2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
3 * Copyright (c) 2002 Theo de Raadt
4 * Copyright (c) 2002 Markus Friedl
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #include <openssl/objects.h>
30 #include <internal/engine.h>
31 #include <openssl/evp.h>
32 #include <openssl/bn.h>
33 #include <openssl/crypto.h>
35 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
36 (defined(OpenBSD) || defined(__FreeBSD__))
37 # include <sys/param.h>
38 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
39 # define HAVE_CRYPTODEV
41 # if (OpenBSD >= 200110)
42 # define HAVE_SYSLOG_R
46 #include <sys/types.h>
48 # include <crypto/cryptodev.h>
49 # include <sys/ioctl.h>
59 #include <openssl/dh.h>
60 #include <openssl/dsa.h>
61 #include <openssl/err.h>
62 #include <openssl/rsa.h>
64 #ifndef HAVE_CRYPTODEV
66 void engine_load_cryptodev_internal(void)
68 /* This is a NOP on platforms without /dev/crypto */
74 struct dev_crypto_state {
75 struct session_op d_sess;
77 # ifdef USE_CRYPTODEV_DIGESTS
78 char dummy_mac_key[HASH_MAX_LEN];
79 unsigned char digest_res[HASH_MAX_LEN];
85 static u_int32_t cryptodev_asymfeat = 0;
87 #ifndef OPENSSL_NO_DSA
88 static DSA_METHOD *cryptodev_dsa = NULL;
91 static int get_asym_dev_crypto(void);
92 static int open_dev_crypto(void);
93 static int get_dev_crypto(void);
94 static int get_cryptodev_ciphers(const int **cnids);
95 # ifdef USE_CRYPTODEV_DIGESTS
96 static int get_cryptodev_digests(const int **cnids);
98 static int cryptodev_usable_ciphers(const int **nids);
99 static int cryptodev_usable_digests(const int **nids);
100 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
101 const unsigned char *in, size_t inl);
102 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
103 const unsigned char *iv, int enc);
104 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
105 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
106 const int **nids, int nid);
107 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
108 const int **nids, int nid);
109 static int bn2crparam(const BIGNUM *a, struct crparam *crp);
110 static int crparam2bn(struct crparam *crp, BIGNUM *a);
111 static void zapparams(struct crypt_kop *kop);
112 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
113 int slen, BIGNUM *s);
115 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
116 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
118 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
120 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
122 #ifndef OPENSSL_NO_DSA
123 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
124 const BIGNUM *p, const BIGNUM *m,
125 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
126 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
127 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
128 BIGNUM *p, BN_CTX *ctx,
130 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
132 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
133 DSA_SIG *sig, DSA *dsa);
135 #ifndef OPENSSL_NO_DH
136 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
137 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
139 static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
142 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
144 void engine_load_cryptodev_internal(void);
146 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
157 CRYPTO_ARC4, NID_rc4, 0, 16,
160 CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
163 CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
166 CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
169 CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
172 CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
174 # ifdef CRYPTO_AES_CTR
176 CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
179 CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
182 CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
186 CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
189 CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
192 CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
199 # ifdef USE_CRYPTODEV_DIGESTS
206 CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
209 CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
212 CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
216 CRYPTO_MD5_KPDK, NID_undef, 0
219 CRYPTO_SHA1_KPDK, NID_undef, 0
222 CRYPTO_MD5, NID_md5, 16
225 CRYPTO_SHA1, NID_sha1, 20
234 * Return a fd if /dev/crypto seems usable, 0 otherwise.
236 static int open_dev_crypto(void)
241 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
244 if (fcntl(fd, F_SETFD, 1) == -1) {
253 static int get_dev_crypto(void)
257 if ((fd = open_dev_crypto()) == -1)
259 # ifndef CRIOGET_NOT_NEEDED
260 if (ioctl(fd, CRIOGET, &retfd) == -1)
264 if (fcntl(retfd, F_SETFD, 1) == -1) {
274 static void put_dev_crypto(int fd)
276 # ifndef CRIOGET_NOT_NEEDED
281 /* Caching version for asym operations */
282 static int get_asym_dev_crypto(void)
287 fd = get_dev_crypto();
292 * Find out what ciphers /dev/crypto will let us have a session for.
