1 /* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3 /*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. The name of the author may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * Effort sponsored in part by the Defense Advanced Research Projects 37 * Agency (DARPA) and Air Force Research Laboratory, Air Force 38 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 39 */ 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/sysctl.h> 51 #include <sys/file.h> 52 #include <sys/filedesc.h> 53 #include <sys/errno.h> 54 #include <sys/uio.h> 55 #include <sys/random.h> 56 #include <sys/conf.h> 57 #include <sys/kernel.h> 58 #include <sys/module.h> 59 #include <sys/fcntl.h> 60 #include <sys/bus.h> 61 #include <sys/user.h> 62 #include <sys/sdt.h> 63 64 #include <opencrypto/cryptodev.h> 65 #include <opencrypto/xform.h> 66 67 SDT_PROVIDER_DECLARE(opencrypto); 68 69 SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 70 71 #ifdef COMPAT_FREEBSD32 72 #include <sys/mount.h> 73 #include <compat/freebsd32/freebsd32.h> 74 75 struct session_op32 { 76 u_int32_t cipher; 77 u_int32_t mac; 78 u_int32_t keylen; 79 u_int32_t key; 80 int mackeylen; 81 u_int32_t mackey; 82 u_int32_t ses; 83 }; 84 85 struct session2_op32 { 86 u_int32_t cipher; 87 u_int32_t mac; 88 u_int32_t keylen; 89 u_int32_t key; 90 int mackeylen; 91 u_int32_t mackey; 92 u_int32_t ses; 93 int crid; 94 int pad[4]; 95 }; 96 97 struct crypt_op32 { 98 u_int32_t ses; 99 u_int16_t op; 100 u_int16_t flags; 101 u_int len; 102 u_int32_t src, dst; 103 u_int32_t mac; 104 u_int32_t iv; 105 }; 106 107 struct crparam32 { 108 u_int32_t crp_p; 109 u_int crp_nbits; 110 }; 111 112 struct crypt_kop32 { 113 u_int crk_op; 114 u_int crk_status; 115 u_short crk_iparams; 116 u_short crk_oparams; 117 u_int crk_crid; 118 struct crparam32 crk_param[CRK_MAXPARAM]; 119 }; 120 121 struct cryptotstat32 { 122 struct timespec32 acc; 123 struct timespec32 min; 124 struct timespec32 max; 125 u_int32_t count; 126 }; 127 128 struct cryptostats32 { 129 u_int32_t cs_ops; 130 u_int32_t cs_errs; 131 u_int32_t cs_kops; 132 u_int32_t cs_kerrs; 133 u_int32_t cs_intrs; 134 u_int32_t cs_rets; 135 u_int32_t cs_blocks; 136 u_int32_t cs_kblocks; 137 struct cryptotstat32 cs_invoke; 138 struct cryptotstat32 cs_done; 139 struct cryptotstat32 cs_cb; 140 struct cryptotstat32 cs_finis; 141 }; 142 143 #define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 144 #define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 145 #define CIOCKEY32 _IOWR('c', 104, struct crypt_kop32) 146 #define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 147 #define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32) 148 149 static void 150 session_op_from_32(const struct session_op32 *from, struct session_op *to) 151 { 152 153 CP(*from, *to, cipher); 154 CP(*from, *to, mac); 155 CP(*from, *to, keylen); 156 PTRIN_CP(*from, *to, key); 157 CP(*from, *to, mackeylen); 158 PTRIN_CP(*from, *to, mackey); 159 CP(*from, *to, ses); 160 } 161 162 static void 163 session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 164 { 165 166 session_op_from_32((const struct session_op32 *)from, 167 (struct session_op *)to); 168 CP(*from, *to, crid); 169 } 170 171 static void 172 session_op_to_32(const struct session_op *from, struct session_op32 *to) 173 { 174 175 CP(*from, *to, cipher); 176 CP(*from, *to, mac); 177 CP(*from, *to, keylen); 178 PTROUT_CP(*from, *to, key); 179 CP(*from, *to, mackeylen); 180 PTROUT_CP(*from, *to, mackey); 181 CP(*from, *to, ses); 182 } 183 184 static void 185 session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 186 { 187 188 session_op_to_32((const struct session_op *)from, 189 (struct session_op32 *)to); 190 CP(*from, *to, crid); 191 } 192 193 static void 194 crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 195 { 196 197 CP(*from, *to, ses); 198 CP(*from, *to, op); 199 CP(*from, *to, flags); 200 CP(*from, *to, len); 201 PTRIN_CP(*from, *to, src); 202 PTRIN_CP(*from, *to, dst); 203 PTRIN_CP(*from, *to, mac); 204 PTRIN_CP(*from, *to, iv); 205 } 206 207 static void 208 crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 209 { 210 211 CP(*from, *to, ses); 212 CP(*from, *to, op); 213 CP(*from, *to, flags); 214 CP(*from, *to, len); 215 PTROUT_CP(*from, *to, src); 216 PTROUT_CP(*from, *to, dst); 217 PTROUT_CP(*from, *to, mac); 218 PTROUT_CP(*from, *to, iv); 219 } 220 221 static void 222 crparam_from_32(const struct crparam32 *from, struct crparam *to) 223 { 224 225 PTRIN_CP(*from, *to, crp_p); 226 CP(*from, *to, crp_nbits); 227 } 228 229 static void 230 crparam_to_32(const struct crparam *from, struct crparam32 *to) 231 { 232 233 PTROUT_CP(*from, *to, crp_p); 234 CP(*from, *to, crp_nbits); 235 } 236 237 static void 238 crypt_kop_from_32(const struct crypt_kop32 *from, struct crypt_kop *to) 239 { 240 int i; 241 242 CP(*from, *to, crk_op); 243 CP(*from, *to, crk_status); 244 CP(*from, *to, crk_iparams); 