1 /* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3 /*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. The name of the author may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * Effort sponsored in part by the Defense Advanced Research Projects 37 * Agency (DARPA) and Air Force Research Laboratory, Air Force 38 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 39 */ 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/sysctl.h> 51 #include <sys/file.h> 52 #include <sys/filedesc.h> 53 #include <sys/errno.h> 54 #include <sys/random.h> 55 #include <sys/conf.h> 56 #include <sys/kernel.h> 57 #include <sys/module.h> 58 #include <sys/fcntl.h> 59 #include <sys/bus.h> 60 #include <sys/user.h> 61 #include <sys/sdt.h> 62 63 #include <opencrypto/cryptodev.h> 64 #include <opencrypto/xform.h> 65 66 SDT_PROVIDER_DECLARE(opencrypto); 67 68 SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 69 70 #ifdef COMPAT_FREEBSD32 71 #include <sys/mount.h> 72 #include <compat/freebsd32/freebsd32.h> 73 74 struct session_op32 { 75 u_int32_t cipher; 76 u_int32_t mac; 77 u_int32_t keylen; 78 u_int32_t key; 79 int mackeylen; 80 u_int32_t mackey; 81 u_int32_t ses; 82 }; 83 84 struct session2_op32 { 85 u_int32_t cipher; 86 u_int32_t mac; 87 u_int32_t keylen; 88 u_int32_t key; 89 int mackeylen; 90 u_int32_t mackey; 91 u_int32_t ses; 92 int crid; 93 int pad[4]; 94 }; 95 96 struct crypt_op32 { 97 u_int32_t ses; 98 u_int16_t op; 99 u_int16_t flags; 100 u_int len; 101 u_int32_t src, dst; 102 u_int32_t mac; 103 u_int32_t iv; 104 }; 105 106 struct crparam32 { 107 u_int32_t crp_p; 108 u_int crp_nbits; 109 }; 110 111 struct crypt_kop32 { 112 u_int crk_op; 113 u_int crk_status; 114 u_short crk_iparams; 115 u_short crk_oparams; 116 u_int crk_crid; 117 struct crparam32 crk_param[CRK_MAXPARAM]; 118 }; 119 120 struct cryptotstat32 { 121 struct timespec32 acc; 122 struct timespec32 min; 123 struct timespec32 max; 124 u_int32_t count; 125 }; 126 127 struct cryptostats32 { 128 u_int32_t cs_ops; 129 u_int32_t cs_errs; 130 u_int32_t cs_kops; 131 u_int32_t cs_kerrs; 132 u_int32_t cs_intrs; 133 u_int32_t cs_rets; 134 u_int32_t cs_blocks; 135 u_int32_t cs_kblocks; 136 struct cryptotstat32 cs_invoke; 137 struct cryptotstat32 cs_done; 138 struct cryptotstat32 cs_cb; 139 struct cryptotstat32 cs_finis; 140 }; 141 142 #define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 143 #define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 144 #define CIOCKEY32 _IOWR('c', 104, struct crypt_kop32) 145 #define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 146 #define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32) 147 148 static void 149 session_op_from_32(const struct session_op32 *from, struct session_op *to) 150 { 151 152 CP(*from, *to, cipher); 153 CP(*from, *to, mac); 154 CP(*from, *to, keylen); 155 PTRIN_CP(*from, *to, key); 156 CP(*from, *to, mackeylen); 157 PTRIN_CP(*from, *to, mackey); 158 CP(*from, *to, ses); 159 } 160 161 static void 162 session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 163 { 164 165 session_op_from_32((const struct session_op32 *)from, 166 (struct session_op *)to); 167 CP(*from, *to, crid); 168 } 169 170 static void 171 session_op_to_32(const struct session_op *from, struct session_op32 *to) 172 { 173 174 CP(*from, *to, cipher); 175 CP(*from, *to, mac); 176 CP(*from, *to, keylen); 177 PTROUT_CP(*from, *to, key); 178 CP(*from, *to, mackeylen); 179 PTROUT_CP(*from, *to, mackey); 180 CP(*from, *to, ses); 181 } 182 183 static void 184 session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 185 { 186 187 session_op_to_32((const struct session_op *)from, 188 (struct session_op32 *)to); 189 CP(*from, *to, crid); 190 } 191 192 static void 193 crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 194 { 195 196 CP(*from, *to, ses); 197 CP(*from, *to, op); 198 CP(*from, *to, flags); 199 CP(*from, *to, len); 200 PTRIN_CP(*from, *to, src); 201 PTRIN_CP(*from, *to, dst); 202 PTRIN_CP(*from, *to, mac); 203 PTRIN_CP(*from, *to, iv); 204 } 205 206 static void 207 crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 208 { 209 210 CP(*from, *to, ses); 211 CP(*from, *to, op); 212 CP(*from, *to, flags); 213 CP(*from, *to, len); 214 PTROUT_CP(*from, *to, src); 215 PTROUT_CP(*from, *to, dst); 216 PTROUT_CP(*from, *to, mac); 217 PTROUT_CP(*from, *to, iv); 218 } 219 220 static void 221 crparam_from_32(const struct crparam32 *from, struct crparam *to) 222 { 223 224 PTRIN_CP(*from, *to, crp_p); 225 CP(*from, *to, crp_nbits); 226 } 227 228 static void 229 crparam_to_32(const struct crparam *from, struct crparam32 *to) 230 { 231 232 PTROUT_CP(*from, *to, crp_p); 233 CP(*from, *to, crp_nbits); 234 } 235 236 static void 237 crypt_kop_from_32(const struct crypt_kop32 *from, struct crypt_kop *to) 238 { 239 int i; 240 241 CP(*from, *to, crk_op); 242 CP(*from, *to, crk_status); 243 CP(*from, *to, crk_iparams); 244 CP(*from, *to, crk_oparams); 245 CP(*from, *to, crk_crid); 246 for (i = 0; i < CRK_MAXPARAM; i++) 247 crparam_from_32(&from->crk_param[i], &to->crk_param[i]); 248 } 249 250 static void 251 crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) 252 { 253 int i; 254 255 CP(*from, *to, crk_op); 256 