The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/cryptodev.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: cryptodev.c,v 1.10 2003/11/19 04:14:07 jonathan Exp $ */
    2 /*      $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $        */
    3 /*      $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $   */
    4 
    5 /*
    6  * Copyright (c) 2001 Theo de Raadt
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  *
   12  * 1. Redistributions of source code must retain the above copyright
   13  *   notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *   notice, this list of conditions and the following disclaimer in the
   16  *   documentation and/or other materials provided with the distribution.
   17  * 3. The name of the author may not be used to endorse or promote products
   18  *   derived from this software without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   30  *
   31  * Effort sponsored in part by the Defense Advanced Research Projects
   32  * Agency (DARPA) and Air Force Research Laboratory, Air Force
   33  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
   34  *
   35  */
   36 
   37 #include <sys/cdefs.h>
   38 __KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.10 2003/11/19 04:14:07 jonathan Exp $");
   39 
   40 #include <sys/param.h>
   41 #include <sys/systm.h>
   42 #include <sys/malloc.h>
   43 #include <sys/mbuf.h>
   44 #include <sys/sysctl.h>
   45 #include <sys/file.h>
   46 #include <sys/filedesc.h>
   47 #include <sys/errno.h>
   48 #include <sys/md5.h>
   49 #include <sys/sha1.h>
   50 #include <sys/conf.h>
   51 #include <sys/device.h>
   52 
   53 #include <opencrypto/cryptodev.h>
   54 #include <opencrypto/xform.h>
   55 
   56 #ifdef __NetBSD__
   57   #define splcrypto splnet
   58 #endif
   59 
   60 struct csession {
   61         TAILQ_ENTRY(csession) next;
   62         u_int64_t       sid;
   63         u_int32_t       ses;
   64 
   65         u_int32_t       cipher;
   66         struct enc_xform *txform;
   67         u_int32_t       mac;
   68         struct auth_hash *thash;
   69 
   70         caddr_t         key;
   71         int             keylen;
   72         u_char          tmp_iv[EALG_MAX_BLOCK_LEN];
   73 
   74         caddr_t         mackey;
   75         int             mackeylen;
   76         u_char          tmp_mac[CRYPTO_MAX_MAC_LEN];
   77 
   78         struct iovec    iovec[IOV_MAX];
   79         struct uio      uio;
   80         int             error;
   81 };
   82 
   83 struct fcrypt {
   84         TAILQ_HEAD(csessionlist, csession) csessions;
   85         int             sesn;
   86 };
   87 
   88 
   89 /* Declaration of master device (fd-cloning/ctxt-allocating) entrypoints */
   90 static int      cryptoopen(dev_t dev, int flag, int mode, struct proc *p);
   91 static int      cryptoread(dev_t dev, struct uio *uio, int ioflag);
   92 static int      cryptowrite(dev_t dev, struct uio *uio, int ioflag);
   93 static int      cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p);
   94 static int      cryptoselect(dev_t dev, int rw, struct proc *p);
   95 
   96 /* Declaration of cloned-device (per-ctxt) entrypoints */
   97 static int      cryptof_read(struct file *, off_t *, struct uio *, struct ucred *, int);
   98 static int      cryptof_write(struct file *, off_t *, struct uio *, struct ucred *, int);
   99 static int      cryptof_ioctl(struct file *, u_long, void*, struct proc *p);
  100 static int      cryptof_fcntl(struct file *, u_int, void*, struct proc *p);
  101 static int      cryptof_poll(struct file *, int, struct proc *);
  102 static int      cryptof_kqfilter(struct file *, struct knote *);
  103 static int      cryptof_stat(struct file *, struct stat *, struct proc *);
  104 static int      cryptof_close(struct file *, struct proc *);
  105 
  106 static struct fileops cryptofops = {
  107     cryptof_read,
  108     cryptof_write,
  109     cryptof_ioctl,
  110     cryptof_fcntl,
  111     cryptof_poll,
  112     cryptof_stat,
  113     cryptof_close,
  114     cryptof_kqfilter
  115 };
  116 
  117 static struct   csession *csefind(struct fcrypt *, u_int);
  118 static int      csedelete(struct fcrypt *, struct csession *);
  119 static struct   csession *cseadd(struct fcrypt *, struct csession *);
  120 static struct   csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t,
  121     caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
  122     struct auth_hash *);
  123 static int      csefree(struct csession *);
  124 
  125 static int      cryptodev_op(struct csession *, struct crypt_op *, struct proc *);
  126 static int      cryptodev_key(struct crypt_kop *);
  127 int     cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]);
  128 
  129 static int      cryptodev_cb(void *);
  130 static int      cryptodevkey_cb(void *);
  131 
  132 /*
  133  * sysctl-able control variables for /dev/crypto now defined in crypto.c:
  134  * crypto_usercrypto, crypto_userasmcrypto, crypto_devallowsoft.
