summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2018-01-03 14:16:30 -0500
committerHerbert Xu <herbert@gondor.apana.org.au>2018-01-12 07:03:39 -0500
commitdc26c17f743aa8e4720a5fda577dde855f2e36f8 (patch)
treefcd23cb048b79d5d3a83a0901aae8289da8e46cc
parentf8d33fac84806eebd2ba31a3136066eeca19255f (diff)
crypto: aead - prevent using AEADs without setting key
Similar to what was done for the hash API, update the AEAD API to track whether each transform has been keyed, and reject encryption/decryption if a key is needed but one hasn't been set. This isn't quite as important as the equivalent fix for the hash API because AEADs always require a key, so are unlikely to be used without one. Still, tracking the key will prevent accidental unkeyed use. algif_aead also had to track the key anyway, so the new flag replaces that and slightly simplifies the algif_aead implementation. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat
-rw-r--r--crypto/aead.c13
-rw-r--r--crypto/algif_aead.c11
-rw-r--r--include/crypto/aead.h10
3 files changed, 23 insertions, 11 deletions
diff --git a/crypto/aead.c b/crypto/aead.c
index fe00cbd7243d..60b3bbe973e7 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -54,11 +54,18 @@ int crypto_aead_setkey(struct crypto_aead *tfm,
54 const u8 *key, unsigned int keylen) 54 const u8 *key, unsigned int keylen)
55{ 55{
56 unsigned long alignmask = crypto_aead_alignmask(tfm); 56 unsigned long alignmask = crypto_aead_alignmask(tfm);
57 int err;
57 58
58 if ((unsigned long)key & alignmask) 59 if ((unsigned long)key & alignmask)
59 return setkey_unaligned(tfm, key, keylen); 60 err = setkey_unaligned(tfm, key, keylen);
61 else
62 err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen);
63
64 if (err)
65 return err;
60 66
61 return crypto_aead_alg(tfm)->setkey(tfm, key, keylen); 67 crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
68 return 0;
62} 69}
63EXPORT_SYMBOL_GPL(crypto_aead_setkey); 70EXPORT_SYMBOL_GPL(crypto_aead_setkey);
64 71
@@ -93,6 +100,8 @@ static int crypto_aead_init_tfm(struct crypto_tfm *tfm)
93 struct crypto_aead *aead = __crypto_aead_cast(tfm); 100 struct crypto_aead *aead = __crypto_aead_cast(tfm);
94 struct aead_alg *alg = crypto_aead_alg(aead); 101 struct aead_alg *alg = crypto_aead_alg(aead);
95 102
103 crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY);
104
96 aead->authsize = alg->maxauthsize; 105 aead->authsize = alg->maxauthsize;
97 106
98 if (alg->exit) 107 if (alg->exit)
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index d963c8cf8a55..4b07edd5a9ff 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -42,7 +42,6 @@
42 42
43struct aead_tfm { 43struct aead_tfm {
44 struct crypto_aead *aead; 44 struct crypto_aead *aead;
45 bool has_key;
46 struct crypto_skcipher *null_tfm; 45 struct crypto_skcipher *null_tfm;
47}; 46};
48 47
@@ -398,7 +397,7 @@ static int aead_check_key(struct socket *sock)
398 397
399 err = -ENOKEY; 398 err = -ENOKEY;
400 lock_sock_nested(psk, SINGLE_DEPTH_NESTING); 399 lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
401 if (!tfm->has_key) 400 if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY)
402 goto unlock; 401 goto unlock;
403 402
404 if (!pask->refcnt++) 403 if (!pask->refcnt++)
@@ -523,12 +522,8 @@ static int aead_setauthsize(void *private, unsigned int authsize)
523static int aead_setkey(void *private, const u8 *key, unsigned int keylen) 522static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
524{ 523{
525 struct aead_tfm *tfm = private; 524 struct aead_tfm *tfm = private;
526 int err;
527
528 err = crypto_aead_setkey(tfm->aead, key, keylen);
529 tfm->has_key = !err;
530 525
531 return err; 526 return crypto_aead_setkey(tfm->aead, key, keylen);
532} 527}
533 528
534static void aead_sock_destruct(struct sock *sk) 529static void aead_sock_destruct(struct sock *sk)
@@ -589,7 +584,7 @@ static int aead_accept_parent(void *private, struct sock *sk)
589{ 584{
590 struct aead_tfm *tfm = private; 585 struct aead_tfm *tfm = private;
591 586
592 if (!tfm->has_key) 587 if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY)
593 return -ENOKEY; 588 return -ENOKEY;
594 589
595 return aead_accept_parent_nokey(private, sk); 590 return aead_accept_parent_nokey(private, sk);
diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index 03b97629442c..1e26f790b03f 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -327,7 +327,12 @@ static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
327 */ 327 */
328static inline int crypto_aead_encrypt(struct aead_request *req) 328static inline int crypto_aead_encrypt(struct aead_request *req)
329{ 329{
330 return crypto_aead_alg(crypto_aead_reqtfm(req))->encrypt(req); 330 struct crypto_aead *aead = crypto_aead_reqtfm(req);
331
332 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
333 return -ENOKEY;
334
335 return crypto_aead_alg(aead)->encrypt(req);
331} 336}
332 337
333/** 338/**
@@ -356,6 +361,9 @@ static inline int crypto_aead_decrypt(struct aead_request *req)
356{ 361{
357 struct crypto_aead *aead = crypto_aead_reqtfm(req); 362 struct crypto_aead *aead = crypto_aead_reqtfm(req);
358 363
364 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
365 return -ENOKEY;
366
359 if (req->cryptlen < crypto_aead_authsize(aead)) 367 if (req->cryptlen < crypto_aead_authsize(aead))
360 return -EINVAL; 368 return -EINVAL;
361 369
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-24 19:13:10 -0400