The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/cryptodev.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $  */
    2 
    3 /*-
    4  * Copyright (c) 2001 Theo de Raadt
    5  *
    6  * Redistribution and use in source and binary forms, with or without
    7  * modification, are permitted provided that the following conditions
    8  * are met:
    9  *
   10  * 1. Redistributions of source code must retain the above copyright
   11  *   notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *   notice, this list of conditions and the following disclaimer in the
   14  *   documentation and/or other materials provided with the distribution.
   15  * 3. The name of the author may not be used to endorse or promote products
   16  *   derived from this software without specific prior written permission.
   17  *
   18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   19  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   20  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   21  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   22  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   23  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   24  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   25  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   28  *
   29  * Effort sponsored in part by the Defense Advanced Research Projects
   30  * Agency (DARPA) and Air Force Research Laboratory, Air Force
   31  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
   32  */
   33 
   34 #include <sys/cdefs.h>
   35 __FBSDID("$FreeBSD: releng/6.2/sys/opencrypto/cryptodev.c 161998 2006-09-04 15:16:14Z pjd $");
   36 
   37 #include <sys/param.h>
   38 #include <sys/systm.h>
   39 #include <sys/malloc.h>
   40 #include <sys/mbuf.h>
   41 #include <sys/lock.h>
   42 #include <sys/mutex.h>
   43 #include <sys/sysctl.h>
   44 #include <sys/file.h>
   45 #include <sys/filedesc.h>
   46 #include <sys/errno.h>
   47 #include <sys/random.h>
   48 #include <sys/conf.h>
   49 #include <sys/kernel.h>
   50 #include <sys/module.h>
   51 #include <sys/fcntl.h>
   52 
   53 #include <opencrypto/cryptodev.h>
   54 #include <opencrypto/xform.h>
   55 
   56 struct csession {
   57         TAILQ_ENTRY(csession) next;
   58         u_int64_t       sid;
   59         u_int32_t       ses;
   60         struct mtx      lock;           /* for op submission */
   61 
   62         u_int32_t       cipher;
   63         struct enc_xform *txform;
   64         u_int32_t       mac;
   65         struct auth_hash *thash;
   66 
   67         caddr_t         key;
   68         int             keylen;
   69         u_char          tmp_iv[EALG_MAX_BLOCK_LEN];
   70 
   71         caddr_t         mackey;
   72         int             mackeylen;
   73 
   74         caddr_t         buf;
   75         int             error;
   76 };
   77 
   78 struct fcrypt {
   79         TAILQ_HEAD(csessionlist, csession) csessions;
   80         int             sesn;
   81 };
   82 
   83 static  int cryptof_rw(struct file *fp, struct uio *uio,
   84                     struct ucred *cred, int flags, struct thread *);
   85 static  int cryptof_ioctl(struct file *, u_long, void *,
   86                     struct ucred *, struct thread *);
   87 static  int cryptof_poll(struct file *, int, struct ucred *, struct thread *);
   88 static  int cryptof_kqfilter(struct file *, struct knote *);
   89 static  int cryptof_stat(struct file *, struct stat *,
   90                     struct ucred *, struct thread *);
   91 static  int cryptof_close(struct file *, struct thread *);
   92 
   93 static struct fileops cryptofops = {
   94     .fo_read = cryptof_rw,
   95     .fo_write = cryptof_rw,
   96     .fo_ioctl = cryptof_ioctl,
   97     .fo_poll = cryptof_poll,
   98     .fo_kqfilter = cryptof_kqfilter,
   99     .fo_stat = cryptof_stat,
  100     .fo_close = cryptof_close
  101 };
  102 
  103 static struct csession *csefind(struct fcrypt *, u_int);
  104 static int csedelete(struct fcrypt *, struct csession *);
  105 static struct csession *cseadd(struct fcrypt *, struct csession *);
  106 static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t,
  107     u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
  108     struct auth_hash *);
  109 static int csefree(struct csession *);
  110 
  111 static  int cryptodev_op(struct csession *, struct crypt_op *,
  112                         struct ucred *, struct thread *td);
  113 static  int cryptodev_key(struct crypt_kop *);
  114 
  115 static int
  116 cryptof_rw(
  117         struct file *fp,
  118         struct uio *uio,
  119         struct ucred *active_cred,
  120         int flags,
  121         struct thread *td)
  122 {
  123 
  124         return (EIO);
  125 }
  126 
  127 /* ARGSUSED */
  128 static int
  129 cryptof_ioctl(
  130         struct file *fp,
  131         u_long cmd,
  132         void *data,
