[thirdparty/openssl.git] / crypto / evp / openbsd_hw.c

/* Written by Ben Laurie, 2001 */
/*
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
#include "evp_locl.h"

/*
 * This stuff should now all be supported through
 * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
 */
static void *dummy = &dummy;

#if 0

/* check flag after OpenSSL headers to ensure make depend works */
# ifdef OPENSSL_OPENBSD_DEV_CRYPTO

#  include <fcntl.h>
#  include <stdio.h>
#  include <errno.h>
#  include <sys/ioctl.h>
#  include <crypto/cryptodev.h>
#  include <unistd.h>
#  include <assert.h>

/* longest key supported in hardware */
#  define MAX_HW_KEY      24
#  define MAX_HW_IV       8

#  define MD5_DIGEST_LENGTH       16
#  define MD5_CBLOCK              64

static int fd;
static int dev_failed;

typedef struct session_op session_op;

#  define CDATA(ctx) EVP_C_DATA(session_op,ctx)

static void err(const char *str)
{
    fprintf(stderr, "%s: errno %d\n", str, errno);
}

static int dev_crypto_init(session_op *ses)
{
    if (dev_failed)
        return 0;
    if (!fd) {
        int cryptodev_fd;

        if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
            err("/dev/crypto");
            dev_failed = 1;
            return 0;
        }
        if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
            err("CRIOGET failed");
            close(cryptodev_fd);
            dev_failed = 1;
            return 0;
        }
        close(cryptodev_fd);
    }
    assert(ses);
    memset(ses, '\0', sizeof *ses);

    return 1;
}

static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
{
    if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
        err("CIOCFSESSION failed");

    OPENSSL_free(CDATA(ctx)->key);

    return 1;
}

static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
                               const unsigned char *key, int klen)
{
    if (!dev_crypto_init(CDATA(ctx)))
        return 0;

    CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);

    assert(ctx->cipher->iv_len <= MAX_HW_IV);

    memcpy(CDATA(ctx)->key, key, klen);

    CDATA(ctx)->cipher = cipher;
    CDATA(ctx)->keylen = klen;

    if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
        err("CIOCGSESSION failed");
        return 0;
    }
    return 1;
}

static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, unsigned int inl)
{
    struct crypt_op cryp;
    unsigned char lb[MAX_HW_IV];

    if (!inl)
        return 1;

    assert(CDATA(ctx));
    assert(!dev_failed);

    memset(&cryp, '\0', sizeof cryp);
    cryp.ses = CDATA(ctx)->ses;
    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
    cryp.flags = 0;
    cryp.len = inl;
    assert((inl & (ctx->cipher->block_size - 1)) == 0);
    cryp.src = (caddr_t) in;
    cryp.dst = (caddr_t) out;
    cryp.mac = 0;
    if (ctx->cipher->iv_len)
        cryp.iv = (caddr_t) ctx->iv;

    if (!ctx->encrypt)
        memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);

    if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
        if (errno == EINVAL) {  /* buffers are misaligned */
            unsigned int cinl = 0;
            char *cin = NULL;
            char *cout = NULL;

            /* NB: this can only make cinl != inl with stream ciphers */
            cinl = (inl + 3) / 4 * 4;

            if (((unsigned long)in & 3) || cinl != inl) {
                cin = OPENSSL_malloc(cinl);
                memcpy(cin, in, inl);
                cryp.src = cin;
            }

            if (((unsigned long)out & 3) || cinl != inl) {
                cout = OPENSSL_malloc(cinl);
                cryp.dst = cout;
            }

            cryp.len = cinl;

            if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
                err("CIOCCRYPT(2) failed");
                printf("src=%p dst=%p\n", cryp.src, cryp.dst);
                abort();
                return 0;
            }

            if (cout) {
                memcpy(out, cout, inl);
                OPENSSL_free(cout);
            }
            if (cin)
                OPENSSL_free(cin);
        } else {
            err("CIOCCRYPT failed");
            abort();
            return 0;
        }
    }

    if (ctx->encrypt)
        memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
               ctx->cipher->iv_len);
    else
        memcpy(ctx->iv, lb, ctx->cipher->iv_len);

    return 1;
}

static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
                                        const unsigned char *key,
                                        const unsigned char *iv, int enc)
{
    return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
}

