The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/cryptosoft.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: cryptosoft.c,v 1.15 2006/11/16 01:33:51 christos Exp $ */
    2 /*      $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.2.2.1 2002/11/21 23:34:23 sam Exp $       */
    3 /*      $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $ */
    4 
    5 /*
    6  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
    7  *
    8  * This code was written by Angelos D. Keromytis in Athens, Greece, in
    9  * February 2000. Network Security Technologies Inc. (NSTI) kindly
   10  * supported the development of this code.
   11  *
   12  * Copyright (c) 2000, 2001 Angelos D. Keromytis
   13  *
   14  * Permission to use, copy, and modify this software with or without fee
   15  * is hereby granted, provided that this entire notice is included in
   16  * all source code copies of any software which is or includes a copy or
   17  * modification of this software.
   18  *
   19  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
   20  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
   21  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
   22  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
   23  * PURPOSE.
   24  */
   25 
   26 #include <sys/cdefs.h>
   27 __KERNEL_RCSID(0, "$NetBSD: cryptosoft.c,v 1.15 2006/11/16 01:33:51 christos Exp $");
   28 
   29 #include <sys/param.h>
   30 #include <sys/systm.h>
   31 #include <sys/malloc.h>
   32 #include <sys/mbuf.h>
   33 #include <sys/sysctl.h>
   34 #include <sys/errno.h>
   35 
   36 #include <opencrypto/cryptodev.h>
   37 #include <opencrypto/cryptosoft.h>
   38 #include <opencrypto/xform.h>
   39 
   40 #include <opencrypto/cryptosoft_xform.c>
   41 
   42 union authctx {
   43         MD5_CTX md5ctx;
   44         SHA1_CTX sha1ctx;
   45         RMD160_CTX rmd160ctx;
   46         SHA256_CTX sha256ctx;
   47         SHA384_CTX sha384ctx;
   48         SHA512_CTX sha512ctx;
   49 };
   50 
   51 struct swcr_data **swcr_sessions = NULL;
   52 u_int32_t swcr_sesnum = 0;
   53 int32_t swcr_id = -1;
   54 
   55 #define COPYBACK(x, a, b, c, d) \
   56         (x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \
   57         : cuio_copyback((struct uio *)a,b,c,d)
   58 #define COPYDATA(x, a, b, c, d) \
   59         (x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \
   60         : cuio_copydata((struct uio *)a,b,c,d)
   61 
   62 static  int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
   63 static  int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
   64                              struct swcr_data *sw, caddr_t buf, int outtype);
   65 static  int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
   66 static  int swcr_process(void *, struct cryptop *, int);
   67 static  int swcr_newsession(void *, u_int32_t *, struct cryptoini *);
   68 static  int swcr_freesession(void *, u_int64_t);
   69 
   70 /*
   71  * Apply a symmetric encryption/decryption algorithm.
   72  */
   73 static int
   74 swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
   75     int outtype)
   76 {
   77         unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
   78         unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN];
   79         const struct swcr_enc_xform *exf;
   80         int i, k, j, blks;
   81         int count, ind;
   82 
   83         exf = sw->sw_exf;
   84         blks = exf->enc_xform->blocksize;
   85 
   86         /* Check for non-padded data */
   87         if (crd->crd_len % blks)
   88                 return EINVAL;
   89 
   90         /* Initialize the IV */
   91         if (crd->crd_flags & CRD_F_ENCRYPT) {
   92                 /* IV explicitly provided ? */
   93                 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
   94                         bcopy(crd->crd_iv, iv, blks);
   95                 else {
   96                         /* Get random IV */
   97                         for (i = 0;
   98                             i + sizeof (u_int32_t) < EALG_MAX_BLOCK_LEN;
   99                             i += sizeof (u_int32_t)) {
  100                                 u_int32_t temp = arc4random();
  101 
  102                                 bcopy(&temp, iv + i, sizeof(u_int32_t));
  103                         }
  104                         /*
  105                          * What if the block size is not a multiple
  106                          * of sizeof (u_int32_t), which is the size of
  107                          * what arc4random() returns ?
  108                          */
  109                         if (EALG_MAX_BLOCK_LEN % sizeof (u_int32_t) != 0) {
  110                                 u_int32_t temp = arc4random();
  111 
  112                                 bcopy (&temp, iv + i,
  113                                     EALG_MAX_BLOCK_LEN - i);
  114                         }
  115                 }
  116 
  117                 /* Do we need to write the IV */
  118                 if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {
  119                         COPYBACK(outtype, buf, crd->crd_inject, blks, iv);
  120                 }
  121 
  122         } else {        /* Decryption */
  123                         /* IV explicitly provided ? */
  124                 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
  125                         bcopy(crd->crd_iv, iv, blks);
  126                 else {
  127                         /* Get IV off buf */
  128                         COPYDATA(outtype, buf, crd->crd_inject, blks, iv);
  129                 }
  130         }
  131 
  132         ivp = iv;
  133 
  134         if (outtype == CRYPTO_BUF_CONTIG) {
  135                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  136                         for (i = crd->crd_skip;
  137                             i < crd->crd_skip + crd->crd_len; i += blks) {
  138                                 /* XOR with the IV/previous block, as appropriate. */
  139                                 if (i == crd->crd_skip)
  140                                         for (k = 0; k < blks; k++)
  141                                                 buf[i + k] ^= ivp[k];
  142                                 else
  143                                         for (k = 0; k < blks; k++)
  144                                                 buf[i + k] ^= buf[i + k - blks];
  145                                 exf->encrypt(sw->sw_kschedule, buf + i);
  146                         }
  147                 } else {                /* Decrypt */
  148                         /*
  149                          * Start at the end, so we don't need to keep the encrypted
  150                          * block as the IV for the next block.
