2 * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
12 * Copyright (c) 2002 Theo de Raadt
13 * Copyright (c) 2002 Markus Friedl
14 * Copyright (c) 2012 Nikos Mavrogiannopoulos
15 * All rights reserved.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
27 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
28 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
29 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
30 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
31 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
32 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
33 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #include <openssl/objects.h>
40 #include <internal/engine.h>
41 #include <openssl/evp.h>
42 #include <openssl/bn.h>
43 #include <openssl/crypto.h>
45 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
46 (defined(OpenBSD) || defined(__FreeBSD__) || defined(__DragonFly__))
47 # include <sys/param.h>
48 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || defined(__DragonFly__)
49 # define HAVE_CRYPTODEV
51 # if (OpenBSD >= 200110)
52 # define HAVE_SYSLOG_R
56 #include <sys/types.h>
58 # include <crypto/cryptodev.h>
59 # include <sys/ioctl.h>
69 #include <openssl/dh.h>
70 #include <openssl/dsa.h>
71 #include <openssl/err.h>
72 #include <openssl/rsa.h>
74 #ifndef HAVE_CRYPTODEV
76 void engine_load_cryptodev_int(void)
78 /* This is a NOP on platforms without /dev/crypto */
84 struct dev_crypto_state {
85 struct session_op d_sess;
87 # ifdef USE_CRYPTODEV_DIGESTS
88 unsigned char digest_res[HASH_MAX_LEN];
94 static u_int32_t cryptodev_asymfeat = 0;
96 static RSA_METHOD *cryptodev_rsa;
97 # ifndef OPENSSL_NO_DSA
98 static DSA_METHOD *cryptodev_dsa = NULL;
100 # ifndef OPENSSL_NO_DH
101 static DH_METHOD *cryptodev_dh;
104 static int get_asym_dev_crypto(void);
105 static int open_dev_crypto(void);
106 static int get_dev_crypto(void);
107 static int get_cryptodev_ciphers(const int **cnids);
108 # ifdef USE_CRYPTODEV_DIGESTS
109 static int get_cryptodev_digests(const int **cnids);
111 static int cryptodev_usable_ciphers(const int **nids);
112 static int cryptodev_usable_digests(const int **nids);
113 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
114 const unsigned char *in, size_t inl);
115 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
116 const unsigned char *iv, int enc);
117 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
118 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
119 const int **nids, int nid);
120 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
121 const int **nids, int nid);
122 static int bn2crparam(const BIGNUM *a, struct crparam *crp);
123 static int crparam2bn(struct crparam *crp, BIGNUM *a);
124 static void zapparams(struct crypt_kop *kop);
125 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
126 int slen, BIGNUM *s);
128 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
129 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
131 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
133 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
135 # ifndef OPENSSL_NO_DSA
136 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a,
137 const BIGNUM *p, const BIGNUM *m,
138 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
139 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
140 const BIGNUM *u1, const BIGNUM *pub_key,
141 const BIGNUM *u2, const BIGNUM *p,
142 BN_CTX *ctx, BN_MONT_CTX *mont);
143 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
145 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
146 DSA_SIG *sig, DSA *dsa);
148 # ifndef OPENSSL_NO_DH
149 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
150 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
152 static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
155 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
157 void engine_load_cryptodev_int(void);
159 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
169 {CRYPTO_ARC4, NID_rc4, 0, 16},
170 {CRYPTO_DES_CBC, NID_des_cbc, 8, 8},
171 {CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24},
172 {CRYPTO_3DES_ECB, NID_des_ede3_ecb, 0, 24},
173 {CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16},
174 {CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24},
175 {CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32},
176 {CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16},
177 {CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24},
178 {CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32},
179 {CRYPTO_AES_ECB, NID_aes_128_ecb, 0, 16},
180 {CRYPTO_AES_ECB, NID_aes_192_ecb, 0, 24},
181 {CRYPTO_AES_ECB, NID_aes_256_ecb, 0, 32},
182 {CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16},
183 {CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16},
184 {CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0},
185 {0, NID_undef, 0, 0},
188 # ifdef USE_CRYPTODEV_DIGESTS
194 {CRYPTO_MD5, NID_md5, 16},
195 {CRYPTO_SHA1, NID_sha1, 20},
196 {CRYPTO_SHA2_256, NID_sha256, 32},
197 {CRYPTO_SHA2_384, NID_sha384, 48},
198 {CRYPTO_SHA2_512, NID_sha512, 64},
204 * Return a fd if /dev/crypto seems usable, 0 otherwise.
206 static int open_dev_crypto(void)
211 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
214 if (fcntl(fd, F_SETFD, 1) == -1) {
223 static int get_dev_crypto(void)
227 if ((fd = open_dev_crypto()) == -1)
229 # ifndef CRIOGET_NOT_NEEDED
230 if (ioctl(fd, CRIOGET, &retfd) == -1)
234 if (fcntl(retfd, F_SETFD, 1) == -1) {
244 static void put_dev_crypto(int fd)
246 # ifndef CRIOGET_NOT_NEEDED
251 /* Caching version for asym operations */
252 static int get_asym_dev_crypto(void)
257 fd = get_dev_crypto();
262 * Find out what ciphers /dev/crypto will let us have a session for.
263 * XXX note, that some of these openssl doesn't deal with yet!
