cryptodev.c revision 345033
1/* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3/*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. The name of the author may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * Effort sponsored in part by the Defense Advanced Research Projects 37 * Agency (DARPA) and Air Force Research Laboratory, Air Force 38 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 39 */ 40 41#include <sys/cdefs.h> 42__FBSDID("$FreeBSD: stable/11/sys/opencrypto/cryptodev.c 345033 2019-03-11 22:17:53Z jhb $"); 43 44#include "opt_compat.h" 45 46#include <sys/param.h> 47#include <sys/systm.h> 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50#include <sys/lock.h> 51#include <sys/mutex.h> 52#include <sys/sysctl.h> 53#include <sys/file.h> 54#include <sys/filedesc.h> 55#include <sys/errno.h> 56#include <sys/uio.h> 57#include <sys/random.h> 58#include <sys/conf.h> 59#include <sys/kernel.h> 60#include <sys/module.h> 61#include <sys/fcntl.h> 62#include <sys/bus.h> 63#include <sys/user.h> 64#include <sys/sdt.h> 65 66#include <opencrypto/cryptodev.h> 67#include <opencrypto/xform.h> 68 69SDT_PROVIDER_DECLARE(opencrypto); 70 71SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 72 73#ifdef COMPAT_FREEBSD32 74#include <sys/mount.h> 75#include <compat/freebsd32/freebsd32.h> 76 77struct session_op32 { 78 u_int32_t cipher; 79 u_int32_t mac; 80 u_int32_t keylen; 81 u_int32_t key; 82 int mackeylen; 83 u_int32_t mackey; 84 u_int32_t ses; 85}; 86 87struct session2_op32 { 88 u_int32_t cipher; 89 u_int32_t mac; 90 u_int32_t keylen; 91 u_int32_t key; 92 int mackeylen; 93 u_int32_t mackey; 94 u_int32_t ses; 95 int crid; 96 int pad[4]; 97}; 98 99struct crypt_op32 { 100 u_int32_t ses; 101 u_int16_t op; 102 u_int16_t flags; 103 u_int len; 104 u_int32_t src, dst; 105 u_int32_t mac; 106 u_int32_t iv; 107}; 108 109struct crparam32 { 110 u_int32_t crp_p; 111 u_int crp_nbits; 112}; 113 114struct crypt_kop32 { 115 u_int crk_op; 116 u_int crk_status; 117 u_short crk_iparams; 118 u_short crk_oparams; 119 u_int crk_crid; 120 struct crparam32 crk_param[CRK_MAXPARAM]; 121}; 122 123struct cryptotstat32 { 124 struct timespec32 acc; 125 struct timespec32 min; 126 struct timespec32 max; 127 u_int32_t count; 128}; 129 130struct cryptostats32 { 131 u_int32_t cs_ops; 132 u_int32_t cs_errs; 133 u_int32_t cs_kops; 134 u_int32_t cs_kerrs; 135 u_int32_t cs_intrs; 136 u_int32_t cs_rets; 137 u_int32_t cs_blocks; 138 u_int32_t cs_kblocks; 139 struct cryptotstat32 cs_invoke; 140 struct cryptotstat32 cs_done; 141 struct cryptotstat32 cs_cb; 142 struct cryptotstat32 cs_finis; 143}; 144 145#define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 146#define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 147#define CIOCKEY32 _IOWR('c', 104, struct crypt_kop32) 148#define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 149#define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32) 150 151static void 152session_op_from_32(const struct session_op32 *from, struct session_op *to) 153{ 154 155 CP(*from, *to, cipher); 156 CP(*from, *to, mac); 157 CP(*from, *to, keylen); 158 PTRIN_CP(*from, *to, key); 159 CP(*from, *to, mackeylen); 160 PTRIN_CP(*from, *to, mackey); 161 CP(*from, *to, ses); 162} 163 164static void 165session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 166{ 167 168 session_op_from_32((const struct session_op32 *)from, 169 (struct session_op *)to); 170 CP(*from, *to, crid); 171} 172 173static void 174session_op_to_32(const struct session_op *from, struct session_op32 *to) 175{ 176 177 CP(*from, *to, cipher); 178 CP(*from, *to, mac); 179 CP(*from, *to, keylen); 180 PTROUT_CP(*from, *to, key); 181 CP(*from, *to, mackeylen); 182 PTROUT_CP(*from, *to, mackey); 183 CP(*from, *to, ses); 184} 185 186static void 187session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 188{ 189 190 session_op_to_32((const struct session_op *)from, 191 (struct session_op32 *)to); 192 CP(*from, *to, crid); 193} 194 195static void 196crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 197{ 198 199 CP(*from, *to, ses); 200 CP(*from, *to, op); 201 CP(*from, *to, flags); 202 CP(*from, *to, len); 203 PTRIN_CP(*from, *to, src); 204 PTRIN_CP(*from, *to, dst); 205 PTRIN_CP(*from, *to, mac); 206 PTRIN_CP(*from, *to, iv); 207} 208 209static void 210crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 211{ 212 213 CP(*from, *to, ses); 214 CP(*from, *to, op); 215 CP(*from, *to, flags); 216 CP(*from, *to, len); 217 PTROUT_CP(*from, *to, src); 218 PTROUT_CP(*from, *to, dst); 219 PTROUT_CP(*from, *to, mac); 220 PTROUT_CP(*from, *to, iv); 221} 222 223static void 224crparam_from_32(const struct crparam32 *from, struct crparam *to) 225{ 226 227 PTRIN_CP(*from, *to, crp_p); 228 CP(*from, *to, crp_nbits); 229} 230 231static void 232crparam_to_32(const struct crparam *from, struct crparam32 *to) 233{ 234 235 PTROUT_CP(*from, *to, crp_p); 236 CP(*from, *to, crp_nbits); 237} 238 239static void 240crypt_kop_from_32(const struct crypt_kop32 *from, struct crypt_kop *to) 241{ 242 int i; 243 244 CP(*from, *to, crk_op); 245 CP(*from, *to, crk_status); 246 CP(*from, *to, crk_iparams); 247 CP(*from, *to, crk_oparams); 248 CP(*from, *to, crk_crid); 249 for (i = 0; i < CRK_MAXPARAM; i++) 250 crparam_from_32(&from->crk_param[i], &to->crk_param[i]); 251} 252 253static void 254crypt_kop_to_32(const struct crypt_kop *from, struct crypt_kop32 *to) 255{ 256 int i; 257 258 CP(*from, *to, crk_op); 259 CP(*from, *to, crk_status); 260 CP(*from, *to, crk_iparams); 261 CP(*from, *to, crk_oparams); 262 CP(*from, *to, crk_crid); 263 for (i = 0; i < CRK_MAXPARAM; i++) 264 crparam_to_32(&from->crk_param[i], &to->crk_param[i]); 265} 266#endif 267 268struct csession { 269 TAILQ_ENTRY(csession) next; 270 u_int64_t sid; 271 u_int32_t ses; 272 struct mtx lock; /* for op submission */ 273 274 u_int32_t cipher; 275 struct enc_xform *txform; 276 u_int32_t mac; 277 struct auth_hash *thash; 278 279 caddr_t key; 280 int keylen; 281 282 caddr_t mackey; 283 int mackeylen; 284}; 285 286struct cryptop_data { 287 struct csession *cse; 288 289 struct iovec iovec[1]; 290 struct uio uio; 291 bool done; 292}; 293 294struct fcrypt { 295 TAILQ_HEAD(csessionlist, csession) csessions; 296 int sesn; 297}; 298 299static int cryptof_ioctl(struct file *, u_long, void *, 300 struct ucred *, struct thread *); 301static int cryptof_stat(struct file *, struct stat *, 302 struct ucred *, struct thread *); 303static int cryptof_close(struct file *, struct thread *); 304static int cryptof_fill_kinfo(struct file *, struct kinfo_file *, 305 struct filedesc *); 306 307static struct fileops cryptofops = { 308 .fo_read = invfo_rdwr, 309 .fo_write = invfo_rdwr, 310 .fo_truncate = invfo_truncate, 311 .fo_ioctl = cryptof_ioctl, 312 .fo_poll = invfo_poll, 313 .fo_kqfilter = invfo_kqfilter, 314 .fo_stat = cryptof_stat, 315 .fo_close = cryptof_close, 316 .fo_chmod = invfo_chmod, 317 .fo_chown = invfo_chown, 318 .fo_sendfile = invfo_sendfile, 319 .fo_fill_kinfo = cryptof_fill_kinfo, 320}; 321 322static struct csession *csefind(struct fcrypt *, u_int); 323static int csedelete(struct fcrypt *, struct csession *); 324static struct csession *cseadd(struct fcrypt *, struct csession *); 325static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, 326 u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, 327 struct auth_hash *); 328static int csefree(struct csession *); 329 330static int cryptodev_op(struct csession *, struct crypt_op *, 331 struct ucred *, struct thread *td); 332static int cryptodev_aead(struct csession *, struct crypt_aead *, 333 struct ucred *, struct thread *); 334static int cryptodev_key(struct crypt_kop *); 335static int cryptodev_find(struct crypt_find_op *); 336 337/* 338 * Check a crypto identifier to see if it requested 339 * a software device/driver. This can be done either 340 * by device name/class or through search constraints. 341 */ 342static int 343checkforsoftware(int *cridp) 344{ 345 int crid; 346 347 crid = *cridp; 348 349 if (!crypto_devallowsoft) { 350 if (crid & CRYPTOCAP_F_SOFTWARE) { 351 if (crid & CRYPTOCAP_F_HARDWARE) { 352 *cridp = CRYPTOCAP_F_HARDWARE; 353 return 0; 354 } 355 return EINVAL; 356 } 357 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 358 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 359 return EINVAL; 360 } 361 return 0; 362} 363 364/* ARGSUSED */ 365static int 366cryptof_ioctl( 367 struct file *fp, 368 u_long cmd, 369 void *data, 370 struct ucred *active_cred, 371 struct thread *td) 372{ 373#define SES2(p) ((struct session2_op *)p) 374 struct cryptoini cria, crie; 375 struct fcrypt *fcr = fp->f_data; 