OLD | NEW |
1 /* | 1 /* |
2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | 2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org> |
3 * Copyright (c) 2002 Theo de Raadt | 3 * Copyright (c) 2002 Theo de Raadt |
4 * Copyright (c) 2002 Markus Friedl | 4 * Copyright (c) 2002 Markus Friedl |
5 * All rights reserved. | 5 * All rights reserved. |
6 * | 6 * |
7 * Redistribution and use in source and binary forms, with or without | 7 * Redistribution and use in source and binary forms, with or without |
8 * modification, are permitted provided that the following conditions | 8 * modification, are permitted provided that the following conditions |
9 * are met: | 9 * are met: |
10 * 1. Redistributions of source code must retain the above copyright | 10 * 1. Redistributions of source code must retain the above copyright |
(...skipping 12 matching lines...) Expand all Loading... |
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 * | 26 * |
27 */ | 27 */ |
28 | 28 |
29 #include <openssl/objects.h> | 29 #include <openssl/objects.h> |
30 #include <openssl/engine.h> | 30 #include <openssl/engine.h> |
31 #include <openssl/evp.h> | 31 #include <openssl/evp.h> |
32 #include <openssl/bn.h> | 32 #include <openssl/bn.h> |
33 #include <openssl/dsa.h> | |
34 #include <openssl/rsa.h> | |
35 #include <openssl/dh.h> | |
36 #include <openssl/err.h> | |
37 | 33 |
38 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ | 34 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ |
39 (defined(OpenBSD) || defined(__FreeBSD__)) | 35 (defined(OpenBSD) || defined(__FreeBSD__)) |
40 #include <sys/param.h> | 36 #include <sys/param.h> |
41 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version <
500000) || __FreeBSD_version >= 500041) | 37 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version <
500000) || __FreeBSD_version >= 500041) |
42 # define HAVE_CRYPTODEV | 38 # define HAVE_CRYPTODEV |
43 # endif | 39 # endif |
44 # if (OpenBSD >= 200110) | 40 # if (OpenBSD >= 200110) |
45 # define HAVE_SYSLOG_R | 41 # define HAVE_SYSLOG_R |
46 # endif | 42 # endif |
47 #endif | 43 #endif |
48 | 44 |
49 #ifndef HAVE_CRYPTODEV | 45 #ifndef HAVE_CRYPTODEV |
50 | 46 |
51 void | 47 void |
52 ENGINE_load_cryptodev(void) | 48 ENGINE_load_cryptodev(void) |
53 { | 49 { |
54 /* This is a NOP on platforms without /dev/crypto */ | 50 /* This is a NOP on platforms without /dev/crypto */ |
55 return; | 51 return; |
56 } | 52 } |
57 | 53 |
58 #else | 54 #else |
59 | 55 |
60 #include <sys/types.h> | 56 #include <sys/types.h> |
61 #include <crypto/cryptodev.h> | 57 #include <crypto/cryptodev.h> |
| 58 #include <crypto/dh/dh.h> |
| 59 #include <crypto/dsa/dsa.h> |
| 60 #include <crypto/err/err.h> |
| 61 #include <crypto/rsa/rsa.h> |
62 #include <sys/ioctl.h> | 62 #include <sys/ioctl.h> |
63 #include <errno.h> | 63 #include <errno.h> |
64 #include <stdio.h> | 64 #include <stdio.h> |
65 #include <unistd.h> | 65 #include <unistd.h> |
66 #include <fcntl.h> | 66 #include <fcntl.h> |
67 #include <stdarg.h> | 67 #include <stdarg.h> |
68 #include <syslog.h> | 68 #include <syslog.h> |
69 #include <errno.h> | 69 #include <errno.h> |
70 #include <string.h> | 70 #include <string.h> |
71 | 71 |
72 struct dev_crypto_state { | 72 struct dev_crypto_state { |
73 struct session_op d_sess; | 73 struct session_op d_sess; |
74 int d_fd; | 74 int d_fd; |
| 75 |
| 76 #ifdef USE_CRYPTODEV_DIGESTS |
| 77 char dummy_mac_key[HASH_MAX_LEN]; |
| 78 |
| 79 unsigned char digest_res[HASH_MAX_LEN]; |
| 80 char *mac_data; |
| 81 int mac_len; |
| 82 |
| 83 int copy; |
| 84 #endif |
75 }; | 85 }; |
76 | 86 |
77 static u_int32_t cryptodev_asymfeat = 0; | 87 static u_int32_t cryptodev_asymfeat = 0; |
78 | 88 |
79 static int get_asym_dev_crypto(void); | 89 static int get_asym_dev_crypto(void); |
80 static int open_dev_crypto(void); | 90 static int open_dev_crypto(void); |
81 static int get_dev_crypto(void); | 91 static int get_dev_crypto(void); |
82 static int cryptodev_max_iv(int cipher); | |
83 static int cryptodev_key_length_valid(int cipher, int len); | |
84 static int cipher_nid_to_cryptodev(int nid); | |
85 static int get_cryptodev_ciphers(const int **cnids); | 92 static int get_cryptodev_ciphers(const int **cnids); |
86 /*static int get_cryptodev_digests(const int **cnids);*/ | 93 #ifdef USE_CRYPTODEV_DIGESTS |
| 94 static int get_cryptodev_digests(const int **cnids); |
| 95 #endif |
87 static int cryptodev_usable_ciphers(const int **nids); | 96 static int cryptodev_usable_ciphers(const int **nids); |
88 static int cryptodev_usable_digests(const int **nids); | 97 static int cryptodev_usable_digests(const int **nids); |
89 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 98 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
90 const unsigned char *in, unsigned int inl); | 99 const unsigned char *in, size_t inl); |
91 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 100 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
92 const unsigned char *iv, int enc); | 101 const unsigned char *iv, int enc); |
