cryptodev.c revision 1.10.4.3
1 1.10.4.3 skrll /* $NetBSD: cryptodev.c,v 1.10.4.3 2004/09/18 14:56:20 skrll Exp $ */ 2 1.10.4.2 skrll /* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */ 3 1.10.4.2 skrll /* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */ 4 1.10.4.2 skrll 5 1.10.4.2 skrll /* 6 1.10.4.2 skrll * Copyright (c) 2001 Theo de Raadt 7 1.10.4.2 skrll * 8 1.10.4.2 skrll * Redistribution and use in source and binary forms, with or without 9 1.10.4.2 skrll * modification, are permitted provided that the following conditions 10 1.10.4.2 skrll * are met: 11 1.10.4.2 skrll * 12 1.10.4.2 skrll * 1. Redistributions of source code must retain the above copyright 13 1.10.4.2 skrll * notice, this list of conditions and the following disclaimer. 14 1.10.4.2 skrll * 2. Redistributions in binary form must reproduce the above copyright 15 1.10.4.2 skrll * notice, this list of conditions and the following disclaimer in the 16 1.10.4.2 skrll * documentation and/or other materials provided with the distribution. 17 1.10.4.2 skrll * 3. The name of the author may not be used to endorse or promote products 18 1.10.4.2 skrll * derived from this software without specific prior written permission. 19 1.10.4.2 skrll * 20 1.10.4.2 skrll * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 1.10.4.2 skrll * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 1.10.4.2 skrll * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 1.10.4.2 skrll * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 1.10.4.2 skrll * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 1.10.4.2 skrll * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 1.10.4.2 skrll * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 1.10.4.2 skrll * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 1.10.4.2 skrll * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 1.10.4.2 skrll * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 1.10.4.2 skrll * 31 1.10.4.2 skrll * Effort sponsored in part by the Defense Advanced Research Projects 32 1.10.4.2 skrll * Agency (DARPA) and Air Force Research Laboratory, Air Force 33 1.10.4.2 skrll * Materiel Command, USAF, under agreement number F30602-01-2-0537. 34 1.10.4.2 skrll * 35 1.10.4.2 skrll */ 36 1.10.4.2 skrll 37 1.10.4.2 skrll #include <sys/cdefs.h> 38 1.10.4.3 skrll __KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.10.4.3 2004/09/18 14:56:20 skrll Exp $"); 39 1.10.4.2 skrll 40 1.10.4.2 skrll #include <sys/param.h> 41 1.10.4.2 skrll #include <sys/systm.h> 42 1.10.4.2 skrll #include <sys/malloc.h> 43 1.10.4.2 skrll #include <sys/mbuf.h> 44 1.10.4.2 skrll #include <sys/sysctl.h> 45 1.10.4.2 skrll #include <sys/file.h> 46 1.10.4.2 skrll #include <sys/filedesc.h> 47 1.10.4.2 skrll #include <sys/errno.h> 48 1.10.4.2 skrll #include <sys/md5.h> 49 1.10.4.2 skrll #include <sys/sha1.h> 50 1.10.4.2 skrll #include <sys/conf.h> 51 1.10.4.2 skrll #include <sys/device.h> 52 1.10.4.2 skrll 53 1.10.4.2 skrll #include <opencrypto/cryptodev.h> 54 1.10.4.2 skrll #include <opencrypto/xform.h> 55 1.10.4.2 skrll 56 1.10.4.2 skrll #ifdef __NetBSD__ 57 1.10.4.2 skrll #define splcrypto splnet 58 1.10.4.2 skrll #endif 59 1.10.4.2 skrll 60 1.10.4.2 skrll struct csession { 61 1.10.4.2 skrll TAILQ_ENTRY(csession) next; 62 1.10.4.2 skrll u_int64_t sid; 63 1.10.4.2 skrll u_int32_t ses; 64 1.10.4.2 skrll 65 1.10.4.2 skrll u_int32_t cipher; 66 1.10.4.2 skrll struct enc_xform *txform; 67 1.10.4.2 skrll u_int32_t mac; 68 1.10.4.2 skrll struct auth_hash *thash; 69 1.10.4.2 skrll 70 1.10.4.2 skrll caddr_t key; 71 1.10.4.2 skrll int keylen; 72 1.10.4.2 skrll u_char tmp_iv[EALG_MAX_BLOCK_LEN]; 73 1.10.4.2 skrll 74 1.10.4.2 skrll caddr_t mackey; 75 1.10.4.2 skrll int mackeylen; 76 1.10.4.2 skrll u_char tmp_mac[CRYPTO_MAX_MAC_LEN]; 77 1.10.4.2 skrll 78 1.10.4.2 skrll struct iovec iovec[IOV_MAX]; 79 1.10.4.2 skrll struct uio uio; 80 1.10.4.2 skrll int error; 81 1.10.4.2 skrll }; 82 1.10.4.2 skrll 83 1.10.4.2 skrll struct fcrypt { 84 1.10.4.2 skrll