diff options
| author | deraadt <> | 2014-06-10 16:15:19 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-06-10 16:15:19 +0000 |
| commit | 7cff78e6d2f228bcb76663cf6ece9d865170ae8b (patch) | |
| tree | e3fb959ef1d725df151d0687e2bad88e6cba120e /src | |
| parent | 1f0ada29dbbd22c18c51187561c2eb01d2a776b2 (diff) | |
| download | openbsd-7cff78e6d2f228bcb76663cf6ece9d865170ae8b.tar.gz openbsd-7cff78e6d2f228bcb76663cf6ece9d865170ae8b.tar.bz2 openbsd-7cff78e6d2f228bcb76663cf6ece9d865170ae8b.zip | |
Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receives
collateral damage.
The syncronous nature of this mechanism has hampered performance for
symmetric crypto relative to brute-force cpu. The assymetric crypto
support never really materialized in drivers.
So abandon the complexity.
ok tedu beck mikeb
some disagrement from djm but if he wants to test /dev/crypto ciphers
he should do it without this this gigantic API in the way
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/crypto/Makefile | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/engine/eng_all.c | 18 | ||||
| -rw-r--r-- | src/lib/libcrypto/engine/engine.h | 5 | ||||
| -rw-r--r-- | src/lib/libcrypto/engine/hw_cryptodev.c | 1343 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/c_all.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/engine/eng_all.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/engine/engine.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/engine/hw_cryptodev.c | 1343 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/evp/c_all.c | 3 |
9 files changed, 4 insertions, 2738 deletions
diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile index 1e2ce774d3..e71912dd57 100644 --- a/src/lib/libcrypto/crypto/Makefile +++ b/src/lib/libcrypto/crypto/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.38 2014/06/02 15:08:38 deraadt Exp $ | 1 | # $OpenBSD: Makefile,v 1.39 2014/06/10 16:15:19 deraadt Exp $ |
| 2 | 2 | ||
| 3 | LIB= crypto | 3 | LIB= crypto |
| 4 | 4 | ||
| @@ -132,7 +132,7 @@ SRCS+= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c | |||
| 132 | SRCS+= eng_table.c eng_pkey.c eng_fat.c eng_all.c | 132 | SRCS+= eng_table.c eng_pkey.c eng_fat.c eng_all.c |
| 133 | SRCS+= tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c | 133 | SRCS+= tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c |
| 134 | SRCS+= tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c | 134 | SRCS+= tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c |
| 135 | SRCS+= eng_openssl.c eng_cnf.c eng_dyn.c hw_cryptodev.c | 135 | SRCS+= eng_openssl.c eng_cnf.c eng_dyn.c |
| 136 | SRCS+= eng_rsax.c | 136 | SRCS+= eng_rsax.c |
| 137 | # XXX unnecessary? handled in EVP now... | 137 | # XXX unnecessary? handled in EVP now... |
| 138 | # SRCS+= eng_aesni.c # local addition | 138 | # SRCS+= eng_aesni.c # local addition |
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index eb933153e1..4d07299efe 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c | |||
| @@ -71,9 +71,7 @@ ENGINE_load_builtin_engines(void) | |||
| 71 | * *no* builtin implementations). */ | 71 | * *no* builtin implementations). */ |
| 72 | ENGINE_load_openssl(); | 72 | ENGINE_load_openssl(); |
| 73 | #endif | 73 | #endif |
| 74 | #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) | 74 | |
| 75 | ENGINE_load_cryptodev(); | ||
| 76 | #endif | ||
| 77 | #ifndef OPENSSL_NO_RSAX | 75 | #ifndef OPENSSL_NO_RSAX |
| 78 | ENGINE_load_rsax(); | 76 | ENGINE_load_rsax(); |
| 79 | #endif | 77 | #endif |
| @@ -87,17 +85,3 @@ ENGINE_load_builtin_engines(void) | |||
| 87 | #endif | 85 | #endif |
| 88 | ENGINE_register_all_complete(); | 86 | ENGINE_register_all_complete(); |
| 89 | } | 87 | } |
| 90 | |||
| 91 | #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | ||
| 92 | void | ||
| 93 | ENGINE_setup_bsd_cryptodev(void) | ||
| 94 | { | ||
| 95 | static int bsd_cryptodev_default_loaded = 0; | ||
| 96 | |||
| 97 | if (!bsd_cryptodev_default_loaded) { | ||
| 98 | ENGINE_load_cryptodev(); | ||
| 99 | ENGINE_register_all_complete(); | ||
| 100 | } | ||
| 101 | bsd_cryptodev_default_loaded = 1; | ||
| 102 | } | ||
| 103 | #endif | ||
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index e99ad750e4..79a21af7b8 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h | |||
| @@ -318,7 +318,6 @@ void ENGINE_load_dynamic(void); | |||
| 318 | #ifndef OPENSSL_NO_STATIC_ENGINE | 318 | #ifndef OPENSSL_NO_STATIC_ENGINE |
| 319 | void ENGINE_load_padlock(void); | 319 | void ENGINE_load_padlock(void); |
| 320 | #endif | 320 | #endif |
| 321 | void ENGINE_load_cryptodev(void); | ||
| 322 | void ENGINE_load_rsax(void); | 321 | void ENGINE_load_rsax(void); |
| 323 | void ENGINE_load_builtin_engines(void); | 322 | void ENGINE_load_builtin_engines(void); |
| 324 | 323 | ||
| @@ -707,10 +706,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, | |||
| 707 | * values. */ | 706 | * values. */ |
| 708 | void *ENGINE_get_static_state(void); | 707 | void *ENGINE_get_static_state(void); |
| 709 | 708 | ||
| 710 | #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | ||
| 711 | void ENGINE_setup_bsd_cryptodev(void); | ||
| 712 | #endif | ||
| 713 | |||
| 714 | /* BEGIN ERROR CODES */ | 709 | /* BEGIN ERROR CODES */ |
| 715 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 710 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 716 | * made after this point may be overwritten when the script is next run. | 711 | * made after this point may be overwritten when the script is next run. |
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c deleted file mode 100644 index c2a144f4eb..0000000000 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ /dev/null | |||
| @@ -1,1343 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (c) 2002-2004 Theo de Raadt | ||
| 3 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | ||
| 4 | * Copyright (c) 2002 Markus Friedl | ||
| 5 | * All rights reserved. | ||
| 6 | * | ||
| 7 | * Redistribution and use in source and binary forms, with or without | ||
| 8 | * modification, are permitted provided that the following conditions | ||
| 9 | * are met: | ||
| 10 | * 1. Redistributions of source code must retain the above copyright | ||
| 11 | * notice, this list of conditions and the following disclaimer. | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in the | ||
| 14 | * documentation and/or other materials provided with the distribution. | ||
| 15 | * | ||
| 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY | ||
| 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
| 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
| 19 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY | ||
| 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
| 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
| 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
| 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
| 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 26 | * | ||
| 27 | */ | ||
| 28 | |||
| 29 | #include <openssl/objects.h> | ||
| 30 | #include <openssl/engine.h> | ||
| 31 | #include <openssl/evp.h> | ||
| 32 | #include <openssl/bn.h> | ||
| 33 | |||
| 34 | #if (defined(__unix__) || defined(unix)) && !defined(USG) | ||
| 35 | #include <sys/param.h> | ||
| 36 | # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) | ||
| 37 | # define HAVE_CRYPTODEV | ||
| 38 | # endif | ||
| 39 | # if (OpenBSD >= 200110) | ||
| 40 | # define HAVE_SYSLOG_R | ||
| 41 | # endif | ||
| 42 | #endif | ||
| 43 | |||
| 44 | #ifndef HAVE_CRYPTODEV | ||
| 45 | |||
| 46 | void | ||
| 47 | ENGINE_load_cryptodev(void) | ||
| 48 | { | ||
| 49 | /* This is a NOP on platforms without /dev/crypto */ | ||
| 50 | return; | ||
| 51 | } | ||
| 52 | |||
| 53 | #else | ||
| 54 | |||
| 55 | #include <sys/types.h> | ||
| 56 | #include <crypto/cryptodev.h> | ||
| 57 | #include <openssl/dh.h> | ||
| 58 | #include <openssl/dsa.h> | ||
| 59 | #include <openssl/err.h> | ||
| 60 | #include <openssl/rsa.h> | ||
| 61 | #include <sys/ioctl.h> | ||
| 62 | |||
| 63 | #include <errno.h> | ||
| 64 | #include <fcntl.h> | ||
| 65 | #include <limits.h> | ||
| 66 | #include <stdarg.h> | ||
| 67 | #include <stdio.h> | ||
| 68 | #include <string.h> | ||
| 69 | #include <syslog.h> | ||
| 70 | #include <unistd.h> | ||
| 71 | |||
| 72 | #if defined(__i386__) || defined(__amd64__) | ||
| 73 | #include <sys/sysctl.h> | ||
| 74 | #include <machine/cpu.h> | ||
| 75 | #include <machine/specialreg.h> | ||
| 76 | |||
| 77 | #include <ssl/aes.h> | ||
| 78 | |||
| 79 | static int check_viac3aes(void); | ||
| 80 | #endif | ||
| 81 | |||
| 82 | #define CRYPTO_VIAC3_MAX 3 | ||
| 83 | |||
| 84 | struct dev_crypto_state { | ||
| 85 | struct session_op d_sess; | ||
| 86 | int d_fd; | ||
| 87 | }; | ||
| 88 | |||
| 89 | struct dev_crypto_cipher { | ||
| 90 | int c_id; | ||
| 91 | int c_nid; | ||
| 92 | int c_ivmax; | ||
| 93 | int c_keylen; | ||
| 94 | }; | ||
| 95 | |||
| 96 | static u_int32_t cryptodev_asymfeat = 0; | ||
| 97 | |||
| 98 | static int get_asym_dev_crypto(void); | ||
| 99 | static int open_dev_crypto(void); | ||
| 100 | static int get_dev_crypto(void); | ||
| 101 | static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid); | ||
| 102 | static int get_cryptodev_ciphers(const int **cnids); | ||
| 103 | /*static int get_cryptodev_digests(const int **cnids);*/ | ||
| 104 | static int cryptodev_usable_ciphers(const int **nids); | ||
| 105 | static int cryptodev_usable_digests(const int **nids); | ||
| 106 | static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 107 | const unsigned char *in, size_t inl); | ||
| 108 | static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 109 | const unsigned char *iv, int enc); | ||
| 110 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | ||
| 111 | static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
| 112 | const int **nids, int nid); | ||
| 113 | static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
| 114 | const int **nids, int nid); | ||
| 115 | static int bn2crparam(const BIGNUM *a, struct crparam *crp); | ||
| 116 | static int crparam2bn(struct crparam *crp, BIGNUM *a); | ||
| 117 | static void zapparams(struct crypt_kop *kop); | ||
| 118 | static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, | ||
| 119 | int slen, BIGNUM *s); | ||
| 120 | |||
| 121 | static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | ||
| 122 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 123 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, | ||
| 124 | RSA *rsa, BN_CTX *ctx); | ||
| 125 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
| 126 | BN_CTX *ctx); | ||
| 127 | static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
| 128 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 129 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
| 130 | BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
| 131 | BN_CTX *ctx, BN_MONT_CTX *mont); | ||
| 132 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | ||
| 133 | int dlen, DSA *dsa); | ||
| 134 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
| 135 | DSA_SIG *sig, DSA *dsa); | ||
| 136 | static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
| 137 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 138 | BN_MONT_CTX *m_ctx); | ||
| 139 | static int cryptodev_dh_compute_key(unsigned char *key, | ||
| 140 | const BIGNUM *pub_key, DH *dh); | ||
| 141 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
| 142 | void (*f)()); | ||
| 143 | void ENGINE_load_cryptodev(void); | ||
| 144 | |||
| 145 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | ||
| 146 | { 0, NULL, NULL, 0 } | ||
| 147 | }; | ||
| 148 | |||
| 149 | static struct dev_crypto_cipher ciphers[] = { | ||
| 150 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | ||
| 151 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | ||
| 152 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | ||
| 153 | { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | ||
| 154 | { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | ||
| 155 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | ||
| 156 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | ||
| 157 | { 0, NID_undef, 0, 0, }, | ||
| 158 | }; | ||
| 159 | |||
| 160 | #if 0 /* UNUSED */ | ||
| 161 | static struct { | ||
| 162 | int id; | ||
| 163 | int nid; | ||
| 164 | } digests[] = { | ||
| 165 | { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, | ||
| 166 | { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, | ||
| 167 | { CRYPTO_MD5_KPDK, NID_undef, }, | ||
| 168 | { CRYPTO_SHA1_KPDK, NID_undef, }, | ||
| 169 | { CRYPTO_MD5, NID_md5, }, | ||
| 170 | { CRYPTO_SHA1, NID_undef, }, | ||
| 171 | { 0, NID_undef, }, | ||
| 172 | }; | ||
| 173 | #endif | ||
| 174 | |||
| 175 | /* | ||
| 176 | * Return a fd if /dev/crypto seems usable, -1 otherwise. | ||
| 177 | */ | ||
| 178 | static int | ||
| 179 | open_dev_crypto(void) | ||
| 180 | { | ||
| 181 | static int fd = -1; | ||
| 182 | |||
| 183 | if (fd == -1) { | ||
| 184 | if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | ||
| 185 | return (-1); | ||
| 186 | /* close on exec */ | ||
| 187 | if (fcntl(fd, F_SETFD, 1) == -1) { | ||
