]>
Commit | Line | Data |
---|---|---|
b1322259 RS |
1 | /* |
2 | * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
76dfca87 RL |
10 | /* |
11 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | |
12 | * Copyright (c) 2002 Theo de Raadt | |
13 | * Copyright (c) 2002 Markus Friedl | |
efcad82b | 14 | * Copyright (c) 2012 Nikos Mavrogiannopoulos |
76dfca87 RL |
15 | * All rights reserved. |
16 | * | |
17 | * Redistribution and use in source and binary forms, with or without | |
18 | * modification, are permitted provided that the following conditions | |
19 | * are met: | |
20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in the | |
24 | * documentation and/or other materials provided with the distribution. | |
76dfca87 RL |
25 | * |
26 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY | |
27 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
28 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
29 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY | |
30 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
31 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
32 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
33 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
34 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
35 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
36 | * | |
37 | */ | |
38 | ||
39 | #include <openssl/objects.h> | |
7b9f8f7f | 40 | #include <internal/engine.h> |
76dfca87 | 41 | #include <openssl/evp.h> |
ac0d0a5e | 42 | #include <openssl/bn.h> |
7b9f8f7f | 43 | #include <openssl/crypto.h> |
76dfca87 | 44 | |
6145b0b1 | 45 | #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ |
2df7f11f | 46 | (defined(OpenBSD) || defined(__FreeBSD__) || defined(__DragonFly__)) |
0f113f3e | 47 | # include <sys/param.h> |
2df7f11f | 48 | # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__DragonFly__) |
c00cee00 RL |
49 | # define HAVE_CRYPTODEV |
50 | # endif | |
51 | # if (OpenBSD >= 200110) | |
52 | # define HAVE_SYSLOG_R | |
53 | # endif | |
54 | #endif | |
b84d5b72 | 55 | |
84cf97af BL |
56 | #include <sys/types.h> |
57 | #ifdef HAVE_CRYPTODEV | |
58 | # include <crypto/cryptodev.h> | |
d2c3d5d4 BL |
59 | # include <sys/ioctl.h> |
60 | # include <errno.h> | |
61 | # include <stdio.h> | |
62 | # include <unistd.h> | |
63 | # include <fcntl.h> | |
64 | # include <stdarg.h> | |
65 | # include <syslog.h> | |
66 | # include <errno.h> | |
67 | # include <string.h> | |
84cf97af | 68 | #endif |
3c27208f | 69 | #include <openssl/dh.h> |
84cf97af BL |
70 | #include <openssl/dsa.h> |
71 | #include <openssl/err.h> | |
72 | #include <openssl/rsa.h> | |
84cf97af | 73 | |
c00cee00 | 74 | #ifndef HAVE_CRYPTODEV |
b84d5b72 | 75 | |
b3599dbb | 76 | void engine_load_cryptodev_int(void) |
b84d5b72 | 77 | { |
0f113f3e MC |
78 | /* This is a NOP on platforms without /dev/crypto */ |
79 | return; | |
b84d5b72 RL |
80 | } |
81 | ||
0f113f3e | 82 | #else |
8b968750 | 83 | |
0f113f3e MC |
84 | struct dev_crypto_state { |
85 | struct session_op d_sess; | |
86 | int d_fd; | |
87 | # ifdef USE_CRYPTODEV_DIGESTS | |
0f113f3e MC |
88 | unsigned char digest_res[HASH_MAX_LEN]; |
89 | char *mac_data; | |
90 | int mac_len; | |
91 | # endif | |
76dfca87 RL |
92 | }; |
93 | ||
94 | static u_int32_t cryptodev_asymfeat = 0; | |
95 | ||
a97d19d9 | 96 | static RSA_METHOD *cryptodev_rsa; |
efcad82b | 97 | # ifndef OPENSSL_NO_DSA |
6e9fa57c | 98 | static DSA_METHOD *cryptodev_dsa = NULL; |
efcad82b NM |
99 | # endif |
100 | # ifndef OPENSSL_NO_DH | |
a97d19d9 | 101 | static DH_METHOD *cryptodev_dh; |
efcad82b | 102 | # endif |
6e9fa57c | 103 | |
76dfca87 RL |
104 | static int get_asym_dev_crypto(void); |
105 | static int open_dev_crypto(void); | |
106 | static int get_dev_crypto(void); | |
76dfca87 | 107 | static int get_cryptodev_ciphers(const int **cnids); |
0f113f3e | 108 | # ifdef USE_CRYPTODEV_DIGESTS |
5e28ccb7 | 109 | static int get_cryptodev_digests(const int **cnids); |
0f113f3e | 110 | # endif |
76dfca87 RL |
111 | static int cryptodev_usable_ciphers(const int **nids); |
112 | static int cryptodev_usable_digests(const int **nids); | |
113 | static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
0f113f3e | 114 | const unsigned char *in, size_t inl); |
76dfca87 | 115 | static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
0f113f3e | 116 | const unsigned char *iv, int enc); |
76dfca87 RL |
117 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); |
118 | static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
0f113f3e | 119 | const int **nids, int nid); |
76dfca87 | 120 | static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, |
0f113f3e | 121 | const int **nids, int nid); |
76dfca87 RL |
122 | static int bn2crparam(const BIGNUM *a, struct crparam *crp); |
123 | static int crparam2bn(struct crparam *crp, BIGNUM *a); | |
124 | static void zapparams(struct crypt_kop *kop); | |
125 | static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, | |
0f113f3e | 126 | int slen, BIGNUM *s); |
76dfca87 RL |
127 | |
128 | static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | |
0f113f3e MC |
129 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, |
130 | BN_MONT_CTX *m_ctx); | |
131 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | |
132 | BN_CTX *ctx); | |
133 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | |
134 | BN_CTX *ctx); | |
efcad82b | 135 | # ifndef OPENSSL_NO_DSA |
24bf6f3c | 136 | static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, |
0f113f3e MC |
137 | const BIGNUM *p, const BIGNUM *m, |
138 | BN_CTX *ctx, BN_MONT_CTX *m_ctx); | |
24bf6f3c BL |
139 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g, |
140 | const BIGNUM *u1, const BIGNUM *pub_key, | |
141 | const BIGNUM *u2, const BIGNUM *p, | |
142 | BN_CTX *ctx, BN_MONT_CTX *mont); | |
0f113f3e MC |
143 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, |
144 | DSA *dsa); | |
76dfca87 | 145 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, |
0f113f3e | 146 | DSA_SIG *sig, DSA *dsa); |
efcad82b NM |
147 | # endif |
148 | # ifndef OPENSSL_NO_DH | |
76dfca87 | 149 | static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, |
0f113f3e MC |
150 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, |
151 | BN_MONT_CTX *m_ctx); | |
152 | static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, | |
153 | DH *dh); | |
efcad82b | 154 | # endif |
76dfca87 | 155 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, |
0f113f3e | 156 | void (*f) (void)); |
b3599dbb | 157 | void engine_load_cryptodev_int(void); |
76dfca87 RL |
158 | |
159 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | |
0f113f3e | 160 | {0, NULL, NULL, 0} |
76dfca87 RL |
161 | }; |
162 | ||
163 | static struct { | |
0f113f3e MC |
164 | int id; |
165 | int nid; | |
166 | int ivmax; | |
167 | int keylen; | |
76dfca87 | 168 | } ciphers[] = { |
098eb1a7 IG |
169 | {CRYPTO_ARC4, NID_rc4, 0, 16}, |
170 | {CRYPTO_DES_CBC, NID_des_cbc, 8, 8}, | |
171 | {CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24}, | |
f53e0674 | 172 | {CRYPTO_3DES_ECB, NID_des_ede3_ecb, 0, 24}, |
098eb1a7 IG |
173 | {CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16}, |
174 | {CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24}, | |
175 | {CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32}, | |
176 | {CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16}, | |
177 | {CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24}, | |
178 | {CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32}, | |
f53e0674 IG |
179 | {CRYPTO_AES_ECB, NID_aes_128_ecb, 0, 16}, |
180 | {CRYPTO_AES_ECB, NID_aes_192_ecb, 0, 24}, | |
181 | {CRYPTO_AES_ECB, NID_aes_256_ecb, 0, 32}, | |
098eb1a7 IG |
182 | {CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16}, |
183 | {CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16}, | |
184 | {CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0}, | |
f53e0674 | 185 | {0, NID_undef, 0, 0}, |
76dfca87 RL |
186 | }; |
187 | ||
0f113f3e | 188 | # ifdef USE_CRYPTODEV_DIGESTS |
76dfca87 | 189 | static struct { |
0f113f3e MC |
190 | int id; |
191 | int nid; | |
098eb1a7 | 192 | int digestlen; |
76dfca87 | 193 | } digests[] = { |
098eb1a7 IG |
194 | {CRYPTO_MD5, NID_md5, 16}, |
195 | {CRYPTO_SHA1, NID_sha1, 20}, | |
196 | {CRYPTO_SHA2_256, NID_sha256, 32}, | |
197 | {CRYPTO_SHA2_384, NID_sha384, 48}, | |
198 | {CRYPTO_SHA2_512, NID_sha512, 64}, | |
199 | {0, NID_undef, 0}, | |
76dfca87 | 200 | }; |
0f113f3e | 201 | # endif |
76dfca87 RL |
202 | |
203 | /* | |
204 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | |
205 | */ | |
0f113f3e | 206 | static int open_dev_crypto(void) |
76dfca87 | 207 | { |
0f113f3e MC |
208 | static int fd = -1; |
209 | ||
210 | if (fd == -1) { | |
211 | if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | |
212 | return (-1); | |
213 | /* close on exec */ | |
214 | if (fcntl(fd, F_SETFD, 1) == -1) { | |
215 | close(fd); | |
216 | fd = -1; | |
217 | return (-1); | |
218 | } | |
219 | } | |
220 | return (fd); | |
76dfca87 RL |
221 | } |
222 | ||
0f113f3e | 223 | static int get_dev_crypto(void) |
76dfca87 | 224 | { |
0f113f3e MC |
225 | int fd, retfd; |
226 | ||
227 | if ((fd = open_dev_crypto()) == -1) | |
228 | return (-1); | |
229 | # ifndef CRIOGET_NOT_NEEDED | |
230 | if (ioctl(fd, CRIOGET, &retfd) == -1) | |
231 | return (-1); | |
232 | ||
233 | /* close on exec */ | |
234 | if (fcntl(retfd, F_SETFD, 1) == -1) { | |
235 | close(retfd); | |
236 | return (-1); | |
237 | } | |
238 | # else | |
239 | retfd = fd; | |
240 | # endif | |
241 | return (retfd); | |
76dfca87 RL |
242 | } |
243 | ||
d441e6d8 DSH |
244 | static void put_dev_crypto(int fd) |
245 | { | |
0f113f3e MC |
246 | # ifndef CRIOGET_NOT_NEEDED |
247 | close(fd); | |
248 | # endif | |
d441e6d8 DSH |
249 | } |
250 | ||
76dfca87 | 251 | /* Caching version for asym operations */ |
0f113f3e | 252 | static int get_asym_dev_crypto(void) |
