openbsd_hw.c 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446
  1. /* Written by Ben Laurie, 2001 */
  2. /*
  3. * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions
  7. * are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright
  10. * notice, this list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in
  14. * the documentation and/or other materials provided with the
  15. * distribution.
  16. *
  17. * 3. All advertising materials mentioning features or use of this
  18. * software must display the following acknowledgment:
  19. * "This product includes software developed by the OpenSSL Project
  20. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  21. *
  22. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  23. * endorse or promote products derived from this software without
  24. * prior written permission. For written permission, please contact
  25. * openssl-core@openssl.org.
  26. *
  27. * 5. Products derived from this software may not be called "OpenSSL"
  28. * nor may "OpenSSL" appear in their names without prior written
  29. * permission of the OpenSSL Project.
  30. *
  31. * 6. Redistributions of any form whatsoever must retain the following
  32. * acknowledgment:
  33. * "This product includes software developed by the OpenSSL Project
  34. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  35. *
  36. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  37. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  38. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  39. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  40. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  41. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  42. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  43. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  44. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  45. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  46. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  47. * OF THE POSSIBILITY OF SUCH DAMAGE.
  48. */
  49. #include <openssl/evp.h>
  50. #include <openssl/objects.h>
  51. #include <openssl/rsa.h>
  52. #include "evp_locl.h"
  53. /* This stuff should now all be supported through
  54. * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
  55. static void *dummy=&dummy;
  56. #if 0
  57. /* check flag after OpenSSL headers to ensure make depend works */
  58. #ifdef OPENSSL_OPENBSD_DEV_CRYPTO
  59. #include <fcntl.h>
  60. #include <stdio.h>
  61. #include <errno.h>
  62. #include <sys/ioctl.h>
  63. #include <crypto/cryptodev.h>
  64. #include <unistd.h>
  65. #include <assert.h>
  66. /* longest key supported in hardware */
  67. #define MAX_HW_KEY 24
  68. #define MAX_HW_IV 8
  69. #define MD5_DIGEST_LENGTH 16
  70. #define MD5_CBLOCK 64
  71. static int fd;
  72. static int dev_failed;
  73. typedef struct session_op session_op;
  74. #define CDATA(ctx) EVP_C_DATA(session_op,ctx)
  75. static void err(const char *str)
  76. {
  77. fprintf(stderr,"%s: errno %d\n",str,errno);
  78. }
  79. static int dev_crypto_init(session_op *ses)
  80. {
  81. if(dev_failed)
  82. return 0;
  83. if(!fd)
  84. {
  85. int cryptodev_fd;
  86. if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
  87. {
  88. err("/dev/crypto");
  89. dev_failed=1;
  90. return 0;
  91. }
  92. if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
  93. {
  94. err("CRIOGET failed");
  95. close(cryptodev_fd);
  96. dev_failed=1;
  97. return 0;
  98. }
  99. close(cryptodev_fd);
  100. }
  101. assert(ses);
  102. memset(ses,'\0',sizeof *ses);
  103. return 1;
  104. }
  105. static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
  106. {
  107. if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
  108. err("CIOCFSESSION failed");
  109. OPENSSL_free(CDATA(ctx)->key);
  110. return 1;
  111. }
  112. static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
  113. const unsigned char *key,int klen)
  114. {
  115. if(!dev_crypto_init(CDATA(ctx)))
  116. return 0;
  117. CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
  118. assert(ctx->cipher->iv_len <= MAX_HW_IV);
  119. memcpy(CDATA(ctx)->key,key,klen);
  120. CDATA(ctx)->cipher=cipher;
  121. CDATA(ctx)->keylen=klen;
  122. if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
  123. {
  124. err("CIOCGSESSION failed");
  125. return 0;
  126. }
  127. return 1;
  128. }
  129. static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
  130. const unsigned char *in,unsigned int inl)
  131. {
  132. struct crypt_op cryp;
  133. unsigned char lb[MAX_HW_IV];
  134. if(!inl)
  135. return 1;
  136. assert(CDATA(ctx));
  137. assert(!dev_failed);
  138. memset(&cryp,'\0',sizeof cryp);
  139. cryp.ses=CDATA(ctx)->ses;
  140. cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
  141. cryp.flags=0;
  142. cryp.len=inl;
  143. assert((inl&(ctx->cipher->block_size-1)) == 0);
  144. cryp.src=(caddr_t)in;
  145. cryp.dst=(caddr_t)out;
  146. cryp.mac=0;
  147. if(ctx->cipher->iv_len)
  148. cryp.iv=(caddr_t)ctx->iv;
  149. if(!ctx->encrypt)
  150. memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
  151. if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
  152. {
  153. if(errno == EINVAL) /* buffers are misaligned */
  154. {
  155. unsigned int cinl=0;
  156. char *cin=NULL;
  157. char *cout=NULL;
  158. /* NB: this can only make cinl != inl with stream ciphers */
  159. cinl=(inl+3)/4*4;
  160. if(((unsigned long)in&3) || cinl != inl)
  161. {
  162. cin=OPENSSL_malloc(cinl);
  163. memcpy(cin,in,inl);
  164. cryp.src=cin;
  165. }
  166. if(((unsigned long)out&3) || cinl != inl)
  167. {
  168. cout=OPENSSL_malloc(cinl);
  169. cryp.dst=cout;
  170. }
  171. cryp.len=cinl;
  172. if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
  173. {
  174. err("CIOCCRYPT(2) failed");
