diff options
Diffstat (limited to 'src/lib/libcrypto/engine/hw_cryptodev.c')
| -rw-r--r-- | src/lib/libcrypto/engine/hw_cryptodev.c | 364 |
1 files changed, 290 insertions, 74 deletions
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 3e7fff1c1e..4af40cdfc3 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * Copyright (c) 2002-2004 Theo de Raadt | ||
| 2 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> |
| 3 | * Copyright (c) 2002 Theo de Raadt | ||
| 4 | * Copyright (c) 2002 Markus Friedl | 4 | * Copyright (c) 2002 Markus Friedl |
| 5 | * All rights reserved. | 5 | * All rights reserved. |
| 6 | * | 6 | * |
| @@ -49,11 +49,12 @@ ENGINE_load_cryptodev(void) | |||
| 49 | return; | 49 | return; |
| 50 | } | 50 | } |
| 51 | 51 | ||
| 52 | #else | 52 | #else |
| 53 | 53 | ||
| 54 | #include <sys/types.h> | 54 | #include <sys/types.h> |
| 55 | #include <crypto/cryptodev.h> | 55 | #include <crypto/cryptodev.h> |
| 56 | #include <sys/ioctl.h> | 56 | #include <sys/ioctl.h> |
| 57 | |||
| 57 | #include <errno.h> | 58 | #include <errno.h> |
| 58 | #include <stdio.h> | 59 | #include <stdio.h> |
| 59 | #include <unistd.h> | 60 | #include <unistd.h> |
| @@ -63,19 +64,34 @@ ENGINE_load_cryptodev(void) | |||
| 63 | #include <errno.h> | 64 | #include <errno.h> |
| 64 | #include <string.h> | 65 | #include <string.h> |
| 65 | 66 | ||
| 67 | #ifdef __i386__ | ||
| 68 | #include <sys/sysctl.h> | ||
| 69 | #include <machine/cpu.h> | ||
| 70 | #include <machine/specialreg.h> | ||
| 71 | |||
| 72 | #include <ssl/aes.h> | ||
| 73 | |||
| 74 | static int check_viac3aes(void); | ||
| 75 | #endif | ||
| 76 | |||
| 66 | struct dev_crypto_state { | 77 | struct dev_crypto_state { |
| 67 | struct session_op d_sess; | 78 | struct session_op d_sess; |
| 68 | int d_fd; | 79 | int d_fd; |
| 69 | }; | 80 | }; |
| 70 | 81 | ||
| 82 | struct dev_crypto_cipher { | ||
| 83 | int c_id; | ||
| 84 | int c_nid; | ||
| 85 | int c_ivmax; | ||
| 86 | int c_keylen; | ||
| 87 | }; | ||
| 88 | |||
| 71 | static u_int32_t cryptodev_asymfeat = 0; | 89 | static u_int32_t cryptodev_asymfeat = 0; |
| 72 | 90 | ||
| 73 | static int get_asym_dev_crypto(void); | 91 | static int get_asym_dev_crypto(void); |
| 74 | static int open_dev_crypto(void); | 92 | static int open_dev_crypto(void); |
| 75 | static int get_dev_crypto(void); | 93 | static int get_dev_crypto(void); |
| 76 | static int cryptodev_max_iv(int cipher); | 94 | static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid); |
| 77 | static int cryptodev_key_length_valid(int cipher, int len); | ||
| 78 | static int cipher_nid_to_cryptodev(int nid); | ||
| 79 | static int get_cryptodev_ciphers(const int **cnids); | 95 | static int get_cryptodev_ciphers(const int **cnids); |
| 80 | /*static int get_cryptodev_digests(const int **cnids);*/ | 96 | /*static int get_cryptodev_digests(const int **cnids);*/ |
| 81 | static int cryptodev_usable_ciphers(const int **nids); | 97 | static int cryptodev_usable_ciphers(const int **nids); |
| @@ -98,8 +114,9 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, | |||
| 98 | static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | 114 | static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, |
| 99 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 115 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| 100 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, | 116 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, |
| 101 | RSA *rsa); | 117 | RSA *rsa, BN_CTX *ctx); |
| 102 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | 118 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, |
| 119 | BN_CTX *ctx); | ||