  151                          */
  152                         for (i = crd->crd_skip + crd->crd_len - blks;
  153                             i >= crd->crd_skip; i -= blks) {
  154                                 exf->decrypt(sw->sw_kschedule, buf + i);
  155 
  156                                 /* XOR with the IV/previous block, as appropriate */
  157                                 if (i == crd->crd_skip)
  158                                         for (k = 0; k < blks; k++)
  159                                                 buf[i + k] ^= ivp[k];
  160                                 else
  161                                         for (k = 0; k < blks; k++)
  162                                                 buf[i + k] ^= buf[i + k - blks];
  163                         }
  164                 }
  165 
  166                 return 0;
  167         } else if (outtype == CRYPTO_BUF_MBUF) {
  168                 struct mbuf *m = (struct mbuf *) buf;
  169 
  170                 /* Find beginning of data */
  171                 m = m_getptr(m, crd->crd_skip, &k);
  172                 if (m == NULL)
  173                         return EINVAL;
  174 
  175                 i = crd->crd_len;
  176 
  177                 while (i > 0) {
  178                         /*
  179                          * If there's insufficient data at the end of
  180                          * an mbuf, we have to do some copying.
  181                          */
  182                         if (m->m_len < k + blks && m->m_len != k) {
  183                                 m_copydata(m, k, blks, blk);
  184 
  185                                 /* Actual encryption/decryption */
  186                                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  187                                         /* XOR with previous block */
  188                                         for (j = 0; j < blks; j++)
  189                                                 blk[j] ^= ivp[j];
  190 
  191                                         exf->encrypt(sw->sw_kschedule, blk);
  192 
  193                                         /*
  194                                          * Keep encrypted block for XOR'ing
  195                                          * with next block
  196                                          */
  197                                         bcopy(blk, iv, blks);
  198                                         ivp = iv;
  199                                 } else {        /* decrypt */
  200                                         /*
  201                                          * Keep encrypted block for XOR'ing
  202                                          * with next block
  203                                          */
  204                                         if (ivp == iv)
  205                                                 bcopy(blk, piv, blks);
  206                                         else
  207                                                 bcopy(blk, iv, blks);
  208 
  209                                         exf->decrypt(sw->sw_kschedule, blk);
  210 
  211                                         /* XOR with previous block */
  212                                         for (j = 0; j < blks; j++)
  213                                                 blk[j] ^= ivp[j];
  214 
  215                                         if (ivp == iv)
  216                                                 bcopy(piv, iv, blks);
  217                                         else
  218                                                 ivp = iv;
  219                                 }
  220 
  221                                 /* Copy back decrypted block */
  222                                 m_copyback(m, k, blks, blk);
  223 
  224                                 /* Advance pointer */
  225                                 m = m_getptr(m, k + blks, &k);
  226                                 if (m == NULL)
  227                                         return EINVAL;
  228 
  229                                 i -= blks;
  230 
  231                                 /* Could be done... */
  232                                 if (i == 0)
  233                                         break;
  234                         }
  235 
  236                         /* Skip possibly empty mbufs */
  237                         if (k == m->m_len) {
  238                                 for (m = m->m_next; m && m->m_len == 0;
  239                                     m = m->m_next)
  240                                         ;
  241                                 k = 0;
  242                         }
  243 
  244                         /* Sanity check */
  245                         if (m == NULL)
  246                                 return EINVAL;
  247 
  248                         /*
  249                          * Warning: idat may point to garbage here, but
  250                          * we only use it in the while() loop, only if
  251                          * there are indeed enough data.
  252                          */
  253                         idat = mtod(m, unsigned char *) + k;
  254 
  255                         while (m->m_len >= k + blks && i > 0) {
  256                                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  257                                         /* XOR with previous block/IV */
  258                                         for (j = 0; j < blks; j++)
  259                                                 idat[j] ^= ivp[j];
  260 
  261                                         exf->encrypt(sw->sw_kschedule, idat);
  262                                         ivp = idat;
  263                                 } else {        /* decrypt */
  264                                         /*
  265                                          * Keep encrypted block to be used
  266                                          * in next block's processing.
  267                                          */
  268                                         if (ivp == iv)
  269                                                 bcopy(idat, piv, blks);
  270                                         else
  271                                                 bcopy(idat, iv, blks);
  272 
  273                                         exf->decrypt(sw->sw_kschedule, idat);
  274 
  275                                         /* XOR with previous block/IV */
  276                                         for (j = 0; j < blks; j++)
  277                                                 idat[j] ^= ivp[j];
  278 
  279                                         if (ivp == iv)
  280                                                 bcopy(piv, iv, blks);
  281                                         else
  282                                                 ivp = iv;
  283                                 }
  284 
  285                                 idat += blks;
  286                                 k += blks;
  287                                 i -= blks;
  288                         }
  289                 }
  290 
  291                 return 0; /* Done with mbuf encryption/decryption */
  292         } else if (outtype == CRYPTO_BUF_IOV) {
  293                 struct uio *uio = (struct uio *) buf;
  294 
  295 #ifdef __FreeBSD__
  296                 struct iovec *iov;
  297                 /* Find beginning of data */
  298                 iov = cuio_getptr(uio, crd->crd_skip, &k);
  299                 if (iov == NULL)
  300                         return EINVAL;
  301 
  302                 i = crd->crd_len;
  303 
  304                 while (i > 0) {
  305                         /*
  306                          * If there's insufficient data at the end of
  307                          * an iovec, we have to do some copying.
