1 /* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3 /*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. The name of the author may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * Effort sponsored in part by the Defense Advanced Research Projects 37 * Agency (DARPA) and Air Force Research Laboratory, Air Force 38 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 39 */ 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/sysctl.h> 51 #include <sys/file.h> 52 #include <sys/filedesc.h> 53 #include <sys/errno.h> 54 #include <sys/random.h> 55 #include <sys/conf.h> 56 #include <sys/kernel.h> 57 #include <sys/module.h> 58 #include <sys/fcntl.h> 59 #include <sys/bus.h> 60 #include <sys/user.h> 61 #include <sys/sdt.h> 62 63 #include <opencrypto/cryptodev.h> 64 #include <opencrypto/xform.h> 65 66 SDT_PROVIDER_DECLARE(opencrypto); 67 68 SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 69 70 #ifdef COMPAT_FREEBSD32 71 #include <sys/mount.h> 72 #include <compat/freebsd32/freebsd32.h> 73 74 struct session_op32 { 75 u_int32_t cipher; 76 u_int32_t mac; 77 u_int32_t keylen; 78 u_int32_t key; 79 int mackeylen; 80 u_int32_t mackey; 81 u_int32_t ses; 82 }; 83 84 struct session2_op32 { 85 u_int32_t cipher; 86 u_int32_t mac; 87 u_int32_t keylen; 88 u_int32_t key; 89 int mackeylen; 90 u_int32_t mackey; 91 u_int32_t ses; 92 int crid; 93 int pad[4]; 94 }; 95 96 struct crypt_op32 { 97 u_int32_t ses; 98 u_int16_t op; 99 u_int16_t flags; 100 u_int len; 101 u_int32_t src, dst; 102 u_int32_t mac; 103 u_int32_t iv; 104 }; 105 106 struct crparam32 { 107 u_int32_t crp_p; 108 u_int crp_nbits; 109 }; 110 111 struct crypt_kop32 { 112 u_int crk_op; 113 u_int crk_status; 114 u_short crk_iparams; 115 u_short crk_oparams; 116 u_int crk_crid; 117 struct crparam32 crk_param[CRK_MAXPARAM]; 118 }; 119 120 struct cryptotstat32 { 121 struct timespec32 acc; 122 struct timespec32 min; 123 struct timespec32 max; 124 u_int32_t count; 125 }; 126 127 struct cryptostats32 { 128 u_int32_t cs_ops; 129 u_int32_t cs_errs; 130 u_int32_t cs_kops; 131 u_int32_t cs_kerrs; 132 u_int32_t cs_intrs; 133 u_int32_t cs_rets; 134 u_int32_t cs_blocks; 135 u_int32_t cs_kblocks; 136 struct cryptotstat32 cs_invoke; 137 struct cryptotstat32 cs_done; 138 struct cryptotstat32 cs_cb; 139 struct cryptotstat32 cs_finis; 140 }; 141 142 #define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 143 #define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 144 #define CIOCKEY32 _IOWR('c', 104, struct crypt_kop32) 145 #define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 146 #define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32) 147 148 static void 149 session_op_from_32(const struct session_op32 *from, struct session_op *to) 150 { 151 152 CP(*from, *to, cipher); 153 CP(*from, *to, mac); 154 CP(*from, *to, keylen); 155 PTRIN_CP(*from, *to, key); 156 CP(*from, *to, mackeylen); 157 PTRIN_CP(*from, *to, mackey); 158 CP(*from, *to, ses); 159 } 160 161 static void 162 session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 163 { 164 165 session_op_from_32((const struct session_op32 *)from, 166 (struct session_op *)to); 167 CP(*from, *to, crid); 168 } 169 170 static void 171 session_op_to_32(const struct session_op *from, struct session_op32 *to) 172 { 173 174 CP(*from, *to, cipher); 175 CP(*from, *to, mac); 176 CP(*from, *to, keylen); 177 PTROUT_CP(*from, *to, key); 178 CP(*from, *to, mackeylen); 179 PTROUT_CP(*from, *to, mackey); 180 CP(*from, *to, ses); 181 } 182 183 static void 184 session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 185 { 186 187 session_op_to_32((const struct session_op *)from, 188 (struct session_op32 *)to); 189 CP(*from, *to, crid); 190 } 191 192 static void 193 crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 194 { 195 196 CP(*from, *to, ses); 197 CP(*from, *to, op); 198 CP(*from, *to, flags); 199 CP(*from, *to, len); 200 PTRIN_CP(*from, *to, src); 201 PTRIN_CP(*from, *to, dst); 202 PTRIN_CP(*from, *to, mac); 203 PTRIN_CP(*from, *to, iv); 204 } 205 206 static void 207 crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 208 { 209 210 CP(*from, *to, ses); 211 CP(*from, *to, op); 212 CP(*from, *to, flags); 213 CP(*from, *to, len); 214 PTROUT_CP(*from, *to, src); 215 PTROUT_CP(*from, *to, dst); 216 PTROUT_CP(*from, *to, mac); 217 PTROUT_CP(*from, *to, iv); 218 } 219 220 static void 221 crparam_from_32(const struct crparam32 *from, struct crparam *to) 222 { 223 224 PTRIN_CP(*from, *to, crp_p); 225 CP(*from, *to, crp_nbits); 226 } 227 228 static void 229 crparam_to_32(const struct crparam *from, struct crparam32 *to) 230 { 231 232 PTROUT_CP(*from, *to, crp_p); 233 CP(*from, *to, crp_nbits); 234 } 235 236 static void 237 crypt_kop_from_32(const struct crypt_kop32 *from, struct crypt_kop *to) 238 { 239 int i; 240 241 CP(*from, *to, crk_op); 242 CP(*from, *to, crk_status); 243 CP(*from, *to, crk_iparams); 244 CP(*from, *to, crk_oparams); 245 CP(*from, *to, crk_crid); 246 for (i = 0; i < CRK_MAXPARAM; i++) 247 crparam_from_32(&from->crk_param[i], &to->crk_param[i]); 248 } 249 250 static void 251 crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) 252 { 253 int i; 254 255 CP(*from, *to, crk_op); 256 