CP(*from, *to, crk_status); 257 CP(*from, *to, crk_iparams); 258 CP(*from, *to, crk_oparams); 259 CP(*from, *to, crk_crid); 260 for (i = 0; i < CRK_MAXPARAM; i++) 261 crparam_to_32(&from->crk_param[i], &to->crk_param[i]); 262 } 263 #endif 264 265 struct csession { 266 TAILQ_ENTRY(csession) next; 267 crypto_session_t cses; 268 volatile u_int refs; 269 u_int32_t ses; 270 struct mtx lock; /* for op submission */ 271 272 struct enc_xform *txform; 273 int hashsize; 274 int ivsize; 275 int mode; 276 277 void *key; 278 void *mackey; 279 }; 280 281 struct cryptop_data { 282 struct csession *cse; 283 284 char *buf; 285 bool done; 286 }; 287 288 struct fcrypt { 289 TAILQ_HEAD(csessionlist, csession) csessions; 290 int sesn; 291 struct mtx lock; 292 }; 293 294 static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; 295 SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW, 296 &warninterval, 297 "Delay in seconds between warnings of deprecated /dev/crypto algorithms"); 298 299 static int cryptof_ioctl(struct file *, u_long, void *, 300 struct ucred *, struct thread *); 301 static int cryptof_stat(struct file *, struct stat *, 302 struct ucred *, struct thread *); 303 static int cryptof_close(struct file *, struct thread *); 304 static int cryptof_fill_kinfo(struct file *, struct kinfo_file *, 305 struct filedesc *); 306 307 static struct fileops cryptofops = { 308 .fo_read = invfo_rdwr, 309 .fo_write = invfo_rdwr, 310 .fo_truncate = invfo_truncate, 311 .fo_ioctl = cryptof_ioctl, 312 .fo_poll = invfo_poll, 313 .fo_kqfilter = invfo_kqfilter, 314 .fo_stat = cryptof_stat, 315 .fo_close = cryptof_close, 316 .fo_chmod = invfo_chmod, 317 .fo_chown = invfo_chown, 318 .fo_sendfile = invfo_sendfile, 319 .fo_fill_kinfo = cryptof_fill_kinfo, 320 }; 321 322 static struct csession *csefind(struct fcrypt *, u_int); 323 static bool csedelete(struct fcrypt *, u_int); 324 static struct csession *csecreate(struct fcrypt *, crypto_session_t, 325 struct crypto_session_params *, struct enc_xform *, void *, 326 struct auth_hash *, void *); 327 static void csefree(struct csession *); 328 329 static int cryptodev_op(struct csession *, struct crypt_op *, 330 struct ucred *, struct thread *td); 331 static int cryptodev_aead(struct csession *, struct crypt_aead *, 332 struct ucred *, struct thread *); 333 static int cryptodev_key(struct crypt_kop *); 334 static int cryptodev_find(struct crypt_find_op *); 335 336 /* 337 * Check a crypto identifier to see if it requested 338 * a software device/driver. This can be done either 339 * by device name/class or through search constraints. 340 */ 341 static int 342 checkforsoftware(int *cridp) 343 { 344 int crid; 345 346 crid = *cridp; 347 348 if (!crypto_devallowsoft) { 349 if (crid & CRYPTOCAP_F_SOFTWARE) { 350 if (crid & CRYPTOCAP_F_HARDWARE) { 351 *cridp = CRYPTOCAP_F_HARDWARE; 352 return 0; 353 } 354 return EINVAL; 355 } 356 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 357 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 358 return EINVAL; 359 } 360 return 0; 361 } 362 363 /* ARGSUSED */ 364 static int 365 cryptof_ioctl( 366 struct file *fp, 367 u_long cmd, 368 void *data, 369 struct ucred *active_cred, 370 struct thread *td) 371 { 372 #define SES2(p) ((struct session2_op *)p) 373 struct crypto_session_params csp; 374 struct fcrypt *fcr = fp->f_data; 375 struct csession *cse; 376 struct session_op *sop; 377 struct crypt_op *cop; 378 struct crypt_aead *caead; 379 struct enc_xform *txform = NULL; 380 struct auth_hash *thash = NULL; 381 void *key = NULL; 382 void *mackey = NULL; 383 struct crypt_kop *kop; 384 crypto_session_t cses; 385 u_int32_t ses; 386 int error = 0, crid; 387 #ifdef COMPAT_FREEBSD32 388 struct session2_op sopc; 389 struct crypt_op copc; 390 struct crypt_kop kopc; 391 #endif 392 393 switch (cmd) { 394 case CIOCGSESSION: 395 case CIOCGSESSION2: 396 #ifdef COMPAT_FREEBSD32 397 case CIOCGSESSION32: 398 case CIOCGSESSION232: 399 if (cmd == CIOCGSESSION32) { 400 session_op_from_32(data, (struct session_op *)&sopc); 401 sop = (struct session_op *)&sopc; 402 } else if (cmd == CIOCGSESSION232) { 403 session2_op_from_32(data, &sopc); 404 sop = (struct session_op *)&sopc; 405 } else 406 #endif 407 sop = (struct session_op *)data; 408 switch (sop->cipher) { 409 case 0: 410 break; 411 case CRYPTO_DES_CBC: 412 txform = &enc_xform_des; 413 break; 414 case CRYPTO_3DES_CBC: 415 txform = &enc_xform_3des; 416 break; 417 case CRYPTO_BLF_CBC: 418 txform = &enc_xform_blf; 419 break; 420 case CRYPTO_CAST_CBC: 421 txform = &enc_xform_cast5; 422 break; 423 case CRYPTO_SKIPJACK_CBC: 424 txform = &enc_xform_skipjack; 425 break; 426 case CRYPTO_AES_CBC: 427 txform = &enc_xform_rijndael128; 428 break; 429 case CRYPTO_AES_XTS: 430 txform = &enc_xform_aes_xts; 431 break; 432 case CRYPTO_NULL_CBC: 433 txform = &enc_xform_null; 434 break; 435 case CRYPTO_ARC4: 436 txform = &enc_xform_arc4; 437 break; 438 case CRYPTO_CAMELLIA_CBC: 439 txform = &enc_xform_camellia; 440 break; 441 case CRYPTO_AES_ICM: 442 txform = &enc_xform_aes_icm; 443 break; 444 case CRYPTO_AES_NIST_GCM_16: 445 txform = &enc_xform_aes_nist_gcm; 446 break; 447 case CRYPTO_CHACHA20: 448 txform = &enc_xform_chacha20; 449 