search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Corrected issue in assigning other pages than the first.
[cryptodev-linux.git] / cryptodev_main.c
blobdffbead5404930c8bd888b5a32ec003fd6b7cdb0
1 /*
2 * Driver for /dev/crypto device (aka CryptoDev)
3 *
4 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
5 * Copyright (c) 2009,2010 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6 *
7 * This file is part of linux cryptodev.
8 *
9 * cryptodev is free software: you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * cryptodev is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 /*
24 * Device /dev/crypto provides an interface for
25 * accessing kernel CryptoAPI algorithms (ciphers,
26 * hashes) from userspace programs.
27 *
28 * /dev/crypto interface was originally introduced in
29 * OpenBSD and this module attempts to keep the API.
30 *
31 */
32
33 #include <linux/crypto.h>
34 #include <linux/mm.h>
35 #include <linux/highmem.h>
36 #include <linux/pagemap.h>
37 #include <linux/random.h>
38 #include "cryptodev.h"
39 #include <asm/uaccess.h>
40 #include <asm/ioctl.h>
41 #include <linux/scatterlist.h>
42 #include "cryptodev_int.h"
43 #include "version.h"
44
45 MODULE_AUTHOR("Nikos Mavrogiannopoulos <nmav@gnutls.org>");
46 MODULE_DESCRIPTION("CryptoDev driver");
47 MODULE_LICENSE("GPL");
48
49 /* ====== Compile-time config ====== */
50
51 #define CRYPTODEV_STATS
52
53 /* ====== Module parameters ====== */
54
55 int cryptodev_verbosity = 0;
56 module_param(cryptodev_verbosity, int, 0644);
57 MODULE_PARM_DESC(cryptodev_verbosity, "0: normal, 1: verbose, 2: debug");
58
59 #ifdef CRYPTODEV_STATS
60 static int enable_stats = 0;
61 module_param(enable_stats, int, 0644);
62 MODULE_PARM_DESC(enable_stats, "collect statictics about cryptodev usage");
63 #endif
64
65 /* ====== CryptoAPI ====== */
66
67 #define FILL_SG(sg,ptr,len) \
68 do { \
69 (sg)->page = virt_to_page(ptr); \
70 (sg)->offset = offset_in_page(ptr); \
71 (sg)->length = len; \
72 (sg)->dma_address = 0; \
73 } while (0)
74
75 struct csession {
76 struct list_head entry;
77 struct semaphore sem;
78 struct cipher_data cdata;
79 struct hash_data hdata;
80 uint32_t sid;
81 #ifdef CRYPTODEV_STATS
82 #if ! ((COP_ENCRYPT < 2) && (COP_DECRYPT < 2))
83 #error Struct csession.stat uses COP_{ENCRYPT,DECRYPT} as indices. Do something!
84 #endif
85 unsigned long long stat[2];
86 size_t stat_max_size, stat_count;
87 #endif
88 int array_size;
89 struct page **pages;
90 struct scatterlist *sg;
91 };
92
93 struct fcrypt {
94 struct list_head list;
95 struct semaphore sem;
96 };
97
98 /* Prepare session for future use. */
99 static int
100 crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
101 {
102 struct csession *ses_new = NULL, *ses_ptr;
103 int ret = 0;
104 const char *alg_name=NULL;
105 const char *hash_name=NULL;
106 int hmac_mode = 1;
107
108 /* Does the request make sense? */
109 if (unlikely(!sop->cipher && !sop->mac)) {
110 dprintk(1,KERN_DEBUG,"Both 'cipher' and 'mac' unset.\n");
111 return -EINVAL;
112 }
113
114 switch (sop->cipher) {
