1 /* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3 /*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. The name of the author may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * Effort sponsored in part by the Defense Advanced Research Projects 37 * Agency (DARPA) and Air Force Research Laboratory, Air Force 38 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 39 */ 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/sysctl.h> 51 #include <sys/file.h> 52 #include <sys/filedesc.h> 53 #include <sys/errno.h> 54 #include <sys/uio.h> 55 #include <sys/random.h> 56 #include <sys/conf.h> 57 #include <sys/kernel.h> 58 #include <sys/module.h> 59 #include <sys/fcntl.h> 60 #include <sys/bus.h> 61 #include <sys/user.h> 62 #include <sys/sdt.h> 63 64 #include <opencrypto/cryptodev.h> 65 #include <opencrypto/xform.h> 66 67 SDT_PROVIDER_DECLARE(opencrypto); 68 69 SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 70 71 #ifdef COMPAT_FREEBSD32 72 #include <sys/mount.h> 73 #include <compat/freebsd32/freebsd32.h> 74 75 struct session_op32 { 76 u_int32_t cipher; 77 u_int32_t mac; 78 u_int32_t keylen; 79 u_int32_t key; 80 int mackeylen; 81 u_int32_t mackey; 82 u_int32_t ses; 83 }; 84 85 struct session2_op32 { 86 u_int32_t cipher; 87 u_int32_t mac; 88 u_int32_t keylen; 89 u_int32_t key; 90 int mackeylen; 91 u_int32_t mackey; 92 u_int32_t ses; 93 int crid; 94 int pad[4]; 95 }; 96 97 struct crypt_op32 { 98 u_int32_t ses; 99 u_int16_t op; 100 u_int16_t flags; 101 u_int len; 102 u_int32_t src, dst; 103 u_int32_t mac; 104 u_int32_t iv; 105 }; 106 107 struct crparam32 { 108 u_int32_t crp_p; 109 u_int crp_nbits; 110 }; 111 112 struct crypt_kop32 { 113 u_int crk_op; 114 u_int crk_status; 115 u_short crk_iparams; 116 u_short crk_oparams; 117 u_int crk_crid; 118 struct crparam32 crk_param[CRK_MAXPARAM]; 119 }; 120 121 struct cryptotstat32 { 122 struct timespec32 acc; 123 struct timespec32 min; 124 struct timespec32 max; 125 u_int32_t count; 126 }; 127 128 struct cryptostats32 { 129 u_int32_t cs_ops; 130 u_int32_t cs_errs; 131 u_int32_t cs_kops; 132 u_int32_t cs_kerrs; 133 u_int32_t cs_intrs; 134 u_int32_t cs_rets; 135 u_int32_t cs_blocks; 136 u_int32_t cs_kblocks; 137 struct cryptotstat32 cs_invoke; 138 struct cryptotstat32 cs_done; 139 struct cryptotstat32 cs_cb; 140 struct cryptotstat32 cs_finis; 141 }; 142 143 #define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 144 #define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 145 #define CIOCKEY32 _IOWR('c', 104, struct crypt_kop32) 146 #define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 147 #define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32) 148 149 static void 150 session_op_from_32(const struct session_op32 *from, struct session_op *to) 151 { 152 153 CP(*from, *to, cipher); 154 CP(*from, *to, mac); 155 CP(*from, *to, keylen); 156 PTRIN_CP(*from, *to, key); 157 CP(*from, *to, mackeylen); 158 PTRIN_CP(*from, *to, mackey); 159 CP(*from, *to, ses); 160 } 161 162 static void 163 session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 164 { 165 166 session_op_from_32((const struct session_op32 *)from, 167 (struct session_op *)to); 168 CP(*from, *to, crid); 169 } 170 171 static void 172 session_op_to_32(const struct session_op *from, struct session_op32 *to) 173 { 174 175 CP(*from, *to, cipher); 176 CP(*from, *to, mac); 177 CP(*from, *to, keylen); 178 PTROUT_CP(*from, *to, key); 179 CP(*from, *to, mackeylen); 180 PTROUT_CP(*from, *to, mackey); 181 CP(*from, *to, ses); 182 } 183 184 static void 185 session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 186 { 187 188 session_op_to_32((const struct session_op *)from, 189 (struct session_op32 *)to); 190 CP(*from, *to, crid); 191 } 192 193 static void 194 crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 195 { 196 197 CP(*from, *to, ses); 198 CP(*from, *to, op); 199 CP(*from, *to, flags); 200 CP(*from, *to, len); 201 PTRIN_CP(*from, *to, src); 202 PTRIN_CP(*from, *to, dst); 203 PTRIN_CP(*from, *to, mac); 204 PTRIN_CP(*from, *to, iv); 205 } 206 207 static void 208 crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 209 { 210 211 CP(*from, *to, ses); 212 CP(*from, *to, op); 213 CP(*from, *to, flags); 214 CP(*from, *to, len); 215 PTROUT_CP(*from, *to, src); 216 PTROUT_CP(*from, *to, dst); 217 PTROUT_CP(*from, *to, mac); 218 PTROUT_CP(*from, *to, iv); 219 } 220 221 static void 222 crparam_from_32(const struct crparam32 *from, struct crparam *to) 223 { 224 225 PTRIN_CP(*from, *to, crp_p); 226 CP(*from, *to, crp_nbits); 227 } 228 229 static void 230 crparam_to_32(const struct crparam *from, struct crparam32 *to) 231 { 232 233 PTROUT_CP(*from, *to, crp_p); 234 CP(*from, *to, crp_nbits); 235 } 236 237 static void 238 crypt_kop_from_32(const struct crypt_kop32 *from, struct crypt_kop *to) 239 { 240 int i; 241 242 CP(*from, *to, crk_op); 243 CP(*from, *to, crk_status); 244 