diff options
Diffstat (limited to 'target/linux/generic-2.6/files/crypto/ocf/cryptodev.c')
| -rw-r--r-- | target/linux/generic-2.6/files/crypto/ocf/cryptodev.c | 1048 |
1 files changed, 1048 insertions, 0 deletions
diff --git a/target/linux/generic-2.6/files/crypto/ocf/cryptodev.c b/target/linux/generic-2.6/files/crypto/ocf/cryptodev.c new file mode 100644 index 000000000..13d57a11f --- /dev/null +++ b/target/linux/generic-2.6/files/crypto/ocf/cryptodev.c @@ -0,0 +1,1048 @@ +/* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ + +/*- + * Linux port done by David McCullough <david_mccullough@securecomputing.com> + * Copyright (C) 2006-2007 David McCullough + * Copyright (C) 2004-2005 Intel Corporation. + * The license and original author are listed below. + * + * Copyright (c) 2001 Theo de Raadt + * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Effort sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F30602-01-2-0537. + * +__FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gnn Exp $"); + */ + +#ifndef AUTOCONF_INCLUDED +#include <linux/config.h> +#endif +#include <linux/types.h> +#include <linux/time.h> +#include <linux/delay.h> +#include <linux/list.h> +#include <linux/init.h> +#include <linux/sched.h> +#include <linux/unistd.h> +#include <linux/module.h> +#include <linux/wait.h> +#include <linux/slab.h> +#include <linux/fs.h> +#include <linux/dcache.h> +#include <linux/file.h> +#include <linux/mount.h> +#include <linux/miscdevice.h> +#include <linux/version.h> +#include <asm/uaccess.h> + +#include <cryptodev.h> +#include <uio.h> + +extern asmlinkage long sys_dup(unsigned int fildes); + +#define debug cryptodev_debug +int cryptodev_debug = 0; +module_param(cryptodev_debug, int, 0644); +MODULE_PARM_DESC(cryptodev_debug, "Enable cryptodev debug"); + +struct csession_info { + u_int16_t blocksize; + u_int16_t minkey, maxkey; + + u_int16_t keysize; + /* u_int16_t hashsize; */ + u_int16_t authsize; + /* u_int16_t ctxsize; */ +}; + +struct csession { + struct list_head list; + u_int64_t sid; + u_int32_t ses; + + wait_queue_head_t waitq; + + u_int32_t cipher; + + u_int32_t mac; + + caddr_t key; + int keylen; + u_char tmp_iv[EALG_MAX_BLOCK_LEN]; + + caddr_t mackey; + int mackeylen; + + struct csession_info info; + + struct iovec iovec; + struct uio uio; + int error; +}; + +struct fcrypt { + struct list_head csessions; + int sesn; +}; + +static struct csession *csefind(struct fcrypt *, u_int); +static int csedelete(struct fcrypt *, struct csession *); +static struct csession *cseadd(struct fcrypt *, struct csession *); +static struct csession *csecreate(struct fcrypt *, u_int64_t, + struct cryptoini *crie, struct cryptoini *cria, struct csession_info *); +static int csefree(struct csession *); + +static int cryptodev_op(struct csession *, struct crypt_op *); +static int cryptodev_key(struct crypt_kop *); +static int cryptodev_find(struct crypt_find_op *); + +static int cryptodev_cb(void *); +static int cryptodev_open(struct inode *inode, struct file *filp); + +/* + * Check a crypto identifier to see if it requested + * a valid crid and it's capabilities match. + */ +static int +checkcrid(int crid) +{ + int hid = crid & ~(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE); + int typ = crid & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE); + int caps = 0; + + /* if the user hasn't selected a driver, then just call newsession */ + if (hid == 0 && typ != 0) + return 0; + + caps = crypto_getcaps(hid); + + /* didn't find anything with capabilities */ + if (caps == 0) { + dprintk("%s: hid=%x typ=%x not matched\n", __FUNCTION__, hid, typ); + return EINVAL; + } + + /* the user didn't specify SW or HW, so the driver is ok */ + if (typ == 0) + return 0; + + /* if the type specified didn't match */ + if (typ != (caps & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE))) { + dprintk("%s: hid=%x typ=%x caps=%x not matched\n", __FUNCTION__, + hid, typ, caps); + return EINVAL; + } + + return 0; +} + +static int +cryptodev_op(struct csession *cse, struct crypt_op *cop) +{ + struct cryptop *crp = NULL; + struct cryptodesc *crde = NULL, *crda = NULL; + int error = 0; + + dprintk("%s()\n", __FUNCTION__); + if (cop->len > CRYPTO_MAX_DATA_LEN) { + dprintk("%s: %d > %d\n", __FUNCTION__, cop->len, CRYPTO_MAX_DATA_LEN); + return (E2BIG); + } + + if (cse->info.blocksize && (cop->len % cse->info.blocksize) != 0) { + dprintk("%s: blocksize=%d len=%d\n", __FUNCTION__, cse->info.blocksize, + cop->len); + return (EINVAL); + } + + cse->uio.uio_iov = &cse->iovec; + cse->uio.uio_iovcnt = 1; + cse->uio.uio_offset = 0; +#if 0 + cse->uio.uio_resid = cop->len; + cse->uio.uio_segflg = UIO_SYSSPACE; + cse->uio.uio_rw = UIO_WRITE; + cse->uio.uio_td = td; +#endif + cse->uio.uio_iov[0].iov_len = cop->len; + if (cse->info.authsize) + cse->uio.uio_iov[0].iov_len += cse->info.authsize; + cse->uio.uio_iov[0].iov_base = kmalloc(cse->uio.uio_iov[0].iov_len, + GFP_KERNEL); + + if (cse->uio.uio_iov[0].iov_base == NULL) { + dprintk("%s: iov_base kmalloc(%d) failed\n", __FUNCTION__, + cse->uio.uio_iov[0].iov_len); + return (ENOMEM); + } + + crp = crypto_getreq((cse->info.blocksize != 0) + (cse->info.authsize != 0)); + if (crp == NULL) { + dprintk("%s: ENOMEM\n", __FUNCTION__); + error = ENOMEM; + goto bail; + } + + if (cse->info.authsize) { + crda = crp->crp_desc; + if (cse->info.blocksize) + crde = crda->crd_next; + } else { + if (cse->info.blocksize) + crde = crp->crp_desc; + else { + dprintk("%s: bad request\n", __FUNCTION__); + error = EINVAL; + goto bail; + } + } + + if ((error = copy_from_user(cse->uio.uio_iov[0].iov_base, cop->src, + cop->len))) { + dprintk("%s: bad copy\n", __FUNCTION__); + goto bail; + } + + if (crda) { + crda->crd_skip = 0; + crda->crd_len = cop->len; + crda->crd_inject = cop->len; + + crda->crd_alg = cse->mac; + crda->crd_key = cse->mackey; + crda->crd_klen = cse->mackeylen * 8; + } + + if (crde) { + if (cop->op == COP_ENCRYPT) + crde->crd_flags |= CRD_F_ENCRYPT; + else + crde->crd_flags &= ~CRD_F_ENCRYPT; + crde->crd_len = cop->len; + crde->crd_inject = 0; + + crde->crd_alg = cse->cipher; + crde->crd_key = cse->key; + crde->crd_klen = cse->keylen * 8; + } + + crp->crp_ilen = cse->uio.uio_iov[0].iov_len; + crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM + | (cop->flags & COP_F_BATCH); + crp->crp_buf = (caddr_t)&cse->uio; + crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb; + crp->crp_sid = cse->sid; + crp->crp_opaque = (void *)cse; + + if (cop->iv) { + if (crde == NULL) { + error = EINVAL; + dprintk("%s no crde\n", __FUNCTION__); + goto bail; + } + if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ + error = EINVAL; + dprintk("%s arc4 with IV\n", __FUNCTION__); + goto bail; + } + if ((error = copy_from_user(cse->tmp_iv, cop->iv, + cse->info.blocksize))) { + dprintk("%s bad iv copy\n", __FUNCTION__); + goto bail; + } + memcpy(crde->crd_iv, cse->tmp_iv, cse->info.blocksize); + crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; + crde->crd_skip = 0; + } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ + crde->crd_skip = 0; + } else if (crde) { + crde->crd_flags |= CRD_F_IV_PRESENT; + crde->crd_skip = cse->info.blocksize; + crde->crd_len -= cse->info.blocksize; + } + + if (cop->mac && crda == NULL) { + error = EINVAL; + dprintk("%s no crda\n", __FUNCTION__); + goto bail; + } + + /* + * Let the dispatch run unlocked, then, interlock against the + * callback before checking if the operation completed and going + * to sleep. This insures drivers don't inherit our lock which + * results in a lock order reversal between crypto_dispatch forced + * entry and the crypto_done callback into us. + */ + error = crypto_dispatch(crp); + if (error == 0) { + dprintk("%s about to WAIT\n", __FUNCTION__); + /* + * we really need to wait for driver to complete to maintain + * state, luckily interrupts will be remembered + */ + do { + error = wait_event_interruptible(crp->crp_waitq, + ((crp->crp_flags & CRYPTO_F_DONE) != 0)); + /* + * we can't break out of this loop or we will leave behind + * a huge mess, however, staying here means if your driver + * is broken user applications can hang and not be killed. + * The solution, fix your driver :-) + */ + if (error) { + schedule(); + error = 0; + } + } while ((crp->crp_flags & CRYPTO_F_DONE) == 0); + dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error); + } + + if (crp->crp_etype != 0) { + error = crp->crp_etype; + dprintk("%s error in crp processing\n", __FUNCTION__); + goto bail; + } + + if (cse->error) { + error = cse->error; + dprintk("%s error in cse processing\n", __FUNCTION__); + goto bail; + } + + if (cop->dst && (error = copy_to_user(cop->dst, + cse->uio.uio_iov[0].iov_base, cop->len))) { + dprintk("%s bad dst copy\n", __FUNCTION__); + goto bail; + } + + if (cop->mac && + (error=copy_to_user(cop->mac, + (caddr_t)cse->uio.uio_iov[0].iov_base + cop->len, + cse->info.authsize))) { + dprintk("%s bad mac copy\n", __FUNCTION__); + goto bail; + } + +bail: + if (crp) + crypto_freereq(crp); + if (cse->uio.uio_iov[0].iov_base) + kfree(cse->uio.uio_iov[0].iov_base); + + return (error); +} + +static int +cryptodev_cb(void *op) +{ + struct cryptop *crp = (struct cryptop *) op; + struct csession *cse = (struct csession *)crp->crp_opaque; + int error; + + dprintk("%s()\n", __FUNCTION__); + error = crp->crp_etype; + if (error == EAGAIN) { + crp->crp_flags &= ~CRYPTO_F_DONE; +#ifdef NOTYET + /* + * DAVIDM I am fairly sure that we should turn this into a batch + * request to stop bad karma/lockup, revisit + */ + crp->crp_flags |= CRYPTO_F_BATCH; +#endif + return crypto_dispatch(crp); + } + if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) { + cse->error = error; + wake_up_interruptible(&crp->crp_waitq); + } + return (0); +} + +static int +cryptodevkey_cb(void *op) +{ + struct cryptkop *krp = (struct cryptkop *) op; + dprintk("%s()\n", __FUNCTION__); + wake_up_interruptible(&krp->krp_waitq); + return (0); +} + +static int +cryptodev_key(struct crypt_kop *kop) +{ + struct cryptkop *krp = NULL; + int error = EINVAL; + int in, out, size, i; + + dprintk("%s()\n", __FUNCTION__); + if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { + dprintk("%s params too big\n", __FUNCTION__); + return (EFBIG); + } + + in = kop->crk_iparams; + out = kop->crk_oparams; + switch (kop->crk_op) { + case CRK_MOD_EXP: + if (in == 3 && out == 1) + break; + return (EINVAL); + case CRK_MOD_EXP_CRT: + if (in == 6 && out == 1) + break; + return (EINVAL); + case CRK_DSA_SIGN: + if (in == 5 && out == 2) + break; + return (EINVAL); + case CRK_DSA_VERIFY: + if (in == 7 && out == 0) + break; + return (EINVAL); + case CRK_DH_COMPUTE_KEY: + if (in == 3 && out == 1) + break; + return (EINVAL); + default: + return (EINVAL); + } + + krp = (struct cryptkop *)kmalloc(sizeof *krp, GFP_KERNEL); + if (!krp) + return (ENOMEM); + bzero(krp, sizeof *krp); + krp->krp_op = kop->crk_op; + krp->krp_status = kop->crk_status; + krp->krp_iparams = kop->crk_iparams; + krp->krp_oparams = kop->crk_oparams; + krp->krp_crid = kop->crk_crid; + krp->krp_status = 0; + krp->krp_flags = CRYPTO_KF_CBIMM; + krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; + init_waitqueue_head(&krp->krp_waitq); + + for (i = 0; i < CRK_MAXPARAM; i++) + krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; + for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { + size = (krp->krp_param[i].crp_nbits + 7) / 8; + if (size == 0) + continue; + krp->krp_param[i].crp_p = (caddr_t) kmalloc(size, GFP_KERNEL); + if (i >= krp->krp_iparams) + continue; + error = copy_from_user(krp->krp_param[i].crp_p, + kop->crk_param[i].crp_p, size); + if (error) + goto fail; + } + + error = crypto_kdispatch(krp); + if (error) + goto fail; + + do { + error = wait_event_interruptible(krp->krp_waitq, + ((krp->krp_flags & CRYPTO_KF_DONE) != 0)); + /* + * we can't break out of this loop or we will leave behind + * a huge mess, however, staying here means if your driver + * is broken user applications can hang and not be killed. + * The solution, fix your driver :-) + */ + if (error) { + schedule(); + error = 0; + } + } while ((krp->krp_flags & CRYPTO_KF_DONE) == 0); + + dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error); + + kop->crk_crid = krp->krp_crid; /* device that did the work */ + if (krp->krp_status != 0) { + error = krp->krp_status; + goto fail; + } + + for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { + size = (krp->krp_param[i].crp_nbits + 7) / 8; + if (size == 0) + continue; + error = copy_to_user(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, + size); + if (error) + goto fail; + } + +fail: + if (krp) { + kop->crk_status = krp->krp_status; + for (i = 0; i < CRK_MAXPARAM; i++) { + if (krp->krp_param[i].crp_p) + kfree(krp->krp_param[i].crp_p); + } + kfree(krp); + } + return (error); +} + +static int +cryptodev_find(struct crypt_find_op *find) +{ + device_t dev; + + if (find->crid != -1) { + dev = crypto_find_device_byhid(find->crid); + if (dev == NULL) + return (ENOENT); + strlcpy(find->name, device_get_nameunit(dev), + sizeof(find->name)); + } else { + find->crid = crypto_find_driver(find->name); + if (find->crid == -1) + return (ENOENT); + } + return (0); +} + +static struct csession * +csefind(struct fcrypt *fcr, u_int ses) +{ + struct csession *cse; + + dprintk("%s()\n", __FUNCTION__); + list_for_each_entry(cse, &fcr->csessions, list) + if (cse->ses == ses) + return (cse); + return (NULL); +} + +static int +csedelete(struct fcrypt *fcr, struct csession *cse_del) +{ + struct csession *cse; + + dprintk("%s()\n", __FUNCTION__); + list_for_each_entry(cse, &fcr->csessions, list) { + if (cse == cse_del) { + list_del(&cse->list); + return (1); + } + } + return (0); +} + +static struct csession * +cseadd(struct fcrypt *fcr, struct csession *cse) +{ + dprintk("%s()\n", __FUNCTION__); + list_add_tail(&cse->list, &fcr->csessions); + cse->ses = fcr->sesn++; + return (cse); +} + +static struct csession * +csecreate(struct fcrypt *fcr, u_int64_t sid, struct cryptoini *crie, + struct cryptoini *cria, struct csession_info *info) +{ + struct csession *cse; + + dprintk("%s()\n", __FUNCTION__); + cse = (struct csession *) kmalloc(sizeof(struct csession), GFP_KERNEL); + if (cse == NULL) + return NULL; + memset(cse, 0, sizeof(struct csession)); + + INIT_LIST_HEAD(&cse->list); + init_waitqueue_head(&cse->waitq); + + cse->key = crie->cri_key; + cse->keylen = crie->cri_klen/8; + cse->mackey = cria->cri_key; + cse->mackeylen = cria->cri_klen/8; + cse->sid = sid; + cse->cipher = crie->cri_alg; + cse->mac = cria->cri_alg; + cse->info = *info; + cseadd(fcr, cse); + return (cse); +} + +static int +csefree(struct csession *cse) +{ + int error; + + dprintk("%s()\n", __FUNCTION__); + error = crypto_freesession(cse->sid); + if (cse->key) + kfree(cse->key); + if (cse->mackey) + kfree(cse->mackey); + kfree(cse); + return(error); +} + +static int +cryptodev_ioctl( + struct inode *inode, + struct file *filp, + unsigned int cmd, + unsigned long arg) +{ + struct cryptoini cria, crie; + struct fcrypt *fcr = filp->private_data; + struct csession *cse; + struct csession_info info; + struct session2_op sop; + struct crypt_op cop; + struct crypt_kop kop; + struct crypt_find_op fop; + u_int64_t sid; + u_int32_t ses; + int feat, fd, error = 0, crid; + mm_segment_t fs; + + dprintk("%s(cmd=%x arg=%lx)\n", __FUNCTION__, cmd, arg); + + switch (cmd) { + + case CRIOGET: { + dprintk("%s(CRIOGET)\n", __FUNCTION__); + fs = get_fs(); + set_fs(get_ds()); + for (fd = 0; fd < files_fdtable(current->files)->max_fds; fd++) + if (files_fdtable(current->files)->fd[fd] == filp) + break; + fd = sys_dup(fd); + set_fs(fs); + put_user(fd, (int *) arg); + return IS_ERR_VALUE(fd) ? fd : 0; + } + +#define CIOCGSESSSTR (cmd == CIOCGSESSION ? "CIOCGSESSION" : "CIOCGSESSION2") + case CIOCGSESSION: + case CIOCGSESSION2: + dprintk("%s(%s)\n", __FUNCTION__, CIOCGSESSSTR); + memset(&crie, 0, sizeof(crie)); + memset(&cria, 