lib/cryptodev.c

   1 /*
   2  * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * The GnuTLS is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #include <gnutls_errors.h>
  26 #include <gnutls_int.h>
  27 #include <gnutls/crypto.h>
  28 #include <gnutls_cryptodev.h>
  29 #include <gnutls_errors.h>
  30
  31 #ifdef ENABLE_CRYPTODEV
  32
  33 #include <fcntl.h>
  34 #include <sys/ioctl.h>
  35 #include <crypto/cryptodev.h>
  36
  37 #ifndef CRYPTO_CIPHER_MAX_KEY_LEN
  38 #define CRYPTO_CIPHER_MAX_KEY_LEN 64
  39 #endif
  40
  41 #ifndef EALG_MAX_BLOCK_LEN
  42 #define EALG_MAX_BLOCK_LEN 16
  43 #endif
  44
  45 static int cryptodev_fd = -1;
  46
  47 static int register_mac (int cfd);
  48
  49 struct cryptodev_ctx
  50 {
  51   struct session_op sess;
  52   struct crypt_op cryp;
  53   opaque iv[EALG_MAX_BLOCK_LEN];
  54   opaque key[CRYPTO_CIPHER_MAX_KEY_LEN];
  55   int cfd;
  56 };
  57
  58 static const int gnutls_cipher_map[] = {
  59   [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
  60   [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
  61   [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
  62   [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
  63   [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
  64   [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
  65   [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
  66 };
  67
  68 static int
  69 cryptodev_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
  70 {
  71   struct cryptodev_ctx *ctx;
  72   int cipher = gnutls_cipher_map[algorithm];
  73
  74   *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
  75   if (*_ctx == NULL)
  76     {
  77       gnutls_assert ();
  78       return GNUTLS_E_MEMORY_ERROR;
  79     }
  80
  81   ctx = *_ctx;
  82
  83   ctx->cfd = cryptodev_fd;
  84   ctx->sess.cipher = cipher;
  85   ctx->sess.key = ctx->key;
  86   ctx->cryp.iv = ctx->iv;
  87
  88   return 0;
  89 }
  90
  91 static int
  92 cryptodev_cipher_setkey (void *_ctx, const void *key, size_t keysize)
  93 {
  94   struct cryptodev_ctx *ctx = _ctx;
  95
  96   ctx->sess.keylen = keysize;
  97   memcpy (ctx->key, key, keysize);
  98
  99   if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
 100     {
 101       gnutls_assert ();
 102       return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 103     }
 104   ctx->cryp.ses = ctx->sess.ses;
 105
 106   return 0;
 107 }
 108
 109 static int
 110 cryptodev_setiv (void *_ctx, const void *iv, size_t iv_size)
 111 {
 112   struct cryptodev_ctx *ctx = _ctx;
 113
 114   memcpy (ctx->iv, iv, iv_size);
 115
 116   return 0;
 117 }
 118
 119 static int
 120 cryptodev_encrypt (void *_ctx, const void *plain, size_t plainsize,
 121                    void *encr, size_t encrsize)
 122 {
 123   struct cryptodev_ctx *ctx = _ctx;
 124   ctx->cryp.len = plainsize;
 125   ctx->cryp.src = (void *) plain;
 126   ctx->cryp.dst = encr;
 127   ctx->cryp.op = COP_ENCRYPT;
 128   if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
 129     {
 130       gnutls_assert ();
 131       return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 132     }
 133   return 0;
 134 }
 135
 136 static int
 137 cryptodev_decrypt (void *_ctx, const void *encr, size_t encrsize,
 138                    void *plain, size_t plainsize)
 139 {
 140   struct cryptodev_ctx *ctx = _ctx;
 141
 142   ctx->cryp.len = encrsize;
 143   ctx->cryp.src = (void *) encr;
 144   ctx->cryp.dst = plain;
 145   ctx->cryp.op = COP_DECRYPT;
 146   if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
 147     {
 148       gnutls_assert ();