76dfca87 | 253 | { |
0f113f3e | 254 | static int fd = -1; |
76dfca87 | 255 | |
0f113f3e MC |
256 | if (fd == -1) |
257 | fd = get_dev_crypto(); | |
258 | return fd; | |
76dfca87 RL |
259 | } |
260 | ||
76dfca87 RL |
261 | /* |
262 | * Find out what ciphers /dev/crypto will let us have a session for. | |
263 | * XXX note, that some of these openssl doesn't deal with yet! | |
264 | * returning them here is harmless, as long as we return NULL | |
265 | * when asked for a handler in the cryptodev_engine_ciphers routine | |
266 | */ | |
0f113f3e | 267 | static int get_cryptodev_ciphers(const int **cnids) |
76dfca87 | 268 | { |
0f113f3e MC |
269 | static int nids[CRYPTO_ALGORITHM_MAX]; |
270 | struct session_op sess; | |
271 | int fd, i, count = 0; | |
efcad82b | 272 | unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; |
0f113f3e MC |
273 | |
274 | if ((fd = get_dev_crypto()) < 0) { | |
275 | *cnids = NULL; | |
276 | return (0); | |
277 | } | |
278 | memset(&sess, 0, sizeof(sess)); | |
efcad82b | 279 | sess.key = (void *)fake_key; |
0f113f3e MC |
280 | |
281 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
282 | if (ciphers[i].nid == NID_undef) | |
283 | continue; | |
284 | sess.cipher = ciphers[i].id; | |
285 | sess.keylen = ciphers[i].keylen; | |
286 | sess.mac = 0; | |
287 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
288 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
289 | nids[count++] = ciphers[i].nid; | |
290 | } | |
291 | put_dev_crypto(fd); | |
292 | ||
293 | if (count > 0) | |
294 | *cnids = nids; | |
295 | else | |
296 | *cnids = NULL; | |
297 | return (count); | |
76dfca87 RL |
298 | } |
299 | ||
0f113f3e | 300 | # ifdef USE_CRYPTODEV_DIGESTS |
76dfca87 RL |
301 | /* |
302 | * Find out what digests /dev/crypto will let us have a session for. | |
303 | * XXX note, that some of these openssl doesn't deal with yet! | |
304 | * returning them here is harmless, as long as we return NULL | |
305 | * when asked for a handler in the cryptodev_engine_digests routine | |
306 | */ | |
0f113f3e | 307 | static int get_cryptodev_digests(const int **cnids) |
76dfca87 | 308 | { |
0f113f3e | 309 | static int nids[CRYPTO_ALGORITHM_MAX]; |
efcad82b | 310 | unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; |
0f113f3e MC |
311 | struct session_op sess; |
312 | int fd, i, count = 0; | |
313 | ||
314 | if ((fd = get_dev_crypto()) < 0) { | |
315 | *cnids = NULL; | |
316 | return (0); | |
317 | } | |
318 | memset(&sess, 0, sizeof(sess)); | |
098eb1a7 | 319 | sess.mackey = fake_key; |
0f113f3e MC |
320 | for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { |
321 | if (digests[i].nid == NID_undef) | |
322 | continue; | |
323 | sess.mac = digests[i].id; | |
098eb1a7 | 324 | sess.mackeylen = 8; |
0f113f3e MC |
325 | sess.cipher = 0; |
326 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
327 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
328 | nids[count++] = digests[i].nid; | |
329 | } | |
330 | put_dev_crypto(fd); | |
331 | ||
332 | if (count > 0) | |
333 | *cnids = nids; | |
334 | else | |
335 | *cnids = NULL; | |
336 | return (count); | |
76dfca87 | 337 | } |
0f113f3e | 338 | # endif /* 0 */ |
76dfca87 RL |
339 | |
340 | /* | |
341 | * Find the useable ciphers|digests from dev/crypto - this is the first | |
342 | * thing called by the engine init crud which determines what it | |
343 | * can use for ciphers from this engine. We want to return | |
0d4fb843 | 344 | * only what we can do, anything else is handled by software. |
76dfca87 RL |
345 | * |
346 | * If we can't initialize the device to do anything useful for | |
347 | * any reason, we want to return a NULL array, and 0 length, | |
348 | * which forces everything to be done is software. By putting | |
0d4fb843 | 349 | * the initialization of the device in here, we ensure we can |
76dfca87 RL |
350 | * use this engine as the default, and if for whatever reason |
351 | * /dev/crypto won't do what we want it will just be done in | |
352 | * software | |
353 | * | |
354 | * This can (should) be greatly expanded to perhaps take into | |
355 | * account speed of the device, and what we want to do. | |
356 | * (although the disabling of particular alg's could be controlled | |
357 | * by the device driver with sysctl's.) - this is where we | |
358 | * want most of the decisions made about what we actually want | |
359 | * to use from /dev/crypto. | |
360 | */ | |
0f113f3e | 361 | static int cryptodev_usable_ciphers(const int **nids) |
76dfca87 | 362 | { |
0f113f3e | 363 | return (get_cryptodev_ciphers(nids)); |
76dfca87 RL |
364 | } |
365 | ||
0f113f3e | 366 | static int cryptodev_usable_digests(const int **nids) |
76dfca87 | 367 | { |
0f113f3e MC |
368 | # ifdef USE_CRYPTODEV_DIGESTS |
369 | return (get_cryptodev_digests(nids)); | |
370 | # else | |
371 | /* | |
372 | * XXXX just disable all digests for now, because it sucks. | |
373 | * we need a better way to decide this - i.e. I may not | |
374 | * want digests on slow cards like hifn on fast machines, | |
375 | * but might want them on slow or loaded machines, etc. | |
376 | * will also want them when using crypto cards that don't | |
377 | * suck moose gonads - would be nice to be able to decide something | |
378 | * as reasonable default without having hackery that's card dependent. | |
379 | * of course, the default should probably be just do everything, | |
0d4fb843 | 380 | * with perhaps a sysctl to turn algorithms off (or have them off |
0f113f3e MC |
381 | * by default) on cards that generally suck like the hifn. |
382 | */ | |
383 | *nids = NULL; | |
384 | return (0); | |
385 | # endif | |
76dfca87 RL |
386 | } |
387 | ||
388 | static int | |
389 | cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
0f113f3e | 390 | const unsigned char *in, size_t inl) |
76dfca87 | 391 | { |
0f113f3e | 392 | struct crypt_op cryp; |
44ab2dfd | 393 | struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx); |
0f113f3e MC |
394 | struct session_op *sess = &state->d_sess; |
395 | const void *iiv; | |
396 | unsigned char save_iv[EVP_MAX_IV_LENGTH]; | |
397 | ||
398 | if (state->d_fd < 0) | |
399 | return (0); | |
400 | if (!inl) | |
401 | return (1); | |
b61d2da7 | 402 | if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0) |
0f113f3e MC |
403 | return (0); |
404 | ||
405 | memset(&cryp, 0, sizeof(cryp)); | |
406 | ||
407 | cryp.ses = sess->ses; | |
408 | cryp.flags = 0; | |
409 | cryp.len = inl; | |
098eb1a7 IG |
410 | cryp.src = (void *)in; |
411 | cryp.dst = (void *)out; | |
0f113f3e MC |
412 | cryp.mac = 0; |
413 | ||
b61d2da7 | 414 | cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT; |
0f113f3e | 415 | |
b61d2da7 | 416 | if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { |
098eb1a7 | 417 | cryp.iv = (void *)EVP_CIPHER_CTX_iv(ctx); |
b61d2da7 RL |
418 | if (!EVP_CIPHER_CTX_encrypting(ctx)) { |
419 | iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx); | |
420 | memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx)); | |
0f113f3e MC |
421 | } |
422 | } else | |
423 | cryp.iv = NULL; | |
424 | ||
425 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { | |
426 | /* | |
0d4fb843 | 427 | * XXX need better error handling this can fail for a number of |
0f113f3e MC |
428 | * different reasons. |
429 | */ | |
430 | return (0); | |
431 | } | |
432 | ||
b61d2da7 RL |
433 | if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { |
434 | if (EVP_CIPHER_CTX_encrypting(ctx)) | |
435 | iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx); | |
0f113f3e MC |
436 | else |
437 | iiv = save_iv; | |
b61d2da7 RL |
438 | memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv, |
439 | EVP_CIPHER_CTX_iv_length(ctx)); | |
0f113f3e MC |
440 | } |
441 | return (1); | |
76dfca87 RL |
442 | } |
443 | ||
444 | static int | |
445 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
0f113f3e | 446 | const unsigned char *iv, int enc) |
76dfca87 | 447 | { |
44ab2dfd | 448 | struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx); |
0f113f3e MC |
449 | struct session_op *sess = &state->d_sess; |
450 | int cipher = -1, i; | |
451 | ||
452 | for (i = 0; ciphers[i].id; i++) | |
b61d2da7 RL |
453 | if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid && |
454 | EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax && | |
455 | EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) { | |
0f113f3e MC |
456 | cipher = ciphers[i].id; |
457 | break; | |
458 | } | |
459 | ||
460 | if (!ciphers[i].id) { | |
461 | state->d_fd = -1; | |
462 | return (0); | |
463 | } | |
464 | ||
16f8d4eb | 465 | memset(sess, 0, sizeof(*sess)); |
0f113f3e MC |
466 | |
467 | if ((state->d_fd = get_dev_crypto()) < 0) | |
468 | return (0); | |
469 | ||
098eb1a7 | 470 | sess->key = (void *)key; |
b61d2da7 | 471 | sess->keylen = EVP_CIPHER_CTX_key_length(ctx); |
0f113f3e MC |
472 | sess->cipher = cipher; |
473 | ||
474 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | |
475 | put_dev_crypto(state->d_fd); | |
476 | state->d_fd = -1; | |
477 | return (0); | |
478 | } | |
479 | return (1); | |
76dfca87 RL |
480 | } |
481 | ||
482 | /* | |
0d4fb843 | 483 | * free anything we allocated earlier when initing a |
76dfca87 RL |
484 | * session, and close the session. |
485 | */ | |
0f113f3e | 486 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) |
76dfca87 | 487 | { |
0f113f3e | 488 | int ret = 0; |
44ab2dfd | 489 | struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx); |
0f113f3e MC |
490 | struct session_op *sess = &state->d_sess; |
491 | ||
492 | if (state->d_fd < 0) | |
493 | return (0); | |
494 | ||
495 | /* | |
0d4fb843 | 496 | * XXX if this ioctl fails, something's wrong. the invoker may have called |
0f113f3e MC |
497 | * us with a bogus ctx, or we could have a device that for whatever |
498 | * reason just doesn't want to play ball - it's not clear what's right | |
499 | * here - should this be an error? should it just increase a counter, | |