  133         struct ucred *active_cred,
  134         struct thread *td)
  135 {
  136         struct cryptoini cria, crie;
  137         struct fcrypt *fcr = fp->f_data;
  138         struct csession *cse;
  139         struct session_op *sop;
  140         struct crypt_op *cop;
  141         struct enc_xform *txform = NULL;
  142         struct auth_hash *thash = NULL;
  143         u_int64_t sid;
  144         u_int32_t ses;
  145         int error = 0;
  146 
  147         /*
  148          * XXX: Not sure Giant is needed, but better safe than sorry
  149          */
  150         mtx_lock(&Giant);
  151         switch (cmd) {
  152         case CIOCGSESSION:
  153                 sop = (struct session_op *)data;
  154                 switch (sop->cipher) {
  155                 case 0:
  156                         break;
  157                 case CRYPTO_DES_CBC:
  158                         txform = &enc_xform_des;
  159                         break;
  160                 case CRYPTO_3DES_CBC:
  161                         txform = &enc_xform_3des;
  162                         break;
  163                 case CRYPTO_BLF_CBC:
  164                         txform = &enc_xform_blf;
  165                         break;
  166                 case CRYPTO_CAST_CBC:
  167                         txform = &enc_xform_cast5;
  168                         break;
  169                 case CRYPTO_SKIPJACK_CBC:
  170                         txform = &enc_xform_skipjack;
  171                         break;
  172                 case CRYPTO_AES_CBC:
  173                         txform = &enc_xform_rijndael128;
  174                         break;
  175                 case CRYPTO_NULL_CBC:
  176                         txform = &enc_xform_null;
  177                         break;
  178                 case CRYPTO_ARC4:
  179                         txform = &enc_xform_arc4;
  180                         break;
  181                 default:
  182                         mtx_unlock(&Giant);
  183                         return (EINVAL);
  184                 }
  185 
  186                 switch (sop->mac) {
  187                 case 0:
  188                         break;
  189                 case CRYPTO_MD5_HMAC:
  190                         thash = &auth_hash_hmac_md5;
  191                         break;
  192                 case CRYPTO_SHA1_HMAC:
  193                         thash = &auth_hash_hmac_sha1;
  194                         break;
  195                 case CRYPTO_SHA2_256_HMAC:
  196                         thash = &auth_hash_hmac_sha2_256;
  197                         break;
  198                 case CRYPTO_SHA2_384_HMAC:
  199                         thash = &auth_hash_hmac_sha2_384;
  200                         break;
  201                 case CRYPTO_SHA2_512_HMAC:
  202                         thash = &auth_hash_hmac_sha2_512;
  203                         break;
  204                 case CRYPTO_RIPEMD160_HMAC:
  205                         thash = &auth_hash_hmac_ripemd_160;
  206                         break;
  207 #ifdef notdef
  208                 case CRYPTO_MD5:
  209                         thash = &auth_hash_md5;
  210                         break;
  211                 case CRYPTO_SHA1:
  212                         thash = &auth_hash_sha1;
  213                         break;
  214 #endif
  215                 case CRYPTO_NULL_HMAC:
  216                         thash = &auth_hash_null;
  217                         break;
  218                 default:
  219                         mtx_unlock(&Giant);
  220                         return (EINVAL);
  221                 }
  222 
  223                 bzero(&crie, sizeof(crie));
  224                 bzero(&cria, sizeof(cria));
  225 
  226                 if (txform) {
  227                         crie.cri_alg = txform->type;
  228                         crie.cri_klen = sop->keylen * 8;
  229                         if (sop->keylen > txform->maxkey ||
  230                             sop->keylen < txform->minkey) {
  231                                 error = EINVAL;
  232                                 goto bail;
  233                         }
  234 
  235                         MALLOC(crie.cri_key, u_int8_t *,
  236                             crie.cri_klen / 8, M_XDATA, M_WAITOK);
  237                         if ((error = copyin(sop->key, crie.cri_key,
  238                             crie.cri_klen / 8)))
  239                                 goto bail;
  240                         if (thash)
  241                                 crie.cri_next = &cria;
  242                 }
  243 
  244                 if (thash) {
  245                         cria.cri_alg = thash->type;
  246                         cria.cri_klen = sop->mackeylen * 8;
  247                         if (sop->mackeylen != thash->keysize) {
  248                                 error = EINVAL;