| 103 | static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, | 120 | static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, |
| 104 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 121 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| 105 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | 122 | static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, |
| @@ -122,15 +139,12 @@ static const ENGINE_CMD_DEFN cryptodev_defns[] = { | |||
| 122 | { 0, NULL, NULL, 0 } | 139 | { 0, NULL, NULL, 0 } |
| 123 | }; | 140 | }; |
| 124 | 141 | ||
| 125 | static struct { | 142 | static struct dev_crypto_cipher ciphers[] = { |
| 126 | int id; | ||
| 127 | int nid; | ||
| 128 | int ivmax; | ||
| 129 | int keylen; | ||
| 130 | } ciphers[] = { | ||
| 131 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | 143 | { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, |
| 132 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | 144 | { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, |
| 133 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | 145 | { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, |
| 146 | { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | ||
| 147 | { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | ||
| 134 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | 148 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, |
| 135 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | 149 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, |
| 136 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | 150 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, |
| @@ -153,7 +167,7 @@ static struct { | |||
| 153 | #endif | 167 | #endif |
| 154 | 168 | ||
| 155 | /* | 169 | /* |
| 156 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | 170 | * Return a fd if /dev/crypto seems usable, -1 otherwise. |
| 157 | */ | 171 | */ |
| 158 | static int | 172 | static int |
| 159 | open_dev_crypto(void) | 173 | open_dev_crypto(void) |
| @@ -180,8 +194,10 @@ get_dev_crypto(void) | |||
| 180 | 194 | ||
| 181 | if ((fd = open_dev_crypto()) == -1) | 195 | if ((fd = open_dev_crypto()) == -1) |
| 182 | return (-1); | 196 | return (-1); |
| 183 | if (ioctl(fd, CRIOGET, &retfd) == -1) | 197 | if (ioctl(fd, CRIOGET, &retfd) == -1) { |
| 198 | close(fd); | ||
| 184 | return (-1); | 199 | return (-1); |
| 200 | } | ||
| 185 | 201 | ||
| 186 | /* close on exec */ | 202 | /* close on exec */ |
| 187 | if (fcntl(retfd, F_SETFD, 1) == -1) { | 203 | if (fcntl(retfd, F_SETFD, 1) == -1) { |
| @@ -202,48 +218,16 @@ get_asym_dev_crypto(void) | |||
| 202 | return fd; | 218 | return fd; |
| 203 | } | 219 | } |
| 204 | 220 | ||
| 205 | /* | ||
| 206 | * XXXX this needs to be set for each alg - and determined from | ||
| 207 | * a running card. | ||
| 208 | */ | ||
| 209 | static int | ||
| 210 | cryptodev_max_iv(int cipher) | ||
| 211 | { | ||
| 212 | int i; | ||
| 213 | |||
| 214 | for (i = 0; ciphers[i].id; i++) | ||
| 215 | if (ciphers[i].id == cipher) | ||
| 216 | return (ciphers[i].ivmax); | ||
| 217 | return (0); | ||
| 218 | } | ||
| 219 | |||
| 220 | /* | ||
| 221 | * XXXX this needs to be set for each alg - and determined from | ||
| 222 | * a running card. For now, fake it out - but most of these | ||
| 223 | * for real devices should return 1 for the supported key | ||
| 224 | * sizes the device can handle. | ||
| 225 | */ | ||
| 226 | static int | ||
| 227 | cryptodev_key_length_valid(int cipher, int len) | ||
| 228 | { | ||
| 229 | int i; | ||
| 230 | |||
| 231 | for (i = 0; ciphers[i].id; i++) | ||
| 232 | if (ciphers[i].id == cipher) | ||
