OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/target/linux/generic/files/crypto/ocf/cryptodev.c

1	/* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */
2
3	/*-
4	* Linux port done by David McCullough <david_mccullough@mcafee.com>
5	* Copyright (C) 2006-2010 David McCullough
6	* Copyright (C) 2004-2005 Intel Corporation.
7	* The license and original author are listed below.
8	*
9	* Copyright (c) 2001 Theo de Raadt
10	* Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
11	*
12	* Redistribution and use in source and binary forms, with or without
13	* modification, are permitted provided that the following conditions
14	* are met:
15	*
16	* 1. Redistributions of source code must retain the above copyright
17	* notice, this list of conditions and the following disclaimer.
18	* 2. Redistributions in binary form must reproduce the above copyright
19	* notice, this list of conditions and the following disclaimer in the
20	* documentation and/or other materials provided with the distribution.
21	* 3. The name of the author may not be used to endorse or promote products
22	* derived from this software without specific prior written permission.
23	*
24	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34	*
35	* Effort sponsored in part by the Defense Advanced Research Projects
36	* Agency (DARPA) and Air Force Research Laboratory, Air Force
37	* Materiel Command, USAF, under agreement number F30602-01-2-0537.
38	*
39	__FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gnn Exp $");
40	*/
41
42	#include <linux/version.h>
43	#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
44	#include <generated/autoconf.h>
45	#else
46	#include <linux/autoconf.h>
47	#endif
48	#include <linux/types.h>
49	#include <linux/time.h>
50	#include <linux/delay.h>
51	#include <linux/list.h>
52	#include <linux/init.h>
53	#include <linux/sched.h>
54	#include <linux/unistd.h>
55	#include <linux/module.h>
56	#include <linux/wait.h>
57	#include <linux/slab.h>
58	#include <linux/fs.h>
59	#include <linux/dcache.h>
60	#include <linux/file.h>
61	#include <linux/mount.h>
62	#include <linux/miscdevice.h>
63	#include <linux/version.h>
64	#include <asm/uaccess.h>
65
66	#include <cryptodev.h>
67	#include <uio.h>
68
69	extern asmlinkage long sys_dup(unsigned int fildes);
70
71	#define debug cryptodev_debug
72	int cryptodev_debug = 0;
73	module_param(cryptodev_debug, int, 0644);
74	MODULE_PARM_DESC(cryptodev_debug, "Enable cryptodev debug");
75
76	struct csession_info {
77	u_int16_t blocksize;
78	u_int16_t minkey, maxkey;
79
80	u_int16_t keysize;
81	/* u_int16_t hashsize; */
82	u_int16_t authsize;
83	u_int16_t authkey;
84	/* u_int16_t ctxsize; */
85	};
86
87	struct csession {
88	struct list_head list;
89	u_int64_t sid;
90	u_int32_t ses;
91
92	wait_queue_head_t waitq;
93
94	u_int32_t cipher;
95
96	u_int32_t mac;
97
98	caddr_t key;
99	int keylen;
100	u_char tmp_iv[EALG_MAX_BLOCK_LEN];
101
102	caddr_t mackey;
103	int mackeylen;
104
105	struct csession_info info;
106
107	struct iovec iovec;
108	struct uio uio;
109	int error;
110	};
111
112	struct fcrypt {
113	struct list_head csessions;
114	int sesn;
115	};
116
117	static struct csession csefind(struct fcrypt , u_int);
118	static int csedelete(struct fcrypt , struct csession );
119	static struct csession cseadd(struct fcrypt , struct csession *);
120	static struct csession csecreate(struct fcrypt , u_int64_t,
121	struct cryptoini crie, struct cryptoini cria, struct csession_info *);
122	static int csefree(struct csession *);
123
124	static int cryptodev_op(struct csession , struct crypt_op );
125	static int cryptodev_key(struct crypt_kop *);
126	static int cryptodev_find(struct crypt_find_op *);
127
128	static int cryptodev_cb(void *);
129	static int cryptodev_open(struct inode inode, struct file filp);
130
131	/*
132	* Check a crypto identifier to see if it requested
133	* a valid crid and it's capabilities match.