376 struct csession *cse; 377 struct session_op *sop; 378 struct crypt_op *cop; 379 struct crypt_aead *caead; 380 struct enc_xform *txform = NULL; 381 struct auth_hash *thash = NULL; 382 struct crypt_kop *kop; 383 u_int64_t sid; 384 u_int32_t ses; 385 int error = 0, crid; 386#ifdef COMPAT_FREEBSD32 387 struct session2_op sopc; 388 struct crypt_op copc; 389 struct crypt_kop kopc; 390#endif 391 392 switch (cmd) { 393 case CIOCGSESSION: 394 case CIOCGSESSION2: 395#ifdef COMPAT_FREEBSD32 396 case CIOCGSESSION32: 397 case CIOCGSESSION232: 398 if (cmd == CIOCGSESSION32) { 399 session_op_from_32(data, (struct session_op *)&sopc); 400 sop = (struct session_op *)&sopc; 401 } else if (cmd == CIOCGSESSION232) { 402 session2_op_from_32(data, &sopc); 403 sop = (struct session_op *)&sopc; 404 } else 405#endif 406 sop = (struct session_op *)data; 407 switch (sop->cipher) { 408 case 0: 409 break; 410 case CRYPTO_DES_CBC: 411 txform = &enc_xform_des; 412 break; 413 case CRYPTO_3DES_CBC: 414 txform = &enc_xform_3des; 415 break; 416 case CRYPTO_BLF_CBC: 417 txform = &enc_xform_blf; 418 break; 419 case CRYPTO_CAST_CBC: 420 txform = &enc_xform_cast5; 421 break; 422 case CRYPTO_SKIPJACK_CBC: 423 txform = &enc_xform_skipjack; 424 break; 425 case CRYPTO_AES_CBC: 426 txform = &enc_xform_rijndael128; 427 break; 428 case CRYPTO_AES_XTS: 429 txform = &enc_xform_aes_xts; 430 break; 431 case CRYPTO_NULL_CBC: 432 txform = &enc_xform_null; 433 break; 434 case CRYPTO_ARC4: 435 txform = &enc_xform_arc4; 436 break; 437 case CRYPTO_CAMELLIA_CBC: 438 txform = &enc_xform_camellia; 439 break; 440 case CRYPTO_AES_ICM: 441 txform = &enc_xform_aes_icm; 442 break; 443 case CRYPTO_AES_NIST_GCM_16: 444 txform = &enc_xform_aes_nist_gcm; 445 break; 446 447 default: 448 CRYPTDEB("invalid cipher"); 449 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 450 return (EINVAL); 451 } 452 453 switch (sop->mac) { 454 case 0: 455 break; 456 case CRYPTO_MD5_HMAC: 457 thash = &auth_hash_hmac_md5; 458 break; 459 case CRYPTO_SHA1_HMAC: 460 thash = &auth_hash_hmac_sha1; 461 break; 462 case CRYPTO_SHA2_256_HMAC: 463 thash = &auth_hash_hmac_sha2_256; 464 break; 465 case CRYPTO_SHA2_384_HMAC: 466 thash = &auth_hash_hmac_sha2_384; 467 break; 468 case CRYPTO_SHA2_512_HMAC: 469 thash = &auth_hash_hmac_sha2_512; 470 break; 471 case CRYPTO_RIPEMD160_HMAC: 472 thash = &auth_hash_hmac_ripemd_160; 473 break; 474 case CRYPTO_AES_128_NIST_GMAC: 475 thash = &auth_hash_nist_gmac_aes_128; 476 break; 477 case CRYPTO_AES_192_NIST_GMAC: 478 thash = &auth_hash_nist_gmac_aes_192; 479 break; 480 case CRYPTO_AES_256_NIST_GMAC: 481 thash = &auth_hash_nist_gmac_aes_256; 482 break; 483 484#ifdef notdef 485 case CRYPTO_MD5: 486 thash = &auth_hash_md5; 487 break; 488 case CRYPTO_SHA1: 489 thash = &auth_hash_sha1; 490 break; 491#endif 492 case CRYPTO_NULL_HMAC: 493 thash = &auth_hash_null; 494 break; 495 default: 496 CRYPTDEB("invalid mac"); 497 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 498 return (EINVAL); 499 } 500 501 bzero(&crie, sizeof(crie)); 502 bzero(&cria, sizeof(cria)); 503 504 if (txform) { 505 crie.cri_alg = txform->type; 506 crie.cri_klen = sop->keylen * 8; 507 if (sop->keylen > txform->maxkey || 508 sop->keylen < txform->minkey) { 509 CRYPTDEB("invalid cipher parameters"); 510 error = EINVAL; 511 SDT_PROBE1(opencrypto, dev, ioctl, error, 512 __LINE__); 513 goto bail; 514 } 515 516 crie.cri_key = malloc(crie.cri_klen / 8, 517 M_XDATA, M_WAITOK); 518 if ((error = copyin(sop->key, crie.cri_key, 519 crie.cri_klen / 8))) { 520 CRYPTDEB("invalid key"); 521 SDT_PROBE1(opencrypto, dev, ioctl, error, 522 __LINE__); 523 goto bail; 524 } 525 if (thash) 526 crie.cri_next = &cria; 527 } 528 529 if (thash) { 530 cria.cri_alg = thash->type; 531 cria.cri_klen = sop->mackeylen * 8; 532 if (sop->mackeylen != thash->keysize) { 533 CRYPTDEB("invalid mac key length"); 534 error = EINVAL; 535 SDT_PROBE1(opencrypto, dev, ioctl, error, 536 __LINE__); 537 goto bail; 538 } 539 540 if (cria.cri_klen) { 541 cria.cri_key = malloc(cria.cri_klen / 8, 542 M_XDATA, M_WAITOK); 543 if ((error = copyin(sop->mackey, cria.cri_key, 544 cria.cri_klen / 8))) { 545 CRYPTDEB("invalid mac key"); 546 SDT_PROBE1(opencrypto, dev, ioctl, 547 error, __LINE__); 548 goto bail; 549 } 550 } 551 } 552 553 /* NB: CIOCGSESSION2 has the crid */ 554 