264 * returning them here is harmless, as long as we return NULL
265 * when asked for a handler in the cryptodev_engine_ciphers routine
267 static int get_cryptodev_ciphers(const int **cnids)
269 static int nids[CRYPTO_ALGORITHM_MAX];
270 struct session_op sess;
271 int fd, i, count = 0;
272 unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
274 if ((fd = get_dev_crypto()) < 0) {
278 memset(&sess, 0, sizeof(sess));
279 sess.key = (void *)fake_key;
281 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
282 if (ciphers[i].nid == NID_undef)
284 sess.cipher = ciphers[i].id;
285 sess.keylen = ciphers[i].keylen;
287 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
288 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
289 nids[count++] = ciphers[i].nid;
300 # ifdef USE_CRYPTODEV_DIGESTS
302 * Find out what digests /dev/crypto will let us have a session for.
303 * XXX note, that some of these openssl doesn't deal with yet!
304 * returning them here is harmless, as long as we return NULL
305 * when asked for a handler in the cryptodev_engine_digests routine
307 static int get_cryptodev_digests(const int **cnids)
309 static int nids[CRYPTO_ALGORITHM_MAX];
310 unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
311 struct session_op sess;
312 int fd, i, count = 0;
314 if ((fd = get_dev_crypto()) < 0) {
318 memset(&sess, 0, sizeof(sess));
319 sess.mackey = fake_key;
320 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
321 if (digests[i].nid == NID_undef)
323 sess.mac = digests[i].id;
326 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
327 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
328 nids[count++] = digests[i].nid;
341 * Find the useable ciphers|digests from dev/crypto - this is the first
342 * thing called by the engine init crud which determines what it
343 * can use for ciphers from this engine. We want to return
344 * only what we can do, anything else is handled by software.
346 * If we can't initialize the device to do anything useful for
347 * any reason, we want to return a NULL array, and 0 length,
348 * which forces everything to be done is software. By putting
349 * the initialization of the device in here, we ensure we can
350 * use this engine as the default, and if for whatever reason
351 * /dev/crypto won't do what we want it will just be done in
354 * This can (should) be greatly expanded to perhaps take into
355 * account speed of the device, and what we want to do.
356 * (although the disabling of particular alg's could be controlled
357 * by the device driver with sysctl's.) - this is where we
358 * want most of the decisions made about what we actually want
359 * to use from /dev/crypto.
361 static int cryptodev_usable_ciphers(const int **nids)
363 return (get_cryptodev_ciphers(nids));
366 static int cryptodev_usable_digests(const int **nids)
368 # ifdef USE_CRYPTODEV_DIGESTS
369 return (get_cryptodev_digests(nids));
372 * XXXX just disable all digests for now, because it sucks.
373 * we need a better way to decide this - i.e. I may not
374 * want digests on slow cards like hifn on fast machines,
375 * but might want them on slow or loaded machines, etc.
376 * will also want them when using crypto cards that don't
377 * suck moose gonads - would be nice to be able to decide something
378 * as reasonable default without having hackery that's card dependent.
379 * of course, the default should probably be just do everything,
380 * with perhaps a sysctl to turn algorithms off (or have them off
381 * by default) on cards that generally suck like the hifn.
389 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
390 const unsigned char *in, size_t inl)
392 struct crypt_op cryp;
393 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
394 struct session_op *sess = &state->d_sess;
396 unsigned char save_iv[EVP_MAX_IV_LENGTH];
402 if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0)
405 memset(&cryp, 0, sizeof(cryp));
407 cryp.ses = sess->ses;
410 cryp.src = (void *)in;
411 cryp.dst = (void *)out;
414 cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
416 if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
417 cryp.iv = (void *)EVP_CIPHER_CTX_iv(ctx);
418 if (!EVP_CIPHER_CTX_encrypting(ctx)) {
419 iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
420 memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
425 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
427 * XXX need better error handling this can fail for a number of
433 if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
434 if (EVP_CIPHER_CTX_encrypting(ctx))
435 iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
438 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
439 EVP_CIPHER_CTX_iv_length(ctx));
445 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
446 const unsigned char *iv, int enc)
448 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
449 struct session_op *sess = &state->d_sess;
452 for (i = 0; ciphers[i].id; i++)
453 if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid &&
454 EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax &&
455 EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) {
456 cipher = ciphers[i].id;
460 if (!ciphers[i].id) {
465 memset(sess, 0, sizeof(*sess));
467 if ((state->d_fd = get_dev_crypto()) < 0)
470 sess->key = (void *)key;
471 sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
472 sess->cipher = cipher;
474 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
475 put_dev_crypto(state->d_fd);
483 * free anything we allocated earlier when initing a
484 * session, and close the session.
486 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
489 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
490 struct session_op *sess = &state->d_sess;
496 * XXX if this ioctl fails, something's wrong. the invoker may have called
497 * us with a bogus ctx, or we could have a device that for whatever
498 * reason just doesn't want to play ball - it's not clear what's right
499 * here - should this be an error? should it just increase a counter,
500 * hmm. For right now, we return 0 - I don't believe that to be "right".
501 * we could call the gorpy openssl lib error handlers that print messages
502 * to users of the library. hmm..
505 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
510 put_dev_crypto(state->d_fd);
517 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
518 * gets called when libcrypto requests a cipher NID.
