search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rtld - do not allow both dynamic DTV index and static TLS offset
[dragonfly.git] / sys / opencrypto / cryptosoft.c
blob6ad6805cc37c707f9a89fd18836df03c0e777999
1 /*-
2 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
3 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
4 *
5 * This code was written by Angelos D. Keromytis in Athens, Greece, in
6 * February 2000. Network Security Technologies Inc. (NSTI) kindly
7 * supported the development of this code.
8 *
9 * Copyright (c) 2000, 2001 Angelos D. Keromytis
10 *
11 * SMP modifications by Matthew Dillon for the DragonFlyBSD Project
12 *
13 * Permission to use, copy, and modify this software with or without fee
14 * is hereby granted, provided that this entire notice is included in
15 * all source code copies of any software which is or includes a copy or
16 * modification of this software.
17 *
18 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
19 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
20 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
21 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
22 * PURPOSE.
23 *
24 * $FreeBSD: src/sys/opencrypto/cryptosoft.c,v 1.23 2009/02/05 17:43:12 imp Exp $
25 * $OpenBSD: cryptosoft.c,v 1.35 2002/04/26 08:43:50 deraadt Exp $
26 */
27
28 #include <sys/param.h>
29 #include <sys/systm.h>
30 #include <sys/malloc.h>
31 #include <sys/mbuf.h>
32 #include <sys/module.h>
33 #include <sys/sysctl.h>
34 #include <sys/errno.h>
35 #include <sys/endian.h>
36 #include <sys/random.h>
37 #include <sys/kernel.h>
38 #include <sys/uio.h>
39 #include <sys/spinlock2.h>
40
41 #include <crypto/blowfish/blowfish.h>
42 #include <crypto/sha1.h>
43 #include <opencrypto/rmd160.h>
44 #include <opencrypto/cast.h>
45 #include <opencrypto/skipjack.h>
46 #include <sys/md5.h>
47
48 #include <opencrypto/cryptodev.h>
49 #include <opencrypto/cryptosoft.h>
50 #include <opencrypto/xform.h>
51
52 #include <sys/kobj.h>
53 #include <sys/bus.h>
54 #include "cryptodev_if.h"
55
56 static int32_t swcr_id;
57 static struct swcr_data **swcr_sessions = NULL;
58 static u_int32_t swcr_sesnum;
59 static u_int32_t swcr_minsesnum = 1;
60
61 static struct spinlock swcr_spin = SPINLOCK_INITIALIZER(swcr_spin, "swcr_spin");
62
63 u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
64 u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
65
66 static int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
67 static int swcr_authcompute(struct cryptodesc *, struct swcr_data *, caddr_t, int);
68 static int swcr_combined(struct cryptop *);
69 static int swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
70 static int swcr_freesession(device_t dev, u_int64_t tid);
71 static int swcr_freesession_slot(struct swcr_data **swdp, u_int32_t sid);
72
73 /*
74 * Apply a symmetric encryption/decryption algorithm.
75 */
76 static int
77 swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
78 int flags)
79 {
80 unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
81 unsigned char *ivp, *nivp, iv2[EALG_MAX_BLOCK_LEN];
82 u_int8_t *kschedule;
83 u_int8_t *okschedule;
84 struct enc_xform *exf;
85 int i, k, j, blks, ivlen;
86 int error;
87 int explicit_kschedule;
88
89 exf = sw->sw_exf;
90 blks = exf->blocksize;
91 ivlen = exf->ivsize;
92
93 /* Check for non-padded data */
94 if (crd->crd_len % blks)
95 return EINVAL;
96
97 /* Initialize the IV */
98 if (crd->crd_flags & CRD_F_ENCRYPT) {
99 /* IV explicitly provided ? */
100 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
101 bcopy(crd->crd_iv, iv, ivlen);
102 else
103 karc4random_buf(iv, ivlen);
104
105 /* Do we need to write the IV */
106 if (!(crd->crd_flags & CRD_F_IV_PRESENT))
107 crypto_copyback(flags, buf, crd->crd_inject, ivlen, iv);
108
109 } else { /* Decryption */
110 /* IV explicitly provided ? */
111 if (crd->crd_flags & CRD_F_IV_EXPLICIT)
112 bcopy(crd->crd_iv, iv, ivlen);
113 else {
114 /* Get IV off buf */
115 crypto_copydata(flags, buf, crd->crd_inject, ivlen, iv);
116 }
117 }
118
119 ivp = iv;
120
121 /*
122 * The semantics are seriously broken because the session key
123 * storage was never designed for concurrent ops.
124 */
125 if (crd->crd_flags & CRD_F_KEY_EXPLICIT) {
126 kschedule = kmalloc(exf->ctxsize, M_CRYPTO_DATA,
127 M_NOWAIT | M_ZERO);
128 if (kschedule == NULL) {
129 error = ENOMEM;
130 goto out;
131 }
132 error = exf->setkey(kschedule, crd->crd_key,
133 crd->crd_klen / 8);
134 if (error)
135 goto out;
136 explicit_kschedule = 1;
137 } else {
138 spin_lock(&swcr_spin);
139 kschedule = sw->sw_kschedule;
140 ++sw->sw_kschedule_refs;
141 spin_unlock(&swcr_spin);
142 explicit_kschedule = 0;
143 }
144
145 /*
146 * xforms that provide a reinit method perform all IV
147 * handling themselves.
148 */
149 if (exf->reinit)
150 exf->reinit(kschedule, iv);
151
152 if (flags & CRYPTO_F_IMBUF) {
153 struct mbuf *m = (struct mbuf *) buf;
154
155 /* Find beginning of data */
156 m = m_getptr(m, crd->crd_skip, &k);
157 if (m == NULL) {
158 error = EINVAL;
159 goto done;
160 }
161
162 i = crd->crd_len;
163
164 while (i > 0) {
165 /*
166 * If there's insufficient data at the end of
167 * an mbuf, we have to do some copying.
