1 | /* $NetBSD: cryptosoft.c,v 1.47 2015/08/20 14:40:19 christos Exp $ */ |
2 | /* $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $ */ |
3 | /* $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */ |
4 | |
5 | /* |
6 | * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) |
7 | * |
8 | * This code was written by Angelos D. Keromytis in Athens, Greece, in |
9 | * February 2000. Network Security Technologies Inc. (NSTI) kindly |
10 | * supported the development of this code. |
11 | * |
12 | * Copyright (c) 2000, 2001 Angelos D. Keromytis |
13 | * |
14 | * Permission to use, copy, and modify this software with or without fee |
15 | * is hereby granted, provided that this entire notice is included in |
16 | * all source code copies of any software which is or includes a copy or |
17 | * modification of this software. |
18 | * |
19 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
20 | * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY |
21 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
22 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR |
23 | * PURPOSE. |
24 | */ |
25 | |
26 | #include <sys/cdefs.h> |
27 | __KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.47 2015/08/20 14:40:19 christos Exp $" ); |
28 | |
29 | #include <sys/param.h> |
30 | #include <sys/systm.h> |
31 | #include <sys/malloc.h> |
32 | #include <sys/mbuf.h> |
33 | #include <sys/sysctl.h> |
34 | #include <sys/errno.h> |
35 | #include <sys/cprng.h> |
36 | #include <sys/module.h> |
37 | #include <sys/device.h> |
38 | |
39 | #ifdef _KERNEL_OPT |
40 | #include "opt_ocf.h" |
41 | #endif |
42 | |
43 | #include <opencrypto/cryptodev.h> |
44 | #include <opencrypto/cryptosoft.h> |
45 | #include <opencrypto/xform.h> |
46 | |
47 | #include <opencrypto/cryptosoft_xform.c> |
48 | |
49 | #include "ioconf.h" |
50 | |
51 | union authctx { |
52 | MD5_CTX md5ctx; |
53 | SHA1_CTX sha1ctx; |
54 | RMD160_CTX rmd160ctx; |
55 | SHA256_CTX sha256ctx; |
56 | SHA384_CTX sha384ctx; |
57 | SHA512_CTX sha512ctx; |
58 | aesxcbc_ctx aesxcbcctx; |
59 | AES_GMAC_CTX aesgmacctx; |
60 | }; |
61 | |
62 | struct swcr_data **swcr_sessions = NULL; |
63 | u_int32_t swcr_sesnum = 0; |
64 | int32_t swcr_id = -1; |
65 | |
66 | #define COPYBACK(x, a, b, c, d) \ |
67 | (x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \ |
68 | : cuio_copyback((struct uio *)a,b,c,d) |
69 | #define COPYDATA(x, a, b, c, d) \ |
70 | (x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \ |
71 | : cuio_copydata((struct uio *)a,b,c,d) |
72 | |
73 | static int swcr_encdec(struct cryptodesc *, const struct swcr_data *, void *, int); |
74 | static int swcr_compdec(struct cryptodesc *, const struct swcr_data *, void *, int, int *); |
75 | static int swcr_combined(struct cryptop *, int); |
76 | static int swcr_process(void *, struct cryptop *, int); |
77 | static int swcr_newsession(void *, u_int32_t *, struct cryptoini *); |
78 | static int swcr_freesession(void *, u_int64_t); |
79 | |
80 | /* |
81 | * Apply a symmetric encryption/decryption algorithm. |
82 | */ |
83 | static int |
84 | swcr_encdec(struct cryptodesc *crd, const struct swcr_data *sw, void *bufv, |
85 | int outtype) |
86 | { |
87 | char *buf = bufv; |
88 | unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; |
89 | unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN]; |
90 | const struct swcr_enc_xform *exf; |
91 | int i, k, j, blks, ivlen; |
92 | int count, ind; |
93 | |
94 | exf = sw->sw_exf; |
95 | blks = exf->enc_xform->blocksize; |
96 | ivlen = exf->enc_xform->ivsize; |
97 | KASSERT(exf->reinit ? ivlen <= blks : ivlen == blks); |
98 | |
99 | /* Check for non-padded data */ |
100 | if (crd->crd_len % blks) |
101 | return EINVAL; |
102 | |
103 | /* Initialize the IV */ |
104 | if (crd->crd_flags & CRD_F_ENCRYPT) { |
105 | /* IV explicitly provided ? */ |
106 | if (crd->crd_flags & CRD_F_IV_EXPLICIT) { |
107 | memcpy(iv, crd->crd_iv, ivlen); |
108 | if (exf->reinit) |
109 | exf->reinit(sw->sw_kschedule, iv, 0); |
110 | } else if (exf->reinit) { |
111 | exf->reinit(sw->sw_kschedule, 0, iv); |
112 | } else { |
113 | /* Get random IV */ |
114 | for (i = 0; |
115 | i + sizeof (u_int32_t) <= EALG_MAX_BLOCK_LEN; |
116 | i += sizeof (u_int32_t)) { |
117 | u_int32_t temp = cprng_fast32(); |
118 | |
119 | memcpy(iv + i, &temp, sizeof(u_int32_t)); |
120 | } |
121 | /* |
122 | * What if the block size is not a multiple |
123 | * of sizeof (u_int32_t), which is the size of |
124 | * what arc4random() returns ? |
125 | */ |
126 | if (EALG_MAX_BLOCK_LEN % sizeof (u_int32_t) != 0) { |
127 | u_int32_t temp = cprng_fast32(); |
128 | |
129 | bcopy (&temp, iv + i, |
130 | EALG_MAX_BLOCK_LEN - i); |
131 | } |
132 | } |
133 | |
134 | /* Do we need to write the IV */ |
135 | if (!(crd->crd_flags & CRD_F_IV_PRESENT)) { |
136 | COPYBACK(outtype, buf, crd->crd_inject, ivlen, iv); |
137 | } |
138 | |
139 | } else { /* Decryption */ |
140 | /* IV explicitly provided ? */ |
141 | if (crd->crd_flags & CRD_F_IV_EXPLICIT) |
142 | memcpy(iv, crd->crd_iv, ivlen); |
143 | else { |
144 | /* Get IV off buf */ |
145 | COPYDATA(outtype, buf, crd->crd_inject, ivlen, iv); |
146 | } |
147 | if (exf->reinit) |
148 | exf->reinit(sw->sw_kschedule, iv, 0); |
149 | } |
150 | |
151 | ivp = iv; |
152 | |
153 | if (outtype == CRYPTO_BUF_CONTIG) { |
154 | if (exf->reinit) { |