  308                          */
  309                         if (iov->iov_len < k + blks && iov->iov_len != k) {
  310                                 cuio_copydata(uio, k, blks, blk);
  311 
  312                                 /* Actual encryption/decryption */
  313                                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  314                                         /* XOR with previous block */
  315                                         for (j = 0; j < blks; j++)
  316                                                 blk[j] ^= ivp[j];
  317 
  318                                         exf->encrypt(sw->sw_kschedule, blk);
  319 
  320                                         /*
  321                                          * Keep encrypted block for XOR'ing
  322                                          * with next block
  323                                          */
  324                                         bcopy(blk, iv, blks);
  325                                         ivp = iv;
  326                                 } else {        /* decrypt */
  327                                         /*
  328                                          * Keep encrypted block for XOR'ing
  329                                          * with next block
  330                                          */
  331                                         if (ivp == iv)
  332                                                 bcopy(blk, piv, blks);
  333                                         else
  334                                                 bcopy(blk, iv, blks);
  335 
  336                                         exf->decrypt(sw->sw_kschedule, blk);
  337 
  338                                         /* XOR with previous block */
  339                                         for (j = 0; j < blks; j++)
  340                                                 blk[j] ^= ivp[j];
  341 
  342                                         if (ivp == iv)
  343                                                 bcopy(piv, iv, blks);
  344                                         else
  345                                                 ivp = iv;
  346                                 }
  347 
  348                                 /* Copy back decrypted block */
  349                                 cuio_copyback(uio, k, blks, blk);
  350 
  351                                 /* Advance pointer */
  352                                 iov = cuio_getptr(uio, k + blks, &k);
  353                                 if (iov == NULL)
  354                                         return EINVAL;
  355 
  356                                 i -= blks;
  357 
  358                                 /* Could be done... */
  359                                 if (i == 0)
  360                                         break;
  361                         }
  362 
  363                         /*
  364                          * Warning: idat may point to garbage here, but
  365                          * we only use it in the while() loop, only if
  366                          * there are indeed enough data.
  367                          */
  368                         idat = (char *)iov->iov_base + k;
  369 
  370                         while (iov->iov_len >= k + blks && i > 0) {
  371                                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  372                                         /* XOR with previous block/IV */
  373                                         for (j = 0; j < blks; j++)
  374                                                 idat[j] ^= ivp[j];
  375 
  376                                         exf->encrypt(sw->sw_kschedule, idat);
  377                                         ivp = idat;
  378                                 } else {        /* decrypt */
  379                                         /*
  380                                          * Keep encrypted block to be used
  381                                          * in next block's processing.
  382                                          */
  383                                         if (ivp == iv)
  384                                                 bcopy(idat, piv, blks);
  385                                         else
  386                                                 bcopy(idat, iv, blks);
  387 
  388                                         exf->decrypt(sw->sw_kschedule, idat);
  389 
  390                                         /* XOR with previous block/IV */
  391                                         for (j = 0; j < blks; j++)
  392                                                 idat[j] ^= ivp[j];
  393 
  394                                         if (ivp == iv)
  395                                                 bcopy(piv, iv, blks);
  396                                         else
  397                                                 ivp = iv;
  398                                 }
  399 
  400                                 idat += blks;
  401                                 k += blks;
  402                                 i -= blks;
  403                         }
  404                 }
  405 
  406                 return 0; /* Done with mbuf encryption/decryption */
  407 #else  /* !freebsd iov */
  408                 /* Find beginning of data */
  409                 count = crd->crd_skip;
  410                 ind = cuio_getptr(uio, count, &k);
  411                 if (ind == -1)
  412                         return EINVAL;
  413 
  414                 i = crd->crd_len;
  415 
  416                 while (i > 0) {
  417                         /*
  418                          * If there's insufficient data at the end,
  419                          * we have to do some copying.
  420                          */
  421                         if (uio->uio_iov[ind].iov_len < k + blks &&
  422                             uio->uio_iov[ind].iov_len != k) {
  423                                 cuio_copydata(uio, k, blks, blk);
  424 
  425                                 /* Actual encryption/decryption */
  426                                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  427                                         /* XOR with previous block */
  428                                         for (j = 0; j < blks; j++)
  429                                                 blk[j] ^= ivp[j];
  430 
  431                                         exf->encrypt(sw->sw_kschedule, blk);
  432 
  433                                         /*
  434                                          * Keep encrypted block for XOR'ing
  435                                          * with next block
  436                                          */
  437                                         bcopy(blk, iv, blks);
  438                                         ivp = iv;
  439                                 } else {        /* decrypt */
  440                                         /*
  441                                          * Keep encrypted block for XOR'ing
  442                                          * with next block
  443                                          */
  444                                         if (ivp == iv)
  445                                                 bcopy(blk, piv, blks);
  446                                         else
  447                                                 bcopy(blk, iv, blks);
  448 
  449                                         exf->decrypt(sw->sw_kschedule, blk);
  450 
  451                                         /* XOR with previous block */
  452                                         for (j = 0; j < blks; j++)
  453                                                 blk[j] ^= ivp[j];
  454 
  455                                         if (ivp == iv)
  456                                                 bcopy(piv, iv, blks);
  457                                         else
  458                                                 ivp = iv;
  459                                 }
  460 
  461                                 /* Copy back decrypted block */
  462                                 cuio_copyback(uio, k, blks, blk);
  463 
  464                                 count += blks;
  465 
  466                                 /* Advance pointer */
  467                                 ind = cuio_getptr(uio, count, &k);
  468                                 if (ind == -1)
  469                                         return (EINVAL);
  470 
  471                                 i -= blks;
  472 
  473                                 /* Could be done... */
  474                                 if (i == 0)
  475                                         break;
  476                         }
  477 
  478                         /*
  479                          * Warning: idat may point to garbage here, but
  480                          * we only use it in the while() loop, only if
  481                          * there are indeed enough data.