168 */
169 if (m->m_len < k + blks && m->m_len != k) {
170 m_copydata(m, k, blks, blk);
171
172 /* Actual encryption/decryption */
173 if (exf->reinit) {
174 if (crd->crd_flags & CRD_F_ENCRYPT) {
175 exf->encrypt(kschedule,
176 blk, iv);
177 } else {
178 exf->decrypt(kschedule,
179 blk, iv);
180 }
181 } else if (crd->crd_flags & CRD_F_ENCRYPT) {
182 /* XOR with previous block */
183 for (j = 0; j < blks; j++)
184 blk[j] ^= ivp[j];
185
186 exf->encrypt(kschedule, blk, iv);
187
188 /*
189 * Keep encrypted block for XOR'ing
190 * with next block
191 */
192 bcopy(blk, iv, blks);
193 ivp = iv;
194 } else { /* decrypt */
195 /*
196 * Keep encrypted block for XOR'ing
197 * with next block
198 */
199 nivp = (ivp == iv) ? iv2 : iv;
200 bcopy(blk, nivp, blks);
201
202 exf->decrypt(kschedule, blk, iv);
203
204 /* XOR with previous block */
205 for (j = 0; j < blks; j++)
206 blk[j] ^= ivp[j];
207
208 ivp = nivp;
209 }
210
211 /* Copy back decrypted block */
212 m_copyback(m, k, blks, blk);
213
214 /* Advance pointer */
215 m = m_getptr(m, k + blks, &k);
216 if (m == NULL) {
217 error = EINVAL;
218 goto done;
219 }
220
221 i -= blks;
222
223 /* Could be done... */
224 if (i == 0)
225 break;
226 }
227
228 /* Skip possibly empty mbufs */
229 if (k == m->m_len) {
230 for (m = m->m_next; m && m->m_len == 0;
231 m = m->m_next)
232 ;
233 k = 0;
234 }
235
236 /* Sanity check */
237 if (m == NULL) {
238 error = EINVAL;
239 goto done;
240 }
241
242 /*
243 * Warning: idat may point to garbage here, but
244 * we only use it in the while() loop, only if
245 * there are indeed enough data.
246 */
247 idat = mtod(m, unsigned char *) + k;
248
249 while (m->m_len >= k + blks && i > 0) {
250 if (exf->reinit) {
251 if (crd->crd_flags & CRD_F_ENCRYPT) {
252 exf->encrypt(kschedule,
253 idat, iv);
254 } else {
255 exf->decrypt(kschedule,
256 idat, iv);
257 }
258 } else if (crd->crd_flags & CRD_F_ENCRYPT) {
259 /* XOR with previous block/IV */
260 for (j = 0; j < blks; j++)
261 idat[j] ^= ivp[j];
262
263 exf->encrypt(kschedule, idat, iv);
264 ivp = idat;
265 } else { /* decrypt */
266 /*
267 * Keep encrypted block to be used
268 * in next block's processing.
269 */
270 nivp = (ivp == iv) ? iv2 : iv;
271 bcopy(idat, nivp, blks);
272
273 exf->decrypt(kschedule, idat, iv);
274
275 /* XOR with previous block/IV */
276 for (j = 0; j < blks; j++)
277 idat[j] ^= ivp[j];
278
279 ivp = nivp;
280 }
281
282 idat += blks;
283 k += blks;
284 i -= blks;
285 }
286 }
287 error = 0; /* Done with mbuf encryption/decryption */
288 } else if (flags & CRYPTO_F_IOV) {
289 struct uio *uio = (struct uio *) buf;
290 struct iovec *iov;
291
292 /* Find beginning of data */
293 iov = cuio_getptr(uio, crd->crd_skip, &k);
294 if (iov == NULL) {
295 error = EINVAL;
296 goto done;
297 }
298
299 i = crd->crd_len;
300
301 while (i > 0) {
302 /*
303 * If there's insufficient data at the end of
304 * an iovec, we have to do some copying.
305 */
306 if (iov->iov_len < k + blks && iov->iov_len != k) {
307 cuio_copydata(uio, k, blks, blk);
308
309 /* Actual encryption/decryption */
310 if (exf->reinit) {
311 if (crd->crd_flags & CRD_F_ENCRYPT) {
312 exf->encrypt(kschedule,
313 blk, iv);
314 } else {
315 exf->decrypt(kschedule,
316 blk, iv);
317 }
318 } else if (crd->crd_flags & CRD_F_ENCRYPT) {
319 /* XOR with previous block */
320 for (j = 0; j < blks; j++)
321 blk[j] ^= ivp[j];
322
323 exf->encrypt(kschedule, blk, iv);
324
325 /*
326 * Keep encrypted block for XOR'ing
327 * with next block
328 */
329 bcopy(blk, iv, blks);
330 ivp = iv;
331 } else { /* decrypt */
332 /*
333 * Keep encrypted block for XOR'ing
334 * with next block
335 */
336 nivp = (ivp == iv) ? iv2 : iv;
337 bcopy(blk, nivp, blks);
338
339 exf->decrypt(kschedule, blk, iv);
340
341 /* XOR with previous block */
342 for (j = 0; j < blks; j++)
343 blk[j] ^= ivp[j];
344
345 ivp = nivp;
346 }
347
348 /* Copy back decrypted block */
349 cuio_copyback(uio, k, blks, blk);
350
351 /* Advance pointer */
352 iov = cuio_getptr(uio, k + blks, &k);
353 if (iov == NULL) {
354 error = EINVAL;
355 goto done;
356 }
357
358 i -= blks;
359
360 /* Could be done... */
361 if (i == 0)
362 break;
363 }
364
365 /*
366 * Warning: idat may point to garbage here, but
367 * we only use it in the while() loop, only if
368 * there are indeed enough data.
369 */
370 idat = (char *)iov->iov_base + k;
371
372 while (iov->iov_len >= k + blks && i > 0) {
373 if (exf->reinit) {
374 if (crd->crd_flags & CRD_F_ENCRYPT) {
375 exf->encrypt(kschedule,
376 idat, iv);
377 } else {
378 exf->decrypt(kschedule,
379 idat, iv);
380 }
381 } else if (crd->crd_flags & CRD_F_ENCRYPT) {
382 /* XOR with previous block/IV */
383 for (j = 0; j < blks; j++)
384 idat[j] ^= ivp[j];
385
386 exf->encrypt(kschedule, idat, iv);
387 ivp = idat;
388 } else { /* decrypt */
389 /*
390 * Keep encrypted block to be used
391 * in next block's processing.