155 | for (i = crd->crd_skip; |
156 | i < crd->crd_skip + crd->crd_len; i += blks) { |
157 | if (crd->crd_flags & CRD_F_ENCRYPT) { |
158 | exf->encrypt(sw->sw_kschedule, buf + i); |
159 | } else { |
160 | exf->decrypt(sw->sw_kschedule, buf + i); |
161 | } |
162 | } |
163 | } else if (crd->crd_flags & CRD_F_ENCRYPT) { |
164 | for (i = crd->crd_skip; |
165 | i < crd->crd_skip + crd->crd_len; i += blks) { |
166 | /* XOR with the IV/previous block, as appropriate. */ |
167 | if (i == crd->crd_skip) |
168 | for (k = 0; k < blks; k++) |
169 | buf[i + k] ^= ivp[k]; |
170 | else |
171 | for (k = 0; k < blks; k++) |
172 | buf[i + k] ^= buf[i + k - blks]; |
173 | exf->encrypt(sw->sw_kschedule, buf + i); |
174 | } |
175 | } else { /* Decrypt */ |
176 | /* |
177 | * Start at the end, so we don't need to keep the encrypted |
178 | * block as the IV for the next block. |
179 | */ |
180 | for (i = crd->crd_skip + crd->crd_len - blks; |
181 | i >= crd->crd_skip; i -= blks) { |
182 | exf->decrypt(sw->sw_kschedule, buf + i); |
183 | |
184 | /* XOR with the IV/previous block, as appropriate */ |
185 | if (i == crd->crd_skip) |
186 | for (k = 0; k < blks; k++) |
187 | buf[i + k] ^= ivp[k]; |
188 | else |
189 | for (k = 0; k < blks; k++) |
190 | buf[i + k] ^= buf[i + k - blks]; |
191 | } |
192 | } |
193 | |
194 | return 0; |
195 | } else if (outtype == CRYPTO_BUF_MBUF) { |
196 | struct mbuf *m = (struct mbuf *) buf; |
197 | |
198 | /* Find beginning of data */ |
199 | m = m_getptr(m, crd->crd_skip, &k); |
200 | if (m == NULL) |
201 | return EINVAL; |
202 | |
203 | i = crd->crd_len; |
204 | |
205 | while (i > 0) { |
206 | /* |
207 | * If there's insufficient data at the end of |
208 | * an mbuf, we have to do some copying. |
209 | */ |
210 | if (m->m_len < k + blks && m->m_len != k) { |
211 | m_copydata(m, k, blks, blk); |
212 | |
213 | /* Actual encryption/decryption */ |
214 | if (exf->reinit) { |
215 | if (crd->crd_flags & CRD_F_ENCRYPT) { |
216 | exf->encrypt(sw->sw_kschedule, |
217 | blk); |
218 | } else { |
219 | exf->decrypt(sw->sw_kschedule, |
220 | blk); |
221 | } |
222 | } else if (crd->crd_flags & CRD_F_ENCRYPT) { |
223 | /* XOR with previous block */ |
224 | for (j = 0; j < blks; j++) |
225 | blk[j] ^= ivp[j]; |
226 | |
227 | exf->encrypt(sw->sw_kschedule, blk); |
228 | |
229 | /* |
230 | * Keep encrypted block for XOR'ing |
231 | * with next block |
232 | */ |
233 | memcpy(iv, blk, blks); |
234 | ivp = iv; |
235 | } else { /* decrypt */ |
236 | /* |
237 | * Keep encrypted block for XOR'ing |
238 | * with next block |
239 | */ |
240 | if (ivp == iv) |
241 | memcpy(piv, blk, blks); |
242 | else |
243 | memcpy(iv, blk, blks); |
244 | |
245 | exf->decrypt(sw->sw_kschedule, blk); |
246 | |
247 | /* XOR with previous block */ |
248 | for (j = 0; j < blks; j++) |
249 | blk[j] ^= ivp[j]; |
250 | |
251 | if (ivp == iv) |
252 | memcpy(iv, piv, blks); |
253 | else |
254 | ivp = iv; |
255 | } |
256 | |
257 | /* Copy back decrypted block */ |
258 | m_copyback(m, k, blks, blk); |
259 | |
260 | /* Advance pointer */ |
261 | m = m_getptr(m, k + blks, &k); |
262 | if (m == NULL) |
263 | return EINVAL; |
264 | |
265 | i -= blks; |
266 | |
267 | /* Could be done... */ |
268 | if (i == 0) |
269 | break; |
270 | } |
271 | |
272 | /* Skip possibly empty mbufs */ |
273 | if (k == m->m_len) { |
274 | for (m = m->m_next; m && m->m_len == 0; |
275 | m = m->m_next) |
276 | ; |
277 | k = 0; |
278 | } |
279 | |
280 | /* Sanity check */ |
281 | if (m == NULL) |
282 | return EINVAL; |
283 | |
284 | /* |
285 | * Warning: idat may point to garbage here, but |
286 | * we only use it in the while() loop, only if |
287 | * there are indeed enough data. |
288 | */ |
289 | idat = mtod(m, unsigned char *) + k; |
290 | |
291 | while (m->m_len >= k + blks && i > 0) { |
292 | if (exf->reinit) { |
293 | if (crd->crd_flags & CRD_F_ENCRYPT) { |
294 | exf->encrypt(sw->sw_kschedule, |
295 | idat); |
296 | } else { |
297 | exf->decrypt(sw->sw_kschedule, |
298 | idat); |
299 | } |
300 | } else if (crd->crd_flags & CRD_F_ENCRYPT) { |
301 | /* XOR with previous block/IV */ |
302 | for (j = 0; j < blks; j++) |
303 | idat[j] ^= ivp[j]; |
304 | |
305 | exf->encrypt(sw->sw_kschedule, idat); |
306 | ivp = idat; |
307 | } else { /* decrypt */ |
308 | /* |
309 | * Keep encrypted block to be used |
310 | * in next block's processing. |
311 | */ |
312 | if (ivp == iv) |
313 | memcpy(piv, idat, blks); |
314 | else |
315 | memcpy(iv, idat, blks); |
316 | |
317 | exf->decrypt(sw->sw_kschedule, idat); |
318 | |
319 | /* XOR with previous block/IV */ |
320 | for (j = 0; j < blks; j++) |
321 | idat[j] ^= ivp[j]; |
322 | |
323 | if (ivp == iv) |
324 | memcpy(iv, piv, blks); |
325 | else |
326 | ivp = iv; |
327 | } |
328 | |
329 | idat += blks; |
330 | k += blks; |
331 | i -= blks; |
332 | } |
333 | } |
334 | |
335 | return 0; /* Done with mbuf encryption/decryption */ |
336 | } else if (outtype == CRYPTO_BUF_IOV) { |
337 | struct uio *uio = (struct uio *) buf; |
338 | |
339 | /* Find beginning of data */ |
340 | count = crd->crd_skip; |
341 | ind = cuio_getptr(uio, count, &k); |
342 | if (ind == -1) |
343 | return EINVAL; |
344 | |
345 | i = crd->crd_len; |
346 | |
347 | while (i > 0) { |
348 | /* |
349 | * If there's insufficient data at the end, |
350 | * we have to do some copying. |
351 | */ |