| 188 | close(fd); | ||
| 189 | fd = -1; | ||
| 190 | return (-1); | ||
| 191 | } | ||
| 192 | } | ||
| 193 | return (fd); | ||
| 194 | } | ||
| 195 | |||
| 196 | static int | ||
| 197 | get_dev_crypto(void) | ||
| 198 | { | ||
| 199 | int fd, retfd; | ||
| 200 | |||
| 201 | if ((fd = open_dev_crypto()) == -1) | ||
| 202 | return (-1); | ||
| 203 | if (ioctl(fd, CRIOGET, &retfd) == -1) { | ||
| 204 | close(fd); | ||
| 205 | return (-1); | ||
| 206 | } | ||
| 207 | |||
| 208 | /* close on exec */ | ||
| 209 | if (fcntl(retfd, F_SETFD, 1) == -1) { | ||
| 210 | close(retfd); | ||
| 211 | return (-1); | ||
| 212 | } | ||
| 213 | return (retfd); | ||
| 214 | } | ||
| 215 | |||
| 216 | /* Caching version for asym operations */ | ||
| 217 | static int | ||
| 218 | get_asym_dev_crypto(void) | ||
| 219 | { | ||
| 220 | static int fd = -1; | ||
| 221 | |||
| 222 | if (fd == -1) | ||
| 223 | fd = get_dev_crypto(); | ||
| 224 | return fd; | ||
| 225 | } | ||
| 226 | |||
| 227 | /* convert libcrypto nids to cryptodev */ | ||
| 228 | static struct dev_crypto_cipher * | ||
| 229 | cipher_nid_to_cryptodev(int nid) | ||
| 230 | { | ||
| 231 | int i; | ||
| 232 | |||
| 233 | for (i = 0; ciphers[i].c_id; i++) | ||
| 234 | if (ciphers[i].c_nid == nid) | ||
| 235 | return (&ciphers[i]); | ||
| 236 | return (NULL); | ||
| 237 | } | ||
| 238 | |||
| 239 | /* | ||
| 240 | * Find out what ciphers /dev/crypto will let us have a session for. | ||
| 241 | * XXX note, that some of these openssl doesn't deal with yet! | ||
| 242 | * returning them here is harmless, as long as we return NULL | ||
| 243 | * when asked for a handler in the cryptodev_engine_ciphers routine | ||
| 244 | */ | ||
| 245 | static int | ||
| 246 | get_cryptodev_ciphers(const int **cnids) | ||
| 247 | { | ||
| 248 | static int nids[CRYPTO_ALGORITHM_MAX + CRYPTO_VIAC3_MAX + 1]; | ||
| 249 | struct session_op sess; | ||
| 250 | int fd, i, count = 0; | ||
| 251 | |||
| 252 | if ((fd = get_dev_crypto()) < 0) { | ||
| 253 | *cnids = NULL; | ||
| 254 | return (0); | ||
| 255 | } | ||
| 256 | memset(&sess, 0, sizeof(sess)); | ||
| 257 | sess.key = (caddr_t)"123456781234567812345678"; | ||
| 258 | |||
| 259 | for (i = 0; ciphers[i].c_id && count <= CRYPTO_ALGORITHM_MAX; i++) { | ||
| 260 | if (ciphers[i].c_nid == NID_undef) | ||
| 261 | continue; | ||
| 262 | sess.cipher = ciphers[i].c_id; | ||
| 263 | sess.keylen = ciphers[i].c_keylen; | ||
| 264 | sess.mac = 0; | ||
| 265 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | ||
| 266 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | ||
| 267 | nids[count++] = ciphers[i].c_nid; | ||
| 268 | } | ||
| 269 | close(fd); | ||
| 270 | |||
| 271 | #if defined(__i386__) || defined(__amd64__) | ||
| 272 | /* | ||
| 273 | * Always check for the VIA C3 AES instructions; | ||
| 274 | * even if /dev/crypto is disabled. | ||
| 275 | */ | ||
| 276 | if (check_viac3aes() >= 1) { | ||
| 277 | int have_NID_aes_128_cbc = 0; | ||
| 278 | int have_NID_aes_192_cbc = 0; | ||
| 279 | int have_NID_aes_256_cbc = 0; | ||
| 280 | |||
| 281 | for (i = 0; i < count; i++) { | ||
| 282 | if (nids[i] == NID_aes_128_cbc) | ||
| 283 | have_NID_aes_128_cbc = 1; | ||
| 284 | if (nids[i] == NID_aes_192_cbc) | ||
| 285 | have_NID_aes_192_cbc = 1; | ||
| 286 | if (nids[i] == NID_aes_256_cbc) | ||
| 287 | have_NID_aes_256_cbc = 1; | ||
| 288 | } | ||
| 289 | if (!have_NID_aes_128_cbc) | ||
| 290 | nids[count++] = NID_aes_128_cbc; | ||
| 291 | if (!have_NID_aes_192_cbc) | ||
| 292 | nids[count++] = NID_aes_192_cbc; | ||
| 293 | if (!have_NID_aes_256_cbc) | ||
| 294 | nids[count++] = NID_aes_256_cbc; | ||
| 295 | } | ||
| 296 | #endif | ||
| 297 | |||
| 298 | if (count > 0) | ||
| 299 | *cnids = nids; | ||
| 300 | else | ||
| 301 | *cnids = NULL; | ||
| 302 | return (count); | ||
| 303 | } | ||
| 304 | |||
| 305 | /* | ||
| 306 | * Find out what digests /dev/crypto will let us have a session for. | ||
| 307 | * XXX note, that some of these openssl doesn't deal with yet! | ||
| 308 | * returning them here is harmless, as long as we return NULL | ||
| 309 | * when asked for a handler in the cryptodev_engine_digests routine | ||
| 310 | */ | ||
| 311 | #if 0 /* UNUSED */ | ||
| 312 | static int | ||
| 313 | get_cryptodev_digests(const int **cnids) | ||
| 314 | { | ||
| 315 | static int nids[CRYPTO_ALGORITHM_MAX]; | ||
| 316 | struct session_op sess; | ||
| 317 | int fd, i, count = 0; | ||
| 318 | |||
| 319 | if ((fd = get_dev_crypto()) < 0) { | ||
| 320 | *cnids = NULL; | ||
| 321 | return (0); | ||
| 322 | } | ||
| 323 | memset(&sess, 0, sizeof(sess)); | ||
| 324 | for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | ||
| 325 | if (digests[i].nid == NID_undef) | ||
| 326 | continue; | ||
| 327 | sess.mac = digests[i].id; | ||
| 328 | sess.cipher = 0; | ||
| 329 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | ||
| 330 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | ||
| 331 | nids[count++] = digests[i].nid; | ||
| 332 | } | ||
| 333 | close(fd); | ||
| 334 | |||
| 335 | if (count > 0) | ||
| 336 | *cnids = nids; | ||
| 337 | else | ||
| 338 | *cnids = NULL; | ||
| 339 | return (count); | ||
| 340 | } | ||
| 341 | #endif | ||
| 342 | |||
| 343 | /* | ||
| 344 | * Find the useable ciphers|digests from dev/crypto - this is the first | ||
| 345 | * thing called by the engine init crud which determines what it | ||
| 346 | * can use for ciphers from this engine. We want to return | ||
| 347 | * only what we can do, anythine else is handled by software. | ||
| 348 | * | ||
| 349 | * If we can't initialize the device to do anything useful for | ||
| 350 | * any reason, we want to return a NULL array, and 0 length, | ||
| 351 | * which forces everything to be done is software. By putting | ||
| 352 | * the initalization of the device in here, we ensure we can | ||
| 353 | * use this engine as the default, and if for whatever reason | ||
| 354 | * /dev/crypto won't do what we want it will just be done in | ||
| 355 | * software | ||
| 356 | * | ||
| 357 | * This can (should) be greatly expanded to perhaps take into | ||
| 358 | * account speed of the device, and what we want to do. | ||
| 359 | * (although the disabling of particular alg's could be controlled | ||
| 360 | * by the device driver with sysctl's.) - this is where we | ||
| 361 | * want most of the decisions made about what we actually want | ||
| 362 | * to use from /dev/crypto. | ||
| 363 | */ | ||
| 364 | static int | ||
| 365 | cryptodev_usable_ciphers(const int **nids) | ||
| 366 | { | ||
| 367 | return (get_cryptodev_ciphers(nids)); | ||
| 368 | } | ||
| 369 | |||
| 370 | static int | ||
| 371 | cryptodev_usable_digests(const int **nids) | ||
| 372 | { | ||
| 373 | /* | ||
| 374 | * XXXX just disable all digests for now, because it sucks. | ||
| 375 | * we need a better way to decide this - i.e. I may not | ||
| 376 | * want digests on slow cards like hifn on fast machines, | ||
| 377 | * but might want them on slow or loaded machines, etc. | ||
| 378 | * will also want them when using crypto cards that don't | ||
| 379 | * suck moose gonads - would be nice to be able to decide something | ||
| 380 | * as reasonable default without having hackery that's card dependent. | ||
| 381 | * of course, the default should probably be just do everything, | ||
| 382 | * with perhaps a sysctl to turn algoritms off (or have them off | ||
| 383 | * by default) on cards that generally suck like the hifn. | ||
| 384 | */ | ||
| 385 | *nids = NULL; | ||
| 386 | return (0); | ||
| 387 | } | ||
| 388 | |||
| 389 | static int | ||
| 390 | cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 391 | const unsigned char *in, size_t inl) | ||
| 392 | { | ||
| 393 | struct crypt_op cryp; | ||
| 394 | struct dev_crypto_state *state = ctx->cipher_data; | ||
| 395 | struct session_op *sess = &state->d_sess; | ||
| 396 | void *iiv; | ||
| 397 | unsigned char save_iv[EVP_MAX_IV_LENGTH]; | ||
| 398 | |||
| 399 | if (state->d_fd < 0) | ||
| 400 | return (0); | ||
| 401 | if (!inl) | ||
| 402 | return (1); | ||
| 403 | if ((inl % ctx->cipher->block_size) != 0) | ||
| 404 | return (0); | ||
| 405 | |||
| 406 | memset(&cryp, 0, sizeof(cryp)); | ||
| 407 | |||
| 408 | cryp.ses = sess->ses; | ||
| 409 | cryp.flags = 0; | ||
| 410 | cryp.len = inl; | ||
| 411 | cryp.src = (caddr_t) in; | ||
| 412 | cryp.dst = (caddr_t) out; | ||
| 413 | cryp.mac = 0; | ||
| 414 | |||
| 415 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
| 416 | |||
| 417 | if (ctx->cipher->iv_len) { | ||
| 418 | cryp.iv = (caddr_t) ctx->iv; | ||
| 419 | if (!ctx->encrypt) { | ||
| 420 | iiv = (void *) in + inl - ctx->cipher->iv_len; | ||
| 421 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
| 422 | } | ||
| 423 | } else | ||
| 424 | cryp.iv = NULL; | ||
| 425 | |||
| 426 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { | ||
| 427 | /* XXX need better errror handling | ||
| 428 | * this can fail for a number of different reasons. | ||
| 429 | */ | ||
| 430 | return (0); | ||
| 431 | } | ||
| 432 | |||
| 433 | if (ctx->cipher->iv_len) { | ||
| 434 | if (ctx->encrypt) | ||
| 435 | iiv = (void *) out + inl - ctx->cipher->iv_len; | ||
| 436 | else | ||
| 437 | iiv = save_iv; | ||
| 438 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | ||
| 439 | } | ||
| 440 | return (1); | ||
| 441 | } | ||
| 442 | |||
| 443 | static int | ||
| 444 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 445 | const unsigned char *iv, int enc) | ||
| 446 | { | ||
| 447 | struct dev_crypto_state *state = ctx->cipher_data; | ||
| 448 | struct session_op *sess = &state->d_sess; | ||
| 449 | struct dev_crypto_cipher *cipher; | ||
| 450 | |||
| 451 | if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL) | ||
| 452 | return (0); | ||
| 453 | |||
| 454 | if (ctx->cipher->iv_len > cipher->c_ivmax) | ||
| 455 | return (0); | ||
| 456 | |||
| 457 | if (ctx->key_len != cipher->c_keylen) | ||
| 458 | return (0); | ||
| 459 | |||
| 460 | memset(sess, 0, sizeof(struct session_op)); | ||
| 461 | |||
| 462 | if ((state->d_fd = get_dev_crypto()) < 0) | ||
| 463 | return (0); | ||
| 464 | |||
| 465 | sess->key = (unsigned char *)key; | ||
| 466 | sess->keylen = ctx->key_len; | ||
| 467 | sess->cipher = cipher->c_id; | ||
| 468 | |||
| 469 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | ||
| 470 | close(state->d_fd); | ||
| 471 | state->d_fd = -1; | ||
| 472 | return (0); | ||
| 473 | } | ||
| 474 | return (1); | ||
| 475 | } | ||
| 476 | |||
| 477 | /* | ||
| 478 | * free anything we allocated earlier when initting a | ||
| 479 | * session, and close the session. | ||
| 480 | */ | ||
| 481 | static int | ||
| 482 | cryptodev_cleanup(EVP_CIPHER_CTX *ctx) | ||
| 483 | { | ||
| 484 | int ret = 0; | ||
| 485 | struct dev_crypto_state *state = ctx->cipher_data; | ||
| 486 | struct session_op *sess = &state->d_sess; | ||
| 487 | |||
| 488 | if (state->d_fd < 0) | ||
| 489 | return (0); | ||
| 490 | |||
| 491 | /* XXX if this ioctl fails, someting's wrong. the invoker | ||
| 492 | * may have called us with a bogus ctx, or we could | ||
| 493 | * have a device that for whatever reason just doesn't | ||
| 494 | * want to play ball - it's not clear what's right | ||
| 495 | * here - should this be an error? should it just | ||
| 496 | * increase a counter, hmm. For right now, we return | ||
| 497 | * 0 - I don't believe that to be "right". we could | ||
| 498 | * call the gorpy openssl lib error handlers that | ||
| 499 | * print messages to users of the library. hmm.. | ||
| 500 | */ | ||
| 501 | |||
| 502 | if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { | ||
| 503 | ret = 0; | ||
| 504 | } else { | ||
| 505 | ret = 1; | ||
| 506 | } | ||
| 507 | close(state->d_fd); | ||
| 508 | state->d_fd = -1; | ||
| 509 | |||
| 510 | return (ret); | ||
| 511 | } | ||
| 512 | |||
| 513 | /* | ||
| 514 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | ||
| 515 | * gets called when libcrypto requests a cipher NID. | ||
| 516 | */ | ||
| 517 | |||
| 518 | /* DES CBC EVP */ | ||
| 519 | const EVP_CIPHER cryptodev_des_cbc = { | ||
| 520 | NID_des_cbc, | ||
| 521 | 8, 8, 8, | ||
| 522 | EVP_CIPH_CBC_MODE, | ||
| 523 | cryptodev_init_key, | ||
| 524 | cryptodev_cipher, | ||
| 525 | cryptodev_cleanup, | ||
| 526 | sizeof(struct dev_crypto_state), | ||
| 527 | EVP_CIPHER_set_asn1_iv, | ||
| 528 | EVP_CIPHER_get_asn1_iv, | ||
| 529 | NULL | ||
| 530 | }; | ||
| 531 | |||
| 532 | /* 3DES CBC EVP */ | ||
| 533 | const EVP_CIPHER cryptodev_3des_cbc = { | ||
| 534 | NID_des_ede3_cbc, | ||
| 535 | 8, 24, 8, | ||
| 536 | EVP_CIPH_CBC_MODE, | ||
| 537 | cryptodev_init_key, | ||
| 538 | cryptodev_cipher, | ||
| 539 | cryptodev_cleanup, | ||
| 540 | sizeof(struct dev_crypto_state), | ||
| 541 | EVP_CIPHER_set_asn1_iv, | ||
| 542 | EVP_CIPHER_get_asn1_iv, | ||
| 543 | NULL | ||
| 544 | }; | ||
| 545 | |||
| 546 | const EVP_CIPHER cryptodev_bf_cbc = { | ||
| 547 | NID_bf_cbc, | ||
| 548 | 8, 16, 8, | ||
| 549 | EVP_CIPH_CBC_MODE, | ||
| 550 | cryptodev_init_key, | ||
| 551 | cryptodev_cipher, | ||
| 552 | cryptodev_cleanup, | ||
| 553 | sizeof(struct dev_crypto_state), | ||
| 554 | EVP_CIPHER_set_asn1_iv, | ||
| 555 | EVP_CIPHER_get_asn1_iv, | ||
| 556 | NULL | ||
