sys/opencrypto/cryptosoft.c

1.8.4.4  skrll /*	$NetBSD: cryptosoft.c,v 1.8.4.4 2004/09/21 13:38:44 skrll Exp $ */
1.8.4.2  skrll /*	$FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $	*/
1.8.4.2  skrll /*	$OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $	*/
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * The author of this code is Angelos D. Keromytis (angelos (at) cis.upenn.edu)
1.8.4.2  skrll  *
1.8.4.2  skrll  * This code was written by Angelos D. Keromytis in Athens, Greece, in
1.8.4.2  skrll  * February 2000. Network Security Technologies Inc. (NSTI) kindly
1.8.4.2  skrll  * supported the development of this code.
1.8.4.2  skrll  *
1.8.4.2  skrll  * Copyright (c) 2000, 2001 Angelos D. Keromytis
1.8.4.2  skrll  *
1.8.4.2  skrll  * Permission to use, copy, and modify this software with or without fee
1.8.4.2  skrll  * is hereby granted, provided that this entire notice is included in
1.8.4.2  skrll  * all source code copies of any software which is or includes a copy or
1.8.4.2  skrll  * modification of this software.
1.8.4.2  skrll  *
1.8.4.2  skrll  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
1.8.4.2  skrll  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
1.8.4.2  skrll  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
1.8.4.2  skrll  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
1.8.4.2  skrll  * PURPOSE.
1.8.4.2  skrll  */
1.8.4.2  skrll
1.8.4.2  skrll #include <sys/cdefs.h>
1.8.4.4  skrll __KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.8.4.4 2004/09/21 13:38:44 skrll Exp $");
1.8.4.2  skrll
1.8.4.2  skrll #include <sys/param.h>
1.8.4.2  skrll #include <sys/systm.h>
1.8.4.2  skrll #include <sys/malloc.h>
1.8.4.2  skrll #include <sys/mbuf.h>
1.8.4.2  skrll #include <sys/sysctl.h>
1.8.4.2  skrll #include <sys/errno.h>
1.8.4.2  skrll
1.8.4.2  skrll #include <opencrypto/cryptodev.h>
1.8.4.2  skrll #include <opencrypto/cryptosoft.h>
1.8.4.2  skrll #include <opencrypto/xform.h>
1.8.4.2  skrll
1.8.4.2  skrll const u_int8_t hmac_ipad_buffer[64] = {
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
1.8.4.2  skrll 	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
1.8.4.2  skrll };
1.8.4.2  skrll
1.8.4.2  skrll const u_int8_t hmac_opad_buffer[64] = {
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
1.8.4.2  skrll 	0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
1.8.4.2  skrll };
1.8.4.2  skrll
1.8.4.2  skrll
1.8.4.2  skrll struct swcr_data **swcr_sessions = NULL;
1.8.4.2  skrll u_int32_t swcr_sesnum = 0;
1.8.4.2  skrll int32_t swcr_id = -1;
1.8.4.2  skrll
1.8.4.2  skrll #define COPYBACK(x, a, b, c, d) \
1.8.4.2  skrll 	(x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \
1.8.4.2  skrll 	: cuio_copyback((struct uio *)a,b,c,d)
1.8.4.2  skrll #define COPYDATA(x, a, b, c, d) \
1.8.4.2  skrll 	(x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \
1.8.4.2  skrll 	: cuio_copydata((struct uio *)a,b,c,d)
1.8.4.2  skrll
1.8.4.2  skrll static	int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
1.8.4.2  skrll static	int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
1.8.4.2  skrll 			     struct swcr_data *sw, caddr_t buf, int outtype);
1.8.4.2  skrll static	int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
1.8.4.2  skrll static	int swcr_process(void *, struct cryptop *, int);
1.8.4.2  skrll static	int swcr_newsession(void *, u_int32_t *, struct cryptoini *);
1.8.4.2  skrll static	int swcr_freesession(void *, u_int64_t);
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Apply a symmetric encryption/decryption algorithm.
1.8.4.2  skrll  */
1.8.4.2  skrll static int
1.8.4.2  skrll swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
1.8.4.2  skrll     int outtype)
1.8.4.2  skrll {
1.8.4.2  skrll 	unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
1.8.4.2  skrll 	unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN];
1.8.4.2  skrll 	struct enc_xform *exf;
1.8.4.2  skrll 	int i, k, j, blks;
1.8.4.2  skrll 	int count, ind;
1.8.4.2  skrll
1.8.4.2  skrll 	exf = sw->sw_exf;
1.8.4.2  skrll 	blks = exf->blocksize;
1.8.4.2  skrll
1.8.4.2  skrll 	/* Check for non-padded data */
1.8.4.2  skrll 	if (crd->crd_len % blks)
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 	/* Initialize the IV */
1.8.4.2  skrll 	if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 		/* IV explicitly provided ? */
1.8.4.2  skrll 		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
1.8.4.2  skrll 			bcopy(crd->crd_iv, iv, blks);
1.8.4.2  skrll 		else {
1.8.4.2  skrll 			/* Get random IV */
1.8.4.2  skrll 			for (i = 0;
1.8.4.2  skrll 			    i + sizeof (u_int32_t) < EALG_MAX_BLOCK_LEN;
1.8.4.2  skrll 			    i += sizeof (u_int32_t)) {
1.8.4.2  skrll 				u_int32_t temp = arc4random();
1.8.4.2  skrll
1.8.4.2  skrll 				bcopy(&temp, iv + i, sizeof(u_int32_t));
1.8.4.2  skrll 			}
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * What if the block size is not a multiple
1.8.4.2  skrll 			 * of sizeof (u_int32_t), which is the size of
1.8.4.2  skrll 			 * what arc4random() returns ?