521 static int cryptodev_cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void *p2)
523 struct dev_crypto_state *state = ctx->cipher_data;
524 struct session_op *sess = &state->d_sess;
526 if (type == EVP_CTRL_COPY) {
527 EVP_CIPHER_CTX *out = p2;
528 return cryptodev_init_key(out, sess->key, ctx->iv, 0);
535 static EVP_CIPHER *rc4_cipher = NULL;
536 static const EVP_CIPHER *cryptodev_rc4(void)
538 if (rc4_cipher == NULL) {
539 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16);
542 || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
543 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH
544 | EVP_CIPH_CUSTOM_COPY)
545 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
546 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
547 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
548 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
549 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
551 dev_crypto_state))) {
552 EVP_CIPHER_meth_free(cipher);
561 static EVP_CIPHER *des_cbc_cipher = NULL;
562 static const EVP_CIPHER *cryptodev_des_cbc(void)
564 if (des_cbc_cipher == NULL) {
565 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8);
568 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
569 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
570 | EVP_CIPH_CUSTOM_COPY)
571 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
572 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
573 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
574 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
575 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
578 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
579 EVP_CIPHER_set_asn1_iv)
580 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
581 EVP_CIPHER_get_asn1_iv)) {
582 EVP_CIPHER_meth_free(cipher);
585 des_cbc_cipher = cipher;
587 return des_cbc_cipher;
591 static EVP_CIPHER *des3_cbc_cipher = NULL;
592 static const EVP_CIPHER *cryptodev_3des_cbc(void)
594 if (des3_cbc_cipher == NULL) {
595 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24);
598 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
599 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
600 | EVP_CIPH_CUSTOM_COPY)
601 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
602 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
603 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
604 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
605 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
608 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
609 EVP_CIPHER_set_asn1_iv)
610 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
611 EVP_CIPHER_get_asn1_iv)) {
612 EVP_CIPHER_meth_free(cipher);
615 des3_cbc_cipher = cipher;
617 return des3_cbc_cipher;
621 static EVP_CIPHER *des3_ecb_cipher = NULL;
622 static const EVP_CIPHER *cryptodev_3des_ecb(void)
624 if (des3_ecb_cipher == NULL) {
625 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_des_ede3_ecb, 8, 24);
628 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
629 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
630 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
631 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
632 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
633 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
635 dev_crypto_state))) {
636 EVP_CIPHER_meth_free(cipher);
639 des3_ecb_cipher = cipher;
641 return des3_ecb_cipher;
644 static EVP_CIPHER *bf_cbc_cipher = NULL;
645 static const EVP_CIPHER *cryptodev_bf_cbc(void)
647 if (bf_cbc_cipher == NULL) {
648 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16);
651 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
652 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
653 | EVP_CIPH_CUSTOM_COPY)
654 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
655 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
656 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
657 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
658 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
661 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
662 EVP_CIPHER_set_asn1_iv)
663 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
664 EVP_CIPHER_get_asn1_iv)) {
665 EVP_CIPHER_meth_free(cipher);
668 bf_cbc_cipher = cipher;
670 return bf_cbc_cipher;
673 static EVP_CIPHER *cast_cbc_cipher = NULL;
674 static const EVP_CIPHER *cryptodev_cast_cbc(void)
676 if (cast_cbc_cipher == NULL) {
677 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16);
680 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
681 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
682 | EVP_CIPH_CUSTOM_COPY)
683 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
684 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
685 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
686 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
687 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
690 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
691 EVP_CIPHER_set_asn1_iv)
692 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
693 EVP_CIPHER_get_asn1_iv)) {
694 EVP_CIPHER_meth_free(cipher);
697 cast_cbc_cipher = cipher;
699 return cast_cbc_cipher;
702 static EVP_CIPHER *aes_cbc_cipher = NULL;
703 static const EVP_CIPHER *cryptodev_aes_cbc(void)
705 if (aes_cbc_cipher == NULL) {
706 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16);
709 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
710 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
711 | EVP_CIPH_CUSTOM_COPY)
712 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
713 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
714 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
715 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
716 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
719 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
720 EVP_CIPHER_set_asn1_iv)
721 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
722 EVP_CIPHER_get_asn1_iv)) {
723 EVP_CIPHER_meth_free(cipher);
726 aes_cbc_cipher = cipher;
728 return aes_cbc_cipher;
731 static EVP_CIPHER *aes_192_cbc_cipher = NULL;
732 static const EVP_CIPHER *cryptodev_aes_192_cbc(void)
734 if (aes_192_cbc_cipher == NULL) {
735 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24);
738 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
739 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
740 | EVP_CIPH_CUSTOM_COPY)
741 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
742 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
743 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
744 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