CP(*from, *to, crk_status); 257 CP(*from, *to, crk_iparams); 258 CP(*from, *to, crk_oparams); 259 CP(*from, *to, crk_crid); 260 for (i = 0; i < CRK_MAXPARAM; i++) 261 crparam_to_32(&from->crk_param[i], &to->crk_param[i]); 262 } 263 #endif 264 265 struct csession { 266 TAILQ_ENTRY(csession) next; 267 crypto_session_t cses; 268 volatile u_int refs; 269 u_int32_t ses; 270 struct mtx lock; /* for op submission */ 271 272 struct enc_xform *txform; 273 int hashsize; 274 int ivsize; 275 int mode; 276 277 void *key; 278 void *mackey; 279 }; 280 281 struct cryptop_data { 282 struct csession *cse; 283 284 char *buf; 285 bool done; 286 }; 287 288 struct fcrypt { 289 TAILQ_HEAD(csessionlist, csession) csessions; 290 int sesn; 291 struct mtx lock; 292 }; 293 294 static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; 295 SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW, 296 &warninterval, 297 "Delay in seconds between warnings of deprecated /dev/crypto algorithms"); 298 299 static int cryptof_ioctl(struct file *, u_long, void *, 300 struct ucred *, struct thread *); 301 static int cryptof_stat(struct file *, struct stat *, 302 struct ucred *, struct thread *); 303 static int cryptof_close(struct file *, struct thread *); 304 static int cryptof_fill_kinfo(struct file *, struct kinfo_file *, 305 struct filedesc *); 306 307 static struct fileops cryptofops = { 308 .fo_read = invfo_rdwr, 309 .fo_write = invfo_rdwr, 310 .fo_truncate = invfo_truncate, 311 .fo_ioctl = cryptof_ioctl, 312 .fo_poll = invfo_poll, 313 .fo_kqfilter = invfo_kqfilter, 314 .fo_stat = cryptof_stat, 315 .fo_close = cryptof_close, 316 .fo_chmod = invfo_chmod, 317 .fo_chown = invfo_chown, 318 .fo_sendfile = invfo_sendfile, 319 .fo_fill_kinfo = cryptof_fill_kinfo, 320 }; 321 322 static struct csession *csefind(struct fcrypt *, u_int); 323 static bool csedelete(struct fcrypt *, u_int); 324 static struct csession *csecreate(struct fcrypt *, crypto_session_t, 325 struct crypto_session_params *, struct enc_xform *, void *, 326 struct auth_hash *, void *); 327 static void csefree(struct csession *); 328 329 static int cryptodev_op(struct csession *, struct crypt_op *, 330 struct ucred *, struct thread *td); 331 static int cryptodev_aead(struct csession *, struct crypt_aead *, 332 struct ucred *, struct thread *); 333 static int cryptodev_key(struct crypt_kop *); 334 static int cryptodev_find(struct crypt_find_op *); 335 336 /* 337 * Check a crypto identifier to see if it requested 338 * a software device/driver. This can be done either 339 * by device name/class or through search constraints. 340 */ 341 static int 342 checkforsoftware(int *cridp) 343 { 344 int crid; 345 346 crid = *cridp; 347 348 if (!crypto_devallowsoft) { 349 if (crid & CRYPTOCAP_F_SOFTWARE) { 350 if (crid & CRYPTOCAP_F_HARDWARE) { 351 *cridp = CRYPTOCAP_F_HARDWARE; 352 return 0; 353 } 354 return EINVAL; 355 } 356 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 357 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 358 return EINVAL; 359 } 360 return 0; 361 } 362 363 /* ARGSUSED */ 364 static int 365 cryptof_ioctl( 366 struct file *fp, 367 u_long cmd, 368 void *data, 369 struct ucred *active_cred, 370 struct thread *td) 371 { 372 #define SES2(p) ((struct session2_op *)p) 373 struct crypto_session_params csp; 374 struct fcrypt *fcr = fp->f_data; 375 struct csession *cse; 376 struct session_op *sop; 377 struct crypt_op *cop; 378 struct crypt_aead *caead; 379 struct enc_xform *txform = NULL; 380 struct auth_hash *thash = NULL; 381 void *key = NULL; 382 void *mackey = NULL; 383 struct crypt_kop *kop; 384 crypto_session_t cses; 385 u_int32_t ses; 386 int error = 0, crid; 387 #ifdef COMPAT_FREEBSD32 388 struct session2_op sopc; 389 struct crypt_op copc; 390 struct crypt_kop kopc; 391 #endif 392 393 switch (cmd) { 394 case CIOCGSESSION: 395 case CIOCGSESSION2: 396 #ifdef COMPAT_FREEBSD32 397 case CIOCGSESSION32: 398 case CIOCGSESSION232: 399 if (cmd == CIOCGSESSION32) { 400 session_op_from_32(data, (struct session_op *)&sopc); 401 sop = (struct session_op *)&sopc; 402 } else if (cmd == CIOCGSESSION232) { 403 session2_op_from_32(data, &sopc); 404 sop = (struct session_op *)&sopc; 405 } else 406 #endif 407 sop = (struct session_op *)data; 408 switch (sop->cipher) { 409 case 0: 410 break; 411 case CRYPTO_DES_CBC: 412 txform = &enc_xform_des; 413 break; 414 case CRYPTO_3DES_CBC: 415 txform = &enc_xform_3des; 416 break; 417 case CRYPTO_BLF_CBC: 418 txform = &enc_xform_blf; 419 break; 420 case CRYPTO_CAST_CBC: 421 txform = &enc_xform_cast5; 422 break; 423 case CRYPTO_SKIPJACK_CBC: 424 txform = &enc_xform_skipjack; 425 break; 426 case CRYPTO_AES_CBC: 427 txform = &enc_xform_rijndael128; 428 break; 429 case CRYPTO_AES_XTS: 430 txform = &enc_xform_aes_xts; 431 break; 432 case CRYPTO_NULL_CBC: 433 txform = &enc_xform_null; 434 break; 435 case CRYPTO_ARC4: 436 txform = &enc_xform_arc4; 437 break; 438 case CRYPTO_CAMELLIA_CBC: 439 txform = &enc_xform_camellia; 440 break; 441 case CRYPTO_AES_ICM: 442 txform = &enc_xform_aes_icm; 443 break; 444 case CRYPTO_AES_NIST_GCM_16: 445 txform = &enc_xform_aes_nist_gcm; 446 break; 447 case CRYPTO_CHACHA20: 448 txform = &enc_xform_chacha20; 449 break; 450 case