[thirdparty/openssl.git] / crypto / evp / openbsd_hw.c

/* Written by Ben Laurie, 2001 */
/*
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
#include "evp_locl.h"

/*
 * This stuff should now all be supported through
 * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
 */
static void *dummy = &dummy;

#if 0

/* check flag after OpenSSL headers to ensure make depend works */
# ifdef OPENSSL_OPENBSD_DEV_CRYPTO

#  include <fcntl.h>
#  include <stdio.h>
#  include <errno.h>
#  include <sys/ioctl.h>
#  include <crypto/cryptodev.h>
#  include <unistd.h>
#  include <assert.h>

/* longest key supported in hardware */
#  define MAX_HW_KEY      24
#  define MAX_HW_IV       8

#  define MD5_DIGEST_LENGTH       16
#  define MD5_CBLOCK              64

static int fd;
static int dev_failed;

typedef struct session_op session_op;

#  define CDATA(ctx) EVP_C_DATA(session_op,ctx)

static void err(const char *str)
{
    fprintf(stderr, "%s: errno %d\n", str, errno);
}

static int dev_crypto_init(session_op *ses)
{
    if (dev_failed)
        return 0;
    if (!fd) {
        int cryptodev_fd;

        if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
            err("/dev/crypto");
            dev_failed = 1;
            return 0;
        }
        if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
            err("CRIOGET failed");
            close(cryptodev_fd);
            dev_failed = 1;
            return 0;
        }
        close(cryptodev_fd);
    }
    assert(ses);
    memset(ses, '\0', sizeof *ses);

    return 1;
}

static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
{
    if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
        err("CIOCFSESSION failed");

    OPENSSL_free(CDATA(ctx)->key);

    return 1;
}

static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
                               const unsigned char *key, int klen)
{
    if (!dev_crypto_init(CDATA(ctx)))
        return 0;

    CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
    if (CDATA(ctx)->key == NULL)
        return 0;

    assert(ctx->cipher->iv_len <= MAX_HW_IV);

    memcpy(CDATA(ctx)->key, key, klen);

    CDATA(ctx)->cipher = cipher;
    CDATA(ctx)->keylen = klen;

    if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
        err("CIOCGSESSION failed");
        return 0;
    }
    return 1;
}

static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, unsigned int inl)
{
    struct crypt_op cryp;
    unsigned char lb[MAX_HW_IV];

    if (!inl)
        return 1;

    assert(CDATA(ctx));
    assert(!dev_failed);

    memset(&cryp, '\0', sizeof cryp);
    cryp.ses = CDATA(ctx)->ses;
    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
    cryp.flags = 0;
    cryp.len = inl;
    assert((inl & (ctx->cipher->block_size - 1)) == 0);
    cryp.src = (caddr_t) in;
    cryp.dst = (caddr_t) out;
    cryp.mac = 0;
    if (ctx->cipher->iv_len)
        cryp.iv = (caddr_t) ctx->iv;

    if (!ctx->encrypt)
        memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);

    if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
        if (errno == EINVAL) {  /* buffers are misaligned */
            unsigned int cinl = 0;
            char *cin = NULL;
            char *cout = NULL;

            /* NB: this can only make cinl != inl with stream ciphers */
            cinl = (inl + 3) / 4 * 4;

            if (((unsigned long)in & 3) || cinl != inl) {
                cin = OPENSSL_malloc(cinl);
                if (cin == NULL)
                    return 0;
                memcpy(cin, in, inl);
                cryp.src = cin;
            }

            if (((unsigned long)out & 3) || cinl != inl) {
                cout = OPENSSL_malloc(cinl);
                if (cout == NULL) {
                    if (cin != NULL)
                        OPENSSL_free(cin);
                    return 0;
                }
                cryp.dst = cout;
            }

            cryp.len = cinl;

            if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
                err("CIOCCRYPT(2) failed");
                printf("src=%p dst=%p\n", cryp.src, cryp.dst);
                abort();
                return 0;
            }

            if (cout) {
                memcpy(out, cout, inl);
                OPENSSL_free(cout);
            }
            if (cin)
                OPENSSL_free(cin);
        } else {
            err("CIOCCRYPT failed");
            abort();
            return 0;
        }
    }

    if (ctx->encrypt)
        memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
               ctx->cipher->iv_len);
    else
        memcpy(ctx->iv, lb, ctx->cipher->iv_len);

    return 1;
}

static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
                                        const unsigned char *key,
                                        const unsigned char *iv, int enc)
{
    return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
}

