cryptodev.c revision 1.10.4.8
1 1.10.4.8 christos /* $NetBSD: cryptodev.c,v 1.10.4.8 2005/12/11 10:29:36 christos Exp $ */ 2 1.10.4.2 skrll /* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */ 3 1.10.4.2 skrll /* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */ 4 1.10.4.2 skrll 5 1.10.4.2 skrll /* 6 1.10.4.2 skrll * Copyright (c) 2001 Theo de Raadt 7 1.10.4.2 skrll * 8 1.10.4.2 skrll * Redistribution and use in source and binary forms, with or without 9 1.10.4.2 skrll * modification, are permitted provided that the following conditions 10 1.10.4.2 skrll * are met: 11 1.10.4.2 skrll * 12 1.10.4.2 skrll * 1. Redistributions of source code must retain the above copyright 13 1.10.4.2 skrll * notice, this list of conditions and the following disclaimer. 14 1.10.4.2 skrll * 2. Redistributions in binary form must reproduce the above copyright 15 1.10.4.2 skrll * notice, this list of conditions and the following disclaimer in the 16 1.10.4.2 skrll * documentation and/or other materials provided with the distribution. 17 1.10.4.2 skrll * 3. The name of the author may not be used to endorse or promote products 18 1.10.4.2 skrll * derived from this software without specific prior written permission. 19 1.10.4.2 skrll * 20 1.10.4.2 skrll * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 1.10.4.2 skrll * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 1.10.4.2 skrll * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 1.10.4.2 skrll * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 1.10.4.2 skrll * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 1.10.4.2 skrll * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 1.10.4.2 skrll * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 1.10.4.2 skrll * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 1.10.4.2 skrll * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 1.10.4.2 skrll * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 1.10.4.2 skrll * 31 1.10.4.2 skrll * Effort sponsored in part by the Defense Advanced Research Projects 32 1.10.4.2 skrll * Agency (DARPA) and Air Force Research Laboratory, Air Force 33 1.10.4.2 skrll * Materiel Command, USAF, under agreement number F30602-01-2-0537. 34 1.10.4.2 skrll * 35 1.10.4.2 skrll */ 36 1.10.4.2 skrll 37 1.10.4.2 skrll #include <sys/cdefs.h> 38 1.10.4.8 christos __KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.10.4.8 2005/12/11 10:29:36 christos Exp $"); 39 1.10.4.2 skrll 40 1.10.4.2 skrll #include <sys/param.h> 41 1.10.4.2 skrll #include <sys/systm.h> 42 1.10.4.2 skrll #include <sys/malloc.h> 43 1.10.4.2 skrll #include <sys/mbuf.h> 44 1.10.4.2 skrll #include <sys/sysctl.h> 45 1.10.4.2 skrll #include <sys/file.h> 46 1.10.4.2 skrll #include <sys/filedesc.h> 47 1.10.4.2 skrll #include <sys/errno.h> 48 1.10.4.2 skrll #include <sys/md5.h> 49 1.10.4.2 skrll #include <sys/sha1.h> 50 1.10.4.2 skrll #include <sys/conf.h> 51 1.10.4.2 skrll #include <sys/device.h> 52 1.10.4.2 skrll 53 1.10.4.2 skrll #include <opencrypto/cryptodev.h> 54 1.10.4.2 skrll #include <opencrypto/xform.h> 55 1.10.4.2 skrll 56 1.10.4.2 skrll #ifdef __NetBSD__ 57 1.10.4.2 skrll #define splcrypto splnet 58 1.10.4.2 skrll #endif 59 1.10.4.2 skrll 60 1.10.4.2 skrll struct csession { 61 1.10.4.2 skrll TAILQ_ENTRY(csession) next; 62 1.10.4.2 skrll u_int64_t sid; 63 1.10.4.2 skrll u_int32_t ses; 64 1.10.4.2 skrll 65 1.10.4.2 skrll u_int32_t cipher; 66 1.10.4.2 skrll struct enc_xform *txform; 67 1.10.4.2 skrll u_int32_t mac; 68 1.10.4.2 skrll struct auth_hash *thash; 69 1.10.4.2 skrll 70 1.10.4.2 skrll caddr_t key; 71 1.10.4.2 skrll int keylen; 72 1.10.4.2 skrll u_char tmp_iv[EALG_MAX_BLOCK_LEN]; 73 1.10.4.2 skrll 74 1.10.4.2 skrll caddr_t mackey; 75 1.10.4.2 skrll int mackeylen; 76 1.10.4.2 skrll u_char tmp_mac[CRYPTO_MAX_MAC_LEN]; 77 1.10.4.2 skrll 78 1.10.4.2 skrll struct iovec iovec[IOV_MAX]; 79 1.10.4.2 skrll struct uio uio; 80 