  135  */
  136 
  137 /* ARGSUSED */
  138 int
  139 cryptof_read(struct file *fp, off_t *poff, struct uio *uio,
  140              struct ucred *cred, int flags)
  141 {
  142         return (EIO);
  143 }
  144 
  145 /* ARGSUSED */
  146 int
  147 cryptof_write(struct file *fp, off_t *poff, struct uio *uio,
  148               struct ucred *cred, int flags)
  149 {
  150         return (EIO);
  151 }
  152 
  153 /* ARGSUSED */
  154 int
  155 cryptof_ioctl(struct file *fp, u_long cmd, void* data, struct proc *p)
  156 {
  157         struct cryptoini cria, crie;
  158         struct fcrypt *fcr = (struct fcrypt *)fp->f_data;
  159         struct csession *cse;
  160         struct session_op *sop;
  161         struct crypt_op *cop;
  162         struct enc_xform *txform = NULL;
  163         struct auth_hash *thash = NULL;
  164         u_int64_t sid;
  165         u_int32_t ses;
  166         int error = 0;
  167 
  168         switch (cmd) {
  169         case CIOCGSESSION:
  170                 sop = (struct session_op *)data;
  171                 switch (sop->cipher) {
  172                 case 0:
  173                         break;
  174                 case CRYPTO_DES_CBC:
  175                         txform = &enc_xform_des;
  176                         break;
  177                 case CRYPTO_3DES_CBC:
  178                         txform = &enc_xform_3des;
  179                         break;
  180                 case CRYPTO_BLF_CBC:
  181                         txform = &enc_xform_blf;
  182                         break;
  183                 case CRYPTO_CAST_CBC:
  184                         txform = &enc_xform_cast5;
  185                         break;
  186                 case CRYPTO_SKIPJACK_CBC:
  187                         txform = &enc_xform_skipjack;
  188                         break;
  189                 case CRYPTO_AES_CBC:
  190                         txform = &enc_xform_rijndael128;
  191                         break;
  192                 case CRYPTO_NULL_CBC:
  193                         txform = &enc_xform_null;
  194                         break;
  195                 case CRYPTO_ARC4:
  196                         txform = &enc_xform_arc4;
  197                         break;
  198                 default:
  199                         return (EINVAL);
  200                 }
  201 
  202                 switch (sop->mac) {
  203                 case 0:
  204                         break;
  205                 case CRYPTO_MD5_HMAC:
  206                         thash = &auth_hash_hmac_md5_96;
  207                         break;
  208                 case CRYPTO_SHA1_HMAC:
  209                         thash = &auth_hash_hmac_sha1_96;
  210                         break;
  211                 case CRYPTO_SHA2_HMAC:
  212                         if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize)
  213                                 thash = &auth_hash_hmac_sha2_256;
  214                         else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize)
  215                                 thash = &auth_hash_hmac_sha2_384;
  216                         else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize)
  217                                 thash = &auth_hash_hmac_sha2_512;
  218                         else
  219                                 return (EINVAL);
  220                         break;
  221                 case CRYPTO_RIPEMD160_HMAC:
  222                         thash = &auth_hash_hmac_ripemd_160_96;
  223                         break;
  224                 case CRYPTO_MD5:
  225                         thash = &auth_hash_md5;
  226                         break;
  227                 case CRYPTO_SHA1:
  228                         thash = &auth_hash_sha1;
  229                         break;
  230                 case CRYPTO_NULL_HMAC:
  231                         thash = &auth_hash_null;
  232                         break;
  233                 default:
  234                         return (EINVAL);
  235                 }
  236 
  237                 bzero(&crie, sizeof(crie));
  238                 bzero(&cria, sizeof(cria));
  239 
  240                 if (txform) {
  241                         crie.cri_alg = txform->type;
  242                         crie.cri_klen = sop->keylen * 8;
  243                         if (sop->keylen > txform->maxkey ||
  244                             sop->keylen < txform->minkey) {
  245                                 error = EINVAL;
  246                                 goto bail;
  247                         }
  248 
  249                         MALLOC(crie.cri_key, u_int8_t *,
  250                             crie.cri_klen / 8, M_XDATA, M_WAITOK);