#  define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher

BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
                     0, dev_crypto_des_ede3_init_key,
                     dev_crypto_cleanup,
                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *key,
                                   const unsigned char *iv, int enc)
{
    return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
}

static const EVP_CIPHER r4_cipher = {
    NID_rc4,
    1, 16, 0,                   /* FIXME: key should be up to 256 bytes */
    EVP_CIPH_VARIABLE_LENGTH,
    dev_crypto_rc4_init_key,
    dev_crypto_cipher,
    dev_crypto_cleanup,
    sizeof(session_op),
    NULL,
    NULL,
    NULL
};

const EVP_CIPHER *EVP_dev_crypto_rc4(void)
{
    return &r4_cipher;
}

typedef struct {
    session_op sess;
    char *data;
    int len;
    unsigned char md[EVP_MAX_MD_SIZE];
} MD_DATA;

static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
{
    if (!dev_crypto_init(&md_data->sess))
        return 0;

    md_data->len = 0;
    md_data->data = NULL;

    md_data->sess.mac = mac;

    if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
        err("CIOCGSESSION failed");
        return 0;
    }
    return 1;
}

static int dev_crypto_cleanup_digest(MD_DATA *md_data)
{
    if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
        err("CIOCFSESSION failed");
        return 0;
    }

    return 1;
}

/* FIXME: if device can do chained MACs, then don't accumulate */
/* FIXME: move accumulation to the framework */
static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
{
    return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
}

static int do_digest(int ses, unsigned char *md, const void *data, int len)
{
    struct crypt_op cryp;
    static const unsigned char md5zero[16] = {
        0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
        0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
    };

    /* some cards can't do zero length */
    if (!len) {
        memcpy(md, md5zero, 16);
        return 1;
    }

    memset(&cryp, '\0', sizeof cryp);
    cryp.ses = ses;
    cryp.op = COP_ENCRYPT;      /* required to do the MAC rather than check
                                 * it */
    cryp.len = len;
    cryp.src = (caddr_t) data;
    cryp.dst = (caddr_t) data;  // FIXME!!!
    cryp.mac = (caddr_t) md;

    if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
        if (errno == EINVAL) {  /* buffer is misaligned */
            char *dcopy;

            dcopy = OPENSSL_malloc(len);
            memcpy(dcopy, data, len);
            cryp.src = dcopy;
            cryp.dst = cryp.src; // FIXME!!!

            if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
                err("CIOCCRYPT(MAC2) failed");
                abort();
                return 0;
            }
            OPENSSL_free(dcopy);
        } else {
            err("CIOCCRYPT(MAC) failed");
            abort();
            return 0;
        }
    }
    // printf("done\n");

    return 1;
}

static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
                                 unsigned long len)
{
    MD_DATA *md_data = ctx->md_data;
    char *tmp_md_data;

    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
        return do_digest(md_data->sess.ses, md_data->md, data, len);

    tmp_md_data = OPENSSL_realloc(md_data->data, md_data->len + len);
    if (tmp_md_data == NULL)
        return 0;
    md_data->data = tmp_md_data;
    memcpy(md_data->data + md_data->len, data, len);
    md_data->len += len;

    return 1;
}

static int dev_crypto_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
    int ret;
    MD_DATA *md_data = ctx->md_data;

    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
        memcpy(md, md_data->md, MD5_DIGEST_LENGTH);
        ret = 1;
    } else {
        ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
        OPENSSL_free(md_data->data);
        md_data->data = NULL;
        md_data->len = 0;
    }

    return ret;
}

static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
    const MD_DATA *from_md = from->md_data;
    MD_DATA *to_md = to->md_data;