| 557 | }; | ||
| 558 | |||
| 559 | const EVP_CIPHER cryptodev_cast_cbc = { | ||
| 560 | NID_cast5_cbc, | ||
| 561 | 8, 16, 8, | ||
| 562 | EVP_CIPH_CBC_MODE, | ||
| 563 | cryptodev_init_key, | ||
| 564 | cryptodev_cipher, | ||
| 565 | cryptodev_cleanup, | ||
| 566 | sizeof(struct dev_crypto_state), | ||
| 567 | EVP_CIPHER_set_asn1_iv, | ||
| 568 | EVP_CIPHER_get_asn1_iv, | ||
| 569 | NULL | ||
| 570 | }; | ||
| 571 | |||
| 572 | EVP_CIPHER cryptodev_aes_128_cbc = { | ||
| 573 | NID_aes_128_cbc, | ||
| 574 | 16, 16, 16, | ||
| 575 | EVP_CIPH_CBC_MODE, | ||
| 576 | cryptodev_init_key, | ||
| 577 | cryptodev_cipher, | ||
| 578 | cryptodev_cleanup, | ||
| 579 | sizeof(struct dev_crypto_state), | ||
| 580 | EVP_CIPHER_set_asn1_iv, | ||
| 581 | EVP_CIPHER_get_asn1_iv, | ||
| 582 | NULL | ||
| 583 | }; | ||
| 584 | |||
| 585 | EVP_CIPHER cryptodev_aes_192_cbc = { | ||
| 586 | NID_aes_192_cbc, | ||
| 587 | 16, 24, 16, | ||
| 588 | EVP_CIPH_CBC_MODE, | ||
| 589 | cryptodev_init_key, | ||
| 590 | cryptodev_cipher, | ||
| 591 | cryptodev_cleanup, | ||
| 592 | sizeof(struct dev_crypto_state), | ||
| 593 | EVP_CIPHER_set_asn1_iv, | ||
| 594 | EVP_CIPHER_get_asn1_iv, | ||
| 595 | NULL | ||
| 596 | }; | ||
| 597 | |||
| 598 | EVP_CIPHER cryptodev_aes_256_cbc = { | ||
| 599 | NID_aes_256_cbc, | ||
| 600 | 16, 32, 16, | ||
| 601 | EVP_CIPH_CBC_MODE, | ||
| 602 | cryptodev_init_key, | ||
| 603 | cryptodev_cipher, | ||
| 604 | cryptodev_cleanup, | ||
| 605 | sizeof(struct dev_crypto_state), | ||
| 606 | EVP_CIPHER_set_asn1_iv, | ||
| 607 | EVP_CIPHER_get_asn1_iv, | ||
| 608 | NULL | ||
| 609 | }; | ||
| 610 | |||
| 611 | #if defined(__i386__) || defined(__amd64__) | ||
| 612 | |||
| 613 | static inline void | ||
| 614 | viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep, | ||
| 615 | void *iv) | ||
| 616 | { | ||
| 617 | #ifdef notdef | ||
| 618 | printf("cw %p[%x %x %x %x] src %p dst %p key %p rep %x iv %p\n", | ||
| 619 | cw, cw[0], cw[1], cw[2], cw[3], | ||
| 620 | src, dst, key, rep, iv); | ||
| 621 | #endif | ||
| 622 | #if defined(__i386__) | ||
| 623 | |||
| 624 | /* | ||
| 625 | * Clear bit 30 of EFLAGS. | ||
| 626 | */ | ||
| 627 | __asm __volatile("pushfl; popfl"); | ||
| 628 | |||
| 629 | /* | ||
| 630 | * Cannot simply place key into "b" register, since the compiler | ||
| 631 | * -pic mode uses that register; so instead we must dance a little. | ||
| 632 | */ | ||
| 633 | __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcryptcbc; popl %%ebx" : | ||
| 634 | : "m" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst) | ||
| 635 | : "memory", "cc"); | ||
| 636 | #else | ||
| 637 | |||
| 638 | /* | ||
| 639 | * Clear bit 30 of EFLAGS. | ||
| 640 | */ | ||
| 641 | __asm __volatile("pushfq; popfq"); | ||
| 642 | __asm __volatile("rep xcryptcbc" : | ||
| 643 | : "b" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst) | ||
| 644 | : "memory", "cc"); | ||
| 645 | #endif | ||
| 646 | |||
| 647 | } | ||
| 648 | |||
| 649 | #define ISUNALIGNED(x) ((long)(x)) & 15 | ||
| 650 | #define DOALIGN(v) ((void *)(((long)(v) + 15) & ~15)) | ||
| 651 | |||
| 652 | static int | ||
| 653 | xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 654 | const unsigned char *in, size_t inl) | ||
| 655 | { | ||
| 656 | unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15]; | ||
| 657 | unsigned char *save_iv = DOALIGN(save_iv_store); | ||
| 658 | unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15]; | ||
| 659 | unsigned char *ivs = DOALIGN(ivs_store); | ||
| 660 | void *iiv, *iv = NULL, *ivp = NULL; | ||
| 661 | const void *usein = in; | ||
| 662 | void *useout = out, *spare = NULL; | ||
| 663 | int cws[4 + 3], *cw = DOALIGN(cws); | ||
| 664 | |||
| 665 | if (!inl) | ||
| 666 | return (1); | ||
| 667 | if ((inl % ctx->cipher->block_size) != 0) | ||
| 668 | return (0); | ||
| 669 | if (inl > UINT_MAX) | ||
| 670 | return (0); | ||
| 671 | |||
| 672 | if (ISUNALIGNED(in) || ISUNALIGNED(out)) { | ||
| 673 | spare = malloc(inl); | ||
| 674 | if (spare == NULL) | ||
| 675 | return (0); | ||
| 676 | |||
| 677 | if (ISUNALIGNED(in)) { | ||
| 678 | bcopy(in, spare, inl); | ||
| 679 | usein = spare; | ||
| 680 | } | ||
| 681 | if (ISUNALIGNED(out)) | ||
| 682 | useout = spare; | ||
| 683 | } | ||
| 684 | |||
| 685 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | | ||
| 686 | C3_CRYPT_CWLO_NORMAL; | ||
| 687 | cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; | ||
| 688 | cw[1] = cw[2] = cw[3] = 0; | ||
| 689 | |||
| 690 | switch (ctx->key_len * 8) { | ||
| 691 | case 128: | ||
| 692 | cw[0] |= C3_CRYPT_CWLO_KEY128; | ||
| 693 | break; | ||
| 694 | case 192: | ||
| 695 | cw[0] |= C3_CRYPT_CWLO_KEY192; | ||
| 696 | break; | ||
| 697 | case 256: | ||
| 698 | cw[0] |= C3_CRYPT_CWLO_KEY256; | ||
| 699 | break; | ||
| 700 | } | ||
| 701 | |||
| 702 | if (ctx->cipher->iv_len) { | ||
| 703 | iv = (caddr_t) ctx->iv; | ||
| 704 | if (!ctx->encrypt) { | ||
| 705 | iiv = (void *) in + inl - ctx->cipher->iv_len; | ||
| 706 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
| 707 | } | ||
| 708 | } | ||
| 709 | |||
| 710 | ivp = iv; | ||
| 711 | if (ISUNALIGNED(iv)) { | ||
| 712 | bcopy(iv, ivs, ctx->cipher->iv_len); | ||
| 713 | ivp = ivs; | ||
| 714 | } | ||
| 715 | |||
| 716 | viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); | ||
| 717 | |||
| 718 | if (ISUNALIGNED(in) || ISUNALIGNED(out)) { | ||
| 719 | if (ISUNALIGNED(out)) | ||
| 720 | bcopy(spare, out, inl); | ||
| 721 | free(spare); | ||
| 722 | } | ||
| 723 | |||
| 724 | if (ivp == ivs) | ||
| 725 | bcopy(ivp, iv, ctx->cipher->iv_len); | ||
| 726 | |||
| 727 | if (ctx->cipher->iv_len) { | ||
| 728 | if (ctx->encrypt) | ||
| 729 | iiv = (void *) out + inl - ctx->cipher->iv_len; | ||
| 730 | else | ||
| 731 | iiv = save_iv; | ||
| 732 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | ||
| 733 | } | ||
| 734 | return (1); | ||
| 735 | } | ||
| 736 | |||
| 737 | static int | ||
| 738 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 739 | const unsigned char *iv, int enc) | ||
| 740 | { | ||
| 741 | AES_KEY *k = ctx->cipher_data; | ||
| 742 | #ifndef AES_ASM | ||
| 743 | int i; | ||
| 744 | #endif | ||
| 745 | |||
| 746 | memset(k, 0, sizeof *k); | ||
| 747 | if (enc) | ||
| 748 | AES_set_encrypt_key(key, ctx->key_len * 8, k); | ||
| 749 | else | ||
| 750 | AES_set_decrypt_key(key, ctx->key_len * 8, k); | ||
| 751 | |||
| 752 | #ifndef AES_ASM | ||
| 753 | /* | ||
| 754 | * XXX Damn OpenSSL byte swaps the expanded key!! | ||
| 755 | * | ||
| 756 | * XXX But only if we're using the C implementation of AES | ||
| 757 | */ | ||
| 758 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 759 | k->rd_key[i] = htonl(k->rd_key[i]); | ||
| 760 | #endif | ||
| 761 | |||
| 762 | return (1); | ||
| 763 | } | ||
| 764 | |||
| 765 | static int | ||
| 766 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) | ||
| 767 | { | ||
| 768 | memset(ctx->cipher_data, 0, ctx->cipher->ctx_size); | ||
| 769 | return (1); | ||
| 770 | } | ||
| 771 | |||
| 772 | static int | ||
| 773 | check_viac3aes(void) | ||
| 774 | { | ||
| 775 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; | ||
| 776 | size_t size = sizeof(value); | ||
| 777 | |||
| 778 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, | ||
| 779 | NULL, 0) < 0) | ||
| 780 | return (0); | ||
| 781 | if (value == 0) | ||
| 782 | return (0); | ||
| 783 | |||
| 784 | if (value & C3_HAS_AES) { | ||
| 785 | cryptodev_aes_128_cbc.init = xcrypt_init_key; | ||
| 786 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; | ||
| 787 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; | ||
| 788 | cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY); | ||
| 789 | |||
| 790 | cryptodev_aes_192_cbc.init = xcrypt_init_key; | ||
| 791 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; | ||
| 792 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; | ||
| 793 | cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY); | ||
| 794 | |||
| 795 | cryptodev_aes_256_cbc.init = xcrypt_init_key; | ||
| 796 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; | ||
| 797 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; | ||
| 798 | cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY); | ||
| 799 | } | ||
| 800 | return (value); | ||
| 801 | } | ||
| 802 | #endif /* __i386__ || __amd64__ */ | ||
| 803 | |||
| 804 | /* | ||
| 805 | * Registered by the ENGINE when used to find out how to deal with | ||
| 806 | * a particular NID in the ENGINE. this says what we'll do at the | ||
| 807 | * top level - note, that list is restricted by what we answer with | ||
| 808 | */ | ||
| 809 | static int | ||
| 810 | cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
| 811 | const int **nids, int nid) | ||
| 812 | { | ||
| 813 | if (!cipher) | ||
| 814 | return (cryptodev_usable_ciphers(nids)); | ||
| 815 | |||
| 816 | switch (nid) { | ||
| 817 | case NID_des_ede3_cbc: | ||
| 818 | *cipher = &cryptodev_3des_cbc; | ||
| 819 | break; | ||
| 820 | case NID_des_cbc: | ||
| 821 | *cipher = &cryptodev_des_cbc; | ||
| 822 | break; | ||
| 823 | case NID_bf_cbc: | ||
| 824 | *cipher = &cryptodev_bf_cbc; | ||
| 825 | break; | ||
| 826 | case NID_cast5_cbc: | ||
| 827 | *cipher = &cryptodev_cast_cbc; | ||
| 828 | break; | ||
| 829 | case NID_aes_128_cbc: | ||
| 830 | *cipher = &cryptodev_aes_128_cbc; | ||
| 831 | break; | ||
| 832 | case NID_aes_192_cbc: | ||
| 833 | *cipher = &cryptodev_aes_192_cbc; | ||
| 834 | break; | ||
| 835 | case NID_aes_256_cbc: | ||
| 836 | *cipher = &cryptodev_aes_256_cbc; | ||
| 837 | break; | ||
| 838 | default: | ||
| 839 | *cipher = NULL; | ||
| 840 | break; | ||
| 841 | } | ||
| 842 | return (*cipher != NULL); | ||
| 843 | } | ||
| 844 | |||
| 845 | static int | ||
| 846 | cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
| 847 | const int **nids, int nid) | ||
| 848 | { | ||
| 849 | if (!digest) | ||
| 850 | return (cryptodev_usable_digests(nids)); | ||
| 851 | |||
| 852 | switch (nid) { | ||
| 853 | case NID_md5: | ||
| 854 | *digest = NULL; /* need to make a clean md5 critter */ | ||
| 855 | break; | ||
| 856 | default: | ||
| 857 | *digest = NULL; | ||
| 858 | break; | ||
| 859 | } | ||
| 860 | return (*digest != NULL); | ||
| 861 | } | ||
| 862 | |||
| 863 | /* | ||
| 864 | * Convert a BIGNUM to the representation that /dev/crypto needs. | ||
| 865 | * Upon completion of use, the caller is responsible for freeing | ||
| 866 | * crp->crp_p. | ||
| 867 | */ | ||
| 868 | static int | ||
| 869 | bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
| 870 | { | ||
| 871 | int i, j, k; | ||
| 872 | ssize_t bytes, bits; | ||
| 873 | u_char *b; | ||
| 874 | |||
| 875 | crp->crp_p = NULL; | ||
| 876 | crp->crp_nbits = 0; | ||
| 877 | |||
| 878 | bits = BN_num_bits(a); | ||
| 879 | bytes = (bits + 7) / 8; | ||
| 880 | |||
| 881 | b = malloc(bytes); | ||
| 882 | if (b == NULL) | ||
| 883 | return (1); | ||
| 884 | |||
| 885 | crp->crp_p = b; | ||
| 886 | crp->crp_nbits = bits; | ||
| 887 | |||
| 888 | for (i = 0, j = 0; i < a->top; i++) { | ||
| 889 | for (k = 0; k < BN_BITS2 / 8; k++) { | ||
| 890 | if ((j + k) >= bytes) | ||
| 891 | return (0); | ||
| 892 | b[j + k] = a->d[i] >> (k * 8); | ||
| 893 | } | ||
| 894 | j += BN_BITS2 / 8; | ||
| 895 | } | ||
| 896 | return (0); | ||
| 897 | } | ||
| 898 | |||
| 899 | /* Convert a /dev/crypto parameter to a BIGNUM */ | ||
| 900 | static int | ||
| 901 | crparam2bn(struct crparam *crp, BIGNUM *a) | ||
| 902 | { | ||
| 903 | u_int8_t *pd; | ||
| 904 | int i, bytes; | ||
| 905 | |||
| 906 | bytes = (crp->crp_nbits + 7) / 8; | ||
| 907 | |||
| 908 | if (bytes == 0) | ||
| 909 | return (-1); | ||
| 910 | |||
| 911 | if ((pd = malloc(bytes)) == NULL) | ||
| 912 | return (-1); | ||
| 913 | |||
| 914 | for (i = 0; i < bytes; i++) | ||
| 915 | pd[i] = crp->crp_p[bytes - i - 1]; | ||
| 916 | |||
| 917 | BN_bin2bn(pd, bytes, a); | ||
| 918 | free(pd); | ||
| 919 | |||
| 920 | return (0); | ||
| 921 | } | ||
| 922 | |||
| 923 | static void | ||
| 924 | zapparams(struct crypt_kop *kop) | ||
| 925 | { | ||
| 926 | int i; | ||
| 927 | |||
| 928 | for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { | ||
| 929 | free(kop->crk_param[i].crp_p); | ||
| 930 | kop->crk_param[i].crp_p = NULL; | ||
| 931 | kop->crk_param[i].crp_nbits = 0; | ||
| 932 | } | ||
| 933 | } | ||
| 934 | |||
| 935 | static int | ||
| 936 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | ||
| 937 | { | ||
| 938 | int fd, ret = -1; | ||
| 939 | |||
| 940 | if ((fd = get_asym_dev_crypto()) < 0) | ||
| 941 | return (ret); | ||
| 942 | |||
| 943 | if (r) { | ||
| 944 | kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); | ||
| 945 | kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
| 946 | kop->crk_oparams++; | ||
| 947 | } | ||
| 948 | if (s) { | ||
| 949 | kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); | ||
| 950 | kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; | ||
| 951 | kop->crk_oparams++; | ||
| 952 | } | ||
| 953 | |||
| 954 | if (ioctl(fd, CIOCKEY, kop) == 0) { | ||
| 955 | if (r) | ||
| 956 | crparam2bn(&kop->crk_param[kop->crk_iparams], r); | ||
| 957 | if (s) | ||
| 958 | crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); | ||
