eng_cryptodev.c 33 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419
  1. /*
  2. * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
  3. * Copyright (c) 2002 Theo de Raadt
  4. * Copyright (c) 2002 Markus Friedl
  5. * All rights reserved.
  6. *
  7. * Redistribution and use in source and binary forms, with or without
  8. * modification, are permitted provided that the following conditions
  9. * are met:
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in the
  14. * documentation and/or other materials provided with the distribution.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  25. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. *
  27. */
  28. #include <openssl/objects.h>
  29. #include <openssl/engine.h>
  30. #include <openssl/evp.h>
  31. #include <openssl/bn.h>
  32. #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
  33. (defined(OpenBSD) || defined(__FreeBSD__))
  34. #include <sys/param.h>
  35. # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
  36. # define HAVE_CRYPTODEV
  37. # endif
  38. # if (OpenBSD >= 200110)
  39. # define HAVE_SYSLOG_R
  40. # endif
  41. #endif
  42. #ifndef HAVE_CRYPTODEV
  43. void
  44. ENGINE_load_cryptodev(void)
  45. {
  46. /* This is a NOP on platforms without /dev/crypto */
  47. return;
  48. }
  49. #else
  50. #include <sys/types.h>
  51. #include <crypto/cryptodev.h>
  52. #include <crypto/dh/dh.h>
  53. #include <crypto/dsa/dsa.h>
  54. #include <crypto/err/err.h>
  55. #include <crypto/rsa/rsa.h>
  56. #include <sys/ioctl.h>
  57. #include <errno.h>
  58. #include <stdio.h>
  59. #include <unistd.h>
  60. #include <fcntl.h>
  61. #include <stdarg.h>
  62. #include <syslog.h>
  63. #include <errno.h>
  64. #include <string.h>
  65. struct dev_crypto_state {
  66. struct session_op d_sess;
  67. int d_fd;
  68. #ifdef USE_CRYPTODEV_DIGESTS
  69. char dummy_mac_key[HASH_MAX_LEN];
  70. unsigned char digest_res[HASH_MAX_LEN];
  71. char *mac_data;
  72. int mac_len;
  73. int copy;
  74. #endif
  75. };
  76. static u_int32_t cryptodev_asymfeat = 0;
  77. static int get_asym_dev_crypto(void);
  78. static int open_dev_crypto(void);
  79. static int get_dev_crypto(void);
  80. static int get_cryptodev_ciphers(const int **cnids);
  81. #ifdef USE_CRYPTODEV_DIGESTS
  82. static int get_cryptodev_digests(const int **cnids);
  83. #endif
  84. static int cryptodev_usable_ciphers(const int **nids);
  85. static int cryptodev_usable_digests(const int **nids);
  86. static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  87. const unsigned char *in, size_t inl);
  88. static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  89. const unsigned char *iv, int enc);
  90. static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
  91. static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  92. const int **nids, int nid);
  93. static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
  94. const int **nids, int nid);
  95. static int bn2crparam(const BIGNUM *a, struct crparam *crp);
  96. static int crparam2bn(struct crparam *crp, BIGNUM *a);
  97. static void zapparams(struct crypt_kop *kop);
  98. static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
  99. int slen, BIGNUM *s);
  100. static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
  101. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  102. static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
  103. RSA *rsa, BN_CTX *ctx);
  104. static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
  105. static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
  106. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  107. static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
  108. BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
  109. BN_CTX *ctx, BN_MONT_CTX *mont);
  110. static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
  111. int dlen, DSA *dsa);
  112. static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
  113. DSA_SIG *sig, DSA *dsa);
  114. static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
  115. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  116. BN_MONT_CTX *m_ctx);
  117. static int cryptodev_dh_compute_key(unsigned char *key,
  118. const BIGNUM *pub_key, DH *dh);
  119. static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
  120. void (*f)(void));
  121. void ENGINE_load_cryptodev(void);
  122. static const ENGINE_CMD_DEFN cryptodev_defns[] = {
  123. { 0, NULL, NULL, 0 }
  124. };
  125. static struct {
  126. int id;
  127. int nid;
  128. int ivmax;
  129. int keylen;
  130. } ciphers[] = {
  131. { CRYPTO_ARC4, NID_rc4, 0, 16, },
  132. { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
  133. { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
  134. { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
  135. { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
  136. { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
  137. { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
  138. { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
  139. { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
  140. { 0, NID_undef, 0, 0, },
  141. };
  142. #ifdef USE_CRYPTODEV_DIGESTS
  143. static struct {
  144. int id;
  145. int nid;
  146. int keylen;
  147. } digests[] = {
  148. { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
  149. { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
  150. { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
  151. { CRYPTO_MD5_KPDK, NID_undef, 0},
  152. { CRYPTO_SHA1_KPDK, NID_undef, 0},
  153. { CRYPTO_MD5, NID_md5, 16},
  154. { CRYPTO_SHA1, NID_sha1, 20},
  155. { 0, NID_undef, 0},
  156. };
  157. #endif
  158. /*
  159. * Return a fd if /dev/crypto seems usable, 0 otherwise.
