2 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
3 * Copyright (c) 2002 Theo de Raadt
4 * Copyright (c) 2002 Markus Friedl
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
17 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #include <openssl/objects.h>
30 #include <internal/engine.h>
31 #include <openssl/evp.h>
32 #include <openssl/bn.h>
33 #include <openssl/crypto.h>
35 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
36 (defined(OpenBSD) || defined(__FreeBSD__))
37 # include <sys/param.h>
38 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
39 # define HAVE_CRYPTODEV
41 # if (OpenBSD >= 200110)
42 # define HAVE_SYSLOG_R
46 #include <sys/types.h>
48 # include <crypto/cryptodev.h>
49 # include <sys/ioctl.h>
60 # include <openssl/dh.h>
62 #include <openssl/dsa.h>
63 #include <openssl/err.h>
64 #include <openssl/rsa.h>
66 #ifndef HAVE_CRYPTODEV
68 void engine_load_cryptodev_internal(void)
70 /* This is a NOP on platforms without /dev/crypto */
76 struct dev_crypto_state {
77 struct session_op d_sess;
79 # ifdef USE_CRYPTODEV_DIGESTS
80 char dummy_mac_key[HASH_MAX_LEN];
81 unsigned char digest_res[HASH_MAX_LEN];
87 static u_int32_t cryptodev_asymfeat = 0;
89 static int get_asym_dev_crypto(void);
90 static int open_dev_crypto(void);
91 static int get_dev_crypto(void);
92 static int get_cryptodev_ciphers(const int **cnids);
93 # ifdef USE_CRYPTODEV_DIGESTS
94 static int get_cryptodev_digests(const int **cnids);
96 static int cryptodev_usable_ciphers(const int **nids);
97 static int cryptodev_usable_digests(const int **nids);
98 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
99 const unsigned char *in, size_t inl);
100 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
101 const unsigned char *iv, int enc);
102 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
103 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
104 const int **nids, int nid);
105 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
106 const int **nids, int nid);
107 static int bn2crparam(const BIGNUM *a, struct crparam *crp);
108 static int crparam2bn(struct crparam *crp, BIGNUM *a);
109 static void zapparams(struct crypt_kop *kop);
110 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
111 int slen, BIGNUM *s);
113 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
114 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
116 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
118 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
120 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
121 const BIGNUM *p, const BIGNUM *m,
122 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
123 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
124 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
125 BIGNUM *p, BN_CTX *ctx,
127 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
129 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
130 DSA_SIG *sig, DSA *dsa);
131 #ifndef OPENSSL_NO_DH
132 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
133 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
135 static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
138 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
140 void engine_load_cryptodev_internal(void);
142 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
153 CRYPTO_ARC4, NID_rc4, 0, 16,
156 CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
159 CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
162 CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
165 CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
168 CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
170 # ifdef CRYPTO_AES_CTR
172 CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16,
175 CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24,
178 CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32,
182 CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
185 CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
188 CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
195 # ifdef USE_CRYPTODEV_DIGESTS
202 CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
205 CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
208 CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
212 CRYPTO_MD5_KPDK, NID_undef, 0
215 CRYPTO_SHA1_KPDK, NID_undef, 0
218 CRYPTO_MD5, NID_md5, 16
221 CRYPTO_SHA1, NID_sha1, 20
230 * Return a fd if /dev/crypto seems usable, 0 otherwise.
232 static int open_dev_crypto(void)
237 if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
240 if (fcntl(fd, F_SETFD, 1) == -1) {
249 static int get_dev_crypto(void)
253 if ((fd = open_dev_crypto()) == -1)
255 # ifndef CRIOGET_NOT_NEEDED
256 if (ioctl(fd, CRIOGET, &retfd) == -1)
260 if (fcntl(retfd, F_SETFD, 1) == -1) {
270 static void put_dev_crypto(int fd)
272 # ifndef CRIOGET_NOT_NEEDED
277 /* Caching version for asym operations */
278 static int get_asym_dev_crypto(void)
283 fd = get_dev_crypto();
288 * Find out what ciphers /dev/crypto will let us have a session for.
289 * XXX note, that some of these openssl doesn't deal with yet!