#  define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher

BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
                     0, dev_crypto_des_ede3_init_key,
                     dev_crypto_cleanup,
                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *key,
                                   const unsigned char *iv, int enc)
{
    return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
}

static const EVP_CIPHER r4_cipher = {
    NID_rc4,
    1, 16, 0,                   /* FIXME: key should be up to 256 bytes */
    EVP_CIPH_VARIABLE_LENGTH,
    dev_crypto_rc4_init_key,
    dev_crypto_cipher,
    dev_crypto_cleanup,
    sizeof(session_op),
    NULL,
    NULL,
    NULL
};

const EVP_CIPHER *EVP_dev_crypto_rc4(void)
{
    return &r4_cipher;
}

typedef struct {
    session_op sess;
    char *data;
    int len;
    unsigned char md[EVP_MAX_MD_SIZE];
} MD_DATA;

static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
{
    if (!dev_crypto_init(&md_data->sess))
        return 0;

    md_data->len = 0;
    md_data->data = NULL;

    md_data->sess.mac = mac;

    if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
        err("CIOCGSESSION failed");
        return 0;
    }
    return 1;
}

static int dev_crypto_cleanup_digest(MD_DATA *md_data)
{
    if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
        err("CIOCFSESSION failed");
        return 0;
    }

    return 1;
}

/* FIXME: if device can do chained MACs, then don't accumulate */
/* FIXME: move accumulation to the framework */
static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
{
    return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
}

static int do_digest(int ses, unsigned char *md, const void *data, int len)
{
    struct crypt_op cryp;
    static unsigned char md5zero[16] = {
        0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
        0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
    };

    /* some cards can't do zero length */
    if (!len) {
        memcpy(md, md5zero, 16);
        return 1;
    }

    memset(&cryp, '\0', sizeof cryp);
    cryp.ses = ses;
    cryp.op = COP_ENCRYPT;      /* required to do the MAC rather than check
                                 * it */
    cryp.len = len;
    cryp.src = (caddr_t) data;
    cryp.dst = (caddr_t) data;  // FIXME!!!
    cryp.mac = (caddr_t) md;

    if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
        if (errno == EINVAL) {  /* buffer is misaligned */
            char *dcopy;

            dcopy = OPENSSL_malloc(len);
            memcpy(dcopy, data, len);
            cryp.src = dcopy;
            cryp.dst = cryp.src; // FIXME!!!

            if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
                err("CIOCCRYPT(MAC2) failed");
                abort();
                return 0;
            }
            OPENSSL_free(dcopy);
        } else {
            err("CIOCCRYPT(MAC) failed");
            abort();
            return 0;
        }
    }
    // printf("done\n");

    return 1;
}

static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
                                 unsigned long len)
{
    MD_DATA *md_data = ctx->md_data;

    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
        return do_digest(md_data->sess.ses, md_data->md, data, len);

    md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
    memcpy(md_data->data + md_data->len, data, len);
    md_data->len += len;

    return 1;
}

static int dev_crypto_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
    int ret;
    MD_DATA *md_data = ctx->md_data;

    if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
        memcpy(md, md_data->md, MD5_DIGEST_LENGTH);
        ret = 1;
    } else {
        ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
        OPENSSL_free(md_data->data);
        md_data->data = NULL;
        md_data->len = 0;
    }

    return ret;
}

static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
    const MD_DATA *from_md = from->md_data;
    MD_DATA *to_md = to->md_data;