1.10.4.2 skrll int error; 81 1.10.4.2 skrll }; 82 1.10.4.2 skrll 83 1.10.4.2 skrll struct fcrypt { 84 1.10.4.2 skrll TAILQ_HEAD(csessionlist, csession) csessions; 85 1.10.4.2 skrll int sesn; 86 1.10.4.2 skrll }; 87 1.10.4.2 skrll 88 1.10.4.2 skrll 89 1.10.4.2 skrll /* Declaration of master device (fd-cloning/ctxt-allocating) entrypoints */ 90 1.10.4.4 skrll static int cryptoopen(dev_t dev, int flag, int mode, struct lwp *l); 91 1.10.4.2 skrll static int cryptoread(dev_t dev, struct uio *uio, int ioflag); 92 1.10.4.2 skrll static int cryptowrite(dev_t dev, struct uio *uio, int ioflag); 93 1.10.4.4 skrll static int cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l); 94 1.10.4.4 skrll static int cryptoselect(dev_t dev, int rw, struct lwp *l); 95 1.10.4.2 skrll 96 1.10.4.2 skrll /* Declaration of cloned-device (per-ctxt) entrypoints */ 97 1.10.4.2 skrll static int cryptof_read(struct file *, off_t *, struct uio *, struct ucred *, int); 98 1.10.4.2 skrll static int cryptof_write(struct file *, off_t *, struct uio *, struct ucred *, int); 99 1.10.4.4 skrll static int cryptof_ioctl(struct file *, u_long, void*, struct lwp *l); 100 1.10.4.4 skrll static int cryptof_close(struct file *, struct lwp *); 101 1.10.4.2 skrll 102 1.10.4.5 skrll static const struct fileops cryptofops = { 103 1.10.4.2 skrll cryptof_read, 104 1.10.4.2 skrll cryptof_write, 105 1.10.4.2 skrll cryptof_ioctl, 106 1.10.4.5 skrll fnullop_fcntl, 107 1.10.4.5 skrll fnullop_poll, 108 1.10.4.5 skrll fbadop_stat, 109 1.10.4.2 skrll cryptof_close, 110 1.10.4.5 skrll fnullop_kqfilter 111 1.10.4.2 skrll }; 112 1.10.4.2 skrll 113 1.10.4.2 skrll static struct csession *csefind(struct fcrypt *, u_int); 114 1.10.4.2 skrll static int csedelete(struct fcrypt *, struct csession *); 115 1.10.4.2 skrll static struct csession *cseadd(struct fcrypt *, struct csession *); 116 1.10.4.2 skrll static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t, 117 1.10.4.2 skrll caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, 118 1.10.4.2 skrll struct auth_hash *); 119 1.10.4.2 skrll static int csefree(struct csession *); 120 1.10.4.2 skrll 121 1.10.4.4 skrll static int cryptodev_op(struct csession *, struct crypt_op *, struct lwp *); 122 1.10.4.2 skrll static int cryptodev_key(struct crypt_kop *); 123 1.10.4.2 skrll int cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]); 124 1.10.4.2 skrll 125 1.10.4.2 skrll static int cryptodev_cb(void *); 126 1.10.4.2 skrll static int cryptodevkey_cb(void *); 127 1.10.4.2 skrll 128 1.10.4.2 skrll /* 129 1.10.4.2 skrll * sysctl-able control variables for /dev/crypto now defined in crypto.c: 130 1.10.4.2 skrll * crypto_usercrypto, crypto_userasmcrypto, crypto_devallowsoft. 131 1.10.4.2 skrll */ 132 1.10.4.2 skrll 133 1.10.4.2 skrll /* ARGSUSED */ 134 1.10.4.2 skrll int 135 1.10.4.2 skrll cryptof_read(struct file *fp, off_t *poff, struct uio *uio, 136 1.10.4.2 skrll struct ucred *cred, int flags) 137 1.10.4.2 skrll { 138 1.10.4.2 skrll return (EIO); 139 1.10.4.2 skrll } 140 1.10.4.2 skrll 141 1.10.4.2 skrll /* ARGSUSED */ 142 1.10.4.2 skrll int 143 1.10.4.2 skrll cryptof_write(struct file *fp, off_t *poff, struct uio *uio, 144 1.10.4.2 skrll struct ucred *cred, int flags) 145 1.10.4.2 skrll { 146 1.10.4.2 skrll return (EIO); 147 1.10.4.2 skrll } 148 1.10.4.2 skrll 149 1.10.4.2 skrll /* ARGSUSED */ 150 1.10.4.2 skrll int 151 1.10.4.4 skrll cryptof_ioctl(struct file *fp, u_long cmd, void* data, struct lwp *l) 152 1.10.4.2 skrll { 153 1.10.4.2 skrll struct cryptoini cria, crie; 154 1.10.4.2 skrll struct fcrypt *fcr = (struct fcrypt *)fp->f_data; 155 1.10.4.2 skrll struct csession *cse; 156 1.10.4.2 skrll struct session_op *sop; 157 1.10.4.2 skrll struct crypt_op *cop; 158 1.10.4.2 skrll struct enc_xform *txform = NULL; 159 1.10.4.2 skrll struct auth_hash *thash = NULL; 160 1.10.4.2 skrll u_int64_t sid; 161 1.10.4.2 skrll u_int32_t ses; 162 1.10.4.2 