2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
3 * Copyright (c) 2002 Theo de Raadt
4 * Copyright (c) 2002 Markus Friedl
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #include <openssl/objects.h>
30 #include <internal/engine.h>
31 #include <openssl/evp.h>
32 #include <openssl/bn.h>
33 #include <openssl/crypto.h>
35 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
36 (defined(OpenBSD) || defined(__FreeBSD__))
37 # include <sys/param.h>
38 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
39 # define HAVE_CRYPTODEV
41 # if (OpenBSD >= 200110)
42 # define HAVE_SYSLOG_R
46 #include <sys/types.h>
48 # include <crypto/cryptodev.h>
49 # include <sys/ioctl.h>
60 # include <openssl/dh.h>
62 #include <openssl/dsa.h>
63 #include <openssl/err.h>
64 #include <openssl/rsa.h>
66 #ifndef HAVE_CRYPTODEV
68 void engine_load_cryptodev_internal(void)
70 /* This is a NOP on platforms without /dev/crypto */
76 struct dev_crypto_state
{
77 struct session_op d_sess
;
79 # ifdef USE_CRYPTODEV_DIGESTS
80 char dummy_mac_key
[HASH_MAX_LEN
];
81 unsigned char digest_res
[HASH_MAX_LEN
];
87 static u_int32_t cryptodev_asymfeat
= 0;
89 static int get_asym_dev_crypto(void);
90 static int open_dev_crypto(void);
91 static int get_dev_crypto(void);
92 static int get_cryptodev_ciphers(const int **cnids
);
93 # ifdef USE_CRYPTODEV_DIGESTS
94 static int get_cryptodev_digests(const int **cnids
);
96 static int cryptodev_usable_ciphers(const int **nids
);
97 static int cryptodev_usable_digests(const int **nids
);
98 static int cryptodev_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
99 const unsigned char *in
, size_t inl
);
100 static int cryptodev_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
101 const unsigned char *iv
, int enc
);
102 static int cryptodev_cleanup(EVP_CIPHER_CTX
*ctx
);
103 static int cryptodev_engine_ciphers(ENGINE
*e
, const EVP_CIPHER
**cipher
,
104 const int **nids
, int nid
);
105 static int cryptodev_engine_digests(ENGINE
*e
, const EVP_MD
**digest
,
106 const int **nids
, int nid
);
107 static int bn2crparam(const BIGNUM
*a
, struct crparam
*crp
);
108 static int crparam2bn(struct crparam
*crp
, BIGNUM
*a
);
109 static void zapparams(struct crypt_kop
*kop
);
110 static int cryptodev_asym(struct crypt_kop
*kop
, int rlen
, BIGNUM
*r
,
111 int slen
, BIGNUM
*s
);
113 static int cryptodev_bn_mod_exp(BIGNUM
*r
, const BIGNUM
*a
,
114 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
116 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
,
118 static int cryptodev_rsa_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
,
120 static int cryptodev_dsa_bn_mod_exp(DSA
*dsa
, BIGNUM
*r
, BIGNUM
*a
,
121 const BIGNUM
*p
, const BIGNUM
*m
,
122 BN_CTX
*ctx
, BN_MONT_CTX
*m_ctx
);
123 static int cryptodev_dsa_dsa_mod_exp(DSA
*dsa
, BIGNUM
*t1
, BIGNUM
*g
,
124 BIGNUM
*u1
, BIGNUM
*pub_key
, BIGNUM
*u2
,
125 BIGNUM
*p
, BN_CTX
*ctx
,
127 static DSA_SIG
*cryptodev_dsa_do_sign(const unsigned char *dgst
, int dlen
,
129 static int cryptodev_dsa_verify(const unsigned char *dgst
, int dgst_len
,
130 DSA_SIG
*sig
, DSA
*dsa
);
131 #ifndef OPENSSL_NO_DH
132 static int cryptodev_mod_exp_dh(const DH
*dh
, BIGNUM
*r
, const BIGNUM
*a
,
133 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
135 static int cryptodev_dh_compute_key(unsigned char *key
, const BIGNUM
*pub_key
,
138 static int cryptodev_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
,
140 void engine_load_cryptodev_internal(void);
142 static const ENGINE_CMD_DEFN cryptodev_defns
[] = {
153 CRYPTO_ARC4
, NID_rc4
, 0, 16,
156 CRYPTO_DES_CBC
, NID_des_cbc
, 8, 8,
159 CRYPTO_3DES_CBC
, NID_des_ede3_cbc
, 8, 24,
162 CRYPTO_AES_CBC
, NID_aes_128_cbc
, 16, 16,
165 CRYPTO_AES_CBC
, NID_aes_192_cbc
, 16, 24,
168 CRYPTO_AES_CBC
, NID_aes_256_cbc
, 16, 32,
170 # ifdef CRYPTO_AES_CTR
172 CRYPTO_AES_CTR
, NID_aes_128_ctr
, 14, 16,
175 CRYPTO_AES_CTR
, NID_aes_192_ctr
, 14, 24,
178 CRYPTO_AES_CTR
, NID_aes_256_ctr
, 14, 32,
182 CRYPTO_BLF_CBC
, NID_bf_cbc
, 8, 16,
185 CRYPTO_CAST_CBC
, NID_cast5_cbc
, 8, 16,
188 CRYPTO_SKIPJACK_CBC
, NID_undef
, 0, 0,
195 # ifdef USE_CRYPTODEV_DIGESTS
202 CRYPTO_MD5_HMAC
, NID_hmacWithMD5
, 16
205 CRYPTO_SHA1_HMAC
, NID_hmacWithSHA1
, 20
208 CRYPTO_RIPEMD160_HMAC
, NID_ripemd160
, 16
212 CRYPTO_MD5_KPDK
, NID_undef
, 0
215 CRYPTO_SHA1_KPDK
, NID_undef
, 0
218 CRYPTO_MD5
, NID_md5
, 16
221 CRYPTO_SHA1
, NID_sha1
, 20
230 * Return a fd if /dev/crypto seems usable, 0 otherwise.
232 static int open_dev_crypto(void)
237 if ((fd
= open("/dev/crypto", O_RDWR
, 0)) == -1)
240 if (fcntl(fd
, F_SETFD
, 1) == -1) {
249 static int get_dev_crypto(void)
253 if ((fd
= open_dev_crypto()) == -1)
255 # ifndef CRIOGET_NOT_NEEDED
256 if (ioctl(fd
, CRIOGET
, &retfd
) == -1)
260 if (fcntl(retfd
, F_SETFD
, 1) == -1) {
270 static void put_dev_crypto(int fd
)
272 # ifndef CRIOGET_NOT_NEEDED
277 /* Caching version for asym operations */
278 static int get_asym_dev_crypto(void)
283 fd
= get_dev_crypto();
288 * Find out what ciphers /dev/crypto will let us have a session for.
