1 /* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3 /*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. The name of the author may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * Effort sponsored in part by the Defense Advanced Research Projects 37 * Agency (DARPA) and Air Force Research Laboratory, Air Force 38 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 39 */ 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/sysctl.h> 51 #include <sys/file.h> 52 #include <sys/filedesc.h> 53 #include <sys/errno.h> 54 #include <sys/random.h> 55 #include <sys/conf.h> 56 #include <sys/kernel.h> 57 #include <sys/module.h> 58 #include <sys/fcntl.h> 59 #include <sys/bus.h> 60 #include <sys/user.h> 61 #include <sys/sdt.h> 62 63 #include <opencrypto/cryptodev.h> 64 #include <opencrypto/xform.h> 65 66 SDT_PROVIDER_DECLARE(opencrypto); 67 68 SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 69 70 #ifdef COMPAT_FREEBSD32 71 #include <sys/mount.h> 72 #include <compat/freebsd32/freebsd32.h> 73 74 struct session_op32 { 75 u_int32_t cipher; 76 u_int32_t mac; 77 u_int32_t keylen; 78 u_int32_t key; 79 int mackeylen; 80 u_int32_t mackey; 81 u_int32_t ses; 82 }; 83 84 struct session2_op32 { 85 u_int32_t cipher; 86 u_int32_t mac; 87 u_int32_t keylen; 88 u_int32_t key; 89 int mackeylen; 90 u_int32_t mackey; 91 u_int32_t ses; 92 int crid; 93 int pad[4]; 94 }; 95 96 struct crypt_op32 { 97 u_int32_t ses; 98 u_int16_t op; 99 u_int16_t flags; 100 u_int len; 101 u_int32_t src, dst; 102 u_int32_t mac; 103 u_int32_t iv; 104 }; 105 106 struct crparam32 { 107 u_int32_t crp_p; 108 u_int crp_nbits; 109 }; 110 111 struct crypt_kop32 { 112 u_int crk_op; 113 u_int crk_status; 114 u_short crk_iparams; 115 u_short crk_oparams; 116 u_int crk_crid; 117 struct crparam32 crk_param[CRK_MAXPARAM]; 118 }; 119 120 struct cryptotstat32 { 121 struct timespec32 acc; 122 struct timespec32 min; 123 struct timespec32 max; 124 u_int32_t count; 125 }; 126 127 struct cryptostats32 { 128 u_int32_t cs_ops; 129 u_int32_t cs_errs; 130 u_int32_t cs_kops; 131 u_int32_t cs_kerrs; 132 u_int32_t cs_intrs; 133 u_int32_t cs_rets; 134 u_int32_t cs_blocks; 135 u_int32_t cs_kblocks; 136 struct cryptotstat32 cs_invoke; 137 struct cryptotstat32 cs_done; 138 struct cryptotstat32 cs_cb; 139 struct cryptotstat32 cs_finis; 140 }; 141 142 #define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 143 #define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 144 #define CIOCKEY32 _IOWR('c', 104, struct crypt_kop32) 145 #define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 146 #define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32) 147 148 static void 149 session_op_from_32(const struct session_op32 *from, struct session_op *to) 150 { 151 152 CP(*from, *to, cipher); 153 CP(*from, *to, mac); 154 CP(*from, *to, keylen); 155 PTRIN_CP(*from, *to, key); 156 CP(*from, *to, mackeylen); 157 PTRIN_CP(*from, *to, mackey); 158 CP(*from, *to, ses); 159 } 160 161 static void 162 session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 163 { 164 165 session_op_from_32((const struct session_op32 *)from, 166 (struct session_op *)to); 167 CP(*from, *to, crid); 168 } 169 170 static void 171 session_op_to_32(const struct session_op *from, struct session_op32 *to) 172 { 173 174 CP(*from, *to, cipher); 175 CP(*from, *to, mac); 176 CP(*from, *to, keylen); 177 PTROUT_CP(*from, *to, key); 178 CP(*from, *to, mackeylen); 179 PTROUT_CP(*from, *to, mackey); 180 CP(*from, *to, ses); 181 } 182 183 static void 184 session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 185 { 186 187 session_op_to_32((const struct session_op *)from, 188 (struct session_op32 *)to); 189 CP(*from, *to, crid); 190 } 191 192 static void 193 crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 194 { 195 196 CP(*from, *to, ses); 197 CP(*from, *to, op); 198 CP(*from, *to, flags); 199 CP(*from, *to, len); 200 PTRIN_CP(*from, *to, src); 201 PTRIN_CP(*from, *to, dst); 202 PTRIN_CP(*from, *to, mac); 203 PTRIN_CP(*from, *to, iv); 204 } 205 206 static void 207 crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 208 { 209 210 CP(*from, *to, ses); 211 CP(*from, *to, op); 212 CP(*from, *to, flags); 213 CP(*from, *to, len); 214 PTROUT_CP(*from, *to, src); 215 PTROUT_CP(*from, *to, dst); 216 PTROUT_CP(*from, *to, mac); 217 PTROUT_CP(*from, *to, iv); 218 } 219 220 static void 221 crparam_from_32(const struct crparam32 *from, struct crparam *to) 222 { 223 224 PTRIN_CP(*from, *to, crp_p); 225 CP(*from, *to, crp_nbits); 226 } 227 228 static void 229 crparam_to_32(const struct crparam *from, struct crparam32 *to) 230 { 231 232 PTROUT_CP(*from, *to, crp_p); 233 CP(*from, *to, crp_nbits); 234 } 235 236 static void 237 crypt_kop_from_32(const struct crypt_kop32 *from, struct crypt_kop *to) 238 { 239 int i; 240 241 CP(*from, *to, crk_op); 242 CP(*from, *to, crk_status); 243 CP(*from, *to, crk_iparams); 244 CP(*from, *to, crk_oparams); 245 CP(*from, *to, crk_crid); 246 for (i = 0; i < CRK_MAXPARAM; i++) 247 crparam_from_32(&from->crk_param[i], &to->crk_param[i]); 248 } 249 250 static void 