skrll int error = 0; 163 1.10.4.2 skrll 164 1.10.4.2 skrll switch (cmd) { 165 1.10.4.2 skrll case CIOCGSESSION: 166 1.10.4.2 skrll sop = (struct session_op *)data; 167 1.10.4.2 skrll switch (sop->cipher) { 168 1.10.4.2 skrll case 0: 169 1.10.4.2 skrll break; 170 1.10.4.2 skrll case CRYPTO_DES_CBC: 171 1.10.4.2 skrll txform = &enc_xform_des; 172 1.10.4.2 skrll break; 173 1.10.4.2 skrll case CRYPTO_3DES_CBC: 174 1.10.4.2 skrll txform = &enc_xform_3des; 175 1.10.4.2 skrll break; 176 1.10.4.2 skrll case CRYPTO_BLF_CBC: 177 1.10.4.2 skrll txform = &enc_xform_blf; 178 1.10.4.2 skrll break; 179 1.10.4.2 skrll case CRYPTO_CAST_CBC: 180 1.10.4.2 skrll txform = &enc_xform_cast5; 181 1.10.4.2 skrll break; 182 1.10.4.2 skrll case CRYPTO_SKIPJACK_CBC: 183 1.10.4.2 skrll txform = &enc_xform_skipjack; 184 1.10.4.2 skrll break; 185 1.10.4.2 skrll case CRYPTO_AES_CBC: 186 1.10.4.2 skrll txform = &enc_xform_rijndael128; 187 1.10.4.2 skrll break; 188 1.10.4.2 skrll case CRYPTO_NULL_CBC: 189 1.10.4.2 skrll txform = &enc_xform_null; 190 1.10.4.2 skrll break; 191 1.10.4.2 skrll case CRYPTO_ARC4: 192 1.10.4.2 skrll txform = &enc_xform_arc4; 193 1.10.4.2 skrll break; 194 1.10.4.2 skrll default: 195 1.10.4.2 skrll return (EINVAL); 196 1.10.4.2 skrll } 197 1.10.4.2 skrll 198 1.10.4.2 skrll switch (sop->mac) { 199 1.10.4.2 skrll case 0: 200 1.10.4.2 skrll break; 201 1.10.4.2 skrll case CRYPTO_MD5_HMAC: 202 1.10.4.2 skrll thash = &auth_hash_hmac_md5_96; 203 1.10.4.2 skrll break; 204 1.10.4.2 skrll case CRYPTO_SHA1_HMAC: 205 1.10.4.2 skrll thash = &auth_hash_hmac_sha1_96; 206 1.10.4.2 skrll break; 207 1.10.4.2 skrll case CRYPTO_SHA2_HMAC: 208 1.10.4.2 skrll if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize) 209 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_256; 210 1.10.4.2 skrll else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize) 211 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_384; 212 1.10.4.2 skrll else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize) 213 1.10.4.2 skrll thash = &auth_hash_hmac_sha2_512; 214 1.10.4.2 skrll else 215 1.10.4.2 skrll return (EINVAL); 216 1.10.4.2 skrll break; 217 1.10.4.2 skrll case CRYPTO_RIPEMD160_HMAC: 218 1.10.4.2 skrll thash = &auth_hash_hmac_ripemd_160_96; 219 1.10.4.2 skrll break; 220 1.10.4.2 skrll case CRYPTO_MD5: 221 1.10.4.2 skrll thash = &auth_hash_md5; 222 1.10.4.2 skrll break; 223 1.10.4.2 skrll case CRYPTO_SHA1: 224 1.10.4.2 skrll thash = &auth_hash_sha1; 225 1.10.4.2 skrll break; 226 1.10.4.2 skrll case CRYPTO_NULL_HMAC: 227 1.10.4.2 skrll thash = &auth_hash_null; 228 1.10.4.2 skrll break; 229 1.10.4.2 skrll default: 230 1.10.4.2 skrll return (EINVAL); 231 1.10.4.2 skrll } 232 1.10.4.2 skrll 233 1.10.4.2 skrll bzero(&crie, sizeof(crie)); 234 1.10.4.2 skrll bzero(&cria, sizeof(cria)); 235 1.10.4.2 skrll 236 1.10.4.2 skrll if (txform) { 237 1.10.4.2 skrll crie.cri_alg = txform->type; 238 1.10.4.2 skrll crie.cri_klen = sop->keylen * 8; 239 1.10.4.2 skrll if (sop->keylen > txform->maxkey || 240 1.10.4.2 skrll sop->keylen < txform->minkey) { 241 1.10.4.2 skrll error = EINVAL; 242 1.10.4.2 skrll goto bail; 243 1.10.4.2 skrll } 244 1.10.4.2 skrll 245 1.10.4.2 skrll MALLOC(crie.cri_key, u_int8_t *, 246 1.10.4.2 skrll crie.cri_klen / 8, M_XDATA, M_WAITOK); 247 1.10.4.2 skrll if ((error = copyin(sop->key, crie.cri_key, 248 1.10.4.2 skrll crie.cri_klen / 8))) 249 1.10.4.2 skrll goto bail; 250 1.10.4.2 skrll if (thash) 251 1.10.4.2 skrll crie.cri_next = &cria; 252 1.10.4.2 skrll } 253 1.10.4.2 skrll 254 1.10.4.2 skrll if (thash) { 255 1.10.4.2 skrll cria.cri_alg = thash->type; 256 1.10.4.2 skrll cria.cri_klen = sop->mackeylen * 8; 257 1.10.4.2 skrll if (sop->mackeylen != thash->keysize) { 258 1.10.4.2 skrll error = EINVAL; 259 1.10.4.2 skrll goto bail; 260 1.10.4.2 skrll } 261 1.10.4.2 skrll 262 1.10.4.2 skrll if (cria.cri_klen) { 263 1.10.4.2 skrll MALLOC(cria.cri_key, u_int8_t *, 264 1.10.4.2 skrll cria.cri_klen / 8, M_XDATA, M_WAITOK); 265 1.10.4.2 skrll if ((error = copyin(sop->mackey, cria.cri_key, 266 1.10.4.2 skrll cria.cri_klen / 8))) 267 1.10.4.2 skrll goto bail; 268 1.10.4.2 skrll } 269 1.10.4.2 skrll } 270 1.10.4.2 skrll 271 1.10.4.2 skrll error = crypto_newsession(&sid, (txform ? &crie : &cria), 272 1.10.4.2 skrll crypto_devallowsoft); 273 1.10.4.2 skrll if (error) { 274 1.10.4.2 skrll #ifdef CRYPTO_DEBUG 275 1.10.4.2 skrll printf("SIOCSESSION violates kernel parameters\n"); 276 1.10.4.2 skrll #endif 277 1.10.4.2 skrll goto bail; 278 1.10.4.2 skrll } 279 1.10.4.2 skrll 280 1.10.4.2 skrll cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, 281 1.10.4.2 skrll cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, 282 1.10.4.2 skrll thash); 283 1.10.4.2 skrll 284 1.10.4.2 skrll if (cse == NULL) { 285 1.10.4.2 skrll crypto_freesession(sid); 286 1.10.4.2 skrll error = EINVAL; 287 1.10.4.2 skrll goto bail; 288 1.10.4.2 skrll } 289 1.10.4.2 skrll sop->ses = cse->ses; 290 1.10.4.2 skrll 291 1.10.4.2 skrll bail: 292 1.10.4.2 skrll if (error) { 293 1.10.4.2 skrll if (crie.cri_key) 294 1.10.4.2 skrll FREE(crie.cri_key, M_XDATA); 295 1.10.4.2 skrll if (cria.cri_key) 296 1.10.4.2 skrll FREE(cria.cri_key, M_XDATA); 297 1.10.4.2 skrll } 298 1.10.4.2 skrll break; 299 1.10.4.2 skrll case CIOCFSESSION: 300 1.10.4.2 skrll ses = *(u_int32_t *)data; 301 1.10.4.2 skrll cse = csefind(fcr, ses); 302 1.10.4.2 skrll if (cse == NULL) 303 1.10.4.2 skrll return (EINVAL); 304 1.10.4.2 skrll csedelete(fcr, cse); 305 1.10.4.2 skrll error = csefree(cse); 306 1.10.4.2 skrll break; 307 1.10.4.2 skrll case CIOCCRYPT: 308 1.10.4.2 skrll cop = (struct crypt_op *)data; 309 1.10.4.2 skrll cse = csefind(fcr, cop->ses); 310 1.10.4.2 skrll if (cse == NULL) 311 1.10.4.2 skrll return (EINVAL); 312 1.10.4.4 skrll error = cryptodev_op(cse, cop, l); 313 1.10.4.2 skrll break; 314 1.10.4.2 skrll case CIOCKEY: 315 1.10.4.2 skrll error = cryptodev_key((struct crypt_kop *)data); 316 1.10.4.2 skrll break; 317 1.10.4.2 skrll case CIOCASYMFEAT: 318 1.10.4.2 skrll error = crypto_getfeat((int *)data); 319 1.10.4.2 skrll break; 320 1.10.4.2 skrll default: 321 1.10.4.2 skrll error = EINVAL; 322 1.10.4.2 skrll } 323 1.10.4.2 skrll return (error); 324 1.10.4.2 skrll } 325 1.10.4.2 skrll 326 1.10.4.2 skrll static int 327 1.10.4.4 skrll cryptodev_op(struct csession *cse, struct crypt_op *cop, struct lwp *l) 328 1.10.4.2 skrll { 329 1.10.4.2 skrll struct cryptop *crp = NULL; 330 1.10.4.2 skrll struct cryptodesc *crde = NULL, *crda = NULL; 331 1.10.4.2 skrll int i, error, s; 332 1.10.4.2 skrll 333 1.10.4.2 skrll if (cop->len > 256*1024-4) 334 1.10.4.2 skrll return (E2BIG); 335 1.10.4.2 skrll 336 1.10.4.7 skrll if (cse->txform) { 337 1.10.4.7 skrll if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) 338 1.10.4.7 skrll return (EINVAL); 339 1.10.4.7 skrll } 340 1.10.4.2 skrll 341 1.10.4.2 skrll bzero(&cse->uio, sizeof(cse->uio)); 342 1.10.4.2 skrll cse->uio.uio_iovcnt = 1; 343 1.10.4.2 skrll cse->uio.uio_resid = 0; 344 1.10.4.2 skrll cse->uio.uio_segflg = UIO_SYSSPACE; 345 1.10.4.2 skrll cse->uio.uio_rw = UIO_WRITE; 346 1.10.4.4 skrll cse->uio.uio_lwp = NULL; 347 1.10.4.2 skrll cse->uio.uio_iov = cse->iovec; 348 1.10.4.2 skrll bzero(&cse->iovec, sizeof(cse->iovec)); 349 1.10.4.2 skrll cse->uio.uio_iov[0].iov_len = cop->len; 350 1.10.4.2 skrll cse->uio.uio_iov[0].iov_base = malloc(cop->len, M_XDATA, M_WAITOK); 351 1.10.4.2 skrll for (i = 0; i < cse->uio.uio_iovcnt; i++) 352 1.10.4.2 skrll cse->uio.uio_resid += cse->uio.uio_iov[0].iov_len; 353 1.10.4.2 skrll 354 1.10.4.2 skrll crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); 355 1.10.4.2 skrll if (crp == NULL) { 356 1.10.4.2 skrll error = ENOMEM; 357 1.10.4.2 skrll goto bail; 358 1.10.4.2 skrll } 359 1.10.4.2 skrll 360 1.10.4.2 skrll if (cse->thash) { 361 1.10.4.2 skrll crda = crp->crp_desc; 