115 case 0:
116 break;
117 case CRYPTO_DES_CBC:
118 alg_name = "cbc(des)";
119 break;
120 case CRYPTO_3DES_CBC:
121 alg_name = "cbc(des3_ede)";
122 break;
123 case CRYPTO_BLF_CBC:
124 alg_name = "cbc(blowfish)";
125 break;
126 case CRYPTO_AES_CBC:
127 alg_name = "cbc(aes)";
128 break;
129 case CRYPTO_CAMELLIA_CBC:
130 alg_name = "cbc(camelia)";
131 break;
132 case CRYPTO_NULL:
133 alg_name = "ecb(cipher_null)";
134 break;
135 default:
136 dprintk(1,KERN_DEBUG,"%s: bad cipher: %d\n", __func__, sop->cipher);
137 return -EINVAL;
138 }
139
140 switch (sop->mac) {
141 case 0:
142 break;
143 case CRYPTO_MD5_HMAC:
144 hash_name = "hmac(md5)";
145 break;
146 case CRYPTO_RIPEMD160_HMAC:
147 hash_name = "hmac(rmd160)";
148 break;
149 case CRYPTO_SHA1_HMAC:
150 hash_name = "hmac(sha1)";
151 break;
152 case CRYPTO_SHA2_256_HMAC:
153 hash_name = "hmac(sha256)";
154 break;
155 case CRYPTO_SHA2_384_HMAC:
156 hash_name = "hmac(sha384)";
157 break;
158 case CRYPTO_SHA2_512_HMAC:
159 hash_name = "hmac(sha512)";
160 break;
161
162 /* non-hmac cases */
163 case CRYPTO_MD5:
164 hash_name = "md5";
165 hmac_mode = 0;
166 break;
167 case CRYPTO_RIPEMD160:
168 hash_name = "rmd160";
169 hmac_mode = 0;
170 break;
171 case CRYPTO_SHA1:
172 hash_name = "sha1";
173 hmac_mode = 0;
174 break;
175 case CRYPTO_SHA2_256:
176 hash_name = "sha256";
177 hmac_mode = 0;
178 break;
179 case CRYPTO_SHA2_384:
180 hash_name = "sha384";
181 hmac_mode = 0;
182 break;
183 case CRYPTO_SHA2_512:
184 hash_name = "sha512";
185 hmac_mode = 0;
186 break;
187
188 default:
189 dprintk(1,KERN_DEBUG,"%s: bad mac: %d\n", __func__, sop->mac);
190 return -EINVAL;
191 }
192
193 /* Create a session and put it to the list. */
194 ses_new = kzalloc(sizeof(*ses_new), GFP_KERNEL);
195 if(!ses_new) {
196 return -ENOMEM;
197 }
198
199 /* Set-up crypto transform. */
200 if (alg_name) {
201 uint8_t keyp[CRYPTO_CIPHER_MAX_KEY_LEN];
202
203 if (unlikely(sop->keylen > CRYPTO_CIPHER_MAX_KEY_LEN)) {
204 dprintk(1,KERN_DEBUG,"Setting key failed for %s-%zu.\n",
205 alg_name, (size_t)sop->keylen*8);
206 ret = -EINVAL;
207 goto error_cipher;
208 }
209
210 ret = copy_from_user(keyp, sop->key, sop->keylen);
211 if (unlikely(ret)) {
212 goto error_cipher;
213 }
214
215 ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, keyp, sop->keylen);
216
217 if (ret < 0) {
218 dprintk(1,KERN_DEBUG,"%s: Failed to load cipher for %s\n", __func__,
219 alg_name);
220 ret = -EINVAL;
221 goto error_cipher;
222 }
223 }
224
225 if (hash_name) {
226 uint8_t keyp[CRYPTO_HMAC_MAX_KEY_LEN];
227
228 if (unlikely(sop->mackeylen > CRYPTO_HMAC_MAX_KEY_LEN)) {
229 dprintk(1,KERN_DEBUG,"Setting key failed for %s-%zu.\n",
230 alg_name, (size_t)sop->mackeylen*8);
231 ret = -EINVAL;
232 goto error_hash;
233 }
234
235 ret = copy_from_user(keyp, sop->mackey, sop->mackeylen);
236 if (unlikely(ret)) {
237 goto error_hash;
238 }
239
240 ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode, keyp, sop->mackeylen);
241 if (ret != 0) {
242 dprintk(1,KERN_DEBUG,"%s: Failed to load hash for %s\n", __func__,