  482                          */
  483                         idat = ((caddr_t)uio->uio_iov[ind].iov_base) + k;
  484 
  485                         while (uio->uio_iov[ind].iov_len >= k + blks &&
  486                             i > 0) {
  487                                 if (crd->crd_flags & CRD_F_ENCRYPT) {
  488                                         /* XOR with previous block/IV */
  489                                         for (j = 0; j < blks; j++)
  490                                                 idat[j] ^= ivp[j];
  491 
  492                                         exf->encrypt(sw->sw_kschedule, idat);
  493                                         ivp = idat;
  494                                 } else {        /* decrypt */
  495                                         /*
  496                                          * Keep encrypted block to be used
  497                                          * in next block's processing.
  498                                          */
  499                                         if (ivp == iv)
  500                                                 bcopy(idat, piv, blks);
  501                                         else
  502                                                 bcopy(idat, iv, blks);
  503 
  504                                         exf->decrypt(sw->sw_kschedule, idat);
  505 
  506                                         /* XOR with previous block/IV */
  507                                         for (j = 0; j < blks; j++)
  508                                                 idat[j] ^= ivp[j];
  509 
  510                                         if (ivp == iv)
  511                                                 bcopy(piv, iv, blks);
  512                                         else
  513                                                 ivp = iv;
  514                                 }
  515 
  516                                 idat += blks;
  517                                 count += blks;
  518                                 k += blks;
  519                                 i -= blks;
  520                         }
  521                 }
  522 #endif
  523                 return 0; /* Done with mbuf encryption/decryption */
  524         }
  525 
  526         /* Unreachable */
  527         return EINVAL;
  528 }
  529 
  530 /*
  531  * Compute keyed-hash authenticator.
  532  */
  533 static int
  534 swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
  535     struct swcr_data *sw, caddr_t buf, int outtype)
  536 {
  537         unsigned char aalg[AALG_MAX_RESULT_LEN];
  538         const struct swcr_auth_hash *axf;
  539         union authctx ctx;
  540         int err;
  541 
  542         if (sw->sw_ictx == 0)
  543                 return EINVAL;
  544 
  545         axf = sw->sw_axf;
  546 
  547         bcopy(sw->sw_ictx, &ctx, axf->auth_hash->ctxsize);
  548 
  549         switch (outtype) {
  550         case CRYPTO_BUF_CONTIG:
  551                 axf->Update(&ctx, buf + crd->crd_skip, crd->crd_len);
  552                 break;
  553         case CRYPTO_BUF_MBUF:
  554                 err = m_apply((struct mbuf *) buf, crd->crd_skip, crd->crd_len,
  555                     (int (*)(void*, caddr_t, unsigned int)) axf->Update,
  556                     (caddr_t) &ctx);
  557                 if (err)
  558                         return err;
  559                 break;
  560         case CRYPTO_BUF_IOV:
  561 #ifdef __FreeBSD__
  562                 /*XXX FIXME: handle iov case*/
  563                 return EINVAL;
  564 #else
  565                 err = cuio_apply((struct uio *) buf, crd->crd_skip,
  566                     crd->crd_len,
  567                     (int (*)(caddr_t, caddr_t, unsigned int)) axf->Update,
  568                     (caddr_t) &ctx);
  569                 if (err) {
  570                         return err;
  571                 }
  572 #endif
  573                 break;
  574         default:
  575                 return EINVAL;
  576         }
  577 
  578         switch (sw->sw_alg) {
  579         case CRYPTO_MD5_HMAC:
  580         case CRYPTO_SHA1_HMAC:
  581         case CRYPTO_SHA2_HMAC:
  582         case CRYPTO_RIPEMD160_HMAC:
  583                 if (sw->sw_octx == NULL)
  584                         return EINVAL;
  585 
  586                 axf->Final(aalg, &ctx);
  587                 bcopy(sw->sw_octx, &ctx, axf->auth_hash->ctxsize);
  588                 axf->Update(&ctx, aalg, axf->auth_hash->hashsize);
  589                 axf->Final(aalg, &ctx);
  590                 break;
  591 
  592         case CRYPTO_MD5_KPDK:
  593         case CRYPTO_SHA1_KPDK:
  594                 if (sw->sw_octx == NULL)
  595                         return EINVAL;
  596 
  597                 axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
  598                 axf->Final(aalg, &ctx);
  599                 break;
  600 
  601         case CRYPTO_NULL_HMAC:
  602         case CRYPTO_MD5:
  603         case CRYPTO_SHA1:
  604                 axf->Final(aalg, &ctx);
  605                 break;
  606         }
  607 
  608         /* Inject the authentication data */
  609         switch (outtype) {
  610         case CRYPTO_BUF_CONTIG:
  611                 bcopy(aalg, buf + crd->crd_inject, axf->auth_hash->authsize);
  612                 break;
  613         case CRYPTO_BUF_MBUF:
  614                 m_copyback((struct mbuf *) buf, crd->crd_inject,
  615                     axf->auth_hash->authsize, aalg);
  616                 break;
  617         case CRYPTO_BUF_IOV:
  618                 bcopy(aalg, crp->crp_mac, axf->auth_hash->authsize);
  619                 break;
  620         default:
  621                 return EINVAL;
  622         }
  623         return 0;
  624 }
  625 
  626 /*
  627  * Apply a compression/decompression algorithm
  628  */
  629 static int
  630 swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw,
  631     caddr_t buf, int outtype)
  632 {
  633         u_int8_t *data, *out;
  634         const struct swcr_comp_algo *cxf;
  635         int adj;
  636         u_int32_t result;
  637 
  638         cxf = sw->sw_cxf;
  639 
  640         /* We must handle the whole buffer of data in one time
  641          * then if there is not all the data in the mbuf, we must
  642          * copy in a buffer.