134	*/
135	static int
136	checkcrid(int crid)
137	{
138	int hid = crid & ~(CRYPTOCAP_F_SOFTWARE \| CRYPTOCAP_F_HARDWARE);
139	int typ = crid & (CRYPTOCAP_F_SOFTWARE \| CRYPTOCAP_F_HARDWARE);
140	int caps = 0;
141
142	/* if the user hasn't selected a driver, then just call newsession */
143	if (hid == 0 && typ != 0)
144	return 0;
145
146	caps = crypto_getcaps(hid);
147
148	/* didn't find anything with capabilities */
149	if (caps == 0) {
150	dprintk("%s: hid=%x typ=%x not matched\n", __FUNCTION__, hid, typ);
151	return EINVAL;
152	}
153
154	/* the user didn't specify SW or HW, so the driver is ok */
155	if (typ == 0)
156	return 0;
157
158	/* if the type specified didn't match */
159	if (typ != (caps & (CRYPTOCAP_F_SOFTWARE \| CRYPTOCAP_F_HARDWARE))) {
160	dprintk("%s: hid=%x typ=%x caps=%x not matched\n", __FUNCTION__,
161	hid, typ, caps);
162	return EINVAL;
163	}
164
165	return 0;
166	}
167
168	static int
169	cryptodev_op(struct csession cse, struct crypt_op cop)
170	{
171	struct cryptop *crp = NULL;
172	struct cryptodesc crde = NULL, crda = NULL;
173	int error = 0;
174
175	dprintk("%s()\n", __FUNCTION__);
176	if (cop->len > CRYPTO_MAX_DATA_LEN) {
177	dprintk("%s: %d > %d\n", __FUNCTION__, cop->len, CRYPTO_MAX_DATA_LEN);
178	return (E2BIG);
179	}
180
181	if (cse->info.blocksize && (cop->len % cse->info.blocksize) != 0) {
182	dprintk("%s: blocksize=%d len=%d\n", __FUNCTION__, cse->info.blocksize,
183	cop->len);
184	return (EINVAL);
185	}
186
187	cse->uio.uio_iov = &cse->iovec;
188	cse->uio.uio_iovcnt = 1;
189	cse->uio.uio_offset = 0;
190	#if 0
191	cse->uio.uio_resid = cop->len;
192	cse->uio.uio_segflg = UIO_SYSSPACE;
193	cse->uio.uio_rw = UIO_WRITE;
194	cse->uio.uio_td = td;
195	#endif
196	cse->uio.uio_iov[0].iov_len = cop->len;
197	if (cse->info.authsize)
198	cse->uio.uio_iov[0].iov_len += cse->info.authsize;
199	cse->uio.uio_iov[0].iov_base = kmalloc(cse->uio.uio_iov[0].iov_len,
200	GFP_KERNEL);
201
202	if (cse->uio.uio_iov[0].iov_base == NULL) {
203	dprintk("%s: iov_base kmalloc(%d) failed\n", __FUNCTION__,
204	(int)cse->uio.uio_iov[0].iov_len);
205	return (ENOMEM);
206	}
207
208	crp = crypto_getreq((cse->info.blocksize != 0) + (cse->info.authsize != 0));
209	if (crp == NULL) {
210	dprintk("%s: ENOMEM\n", __FUNCTION__);
211	error = ENOMEM;
212	goto bail;
213	}
214
215	if (cse->info.authsize && cse->info.blocksize) {
216	if (cop->op == COP_ENCRYPT) {
217	crde = crp->crp_desc;
218	crda = crde->crd_next;
219	} else {
220	crda = crp->crp_desc;
221	crde = crda->crd_next;
222	}
223	} else if (cse->info.authsize) {
224	crda = crp->crp_desc;
225	} else if (cse->info.blocksize) {
226	crde = crp->crp_desc;
227	} else {
228	dprintk("%s: bad request\n", __FUNCTION__);
229	error = EINVAL;
230	goto bail;
231	}
232
233	if ((error = copy_from_user(cse->uio.uio_iov[0].iov_base, cop->src,
234	cop->len))) {
235	dprintk("%s: bad copy\n", __FUNCTION__);
236	goto bail;
237	}
238
239	if (crda) {
240	crda->crd_skip = 0;
241	crda->crd_len = cop->len;
242	crda->crd_inject = cop->len;
243
244	crda->crd_alg = cse->mac;
245	crda->crd_key = cse->mackey;
246	crda->crd_klen = cse->mackeylen * 8;
247	}
248
249	if (crde) {
250	if (cop->op == COP_ENCRYPT)
251	crde->crd_flags \|= CRD_F_ENCRYPT;
252	else
253	crde->crd_flags &= ~CRD_F_ENCRYPT;
254	crde->crd_len = cop->len;
255	crde->crd_inject = 0;
256
257	crde->crd_alg = cse->cipher;
258	crde->crd_key = cse->key;
259	crde->crd_klen = cse->keylen * 8;
260	}
261
262	crp->crp_ilen = cse->uio.uio_iov[0].iov_len;
263	crp->crp_flags = CRYPTO_F_IOV \| CRYPTO_F_CBIMM
264	\| (cop->flags & COP_F_BATCH);
265	crp->crp_buf = (caddr_t)&cse->uio;
266	crp->crp_callback = (int () (struct cryptop )) cryptodev_cb;
267	crp->crp_sid = cse->sid;
268	crp->crp_opaque = (void *)cse;
269
270	if (cop->iv) {
271	if (crde == NULL) {
272	error = EINVAL;
273	dprintk("%s no crde\n", __FUNCTION__);
274	goto bail;
275	}
276	if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
277	error = EINVAL;
278	dprintk("%s arc4 with IV\n", __FUNCTION__);
279	goto bail;
280	}
281	if ((error = copy_from_user(cse->tmp_iv, cop->iv,
282	cse->info.blocksize))) {
283	dprintk("%s bad iv copy\n", __FUNCTION__);
284	goto bail;
285	}
286	memcpy(crde->crd_iv, cse->tmp_iv, cse->info.blocksize);
287	crde->crd_flags \|= CRD_F_IV_EXPLICIT \| CRD_F_IV_PRESENT;
288	crde->crd_skip = 0;
289	} else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
290	crde->crd_skip = 0;
291	} else if (crde) {
292	crde->crd_flags \|= CRD_F_IV_PRESENT;
293	crde->crd_skip = cse->info.blocksize;
294	crde->crd_len -= cse->info.blocksize;
295	}
296
297	if (cop->mac && crda == NULL) {
298	error = EINVAL;
299	dprintk("%s no crda\n", __FUNCTION__);
300	goto bail;
301	}
302
303	/*
304	* Let the dispatch run unlocked, then, interlock against the
305	* callback before checking if the operation completed and going
306	* to sleep. This insures drivers don't inherit our lock which
307	* results in a lock order reversal between crypto_dispatch forced
308	* entry and the crypto_done callback into us.