if (cmd == CIOCGSESSION2 555#ifdef COMPAT_FREEBSD32 556 || cmd == CIOCGSESSION232 557#endif 558 ) { 559 crid = SES2(sop)->crid; 560 error = checkforsoftware(&crid); 561 if (error) { 562 CRYPTDEB("checkforsoftware"); 563 SDT_PROBE1(opencrypto, dev, ioctl, error, 564 __LINE__); 565 goto bail; 566 } 567 } else 568 crid = CRYPTOCAP_F_HARDWARE; 569 error = crypto_newsession(&sid, (txform ? &crie : &cria), crid); 570 if (error) { 571 CRYPTDEB("crypto_newsession"); 572 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 573 goto bail; 574 } 575 576 cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, 577 cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, 578 thash); 579 580 if (cse == NULL) { 581 crypto_freesession(sid); 582 error = EINVAL; 583 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 584 CRYPTDEB("csecreate"); 585 goto bail; 586 } 587 sop->ses = cse->ses; 588 if (cmd == CIOCGSESSION2 589#ifdef COMPAT_FREEBSD32 590 || cmd == CIOCGSESSION232 591#endif 592 ) { 593 /* return hardware/driver id */ 594 SES2(sop)->crid = CRYPTO_SESID2HID(cse->sid); 595 } 596bail: 597 if (error) { 598 if (crie.cri_key) 599 free(crie.cri_key, M_XDATA); 600 if (cria.cri_key) 601 free(cria.cri_key, M_XDATA); 602 } 603#ifdef COMPAT_FREEBSD32 604 else { 605 if (cmd == CIOCGSESSION32) 606 session_op_to_32(sop, data); 607 else if (cmd == CIOCGSESSION232) 608 session2_op_to_32((struct session2_op *)sop, 609 data); 610 } 611#endif 612 break; 613 case CIOCFSESSION: 614 ses = *(u_int32_t *)data; 615 cse = csefind(fcr, ses); 616 if (cse == NULL) { 617 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 618 return (EINVAL); 619 } 620 csedelete(fcr, cse); 621 error = csefree(cse); 622 break; 623 case CIOCCRYPT: 624#ifdef COMPAT_FREEBSD32 625 case CIOCCRYPT32: 626 if (cmd == CIOCCRYPT32) { 627 cop = &copc; 628 crypt_op_from_32(data, cop); 629 } else 630#endif 631 cop = (struct crypt_op *)data; 632 cse = csefind(fcr, cop->ses); 633 if (cse == NULL) { 634 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 635 return (EINVAL); 636 } 637 error = cryptodev_op(cse, cop, active_cred, td); 638#ifdef COMPAT_FREEBSD32 639 if (error == 0 && cmd == CIOCCRYPT32) 640 crypt_op_to_32(cop, data); 641#endif 642 break; 643 case CIOCKEY: 644 case CIOCKEY2: 645#ifdef COMPAT_FREEBSD32 646 case CIOCKEY32: 647 case CIOCKEY232: 648#endif 649 if (!crypto_userasymcrypto) { 650 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 651 return (EPERM); /* XXX compat? */ 652 } 653#ifdef COMPAT_FREEBSD32 654 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { 655 kop = &kopc; 656 crypt_kop_from_32(data, kop); 657 } else 658#endif 659 kop = (struct crypt_kop *)data; 660 if (cmd == CIOCKEY 661#ifdef COMPAT_FREEBSD32 662 || cmd == CIOCKEY32 663#endif 664 ) { 665 /* NB: crypto core enforces s/w driver use */ 666 kop->crk_crid = 667 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; 668 } 669 mtx_lock(&Giant); 670 error = cryptodev_key(kop); 671 mtx_unlock(&Giant); 672#ifdef COMPAT_FREEBSD32 673 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) 674 crypt_kop_to_32(kop, data); 675#endif 676 break; 677 case CIOCASYMFEAT: 678 if (!crypto_userasymcrypto) { 679 /* 680 * NB: if user asym crypto operations are 681 * not permitted return "no algorithms" 682 * so well-behaved applications will just 683 * fallback to doing them in software. 684 */ 685 *(int *)data = 0; 686 } else { 687 error = crypto_getfeat((int *)data); 688 if (error) 689 SDT_PROBE1(opencrypto, dev, ioctl, error, 690 __LINE__); 691 } 692 break; 693 case CIOCFINDDEV: 694 error = cryptodev_find((struct crypt_find_op *)data); 695 break; 696 case CIOCCRYPTAEAD: 697 caead = (struct crypt_aead *)data; 698 cse = csefind(fcr, caead->ses); 699 if (cse == NULL) { 700 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 701 return (EINVAL); 702 } 703 error = cryptodev_aead(cse, caead, active_cred, td); 704 break; 705 default: 706 error = EINVAL; 707 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 708 break; 709 } 710 return (error); 711#undef SES2 712} 713 714static int cryptodev_cb(struct cryptop *); 715 716static struct cryptop_data * 717cod_alloc(struct csession *cse, size_t len, struct thread *td) 718{ 719 struct cryptop_data *cod; 720 struct uio *uio; 721 722 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 723 