From: Mat Martineau <mathew.j.martineau@linux.intel.com>
To: smueller@chronox.de
Cc: Tadeusz Struk <tadeusz.struk@intel.com>,
dhowells@redhat.com, herbert@gondor.apana.org.au,
linux-api@vger.kernel.org, marcel@holtmann.org,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, dwmw2@infradead.org,
davem@davemloft.net
Subject: Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface
Date: Tue, 7 Jun 2016 17:28:07 -0700 (PDT) [thread overview]
Message-ID: <alpine.OSX.2.20.1606071719170.9891@mjmartin-mac01.local> (raw)
In-Reply-To: <20160515041701.15888.53830.stgit@tstruk-mobl1>
Stephan,
On Sat, 14 May 2016, Tadeusz Struk wrote:
> From: Stephan Mueller <smueller@chronox.de>
>
> This patch adds the user space interface for asymmetric ciphers. The
> interface allows the use of sendmsg as well as vmsplice to provide data.
>
> This version has been rebased on top of 4.6 and a few chackpatch issues
> have been fixed.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
> ---
> diff --git a/crypto/algif_akcipher.c b/crypto/algif_akcipher.c
> new file mode 100644
> index 0000000..6342b6e
> --- /dev/null
> +++ b/crypto/algif_akcipher.c
> +
> +static int akcipher_recvmsg(struct socket *sock, struct msghdr *msg,
> + size_t ignored, int flags)
> +{
> + struct sock *sk = sock->sk;
> + struct alg_sock *ask = alg_sk(sk);
> + struct akcipher_ctx *ctx = ask->private;
> + struct akcipher_sg_list *sgl = &ctx->tsgl;
> + unsigned int i = 0;
> + int err;
> + unsigned long used = 0;
> + size_t usedpages = 0;
> + unsigned int cnt = 0;
> +
> + /* Limit number of IOV blocks to be accessed below */
> + if (msg->msg_iter.nr_segs > ALG_MAX_PAGES)
> + return -ENOMSG;
> +
> + lock_sock(sk);
> +
> + if (ctx->more) {
> + err = akcipher_wait_for_data(sk, flags);
> + if (err)
> + goto unlock;
> + }
> +
> + used = ctx->used;
> +
> + /* convert iovecs of output buffers into scatterlists */
> + while (iov_iter_count(&msg->msg_iter)) {
> + /* make one iovec available as scatterlist */
> + err = af_alg_make_sg(&ctx->rsgl[cnt], &msg->msg_iter,
> + iov_iter_count(&msg->msg_iter));
> + if (err < 0)
> + goto unlock;
> + usedpages += err;
> + /* chain the new scatterlist with previous one */
> + if (cnt)
> + af_alg_link_sg(&ctx->rsgl[cnt - 1], &ctx->rsgl[cnt]);
> +
> + iov_iter_advance(&msg->msg_iter, err);
> + cnt++;
> + }
> +
> + /* ensure output buffer is sufficiently large */
> + if (usedpages < akcipher_calcsize(ctx)) {
> + err = -EMSGSIZE;
> + goto unlock;
> + }
Why is the size of the output buffer enforced here instead of depending on
the algorithm implementation?
