OLD | NEW |
| (Empty) |
1 /* | |
2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | |
3 * Copyright (c) 2002 Theo de Raadt | |
4 * Copyright (c) 2002 Markus Friedl | |
5 * All rights reserved. | |
6 * | |
7 * Redistribution and use in source and binary forms, with or without | |
8 * modification, are permitted provided that the following conditions | |
9 * are met: | |
10 * 1. Redistributions of source code must retain the above copyright | |
11 * notice, this list of conditions and the following disclaimer. | |
12 * 2. Redistributions in binary form must reproduce the above copyright | |
13 * notice, this list of conditions and the following disclaimer in the | |
14 * documentation and/or other materials provided with the distribution. | |
15 * | |
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY | |
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY | |
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
26 * | |
27 */ | |
28 | |
29 #include <openssl/objects.h> | |
30 #include <openssl/engine.h> | |
31 #include <openssl/evp.h> | |
32 #include <openssl/bn.h> | |
33 | |
34 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ | |
35 (defined(OpenBSD) || defined(__FreeBSD__)) | |
36 #include <sys/param.h> | |
37 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version <
500000) || __FreeBSD_version >= 500041) | |
38 # define HAVE_CRYPTODEV | |
39 # endif | |
40 # if (OpenBSD >= 200110) | |
41 # define HAVE_SYSLOG_R | |
42 # endif | |
43 #endif | |
44 | |
45 #ifndef HAVE_CRYPTODEV | |
46 | |
47 void | |
48 ENGINE_load_cryptodev(void) | |
49 { | |
50 /* This is a NOP on platforms without /dev/crypto */ | |
51 return; | |
52 } | |
53 | |
54 #else | |
55 | |
56 #include <sys/types.h> | |
57 #include <crypto/cryptodev.h> | |
58 #include <crypto/dh/dh.h> | |
59 #include <crypto/dsa/dsa.h> | |
60 #include <crypto/err/err.h> | |
61 #include <crypto/rsa/rsa.h> | |
62 #include <sys/ioctl.h> | |
63 #include <errno.h> | |
64 #include <stdio.h> | |
65 #include <unistd.h> | |
66 #include <fcntl.h> | |
67 #include <stdarg.h> | |
68 #include <syslog.h> | |
69 #include <errno.h> | |
70 #include <string.h> | |
71 | |
72 struct dev_crypto_state { | |
73 struct session_op d_sess; | |
74 int d_fd; | |
75 | |
76 #ifdef USE_CRYPTODEV_DIGESTS | |
77 char dummy_mac_key[HASH_MAX_LEN]; | |
78 | |
79 unsigned char digest_res[HASH_MAX_LEN]; | |
80 char *mac_data; | |
81 int mac_len; | |
82 #endif | |
83 }; | |
84 | |
85 static u_int32_t cryptodev_asymfeat = 0; | |
86 | |
87 static int get_asym_dev_crypto(void); | |
88 static int open_dev_crypto(void); | |
89 static int get_dev_crypto(void); | |
90 static int get_cryptodev_ciphers(const int **cnids); | |
91 #ifdef USE_CRYPTODEV_DIGESTS | |
92 static int get_cryptodev_digests(const int **cnids); | |
93 #endif | |
94 static int cryptodev_usable_ciphers(const int **nids); | |
95 static int cryptodev_usable_digests(const int **nids); | |
96 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
97 const unsigned char *in, size_t inl); | |
98 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
99 const unsigned char *iv, int enc); | |
100 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); | |
101 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
102 const int **nids, int nid); | |
103 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | |
104 const int **nids, int nid); | |
105 static int bn2crparam(const BIGNUM *a, struct crparam *crp); | |
106 static int crparam2bn(struct crparam *crp, BIGNUM *a); | |
107 static void zapparams(struct crypt_kop *kop); | |
108 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, | |
109 int slen, BIGNUM *s); | |
110 | |
111 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | |
112 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | |
113 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, | |
114 RSA *rsa, BN_CTX *ctx); | |
115 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *
ctx); | |
116 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, | |
117 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | |
118 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | |
119 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | |
120 BN_CTX *ctx, BN_MONT_CTX *mont); | |
121 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | |
122 int dlen, DSA *dsa); | |
123 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | |
124 DSA_SIG *sig, DSA *dsa); | |
125 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | |
126 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
127 BN_MONT_CTX *m_ctx); | |
128 static int cryptodev_dh_compute_key(unsigned char *key, | |
129 const BIGNUM *pub_key, DH *dh); | |
130 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | |
131 void (*f)(void)); | |
132 void ENGINE_load_cryptodev(void); | |
133 | |
134 static const ENGINE_CMD_DEFN cryptodev_defns[] = { | |
135 { 0, NULL, NULL, 0 } | |
136 }; | |
137 | |
138 static struct { | |
139 int id; | |
140 int nid; | |
141 int ivmax; | |
142 int keylen; | |
143 } ciphers[] = { | |
144 { CRYPTO_ARC4, NID_rc4, 0, 16, }, | |
145 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | |
146 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | |
147 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | |
148 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | |
149 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | |
150 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | |
151 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | |
152 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | |
153 { 0, NID_undef, 0, 0, }, | |
154 }; | |
155 | |
156 #ifdef USE_CRYPTODEV_DIGESTS | |
157 static struct { | |
158 int id; | |
159 int nid; | |
160 int keylen; | |
161 } digests[] = { | |
162 { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, | |
163 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, | |
164 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, | |
165 { CRYPTO_MD5_KPDK, NID_undef, 0}, | |
166 { CRYPTO_SHA1_KPDK, NID_undef, 0}, | |
167 { CRYPTO_MD5, NID_md5, 16}, | |
168 { CRYPTO_SHA1, NID_sha1, 20}, | |
169 { 0, NID_undef, 0}, | |
170 }; | |
171 #endif | |
172 | |
173 /* | |
174 * Return a fd if /dev/crypto seems usable, 0 otherwise. | |
175 */ | |
176 static int | |
177 open_dev_crypto(void) | |
178 { | |
179 static int fd = -1; | |
180 | |
181 if (fd == -1) { | |
182 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | |
183 return (-1); | |
184 /* close on exec */ | |
185 if (fcntl(fd, F_SETFD, 1) == -1) { | |
186 close(fd); | |
187 fd = -1; | |
188 return (-1); | |
189 } | |
190 } | |
191 return (fd); | |
192 } | |
193 | |
194 static int | |
195 get_dev_crypto(void) | |
196 { | |
197 int fd, retfd; | |
198 | |
199 if ((fd = open_dev_crypto()) == -1) | |
200 return (-1); | |
201 #ifndef CRIOGET_NOT_NEEDED | |
202 if (ioctl(fd, CRIOGET, &retfd) == -1) | |
203 return (-1); | |
204 | |
205 /* close on exec */ | |
206 if (fcntl(retfd, F_SETFD, 1) == -1) { | |
207 close(retfd); | |
208 return (-1); | |
209 } | |
210 #else | |
211 retfd = fd; | |
212 #endif | |
213 return (retfd); | |
214 } | |
215 | |
216 static void put_dev_crypto(int fd) | |
217 { | |
218 #ifndef CRIOGET_NOT_NEEDED | |
219 close(fd); | |
220 #endif | |
221 } | |
222 | |
223 /* Caching version for asym operations */ | |
224 static int | |
225 get_asym_dev_crypto(void) | |
226 { | |
227 static int fd = -1; | |
228 | |
229 if (fd == -1) | |
230 fd = get_dev_crypto(); | |
231 return fd; | |
232 } | |
233 | |
234 /* | |
235 * Find out what ciphers /dev/crypto will let us have a session for. | |
236 * XXX note, that some of these openssl doesn't deal with yet! | |
237 * returning them here is harmless, as long as we return NULL | |
238 * when asked for a handler in the cryptodev_engine_ciphers routine | |
239 */ | |
240 static int | |
241 get_cryptodev_ciphers(const int **cnids) | |
242 { | |
243 static int nids[CRYPTO_ALGORITHM_MAX]; | |
244 struct session_op sess; | |
245 int fd, i, count = 0; | |
246 | |
247 if ((fd = get_dev_crypto()) < 0) { | |
248 *cnids = NULL; | |
249 return (0); | |
250 } | |
251 memset(&sess, 0, sizeof(sess)); | |
252 sess.key = (caddr_t)"123456789abcdefghijklmno"; | |
253 | |
254 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
255 if (ciphers[i].nid == NID_undef) | |
256 continue; | |
257 sess.cipher = ciphers[i].id; | |
258 sess.keylen = ciphers[i].keylen; | |
259 sess.mac = 0; | |
260 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
261 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
262 nids[count++] = ciphers[i].nid; | |
263 } | |
264 put_dev_crypto(fd); | |
265 | |
266 if (count > 0) | |
267 *cnids = nids; | |
268 else | |
269 *cnids = NULL; | |
270 return (count); | |
271 } | |
272 | |
273 #ifdef USE_CRYPTODEV_DIGESTS | |
274 /* | |
275 * Find out what digests /dev/crypto will let us have a session for. | |
276 * XXX note, that some of these openssl doesn't deal with yet! | |
277 * returning them here is harmless, as long as we return NULL | |
278 * when asked for a handler in the cryptodev_engine_digests routine | |
279 */ | |
280 static int | |
281 get_cryptodev_digests(const int **cnids) | |
282 { | |
283 static int nids[CRYPTO_ALGORITHM_MAX]; | |
284 struct session_op sess; | |
285 int fd, i, count = 0; | |
286 | |
287 if ((fd = get_dev_crypto()) < 0) { | |
288 *cnids = NULL; | |
289 return (0); | |
290 } | |
291 memset(&sess, 0, sizeof(sess)); | |
292 sess.mackey = (caddr_t)"123456789abcdefghijklmno"; | |
293 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
294 if (digests[i].nid == NID_undef) | |
295 continue; | |
296 sess.mac = digests[i].id; | |
297 sess.mackeylen = digests[i].keylen; | |
298 sess.cipher = 0; | |
299 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
300 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
301 nids[count++] = digests[i].nid; | |
302 } | |
303 put_dev_crypto(fd); | |
304 | |
305 if (count > 0) | |
306 *cnids = nids; | |
307 else | |
308 *cnids = NULL; | |
309 return (count); | |
310 } | |
311 #endif /* 0 */ | |
312 | |
313 /* | |
314 * Find the useable ciphers|digests from dev/crypto - this is the first | |
315 * thing called by the engine init crud which determines what it | |
316 * can use for ciphers from this engine. We want to return | |
317 * only what we can do, anythine else is handled by software. | |
318 * | |
319 * If we can't initialize the device to do anything useful for | |
320 * any reason, we want to return a NULL array, and 0 length, | |
321 * which forces everything to be done is software. By putting | |
322 * the initalization of the device in here, we ensure we can | |
323 * use this engine as the default, and if for whatever reason | |
324 * /dev/crypto won't do what we want it will just be done in | |
325 * software | |
326 * | |
327 * This can (should) be greatly expanded to perhaps take into | |
328 * account speed of the device, and what we want to do. | |
329 * (although the disabling of particular alg's could be controlled | |
