sl@0: /* sl@0: * Copyright (c) 2002 Bob Beck sl@0: * Copyright (c) 2002 Theo de Raadt sl@0: * Copyright (c) 2002 Markus Friedl sl@0: * All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY sl@0: * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED sl@0: * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE sl@0: * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY sl@0: * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES sl@0: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND sl@0: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT sl@0: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF sl@0: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * sl@0: */ sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ sl@0: (defined(OpenBSD) || defined(__FreeBSD_version)) sl@0: #include sl@0: # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) sl@0: # define HAVE_CRYPTODEV sl@0: # endif sl@0: # if (OpenBSD >= 200110) sl@0: # define HAVE_SYSLOG_R sl@0: # endif sl@0: #endif sl@0: sl@0: #ifndef HAVE_CRYPTODEV sl@0: sl@0: EXPORT_C void sl@0: ENGINE_load_cryptodev(void) sl@0: { sl@0: /* This is a NOP on platforms without /dev/crypto */ sl@0: return; sl@0: } sl@0: sl@0: #else sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: struct dev_crypto_state { sl@0: struct session_op d_sess; sl@0: int d_fd; sl@0: }; sl@0: sl@0: static u_int32_t cryptodev_asymfeat = 0; sl@0: sl@0: static int get_asym_dev_crypto(void); sl@0: static int open_dev_crypto(void); sl@0: static int get_dev_crypto(void); sl@0: static int cryptodev_max_iv(int cipher); sl@0: static int cryptodev_key_length_valid(int cipher, int len); sl@0: static int cipher_nid_to_cryptodev(int nid); sl@0: static int get_cryptodev_ciphers(const int **cnids); sl@0: static int get_cryptodev_digests(const int **cnids); sl@0: static int cryptodev_usable_ciphers(const int **nids); sl@0: static int cryptodev_usable_digests(const int **nids); sl@0: static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, sl@0: const unsigned char *in, unsigned int inl); sl@0: static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, sl@0: const unsigned char *iv, int enc); sl@0: static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); sl@0: static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, sl@0: const int **nids, int nid); sl@0: static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, sl@0: const int **nids, int nid); sl@0: static int bn2crparam(const BIGNUM *a, struct crparam *crp); sl@0: static int crparam2bn(struct crparam *crp, BIGNUM *a); sl@0: static void zapparams(struct crypt_kop *kop); sl@0: static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, sl@0: int slen, BIGNUM *s); sl@0: sl@0: static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, sl@0: const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); sl@0: static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, sl@0: RSA *rsa); sl@0: static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); sl@0: static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, sl@0: const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); sl@0: static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, sl@0: BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, sl@0: BN_CTX *ctx, BN_MONT_CTX *mont); sl@0: static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, sl@0: int dlen, DSA *dsa); sl@0: static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, sl@0: DSA_SIG *sig, DSA *dsa); sl@0: static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, sl@0: const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, sl@0: BN_MONT_CTX *m_ctx); sl@0: static int cryptodev_dh_compute_key(unsigned char *key, sl@0: const BIGNUM *pub_key, DH *dh); sl@0: static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, sl@0: void (*f)()); sl@0: void ENGINE_load_cryptodev(void); sl@0: sl@0: static const ENGINE_CMD_DEFN cryptodev_defns[] = { sl@0: { 0, NULL, NULL, 