Thanks,
Mat
> + sg_mark_end(sgl->sg + sgl->cur - 1);
> +
> + akcipher_request_set_crypt(&ctx->req, sgl->sg, ctx->rsgl[0].sg, used,
> + usedpages);
> + switch (ctx->op) {
> + case ALG_OP_VERIFY:
> + err = crypto_akcipher_verify(&ctx->req);
> + break;
> + case ALG_OP_SIGN:
> + err = crypto_akcipher_sign(&ctx->req);
> + break;
> + case ALG_OP_ENCRYPT:
> + err = crypto_akcipher_encrypt(&ctx->req);
> + break;
> + case ALG_OP_DECRYPT:
> + err = crypto_akcipher_decrypt(&ctx->req);
> + break;
> + default:
> + err = -EFAULT;
> + goto unlock;
> + }
> +
> + err = af_alg_wait_for_completion(err, &ctx->completion);
> +
> + if (err) {
> + /* EBADMSG implies a valid cipher operation took place */
> + if (err == -EBADMSG)
> + akcipher_put_sgl(sk);
> + goto unlock;
> + }
> +
> + akcipher_put_sgl(sk);
> +
> +unlock:
> + for (i = 0; i < cnt; i++)
> + af_alg_free_sg(&ctx->rsgl[i]);
> +
> + akcipher_wmem_wakeup(sk);
> + release_sock(sk);
> +
> + return err ? err : ctx->req.dst_len;
> +}
--
Mat Martineau
Intel OTC
next prev parent reply other threads:[~2016-06-08 0:28 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-05 19:50 [PATCH RESEND v5 0/6] crypto: algif - add akcipher Tadeusz Struk
2016-05-05 19:50 ` [PATCH RESEND v5 1/6] crypto: AF_ALG -- add sign/verify API Tadeusz Struk
2016-05-06 10:36 ` Stephan Mueller
2016-05-05 19:50 ` [PATCH RESEND v5 2/6] crypto: AF_ALG -- add setpubkey setsockopt call Tadeusz Struk
2016-05-05 19:51 ` [PATCH RESEND v5 3/6] crypto: AF_ALG -- add asymmetric cipher interface Tadeusz Struk
2016-05-05 19:51 ` [PATCH RESEND v5 4/6] crypto: algif_akcipher - enable compilation Tadeusz Struk
2016-05-05 19:51 ` [PATCH RESEND v5 5/6] crypto: algif_akcipher - add ops_nokey Tadeusz Struk
2016-05-05 19:51 ` [PATCH RESEND v5 6/6] crypto: AF_ALG - add support for key_id Tadeusz Struk
2016-05-06 11:46 ` Stephan Mueller
2016-05-13 23:32 ` Mat Martineau
2016-05-16 14:23 ` Tadeusz Struk
2016-05-11 14:25 ` [PATCH RESEND v5 0/6] crypto: algif - add akcipher David Howells
2016-05-15 4:16 ` [PATCH v6 " Tadeusz Struk
2016-05-15 4:16 ` [PATCH v6 1/6] crypto: AF_ALG -- add sign/verify API Tadeusz Struk
2016-05-15 4:16 ` [PATCH v6 2/6] crypto: AF_ALG -- add setpubkey setsockopt call Tadeusz Struk
2016-05-15 4:17 ` [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface Tadeusz Struk
2016-06-08 0:28 ` Mat Martineau [this message]
2016-06-08 5:31 ` Stephan Mueller
2016-06-08 19:14 ` Mat Martineau
2016-06-09 9:28 ` Stephan Mueller
2016-06-09 18:18 ` Mat Martineau
2016-06-09 18:24 ` Stephan Mueller
2016-06-09 18:27 ` Mat Martineau
2016-06-09 18:36 ` Stephan Mueller
2016-06-10 14:42 ` Tadeusz Struk
2016-06-22 22:45 ` Mat Martineau
2016-06-23 5:07 ` Stephan Mueller
2016-06-23 15:22 ` Denis Kenzior
2016-06-13 22:16 ` Andrew Zaborowski
2016-06-14 5:12 ` Stephan Mueller
2016-06-14 7:42 ` Andrew Zaborowski
2016-06-16 8:05 ` Stephan Mueller
2016-06-16 14:59 ` Andrew Zaborowski
2016-06-16 15:38 ` Stephan Mueller
2016-06-17 0:39 ` Andrew Zaborowski
2016-06-14 17:22 ` Mat Martineau
2016-06-15 7:04 ` Stephan Mueller
2016-05-15 4:17 ` [PATCH v6 4/6] crypto: algif_akcipher - enable compilation Tadeusz Struk
2016-05-15 4:17 ` [PATCH v6 5/6] crypto: algif_akcipher - add ops_nokey Tadeusz Struk
2016-05-15 4:17 ` [PATCH v6 6/6] crypto: AF_ALG - add support for key_id Tadeusz Struk
2016-05-26 0:45 ` Mat Martineau
2016-05-31 17:44 ` Tadeusz Struk
2016-05-15 11:59 ` [PATCH v6 0/6] crypto: algif - add akcipher Stephan Mueller
2016-05-16 20:46 ` Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.OSX.2.20.1606071719170.9891@mjmartin-mac01.local \
--to=mathew.j.martineau@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=smueller@chronox.de \
--cc=tadeusz.struk@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).