293 * XXX note, that some of these openssl doesn't deal with yet!
294 * returning them here is harmless, as long as we return NULL
295 * when asked for a handler in the cryptodev_engine_ciphers routine
297 static int get_cryptodev_ciphers(const int **cnids)
299 static int nids[CRYPTO_ALGORITHM_MAX];
300 struct session_op sess;
301 int fd, i, count = 0;
303 if ((fd = get_dev_crypto()) < 0) {
307 memset(&sess, 0, sizeof(sess));
308 sess.key = (caddr_t) "123456789abcdefghijklmno";
310 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
311 if (ciphers[i].nid == NID_undef)
313 sess.cipher = ciphers[i].id;
314 sess.keylen = ciphers[i].keylen;
316 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
317 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
318 nids[count++] = ciphers[i].nid;
329 # ifdef USE_CRYPTODEV_DIGESTS
331 * Find out what digests /dev/crypto will let us have a session for.
332 * XXX note, that some of these openssl doesn't deal with yet!
333 * returning them here is harmless, as long as we return NULL
334 * when asked for a handler in the cryptodev_engine_digests routine
336 static int get_cryptodev_digests(const int **cnids)
338 static int nids[CRYPTO_ALGORITHM_MAX];
339 struct session_op sess;
340 int fd, i, count = 0;
342 if ((fd = get_dev_crypto()) < 0) {
346 memset(&sess, 0, sizeof(sess));
347 sess.mackey = (caddr_t) "123456789abcdefghijklmno";
348 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
349 if (digests[i].nid == NID_undef)
351 sess.mac = digests[i].id;
352 sess.mackeylen = digests[i].keylen;
354 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
355 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
356 nids[count++] = digests[i].nid;
369 * Find the useable ciphers|digests from dev/crypto - this is the first
370 * thing called by the engine init crud which determines what it
371 * can use for ciphers from this engine. We want to return
372 * only what we can do, anything else is handled by software.
374 * If we can't initialize the device to do anything useful for
375 * any reason, we want to return a NULL array, and 0 length,
376 * which forces everything to be done is software. By putting
377 * the initialization of the device in here, we ensure we can
378 * use this engine as the default, and if for whatever reason
379 * /dev/crypto won't do what we want it will just be done in
382 * This can (should) be greatly expanded to perhaps take into
383 * account speed of the device, and what we want to do.
384 * (although the disabling of particular alg's could be controlled
385 * by the device driver with sysctl's.) - this is where we
386 * want most of the decisions made about what we actually want
387 * to use from /dev/crypto.
389 static int cryptodev_usable_ciphers(const int **nids)
391 return (get_cryptodev_ciphers(nids));
394 static int cryptodev_usable_digests(const int **nids)
396 # ifdef USE_CRYPTODEV_DIGESTS
397 return (get_cryptodev_digests(nids));
400 * XXXX just disable all digests for now, because it sucks.
401 * we need a better way to decide this - i.e. I may not
402 * want digests on slow cards like hifn on fast machines,
403 * but might want them on slow or loaded machines, etc.
404 * will also want them when using crypto cards that don't
405 * suck moose gonads - would be nice to be able to decide something
406 * as reasonable default without having hackery that's card dependent.
407 * of course, the default should probably be just do everything,
408 * with perhaps a sysctl to turn algorithms off (or have them off
409 * by default) on cards that generally suck like the hifn.
417 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
418 const unsigned char *in, size_t inl)
420 struct crypt_op cryp;
421 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
422 struct session_op *sess = &state->d_sess;
424 unsigned char save_iv[EVP_MAX_IV_LENGTH];
430 if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0)
433 memset(&cryp, 0, sizeof(cryp));
435 cryp.ses = sess->ses;
438 cryp.src = (caddr_t) in;
439 cryp.dst = (caddr_t) out;
442 cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
444 if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
445 cryp.iv = *(caddr_t*) EVP_CIPHER_CTX_iv(ctx);
446 if (!EVP_CIPHER_CTX_encrypting(ctx)) {
447 iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
448 memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
453 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
455 * XXX need better error handling this can fail for a number of
461 if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
462 if (EVP_CIPHER_CTX_encrypting(ctx))
463 iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
466 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
467 EVP_CIPHER_CTX_iv_length(ctx));
473 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
474 const unsigned char *iv, int enc)
476 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
477 struct session_op *sess = &state->d_sess;
480 for (i = 0; ciphers[i].id; i++)
481 if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid &&
482 EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax &&
483 EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) {
484 cipher = ciphers[i].id;
488 if (!ciphers[i].id) {
493 memset(sess, 0, sizeof(*sess));
495 if ((state->d_fd = get_dev_crypto()) < 0)
498 sess->key = (caddr_t) key;
499 sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
500 sess->cipher = cipher;
502 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
503 put_dev_crypto(state->d_fd);
511 * free anything we allocated earlier when initing a
512 * session, and close the session.