    // How do we copy sessions?
    assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);

    to_md->data = OPENSSL_malloc(from_md->len);
    memcpy(to_md->data, from_md->data, from_md->len);

    return 1;
}

static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
{
    return dev_crypto_cleanup_digest(ctx->md_data);
}

static const EVP_MD md5_md = {
    NID_md5,
    NID_md5WithRSAEncryption,
    MD5_DIGEST_LENGTH,
    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
    dev_crypto_md5_init,
    dev_crypto_md5_update,
    dev_crypto_md5_final,
    dev_crypto_md5_copy,
    dev_crypto_md5_cleanup,
    EVP_PKEY_RSA_method,
    MD5_CBLOCK,
    sizeof(MD_DATA),
};

const EVP_MD *EVP_dev_crypto_md5(void)
{
    return &md5_md;
}

# endif
#endif
Commit	Line	Data
0e360199	1	/* Written by Ben Laurie, 2001 */
c518ade1	2	/*
0e360199	3	* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
c518ade1 BL	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* 1. Redistributions of source code must retain the above copyright
40720ce3	10	* notice, this list of conditions and the following disclaimer.
c518ade1 BL	11	*
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* 3. All advertising materials mentioning features or use of this
	18	* software must display the following acknowledgment:
	19	* "This product includes software developed by the OpenSSL Project
	20	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	21	*
	22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	23	* endorse or promote products derived from this software without
	24	* prior written permission. For written permission, please contact
	25	* openssl-core@openssl.org.
	26	*
	27	* 5. Products derived from this software may not be called "OpenSSL"
	28	* nor may "OpenSSL" appear in their names without prior written
	29	* permission of the OpenSSL Project.
	30	*
	31	* 6. Redistributions of any form whatsoever must retain the following
	32	* acknowledgment:
	33	* "This product includes software developed by the OpenSSL Project
	34	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	35	*
	36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	47	* OF THE POSSIBILITY OF SUCH DAMAGE.
	48	*/
	49
931a23a5 BM	50	#include <openssl/evp.h>
	51	#include <openssl/objects.h>
	52	#include <openssl/rsa.h>
	53	#include "evp_locl.h"
	54
40720ce3 MC	55	/*
	56	* This stuff should now all be supported through
	57	* crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
	58	*/
	59	static void *dummy = &dummy;
11a57c7b GT	60
	61	#if 0
	62
931a23a5	63	/* check flag after OpenSSL headers to ensure make depend works */
40720ce3	64	# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
931a23a5	65
40720ce3 MC	66	# include <fcntl.h>
	67	# include <stdio.h>
	68	# include <errno.h>
	69	# include <sys/ioctl.h>
	70	# include <crypto/cryptodev.h>
	71	# include <unistd.h>
	72	# include <assert.h>
c518ade1	73
dbfc0f8c	74	/* longest key supported in hardware */
40720ce3 MC	75	# define MAX_HW_KEY 24
40720ce3 MC	76	# define MAX_HW_IV 8
c518ade1	77
40720ce3 MC	78	# define MD5_DIGEST_LENGTH 16
40720ce3 MC	79	# define MD5_CBLOCK 64
35e33f0e	80
c518ade1 BL	81	static int fd;
	82	static int dev_failed;
	83
1ba01caa BL	84	typedef struct session_op session_op;
1ba01caa BL	85
40720ce3	86	# define CDATA(ctx) EVP_C_DATA(session_op,ctx)
1ba01caa	87
c518ade1	88	static void err(const char *str)