500 | * hmm. For right now, we return 0 - I don't believe that to be "right". | |
501 | * we could call the gorpy openssl lib error handlers that print messages | |
502 | * to users of the library. hmm.. | |
503 | */ | |
504 | ||
505 | if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { | |
506 | ret = 0; | |
507 | } else { | |
508 | ret = 1; | |
509 | } | |
510 | put_dev_crypto(state->d_fd); | |
511 | state->d_fd = -1; | |
512 | ||
513 | return (ret); | |
76dfca87 RL |
514 | } |
515 | ||
516 | /* | |
517 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | |
518 | * gets called when libcrypto requests a cipher NID. | |
519 | */ | |
520 | ||
f8e7fbd5 NM |
521 | static int cryptodev_cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void *p2) |
522 | { | |
523 | struct dev_crypto_state *state = ctx->cipher_data; | |
524 | struct session_op *sess = &state->d_sess; | |
525 | ||
526 | if (type == EVP_CTRL_COPY) { | |
527 | EVP_CIPHER_CTX *out = p2; | |
528 | return cryptodev_init_key(out, sess->key, ctx->iv, 0); | |
529 | } | |
530 | ||
531 | return 0; | |
532 | } | |
533 | ||
b53e0769 | 534 | /* RC4 */ |
b61d2da7 RL |
535 | static EVP_CIPHER *rc4_cipher = NULL; |
536 | static const EVP_CIPHER *cryptodev_rc4(void) | |
537 | { | |
538 | if (rc4_cipher == NULL) { | |
098eb1a7 | 539 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16); |
b61d2da7 | 540 | |
098eb1a7 | 541 | if (cipher == NULL |
b61d2da7 | 542 | || !EVP_CIPHER_meth_set_iv_length(cipher, 0) |
f8e7fbd5 NM |
543 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH |
544 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
545 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
546 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
547 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 548 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
549 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
550 | sizeof(struct | |
551 | dev_crypto_state))) { | |
b61d2da7 RL |
552 | EVP_CIPHER_meth_free(cipher); |
553 | cipher = NULL; | |
554 | } | |
555 | rc4_cipher = cipher; | |
556 | } | |
557 | return rc4_cipher; | |
558 | } | |
b53e0769 | 559 | |
76dfca87 | 560 | /* DES CBC EVP */ |
b61d2da7 RL |
561 | static EVP_CIPHER *des_cbc_cipher = NULL; |
562 | static const EVP_CIPHER *cryptodev_des_cbc(void) | |
563 | { | |
564 | if (des_cbc_cipher == NULL) { | |
098eb1a7 | 565 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8); |
b61d2da7 | 566 | |
098eb1a7 | 567 | if (cipher == NULL |
b61d2da7 | 568 | || !EVP_CIPHER_meth_set_iv_length(cipher, 8) |
f8e7fbd5 NM |
569 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
570 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
571 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
572 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
573 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 574 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
575 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
576 | sizeof(struct | |
577 | dev_crypto_state)) | |
578 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
579 | EVP_CIPHER_set_asn1_iv) | |
580 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
581 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
582 | EVP_CIPHER_meth_free(cipher); |
583 | cipher = NULL; | |
584 | } | |
585 | des_cbc_cipher = cipher; | |
586 | } | |
587 | return des_cbc_cipher; | |
588 | } | |
76dfca87 RL |
589 | |
590 | /* 3DES CBC EVP */ | |
b61d2da7 RL |
591 | static EVP_CIPHER *des3_cbc_cipher = NULL; |
592 | static const EVP_CIPHER *cryptodev_3des_cbc(void) | |
593 | { | |
594 | if (des3_cbc_cipher == NULL) { | |
098eb1a7 | 595 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24); |
b61d2da7 | 596 | |
098eb1a7 | 597 | if (cipher == NULL |
b61d2da7 | 598 | || !EVP_CIPHER_meth_set_iv_length(cipher, 8) |
f8e7fbd5 NM |
599 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
600 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
601 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
602 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
603 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 604 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
605 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
606 | sizeof(struct | |
607 | dev_crypto_state)) | |
608 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
609 | EVP_CIPHER_set_asn1_iv) | |
610 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
611 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
612 | EVP_CIPHER_meth_free(cipher); |
613 | cipher = NULL; | |
614 | } | |
615 | des3_cbc_cipher = cipher; | |
616 | } | |
617 | return des3_cbc_cipher; | |
618 | } | |
76dfca87 | 619 | |
f53e0674 IG |
620 | /* 3DES ECB EVP */ |
621 | static EVP_CIPHER *des3_ecb_cipher = NULL; | |
622 | static const EVP_CIPHER *cryptodev_3des_ecb(void) | |
623 | { | |
624 | if (des3_ecb_cipher == NULL) { | |
625 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_ede3_ecb, 8, 24); | |
626 | ||
627 | if (cipher == NULL | |
628 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE) | |
629 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) | |
630 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
631 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
632 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) | |
633 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, | |
634 | sizeof(struct | |
635 | dev_crypto_state))) { | |
636 | EVP_CIPHER_meth_free(cipher); | |
637 | cipher = NULL; | |
638 | } | |
639 | des3_ecb_cipher = cipher; | |
640 | } | |
641 | return des3_ecb_cipher; | |
642 | } | |
643 | ||
b61d2da7 RL |
644 | static EVP_CIPHER *bf_cbc_cipher = NULL; |
645 | static const EVP_CIPHER *cryptodev_bf_cbc(void) | |
646 | { | |
647 | if (bf_cbc_cipher == NULL) { | |
098eb1a7 | 648 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16); |
b61d2da7 | 649 | |
098eb1a7 | 650 | if (cipher == NULL |
b61d2da7 | 651 | || !EVP_CIPHER_meth_set_iv_length(cipher, 8) |
f8e7fbd5 NM |
652 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
653 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
654 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
655 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
656 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 657 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
658 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
659 | sizeof(struct | |
660 | dev_crypto_state)) | |
661 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
662 | EVP_CIPHER_set_asn1_iv) | |
663 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
664 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
665 | EVP_CIPHER_meth_free(cipher); |
666 | cipher = NULL; | |
667 | } | |
668 | bf_cbc_cipher = cipher; | |
669 | } | |
670 | return bf_cbc_cipher; | |
671 | } | |
76dfca87 | 672 | |
b61d2da7 RL |
673 | static EVP_CIPHER *cast_cbc_cipher = NULL; |
674 | static const EVP_CIPHER *cryptodev_cast_cbc(void) | |
675 | { | |
676 | if (cast_cbc_cipher == NULL) { | |
098eb1a7 | 677 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16); |
b61d2da7 | 678 | |
098eb1a7 | 679 | if (cipher == NULL |
b61d2da7 | 680 | || !EVP_CIPHER_meth_set_iv_length(cipher, 8) |
f8e7fbd5 NM |
681 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
682 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
683 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
684 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
685 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 686 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
687 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
688 | sizeof(struct | |
689 | dev_crypto_state)) | |
690 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
691 | EVP_CIPHER_set_asn1_iv) | |
692 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
693 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
694 | EVP_CIPHER_meth_free(cipher); |
695 | cipher = NULL; | |
696 | } | |
697 | cast_cbc_cipher = cipher; | |
698 | } | |
699 | return cast_cbc_cipher; | |
700 | } | |
76dfca87 | 701 | |
b61d2da7 RL |
702 | static EVP_CIPHER *aes_cbc_cipher = NULL; |
703 | static const EVP_CIPHER *cryptodev_aes_cbc(void) | |
704 | { | |
705 | if (aes_cbc_cipher == NULL) { | |
098eb1a7 | 706 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16); |
b61d2da7 | 707 | |
098eb1a7 | 708 | if (cipher == NULL |
b61d2da7 | 709 | || !EVP_CIPHER_meth_set_iv_length(cipher, 16) |
f8e7fbd5 NM |
710 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
711 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
712 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
713 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
714 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 715 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
716 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
717 | sizeof(struct | |
718 | dev_crypto_state)) | |
719 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
720 | EVP_CIPHER_set_asn1_iv) | |
721 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
722 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
723 | EVP_CIPHER_meth_free(cipher); |
724 | cipher = NULL; | |
725 | } | |
726 | aes_cbc_cipher = cipher; | |
727 | } | |
728 | return aes_cbc_cipher; | |
729 | } | |
76dfca87 | 730 | |
b61d2da7 RL |
731 | static EVP_CIPHER *aes_192_cbc_cipher = NULL; |
732 | static const EVP_CIPHER *cryptodev_aes_192_cbc(void) | |
733 | { | |
734 | if (aes_192_cbc_cipher == NULL) { | |
098eb1a7 | 735 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24); |
b61d2da7 | 736 | |
098eb1a7 | 737 | if (cipher == NULL |
b61d2da7 | 738 | || !EVP_CIPHER_meth_set_iv_length(cipher, 16) |
f8e7fbd5 NM |
739 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
740 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
741 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