  643          */
  644 
  645         data = malloc(crd->crd_len, M_CRYPTO_DATA, M_NOWAIT);
  646         if (data == NULL)
  647                 return (EINVAL);
  648         COPYDATA(outtype, buf, crd->crd_skip, crd->crd_len, data);
  649 
  650         if (crd->crd_flags & CRD_F_COMP)
  651                 result = cxf->compress(data, crd->crd_len, &out);
  652         else
  653                 result = cxf->decompress(data, crd->crd_len, &out);
  654 
  655         FREE(data, M_CRYPTO_DATA);
  656         if (result == 0)
  657                 return EINVAL;
  658 
  659         /* Copy back the (de)compressed data. m_copyback is
  660          * extending the mbuf as necessary.
  661          */
  662         sw->sw_size = result;
  663         /* Check the compressed size when doing compression */
  664         if (crd->crd_flags & CRD_F_COMP) {
  665                 if (result > crd->crd_len) {
  666                         /* Compression was useless, we lost time */
  667                         FREE(out, M_CRYPTO_DATA);
  668                         return 0;
  669                 }
  670         }
  671 
  672         COPYBACK(outtype, buf, crd->crd_skip, result, out);
  673         if (result < crd->crd_len) {
  674                 adj = result - crd->crd_len;
  675                 if (outtype == CRYPTO_BUF_MBUF) {
  676                         adj = result - crd->crd_len;
  677                         m_adj((struct mbuf *)buf, adj);
  678                 } else {
  679                         struct uio *uio = (struct uio *)buf;
  680                         int ind;
  681 
  682                         adj = crd->crd_len - result;
  683                         ind = uio->uio_iovcnt - 1;
  684 
  685                         while (adj > 0 && ind >= 0) {
  686                                 if (adj < uio->uio_iov[ind].iov_len) {
  687                                         uio->uio_iov[ind].iov_len -= adj;
  688                                         break;
  689                                 }
  690 
  691                                 adj -= uio->uio_iov[ind].iov_len;
  692                                 uio->uio_iov[ind].iov_len = 0;
  693                                 ind--;
  694                                 uio->uio_iovcnt--;
  695                         }
  696                 }
  697         }
  698         FREE(out, M_CRYPTO_DATA);
  699         return 0;
  700 }
  701 
  702 /*
  703  * Generate a new software session.
  704  */
  705 static int
  706 swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
  707 {
  708         struct swcr_data **swd;
  709         const struct swcr_auth_hash *axf;
  710         const struct swcr_enc_xform *txf;
  711         const struct swcr_comp_algo *cxf;
  712         u_int32_t i;
  713         int k, error;
  714 
  715         if (sid == NULL || cri == NULL)
  716                 return EINVAL;
  717 
  718         if (swcr_sessions) {
  719                 for (i = 1; i < swcr_sesnum; i++)
  720                         if (swcr_sessions[i] == NULL)
  721                                 break;
  722         } else
  723                 i = 1;          /* NB: to silence compiler warning */
  724 
  725         if (swcr_sessions == NULL || i == swcr_sesnum) {
  726                 if (swcr_sessions == NULL) {
  727                         i = 1; /* We leave swcr_sessions[0] empty */
  728                         swcr_sesnum = CRYPTO_SW_SESSIONS;
  729                 } else
  730                         swcr_sesnum *= 2;
  731 
  732                 swd = malloc(swcr_sesnum * sizeof(struct swcr_data *),
  733                     M_CRYPTO_DATA, M_NOWAIT);
  734                 if (swd == NULL) {
  735                         /* Reset session number */
  736                         if (swcr_sesnum == CRYPTO_SW_SESSIONS)
  737                                 swcr_sesnum = 0;
  738                         else
  739                                 swcr_sesnum /= 2;
  740                         return ENOBUFS;
  741                 }
  742 
  743                 bzero(swd, swcr_sesnum * sizeof(struct swcr_data *));
  744 
  745                 /* Copy existing sessions */
  746                 if (swcr_sessions) {
  747                         bcopy(swcr_sessions, swd,
  748                             (swcr_sesnum / 2) * sizeof(struct swcr_data *));
  749                         free(swcr_sessions, M_CRYPTO_DATA);
  750                 }
  751 
  752                 swcr_sessions = swd;
  753         }
  754 
  755         swd = &swcr_sessions[i];
  756         *sid = i;
  757 
  758         while (cri) {
  759                 *swd = malloc(sizeof **swd, M_CRYPTO_DATA, M_NOWAIT);
  760                 if (*swd == NULL) {
  761                         swcr_freesession(NULL, i);
  762                         return ENOBUFS;
  763                 }
  764                 bzero(*swd, sizeof(struct swcr_data));
  765 
  766                 switch (cri->cri_alg) {
  767                 case CRYPTO_DES_CBC:
  768                         txf = &swcr_enc_xform_des;
  769                         goto enccommon;
  770                 case CRYPTO_3DES_CBC:
  771                         txf = &swcr_enc_xform_3des;
  772                         goto enccommon;
  773                 case CRYPTO_BLF_CBC:
  774                         txf = &swcr_enc_xform_blf;
  775                         goto enccommon;
  776                 case CRYPTO_CAST_CBC:
  777                         txf = &swcr_enc_xform_cast5;
  778                         goto enccommon;
  779                 case CRYPTO_SKIPJACK_CBC:
  780                         txf = &swcr_enc_xform_skipjack;
  781                         goto enccommon;
  782                 case CRYPTO_RIJNDAEL128_CBC:
  783                         txf = &swcr_enc_xform_rijndael128;
  784                         goto enccommon;
  785                 case CRYPTO_NULL_CBC:
  786                         txf = &swcr_enc_xform_null;
  787                         goto enccommon;
  788                 enccommon:
  789                         error = txf->setkey(&((*swd)->sw_kschedule),
  790                                         cri->cri_key, cri->cri_klen / 8);
  791                         if (error) {
  792                                 swcr_freesession(NULL, i);
  793                                 return error;
