cryptodev.c revision 1.10.4.6
1 1.10.4.6 skrll /* $NetBSD: cryptodev.c,v 1.10.4.6 2005/03/08 13:53:12 skrll Exp $ */ 2 1.10.4.2 skrll /* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */ 3 1.10.4.2 skrll /* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */ 4 1.10.4.2 skrll 5 1.10.4.2 skrll /* 6 1.10.4.2 skrll * Copyright (c) 2001 Theo de Raadt 7 1.10.4.2 skrll * 8 1.10.4.2 skrll * Redistribution and use in source and binary forms, with or without 9 1.10.4.2 skrll * modification, are permitted provided that the following conditions 10 1.10.4.2 skrll * are met: 11 1.10.4.2 skrll * 12 1.10.4.2 skrll * 1. Redistributions of source code must retain the above copyright 13 1.10.4.2 skrll * notice, this list of conditions and the following disclaimer. 14 1.10.4.2 skrll * 2. Redistributions in binary form must reproduce the above copyright 15 1.10.4.2 skrll * notice, this list of conditions and the following disclaimer in the 16 1.10.4.2 skrll * documentation and/or other materials provided with the distribution. 17 1.10.4.2 skrll * 3. The name of the author may not be used to endorse or promote products 18 1.10.4.2 skrll * derived from this software without specific prior written permission. 19 1.10.4.2 skrll * 20 1.10.4.2 skrll * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 1.10.4.2 skrll * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 1.10.4.2 skrll * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 1.10.4.2 skrll * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 1.10.4.2 skrll * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 1.10.4.2 skrll * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 1.10.4.2 skrll * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 1.10.4.2 skrll * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 1.10.4.2 skrll * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 1.10.4.2 skrll * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 1.10.4.2 skrll * 31 1.10.4.2 skrll * Effort sponsored in part by the Defense Advanced Research Projects 32 1.10.4.2 skrll * Agency (DARPA) and Air Force Research Laboratory, Air Force 33 1.10.4.2 skrll * Materiel Command, USAF, under agreement number F30602-01-2-0537. 34 1.10.4.2 skrll * 35 1.10.4.2 skrll */ 36 1.10.4.2 skrll 37 1.10.4.2 skrll #include <sys/cdefs.h> 38 1.10.4.6 skrll __KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.10.4.6 2005/03/08 13:53:12 skrll Exp $"); 39 1.10.4.2 skrll 40 1.10.4.2 skrll #include <sys/param.h> 41 1.10.4.2 skrll #include <sys/systm.h> 42 1.10.4.2 skrll #include <sys/malloc.h> 43 1.10.4.2 skrll #include <sys/mbuf.h> 44 1.10.4.2 skrll #include <sys/sysctl.h> 45 1.10.4.2 skrll #include <sys/file.h> 46 1.10.4.2 skrll #include <sys/filedesc.h> 47 1.10.4.2 skrll #include <sys/errno.h> 48 1.10.4.2 skrll #include <sys/md5.h> 49 1.10.4.2 skrll #include <sys/sha1.h> 50 1.10.4.2 skrll #include <sys/conf.h> 51 1.10.4.2 skrll #include <sys/device.h> 52 1.10.4.2 skrll 53 1.10.4.2 skrll #include <opencrypto/cryptodev.h> 54 1.10.4.2 skrll #include <opencrypto/xform.h> 55 1.10.4.2 skrll 56 1.10.4.2 skrll #ifdef __NetBSD__ 57 1.10.4.2 skrll #define splcrypto splnet 58 1.10.4.2 skrll #endif 59 1.10.4.2 skrll 60 1.10.4.2 skrll struct csession { 61 1.10.4.2 skrll TAILQ_ENTRY(csession) next; 62 1.10.4.2 skrll u_int64_t sid; 63 1.10.4.2 skrll u_int32_t ses; 64 1.10.4.2 skrll 65 1.10.4.2 skrll u_int32_t cipher; 66 1.10.4.2 skrll struct enc_xform *txform; 67 1.10.4.2 skrll u_int32_t mac; 68 1.10.4.2 skrll struct auth_hash *thash; 69 1.10.4.2 skrll 70 1.10.4.2 skrll caddr_t key; 71 1.10.4.2 skrll int keylen; 72 1.10.4.2 skrll u_char tmp_iv[EALG_MAX_BLOCK_LEN]; 73 1.10.4.2 skrll 74 1.10.4.2 skrll caddr_t mackey; 75 1.10.4.2 skrll int mackeylen; 76 1.10.4.2 skrll u_char tmp_mac[CRYPTO_MAX_MAC_LEN]; 77 1.10.4.2 skrll 78 1.10.4.2 skrll struct iovec