742 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
743 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 744 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
745 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
746 | sizeof(struct | |
747 | dev_crypto_state)) | |
748 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
749 | EVP_CIPHER_set_asn1_iv) | |
750 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
751 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
752 | EVP_CIPHER_meth_free(cipher); |
753 | cipher = NULL; | |
754 | } | |
755 | aes_192_cbc_cipher = cipher; | |
756 | } | |
757 | return aes_192_cbc_cipher; | |
758 | } | |
b53e0769 | 759 | |
b61d2da7 RL |
760 | static EVP_CIPHER *aes_256_cbc_cipher = NULL; |
761 | static const EVP_CIPHER *cryptodev_aes_256_cbc(void) | |
762 | { | |
763 | if (aes_256_cbc_cipher == NULL) { | |
098eb1a7 | 764 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32); |
b61d2da7 | 765 | |
098eb1a7 | 766 | if (cipher == NULL |
b61d2da7 | 767 | || !EVP_CIPHER_meth_set_iv_length(cipher, 16) |
f8e7fbd5 NM |
768 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE |
769 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
770 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
771 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
772 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 773 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
774 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
775 | sizeof(struct | |
776 | dev_crypto_state)) | |
777 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
778 | EVP_CIPHER_set_asn1_iv) | |
779 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
780 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
781 | EVP_CIPHER_meth_free(cipher); |
782 | cipher = NULL; | |
783 | } | |
784 | aes_256_cbc_cipher = cipher; | |
785 | } | |
786 | return aes_256_cbc_cipher; | |
787 | } | |
0f113f3e | 788 | |
b61d2da7 RL |
789 | static EVP_CIPHER *aes_ctr_cipher = NULL; |
790 | static const EVP_CIPHER *cryptodev_aes_ctr(void) | |
791 | { | |
792 | if (aes_ctr_cipher == NULL) { | |
098eb1a7 | 793 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16); |
b61d2da7 | 794 | |
098eb1a7 | 795 | if (cipher == NULL |
b61d2da7 | 796 | || !EVP_CIPHER_meth_set_iv_length(cipher, 14) |
f8e7fbd5 NM |
797 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE |
798 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
799 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
800 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
801 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 802 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
803 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
804 | sizeof(struct | |
805 | dev_crypto_state)) | |
806 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
807 | EVP_CIPHER_set_asn1_iv) | |
808 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
809 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
810 | EVP_CIPHER_meth_free(cipher); |
811 | cipher = NULL; | |
812 | } | |
813 | aes_ctr_cipher = cipher; | |
814 | } | |
815 | return aes_ctr_cipher; | |
816 | } | |
be2c4d9b | 817 | |
b61d2da7 RL |
818 | static EVP_CIPHER *aes_192_ctr_cipher = NULL; |
819 | static const EVP_CIPHER *cryptodev_aes_192_ctr(void) | |
820 | { | |
821 | if (aes_192_ctr_cipher == NULL) { | |
098eb1a7 | 822 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24); |
b61d2da7 | 823 | |
098eb1a7 | 824 | if (cipher == NULL |
b61d2da7 | 825 | || !EVP_CIPHER_meth_set_iv_length(cipher, 14) |
f8e7fbd5 NM |
826 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE |
827 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
828 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
829 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
830 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 831 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
832 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
833 | sizeof(struct | |
834 | dev_crypto_state)) | |
835 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
836 | EVP_CIPHER_set_asn1_iv) | |
837 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
838 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
839 | EVP_CIPHER_meth_free(cipher); |
840 | cipher = NULL; | |
841 | } | |
842 | aes_192_ctr_cipher = cipher; | |
843 | } | |
844 | return aes_192_ctr_cipher; | |
845 | } | |
be2c4d9b | 846 | |
b61d2da7 RL |
847 | static EVP_CIPHER *aes_256_ctr_cipher = NULL; |
848 | static const EVP_CIPHER *cryptodev_aes_256_ctr(void) | |
849 | { | |
850 | if (aes_256_ctr_cipher == NULL) { | |
098eb1a7 | 851 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32); |
b61d2da7 | 852 | |
098eb1a7 | 853 | if (cipher == NULL |
b61d2da7 | 854 | || !EVP_CIPHER_meth_set_iv_length(cipher, 14) |
f8e7fbd5 NM |
855 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE |
856 | | EVP_CIPH_CUSTOM_COPY) | |
b61d2da7 RL |
857 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) |
858 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
859 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
f8e7fbd5 | 860 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) |
098eb1a7 IG |
861 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, |
862 | sizeof(struct | |
863 | dev_crypto_state)) | |
864 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
865 | EVP_CIPHER_set_asn1_iv) | |
866 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
867 | EVP_CIPHER_get_asn1_iv)) { | |
b61d2da7 RL |
868 | EVP_CIPHER_meth_free(cipher); |
869 | cipher = NULL; | |
870 | } | |
871 | aes_256_ctr_cipher = cipher; | |
872 | } | |
873 | return aes_256_ctr_cipher; | |
874 | } | |
f53e0674 IG |
875 | |
876 | static EVP_CIPHER *aes_ecb_cipher = NULL; | |
877 | static const EVP_CIPHER *cryptodev_aes_ecb(void) | |
878 | { | |
879 | if (aes_ecb_cipher == NULL) { | |
880 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_ecb, 16, 16); | |
881 | ||
882 | if (cipher == NULL | |
883 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE) | |
884 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) | |
885 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
886 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
887 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) | |
888 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, | |
889 | sizeof(struct | |
890 | dev_crypto_state)) | |
891 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
892 | EVP_CIPHER_set_asn1_iv) | |
893 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
894 | EVP_CIPHER_get_asn1_iv)) { | |
895 | EVP_CIPHER_meth_free(cipher); | |
896 | cipher = NULL; | |
897 | } | |
898 | aes_ecb_cipher = cipher; | |
899 | } | |
f53e0674 IG |
900 | return aes_ecb_cipher; |
901 | } | |
902 | ||
903 | static EVP_CIPHER *aes_192_ecb_cipher = NULL; | |
904 | static const EVP_CIPHER *cryptodev_aes_192_ecb(void) | |
905 | { | |
906 | if (aes_192_ecb_cipher == NULL) { | |
907 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_ecb, 16, 24); | |
908 | ||
909 | if (cipher == NULL | |
910 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE) | |
911 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) | |
912 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
913 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
914 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) | |
915 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, | |
916 | sizeof(struct | |
917 | dev_crypto_state)) | |
918 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
919 | EVP_CIPHER_set_asn1_iv) | |
920 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
921 | EVP_CIPHER_get_asn1_iv)) { | |
922 | EVP_CIPHER_meth_free(cipher); | |
923 | cipher = NULL; | |
924 | } | |
925 | aes_192_ecb_cipher = cipher; | |
926 | } | |
927 | return aes_192_ecb_cipher; | |
928 | } | |
929 | ||
930 | static EVP_CIPHER *aes_256_ecb_cipher = NULL; | |
931 | static const EVP_CIPHER *cryptodev_aes_256_ecb(void) | |
932 | { | |
933 | if (aes_256_ecb_cipher == NULL) { | |
934 | EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_ecb, 16, 32); | |
935 | ||
936 | if (cipher == NULL | |
937 | || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE) | |
938 | || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) | |
939 | || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) | |
940 | || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) | |
941 | || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl) | |
942 | || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, | |
943 | sizeof(struct | |
944 | dev_crypto_state)) | |
945 | || !EVP_CIPHER_meth_set_set_asn1_params(cipher, | |
946 | EVP_CIPHER_set_asn1_iv) | |
947 | || !EVP_CIPHER_meth_set_get_asn1_params(cipher, | |
948 | EVP_CIPHER_get_asn1_iv)) { | |
949 | EVP_CIPHER_meth_free(cipher); | |
950 | cipher = NULL; | |
951 | } | |
952 | aes_256_ecb_cipher = cipher; | |
953 | } | |
954 | return aes_256_ecb_cipher; | |
955 | } | |
956 | ||
76dfca87 RL |
957 | /* |
958 | * Registered by the ENGINE when used to find out how to deal with | |
959 | * a particular NID in the ENGINE. this says what we'll do at the | |
960 | * top level - note, that list is restricted by what we answer with | |
961 | */ | |
962 | static int | |
963 | cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
0f113f3e | 964 | const int **nids, int nid) |
76dfca87 | 965 | { |
0f113f3e MC |
966 | if (!cipher) |
967 | return (cryptodev_usable_ciphers(nids)); | |
968 | ||
969 | switch (nid) { | |
970 | case NID_rc4: | |
b61d2da7 | 971 | *cipher = cryptodev_rc4(); |
0f113f3e MC |
972 | break; |
973 | case NID_des_ede3_cbc: | |
b61d2da7 | 974 | *cipher = cryptodev_3des_cbc(); |
0f113f3e | 975 | break; |
f53e0674 IG |
976 | case NID_des_ede3_ecb: |
977 | *cipher = cryptodev_3des_ecb(); | |
978 | break; | |
0f113f3e | 979 | case NID_des_cbc: |
b61d2da7 | 980 | *cipher = cryptodev_des_cbc(); |