745 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
748 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
749 EVP_CIPHER_set_asn1_iv)
750 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
751 EVP_CIPHER_get_asn1_iv)) {
752 EVP_CIPHER_meth_free(cipher);
755 aes_192_cbc_cipher = cipher;
757 return aes_192_cbc_cipher;
760 static EVP_CIPHER *aes_256_cbc_cipher = NULL;
761 static const EVP_CIPHER *cryptodev_aes_256_cbc(void)
763 if (aes_256_cbc_cipher == NULL) {
764 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32);
767 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
768 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE
769 | EVP_CIPH_CUSTOM_COPY)
770 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
771 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
772 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
773 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
774 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
777 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
778 EVP_CIPHER_set_asn1_iv)
779 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
780 EVP_CIPHER_get_asn1_iv)) {
781 EVP_CIPHER_meth_free(cipher);
784 aes_256_cbc_cipher = cipher;
786 return aes_256_cbc_cipher;
789 static EVP_CIPHER *aes_ctr_cipher = NULL;
790 static const EVP_CIPHER *cryptodev_aes_ctr(void)
792 if (aes_ctr_cipher == NULL) {
793 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16);
796 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
797 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE
798 | EVP_CIPH_CUSTOM_COPY)
799 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
800 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
801 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
802 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
803 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
806 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
807 EVP_CIPHER_set_asn1_iv)
808 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
809 EVP_CIPHER_get_asn1_iv)) {
810 EVP_CIPHER_meth_free(cipher);
813 aes_ctr_cipher = cipher;
815 return aes_ctr_cipher;
818 static EVP_CIPHER *aes_192_ctr_cipher = NULL;
819 static const EVP_CIPHER *cryptodev_aes_192_ctr(void)
821 if (aes_192_ctr_cipher == NULL) {
822 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24);
825 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
826 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE
827 | EVP_CIPH_CUSTOM_COPY)
828 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
829 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
830 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
831 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
832 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
835 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
836 EVP_CIPHER_set_asn1_iv)
837 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
838 EVP_CIPHER_get_asn1_iv)) {
839 EVP_CIPHER_meth_free(cipher);
842 aes_192_ctr_cipher = cipher;
844 return aes_192_ctr_cipher;
847 static EVP_CIPHER *aes_256_ctr_cipher = NULL;
848 static const EVP_CIPHER *cryptodev_aes_256_ctr(void)
850 if (aes_256_ctr_cipher == NULL) {
851 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32);
854 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
855 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE
856 | EVP_CIPH_CUSTOM_COPY)
857 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
858 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
859 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
860 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
861 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
864 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
865 EVP_CIPHER_set_asn1_iv)
866 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
867 EVP_CIPHER_get_asn1_iv)) {
868 EVP_CIPHER_meth_free(cipher);
871 aes_256_ctr_cipher = cipher;
873 return aes_256_ctr_cipher;
876 static EVP_CIPHER *aes_ecb_cipher = NULL;
877 static const EVP_CIPHER *cryptodev_aes_ecb(void)
879 if (aes_ecb_cipher == NULL) {
880 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_128_ecb, 16, 16);
883 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
884 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
885 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
886 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
887 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
888 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
891 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
892 EVP_CIPHER_set_asn1_iv)
893 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
894 EVP_CIPHER_get_asn1_iv)) {
895 EVP_CIPHER_meth_free(cipher);
898 aes_ecb_cipher = cipher;
900 return aes_ecb_cipher;
903 static EVP_CIPHER *aes_192_ecb_cipher = NULL;
904 static const EVP_CIPHER *cryptodev_aes_192_ecb(void)
906 if (aes_192_ecb_cipher == NULL) {
907 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_192_ecb, 16, 24);
910 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
911 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
912 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
913 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
914 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
915 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
918 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
919 EVP_CIPHER_set_asn1_iv)
920 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
921 EVP_CIPHER_get_asn1_iv)) {
922 EVP_CIPHER_meth_free(cipher);
925 aes_192_ecb_cipher = cipher;
927 return aes_192_ecb_cipher;
930 static EVP_CIPHER *aes_256_ecb_cipher = NULL;
931 static const EVP_CIPHER *cryptodev_aes_256_ecb(void)
933 if (aes_256_ecb_cipher == NULL) {
934 EVP_CIPHER *cipher = EVP_CIPHER_meth_new(NID_aes_256_ecb, 16, 32);
937 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_ECB_MODE)
938 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
939 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
940 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
941 || !EVP_CIPHER_meth_set_ctrl(cipher, cryptodev_cipher_ctrl)
942 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher,
945 || !EVP_CIPHER_meth_set_set_asn1_params(cipher,
946 EVP_CIPHER_set_asn1_iv)
947 || !EVP_CIPHER_meth_set_get_asn1_params(cipher,
948 EVP_CIPHER_get_asn1_iv)) {
949 EVP_CIPHER_meth_free(cipher);
952 aes_256_ecb_cipher = cipher;
954 return aes_256_ecb_cipher;
958 * Registered by the ENGINE when used to find out how to deal with
959 * a particular NID in the ENGINE. this says what we'll do at the
960 * top level - note, that list is restricted by what we answer with
963 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
964 const int **nids, int nid)