    // How do we copy sessions?
    assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);

    to_md->data = OPENSSL_malloc(from_md->len);
    if (to_md->data == NULL)
        return 0;
    memcpy(to_md->data, from_md->data, from_md->len);

    return 1;
}

static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
{
    return dev_crypto_cleanup_digest(ctx->md_data);
}

static const EVP_MD md5_md = {
    NID_md5,
    NID_md5WithRSAEncryption,
    MD5_DIGEST_LENGTH,
    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
    dev_crypto_md5_init,
    dev_crypto_md5_update,
    dev_crypto_md5_final,
    dev_crypto_md5_copy,
    dev_crypto_md5_cleanup,
    EVP_PKEY_RSA_method,
    MD5_CBLOCK,
    sizeof(MD_DATA),
};

const EVP_MD *EVP_dev_crypto_md5(void)
{
    return &md5_md;
}

# endif
#endif
Commit	Line	Data
0e360199	1	/* Written by Ben Laurie, 2001 */
c518ade1	2	/*
0e360199	3	* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
c518ade1 BL	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* 1. Redistributions of source code must retain the above copyright
0f113f3e	10	* notice, this list of conditions and the following disclaimer.
c518ade1 BL	11	*
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* 3. All advertising materials mentioning features or use of this
	18	* software must display the following acknowledgment:
	19	* "This product includes software developed by the OpenSSL Project
	20	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	21	*
	22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	23	* endorse or promote products derived from this software without
	24	* prior written permission. For written permission, please contact
	25	* openssl-core@openssl.org.
	26	*
	27	* 5. Products derived from this software may not be called "OpenSSL"
	28	* nor may "OpenSSL" appear in their names without prior written
	29	* permission of the OpenSSL Project.
	30	*
	31	* 6. Redistributions of any form whatsoever must retain the following
	32	* acknowledgment:
	33	* "This product includes software developed by the OpenSSL Project
	34	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	35	*
	36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	47	* OF THE POSSIBILITY OF SUCH DAMAGE.
	48	*/
	49
931a23a5 BM	50	#include <openssl/evp.h>
	51	#include <openssl/objects.h>
	52	#include <openssl/rsa.h>
	53	#include "evp_locl.h"
	54
0f113f3e MC	55	/*
	56	* This stuff should now all be supported through
	57	* crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
	58	*/
	59	static void *dummy = &dummy;
11a57c7b GT	60
	61	#if 0
	62
931a23a5	63	/* check flag after OpenSSL headers to ensure make depend works */
0f113f3e	64	# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
931a23a5	65
0f113f3e MC	66	# include <fcntl.h>
	67	# include <stdio.h>
	68	# include <errno.h>
	69	# include <sys/ioctl.h>
	70	# include <crypto/cryptodev.h>
	71	# include <unistd.h>
	72	# include <assert.h>
c518ade1	73
dbfc0f8c	74	/* longest key supported in hardware */
0f113f3e MC	75	# define MAX_HW_KEY 24
0f113f3e MC	76	# define MAX_HW_IV 8
c518ade1	77
0f113f3e MC	78	# define MD5_DIGEST_LENGTH 16
0f113f3e MC	79	# define MD5_CBLOCK 64
35e33f0e	80
c518ade1 BL	81	static int fd;
	82	static int dev_failed;
	83
1ba01caa BL	84	typedef struct session_op session_op;
1ba01caa BL	85
0f113f3e	86	# define CDATA(ctx) EVP_C_DATA(session_op,ctx)
1ba01caa	87
c518ade1	88	static void err(const char *str)
0f113f3e MC	89	{