330 * by the device driver with sysctl's.) - this is where we | |
331 * want most of the decisions made about what we actually want | |
332 * to use from /dev/crypto. | |
333 */ | |
334 static int | |
335 cryptodev_usable_ciphers(const int **nids) | |
336 { | |
337 return (get_cryptodev_ciphers(nids)); | |
338 } | |
339 | |
340 static int | |
341 cryptodev_usable_digests(const int **nids) | |
342 { | |
343 #ifdef USE_CRYPTODEV_DIGESTS | |
344 return (get_cryptodev_digests(nids)); | |
345 #else | |
346 /* | |
347 * XXXX just disable all digests for now, because it sucks. | |
348 * we need a better way to decide this - i.e. I may not | |
349 * want digests on slow cards like hifn on fast machines, | |
350 * but might want them on slow or loaded machines, etc. | |
351 * will also want them when using crypto cards that don't | |
352 * suck moose gonads - would be nice to be able to decide something | |
353 * as reasonable default without having hackery that's card dependent. | |
354 * of course, the default should probably be just do everything, | |
355 * with perhaps a sysctl to turn algoritms off (or have them off | |
356 * by default) on cards that generally suck like the hifn. | |
357 */ | |
358 *nids = NULL; | |
359 return (0); | |
360 #endif | |
361 } | |
362 | |
363 static int | |
364 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
365 const unsigned char *in, size_t inl) | |
366 { | |
367 struct crypt_op cryp; | |
368 struct dev_crypto_state *state = ctx->cipher_data; | |
369 struct session_op *sess = &state->d_sess; | |
370 const void *iiv; | |
371 unsigned char save_iv[EVP_MAX_IV_LENGTH]; | |
372 | |
373 if (state->d_fd < 0) | |
374 return (0); | |
375 if (!inl) | |
376 return (1); | |
377 if ((inl % ctx->cipher->block_size) != 0) | |
378 return (0); | |
379 | |
380 memset(&cryp, 0, sizeof(cryp)); | |
381 | |
382 cryp.ses = sess->ses; | |
383 cryp.flags = 0; | |
384 cryp.len = inl; | |
385 cryp.src = (caddr_t) in; | |
386 cryp.dst = (caddr_t) out; | |
387 cryp.mac = 0; | |
388 | |
389 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | |
390 | |
391 if (ctx->cipher->iv_len) { | |
392 cryp.iv = (caddr_t) ctx->iv; | |
393 if (!ctx->encrypt) { | |
394 iiv = in + inl - ctx->cipher->iv_len; | |
395 memcpy(save_iv, iiv, ctx->cipher->iv_len); | |
396 } | |
397 } else | |
398 cryp.iv = NULL; | |
399 | |
400 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { | |
401 /* XXX need better errror handling | |
402 * this can fail for a number of different reasons. | |
403 */ | |
404 return (0); | |
405 } | |
406 | |
407 if (ctx->cipher->iv_len) { | |
408 if (ctx->encrypt) | |
409 iiv = out + inl - ctx->cipher->iv_len; | |
410 else | |
411 iiv = save_iv; | |
412 memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | |
413 } | |
414 return (1); | |
415 } | |
416 | |
417 static int | |
418 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
419 const unsigned char *iv, int enc) | |
420 { | |
421 struct dev_crypto_state *state = ctx->cipher_data; | |
422 struct session_op *sess = &state->d_sess; | |
423 int cipher = -1, i; | |
424 | |
425 for (i = 0; ciphers[i].id; i++) | |
426 if (ctx->cipher->nid == ciphers[i].nid && | |
427 ctx->cipher->iv_len <= ciphers[i].ivmax && | |
428 ctx->key_len == ciphers[i].keylen) { | |
429 cipher = ciphers[i].id; | |
430 break; | |
431 } | |
432 | |
433 if (!ciphers[i].id) { | |
434 state->d_fd = -1; | |
435 return (0); | |
436 } | |
437 | |
438 memset(sess, 0, sizeof(struct session_op)); | |
439 | |
440 if ((state->d_fd = get_dev_crypto()) < 0) | |
441 return (0); | |
442 | |
443 sess->key = (caddr_t)key; | |
444 sess->keylen = ctx->key_len; | |
445 sess->cipher = cipher; | |
446 | |
447 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | |
448 put_dev_crypto(state->d_fd); | |
449 state->d_fd = -1; | |
450 return (0); | |
451 } | |
452 return (1); | |
453 } | |
454 | |
455 /* | |
456 * free anything we allocated earlier when initting a | |
457 * session, and close the session. | |
458 */ | |
459 static int | |
460 cryptodev_cleanup(EVP_CIPHER_CTX *ctx) | |
461 { | |
462 int ret = 0; | |
463 struct dev_crypto_state *state = ctx->cipher_data; | |
464 struct session_op *sess = &state->d_sess; | |
465 | |
466 if (state->d_fd < 0) | |
467 return (0); | |
468 | |
469 /* XXX if this ioctl fails, someting's wrong. the invoker | |
470 * may have called us with a bogus ctx, or we could | |
471 * have a device that for whatever reason just doesn't | |
472 * want to play ball - it's not clear what's right | |
473 * here - should this be an error? should it just | |
474 * increase a counter, hmm. For right now, we return | |
475 * 0 - I don't believe that to be "right". we could | |
476 * call the gorpy openssl lib error handlers that | |
477 * print messages to users of the library. hmm.. | |
478 */ | |
479 | |
480 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { | |
481 ret = 0; | |
482 } else { | |
483 ret = 1; | |
484 } | |
485 put_dev_crypto(state->d_fd); | |
486 state->d_fd = -1; | |
487 | |
488 return (ret); | |
489 } | |
490 | |
491 /* | |
492 * libcrypto EVP stuff - this is how we get wired to EVP so the engine | |
493 * gets called when libcrypto requests a cipher NID. | |
494 */ | |
495 | |
496 /* RC4 */ | |
497 const EVP_CIPHER cryptodev_rc4 = { | |
498 NID_rc4, | |
499 1, 16, 0, | |
500 EVP_CIPH_VARIABLE_LENGTH, | |
501 cryptodev_init_key, | |
502 cryptodev_cipher, | |
503 cryptodev_cleanup, | |
504 sizeof(struct dev_crypto_state), | |
505 NULL, | |
506 NULL, | |
507 NULL | |
508 }; | |
509 | |