  251                         if ((error = copyin(sop->key, crie.cri_key,
  252                             crie.cri_klen / 8)))
  253                                 goto bail;
  254                         if (thash)
  255                                 crie.cri_next = &cria;
  256                 }
  257 
  258                 if (thash) {
  259                         cria.cri_alg = thash->type;
  260                         cria.cri_klen = sop->mackeylen * 8;
  261                         if (sop->mackeylen != thash->keysize) {
  262                                 error = EINVAL;
  263                                 goto bail;
  264                         }
  265 
  266                         if (cria.cri_klen) {
  267                                 MALLOC(cria.cri_key, u_int8_t *,
  268                                     cria.cri_klen / 8, M_XDATA, M_WAITOK);
  269                                 if ((error = copyin(sop->mackey, cria.cri_key,
  270                                     cria.cri_klen / 8)))
  271                                         goto bail;
  272                         }
  273                 }
  274 
  275                 error = crypto_newsession(&sid, (txform ? &crie : &cria),
  276                             crypto_devallowsoft);
  277                 if (error) {
  278 #ifdef CRYPTO_DEBUG
  279                         printf("SIOCSESSION violates kernel parameters\n");
  280 #endif
  281                         goto bail;
  282                 }
  283 
  284                 cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
  285                     cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
  286                     thash);
  287 
  288                 if (cse == NULL) {
  289                         crypto_freesession(sid);
  290                         error = EINVAL;
  291                         goto bail;
  292                 }
  293                 sop->ses = cse->ses;
  294 
  295 bail:
  296                 if (error) {
  297                         if (crie.cri_key)
  298                                 FREE(crie.cri_key, M_XDATA);
  299                         if (cria.cri_key)
  300                                 FREE(cria.cri_key, M_XDATA);
  301                 }
  302                 break;
  303         case CIOCFSESSION:
  304                 ses = *(u_int32_t *)data;
  305                 cse = csefind(fcr, ses);
  306                 if (cse == NULL)
  307                         return (EINVAL);
  308                 csedelete(fcr, cse);
  309                 error = csefree(cse);
  310                 break;
  311         case CIOCCRYPT:
  312                 cop = (struct crypt_op *)data;
  313                 cse = csefind(fcr, cop->ses);
  314                 if (cse == NULL)
  315                         return (EINVAL);
  316                 error = cryptodev_op(cse, cop, p);
  317                 break;
  318         case CIOCKEY:
  319                 error = cryptodev_key((struct crypt_kop *)data);
  320                 break;
  321         case CIOCASYMFEAT:
  322                 error = crypto_getfeat((int *)data);
  323                 break;
  324         default:
  325                 error = EINVAL;
  326         }
  327         return (error);
  328 }
  329 
  330 /* ARGSUSED */
  331 int
  332 cryptof_fcntl(struct file *fp, u_int cmd, void *data, struct proc *p)
  333 {
  334   return (0);
  335 }
  336 
  337 static int
  338 cryptodev_op(struct csession *cse, struct crypt_op *cop, struct proc *p)
  339 {
  340         struct cryptop *crp = NULL;
  341         struct cryptodesc *crde = NULL, *crda = NULL;
  342         int i, error, s;
  343 
  344         if (cop->len > 256*1024-4)
  345                 return (E2BIG);
  346 
  347         if (cse->txform && (cop->len % cse->txform->blocksize) != 0)
  348                 return (EINVAL);
  349 
  350         bzero(&cse->uio, sizeof(cse->uio));
  351         cse->uio.uio_iovcnt = 1;
  352         cse->uio.uio_resid = 0;
  353         cse->uio.uio_segflg = UIO_SYSSPACE;
  354         cse->uio.uio_rw = UIO_WRITE;
  355         cse->uio.uio_procp = p;
  356         cse->uio.uio_iov = cse->iovec;
  357         bzero(&cse->iovec, sizeof(cse->iovec));
  358         cse->uio.uio_iov[0].iov_len = cop->len;
  359         cse->uio.uio_iov[0].iov_base = malloc(cop->len, M_XDATA, M_WAITOK);
  360         for (i = 0; i < cse->uio.uio_iovcnt; i++)
  361                 cse->uio.uio_resid += cse->uio.uio_iov[0].iov_len;
  362 
  363         crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
  364         if (crp == NULL) {
  365                 error = ENOMEM;
  366                 goto bail;
  367         }
  368 