break; 450 case CRYPTO_AES_CCM_16: 451 txform = &enc_xform_ccm; 452 break; 453 454 default: 455 CRYPTDEB("invalid cipher"); 456 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 457 return (EINVAL); 458 } 459 460 switch (sop->mac) { 461 case 0: 462 break; 463 case CRYPTO_MD5_HMAC: 464 thash = &auth_hash_hmac_md5; 465 break; 466 case CRYPTO_POLY1305: 467 thash = &auth_hash_poly1305; 468 break; 469 case CRYPTO_SHA1_HMAC: 470 thash = &auth_hash_hmac_sha1; 471 break; 472 case CRYPTO_SHA2_224_HMAC: 473 thash = &auth_hash_hmac_sha2_224; 474 break; 475 case CRYPTO_SHA2_256_HMAC: 476 thash = &auth_hash_hmac_sha2_256; 477 break; 478 case CRYPTO_SHA2_384_HMAC: 479 thash = &auth_hash_hmac_sha2_384; 480 break; 481 case CRYPTO_SHA2_512_HMAC: 482 thash = &auth_hash_hmac_sha2_512; 483 break; 484 case CRYPTO_RIPEMD160_HMAC: 485 thash = &auth_hash_hmac_ripemd_160; 486 break; 487 #ifdef COMPAT_FREEBSD12 488 case CRYPTO_AES_128_NIST_GMAC: 489 case CRYPTO_AES_192_NIST_GMAC: 490 case CRYPTO_AES_256_NIST_GMAC: 491 /* Should always be paired with GCM. */ 492 if (sop->cipher != CRYPTO_AES_NIST_GCM_16) { 493 CRYPTDEB("GMAC without GCM"); 494 return (EINVAL); 495 } 496 break; 497 #endif 498 case CRYPTO_AES_NIST_GMAC: 499 switch (sop->mackeylen * 8) { 500 case 128: 501 thash = &auth_hash_nist_gmac_aes_128; 502 break; 503 case 192: 504 thash = &auth_hash_nist_gmac_aes_192; 505 break; 506 case 256: 507 thash = &auth_hash_nist_gmac_aes_256; 508 break; 509 default: 510 CRYPTDEB("invalid GMAC key length"); 511 SDT_PROBE1(opencrypto, dev, ioctl, error, 512 __LINE__); 513 return (EINVAL); 514 } 515 break; 516 case CRYPTO_AES_CCM_CBC_MAC: 517 switch (sop->mackeylen) { 518 case 16: 519 thash = &auth_hash_ccm_cbc_mac_128; 520 break; 521 case 24: 522 thash = &auth_hash_ccm_cbc_mac_192; 523 break; 524 case 32: 525 thash = &auth_hash_ccm_cbc_mac_256; 526 break; 527 default: 528 CRYPTDEB("Invalid CBC MAC key size %d", 529 sop->keylen); 530 SDT_PROBE1(opencrypto, dev, ioctl, 531 error, __LINE__); 532 return (EINVAL); 533 } 534 break; 535 #ifdef notdef 536 case CRYPTO_MD5: 537 thash = &auth_hash_md5; 538 break; 539 #endif 540 case CRYPTO_SHA1: 541 thash = &auth_hash_sha1; 542 break; 543 case CRYPTO_SHA2_224: 544 thash = &auth_hash_sha2_224; 545 break; 546 case CRYPTO_SHA2_256: 547 thash = &auth_hash_sha2_256; 548 break; 549 case CRYPTO_SHA2_384: 550 thash = &auth_hash_sha2_384; 551 break; 552 case CRYPTO_SHA2_512: 553 thash = &auth_hash_sha2_512; 554 break; 555 556 case CRYPTO_NULL_HMAC: 557 thash = &auth_hash_null; 558 break; 559 560 case CRYPTO_BLAKE2B: 561 thash = &auth_hash_blake2b; 562 break; 563 case CRYPTO_BLAKE2S: 564 thash = &auth_hash_blake2s; 565 break; 566 567 default: 568 CRYPTDEB("invalid mac"); 569 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 570 return (EINVAL); 571 } 572 573 if (txform == NULL && thash == NULL) 574 return (EINVAL); 575 576 memset(&csp, 0, sizeof(csp)); 577 578 if (sop->cipher == CRYPTO_AES_NIST_GCM_16) { 579 switch (sop->mac) { 580 #ifdef COMPAT_FREEBSD12 581 case CRYPTO_AES_128_NIST_GMAC: 582 case CRYPTO_AES_192_NIST_GMAC: 583 case CRYPTO_AES_256_NIST_GMAC: 584 if (sop->keylen != sop->mackeylen) 585 return (EINVAL); 586 break; 587 #endif 588 case 0: 589 break; 590 default: 591 return (EINVAL); 592 } 593 csp.csp_mode = CSP_MODE_AEAD; 594 } else if (sop->cipher == CRYPTO_AES_CCM_16) { 595 switch (sop->mac) { 596 #ifdef COMPAT_FREEBSD12 597 case CRYPTO_AES_CCM_CBC_MAC: 598 if (sop->keylen != sop->mackeylen) 599 return (EINVAL); 600 thash = NULL; 601 break; 602 #endif 603 case 0: 604 break; 605 default: 606 return (EINVAL); 607 } 608 csp.csp_mode = CSP_MODE_AEAD; 609 } else if (txform && thash) 610 csp.csp_mode = CSP_MODE_ETA; 611 else if (txform) 612 csp.csp_mode = CSP_MODE_CIPHER; 613 else 614 csp.csp_mode = CSP_MODE_DIGEST; 615 616 if (txform) { 617 csp.csp_cipher_alg = txform->type; 618 csp.csp_cipher_klen = sop->keylen; 619 if (sop->keylen > txform->maxkey || 620 sop->keylen < txform->minkey) { 621 CRYPTDEB("invalid cipher parameters"); 622 error = EINVAL; 623 SDT_PROBE1(opencrypto, dev, ioctl, error, 624 __LINE__); 625 goto bail; 626 } 627 628 key = malloc(csp.csp_cipher_klen, M_XDATA, M_WAITOK); 629 error = copyin(sop->key, key, csp.csp_cipher_klen); 630 if (error) { 631 CRYPTDEB("invalid key"); 632 SDT_PROBE1(opencrypto, dev, ioctl, error, 633 __LINE__); 634 goto bail; 635 } 636 csp.csp_cipher_key = key; 637 csp.csp_ivlen = txform->ivsize; 638 } 639 640 if (thash) { 641 csp.csp_auth_alg = thash->type; 642 csp.csp_auth_klen = sop->mackeylen; 643 if (sop->mackeylen > thash->keysize || 644 sop->mackeylen < 0) { 645 CRYPTDEB("invalid mac key length"); 646 error = EINVAL; 647 SDT_PROBE1(opencrypto, dev, ioctl, error, 648 __LINE__); 649 goto bail; 650 } 651 652 if (csp.csp_auth_klen) { 653 mackey = malloc(csp.csp_auth_klen, M_XDATA, 654 M_WAITOK); 655 error = copyin(sop->mackey, mackey, 656 csp.csp_auth_klen); 657 if (error) { 658 CRYPTDEB("invalid mac key"); 659 SDT_PROBE1(opencrypto, dev, ioctl, 660 error, __LINE__); 661 goto bail; 662 } 663 csp.csp_auth_key = mackey; 664 } 665 666 if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC) 667 csp.csp_ivlen = AES_GCM_IV_LEN; 668 