362 1.10.4.2 skrll if (cse->txform) 363 1.10.4.2 skrll crde = crda->crd_next; 364 1.10.4.2 skrll } else { 365 1.10.4.2 skrll if (cse->txform) 366 1.10.4.2 skrll crde = crp->crp_desc; 367 1.10.4.2 skrll else { 368 1.10.4.2 skrll error = EINVAL; 369 1.10.4.2 skrll goto bail; 370 1.10.4.2 skrll } 371 1.10.4.2 skrll } 372 1.10.4.2 skrll 373 1.10.4.2 skrll if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len))) 374 1.10.4.2 skrll goto bail; 375 1.10.4.2 skrll 376 1.10.4.2 skrll if (crda) { 377 1.10.4.2 skrll crda->crd_skip = 0; 378 1.10.4.2 skrll crda->crd_len = cop->len; 379 1.10.4.2 skrll crda->crd_inject = 0; /* ??? */ 380 1.10.4.2 skrll 381 1.10.4.2 skrll crda->crd_alg = cse->mac; 382 1.10.4.2 skrll crda->crd_key = cse->mackey; 383 1.10.4.2 skrll crda->crd_klen = cse->mackeylen * 8; 384 1.10.4.2 skrll } 385 1.10.4.2 skrll 386 1.10.4.2 skrll if (crde) { 387 1.10.4.2 skrll if (cop->op == COP_ENCRYPT) 388 1.10.4.2 skrll crde->crd_flags |= CRD_F_ENCRYPT; 389 1.10.4.2 skrll else 390 1.10.4.2 skrll crde->crd_flags &= ~CRD_F_ENCRYPT; 391 1.10.4.2 skrll crde->crd_len = cop->len; 392 1.10.4.2 skrll crde->crd_inject = 0; 393 1.10.4.2 skrll 394 1.10.4.2 skrll crde->crd_alg = cse->cipher; 395 1.10.4.2 skrll crde->crd_key = cse->key; 396 1.10.4.2 skrll crde->crd_klen = cse->keylen * 8; 397 1.10.4.2 skrll } 398 1.10.4.2 skrll 399 1.10.4.2 skrll crp->crp_ilen = cop->len; 400 1.10.4.2 skrll crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 401 1.10.4.2 skrll | (cop->flags & COP_F_BATCH); 402 1.10.4.2 skrll crp->crp_buf = (caddr_t)&cse->uio; 403 1.10.4.2 skrll crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb; 404 1.10.4.2 skrll crp->crp_sid = cse->sid; 405 1.10.4.2 skrll crp->crp_opaque = (void *)cse; 406 1.10.4.2 skrll 407 1.10.4.2 skrll if (cop->iv) { 408 1.10.4.2 skrll if (crde == NULL) { 409 1.10.4.2 skrll error = EINVAL; 410 1.10.4.2 skrll goto bail; 411 1.10.4.2 skrll } 412 1.10.4.2 skrll if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 413 1.10.4.2 skrll error = EINVAL; 414 1.10.4.2 skrll goto bail; 415 1.10.4.2 skrll } 416 1.10.4.2 skrll if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize))) 417 1.10.4.2 skrll goto bail; 418 1.10.4.2 skrll bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize); 419 1.10.4.2 skrll crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 420 1.10.4.2 skrll crde->crd_skip = 0; 421 1.10.4.2 skrll } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 422 1.10.4.2 skrll crde->crd_skip = 0; 423 1.10.4.2 skrll } else if (crde) { 424 1.10.4.2 skrll crde->crd_flags |= CRD_F_IV_PRESENT; 425 1.10.4.2 skrll crde->crd_skip = cse->txform->blocksize; 426 1.10.4.2 skrll crde->crd_len -= cse->txform->blocksize; 427 1.10.4.2 skrll } 428 1.10.4.2 skrll 429 1.10.4.2 skrll if (cop->mac) { 430 1.10.4.2 skrll if (crda == NULL) { 431 1.10.4.2 skrll error = EINVAL; 432 1.10.4.2 skrll goto bail; 433 1.10.4.2 skrll } 434 1.10.4.2 skrll crp->crp_mac=cse->tmp_mac; 435 1.10.4.2 skrll } 436 1.10.4.2 skrll 437 1.10.4.2 skrll s = splcrypto(); /* NB: only needed with CRYPTO_F_CBIMM */ 438 1.10.4.2 skrll error = crypto_dispatch(crp); 439 1.10.4.2 skrll if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0) 440 1.10.4.2 skrll error = tsleep(crp, PSOCK, "crydev", 0); 441 1.10.4.2 skrll splx(s); 442 1.10.4.2 skrll if (error) { 443 1.10.4.2 skrll goto bail; 444 1.10.4.2 skrll } 445 1.10.4.2 skrll 446 1.10.4.2 skrll if (crp->crp_etype != 0) { 447 1.10.4.2 skrll error = crp->crp_etype; 448 1.10.4.2 skrll goto bail; 449 1.10.4.2 skrll } 450 1.10.4.2 skrll 451 1.10.4.2 skrll if (cse->error) { 452 1.10.4.2 skrll error = cse->error; 453 1.10.4.2 skrll goto bail; 454 1.10.4.2 skrll } 455 1.10.4.2 skrll 456 1.10.4.2 skrll if (cop->dst && 457 1.10.4.2 skrll (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len))) 458 1.10.4.2 skrll goto bail; 459 1.10.4.2 skrll 460 1.10.4.2 skrll if (cop->mac && 461 1.10.4.2 