514 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
517 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
518 struct session_op *sess = &state->d_sess;
524 * XXX if this ioctl fails, something's wrong. the invoker may have called
525 * us with a bogus ctx, or we could have a device that for whatever
526 * reason just doesn't want to play ball - it's not clear what's right
527 * here - should this be an error? should it just increase a counter,
528 * hmm. For right now, we return 0 - I don't believe that to be "right".
529 * we could call the gorpy openssl lib error handlers that print messages
530 * to users of the library. hmm..
533 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
538 put_dev_crypto(state->d_fd);
545 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
546 * gets called when libcrypto requests a cipher NID.
550 static EVP_CIPHER *rc4_cipher = NULL;
551 static const EVP_CIPHER *cryptodev_rc4(void)
553 if (rc4_cipher == NULL) {
556 if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16)) == NULL
557 || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
558 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
559 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
560 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
561 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
562 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))) {
563 EVP_CIPHER_meth_free(cipher);
572 static EVP_CIPHER *des_cbc_cipher = NULL;
573 static const EVP_CIPHER *cryptodev_des_cbc(void)
575 if (des_cbc_cipher == NULL) {
578 if ((cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8)) == NULL
579 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
580 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
581 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
582 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
583 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
584 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
585 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
586 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
587 EVP_CIPHER_meth_free(cipher);
590 des_cbc_cipher = cipher;
592 return des_cbc_cipher;
596 static EVP_CIPHER *des3_cbc_cipher = NULL;
597 static const EVP_CIPHER *cryptodev_3des_cbc(void)
599 if (des3_cbc_cipher == NULL) {
602 if ((cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24)) == NULL
603 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
604 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
605 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
606 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
607 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
608 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
609 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
610 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
611 EVP_CIPHER_meth_free(cipher);
614 des3_cbc_cipher = cipher;
616 return des3_cbc_cipher;
619 static EVP_CIPHER *bf_cbc_cipher = NULL;
620 static const EVP_CIPHER *cryptodev_bf_cbc(void)
622 if (bf_cbc_cipher == NULL) {
625 if ((cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16)) == NULL
626 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
627 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
628 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
629 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
630 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
631 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
632 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
633 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
634 EVP_CIPHER_meth_free(cipher);
637 bf_cbc_cipher = cipher;
639 return bf_cbc_cipher;
642 static EVP_CIPHER *cast_cbc_cipher = NULL;
643 static const EVP_CIPHER *cryptodev_cast_cbc(void)
645 if (cast_cbc_cipher == NULL) {
648 if ((cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16)) == NULL
649 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
650 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
651 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
652 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
653 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
654 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
655 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
656 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
657 EVP_CIPHER_meth_free(cipher);
660 cast_cbc_cipher = cipher;
662 return cast_cbc_cipher;
665 static EVP_CIPHER *aes_cbc_cipher = NULL;
666 static const EVP_CIPHER *cryptodev_aes_cbc(void)
668 if (aes_cbc_cipher == NULL) {
671 if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16)) == NULL
672 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