93 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | 102 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); |
94 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | 103 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
95 const int **nids, int nid); | 104 const int **nids, int nid); |
96 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | 105 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, |
97 const int **nids, int nid); | 106 const int **nids, int nid); |
98 static int bn2crparam(const BIGNUM *a, struct crparam *crp); | 107 static int bn2crparam(const BIGNUM *a, struct crparam *crp); |
99 static int crparam2bn(struct crparam *crp, BIGNUM *a); | 108 static int crparam2bn(struct crparam *crp, BIGNUM *a); |
100 static void zapparams(struct crypt_kop *kop); | 109 static void zapparams(struct crypt_kop *kop); |
(...skipping 13 matching lines...) Expand all Loading... |
114 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | 123 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, |
115 int dlen, DSA *dsa); | 124 int dlen, DSA *dsa); |
116 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | 125 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, |
117 DSA_SIG *sig, DSA *dsa); | 126 DSA_SIG *sig, DSA *dsa); |
118 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | 127 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, |
119 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | 128 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, |
120 BN_MONT_CTX *m_ctx); | 129 BN_MONT_CTX *m_ctx); |
121 static int cryptodev_dh_compute_key(unsigned char *key, | 130 static int cryptodev_dh_compute_key(unsigned char *key, |
122 const BIGNUM *pub_key, DH *dh); | 131 const BIGNUM *pub_key, DH *dh); |
123 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | 132 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, |
124 void (*f)()); | 133 void (*f)(void)); |
125 void ENGINE_load_cryptodev(void); | 134 void ENGINE_load_cryptodev(void); |
126 | 135 |
127 static const ENGINE_CMD_DEFN cryptodev_defns[] = { | 136 static const ENGINE_CMD_DEFN cryptodev_defns[] = { |
128 { 0, NULL, NULL, 0 } | 137 { 0, NULL, NULL, 0 } |
129 }; | 138 }; |
130 | 139 |
131 static struct { | 140 static struct { |
132 int id; | 141 int id; |
133 int nid; | 142 int nid; |
134 int ivmax; | 143 int ivmax; |
135 int keylen; | 144 int keylen; |
136 } ciphers[] = { | 145 } ciphers[] = { |
| 146 { CRYPTO_ARC4, NID_rc4, 0, 16, }, |
137 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | 147 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, |
138 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | 148 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, |
139 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | 149 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, |
| 150 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, |
| 151 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, |
140 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | 152 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, |
141 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | 153 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, |
142 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | 154 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, |
143 { 0, NID_undef, 0, 0, }, | 155 { 0, NID_undef, 0, 0, }, |
144 }; | 156 }; |
145 | 157 |
146 #if 0 | 158 #ifdef USE_CRYPTODEV_DIGESTS |
147 static struct { | 159 static struct { |
148 int id; | 160 int id; |
149 int nid; | 161 int nid; |
| 162 int keylen; |
150 } digests[] = { | 163 } digests[] = { |
151 » { CRYPTO_SHA1_HMAC,» » NID_hmacWithSHA1,» }, | 164 » { CRYPTO_MD5_HMAC,» » NID_hmacWithMD5,» 16}, |
152 » { CRYPTO_RIPEMD160_HMAC,» NID_ripemd160,» » }, | 165 » { CRYPTO_SHA1_HMAC,» » NID_hmacWithSHA1,» 20}, |
153 » { CRYPTO_MD5_KPDK,» » NID_undef,» » }, | 166 » { CRYPTO_RIPEMD160_HMAC,» NID_ripemd160,» » 16/*?*/}, |
154 » { CRYPTO_SHA1_KPDK,» » NID_undef,» » }, | 167 » { CRYPTO_MD5_KPDK,» » NID_undef,» » 0}, |
155 » { CRYPTO_MD5,» » » NID_md5,» » }, | 168 » { CRYPTO_SHA1_KPDK,» » NID_undef,» » 0}, |
156 » { CRYPTO_SHA1,» » » NID_undef,» » }, | 169 » { CRYPTO_MD5,» » » NID_md5,» » 16}, |
157 » { 0,» » » » NID_undef,» » }, | 170 » { CRYPTO_SHA1,» » » NID_sha1,» » 20}, |
| 171 » { 0,» » » » NID_undef,» » 0}, |
158 }; | 172 }; |
159 #endif | 173 #endif |
160 | 174 |
161 /* | 175 /* |
162 * Return a fd if /dev/crypto seems usable, 0 otherwise. | 176 * Return a fd if /dev/crypto seems usable, 0 otherwise. |
163 */ | 177 */ |
164 static int | 178 static int |
165 open_dev_crypto(void) | 179 open_dev_crypto(void) |
166 { | 180 { |
167 static int fd = -1; | 181 static int fd = -1; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
202 get_asym_dev_crypto(void) | 216 get_asym_dev_crypto(void) |
203 { | 217 { |
204 static int fd = -1; | 218 static int fd = -1; |
205 | 219 |
206 if (fd == -1) | 220 if (fd == -1) |
207 fd = get_dev_crypto(); | 221 fd = get_dev_crypto(); |
208 return fd; | 222 return fd; |