289 * XXX note, that some of these openssl doesn't deal with yet!
290 * returning them here is harmless, as long as we return NULL
291 * when asked for a handler in the cryptodev_engine_ciphers routine
293 static int get_cryptodev_ciphers(const int **cnids
)
295 static int nids
[CRYPTO_ALGORITHM_MAX
];
296 struct session_op sess
;
297 int fd
, i
, count
= 0;
299 if ((fd
= get_dev_crypto()) < 0) {
303 memset(&sess
, 0, sizeof(sess
));
304 sess
.key
= (caddr_t
) "123456789abcdefghijklmno";
306 for (i
= 0; ciphers
[i
].id
&& count
< CRYPTO_ALGORITHM_MAX
; i
++) {
307 if (ciphers
[i
].nid
== NID_undef
)
309 sess
.cipher
= ciphers
[i
].id
;
310 sess
.keylen
= ciphers
[i
].keylen
;
312 if (ioctl(fd
, CIOCGSESSION
, &sess
) != -1 &&
313 ioctl(fd
, CIOCFSESSION
, &sess
.ses
) != -1)
314 nids
[count
++] = ciphers
[i
].nid
;
325 # ifdef USE_CRYPTODEV_DIGESTS
327 * Find out what digests /dev/crypto will let us have a session for.
328 * XXX note, that some of these openssl doesn't deal with yet!
329 * returning them here is harmless, as long as we return NULL
330 * when asked for a handler in the cryptodev_engine_digests routine
332 static int get_cryptodev_digests(const int **cnids
)
334 static int nids
[CRYPTO_ALGORITHM_MAX
];
335 struct session_op sess
;
336 int fd
, i
, count
= 0;
338 if ((fd
= get_dev_crypto()) < 0) {
342 memset(&sess
, 0, sizeof(sess
));
343 sess
.mackey
= (caddr_t
) "123456789abcdefghijklmno";
344 for (i
= 0; digests
[i
].id
&& count
< CRYPTO_ALGORITHM_MAX
; i
++) {
345 if (digests
[i
].nid
== NID_undef
)
347 sess
.mac
= digests
[i
].id
;
348 sess
.mackeylen
= digests
[i
].keylen
;
350 if (ioctl(fd
, CIOCGSESSION
, &sess
) != -1 &&
351 ioctl(fd
, CIOCFSESSION
, &sess
.ses
) != -1)
352 nids
[count
++] = digests
[i
].nid
;
365 * Find the useable ciphers|digests from dev/crypto - this is the first
366 * thing called by the engine init crud which determines what it
367 * can use for ciphers from this engine. We want to return
368 * only what we can do, anything else is handled by software.
370 * If we can't initialize the device to do anything useful for
371 * any reason, we want to return a NULL array, and 0 length,
372 * which forces everything to be done is software. By putting
373 * the initialization of the device in here, we ensure we can
374 * use this engine as the default, and if for whatever reason
375 * /dev/crypto won't do what we want it will just be done in
378 * This can (should) be greatly expanded to perhaps take into
379 * account speed of the device, and what we want to do.
380 * (although the disabling of particular alg's could be controlled
381 * by the device driver with sysctl's.) - this is where we
382 * want most of the decisions made about what we actually want
383 * to use from /dev/crypto.
385 static int cryptodev_usable_ciphers(const int **nids
)
387 return (get_cryptodev_ciphers(nids
));
390 static int cryptodev_usable_digests(const int **nids
)
392 # ifdef USE_CRYPTODEV_DIGESTS
393 return (get_cryptodev_digests(nids
));
396 * XXXX just disable all digests for now, because it sucks.
397 * we need a better way to decide this - i.e. I may not
398 * want digests on slow cards like hifn on fast machines,
399 * but might want them on slow or loaded machines, etc.
400 * will also want them when using crypto cards that don't
401 * suck moose gonads - would be nice to be able to decide something
402 * as reasonable default without having hackery that's card dependent.
403 * of course, the default should probably be just do everything,
404 * with perhaps a sysctl to turn algorithms off (or have them off
405 * by default) on cards that generally suck like the hifn.
413 cryptodev_cipher(EVP_CIPHER_CTX
*ctx
, unsigned char *out
,
414 const unsigned char *in
, size_t inl
)
416 struct crypt_op cryp
;
417 struct dev_crypto_state
*state
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
418 struct session_op
*sess
= &state
->d_sess
;
420 unsigned char save_iv
[EVP_MAX_IV_LENGTH
];
426 if ((inl
% EVP_CIPHER_CTX_block_size(ctx
)) != 0)
429 memset(&cryp
, 0, sizeof(cryp
));
431 cryp
.ses
= sess
->ses
;
434 cryp
.src
= (caddr_t
) in
;
435 cryp
.dst
= (caddr_t
) out
;
438 cryp
.op
= EVP_CIPHER_CTX_encrypting(ctx
) ? COP_ENCRYPT
: COP_DECRYPT
;
440 if (EVP_CIPHER_CTX_iv_length(ctx
) > 0) {
441 cryp
.iv
= *(caddr_t
*) EVP_CIPHER_CTX_iv(ctx
);
442 if (!EVP_CIPHER_CTX_encrypting(ctx
)) {
443 iiv
= in
+ inl
- EVP_CIPHER_CTX_iv_length(ctx
);
444 memcpy(save_iv
, iiv
, EVP_CIPHER_CTX_iv_length(ctx
));
449 if (ioctl(state
->d_fd
, CIOCCRYPT
, &cryp
) == -1) {
451 * XXX need better error handling this can fail for a number of
457 if (EVP_CIPHER_CTX_iv_length(ctx
) > 0) {
458 if (EVP_CIPHER_CTX_encrypting(ctx
))
459 iiv
= out
+ inl
- EVP_CIPHER_CTX_iv_length(ctx
);
462 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx
), iiv
,
463 EVP_CIPHER_CTX_iv_length(ctx
));
469 cryptodev_init_key(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
470 const unsigned char *iv
, int enc
)
472 struct dev_crypto_state
*state
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
473 struct session_op
*sess
= &state
->d_sess
;
476 for (i
= 0; ciphers
[i
].id
; i
++)
477 if (EVP_CIPHER_CTX_nid(ctx
) == ciphers
[i
].nid
&&
478 EVP_CIPHER_CTX_iv_length(ctx
) <= ciphers
[i
].ivmax
&&
479 EVP_CIPHER_CTX_key_length(ctx
) == ciphers
[i
].keylen
) {
480 cipher
= ciphers
[i
].id
;
484 if (!ciphers
[i
].id
) {
489 memset(sess
, 0, sizeof(*sess
));
491 if ((state
->d_fd
= get_dev_crypto()) < 0)
494 sess
->key
= (caddr_t
) key
;
495 sess
->keylen
= EVP_CIPHER_CTX_key_length(ctx
);
496 sess
->cipher
= cipher
;
498 if (ioctl(state
->d_fd
, CIOCGSESSION
, sess
) == -1) {
499 put_dev_crypto(state
->d_fd
);
507 * free anything we allocated earlier when initing a
508 * session, and close the session.