243 hash_name);
244 ret = -EINVAL;
245 goto error_hash;
246 }
247 }
248
249 ses_new->array_size = 16;
250 dprintk(2, KERN_DEBUG, "%s: preallocating for %d user pages\n",
251 __func__, ses_new->array_size);
252 ses_new->pages = kzalloc(ses_new->array_size *
253 sizeof(struct page *), GFP_KERNEL);
254 ses_new->sg = kzalloc(ses_new->array_size *
255 sizeof(struct scatterlist), GFP_KERNEL);
256
257 /* put the new session to the list */
258 get_random_bytes(&ses_new->sid, sizeof(ses_new->sid));
259 init_MUTEX(&ses_new->sem);
260
261 down(&fcr->sem);
262 restart:
263 list_for_each_entry(ses_ptr, &fcr->list, entry) {
264 /* Check for duplicate SID */
265 if (unlikely(ses_new->sid == ses_ptr->sid)) {
266 get_random_bytes(&ses_new->sid, sizeof(ses_new->sid));
267 /* Unless we have a broken RNG this
268 shouldn't loop forever... ;-) */
269 goto restart;
270 }
271 }
272
273 list_add(&ses_new->entry, &fcr->list);
274 up(&fcr->sem);
275
276 /* Fill in some values for the user. */
277 sop->ses = ses_new->sid;
278
279 return 0;
280
281 error_hash:
282 cryptodev_cipher_deinit( &ses_new->cdata);
283 error_cipher:
284 if (ses_new) kfree(ses_new);
285
286 return ret;
287
288 }
289
290 /* Everything that needs to be done when remowing a session. */
291 static inline void
292 crypto_destroy_session(struct csession *ses_ptr)
293 {
294 if(down_trylock(&ses_ptr->sem)) {
295 dprintk(2, KERN_DEBUG, "Waiting for semaphore of sid=0x%08X\n",
296 ses_ptr->sid);
297 down(&ses_ptr->sem);
298 }
299 dprintk(2, KERN_DEBUG, "Removed session 0x%08X\n", ses_ptr->sid);
300 #if defined(CRYPTODEV_STATS)
301 if(enable_stats)
302 dprintk(2, KERN_DEBUG,
303 "Usage in Bytes: enc=%llu, dec=%llu, max=%zu, avg=%lu, cnt=%zu\n",
304 ses_ptr->stat[COP_ENCRYPT], ses_ptr->stat[COP_DECRYPT],
305 ses_ptr->stat_max_size, ses_ptr->stat_count > 0
306 ? ((unsigned long)(ses_ptr->stat[COP_ENCRYPT]+
307 ses_ptr->stat[COP_DECRYPT]) /
308 ses_ptr->stat_count) : 0,
309 ses_ptr->stat_count);
310 #endif
311 cryptodev_cipher_deinit(&ses_ptr->cdata);
312 cryptodev_hash_deinit(&ses_ptr->hdata);
313 dprintk(2, KERN_DEBUG, "%s: freeing space for %d user pages\n",
314 __func__, ses_ptr->array_size);
315 kfree(ses_ptr->pages);
316 kfree(ses_ptr->sg);
317 up(&ses_ptr->sem);
318 kfree(ses_ptr);
319 }
320
321 /* Look up a session by ID and remove. */
322 static int
323 crypto_finish_session(struct fcrypt *fcr, uint32_t sid)
324 {
325 struct csession *tmp, *ses_ptr;
326 struct list_head *head;
327 int ret = 0;
328
329 down(&fcr->sem);
330 head = &fcr->list;
331 list_for_each_entry_safe(ses_ptr, tmp, head, entry) {
332 if(ses_ptr->sid == sid) {
333 list_del(&ses_ptr->entry);
334 crypto_destroy_session(ses_ptr);
335 break;
336 }
337 }
338
339 if (unlikely(!ses_ptr)) {
340 dprintk(1, KERN_ERR, "Session with sid=0x%08X not found!\n", sid);
341 ret = -ENOENT;
342 }
343 up(&fcr->sem);
344
345 return ret;
346 }
347
348 /* Remove all sessions when closing the file */
349 static int
350 crypto_finish_all_sessions(struct fcrypt *fcr)
351 {
352 struct csession *tmp, *ses_ptr;