0f113f3e MC |
981 | break; |
982 | case NID_bf_cbc: | |
b61d2da7 | 983 | *cipher = cryptodev_bf_cbc(); |
0f113f3e MC |
984 | break; |
985 | case NID_cast5_cbc: | |
b61d2da7 | 986 | *cipher = cryptodev_cast_cbc(); |
0f113f3e MC |
987 | break; |
988 | case NID_aes_128_cbc: | |
b61d2da7 | 989 | *cipher = cryptodev_aes_cbc(); |
0f113f3e MC |
990 | break; |
991 | case NID_aes_192_cbc: | |
b61d2da7 | 992 | *cipher = cryptodev_aes_192_cbc(); |
0f113f3e MC |
993 | break; |
994 | case NID_aes_256_cbc: | |
b61d2da7 | 995 | *cipher = cryptodev_aes_256_cbc(); |
0f113f3e | 996 | break; |
0f113f3e | 997 | case NID_aes_128_ctr: |
b61d2da7 | 998 | *cipher = cryptodev_aes_ctr(); |
0f113f3e MC |
999 | break; |
1000 | case NID_aes_192_ctr: | |
a8a8a917 | 1001 | *cipher = cryptodev_aes_192_ctr(); |
0f113f3e MC |
1002 | break; |
1003 | case NID_aes_256_ctr: | |
a8a8a917 | 1004 | *cipher = cryptodev_aes_256_ctr(); |
0f113f3e | 1005 | break; |
f53e0674 IG |
1006 | case NID_aes_128_ecb: |
1007 | *cipher = cryptodev_aes_ecb(); | |
1008 | break; | |
1009 | case NID_aes_192_ecb: | |
1010 | *cipher = cryptodev_aes_192_ecb(); | |
1011 | break; | |
1012 | case NID_aes_256_ecb: | |
1013 | *cipher = cryptodev_aes_256_ecb(); | |
1014 | break; | |
0f113f3e MC |
1015 | default: |
1016 | *cipher = NULL; | |
1017 | break; | |
1018 | } | |
1019 | return (*cipher != NULL); | |
76dfca87 RL |
1020 | } |
1021 | ||
0f113f3e | 1022 | # ifdef USE_CRYPTODEV_DIGESTS |
8b968750 DSH |
1023 | |
1024 | /* convert digest type to cryptodev */ | |
0f113f3e | 1025 | static int digest_nid_to_cryptodev(int nid) |
8b968750 | 1026 | { |
0f113f3e | 1027 | int i; |
8b968750 | 1028 | |
0f113f3e MC |
1029 | for (i = 0; digests[i].id; i++) |
1030 | if (digests[i].nid == nid) | |
1031 | return (digests[i].id); | |
1032 | return (0); | |
8b968750 DSH |
1033 | } |
1034 | ||
8b968750 DSH |
1035 | static int cryptodev_digest_init(EVP_MD_CTX *ctx) |
1036 | { | |
b61d2da7 | 1037 | struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); |
0f113f3e MC |
1038 | struct session_op *sess = &state->d_sess; |
1039 | int digest; | |
1040 | ||
b61d2da7 | 1041 | if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) { |
0f113f3e MC |
1042 | printf("cryptodev_digest_init: Can't get digest \n"); |
1043 | return (0); | |
1044 | } | |
1045 | ||
16f8d4eb | 1046 | memset(state, 0, sizeof(*state)); |
0f113f3e MC |
1047 | |
1048 | if ((state->d_fd = get_dev_crypto()) < 0) { | |
1049 | printf("cryptodev_digest_init: Can't get Dev \n"); | |
1050 | return (0); | |
1051 | } | |
1052 | ||
efcad82b NM |
1053 | sess->mackey = NULL; |
1054 | sess->mackeylen = 0; | |
0f113f3e MC |
1055 | sess->mac = digest; |
1056 | ||
1057 | if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | |
1058 | put_dev_crypto(state->d_fd); | |
1059 | state->d_fd = -1; | |
1060 | printf("cryptodev_digest_init: Open session failed\n"); | |
1061 | return (0); | |
1062 | } | |
1063 | ||
1064 | return (1); | |
8b968750 DSH |
1065 | } |
1066 | ||
1067 | static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | |
0f113f3e | 1068 | size_t count) |
8b968750 | 1069 | { |
0f113f3e | 1070 | struct crypt_op cryp; |
b61d2da7 | 1071 | struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); |
0f113f3e MC |
1072 | struct session_op *sess = &state->d_sess; |
1073 | char *new_mac_data; | |
1074 | ||
1075 | if (!data || state->d_fd < 0) { | |
1076 | printf("cryptodev_digest_update: illegal inputs \n"); | |
1077 | return (0); | |
1078 | } | |
1079 | ||
1080 | if (!count) { | |
1081 | return (0); | |
1082 | } | |
1083 | ||
b61d2da7 | 1084 | if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { |
0f113f3e | 1085 | /* if application doesn't support one buffer */ |
098eb1a7 | 1086 | new_mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); |
0f113f3e MC |
1087 | |
1088 | if (!new_mac_data) { | |
1089 | printf("cryptodev_digest_update: realloc failed\n"); | |
1090 | return (0); | |
1091 | } | |
1092 | state->mac_data = new_mac_data; | |
1093 | ||
1094 | memcpy(state->mac_data + state->mac_len, data, count); | |
1095 | state->mac_len += count; | |
1096 | ||
1097 | return (1); | |
1098 | } | |
1099 | ||
1100 | memset(&cryp, 0, sizeof(cryp)); | |
1101 | ||
1102 | cryp.ses = sess->ses; | |
1103 | cryp.flags = 0; | |
1104 | cryp.len = count; | |
098eb1a7 | 1105 | cryp.src = (void *)data; |
0f113f3e | 1106 | cryp.dst = NULL; |
098eb1a7 | 1107 | cryp.mac = (void *)state->digest_res; |
0f113f3e MC |
1108 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { |
1109 | printf("cryptodev_digest_update: digest failed\n"); | |
1110 | return (0); | |
1111 | } | |
1112 | return (1); | |
8b968750 DSH |
1113 | } |
1114 | ||
8b968750 DSH |
1115 | static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) |
1116 | { | |
0f113f3e | 1117 | struct crypt_op cryp; |
b61d2da7 | 1118 | struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); |
0f113f3e MC |
1119 | struct session_op *sess = &state->d_sess; |
1120 | ||
0f113f3e MC |
1121 | if (!md || state->d_fd < 0) { |
1122 | printf("cryptodev_digest_final: illegal input\n"); | |
1123 | return (0); | |
1124 | } | |
1125 | ||
b61d2da7 | 1126 | if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { |
0f113f3e MC |
1127 | /* if application doesn't support one buffer */ |
1128 | memset(&cryp, 0, sizeof(cryp)); | |
1129 | cryp.ses = sess->ses; | |
1130 | cryp.flags = 0; | |
1131 | cryp.len = state->mac_len; | |
1132 | cryp.src = state->mac_data; | |
1133 | cryp.dst = NULL; | |
098eb1a7 | 1134 | cryp.mac = (void *)md; |
0f113f3e MC |
1135 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { |
1136 | printf("cryptodev_digest_final: digest failed\n"); | |
1137 | return (0); | |
1138 | } | |
1139 | ||
1140 | return 1; | |
1141 | } | |
1142 | ||
b61d2da7 | 1143 | memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx)); |
0f113f3e | 1144 | |
807d2106 | 1145 | return 1; |
8b968750 DSH |
1146 | } |
1147 | ||
8b968750 DSH |
1148 | static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) |
1149 | { | |
0f113f3e | 1150 | int ret = 1; |
b61d2da7 | 1151 | struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); |
0f113f3e MC |
1152 | struct session_op *sess = &state->d_sess; |
1153 | ||
1154 | if (state == NULL) | |
1155 | return 0; | |
1156 | ||
1157 | if (state->d_fd < 0) { | |
1158 | printf("cryptodev_digest_cleanup: illegal input\n"); | |
1159 | return (0); | |
1160 | } | |
1161 | ||
b548a1f1 RS |
1162 | OPENSSL_free(state->mac_data); |
1163 | state->mac_data = NULL; | |
1164 | state->mac_len = 0; | |
0f113f3e MC |
1165 | |
1166 | if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | |
1167 | printf("cryptodev_digest_cleanup: failed to close session\n"); | |
1168 | ret = 0; | |
1169 | } else { | |
1170 | ret = 1; | |
1171 | } | |
1172 | put_dev_crypto(state->d_fd); | |
1173 | state->d_fd = -1; | |
1174 | ||
1175 | return (ret); | |
8b968750 DSH |
1176 | } |
1177 | ||
0f113f3e | 1178 | static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) |
8b968750 | 1179 | { |
b61d2da7 RL |
1180 | struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from); |
1181 | struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to); | |
0f113f3e MC |
1182 | struct session_op *sess; |
1183 | int digest; | |
1184 | ||
1185 | if (dstate == NULL || fstate == NULL) | |
1186 | return 1; | |
1187 | ||
1188 | memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); | |
1189 | ||
1190 | sess = &dstate->d_sess; | |
1191 | ||
b61d2da7 | 1192 | digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to)); |
0f113f3e | 1193 | |
efcad82b NM |
1194 | sess->mackey = NULL; |
1195 | sess->mackeylen = 0; | |
0f113f3e MC |
1196 | sess->mac = digest; |
1197 | ||
1198 | dstate->d_fd = get_dev_crypto(); | |
1199 | ||
1200 | if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { | |
1201 | put_dev_crypto(dstate->d_fd); | |
1202 | dstate->d_fd = -1; | |
1203 | printf("cryptodev_digest_copy: Open session failed\n"); | |
1204 | return (0); | |
1205 | } | |
1206 | ||
1207 | if (fstate->mac_len != 0) { | |
1208 | if (fstate->mac_data != NULL) { | |
1209 | dstate->mac_data = OPENSSL_malloc(fstate->mac_len); | |
1210 | if (dstate->mac_data == NULL) { | |
1211 | printf("cryptodev_digest_copy: mac_data allocation failed\n"); | |
1212 | return (0); | |
1213 | } | |
1214 | memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); | |
1215 | dstate->mac_len = fstate->mac_len; | |
1216 | } | |
1217 | } | |
1218 | ||
1219 | return 1; | |
8b968750 DSH |
1220 | } |
1221 | ||
b61d2da7 RL |
1222 | static EVP_MD *sha1_md = NULL; |
1223 | static const EVP_MD *cryptodev_sha1(void) | |
1224 | { | |
1225 | if (sha1_md == NULL) { | |
098eb1a7 | 1226 | EVP_MD *md = EVP_MD_meth_new(NID_sha1, NID_undef); |
b61d2da7 | 1227 | |
098eb1a7 | 1228 | if (md == NULL |
b61d2da7 RL |
1229 | || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) |
1230 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) | |
1231 | || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) | |
1232 | || !EVP_MD_meth_set_app_datasize(md, | |
1233 | sizeof(struct dev_crypto_state)) | |
1234 | || !EVP_MD_meth_set_init(md, cryptodev_digest_init) | |
1235 | || !EVP_MD_meth_set_update(md, cryptodev_digest_update) | |
1236 | || !EVP_MD_meth_set_final(md, cryptodev_digest_final) | |
1237 | || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) | |
1238 | || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { | |
1239 | EVP_MD_meth_free(md); | |
1240 | md = NULL; | |
1241 | } | |
1242 | sha1_md = md; | |
1243 | } | |
1244 | return sha1_md; | |
1245 | } | |
8b968750 | 1246 | |
efcad82b NM |
1247 | static EVP_MD *sha256_md = NULL; |
1248 | static const EVP_MD *cryptodev_sha256(void) | |
1249 | { | |
1250 | if (sha256_md == NULL) { | |
098eb1a7 | 1251 | EVP_MD *md = EVP_MD_meth_new(NID_sha256, NID_undef); |
efcad82b | 1252 | |
098eb1a7 IG |
1253 | if (md == NULL |
1254 | || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH) | |