209 } | 223 } |
210 | 224 |
211 /* | 225 /* |
212 * XXXX this needs to be set for each alg - and determined from | |
213 * a running card. | |
214 */ | |
215 static int | |
216 cryptodev_max_iv(int cipher) | |
217 { | |
218 int i; | |
219 | |
220 for (i = 0; ciphers[i].id; i++) | |
221 if (ciphers[i].id == cipher) | |
222 return (ciphers[i].ivmax); | |
223 return (0); | |
224 } | |
225 | |
226 /* | |
227 * XXXX this needs to be set for each alg - and determined from | |
228 * a running card. For now, fake it out - but most of these | |
229 * for real devices should return 1 for the supported key | |
230 * sizes the device can handle. | |
231 */ | |
232 static int | |
233 cryptodev_key_length_valid(int cipher, int len) | |
234 { | |
235 int i; | |
236 | |
237 for (i = 0; ciphers[i].id; i++) | |
238 if (ciphers[i].id == cipher) | |
239 return (ciphers[i].keylen == len); | |
240 return (0); | |
241 } | |
242 | |
243 /* convert libcrypto nids to cryptodev */ | |
244 static int | |
245 cipher_nid_to_cryptodev(int nid) | |
246 { | |
247 int i; | |
248 | |
249 for (i = 0; ciphers[i].id; i++) | |
250 if (ciphers[i].nid == nid) | |
251 return (ciphers[i].id); | |
252 return (0); | |
253 } | |
254 | |
255 /* | |
256 * Find out what ciphers /dev/crypto will let us have a session for. | 226 * Find out what ciphers /dev/crypto will let us have a session for. |
257 * XXX note, that some of these openssl doesn't deal with yet! | 227 * XXX note, that some of these openssl doesn't deal with yet! |
258 * returning them here is harmless, as long as we return NULL | 228 * returning them here is harmless, as long as we return NULL |
259 * when asked for a handler in the cryptodev_engine_ciphers routine | 229 * when asked for a handler in the cryptodev_engine_ciphers routine |
260 */ | 230 */ |
261 static int | 231 static int |
262 get_cryptodev_ciphers(const int **cnids) | 232 get_cryptodev_ciphers(const int **cnids) |
263 { | 233 { |
264 static int nids[CRYPTO_ALGORITHM_MAX]; | 234 static int nids[CRYPTO_ALGORITHM_MAX]; |
265 struct session_op sess; | 235 struct session_op sess; |
266 int fd, i, count = 0; | 236 int fd, i, count = 0; |
267 | 237 |
268 if ((fd = get_dev_crypto()) < 0) { | 238 if ((fd = get_dev_crypto()) < 0) { |
269 *cnids = NULL; | 239 *cnids = NULL; |
270 return (0); | 240 return (0); |
271 } | 241 } |
272 memset(&sess, 0, sizeof(sess)); | 242 memset(&sess, 0, sizeof(sess)); |
273 » sess.key = (caddr_t)"123456781234567812345678"; | 243 » sess.key = (caddr_t)"123456789abcdefghijklmno"; |
274 | 244 |
275 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | 245 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { |
276 if (ciphers[i].nid == NID_undef) | 246 if (ciphers[i].nid == NID_undef) |
277 continue; | 247 continue; |
278 sess.cipher = ciphers[i].id; | 248 sess.cipher = ciphers[i].id; |
279 sess.keylen = ciphers[i].keylen; | 249 sess.keylen = ciphers[i].keylen; |
280 sess.mac = 0; | 250 sess.mac = 0; |
281 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 251 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && |
282 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 252 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) |
283 nids[count++] = ciphers[i].nid; | 253 nids[count++] = ciphers[i].nid; |
284 } | 254 } |
285 close(fd); | 255 close(fd); |
286 | 256 |
287 if (count > 0) | 257 if (count > 0) |
288 *cnids = nids; | 258 *cnids = nids; |
289 else | 259 else |
290 *cnids = NULL; | 260 *cnids = NULL; |
291 return (count); | 261 return (count); |
292 } | 262 } |
293 | 263 |
294 #if 0 /* unused */ | 264 #ifdef USE_CRYPTODEV_DIGESTS |
295 /* | 265 /* |
296 * Find out what digests /dev/crypto will let us have a session for. | 266 * Find out what digests /dev/crypto will let us have a session for. |
297 * XXX note, that some of these openssl doesn't deal with yet! | 267 * XXX note, that some of these openssl doesn't deal with yet! |
298 * returning them here is harmless, as long as we return NULL | 268 * returning them here is harmless, as long as we return NULL |
299 * when asked for a handler in the cryptodev_engine_digests routine | 269 * when asked for a handler in the cryptodev_engine_digests routine |
300 */ | 270 */ |
301 static int | 271 static int |
302 get_cryptodev_digests(const int **cnids) | 272 get_cryptodev_digests(const int **cnids) |
303 { | 273 { |
304 static int nids[CRYPTO_ALGORITHM_MAX]; | 274 static int nids[CRYPTO_ALGORITHM_MAX]; |
305 struct session_op sess; | 275 struct session_op sess; |
306 int fd, i, count = 0; | 276 int fd, i, count = 0; |
307 | 277 |
308 if ((fd = get_dev_crypto()) < 0) { | 278 if ((fd = get_dev_crypto()) < 0) { |
309 *cnids = NULL; | 279 *cnids = NULL; |
310 return (0); | 280 return (0); |
311 } | 281 } |
312 memset(&sess, 0, sizeof(sess)); | 282 memset(&sess, 0, sizeof(sess)); |
| 283 sess.mackey = (caddr_t)"123456789abcdefghijklmno"; |
313 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | 284 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { |
314 if (digests[i].nid == NID_undef) | 285 if (digests[i].nid == NID_undef) |
315 continue; | 286 continue; |
316 sess.mac = digests[i].id; | 287 sess.mac = digests[i].id; |
| 288 sess.mackeylen = digests[i].keylen; |
317 sess.cipher = 0; | 289 sess.cipher = 0; |
318 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 290 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && |
319 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 291 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) |
320 nids[count++] = digests[i].nid; | 292 nids[count++] = digests[i].nid; |
321 } | 293 } |
322 close(fd); | 294 close(fd); |
323 | 295 |
324 if (count > 0) | 296 if (count > 0) |
325 *cnids = nids; | 297 *cnids = nids; |
326 else | 298 else |
327 *cnids = NULL; | 299 *cnids = NULL; |
328 return (count); | 300 return (count); |
329 } | 301 } |
330 | 302 #endif /* 0 */ |
331 #endif | |
332 | 303 |
333 /* | 304 /* |
334 * Find the useable ciphers|digests from dev/crypto - this is the first | 305 * Find the useable ciphers|digests from dev/crypto - this is the first |
335 * thing called by the engine init crud which determines what it | 306 * thing called by the engine init crud which determines what it |
336 * can use for ciphers from this engine. We want to return | 307 * can use for ciphers from this engine. We want to return |
337 * only what we can do, anythine else is handled by software. | 308 * only what we can do, anythine else is handled by software. |
338 * | 309 * |
339 * If we can't initialize the device to do anything useful for | 310 * If we can't initialize the device to do anything useful for |
340 * any reason, we want to return a NULL array, and 0 length, | 311 * any reason, we want to return a NULL array, and 0 length, |
341 * which forces everything to be done is software. By putting | 312 * which forces everything to be done is software. By putting |
(...skipping 11 matching lines...) Expand all Loading... |
353 */ | 324 */ |
354 static int | 325 static int |
355 cryptodev_usable_ciphers(const int **nids) | 326 cryptodev_usable_ciphers(const int **nids) |
356 { | 327 { |
357 return (get_cryptodev_ciphers(nids)); | 328 return (get_cryptodev_ciphers(nids)); |
358 } | 329 } |
359 | 330 |
360 static int | 331 static int |
361 cryptodev_usable_digests(const int **nids) | 332 cryptodev_usable_digests(const int **nids) |
362 { | 333 { |
| 334 #ifdef USE_CRYPTODEV_DIGESTS |
| 335 return (get_cryptodev_digests(nids)); |
| 336 #else |
363 /* | 337 /* |
364 * XXXX just disable all digests for now, because it sucks. | 338 * XXXX just disable all digests for now, because it sucks. |
365 * we need a better way to decide this - i.e. I may not | 339 * we need a better way to decide this - i.e. I may not |
366 * want digests on slow cards like hifn on fast machines, | 340 * want digests on slow cards like hifn on fast machines, |
367 * but might want them on slow or loaded machines, etc. | 341 * but might want them on slow or loaded machines, etc. |
368 * will also want them when using crypto cards that don't | 342 * will also want them when using crypto cards that don't |
369 * suck moose gonads - would be nice to be able to decide something | 343 * suck moose gonads - would be nice to be able to decide something |
370 * as reasonable default without having hackery that's card dependent. | 344 * as reasonable default without having hackery that's card dependent. |
371 * of course, the default should probably be just do everything, | 345 * of course, the default should probably be just do everything, |
372 * with perhaps a sysctl to turn algoritms off (or have them off | 346 * with perhaps a sysctl to turn algoritms off (or have them off |
373 * by default) on cards that generally suck like the hifn. | 347 * by default) on cards that generally suck like the hifn. |
374 */ | 348 */ |
375 *nids = NULL; | 349 *nids = NULL; |
376 return (0); | 350 return (0); |
| 351 #endif |
377 } | 352 } |
378 | 353 |
379 static int | 354 static int |
380 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 355 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
381 const unsigned char *in, unsigned int inl) | 356 const unsigned char *in, size_t inl) |
382 { | 357 { |
383 struct crypt_op cryp; | 358 struct crypt_op cryp; |
384 struct dev_crypto_state *state = ctx->cipher_data; | 359 struct dev_crypto_state *state = ctx->cipher_data; |
385 struct session_op *sess = &state->d_sess; | 360 struct session_op *sess = &state->d_sess; |
386 const void *iiv; | 361 const void *iiv; |
387 unsigned char save_iv[EVP_MAX_IV_LENGTH]; | 362 unsigned char save_iv[EVP_MAX_IV_LENGTH]; |
388 | 363 |
389 if (state->d_fd < 0) | 364 if (state->d_fd < 0) |
390 return (0); | 365 return (0); |
391 if (!inl) | 366 if (!inl) |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
429 } | 404 } |
430 return (1); | 405 return (1); |
431 } | 406 } |
432 | 407 |
433 static int | 408 static int |
434 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 409 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