if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC) 669 csp.csp_ivlen = AES_CCM_IV_LEN; 670 } 671 672 /* NB: CIOCGSESSION2 has the crid */ 673 if (cmd == CIOCGSESSION2 674 #ifdef COMPAT_FREEBSD32 675 || cmd == CIOCGSESSION232 676 #endif 677 ) { 678 crid = SES2(sop)->crid; 679 error = checkforsoftware(&crid); 680 if (error) { 681 CRYPTDEB("checkforsoftware"); 682 SDT_PROBE1(opencrypto, dev, ioctl, error, 683 __LINE__); 684 goto bail; 685 } 686 } else 687 crid = CRYPTOCAP_F_HARDWARE; 688 error = crypto_newsession(&cses, &csp, crid); 689 if (error) { 690 CRYPTDEB("crypto_newsession"); 691 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 692 goto bail; 693 } 694 695 cse = csecreate(fcr, cses, &csp, txform, key, thash, mackey); 696 697 if (cse == NULL) { 698 crypto_freesession(cses); 699 error = EINVAL; 700 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 701 CRYPTDEB("csecreate"); 702 goto bail; 703 } 704 sop->ses = cse->ses; 705 if (cmd == CIOCGSESSION2 706 #ifdef COMPAT_FREEBSD32 707 || cmd == CIOCGSESSION232 708 #endif 709 ) { 710 /* return hardware/driver id */ 711 SES2(sop)->crid = crypto_ses2hid(cse->cses); 712 } 713 bail: 714 if (error) { 715 free(key, M_XDATA); 716 free(mackey, M_XDATA); 717 } 718 #ifdef COMPAT_FREEBSD32 719 else { 720 if (cmd == CIOCGSESSION32) 721 session_op_to_32(sop, data); 722 else if (cmd == CIOCGSESSION232) 723 session2_op_to_32((struct session2_op *)sop, 724 data); 725 } 726 #endif 727 break; 728 case CIOCFSESSION: 729 ses = *(u_int32_t *)data; 730 if (!csedelete(fcr, ses)) { 731 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 732 return (EINVAL); 733 } 734 break; 735 case CIOCCRYPT: 736 #ifdef COMPAT_FREEBSD32 737 case CIOCCRYPT32: 738 if (cmd == CIOCCRYPT32) { 739 cop = &copc; 740 crypt_op_from_32(data, cop); 741 } else 742 #endif 743 cop = (struct crypt_op *)data; 744 cse = csefind(fcr, cop->ses); 745 if (cse == NULL) { 746 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 747 return (EINVAL); 748 } 749 error = cryptodev_op(cse, cop, active_cred, td); 750 csefree(cse); 751 #ifdef COMPAT_FREEBSD32 752 if (error == 0 && cmd == CIOCCRYPT32) 753 crypt_op_to_32(cop, data); 754 #endif 755 break; 756 case CIOCKEY: 757 case CIOCKEY2: 758 #ifdef COMPAT_FREEBSD32 759 case CIOCKEY32: 760 case CIOCKEY232: 761 #endif 762 if (!crypto_userasymcrypto) { 763 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 764 return (EPERM); /* XXX compat? */ 765 } 766 #ifdef COMPAT_FREEBSD32 767 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { 768 kop = &kopc; 769 crypt_kop_from_32(data, kop); 770 } else 771 #endif 772 kop = (struct crypt_kop *)data; 773 if (cmd == CIOCKEY 774 #ifdef COMPAT_FREEBSD32 775 || cmd == CIOCKEY32 776 #endif 777 ) { 778 /* NB: crypto core enforces s/w driver use */ 779 kop->crk_crid = 780 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; 781 } 782 mtx_lock(&Giant); 783 error = cryptodev_key(kop); 784 mtx_unlock(&Giant); 785 #ifdef COMPAT_FREEBSD32 786 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) 787 crypt_kop_to_32(kop, data); 788 #endif 789 break; 790 case CIOCASYMFEAT: 791 if (!crypto_userasymcrypto) { 792 /* 793 * NB: if user asym crypto operations are 794 * not permitted return "no algorithms" 795 * so well-behaved applications will just 796 * fallback to doing them in software. 797 */ 798 *(int *)data = 0; 799 } else { 800 error = crypto_getfeat((int *)data); 801 if (error) 802 SDT_PROBE1(opencrypto, dev, ioctl, error, 803 __LINE__); 804 } 805 break; 806 case CIOCFINDDEV: 807 error = cryptodev_find((struct crypt_find_op *)data); 808 break; 809 case CIOCCRYPTAEAD: 810 caead = (struct crypt_aead *)data; 811 cse = csefind(fcr, caead->ses); 812 if (cse == NULL) { 813 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 814 return (EINVAL); 815 } 816 error = cryptodev_aead(cse, caead, active_cred, td); 817 csefree(cse); 818 break; 819 default: 820 error = EINVAL; 821 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 822 break; 823 } 824 return (error); 825 #undef SES2 826 } 827 828 static int cryptodev_cb(struct cryptop *); 829 830 static struct cryptop_data * 831 cod_alloc(struct csession *cse, size_t len, struct thread *td) 832 { 833 struct cryptop_data *cod; 834 835 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 836 837 cod->cse = cse; 838 cod->buf = malloc(len, M_XDATA, M_WAITOK); 839 return (cod); 840 } 841 842 static void 843 cod_free(struct cryptop_data *cod) 844 { 845 846 free(cod->buf, M_XDATA); 847 free(cod, M_XDATA); 848 } 849 850 static void 851 cryptodev_warn(struct csession *cse) 852 { 853 static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn; 854 static struct timeval skipwarn, tdeswarn; 855 const struct crypto_session_params *csp; 856 857 csp = crypto_get_params(cse->cses); 858 switch (csp->csp_cipher_alg) { 859 case CRYPTO_DES_CBC: 860 if (ratecheck(&deswarn, &warninterval)) 861 gone_in(13, "DES cipher via /dev/crypto"); 862 break; 863 case CRYPTO_3DES_CBC: 864 if (ratecheck(&tdeswarn, &warninterval)) 865 gone_in(13, "3DES cipher via /dev/crypto"); 866 break; 867 case CRYPTO_BLF_CBC: 868 if (ratecheck(&blfwarn, &warninterval)) 869 gone_in(13, "Blowfish cipher via /dev/crypto"); 870 break; 871 case CRYPTO_CAST_CBC: 