efcad82b | 1255 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) |
098eb1a7 | 1256 | || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK) |
efcad82b NM |
1257 | || !EVP_MD_meth_set_app_datasize(md, |
1258 | sizeof(struct dev_crypto_state)) | |
1259 | || !EVP_MD_meth_set_init(md, cryptodev_digest_init) | |
1260 | || !EVP_MD_meth_set_update(md, cryptodev_digest_update) | |
1261 | || !EVP_MD_meth_set_final(md, cryptodev_digest_final) | |
1262 | || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) | |
1263 | || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { | |
1264 | EVP_MD_meth_free(md); | |
1265 | md = NULL; | |
1266 | } | |
1267 | sha256_md = md; | |
1268 | } | |
1269 | return sha256_md; | |
1270 | } | |
1271 | ||
1272 | static EVP_MD *sha224_md = NULL; | |
1273 | static const EVP_MD *cryptodev_sha224(void) | |
1274 | { | |
1275 | if (sha224_md == NULL) { | |
098eb1a7 | 1276 | EVP_MD *md = EVP_MD_meth_new(NID_sha224, NID_undef); |
efcad82b | 1277 | |
098eb1a7 IG |
1278 | if (md == NULL |
1279 | || !EVP_MD_meth_set_result_size(md, SHA224_DIGEST_LENGTH) | |
efcad82b | 1280 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) |
098eb1a7 | 1281 | || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK) |
efcad82b NM |
1282 | || !EVP_MD_meth_set_app_datasize(md, |
1283 | sizeof(struct dev_crypto_state)) | |
1284 | || !EVP_MD_meth_set_init(md, cryptodev_digest_init) | |
1285 | || !EVP_MD_meth_set_update(md, cryptodev_digest_update) | |
1286 | || !EVP_MD_meth_set_final(md, cryptodev_digest_final) | |
1287 | || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) | |
1288 | || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { | |
1289 | EVP_MD_meth_free(md); | |
1290 | md = NULL; | |
1291 | } | |
1292 | sha224_md = md; | |
1293 | } | |
1294 | return sha224_md; | |
1295 | } | |
1296 | ||
1297 | static EVP_MD *sha384_md = NULL; | |
1298 | static const EVP_MD *cryptodev_sha384(void) | |
1299 | { | |
1300 | if (sha384_md == NULL) { | |
098eb1a7 | 1301 | EVP_MD *md = EVP_MD_meth_new(NID_sha384, NID_undef); |
efcad82b | 1302 | |
098eb1a7 IG |
1303 | if (md == NULL |
1304 | || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH) | |
efcad82b | 1305 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) |
098eb1a7 | 1306 | || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) |
efcad82b NM |
1307 | || !EVP_MD_meth_set_app_datasize(md, |
1308 | sizeof(struct dev_crypto_state)) | |
1309 | || !EVP_MD_meth_set_init(md, cryptodev_digest_init) | |
1310 | || !EVP_MD_meth_set_update(md, cryptodev_digest_update) | |
1311 | || !EVP_MD_meth_set_final(md, cryptodev_digest_final) | |
1312 | || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) | |
1313 | || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { | |
1314 | EVP_MD_meth_free(md); | |
1315 | md = NULL; | |
1316 | } | |
1317 | sha384_md = md; | |
1318 | } | |
1319 | return sha384_md; | |
1320 | } | |
1321 | ||
1322 | static EVP_MD *sha512_md = NULL; | |
1323 | static const EVP_MD *cryptodev_sha512(void) | |
1324 | { | |
1325 | if (sha512_md == NULL) { | |
098eb1a7 | 1326 | EVP_MD *md = EVP_MD_meth_new(NID_sha512, NID_undef); |
efcad82b | 1327 | |
098eb1a7 IG |
1328 | if (md == NULL |
1329 | || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH) | |
efcad82b | 1330 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) |
098eb1a7 | 1331 | || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) |
efcad82b NM |
1332 | || !EVP_MD_meth_set_app_datasize(md, |
1333 | sizeof(struct dev_crypto_state)) | |
1334 | || !EVP_MD_meth_set_init(md, cryptodev_digest_init) | |
1335 | || !EVP_MD_meth_set_update(md, cryptodev_digest_update) | |
1336 | || !EVP_MD_meth_set_final(md, cryptodev_digest_final) | |
1337 | || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) | |
1338 | || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { | |
1339 | EVP_MD_meth_free(md); | |
1340 | md = NULL; | |
1341 | } | |
1342 | sha512_md = md; | |
1343 | } | |
1344 | return sha512_md; | |
1345 | } | |
1346 | ||
b61d2da7 RL |
1347 | static EVP_MD *md5_md = NULL; |
1348 | static const EVP_MD *cryptodev_md5(void) | |
1349 | { | |
1350 | if (md5_md == NULL) { | |
098eb1a7 | 1351 | EVP_MD *md = EVP_MD_meth_new(NID_md5, NID_undef); |
b61d2da7 | 1352 | |
098eb1a7 IG |
1353 | if (md == NULL |
1354 | || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */ ) | |
b61d2da7 | 1355 | || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) |
098eb1a7 | 1356 | || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */ ) |
b61d2da7 RL |
1357 | || !EVP_MD_meth_set_app_datasize(md, |
1358 | sizeof(struct dev_crypto_state)) | |
1359 | || !EVP_MD_meth_set_init(md, cryptodev_digest_init) | |
1360 | || !EVP_MD_meth_set_update(md, cryptodev_digest_update) | |
1361 | || !EVP_MD_meth_set_final(md, cryptodev_digest_final) | |
1362 | || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) | |
1363 | || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { | |
1364 | EVP_MD_meth_free(md); | |
1365 | md = NULL; | |
1366 | } | |
1367 | md5_md = md; | |
1368 | } | |
1369 | return md5_md; | |
1370 | } | |
8b968750 | 1371 | |
0f113f3e | 1372 | # endif /* USE_CRYPTODEV_DIGESTS */ |
8b968750 | 1373 | |
76dfca87 RL |
1374 | static int |
1375 | cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | |
0f113f3e | 1376 | const int **nids, int nid) |
76dfca87 | 1377 | { |
0f113f3e MC |
1378 | if (!digest) |
1379 | return (cryptodev_usable_digests(nids)); | |
1380 | ||
1381 | switch (nid) { | |
1382 | # ifdef USE_CRYPTODEV_DIGESTS | |
1383 | case NID_md5: | |
b61d2da7 | 1384 | *digest = cryptodev_md5(); |
0f113f3e MC |
1385 | break; |
1386 | case NID_sha1: | |
b61d2da7 | 1387 | *digest = cryptodev_sha1(); |
0f113f3e | 1388 | break; |
efcad82b NM |
1389 | case NID_sha256: |
1390 | *digest = cryptodev_sha256(); | |
1391 | break; | |
1392 | case NID_sha224: | |
1393 | *digest = cryptodev_sha224(); | |
1394 | break; | |
1395 | case NID_sha384: | |
1396 | *digest = cryptodev_sha384(); | |
1397 | break; | |
1398 | case NID_sha512: | |
1399 | *digest = cryptodev_sha512(); | |
1400 | break; | |
0f113f3e MC |
1401 | default: |
1402 | # endif /* USE_CRYPTODEV_DIGESTS */ | |
1403 | *digest = NULL; | |
1404 | break; | |
1405 | } | |
1406 | return (*digest != NULL); | |
76dfca87 RL |
1407 | } |
1408 | ||
24dfa621 RL |
1409 | static int cryptodev_engine_destroy(ENGINE *e) |
1410 | { | |
1411 | EVP_CIPHER_meth_free(rc4_cipher); | |
1412 | rc4_cipher = NULL; | |
1413 | EVP_CIPHER_meth_free(des_cbc_cipher); | |
1414 | des_cbc_cipher = NULL; | |
1415 | EVP_CIPHER_meth_free(des3_cbc_cipher); | |
1416 | des3_cbc_cipher = NULL; | |
f53e0674 IG |
1417 | EVP_CIPHER_meth_free(des3_ecb_cipher); |
1418 | des3_ecb_cipher = NULL; | |
24dfa621 RL |
1419 | EVP_CIPHER_meth_free(bf_cbc_cipher); |
1420 | bf_cbc_cipher = NULL; | |
1421 | EVP_CIPHER_meth_free(cast_cbc_cipher); | |
1422 | cast_cbc_cipher = NULL; | |
1423 | EVP_CIPHER_meth_free(aes_cbc_cipher); | |
1424 | aes_cbc_cipher = NULL; | |
1425 | EVP_CIPHER_meth_free(aes_192_cbc_cipher); | |
1426 | aes_192_cbc_cipher = NULL; | |
1427 | EVP_CIPHER_meth_free(aes_256_cbc_cipher); | |
1428 | aes_256_cbc_cipher = NULL; | |
24dfa621 RL |
1429 | EVP_CIPHER_meth_free(aes_ctr_cipher); |
1430 | aes_ctr_cipher = NULL; | |
1431 | EVP_CIPHER_meth_free(aes_192_ctr_cipher); | |
1432 | aes_192_ctr_cipher = NULL; | |
1433 | EVP_CIPHER_meth_free(aes_256_ctr_cipher); | |
1434 | aes_256_ctr_cipher = NULL; | |
f53e0674 IG |
1435 | EVP_CIPHER_meth_free(aes_ecb_cipher); |
1436 | aes_ecb_cipher = NULL; | |
1437 | EVP_CIPHER_meth_free(aes_192_ecb_cipher); | |
1438 | aes_192_ecb_cipher = NULL; | |
1439 | EVP_CIPHER_meth_free(aes_256_ecb_cipher); | |
1440 | aes_256_ecb_cipher = NULL; | |
24dfa621 RL |
1441 | # ifdef USE_CRYPTODEV_DIGESTS |
1442 | EVP_MD_meth_free(sha1_md); | |
1443 | sha1_md = NULL; | |
efcad82b NM |
1444 | EVP_MD_meth_free(sha256_md); |
1445 | sha256_md = NULL; | |
1446 | EVP_MD_meth_free(sha224_md); | |
1447 | sha224_md = NULL; | |
1448 | EVP_MD_meth_free(sha384_md); | |
1449 | sha384_md = NULL; | |
1450 | EVP_MD_meth_free(sha512_md); | |
1451 | sha512_md = NULL; | |
24dfa621 RL |
1452 | EVP_MD_meth_free(md5_md); |
1453 | md5_md = NULL; | |
1454 | # endif | |
a97d19d9 BL |
1455 | RSA_meth_free(cryptodev_rsa); |
1456 | cryptodev_rsa = NULL; | |
efcad82b | 1457 | # ifndef OPENSSL_NO_DSA |
6e9fa57c MC |
1458 | DSA_meth_free(cryptodev_dsa); |
1459 | cryptodev_dsa = NULL; | |
efcad82b NM |
1460 | # endif |
1461 | # ifndef OPENSSL_NO_DH | |
a97d19d9 BL |
1462 | DH_meth_free(cryptodev_dh); |
1463 | cryptodev_dh = NULL; | |
efcad82b | 1464 | # endif |
24dfa621 RL |
1465 | return 1; |
1466 | } | |
1467 | ||
76dfca87 RL |
1468 | /* |
1469 | * Convert a BIGNUM to the representation that /dev/crypto needs. | |
1470 | * Upon completion of use, the caller is responsible for freeing | |
1471 | * crp->crp_p. | |
1472 | */ | |
0f113f3e | 1473 | static int bn2crparam(const BIGNUM *a, struct crparam *crp) |
76dfca87 | 1474 | { |
0f113f3e MC |
1475 | ssize_t bytes, bits; |
1476 | u_char *b; | |
1477 | ||
1478 | crp->crp_p = NULL; | |
1479 | crp->crp_nbits = 0; | |
1480 | ||
1481 | bits = BN_num_bits(a); | |
912d7c75 | 1482 | bytes = BN_num_bytes(a); |
0f113f3e | 1483 | |
b51bce94 | 1484 | b = OPENSSL_zalloc(bytes); |
0f113f3e MC |
1485 | if (b == NULL) |
1486 | return (1); | |
0f113f3e | 1487 | |
098eb1a7 | 1488 | crp->crp_p = (void *)b; |
0f113f3e MC |
1489 | crp->crp_nbits = bits; |
1490 | ||
912d7c75 | 1491 | BN_bn2bin(a, b); |
0f113f3e | 1492 | return (0); |
76dfca87 RL |
1493 | } |
1494 | ||
1495 | /* Convert a /dev/crypto parameter to a BIGNUM */ | |
0f113f3e | 1496 | static int crparam2bn(struct crparam *crp, BIGNUM *a) |
76dfca87 | 1497 | { |
0f113f3e MC |
1498 | u_int8_t *pd; |
1499 | int i, bytes; | |
76dfca87 | 1500 | |
0f113f3e | 1501 | bytes = (crp->crp_nbits + 7) / 8; |
76dfca87 | 1502 | |
0f113f3e MC |
1503 | if (bytes == 0) |
1504 | return (-1); | |