| 233 | return (ciphers[i].keylen == len); | ||
| 234 | return (0); | ||
| 235 | } | ||
| 236 | |||
| 237 | /* convert libcrypto nids to cryptodev */ | 221 | /* convert libcrypto nids to cryptodev */ |
| 238 | static int | 222 | static struct dev_crypto_cipher * |
| 239 | cipher_nid_to_cryptodev(int nid) | 223 | cipher_nid_to_cryptodev(int nid) |
| 240 | { | 224 | { |
| 241 | int i; | 225 | int i; |
| 242 | 226 | ||
| 243 | for (i = 0; ciphers[i].id; i++) | 227 | for (i = 0; ciphers[i].c_id; i++) |
| 244 | if (ciphers[i].nid == nid) | 228 | if (ciphers[i].c_nid == nid) |
| 245 | return (ciphers[i].id); | 229 | return (&ciphers[i]); |
| 246 | return (0); | 230 | return (NULL); |
| 247 | } | 231 | } |
| 248 | 232 | ||
| 249 | /* | 233 | /* |
| @@ -266,18 +250,45 @@ get_cryptodev_ciphers(const int **cnids) | |||
| 266 | memset(&sess, 0, sizeof(sess)); | 250 | memset(&sess, 0, sizeof(sess)); |
| 267 | sess.key = (caddr_t)"123456781234567812345678"; | 251 | sess.key = (caddr_t)"123456781234567812345678"; |
| 268 | 252 | ||
| 269 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | 253 | for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) { |
| 270 | if (ciphers[i].nid == NID_undef) | 254 | if (ciphers[i].c_nid == NID_undef) |
| 271 | continue; | 255 | continue; |
| 272 | sess.cipher = ciphers[i].id; | 256 | sess.cipher = ciphers[i].c_id; |
| 273 | sess.keylen = ciphers[i].keylen; | 257 | sess.keylen = ciphers[i].c_keylen; |
| 274 | sess.mac = 0; | 258 | sess.mac = 0; |
| 275 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 259 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && |
| 276 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 260 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) |
| 277 | nids[count++] = ciphers[i].nid; | 261 | nids[count++] = ciphers[i].c_nid; |
| 278 | } | 262 | } |
| 279 | close(fd); | 263 | close(fd); |
| 280 | 264 | ||
| 265 | #if defined(__i386__) | ||
| 266 | /* | ||
| 267 | * On i386, always check for the VIA C3 AES instructions; | ||
| 268 | * even if /dev/crypto is disabled. | ||
| 269 | */ | ||
| 270 | if (check_viac3aes() >= 1) { | ||
| 271 | int have_NID_aes_128_cbc = 0; | ||
| 272 | int have_NID_aes_192_cbc = 0; | ||
| 273 | int have_NID_aes_256_cbc = 0; | ||
| 274 | |||
| 275 | for (i = 0; i < count; i++) { | ||
| 276 | if (nids[i] == NID_aes_128_cbc) | ||
| 277 | have_NID_aes_128_cbc = 1; | ||
| 278 | if (nids[i] == NID_aes_192_cbc) | ||
| 279 | have_NID_aes_192_cbc = 1; | ||
| 280 | if (nids[i] == NID_aes_256_cbc) | ||
| 281 | have_NID_aes_256_cbc = 1; | ||
| 282 | } | ||
| 283 | if (!have_NID_aes_128_cbc) | ||
| 284 | nids[count++] = NID_aes_128_cbc; | ||
| 285 | if (!have_NID_aes_192_cbc) | ||
| 286 | nids[count++] = NID_aes_192_cbc; | ||
| 287 | if (!have_NID_aes_256_cbc) | ||
| 288 | nids[count++] = NID_aes_256_cbc; | ||
| 289 | } | ||
| 290 | #endif | ||
| 291 | |||
| 281 | if (count > 0) | 292 | if (count > 0) |
| 282 | *cnids = nids; | 293 | *cnids = nids; |
| 283 | else | 294 | else |
| @@ -429,15 +440,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 429 | { | 440 | { |
| 430 | struct dev_crypto_state *state = ctx->cipher_data; | 441 | struct dev_crypto_state *state = ctx->cipher_data; |
| 431 | struct session_op *sess = &state->d_sess; | 442 | struct session_op *sess = &state->d_sess; |
| 432 | int cipher; | 443 | struct dev_crypto_cipher *cipher; |
| 433 | 444 | ||
| 434 | if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) | 445 | if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL) |
| 435 | return (0); | 446 | return (0); |
| 436 | 447 | ||
| 437 | if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) | 448 | if (ctx->cipher->iv_len > cipher->c_ivmax) |