510 /* DES CBC EVP */ | |
511 const EVP_CIPHER cryptodev_des_cbc = { | |
512 NID_des_cbc, | |
513 8, 8, 8, | |
514 EVP_CIPH_CBC_MODE, | |
515 cryptodev_init_key, | |
516 cryptodev_cipher, | |
517 cryptodev_cleanup, | |
518 sizeof(struct dev_crypto_state), | |
519 EVP_CIPHER_set_asn1_iv, | |
520 EVP_CIPHER_get_asn1_iv, | |
521 NULL | |
522 }; | |
523 | |
524 /* 3DES CBC EVP */ | |
525 const EVP_CIPHER cryptodev_3des_cbc = { | |
526 NID_des_ede3_cbc, | |
527 8, 24, 8, | |
528 EVP_CIPH_CBC_MODE, | |
529 cryptodev_init_key, | |
530 cryptodev_cipher, | |
531 cryptodev_cleanup, | |
532 sizeof(struct dev_crypto_state), | |
533 EVP_CIPHER_set_asn1_iv, | |
534 EVP_CIPHER_get_asn1_iv, | |
535 NULL | |
536 }; | |
537 | |
538 const EVP_CIPHER cryptodev_bf_cbc = { | |
539 NID_bf_cbc, | |
540 8, 16, 8, | |
541 EVP_CIPH_CBC_MODE, | |
542 cryptodev_init_key, | |
543 cryptodev_cipher, | |
544 cryptodev_cleanup, | |
545 sizeof(struct dev_crypto_state), | |
546 EVP_CIPHER_set_asn1_iv, | |
547 EVP_CIPHER_get_asn1_iv, | |
548 NULL | |
549 }; | |
550 | |
551 const EVP_CIPHER cryptodev_cast_cbc = { | |
552 NID_cast5_cbc, | |
553 8, 16, 8, | |
554 EVP_CIPH_CBC_MODE, | |
555 cryptodev_init_key, | |
556 cryptodev_cipher, | |
557 cryptodev_cleanup, | |
558 sizeof(struct dev_crypto_state), | |
559 EVP_CIPHER_set_asn1_iv, | |
560 EVP_CIPHER_get_asn1_iv, | |
561 NULL | |
562 }; | |
563 | |
564 const EVP_CIPHER cryptodev_aes_cbc = { | |
565 NID_aes_128_cbc, | |
566 16, 16, 16, | |
567 EVP_CIPH_CBC_MODE, | |
568 cryptodev_init_key, | |
569 cryptodev_cipher, | |
570 cryptodev_cleanup, | |
571 sizeof(struct dev_crypto_state), | |
572 EVP_CIPHER_set_asn1_iv, | |
573 EVP_CIPHER_get_asn1_iv, | |
574 NULL | |
575 }; | |
576 | |
577 const EVP_CIPHER cryptodev_aes_192_cbc = { | |
578 NID_aes_192_cbc, | |
579 16, 24, 16, | |
580 EVP_CIPH_CBC_MODE, | |
581 cryptodev_init_key, | |
582 cryptodev_cipher, | |
583 cryptodev_cleanup, | |
584 sizeof(struct dev_crypto_state), | |
585 EVP_CIPHER_set_asn1_iv, | |
586 EVP_CIPHER_get_asn1_iv, | |
587 NULL | |
588 }; | |
589 | |
590 const EVP_CIPHER cryptodev_aes_256_cbc = { | |
591 NID_aes_256_cbc, | |
592 16, 32, 16, | |
593 EVP_CIPH_CBC_MODE, | |
594 cryptodev_init_key, | |
595 cryptodev_cipher, | |
596 cryptodev_cleanup, | |
597 sizeof(struct dev_crypto_state), | |
598 EVP_CIPHER_set_asn1_iv, | |
599 EVP_CIPHER_get_asn1_iv, | |
600 NULL | |
601 }; | |
602 | |
603 /* | |
604 * Registered by the ENGINE when used to find out how to deal with | |
605 * a particular NID in the ENGINE. this says what we'll do at the | |
606 * top level - note, that list is restricted by what we answer with | |
607 */ | |
608 static int | |
609 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
610 const int **nids, int nid) | |
611 { | |
612 if (!cipher) | |
613 return (cryptodev_usable_ciphers(nids)); | |
614 | |
615 switch (nid) { | |
616 case NID_rc4: | |
617 *cipher = &cryptodev_rc4; | |
618 break; | |
619 case NID_des_ede3_cbc: | |
620 *cipher = &cryptodev_3des_cbc; | |
621 break; | |
622 case NID_des_cbc: | |
623 *cipher = &cryptodev_des_cbc; | |
624 break; | |
625 case NID_bf_cbc: | |
626 *cipher = &cryptodev_bf_cbc; | |
627 break; | |
628 case NID_cast5_cbc: | |
629 *cipher = &cryptodev_cast_cbc; | |
630 break; | |
631 case NID_aes_128_cbc: | |
632 *cipher = &cryptodev_aes_cbc; | |
633 break; | |
634 case NID_aes_192_cbc: | |
635 *cipher = &cryptodev_aes_192_cbc; | |
636 break; | |
637 case NID_aes_256_cbc: | |
638 *cipher = &cryptodev_aes_256_cbc; | |
639 break; | |
640 default: | |
641 *cipher = NULL; | |
642 break; | |
643 } | |
644 return (*cipher != NULL); | |
645 } | |
646 | |
647 | |
648 #ifdef USE_CRYPTODEV_DIGESTS | |
649 | |
650 /* convert digest type to cryptodev */ | |
651 static int | |
652 digest_nid_to_cryptodev(int nid) | |
653 { | |
654 int i; | |
655 | |
656 for (i = 0; digests[i].id; i++) | |
657 if (digests[i].nid == nid) | |
658 return (digests[i].id); | |
659 return (0); | |
660 } | |
661 | |
662 | |
663 static int | |
664 digest_key_length(int nid) | |
665 { | |
666 int i; | |
667 | |
668 for (i = 0; digests[i].id; i++) | |
669 if (digests[i].nid == nid) | |
670 return digests[i].keylen; | |
671 return (0); | |
672 } | |
673 | |
674 | |
675 static int cryptodev_digest_init(EVP_MD_CTX *ctx) | |
676 { | |
677 struct dev_crypto_state *state = ctx->md_data; | |
678 struct session_op *sess = &state->d_sess; | |
679 int digest; | |
680 | |
681 if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ | |
682 printf("cryptodev_digest_init: Can't get digest \n"); | |
683 return (0); | |
684 } | |
685 | |
686 memset(state, 0, sizeof(struct dev_crypto_state)); | |
687 | |
688 if ((state->d_fd = get_dev_crypto()) < 0) { | |
689 printf("cryptodev_digest_init: Can't get Dev \n"); | |
690 return (0); | |
691 } | |
692 | |
693 sess->mackey = state->dummy_mac_key; | |
694 sess->mackeylen = digest_key_length(ctx->digest->type); | |
695 sess->mac = digest; | |
696 | |
697 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | |
698 put_dev_crypto(state->d_fd); | |
699 state->d_fd = -1; | |
700 printf("cryptodev_digest_init: Open session failed\n"); | |
701 return (0); | |
702 } | |
703 | |
704 return (1); | |
705 } | |
706 | |
707 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | |
708 size_t count) | |
709 { | |
710 struct crypt_op cryp; | |
711 struct dev_crypto_state *state = ctx->md_data; | |
712 struct session_op *sess = &state->d_sess; | |
713 | |
714 if (!data || state->d_fd < 0) { | |