673 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
674 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
675 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
676 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
677 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
678 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
679 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
680 EVP_CIPHER_meth_free(cipher);
683 aes_cbc_cipher = cipher;
685 return aes_cbc_cipher;
688 static EVP_CIPHER *aes_192_cbc_cipher = NULL;
689 static const EVP_CIPHER *cryptodev_aes_192_cbc(void)
691 if (aes_192_cbc_cipher == NULL) {
694 if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24)) == NULL
695 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
696 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
697 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
698 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
699 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
700 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
701 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
702 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
703 EVP_CIPHER_meth_free(cipher);
706 aes_192_cbc_cipher = cipher;
708 return aes_192_cbc_cipher;
711 static EVP_CIPHER *aes_256_cbc_cipher = NULL;
712 static const EVP_CIPHER *cryptodev_aes_256_cbc(void)
714 if (aes_256_cbc_cipher == NULL) {
717 if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32)) == NULL
718 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
719 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
720 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
721 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
722 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
723 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
724 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
725 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
726 EVP_CIPHER_meth_free(cipher);
729 aes_256_cbc_cipher = cipher;
731 return aes_256_cbc_cipher;
734 # ifdef CRYPTO_AES_CTR
735 static EVP_CIPHER *aes_ctr_cipher = NULL;
736 static const EVP_CIPHER *cryptodev_aes_ctr(void)
738 if (aes_ctr_cipher == NULL) {
741 if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16)) == NULL
742 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
743 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
744 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
745 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
746 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
747 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
748 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
749 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
750 EVP_CIPHER_meth_free(cipher);
753 aes_ctr_cipher = cipher;
755 return aes_ctr_cipher;
758 static EVP_CIPHER *aes_192_ctr_cipher = NULL;
759 static const EVP_CIPHER *cryptodev_aes_192_ctr(void)
761 if (aes_192_ctr_cipher == NULL) {
764 if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24)) == NULL
765 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
766 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
767 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
768 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
769 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
770 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
771 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
772 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
773 EVP_CIPHER_meth_free(cipher);
776 aes_192_ctr_cipher = cipher;
778 return aes_192_ctr_cipher;
781 static EVP_CIPHER *aes_256_ctr_cipher = NULL;
782 static const EVP_CIPHER *cryptodev_aes_256_ctr(void)
784 if (aes_256_ctr_cipher == NULL) {
787 if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32)) == NULL
788 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
789 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
790 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
791 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
792 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
793 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
794 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
795 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
796 EVP_CIPHER_meth_free(cipher);
799 aes_256_ctr_cipher = cipher;
801 return aes_256_ctr_cipher;
805 * Registered by the ENGINE when used to find out how to deal with
806 * a particular NID in the ENGINE. this says what we'll do at the
807 * top level - note, that list is restricted by what we answer with
810 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
811 const int **nids, int nid)