| 438 | return (0); | 449 | return (0); |
| 439 | 450 | ||
| 440 | if (!cryptodev_key_length_valid(cipher, ctx->key_len)) | 451 | if (ctx->key_len != cipher->c_keylen) |
| 441 | return (0); | 452 | return (0); |
| 442 | 453 | ||
| 443 | memset(sess, 0, sizeof(struct session_op)); | 454 | memset(sess, 0, sizeof(struct session_op)); |
| @@ -447,7 +458,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 447 | 458 | ||
| 448 | sess->key = (unsigned char *)key; | 459 | sess->key = (unsigned char *)key; |
| 449 | sess->keylen = ctx->key_len; | 460 | sess->keylen = ctx->key_len; |
| 450 | sess->cipher = cipher; | 461 | sess->cipher = cipher->c_id; |
| 451 | 462 | ||
| 452 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | 463 | if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { |
| 453 | close(state->d_fd); | 464 | close(state->d_fd); |
| @@ -552,7 +563,7 @@ const EVP_CIPHER cryptodev_cast_cbc = { | |||
| 552 | NULL | 563 | NULL |
| 553 | }; | 564 | }; |
| 554 | 565 | ||
| 555 | const EVP_CIPHER cryptodev_aes_cbc = { | 566 | EVP_CIPHER cryptodev_aes_128_cbc = { |
| 556 | NID_aes_128_cbc, | 567 | NID_aes_128_cbc, |
| 557 | 16, 16, 16, | 568 | 16, 16, 16, |
| 558 | EVP_CIPH_CBC_MODE, | 569 | EVP_CIPH_CBC_MODE, |
| @@ -565,6 +576,210 @@ const EVP_CIPHER cryptodev_aes_cbc = { | |||
| 565 | NULL | 576 | NULL |
| 566 | }; | 577 | }; |
| 567 | 578 | ||
| 579 | EVP_CIPHER cryptodev_aes_192_cbc = { | ||
| 580 | NID_aes_192_cbc, | ||
| 581 | 16, 24, 16, | ||
| 582 | EVP_CIPH_CBC_MODE, | ||
| 583 | cryptodev_init_key, | ||
| 584 | cryptodev_cipher, | ||
| 585 | cryptodev_cleanup, | ||
| 586 | sizeof(struct dev_crypto_state), | ||
| 587 | EVP_CIPHER_set_asn1_iv, | ||
| 588 | EVP_CIPHER_get_asn1_iv, | ||
| 589 | NULL | ||
| 590 | }; | ||
| 591 | |||
| 592 | EVP_CIPHER cryptodev_aes_256_cbc = { | ||
| 593 | NID_aes_256_cbc, | ||
| 594 | 16, 32, 16, | ||
| 595 | EVP_CIPH_CBC_MODE, | ||
| 596 | cryptodev_init_key, | ||
| 597 | cryptodev_cipher, | ||
| 598 | cryptodev_cleanup, | ||
| 599 | sizeof(struct dev_crypto_state), | ||
| 600 | EVP_CIPHER_set_asn1_iv, | ||
| 601 | EVP_CIPHER_get_asn1_iv, | ||
| 602 | NULL | ||
| 603 | }; | ||
| 604 | |||
| 605 | #if defined(__i386__) | ||
| 606 | |||
| 607 | static inline void | ||
| 608 | viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep, | ||
| 609 | void *iv) | ||
| 610 | { | ||
| 611 | #ifdef notdef | ||
| 612 | printf("cw %x[%x %x %x %x] src %x dst %x key %x rep %x iv %x\n", | ||
| 613 | cw, cw[0], cw[1], cw[2], cw[3], | ||
| 614 | src, dst, key, rep, iv); | ||
| 615 | #endif | ||
| 616 | /* | ||
| 617 | * Clear bit 30 of EFLAGS. | ||
| 618 | */ | ||
| 619 | __asm __volatile("pushfl; popfl"); | ||
| 620 | |||
| 621 | /* | ||
| 622 | * Cannot simply place key into "b" register, since the compiler | ||
| 623 | * -pic mode uses that register; so instead we must dance a little. | ||
| 624 | */ | ||
| 625 | __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcrypt-cbc; popl %%ebx" : | ||
| 626 | : "mr" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst) | ||
| 627 | : "memory", "cc"); | ||
| 628 | } | ||
| 629 | |||
| 630 | #define ISUNALIGNED(x) ((long)(x)) & 15 | ||
| 631 | #define DOALIGN(v) ((void *)(((long)(v) + 15) & ~15)) | ||
| 632 | |||
| 633 | static int | ||
| 634 | xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 635 | const unsigned char *in, unsigned int inl) | ||
| 636 | { | ||
| 637 | unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15]; | ||
| 638 | unsigned char *save_iv = DOALIGN(save_iv_store); | ||
| 639 | unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15]; | ||