251 crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) 252 { 253 int i; 254 255 CP(*from, *to, crk_op); 256 CP(*from, *to, crk_status); 257 CP(*from, *to, crk_iparams); 258 CP(*from, *to, crk_oparams); 259 CP(*from, *to, crk_crid); 260 for (i = 0; i < CRK_MAXPARAM; i++) 261 crparam_to_32(&from->crk_param[i], &to->crk_param[i]); 262 } 263 #endif 264 265 struct csession { 266 TAILQ_ENTRY(csession) next; 267 crypto_session_t cses; 268 volatile u_int refs; 269 u_int32_t ses; 270 struct mtx lock; /* for op submission */ 271 272 struct enc_xform *txform; 273 int hashsize; 274 int ivsize; 275 int mode; 276 277 void *key; 278 void *mackey; 279 }; 280 281 struct cryptop_data { 282 struct csession *cse; 283 284 char *buf; 285 char *obuf; 286 bool done; 287 }; 288 289 struct fcrypt { 290 TAILQ_HEAD(csessionlist, csession) csessions; 291 int sesn; 292 struct mtx lock; 293 }; 294 295 static bool use_outputbuffers; 296 SYSCTL_BOOL(_kern_crypto, OID_AUTO, cryptodev_use_output, CTLFLAG_RW, 297 &use_outputbuffers, 0, 298 "Use separate output buffers for /dev/crypto requests."); 299 300 static int cryptof_ioctl(struct file *, u_long, void *, 301 struct ucred *, struct thread *); 302 static int cryptof_stat(struct file *, struct stat *, 303 struct ucred *, struct thread *); 304 static int cryptof_close(struct file *, struct thread *); 305 static int cryptof_fill_kinfo(struct file *, struct kinfo_file *, 306 struct filedesc *); 307 308 static struct fileops cryptofops = { 309 .fo_read = invfo_rdwr, 310 .fo_write = invfo_rdwr, 311 .fo_truncate = invfo_truncate, 312 .fo_ioctl = cryptof_ioctl, 313 .fo_poll = invfo_poll, 314 .fo_kqfilter = invfo_kqfilter, 315 .fo_stat = cryptof_stat, 316 .fo_close = cryptof_close, 317 .fo_chmod = invfo_chmod, 318 .fo_chown = invfo_chown, 319 .fo_sendfile = invfo_sendfile, 320 .fo_fill_kinfo = cryptof_fill_kinfo, 321 }; 322 323 static struct csession *csefind(struct fcrypt *, u_int); 324 static bool csedelete(struct fcrypt *, u_int); 325 static struct csession *csecreate(struct fcrypt *, crypto_session_t, 326 struct crypto_session_params *, struct enc_xform *, void *, 327 struct auth_hash *, void *); 328 static void csefree(struct csession *); 329 330 static int cryptodev_op(struct csession *, struct crypt_op *, 331 struct ucred *, struct thread *td); 332 static int cryptodev_aead(struct csession *, struct crypt_aead *, 333 struct ucred *, struct thread *); 334 static int cryptodev_key(struct crypt_kop *); 335 static int cryptodev_find(struct crypt_find_op *); 336 337 /* 338 * Check a crypto identifier to see if it requested 339 * a software device/driver. This can be done either 340 * by device name/class or through search constraints. 341 */ 342 static int 343 checkforsoftware(int *cridp) 344 { 345 int crid; 346 347 crid = *cridp; 348 349 if (!crypto_devallowsoft) { 350 if (crid & CRYPTOCAP_F_SOFTWARE) { 351 if (crid & CRYPTOCAP_F_HARDWARE) { 352 *cridp = CRYPTOCAP_F_HARDWARE; 353 return 0; 354 } 355 return EINVAL; 356 } 357 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 358 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 359 return EINVAL; 360 } 361 return 0; 362 } 363 364 /* ARGSUSED */ 365 static int 366 cryptof_ioctl( 367 struct file *fp, 368 u_long cmd, 369 void *data, 370 struct ucred *active_cred, 371 struct thread *td) 372 { 373 #define SES2(p) ((struct session2_op *)p) 374 struct crypto_session_params csp; 375 struct fcrypt *fcr = fp->f_data; 376 struct csession *cse; 377 struct session_op *sop; 378 struct crypt_op *cop; 379 struct crypt_aead *caead; 380 struct enc_xform *txform = NULL; 381 struct auth_hash *thash = NULL; 382 void *key = NULL; 383 void *mackey = NULL; 384 struct crypt_kop *kop; 385 crypto_session_t cses; 386 u_int32_t ses; 387 int error = 0, crid; 388 #ifdef COMPAT_FREEBSD32 389 struct session2_op sopc; 390 struct crypt_op copc; 391 struct crypt_kop kopc; 392 #endif 393 394 switch (cmd) { 395 case CIOCGSESSION: 396 case CIOCGSESSION2: 397 #ifdef COMPAT_FREEBSD32 398 case CIOCGSESSION32: 399 case CIOCGSESSION232: 400 if (cmd == CIOCGSESSION32) { 401 session_op_from_32(data, (struct session_op *)&sopc); 402 sop = (struct session_op *)&sopc; 403 } else if (cmd == CIOCGSESSION232) { 404 session2_op_from_32(data, &sopc); 405 sop = (struct session_op *)&sopc; 406 } else 407 #endif 408 sop = (struct session_op *)data; 409 switch (sop->cipher) { 410 case 0: 411 break; 412 case CRYPTO_AES_CBC: 413 txform = &enc_xform_rijndael128; 414 break; 415 case CRYPTO_AES_XTS: 416 txform = &enc_xform_aes_xts; 417 break; 418 case CRYPTO_NULL_CBC: 419 txform = &enc_xform_null; 420 break; 421 case CRYPTO_CAMELLIA_CBC: 422 txform = &enc_xform_camellia; 423 break; 424 case CRYPTO_AES_ICM: 425 txform = &enc_xform_aes_icm; 426 break; 427 case CRYPTO_AES_NIST_GCM_16: 428 txform = &enc_xform_aes_nist_gcm; 429 break; 430 case CRYPTO_CHACHA20: 431 txform = &enc_xform_chacha20; 432 break; 433 case CRYPTO_AES_CCM_16: 434 txform = &enc_xform_ccm; 435 break; 436 437 default: 438 CRYPTDEB("invalid cipher"); 439 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 440 