1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 #include <sys/param.h> 31 #include <sys/systm.h> 32 #include <sys/malloc.h> 33 34 #include <opencrypto/xform.h> 35 36 #include "glxsb.h" 37 38 /* 39 * Implementation notes. 40 * 41 * The Geode LX Security Block provides AES-128-CBC acceleration. 42 * We implement all HMAC algorithms provided by crypto(9) framework so glxsb can work 43 * with ipsec(4) 44 * 45 * This code was stolen from crypto/via/padlock_hash.c 46 */ 47 48 MALLOC_DECLARE(M_GLXSB); 49 50 static void 51 glxsb_hash_key_setup(struct glxsb_session *ses, const char *key, int klen) 52 { 53 const struct auth_hash *axf; 54 55 axf = ses->ses_axf; 56 hmac_init_ipad(axf, key, klen, ses->ses_ictx); 57 hmac_init_opad(axf, key, klen, ses->ses_octx); 58 } 59 60 /* 61 * Compute keyed-hash authenticator. 62 */ 63 static int 64 glxsb_authcompute(struct glxsb_session *ses, struct cryptop *crp) 65 { 66 u_char hash[HASH_MAX_LEN]; 67 const struct auth_hash *axf; 68 union authctx ctx; 69 int error; 70 71 axf = ses->ses_axf; 72 bcopy(ses->ses_ictx, &ctx, axf->ctxsize); 73 error = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, 74 axf->Update, &ctx); 75 if (error != 0) 76 return (error); 77 error = crypto_apply(crp, crp->crp_payload_start, 78 crp->crp_payload_length, axf->Update, &ctx); 79 if (error != 0) 80 return (error); 81 82 axf->Final(hash, &ctx); 83 84 bcopy(ses->ses_octx, &ctx, axf->ctxsize); 85 axf->Update(&ctx, hash, axf->hashsize); 86 axf->Final(hash, &ctx); 87 explicit_bzero(&ctx, sizeof(ctx)); 88 89 /* Verify or inject the authentication data */ 90 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 91 u_char hash2[HASH_MAX_LEN]; 92 93 crypto_copydata(crp, crp->crp_digest_start, ses->ses_mlen, 94 hash2); 95 if (timingsafe_bcmp(hash, hash2, ses->ses_mlen) != 0) 96 error = EBADMSG; 97 explicit_bzero(hash2, sizeof(hash2)); 98 } else 99 crypto_copyback(crp, crp->crp_digest_start, ses->ses_mlen, 100 hash); 101 explicit_bzero(hash, sizeof(hash)); 102 return (error); 103 } 104 105 int 106 glxsb_hash_setup(struct glxsb_session *ses, 107 const struct crypto_session_params *csp) 108 { 109 110 ses->ses_axf = crypto_auth_hash(csp); 111 if (csp->csp_auth_mlen == 0) 112 ses->ses_mlen = ses->ses_axf->hashsize; 113 else 114 ses->ses_mlen = csp->csp_auth_mlen; 115 116 /* Allocate memory for HMAC inner and outer contexts. */ 117 ses->ses_ictx = malloc(ses->ses_axf->ctxsize, M_GLXSB, 118 M_ZERO | M_NOWAIT); 119 ses->ses_octx = malloc(ses->ses_axf->ctxsize, M_GLXSB, 120 M_ZERO | M_NOWAIT); 121 if (ses->ses_ictx == NULL || ses->ses_octx == NULL) 122 return (ENOMEM); 123 124 /* Setup key if given. */ 125 if (csp->csp_auth_key != NULL) { 126 glxsb_hash_key_setup(ses, csp->csp_auth_key, 127 csp->csp_auth_klen); 128 } 129 return (0); 130 } 131 132 int 133 glxsb_hash_process(struct glxsb_session *ses, 134 const struct crypto_session_params *csp, struct cryptop *crp) 135 { 136 int error; 137 138 if (crp->crp_auth_key != NULL) 139 glxsb_hash_key_setup(ses, crp->crp_auth_key, 140 csp->csp_auth_klen); 141 142 error = glxsb_authcompute(ses, crp); 143 return (error); 144 } 145 146 void 147 glxsb_hash_free(struct glxsb_session *ses) 148 { 149 150 if (ses->ses_ictx != NULL) { 151 zfree(ses->ses_ictx, M_GLXSB); 152 ses->ses_ictx = NULL; 153 } 154 if (ses->ses_octx != NULL) { 155 zfree(ses->ses_octx, M_GLXSB); 156 ses->ses_octx = NULL; 157 } 158 } 159