1fd86ae68SMitchell Horne /*- 2fd86ae68SMitchell Horne * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3fd86ae68SMitchell Horne * 4ba610be9SJohn Baldwin * Copyright (c) 2020 Netflix, Inc 5ba610be9SJohn Baldwin * 6ba610be9SJohn Baldwin * Redistribution and use in source and binary forms, with or without 7ba610be9SJohn Baldwin * modification, are permitted provided that the following conditions 8ba610be9SJohn Baldwin * are met: 9ba610be9SJohn Baldwin * 1. Redistributions of source code must retain the above copyright 10ba610be9SJohn Baldwin * notice, this list of conditions and the following disclaimer, 11ba610be9SJohn Baldwin * without modification. 12ba610be9SJohn Baldwin * 2. Redistributions in binary form must reproduce at minimum a disclaimer 13ba610be9SJohn Baldwin * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 14ba610be9SJohn Baldwin * redistribution must be conditioned upon including a substantially 15ba610be9SJohn Baldwin * similar Disclaimer requirement for further binary redistribution. 16ba610be9SJohn Baldwin * 17ba610be9SJohn Baldwin * NO WARRANTY 18ba610be9SJohn Baldwin * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19ba610be9SJohn Baldwin * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20ba610be9SJohn Baldwin * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 21ba610be9SJohn Baldwin * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 22ba610be9SJohn Baldwin * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 23ba610be9SJohn Baldwin * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24ba610be9SJohn Baldwin * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25ba610be9SJohn Baldwin * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 26ba610be9SJohn Baldwin * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27ba610be9SJohn Baldwin * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28ba610be9SJohn Baldwin * THE POSSIBILITY OF SUCH DAMAGES. 29ba610be9SJohn Baldwin */ 30ba610be9SJohn Baldwin 31ba610be9SJohn Baldwin /* 32ba610be9SJohn Baldwin * A driver for the OpenCrypto framework which uses assembly routines 33ba610be9SJohn Baldwin * from OpenSSL. 34ba610be9SJohn Baldwin */ 35ba610be9SJohn Baldwin 36ba610be9SJohn Baldwin #include <sys/cdefs.h> 37ba610be9SJohn Baldwin __FBSDID("$FreeBSD$"); 38ba610be9SJohn Baldwin 39ba610be9SJohn Baldwin #include <sys/types.h> 40ba610be9SJohn Baldwin #include <sys/bus.h> 41ba610be9SJohn Baldwin #include <sys/kernel.h> 42ba610be9SJohn Baldwin #include <sys/malloc.h> 43ba610be9SJohn Baldwin #include <sys/module.h> 44fd86ae68SMitchell Horne 45ba610be9SJohn Baldwin #include <machine/fpu.h> 46ba610be9SJohn Baldwin 47ba610be9SJohn Baldwin #include <opencrypto/cryptodev.h> 48ba610be9SJohn Baldwin #include <opencrypto/xform_auth.h> 49ba610be9SJohn Baldwin 50ba610be9SJohn Baldwin #include <crypto/openssl/ossl.h> 51ba610be9SJohn Baldwin 52ba610be9SJohn Baldwin #include "cryptodev_if.h" 53ba610be9SJohn Baldwin 54ba610be9SJohn Baldwin struct ossl_softc { 55ba610be9SJohn Baldwin int32_t sc_cid; 56ba610be9SJohn Baldwin }; 57ba610be9SJohn Baldwin 58ba610be9SJohn Baldwin struct ossl_session_hash { 59ba610be9SJohn Baldwin struct ossl_hash_context ictx; 60ba610be9SJohn Baldwin struct ossl_hash_context octx; 61ba610be9SJohn Baldwin struct auth_hash *axf; 62ba610be9SJohn Baldwin u_int mlen; 63ba610be9SJohn Baldwin }; 64ba610be9SJohn Baldwin 65ba610be9SJohn Baldwin struct ossl_session { 66ba610be9SJohn Baldwin struct ossl_session_hash