309	*/
310	error = crypto_dispatch(crp);
311	if (error) {
312	dprintk("%s error in crypto_dispatch\n", __FUNCTION__);
313	goto bail;
314	}
315
316	dprintk("%s about to WAIT\n", __FUNCTION__);
317	/*
318	* we really need to wait for driver to complete to maintain
319	* state, luckily interrupts will be remembered
320	*/
321	do {
322	error = wait_event_interruptible(crp->crp_waitq,
323	((crp->crp_flags & CRYPTO_F_DONE) != 0));
324	/*
325	* we can't break out of this loop or we will leave behind
326	* a huge mess, however, staying here means if your driver
327	* is broken user applications can hang and not be killed.
328	* The solution, fix your driver :-)
329	*/
330	if (error) {
331	schedule();
332	error = 0;
333	}
334	} while ((crp->crp_flags & CRYPTO_F_DONE) == 0);
335	dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error);
336
337	if (crp->crp_etype != 0) {
338	error = crp->crp_etype;
339	dprintk("%s error in crp processing\n", __FUNCTION__);
340	goto bail;
341	}
342
343	if (cse->error) {
344	error = cse->error;
345	dprintk("%s error in cse processing\n", __FUNCTION__);
346	goto bail;
347	}
348
349	if (cop->dst && (error = copy_to_user(cop->dst,
350	cse->uio.uio_iov[0].iov_base, cop->len))) {
351	dprintk("%s bad dst copy\n", __FUNCTION__);
352	goto bail;
353	}
354
355	if (cop->mac &&
356	(error=copy_to_user(cop->mac,
357	(caddr_t)cse->uio.uio_iov[0].iov_base + cop->len,
358	cse->info.authsize))) {
359	dprintk("%s bad mac copy\n", __FUNCTION__);
360	goto bail;
361	}
362
363	bail:
364	if (crp)
365	crypto_freereq(crp);
366	if (cse->uio.uio_iov[0].iov_base)
367	kfree(cse->uio.uio_iov[0].iov_base);
368
369	return (error);
370	}
371
372	static int
373	cryptodev_cb(void *op)
374	{
375	struct cryptop crp = (struct cryptop ) op;
376	struct csession cse = (struct csession )crp->crp_opaque;
377	int error;
378
379	dprintk("%s()\n", __FUNCTION__);
380	error = crp->crp_etype;
381	if (error == EAGAIN) {
382	crp->crp_flags &= ~CRYPTO_F_DONE;
383	#ifdef NOTYET
384	/*
385	* DAVIDM I am fairly sure that we should turn this into a batch
386	* request to stop bad karma/lockup, revisit
387	*/
388	crp->crp_flags \|= CRYPTO_F_BATCH;
389	#endif
390	return crypto_dispatch(crp);
391	}
392	if (error != 0 \|\| (crp->crp_flags & CRYPTO_F_DONE)) {
393	cse->error = error;
394	wake_up_interruptible(&crp->crp_waitq);
395	}
396	return (0);
397	}
398
399	static int
400	cryptodevkey_cb(void *op)
401	{
402	struct cryptkop krp = (struct cryptkop ) op;
403	dprintk("%s()\n", __FUNCTION__);
404	wake_up_interruptible(&krp->krp_waitq);
405	return (0);
406	}
407
408	static int
409	cryptodev_key(struct crypt_kop *kop)
410	{
411	struct cryptkop *krp = NULL;
412	int error = EINVAL;
413	int in, out, size, i;
414
415	dprintk("%s()\n", __FUNCTION__);
416	if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
417	dprintk("%s params too big\n", __FUNCTION__);
418	return (EFBIG);
419	}
420
421	in = kop->crk_iparams;
422	out = kop->crk_oparams;
423	switch (kop->crk_op) {
424	case CRK_MOD_EXP:
425	if (in == 3 && out == 1)
426	break;
427	return (EINVAL);
428	case CRK_MOD_EXP_CRT:
429	if (in == 6 && out == 1)
430	break;
431	return (EINVAL);
432	case CRK_DSA_SIGN:
433	if (in == 5 && out == 2)
434	break;
435	return (EINVAL);
436	case CRK_DSA_VERIFY:
437	if (in == 7 && out == 0)
438	break;
439	return (EINVAL);
440	case CRK_DH_COMPUTE_KEY:
441	if (in == 3 && out == 1)
442	break;
443	return (EINVAL);
444	default:
445	return (EINVAL);
446	}
447
448	krp = (struct cryptkop )kmalloc(sizeof krp, GFP_KERNEL);
449	if (!krp)
450	return (ENOMEM);
451	bzero(krp, sizeof *krp);
452	krp->krp_op = kop->crk_op;
453	krp->krp_status = kop->crk_status;
454	krp->krp_iparams = kop->crk_iparams;
455	krp->krp_oparams = kop->crk_oparams;
456	krp->krp_crid = kop->crk_crid;
457	krp->krp_status = 0;
458	krp->krp_flags = CRYPTO_KF_CBIMM;
459	krp->krp_callback = (int () (struct cryptkop )) cryptodevkey_cb;
460	init_waitqueue_head(&krp->krp_waitq);
461
462	for (i = 0; i < CRK_MAXPARAM; i++)
463	krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
464	for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
465	size = (krp->krp_param[i].crp_nbits + 7) / 8;
466	if (size == 0)
467	continue;
468	krp->krp_param[i].crp_p = (caddr_t) kmalloc(size, GFP_KERNEL);
469	if (i >= krp->krp_iparams)
470	continue;
471	error = copy_from_user(krp->krp_param[i].crp_p,
472	kop->crk_param[i].crp_p, size);
473	if (error)
474	goto fail;
475	}
476
477	error = crypto_kdispatch(krp);
478	if (error)
479	goto fail;
480
481	do {
482	error = wait_event_interruptible(krp->krp_waitq,
483	((krp->krp_flags & CRYPTO_KF_DONE) != 0));
484	/*
485	* we can't break out of this loop or we will leave behind
486	* a huge mess, however, staying here means if your driver
487	* is broken user applications can hang and not be killed.
488	* The solution, fix your driver :-)
489	*/
490	if (error) {
491	schedule();
492	error = 0;
493	}
494	} while ((krp->krp_flags & CRYPTO_KF_DONE) == 0);
495
496	dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error);
497
498	kop->crk_crid = krp->krp_crid; /* device that did the work */
499	if (krp->krp_status != 0) {
500	error = krp->krp_status;
501	goto fail;
502	}
503
504	for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
505	size = (krp->krp_param[i].crp_nbits + 7) / 8;
506	if (size == 0)
507	continue;
508	error = copy_to_user(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p,
509	size);
510	if (error)
511	goto fail;
512	}
513
514	fail:
515	if (krp) {
516	kop->crk_status = krp->krp_status;
517	for (i = 0; i < CRK_MAXPARAM; i++) {
518	if (krp->krp_param[i].crp_p)
519	kfree(krp->krp_param[i].crp_p);
520	}
521	kfree(krp);
522	}
523	return (error);
524	}
525
526	static int
527	cryptodev_find(struct crypt_find_op *find)
528	{
529	device_t dev;
530
531	if (find->crid != -1) {
532	dev = crypto_find_device_byhid(find->crid);
533	if (dev == NULL)
534	return (ENOENT);
535	strlcpy(find->name, device_get_nameunit(dev),
536	sizeof(find->name));
537	} else {
538	find->crid = crypto_find_driver(find->name);
539	if (find->crid == -1)
540	return (ENOENT);
541	}
542	return (0);
543	}
544
545	static struct csession *
546	csefind(struct fcrypt *fcr, u_int ses)