715 printf("cryptodev_digest_update: illegal inputs \n"); | |
716 return (0); | |
717 } | |
718 | |
719 if (!count) { | |
720 return (0); | |
721 } | |
722 | |
723 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | |
724 /* if application doesn't support one buffer */ | |
725 state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_le
n + count); | |
726 | |
727 if (!state->mac_data) { | |
728 printf("cryptodev_digest_update: realloc failed\n"); | |
729 return (0); | |
730 } | |
731 | |
732 memcpy(state->mac_data + state->mac_len, data, count); | |
733 state->mac_len += count; | |
734 | |
735 return (1); | |
736 } | |
737 | |
738 memset(&cryp, 0, sizeof(cryp)); | |
739 | |
740 cryp.ses = sess->ses; | |
741 cryp.flags = 0; | |
742 cryp.len = count; | |
743 cryp.src = (caddr_t) data; | |
744 cryp.dst = NULL; | |
745 cryp.mac = (caddr_t) state->digest_res; | |
746 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | |
747 printf("cryptodev_digest_update: digest failed\n"); | |
748 return (0); | |
749 } | |
750 return (1); | |
751 } | |
752 | |
753 | |
754 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | |
755 { | |
756 struct crypt_op cryp; | |
757 struct dev_crypto_state *state = ctx->md_data; | |
758 struct session_op *sess = &state->d_sess; | |
759 | |
760 int ret = 1; | |
761 | |
762 if (!md || state->d_fd < 0) { | |
763 printf("cryptodev_digest_final: illegal input\n"); | |
764 return(0); | |
765 } | |
766 | |
767 if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { | |
768 /* if application doesn't support one buffer */ | |
769 memset(&cryp, 0, sizeof(cryp)); | |
770 cryp.ses = sess->ses; | |
771 cryp.flags = 0; | |
772 cryp.len = state->mac_len; | |
773 cryp.src = state->mac_data; | |
774 cryp.dst = NULL; | |
775 cryp.mac = (caddr_t)md; | |
776 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | |
777 printf("cryptodev_digest_final: digest failed\n"); | |
778 return (0); | |
779 } | |
780 | |
781 return 1; | |
782 } | |
783 | |
784 memcpy(md, state->digest_res, ctx->digest->md_size); | |
785 | |
786 return (ret); | |
787 } | |
788 | |
789 | |
790 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | |
791 { | |
792 int ret = 1; | |
793 struct dev_crypto_state *state = ctx->md_data; | |
794 struct session_op *sess = &state->d_sess; | |
795 | |
796 if (state == NULL) | |
797 return 0; | |
798 | |
799 if (state->d_fd < 0) { | |
800 printf("cryptodev_digest_cleanup: illegal input\n"); | |
801 return (0); | |
802 } | |
803 | |
804 if (state->mac_data) { | |
805 OPENSSL_free(state->mac_data); | |
806 state->mac_data = NULL; | |
807 state->mac_len = 0; | |
808 } | |
809 | |
810 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | |
811 printf("cryptodev_digest_cleanup: failed to close session\n"); | |
812 ret = 0; | |
813 } else { | |
814 ret = 1; | |
815 } | |
816 put_dev_crypto(state->d_fd); | |
817 state->d_fd = -1; | |
818 | |
819 return (ret); | |
820 } | |
821 | |
822 static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) | |
823 { | |
824 struct dev_crypto_state *fstate = from->md_data; | |
825 struct dev_crypto_state *dstate = to->md_data; | |
826 struct session_op *sess; | |
827 int digest; | |
828 | |
829 if (dstate == NULL || fstate == NULL) | |
830 return 1; | |
831 | |
832 memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); | |
833 | |
834 sess = &dstate->d_sess; | |
835 | |
836 digest = digest_nid_to_cryptodev(to->digest->type); | |
837 | |
838 sess->mackey = dstate->dummy_mac_key; | |
839 sess->mackeylen = digest_key_length(to->digest->type); | |
840 sess->mac = digest; | |
841 | |
842 dstate->d_fd = get_dev_crypto(); | |
843 | |
844 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { | |
845 put_dev_crypto(dstate->d_fd); | |
846 dstate->d_fd = -1; | |
847 printf("cryptodev_digest_init: Open session failed\n"); | |
848 return (0); | |
849 } | |
850 | |
851 if (fstate->mac_len != 0) { | |
852 if (fstate->mac_data != NULL) | |
853 { | |
854 dstate->mac_data = OPENSSL_malloc(fstate->mac_len); | |
855 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_l
en); | |
856 dstate->mac_len = fstate->mac_len; | |
857 } | |
858 } | |
859 | |
860 return 1; | |
861 } | |
862 | |
863 | |
864 const EVP_MD cryptodev_sha1 = { | |
865 NID_sha1, | |
866 NID_undef, | |
867 SHA_DIGEST_LENGTH, | |
868 EVP_MD_FLAG_ONESHOT, | |
869 cryptodev_digest_init, | |
870 cryptodev_digest_update, | |
871 cryptodev_digest_final, | |
872 cryptodev_digest_copy, | |
873 cryptodev_digest_cleanup, | |
874 EVP_PKEY_NULL_method, | |
875 SHA_CBLOCK, | |
876 sizeof(struct dev_crypto_state), | |
877 }; | |
878 | |
879 const EVP_MD cryptodev_md5 = { | |
880 NID_md5, | |
881 NID_undef, | |
882 16 /* MD5_DIGEST_LENGTH */, | |
883 EVP_MD_FLAG_ONESHOT, | |
884 cryptodev_digest_init, | |
885 cryptodev_digest_update, | |
886 cryptodev_digest_final, | |
887 cryptodev_digest_copy, | |
888 cryptodev_digest_cleanup, | |
889 EVP_PKEY_NULL_method, | |
890 64 /* MD5_CBLOCK */, | |
891 sizeof(struct dev_crypto_state), | |
892 }; | |
893 | |
894 #endif /* USE_CRYPTODEV_DIGESTS */ | |
895 | |
896 | |
897 static int | |
898 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | |
899 const int **nids, int nid) | |
900 { | |
901 if (!digest) | |
902 return (cryptodev_usable_digests(nids)); | |
903 | |
904 switch (nid) { | |
905 #ifdef USE_CRYPTODEV_DIGESTS | |
906 case NID_md5: | |
907 *digest = &cryptodev_md5; | |
908 break; | |
909 case NID_sha1: | |
910 *digest = &cryptodev_sha1; | |
911 break; | |
912 default: | |
913 #endif /* USE_CRYPTODEV_DIGESTS */ | |