CRYPTO_AES_CCM_16: 451 txform = &enc_xform_ccm; 452 break; 453 454 default: 455 CRYPTDEB("invalid cipher"); 456 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 457 return (EINVAL); 458 } 459 460 switch (sop->mac) { 461 case 0: 462 break; 463 case CRYPTO_MD5_HMAC: 464 thash = &auth_hash_hmac_md5; 465 break; 466 case CRYPTO_POLY1305: 467 thash = &auth_hash_poly1305; 468 break; 469 case CRYPTO_SHA1_HMAC: 470 thash = &auth_hash_hmac_sha1; 471 break; 472 case CRYPTO_SHA2_224_HMAC: 473 thash = &auth_hash_hmac_sha2_224; 474 break; 475 case CRYPTO_SHA2_256_HMAC: 476 thash = &auth_hash_hmac_sha2_256; 477 break; 478 case CRYPTO_SHA2_384_HMAC: 479 thash = &auth_hash_hmac_sha2_384; 480 break; 481 case CRYPTO_SHA2_512_HMAC: 482 thash = &auth_hash_hmac_sha2_512; 483 break; 484 case CRYPTO_RIPEMD160_HMAC: 485 thash = &auth_hash_hmac_ripemd_160; 486 break; 487 #ifdef COMPAT_FREEBSD12 488 case CRYPTO_AES_128_NIST_GMAC: 489 case CRYPTO_AES_192_NIST_GMAC: 490 case CRYPTO_AES_256_NIST_GMAC: 491 /* Should always be paired with GCM. */ 492 if (sop->cipher != CRYPTO_AES_NIST_GCM_16) { 493 CRYPTDEB("GMAC without GCM"); 494 return (EINVAL); 495 } 496 break; 497 #endif 498 case CRYPTO_AES_NIST_GMAC: 499 switch (sop->mackeylen * 8) { 500 case 128: 501 thash = &auth_hash_nist_gmac_aes_128; 502 break; 503 case 192: 504 thash = &auth_hash_nist_gmac_aes_192; 505 break; 506 case 256: 507 thash = &auth_hash_nist_gmac_aes_256; 508 break; 509 default: 510 CRYPTDEB("invalid GMAC key length"); 511 SDT_PROBE1(opencrypto, dev, ioctl, error, 512 __LINE__); 513 return (EINVAL); 514 } 515 break; 516 case CRYPTO_AES_CCM_CBC_MAC: 517 switch (sop->mackeylen) { 518 case 16: 519 thash = &auth_hash_ccm_cbc_mac_128; 520 break; 521 case 24: 522 thash = &auth_hash_ccm_cbc_mac_192; 523 break; 524 case 32: 525 thash = &auth_hash_ccm_cbc_mac_256; 526 break; 527 default: 528 CRYPTDEB("Invalid CBC MAC key size %d", 529 sop->keylen); 530 SDT_PROBE1(opencrypto, dev, ioctl, 531 error, __LINE__); 532 return (EINVAL); 533 } 534 break; 535 #ifdef notdef 536 case CRYPTO_MD5: 537 thash = &auth_hash_md5; 538 break; 539 #endif 540 case CRYPTO_SHA1: 541 thash = &auth_hash_sha1; 542 break; 543 case CRYPTO_SHA2_224: 544 thash = &auth_hash_sha2_224; 545 break; 546 case CRYPTO_SHA2_256: 547 thash = &auth_hash_sha2_256; 548 break; 549 case CRYPTO_SHA2_384: 550 thash = &auth_hash_sha2_384; 551 break; 552 case CRYPTO_SHA2_512: 553 thash = &auth_hash_sha2_512; 554 break; 555 556 case CRYPTO_NULL_HMAC: 557 thash = &auth_hash_null; 558 break; 559 560 case CRYPTO_BLAKE2B: 561 thash = &auth_hash_blake2b; 562 break; 563 case CRYPTO_BLAKE2S: 564 thash = &auth_hash_blake2s; 565 break; 566 567 default: 568 CRYPTDEB("invalid mac"); 569 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 570 return (EINVAL); 571 } 572 573 if (txform == NULL && thash == NULL) 574 return (EINVAL); 575 576 memset(&csp, 0, sizeof(csp)); 577 578 if (sop->cipher == CRYPTO_AES_NIST_GCM_16) { 579 switch (sop->mac) { 580 #ifdef COMPAT_FREEBSD12 581 case CRYPTO_AES_128_NIST_GMAC: 582 case CRYPTO_AES_192_NIST_GMAC: 583 case CRYPTO_AES_256_NIST_GMAC: 584 if (sop->keylen != sop->mackeylen) 585 return (EINVAL); 586 break; 587 #endif 588 case 0: 589 break; 590 default: 591 return (EINVAL); 592 } 593 csp.csp_mode = CSP_MODE_AEAD; 594 } else if (sop->cipher == CRYPTO_AES_CCM_16) { 595 switch (sop->mac) { 596 #ifdef COMPAT_FREEBSD12 597 case CRYPTO_AES_CCM_CBC_MAC: 598 if (sop->keylen != sop->mackeylen) 599 return (EINVAL); 600 thash = NULL; 601 break; 602 #endif 603 case 0: 604 break; 605 default: 606 return (EINVAL); 607 } 608 csp.csp_mode = CSP_MODE_AEAD; 609 } else if (txform && thash) 610 csp.csp_mode = CSP_MODE_ETA; 611 else if (txform) 612 csp.csp_mode = CSP_MODE_CIPHER; 613 else 614 csp.csp_mode = CSP_MODE_DIGEST; 615 616 if (txform) { 617 csp.csp_cipher_alg = txform->type; 618 csp.csp_cipher_klen = sop->keylen; 619 if (sop->keylen > txform->maxkey || 620 sop->keylen < txform->minkey) { 621 CRYPTDEB("invalid cipher parameters"); 622 error = EINVAL; 623 SDT_PROBE1(opencrypto, dev, ioctl, error, 624 __LINE__); 625 goto bail; 626 } 627 628 key = malloc(csp.csp_cipher_klen, M_XDATA, M_WAITOK); 629 error = copyin(sop->key, key, csp.csp_cipher_klen); 630 if (error) { 631 CRYPTDEB("invalid key"); 632 SDT_PROBE1(opencrypto, dev, ioctl, error, 633 __LINE__); 634 goto bail; 635 } 636 csp.csp_cipher_key = key; 637 csp.csp_ivlen = txform->ivsize; 638 } 639 640 if (thash) { 641 csp.csp_auth_alg = thash->type; 642 csp.csp_auth_klen = sop->mackeylen; 643 if (sop->mackeylen > thash->keysize || 644 sop->mackeylen < 0) { 645 CRYPTDEB("invalid mac key length"); 646 error = EINVAL; 647 SDT_PROBE1(opencrypto, dev, ioctl, error, 648 __LINE__); 649 goto bail; 650 } 651 652 if (csp.csp_auth_klen) { 653 mackey = malloc(csp.csp_auth_klen, M_XDATA, 654 M_WAITOK); 655 error = copyin(sop->mackey, mackey, 656 csp.csp_auth_klen); 657 if (error) { 658 CRYPTDEB("invalid mac key"); 659 SDT_PROBE1(opencrypto, dev, ioctl, 660 error, __LINE__); 661 goto bail; 662 } 663 csp.csp_auth_key = mackey; 664 } 665 666 if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC) 667 csp.csp_ivlen = AES_GCM_IV_LEN; 668 if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC) 