skrll (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) 462 1.10.4.2 skrll goto bail; 463 1.10.4.2 skrll 464 1.10.4.2 skrll bail: 465 1.10.4.2 skrll if (crp) 466 1.10.4.2 skrll crypto_freereq(crp); 467 1.10.4.2 skrll if (cse->uio.uio_iov[0].iov_base) 468 1.10.4.2 skrll free(cse->uio.uio_iov[0].iov_base, M_XDATA); 469 1.10.4.2 skrll 470 1.10.4.2 skrll return (error); 471 1.10.4.2 skrll } 472 1.10.4.2 skrll 473 1.10.4.2 skrll static int 474 1.10.4.2 skrll cryptodev_cb(void *op) 475 1.10.4.2 skrll { 476 1.10.4.2 skrll struct cryptop *crp = (struct cryptop *) op; 477 1.10.4.2 skrll struct csession *cse = (struct csession *)crp->crp_opaque; 478 1.10.4.2 skrll 479 1.10.4.2 skrll cse->error = crp->crp_etype; 480 1.10.4.2 skrll if (crp->crp_etype == EAGAIN) 481 1.10.4.2 skrll return crypto_dispatch(crp); 482 1.10.4.2 skrll wakeup_one(crp); 483 1.10.4.2 skrll return (0); 484 1.10.4.2 skrll } 485 1.10.4.2 skrll 486 1.10.4.2 skrll static int 487 1.10.4.2 skrll cryptodevkey_cb(void *op) 488 1.10.4.2 skrll { 489 1.10.4.2 skrll struct cryptkop *krp = (struct cryptkop *) op; 490 1.10.4.2 skrll 491 1.10.4.2 skrll wakeup_one(krp); 492 1.10.4.2 skrll return (0); 493 1.10.4.2 skrll } 494 1.10.4.2 skrll 495 1.10.4.2 skrll static int 496 1.10.4.2 skrll cryptodev_key(struct crypt_kop *kop) 497 1.10.4.2 skrll { 498 1.10.4.2 skrll struct cryptkop *krp = NULL; 499 1.10.4.2 skrll int error = EINVAL; 500 1.10.4.2 skrll int in, out, size, i; 501 1.10.4.2 skrll 502 1.10.4.2 skrll if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 503 1.10.4.2 skrll return (EFBIG); 504 1.10.4.2 skrll } 505 1.10.4.2 skrll 506 1.10.4.2 skrll in = kop->crk_iparams; 507 1.10.4.2 skrll out = kop->crk_oparams; 508 1.10.4.2 skrll switch (kop->crk_op) { 509 1.10.4.2 skrll case CRK_MOD_EXP: 510 1.10.4.2 skrll if (in == 3 && out == 1) 511 1.10.4.2 skrll break; 512 1.10.4.2 skrll return (EINVAL); 513 1.10.4.2 skrll case CRK_MOD_EXP_CRT: 514 1.10.4.2 skrll if (in == 6 && out == 1) 515 1.10.4.2 skrll break; 516 1.10.4.2 skrll return (EINVAL); 517 1.10.4.2 skrll case CRK_DSA_SIGN: 518 1.10.4.2 skrll if (in == 5 && out == 2) 519 1.10.4.2 skrll break; 520 1.10.4.2 skrll return (EINVAL); 521 1.10.4.2 skrll case CRK_DSA_VERIFY: 522 1.10.4.2 skrll if (in == 7 && out == 0) 523 1.10.4.2 skrll break; 524 1.10.4.2 skrll return (EINVAL); 525 1.10.4.2 skrll case CRK_DH_COMPUTE_KEY: 526 1.10.4.2 skrll if (in == 3 && out == 1) 527 1.10.4.2 skrll break; 528 1.10.4.2 skrll return (EINVAL); 529 1.10.4.2 skrll default: 530 1.10.4.2 skrll return (EINVAL); 531 1.10.4.2 skrll } 532 1.10.4.2 skrll 533 1.10.4.2 skrll krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK); 534 1.10.4.2 skrll if (!krp) 535 1.10.4.2 skrll return (ENOMEM); 536 1.10.4.2 skrll bzero(krp, sizeof *krp); 537 1.10.4.2 skrll krp->krp_op = kop->crk_op; 538 1.10.4.2 skrll krp->krp_status = kop->crk_status; 539 1.10.4.2 skrll krp->krp_iparams = kop->crk_iparams; 540 1.10.4.2 skrll krp->krp_oparams = kop->crk_oparams; 541 1.10.4.2 skrll krp->krp_status = 0; 542 1.10.4.2 skrll krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; 543 1.10.4.2 skrll 544 1.10.4.2 skrll for (i = 0; i < CRK_MAXPARAM; i++) 545 1.10.4.2 skrll krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 546 1.10.4.2 skrll for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 547 1.10.4.2 skrll size = (krp->krp_param[i].crp_nbits + 7) / 8; 548 1.10.4.2 skrll if (size == 0) 549 1.10.4.2 skrll continue; 550 1.10.4.2 skrll MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK); 551 1.10.4.2 skrll if (i >= krp->krp_iparams) 552 1.10.4.2 skrll continue; 553 1.10.4.2 skrll error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 554 1.10.4.2 skrll if (error) 555 1.10.4.2 skrll goto fail; 556 1.10.4.2 skrll } 557 1.10.4.2 skrll 558 1.10.4.2 skrll error = crypto_kdispatch(krp); 559 1.10.4.2 skrll if (error == 0) 560 1.10.4.2 skrll error = tsleep(krp, PSOCK, "crydev", 