814 return (cryptodev_usable_ciphers(nids));
818 *cipher = cryptodev_rc4();
820 case NID_des_ede3_cbc:
821 *cipher = cryptodev_3des_cbc();
824 *cipher = cryptodev_des_cbc();
827 *cipher = cryptodev_bf_cbc();
830 *cipher = cryptodev_cast_cbc();
832 case NID_aes_128_cbc:
833 *cipher = cryptodev_aes_cbc();
835 case NID_aes_192_cbc:
836 *cipher = cryptodev_aes_192_cbc();
838 case NID_aes_256_cbc:
839 *cipher = cryptodev_aes_256_cbc();
841 # ifdef CRYPTO_AES_CTR
842 case NID_aes_128_ctr:
843 *cipher = cryptodev_aes_ctr();
845 case NID_aes_192_ctr:
846 *cipher = cryptodev_aes_ctr_192();
848 case NID_aes_256_ctr:
849 *cipher = cryptodev_aes_ctr_256();
856 return (*cipher != NULL);
859 # ifdef USE_CRYPTODEV_DIGESTS
861 /* convert digest type to cryptodev */
862 static int digest_nid_to_cryptodev(int nid)
866 for (i = 0; digests[i].id; i++)
867 if (digests[i].nid == nid)
868 return (digests[i].id);
872 static int digest_key_length(int nid)
876 for (i = 0; digests[i].id; i++)
877 if (digests[i].nid == nid)
878 return digests[i].keylen;
882 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
884 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
885 struct session_op *sess = &state->d_sess;
888 if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) {
889 printf("cryptodev_digest_init: Can't get digest \n");
893 memset(state, 0, sizeof(*state));
895 if ((state->d_fd = get_dev_crypto()) < 0) {
896 printf("cryptodev_digest_init: Can't get Dev \n");
900 sess->mackey = state->dummy_mac_key;
901 sess->mackeylen = digest_key_length(EVP_MD_CTX_type(ctx));
904 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
905 put_dev_crypto(state->d_fd);
907 printf("cryptodev_digest_init: Open session failed\n");
914 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
917 struct crypt_op cryp;
918 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
919 struct session_op *sess = &state->d_sess;
922 if (!data || state->d_fd < 0) {
923 printf("cryptodev_digest_update: illegal inputs \n");
931 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
932 /* if application doesn't support one buffer */
934 OPENSSL_realloc(state->mac_data, state->mac_len + count);
937 printf("cryptodev_digest_update: realloc failed\n");
940 state->mac_data = new_mac_data;
942 memcpy(state->mac_data + state->mac_len, data, count);
943 state->mac_len += count;
948 memset(&cryp, 0, sizeof(cryp));
950 cryp.ses = sess->ses;
953 cryp.src = (caddr_t) data;
955 cryp.mac = (caddr_t) state->digest_res;
956 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
957 printf("cryptodev_digest_update: digest failed\n");
963 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
965 struct crypt_op cryp;
966 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
967 struct session_op *sess = &state->d_sess;
971 if (!md || state->d_fd < 0) {
972 printf("cryptodev_digest_final: illegal input\n");
976 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
977 /* if application doesn't support one buffer */
978 memset(&cryp, 0, sizeof(cryp));
979 cryp.ses = sess->ses;
981 cryp.len = state->mac_len;
982 cryp.src = state->mac_data;
984 cryp.mac = (caddr_t) md;
985 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
986 printf("cryptodev_digest_final: digest failed\n");
993 memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx));
998 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
1001 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1002 struct session_op *sess = &state->d_sess;
1007 if (state->d_fd < 0) {
1008 printf("cryptodev_digest_cleanup: illegal input\n");
1012 OPENSSL_free(state->mac_data);
1013 state->mac_data = NULL;
1016 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1017 printf("cryptodev_digest_cleanup: failed to close session\n");
1022 put_dev_crypto(state->d_fd);
1028 static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
1030 struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from);
1031 struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to);
1032 struct session_op *sess;
1035 if (dstate == NULL || fstate == NULL)
1038 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1040 sess = &dstate->d_sess;
1042 digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to));
1044 sess->mackey = dstate->dummy_mac_key;
1045 sess->mackeylen = digest_key_length(EVP_MD_CTX_type(to));
1048 dstate->d_fd = get_dev_crypto();
1050 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
1051 put_dev_crypto(dstate->d_fd);
1053 printf("cryptodev_digest_copy: Open session failed\n");
1057 if (fstate->mac_len != 0) {
1058 if (fstate->mac_data != NULL) {
1059 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1060 if (dstate->mac_data == NULL) {
1061 printf("cryptodev_digest_copy: mac_data allocation failed\n");