CP(*from, *to, crk_iparams); 245 CP(*from, *to, crk_oparams); 246 CP(*from, *to, crk_crid); 247 for (i = 0; i < CRK_MAXPARAM; i++) 248 crparam_from_32(&from->crk_param[i], &to->crk_param[i]); 249 } 250 251 static void 252 crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) 253 { 254 int i; 255 256 CP(*from, *to, crk_op); 257 CP(*from, *to, crk_status); 258 CP(*from, *to, crk_iparams); 259 CP(*from, *to, crk_oparams); 260 CP(*from, *to, crk_crid); 261 for (i = 0; i < CRK_MAXPARAM; i++) 262 crparam_to_32(&from->crk_param[i], &to->crk_param[i]); 263 } 264 #endif 265 266 struct csession { 267 TAILQ_ENTRY(csession) next; 268 crypto_session_t cses; 269 volatile u_int refs; 270 u_int32_t ses; 271 struct mtx lock; /* for op submission */ 272 273 u_int32_t cipher; 274 struct enc_xform *txform; 275 u_int32_t mac; 276 struct auth_hash *thash; 277 278 caddr_t key; 279 int keylen; 280 281 caddr_t mackey; 282 int mackeylen; 283 }; 284 285 struct cryptop_data { 286 struct csession *cse; 287 288 struct iovec iovec[1]; 289 struct uio uio; 290 bool done; 291 }; 292 293 struct fcrypt { 294 TAILQ_HEAD(csessionlist, csession) csessions; 295 int sesn; 296 struct mtx lock; 297 }; 298 299 static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; 300 SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW, 301 &warninterval, 302 "Delay in seconds between warnings of deprecated /dev/crypto algorithms"); 303 304 static int cryptof_ioctl(struct file *, u_long, void *, 305 struct ucred *, struct thread *); 306 static int cryptof_stat(struct file *, struct stat *, 307 struct ucred *, struct thread *); 308 static int cryptof_close(struct file *, struct thread *); 309 static int cryptof_fill_kinfo(struct file *, struct kinfo_file *, 310 struct filedesc *); 311 312 static struct fileops cryptofops = { 313 .fo_read = invfo_rdwr, 314 .fo_write = invfo_rdwr, 315 .fo_truncate = invfo_truncate, 316 .fo_ioctl = cryptof_ioctl, 317 .fo_poll = invfo_poll, 318 .fo_kqfilter = invfo_kqfilter, 319 .fo_stat = cryptof_stat, 320 .fo_close = cryptof_close, 321 .fo_chmod = invfo_chmod, 322 .fo_chown = invfo_chown, 323 .fo_sendfile = invfo_sendfile, 324 .fo_fill_kinfo = cryptof_fill_kinfo, 325 }; 326 327 static struct csession *csefind(struct fcrypt *, u_int); 328 static bool csedelete(struct fcrypt *, u_int); 329 static struct csession *csecreate(struct fcrypt *, crypto_session_t, caddr_t, 330 u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, 331 struct auth_hash *); 332 static void csefree(struct csession *); 333 334 static int cryptodev_op(struct csession *, struct crypt_op *, 335 struct ucred *, struct thread *td); 336 static int cryptodev_aead(struct csession *, struct crypt_aead *, 337 struct ucred *, struct thread *); 338 static int cryptodev_key(struct crypt_kop *); 339 static int cryptodev_find(struct crypt_find_op *); 340 341 /* 342 * Check a crypto identifier to see if it requested 343 * a software device/driver. This can be done either 344 * by device name/class or through search constraints. 345 */ 346 static int 347 checkforsoftware(int *cridp) 348 { 349 int crid; 350 351 crid = *cridp; 352 353 if (!crypto_devallowsoft) { 354 if (crid & CRYPTOCAP_F_SOFTWARE) { 355 if (crid & CRYPTOCAP_F_HARDWARE) { 356 *cridp = CRYPTOCAP_F_HARDWARE; 357 return 0; 358 } 359 return EINVAL; 360 } 361 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 362 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 363 return EINVAL; 364 } 365 return 0; 366 } 367 368 /* ARGSUSED */ 369 static int 370 cryptof_ioctl( 371 struct file *fp, 372 u_long cmd, 373 void *data, 374 struct ucred *active_cred, 375 struct thread *td) 376 { 377 #define SES2(p) ((struct session2_op *)p) 378 struct cryptoini cria, crie; 379 struct fcrypt *fcr = fp->f_data; 380 struct csession *cse; 381 struct session_op *sop; 382 struct crypt_op *cop; 383 struct crypt_aead *caead; 384 struct enc_xform *txform = NULL; 385 struct auth_hash *thash = NULL; 386 struct crypt_kop *kop; 387 crypto_session_t cses; 388 u_int32_t ses; 389 int error = 0, crid; 390 #ifdef COMPAT_FREEBSD32 391 struct session2_op sopc; 392 struct crypt_op copc; 393 struct crypt_kop kopc; 394 #endif 395 396 switch (cmd) { 397 case CIOCGSESSION: 398 case CIOCGSESSION2: 399 #ifdef COMPAT_FREEBSD32 400 case CIOCGSESSION32: 401 case CIOCGSESSION232: 402 if (cmd == CIOCGSESSION32) { 403 session_op_from_32(data, (struct session_op *)&sopc); 404 sop = (struct session_op *)&sopc; 405 } else if (cmd == CIOCGSESSION232) { 406 session2_op_from_32(data, &sopc); 407 sop = (struct session_op *)&sopc; 408 } else 409 #endif 410 sop = (struct session_op *)data; 411 switch (sop->cipher) { 412 case 0: 413 break; 414 case CRYPTO_DES_CBC: 415 txform = &enc_xform_des; 416 break; 417 case CRYPTO_3DES_CBC: 418 txform = &enc_xform_3des; 419 break; 420 case CRYPTO_BLF_CBC: 421 txform = &enc_xform_blf; 422 break; 423 case CRYPTO_CAST_CBC: 424 