The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/cryptodev.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: cryptodev.c,v 1.12 2004/11/30 04:25:44 christos Exp $ */
    2 /*      $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $        */
    3 /*      $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $   */
    4 
    5 /*
    6  * Copyright (c) 2001 Theo de Raadt
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  *
   12  * 1. Redistributions of source code must retain the above copyright
   13  *   notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *   notice, this list of conditions and the following disclaimer in the
   16  *   documentation and/or other materials provided with the distribution.
   17  * 3. The name of the author may not be used to endorse or promote products
   18  *   derived from this software without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   30  *
   31  * Effort sponsored in part by the Defense Advanced Research Projects
   32  * Agency (DARPA) and Air Force Research Laboratory, Air Force
   33  * Materiel Command, USAF, under agreement number F30602-01-2-0537.
   34  *
   35  */
   36 
   37 #include <sys/cdefs.h>
   38 __KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.12 2004/11/30 04:25:44 christos Exp $");
   39 
   40 #include <sys/param.h>
   41 #include <sys/systm.h>
   42 #include <sys/malloc.h>
   43 #include <sys/mbuf.h>
   44 #include <sys/sysctl.h>
   45 #include <sys/file.h>
   46 #include <sys/filedesc.h>
   47 #include <sys/errno.h>
   48 #include <sys/md5.h>
   49 #include <sys/sha1.h>
   50 #include <sys/conf.h>
   51 #include <sys/device.h>
   52 
   53 #include <opencrypto/cryptodev.h>
   54 #include <opencrypto/xform.h>
   55 
   56 #ifdef __NetBSD__
   57   #define splcrypto splnet
   58 #endif
   59 
   60 struct csession {
   61         TAILQ_ENTRY(csession) next;
   62         u_int64_t       sid;
   63         u_int32_t       ses;
   64 
   65         u_int32_t       cipher;
   66         struct enc_xform *txform;
   67         u_int32_t       mac;
   68         struct auth_hash *thash;
   69 
   70         caddr_t         key;
   71         int             keylen;
   72         u_char          tmp_iv[EALG_MAX_BLOCK_LEN];
   73 
   74         caddr_t         mackey;
   75         int             mackeylen;
   76         u_char          tmp_mac[CRYPTO_MAX_MAC_LEN];
   77 
   78         struct iovec    iovec[IOV_MAX];
   79         struct uio      uio;
   80         int             error;
   81 };
   82 
   83 struct fcrypt {
   84         TAILQ_HEAD(csessionlist, csession) csessions;
   85         int             sesn;
   86 };
   87 
   88 
   89 /* Declaration of master device (fd-cloning/ctxt-allocating) entrypoints */
   90 static int      cryptoopen(dev_t dev, int flag, int mode, struct proc *p);
   91 static int      cryptoread(dev_t dev, struct uio *uio, int ioflag);
   92 static int      cryptowrite(dev_t dev, struct uio *uio, int ioflag);
   93 static int      cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p);
   94 static int      cryptoselect(dev_t dev, int rw, struct proc *p);
   95 
   96 /* Declaration of cloned-device (per-ctxt) entrypoints */
   97 static int      cryptof_read(struct file *, off_t *, struct uio *, struct ucred *, int);
   98 static int      cryptof_write(struct file *, off_t *, struct uio *, struct ucred *, int);
   99 static int      cryptof_ioctl(struct file *, u_long, void*, struct proc *p);
  100 static int      cryptof_close(struct file *, struct proc *);
  101 
  102 static const struct fileops cryptofops = {
  103     cryptof_read,
  104     cryptof_write,
  105     cryptof_ioctl,
  106     fnullop_fcntl,
  107     fnullop_poll,
  108     fbadop_stat,
  109     cryptof_close,
  110     fnullop_kqfilter
  111 };
  112 
  113 static struct   csession *csefind(struct fcrypt *, u_int);
  114 static int      csedelete(struct fcrypt *, struct csession *);
  115 static struct   csession *cseadd(struct fcrypt *, struct csession *);
  116 static struct   csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t,
  117     caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
  118     struct auth_hash *);
  119 static int      csefree(struct csession *);
  120 
  121 static int      cryptodev_op(struct csession *, struct crypt_op *, struct proc *);
  122 static int      cryptodev_key(struct crypt_kop *);
  123 int     cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]);
  124 
  125 static int      cryptodev_cb(void *);
  126 static int      cryptodevkey_cb(void *);
  127 
  128 /*
  129  * sysctl-able control variables for /dev/crypto now defined in crypto.c:
  130  * crypto_usercrypto, crypto_userasmcrypto, crypto_devallowsoft.