669 csp.csp_ivlen = AES_CCM_IV_LEN; 670 } 671 672 /* NB: CIOCGSESSION2 has the crid */ 673 if (cmd == CIOCGSESSION2 674 #ifdef COMPAT_FREEBSD32 675 || cmd == CIOCGSESSION232 676 #endif 677 ) { 678 crid = SES2(sop)->crid; 679 error = checkforsoftware(&crid); 680 if (error) { 681 CRYPTDEB("checkforsoftware"); 682 SDT_PROBE1(opencrypto, dev, ioctl, error, 683 __LINE__); 684 goto bail; 685 } 686 } else 687 crid = CRYPTOCAP_F_HARDWARE; 688 error = crypto_newsession(&cses, &csp, crid); 689 if (error) { 690 CRYPTDEB("crypto_newsession"); 691 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 692 goto bail; 693 } 694 695 cse = csecreate(fcr, cses, &csp, txform, key, thash, mackey); 696 697 if (cse == NULL) { 698 crypto_freesession(cses); 699 error = EINVAL; 700 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 701 CRYPTDEB("csecreate"); 702 goto bail; 703 } 704 sop->ses = cse->ses; 705 if (cmd == CIOCGSESSION2 706 #ifdef COMPAT_FREEBSD32 707 || cmd == CIOCGSESSION232 708 #endif 709 ) { 710 /* return hardware/driver id */ 711 SES2(sop)->crid = crypto_ses2hid(cse->cses); 712 } 713 bail: 714 if (error) { 715 free(key, M_XDATA); 716 free(mackey, M_XDATA); 717 } 718 #ifdef COMPAT_FREEBSD32 719 else { 720 if (cmd == CIOCGSESSION32) 721 session_op_to_32(sop, data); 722 else if (cmd == CIOCGSESSION232) 723 session2_op_to_32((struct session2_op *)sop, 724 data); 725 } 726 #endif 727 break; 728 case CIOCFSESSION: 729 ses = *(u_int32_t *)data; 730 if (!csedelete(fcr, ses)) { 731 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 732 return (EINVAL); 733 } 734 break; 735 case CIOCCRYPT: 736 #ifdef COMPAT_FREEBSD32 737 case CIOCCRYPT32: 738 if (cmd == CIOCCRYPT32) { 739 cop = &copc; 740 crypt_op_from_32(data, cop); 741 } else 742 #endif 743 cop = (struct crypt_op *)data; 744 cse = csefind(fcr, cop->ses); 745 if (cse == NULL) { 746 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 747 return (EINVAL); 748 } 749 error = cryptodev_op(cse, cop, active_cred, td); 750 csefree(cse); 751 #ifdef COMPAT_FREEBSD32 752 if (error == 0 && cmd == CIOCCRYPT32) 753 crypt_op_to_32(cop, data); 754 #endif 755 break; 756 case CIOCKEY: 757 case CIOCKEY2: 758 #ifdef COMPAT_FREEBSD32 759 case CIOCKEY32: 760 case CIOCKEY232: 761 #endif 762 if (!crypto_userasymcrypto) { 763 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 764 return (EPERM); /* XXX compat? */ 765 } 766 #ifdef COMPAT_FREEBSD32 767 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { 768 kop = &kopc; 769 crypt_kop_from_32(data, kop); 770 } else 771 #endif 772 kop = (struct crypt_kop *)data; 773 if (cmd == CIOCKEY 774 #ifdef COMPAT_FREEBSD32 775 || cmd == CIOCKEY32 776 #endif 777 ) { 778 /* NB: crypto core enforces s/w driver use */ 779 kop->crk_crid = 780 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; 781 } 782 mtx_lock(&Giant); 783 error = cryptodev_key(kop); 784 mtx_unlock(&Giant); 785 #ifdef COMPAT_FREEBSD32 786 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) 787 crypt_kop_to_32(kop, data); 788 #endif 789 break; 790 case CIOCASYMFEAT: 791 if (!crypto_userasymcrypto) { 792 /* 793 * NB: if user asym crypto operations are 794 * not permitted return "no algorithms" 795 * so well-behaved applications will just 796 * fallback to doing them in software. 797 */ 798 *(int *)data = 0; 799 } else { 800 error = crypto_getfeat((int *)data); 801 if (error) 802 SDT_PROBE1(opencrypto, dev, ioctl, error, 803 __LINE__); 804 } 805 break; 806 case CIOCFINDDEV: 807 error = cryptodev_find((struct crypt_find_op *)data); 808 break; 809 case CIOCCRYPTAEAD: 810 caead = (struct crypt_aead *)data; 811 cse = csefind(fcr, caead->ses); 812 if (cse == NULL) { 813 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 814 return (EINVAL); 815 } 816 error = cryptodev_aead(cse, caead, active_cred, td); 817 csefree(cse); 818 break; 819 default: 820 error = EINVAL; 821 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 822 break; 823 } 824 return (error); 825 #undef SES2 826 } 827 828 static int cryptodev_cb(struct cryptop *); 829 830 static struct cryptop_data * 831 cod_alloc(struct csession *cse, size_t len, struct thread *td) 832 { 833 struct cryptop_data *cod; 834 835 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 836 837 cod->cse = cse; 838 cod->buf = malloc(len, M_XDATA, M_WAITOK); 839 return (cod); 840 } 841 842 static void 843 cod_free(struct cryptop_data *cod) 844 { 845 846 free(cod->buf, M_XDATA); 847 free(cod, M_XDATA); 848 } 849 850 static void 851 cryptodev_warn(struct csession *cse) 852 { 853 static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn; 854 static struct timeval skipwarn, tdeswarn; 855 const struct crypto_session_params *csp; 856 857 csp = crypto_get_params(cse->cses); 858 switch (csp->csp_cipher_alg) { 859 case CRYPTO_DES_CBC: 860 if (ratecheck(&deswarn, &warninterval)) 861 gone_in(13, "DES cipher via /dev/crypto"); 862 break; 863 case CRYPTO_3DES_CBC: 864 if (ratecheck(&tdeswarn, &warninterval)) 865 gone_in(13, "3DES cipher via /dev/crypto"); 866 break; 867 case CRYPTO_BLF_CBC: 868 if (ratecheck(&blfwarn, &warninterval)) 869 gone_in(13, "Blowfish cipher via /dev/crypto"); 870 break; 871 case CRYPTO_CAST_CBC: 872 if (ratecheck(&castwarn, &warninterval)) 873 gone_in(13, "CAST128 cipher via /dev/crypto"); 874 break; 875 case CRYPTO_SKIPJACK_CBC: 876 if (ratecheck(&skipwarn, &warninterval)) 877 gone_in(13, "Skipjack cipher via /dev/crypto"); 878 break; 879 case CRYPTO_ARC4: 880 if (ratecheck(&arc4warn, &warninterval)) 881 gone_in(13, "ARC4 cipher via /dev/crypto"); 882 break; 883 } 884 885 switch (csp->csp_auth_alg) { 886 case CRYPTO_MD5_HMAC: 887 if (ratecheck(&md5warn, &warninterval)) 888 gone_in(13, "MD5-HMAC authenticator via /dev/crypto"); 889 break; 890 } 891 } 892 893 static int 894 cryptodev_op( 895 struct csession *cse, 896 struct crypt_op *cop, 897 struct ucred *active_cred, 898 struct thread *td) 899 { 900 struct cryptop_data *cod = NULL; 901 struct cryptop *crp = NULL; 902 int error; 903 904 if (cop->len > 256*1024-4) { 905 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 906 return (E2BIG); 907 } 908 909 if (cse->txform) { 910 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { 911 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 912 return (EINVAL); 913 } 914 } 915 916 if (cop->mac && cse->hashsize == 0) { 917 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 918 error = EINVAL; 919 goto bail; 920 } 921 922 /* 923 * The COP_F_CIPHER_FIRST flag predates explicit session 924 * modes, but the only way it was used was for EtA so allow it 925 * as long as it is consistent with EtA. 926 */ 927 if (cop->flags & COP_F_CIPHER_FIRST) { 928 if (cop->op != COP_ENCRYPT) { 929 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 930 return (EINVAL); 931 } 932 } 933 934 cod = cod_alloc(cse, cop->len + cse->hashsize, td); 935 936 crp = crypto_getreq(cse->cses, M_WAITOK); 937 938 error = copyin(cop->src, cod->buf, cop->len); 939 if (error) { 940 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 941 goto bail; 942 } 943 crp->crp_payload_start = 0; 944 crp->crp_payload_length = cop->len; 945 if (cse->hashsize) 946 crp->crp_digest_start = cop->len; 947 948 switch (cse->mode) { 949 case CSP_MODE_COMPRESS: 950 switch (cop->op) { 951 case COP_ENCRYPT: 952 crp->crp_op = CRYPTO_OP_COMPRESS; 953 break; 954 case COP_DECRYPT: 955 crp->crp_op = CRYPTO_OP_DECOMPRESS; 956 break; 957 default: 958 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 959 error = EINVAL; 960 goto bail; 961 } 962 break; 963 case CSP_MODE_CIPHER: 964 switch (cop->op) { 965 case COP_ENCRYPT: 966 crp->crp_op = CRYPTO_OP_ENCRYPT; 967 break; 968 case COP_DECRYPT: 969 crp->crp_op = CRYPTO_OP_DECRYPT; 970 break; 971 default: 972 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 973 error = EINVAL; 974 goto bail; 975 } 976 break; 977 case CSP_MODE_DIGEST: 978 switch (cop->op) { 979 case 0: 980 case COP_ENCRYPT: 981 case COP_DECRYPT: 982 crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST; 983 break; 984 default: 985 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 986 error = EINVAL; 987 goto bail; 988 } 989 break; 990 case CSP_MODE_ETA: 991 switch (cop->op) { 992 case COP_ENCRYPT: 993 crp->crp_op = CRYPTO_OP_ENCRYPT | 994 CRYPTO_OP_COMPUTE_DIGEST; 995 break; 996 case COP_DECRYPT: 997 crp->crp_op = CRYPTO_OP_DECRYPT | 998 CRYPTO_OP_VERIFY_DIGEST; 999 break; 1000 default: 1001 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1002 error = EINVAL; 1003 goto bail; 1004 } 1005 break; 1006 default: 1007 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1008 error = EINVAL; 1009 goto bail; 1010 } 1011 1012 crp->crp_ilen = cop->len + cse->hashsize; 1013 crp->crp_flags = CRYPTO_F_CBIMM | (cop->flags & COP_F_BATCH); 1014 crp->crp_buf = cod->buf; 1015 crp->crp_buf_type = CRYPTO_BUF_CONTIG; 1016 crp->crp_callback = cryptodev_cb; 1017 crp->crp_opaque = cod; 1018 1019 if (cop->iv) { 1020 if (cse->ivsize == 0) { 1021 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1022 error = EINVAL; 1023 goto bail; 1024 } 1025 error = copyin(cop->iv, crp->crp_iv, cse->ivsize); 1026 if (error) { 1027 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1028 goto bail; 1029 } 1030 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 1031 } else if (cse->ivsize != 0) { 1032 crp->crp_iv_start = 0; 1033 crp->crp_payload_start += cse->ivsize; 1034 crp->crp_payload_length -= cse->ivsize; 1035 } 1036 1037 if (cop->mac != NULL) { 1038 error = copyin(cop->mac, cod->buf + cop->len, cse->hashsize); 1039 if (error) { 1040 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1041 goto bail; 1042 } 1043 } 1044 cryptodev_warn(cse); 1045 again: 1046 /* 1047 * Let the dispatch run unlocked, then, interlock against the 1048 * callback before checking if the operation completed and going 1049 * to sleep. This insures drivers don't inherit our lock which 1050 * results in a lock order reversal between crypto_dispatch forced 1051 * entry and the crypto_done callback into us. 1052 */ 1053 error = crypto_dispatch(crp); 1054 if (error != 0) { 1055 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1056 goto bail; 1057 } 1058 1059 mtx_lock(&cse->lock); 1060 while (!cod->done) 1061 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1062 mtx_unlock(&cse->lock); 1063 1064 if (crp->crp_etype == EAGAIN) { 1065 crp->crp_etype = 0; 1066 crp->crp_flags &= ~CRYPTO_F_DONE; 1067 cod->done = false; 