The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/cryptodev.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $  */
    2 
    3 /*-
    4  * Copyright (c) 2001 Theo de Raadt
    5  * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  *
   11  * 1. Redistributions of source code must retain the above copyright
   12  *   notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *   notice, this list of conditions and the following disclaimer in the
   15  *   documentation and/or other materials provided with the distribution.
   16  * 3. The name of the author may not be used to endorse or promote products
   17  *   derived from this software without specific prior written permission.
   18  *
   19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   20  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   21  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   22  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   23  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   24  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   28  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   29  *
   30  * Effort sponsored in part by the Defense Advanced Research Projects
   31  * Agency (DARPA) and Air Force Research Laboratory, Air Force
   32  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
   33  */
   34 
   35 #include <sys/cdefs.h>
   36 __FBSDID("$FreeBSD: releng/7.3/sys/opencrypto/cryptodev.c 172474 2007-10-08 20:08:34Z kib $");
   37 
   38 #include <sys/param.h>
   39 #include <sys/systm.h>
   40 #include <sys/malloc.h>
   41 #include <sys/mbuf.h>
   42 #include <sys/lock.h>
   43 #include <sys/mutex.h>
   44 #include <sys/sysctl.h>
   45 #include <sys/file.h>
   46 #include <sys/filedesc.h>
   47 #include <sys/errno.h>
   48 #include <sys/uio.h>
   49 #include <sys/random.h>
   50 #include <sys/conf.h>
   51 #include <sys/kernel.h>
   52 #include <sys/module.h>
   53 #include <sys/fcntl.h>
   54 #include <sys/bus.h>
   55 
   56 #include <opencrypto/cryptodev.h>
   57 #include <opencrypto/xform.h>
   58 
   59 struct csession {
   60         TAILQ_ENTRY(csession) next;
   61         u_int64_t       sid;
   62         u_int32_t       ses;
   63         struct mtx      lock;           /* for op submission */
   64 
   65         u_int32_t       cipher;
   66         struct enc_xform *txform;
   67         u_int32_t       mac;
   68         struct auth_hash *thash;
   69 
   70         caddr_t         key;
   71         int             keylen;
   72         u_char          tmp_iv[EALG_MAX_BLOCK_LEN];
   73 
   74         caddr_t         mackey;
   75         int             mackeylen;
   76 
   77         struct iovec    iovec;
   78         struct uio      uio;
   79         int             error;
   80 };
   81 
   82 struct fcrypt {
   83         TAILQ_HEAD(csessionlist, csession) csessions;
   84         int             sesn;
   85 };
   86 
   87 static  int cryptof_rw(struct file *fp, struct uio *uio,
   88                     struct ucred *cred, int flags, struct thread *);
   89 static  int cryptof_ioctl(struct file *, u_long, void *,
   90                     struct ucred *, struct thread *);
   91 static  int cryptof_poll(struct file *, int, struct ucred *, struct thread *);
   92 static  int cryptof_kqfilter(struct file *, struct knote *);
   93 static  int cryptof_stat(struct file *, struct stat *,
   94                     struct ucred *, struct thread *);
   95 static  int cryptof_close(struct file *, struct thread *);
   96 
   97 static struct fileops cryptofops = {
   98     .fo_read = cryptof_rw,
   99     .fo_write = cryptof_rw,
  100     .fo_ioctl = cryptof_ioctl,
  101     .fo_poll = cryptof_poll,
  102     .fo_kqfilter = cryptof_kqfilter,
  103     .fo_stat = cryptof_stat,
  104     .fo_close = cryptof_close
  105 };
  106 
  107 static struct csession *csefind(struct fcrypt *, u_int);
  108 static int csedelete(struct fcrypt *, struct csession *);
  109 static struct csession *cseadd(struct fcrypt *, struct csession *);
  110 static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t,
  111     u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
  112     struct auth_hash *);
  113 static int csefree(struct csession *);
  114 
  115 static  int cryptodev_op(struct csession *, struct crypt_op *,
  116                         struct ucred *, struct thread *td);
  117 static  int cryptodev_key(struct crypt_kop *);
  118 static  int cryptodev_find(struct crypt_find_op *);
  119 
  120 static int
  121 cryptof_rw(
  122         struct file *fp,
  123         struct uio *uio,
  124         struct ucred *active_cred,
  125         int flags,
  126         struct thread *td)
  127 {
  128 
  129         return (EIO);
  130 }
  131 
  132 /*
  133  * Check a crypto identifier to see if it requested
  134  * a software device/driver.  This can be done either
  135  * by device name/class or through search constraints.