TAILQ_HEAD(csessionlist, csession) csessions; 85 1.10.4.2 skrll int sesn; 86 1.10.4.2 skrll }; 87 1.10.4.2 skrll 88 1.10.4.2 skrll 89 1.10.4.2 skrll /* Declaration of master device (fd-cloning/ctxt-allocating) entrypoints */ 90 1.10.4.3 skrll static int cryptoopen(dev_t dev, int flag, int mode, struct proc *p); 91 1.10.4.2 skrll static int cryptoread(dev_t dev, struct uio *uio, int ioflag); 92 1.10.4.2 skrll static int cryptowrite(dev_t dev, struct uio *uio, int ioflag); 93 1.10.4.3 skrll static int cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p); 94 1.10.4.3 skrll static int cryptoselect(dev_t dev, int rw, struct proc *p); 95 1.10.4.2 skrll 96 1.10.4.2 skrll /* Declaration of cloned-device (per-ctxt) entrypoints */ 97 1.10.4.2 skrll static int cryptof_read(struct file *, off_t *, struct uio *, struct ucred *, int); 98 1.10.4.2 skrll static int cryptof_write(struct file *, off_t *, struct uio *, struct ucred *, int); 99 1.10.4.3 skrll static int cryptof_ioctl(struct file *, u_long, void*, struct proc *p); 100 1.10.4.3 skrll static int cryptof_fcntl(struct file *, u_int, void*, struct proc *p); 101 1.10.4.3 skrll static int cryptof_poll(struct file *, int, struct proc *); 102 1.10.4.2 skrll static int cryptof_kqfilter(struct file *, struct knote *); 103 1.10.4.3 skrll static int cryptof_stat(struct file *, struct stat *, struct proc *); 104 1.10.4.3 skrll static int cryptof_close(struct file *, struct proc *); 105 1.10.4.2 skrll 106 1.10.4.2 skrll static struct fileops cryptofops = { 107 1.10.4.2 skrll cryptof_read, 108 1.10.4.2 skrll cryptof_write, 109 1.10.4.2 skrll cryptof_ioctl, 110 1.10.4.2 skrll cryptof_fcntl, 111 1.10.4.2 skrll cryptof_poll, 112 1.10.4.2 skrll cryptof_stat, 113 1.10.4.2 skrll cryptof_close, 114 1.10.4.2 skrll cryptof_kqfilter 115 1.10.4.2 skrll }; 116 1.10.4.2 skrll 117 1.10.4.2 skrll static struct csession *csefind(struct fcrypt *, u_int); 118 1.10.4.2 skrll static int csedelete(struct fcrypt *, struct csession *); 119 1.10.4.2 skrll static struct csession *cseadd(struct fcrypt *, struct csession *); 120 1.10.4.2 skrll static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t, 121 1.10.4.2 skrll caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, 122 1.10.4.2 skrll struct auth_hash *); 123 1.10.4.2 skrll static int csefree(struct csession *); 124 1.10.4.2 skrll 125 1.10.4.3 skrll static int cryptodev_op(struct csession *, struct crypt_op *, struct proc *); 126 1.10.4.2 skrll static int cryptodev_key(struct crypt_kop *); 127 1.10.4.2 skrll int cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]); 128 1.10.4.2 skrll 129 1.10.4.2 skrll static int cryptodev_cb(void *); 130 1.10.4.2 skrll static int cryptodevkey_cb(void *); 131 1.10.4.2 skrll 132 1.10.4.2 skrll /* 133 1.10.4.2 skrll * sysctl-able control variables for /dev/crypto now defined in crypto.c: 134 1.10.4.2 skrll * crypto_usercrypto, crypto_userasmcrypto, crypto_devallowsoft. 135 1.10.4.2 skrll */ 136 1.10.4.2 skrll 137 1.10.4.2 skrll /* ARGSUSED */ 138 1.10.4.2 skrll int 139 1.10.4.2 skrll cryptof_read(struct file *fp, off_t *poff, struct uio *uio, 140 1.10.4.2 skrll struct ucred *cred, int flags) 141 1.10.4.2 skrll { 142 1.10.4.2 skrll return (EIO); 143 1.10.4.2 skrll } 144 1.10.4.2 skrll 145 1.10.4.2 skrll /* ARGSUSED */ 146 1.10.4.2 skrll int 147 1.10.4.2 skrll cryptof_write(struct file *fp, off_t *poff, struct uio *uio, 148 1.10.4.2 skrll struct ucred *cred, int flags) 149 1.10.4.2 skrll { 150 1.10.4.2 skrll return (EIO); 151 1.10.4.2 skrll } 152 1.10.4.2 skrll 153 1.10.4.2 skrll /* ARGSUSED */ 154 1.10.4.2 skrll int 155 1.10.4.3 skrll cryptof_ioctl(struct file *fp, u_long cmd, void* data, struct proc *p) 156 1.10.4.2 skrll { 157 1.10.4.2 skrll struct cryptoini cria, crie; 158 1.10.4.2 skrll struct fcrypt *fcr = (struct fcrypt *)fp->f_data; 159 1.10.4.2 skrll struct csession *cse; 160 1.10.4.2 skrll struct session_op *sop; 161 1.10.4.2 skrll struct crypt_op *cop; 162 1.10.4.2 skrll struct enc_xform *txform = NULL; 163 