1064 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1065 dstate->mac_len = fstate->mac_len;
1072 static EVP_MD *sha1_md = NULL;
1073 static const EVP_MD *cryptodev_sha1(void)
1075 if (sha1_md == NULL) {
1078 if ((md = EVP_MD_meth_new(NID_sha1, NID_undef)) == NULL
1079 || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
1080 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1081 || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
1082 || !EVP_MD_meth_set_app_datasize(md,
1083 sizeof(struct dev_crypto_state))
1084 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1085 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1086 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1087 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1088 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1089 EVP_MD_meth_free(md);
1097 static EVP_MD *md5_md = NULL;
1098 static const EVP_MD *cryptodev_md5(void)
1100 if (md5_md == NULL) {
1103 if ((md = EVP_MD_meth_new(NID_md5, NID_undef)) == NULL
1104 || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */)
1105 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1106 || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */)
1107 || !EVP_MD_meth_set_app_datasize(md,
1108 sizeof(struct dev_crypto_state))
1109 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1110 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1111 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1112 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1113 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1114 EVP_MD_meth_free(md);
1122 # endif /* USE_CRYPTODEV_DIGESTS */
1125 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
1126 const int **nids, int nid)
1129 return (cryptodev_usable_digests(nids));
1132 # ifdef USE_CRYPTODEV_DIGESTS
1134 *digest = cryptodev_md5();
1137 *digest = cryptodev_sha1();
1140 # endif /* USE_CRYPTODEV_DIGESTS */
1144 return (*digest != NULL);
1147 static int cryptodev_engine_destroy(ENGINE *e)
1149 EVP_CIPHER_meth_free(rc4_cipher);
1151 EVP_CIPHER_meth_free(des_cbc_cipher);
1152 des_cbc_cipher = NULL;
1153 EVP_CIPHER_meth_free(des3_cbc_cipher);
1154 des3_cbc_cipher = NULL;
1155 EVP_CIPHER_meth_free(bf_cbc_cipher);
1156 bf_cbc_cipher = NULL;
1157 EVP_CIPHER_meth_free(cast_cbc_cipher);
1158 cast_cbc_cipher = NULL;
1159 EVP_CIPHER_meth_free(aes_cbc_cipher);
1160 aes_cbc_cipher = NULL;
1161 EVP_CIPHER_meth_free(aes_192_cbc_cipher);
1162 aes_192_cbc_cipher = NULL;
1163 EVP_CIPHER_meth_free(aes_256_cbc_cipher);
1164 aes_256_cbc_cipher = NULL;
1165 # ifdef CRYPTO_AES_CTR
1166 EVP_CIPHER_meth_free(aes_ctr_cipher);
1167 aes_ctr_cipher = NULL;
1168 EVP_CIPHER_meth_free(aes_192_ctr_cipher);
1169 aes_192_ctr_cipher = NULL;
1170 EVP_CIPHER_meth_free(aes_256_ctr_cipher);
1171 aes_256_ctr_cipher = NULL;
1173 # ifdef USE_CRYPTODEV_DIGESTS
1174 EVP_MD_meth_free(sha1_md);
1176 EVP_MD_meth_free(md5_md);
1179 #ifndef OPENSSL_NO_DSA
1180 DSA_meth_free(cryptodev_dsa);
1181 cryptodev_dsa = NULL;
1187 * Convert a BIGNUM to the representation that /dev/crypto needs.
1188 * Upon completion of use, the caller is responsible for freeing
1191 static int bn2crparam(const BIGNUM *a, struct crparam *crp)
1193 ssize_t bytes, bits;
1199 bits = BN_num_bits(a);
1200 bytes = BN_num_bytes(a);
1202 b = OPENSSL_zalloc(bytes);
1206 crp->crp_p = (caddr_t) b;
1207 crp->crp_nbits = bits;
1213 /* Convert a /dev/crypto parameter to a BIGNUM */
1214 static int crparam2bn(struct crparam *crp, BIGNUM *a)
1219 bytes = (crp->crp_nbits + 7) / 8;
1224 if ((pd = OPENSSL_malloc(bytes)) == NULL)
1227 for (i = 0; i < bytes; i++)
1228 pd[i] = crp->crp_p[bytes - i - 1];
1230 BN_bin2bn(pd, bytes, a);
1236 static void zapparams(struct crypt_kop *kop)
1240 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1241 if (kop->crk_param[i].crp_p)
1242 free(kop->crk_param[i].crp_p);
1243 kop->crk_param[i].crp_p = NULL;
1244 kop->crk_param[i].crp_nbits = 0;
1249 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
1254 if ((fd = get_asym_dev_crypto()) < 0)
1258 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
1259 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
1263 kop->crk_param[kop->crk_iparams + 1].crp_p =
1264 calloc(slen, sizeof(char));
1265 kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
1269 if (ioctl(fd, CIOCKEY, kop) == 0) {
1271 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
1273 crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
1281 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1282 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
1284 struct crypt_kop kop;
1288 * Currently, we know we can do mod exp iff we can do any asymmetric
1289 * operations at all.