| 959 | ret = 0; | ||
| 960 | } | ||
| 961 | |||
| 962 | return (ret); | ||
| 963 | } | ||
| 964 | |||
| 965 | static int | ||
| 966 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 967 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
| 968 | { | ||
| 969 | struct crypt_kop kop; | ||
| 970 | int ret = 1; | ||
| 971 | |||
| 972 | /* Currently, we know we can do mod exp iff we can do any | ||
| 973 | * asymmetric operations at all. | ||
| 974 | */ | ||
| 975 | if (cryptodev_asymfeat == 0) { | ||
| 976 | ret = BN_mod_exp(r, a, p, m, ctx); | ||
| 977 | return (ret); | ||
| 978 | } | ||
| 979 | |||
| 980 | memset(&kop, 0, sizeof kop); | ||
| 981 | kop.crk_op = CRK_MOD_EXP; | ||
| 982 | |||
| 983 | /* inputs: a^p % m */ | ||
| 984 | if (bn2crparam(a, &kop.crk_param[0])) | ||
| 985 | goto err; | ||
| 986 | if (bn2crparam(p, &kop.crk_param[1])) | ||
| 987 | goto err; | ||
| 988 | if (bn2crparam(m, &kop.crk_param[2])) | ||
| 989 | goto err; | ||
| 990 | kop.crk_iparams = 3; | ||
| 991 | |||
| 992 | if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { | ||
| 993 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
| 994 | ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); | ||
| 995 | } | ||
| 996 | err: | ||
| 997 | zapparams(&kop); | ||
| 998 | return (ret); | ||
| 999 | } | ||
| 1000 | |||
| 1001 | static int | ||
| 1002 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
| 1003 | BN_CTX *ctx) | ||
| 1004 | { | ||
| 1005 | return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx); | ||
| 1006 | } | ||
| 1007 | |||
| 1008 | static int | ||
| 1009 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
| 1010 | { | ||
| 1011 | struct crypt_kop kop; | ||
| 1012 | int ret = 1; | ||
| 1013 | |||
| 1014 | if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | ||
| 1015 | /* XXX 0 means failure?? */ | ||
| 1016 | return (0); | ||
| 1017 | } | ||
| 1018 | |||
| 1019 | memset(&kop, 0, sizeof kop); | ||
| 1020 | kop.crk_op = CRK_MOD_EXP_CRT; | ||
| 1021 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
| 1022 | if (bn2crparam(rsa->p, &kop.crk_param[0])) | ||
| 1023 | goto err; | ||
| 1024 | if (bn2crparam(rsa->q, &kop.crk_param[1])) | ||
| 1025 | goto err; | ||
| 1026 | if (bn2crparam(I, &kop.crk_param[2])) | ||
| 1027 | goto err; | ||
| 1028 | if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) | ||
| 1029 | goto err; | ||
| 1030 | if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) | ||
| 1031 | goto err; | ||
| 1032 | if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) | ||
| 1033 | goto err; | ||
| 1034 | kop.crk_iparams = 6; | ||
| 1035 | |||
| 1036 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { | ||
| 1037 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
| 1038 | ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); | ||
| 1039 | } | ||
| 1040 | err: | ||
| 1041 | zapparams(&kop); | ||
| 1042 | return (ret); | ||
| 1043 | } | ||
| 1044 | |||
| 1045 | static RSA_METHOD cryptodev_rsa = { | ||
| 1046 | .name = "cryptodev RSA method" | ||
| 1047 | }; | ||
| 1048 | |||
| 1049 | static int | ||
| 1050 | cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 1051 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
| 1052 | { | ||
| 1053 | return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
| 1054 | } | ||
| 1055 | |||
| 1056 | static int | ||
| 1057 | cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
| 1058 | BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
| 1059 | BN_CTX *ctx, BN_MONT_CTX *mont) | ||
| 1060 | { | ||
| 1061 | BIGNUM t2; | ||
| 1062 | int ret = 0; | ||
| 1063 | |||
| 1064 | BN_init(&t2); | ||
| 1065 | |||
| 1066 | /* v = ( g^u1 * y^u2 mod p ) mod q */ | ||
| 1067 | /* let t1 = g ^ u1 mod p */ | ||
| 1068 | ret = 0; | ||
| 1069 | |||
| 1070 | if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) | ||
| 1071 | goto err; | ||
| 1072 | |||
| 1073 | /* let t2 = y ^ u2 mod p */ | ||
| 1074 | if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) | ||
| 1075 | goto err; | ||
| 1076 | /* let u1 = t1 * t2 mod p */ | ||
| 1077 | if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) | ||
| 1078 | goto err; | ||
| 1079 | |||
| 1080 | BN_copy(t1,u1); | ||
| 1081 | |||
| 1082 | ret = 1; | ||
| 1083 | err: | ||
| 1084 | BN_free(&t2); | ||
| 1085 | return(ret); | ||
| 1086 | } | ||
| 1087 | |||
| 1088 | static DSA_SIG * | ||
| 1089 | cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | ||
| 1090 | { | ||
| 1091 | struct crypt_kop kop; | ||
| 1092 | BIGNUM *r = NULL, *s = NULL; | ||
| 1093 | DSA_SIG *dsaret = NULL; | ||
| 1094 | |||
| 1095 | if ((r = BN_new()) == NULL) | ||
| 1096 | goto err; | ||
| 1097 | if ((s = BN_new()) == NULL) { | ||
| 1098 | BN_free(r); | ||
| 1099 | goto err; | ||
| 1100 | } | ||
| 1101 | |||
| 1102 | memset(&kop, 0, sizeof kop); | ||
| 1103 | kop.crk_op = CRK_DSA_SIGN; | ||
| 1104 | |||
| 1105 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
| 1106 | kop.crk_param[0].crp_p = (caddr_t)dgst; | ||
| 1107 | kop.crk_param[0].crp_nbits = dlen * 8; | ||
| 1108 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
| 1109 | goto err; | ||
| 1110 | if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
| 1111 | goto err; | ||
| 1112 | if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
| 1113 | goto err; | ||
| 1114 | if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) | ||
| 1115 | goto err; | ||
| 1116 | kop.crk_iparams = 5; | ||
| 1117 | |||
| 1118 | if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, | ||
| 1119 | BN_num_bytes(dsa->q), s) == 0) { | ||
| 1120 | dsaret = DSA_SIG_new(); | ||
| 1121 | dsaret->r = r; | ||
| 1122 | dsaret->s = s; | ||
| 1123 | } else { | ||
| 1124 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
| 1125 | BN_free(r); | ||
| 1126 | BN_free(s); | ||
| 1127 | dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); | ||
| 1128 | } | ||
| 1129 | err: | ||
| 1130 | kop.crk_param[0].crp_p = NULL; | ||
| 1131 | zapparams(&kop); | ||
| 1132 | return (dsaret); | ||
| 1133 | } | ||
| 1134 | |||
| 1135 | static int | ||
| 1136 | cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | ||
| 1137 | DSA_SIG *sig, DSA *dsa) | ||
| 1138 | { | ||
| 1139 | struct crypt_kop kop; | ||
| 1140 | int dsaret = 1; | ||
| 1141 | |||
| 1142 | memset(&kop, 0, sizeof kop); | ||
| 1143 | kop.crk_op = CRK_DSA_VERIFY; | ||
| 1144 | |||
| 1145 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
| 1146 | kop.crk_param[0].crp_p = (caddr_t)dgst; | ||
| 1147 | kop.crk_param[0].crp_nbits = dlen * 8; | ||
| 1148 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
| 1149 | goto err; | ||
| 1150 | if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
| 1151 | goto err; | ||
| 1152 | if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
| 1153 | goto err; | ||
| 1154 | if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) | ||
| 1155 | goto err; | ||
| 1156 | if (bn2crparam(sig->r, &kop.crk_param[5])) | ||
| 1157 | goto err; | ||
| 1158 | if (bn2crparam(sig->s, &kop.crk_param[6])) | ||
| 1159 | goto err; | ||
| 1160 | kop.crk_iparams = 7; | ||
| 1161 | |||
| 1162 | if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
| 1163 | dsaret = kop.crk_status; | ||
| 1164 | } else { | ||
| 1165 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
| 1166 | |||
| 1167 | dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); | ||
| 1168 | } | ||
| 1169 | err: | ||
| 1170 | kop.crk_param[0].crp_p = NULL; | ||
| 1171 | zapparams(&kop); | ||
| 1172 | return (dsaret); | ||
| 1173 | } | ||
| 1174 | |||
| 1175 | static DSA_METHOD cryptodev_dsa = { | ||
| 1176 | .name = "cryptodev DSA method" | ||
| 1177 | }; | ||
| 1178 | |||
| 1179 | static int | ||
| 1180 | cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
| 1181 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 1182 | BN_MONT_CTX *m_ctx) | ||
| 1183 | { | ||
| 1184 | return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
| 1185 | } | ||
| 1186 | |||
| 1187 | static int | ||
| 1188 | cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
| 1189 | { | ||
| 1190 | struct crypt_kop kop; | ||
| 1191 | int dhret = 1; | ||
| 1192 | int fd, keylen; | ||
| 1193 | |||
| 1194 | if ((fd = get_asym_dev_crypto()) < 0) { | ||
| 1195 | const DH_METHOD *meth = DH_OpenSSL(); | ||
| 1196 | |||
| 1197 | return ((meth->compute_key)(key, pub_key, dh)); | ||
| 1198 | } | ||
| 1199 | |||
| 1200 | keylen = BN_num_bits(dh->p); | ||
| 1201 | |||
| 1202 | memset(&kop, 0, sizeof kop); | ||
| 1203 | kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
| 1204 | |||
| 1205 | /* inputs: dh->priv_key pub_key dh->p key */ | ||
| 1206 | if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
| 1207 | goto err; | ||
| 1208 | if (bn2crparam(pub_key, &kop.crk_param[1])) | ||
| 1209 | goto err; | ||
| 1210 | if (bn2crparam(dh->p, &kop.crk_param[2])) | ||
| 1211 | goto err; | ||
| 1212 | kop.crk_iparams = 3; | ||
| 1213 | |||
| 1214 | kop.crk_param[3].crp_p = key; | ||
| 1215 | kop.crk_param[3].crp_nbits = keylen * 8; | ||
| 1216 | kop.crk_oparams = 1; | ||
| 1217 | |||
| 1218 | if (ioctl(fd, CIOCKEY, &kop) == -1) { | ||
| 1219 | const DH_METHOD *meth = DH_OpenSSL(); | ||
| 1220 | |||
| 1221 | dhret = (meth->compute_key)(key, pub_key, dh); | ||
| 1222 | } | ||
| 1223 | err: | ||
| 1224 | kop.crk_param[3].crp_p = NULL; | ||
| 1225 | zapparams(&kop); | ||
| 1226 | return (dhret); | ||
| 1227 | } | ||
| 1228 | |||
| 1229 | static DH_METHOD cryptodev_dh = { | ||
| 1230 | .name = "cryptodev DH method" | ||
| 1231 | }; | ||
| 1232 | |||
| 1233 | /* | ||
| 1234 | * ctrl right now is just a wrapper that doesn't do much | ||
| 1235 | * but I expect we'll want some options soon. | ||
| 1236 | */ | ||
| 1237 | static int | ||
| 1238 | cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | ||
| 1239 | { | ||
| 1240 | #ifdef HAVE_SYSLOG_R | ||
| 1241 | struct syslog_data sd = SYSLOG_DATA_INIT; | ||
| 1242 | #endif | ||
| 1243 | |||
| 1244 | switch (cmd) { | ||
| 1245 | default: | ||
| 1246 | #ifdef HAVE_SYSLOG_R | ||
| 1247 | syslog_r(LOG_ERR, &sd, | ||
| 1248 | "cryptodev_ctrl: unknown command %d", cmd); | ||
| 1249 | #else | ||
| 1250 | syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); | ||
| 1251 | #endif | ||
| 1252 | break; | ||
| 1253 | } | ||
| 1254 | return (1); | ||
| 1255 | } | ||
| 1256 | |||
| 1257 | void | ||
| 1258 | ENGINE_load_cryptodev(void) | ||
| 1259 | { | ||
| 1260 | ENGINE *engine = ENGINE_new(); | ||
| 1261 | int fd; | ||
| 1262 | |||
| 1263 | if (engine == NULL) | ||
| 1264 | return; | ||
| 1265 | if ((fd = get_dev_crypto()) < 0) { | ||
| 1266 | ENGINE_free(engine); | ||
| 1267 | return; | ||
| 1268 | } | ||
| 1269 | |||
| 1270 | /* | ||
| 1271 | * find out what asymmetric crypto algorithms we support | ||
| 1272 | */ | ||
| 1273 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | ||
| 1274 | close(fd); | ||
| 1275 | ENGINE_free(engine); | ||
| 1276 | return; | ||
| 1277 | } | ||
| 1278 | close(fd); | ||
| 1279 | |||
| 1280 | if (!ENGINE_set_id(engine, "cryptodev") || | ||
| 1281 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | ||
| 1282 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | ||
| 1283 | !ENGINE_set_digests(engine, cryptodev_engine_digests) || | ||
| 1284 | !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || | ||
| 1285 | !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { | ||
| 1286 | ENGINE_free(engine); | ||
| 1287 | return; | ||
| 1288 | } | ||
| 1289 | |||
| 1290 | if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { | ||
| 1291 | const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); | ||
| 1292 | |||
| 1293 | cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; | ||
| 1294 | cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; | ||
| 1295 | cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; | ||
| 1296 | cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; | ||
| 1297 | cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; | ||
| 1298 | cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; | ||
| 1299 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
| 1300 | cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; | ||
| 1301 | if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) | ||
| 1302 | cryptodev_rsa.rsa_mod_exp = | ||
| 1303 | cryptodev_rsa_mod_exp; | ||
| 1304 | else | ||
| 1305 | cryptodev_rsa.rsa_mod_exp = | ||
| 1306 | cryptodev_rsa_nocrt_mod_exp; | ||
| 1307 | } | ||
| 1308 | } | ||
| 1309 | |||
| 1310 | if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { | ||
| 1311 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
| 1312 | |||
| 1313 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | ||
| 1314 | if (cryptodev_asymfeat & CRF_DSA_SIGN) | ||
| 1315 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | ||
| 1316 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
| 1317 | cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; | ||
| 1318 | cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; | ||
| 1319 | } | ||
| 1320 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) | ||
| 1321 | cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | ||
| 1322 | } | ||
| 1323 | |||
| 1324 | if (ENGINE_set_DH(engine, &cryptodev_dh)){ | ||