510 static int cryptodev_cleanup(EVP_CIPHER_CTX
*ctx
)
513 struct dev_crypto_state
*state
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
514 struct session_op
*sess
= &state
->d_sess
;
520 * XXX if this ioctl fails, something's wrong. the invoker may have called
521 * us with a bogus ctx, or we could have a device that for whatever
522 * reason just doesn't want to play ball - it's not clear what's right
523 * here - should this be an error? should it just increase a counter,
524 * hmm. For right now, we return 0 - I don't believe that to be "right".
525 * we could call the gorpy openssl lib error handlers that print messages
526 * to users of the library. hmm..
529 if (ioctl(state
->d_fd
, CIOCFSESSION
, &sess
->ses
) == -1) {
534 put_dev_crypto(state
->d_fd
);
541 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
542 * gets called when libcrypto requests a cipher NID.
546 static EVP_CIPHER
*rc4_cipher
= NULL
;
547 static const EVP_CIPHER
*cryptodev_rc4(void)
549 if (rc4_cipher
== NULL
) {
552 if ((cipher
= EVP_CIPHER_meth_new(NID_rc4
, 1, 16)) == NULL
553 || !EVP_CIPHER_meth_set_iv_length(cipher
, 0)
554 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_VARIABLE_LENGTH
)
555 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
556 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
557 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
558 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))) {
559 EVP_CIPHER_meth_free(cipher
);
568 static EVP_CIPHER
*des_cbc_cipher
= NULL
;
569 static const EVP_CIPHER
*cryptodev_des_cbc(void)
571 if (des_cbc_cipher
== NULL
) {
574 if ((cipher
= EVP_CIPHER_meth_new(NID_des_cbc
, 8, 8)) == NULL
575 || !EVP_CIPHER_meth_set_iv_length(cipher
, 8)
576 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
577 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
578 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
579 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
580 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
581 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
582 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
583 EVP_CIPHER_meth_free(cipher
);
586 des_cbc_cipher
= cipher
;
588 return des_cbc_cipher
;
592 static EVP_CIPHER
*des3_cbc_cipher
= NULL
;
593 static const EVP_CIPHER
*cryptodev_3des_cbc(void)
595 if (des3_cbc_cipher
== NULL
) {
598 if ((cipher
= EVP_CIPHER_meth_new(NID_des_ede3_cbc
, 8, 24)) == NULL
599 || !EVP_CIPHER_meth_set_iv_length(cipher
, 8)
600 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
601 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
602 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
603 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
604 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
605 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
606 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
607 EVP_CIPHER_meth_free(cipher
);
610 des3_cbc_cipher
= cipher
;
612 return des3_cbc_cipher
;
615 static EVP_CIPHER
*bf_cbc_cipher
= NULL
;
616 static const EVP_CIPHER
*cryptodev_bf_cbc(void)
618 if (bf_cbc_cipher
== NULL
) {
621 if ((cipher
= EVP_CIPHER_meth_new(NID_bf_cbc
, 8, 16)) == NULL
622 || !EVP_CIPHER_meth_set_iv_length(cipher
, 8)
623 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
624 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
625 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
626 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
627 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
628 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
629 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
630 EVP_CIPHER_meth_free(cipher
);
633 bf_cbc_cipher
= cipher
;
635 return bf_cbc_cipher
;
638 static EVP_CIPHER
*cast_cbc_cipher
= NULL
;
639 static const EVP_CIPHER
*cryptodev_cast_cbc(void)
641 if (cast_cbc_cipher
== NULL
) {
644 if ((cipher
= EVP_CIPHER_meth_new(NID_cast5_cbc
, 8, 16)) == NULL
645 || !EVP_CIPHER_meth_set_iv_length(cipher
, 8)
646 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
647 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
648 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
649 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
650 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
651 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
652 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
653 EVP_CIPHER_meth_free(cipher
);
656 cast_cbc_cipher
= cipher
;
658 return cast_cbc_cipher
;
661 static EVP_CIPHER
*aes_cbc_cipher
= NULL
;
662 static const EVP_CIPHER
*cryptodev_aes_cbc(void)
664 if (aes_cbc_cipher
== NULL
) {
667 if ((cipher
= EVP_CIPHER_meth_new(NID_aes_128_cbc
, 16, 16)) == NULL
668 || !EVP_CIPHER_meth_set_iv_length(cipher
, 16)
669 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
670 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
671 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
672 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
673 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
674 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
675 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
676 EVP_CIPHER_meth_free(cipher
);
679 aes_cbc_cipher
= cipher
;
681 return aes_cbc_cipher
;
684 static EVP_CIPHER
*aes_192_cbc_cipher
= NULL
;
685 static const EVP_CIPHER
*cryptodev_aes_192_cbc(void)
687 if (aes_192_cbc_cipher
== NULL
) {
690 if ((cipher
= EVP_CIPHER_meth_new(NID_aes_192_cbc
, 16, 24)) == NULL
691 || !EVP_CIPHER_meth_set_iv_length(cipher
, 16)
692 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
693 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
694 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
695 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
696 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
697 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