353 struct list_head *head;
354
355 down(&fcr->sem);
356
357 head = &fcr->list;
358 list_for_each_entry_safe(ses_ptr, tmp, head, entry) {
359 list_del(&ses_ptr->entry);
360 crypto_destroy_session(ses_ptr);
361 }
362 up(&fcr->sem);
363
364 return 0;
365 }
366
367 /* Look up session by session ID. The returned session is locked. */
368 static struct csession *
369 crypto_get_session_by_sid(struct fcrypt *fcr, uint32_t sid)
370 {
371 struct csession *ses_ptr;
372
373 down(&fcr->sem);
374 list_for_each_entry(ses_ptr, &fcr->list, entry) {
375 if(ses_ptr->sid == sid) {
376 down(&ses_ptr->sem);
377 break;
378 }
379 }
380 up(&fcr->sem);
381
382 return ses_ptr;
383 }
384
385 static int
386 hash_n_crypt(struct csession *ses_ptr, struct crypt_op *cop,
387 struct scatterlist *src_sg, struct scatterlist *dst_sg, uint32_t len)
388 {
389 int ret;
390
391 /* Always hash before encryption and after decryption. Maybe
392 * we should introduce a flag to switch... TBD later on.
393 */
394 if (cop->op == COP_ENCRYPT) {
395 if (ses_ptr->hdata.init != 0) {
396 ret = cryptodev_hash_update(&ses_ptr->hdata, src_sg, len);
397 if (unlikely(ret))
398 goto out_err;
399 }
400 if (ses_ptr->cdata.init != 0) {
401 ret = cryptodev_cipher_encrypt( &ses_ptr->cdata, src_sg, dst_sg, len);
402
403 if (unlikely(ret))
404 goto out_err;
405 }
406 } else {
407 if (ses_ptr->cdata.init != 0) {
408 ret = cryptodev_cipher_decrypt( &ses_ptr->cdata, src_sg, dst_sg, len);
409
410 if (unlikely(ret))
411 goto out_err;
412 }
413
414 if (ses_ptr->hdata.init != 0) {
415 ret = cryptodev_hash_update(&ses_ptr->hdata, dst_sg, len);
416 if (unlikely(ret))
417 goto out_err;
418 }
419 }
420 return 0;
421 out_err:
422 dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n",ret);
423 return ret;
424 }
425
426
427 /* This is the main crypto function - feed it with plaintext
428 and get a ciphertext (or vice versa :-) */
429 static int
430 __crypto_run_std(struct csession *ses_ptr, struct crypt_op *cop)
431 {
432 char *data;
433 char __user *src, __user *dst;
434 struct scatterlist sg;
435 size_t nbytes, bufsize;
436 int ret = 0;
437
438 nbytes = cop->len;
439 data = (char*)__get_free_page(GFP_KERNEL);
440
441 if (unlikely(!data)) {
442 return -ENOMEM;
443 }
444 bufsize = PAGE_SIZE < nbytes ? PAGE_SIZE : nbytes;
445
446 src = cop->src;
447 dst = cop->dst;
448
449 while(nbytes > 0) {
450 size_t current_len = nbytes > bufsize ? bufsize : nbytes;
451
452 ret = copy_from_user(data, src, current_len);
453 if (unlikely(ret))
454 break;
455
456 sg_init_one(&sg, data, current_len);
457
458 ret = hash_n_crypt(ses_ptr, cop, &sg, &sg, current_len);
459
460 if (unlikely(ret))
461 break;
462
463 if (ses_ptr->cdata.init != 0) {
464 ret = copy_to_user(dst, data, current_len);
465 if (unlikely(ret))
466 break;
467 }
468
469 dst += current_len;
470 nbytes -= current_len;
471 src += current_len;
472 }
473
474 free_page((unsigned long)data);
475 return ret;
476 }
477
478 #ifndef DISABLE_ZCOPY
479
480 /* last page - first page + 1 */
481 #define PAGECOUNT(buf, buflen) \