txform = &enc_xform_cast5; 425 break; 426 case CRYPTO_SKIPJACK_CBC: 427 txform = &enc_xform_skipjack; 428 break; 429 case CRYPTO_AES_CBC: 430 txform = &enc_xform_rijndael128; 431 break; 432 case CRYPTO_AES_XTS: 433 txform = &enc_xform_aes_xts; 434 break; 435 case CRYPTO_NULL_CBC: 436 txform = &enc_xform_null; 437 break; 438 case CRYPTO_ARC4: 439 txform = &enc_xform_arc4; 440 break; 441 case CRYPTO_CAMELLIA_CBC: 442 txform = &enc_xform_camellia; 443 break; 444 case CRYPTO_AES_ICM: 445 txform = &enc_xform_aes_icm; 446 break; 447 case CRYPTO_AES_NIST_GCM_16: 448 txform = &enc_xform_aes_nist_gcm; 449 break; 450 case CRYPTO_CHACHA20: 451 txform = &enc_xform_chacha20; 452 break; 453 case CRYPTO_AES_CCM_16: 454 txform = &enc_xform_ccm; 455 break; 456 457 default: 458 CRYPTDEB("invalid cipher"); 459 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 460 return (EINVAL); 461 } 462 463 switch (sop->mac) { 464 case 0: 465 break; 466 case CRYPTO_MD5_HMAC: 467 thash = &auth_hash_hmac_md5; 468 break; 469 case CRYPTO_POLY1305: 470 thash = &auth_hash_poly1305; 471 break; 472 case CRYPTO_SHA1_HMAC: 473 thash = &auth_hash_hmac_sha1; 474 break; 475 case CRYPTO_SHA2_224_HMAC: 476 thash = &auth_hash_hmac_sha2_224; 477 break; 478 case CRYPTO_SHA2_256_HMAC: 479 thash = &auth_hash_hmac_sha2_256; 480 break; 481 case CRYPTO_SHA2_384_HMAC: 482 thash = &auth_hash_hmac_sha2_384; 483 break; 484 case CRYPTO_SHA2_512_HMAC: 485 thash = &auth_hash_hmac_sha2_512; 486 break; 487 case CRYPTO_RIPEMD160_HMAC: 488 thash = &auth_hash_hmac_ripemd_160; 489 break; 490 case CRYPTO_AES_128_NIST_GMAC: 491 thash = &auth_hash_nist_gmac_aes_128; 492 break; 493 case CRYPTO_AES_192_NIST_GMAC: 494 thash = &auth_hash_nist_gmac_aes_192; 495 break; 496 case CRYPTO_AES_256_NIST_GMAC: 497 thash = &auth_hash_nist_gmac_aes_256; 498 break; 499 500 case CRYPTO_AES_CCM_CBC_MAC: 501 switch (sop->keylen) { 502 case 16: 503 thash = &auth_hash_ccm_cbc_mac_128; 504 break; 505 case 24: 506 thash = &auth_hash_ccm_cbc_mac_192; 507 break; 508 case 32: 509 thash = &auth_hash_ccm_cbc_mac_256; 510 break; 511 default: 512 CRYPTDEB("Invalid CBC MAC key size %d", 513 sop->keylen); 514 SDT_PROBE1(opencrypto, dev, ioctl, 515 error, __LINE__); 516 return (EINVAL); 517 } 518 break; 519 #ifdef notdef 520 case CRYPTO_MD5: 521 thash = &auth_hash_md5; 522 break; 523 #endif 524 case CRYPTO_SHA1: 525 thash = &auth_hash_sha1; 526 break; 527 case CRYPTO_SHA2_224: 528 thash = &auth_hash_sha2_224; 529 break; 530 case CRYPTO_SHA2_256: 531 thash = &auth_hash_sha2_256; 532 break; 533 case CRYPTO_SHA2_384: 534 thash = &auth_hash_sha2_384; 535 break; 536 case CRYPTO_SHA2_512: 537 thash = &auth_hash_sha2_512; 538 break; 539 540 case CRYPTO_NULL_HMAC: 541 thash = &auth_hash_null; 542 break; 543 544 case CRYPTO_BLAKE2B: 545 thash = &auth_hash_blake2b; 546 break; 547 case CRYPTO_BLAKE2S: 548 thash = &auth_hash_blake2s; 549 break; 550 551 default: 552 CRYPTDEB("invalid mac"); 553 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 554 return (EINVAL); 555 } 556 557 bzero(&crie, sizeof(crie)); 558 bzero(&cria, sizeof(cria)); 559 560 if (txform) { 561 crie.cri_alg = txform->type; 562 crie.cri_klen = sop->keylen * 8; 563 if (sop->keylen > txform->maxkey || 564 sop->keylen < txform->minkey) { 565 CRYPTDEB("invalid cipher parameters"); 566 error = EINVAL; 567 SDT_PROBE1(opencrypto, dev, ioctl, error, 568 __LINE__); 569 goto bail; 570 } 571 572 crie.cri_key = malloc(crie.cri_klen / 8, 573 M_XDATA, M_WAITOK); 574 if ((error = copyin(sop->key, crie.cri_key, 575 crie.cri_klen / 8))) { 576 CRYPTDEB("invalid key"); 577 SDT_PROBE1(opencrypto, dev, ioctl, error, 578 __LINE__); 579 goto bail; 580 } 581 if (thash) 582 crie.cri_next = &cria; 583 } 584 585 if (thash) { 586 cria.cri_alg = thash->type; 587 cria.cri_klen = sop->mackeylen * 8; 588 if (sop->mackeylen > thash->keysize || 589 sop->mackeylen < 0) { 590 CRYPTDEB("invalid mac key length"); 591 error = EINVAL; 592 SDT_PROBE1(opencrypto, dev, ioctl, error, 593 __LINE__); 594 goto bail; 595 } 596 597 if (cria.cri_klen) { 598 cria.cri_key = malloc(cria.cri_klen / 8, 599 M_XDATA, M_WAITOK); 600 if ((error = copyin(sop->mackey, cria.cri_key, 601 cria.cri_klen / 8))) { 602 CRYPTDEB("invalid mac key"); 603 SDT_PROBE1(opencrypto, dev, ioctl, 604 error, __LINE__); 605 goto bail; 606 } 607 } 608 } 609 610 /* NB: CIOCGSESSION2 has the crid */ 611 if (cmd == CIOCGSESSION2 612 #ifdef COMPAT_FREEBSD32 613 || cmd == CIOCGSESSION232 614 #endif 615 ) { 616 crid = SES2(sop)->crid; 617 error = checkforsoftware(&crid); 618 if (error) { 619 CRYPTDEB("checkforsoftware"); 620 SDT_PROBE1(opencrypto, dev, ioctl, error, 621 __LINE__); 622 goto bail; 623 } 624 } else 625 crid = CRYPTOCAP_F_HARDWARE; 626 error = crypto_newsession(&cses, (txform ? &crie : &cria), crid); 627 if (error) { 628 CRYPTDEB("crypto_newsession"); 629 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 630 goto