| 640 | unsigned char *ivs = DOALIGN(ivs_store); | ||
| 641 | void *iiv, *iv = NULL, *ivp = NULL; | ||
| 642 | const void *usein = in; | ||
| 643 | void *useout = out, *spare; | ||
| 644 | int cws[4 + 3], *cw = DOALIGN(cws); | ||
| 645 | |||
| 646 | if (!inl) | ||
| 647 | return (1); | ||
| 648 | if ((inl % ctx->cipher->block_size) != 0) | ||
| 649 | return (0); | ||
| 650 | |||
| 651 | if (ISUNALIGNED(in) || ISUNALIGNED(out)) { | ||
| 652 | spare = malloc(inl); | ||
| 653 | if (spare == NULL) | ||
| 654 | return (0); | ||
| 655 | |||
| 656 | if (ISUNALIGNED(in)) { | ||
| 657 | bcopy(in, spare, inl); | ||
| 658 | usein = spare; | ||
| 659 | } | ||
| 660 | if (ISUNALIGNED(out)) | ||
| 661 | useout = spare; | ||
| 662 | } | ||
| 663 | |||
| 664 | cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW | | ||
| 665 | C3_CRYPT_CWLO_NORMAL; | ||
| 666 | cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT; | ||
| 667 | cw[1] = cw[2] = cw[3] = 0; | ||
| 668 | |||
| 669 | switch (ctx->key_len * 8) { | ||
| 670 | case 128: | ||
| 671 | cw[0] |= C3_CRYPT_CWLO_KEY128; | ||
| 672 | break; | ||
| 673 | case 192: | ||
| 674 | cw[0] |= C3_CRYPT_CWLO_KEY192; | ||
| 675 | break; | ||
| 676 | case 256: | ||
| 677 | cw[0] |= C3_CRYPT_CWLO_KEY256; | ||
| 678 | break; | ||
| 679 | } | ||
| 680 | |||
| 681 | if (ctx->cipher->iv_len) { | ||
| 682 | iv = (caddr_t) ctx->iv; | ||
| 683 | if (!ctx->encrypt) { | ||
| 684 | iiv = (void *) in + inl - ctx->cipher->iv_len; | ||
| 685 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
| 686 | } | ||
| 687 | } | ||
| 688 | |||
| 689 | ivp = iv; | ||
| 690 | if (ISUNALIGNED(iv)) { | ||
| 691 | bcopy(iv, ivs, ctx->cipher->iv_len); | ||
| 692 | ivp = ivs; | ||
| 693 | } | ||
| 694 | |||
| 695 | viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data, inl / 16, ivp); | ||
| 696 | |||
| 697 | if (ISUNALIGNED(in) || ISUNALIGNED(out)) { | ||
| 698 | if (ISUNALIGNED(out)) | ||
| 699 | bcopy(spare, out, inl); | ||
| 700 | free(spare); | ||
| 701 | } | ||
| 702 | |||
| 703 | if (ivp == ivs) | ||
| 704 | bcopy(ivp, iv, ctx->cipher->iv_len); | ||
| 705 | |||
| 706 | if (ctx->cipher->iv_len) { | ||
| 707 | if (ctx->encrypt) | ||
| 708 | iiv = (void *) out + inl - ctx->cipher->iv_len; | ||
| 709 | else | ||
| 710 | iiv = save_iv; | ||
| 711 | memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | ||
| 712 | } | ||
| 713 | return (1); | ||
| 714 | } | ||
| 715 | |||
| 716 | static int | ||
| 717 | xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 718 | const unsigned char *iv, int enc) | ||
| 719 | { | ||
| 720 | AES_KEY *k = ctx->cipher_data; | ||
| 721 | #ifndef AES_ASM | ||
| 722 | int i; | ||
| 723 | #endif | ||
| 724 | |||
| 725 | bzero(k, sizeof *k); | ||
| 726 | if (enc) | ||
| 727 | AES_set_encrypt_key(key, ctx->key_len * 8, k); | ||
| 728 | else | ||
| 729 | AES_set_decrypt_key(key, ctx->key_len * 8, k); | ||
| 730 | |||
| 731 | #ifndef AES_ASM | ||
| 732 | /* | ||
| 733 | * XXX Damn OpenSSL byte swaps the expanded key!! | ||
| 734 | * | ||
| 735 | * XXX But only if we're using the C implementation of AES | ||
| 736 | */ | ||
| 737 | for (i = 0; i < 4 * (AES_MAXNR + 1); i++) | ||
| 738 | k->rd_key[i] = htonl(k->rd_key[i]); | ||
| 739 | #endif | ||
| 740 | |||
| 741 | return (1); | ||
| 742 | } | ||
| 743 | |||
| 744 | static int | ||
| 745 | xcrypt_cleanup(EVP_CIPHER_CTX *ctx) | ||
| 746 | { | ||
| 747 | bzero(ctx->cipher_data, ctx->cipher->ctx_size); | ||
| 748 | return (1); | ||
| 749 | } | ||
| 750 | |||
| 751 | static int | ||
| 752 | check_viac3aes(void) | ||
| 753 | { | ||
| 754 | int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value; | ||