435 const unsigned char *iv, int enc) | 410 const unsigned char *iv, int enc) |
436 { | 411 { |
437 struct dev_crypto_state *state = ctx->cipher_data; | 412 struct dev_crypto_state *state = ctx->cipher_data; |
438 struct session_op *sess = &state->d_sess; | 413 struct session_op *sess = &state->d_sess; |
439 » int cipher; | 414 » int cipher = -1, i; |
440 | 415 |
441 » if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) | 416 » for (i = 0; ciphers[i].id; i++) |
| 417 » » if (ctx->cipher->nid == ciphers[i].nid && |
| 418 » » ctx->cipher->iv_len <= ciphers[i].ivmax && |
| 419 » » ctx->key_len == ciphers[i].keylen) { |
| 420 » » » cipher = ciphers[i].id; |
| 421 » » » break; |
| 422 » » } |
| 423 |
| 424 » if (!ciphers[i].id) { |
| 425 » » state->d_fd = -1; |
442 return (0); | 426 return (0); |
443 | 427 » } |
444 » if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) | |
445 » » return (0); | |
446 | |
447 » if (!cryptodev_key_length_valid(cipher, ctx->key_len)) | |
448 » » return (0); | |
449 | 428 |
450 memset(sess, 0, sizeof(struct session_op)); | 429 memset(sess, 0, sizeof(struct session_op)); |
451 | 430 |
452 if ((state->d_fd = get_dev_crypto()) < 0) | 431 if ((state->d_fd = get_dev_crypto()) < 0) |
453 return (0); | 432 return (0); |
454 | 433 |
455 » sess->key = (char *)key; | 434 » sess->key = (caddr_t)key; |
456 sess->keylen = ctx->key_len; | 435 sess->keylen = ctx->key_len; |
457 sess->cipher = cipher; | 436 sess->cipher = cipher; |
458 | 437 |
459 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | 438 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { |
460 close(state->d_fd); | 439 close(state->d_fd); |
461 state->d_fd = -1; | 440 state->d_fd = -1; |
462 return (0); | 441 return (0); |
463 } | 442 } |
464 return (1); | 443 return (1); |
465 } | 444 } |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
498 state->d_fd = -1; | 477 state->d_fd = -1; |
499 | 478 |
500 return (ret); | 479 return (ret); |
501 } | 480 } |
502 | 481 |
503 /* | 482 /* |
504 * libcrypto EVP stuff - this is how we get wired to EVP so the engine | 483 * libcrypto EVP stuff - this is how we get wired to EVP so the engine |
505 * gets called when libcrypto requests a cipher NID. | 484 * gets called when libcrypto requests a cipher NID. |
506 */ | 485 */ |
507 | 486 |
| 487 /* RC4 */ |
| 488 const EVP_CIPHER cryptodev_rc4 = { |
| 489 NID_rc4, |
| 490 1, 16, 0, |
| 491 EVP_CIPH_VARIABLE_LENGTH, |
| 492 cryptodev_init_key, |
| 493 cryptodev_cipher, |
| 494 cryptodev_cleanup, |
| 495 sizeof(struct dev_crypto_state), |
| 496 NULL, |
| 497 NULL, |
| 498 NULL |
| 499 }; |
| 500 |
508 /* DES CBC EVP */ | 501 /* DES CBC EVP */ |
509 const EVP_CIPHER cryptodev_des_cbc = { | 502 const EVP_CIPHER cryptodev_des_cbc = { |
510 NID_des_cbc, | 503 NID_des_cbc, |
511 8, 8, 8, | 504 8, 8, 8, |
512 EVP_CIPH_CBC_MODE, | 505 EVP_CIPH_CBC_MODE, |
513 cryptodev_init_key, | 506 cryptodev_init_key, |
514 cryptodev_cipher, | 507 cryptodev_cipher, |
515 cryptodev_cleanup, | 508 cryptodev_cleanup, |
516 sizeof(struct dev_crypto_state), | 509 sizeof(struct dev_crypto_state), |
517 EVP_CIPHER_set_asn1_iv, | 510 EVP_CIPHER_set_asn1_iv, |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
565 EVP_CIPH_CBC_MODE, | 558 EVP_CIPH_CBC_MODE, |
566 cryptodev_init_key, | 559 cryptodev_init_key, |
567 cryptodev_cipher, | 560 cryptodev_cipher, |
568 cryptodev_cleanup, | 561 cryptodev_cleanup, |
569 sizeof(struct dev_crypto_state), | 562 sizeof(struct dev_crypto_state), |
570 EVP_CIPHER_set_asn1_iv, | 563 EVP_CIPHER_set_asn1_iv, |
571 EVP_CIPHER_get_asn1_iv, | 564 EVP_CIPHER_get_asn1_iv, |
572 NULL | 565 NULL |
573 }; | 566 }; |
574 | 567 |
| 568 const EVP_CIPHER cryptodev_aes_192_cbc = { |
| 569 NID_aes_192_cbc, |
| 570 16, 24, 16, |
| 571 EVP_CIPH_CBC_MODE, |
| 572 cryptodev_init_key, |
| 573 cryptodev_cipher, |
| 574 cryptodev_cleanup, |
| 575 sizeof(struct dev_crypto_state), |
| 576 EVP_CIPHER_set_asn1_iv, |
| 577 EVP_CIPHER_get_asn1_iv, |
| 578 NULL |
| 579 }; |
| 580 |
| 581 const EVP_CIPHER cryptodev_aes_256_cbc = { |
| 582 NID_aes_256_cbc, |
| 583 16, 32, 16, |
| 584 EVP_CIPH_CBC_MODE, |
| 585 cryptodev_init_key, |
| 586 cryptodev_cipher, |
| 587 cryptodev_cleanup, |
| 588 sizeof(struct dev_crypto_state), |
| 589 EVP_CIPHER_set_asn1_iv, |
| 590 EVP_CIPHER_get_asn1_iv, |
| 591 NULL |
| 592 }; |
| 593 |
575 /* | 594 /* |
576 * Registered by the ENGINE when used to find out how to deal with | 595 * Registered by the ENGINE when used to find out how to deal with |
577 * a particular NID in the ENGINE. this says what we'll do at the | 596 * a particular NID in the ENGINE. this says what we'll do at the |
578 * top level - note, that list is restricted by what we answer with | 597 * top level - note, that list is restricted by what we answer with |
579 */ | 598 */ |
580 static int | 599 static int |
581 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | 600 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
582 const int **nids, int nid) | 601 const int **nids, int nid) |
583 { | 602 { |