352 | if (uio->uio_iov[ind].iov_len < k + blks && |
353 | uio->uio_iov[ind].iov_len != k) { |
354 | cuio_copydata(uio, k, blks, blk); |
355 | |
356 | /* Actual encryption/decryption */ |
357 | if (exf->reinit) { |
358 | if (crd->crd_flags & CRD_F_ENCRYPT) { |
359 | exf->encrypt(sw->sw_kschedule, |
360 | blk); |
361 | } else { |
362 | exf->decrypt(sw->sw_kschedule, |
363 | blk); |
364 | } |
365 | } else if (crd->crd_flags & CRD_F_ENCRYPT) { |
366 | /* XOR with previous block */ |
367 | for (j = 0; j < blks; j++) |
368 | blk[j] ^= ivp[j]; |
369 | |
370 | exf->encrypt(sw->sw_kschedule, blk); |
371 | |
372 | /* |
373 | * Keep encrypted block for XOR'ing |
374 | * with next block |
375 | */ |
376 | memcpy(iv, blk, blks); |
377 | ivp = iv; |
378 | } else { /* decrypt */ |
379 | /* |
380 | * Keep encrypted block for XOR'ing |
381 | * with next block |
382 | */ |
383 | if (ivp == iv) |
384 | memcpy(piv, blk, blks); |
385 | else |
386 | memcpy(iv, blk, blks); |
387 | |
388 | exf->decrypt(sw->sw_kschedule, blk); |
389 | |
390 | /* XOR with previous block */ |
391 | for (j = 0; j < blks; j++) |
392 | blk[j] ^= ivp[j]; |
393 | |
394 | if (ivp == iv) |
395 | memcpy(iv, piv, blks); |
396 | else |
397 | ivp = iv; |
398 | } |
399 | |
400 | /* Copy back decrypted block */ |
401 | cuio_copyback(uio, k, blks, blk); |
402 | |
403 | count += blks; |
404 | |
405 | /* Advance pointer */ |
406 | ind = cuio_getptr(uio, count, &k); |
407 | if (ind == -1) |
408 | return (EINVAL); |
409 | |
410 | i -= blks; |
411 | |
412 | /* Could be done... */ |
413 | if (i == 0) |
414 | break; |
415 | } |
416 | |
417 | /* |
418 | * Warning: idat may point to garbage here, but |
419 | * we only use it in the while() loop, only if |
420 | * there are indeed enough data. |
421 | */ |
422 | idat = ((char *)uio->uio_iov[ind].iov_base) + k; |
423 | |
424 | while (uio->uio_iov[ind].iov_len >= k + blks && |
425 | i > 0) { |
426 | if (exf->reinit) { |
427 | if (crd->crd_flags & CRD_F_ENCRYPT) { |
428 | exf->encrypt(sw->sw_kschedule, |
429 | idat); |
430 | } else { |
431 | exf->decrypt(sw->sw_kschedule, |
432 | idat); |
433 | } |
434 | } else if (crd->crd_flags & CRD_F_ENCRYPT) { |
435 | /* XOR with previous block/IV */ |
436 | for (j = 0; j < blks; j++) |
437 | idat[j] ^= ivp[j]; |
438 | |
439 | exf->encrypt(sw->sw_kschedule, idat); |
440 | ivp = idat; |
441 | } else { /* decrypt */ |
442 | /* |
443 | * Keep encrypted block to be used |
444 | * in next block's processing. |
445 | */ |
446 | if (ivp == iv) |
447 | memcpy(piv, idat, blks); |
448 | else |
449 | memcpy(iv, idat, blks); |
450 | |
451 | exf->decrypt(sw->sw_kschedule, idat); |
452 | |
453 | /* XOR with previous block/IV */ |
454 | for (j = 0; j < blks; j++) |
455 | idat[j] ^= ivp[j]; |
456 | |
457 | if (ivp == iv) |
458 | memcpy(iv, piv, blks); |
459 | else |
460 | ivp = iv; |
461 | } |
462 | |
463 | idat += blks; |
464 | count += blks; |
465 | k += blks; |
466 | i -= blks; |
467 | } |
468 | } |
469 | return 0; /* Done with mbuf encryption/decryption */ |
470 | } |
471 | |
472 | /* Unreachable */ |
473 | return EINVAL; |
474 | } |
475 | |
476 | /* |
477 | * Compute keyed-hash authenticator. |
478 | */ |
479 | int |
480 | swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, |
481 | const struct swcr_data *sw, void *buf, int outtype) |
482 | { |
483 | unsigned char aalg[AALG_MAX_RESULT_LEN]; |
484 | const struct swcr_auth_hash *axf; |
485 | union authctx ctx; |
486 | int err; |
487 | |
488 | if (sw->sw_ictx == 0) |
489 | return EINVAL; |
490 | |
491 | axf = sw->sw_axf; |
492 | |
493 | memcpy(&ctx, sw->sw_ictx, axf->ctxsize); |
494 | |
495 | switch (outtype) { |
496 | case CRYPTO_BUF_CONTIG: |
497 | axf->Update(&ctx, (char *)buf + crd->crd_skip, crd->crd_len); |
498 | break; |
499 | case CRYPTO_BUF_MBUF: |
500 | err = m_apply((struct mbuf *) buf, crd->crd_skip, crd->crd_len, |
501 | (int (*)(void*, void *, unsigned int)) axf->Update, |
502 | (void *) &ctx); |
503 | if (err) |
504 | return err; |
505 | break; |
506 | case CRYPTO_BUF_IOV: |
507 | err = cuio_apply((struct uio *) buf, crd->crd_skip, |
508 | crd->crd_len, |
509 | (int (*)(void *, void *, unsigned int)) axf->Update, |
510 | (void *) &ctx); |
511 | if (err) { |
512 | return err; |
513 | } |
514 | break; |
515 | default: |
516 | return EINVAL; |
517 | } |
518 | |
519 | switch (sw->sw_alg) { |
520 | case CRYPTO_MD5_HMAC: |
521 | case CRYPTO_MD5_HMAC_96: |
522 | case CRYPTO_SHA1_HMAC: |
523 | case CRYPTO_SHA1_HMAC_96: |
524 | case CRYPTO_SHA2_256_HMAC: |
525 | case CRYPTO_SHA2_384_HMAC: |
526 | case CRYPTO_SHA2_512_HMAC: |
527 | case CRYPTO_RIPEMD160_HMAC: |
528 | case CRYPTO_RIPEMD160_HMAC_96: |
529 | if (sw->sw_octx == NULL) |
530 | return EINVAL; |
531 | |
532 | axf->Final(aalg, &ctx); |
533 | memcpy(&ctx, sw->sw_octx, axf->ctxsize); |
534 | axf->Update(&ctx, aalg, axf->auth_hash->hashsize); |
535 | axf->Final(aalg, &ctx); |
536 | break; |
537 | |
538 | case CRYPTO_MD5_KPDK: |
539 | case CRYPTO_SHA1_KPDK: |
540 | if (sw->sw_octx == NULL) |
541 | return EINVAL; |
542 | |
543 | axf->Update(&ctx, sw->sw_octx, sw->sw_klen); |
544 | axf->Final(aalg, &ctx); |
545 | break; |
546 | |
547 | case CRYPTO_NULL_HMAC: |
548 | case CRYPTO_MD5: |
549 | case CRYPTO_SHA1: |
550 | case CRYPTO_AES_XCBC_MAC_96: |
551 | axf->Final(aalg, &ctx); |
552 | break; |
553 | } |
554 | |
555 | /* Inject the authentication data */ |