iovec[IOV_MAX]; 79 1.10.4.2 skrll struct uio uio; 80 1.10.4.2 skrll int error; 81 1.10.4.2 skrll }; 82 1.10.4.2 skrll 83 1.10.4.2 skrll struct fcrypt { 84 1.10.4.2 skrll TAILQ_HEAD(csessionlist, csession) csessions; 85 1.10.4.2 skrll int sesn; 86 1.10.4.2 skrll }; 87 1.10.4.2 skrll 88 1.10.4.2 skrll 89 1.10.4.2 skrll /* Declaration of master device (fd-cloning/ctxt-allocating) entrypoints */ 90 1.10.4.4 skrll static int cryptoopen(dev_t dev, int flag, int mode, struct lwp *l); 91 1.10.4.2 skrll static int cryptoread(dev_t dev, struct uio *uio, int ioflag); 92 1.10.4.2 skrll static int cryptowrite(dev_t dev, struct uio *uio, int ioflag); 93 1.10.4.4 skrll static int cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l); 94 1.10.4.4 skrll static int cryptoselect(dev_t dev, int rw, struct lwp *l); 95 1.10.4.2 skrll 96 1.10.4.2 skrll /* Declaration of cloned-device (per-ctxt) entrypoints */ 97 1.10.4.2 skrll static int cryptof_read(struct file *, off_t *, struct uio *, struct ucred *, int); 98 1.10.4.2 skrll static int cryptof_write(struct file *, off_t *, struct uio *, struct ucred *, int); 99 1.10.4.4 skrll static int cryptof_ioctl(struct file *, u_long, void*, struct lwp *l); 100 1.10.4.4 skrll static int cryptof_close(struct file *, struct lwp *); 101 1.10.4.2 skrll 102 1.10.4.5 skrll static const struct fileops cryptofops = { 103 1.10.4.2 skrll cryptof_read, 104 1.10.4.2 skrll cryptof_write, 105 1.10.4.2 skrll cryptof_ioctl, 106 1.10.4.5 skrll fnullop_fcntl, 107 1.10.4.5 skrll fnullop_poll, 108 1.10.4.5 skrll fbadop_stat, 109 1.10.4.2 skrll cryptof_close, 110 1.10.4.5 skrll fnullop_kqfilter 111 1.10.4.2 skrll }; 112 1.10.4.2 skrll 113 1.10.4.2 skrll static struct csession *csefind(struct fcrypt *, u_int); 114 1.10.4.2 skrll static int csedelete(struct fcrypt *, struct csession *); 115 1.10.4.2 skrll static struct csession *cseadd(struct fcrypt *, struct csession *); 116 1.10.4.2 skrll static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t, 117 1.10.4.2 skrll caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, 118 1.10.4.2 skrll struct auth_hash *); 119 1.10.4.2 skrll static int csefree(struct csession *); 120 1.10.4.2 skrll 121 1.10.4.4 skrll static int cryptodev_op(struct csession *, struct crypt_op *, struct lwp *); 122 1.10.4.2 skrll static int cryptodev_key(struct crypt_kop *); 123 1.10.4.2 skrll int cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]); 124 1.10.4.2 skrll 125 1.10.4.2 skrll static int cryptodev_cb(void *); 126 1.10.4.2 skrll static int cryptodevkey_cb(void *); 127 1.10.4.2 skrll 128 1.10.4.2 skrll /* 129 1.10.4.2 skrll * sysctl-able control variables for /dev/crypto now defined in crypto.c: 130 1.10.4.2 skrll * crypto_usercrypto, crypto_userasmcrypto, crypto_devallowsoft. 131 1.10.4.2 skrll */ 132 1.10.4.2 skrll 133 1.10.4.2 skrll /* ARGSUSED */ 134 1.10.4.2 skrll int 135 1.10.4.2 skrll cryptof_read(struct file *fp, off_t *poff, struct uio *uio, 136 1.10.4.2 skrll struct ucred *cred, int flags) 137 1.10.4.2 skrll { 138 1.10.4.2 skrll return (EIO); 139 1.10.4.2 skrll } 140 1.10.4.2 skrll 141 1.10.4.2 skrll /* ARGSUSED */ 142 1.10.4.2 skrll int 143 1.10.4.2 skrll cryptof_write(struct file *fp, off_t *poff, struct uio *uio, 144 1.10.4.2 skrll struct ucred *cred, int flags) 145 1.10.4.2 skrll { 146 1.10.4.2 skrll return (EIO); 147 1.10.4.2 skrll } 148 1.10.4.2 skrll 149 1.10.4.2 skrll /* ARGSUSED */ 150 1.10.4.2 skrll int 151 1.10.4.4 skrll cryptof_ioctl(struct file *fp, u_long cmd, void* data, struct lwp *l) 152 1.10.4.2 skrll { 153 1.10.4.2 skrll struct cryptoini cria, crie; 154 1.10.4.2 skrll struct fcrypt *fcr = (struct fcrypt *)fp->f_data; 155 1.10.4.2 skrll struct csession *cse; 156 1.10.4.2 skrll struct session_op *sop; 157 1.10.4.2 skrll struct crypt_op *cop; 158 1.10.4.2 skrll struct enc_xform *txform = NULL; 159 1.10.4.2 