  160. */
  161. static int
  162. open_dev_crypto(void)
  163. {
  164. static int fd = -1;
  165. if (fd == -1) {
  166. if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
  167. return (-1);
  168. /* close on exec */
  169. if (fcntl(fd, F_SETFD, 1) == -1) {
  170. close(fd);
  171. fd = -1;
  172. return (-1);
  173. }
  174. }
  175. return (fd);
  176. }
  177. static int
  178. get_dev_crypto(void)
  179. {
  180. int fd, retfd;
  181. if ((fd = open_dev_crypto()) == -1)
  182. return (-1);
  183. if (ioctl(fd, CRIOGET, &retfd) == -1)
  184. return (-1);
  185. /* close on exec */
  186. if (fcntl(retfd, F_SETFD, 1) == -1) {
  187. close(retfd);
  188. return (-1);
  189. }
  190. return (retfd);
  191. }
  192. /* Caching version for asym operations */
  193. static int
  194. get_asym_dev_crypto(void)
  195. {
  196. static int fd = -1;
  197. if (fd == -1)
  198. fd = get_dev_crypto();
  199. return fd;
  200. }
  201. /*
  202. * Find out what ciphers /dev/crypto will let us have a session for.
  203. * XXX note, that some of these openssl doesn't deal with yet!
  204. * returning them here is harmless, as long as we return NULL
  205. * when asked for a handler in the cryptodev_engine_ciphers routine
  206. */
  207. static int
  208. get_cryptodev_ciphers(const int **cnids)
  209. {
  210. static int nids[CRYPTO_ALGORITHM_MAX];
  211. struct session_op sess;
  212. int fd, i, count = 0;
  213. if ((fd = get_dev_crypto()) < 0) {
  214. *cnids = NULL;
  215. return (0);
  216. }
  217. memset(&sess, 0, sizeof(sess));
  218. sess.key = (caddr_t)"123456789abcdefghijklmno";
  219. for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
  220. if (ciphers[i].nid == NID_undef)
  221. continue;
  222. sess.cipher = ciphers[i].id;
  223. sess.keylen = ciphers[i].keylen;
  224. sess.mac = 0;
  225. if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
  226. ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
  227. nids[count++] = ciphers[i].nid;
  228. }
  229. close(fd);
  230. if (count > 0)
  231. *cnids = nids;
  232. else
  233. *cnids = NULL;
  234. return (count);
  235. }
  236. #ifdef USE_CRYPTODEV_DIGESTS
  237. /*
  238. * Find out what digests /dev/crypto will let us have a session for.
  239. * XXX note, that some of these openssl doesn't deal with yet!
  240. * returning them here is harmless, as long as we return NULL
  241. * when asked for a handler in the cryptodev_engine_digests routine
  242. */
  243. static int
  244. get_cryptodev_digests(const int **cnids)
  245. {
  246. static int nids[CRYPTO_ALGORITHM_MAX];
  247. struct session_op sess;
  248. int fd, i, count = 0;
  249. if ((fd = get_dev_crypto()) < 0) {
  250. *cnids = NULL;
  251. return (0);
  252. }
  253. memset(&sess, 0, sizeof(sess));
  254. sess.mackey = (caddr_t)"123456789abcdefghijklmno";
  255. for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
  256. if (digests[i].nid == NID_undef)
  257. continue;
  258. sess.mac = digests[i].id;
  259. sess.mackeylen = digests[i].keylen;
  260. sess.cipher = 0;
  261. if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
  262. ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
  263. nids[count++] = digests[i].nid;
  264. }
  265. close(fd);
  266. if (count > 0)
  267. *cnids = nids;
  268. else
  269. *cnids = NULL;
  270. return (count);
  271. }
  272. #endif /* 0 */
  273. /*
  274. * Find the useable ciphers|digests from dev/crypto - this is the first
  275. * thing called by the engine init crud which determines what it
  276. * can use for ciphers from this engine. We want to return
  277. * only what we can do, anythine else is handled by software.
  278. *
  279. * If we can't initialize the device to do anything useful for
  280. * any reason, we want to return a NULL array, and 0 length,
  281. * which forces everything to be done is software. By putting
  282. * the initalization of the device in here, we ensure we can
  283. * use this engine as the default, and if for whatever reason
  284. * /dev/crypto won't do what we want it will just be done in
  285. * software
  286. *
  287. * This can (should) be greatly expanded to perhaps take into
  288. * account speed of the device, and what we want to do.
  289. * (although the disabling of particular alg's could be controlled
  290. * by the device driver with sysctl's.) - this is where we
  291. * want most of the decisions made about what we actually want
  292. * to use from /dev/crypto.
  293. */
  294. static int
  295. cryptodev_usable_ciphers(const int **nids)
  296. {
  297. return (get_cryptodev_ciphers(nids));
  298. }
  299. static int
  300. cryptodev_usable_digests(const int **nids)
  301. {
  302. #ifdef USE_CRYPTODEV_DIGESTS
  303. return (get_cryptodev_digests(nids));
  304. #else
  305. /*
  306. * XXXX just disable all digests for now, because it sucks.
  307. * we need a better way to decide this - i.e. I may not
  308. * want digests on slow cards like hifn on fast machines,
  309. * but might want them on slow or loaded machines, etc.
  310. * will also want them when using crypto cards that don't
  311. * suck moose gonads - would be nice to be able to decide something
  312. * as reasonable default without having hackery that's card dependent.
  313. * of course, the default should probably be just do everything,
  314. * with perhaps a sysctl to turn algoritms off (or have them off
  315. * by default) on cards that generally suck like the hifn.