return (EINVAL); 441 } 442 443 switch (sop->mac) { 444 case 0: 445 break; 446 case CRYPTO_POLY1305: 447 thash = &auth_hash_poly1305; 448 break; 449 case CRYPTO_SHA1_HMAC: 450 thash = &auth_hash_hmac_sha1; 451 break; 452 case CRYPTO_SHA2_224_HMAC: 453 thash = &auth_hash_hmac_sha2_224; 454 break; 455 case CRYPTO_SHA2_256_HMAC: 456 thash = &auth_hash_hmac_sha2_256; 457 break; 458 case CRYPTO_SHA2_384_HMAC: 459 thash = &auth_hash_hmac_sha2_384; 460 break; 461 case CRYPTO_SHA2_512_HMAC: 462 thash = &auth_hash_hmac_sha2_512; 463 break; 464 case CRYPTO_RIPEMD160_HMAC: 465 thash = &auth_hash_hmac_ripemd_160; 466 break; 467 #ifdef COMPAT_FREEBSD12 468 case CRYPTO_AES_128_NIST_GMAC: 469 case CRYPTO_AES_192_NIST_GMAC: 470 case CRYPTO_AES_256_NIST_GMAC: 471 /* Should always be paired with GCM. */ 472 if (sop->cipher != CRYPTO_AES_NIST_GCM_16) { 473 CRYPTDEB("GMAC without GCM"); 474 SDT_PROBE1(opencrypto, dev, ioctl, error, 475 __LINE__); 476 return (EINVAL); 477 } 478 break; 479 #endif 480 case CRYPTO_AES_NIST_GMAC: 481 switch (sop->mackeylen * 8) { 482 case 128: 483 thash = &auth_hash_nist_gmac_aes_128; 484 break; 485 case 192: 486 thash = &auth_hash_nist_gmac_aes_192; 487 break; 488 case 256: 489 thash = &auth_hash_nist_gmac_aes_256; 490 break; 491 default: 492 CRYPTDEB("invalid GMAC key length"); 493 SDT_PROBE1(opencrypto, dev, ioctl, error, 494 __LINE__); 495 return (EINVAL); 496 } 497 break; 498 case CRYPTO_AES_CCM_CBC_MAC: 499 switch (sop->mackeylen) { 500 case 16: 501 thash = &auth_hash_ccm_cbc_mac_128; 502 break; 503 case 24: 504 thash = &auth_hash_ccm_cbc_mac_192; 505 break; 506 case 32: 507 thash = &auth_hash_ccm_cbc_mac_256; 508 break; 509 default: 510 CRYPTDEB("Invalid CBC MAC key size %d", 511 sop->keylen); 512 SDT_PROBE1(opencrypto, dev, ioctl, 513 error, __LINE__); 514 return (EINVAL); 515 } 516 break; 517 case CRYPTO_SHA1: 518 thash = &auth_hash_sha1; 519 break; 520 case CRYPTO_SHA2_224: 521 thash = &auth_hash_sha2_224; 522 break; 523 case CRYPTO_SHA2_256: 524 thash = &auth_hash_sha2_256; 525 break; 526 case CRYPTO_SHA2_384: 527 thash = &auth_hash_sha2_384; 528 break; 529 case CRYPTO_SHA2_512: 530 thash = &auth_hash_sha2_512; 531 break; 532 533 case CRYPTO_NULL_HMAC: 534 thash = &auth_hash_null; 535 break; 536 537 case CRYPTO_BLAKE2B: 538 thash = &auth_hash_blake2b; 539 break; 540 case CRYPTO_BLAKE2S: 541 thash = &auth_hash_blake2s; 542 break; 543 544 default: 545 CRYPTDEB("invalid mac"); 546 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 547 return (EINVAL); 548 } 549 550 if (txform == NULL && thash == NULL) { 551 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 552 return (EINVAL); 553 } 554 555 memset(&csp, 0, sizeof(csp)); 556 if (use_outputbuffers) 557 csp.csp_flags |= CSP_F_SEPARATE_OUTPUT; 558 559 if (sop->cipher == CRYPTO_AES_NIST_GCM_16) { 560 switch (sop->mac) { 561 #ifdef COMPAT_FREEBSD12 562 case CRYPTO_AES_128_NIST_GMAC: 563 case CRYPTO_AES_192_NIST_GMAC: 564 case CRYPTO_AES_256_NIST_GMAC: 565 if (sop->keylen != sop->mackeylen) { 566 SDT_PROBE1(opencrypto, dev, ioctl, 567 error, __LINE__); 568 return (EINVAL); 569 } 570 break; 571 #endif 572 case 0: 573 break; 574 default: 575 SDT_PROBE1(opencrypto, dev, ioctl, error, 576 __LINE__); 577 return (EINVAL); 578 } 579 csp.csp_mode = CSP_MODE_AEAD; 580 } else if (sop->cipher == CRYPTO_AES_CCM_16) { 581 switch (sop->mac) { 582 #ifdef COMPAT_FREEBSD12 583 case CRYPTO_AES_CCM_CBC_MAC: 584 if (sop->keylen != sop->mackeylen) { 585 SDT_PROBE1(opencrypto, dev, ioctl, 586 error, __LINE__); 587 return (EINVAL); 588 } 589 thash = NULL; 590 break; 591 #endif 592 case 0: 593 break; 594 default: 595 SDT_PROBE1(opencrypto, dev, ioctl, error, 596 __LINE__); 597 return (EINVAL); 598 } 599 csp.csp_mode = CSP_MODE_AEAD; 600 } else if (txform && thash) 601 csp.csp_mode = CSP_MODE_ETA; 602 else if (txform) 603 csp.csp_mode = CSP_MODE_CIPHER; 604 else 605 csp.csp_mode = CSP_MODE_DIGEST; 606 607 if (txform) { 608 csp.csp_cipher_alg = txform->type; 609 csp.csp_cipher_klen = sop->keylen; 610 if (sop->keylen > txform->maxkey || 611 sop->keylen < txform->minkey) { 612 CRYPTDEB("invalid cipher parameters"); 613 error = EINVAL; 614 SDT_PROBE1(opencrypto, dev, ioctl, error, 615 __LINE__); 616 goto bail; 617 } 618 619 key = malloc(csp.csp_cipher_klen, M_XDATA, M_WAITOK); 620 error = copyin(sop->key, key, csp.csp_cipher_klen); 621 if (error) { 622 CRYPTDEB("invalid key"); 623 SDT_PROBE1(opencrypto, dev, ioctl, error, 624 __LINE__); 625 goto bail; 626 } 627 csp.csp_cipher_key = key; 628 csp.csp_ivlen = txform->ivsize; 629 } 630 631 if (thash) { 632 csp.csp_auth_alg = thash->type; 633 csp.csp_auth_klen = sop->mackeylen; 634 if (sop->mackeylen > thash->keysize || 635 sop->mackeylen < 0) { 636 CRYPTDEB("invalid mac key length"); 637 error = EINVAL; 638 SDT_PROBE1(opencrypto, dev, ioctl, error, 639 __LINE__); 640 goto bail; 641 } 642 643 if (csp.csp_auth_klen) { 644 mackey = malloc(csp.csp_auth_klen, M_XDATA, 645 M_WAITOK); 646 error = copyin(sop->mackey, mackey, 647 csp.csp_auth_klen); 648 if (error) { 649 CRYPTDEB("invalid mac key"); 650 