2 * Copyright (c) 2015 Samsung Electronics Co., Ltd.
4 * Sensitive Data Protection
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 #include <crypto/internal/hash.h>
21 #include <crypto/scatterwalk.h>
22 #include <linux/init.h>
23 #include <linux/kernel.h>
24 #include <linux/module.h>
25 #include <linux/string.h>
26 #include <linux/interrupt.h>
27 #include <linux/wakelock.h>
28 #include <linux/sched.h>
29 #include <linux/netlink.h>
30 #include <linux/net.h>
31 #include <net/netlink.h>
33 #include <net/net_namespace.h>
34 #include <linux/types.h>
35 #include <linux/wait.h>
36 #include <linux/slab.h>
37 #include <linux/spinlock.h>
38 #include <linux/audit.h>
39 #include <linux/jiffies.h>
41 #include <linux/version.h>
42 #include <sdp/pub_crypto_emul.h>
44 #define NETLINK_FIPS_CRYPTO 29
45 #define PUB_CRYPTO_PID_SET 3001
46 #define PUB_CRYPTO_RESULT 3002
48 #define RESULT_ARRAY_MAX_LEN 100
50 #define CRYPTO_MAX_TIMEOUT HZ/5
52 #define PUB_CRYPTO_REQ_TIMEOUT 3000
54 pub_crypto_control_t g_pub_crypto_control
;
56 DEFINE_MUTEX(crypto_send_mutex
);
57 static int user_fipscryptod_pid
= 0;
58 static struct sock
* crypto_sock
= NULL
;
60 static int pub_crypto_request_get_msg(pub_crypto_request_t
*req
, char **msg
);
61 static void request_send(pub_crypto_control_t
*con
,
62 pub_crypto_request_t
*req
);
63 static void request_wait_answer(pub_crypto_control_t
*con
,
64 pub_crypto_request_t
*req
);
65 static pub_crypto_request_t
*request_find(pub_crypto_control_t
*con
,
67 static pub_crypto_request_t
*request_alloc(u32 opcode
);
68 static void request_free(pub_crypto_control_t
*con
, pub_crypto_request_t
*req
);
69 static void req_dump(pub_crypto_request_t
*req
, const char *msg
);
70 static void dump(unsigned char *buf
, int len
, const char *msg
);
73 #define PUB_CRYPTO_DEBUG 0
76 #define PUB_CRYPTO_LOGD(FMT, ...) printk("SDP_PUB_CRYPTO[%d] : %s " FMT , current->pid, __func__, ##__VA_ARGS__)
78 #define PUB_CRYPTO_LOGD(FMT, ...)
79 #endif /* PUB_CRYPTO_DEBUG */
80 #define PUB_CRYPTO_LOGE(FMT, ...) printk("SDP_PUB_CRYPTO[%d] : %s " FMT , current->pid, __func__, ##__VA_ARGS__)
81 #define PUB_CRYPTO_LOGI(FMT, ...) printk("SDP_PUB_CRYPTO[%d] : %s " FMT , current->pid, __func__, ##__VA_ARGS__)
83 //static char* process_crypto_request(u8 opcode, char* send_msg,
84 // int send_msg_size, int* result_len, int* ret) {
85 static int __do_dek_crypt(pub_crypto_request_t
*req
, char *ret
) {
88 struct sk_buff
*skb_in
= NULL
;
89 struct sk_buff
*skb_out
= NULL
;
90 struct nlmsghdr
*nlh
= NULL
;
95 PUB_CRYPTO_LOGD("====================== \t entred\n");
98 PUB_CRYPTO_LOGE("invalid request\n");
102 request_send(&g_pub_crypto_control
, req
);
104 nl_msg_size
= pub_crypto_request_get_msg(req
, &nl_msg
);
105 if(nl_msg_size
<= 0) {
106 PUB_CRYPTO_LOGE("invalid opcode %d\n", req
->opcode
);
110 // sending netlink message
111 skb_in
= nlmsg_new(nl_msg_size
, 0);
113 PUB_CRYPTO_LOGE("Failed to allocate new skb: \n");
117 nlh
= nlmsg_put(skb_in
, 0, 0, NLMSG_DONE
, nl_msg_size
, 0);
118 NETLINK_CB(skb_in
).dst_group
= 0;
119 memcpy(nlmsg_data(nlh
), nl_msg
, nl_msg_size
);
121 mutex_lock(&crypto_send_mutex
);
122 rc
= nlmsg_unicast(crypto_sock
, skb_in
, user_fipscryptod_pid
);
123 mutex_unlock(&crypto_send_mutex
);
126 PUB_CRYPTO_LOGE("Error while sending bak to user, err id: %d\n", rc
);
131 * In a very rare case, response comes before request gets into pending list.