  794                         }
  795                         (*swd)->sw_exf = txf;
  796                         break;
  797 
  798                 case CRYPTO_MD5_HMAC:
  799                         axf = &swcr_auth_hash_hmac_md5_96;
  800                         goto authcommon;
  801                 case CRYPTO_SHA1_HMAC:
  802                         axf = &swcr_auth_hash_hmac_sha1_96;
  803                         goto authcommon;
  804                 case CRYPTO_SHA2_HMAC:
  805                         if (cri->cri_klen == 256)
  806                                 axf = &swcr_auth_hash_hmac_sha2_256;
  807                         else if (cri->cri_klen == 384)
  808                                 axf = &swcr_auth_hash_hmac_sha2_384;
  809                         else if (cri->cri_klen == 512)
  810                                 axf = &swcr_auth_hash_hmac_sha2_512;
  811                         else {
  812                                 swcr_freesession(NULL, i);
  813                                 return EINVAL;
  814                         }
  815                         goto authcommon;
  816                 case CRYPTO_NULL_HMAC:
  817                         axf = &swcr_auth_hash_null;
  818                         goto authcommon;
  819                 case CRYPTO_RIPEMD160_HMAC:
  820                         axf = &swcr_auth_hash_hmac_ripemd_160_96;
  821                 authcommon:
  822                         (*swd)->sw_ictx = malloc(axf->auth_hash->ctxsize,
  823                             M_CRYPTO_DATA, M_NOWAIT);
  824                         if ((*swd)->sw_ictx == NULL) {
  825                                 swcr_freesession(NULL, i);
  826                                 return ENOBUFS;
  827                         }
  828 
  829                         (*swd)->sw_octx = malloc(axf->auth_hash->ctxsize,
  830                             M_CRYPTO_DATA, M_NOWAIT);
  831                         if ((*swd)->sw_octx == NULL) {
  832                                 swcr_freesession(NULL, i);
  833                                 return ENOBUFS;
  834                         }
  835 
  836                         for (k = 0; k < cri->cri_klen / 8; k++)
  837                                 cri->cri_key[k] ^= HMAC_IPAD_VAL;
  838 
  839                         axf->Init((*swd)->sw_ictx);
  840                         axf->Update((*swd)->sw_ictx, cri->cri_key,
  841                             cri->cri_klen / 8);
  842                         axf->Update((*swd)->sw_ictx, hmac_ipad_buffer,
  843                             HMAC_BLOCK_LEN - (cri->cri_klen / 8));
  844 
  845                         for (k = 0; k < cri->cri_klen / 8; k++)
  846                                 cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
  847 
  848                         axf->Init((*swd)->sw_octx);
  849                         axf->Update((*swd)->sw_octx, cri->cri_key,
  850                             cri->cri_klen / 8);
  851                         axf->Update((*swd)->sw_octx, hmac_opad_buffer,
  852                             HMAC_BLOCK_LEN - (cri->cri_klen / 8));
  853 
  854                         for (k = 0; k < cri->cri_klen / 8; k++)
  855                                 cri->cri_key[k] ^= HMAC_OPAD_VAL;
  856                         (*swd)->sw_axf = axf;
  857                         break;
  858 
  859                 case CRYPTO_MD5_KPDK:
  860                         axf = &swcr_auth_hash_key_md5;
  861                         goto auth2common;
  862 
  863                 case CRYPTO_SHA1_KPDK:
  864                         axf = &swcr_auth_hash_key_sha1;
  865                 auth2common:
  866                         (*swd)->sw_ictx = malloc(axf->auth_hash->ctxsize,
  867                             M_CRYPTO_DATA, M_NOWAIT);
  868                         if ((*swd)->sw_ictx == NULL) {
  869                                 swcr_freesession(NULL, i);
  870                                 return ENOBUFS;
  871                         }
  872 
  873                         /* Store the key so we can "append" it to the payload */
  874                         (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA,
  875                             M_NOWAIT);
  876                         if ((*swd)->sw_octx == NULL) {
  877                                 swcr_freesession(NULL, i);
  878                                 return ENOBUFS;
  879                         }
  880 
  881                         (*swd)->sw_klen = cri->cri_klen / 8;
  882                         bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8);
  883                         axf->Init((*swd)->sw_ictx);
  884                         axf->Update((*swd)->sw_ictx, cri->cri_key,
  885                             cri->cri_klen / 8);
  886                         axf->Final(NULL, (*swd)->sw_ictx);
  887                         (*swd)->sw_axf = axf;
  888                         break;
  889 
  890                 case CRYPTO_MD5:
  891                         axf = &swcr_auth_hash_md5;
  892                         goto auth3common;
  893 
  894                 case CRYPTO_SHA1:
  895                         axf = &swcr_auth_hash_sha1;
  896                 auth3common:
  897                         (*swd)->sw_ictx = malloc(axf->auth_hash->ctxsize,
  898                             M_CRYPTO_DATA, M_NOWAIT);
  899                         if ((*swd)->sw_ictx == NULL) {
  900                                 swcr_freesession(NULL, i);
  901                                 return ENOBUFS;
  902                         }
  903 
  904                         axf->Init((*swd)->sw_ictx);
  905                         (*swd)->sw_axf = axf;
  906                         break;
  907 
  908                 case CRYPTO_DEFLATE_COMP:
  909                         cxf = &swcr_comp_algo_deflate;
  910                         (*swd)->sw_cxf = cxf;
  911                         break;
  912                 default:
  913                         swcr_freesession(NULL, i);
  914                         return EINVAL;
  915                 }
  916 
  917                 (*swd)->sw_alg = cri->cri_alg;
  918                 cri = cri->cri_next;
  919                 swd = &((*swd)->sw_next);
  920         }
  921         return 0;
  922 }
  923 
  924 /*
  925  * Free a session.