290 * returning them here is harmless, as long as we return NULL
291 * when asked for a handler in the cryptodev_engine_ciphers routine
293 static int get_cryptodev_ciphers(const int **cnids)
295 static int nids[CRYPTO_ALGORITHM_MAX];
296 struct session_op sess;
297 int fd, i, count = 0;
299 if ((fd = get_dev_crypto()) < 0) {
303 memset(&sess, 0, sizeof(sess));
304 sess.key = (caddr_t) "123456789abcdefghijklmno";
306 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
307 if (ciphers[i].nid == NID_undef)
309 sess.cipher = ciphers[i].id;
310 sess.keylen = ciphers[i].keylen;
312 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
313 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
314 nids[count++] = ciphers[i].nid;
325 # ifdef USE_CRYPTODEV_DIGESTS
327 * Find out what digests /dev/crypto will let us have a session for.
328 * XXX note, that some of these openssl doesn't deal with yet!
329 * returning them here is harmless, as long as we return NULL
330 * when asked for a handler in the cryptodev_engine_digests routine
332 static int get_cryptodev_digests(const int **cnids)
334 static int nids[CRYPTO_ALGORITHM_MAX];
335 struct session_op sess;
336 int fd, i, count = 0;
338 if ((fd = get_dev_crypto()) < 0) {
342 memset(&sess, 0, sizeof(sess));
343 sess.mackey = (caddr_t) "123456789abcdefghijklmno";
344 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
345 if (digests[i].nid == NID_undef)
347 sess.mac = digests[i].id;
348 sess.mackeylen = digests[i].keylen;
350 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
351 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
352 nids[count++] = digests[i].nid;
365 * Find the useable ciphers|digests from dev/crypto - this is the first
366 * thing called by the engine init crud which determines what it
367 * can use for ciphers from this engine. We want to return
368 * only what we can do, anything else is handled by software.
370 * If we can't initialize the device to do anything useful for
371 * any reason, we want to return a NULL array, and 0 length,
372 * which forces everything to be done is software. By putting
373 * the initialization of the device in here, we ensure we can
374 * use this engine as the default, and if for whatever reason
375 * /dev/crypto won't do what we want it will just be done in
378 * This can (should) be greatly expanded to perhaps take into
379 * account speed of the device, and what we want to do.
380 * (although the disabling of particular alg's could be controlled
381 * by the device driver with sysctl's.) - this is where we
382 * want most of the decisions made about what we actually want
383 * to use from /dev/crypto.
385 static int cryptodev_usable_ciphers(const int **nids)
387 return (get_cryptodev_ciphers(nids));
390 static int cryptodev_usable_digests(const int **nids)
392 # ifdef USE_CRYPTODEV_DIGESTS
393 return (get_cryptodev_digests(nids));
396 * XXXX just disable all digests for now, because it sucks.
397 * we need a better way to decide this - i.e. I may not
398 * want digests on slow cards like hifn on fast machines,
399 * but might want them on slow or loaded machines, etc.
400 * will also want them when using crypto cards that don't
401 * suck moose gonads - would be nice to be able to decide something
402 * as reasonable default without having hackery that's card dependent.
403 * of course, the default should probably be just do everything,
404 * with perhaps a sysctl to turn algorithms off (or have them off
405 * by default) on cards that generally suck like the hifn.
413 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
414 const unsigned char *in, size_t inl)
416 struct crypt_op cryp;
417 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
418 struct session_op *sess = &state->d_sess;
420 unsigned char save_iv[EVP_MAX_IV_LENGTH];
426 if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0)
429 memset(&cryp, 0, sizeof(cryp));
431 cryp.ses = sess->ses;
434 cryp.src = (caddr_t) in;
435 cryp.dst = (caddr_t) out;
438 cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
440 if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
441 cryp.iv = *(caddr_t*) EVP_CIPHER_CTX_iv(ctx);
442 if (!EVP_CIPHER_CTX_encrypting(ctx)) {
443 iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
444 memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
449 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
451 * XXX need better error handling this can fail for a number of
457 if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
458 if (EVP_CIPHER_CTX_encrypting(ctx))
459 iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
462 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
463 EVP_CIPHER_CTX_iv_length(ctx));
469 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
470 const unsigned char *iv, int enc)
472 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
473 struct session_op *sess = &state->d_sess;
476 for (i = 0; ciphers[i].id; i++)
477 if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid &&
478 EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax &&
479 EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) {
480 cipher = ciphers[i].id;
484 if (!ciphers[i].id) {
489 memset(sess, 0, sizeof(*sess));
491 if ((state->d_fd = get_dev_crypto()) < 0)
494 sess->key = (caddr_t) key;
495 sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
496 sess->cipher = cipher;
498 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
499 put_dev_crypto(state->d_fd);
507 * free anything we allocated earlier when initing a
508 * session, and close the session.