76dfca87 | 1505 | |
b196e7d9 | 1506 | if ((pd = OPENSSL_malloc(bytes)) == NULL) |
0f113f3e | 1507 | return (-1); |
76dfca87 | 1508 | |
0f113f3e MC |
1509 | for (i = 0; i < bytes; i++) |
1510 | pd[i] = crp->crp_p[bytes - i - 1]; | |
76dfca87 | 1511 | |
0f113f3e MC |
1512 | BN_bin2bn(pd, bytes, a); |
1513 | free(pd); | |
76dfca87 | 1514 | |
0f113f3e | 1515 | return (0); |
76dfca87 RL |
1516 | } |
1517 | ||
0f113f3e | 1518 | static void zapparams(struct crypt_kop *kop) |
76dfca87 | 1519 | { |
0f113f3e MC |
1520 | int i; |
1521 | ||
1522 | for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { | |
93879f8e | 1523 | OPENSSL_free(kop->crk_param[i].crp_p); |
0f113f3e MC |
1524 | kop->crk_param[i].crp_p = NULL; |
1525 | kop->crk_param[i].crp_nbits = 0; | |
1526 | } | |
76dfca87 RL |
1527 | } |
1528 | ||
1529 | static int | |
098eb1a7 | 1530 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) |
76dfca87 | 1531 | { |
0f113f3e MC |
1532 | int fd, ret = -1; |
1533 | ||
1534 | if ((fd = get_asym_dev_crypto()) < 0) | |
93879f8e | 1535 | return ret; |
0f113f3e MC |
1536 | |
1537 | if (r) { | |
93879f8e JM |
1538 | kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen); |
1539 | if (kop->crk_param[kop->crk_iparams].crp_p == NULL) | |
1540 | return ret; | |
0f113f3e MC |
1541 | kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; |
1542 | kop->crk_oparams++; | |
1543 | } | |
1544 | if (s) { | |
098eb1a7 | 1545 | kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_zalloc(slen); |
93879f8e JM |
1546 | /* No need to free the kop->crk_iparams parameter if it was allocated, |
1547 | * callers of this routine have to free allocated parameters through | |
1548 | * zapparams both in case of success and failure | |
1549 | */ | |
098eb1a7 | 1550 | if (kop->crk_param[kop->crk_iparams + 1].crp_p == NULL) |
93879f8e | 1551 | return ret; |
0f113f3e MC |
1552 | kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; |
1553 | kop->crk_oparams++; | |
1554 | } | |
1555 | ||
1556 | if (ioctl(fd, CIOCKEY, kop) == 0) { | |
1557 | if (r) | |
1558 | crparam2bn(&kop->crk_param[kop->crk_iparams], r); | |
1559 | if (s) | |
1560 | crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s); | |
1561 | ret = 0; | |
1562 | } | |
1563 | ||
93879f8e | 1564 | return ret; |
76dfca87 RL |
1565 | } |
1566 | ||
1567 | static int | |
1568 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
0f113f3e | 1569 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) |
76dfca87 | 1570 | { |
0f113f3e MC |
1571 | struct crypt_kop kop; |
1572 | int ret = 1; | |
1573 | ||
1574 | /* | |
1575 | * Currently, we know we can do mod exp iff we can do any asymmetric | |
1576 | * operations at all. | |
1577 | */ | |
1578 | if (cryptodev_asymfeat == 0) { | |
1579 | ret = BN_mod_exp(r, a, p, m, ctx); | |
1580 | return (ret); | |
1581 | } | |
1582 | ||
16f8d4eb | 1583 | memset(&kop, 0, sizeof(kop)); |
0f113f3e MC |
1584 | kop.crk_op = CRK_MOD_EXP; |
1585 | ||
1586 | /* inputs: a^p % m */ | |
1587 | if (bn2crparam(a, &kop.crk_param[0])) | |
1588 | goto err; | |
1589 | if (bn2crparam(p, &kop.crk_param[1])) | |
1590 | goto err; | |
1591 | if (bn2crparam(m, &kop.crk_param[2])) | |
1592 | goto err; | |
1593 | kop.crk_iparams = 3; | |
1594 | ||
1595 | if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { | |
b0700d2c | 1596 | const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); |
0f113f3e | 1597 | printf("OCF asym process failed, Running in software\n"); |
098eb1a7 | 1598 | ret = RSA_meth_get_bn_mod_exp(meth) (r, a, p, m, ctx, in_mont); |
0f113f3e MC |
1599 | |
1600 | } else if (ECANCELED == kop.crk_status) { | |
b0700d2c | 1601 | const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); |
0f113f3e | 1602 | printf("OCF hardware operation cancelled. Running in Software\n"); |
098eb1a7 | 1603 | ret = RSA_meth_get_bn_mod_exp(meth) (r, a, p, m, ctx, in_mont); |
0f113f3e MC |
1604 | } |
1605 | /* else cryptodev operation worked ok ==> ret = 1 */ | |
1606 | ||
1607 | err: | |
1608 | zapparams(&kop); | |
1609 | return (ret); | |
76dfca87 RL |
1610 | } |
1611 | ||
1612 | static int | |
098eb1a7 | 1613 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
76dfca87 | 1614 | { |
0f113f3e | 1615 | int r; |
24bf6f3c BL |
1616 | const BIGNUM *n = NULL; |
1617 | const BIGNUM *d = NULL; | |
04630522 | 1618 | |
0f113f3e | 1619 | ctx = BN_CTX_new(); |
04630522 BL |
1620 | RSA_get0_key(rsa, &n, NULL, &d); |
1621 | r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL); | |
0f113f3e MC |
1622 | BN_CTX_free(ctx); |
1623 | return (r); | |
76dfca87 RL |
1624 | } |
1625 | ||
1626 | static int | |
ea77fc33 | 1627 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
76dfca87 | 1628 | { |
0f113f3e MC |
1629 | struct crypt_kop kop; |
1630 | int ret = 1; | |
24bf6f3c BL |
1631 | const BIGNUM *p = NULL; |
1632 | const BIGNUM *q = NULL; | |
1633 | const BIGNUM *dmp1 = NULL; | |
1634 | const BIGNUM *dmq1 = NULL; | |
1635 | const BIGNUM *iqmp = NULL; | |
1636 | const BIGNUM *n = NULL; | |
04630522 BL |
1637 | |
1638 | RSA_get0_factors(rsa, &p, &q); | |
1639 | RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); | |
1640 | RSA_get0_key(rsa, &n, NULL, NULL); | |
1641 | ||
1642 | if (!p || !q || !dmp1 || !dmq1 || !iqmp) { | |
0f113f3e MC |
1643 | /* XXX 0 means failure?? */ |
1644 | return (0); | |
1645 | } | |
1646 | ||
16f8d4eb | 1647 | memset(&kop, 0, sizeof(kop)); |
0f113f3e MC |
1648 | kop.crk_op = CRK_MOD_EXP_CRT; |
1649 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | |
04630522 | 1650 | if (bn2crparam(p, &kop.crk_param[0])) |
0f113f3e | 1651 | goto err; |
04630522 | 1652 | if (bn2crparam(q, &kop.crk_param[1])) |
0f113f3e MC |
1653 | goto err; |
1654 | if (bn2crparam(I, &kop.crk_param[2])) | |
1655 | goto err; | |
04630522 | 1656 | if (bn2crparam(dmp1, &kop.crk_param[3])) |
0f113f3e | 1657 | goto err; |
04630522 | 1658 | if (bn2crparam(dmq1, &kop.crk_param[4])) |
0f113f3e | 1659 | goto err; |
04630522 | 1660 | if (bn2crparam(iqmp, &kop.crk_param[5])) |
0f113f3e MC |
1661 | goto err; |
1662 | kop.crk_iparams = 6; | |
1663 | ||
04630522 | 1664 | if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) { |
b0700d2c | 1665 | const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); |
0f113f3e | 1666 | printf("OCF asym process failed, running in Software\n"); |
098eb1a7 | 1667 | ret = RSA_meth_get_mod_exp(meth) (r0, I, rsa, ctx); |
0f113f3e MC |
1668 | |
1669 | } else if (ECANCELED == kop.crk_status) { | |
b0700d2c | 1670 | const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); |
0f113f3e | 1671 | printf("OCF hardware operation cancelled. Running in Software\n"); |
098eb1a7 | 1672 | ret = RSA_meth_get_mod_exp(meth) (r0, I, rsa, ctx); |
0f113f3e MC |
1673 | } |
1674 | /* else cryptodev operation worked ok ==> ret = 1 */ | |
1675 | ||
1676 | err: | |
1677 | zapparams(&kop); | |
1678 | return (ret); | |
76dfca87 RL |
1679 | } |
1680 | ||
efcad82b | 1681 | # ifndef OPENSSL_NO_DSA |
76dfca87 | 1682 | static int |
24bf6f3c | 1683 | cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
0f113f3e | 1684 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) |
76dfca87 | 1685 | { |
24bf6f3c | 1686 | return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx); |
76dfca87 RL |
1687 | } |
1688 | ||
1689 | static int | |
24bf6f3c BL |
1690 | cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g, |
1691 | const BIGNUM *u1, const BIGNUM *pub_key, | |
1692 | const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx, | |
1693 | BN_MONT_CTX *mont) | |
76dfca87 | 1694 | { |
24bf6f3c BL |
1695 | const BIGNUM *dsag, *dsap, *dsapub_key; |
1696 | BIGNUM *t2; | |
0f113f3e | 1697 | int ret = 0; |
6e9fa57c | 1698 | const DSA_METHOD *meth; |
098eb1a7 IG |
1699 | int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, |
1700 | const BIGNUM *, BN_CTX *, BN_MONT_CTX *); | |
76dfca87 | 1701 | |
912d7c75 | 1702 | t2 = BN_new(); |
90945fa3 MC |
1703 | if (t2 == NULL) |
1704 | goto err; | |
76dfca87 | 1705 | |
0f113f3e MC |
1706 | /* v = ( g^u1 * y^u2 mod p ) mod q */ |
1707 | /* let t1 = g ^ u1 mod p */ | |
1708 | ret = 0; | |
76dfca87 | 1709 | |
6e9fa57c MC |
1710 | DSA_get0_pqg(dsa, &dsap, NULL, &dsag); |
1711 | DSA_get0_key(dsa, &dsapub_key, NULL); | |
1712 | ||
1713 | meth = DSA_get_method(dsa); | |
1714 | if (meth == NULL) | |
1715 | goto err; | |
1716 | bn_mod_exp = DSA_meth_get_bn_mod_exp(meth); | |
1717 | if (bn_mod_exp == NULL) | |
1718 | goto err; | |
1719 | ||
1720 | if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont)) | |
0f113f3e | 1721 | goto err; |
76dfca87 | 1722 | |
0f113f3e | 1723 | /* let t2 = y ^ u2 mod p */ |
6e9fa57c | 1724 | if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont)) |
0f113f3e | 1725 | goto err; |
24bf6f3c BL |
1726 | /* let t1 = t1 * t2 mod p */ |
1727 | if (!BN_mod_mul(t1, t1, t2, dsap, ctx)) | |
0f113f3e | 1728 | goto err; |
76dfca87 | 1729 | |
0f113f3e MC |
1730 | ret = 1; |
1731 | err: | |
912d7c75 | 1732 | BN_free(t2); |
0f113f3e | 1733 | return (ret); |
76dfca87 RL |
1734 | } |
1735 | ||
0f113f3e MC |
1736 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, |
1737 | DSA *dsa) | |
76dfca87 | 1738 | { |
0f113f3e | 1739 | struct crypt_kop kop; |
24bf6f3c BL |
1740 | BIGNUM *r, *s; |
1741 | const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL; | |
1742 | const BIGNUM *priv_key = NULL; | |
43c1fd6b | 1743 | DSA_SIG *dsasig, *dsaret = NULL; |
0f113f3e | 1744 | |
43c1fd6b BL |
1745 | dsasig = DSA_SIG_new(); |
1746 | if (dsasig == NULL) | |
0f113f3e | 1747 | goto err; |
0f113f3e | 1748 | |
16f8d4eb | 1749 | memset(&kop, 0, sizeof(kop)); |
0f113f3e MC |
1750 | kop.crk_op = CRK_DSA_SIGN; |
1751 | ||
1752 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | |
098eb1a7 | 1753 | kop.crk_param[0].crp_p = (void *)dgst; |
0f113f3e | 1754 | kop.crk_param[0].crp_nbits = dlen * 8; |
6e9fa57c MC |
1755 | DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag); |
1756 | DSA_get0_key(dsa, NULL, &priv_key); | |