698 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
699 EVP_CIPHER_meth_free(cipher
);
702 aes_192_cbc_cipher
= cipher
;
704 return aes_192_cbc_cipher
;
707 static EVP_CIPHER
*aes_256_cbc_cipher
= NULL
;
708 static const EVP_CIPHER
*cryptodev_aes_256_cbc(void)
710 if (aes_256_cbc_cipher
== NULL
) {
713 if ((cipher
= EVP_CIPHER_meth_new(NID_aes_256_cbc
, 16, 32)) == NULL
714 || !EVP_CIPHER_meth_set_iv_length(cipher
, 16)
715 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CBC_MODE
)
716 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
717 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
718 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
719 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
720 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
721 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
722 EVP_CIPHER_meth_free(cipher
);
725 aes_256_cbc_cipher
= cipher
;
727 return aes_256_cbc_cipher
;
730 # ifdef CRYPTO_AES_CTR
731 static EVP_CIPHER
*aes_ctr_cipher
= NULL
;
732 static const EVP_CIPHER
*cryptodev_aes_ctr(void)
734 if (aes_ctr_cipher
== NULL
) {
737 if ((cipher
= EVP_CIPHER_meth_new(NID_aes_128_ctr
, 16, 16)) == NULL
738 || !EVP_CIPHER_meth_set_iv_length(cipher
, 14)
739 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CTR_MODE
)
740 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
741 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
742 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
743 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
744 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
745 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
746 EVP_CIPHER_meth_free(cipher
);
749 aes_ctr_cipher
= cipher
;
751 return aes_ctr_cipher
;
754 static EVP_CIPHER
*aes_192_ctr_cipher
= NULL
;
755 static const EVP_CIPHER
*cryptodev_aes_192_ctr(void)
757 if (aes_192_ctr_cipher
== NULL
) {
760 if ((cipher
= EVP_CIPHER_meth_new(NID_aes_192_ctr
, 16, 24)) == NULL
761 || !EVP_CIPHER_meth_set_iv_length(cipher
, 14)
762 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CTR_MODE
)
763 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
764 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
765 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
766 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
767 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
768 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
769 EVP_CIPHER_meth_free(cipher
);
772 aes_192_ctr_cipher
= cipher
;
774 return aes_192_ctr_cipher
;
777 static EVP_CIPHER
*aes_256_ctr_cipher
= NULL
;
778 static const EVP_CIPHER
*cryptodev_aes_256_ctr(void)
780 if (aes_256_ctr_cipher
== NULL
) {
783 if ((cipher
= EVP_CIPHER_meth_new(NID_aes_256_ctr
, 16, 32)) == NULL
784 || !EVP_CIPHER_meth_set_iv_length(cipher
, 14)
785 || !EVP_CIPHER_meth_set_flags(cipher
, EVP_CIPH_CTR_MODE
)
786 || !EVP_CIPHER_meth_set_init(cipher
, cryptodev_init_key
)
787 || !EVP_CIPHER_meth_set_do_cipher(cipher
, cryptodev_cipher
)
788 || !EVP_CIPHER_meth_set_cleanup(cipher
, cryptodev_cleanup
)
789 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher
, sizeof(struct dev_crypto_state
))
790 || !EVP_CIPHER_meth_set_set_asn1_params(cipher
, EVP_CIPHER_set_asn1_iv
)
791 || !EVP_CIPHER_meth_set_get_asn1_params(cipher
, EVP_CIPHER_get_asn1_iv
)) {
792 EVP_CIPHER_meth_free(cipher
);
795 aes_256_ctr_cipher
= cipher
;
797 return aes_256_ctr_cipher
;
801 * Registered by the ENGINE when used to find out how to deal with
802 * a particular NID in the ENGINE. this says what we'll do at the
803 * top level - note, that list is restricted by what we answer with
806 cryptodev_engine_ciphers(ENGINE
*e
, const EVP_CIPHER
**cipher
,
807 const int **nids
, int nid
)
810 return (cryptodev_usable_ciphers(nids
));
814 *cipher
= cryptodev_rc4();
816 case NID_des_ede3_cbc
:
817 *cipher
= cryptodev_3des_cbc();
820 *cipher
= cryptodev_des_cbc();
823 *cipher
= cryptodev_bf_cbc();
826 *cipher
= cryptodev_cast_cbc();
828 case NID_aes_128_cbc
:
829 *cipher
= cryptodev_aes_cbc();
831 case NID_aes_192_cbc
:
832 *cipher
= cryptodev_aes_192_cbc();
834 case NID_aes_256_cbc
:
835 *cipher
= cryptodev_aes_256_cbc();
837 # ifdef CRYPTO_AES_CTR
838 case NID_aes_128_ctr
:
839 *cipher
= cryptodev_aes_ctr();
841 case NID_aes_192_ctr
:
842 *cipher
= cryptodev_aes_ctr_192();
844 case NID_aes_256_ctr
:
845 *cipher
= cryptodev_aes_ctr_256();
852 return (*cipher
!= NULL
);
855 # ifdef USE_CRYPTODEV_DIGESTS
857 /* convert digest type to cryptodev */
858 static int digest_nid_to_cryptodev(int nid
)
862 for (i
= 0; digests
[i
].id
; i
++)
863 if (digests
[i
].nid
== nid
)
864 return (digests
[i
].id
);
868 static int digest_key_length(int nid
)
872 for (i
= 0; digests
[i
].id
; i
++)
873 if (digests
[i
].nid
== nid
)
874 return digests
[i
].keylen
;
878 static int cryptodev_digest_init(EVP_MD_CTX
*ctx
)
880 struct dev_crypto_state
*state
= EVP_MD_CTX_md_data(ctx
);
881 struct session_op
*sess
= &state
->d_sess
;
884 if ((digest
= digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx
))) == NID_undef
) {
885 printf("cryptodev_digest_init: Can't get digest \n");
889 memset(state
, 0, sizeof(*state
));
891 if ((state
->d_fd
= get_dev_crypto()) < 0) {
892 printf("cryptodev_digest_init: Can't get Dev \n");
896 sess
->mackey
= state
->dummy_mac_key
;
897 sess
->mackeylen
= digest_key_length(EVP_MD_CTX_type(ctx
));
900 if (ioctl(state
->d_fd
, CIOCGSESSION
, sess
) < 0) {
901 put_dev_crypto(state
->d_fd
);
903 printf("cryptodev_digest_init: Open session failed\n");
910 static int cryptodev_digest_update(EVP_MD_CTX
*ctx
, const void *data
,
913 struct crypt_op cryp
;
914 struct dev_crypto_state
*state
= EVP_MD_CTX_md_data(ctx
);
915 struct session_op
*sess
= &state
->d_sess
;
918 if (!data
|| state
->d_fd
< 0) {
919 printf("cryptodev_digest_update: illegal inputs \n");
927 if (!EVP_MD_CTX_test_flags(ctx
, EVP_MD_CTX_FLAG_ONESHOT
)) {