SDT_PROBE1(opencrypto, dev, ioctl, 651 error, __LINE__); 652 goto bail; 653 } 654 csp.csp_auth_key = mackey; 655 } 656 657 if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC) 658 csp.csp_ivlen = AES_GCM_IV_LEN; 659 if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC) 660 csp.csp_ivlen = AES_CCM_IV_LEN; 661 } 662 663 /* NB: CIOCGSESSION2 has the crid */ 664 if (cmd == CIOCGSESSION2 665 #ifdef COMPAT_FREEBSD32 666 || cmd == CIOCGSESSION232 667 #endif 668 ) { 669 crid = SES2(sop)->crid; 670 error = checkforsoftware(&crid); 671 if (error) { 672 CRYPTDEB("checkforsoftware"); 673 SDT_PROBE1(opencrypto, dev, ioctl, error, 674 __LINE__); 675 goto bail; 676 } 677 } else 678 crid = CRYPTOCAP_F_HARDWARE; 679 error = crypto_newsession(&cses, &csp, crid); 680 if (error) { 681 CRYPTDEB("crypto_newsession"); 682 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 683 goto bail; 684 } 685 686 cse = csecreate(fcr, cses, &csp, txform, key, thash, mackey); 687 688 if (cse == NULL) { 689 crypto_freesession(cses); 690 error = EINVAL; 691 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 692 CRYPTDEB("csecreate"); 693 goto bail; 694 } 695 sop->ses = cse->ses; 696 if (cmd == CIOCGSESSION2 697 #ifdef COMPAT_FREEBSD32 698 || cmd == CIOCGSESSION232 699 #endif 700 ) { 701 /* return hardware/driver id */ 702 SES2(sop)->crid = crypto_ses2hid(cse->cses); 703 } 704 bail: 705 if (error) { 706 free(key, M_XDATA); 707 free(mackey, M_XDATA); 708 } 709 #ifdef COMPAT_FREEBSD32 710 else { 711 if (cmd == CIOCGSESSION32) 712 session_op_to_32(sop, data); 713 else if (cmd == CIOCGSESSION232) 714 session2_op_to_32((struct session2_op *)sop, 715 data); 716 } 717 #endif 718 break; 719 case CIOCFSESSION: 720 ses = *(u_int32_t *)data; 721 if (!csedelete(fcr, ses)) { 722 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 723 return (EINVAL); 724 } 725 break; 726 case CIOCCRYPT: 727 #ifdef COMPAT_FREEBSD32 728 case CIOCCRYPT32: 729 if (cmd == CIOCCRYPT32) { 730 cop = &copc; 731 crypt_op_from_32(data, cop); 732 } else 733 #endif 734 cop = (struct crypt_op *)data; 735 cse = csefind(fcr, cop->ses); 736 if (cse == NULL) { 737 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 738 return (EINVAL); 739 } 740 error = cryptodev_op(cse, cop, active_cred, td); 741 csefree(cse); 742 #ifdef COMPAT_FREEBSD32 743 if (error == 0 && cmd == CIOCCRYPT32) 744 crypt_op_to_32(cop, data); 745 #endif 746 break; 747 case CIOCKEY: 748 case CIOCKEY2: 749 #ifdef COMPAT_FREEBSD32 750 case CIOCKEY32: 751 case CIOCKEY232: 752 #endif 753 if (!crypto_userasymcrypto) { 754 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 755 return (EPERM); /* XXX compat? */ 756 } 757 #ifdef COMPAT_FREEBSD32 758 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { 759 kop = &kopc; 760 crypt_kop_from_32(data, kop); 761 } else 762 #endif 763 kop = (struct crypt_kop *)data; 764 if (cmd == CIOCKEY 765 #ifdef COMPAT_FREEBSD32 766 || cmd == CIOCKEY32 767 #endif 768 ) { 769 /* NB: crypto core enforces s/w driver use */ 770 kop->crk_crid = 771 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; 772 } 773 mtx_lock(&Giant); 774 error = cryptodev_key(kop); 775 mtx_unlock(&Giant); 776 #ifdef COMPAT_FREEBSD32 777 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) 778 crypt_kop_to_32(kop, data); 779 #endif 780 break; 781 case CIOCASYMFEAT: 782 if (!crypto_userasymcrypto) { 783 /* 784 * NB: if user asym crypto operations are 785 * not permitted return "no algorithms" 786 * so well-behaved applications will just 787 * fallback to doing them in software. 788 */ 789 *(int *)data = 0; 790 } else { 791 error = crypto_getfeat((int *)data); 792 if (error) 793 SDT_PROBE1(opencrypto, dev, ioctl, error, 794 __LINE__); 795 } 796 break; 797 case CIOCFINDDEV: 798 error = cryptodev_find((struct crypt_find_op *)data); 799 break; 800 case CIOCCRYPTAEAD: 801 caead = (struct crypt_aead *)data; 802 cse = csefind(fcr, caead->ses); 803 if (cse == NULL) { 804 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 805 return (EINVAL); 806 } 807 error = cryptodev_aead(cse, caead, active_cred, td); 808 csefree(cse); 809 break; 810 default: 811 error = EINVAL; 812 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 813 break; 814 } 815 return (error); 816 #undef SES2 817 } 818 819 static int cryptodev_cb(struct cryptop *); 820 821 static struct cryptop_data * 822 cod_alloc(struct csession *cse, size_t len, struct thread *td) 823 { 824 struct cryptop_data *cod; 825 826 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 827 828 cod->cse = cse; 829 cod->buf = malloc(len, M_XDATA, M_WAITOK); 830 if (crypto_get_params(cse->cses)->csp_flags & CSP_F_SEPARATE_OUTPUT) 831 cod->obuf = malloc(len, M_XDATA, M_WAITOK); 832 return (cod); 833 } 834 835 static void 836 cod_free(struct cryptop_data *cod) 837 { 838 839 free(cod->obuf, M_XDATA); 840 free(cod->buf, M_XDATA); 841 free(cod, M_XDATA); 842 } 843 844 static int 845 cryptodev_op( 846 struct csession *cse, 847 struct crypt_op *cop, 848 struct ucred *active_cred, 849 struct thread *td) 850 { 851 struct cryptop_data *cod = NULL; 852 struct cryptop *crp = NULL; 853 