| 1325 | const DH_METHOD *dh_meth = DH_OpenSSL(); | ||
| 1326 | |||
| 1327 | cryptodev_dh.generate_key = dh_meth->generate_key; | ||
| 1328 | cryptodev_dh.compute_key = dh_meth->compute_key; | ||
| 1329 | cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; | ||
| 1330 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
| 1331 | cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; | ||
| 1332 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) | ||
| 1333 | cryptodev_dh.compute_key = | ||
| 1334 | cryptodev_dh_compute_key; | ||
| 1335 | } | ||
| 1336 | } | ||
| 1337 | |||
| 1338 | ENGINE_add(engine); | ||
| 1339 | ENGINE_free(engine); | ||
| 1340 | ERR_clear_error(); | ||
| 1341 | } | ||
| 1342 | |||
| 1343 | #endif /* HAVE_CRYPTODEV */ | ||
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index 251a8797df..d87eef3fb9 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c | |||
| @@ -73,9 +73,6 @@ OPENSSL_add_all_algorithms_noconf(void) | |||
| 73 | OPENSSL_cpuid_setup(); | 73 | OPENSSL_cpuid_setup(); |
| 74 | OpenSSL_add_all_ciphers(); | 74 | OpenSSL_add_all_ciphers(); |
| 75 | OpenSSL_add_all_digests(); | 75 | OpenSSL_add_all_digests(); |
| 76 | #ifndef OPENSSL_NO_ENGINE | ||
| 77 | ENGINE_setup_bsd_cryptodev(); | ||
| 78 | #endif | ||
| 79 | } | 76 | } |
| 80 | 77 | ||
| 81 | void | 78 | void |
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c index eb933153e1..4d07299efe 100644 --- a/src/lib/libssl/src/crypto/engine/eng_all.c +++ b/src/lib/libssl/src/crypto/engine/eng_all.c | |||
| @@ -71,9 +71,7 @@ ENGINE_load_builtin_engines(void) | |||
| 71 | * *no* builtin implementations). */ | 71 | * *no* builtin implementations). */ |
| 72 | ENGINE_load_openssl(); | 72 | ENGINE_load_openssl(); |
| 73 | #endif | 73 | #endif |
| 74 | #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) | 74 | |
| 75 | ENGINE_load_cryptodev(); | ||
| 76 | #endif | ||
| 77 | #ifndef OPENSSL_NO_RSAX | 75 | #ifndef OPENSSL_NO_RSAX |
| 78 | ENGINE_load_rsax(); | 76 | ENGINE_load_rsax(); |
| 79 | #endif | 77 | #endif |
| @@ -87,17 +85,3 @@ ENGINE_load_builtin_engines(void) | |||
| 87 | #endif | 85 | #endif |
| 88 | ENGINE_register_all_complete(); | 86 | ENGINE_register_all_complete(); |
| 89 | } | 87 | } |
| 90 | |||
| 91 | #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | ||
| 92 | void | ||
| 93 | ENGINE_setup_bsd_cryptodev(void) | ||
| 94 | { | ||
| 95 | static int bsd_cryptodev_default_loaded = 0; | ||
| 96 | |||
| 97 | if (!bsd_cryptodev_default_loaded) { | ||
| 98 | ENGINE_load_cryptodev(); | ||
| 99 | ENGINE_register_all_complete(); | ||
| 100 | } | ||
| 101 | bsd_cryptodev_default_loaded = 1; | ||
| 102 | } | ||
| 103 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h index e99ad750e4..79a21af7b8 100644 --- a/src/lib/libssl/src/crypto/engine/engine.h +++ b/src/lib/libssl/src/crypto/engine/engine.h | |||
| @@ -318,7 +318,6 @@ void ENGINE_load_dynamic(void); | |||
| 318 | #ifndef OPENSSL_NO_STATIC_ENGINE | 318 | #ifndef OPENSSL_NO_STATIC_ENGINE |
| 319 | void ENGINE_load_padlock(void); | 319 | void ENGINE_load_padlock(void); |
| 320 | #endif | 320 | #endif |
| 321 | void ENGINE_load_cryptodev(void); | ||
| 322 | void ENGINE_load_rsax(void); | 321 | void ENGINE_load_rsax(void); |
| 323 | void ENGINE_load_builtin_engines(void); | 322 | void ENGINE_load_builtin_engines(void); |
| 324 | 323 | ||
| @@ -707,10 +706,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, | |||
| 707 | * values. */ | 706 | * values. */ |
| 708 | void *ENGINE_get_static_state(void); | 707 | void *ENGINE_get_static_state(void); |
| 709 | 708 | ||
| 710 | #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | ||
| 711 | void ENGINE_setup_bsd_cryptodev(void); | ||
| 712 | #endif | ||
| 713 | |||
| 714 | /* BEGIN ERROR CODES */ | 709 | /* BEGIN ERROR CODES */ |
| 715 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 710 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 716 | * made after this point may be overwritten when the script is next run. | 711 | * made after this point may be overwritten when the script is next run. |
diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c deleted file mode 100644 index c2a144f4eb..0000000000 --- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c +++ /dev/null | |||
| @@ -1,1343 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (c) 2002-2004 Theo de Raadt | ||
| 3 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | ||
| 4 | * Copyright (c) 2002 Markus Friedl | ||
| 5 | * All rights reserved. | ||
| 6 | * | ||
| 7 | * Redistribution and use in source and binary forms, with or without | ||
| 8 | * modification, are permitted provided that the following conditions | ||
| 9 | * are met: | ||
| 10 | * 1. Redistributions of source code must retain the above copyright | ||
| 11 | * notice, this list of conditions and the following disclaimer. | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in the | ||
| 14 | * documentation and/or other materials provided with the distribution. | ||
| 15 | * | ||
| 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY | ||
| 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
| 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
| 19 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY | ||
| 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
| 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
| 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
| 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
| 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 26 | * | ||
| 27 | */ | ||
| 28 | |||
| 29 | #include <openssl/objects.h> | ||
| 30 | #include <openssl/engine.h> | ||
| 31 | #include <openssl/evp.h> | ||
| 32 | #include <openssl/bn.h> | ||
| 33 | |||
| 34 | #if (defined(__unix__) || defined(unix)) && !defined(USG) | ||
| 35 | #include <sys/param.h> | ||
| 36 | # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) | ||
| 37 | # define HAVE_CRYPTODEV | ||
| 38 | # endif | ||
| 39 | # if (OpenBSD >= 200110) | ||
| 40 | # define HAVE_SYSLOG_R | ||
| 41 | # endif | ||
| 42 | #endif | ||
| 43 | |||
| 44 | #ifndef HAVE_CRYPTODEV | ||
| 45 | |||
| 46 | void | ||
| 47 | ENGINE_load_cryptodev(void) | ||
| 48 | { | ||
| 49 | /* This is a NOP on platforms without /dev/crypto */ | ||
| 50 | return; | ||
| 51 | } | ||
| 52 | |||
| 53 | #else | ||
| 54 | |||
| 55 | #include <sys/types.h> | ||
| 56 | #include <crypto/cryptodev.h> | ||
| 57 | #include <openssl/dh.h> | ||
| 58 | #include <openssl/dsa.h> | ||
| 59 | #include <openssl/err.h> | ||
| 60 | #include <openssl/rsa.h> | ||
| 61 | #include <sys/ioctl.h> | ||
| 62 | |||
| 63 | #include <errno.h> | ||
| 64 | #include <fcntl.h> | ||
| 65 | #include <limits.h> | ||
| 66 | #include <stdarg.h> | ||
| 67 | #include <stdio.h> | ||
| 68 | #include <string.h> | ||
| 69 | #include <syslog.h> | ||
| 70 | #include <unistd.h> | ||
| 71 | |||
| 72 | #if defined(__i386__) || defined(__amd64__) | ||
| 73 | #include <sys/sysctl.h> | ||
| 74 | #include <machine/cpu.h> | ||
| 75 | #include <machine/specialreg.h> | ||
| 76 | |||
| 77 | #include <ssl/aes.h> | ||
| 78 | |||
| 79 | static int check_viac3aes(void); | ||
| 80 | #endif | ||
| 81 | |||
| 82 | #define CRYPTO_VIAC3_MAX 3 | ||
| 83 | |||
| 84 | struct dev_crypto_state { | ||
| 85 | struct session_op d_sess; | ||
| 86 | int d_fd; | ||
| 87 | }; | ||
| 88 | |||
| 89 | struct dev_crypto_cipher { | ||
| 90 | int c_id; | ||
| 91 | int c_nid; | ||
| 92 | int c_ivmax; | ||
| 93 | int c_keylen; | ||
| 94 | }; | ||
| 95 | |||
| 96 | static u_int32_t cryptodev_asymfeat = 0; | ||
| 97 | |||
| 98 | static int get_asym_dev_crypto(void); | ||
| 99 | static int open_dev_crypto(void); | ||
| 100 | static int get_dev_crypto(void); | ||
| 101 | static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid); | ||
| 102 | static int get_cryptodev_ciphers(const int **cnids); | ||
| 103 | /*static int get_cryptodev_digests(const int **cnids);*/ | ||
| 104 | static int cryptodev_usable_ciphers(const int **nids); | ||
| 105 | static int cryptodev_usable_digests(const int **nids); | ||
| 106 | static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 107 | const unsigned char *in, size_t inl); | ||
| 108 | static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 109 | const unsigned char *iv, int enc); | ||
| 110 | static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | ||
| 111 | static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
| 112 | const int **nids, int nid); | ||
| 113 | static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
| 114 | const int **nids, int nid); | ||
| 115 | static int bn2crparam(const BIGNUM *a, struct crparam *crp); | ||
| 116 | static int crparam2bn(struct crparam *crp, BIGNUM *a); | ||
| 117 | static void zapparams(struct crypt_kop *kop); | ||
| 118 | static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, | ||
| 119 | int slen, BIGNUM *s); | ||
| 120 | |||
| 121 | static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | ||
| 122 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 123 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, | ||
| 124 | RSA *rsa, BN_CTX *ctx); | ||
| 125 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
| 126 | BN_CTX *ctx); | ||
| 127 | static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
| 128 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 129 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
| 130 | BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
| 131 | BN_CTX *ctx, BN_MONT_CTX *mont); | ||
| 132 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | ||
| 133 | int dlen, DSA *dsa); | ||
| 134 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
| 135 | DSA_SIG *sig, DSA *dsa); | ||
| 136 | static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
| 137 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 138 | BN_MONT_CTX *m_ctx); | ||
| 139 | static int cryptodev_dh_compute_key(unsigned char *key, | ||
| 140 | const BIGNUM *pub_key, DH *dh); | ||
| 141 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
| 142 | void (*f)()); | ||
| 143 | void ENGINE_load_cryptodev(void); | ||
| 144 | |||
| 145 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | ||
| 146 | { 0, NULL, NULL, 0 } | ||
| 147 | }; | ||
| 148 | |||
| 149 | static struct dev_crypto_cipher ciphers[] = { | ||
| 150 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | ||
| 151 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | ||
| 152 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | ||
| 153 | { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | ||
| 154 | { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | ||
| 155 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | ||
| 156 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | ||
| 157 | { 0, NID_undef, 0, 0, }, | ||
| 158 | }; | ||
| 159 | |||
| 160 | #if 0 /* UNUSED */ | ||
| 161 | static struct { | ||
| 162 | int id; | ||
| 163 | int nid; | ||
| 164 | } digests[] = { | ||
| 165 | { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, | ||
| 166 | { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, | ||
| 167 | { CRYPTO_MD5_KPDK, NID_undef, }, | ||
| 168 | { CRYPTO_SHA1_KPDK, NID_undef, }, | ||
| 169 | { CRYPTO_MD5, NID_md5, }, | ||
| 170 | { CRYPTO_SHA1, NID_undef, }, | ||
| 171 | { 0, NID_undef, }, | ||
| 172 | }; | ||
| 173 | #endif | ||
| 174 | |||
| 175 | /* | ||
| 176 | * Return a fd if /dev/crypto seems usable, -1 otherwise. | ||
| 177 | */ | ||
| 178 | static int | ||
| 179 | open_dev_crypto(void) | ||
| 180 | { | ||
| 181 | static int fd = -1; | ||
| 182 | |||
| 183 | if (fd == -1) { | ||
| 184 | if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | ||
| 185 | return (-1); | ||
| 186 | /* close on exec */ | ||
| 187 | if (fcntl(fd, F_SETFD, 1) == -1) { | ||
| 188 | close(fd); | ||
| 189 | fd = -1; | ||
| 190 | return (-1); | ||
| 191 | } | ||
| 192 | } | ||
| 193 | return (fd); | ||
| 194 | } | ||
| 195 | |||
| 196 | static int | ||
| 197 | get_dev_crypto(void) | ||
| 198 | { | ||
| 199 | int fd, retfd; | ||
| 200 | |||
| 201 | if ((fd = open_dev_crypto()) == -1) | ||
| 202 | return (-1); | ||
| 203 | if (ioctl(fd, CRIOGET, &retfd) == -1) { | ||
| 204 | close(fd); | ||
| 205 | return (-1); | ||
| 206 | } | ||
| 207 | |||
| 208 | /* close on exec */ | ||
| 209 | if (fcntl(retfd, F_SETFD, 1) == -1) { | ||
| 210 | close(retfd); | ||
| 211 | return (-1); | ||
| 212 | } | ||
| 213 | return (retfd); | ||
| 214 | } | ||
| 215 | |||
| 216 | /* Caching version for asym operations */ | ||
| 217 | static int | ||
| 218 | get_asym_dev_crypto(void) | ||
| 219 | { | ||
| 220 | static int fd = -1; | ||
| 221 | |||
| 222 | if (fd == -1) | ||
| 223 | fd = get_dev_crypto(); | ||
| 224 | return fd; | ||
| 225 | } | ||
| 226 | |||
| 227 | /* convert libcrypto nids to cryptodev */ | ||
| 228 | static struct dev_crypto_cipher * | ||
| 229 | cipher_nid_to_cryptodev(int nid) | ||
| 230 | { | ||
| 231 | int i; | ||
| 232 | |||
| 233 | for (i = 0; ciphers[i].c_id; i++) | ||
| 234 | if (ciphers[i].c_nid == nid) | ||
| 235 | return (&ciphers[i]); | ||
| 236 | return (NULL); | ||
| 237 | } | ||
| 238 | |||
| 239 | /* | ||