967 return (cryptodev_usable_ciphers(nids));
971 *cipher = cryptodev_rc4();
973 case NID_des_ede3_cbc:
974 *cipher = cryptodev_3des_cbc();
976 case NID_des_ede3_ecb:
977 *cipher = cryptodev_3des_ecb();
980 *cipher = cryptodev_des_cbc();
983 *cipher = cryptodev_bf_cbc();
986 *cipher = cryptodev_cast_cbc();
988 case NID_aes_128_cbc:
989 *cipher = cryptodev_aes_cbc();
991 case NID_aes_192_cbc:
992 *cipher = cryptodev_aes_192_cbc();
994 case NID_aes_256_cbc:
995 *cipher = cryptodev_aes_256_cbc();
997 case NID_aes_128_ctr:
998 *cipher = cryptodev_aes_ctr();
1000 case NID_aes_192_ctr:
1001 *cipher = cryptodev_aes_192_ctr();
1003 case NID_aes_256_ctr:
1004 *cipher = cryptodev_aes_256_ctr();
1006 case NID_aes_128_ecb:
1007 *cipher = cryptodev_aes_ecb();
1009 case NID_aes_192_ecb:
1010 *cipher = cryptodev_aes_192_ecb();
1012 case NID_aes_256_ecb:
1013 *cipher = cryptodev_aes_256_ecb();
1019 return (*cipher != NULL);
1022 # ifdef USE_CRYPTODEV_DIGESTS
1024 /* convert digest type to cryptodev */
1025 static int digest_nid_to_cryptodev(int nid)
1029 for (i = 0; digests[i].id; i++)
1030 if (digests[i].nid == nid)
1031 return (digests[i].id);
1035 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
1037 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1038 struct session_op *sess = &state->d_sess;
1041 if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) {
1042 printf("cryptodev_digest_init: Can't get digest \n");
1046 memset(state, 0, sizeof(*state));
1048 if ((state->d_fd = get_dev_crypto()) < 0) {
1049 printf("cryptodev_digest_init: Can't get Dev \n");
1053 sess->mackey = NULL;
1054 sess->mackeylen = 0;
1057 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
1058 put_dev_crypto(state->d_fd);
1060 printf("cryptodev_digest_init: Open session failed\n");
1067 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
1070 struct crypt_op cryp;
1071 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1072 struct session_op *sess = &state->d_sess;
1075 if (!data || state->d_fd < 0) {
1076 printf("cryptodev_digest_update: illegal inputs \n");
1084 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
1085 /* if application doesn't support one buffer */
1086 new_mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
1088 if (!new_mac_data) {
1089 printf("cryptodev_digest_update: realloc failed\n");
1092 state->mac_data = new_mac_data;
1094 memcpy(state->mac_data + state->mac_len, data, count);
1095 state->mac_len += count;
1100 memset(&cryp, 0, sizeof(cryp));
1102 cryp.ses = sess->ses;
1105 cryp.src = (void *)data;
1107 cryp.mac = (void *)state->digest_res;
1108 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1109 printf("cryptodev_digest_update: digest failed\n");
1115 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
1117 struct crypt_op cryp;
1118 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1119 struct session_op *sess = &state->d_sess;
1121 if (!md || state->d_fd < 0) {
1122 printf("cryptodev_digest_final: illegal input\n");
1126 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
1127 /* if application doesn't support one buffer */
1128 memset(&cryp, 0, sizeof(cryp));
1129 cryp.ses = sess->ses;
1131 cryp.len = state->mac_len;
1132 cryp.src = state->mac_data;
1134 cryp.mac = (void *)md;
1135 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1136 printf("cryptodev_digest_final: digest failed\n");
1143 memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx));
1148 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
1151 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
1152 struct session_op *sess = &state->d_sess;
1157 if (state->d_fd < 0) {
1158 printf("cryptodev_digest_cleanup: illegal input\n");
1162 OPENSSL_free(state->mac_data);
1163 state->mac_data = NULL;
1166 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1167 printf("cryptodev_digest_cleanup: failed to close session\n");
1172 put_dev_crypto(state->d_fd);
1178 static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
1180 struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from);
1181 struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to);
1182 struct session_op *sess;
1185 if (dstate == NULL || fstate == NULL)
1188 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1190 sess = &dstate->d_sess;
1192 digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to));
1194 sess->mackey = NULL;
1195 sess->mackeylen = 0;
1198 dstate->d_fd = get_dev_crypto();
1200 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
1201 put_dev_crypto(dstate->d_fd);
1203 printf("cryptodev_digest_copy: Open session failed\n");
1207 if (fstate->mac_len != 0) {
1208 if (fstate->mac_data != NULL) {
1209 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1210 if (dstate->mac_data == NULL) {
1211 printf("cryptodev_digest_copy: mac_data allocation failed\n");
1214 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1215 dstate->mac_len = fstate->mac_len;
1222 static EVP_MD *sha1_md = NULL;
1223 static const EVP_MD *cryptodev_sha1(void)
1225 if (sha1_md == NULL) {
1226 EVP_MD *md = EVP_MD_meth_new(NID_sha1, NID_undef);
1229 || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
1230 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1231 || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
1232 || !EVP_MD_meth_set_app_datasize(md,
1233 sizeof(struct dev_crypto_state))
1234 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1235 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1236 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1237 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1238 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1239 EVP_MD_meth_free(md);
1247 static EVP_MD *sha256_md = NULL;
1248 static const EVP_MD *cryptodev_sha256(void)
1250 if (sha256_md == NULL) {
1251 EVP_MD *md = EVP_MD_meth_new(NID_sha256, NID_undef);
1254 || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH)
1255 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1256 || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
1257 || !EVP_MD_meth_set_app_datasize(md,
1258 sizeof(struct dev_crypto_state))
1259 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1260 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1261 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1262 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1263 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1264 EVP_MD_meth_free(md);
1272 static EVP_MD *sha224_md = NULL;
1273 static const EVP_MD *cryptodev_sha224(void)
1275 if (sha224_md == NULL) {
1276 EVP_MD *md = EVP_MD_meth_new(NID_sha224, NID_undef);
1279 || !EVP_MD_meth_set_result_size(md, SHA224_DIGEST_LENGTH)
1280 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1281 || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK)