1291 if (cryptodev_asymfeat == 0) {
1292 ret = BN_mod_exp(r, a, p, m, ctx);
1296 memset(&kop, 0, sizeof(kop));
1297 kop.crk_op = CRK_MOD_EXP;
1299 /* inputs: a^p % m */
1300 if (bn2crparam(a, &kop.crk_param[0]))
1302 if (bn2crparam(p, &kop.crk_param[1]))
1304 if (bn2crparam(m, &kop.crk_param[2]))
1306 kop.crk_iparams = 3;
1308 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
1309 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1310 printf("OCF asym process failed, Running in software\n");
1311 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1313 } else if (ECANCELED == kop.crk_status) {
1314 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1315 printf("OCF hardware operation cancelled. Running in Software\n");
1316 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1318 /* else cryptodev operation worked ok ==> ret = 1 */
1326 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
1331 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
1337 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1339 struct crypt_kop kop;
1342 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
1343 /* XXX 0 means failure?? */
1347 memset(&kop, 0, sizeof(kop));
1348 kop.crk_op = CRK_MOD_EXP_CRT;
1349 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1350 if (bn2crparam(rsa->p, &kop.crk_param[0]))
1352 if (bn2crparam(rsa->q, &kop.crk_param[1]))
1354 if (bn2crparam(I, &kop.crk_param[2]))
1356 if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
1358 if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
1360 if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
1362 kop.crk_iparams = 6;
1364 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
1365 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1366 printf("OCF asym process failed, running in Software\n");
1367 ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
1369 } else if (ECANCELED == kop.crk_status) {
1370 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1371 printf("OCF hardware operation cancelled. Running in Software\n");
1372 ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
1374 /* else cryptodev operation worked ok ==> ret = 1 */
1381 static RSA_METHOD cryptodev_rsa = {
1382 "cryptodev RSA method",
1383 NULL, /* rsa_pub_enc */
1384 NULL, /* rsa_pub_dec */
1385 NULL, /* rsa_priv_enc */
1386 NULL, /* rsa_priv_dec */
1392 NULL, /* app_data */
1393 NULL, /* rsa_sign */
1394 NULL /* rsa_verify */
1397 #ifndef OPENSSL_NO_DSA
1399 cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
1400 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1402 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1406 cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
1407 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
1408 BN_CTX *ctx, BN_MONT_CTX *mont)
1410 BIGNUM *t2, *dsag, *dsap, *dsapub_key;
1412 const DSA_METHOD *meth;
1413 int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *,
1414 BN_CTX *, BN_MONT_CTX *);
1420 /* v = ( g^u1 * y^u2 mod p ) mod q */
1421 /* let t1 = g ^ u1 mod p */
1424 DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
1425 DSA_get0_key(dsa, &dsapub_key, NULL);
1427 meth = DSA_get_method(dsa);
1430 bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
1431 if (bn_mod_exp == NULL)
1434 if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
1437 /* let t2 = y ^ u2 mod p */
1438 if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
1440 /* let u1 = t1 * t2 mod p */
1441 if (!BN_mod_mul(u1, t1, t2, dsap, ctx))
1452 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
1455 struct crypt_kop kop;
1456 BIGNUM *r = NULL, *s = NULL, *dsap = NULL, *dsaq = NULL, *dsag = NULL;
1457 BIGNUM *priv_key = NULL;
1458 DSA_SIG *dsasig, *dsaret = NULL;
1460 dsasig = DSA_SIG_new();
1463 DSA_SIG_get0(&r, &s, dsasig);
1465 memset(&kop, 0, sizeof(kop));
1466 kop.crk_op = CRK_DSA_SIGN;
1468 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1469 kop.crk_param[0].crp_p = (caddr_t) dgst;
1470 kop.crk_param[0].crp_nbits = dlen * 8;
1471 DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
1472 DSA_get0_key(dsa, NULL, &priv_key);
1473 if (bn2crparam(dsap, &kop.crk_param[1]))
1475 if (bn2crparam(dsaq, &kop.crk_param[2]))
1477 if (bn2crparam(dsag, &kop.crk_param[3]))
1479 if (bn2crparam(priv_key, &kop.crk_param[4]))
1481 kop.crk_iparams = 5;
1483 if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r,
1484 BN_num_bytes(dsaq), s) == 0) {
1487 dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
1490 if (dsaret != dsasig)
1491 DSA_SIG_free(dsasig);
1492 kop.crk_param[0].crp_p = NULL;
1498 cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
1499 DSA_SIG *sig, DSA *dsa)
1501 struct crypt_kop kop;
1503 BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
1505 memset(&kop, 0, sizeof(kop));
1506 kop.crk_op = CRK_DSA_VERIFY;
1508 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1509 kop.crk_param[0].crp_p = (caddr_t) dgst;
1510 kop.crk_param[0].crp_nbits = dlen * 8;
1511 DSA_get0_pqg(dsa, &p, &q, &g);