 149       return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 150     }
 151   return 0;
 152
 153 }
 154
 155 static void
 156 cryptodev_deinit (void *_ctx)
 157 {
 158   struct cryptodev_ctx *ctx = _ctx;
 159
 160   ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess);
 161   gnutls_free (ctx);
 162 }
 163
 164 static const gnutls_crypto_cipher_st cipher_struct = {
 165   .init = cryptodev_cipher_init,
 166   .setkey = cryptodev_cipher_setkey,
 167   .setiv = cryptodev_setiv,
 168   .encrypt = cryptodev_encrypt,
 169   .decrypt = cryptodev_decrypt,
 170   .deinit = cryptodev_deinit,
 171 };
 172
 173 static int
 174 register_crypto (int cfd)
 175 {
 176   struct session_op sess;
 177   char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
 178   int i = 0, ret;
 179
 180   memset (&sess, 0, sizeof (sess));
 181
 182   for (i = 0; i < sizeof (gnutls_cipher_map) / sizeof (gnutls_cipher_map[0]);
 183        i++)
 184     {
 185       if (gnutls_cipher_map[i] == 0)
 186         continue;
 187
 188       /* test if a cipher is support it and if yes register it */
 189       sess.cipher = gnutls_cipher_map[i];
 190       sess.keylen = gnutls_cipher_get_key_size (i);
 191       sess.key = fake_key;
 192
 193       if (ioctl (cfd, CIOCGSESSION, &sess))
 194         {
 195           continue;
 196         }
 197
 198       ioctl (cfd, CIOCFSESSION, &sess);
 199
 200       _gnutls_debug_log ("/dev/crypto: registering: %s\n",
 201                          gnutls_cipher_get_name (i));
 202       ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
 203       if (ret < 0)
 204         {
 205           gnutls_assert ();
 206           return ret;
 207         }
 208
 209     }
 210
 211   return 0;
 212 }
 213
 214 int
 215 _gnutls_cryptodev_init (void)
 216 {
 217   int ret;
 218
 219   /* Open the crypto device */
 220   cryptodev_fd = open ("/dev/crypto", O_RDWR, 0);
 221   if (cryptodev_fd < 0)
 222     {
 223       gnutls_assert ();
 224       return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
 225     }
 226
 227 #ifndef CRIOGET_NOT_NEEDED
 228   {
 229     int cfd = -1;
 230     /* Clone file descriptor */
 231     if (ioctl (cryptodev_fd, CRIOGET, &cfd))
 232       {
 233         gnutls_assert ();
 234         return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 235       }
 236
 237     /* Set close-on-exec (not really neede here) */
 238     if (fcntl (cfd, F_SETFD, 1) == -1)
 239       {
 240         gnutls_assert ();
 241         return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 242       }
 243
 244     close (cryptodev_fd);
 245     cryptodev_fd = cfd;
 246   }
 247 #endif
 248
 249   ret = register_crypto (cryptodev_fd);
 250   if (ret < 0)
 251     gnutls_assert ();
 252
 253   if (ret >= 0)
 254     {
 255       ret = register_mac (cryptodev_fd);
 256       if (ret < 0)
 257         gnutls_assert ();
 258     }
 259
 260   if (ret < 0)
 261     {
 262       gnutls_assert ();
 263       close (cryptodev_fd);
 264     }
 265
 266   return ret;
 267 }
 268
 269 void
 270 _gnutls_cryptodev_deinit (void)
 271 {
 272   close (cryptodev_fd);
 273 }
 274
 275 /* MAC and digest stuff */
 276
 277 /* if we are using linux /dev/crypto
 278  */
 279 #if defined COP_FLAG_UPDATE
 280
 281 static const int gnutls_mac_map[] = {
 282   [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
 283   [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
 284   [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
 285   [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
 286   [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
 287 };
 288
 289 static int