928 /* if application doesn't support one buffer */
930 OPENSSL_realloc(state
->mac_data
, state
->mac_len
+ count
);
933 printf("cryptodev_digest_update: realloc failed\n");
936 state
->mac_data
= new_mac_data
;
938 memcpy(state
->mac_data
+ state
->mac_len
, data
, count
);
939 state
->mac_len
+= count
;
944 memset(&cryp
, 0, sizeof(cryp
));
946 cryp
.ses
= sess
->ses
;
949 cryp
.src
= (caddr_t
) data
;
951 cryp
.mac
= (caddr_t
) state
->digest_res
;
952 if (ioctl(state
->d_fd
, CIOCCRYPT
, &cryp
) < 0) {
953 printf("cryptodev_digest_update: digest failed\n");
959 static int cryptodev_digest_final(EVP_MD_CTX
*ctx
, unsigned char *md
)
961 struct crypt_op cryp
;
962 struct dev_crypto_state
*state
= EVP_MD_CTX_md_data(ctx
);
963 struct session_op
*sess
= &state
->d_sess
;
967 if (!md
|| state
->d_fd
< 0) {
968 printf("cryptodev_digest_final: illegal input\n");
972 if (!EVP_MD_CTX_test_flags(ctx
, EVP_MD_CTX_FLAG_ONESHOT
)) {
973 /* if application doesn't support one buffer */
974 memset(&cryp
, 0, sizeof(cryp
));
975 cryp
.ses
= sess
->ses
;
977 cryp
.len
= state
->mac_len
;
978 cryp
.src
= state
->mac_data
;
980 cryp
.mac
= (caddr_t
) md
;
981 if (ioctl(state
->d_fd
, CIOCCRYPT
, &cryp
) < 0) {
982 printf("cryptodev_digest_final: digest failed\n");
989 memcpy(md
, state
->digest_res
, EVP_MD_CTX_size(ctx
));
994 static int cryptodev_digest_cleanup(EVP_MD_CTX
*ctx
)
997 struct dev_crypto_state
*state
= EVP_MD_CTX_md_data(ctx
);
998 struct session_op
*sess
= &state
->d_sess
;
1003 if (state
->d_fd
< 0) {
1004 printf("cryptodev_digest_cleanup: illegal input\n");
1008 OPENSSL_free(state
->mac_data
);
1009 state
->mac_data
= NULL
;
1012 if (ioctl(state
->d_fd
, CIOCFSESSION
, &sess
->ses
) < 0) {
1013 printf("cryptodev_digest_cleanup: failed to close session\n");
1018 put_dev_crypto(state
->d_fd
);
1024 static int cryptodev_digest_copy(EVP_MD_CTX
*to
, const EVP_MD_CTX
*from
)
1026 struct dev_crypto_state
*fstate
= EVP_MD_CTX_md_data(from
);
1027 struct dev_crypto_state
*dstate
= EVP_MD_CTX_md_data(to
);
1028 struct session_op
*sess
;
1031 if (dstate
== NULL
|| fstate
== NULL
)
1034 memcpy(dstate
, fstate
, sizeof(struct dev_crypto_state
));
1036 sess
= &dstate
->d_sess
;
1038 digest
= digest_nid_to_cryptodev(EVP_MD_CTX_type(to
));
1040 sess
->mackey
= dstate
->dummy_mac_key
;
1041 sess
->mackeylen
= digest_key_length(EVP_MD_CTX_type(to
));
1044 dstate
->d_fd
= get_dev_crypto();
1046 if (ioctl(dstate
->d_fd
, CIOCGSESSION
, sess
) < 0) {
1047 put_dev_crypto(dstate
->d_fd
);
1049 printf("cryptodev_digest_copy: Open session failed\n");
1053 if (fstate
->mac_len
!= 0) {
1054 if (fstate
->mac_data
!= NULL
) {
1055 dstate
->mac_data
= OPENSSL_malloc(fstate
->mac_len
);
1056 if (dstate
->mac_data
== NULL
) {
1057 printf("cryptodev_digest_copy: mac_data allocation failed\n");
1060 memcpy(dstate
->mac_data
, fstate
->mac_data
, fstate
->mac_len
);
1061 dstate
->mac_len
= fstate
->mac_len
;
1068 static EVP_MD
*sha1_md
= NULL
;
1069 static const EVP_MD
*cryptodev_sha1(void)
1071 if (sha1_md
== NULL
) {
1074 if ((md
= EVP_MD_meth_new(NID_sha1
, NID_undef
)) == NULL
1075 || !EVP_MD_meth_set_result_size(md
, SHA_DIGEST_LENGTH
)
1076 || !EVP_MD_meth_set_flags(md
, EVP_MD_FLAG_ONESHOT
)
1077 || !EVP_MD_meth_set_input_blocksize(md
, SHA_CBLOCK
)
1078 || !EVP_MD_meth_set_app_datasize(md
,
1079 sizeof(struct dev_crypto_state
))
1080 || !EVP_MD_meth_set_init(md
, cryptodev_digest_init
)
1081 || !EVP_MD_meth_set_update(md
, cryptodev_digest_update
)
1082 || !EVP_MD_meth_set_final(md
, cryptodev_digest_final
)
1083 || !EVP_MD_meth_set_copy(md
, cryptodev_digest_copy
)
1084 || !EVP_MD_meth_set_cleanup(md
, cryptodev_digest_cleanup
)) {
1085 EVP_MD_meth_free(md
);
1093 static EVP_MD
*md5_md
= NULL
;
1094 static const EVP_MD
*cryptodev_md5(void)
1096 if (md5_md
== NULL
) {
1099 if ((md
= EVP_MD_meth_new(NID_md5
, NID_undef
)) == NULL
1100 || !EVP_MD_meth_set_result_size(md
, 16 /* MD5_DIGEST_LENGTH */)
1101 || !EVP_MD_meth_set_flags(md
, EVP_MD_FLAG_ONESHOT
)
1102 || !EVP_MD_meth_set_input_blocksize(md
, 64 /* MD5_CBLOCK */)
1103 || !EVP_MD_meth_set_app_datasize(md
,
1104 sizeof(struct dev_crypto_state
))
1105 || !EVP_MD_meth_set_init(md
, cryptodev_digest_init
)
1106 || !EVP_MD_meth_set_update(md
, cryptodev_digest_update
)
1107 || !EVP_MD_meth_set_final(md
, cryptodev_digest_final
)
1108 || !EVP_MD_meth_set_copy(md
, cryptodev_digest_copy
)
1109 || !EVP_MD_meth_set_cleanup(md
, cryptodev_digest_cleanup
)) {
1110 EVP_MD_meth_free(md
);
1118 # endif /* USE_CRYPTODEV_DIGESTS */
1121 cryptodev_engine_digests(ENGINE
*e
, const EVP_MD
**digest
,
1122 const int **nids
, int nid
)
1125 return (cryptodev_usable_digests(nids
));
1128 # ifdef USE_CRYPTODEV_DIGESTS
1130 *digest
= cryptodev_md5();
1133 *digest
= cryptodev_sha1();
1136 # endif /* USE_CRYPTODEV_DIGESTS */
1140 return (*digest
!= NULL
);
1143 static int cryptodev_engine_destroy(ENGINE
*e
)
1145 EVP_CIPHER_meth_free(rc4_cipher
);
1147 EVP_CIPHER_meth_free(des_cbc_cipher
);
1148 des_cbc_cipher
= NULL
;
1149 EVP_CIPHER_meth_free(des3_cbc_cipher
);
1150 des3_cbc_cipher
= NULL
;
1151 EVP_CIPHER_meth_free(bf_cbc_cipher
);
1152 bf_cbc_cipher
= NULL
;
1153 EVP_CIPHER_meth_free(cast_cbc_cipher
);
1154 cast_cbc_cipher
= NULL
;
1155 EVP_CIPHER_meth_free(aes_cbc_cipher
);
1156 aes_cbc_cipher
= NULL
;
1157 EVP_CIPHER_meth_free(aes_192_cbc_cipher
);
1158 aes_192_cbc_cipher
= NULL
;
1159 EVP_CIPHER_meth_free(aes_256_cbc_cipher
);
1160 aes_256_cbc_cipher
= NULL
;
1161 # ifdef CRYPTO_AES_CTR
1162 EVP_CIPHER_meth_free(aes_ctr_cipher
);
1163 aes_ctr_cipher
= NULL
;
1164 EVP_CIPHER_meth_free(aes_192_ctr_cipher
);
1165 aes_192_ctr_cipher
= NULL
;
1166 EVP_CIPHER_meth_free(aes_256_ctr_cipher
);
1167 aes_256_ctr_cipher
= NULL
;
1169 # ifdef USE_CRYPTODEV_DIGESTS
1170 EVP_MD_meth_free(sha1_md
);
1172 EVP_MD_meth_free(md5_md
);
1179 * Convert a BIGNUM to the representation that /dev/crypto needs.