  249                                 goto bail;
  250                         }
  251 
  252                         if (cria.cri_klen) {
  253                                 MALLOC(cria.cri_key, u_int8_t *,
  254                                     cria.cri_klen / 8, M_XDATA, M_WAITOK);
  255                                 if ((error = copyin(sop->mackey, cria.cri_key,
  256                                     cria.cri_klen / 8)))
  257                                         goto bail;
  258                         }
  259                 }
  260 
  261                 error = crypto_newsession(&sid, (txform ? &crie : &cria), 1);
  262                 if (error) {
  263                         if (crypto_devallowsoft) {
  264                                 error = crypto_newsession(&sid,
  265                                     (txform ? &crie : &cria), 0);
  266                         }
  267                         if (error)
  268                                 goto bail;
  269                 }
  270 
  271                 cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
  272                     cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
  273                     thash);
  274 
  275                 if (cse == NULL) {
  276                         crypto_freesession(sid);
  277                         error = EINVAL;
  278                         goto bail;
  279                 }
  280                 sop->ses = cse->ses;
  281 
  282 bail:
  283                 if (error) {
  284                         if (crie.cri_key)
  285                                 FREE(crie.cri_key, M_XDATA);
  286                         if (cria.cri_key)
  287                                 FREE(cria.cri_key, M_XDATA);
  288                 }
  289                 break;
  290         case CIOCFSESSION:
  291                 ses = *(u_int32_t *)data;
  292                 cse = csefind(fcr, ses);
  293                 if (cse == NULL) {
  294                         mtx_unlock(&Giant);
  295                         return (EINVAL);
  296                 }
  297                 csedelete(fcr, cse);
  298                 error = csefree(cse);
  299                 break;
  300         case CIOCCRYPT:
  301                 cop = (struct crypt_op *)data;
  302                 cse = csefind(fcr, cop->ses);
  303                 if (cse == NULL) {
  304                         mtx_unlock(&Giant);
  305                         return (EINVAL);
  306                 }
  307                 error = cryptodev_op(cse, cop, active_cred, td);
  308                 break;
  309         case CIOCKEY:
  310                 error = cryptodev_key((struct crypt_kop *)data);
  311                 break;
  312         case CIOCASYMFEAT:
  313                 error = crypto_getfeat((int *)data);
  314                 break;
  315         default:
  316                 error = EINVAL;
  317         }
  318         mtx_unlock(&Giant);
  319         return (error);
  320 }
  321 
  322 static int cryptodev_cb(void *);
  323 
  324 
  325 static int
  326 cryptodev_op(
  327         struct csession *cse,
  328         struct crypt_op *cop,
  329         struct ucred *active_cred,
  330         struct thread *td)
  331 {
  332         struct cryptop *crp = NULL;
  333         struct cryptodesc *crde = NULL, *crda = NULL;
  334         int error, len;
  335 
  336         if (cop->len > 256*1024-4)
  337                 return (E2BIG);
  338 
  339         if (cse->txform) {
  340                 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0)
  341                         return (EINVAL);
  342         }
  343 
  344         len = cop->len + (cse->thash ? cse->thash->hashsize : 0);
  345 
  346         cse->buf = malloc(len, M_XDATA, M_WAITOK);
  347 
  348         crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
  349         if (crp == NULL) {
  350                 error = ENOMEM;
  351                 goto bail;
  352         }
  353 
  354         if (cse->thash) {
  355                 crda = crp->crp_desc;
  356                 if (cse->txform)
  357                         crde = crda->crd_next;
  358         } else {
  359                 if (cse->txform)
  360                         crde = crp->crp_desc;
  361                 else {
  362                         error = EINVAL;
  363                         goto bail;
  364                 }
  365         }
  366 
  367         if ((error = copyin(cop->src, cse->buf, cop->len)))
  368                 goto bail;
  369 
  370         if (crda) {
  371                 crda->crd_skip = 0;
  372                 crda->crd_len = cop->len;
  373                 crda->crd_inject = cop->len;
  374 
  375                 crda->crd_alg = cse->mac;
  376                 crda->crd_key = cse->mackey;
  377                 crda->crd_klen = cse->mackeylen * 8;
  378         }
  379 
  380         if (crde) {