 290 cryptodev_mac_init (gnutls_mac_algorithm_t algorithm, void **_ctx)
 291 {
 292   struct cryptodev_ctx *ctx;
 293   int mac = gnutls_mac_map[algorithm];
 294
 295   *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
 296   if (*_ctx == NULL)
 297     {
 298       gnutls_assert ();
 299       return GNUTLS_E_MEMORY_ERROR;
 300     }
 301
 302   ctx = *_ctx;
 303
 304   ctx->cfd = cryptodev_fd;
 305
 306   ctx->sess.mac = mac;
 307   ctx->sess.mackey = ctx->key;
 308
 309   return 0;
 310 }
 311
 312 static int
 313 cryptodev_mac_setkey (void *_ctx, const void *key, size_t keysize)
 314 {
 315   struct cryptodev_ctx *ctx = _ctx;
 316
 317   ctx->sess.mackeylen = keysize;
 318   memcpy (ctx->key, key, keysize);
 319
 320   if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
 321     {
 322       gnutls_assert ();
 323       return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 324     }
 325   ctx->cryp.ses = ctx->sess.ses;
 326
 327   return 0;
 328 }
 329
 330 static int
 331 cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize)
 332 {
 333   struct cryptodev_ctx *ctx = _ctx;
 334   ctx->cryp.len = textsize;
 335   ctx->cryp.src = (void *) text;
 336   ctx->cryp.dst = NULL;
 337   ctx->cryp.op = COP_ENCRYPT;
 338   ctx->cryp.flags = COP_FLAG_UPDATE;
 339   if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
 340     {
 341       gnutls_assert ();
 342       return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 343     }
 344   return 0;
 345 }
 346
 347 static int
 348 cryptodev_mac_output (void *_ctx, void *digest, size_t digestsize)
 349 {
 350   struct cryptodev_ctx *ctx = _ctx;
 351   ctx->cryp.len = 0;
 352   ctx->cryp.src = NULL;
 353   ctx->cryp.mac = digest;
 354   ctx->cryp.op = COP_ENCRYPT;
 355   ctx->cryp.flags = COP_FLAG_FINAL;
 356   if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
 357     {
 358       gnutls_assert ();
 359       return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 360     }
 361
 362   return 0;
 363 }
 364
 365 #define cryptodev_mac_deinit cryptodev_deinit
 366
 367 static const gnutls_crypto_mac_st mac_struct = {
 368   .init = cryptodev_mac_init,
 369   .setkey = cryptodev_mac_setkey,
 370   .hash = cryptodev_mac_hash,
 371   .output = cryptodev_mac_output,
 372   .deinit = cryptodev_mac_deinit
 373 };
 374
 375 static int
 376 register_mac (int cfd)
 377 {
 378   struct session_op sess;
 379   char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
 380   int i = 0, ret;
 381
 382   memset (&sess, 0, sizeof (sess));
 383   for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++)
 384     {
 385       if (gnutls_mac_map[i] == 0)
 386         continue;
 387
 388       sess.mac = gnutls_mac_map[i];
 389       sess.keylen = 8;
 390       sess.key = fake_key;
 391
 392       if (ioctl (cfd, CIOCGSESSION, &sess))
 393         {
 394           continue;
 395         }
 396
 397       ioctl (cfd, CIOCFSESSION, &sess);
 398
 399       _gnutls_debug_log ("/dev/crypto: registering: %s\n",
 400                          gnutls_mac_get_name (i));
 401       ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct);
 402       if (ret < 0)
 403         {
 404           gnutls_assert ();
 405           return ret;
 406         }
 407
 408     }
 409
 410   return 0;
 411 }
 412
 413 #else
 414 static int
 415 register_mac (int cfd)
 416 {
 417   return 0;
 418 }
 419
 420 #endif /* defined(CIOCSESSIONCLONE) && defined(COP_FLAG_UPDATE) */
 421
 422 #else /* ENABLE_CRYPTODEV */
 423 int
 424 _gnutls_cryptodev_init ()
 425 {
 426   return 0;
 427 }
 428
 429 void
 430 _gnutls_cryptodev_deinit ()
 431 {
 432   return;
 433 }
 434 #endif /* ENABLE_CRYPTODEV */