| 240 | * Find out what ciphers /dev/crypto will let us have a session for. | ||
| 241 | * XXX note, that some of these openssl doesn't deal with yet! | ||
| 242 | * returning them here is harmless, as long as we return NULL | ||
| 243 | * when asked for a handler in the cryptodev_engine_ciphers routine | ||
| 244 | */ | ||
| 245 | static int | ||
| 246 | get_cryptodev_ciphers(const int **cnids) | ||
| 247 | { | ||
| 248 | static int nids[CRYPTO_ALGORITHM_MAX + CRYPTO_VIAC3_MAX + 1]; | ||
| 249 | struct session_op sess; | ||
| 250 | int fd, i, count = 0; | ||
| 251 | |||
| 252 | if ((fd = get_dev_crypto()) < 0) { | ||
| 253 | *cnids = NULL; | ||
| 254 | return (0); | ||
| 255 | } | ||
| 256 | memset(&sess, 0, sizeof(sess)); | ||
| 257 | sess.key = (caddr_t)"123456781234567812345678"; | ||
| 258 | |||
| 259 | for (i = 0; ciphers[i].c_id && count <= CRYPTO_ALGORITHM_MAX; i++) { | ||
| 260 | if (ciphers[i].c_nid == NID_undef) | ||
| 261 | continue; | ||
| 262 | sess.cipher = ciphers[i].c_id; | ||
| 263 | sess.keylen = ciphers[i].c_keylen; | ||
| 264 | sess.mac = 0; | ||
| 265 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | ||
| 266 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | ||
| 267 | nids[count++] = ciphers[i].c_nid; | ||
| 268 | } | ||
| 269 | close(fd); | ||
| 270 | |||
| 271 | #if defined(__i386__) || defined(__amd64__) | ||
| 272 | /* | ||
| 273 | * Always check for the VIA C3 AES instructions; | ||
| 274 | * even if /dev/crypto is disabled. | ||
| 275 | */ | ||
| 276 | if (check_viac3aes() >= 1) { | ||
| 277 | int have_NID_aes_128_cbc = 0; | ||
| 278 | int have_NID_aes_192_cbc = 0; | ||
| 279 | int have_NID_aes_256_cbc = 0; | ||
| 280 | |||
| 281 | for (i = 0; i < count; i++) { | ||
| 282 | if (nids[i] == NID_aes_128_cbc) | ||
| 283 | have_NID_aes_128_cbc = 1; | ||
| 284 | if (nids[i] == NID_aes_192_cbc) | ||
| 285 | have_NID_aes_192_cbc = 1; | ||
| 286 | if (nids[i] == NID_aes_256_cbc) | ||
| 287 | have_NID_aes_256_cbc = 1; | ||
| 288 | } | ||
| 289 | if (!have_NID_aes_128_cbc) | ||
| 290 | nids[count++] = NID_aes_128_cbc; | ||
| 291 | if (!have_NID_aes_192_cbc) | ||
| 292 | nids[count++] = NID_aes_192_cbc; | ||
| 293 | if (!have_NID_aes_256_cbc) | ||
| 294 | nids[count++] = NID_aes_256_cbc; | ||
| 295 | } | ||
| 296 | #endif | ||
| 297 | |||
| 298 | if (count > 0) | ||
| 299 | *cnids = nids; | ||
| 300 | else | ||
| 301 | *cnids = NULL; | ||
| 302 | return (count); | ||
| 303 | } | ||
| 304 | |||
| 305 | /* | ||
| 306 | * Find out what digests /dev/crypto will let us have a session for. | ||
| 307 | * XXX note, that some of these openssl doesn't deal with yet! | ||
| 308 | * returning them here is harmless, as long as we return NULL | ||
| 309 | * when asked for a handler in the cryptodev_engine_digests routine | ||
| 310 | */ | ||
| 311 | #if 0 /* UNUSED */ | ||
| 312 | static int | ||
| 313 | get_cryptodev_digests(const int **cnids) | ||
| 314 | { | ||
| 315 | static int nids[CRYPTO_ALGORITHM_MAX]; | ||
| 316 | struct session_op sess; | ||
| 317 | int fd, i, count = 0; | ||
| 318 | |||
| 319 | if ((fd = get_dev_crypto()) < 0) { | ||
| 320 | *cnids = NULL; | ||
| 321 | return (0); | ||
| 322 | } | ||
| 323 | memset(&sess, 0, sizeof(sess)); | ||
| 324 | for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | ||
| 325 | if (digests[i].nid == NID_undef) | ||
| 326 | continue; | ||
| 327 | sess.mac = digests[i].id; | ||
| 328 | sess.cipher = 0; | ||
| 329 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | ||
| 330 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | ||
| 331 | nids[count++] = digests[i].nid; | ||
| 332 | } | ||
| 333 | close(fd); | ||
| 334 | |||
| 335 | if (count > 0) | ||
| 336 | *cnids = nids; | ||
| 337 | else | ||
| 338 | *cnids = NULL; | ||
| 339 | return (count); | ||
| 340 | } | ||
| 341 | #endif | ||
| 342 | |||
| 343 | /* | ||
| 344 | * Find the useable ciphers|digests from dev/crypto - this is the first | ||
| 345 | * thing called by the engine init crud which determines what it | ||
| 346 | * can use for ciphers from this engine. We want to return | ||
| 347 | * only what we can do, anythine else is handled by software. | ||
| 348 | * | ||
| 349 | * If we can't initialize the device to do anything useful for | ||
| 350 | * any reason, we want to return a NULL array, and 0 length, | ||
| 351 | * which forces everything to be done is software. By putting | ||
| 352 | * the initalization of the device in here, we ensure we can | ||
| 353 | * use this engine as the default, and if for whatever reason | ||
| 354 | * /dev/crypto won't do what we want it will just be done in | ||
| 355 | * software | ||
| 356 | * | ||
| 357 | * This can (should) be greatly expanded to perhaps take into | ||
| 358 | * account speed of the device, and what we want to do. | ||
| 359 | * (although the disabling of particular alg's could be controlled | ||
| 360 | * by the device driver with sysctl's.) - this is where we | ||
| 361 | * want most of the decisions made about what we actually want | ||
| 362 | * to use from /dev/crypto. | ||
| 363 | */ | ||
| 364 | static int | ||
| 365 | cryptodev_usable_ciphers(const int **nids) | ||
| 366 | { | ||
| 367 | return (get_cryptodev_ciphers(nids)); | ||
| 368 | } | ||
| 369 | |||
| 370 | static int | ||
| 371 | cryptodev_usable_digests(const int **nids) | ||
| 372 | { | ||
| 373 | /* | ||
| 374 | * XXXX just disable all digests for now, because it sucks. | ||
| 375 | * we need a better way to decide this - i.e. I may not | ||
| 376 | * want digests on slow cards like hifn on fast machines, | ||
| 377 | * but might want them on slow or loaded machines, etc. | ||
| 378 | * will also want them when using crypto cards that don't | ||
| 379 | * suck moose gonads - would be nice to be able to decide something | ||
| 380 | * as reasonable default without having hackery that's card dependent. | ||
| 381 | * of course, the default should probably be just do everything, | ||
| 382 | * with perhaps a sysctl to turn algoritms off (or have them off | ||
| 383 | * by default) on cards that generally suck like the hifn. | ||
| 384 | */ | ||
| 385 | *nids = NULL; | ||
| 386 | return (0); | ||
| 387 | } | ||
| 388 | |||
| 389 | static int | ||
| 390 | cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 391 | const unsigned char *in, size_t inl) | ||
| 392 | { | ||
| 393 | struct crypt_op cryp; | ||
| 394 | struct dev_crypto_state *state = ctx->cipher_data; | ||
| 395 | struct session_op *sess = &state->d_sess; | ||
| 396 | void *iiv; | ||
| 397 | unsigned char save_iv[EVP_MAX_IV_LENGTH]; | ||
| 398 | |||
| 399 | if (state->d_fd < 0) | ||
| 400 | return (0); | ||
| 401 | if (!inl) | ||
| 402 | return (1); | ||
| 403 | if ((inl % ctx->cipher->block_size) != 0) | ||
| 404 | return (0); | ||
| 405 | |||
| 406 | memset(&cryp, 0, sizeof(cryp)); | ||
| 407 | |||
| 408 | cryp.ses = sess->ses; | ||
| 409 | cryp.flags = 0; | ||
| 410 | cryp.len = inl; | ||
| 411 | cryp.src = (caddr_t) in; | ||
| 412 | cryp.dst = (caddr_t) out; | ||
| 413 | cryp.mac = 0; | ||
| 414 | |||
| 415 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
| 416 | |||
| 417 | if (ctx->cipher->iv_len) { | ||
| 418 | cryp.iv = (caddr_t) ctx->iv; | ||
| 419 | if (!ctx->encrypt) { | ||
| 420 | iiv = (void *) in + inl - ctx->cipher->iv_len; | ||
| 421 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
| 422 | } | ||
| 423 | } else | ||
| 424 | cryp.iv = NULL; | ||
| 425 | |||
| 426 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { | ||
| 427 | /* XXX need better errror handling | ||
| 428 | * this can fail for a number of different reasons. | ||
| 429 | */ | ||
| 430 | return (0); | ||
| 431 | } | ||
| 432 | |||
| 433 | if (ctx->cipher->iv_len) { | ||
| 434 | if (ctx->encrypt) | ||
| 435 | iiv = (void *) out + inl - ctx->cipher->iv_len; | ||
| 436 | else | ||
| 437 | iiv = save_iv; | ||
| 438 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | ||
| 439 | } | ||
| 440 | return (1); | ||
| 441 | } | ||
| 442 | |||
| 443 | static int | ||
| 444 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 445 | const unsigned char *iv, int enc) | ||
| 446 | { | ||
| 447 | struct dev_crypto_state *state = ctx->cipher_data; | ||
| 448 | struct session_op *sess = &state->d_sess; | ||
| 449 | struct dev_crypto_cipher *cipher; | ||
| 450 | |||
| 451 | if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL) | ||
| 452 | return (0); | ||
| 453 | |||
| 454 | if (ctx->cipher->iv_len > cipher->c_ivmax) | ||
| 455 | return (0); | ||
| 456 | |||
| 457 | if (ctx->key_len != cipher->c_keylen) | ||
| 458 | return (0); | ||
| 459 | |||
| 460 | memset(sess, 0, sizeof(struct session_op)); | ||
| 461 | |||
| 462 | if ((state->d_fd = get_dev_crypto()) < 0) | ||
| 463 | return (0); | ||
| 464 | |||
| 465 | sess->key = (unsigned char *)key; | ||
| 466 | sess->keylen = ctx->key_len; | ||
| 467 | sess->cipher = cipher->c_id; | ||
| 468 | |||
| 469 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | ||
| 470 | close(state->d_fd); | ||
| 471 | state->d_fd = -1; | ||
| 472 | return (0); | ||
| 473 | } | ||
| 474 | return (1); | ||
| 475 | } | ||
| 476 | |||
| 477 | /* | ||
| 478 | * free anything we allocated earlier when initting a | ||
| 479 | * session, and close the session. | ||
| 480 | */ | ||
| 481 | static int | ||
| 482 | cryptodev_cleanup(EVP_CIPHER_CTX *ctx) | ||
| 483 | { | ||
| 484 | int ret = 0; | ||
| 485 | struct dev_crypto_state *state = ctx->cipher_data; | ||
| 486 | struct session_op *sess = &state->d_sess; | ||
| 487 | |||
| 488 | if (state->d_fd < 0) | ||
| 489 | return (0); | ||
| 490 | |||
| 491 | /* XXX if this ioctl fails, someting's wrong. the invoker | ||
| 492 | * may have called us with a bogus ctx, or we could | ||
| 493 | * have a device that for whatever reason just doesn't | ||
| 494 | * want to play ball - it's not clear what's right | ||
| 495 | * here - should this be an error? should it just | ||
| 496 | * increase a counter, hmm. For right now, we return | ||
| 497 | * 0 - I don't believe that to be "right". we could | ||
| 498 | * call the gorpy openssl lib error handlers that | ||
| 499 | * print messages to users of the library. hmm.. | ||
| 500 | */ | ||
| 501 | |||
| 502 | if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { | ||
| 503 | ret = 0; | ||
| 504 | } else { | ||
| 505 | ret = 1; | ||
| 506 | } | ||
| 507 | close(state->d_fd); | ||
| 508 | state->d_fd = -1; | ||
| 509 | |||
| 510 | return (ret); | ||
| 511 | } | ||
| 512 | |||
| 513 | /* | ||
| 514 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | ||
| 515 | * gets called when libcrypto requests a cipher NID. | ||
| 516 | */ | ||
| 517 | |||
| 518 | /* DES CBC EVP */ | ||
| 519 | const EVP_CIPHER cryptodev_des_cbc = { | ||
| 520 | NID_des_cbc, | ||
| 521 | 8, 8, 8, | ||
| 522 | EVP_CIPH_CBC_MODE, | ||
| 523 | cryptodev_init_key, | ||
| 524 | cryptodev_cipher, | ||
| 525 | cryptodev_cleanup, | ||
| 526 | sizeof(struct dev_crypto_state), | ||
| 527 | EVP_CIPHER_set_asn1_iv, | ||
| 528 | EVP_CIPHER_get_asn1_iv, | ||
| 529 | NULL | ||
| 530 | }; | ||
| 531 | |||
| 532 | /* 3DES CBC EVP */ | ||
| 533 | const EVP_CIPHER cryptodev_3des_cbc = { | ||
| 534 | NID_des_ede3_cbc, | ||
| 535 | 8, 24, 8, | ||
| 536 | EVP_CIPH_CBC_MODE, | ||
| 537 | cryptodev_init_key, | ||
| 538 | cryptodev_cipher, | ||
| 539 | cryptodev_cleanup, | ||
| 540 | sizeof(struct dev_crypto_state), | ||
| 541 | EVP_CIPHER_set_asn1_iv, | ||
| 542 | EVP_CIPHER_get_asn1_iv, | ||
| 543 | NULL | ||
| 544 | }; | ||
| 545 | |||
| 546 | const EVP_CIPHER cryptodev_bf_cbc = { | ||
| 547 | NID_bf_cbc, | ||
| 548 | 8, 16, 8, | ||
| 549 | EVP_CIPH_CBC_MODE, | ||
| 550 | cryptodev_init_key, | ||
| 551 | cryptodev_cipher, | ||
| 552 | cryptodev_cleanup, | ||
| 553 | sizeof(struct dev_crypto_state), | ||
| 554 | EVP_CIPHER_set_asn1_iv, | ||
| 555 | EVP_CIPHER_get_asn1_iv, | ||
| 556 | NULL | ||
| 557 | }; | ||
| 558 | |||
| 559 | const EVP_CIPHER cryptodev_cast_cbc = { | ||
| 560 | NID_cast5_cbc, | ||
| 561 | 8, 16, 8, | ||
| 562 | EVP_CIPH_CBC_MODE, | ||
| 563 | cryptodev_init_key, | ||
| 564 | cryptodev_cipher, | ||
| 565 | cryptodev_cleanup, | ||
| 566 | sizeof(struct dev_crypto_state), | ||
| 567 | EVP_CIPHER_set_asn1_iv, | ||
| 568 | EVP_CIPHER_get_asn1_iv, | ||
| 569 | NULL | ||
| 570 | }; | ||
| 571 | |||
| 572 | EVP_CIPHER cryptodev_aes_128_cbc = { | ||
| 573 | NID_aes_128_cbc, | ||
| 574 | 16, 16, 16, | ||
| 575 | EVP_CIPH_CBC_MODE, | ||
| 576 | cryptodev_init_key, | ||
| 577 | cryptodev_cipher, | ||
| 578 | cryptodev_cleanup, | ||
| 579 | sizeof(struct dev_crypto_state), | ||
| 580 | EVP_CIPHER_set_asn1_iv, | ||
| 581 | EVP_CIPHER_get_asn1_iv, | ||
| 582 | NULL | ||
| 583 | }; | ||
| 584 | |||
| 585 | EVP_CIPHER cryptodev_aes_192_cbc = { | ||
| 586 | NID_aes_192_cbc, | ||
| 587 | 16, 24, 16, | ||
| 588 | EVP_CIPH_CBC_MODE, | ||
| 589 | cryptodev_init_key, | ||
| 590 | cryptodev_cipher, | ||
| 591 | cryptodev_cleanup, | ||
| 592 | sizeof(struct dev_crypto_state), | ||
| 593 | EVP_CIPHER_set_asn1_iv, | ||
| 594 | EVP_CIPHER_get_asn1_iv, | ||
| 595 | NULL | ||
| 596 | }; | ||
| 597 | |||
| 598 | EVP_CIPHER cryptodev_aes_256_cbc = { | ||
| 599 | NID_aes_256_cbc, | ||
| 600 | 16, 32, 16, | ||
| 601 | EVP_CIPH_CBC_MODE, | ||
| 602 | cryptodev_init_key, | ||