1282 || !EVP_MD_meth_set_app_datasize(md,
1283 sizeof(struct dev_crypto_state))
1284 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1285 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1286 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1287 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1288 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1289 EVP_MD_meth_free(md);
1297 static EVP_MD *sha384_md = NULL;
1298 static const EVP_MD *cryptodev_sha384(void)
1300 if (sha384_md == NULL) {
1301 EVP_MD *md = EVP_MD_meth_new(NID_sha384, NID_undef);
1304 || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH)
1305 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1306 || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
1307 || !EVP_MD_meth_set_app_datasize(md,
1308 sizeof(struct dev_crypto_state))
1309 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1310 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1311 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1312 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1313 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1314 EVP_MD_meth_free(md);
1322 static EVP_MD *sha512_md = NULL;
1323 static const EVP_MD *cryptodev_sha512(void)
1325 if (sha512_md == NULL) {
1326 EVP_MD *md = EVP_MD_meth_new(NID_sha512, NID_undef);
1329 || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH)
1330 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1331 || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK)
1332 || !EVP_MD_meth_set_app_datasize(md,
1333 sizeof(struct dev_crypto_state))
1334 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1335 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1336 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1337 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1338 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1339 EVP_MD_meth_free(md);
1347 static EVP_MD *md5_md = NULL;
1348 static const EVP_MD *cryptodev_md5(void)
1350 if (md5_md == NULL) {
1351 EVP_MD *md = EVP_MD_meth_new(NID_md5, NID_undef);
1354 || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */ )
1355 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1356 || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */ )
1357 || !EVP_MD_meth_set_app_datasize(md,
1358 sizeof(struct dev_crypto_state))
1359 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1360 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1361 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1362 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1363 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1364 EVP_MD_meth_free(md);
1372 # endif /* USE_CRYPTODEV_DIGESTS */
1375 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
1376 const int **nids, int nid)
1379 return (cryptodev_usable_digests(nids));
1382 # ifdef USE_CRYPTODEV_DIGESTS
1384 *digest = cryptodev_md5();
1387 *digest = cryptodev_sha1();
1390 *digest = cryptodev_sha256();
1393 *digest = cryptodev_sha224();
1396 *digest = cryptodev_sha384();
1399 *digest = cryptodev_sha512();
1402 # endif /* USE_CRYPTODEV_DIGESTS */
1406 return (*digest != NULL);
1409 static int cryptodev_engine_destroy(ENGINE *e)
1411 EVP_CIPHER_meth_free(rc4_cipher);
1413 EVP_CIPHER_meth_free(des_cbc_cipher);
1414 des_cbc_cipher = NULL;
1415 EVP_CIPHER_meth_free(des3_cbc_cipher);
1416 des3_cbc_cipher = NULL;
1417 EVP_CIPHER_meth_free(des3_ecb_cipher);
1418 des3_ecb_cipher = NULL;
1419 EVP_CIPHER_meth_free(bf_cbc_cipher);
1420 bf_cbc_cipher = NULL;
1421 EVP_CIPHER_meth_free(cast_cbc_cipher);
1422 cast_cbc_cipher = NULL;
1423 EVP_CIPHER_meth_free(aes_cbc_cipher);
1424 aes_cbc_cipher = NULL;
1425 EVP_CIPHER_meth_free(aes_192_cbc_cipher);
1426 aes_192_cbc_cipher = NULL;
1427 EVP_CIPHER_meth_free(aes_256_cbc_cipher);
1428 aes_256_cbc_cipher = NULL;
1429 EVP_CIPHER_meth_free(aes_ctr_cipher);
1430 aes_ctr_cipher = NULL;
1431 EVP_CIPHER_meth_free(aes_192_ctr_cipher);
1432 aes_192_ctr_cipher = NULL;
1433 EVP_CIPHER_meth_free(aes_256_ctr_cipher);
1434 aes_256_ctr_cipher = NULL;
1435 EVP_CIPHER_meth_free(aes_ecb_cipher);
1436 aes_ecb_cipher = NULL;
1437 EVP_CIPHER_meth_free(aes_192_ecb_cipher);
1438 aes_192_ecb_cipher = NULL;
1439 EVP_CIPHER_meth_free(aes_256_ecb_cipher);
1440 aes_256_ecb_cipher = NULL;
1441 # ifdef USE_CRYPTODEV_DIGESTS
1442 EVP_MD_meth_free(sha1_md);
1444 EVP_MD_meth_free(sha256_md);
1446 EVP_MD_meth_free(sha224_md);
1448 EVP_MD_meth_free(sha384_md);
1450 EVP_MD_meth_free(sha512_md);
1452 EVP_MD_meth_free(md5_md);
1455 RSA_meth_free(cryptodev_rsa);
1456 cryptodev_rsa = NULL;
1457 # ifndef OPENSSL_NO_DSA
1458 DSA_meth_free(cryptodev_dsa);
1459 cryptodev_dsa = NULL;
1461 # ifndef OPENSSL_NO_DH
1462 DH_meth_free(cryptodev_dh);
1463 cryptodev_dh = NULL;
1469 * Convert a BIGNUM to the representation that /dev/crypto needs.
1470 * Upon completion of use, the caller is responsible for freeing
1473 static int bn2crparam(const BIGNUM *a, struct crparam *crp)
1475 ssize_t bytes, bits;
1481 bits = BN_num_bits(a);
1482 bytes = BN_num_bytes(a);
1484 b = OPENSSL_zalloc(bytes);
1488 crp->crp_p = (void *)b;
1489 crp->crp_nbits = bits;
1495 /* Convert a /dev/crypto parameter to a BIGNUM */
1496 static int crparam2bn(struct crparam *crp, BIGNUM *a)
1501 bytes = (crp->crp_nbits + 7) / 8;
1506 if ((pd = OPENSSL_malloc(bytes)) == NULL)
1509 for (i = 0; i < bytes; i++)
1510 pd[i] = crp->crp_p[bytes - i - 1];
1512 BN_bin2bn(pd, bytes, a);
1518 static void zapparams(struct crypt_kop *kop)
1522 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1523 OPENSSL_free(kop->crk_param[i].crp_p);
1524 kop->crk_param[i].crp_p = NULL;
1525 kop->crk_param[i].crp_nbits = 0;
1530 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
1534 if ((fd = get_asym_dev_crypto()) < 0)
1538 kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen);
1539 if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
1541 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
1545 kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_zalloc(slen);
1546 /* No need to free the kop->crk_iparams parameter if it was allocated,
1547 * callers of this routine have to free allocated parameters through
1548 * zapparams both in case of success and failure
1550 if (kop->crk_param[kop->crk_iparams + 1].crp_p == NULL)
1552 kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
1556 if (ioctl(fd, CIOCKEY, kop) == 0) {
1558 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
1560 crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
1568 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1569 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
1571 struct crypt_kop kop;
1575 * Currently, we know we can do mod exp iff we can do any asymmetric
1576 * operations at all.