556 | switch (outtype) { |
557 | case CRYPTO_BUF_CONTIG: |
558 | (void)memcpy((char *)buf + crd->crd_inject, aalg, |
559 | axf->auth_hash->authsize); |
560 | break; |
561 | case CRYPTO_BUF_MBUF: |
562 | m_copyback((struct mbuf *) buf, crd->crd_inject, |
563 | axf->auth_hash->authsize, aalg); |
564 | break; |
565 | case CRYPTO_BUF_IOV: |
566 | memcpy(crp->crp_mac, aalg, axf->auth_hash->authsize); |
567 | break; |
568 | default: |
569 | return EINVAL; |
570 | } |
571 | return 0; |
572 | } |
573 | |
574 | /* |
575 | * Apply a combined encryption-authentication transformation |
576 | */ |
577 | static int |
578 | swcr_combined(struct cryptop *crp, int outtype) |
579 | { |
580 | uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))]; |
581 | u_char *blk = (u_char *)blkbuf; |
582 | u_char aalg[AALG_MAX_RESULT_LEN]; |
583 | u_char iv[EALG_MAX_BLOCK_LEN]; |
584 | union authctx ctx; |
585 | struct cryptodesc *crd, *crda = NULL, *crde = NULL; |
586 | struct swcr_data *sw, *swa, *swe = NULL; |
587 | const struct swcr_auth_hash *axf = NULL; |
588 | const struct swcr_enc_xform *exf = NULL; |
589 | void *buf = (void *)crp->crp_buf; |
590 | uint32_t *blkp; |
591 | int i, blksz = 0, ivlen = 0, len; |
592 | |
593 | for (crd = crp->crp_desc; crd; crd = crd->crd_next) { |
594 | for (sw = swcr_sessions[crp->crp_sid & 0xffffffff]; |
595 | sw && sw->sw_alg != crd->crd_alg; |
596 | sw = sw->sw_next) |
597 | ; |
598 | if (sw == NULL) |
599 | return (EINVAL); |
600 | |
601 | switch (sw->sw_alg) { |
602 | case CRYPTO_AES_GCM_16: |
603 | case CRYPTO_AES_GMAC: |
604 | swe = sw; |
605 | crde = crd; |
606 | exf = swe->sw_exf; |
607 | ivlen = exf->enc_xform->ivsize; |
608 | break; |
609 | case CRYPTO_AES_128_GMAC: |
610 | case CRYPTO_AES_192_GMAC: |
611 | case CRYPTO_AES_256_GMAC: |
612 | swa = sw; |
613 | crda = crd; |
614 | axf = swa->sw_axf; |
615 | if (swa->sw_ictx == 0) |
616 | return (EINVAL); |
617 | memcpy(&ctx, swa->sw_ictx, axf->ctxsize); |
618 | blksz = axf->auth_hash->blocksize; |
619 | break; |
620 | default: |
621 | return (EINVAL); |
622 | } |
623 | } |
624 | if (crde == NULL || crda == NULL) |
625 | return (EINVAL); |
626 | if (outtype == CRYPTO_BUF_CONTIG) |
627 | return (EINVAL); |
628 | |
629 | /* Initialize the IV */ |
630 | if (crde->crd_flags & CRD_F_ENCRYPT) { |
631 | /* IV explicitly provided ? */ |
632 | if (crde->crd_flags & CRD_F_IV_EXPLICIT) { |
633 | memcpy(iv, crde->crd_iv, ivlen); |
634 | if (exf->reinit) |
635 | exf->reinit(swe->sw_kschedule, iv, 0); |
636 | } else if (exf->reinit) |
637 | exf->reinit(swe->sw_kschedule, 0, iv); |
638 | else |
639 | cprng_fast(iv, ivlen); |
640 | |
641 | /* Do we need to write the IV */ |
642 | if (!(crde->crd_flags & CRD_F_IV_PRESENT)) |
643 | COPYBACK(outtype, buf, crde->crd_inject, ivlen, iv); |
644 | |
645 | } else { /* Decryption */ |
646 | /* IV explicitly provided ? */ |
647 | if (crde->crd_flags & CRD_F_IV_EXPLICIT) |
648 | memcpy(iv, crde->crd_iv, ivlen); |
649 | else { |
650 | /* Get IV off buf */ |
651 | COPYDATA(outtype, buf, crde->crd_inject, ivlen, iv); |
652 | } |
653 | if (exf->reinit) |
654 | exf->reinit(swe->sw_kschedule, iv, 0); |
655 | } |
656 | |
657 | /* Supply MAC with IV */ |
658 | if (axf->Reinit) |
659 | axf->Reinit(&ctx, iv, ivlen); |
660 | |
661 | /* Supply MAC with AAD */ |
662 | for (i = 0; i < crda->crd_len; i += blksz) { |
663 | len = MIN(crda->crd_len - i, blksz); |
664 | COPYDATA(outtype, buf, crda->crd_skip + i, len, blk); |
665 | axf->Update(&ctx, blk, len); |
666 | } |
667 | |
668 | /* Do encryption/decryption with MAC */ |
669 | for (i = 0; i < crde->crd_len; i += blksz) { |
670 | len = MIN(crde->crd_len - i, blksz); |
671 | if (len < blksz) |
672 | memset(blk, 0, blksz); |
673 | COPYDATA(outtype, buf, crde->crd_skip + i, len, blk); |
674 | if (crde->crd_flags & CRD_F_ENCRYPT) { |
675 | exf->encrypt(swe->sw_kschedule, blk); |
676 | axf->Update(&ctx, blk, len); |
677 | } else { |
678 | axf->Update(&ctx, blk, len); |
679 | exf->decrypt(swe->sw_kschedule, blk); |
680 | } |
681 | COPYBACK(outtype, buf, crde->crd_skip + i, len, blk); |
682 | } |
683 | |
684 | /* Do any required special finalization */ |
685 | switch (crda->crd_alg) { |
686 | case CRYPTO_AES_128_GMAC: |
687 | case CRYPTO_AES_192_GMAC: |
688 | case CRYPTO_AES_256_GMAC: |
689 | /* length block */ |
690 | memset(blk, 0, blksz); |
691 | blkp = (uint32_t *)blk + 1; |
692 | *blkp = htobe32(crda->crd_len * 8); |
693 | blkp = (uint32_t *)blk + 3; |
694 | *blkp = htobe32(crde->crd_len * 8); |
695 | axf->Update(&ctx, blk, blksz); |
696 | break; |
697 | } |
698 | |
699 | /* Finalize MAC */ |
700 | axf->Final(aalg, &ctx); |
701 | |
702 | /* Inject the authentication data */ |
703 | if (outtype == CRYPTO_BUF_MBUF) |
704 | COPYBACK(outtype, buf, crda->crd_inject, axf->auth_hash->authsize, aalg); |
705 | else |
706 | memcpy(crp->crp_mac, aalg, axf->auth_hash->authsize); |
707 | |
708 | return (0); |
709 | } |
710 | |
711 | /* |
712 | * Apply a compression/decompression algorithm |
713 | */ |
714 | static int |
715 | swcr_compdec(struct cryptodesc *crd, const struct swcr_data *sw, |
716 | void *buf, int outtype, int *res_size) |
717 | { |
718 | u_int8_t *data, *out; |
719 | const struct swcr_comp_algo *cxf; |
720 | int adj; |
721 | u_int32_t result; |
722 | |
723 | cxf = sw->sw_cxf; |
724 | |