1512 if (bn2crparam(p, &kop.crk_param[1]))
1514 if (bn2crparam(q, &kop.crk_param[2]))
1516 if (bn2crparam(g, &kop.crk_param[3]))
1518 DSA_get0_key(dsa, &pub_key, NULL);
1519 if (bn2crparam(pub_key, &kop.crk_param[4]))
1521 DSA_SIG_get0(&pr, &ps, sig);
1522 if (bn2crparam(pr, &kop.crk_param[5]))
1524 if (bn2crparam(ps, &kop.crk_param[6]))
1526 kop.crk_iparams = 7;
1528 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1530 * OCF success value is 0, if not zero, change dsaret to fail
1532 if (0 != kop.crk_status)
1535 dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
1538 kop.crk_param[0].crp_p = NULL;
1544 #ifndef OPENSSL_NO_DH
1546 cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
1547 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1550 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1554 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1556 struct crypt_kop kop;
1560 if ((fd = get_asym_dev_crypto()) < 0) {
1561 const DH_METHOD *meth = DH_OpenSSL();
1563 return ((meth->compute_key) (key, pub_key, dh));
1566 keylen = BN_num_bits(dh->p);
1568 memset(&kop, 0, sizeof(kop));
1569 kop.crk_op = CRK_DH_COMPUTE_KEY;
1571 /* inputs: dh->priv_key pub_key dh->p key */
1572 if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1574 if (bn2crparam(pub_key, &kop.crk_param[1]))
1576 if (bn2crparam(dh->p, &kop.crk_param[2]))
1578 kop.crk_iparams = 3;
1580 kop.crk_param[3].crp_p = (caddr_t) key;
1581 kop.crk_param[3].crp_nbits = keylen * 8;
1582 kop.crk_oparams = 1;
1584 if (ioctl(fd, CIOCKEY, &kop) == -1) {
1585 const DH_METHOD *meth = DH_OpenSSL();
1587 dhret = (meth->compute_key) (key, pub_key, dh);
1590 kop.crk_param[3].crp_p = NULL;
1595 static DH_METHOD cryptodev_dh = {
1596 "cryptodev DH method",
1597 NULL, /* cryptodev_dh_generate_key */
1606 #endif /* ndef OPENSSL_NO_DH */
1609 * ctrl right now is just a wrapper that doesn't do much
1610 * but I expect we'll want some options soon.
1613 cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
1615 # ifdef HAVE_SYSLOG_R
1616 struct syslog_data sd = SYSLOG_DATA_INIT;
1621 # ifdef HAVE_SYSLOG_R
1622 syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
1624 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1631 void engine_load_cryptodev_internal(void)
1633 ENGINE *engine = ENGINE_new();
1638 if ((fd = get_dev_crypto()) < 0) {
1639 ENGINE_free(engine);
1644 * find out what asymmetric crypto algorithms we support
1646 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1648 ENGINE_free(engine);
1653 if (!ENGINE_set_id(engine, "cryptodev") ||
1654 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
1655 !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
1656 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1657 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1658 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1659 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1660 ENGINE_free(engine);
1664 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
1665 const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL();
1667 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
1668 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
1669 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
1670 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
1671 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
1672 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1673 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1674 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1675 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1676 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
1678 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
1682 #ifndef OPENSSL_NO_DSA
1683 cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
1684 if (cryptodev_dsa != NULL) {
1685 DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method");
1686 DSA_meth_set_flags(cryptodev_dsa, 0);
1687 if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
1688 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1689 DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
1690 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1691 DSA_meth_set_bn_mod_exp(cryptodev_dsa, cryptodev_dsa_bn_mod_exp);
1692 DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
1694 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1695 DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
1698 ENGINE_free(engine);
1703 #ifndef OPENSSL_NO_DH
1704 if (ENGINE_set_DH(engine, &cryptodev_dh)) {
1705 const DH_METHOD *dh_meth = DH_OpenSSL();
1707 cryptodev_dh.generate_key = dh_meth->generate_key;
1708 cryptodev_dh.compute_key = dh_meth->compute_key;
1709 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1710 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1711 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1712 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1713 cryptodev_dh.compute_key = cryptodev_dh_compute_key;
1719 ENGINE_free(engine);
1723 #endif /* HAVE_CRYPTODEV */