392 */
393 nivp = (ivp == iv) ? iv2 : iv;
394 bcopy(idat, nivp, blks);
395
396 exf->decrypt(kschedule, idat, iv);
397
398 /* XOR with previous block/IV */
399 for (j = 0; j < blks; j++)
400 idat[j] ^= ivp[j];
401
402 ivp = nivp;
403 }
404
405 idat += blks;
406 k += blks;
407 i -= blks;
408 }
409 if (k == iov->iov_len) {
410 iov++;
411 k = 0;
412 }
413 }
414 error = 0; /* Done with iovec encryption/decryption */
415 } else {
416 /*
417 * contiguous buffer
418 */
419 if (exf->reinit) {
420 for(i = crd->crd_skip;
421 i < crd->crd_skip + crd->crd_len; i += blks) {
422 if (crd->crd_flags & CRD_F_ENCRYPT) {
423 exf->encrypt(kschedule, buf + i, iv);
424 } else {
425 exf->decrypt(kschedule, buf + i, iv);
426 }
427 }
428 } else if (crd->crd_flags & CRD_F_ENCRYPT) {
429 for (i = crd->crd_skip;
430 i < crd->crd_skip + crd->crd_len; i += blks) {
431 /* XOR with the IV/previous block, as appropriate. */
432 if (i == crd->crd_skip)
433 for (k = 0; k < blks; k++)
434 buf[i + k] ^= ivp[k];
435 else
436 for (k = 0; k < blks; k++)
437 buf[i + k] ^= buf[i + k - blks];
438 exf->encrypt(kschedule, buf + i, iv);
439 }
440 } else { /* Decrypt */
441 /*
442 * Start at the end, so we don't need to keep the
443 * encrypted block as the IV for the next block.
444 */
445 for (i = crd->crd_skip + crd->crd_len - blks;
446 i >= crd->crd_skip; i -= blks) {
447 exf->decrypt(kschedule, buf + i, iv);
448
449 /* XOR with the IV/previous block, as appropriate */
450 if (i == crd->crd_skip)
451 for (k = 0; k < blks; k++)
452 buf[i + k] ^= ivp[k];
453 else
454 for (k = 0; k < blks; k++)
455 buf[i + k] ^= buf[i + k - blks];
456 }
457 }
458 error = 0; /* Done w/contiguous buffer encrypt/decrypt */
459 }
460
461 done:
462 /*
463 * Cleanup - explicitly replace the session key if requested
464 * (horrible semantics for concurrent operation)
465 */
466 if (explicit_kschedule) {
467 okschedule = NULL;
468 spin_lock(&swcr_spin);
469 if (sw->sw_kschedule && sw->sw_kschedule_refs == 0) {
470 okschedule = sw->sw_kschedule;
471 sw->sw_kschedule = kschedule;
472 }
473 spin_unlock(&swcr_spin);
474 if (okschedule) {
475 bzero(okschedule, exf->ctxsize);
476 kfree(okschedule, M_CRYPTO_DATA);
477 }
478 } else {
479 spin_lock(&swcr_spin);
480 --sw->sw_kschedule_refs;
481 spin_unlock(&swcr_spin);
482 }
483
484 out:
485 return error;
486 }
487
488 static void
489 swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key,
490 int klen)
491 {
492 int k;
493
494 klen /= 8;
495
496 switch (axf->type) {
497 case CRYPTO_MD5_HMAC:
498 case CRYPTO_SHA1_HMAC:
499 case CRYPTO_SHA2_256_HMAC:
500 case CRYPTO_SHA2_384_HMAC:
501 case CRYPTO_SHA2_512_HMAC:
502 case CRYPTO_NULL_HMAC:
503 case CRYPTO_RIPEMD160_HMAC:
504 for (k = 0; k < klen; k++)
505 key[k] ^= HMAC_IPAD_VAL;
506
507 axf->Init(sw->sw_ictx);
508 axf->Update(sw->sw_ictx, key, klen);
509 axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen);
510
511 for (k = 0; k < klen; k++)
512 key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
513
514 axf->Init(sw->sw_octx);
515 axf->Update(sw->sw_octx, key, klen);
516 axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen);
517
518 for (k = 0; k < klen; k++)
519 key[k] ^= HMAC_OPAD_VAL;
520 break;
521 case CRYPTO_MD5_KPDK:
522 case CRYPTO_SHA1_KPDK:
523 {
524 /* We need a buffer that can hold an md5 and a sha1 result. */
525 u_char buf[SHA1_RESULTLEN];
526
527 sw->sw_klen = klen;
528 bcopy(key, sw->sw_octx, klen);
529 axf->Init(sw->sw_ictx);
530 axf->Update(sw->sw_ictx, key, klen);
531 axf->Final(buf, sw->sw_ictx);
532 break;
533 }
534 default:
535 kprintf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d "
536 "doesn't use keys.\n", __func__, axf->type);
537 }
538 }
539
540 /*
541 * Compute keyed-hash authenticator.