245 CP(*from, *to, crk_oparams); 246 CP(*from, *to, crk_crid); 247 for (i = 0; i < CRK_MAXPARAM; i++) 248 crparam_from_32(&from->crk_param[i], &to->crk_param[i]); 249 } 250 251 static void 252 crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) 253 { 254 int i; 255 256 CP(*from, *to, crk_op); 257 CP(*from, *to, crk_status); 258 CP(*from, *to, crk_iparams); 259 CP(*from, *to, crk_oparams); 260 CP(*from, *to, crk_crid); 261 for (i = 0; i < CRK_MAXPARAM; i++) 262 crparam_to_32(&from->crk_param[i], &to->crk_param[i]); 263 } 264 #endif 265 266 struct csession { 267 TAILQ_ENTRY(csession) next; 268 crypto_session_t cses; 269 u_int32_t ses; 270 struct mtx lock; /* for op submission */ 271 272 u_int32_t cipher; 273 struct enc_xform *txform; 274 u_int32_t mac; 275 struct auth_hash *thash; 276 277 caddr_t key; 278 int keylen; 279 280 caddr_t mackey; 281 int mackeylen; 282 }; 283 284 struct cryptop_data { 285 struct csession *cse; 286 287 struct iovec iovec[1]; 288 struct uio uio; 289 bool done; 290 }; 291 292 struct fcrypt { 293 TAILQ_HEAD(csessionlist, csession) csessions; 294 int sesn; 295 }; 296 297 static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; 298 SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW, 299 &warninterval, 300 "Delay in seconds between warnings of deprecated /dev/crypto algorithms"); 301 302 static int cryptof_ioctl(struct file *, u_long, void *, 303 struct ucred *, struct thread *); 304 static int cryptof_stat(struct file *, struct stat *, 305 struct ucred *, struct thread *); 306 static int cryptof_close(struct file *, struct thread *); 307 static int cryptof_fill_kinfo(struct file *, struct kinfo_file *, 308 struct filedesc *); 309 310 static struct fileops cryptofops = { 311 .fo_read = invfo_rdwr, 312 .fo_write = invfo_rdwr, 313 .fo_truncate = invfo_truncate, 314 .fo_ioctl = cryptof_ioctl, 315 .fo_poll = invfo_poll, 316 .fo_kqfilter = invfo_kqfilter, 317 .fo_stat = cryptof_stat, 318 .fo_close = cryptof_close, 319 .fo_chmod = invfo_chmod, 320 .fo_chown = invfo_chown, 321 .fo_sendfile = invfo_sendfile, 322 .fo_fill_kinfo = cryptof_fill_kinfo, 323 }; 324 325 static struct csession *csefind(struct fcrypt *, u_int); 326 static int csedelete(struct fcrypt *, struct csession *); 327 static struct csession *cseadd(struct fcrypt *, struct csession *); 328 static struct csession *csecreate(struct fcrypt *, crypto_session_t, caddr_t, 329 u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, 330 struct auth_hash *); 331 static void csefree(struct csession *); 332 333 static int cryptodev_op(struct csession *, struct crypt_op *, 334 struct ucred *, struct thread *td); 335 static int cryptodev_aead(struct csession *, struct crypt_aead *, 336 struct ucred *, struct thread *); 337 static int cryptodev_key(struct crypt_kop *); 338 static int cryptodev_find(struct crypt_find_op *); 339 340 /* 341 * Check a crypto identifier to see if it requested 342 * a software device/driver. This can be done either 343 * by device name/class or through search constraints. 344 */ 345 static int 346 checkforsoftware(int *cridp) 347 { 348 int crid; 349 350 crid = *cridp; 351 352 if (!crypto_devallowsoft) { 353 if (crid & CRYPTOCAP_F_SOFTWARE) { 354 if (crid & CRYPTOCAP_F_HARDWARE) { 355 *cridp = CRYPTOCAP_F_HARDWARE; 356 return 0; 357 } 358 return EINVAL; 359 } 360 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 361 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 362 return EINVAL; 363 } 364 return 0; 365 } 366 367 /* ARGSUSED */ 368 static int 369 cryptof_ioctl( 370 struct file *fp, 371 u_long cmd, 372 void *data, 373 struct ucred *active_cred, 374 struct thread *td) 375 { 376 #define SES2(p) ((struct session2_op *)p) 377 struct cryptoini cria, crie; 378 struct fcrypt *fcr = fp->f_data; 379 struct csession *cse; 380 struct session_op *sop; 381 struct crypt_op *cop; 382 struct crypt_aead *caead; 383 struct enc_xform *txform = NULL; 384 struct auth_hash *thash = NULL; 385 struct crypt_kop *kop; 386 crypto_session_t cses; 387 u_int32_t ses; 388 int error = 0, crid; 389 #ifdef COMPAT_FREEBSD32 390 struct session2_op sopc; 391 struct crypt_op copc; 392 struct crypt_kop kopc; 393 #endif 394 395 switch (cmd) { 396 case CIOCGSESSION: 397 case CIOCGSESSION2: 398 #ifdef COMPAT_FREEBSD32 399 case CIOCGSESSION32: 400 case CIOCGSESSION232: 401 if (cmd == CIOCGSESSION32) { 402 session_op_from_32(data, (struct session_op *)&sopc); 403 sop = (struct session_op *)&sopc; 404 } else if (cmd == CIOCGSESSION232) { 405 session2_op_from_32(data, &sopc); 406 sop = (struct session_op *)&sopc; 407 } else 408 #endif 409 sop = (struct session_op *)data; 410 switch (sop->cipher) { 411 case 0: 412 break; 413 case CRYPTO_DES_CBC: 414 txform = &enc_xform_des; 415 break; 416 case CRYPTO_3DES_CBC: 417 txform = &enc_xform_3des; 418 break; 419 case CRYPTO_BLF_CBC: 420 txform = &enc_xform_blf; 421 break; 422 case CRYPTO_CAST_CBC: 