1.10.4.2 skrll struct auth_hash *thash = NULL; 164 1.10.4.2 skrll u_int64_t sid; 165 1.10.4.2 skrll u_int32_t ses; 166 1.10.4.2 skrll int error = 0; 167 1.10.4.2 skrll 168 1.10.4.2 skrll switch (cmd) { 169 1.10.4.2 skrll case CIOCGSESSION: 170 1.10.4.2 skrll sop = (struct session_op *)data; 171 1.10.4.2 skrll switch (sop->cipher) { 172 1.10.4.2 skrll case 0: 173 1.10.4.2 skrll break; 174 1.10.4.2 skrll case CRYPTO_DES_CBC: 175 1.10.4.2 skrll txform = &enc_xform_des; 176 1.10.4.2 skrll break; 177 1.10.4.2 skrll case CRYPTO_3DES_CBC: 178 1.10.4.2 skrll txform = &enc_xform_3des; 179 1.10.4.2 skrll break; 180 1.10.4.2 skrll case CRYPTO_BLF_CBC: 181 1.10.4.2 skrll txform = &enc_xform_blf; 182 1.10.4.2 skrll break; 183 1.10.4.2 skrll case CRYPTO_CAST_CBC: 184 1.10.4.2 skrll txform = &enc_xform_cast5; 185 1.10.4.2 skrll break; 186 1.10.4.2 skrll case CRYPTO_SKIPJACK_CBC: 187 1.10.4.2 skrll txform = &enc_xform_skipjack; 188 1.10.4.2 skrll break; 189 1.10.4.2 skrll case CRYPTO_AES_CBC: 190 1.10.4.2 skrll txform = &enc_xform_rijndael128; 191 1.10.4.2 skrll break; 192 1.10.4.2 skrll case CRYPTO_NULL_CBC: 193 1.10.4.2 skrll txform = &enc_xform_null; 194 1.10.4.2 skrll break; 195 1.10.4.2 skrll case CRYPTO_ARC4: 196 1.10.4.2 skrll txform = &enc_xform_arc4; 197 1.10.4.2 skrll break; 198 1.10.4.2 skrll default: 199 1.10.4.2 skrll return (EINVAL); 200 1.10.4.2 skrll } 201 1.10.4.2 skrll 202 1.10.4.2 skrll switch (sop->mac) { 203 1.10.4.2 skrll case 0: 204 1.10.4.2 skrll break; 205 1.10.4.2 skrll case CRYPTO_MD5_HMAC: 206 1.10.4.2 skrll thash = &auth_hash_hmac_md5_96; 207 1.10.4.2 skrll break; 208 1.10.4.2 skrll case CRYPTO_SHA1_HMAC: 209 1.10.4.2 skrll thash = &auth_hash_hmac_sha1_96; 210 1.10.4.2 skrll break; 211 1.10.4.2 skrll case CRYPTO_SHA2_HMAC: 212 1.10.4.2 skrll if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize) 213 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_256; 214 1.10.4.2 skrll else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize) 215 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_384; 216 1.10.4.2 skrll else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize) 217 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_512; 218 1.10.4.2 skrll else 219 1.10.4.2 skrll return (EINVAL); 220 1.10.4.2 skrll break; 221 1.10.4.2 skrll case CRYPTO_RIPEMD160_HMAC: 222 1.10.4.2 skrll thash = &auth_hash_hmac_ripemd_160_96; 223 1.10.4.2 skrll break; 224 1.10.4.2 skrll case CRYPTO_MD5: 225 1.10.4.2 skrll thash = &auth_hash_md5; 226 1.10.4.2 skrll break; 227 1.10.4.2 skrll case CRYPTO_SHA1: 228 1.10.4.2 skrll thash = &auth_hash_sha1; 229 1.10.4.2 skrll break; 230 1.10.4.2 skrll case CRYPTO_NULL_HMAC: 231 1.10.4.2 skrll thash = &auth_hash_null; 232 1.10.4.2 skrll break; 233 1.10.4.2 skrll default: 234 1.10.4.2 skrll return (EINVAL); 235 1.10.4.2 skrll } 236 1.10.4.2 skrll 237 1.10.4.2 skrll bzero(&crie, sizeof(crie)); 238 1.10.4.2 skrll bzero(&cria, sizeof(cria)); 239 1.10.4.2 skrll 240 1.10.4.2 skrll if (txform) { 241 1.10.4.2 skrll crie.cri_alg = txform->type; 242 1.10.4.2 skrll crie.cri_klen = sop->keylen * 8; 243 1.10.4.2 skrll if (sop->keylen > txform->maxkey || 244 1.10.4.2 skrll sop->keylen < txform->minkey) { 245 1.10.4.2 skrll error = EINVAL; 246 1.10.4.2 skrll goto bail; 247 1.10.4.2 skrll } 248 1.10.4.2 skrll 249 1.10.4.2 skrll MALLOC(crie.cri_key, u_int8_t *, 250 1.10.4.2 skrll crie.cri_klen / 8, M_XDATA, M_WAITOK); 251 1.10.4.2 skrll if ((error = copyin(sop->key, crie.cri_key, 252 1.10.4.2 skrll crie.cri_klen / 8))) 253 1.10.4.2 skrll goto bail; 254 1.10.4.2 skrll if (thash) 255 1.10.4.2 skrll crie.cri_next = &cria; 256 1.10.4.2 skrll } 257 1.10.4.2 skrll 258 1.10.4.2 skrll if (thash) { 259 1.10.4.2 skrll cria.cri_alg = thash->type; 260 1.10.4.2 skrll cria.cri_klen = sop->mackeylen * 8; 261 1.10.4.2 skrll if (sop->mackeylen != thash->keysize) { 262 1.10.4.2 skrll error = EINVAL; 263 1.10.4.2 skrll goto bail; 264 1.10.4.2 skrll } 265 1.10.4.2 skrll 266 1.10.4.2 skrll if (cria.cri_klen) { 267 1.10.4.2 