542 */
543 static int
544 swcr_authcompute(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
545 int flags)
546 {
547 unsigned char aalg[HASH_MAX_LEN];
548 struct auth_hash *axf;
549 union authctx ctx;
550 int err;
551
552 if (sw->sw_ictx == NULL)
553 return EINVAL;
554
555 axf = sw->sw_axf;
556
557 if (crd->crd_flags & CRD_F_KEY_EXPLICIT)
558 swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen);
559
560 bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
561
562 err = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len,
563 (int (*)(void *, void *, unsigned int))axf->Update, (caddr_t)&ctx);
564 if (err)
565 return err;
566
567 switch (sw->sw_alg) {
568 case CRYPTO_MD5_HMAC:
569 case CRYPTO_SHA1_HMAC:
570 case CRYPTO_SHA2_256_HMAC:
571 case CRYPTO_SHA2_384_HMAC:
572 case CRYPTO_SHA2_512_HMAC:
573 case CRYPTO_RIPEMD160_HMAC:
574 if (sw->sw_octx == NULL)
575 return EINVAL;
576
577 axf->Final(aalg, &ctx);
578 bcopy(sw->sw_octx, &ctx, axf->ctxsize);
579 axf->Update(&ctx, aalg, axf->hashsize);
580 axf->Final(aalg, &ctx);
581 break;
582
583 case CRYPTO_MD5_KPDK:
584 case CRYPTO_SHA1_KPDK:
585 if (sw->sw_octx == NULL)
586 return EINVAL;
587
588 axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
589 axf->Final(aalg, &ctx);
590 break;
591
592 case CRYPTO_NULL_HMAC:
593 axf->Final(aalg, &ctx);
594 break;
595 }
596
597 /* Inject the authentication data */
598 crypto_copyback(flags, buf, crd->crd_inject,
599 sw->sw_mlen == 0 ? axf->hashsize : sw->sw_mlen, aalg);
600 return 0;
601 }
602
603 /*
604 * Apply a combined encryption-authentication transformation
605 */
606 static int
607 swcr_combined(struct cryptop *crp)
608 {
609 uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
610 u_char *blk = (u_char *)blkbuf;
611 u_char aalg[HASH_MAX_LEN];
612 u_char iv[EALG_MAX_BLOCK_LEN];
613 uint8_t *kschedule;
614 union authctx ctx;
615 struct cryptodesc *crd, *crda = NULL, *crde = NULL;
616 struct swcr_data *sw, *swa, *swe;
617 struct auth_hash *axf = NULL;
618 struct enc_xform *exf = NULL;
619 caddr_t buf = (caddr_t)crp->crp_buf;
620 uint32_t *blkp;
621 int i, blksz, ivlen, len;
622
623 blksz = 0;
624 ivlen = 0;
625
626 for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
627 for (sw = swcr_sessions[crp->crp_sid & 0xffffffff];
628 sw && sw->sw_alg != crd->crd_alg;
629 sw = sw->sw_next)
630 ;
631 if (sw == NULL)
632 return (EINVAL);
633
634 switch (sw->sw_alg) {
635 case CRYPTO_AES_GCM_16:
636 case CRYPTO_AES_GMAC:
637 swe = sw;
638 crde = crd;
639 exf = swe->sw_exf;
640 ivlen = exf->ivsize;
641 break;
642 case CRYPTO_AES_128_GMAC:
643 case CRYPTO_AES_192_GMAC:
644 case CRYPTO_AES_256_GMAC:
645 swa = sw;
646 crda = crd;
647 axf = swa->sw_axf;
648 if (swa->sw_ictx == NULL)
649 return (EINVAL);
650 bcopy(swa->sw_ictx, &ctx, axf->ctxsize);
651 blksz = axf->blocksize;
652 break;
653 default:
654 return (EINVAL);
655 }
656 }
657 if (crde == NULL || crda == NULL)
658 return (EINVAL);
659
660 /* Initialize the IV */
661 if (crde->crd_flags & CRD_F_ENCRYPT) {
662 /* IV explicitly provided ? */
663 if (crde->crd_flags & CRD_F_IV_EXPLICIT)
664 bcopy(crde->crd_iv, iv, ivlen);
665 else
666 karc4random_buf(iv, ivlen);
667
668 /* Do we need to write the IV */
669 if (!(crde->crd_flags & CRD_F_IV_PRESENT))
670 crypto_copyback(crde->crd_flags, buf, crde->crd_inject,
671 ivlen, iv);
672
673 } else { /* Decryption */
674 /* IV explicitly provided ? */
675 if (crde->crd_flags & CRD_F_IV_EXPLICIT)
676 bcopy(crde->crd_iv, iv, ivlen);
677 else
678 /* Get IV off buf */
679 crypto_copydata(crde->crd_flags, buf, crde->crd_inject,
680 ivlen, iv);
681 }
682
683 /* Supply MAC with IV */
684 if (axf->Reinit)
685 axf->Reinit(&ctx, iv, ivlen);
686
687 /* Supply MAC with AAD */
688 for (i = 0; i < crda->crd_len; i += blksz) {
689 len = MIN(crda->crd_len - i, blksz);
690 crypto_copydata(crde->crd_flags, buf, crda->crd_skip + i, len,
691 blk);
692 axf->Update(&ctx, blk, len);
693 }
694
695 spin_lock(&swcr_spin);
696 kschedule = sw->sw_kschedule;
697 ++sw->sw_kschedule_refs;
698 spin_unlock(&swcr_spin);
699
700 if (exf->reinit)
701 exf->reinit(kschedule, iv);
702
703 /* Do encryption/decryption with MAC */
704 for (i = 0; i < crde->crd_len; i += blksz) {
705 len = MIN(crde->crd_len - i, blksz);
706 if (len < blksz)
707 bzero(blk, blksz);
708 crypto_copydata(crde->crd_flags, buf, crde->crd_skip + i, len,
709 blk);
710 if (crde->crd_flags & CRD_F_ENCRYPT) {
711 exf->encrypt(kschedule, blk, iv);
712 axf->Update(&ctx, blk, len);
713 } else {
714 axf->Update(&ctx, blk, len);
715 exf->decrypt(kschedule, blk, iv);
716 }
717 crypto_copyback(crde->crd_flags, buf, crde->crd_skip + i, len,
718 blk);
719 }
720
721 /* Do any required special finalization */
722 switch (crda->crd_alg) {
723 case CRYPTO_AES_128_GMAC:
724 case CRYPTO_AES_192_GMAC:
725 case CRYPTO_AES_256_GMAC:
726 /* length block */
727 bzero(blk, blksz);
728 blkp = (uint32_t *)blk + 1;
729 *blkp = htobe32(crda->crd_len * 8);
730 blkp = (uint32_t *)blk + 3;
731 *blkp = htobe32(crde->crd_len * 8);
732 axf->Update(&ctx, blk, blksz);
733 break;
734 }
735
736 /* Finalize MAC */
737 axf->Final(aalg, &ctx);
738
739 /* Inject the authentication data */
740 crypto_copyback(crda->crd_flags, crp->crp_buf, crda->crd_inject,
741 axf->blocksize, aalg);
742
743 spin_lock(&swcr_spin);
744 --sw->sw_kschedule_refs;
745 spin_unlock(&swcr_spin);
746
747 return (0);
748 }
749
750 /*
751 * Apply a compression/decompression algorithm
752 */
753 static int
754 swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw,
755 caddr_t buf, int flags)
756 {
757 u_int8_t *data, *out;
758 struct comp_algo *cxf;
759 int adj;
760 u_int32_t result;
761
762 cxf = sw->sw_cxf;
763
764 /*
765 * We must handle the whole buffer of data in one time
766 * then if there is not all the data in the mbuf, we must
767 * copy in a buffer.