  136  */
  137 static int
  138 checkforsoftware(int crid)
  139 {
  140         if (crid & CRYPTOCAP_F_SOFTWARE)
  141                 return EINVAL;          /* XXX */
  142         if ((crid & CRYPTOCAP_F_HARDWARE) == 0 &&
  143             (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0)
  144                 return EINVAL;          /* XXX */
  145         return 0;
  146 }
  147 
  148 /* ARGSUSED */
  149 static int
  150 cryptof_ioctl(
  151         struct file *fp,
  152         u_long cmd,
  153         void *data,
  154         struct ucred *active_cred,
  155         struct thread *td)
  156 {
  157 #define SES2(p) ((struct session2_op *)p)
  158         struct cryptoini cria, crie;
  159         struct fcrypt *fcr = fp->f_data;
  160         struct csession *cse;
  161         struct session_op *sop;
  162         struct crypt_op *cop;
  163         struct enc_xform *txform = NULL;
  164         struct auth_hash *thash = NULL;
  165         struct crypt_kop *kop;
  166         u_int64_t sid;
  167         u_int32_t ses;
  168         int error = 0, crid;
  169 
  170         switch (cmd) {
  171         case CIOCGSESSION:
  172         case CIOCGSESSION2:
  173                 sop = (struct session_op *)data;
  174                 switch (sop->cipher) {
  175                 case 0:
  176                         break;
  177                 case CRYPTO_DES_CBC:
  178                         txform = &enc_xform_des;
  179                         break;
  180                 case CRYPTO_3DES_CBC:
  181                         txform = &enc_xform_3des;
  182                         break;
  183                 case CRYPTO_BLF_CBC:
  184                         txform = &enc_xform_blf;
  185                         break;
  186                 case CRYPTO_CAST_CBC:
  187                         txform = &enc_xform_cast5;
  188                         break;
  189                 case CRYPTO_SKIPJACK_CBC:
  190                         txform = &enc_xform_skipjack;
  191                         break;
  192                 case CRYPTO_AES_CBC:
  193                         txform = &enc_xform_rijndael128;
  194                         break;
  195                 case CRYPTO_NULL_CBC:
  196                         txform = &enc_xform_null;
  197                         break;
  198                 case CRYPTO_ARC4:
  199                         txform = &enc_xform_arc4;
  200                         break;
  201                 case CRYPTO_CAMELLIA_CBC:
  202                         txform = &enc_xform_camellia;
  203                         break;
  204                 default:
  205                         return (EINVAL);
  206                 }
  207 
  208                 switch (sop->mac) {
  209                 case 0:
  210                         break;
  211                 case CRYPTO_MD5_HMAC:
  212                         thash = &auth_hash_hmac_md5;
  213                         break;
  214                 case CRYPTO_SHA1_HMAC:
  215                         thash = &auth_hash_hmac_sha1;
  216                         break;
  217                 case CRYPTO_SHA2_256_HMAC:
  218                         thash = &auth_hash_hmac_sha2_256;
  219                         break;
  220                 case CRYPTO_SHA2_384_HMAC:
  221                         thash = &auth_hash_hmac_sha2_384;
  222                         break;
  223                 case CRYPTO_SHA2_512_HMAC:
  224                         thash = &auth_hash_hmac_sha2_512;
  225                         break;
  226                 case CRYPTO_RIPEMD160_HMAC:
  227                         thash = &auth_hash_hmac_ripemd_160;
  228                         break;
  229 #ifdef notdef
  230                 case CRYPTO_MD5:
  231                         thash = &auth_hash_md5;
  232                         break;
  233                 case CRYPTO_SHA1:
  234                         thash = &auth_hash_sha1;
  235                         break;
  236 #endif
  237                 case CRYPTO_NULL_HMAC:
  238                         thash = &auth_hash_null;
  239                         break;
  240                 default:
  241                         return (EINVAL);
  242                 }
  243 
  244                 bzero(&crie, sizeof(crie));
  245                 bzero(&cria, sizeof(cria));
  246 
  247                 if (txform) {
  248                         crie.cri_alg = txform->type;
  249                         crie.cri_klen = sop->keylen * 8;
  250                         if (sop->keylen > txform->maxkey ||
  251                             sop->keylen < txform->minkey) {
  252                                 error = EINVAL;