423 txform = &enc_xform_cast5; 424 break; 425 case CRYPTO_SKIPJACK_CBC: 426 txform = &enc_xform_skipjack; 427 break; 428 case CRYPTO_AES_CBC: 429 txform = &enc_xform_rijndael128; 430 break; 431 case CRYPTO_AES_XTS: 432 txform = &enc_xform_aes_xts; 433 break; 434 case CRYPTO_NULL_CBC: 435 txform = &enc_xform_null; 436 break; 437 case CRYPTO_ARC4: 438 txform = &enc_xform_arc4; 439 break; 440 case CRYPTO_CAMELLIA_CBC: 441 txform = &enc_xform_camellia; 442 break; 443 case CRYPTO_AES_ICM: 444 txform = &enc_xform_aes_icm; 445 break; 446 case CRYPTO_AES_NIST_GCM_16: 447 txform = &enc_xform_aes_nist_gcm; 448 break; 449 case CRYPTO_CHACHA20: 450 txform = &enc_xform_chacha20; 451 break; 452 case CRYPTO_AES_CCM_16: 453 txform = &enc_xform_ccm; 454 break; 455 456 default: 457 CRYPTDEB("invalid cipher"); 458 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 459 return (EINVAL); 460 } 461 462 switch (sop->mac) { 463 case 0: 464 break; 465 case CRYPTO_MD5_HMAC: 466 thash = &auth_hash_hmac_md5; 467 break; 468 case CRYPTO_POLY1305: 469 thash = &auth_hash_poly1305; 470 break; 471 case CRYPTO_SHA1_HMAC: 472 thash = &auth_hash_hmac_sha1; 473 break; 474 case CRYPTO_SHA2_224_HMAC: 475 thash = &auth_hash_hmac_sha2_224; 476 break; 477 case CRYPTO_SHA2_256_HMAC: 478 thash = &auth_hash_hmac_sha2_256; 479 break; 480 case CRYPTO_SHA2_384_HMAC: 481 thash = &auth_hash_hmac_sha2_384; 482 break; 483 case CRYPTO_SHA2_512_HMAC: 484 thash = &auth_hash_hmac_sha2_512; 485 break; 486 case CRYPTO_RIPEMD160_HMAC: 487 thash = &auth_hash_hmac_ripemd_160; 488 break; 489 case CRYPTO_AES_128_NIST_GMAC: 490 thash = &auth_hash_nist_gmac_aes_128; 491 break; 492 case CRYPTO_AES_192_NIST_GMAC: 493 thash = &auth_hash_nist_gmac_aes_192; 494 break; 495 case CRYPTO_AES_256_NIST_GMAC: 496 thash = &auth_hash_nist_gmac_aes_256; 497 break; 498 499 case CRYPTO_AES_CCM_CBC_MAC: 500 switch (sop->keylen) { 501 case 16: 502 thash = &auth_hash_ccm_cbc_mac_128; 503 break; 504 case 24: 505 thash = &auth_hash_ccm_cbc_mac_192; 506 break; 507 case 32: 508 thash = &auth_hash_ccm_cbc_mac_256; 509 break; 510 default: 511 CRYPTDEB("Invalid CBC MAC key size %d", 512 sop->keylen); 513 SDT_PROBE1(opencrypto, dev, ioctl, 514 error, __LINE__); 515 return (EINVAL); 516 } 517 break; 518 #ifdef notdef 519 case CRYPTO_MD5: 520 thash = &auth_hash_md5; 521 break; 522 #endif 523 case CRYPTO_SHA1: 524 thash = &auth_hash_sha1; 525 break; 526 case CRYPTO_SHA2_224: 527 thash = &auth_hash_sha2_224; 528 break; 529 case CRYPTO_SHA2_256: 530 thash = &auth_hash_sha2_256; 531 break; 532 case CRYPTO_SHA2_384: 533 thash = &auth_hash_sha2_384; 534 break; 535 case CRYPTO_SHA2_512: 536 thash = &auth_hash_sha2_512; 537 break; 538 539 case CRYPTO_NULL_HMAC: 540 thash = &auth_hash_null; 541 break; 542 543 case CRYPTO_BLAKE2B: 544 thash = &auth_hash_blake2b; 545 break; 546 case CRYPTO_BLAKE2S: 547 thash = &auth_hash_blake2s; 548 break; 549 550 default: 551 CRYPTDEB("invalid mac"); 552 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 553 return (EINVAL); 554 } 555 556 bzero(&crie, sizeof(crie)); 557 bzero(&cria, sizeof(cria)); 558 559 if (txform) { 560 crie.cri_alg = txform->type; 561 crie.cri_klen = sop->keylen * 8; 562 if (sop->keylen > txform->maxkey || 563 sop->keylen < txform->minkey) { 564 CRYPTDEB("invalid cipher parameters"); 565 error = EINVAL; 566 SDT_PROBE1(opencrypto, dev, ioctl, error, 567 __LINE__); 568 goto bail; 569 } 570 571 crie.cri_key = malloc(crie.cri_klen / 8, 572 M_XDATA, M_WAITOK); 573 if ((error = copyin(sop->key, crie.cri_key, 574 crie.cri_klen / 8))) { 575 CRYPTDEB("invalid key"); 576 SDT_PROBE1(opencrypto, dev, ioctl, error, 577 __LINE__); 578 goto bail; 579 } 580 if (thash) 581 crie.cri_next = &cria; 582 } 583 584 if (thash) { 585 cria.cri_alg = thash->type; 586 cria.cri_klen = sop->mackeylen * 8; 587 if (thash->keysize != 0 && 588 sop->mackeylen > thash->keysize) { 589 CRYPTDEB("invalid mac key length"); 590 error = EINVAL; 591 SDT_PROBE1(opencrypto, dev, ioctl, error, 592 __LINE__); 593 goto bail; 594 } 595 596 if (cria.cri_klen) { 597 cria.cri_key = malloc(cria.cri_klen / 8, 598 M_XDATA, M_WAITOK); 599 if ((error = copyin(sop->mackey, cria.cri_key, 600 cria.cri_klen / 8))) { 601 CRYPTDEB("invalid mac key"); 602 SDT_PROBE1(opencrypto, dev, ioctl, 603 error, __LINE__); 604 goto bail; 605 } 606 } 607 } 608 609 /* NB: CIOCGSESSION2 has the crid */ 610 if (cmd == CIOCGSESSION2 611 #ifdef COMPAT_FREEBSD32 612 || cmd == CIOCGSESSION232 613 #endif 614 ) { 615 crid = SES2(sop)->crid; 616 error = checkforsoftware(&crid); 617 if (error) { 618 CRYPTDEB("checkforsoftware"); 619 SDT_PROBE1(opencrypto, dev, ioctl, error, 620 __LINE__); 621 goto bail; 622 } 623 } else 624 crid = CRYPTOCAP_F_HARDWARE; 625 error = crypto_newsession(&cses, (txform ? &crie : &cria), crid); 626 if (error) { 627 CRYPTDEB("crypto_newsession"); 628 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 629 goto bail; 630 } 631 