510 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
513 struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
514 struct session_op *sess = &state->d_sess;
520 * XXX if this ioctl fails, something's wrong. the invoker may have called
521 * us with a bogus ctx, or we could have a device that for whatever
522 * reason just doesn't want to play ball - it's not clear what's right
523 * here - should this be an error? should it just increase a counter,
524 * hmm. For right now, we return 0 - I don't believe that to be "right".
525 * we could call the gorpy openssl lib error handlers that print messages
526 * to users of the library. hmm..
529 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
534 put_dev_crypto(state->d_fd);
541 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
542 * gets called when libcrypto requests a cipher NID.
546 static EVP_CIPHER *rc4_cipher = NULL;
547 static const EVP_CIPHER *cryptodev_rc4(void)
549 if (rc4_cipher == NULL) {
552 if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16)) == NULL
553 || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
554 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
555 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
556 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
557 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
558 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))) {
559 EVP_CIPHER_meth_free(cipher);
568 static EVP_CIPHER *des_cbc_cipher = NULL;
569 static const EVP_CIPHER *cryptodev_des_cbc(void)
571 if (des_cbc_cipher == NULL) {
574 if ((cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8)) == NULL
575 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
576 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
577 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
578 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
579 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
580 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
581 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
582 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
583 EVP_CIPHER_meth_free(cipher);
586 des_cbc_cipher = cipher;
588 return des_cbc_cipher;
592 static EVP_CIPHER *des3_cbc_cipher = NULL;
593 static const EVP_CIPHER *cryptodev_3des_cbc(void)
595 if (des3_cbc_cipher == NULL) {
598 if ((cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24)) == NULL
599 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
600 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
601 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
602 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
603 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
604 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
605 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
606 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
607 EVP_CIPHER_meth_free(cipher);
610 des3_cbc_cipher = cipher;
612 return des3_cbc_cipher;
615 static EVP_CIPHER *bf_cbc_cipher = NULL;
616 static const EVP_CIPHER *cryptodev_bf_cbc(void)
618 if (bf_cbc_cipher == NULL) {
621 if ((cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16)) == NULL
622 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
623 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
624 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
625 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
626 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
627 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
628 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
629 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
630 EVP_CIPHER_meth_free(cipher);
633 bf_cbc_cipher = cipher;
635 return bf_cbc_cipher;
638 static EVP_CIPHER *cast_cbc_cipher = NULL;
639 static const EVP_CIPHER *cryptodev_cast_cbc(void)
641 if (cast_cbc_cipher == NULL) {
644 if ((cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16)) == NULL
645 || !EVP_CIPHER_meth_set_iv_length(cipher, 8)
646 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
647 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
648 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
649 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
650 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
651 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
652 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
653 EVP_CIPHER_meth_free(cipher);
656 cast_cbc_cipher = cipher;
658 return cast_cbc_cipher;
661 static EVP_CIPHER *aes_cbc_cipher = NULL;
662 static const EVP_CIPHER *cryptodev_aes_cbc(void)
664 if (aes_cbc_cipher == NULL) {
667 if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16)) == NULL