  316. */
  317. *nids = NULL;
  318. return (0);
  319. #endif
  320. }
  321. static int
  322. cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  323. const unsigned char *in, size_t inl)
  324. {
  325. struct crypt_op cryp;
  326. struct dev_crypto_state *state = ctx->cipher_data;
  327. struct session_op *sess = &state->d_sess;
  328. const void *iiv;
  329. unsigned char save_iv[EVP_MAX_IV_LENGTH];
  330. if (state->d_fd < 0)
  331. return (0);
  332. if (!inl)
  333. return (1);
  334. if ((inl % ctx->cipher->block_size) != 0)
  335. return (0);
  336. memset(&cryp, 0, sizeof(cryp));
  337. cryp.ses = sess->ses;
  338. cryp.flags = 0;
  339. cryp.len = inl;
  340. cryp.src = (caddr_t) in;
  341. cryp.dst = (caddr_t) out;
  342. cryp.mac = 0;
  343. cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
  344. if (ctx->cipher->iv_len) {
  345. cryp.iv = (caddr_t) ctx->iv;
  346. if (!ctx->encrypt) {
  347. iiv = in + inl - ctx->cipher->iv_len;
  348. memcpy(save_iv, iiv, ctx->cipher->iv_len);
  349. }
  350. } else
  351. cryp.iv = NULL;
  352. if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
  353. /* XXX need better errror handling
  354. * this can fail for a number of different reasons.
  355. */
  356. return (0);
  357. }
  358. if (ctx->cipher->iv_len) {
  359. if (ctx->encrypt)
  360. iiv = out + inl - ctx->cipher->iv_len;
  361. else
  362. iiv = save_iv;
  363. memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
  364. }
  365. return (1);
  366. }
  367. static int
  368. cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  369. const unsigned char *iv, int enc)
  370. {
  371. struct dev_crypto_state *state = ctx->cipher_data;
  372. struct session_op *sess = &state->d_sess;
  373. int cipher = -1, i;
  374. for (i = 0; ciphers[i].id; i++)
  375. if (ctx->cipher->nid == ciphers[i].nid &&
  376. ctx->cipher->iv_len <= ciphers[i].ivmax &&
  377. ctx->key_len == ciphers[i].keylen) {
  378. cipher = ciphers[i].id;
  379. break;
  380. }
  381. if (!ciphers[i].id) {
  382. state->d_fd = -1;
  383. return (0);
  384. }
  385. memset(sess, 0, sizeof(struct session_op));
  386. if ((state->d_fd = get_dev_crypto()) < 0)
  387. return (0);
  388. sess->key = (caddr_t)key;
  389. sess->keylen = ctx->key_len;
  390. sess->cipher = cipher;
  391. if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
  392. close(state->d_fd);
  393. state->d_fd = -1;
  394. return (0);
  395. }
  396. return (1);
  397. }
  398. /*
  399. * free anything we allocated earlier when initting a
  400. * session, and close the session.
  401. */
  402. static int
  403. cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
  404. {
  405. int ret = 0;
  406. struct dev_crypto_state *state = ctx->cipher_data;
  407. struct session_op *sess = &state->d_sess;
  408. if (state->d_fd < 0)
  409. return (0);
  410. /* XXX if this ioctl fails, someting's wrong. the invoker
  411. * may have called us with a bogus ctx, or we could
  412. * have a device that for whatever reason just doesn't
  413. * want to play ball - it's not clear what's right
  414. * here - should this be an error? should it just
  415. * increase a counter, hmm. For right now, we return
  416. * 0 - I don't believe that to be "right". we could
  417. * call the gorpy openssl lib error handlers that
  418. * print messages to users of the library. hmm..
  419. */
  420. if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
  421. ret = 0;
  422. } else {
  423. ret = 1;
  424. }
  425. close(state->d_fd);
  426. state->d_fd = -1;
  427. return (ret);
  428. }
  429. /*
  430. * libcrypto EVP stuff - this is how we get wired to EVP so the engine
  431. * gets called when libcrypto requests a cipher NID.