  369         if (cse->thash) {
  370                 crda = crp->crp_desc;
  371                 if (cse->txform)
  372                         crde = crda->crd_next;
  373         } else {
  374                 if (cse->txform)
  375                         crde = crp->crp_desc;
  376                 else {
  377                         error = EINVAL;
  378                         goto bail;
  379                 }
  380         }
  381 
  382         if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len)))
  383                 goto bail;
  384 
  385         if (crda) {
  386                 crda->crd_skip = 0;
  387                 crda->crd_len = cop->len;
  388                 crda->crd_inject = 0;   /* ??? */
  389 
  390                 crda->crd_alg = cse->mac;
  391                 crda->crd_key = cse->mackey;
  392                 crda->crd_klen = cse->mackeylen * 8;
  393         }
  394 
  395         if (crde) {
  396                 if (cop->op == COP_ENCRYPT)
  397                         crde->crd_flags |= CRD_F_ENCRYPT;
  398                 else
  399                         crde->crd_flags &= ~CRD_F_ENCRYPT;
  400                 crde->crd_len = cop->len;
  401                 crde->crd_inject = 0;
  402 
  403                 crde->crd_alg = cse->cipher;
  404                 crde->crd_key = cse->key;
  405                 crde->crd_klen = cse->keylen * 8;
  406         }
  407 
  408         crp->crp_ilen = cop->len;
  409         crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM
  410                        | (cop->flags & COP_F_BATCH);
  411         crp->crp_buf = (caddr_t)&cse->uio;
  412         crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb;
  413         crp->crp_sid = cse->sid;
  414         crp->crp_opaque = (void *)cse;
  415 
  416         if (cop->iv) {
  417                 if (crde == NULL) {
  418                         error = EINVAL;
  419                         goto bail;
  420                 }
  421                 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  422                         error = EINVAL;
  423                         goto bail;
  424                 }
  425                 if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize)))
  426                         goto bail;
  427                 bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize);
  428                 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
  429                 crde->crd_skip = 0;
  430         } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  431                 crde->crd_skip = 0;
  432         } else if (crde) {
  433                 crde->crd_flags |= CRD_F_IV_PRESENT;
  434                 crde->crd_skip = cse->txform->blocksize;
  435                 crde->crd_len -= cse->txform->blocksize;
  436         }
  437 
  438         if (cop->mac) {
  439                 if (crda == NULL) {
  440                         error = EINVAL;
  441                         goto bail;
  442                 }
  443                 crp->crp_mac=cse->tmp_mac;
  444         }
  445 
  446         s = splcrypto();        /* NB: only needed with CRYPTO_F_CBIMM */
  447         error = crypto_dispatch(crp);
  448         if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0)
  449                 error = tsleep(crp, PSOCK, "crydev", 0);
  450         splx(s);
  451         if (error) {
  452                 goto bail;
  453         }
  454 
  455         if (crp->crp_etype != 0) {
  456                 error = crp->crp_etype;
  457                 goto bail;
  458         }
  459 
  460         if (cse->error) {
  461                 error = cse->error;
  462                 goto bail;
  463         }
  464 
  465         if (cop->dst &&
  466             (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len)))
  467                 goto bail;
  468 
  469         if (cop->mac &&
  470             (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize)))
  471                 goto bail;
  472 
  473 bail:
  474         if (crp)
  475                 crypto_freereq(crp);
  476         if (cse->uio.uio_iov[0].iov_base)
  477                 free(cse->uio.uio_iov[0].iov_base, M_XDATA);
  478 
  479         return (error);
  480 }
  481 
  482 static int
  483 cryptodev_cb(void *op)
  484 {
  485         struct cryptop *crp = (struct cryptop *) op;
  486         struct csession *cse = (struct csession *)crp->crp_opaque;
  487 
  488         cse->error = crp->crp_etype;
  489         if (crp->crp_etype == EAGAIN)
  490                 return crypto_dispatch(crp);
  491         wakeup_one(crp);
  492         return (0);
  493 }
  494 
  495 static int
  496 cryptodevkey_cb(void *op)
  497 {