40720ce3 MC	89	{
	90	fprintf(stderr, "%s: errno %d\n", str, errno);
	91	}
c518ade1	92
35e33f0e	93	static int dev_crypto_init(session_op *ses)
40720ce3 MC	94	{
	95	if (dev_failed)
	96	return 0;
	97	if (!fd) {
	98	int cryptodev_fd;
	99
	100	if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
	101	err("/dev/crypto");
	102	dev_failed = 1;
	103	return 0;
	104	}
	105	if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
	106	err("CRIOGET failed");
	107	close(cryptodev_fd);
	108	dev_failed = 1;
	109	return 0;
	110	}
	111	close(cryptodev_fd);
	112	}
35e33f0e	113	assert(ses);
40720ce3	114	memset(ses, '\0', sizeof *ses);
1ba01caa	115
c518ade1	116	return 1;
40720ce3	117	}
c518ade1 BL	118
c518ade1 BL	119	static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
40720ce3 MC	120	{
	121	if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
	122	err("CIOCFSESSION failed");
c518ade1	123
26188931	124	OPENSSL_free(CDATA(ctx)->key);
c518ade1 BL	125
c518ade1 BL	126	return 1;
40720ce3	127	}
c518ade1	128
40720ce3 MC	129	static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
	130	const unsigned char *key, int klen)
	131	{
	132	if (!dev_crypto_init(CDATA(ctx)))
	133	return 0;
82b22305	134
40720ce3	135	CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
35e33f0e	136
82b22305 BL	137	assert(ctx->cipher->iv_len <= MAX_HW_IV);
82b22305 BL	138
40720ce3	139	memcpy(CDATA(ctx)->key, key, klen);
35e33f0e	140
40720ce3 MC	141	CDATA(ctx)->cipher = cipher;
	142	CDATA(ctx)->keylen = klen;
	143
	144	if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
	145	err("CIOCGSESSION failed");
	146	return 0;
35e33f0e	147	}
40720ce3 MC	148	return 1;
40720ce3 MC	149	}
35e33f0e	150
40720ce3 MC	151	static int dev_crypto_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
	152	const unsigned char *in, unsigned int inl)
	153	{
c518ade1	154	struct crypt_op cryp;
82b22305	155	unsigned char lb[MAX_HW_IV];
c518ade1	156
40720ce3 MC	157	if (!inl)
40720ce3 MC	158	return 1;
35e33f0e	159
26188931	160	assert(CDATA(ctx));
c518ade1 BL	161	assert(!dev_failed);
c518ade1 BL	162
40720ce3 MC	163	memset(&cryp, '\0', sizeof cryp);
	164	cryp.ses = CDATA(ctx)->ses;
	165	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
	166	cryp.flags = 0;
	167	cryp.len = inl;
	168	assert((inl & (ctx->cipher->block_size - 1)) == 0);
	169	cryp.src = (caddr_t) in;
	170	cryp.dst = (caddr_t) out;
	171	cryp.mac = 0;
	172	if (ctx->cipher->iv_len)
	173	cryp.iv = (caddr_t) ctx->iv;
	174
	175	if (!ctx->encrypt)
	176	memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);
	177
	178	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	179	if (errno == EINVAL) { /* buffers are misaligned */
	180	unsigned int cinl = 0;
	181	char *cin = NULL;
	182	char *cout = NULL;
	183
	184	/* NB: this can only make cinl != inl with stream ciphers */
	185	cinl = (inl + 3) / 4 * 4;
	186
	187	if (((unsigned long)in & 3) \|\| cinl != inl) {
	188	cin = OPENSSL_malloc(cinl);
	189	memcpy(cin, in, inl);
	190	cryp.src = cin;
	191	}
	192
	193	if (((unsigned long)out & 3) \|\| cinl != inl) {
	194	cout = OPENSSL_malloc(cinl);
	195	cryp.dst = cout;
	196	}
	197
	198	cryp.len = cinl;
	199
	200	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	201	err("CIOCCRYPT(2) failed");
	202	printf("src=%p dst=%p\n", cryp.src, cryp.dst);
	203	abort();
	204	return 0;
	205	}
	206
	207	if (cout) {