482 ((((unsigned long)(buf + buflen - 1) & PAGE_MASK) >> PAGE_SHIFT) - \
483 (((unsigned long) buf & PAGE_MASK) >> PAGE_SHIFT) + 1)
484
485 /* offset of buf in it's first page */
486 #define PAGEOFFSET(buf) ((unsigned long)buf & ~PAGE_MASK)
487
488 #define MIN(a, b) ((a > b) ? b : a)
489
490 /* fetch the pages addr resides in into pg and initialise sg with them */
491 static int __get_userbuf(uint8_t *addr, uint32_t len,
492 int pgcount, struct page **pg, struct scatterlist *sg)
493 {
494 int ret, pglen, i = 0;
495 struct scatterlist *sgp;
496
497 down_write(&current->mm->mmap_sem);
498 ret = get_user_pages(current, current->mm,
499 (unsigned long)addr, pgcount, 1, 0, pg, NULL);
500 up_write(&current->mm->mmap_sem);
501 if (ret != pgcount)
502 return -EINVAL;
503
504 sg_init_table(sg, pgcount);
505
506 pglen = MIN(PAGE_SIZE - PAGEOFFSET(addr), len);
507 sg_set_page(sg, pg[i++], pglen, PAGEOFFSET(addr));
508
509 len -= pglen;
510 for (sgp = sg_next(sg); len; sgp = sg_next(sgp)) {
511 pglen = MIN(PAGE_SIZE, len);
512 sg_set_page(sgp, pg[i++], pglen, 0);
513 len -= pglen;
514 }
515 sg_mark_end(sg_last(sg, pgcount));
516 return 0;
517 }
518
519 /* make cop->src and cop->dst available in scatterlists */
520 static int get_userbuf(struct csession *ses,
521 struct crypt_op *cop, struct scatterlist **src_sg,
522 struct scatterlist **dst_sg, int *tot_pages)
523 {
524 int src_pagecount, dst_pagecount = 0, pagecount;
525
526 src_pagecount = PAGECOUNT(cop->src, cop->len);
527 if (cop->src != cop->dst) { /* non-in-situ transformation */
528 dst_pagecount = PAGECOUNT(cop->dst, cop->len);
529 }
530 (*tot_pages) = pagecount = src_pagecount + dst_pagecount;
531
532 if (pagecount > ses->array_size) {
533 while (ses->array_size < pagecount)
534 ses->array_size *= 2;
535
536 dprintk(2, KERN_DEBUG, "%s: reallocating to %d elements\n",
537 __func__, ses->array_size);
538 ses->pages = krealloc(ses->pages, ses->array_size *
539 sizeof(struct page *), GFP_KERNEL);
540 ses->sg = krealloc(ses->sg, ses->array_size *
541 sizeof(struct scatterlist), GFP_KERNEL);
542
543 if (ses->sg == NULL || ses->pages == NULL) {
544 return -ENOMEM;
545 }
546 }
547
548 if (__get_userbuf(cop->src, cop->len,
549 src_pagecount, ses->pages, ses->sg)) {
550 printk(KERN_ERR "%s: failed to get user pages\n", __func__);
551 return -EINVAL;
552 }
553 (*src_sg) = (*dst_sg) = ses->sg;
554
555 if (dst_pagecount) {
556 (*dst_sg) = ses->sg + src_pagecount;
557
558 if (__get_userbuf(cop->dst, cop->len, dst_pagecount,
559 ses->pages + src_pagecount, *dst_sg)) {
560 printk(KERN_ERR "%s: failed to get user pages\n", __func__);
561 return -EINVAL;
562 }
563 }
564 return 0;
565 }
566
567 static void release_user_pages(struct page **pg, int pagecount)
568 {
569 while (pagecount--) {
570 if (!PageReserved(pg[pagecount]))
571 SetPageDirty(pg[pagecount]);
572 page_cache_release(pg[pagecount]);
573 }
574 }
575
576 /* This is the main crypto function - zero-copy edition */
577 static int
578 __crypto_run_zc(struct csession *ses_ptr, struct crypt_op *cop)
579 {
