);
216
217 if(req) {
218 memcpy(&req->result, result, sizeof(result_t));
219 req->state = PUB_CRYPTO_REQ_FINISHED;
220 wake_up(&req->waitq);
221
222 memset(result, 0, sizeof(result_t));
223 }
224 break;
225 }
226 default:
227 PUB_CRYPTO_LOGE("unknown message type : %d\n", msg_type);
228 break;
229 }
230
231 return err;
232 }
233
234 /* Receive messages from netlink socket. */
235 static void crypto_recver(struct sk_buff *skb)
236 {
237 struct nlmsghdr *nlh;
238 int len;
239 int err;
240
241 nlh = nlmsg_hdr(skb);
242 len = skb->len;
243
244 err = pub_crypto_recv_msg(skb, nlh);
245 }
246
247 static void dump(unsigned char *buf, int len, const char *msg) {
248 #if PUB_CRYPTO_DEBUG
249 int i;
250
251 printk("%s len=%d: ", msg, len);
252 for(i=0;i<len;++i) {
253 printk("%02x ", (unsigned char)buf[i]);
254 }
255 printk("\n");
256 #else
257 printk("%s len=%d: ", msg, len);
258 printk("\n");
259 #endif
260 }
261
262 int do_dek_crypt(int opcode, dek_t *in, dek_t *out, kek_t *key){
263 pub_crypto_request_t *req = request_alloc(opcode);
264 int ret = -1;
265
266 if(req) {
267 switch(req->opcode) {
268 case OP_RSA_ENC:
269 case OP_RSA_DEC:
270 case OP_DH_ENC:
271 case OP_DH_DEC:
272 case OP_ECDH_ENC:
273 case OP_ECDH_DEC:
274 req->cipher_param.request_id = req->id;
275 req->cipher_param.opcode = req->opcode;
276 memcpy(&req->cipher_param.in, (void *) in, sizeof(dek_t));
277 memcpy(&req->cipher_param.key, (void *) key, sizeof(kek_t));
278 break;
279 default:
280 PUB_CRYPTO_LOGE("opcode[%d] failed, not supported\n", opcode);
281 goto error;
282 break;
283 }
284
285 ret = __do_dek_crypt(req, (char *)out);
286
287 if(ret != 0) {
288 PUB_CRYPTO_LOGE("opcode[%d] failed\n", opcode);
289 goto error;
290 }
291 } else {
292 PUB_CRYPTO_LOGE("request allocation failed\n");
293 return -ENOMEM;
294 }
295
296 request_free(&g_pub_crypto_control, req);
297 return 0;
298 error:
299 request_free(&g_pub_crypto_control, req);
300 return -1;
301 }
302
303 int rsa_encryptByPub(dek_t *dek, dek_t *edek, kek_t *key){
304 return do_dek_crypt(OP_RSA_ENC, dek, edek, key);
305 }
306
307 int rsa_decryptByPair(dek_t *edek, dek_t *dek, kek_t *key){
308 return do_dek_crypt(OP_RSA_DEC, edek, dek, key);
309 }
310
311 int dh_encryptDEK(dek_t *dek, dek_t *edek, kek_t *key){
312 return do_dek_crypt(OP_DH_ENC, dek, edek, key);
313 }
314
315 int dh_decryptEDEK(dek_t *edek, dek_t *dek, kek_t *key){
316 return do_dek_crypt(OP_DH_DEC, edek, dek, key);
317 }
318
319 int ecdh_encryptDEK(dek_t *dek, dek_t *edek, kek_t *key){
320 return do_dek_crypt(OP_ECDH_ENC, dek, edek, key);
321 }
322
323 int ecdh_decryptEDEK(dek_t *edek, dek_t *dek, kek_t *key){
324 return do_dek_crypt(OP_ECDH_DEC, edek, dek, key);
325 }
326
327 static int pub_crypto_request_get_msg(pub_crypto_request_t *req, char **msg)
328 {
329 int msg_len = -1;
330
331 switch(req->opcode) {
332 case OP_RSA_ENC:
333 case OP_RSA_DEC:
334 case OP_DH_DEC:
335 case OP_DH_ENC:
336 case OP_ECDH_DEC:
337 case OP_ECDH_ENC:
338 *msg = (char *)&req->cipher_param;
339 msg_len = sizeof(cipher_param_t);
340 break;
341 default:
342 *msg = NULL;
343 msg_len = -1;
344 break;
345 }
346 return msg_len;
347 }
348
349 static u32 pub_crypto_get_unique_id(pub_crypto_control_t *control)
350 {
351 spin_lock(&control->lock);
352
353 control->reqctr++;
354 /* zero is special */
355 if (control->reqctr == 0)
356 control->reqctr = 1;
357
358 spin_unlock(&control->lock);
359
360 return control->reqctr;
361 }
362 static void req_dump(pub_crypto_request_t *req, const char *msg) {
363 PUB_CRYPTO_LOGI("req %s {id:%d op:%d state:%d}\n", msg, req->id, req->opcode, req->state);
364 }
365
366 static void request_send(pub_crypto_control_t *con,
367 pub_crypto_request_t *req) {
368 spin_lock(&con->lock);
369
370 list_add_tail(&req->list, &con->pending_list);
371 req->state = PUB_CRYPTO_REQ_PENDING;
372 req_dump(req, "added");
373
374 spin_unlock(&con->lock);
375 }
376
377 static void request_wait_answer(pub_crypto_control_t *con,
378 pub_crypto_request_t *req) {
379 int intr;
380
381 while (req->state != PUB_CRYPTO_REQ_FINISHED) {
382 /*
383 * TODO : can anyone answer what happens when current process gets killed here?