668 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
669 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
670 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
671 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
672 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
673 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
674 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
675 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
676 EVP_CIPHER_meth_free(cipher);
679 aes_cbc_cipher = cipher;
681 return aes_cbc_cipher;
684 static EVP_CIPHER *aes_192_cbc_cipher = NULL;
685 static const EVP_CIPHER *cryptodev_aes_192_cbc(void)
687 if (aes_192_cbc_cipher == NULL) {
690 if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24)) == NULL
691 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
692 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
693 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
694 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
695 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
696 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
697 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
698 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
699 EVP_CIPHER_meth_free(cipher);
702 aes_192_cbc_cipher = cipher;
704 return aes_192_cbc_cipher;
707 static EVP_CIPHER *aes_256_cbc_cipher = NULL;
708 static const EVP_CIPHER *cryptodev_aes_256_cbc(void)
710 if (aes_256_cbc_cipher == NULL) {
713 if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32)) == NULL
714 || !EVP_CIPHER_meth_set_iv_length(cipher, 16)
715 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE)
716 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
717 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
718 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
719 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
720 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
721 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
722 EVP_CIPHER_meth_free(cipher);
725 aes_256_cbc_cipher = cipher;
727 return aes_256_cbc_cipher;
730 # ifdef CRYPTO_AES_CTR
731 static EVP_CIPHER *aes_ctr_cipher = NULL;
732 static const EVP_CIPHER *cryptodev_aes_ctr(void)
734 if (aes_ctr_cipher == NULL) {
737 if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16)) == NULL
738 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
739 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
740 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
741 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
742 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
743 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
744 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
745 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
746 EVP_CIPHER_meth_free(cipher);
749 aes_ctr_cipher = cipher;
751 return aes_ctr_cipher;
754 static EVP_CIPHER *aes_192_ctr_cipher = NULL;
755 static const EVP_CIPHER *cryptodev_aes_192_ctr(void)
757 if (aes_192_ctr_cipher == NULL) {
760 if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24)) == NULL
761 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
762 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
763 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
764 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
765 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
766 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
767 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
768 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
769 EVP_CIPHER_meth_free(cipher);
772 aes_192_ctr_cipher = cipher;
774 return aes_192_ctr_cipher;
777 static EVP_CIPHER *aes_256_ctr_cipher = NULL;
778 static const EVP_CIPHER *cryptodev_aes_256_ctr(void)
780 if (aes_256_ctr_cipher == NULL) {
783 if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32)) == NULL
784 || !EVP_CIPHER_meth_set_iv_length(cipher, 14)
785 || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE)
786 || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key)
787 || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher)
788 || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup)
789 || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))
790 || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv)
791 || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) {
792 EVP_CIPHER_meth_free(cipher);
795 aes_256_ctr_cipher = cipher;
797 return aes_256_ctr_cipher;
801 * Registered by the ENGINE when used to find out how to deal with
802 * a particular NID in the ENGINE. this says what we'll do at the
803 * top level - note, that list is restricted by what we answer with
806 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
