diff options
Diffstat (limited to 'src/lib/libcrypto/engine/hw_cryptodev.c')
| -rw-r--r-- | src/lib/libcrypto/engine/hw_cryptodev.c | 118 |
1 files changed, 60 insertions, 58 deletions
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 21a1c523d4..b502d12b6d 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c | |||
| @@ -68,14 +68,19 @@ struct dev_crypto_state { | |||
| 68 | int d_fd; | 68 | int d_fd; |
| 69 | }; | 69 | }; |
| 70 | 70 | ||
| 71 | struct dev_crypto_cipher { | ||
| 72 | int c_id; | ||
| 73 | int c_nid; | ||
| 74 | int c_ivmax; | ||
| 75 | int c_keylen; | ||
| 76 | }; | ||
| 77 | |||
| 71 | static u_int32_t cryptodev_asymfeat = 0; | 78 | static u_int32_t cryptodev_asymfeat = 0; |
| 72 | 79 | ||
| 73 | static int get_asym_dev_crypto(void); | 80 | static int get_asym_dev_crypto(void); |
| 74 | static int open_dev_crypto(void); | 81 | static int open_dev_crypto(void); |
| 75 | static int get_dev_crypto(void); | 82 | static int get_dev_crypto(void); |
| 76 | static int cryptodev_max_iv(int cipher); | 83 | static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid); |
| 77 | static int cryptodev_key_length_valid(int cipher, int len); | ||
| 78 | static int cipher_nid_to_cryptodev(int nid); | ||
| 79 | static int get_cryptodev_ciphers(const int **cnids); | 84 | static int get_cryptodev_ciphers(const int **cnids); |
| 80 | static int get_cryptodev_digests(const int **cnids); | 85 | static int get_cryptodev_digests(const int **cnids); |
| 81 | static int cryptodev_usable_ciphers(const int **nids); | 86 | static int cryptodev_usable_ciphers(const int **nids); |
| @@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_defns[] = { | |||
| 122 | { 0, NULL, NULL, 0 } | 127 | { 0, NULL, NULL, 0 } |
| 123 | }; | 128 | }; |
| 124 | 129 | ||
| 125 | static struct { | 130 | static struct dev_crypto_cipher ciphers[] = { |
| 126 | int id; | ||
| 127 | int nid; | ||
| 128 | int ivmax; | ||
| 129 | int keylen; | ||
| 130 | } ciphers[] = { | ||
| 131 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | 131 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, |
| 132 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | 132 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, |
| 133 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | 133 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, |
| 134 | { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | ||
| 135 | { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | ||
| 134 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | 136 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, |
| 135 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | 137 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, |
| 136 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | 138 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, |
| @@ -200,48 +202,16 @@ get_asym_dev_crypto(void) | |||
| 200 | return fd; | 202 | return fd; |
| 201 | } | 203 | } |
| 202 | 204 | ||
| 203 | /* | ||
| 204 | * XXXX this needs to be set for each alg - and determined from | ||
| 205 | * a running card. | ||
| 206 | */ | ||
| 207 | static int | ||
| 208 | cryptodev_max_iv(int cipher) | ||
| 209 | { | ||
| 210 | int i; | ||
| 211 | |||
| 212 | for (i = 0; ciphers[i].id; i++) | ||
| 213 | if (ciphers[i].id == cipher) | ||
| 214 | return (ciphers[i].ivmax); | ||
| 215 | return (0); | ||
| 216 | } | ||
| 217 | |||
| 218 | /* | ||
| 219 | * XXXX this needs to be set for each alg - and determined from | ||
| 220 | * a running card. For now, fake it out - but most of these | ||
| 221 | * for real devices should return 1 for the supported key | ||
| 222 | * sizes the device can handle. | ||
| 223 | */ | ||
| 224 | static int | ||
| 225 | cryptodev_key_length_valid(int cipher, int len) | ||
| 226 | { | ||
| 227 | int i; | ||
| 228 | |||
| 229 | for (i = 0; ciphers[i].id; i++) | ||
| 230 | if (ciphers[i].id == cipher) | ||
| 231 | return (ciphers[i].keylen == len); | ||
| 232 | return (0); | ||
| 233 | } | ||
| 234 | |||
| 235 | /* convert libcrypto nids to cryptodev */ | 205 | /* convert libcrypto nids to cryptodev */ |
| 236 | static int | 206 | static struct dev_crypto_cipher * |
| 237 | cipher_nid_to_cryptodev(int nid) | 207 | cipher_nid_to_cryptodev(int nid) |
| 238 | { | 208 | { |
| 239 | int i; | 209 | int i; |
| 240 | 210 | ||
| 241 | for (i = 0; ciphers[i].id; i++) | 211 | for (i = 0; ciphers[i].c_id; i++) |
| 242 | if (ciphers[i].nid == nid) | 212 | if (ciphers[i].c_nid == nid) |
| 243 | return (ciphers[i].id); | 213 | return (&ciphers[i]); |
| 244 | return (0); | 214 | return (NULL); |
| 245 | } | 215 | } |
| 246 | 216 | ||
| 247 | /* | 217 | /* |
| @@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids) | |||
| 264 | memset(&sess, 0, sizeof(sess)); | 234 | memset(&sess, 0, sizeof(sess)); |