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			if (EALG_MAX_BLOCK_LEN % sizeof (u_int32_t) != 0) {
1.8.4.2  skrll 				u_int32_t temp = arc4random();
1.8.4.2  skrll
1.8.4.2  skrll 				bcopy (&temp, iv + i,
1.8.4.2  skrll 				    EALG_MAX_BLOCK_LEN - i);
1.8.4.2  skrll 			}
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		/* Do we need to write the IV */
1.8.4.2  skrll 		if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {
1.8.4.2  skrll 			COPYBACK(outtype, buf, crd->crd_inject, blks, iv);
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 	} else {	/* Decryption */
1.8.4.2  skrll 			/* IV explicitly provided ? */
1.8.4.2  skrll 		if (crd->crd_flags & CRD_F_IV_EXPLICIT)
1.8.4.2  skrll 			bcopy(crd->crd_iv, iv, blks);
1.8.4.2  skrll 		else {
1.8.4.2  skrll 			/* Get IV off buf */
1.8.4.2  skrll 			COPYDATA(outtype, buf, crd->crd_inject, blks, iv);
1.8.4.2  skrll 		}
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	ivp = iv;
1.8.4.2  skrll
1.8.4.2  skrll 	if (outtype == CRYPTO_BUF_CONTIG) {
1.8.4.2  skrll 		if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 			for (i = crd->crd_skip;
1.8.4.2  skrll 			    i < crd->crd_skip + crd->crd_len; i += blks) {
1.8.4.2  skrll 				/* XOR with the IV/previous block, as appropriate. */
1.8.4.2  skrll 				if (i == crd->crd_skip)
1.8.4.2  skrll 					for (k = 0; k < blks; k++)
1.8.4.2  skrll 						buf[i + k] ^= ivp[k];
1.8.4.2  skrll 				else
1.8.4.2  skrll 					for (k = 0; k < blks; k++)
1.8.4.2  skrll 						buf[i + k] ^= buf[i + k - blks];
1.8.4.2  skrll 				exf->encrypt(sw->sw_kschedule, buf + i);
1.8.4.2  skrll 			}
1.8.4.2  skrll 		} else {		/* Decrypt */
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * Start at the end, so we don't need to keep the encrypted
1.8.4.2  skrll 			 * block as the IV for the next block.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			for (i = crd->crd_skip + crd->crd_len - blks;
1.8.4.2  skrll 			    i >= crd->crd_skip; i -= blks) {
1.8.4.2  skrll 				exf->decrypt(sw->sw_kschedule, buf + i);
1.8.4.2  skrll
1.8.4.2  skrll 				/* XOR with the IV/previous block, as appropriate */
1.8.4.2  skrll 				if (i == crd->crd_skip)
1.8.4.2  skrll 					for (k = 0; k < blks; k++)
1.8.4.2  skrll 						buf[i + k] ^= ivp[k];
1.8.4.2  skrll 				else
1.8.4.2  skrll 					for (k = 0; k < blks; k++)
1.8.4.2  skrll 						buf[i + k] ^= buf[i + k - blks];
1.8.4.2  skrll 			}
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		return 0;
1.8.4.2  skrll 	} else if (outtype == CRYPTO_BUF_MBUF) {
1.8.4.2  skrll 		struct mbuf *m = (struct mbuf *) buf;
1.8.4.2  skrll
1.8.4.2  skrll 		/* Find beginning of data */
1.8.4.2  skrll 		m = m_getptr(m, crd->crd_skip, &k);
1.8.4.2  skrll 		if (m == NULL)
1.8.4.2  skrll 			return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 		i = crd->crd_len;
1.8.4.2  skrll
1.8.4.2  skrll 		while (i > 0) {
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * If there's insufficient data at the end of
1.8.4.2  skrll 			 * an mbuf, we have to do some copying.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			if (m->m_len < k + blks && m->m_len != k) {
1.8.4.2  skrll 				m_copydata(m, k, blks, blk);
1.8.4.2  skrll
1.8.4.2  skrll 				/* Actual encryption/decryption */
1.8.4.2  skrll 				if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 					/* XOR with previous block */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						blk[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					exf->encrypt(sw->sw_kschedule, blk);
1.8.4.2  skrll
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block for XOR'ing
1.8.4.2  skrll 					 * with next block
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					bcopy(blk, iv, blks);
1.8.4.2  skrll 					ivp = iv;
1.8.4.2  skrll 				} else {	/* decrypt */
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block for XOR'ing
1.8.4.2  skrll 					 * with next block
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(blk, piv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						bcopy(blk, iv, blks);
1.8.4.2  skrll
1.8.4.2  skrll 					exf->decrypt(sw->sw_kschedule, blk);
1.8.4.2  skrll
1.8.4.2  skrll 					/* XOR with previous block */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						blk[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(piv, iv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						ivp = iv;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				/* Copy back decrypted block */
1.8.4.2  skrll 				m_copyback(m, k, blks, blk);
1.8.4.2  skrll
1.8.4.2  skrll 				/* Advance pointer */
1.8.4.2  skrll 				m = m_getptr(m, k + blks, &k);
1.8.4.2  skrll 				if (m == NULL)
1.8.4.2  skrll 					return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 				i -= blks;
1.8.4.2  skrll
1.8.4.2  skrll 				/* Could be done... */
1.8.4.2  skrll 				if (i == 0)
1.8.4.2  skrll 					break;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			/* Skip possibly empty mbufs */
1.8.4.2  skrll 			if (k == m->m_len) {
1.8.4.2  skrll 				for (m = m->m_next; m && m->m_len == 0;
1.8.4.2  skrll 				    m = m->m_next)
1.8.4.2  skrll 					;
1.8.4.2  skrll 				k = 0;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			/* Sanity check */
1.8.4.2  skrll 			if (m == NULL)
1.8.4.2  skrll 				return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * Warning: idat may point to garbage here, but
1.8.4.2  skrll 			 * we only use it in the while() loop, only if
1.8.4.2  skrll 			 * there are indeed enough data.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			idat = mtod(m, unsigned char *) + k;
1.8.4.2  skrll
1.8.4.2  skrll 			while (m->m_len >= k + blks && i > 0) {
1.8.4.2  skrll 				if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 					/* XOR with previous block/IV */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						idat[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					exf->encrypt(sw->sw_kschedule, idat);
1.8.4.2  skrll 					ivp = idat;
1.8.4.2  skrll 				} else {	/* decrypt */
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block to be used
1.8.4.2  skrll 					 * in next block's processing.