skrll MALLOC(cria.cri_key, u_int8_t *, 268 1.10.4.2 skrll cria.cri_klen / 8, M_XDATA, M_WAITOK); 269 1.10.4.2 skrll if ((error = copyin(sop->mackey, cria.cri_key, 270 1.10.4.2 skrll cria.cri_klen / 8))) 271 1.10.4.2 skrll goto bail; 272 1.10.4.2 skrll } 273 1.10.4.2 skrll } 274 1.10.4.2 skrll 275 1.10.4.2 skrll error = crypto_newsession(&sid, (txform ? &crie : &cria), 276 1.10.4.2 skrll crypto_devallowsoft); 277 1.10.4.2 skrll if (error) { 278 1.10.4.2 skrll #ifdef CRYPTO_DEBUG 279 1.10.4.2 skrll printf("SIOCSESSION violates kernel parameters\n"); 280 1.10.4.2 skrll #endif 281 1.10.4.2 skrll goto bail; 282 1.10.4.2 skrll } 283 1.10.4.2 skrll 284 1.10.4.2 skrll cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, 285 1.10.4.2 skrll cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, 286 1.10.4.2 skrll thash); 287 1.10.4.2 skrll 288 1.10.4.2 skrll if (cse == NULL) { 289 1.10.4.2 skrll crypto_freesession(sid); 290 1.10.4.2 skrll error = EINVAL; 291 1.10.4.2 skrll goto bail; 292 1.10.4.2 skrll } 293 1.10.4.2 skrll sop->ses = cse->ses; 294 1.10.4.2 skrll 295 1.10.4.2 skrll bail: 296 1.10.4.2 skrll if (error) { 297 1.10.4.2 skrll if (crie.cri_key) 298 1.10.4.2 skrll FREE(crie.cri_key, M_XDATA); 299 1.10.4.2 skrll if (cria.cri_key) 300 1.10.4.2 skrll FREE(cria.cri_key, M_XDATA); 301 1.10.4.2 skrll } 302 1.10.4.2 skrll break; 303 1.10.4.2 skrll case CIOCFSESSION: 304 1.10.4.2 skrll ses = *(u_int32_t *)data; 305 1.10.4.2 skrll cse = csefind(fcr, ses); 306 1.10.4.2 skrll if (cse == NULL) 307 1.10.4.2 skrll return (EINVAL); 308 1.10.4.2 skrll csedelete(fcr, cse); 309 1.10.4.2 skrll error = csefree(cse); 310 1.10.4.2 skrll break; 311 1.10.4.2 skrll case CIOCCRYPT: 312 1.10.4.2 skrll cop = (struct crypt_op *)data; 313 1.10.4.2 skrll cse = csefind(fcr, cop->ses); 314 1.10.4.2 skrll if (cse == NULL) 315 1.10.4.2 skrll return (EINVAL); 316 1.10.4.3 skrll error = cryptodev_op(cse, cop, p); 317 1.10.4.2 skrll break; 318 1.10.4.2 skrll case CIOCKEY: 319 1.10.4.2 skrll error = cryptodev_key((struct crypt_kop *)data); 320 1.10.4.2 skrll break; 321 1.10.4.2 skrll case CIOCASYMFEAT: 322 1.10.4.2 skrll error = crypto_getfeat((int *)data); 323 1.10.4.2 skrll break; 324 1.10.4.2 skrll default: 325 1.10.4.2 skrll error = EINVAL; 326 1.10.4.2 skrll } 327 1.10.4.2 skrll return (error); 328 1.10.4.2 skrll } 329 1.10.4.2 skrll 330 1.10.4.2 skrll /* ARGSUSED */ 331 1.10.4.2 skrll int 332 1.10.4.3 skrll cryptof_fcntl(struct file *fp, u_int cmd, void *data, struct proc *p) 333 1.10.4.2 skrll { 334 1.10.4.2 skrll return (0); 335 1.10.4.2 skrll } 336 1.10.4.2 skrll 337 1.10.4.2 skrll static int 338 1.10.4.3 skrll cryptodev_op(struct csession *cse, struct crypt_op *cop, struct proc *p) 339 1.10.4.2 skrll { 340 1.10.4.2 skrll struct cryptop *crp = NULL; 341 1.10.4.2 skrll struct cryptodesc *crde = NULL, *crda = NULL; 342 1.10.4.2 skrll int i, error, s; 343 1.10.4.2 skrll 344 1.10.4.2 skrll if (cop->len > 256*1024-4) 345 1.10.4.2 skrll return (E2BIG); 346 1.10.4.2 skrll 347 1.10.4.2 skrll if (cse->txform && (cop->len % cse->txform->blocksize) != 0) 348 1.10.4.2 skrll return (EINVAL); 349 1.10.4.2 skrll 350 1.10.4.2 skrll bzero(&cse->uio, sizeof(cse->uio)); 351 1.10.4.2 skrll cse->uio.uio_iovcnt = 1; 352 1.10.4.2 skrll cse->uio.uio_resid = 0; 353 1.10.4.2 skrll cse->uio.uio_segflg = UIO_SYSSPACE; 354 1.10.4.2 skrll cse->uio.uio_rw = UIO_WRITE; 355 1.10.4.3 skrll cse->uio.uio_procp = NULL; 356 1.10.4.2 skrll cse->uio.uio_iov = cse->iovec; 357 1.10.4.2 skrll bzero(&cse->iovec, sizeof(cse->iovec)); 358 1.10.4.2 skrll cse->uio.uio_iov[0].iov_len = cop->len; 359 1.10.4.2 skrll cse->uio.uio_iov[0].iov_base = malloc(cop->len, M_XDATA, M_WAITOK); 360 1.10.4.2 skrll for (i = 0; i < cse->uio.uio_iovcnt; i++) 361 1.10.4.2 skrll cse->uio.uio_resid += cse->uio.uio_iov[0].iov_len; 362 1.10.4.2 skrll 363 1.10.4.2 skrll crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); 364 1.10.4.2 skrll if (crp == NULL) { 365 1.10.4.2 skrll error = ENOMEM; 366 1.10.4.2 skrll goto