547	{
548	struct csession *cse;
549
550	dprintk("%s()\n", __FUNCTION__);
551	list_for_each_entry(cse, &fcr->csessions, list)
552	if (cse->ses == ses)
553	return (cse);
554	return (NULL);
555	}
556
557	static int
558	csedelete(struct fcrypt fcr, struct csession cse_del)
559	{
560	struct csession *cse;
561
562	dprintk("%s()\n", __FUNCTION__);
563	list_for_each_entry(cse, &fcr->csessions, list) {
564	if (cse == cse_del) {
565	list_del(&cse->list);
566	return (1);
567	}
568	}
569	return (0);
570	}
571
572	static struct csession *
573	cseadd(struct fcrypt fcr, struct csession cse)
574	{
575	dprintk("%s()\n", __FUNCTION__);
576	list_add_tail(&cse->list, &fcr->csessions);
577	cse->ses = fcr->sesn++;
578	return (cse);
579	}
580
581	static struct csession *
582	csecreate(struct fcrypt fcr, u_int64_t sid, struct cryptoini crie,
583	struct cryptoini cria, struct csession_info info)
584	{
585	struct csession *cse;
586
587	dprintk("%s()\n", __FUNCTION__);
588	cse = (struct csession *) kmalloc(sizeof(struct csession), GFP_KERNEL);
589	if (cse == NULL)
590	return NULL;
591	memset(cse, 0, sizeof(struct csession));
592
593	INIT_LIST_HEAD(&cse->list);
594	init_waitqueue_head(&cse->waitq);
595
596	cse->key = crie->cri_key;
597	cse->keylen = crie->cri_klen/8;
598	cse->mackey = cria->cri_key;
599	cse->mackeylen = cria->cri_klen/8;
600	cse->sid = sid;
601	cse->cipher = crie->cri_alg;
602	cse->mac = cria->cri_alg;
603	cse->info = *info;
604	cseadd(fcr, cse);
605	return (cse);
606	}
607
608	static int
609	csefree(struct csession *cse)
610	{
611	int error;
612
613	dprintk("%s()\n", __FUNCTION__);
614	error = crypto_freesession(cse->sid);
615	if (cse->key)
616	kfree(cse->key);
617	if (cse->mackey)
618	kfree(cse->mackey);
619	kfree(cse);
620	return(error);
621	}
622
623	static int
624	cryptodev_ioctl(
625	struct inode *inode,
626	struct file *filp,
627	unsigned int cmd,
628	unsigned long arg)
629	{
630	struct cryptoini cria, crie;
631	struct fcrypt *fcr = filp->private_data;
632	struct csession *cse;
633	struct csession_info info;
634	struct session2_op sop;
635	struct crypt_op cop;
636	struct crypt_kop kop;
637	struct crypt_find_op fop;
638	u_int64_t sid;
639	u_int32_t ses = 0;
640	int feat, fd, error = 0, crid;
641	mm_segment_t fs;
642
643	dprintk("%s(cmd=%x arg=%lx)\n", __FUNCTION__, cmd, arg);
644
645	switch (cmd) {
646
647	case CRIOGET: {
648	dprintk("%s(CRIOGET)\n", __FUNCTION__);
649	fs = get_fs();
650	set_fs(get_ds());
651	for (fd = 0; fd < files_fdtable(current->files)->max_fds; fd++)
652	if (files_fdtable(current->files)->fd[fd] == filp)
653	break;
654	fd = sys_dup(fd);
655	set_fs(fs);
656	put_user(fd, (int *) arg);
657	return IS_ERR_VALUE(fd) ? fd : 0;
658	}
659
660	#define CIOCGSESSSTR (cmd == CIOCGSESSION ? "CIOCGSESSION" : "CIOCGSESSION2")
661	case CIOCGSESSION:
662	case CIOCGSESSION2:
663	dprintk("%s(%s)\n", __FUNCTION__, CIOCGSESSSTR);
664	memset(&crie, 0, sizeof(crie));
665	memset(&cria, 0, sizeof(cria));
666	memset(&info, 0, sizeof(info));
667	memset(&sop, 0, sizeof(sop));
668
669	if (copy_from_user(&sop, (void*)arg, (cmd == CIOCGSESSION) ?