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(idat, piv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						bcopy(idat, iv, blks);
1.8.4.2  skrll
1.8.4.2  skrll 					exf->decrypt(sw->sw_kschedule, idat);
1.8.4.2  skrll
1.8.4.2  skrll 					/* XOR with previous block/IV */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						idat[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(piv, iv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						ivp = iv;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				idat += blks;
1.8.4.2  skrll 				k += blks;
1.8.4.2  skrll 				i -= blks;
1.8.4.2  skrll 			}
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		return 0; /* Done with mbuf encryption/decryption */
1.8.4.2  skrll 	} else if (outtype == CRYPTO_BUF_IOV) {
1.8.4.2  skrll 		struct uio *uio = (struct uio *) buf;
1.8.4.2  skrll
1.8.4.2  skrll #ifdef __FreeBSD__
1.8.4.2  skrll 		struct iovec *iov;
1.8.4.2  skrll 		/* Find beginning of data */
1.8.4.2  skrll 		iov = cuio_getptr(uio, crd->crd_skip, &k);
1.8.4.2  skrll 		if (iov == NULL)
1.8.4.2  skrll 			return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 		i = crd->crd_len;
1.8.4.2  skrll
1.8.4.2  skrll 		while (i > 0) {
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * If there's insufficient data at the end of
1.8.4.2  skrll 			 * an iovec, we have to do some copying.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			if (iov->iov_len < k + blks && iov->iov_len != k) {
1.8.4.2  skrll 				cuio_copydata(uio, k, blks, blk);
1.8.4.2  skrll
1.8.4.2  skrll 				/* Actual encryption/decryption */
1.8.4.2  skrll 				if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 					/* XOR with previous block */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						blk[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					exf->encrypt(sw->sw_kschedule, blk);
1.8.4.2  skrll
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block for XOR'ing
1.8.4.2  skrll 					 * with next block
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					bcopy(blk, iv, blks);
1.8.4.2  skrll 					ivp = iv;
1.8.4.2  skrll 				} else {	/* decrypt */
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block for XOR'ing
1.8.4.2  skrll 					 * with next block
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(blk, piv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						bcopy(blk, iv, blks);
1.8.4.2  skrll
1.8.4.2  skrll 					exf->decrypt(sw->sw_kschedule, blk);
1.8.4.2  skrll
1.8.4.2  skrll 					/* XOR with previous block */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						blk[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(piv, iv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						ivp = iv;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				/* Copy back decrypted block */
1.8.4.2  skrll 				cuio_copyback(uio, k, blks, blk);
1.8.4.2  skrll
1.8.4.2  skrll 				/* Advance pointer */
1.8.4.2  skrll 				iov = cuio_getptr(uio, k + blks, &k);
1.8.4.2  skrll 				if (iov == NULL)
1.8.4.2  skrll 					return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 				i -= blks;
1.8.4.2  skrll
1.8.4.2  skrll 				/* Could be done... */
1.8.4.2  skrll 				if (i == 0)
1.8.4.2  skrll 					break;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * Warning: idat may point to garbage here, but
1.8.4.2  skrll 			 * we only use it in the while() loop, only if
1.8.4.2  skrll 			 * there are indeed enough data.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			idat = (char *)iov->iov_base + k;
1.8.4.2  skrll
1.8.4.2  skrll 	   		while (iov->iov_len >= k + blks && i > 0) {
1.8.4.2  skrll 				if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 					/* XOR with previous block/IV */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						idat[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					exf->encrypt(sw->sw_kschedule, idat);
1.8.4.2  skrll 					ivp = idat;
1.8.4.2  skrll 				} else {	/* decrypt */
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block to be used
1.8.4.2  skrll 					 * in next block's processing.
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(idat, piv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						bcopy(idat, iv, blks);
1.8.4.2  skrll
1.8.4.2  skrll 					exf->decrypt(sw->sw_kschedule, idat);
1.8.4.2  skrll
1.8.4.2  skrll 					/* XOR with previous block/IV */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						idat[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(piv, iv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						ivp = iv;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				idat += blks;
1.8.4.2  skrll 				k += blks;
1.8.4.2  skrll 				i -= blks;
1.8.4.2  skrll 			}
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		return 0; /* Done with mbuf encryption/decryption */
1.8.4.2  skrll #else  /* !freebsd iov */
1.8.4.2  skrll 		/* Find beginning of data */
1.8.4.2  skrll 		count = crd->crd_skip;
1.8.4.2  skrll 		ind = cuio_getptr(uio, count, &k);
1.8.4.2  skrll 		if (ind == -1)
1.8.4.2  skrll 			return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 		i = crd->crd_len;
1.8.4.2  skrll
1.8.4.2  skrll 		while (i > 0) {
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * If there's insufficient data at the end,
1.8.4.2  skrll 			 * we have to do some copying.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			if (uio->uio_iov[ind].iov_len < k + blks &&
1.8.4.2  skrll 			    uio->uio_iov[ind].iov_len != k) {
1.8.4.2  skrll 				cuio_copydata(uio, k, blks, blk);
1.8.4.2  skrll
1.8.4.2  skrll 				/* Actual encryption/decryption */
1.8.4.2  skrll 				if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 					/* XOR with previous block */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						blk[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					exf->encrypt(sw->sw_kschedule, blk);
1.8.4.2  skrll
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block for XOR'ing
1.8.4.2  skrll 					 * with next block
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					bcopy(blk, iv, blks);
1.8.4.2  skrll 					ivp = iv;
1.8.4.2  skrll 				} else {	/* decrypt */
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block for XOR'ing
1.8.4.2  skrll 					 * with next block
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(blk, piv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						bcopy(blk, iv, blks);
1.8.4.2  skrll
1.8.4.2  skrll 					exf->decrypt(sw->sw_kschedule, blk);
1.8.4.2  skrll
1.8.4.2  skrll 					/* XOR with previous block */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						blk[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(piv, iv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						ivp = iv;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				/* Copy back decrypted block */
1.8.4.2  skrll 				cuio_copyback(uio, k, blks, blk);
1.8.4.2  skrll
1.8.4.2  skrll 				count += blks;
1.8.4.2  skrll
1.8.4.2  skrll 				/* Advance pointer */
1.8.4.2  skrll 				ind = cuio_getptr(uio, count, &k);
1.8.4.2  skrll 				if (ind == -1)
1.8.4.2  skrll 					return (EINVAL);
1.8.4.2  skrll
1.8.4.2  skrll 				i -= blks;
1.8.4.2  skrll
1.8.4.2  skrll 				/* Could be done... */
1.8.4.2  skrll 				if (i == 0)
1.8.4.2  skrll 					break;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			/*
1.8.4.2  skrll 			 * Warning: idat may point to garbage here, but
1.8.4.2  skrll 			 * we only use it in the while() loop, only if
1.8.4.2  skrll 			 * there are indeed enough data.
1.8.4.2  skrll 			 */
1.8.4.2  skrll 			idat = ((caddr_t)uio->uio_iov[ind].iov_base) + k;
1.8.4.2  skrll
1.8.4.2  skrll 			while (uio->uio_iov[ind].iov_len >= k + blks &&
1.8.4.2  skrll 			    i > 0) {
1.8.4.2  skrll 				if (crd->crd_flags & CRD_F_ENCRYPT) {
1.8.4.2  skrll 					/* XOR with previous block/IV */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						idat[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					exf->encrypt(sw->sw_kschedule, idat);
1.8.4.2  skrll 					ivp = idat;
1.8.4.2  skrll 				} else {	/* decrypt */
1.8.4.2  skrll 					/*
1.8.4.2  skrll 					 * Keep encrypted block to be used
1.8.4.2  skrll 					 * in next block's processing.