1068 goto again; 1069 } 1070 1071 if (crp->crp_etype != 0) { 1072 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1073 error = crp->crp_etype; 1074 goto bail; 1075 } 1076 1077 if (cop->dst != NULL) { 1078 error = copyout(cod->buf, cop->dst, cop->len); 1079 if (error) { 1080 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1081 goto bail; 1082 } 1083 } 1084 1085 if (cop->mac != NULL) { 1086 error = copyout(cod->buf + cop->len, cop->mac, cse->hashsize); 1087 if (error) { 1088 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1089 goto bail; 1090 } 1091 } 1092 1093 bail: 1094 if (crp) 1095 crypto_freereq(crp); 1096 if (cod) 1097 cod_free(cod); 1098 1099 return (error); 1100 } 1101 1102 static int 1103 cryptodev_aead( 1104 struct csession *cse, 1105 struct crypt_aead *caead, 1106 struct ucred *active_cred, 1107 struct thread *td) 1108 { 1109 struct cryptop_data *cod = NULL; 1110 struct cryptop *crp = NULL; 1111 int error; 1112 1113 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 1114 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1115 return (E2BIG); 1116 } 1117 1118 if (cse->txform == NULL || cse->hashsize == 0 || caead->tag == NULL || 1119 (caead->len % cse->txform->blocksize) != 0) { 1120 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1121 return (EINVAL); 1122 } 1123 1124 /* 1125 * The COP_F_CIPHER_FIRST flag predates explicit session 1126 * modes, but the only way it was used was for EtA so allow it 1127 * as long as it is consistent with EtA. 1128 */ 1129 if (caead->flags & COP_F_CIPHER_FIRST) { 1130 if (caead->op != COP_ENCRYPT) { 1131 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1132 return (EINVAL); 1133 } 1134 } 1135 1136 cod = cod_alloc(cse, caead->aadlen + caead->len + cse->hashsize, td); 1137 1138 crp = crypto_getreq(cse->cses, M_WAITOK); 1139 1140 error = copyin(caead->aad, cod->buf, caead->aadlen); 1141 if (error) { 1142 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1143 goto bail; 1144 } 1145 crp->crp_aad_start = 0; 1146 crp->crp_aad_length = caead->aadlen; 1147 1148 error = copyin(caead->src, cod->buf + caead->aadlen, caead->len); 1149 if (error) { 1150 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1151 goto bail; 1152 } 1153 crp->crp_payload_start = caead->aadlen; 1154 crp->crp_payload_length = caead->len; 1155 crp->crp_digest_start = caead->aadlen + caead->len; 1156 1157 switch (cse->mode) { 1158 case CSP_MODE_AEAD: 1159 switch (caead->op) { 1160 case COP_ENCRYPT: 1161 crp->crp_op = CRYPTO_OP_ENCRYPT | 1162 CRYPTO_OP_COMPUTE_DIGEST; 1163 break; 1164 case COP_DECRYPT: 1165 crp->crp_op = CRYPTO_OP_DECRYPT | 1166 CRYPTO_OP_VERIFY_DIGEST; 1167 break; 1168 default: 1169 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1170 error = EINVAL; 1171 goto bail; 1172 } 1173 break; 1174 case CSP_MODE_ETA: 1175 switch (caead->op) { 1176 case COP_ENCRYPT: 1177 crp->crp_op = CRYPTO_OP_ENCRYPT | 1178 CRYPTO_OP_COMPUTE_DIGEST; 1179 break; 1180 case COP_DECRYPT: 1181 crp->crp_op = CRYPTO_OP_DECRYPT | 1182 CRYPTO_OP_VERIFY_DIGEST; 1183 break; 1184 default: 1185 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1186 error = EINVAL; 1187 goto bail; 1188 } 1189 break; 1190 default: 1191 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1192 error = EINVAL; 1193 goto bail; 1194 } 1195 1196 crp->crp_ilen = caead->aadlen + caead->len + cse->hashsize; 1197 crp->crp_flags = CRYPTO_F_CBIMM | (caead->flags & COP_F_BATCH); 1198 crp->crp_buf = cod->buf; 1199 crp->crp_buf_type = CRYPTO_BUF_CONTIG; 1200 crp->crp_callback = cryptodev_cb; 1201 crp->crp_opaque = cod; 1202 1203 if (caead->iv) { 1204 /* 1205 * Permit a 16-byte IV for AES-XTS, but only use the 1206 * first 8 bytes as a block number. 1207 */ 1208 if (cse->mode == CSP_MODE_ETA && 1209 caead->ivlen == AES_BLOCK_LEN && 1210 cse->ivsize == AES_XTS_IV_LEN) 1211 caead->ivlen = AES_XTS_IV_LEN; 1212 1213 if (caead->ivlen != cse->ivsize) { 1214 error = EINVAL; 1215 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1216 goto bail; 1217 } 1218 1219 error = copyin(caead->iv, crp->crp_iv, cse->ivsize); 1220 if (error) { 1221 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1222 goto bail; 1223 } 1224 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 1225 } else { 1226 crp->crp_iv_start = crp->crp_payload_start; 1227 crp->crp_payload_start += cse->ivsize; 1228 crp->crp_payload_length -= cse->ivsize; 1229 } 1230 1231 error = copyin(caead->tag, cod->buf + caead->len + caead->aadlen, 1232 cse->hashsize); 1233 if (error) { 1234 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1235 goto bail; 1236 } 1237 cryptodev_warn(cse); 1238 again: 1239 /* 1240 * Let the dispatch run unlocked, then, interlock against the 1241 * callback before checking if the operation completed and going 1242 * to sleep. This insures drivers don't inherit our lock which 1243 * results in a lock order reversal between crypto_dispatch forced 1244 * entry and the crypto_done callback into us. 1245 */ 1246 error = crypto_dispatch(crp); 1247 if (error != 0) { 1248 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1249 goto bail; 1250 } 1251 1252 mtx_lock(&cse->lock); 1253 while (!cod->done) 1254 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1255 