skrll struct auth_hash *thash = NULL; 160 1.10.4.2 skrll u_int64_t sid; 161 1.10.4.2 skrll u_int32_t ses; 162 1.10.4.2 skrll int error = 0; 163 1.10.4.2 skrll 164 1.10.4.2 skrll switch (cmd) { 165 1.10.4.2 skrll case CIOCGSESSION: 166 1.10.4.2 skrll sop = (struct session_op *)data; 167 1.10.4.2 skrll switch (sop->cipher) { 168 1.10.4.2 skrll case 0: 169 1.10.4.2 skrll break; 170 1.10.4.2 skrll case CRYPTO_DES_CBC: 171 1.10.4.2 skrll txform = &enc_xform_des; 172 1.10.4.2 skrll break; 173 1.10.4.2 skrll case CRYPTO_3DES_CBC: 174 1.10.4.2 skrll txform = &enc_xform_3des; 175 1.10.4.2 skrll break; 176 1.10.4.2 skrll case CRYPTO_BLF_CBC: 177 1.10.4.2 skrll txform = &enc_xform_blf; 178 1.10.4.2 skrll break; 179 1.10.4.2 skrll case CRYPTO_CAST_CBC: 180 1.10.4.2 skrll txform = &enc_xform_cast5; 181 1.10.4.2 skrll break; 182 1.10.4.2 skrll case CRYPTO_SKIPJACK_CBC: 183 1.10.4.2 skrll txform = &enc_xform_skipjack; 184 1.10.4.2 skrll break; 185 1.10.4.2 skrll case CRYPTO_AES_CBC: 186 1.10.4.2 skrll txform = &enc_xform_rijndael128; 187 1.10.4.2 skrll break; 188 1.10.4.2 skrll case CRYPTO_NULL_CBC: 189 1.10.4.2 skrll txform = &enc_xform_null; 190 1.10.4.2 skrll break; 191 1.10.4.2 skrll case CRYPTO_ARC4: 192 1.10.4.2 skrll txform = &enc_xform_arc4; 193 1.10.4.2 skrll break; 194 1.10.4.2 skrll default: 195 1.10.4.2 skrll return (EINVAL); 196 1.10.4.2 skrll } 197 1.10.4.2 skrll 198 1.10.4.2 skrll switch (sop->mac) { 199 1.10.4.2 skrll case 0: 200 1.10.4.2 skrll break; 201 1.10.4.2 skrll case CRYPTO_MD5_HMAC: 202 1.10.4.2 skrll thash = &auth_hash_hmac_md5_96; 203 1.10.4.2 skrll break; 204 1.10.4.2 skrll case CRYPTO_SHA1_HMAC: 205 1.10.4.2 skrll thash = &auth_hash_hmac_sha1_96; 206 1.10.4.2 skrll break; 207 1.10.4.2 skrll case CRYPTO_SHA2_HMAC: 208 1.10.4.2 skrll if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize) 209 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_256; 210 1.10.4.2 skrll else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize) 211 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_384; 212 1.10.4.2 skrll else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize) 213 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_512; 214 1.10.4.2 skrll else 215 1.10.4.2 skrll return (EINVAL); 216 1.10.4.2 skrll break; 217 1.10.4.2 skrll case CRYPTO_RIPEMD160_HMAC: 218 1.10.4.2 skrll thash = &auth_hash_hmac_ripemd_160_96; 219 1.10.4.2 skrll break; 220 1.10.4.2 skrll case CRYPTO_MD5: 221 1.10.4.2 skrll thash = &auth_hash_md5; 222 1.10.4.2 skrll break; 223 1.10.4.2 skrll case CRYPTO_SHA1: 224 1.10.4.2 skrll thash = &auth_hash_sha1; 225 1.10.4.2 skrll break; 226 1.10.4.2 skrll case CRYPTO_NULL_HMAC: 227 1.10.4.2 skrll thash = &auth_hash_null; 228 1.10.4.2 skrll break; 229 1.10.4.2 skrll default: 230 1.10.4.2 skrll return (EINVAL); 231 1.10.4.2 skrll } 232 1.10.4.2 skrll 233 1.10.4.2 skrll bzero(&crie, sizeof(crie)); 234 1.10.4.2 skrll bzero(&cria, sizeof(cria)); 235 1.10.4.2 skrll 236 1.10.4.2 skrll if (txform) { 237 1.10.4.2 skrll crie.cri_alg = txform->type; 238 1.10.4.2 skrll crie.cri_klen = sop->keylen * 8; 239 1.10.4.2 skrll if (sop->keylen > txform->maxkey || 240 1.10.4.2 skrll sop->keylen < txform->minkey) { 241 1.10.4.2 skrll error = EINVAL; 242 1.10.4.2 skrll goto bail; 243 1.10.4.2 skrll } 244 1.10.4.2 skrll 245 1.10.4.2 skrll MALLOC(crie.cri_key, u_int8_t *, 246 1.10.4.2 skrll crie.cri_klen / 8, M_XDATA, M_WAITOK); 247 1.10.4.2 skrll if ((error = copyin(sop->key, crie.cri_key, 248 1.10.4.2 skrll crie.cri_klen / 8))) 249 1.10.4.2 skrll goto bail; 250 1.10.4.2 skrll if (thash) 251 1.10.4.2 skrll crie.cri_next = &cria; 252 1.10.4.2 skrll } 253 1.10.4.2 skrll 254 1.10.4.2 skrll if (thash) { 255 1.10.4.2 skrll cria.cri_alg = thash->type; 256 1.10.4.2 skrll cria.cri_klen = sop->mackeylen * 8; 257 1.10.4.2 skrll if (sop->mackeylen != thash->keysize) { 