bail; 631 } 632 633 cse = csecreate(fcr, cses, crie.cri_key, crie.cri_klen, 634 cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, 635 thash); 636 637 if (cse == NULL) { 638 crypto_freesession(cses); 639 error = EINVAL; 640 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 641 CRYPTDEB("csecreate"); 642 goto bail; 643 } 644 sop->ses = cse->ses; 645 if (cmd == CIOCGSESSION2 646 #ifdef COMPAT_FREEBSD32 647 || cmd == CIOCGSESSION232 648 #endif 649 ) { 650 /* return hardware/driver id */ 651 SES2(sop)->crid = crypto_ses2hid(cse->cses); 652 } 653 bail: 654 if (error) { 655 if (crie.cri_key) 656 free(crie.cri_key, M_XDATA); 657 if (cria.cri_key) 658 free(cria.cri_key, M_XDATA); 659 } 660 #ifdef COMPAT_FREEBSD32 661 else { 662 if (cmd == CIOCGSESSION32) 663 session_op_to_32(sop, data); 664 else if (cmd == CIOCGSESSION232) 665 session2_op_to_32((struct session2_op *)sop, 666 data); 667 } 668 #endif 669 break; 670 case CIOCFSESSION: 671 ses = *(u_int32_t *)data; 672 if (!csedelete(fcr, ses)) { 673 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 674 return (EINVAL); 675 } 676 break; 677 case CIOCCRYPT: 678 #ifdef COMPAT_FREEBSD32 679 case CIOCCRYPT32: 680 if (cmd == CIOCCRYPT32) { 681 cop = &copc; 682 crypt_op_from_32(data, cop); 683 } else 684 #endif 685 cop = (struct crypt_op *)data; 686 cse = csefind(fcr, cop->ses); 687 if (cse == NULL) { 688 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 689 return (EINVAL); 690 } 691 error = cryptodev_op(cse, cop, active_cred, td); 692 csefree(cse); 693 #ifdef COMPAT_FREEBSD32 694 if (error == 0 && cmd == CIOCCRYPT32) 695 crypt_op_to_32(cop, data); 696 #endif 697 break; 698 case CIOCKEY: 699 case CIOCKEY2: 700 #ifdef COMPAT_FREEBSD32 701 case CIOCKEY32: 702 case CIOCKEY232: 703 #endif 704 if (!crypto_userasymcrypto) { 705 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 706 return (EPERM); /* XXX compat? */ 707 } 708 #ifdef COMPAT_FREEBSD32 709 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { 710 kop = &kopc; 711 crypt_kop_from_32(data, kop); 712 } else 713 #endif 714 kop = (struct crypt_kop *)data; 715 if (cmd == CIOCKEY 716 #ifdef COMPAT_FREEBSD32 717 || cmd == CIOCKEY32 718 #endif 719 ) { 720 /* NB: crypto core enforces s/w driver use */ 721 kop->crk_crid = 722 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; 723 } 724 mtx_lock(&Giant); 725 error = cryptodev_key(kop); 726 mtx_unlock(&Giant); 727 #ifdef COMPAT_FREEBSD32 728 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) 729 crypt_kop_to_32(kop, data); 730 #endif 731 break; 732 case CIOCASYMFEAT: 733 if (!crypto_userasymcrypto) { 734 /* 735 * NB: if user asym crypto operations are 736 * not permitted return "no algorithms" 737 * so well-behaved applications will just 738 * fallback to doing them in software. 739 */ 740 *(int *)data = 0; 741 } else { 742 error = crypto_getfeat((int *)data); 743 if (error) 744 SDT_PROBE1(opencrypto, dev, ioctl, error, 745 __LINE__); 746 } 747 break; 748 case CIOCFINDDEV: 749 error = cryptodev_find((struct crypt_find_op *)data); 750 break; 751 case CIOCCRYPTAEAD: 752 caead = (struct crypt_aead *)data; 753 cse = csefind(fcr, caead->ses); 754 if (cse == NULL) { 755 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 756 return (EINVAL); 757 } 758 error = cryptodev_aead(cse, caead, active_cred, td); 759 csefree(cse); 760 break; 761 default: 762 error = EINVAL; 763 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 764 break; 765 } 766 return (error); 767 #undef SES2 768 } 769 770 static int cryptodev_cb(struct cryptop *); 771 772 static struct cryptop_data * 773 cod_alloc(struct csession *cse, size_t len, struct thread *td) 774 { 775 struct cryptop_data *cod; 776 struct uio *uio; 777 778 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 779 780 cod->cse = cse; 781 uio = &cod->uio; 782 uio->uio_iov = cod->iovec; 783 uio->uio_iovcnt = 1; 784 uio->uio_resid = len; 785 uio->uio_segflg = UIO_SYSSPACE; 786 uio->uio_rw = UIO_WRITE; 787 uio->uio_td = td; 788 uio->uio_iov[0].iov_len = len; 789 uio->uio_iov[0].iov_base = malloc(len, M_XDATA, M_WAITOK); 790 return (cod); 791 } 792 793 static void 794 cod_free(struct cryptop_data *cod) 795 { 796 797 free(cod->uio.uio_iov[0].iov_base, M_XDATA); 798 free(cod, M_XDATA); 799 } 800 801 static void 802 cryptodev_warn(struct csession *cse) 803 { 804 static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn; 805 static struct timeval skipwarn, tdeswarn; 806 807 switch (cse->cipher) { 808 case CRYPTO_DES_CBC: 809 if (ratecheck(&deswarn, &warninterval)) 810 gone_in(13, "DES cipher via /dev/crypto"); 811 break; 812 case CRYPTO_3DES_CBC: 813 if (ratecheck(&tdeswarn, &warninterval)) 814 gone_in(13, "3DES cipher via /dev/crypto"); 815 break; 816 case CRYPTO_BLF_CBC: 817 if (ratecheck(&blfwarn, &warninterval)) 818 gone_in(13, "Blowfish cipher via /dev/crypto"); 819 break; 820 case CRYPTO_CAST_CBC: 821 if (ratecheck(&castwarn, &warninterval)) 822 gone_in(13, "CAST128 cipher via /dev/crypto"); 823 break; 824 case CRYPTO_SKIPJACK_CBC: 825 if (ratecheck(&skipwarn, &warninterval)) 826 gone_in(13, "Skipjack cipher via /dev/crypto"); 827 break; 828 case CRYPTO_ARC4: 829 if (ratecheck(&arc4warn, &warninterval)) 830 gone_in(13, "ARC4 cipher via /dev/crypto"); 831 break; 832 } 833 834 switch (cse->mac) { 835 case CRYPTO_MD5_HMAC: 836 if (ratecheck(&md5warn, &warninterval)) 837 gone_in(13, "MD5-HMAC authenticator via /dev/crypto"); 838 break; 839 } 840 } 841 842 static int 843 cryptodev_op( 844 struct csession *cse, 845 struct crypt_op *cop, 846 struct ucred *active_cred, 847 struct thread *td) 848 { 849 struct cryptop_data *cod = NULL; 850 struct cryptop *crp = NULL; 851 struct cryptodesc *crde = NULL, *crda = NULL; 852 int error; 853 854 if (cop->len > 256*1024-4) { 855 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 856 return (E2BIG); 857 } 858 859 if (cse->txform) { 860 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { 861 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 862 return (EINVAL); 863 } 864 } 865 866 if (cse->thash) 867 cod = cod_alloc(cse, cop->len + cse->thash->hashsize, td); 868 else 869 cod = cod_alloc(cse, cop->len, td); 870 871 crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); 872 if (crp == NULL) { 873 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 874 error = ENOMEM; 875 goto bail; 876 } 877 878 if (cse->thash && cse->txform) { 879 if (cop->flags & COP_F_CIPHER_FIRST) { 880 crde = crp->crp_desc; 881 crda = crde->crd_next; 882 } else { 883 crda = crp->crp_desc; 884 crde = crda->crd_next; 885 } 886 } else if (cse->thash) { 887 crda = crp->crp_desc; 888 } else if (cse->txform) { 889 crde = crp->crp_desc; 890 } else { 891 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 892 error = EINVAL; 893 goto bail; 894 } 895 896 if ((error = copyin(cop->src, cod->uio.uio_iov[0].iov_base, 897 cop->len))) { 898 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 899 goto bail; 900 } 901 902 if (crda) { 903 crda->crd_skip = 0; 904 crda->crd_len = cop->len; 905 crda->crd_inject = cop->len; 906 907 crda->crd_alg = cse->mac; 908 crda->crd_key = cse->mackey; 909 crda->crd_klen = cse->mackeylen * 8; 910 } 911 912 if (crde) { 913 if (cop->op == COP_ENCRYPT) 914 crde->crd_flags |= CRD_F_ENCRYPT; 915 else 916 crde->crd_flags &= ~CRD_F_ENCRYPT; 917 crde->crd_len = cop->len; 918 crde->crd_inject = 0; 919 920 crde->crd_alg = cse->cipher; 921 crde->crd_key = cse->key; 922 crde->crd_klen = cse->keylen * 8; 923 } 924 925 crp->crp_ilen = cop->len; 926 crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 927 | (cop->flags & COP_F_BATCH); 928 crp->crp_uio = &cod->uio; 929 crp->crp_callback = cryptodev_cb; 930 crp->crp_session = cse->cses; 931 crp->crp_opaque = cod; 932 933 if (cop->iv) { 934 if (crde == NULL) { 935 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 936 error = EINVAL; 937 goto bail; 938 } 939 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 940 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 941 error = EINVAL; 942 goto bail; 943 } 944 if ((error = copyin(cop->iv, crde->crd_iv, 945 cse->txform->ivsize))) { 946 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 947 goto bail; 948 } 949 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 950 crde->crd_skip = 0; 951 } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 952 crde->crd_skip = 0; 953 } else if (crde) { 954 crde->crd_flags |= CRD_F_IV_PRESENT; 955 crde->crd_skip = cse->txform->ivsize; 956 crde->crd_len -= cse->txform->ivsize; 957 } 958 959 if (cop->mac && crda == NULL) { 960 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 961 error = EINVAL; 962 goto bail; 963 } 964 cryptodev_warn(cse); 965 966 again: 967 /* 968 * Let the dispatch run unlocked, then, interlock against the 969 * callback before checking if the operation completed and going 970 * to sleep. This insures drivers don't inherit our lock which 971 * results in a lock order reversal between crypto_dispatch forced 972 * entry and the crypto_done callback into us. 973 */ 974 error = crypto_dispatch(crp); 975 if (error != 0) { 976 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 977 goto bail; 978 } 979 980 mtx_lock(&cse->lock); 981 while (!cod->done) 982 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 983 mtx_unlock(&cse->lock); 984 985 if (crp->crp_etype == EAGAIN) { 986 crp->crp_etype = 0; 987 crp->crp_flags &= ~CRYPTO_F_DONE; 988 cod->done = false; 989 goto again; 990 } 991 992 if (crp->crp_etype != 0) { 993 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 994 error = crp->crp_etype; 995 goto bail; 996 } 997 998 if (cop->dst && 999 (error = copyout(cod->uio.uio_iov[0].iov_base, cop->dst, 1000 cop->len))) { 1001 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1002 goto bail; 1003 } 1004 1005 if (cop->mac && 1006 (error = copyout((caddr_t)cod->uio.uio_iov[0].iov_base + cop->len, 1007 cop->mac, cse->thash->hashsize))) { 1008 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1009 goto bail; 1010 } 1011 1012 bail: 1013 if (crp) 1014 crypto_freereq(crp); 1015 if (cod) 1016 cod_free(cod); 1017 1018 return (error); 1019 } 1020 1021 static int 1022 cryptodev_aead( 1023 struct csession *cse, 1024 struct crypt_aead *caead, 1025 struct ucred *active_cred, 1026 struct thread *td) 1027 { 1028 struct cryptop_data *cod = NULL; 1029 struct cryptop *crp = NULL; 1030 struct cryptodesc *crde = NULL, *crda = NULL; 1031 int error; 1032 1033 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 1034 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1035 return (E2BIG); 1036 } 1037 1038 if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL || 1039 (caead->len % cse->txform->blocksize) != 0) { 1040 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1041 return (EINVAL); 1042 } 1043 1044 cod = cod_alloc(cse, caead->aadlen + caead->len + cse->thash->hashsize, 1045 td); 1046 1047 crp = crypto_getreq(2); 1048 if (crp == NULL) { 1049 error = ENOMEM; 1050 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1051 goto bail; 1052 } 1053 1054 if (caead->flags & COP_F_CIPHER_FIRST) { 1055 crde = crp->crp_desc; 1056 crda = crde->crd_next; 1057 } else { 1058 crda = crp->crp_desc; 1059 crde = crda->crd_next; 1060 } 1061 1062 if ((error = copyin(caead->aad, cod->uio.uio_iov[0].iov_base, 1063 caead->aadlen))) { 1064 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1065 goto bail; 1066 } 1067 1068 if ((error = copyin(caead->src, (char *)cod->uio.uio_iov[0].iov_base + 1069 caead->aadlen, caead->len))) { 1070 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1071 goto bail; 1072 } 1073 1074 /* 1075 * For GCM/CCM, crd_len covers only the AAD. For other ciphers 1076 * chained with an HMAC, crd_len covers both the AAD and the 1077 * cipher text. 1078 */ 1079 crda->crd_skip = 0; 1080 if (cse->cipher == CRYPTO_AES_NIST_GCM_16 || 1081 cse->cipher == CRYPTO_AES_CCM_16) 1082 crda->crd_len = caead->aadlen; 1083 else 1084 crda->crd_len = caead->aadlen + caead->len; 1085 crda->crd_inject = caead->aadlen + caead->len; 1086 1087 crda->crd_alg = cse->mac; 1088 crda->crd_key = cse->mackey; 1089 crda->crd_klen = cse->mackeylen * 8; 1090 1091 if (caead->op == COP_ENCRYPT) 1092 crde->crd_flags |= CRD_F_ENCRYPT; 1093 else 1094 crde->crd_flags &= ~CRD_F_ENCRYPT; 1095 crde->crd_skip = caead->aadlen; 1096 crde->crd_len = caead->len; 1097 crde->crd_inject = caead->aadlen; 1098 1099 crde->crd_alg = cse->cipher; 1100 crde->crd_key = cse->key; 1101 crde->crd_klen = cse->keylen * 8; 1102 1103 crp->crp_ilen = caead->aadlen + caead->len; 1104 crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 1105 | (caead->flags & COP_F_BATCH); 1106 crp->crp_uio = &cod->uio; 1107 crp->crp_callback = cryptodev_cb; 1108 crp->crp_session = cse->cses; 1109 crp->crp_opaque = cod; 1110 1111 if (caead->iv) { 1112 if (caead->ivlen > sizeof(crde->crd_iv)) { 1113 error = EINVAL; 1114 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1115 goto bail; 1116 } 1117 1118 if ((error = copyin(caead->iv, crde->crd_iv, caead->ivlen))) { 1119 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1120 goto bail; 1121 } 1122 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 1123 } else { 1124 crde->crd_flags |= CRD_F_IV_PRESENT; 1125 crde->crd_skip += cse->txform->ivsize; 1126 crde->crd_len -= cse->txform->ivsize; 1127 } 1128 1129 if ((error = copyin(caead->tag, (caddr_t)cod->uio.uio_iov[0].iov_base + 1130 caead->len + caead->aadlen, cse->thash->hashsize))) { 1131 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1132 goto bail; 1133 } 1134 cryptodev_warn(cse); 1135 again: 1136 /* 1137 * Let the dispatch run unlocked, then, interlock against the 1138 * callback before checking if the operation completed and going 1139 * to sleep. This insures drivers don't inherit our lock which 1140 * results in a lock order reversal between crypto_dispatch forced 1141 * entry and the crypto_done callback into us. 1142 */ 1143 error = crypto_dispatch(crp); 1144 if (error != 0) { 1145 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1146 goto bail; 1147 } 1148 1149 mtx_lock(&cse->lock); 1150 while (!cod->done) 1151 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1152 mtx_unlock(&cse->lock); 1153 1154 if (crp->crp_etype == EAGAIN) { 1155 crp->crp_etype = 0; 1156 crp->crp_flags &= ~CRYPTO_F_DONE; 1157 cod->done = false; 1158 goto again; 1159 } 1160 1161 if (crp->crp_etype != 0) { 1162 error = crp->crp_etype; 1163 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1164 goto bail; 1165 } 1166 1167 if (caead->dst && (error = copyout( 1168 (caddr_t)cod->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst, 1169 caead->len))) { 1170 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1171 goto bail; 1172 } 1173 1174 if ((error = copyout((caddr_t)cod->uio.uio_iov[0].iov_base + 1175 caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) { 1176 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1177 goto bail; 1178 } 1179 1180 bail: 1181 crypto_freereq(crp); 1182 if (cod) 1183 cod_free(cod); 1184 1185 return (error); 1186 } 1187 1188 static int 1189 cryptodev_cb(struct cryptop *crp) 1190 { 1191 struct cryptop_data *cod = crp->crp_opaque; 1192 1193 /* 1194 * Lock to ensure the wakeup() is not missed by the loops 1195 * waiting on cod->done in cryptodev_op() and 1196 * cryptodev_aead(). 