724 cod->cse = cse; 725 uio = &cod->uio; 726 uio->uio_iov = cod->iovec; 727 uio->uio_iovcnt = 1; 728 uio->uio_resid = len; 729 uio->uio_segflg = UIO_SYSSPACE; 730 uio->uio_rw = UIO_WRITE; 731 uio->uio_td = td; 732 uio->uio_iov[0].iov_len = len; 733 uio->uio_iov[0].iov_base = malloc(len, M_XDATA, M_WAITOK); 734 return (cod); 735} 736 737static void 738cod_free(struct cryptop_data *cod) 739{ 740 741 free(cod->uio.uio_iov[0].iov_base, M_XDATA); 742 free(cod, M_XDATA); 743} 744 745static int 746cryptodev_op( 747 struct csession *cse, 748 struct crypt_op *cop, 749 struct ucred *active_cred, 750 struct thread *td) 751{ 752 struct cryptop_data *cod = NULL; 753 struct cryptop *crp = NULL; 754 struct cryptodesc *crde = NULL, *crda = NULL; 755 int error; 756 757 if (cop->len > 256*1024-4) { 758 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 759 return (E2BIG); 760 } 761 762 if (cse->txform) { 763 if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) { 764 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 765 return (EINVAL); 766 } 767 } 768 769 if (cse->thash) 770 cod = cod_alloc(cse, cop->len + cse->thash->hashsize, td); 771 else 772 cod = cod_alloc(cse, cop->len, td); 773 774 crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); 775 if (crp == NULL) { 776 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 777 error = ENOMEM; 778 goto bail; 779 } 780 781 if (cse->thash && cse->txform) { 782 if (cop->flags & COP_F_CIPHER_FIRST) { 783 crde = crp->crp_desc; 784 crda = crde->crd_next; 785 } else { 786 crda = crp->crp_desc; 787 crde = crda->crd_next; 788 } 789 } else if (cse->thash) { 790 crda = crp->crp_desc; 791 } else if (cse->txform) { 792 crde = crp->crp_desc; 793 } else { 794 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 795 error = EINVAL; 796 goto bail; 797 } 798 799 if ((error = copyin(cop->src, cod->uio.uio_iov[0].iov_base, 800 cop->len))) { 801 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 802 goto bail; 803 } 804 805 if (crda) { 806 crda->crd_skip = 0; 807 crda->crd_len = cop->len; 808 crda->crd_inject = cop->len; 809 810 crda->crd_alg = cse->mac; 811 crda->crd_key = cse->mackey; 812 crda->crd_klen = cse->mackeylen * 8; 813 } 814 815 if (crde) { 816 if (cop->op == COP_ENCRYPT) 817 crde->crd_flags |= CRD_F_ENCRYPT; 818 else 819 crde->crd_flags &= ~CRD_F_ENCRYPT; 820 crde->crd_len = cop->len; 821 crde->crd_inject = 0; 822 823 crde->crd_alg = cse->cipher; 824 crde->crd_key = cse->key; 825 crde->crd_klen = cse->keylen * 8; 826 } 827 828 crp->crp_ilen = cop->len; 829 crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 830 | (cop->flags & COP_F_BATCH); 831 crp->crp_uio = &cod->uio; 832 crp->crp_callback = cryptodev_cb; 833 crp->crp_sid = cse->sid; 834 crp->crp_opaque = cod; 835 836 if (cop->iv) { 837 if (crde == NULL) { 838 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 839 error = EINVAL; 840 goto bail; 841 } 842 if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 843 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 844 error = EINVAL; 845 goto bail; 846 } 847 if ((error = copyin(cop->iv, crde->crd_iv, 848 cse->txform->blocksize))) { 849 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 850 goto bail; 851 } 852 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 853 crde->crd_skip = 0; 854 } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ 855 crde->crd_skip = 0; 856 } else if (crde) { 857 crde->crd_flags |= CRD_F_IV_PRESENT; 858 crde->crd_skip = cse->txform->blocksize; 859 crde->crd_len -= cse->txform->blocksize; 860 } 861 862 if (cop->mac && crda == NULL) { 863 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 864 error = EINVAL; 865 goto bail; 866 } 867 868again: 869 /* 870 * Let the dispatch run unlocked, then, interlock against the 871 * callback before checking if the operation completed and going 872 * to sleep. This insures drivers don't inherit our lock which 873 * results in a lock order reversal between crypto_dispatch forced 874 * entry and the crypto_done callback into us. 875 */ 876 error = crypto_dispatch(crp); 877 if (error != 0) { 878 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 879 goto bail; 880 } 881 882 mtx_lock(&cse->lock); 883 while (!cod->done) 884 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 885 mtx_unlock(&cse->lock); 886 887 if (crp->crp_etype == EAGAIN) { 888 crp->crp_etype = 0; 889 crp->crp_flags &= ~CRYPTO_F_DONE; 890 cod->done = false; 891 goto again; 892 } 893 894 if (crp->crp_etype != 0) { 895 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 896 error = crp->crp_etype; 897 goto bail; 898 } 899 900 if (cop->dst && 901 (error = copyout(cod->uio.uio_iov[0].iov_base, cop->dst, 902 cop->len))) { 903 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 904 goto bail; 905 } 906 907 if (cop->mac && 908 (error = copyout((caddr_t)cod->uio.uio_iov[0].iov_base + cop->len, 909 cop->mac, cse->thash->hashsize))) { 910 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 911 goto bail; 912 } 913 914bail: 915 if (crp) 916 crypto_freereq(crp); 917 if (cod) 918 cod_free(cod); 919 920 return (error); 921} 922 923static int 924cryptodev_aead( 925 struct csession *cse, 926 struct crypt_aead *caead, 927 struct ucred *active_cred, 928 struct thread *td) 929{ 930 struct cryptop_data *cod = NULL; 931 struct cryptop *crp = NULL; 932 struct cryptodesc *crde = NULL, *crda = NULL; 933 int error; 934 935 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 936 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 937 return (E2BIG); 938 } 939 940 if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL || 941 (caead->len % cse->txform->blocksize) != 0) { 942 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 943 return (EINVAL); 944 } 945 946 cod = cod_alloc(cse, caead->aadlen + caead->len + cse->thash->hashsize, 947 td); 948 949 crp = crypto_getreq(2); 950 if (crp == NULL) { 951 error = ENOMEM; 952 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 953 goto bail; 954 } 955 956 if (caead->flags & COP_F_CIPHER_FIRST) { 957 crde = crp->crp_desc; 958 crda = crde->crd_next; 959 } else { 960 crda = crp->crp_desc; 961 crde = crda->crd_next; 962 } 963 964 if ((error = copyin(caead->aad, cod->uio.uio_iov[0].iov_base, 965 caead->aadlen))) { 966 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 967 goto bail; 968 } 969 970 if ((error = copyin(caead->src, (char *)cod->uio.uio_iov[0].iov_base + 971 caead->aadlen, caead->len))) { 972 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 973 goto bail; 974 } 975 976 /* 977 * For GCM, crd_len covers only the AAD. For other ciphers 978 * chained with an HMAC, crd_len covers both the AAD and the 979 * cipher text. 980 */ 981 crda->crd_skip = 0; 982 if (cse->cipher == CRYPTO_AES_NIST_GCM_16) 983 crda->crd_len = caead->aadlen; 984 else 985 crda->crd_len = caead->aadlen + caead->len; 986 crda->crd_inject = caead->aadlen + caead->len; 987 988 crda->crd_alg = cse->mac; 989 crda->crd_key = cse->mackey; 990 crda->crd_klen = cse->mackeylen * 8; 991 992 if (caead->op == COP_ENCRYPT) 993 crde->crd_flags |= CRD_F_ENCRYPT; 994 else 995 crde->crd_flags &= ~CRD_F_ENCRYPT; 996 crde->crd_skip = caead->aadlen; 997 crde->crd_len = caead->len; 998 crde->crd_inject = caead->aadlen; 999 1000 crde->crd_alg = cse->cipher; 1001 crde->crd_key = cse->key; 1002 crde->crd_klen = cse->keylen * 8; 1003 1004 crp->crp_ilen = caead->aadlen + caead->len; 1005 crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM 1006 | (caead->flags & COP_F_BATCH); 1007 crp->crp_uio = &cod->uio; 1008 crp->crp_callback = cryptodev_cb; 1009 crp->crp_sid = cse->sid; 1010 crp->crp_opaque = cod; 1011 1012 if (caead->iv) { 1013 if (caead->ivlen > sizeof(crde->crd_iv)) { 1014 error = EINVAL; 1015 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1016 goto bail; 1017 } 1018 1019 if ((error = copyin(caead->iv, crde->crd_iv, caead->ivlen))) { 1020 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1021 goto bail; 1022 } 1023 crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; 1024 } else { 1025 crde->crd_flags |= CRD_F_IV_PRESENT; 1026 crde->crd_skip += cse->txform->blocksize; 1027 crde->crd_len -= cse->txform->blocksize; 1028 } 1029 1030 if ((error = copyin(caead->tag, (caddr_t)cod->uio.uio_iov[0].iov_base + 1031 caead->len + caead->aadlen, cse->thash->hashsize))) { 1032 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1033 goto bail; 1034 } 1035again: 1036 /* 1037 * Let the dispatch run unlocked, then, interlock against the 1038 * callback before checking if the operation completed and going 1039 * to sleep. This insures drivers don't inherit our lock which 1040 * results in a