914 *digest = NULL; | |
915 break; | |
916 } | |
917 return (*digest != NULL); | |
918 } | |
919 | |
920 /* | |
921 * Convert a BIGNUM to the representation that /dev/crypto needs. | |
922 * Upon completion of use, the caller is responsible for freeing | |
923 * crp->crp_p. | |
924 */ | |
925 static int | |
926 bn2crparam(const BIGNUM *a, struct crparam *crp) | |
927 { | |
928 int i, j, k; | |
929 ssize_t bytes, bits; | |
930 u_char *b; | |
931 | |
932 crp->crp_p = NULL; | |
933 crp->crp_nbits = 0; | |
934 | |
935 bits = BN_num_bits(a); | |
936 bytes = (bits + 7) / 8; | |
937 | |
938 b = malloc(bytes); | |
939 if (b == NULL) | |
940 return (1); | |
941 memset(b, 0, bytes); | |
942 | |
943 crp->crp_p = (caddr_t) b; | |
944 crp->crp_nbits = bits; | |
945 | |
946 for (i = 0, j = 0; i < a->top; i++) { | |
947 for (k = 0; k < BN_BITS2 / 8; k++) { | |
948 if ((j + k) >= bytes) | |
949 return (0); | |
950 b[j + k] = a->d[i] >> (k * 8); | |
951 } | |
952 j += BN_BITS2 / 8; | |
953 } | |
954 return (0); | |
955 } | |
956 | |
957 /* Convert a /dev/crypto parameter to a BIGNUM */ | |
958 static int | |
959 crparam2bn(struct crparam *crp, BIGNUM *a) | |
960 { | |
961 u_int8_t *pd; | |
962 int i, bytes; | |
963 | |
964 bytes = (crp->crp_nbits + 7) / 8; | |
965 | |
966 if (bytes == 0) | |
967 return (-1); | |
968 | |
969 if ((pd = (u_int8_t *) malloc(bytes)) == NULL) | |
970 return (-1); | |
971 | |
972 for (i = 0; i < bytes; i++) | |
973 pd[i] = crp->crp_p[bytes - i - 1]; | |
974 | |
975 BN_bin2bn(pd, bytes, a); | |
976 free(pd); | |
977 | |
978 return (0); | |
979 } | |
980 | |
981 static void | |
982 zapparams(struct crypt_kop *kop) | |
983 { | |
984 int i; | |
985 | |
986 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { | |
987 if (kop->crk_param[i].crp_p) | |
988 free(kop->crk_param[i].crp_p); | |
989 kop->crk_param[i].crp_p = NULL; | |
990 kop->crk_param[i].crp_nbits = 0; | |
991 } | |
992 } | |
993 | |
994 static int | |
995 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | |
996 { | |
997 int fd, ret = -1; | |
998 | |
999 if ((fd = get_asym_dev_crypto()) < 0) | |
1000 return (ret); | |
1001 | |
1002 if (r) { | |
1003 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(cha
r)); | |
1004 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | |
1005 kop->crk_oparams++; | |
1006 } | |
1007 if (s) { | |
1008 kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(c
har)); | |
1009 kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; | |
1010 kop->crk_oparams++; | |
1011 } | |
1012 | |
1013 if (ioctl(fd, CIOCKEY, kop) == 0) { | |
1014 if (r) | |
1015 crparam2bn(&kop->crk_param[kop->crk_iparams], r); | |
1016 if (s) | |
1017 crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); | |
1018 ret = 0; | |
1019 } | |
1020 | |
1021 return (ret); | |
1022 } | |
1023 | |
1024 static int | |
1025 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |
1026 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | |
1027 { | |
1028 struct crypt_kop kop; | |
1029 int ret = 1; | |
1030 | |
1031 /* Currently, we know we can do mod exp iff we can do any | |
1032 * asymmetric operations at all. | |
1033 */ | |
1034 if (cryptodev_asymfeat == 0) { | |
1035 ret = BN_mod_exp(r, a, p, m, ctx); | |
1036 return (ret); | |
1037 } | |
1038 | |
1039 memset(&kop, 0, sizeof kop); | |
1040 kop.crk_op = CRK_MOD_EXP; | |
1041 | |
1042 /* inputs: a^p % m */ | |
1043 if (bn2crparam(a, &kop.crk_param[0])) | |
1044 goto err; | |
1045 if (bn2crparam(p, &kop.crk_param[1])) | |
1046 goto err; | |
1047 if (bn2crparam(m, &kop.crk_param[2])) | |
1048 goto err; | |
1049 kop.crk_iparams = 3; | |
1050 | |
1051 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { | |
1052 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | |
1053 printf("OCF asym process failed, Running in software\n"); | |
1054 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); | |
1055 | |
1056 } else if (ECANCELED == kop.crk_status) { | |
1057 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | |
1058 printf("OCF hardware operation cancelled. Running in Software\n"
); | |
1059 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); | |
1060 } | |
1061 /* else cryptodev operation worked ok ==> ret = 1*/ | |
1062 | |
1063 err: | |
1064 zapparams(&kop); | |
1065 return (ret); | |
1066 } | |
1067 | |
1068 static int | |
1069 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |
1070 { | |
1071 int r; | |
1072 ctx = BN_CTX_new(); | |
1073 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); | |
1074 BN_CTX_free(ctx); | |
1075 return (r); | |
1076 } | |
1077 | |
1078 static int | |
1079 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |
1080 { | |
1081 struct crypt_kop kop; | |
1082 int ret = 1; | |
1083 | |
1084 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | |
1085 /* XXX 0 means failure?? */ | |
1086 return (0); | |
1087 } | |
1088 | |
1089 memset(&kop, 0, sizeof kop); | |
1090 kop.crk_op = CRK_MOD_EXP_CRT; | |
1091 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | |
1092 if (bn2crparam(rsa->p, &kop.crk_param[0])) | |
1093 goto err; | |
1094 if (bn2crparam(rsa->q, &kop.crk_param[1])) | |
1095 goto err; | |
1096 if (bn2crparam(I, &kop.crk_param[2])) | |
1097 goto err; | |
1098 if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) | |
1099 goto err; | |
1100 if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) | |
1101 goto err; | |
1102 if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) | |
1103 goto err; | |
1104 kop.crk_iparams = 6; | |
1105 | |