  432. */
  433. /* RC4 */
  434. const EVP_CIPHER cryptodev_rc4 = {
  435. NID_rc4,
  436. 1, 16, 0,
  437. EVP_CIPH_VARIABLE_LENGTH,
  438. cryptodev_init_key,
  439. cryptodev_cipher,
  440. cryptodev_cleanup,
  441. sizeof(struct dev_crypto_state),
  442. NULL,
  443. NULL,
  444. NULL
  445. };
  446. /* DES CBC EVP */
  447. const EVP_CIPHER cryptodev_des_cbc = {
  448. NID_des_cbc,
  449. 8, 8, 8,
  450. EVP_CIPH_CBC_MODE,
  451. cryptodev_init_key,
  452. cryptodev_cipher,
  453. cryptodev_cleanup,
  454. sizeof(struct dev_crypto_state),
  455. EVP_CIPHER_set_asn1_iv,
  456. EVP_CIPHER_get_asn1_iv,
  457. NULL
  458. };
  459. /* 3DES CBC EVP */
  460. const EVP_CIPHER cryptodev_3des_cbc = {
  461. NID_des_ede3_cbc,
  462. 8, 24, 8,
  463. EVP_CIPH_CBC_MODE,
  464. cryptodev_init_key,
  465. cryptodev_cipher,
  466. cryptodev_cleanup,
  467. sizeof(struct dev_crypto_state),
  468. EVP_CIPHER_set_asn1_iv,
  469. EVP_CIPHER_get_asn1_iv,
  470. NULL
  471. };
  472. const EVP_CIPHER cryptodev_bf_cbc = {
  473. NID_bf_cbc,
  474. 8, 16, 8,
  475. EVP_CIPH_CBC_MODE,
  476. cryptodev_init_key,
  477. cryptodev_cipher,
  478. cryptodev_cleanup,
  479. sizeof(struct dev_crypto_state),
  480. EVP_CIPHER_set_asn1_iv,
  481. EVP_CIPHER_get_asn1_iv,
  482. NULL
  483. };
  484. const EVP_CIPHER cryptodev_cast_cbc = {
  485. NID_cast5_cbc,
  486. 8, 16, 8,
  487. EVP_CIPH_CBC_MODE,
  488. cryptodev_init_key,
  489. cryptodev_cipher,
  490. cryptodev_cleanup,
  491. sizeof(struct dev_crypto_state),
  492. EVP_CIPHER_set_asn1_iv,
  493. EVP_CIPHER_get_asn1_iv,
  494. NULL
  495. };
  496. const EVP_CIPHER cryptodev_aes_cbc = {
  497. NID_aes_128_cbc,
  498. 16, 16, 16,
  499. EVP_CIPH_CBC_MODE,
  500. cryptodev_init_key,
  501. cryptodev_cipher,
  502. cryptodev_cleanup,
  503. sizeof(struct dev_crypto_state),
  504. EVP_CIPHER_set_asn1_iv,
  505. EVP_CIPHER_get_asn1_iv,
  506. NULL
  507. };
  508. const EVP_CIPHER cryptodev_aes_192_cbc = {
  509. NID_aes_192_cbc,
  510. 16, 24, 16,
  511. EVP_CIPH_CBC_MODE,
  512. cryptodev_init_key,
  513. cryptodev_cipher,
  514. cryptodev_cleanup,
  515. sizeof(struct dev_crypto_state),
  516. EVP_CIPHER_set_asn1_iv,
  517. EVP_CIPHER_get_asn1_iv,
  518. NULL
  519. };
  520. const EVP_CIPHER cryptodev_aes_256_cbc = {
  521. NID_aes_256_cbc,
  522. 16, 32, 16,
  523. EVP_CIPH_CBC_MODE,
  524. cryptodev_init_key,
  525. cryptodev_cipher,
  526. cryptodev_cleanup,
  527. sizeof(struct dev_crypto_state),
  528. EVP_CIPHER_set_asn1_iv,
  529. EVP_CIPHER_get_asn1_iv,
  530. NULL
  531. };
  532. /*
  533. * Registered by the ENGINE when used to find out how to deal with
  534. * a particular NID in the ENGINE. this says what we'll do at the
  535. * top level - note, that list is restricted by what we answer with
  536. */
  537. static int
  538. cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  539. const int **nids, int nid)
  540. {
  541. if (!cipher)
  542. return (cryptodev_usable_ciphers(nids));
  543. switch (nid) {
  544. case NID_rc4:
  545. *cipher = &cryptodev_rc4;
  546. break;
  547. case NID_des_ede3_cbc:
  548. *cipher = &cryptodev_3des_cbc;
  549. break;
  550. case NID_des_cbc:
  551. *cipher = &cryptodev_des_cbc;
  552. break;
  553. case NID_bf_cbc:
  554. *cipher = &cryptodev_bf_cbc;
  555. break;
  556. case NID_cast5_cbc:
  557. *cipher = &cryptodev_cast_cbc;
  558. break;
  559. case NID_aes_128_cbc:
  560. *cipher = &cryptodev_aes_cbc;
  561. break;
  562. case NID_aes_192_cbc:
  563. *cipher = &cryptodev_aes_192_cbc;
  564. break;
  565. case NID_aes_256_cbc:
  566. *cipher = &cryptodev_aes_256_cbc;
  567. break;
  568. default:
  569. *cipher = NULL;
  570. break;
  571. }
  572. return (*cipher != NULL);
  573. }
  574. #ifdef USE_CRYPTODEV_DIGESTS
  575. /* convert digest type to cryptodev */
  576. static int
  577. digest_nid_to_cryptodev(int nid)
  578. {
  579. int i;
  580. for (i = 0; digests[i].id; i++)
  581. if (digests[i].nid == nid)
  582. return (digests[i].id);
  583. return (0);
  584. }
  585. static int
  586. digest_key_length(int nid)
  587. {
  588. int i;
  589. for (i = 0; digests[i].id; i++)
  590. if (digests[i].nid == nid)
  591. return digests[i].keylen;
  592. return (0);
  593. }
  594. static int cryptodev_digest_init(EVP_MD_CTX *ctx)
  595. {
  596. struct dev_crypto_state *state = ctx->md_data;
  597. struct session_op *sess = &state->d_sess;
  598. int digest;
  599. if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
  600. printf("cryptodev_digest_init: Can't get digest \n");
  601. return (0);
  602. }
  603. memset(state, 0, sizeof(struct dev_crypto_state));
  604. if ((state->d_fd = get_dev_crypto()) < 0) {
  605. printf("cryptodev_digest_init: Can't get Dev \n");
  606. return (0);
  607. }
  608. sess->mackey = state->dummy_mac_key;
  609. sess->mackeylen = digest_key_length(ctx->digest->type);
  610. sess->mac = digest;
  611. if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
  612. close(state->d_fd);