lock order reversal between crypto_dispatch forced 1041 * entry and the crypto_done callback into us. 1042 */ 1043 error = crypto_dispatch(crp); 1044 if (error != 0) { 1045 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1046 goto bail; 1047 } 1048 1049 mtx_lock(&cse->lock); 1050 while (!cod->done) 1051 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1052 mtx_unlock(&cse->lock); 1053 1054 if (crp->crp_etype == EAGAIN) { 1055 crp->crp_etype = 0; 1056 crp->crp_flags &= ~CRYPTO_F_DONE; 1057 cod->done = false; 1058 goto again; 1059 } 1060 1061 if (crp->crp_etype != 0) { 1062 error = crp->crp_etype; 1063 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1064 goto bail; 1065 } 1066 1067 if (caead->dst && (error = copyout( 1068 (caddr_t)cod->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst, 1069 caead->len))) { 1070 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1071 goto bail; 1072 } 1073 1074 if ((error = copyout((caddr_t)cod->uio.uio_iov[0].iov_base + 1075 caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) { 1076 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1077 goto bail; 1078 } 1079 1080bail: 1081 crypto_freereq(crp); 1082 if (cod) 1083 cod_free(cod); 1084 1085 return (error); 1086} 1087 1088static int 1089cryptodev_cb(struct cryptop *crp) 1090{ 1091 struct cryptop_data *cod = crp->crp_opaque; 1092 1093 /* 1094 * Lock to ensure the wakeup() is not missed by the loops 1095 * waiting on cod->done in cryptodev_op() and 1096 * cryptodev_aead(). 1097 */ 1098 mtx_lock(&cod->cse->lock); 1099 cod->done = true; 1100 mtx_unlock(&cod->cse->lock); 1101 wakeup(cod); 1102 return (0); 1103} 1104 1105static int 1106cryptodevkey_cb(void *op) 1107{ 1108 struct cryptkop *krp = (struct cryptkop *) op; 1109 1110 wakeup_one(krp); 1111 return (0); 1112} 1113 1114static int 1115cryptodev_key(struct crypt_kop *kop) 1116{ 1117 struct cryptkop *krp = NULL; 1118 int error = EINVAL; 1119 int in, out, size, i; 1120 1121 if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { 1122 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1123 return (EFBIG); 1124 } 1125 1126 in = kop->crk_iparams; 1127 out = kop->crk_oparams; 1128 switch (kop->crk_op) { 1129 case CRK_MOD_EXP: 1130 if (in == 3 && out == 1) 1131 break; 1132 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1133 return (EINVAL); 1134 case CRK_MOD_EXP_CRT: 1135 if (in == 6 && out == 1) 1136 break; 1137 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1138 return (EINVAL); 1139 case CRK_DSA_SIGN: 1140 if (in == 5 && out == 2) 1141 break; 1142 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1143 return (EINVAL); 1144 case CRK_DSA_VERIFY: 1145 if (in == 7 && out == 0) 1146 break; 1147 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1148 return (EINVAL); 1149 case CRK_DH_COMPUTE_KEY: 1150 if (in == 3 && out == 1) 1151 break; 1152 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1153 return (EINVAL); 1154 default: 1155 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1156 return (EINVAL); 1157 } 1158 1159 krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); 1160 if (!krp) { 1161 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1162 return (ENOMEM); 1163 } 1164 krp->krp_op = kop->crk_op; 1165 krp->krp_status = kop->crk_status; 1166 krp->krp_iparams = kop->crk_iparams; 1167 krp->krp_oparams = kop->crk_oparams; 1168 krp->krp_crid = kop->crk_crid; 1169 krp->krp_status = 0; 1170 krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; 1171 1172 for (i = 0; i < CRK_MAXPARAM; i++) { 1173 if (kop->crk_param[i].crp_nbits > 65536) { 1174 /* Limit is the same as in OpenBSD */ 1175 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1176 goto fail; 1177 } 1178 krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; 1179 } 1180 for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { 1181 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1182 if (size == 0) 1183 continue; 1184 krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); 1185 if (i >= krp->krp_iparams) 1186 continue; 1187 error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); 1188 if (error) { 1189 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1190 goto fail; 1191 } 1192 } 1193 1194 error = crypto_kdispatch(krp); 1195 if (error) { 1196 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1197 