bail; 367 1.10.4.2 skrll } 368 1.10.4.2 skrll 369 1.10.4.2 skrll if (cse->thash) { 370 1.10.4.2 skrll crda = crp->crp_desc; 371 1.10.4.2 skrll if (cse->txform) 372 1.10.4.2 skrll crde = crda->crd_next; 373 1.10.4.2 skrll } else { 374 1.10.4.2 skrll if (cse->txform) 375 1.10.4.2 skrll crde = crp->crp_desc; 376 1.10.4.2 skrll else { 377 1.10.4.2 skrll error = EINVAL; 378 1.10.4.2 skrll goto bail; 379 1.10.4.2 skrll } 380 1.10.4.2 skrll } 381 1.10.4.2 skrll 382 1.10.4.2 skrll if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len))) 383 1.10.4.2 skrll goto bail; 384 1.10.4.2 skrll 385 1.10.4.2 skrll if (crda) { 386 1.10.4.2 skrll crda->crd_skip = 0; 387 1.10.4.2 skrll crda->crd_len = cop->len; 388 1.10.4.2 skrll crda->crd_inject = 0; /* ??? */ 389 1.10.4.2 skrll 390 1.10.4.2 skrll crda->crd_alg = cse->mac; 391 1.10.4.2 skrll crda->crd_key = cse->mackey; 392 1.10.4.2 skrll crda->crd_klen = cse->mackeylen * 8; 393 1.10.4.2 skrll } 394 1.10.4.2 skrll 395 1.10.4.2 skrll if (crde) { 396 1.10.4.2 skrll if (cop->op == COP_ENCRYPT) 397 1.10.4.2 skrll crde->crd_flags |= CRD_F_ENCRYPT; 398 1.10.4.2 skrll else 399 1.10.4.2 skrll crde->crd_flags &= ~CRD_F_ENCRYPT; 400 1.10.4.2 skrll crde->crd_len = cop->len; 401 1.10.4.2 skrll crde->crd_inject = 0; 402 1.10.4.2 skrll 403 1.10.4.2 skrll crde->crd_alg = cse->cipher; 404 1.10.4.2 skrll crde->crd_key = cse->key; 405 1.10.4.2 skrll crde->crd_klen = cse->keylen * 8; 406 1.10.4.2 skrll } 407 1.10.4.2 skrll 408 1.10.4.2 skrll crp->crp_ilen = cop->len; 409 1.10.4.2 skrll crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 410 1.10.4.2 skrll | (cop->flags & COP_F_BATCH); 411 1.10.4.2 skrll crp->crp_buf = (caddr_t)&cse->uio; 412 1.10.4.2 skrll crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb; 413 1.10.4.2 skrll crp->crp_sid = cse->sid; 414 1.10.4.2 skrll crp->crp_opaque = (void *)cse; 415 1.10.4.2 skrll 416 1.10.4.2 skrll if (cop->iv) { 417 1.10.4.2 skrll if (crde == NULL) { 418 1.10.4.2 skrll error = EINVAL; 419 1.10.4.2 skrll goto bail; 420 1.10.4.2 skrll } 421 1.10.4.2 skrll if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 422 1.10.4.2 skrll error = EINVAL; 423 1.10.4.2 skrll goto bail; 424 1.10.4.2 skrll } 425 1.10.4.2 skrll if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize))) 426 1.10.4.2 skrll goto bail; 427 1.10.4.2 skrll bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize); 428 1.10.4.2 skrll crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 429 1.10.4.2 skrll crde->crd_skip = 0; 430 1.10.4.2 skrll } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 431 1.10.4.2 skrll crde->crd_skip = 0; 432 1.10.4.2 skrll } else if (crde) { 433 1.10.4.2 skrll crde->crd_flags |= CRD_F_IV_PRESENT; 434 1.10.4.2 skrll crde->crd_skip = cse->txform->blocksize; 435 1.10.4.2 skrll crde->crd_len -= cse->txform->blocksize; 436 1.10.4.2 skrll } 437 1.10.4.2 skrll 438 1.10.4.2 skrll if (cop->mac) { 439 1.10.4.2 skrll if (crda == NULL) { 440 1.10.4.2 skrll error = EINVAL; 441 1.10.4.2 skrll goto bail; 442 1.10.4.2 skrll } 443 1.10.4.2 skrll crp->crp_mac=cse->tmp_mac; 444 1.10.4.2 skrll } 445 1.10.4.2 skrll 446 1.10.4.2 skrll s = splcrypto(); /* NB: only needed with CRYPTO_F_CBIMM */ 447 1.10.4.2 skrll error = crypto_dispatch(crp); 448 1.10.4.2 skrll if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0) 449 1.10.4.2 skrll error = tsleep(crp, PSOCK, "crydev", 0); 450 1.10.4.2 skrll splx(s); 451 1.10.4.2 skrll if (error) { 452 1.10.4.2 skrll goto bail; 453 1.10.4.2 skrll } 454 1.10.4.2 skrll 455 1.10.4.2 skrll if (crp->crp_etype != 0) { 456 1.10.4.2 skrll error = crp->crp_etype; 457 1.10.4.2 skrll goto bail; 458 1.10.4.2 skrll } 459 1.10.4.2 skrll 460 1.10.4.2 skrll if (cse->error) { 461 1.10.4.2 skrll error = cse->error; 462 1.10.4.2 skrll goto bail; 463 1.10.4.2 skrll } 464 1.10.4.2 skrll 465 1.10.4.2 skrll if (cop->dst && 466 1.10.4.2 skrll (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len))) 467 1.10.4.2 skrll goto bail; 468 1.10.4.2 skrll 469 1.10.4.2 skrll if (cop->mac && 470 1.10.4.2 skrll (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) 471 1.10.4.2 skrll goto bail; 472 1.10.4.2 skrll 473 1.10.4.2 skrll bail: 474 1.10.4.2 skrll if (crp) 475 1.10.4.2 skrll crypto_freereq(crp); 476 1.10.4.2 skrll if (cse->uio.uio_iov[0].iov_base) 477 1.10.4.2 skrll free(cse->uio.uio_iov[0].iov_base, M_XDATA); 478 1.10.4.2 skrll 479 1.10.4.2 skrll return (error); 480 1.10.4.2 skrll } 481 1.10.4.2 skrll 482 1.10.4.2 skrll static int 483 1.10.4.2 skrll cryptodev_cb(void *op) 484 1.10.4.2 skrll { 485 1.10.4.2 skrll struct cryptop *crp = (struct cryptop *) op; 486 1.10.4.2 skrll struct csession *cse = (struct csession *)crp->crp_opaque; 487 1.10.4.2 skrll 488 1.10.4.2 skrll cse->error = crp->crp_etype; 489 1.10.4.2 skrll if (crp->crp_etype == EAGAIN) 490 1.10.4.2 skrll return crypto_dispatch(crp); 491 1.10.4.2 skrll wakeup_one(crp); 492 1.10.4.2 skrll return (0); 493 1.10.4.2 skrll } 494 1.10.4.2 skrll 495 1.10.4.2 skrll static int 496 1.10.4.2 skrll cryptodevkey_cb(void *op) 497 1.10.4.2 skrll { 498 1.10.4.2 skrll struct cryptkop *krp = (struct cryptkop *) op; 499 1.10.4.2 skrll 500 1.10.4.2 skrll wakeup_one(krp); 501 1.10.4.2 skrll return (0); 502 1.10.4.2 skrll } 503 1.10.4.2 skrll 504 1.10.4.2 skrll static int 505 1.10.4.2 skrll cryptodev_key(struct crypt_kop *kop) 506 1.10.4.2 skrll { 507 1.10.4.2 skrll struct cryptkop *krp = NULL; 508 1.10.4.2 skrll int error = EINVAL; 509 1.10.4.2 skrll int in, out, size, i; 510 1.10.4.2 skrll 511 1.10.4.2 skrll if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 512 1.10.4.2 skrll return (EFBIG); 513 1.10.4.2 skrll } 514 1.10.4.2 skrll 515 1.10.4.2 skrll in = kop->crk_iparams; 516 1.10.4.2 skrll out = kop->crk_oparams; 517 1.10.4.2 skrll switch (kop->crk_op) { 518 1.10.4.2 skrll case CRK_MOD_EXP: 519 1.10.4.2 skrll if (in == 3 && out == 1) 520 1.10.4.2 skrll break; 521 1.10.4.2 skrll return (EINVAL); 522 1.10.4.2 skrll case CRK_MOD_EXP_CRT: 523 1.10.4.2 skrll if (in == 6 && out == 1) 524 1.10.4.2 skrll break; 525 1.10.4.2 skrll return (EINVAL); 526 1.10.4.2 skrll case CRK_DSA_SIGN: 527 1.10.4.2 skrll if (in == 5 && out == 2) 528 1.10.4.2 skrll break; 529 1.10.4.2 skrll return (EINVAL); 530 1.10.4.2 skrll case CRK_DSA_VERIFY: 531 1.10.4.2 skrll if (in == 7 && out == 0) 532 1.10.4.2 skrll break; 533 1.10.4.2 skrll return (EINVAL); 534 1.10.4.2 skrll case CRK_DH_COMPUTE_KEY: 535 1.10.4.2 skrll if (in == 3 && out == 1) 536 1.10.4.2 skrll break; 537 1.10.4.2 skrll return (EINVAL); 538 1.10.4.2 skrll default: 539 1.10.4.2 skrll return (EINVAL); 540 1.10.4.2 skrll } 541 1.10.4.2 skrll 542 1.10.4.2 skrll krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK); 543 1.10.4.2 skrll if (!krp) 544 1.10.4.2 skrll return (ENOMEM); 545 1.10.4.2 skrll bzero(krp, sizeof *krp); 546 1.10.4.2 skrll krp->krp_op = kop->crk_op; 547 1.10.4.2 skrll krp->krp_status = kop->crk_status; 548 1.10.4.2 skrll krp->krp_iparams = kop->crk_iparams; 549 1.10.4.2 skrll krp->krp_oparams = kop->crk_oparams; 550 1.10.4.2 skrll krp->krp_status = 0; 551 1.10.4.2 skrll krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; 552 1.10.4.2 skrll 553 1.10.4.2 skrll for (i = 0; i < CRK_MAXPARAM; i++) 554 1.10.4.2 skrll krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 555 1.10.4.2 skrll for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 556 1.10.4.2 skrll size = (krp->krp_param[i].crp_nbits + 7) / 8; 557 1.10.4.2 skrll if (size == 0) 558 1.10.4.2 skrll continue; 559 1.10.4.2 skrll MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK); 560 1.10.4.2 skrll if (i >= krp->krp_iparams) 561 1.10.4.2 skrll continue; 562 1.10.4.2 skrll error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 563 1.10.4.2 skrll if (error) 564 1.10.4.2 skrll goto fail; 565 1.10.4.2 skrll } 566 1.10.4.2 skrll 567 1.10.4.2 skrll error = crypto_kdispatch(krp); 568 1.10.4.2 skrll if (error == 0) 569 1.10.4.2 skrll error = tsleep(krp, PSOCK, "crydev", 0); 570 1.10.4.2 skrll if (error) 571 1.10.4.2 skrll goto fail; 