  253                                 goto bail;
  254                         }
  255 
  256                         MALLOC(crie.cri_key, u_int8_t *,
  257                             crie.cri_klen / 8, M_XDATA, M_WAITOK);
  258                         if ((error = copyin(sop->key, crie.cri_key,
  259                             crie.cri_klen / 8)))
  260                                 goto bail;
  261                         if (thash)
  262                                 crie.cri_next = &cria;
  263                 }
  264 
  265                 if (thash) {
  266                         cria.cri_alg = thash->type;
  267                         cria.cri_klen = sop->mackeylen * 8;
  268                         if (sop->mackeylen != thash->keysize) {
  269                                 error = EINVAL;
  270                                 goto bail;
  271                         }
  272 
  273                         if (cria.cri_klen) {
  274                                 MALLOC(cria.cri_key, u_int8_t *,
  275                                     cria.cri_klen / 8, M_XDATA, M_WAITOK);
  276                                 if ((error = copyin(sop->mackey, cria.cri_key,
  277                                     cria.cri_klen / 8)))
  278                                         goto bail;
  279                         }
  280                 }
  281 
  282                 /* NB: CIOGSESSION2 has the crid */
  283                 if (cmd == CIOCGSESSION2) {
  284                         crid = SES2(sop)->crid;
  285                         error = checkforsoftware(crid);
  286                         if (error)
  287                                 goto bail;
  288                 } else
  289                         crid = CRYPTOCAP_F_HARDWARE;
  290                 error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
  291                 if (error)
  292                         goto bail;
  293 
  294                 cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
  295                     cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
  296                     thash);
  297 
  298                 if (cse == NULL) {
  299                         crypto_freesession(sid);
  300                         error = EINVAL;
  301                         goto bail;
  302                 }
  303                 sop->ses = cse->ses;
  304                 if (cmd == CIOCGSESSION2) {
  305                         /* return hardware/driver id */
  306                         SES2(sop)->crid = CRYPTO_SESID2HID(cse->sid);
  307                 }
  308 bail:
  309                 if (error) {
  310                         if (crie.cri_key)
  311                                 FREE(crie.cri_key, M_XDATA);
  312                         if (cria.cri_key)
  313                                 FREE(cria.cri_key, M_XDATA);
  314                 }
  315                 break;
  316         case CIOCFSESSION:
  317                 ses = *(u_int32_t *)data;
  318                 cse = csefind(fcr, ses);
  319                 if (cse == NULL)
  320                         return (EINVAL);
  321                 csedelete(fcr, cse);
  322                 error = csefree(cse);
  323                 break;
  324         case CIOCCRYPT:
  325                 cop = (struct crypt_op *)data;
  326                 cse = csefind(fcr, cop->ses);
  327                 if (cse == NULL)
  328                         return (EINVAL);
  329                 error = cryptodev_op(cse, cop, active_cred, td);
  330                 break;
  331         case CIOCKEY:
  332         case CIOCKEY2:
  333                 if (!crypto_userasymcrypto)
  334                         return (EPERM);         /* XXX compat? */
  335                 mtx_lock(&Giant);
  336                 kop = (struct crypt_kop *)data;
  337                 if (cmd == CIOCKEY) {
  338                         /* NB: crypto core enforces s/w driver use */
  339                         kop->crk_crid =
  340                             CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
  341                 }
  342                 error = cryptodev_key(kop);
  343                 mtx_unlock(&Giant);
  344                 break;
  345         case CIOCASYMFEAT:
  346                 if (!crypto_userasymcrypto) {
  347                         /*
  348                          * NB: if user asym crypto operations are
  349                          * not permitted return "no algorithms"
  350                          * so well-behaved applications will just
  351                          * fallback to doing them in software.