725 | /* We must handle the whole buffer of data in one time |
726 | * then if there is not all the data in the mbuf, we must |
727 | * copy in a buffer. |
728 | */ |
729 | |
730 | data = malloc(crd->crd_len, M_CRYPTO_DATA, M_NOWAIT); |
731 | if (data == NULL) |
732 | return (EINVAL); |
733 | COPYDATA(outtype, buf, crd->crd_skip, crd->crd_len, data); |
734 | |
735 | if (crd->crd_flags & CRD_F_COMP) |
736 | result = cxf->compress(data, crd->crd_len, &out); |
737 | else |
738 | result = cxf->decompress(data, crd->crd_len, &out, |
739 | *res_size); |
740 | |
741 | free(data, M_CRYPTO_DATA); |
742 | if (result == 0) |
743 | return EINVAL; |
744 | |
745 | /* Copy back the (de)compressed data. m_copyback is |
746 | * extending the mbuf as necessary. |
747 | */ |
748 | *res_size = (int)result; |
749 | /* Check the compressed size when doing compression */ |
750 | if (crd->crd_flags & CRD_F_COMP && |
751 | sw->sw_alg == CRYPTO_DEFLATE_COMP_NOGROW && |
752 | result >= crd->crd_len) { |
753 | /* Compression was useless, we lost time */ |
754 | free(out, M_CRYPTO_DATA); |
755 | return 0; |
756 | } |
757 | |
758 | COPYBACK(outtype, buf, crd->crd_skip, result, out); |
759 | if (result < crd->crd_len) { |
760 | adj = result - crd->crd_len; |
761 | if (outtype == CRYPTO_BUF_MBUF) { |
762 | adj = result - crd->crd_len; |
763 | m_adj((struct mbuf *)buf, adj); |
764 | } |
765 | /* Don't adjust the iov_len, it breaks the kmem_free */ |
766 | } |
767 | free(out, M_CRYPTO_DATA); |
768 | return 0; |
769 | } |
770 | |
771 | /* |
772 | * Generate a new software session. |
773 | */ |
774 | static int |
775 | swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) |
776 | { |
777 | struct swcr_data **swd; |
778 | const struct swcr_auth_hash *axf; |
779 | const struct swcr_enc_xform *txf; |
780 | const struct swcr_comp_algo *cxf; |
781 | u_int32_t i; |
782 | int k, error; |
783 | |
784 | if (sid == NULL || cri == NULL) |
785 | return EINVAL; |
786 | |
787 | if (swcr_sessions) { |
788 | for (i = 1; i < swcr_sesnum; i++) |
789 | if (swcr_sessions[i] == NULL) |
790 | break; |
791 | } else |
792 | i = 1; /* NB: to silence compiler warning */ |
793 | |
794 | if (swcr_sessions == NULL || i == swcr_sesnum) { |
795 | if (swcr_sessions == NULL) { |
796 | i = 1; /* We leave swcr_sessions[0] empty */ |
797 | swcr_sesnum = CRYPTO_SW_SESSIONS; |
798 | } else |
799 | swcr_sesnum *= 2; |
800 | |
801 | swd = malloc(swcr_sesnum * sizeof(struct swcr_data *), |
802 | M_CRYPTO_DATA, M_NOWAIT); |
803 | if (swd == NULL) { |
804 | /* Reset session number */ |
805 | if (swcr_sesnum == CRYPTO_SW_SESSIONS) |
806 | swcr_sesnum = 0; |
807 | else |
808 | swcr_sesnum /= 2; |
809 | return ENOBUFS; |
810 | } |
811 | |
812 | memset(swd, 0, swcr_sesnum * sizeof(struct swcr_data *)); |
813 | |
814 | /* Copy existing sessions */ |
815 | if (swcr_sessions) { |
816 | memcpy(swd, swcr_sessions, |
817 | (swcr_sesnum / 2) * sizeof(struct swcr_data *)); |
818 | free(swcr_sessions, M_CRYPTO_DATA); |
819 | } |
820 | |
821 | swcr_sessions = swd; |
822 | } |
823 | |
824 | swd = &swcr_sessions[i]; |
825 | *sid = i; |
826 | |
827 | while (cri) { |
828 | *swd = malloc(sizeof **swd, M_CRYPTO_DATA, M_NOWAIT); |
829 | if (*swd == NULL) { |
830 | swcr_freesession(NULL, i); |
831 | return ENOBUFS; |
832 | } |
833 | memset(*swd, 0, sizeof(struct swcr_data)); |
834 | |
835 | switch (cri->cri_alg) { |
836 | case CRYPTO_DES_CBC: |
837 | txf = &swcr_enc_xform_des; |
838 | goto enccommon; |
839 | case CRYPTO_3DES_CBC: |
840 | txf = &swcr_enc_xform_3des; |
841 | goto enccommon; |
842 | case CRYPTO_BLF_CBC: |
843 | txf = &swcr_enc_xform_blf; |
844 | goto enccommon; |
845 | case CRYPTO_CAST_CBC: |
846 | txf = &swcr_enc_xform_cast5; |
847 | goto enccommon; |
848 | case CRYPTO_SKIPJACK_CBC: |
849 | txf = &swcr_enc_xform_skipjack; |
850 | goto enccommon; |
851 | case CRYPTO_RIJNDAEL128_CBC: |
852 | txf = &swcr_enc_xform_rijndael128; |
853 | goto enccommon; |
854 | case CRYPTO_CAMELLIA_CBC: |
855 | txf = &swcr_enc_xform_camellia; |
856 | goto enccommon; |
857 | case CRYPTO_AES_CTR: |
858 | txf = &swcr_enc_xform_aes_ctr; |
859 | goto enccommon; |
860 | case CRYPTO_AES_GCM_16: |
861 | txf = &swcr_enc_xform_aes_gcm; |
862 | goto enccommon; |
863 | case CRYPTO_AES_GMAC: |
864 | txf = &swcr_enc_xform_aes_gmac; |
865 | goto enccommon; |
866 | case CRYPTO_NULL_CBC: |
867 | txf = &swcr_enc_xform_null; |
868 | goto enccommon; |
869 | enccommon: |
870 | error = txf->setkey(&((*swd)->sw_kschedule), |
871 | cri->cri_key, cri->cri_klen / 8); |
872 | if (error) { |
873 | swcr_freesession(NULL, i); |
874 | return error; |
875 | } |
876 | (*swd)->sw_exf = txf; |
877 | break; |
878 | |
879 | case CRYPTO_MD5_HMAC: |
880 | axf = &swcr_auth_hash_hmac_md5; |
881 | goto authcommon; |
882 | case CRYPTO_MD5_HMAC_96: |
883 | axf = &swcr_auth_hash_hmac_md5_96; |
884 | goto authcommon; |
885 | case CRYPTO_SHA1_HMAC: |
886 | axf = &swcr_auth_hash_hmac_sha1; |
887 | goto authcommon; |
888 | case CRYPTO_SHA1_HMAC_96: |
889 | axf = &swcr_auth_hash_hmac_sha1_96; |
890 | goto authcommon; |
891 | case CRYPTO_SHA2_256_HMAC: |
892 | axf = &swcr_auth_hash_hmac_sha2_256; |
893 | goto authcommon; |
894 | case CRYPTO_SHA2_384_HMAC: |
895 | axf = &swcr_auth_hash_hmac_sha2_384; |
896 | goto authcommon; |
897 | case CRYPTO_SHA2_512_HMAC: |
898 | axf = &swcr_auth_hash_hmac_sha2_512; |
899 | goto authcommon; |