872 if (ratecheck(&castwarn, &warninterval)) 873 gone_in(13, "CAST128 cipher via /dev/crypto"); 874 break; 875 case CRYPTO_SKIPJACK_CBC: 876 if (ratecheck(&skipwarn, &warninterval)) 877 gone_in(13, "Skipjack cipher via /dev/crypto"); 878 break; 879 case CRYPTO_ARC4: 880 if (ratecheck(&arc4warn, &warninterval)) 881 gone_in(13, "ARC4 cipher via /dev/crypto"); 882 break; 883 } 884 885 switch (csp->csp_auth_alg) { 886 case CRYPTO_MD5_HMAC: 887 if (ratecheck(&md5warn, &warninterval)) 888 gone_in(13, "MD5-HMAC authenticator via /dev/crypto"); 889 break; 890 } 891 } 892 893 static int 894 cryptodev_op( 895 struct csession *cse, 896 struct crypt_op *cop, 897 struct ucred *active_cred, 898 struct thread *td) 899 { 900 struct cryptop_data *cod = NULL; 901 struct cryptop *crp = NULL; 902 int error; 903 904 if (cop->len > 256*1024-4) { 905 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 906 return (E2BIG); 907 } 908 909 if (cse->txform) { 910 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { 911 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 912 return (EINVAL); 913 } 914 } 915 916 if (cop->mac && cse->hashsize == 0) { 917 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 918 return (EINVAL); 919 } 920 921 /* 922 * The COP_F_CIPHER_FIRST flag predates explicit session 923 * modes, but the only way it was used was for EtA so allow it 924 * as long as it is consistent with EtA. 925 */ 926 if (cop->flags & COP_F_CIPHER_FIRST) { 927 if (cop->op != COP_ENCRYPT) { 928 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 929 return (EINVAL); 930 } 931 } 932 933 cod = cod_alloc(cse, cop->len + cse->hashsize, td); 934 935 crp = crypto_getreq(cse->cses, M_WAITOK); 936 937 error = copyin(cop->src, cod->buf, cop->len); 938 if (error) { 939 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 940 goto bail; 941 } 942 crp->crp_payload_start = 0; 943 crp->crp_payload_length = cop->len; 944 if (cse->hashsize) 945 crp->crp_digest_start = cop->len; 946 947 switch (cse->mode) { 948 case CSP_MODE_COMPRESS: 949 switch (cop->op) { 950 case COP_ENCRYPT: 951 crp->crp_op = CRYPTO_OP_COMPRESS; 952 break; 953 case COP_DECRYPT: 954 crp->crp_op = CRYPTO_OP_DECOMPRESS; 955 break; 956 default: 957 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 958 error = EINVAL; 959 goto bail; 960 } 961 break; 962 case CSP_MODE_CIPHER: 963 switch (cop->op) { 964 case COP_ENCRYPT: 965 crp->crp_op = CRYPTO_OP_ENCRYPT; 966 break; 967 case COP_DECRYPT: 968 crp->crp_op = CRYPTO_OP_DECRYPT; 969 break; 970 default: 971 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 972 error = EINVAL; 973 goto bail; 974 } 975 break; 976 case CSP_MODE_DIGEST: 977 switch (cop->op) { 978 case 0: 979 case COP_ENCRYPT: 980 case COP_DECRYPT: 981 crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST; 982 break; 983 default: 984 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 985 error = EINVAL; 986 goto bail; 987 } 988 break; 989 case CSP_MODE_ETA: 990 switch (cop->op) { 991 case COP_ENCRYPT: 992 crp->crp_op = CRYPTO_OP_ENCRYPT | 993 CRYPTO_OP_COMPUTE_DIGEST; 994 break; 995 case COP_DECRYPT: 996 crp->crp_op = CRYPTO_OP_DECRYPT | 997 CRYPTO_OP_VERIFY_DIGEST; 998 break; 999 default: 1000 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1001 error = EINVAL; 1002 goto bail; 1003 } 1004 break; 1005 default: 1006 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1007 error = EINVAL; 1008 goto bail; 1009 } 1010 1011 crp->crp_ilen = cop->len + cse->hashsize; 1012 crp->crp_flags = CRYPTO_F_CBIMM | (cop->flags & COP_F_BATCH); 1013 crp->crp_buf = cod->buf; 1014 crp->crp_buf_type = CRYPTO_BUF_CONTIG; 1015 crp->crp_callback = cryptodev_cb; 1016 crp->crp_opaque = cod; 1017 1018 if (cop->iv) { 1019 if (cse->ivsize == 0) { 1020 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1021 error = EINVAL; 1022 goto bail; 1023 } 1024 error = copyin(cop->iv, crp->crp_iv, cse->ivsize); 1025 if (error) { 1026 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1027 goto bail; 1028 } 1029 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 1030 } else if (cse->ivsize != 0) { 1031 crp->crp_iv_start = 0; 1032 crp->crp_payload_start += cse->ivsize; 1033 crp->crp_payload_length -= cse->ivsize; 1034 } 1035 1036 if (cop->mac != NULL) { 1037 error = copyin(cop->mac, cod->buf + cop->len, cse->hashsize); 1038 if (error) { 1039 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1040 goto bail; 1041 } 1042 } 1043 cryptodev_warn(cse); 1044 again: 1045 /* 1046 * Let the dispatch run unlocked, then, interlock against the 1047 * callback before checking if the operation completed and going 1048 * to sleep. This insures drivers don't inherit our lock which 1049 * results in a lock order reversal between crypto_dispatch forced 1050 * entry and the crypto_done callback into us. 1051 */ 1052 error = crypto_dispatch(crp); 1053 if (error != 0) { 1054 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1055 goto bail; 1056 } 1057 1058 mtx_lock(&cse->lock); 1059 while (!cod->done) 1060 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1061 mtx_unlock(&cse->lock); 1062 1063 if (crp->crp_etype == EAGAIN) { 1064 crp->crp_etype = 0; 1065 crp->crp_flags &= ~CRYPTO_F_DONE; 1066 