768 */
769 data = kmalloc(crd->crd_len, M_CRYPTO_DATA, M_INTWAIT);
770 crypto_copydata(flags, buf, crd->crd_skip, crd->crd_len, data);
771
772 if (crd->crd_flags & CRD_F_COMP)
773 result = cxf->compress(data, crd->crd_len, &out);
774 else
775 result = cxf->decompress(data, crd->crd_len, &out);
776
777 kfree(data, M_CRYPTO_DATA);
778 if (result == 0)
779 return EINVAL;
780
781 sw->sw_size = result;
782 /* Check the compressed size when doing compression */
783 if (crd->crd_flags & CRD_F_COMP) {
784 if (result >= crd->crd_len) {
785 /* Compression was useless, we lost time */
786 kfree(out, M_CRYPTO_DATA);
787 return 0;
788 }
789 }
790
791 /*
792 * Copy back the (de)compressed data.
793 * If CRYPTO_F_IMBUF, the mbuf will be extended as necessary.
794 */
795 crypto_copyback(flags, buf, crd->crd_skip, result, out);
796 if (result < crd->crd_len) {
797 adj = result - crd->crd_len;
798 if (flags & CRYPTO_F_IMBUF) {
799 adj = result - crd->crd_len;
800 m_adj((struct mbuf *)buf, adj);
801 } else if (flags & CRYPTO_F_IOV) {
802 struct uio *uio = (struct uio *)buf;
803 int ind;
804
805 adj = crd->crd_len - result;
806 ind = uio->uio_iovcnt - 1;
807
808 while (adj > 0 && ind >= 0) {
809 if (adj < uio->uio_iov[ind].iov_len) {
810 uio->uio_iov[ind].iov_len -= adj;
811 break;
812 }
813
814 adj -= uio->uio_iov[ind].iov_len;
815 uio->uio_iov[ind].iov_len = 0;
816 ind--;
817 uio->uio_iovcnt--;
818 }
819 }
820 }
821 kfree(out, M_CRYPTO_DATA);
822 return 0;
823 }
824
825 /*
826 * Generate a new software session.
827 */
828 static int
829 swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
830 {
831 struct swcr_data *swd_base;
832 struct swcr_data **swd;
833 struct swcr_data **oswd;
834 struct auth_hash *axf;
835 struct enc_xform *txf;
836 struct comp_algo *cxf;
837 u_int32_t i;
838 u_int32_t n;
839 int error;
840
841 if (sid == NULL || cri == NULL)
842 return EINVAL;
843
844 swd_base = NULL;
845 swd = &swd_base;
846
847 while (cri) {
848 *swd = kmalloc(sizeof(struct swcr_data),
849 M_CRYPTO_DATA, M_WAITOK | M_ZERO);
850
851 switch (cri->cri_alg) {
852 case CRYPTO_DES_CBC:
853 txf = &enc_xform_des;
854 goto enccommon;
855 case CRYPTO_3DES_CBC:
856 txf = &enc_xform_3des;
857 goto enccommon;
858 case CRYPTO_BLF_CBC:
859 txf = &enc_xform_blf;
860 goto enccommon;
861 case CRYPTO_CAST_CBC:
862 txf = &enc_xform_cast5;
863 goto enccommon;
864 case CRYPTO_SKIPJACK_CBC:
865 txf = &enc_xform_skipjack;
866 goto enccommon;
867 case CRYPTO_RIJNDAEL128_CBC:
868 txf = &enc_xform_rijndael128;
869 goto enccommon;
870 case CRYPTO_AES_XTS:
871 txf = &enc_xform_aes_xts;
872 goto enccommon;
873 case CRYPTO_AES_CTR:
874 txf = &enc_xform_aes_ctr;
875 goto enccommon;
876 case CRYPTO_AES_GCM_16:
877 txf = &enc_xform_aes_gcm;
878 goto enccommon;
879 case CRYPTO_AES_GMAC:
880 txf = &enc_xform_aes_gmac;
881 (*swd)->sw_exf = txf;
882 break;
883 case CRYPTO_CAMELLIA_CBC:
884 txf = &enc_xform_camellia;
885 goto enccommon;
886 case CRYPTO_TWOFISH_CBC:
887 txf = &enc_xform_twofish;
888 goto enccommon;
889 case CRYPTO_SERPENT_CBC:
890 txf = &enc_xform_serpent;
891 goto enccommon;
892 case CRYPTO_TWOFISH_XTS:
893 txf = &enc_xform_twofish_xts;
894 goto enccommon;
895 case CRYPTO_SERPENT_XTS:
896 txf = &enc_xform_serpent_xts;
897 goto enccommon;
898 case CRYPTO_NULL_CBC:
899 txf = &enc_xform_null;
900 goto enccommon;
901 enccommon:
902 KKASSERT(txf->ctxsize > 0);
903 (*swd)->sw_kschedule = kmalloc(txf->ctxsize,
904 M_CRYPTO_DATA,
905 M_WAITOK | M_ZERO);
906 if (cri->cri_key != NULL) {
907 error = txf->setkey((*swd)->sw_kschedule,
908 cri->cri_key,
909 cri->cri_klen / 8);
910 if (error) {
911 swcr_freesession_slot(&swd_base, 0);
912 return error;
913 }
914 }
915 (*swd)->sw_exf = txf;
916 break;
917
918 case CRYPTO_MD5_HMAC:
919 axf = &auth_hash_hmac_md5;
920 goto authcommon;
921 case CRYPTO_SHA1_HMAC:
922 axf = &auth_hash_hmac_sha1;
923 goto authcommon;
924 case CRYPTO_SHA2_256_HMAC:
925 axf = &auth_hash_hmac_sha2_256;
926 goto authcommon;
927 case CRYPTO_SHA2_384_HMAC:
928 axf = &auth_hash_hmac_sha2_384;
929 goto authcommon;
930 case CRYPTO_SHA2_512_HMAC:
931 axf = &auth_hash_hmac_sha2_512;
932 goto authcommon;
933 case CRYPTO_NULL_HMAC:
934 axf = &auth_hash_null;
935 goto authcommon;
936 case CRYPTO_RIPEMD160_HMAC:
937 axf = &auth_hash_hmac_ripemd_160;
938 authcommon:
939 (*swd)->sw_ictx = kmalloc(axf->ctxsize, M_CRYPTO_DATA,