1180 * Upon completion of use, the caller is responsible for freeing
1183 static int bn2crparam(const BIGNUM
*a
, struct crparam
*crp
)
1185 ssize_t bytes
, bits
;
1191 bits
= BN_num_bits(a
);
1192 bytes
= BN_num_bytes(a
);
1194 b
= OPENSSL_zalloc(bytes
);
1198 crp
->crp_p
= (caddr_t
) b
;
1199 crp
->crp_nbits
= bits
;
1205 /* Convert a /dev/crypto parameter to a BIGNUM */
1206 static int crparam2bn(struct crparam
*crp
, BIGNUM
*a
)
1211 bytes
= (crp
->crp_nbits
+ 7) / 8;
1216 if ((pd
= OPENSSL_malloc(bytes
)) == NULL
)
1219 for (i
= 0; i
< bytes
; i
++)
1220 pd
[i
] = crp
->crp_p
[bytes
- i
- 1];
1222 BN_bin2bn(pd
, bytes
, a
);
1228 static void zapparams(struct crypt_kop
*kop
)
1232 for (i
= 0; i
< kop
->crk_iparams
+ kop
->crk_oparams
; i
++) {
1233 if (kop
->crk_param
[i
].crp_p
)
1234 free(kop
->crk_param
[i
].crp_p
);
1235 kop
->crk_param
[i
].crp_p
= NULL
;
1236 kop
->crk_param
[i
].crp_nbits
= 0;
1241 cryptodev_asym(struct crypt_kop
*kop
, int rlen
, BIGNUM
*r
, int slen
,
1246 if ((fd
= get_asym_dev_crypto()) < 0)
1250 kop
->crk_param
[kop
->crk_iparams
].crp_p
= calloc(rlen
, sizeof(char));
1251 kop
->crk_param
[kop
->crk_iparams
].crp_nbits
= rlen
* 8;
1255 kop
->crk_param
[kop
->crk_iparams
+ 1].crp_p
=
1256 calloc(slen
, sizeof(char));
1257 kop
->crk_param
[kop
->crk_iparams
+ 1].crp_nbits
= slen
* 8;
1261 if (ioctl(fd
, CIOCKEY
, kop
) == 0) {
1263 crparam2bn(&kop
->crk_param
[kop
->crk_iparams
], r
);
1265 crparam2bn(&kop
->crk_param
[kop
->crk_iparams
+ 1], s
);
1273 cryptodev_bn_mod_exp(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
1274 const BIGNUM
*m
, BN_CTX
*ctx
, BN_MONT_CTX
*in_mont
)
1276 struct crypt_kop kop
;
1280 * Currently, we know we can do mod exp iff we can do any asymmetric
1281 * operations at all.
1283 if (cryptodev_asymfeat
== 0) {
1284 ret
= BN_mod_exp(r
, a
, p
, m
, ctx
);
1288 memset(&kop
, 0, sizeof(kop
));
1289 kop
.crk_op
= CRK_MOD_EXP
;
1291 /* inputs: a^p % m */
1292 if (bn2crparam(a
, &kop
.crk_param
[0]))
1294 if (bn2crparam(p
, &kop
.crk_param
[1]))
1296 if (bn2crparam(m
, &kop
.crk_param
[2]))
1298 kop
.crk_iparams
= 3;
1300 if (cryptodev_asym(&kop
, BN_num_bytes(m
), r
, 0, NULL
)) {
1301 const RSA_METHOD
*meth
= RSA_PKCS1_OpenSSL();
1302 printf("OCF asym process failed, Running in software\n");
1303 ret
= meth
->bn_mod_exp(r
, a
, p
, m
, ctx
, in_mont
);
1305 } else if (ECANCELED
== kop
.crk_status
) {
1306 const RSA_METHOD
*meth
= RSA_PKCS1_OpenSSL();
1307 printf("OCF hardware operation cancelled. Running in Software\n");
1308 ret
= meth
->bn_mod_exp(r
, a
, p
, m
, ctx
, in_mont
);
1310 /* else cryptodev operation worked ok ==> ret = 1 */
1318 cryptodev_rsa_nocrt_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
,
1323 r
= cryptodev_bn_mod_exp(r0
, I
, rsa
->d
, rsa
->n
, ctx
, NULL
);
1329 cryptodev_rsa_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
, BN_CTX
*ctx
)
1331 struct crypt_kop kop
;
1334 if (!rsa
->p
|| !rsa
->q
|| !rsa
->dmp1
|| !rsa
->dmq1
|| !rsa
->iqmp
) {
1335 /* XXX 0 means failure?? */
1339 memset(&kop
, 0, sizeof(kop
));
1340 kop
.crk_op
= CRK_MOD_EXP_CRT
;
1341 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1342 if (bn2crparam(rsa
->p
, &kop
.crk_param
[0]))
1344 if (bn2crparam(rsa
->q
, &kop
.crk_param
[1]))
1346 if (bn2crparam(I
, &kop
.crk_param
[2]))
1348 if (bn2crparam(rsa
->dmp1
, &kop
.crk_param
[3]))
1350 if (bn2crparam(rsa
->dmq1
, &kop
.crk_param
[4]))
1352 if (bn2crparam(rsa
->iqmp
, &kop
.crk_param
[5]))
1354 kop
.crk_iparams
= 6;
1356 if (cryptodev_asym(&kop
, BN_num_bytes(rsa
->n
), r0
, 0, NULL
)) {
1357 const RSA_METHOD
*meth
= RSA_PKCS1_OpenSSL();
1358 printf("OCF asym process failed, running in Software\n");
1359 ret
= (*meth
->rsa_mod_exp
) (r0
, I
, rsa
, ctx
);
1361 } else if (ECANCELED
== kop
.crk_status
) {
1362 const RSA_METHOD
*meth
= RSA_PKCS1_OpenSSL();
1363 printf("OCF hardware operation cancelled. Running in Software\n");
1364 ret
= (*meth
->rsa_mod_exp
) (r0
, I
, rsa
, ctx
);
1366 /* else cryptodev operation worked ok ==> ret = 1 */
1373 static RSA_METHOD cryptodev_rsa
= {
1374 "cryptodev RSA method",
1375 NULL
, /* rsa_pub_enc */
1376 NULL
, /* rsa_pub_dec */
1377 NULL
, /* rsa_priv_enc */
1378 NULL
, /* rsa_priv_dec */
1384 NULL
, /* app_data */
1385 NULL
, /* rsa_sign */
1386 NULL
/* rsa_verify */