  352                          */
  353                         *(int *)data = 0;
  354                 } else
  355                         error = crypto_getfeat((int *)data);
  356                 break;
  357         case CIOCFINDDEV:
  358                 error = cryptodev_find((struct crypt_find_op *)data);
  359                 break;
  360         default:
  361                 error = EINVAL;
  362                 break;
  363         }
  364         return (error);
  365 #undef SES2
  366 }
  367 
  368 static int cryptodev_cb(void *);
  369 
  370 
  371 static int
  372 cryptodev_op(
  373         struct csession *cse,
  374         struct crypt_op *cop,
  375         struct ucred *active_cred,
  376         struct thread *td)
  377 {
  378         struct cryptop *crp = NULL;
  379         struct cryptodesc *crde = NULL, *crda = NULL;
  380         int error;
  381 
  382         if (cop->len > 256*1024-4)
  383                 return (E2BIG);
  384 
  385         if (cse->txform) {
  386                 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0)
  387                         return (EINVAL);
  388         }
  389 
  390         cse->uio.uio_iov = &cse->iovec;
  391         cse->uio.uio_iovcnt = 1;
  392         cse->uio.uio_offset = 0;
  393         cse->uio.uio_resid = cop->len;
  394         cse->uio.uio_segflg = UIO_SYSSPACE;
  395         cse->uio.uio_rw = UIO_WRITE;
  396         cse->uio.uio_td = td;
  397         cse->uio.uio_iov[0].iov_len = cop->len;
  398         if (cse->thash)
  399                 cse->uio.uio_iov[0].iov_len += cse->thash->hashsize;
  400         cse->uio.uio_iov[0].iov_base = malloc(cse->uio.uio_iov[0].iov_len,
  401             M_XDATA, M_WAITOK);
  402 
  403         crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
  404         if (crp == NULL) {
  405                 error = ENOMEM;
  406                 goto bail;
  407         }
  408 
  409         if (cse->thash) {
  410                 crda = crp->crp_desc;
  411                 if (cse->txform)
  412                         crde = crda->crd_next;
  413         } else {
  414                 if (cse->txform)
  415                         crde = crp->crp_desc;
  416                 else {
  417                         error = EINVAL;
  418                         goto bail;
  419                 }
  420         }
  421 
  422         if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len)))
  423                 goto bail;
  424 
  425         if (crda) {
  426                 crda->crd_skip = 0;
  427                 crda->crd_len = cop->len;
  428                 crda->crd_inject = cop->len;
  429 
  430                 crda->crd_alg = cse->mac;
  431                 crda->crd_key = cse->mackey;
  432                 crda->crd_klen = cse->mackeylen * 8;
  433         }
  434 
  435         if (crde) {
  436                 if (cop->op == COP_ENCRYPT)
  437                         crde->crd_flags |= CRD_F_ENCRYPT;
  438                 else
  439                         crde->crd_flags &= ~CRD_F_ENCRYPT;
  440                 crde->crd_len = cop->len;
  441                 crde->crd_inject = 0;
  442 
  443                 crde->crd_alg = cse->cipher;
  444                 crde->crd_key = cse->key;
  445                 crde->crd_klen = cse->keylen * 8;
  446         }
  447 
  448         crp->crp_ilen = cop->len;
  449         crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM
  450                        | (cop->flags & COP_F_BATCH);
  451         crp->crp_buf = (caddr_t)&cse->uio;
  452         crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb;
  453         crp->crp_sid = cse->sid;
  454         crp->crp_opaque = (void *)cse;
  455 
  456         if (cop->iv) {
  457                 if (crde == NULL) {
  458                         error = EINVAL;
  459                         goto bail;
  460                 }
  461                 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  462                         error = EINVAL;
  463                         goto bail;
  464                 }
  465                 if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize)))
  466                         goto bail;
  467                 bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize);
  468                 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
  469                 crde->crd_skip = 0;
  470         } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  471                 crde->crd_skip = 0;
  472         } else if (crde) {
  473                 crde->crd_flags |= CRD_F_IV_PRESENT;
  474                 crde->crd_skip = cse->txform->blocksize;
  475                 crde->crd_len -= cse->txform->blocksize;
  476         }
  477 
  478         if (cop->mac && crda == NULL) {
  479                 error = EINVAL;
  480                 goto bail;
  481         }
  482 
  483         /*
  484          * Let the dispatch run unlocked, then, interlock against the
  485          * callback before checking if the operation completed and going
  486          * to sleep.  This insures drivers don't inherit our lock which
  487          * results in a lock order reversal between crypto_dispatch forced
  488          * entry and the crypto_done callback into us.