384 */
385 intr = wait_event_interruptible_timeout(req->waitq,
386 req->state == PUB_CRYPTO_REQ_FINISHED,
387 msecs_to_jiffies(PUB_CRYPTO_REQ_TIMEOUT));
388 if(req->state == PUB_CRYPTO_REQ_FINISHED)
389 break;
390
391 if(intr == 0) {
392 PUB_CRYPTO_LOGE("timeout! %d [ID:%d] \n", intr, req->id);
393 req->state = PUB_CRYPTO_REQ_FINISHED;
394 req->aborted = 1;
395 break;
396 }
397
398 if(intr == -ERESTARTSYS) {
399 PUB_CRYPTO_LOGE("wait interrupted : intr %d(-ERESTARTSYS) \n", intr);
400 break;
401 }
402 }
403 }
404
405 static pub_crypto_request_t *request_find(pub_crypto_control_t *con,
406 u32 request_id) {
407 struct list_head *entry;
408
409 spin_lock(&con->lock);
410
411 list_for_each(entry, &con->pending_list) {
412 pub_crypto_request_t *req;
413 req = list_entry(entry, pub_crypto_request_t, list);
414 if (req->id == request_id) {
415 req_dump(req, "found");
416
417 spin_unlock(&con->lock);
418 return req;
419 }
420 }
421
422 spin_unlock(&con->lock);
423
424 PUB_CRYPTO_LOGE("Can't find request %d\n", request_id);
425 return NULL;
426 }
427
428 static struct kmem_cache *pub_crypto_req_cachep;
429
430 static void pub_crypto_request_init(pub_crypto_request_t *req, u32 opcode) {
431 memset(req, 0, sizeof(pub_crypto_request_t));
432
433 req->state = PUB_CRYPTO_REQ_INIT;
434 req->id = pub_crypto_get_unique_id(&g_pub_crypto_control);
435
436 INIT_LIST_HEAD(&req->list);
437 init_waitqueue_head(&req->waitq);
438 atomic_set(&req->count, 1);
439 req->aborted = 0;
440 req->opcode = opcode;
441 }
442
443 static pub_crypto_request_t *request_alloc(u32 opcode) {
444 pub_crypto_request_t *req = kmem_cache_alloc(pub_crypto_req_cachep, GFP_KERNEL);
445
446 if(req)
447 pub_crypto_request_init(req, opcode);
448 return req;
449 }
450
451 static void request_free(pub_crypto_control_t *con, pub_crypto_request_t *req) {
452 if(req) {
453 req_dump(req, "freed");
454 spin_lock(&con->lock);
455
456 list_del(&req->list);
457 memset(req, 0, sizeof(pub_crypto_request_t));
458 kmem_cache_free(pub_crypto_req_cachep, req);
459
460 spin_unlock(&con->lock);
461 } else {
462 PUB_CRYPTO_LOGE("req is NULL, skip free\n");
463 }
464 }
465
466 void pub_crypto_control_init(pub_crypto_control_t *con) {
467 PUB_CRYPTO_LOGD("pub_crypto_control_init");
468 spin_lock_init(&con->lock);
469 INIT_LIST_HEAD(&con->pending_list);
470
471 spin_lock(&con->lock);
472 con->reqctr = 0;
473 spin_unlock(&con->lock);
474 }
475
476 static int __init pub_crypto_mod_init(void) {
477 #if (LINUX_VERSION_CODE > KERNEL_VERSION(3,4,0))
478 struct netlink_kernel_cfg cfg = {
479 .input = crypto_recver,
480 };
481
482 crypto_sock = netlink_kernel_create(&init_net, NETLINK_FIPS_CRYPTO, &cfg);
483 #else
484 crypto_sock = netlink_kernel_create(&init_net, NETLINK_FIPS_CRYPTO, 0, crypto_recver, NULL, THIS_MODULE);
485 #endif
486
487 if (!crypto_sock) {
488 PUB_CRYPTO_LOGE("Failed to create Crypto Netlink Socket .. Exiting \n");
489 return -ENOMEM;
490 }
491 PUB_CRYPTO_LOGE("netlink socket is created successfully! \n");
492
493 pub_crypto_control_init(&g_pub_crypto_control);
494 pub_crypto_req_cachep = kmem_cache_create("pub_crypto_requst",
495 sizeof(pub_crypto_request_t),
496 0, 0, NULL);
497 if (!pub_crypto_req_cachep) {
498 netlink_kernel_release(crypto_sock);
499 PUB_CRYPTO_LOGE("Failed to create pub_crypto_requst cache mem.. Exiting \n");
500 return -ENOMEM;
501 }
502
503 return 0;
504 }
505
506 static void __exit pub_crypto_mod_exit(void) {
507
508 /*
509 if (crypto_sock && crypto_sock->sk_socket) {
510 sock_release(crypto_sock->sk_socket);
511 }
512 */
513 netlink_kernel_release(crypto_sock);
514 kmem_cache_destroy(pub_crypto_req_cachep);
515 }
516
517 module_init(pub_crypto_mod_init);
518 module_exit(pub_crypto_mod_exit);
519
520 MODULE_LICENSE("GPL");
521 MODULE_DESCRIPTION("SDP pub crypto");
522