1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/malloc.h> 35 36 #include <opencrypto/xform.h> 37 38 #include "glxsb.h" 39 40 /* 41 * Implementation notes. 42 * 43 * The Geode LX Security Block provides AES-128-CBC acceleration. 44 * We implement all HMAC algorithms provided by crypto(9) framework so glxsb can work 45 * with ipsec(4) 46 * 47 * This code was stolen from crypto/via/padlock_hash.c 48 */ 49 50 MALLOC_DECLARE(M_GLXSB); 51 52 static void 53 glxsb_hash_key_setup(struct glxsb_session *ses, const char *key, int klen) 54 { 55 const struct auth_hash *axf; 56 57 axf = ses->ses_axf; 58 hmac_init_ipad(axf, key, klen, ses->ses_ictx); 59 hmac_init_opad(axf, key, klen, ses->ses_octx); 60 } 61 62 /* 63 * Compute keyed-hash authenticator. 64 */ 65 static int 66 glxsb_authcompute(struct glxsb_session *ses, struct cryptop *crp) 67 { 68 u_char hash[HASH_MAX_LEN]; 69 const struct auth_hash *axf; 70 union authctx ctx; 71 int error; 72 73 axf = ses->ses_axf; 74 bcopy(ses->ses_ictx, &ctx, axf->ctxsize); 75 error = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, 76 axf->Update, &ctx); 77 if (error != 0) 78 return (error); 79 error = crypto_apply(crp, crp->crp_payload_start, 80 crp->crp_payload_length, axf->Update, &ctx); 81 if (error != 0) 82 return (error); 83 84 axf->Final(hash, &ctx); 85 86 bcopy(ses->ses_octx, &ctx, axf->ctxsize); 87 axf->Update(&ctx, hash, axf->hashsize); 88 axf->Final(hash, &ctx); 89 explicit_bzero(&ctx, sizeof(ctx)); 90 91 /* Verify or inject the authentication data */ 92 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 93 u_char hash2[HASH_MAX_LEN]; 94 95 crypto_copydata(crp, crp->crp_digest_start, ses->ses_mlen, 96 hash2); 97 if (timingsafe_bcmp(hash, hash2, ses->ses_mlen) != 0) 98 error = EBADMSG; 99 explicit_bzero(hash2, sizeof(hash2)); 100 } else 101 crypto_copyback(crp, crp->crp_digest_start, ses->ses_mlen, 102 hash); 103 explicit_bzero(hash, sizeof(hash)); 104 return (error); 105 } 106 107 int 108 glxsb_hash_setup(struct glxsb_session *ses, 109 const struct crypto_session_params *csp) 110 { 111 112 ses->ses_axf = crypto_auth_hash(csp); 113 if (csp->csp_auth_mlen == 0) 114 ses->ses_mlen = ses->ses_axf->hashsize; 115 else 116 ses->ses_mlen = csp->csp_auth_mlen; 117 118 /* Allocate memory for HMAC inner and outer contexts. */ 119 ses->ses_ictx = malloc(ses->ses_axf->ctxsize, M_GLXSB, 120 M_ZERO | M_NOWAIT); 121 ses->ses_octx = malloc(ses->ses_axf->ctxsize, M_GLXSB, 122 M_ZERO | M_NOWAIT); 123 if (ses->ses_ictx == NULL || ses->ses_octx == NULL) 124 return (ENOMEM); 125 126 /* Setup key if given. */ 127 if (csp->csp_auth_key != NULL) { 128 glxsb_hash_key_setup(ses, csp->csp_auth_key, 129 csp->csp_auth_klen); 130 } 131 return (0); 132 } 133 134 int 135 glxsb_hash_process(struct glxsb_session *ses, 136 const struct crypto_session_params *csp, struct cryptop *crp) 137 { 138 int error; 139 140 if (crp->crp_auth_key != NULL) 141 glxsb_hash_key_setup(ses, crp->crp_auth_key, 142 csp->csp_auth_klen); 143 144 error = glxsb_authcompute(ses, crp); 145 return (error); 146 } 147 148 void 149 glxsb_hash_free(struct glxsb_session *ses) 150 { 151 152 if (ses->ses_ictx != NULL) { 153 zfree(ses->ses_ictx, M_GLXSB); 154 ses->ses_ictx = NULL; 155 } 156 if (ses->ses_octx != NULL) { 157 zfree(ses->ses_octx, M_GLXSB); 158 ses->ses_octx = NULL; 159 } 160 } 161