  489          */
  490         error = crypto_dispatch(crp);
  491         mtx_lock(&cse->lock);
  492         if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0)
  493                 error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
  494         mtx_unlock(&cse->lock);
  495 
  496         if (error != 0)
  497                 goto bail;
  498 
  499         if (crp->crp_etype != 0) {
  500                 error = crp->crp_etype;
  501                 goto bail;
  502         }
  503 
  504         if (cse->error) {
  505                 error = cse->error;
  506                 goto bail;
  507         }
  508 
  509         if (cop->dst &&
  510             (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len)))
  511                 goto bail;
  512 
  513         if (cop->mac &&
  514             (error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base + cop->len,
  515             cop->mac, cse->thash->hashsize)))
  516                 goto bail;
  517 
  518 bail:
  519         if (crp)
  520                 crypto_freereq(crp);
  521         if (cse->uio.uio_iov[0].iov_base)
  522                 free(cse->uio.uio_iov[0].iov_base, M_XDATA);
  523 
  524         return (error);
  525 }
  526 
  527 static int
  528 cryptodev_cb(void *op)
  529 {
  530         struct cryptop *crp = (struct cryptop *) op;
  531         struct csession *cse = (struct csession *)crp->crp_opaque;
  532         int error;
  533 
  534         error = crp->crp_etype;
  535         if (error == EAGAIN)
  536                 error = crypto_dispatch(crp);
  537         mtx_lock(&cse->lock);
  538         if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) {
  539                 cse->error = error;
  540                 wakeup_one(crp);
  541         }
  542         mtx_unlock(&cse->lock);
  543         return (0);
  544 }
  545 
  546 static int
  547 cryptodevkey_cb(void *op)
  548 {
  549         struct cryptkop *krp = (struct cryptkop *) op;
  550 
  551         wakeup_one(krp);
  552         return (0);
  553 }
  554 
  555 static int
  556 cryptodev_key(struct crypt_kop *kop)
  557 {
  558         struct cryptkop *krp = NULL;
  559         int error = EINVAL;
  560         int in, out, size, i;
  561 
  562         if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
  563                 return (EFBIG);
  564         }
  565 
  566         in = kop->crk_iparams;
  567         out = kop->crk_oparams;
  568         switch (kop->crk_op) {
  569         case CRK_MOD_EXP:
  570                 if (in == 3 && out == 1)
  571                         break;
  572                 return (EINVAL);
  573         case CRK_MOD_EXP_CRT:
  574                 if (in == 6 && out == 1)
  575                         break;
  576                 return (EINVAL);
  577         case CRK_DSA_SIGN:
  578                 if (in == 5 && out == 2)
  579                         break;
  580                 return (EINVAL);
  581         case CRK_DSA_VERIFY:
  582                 if (in == 7 && out == 0)
  583                         break;
  584                 return (EINVAL);
  585         case CRK_DH_COMPUTE_KEY:
  586                 if (in == 3 && out == 1)
  587                         break;
  588                 return (EINVAL);
  589         default:
  590                 return (EINVAL);
  591         }
  592 
  593         krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO);
  594         if (!krp)
  595                 return (ENOMEM);
  596         krp->krp_op = kop->crk_op;
  597         krp->krp_status = kop->crk_status;
  598         krp->krp_iparams = kop->crk_iparams;
  599         krp->krp_oparams = kop->crk_oparams;
  600         krp->krp_crid = kop->crk_crid;
  601         krp->krp_status = 0;
  602         krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
  603 
  604         for (i = 0; i < CRK_MAXPARAM; i++) {
  605                 if (kop->crk_param[i].crp_nbits > 65536)
  606                         /* Limit is the same as in OpenBSD */
  607                         goto fail;
  608                 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
  609         }
  610         for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
  611                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  612                 if (size == 0)
  613                         continue;
  614                 MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK);
  615                 if (i >= krp->krp_iparams)
  616                         continue;
  617                 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
  618                 if (error)