	90	fprintf(stderr, "%s: errno %d\n", str, errno);
	91	}
c518ade1	92
35e33f0e	93	static int dev_crypto_init(session_op *ses)
0f113f3e MC	94	{
	95	if (dev_failed)
	96	return 0;
	97	if (!fd) {
	98	int cryptodev_fd;
	99
	100	if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
	101	err("/dev/crypto");
	102	dev_failed = 1;
	103	return 0;
	104	}
	105	if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
	106	err("CRIOGET failed");
	107	close(cryptodev_fd);
	108	dev_failed = 1;
	109	return 0;
	110	}
	111	close(cryptodev_fd);
	112	}
35e33f0e	113	assert(ses);
0f113f3e	114	memset(ses, '\0', sizeof *ses);
1ba01caa	115
c518ade1	116	return 1;
0f113f3e	117	}
c518ade1 BL	118
c518ade1 BL	119	static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
0f113f3e MC	120	{
	121	if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
	122	err("CIOCFSESSION failed");
c518ade1	123
26188931	124	OPENSSL_free(CDATA(ctx)->key);
c518ade1 BL	125
c518ade1 BL	126	return 1;
0f113f3e	127	}
c518ade1	128
0f113f3e MC	129	static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
	130	const unsigned char *key, int klen)
	131	{
	132	if (!dev_crypto_init(CDATA(ctx)))
	133	return 0;
82b22305	134
0f113f3e	135	CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
c84029db JM	136	if (CDATA(ctx)->key == NULL)
c84029db JM	137	return 0;
35e33f0e	138
82b22305 BL	139	assert(ctx->cipher->iv_len <= MAX_HW_IV);
82b22305 BL	140
0f113f3e	141	memcpy(CDATA(ctx)->key, key, klen);
35e33f0e	142
0f113f3e MC	143	CDATA(ctx)->cipher = cipher;
	144	CDATA(ctx)->keylen = klen;
	145
	146	if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
	147	err("CIOCGSESSION failed");
	148	return 0;
35e33f0e	149	}
0f113f3e MC	150	return 1;
0f113f3e MC	151	}
35e33f0e	152
0f113f3e MC	153	static int dev_crypto_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
	154	const unsigned char *in, unsigned int inl)
	155	{
c518ade1	156	struct crypt_op cryp;
82b22305	157	unsigned char lb[MAX_HW_IV];
c518ade1	158
0f113f3e MC	159	if (!inl)
0f113f3e MC	160	return 1;
35e33f0e	161
26188931	162	assert(CDATA(ctx));
c518ade1 BL	163	assert(!dev_failed);
c518ade1 BL	164
0f113f3e MC	165	memset(&cryp, '\0', sizeof cryp);
	166	cryp.ses = CDATA(ctx)->ses;
	167	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
	168	cryp.flags = 0;
	169	cryp.len = inl;
	170	assert((inl & (ctx->cipher->block_size - 1)) == 0);
	171	cryp.src = (caddr_t) in;
	172	cryp.dst = (caddr_t) out;
	173	cryp.mac = 0;
	174	if (ctx->cipher->iv_len)
	175	cryp.iv = (caddr_t) ctx->iv;
	176
	177	if (!ctx->encrypt)
	178	memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);
	179
	180	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	181	if (errno == EINVAL) { /* buffers are misaligned */
	182	unsigned int cinl = 0;
	183	char *cin = NULL;
	184	char *cout = NULL;
	185
	186	/* NB: this can only make cinl != inl with stream ciphers */
	187	cinl = (inl + 3) / 4 * 4;
	188
	189	if (((unsigned long)in & 3) \|\| cinl != inl) {
	190	cin = OPENSSL_malloc(cinl);
	191	if (cin == NULL)
	192	return 0;
	193	memcpy(cin, in, inl);
	194	cryp.src = cin;
	195	}
	196
	197	if (((unsigned long)out & 3) \|\| cinl != inl) {
	198	cout = OPENSSL_malloc(cinl);
	199	if (cout == NULL) {
	200	if (cin != NULL)
	201	OPENSSL_free(cin);
	202	return 0;
	203	}
	204	cryp.dst = cout;
	205	}
	206
	207	cryp.len = cinl;
	208
	209	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	210	err("CIOCCRYPT(2) failed");
	211	printf("src=%p dst=%p\n", cryp.src, cryp.dst);
	212	abort();
	213	return 0;