1.8.4.2  skrll 					 */
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(idat, piv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						bcopy(idat, iv, blks);
1.8.4.2  skrll
1.8.4.2  skrll 					exf->decrypt(sw->sw_kschedule, idat);
1.8.4.2  skrll
1.8.4.2  skrll 					/* XOR with previous block/IV */
1.8.4.2  skrll 					for (j = 0; j < blks; j++)
1.8.4.2  skrll 						idat[j] ^= ivp[j];
1.8.4.2  skrll
1.8.4.2  skrll 					if (ivp == iv)
1.8.4.2  skrll 						bcopy(piv, iv, blks);
1.8.4.2  skrll 					else
1.8.4.2  skrll 						ivp = iv;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				idat += blks;
1.8.4.2  skrll 				count += blks;
1.8.4.2  skrll 				k += blks;
1.8.4.2  skrll 				i -= blks;
1.8.4.2  skrll 			}
1.8.4.2  skrll 		}
1.8.4.2  skrll #endif
1.8.4.2  skrll 		return 0; /* Done with mbuf encryption/decryption */
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	/* Unreachable */
1.8.4.2  skrll 	return EINVAL;
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Compute keyed-hash authenticator.
1.8.4.2  skrll  */
1.8.4.2  skrll static int
1.8.4.2  skrll swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
1.8.4.2  skrll     struct swcr_data *sw, caddr_t buf, int outtype)
1.8.4.2  skrll {
1.8.4.2  skrll 	unsigned char aalg[AALG_MAX_RESULT_LEN];
1.8.4.2  skrll 	struct auth_hash *axf;
1.8.4.2  skrll 	union authctx ctx;
1.8.4.2  skrll 	int err;
1.8.4.2  skrll
1.8.4.2  skrll 	if (sw->sw_ictx == 0)
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 	axf = sw->sw_axf;
1.8.4.2  skrll
1.8.4.2  skrll 	bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
1.8.4.2  skrll
1.8.4.2  skrll 	switch (outtype) {
1.8.4.2  skrll 	case CRYPTO_BUF_CONTIG:
1.8.4.2  skrll 		axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	case CRYPTO_BUF_MBUF:
1.8.4.2  skrll 		err = m_apply((struct mbuf *) buf, crd->crd_skip, crd->crd_len,
1.8.4.2  skrll 		    (int (*)(void*, caddr_t, unsigned int)) axf->Update,
1.8.4.2  skrll 		    (caddr_t) &ctx);
1.8.4.2  skrll 		if (err)
1.8.4.2  skrll 			return err;
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	case CRYPTO_BUF_IOV:
1.8.4.2  skrll #ifdef __FreeBSD__
1.8.4.2  skrll 		/*XXX FIXME: handle iov case*/
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll #else
1.8.4.2  skrll 		err = cuio_apply((struct uio *) buf, crd->crd_skip,
1.8.4.2  skrll 		    crd->crd_len,
1.8.4.2  skrll 		    (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update,
1.8.4.2  skrll 		    (caddr_t) &ctx);
1.8.4.2  skrll 		if (err) {
1.8.4.2  skrll 			return err;
1.8.4.2  skrll 		}
1.8.4.2  skrll #endif
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	default:
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	switch (sw->sw_alg) {
1.8.4.2  skrll 	case CRYPTO_MD5_HMAC:
1.8.4.2  skrll 	case CRYPTO_SHA1_HMAC:
1.8.4.2  skrll 	case CRYPTO_SHA2_HMAC:
1.8.4.2  skrll 	case CRYPTO_RIPEMD160_HMAC:
1.8.4.2  skrll 		if (sw->sw_octx == NULL)
1.8.4.2  skrll 			return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 		axf->Final(aalg, &ctx);
1.8.4.2  skrll 		bcopy(sw->sw_octx, &ctx, axf->ctxsize);
1.8.4.2  skrll 		axf->Update(&ctx, aalg, axf->hashsize);
1.8.4.2  skrll 		axf->Final(aalg, &ctx);
1.8.4.2  skrll 		break;
1.8.4.2  skrll
1.8.4.2  skrll 	case CRYPTO_MD5_KPDK:
1.8.4.2  skrll 	case CRYPTO_SHA1_KPDK:
1.8.4.2  skrll 		if (sw->sw_octx == NULL)
1.8.4.2  skrll 			return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 		axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
1.8.4.2  skrll 		axf->Final(aalg, &ctx);
1.8.4.2  skrll 		break;
1.8.4.2  skrll
1.8.4.2  skrll 	case CRYPTO_NULL_HMAC:
1.8.4.2  skrll 	case CRYPTO_MD5:
1.8.4.2  skrll 	case CRYPTO_SHA1:
1.8.4.2  skrll 		axf->Final(aalg, &ctx);
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	/* Inject the authentication data */
1.8.4.2  skrll 	switch (outtype) {
1.8.4.2  skrll 	case CRYPTO_BUF_CONTIG:
1.8.4.2  skrll 		bcopy(aalg, buf + crd->crd_inject, axf->authsize);
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	case CRYPTO_BUF_MBUF:
1.8.4.2  skrll 		m_copyback((struct mbuf *) buf, crd->crd_inject,
1.8.4.2  skrll 		    axf->authsize, aalg);
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	case CRYPTO_BUF_IOV:
1.8.4.2  skrll 		bcopy(aalg, crp->crp_mac, axf->authsize);
1.8.4.2  skrll 		break;
1.8.4.2  skrll 	default:
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll 	}
1.8.4.2  skrll 	return 0;
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Apply a compression/decompression algorithm
1.8.4.2  skrll  */
1.8.4.2  skrll static int
1.8.4.2  skrll swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw,
1.8.4.2  skrll     caddr_t buf, int outtype)
1.8.4.2  skrll {
1.8.4.2  skrll 	u_int8_t *data, *out;
1.8.4.2  skrll 	struct comp_algo *cxf;
1.8.4.2  skrll 	int adj;
1.8.4.2  skrll 	u_int32_t result;
1.8.4.2  skrll
1.8.4.2  skrll 	cxf = sw->sw_cxf;
1.8.4.2  skrll
1.8.4.2  skrll 	/* We must handle the whole buffer of data in one time
1.8.4.2  skrll 	 * then if there is not all the data in the mbuf, we must
1.8.4.2  skrll 	 * copy in a buffer.