940 M_WAITOK);
941 (*swd)->sw_octx = kmalloc(axf->ctxsize, M_CRYPTO_DATA,
942 M_WAITOK);
943
944 if (cri->cri_key != NULL) {
945 swcr_authprepare(axf, *swd, cri->cri_key,
946 cri->cri_klen);
947 }
948
949 (*swd)->sw_mlen = cri->cri_mlen;
950 (*swd)->sw_axf = axf;
951 break;
952
953 case CRYPTO_MD5_KPDK:
954 axf = &auth_hash_key_md5;
955 goto auth2common;
956
957 case CRYPTO_SHA1_KPDK:
958 axf = &auth_hash_key_sha1;
959 auth2common:
960 (*swd)->sw_ictx = kmalloc(axf->ctxsize, M_CRYPTO_DATA,
961 M_WAITOK);
962 (*swd)->sw_octx = kmalloc(cri->cri_klen / 8,
963 M_CRYPTO_DATA, M_WAITOK);
964
965 /* Store the key so we can "append" it to the payload */
966 if (cri->cri_key != NULL) {
967 swcr_authprepare(axf, *swd, cri->cri_key,
968 cri->cri_klen);
969 }
970
971 (*swd)->sw_mlen = cri->cri_mlen;
972 (*swd)->sw_axf = axf;
973 break;
974 #ifdef notdef
975 case CRYPTO_MD5:
976 axf = &auth_hash_md5;
977 goto auth3common;
978
979 case CRYPTO_SHA1:
980 axf = &auth_hash_sha1;
981 auth3common:
982 (*swd)->sw_ictx = kmalloc(axf->ctxsize, M_CRYPTO_DATA,
983 M_WAITOK);
984
985 axf->Init((*swd)->sw_ictx);
986 (*swd)->sw_mlen = cri->cri_mlen;
987 (*swd)->sw_axf = axf;
988 break;
989 #endif
990 case CRYPTO_AES_128_GMAC:
991 axf = &auth_hash_gmac_aes_128;
992 goto auth4common;
993
994 case CRYPTO_AES_192_GMAC:
995 axf = &auth_hash_gmac_aes_192;
996 goto auth4common;
997
998 case CRYPTO_AES_256_GMAC:
999 axf = &auth_hash_gmac_aes_256;
1000 auth4common:
1001 (*swd)->sw_ictx = kmalloc(axf->ctxsize, M_CRYPTO_DATA,
1002 M_NOWAIT);
1003 if ((*swd)->sw_ictx == NULL) {
1004 swcr_freesession_slot(&swd_base, 0);
1005 return ENOBUFS;
1006 }
1007
1008 axf->Init((*swd)->sw_ictx);
1009 error = axf->Setkey((*swd)->sw_ictx, cri->cri_key,
1010 cri->cri_klen / 8);
1011 if (error) {
1012 swcr_freesession_slot(&swd_base, 0);
1013 return error;
1014 }
1015 (*swd)->sw_axf = axf;
1016 break;
1017
1018 case CRYPTO_DEFLATE_COMP:
1019 cxf = &comp_algo_deflate;
1020 (*swd)->sw_cxf = cxf;
1021 break;
1022 default:
1023 swcr_freesession_slot(&swd_base, 0);
1024 return EINVAL;
1025 }
1026
1027 (*swd)->sw_alg = cri->cri_alg;
1028 cri = cri->cri_next;
1029 swd = &((*swd)->sw_next);
1030 }
1031
1032 for (;;) {
1033 /*
1034 * Atomically allocate a session
1035 */
1036 spin_lock(&swcr_spin);
1037 for (i = swcr_minsesnum; i < swcr_sesnum; ++i) {
1038 if (swcr_sessions[i] == NULL)
1039 break;
1040 }
1041 if (i < swcr_sesnum) {
1042 swcr_sessions[i] = swd_base;
1043 swcr_minsesnum = i + 1;
1044 spin_unlock(&swcr_spin);
1045 break;
1046 }
1047 n = swcr_sesnum;
1048 spin_unlock(&swcr_spin);
1049
1050 /*
1051 * A larger allocation is required, reallocate the array
1052 * and replace, checking for SMP races.
1053 */
1054 if (n < CRYPTO_SW_SESSIONS)
1055 n = CRYPTO_SW_SESSIONS;
1056 else
1057 n = n * 3 / 2;
1058 swd = kmalloc(n * sizeof(struct swcr_data *),
1059 M_CRYPTO_DATA, M_WAITOK | M_ZERO);
1060
1061 spin_lock(&swcr_spin);
1062 if (swcr_sesnum >= n) {
1063 spin_unlock(&swcr_spin);
1064 kfree(swd, M_CRYPTO_DATA);
1065 } else if (swcr_sesnum) {
1066 bcopy(swcr_sessions, swd,
1067 swcr_sesnum * sizeof(struct swcr_data *));
1068 oswd = swcr_sessions;
1069 swcr_sessions = swd;
1070 swcr_sesnum = n;
1071 spin_unlock(&swcr_spin);
1072 kfree(oswd, M_CRYPTO_DATA);
1073 } else {
1074 swcr_sessions = swd;
1075 swcr_sesnum = n;
1076 spin_unlock(&swcr_spin);
1077 }
1078 }
1079
1080 *sid = i;
1081 return 0;
1082 }
1083
1084 /*
1085 * Free a session.
1086 */
1087 static int
1088 swcr_freesession(device_t dev, u_int64_t tid)
1089 {
1090 u_int32_t sid = CRYPTO_SESID2LID(tid);
1091
1092 if (sid > swcr_sesnum || swcr_sessions == NULL ||
1093 swcr_sessions[sid] == NULL) {
1094 return EINVAL;
1095 }
1096
1097 /* Silently accept and return */
1098 if (sid == 0)
1099 return 0;
1100
1101 return(swcr_freesession_slot(&swcr_sessions[sid], sid));
1102 }
1103
1104 static
1105 int
1106 swcr_freesession_slot(struct swcr_data **swdp, u_int32_t sid)
1107 {
1108 struct enc_xform *txf;
1109 struct auth_hash *axf;
1110 struct swcr_data *swd;
1111 struct swcr_data *swnext;
1112
1113 /*
1114 * Protect session detachment with the spinlock.
1115 */
1116 spin_lock(&swcr_spin);
1117 swnext = *swdp;
1118 *swdp = NULL;
1119 if (sid && swcr_minsesnum > sid)
1120 swcr_minsesnum = sid;
1121 spin_unlock(&swcr_spin);
1122
1123 /*
1124 * Clean up at our leisure.