mtx_unlock(&cse->lock); 1256 1257 if (crp->crp_etype == EAGAIN) { 1258 crp->crp_etype = 0; 1259 crp->crp_flags &= ~CRYPTO_F_DONE; 1260 cod->done = false; 1261 goto again; 1262 } 1263 1264 if (crp->crp_etype != 0) { 1265 error = crp->crp_etype; 1266 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1267 goto bail; 1268 } 1269 1270 if (caead->dst != NULL) { 1271 error = copyout(cod->buf + caead->aadlen, caead->dst, 1272 caead->len); 1273 if (error) { 1274 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1275 goto bail; 1276 } 1277 } 1278 1279 error = copyout(cod->buf + caead->aadlen + caead->len, caead->tag, 1280 cse->hashsize); 1281 if (error) { 1282 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1283 goto bail; 1284 } 1285 1286 bail: 1287 crypto_freereq(crp); 1288 if (cod) 1289 cod_free(cod); 1290 1291 return (error); 1292 } 1293 1294 static int 1295 cryptodev_cb(struct cryptop *crp) 1296 { 1297 struct cryptop_data *cod = crp->crp_opaque; 1298 1299 /* 1300 * Lock to ensure the wakeup() is not missed by the loops 1301 * waiting on cod->done in cryptodev_op() and 1302 * cryptodev_aead(). 1303 */ 1304 mtx_lock(&cod->cse->lock); 1305 cod->done = true; 1306 mtx_unlock(&cod->cse->lock); 1307 wakeup(cod); 1308 return (0); 1309 } 1310 1311 static void 1312 cryptodevkey_cb(struct cryptkop *krp) 1313 { 1314 1315 wakeup_one(krp); 1316 } 1317 1318 static int 1319 cryptodev_key(struct crypt_kop *kop) 1320 { 1321 struct cryptkop *krp = NULL; 1322 int error = EINVAL; 1323 int in, out, size, i; 1324 1325 if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 1326 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1327 return (EFBIG); 1328 } 1329 1330 in = kop->crk_iparams; 1331 out = kop->crk_oparams; 1332 switch (kop->crk_op) { 1333 case CRK_MOD_EXP: 1334 if (in == 3 && out == 1) 1335 break; 1336 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1337 return (EINVAL); 1338 case CRK_MOD_EXP_CRT: 1339 if (in == 6 && out == 1) 1340 break; 1341 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1342 return (EINVAL); 1343 case CRK_DSA_SIGN: 1344 if (in == 5 && out == 2) 1345 break; 1346 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1347 return (EINVAL); 1348 case CRK_DSA_VERIFY: 1349 if (in == 7 && out == 0) 1350 break; 1351 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1352 return (EINVAL); 1353 case CRK_DH_COMPUTE_KEY: 1354 if (in == 3 && out == 1) 1355 break; 1356 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1357 return (EINVAL); 1358 default: 1359 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1360 return (EINVAL); 1361 } 1362 1363 krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); 1364 if (!krp) { 1365 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1366 return (ENOMEM); 1367 } 1368 krp->krp_op = kop->crk_op; 1369 krp->krp_status = kop->crk_status; 1370 krp->krp_iparams = kop->crk_iparams; 1371 krp->krp_oparams = kop->crk_oparams; 1372 krp->krp_crid = kop->crk_crid; 1373 krp->krp_status = 0; 1374 krp->krp_callback = cryptodevkey_cb; 1375 1376 for (i = 0; i < CRK_MAXPARAM; i++) { 1377 if (kop->crk_param[i].crp_nbits > 65536) { 1378 /* Limit is the same as in OpenBSD */ 1379 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1380 goto fail; 1381 } 1382 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 1383 } 1384 for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 1385 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1386 if (size == 0) 1387 continue; 1388 krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); 1389 if (i >= krp->krp_iparams) 1390 continue; 1391 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 1392 if (error) { 1393 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1394 goto fail; 1395 } 1396 } 1397 1398 error = crypto_kdispatch(krp); 1399 if (error) { 1400 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1401 goto fail; 1402 } 1403 error = tsleep(krp, PSOCK, "crydev", 0); 1404 if (error) { 1405 /* XXX can this happen? if so, how do we recover? */ 1406 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1407 goto fail; 1408 } 1409 1410 kop->crk_crid = krp->krp_hid; /* device that did the work */ 1411 if (krp->krp_status != 0) { 1412 error = krp->krp_status; 1413 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1414 goto fail; 1415 } 1416 1417 for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 1418 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1419 if (size == 0) 1420 continue; 1421 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 1422 if (error) { 1423 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1424 goto fail; 1425 } 1426 } 1427 1428 fail: 1429 if (krp) { 1430 kop->crk_status = krp->krp_status; 1431 for (i = 0; i < CRK_MAXPARAM; i++) { 1432 if (krp->krp_param[i].crp_p) 1433 free(krp->krp_param[i].crp_p, M_XDATA); 1434 } 1435 free(krp, M_XDATA); 1436 } 1437 return (error); 1438 } 1439 1440 static int 1441 cryptodev_find(struct crypt_find_op *find) 1442 { 1443 device_t dev; 1444 size_t fnlen = sizeof find->name; 1445 1446 if (find->crid != -1) { 1447 dev = crypto_find_device_byhid(find->crid); 1448 if (dev == NULL) 1449 return (ENOENT); 1450 strncpy(find->name, device_get_nameunit(dev), fnlen); 