  131  */
  132 
  133 /* ARGSUSED */
  134 int
  135 cryptof_read(struct file *fp, off_t *poff, struct uio *uio,
  136              struct ucred *cred, int flags)
  137 {
  138         return (EIO);
  139 }
  140 
  141 /* ARGSUSED */
  142 int
  143 cryptof_write(struct file *fp, off_t *poff, struct uio *uio,
  144               struct ucred *cred, int flags)
  145 {
  146         return (EIO);
  147 }
  148 
  149 /* ARGSUSED */
  150 int
  151 cryptof_ioctl(struct file *fp, u_long cmd, void* data, struct proc *p)
  152 {
  153         struct cryptoini cria, crie;
  154         struct fcrypt *fcr = (struct fcrypt *)fp->f_data;
  155         struct csession *cse;
  156         struct session_op *sop;
  157         struct crypt_op *cop;
  158         struct enc_xform *txform = NULL;
  159         struct auth_hash *thash = NULL;
  160         u_int64_t sid;
  161         u_int32_t ses;
  162         int error = 0;
  163 
  164         switch (cmd) {
  165         case CIOCGSESSION:
  166                 sop = (struct session_op *)data;
  167                 switch (sop->cipher) {
  168                 case 0:
  169                         break;
  170                 case CRYPTO_DES_CBC:
  171                         txform = &enc_xform_des;
  172                         break;
  173                 case CRYPTO_3DES_CBC:
  174                         txform = &enc_xform_3des;
  175                         break;
  176                 case CRYPTO_BLF_CBC:
  177                         txform = &enc_xform_blf;
  178                         break;
  179                 case CRYPTO_CAST_CBC:
  180                         txform = &enc_xform_cast5;
  181                         break;
  182                 case CRYPTO_SKIPJACK_CBC:
  183                         txform = &enc_xform_skipjack;
  184                         break;
  185                 case CRYPTO_AES_CBC:
  186                         txform = &enc_xform_rijndael128;
  187                         break;
  188                 case CRYPTO_NULL_CBC:
  189                         txform = &enc_xform_null;
  190                         break;
  191                 case CRYPTO_ARC4:
  192                         txform = &enc_xform_arc4;
  193                         break;
  194                 default:
  195                         return (EINVAL);
  196                 }
  197 
  198                 switch (sop->mac) {
  199                 case 0:
  200                         break;
  201                 case CRYPTO_MD5_HMAC:
  202                         thash = &auth_hash_hmac_md5_96;
  203                         break;
  204                 case CRYPTO_SHA1_HMAC:
  205                         thash = &auth_hash_hmac_sha1_96;
  206                         break;
  207                 case CRYPTO_SHA2_HMAC:
  208                         if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize)
  209                                 thash = &auth_hash_hmac_sha2_256;
  210                         else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize)
  211                                 thash = &auth_hash_hmac_sha2_384;
  212                         else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize)
  213                                 thash = &auth_hash_hmac_sha2_512;
  214                         else
  215                                 return (EINVAL);
  216                         break;
  217                 case CRYPTO_RIPEMD160_HMAC:
  218                         thash = &auth_hash_hmac_ripemd_160_96;
  219                         break;
  220                 case CRYPTO_MD5:
  221                         thash = &auth_hash_md5;
  222                         break;
  223                 case CRYPTO_SHA1:
  224                         thash = &auth_hash_sha1;
  225                         break;
  226                 case CRYPTO_NULL_HMAC:
  227                         thash = &auth_hash_null;
  228                         break;
  229                 default:
  230                         return (EINVAL);
  231                 }
  232 
  233                 bzero(&crie, sizeof(crie));
  234                 bzero(&cria, sizeof(cria));
  235 
  236                 if (txform) {
  237                         crie.cri_alg = txform->type;
  238                         crie.cri_klen = sop->keylen * 8;
  239                         if (sop->keylen > txform->maxkey ||
  240                             sop->keylen < txform->minkey) {
  241                                 error = EINVAL;
  242                                 goto bail;
  243                         }