  613. state->d_fd = -1;
  614. printf("cryptodev_digest_init: Open session failed\n");
  615. return (0);
  616. }
  617. return (1);
  618. }
  619. static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
  620. size_t count)
  621. {
  622. struct crypt_op cryp;
  623. struct dev_crypto_state *state = ctx->md_data;
  624. struct session_op *sess = &state->d_sess;
  625. if (!data || state->d_fd < 0) {
  626. printf("cryptodev_digest_update: illegal inputs \n");
  627. return (0);
  628. }
  629. if (!count) {
  630. return (0);
  631. }
  632. if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
  633. /* if application doesn't support one buffer */
  634. state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
  635. if (!state->mac_data) {
  636. printf("cryptodev_digest_update: realloc failed\n");
  637. return (0);
  638. }
  639. memcpy(state->mac_data + state->mac_len, data, count);
  640. state->mac_len += count;
  641. return (1);
  642. }
  643. memset(&cryp, 0, sizeof(cryp));
  644. cryp.ses = sess->ses;
  645. cryp.flags = 0;
  646. cryp.len = count;
  647. cryp.src = (caddr_t) data;
  648. cryp.dst = NULL;
  649. cryp.mac = (caddr_t) state->digest_res;
  650. if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
  651. printf("cryptodev_digest_update: digest failed\n");
  652. return (0);
  653. }
  654. return (1);
  655. }
  656. static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
  657. {
  658. struct crypt_op cryp;
  659. struct dev_crypto_state *state = ctx->md_data;
  660. struct session_op *sess = &state->d_sess;
  661. int ret = 1;
  662. if (!md || state->d_fd < 0) {
  663. printf("cryptodev_digest_final: illegal input\n");
  664. return(0);
  665. }
  666. if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
  667. /* if application doesn't support one buffer */
  668. memset(&cryp, 0, sizeof(cryp));
  669. cryp.ses = sess->ses;
  670. cryp.flags = 0;
  671. cryp.len = state->mac_len;
  672. cryp.src = state->mac_data;
  673. cryp.dst = NULL;
  674. cryp.mac = (caddr_t)md;
  675. if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
  676. printf("cryptodev_digest_final: digest failed\n");
  677. return (0);
  678. }
  679. return 1;
  680. }
  681. memcpy(md, state->digest_res, ctx->digest->md_size);
  682. return (ret);
  683. }
  684. static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
  685. {
  686. int ret = 1;
  687. struct dev_crypto_state *state = ctx->md_data;
  688. struct session_op *sess = &state->d_sess;
  689. if (state->d_fd < 0) {
  690. printf("cryptodev_digest_cleanup: illegal input\n");
  691. return (0);
  692. }
  693. if (state->mac_data) {
  694. OPENSSL_free(state->mac_data);
  695. state->mac_data = NULL;
  696. state->mac_len = 0;
  697. }
  698. if (state->copy)
  699. return 1;
  700. if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
  701. printf("cryptodev_digest_cleanup: failed to close session\n");
  702. ret = 0;
  703. } else {
  704. ret = 1;
  705. }
  706. close(state->d_fd);
  707. state->d_fd = -1;
  708. return (ret);
  709. }
  710. static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
  711. {
  712. struct dev_crypto_state *fstate = from->md_data;
  713. struct dev_crypto_state *dstate = to->md_data;
  714. memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
  715. if (fstate->mac_len != 0) {
  716. dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
  717. memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
  718. }
  719. dstate->copy = 1;
  720. return 1;
  721. }
  722. const EVP_MD cryptodev_sha1 = {
  723. NID_sha1,
  724. NID_undef,
  725. SHA_DIGEST_LENGTH,
  726. EVP_MD_FLAG_ONESHOT,
  727. cryptodev_digest_init,
  728. cryptodev_digest_update,
  729. cryptodev_digest_final,
  730. cryptodev_digest_copy,
  731. cryptodev_digest_cleanup,
  732. EVP_PKEY_NULL_method,
  733. SHA_CBLOCK,
  734. sizeof(struct dev_crypto_state),
  735. };
  736. const EVP_MD cryptodev_md5 = {
  737. NID_md5,
  738. NID_undef,
  739. 16 /* MD5_DIGEST_LENGTH */,
  740. EVP_MD_FLAG_ONESHOT,
  741. cryptodev_digest_init,
  742. cryptodev_digest_update,
  743. cryptodev_digest_final,
  744. cryptodev_digest_copy,
  745. cryptodev_digest_cleanup,
  746. EVP_PKEY_NULL_method,
  747. 64 /* MD5_CBLOCK */,
  748. sizeof(struct dev_crypto_state),
  749. };
  750. #endif /* USE_CRYPTODEV_DIGESTS */
  751. static int
  752. cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
  753. const int **nids, int nid)
  754. {
  755. if (!digest)
  756. return (cryptodev_usable_digests(nids));
  757. switch (nid) {
  758. #ifdef USE_CRYPTODEV_DIGESTS
  759. case NID_md5:
  760. *digest = &cryptodev_md5;
  761. break;
  762. case NID_sha1:
  763. *digest = &cryptodev_sha1;
  764. break;
  765. default:
  766. #endif /* USE_CRYPTODEV_DIGESTS */
  767. *digest = NULL;
  768. break;
  769. }
  770. return (*digest != NULL);
  771. }
  772. /*
  773. * Convert a BIGNUM to the representation that /dev/crypto needs.