1578 if (cryptodev_asymfeat == 0) {
1579 ret = BN_mod_exp(r, a, p, m, ctx);
1583 memset(&kop, 0, sizeof(kop));
1584 kop.crk_op = CRK_MOD_EXP;
1586 /* inputs: a^p % m */
1587 if (bn2crparam(a, &kop.crk_param[0]))
1589 if (bn2crparam(p, &kop.crk_param[1]))
1591 if (bn2crparam(m, &kop.crk_param[2]))
1593 kop.crk_iparams = 3;
1595 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
1596 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1597 printf("OCF asym process failed, Running in software\n");
1598 ret = RSA_meth_get_bn_mod_exp(meth) (r, a, p, m, ctx, in_mont);
1600 } else if (ECANCELED == kop.crk_status) {
1601 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1602 printf("OCF hardware operation cancelled. Running in Software\n");
1603 ret = RSA_meth_get_bn_mod_exp(meth) (r, a, p, m, ctx, in_mont);
1605 /* else cryptodev operation worked ok ==> ret = 1 */
1613 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1616 const BIGNUM *n = NULL;
1617 const BIGNUM *d = NULL;
1620 RSA_get0_key(rsa, &n, NULL, &d);
1621 r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL);
1627 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1629 struct crypt_kop kop;
1631 const BIGNUM *p = NULL;
1632 const BIGNUM *q = NULL;
1633 const BIGNUM *dmp1 = NULL;
1634 const BIGNUM *dmq1 = NULL;
1635 const BIGNUM *iqmp = NULL;
1636 const BIGNUM *n = NULL;
1638 RSA_get0_factors(rsa, &p, &q);
1639 RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
1640 RSA_get0_key(rsa, &n, NULL, NULL);
1642 if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
1643 /* XXX 0 means failure?? */
1647 memset(&kop, 0, sizeof(kop));
1648 kop.crk_op = CRK_MOD_EXP_CRT;
1649 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1650 if (bn2crparam(p, &kop.crk_param[0]))
1652 if (bn2crparam(q, &kop.crk_param[1]))
1654 if (bn2crparam(I, &kop.crk_param[2]))
1656 if (bn2crparam(dmp1, &kop.crk_param[3]))
1658 if (bn2crparam(dmq1, &kop.crk_param[4]))
1660 if (bn2crparam(iqmp, &kop.crk_param[5]))
1662 kop.crk_iparams = 6;
1664 if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) {
1665 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1666 printf("OCF asym process failed, running in Software\n");
1667 ret = RSA_meth_get_mod_exp(meth) (r0, I, rsa, ctx);
1669 } else if (ECANCELED == kop.crk_status) {
1670 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1671 printf("OCF hardware operation cancelled. Running in Software\n");
1672 ret = RSA_meth_get_mod_exp(meth) (r0, I, rsa, ctx);
1674 /* else cryptodev operation worked ok ==> ret = 1 */
1681 # ifndef OPENSSL_NO_DSA
1683 cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1684 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1686 return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx);
1690 cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g,
1691 const BIGNUM *u1, const BIGNUM *pub_key,
1692 const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx,
1695 const BIGNUM *dsag, *dsap, *dsapub_key;
1698 const DSA_METHOD *meth;
1699 int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
1700 const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
1706 /* v = ( g^u1 * y^u2 mod p ) mod q */
1707 /* let t1 = g ^ u1 mod p */
1710 DSA_get0_pqg(dsa, &dsap, NULL, &dsag);
1711 DSA_get0_key(dsa, &dsapub_key, NULL);
1713 meth = DSA_get_method(dsa);
1716 bn_mod_exp = DSA_meth_get_bn_mod_exp(meth);
1717 if (bn_mod_exp == NULL)
1720 if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont))
1723 /* let t2 = y ^ u2 mod p */
1724 if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont))
1726 /* let t1 = t1 * t2 mod p */
1727 if (!BN_mod_mul(t1, t1, t2, dsap, ctx))
1736 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
1739 struct crypt_kop kop;
1741 const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL;
1742 const BIGNUM *priv_key = NULL;
1743 DSA_SIG *dsasig, *dsaret = NULL;
1745 dsasig = DSA_SIG_new();
1749 memset(&kop, 0, sizeof(kop));
1750 kop.crk_op = CRK_DSA_SIGN;
1752 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1753 kop.crk_param[0].crp_p = (void *)dgst;
1754 kop.crk_param[0].crp_nbits = dlen * 8;
1755 DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag);
1756 DSA_get0_key(dsa, NULL, &priv_key);
1757 if (bn2crparam(dsap, &kop.crk_param[1]))
1759 if (bn2crparam(dsaq, &kop.crk_param[2]))
1761 if (bn2crparam(dsag, &kop.crk_param[3]))
1763 if (bn2crparam(priv_key, &kop.crk_param[4]))
1765 kop.crk_iparams = 5;
1773 if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r, BN_num_bytes(dsaq), s) == 0) {
1774 DSA_SIG_set0(dsasig, r, s);
1777 dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa);
1780 if (dsaret != dsasig)
1781 DSA_SIG_free(dsasig);
1782 kop.crk_param[0].crp_p = NULL;
1788 cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
1789 DSA_SIG *sig, DSA *dsa)
1791 struct crypt_kop kop;
1793 const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
1795 memset(&kop, 0, sizeof(kop));
1796 kop.crk_op = CRK_DSA_VERIFY;
1798 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1799 kop.crk_param[0].crp_p = (void *)dgst;