258 1.10.4.2 skrll error = EINVAL; 259 1.10.4.2 skrll goto bail; 260 1.10.4.2 skrll } 261 1.10.4.2 skrll 262 1.10.4.2 skrll if (cria.cri_klen) { 263 1.10.4.2 skrll MALLOC(cria.cri_key, u_int8_t *, 264 1.10.4.2 skrll cria.cri_klen / 8, M_XDATA, M_WAITOK); 265 1.10.4.2 skrll if ((error = copyin(sop->mackey, cria.cri_key, 266 1.10.4.2 skrll cria.cri_klen / 8))) 267 1.10.4.2 skrll goto bail; 268 1.10.4.2 skrll } 269 1.10.4.2 skrll } 270 1.10.4.2 skrll 271 1.10.4.2 skrll error = crypto_newsession(&sid, (txform ? &crie : &cria), 272 1.10.4.2 skrll crypto_devallowsoft); 273 1.10.4.2 skrll if (error) { 274 1.10.4.2 skrll #ifdef CRYPTO_DEBUG 275 1.10.4.2 skrll printf("SIOCSESSION violates kernel parameters\n"); 276 1.10.4.2 skrll #endif 277 1.10.4.2 skrll goto bail; 278 1.10.4.2 skrll } 279 1.10.4.2 skrll 280 1.10.4.2 skrll cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, 281 1.10.4.2 skrll cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, 282 1.10.4.2 skrll thash); 283 1.10.4.2 skrll 284 1.10.4.2 skrll if (cse == NULL) { 285 1.10.4.2 skrll crypto_freesession(sid); 286 1.10.4.2 skrll error = EINVAL; 287 1.10.4.2 skrll goto bail; 288 1.10.4.2 skrll } 289 1.10.4.2 skrll sop->ses = cse->ses; 290 1.10.4.2 skrll 291 1.10.4.2 skrll bail: 292 1.10.4.2 skrll if (error) { 293 1.10.4.2 skrll if (crie.cri_key) 294 1.10.4.2 skrll FREE(crie.cri_key, M_XDATA); 295 1.10.4.2 skrll if (cria.cri_key) 296 1.10.4.2 skrll FREE(cria.cri_key, M_XDATA); 297 1.10.4.2 skrll } 298 1.10.4.2 skrll break; 299 1.10.4.2 skrll case CIOCFSESSION: 300 1.10.4.2 skrll ses = *(u_int32_t *)data; 301 1.10.4.2 skrll cse = csefind(fcr, ses); 302 1.10.4.2 skrll if (cse == NULL) 303 1.10.4.2 skrll return (EINVAL); 304 1.10.4.2 skrll csedelete(fcr, cse); 305 1.10.4.2 skrll error = csefree(cse); 306 1.10.4.2 skrll break; 307 1.10.4.2 skrll case CIOCCRYPT: 308 1.10.4.2 skrll cop = (struct crypt_op *)data; 309 1.10.4.2 skrll cse = csefind(fcr, cop->ses); 310 1.10.4.2 skrll if (cse == NULL) 311 1.10.4.2 skrll return (EINVAL); 312 1.10.4.4 skrll error = cryptodev_op(cse, cop, l); 313 1.10.4.2 skrll break; 314 1.10.4.2 skrll case CIOCKEY: 315 1.10.4.2 skrll error = cryptodev_key((struct crypt_kop *)data); 316 1.10.4.2 skrll break; 317 1.10.4.2 skrll case CIOCASYMFEAT: 318 1.10.4.2 skrll error = crypto_getfeat((int *)data); 319 1.10.4.2 skrll break; 320 1.10.4.2 skrll default: 321 1.10.4.2 skrll error = EINVAL; 322 1.10.4.2 skrll } 323 1.10.4.2 skrll return (error); 324 1.10.4.2 skrll } 325 1.10.4.2 skrll 326 1.10.4.2 skrll static int 327 1.10.4.4 skrll cryptodev_op(struct csession *cse, struct crypt_op *cop, struct lwp *l) 328 1.10.4.2 skrll { 329 1.10.4.2 skrll struct cryptop *crp = NULL; 330 1.10.4.2 skrll struct cryptodesc *crde = NULL, *crda = NULL; 331 1.10.4.2 skrll int i, error, s; 332 1.10.4.2 skrll 333 1.10.4.2 skrll if (cop->len > 256*1024-4) 334 1.10.4.2 skrll return (E2BIG); 335 1.10.4.2 skrll 336 1.10.4.2 skrll if (cse->txform && (cop->len % cse->txform->blocksize) != 0) 337 1.10.4.2 skrll return (EINVAL); 338 1.10.4.2 skrll 339 1.10.4.2 skrll bzero(&cse->uio, sizeof(cse->uio)); 340 1.10.4.2 skrll cse->uio.uio_iovcnt = 1; 341 1.10.4.2 skrll cse->uio.uio_resid = 0; 342 1.10.4.2 skrll cse->uio.uio_segflg = UIO_SYSSPACE; 343 1.10.4.2 skrll cse->uio.uio_rw = UIO_WRITE; 344 1.10.4.4 skrll cse->uio.uio_lwp = NULL; 345 1.10.4.2 skrll cse->uio.uio_iov = cse->iovec; 346 1.10.4.2 skrll bzero(&cse->iovec, sizeof(cse->iovec)); 347 1.10.4.2 skrll cse->uio.uio_iov[0].iov_len = cop->len; 348 1.10.4.2 skrll cse->uio.uio_iov[0].iov_base = malloc(cop->len, M_XDATA, M_WAITOK); 349 1.10.4.2 skrll for (i = 0; i < cse->uio.uio_iovcnt; i++) 350 1.10.4.2 skrll cse->uio.uio_resid += cse->uio.uio_iov[0].iov_len; 351 1.10.4.2 skrll 352 1.10.4.2 skrll crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); 353 1.10.4.2 skrll