	208	memcpy(out, cout, inl);
	209	OPENSSL_free(cout);
	210	}
	211	if (cin)
	212	OPENSSL_free(cin);
	213	} else {
	214	err("CIOCCRYPT failed");
	215	abort();
	216	return 0;
	217	}
	218	}
	219
	220	if (ctx->encrypt)
	221	memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
	222	ctx->cipher->iv_len);
c518ade1	223	else
40720ce3	224	memcpy(ctx->iv, lb, ctx->cipher->iv_len);
c518ade1 BL	225
c518ade1 BL	226	return 1;
40720ce3	227	}
c518ade1	228
82b22305	229	static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
40720ce3 MC	230	const unsigned char *key,
	231	const unsigned char *iv, int enc)
	232	{
	233	return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
	234	}
82b22305	235
40720ce3	236	# define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
82b22305	237
1ba01caa	238	BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
40720ce3 MC	239	0, dev_crypto_des_ede3_init_key,
	240	dev_crypto_cleanup,
	241	EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
82b22305 BL	242
82b22305 BL	243	static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
40720ce3 MC	244	const unsigned char *key,
	245	const unsigned char *iv, int enc)
	246	{
	247	return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
	248	}
82b22305	249
40720ce3	250	static const EVP_CIPHER r4_cipher = {
82b22305	251	NID_rc4,
40720ce3	252	1, 16, 0, /* FIXME: key should be up to 256 bytes */
82b22305 BL	253	EVP_CIPH_VARIABLE_LENGTH,
	254	dev_crypto_rc4_init_key,
	255	dev_crypto_cipher,
	256	dev_crypto_cleanup,
	257	sizeof(session_op),
	258	NULL,
	259	NULL,
	260	NULL
40720ce3	261	};
82b22305 BL	262
82b22305 BL	263	const EVP_CIPHER *EVP_dev_crypto_rc4(void)
40720ce3 MC	264	{
	265	return &r4_cipher;
	266	}
82b22305	267
40720ce3	268	typedef struct {
26188931 BL	269	session_op sess;
	270	char *data;
	271	int len;
	272	unsigned char md[EVP_MAX_MD_SIZE];
40720ce3	273	} MD_DATA;
35e33f0e	274
40720ce3 MC	275	static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
	276	{
	277	if (!dev_crypto_init(&md_data->sess))
	278	return 0;
35e33f0e	279
40720ce3 MC	280	md_data->len = 0;
40720ce3 MC	281	md_data->data = NULL;
35e33f0e	282
40720ce3	283	md_data->sess.mac = mac;
26188931	284
40720ce3 MC	285	if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
	286	err("CIOCGSESSION failed");
	287	return 0;
35e33f0e	288	}
40720ce3 MC	289	return 1;
40720ce3 MC	290	}
35e33f0e	291
e8330cf5	292	static int dev_crypto_cleanup_digest(MD_DATA *md_data)
40720ce3 MC	293	{
	294	if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
	295	err("CIOCFSESSION failed");
	296	return 0;
	297	}
e8330cf5 BL	298
e8330cf5 BL	299	return 1;
40720ce3	300	}
e8330cf5	301
26188931 BL	302	/* FIXME: if device can do chained MACs, then don't accumulate */
	303	/* FIXME: move accumulation to the framework */
	304	static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
40720ce3 MC	305	{
	306	return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
	307	}
26188931	308
40720ce3 MC	309	static int do_digest(int ses, unsigned char md, const void data, int len)
40720ce3 MC	310	{
35e33f0e	311	struct crypt_op cryp;
40720ce3 MC	312	static unsigned char md5zero[16] = {
	313	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
	314	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
	315	};
26188931 BL	316
26188931 BL	317	/* some cards can't do zero length */
40720ce3 MC	318	if (!len) {