1.8.4.2  skrll 	 */
1.8.4.2  skrll
1.8.4.2  skrll 	MALLOC(data, u_int8_t *, crd->crd_len, M_CRYPTO_DATA,  M_NOWAIT);
1.8.4.2  skrll 	if (data == NULL)
1.8.4.2  skrll 		return (EINVAL);
1.8.4.2  skrll 	COPYDATA(outtype, buf, crd->crd_skip, crd->crd_len, data);
1.8.4.2  skrll
1.8.4.2  skrll 	if (crd->crd_flags & CRD_F_COMP)
1.8.4.2  skrll 		result = cxf->compress(data, crd->crd_len, &out);
1.8.4.2  skrll 	else
1.8.4.2  skrll 		result = cxf->decompress(data, crd->crd_len, &out);
1.8.4.2  skrll
1.8.4.2  skrll 	FREE(data, M_CRYPTO_DATA);
1.8.4.2  skrll 	if (result == 0)
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 	/* Copy back the (de)compressed data. m_copyback is
1.8.4.2  skrll 	 * extending the mbuf as necessary.
1.8.4.2  skrll 	 */
1.8.4.2  skrll 	sw->sw_size = result;
1.8.4.2  skrll 	/* Check the compressed size when doing compression */
1.8.4.2  skrll 	if (crd->crd_flags & CRD_F_COMP) {
1.8.4.2  skrll 		if (result > crd->crd_len) {
1.8.4.2  skrll 			/* Compression was useless, we lost time */
1.8.4.2  skrll 			FREE(out, M_CRYPTO_DATA);
1.8.4.2  skrll 			return 0;
1.8.4.2  skrll 		}
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	COPYBACK(outtype, buf, crd->crd_skip, result, out);
1.8.4.2  skrll 	if (result < crd->crd_len) {
1.8.4.2  skrll 		adj = result - crd->crd_len;
1.8.4.2  skrll 		if (outtype == CRYPTO_BUF_MBUF) {
1.8.4.2  skrll 			adj = result - crd->crd_len;
1.8.4.2  skrll 			m_adj((struct mbuf *)buf, adj);
1.8.4.2  skrll 		} else {
1.8.4.2  skrll 			struct uio *uio = (struct uio *)buf;
1.8.4.2  skrll 			int ind;
1.8.4.2  skrll
1.8.4.2  skrll 			adj = crd->crd_len - result;
1.8.4.2  skrll 			ind = uio->uio_iovcnt - 1;
1.8.4.2  skrll
1.8.4.2  skrll 			while (adj > 0 && ind >= 0) {
1.8.4.2  skrll 				if (adj < uio->uio_iov[ind].iov_len) {
1.8.4.2  skrll 					uio->uio_iov[ind].iov_len -= adj;
1.8.4.2  skrll 					break;
1.8.4.2  skrll 				}
1.8.4.2  skrll
1.8.4.2  skrll 				adj -= uio->uio_iov[ind].iov_len;
1.8.4.2  skrll 				uio->uio_iov[ind].iov_len = 0;
1.8.4.2  skrll 				ind--;
1.8.4.2  skrll 				uio->uio_iovcnt--;
1.8.4.2  skrll 			}
1.8.4.2  skrll 		}
1.8.4.2  skrll 	}
1.8.4.2  skrll 	FREE(out, M_CRYPTO_DATA);
1.8.4.2  skrll 	return 0;
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Generate a new software session.
1.8.4.2  skrll  */
1.8.4.2  skrll static int
1.8.4.2  skrll swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
1.8.4.2  skrll {
1.8.4.2  skrll 	struct swcr_data **swd;
1.8.4.2  skrll 	struct auth_hash *axf;
1.8.4.2  skrll 	struct enc_xform *txf;
1.8.4.2  skrll 	struct comp_algo *cxf;
1.8.4.2  skrll 	u_int32_t i;
1.8.4.2  skrll 	int k, error;
1.8.4.2  skrll
1.8.4.2  skrll 	if (sid == NULL || cri == NULL)
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 	if (swcr_sessions) {
1.8.4.2  skrll 		for (i = 1; i < swcr_sesnum; i++)
1.8.4.2  skrll 			if (swcr_sessions[i] == NULL)
1.8.4.2  skrll 				break;
1.8.4.2  skrll 	} else
1.8.4.2  skrll 		i = 1;		/* NB: to silence compiler warning */
1.8.4.2  skrll
1.8.4.2  skrll 	if (swcr_sessions == NULL || i == swcr_sesnum) {
1.8.4.2  skrll 		if (swcr_sessions == NULL) {
1.8.4.2  skrll 			i = 1; /* We leave swcr_sessions[0] empty */
1.8.4.2  skrll 			swcr_sesnum = CRYPTO_SW_SESSIONS;
1.8.4.2  skrll 		} else
1.8.4.2  skrll 			swcr_sesnum *= 2;
1.8.4.2  skrll
1.8.4.2  skrll 		swd = malloc(swcr_sesnum * sizeof(struct swcr_data *),
1.8.4.2  skrll 		    M_CRYPTO_DATA, M_NOWAIT);
1.8.4.2  skrll 		if (swd == NULL) {
1.8.4.2  skrll 			/* Reset session number */
1.8.4.2  skrll 			if (swcr_sesnum == CRYPTO_SW_SESSIONS)
1.8.4.2  skrll 				swcr_sesnum = 0;
1.8.4.2  skrll 			else
1.8.4.2  skrll 				swcr_sesnum /= 2;
1.8.4.2  skrll 			return ENOBUFS;
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		bzero(swd, swcr_sesnum * sizeof(struct swcr_data *));
1.8.4.2  skrll
1.8.4.2  skrll 		/* Copy existing sessions */
1.8.4.2  skrll 		if (swcr_sessions) {
1.8.4.2  skrll 			bcopy(swcr_sessions, swd,
1.8.4.2  skrll 			    (swcr_sesnum / 2) * sizeof(struct swcr_data *));
1.8.4.2  skrll 			free(swcr_sessions, M_CRYPTO_DATA);
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		swcr_sessions = swd;
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	swd = &swcr_sessions[i];
1.8.4.2  skrll 	*sid = i;
1.8.4.2  skrll
1.8.4.2  skrll 	while (cri) {
1.8.4.2  skrll 		MALLOC(*swd, struct swcr_data *, sizeof(struct swcr_data),
1.8.4.2  skrll 		    M_CRYPTO_DATA, M_NOWAIT);
1.8.4.2  skrll 		if (*swd == NULL) {
1.8.4.2  skrll 			swcr_freesession(NULL, i);
1.8.4.2  skrll 			return ENOBUFS;
1.8.4.2  skrll 		}
1.8.4.2  skrll 		bzero(*swd, sizeof(struct swcr_data));
1.8.4.2  skrll
1.8.4.2  skrll 		switch (cri->cri_alg) {
1.8.4.2  skrll 		case CRYPTO_DES_CBC:
1.8.4.2  skrll 			txf = &enc_xform_des;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		case CRYPTO_3DES_CBC:
1.8.4.2  skrll 			txf = &enc_xform_3des;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		case CRYPTO_BLF_CBC:
1.8.4.2  skrll 			txf = &enc_xform_blf;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		case CRYPTO_CAST_CBC:
1.8.4.2  skrll 			txf = &enc_xform_cast5;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		case CRYPTO_SKIPJACK_CBC:
1.8.4.2  skrll 			txf = &enc_xform_skipjack;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		case CRYPTO_RIJNDAEL128_CBC:
1.8.4.2  skrll 			txf = &enc_xform_rijndael128;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		case CRYPTO_NULL_CBC:
1.8.4.2  skrll 			txf = &enc_xform_null;
1.8.4.2  skrll 			goto enccommon;
1.8.4.2  skrll 		enccommon:
1.8.4.2  skrll 			error = txf->setkey(&((*swd)->sw_kschedule),
1.8.4.2  skrll 					cri->cri_key, cri->cri_klen / 8);
1.8.4.2  skrll 			if (error) {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return error;
1.8.4.2  skrll 			}
1.8.4.2  skrll 			(*swd)->sw_exf = txf;
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_MD5_HMAC:
1.8.4.2  skrll 			axf = &auth_hash_hmac_md5_96;
1.8.4.2  skrll 			goto authcommon;
1.8.4.2  skrll 		case CRYPTO_SHA1_HMAC:
1.8.4.2  skrll 			axf = &auth_hash_hmac_sha1_96;
1.8.4.2  skrll 			goto authcommon;
1.8.4.2  skrll 		case CRYPTO_SHA2_HMAC:
1.8.4.2  skrll 			if (cri->cri_klen == 256)
1.8.4.2  skrll 				axf = &auth_hash_hmac_sha2_256;
1.8.4.2  skrll 			else if (cri->cri_klen == 384)
1.8.4.2  skrll 				axf = &auth_hash_hmac_sha2_384;
1.8.4.2  skrll 			else if (cri->cri_klen == 512)
1.8.4.2  skrll 				axf = &auth_hash_hmac_sha2_512;
1.8.4.2  skrll 			else {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return EINVAL;
1.8.4.2  skrll 			}
1.8.4.2  skrll 			goto authcommon;
1.8.4.2  skrll 		case CRYPTO_NULL_HMAC:
1.8.4.2  skrll 			axf = &auth_hash_null;
1.8.4.2  skrll 			goto authcommon;
1.8.4.2  skrll 		case CRYPTO_RIPEMD160_HMAC:
1.8.4.2  skrll 			axf = &auth_hash_hmac_ripemd_160_96;
1.8.4.2  skrll 		authcommon:
1.8.4.2  skrll 			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
1.8.4.2  skrll 			    M_NOWAIT);
1.8.4.2  skrll 			if ((*swd)->sw_ictx == NULL) {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return ENOBUFS;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			(*swd)->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
1.8.4.2  skrll 			    M_NOWAIT);
1.8.4.2  skrll 			if ((*swd)->sw_octx == NULL) {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return ENOBUFS;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			for (k = 0; k < cri->cri_klen / 8; k++)
1.8.4.2  skrll 				cri->cri_key[k] ^= HMAC_IPAD_VAL;
1.8.4.2  skrll
1.8.4.2  skrll 			axf->Init((*swd)->sw_ictx);
1.8.4.2  skrll 			axf->Update((*swd)->sw_ictx, cri->cri_key,
1.8.4.2  skrll 			    cri->cri_klen / 8);
1.8.4.2  skrll 			axf->Update((*swd)->sw_ictx, hmac_ipad_buffer,
1.8.4.2  skrll 			    HMAC_BLOCK_LEN - (cri->cri_klen / 8));
1.8.4.2  skrll
1.8.4.2  skrll 			for (k = 0; k < cri->cri_klen / 8; k++)
1.8.4.2  skrll 				cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
1.8.4.2  skrll
1.8.4.2  skrll 			axf->Init((*swd)->sw_octx);
1.8.4.2  skrll 			axf->Update((*swd)->sw_octx, cri->cri_key,
1.8.4.2  skrll 			    cri->cri_klen / 8);
1.8.4.2  skrll 			axf->Update((*swd)->sw_octx, hmac_opad_buffer,
1.8.4.2  skrll 			    HMAC_BLOCK_LEN - (cri->cri_klen / 8));
1.8.4.2  skrll
1.8.4.2  skrll 			for (k = 0; k < cri->cri_klen / 8; k++)
1.8.4.2  skrll 				cri->cri_key[k] ^= HMAC_OPAD_VAL;
1.8.4.2  skrll 			(*swd)->sw_axf = axf;
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_MD5_KPDK:
1.8.4.2  skrll 			axf = &auth_hash_key_md5;
1.8.4.2  skrll 			goto auth2common;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_SHA1_KPDK:
1.8.4.2  skrll 			axf = &auth_hash_key_sha1;
1.8.4.2  skrll 		auth2common:
1.8.4.2  skrll 			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
1.8.4.2  skrll 			    M_NOWAIT);
1.8.4.2  skrll 			if ((*swd)->sw_ictx == NULL) {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return ENOBUFS;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			/* Store the key so we can "append" it to the payload */
1.8.4.2  skrll 			(*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
1.8.4.2  skrll 			    M_NOWAIT);
1.8.4.2  skrll 			if ((*swd)->sw_octx == NULL) {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return ENOBUFS;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			(*swd)->sw_klen = cri->cri_klen / 8;
1.8.4.2  skrll 			bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
1.8.4.2  skrll 			axf->Init((*swd)->sw_ictx);
1.8.4.2  skrll 			axf->Update((*swd)->sw_ictx, cri->cri_key,
1.8.4.2  skrll 			    cri->cri_klen / 8);
1.8.4.2  skrll 			axf->Final(NULL, (*swd)->sw_ictx);
1.8.4.2  skrll 			(*swd)->sw_axf = axf;
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_MD5:
1.8.4.2  skrll 			axf = &auth_hash_md5;
1.8.4.2  skrll 			goto auth3common;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_SHA1:
1.8.4.2  skrll 			axf = &auth_hash_sha1;
1.8.4.2  skrll 		auth3common:
1.8.4.2  skrll 			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
1.8.4.2  skrll 			    M_NOWAIT);
1.8.4.2  skrll 			if ((*swd)->sw_ictx == NULL) {
1.8.4.2  skrll 				swcr_freesession(NULL, i);
1.8.4.2  skrll 				return ENOBUFS;
1.8.4.2  skrll 			}
1.8.4.2  skrll
1.8.4.2  skrll 			axf->Init((*swd)->sw_ictx);
1.8.4.2  skrll 			(*swd)->sw_axf = axf;
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_DEFLATE_COMP:
1.8.4.2  skrll 			cxf = &comp_algo_deflate;
1.8.4.2  skrll 			(*swd)->sw_cxf = cxf;
1.8.4.2  skrll 			break;
1.8.4.2  skrll 		default:
1.8.4.2  skrll 			swcr_freesession(NULL, i);
1.8.4.2  skrll 			return EINVAL;
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		(*swd)->sw_alg = cri->cri_alg;
1.8.4.2  skrll 		cri = cri->cri_next;
1.8.4.2  skrll 		swd = &((*swd)->sw_next);
1.8.4.2  skrll 	}
1.8.4.2  skrll 	return 0;
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Free a session.