0); 561 1.10.4.2 skrll if (error) 562 1.10.4.2 skrll goto fail; 563 1.10.4.2 skrll 564 1.10.4.2 skrll if (krp->krp_status != 0) { 565 1.10.4.2 skrll error = krp->krp_status; 566 1.10.4.2 skrll goto fail; 567 1.10.4.2 skrll } 568 1.10.4.2 skrll 569 1.10.4.2 skrll for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 570 1.10.4.2 skrll size = (krp->krp_param[i].crp_nbits + 7) / 8; 571 1.10.4.2 skrll if (size == 0) 572 1.10.4.2 skrll continue; 573 1.10.4.2 skrll error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 574 1.10.4.2 skrll if (error) 575 1.10.4.2 skrll goto fail; 576 1.10.4.2 skrll } 577 1.10.4.2 skrll 578 1.10.4.2 skrll fail: 579 1.10.4.2 skrll if (krp) { 580 1.10.4.2 skrll kop->crk_status = krp->krp_status; 581 1.10.4.2 skrll for (i = 0; i < CRK_MAXPARAM; i++) { 582 1.10.4.2 skrll if (krp->krp_param[i].crp_p) 583 1.10.4.2 skrll FREE(krp->krp_param[i].crp_p, M_XDATA); 584 1.10.4.2 skrll } 585 1.10.4.2 skrll free(krp, M_XDATA); 586 1.10.4.2 skrll } 587 1.10.4.2 skrll return (error); 588 1.10.4.2 skrll } 589 1.10.4.2 skrll 590 1.10.4.2 skrll /* ARGSUSED */ 591 1.10.4.2 skrll static int 592 1.10.4.4 skrll cryptof_close(struct file *fp, struct lwp *l) 593 1.10.4.2 skrll { 594 1.10.4.2 skrll struct fcrypt *fcr = (struct fcrypt *)fp->f_data; 595 1.10.4.2 skrll struct csession *cse; 596 1.10.4.2 skrll 597 1.10.4.2 skrll while ((cse = TAILQ_FIRST(&fcr->csessions))) { 598 1.10.4.2 skrll TAILQ_REMOVE(&fcr->csessions, cse, next); 599 1.10.4.2 skrll (void)csefree(cse); 600 1.10.4.2 skrll } 601 1.10.4.2 skrll FREE(fcr, M_XDATA); 602 1.10.4.2 skrll 603 1.10.4.2 skrll /* close() stolen from sys/kern/kern_ktrace.c */ 604 1.10.4.2 skrll 605 1.10.4.2 skrll fp->f_data = NULL; 606 1.10.4.2 skrll #if 0 607 1.10.4.6 skrll FILE_UNUSE(fp, l); /* release file */ 608 1.10.4.6 skrll fdrelease(l, fd); /* release fd table slot */ 609 1.10.4.2 skrll #endif 610 1.10.4.2 skrll 611 1.10.4.2 skrll return 0; 612 1.10.4.2 skrll } 613 1.10.4.2 skrll 614 1.10.4.2 skrll static struct csession * 615 1.10.4.2 skrll csefind(struct fcrypt *fcr, u_int ses) 616 1.10.4.2 skrll { 617 1.10.4.2 skrll struct csession *cse; 618 1.10.4.2 skrll 619 1.10.4.2 skrll TAILQ_FOREACH(cse, &fcr->csessions, next) 620 1.10.4.2 skrll if (cse->ses == ses) 621 1.10.4.2 skrll return (cse); 622 1.10.4.2 skrll return (NULL); 623 1.10.4.2 skrll } 624 1.10.4.2 skrll 625 1.10.4.2 skrll static int 626 1.10.4.2 skrll csedelete(struct fcrypt *fcr, struct csession *cse_del) 627 1.10.4.2 skrll { 628 1.10.4.2 skrll struct csession *cse; 629 1.10.4.2 skrll 630 1.10.4.2 skrll TAILQ_FOREACH(cse, &fcr->csessions, next) { 631 1.10.4.2 skrll if (cse == cse_del) { 632 1.10.4.2 skrll TAILQ_REMOVE(&fcr->csessions, cse, next); 633 1.10.4.2 skrll return (1); 634 1.10.4.2 skrll } 635 1.10.4.2 skrll } 636 1.10.4.2 skrll return (0); 637 1.10.4.2 skrll } 638 1.10.4.2 skrll 639 1.10.4.2 skrll static struct csession * 640 1.10.4.2 skrll cseadd(struct fcrypt *fcr, struct csession *cse) 641 1.10.4.2 skrll { 642 1.10.4.2 skrll TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 643 1.10.4.2 skrll cse->ses = fcr->sesn++; 644 1.10.4.2 skrll return (cse); 645 1.10.4.2 skrll } 646 1.10.4.2 skrll 647 1.10.4.2 skrll static struct csession * 648 1.10.4.2 skrll csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, 649 1.10.4.2 skrll caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, 650 1.10.4.2 skrll struct enc_xform *txform, struct auth_hash *thash) 651 1.10.4.2 skrll { 652 1.10.4.2 skrll struct csession *cse; 653 1.10.4.2 skrll 654 1.10.4.2 skrll MALLOC(cse, struct csession *, sizeof(struct csession), 655 1.10.4.2 skrll M_XDATA, M_NOWAIT); 656 1.10.4.2 skrll if (cse == NULL) 657 1.10.4.2 skrll return NULL; 658 1.10.4.2 skrll cse->key = key; 659 1.10.4.2 skrll cse->keylen = keylen/8; 660 1.10.4.2 skrll cse->mackey = mackey; 661 1.10.4.2 skrll cse->mackeylen = mackeylen/8; 662 1.10.4.2 skrll