diff options
| -rw-r--r-- | cryptodev_cipher.c | 426 | ||||
| -rw-r--r-- | cryptodev_int.h | 28 | ||||
| -rw-r--r-- | cryptodev_main.c | 63 |
3 files changed, 469 insertions, 48 deletions
diff --git a/cryptodev_cipher.c b/cryptodev_cipher.c new file mode 100644 index 0000000..49bd618 --- /dev/null +++ b/cryptodev_cipher.c @@ -0,0 +1,426 @@ +/* + * Driver for /dev/crypto device (aka CryptoDev) + * + * Copyright (c) 2010 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * + * This file is part of linux cryptodev. + * + * cryptodev is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * cryptodev is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <linux/crypto.h> +#include <linux/mm.h> +#include <linux/highmem.h> +#include <linux/random.h> +#include <asm/uaccess.h> +#include <asm/ioctl.h> +#include <linux/scatterlist.h> +#include <crypto/algapi.h> +#include <crypto/hash.h> +#include "cryptodev.h" +#include "cryptodev_int.h" + + +struct cryptodev_result { + struct completion completion; + int err; +}; + +static void cryptodev_complete(struct crypto_async_request *req, int err) +{ + struct cryptodev_result *res = req->data; + + if (err == -EINPROGRESS) + return; + + res->err = err; + complete(&res->completion); +} + +int cryptodev_cipher_init(struct cipher_data* out, const char* alg_name, __user uint8_t * key, size_t keylen) +{ + uint8_t keyp[CRYPTO_CIPHER_MAX_KEY_LEN]; + int ret; + + memset(out, 0, sizeof(*out)); + + if (crypto_has_ablkcipher(alg_name, 0, 0) != 0) { + out->type = 2; + } else { + out->type = 1; + } + + if (unlikely(keylen > CRYPTO_CIPHER_MAX_KEY_LEN)) { + printk(KERN_DEBUG"Setting key failed for %s-%zu.\n", + alg_name, keylen*8); + return -EINVAL; + } + /* Copy the key from user and set to TFM. */ + copy_from_user(keyp, key, keylen); + + if (out->type == 1) { + struct blkcipher_alg* alg; + + out->u.blk.s = crypto_alloc_blkcipher(alg_name, 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(out->u.blk.s)) { + printk(KERN_DEBUG"%s: Failed to load cipher %s\n", __func__, + alg_name); + return -EINVAL; + } + + alg = crypto_blkcipher_alg(out->u.blk.s); + + if (alg != NULL) { + /* Was correct key length supplied? */ + if ((keylen < alg->min_keysize) || + (keylen > alg->max_keysize)) { + printk(KERN_DEBUG"Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.\n", + keylen, alg_name, alg->min_keysize, + alg->max_keysize); + ret = -EINVAL; + goto error; + } + } + + ret = crypto_blkcipher_setkey(out->u.blk.s, keyp, keylen); + if (ret) { + printk(KERN_DEBUG"Setting key failed for %s-%zu.\n", + alg_name, keylen*8); + ret = -EINVAL; + goto error; + } + + out->blocksize = crypto_blkcipher_blocksize(out->u.blk.s); + out->ivsize = crypto_blkcipher_ivsize(out->u.blk.s); + + out->u.blk.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; + out->u.blk.desc.tfm = out->u.blk.s; + + } else { /* async */ + struct ablkcipher_alg* alg; + + out->u.ablk.s = crypto_alloc_ablkcipher(alg_name, 0, 0); + if (IS_ERR(out->u.ablk.s)) { + printk(KERN_DEBUG"%s: Failed to load cipher %s\n", __func__, + alg_name); + return -EINVAL; + } + + alg = crypto_ablkcipher_alg(out->u.ablk.s); + + if (alg != NULL) { + /* Was correct key length supplied? */ + if ((keylen < alg->min_keysize) || + (keylen > alg->max_keysize)) { + printk(KERN_DEBUG"Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.