1106 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { | |
1107 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | |
1108 printf("OCF asym process failed, running in Software\n"); | |
1109 ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); | |
1110 | |
1111 } else if (ECANCELED == kop.crk_status) { | |
1112 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | |
1113 printf("OCF hardware operation cancelled. Running in Software\n"
); | |
1114 ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); | |
1115 } | |
1116 /* else cryptodev operation worked ok ==> ret = 1*/ | |
1117 | |
1118 err: | |
1119 zapparams(&kop); | |
1120 return (ret); | |
1121 } | |
1122 | |
1123 static RSA_METHOD cryptodev_rsa = { | |
1124 "cryptodev RSA method", | |
1125 NULL, /* rsa_pub_enc */ | |
1126 NULL, /* rsa_pub_dec */ | |
1127 NULL, /* rsa_priv_enc */ | |
1128 NULL, /* rsa_priv_dec */ | |
1129 NULL, | |
1130 NULL, | |
1131 NULL, /* init */ | |
1132 NULL, /* finish */ | |
1133 0, /* flags */ | |
1134 NULL, /* app_data */ | |
1135 NULL, /* rsa_sign */ | |
1136 NULL /* rsa_verify */ | |
1137 }; | |
1138 | |
1139 static int | |
1140 cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | |
1141 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | |
1142 { | |
1143 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | |
1144 } | |
1145 | |
1146 static int | |
1147 cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | |
1148 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | |
1149 BN_CTX *ctx, BN_MONT_CTX *mont) | |
1150 { | |
1151 BIGNUM t2; | |
1152 int ret = 0; | |
1153 | |
1154 BN_init(&t2); | |
1155 | |
1156 /* v = ( g^u1 * y^u2 mod p ) mod q */ | |
1157 /* let t1 = g ^ u1 mod p */ | |
1158 ret = 0; | |
1159 | |
1160 if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) | |
1161 goto err; | |
1162 | |
1163 /* let t2 = y ^ u2 mod p */ | |
1164 if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) | |
1165 goto err; | |
1166 /* let u1 = t1 * t2 mod p */ | |
1167 if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) | |
1168 goto err; | |
1169 | |
1170 BN_copy(t1,u1); | |
1171 | |
1172 ret = 1; | |
1173 err: | |
1174 BN_free(&t2); | |
1175 return(ret); | |
1176 } | |
1177 | |
1178 static DSA_SIG * | |
1179 cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |
1180 { | |
1181 struct crypt_kop kop; | |
1182 BIGNUM *r = NULL, *s = NULL; | |
1183 DSA_SIG *dsaret = NULL; | |
1184 | |
1185 if ((r = BN_new()) == NULL) | |
1186 goto err; | |
1187 if ((s = BN_new()) == NULL) { | |
1188 BN_free(r); | |
1189 goto err; | |
1190 } | |
1191 | |
1192 memset(&kop, 0, sizeof kop); | |
1193 kop.crk_op = CRK_DSA_SIGN; | |
1194 | |
1195 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | |
1196 kop.crk_param[0].crp_p = (caddr_t)dgst; | |
1197 kop.crk_param[0].crp_nbits = dlen * 8; | |
1198 if (bn2crparam(dsa->p, &kop.crk_param[1])) | |
1199 goto err; | |
1200 if (bn2crparam(dsa->q, &kop.crk_param[2])) | |
1201 goto err; | |
1202 if (bn2crparam(dsa->g, &kop.crk_param[3])) | |
1203 goto err; | |
1204 if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) | |
1205 goto err; | |
1206 kop.crk_iparams = 5; | |
1207 | |
1208 if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, | |
1209 BN_num_bytes(dsa->q), s) == 0) { | |
1210 dsaret = DSA_SIG_new(); | |
1211 dsaret->r = r; | |
1212 dsaret->s = s; | |
1213 } else { | |
1214 const DSA_METHOD *meth = DSA_OpenSSL(); | |
1215 BN_free(r); | |
1216 BN_free(s); | |
1217 dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); | |
1218 } | |
1219 err: | |
1220 kop.crk_param[0].crp_p = NULL; | |
1221 zapparams(&kop); | |
1222 return (dsaret); | |
1223 } | |
1224 | |
1225 static int | |
1226 cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | |
1227 DSA_SIG *sig, DSA *dsa) | |
1228 { | |
1229 struct crypt_kop kop; | |
1230 int dsaret = 1; | |
1231 | |
1232 memset(&kop, 0, sizeof kop); | |
1233 kop.crk_op = CRK_DSA_VERIFY; | |
1234 | |
1235 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | |
1236 kop.crk_param[0].crp_p = (caddr_t)dgst; | |
1237 kop.crk_param[0].crp_nbits = dlen * 8; | |
1238 if (bn2crparam(dsa->p, &kop.crk_param[1])) | |
1239 goto err; | |
1240 if (bn2crparam(dsa->q, &kop.crk_param[2])) | |
1241 goto err; | |
1242 if (bn2crparam(dsa->g, &kop.crk_param[3])) | |
1243 goto err; | |
1244 if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) | |
1245 goto err; | |
1246 if (bn2crparam(sig->r, &kop.crk_param[5])) | |
1247 goto err; | |
1248 if (bn2crparam(sig->s, &kop.crk_param[6])) | |
1249 goto err; | |
1250 kop.crk_iparams = 7; | |
1251 | |
1252 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | |
1253 /*OCF success value is 0, if not zero, change dsaret to fail*/ | |
1254 if(0 != kop.crk_status) dsaret = 0; | |
1255 } else { | |
1256 const DSA_METHOD *meth = DSA_OpenSSL(); | |
1257 | |
1258 dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); | |
1259 } | |
1260 err: | |
1261 kop.crk_param[0].crp_p = NULL; | |
1262 zapparams(&kop); | |
1263 return (dsaret); | |
1264 } | |
1265 | |
1266 static DSA_METHOD cryptodev_dsa = { | |
1267 "cryptodev DSA method", | |
1268 NULL, | |
1269 NULL, /* dsa_sign_setup */ | |
1270 NULL, | |
1271 NULL, /* dsa_mod_exp */ | |
1272 NULL, | |
1273 NULL, /* init */ | |
1274 NULL, /* finish */ | |
1275 0, /* flags */ | |
1276 NULL /* app_data */ | |
1277 }; | |
1278 | |
1279 static int | |
1280 cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | |
1281 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | |
1282 BN_MONT_CTX *m_ctx) | |
1283 { | |
1284 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | |
1285 } | |
1286 | |
1287 static int | |
1288 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |
1289 { | |
1290 struct crypt_kop kop; | |
1291 int dhret = 1; | |
1292 int fd, keylen; | |
1293 | |
1294 if ((fd = get_asym_dev_crypto()) < 0) { | |
1295 const DH_METHOD *meth = DH_OpenSSL(); | |
1296 | |
1297 return ((meth->compute_key)(key, pub_key, dh)); | |
1298 } | |
1299 | |
1300 keylen = BN_num_bits(dh->p); | |
1301 | |
1302 memset(&kop, 0, sizeof kop); | |
1303 kop.crk_op = CRK_DH_COMPUTE_KEY; | |
1304 | |
1305 /* inputs: dh->priv_key pub_key dh->p key */ | |
1306 if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | |
1307 goto err; | |
1308 if (bn2crparam(pub_key, &kop.crk_param[1])) | |
1309 goto err; | |
1310 if (bn2crparam(dh->p, &kop.crk_param[2])) | |
1311 goto err; | |
1312 kop.crk_iparams = 3; | |
1313 | |
1314 kop.crk_param[3].crp_p = (caddr_t) key; | |
1315 kop.crk_param[3].crp_nbits = keylen * 8; | |
1316 kop.crk_oparams = 1; | |
1317 | |
1318 if (ioctl(fd, CIOCKEY, &kop) == -1) { | |
1319 const DH_METHOD *meth = DH_OpenSSL(); | |
1320 | |
1321 dhret = (meth->compute_key)(key, pub_key, dh); | |
1322 } | |
1323 err: | |
1324 kop.crk_param[3].crp_p = NULL; | |
1325 zapparams(&kop); | |
1326 return (dhret); | |
1327 } | |
1328 | |
1329 static DH_METHOD cryptodev_dh = { | |
1330 "cryptodev DH method", | |
1331 NULL, /* cryptodev_dh_generate_key */ | |
1332 NULL, | |
1333 NULL, | |
1334 NULL, | |
1335 NULL, | |
1336 0, /* flags */ | |
1337 NULL /* app_data */ | |
1338 }; | |
1339 | |
1340 /* | |
1341 * ctrl right now is just a wrapper that doesn't do much | |
1342 * but I expect we'll want some options soon. | |
1343 */ | |
1344 static int | |
1345 cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) | |
1346 { | |
1347 #ifdef HAVE_SYSLOG_R | |
1348 struct syslog_data sd = SYSLOG_DATA_INIT; | |
1349 #endif | |
1350 | |
1351 switch (cmd) { | |
1352 default: | |
1353 #ifdef HAVE_SYSLOG_R | |
1354 syslog_r(LOG_ERR, &sd, | |
1355 "cryptodev_ctrl: unknown command %d", cmd); | |
1356 #else | |
1357 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); | |
1358 #endif | |
1359 break; | |
1360 } | |
1361 return (1); | |
1362 } | |
1363 | |
1364 void | |
1365 ENGINE_load_cryptodev(void) | |
1366 { | |
1367 ENGINE *engine = ENGINE_new(); | |
1368 int fd; | |
1369 | |
1370 if (engine == NULL) | |
1371 return; | |
1372 if ((fd = get_dev_crypto()) < 0) { | |
1373 ENGINE_free(engine); | |
1374 return; | |
1375 } | |
1376 | |
1377 /* | |
1378 * find out what asymmetric crypto algorithms we support | |
1379 */ | |
1380 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { | |
1381 put_dev_crypto(fd); | |
1382 ENGINE_free(engine); | |
1383 return; | |
1384 } | |
1385 put_dev_crypto(fd); | |
1386 | |
1387 if (!ENGINE_set_id(engine, "cryptodev") || | |
1388 !ENGINE_set_name(engine, "BSD cryptodev engine") || | |
1389 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | |
1390 !ENGINE_set_digests(engine, cryptodev_engine_digests) || | |
1391 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || | |
1392 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { | |
1393 ENGINE_free(engine); | |
1394 return; | |
1395 } | |
1396 | |
1397 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { | |
1398 const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); | |
1399 | |
1400 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; | |
1401 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; | |
1402 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; | |
1403 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; | |
1404 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; | |
1405 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; | |
1406 if (cryptodev_asymfeat & CRF_MOD_EXP) { | |
1407 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; | |
1408 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) | |
1409 cryptodev_rsa.rsa_mod_exp = | |
1410 cryptodev_rsa_mod_exp; | |
1411 else | |
1412 cryptodev_rsa.rsa_mod_exp = | |
1413 cryptodev_rsa_nocrt_mod_exp; | |
1414 } | |
1415 } | |
1416 | |
1417 if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { | |
1418 const DSA_METHOD *meth = DSA_OpenSSL(); | |
1419 | |
1420 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | |
1421 if (cryptodev_asymfeat & CRF_DSA_SIGN) | |
1422 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | |
1423 if (cryptodev_asymfeat & CRF_MOD_EXP) { | |
1424 cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; | |
1425 cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; | |
1426 } | |
1427 if (cryptodev_asymfeat & CRF_DSA_VERIFY) | |
1428 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | |
1429 } | |
1430 | |
1431 if (ENGINE_set_DH(engine, &cryptodev_dh)){ | |
1432 const DH_METHOD *dh_meth = DH_OpenSSL(); | |
1433 | |
1434 cryptodev_dh.generate_key = dh_meth->generate_key; | |
1435 cryptodev_dh.compute_key = dh_meth->compute_key; | |
1436 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; | |
1437 if (cryptodev_asymfeat & CRF_MOD_EXP) { | |
1438 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; | |
1439 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) | |
1440 cryptodev_dh.compute_key = | |
1441 cryptodev_dh_compute_key; | |
1442 } | |
1443 } | |
1444 | |
1445 ENGINE_add(engine); | |
1446 ENGINE_free(engine); | |
1447 ERR_clear_error(); | |
1448 } | |
1449 | |
1450 #endif /* HAVE_CRYPTODEV */ | |
OLD | NEW |