| 603 | cryptodev_cipher, | ||
| 604 | cryptodev_cleanup, | ||
| 605 | sizeof(struct dev_crypto_state), | ||
| 606 | EVP_CIPHER_set_asn1_iv, | ||
| 607 | EVP_CIPHER_get_asn1_iv, | ||
| 608 | NULL | ||
| 609 | }; | ||
| 610 | |||
| 611 | #if defined(__i386__) || defined(__amd64__) | ||
| 612 | |||
| 613 | static inline void | ||
| 614 | viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep, | ||
| 615 | void *iv) | ||
| 616 | { | ||
| 617 | #ifdef notdef | ||
| 618 | printf("cw %p[%x %x %x %x] src %p dst %p key %p rep %x iv %p\n", | ||
| 619 | cw, cw[0], cw[1], cw[2], cw[3], | ||
| 620 | src, dst, key, rep, iv); | ||
| 621 | #endif | ||
| 622 | #if defined(__i386__) | ||
| 623 | |||
| 624 | /* | ||
| 625 | * Clear bit 30 of EFLAGS. | ||
| 626 | */ | ||
| 627 | __asm __volatile("pushfl; popfl"); | ||
| 628 | |||
| 629 | /* | ||
| 630 | * Cannot simply place key into "b" register, since the compiler | ||
| 631 | * -pic mode uses that register; so instead we must dance a little. | ||
| 632 | */ | ||
| 633 | __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcryptcbc; popl %%ebx" : | ||
| 634 | : "m" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst) | ||
| 635 | : "memory", "cc"); | ||
| 636 | #else | ||
| 637 | |||
| 638 | /* | ||
| 639 | * Clear bit 30 of EFLAGS. | ||
| 640 | */ | ||
| 641 | __asm __volatile("pushfq; popfq"); | ||
| 642 | __asm __volatile("rep xcryptcbc" : | ||
| 643 | : "b" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst) | ||
| 644 | : "memory", "cc"); | ||
| 645 | #endif | ||
| 646 | |||
| 647 | } | ||
| 648 | |||
| 649 | #define ISUNALIGNED(x) ((long)(x)) & 15 | ||
| 650 | #define DOALIGN(v) ((void *)(((long)(v) + 15) & ~15)) | ||
| 651 | |||
| 652 | static int | ||
| 653 | xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 654 | const unsigned char *in, size_t inl) | ||
| 655 | { | ||
| 656 | unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15]; | ||
| 657 | unsigned char *save_iv = DOALIGN(save_iv_store); | ||
| 658 | unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15]; | ||
| 659 | unsigned char *ivs = DOALIGN(ivs_store); | ||
| 660 | void *iiv, *iv = NULL, *ivp = NULL; | ||
| 661 | const void *usein = in; | ||
| 662 | void *useout = out, *spare = NULL; | ||
| 663 | int cws[4 + 3], *cw = DOALIGN(cws); | ||
| 664 | |||
| 665 | if (!inl) | ||
| 666 | return (1); | ||
| 667 | if ((inl % ctx->cipher->block_size) != 0) | ||
| 668 | return (0); | ||
| 669 | if (inl > UINT_MAX) | ||
| 670 | return (0); | ||
| 671 | |||
| 672 | if (ISUNALIGNED(in) || ISUNALIGNED(out)) { | ||
| 673 | spare = malloc(inl); | ||
| 674 | if (spare == NULL) | ||
| 675 | return (0); | ||
| 676 | |||
| 677 | if (ISUNALIGNED(in)) { | ||
| 678 | bcopy(in, spare, inl); | ||
| 679 | usein = spare; | ||
| 680 | } | ||
| 681 | if (ISUNALIGNED(out)) | ||
| 682 | useout = spare; | ||
| 683 | } | ||
| 684 | |||
| 685 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | | ||
| 686 | C3_CRYPT_CWLO_NORMAL; | ||
| 687 | cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; | ||
| 688 | cw[1] = cw[2] = cw[3] = 0; | ||
| 689 | |||
| 690 | switch (ctx->key_len * 8) { | ||
| 691 | case 128: | ||
| 692 | cw[0] |= C3_CRYPT_CWLO_KEY128; | ||
| 693 | break; | ||
| 694 | case 192: | ||
| 695 | cw[0] |= C3_CRYPT_CWLO_KEY192; | ||
| 696 | break; | ||
| 697 | case 256: | ||
| 698 | cw[0] |= C3_CRYPT_CWLO_KEY256; | ||
| 699 | break; | ||
| 700 | } | ||
| 701 | |||
| 702 | if (ctx->cipher->iv_len) { | ||
| 703 | iv = (caddr_t) ctx->iv; | ||
| 704 | if (!ctx->encrypt) { | ||
| 705 | iiv = (void *) in + inl - ctx->cipher->iv_len; | ||
| 706 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
| 707 | } | ||
| 708 | } | ||
| 709 | |||
| 710 | ivp = iv; | ||
| 711 | if (ISUNALIGNED(iv)) { | ||
| 712 | bcopy(iv, ivs, ctx->cipher->iv_len); | ||
| 713 | ivp = ivs; | ||
| 714 | } | ||
| 715 | |||
| 716 | viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); | ||
| 717 | |||
| 718 | if (ISUNALIGNED(in) || ISUNALIGNED(out)) { | ||
| 719 | if (ISUNALIGNED(out)) | ||
| 720 | bcopy(spare, out, inl); | ||
| 721 | free(spare); | ||
| 722 | } | ||
| 723 | |||
| 724 | if (ivp == ivs) | ||
| 725 | bcopy(ivp, iv, ctx->cipher->iv_len); | ||
| 726 | |||
| 727 | if (ctx->cipher->iv_len) { | ||
| 728 | if (ctx->encrypt) | ||
| 729 | iiv = (void *) out + inl - ctx->cipher->iv_len; | ||
| 730 | else | ||
| 731 | iiv = save_iv; | ||
| 732 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | ||
| 733 | } | ||
| 734 | return (1); | ||
| 735 | } | ||
| 736 | |||
| 737 | static int | ||
| 738 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 739 | const unsigned char *iv, int enc) | ||
| 740 | { | ||
| 741 | AES_KEY *k = ctx->cipher_data; | ||
| 742 | #ifndef AES_ASM | ||
| 743 | int i; | ||
| 744 | #endif | ||
| 745 | |||
| 746 | memset(k, 0, sizeof *k); | ||
| 747 | if (enc) | ||
| 748 | AES_set_encrypt_key(key, ctx->key_len * 8, k); | ||
| 749 | else | ||
| 750 | AES_set_decrypt_key(key, ctx->key_len * 8, k); | ||
| 751 | |||
| 752 | #ifndef AES_ASM | ||
| 753 | /* | ||
| 754 | * XXX Damn OpenSSL byte swaps the expanded key!! | ||
| 755 | * | ||
| 756 | * XXX But only if we're using the C implementation of AES | ||
| 757 | */ | ||
| 758 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 759 | k->rd_key[i] = htonl(k->rd_key[i]); | ||
| 760 | #endif | ||
| 761 | |||
| 762 | return (1); | ||
| 763 | } | ||
| 764 | |||
| 765 | static int | ||
| 766 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) | ||
| 767 | { | ||
| 768 | memset(ctx->cipher_data, 0, ctx->cipher->ctx_size); | ||
| 769 | return (1); | ||
| 770 | } | ||
| 771 | |||
| 772 | static int | ||
| 773 | check_viac3aes(void) | ||
| 774 | { | ||
| 775 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; | ||
| 776 | size_t size = sizeof(value); | ||
| 777 | |||
| 778 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, | ||
| 779 | NULL, 0) < 0) | ||
| 780 | return (0); | ||
| 781 | if (value == 0) | ||
| 782 | return (0); | ||
| 783 | |||
| 784 | if (value & C3_HAS_AES) { | ||
| 785 | cryptodev_aes_128_cbc.init = xcrypt_init_key; | ||
| 786 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; | ||
| 787 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; | ||
| 788 | cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY); | ||
| 789 | |||
| 790 | cryptodev_aes_192_cbc.init = xcrypt_init_key; | ||
| 791 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; | ||
| 792 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; | ||
| 793 | cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY); | ||
| 794 | |||
| 795 | cryptodev_aes_256_cbc.init = xcrypt_init_key; | ||
| 796 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; | ||
| 797 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; | ||
| 798 | cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY); | ||
| 799 | } | ||
| 800 | return (value); | ||
| 801 | } | ||
| 802 | #endif /* __i386__ || __amd64__ */ | ||
| 803 | |||
| 804 | /* | ||
| 805 | * Registered by the ENGINE when used to find out how to deal with | ||
| 806 | * a particular NID in the ENGINE. this says what we'll do at the | ||
| 807 | * top level - note, that list is restricted by what we answer with | ||
| 808 | */ | ||
| 809 | static int | ||
| 810 | cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
| 811 | const int **nids, int nid) | ||
| 812 | { | ||
| 813 | if (!cipher) | ||
| 814 | return (cryptodev_usable_ciphers(nids)); | ||
| 815 | |||
| 816 | switch (nid) { | ||
| 817 | case NID_des_ede3_cbc: | ||
| 818 | *cipher = &cryptodev_3des_cbc; | ||
| 819 | break; | ||
| 820 | case NID_des_cbc: | ||
| 821 | *cipher = &cryptodev_des_cbc; | ||
| 822 | break; | ||
| 823 | case NID_bf_cbc: | ||
| 824 | *cipher = &cryptodev_bf_cbc; | ||
| 825 | break; | ||
| 826 | case NID_cast5_cbc: | ||
| 827 | *cipher = &cryptodev_cast_cbc; | ||
| 828 | break; | ||
| 829 | case NID_aes_128_cbc: | ||
| 830 | *cipher = &cryptodev_aes_128_cbc; | ||
| 831 | break; | ||
| 832 | case NID_aes_192_cbc: | ||
| 833 | *cipher = &cryptodev_aes_192_cbc; | ||
| 834 | break; | ||
| 835 | case NID_aes_256_cbc: | ||
| 836 | *cipher = &cryptodev_aes_256_cbc; | ||
| 837 | break; | ||
| 838 | default: | ||
| 839 | *cipher = NULL; | ||
| 840 | break; | ||
| 841 | } | ||
| 842 | return (*cipher != NULL); | ||
| 843 | } | ||
| 844 | |||
| 845 | static int | ||
| 846 | cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
| 847 | const int **nids, int nid) | ||
| 848 | { | ||
| 849 | if (!digest) | ||
| 850 | return (cryptodev_usable_digests(nids)); | ||
| 851 | |||
| 852 | switch (nid) { | ||
| 853 | case NID_md5: | ||
| 854 | *digest = NULL; /* need to make a clean md5 critter */ | ||
| 855 | break; | ||
| 856 | default: | ||
| 857 | *digest = NULL; | ||
| 858 | break; | ||
| 859 | } | ||
| 860 | return (*digest != NULL); | ||
| 861 | } | ||
| 862 | |||
| 863 | /* | ||
| 864 | * Convert a BIGNUM to the representation that /dev/crypto needs. | ||
| 865 | * Upon completion of use, the caller is responsible for freeing | ||
| 866 | * crp->crp_p. | ||
| 867 | */ | ||
| 868 | static int | ||
| 869 | bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
| 870 | { | ||
| 871 | int i, j, k; | ||
| 872 | ssize_t bytes, bits; | ||
| 873 | u_char *b; | ||
| 874 | |||
| 875 | crp->crp_p = NULL; | ||
| 876 | crp->crp_nbits = 0; | ||
| 877 | |||
| 878 | bits = BN_num_bits(a); | ||
| 879 | bytes = (bits + 7) / 8; | ||
| 880 | |||
| 881 | b = malloc(bytes); | ||
| 882 | if (b == NULL) | ||
| 883 | return (1); | ||
| 884 | |||
| 885 | crp->crp_p = b; | ||
| 886 | crp->crp_nbits = bits; | ||
| 887 | |||
| 888 | for (i = 0, j = 0; i < a->top; i++) { | ||
| 889 | for (k = 0; k < BN_BITS2 / 8; k++) { | ||
| 890 | if ((j + k) >= bytes) | ||
| 891 | return (0); | ||
| 892 | b[j + k] = a->d[i] >> (k * 8); | ||
| 893 | } | ||
| 894 | j += BN_BITS2 / 8; | ||
| 895 | } | ||
| 896 | return (0); | ||
| 897 | } | ||
| 898 | |||
| 899 | /* Convert a /dev/crypto parameter to a BIGNUM */ | ||
| 900 | static int | ||
| 901 | crparam2bn(struct crparam *crp, BIGNUM *a) | ||
| 902 | { | ||
| 903 | u_int8_t *pd; | ||
| 904 | int i, bytes; | ||
| 905 | |||
| 906 | bytes = (crp->crp_nbits + 7) / 8; | ||
| 907 | |||
| 908 | if (bytes == 0) | ||
| 909 | return (-1); | ||
| 910 | |||
| 911 | if ((pd = malloc(bytes)) == NULL) | ||
| 912 | return (-1); | ||
| 913 | |||
| 914 | for (i = 0; i < bytes; i++) | ||
| 915 | pd[i] = crp->crp_p[bytes - i - 1]; | ||
| 916 | |||
| 917 | BN_bin2bn(pd, bytes, a); | ||
| 918 | free(pd); | ||
| 919 | |||
| 920 | return (0); | ||
| 921 | } | ||
| 922 | |||
| 923 | static void | ||
| 924 | zapparams(struct crypt_kop *kop) | ||
| 925 | { | ||
| 926 | int i; | ||
| 927 | |||
| 928 | for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { | ||
| 929 | free(kop->crk_param[i].crp_p); | ||
| 930 | kop->crk_param[i].crp_p = NULL; | ||
| 931 | kop->crk_param[i].crp_nbits = 0; | ||
| 932 | } | ||
| 933 | } | ||
| 934 | |||
| 935 | static int | ||
| 936 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | ||
| 937 | { | ||
| 938 | int fd, ret = -1; | ||
| 939 | |||
| 940 | if ((fd = get_asym_dev_crypto()) < 0) | ||
| 941 | return (ret); | ||
| 942 | |||
| 943 | if (r) { | ||
| 944 | kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); | ||
| 945 | kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
| 946 | kop->crk_oparams++; | ||
| 947 | } | ||
| 948 | if (s) { | ||
| 949 | kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); | ||
| 950 | kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; | ||
| 951 | kop->crk_oparams++; | ||
| 952 | } | ||
| 953 | |||
| 954 | if (ioctl(fd, CIOCKEY, kop) == 0) { | ||
| 955 | if (r) | ||
| 956 | crparam2bn(&kop->crk_param[kop->crk_iparams], r); | ||
| 957 | if (s) | ||
| 958 | crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); | ||
| 959 | ret = 0; | ||
| 960 | } | ||
| 961 | |||
| 962 | return (ret); | ||
| 963 | } | ||
| 964 | |||
| 965 | static int | ||
| 966 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 967 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
| 968 | { | ||
| 969 | struct crypt_kop kop; | ||
| 970 | int ret = 1; | ||
| 971 | |||
| 972 | /* Currently, we know we can do mod exp iff we can do any | ||
| 973 | * asymmetric operations at all. | ||
| 974 | */ | ||
| 975 | if (cryptodev_asymfeat == 0) { | ||
| 976 | ret = BN_mod_exp(r, a, p, m, ctx); | ||
| 977 | return (ret); | ||
| 978 | } | ||
| 979 | |||
| 980 | memset(&kop, 0, sizeof kop); | ||
| 981 | kop.crk_op = CRK_MOD_EXP; | ||
| 982 | |||
| 983 | /* inputs: a^p % m */ | ||
| 984 | if (bn2crparam(a, &kop.crk_param[0])) | ||
| 985 | goto err; | ||
| 986 | if (bn2crparam(p, &kop.crk_param[1])) | ||
| 987 | goto err; | ||
| 988 | if (bn2crparam(m, &kop.crk_param[2])) | ||
| 989 | goto err; | ||
| 990 | kop.crk_iparams = 3; | ||
| 991 | |||
| 992 | if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { | ||
| 993 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
| 994 | ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); | ||
| 995 | } | ||
| 996 | err: | ||
| 997 | zapparams(&kop); | ||
| 998 | return (ret); | ||
| 999 | } | ||
| 1000 | |||
| 1001 | static int | ||
| 1002 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