632 cse = csecreate(fcr, cses, crie.cri_key, crie.cri_klen, 633 cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, 634 thash); 635 636 if (cse == NULL) { 637 crypto_freesession(cses); 638 error = EINVAL; 639 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 640 CRYPTDEB("csecreate"); 641 goto bail; 642 } 643 sop->ses = cse->ses; 644 if (cmd == CIOCGSESSION2 645 #ifdef COMPAT_FREEBSD32 646 || cmd == CIOCGSESSION232 647 #endif 648 ) { 649 /* return hardware/driver id */ 650 SES2(sop)->crid = crypto_ses2hid(cse->cses); 651 } 652 bail: 653 if (error) { 654 if (crie.cri_key) 655 free(crie.cri_key, M_XDATA); 656 if (cria.cri_key) 657 free(cria.cri_key, M_XDATA); 658 } 659 #ifdef COMPAT_FREEBSD32 660 else { 661 if (cmd == CIOCGSESSION32) 662 session_op_to_32(sop, data); 663 else if (cmd == CIOCGSESSION232) 664 session2_op_to_32((struct session2_op *)sop, 665 data); 666 } 667 #endif 668 break; 669 case CIOCFSESSION: 670 ses = *(u_int32_t *)data; 671 cse = csefind(fcr, ses); 672 if (cse == NULL) { 673 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 674 return (EINVAL); 675 } 676 csedelete(fcr, cse); 677 csefree(cse); 678 break; 679 case CIOCCRYPT: 680 #ifdef COMPAT_FREEBSD32 681 case CIOCCRYPT32: 682 if (cmd == CIOCCRYPT32) { 683 cop = &copc; 684 crypt_op_from_32(data, cop); 685 } else 686 #endif 687 cop = (struct crypt_op *)data; 688 cse = csefind(fcr, cop->ses); 689 if (cse == NULL) { 690 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 691 return (EINVAL); 692 } 693 error = cryptodev_op(cse, cop, active_cred, td); 694 #ifdef COMPAT_FREEBSD32 695 if (error == 0 && cmd == CIOCCRYPT32) 696 crypt_op_to_32(cop, data); 697 #endif 698 break; 699 case CIOCKEY: 700 case CIOCKEY2: 701 #ifdef COMPAT_FREEBSD32 702 case CIOCKEY32: 703 case CIOCKEY232: 704 #endif 705 if (!crypto_userasymcrypto) { 706 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 707 return (EPERM); /* XXX compat? */ 708 } 709 #ifdef COMPAT_FREEBSD32 710 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { 711 kop = &kopc; 712 crypt_kop_from_32(data, kop); 713 } else 714 #endif 715 kop = (struct crypt_kop *)data; 716 if (cmd == CIOCKEY 717 #ifdef COMPAT_FREEBSD32 718 || cmd == CIOCKEY32 719 #endif 720 ) { 721 /* NB: crypto core enforces s/w driver use */ 722 kop->crk_crid = 723 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; 724 } 725 mtx_lock(&Giant); 726 error = cryptodev_key(kop); 727 mtx_unlock(&Giant); 728 #ifdef COMPAT_FREEBSD32 729 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) 730 crypt_kop_to_32(kop, data); 731 #endif 732 break; 733 case CIOCASYMFEAT: 734 if (!crypto_userasymcrypto) { 735 /* 736 * NB: if user asym crypto operations are 737 * not permitted return "no algorithms" 738 * so well-behaved applications will just 739 * fallback to doing them in software. 740 */ 741 *(int *)data = 0; 742 } else { 743 error = crypto_getfeat((int *)data); 744 if (error) 745 SDT_PROBE1(opencrypto, dev, ioctl, error, 746 __LINE__); 747 } 748 break; 749 case CIOCFINDDEV: 750 error = cryptodev_find((struct crypt_find_op *)data); 751 break; 752 case CIOCCRYPTAEAD: 753 caead = (struct crypt_aead *)data; 754 cse = csefind(fcr, caead->ses); 755 if (cse == NULL) { 756 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 757 return (EINVAL); 758 } 759 error = cryptodev_aead(cse, caead, active_cred, td); 760 break; 761 default: 762 error = EINVAL; 763 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 764 break; 765 } 766 return (error); 767 #undef SES2 768 } 769 770 static int cryptodev_cb(struct cryptop *); 771 772 static struct cryptop_data * 773 cod_alloc(struct csession *cse, size_t len, struct thread *td) 774 { 775 struct cryptop_data *cod; 776 struct uio *uio; 777 778 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 779 780 cod->cse = cse; 781 uio = &cod->uio; 782 uio->uio_iov = cod->iovec; 783 uio->uio_iovcnt = 1; 784 uio->uio_resid = len; 785 uio->uio_segflg = UIO_SYSSPACE; 786 uio->uio_rw = UIO_WRITE; 787 uio->uio_td = td; 788 uio->uio_iov[0].iov_len = len; 789 uio->uio_iov[0].iov_base = malloc(len, M_XDATA, M_WAITOK); 790 return (cod); 791 } 792 793 static void 794 cod_free(struct cryptop_data *cod) 795 { 796 797 free(cod->uio.uio_iov[0].iov_base, M_XDATA); 798 free(cod, M_XDATA); 799 } 800 801 static void 802 cryptodev_warn(struct csession *cse) 803 { 804 static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn; 805 static struct timeval skipwarn, tdeswarn; 806 807 switch (cse->cipher) { 808 case CRYPTO_DES_CBC: 809 if (ratecheck(&deswarn, &warninterval)) 810 gone_in(13, "DES cipher via /dev/crypto"); 811 break; 812 case CRYPTO_3DES_CBC: 813 if (ratecheck(&tdeswarn, &warninterval)) 814 gone_in(13, "3DES cipher via /dev/crypto"); 815 break; 816 case CRYPTO_BLF_CBC: 817 if (ratecheck(&blfwarn, &warninterval)) 818 gone_in(13, "Blowfish cipher via /dev/crypto"); 819 break; 820 case CRYPTO_CAST_CBC: 821 if (ratecheck(&castwarn, &warninterval)) 822 gone_in(13, "CAST128 cipher via /dev/crypto"); 823 break; 824 case CRYPTO_SKIPJACK_CBC: 825 if (ratecheck(&skipwarn, &warninterval)) 826 gone_in(13, "Skipjack cipher via /dev/crypto"); 827 break; 828 case CRYPTO_ARC4: 829 if (ratecheck(&arc4warn, &warninterval)) 830 gone_in(13, "ARC4 cipher via /dev/crypto"); 831 break; 832 } 833 834 switch (cse->mac) { 835 case CRYPTO_MD5_HMAC: 836 if (ratecheck(&md5warn, &warninterval)) 837 gone_in(13, "MD5-HMAC authenticator via /dev/crypto"); 838 break; 839 } 840 } 841 842 static int 843 cryptodev_op( 844 struct csession *cse, 845 struct crypt_op *cop, 846 struct ucred *active_cred, 847 struct thread *td) 848 { 849 struct cryptop_data *cod = NULL; 850 struct cryptop *crp = NULL; 851 struct cryptodesc *crde = NULL, *crda = NULL; 852 int error; 853 854 if (cop->len > 256*1024-4) { 855 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 856 return (E2BIG); 857 } 858 859 if (cse->txform) { 860 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { 861 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 862 return (EINVAL); 863 } 864 } 865 866 if (cse->thash) 867 cod = cod_alloc(cse, cop->len + cse->thash->hashsize, td); 868 else 869 cod = cod_alloc(cse, cop->len, td); 870 871 crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); 872 if (crp == NULL) { 873 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 874 error = ENOMEM; 875 goto bail; 876 } 877 878 if (cse->thash && cse->txform) { 879 if (cop->flags & COP_F_CIPHER_FIRST) { 880 crde = crp->crp_desc; 881 crda = crde->crd_next; 882 } else { 883 crda = crp->crp_desc; 884 crde = crda->crd_next; 885 } 886 } else if (cse->thash) { 887 crda = crp->crp_desc; 888 } else if (cse->txform) { 889 crde = crp->crp_desc; 890 } else { 891 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 892 error = EINVAL; 893 goto bail; 894 } 895 896 if ((error = copyin(cop->src, cod->uio.uio_iov[0].iov_base, 897 cop->len))) { 898 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 899 goto bail; 900 } 901 902 if (crda) { 903 crda->crd_skip = 0; 904 crda->crd_len = cop->len; 905 crda->crd_inject = cop->len; 906 907 crda->crd_alg = cse->mac; 908 crda->crd_key = cse->mackey; 909 crda->crd_klen = cse->mackeylen * 8; 910 } 911 912 if (crde) { 913 if (cop->op == COP_ENCRYPT) 914 crde->crd_flags |= CRD_F_ENCRYPT; 915 else 916 crde->crd_flags &= ~CRD_F_ENCRYPT; 917 crde->crd_len = cop->len; 918 crde->crd_inject = 0; 919 920 crde->crd_alg = cse->cipher; 921 crde->crd_key = cse->key; 922 crde->crd_klen = cse->keylen * 8; 923 } 924 925 crp->crp_ilen = cop->len; 926 crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 927 | (cop->flags & COP_F_BATCH); 928 crp->crp_uio = &cod->uio; 929 crp->crp_callback = cryptodev_cb; 930 crp->crp_session = cse->cses; 931 crp->crp_opaque = cod; 932 933 if (cop->iv) { 934 if (crde == NULL) { 935 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 936 error = EINVAL; 937 goto bail; 938 } 939 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 940 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 941 error = EINVAL; 942 goto bail; 943 } 944 if ((error = copyin(cop->iv, crde->crd_iv, 945 cse->txform->ivsize))) { 946 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 947 goto bail; 948 } 949 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 950 crde->crd_skip = 0; 951 } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 952 crde->crd_skip = 0; 953 } else if (crde) { 954 crde->crd_flags |= CRD_F_IV_PRESENT; 955 crde->crd_skip = cse->txform->ivsize; 956 crde->crd_len -= cse->txform->ivsize; 957 } 958 959 if (cop->mac && crda == NULL) { 960 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 961 error = EINVAL; 962 goto bail; 963 } 964 cryptodev_warn(cse); 965 966 again: 967 /* 968 * Let the dispatch run unlocked, then, interlock against the 969 * callback before checking if the operation completed and going 970 * to sleep. This insures drivers don't inherit our lock which 971 * results in a lock order reversal between crypto_dispatch forced 972 * entry and the crypto_done callback into us. 973 */ 974 error = crypto_dispatch(crp); 975 if (error != 0) { 976 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 977 goto bail; 978 } 979 980 mtx_lock(&cse->lock); 981 while (!cod->done) 982 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 983 mtx_unlock(&cse->lock); 984 985 if (crp->crp_etype == EAGAIN) { 986 crp->crp_etype = 0; 987 crp->crp_flags &= ~CRYPTO_F_DONE; 988 cod->done = false; 989 goto again; 990 } 991 992 if (crp->crp_etype != 0) { 993 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 994 error = crp->crp_etype; 995 goto bail; 996 } 997 998 if (cop->dst && 999 (error = copyout(cod->uio.uio_iov[0].iov_base, cop->dst, 1000 cop->len))) { 1001 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1002 goto bail; 1003 } 1004 1005 if (cop->mac && 1006 (error = copyout((caddr_t)cod->uio.uio_iov[0].iov_base + cop->len, 1007 cop->mac, cse->thash->hashsize))) { 1008 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1009 goto bail; 1010 } 1011 1012 bail: 1013 if (crp) 1014 crypto_freereq(crp); 1015 if (cod) 1016 cod_free(cod); 1017 1018 return (error); 1019 } 1020 1021 static int 1022 cryptodev_aead( 1023 struct csession *cse, 1024 struct crypt_aead *caead, 1025 struct ucred *active_cred, 1026 struct thread *td) 1027 { 1028 struct cryptop_data *cod = NULL; 1029 struct cryptop *crp = NULL; 1030 struct cryptodesc *crde = NULL, *crda = NULL; 1031 int error; 1032 1033 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 1034 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1035 return (E2BIG); 1036 } 1037 1038 if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL || 1039 (caead->len % cse->txform->blocksize) != 0) { 1040 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1041 return (EINVAL); 1042 } 1043 1044 cod = cod_alloc(cse, caead->aadlen + caead->len + cse->thash->hashsize, 1045 td); 1046 1047 crp = crypto_getreq(2); 1048 if (crp == NULL) { 1049 error = ENOMEM; 1050 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1051 goto bail; 1052 } 1053 1054 if (caead->flags & COP_F_CIPHER_FIRST) { 1055 crde = crp->crp_desc; 1056 crda = crde->crd_next; 1057 } else { 1058 crda = crp->crp_desc; 1059 crde = crda->crd_next; 1060 } 1061 1062 if ((error = copyin(caead->aad, cod->uio.uio_iov[0].iov_base, 1063 caead->aadlen))) { 1064 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1065 goto bail; 1066 } 1067 1068 if ((error = copyin(caead->src, (char *)cod->uio.uio_iov[0].iov_base + 1069 caead->aadlen, caead->len))) { 1070 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1071 goto bail; 1072 } 1073 1074 /* 1075 * For GCM/CCM, crd_len covers only the AAD. For other ciphers 1076 * chained with an HMAC, crd_len covers both the AAD and the 1077 * cipher text. 1078 */ 1079 crda->crd_skip = 0; 1080 if (cse->cipher == CRYPTO_AES_NIST_GCM_16 || 1081 cse->cipher == CRYPTO_AES_CCM_16) 1082 crda->crd_len = caead->aadlen; 1083 else 1084 crda->crd_len = caead->aadlen + caead->len; 1085 crda->crd_inject = caead->aadlen + caead->len; 1086 1087 crda->crd_alg = cse->mac; 1088 crda->crd_key = cse->mackey; 1089 crda->crd_klen = cse->mackeylen * 8; 1090 1091 if (caead->op == COP_ENCRYPT) 1092 crde->crd_flags |= CRD_F_ENCRYPT; 1093 else 1094 crde->crd_flags &= ~CRD_F_ENCRYPT; 1095 crde->crd_skip = caead->aadlen; 1096 crde->crd_len = caead->len; 1097 crde->crd_inject = caead->aadlen; 1098 1099 crde->crd_alg = cse->cipher; 1100 crde->crd_key = cse->key; 1101 crde->crd_klen = cse->keylen * 8; 1102 1103 crp->crp_ilen = caead->aadlen + caead->len; 1104 crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 1105 | (caead->flags & COP_F_BATCH); 1106 crp->crp_uio = &cod->uio; 1107 crp->crp_callback = cryptodev_cb; 1108 crp->crp_session = cse->cses; 1109 crp->crp_opaque = cod; 1110 1111 if (caead->iv) { 1112 if (caead->ivlen > sizeof(crde->crd_iv)) { 1113 error = EINVAL; 1114 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1115 goto bail; 1116 } 1117 1118 if ((error = copyin(caead->iv, crde->crd_iv, caead->ivlen))) { 1119 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1120 goto bail; 1121 } 1122 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 1123 } else { 1124 crde->crd_flags |= CRD_F_IV_PRESENT; 1125 crde->crd_skip += cse->txform->ivsize; 1126 crde->crd_len -= cse->txform->ivsize; 1127 } 1128 1129 if ((error = copyin(caead->tag, (caddr_t)cod->uio.uio_iov[0].iov_base + 1130 caead->len + caead->aadlen, cse->thash->hashsize))) { 1131 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1132 goto bail; 1133 } 1134 cryptodev_warn(cse); 1135 again: 1136 /* 1137 * Let the dispatch run unlocked, then, interlock against the 1138 * callback before checking if the operation completed and going 1139 * to sleep. This insures drivers don't inherit our lock which 1140 * results in a lock order reversal between crypto_dispatch forced 1141 * entry and the crypto_done callback into us. 1142 */ 1143 error = crypto_dispatch(crp); 1144 if (error != 0) { 1145 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1146 goto bail; 1147 } 1148 1149 mtx_lock(&cse->lock); 1150 while (!cod->done) 1151 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1152 mtx_unlock(&cse->lock); 1153 1154 if (crp->crp_etype == EAGAIN) { 1155 crp->crp_etype = 0; 1156 crp->crp_flags &= ~CRYPTO_F_DONE; 1157 cod->done = false; 1158 goto again; 1159 } 1160 1161 if (crp->crp_etype != 0) { 1162 error = crp->crp_etype; 1163 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1164 goto bail; 1165 } 1166 1167 if (caead->dst && (error = copyout( 1168 (caddr_t)cod->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst, 1169 caead->len))) { 1170 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1171 goto bail; 1172 } 1173 1174 if ((error = copyout((caddr_t)cod->uio.uio_iov[0].iov_base + 1175 caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) { 1176 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1177 goto bail; 1178 } 1179 1180 bail: 1181 crypto_freereq(crp); 1182 if (cod) 1183 cod_free(cod); 1184 1185 return (error); 1186 } 1187 1188 static int 1189 cryptodev_cb(struct cryptop *crp) 1190 { 1191 struct cryptop_data *cod = crp->crp_opaque; 1192 1193 /* 1194 * Lock to ensure the wakeup() is not missed by the loops 1195 * waiting on cod->done in cryptodev_op() and 1196 * cryptodev_aead(). 