cod->done = false; 1067 goto again; 1068 } 1069 1070 if (crp->crp_etype != 0) { 1071 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1072 error = crp->crp_etype; 1073 goto bail; 1074 } 1075 1076 if (cop->dst != NULL) { 1077 error = copyout(cod->buf, cop->dst, cop->len); 1078 if (error) { 1079 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1080 goto bail; 1081 } 1082 } 1083 1084 if (cop->mac != NULL) { 1085 error = copyout(cod->buf + cop->len, cop->mac, cse->hashsize); 1086 if (error) { 1087 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1088 goto bail; 1089 } 1090 } 1091 1092 bail: 1093 crypto_freereq(crp); 1094 cod_free(cod); 1095 1096 return (error); 1097 } 1098 1099 static int 1100 cryptodev_aead( 1101 struct csession *cse, 1102 struct crypt_aead *caead, 1103 struct ucred *active_cred, 1104 struct thread *td) 1105 { 1106 struct cryptop_data *cod = NULL; 1107 struct cryptop *crp = NULL; 1108 int error; 1109 1110 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 1111 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1112 return (E2BIG); 1113 } 1114 1115 if (cse->txform == NULL || cse->hashsize == 0 || caead->tag == NULL || 1116 (caead->len % cse->txform->blocksize) != 0) { 1117 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1118 return (EINVAL); 1119 } 1120 1121 /* 1122 * The COP_F_CIPHER_FIRST flag predates explicit session 1123 * modes, but the only way it was used was for EtA so allow it 1124 * as long as it is consistent with EtA. 1125 */ 1126 if (caead->flags & COP_F_CIPHER_FIRST) { 1127 if (caead->op != COP_ENCRYPT) { 1128 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1129 return (EINVAL); 1130 } 1131 } 1132 1133 cod = cod_alloc(cse, caead->aadlen + caead->len + cse->hashsize, td); 1134 1135 crp = crypto_getreq(cse->cses, M_WAITOK); 1136 1137 error = copyin(caead->aad, cod->buf, caead->aadlen); 1138 if (error) { 1139 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1140 goto bail; 1141 } 1142 crp->crp_aad_start = 0; 1143 crp->crp_aad_length = caead->aadlen; 1144 1145 error = copyin(caead->src, cod->buf + caead->aadlen, caead->len); 1146 if (error) { 1147 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1148 goto bail; 1149 } 1150 crp->crp_payload_start = caead->aadlen; 1151 crp->crp_payload_length = caead->len; 1152 crp->crp_digest_start = caead->aadlen + caead->len; 1153 1154 switch (cse->mode) { 1155 case CSP_MODE_AEAD: 1156 switch (caead->op) { 1157 case COP_ENCRYPT: 1158 crp->crp_op = CRYPTO_OP_ENCRYPT | 1159 CRYPTO_OP_COMPUTE_DIGEST; 1160 break; 1161 case COP_DECRYPT: 1162 crp->crp_op = CRYPTO_OP_DECRYPT | 1163 CRYPTO_OP_VERIFY_DIGEST; 1164 break; 1165 default: 1166 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1167 error = EINVAL; 1168 goto bail; 1169 } 1170 break; 1171 case CSP_MODE_ETA: 1172 switch (caead->op) { 1173 case COP_ENCRYPT: 1174 crp->crp_op = CRYPTO_OP_ENCRYPT | 1175 CRYPTO_OP_COMPUTE_DIGEST; 1176 break; 1177 case COP_DECRYPT: 1178 crp->crp_op = CRYPTO_OP_DECRYPT | 1179 CRYPTO_OP_VERIFY_DIGEST; 1180 break; 1181 default: 1182 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1183 error = EINVAL; 1184 goto bail; 1185 } 1186 break; 1187 default: 1188 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1189 error = EINVAL; 1190 goto bail; 1191 } 1192 1193 crp->crp_ilen = caead->aadlen + caead->len + cse->hashsize; 1194 crp->crp_flags = CRYPTO_F_CBIMM | (caead->flags & COP_F_BATCH); 1195 crp->crp_buf = cod->buf; 1196 crp->crp_buf_type = CRYPTO_BUF_CONTIG; 1197 crp->crp_callback = cryptodev_cb; 1198 crp->crp_opaque = cod; 1199 1200 if (caead->iv) { 1201 /* 1202 * Permit a 16-byte IV for AES-XTS, but only use the 1203 * first 8 bytes as a block number. 1204 */ 1205 if (cse->mode == CSP_MODE_ETA && 1206 caead->ivlen == AES_BLOCK_LEN && 1207 cse->ivsize == AES_XTS_IV_LEN) 1208 caead->ivlen = AES_XTS_IV_LEN; 1209 1210 if (caead->ivlen != cse->ivsize) { 1211 error = EINVAL; 1212 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1213 goto bail; 1214 } 1215 1216 error = copyin(caead->iv, crp->crp_iv, cse->ivsize); 1217 if (error) { 1218 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1219 goto bail; 1220 } 1221 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 1222 } else { 1223 crp->crp_iv_start = crp->crp_payload_start; 1224 crp->crp_payload_start += cse->ivsize; 1225 crp->crp_payload_length -= cse->ivsize; 1226 } 1227 1228 error = copyin(caead->tag, cod->buf + caead->len + caead->aadlen, 1229 cse->hashsize); 1230 if (error) { 1231 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1232 goto bail; 1233 } 1234 cryptodev_warn(cse); 1235 again: 1236 /* 1237 * Let the dispatch run unlocked, then, interlock against the 1238 * callback before checking if the operation completed and going 1239 * to sleep. This insures drivers don't inherit our lock which 1240 * results in a lock order reversal between crypto_dispatch forced 1241 * entry and the crypto_done callback into us. 1242 */ 1243 error = crypto_dispatch(crp); 1244 if (error != 0) { 1245 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1246 goto bail; 1247 } 1248 1249 mtx_lock(&cse->lock); 1250 while (!cod->done) 1251 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1252 