	214	}
	215
	216	if (cout) {
	217	memcpy(out, cout, inl);
	218	OPENSSL_free(cout);
	219	}
	220	if (cin)
	221	OPENSSL_free(cin);
	222	} else {
	223	err("CIOCCRYPT failed");
	224	abort();
	225	return 0;
	226	}
	227	}
	228
229	if (ctx->encrypt)
230	memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
231	ctx->cipher->iv_len);
c518ade1	232	else
0f113f3e	233	memcpy(ctx->iv, lb, ctx->cipher->iv_len);
c518ade1 BL	234
c518ade1 BL	235	return 1;
0f113f3e	236	}
c518ade1	237
82b22305	238	static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
0f113f3e MC	239	const unsigned char *key,
	240	const unsigned char *iv, int enc)
	241	{
	242	return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
	243	}
82b22305	244
0f113f3e	245	# define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
82b22305	246
1ba01caa	247	BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
0f113f3e MC	248	0, dev_crypto_des_ede3_init_key,
	249	dev_crypto_cleanup,
	250	EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
82b22305 BL	251
82b22305 BL	252	static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
0f113f3e MC	253	const unsigned char *key,
	254	const unsigned char *iv, int enc)
	255	{
	256	return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
	257	}
82b22305	258
0f113f3e	259	static const EVP_CIPHER r4_cipher = {
82b22305	260	NID_rc4,
0f113f3e	261	1, 16, 0, /* FIXME: key should be up to 256 bytes */
82b22305 BL	262	EVP_CIPH_VARIABLE_LENGTH,
	263	dev_crypto_rc4_init_key,
	264	dev_crypto_cipher,
	265	dev_crypto_cleanup,
	266	sizeof(session_op),
	267	NULL,
	268	NULL,
	269	NULL
0f113f3e	270	};
82b22305 BL	271
82b22305 BL	272	const EVP_CIPHER *EVP_dev_crypto_rc4(void)
0f113f3e MC	273	{
	274	return &r4_cipher;
	275	}
82b22305	276
0f113f3e	277	typedef struct {
26188931 BL	278	session_op sess;
	279	char *data;
	280	int len;
	281	unsigned char md[EVP_MAX_MD_SIZE];
0f113f3e	282	} MD_DATA;
35e33f0e	283
0f113f3e MC	284	static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
	285	{
	286	if (!dev_crypto_init(&md_data->sess))
	287	return 0;
35e33f0e	288
0f113f3e MC	289	md_data->len = 0;
0f113f3e MC	290	md_data->data = NULL;
35e33f0e	291
0f113f3e	292	md_data->sess.mac = mac;
26188931	293
0f113f3e MC	294	if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
	295	err("CIOCGSESSION failed");
	296	return 0;
35e33f0e	297	}
0f113f3e MC	298	return 1;
0f113f3e MC	299	}
35e33f0e	300
e8330cf5	301	static int dev_crypto_cleanup_digest(MD_DATA *md_data)
0f113f3e MC	302	{
	303	if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
	304	err("CIOCFSESSION failed");
	305	return 0;
	306	}
e8330cf5 BL	307
e8330cf5 BL	308	return 1;
0f113f3e	309	}
e8330cf5	310
26188931 BL	311	/* FIXME: if device can do chained MACs, then don't accumulate */
	312	/* FIXME: move accumulation to the framework */
	313	static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
0f113f3e MC	314	{
	315	return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
	316	}
26188931	317
0f113f3e MC	318	static int do_digest(int ses, unsigned char md, const void data, int len)
0f113f3e MC	319	{
35e33f0e	320	struct crypt_op cryp;
0f113f3e MC	321	static const unsigned char md5zero[16] = {
	322	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
	323	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
	324	};
26188931 BL	325
26188931 BL	326	/* some cards can't do zero length */
0f113f3e MC	327	if (!len) {
	328	memcpy(md, md5zero, 16);
	329	return 1;
	330	}
26188931	331