670	sizeof(struct session_op) : sizeof(sop))) {
671	dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
672	error = EFAULT;
673	goto bail;
674	}
675
676	switch (sop.cipher) {
677	case 0:
678	dprintk("%s(%s) - no cipher\n", __FUNCTION__, CIOCGSESSSTR);
679	break;
680	case CRYPTO_NULL_CBC:
681	info.blocksize = NULL_BLOCK_LEN;
682	info.minkey = NULL_MIN_KEY_LEN;
683	info.maxkey = NULL_MAX_KEY_LEN;
684	break;
685	case CRYPTO_DES_CBC:
686	info.blocksize = DES_BLOCK_LEN;
687	info.minkey = DES_MIN_KEY_LEN;
688	info.maxkey = DES_MAX_KEY_LEN;
689	break;
690	case CRYPTO_3DES_CBC:
691	info.blocksize = DES3_BLOCK_LEN;
692	info.minkey = DES3_MIN_KEY_LEN;
693	info.maxkey = DES3_MAX_KEY_LEN;
694	break;
695	case CRYPTO_BLF_CBC:
696	info.blocksize = BLOWFISH_BLOCK_LEN;
697	info.minkey = BLOWFISH_MIN_KEY_LEN;
698	info.maxkey = BLOWFISH_MAX_KEY_LEN;
699	break;
700	case CRYPTO_CAST_CBC:
701	info.blocksize = CAST128_BLOCK_LEN;
702	info.minkey = CAST128_MIN_KEY_LEN;
703	info.maxkey = CAST128_MAX_KEY_LEN;
704	break;
705	case CRYPTO_SKIPJACK_CBC:
706	info.blocksize = SKIPJACK_BLOCK_LEN;
707	info.minkey = SKIPJACK_MIN_KEY_LEN;
708	info.maxkey = SKIPJACK_MAX_KEY_LEN;
709	break;
710	case CRYPTO_AES_CBC:
711	info.blocksize = AES_BLOCK_LEN;
712	info.minkey = AES_MIN_KEY_LEN;
713	info.maxkey = AES_MAX_KEY_LEN;
714	break;
715	case CRYPTO_ARC4:
716	info.blocksize = ARC4_BLOCK_LEN;
717	info.minkey = ARC4_MIN_KEY_LEN;
718	info.maxkey = ARC4_MAX_KEY_LEN;
719	break;
720	case CRYPTO_CAMELLIA_CBC:
721	info.blocksize = CAMELLIA_BLOCK_LEN;
722	info.minkey = CAMELLIA_MIN_KEY_LEN;
723	info.maxkey = CAMELLIA_MAX_KEY_LEN;
724	break;
725	default:
726	dprintk("%s(%s) - bad cipher\n", __FUNCTION__, CIOCGSESSSTR);
727	error = EINVAL;
728	goto bail;
729	}
730
731	switch (sop.mac) {
732	case 0:
733	dprintk("%s(%s) - no mac\n", __FUNCTION__, CIOCGSESSSTR);
734	break;
735	case CRYPTO_NULL_HMAC:
736	info.authsize = NULL_HASH_LEN;
737	break;
738	case CRYPTO_MD5:
739	info.authsize = MD5_HASH_LEN;
740	break;
741	case CRYPTO_SHA1:
742	info.authsize = SHA1_HASH_LEN;
743	break;
744	case CRYPTO_SHA2_256:
745	info.authsize = SHA2_256_HASH_LEN;
746	break;
747	case CRYPTO_SHA2_384:
748	info.authsize = SHA2_384_HASH_LEN;
749	break;
750	case CRYPTO_SHA2_512:
751	info.authsize = SHA2_512_HASH_LEN;
752	break;
753	case CRYPTO_RIPEMD160:
754	info.authsize = RIPEMD160_HASH_LEN;
755	break;
756	case CRYPTO_MD5_HMAC:
757	info.authsize = MD5_HASH_LEN;
758	info.authkey = 16;
759	break;
760	case CRYPTO_SHA1_HMAC:
761	info.authsize = SHA1_HASH_LEN;
762	info.authkey = 20;
763	break;
764	case CRYPTO_SHA2_256_HMAC:
765	info.authsize = SHA2_256_HASH_LEN;
766	info.authkey = 32;
767	break;
768	case CRYPTO_SHA2_384_HMAC:
769	info.authsize = SHA2_384_HASH_LEN;
770	info.authkey = 48;
771	break;
772	case CRYPTO_SHA2_512_HMAC:
773	info.authsize = SHA2_512_HASH_LEN;
774	info.authkey = 64;
775	break;
776	case CRYPTO_RIPEMD160_HMAC:
777	info.authsize = RIPEMD160_HASH_LEN;
778	info.authkey = 20;
779	break;
780	default:
781	dprintk("%s(%s) - bad mac\n", __FUNCTION__, CIOCGSESSSTR);
782	error = EINVAL;
783	goto bail;
784	}
785
786	if (info.blocksize) {
787	crie.cri_alg = sop.cipher;
788	crie.cri_klen = sop.keylen * 8;
789	if ((info.maxkey && sop.keylen > info.maxkey) \|\|
790	sop.keylen < info.minkey) {
791	dprintk("%s(%s) - bad key\n", __FUNCTION__, CIOCGSESSSTR);
792	error = EINVAL;
793	goto bail;
794	}
795
796	crie.cri_key = (u_int8_t *) kmalloc(crie.cri_klen/8+1, GFP_KERNEL);
797	if (copy_from_user(crie.cri_key, sop.key,
798	crie.cri_klen/8)) {
799	dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
800	error = EFAULT;
801	goto bail;
802	}
803	if (info.authsize)
804	crie.cri_next = &cria;
805	}
806
807	if (info.authsize) {