900 | case CRYPTO_NULL_HMAC: |
901 | axf = &swcr_auth_hash_null; |
902 | goto authcommon; |
903 | case CRYPTO_RIPEMD160_HMAC: |
904 | axf = &swcr_auth_hash_hmac_ripemd_160; |
905 | goto authcommon; |
906 | case CRYPTO_RIPEMD160_HMAC_96: |
907 | axf = &swcr_auth_hash_hmac_ripemd_160_96; |
908 | goto authcommon; /* leave this for safety */ |
909 | authcommon: |
910 | (*swd)->sw_ictx = malloc(axf->ctxsize, |
911 | M_CRYPTO_DATA, M_NOWAIT); |
912 | if ((*swd)->sw_ictx == NULL) { |
913 | swcr_freesession(NULL, i); |
914 | return ENOBUFS; |
915 | } |
916 | |
917 | (*swd)->sw_octx = malloc(axf->ctxsize, |
918 | M_CRYPTO_DATA, M_NOWAIT); |
919 | if ((*swd)->sw_octx == NULL) { |
920 | swcr_freesession(NULL, i); |
921 | return ENOBUFS; |
922 | } |
923 | |
924 | for (k = 0; k < cri->cri_klen / 8; k++) |
925 | cri->cri_key[k] ^= HMAC_IPAD_VAL; |
926 | |
927 | axf->Init((*swd)->sw_ictx); |
928 | axf->Update((*swd)->sw_ictx, cri->cri_key, |
929 | cri->cri_klen / 8); |
930 | axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, |
931 | axf->auth_hash->blocksize - (cri->cri_klen / 8)); |
932 | |
933 | for (k = 0; k < cri->cri_klen / 8; k++) |
934 | cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); |
935 | |
936 | axf->Init((*swd)->sw_octx); |
937 | axf->Update((*swd)->sw_octx, cri->cri_key, |
938 | cri->cri_klen / 8); |
939 | axf->Update((*swd)->sw_octx, hmac_opad_buffer, |
940 | axf->auth_hash->blocksize - (cri->cri_klen / 8)); |
941 | |
942 | for (k = 0; k < cri->cri_klen / 8; k++) |
943 | cri->cri_key[k] ^= HMAC_OPAD_VAL; |
944 | (*swd)->sw_axf = axf; |
945 | break; |
946 | |
947 | case CRYPTO_MD5_KPDK: |
948 | axf = &swcr_auth_hash_key_md5; |
949 | goto auth2common; |
950 | |
951 | case CRYPTO_SHA1_KPDK: |
952 | axf = &swcr_auth_hash_key_sha1; |
953 | auth2common: |
954 | (*swd)->sw_ictx = malloc(axf->ctxsize, |
955 | M_CRYPTO_DATA, M_NOWAIT); |
956 | if ((*swd)->sw_ictx == NULL) { |
957 | swcr_freesession(NULL, i); |
958 | return ENOBUFS; |
959 | } |
960 | |
961 | /* Store the key so we can "append" it to the payload */ |
962 | (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, |
963 | M_NOWAIT); |
964 | if ((*swd)->sw_octx == NULL) { |
965 | swcr_freesession(NULL, i); |
966 | return ENOBUFS; |
967 | } |
968 | |
969 | (*swd)->sw_klen = cri->cri_klen / 8; |
970 | memcpy((*swd)->sw_octx, cri->cri_key, cri->cri_klen / 8); |
971 | axf->Init((*swd)->sw_ictx); |
972 | axf->Update((*swd)->sw_ictx, cri->cri_key, |
973 | cri->cri_klen / 8); |
974 | axf->Final(NULL, (*swd)->sw_ictx); |
975 | (*swd)->sw_axf = axf; |
976 | break; |
977 | |
978 | case CRYPTO_MD5: |
979 | axf = &swcr_auth_hash_md5; |
980 | goto auth3common; |
981 | |
982 | case CRYPTO_SHA1: |
983 | axf = &swcr_auth_hash_sha1; |
984 | auth3common: |
985 | (*swd)->sw_ictx = malloc(axf->ctxsize, |
986 | M_CRYPTO_DATA, M_NOWAIT); |
987 | if ((*swd)->sw_ictx == NULL) { |
988 | swcr_freesession(NULL, i); |
989 | return ENOBUFS; |
990 | } |
991 | |
992 | axf->Init((*swd)->sw_ictx); |
993 | (*swd)->sw_axf = axf; |
994 | break; |
995 | |
996 | case CRYPTO_AES_XCBC_MAC_96: |
997 | axf = &swcr_auth_hash_aes_xcbc_mac; |
998 | goto auth4common; |
999 | case CRYPTO_AES_128_GMAC: |
1000 | axf = &swcr_auth_hash_gmac_aes_128; |
1001 | goto auth4common; |
1002 | case CRYPTO_AES_192_GMAC: |
1003 | axf = &swcr_auth_hash_gmac_aes_192; |
1004 | goto auth4common; |
1005 | case CRYPTO_AES_256_GMAC: |
1006 | axf = &swcr_auth_hash_gmac_aes_256; |
1007 | auth4common: |
1008 | (*swd)->sw_ictx = malloc(axf->ctxsize, |
1009 | M_CRYPTO_DATA, M_NOWAIT); |
1010 | if ((*swd)->sw_ictx == NULL) { |
1011 | swcr_freesession(NULL, i); |
1012 | return ENOBUFS; |
1013 | } |
1014 | axf->Init((*swd)->sw_ictx); |
1015 | axf->Setkey((*swd)->sw_ictx, |
1016 | cri->cri_key, cri->cri_klen / 8); |
1017 | (*swd)->sw_axf = axf; |
1018 | break; |
1019 | |
1020 | case CRYPTO_DEFLATE_COMP: |
1021 | cxf = &swcr_comp_algo_deflate; |
1022 | (*swd)->sw_cxf = cxf; |
1023 | break; |
1024 | |
1025 | case CRYPTO_DEFLATE_COMP_NOGROW: |
1026 | cxf = &swcr_comp_algo_deflate_nogrow; |
1027 | (*swd)->sw_cxf = cxf; |
1028 | break; |
1029 | |
1030 | case CRYPTO_GZIP_COMP: |
1031 | cxf = &swcr_comp_algo_gzip; |
1032 | (*swd)->sw_cxf = cxf; |
1033 | break; |
1034 | default: |
1035 | swcr_freesession(NULL, i); |
1036 | return EINVAL; |
1037 | } |
1038 | |
1039 | (*swd)->sw_alg = cri->cri_alg; |
1040 | cri = cri->cri_next; |
1041 | swd = &((*swd)->sw_next); |
1042 | } |
1043 | return 0; |
1044 | } |
1045 | |
1046 | /* |
1047 | * Free a session. |
1048 | */ |
1049 | static int |
1050 | swcr_freesession(void *arg, u_int64_t tid) |
1051 | { |
1052 | struct swcr_data *swd; |
1053 | const struct swcr_enc_xform *txf; |
1054 | const struct swcr_auth_hash *axf; |
1055 | u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; |
1056 | |
1057 | if (sid > swcr_sesnum || swcr_sessions == NULL || |
1058 | swcr_sessions[sid] == NULL) |
1059 | return EINVAL; |
1060 | |
1061 | /* Silently accept and return */ |
1062 | if (sid == 0) |
1063 | return 0; |
1064 | |
1065 | while ((swd = swcr_sessions[sid]) != NULL) { |
1066 | swcr_sessions[sid] = swd->sw_next; |
1067 | |
1068 | switch (swd->sw_alg) { |
1069 | case CRYPTO_DES_CBC: |
1070 | case CRYPTO_3DES_CBC: |
1071 | case CRYPTO_BLF_CBC: |
1072 | case CRYPTO_CAST_CBC: |
1073 | case CRYPTO_SKIPJACK_CBC: |