133 if(req
->state
!= PUB_CRYPTO_REQ_FINISHED
)
134 request_wait_answer(&g_pub_crypto_control
, req
);
136 PUB_CRYPTO_LOGE("request already finished, skip waiting\n");
138 skb_out
= skb_dequeue(&crypto_sock
->sk_receive_queue
);
140 if(req
->state
!= PUB_CRYPTO_REQ_FINISHED
) {
141 PUB_CRYPTO_LOGE("FIPS_CRYPTO_ERROR!!!\n");
144 * Request not finished by an interrupt or abort.
151 PUB_CRYPTO_LOGE("Request aborted!!!\n");
156 if(req
->result
.ret
< 0) {
157 PUB_CRYPTO_LOGE("failed to opcode(%d)!!!\n", req
->opcode
);
158 rc
= req
->result
.ret
;
162 switch(req
->opcode
) {
167 dump(req
->result
.dek
.buf
, req
->result
.dek
.len
, "req->result.dek");
168 memcpy(ret
, &(req
->result
.dek
), sizeof(dek_t
));
169 //dump(req->result.dek.buf, req->result.dek.len, "req->result.dek");
174 memcpy(ret
, &(req
->result
.dek
), sizeof(dek_t
));
178 PUB_CRYPTO_LOGE("Not supported opcode(%d)!!!\n", req
->opcode
);
188 req_dump(req
, "failed");
194 static int pub_crypto_recv_msg(struct sk_buff
*skb
, struct nlmsghdr
*nlh
)
197 u16 msg_type
= nlh
->nlmsg_type
;
199 struct audit_status
*status_get
= NULL
;
202 data
= NLMSG_DATA(nlh
);
203 len
= ntohs(*(uint16_t*) (data
+1));
205 case PUB_CRYPTO_PID_SET
:
206 status_get
= (struct audit_status
*)data
;
207 user_fipscryptod_pid
= status_get
->pid
;
208 PUB_CRYPTO_LOGE("crypto_receive_msg: pid = %d\n", user_fipscryptod_pid
);
210 case PUB_CRYPTO_RESULT
:
212 result_t
*result
= (result_t
*)data
;
213 pub_crypto_request_t
*req
= NULL
;
215 req
= request_find(&g_pub_crypto_control
, result
->request_id
);
218 memcpy(&req
->result
, result
, sizeof(result_t
));
219 req
->state
= PUB_CRYPTO_REQ_FINISHED
;
220 wake_up(&req
->waitq
);
222 memset(result
, 0, sizeof(result_t
));
227 PUB_CRYPTO_LOGE("unknown message type : %d\n", msg_type
);
234 /* Receive messages from netlink socket. */
235 static void crypto_recver(struct sk_buff
*skb
)
237 struct nlmsghdr
*nlh
;
241 nlh
= nlmsg_hdr(skb
);
244 err
= pub_crypto_recv_msg(skb
, nlh
);
247 static void dump(unsigned char *buf
, int len
, const char *msg
) {
251 printk("%s len=%d: ", msg
, len
);
253 printk("%02x ", (unsigned char)buf
[i
]);
257 printk("%s len=%d: ", msg
, len
);
262 int do_dek_crypt(int opcode
, dek_t
*in
, dek_t
*out
, kek_t
*key
){
263 pub_crypto_request_t
*req
= request_alloc(opcode
);
267 switch(req
->opcode
) {
274 req
->cipher_param