hash; 67ba610be9SJohn Baldwin }; 68ba610be9SJohn Baldwin 69ba610be9SJohn Baldwin static MALLOC_DEFINE(M_OSSL, "ossl", "OpenSSL crypto"); 70ba610be9SJohn Baldwin 71ba610be9SJohn Baldwin static void 72ba610be9SJohn Baldwin ossl_identify(driver_t *driver, device_t parent) 73ba610be9SJohn Baldwin { 74ba610be9SJohn Baldwin 75ba610be9SJohn Baldwin if (device_find_child(parent, "ossl", -1) == NULL) 76ba610be9SJohn Baldwin BUS_ADD_CHILD(parent, 10, "ossl", -1); 77ba610be9SJohn Baldwin } 78ba610be9SJohn Baldwin 79ba610be9SJohn Baldwin static int 80ba610be9SJohn Baldwin ossl_probe(device_t dev) 81ba610be9SJohn Baldwin { 82ba610be9SJohn Baldwin 83ba610be9SJohn Baldwin device_set_desc(dev, "OpenSSL crypto"); 84ba610be9SJohn Baldwin return (BUS_PROBE_DEFAULT); 85ba610be9SJohn Baldwin } 86ba610be9SJohn Baldwin 87ba610be9SJohn Baldwin static int 88ba610be9SJohn Baldwin ossl_attach(device_t dev) 89ba610be9SJohn Baldwin { 90ba610be9SJohn Baldwin struct ossl_softc *sc; 91ba610be9SJohn Baldwin 92ba610be9SJohn Baldwin sc = device_get_softc(dev); 93ba610be9SJohn Baldwin 94ba610be9SJohn Baldwin ossl_cpuid(); 95ba610be9SJohn Baldwin sc->sc_cid = crypto_get_driverid(dev, sizeof(struct ossl_session), 96ba610be9SJohn Baldwin CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC | 97ba610be9SJohn Baldwin CRYPTOCAP_F_ACCEL_SOFTWARE); 98ba610be9SJohn Baldwin if (sc->sc_cid < 0) { 99ba610be9SJohn Baldwin device_printf(dev, "failed to allocate crypto driver id\n"); 100ba610be9SJohn Baldwin return (ENXIO); 101ba610be9SJohn Baldwin } 102ba610be9SJohn Baldwin 103ba610be9SJohn Baldwin return (0); 104ba610be9SJohn Baldwin } 105ba610be9SJohn Baldwin 106ba610be9SJohn Baldwin static int 107ba610be9SJohn Baldwin ossl_detach(device_t dev) 108ba610be9SJohn Baldwin { 109ba610be9SJohn Baldwin struct ossl_softc *sc; 110ba610be9SJohn Baldwin 111ba610be9SJohn Baldwin sc = device_get_softc(dev); 112ba610be9SJohn Baldwin 113ba610be9SJohn Baldwin crypto_unregister_all(sc->sc_cid); 114ba610be9SJohn Baldwin 115ba610be9SJohn Baldwin return (0); 116ba610be9SJohn Baldwin } 117ba610be9SJohn Baldwin 118ba610be9SJohn Baldwin static struct auth_hash * 119ba610be9SJohn Baldwin ossl_lookup_hash(const struct crypto_session_params *csp) 120ba610be9SJohn Baldwin { 121ba610be9SJohn Baldwin 122ba610be9SJohn Baldwin switch (csp->csp_auth_alg) { 123ba610be9SJohn Baldwin case CRYPTO_SHA1: 124ba610be9SJohn Baldwin case CRYPTO_SHA1_HMAC: 125ba610be9SJohn Baldwin return (&ossl_hash_sha1); 126ba610be9SJohn Baldwin case CRYPTO_SHA2_224: 127ba610be9SJohn Baldwin case CRYPTO_SHA2_224_HMAC: 128ba610be9SJohn Baldwin return (&ossl_hash_sha224); 129ba610be9SJohn Baldwin case CRYPTO_SHA2_256: 130ba610be9SJohn Baldwin case CRYPTO_SHA2_256_HMAC: 131ba610be9SJohn Baldwin return (&ossl_hash_sha256); 132ba610be9SJohn Baldwin case CRYPTO_SHA2_384: 133ba610be9SJohn Baldwin case CRYPTO_SHA2_384_HMAC: 134ba610be9SJohn Baldwin return (&ossl_hash_sha384); 135ba610be9SJohn Baldwin case CRYPTO_SHA2_512: 136ba610be9SJohn Baldwin case CRYPTO_SHA2_512_HMAC: 137ba610be9SJohn Baldwin return (&ossl_hash_sha512); 138ba610be9SJohn Baldwin default: 139ba610be9SJohn Baldwin return (NULL); 140ba610be9SJohn Baldwin } 141ba610be9SJohn Baldwin } 142ba610be9SJohn Baldwin 143ba610be9SJohn Baldwin static int 144ba610be9SJohn Baldwin ossl_probesession(device_t dev, const struct crypto_session_params *csp) 145ba610be9SJohn Baldwin { 146ba610be9SJohn Baldwin 147ba610be9SJohn Baldwin if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != 148ba610be9SJohn Baldwin 0) 149ba610be9SJohn Baldwin return (EINVAL); 150ba610be9SJohn Baldwin switch (csp->csp_mode) { 151ba610be9SJohn Baldwin case CSP_MODE_DIGEST: 152ba610be9SJohn Baldwin if (ossl_lookup_hash(csp) == NULL) 153ba610be9SJohn Baldwin return (EINVAL); 154ba610be9SJohn Baldwin break; 155ba610be9SJohn Baldwin default: 156ba610be9SJohn Baldwin return (EINVAL); 157ba610be9SJohn Baldwin } 158ba610be9SJohn Baldwin 159ba610be9SJohn Baldwin return (CRYPTODEV_PROBE_ACCEL_SOFTWARE); 160ba610be9SJohn Baldwin } 161ba610be9SJohn Baldwin 162ba610be9SJohn Baldwin static void 163ba610be9SJohn Baldwin ossl_setkey_hmac(struct ossl_session *s, const void *key, int klen) 164ba610be9SJohn Baldwin { 165ba610be9SJohn Baldwin 166ba610be9SJohn Baldwin hmac_init_ipad(s->hash.axf, key, klen, &s->hash.ictx); 167ba610be9SJohn Baldwin hmac_init_opad(s->hash.axf, key, klen, &s->hash.octx); 168ba610be9SJohn Baldwin } 169ba610be9SJohn Baldwin 170ba610be9SJohn Baldwin static int 171ba610be9SJohn Baldwin ossl_newsession(device_t dev, crypto_session_t cses, 172ba610be9SJohn Baldwin const struct crypto_session_params *csp) 173ba610be9SJohn Baldwin { 174ba610be9SJohn Baldwin struct ossl_session *s; 175ba610be9SJohn Baldwin struct auth_hash *axf; 176ba610be9SJohn Baldwin 177ba610be9SJohn Baldwin s = crypto_get_driver_session(cses); 178ba610be9SJohn Baldwin 179ba610be9SJohn Baldwin axf = ossl_lookup_hash(csp); 180ba610be9SJohn Baldwin s->hash.axf = axf; 181ba610be9SJohn Baldwin if (csp->csp_auth_mlen == 0) 182ba610be9SJohn Baldwin s->hash.mlen = axf->hashsize; 183ba610be9SJohn Baldwin else 184ba610be9SJohn Baldwin s->hash.mlen = csp->csp_auth_mlen; 185ba610be9SJohn Baldwin 186ba610be9SJohn Baldwin if (csp->csp_auth_klen == 0) { 187ba610be9SJohn Baldwin axf->Init(&s->hash.ictx); 188ba610be9SJohn Baldwin } else { 189ba610be9SJohn Baldwin if (csp->csp_auth_key != NULL) { 190ba610be9SJohn Baldwin fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); 191ba610be9SJohn Baldwin ossl_setkey_hmac(s, csp->csp_auth_key, 192ba610be9SJohn Baldwin csp->csp_auth_klen); 193ba610be9SJohn Baldwin fpu_kern_leave(curthread, NULL); 194ba610be9SJohn Baldwin } 195ba610be9SJohn Baldwin } 196ba610be9SJohn Baldwin return (0); 197ba610be9SJohn Baldwin } 198ba610be9SJohn Baldwin 199ba610be9SJohn Baldwin static int 200ba610be9SJohn Baldwin ossl_process(device_t dev, struct cryptop *crp, int hint) 201ba610be9SJohn Baldwin { 202ba610be9SJohn Baldwin struct ossl_hash_context ctx; 203ba610be9SJohn Baldwin char digest[HASH_MAX_LEN]; 204ba610be9SJohn Baldwin const struct crypto_session_params *csp; 205ba610be9SJohn Baldwin struct ossl_session *s; 206ba610be9SJohn Baldwin struct auth_hash *axf; 207ba610be9SJohn Baldwin int error; 208ba610be9SJohn Baldwin bool fpu_entered; 209ba610be9SJohn Baldwin 210ba610be9SJohn Baldwin s = crypto_get_driver_session(crp->crp_session); 211ba610be9SJohn Baldwin csp = crypto_get_params(crp->crp_session); 212ba610be9SJohn Baldwin axf = s->hash.axf; 213ba610be9SJohn Baldwin 214ba610be9SJohn Baldwin if (is_fpu_kern_thread(0)) { 215ba610be9SJohn Baldwin fpu_entered = false; 216ba610be9SJohn Baldwin } else { 217ba610be9SJohn Baldwin fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); 218ba610be9SJohn Baldwin fpu_entered = true; 219ba610be9SJohn Baldwin } 220ba610be9SJohn Baldwin 221ba610be9SJohn Baldwin if (crp->crp_auth_key != NULL) 222ba610be9SJohn Baldwin ossl_setkey_hmac(s, crp->crp_auth_key, csp->csp_auth_klen); 