1074 | case CRYPTO_RIJNDAEL128_CBC: |
1075 | case CRYPTO_CAMELLIA_CBC: |
1076 | case CRYPTO_AES_CTR: |
1077 | case CRYPTO_AES_GCM_16: |
1078 | case CRYPTO_AES_GMAC: |
1079 | case CRYPTO_NULL_CBC: |
1080 | txf = swd->sw_exf; |
1081 | |
1082 | if (swd->sw_kschedule) |
1083 | txf->zerokey(&(swd->sw_kschedule)); |
1084 | break; |
1085 | |
1086 | case CRYPTO_MD5_HMAC: |
1087 | case CRYPTO_MD5_HMAC_96: |
1088 | case CRYPTO_SHA1_HMAC: |
1089 | case CRYPTO_SHA1_HMAC_96: |
1090 | case CRYPTO_SHA2_256_HMAC: |
1091 | case CRYPTO_SHA2_384_HMAC: |
1092 | case CRYPTO_SHA2_512_HMAC: |
1093 | case CRYPTO_RIPEMD160_HMAC: |
1094 | case CRYPTO_RIPEMD160_HMAC_96: |
1095 | case CRYPTO_NULL_HMAC: |
1096 | axf = swd->sw_axf; |
1097 | |
1098 | if (swd->sw_ictx) { |
1099 | explicit_memset(swd->sw_ictx, 0, axf->ctxsize); |
1100 | free(swd->sw_ictx, M_CRYPTO_DATA); |
1101 | } |
1102 | if (swd->sw_octx) { |
1103 | explicit_memset(swd->sw_octx, 0, axf->ctxsize); |
1104 | free(swd->sw_octx, M_CRYPTO_DATA); |
1105 | } |
1106 | break; |
1107 | |
1108 | case CRYPTO_MD5_KPDK: |
1109 | case CRYPTO_SHA1_KPDK: |
1110 | axf = swd->sw_axf; |
1111 | |
1112 | if (swd->sw_ictx) { |
1113 | explicit_memset(swd->sw_ictx, 0, axf->ctxsize); |
1114 | free(swd->sw_ictx, M_CRYPTO_DATA); |
1115 | } |
1116 | if (swd->sw_octx) { |
1117 | explicit_memset(swd->sw_octx, 0, swd->sw_klen); |
1118 | free(swd->sw_octx, M_CRYPTO_DATA); |
1119 | } |
1120 | break; |
1121 | |
1122 | case CRYPTO_MD5: |
1123 | case CRYPTO_SHA1: |
1124 | case CRYPTO_AES_XCBC_MAC_96: |
1125 | case CRYPTO_AES_128_GMAC: |
1126 | case CRYPTO_AES_192_GMAC: |
1127 | case CRYPTO_AES_256_GMAC: |
1128 | axf = swd->sw_axf; |
1129 | |
1130 | if (swd->sw_ictx) { |
1131 | explicit_memset(swd->sw_ictx, 0, axf->ctxsize); |
1132 | free(swd->sw_ictx, M_CRYPTO_DATA); |
1133 | } |
1134 | break; |
1135 | |
1136 | case CRYPTO_DEFLATE_COMP: |
1137 | case CRYPTO_DEFLATE_COMP_NOGROW: |
1138 | case CRYPTO_GZIP_COMP: |
1139 | break; |
1140 | } |
1141 | |
1142 | free(swd, M_CRYPTO_DATA); |
1143 | } |
1144 | return 0; |
1145 | } |
1146 | |
1147 | /* |
1148 | * Process a software request. |
1149 | */ |
1150 | static int |
1151 | swcr_process(void *arg, struct cryptop *crp, int hint) |
1152 | { |
1153 | struct cryptodesc *crd; |
1154 | struct swcr_data *sw; |
1155 | u_int32_t lid; |
1156 | int type; |
1157 | |
1158 | /* Sanity check */ |
1159 | if (crp == NULL) |
1160 | return EINVAL; |
1161 | |
1162 | if (crp->crp_desc == NULL || crp->crp_buf == NULL) { |
1163 | crp->crp_etype = EINVAL; |
1164 | goto done; |
1165 | } |
1166 | |
1167 | lid = crp->crp_sid & 0xffffffff; |
1168 | if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) { |
1169 | crp->crp_etype = ENOENT; |
1170 | goto done; |
1171 | } |
1172 | |
1173 | if (crp->crp_flags & CRYPTO_F_IMBUF) { |
1174 | type = CRYPTO_BUF_MBUF; |
1175 | } else if (crp->crp_flags & CRYPTO_F_IOV) { |
1176 | type = CRYPTO_BUF_IOV; |
1177 | } else { |
1178 | type = CRYPTO_BUF_CONTIG; |
1179 | } |
1180 | |
1181 | /* Go through crypto descriptors, processing as we go */ |
1182 | for (crd = crp->crp_desc; crd; crd = crd->crd_next) { |
1183 | /* |
1184 | * Find the crypto context. |
1185 | * |
1186 | * XXX Note that the logic here prevents us from having |
1187 | * XXX the same algorithm multiple times in a session |
1188 | * XXX (or rather, we can but it won't give us the right |
1189 | * XXX results). To do that, we'd need some way of differentiating |
1190 | * XXX between the various instances of an algorithm (so we can |
1191 | * XXX locate the correct crypto context). |
1192 | */ |
1193 | for (sw = swcr_sessions[lid]; |
1194 | sw && sw->sw_alg != crd->crd_alg; |
1195 | sw = sw->sw_next) |
1196 | ; |
1197 | |
1198 | /* No such context ? */ |
1199 | if (sw == NULL) { |
1200 | crp->crp_etype = EINVAL; |
1201 | goto done; |
1202 | } |
1203 | |
1204 | switch (sw->sw_alg) { |
1205 | case CRYPTO_DES_CBC: |
1206 | case CRYPTO_3DES_CBC: |
1207 | case CRYPTO_BLF_CBC: |
1208 | case CRYPTO_CAST_CBC: |
1209 | case CRYPTO_SKIPJACK_CBC: |
1210 | case CRYPTO_RIJNDAEL128_CBC: |
1211 | case CRYPTO_CAMELLIA_CBC: |
1212 | case CRYPTO_AES_CTR: |
1213 | if ((crp->crp_etype = swcr_encdec(crd, sw, |
1214 | crp->crp_buf, type)) != 0) |
1215 | goto done; |
1216 | break; |
1217 | case CRYPTO_NULL_CBC: |
1218 | crp->crp_etype = 0; |
1219 | break; |
1220 | case CRYPTO_MD5_HMAC: |
1221 | case CRYPTO_MD5_HMAC_96: |
1222 | case CRYPTO_SHA1_HMAC: |
1223 | case CRYPTO_SHA1_HMAC_96: |
1224 | case CRYPTO_SHA2_256_HMAC: |
1225 | case CRYPTO_SHA2_384_HMAC: |
1226 | case CRYPTO_SHA2_512_HMAC: |
1227 | case CRYPTO_RIPEMD160_HMAC: |
1228 | case CRYPTO_RIPEMD160_HMAC_96: |
1229 | case CRYPTO_NULL_HMAC: |
1230 | case CRYPTO_MD5_KPDK: |
1231 | case CRYPTO_SHA1_KPDK: |
1232 | case CRYPTO_MD5: |
1233 | case CRYPTO_SHA1: |
1234 | case CRYPTO_AES_XCBC_MAC_96: |
1235 | if ((crp->crp_etype = swcr_authcompute(crp, crd, sw, |
1236 | crp->crp_buf, type)) != 0) |
1237 | goto done; |
1238 | break; |
1239 | |
1240 | case CRYPTO_AES_GCM_16: |
1241 | case CRYPTO_AES_GMAC: |
1242 | case CRYPTO_AES_128_GMAC: |
1243 | case CRYPTO_AES_192_GMAC: |
1244 | case CRYPTO_AES_256_GMAC: |
1245 | crp->crp_etype = swcr_combined(crp, type); |
1246 | goto done; |
1247 | |
1248 | case CRYPTO_DEFLATE_COMP: |
1249 | case CRYPTO_DEFLATE_COMP_NOGROW: |
1250 | case CRYPTO_GZIP_COMP: |