.request_id
= req
->id
;
275 req
->cipher_param
.opcode
= req
->opcode
;
276 memcpy(&req
->cipher_param
.in
, (void *) in
, sizeof(dek_t
));
277 memcpy(&req
->cipher_param
.key
, (void *) key
, sizeof(kek_t
));
280 PUB_CRYPTO_LOGE("opcode[%d] failed, not supported\n", opcode
);
285 ret
= __do_dek_crypt(req
, (char *)out
);
288 PUB_CRYPTO_LOGE("opcode[%d] failed\n", opcode
);
292 PUB_CRYPTO_LOGE("request allocation failed\n");
296 request_free(&g_pub_crypto_control
, req
);
299 request_free(&g_pub_crypto_control
, req
);
303 int rsa_encryptByPub(dek_t
*dek
, dek_t
*edek
, kek_t
*key
){
304 return do_dek_crypt(OP_RSA_ENC
, dek
, edek
, key
);
307 int rsa_decryptByPair(dek_t
*edek
, dek_t
*dek
, kek_t
*key
){
308 return do_dek_crypt(OP_RSA_DEC
, edek
, dek
, key
);
311 int dh_encryptDEK(dek_t
*dek
, dek_t
*edek
, kek_t
*key
){
312 return do_dek_crypt(OP_DH_ENC
, dek
, edek
, key
);
315 int dh_decryptEDEK(dek_t
*edek
, dek_t
*dek
, kek_t
*key
){
316 return do_dek_crypt(OP_DH_DEC
, edek
, dek
, key
);
319 int ecdh_encryptDEK(dek_t
*dek
, dek_t
*edek
, kek_t
*key
){
320 return do_dek_crypt(OP_ECDH_ENC
, dek
, edek
, key
);
323 int ecdh_decryptEDEK(dek_t
*edek
, dek_t
*dek
, kek_t
*key
){
324 return do_dek_crypt(OP_ECDH_DEC
, edek
, dek
, key
);
327 static int pub_crypto_request_get_msg(pub_crypto_request_t
*req
, char **msg
)
331 switch(req
->opcode
) {
338 *msg
= (char *)&req
->cipher_param
;
339 msg_len
= sizeof(cipher_param_t
);
349 static u32
pub_crypto_get_unique_id(pub_crypto_control_t
*control
)
351 spin_lock(&control
->lock
);
354 /* zero is special */
355 if (control
->reqctr
== 0)
358 spin_unlock(&control
->lock
);
360 return control
->reqctr
;
362 static void req_dump(pub_crypto_request_t
*req
, const char *msg
) {
363 PUB_CRYPTO_LOGI("req %s {id:%d op:%d state:%d}\n", msg
, req
->id
, req
->opcode
, req
->state
);
366 static void request_send(pub_crypto_control_t
*con
,
367 pub_crypto_request_t
*req
) {
368 spin_lock(&con
->lock
);
370 list_add_tail(&req
->list
, &con
->pending_list
);
371 req
->state
= PUB_CRYPTO_REQ_PENDING
;
372 req_dump(req
, "added");
374 spin_unlock(&con
->lock
);
377 static void request_wait_answer(pub_crypto_control_t
*con
,
378 pub_crypto_request_t
*req
) {
381 while (req
->state
!= PUB_CRYPTO_REQ_FINISHED
) {
383 * TODO : can anyone answer what happens when current process gets killed here?