584 if (!cipher) | 603 if (!cipher) |
585 return (cryptodev_usable_ciphers(nids)); | 604 return (cryptodev_usable_ciphers(nids)); |
586 | 605 |
587 switch (nid) { | 606 switch (nid) { |
| 607 case NID_rc4: |
| 608 *cipher = &cryptodev_rc4; |
| 609 break; |
588 case NID_des_ede3_cbc: | 610 case NID_des_ede3_cbc: |
589 *cipher = &cryptodev_3des_cbc; | 611 *cipher = &cryptodev_3des_cbc; |
590 break; | 612 break; |
591 case NID_des_cbc: | 613 case NID_des_cbc: |
592 *cipher = &cryptodev_des_cbc; | 614 *cipher = &cryptodev_des_cbc; |
593 break; | 615 break; |
594 case NID_bf_cbc: | 616 case NID_bf_cbc: |
595 *cipher = &cryptodev_bf_cbc; | 617 *cipher = &cryptodev_bf_cbc; |
596 break; | 618 break; |
597 case NID_cast5_cbc: | 619 case NID_cast5_cbc: |
598 *cipher = &cryptodev_cast_cbc; | 620 *cipher = &cryptodev_cast_cbc; |
599 break; | 621 break; |
600 case NID_aes_128_cbc: | 622 case NID_aes_128_cbc: |
601 *cipher = &cryptodev_aes_cbc; | 623 *cipher = &cryptodev_aes_cbc; |
602 break; | 624 break; |
| 625 case NID_aes_192_cbc: |
| 626 *cipher = &cryptodev_aes_192_cbc; |
| 627 break; |
| 628 case NID_aes_256_cbc: |
| 629 *cipher = &cryptodev_aes_256_cbc; |
| 630 break; |
603 default: | 631 default: |
604 *cipher = NULL; | 632 *cipher = NULL; |
605 break; | 633 break; |
606 } | 634 } |
607 return (*cipher != NULL); | 635 return (*cipher != NULL); |
608 } | 636 } |
609 | 637 |
| 638 |
| 639 #ifdef USE_CRYPTODEV_DIGESTS |
| 640 |
| 641 /* convert digest type to cryptodev */ |
| 642 static int |
| 643 digest_nid_to_cryptodev(int nid) |
| 644 { |
| 645 int i; |
| 646 |
| 647 for (i = 0; digests[i].id; i++) |
| 648 if (digests[i].nid == nid) |
| 649 return (digests[i].id); |
| 650 return (0); |
| 651 } |
| 652 |
| 653 |
| 654 static int |
| 655 digest_key_length(int nid) |
| 656 { |
| 657 int i; |
| 658 |
| 659 for (i = 0; digests[i].id; i++) |
| 660 if (digests[i].nid == nid) |
| 661 return digests[i].keylen; |
| 662 return (0); |
| 663 } |
| 664 |
| 665 |
| 666 static int cryptodev_digest_init(EVP_MD_CTX *ctx) |
| 667 { |
| 668 struct dev_crypto_state *state = ctx->md_data; |
| 669 struct session_op *sess = &state->d_sess; |
| 670 int digest; |
| 671 |
| 672 if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ |
| 673 printf("cryptodev_digest_init: Can't get digest \n"); |
| 674 return (0); |
| 675 } |
| 676 |
| 677 memset(state, 0, sizeof(struct dev_crypto_state)); |
| 678 |
| 679 if ((state->d_fd = get_dev_crypto()) < 0) { |
| 680 printf("cryptodev_digest_init: Can't get Dev \n"); |
| 681 return (0); |
| 682 } |
| 683 |
| 684 sess->mackey = state->dummy_mac_key; |
| 685 sess->mackeylen = digest_key_length(ctx->digest->type); |
| 686 sess->mac = digest; |
| 687 |
| 688 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { |
| 689 close(state->d_fd); |
| 690 state->d_fd = -1; |
| 691 printf("cryptodev_digest_init: Open session failed\n"); |
| 692 return (0); |
| 693 } |
| 694 |
| 695 return (1); |
| 696 } |
| 697 |
| 698 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, |
| 699 size_t count) |
| 700 { |
| 701 struct crypt_op cryp; |
| 702 struct dev_crypto_state *state = ctx->md_data; |
| 703 struct session_op *sess = &state->d_sess; |
| 704 |
| 705 if (!data || state->d_fd < 0) { |
| 706 printf("cryptodev_digest_update: illegal inputs \n"); |
| 707 return (0); |
| 708 } |
| 709 |
| 710 if (!count) { |
| 711 return (0); |
| 712 } |
| 713 |
| 714 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { |
| 715 /* if application doesn't support one buffer */ |
| 716 state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_le
n + count); |
| 717 |
| 718 if (!state->mac_data) { |
| 719 printf("cryptodev_digest_update: realloc failed\n"); |
| 720 return (0); |
| 721 } |
| 722 |
| 723 memcpy(state->mac_data + state->mac_len, data, count); |
| 724 state->mac_len += count; |
| 725 |
| 726 return (1); |
| 727 } |
| 728 |
| 729 memset(&cryp, 0, sizeof(cryp)); |
| 730 |
| 731 cryp.ses = sess->ses; |
| 732 cryp.flags = 0; |
| 733 cryp.len = count; |
| 734 cryp.src = (caddr_t) data; |
| 735 cryp.dst = NULL; |
| 736 cryp.mac = (caddr_t) state->digest_res; |
| 737 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { |
| 738 printf("cryptodev_digest_update: digest failed\n"); |
| 739 return (0); |
| 740 } |
| 741 return (1); |
| 742 } |
| 743 |
| 744 |
| 745 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) |
| 746 { |
| 747 struct crypt_op cryp; |
| 748 struct dev_crypto_state *state = ctx->md_data; |
| 749 struct session_op *sess = &state->d_sess; |
| 750 |
| 751 int ret = 1; |
| 752 |
| 753 if (!md || state->d_fd < 0) { |
| 754 printf("cryptodev_digest_final: illegal input\n"); |
| 755 return(0); |
| 756 } |
| 757 |
| 758 if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { |
| 759 /* if application doesn't support one buffer */ |
| 760 memset(&cryp, 0, sizeof(cryp)); |
| 761 |
| 762 cryp.ses = sess->ses; |
| 763 cryp.flags = 0; |
| 764 cryp.len = state->mac_len; |
| 765 cryp.src = state->mac_data; |
| 766 cryp.dst = NULL; |
| 767 cryp.mac = (caddr_t)md; |