807 const int **nids, int nid)
810 return (cryptodev_usable_ciphers(nids));
814 *cipher = cryptodev_rc4();
816 case NID_des_ede3_cbc:
817 *cipher = cryptodev_3des_cbc();
820 *cipher = cryptodev_des_cbc();
823 *cipher = cryptodev_bf_cbc();
826 *cipher = cryptodev_cast_cbc();
828 case NID_aes_128_cbc:
829 *cipher = cryptodev_aes_cbc();
831 case NID_aes_192_cbc:
832 *cipher = cryptodev_aes_192_cbc();
834 case NID_aes_256_cbc:
835 *cipher = cryptodev_aes_256_cbc();
837 # ifdef CRYPTO_AES_CTR
838 case NID_aes_128_ctr:
839 *cipher = cryptodev_aes_ctr();
841 case NID_aes_192_ctr:
842 *cipher = cryptodev_aes_ctr_192();
844 case NID_aes_256_ctr:
845 *cipher = cryptodev_aes_ctr_256();
852 return (*cipher != NULL);
855 # ifdef USE_CRYPTODEV_DIGESTS
857 /* convert digest type to cryptodev */
858 static int digest_nid_to_cryptodev(int nid)
862 for (i = 0; digests[i].id; i++)
863 if (digests[i].nid == nid)
864 return (digests[i].id);
868 static int digest_key_length(int nid)
872 for (i = 0; digests[i].id; i++)
873 if (digests[i].nid == nid)
874 return digests[i].keylen;
878 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
880 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
881 struct session_op *sess = &state->d_sess;
884 if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) {
885 printf("cryptodev_digest_init: Can't get digest \n");
889 memset(state, 0, sizeof(*state));
891 if ((state->d_fd = get_dev_crypto()) < 0) {
892 printf("cryptodev_digest_init: Can't get Dev \n");
896 sess->mackey = state->dummy_mac_key;
897 sess->mackeylen = digest_key_length(EVP_MD_CTX_type(ctx));
900 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
901 put_dev_crypto(state->d_fd);
903 printf("cryptodev_digest_init: Open session failed\n");
910 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
913 struct crypt_op cryp;
914 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
915 struct session_op *sess = &state->d_sess;
918 if (!data || state->d_fd < 0) {
919 printf("cryptodev_digest_update: illegal inputs \n");
927 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
928 /* if application doesn't support one buffer */
930 OPENSSL_realloc(state->mac_data, state->mac_len + count);
933 printf("cryptodev_digest_update: realloc failed\n");
936 state->mac_data = new_mac_data;
938 memcpy(state->mac_data + state->mac_len, data, count);
939 state->mac_len += count;
944 memset(&cryp, 0, sizeof(cryp));
946 cryp.ses = sess->ses;
949 cryp.src = (caddr_t) data;
951 cryp.mac = (caddr_t) state->digest_res;
952 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
953 printf("cryptodev_digest_update: digest failed\n");
959 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
961 struct crypt_op cryp;
962 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
963 struct session_op *sess = &state->d_sess;
967 if (!md || state->d_fd < 0) {
968 printf("cryptodev_digest_final: illegal input\n");
972 if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
973 /* if application doesn't support one buffer */
974 memset(&cryp, 0, sizeof(cryp));
975 cryp.ses = sess->ses;
977 cryp.len = state->mac_len;
978 cryp.src = state->mac_data;
980 cryp.mac = (caddr_t) md;
981 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
982 printf("cryptodev_digest_final: digest failed\n");
989 memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx));
994 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
997 struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx);
998 struct session_op *sess = &state->d_sess;
1003 if (state->d_fd < 0) {
1004 printf("cryptodev_digest_cleanup: illegal input\n");
1008 OPENSSL_free(state->mac_data);
1009 state->mac_data = NULL;
1012 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1013 printf("cryptodev_digest_cleanup: failed to close session\n");
1018 put_dev_crypto(state->d_fd);
1024 static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
1026 struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from);
1027 struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to);
1028 struct session_op *sess;
1031 if (dstate == NULL || fstate == NULL)
1034 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1036 sess = &dstate->d_sess;
1038 digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to));
1040 sess->mackey = dstate->dummy_mac_key;
1041 sess->mackeylen = digest_key_length(EVP_MD_CTX_type(to));
1044 dstate->d_fd = get_dev_crypto();
1046 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
1047 put_dev_crypto(dstate->d_fd);
1049 printf("cryptodev_digest_copy: Open session failed\n");
1053 if (fstate->mac_len != 0) {
1054 if (fstate->mac_data != NULL) {
1055 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1056 if (dstate->mac_data == NULL) {