\n", + keylen, alg_name, alg->min_keysize, + alg->max_keysize); + ret = -EINVAL; + goto error; + } + } + + ret = crypto_ablkcipher_setkey(out->u.ablk.s, keyp, keylen); + if (ret) { + printk(KERN_DEBUG"Setting key failed for %s-%zu.\n", + alg_name, keylen*8); + ret = -EINVAL; + goto error; + } + + out->blocksize = crypto_ablkcipher_blocksize(out->u.ablk.s); + out->ivsize = crypto_ablkcipher_ivsize(out->u.ablk.s); + + out->u.ablk.async_result = kmalloc(sizeof(*out->u.ablk.async_result), GFP_KERNEL); + if (!out->u.ablk.async_result) { + ret = -ENOMEM; + goto error; + } + + memset(out->u.ablk.async_result, 0, sizeof(*out->u.ablk.async_result)); + init_completion(&out->u.ablk.async_result->completion); + + out->u.ablk.async_request = ablkcipher_request_alloc(out->u.ablk.s, GFP_KERNEL); + if (!out->u.ablk.async_request) { + printk(KERN_ERR"error allocating async crypto request\n"); + ret = -ENOMEM; + goto error; + } + + ablkcipher_request_set_callback(out->u.ablk.async_request, CRYPTO_TFM_REQ_MAY_BACKLOG, + cryptodev_complete, out->u.ablk.async_result); + } + + return 0; +error: + if (out->type == 1) + crypto_free_blkcipher(out->u.blk.s); + else { + crypto_free_ablkcipher(out->u.ablk.s); + kfree(out->u.ablk.async_result); + ablkcipher_request_free(out->u.ablk.async_request); + } + + return ret; +} + +void cryptodev_cipher_deinit(struct cipher_data* cdata) +{ + if (cdata->type == 1) + crypto_free_blkcipher(cdata->u.blk.s); + else if (cdata->type == 2) { + crypto_free_ablkcipher(cdata->u.ablk.s); + kfree(cdata->u.ablk.async_result); + ablkcipher_request_free(cdata->u.ablk.async_request); + } + cdata->type = 0; +} + +void cryptodev_cipher_set_iv(struct cipher_data* cdata, void* iv, size_t iv_size) +{ + if (cdata->type == 1) + crypto_blkcipher_set_iv(cdata->u.blk.s, iv, iv_size); + else + memcpy(cdata->u.ablk.iv, iv, min(iv_size,sizeof(*cdata->u.ablk.iv))); +} + +static inline int waitfor (struct cryptodev_result* cr, ssize_t ret) +{ + switch (ret) { + case 0: + break; + case -EINPROGRESS: + case -EBUSY: + ret = wait_for_completion_interruptible( + &cr->completion); + /* no error from wait_for_completion */ + if (ret) { + printk(KERN_ERR"error waiting for async request completion: %zd\n", ret); + return ret; + } + break; + default: + return ret; + } + + return 0; +} + +ssize_t cryptodev_cipher_encrypt( struct cipher_data* cdata, struct scatterlist *sg1, struct scatterlist *sg2, size_t len) +{ + if (cdata->type == 1) + return crypto_blkcipher_encrypt(&cdata->u.blk.desc, sg1, sg2, len); + else { + int ret; + + INIT_COMPLETION(cdata->u.ablk.async_result->completion); + ablkcipher_request_set_crypt(cdata->u.ablk.async_request, sg1, sg2, + len, cdata->u.ablk.iv); + ret = crypto_ablkcipher_encrypt(cdata->u.ablk.async_request); + + return waitfor(cdata->u.ablk.async_result,ret); + } +} + +ssize_t cryptodev_cipher_decrypt( struct cipher_data* cdata, struct scatterlist *sg1, struct scatterlist *sg2, size_t len) +{ + if (cdata->type == 1) + return crypto_blkcipher_encrypt(&cdata->u.blk.desc, sg1, sg2, len); + else { + int ret; + + INIT_COMPLETION(cdata->u.ablk.async_result->completion); + ablkcipher_request_set_crypt(cdata->u.ablk.async_request, sg1, sg2, + len, cdata->u.ablk.iv); + ret = crypto_ablkcipher_decrypt(cdata->u.ablk.async_request); + + return waitfor(cdata->u.ablk.async_result, ret); + } +} + +/* Hash functions */ + +static int _crypto_has_ahash(const char* alg_name) +{ +uint32_t type = 0, mask = 0; + type &= ~CRYPTO_ALG_TYPE_MASK; + mask &= ~CRYPTO_ALG_TYPE_MASK; + type |= CRYPTO_ALG_TYPE_AHASH; + mask |= CRYPTO_ALG_TYPE_AHASH_MASK; + + return crypto_has_alg(alg_name, type, mask); +} + +int cryptodev_hash_init( struct hash_data* hdata, const char* alg_name, int hmac_mode, __user void* mackey, size_t mackeylen) +{ +int ret; +uint8_t hkeyp[CRYPTO_HMAC_MAX_KEY_LEN]; + + if (_crypto_has_ahash(alg_name) != 0) { + hdata->type = 2; + } else { + hdata->type = 1; + } + + if (mackeylen > CRYPTO_HMAC_MAX_KEY_LEN) { + printk(KERN_DEBUG"Setting hmac key failed for %s-%zu.\n", + alg_name, mackeylen*8); + return -EINVAL; + } + copy_from_user(hkeyp, mackey, mackeylen); + + if (hdata->type == 1) { + hdata->u.sync.s = crypto_alloc_hash(alg_name, 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(hdata->u.sync.s)) { + printk(KERN_DEBUG"%s: Failed to load transform for %s\n", __func__, + alg_name); + return -EINVAL; + } + + /* Copy the key from user and set to TFM. */ + if (hmac_mode != 0) { + + ret = crypto_hash_setkey(hdata->u.sync.s, hkeyp, mackeylen); + if (ret) { + printk(KERN_DEBUG"Setting hmac key failed for %s-%zu.\n", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; + } + } + + hdata->u.sync.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; + hdata->u.sync.desc.tfm = hdata->u.sync.s; + + hdata->digestsize = crypto_hash_digestsize(hdata->u.sync.s); + + } else { + hdata->u.async.s = crypto_alloc_ahash(alg_name, 0, 0); + if (IS_ERR(hdata->u.async.s)) { + printk(KERN_DEBUG"%s: Failed to load transform for %s\n", __func__, + alg_name); + return -EINVAL; + } + + /* Copy the key from user and set to TFM. */ + if (hmac_mode != 0) { + + ret = crypto_ahash_setkey(hdata->u.async.s, hkeyp, mackeylen); + if (ret) { + printk(KERN_DEBUG"Setting hmac key failed for %s-%zu.\n", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; + } + } + + hdata->digestsize = crypto_ahash_digestsize(hdata->u.async.s); + + hdata->u.async.async_result = kmalloc(sizeof(*hdata->u.async.async_result), GFP_KERNEL); + if (!hdata->u.async.async_result) { + ret = -ENOMEM; + goto error; + } + + memset(hdata->u.async.async_result, 0, sizeof(*hdata->u.async.async_result)); + init_completion(&hdata->u.async.async_result->completion); + + hdata->u.async.async_request = ahash_request_alloc(hdata->u.async.s, GFP_KERNEL); + if (!hdata->u.async.async_request) { + printk(KERN_ERR"error allocating async crypto request\n"); + ret = -ENOMEM; + goto error; + } + + ahash_request_set_callback(hdata->u.async.async_request, CRYPTO_TFM_REQ_MAY_BACKLOG, + cryptodev_complete, hdata->u.async.async_result); + + + } + + return 0; + +error: + if (hdata->type == 1) + crypto_free_hash(hdata->u.sync.s); + else + crypto_free_ahash(hdata->u.async.s); + return ret; +} + +void cryptodev_hash_deinit(struct hash_data* hdata) +{ + if (hdata->type == 1) + crypto_free_hash(hdata->u.sync.s); + else if (hdata->type == 2) + crypto_free_ahash(hdata->u.async.s); + hdata->type = 0; +} + +int cryptodev_hash_reset( struct hash_data* hdata) +{ +int ret; + if (hdata->type == 1) { + ret = crypto_hash_init(&hdata->u.sync.desc); + if (unlikely(ret)) { + printk(KERN_ERR + "error in crypto_hash_init()\n"); + return ret; + } + } else { + ret = crypto_ahash_init(hdata->u.async.async_request); + if (unlikely(ret)) { + printk(KERN_ERR + "error in crypto_hash_init()\n"); + return ret; + } + } + + return 0; + +} + +ssize_t cryptodev_hash_update( struct hash_data* hdata, struct scatterlist *sg, size_t len) +{ + if (hdata->type == 1) + return crypto_hash_update(&hdata->u.sync.desc, sg, len); + else { + int ret; + + INIT_COMPLETION(hdata->u.async.async_result->completion); + ahash_request_set_crypt(hdata->u.async.async_request, sg, NULL, + len); + + ret = crypto_ahash_update(hdata->u.async.async_request); + + return waitfor(hdata->u.async.async_result,ret); + } +} + + +int cryptodev_hash_final( struct hash_data* hdata, void* output) +{ + if (hdata->type == 1) + return crypto_hash_final(&hdata->u.sync.desc, output); + else { + int ret; + + INIT_COMPLETION(hdata->u.async.async_result->completion); + ahash_request_set_crypt(hdata->u.async.async_request, NULL, output, 0); + + ret = crypto_ahash_final(hdata->u.async.async_request); + + return waitfor(hdata->u.async.async_result,ret); + } +} diff --git a/cryptodev_int.h b/cryptodev_int.h index f91bea7..3aab19c 100644 --- a/cryptodev_int.h +++ b/cryptodev_int.h @@ -1,3 +1,5 @@ +/* cipher stuff */ + struct cipher_data { int type; /* 1 synchronous, 2 async, 0 uninitialized */ @@ -22,3 +24,29 @@ void cryptodev_cipher_deinit(struct cipher_data* cdata); ssize_t cryptodev_cipher_decrypt( struct cipher_data* cdata, struct scatterlist *sg1, struct scatterlist *sg2, size_t len); ssize_t cryptodev_cipher_encrypt( struct cipher_data* cdata, struct scatterlist *sg1, struct scatterlist *sg2, size_t len); void cryptodev_cipher_set_iv(struct cipher_data* cdata, void* iv, size_t iv_size); + +/* hash stuff */ +struct hash_data +{ + int type; /* 1 synchronous, 2 async, 0 uninitialized */ + int digestsize; + union { + struct { + struct crypto_hash* s; + struct hash_desc desc; + } sync; + struct { + struct crypto_ahash *s; + struct cryptodev_result *async_result; + struct ahash_request *async_request; + } async; + } u; + +}; + +int cryptodev_hash_final( struct hash_data* hdata, void* output); +ssize_t cryptodev_hash_update( struct hash_data* hdata, struct scatterlist *sg, size_t len); +int cryptodev_hash_reset( struct hash_data* hdata); +void cryptodev_hash_deinit(struct hash_data* hdata); +int cryptodev_hash_init( struct hash_data* hdata, const char* alg_name, int hmac_mode, __user void* mackey, size_t mackeylen); + diff --git a/cryptodev_main.c b/cryptodev_main.c index 2685161..139bb26 100644 --- a/cryptodev_main.c +++ b/cryptodev_main.c @@ -94,7 +94,7 @@ struct csession { struct list_head entry; struct semaphore sem; struct cipher_data cdata; - struct crypto_hash *hash_tfm; + struct hash_data hdata; uint32_t sid; #ifdef CRYPTODEV_STATS #if ! ((COP_ENCRYPT < 2) && (COP_DECRYPT < 2)) @@ -115,7 +115,6 @@ static int crypto_create_session(struct fcrypt *fcr, struct session_op *sop) { struct csession *ses_new, *ses_ptr; - struct crypto_hash *hash_tfm=NULL; int ret = 0; const char *alg_name=NULL; const char *hash_name=NULL; @@ -222,39 +221,16 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) } if (hash_name) { - hash_tfm = crypto_alloc_hash(hash_name, 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(hash_tfm)) { + ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode, sop->mackey, sop->mackeylen); + if (ret != 0) { dprintk(1,KERN_DEBUG,"%s: Failed to load transform for %s\n", __func__, hash_name); return -EINVAL; } - - /* Copy the key from user and set to TFM. */ - if (hmac_mode != 0) { - uint8_t hkeyp[CRYPTO_HMAC_MAX_KEY_LEN]; - - if (sop->mackeylen > CRYPTO_HMAC_MAX_KEY_LEN) { - dprintk(0,KERN_DEBUG,"Setting hmac key failed for %s-%zu.