	319	memcpy(md, md5zero, 16);
	320	return 1;
	321	}
26188931	322
40720ce3 MC	323	memset(&cryp, '\0', sizeof cryp);
	324	cryp.ses = ses;
	325	cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check
	326	* it */
	327	cryp.len = len;
	328	cryp.src = (caddr_t) data;
	329	cryp.dst = (caddr_t) data; // FIXME!!!
	330	cryp.mac = (caddr_t) md;
	331
	332	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	333	if (errno == EINVAL) { /* buffer is misaligned */
	334	char *dcopy;
	335
	336	dcopy = OPENSSL_malloc(len);
	337	memcpy(dcopy, data, len);
	338	cryp.src = dcopy;
	339	cryp.dst = cryp.src; // FIXME!!!
	340
	341	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
	342	err("CIOCCRYPT(MAC2) failed");
	343	abort();
	344	return 0;
	345	}
	346	OPENSSL_free(dcopy);
	347	} else {
	348	err("CIOCCRYPT(MAC) failed");
	349	abort();
	350	return 0;
	351	}
26188931	352	}
40720ce3 MC	353	// printf("done\n");
	354
	355	return 1;
	356	}
26188931	357
40720ce3 MC	358	static int dev_crypto_md5_update(EVP_MD_CTX ctx, const void data,
	359	unsigned long len)
	360	{
	361	MD_DATA *md_data = ctx->md_data;
26188931	362
40720ce3 MC	363	if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
40720ce3 MC	364	return do_digest(md_data->sess.ses, md_data->md, data, len);
26188931	365
40720ce3 MC	366	md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
	367	memcpy(md_data->data + md_data->len, data, len);
	368	md_data->len += len;
26188931 BL	369
26188931 BL	370	return 1;
40720ce3	371	}
26188931	372
40720ce3 MC	373	static int dev_crypto_md5_final(EVP_MD_CTX ctx, unsigned char md)
40720ce3 MC	374	{
26188931	375	int ret;
40720ce3 MC	376	MD_DATA *md_data = ctx->md_data;
	377
	378	if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
	379	memcpy(md, md_data->md, MD5_DIGEST_LENGTH);
	380	ret = 1;
	381	} else {
	382	ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
	383	OPENSSL_free(md_data->data);
	384	md_data->data = NULL;
	385	md_data->len = 0;
	386	}
26188931 BL	387
26188931 BL	388	return ret;
40720ce3	389	}
26188931	390
40720ce3 MC	391	static int dev_crypto_md5_copy(EVP_MD_CTX to, const EVP_MD_CTX from)
	392	{
	393	const MD_DATA *from_md = from->md_data;
	394	MD_DATA *to_md = to->md_data;
26188931 BL	395
26188931 BL	396	// How do we copy sessions?
40720ce3	397	assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
26188931	398
40720ce3 MC	399	to_md->data = OPENSSL_malloc(from_md->len);
40720ce3 MC	400	memcpy(to_md->data, from_md->data, from_md->len);
35e33f0e	401
35e33f0e	402	return 1;
40720ce3	403	}
35e33f0e	404
e8330cf5	405	static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
40720ce3	406	{
e8330cf5	407	return dev_crypto_cleanup_digest(ctx->md_data);
40720ce3	408	}
e8330cf5	409
40720ce3	410	static const EVP_MD md5_md = {
35e33f0e BL	411	NID_md5,
	412	NID_md5WithRSAEncryption,
	413	MD5_DIGEST_LENGTH,
40720ce3	414	EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
35e33f0e BL	415	dev_crypto_md5_init,
	416	dev_crypto_md5_update,
	417	dev_crypto_md5_final,
26188931	418	dev_crypto_md5_copy,
e8330cf5	419	dev_crypto_md5_cleanup,
35e33f0e BL	420	EVP_PKEY_RSA_method,
35e33f0e BL	421	MD5_CBLOCK,
26188931	422	sizeof(MD_DATA),
40720ce3	423	};
35e33f0e BL	424
35e33f0e BL	425	const EVP_MD *EVP_dev_crypto_md5(void)
40720ce3 MC	426	{
	427	return &md5_md;
	428	}
35e33f0e	429
40720ce3	430	# endif
11a57c7b	431	#endif