1.8.4.2  skrll  */
1.8.4.2  skrll static int
1.8.4.2  skrll swcr_freesession(void *arg, u_int64_t tid)
1.8.4.2  skrll {
1.8.4.2  skrll 	struct swcr_data *swd;
1.8.4.2  skrll 	struct enc_xform *txf;
1.8.4.2  skrll 	struct auth_hash *axf;
1.8.4.2  skrll 	struct comp_algo *cxf;
1.8.4.2  skrll 	u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
1.8.4.2  skrll
1.8.4.2  skrll 	if (sid > swcr_sesnum || swcr_sessions == NULL ||
1.8.4.2  skrll 	    swcr_sessions[sid] == NULL)
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 	/* Silently accept and return */
1.8.4.2  skrll 	if (sid == 0)
1.8.4.2  skrll 		return 0;
1.8.4.2  skrll
1.8.4.2  skrll 	while ((swd = swcr_sessions[sid]) != NULL) {
1.8.4.2  skrll 		swcr_sessions[sid] = swd->sw_next;
1.8.4.2  skrll
1.8.4.2  skrll 		switch (swd->sw_alg) {
1.8.4.2  skrll 		case CRYPTO_DES_CBC:
1.8.4.2  skrll 		case CRYPTO_3DES_CBC:
1.8.4.2  skrll 		case CRYPTO_BLF_CBC:
1.8.4.2  skrll 		case CRYPTO_CAST_CBC:
1.8.4.2  skrll 		case CRYPTO_SKIPJACK_CBC:
1.8.4.2  skrll 		case CRYPTO_RIJNDAEL128_CBC:
1.8.4.2  skrll 		case CRYPTO_NULL_CBC:
1.8.4.2  skrll 			txf = swd->sw_exf;
1.8.4.2  skrll
1.8.4.2  skrll 			if (swd->sw_kschedule)
1.8.4.2  skrll 				txf->zerokey(&(swd->sw_kschedule));
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_MD5_HMAC:
1.8.4.2  skrll 		case CRYPTO_SHA1_HMAC:
1.8.4.2  skrll 		case CRYPTO_SHA2_HMAC:
1.8.4.2  skrll 		case CRYPTO_RIPEMD160_HMAC:
1.8.4.2  skrll 		case CRYPTO_NULL_HMAC:
1.8.4.2  skrll 			axf = swd->sw_axf;
1.8.4.2  skrll
1.8.4.2  skrll 			if (swd->sw_ictx) {
1.8.4.2  skrll 				bzero(swd->sw_ictx, axf->ctxsize);
1.8.4.2  skrll 				free(swd->sw_ictx, M_CRYPTO_DATA);
1.8.4.2  skrll 			}
1.8.4.2  skrll 			if (swd->sw_octx) {
1.8.4.2  skrll 				bzero(swd->sw_octx, axf->ctxsize);
1.8.4.2  skrll 				free(swd->sw_octx, M_CRYPTO_DATA);
1.8.4.2  skrll 			}
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_MD5_KPDK:
1.8.4.2  skrll 		case CRYPTO_SHA1_KPDK:
1.8.4.2  skrll 			axf = swd->sw_axf;
1.8.4.2  skrll
1.8.4.2  skrll 			if (swd->sw_ictx) {
1.8.4.2  skrll 				bzero(swd->sw_ictx, axf->ctxsize);
1.8.4.2  skrll 				free(swd->sw_ictx, M_CRYPTO_DATA);
1.8.4.2  skrll 			}
1.8.4.2  skrll 			if (swd->sw_octx) {
1.8.4.2  skrll 				bzero(swd->sw_octx, swd->sw_klen);
1.8.4.2  skrll 				free(swd->sw_octx, M_CRYPTO_DATA);
1.8.4.2  skrll 			}
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_MD5:
1.8.4.2  skrll 		case CRYPTO_SHA1:
1.8.4.2  skrll 			axf = swd->sw_axf;
1.8.4.2  skrll
1.8.4.2  skrll 			if (swd->sw_ictx)
1.8.4.2  skrll 				free(swd->sw_ictx, M_CRYPTO_DATA);
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_DEFLATE_COMP:
1.8.4.2  skrll 			cxf = swd->sw_cxf;
1.8.4.2  skrll 			break;
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		FREE(swd, M_CRYPTO_DATA);
1.8.4.2  skrll 	}
1.8.4.2  skrll 	return 0;
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Process a software request.
1.8.4.2  skrll  */
1.8.4.2  skrll static int
1.8.4.2  skrll swcr_process(void *arg, struct cryptop *crp, int hint)
1.8.4.2  skrll {
1.8.4.2  skrll 	struct cryptodesc *crd;
1.8.4.2  skrll 	struct swcr_data *sw;
1.8.4.2  skrll 	u_int32_t lid;
1.8.4.2  skrll 	int type;
1.8.4.2  skrll
1.8.4.2  skrll 	/* Sanity check */
1.8.4.2  skrll 	if (crp == NULL)
1.8.4.2  skrll 		return EINVAL;
1.8.4.2  skrll
1.8.4.2  skrll 	if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
1.8.4.2  skrll 		crp->crp_etype = EINVAL;
1.8.4.2  skrll 		goto done;
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	lid = crp->crp_sid & 0xffffffff;
1.8.4.2  skrll 	if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) {
1.8.4.2  skrll 		crp->crp_etype = ENOENT;
1.8.4.2  skrll 		goto done;
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	if (crp->crp_flags & CRYPTO_F_IMBUF) {
1.8.4.2  skrll 		type = CRYPTO_BUF_MBUF;
1.8.4.2  skrll 	} else if (crp->crp_flags & CRYPTO_F_IOV) {
1.8.4.2  skrll 		type = CRYPTO_BUF_IOV;
1.8.4.2  skrll 	} else {
1.8.4.2  skrll 		type = CRYPTO_BUF_CONTIG;
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	/* Go through crypto descriptors, processing as we go */
1.8.4.2  skrll 	for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
1.8.4.2  skrll 		/*
1.8.4.2  skrll 		 * Find the crypto context.