1125 */
1126 while ((swd = swnext) != NULL) {
1127 swnext = swd->sw_next;
1128
1129 swd->sw_next = NULL;
1130
1131 switch (swd->sw_alg) {
1132 case CRYPTO_DES_CBC:
1133 case CRYPTO_3DES_CBC:
1134 case CRYPTO_BLF_CBC:
1135 case CRYPTO_CAST_CBC:
1136 case CRYPTO_SKIPJACK_CBC:
1137 case CRYPTO_RIJNDAEL128_CBC:
1138 case CRYPTO_AES_XTS:
1139 case CRYPTO_AES_CTR:
1140 case CRYPTO_AES_GCM_16:
1141 case CRYPTO_AES_GMAC:
1142 case CRYPTO_CAMELLIA_CBC:
1143 case CRYPTO_TWOFISH_CBC:
1144 case CRYPTO_SERPENT_CBC:
1145 case CRYPTO_TWOFISH_XTS:
1146 case CRYPTO_SERPENT_XTS:
1147 case CRYPTO_NULL_CBC:
1148 txf = swd->sw_exf;
1149
1150 if (swd->sw_kschedule) {
1151 bzero(swd->sw_kschedule, txf->ctxsize);
1152 kfree(swd->sw_kschedule, M_CRYPTO_DATA);
1153 }
1154 break;
1155
1156 case CRYPTO_MD5_HMAC:
1157 case CRYPTO_SHA1_HMAC:
1158 case CRYPTO_SHA2_256_HMAC:
1159 case CRYPTO_SHA2_384_HMAC:
1160 case CRYPTO_SHA2_512_HMAC:
1161 case CRYPTO_RIPEMD160_HMAC:
1162 case CRYPTO_NULL_HMAC:
1163 axf = swd->sw_axf;
1164
1165 if (swd->sw_ictx) {
1166 bzero(swd->sw_ictx, axf->ctxsize);
1167 kfree(swd->sw_ictx, M_CRYPTO_DATA);
1168 }
1169 if (swd->sw_octx) {
1170 bzero(swd->sw_octx, axf->ctxsize);
1171 kfree(swd->sw_octx, M_CRYPTO_DATA);
1172 }
1173 break;
1174
1175 case CRYPTO_MD5_KPDK:
1176 case CRYPTO_SHA1_KPDK:
1177 axf = swd->sw_axf;
1178
1179 if (swd->sw_ictx) {
1180 bzero(swd->sw_ictx, axf->ctxsize);
1181 kfree(swd->sw_ictx, M_CRYPTO_DATA);
1182 }
1183 if (swd->sw_octx) {
1184 bzero(swd->sw_octx, swd->sw_klen);
1185 kfree(swd->sw_octx, M_CRYPTO_DATA);
1186 }
1187 break;
1188
1189 case CRYPTO_AES_128_GMAC:
1190 case CRYPTO_AES_192_GMAC:
1191 case CRYPTO_AES_256_GMAC:
1192 case CRYPTO_MD5:
1193 case CRYPTO_SHA1:
1194 axf = swd->sw_axf;
1195
1196 if (swd->sw_ictx) {
1197 bzero(swd->sw_ictx, axf->ctxsize);
1198 kfree(swd->sw_ictx, M_CRYPTO_DATA);
1199 }
1200 break;
1201
1202 case CRYPTO_DEFLATE_COMP:
1203 break;
1204 }
1205
1206 //FREE(swd, M_CRYPTO_DATA);
1207 kfree(swd, M_CRYPTO_DATA);
1208 }
1209 return 0;
1210 }
1211
1212 /*
1213 * Process a software request.
1214 */
1215 static int
1216 swcr_process(device_t dev, struct cryptop *crp, int hint)
1217 {
1218 struct cryptodesc *crd;
1219 struct swcr_data *sw;
1220 u_int32_t lid;
1221
1222 /* Sanity check */
1223 if (crp == NULL)
1224 return EINVAL;
1225
1226 if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
1227 crp->crp_etype = EINVAL;
1228 goto done;
1229 }
1230
1231 lid = crp->crp_sid & 0xffffffff;
1232 if (lid >= swcr_sesnum || lid == 0 || swcr_sessions[lid] == NULL) {
1233 crp->crp_etype = ENOENT;
1234 goto done;
1235 }
1236
1237 /* Go through crypto descriptors, processing as we go */
1238 for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
1239 /*
1240 * Find the crypto context.
1241 *
1242 * XXX Note that the logic here prevents us from having
1243 * XXX the same algorithm multiple times in a session
1244 * XXX (or rather, we can but it won't give us the right
1245 * XXX results). To do that, we'd need some way of differentiating
1246 * XXX between the various instances of an algorithm (so we can
1247 * XXX locate the correct crypto context).
1248 */
1249 for (sw = swcr_sessions[lid];
1250 sw && sw->sw_alg != crd->crd_alg;
1251 sw = sw->sw_next)
1252 ;
1253
1254 /* No such context ? */
1255 if (sw == NULL) {
1256 crp->crp_etype = EINVAL;
1257 goto done;
1258 }
1259 switch (sw->sw_alg) {
1260 case CRYPTO_DES_CBC:
1261 case CRYPTO_3DES_CBC:
1262 case CRYPTO_BLF_CBC:
1263 case CRYPTO_CAST_CBC:
1264 case CRYPTO_SKIPJACK_CBC:
1265 case CRYPTO_RIJNDAEL128_CBC:
1266 case CRYPTO_AES_XTS:
1267 case CRYPTO_AES_CTR:
1268 case CRYPTO_CAMELLIA_CBC:
1269 case CRYPTO_TWOFISH_CBC:
1270 case CRYPTO_SERPENT_CBC:
1271 case CRYPTO_TWOFISH_XTS:
1272 case CRYPTO_SERPENT_XTS:
1273 if ((crp->crp_etype = swcr_encdec(crd, sw,
1274 crp->crp_buf, crp->crp_flags)) != 0)
1275 goto done;
1276 break;
1277 case CRYPTO_NULL_CBC:
1278 crp->crp_etype = 0;
1279 break;
1280 case CRYPTO_MD5_HMAC:
1281 case CRYPTO_SHA1_HMAC:
1282 case CRYPTO_SHA2_256_HMAC:
1283 case CRYPTO_SHA2_384_HMAC:
1284 case CRYPTO_SHA2_512_HMAC:
1285 case CRYPTO_RIPEMD160_HMAC:
1286 case CRYPTO_NULL_HMAC:
1287 case CRYPTO_MD5_KPDK:
1288 case CRYPTO_SHA1_KPDK:
1289 case CRYPTO_MD5:
1290 case CRYPTO_SHA1:
1291 if ((crp->crp_etype = swcr_authcompute(crd, sw,
1292 crp->crp_buf, crp->crp_flags)) != 0)
1293 goto done;
1294 break;
1295
1296 case CRYPTO_AES_GCM_16:
1297 case CRYPTO_AES_GMAC:
1298 case CRYPTO_AES_128_GMAC:
1299 case CRYPTO_AES_192_GMAC:
1300 case CRYPTO_AES_256_GMAC:
1301 crp->crp_etype = swcr_combined(crp);
1302 goto done;
1303
1304 case CRYPTO_DEFLATE_COMP:
1305 if ((crp->crp_etype = swcr_compdec(crd, sw,
1306 crp->crp_buf, crp->crp_flags)) != 0)
1307 goto done;
1308 else
1309 crp->crp_olen = (int)sw->sw_size;
1310 break;
1311
1312 default:
1313 /* Unknown/unsupported algorithm */
1314 crp->crp_etype = EINVAL;
1315 goto done;
1316 }
1317 }
1318
1319 done:
1320 crypto_done(crp);
1321 lwkt_yield();
1322 return 0;
1323 }
1324
1325 static void
1326 swcr_identify(driver_t *drv, device_t parent)
1327 {
1328 /* NB: order 10 is so we get attached after h/w devices */
1329 /* XXX: wouldn't bet about this BUS_ADD_CHILD correctness */
1330 if (device_find_child(parent, "cryptosoft", -1) == NULL &&
1331 BUS_ADD_CHILD(parent, parent, 10, "cryptosoft", -1) == 0)
1332 panic("cryptosoft: could not attach");
1333 }
1334
1335 static int
1336 swcr_probe(device_t dev)
1337 {
1338 device_set_desc(dev, "software crypto");
1339 return (0);
1340 }
1341
1342 static int
1343 swcr_attach(device_t dev)
1344 {
1345 memset(hmac_ipad_buffer, HMAC_IPAD_VAL, HMAC_MAX_BLOCK_LEN);
1346 memset(hmac_opad_buffer, HMAC_OPAD_VAL, HMAC_MAX_BLOCK_LEN);
1347
1348 swcr_id = crypto_get_driverid(dev, CRYPTOCAP_F_SOFTWARE |
1349 CRYPTOCAP_F_SYNC |
1350 CRYPTOCAP_F_SMP);
1351 if (swcr_id < 0) {
1352 device_printf(dev, "cannot initialize!");
1353 return ENOMEM;
1354 }
1355 #define REGISTER(alg) \
1356 crypto_register(swcr_id, alg, 0,0)
1357 REGISTER(CRYPTO_DES_CBC);
1358 REGISTER(CRYPTO_3DES_CBC);
1359 REGISTER(CRYPTO_BLF_CBC);
1360 REGISTER(CRYPTO_CAST_CBC);
1361 REGISTER(CRYPTO_SKIPJACK_CBC);
1362 REGISTER(CRYPTO_NULL_CBC);
1363 REGISTER(CRYPTO_MD5_HMAC);
1364 REGISTER(CRYPTO_SHA1_HMAC);
1365 REGISTER(CRYPTO_SHA2_256_HMAC);
1366 REGISTER(CRYPTO_SHA2_384_HMAC);
1367 REGISTER(CRYPTO_SHA2_512_HMAC);
1368 REGISTER(CRYPTO_RIPEMD160_HMAC);
1369 REGISTER(CRYPTO_NULL_HMAC);
1370 REGISTER(CRYPTO_MD5_KPDK);
1371 REGISTER(CRYPTO_SHA1_KPDK);
1372 REGISTER(CRYPTO_MD5);
1373 REGISTER(CRYPTO_SHA1);
1374 REGISTER(CRYPTO_RIJNDAEL128_CBC);
1375 REGISTER(CRYPTO_AES_XTS);
1376 REGISTER(CRYPTO_AES_CTR);
1377 REGISTER(CRYPTO_AES_GCM_16);
1378 REGISTER(CRYPTO_AES_GMAC);
1379 REGISTER(CRYPTO_AES_128_GMAC);
1380 REGISTER(CRYPTO_AES_192_GMAC);
1381 REGISTER(CRYPTO_AES_256_GMAC);
1382 REGISTER(CRYPTO_CAMELLIA_CBC);
1383 REGISTER(CRYPTO_TWOFISH_CBC);
1384 REGISTER(CRYPTO_SERPENT_CBC);
1385 REGISTER(CRYPTO_TWOFISH_XTS);
1386 REGISTER(CRYPTO_SERPENT_XTS);
1387 REGISTER(CRYPTO_DEFLATE_COMP);
1388 #undef REGISTER
1389
1390 return 0;
1391 }
1392
1393 static int
1394 swcr_detach(device_t dev)
1395 {
1396 crypto_unregister_all(swcr_id);
1397 if (swcr_sessions != NULL)
1398 kfree(swcr_sessions, M_CRYPTO_DATA);
1399 return 0;
1400 }
1401
1402 static device_method_t swcr_methods[] = {
1403 DEVMETHOD(device_identify, swcr_identify),
1404 DEVMETHOD(device_probe, swcr_probe),
1405 DEVMETHOD(device_attach, swcr_attach),
1406 DEVMETHOD(device_detach, swcr_detach),
1407
1408 DEVMETHOD(cryptodev_newsession, swcr_newsession),
1409 DEVMETHOD(cryptodev_freesession,swcr_freesession),
1410 DEVMETHOD(cryptodev_process, swcr_process),
1411
1412 DEVMETHOD_END
1413 };
1414
1415 static driver_t swcr_driver = {
1416 "cryptosoft",
1417 swcr_methods,
1418 0, /* NB: no softc */
1419 };
1420 static devclass_t swcr_devclass;
1421
1422 /*
1423 * NB: We explicitly reference the crypto module so we
1424 * get the necessary ordering when built as a loadable
1425 * module. This is required because we bundle the crypto
1426 * module code together with the cryptosoft driver (otherwise
1427 * normal module dependencies would handle things).
1428 */
1429 extern int crypto_modevent(struct module *, int, void *);
1430 /* XXX where to attach */
1431 DRIVER_MODULE(cryptosoft, nexus, swcr_driver, swcr_devclass, crypto_modevent,NULL);
1432 MODULE_VERSION(cryptosoft, 1);
1433 MODULE_DEPEND(cryptosoft, crypto, 1, 1, 1);
DragonFly BSD