| 265 | sess.key = (caddr_t)"123456781234567812345678"; | 235 | sess.key = (caddr_t)"123456781234567812345678"; |
| 266 | 236 | ||
| 267 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | 237 | for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) { |
| 268 | if (ciphers[i].nid == NID_undef) | 238 | if (ciphers[i].c_nid == NID_undef) |
| 269 | continue; | 239 | continue; |
| 270 | sess.cipher = ciphers[i].id; | 240 | sess.cipher = ciphers[i].c_id; |
| 271 | sess.keylen = ciphers[i].keylen; | 241 | sess.keylen = ciphers[i].c_keylen; |
| 272 | sess.mac = 0; | 242 | sess.mac = 0; |
| 273 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 243 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && |
| 274 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 244 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) |
| 275 | nids[count++] = ciphers[i].nid; | 245 | nids[count++] = ciphers[i].c_nid; |
| 276 | } | 246 | } |
| 277 | close(fd); | 247 | close(fd); |
| 278 | 248 | ||
| @@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 425 | { | 395 | { |
| 426 | struct dev_crypto_state *state = ctx->cipher_data; | 396 | struct dev_crypto_state *state = ctx->cipher_data; |
| 427 | struct session_op *sess = &state->d_sess; | 397 | struct session_op *sess = &state->d_sess; |
| 428 | int cipher; | 398 | struct dev_crypto_cipher *cipher; |
| 429 | 399 | ||
| 430 | if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) | 400 | if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL) |
| 431 | return (0); | 401 | return (0); |
| 432 | 402 | ||
| 433 | if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) | 403 | if (ctx->cipher->iv_len > cipher->c_ivmax) |
| 434 | return (0); | 404 | return (0); |
| 435 | 405 | ||
| 436 | if (!cryptodev_key_length_valid(cipher, ctx->key_len)) | 406 | if (ctx->key_len != cipher->c_keylen) |
| 437 | return (0); | 407 | return (0); |
| 438 | 408 | ||
| 439 | memset(sess, 0, sizeof(struct session_op)); | 409 | memset(sess, 0, sizeof(struct session_op)); |
| @@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 443 | 413 | ||
| 444 | sess->key = (unsigned char *)key; | 414 | sess->key = (unsigned char *)key; |
| 445 | sess->keylen = ctx->key_len; | 415 | sess->keylen = ctx->key_len; |
| 446 | sess->cipher = cipher; | 416 | sess->cipher = cipher->c_id; |
| 447 | 417 | ||
| 448 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | 418 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { |
| 449 | close(state->d_fd); | 419 | close(state->d_fd); |
| @@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = { | |||
| 548 | NULL | 518 | NULL |
| 549 | }; | 519 | }; |
| 550 | 520 | ||
| 551 | const EVP_CIPHER cryptodev_aes_cbc = { | 521 | const EVP_CIPHER cryptodev_aes_128_cbc = { |
| 552 | NID_aes_128_cbc, | 522 | NID_aes_128_cbc, |
| 553 | 16, 16, 16, | 523 | 16, 16, 16, |
| 554 | EVP_CIPH_CBC_MODE, | 524 | EVP_CIPH_CBC_MODE, |
| @@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = { | |||
| 561 | NULL | 531 | NULL |
| 562 | }; | 532 | }; |
| 563 | 533 | ||
| 534 | const EVP_CIPHER cryptodev_aes_192_cbc = { | ||
| 535 | NID_aes_192_cbc, | ||
| 536 | 16, 24, 16, | ||
| 537 | EVP_CIPH_CBC_MODE, | ||
| 538 | cryptodev_init_key, | ||
| 539 | cryptodev_cipher, | ||
| 540 | cryptodev_cleanup, | ||
| 541 | sizeof(struct dev_crypto_state), | ||
| 542 | EVP_CIPHER_set_asn1_iv, | ||
| 543 | EVP_CIPHER_get_asn1_iv, | ||
| 544 | NULL | ||
| 545 | }; | ||
| 546 | |||
| 547 | const EVP_CIPHER cryptodev_aes_256_cbc = { | ||
| 548 | NID_aes_256_cbc, | ||
| 549 | 16, 32, 16, | ||
| 550 | EVP_CIPH_CBC_MODE, | ||
| 551 | cryptodev_init_key, | ||
| 552 | cryptodev_cipher, | ||
| 553 | cryptodev_cleanup, | ||
| 554 | sizeof(struct dev_crypto_state), | ||
| 555 | EVP_CIPHER_set_asn1_iv, | ||
| 556 | EVP_CIPHER_get_asn1_iv, | ||
| 557 | NULL | ||
| 558 | }; | ||
| 559 | |||
| 564 | /* | 560 | /* |
| 565 | * Registered by the ENGINE when used to find out how to deal with | 561 | * Registered by the ENGINE when used to find out how to deal with |
| 566 | * a particular NID in the ENGINE. this says what we'll do at the | 562 | * a particular NID in the ENGINE. this says what we'll do at the |
| @@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |||
| 587 | *cipher = &cryptodev_cast_cbc; | 583 | *cipher = &cryptodev_cast_cbc; |
| 588 | break; | 584 | break; |
| 589 | case NID_aes_128_cbc: | 585 | case NID_aes_128_cbc: |
| 590 | *cipher = &cryptodev_aes_cbc; | 586 | *cipher = &cryptodev_aes_128_cbc; |
| 587 | break; | ||
| 588 | case NID_aes_192_cbc: | ||
| 589 | *cipher = &cryptodev_aes_192_cbc; | ||
| 590 | break; | ||
| 591 | case NID_aes_256_cbc: | ||
| 592 | *cipher = &cryptodev_aes_256_cbc; | ||
| 591 | break; | 593 | break; |
| 592 | default: | 594 | default: |
| 593 | *cipher = NULL; | 595 | *cipher = NULL; |