  244 
  245                         MALLOC(crie.cri_key, u_int8_t *,
  246                             crie.cri_klen / 8, M_XDATA, M_WAITOK);
  247                         if ((error = copyin(sop->key, crie.cri_key,
  248                             crie.cri_klen / 8)))
  249                                 goto bail;
  250                         if (thash)
  251                                 crie.cri_next = &cria;
  252                 }
  253 
  254                 if (thash) {
  255                         cria.cri_alg = thash->type;
  256                         cria.cri_klen = sop->mackeylen * 8;
  257                         if (sop->mackeylen != thash->keysize) {
  258                                 error = EINVAL;
  259                                 goto bail;
  260                         }
  261 
  262                         if (cria.cri_klen) {
  263                                 MALLOC(cria.cri_key, u_int8_t *,
  264                                     cria.cri_klen / 8, M_XDATA, M_WAITOK);
  265                                 if ((error = copyin(sop->mackey, cria.cri_key,
  266                                     cria.cri_klen / 8)))
  267                                         goto bail;
  268                         }
  269                 }
  270 
  271                 error = crypto_newsession(&sid, (txform ? &crie : &cria),
  272                             crypto_devallowsoft);
  273                 if (error) {
  274 #ifdef CRYPTO_DEBUG
  275                         printf("SIOCSESSION violates kernel parameters\n");
  276 #endif
  277                         goto bail;
  278                 }
  279 
  280                 cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
  281                     cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
  282                     thash);
  283 
  284                 if (cse == NULL) {
  285                         crypto_freesession(sid);
  286                         error = EINVAL;
  287                         goto bail;
  288                 }
  289                 sop->ses = cse->ses;
  290 
  291 bail:
  292                 if (error) {
  293                         if (crie.cri_key)
  294                                 FREE(crie.cri_key, M_XDATA);
  295                         if (cria.cri_key)
  296                                 FREE(cria.cri_key, M_XDATA);
  297                 }
  298                 break;
  299         case CIOCFSESSION:
  300                 ses = *(u_int32_t *)data;
  301                 cse = csefind(fcr, ses);
  302                 if (cse == NULL)
  303                         return (EINVAL);
  304                 csedelete(fcr, cse);
  305                 error = csefree(cse);
  306                 break;
  307         case CIOCCRYPT:
  308                 cop = (struct crypt_op *)data;
  309                 cse = csefind(fcr, cop->ses);
  310                 if (cse == NULL)
  311                         return (EINVAL);
  312                 error = cryptodev_op(cse, cop, p);
  313                 break;
  314         case CIOCKEY:
  315                 error = cryptodev_key((struct crypt_kop *)data);
  316                 break;
  317         case CIOCASYMFEAT:
  318                 error = crypto_getfeat((int *)data);
  319                 break;
  320         default:
  321                 error = EINVAL;
  322         }
  323         return (error);
  324 }
  325 
  326 static int
  327 cryptodev_op(struct csession *cse, struct crypt_op *cop, struct proc *p)
  328 {
  329         struct cryptop *crp = NULL;
  330         struct cryptodesc *crde = NULL, *crda = NULL;
  331         int i, error, s;
  332 
  333         if (cop->len > 256*1024-4)
  334                 return (E2BIG);
  335 
  336         if (cse->txform && (cop->len % cse->txform->blocksize) != 0)
  337                 return (EINVAL);
  338 
  339         bzero(&cse->uio, sizeof(cse->uio));
  340         cse->uio.uio_iovcnt = 1;
  341         cse->uio.uio_resid = 0;
  342         cse->uio.uio_segflg = UIO_SYSSPACE;
  343         cse->uio.uio_rw = UIO_WRITE;
  344         cse->uio.uio_procp = NULL;
  345         cse->uio.uio_iov = cse->iovec;
  346         bzero(&cse->iovec, sizeof(cse->iovec));
  347         cse->uio.uio_iov[0].iov_len = cop->len;
  348         cse->uio.uio_iov[0].iov_base = malloc(cop->len, M_XDATA, M_WAITOK);
  349         for (i = 0; i < cse->uio.uio_iovcnt; i++)
  350                 cse->uio.uio_resid += cse->uio.uio_iov[0].iov_len;
  351 
  352         crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
  353         if (crp == NULL) {