  498         struct cryptkop *krp = (struct cryptkop *) op;
  499 
  500         wakeup_one(krp);
  501         return (0);
  502 }
  503 
  504 static int
  505 cryptodev_key(struct crypt_kop *kop)
  506 {
  507         struct cryptkop *krp = NULL;
  508         int error = EINVAL;
  509         int in, out, size, i;
  510 
  511         if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
  512                 return (EFBIG);
  513         }
  514 
  515         in = kop->crk_iparams;
  516         out = kop->crk_oparams;
  517         switch (kop->crk_op) {
  518         case CRK_MOD_EXP:
  519                 if (in == 3 && out == 1)
  520                         break;
  521                 return (EINVAL);
  522         case CRK_MOD_EXP_CRT:
  523                 if (in == 6 && out == 1)
  524                         break;
  525                 return (EINVAL);
  526         case CRK_DSA_SIGN:
  527                 if (in == 5 && out == 2)
  528                         break;
  529                 return (EINVAL);
  530         case CRK_DSA_VERIFY:
  531                 if (in == 7 && out == 0)
  532                         break;
  533                 return (EINVAL);
  534         case CRK_DH_COMPUTE_KEY:
  535                 if (in == 3 && out == 1)
  536                         break;
  537                 return (EINVAL);
  538         default:
  539                 return (EINVAL);
  540         }
  541 
  542         krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK);
  543         if (!krp)
  544                 return (ENOMEM);
  545         bzero(krp, sizeof *krp);
  546         krp->krp_op = kop->crk_op;
  547         krp->krp_status = kop->crk_status;
  548         krp->krp_iparams = kop->crk_iparams;
  549         krp->krp_oparams = kop->crk_oparams;
  550         krp->krp_status = 0;
  551         krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
  552 
  553         for (i = 0; i < CRK_MAXPARAM; i++)
  554                 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
  555         for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
  556                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  557                 if (size == 0)
  558                         continue;
  559                 MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK);
  560                 if (i >= krp->krp_iparams)
  561                         continue;
  562                 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
  563                 if (error)
  564                         goto fail;
  565         }
  566 
  567         error = crypto_kdispatch(krp);
  568         if (error == 0)
  569                 error = tsleep(krp, PSOCK, "crydev", 0);
  570         if (error)
  571                 goto fail;
  572 
  573         if (krp->krp_status != 0) {
  574                 error = krp->krp_status;
  575                 goto fail;
  576         }
  577 
  578         for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
  579                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  580                 if (size == 0)
  581                         continue;
  582                 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
  583                 if (error)
  584                         goto fail;
  585         }
  586 
  587 fail:
  588         if (krp) {
  589                 kop->crk_status = krp->krp_status;
  590                 for (i = 0; i < CRK_MAXPARAM; i++) {
  591                         if (krp->krp_param[i].crp_p)
  592                                 FREE(krp->krp_param[i].crp_p, M_XDATA);
  593                 }
  594                 free(krp, M_XDATA);
  595         }
  596         return (error);
  597 }
  598 
  599 /* ARGSUSED */
  600 static int
  601 cryptof_poll(struct file *fp, int which, struct proc *p)
  602 {
  603         return (0);
  604 }
  605 
  606 
  607 /* ARGSUSED */
  608 static int
  609 cryptof_kqfilter(struct file *fp, struct knote *kn)
  610 {
  611 
  612         return (0);
  613 }
  614 
  615 /* ARGSUSED */
  616 static int
  617 cryptof_stat(struct file *fp, struct stat *sb, struct proc *p)
  618 {
  619         return (EOPNOTSUPP);
  620 }
  621 
  622 /* ARGSUSED */
  623 static int
  624 cryptof_close(struct file *fp, struct proc *p)
  625 {
  626         struct fcrypt *fcr = (struct fcrypt *)fp->f_data;
  627         struct csession *cse;
  628 
  629         while ((cse = TAILQ_FIRST(&fcr->csessions))) {
  630                 TAILQ_REMOVE(&fcr->csessions, cse, next);
  631                 (void)csefree(cse);
  632         }
  633         FREE(fcr, M_XDATA);
  634 
  635         /* close() stolen from sys/kern/kern_ktrace.c */
  636 