1451 find->name[fnlen - 1] = '\x0'; 1452 } else { 1453 find->name[fnlen - 1] = '\x0'; 1454 find->crid = crypto_find_driver(find->name); 1455 if (find->crid == -1) 1456 return (ENOENT); 1457 } 1458 return (0); 1459 } 1460 1461 /* ARGSUSED */ 1462 static int 1463 cryptof_stat( 1464 struct file *fp, 1465 struct stat *sb, 1466 struct ucred *active_cred, 1467 struct thread *td) 1468 { 1469 1470 return (EOPNOTSUPP); 1471 } 1472 1473 /* ARGSUSED */ 1474 static int 1475 cryptof_close(struct file *fp, struct thread *td) 1476 { 1477 struct fcrypt *fcr = fp->f_data; 1478 struct csession *cse; 1479 1480 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1481 TAILQ_REMOVE(&fcr->csessions, cse, next); 1482 KASSERT(cse->refs == 1, 1483 ("%s: crypto session %p with %d refs", __func__, cse, 1484 cse->refs)); 1485 csefree(cse); 1486 } 1487 free(fcr, M_XDATA); 1488 fp->f_data = NULL; 1489 return 0; 1490 } 1491 1492 static int 1493 cryptof_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) 1494 { 1495 1496 kif->kf_type = KF_TYPE_CRYPTO; 1497 return (0); 1498 } 1499 1500 static struct csession * 1501 csefind(struct fcrypt *fcr, u_int ses) 1502 { 1503 struct csession *cse; 1504 1505 mtx_lock(&fcr->lock); 1506 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1507 if (cse->ses == ses) { 1508 refcount_acquire(&cse->refs); 1509 mtx_unlock(&fcr->lock); 1510 return (cse); 1511 } 1512 } 1513 mtx_unlock(&fcr->lock); 1514 return (NULL); 1515 } 1516 1517 static bool 1518 csedelete(struct fcrypt *fcr, u_int ses) 1519 { 1520 struct csession *cse; 1521 1522 mtx_lock(&fcr->lock); 1523 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1524 if (cse->ses == ses) { 1525 TAILQ_REMOVE(&fcr->csessions, cse, next); 1526 mtx_unlock(&fcr->lock); 1527 csefree(cse); 1528 return (true); 1529 } 1530 } 1531 mtx_unlock(&fcr->lock); 1532 return (false); 1533 } 1534 1535 struct csession * 1536 csecreate(struct fcrypt *fcr, crypto_session_t cses, 1537 struct crypto_session_params *csp, struct enc_xform *txform, 1538 void *key, struct auth_hash *thash, void *mackey) 1539 { 1540 struct csession *cse; 1541 1542 cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT | M_ZERO); 1543 if (cse == NULL) 1544 return NULL; 1545 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 1546 refcount_init(&cse->refs, 1); 1547 cse->key = key; 1548 cse->mackey = mackey; 1549 cse->mode = csp->csp_mode; 1550 cse->cses = cses; 1551 cse->txform = txform; 1552 if (thash != NULL) 1553 cse->hashsize = thash->hashsize; 1554 else if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) 1555 cse->hashsize = AES_GMAC_HASH_LEN; 1556 else if (csp->csp_cipher_alg == CRYPTO_AES_CCM_16) 1557 cse->hashsize = AES_CBC_MAC_HASH_LEN; 1558 cse->ivsize = csp->csp_ivlen; 1559 mtx_lock(&fcr->lock); 1560 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 1561 cse->ses = fcr->sesn++; 1562 mtx_unlock(&fcr->lock); 1563 return (cse); 1564 } 1565 1566 static void 1567 csefree(struct csession *cse) 1568 { 1569 1570 if (!refcount_release(&cse->refs)) 1571 return; 1572 crypto_freesession(cse->cses); 1573 mtx_destroy(&cse->lock); 1574 if (cse->key) 1575 free(cse->key, M_XDATA); 1576 if (cse->mackey) 1577 free(cse->mackey, M_XDATA); 1578 free(cse, M_XDATA); 1579 } 1580 1581 static int 1582 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) 1583 { 1584 struct file *f; 1585 struct fcrypt *fcr; 1586 int fd, error; 1587 1588 switch (cmd) { 1589 case CRIOGET: 1590 error = falloc_noinstall(td, &f); 1591 if (error) 1592 break; 1593 1594 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); 1595 TAILQ_INIT(&fcr->csessions); 1596 mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); 1597 1598 finit(f, FREAD | FWRITE, DTYPE_CRYPTO, fcr, &cryptofops); 1599 error = finstall(td, f, &fd, 0, NULL); 1600 if (error) { 1601 mtx_destroy(&fcr->lock); 1602 free(fcr, M_XDATA); 1603 } else 1604 *(uint32_t *)data = fd; 1605 fdrop(f, td); 1606 break; 1607 case CRIOFINDDEV: 1608 error = cryptodev_find((struct crypt_find_op *)data); 1609 break; 1610 case CRIOASYMFEAT: 1611 error = crypto_getfeat((int *)data); 1612 break; 1613 default: 1614 error = EINVAL; 1615 break; 1616 } 1617 return (error); 1618 } 1619 1620 static struct cdevsw crypto_cdevsw = { 1621 .d_version = D_VERSION, 1622 .d_ioctl = cryptoioctl, 1623 .d_name = "crypto", 1624 }; 1625 static struct cdev *crypto_dev; 1626 1627 /* 1628 * Initialization code, both for static and dynamic loading. 1629 */ 1630 static int 1631 cryptodev_modevent(module_t mod, int type, void *unused) 1632 { 1633 switch (type) { 1634 case MOD_LOAD: 1635 if (bootverbose) 1636 printf("crypto: <crypto device>\n"); 1637 crypto_dev = make_dev(&crypto_cdevsw, 0, 1638 UID_ROOT, GID_WHEEL, 0666, 1639 "crypto"); 1640 return 0; 1641 case MOD_UNLOAD: 1642 /*XXX disallow if active sessions */ 1643 destroy_dev(crypto_dev); 1644 return 0; 1645 } 1646 return EINVAL; 1647 } 1648 1649 static moduledata_t cryptodev_mod = { 1650 "cryptodev", 1651 cryptodev_modevent, 1652 0 1653 }; 1654 MODULE_VERSION(cryptodev, 1); 1655 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1656 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1657 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1658