if (crp == NULL) { 354 1.10.4.2 skrll error = ENOMEM; 355 1.10.4.2 skrll goto bail; 356 1.10.4.2 skrll } 357 1.10.4.2 skrll 358 1.10.4.2 skrll if (cse->thash) { 359 1.10.4.2 skrll crda = crp->crp_desc; 360 1.10.4.2 skrll if (cse->txform) 361 1.10.4.2 skrll crde = crda->crd_next; 362 1.10.4.2 skrll } else { 363 1.10.4.2 skrll if (cse->txform) 364 1.10.4.2 skrll crde = crp->crp_desc; 365 1.10.4.2 skrll else { 366 1.10.4.2 skrll error = EINVAL; 367 1.10.4.2 skrll goto bail; 368 1.10.4.2 skrll } 369 1.10.4.2 skrll } 370 1.10.4.2 skrll 371 1.10.4.2 skrll if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len))) 372 1.10.4.2 skrll goto bail; 373 1.10.4.2 skrll 374 1.10.4.2 skrll if (crda) { 375 1.10.4.2 skrll crda->crd_skip = 0; 376 1.10.4.2 skrll crda->crd_len = cop->len; 377 1.10.4.2 skrll crda->crd_inject = 0; /* ??? */ 378 1.10.4.2 skrll 379 1.10.4.2 skrll crda->crd_alg = cse->mac; 380 1.10.4.2 skrll crda->crd_key = cse->mackey; 381 1.10.4.2 skrll crda->crd_klen = cse->mackeylen * 8; 382 1.10.4.2 skrll } 383 1.10.4.2 skrll 384 1.10.4.2 skrll if (crde) { 385 1.10.4.2 skrll if (cop->op == COP_ENCRYPT) 386 1.10.4.2 skrll crde->crd_flags |= CRD_F_ENCRYPT; 387 1.10.4.2 skrll else 388 1.10.4.2 skrll crde->crd_flags &= ~CRD_F_ENCRYPT; 389 1.10.4.2 skrll crde->crd_len = cop->len; 390 1.10.4.2 skrll crde->crd_inject = 0; 391 1.10.4.2 skrll 392 1.10.4.2 skrll crde->crd_alg = cse->cipher; 393 1.10.4.2 skrll crde->crd_key = cse->key; 394 1.10.4.2 skrll crde->crd_klen = cse->keylen * 8; 395 1.10.4.2 skrll } 396 1.10.4.2 skrll 397 1.10.4.2 skrll crp->crp_ilen = cop->len; 398 1.10.4.2 skrll crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 399 1.10.4.2 skrll | (cop->flags & COP_F_BATCH); 400 1.10.4.2 skrll crp->crp_buf = (caddr_t)&cse->uio; 401 1.10.4.2 skrll crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb; 402 1.10.4.2 skrll crp->crp_sid = cse->sid; 403 1.10.4.2 skrll crp->crp_opaque = (void *)cse; 404 1.10.4.2 skrll 405 1.10.4.2 skrll if (cop->iv) { 406 1.10.4.2 skrll if (crde == NULL) { 407 1.10.4.2 skrll error = EINVAL; 408 1.10.4.2 skrll goto bail; 409 1.10.4.2 skrll } 410 1.10.4.2 skrll if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 411 1.10.4.2 skrll error = EINVAL; 412 1.10.4.2 skrll goto bail; 413 1.10.4.2 skrll } 414 1.10.4.2 skrll if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize))) 415 1.10.4.2 skrll goto bail; 416 1.10.4.2 skrll bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize); 417 1.10.4.2 skrll crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 418 1.10.4.2 skrll crde->crd_skip = 0; 419 1.10.4.2 skrll } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 420 1.10.4.2 skrll crde->crd_skip = 0; 421 1.10.4.2 skrll } else if (crde) { 422 1.10.4.2 skrll crde->crd_flags |= CRD_F_IV_PRESENT; 423 1.10.4.2 skrll crde->crd_skip = cse->txform->blocksize; 424 1.10.4.2 skrll crde->crd_len -= cse->txform->blocksize; 425 1.10.4.2 skrll } 426 1.10.4.2 skrll 427 1.10.4.2 skrll if (cop->mac) { 428 1.10.4.2 skrll if (crda == NULL) { 429 1.10.4.2 skrll error = EINVAL; 430 1.10.4.2 skrll goto bail; 431 1.10.4.2 skrll } 432 1.10.4.2 skrll crp->crp_mac=cse->tmp_mac; 433 1.10.4.2 skrll } 434 1.10.4.2 skrll 435 1.10.4.2 skrll s = splcrypto(); /* NB: only needed with CRYPTO_F_CBIMM */ 436 1.10.4.2 skrll error = crypto_dispatch(crp); 437 1.10.4.2 skrll if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0) 438 1.10.4.2 skrll error = tsleep(crp, PSOCK, "crydev", 0); 439 1.10.4.2 skrll splx(s); 440 1.10.4.2 skrll if (error) { 441 1.10.4.2 skrll goto bail; 442 1.10.4.2 skrll } 443 1.10.4.2 skrll 444 1.10.4.2 skrll if (crp->crp_etype != 0) { 445 1.10.4.2 skrll error = crp->crp_etype; 446 1.10.4.2 skrll goto bail; 447 1.10.4.2 skrll } 448 1.10.4.2 skrll 449 1.10.4.2 skrll if (cse->error) { 450 1.10.4.2 skrll error = cse->error; 451 1.10.4.2 