  637         fp->f_data = NULL;
  638 #if 0
  639         FILE_UNUSE(fp, p);      /* release file */
  640         fdrelease(p, fd);       /* release fd table slot */
  641 #endif
  642 
  643         return 0;
  644 }
  645 
  646 static struct csession *
  647 csefind(struct fcrypt *fcr, u_int ses)
  648 {
  649         struct csession *cse;
  650 
  651         TAILQ_FOREACH(cse, &fcr->csessions, next)
  652                 if (cse->ses == ses)
  653                         return (cse);
  654         return (NULL);
  655 }
  656 
  657 static int
  658 csedelete(struct fcrypt *fcr, struct csession *cse_del)
  659 {
  660         struct csession *cse;
  661 
  662         TAILQ_FOREACH(cse, &fcr->csessions, next) {
  663                 if (cse == cse_del) {
  664                         TAILQ_REMOVE(&fcr->csessions, cse, next);
  665                         return (1);
  666                 }
  667         }
  668         return (0);
  669 }
  670 
  671 static struct csession *
  672 cseadd(struct fcrypt *fcr, struct csession *cse)
  673 {
  674         TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
  675         cse->ses = fcr->sesn++;
  676         return (cse);
  677 }
  678 
  679 static struct csession *
  680 csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
  681     caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
  682     struct enc_xform *txform, struct auth_hash *thash)
  683 {
  684         struct csession *cse;
  685 
  686         MALLOC(cse, struct csession *, sizeof(struct csession),
  687             M_XDATA, M_NOWAIT);
  688         if (cse == NULL)
  689                 return NULL;
  690         cse->key = key;
  691         cse->keylen = keylen/8;
  692         cse->mackey = mackey;
  693         cse->mackeylen = mackeylen/8;
  694         cse->sid = sid;
  695         cse->cipher = cipher;
  696         cse->mac = mac;
  697         cse->txform = txform;
  698         cse->thash = thash;
  699         cseadd(fcr, cse);
  700         return (cse);
  701 }
  702 
  703 static int
  704 csefree(struct csession *cse)
  705 {
  706         int error;
  707 
  708         error = crypto_freesession(cse->sid);
  709         if (cse->key)
  710                 FREE(cse->key, M_XDATA);
  711         if (cse->mackey)
  712                 FREE(cse->mackey, M_XDATA);
  713         FREE(cse, M_XDATA);
  714         return (error);
  715 }
  716 
  717 static int
  718 cryptoopen(dev_t dev, int flag, int mode, struct proc *p)
  719 {
  720         if (crypto_usercrypto == 0)
  721                 return (ENXIO);
  722         return (0);
  723 }
  724 
  725 static int
  726 cryptoread(dev_t dev, struct uio *uio, int ioflag)
  727 {
  728         return (EIO);
  729 }
  730 
  731 static int
  732 cryptowrite(dev_t dev, struct uio *uio, int ioflag)
  733 {
  734         return (EIO);
  735 }
  736 
  737 static int
  738 cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
  739 {
  740         struct file *f;
  741         struct fcrypt *fcr;
  742         int fd, error;
  743 
  744         switch (cmd) {
  745         case CRIOGET:
  746                 MALLOC(fcr, struct fcrypt *,
  747                     sizeof(struct fcrypt), M_XDATA, M_WAITOK);
  748                 TAILQ_INIT(&fcr->csessions);
  749                 fcr->sesn = 0;
  750 
  751                 error = falloc(p, &f, &fd);
  752                 if (error) {
  753                         FREE(fcr, M_XDATA);
  754                         return (error);
  755                 }
  756                 f->f_flag = FREAD | FWRITE;
  757                 f->f_type = DTYPE_CRYPTO;
  758                 f->f_ops = &cryptofops;
  759                 f->f_data = (caddr_t) fcr;
  760                 *(u_int32_t *)data = fd;
  761                 FILE_SET_MATURE(f);
  762                 FILE_UNUSE(f, p);
  763                 break;
  764         default:
  765                 error = EINVAL;
  766                 break;
  767         }
  768         return (error);
  769 }
  770 
  771 int
  772 cryptoselect(dev_t dev, int rw, struct proc *p)
  773 {
  774         return (0);
  775 }
  776 
  777 /*static*/
  778 struct cdevsw crypto_cdevsw = {
  779         /* open */      cryptoopen,
  780         /* close */     nullclose,
  781         /* read */      cryptoread,
  782         /* write */     cryptowrite,
  783         /* ioctl */     cryptoioctl,
  784         /* ttstop?*/    nostop,
  785         /* ??*/         notty,
  786         /* poll */      cryptoselect /*nopoll*/,
  787         /* mmap */      nommap,
  788         /* kqfilter */  nokqfilter,
  789 };
  790 

Cache object: 6912297fc12f4fbf19c8fc1e7bb271d9


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.