  381                 if (cop->op == COP_ENCRYPT)
  382                         crde->crd_flags |= CRD_F_ENCRYPT;
  383                 else
  384                         crde->crd_flags &= ~CRD_F_ENCRYPT;
  385                 crde->crd_len = cop->len;
  386                 crde->crd_inject = 0;
  387 
  388                 crde->crd_alg = cse->cipher;
  389                 crde->crd_key = cse->key;
  390                 crde->crd_klen = cse->keylen * 8;
  391         }
  392 
  393         crp->crp_ilen = len;
  394         crp->crp_flags = CRYPTO_F_CBIMM | (cop->flags & COP_F_BATCH);
  395         crp->crp_buf = cse->buf;
  396         crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb;
  397         crp->crp_sid = cse->sid;
  398         crp->crp_opaque = (void *)cse;
  399 
  400         if (cop->iv) {
  401                 if (crde == NULL) {
  402                         error = EINVAL;
  403                         goto bail;
  404                 }
  405                 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  406                         error = EINVAL;
  407                         goto bail;
  408                 }
  409                 if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize)))
  410                         goto bail;
  411                 bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize);
  412                 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
  413                 crde->crd_skip = 0;
  414         } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  415                 crde->crd_skip = 0;
  416         } else if (crde) {
  417                 crde->crd_flags |= CRD_F_IV_PRESENT;
  418                 crde->crd_skip = cse->txform->blocksize;
  419                 crde->crd_len -= cse->txform->blocksize;
  420         }
  421 
  422         if (cop->mac && crda == NULL) {
  423                 error = EINVAL;
  424                 goto bail;
  425         }
  426 
  427         /*
  428          * Let the dispatch run unlocked, then, interlock against the
  429          * callback before checking if the operation completed and going
  430          * to sleep.  This insures drivers don't inherit our lock which
  431          * results in a lock order reversal between crypto_dispatch forced
  432          * entry and the crypto_done callback into us.
  433          */
  434         error = crypto_dispatch(crp);
  435         mtx_lock(&cse->lock);
  436         if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0)
  437                 error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
  438         mtx_unlock(&cse->lock);
  439 
  440         if (error != 0)
  441                 goto bail;
  442 
  443         if (crp->crp_etype != 0) {
  444                 error = crp->crp_etype;
  445                 goto bail;
  446         }
  447 
  448         if (cse->error) {
  449                 error = cse->error;
  450                 goto bail;
  451         }
  452 
  453         if (cop->dst && (error = copyout(cse->buf, cop->dst, cop->len)))
  454                 goto bail;
  455 
  456         if (cop->mac && (error = copyout(cse->buf + cop->len, cop->mac,
  457             cse->thash->hashsize))) {
  458                 goto bail;
  459         }
  460 
  461 bail:
  462         if (crp)
  463                 crypto_freereq(crp);
  464         free(cse->buf, M_XDATA);
  465 
  466         return (error);
  467 }
  468 
  469 static int
  470 cryptodev_cb(void *op)
  471 {
  472         struct cryptop *crp = (struct cryptop *) op;
  473         struct csession *cse = (struct csession *)crp->crp_opaque;
  474 
  475         cse->error = crp->crp_etype;
  476         if (crp->crp_etype == EAGAIN)
  477                 return crypto_dispatch(crp);
  478         mtx_lock(&cse->lock);
  479         wakeup_one(crp);
  480         mtx_unlock(&cse->lock);
  481         return (0);
  482 }
  483 
  484 static int
  485 cryptodevkey_cb(void *op)
  486 {
  487         struct cryptkop *krp = (struct cryptkop *) op;
  488 
  489         wakeup(krp);
  490         return (0);
  491 }
  492 
  493 static int
  494 cryptodev_key(struct crypt_kop *kop)
  495 {
  496         struct cryptkop *krp = NULL;
  497         int error = EINVAL;
  498         int in, out, size, i;
  499 
  500         if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
  501                 return (EFBIG);
  502         }
  503 
  504         in = kop->crk_iparams;
  505         out = kop->crk_oparams;
  506         switch (kop->crk_op) {
  507         case CRK_MOD_EXP:
  508                 if (in == 3 && out == 1)
  509                         break;
  510                 return (EINVAL);
  511         case CRK_MOD_EXP_CRT:
  512                 if (in == 6 && out == 1)
  513                         break;
  514                 return (EINVAL);
  515         case CRK_DSA_SIGN:
  516                 if (in == 5 && out == 2)
  517                         break;
  518                 return (EINVAL);
  519         case CRK_DSA_VERIFY:
  520                 if (in == 7 && out == 0)
  521                         break;
  522                 return (EINVAL);
  523         case CRK_DH_COMPUTE_KEY:
  524                 if (in == 3 && out == 1)
  525                         break;
  526                 return (EINVAL);
  527         default:
  528                 return (EINVAL);
  529         }
  530 
  531         krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK);
  532         if (!krp)
  533                 return (ENOMEM);
  534         bzero(krp, sizeof *krp);
  535         krp->krp_op = kop->crk_op;
  536         krp->krp_status = kop->crk_status;
  537         krp->krp_iparams = kop->crk_iparams;
  538         krp->krp_oparams = kop->crk_oparams;
  539         krp->krp_status = 0;
  540         krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
  541 
  542         for (i = 0; i < CRK_MAXPARAM; i++)
  543                 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
  544         for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
  545                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  546                 if (size == 0)
  547                         continue;
  548                 MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK);
  549                 if (i >= krp->krp_iparams)
  550                         continue;
  551                 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
  552                 if (error)
  553                         goto fail;
  554         }
  555 
  556         error = crypto_kdispatch(krp);
  557         if (error)
  558                 goto fail;
  559         error = tsleep(krp, PSOCK, "crydev", 0);
  560         if (error) {
  561                 /* XXX can this happen?  if so, how do we recover? */
  562                 goto fail;
  563         }
  564         
  565         if (krp->krp_status != 0) {
  566                 error = krp->krp_status;
  567                 goto fail;
  568         }
  569 
  570         for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
  571                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  572                 if (size == 0)
  573                         continue;
  574                 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
  575                 if (error)
  576                         goto fail;
  577         }
  578 
  579 fail:
  580         if (krp) {
  581                 kop->crk_status = krp->krp_status;
  582                 for (i = 0; i < CRK_MAXPARAM; i++) {
  583                         if (krp->krp_param[i].crp_p)
  584                                 FREE(krp->krp_param[i].crp_p, M_XDATA);
  585                 }
  586                 free(krp, M_XDATA);
  587         }
  588         return (error);
  589 }
  590 
  591 /* ARGSUSED */
  592 static int
  593 cryptof_poll(
  594         struct file *fp,
  595         int events,
  596         struct ucred *active_cred,
  597         struct thread *td)
  598 {
  599 
  600         return (0);
  601 }
  602 
  603 /* ARGSUSED */
  604 static int
  605 cryptof_kqfilter(struct file *fp, struct knote *kn)
  606 {
  607 
  608         return (0);
  609 }
  610 
  611 /* ARGSUSED */
  612 static int
  613 cryptof_stat(
  614         struct file *fp,
  615         struct stat *sb,
  616         struct ucred *active_cred,
  617         struct thread *td)
  618 {
  619 
  620         return (EOPNOTSUPP);
  621 }
  622 
  623 /* ARGSUSED */
  624 static int
  625 cryptof_close(struct file *fp, struct thread *td)
  626 {
  627         struct fcrypt *fcr = fp->f_data;
  628         struct csession *cse;
  629 
  630         while ((cse = TAILQ_FIRST(&fcr->csessions))) {
  631                 TAILQ_REMOVE(&fcr->csessions, cse, next);
  632                 (void)csefree(cse);
  633         }
  634         FREE(fcr, M_XDATA);
  635         fp->f_data = NULL;
  636         return 0;
  637 }
  638 
  639 static struct csession *
  640 csefind(struct fcrypt *fcr, u_int ses)
  641 {
  642         struct csession *cse;
  643 
  644         TAILQ_FOREACH(cse, &fcr->csessions, next)
  645                 if (cse->ses == ses)
  646                         return (cse);
  647         return (NULL);
  648 }
  649 
  650 static int
  651 csedelete(struct fcrypt *fcr, struct csession *cse_del)
  652 {
  653         struct csession *cse;
  654 
  655         TAILQ_FOREACH(cse, &fcr->csessions, next) {
  656                 if (cse == cse_del) {
  657                         TAILQ_REMOVE(&fcr->csessions, cse, next);
  658                         return (1);
  659                 }
  660         }
  661         return (0);
  662 }
  663         
  664 static struct csession *
  665 cseadd(struct fcrypt *fcr, struct csession *cse)
  666 {