  354                 error = ENOMEM;
  355                 goto bail;
  356         }
  357 
  358         if (cse->thash) {
  359                 crda = crp->crp_desc;
  360                 if (cse->txform)
  361                         crde = crda->crd_next;
  362         } else {
  363                 if (cse->txform)
  364                         crde = crp->crp_desc;
  365                 else {
  366                         error = EINVAL;
  367                         goto bail;
  368                 }
  369         }
  370 
  371         if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len)))
  372                 goto bail;
  373 
  374         if (crda) {
  375                 crda->crd_skip = 0;
  376                 crda->crd_len = cop->len;
  377                 crda->crd_inject = 0;   /* ??? */
  378 
  379                 crda->crd_alg = cse->mac;
  380                 crda->crd_key = cse->mackey;
  381                 crda->crd_klen = cse->mackeylen * 8;
  382         }
  383 
  384         if (crde) {
  385                 if (cop->op == COP_ENCRYPT)
  386                         crde->crd_flags |= CRD_F_ENCRYPT;
  387                 else
  388                         crde->crd_flags &= ~CRD_F_ENCRYPT;
  389                 crde->crd_len = cop->len;
  390                 crde->crd_inject = 0;
  391 
  392                 crde->crd_alg = cse->cipher;
  393                 crde->crd_key = cse->key;
  394                 crde->crd_klen = cse->keylen * 8;
  395         }
  396 
  397         crp->crp_ilen = cop->len;
  398         crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM
  399                        | (cop->flags & COP_F_BATCH);
  400         crp->crp_buf = (caddr_t)&cse->uio;
  401         crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb;
  402         crp->crp_sid = cse->sid;
  403         crp->crp_opaque = (void *)cse;
  404 
  405         if (cop->iv) {
  406                 if (crde == NULL) {
  407                         error = EINVAL;
  408                         goto bail;
  409                 }
  410                 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  411                         error = EINVAL;
  412                         goto bail;
  413                 }
  414                 if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize)))
  415                         goto bail;
  416                 bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize);
  417                 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
  418                 crde->crd_skip = 0;
  419         } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
  420                 crde->crd_skip = 0;
  421         } else if (crde) {
  422                 crde->crd_flags |= CRD_F_IV_PRESENT;
  423                 crde->crd_skip = cse->txform->blocksize;
  424                 crde->crd_len -= cse->txform->blocksize;
  425         }
  426 
  427         if (cop->mac) {
  428                 if (crda == NULL) {
  429                         error = EINVAL;
  430                         goto bail;
  431                 }
  432                 crp->crp_mac=cse->tmp_mac;
  433         }
  434 
  435         s = splcrypto();        /* NB: only needed with CRYPTO_F_CBIMM */
  436         error = crypto_dispatch(crp);
  437         if (error == 0 && (crp->crp_flags & CRYPTO_F_DONE) == 0)
  438                 error = tsleep(crp, PSOCK, "crydev", 0);
  439         splx(s);
  440         if (error) {
  441                 goto bail;
  442         }
  443 
  444         if (crp->crp_etype != 0) {
  445                 error = crp->crp_etype;
  446                 goto bail;
  447         }
  448 
  449         if (cse->error) {
  450                 error = cse->error;
  451                 goto bail;
  452         }
  453 
  454         if (cop->dst &&
  455             (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len)))
  456                 goto bail;
  457 
  458         if (cop->mac &&
  459             (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize)))
  460                 goto bail;
  461 
  462 bail:
  463         if (crp)
  464                 crypto_freereq(crp);
  465         if (cse->uio.uio_iov[0].iov_base)
  466                 free(cse->uio.uio_iov[0].iov_base, M_XDATA);
  467 
  468         return (error);
  469 }
  470 
  471 static int
  472 cryptodev_cb(void *op)
  473 {
  474         struct cryptop *crp = (struct cryptop *) op;
  475         struct csession *cse = (struct csession *)crp->crp_opaque;
  476 
  477         cse->error = crp->crp_etype;