  926  */
  927 static int
  928 swcr_freesession(void *arg, u_int64_t tid)
  929 {
  930         struct swcr_data *swd;
  931         const struct swcr_enc_xform *txf;
  932         const struct swcr_auth_hash *axf;
  933         const struct swcr_comp_algo *cxf;
  934         u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
  935 
  936         if (sid > swcr_sesnum || swcr_sessions == NULL ||
  937             swcr_sessions[sid] == NULL)
  938                 return EINVAL;
  939 
  940         /* Silently accept and return */
  941         if (sid == 0)
  942                 return 0;
  943 
  944         while ((swd = swcr_sessions[sid]) != NULL) {
  945                 swcr_sessions[sid] = swd->sw_next;
  946 
  947                 switch (swd->sw_alg) {
  948                 case CRYPTO_DES_CBC:
  949                 case CRYPTO_3DES_CBC:
  950                 case CRYPTO_BLF_CBC:
  951                 case CRYPTO_CAST_CBC:
  952                 case CRYPTO_SKIPJACK_CBC:
  953                 case CRYPTO_RIJNDAEL128_CBC:
  954                 case CRYPTO_NULL_CBC:
  955                         txf = swd->sw_exf;
  956 
  957                         if (swd->sw_kschedule)
  958                                 txf->zerokey(&(swd->sw_kschedule));
  959                         break;
  960 
  961                 case CRYPTO_MD5_HMAC:
  962                 case CRYPTO_SHA1_HMAC:
  963                 case CRYPTO_SHA2_HMAC:
  964                 case CRYPTO_RIPEMD160_HMAC:
  965                 case CRYPTO_NULL_HMAC:
  966                         axf = swd->sw_axf;
  967 
  968                         if (swd->sw_ictx) {
  969                                 bzero(swd->sw_ictx, axf->auth_hash->ctxsize);
  970                                 free(swd->sw_ictx, M_CRYPTO_DATA);
  971                         }
  972                         if (swd->sw_octx) {
  973                                 bzero(swd->sw_octx, axf->auth_hash->ctxsize);
  974                                 free(swd->sw_octx, M_CRYPTO_DATA);
  975                         }
  976                         break;
  977 
  978                 case CRYPTO_MD5_KPDK:
  979                 case CRYPTO_SHA1_KPDK:
  980                         axf = swd->sw_axf;
  981 
  982                         if (swd->sw_ictx) {
  983                                 bzero(swd->sw_ictx, axf->auth_hash->ctxsize);
  984                                 free(swd->sw_ictx, M_CRYPTO_DATA);
  985                         }
  986                         if (swd->sw_octx) {
  987                                 bzero(swd->sw_octx, swd->sw_klen);
  988                                 free(swd->sw_octx, M_CRYPTO_DATA);
  989                         }
  990                         break;
  991 
  992                 case CRYPTO_MD5:
  993                 case CRYPTO_SHA1:
  994                         axf = swd->sw_axf;
  995 
  996                         if (swd->sw_ictx)
  997                                 free(swd->sw_ictx, M_CRYPTO_DATA);
  998                         break;
  999 
 1000                 case CRYPTO_DEFLATE_COMP:
 1001                         cxf = swd->sw_cxf;
 1002                         break;
 1003                 }
 1004 
 1005                 FREE(swd, M_CRYPTO_DATA);
 1006         }
 1007         return 0;
 1008 }
 1009 
 1010 /*
 1011  * Process a software request.
 1012  */
 1013 static int
 1014 swcr_process(void *arg, struct cryptop *crp, int hint)
 1015 {
 1016         struct cryptodesc *crd;
 1017         struct swcr_data *sw;
 1018         u_int32_t lid;
 1019         int type;
 1020 
 1021         /* Sanity check */
 1022         if (crp == NULL)
 1023                 return EINVAL;
 1024 
 1025         if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
 1026                 crp->crp_etype = EINVAL;
 1027                 goto done;
 1028         }
 1029 
 1030         lid = crp->crp_sid & 0xffffffff;
 1031         if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) {
 1032                 crp->crp_etype = ENOENT;
 1033                 goto done;
 1034         }
 1035 
 1036         if (crp->crp_flags & CRYPTO_F_IMBUF) {
 1037                 type = CRYPTO_BUF_MBUF;
 1038         } else if (crp->crp_flags & CRYPTO_F_IOV) {
 1039                 type = CRYPTO_BUF_IOV;
 1040         } else {
 1041                 type = CRYPTO_BUF_CONTIG;
 1042         }
 1043 
 1044         /* Go through crypto descriptors, processing as we go */
 1045         for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
 1046                 /*
 1047                  * Find the crypto context.