223ba610be9SJohn Baldwin 224ba610be9SJohn Baldwin ctx = s->hash.ictx; 225ba610be9SJohn Baldwin 226ba610be9SJohn Baldwin if (crp->crp_aad != NULL) 227ba610be9SJohn Baldwin error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); 228ba610be9SJohn Baldwin else 229ba610be9SJohn Baldwin error = crypto_apply(crp, crp->crp_aad_start, 230ba610be9SJohn Baldwin crp->crp_aad_length, axf->Update, &ctx); 231ba610be9SJohn Baldwin if (error) 232ba610be9SJohn Baldwin goto out; 233ba610be9SJohn Baldwin 234ba610be9SJohn Baldwin error = crypto_apply(crp, crp->crp_payload_start, 235ba610be9SJohn Baldwin crp->crp_payload_length, axf->Update, &ctx); 236ba610be9SJohn Baldwin if (error) 237ba610be9SJohn Baldwin goto out; 238ba610be9SJohn Baldwin 239ba610be9SJohn Baldwin axf->Final(digest, &ctx); 240ba610be9SJohn Baldwin 241ba610be9SJohn Baldwin if (csp->csp_auth_klen != 0) { 242ba610be9SJohn Baldwin ctx = s->hash.octx; 243ba610be9SJohn Baldwin axf->Update(&ctx, digest, axf->hashsize); 244ba610be9SJohn Baldwin axf->Final(digest, &ctx); 245ba610be9SJohn Baldwin } 246ba610be9SJohn Baldwin 247ba610be9SJohn Baldwin if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 248ba610be9SJohn Baldwin char digest2[HASH_MAX_LEN]; 249ba610be9SJohn Baldwin 250ba610be9SJohn Baldwin crypto_copydata(crp, crp->crp_digest_start, s->hash.mlen, 251ba610be9SJohn Baldwin digest2); 252ba610be9SJohn Baldwin if (timingsafe_bcmp(digest, digest2, s->hash.mlen) != 0) 253ba610be9SJohn Baldwin error = EBADMSG; 254ba610be9SJohn Baldwin explicit_bzero(digest2, sizeof(digest2)); 255ba610be9SJohn Baldwin } else { 256ba610be9SJohn Baldwin crypto_copyback(crp, crp->crp_digest_start, s->hash.mlen, 257ba610be9SJohn Baldwin digest); 258ba610be9SJohn Baldwin } 259ba610be9SJohn Baldwin explicit_bzero(digest, sizeof(digest)); 260ba610be9SJohn Baldwin 261ba610be9SJohn Baldwin out: 262ba610be9SJohn Baldwin if (fpu_entered) 263ba610be9SJohn Baldwin fpu_kern_leave(curthread, NULL); 264ba610be9SJohn Baldwin 265ba610be9SJohn Baldwin crp->crp_etype = error; 266ba610be9SJohn Baldwin crypto_done(crp); 267ba610be9SJohn Baldwin 268ba610be9SJohn Baldwin explicit_bzero(&ctx, sizeof(ctx)); 269ba610be9SJohn Baldwin return (0); 270ba610be9SJohn Baldwin } 271ba610be9SJohn Baldwin 272ba610be9SJohn Baldwin static device_method_t ossl_methods[] = { 273ba610be9SJohn Baldwin DEVMETHOD(device_identify, ossl_identify), 274ba610be9SJohn Baldwin DEVMETHOD(device_probe, ossl_probe), 275ba610be9SJohn Baldwin DEVMETHOD(device_attach, ossl_attach), 276ba610be9SJohn Baldwin DEVMETHOD(device_detach, ossl_detach), 277ba610be9SJohn Baldwin 278ba610be9SJohn Baldwin DEVMETHOD(cryptodev_probesession, ossl_probesession), 279ba610be9SJohn Baldwin DEVMETHOD(cryptodev_newsession, ossl_newsession), 280ba610be9SJohn Baldwin DEVMETHOD(cryptodev_process, ossl_process), 281ba610be9SJohn Baldwin 282ba610be9SJohn Baldwin DEVMETHOD_END 283ba610be9SJohn Baldwin }; 284ba610be9SJohn Baldwin 285ba610be9SJohn Baldwin static driver_t ossl_driver = { 286ba610be9SJohn Baldwin "ossl", 287ba610be9SJohn Baldwin ossl_methods, 288ba610be9SJohn Baldwin sizeof(struct ossl_softc) 289ba610be9SJohn Baldwin }; 290ba610be9SJohn Baldwin 291ba610be9SJohn Baldwin static devclass_t ossl_devclass; 292ba610be9SJohn Baldwin 293ba610be9SJohn Baldwin DRIVER_MODULE(ossl, nexus, ossl_driver, ossl_devclass, NULL, NULL); 294ba610be9SJohn Baldwin MODULE_VERSION(ossl, 1); 295ba610be9SJohn Baldwin MODULE_DEPEND(ossl, crypto, 1, 1, 1); 296