808	cria.cri_alg = sop.mac;
809	cria.cri_klen = sop.mackeylen * 8;
810	if (info.authkey && sop.mackeylen != info.authkey) {
811	dprintk("%s(%s) - mackeylen %d != %d\n", __FUNCTION__,
812	CIOCGSESSSTR, sop.mackeylen, info.authkey);
813	error = EINVAL;
814	goto bail;
815	}
816
817	if (cria.cri_klen) {
818	cria.cri_key = (u_int8_t *) kmalloc(cria.cri_klen/8,GFP_KERNEL);
819	if (copy_from_user(cria.cri_key, sop.mackey,
820	cria.cri_klen / 8)) {
821	dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
822	error = EFAULT;
823	goto bail;
824	}
825	}
826	}
827
828	/* NB: CIOGSESSION2 has the crid */
829	if (cmd == CIOCGSESSION2) {
830	crid = sop.crid;
831	error = checkcrid(crid);
832	if (error) {
833	dprintk("%s(%s) - checkcrid %x\n", __FUNCTION__,
834	CIOCGSESSSTR, error);
835	goto bail;
836	}
837	} else {
838	/* allow either HW or SW to be used */
839	crid = CRYPTOCAP_F_HARDWARE \| CRYPTOCAP_F_SOFTWARE;
840	}
841	error = crypto_newsession(&sid, (info.blocksize ? &crie : &cria), crid);
842	if (error) {
843	dprintk("%s(%s) - newsession %d\n",__FUNCTION__,CIOCGSESSSTR,error);
844	goto bail;
845	}
846
847	cse = csecreate(fcr, sid, &crie, &cria, &info);
848	if (cse == NULL) {
849	crypto_freesession(sid);
850	error = EINVAL;
851	dprintk("%s(%s) - csecreate failed\n", __FUNCTION__, CIOCGSESSSTR);
852	goto bail;
853	}
854	sop.ses = cse->ses;
855
856	if (cmd == CIOCGSESSION2) {
857	/* return hardware/driver id */
858	sop.crid = CRYPTO_SESID2HID(cse->sid);
859	}
860
861	if (copy_to_user((void*)arg, &sop, (cmd == CIOCGSESSION) ?
862	sizeof(struct session_op) : sizeof(sop))) {
863	dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
864	error = EFAULT;
865	}
866	bail:
867	if (error) {
868	dprintk("%s(%s) - bail %d\n", __FUNCTION__, CIOCGSESSSTR, error);
869	if (crie.cri_key)
870	kfree(crie.cri_key);
871	if (cria.cri_key)
872	kfree(cria.cri_key);
873	}
874	break;
875	case CIOCFSESSION:
876	dprintk("%s(CIOCFSESSION)\n", __FUNCTION__);
877	get_user(ses, (uint32_t*)arg);
878	cse = csefind(fcr, ses);
879	if (cse == NULL) {
880	error = EINVAL;
881	dprintk("%s(CIOCFSESSION) - Fail %d\n", __FUNCTION__, error);
882	break;
883	}
884	csedelete(fcr, cse);
885	error = csefree(cse);
886	break;
887	case CIOCCRYPT:
888	dprintk("%s(CIOCCRYPT)\n", __FUNCTION__);
889	if(copy_from_user(&cop, (void*)arg, sizeof(cop))) {
890	dprintk("%s(CIOCCRYPT) - bad copy\n", __FUNCTION__);
891	error = EFAULT;
892	goto bail;
893	}
894	cse = csefind(fcr, cop.ses);
895	if (cse == NULL) {
896	error = EINVAL;
897	dprintk("%s(CIOCCRYPT) - Fail %d\n", __FUNCTION__, error);
898	break;
899	}
900	error = cryptodev_op(cse, &cop);
901	if(copy_to_user((void*)arg, &cop, sizeof(cop))) {
902	dprintk("%s(CIOCCRYPT) - bad return copy\n", __FUNCTION__);
903	error = EFAULT;
904	goto bail;
905	}
906	break;
907	case CIOCKEY:
908	case CIOCKEY2:
909	dprintk("%s(CIOCKEY)\n", __FUNCTION__);
910	if (!crypto_userasymcrypto)
911	return (EPERM); /* XXX compat? */
912	if(copy_from_user(&kop, (void*)arg, sizeof(kop))) {
913	dprintk("%s(CIOCKEY) - bad copy\n", __FUNCTION__);
914	error = EFAULT;
915	goto bail;
916	}
917	if (cmd == CIOCKEY) {
918	/* NB: crypto core enforces s/w driver use */
919	kop.crk_crid =
920	CRYPTOCAP_F_HARDWARE \| CRYPTOCAP_F_SOFTWARE;
921	}
922	error = cryptodev_key(&kop);
923	if(copy_to_user((void*)arg, &kop, sizeof(kop))) {
924	dprintk("%s(CIOCGKEY) - bad return copy\n", __FUNCTION__);
925	error = EFAULT;
926	goto bail;
927	}
928	break;
929	case CIOCASYMFEAT:
930	dprintk("%s(CIOCASYMFEAT)\n", __FUNCTION__);
931	if (!crypto_userasymcrypto) {
932	/*
933	* NB: if user asym crypto operations are
934	* not permitted return "no algorithms"
935	* so well-behaved applications will just
936	* fallback to doing them in software.