cse->sid = sid; 663 1.10.4.2 skrll cse->cipher = cipher; 664 1.10.4.2 skrll cse->mac = mac; 665 1.10.4.2 skrll cse->txform = txform; 666 1.10.4.2 skrll cse->thash = thash; 667 1.10.4.2 skrll cseadd(fcr, cse); 668 1.10.4.2 skrll return (cse); 669 1.10.4.2 skrll } 670 1.10.4.2 skrll 671 1.10.4.2 skrll static int 672 1.10.4.2 skrll csefree(struct csession *cse) 673 1.10.4.2 skrll { 674 1.10.4.2 skrll int error; 675 1.10.4.2 skrll 676 1.10.4.2 skrll error = crypto_freesession(cse->sid); 677 1.10.4.2 skrll if (cse->key) 678 1.10.4.2 skrll FREE(cse->key, M_XDATA); 679 1.10.4.2 skrll if (cse->mackey) 680 1.10.4.2 skrll FREE(cse->mackey, M_XDATA); 681 1.10.4.2 skrll FREE(cse, M_XDATA); 682 1.10.4.2 skrll return (error); 683 1.10.4.2 skrll } 684 1.10.4.2 skrll 685 1.10.4.2 skrll static int 686 1.10.4.4 skrll cryptoopen(dev_t dev, int flag, int mode, struct lwp *l) 687 1.10.4.2 skrll { 688 1.10.4.2 skrll if (crypto_usercrypto == 0) 689 1.10.4.2 skrll return (ENXIO); 690 1.10.4.2 skrll return (0); 691 1.10.4.2 skrll } 692 1.10.4.2 skrll 693 1.10.4.2 skrll static int 694 1.10.4.2 skrll cryptoread(dev_t dev, struct uio *uio, int ioflag) 695 1.10.4.2 skrll { 696 1.10.4.2 skrll return (EIO); 697 1.10.4.2 skrll } 698 1.10.4.2 skrll 699 1.10.4.2 skrll static int 700 1.10.4.2 skrll cryptowrite(dev_t dev, struct uio *uio, int ioflag) 701 1.10.4.2 skrll { 702 1.10.4.2 skrll return (EIO); 703 1.10.4.2 skrll } 704 1.10.4.2 skrll 705 1.10.4.2 skrll static int 706 1.10.4.4 skrll cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l) 707 1.10.4.2 skrll { 708 1.10.4.2 skrll struct file *f; 709 1.10.4.2 skrll struct fcrypt *fcr; 710 1.10.4.2 skrll int fd, error; 711 1.10.4.2 skrll 712 1.10.4.2 skrll switch (cmd) { 713 1.10.4.2 skrll case CRIOGET: 714 1.10.4.2 skrll MALLOC(fcr, struct fcrypt *, 715 1.10.4.2 skrll sizeof(struct fcrypt), M_XDATA, M_WAITOK); 716 1.10.4.2 skrll TAILQ_INIT(&fcr->csessions); 717 1.10.4.2 skrll fcr->sesn = 0; 718 1.10.4.2 skrll 719 1.10.4.4 skrll error = falloc(l->l_proc, &f, &fd); 720 1.10.4.2 skrll if (error) { 721 1.10.4.2 skrll FREE(fcr, M_XDATA); 722 1.10.4.2 skrll return (error); 723 1.10.4.2 skrll } 724 1.10.4.2 skrll f->f_flag = FREAD | FWRITE; 725 1.10.4.2 skrll f->f_type = DTYPE_CRYPTO; 726 1.10.4.2 skrll f->f_ops = &cryptofops; 727 1.10.4.2 skrll f->f_data = (caddr_t) fcr; 728 1.10.4.2 skrll *(u_int32_t *)data = fd; 729 1.10.4.2 skrll FILE_SET_MATURE(f); 730 1.10.4.4 skrll FILE_UNUSE(f, l); 731 1.10.4.2 skrll break; 732 1.10.4.2 skrll default: 733 1.10.4.2 skrll error = EINVAL; 734 1.10.4.2 skrll break; 735 1.10.4.2 skrll } 736 1.10.4.2 skrll return (error); 737 1.10.4.2 skrll } 738 1.10.4.2 skrll 739 1.10.4.2 skrll int 740 1.10.4.4 skrll cryptoselect(dev_t dev, int rw, struct lwp *l) 741 1.10.4.2 skrll { 742 1.10.4.2 skrll return (0); 743 1.10.4.2 skrll } 744 1.10.4.2 skrll 745 1.10.4.2 skrll /*static*/ 746 1.10.4.2 skrll struct cdevsw crypto_cdevsw = { 747 1.10.4.2 skrll /* open */ cryptoopen, 748 1.10.4.2 skrll /* close */ nullclose, 749 1.10.4.2 skrll /* read */ cryptoread, 750 1.10.4.2 skrll /* write */ cryptowrite, 751 1.10.4.2 skrll /* ioctl */ cryptoioctl, 752 1.10.4.2 skrll /* ttstop?*/ nostop, 753 1.10.4.2 skrll /* ??*/ notty, 754 1.10.4.2 skrll /* poll */ cryptoselect /*nopoll*/, 755 1.10.4.2 skrll /* mmap */ nommap, 756 1.10.4.2 skrll /* kqfilter */ nokqfilter, 757 1.10.4.2 skrll }; 758 1.10.4.2 skrll 759 1.10.4.8 christos #ifdef __NetBSD__ 760 1.10.4.8 christos /* 761 1.10.4.8 christos * Pseudo-device initialization routine for /dev/crypto 762 1.10.4.8 christos */ 763 1.10.4.8 christos void cryptoattach(int); 764 1.10.4.8 christos 765 1.10.4.8 christos void 766 1.10.4.8 christos cryptoattach(int num) 767 1.10.4.8 christos { 768 1.10.4.8 christos 769 1.10.4.8 christos /* nothing to do */ 770 1.10.4.8 christos } 771 1.10.4.8 christos #endif /* __NetBSD__ */ 772
Indexes created Thu Oct 02 14:10:14 GMT 2025