  774. * Upon completion of use, the caller is responsible for freeing
  775. * crp->crp_p.
  776. */
  777. static int
  778. bn2crparam(const BIGNUM *a, struct crparam *crp)
  779. {
  780. int i, j, k;
  781. ssize_t bytes, bits;
  782. u_char *b;
  783. crp->crp_p = NULL;
  784. crp->crp_nbits = 0;
  785. bits = BN_num_bits(a);
  786. bytes = (bits + 7) / 8;
  787. b = malloc(bytes);
  788. if (b == NULL)
  789. return (1);
  790. memset(b, 0, bytes);
  791. crp->crp_p = (caddr_t) b;
  792. crp->crp_nbits = bits;
  793. for (i = 0, j = 0; i < a->top; i++) {
  794. for (k = 0; k < BN_BITS2 / 8; k++) {
  795. if ((j + k) >= bytes)
  796. return (0);
  797. b[j + k] = a->d[i] >> (k * 8);
  798. }
  799. j += BN_BITS2 / 8;
  800. }
  801. return (0);
  802. }
  803. /* Convert a /dev/crypto parameter to a BIGNUM */
  804. static int
  805. crparam2bn(struct crparam *crp, BIGNUM *a)
  806. {
  807. u_int8_t *pd;
  808. int i, bytes;
  809. bytes = (crp->crp_nbits + 7) / 8;
  810. if (bytes == 0)
  811. return (-1);
  812. if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
  813. return (-1);
  814. for (i = 0; i < bytes; i++)
  815. pd[i] = crp->crp_p[bytes - i - 1];
  816. BN_bin2bn(pd, bytes, a);
  817. free(pd);
  818. return (0);
  819. }
  820. static void
  821. zapparams(struct crypt_kop *kop)
  822. {
  823. int i;
  824. for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
  825. if (kop->crk_param[i].crp_p)
  826. free(kop->crk_param[i].crp_p);
  827. kop->crk_param[i].crp_p = NULL;
  828. kop->crk_param[i].crp_nbits = 0;
  829. }
  830. }
  831. static int
  832. cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
  833. {
  834. int fd, ret = -1;
  835. if ((fd = get_asym_dev_crypto()) < 0)
  836. return (ret);
  837. if (r) {
  838. kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
  839. kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
  840. kop->crk_oparams++;
  841. }
  842. if (s) {
  843. kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
  844. kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
  845. kop->crk_oparams++;
  846. }
  847. if (ioctl(fd, CIOCKEY, kop) == 0) {
  848. if (r)
  849. crparam2bn(&kop->crk_param[kop->crk_iparams], r);
  850. if (s)
  851. crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
  852. ret = 0;
  853. }
  854. return (ret);
  855. }
  856. static int
  857. cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  858. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
  859. {
  860. struct crypt_kop kop;
  861. int ret = 1;
  862. /* Currently, we know we can do mod exp iff we can do any
  863. * asymmetric operations at all.
  864. */
  865. if (cryptodev_asymfeat == 0) {
  866. ret = BN_mod_exp(r, a, p, m, ctx);
  867. return (ret);
  868. }
  869. memset(&kop, 0, sizeof kop);
  870. kop.crk_op = CRK_MOD_EXP;
  871. /* inputs: a^p % m */
  872. if (bn2crparam(a, &kop.crk_param[0]))
  873. goto err;
  874. if (bn2crparam(p, &kop.crk_param[1]))
  875. goto err;
  876. if (bn2crparam(m, &kop.crk_param[2]))
  877. goto err;
  878. kop.crk_iparams = 3;
  879. if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
  880. const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
  881. printf("OCF asym process failed, Running in software\n");
  882. ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
  883. } else if (ECANCELED == kop.crk_status) {
  884. const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
  885. printf("OCF hardware operation cancelled. Running in Software\n");
  886. ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
  887. }
  888. /* else cryptodev operation worked ok ==> ret = 1*/
  889. err:
  890. zapparams(&kop);
  891. return (ret);
  892. }
  893. static int
  894. cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  895. {
  896. int r;
  897. ctx = BN_CTX_new();
  898. r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
  899. BN_CTX_free(ctx);
  900. return (r);
  901. }
  902. static int
  903. cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  904. {
  905. struct crypt_kop kop;
  906. int ret = 1;
  907. if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
  908. /* XXX 0 means failure?? */
  909. return (0);
  910. }
  911. memset(&kop, 0, sizeof kop);
  912. kop.crk_op = CRK_MOD_EXP_CRT;
  913. /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
  914. if (bn2crparam(rsa->p, &kop.crk_param[0]))
  915. goto err;
  916. if (bn2crparam(rsa->q, &kop.crk_param[1]))
  917. goto err;
  918. if (bn2crparam(I, &kop.crk_param[2]))
  919. goto err;
  920. if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
  921. goto err;
  922. if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
  923. goto err;
  924. if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
  925. goto err;
  926. kop.crk_iparams = 6;
  927. if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
  928. const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
  929. printf("OCF asym process failed, running in Software\n");