int error; 854 855 if (cop->len > 256*1024-4) { 856 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 857 return (E2BIG); 858 } 859 860 if (cse->txform) { 861 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { 862 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 863 return (EINVAL); 864 } 865 } 866 867 if (cop->mac && cse->hashsize == 0) { 868 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 869 return (EINVAL); 870 } 871 872 /* 873 * The COP_F_CIPHER_FIRST flag predates explicit session 874 * modes, but the only way it was used was for EtA so allow it 875 * as long as it is consistent with EtA. 876 */ 877 if (cop->flags & COP_F_CIPHER_FIRST) { 878 if (cop->op != COP_ENCRYPT) { 879 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 880 return (EINVAL); 881 } 882 } 883 884 cod = cod_alloc(cse, cop->len + cse->hashsize, td); 885 886 crp = crypto_getreq(cse->cses, M_WAITOK); 887 888 error = copyin(cop->src, cod->buf, cop->len); 889 if (error) { 890 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 891 goto bail; 892 } 893 crp->crp_payload_start = 0; 894 crp->crp_payload_length = cop->len; 895 if (cse->hashsize) 896 crp->crp_digest_start = cop->len; 897 898 switch (cse->mode) { 899 case CSP_MODE_COMPRESS: 900 switch (cop->op) { 901 case COP_ENCRYPT: 902 crp->crp_op = CRYPTO_OP_COMPRESS; 903 break; 904 case COP_DECRYPT: 905 crp->crp_op = CRYPTO_OP_DECOMPRESS; 906 break; 907 default: 908 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 909 error = EINVAL; 910 goto bail; 911 } 912 break; 913 case CSP_MODE_CIPHER: 914 switch (cop->op) { 915 case COP_ENCRYPT: 916 crp->crp_op = CRYPTO_OP_ENCRYPT; 917 break; 918 case COP_DECRYPT: 919 crp->crp_op = CRYPTO_OP_DECRYPT; 920 break; 921 default: 922 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 923 error = EINVAL; 924 goto bail; 925 } 926 break; 927 case CSP_MODE_DIGEST: 928 switch (cop->op) { 929 case 0: 930 case COP_ENCRYPT: 931 case COP_DECRYPT: 932 crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST; 933 if (cod->obuf != NULL) 934 crp->crp_digest_start = 0; 935 break; 936 default: 937 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 938 error = EINVAL; 939 goto bail; 940 } 941 break; 942 case CSP_MODE_ETA: 943 switch (cop->op) { 944 case COP_ENCRYPT: 945 crp->crp_op = CRYPTO_OP_ENCRYPT | 946 CRYPTO_OP_COMPUTE_DIGEST; 947 break; 948 case COP_DECRYPT: 949 crp->crp_op = CRYPTO_OP_DECRYPT | 950 CRYPTO_OP_VERIFY_DIGEST; 951 break; 952 default: 953 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 954 error = EINVAL; 955 goto bail; 956 } 957 break; 958 default: 959 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 960 error = EINVAL; 961 goto bail; 962 } 963 964 crp->crp_flags = CRYPTO_F_CBIMM | (cop->flags & COP_F_BATCH); 965 crypto_use_buf(crp, cod->buf, cop->len + cse->hashsize); 966 if (cod->obuf) 967 crypto_use_output_buf(crp, cod->obuf, cop->len + cse->hashsize); 968 crp->crp_callback = cryptodev_cb; 969 crp->crp_opaque = cod; 970 971 if (cop->iv) { 972 if (cse->ivsize == 0) { 973 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 974 error = EINVAL; 975 goto bail; 976 } 977 error = copyin(cop->iv, crp->crp_iv, cse->ivsize); 978 if (error) { 979 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 980 goto bail; 981 } 982 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 983 } else if (cse->ivsize != 0) { 984 crp->crp_iv_start = 0; 985 crp->crp_payload_start += cse->ivsize; 986 crp->crp_payload_length -= cse->ivsize; 987 cop->dst += cse->ivsize; 988 } 989 990 if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 991 error = copyin(cop->mac, cod->buf + crp->crp_digest_start, 992 cse->hashsize); 993 if (error) { 994 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 995 goto bail; 996 } 997 } 998 again: 999 /* 1000 * Let the dispatch run unlocked, then, interlock against the 1001 * callback before checking if the operation completed and going 1002 * to sleep. This insures drivers don't inherit our lock which 1003 * results in a lock order reversal between crypto_dispatch forced 1004 * entry and the crypto_done callback into us. 1005 */ 1006 error = crypto_dispatch(crp); 1007 if (error != 0) { 1008 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1009 goto bail; 1010 } 1011 1012 mtx_lock(&cse->lock); 1013 while (!cod->done) 1014 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1015 mtx_unlock(&cse->lock); 1016 1017 if (crp->crp_etype == EAGAIN) { 1018 crp->crp_etype = 0; 1019 crp->crp_flags &= ~CRYPTO_F_DONE; 1020 cod->done = false; 1021 goto again; 1022 } 1023 1024 if (crp->crp_etype != 0) { 1025 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1026 error = crp->crp_etype; 1027 goto bail; 1028 } 1029 1030 if (cop->dst != NULL) { 1031 error = copyout(cod->obuf != NULL ? cod->obuf : 1032 cod->buf + crp->crp_payload_start, cop->dst, 1033 crp->crp_payload_length); 1034 if (error) { 1035 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1036 goto bail; 1037 } 1038 } 1039 1040 if (cop->mac != NULL && (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) == 0) { 1041 error = copyout((cod->obuf != NULL ? cod->obuf : cod->buf) + 1042 crp->crp_digest_start, cop->mac, cse->hashsize); 1043 if (error) { 1044 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1045 goto bail; 1046 } 1047 } 1048 1049 bail: 1050 crypto_freereq(crp); 1051 cod_free(cod); 1052 1053 return (error); 1054 } 1055 1056 static int 1057 cryptodev_aead( 1058 struct csession *cse, 1059 struct crypt_aead *caead, 1060 struct ucred *active_cred, 1061 struct thread *td) 1062 { 1063 struct cryptop_data *cod = NULL; 1064 struct cryptop *crp = NULL; 1065 int error; 1066 1067 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 1068 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1069 return (E2BIG); 1070 } 1071 1072 if (cse->txform == NULL || cse->hashsize == 0 || caead->tag == NULL || 1073 (caead->len % cse->txform->blocksize) != 0) { 1074 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1075 return (EINVAL); 1076 } 1077 1078 /* 1079 * The COP_F_CIPHER_FIRST flag predates explicit session 1080 * modes, but the only way it was used was for EtA so allow it 1081 * as long as it is consistent with EtA. 1082 */ 1083 if (caead->flags & COP_F_CIPHER_FIRST) { 1084 if (caead->op != COP_ENCRYPT) { 1085 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1086 return (EINVAL); 1087 } 1088 } 1089 1090 cod = cod_alloc(cse, caead->aadlen + caead->len + cse->hashsize, td); 1091 1092 crp = crypto_getreq(cse->cses, M_WAITOK); 1093 1094 error = copyin(caead->aad, cod->buf, caead->aadlen); 1095 if (error) { 1096 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1097 goto bail; 1098 } 1099 crp->crp_aad_start = 0; 1100 crp->crp_aad_length = caead->aadlen; 1101 1102 error = copyin(caead->src, cod->buf + caead->aadlen, caead->len); 1103 if (error) { 1104 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1105 goto bail; 1106 } 1107 crp->crp_payload_start = caead->aadlen; 1108 crp->crp_payload_length = caead->len; 1109 if (caead->op == COP_ENCRYPT && cod->obuf != NULL) 1110 crp->crp_digest_start = caead->len; 1111 else 1112 crp->crp_digest_start = caead->aadlen + caead->len; 1113 1114 switch (cse->mode) { 1115 case CSP_MODE_AEAD: 1116 case CSP_MODE_ETA: 1117 switch (caead->op) { 1118 case COP_ENCRYPT: 1119 crp->crp_op = CRYPTO_OP_ENCRYPT | 1120 CRYPTO_OP_COMPUTE_DIGEST; 1121 break; 1122 case COP_DECRYPT: 1123 crp->crp_op = CRYPTO_OP_DECRYPT | 1124 CRYPTO_OP_VERIFY_DIGEST; 1125 break; 1126 default: 1127 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1128 error = EINVAL; 1129 goto bail; 1130 } 1131 break; 1132 default: 1133 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1134 error = EINVAL; 1135 goto bail; 1136 } 1137 1138 crp->crp_flags = CRYPTO_F_CBIMM | (caead->flags & COP_F_BATCH); 1139 crypto_use_buf(crp, cod->buf, caead->aadlen + caead->len + 1140 cse->hashsize); 1141 if (cod->obuf != NULL) 1142 crypto_use_output_buf(crp, cod->obuf, caead->len + 1143 cse->hashsize); 1144 crp->crp_callback = cryptodev_cb; 1145 crp->crp_opaque = cod; 1146 1147 if (caead->iv) { 1148 /* 1149 * Permit a 16-byte IV for AES-XTS, but only use the 1150 * first 8 bytes as a block number. 1151 */ 1152 if (cse->mode == CSP_MODE_ETA && 1153 caead->ivlen == AES_BLOCK_LEN && 1154 cse->ivsize == AES_XTS_IV_LEN) 1155 caead->ivlen = AES_XTS_IV_LEN; 1156 1157 if (caead->ivlen != cse->ivsize) { 1158 error = EINVAL; 1159 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1160 goto bail; 1161 } 1162 1163 error = copyin(caead->iv, crp->crp_iv, cse->ivsize); 1164 if (error) { 1165 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1166 goto bail; 1167 } 1168 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 1169 } else { 1170 crp->crp_iv_start = crp->crp_payload_start; 1171 crp->crp_payload_start += cse->ivsize; 1172 crp->crp_payload_length -= cse->ivsize; 1173 caead->dst += cse->ivsize; 1174 } 1175 1176 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 1177 error = copyin(caead->tag, cod->buf + crp->crp_digest_start, 1178 cse->hashsize); 1179 if (error) { 1180 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1181 goto bail; 1182 } 1183 } 1184 again: 1185 /* 1186 * Let the dispatch run unlocked, then, interlock against the 1187 * callback before checking if the operation completed and going 1188 * to sleep. This insures drivers don't inherit our lock which 1189 * results in a lock order reversal between crypto_dispatch forced 1190 * entry and the crypto_done callback into us. 1191 */ 1192 error = crypto_dispatch(crp); 1193 if (error != 0) { 1194 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1195 goto bail; 1196 } 1197 1198 mtx_lock(&cse->lock); 1199 while (!cod->done) 1200 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1201 mtx_unlock(&cse->lock); 1202 1203 if (crp->crp_etype == EAGAIN) { 1204 crp->crp_etype = 0; 1205 crp->crp_flags &= ~CRYPTO_F_DONE; 1206 cod->done = false; 1207 goto again; 1208 } 1209 1210 if (crp->crp_etype != 0) { 1211 error = crp->crp_etype; 1212 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1213 goto bail; 1214 } 1215 1216 if (caead->dst != NULL) { 1217 error = copyout(cod->obuf != NULL ? cod->obuf : 1218 cod->buf + crp->crp_payload_start, caead->dst, 1219 crp->crp_payload_length); 1220 if (error) { 1221 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1222 goto bail; 1223 } 1224 } 1225 1226 if ((crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) == 0) { 1227 error = copyout((cod->obuf != NULL ? cod->obuf : cod->buf) + 1228 crp->crp_digest_start, caead->tag, cse->hashsize); 1229 if (error) { 1230 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1231 goto bail; 1232 } 1233 } 1234 1235 bail: 1236 crypto_freereq(crp); 1237 cod_free(cod); 1238 1239 return (error); 1240 } 1241 1242 static int 1243 cryptodev_cb(struct cryptop *crp) 1244 { 1245 struct cryptop_data *cod = crp->crp_opaque; 1246 1247 /* 1248 * Lock to ensure the wakeup() is not missed by the loops 1249 * waiting on cod->done in cryptodev_op() and 1250 * cryptodev_aead(). 1251 */ 1252 mtx_lock(&cod->cse->lock); 1253 cod->done = true; 1254 mtx_unlock(&cod->cse->lock); 1255 wakeup(cod); 1256 return (0); 1257 } 1258 1259 static void 1260 cryptodevkey_cb(struct cryptkop *krp) 1261 { 1262 1263 wakeup_one(krp); 1264 } 1265 1266 static int 1267 cryptodev_key(struct crypt_kop *kop) 1268 { 1269 struct cryptkop *krp = NULL; 1270 int error = EINVAL; 1271 int in, out, size, i; 1272 1273 if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 1274 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1275 return (EFBIG); 1276 } 1277 1278 in = kop->crk_iparams; 1279 out = kop->crk_oparams; 1280 switch (kop->crk_op) { 1281 case CRK_MOD_EXP: 1282 if (in == 3 && out == 1) 1283 break; 1284 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1285 return (EINVAL); 1286 case CRK_MOD_EXP_CRT: 1287 if (in == 6 && out == 1) 1288 break; 1289 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1290 return (EINVAL); 1291 case CRK_DSA_SIGN: 1292 if (in == 5 && out == 2) 1293 break; 1294 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1295 return (EINVAL); 1296 case CRK_DSA_VERIFY: 1297 if (in == 7 && out == 0) 1298 break; 1299 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1300 return (EINVAL); 1301 case CRK_DH_COMPUTE_KEY: 1302 if (in == 3 && out == 1) 1303 break; 1304 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1305 return (EINVAL); 1306 default: 1307 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1308 return (EINVAL); 1309 } 1310 1311 krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); 1312 if (!krp) { 1313 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1314 return (ENOMEM); 1315 } 1316 krp->krp_op = kop->crk_op; 1317 krp->krp_status = kop->crk_status; 1318 krp->krp_iparams = kop->crk_iparams; 1319 krp->krp_oparams = kop->crk_oparams; 1320 krp->krp_crid = kop->crk_crid; 1321 krp->krp_status = 0; 1322 krp->krp_callback = cryptodevkey_cb; 1323 1324 for (i = 0; i < CRK_MAXPARAM; i++) { 1325 if (kop->crk_param[i].crp_nbits > 65536) { 1326 /* Limit is the same as in OpenBSD */ 1327 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1328 goto fail; 1329 } 1330 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 1331 } 1332 for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 1333 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1334 if (size == 0) 1335 continue; 1336 krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); 1337 if (i >= krp->krp_iparams) 1338 continue; 1339 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 1340 if (error) { 1341 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1342 goto fail; 1343 } 1344 } 1345 1346 error = crypto_kdispatch(krp); 1347 if (error) { 1348 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1349 goto fail; 1350 } 1351 error = tsleep(krp, PSOCK, "crydev", 0); 1352 if (error) { 1353 /* XXX can this happen? if so, how do we recover? */ 1354 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1355 goto fail; 1356 } 1357 1358 kop->crk_crid = krp->krp_hid; /* device that did the work */ 1359 if (krp->krp_status != 0) { 1360 error = krp->krp_status; 1361 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1362 goto fail; 1363 } 1364 1365 for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 1366 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1367 if (size == 0) 1368 continue; 1369 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 1370 if (error) { 1371 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1372 goto fail; 1373 } 1374 } 1375 1376 fail: 1377 if (krp) { 1378 kop->crk_status = krp->krp_status; 1379 for (i = 0; i < CRK_MAXPARAM; i++) { 1380 if (krp->krp_param[i].crp_p) 1381 free(krp->krp_param[i].crp_p, M_XDATA); 1382 } 1383 free(krp, M_XDATA); 1384 } 1385 return (error); 1386 } 1387 1388 static int 1389 cryptodev_find(struct crypt_find_op *find) 1390 { 1391 device_t dev; 1392 size_t fnlen = sizeof find->name; 1393 1394 if (find->crid != -1) { 1395 dev = crypto_find_device_byhid(find->crid); 1396 if (dev == NULL) 1397 return (ENOENT); 1398 strncpy(find->name, device_get_nameunit(dev), fnlen); 1399 find->name[fnlen - 1] = '\x0'; 1400 } else { 1401 find->name[fnlen - 1] = '\x0'; 1402 find->crid = crypto_find_driver(find->name); 1403 if (find->crid == -1) 1404 return (ENOENT); 1405 } 1406 return (0); 1407 } 1408 1409 /* ARGSUSED */ 1410 static int 1411 cryptof_stat( 1412 struct file *fp, 1413 struct stat *sb, 1414 struct ucred *active_cred, 1415 struct thread *td) 1416 { 1417 1418 return (EOPNOTSUPP); 1419 } 1420 1421 /* ARGSUSED */ 1422 static int 1423 cryptof_close(struct file *fp, struct thread *td) 1424 { 1425 struct fcrypt *fcr = fp->f_data; 1426 struct csession *cse; 1427 1428 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1429 TAILQ_REMOVE(&fcr->csessions, cse, next); 1430 KASSERT(cse->refs == 1, 1431 ("%s: crypto session %p with %d refs", __func__, cse, 1432 cse->refs)); 1433 csefree(cse); 1434 } 1435 free(fcr, M_XDATA); 1436 fp->f_data = NULL; 1437 return 0; 1438 } 1439 1440 static int 1441 cryptof_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) 1442 { 1443 1444 kif->kf_type = KF_TYPE_CRYPTO; 1445 return (0); 1446 } 1447 1448 static struct csession * 1449 csefind(struct fcrypt *fcr, u_int ses) 1450 { 1451 struct csession *cse; 1452 1453 mtx_lock(&fcr->lock); 1454 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1455 if (cse->ses == ses) { 1456 refcount_acquire(&cse->refs); 1457 mtx_unlock(&fcr->lock); 1458 return (cse); 1459 } 1460 } 1461 mtx_unlock(&fcr->lock); 1462 return (NULL); 1463 } 1464 1465 static bool 1466 csedelete(struct fcrypt *fcr, u_int ses) 1467 { 1468 struct csession *cse; 1469 1470 mtx_lock(&fcr->lock); 1471 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1472 if (cse->ses == ses) { 1473 TAILQ_REMOVE(&fcr->csessions, cse, next); 1474 mtx_unlock(&fcr->lock); 1475 csefree(cse); 1476 return (true); 1477 } 1478 } 1479 mtx_unlock(&fcr->lock); 1480 return (false); 1481 } 1482 1483 struct csession * 1484 csecreate(struct fcrypt *fcr, crypto_session_t cses, 1485 struct crypto_session_params *csp, struct enc_xform *txform, 1486 void *key, struct auth_hash *thash, void *mackey) 1487 { 1488 struct csession *cse; 1489 1490 cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT | M_ZERO); 1491 if (cse == NULL) 1492 return NULL; 1493 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 1494 refcount_init(&cse->refs, 1); 1495 cse->key = key; 1496 cse->mackey = mackey; 1497 cse->mode = csp->csp_mode; 1498 cse->cses = cses; 1499 cse->txform = txform; 1500 if (thash != NULL) 1501 cse->hashsize = thash->hashsize; 1502 else if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) 1503 cse->hashsize = AES_GMAC_HASH_LEN; 1504 else if (csp->csp_cipher_alg == CRYPTO_AES_CCM_16) 1505 cse->hashsize = AES_CBC_MAC_HASH_LEN; 1506 cse->ivsize = csp->csp_ivlen; 1507 mtx_lock(&fcr->lock); 1508 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 1509 cse->ses = fcr->sesn++; 1510 mtx_unlock(&fcr->lock); 1511 return (cse); 1512 } 1513 1514 static void 1515 csefree(struct csession *cse) 1516 { 1517 1518 if (!refcount_release(&cse->refs)) 1519 return; 1520 crypto_freesession(cse->cses); 1521 mtx_destroy(&cse->lock); 1522 if (cse->key) 1523 free(cse->key, M_XDATA); 1524 if (cse->mackey) 1525 free(cse->mackey, M_XDATA); 1526 free(cse, M_XDATA); 1527 } 1528 1529 static int 1530 cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) 1531 { 1532 struct file *f; 1533 struct fcrypt *fcr; 1534 int fd, error; 1535 1536 switch (cmd) { 1537 case CRIOGET: 1538 error = falloc_noinstall(td, &f); 1539 if (error) 1540 break; 1541 1542 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); 1543 TAILQ_INIT(&fcr->csessions); 1544 mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); 1545 1546 finit(f, FREAD | FWRITE, DTYPE_CRYPTO, fcr, &cryptofops); 1547 error = finstall(td, f, &fd, 0, NULL); 1548 if (error) { 1549 mtx_destroy(&fcr->lock); 1550 free(fcr, M_XDATA); 1551 } else 1552 *(uint32_t *)data = fd; 1553 fdrop(f, td); 1554 break; 1555 case CRIOFINDDEV: 1556 error = cryptodev_find((struct crypt_find_op *)data); 1557 break; 1558 case CRIOASYMFEAT: 1559 error = crypto_getfeat((int *)data); 1560 break; 1561 default: 1562 error = EINVAL; 1563 break; 1564 } 1565 return (error); 1566 } 1567 1568 static struct cdevsw crypto_cdevsw = { 1569 .d_version = D_VERSION, 1570 .d_ioctl = cryptoioctl, 1571 .d_name = "crypto", 1572 }; 1573 static struct cdev *crypto_dev; 1574 1575 /* 1576 * Initialization code, both for static and dynamic loading. 1577 */ 1578 static int 1579 cryptodev_modevent(module_t mod, int type, void *unused) 1580 { 1581 switch (type) { 1582 case MOD_LOAD: 1583 if (bootverbose) 1584 printf("crypto: <crypto device>\n"); 1585 crypto_dev = make_dev(&crypto_cdevsw, 0, 1586 UID_ROOT, GID_WHEEL, 0666, 1587 "crypto"); 1588 return 0; 1589 case MOD_UNLOAD: 1590 /*XXX disallow if active sessions */ 1591 destroy_dev(crypto_dev); 1592 return 0; 1593 } 1594 return EINVAL; 1595 } 1596 1597 static moduledata_t cryptodev_mod = { 1598 "cryptodev", 1599 cryptodev_modevent, 1600 0 1601 }; 1602 MODULE_VERSION(cryptodev, 1); 1603 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1604 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1605 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1606