 1048                  *
 1049                  * XXX Note that the logic here prevents us from having
 1050                  * XXX the same algorithm multiple times in a session
 1051                  * XXX (or rather, we can but it won't give us the right
 1052                  * XXX results). To do that, we'd need some way of differentiating
 1053                  * XXX between the various instances of an algorithm (so we can
 1054                  * XXX locate the correct crypto context).
 1055                  */
 1056                 for (sw = swcr_sessions[lid];
 1057                     sw && sw->sw_alg != crd->crd_alg;
 1058                     sw = sw->sw_next)
 1059                         ;
 1060 
 1061                 /* No such context ? */
 1062                 if (sw == NULL) {
 1063                         crp->crp_etype = EINVAL;
 1064                         goto done;
 1065                 }
 1066 
 1067                 switch (sw->sw_alg) {
 1068                 case CRYPTO_DES_CBC:
 1069                 case CRYPTO_3DES_CBC:
 1070                 case CRYPTO_BLF_CBC:
 1071                 case CRYPTO_CAST_CBC:
 1072                 case CRYPTO_SKIPJACK_CBC:
 1073                 case CRYPTO_RIJNDAEL128_CBC:
 1074                         if ((crp->crp_etype = swcr_encdec(crd, sw,
 1075                             crp->crp_buf, type)) != 0)
 1076                                 goto done;
 1077                         break;
 1078                 case CRYPTO_NULL_CBC:
 1079                         crp->crp_etype = 0;
 1080                         break;
 1081                 case CRYPTO_MD5_HMAC:
 1082                 case CRYPTO_SHA1_HMAC:
 1083                 case CRYPTO_SHA2_HMAC:
 1084                 case CRYPTO_RIPEMD160_HMAC:
 1085                 case CRYPTO_NULL_HMAC:
 1086                 case CRYPTO_MD5_KPDK:
 1087                 case CRYPTO_SHA1_KPDK:
 1088                 case CRYPTO_MD5:
 1089                 case CRYPTO_SHA1:
 1090                         if ((crp->crp_etype = swcr_authcompute(crp, crd, sw,
 1091                             crp->crp_buf, type)) != 0)
 1092                                 goto done;
 1093                         break;
 1094 
 1095                 case CRYPTO_DEFLATE_COMP:
 1096                         if ((crp->crp_etype = swcr_compdec(crd, sw,
 1097                             crp->crp_buf, type)) != 0)
 1098                                 goto done;
 1099                         else
 1100                                 crp->crp_olen = (int)sw->sw_size;
 1101                         break;
 1102 
 1103                 default:
 1104                         /* Unknown/unsupported algorithm */
 1105                         crp->crp_etype = EINVAL;
 1106                         goto done;
 1107                 }
 1108         }
 1109 
 1110 done:
 1111         crypto_done(crp);
 1112         return 0;
 1113 }
 1114 
 1115 static void
 1116 swcr_init(void)
 1117 {
 1118         swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE);
 1119         if (swcr_id < 0) {
 1120                 /* This should never happen */
 1121                 panic("Software crypto device cannot initialize!");
 1122         }
 1123 
 1124         crypto_register(swcr_id, CRYPTO_DES_CBC,
 1125             0, 0, swcr_newsession, swcr_freesession, swcr_process, NULL);
 1126 #define REGISTER(alg) \
 1127         crypto_register(swcr_id, alg, 0, 0, NULL, NULL, NULL, NULL)
 1128 
 1129         REGISTER(CRYPTO_3DES_CBC);
 1130         REGISTER(CRYPTO_BLF_CBC);
 1131         REGISTER(CRYPTO_CAST_CBC);
 1132         REGISTER(CRYPTO_SKIPJACK_CBC);
 1133         REGISTER(CRYPTO_NULL_CBC);
 1134         REGISTER(CRYPTO_MD5_HMAC);
 1135         REGISTER(CRYPTO_SHA1_HMAC);
 1136         REGISTER(CRYPTO_SHA2_HMAC);
 1137         REGISTER(CRYPTO_RIPEMD160_HMAC);
 1138         REGISTER(CRYPTO_NULL_HMAC);
 1139         REGISTER(CRYPTO_MD5_KPDK);
 1140         REGISTER(CRYPTO_SHA1_KPDK);
 1141         REGISTER(CRYPTO_MD5);
 1142         REGISTER(CRYPTO_SHA1);
 1143         REGISTER(CRYPTO_RIJNDAEL128_CBC);
 1144         REGISTER(CRYPTO_DEFLATE_COMP);
 1145 #undef REGISTER
 1146 }
 1147 
 1148 #ifdef __FreeBSD__
 1149 SYSINIT(cryptosoft_init, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_init, NULL)
 1150 #endif
 1151 
 1152 #ifdef __NetBSD__
 1153 /*
 1154  * Pseudo-device init routine for software crypto.
 1155  */
 1156 void    swcryptoattach(int);
 1157 
 1158 void
 1159 swcryptoattach(int num)
 1160 {
 1161 
 1162         swcr_init();
 1163 }
 1164 #endif /* __NetBSD__ */

Cache object: 8fb834eb2b8bc4d6305deaee5c2d2e00


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.