mtx_unlock(&cse->lock); 1253 1254 if (crp->crp_etype == EAGAIN) { 1255 crp->crp_etype = 0; 1256 crp->crp_flags &= ~CRYPTO_F_DONE; 1257 cod->done = false; 1258 goto again; 1259 } 1260 1261 if (crp->crp_etype != 0) { 1262 error = crp->crp_etype; 1263 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1264 goto bail; 1265 } 1266 1267 if (caead->dst != NULL) { 1268 error = copyout(cod->buf + caead->aadlen, caead->dst, 1269 caead->len); 1270 if (error) { 1271 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1272 goto bail; 1273 } 1274 } 1275 1276 error = copyout(cod->buf + caead->aadlen + caead->len, caead->tag, 1277 cse->hashsize); 1278 if (error) { 1279 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1280 goto bail; 1281 } 1282 1283 bail: 1284 crypto_freereq(crp); 1285 cod_free(cod); 1286 1287 return (error); 1288 } 1289 1290 static int 1291 cryptodev_cb(struct cryptop *crp) 1292 { 1293 struct cryptop_data *cod = crp->crp_opaque; 1294 1295 /* 1296 * Lock to ensure the wakeup() is not missed by the loops 1297 * waiting on cod->done in cryptodev_op() and 1298 * cryptodev_aead(). 1299 */ 1300 mtx_lock(&cod->cse->lock); 1301 cod->done = true; 1302 mtx_unlock(&cod->cse->lock); 1303 wakeup(cod); 1304 return (0); 1305 } 1306 1307 static void 1308 cryptodevkey_cb(struct cryptkop *krp) 1309 { 1310 1311 wakeup_one(krp); 1312 } 1313 1314 static int 1315 cryptodev_key(struct crypt_kop *kop) 1316 { 1317 struct cryptkop *krp = NULL; 1318 int error = EINVAL; 1319 int in, out, size, i; 1320 1321 if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 1322 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1323 return (EFBIG); 1324 } 1325 1326 in = kop->crk_iparams; 1327 out = kop->crk_oparams; 1328 switch (kop->crk_op) { 1329 case CRK_MOD_EXP: 1330 if (in == 3 && out == 1) 1331 break; 1332 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1333 return (EINVAL); 1334 case CRK_MOD_EXP_CRT: 1335 if (in == 6 && out == 1) 1336 break; 1337 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1338 return (EINVAL); 1339 case CRK_DSA_SIGN: 1340 if (in == 5 && out == 2) 1341 break; 1342 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1343 return (EINVAL); 1344 case CRK_DSA_VERIFY: 1345 if (in == 7 && out == 0) 1346 break; 1347 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1348 return (EINVAL); 1349 case CRK_DH_COMPUTE_KEY: 1350 if (in == 3 && out == 1) 1351 break; 1352 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1353 return (EINVAL); 1354 default: 1355 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1356 return (EINVAL); 1357 } 1358 1359 krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); 1360 if (!krp) { 1361 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1362 return (ENOMEM); 1363 } 1364 krp->krp_op = kop->crk_op; 1365 krp->krp_status = kop->crk_status; 1366 krp->krp_iparams = kop->crk_iparams; 1367 krp->krp_oparams = kop->crk_oparams; 1368 krp->krp_crid = kop->crk_crid; 1369 krp->krp_status = 0; 1370 krp->krp_callback = cryptodevkey_cb; 1371 1372 for (i = 0; i < CRK_MAXPARAM; i++) { 1373 if (kop->crk_param[i].crp_nbits > 65536) { 1374 /* Limit is the same as in OpenBSD */ 1375 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1376 goto fail; 1377 } 1378 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 1379 } 1380 for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 1381 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1382 if (size == 0) 1383 continue; 1384 krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); 1385 if (i >= krp->krp_iparams) 1386 continue; 1387 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 1388 if (error) { 1389 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1390 goto fail; 1391 } 1392 } 1393 1394 error = crypto_kdispatch(krp); 1395 if (error) { 1396 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1397 goto fail; 1398 } 1399 error = tsleep(krp, PSOCK, "crydev", 0); 1400 if (error) { 1401 /* XXX can this happen? if so, how do we recover? */ 1402 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1403 goto fail; 1404 } 1405 1406 kop->crk_crid = krp->krp_hid; /* device that did the work */ 1407 if (krp->krp_status != 0) { 1408 error = krp->krp_status; 1409 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1410 goto fail; 1411 } 1412 1413 for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 1414 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1415 if (size == 0) 1416 continue; 1417 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 1418 if (error) { 1419 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1420 goto fail; 1421 } 1422 } 1423 1424 fail: 1425 if (krp) { 1426 kop->crk_status = krp->krp_status; 1427 for (i = 0; i < CRK_MAXPARAM; i++) { 1428 if (krp->krp_param[i].crp_p) 1429 free(krp->krp_param[i].crp_p, M_XDATA); 1430 } 1431 free(krp, M_XDATA); 1432 } 1433 return (error); 1434 } 1435 1436 static int 1437 cryptodev_find(struct crypt_find_op *find) 1438 { 1439 device_t dev; 1440 size_t fnlen = sizeof find->name; 1441 1442 if (find->crid != -1) { 1443 dev = crypto_find_device_byhid(find->crid); 1444 if (dev == NULL) 1445 return (ENOENT); 1446 strncpy(find->name, device_get_nameunit(dev), fnlen); 