  930. ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
  931. } else if (ECANCELED == kop.crk_status) {
  932. const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
  933. printf("OCF hardware operation cancelled. Running in Software\n");
  934. ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
  935. }
  936. /* else cryptodev operation worked ok ==> ret = 1*/
  937. err:
  938. zapparams(&kop);
  939. return (ret);
  940. }
  941. static RSA_METHOD cryptodev_rsa = {
  942. "cryptodev RSA method",
  943. NULL, /* rsa_pub_enc */
  944. NULL, /* rsa_pub_dec */
  945. NULL, /* rsa_priv_enc */
  946. NULL, /* rsa_priv_dec */
  947. NULL,
  948. NULL,
  949. NULL, /* init */
  950. NULL, /* finish */
  951. 0, /* flags */
  952. NULL, /* app_data */
  953. NULL, /* rsa_sign */
  954. NULL /* rsa_verify */
  955. };
  956. static int
  957. cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
  958. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  959. {
  960. return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
  961. }
  962. static int
  963. cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
  964. BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
  965. BN_CTX *ctx, BN_MONT_CTX *mont)
  966. {
  967. BIGNUM t2;
  968. int ret = 0;
  969. BN_init(&t2);
  970. /* v = ( g^u1 * y^u2 mod p ) mod q */
  971. /* let t1 = g ^ u1 mod p */
  972. ret = 0;
  973. if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
  974. goto err;
  975. /* let t2 = y ^ u2 mod p */
  976. if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
  977. goto err;
  978. /* let u1 = t1 * t2 mod p */
  979. if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
  980. goto err;
  981. BN_copy(t1,u1);
  982. ret = 1;
  983. err:
  984. BN_free(&t2);
  985. return(ret);
  986. }
  987. static DSA_SIG *
  988. cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
  989. {
  990. struct crypt_kop kop;
  991. BIGNUM *r = NULL, *s = NULL;
  992. DSA_SIG *dsaret = NULL;
  993. if ((r = BN_new()) == NULL)
  994. goto err;
  995. if ((s = BN_new()) == NULL) {
  996. BN_free(r);
  997. goto err;
  998. }
  999. memset(&kop, 0, sizeof kop);
  1000. kop.crk_op = CRK_DSA_SIGN;
  1001. /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
  1002. kop.crk_param[0].crp_p = (caddr_t)dgst;
  1003. kop.crk_param[0].crp_nbits = dlen * 8;
  1004. if (bn2crparam(dsa->p, &kop.crk_param[1]))
  1005. goto err;
  1006. if (bn2crparam(dsa->q, &kop.crk_param[2]))
  1007. goto err;
  1008. if (bn2crparam(dsa->g, &kop.crk_param[3]))
  1009. goto err;
  1010. if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
  1011. goto err;
  1012. kop.crk_iparams = 5;
  1013. if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
  1014. BN_num_bytes(dsa->q), s) == 0) {
  1015. dsaret = DSA_SIG_new();
  1016. dsaret->r = r;
  1017. dsaret->s = s;
  1018. } else {
  1019. const DSA_METHOD *meth = DSA_OpenSSL();
  1020. BN_free(r);
  1021. BN_free(s);
  1022. dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
  1023. }
  1024. err:
  1025. kop.crk_param[0].crp_p = NULL;
  1026. zapparams(&kop);
  1027. return (dsaret);
  1028. }
  1029. static int
  1030. cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
  1031. DSA_SIG *sig, DSA *dsa)
  1032. {
  1033. struct crypt_kop kop;
  1034. int dsaret = 1;
  1035. memset(&kop, 0, sizeof kop);
  1036. kop.crk_op = CRK_DSA_VERIFY;
  1037. /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
  1038. kop.crk_param[0].crp_p = (caddr_t)dgst;
  1039. kop.crk_param[0].crp_nbits = dlen * 8;
  1040. if (bn2crparam(dsa->p, &kop.crk_param[1]))
  1041. goto err;
  1042. if (bn2crparam(dsa->q, &kop.crk_param[2]))
  1043. goto err;
  1044. if (bn2crparam(dsa->g, &kop.crk_param[3]))
  1045. goto err;
  1046. if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
  1047. goto err;
  1048. if (bn2crparam(sig->r, &kop.crk_param[5]))
  1049. goto err;
  1050. if (bn2crparam(sig->s, &kop.crk_param[6]))
  1051. goto err;
  1052. kop.crk_iparams = 7;
  1053. if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
  1054. /*OCF success value is 0, if not zero, change dsaret to fail*/
  1055. if(0 != kop.crk_status) dsaret = 0;
  1056. } else {
  1057. const DSA_METHOD *meth = DSA_OpenSSL();
  1058. dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
  1059. }
  1060. err:
  1061. kop.crk_param[0].crp_p = NULL;
  1062. zapparams(&kop);
  1063. return (dsaret);
  1064. }
  1065. static DSA_METHOD cryptodev_dsa = {
  1066. "cryptodev DSA method",
  1067. NULL,
  1068. NULL, /* dsa_sign_setup */
  1069. NULL,
  1070. NULL, /* dsa_mod_exp */
  1071. NULL,
  1072. NULL, /* init */
  1073. NULL, /* finish */
  1074. 0, /* flags */
  1075. NULL /* app_data */
  1076. };
  1077. static int
  1078. cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
  1079. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  1080. BN_MONT_CTX *m_ctx)
  1081. {
  1082. return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
  1083. }
  1084. static int