580 struct scatterlist *src_sg, *dst_sg;
581 int ret = 0, pagecount;
582
583 ret = get_userbuf(ses_ptr, cop, &src_sg, &dst_sg, &pagecount);
584 if (unlikely(ret)) {
585 dprintk(1, KERN_ERR, "Error getting user pages. Falling back to non zero copy.\n");
586 return __crypto_run_std(ses_ptr, cop);
587 }
588
589 ret = hash_n_crypt(ses_ptr, cop, src_sg, dst_sg, cop->len);
590
591 release_user_pages(ses_ptr->pages, pagecount);
592 return ret;
593 }
594
595 #endif /* DISABLE_ZCOPY */
596
597 static int crypto_run(struct fcrypt *fcr, struct crypt_op *cop)
598 {
599 struct csession *ses_ptr;
600 uint8_t hash_output[AALG_MAX_RESULT_LEN];
601 int ret;
602
603 if (unlikely(cop->op != COP_ENCRYPT && cop->op != COP_DECRYPT)) {
604 dprintk(1, KERN_DEBUG, "invalid operation op=%u\n", cop->op);
605 return -EINVAL;
606 }
607
608 /* this also enters ses_ptr->sem */
609 ses_ptr = crypto_get_session_by_sid(fcr, cop->ses);
610 if (unlikely(!ses_ptr)) {
611 dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", cop->ses);
612 return -EINVAL;
613 }
614
615 if (ses_ptr->hdata.init != 0) {
616 ret = cryptodev_hash_reset(&ses_ptr->hdata);
617 if (unlikely(ret)) {
618 dprintk(1, KERN_ERR,
619 "error in cryptodev_hash_reset()\n");
620 goto out_unlock;
621 }
622 }
623
624 if (ses_ptr->cdata.init != 0) {
625 int blocksize = ses_ptr->cdata.blocksize;
626
627 if (unlikely(cop->len % blocksize)) {
628 dprintk(1, KERN_ERR,
629 "data size (%u) isn't a multiple of block size (%u)\n",
630 cop->len, blocksize);
631 ret = -EINVAL;
632 goto out_unlock;
633 }
634
635 if (cop->iv) {
636 uint8_t iv[EALG_MAX_BLOCK_LEN];
637
638 ret = copy_from_user(iv, cop->iv, min( (int)sizeof(iv), (ses_ptr->cdata.ivsize)));
639 if (unlikely(ret)) {
640 dprintk(1, KERN_ERR, "error copying IV (%d bytes)\n", min( (int)sizeof(iv), (ses_ptr->cdata.ivsize)));
641 goto out_unlock;
642 }
643
644 cryptodev_cipher_set_iv(&ses_ptr->cdata, iv, ses_ptr->cdata.ivsize);
645 }
646 }
647
648 #ifdef DISABLE_ZCOPY
649 ret = __crypto_run_std(ses_ptr, cop);
650 #else /* normal */
651 ret = __crypto_run_zc(ses_ptr, cop);
652 #endif
653 if (unlikely(ret))
654 goto out_unlock;
655
656 if (ses_ptr->hdata.init != 0) {
657 ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output);
658 if (unlikely(ret)) {
659 dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n",ret);
660 goto out_unlock;
661 }
662
663 if (unlikely(copy_to_user(cop->mac, hash_output, ses_ptr->hdata.digestsize)))
664 goto out_unlock;
665 }
666
667 #if defined(CRYPTODEV_STATS)
668 if (enable_stats) {
669 /* this is safe - we check cop->op at the function entry */
670 ses_ptr->stat[cop->op] += cop->len;
671 if (ses_ptr->stat_max_size < cop->len)
672 ses_ptr->stat_max_size = cop->len;
673 ses_ptr->stat_count++;
674 }
675 #endif
676
677 out_unlock:
678 up(&ses_ptr->sem);
679 return ret;
680 }
681
682 /* ====== /dev/crypto ====== */
683
684 static int
685 cryptodev_open(struct inode *inode, struct file *filp)
686 {
687 struct fcrypt *fcr;
688
689 fcr = kmalloc(sizeof(*fcr), GFP_KERNEL);
690 if(!fcr)