  619                         goto fail;
  620         }
  621 
  622         error = crypto_kdispatch(krp);
  623         if (error)
  624                 goto fail;
  625         error = tsleep(krp, PSOCK, "crydev", 0);
  626         if (error) {
  627                 /* XXX can this happen?  if so, how do we recover? */
  628                 goto fail;
  629         }
  630         
  631         kop->crk_crid = krp->krp_crid;          /* device that did the work */
  632         if (krp->krp_status != 0) {
  633                 error = krp->krp_status;
  634                 goto fail;
  635         }
  636 
  637         for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
  638                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  639                 if (size == 0)
  640                         continue;
  641                 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
  642                 if (error)
  643                         goto fail;
  644         }
  645 
  646 fail:
  647         if (krp) {
  648                 kop->crk_status = krp->krp_status;
  649                 for (i = 0; i < CRK_MAXPARAM; i++) {
  650                         if (krp->krp_param[i].crp_p)
  651                                 FREE(krp->krp_param[i].crp_p, M_XDATA);
  652                 }
  653                 free(krp, M_XDATA);
  654         }
  655         return (error);
  656 }
  657 
  658 static int
  659 cryptodev_find(struct crypt_find_op *find)
  660 {
  661         device_t dev;
  662 
  663         if (find->crid != -1) {
  664                 dev = crypto_find_device_byhid(find->crid);
  665                 if (dev == NULL)
  666                         return (ENOENT);
  667                 strlcpy(find->name, device_get_nameunit(dev),
  668                     sizeof(find->name));
  669         } else {
  670                 find->crid = crypto_find_driver(find->name);
  671                 if (find->crid == -1)
  672                         return (ENOENT);
  673         }
  674         return (0);
  675 }
  676 
  677 /* ARGSUSED */
  678 static int
  679 cryptof_poll(
  680         struct file *fp,
  681         int events,
  682         struct ucred *active_cred,
  683         struct thread *td)
  684 {
  685 
  686         return (0);
  687 }
  688 
  689 /* ARGSUSED */
  690 static int
  691 cryptof_kqfilter(struct file *fp, struct knote *kn)
  692 {
  693 
  694         return (0);
  695 }
  696 
  697 /* ARGSUSED */
  698 static int
  699 cryptof_stat(
  700         struct file *fp,
  701         struct stat *sb,
  702         struct ucred *active_cred,
  703         struct thread *td)
  704 {
  705 
  706         return (EOPNOTSUPP);
  707 }
  708 
  709 /* ARGSUSED */
  710 static int
  711 cryptof_close(struct file *fp, struct thread *td)
  712 {
  713         struct fcrypt *fcr = fp->f_data;
  714         struct csession *cse;
  715 
  716         while ((cse = TAILQ_FIRST(&fcr->csessions))) {
  717                 TAILQ_REMOVE(&fcr->csessions, cse, next);
  718                 (void)csefree(cse);
  719         }
  720         FREE(fcr, M_XDATA);
  721         fp->f_data = NULL;
  722         return 0;
  723 }
  724 
  725 static struct csession *
  726 csefind(struct fcrypt *fcr, u_int ses)
  727 {
  728         struct csession *cse;
  729 
  730         TAILQ_FOREACH(cse, &fcr->csessions, next)
  731                 if (cse->ses == ses)
  732                         return (cse);
  733         return (NULL);
  734 }
  735 
  736 static int
  737 csedelete(struct fcrypt *fcr, struct csession *cse_del)
  738 {
  739         struct csession *cse;
  740 
  741         TAILQ_FOREACH(cse, &fcr->csessions, next) {
  742                 if (cse == cse_del) {
  743                         TAILQ_REMOVE(&fcr->csessions, cse, next);
  744                         return (1);
  745                 }
  746         }
  747         return (0);
  748 }
  749         
  750 static struct csession *
  751 cseadd(struct fcrypt *fcr, struct csession *cse)
  752 {
  753         TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
  754         cse->ses = fcr->sesn++;
  755         return (cse);
  756 }
  757 
  758 struct csession *
  759 csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
  760     caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
  761     struct enc_xform *txform, struct auth_hash *thash)
  762 {
  763         struct csession *cse;
  764 
  765 #ifdef INVARIANTS
  766         /* NB: required when mtx_init is built with INVARIANTS */
  767         MALLOC(cse, struct csession *, sizeof(struct csession),
  768             M_XDATA, M_NOWAIT | M_ZERO);