1197 */ 1198 mtx_lock(&cod->cse->lock); 1199 cod->done = true; 1200 mtx_unlock(&cod->cse->lock); 1201 wakeup(cod); 1202 return (0); 1203 } 1204 1205 static int 1206 cryptodevkey_cb(void *op) 1207 { 1208 struct cryptkop *krp = (struct cryptkop *) op; 1209 1210 wakeup_one(krp); 1211 return (0); 1212 } 1213 1214 static int 1215 cryptodev_key(struct crypt_kop *kop) 1216 { 1217 struct cryptkop *krp = NULL; 1218 int error = EINVAL; 1219 int in, out, size, i; 1220 1221 if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 1222 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1223 return (EFBIG); 1224 } 1225 1226 in = kop->crk_iparams; 1227 out = kop->crk_oparams; 1228 switch (kop->crk_op) { 1229 case CRK_MOD_EXP: 1230 if (in == 3 && out == 1) 1231 break; 1232 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1233 return (EINVAL); 1234 case CRK_MOD_EXP_CRT: 1235 if (in == 6 && out == 1) 1236 break; 1237 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1238 return (EINVAL); 1239 case CRK_DSA_SIGN: 1240 if (in == 5 && out == 2) 1241 break; 1242 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1243 return (EINVAL); 1244 case CRK_DSA_VERIFY: 1245 if (in == 7 && out == 0) 1246 break; 1247 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1248 return (EINVAL); 1249 case CRK_DH_COMPUTE_KEY: 1250 if (in == 3 && out == 1) 1251 break; 1252 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1253 return (EINVAL); 1254 default: 1255 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1256 return (EINVAL); 1257 } 1258 1259 krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); 1260 if (!krp) { 1261 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1262 return (ENOMEM); 1263 } 1264 krp->krp_op = kop->crk_op; 1265 krp->krp_status = kop->crk_status; 1266 krp->krp_iparams = kop->crk_iparams; 1267 krp->krp_oparams = kop->crk_oparams; 1268 krp->krp_crid = kop->crk_crid; 1269 krp->krp_status = 0; 1270 krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; 1271 1272 for (i = 0; i < CRK_MAXPARAM; i++) { 1273 if (kop->crk_param[i].crp_nbits > 65536) { 1274 /* Limit is the same as in OpenBSD */ 1275 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1276 goto fail; 1277 } 1278 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 1279 } 1280 for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 1281 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1282 if (size == 0) 1283 continue; 1284 krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); 1285 if (i >= krp->krp_iparams) 1286 continue; 1287 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 1288 if (error) { 1289 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1290 goto fail; 1291 } 1292 } 1293 1294 error = crypto_kdispatch(krp); 1295 if (error) { 1296 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1297 goto fail; 1298 } 1299 error = tsleep(krp, PSOCK, "crydev", 0); 1300 if (error) { 1301 /* XXX can this happen? if so, how do we recover? */ 1302 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1303 goto fail; 1304 } 1305 1306 kop->crk_crid = krp->krp_crid; /* device that did the work */ 1307 if (krp->krp_status != 0) { 1308 error = krp->krp_status; 1309 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1310 goto fail; 1311 } 1312 1313 for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 1314 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1315 if (size == 0) 1316 continue; 1317 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 1318 if (error) { 1319 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1320 goto fail; 1321 } 1322 } 1323 1324 fail: 1325 if (krp) { 1326 kop->crk_status = krp->krp_status; 1327 for (i = 0; i < CRK_MAXPARAM; i++) { 1328 if (krp->krp_param[i].crp_p) 1329 free(krp->krp_param[i].crp_p, M_XDATA); 1330 } 1331 free(krp, M_XDATA); 1332 } 1333 return (error); 1334 } 1335 1336 static int 1337 cryptodev_find(struct crypt_find_op *find) 1338 { 1339 device_t dev; 1340 size_t fnlen = sizeof find->name; 1341 1342 if (find->crid != -1) { 1343 dev = crypto_find_device_byhid(find->crid); 1344 if (dev == NULL) 1345 return (ENOENT); 1346 strncpy(find->name, device_get_nameunit(dev), fnlen); 1347 find->name[fnlen - 1] = '\x0'; 1348 } else { 1349 find->name[fnlen - 1] = '\x0'; 1350 find->crid = crypto_find_driver(find->name); 