| 755 | size_t size = sizeof(value); | ||
| 756 | |||
| 757 | if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size, | ||
| 758 | NULL, 0) < 0) | ||
| 759 | return (0); | ||
| 760 | if (value == 0) | ||
| 761 | return (0); | ||
| 762 | |||
| 763 | if (value & C3_HAS_AES) { | ||
| 764 | cryptodev_aes_128_cbc.init = xcrypt_init_key; | ||
| 765 | cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher; | ||
| 766 | cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup; | ||
| 767 | cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY); | ||
| 768 | |||
| 769 | cryptodev_aes_192_cbc.init = xcrypt_init_key; | ||
| 770 | cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher; | ||
| 771 | cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup; | ||
| 772 | cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY); | ||
| 773 | |||
| 774 | cryptodev_aes_256_cbc.init = xcrypt_init_key; | ||
| 775 | cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher; | ||
| 776 | cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup; | ||
| 777 | cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY); | ||
| 778 | } | ||
| 779 | return (value); | ||
| 780 | } | ||
| 781 | #endif /* __i386__ */ | ||
| 782 | |||
| 568 | /* | 783 | /* |
| 569 | * Registered by the ENGINE when used to find out how to deal with | 784 | * Registered by the ENGINE when used to find out how to deal with |
| 570 | * a particular NID in the ENGINE. this says what we'll do at the | 785 | * a particular NID in the ENGINE. this says what we'll do at the |
| @@ -591,7 +806,13 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |||
| 591 | *cipher = &cryptodev_cast_cbc; | 806 | *cipher = &cryptodev_cast_cbc; |
| 592 | break; | 807 | break; |
| 593 | case NID_aes_128_cbc: | 808 | case NID_aes_128_cbc: |
| 594 | *cipher = &cryptodev_aes_cbc; | 809 | *cipher = &cryptodev_aes_128_cbc; |
| 810 | break; | ||
| 811 | case NID_aes_192_cbc: | ||
| 812 | *cipher = &cryptodev_aes_192_cbc; | ||
| 813 | break; | ||
| 814 | case NID_aes_256_cbc: | ||
| 815 | *cipher = &cryptodev_aes_256_cbc; | ||
| 595 | break; | 816 | break; |
| 596 | default: | 817 | default: |
| 597 | *cipher = NULL; | 818 | *cipher = NULL; |
| @@ -758,19 +979,14 @@ err: | |||
| 758 | } | 979 | } |
| 759 | 980 | ||
| 760 | static int | 981 | static int |
| 761 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | 982 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, |
| 983 | BN_CTX *ctx) | ||
| 762 | { | 984 | { |
| 763 | int r; | 985 | return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx); |
| 764 | BN_CTX *ctx; | ||
| 765 | |||
| 766 | ctx = BN_CTX_new(); | ||
| 767 | r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); | ||
| 768 | BN_CTX_free(ctx); | ||
| 769 | return (r); | ||
| 770 | } | 986 | } |
| 771 | 987 | ||
| 772 | static int | 988 | static int |
| 773 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | 989 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
| 774 | { | 990 | { |
| 775 | struct crypt_kop kop; | 991 | struct crypt_kop kop; |
| 776 | int ret = 1; | 992 | int ret = 1; |
| @@ -799,7 +1015,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | |||
| 799 | 1015 | ||
| 800 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { | 1016 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { |
| 801 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | 1017 | const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); |
| 802 | ret = (*meth->rsa_mod_exp)(r0, I, rsa); | 1018 | ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); |
| 803 | } | 1019 | } |
| 804 | err: | 1020 | err: |
| 805 | zapparams(&kop); | 1021 | zapparams(&kop); |