691 return -ENOMEM;
692
693 memset(fcr, 0, sizeof(*fcr));
694 init_MUTEX(&fcr->sem);
695 INIT_LIST_HEAD(&fcr->list);
696 filp->private_data = fcr;
697
698 return 0;
699 }
700
701 static int
702 cryptodev_release(struct inode *inode, struct file *filp)
703 {
704 struct fcrypt *fcr = filp->private_data;
705
706 if(fcr) {
707 crypto_finish_all_sessions(fcr);
708 kfree(fcr);
709 filp->private_data = NULL;
710 }
711
712 return 0;
713 }
714
715 static int
716 clonefd(struct file *filp)
717 {
718 struct fdtable *fdt = files_fdtable(current->files);
719 int ret;
720 ret = get_unused_fd();
721 if (ret >= 0) {
722 get_file(filp);
723 FD_SET(ret, fdt->open_fds);
724 fd_install(ret, filp);
725 }
726
727 return ret;
728 }
729
730 static int
731 cryptodev_ioctl(struct inode *inode, struct file *filp,
732 unsigned int cmd, unsigned long arg)
733 {
734 int __user *p = (void __user *)arg;
735 struct session_op sop;
736 struct crypt_op cop;
737 struct fcrypt *fcr = filp->private_data;
738 uint32_t ses;
739 int ret, fd;
740
741 if (unlikely(!fcr))
742 BUG();
743
744 switch (cmd) {
745 case CIOCASYMFEAT:
746 put_user(0, p);
747 return 0;
748 case CRIOGET:
749 fd = clonefd(filp);
750 put_user(fd, p);
751 return 0;
752
753 case CIOCGSESSION:
754 ret = copy_from_user(&sop, (void*)arg, sizeof(sop));
755 if (unlikely(ret))
756 return ret;
757
758 ret = crypto_create_session(fcr, &sop);
759 if (unlikely(ret))
760 return ret;
761 return copy_to_user((void*)arg, &sop, sizeof(sop));
762
763 case CIOCFSESSION:
764 ret = get_user(ses, (uint32_t*)arg);
765 if (unlikely(ret))
766 return ret;
767
768 return crypto_finish_session(fcr, ses);
769
770 case CIOCCRYPT:
771 ret = copy_from_user(&cop, (void*)arg, sizeof(cop));
772 if (unlikely(ret))
773 return ret;
774
775 ret = crypto_run(fcr, &cop);
776 if (unlikely(ret))
777 return ret;
778 return copy_to_user((void*)arg, &cop, sizeof(cop));
779
780 default:
781 return -EINVAL;
782 }
783 }
784
785 /* compatibility code for 32bit userlands */
786 #ifdef CONFIG_COMPAT
787
788 static inline void
789 compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
790 {
791 sop->cipher = compat->cipher;
792 sop->mac = compat->mac;
793 sop->keylen = compat->keylen;
794
795 sop->key = compat_ptr(compat->key);
796 sop->mackeylen = compat->mackeylen;
797 sop->mackey = compat_ptr(compat->mackey);
798 sop->ses = compat->ses;
799 }
800
801 static inline void
802 session_op_to_compat(struct session_op *sop, struct compat_session_op *compat)
803 {
804 compat->cipher = sop->cipher;
805 compat->mac = sop->mac;
806 compat->keylen = sop->keylen;
807
808 compat->key = ptr_to_compat(sop->key);
809 compat->mackeylen = sop->mackeylen;
810 compat->mackey = ptr_to_compat(sop->mackey);
811 compat->ses = sop->ses;
812 }
813
814 static inline void
815 compat_to_crypt_op(struct compat_crypt_op *compat, struct crypt_op *cop)
816 {
817 cop->ses = compat->ses;
818 cop->op = compat->op;
819 cop->flags = compat->flags;
820 cop->len = compat->len;
821
822 cop->src = compat_ptr(compat->src);
823 cop->dst = compat_ptr(compat->dst);