1251 | DPRINTF(("swcr_process: compdec for %d\n" , sw->sw_alg)); |
1252 | if ((crp->crp_etype = swcr_compdec(crd, sw, |
1253 | crp->crp_buf, type, &crp->crp_olen)) != 0) |
1254 | goto done; |
1255 | break; |
1256 | |
1257 | default: |
1258 | /* Unknown/unsupported algorithm */ |
1259 | crp->crp_etype = EINVAL; |
1260 | goto done; |
1261 | } |
1262 | } |
1263 | |
1264 | done: |
1265 | DPRINTF(("request %p done\n" , crp)); |
1266 | crypto_done(crp); |
1267 | return 0; |
1268 | } |
1269 | |
1270 | static void |
1271 | swcr_init(void) |
1272 | { |
1273 | swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE); |
1274 | if (swcr_id < 0) { |
1275 | /* This should never happen */ |
1276 | panic("Software crypto device cannot initialize!" ); |
1277 | } |
1278 | |
1279 | crypto_register(swcr_id, CRYPTO_DES_CBC, |
1280 | 0, 0, swcr_newsession, swcr_freesession, swcr_process, NULL); |
1281 | #define REGISTER(alg) \ |
1282 | crypto_register(swcr_id, alg, 0, 0, NULL, NULL, NULL, NULL) |
1283 | |
1284 | REGISTER(CRYPTO_3DES_CBC); |
1285 | REGISTER(CRYPTO_BLF_CBC); |
1286 | REGISTER(CRYPTO_CAST_CBC); |
1287 | REGISTER(CRYPTO_SKIPJACK_CBC); |
1288 | REGISTER(CRYPTO_CAMELLIA_CBC); |
1289 | REGISTER(CRYPTO_AES_CTR); |
1290 | REGISTER(CRYPTO_AES_GCM_16); |
1291 | REGISTER(CRYPTO_AES_GMAC); |
1292 | REGISTER(CRYPTO_NULL_CBC); |
1293 | REGISTER(CRYPTO_MD5_HMAC); |
1294 | REGISTER(CRYPTO_MD5_HMAC_96); |
1295 | REGISTER(CRYPTO_SHA1_HMAC); |
1296 | REGISTER(CRYPTO_SHA1_HMAC_96); |
1297 | REGISTER(CRYPTO_SHA2_256_HMAC); |
1298 | REGISTER(CRYPTO_SHA2_384_HMAC); |
1299 | REGISTER(CRYPTO_SHA2_512_HMAC); |
1300 | REGISTER(CRYPTO_RIPEMD160_HMAC); |
1301 | REGISTER(CRYPTO_RIPEMD160_HMAC_96); |
1302 | REGISTER(CRYPTO_NULL_HMAC); |
1303 | REGISTER(CRYPTO_MD5_KPDK); |
1304 | REGISTER(CRYPTO_SHA1_KPDK); |
1305 | REGISTER(CRYPTO_MD5); |
1306 | REGISTER(CRYPTO_SHA1); |
1307 | REGISTER(CRYPTO_AES_XCBC_MAC_96); |
1308 | REGISTER(CRYPTO_AES_128_GMAC); |
1309 | REGISTER(CRYPTO_AES_192_GMAC); |
1310 | REGISTER(CRYPTO_AES_256_GMAC); |
1311 | REGISTER(CRYPTO_RIJNDAEL128_CBC); |
1312 | REGISTER(CRYPTO_DEFLATE_COMP); |
1313 | REGISTER(CRYPTO_DEFLATE_COMP_NOGROW); |
1314 | REGISTER(CRYPTO_GZIP_COMP); |
1315 | #undef REGISTER |
1316 | } |
1317 | |
1318 | |
1319 | /* |
1320 | * Pseudo-device init routine for software crypto. |
1321 | */ |
1322 | |
1323 | void |
1324 | swcryptoattach(int num) |
1325 | { |
1326 | |
1327 | swcr_init(); |
1328 | } |
1329 | |
1330 | void swcrypto_attach(device_t, device_t, void *); |
1331 | |
1332 | void |
1333 | swcrypto_attach(device_t parent, device_t self, void *opaque) |
1334 | { |
1335 | |
1336 | swcr_init(); |
1337 | |
1338 | if (!pmf_device_register(self, NULL, NULL)) |
1339 | aprint_error_dev(self, "couldn't establish power handler\n" ); |
1340 | } |
1341 | |
1342 | int swcrypto_detach(device_t, int); |
1343 | |
1344 | int |
1345 | swcrypto_detach(device_t self, int flag) |
1346 | { |
1347 | pmf_device_deregister(self); |
1348 | if (swcr_id >= 0) |
1349 | crypto_unregister_all(swcr_id); |
1350 | return 0; |
1351 | } |
1352 | |
1353 | int swcrypto_match(device_t, cfdata_t, void *); |
1354 | |
1355 | int |
1356 | swcrypto_match(device_t parent, cfdata_t data, void *opaque) |
1357 | { |
1358 | |
1359 | return 1; |
1360 | } |
1361 | |
1362 | MODULE(MODULE_CLASS_DRIVER, swcrypto, |
1363 | "opencrypto,zlib,blowfish,des,cast128,camellia,skipjack" ); |
1364 | |
1365 | CFDRIVER_DECL(swcrypto, DV_DULL, NULL); |
1366 | |
1367 | CFATTACH_DECL2_NEW(swcrypto, 0, swcrypto_match, swcrypto_attach, |
1368 | swcrypto_detach, NULL, NULL, NULL); |
1369 | |
1370 | static int swcryptoloc[] = { -1, -1 }; |
1371 | |
1372 | static struct cfdata swcrypto_cfdata[] = { |
1373 | { |
1374 | .cf_name = "swcrypto" , |
1375 | .cf_atname = "swcrypto" , |
1376 | .cf_unit = 0, |
1377 | .cf_fstate = 0, |
1378 | .cf_loc = swcryptoloc, |
1379 | .cf_flags = 0, |
1380 | .cf_pspec = NULL, |
1381 | }, |
1382 | { NULL, NULL, 0, 0, NULL, 0, NULL } |
1383 | }; |
1384 | |
1385 | static int |
1386 | swcrypto_modcmd(modcmd_t cmd, void *arg) |
1387 | { |
1388 | int error; |
1389 | |
1390 | switch (cmd) { |
1391 | case MODULE_CMD_INIT: |
1392 | error = config_cfdriver_attach(&swcrypto_cd); |
1393 | if (error) { |
1394 | return error; |
1395 | } |
1396 | |
1397 | error = config_cfattach_attach(swcrypto_cd.cd_name, |
1398 | &swcrypto_ca); |
1399 | if (error) { |
1400 | config_cfdriver_detach(&swcrypto_cd); |
1401 | aprint_error("%s: unable to register cfattach\n" , |
1402 | swcrypto_cd.cd_name); |
1403 | |
1404 | return error; |
1405 | } |
1406 | |
1407 | error = config_cfdata_attach(swcrypto_cfdata, 1); |
1408 | if (error) { |
1409 | config_cfattach_detach(swcrypto_cd.cd_name, |
1410 | &swcrypto_ca); |
1411 | config_cfdriver_detach(&swcrypto_cd); |
1412 | aprint_error("%s: unable to register cfdata\n" , |
1413 | swcrypto_cd.cd_name); |
1414 | |
1415 | return error; |
1416 | } |
1417 | |
1418 | (void)config_attach_pseudo(swcrypto_cfdata); |
1419 | |
1420 | return 0; |
1421 | case MODULE_CMD_FINI: |
1422 | error = config_cfdata_detach(swcrypto_cfdata); |
1423 | if (error) { |
1424 | return error; |
1425 | } |
1426 | |
1427 | config_cfattach_detach(swcrypto_cd.cd_name, &swcrypto_ca); |
1428 | config_cfdriver_detach(&swcrypto_cd); |
1429 | |
1430 | return 0; |
1431 | default: |
1432 | return ENOTTY; |
1433 | } |
1434 | } |
1435 | |