1057 printf("cryptodev_digest_copy: mac_data allocation failed\n");
1060 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1061 dstate->mac_len = fstate->mac_len;
1068 static EVP_MD *sha1_md = NULL;
1069 static const EVP_MD *cryptodev_sha1(void)
1071 if (sha1_md == NULL) {
1074 if ((md = EVP_MD_meth_new(NID_sha1, NID_undef)) == NULL
1075 || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
1076 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1077 || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
1078 || !EVP_MD_meth_set_app_datasize(md,
1079 sizeof(struct dev_crypto_state))
1080 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1081 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1082 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1083 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1084 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1085 EVP_MD_meth_free(md);
1093 static EVP_MD *md5_md = NULL;
1094 static const EVP_MD *cryptodev_md5(void)
1096 if (md5_md == NULL) {
1099 if ((md = EVP_MD_meth_new(NID_md5, NID_undef)) == NULL
1100 || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */)
1101 || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT)
1102 || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */)
1103 || !EVP_MD_meth_set_app_datasize(md,
1104 sizeof(struct dev_crypto_state))
1105 || !EVP_MD_meth_set_init(md, cryptodev_digest_init)
1106 || !EVP_MD_meth_set_update(md, cryptodev_digest_update)
1107 || !EVP_MD_meth_set_final(md, cryptodev_digest_final)
1108 || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy)
1109 || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) {
1110 EVP_MD_meth_free(md);
1118 # endif /* USE_CRYPTODEV_DIGESTS */
1121 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
1122 const int **nids, int nid)
1125 return (cryptodev_usable_digests(nids));
1128 # ifdef USE_CRYPTODEV_DIGESTS
1130 *digest = cryptodev_md5();
1133 *digest = cryptodev_sha1();
1136 # endif /* USE_CRYPTODEV_DIGESTS */
1140 return (*digest != NULL);
1143 static int cryptodev_engine_destroy(ENGINE *e)
1145 EVP_CIPHER_meth_free(rc4_cipher);
1147 EVP_CIPHER_meth_free(des_cbc_cipher);
1148 des_cbc_cipher = NULL;
1149 EVP_CIPHER_meth_free(des3_cbc_cipher);
1150 des3_cbc_cipher = NULL;
1151 EVP_CIPHER_meth_free(bf_cbc_cipher);
1152 bf_cbc_cipher = NULL;
1153 EVP_CIPHER_meth_free(cast_cbc_cipher);
1154 cast_cbc_cipher = NULL;
1155 EVP_CIPHER_meth_free(aes_cbc_cipher);
1156 aes_cbc_cipher = NULL;
1157 EVP_CIPHER_meth_free(aes_192_cbc_cipher);
1158 aes_192_cbc_cipher = NULL;
1159 EVP_CIPHER_meth_free(aes_256_cbc_cipher);
1160 aes_256_cbc_cipher = NULL;
1161 # ifdef CRYPTO_AES_CTR
1162 EVP_CIPHER_meth_free(aes_ctr_cipher);
1163 aes_ctr_cipher = NULL;
1164 EVP_CIPHER_meth_free(aes_192_ctr_cipher);
1165 aes_192_ctr_cipher = NULL;
1166 EVP_CIPHER_meth_free(aes_256_ctr_cipher);
1167 aes_256_ctr_cipher = NULL;
1169 # ifdef USE_CRYPTODEV_DIGESTS
1170 EVP_MD_meth_free(sha1_md);
1172 EVP_MD_meth_free(md5_md);
1179 * Convert a BIGNUM to the representation that /dev/crypto needs.
1180 * Upon completion of use, the caller is responsible for freeing
1183 static int bn2crparam(const BIGNUM *a, struct crparam *crp)
1185 ssize_t bytes, bits;
1191 bits = BN_num_bits(a);
1192 bytes = BN_num_bytes(a);
1194 b = OPENSSL_zalloc(bytes);
1198 crp->crp_p = (caddr_t) b;
1199 crp->crp_nbits = bits;
1205 /* Convert a /dev/crypto parameter to a BIGNUM */
1206 static int crparam2bn(struct crparam *crp, BIGNUM *a)
1211 bytes = (crp->crp_nbits + 7) / 8;
1216 if ((pd = OPENSSL_malloc(bytes)) == NULL)
1219 for (i = 0; i < bytes; i++)
1220 pd[i] = crp->crp_p[bytes - i - 1];
1222 BN_bin2bn(pd, bytes, a);
1228 static void zapparams(struct crypt_kop *kop)
1232 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1233 if (kop->crk_param[i].crp_p)
1234 free(kop->crk_param[i].crp_p);
1235 kop->crk_param[i].crp_p = NULL;
1236 kop->crk_param[i].crp_nbits = 0;
1241 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
1246 if ((fd = get_asym_dev_crypto()) < 0)
1250 kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
1251 kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
1255 kop->crk_param[kop->crk_iparams + 1].crp_p =
1256 calloc(slen, sizeof(char));
1257 kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
1261 if (ioctl(fd, CIOCKEY, kop) == 0) {
1263 crparam2bn(&kop->crk_param[kop->crk_iparams], r);
1265 crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
1273 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
1274 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
1276 struct crypt_kop kop;
1280 * Currently, we know we can do mod exp iff we can do any asymmetric
1281 * operations at all.