0 } sl@0: }; sl@0: sl@0: static struct { sl@0: int id; sl@0: int nid; sl@0: int ivmax; sl@0: int keylen; sl@0: } ciphers[] = { sl@0: { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, sl@0: { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, sl@0: { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, sl@0: { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, sl@0: { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, sl@0: { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, sl@0: { 0, NID_undef, 0, 0, }, sl@0: }; sl@0: sl@0: static struct { sl@0: int id; sl@0: int nid; sl@0: } digests[] = { sl@0: { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, sl@0: { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, sl@0: { CRYPTO_MD5_KPDK, NID_undef, }, sl@0: { CRYPTO_SHA1_KPDK, NID_undef, }, sl@0: { CRYPTO_MD5, NID_md5, }, sl@0: { CRYPTO_SHA1, NID_undef, }, sl@0: { 0, NID_undef, }, sl@0: }; sl@0: sl@0: /* sl@0: * Return a fd if /dev/crypto seems usable, 0 otherwise. sl@0: */ sl@0: static int sl@0: open_dev_crypto(void) sl@0: { sl@0: static int fd = -1; sl@0: sl@0: if (fd == -1) { sl@0: if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) sl@0: return (-1); sl@0: /* close on exec */ sl@0: if (fcntl(fd, F_SETFD, 1) == -1) { sl@0: close(fd); sl@0: fd = -1; sl@0: return (-1); sl@0: } sl@0: } sl@0: return (fd); sl@0: } sl@0: sl@0: static int sl@0: get_dev_crypto(void) sl@0: { sl@0: int fd, retfd; sl@0: sl@0: if ((fd = open_dev_crypto()) == -1) sl@0: return (-1); sl@0: if (ioctl(fd, CRIOGET, &retfd) == -1) sl@0: return (-1); sl@0: sl@0: /* close on exec */ sl@0: if (fcntl(retfd, F_SETFD, 1) == -1) { sl@0: close(retfd); sl@0: return (-1); sl@0: } sl@0: return (retfd); sl@0: } sl@0: sl@0: /* Caching version for asym operations */ sl@0: static int sl@0: get_asym_dev_crypto(void) sl@0: { sl@0: static int fd = -1; sl@0: sl@0: if (fd == -1) sl@0: fd = get_dev_crypto(); sl@0: return fd; sl@0: } sl@0: sl@0: /* sl@0: * XXXX this needs to be set for each alg - and determined from sl@0: * a running card. sl@0: */ sl@0: static int sl@0: cryptodev_max_iv(int cipher) sl@0: { sl@0: int i; sl@0: sl@0: for (i = 0; ciphers[i].id; i++) sl@0: if (ciphers[i].id == cipher) sl@0: return (ciphers[i].ivmax); sl@0: return (0); sl@0: } sl@0: sl@0: /* sl@0: * XXXX this needs to be set for each alg - and determined from sl@0: * a running card. For now, fake it out - but most of these sl@0: * for real devices should return 1 for the supported key sl@0: * sizes the device can handle. sl@0: */ sl@0: static int sl@0: cryptodev_key_length_valid(int cipher, int len) sl@0: { sl@0: int i; sl@0: sl@0: for (i = 0; ciphers[i].id; i++) sl@0: if (ciphers[i].id == cipher) sl@0: return (ciphers[i].keylen == len); sl@0: return (0); sl@0: } sl@0: sl@0: /* convert libcrypto nids to cryptodev */ sl@0: static int sl@0: cipher_nid_to_cryptodev(int nid) sl@0: { sl@0: int i; sl@0: sl@0: for (i = 0; ciphers[i].id; i++) sl@0: if (ciphers[i].nid == nid) sl@0: return (ciphers[i].id); sl@0: return (0); sl@0: } sl@0: sl@0: /* sl@0: * Find out what ciphers /dev/crypto will let us have a session for. sl@0: * XXX note, that some of these openssl doesn't deal with yet! sl@0: * returning them here is harmless, as long as we return NULL sl@0: * when asked for a handler in the cryptodev_engine_ciphers routine sl@0: */ sl@0: static int sl@0: get_cryptodev_ciphers(const int **cnids) sl@0: { sl@0: static int nids[CRYPTO_ALGORITHM_MAX]; sl@0: struct session_op sess; sl@0: int fd, i, count = 0; sl@0: sl@0: if ((fd = get_dev_crypto()) < 0) { sl@0: *cnids = NULL; sl@0: return (0); sl@0: } sl@0: memset(&sess, 0, sizeof(sess)); sl@0: sess.key = (caddr_t)"123456781234567812345678"; sl@0: sl@0: for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { sl@0: if (ciphers[i].nid == NID_undef) sl@0: continue; sl@0: sess.cipher = ciphers[i].id; sl@0: sess.keylen = ciphers[i].keylen; sl@0: sess.mac = 0; sl@0: if (ioctl(fd, CIOCGSESSION, &sess) != -1 && sl@0: ioctl(fd, CIOCFSESSION, &sess.ses) != -1) sl@0: nids[count++] = ciphers[i].nid; sl@0: } sl@0: close(fd); sl@0: sl@0: if (count > 0) sl@0: *cnids = nids; sl@0: else sl@0: *cnids = NULL; sl@0: return (count); sl@0: } sl@0: sl@0: /* sl@0: * Find out what digests /dev/crypto will let us have a session for. sl@0: * XXX note, that some of these openssl doesn't deal with yet! sl@0: * returning them here is harmless, as long as we return NULL sl@0: * when asked for a handler in the cryptodev_engine_digests routine sl@0: */ sl@0: static int sl@0: get_cryptodev_digests(const int **cnids) sl@0: { sl@0: static int nids[CRYPTO_ALGORITHM_MAX]; sl@0: struct session_op sess; sl@0: int fd, i, count = 0; sl@0: sl@0: if ((fd = get_dev_crypto()) < 0) { sl@0: *cnids = NULL; sl@0: return (0); sl@0: } sl@0: memset(&sess, 0, sizeof(sess)); sl@0: for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { sl@0: if (digests[i].nid == NID_undef) sl@0: continue; sl@0: sess.mac = digests[i].id; sl@0: sess.cipher = 0; sl@0: if (ioctl(fd, CIOCGSESSION, &sess) != -1 && sl@0: ioctl(fd, CIOCFSESSION, &sess.ses) != -1) sl@0: nids[count++] = digests[i].nid; sl@0: } sl@0: close(fd); sl@0: sl@0: if (count > 0) sl@0: *cnids = nids; sl@0: else sl@0: *cnids = NULL; sl@0: return (count); sl@0: } sl@0: sl@0: /* sl@0: * Find the useable ciphers|digests from dev/crypto - this is the first sl@0: * thing called by the engine init crud which determines what it sl@0: * can use for ciphers from this engine. We want to return sl@0: * only what we can do, anythine else is handled by software. sl@0: * sl@0: * If we can't initialize the device to do anything useful for sl@0: * any reason, we want to return a NULL array, and 0 length, sl@0: * which forces everything to be done is software. By putting sl@0: * the initalization of the device in here, we ensure we can sl@0: * use this engine as the default, and if for whatever reason sl@0: * /dev/crypto won't do what we want it will just be done in sl@0: * software sl@0: * sl@0: * This can (should) be greatly expanded to perhaps take into sl@0: * account speed of the device, and what we want to do. sl@0: * (although the disabling of particular alg's could be controlled sl@0: * by the device driver with sysctl's.) - this is where we sl@0: * want most of the decisions made about what we actually want sl@0: * to use from /dev/crypto. sl@0: */ sl@0: static int sl@0: cryptodev_usable_ciphers(const int **nids) sl@0: { sl@0: return (get_cryptodev_ciphers(nids)); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_usable_digests(const int **nids) sl@0: { sl@0: /* sl@0: * XXXX just disable all digests for now, because it sucks. sl@0: * we need a better way to decide this - i.e. I may not sl@0: * want digests on slow cards like hifn on fast machines, sl@0: * but might want them on slow or loaded machines, etc. sl@0: * will also want them when using crypto cards that don't sl@0: * suck moose gonads - would be nice to be able to decide something sl@0: * as reasonable default without having hackery that's card dependent. sl@0: * of course, the default should probably be just do everything, sl@0: * with perhaps a sysctl to turn algoritms off (or have them off sl@0: * by default) on cards that generally suck like the hifn. sl@0: */ sl@0: *nids = NULL; sl@0: return (0); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, sl@0: const unsigned char *in, unsigned int inl) sl@0: { sl@0: struct crypt_op cryp; sl@0: struct dev_crypto_state *state = ctx->cipher_data; sl@0: struct session_op *sess = &state->d_sess; sl@0: void *iiv; sl@0: unsigned char save_iv[EVP_MAX_IV_LENGTH]; sl@0: sl@0: if (state->d_fd < 0) sl@0: return (0); sl@0: if (!inl) sl@0: return (1); sl@0: if ((inl % ctx->cipher->block_size) != 0) sl@0: return (0); sl@0: sl@0: memset(&cryp, 0, sizeof(cryp)); sl@0: sl@0: cryp.ses = sess->ses; sl@0: cryp.flags = 0; sl@0: cryp.len = inl; sl@0: cryp.src = (caddr_t) in; sl@0: cryp.dst = (caddr_t) out; sl@0: cryp.mac = 0; sl@0: sl@0: cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; sl@0: sl@0: if (ctx->cipher->iv_len) { sl@0: cryp.iv = (caddr_t) ctx->iv; sl@0: if (!ctx->encrypt) { sl@0: iiv = (void *) in + inl - ctx->cipher->iv_len; sl@0: memcpy(save_iv, iiv, ctx->cipher->iv_len); sl@0: } sl@0: } else sl@0: cryp.iv = NULL; sl@0: sl@0: if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { sl@0: /* XXX need better errror handling sl@0: * this can fail for a number of different reasons. sl@0: */ sl@0: return (0); sl@0: } sl@0: sl@0: if (ctx->cipher->iv_len) { sl@0: if (ctx->encrypt) sl@0: iiv = (void *) out + inl - ctx->cipher->iv_len; sl@0: else sl@0: iiv = save_iv; sl@0: memcpy(ctx->iv, iiv, ctx->cipher->iv_len); sl@0: } sl@0: return (1); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, sl@0: const unsigned char *iv, int enc) sl@0: { sl@0: struct dev_crypto_state *state = ctx->cipher_data; sl@0: struct session_op *sess = &state->d_sess; sl@0: int cipher; sl@0: sl@0: if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) sl@0: return (0); sl@0: sl@0: if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) sl@0: return (0); sl@0: sl@0: if (!cryptodev_key_length_valid(cipher, ctx->key_len)) sl@0: return (0); sl@0: sl@0: memset(sess, 0, sizeof(struct session_op)); sl@0: sl@0: if ((state->d_fd = get_dev_crypto()) < 0) sl@0: return (0); sl@0: sl@0: sess->key = (unsigned char *)key; sl@0: sess->keylen = ctx->key_len; sl@0: sess->cipher = cipher; sl@0: sl@0: if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { sl@0: close(state->d_fd); sl@0: state->d_fd = -1; sl@0: return (0); sl@0: } sl@0: return (1); sl@0: } sl@0: sl@0: /* sl@0: * free anything we allocated earlier when initting a sl@0: * session, and close the session. sl@0: */ sl@0: static int sl@0: cryptodev_cleanup(EVP_CIPHER_CTX *ctx) sl@0: { sl@0: int ret = 0; sl@0: struct dev_crypto_state *state = ctx->cipher_data; sl@0: struct session_op *sess = &state->d_sess; sl@0: sl@0: if (state->d_fd < 0) sl@0: return (0); sl@0: sl@0: /* XXX if this ioctl fails, someting's wrong. the invoker sl@0: * may have called us with a bogus ctx, or we could sl@0: * have a device that for whatever reason just doesn't sl@0: * want to play ball - it's not clear what's right sl@0: * here - should this be an error? should it just sl@0: * increase a counter, hmm. For right now, we return sl@0: * 0 - I don't believe that to be "right". we could sl@0: * call the gorpy openssl lib error handlers that sl@0: * print messages to users of the library. hmm.. sl@0: */ sl@0: sl@0: if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { sl@0: ret = 0; sl@0: } else { sl@0: ret = 1; sl@0: } sl@0: close(state->d_fd); sl@0: state->d_fd = -1; sl@0: sl@0: return (ret); sl@0: } sl@0: sl@0: /* sl@0: * libcrypto EVP stuff - this is how we get wired to EVP so the engine sl@0: * gets called when libcrypto requests a cipher NID. sl@0: */ sl@0: sl@0: /* DES CBC EVP */ sl@0: const EVP_CIPHER cryptodev_des_cbc = { sl@0: NID_des_cbc, sl@0: 8, 8, 8, sl@0: EVP_CIPH_CBC_MODE, sl@0: cryptodev_init_key, sl@0: cryptodev_cipher, sl@0: cryptodev_cleanup, sl@0: sizeof(struct dev_crypto_state), sl@0: EVP_CIPHER_set_asn1_iv, sl@0: EVP_CIPHER_get_asn1_iv, sl@0: NULL sl@0: }; sl@0: sl@0: /* 3DES CBC EVP */ sl@0: const EVP_CIPHER cryptodev_3des_cbc = { sl@0: NID_des_ede3_cbc, sl@0: 8, 24, 8, sl@0: EVP_CIPH_CBC_MODE, sl@0: cryptodev_init_key, sl@0: cryptodev_cipher, sl@0: cryptodev_cleanup, sl@0: sizeof(struct dev_crypto_state), sl@0: EVP_CIPHER_set_asn1_iv, sl@0: EVP_CIPHER_get_asn1_iv, sl@0: NULL sl@0: }; sl@0: sl@0: const EVP_CIPHER cryptodev_bf_cbc = { sl@0: NID_bf_cbc, sl@0: 8, 16, 8, sl@0: EVP_CIPH_CBC_MODE, sl@0: cryptodev_init_key, sl@0: cryptodev_cipher, sl@0: cryptodev_cleanup, sl@0: sizeof(struct dev_crypto_state), sl@0: EVP_CIPHER_set_asn1_iv, sl@0: EVP_CIPHER_get_asn1_iv, sl@0: NULL sl@0: }; sl@0: sl@0: const EVP_CIPHER cryptodev_cast_cbc = { sl@0: NID_cast5_cbc, sl@0: 8, 