  1085. cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
  1086. {
  1087. struct crypt_kop kop;
  1088. int dhret = 1;
  1089. int fd, keylen;
  1090. if ((fd = get_asym_dev_crypto()) < 0) {
  1091. const DH_METHOD *meth = DH_OpenSSL();
  1092. return ((meth->compute_key)(key, pub_key, dh));
  1093. }
  1094. keylen = BN_num_bits(dh->p);
  1095. memset(&kop, 0, sizeof kop);
  1096. kop.crk_op = CRK_DH_COMPUTE_KEY;
  1097. /* inputs: dh->priv_key pub_key dh->p key */
  1098. if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
  1099. goto err;
  1100. if (bn2crparam(pub_key, &kop.crk_param[1]))
  1101. goto err;
  1102. if (bn2crparam(dh->p, &kop.crk_param[2]))
  1103. goto err;
  1104. kop.crk_iparams = 3;
  1105. kop.crk_param[3].crp_p = (caddr_t) key;
  1106. kop.crk_param[3].crp_nbits = keylen * 8;
  1107. kop.crk_oparams = 1;
  1108. if (ioctl(fd, CIOCKEY, &kop) == -1) {
  1109. const DH_METHOD *meth = DH_OpenSSL();
  1110. dhret = (meth->compute_key)(key, pub_key, dh);
  1111. }
  1112. err:
  1113. kop.crk_param[3].crp_p = NULL;
  1114. zapparams(&kop);
  1115. return (dhret);
  1116. }
  1117. static DH_METHOD cryptodev_dh = {
  1118. "cryptodev DH method",
  1119. NULL, /* cryptodev_dh_generate_key */
  1120. NULL,
  1121. NULL,
  1122. NULL,
  1123. NULL,
  1124. 0, /* flags */
  1125. NULL /* app_data */
  1126. };
  1127. /*
  1128. * ctrl right now is just a wrapper that doesn't do much
  1129. * but I expect we'll want some options soon.
  1130. */
  1131. static int
  1132. cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
  1133. {
  1134. #ifdef HAVE_SYSLOG_R
  1135. struct syslog_data sd = SYSLOG_DATA_INIT;
  1136. #endif
  1137. switch (cmd) {
  1138. default:
  1139. #ifdef HAVE_SYSLOG_R
  1140. syslog_r(LOG_ERR, &sd,
  1141. "cryptodev_ctrl: unknown command %d", cmd);
  1142. #else
  1143. syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
  1144. #endif
  1145. break;
  1146. }
  1147. return (1);
  1148. }
  1149. void
  1150. ENGINE_load_cryptodev(void)
  1151. {
  1152. ENGINE *engine = ENGINE_new();
  1153. int fd;
  1154. if (engine == NULL)
  1155. return;
  1156. if ((fd = get_dev_crypto()) < 0) {
  1157. ENGINE_free(engine);
  1158. return;
  1159. }
  1160. /*
  1161. * find out what asymmetric crypto algorithms we support
  1162. */
  1163. if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
  1164. close(fd);
  1165. ENGINE_free(engine);
  1166. return;
  1167. }
  1168. close(fd);
  1169. if (!ENGINE_set_id(engine, "cryptodev") ||
  1170. !ENGINE_set_name(engine, "BSD cryptodev engine") ||
  1171. !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
  1172. !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
  1173. !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
  1174. !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
  1175. ENGINE_free(engine);
  1176. return;
  1177. }
  1178. if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
  1179. const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
  1180. cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
  1181. cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
  1182. cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
  1183. cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
  1184. cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
  1185. cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
  1186. if (cryptodev_asymfeat & CRF_MOD_EXP) {
  1187. cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
  1188. if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
  1189. cryptodev_rsa.rsa_mod_exp =
  1190. cryptodev_rsa_mod_exp;
  1191. else
  1192. cryptodev_rsa.rsa_mod_exp =
  1193. cryptodev_rsa_nocrt_mod_exp;
  1194. }
  1195. }
  1196. if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
  1197. const DSA_METHOD *meth = DSA_OpenSSL();
  1198. memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
  1199. if (cryptodev_asymfeat & CRF_DSA_SIGN)
  1200. cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
  1201. if (cryptodev_asymfeat & CRF_MOD_EXP) {
  1202. cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
  1203. cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
  1204. }
  1205. if (cryptodev_asymfeat & CRF_DSA_VERIFY)
  1206. cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
  1207. }
  1208. if (ENGINE_set_DH(engine, &cryptodev_dh)){
  1209. const DH_METHOD *dh_meth = DH_OpenSSL();
  1210. cryptodev_dh.generate_key = dh_meth->generate_key;
  1211. cryptodev_dh.compute_key = dh_meth->compute_key;
  1212. cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
  1213. if (cryptodev_asymfeat & CRF_MOD_EXP) {
  1214. cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
  1215. if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
  1216. cryptodev_dh.compute_key =
  1217. cryptodev_dh_compute_key;
  1218. }
  1219. }
  1220. ENGINE_add(engine);
  1221. ENGINE_free(engine);
  1222. ERR_clear_error();
  1223. }
  1224. #endif /* HAVE_CRYPTODEV */