1447 find->name[fnlen - 1] = '\x0'; 1448 } else { 1449 find->name[fnlen - 1] = '\x0'; 1450 find->crid = crypto_find_driver(find->name); 1451 if (find->crid == -1) 1452 return (ENOENT); 1453 } 1454 return (0); 1455 } 1456 1457 /* ARGSUSED */ 1458 static int 1459 cryptof_stat( 1460 struct file *fp, 1461 struct stat *sb, 1462 struct ucred *active_cred, 1463 struct thread *td) 1464 { 1465 1466 return (EOPNOTSUPP); 1467 } 1468 1469 /* ARGSUSED */ 1470 static int 1471 cryptof_close(struct file *fp, struct thread *td) 1472 { 1473 struct fcrypt *fcr = fp->f_data; 1474 struct csession *cse; 1475 1476 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1477 TAILQ_REMOVE(&fcr->csessions, cse, next); 1478 KASSERT(cse->refs == 1, 1479 ("%s: crypto session %p with %d refs", __func__, cse, 1480 cse->refs)); 1481 csefree(cse); 1482 } 1483 free(fcr, M_XDATA); 1484 fp->f_data = NULL; 1485 return 0; 1486 } 1487 1488 static int 1489 cryptof_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) 1490 { 1491 1492 kif->kf_type = KF_TYPE_CRYPTO; 1493 return (0); 1494 } 1495 1496 static struct csession * 1497 csefind(struct fcrypt *fcr, u_int ses) 1498 { 1499 struct csession *cse; 1500 1501 mtx_lock(&fcr->lock); 1502 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1503 if (cse->ses == ses) { 1504 refcount_acquire(&cse->refs); 1505 mtx_unlock(&fcr->lock); 1506 return (cse); 1507 } 1508 } 1509 mtx_unlock(&fcr->lock); 1510 return (NULL); 1511 } 1512 1513 static bool 1514 csedelete(struct fcrypt *fcr, u_int ses) 1515 { 1516 struct csession *cse; 1517 1518 mtx_lock(&fcr->lock); 1519 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1520 if (cse->ses == ses) { 1521 TAILQ_REMOVE(&fcr->csessions, cse, next); 1522 mtx_unlock(&fcr->lock); 1523 csefree(cse); 1524 return (true); 1525 } 1526 } 1527 mtx_unlock(&fcr->lock); 1528 return (false); 1529 } 1530 1531 struct csession * 1532 csecreate(struct fcrypt *fcr, crypto_session_t cses, 1533 struct crypto_session_params *csp, struct enc_xform *txform, 1534 void *key, struct auth_hash *thash, void *mackey) 1535 { 1536 struct csession *cse; 1537 1538 cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT | M_ZERO); 1539 if (cse == NULL) 1540 return NULL; 1541 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 1542 refcount_init(&cse->refs, 1); 1543 cse->key = key; 1544 cse->mackey = mackey; 1545 cse->mode = csp->csp_mode; 1546 cse->cses = cses; 1547 cse->txform = txform; 1548 if (thash != NULL) 1549 cse->hashsize = thash->hashsize; 1550 else if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) 1551 cse->hashsize = AES_GMAC_HASH_LEN; 1552 else if (csp->csp_cipher_alg == CRYPTO_AES_CCM_16) 1553 cse->hashsize = AES_CBC_MAC_HASH_LEN; 1554 cse->ivsize = csp->csp_ivlen; 1555 mtx_lock(&fcr->lock); 1556 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 1557 cse->ses = fcr->sesn++; 1558 mtx_unlock(&fcr->lock); 1559 return (cse); 1560 } 1561 1562 static void 1563 csefree(struct csession *cse) 1564 { 1565 1566 if (!refcount_release(&cse->refs)) 1567 return; 1568 crypto_freesession(cse->cses); 1569 mtx_destroy(&cse->lock); 1570 if (cse->key) 1571 free(cse->key, M_XDATA); 1572 if (cse->mackey) 1573 free(cse->mackey, M_XDATA); 1574 free(cse, M_XDATA); 1575 } 1576 1577 static int 1578 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) 1579 { 1580 struct file *f; 1581 struct fcrypt *fcr; 1582 int fd, error; 1583 1584 switch (cmd) { 1585 case CRIOGET: 1586 error = falloc_noinstall(td, &f); 1587 if (error) 1588 break; 1589 1590 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); 1591 TAILQ_INIT(&fcr->csessions); 1592 mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); 1593 1594 finit(f, FREAD | FWRITE, DTYPE_CRYPTO, fcr, &cryptofops); 1595 error = finstall(td, f, &fd, 0, NULL); 1596 if (error) { 1597 mtx_destroy(&fcr->lock); 1598 free(fcr, M_XDATA); 1599 } else 1600 *(uint32_t *)data = fd; 1601 fdrop(f, td); 1602 break; 1603 case CRIOFINDDEV: 1604 error = cryptodev_find((struct crypt_find_op *)data); 1605 break; 1606 case CRIOASYMFEAT: 1607 error = crypto_getfeat((int *)data); 1608 break; 1609 default: 1610 error = EINVAL; 1611 break; 1612 } 1613 return (error); 1614 } 1615 1616 static struct cdevsw crypto_cdevsw = { 1617 .d_version = D_VERSION, 1618 .d_ioctl = cryptoioctl, 1619 .d_name = "crypto", 1620 }; 1621 static struct cdev *crypto_dev; 1622 1623 /* 1624 * Initialization code, both for static and dynamic loading. 1625 */ 1626 static int 1627 cryptodev_modevent(module_t mod, int type, void *unused) 1628 { 1629 switch (type) { 1630 case MOD_LOAD: 1631 if (bootverbose) 1632 printf("crypto: <crypto device>\n"); 1633 crypto_dev = make_dev(&crypto_cdevsw, 0, 1634 UID_ROOT, GID_WHEEL, 0666, 1635 "crypto"); 1636 return 0; 1637 case MOD_UNLOAD: 1638 /*XXX disallow if active sessions */ 1639 destroy_dev(crypto_dev); 1640 return 0; 1641 } 1642 return EINVAL; 1643 } 1644 1645 static moduledata_t cryptodev_mod = { 1646 "cryptodev", 1647 cryptodev_modevent, 1648 0 1649 }; 1650 MODULE_VERSION(cryptodev, 1); 1651 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1652 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1653 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1654