0, sizeof(cria)); + memset(&info, 0, sizeof(info)); + memset(&sop, 0, sizeof(sop)); + + if (copy_from_user(&sop, (void*)arg, (cmd == CIOCGSESSION) ? + sizeof(struct session_op) : sizeof(sop))) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + goto bail; + } + + switch (sop.cipher) { + case 0: + dprintk("%s(%s) - no cipher\n", __FUNCTION__, CIOCGSESSSTR); + break; + case CRYPTO_NULL_CBC: + info.blocksize = NULL_BLOCK_LEN; + info.minkey = NULL_MIN_KEY_LEN; + info.maxkey = NULL_MAX_KEY_LEN; + break; + case CRYPTO_DES_CBC: + info.blocksize = DES_BLOCK_LEN; + info.minkey = DES_MIN_KEY_LEN; + info.maxkey = DES_MAX_KEY_LEN; + break; + case CRYPTO_3DES_CBC: + info.blocksize = DES3_BLOCK_LEN; + info.minkey = DES3_MIN_KEY_LEN; + info.maxkey = DES3_MAX_KEY_LEN; + break; + case CRYPTO_BLF_CBC: + info.blocksize = BLOWFISH_BLOCK_LEN; + info.minkey = BLOWFISH_MIN_KEY_LEN; + info.maxkey = BLOWFISH_MAX_KEY_LEN; + break; + case CRYPTO_CAST_CBC: + info.blocksize = CAST128_BLOCK_LEN; + info.minkey = CAST128_MIN_KEY_LEN; + info.maxkey = CAST128_MAX_KEY_LEN; + break; + case CRYPTO_SKIPJACK_CBC: + info.blocksize = SKIPJACK_BLOCK_LEN; + info.minkey = SKIPJACK_MIN_KEY_LEN; + info.maxkey = SKIPJACK_MAX_KEY_LEN; + break; + case CRYPTO_AES_CBC: + info.blocksize = AES_BLOCK_LEN; + info.minkey = AES_MIN_KEY_LEN; + info.maxkey = AES_MAX_KEY_LEN; + break; + case CRYPTO_ARC4: + info.blocksize = ARC4_BLOCK_LEN; + info.minkey = ARC4_MIN_KEY_LEN; + info.maxkey = ARC4_MAX_KEY_LEN; + break; + case CRYPTO_CAMELLIA_CBC: + info.blocksize = CAMELLIA_BLOCK_LEN; + info.minkey = CAMELLIA_MIN_KEY_LEN; + info.maxkey = CAMELLIA_MAX_KEY_LEN; + break; + default: + dprintk("%s(%s) - bad cipher\n", __FUNCTION__, CIOCGSESSSTR); + error = EINVAL; + goto bail; + } + + switch (sop.mac) { + case 0: + dprintk("%s(%s) - no mac\n", __FUNCTION__, CIOCGSESSSTR); + break; + case CRYPTO_NULL_HMAC: + info.authsize = NULL_HASH_LEN; + break; + case CRYPTO_MD5: + info.authsize = MD5_HASH_LEN; + break; + case CRYPTO_SHA1: + info.authsize = SHA1_HASH_LEN; + break; + case CRYPTO_SHA2_256: + info.authsize = SHA2_256_HASH_LEN; + break; + case CRYPTO_SHA2_384: + info.authsize = SHA2_384_HASH_LEN; + break; + case CRYPTO_SHA2_512: + info.authsize = SHA2_512_HASH_LEN; + break; + case CRYPTO_RIPEMD160: + info.authsize = RIPEMD160_HASH_LEN; + break; + case CRYPTO_MD5_HMAC: + info.authsize = MD5_HASH_LEN; + break; + case CRYPTO_SHA1_HMAC: + info.authsize = SHA1_HASH_LEN; + break; + case CRYPTO_SHA2_256_HMAC: + info.authsize = SHA2_256_HASH_LEN; + break; + case CRYPTO_SHA2_384_HMAC: + info.authsize = SHA2_384_HASH_LEN; + break; + case CRYPTO_SHA2_512_HMAC: + info.authsize = SHA2_512_HASH_LEN; + break; + case CRYPTO_RIPEMD160_HMAC: + info.authsize = RIPEMD160_HASH_LEN; + break; + default: + dprintk("%s(%s) - bad mac\n", __FUNCTION__, CIOCGSESSSTR); + error = EINVAL; + goto bail; + } + + if (info.blocksize) { + crie.cri_alg = sop.cipher; + crie.cri_klen = sop.keylen * 8; + if ((info.maxkey && sop.keylen > info.maxkey) || + sop.keylen < info.minkey) { + dprintk("%s(%s) - bad key\n", __FUNCTION__, CIOCGSESSSTR); + error = EINVAL; + goto bail; + } + + crie.cri_key = (u_int8_t *) kmalloc(crie.cri_klen/8+1, GFP_KERNEL); + if (copy_from_user(crie.cri_key, sop.key, + crie.cri_klen/8)) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + goto bail; + } + if (info.authsize) + crie.cri_next = &cria; + } + + if (info.authsize) { + cria.cri_alg = sop.mac; + cria.cri_klen = sop.mackeylen * 8; + if ((info.maxkey && sop.mackeylen > info.maxkey) || + sop.keylen < info.minkey) { + dprintk("%s(%s) - mackeylen %d\n", __FUNCTION__, CIOCGSESSSTR, + sop.mackeylen); + error = EINVAL; + goto bail; + } + + if (cria.cri_klen) { + cria.cri_key = (u_int8_t *) kmalloc(cria.cri_klen/8,GFP_KERNEL); + if (copy_from_user(cria.cri_key, sop.mackey, + cria.cri_klen / 8)) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + goto bail; + } + } + } + + /* NB: CIOGSESSION2 has the crid */ + if (cmd == CIOCGSESSION2) { + crid = sop.crid; + error = checkcrid(crid); + if (error) { + dprintk("%s(%s) - checkcrid %x\n", __FUNCTION__, + CIOCGSESSSTR, error); + goto bail; + } + } else { + /* allow either HW or SW to be used */ + crid = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; + } + error = crypto_newsession(&sid, (info.blocksize ? &crie : &cria), crid); + if (error) { + dprintk("%s(%s) - newsession %d\n",__FUNCTION__,CIOCGSESSSTR,error); + goto bail; + } + + cse = csecreate(fcr, sid, &crie, &cria, &info); + if (cse == NULL) { + crypto_freesession(sid); + error = EINVAL; + dprintk("%s(%s) - csecreate failed\n", __FUNCTION__, CIOCGSESSSTR); + goto bail; + } + sop.ses = cse->ses; + + if (cmd == CIOCGSESSION2) { + /* return hardware/driver id */ + sop.crid = CRYPTO_SESID2HID(cse->sid); + } + + if (copy_to_user((void*)arg, &sop, (cmd == CIOCGSESSION) ? + sizeof(struct session_op) : sizeof(sop))) { + dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); + error = EFAULT; + } +bail: + if (error) { + dprintk("%s(%s) - bail %d\n", __FUNCTION__, CIOCGSESSSTR, error); + if (crie.cri_key) + kfree(crie.cri_key); + if (cria.cri_key) + kfree(cria.cri_key); + } + break; + case CIOCFSESSION: + dprintk("%s(CIOCFSESSION)\n", __FUNCTION__); + get_user(ses, (uint32_t*)arg); + cse = csefind(fcr, ses); + if (cse == NULL) { + error = EINVAL; + dprintk("%s(CIOCFSESSION) - Fail %d\n", __FUNCTION__, error); + break; + } + csedelete(fcr, cse); + error = csefree(cse); + break; + case CIOCCRYPT: + dprintk("%s(CIOCCRYPT)\n", __FUNCTION__); + if(copy_from_user(&cop, (void*)arg, sizeof(cop))) { + dprintk("%s(CIOCCRYPT) - bad copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + cse = csefind(fcr, cop.ses); + if (cse == NULL) { + error = EINVAL; + dprintk("%s(CIOCCRYPT) - Fail %d\n", __FUNCTION__, error); + break; + } + error = cryptodev_op(cse, &cop); + if(copy_to_user((void*)arg, &cop, sizeof(cop))) { + dprintk("%s(CIOCCRYPT) - bad return copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + break; + case CIOCKEY: + case CIOCKEY2: + dprintk("%s(CIOCKEY)\n", __FUNCTION__); + if (!crypto_userasymcrypto) + return (EPERM); /* XXX compat? */ + if(copy_from_user(&kop, (void*)arg, sizeof(kop))) { + dprintk("%s(CIOCKEY) - bad copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + if (cmd == CIOCKEY) { + /* NB: crypto core enforces s/w driver use */ + kop.crk_crid = + CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; + } + error = cryptodev_key(&kop); + if(copy_to_user((void*)arg, &kop, sizeof(kop))) { + dprintk("%s(CIOCGKEY) - bad return copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + break; + case CIOCASYMFEAT: + dprintk("%s(CIOCASYMFEAT)\n", __FUNCTION__); + if (!crypto_userasymcrypto) { + /* + * NB: if user asym crypto operations are + * not permitted return "no algorithms" + * so well-behaved applications will just + * fallback to doing them in software. + */ + feat = 0; + } else + error = crypto_getfeat(&feat); + if (!error) { + error = copy_to_user((void*)arg, &feat, sizeof(feat)); + } + break; + case CIOCFINDDEV: + if (copy_from_user(&fop, (void*)arg, sizeof(fop))) { + dprintk("%s(CIOCFINDDEV) - bad copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + error = cryptodev_find(&fop); + if (copy_to_user((void*)arg, &fop, sizeof(fop))) { + dprintk("%s(CIOCFINDDEV) - bad return copy\n", __FUNCTION__); + error = EFAULT; + goto bail; + } + break; + default: + dprintk("%s(unknown ioctl 0x%x)\n", __FUNCTION__, cmd); + error = EINVAL; + break; + } + return(-error); +} + +#ifdef HAVE_UNLOCKED_IOCTL +static long +cryptodev_unlocked_ioctl( + struct file *filp, + unsigned int cmd, + unsigned long arg) +{ + return cryptodev_ioctl(NULL, filp, cmd, arg); +} +#endif + +static int +cryptodev_open(struct inode *inode, struct file *filp) +{ + struct fcrypt *fcr; + + dprintk("%s()\n", __FUNCTION__); + if (filp->private_data) { + printk("cryptodev: Private data already exists !\n"); + return(0); + } + + fcr = kmalloc(sizeof(*fcr), GFP_KERNEL); + if (!fcr) { + dprintk("%s() - malloc failed\n", __FUNCTION__); + return(-ENOMEM); + } + memset(fcr, 0, sizeof(*fcr)); + + INIT_LIST_HEAD(&fcr->csessions); + filp->private_data = fcr; + return(0); +} + +static int +cryptodev_release(struct inode *inode, struct file *filp) +{ + struct fcrypt *fcr = filp->private_data; + struct csession *cse, *tmp; + + dprintk("%s()\n", __FUNCTION__); + if (!filp) { + printk("cryptodev: No private data on release\n"); + return(0); + } + + list_for_each_entry_safe(cse, tmp, &fcr->csessions, list) { + list_del(&cse->list); + (void)csefree(cse); + } + filp->private_data = NULL; + kfree(fcr); + return(0); +} + +static struct file_operations cryptodev_fops = { + .owner = THIS_MODULE, + .open = cryptodev_open, + .release = cryptodev_release, + .ioctl = cryptodev_ioctl, +#ifdef HAVE_UNLOCKED_IOCTL + .unlocked_ioctl = cryptodev_unlocked_ioctl, +#endif +}; + +static struct miscdevice cryptodev = { + .minor = CRYPTODEV_MINOR, + .name = "crypto", + .fops = &cryptodev_fops, +}; + +static int __init +cryptodev_init(void) +{ + int rc; + + dprintk("%s(%p)\n", __FUNCTION__, cryptodev_init); + rc = misc_register(&cryptodev); + if (rc) { + printk(KERN_ERR "cryptodev: registration of /dev/crypto failed\n"); + return(rc); + } + + return(0); +} + +static void __exit +cryptodev_exit(void) +{ + dprintk("%s()\n", __FUNCTION__); + misc_deregister(&cryptodev); +} + +module_init(cryptodev_init); +module_exit(cryptodev_exit); + +MODULE_LICENSE("BSD"); +MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); +MODULE_DESCRIPTION("Cryptodev (user interface to OCF)"); |