1197 */ 1198 mtx_lock(&cod->cse->lock); 1199 cod->done = true; 1200 mtx_unlock(&cod->cse->lock); 1201 wakeup(cod); 1202 return (0); 1203 } 1204 1205 static int 1206 cryptodevkey_cb(void *op) 1207 { 1208 struct cryptkop *krp = (struct cryptkop *) op; 1209 1210 wakeup_one(krp); 1211 return (0); 1212 } 1213 1214 static int 1215 cryptodev_key(struct crypt_kop *kop) 1216 { 1217 struct cryptkop *krp = NULL; 1218 int error = EINVAL; 1219 int in, out, size, i; 1220 1221 if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 1222 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1223 return (EFBIG); 1224 } 1225 1226 in = kop->crk_iparams; 1227 out = kop->crk_oparams; 1228 switch (kop->crk_op) { 1229 case CRK_MOD_EXP: 1230 if (in == 3 && out == 1) 1231 break; 1232 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1233 return (EINVAL); 1234 case CRK_MOD_EXP_CRT: 1235 if (in == 6 && out == 1) 1236 break; 1237 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1238 return (EINVAL); 1239 case CRK_DSA_SIGN: 1240 if (in == 5 && out == 2) 1241 break; 1242 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1243 return (EINVAL); 1244 case CRK_DSA_VERIFY: 1245 if (in == 7 && out == 0) 1246 break; 1247 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1248 return (EINVAL); 1249 case CRK_DH_COMPUTE_KEY: 1250 if (in == 3 && out == 1) 1251 break; 1252 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1253 return (EINVAL); 1254 default: 1255 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1256 return (EINVAL); 1257 } 1258 1259 krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); 1260 if (!krp) { 1261 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1262 return (ENOMEM); 1263 } 1264 krp->krp_op = kop->crk_op; 1265 krp->krp_status = kop->crk_status; 1266 krp->krp_iparams = kop->crk_iparams; 1267 krp->krp_oparams = kop->crk_oparams; 1268 krp->krp_crid = kop->crk_crid; 1269 krp->krp_status = 0; 1270 krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; 1271 1272 for (i = 0; i < CRK_MAXPARAM; i++) { 1273 if (kop->crk_param[i].crp_nbits > 65536) { 1274 /* Limit is the same as in OpenBSD */ 1275 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1276 goto fail; 1277 } 1278 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 1279 } 1280 for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 1281 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1282 if (size == 0) 1283 continue; 1284 krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); 1285 if (i >= krp->krp_iparams) 1286 continue; 1287 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 1288 if (error) { 1289 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1290 goto fail; 1291 } 1292 } 1293 1294 error = crypto_kdispatch(krp); 1295 if (error) { 1296 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1297 goto fail; 1298 } 1299 error = tsleep(krp, PSOCK, "crydev", 0); 1300 if (error) { 1301 /* XXX can this happen? if so, how do we recover? */ 1302 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1303 goto fail; 1304 } 1305 1306 kop->crk_crid = krp->krp_crid; /* device that did the work */ 1307 if (krp->krp_status != 0) { 1308 error = krp->krp_status; 1309 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1310 goto fail; 1311 } 1312 1313 for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 1314 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1315 if (size == 0) 1316 continue; 1317 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 1318 if (error) { 1319 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1320 goto fail; 1321 } 1322 } 1323 1324 fail: 1325 if (krp) { 1326 kop->crk_status = krp->krp_status; 1327 for (i = 0; i < CRK_MAXPARAM; i++) { 1328 if (krp->krp_param[i].crp_p) 1329 free(krp->krp_param[i].crp_p, M_XDATA); 1330 } 1331 free(krp, M_XDATA); 1332 } 1333 return (error); 1334 } 1335 1336 static int 1337 cryptodev_find(struct crypt_find_op *find) 1338 { 1339 device_t dev; 1340 size_t fnlen = sizeof find->name; 1341 1342 if (find->crid != -1) { 1343 dev = crypto_find_device_byhid(find->crid); 1344 if (dev == NULL) 1345 return (ENOENT); 1346 strncpy(find->name, device_get_nameunit(dev), fnlen); 1347 find->name[fnlen - 1] = '\x0'; 1348 } else { 1349 find->name[fnlen - 1] = '\x0'; 1350 find->crid = crypto_find_driver(find->name); 1351 if (find->crid == -1) 1352 return (ENOENT); 1353 } 1354 return (0); 1355 } 1356 1357 /* ARGSUSED */ 1358 static int 1359 cryptof_stat( 1360 struct file *fp, 1361 struct stat *sb, 1362 struct ucred *active_cred, 1363 struct thread *td) 1364 { 1365 1366 return (EOPNOTSUPP); 1367 } 1368 1369 /* ARGSUSED */ 1370 static int 1371 cryptof_close(struct file *fp, struct thread *td) 1372 { 1373 struct fcrypt *fcr = fp->f_data; 1374 struct csession *cse; 1375 1376 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1377 TAILQ_REMOVE(&fcr->csessions, cse, next); 1378 csefree(cse); 1379 } 1380 free(fcr, M_XDATA); 1381 fp->f_data = NULL; 1382 return 0; 1383 } 1384 1385 static int 1386 cryptof_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) 1387 { 1388 1389 kif->kf_type = KF_TYPE_CRYPTO; 1390 return (0); 1391 } 1392 1393 static struct csession * 1394 csefind(struct fcrypt *fcr, u_int ses) 1395 { 1396 struct csession *cse; 1397 1398 TAILQ_FOREACH(cse, &fcr->csessions, next) 1399 if (cse->ses == ses) 1400 return (cse); 1401 return (NULL); 1402 } 1403 1404 static int 1405 csedelete(struct fcrypt *fcr, struct csession *cse_del) 1406 { 1407 struct csession *cse; 1408 1409 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1410 if (cse == cse_del) { 1411 TAILQ_REMOVE(&fcr->csessions, cse, next); 1412 return (1); 1413 } 1414 } 1415 return (0); 1416 } 1417 1418 static struct csession * 1419 cseadd(struct fcrypt *fcr, struct csession *cse) 1420 { 1421 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 1422 cse->ses = fcr->sesn++; 1423 return (cse); 1424 } 1425 1426 struct csession * 1427 csecreate(struct fcrypt *fcr, crypto_session_t cses, caddr_t key, u_int64_t keylen, 1428 caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, 1429 struct enc_xform *txform, struct auth_hash *thash) 1430 { 1431 struct csession *cse; 1432 1433 cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT | M_ZERO); 1434 if (cse == NULL) 1435 return NULL; 1436 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 1437 cse->key = key; 1438 cse->keylen = keylen/8; 1439 cse->mackey = mackey; 1440 cse->mackeylen = mackeylen/8; 1441 cse->cses = cses; 1442 cse->cipher = cipher; 1443 cse->mac = mac; 1444 cse->txform = txform; 1445 cse->thash = thash; 1446 cseadd(fcr, cse); 1447 return (cse); 1448 } 1449 1450 static void 1451 csefree(struct csession *cse) 1452 { 1453 1454 crypto_freesession(cse->cses); 1455 mtx_destroy(&cse->lock); 1456 if (cse->key) 1457 free(cse->key, M_XDATA); 1458 if (cse->mackey) 1459 free(cse->mackey, M_XDATA); 1460 free(cse, M_XDATA); 1461 } 1462 1463 static int 1464 cryptoopen(struct cdev *dev, int oflags, int devtype, struct thread *td) 1465 { 1466 return (0); 1467 } 1468 1469 static int 1470 cryptoread(struct cdev *dev, struct uio *uio, int ioflag) 1471 { 1472 return (EIO); 1473 } 1474 1475 static int 1476 cryptowrite(struct cdev *dev, struct uio *uio, int ioflag) 1477 { 1478 return (EIO); 1479 } 1480 1481 static int 1482 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) 1483 { 1484 struct file *f; 1485 struct fcrypt *fcr; 1486 int fd, error; 1487 1488 switch (cmd) { 1489 case CRIOGET: 1490 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK); 1491 TAILQ_INIT(&fcr->csessions); 1492 fcr->sesn = 0; 1493 1494 error = falloc(td, &f, &fd, 0); 1495 1496 if (error) { 1497 free(fcr, M_XDATA); 1498 return (error); 1499 } 1500 /* falloc automatically provides an extra reference to 'f'. */ 1501 finit(f, FREAD | FWRITE, DTYPE_CRYPTO, fcr, &cryptofops); 1502 *(u_int32_t *)data = fd; 1503 fdrop(f, td); 1504 break; 1505 case CRIOFINDDEV: 1506 error = cryptodev_find((struct crypt_find_op *)data); 1507 break; 1508 case CRIOASYMFEAT: 1509 error = crypto_getfeat((int *)data); 1510 break; 1511 default: 1512 error = EINVAL; 1513 break; 1514 } 1515 return (error); 1516 } 1517 1518 static struct cdevsw crypto_cdevsw = { 1519 .d_version = D_VERSION, 1520 .d_flags = D_NEEDGIANT, 1521 .d_open = cryptoopen, 1522 .d_read = cryptoread, 1523 .d_write = cryptowrite, 1524 .d_ioctl = cryptoioctl, 1525 .d_name = "crypto", 1526 }; 1527 static struct cdev *crypto_dev; 1528 1529 /* 1530 * Initialization code, both for static and dynamic loading. 1531 */ 1532 static int 1533 cryptodev_modevent(module_t mod, int type, void *unused) 1534 { 1535 switch (type) { 1536 case MOD_LOAD: 1537 if (bootverbose) 1538 printf("crypto: <crypto device>\n"); 1539 crypto_dev = make_dev(&crypto_cdevsw, 0, 1540 UID_ROOT, GID_WHEEL, 0666, 1541 "crypto"); 1542 return 0; 1543 case MOD_UNLOAD: 1544 /*XXX disallow if active sessions */ 1545 destroy_dev(crypto_dev); 1546 return 0; 1547 } 1548 return EINVAL; 1549 } 1550 1551 static moduledata_t cryptodev_mod = { 1552 "cryptodev", 1553 cryptodev_modevent, 1554 0 1555 }; 1556 MODULE_VERSION(cryptodev, 1); 1557 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1558 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1559 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1560