385 intr
= wait_event_interruptible_timeout(req
->waitq
,
386 req
->state
== PUB_CRYPTO_REQ_FINISHED
,
387 msecs_to_jiffies(PUB_CRYPTO_REQ_TIMEOUT
));
388 if(req
->state
== PUB_CRYPTO_REQ_FINISHED
)
392 PUB_CRYPTO_LOGE("timeout! %d [ID:%d] \n", intr
, req
->id
);
393 req
->state
= PUB_CRYPTO_REQ_FINISHED
;
398 if(intr
== -ERESTARTSYS
) {
399 PUB_CRYPTO_LOGE("wait interrupted : intr %d(-ERESTARTSYS) \n", intr
);
405 static pub_crypto_request_t
*request_find(pub_crypto_control_t
*con
,
407 struct list_head
*entry
;
409 spin_lock(&con
->lock
);
411 list_for_each(entry
, &con
->pending_list
) {
412 pub_crypto_request_t
*req
;
413 req
= list_entry(entry
, pub_crypto_request_t
, list
);
414 if (req
->id
== request_id
) {
415 req_dump(req
, "found");
417 spin_unlock(&con
->lock
);
422 spin_unlock(&con
->lock
);
424 PUB_CRYPTO_LOGE("Can't find request %d\n", request_id
);
428 static struct kmem_cache
*pub_crypto_req_cachep
;
430 static void pub_crypto_request_init(pub_crypto_request_t
*req
, u32 opcode
) {
431 memset(req
, 0, sizeof(pub_crypto_request_t
));
433 req
->state
= PUB_CRYPTO_REQ_INIT
;
434 req
->id
= pub_crypto_get_unique_id(&g_pub_crypto_control
);
436 INIT_LIST_HEAD(&req
->list
);
437 init_waitqueue_head(&req
->waitq
);
438 atomic_set(&req
->count
, 1);
440 req
->opcode
= opcode
;
443 static pub_crypto_request_t
*request_alloc(u32 opcode
) {
444 pub_crypto_request_t
*req
= kmem_cache_alloc(pub_crypto_req_cachep
, GFP_KERNEL
);
447 pub_crypto_request_init(req
, opcode
);
451 static void request_free(pub_crypto_control_t
*con
, pub_crypto_request_t
*req
) {
453 req_dump(req
, "freed");
454 spin_lock(&con
->lock
);
456 list_del(&req
->list
);
457 memset(req
, 0, sizeof(pub_crypto_request_t
));
458 kmem_cache_free(pub_crypto_req_cachep
, req
);
460 spin_unlock(&con
->lock
);
462 PUB_CRYPTO_LOGE("req is NULL, skip free\n");
466 void pub_crypto_control_init(pub_crypto_control_t
*con
) {
467 PUB_CRYPTO_LOGD("pub_crypto_control_init");
468 spin_lock_init(&con
->lock
);
469 INIT_LIST_HEAD(&con
->pending_list
);
471 spin_lock(&con
->lock
);
473 spin_unlock(&con
->lock
);
476 static int __init
pub_crypto_mod_init(void) {
477 #if (LINUX_VERSION_CODE > KERNEL_VERSION(3,4,0))
478 struct netlink_kernel_cfg cfg
= {
479 .input
= crypto_recver
,
482 crypto_sock
= netlink_kernel_create(&init_net
, NETLINK_FIPS_CRYPTO
, &cfg
);
484 crypto_sock
= netlink_kernel_create(&init_net
, NETLINK_FIPS_CRYPTO
, 0, crypto_recver
, NULL
, THIS_MODULE
);
488 PUB_CRYPTO_LOGE("Failed to create Crypto Netlink Socket .. Exiting \n");
491 PUB_CRYPTO_LOGE("netlink socket is created successfully! \n");
493 pub_crypto_control_init(&g_pub_crypto_control
);
494 pub_crypto_req_cachep
= kmem_cache_create("pub_crypto_requst",
495 sizeof(pub_crypto_request_t
),
497 if (!pub_crypto_req_cachep
) {
498 netlink_kernel_release(crypto_sock
);
499 PUB_CRYPTO_LOGE("Failed to create pub_crypto_requst cache mem.. Exiting \n");
506 static void __exit
pub_crypto_mod_exit(void) {
509 if (crypto_sock && crypto_sock->sk_socket) {
510 sock_release(crypto_sock->sk_socket);
513 netlink_kernel_release(crypto_sock
);
514 kmem_cache_destroy(pub_crypto_req_cachep
);
517 module_init(pub_crypto_mod_init
);
518 module_exit(pub_crypto_mod_exit
);
520 MODULE_LICENSE("GPL");
521 MODULE_DESCRIPTION("SDP pub crypto");