572 1.10.4.2 skrll 573 1.10.4.2 skrll if (krp->krp_status != 0) { 574 1.10.4.2 skrll error = krp->krp_status; 575 1.10.4.2 skrll goto fail; 576 1.10.4.2 skrll } 577 1.10.4.2 skrll 578 1.10.4.2 skrll for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 579 1.10.4.2 skrll size = (krp->krp_param[i].crp_nbits + 7) / 8; 580 1.10.4.2 skrll if (size == 0) 581 1.10.4.2 skrll continue; 582 1.10.4.2 skrll error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 583 1.10.4.2 skrll if (error) 584 1.10.4.2 skrll goto fail; 585 1.10.4.2 skrll } 586 1.10.4.2 skrll 587 1.10.4.2 skrll fail: 588 1.10.4.2 skrll if (krp) { 589 1.10.4.2 skrll kop->crk_status = krp->krp_status; 590 1.10.4.2 skrll for (i = 0; i < CRK_MAXPARAM; i++) { 591 1.10.4.2 skrll if (krp->krp_param[i].crp_p) 592 1.10.4.2 skrll FREE(krp->krp_param[i].crp_p, M_XDATA); 593 1.10.4.2 skrll } 594 1.10.4.2 skrll free(krp, M_XDATA); 595 1.10.4.2 skrll } 596 1.10.4.2 skrll return (error); 597 1.10.4.2 skrll } 598 1.10.4.2 skrll 599 1.10.4.2 skrll /* ARGSUSED */ 600 1.10.4.2 skrll static int 601 1.10.4.3 skrll cryptof_poll(struct file *fp, int which, struct proc *p) 602 1.10.4.2 skrll { 603 1.10.4.2 skrll return (0); 604 1.10.4.2 skrll } 605 1.10.4.2 skrll 606 1.10.4.2 skrll 607 1.10.4.2 skrll /* ARGSUSED */ 608 1.10.4.2 skrll static int 609 1.10.4.2 skrll cryptof_kqfilter(struct file *fp, struct knote *kn) 610 1.10.4.2 skrll { 611 1.10.4.2 skrll 612 1.10.4.2 skrll return (0); 613 1.10.4.2 skrll } 614 1.10.4.2 skrll 615 1.10.4.2 skrll /* ARGSUSED */ 616 1.10.4.2 skrll static int 617 1.10.4.3 skrll cryptof_stat(struct file *fp, struct stat *sb, struct proc *p) 618 1.10.4.2 skrll { 619 1.10.4.2 skrll return (EOPNOTSUPP); 620 1.10.4.2 skrll } 621 1.10.4.2 skrll 622 1.10.4.2 skrll /* ARGSUSED */ 623 1.10.4.2 skrll static int 624 1.10.4.3 skrll cryptof_close(struct file *fp, struct proc *p) 625 1.10.4.2 skrll { 626 1.10.4.2 skrll struct fcrypt *fcr = (struct fcrypt *)fp->f_data; 627 1.10.4.2 skrll struct csession *cse; 628 1.10.4.2 skrll 629 1.10.4.2 skrll while ((cse = TAILQ_FIRST(&fcr->csessions))) { 630 1.10.4.2 skrll TAILQ_REMOVE(&fcr->csessions, cse, next); 631 1.10.4.2 skrll (void)csefree(cse); 632 1.10.4.2 skrll } 633 1.10.4.2 skrll FREE(fcr, M_XDATA); 634 1.10.4.2 skrll 635 1.10.4.2 skrll /* close() stolen from sys/kern/kern_ktrace.c */ 636 1.10.4.2 skrll 637 1.10.4.2 skrll fp->f_data = NULL; 638 1.10.4.2 skrll #if 0 639 1.10.4.2 skrll FILE_UNUSE(fp, p); /* release file */ 640 1.10.4.2 skrll fdrelease(p, fd); /* release fd table slot */ 641 1.10.4.2 skrll #endif 642 1.10.4.2 skrll 643 1.10.4.2 skrll return 0; 644 1.10.4.2 skrll } 645 1.10.4.2 skrll 646 1.10.4.2 skrll static struct csession * 647 1.10.4.2 skrll csefind(struct fcrypt *fcr, u_int ses) 648 1.10.4.2 skrll { 649 1.10.4.2 skrll struct csession *cse; 650 1.10.4.2 skrll 651 1.10.4.2 skrll TAILQ_FOREACH(cse, &fcr->csessions, next) 652 1.10.4.2 skrll if (cse->ses == ses) 653 1.10.4.2 skrll return (cse); 654 1.10.4.2 skrll return (NULL); 655 1.10.4.2 skrll } 656 1.10.4.2 skrll 657 1.10.4.2 skrll static int 658 1.10.4.2 skrll csedelete(struct fcrypt *fcr, struct csession *cse_del) 659 1.10.4.2 skrll { 660 1.10.4.2 skrll struct csession *cse; 661 1.10.4.2 skrll 662 1.10.4.2 skrll TAILQ_FOREACH(cse, &fcr->csessions, next) { 663 1.10.4.2 skrll if (cse == cse_del) { 664 1.10.4.2 skrll TAILQ_REMOVE(&fcr->csessions, cse, next); 665 1.10.4.2 skrll return (1); 666 1.10.4.2 skrll } 667 1.10.4.2 skrll } 668 1.10.4.2 skrll return (0); 669 1.10.4.2 skrll } 670 1.10.4.2 skrll 671 1.10.4.2 skrll static struct csession * 672 1.10.4.2 skrll cseadd(struct fcrypt *fcr, struct csession *cse) 673 1.10.4.2 skrll { 674 1.10.4.2 skrll TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 675 1.10.4.2 skrll cse->ses = fcr->sesn++; 676 1.10.4.2 skrll return (cse); 677 1.10.4.2 skrll } 678 1.10.4.2 skrll 679 1.10.4.2 skrll static struct csession * 680 1.10.4.2 skrll csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, 681 1.10.4.2 skrll caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, 682 1.10.4.2 skrll struct enc_xform *txform, struct auth_hash *thash) 683 1.10.4.2 skrll { 684 1.10.4.2 skrll struct csession *cse; 685 1.10.4.2 skrll 686 1.10.4.2 skrll MALLOC(cse, struct csession *, sizeof(struct csession), 687 1.10.4.2 skrll M_XDATA, M_NOWAIT); 688 1.10.4.2 skrll if (cse == NULL) 689 1.10.4.2 skrll return NULL; 690 1.10.4.2 skrll cse->key = key; 691 1.10.4.2 skrll cse->keylen = keylen/8; 692 1.10.4.2 skrll cse->mackey = mackey; 693 1.10.4.2 skrll cse->mackeylen = mackeylen/8; 694 1.10.4.2 skrll cse->sid = sid; 695 1.10.4.2 skrll cse->cipher = cipher; 696 1.10.4.2 skrll cse->mac = mac; 697 1.10.4.2 skrll cse->txform = txform; 698 1.10.4.2 skrll cse->thash = thash; 699 1.10.4.2 skrll cseadd(fcr, cse); 700 1.10.4.2 skrll return (cse); 701 1.10.4.2 skrll } 702 1.10.4.2 skrll 703 1.10.4.2 skrll static int 704 1.10.4.2 skrll csefree(struct csession *cse) 705 1.10.4.2 skrll { 706 1.10.4.2 skrll int error; 707 1.10.4.2 skrll 708 1.10.4.2 skrll error = crypto_freesession(cse->sid); 709 1.10.4.2 skrll if (cse->key) 710 1.10.4.2 skrll FREE(cse->key, M_XDATA); 711 1.10.4.2 skrll if (cse->mackey) 712 1.10.4.2 skrll FREE(cse->mackey, M_XDATA); 713 1.10.4.2 skrll FREE(cse, M_XDATA); 714 1.10.4.2 skrll return (error); 715 1.10.4.2 skrll } 716 1.10.4.2 skrll 717 1.10.4.2 skrll static int 718 1.10.4.3 skrll cryptoopen(dev_t dev, int flag, int mode, struct proc *p) 719 1.10.4.2 skrll { 720 1.10.4.2 skrll if (crypto_usercrypto == 0) 721 1.10.4.2 skrll return (ENXIO); 722 1.10.4.2 skrll return (0); 723 1.10.4.2 skrll } 724 1.10.4.2 skrll 725 1.10.4.2 skrll static int 726 1.10.4.2 skrll cryptoread(dev_t dev, struct uio *uio, int ioflag) 727 1.10.4.2 skrll { 728 1.10.4.2 skrll return (EIO); 729 1.10.4.2 skrll } 730 1.10.4.2 skrll 731 1.10.4.2 skrll static int 732 1.10.4.2 skrll cryptowrite(dev_t dev, struct uio *uio, int ioflag) 733 1.10.4.2 skrll { 734 1.10.4.2 skrll return (EIO); 735 1.10.4.2 skrll } 736 1.10.4.2 skrll 737 1.10.4.2 skrll static int 738 1.10.4.3 skrll cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) 739 1.10.4.2 skrll { 740 1.10.4.2 skrll struct file *f; 741 1.10.4.2 skrll struct fcrypt *fcr; 742 1.10.4.2 skrll int fd, error; 743 1.10.4.2 skrll 744 1.10.4.2 skrll switch (cmd) { 745 1.10.4.2 skrll case CRIOGET: 746 1.10.4.2 skrll MALLOC(fcr, struct fcrypt *, 747 1.10.4.2 skrll sizeof(struct fcrypt), M_XDATA, M_WAITOK); 748 1.10.4.2 skrll TAILQ_INIT(&fcr->csessions); 749 1.10.4.2 skrll fcr->sesn = 0; 750 1.10.4.2 skrll 751 1.10.4.3 skrll error = falloc(p, &f, &fd); 752 1.10.4.2 skrll if (error) { 753 1.10.4.2 skrll FREE(fcr, M_XDATA); 754 1.10.4.2 skrll return (error); 755 1.10.4.2 skrll } 756 1.10.4.2 skrll f->f_flag = FREAD | FWRITE; 757 1.10.4.2 skrll f->f_type = DTYPE_CRYPTO; 758 1.10.4.2 skrll f->f_ops = &cryptofops; 759 1.10.4.2 skrll f->f_data = (caddr_t) fcr; 760 1.10.4.2 skrll *(u_int32_t *)data = fd; 761 1.10.4.2 skrll FILE_SET_MATURE(f); 762 1.10.4.3 skrll FILE_UNUSE(f, p); 763 1.10.4.2 skrll break; 764 1.10.4.2 skrll default: 765 1.10.4.2 skrll error = EINVAL; 766 1.10.4.2 skrll break; 767 1.10.4.2 skrll } 768 1.10.4.2 skrll return (error); 769 1.10.4.2 skrll } 770 1.10.4.2 skrll 771 1.10.4.2 skrll int 772 1.10.4.3 skrll cryptoselect(dev_t dev, int rw, struct proc *p) 773 1.10.4.2 skrll { 774 1.10.4.2 skrll return (0); 775 1.10.4.2 skrll } 776 1.10.4.2 skrll 777 1.10.4.2 skrll /*static*/ 778 1.10.4.2 skrll struct cdevsw crypto_cdevsw = { 779 1.10.4.2 skrll /* open */ cryptoopen, 780 1.10.4.2 skrll /* close */ nullclose, 781 1.10.4.2 skrll /* read */ cryptoread, 782 1.10.4.2 skrll /* write */ cryptowrite, 783 1.10.4.2 skrll /* ioctl */ cryptoioctl, 784 1.10.4.2 skrll /* ttstop?*/ nostop, 785 1.10.4.2 skrll /* ??*/ notty, 786 1.10.4.2 skrll /* poll */ cryptoselect /*nopoll*/, 787 1.10.4.2 skrll /* mmap */ nommap, 788 1.10.4.2 skrll /* kqfilter */ nokqfilter, 789 1.10.4.2 skrll }; 790 1.10.4.2 skrll 791
Indexes created Thu Oct 02 14:10:14 GMT 2025