1390 cryptodev_dsa_bn_mod_exp(DSA
*dsa
, BIGNUM
*r
, BIGNUM
*a
, const BIGNUM
*p
,
1391 const BIGNUM
*m
, BN_CTX
*ctx
, BN_MONT_CTX
*m_ctx
)
1393 return (cryptodev_bn_mod_exp(r
, a
, p
, m
, ctx
, m_ctx
));
1397 cryptodev_dsa_dsa_mod_exp(DSA
*dsa
, BIGNUM
*t1
, BIGNUM
*g
,
1398 BIGNUM
*u1
, BIGNUM
*pub_key
, BIGNUM
*u2
, BIGNUM
*p
,
1399 BN_CTX
*ctx
, BN_MONT_CTX
*mont
)
1408 /* v = ( g^u1 * y^u2 mod p ) mod q */
1409 /* let t1 = g ^ u1 mod p */
1412 if (!dsa
->meth
->bn_mod_exp(dsa
, t1
, dsa
->g
, u1
, dsa
->p
, ctx
, mont
))
1415 /* let t2 = y ^ u2 mod p */
1416 if (!dsa
->meth
->bn_mod_exp(dsa
, t2
, dsa
->pub_key
, u2
, dsa
->p
, ctx
, mont
))
1418 /* let u1 = t1 * t2 mod p */
1419 if (!BN_mod_mul(u1
, t1
, t2
, dsa
->p
, ctx
))
1430 static DSA_SIG
*cryptodev_dsa_do_sign(const unsigned char *dgst
, int dlen
,
1433 struct crypt_kop kop
;
1434 BIGNUM
*r
= NULL
, *s
= NULL
;
1435 DSA_SIG
*dsasig
, *dsaret
= NULL
;
1437 dsasig
= DSA_SIG_new();
1440 DSA_SIG_get0(&r
, &s
, dsasig
);
1442 memset(&kop
, 0, sizeof(kop
));
1443 kop
.crk_op
= CRK_DSA_SIGN
;
1445 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1446 kop
.crk_param
[0].crp_p
= (caddr_t
) dgst
;
1447 kop
.crk_param
[0].crp_nbits
= dlen
* 8;
1448 if (bn2crparam(dsa
->p
, &kop
.crk_param
[1]))
1450 if (bn2crparam(dsa
->q
, &kop
.crk_param
[2]))
1452 if (bn2crparam(dsa
->g
, &kop
.crk_param
[3]))
1454 if (bn2crparam(dsa
->priv_key
, &kop
.crk_param
[4]))
1456 kop
.crk_iparams
= 5;
1458 if (cryptodev_asym(&kop
, BN_num_bytes(dsa
->q
), r
,
1459 BN_num_bytes(dsa
->q
), s
) == 0) {
1462 const DSA_METHOD
*meth
= DSA_OpenSSL();
1463 dsaret
= (meth
->dsa_do_sign
) (dgst
, dlen
, dsa
);
1466 if (dsaret
!= dsasig
)
1467 DSA_SIG_free(dsasig
);
1468 kop
.crk_param
[0].crp_p
= NULL
;
1474 cryptodev_dsa_verify(const unsigned char *dgst
, int dlen
,
1475 DSA_SIG
*sig
, DSA
*dsa
)
1477 struct crypt_kop kop
;
1481 memset(&kop
, 0, sizeof(kop
));
1482 kop
.crk_op
= CRK_DSA_VERIFY
;
1484 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1485 kop
.crk_param
[0].crp_p
= (caddr_t
) dgst
;
1486 kop
.crk_param
[0].crp_nbits
= dlen
* 8;
1487 if (bn2crparam(dsa
->p
, &kop
.crk_param
[1]))
1489 if (bn2crparam(dsa
->q
, &kop
.crk_param
[2]))
1491 if (bn2crparam(dsa
->g
, &kop
.crk_param
[3]))
1493 if (bn2crparam(dsa
->pub_key
, &kop
.crk_param
[4]))
1495 DSA_SIG_get0(&pr
, &ps
, sig
);
1496 if (bn2crparam(pr
, &kop
.crk_param
[5]))
1498 if (bn2crparam(ps
, &kop
.crk_param
[6]))
1500 kop
.crk_iparams
= 7;
1502 if (cryptodev_asym(&kop
, 0, NULL
, 0, NULL
) == 0) {
1504 * OCF success value is 0, if not zero, change dsaret to fail
1506 if (0 != kop
.crk_status
)
1509 const DSA_METHOD
*meth
= DSA_OpenSSL();
1511 dsaret
= (meth
->dsa_do_verify
) (dgst
, dlen
, sig
, dsa
);
1514 kop
.crk_param
[0].crp_p
= NULL
;
1519 static DSA_METHOD cryptodev_dsa
= {
1520 "cryptodev DSA method",
1522 NULL
, /* dsa_sign_setup */
1524 NULL
, /* dsa_mod_exp */
1532 #ifndef OPENSSL_NO_DH
1534 cryptodev_mod_exp_dh(const DH
*dh
, BIGNUM
*r
, const BIGNUM
*a
,
1535 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
1538 return (cryptodev_bn_mod_exp(r
, a
, p
, m
, ctx
, m_ctx
));
1542 cryptodev_dh_compute_key(unsigned char *key
, const BIGNUM
*pub_key
, DH
*dh
)
1544 struct crypt_kop kop
;
1548 if ((fd
= get_asym_dev_crypto()) < 0) {
1549 const DH_METHOD
*meth
= DH_OpenSSL();
1551 return ((meth
->compute_key
) (key
, pub_key
, dh
));
1554 keylen
= BN_num_bits(dh
->p
);
1556 memset(&kop
, 0, sizeof(kop
));
1557 kop
.crk_op
= CRK_DH_COMPUTE_KEY
;
1559 /* inputs: dh->priv_key pub_key dh->p key */
1560 if (bn2crparam(dh
->priv_key
, &kop
.crk_param
[0]))
1562 if (bn2crparam(pub_key
, &kop
.crk_param
[1]))
1564 if (bn2crparam(dh
->p
, &kop
.crk_param
[2]))
1566 kop
.crk_iparams
= 3;
1568 kop
.crk_param
[3].crp_p
= (caddr_t
) key
;
1569 kop
.crk_param
[3].crp_nbits
= keylen
* 8;
1570 kop
.crk_oparams
= 1;
1572 if (ioctl(fd
, CIOCKEY
, &kop
) == -1) {
1573 const DH_METHOD
*meth
= DH_OpenSSL();
1575 dhret
= (meth
->compute_key
) (key
, pub_key
, dh
);
1578 kop
.crk_param
[3].crp_p
= NULL
;
1583 static DH_METHOD cryptodev_dh
= {
1584 "cryptodev DH method",
1585 NULL
, /* cryptodev_dh_generate_key */
1594 #endif /* ndef OPENSSL_NO_DH */
1597 * ctrl right now is just a wrapper that doesn't do much
1598 * but I expect we'll want some options soon.