1351 if (find->crid == -1) 1352 return (ENOENT); 1353 } 1354 return (0); 1355 } 1356 1357 /* ARGSUSED */ 1358 static int 1359 cryptof_stat( 1360 struct file *fp, 1361 struct stat *sb, 1362 struct ucred *active_cred, 1363 struct thread *td) 1364 { 1365 1366 return (EOPNOTSUPP); 1367 } 1368 1369 /* ARGSUSED */ 1370 static int 1371 cryptof_close(struct file *fp, struct thread *td) 1372 { 1373 struct fcrypt *fcr = fp->f_data; 1374 struct csession *cse; 1375 1376 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1377 TAILQ_REMOVE(&fcr->csessions, cse, next); 1378 KASSERT(cse->refs == 1, 1379 ("%s: crypto session %p with %d refs", __func__, cse, 1380 cse->refs)); 1381 csefree(cse); 1382 } 1383 free(fcr, M_XDATA); 1384 fp->f_data = NULL; 1385 return 0; 1386 } 1387 1388 static int 1389 cryptof_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) 1390 { 1391 1392 kif->kf_type = KF_TYPE_CRYPTO; 1393 return (0); 1394 } 1395 1396 static struct csession * 1397 csefind(struct fcrypt *fcr, u_int ses) 1398 { 1399 struct csession *cse; 1400 1401 mtx_lock(&fcr->lock); 1402 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1403 if (cse->ses == ses) { 1404 refcount_acquire(&cse->refs); 1405 mtx_unlock(&fcr->lock); 1406 return (cse); 1407 } 1408 } 1409 mtx_unlock(&fcr->lock); 1410 return (NULL); 1411 } 1412 1413 static bool 1414 csedelete(struct fcrypt *fcr, u_int ses) 1415 { 1416 struct csession *cse; 1417 1418 mtx_lock(&fcr->lock); 1419 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1420 if (cse->ses == ses) { 1421 TAILQ_REMOVE(&fcr->csessions, cse, next); 1422 mtx_unlock(&fcr->lock); 1423 csefree(cse); 1424 return (true); 1425 } 1426 } 1427 mtx_unlock(&fcr->lock); 1428 return (false); 1429 } 1430 1431 struct csession * 1432 csecreate(struct fcrypt *fcr, crypto_session_t cses, caddr_t key, u_int64_t keylen, 1433 caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, 1434 struct enc_xform *txform, struct auth_hash *thash) 1435 { 1436 struct csession *cse; 1437 1438 cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT | M_ZERO); 1439 if (cse == NULL) 1440 return NULL; 1441 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 1442 refcount_init(&cse->refs, 1); 1443 cse->key = key; 1444 cse->keylen = keylen/8; 1445 cse->mackey = mackey; 1446 cse->mackeylen = mackeylen/8; 1447 cse->cses = cses; 1448 cse->cipher = cipher; 1449 cse->mac = mac; 1450 cse->txform = txform; 1451 cse->thash = thash; 1452 mtx_lock(&fcr->lock); 1453 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 1454 cse->ses = fcr->sesn++; 1455 mtx_unlock(&fcr->lock); 1456 return (cse); 1457 } 1458 1459 static void 1460 csefree(struct csession *cse) 1461 { 1462 1463 if (!refcount_release(&cse->refs)) 1464 return; 1465 crypto_freesession(cse->cses); 1466 mtx_destroy(&cse->lock); 1467 if (cse->key) 1468 free(cse->key, M_XDATA); 1469 if (cse->mackey) 1470 free(cse->mackey, M_XDATA); 1471 free(cse, M_XDATA); 1472 } 1473 1474 static int 1475 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) 1476 { 1477 struct file *f; 1478 struct fcrypt *fcr; 1479 int fd, error; 1480 1481 switch (cmd) { 1482 case CRIOGET: 1483 error = falloc_noinstall(td, &f); 1484 if (error) 1485 break; 1486 1487 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); 1488 TAILQ_INIT(&fcr->csessions); 1489 mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); 1490 1491 finit(f, FREAD | FWRITE, DTYPE_CRYPTO, fcr, &cryptofops); 1492 error = finstall(td, f, &fd, 0, NULL); 1493 if (error) { 1494 mtx_destroy(&fcr->lock); 1495 free(fcr, M_XDATA); 1496 } else 1497 *(uint32_t *)data = fd; 1498 fdrop(f, td); 1499 break; 1500 case CRIOFINDDEV: 1501 error = cryptodev_find((struct crypt_find_op *)data); 1502 break; 1503 case CRIOASYMFEAT: 1504 error = crypto_getfeat((int *)data); 1505 break; 1506 default: 1507 error = EINVAL; 1508 break; 1509 } 1510 return (error); 1511 } 1512 1513 static struct cdevsw crypto_cdevsw = { 1514 .d_version = D_VERSION, 1515 .d_ioctl = cryptoioctl, 1516 .d_name = "crypto", 1517 }; 1518 static struct cdev *crypto_dev; 1519 1520 /* 1521 * Initialization code, both for static and dynamic loading. 1522 */ 1523 static int 1524 cryptodev_modevent(module_t mod, int type, void *unused) 1525 { 1526 switch (type) { 1527 case MOD_LOAD: 1528 if (bootverbose) 1529 printf("crypto: <crypto device>\n"); 1530 crypto_dev = make_dev(&crypto_cdevsw, 0, 1531 UID_ROOT, GID_WHEEL, 0666, 1532 "crypto"); 1533 return 0; 1534 case MOD_UNLOAD: 1535 /*XXX disallow if active sessions */ 1536 destroy_dev(crypto_dev); 1537 return 0; 1538 } 1539 return EINVAL; 1540 } 1541 1542 static moduledata_t cryptodev_mod = { 1543 "cryptodev", 1544 cryptodev_modevent, 1545 0 1546 }; 1547 MODULE_VERSION(cryptodev, 1); 1548 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1549 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1550 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1551