| 768 |
| 769 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { |
| 770 printf("cryptodev_digest_final: digest failed\n"); |
| 771 return (0); |
| 772 } |
| 773 |
| 774 return 1; |
| 775 } |
| 776 |
| 777 memcpy(md, state->digest_res, ctx->digest->md_size); |
| 778 |
| 779 return (ret); |
| 780 } |
| 781 |
| 782 |
| 783 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) |
| 784 { |
| 785 int ret = 1; |
| 786 struct dev_crypto_state *state = ctx->md_data; |
| 787 struct session_op *sess = &state->d_sess; |
| 788 |
| 789 if (state->d_fd < 0) { |
| 790 printf("cryptodev_digest_cleanup: illegal input\n"); |
| 791 return (0); |
| 792 } |
| 793 |
| 794 if (state->mac_data) { |
| 795 OPENSSL_free(state->mac_data); |
| 796 state->mac_data = NULL; |
| 797 state->mac_len = 0; |
| 798 } |
| 799 |
| 800 if (state->copy) |
| 801 return 1; |
| 802 |
| 803 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { |
| 804 printf("cryptodev_digest_cleanup: failed to close session\n"); |
| 805 ret = 0; |
| 806 } else { |
| 807 ret = 1; |
| 808 } |
| 809 close(state->d_fd); |
| 810 state->d_fd = -1; |
| 811 |
| 812 return (ret); |
| 813 } |
| 814 |
| 815 static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) |
| 816 { |
| 817 struct dev_crypto_state *fstate = from->md_data; |
| 818 struct dev_crypto_state *dstate = to->md_data; |
| 819 |
| 820 memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); |
| 821 |
| 822 if (fstate->mac_len != 0) { |
| 823 dstate->mac_data = OPENSSL_malloc(fstate->mac_len); |
| 824 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); |
| 825 } |
| 826 |
| 827 dstate->copy = 1; |
| 828 |
| 829 return 1; |
| 830 } |
| 831 |
| 832 |
| 833 const EVP_MD cryptodev_sha1 = { |
| 834 NID_sha1, |
| 835 NID_undef, |
| 836 SHA_DIGEST_LENGTH, |
| 837 EVP_MD_FLAG_ONESHOT, |
| 838 cryptodev_digest_init, |
| 839 cryptodev_digest_update, |
| 840 cryptodev_digest_final, |
| 841 cryptodev_digest_copy, |
| 842 cryptodev_digest_cleanup, |
| 843 EVP_PKEY_NULL_method, |
| 844 SHA_CBLOCK, |
| 845 sizeof(struct dev_crypto_state), |
| 846 }; |
| 847 |
| 848 const EVP_MD cryptodev_md5 = { |
| 849 NID_md5, |
| 850 NID_undef, |
| 851 16 /* MD5_DIGEST_LENGTH */, |
| 852 EVP_MD_FLAG_ONESHOT, |
| 853 cryptodev_digest_init, |
| 854 cryptodev_digest_update, |
| 855 cryptodev_digest_final, |
| 856 cryptodev_digest_copy, |
| 857 cryptodev_digest_cleanup, |
| 858 EVP_PKEY_NULL_method, |
| 859 64 /* MD5_CBLOCK */, |
| 860 sizeof(struct dev_crypto_state), |
| 861 }; |
| 862 |
| 863 #endif /* USE_CRYPTODEV_DIGESTS */ |
| 864 |
| 865 |
610 static int | 866 static int |
611 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | 867 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, |
612 const int **nids, int nid) | 868 const int **nids, int nid) |
613 { | 869 { |
614 if (!digest) | 870 if (!digest) |
615 return (cryptodev_usable_digests(nids)); | 871 return (cryptodev_usable_digests(nids)); |
616 | 872 |
617 switch (nid) { | 873 switch (nid) { |
| 874 #ifdef USE_CRYPTODEV_DIGESTS |
618 case NID_md5: | 875 case NID_md5: |
619 » » *digest = NULL; /* need to make a clean md5 critter */ | 876 » » *digest = &cryptodev_md5; |
620 break; | 877 break; |
| 878 case NID_sha1: |
| 879 *digest = &cryptodev_sha1; |
| 880 break; |
621 default: | 881 default: |
| 882 #endif /* USE_CRYPTODEV_DIGESTS */ |
622 *digest = NULL; | 883 *digest = NULL; |
623 break; | 884 break; |
624 } | 885 } |
625 return (*digest != NULL); | 886 return (*digest != NULL); |
626 } | 887 } |
627 | 888 |
628 /* | 889 /* |
629 * Convert a BIGNUM to the representation that /dev/crypto needs. | 890 * Convert a BIGNUM to the representation that /dev/crypto needs. |
630 * Upon completion of use, the caller is responsible for freeing | 891 * Upon completion of use, the caller is responsible for freeing |
631 * crp->crp_p. | 892 * crp->crp_p. |
632 */ | 893 */ |
633 static int | 894 static int |
634 bn2crparam(const BIGNUM *a, struct crparam *crp) | 895 bn2crparam(const BIGNUM *a, struct crparam *crp) |
635 { | 896 { |
636 int i, j, k; | 897 int i, j, k; |
637 ssize_t bytes, bits; | 898 ssize_t bytes, bits; |
638 u_char *b; | 899 u_char *b; |
639 | 900 |
640 crp->crp_p = NULL; | 901 crp->crp_p = NULL; |
641 crp->crp_nbits = 0; | 902 crp->crp_nbits = 0; |
642 | 903 |
643 bits = BN_num_bits(a); | 904 bits = BN_num_bits(a); |
644 bytes = (bits + 7) / 8; | 905 bytes = (bits + 7) / 8; |
645 | 906 |
646 b = malloc(bytes); | 907 b = malloc(bytes); |
647 if (b == NULL) | 908 if (b == NULL) |
648 return (1); | 909 return (1); |
| 910 memset(b, 0, bytes); |
649 | 911 |
650 » crp->crp_p = (char *)b; | 912 » crp->crp_p = (caddr_t) b; |
651 crp->crp_nbits = bits; | 913 crp->crp_nbits = bits; |
652 | 914 |
653 for (i = 0, j = 0; i < a->top; i++) { | 915 for (i = 0, j = 0; i < a->top; i++) { |
654 for (k = 0; k < BN_BITS2 / 8; k++) { | 916 for (k = 0; k < BN_BITS2 / 8; k++) { |
655 if ((j + k) >= bytes) | 917 if ((j + k) >= bytes) |
656 return (0); | 918 return (0); |