  667         TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
  668         cse->ses = fcr->sesn++;
  669         return (cse);
  670 }
  671 
  672 struct csession *
  673 csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
  674     caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
  675     struct enc_xform *txform, struct auth_hash *thash)
  676 {
  677         struct csession *cse;
  678 
  679 #ifdef INVARIANTS
  680         /* NB: required when mtx_init is built with INVARIANTS */
  681         MALLOC(cse, struct csession *, sizeof(struct csession),
  682             M_XDATA, M_NOWAIT | M_ZERO);
  683 #else
  684         MALLOC(cse, struct csession *, sizeof(struct csession),
  685             M_XDATA, M_NOWAIT);
  686 #endif
  687         if (cse == NULL)
  688                 return NULL;
  689         mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF);
  690         cse->key = key;
  691         cse->keylen = keylen/8;
  692         cse->mackey = mackey;
  693         cse->mackeylen = mackeylen/8;
  694         cse->sid = sid;
  695         cse->cipher = cipher;
  696         cse->mac = mac;
  697         cse->txform = txform;
  698         cse->thash = thash;
  699         cseadd(fcr, cse);
  700         return (cse);
  701 }
  702 
  703 static int
  704 csefree(struct csession *cse)
  705 {
  706         int error;
  707 
  708         error = crypto_freesession(cse->sid);
  709         mtx_destroy(&cse->lock);
  710         if (cse->key)
  711                 FREE(cse->key, M_XDATA);
  712         if (cse->mackey)
  713                 FREE(cse->mackey, M_XDATA);
  714         FREE(cse, M_XDATA);
  715         return (error);
  716 }
  717 
  718 static int
  719 cryptoopen(struct cdev *dev, int oflags, int devtype, struct thread *td)
  720 {
  721         return (0);
  722 }
  723 
  724 static int
  725 cryptoread(struct cdev *dev, struct uio *uio, int ioflag)
  726 {
  727         return (EIO);
  728 }
  729 
  730 static int
  731 cryptowrite(struct cdev *dev, struct uio *uio, int ioflag)
  732 {
  733         return (EIO);
  734 }
  735 
  736 static int
  737 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
  738 {
  739         struct file *f;
  740         struct fcrypt *fcr;
  741         int fd, error;
  742 
  743         switch (cmd) {
  744         case CRIOGET:
  745                 MALLOC(fcr, struct fcrypt *,
  746                     sizeof(struct fcrypt), M_XDATA, M_WAITOK);
  747                 TAILQ_INIT(&fcr->csessions);
  748                 fcr->sesn = 0;
  749 
  750                 error = falloc(td, &f, &fd);
  751 
  752                 if (error) {
  753                         FREE(fcr, M_XDATA);
  754                         return (error);
  755                 }
  756                 /* falloc automatically provides an extra reference to 'f'. */
  757                 f->f_flag = FREAD | FWRITE;
  758                 f->f_type = DTYPE_CRYPTO;
  759                 f->f_ops = &cryptofops;
  760                 f->f_data = fcr;
  761                 *(u_int32_t *)data = fd;
  762                 fdrop(f, td);
  763                 break;
  764         default:
  765                 error = EINVAL;
  766                 break;
  767         }
  768         return (error);
  769 }
  770 
  771 static struct cdevsw crypto_cdevsw = {
  772         .d_version =    D_VERSION,
  773         .d_flags =      D_NEEDGIANT,
  774         .d_open =       cryptoopen,
  775         .d_read =       cryptoread,
  776         .d_write =      cryptowrite,
  777         .d_ioctl =      cryptoioctl,
  778         .d_name =       "crypto",
  779 };
  780 static struct cdev *crypto_dev;
  781 
  782 /*
  783  * Initialization code, both for static and dynamic loading.
  784  */
  785 static int
  786 cryptodev_modevent(module_t mod, int type, void *unused)
  787 {
  788         switch (type) {
  789         case MOD_LOAD:
  790                 if (bootverbose)
  791                         printf("crypto: <crypto device>\n");
  792                 crypto_dev = make_dev(&crypto_cdevsw, 0, 
  793                                       UID_ROOT, GID_WHEEL, 0666,
  794                                       "crypto");
  795                 return 0;
  796         case MOD_UNLOAD:
  797                 /*XXX disallow if active sessions */
  798                 destroy_dev(crypto_dev);
  799                 return 0;
  800         }
  801         return EINVAL;
  802 }
  803 
  804 static moduledata_t cryptodev_mod = {
  805         "cryptodev",
  806         cryptodev_modevent,
  807         0
  808 };
  809 MODULE_VERSION(cryptodev, 1);
  810 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
  811 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1);
  812 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1);

Cache object: ed785e5501e01f9a6fa9b2a02e47574f


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.