1283 if (cryptodev_asymfeat == 0) {
1284 ret = BN_mod_exp(r, a, p, m, ctx);
1288 memset(&kop, 0, sizeof(kop));
1289 kop.crk_op = CRK_MOD_EXP;
1291 /* inputs: a^p % m */
1292 if (bn2crparam(a, &kop.crk_param[0]))
1294 if (bn2crparam(p, &kop.crk_param[1]))
1296 if (bn2crparam(m, &kop.crk_param[2]))
1298 kop.crk_iparams = 3;
1300 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
1301 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1302 printf("OCF asym process failed, Running in software\n");
1303 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1305 } else if (ECANCELED == kop.crk_status) {
1306 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1307 printf("OCF hardware operation cancelled. Running in Software\n");
1308 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1310 /* else cryptodev operation worked ok ==> ret = 1 */
1318 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
1323 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
1329 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
1331 struct crypt_kop kop;
1334 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
1335 /* XXX 0 means failure?? */
1339 memset(&kop, 0, sizeof(kop));
1340 kop.crk_op = CRK_MOD_EXP_CRT;
1341 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
1342 if (bn2crparam(rsa->p, &kop.crk_param[0]))
1344 if (bn2crparam(rsa->q, &kop.crk_param[1]))
1346 if (bn2crparam(I, &kop.crk_param[2]))
1348 if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
1350 if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
1352 if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
1354 kop.crk_iparams = 6;
1356 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
1357 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1358 printf("OCF asym process failed, running in Software\n");
1359 ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
1361 } else if (ECANCELED == kop.crk_status) {
1362 const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
1363 printf("OCF hardware operation cancelled. Running in Software\n");
1364 ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
1366 /* else cryptodev operation worked ok ==> ret = 1 */
1373 static RSA_METHOD cryptodev_rsa = {
1374 "cryptodev RSA method",
1375 NULL, /* rsa_pub_enc */
1376 NULL, /* rsa_pub_dec */
1377 NULL, /* rsa_priv_enc */
1378 NULL, /* rsa_priv_dec */
1384 NULL, /* app_data */
1385 NULL, /* rsa_sign */
1386 NULL /* rsa_verify */
1390 cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
1391 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
1393 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1397 cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
1398 BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
1399 BN_CTX *ctx, BN_MONT_CTX *mont)
1408 /* v = ( g^u1 * y^u2 mod p ) mod q */
1409 /* let t1 = g ^ u1 mod p */
1412 if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
1415 /* let t2 = y ^ u2 mod p */
1416 if (!dsa->meth->bn_mod_exp(dsa, t2, dsa->pub_key, u2, dsa->p, ctx, mont))
1418 /* let u1 = t1 * t2 mod p */
1419 if (!BN_mod_mul(u1, t1, t2, dsa->p, ctx))
1430 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
1433 struct crypt_kop kop;
1434 BIGNUM *r = NULL, *s = NULL;
1435 DSA_SIG *dsaret = NULL;
1437 if ((r = BN_new()) == NULL)
1439 if ((s = BN_new()) == NULL) {
1444 memset(&kop, 0, sizeof(kop));
1445 kop.crk_op = CRK_DSA_SIGN;
1447 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1448 kop.crk_param[0].crp_p = (caddr_t) dgst;
1449 kop.crk_param[0].crp_nbits = dlen * 8;
1450 if (bn2crparam(dsa->p, &kop.crk_param[1]))
1452 if (bn2crparam(dsa->q, &kop.crk_param[2]))
1454 if (bn2crparam(dsa->g, &kop.crk_param[3]))
1456 if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
1458 kop.crk_iparams = 5;
1460 if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
1461 BN_num_bytes(dsa->q), s) == 0) {
1462 dsaret = DSA_SIG_new();
1468 const DSA_METHOD *meth = DSA_OpenSSL();
1471 dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
1474 kop.crk_param[0].crp_p = NULL;
1480 cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
1481 DSA_SIG *sig, DSA *dsa)
1483 struct crypt_kop kop;
1486 memset(&kop, 0, sizeof(kop));
1487 kop.crk_op = CRK_DSA_VERIFY;
1489 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
1490 kop.crk_param[0].crp_p = (caddr_t) dgst;
1491 kop.crk_param[0].crp_nbits = dlen * 8;
1492 if (bn2crparam(dsa->p, &kop.crk_param[1]))
1494 if (bn2crparam(dsa->q, &kop.crk_param[2]))
1496 if (bn2crparam(dsa->g, &kop.crk_param[3]))
1498 if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
1500 if (bn2crparam(sig->r, &kop.crk_param[5]))
1502 if (bn2crparam(sig->s, &kop.crk_param[6]))
1504 kop.crk_iparams = 7;