16, 8, sl@0: EVP_CIPH_CBC_MODE, sl@0: cryptodev_init_key, sl@0: cryptodev_cipher, sl@0: cryptodev_cleanup, sl@0: sizeof(struct dev_crypto_state), sl@0: EVP_CIPHER_set_asn1_iv, sl@0: EVP_CIPHER_get_asn1_iv, sl@0: NULL sl@0: }; sl@0: sl@0: const EVP_CIPHER cryptodev_aes_cbc = { sl@0: NID_aes_128_cbc, sl@0: 16, 16, 16, sl@0: EVP_CIPH_CBC_MODE, sl@0: cryptodev_init_key, sl@0: cryptodev_cipher, sl@0: cryptodev_cleanup, sl@0: sizeof(struct dev_crypto_state), sl@0: EVP_CIPHER_set_asn1_iv, sl@0: EVP_CIPHER_get_asn1_iv, sl@0: NULL sl@0: }; sl@0: sl@0: /* sl@0: * Registered by the ENGINE when used to find out how to deal with sl@0: * a particular NID in the ENGINE. this says what we'll do at the sl@0: * top level - note, that list is restricted by what we answer with sl@0: */ sl@0: static int sl@0: cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, sl@0: const int **nids, int nid) sl@0: { sl@0: if (!cipher) sl@0: return (cryptodev_usable_ciphers(nids)); sl@0: sl@0: switch (nid) { sl@0: case NID_des_ede3_cbc: sl@0: *cipher = &cryptodev_3des_cbc; sl@0: break; sl@0: case NID_des_cbc: sl@0: *cipher = &cryptodev_des_cbc; sl@0: break; sl@0: case NID_bf_cbc: sl@0: *cipher = &cryptodev_bf_cbc; sl@0: break; sl@0: case NID_cast5_cbc: sl@0: *cipher = &cryptodev_cast_cbc; sl@0: break; sl@0: case NID_aes_128_cbc: sl@0: *cipher = &cryptodev_aes_cbc; sl@0: break; sl@0: default: sl@0: *cipher = NULL; sl@0: break; sl@0: } sl@0: return (*cipher != NULL); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, sl@0: const int **nids, int nid) sl@0: { sl@0: if (!digest) sl@0: return (cryptodev_usable_digests(nids)); sl@0: sl@0: switch (nid) { sl@0: case NID_md5: sl@0: *digest = NULL; /* need to make a clean md5 critter */ sl@0: break; sl@0: default: sl@0: *digest = NULL; sl@0: break; sl@0: } sl@0: return (*digest != NULL); sl@0: } sl@0: sl@0: /* sl@0: * Convert a BIGNUM to the representation that /dev/crypto needs. sl@0: * Upon completion of use, the caller is responsible for freeing sl@0: * crp->crp_p. sl@0: */ sl@0: static int sl@0: bn2crparam(const BIGNUM *a, struct crparam *crp) sl@0: { sl@0: int i, j, k; sl@0: ssize_t words, bytes, bits; sl@0: u_char *b; sl@0: sl@0: crp->crp_p = NULL; sl@0: crp->crp_nbits = 0; sl@0: sl@0: bits = BN_num_bits(a); sl@0: bytes = (bits + 7) / 8; sl@0: sl@0: b = malloc(bytes); sl@0: if (b == NULL) sl@0: return (1); sl@0: sl@0: crp->crp_p = b; sl@0: crp->crp_nbits = bits; sl@0: sl@0: for (i = 0, j = 0; i < a->top; i++) { sl@0: for (k = 0; k < BN_BITS2 / 8; k++) { sl@0: if ((j + k) >= bytes) sl@0: return (0); sl@0: b[j + k] = a->d[i] >> (k * 8); sl@0: } sl@0: j += BN_BITS2 / 8; sl@0: } sl@0: return (0); sl@0: } sl@0: sl@0: /* Convert a /dev/crypto parameter to a BIGNUM */ sl@0: static int sl@0: crparam2bn(struct crparam *crp, BIGNUM *a) sl@0: { sl@0: u_int8_t *pd; sl@0: int i, bytes; sl@0: sl@0: bytes = (crp->crp_nbits + 7) / 8; sl@0: sl@0: if (bytes == 0) sl@0: return (-1); sl@0: sl@0: if ((pd = (u_int8_t *) malloc(bytes)) == NULL) sl@0: return (-1); sl@0: sl@0: for (i = 0; i < bytes; i++) sl@0: pd[i] = crp->crp_p[bytes - i - 1]; sl@0: sl@0: BN_bin2bn(pd, bytes, a); sl@0: free(pd); sl@0: sl@0: return (0); sl@0: } sl@0: sl@0: static void sl@0: zapparams(struct crypt_kop *kop) sl@0: { sl@0: int i; sl@0: sl@0: for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { sl@0: if (kop->crk_param[i].crp_p) sl@0: free(kop->crk_param[i].crp_p); sl@0: kop->crk_param[i].crp_p = NULL; sl@0: kop->crk_param[i].crp_nbits = 0; sl@0: } sl@0: } sl@0: sl@0: static int sl@0: cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) sl@0: { sl@0: int fd, ret = -1; sl@0: sl@0: if ((fd = get_asym_dev_crypto()) < 0) sl@0: return (ret); sl@0: sl@0: if (r) { sl@0: kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); sl@0: kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; sl@0: kop->crk_oparams++; sl@0: } sl@0: if (s) { sl@0: kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); sl@0: kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; sl@0: kop->crk_oparams++; sl@0: } sl@0: sl@0: if (ioctl(fd, CIOCKEY, kop) == 0) { sl@0: if (r) sl@0: crparam2bn(&kop->crk_param[kop->crk_iparams], r); sl@0: if (s) sl@0: crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); sl@0: ret = 0; sl@0: } sl@0: sl@0: return (ret); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, sl@0: const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) sl@0: { sl@0: struct crypt_kop kop; sl@0: int ret = 1; sl@0: sl@0: /* Currently, we know we can do mod exp iff we can do any sl@0: * asymmetric operations at all. sl@0: */ sl@0: if (cryptodev_asymfeat == 0) { sl@0: ret = BN_mod_exp(r, a, p, m, ctx); sl@0: return (ret); sl@0: } sl@0: sl@0: memset(&kop, 0, sizeof kop); sl@0: kop.crk_op = CRK_MOD_EXP; sl@0: sl@0: /* inputs: a^p % m */ sl@0: if (bn2crparam(a, &kop.crk_param[0])) sl@0: goto err; sl@0: if (bn2crparam(p, &kop.crk_param[1])) sl@0: goto err; sl@0: if (bn2crparam(m, &kop.crk_param[2])) sl@0: goto err; sl@0: kop.crk_iparams = 3; sl@0: sl@0: if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { sl@0: const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); sl@0: ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); sl@0: } sl@0: err: sl@0: zapparams(&kop); sl@0: return (ret); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) sl@0: { sl@0: int r; sl@0: BN_CTX *ctx; sl@0: sl@0: ctx = BN_CTX_new(); sl@0: r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); sl@0: BN_CTX_free(ctx); sl@0: return (r); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) sl@0: { sl@0: struct crypt_kop kop; sl@0: int ret = 1; sl@0: sl@0: if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { sl@0: /* XXX 0 means failure?? */ sl@0: return (0); sl@0: } sl@0: sl@0: memset(&kop, 0, sizeof kop); sl@0: kop.crk_op = CRK_MOD_EXP_CRT; sl@0: /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ sl@0: if (bn2crparam(rsa->p, &kop.crk_param[0])) sl@0: goto err; sl@0: if (bn2crparam(rsa->q, &kop.crk_param[1])) sl@0: goto err; sl@0: if (bn2crparam(I, &kop.crk_param[2])) sl@0: goto err; sl@0: if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) sl@0: goto err; sl@0: if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) sl@0: goto err; sl@0: if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) sl@0: goto err; sl@0: kop.crk_iparams = 6; sl@0: sl@0: if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { sl@0: const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); sl@0: ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); sl@0: } sl@0: err: sl@0: zapparams(&kop); sl@0: return (ret); sl@0: } sl@0: sl@0: static RSA_METHOD cryptodev_rsa = { sl@0: "cryptodev RSA method", sl@0: NULL, /* rsa_pub_enc */ sl@0: NULL, /* rsa_pub_dec */ sl@0: NULL, /* rsa_priv_enc */ sl@0: NULL, /* rsa_priv_dec */ sl@0: NULL, sl@0: NULL, sl@0: NULL, /* init */ sl@0: NULL, /* finish */ sl@0: 0, /* flags */ sl@0: NULL, /* app_data */ sl@0: NULL, /* rsa_sign */ sl@0: NULL /* rsa_verify */ sl@0: }; sl@0: sl@0: static int sl@0: cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, sl@0: const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) sl@0: { sl@0: return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, sl@0: BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, sl@0: BN_CTX *ctx, BN_MONT_CTX *mont) sl@0: { sl@0: BIGNUM t2; sl@0: int ret = 0; sl@0: sl@0: BN_init(&t2); sl@0: sl@0: /* v = ( g^u1 * y^u2 mod p ) mod q */ sl@0: /* let t1 = g ^ u1 mod p */ sl@0: ret = 0; sl@0: sl@0: if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) sl@0: goto err; sl@0: sl@0: /* let t2 = y ^ u2 mod p */ sl@0: if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) sl@0: goto err; sl@0: /* let u1 = t1 * t2 mod p */ sl@0: if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) sl@0: goto err; sl@0: sl@0: BN_copy(t1,u1); sl@0: sl@0: ret = 1; sl@0: err: sl@0: BN_free(&t2); sl@0: return(ret); sl@0: } sl@0: sl@0: static DSA_SIG * sl@0: cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) sl@0: { sl@0: struct crypt_kop kop; sl@0: BIGNUM *r = NULL, *s = NULL; sl@0: DSA_SIG *dsaret = NULL; sl@0: sl@0: if ((r = BN_new()) == NULL) sl@0: goto err; sl@0: if ((s = BN_new()) == NULL) { sl@0: BN_free(r); sl@0: goto err; sl@0: } sl@0: sl@0: memset(&kop, 0, sizeof kop); sl@0: kop.crk_op = CRK_DSA_SIGN; sl@0: sl@0: /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ sl@0: kop.crk_param[0].crp_p = (caddr_t)dgst; sl@0: kop.crk_param[0].crp_nbits = dlen * 8; sl@0: if (bn2crparam(dsa->p, &kop.crk_param[1])) sl@0: goto err; sl@0: if (bn2crparam(dsa->q, &kop.crk_param[2])) sl@0: goto err; sl@0: if (bn2crparam(dsa->g, &kop.crk_param[3])) sl@0: goto err; sl@0: if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) sl@0: goto err; sl@0: kop.crk_iparams = 5; sl@0: sl@0: if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, sl@0: BN_num_bytes(dsa->q), s) == 0) { sl@0: dsaret = DSA_SIG_new(); sl@0: dsaret->r = r; sl@0: dsaret->s = s; sl@0: } else { sl@0: const DSA_METHOD *meth = DSA_OpenSSL(); sl@0: BN_free(r); sl@0: BN_free(s); sl@0: dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); sl@0: } sl@0: err: sl@0: kop.crk_param[0].crp_p = NULL; sl@0: zapparams(&kop); sl@0: return (dsaret); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_dsa_verify(const unsigned char *dgst, int dlen, sl@0: DSA_SIG *sig, DSA *dsa) sl@0: { sl@0: struct crypt_kop kop; sl@0: int dsaret = 1; sl@0: sl@0: memset(&kop, 0, sizeof kop); sl@0: kop.crk_op = CRK_DSA_VERIFY; sl@0: sl@0: /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ sl@0: kop.crk_param[0].crp_p = (caddr_t)dgst; sl@0: kop.crk_param[0].crp_nbits = dlen * 8; sl@0: if (bn2crparam(dsa->p, &kop.crk_param[1])) sl@0: goto err; sl@0: if (bn2crparam(dsa->q, &kop.crk_param[2])) sl@0: goto err; sl@0: if (bn2crparam(dsa->g, &kop.crk_param[3])) sl@0: goto err; sl@0: if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) sl@0: goto err; sl@0: if (bn2crparam(sig->r, &kop.crk_param[5])) sl@0: goto err; sl@0: if (bn2crparam(sig->s, &kop.crk_param[6])) sl@0: goto err; sl@0: kop.crk_iparams = 7; sl@0: sl@0: if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { sl@0: dsaret = kop.crk_status; sl@0: } else { sl@0: const DSA_METHOD *meth = DSA_OpenSSL(); sl@0: sl@0: dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); sl@0: } sl@0: err: sl@0: kop.crk_param[0].crp_p = NULL; sl@0: zapparams(&kop); sl@0: return (dsaret); sl@0: } sl@0: sl@0: static DSA_METHOD cryptodev_dsa = { sl@0: "cryptodev DSA method", sl@0: NULL, sl@0: NULL, /* dsa_sign_setup */ sl@0: NULL, sl@0: NULL, /* dsa_mod_exp */ sl@0: NULL, sl@0: NULL, /* init */ sl@0: NULL, /* finish */ sl@0: 0, /* flags */ sl@0: NULL /* app_data */ sl@0: }; sl@0: sl@0: static int sl@0: cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, sl@0: const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, sl@0: BN_MONT_CTX *m_ctx) sl@0: { sl@0: return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); sl@0: } sl@0: sl@0: static int sl@0: cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) sl@0: { sl@0: struct crypt_kop kop; sl@0: int dhret = 1; sl@0: int fd, keylen; sl@0: sl@0: if ((fd = get_asym_dev_crypto()) < 0) { sl@0: const DH_METHOD *meth = DH_OpenSSL(); sl@0: sl@0: return ((meth->compute_key)(key, pub_key, dh)); sl@0: } sl@0: sl@0: keylen = BN_num_bits(dh->p); sl@0: sl@0: memset(&kop, 0, sizeof kop); sl@0: kop.crk_op = CRK_DH_COMPUTE_KEY; sl@0: sl@0: /* inputs: dh->priv_key pub_key dh->p key */ sl@0: if (bn2crparam(dh->priv_key, &kop.crk_param[0])) sl@0: goto err; sl@0: if (bn2crparam(pub_key, &kop.crk_param[1])) sl@0: goto err; sl@0: if (bn2crparam(dh->p, &kop.crk_param[2])) sl@0: goto err; sl@0: kop.crk_iparams = 3; sl@0: sl@0: kop.crk_param[3].crp_p = key; sl@0: kop.crk_param[3].crp_nbits = keylen * 8; sl@0: kop.crk_oparams = 1; sl@0: sl@0: if (ioctl(fd, CIOCKEY, &kop) == -1) { sl@0: const DH_METHOD *meth = DH_OpenSSL(); sl@0: sl@0: dhret = (meth->compute_key)(key, pub_key, dh); sl@0: } sl@0: err: sl@0: kop.crk_param[3].crp_p = NULL; sl@0: zapparams(&kop); sl@0: return (dhret); sl@0: } sl@0: sl@0: static DH_METHOD cryptodev_dh = { sl@0: "cryptodev DH method", sl@0: NULL, /* cryptodev_dh_generate_key */ sl@0: NULL, sl@0: NULL, sl@0: NULL, sl@0: NULL, sl@0: 0, /* flags */ sl@0: NULL /* app_data */ sl@0: }; sl@0: sl@0: /* sl@0: * ctrl right now is just a wrapper that doesn't do much sl@0: * but I expect we'll want some options soon. sl@0: */ sl@0: static int sl@0: cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) sl@0: { sl@0: #ifdef HAVE_SYSLOG_R sl@0: struct syslog_data sd = SYSLOG_DATA_INIT; sl@0: #endif sl@0: sl@0: switch (cmd) { sl@0: default: sl@0: #ifdef HAVE_SYSLOG_R sl@0: syslog_r(LOG_ERR, &sd, sl@0: "cryptodev_ctrl: unknown command %d", cmd); sl@0: #else sl@0: syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); sl@0: #endif sl@0: break; sl@0: } sl@0: return (1); sl@0: } sl@0: sl@0: EXPORT_C void sl@0: ENGINE_load_cryptodev(void) sl@0: { sl@0: ENGINE *engine = ENGINE_new(); sl@0: int fd; sl@0: sl@0: if (engine == NULL) sl@0: return; sl@0: if ((fd = get_dev_crypto()) < 0) { sl@0: ENGINE_free(engine); sl@0: return; sl@0: } sl@0: sl@0: /* sl@0: * find out what asymmetric crypto algorithms we support sl@0: */ sl@0: if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { sl@0: close(fd); sl@0: ENGINE_free(engine); sl@0: return; sl@0: } sl@0: close(fd); sl@0: sl@0: if (!ENGINE_set_id(engine, "cryptodev") || sl@0: !ENGINE_set_name(engine, "BSD cryptodev engine") || sl@0: !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || sl@0: !ENGINE_set_digests(engine, cryptodev_engine_digests) || sl@0: !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || sl@0: !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { sl@0: ENGINE_free(engine); sl@0: return; sl@0: } sl@0: sl@0: if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { sl@0: const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); sl@0: sl@0: cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; sl@0: cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; sl@0: cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; sl@0: cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; sl@0: cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; sl@0: cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; sl@0: if (cryptodev_asymfeat & CRF_MOD_EXP) { sl@0: cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; sl@0: if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) sl@0: cryptodev_rsa.rsa_mod_exp = sl@0: cryptodev_rsa_mod_exp; sl@0: else sl@0: cryptodev_rsa.rsa_mod_exp = sl@0: cryptodev_rsa_nocrt_mod_exp; sl@0: } sl@0: } sl@0: sl@0: if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { sl@0: const DSA_METHOD *meth = DSA_OpenSSL(); sl@0: sl@0: memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); sl@0: if (cryptodev_asymfeat & CRF_DSA_SIGN) sl@0: cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; sl@0: if (cryptodev_asymfeat & CRF_MOD_EXP) { sl@0: cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; sl@0: cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; sl@0: } sl@0: if (cryptodev_asymfeat & CRF_DSA_VERIFY) sl@0: cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; sl@0: } sl@0: sl@0: if (ENGINE_set_DH(engine, &cryptodev_dh)){ sl@0: const DH_METHOD *dh_meth = DH_OpenSSL(); sl@0: sl@0: cryptodev_dh.generate_key = dh_meth->generate_key; sl@0: cryptodev_dh.compute_key = dh_meth->compute_key; sl@0: cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; sl@0: if (cryptodev_asymfeat & CRF_MOD_EXP) { sl@0: cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; sl@0: if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) sl@0: cryptodev_dh.compute_key = sl@0: cryptodev_dh_compute_key; sl@0: } sl@0: } sl@0: sl@0: ENGINE_add(engine); sl@0: ENGINE_free(engine); sl@0: ERR_clear_error(); sl@0: } sl@0: sl@0: #endif /* HAVE_CRYPTODEV */