skrll goto bail; 452 1.10.4.2 skrll } 453 1.10.4.2 skrll 454 1.10.4.2 skrll if (cop->dst && 455 1.10.4.2 skrll (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len))) 456 1.10.4.2 skrll goto bail; 457 1.10.4.2 skrll 458 1.10.4.2 skrll if (cop->mac && 459 1.10.4.2 skrll (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) 460 1.10.4.2 skrll goto bail; 461 1.10.4.2 skrll 462 1.10.4.2 skrll bail: 463 1.10.4.2 skrll if (crp) 464 1.10.4.2 skrll crypto_freereq(crp); 465 1.10.4.2 skrll if (cse->uio.uio_iov[0].iov_base) 466 1.10.4.2 skrll free(cse->uio.uio_iov[0].iov_base, M_XDATA); 467 1.10.4.2 skrll 468 1.10.4.2 skrll return (error); 469 1.10.4.2 skrll } 470 1.10.4.2 skrll 471 1.10.4.2 skrll static int 472 1.10.4.2 skrll cryptodev_cb(void *op) 473 1.10.4.2 skrll { 474 1.10.4.2 skrll struct cryptop *crp = (struct cryptop *) op; 475 1.10.4.2 skrll struct csession *cse = (struct csession *)crp->crp_opaque; 476 1.10.4.2 skrll 477 1.10.4.2 skrll cse->error = crp->crp_etype; 478 1.10.4.2 skrll if (crp->crp_etype == EAGAIN) 479 1.10.4.2 skrll return crypto_dispatch(crp); 480 1.10.4.2 skrll wakeup_one(crp); 481 1.10.4.2 skrll return (0); 482 1.10.4.2 skrll } 483 1.10.4.2 skrll 484 1.10.4.2 skrll static int 485 1.10.4.2 skrll cryptodevkey_cb(void *op) 486 1.10.4.2 skrll { 487 1.10.4.2 skrll struct cryptkop *krp = (struct cryptkop *) op; 488 1.10.4.2 skrll 489 1.10.4.2 skrll wakeup_one(krp); 490 1.10.4.2 skrll return (0); 491 1.10.4.2 skrll } 492 1.10.4.2 skrll 493 1.10.4.2 skrll static int 494 1.10.4.2 skrll cryptodev_key(struct crypt_kop *kop) 495 1.10.4.2 skrll { 496 1.10.4.2 skrll struct cryptkop *krp = NULL; 497 1.10.4.2 skrll int error = EINVAL; 498 1.10.4.2 skrll int in, out, size, i; 499 1.10.4.2 skrll 500 1.10.4.2 skrll if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 501 1.10.4.2 skrll return (EFBIG); 502 1.10.4.2 skrll } 503 1.10.4.2 skrll 504 1.10.4.2 skrll in = kop->crk_iparams; 505 1.10.4.2 skrll out = kop->crk_oparams; 506 1.10.4.2 skrll switch (kop->crk_op) { 507 1.10.4.2 skrll case CRK_MOD_EXP: 508 1.10.4.2 skrll if (in == 3 && out == 1) 509 1.10.4.2 skrll break; 510 1.10.4.2 skrll return (EINVAL); 511 1.10.4.2 skrll case CRK_MOD_EXP_CRT: 512 1.10.4.2 skrll if (in == 6 && out == 1) 513 1.10.4.2 skrll break; 514 1.10.4.2 skrll return (EINVAL); 515 1.10.4.2 skrll case CRK_DSA_SIGN: 516 1.10.4.2 skrll if (in == 5 && out == 2) 517 1.10.4.2 skrll break; 518 1.10.4.2 skrll return (EINVAL); 519 1.10.4.2 skrll case CRK_DSA_VERIFY: 520 1.10.4.2 skrll if (in == 7 && out == 0) 521 1.10.4.2 skrll break; 522 1.10.4.2 skrll return (EINVAL); 523 1.10.4.2 skrll case CRK_DH_COMPUTE_KEY: 524 1.10.4.2 skrll if (in == 3 && out == 1) 525 1.10.4.2 skrll break; 526 1.10.4.2 skrll return (EINVAL); 527 1.10.4.2 skrll default: 528 1.10.4.2 skrll return (EINVAL); 529 1.10.4.2 skrll } 530 1.10.4.2 skrll 531 1.10.4.2 skrll krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK); 532 1.10.4.2 skrll if (!krp) 533 1.10.4.2 skrll return (ENOMEM); 534 1.10.4.2 skrll bzero(krp, sizeof *krp); 535 1.10.4.2 skrll krp->krp_op = kop->crk_op; 536 1.10.4.2 skrll krp->krp_status = kop->crk_status; 537 1.10.4.2 skrll krp->krp_iparams = kop->crk_iparams; 538 1.10.4.2 skrll krp->krp_oparams = kop->crk_oparams; 539 1.10.4.2 skrll krp->krp_status = 0; 540 1.10.4.2 skrll krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; 541 1.10.4.2 skrll 542 1.10.4.2 skrll for (i = 0; i < CRK_MAXPARAM; i++) 543 1.10.4.2 skrll krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 544 1.10.4.2 skrll for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 545 1.10.4.2 skrll size = (krp->krp_param[i].crp_nbits + 7) / 8; 546 1.10.4.2 skrll if (size == 0) 547 1.10.4.2 skrll continue; 548 1.10.4.2 skrll MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK); 549 1.10.4.2 skrll if (i >= krp->krp_iparams) 