  478         if (crp->crp_etype == EAGAIN)
  479                 return crypto_dispatch(crp);
  480         wakeup_one(crp);
  481         return (0);
  482 }
  483 
  484 static int
  485 cryptodevkey_cb(void *op)
  486 {
  487         struct cryptkop *krp = (struct cryptkop *) op;
  488 
  489         wakeup_one(krp);
  490         return (0);
  491 }
  492 
  493 static int
  494 cryptodev_key(struct crypt_kop *kop)
  495 {
  496         struct cryptkop *krp = NULL;
  497         int error = EINVAL;
  498         int in, out, size, i;
  499 
  500         if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
  501                 return (EFBIG);
  502         }
  503 
  504         in = kop->crk_iparams;
  505         out = kop->crk_oparams;
  506         switch (kop->crk_op) {
  507         case CRK_MOD_EXP:
  508                 if (in == 3 && out == 1)
  509                         break;
  510                 return (EINVAL);
  511         case CRK_MOD_EXP_CRT:
  512                 if (in == 6 && out == 1)
  513                         break;
  514                 return (EINVAL);
  515         case CRK_DSA_SIGN:
  516                 if (in == 5 && out == 2)
  517                         break;
  518                 return (EINVAL);
  519         case CRK_DSA_VERIFY:
  520                 if (in == 7 && out == 0)
  521                         break;
  522                 return (EINVAL);
  523         case CRK_DH_COMPUTE_KEY:
  524                 if (in == 3 && out == 1)
  525                         break;
  526                 return (EINVAL);
  527         default:
  528                 return (EINVAL);
  529         }
  530 
  531         krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK);
  532         if (!krp)
  533                 return (ENOMEM);
  534         bzero(krp, sizeof *krp);
  535         krp->krp_op = kop->crk_op;
  536         krp->krp_status = kop->crk_status;
  537         krp->krp_iparams = kop->crk_iparams;
  538         krp->krp_oparams = kop->crk_oparams;
  539         krp->krp_status = 0;
  540         krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
  541 
  542         for (i = 0; i < CRK_MAXPARAM; i++)
  543                 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
  544         for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
  545                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  546                 if (size == 0)
  547                         continue;
  548                 MALLOC(krp->krp_param[i].crp_p, caddr_t, size, M_XDATA, M_WAITOK);
  549                 if (i >= krp->krp_iparams)
  550                         continue;
  551                 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
  552                 if (error)
  553                         goto fail;
  554         }
  555 
  556         error = crypto_kdispatch(krp);
  557         if (error == 0)
  558                 error = tsleep(krp, PSOCK, "crydev", 0);
  559         if (error)
  560                 goto fail;
  561 
  562         if (krp->krp_status != 0) {
  563                 error = krp->krp_status;
  564                 goto fail;
  565         }
  566 
  567         for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
  568                 size = (krp->krp_param[i].crp_nbits + 7) / 8;
  569                 if (size == 0)
  570                         continue;
  571                 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
  572                 if (error)
  573                         goto fail;
  574         }
  575 
  576 fail:
  577         if (krp) {
  578                 kop->crk_status = krp->krp_status;
  579                 for (i = 0; i < CRK_MAXPARAM; i++) {
  580                         if (krp->krp_param[i].crp_p)
  581                                 FREE(krp->krp_param[i].crp_p, M_XDATA);
  582                 }
  583                 free(krp, M_XDATA);
  584         }
  585         return (error);
  586 }
  587 
  588 /* ARGSUSED */
  589 static int
  590 cryptof_close(struct file *fp, struct proc *p)
  591 {
  592         struct fcrypt *fcr = (struct fcrypt *)fp->f_data;
  593         struct csession *cse;
  594 
  595         while ((cse = TAILQ_FIRST(&fcr->csessions))) {
  596                 TAILQ_REMOVE(&fcr->csessions, cse, next);
  597                 (void)csefree(cse);
  598         }
  599         FREE(fcr, M_XDATA);
  600 
  601         /* close() stolen from sys/kern/kern_ktrace.c */
  602 
  603         fp->f_data = NULL;
  604 #if 0
  605         FILE_UNUSE(fp, p);      /* release file */