937	*/
938	feat = 0;
939	} else
940	error = crypto_getfeat(&feat);
941	if (!error) {
942	error = copy_to_user((void*)arg, &feat, sizeof(feat));
943	}
944	break;
945	case CIOCFINDDEV:
946	if (copy_from_user(&fop, (void*)arg, sizeof(fop))) {
947	dprintk("%s(CIOCFINDDEV) - bad copy\n", __FUNCTION__);
948	error = EFAULT;
949	goto bail;
950	}
951	error = cryptodev_find(&fop);
952	if (copy_to_user((void*)arg, &fop, sizeof(fop))) {
953	dprintk("%s(CIOCFINDDEV) - bad return copy\n", __FUNCTION__);
954	error = EFAULT;
955	goto bail;
956	}
957	break;
958	default:
959	dprintk("%s(unknown ioctl 0x%x)\n", __FUNCTION__, cmd);
960	error = EINVAL;
961	break;
962	}
963	return(-error);
964	}
965
966	#ifdef HAVE_UNLOCKED_IOCTL
967	static long
968	cryptodev_unlocked_ioctl(
969	struct file *filp,
970	unsigned int cmd,
971	unsigned long arg)
972	{
973	return cryptodev_ioctl(NULL, filp, cmd, arg);
974	}
975	#endif
976
977	static int
978	cryptodev_open(struct inode inode, struct file filp)
979	{
980	struct fcrypt *fcr;
981
982	dprintk("%s()\n", __FUNCTION__);
983	#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
984	/*
985	* on 2.6.35 private_data points to a miscdevice structure, we override
986	* it, which is currently safe to do.
987	*/
988	if (filp->private_data) {
989	printk("cryptodev: Private data already exists - %p!\n", filp->private_data);
990	return(-ENODEV);
991	}
992	#endif
993
994	fcr = kmalloc(sizeof(*fcr), GFP_KERNEL);
995	if (!fcr) {
996	dprintk("%s() - malloc failed\n", __FUNCTION__);
997	return(-ENOMEM);
998	}
999	memset(fcr, 0, sizeof(*fcr));
1000
1001	INIT_LIST_HEAD(&fcr->csessions);
1002	filp->private_data = fcr;
1003	return(0);
1004	}
1005
1006	static int
1007	cryptodev_release(struct inode inode, struct file filp)
1008	{
1009	struct fcrypt *fcr = filp->private_data;
1010	struct csession cse, tmp;
1011
1012	dprintk("%s()\n", __FUNCTION__);
1013	if (!filp) {
1014	printk("cryptodev: No private data on release\n");
1015	return(0);
1016	}
1017
1018	list_for_each_entry_safe(cse, tmp, &fcr->csessions, list) {
1019	list_del(&cse->list);
1020	(void)csefree(cse);
1021	}
1022	filp->private_data = NULL;
1023	kfree(fcr);
1024	return(0);
1025	}
1026
1027	static struct file_operations cryptodev_fops = {
1028	.owner = THIS_MODULE,
1029	.open = cryptodev_open,
1030	.release = cryptodev_release,
1031	#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36)
1032	.ioctl = cryptodev_ioctl,
1033	#endif
1034	#ifdef HAVE_UNLOCKED_IOCTL
1035	.unlocked_ioctl = cryptodev_unlocked_ioctl,
1036	#endif
1037	};
1038
1039	static struct miscdevice cryptodev = {
1040	.minor = CRYPTODEV_MINOR,
1041	.name = "crypto",
1042	.fops = &cryptodev_fops,
1043	};
1044
1045	static int __init
1046	cryptodev_init(void)
1047	{
1048	int rc;
1049
1050	dprintk("%s(%p)\n", __FUNCTION__, cryptodev_init);
1051	rc = misc_register(&cryptodev);
1052	if (rc) {
1053	printk(KERN_ERR "cryptodev: registration of /dev/crypto failed\n");
1054	return(rc);
1055	}
1056
1057	return(0);
1058	}
1059
1060	static void __exit
1061	cryptodev_exit(void)
1062	{
1063	dprintk("%s()\n", __FUNCTION__);
1064	misc_deregister(&cryptodev);
1065	}
1066
1067	module_init(cryptodev_init);
1068	module_exit(cryptodev_exit);
1069
1070	MODULE_LICENSE("BSD");
1071	MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
1072	MODULE_DESCRIPTION("Cryptodev (user interface to OCF)");
1073

Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl

OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/target/linux/generic/files/crypto/ocf/cryptodev.c

interactive