550 1.10.4.2 skrll continue; 551 1.10.4.2 skrll error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 552 1.10.4.2 skrll if (error) 553 1.10.4.2 skrll goto fail; 554 1.10.4.2 skrll } 555 1.10.4.2 skrll 556 1.10.4.2 skrll error = crypto_kdispatch(krp); 557 1.10.4.2 skrll if (error == 0) 558 1.10.4.2 skrll error = tsleep(krp, PSOCK, "crydev", 0); 559 1.10.4.2 skrll if (error) 560 1.10.4.2 skrll goto fail; 561 1.10.4.2 skrll 562 1.10.4.2 skrll if (krp->krp_status != 0) { 563 1.10.4.2 skrll error = krp->krp_status; 564 1.10.4.2 skrll goto fail; 565 1.10.4.2 skrll } 566 1.10.4.2 skrll 567 1.10.4.2 skrll for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 568 1.10.4.2 skrll size = (krp->krp_param[i].crp_nbits + 7) / 8; 569 1.10.4.2 skrll if (size == 0) 570 1.10.4.2 skrll continue; 571 1.10.4.2 skrll error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 572 1.10.4.2 skrll if (error) 573 1.10.4.2 skrll goto fail; 574 1.10.4.2 skrll } 575 1.10.4.2 skrll 576 1.10.4.2 skrll fail: 577 1.10.4.2 skrll if (krp) { 578 1.10.4.2 skrll kop->crk_status = krp->krp_status; 579 1.10.4.2 skrll for (i = 0; i < CRK_MAXPARAM; i++) { 580 1.10.4.2 skrll if (krp->krp_param[i].crp_p) 581 1.10.4.2 skrll FREE(krp->krp_param[i].crp_p, M_XDATA); 582 1.10.4.2 skrll } 583 1.10.4.2 skrll free(krp, M_XDATA); 584 1.10.4.2 skrll } 585 1.10.4.2 skrll return (error); 586 1.10.4.2 skrll } 587 1.10.4.2 skrll 588 1.10.4.2 skrll /* ARGSUSED */ 589 1.10.4.2 skrll static int 590 1.10.4.4 skrll cryptof_close(struct file *fp, struct lwp *l) 591 1.10.4.2 skrll { 592 1.10.4.2 skrll struct fcrypt *fcr = (struct fcrypt *)fp->f_data; 593 1.10.4.2 skrll struct csession *cse; 594 1.10.4.2 skrll 595 1.10.4.2 skrll while ((cse = TAILQ_FIRST(&fcr->csessions))) { 596 1.10.4.2 skrll TAILQ_REMOVE(&fcr->csessions, cse, next); 597 1.10.4.2 skrll (void)csefree(cse); 598 1.10.4.2 skrll } 599 1.10.4.2 skrll FREE(fcr, M_XDATA); 600 1.10.4.2 skrll 601 1.10.4.2 skrll /* close() stolen from sys/kern/kern_ktrace.c */ 602 1.10.4.2 skrll 603 1.10.4.2 skrll fp->f_data = NULL; 604 1.10.4.2 skrll #if 0 605 1.10.4.6 skrll FILE_UNUSE(fp, l); /* release file */ 606 1.10.4.6 skrll fdrelease(l, fd); /* release fd table slot */ 607 1.10.4.2 skrll #endif 608 1.10.4.2 skrll 609 1.10.4.2 skrll return 0; 610 1.10.4.2 skrll } 611 1.10.4.2 skrll 612 1.10.4.2 skrll static struct csession * 613 1.10.4.2 skrll csefind(struct fcrypt *fcr, u_int ses) 614 1.10.4.2 skrll { 615 1.10.4.2 skrll struct csession *cse; 616 1.10.4.2 skrll 617 1.10.4.2 skrll TAILQ_FOREACH(cse, &fcr->csessions, next) 618 1.10.4.2 skrll if (cse->ses == ses) 619 1.10.4.2 skrll return (cse); 620 1.10.4.2 skrll return (NULL); 621 1.10.4.2 skrll } 622 1.10.4.2 skrll 623 1.10.4.2 skrll static int 624 1.10.4.2 skrll csedelete(struct fcrypt *fcr, struct csession *cse_del) 625 1.10.4.2 skrll { 626 1.10.4.2 skrll struct csession *cse; 627 1.10.4.2 skrll 628 1.10.4.2 skrll TAILQ_FOREACH(cse, &fcr->csessions, next) { 629 1.10.4.2 skrll if (cse == cse_del) { 630 1.10.4.2 skrll TAILQ_REMOVE(&fcr->csessions, cse, next); 631 1.10.4.2 skrll return (1); 632 1.10.4.2 skrll } 633 1.10.4.2 skrll } 634 1.10.4.2 skrll return (0); 635 1.10.4.2 skrll } 636 1.10.4.2 skrll 637 1.10.4.2 skrll static struct csession * 638 1.10.4.2 skrll cseadd(struct fcrypt *fcr, struct csession *cse) 639 1.10.4.2 skrll { 640 1.10.4.2 skrll TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 641 1.10.4.2 skrll cse->ses = fcr->sesn++; 642 1.10.4.2 skrll return (cse); 643 1.10.4.2 skrll } 644 1.10.4.2 skrll 645 1.10.4.2 skrll static struct csession * 646 1.10.4.2 skrll csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, 647 1.10.4.2 skrll caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, 648 1.10.4.2 skrll struct enc_xform *txform, struct auth_hash *thash) 649 1.10.4.2 skrll { 650 1.10.4.2 skrll struct