  769 #else
  770         MALLOC(cse, struct csession *, sizeof(struct csession),
  771             M_XDATA, M_NOWAIT);
  772 #endif
  773         if (cse == NULL)
  774                 return NULL;
  775         mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF);
  776         cse->key = key;
  777         cse->keylen = keylen/8;
  778         cse->mackey = mackey;
  779         cse->mackeylen = mackeylen/8;
  780         cse->sid = sid;
  781         cse->cipher = cipher;
  782         cse->mac = mac;
  783         cse->txform = txform;
  784         cse->thash = thash;
  785         cseadd(fcr, cse);
  786         return (cse);
  787 }
  788 
  789 static int
  790 csefree(struct csession *cse)
  791 {
  792         int error;
  793 
  794         error = crypto_freesession(cse->sid);
  795         mtx_destroy(&cse->lock);
  796         if (cse->key)
  797                 FREE(cse->key, M_XDATA);
  798         if (cse->mackey)
  799                 FREE(cse->mackey, M_XDATA);
  800         FREE(cse, M_XDATA);
  801         return (error);
  802 }
  803 
  804 static int
  805 cryptoopen(struct cdev *dev, int oflags, int devtype, struct thread *td)
  806 {
  807         return (0);
  808 }
  809 
  810 static int
  811 cryptoread(struct cdev *dev, struct uio *uio, int ioflag)
  812 {
  813         return (EIO);
  814 }
  815 
  816 static int
  817 cryptowrite(struct cdev *dev, struct uio *uio, int ioflag)
  818 {
  819         return (EIO);
  820 }
  821 
  822 static int
  823 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
  824 {
  825         struct file *f;
  826         struct fcrypt *fcr;
  827         int fd, error;
  828 
  829         switch (cmd) {
  830         case CRIOGET:
  831                 MALLOC(fcr, struct fcrypt *,
  832                     sizeof(struct fcrypt), M_XDATA, M_WAITOK);
  833                 TAILQ_INIT(&fcr->csessions);
  834                 fcr->sesn = 0;
  835 
  836                 error = falloc(td, &f, &fd);
  837 
  838                 if (error) {
  839                         FREE(fcr, M_XDATA);
  840                         return (error);
  841                 }
  842                 /* falloc automatically provides an extra reference to 'f'. */
  843                 FILE_LOCK(f);
  844                 f->f_flag = FREAD | FWRITE;
  845                 f->f_type = DTYPE_CRYPTO;
  846                 f->f_data = fcr;
  847                 f->f_ops = &cryptofops;
  848                 FILE_UNLOCK(f);
  849                 *(u_int32_t *)data = fd;
  850                 fdrop(f, td);
  851                 break;
  852         case CRIOFINDDEV:
  853                 error = cryptodev_find((struct crypt_find_op *)data);
  854                 break;
  855         case CRIOASYMFEAT:
  856                 error = crypto_getfeat((int *)data);
  857                 break;
  858         default:
  859                 error = EINVAL;
  860                 break;
  861         }
  862         return (error);
  863 }
  864 
  865 static struct cdevsw crypto_cdevsw = {
  866         .d_version =    D_VERSION,
  867         .d_flags =      D_NEEDGIANT,
  868         .d_open =       cryptoopen,
  869         .d_read =       cryptoread,
  870         .d_write =      cryptowrite,
  871         .d_ioctl =      cryptoioctl,
  872         .d_name =       "crypto",
  873 };
  874 static struct cdev *crypto_dev;
  875 
  876 /*
  877  * Initialization code, both for static and dynamic loading.
  878  */
  879 static int
  880 cryptodev_modevent(module_t mod, int type, void *unused)
  881 {
  882         switch (type) {
  883         case MOD_LOAD:
  884                 if (bootverbose)
  885                         printf("crypto: <crypto device>\n");
  886                 crypto_dev = make_dev(&crypto_cdevsw, 0, 
  887                                       UID_ROOT, GID_WHEEL, 0666,
  888                                       "crypto");
  889                 return 0;
  890         case MOD_UNLOAD:
  891                 /*XXX disallow if active sessions */
  892                 destroy_dev(crypto_dev);
  893                 return 0;
  894         }
  895         return EINVAL;
  896 }
  897 
  898 static moduledata_t cryptodev_mod = {
  899         "cryptodev",
  900         cryptodev_modevent,
  901         0
  902 };
  903 MODULE_VERSION(cryptodev, 1);
  904 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
  905 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1);
  906 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1);

Cache object: a9e75dbc01d90688b4b8fbd232fd9207


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.