  175. printf("src=%p dst=%p\n",cryp.src,cryp.dst);
  176. abort();
  177. return 0;
  178. }
  179. if(cout)
  180. {
  181. memcpy(out,cout,inl);
  182. OPENSSL_free(cout);
  183. }
  184. if(cin)
  185. OPENSSL_free(cin);
  186. }
  187. else
  188. {
  189. err("CIOCCRYPT failed");
  190. abort();
  191. return 0;
  192. }
  193. }
  194. if(ctx->encrypt)
  195. memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
  196. else
  197. memcpy(ctx->iv,lb,ctx->cipher->iv_len);
  198. return 1;
  199. }
  200. static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
  201. const unsigned char *key,
  202. const unsigned char *iv, int enc)
  203. { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
  204. #define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
  205. BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
  206. 0, dev_crypto_des_ede3_init_key,
  207. dev_crypto_cleanup,
  208. EVP_CIPHER_set_asn1_iv,
  209. EVP_CIPHER_get_asn1_iv,
  210. NULL)
  211. static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
  212. const unsigned char *key,
  213. const unsigned char *iv, int enc)
  214. { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
  215. static const EVP_CIPHER r4_cipher=
  216. {
  217. NID_rc4,
  218. 1,16,0, /* FIXME: key should be up to 256 bytes */
  219. EVP_CIPH_VARIABLE_LENGTH,
  220. dev_crypto_rc4_init_key,
  221. dev_crypto_cipher,
  222. dev_crypto_cleanup,
  223. sizeof(session_op),
  224. NULL,
  225. NULL,
  226. NULL
  227. };
  228. const EVP_CIPHER *EVP_dev_crypto_rc4(void)
  229. { return &r4_cipher; }
  230. typedef struct
  231. {
  232. session_op sess;
  233. char *data;
  234. int len;
  235. unsigned char md[EVP_MAX_MD_SIZE];
  236. } MD_DATA;
  237. static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
  238. {
  239. if(!dev_crypto_init(&md_data->sess))
  240. return 0;
  241. md_data->len=0;
  242. md_data->data=NULL;
  243. md_data->sess.mac=mac;
  244. if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
  245. {
  246. err("CIOCGSESSION failed");
  247. return 0;
  248. }
  249. return 1;
  250. }
  251. static int dev_crypto_cleanup_digest(MD_DATA *md_data)
  252. {
  253. if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
  254. {
  255. err("CIOCFSESSION failed");
  256. return 0;
  257. }
  258. return 1;
  259. }
  260. /* FIXME: if device can do chained MACs, then don't accumulate */
  261. /* FIXME: move accumulation to the framework */
  262. static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
  263. { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
  264. static int do_digest(int ses,unsigned char *md,const void *data,int len)
  265. {
  266. struct crypt_op cryp;
  267. static unsigned char md5zero[16]=
  268. {
  269. 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
  270. 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
  271. };
  272. /* some cards can't do zero length */
  273. if(!len)
  274. {
  275. memcpy(md,md5zero,16);
  276. return 1;
  277. }
  278. memset(&cryp,'\0',sizeof cryp);
  279. cryp.ses=ses;
  280. cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
  281. cryp.len=len;
  282. cryp.src=(caddr_t)data;
  283. cryp.dst=(caddr_t)data; // FIXME!!!
  284. cryp.mac=(caddr_t)md;
  285. if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
  286. {
  287. if(errno == EINVAL) /* buffer is misaligned */
  288. {
  289. char *dcopy;
  290. dcopy=OPENSSL_malloc(len);
  291. memcpy(dcopy,data,len);
  292. cryp.src=dcopy;
  293. cryp.dst=cryp.src; // FIXME!!!
  294. if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
  295. {
  296. err("CIOCCRYPT(MAC2) failed");
  297. abort();
  298. return 0;
  299. }
  300. OPENSSL_free(dcopy);
  301. }
  302. else
  303. {
  304. err("CIOCCRYPT(MAC) failed");
  305. abort();
  306. return 0;
  307. }
  308. }
  309. // printf("done\n");
  310. return 1;
  311. }
  312. static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
  313. unsigned long len)
  314. {
  315. MD_DATA *md_data=ctx->md_data;
  316. if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
  317. return do_digest(md_data->sess.ses,md_data->md,data,len);
  318. md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
  319. memcpy(md_data->data+md_data->len,data,len);
  320. md_data->len+=len;
  321. return 1;
  322. }
  323. static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
  324. {
  325. int ret;
  326. MD_DATA *md_data=ctx->md_data;
  327. if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
  328. {
  329. memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
  330. ret=1;
  331. }
  332. else
  333. {
  334. ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
  335. OPENSSL_free(md_data->data);
  336. md_data->data=NULL;
  337. md_data->len=0;
  338. }
  339. return ret;
  340. }
  341. static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
  342. {
  343. const MD_DATA *from_md=from->md_data;
  344. MD_DATA *to_md=to->md_data;
  345. // How do we copy sessions?
  346. assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
  347. to_md->data=OPENSSL_malloc(from_md->len);
  348. memcpy(to_md->data,from_md->data,from_md->len);
  349. return 1;
  350. }
  351. static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
  352. {
  353. return dev_crypto_cleanup_digest(ctx->md_data);
  354. }
  355. static const EVP_MD md5_md=
  356. {
  357. NID_md5,
  358. NID_md5WithRSAEncryption,
  359. MD5_DIGEST_LENGTH,
  360. EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
  361. dev_crypto_md5_init,
  362. dev_crypto_md5_update,
  363. dev_crypto_md5_final,
  364. dev_crypto_md5_copy,
  365. dev_crypto_md5_cleanup,
  366. EVP_PKEY_RSA_method,
  367. MD5_CBLOCK,
  368. sizeof(MD_DATA),
  369. };
  370. const EVP_MD *EVP_dev_crypto_md5(void)
  371. { return &md5_md; }
  372. #endif
  373. #endif