1800 kop.crk_param[0].crp_nbits = dlen * 8;
1801 DSA_get0_pqg(dsa, &p, &q, &g);
1802 if (bn2crparam(p, &kop.crk_param[1]))
1804 if (bn2crparam(q, &kop.crk_param[2]))
1806 if (bn2crparam(g, &kop.crk_param[3]))
1808 DSA_get0_key(dsa, &pub_key, NULL);
1809 if (bn2crparam(pub_key, &kop.crk_param[4]))
1811 DSA_SIG_get0(sig, &pr, &ps);
1812 if (bn2crparam(pr, &kop.crk_param[5]))
1814 if (bn2crparam(ps, &kop.crk_param[6]))
1816 kop.crk_iparams = 7;
1818 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1820 * OCF success value is 0, if not zero, change dsaret to fail
1822 if (0 != kop.crk_status)
1825 dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa);
1828 kop.crk_param[0].crp_p = NULL;
1834 # ifndef OPENSSL_NO_DH
1836 cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
1837 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1840 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1844 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1846 struct crypt_kop kop;
1849 const BIGNUM *p = NULL;
1850 const BIGNUM *priv_key = NULL;
1852 if ((fd = get_asym_dev_crypto()) < 0) {
1853 const DH_METHOD *meth = DH_OpenSSL();
1855 return DH_meth_get_compute_key(meth) (key, pub_key, dh);
1858 DH_get0_pqg(dh, &p, NULL, NULL);
1859 DH_get0_key(dh, NULL, &priv_key);
1861 keylen = BN_num_bits(p);
1863 memset(&kop, 0, sizeof(kop));
1864 kop.crk_op = CRK_DH_COMPUTE_KEY;
1866 /* inputs: dh->priv_key pub_key dh->p key */
1867 if (bn2crparam(priv_key, &kop.crk_param[0]))
1869 if (bn2crparam(pub_key, &kop.crk_param[1]))
1871 if (bn2crparam(p, &kop.crk_param[2]))
1873 kop.crk_iparams = 3;
1875 kop.crk_param[3].crp_p = (void *)key;
1876 kop.crk_param[3].crp_nbits = keylen;
1877 kop.crk_oparams = 1;
1879 if (ioctl(fd, CIOCKEY, &kop) == -1) {
1880 const DH_METHOD *meth = DH_OpenSSL();
1882 dhret = DH_meth_get_compute_key(meth) (key, pub_key, dh);
1885 kop.crk_param[3].crp_p = NULL;
1890 # endif /* ndef OPENSSL_NO_DH */
1893 * ctrl right now is just a wrapper that doesn't do much
1894 * but I expect we'll want some options soon.
1896 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
1898 # ifdef HAVE_SYSLOG_R
1899 struct syslog_data sd = SYSLOG_DATA_INIT;
1904 # ifdef HAVE_SYSLOG_R
1905 syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
1907 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1914 void engine_load_cryptodev_int(void)
1916 ENGINE *engine = ENGINE_new();
1921 if ((fd = get_dev_crypto()) < 0) {
1922 ENGINE_free(engine);
1927 * find out what asymmetric crypto algorithms we support
1929 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1931 ENGINE_free(engine);
1936 if (!ENGINE_set_id(engine, "cryptodev") ||
1937 !ENGINE_set_name(engine, "cryptodev engine") ||
1938 !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
1939 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1940 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1941 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1942 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1943 ENGINE_free(engine);
1947 cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL());
1948 if (cryptodev_rsa != NULL) {
1949 RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method");
1950 RSA_meth_set_flags(cryptodev_rsa, 0);
1951 if (ENGINE_set_RSA(engine, cryptodev_rsa)) {
1952 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1953 RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp);
1954 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1955 RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp);
1957 RSA_meth_set_mod_exp(cryptodev_rsa,
1958 cryptodev_rsa_nocrt_mod_exp);
1962 ENGINE_free(engine);
1966 # ifndef OPENSSL_NO_DSA
1967 cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL());
1968 if (cryptodev_dsa != NULL) {
1969 DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method");
1970 DSA_meth_set_flags(cryptodev_dsa, 0);
1971 if (ENGINE_set_DSA(engine, cryptodev_dsa)) {
1972 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1973 DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign);
1974 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1975 DSA_meth_set_bn_mod_exp(cryptodev_dsa,
1976 cryptodev_dsa_bn_mod_exp);
1977 DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp);
1979 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1980 DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify);
1983 ENGINE_free(engine);
1988 # ifndef OPENSSL_NO_DH
1989 cryptodev_dh = DH_meth_dup(DH_OpenSSL());
1990 if (cryptodev_dh != NULL) {
1991 DH_meth_set1_name(cryptodev_dh, "cryptodev DH method");
1992 DH_meth_set_flags(cryptodev_dh, 0);
1993 if (ENGINE_set_DH(engine, cryptodev_dh)) {
1994 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1995 DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh);
1996 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1997 DH_meth_set_compute_key(cryptodev_dh,
1998 cryptodev_dh_compute_key);
2002 ENGINE_free(engine);
2008 ENGINE_free(engine);
2012 #endif /* HAVE_CRYPTODEV */