1601 cryptodev_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
, void (*f
) (void))
1603 # ifdef HAVE_SYSLOG_R
1604 struct syslog_data sd
= SYSLOG_DATA_INIT
;
1609 # ifdef HAVE_SYSLOG_R
1610 syslog_r(LOG_ERR
, &sd
, "cryptodev_ctrl: unknown command %d", cmd
);
1612 syslog(LOG_ERR
, "cryptodev_ctrl: unknown command %d", cmd
);
1619 void engine_load_cryptodev_internal(void)
1621 ENGINE
*engine
= ENGINE_new();
1626 if ((fd
= get_dev_crypto()) < 0) {
1627 ENGINE_free(engine
);
1632 * find out what asymmetric crypto algorithms we support
1634 if (ioctl(fd
, CIOCASYMFEAT
, &cryptodev_asymfeat
) == -1) {
1636 ENGINE_free(engine
);
1641 if (!ENGINE_set_id(engine
, "cryptodev") ||
1642 !ENGINE_set_name(engine
, "BSD cryptodev engine") ||
1643 !ENGINE_set_destroy_function(engine
, cryptodev_engine_destroy
) ||
1644 !ENGINE_set_ciphers(engine
, cryptodev_engine_ciphers
) ||
1645 !ENGINE_set_digests(engine
, cryptodev_engine_digests
) ||
1646 !ENGINE_set_ctrl_function(engine
, cryptodev_ctrl
) ||
1647 !ENGINE_set_cmd_defns(engine
, cryptodev_defns
)) {
1648 ENGINE_free(engine
);
1652 if (ENGINE_set_RSA(engine
, &cryptodev_rsa
)) {
1653 const RSA_METHOD
*rsa_meth
= RSA_PKCS1_OpenSSL();
1655 cryptodev_rsa
.bn_mod_exp
= rsa_meth
->bn_mod_exp
;
1656 cryptodev_rsa
.rsa_mod_exp
= rsa_meth
->rsa_mod_exp
;
1657 cryptodev_rsa
.rsa_pub_enc
= rsa_meth
->rsa_pub_enc
;
1658 cryptodev_rsa
.rsa_pub_dec
= rsa_meth
->rsa_pub_dec
;
1659 cryptodev_rsa
.rsa_priv_enc
= rsa_meth
->rsa_priv_enc
;
1660 cryptodev_rsa
.rsa_priv_dec
= rsa_meth
->rsa_priv_dec
;
1661 if (cryptodev_asymfeat
& CRF_MOD_EXP
) {
1662 cryptodev_rsa
.bn_mod_exp
= cryptodev_bn_mod_exp
;
1663 if (cryptodev_asymfeat
& CRF_MOD_EXP_CRT
)
1664 cryptodev_rsa
.rsa_mod_exp
= cryptodev_rsa_mod_exp
;
1666 cryptodev_rsa
.rsa_mod_exp
= cryptodev_rsa_nocrt_mod_exp
;
1670 if (ENGINE_set_DSA(engine
, &cryptodev_dsa
)) {
1671 const DSA_METHOD
*meth
= DSA_OpenSSL();
1673 memcpy(&cryptodev_dsa
, meth
, sizeof(DSA_METHOD
));
1674 if (cryptodev_asymfeat
& CRF_DSA_SIGN
)
1675 cryptodev_dsa
.dsa_do_sign
= cryptodev_dsa_do_sign
;
1676 if (cryptodev_asymfeat
& CRF_MOD_EXP
) {
1677 cryptodev_dsa
.bn_mod_exp
= cryptodev_dsa_bn_mod_exp
;
1678 cryptodev_dsa
.dsa_mod_exp
= cryptodev_dsa_dsa_mod_exp
;
1680 if (cryptodev_asymfeat
& CRF_DSA_VERIFY
)
1681 cryptodev_dsa
.dsa_do_verify
= cryptodev_dsa_verify
;
1684 #ifndef OPENSSL_NO_DH
1685 if (ENGINE_set_DH(engine
, &cryptodev_dh
)) {
1686 const DH_METHOD
*dh_meth
= DH_OpenSSL();
1688 cryptodev_dh
.generate_key
= dh_meth
->generate_key
;
1689 cryptodev_dh
.compute_key
= dh_meth
->compute_key
;
1690 cryptodev_dh
.bn_mod_exp
= dh_meth
->bn_mod_exp
;
1691 if (cryptodev_asymfeat
& CRF_MOD_EXP
) {
1692 cryptodev_dh
.bn_mod_exp
= cryptodev_mod_exp_dh
;
1693 if (cryptodev_asymfeat
& CRF_DH_COMPUTE_KEY
)
1694 cryptodev_dh
.compute_key
= cryptodev_dh_compute_key
;
1700 ENGINE_free(engine
);
1704 #endif /* HAVE_CRYPTODEV */