1.8.4.2  skrll 		 *
1.8.4.2  skrll 		 * XXX Note that the logic here prevents us from having
1.8.4.2  skrll 		 * XXX the same algorithm multiple times in a session
1.8.4.2  skrll 		 * XXX (or rather, we can but it won't give us the right
1.8.4.2  skrll 		 * XXX results). To do that, we'd need some way of differentiating
1.8.4.2  skrll 		 * XXX between the various instances of an algorithm (so we can
1.8.4.2  skrll 		 * XXX locate the correct crypto context).
1.8.4.2  skrll 		 */
1.8.4.2  skrll 		for (sw = swcr_sessions[lid];
1.8.4.2  skrll 		    sw && sw->sw_alg != crd->crd_alg;
1.8.4.2  skrll 		    sw = sw->sw_next)
1.8.4.2  skrll 			;
1.8.4.2  skrll
1.8.4.2  skrll 		/* No such context ? */
1.8.4.2  skrll 		if (sw == NULL) {
1.8.4.2  skrll 			crp->crp_etype = EINVAL;
1.8.4.2  skrll 			goto done;
1.8.4.2  skrll 		}
1.8.4.2  skrll
1.8.4.2  skrll 		switch (sw->sw_alg) {
1.8.4.2  skrll 		case CRYPTO_DES_CBC:
1.8.4.2  skrll 		case CRYPTO_3DES_CBC:
1.8.4.2  skrll 		case CRYPTO_BLF_CBC:
1.8.4.2  skrll 		case CRYPTO_CAST_CBC:
1.8.4.2  skrll 		case CRYPTO_SKIPJACK_CBC:
1.8.4.2  skrll 		case CRYPTO_RIJNDAEL128_CBC:
1.8.4.2  skrll 			if ((crp->crp_etype = swcr_encdec(crd, sw,
1.8.4.2  skrll 			    crp->crp_buf, type)) != 0)
1.8.4.2  skrll 				goto done;
1.8.4.2  skrll 			break;
1.8.4.2  skrll 		case CRYPTO_NULL_CBC:
1.8.4.2  skrll 			crp->crp_etype = 0;
1.8.4.2  skrll 			break;
1.8.4.2  skrll 		case CRYPTO_MD5_HMAC:
1.8.4.2  skrll 		case CRYPTO_SHA1_HMAC:
1.8.4.2  skrll 		case CRYPTO_SHA2_HMAC:
1.8.4.2  skrll 		case CRYPTO_RIPEMD160_HMAC:
1.8.4.2  skrll 		case CRYPTO_NULL_HMAC:
1.8.4.2  skrll 		case CRYPTO_MD5_KPDK:
1.8.4.2  skrll 		case CRYPTO_SHA1_KPDK:
1.8.4.2  skrll 		case CRYPTO_MD5:
1.8.4.2  skrll 		case CRYPTO_SHA1:
1.8.4.2  skrll 			if ((crp->crp_etype = swcr_authcompute(crp, crd, sw,
1.8.4.2  skrll 			    crp->crp_buf, type)) != 0)
1.8.4.2  skrll 				goto done;
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		case CRYPTO_DEFLATE_COMP:
1.8.4.2  skrll 			if ((crp->crp_etype = swcr_compdec(crd, sw,
1.8.4.2  skrll 			    crp->crp_buf, type)) != 0)
1.8.4.2  skrll 				goto done;
1.8.4.2  skrll 			else
1.8.4.2  skrll 				crp->crp_olen = (int)sw->sw_size;
1.8.4.2  skrll 			break;
1.8.4.2  skrll
1.8.4.2  skrll 		default:
1.8.4.2  skrll 			/* Unknown/unsupported algorithm */
1.8.4.2  skrll 			crp->crp_etype = EINVAL;
1.8.4.2  skrll 			goto done;
1.8.4.2  skrll 		}
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll done:
1.8.4.2  skrll 	crypto_done(crp);
1.8.4.2  skrll 	return 0;
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll /*
1.8.4.2  skrll  * Initialize the driver, called from the kernel main().
1.8.4.2  skrll  */
1.8.4.2  skrll /*static*/
1.8.4.2  skrll void
1.8.4.2  skrll swcr_init(void)
1.8.4.2  skrll {
1.8.4.2  skrll 	swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE);
1.8.4.2  skrll 	if (swcr_id < 0) {
1.8.4.2  skrll 		/* This should never happen */
1.8.4.2  skrll 		panic("Software crypto device cannot initialize!");
1.8.4.2  skrll 	}
1.8.4.2  skrll
1.8.4.2  skrll 	crypto_register(swcr_id, CRYPTO_DES_CBC,
1.8.4.2  skrll 	    0, 0, swcr_newsession, swcr_freesession, swcr_process, NULL);
1.8.4.2  skrll #define	REGISTER(alg) \
1.8.4.2  skrll 	crypto_register(swcr_id, alg, 0, 0, NULL, NULL, NULL, NULL)
1.8.4.2  skrll
1.8.4.2  skrll 	REGISTER(CRYPTO_3DES_CBC);
1.8.4.2  skrll 	REGISTER(CRYPTO_BLF_CBC);
1.8.4.2  skrll 	REGISTER(CRYPTO_CAST_CBC);
1.8.4.2  skrll 	REGISTER(CRYPTO_SKIPJACK_CBC);
1.8.4.2  skrll 	REGISTER(CRYPTO_NULL_CBC);
1.8.4.2  skrll 	REGISTER(CRYPTO_MD5_HMAC);
1.8.4.2  skrll 	REGISTER(CRYPTO_SHA1_HMAC);
1.8.4.2  skrll 	REGISTER(CRYPTO_SHA2_HMAC);
1.8.4.2  skrll 	REGISTER(CRYPTO_RIPEMD160_HMAC);
1.8.4.2  skrll 	REGISTER(CRYPTO_NULL_HMAC);
1.8.4.2  skrll 	REGISTER(CRYPTO_MD5_KPDK);
1.8.4.2  skrll 	REGISTER(CRYPTO_SHA1_KPDK);
1.8.4.2  skrll 	REGISTER(CRYPTO_MD5);
1.8.4.2  skrll 	REGISTER(CRYPTO_SHA1);
1.8.4.2  skrll 	REGISTER(CRYPTO_RIJNDAEL128_CBC);
1.8.4.2  skrll 	REGISTER(CRYPTO_DEFLATE_COMP);
1.8.4.2  skrll #undef REGISTER
1.8.4.2  skrll }
1.8.4.2  skrll
1.8.4.2  skrll #ifdef __FreeBSD__
1.8.4.2  skrll SYSINIT(cryptosoft_init, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_init, NULL)
1.8.4.2  skrll #endif