1506 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1508 * OCF success value is 0, if not zero, change dsaret to fail
1510 if (0 != kop.crk_status)
1513 const DSA_METHOD *meth = DSA_OpenSSL();
1515 dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
1518 kop.crk_param[0].crp_p = NULL;
1523 static DSA_METHOD cryptodev_dsa = {
1524 "cryptodev DSA method",
1526 NULL, /* dsa_sign_setup */
1528 NULL, /* dsa_mod_exp */
1536 #ifndef OPENSSL_NO_DH
1538 cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
1539 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1542 return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
1546 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1548 struct crypt_kop kop;
1552 if ((fd = get_asym_dev_crypto()) < 0) {
1553 const DH_METHOD *meth = DH_OpenSSL();
1555 return ((meth->compute_key) (key, pub_key, dh));
1558 keylen = BN_num_bits(dh->p);
1560 memset(&kop, 0, sizeof(kop));
1561 kop.crk_op = CRK_DH_COMPUTE_KEY;
1563 /* inputs: dh->priv_key pub_key dh->p key */
1564 if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1566 if (bn2crparam(pub_key, &kop.crk_param[1]))
1568 if (bn2crparam(dh->p, &kop.crk_param[2]))
1570 kop.crk_iparams = 3;
1572 kop.crk_param[3].crp_p = (caddr_t) key;
1573 kop.crk_param[3].crp_nbits = keylen * 8;
1574 kop.crk_oparams = 1;
1576 if (ioctl(fd, CIOCKEY, &kop) == -1) {
1577 const DH_METHOD *meth = DH_OpenSSL();
1579 dhret = (meth->compute_key) (key, pub_key, dh);
1582 kop.crk_param[3].crp_p = NULL;
1587 static DH_METHOD cryptodev_dh = {
1588 "cryptodev DH method",
1589 NULL, /* cryptodev_dh_generate_key */
1598 #endif /* ndef OPENSSL_NO_DH */
1601 * ctrl right now is just a wrapper that doesn't do much
1602 * but I expect we'll want some options soon.
1605 cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
1607 # ifdef HAVE_SYSLOG_R
1608 struct syslog_data sd = SYSLOG_DATA_INIT;
1613 # ifdef HAVE_SYSLOG_R
1614 syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
1616 syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
1623 void engine_load_cryptodev_internal(void)
1625 ENGINE *engine = ENGINE_new();
1630 if ((fd = get_dev_crypto()) < 0) {
1631 ENGINE_free(engine);
1636 * find out what asymmetric crypto algorithms we support
1638 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1640 ENGINE_free(engine);
1645 if (!ENGINE_set_id(engine, "cryptodev") ||
1646 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
1647 !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) ||
1648 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
1649 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
1650 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
1651 !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
1652 ENGINE_free(engine);
1656 if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
1657 const RSA_METHOD *rsa_meth = RSA_PKCS1_OpenSSL();
1659 cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
1660 cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
1661 cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
1662 cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
1663 cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
1664 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1665 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1666 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1667 if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1668 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
1670 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
1674 if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
1675 const DSA_METHOD *meth = DSA_OpenSSL();
1677 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1678 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1679 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1680 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1681 cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1682 cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1684 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1685 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1688 #ifndef OPENSSL_NO_DH
1689 if (ENGINE_set_DH(engine, &cryptodev_dh)) {
1690 const DH_METHOD *dh_meth = DH_OpenSSL();
1692 cryptodev_dh.generate_key = dh_meth->generate_key;
1693 cryptodev_dh.compute_key = dh_meth->compute_key;
1694 cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1695 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1696 cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1697 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1698 cryptodev_dh.compute_key = cryptodev_dh_compute_key;
1704 ENGINE_free(engine);
1708 #endif /* HAVE_CRYPTODEV */