0f113f3e MC	332	memset(&cryp, '\0', sizeof cryp);
	333	cryp.ses = ses;
	334	cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check
	335	* it */
	336	cryp.len = len;
	337	cryp.src = (caddr_t) data;
	338	cryp.dst = (caddr_t) data; // FIXME!!!
	339	cryp.mac = (caddr_t) md;
	340
	341	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	342	if (errno == EINVAL) { /* buffer is misaligned */
	343	char *dcopy;
	344
	345	dcopy = OPENSSL_malloc(len);
	346	memcpy(dcopy, data, len);
	347	cryp.src = dcopy;
	348	cryp.dst = cryp.src; // FIXME!!!
	349
	350	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	351	err("CIOCCRYPT(MAC2) failed");
	352	abort();
	353	return 0;
	354	}
	355	OPENSSL_free(dcopy);
	356	} else {
	357	err("CIOCCRYPT(MAC) failed");
	358	abort();
	359	return 0;
	360	}
26188931	361	}
0f113f3e	362	// printf("done\n");
26188931	363
0f113f3e MC	364	return 1;
	365	}
	366
	367	static int dev_crypto_md5_update(EVP_MD_CTX ctx, const void data,
	368	unsigned long len)
	369	{
	370	MD_DATA *md_data = ctx->md_data;
771e0c6c	371	char *tmp_md_data;
26188931	372
0f113f3e MC	373	if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
0f113f3e MC	374	return do_digest(md_data->sess.ses, md_data->md, data, len);
26188931	375
0f113f3e	376	tmp_md_data = OPENSSL_realloc(md_data->data, md_data->len + len);
771e0c6c	377	if (tmp_md_data == NULL)
0f113f3e MC	378	return 0;
	379	md_data->data = tmp_md_data;
	380	memcpy(md_data->data + md_data->len, data, len);
	381	md_data->len += len;
26188931 BL	382
26188931 BL	383	return 1;
0f113f3e	384	}
26188931	385
0f113f3e MC	386	static int dev_crypto_md5_final(EVP_MD_CTX ctx, unsigned char md)
0f113f3e MC	387	{
26188931	388	int ret;
0f113f3e MC	389	MD_DATA *md_data = ctx->md_data;
	390
	391	if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
	392	memcpy(md, md_data->md, MD5_DIGEST_LENGTH);
	393	ret = 1;
	394	} else {
	395	ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
	396	OPENSSL_free(md_data->data);
	397	md_data->data = NULL;
	398	md_data->len = 0;
	399	}
26188931 BL	400
26188931 BL	401	return ret;
0f113f3e	402	}
26188931	403
0f113f3e MC	404	static int dev_crypto_md5_copy(EVP_MD_CTX to, const EVP_MD_CTX from)
	405	{
	406	const MD_DATA *from_md = from->md_data;
	407	MD_DATA *to_md = to->md_data;
26188931 BL	408
26188931 BL	409	// How do we copy sessions?
0f113f3e	410	assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
26188931	411
0f113f3e	412	to_md->data = OPENSSL_malloc(from_md->len);
6f77f82b	413	if (to_md->data == NULL)
0f113f3e MC	414	return 0;
0f113f3e MC	415	memcpy(to_md->data, from_md->data, from_md->len);
35e33f0e	416
35e33f0e	417	return 1;
0f113f3e	418	}
35e33f0e	419
e8330cf5	420	static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
0f113f3e	421	{
e8330cf5	422	return dev_crypto_cleanup_digest(ctx->md_data);
0f113f3e	423	}
e8330cf5	424
0f113f3e	425	static const EVP_MD md5_md = {
35e33f0e BL	426	NID_md5,
	427	NID_md5WithRSAEncryption,
	428	MD5_DIGEST_LENGTH,
0f113f3e	429	EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
35e33f0e BL	430	dev_crypto_md5_init,
	431	dev_crypto_md5_update,
	432	dev_crypto_md5_final,
26188931	433	dev_crypto_md5_copy,
e8330cf5	434	dev_crypto_md5_cleanup,
35e33f0e BL	435	EVP_PKEY_RSA_method,
35e33f0e BL	436	MD5_CBLOCK,
26188931	437	sizeof(MD_DATA),
0f113f3e	438	};
35e33f0e BL	439
35e33f0e BL	440	const EVP_MD *EVP_dev_crypto_md5(void)
0f113f3e MC	441	{
	442	return &md5_md;
	443	}
35e33f0e	444
0f113f3e	445	# endif
11a57c7b	446	#endif