  606         fdrelease(p, fd);       /* release fd table slot */
  607 #endif
  608 
  609         return 0;
  610 }
  611 
  612 static struct csession *
  613 csefind(struct fcrypt *fcr, u_int ses)
  614 {
  615         struct csession *cse;
  616 
  617         TAILQ_FOREACH(cse, &fcr->csessions, next)
  618                 if (cse->ses == ses)
  619                         return (cse);
  620         return (NULL);
  621 }
  622 
  623 static int
  624 csedelete(struct fcrypt *fcr, struct csession *cse_del)
  625 {
  626         struct csession *cse;
  627 
  628         TAILQ_FOREACH(cse, &fcr->csessions, next) {
  629                 if (cse == cse_del) {
  630                         TAILQ_REMOVE(&fcr->csessions, cse, next);
  631                         return (1);
  632                 }
  633         }
  634         return (0);
  635 }
  636 
  637 static struct csession *
  638 cseadd(struct fcrypt *fcr, struct csession *cse)
  639 {
  640         TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
  641         cse->ses = fcr->sesn++;
  642         return (cse);
  643 }
  644 
  645 static struct csession *
  646 csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
  647     caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
  648     struct enc_xform *txform, struct auth_hash *thash)
  649 {
  650         struct csession *cse;
  651 
  652         MALLOC(cse, struct csession *, sizeof(struct csession),
  653             M_XDATA, M_NOWAIT);
  654         if (cse == NULL)
  655                 return NULL;
  656         cse->key = key;
  657         cse->keylen = keylen/8;
  658         cse->mackey = mackey;
  659         cse->mackeylen = mackeylen/8;
  660         cse->sid = sid;
  661         cse->cipher = cipher;
  662         cse->mac = mac;
  663         cse->txform = txform;
  664         cse->thash = thash;
  665         cseadd(fcr, cse);
  666         return (cse);
  667 }
  668 
  669 static int
  670 csefree(struct csession *cse)
  671 {
  672         int error;
  673 
  674         error = crypto_freesession(cse->sid);
  675         if (cse->key)
  676                 FREE(cse->key, M_XDATA);
  677         if (cse->mackey)
  678                 FREE(cse->mackey, M_XDATA);
  679         FREE(cse, M_XDATA);
  680         return (error);
  681 }
  682 
  683 static int
  684 cryptoopen(dev_t dev, int flag, int mode, struct proc *p)
  685 {
  686         if (crypto_usercrypto == 0)
  687                 return (ENXIO);
  688         return (0);
  689 }
  690 
  691 static int
  692 cryptoread(dev_t dev, struct uio *uio, int ioflag)
  693 {
  694         return (EIO);
  695 }
  696 
  697 static int
  698 cryptowrite(dev_t dev, struct uio *uio, int ioflag)
  699 {
  700         return (EIO);
  701 }
  702 
  703 static int
  704 cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
  705 {
  706         struct file *f;
  707         struct fcrypt *fcr;
  708         int fd, error;
  709 
  710         switch (cmd) {
  711         case CRIOGET:
  712                 MALLOC(fcr, struct fcrypt *,
  713                     sizeof(struct fcrypt), M_XDATA, M_WAITOK);
  714                 TAILQ_INIT(&fcr->csessions);
  715                 fcr->sesn = 0;
  716 
  717                 error = falloc(p, &f, &fd);
  718                 if (error) {
  719                         FREE(fcr, M_XDATA);
  720                         return (error);
  721                 }
  722                 f->f_flag = FREAD | FWRITE;
  723                 f->f_type = DTYPE_CRYPTO;
  724                 f->f_ops = &cryptofops;
  725                 f->f_data = (caddr_t) fcr;
  726                 *(u_int32_t *)data = fd;
  727                 FILE_SET_MATURE(f);
  728                 FILE_UNUSE(f, p);
  729                 break;
  730         default:
  731                 error = EINVAL;
  732                 break;
  733         }
  734         return (error);
  735 }
  736 
  737 int
  738 cryptoselect(dev_t dev, int rw, struct proc *p)
  739 {
  740         return (0);
  741 }
  742 
  743 /*static*/
  744 struct cdevsw crypto_cdevsw = {
  745         /* open */      cryptoopen,
  746         /* close */     nullclose,
  747         /* read */      cryptoread,
  748         /* write */     cryptowrite,
  749         /* ioctl */     cryptoioctl,
  750         /* ttstop?*/    nostop,
  751         /* ??*/         notty,
  752         /* poll */      cryptoselect /*nopoll*/,
  753         /* mmap */      nommap,
  754         /* kqfilter */  nokqfilter,
  755 };
  756 

Cache object: ae393a0f1392e672ff03cfef24036fef


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.