1757 | if (bn2crparam(dsap, &kop.crk_param[1])) | |
0f113f3e | 1758 | goto err; |
6e9fa57c | 1759 | if (bn2crparam(dsaq, &kop.crk_param[2])) |
0f113f3e | 1760 | goto err; |
6e9fa57c | 1761 | if (bn2crparam(dsag, &kop.crk_param[3])) |
0f113f3e | 1762 | goto err; |
6e9fa57c | 1763 | if (bn2crparam(priv_key, &kop.crk_param[4])) |
0f113f3e MC |
1764 | goto err; |
1765 | kop.crk_iparams = 5; | |
1766 | ||
24bf6f3c BL |
1767 | r = BN_new(); |
1768 | if (r == NULL) | |
1769 | goto err; | |
1770 | s = BN_new(); | |
1771 | if (s == NULL) | |
1772 | goto err; | |
098eb1a7 | 1773 | if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r, BN_num_bytes(dsaq), s) == 0) { |
24bf6f3c | 1774 | DSA_SIG_set0(dsasig, r, s); |
43c1fd6b | 1775 | dsaret = dsasig; |
0f113f3e | 1776 | } else { |
6e9fa57c | 1777 | dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa); |
0f113f3e MC |
1778 | } |
1779 | err: | |
43c1fd6b BL |
1780 | if (dsaret != dsasig) |
1781 | DSA_SIG_free(dsasig); | |
0f113f3e MC |
1782 | kop.crk_param[0].crp_p = NULL; |
1783 | zapparams(&kop); | |
43c1fd6b | 1784 | return dsaret; |
76dfca87 RL |
1785 | } |
1786 | ||
1787 | static int | |
1788 | cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | |
0f113f3e | 1789 | DSA_SIG *sig, DSA *dsa) |
76dfca87 | 1790 | { |
0f113f3e MC |
1791 | struct crypt_kop kop; |
1792 | int dsaret = 1; | |
24bf6f3c | 1793 | const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL; |
0f113f3e | 1794 | |
16f8d4eb | 1795 | memset(&kop, 0, sizeof(kop)); |
0f113f3e MC |
1796 | kop.crk_op = CRK_DSA_VERIFY; |
1797 | ||
1798 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | |
098eb1a7 | 1799 | kop.crk_param[0].crp_p = (void *)dgst; |
0f113f3e | 1800 | kop.crk_param[0].crp_nbits = dlen * 8; |
6e9fa57c MC |
1801 | DSA_get0_pqg(dsa, &p, &q, &g); |
1802 | if (bn2crparam(p, &kop.crk_param[1])) | |
0f113f3e | 1803 | goto err; |
6e9fa57c | 1804 | if (bn2crparam(q, &kop.crk_param[2])) |
0f113f3e | 1805 | goto err; |
6e9fa57c | 1806 | if (bn2crparam(g, &kop.crk_param[3])) |
0f113f3e | 1807 | goto err; |
6e9fa57c MC |
1808 | DSA_get0_key(dsa, &pub_key, NULL); |
1809 | if (bn2crparam(pub_key, &kop.crk_param[4])) | |
0f113f3e | 1810 | goto err; |
24bf6f3c | 1811 | DSA_SIG_get0(sig, &pr, &ps); |
43c1fd6b | 1812 | if (bn2crparam(pr, &kop.crk_param[5])) |
0f113f3e | 1813 | goto err; |
43c1fd6b | 1814 | if (bn2crparam(ps, &kop.crk_param[6])) |
0f113f3e MC |
1815 | goto err; |
1816 | kop.crk_iparams = 7; | |
1817 | ||
1818 | if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | |
1819 | /* | |
1820 | * OCF success value is 0, if not zero, change dsaret to fail | |
1821 | */ | |
1822 | if (0 != kop.crk_status) | |
1823 | dsaret = 0; | |
1824 | } else { | |
6e9fa57c | 1825 | dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa); |
0f113f3e MC |
1826 | } |
1827 | err: | |
1828 | kop.crk_param[0].crp_p = NULL; | |
1829 | zapparams(&kop); | |
1830 | return (dsaret); | |
76dfca87 | 1831 | } |
efcad82b | 1832 | # endif |
76dfca87 | 1833 | |
efcad82b | 1834 | # ifndef OPENSSL_NO_DH |
76dfca87 RL |
1835 | static int |
1836 | cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | |
0f113f3e MC |
1837 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, |
1838 | BN_MONT_CTX *m_ctx) | |
76dfca87 | 1839 | { |
0f113f3e | 1840 | return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); |
76dfca87 RL |
1841 | } |
1842 | ||
1843 | static int | |
1844 | cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |
1845 | { | |
0f113f3e MC |
1846 | struct crypt_kop kop; |
1847 | int dhret = 1; | |
1848 | int fd, keylen; | |
24bf6f3c BL |
1849 | const BIGNUM *p = NULL; |
1850 | const BIGNUM *priv_key = NULL; | |
0f113f3e MC |
1851 | |
1852 | if ((fd = get_asym_dev_crypto()) < 0) { | |
1853 | const DH_METHOD *meth = DH_OpenSSL(); | |
1854 | ||
098eb1a7 | 1855 | return DH_meth_get_compute_key(meth) (key, pub_key, dh); |
0f113f3e MC |
1856 | } |
1857 | ||
04630522 BL |
1858 | DH_get0_pqg(dh, &p, NULL, NULL); |
1859 | DH_get0_key(dh, NULL, &priv_key); | |
1860 | ||
1861 | keylen = BN_num_bits(p); | |
0f113f3e | 1862 | |
16f8d4eb | 1863 | memset(&kop, 0, sizeof(kop)); |
0f113f3e MC |
1864 | kop.crk_op = CRK_DH_COMPUTE_KEY; |
1865 | ||
1866 | /* inputs: dh->priv_key pub_key dh->p key */ | |
04630522 | 1867 | if (bn2crparam(priv_key, &kop.crk_param[0])) |
0f113f3e MC |
1868 | goto err; |
1869 | if (bn2crparam(pub_key, &kop.crk_param[1])) | |
1870 | goto err; | |
04630522 | 1871 | if (bn2crparam(p, &kop.crk_param[2])) |
0f113f3e MC |
1872 | goto err; |
1873 | kop.crk_iparams = 3; | |
1874 | ||
098eb1a7 IG |
1875 | kop.crk_param[3].crp_p = (void *)key; |
1876 | kop.crk_param[3].crp_nbits = keylen; | |
0f113f3e MC |
1877 | kop.crk_oparams = 1; |
1878 | ||
1879 | if (ioctl(fd, CIOCKEY, &kop) == -1) { | |
1880 | const DH_METHOD *meth = DH_OpenSSL(); | |
1881 | ||
098eb1a7 | 1882 | dhret = DH_meth_get_compute_key(meth) (key, pub_key, dh); |
0f113f3e MC |
1883 | } |
1884 | err: | |
1885 | kop.crk_param[3].crp_p = NULL; | |
1886 | zapparams(&kop); | |
1887 | return (dhret); | |
76dfca87 RL |
1888 | } |
1889 | ||
098eb1a7 | 1890 | # endif /* ndef OPENSSL_NO_DH */ |
94d61512 | 1891 | |
76dfca87 RL |
1892 | /* |
1893 | * ctrl right now is just a wrapper that doesn't do much | |
1894 | * but I expect we'll want some options soon. | |
1895 | */ | |
098eb1a7 | 1896 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) |
76dfca87 | 1897 | { |
0f113f3e MC |
1898 | # ifdef HAVE_SYSLOG_R |
1899 | struct syslog_data sd = SYSLOG_DATA_INIT; | |
1900 | # endif | |
76dfca87 | 1901 | |
0f113f3e MC |
1902 | switch (cmd) { |
1903 | default: | |
1904 | # ifdef HAVE_SYSLOG_R | |
1905 | syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); | |
1906 | # else | |
1907 | syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); | |
1908 | # endif | |
1909 | break; | |
1910 | } | |
1911 | return (1); | |
76dfca87 RL |
1912 | } |
1913 | ||
b3599dbb | 1914 | void engine_load_cryptodev_int(void) |
76dfca87 | 1915 | { |
0f113f3e MC |
1916 | ENGINE *engine = ENGINE_new(); |
1917 | int fd; | |
1918 | ||
1919 | if (engine == NULL) | |
1920 | return; | |
1921 | if ((fd = get_dev_crypto()) < 0) { | |
1922 | ENGINE_free(engine); | |
1923 | return; | |
1924 | } | |
1925 | ||
1926 | /* | |
1927 | * find out what asymmetric crypto algorithms we support | |
1928 | */ | |
1929 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | |
1930 | put_dev_crypto(fd); | |
1931 | ENGINE_free(engine); | |
1932 | return; | |
1933 | } | |
1934 | put_dev_crypto(fd); | |
1935 | ||
1936 | if (!ENGINE_set_id(engine, "cryptodev") || | |
efcad82b | 1937 | !ENGINE_set_name(engine, "cryptodev engine") || |
24dfa621 | 1938 | !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) || |
0f113f3e MC |
1939 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || |
1940 | !ENGINE_set_digests(engine, cryptodev_engine_digests) || | |
1941 | !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || | |
1942 | !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { | |
1943 | ENGINE_free(engine); | |
1944 | return; | |
1945 | } | |
1946 | ||
04630522 BL |
1947 | cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL()); |
1948 | if (cryptodev_rsa != NULL) { | |
1949 | RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method"); | |
1950 | RSA_meth_set_flags(cryptodev_rsa, 0); | |
1951 | if (ENGINE_set_RSA(engine, cryptodev_rsa)) { | |
1952 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | |
1953 | RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp); | |
1954 | if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) | |
1955 | RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp); | |
1956 | else | |
1957 | RSA_meth_set_mod_exp(cryptodev_rsa, | |
1958 | cryptodev_rsa_nocrt_mod_exp); | |
1959 | } | |
0f113f3e | 1960 | } |
91395476 BL |
1961 | } else { |
1962 | ENGINE_free(engine); | |
1963 | return; | |
0f113f3e MC |
1964 | } |
1965 | ||
efcad82b | 1966 | # ifndef OPENSSL_NO_DSA |
6e9fa57c MC |
1967 | cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL()); |
1968 | if (cryptodev_dsa != NULL) { | |
a517f7fc | 1969 | DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method"); |
6e9fa57c MC |
1970 | DSA_meth_set_flags(cryptodev_dsa, 0); |
1971 | if (ENGINE_set_DSA(engine, cryptodev_dsa)) { | |
1972 | if (cryptodev_asymfeat & CRF_DSA_SIGN) | |
1973 | DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign); | |
1974 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | |
04630522 BL |
1975 | DSA_meth_set_bn_mod_exp(cryptodev_dsa, |
1976 | cryptodev_dsa_bn_mod_exp); | |
6e9fa57c MC |
1977 | DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp); |
1978 | } | |
1979 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) | |
1980 | DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify); | |
0f113f3e | 1981 | } |
6e9fa57c MC |
1982 | } else { |
1983 | ENGINE_free(engine); | |
1984 | return; | |
0f113f3e | 1985 | } |
efcad82b | 1986 | # endif |
0f113f3e | 1987 | |
efcad82b | 1988 | # ifndef OPENSSL_NO_DH |
04630522 BL |
1989 | cryptodev_dh = DH_meth_dup(DH_OpenSSL()); |
1990 | if (cryptodev_dh != NULL) { | |
1991 | DH_meth_set1_name(cryptodev_dh, "cryptodev DH method"); | |
1992 | DH_meth_set_flags(cryptodev_dh, 0); | |
1993 | if (ENGINE_set_DH(engine, cryptodev_dh)) { | |
1994 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | |
1995 | DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh); | |
1996 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) | |
1997 | DH_meth_set_compute_key(cryptodev_dh, | |
1998 | cryptodev_dh_compute_key); | |
1999 | } | |
0f113f3e | 2000 | } |
91395476 BL |
2001 | } else { |
2002 | ENGINE_free(engine); | |
2003 | return; | |
0f113f3e | 2004 | } |
efcad82b | 2005 | # endif |
0f113f3e MC |
2006 | |
2007 | ENGINE_add(engine); | |
2008 | ENGINE_free(engine); | |
2009 | ERR_clear_error(); | |
76dfca87 RL |
2010 | } |
2011 | ||
0f113f3e | 2012 | #endif /* HAVE_CRYPTODEV */ |