824 cop->mac = compat_ptr(compat->mac);
825 cop->iv = compat_ptr(compat->iv);
826 }
827
828 static inline void
829 crypt_op_to_compat(struct crypt_op *cop, struct compat_crypt_op *compat)
830 {
831 compat->ses = cop->ses;
832 compat->op = cop->op;
833 compat->flags = cop->flags;
834 compat->len = cop->len;
835
836 compat->src = ptr_to_compat(cop->src);
837 compat->dst = ptr_to_compat(cop->dst);
838 compat->mac = ptr_to_compat(cop->mac);
839 compat->iv = ptr_to_compat(cop->iv);
840 }
841
842 static long
843 cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
844 {
845 struct fcrypt *fcr = file->private_data;
846 struct session_op sop;
847 struct compat_session_op compat_sop;
848 struct crypt_op cop;
849 struct compat_crypt_op compat_cop;
850 int ret;
851
852 if (unlikely(!fcr))
853 BUG();
854
855 switch (cmd) {
856 case CIOCASYMFEAT:
857 case CRIOGET:
858 case CIOCFSESSION:
859 return cryptodev_ioctl(NULL, file, cmd, arg);
860
861 case COMPAT_CIOCGSESSION:
862 ret = copy_from_user(&compat_sop,
863 (void *)arg, sizeof(compat_sop));
864 if (unlikely(ret))
865 return ret;
866
867 compat_to_session_op(&compat_sop, &sop);
868
869 ret = crypto_create_session(fcr, &sop);
870 if (unlikely(ret))
871 return ret;
872
873 session_op_to_compat(&sop, &compat_sop);
874 return copy_to_user((void*)arg,
875 &compat_sop, sizeof(compat_sop));
876
877 case COMPAT_CIOCCRYPT:
878 ret = copy_from_user(&compat_cop,
879 (void*)arg, sizeof(compat_cop));
880 if (unlikely(ret))
881 return ret;
882
883 compat_to_crypt_op(&compat_cop, &cop);
884
885 ret = crypto_run(fcr, &cop);
886 if (unlikely(ret))
887 return ret;
888
889 crypt_op_to_compat(&cop, &compat_cop);
890 return copy_to_user((void*)arg,
891 &compat_cop, sizeof(compat_cop));
892
893 default:
894 return -EINVAL;
895 }
896 }
897
898 #endif /* CONFIG_COMPAT */
899
900 struct file_operations cryptodev_fops = {
901 .owner = THIS_MODULE,
902 .open = cryptodev_open,
903 .release = cryptodev_release,
904 .ioctl = cryptodev_ioctl,
905 #ifdef CONFIG_COMPAT
906 .compat_ioctl = cryptodev_compat_ioctl,
907 #endif /* CONFIG_COMPAT */
908 };
909
910 struct miscdevice cryptodev = {
911 .minor = MISC_DYNAMIC_MINOR,
912 .name = "crypto",
913 .fops = &cryptodev_fops,
914 };
915
916 static int
917 cryptodev_register(void)
918 {
919 int rc;
920
921 rc = misc_register (&cryptodev);
922 if (unlikely(rc)) {
923 printk(KERN_ERR PFX "registeration of /dev/crypto failed\n");
924 return rc;
925 }
926
927 return 0;
928 }
929
930 static void
931 cryptodev_deregister(void)
932 {
933 misc_deregister(&cryptodev);
934 }
935
936 /* ====== Module init/exit ====== */
937
938 int __init init_cryptodev(void)
939 {
940 int rc;
941
942 rc = cryptodev_register();
943 if (unlikely(rc))
944 return rc;
945
946 printk(KERN_INFO PFX "driver %s loaded.\n", VERSION);
947
948 return 0;
949 }
950
951 void __exit exit_cryptodev(void)
952 {
953 cryptodev_deregister();
954 printk(KERN_INFO PFX "driver unloaded.\n");
955 }
956
957 module_init(init_cryptodev);
958 module_exit(exit_cryptodev);
Cryptodev for linux