\n", - hash_name, sop->mackeylen*8); - ret = -EINVAL; - goto error; - } - - copy_from_user(hkeyp, sop->mackey, sop->mackeylen); - ret = crypto_hash_setkey(hash_tfm, hkeyp, sop->mackeylen); - if (ret) { - dprintk(0,KERN_DEBUG,"Setting hmac key failed for %s-%zu.\n", - hash_name, sop->mackeylen*8); - ret = -EINVAL; - goto error; - } - } - } /* put the new session to the list */ get_random_bytes(&ses_new->sid, sizeof(ses_new->sid)); - ses_new->hash_tfm = hash_tfm; init_MUTEX(&ses_new->sem); down(&fcr->sem); @@ -279,8 +255,7 @@ restart: error: cryptodev_cipher_deinit( &ses_new->cdata); - if (hash_tfm) - crypto_free_hash(hash_tfm); + cryptodev_hash_deinit( &ses_new->hdata); return ret; @@ -308,10 +283,7 @@ crypto_destroy_session(struct csession *ses_ptr) ses_ptr->stat_count); #endif cryptodev_cipher_deinit(&ses_ptr->cdata); - if (ses_ptr->hash_tfm) { - crypto_free_hash(ses_ptr->hash_tfm); - ses_ptr->hash_tfm = NULL; - } + cryptodev_hash_deinit(&ses_ptr->hdata); up(&ses_ptr->sem); kfree(ses_ptr); } @@ -393,10 +365,6 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop) size_t nbytes, bufsize; int ret = 0; uint8_t hash_output[HASH_MAX_LEN]; - struct hash_desc hdesc = { - .flags = CRYPTO_TFM_REQ_MAY_SLEEP, - }; - if (unlikely(cop->op != COP_ENCRYPT && cop->op != COP_DECRYPT)) { dprintk(1, KERN_DEBUG, "invalid operation op=%u\n", cop->op); @@ -420,12 +388,11 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop) nbytes = cop->len; - hdesc.tfm = ses_ptr->hash_tfm; - if (hdesc.tfm) { - ret = crypto_hash_init(&hdesc); + if (ses_ptr->hdata.type != 0) { + ret = cryptodev_hash_reset(&ses_ptr->hdata); if (unlikely(ret)) { dprintk(1, KERN_ERR, - "error in crypto_hash_init()\n"); + "error in cryptodev_hash_reset()\n"); goto out_unlock; } } @@ -464,8 +431,8 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop) * we should introduce a flag to switch... TBD later on. */ if (cop->op == COP_ENCRYPT) { - if (hdesc.tfm) { - ret = crypto_hash_update(&hdesc, &sg, current_len); + if (ses_ptr->hdata.type != 0) { + ret = cryptodev_hash_update(&ses_ptr->hdata, &sg, current_len); if (unlikely(ret)) { dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n",ret); goto out; @@ -494,8 +461,8 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop) } - if (hdesc.tfm) { - ret = crypto_hash_update(&hdesc, &sg, current_len); + if (ses_ptr->hdata.type != 0) { + ret = cryptodev_hash_update(&ses_ptr->hdata, &sg, current_len); if (unlikely(ret)) { dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n",ret); goto out; @@ -507,14 +474,14 @@ crypto_run(struct fcrypt *fcr, struct crypt_op *cop) src += current_len; } - if (hdesc.tfm) { - ret = crypto_hash_final(&hdesc, hash_output); + if (ses_ptr->hdata.type != 0) { + ret = cryptodev_hash_final(&ses_ptr->hdata, hash_output); if (unlikely(ret)) { dprintk(0, KERN_ERR, "CryptoAPI failure: %d\n",ret); goto out; } - copy_to_user(cop->mac, hash_output, crypto_hash_digestsize(ses_ptr->hash_tfm)); + copy_to_user(cop->mac, hash_output, ses_ptr->hdata.digestsize); } #if defined(CRYPTODEV_STATS) |