657 b[j + k] = a->d[i] >> (k * 8); | 919 b[j + k] = a->d[i] >> (k * 8); |
658 } | 920 } |
659 j += BN_BITS2 / 8; | 921 j += BN_BITS2 / 8; |
660 } | 922 } |
(...skipping 22 matching lines...) Expand all Loading... |
683 free(pd); | 945 free(pd); |
684 | 946 |
685 return (0); | 947 return (0); |
686 } | 948 } |
687 | 949 |
688 static void | 950 static void |
689 zapparams(struct crypt_kop *kop) | 951 zapparams(struct crypt_kop *kop) |
690 { | 952 { |
691 int i; | 953 int i; |
692 | 954 |
693 » for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { | 955 » for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { |
694 if (kop->crk_param[i].crp_p) | 956 if (kop->crk_param[i].crp_p) |
695 free(kop->crk_param[i].crp_p); | 957 free(kop->crk_param[i].crp_p); |
696 kop->crk_param[i].crp_p = NULL; | 958 kop->crk_param[i].crp_p = NULL; |
697 kop->crk_param[i].crp_nbits = 0; | 959 kop->crk_param[i].crp_nbits = 0; |
698 } | 960 } |
699 } | 961 } |
700 | 962 |
701 static int | 963 static int |
702 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | 964 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) |
703 { | 965 { |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
769 | 1031 |
770 err: | 1032 err: |
771 zapparams(&kop); | 1033 zapparams(&kop); |
772 return (ret); | 1034 return (ret); |
773 } | 1035 } |
774 | 1036 |
775 static int | 1037 static int |
776 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | 1038 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
777 { | 1039 { |
778 int r; | 1040 int r; |
779 | 1041 » ctx = BN_CTX_new(); |
780 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); | 1042 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); |
| 1043 BN_CTX_free(ctx); |
781 return (r); | 1044 return (r); |
782 } | 1045 } |
783 | 1046 |
784 static int | 1047 static int |
785 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | 1048 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
786 { | 1049 { |
787 struct crypt_kop kop; | 1050 struct crypt_kop kop; |
788 int ret = 1; | 1051 int ret = 1; |
789 | 1052 |
790 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | 1053 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1010 | 1273 |
1011 /* inputs: dh->priv_key pub_key dh->p key */ | 1274 /* inputs: dh->priv_key pub_key dh->p key */ |
1012 if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | 1275 if (bn2crparam(dh->priv_key, &kop.crk_param[0])) |
1013 goto err; | 1276 goto err; |
1014 if (bn2crparam(pub_key, &kop.crk_param[1])) | 1277 if (bn2crparam(pub_key, &kop.crk_param[1])) |
1015 goto err; | 1278 goto err; |
1016 if (bn2crparam(dh->p, &kop.crk_param[2])) | 1279 if (bn2crparam(dh->p, &kop.crk_param[2])) |
1017 goto err; | 1280 goto err; |
1018 kop.crk_iparams = 3; | 1281 kop.crk_iparams = 3; |
1019 | 1282 |
1020 » kop.crk_param[3].crp_p = (char *)key; | 1283 » kop.crk_param[3].crp_p = (caddr_t) key; |
1021 kop.crk_param[3].crp_nbits = keylen * 8; | 1284 kop.crk_param[3].crp_nbits = keylen * 8; |
1022 kop.crk_oparams = 1; | 1285 kop.crk_oparams = 1; |
1023 | 1286 |
1024 if (ioctl(fd, CIOCKEY, &kop) == -1) { | 1287 if (ioctl(fd, CIOCKEY, &kop) == -1) { |
1025 const DH_METHOD *meth = DH_OpenSSL(); | 1288 const DH_METHOD *meth = DH_OpenSSL(); |
1026 | 1289 |
1027 dhret = (meth->compute_key)(key, pub_key, dh); | 1290 dhret = (meth->compute_key)(key, pub_key, dh); |
1028 } | 1291 } |
1029 err: | 1292 err: |
1030 kop.crk_param[3].crp_p = NULL; | 1293 kop.crk_param[3].crp_p = NULL; |
(...skipping 10 matching lines...) Expand all Loading... |
1041 NULL, | 1304 NULL, |
1042 0, /* flags */ | 1305 0, /* flags */ |
1043 NULL /* app_data */ | 1306 NULL /* app_data */ |
1044 }; | 1307 }; |
1045 | 1308 |
1046 /* | 1309 /* |
1047 * ctrl right now is just a wrapper that doesn't do much | 1310 * ctrl right now is just a wrapper that doesn't do much |
1048 * but I expect we'll want some options soon. | 1311 * but I expect we'll want some options soon. |
1049 */ | 1312 */ |
1050 static int | 1313 static int |
1051 cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | 1314 cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) |
1052 { | 1315 { |
1053 #ifdef HAVE_SYSLOG_R | 1316 #ifdef HAVE_SYSLOG_R |
1054 struct syslog_data sd = SYSLOG_DATA_INIT; | 1317 struct syslog_data sd = SYSLOG_DATA_INIT; |
1055 #endif | 1318 #endif |
1056 | 1319 |
1057 switch (cmd) { | 1320 switch (cmd) { |
1058 default: | 1321 default: |
1059 #ifdef HAVE_SYSLOG_R | 1322 #ifdef HAVE_SYSLOG_R |
1060 syslog_r(LOG_ERR, &sd, | 1323 syslog_r(LOG_ERR, &sd, |
1061 "cryptodev_ctrl: unknown command %d", cmd); | 1324 "cryptodev_ctrl: unknown command %d", cmd); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1147 cryptodev_dh_compute_key; | 1410 cryptodev_dh_compute_key; |
1148 } | 1411 } |
1149 } | 1412 } |
1150 | 1413 |
1151 ENGINE_add(engine); | 1414 ENGINE_add(engine); |
1152 ENGINE_free(engine); | 1415 ENGINE_free(engine); |
1153 ERR_clear_error(); | 1416 ERR_clear_error(); |
1154 } | 1417 } |
1155 | 1418 |
1156 #endif /* HAVE_CRYPTODEV */ | 1419 #endif /* HAVE_CRYPTODEV */ |
OLD | NEW |