csession *cse; 651 1.10.4.2 skrll 652 1.10.4.2 skrll MALLOC(cse, struct csession *, sizeof(struct csession), 653 1.10.4.2 skrll M_XDATA, M_NOWAIT); 654 1.10.4.2 skrll if (cse == NULL) 655 1.10.4.2 skrll return NULL; 656 1.10.4.2 skrll cse->key = key; 657 1.10.4.2 skrll cse->keylen = keylen/8; 658 1.10.4.2 skrll cse->mackey = mackey; 659 1.10.4.2 skrll cse->mackeylen = mackeylen/8; 660 1.10.4.2 skrll cse->sid = sid; 661 1.10.4.2 skrll cse->cipher = cipher; 662 1.10.4.2 skrll cse->mac = mac; 663 1.10.4.2 skrll cse->txform = txform; 664 1.10.4.2 skrll cse->thash = thash; 665 1.10.4.2 skrll cseadd(fcr, cse); 666 1.10.4.2 skrll return (cse); 667 1.10.4.2 skrll } 668 1.10.4.2 skrll 669 1.10.4.2 skrll static int 670 1.10.4.2 skrll csefree(struct csession *cse) 671 1.10.4.2 skrll { 672 1.10.4.2 skrll int error; 673 1.10.4.2 skrll 674 1.10.4.2 skrll error = crypto_freesession(cse->sid); 675 1.10.4.2 skrll if (cse->key) 676 1.10.4.2 skrll FREE(cse->key, M_XDATA); 677 1.10.4.2 skrll if (cse->mackey) 678 1.10.4.2 skrll FREE(cse->mackey, M_XDATA); 679 1.10.4.2 skrll FREE(cse, M_XDATA); 680 1.10.4.2 skrll return (error); 681 1.10.4.2 skrll } 682 1.10.4.2 skrll 683 1.10.4.2 skrll static int 684 1.10.4.4 skrll cryptoopen(dev_t dev, int flag, int mode, struct lwp *l) 685 1.10.4.2 skrll { 686 1.10.4.2 skrll if (crypto_usercrypto == 0) 687 1.10.4.2 skrll return (ENXIO); 688 1.10.4.2 skrll return (0); 689 1.10.4.2 skrll } 690 1.10.4.2 skrll 691 1.10.4.2 skrll static int 692 1.10.4.2 skrll cryptoread(dev_t dev, struct uio *uio, int ioflag) 693 1.10.4.2 skrll { 694 1.10.4.2 skrll return (EIO); 695 1.10.4.2 skrll } 696 1.10.4.2 skrll 697 1.10.4.2 skrll static int 698 1.10.4.2 skrll cryptowrite(dev_t dev, struct uio *uio, int ioflag) 699 1.10.4.2 skrll { 700 1.10.4.2 skrll return (EIO); 701 1.10.4.2 skrll } 702 1.10.4.2 skrll 703 1.10.4.2 skrll static int 704 1.10.4.4 skrll cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l) 705 1.10.4.2 skrll { 706 1.10.4.2 skrll struct file *f; 707 1.10.4.2 skrll struct fcrypt *fcr; 708 1.10.4.2 skrll int fd, error; 709 1.10.4.2 skrll 710 1.10.4.2 skrll switch (cmd) { 711 1.10.4.2 skrll case CRIOGET: 712 1.10.4.2 skrll MALLOC(fcr, struct fcrypt *, 713 1.10.4.2 skrll sizeof(struct fcrypt), M_XDATA, M_WAITOK); 714 1.10.4.2 skrll TAILQ_INIT(&fcr->csessions); 715 1.10.4.2 skrll fcr->sesn = 0; 716 1.10.4.2 skrll 717 1.10.4.4 skrll error = falloc(l->l_proc, &f, &fd); 718 1.10.4.2 skrll if (error) { 719 1.10.4.2 skrll FREE(fcr, M_XDATA); 720 1.10.4.2 skrll return (error); 721 1.10.4.2 skrll } 722 1.10.4.2 skrll f->f_flag = FREAD | FWRITE; 723 1.10.4.2 skrll f->f_type = DTYPE_CRYPTO; 724 1.10.4.2 skrll f->f_ops = &cryptofops; 725 1.10.4.2 skrll f->f_data = (caddr_t) fcr; 726 1.10.4.2 skrll *(u_int32_t *)data = fd; 727 1.10.4.2 skrll FILE_SET_MATURE(f); 728 1.10.4.4 skrll FILE_UNUSE(f, l); 729 1.10.4.2 skrll break; 730 1.10.4.2 skrll default: 731 1.10.4.2 skrll error = EINVAL; 732 1.10.4.2 skrll break; 733 1.10.4.2 skrll } 734 1.10.4.2 skrll return (error); 735 1.10.4.2 skrll } 736 1.10.4.2 skrll 737 1.10.4.2 skrll int 738 1.10.4.4 skrll cryptoselect(dev_t dev, int rw, struct lwp *l) 739 1.10.4.2 skrll { 740 1.10.4.2 skrll return (0); 741 1.10.4.2 skrll } 742 1.10.4.2 skrll 743 1.10.4.2 skrll /*static*/ 744 1.10.4.2 skrll struct cdevsw crypto_cdevsw = { 745 1.10.4.2 skrll /* open */ cryptoopen, 746 1.10.4.2 skrll /* close */ nullclose, 747 1.10.4.2 skrll /* read */ cryptoread, 748 1.10.4.2 skrll /* write */ cryptowrite, 749 1.10.4.2 skrll /* ioctl */ cryptoioctl, 750 1.10.4.2 skrll /* ttstop?*/ nostop, 751 1.10.4.2 skrll /* ??*/ notty, 752 1.10.4.2 skrll /* poll */ cryptoselect /*nopoll*/, 753 1.10.4.2 skrll /* mmap */ nommap, 754 1.10.4.2 skrll /* kqfilter */ nokqfilter, 755 1.10.4.2 skrll }; 756 1.10.4.2 skrll 757
Indexes created Thu Oct 02 14:10:14 GMT 2025