| 1003 | BN_CTX *ctx) | ||
| 1004 | { | ||
| 1005 | return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx); | ||
| 1006 | } | ||
| 1007 | |||
| 1008 | static int | ||
| 1009 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
| 1010 | { | ||
| 1011 | struct crypt_kop kop; | ||
| 1012 | int ret = 1; | ||
| 1013 | |||
| 1014 | if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | ||
| 1015 | /* XXX 0 means failure?? */ | ||
| 1016 | return (0); | ||
| 1017 | } | ||
| 1018 | |||
| 1019 | memset(&kop, 0, sizeof kop); | ||
| 1020 | kop.crk_op = CRK_MOD_EXP_CRT; | ||
| 1021 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
| 1022 | if (bn2crparam(rsa->p, &kop.crk_param[0])) | ||
| 1023 | goto err; | ||
| 1024 | if (bn2crparam(rsa->q, &kop.crk_param[1])) | ||
| 1025 | goto err; | ||
| 1026 | if (bn2crparam(I, &kop.crk_param[2])) | ||
| 1027 | goto err; | ||
| 1028 | if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) | ||
| 1029 | goto err; | ||
| 1030 | if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) | ||
| 1031 | goto err; | ||
| 1032 | if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) | ||
| 1033 | goto err; | ||
| 1034 | kop.crk_iparams = 6; | ||
| 1035 | |||
| 1036 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { | ||
| 1037 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
| 1038 | ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); | ||
| 1039 | } | ||
| 1040 | err: | ||
| 1041 | zapparams(&kop); | ||
| 1042 | return (ret); | ||
| 1043 | } | ||
| 1044 | |||
| 1045 | static RSA_METHOD cryptodev_rsa = { | ||
| 1046 | .name = "cryptodev RSA method" | ||
| 1047 | }; | ||
| 1048 | |||
| 1049 | static int | ||
| 1050 | cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 1051 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
| 1052 | { | ||
| 1053 | return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
| 1054 | } | ||
| 1055 | |||
| 1056 | static int | ||
| 1057 | cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
| 1058 | BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
| 1059 | BN_CTX *ctx, BN_MONT_CTX *mont) | ||
| 1060 | { | ||
| 1061 | BIGNUM t2; | ||
| 1062 | int ret = 0; | ||
| 1063 | |||
| 1064 | BN_init(&t2); | ||
| 1065 | |||
| 1066 | /* v = ( g^u1 * y^u2 mod p ) mod q */ | ||
| 1067 | /* let t1 = g ^ u1 mod p */ | ||
| 1068 | ret = 0; | ||
| 1069 | |||
| 1070 | if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) | ||
| 1071 | goto err; | ||
| 1072 | |||
| 1073 | /* let t2 = y ^ u2 mod p */ | ||
| 1074 | if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) | ||
| 1075 | goto err; | ||
| 1076 | /* let u1 = t1 * t2 mod p */ | ||
| 1077 | if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) | ||
| 1078 | goto err; | ||
| 1079 | |||
| 1080 | BN_copy(t1,u1); | ||
| 1081 | |||
| 1082 | ret = 1; | ||
| 1083 | err: | ||
| 1084 | BN_free(&t2); | ||
| 1085 | return(ret); | ||
| 1086 | } | ||
| 1087 | |||
| 1088 | static DSA_SIG * | ||
| 1089 | cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | ||
| 1090 | { | ||
| 1091 | struct crypt_kop kop; | ||
| 1092 | BIGNUM *r = NULL, *s = NULL; | ||
| 1093 | DSA_SIG *dsaret = NULL; | ||
| 1094 | |||
| 1095 | if ((r = BN_new()) == NULL) | ||
| 1096 | goto err; | ||
| 1097 | if ((s = BN_new()) == NULL) { | ||
| 1098 | BN_free(r); | ||
| 1099 | goto err; | ||
| 1100 | } | ||
| 1101 | |||
| 1102 | memset(&kop, 0, sizeof kop); | ||
| 1103 | kop.crk_op = CRK_DSA_SIGN; | ||
| 1104 | |||
| 1105 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
| 1106 | kop.crk_param[0].crp_p = (caddr_t)dgst; | ||
| 1107 | kop.crk_param[0].crp_nbits = dlen * 8; | ||
| 1108 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
| 1109 | goto err; | ||
| 1110 | if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
| 1111 | goto err; | ||
| 1112 | if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
| 1113 | goto err; | ||
| 1114 | if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) | ||
| 1115 | goto err; | ||
| 1116 | kop.crk_iparams = 5; | ||
| 1117 | |||
| 1118 | if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, | ||
| 1119 | BN_num_bytes(dsa->q), s) == 0) { | ||
| 1120 | dsaret = DSA_SIG_new(); | ||
| 1121 | dsaret->r = r; | ||
| 1122 | dsaret->s = s; | ||
| 1123 | } else { | ||
| 1124 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
| 1125 | BN_free(r); | ||
| 1126 | BN_free(s); | ||
| 1127 | dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); | ||
| 1128 | } | ||
| 1129 | err: | ||
| 1130 | kop.crk_param[0].crp_p = NULL; | ||
| 1131 | zapparams(&kop); | ||
| 1132 | return (dsaret); | ||
| 1133 | } | ||
| 1134 | |||
| 1135 | static int | ||
| 1136 | cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | ||
| 1137 | DSA_SIG *sig, DSA *dsa) | ||
| 1138 | { | ||
| 1139 | struct crypt_kop kop; | ||
| 1140 | int dsaret = 1; | ||
| 1141 | |||
| 1142 | memset(&kop, 0, sizeof kop); | ||
| 1143 | kop.crk_op = CRK_DSA_VERIFY; | ||
| 1144 | |||
| 1145 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
| 1146 | kop.crk_param[0].crp_p = (caddr_t)dgst; | ||
| 1147 | kop.crk_param[0].crp_nbits = dlen * 8; | ||
| 1148 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
| 1149 | goto err; | ||
| 1150 | if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
| 1151 | goto err; | ||
| 1152 | if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
| 1153 | goto err; | ||
| 1154 | if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) | ||
| 1155 | goto err; | ||
| 1156 | if (bn2crparam(sig->r, &kop.crk_param[5])) | ||
| 1157 | goto err; | ||
| 1158 | if (bn2crparam(sig->s, &kop.crk_param[6])) | ||
| 1159 | goto err; | ||
| 1160 | kop.crk_iparams = 7; | ||
| 1161 | |||
| 1162 | if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
| 1163 | dsaret = kop.crk_status; | ||
| 1164 | } else { | ||
| 1165 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
| 1166 | |||
| 1167 | dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); | ||
| 1168 | } | ||
| 1169 | err: | ||
| 1170 | kop.crk_param[0].crp_p = NULL; | ||
| 1171 | zapparams(&kop); | ||
| 1172 | return (dsaret); | ||
| 1173 | } | ||
| 1174 | |||
| 1175 | static DSA_METHOD cryptodev_dsa = { | ||
| 1176 | .name = "cryptodev DSA method" | ||
| 1177 | }; | ||
| 1178 | |||
| 1179 | static int | ||
| 1180 | cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
| 1181 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 1182 | BN_MONT_CTX *m_ctx) | ||
| 1183 | { | ||
| 1184 | return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
| 1185 | } | ||
| 1186 | |||
| 1187 | static int | ||
| 1188 | cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
| 1189 | { | ||
| 1190 | struct crypt_kop kop; | ||
| 1191 | int dhret = 1; | ||
| 1192 | int fd, keylen; | ||
| 1193 | |||
| 1194 | if ((fd = get_asym_dev_crypto()) < 0) { | ||
| 1195 | const DH_METHOD *meth = DH_OpenSSL(); | ||
| 1196 | |||
| 1197 | return ((meth->compute_key)(key, pub_key, dh)); | ||
| 1198 | } | ||
| 1199 | |||
| 1200 | keylen = BN_num_bits(dh->p); | ||
| 1201 | |||
| 1202 | memset(&kop, 0, sizeof kop); | ||
| 1203 | kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
| 1204 | |||
| 1205 | /* inputs: dh->priv_key pub_key dh->p key */ | ||
| 1206 | if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
| 1207 | goto err; | ||
| 1208 | if (bn2crparam(pub_key, &kop.crk_param[1])) | ||
| 1209 | goto err; | ||
| 1210 | if (bn2crparam(dh->p, &kop.crk_param[2])) | ||
| 1211 | goto err; | ||
| 1212 | kop.crk_iparams = 3; | ||
| 1213 | |||
| 1214 | kop.crk_param[3].crp_p = key; | ||
| 1215 | kop.crk_param[3].crp_nbits = keylen * 8; | ||
| 1216 | kop.crk_oparams = 1; | ||
| 1217 | |||
| 1218 | if (ioctl(fd, CIOCKEY, &kop) == -1) { | ||
| 1219 | const DH_METHOD *meth = DH_OpenSSL(); | ||
| 1220 | |||
| 1221 | dhret = (meth->compute_key)(key, pub_key, dh); | ||
| 1222 | } | ||
| 1223 | err: | ||
| 1224 | kop.crk_param[3].crp_p = NULL; | ||
| 1225 | zapparams(&kop); | ||
| 1226 | return (dhret); | ||
| 1227 | } | ||
| 1228 | |||
| 1229 | static DH_METHOD cryptodev_dh = { | ||
| 1230 | .name = "cryptodev DH method" | ||
| 1231 | }; | ||
| 1232 | |||
| 1233 | /* | ||
| 1234 | * ctrl right now is just a wrapper that doesn't do much | ||
| 1235 | * but I expect we'll want some options soon. | ||
| 1236 | */ | ||
| 1237 | static int | ||
| 1238 | cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | ||
| 1239 | { | ||
| 1240 | #ifdef HAVE_SYSLOG_R | ||
| 1241 | struct syslog_data sd = SYSLOG_DATA_INIT; | ||
| 1242 | #endif | ||
| 1243 | |||
| 1244 | switch (cmd) { | ||
| 1245 | default: | ||
| 1246 | #ifdef HAVE_SYSLOG_R | ||
| 1247 | syslog_r(LOG_ERR, &sd, | ||
| 1248 | "cryptodev_ctrl: unknown command %d", cmd); | ||
| 1249 | #else | ||
| 1250 | syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); | ||
| 1251 | #endif | ||
| 1252 | break; | ||
| 1253 | } | ||
| 1254 | return (1); | ||
| 1255 | } | ||
| 1256 | |||
| 1257 | void | ||
| 1258 | ENGINE_load_cryptodev(void) | ||
| 1259 | { | ||
| 1260 | ENGINE *engine = ENGINE_new(); | ||
| 1261 | int fd; | ||
| 1262 | |||
| 1263 | if (engine == NULL) | ||
| 1264 | return; | ||
| 1265 | if ((fd = get_dev_crypto()) < 0) { | ||
| 1266 | ENGINE_free(engine); | ||
| 1267 | return; | ||
| 1268 | } | ||
| 1269 | |||
| 1270 | /* | ||
| 1271 | * find out what asymmetric crypto algorithms we support | ||
| 1272 | */ | ||
| 1273 | if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | ||
| 1274 | close(fd); | ||
| 1275 | ENGINE_free(engine); | ||
| 1276 | return; | ||
| 1277 | } | ||
| 1278 | close(fd); | ||
| 1279 | |||
| 1280 | if (!ENGINE_set_id(engine, "cryptodev") || | ||
| 1281 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | ||
| 1282 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | ||
| 1283 | !ENGINE_set_digests(engine, cryptodev_engine_digests) || | ||
| 1284 | !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || | ||
| 1285 | !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { | ||
| 1286 | ENGINE_free(engine); | ||
| 1287 | return; | ||
| 1288 | } | ||
| 1289 | |||
| 1290 | if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { | ||
| 1291 | const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); | ||
| 1292 | |||
| 1293 | cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; | ||
| 1294 | cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; | ||
| 1295 | cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; | ||
| 1296 | cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; | ||
| 1297 | cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; | ||
| 1298 | cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; | ||
| 1299 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
| 1300 | cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; | ||
| 1301 | if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) | ||
| 1302 | cryptodev_rsa.rsa_mod_exp = | ||
| 1303 | cryptodev_rsa_mod_exp; | ||
| 1304 | else | ||
| 1305 | cryptodev_rsa.rsa_mod_exp = | ||
| 1306 | cryptodev_rsa_nocrt_mod_exp; | ||
| 1307 | } | ||
| 1308 | } | ||
| 1309 | |||
| 1310 | if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { | ||
| 1311 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
| 1312 | |||
| 1313 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | ||
| 1314 | if (cryptodev_asymfeat & CRF_DSA_SIGN) | ||
| 1315 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | ||
| 1316 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
| 1317 | cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; | ||
| 1318 | cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; | ||
| 1319 | } | ||
| 1320 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) | ||
| 1321 | cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | ||
| 1322 | } | ||
| 1323 | |||
| 1324 | if (ENGINE_set_DH(engine, &cryptodev_dh)){ | ||
| 1325 | const DH_METHOD *dh_meth = DH_OpenSSL(); | ||
| 1326 | |||
| 1327 | cryptodev_dh.generate_key = dh_meth->generate_key; | ||
| 1328 | cryptodev_dh.compute_key = dh_meth->compute_key; | ||
| 1329 | cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; | ||
| 1330 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
| 1331 | cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; | ||
| 1332 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) | ||
| 1333 | cryptodev_dh.compute_key = | ||
| 1334 | cryptodev_dh_compute_key; | ||
| 1335 | } | ||
| 1336 | } | ||
| 1337 | |||
| 1338 | ENGINE_add(engine); | ||
| 1339 | ENGINE_free(engine); | ||
| 1340 | ERR_clear_error(); | ||
| 1341 | } | ||
| 1342 | |||
| 1343 | #endif /* HAVE_CRYPTODEV */ | ||
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c index 251a8797df..d87eef3fb9 100644 --- a/src/lib/libssl/src/crypto/evp/c_all.c +++ b/src/lib/libssl/src/crypto/evp/c_all.c | |||
| @@ -73,9 +73,6 @@ OPENSSL_add_all_algorithms_noconf(void) | |||
| 73 | OPENSSL_cpuid_setup(); | 73 | OPENSSL_cpuid_setup(); |
| 74 | OpenSSL_add_all_ciphers(); | 74 | OpenSSL_add_all_ciphers(); |
| 75 | OpenSSL_add_all_digests(); | 75 | OpenSSL_add_all_digests(); |
| 76 | #ifndef OPENSSL_NO_ENGINE | ||
| 77 | ENGINE_setup_bsd_cryptodev(); | ||
| 78 | #endif | ||
| 79 | } | 76 | } |
| 80 | 77 | ||
| 81 | void | 78 | void |