goto fail; 1198 } 1199 error = tsleep(krp, PSOCK, "crydev", 0); 1200 if (error) { 1201 /* XXX can this happen? if so, how do we recover? */ 1202 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1203 goto fail; 1204 } 1205 1206 kop->crk_crid = krp->krp_crid; /* device that did the work */ 1207 if (krp->krp_status != 0) { 1208 error = krp->krp_status; 1209 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1210 goto fail; 1211 } 1212 1213 for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { 1214 size = (krp->krp_param[i].crp_nbits + 7) / 8; 1215 if (size == 0) 1216 continue; 1217 error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); 1218 if (error) { 1219 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1220 goto fail; 1221 } 1222 } 1223 1224fail: 1225 if (krp) { 1226 kop->crk_status = krp->krp_status; 1227 for (i = 0; i < CRK_MAXPARAM; i++) { 1228 if (krp->krp_param[i].crp_p) 1229 free(krp->krp_param[i].crp_p, M_XDATA); 1230 } 1231 free(krp, M_XDATA); 1232 } 1233 return (error); 1234} 1235 1236static int 1237cryptodev_find(struct crypt_find_op *find) 1238{ 1239 device_t dev; 1240 size_t fnlen = sizeof find->name; 1241 1242 if (find->crid != -1) { 1243 dev = crypto_find_device_byhid(find->crid); 1244 if (dev == NULL) 1245 return (ENOENT); 1246 strncpy(find->name, device_get_nameunit(dev), fnlen); 1247 find->name[fnlen - 1] = '\x0'; 1248 } else { 1249 find->name[fnlen - 1] = '\x0'; 1250 find->crid = crypto_find_driver(find->name); 1251 if (find->crid == -1) 1252 return (ENOENT); 1253 } 1254 return (0); 1255} 1256 1257/* ARGSUSED */ 1258static int 1259cryptof_stat( 1260 struct file *fp, 1261 struct stat *sb, 1262 struct ucred *active_cred, 1263 struct thread *td) 1264{ 1265 1266 return (EOPNOTSUPP); 1267} 1268 1269/* ARGSUSED */ 1270static int 1271cryptof_close(struct file *fp, struct thread *td) 1272{ 1273 struct fcrypt *fcr = fp->f_data; 1274 struct csession *cse; 1275 1276 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1277 TAILQ_REMOVE(&fcr->csessions, cse, next); 1278 (void)csefree(cse); 1279 } 1280 free(fcr, M_XDATA); 1281 fp->f_data = NULL; 1282 return 0; 1283} 1284 1285static int 1286cryptof_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) 1287{ 1288 1289 kif->kf_type = KF_TYPE_CRYPTO; 1290 return (0); 1291} 1292 1293static struct csession * 1294csefind(struct fcrypt *fcr, u_int ses) 1295{ 1296 struct csession *cse; 1297 1298 TAILQ_FOREACH(cse, &fcr->csessions, next) 1299 if (cse->ses == ses) 1300 return (cse); 1301 return (NULL); 1302} 1303 1304static int 1305csedelete(struct fcrypt *fcr, struct csession *cse_del) 1306{ 1307 struct csession *cse; 1308 1309 TAILQ_FOREACH(cse, &fcr->csessions, next) { 1310 if (cse == cse_del) { 1311 TAILQ_REMOVE(&fcr->csessions, cse, next); 1312 return (1); 1313 } 1314 } 1315 return (0); 1316} 1317 1318static struct csession * 1319cseadd(struct fcrypt *fcr, struct csession *cse) 1320{ 1321 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 1322 cse->ses = fcr->sesn++; 1323 return (cse); 1324} 1325 1326struct csession * 1327csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, 1328 caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, 1329 struct enc_xform *txform, struct auth_hash *thash) 1330{ 1331 struct csession *cse; 1332 1333 cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT | M_ZERO); 1334 if (cse == NULL) 1335 return NULL; 1336 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 1337 cse->key = key; 1338 cse->keylen = keylen/8; 1339 cse->mackey = mackey; 1340 cse->mackeylen = mackeylen/8; 1341 cse->sid = sid; 1342 cse->cipher = cipher; 1343 cse->mac = mac; 1344 cse->txform = txform; 1345 cse->thash = thash; 1346 cseadd(fcr, cse); 1347 return (cse); 1348} 1349 1350static int 1351csefree(struct csession *cse) 1352{ 1353 int error; 1354 1355 error = crypto_freesession(cse->sid); 1356 mtx_destroy(&cse->lock); 1357 if (cse->key) 1358 free(cse->key, M_XDATA); 1359 if (cse->mackey) 1360 free(cse->mackey, M_XDATA); 1361 free(cse, M_XDATA); 1362 return (error); 1363} 1364 1365static int 1366cryptoopen(struct cdev *dev, int oflags, int devtype, struct thread *td) 1367{ 1368 return (0); 1369} 1370 1371static int 1372cryptoread(struct cdev *dev, struct uio *uio, int ioflag) 1373{ 1374 return (EIO); 1375} 1376 1377static int 1378cryptowrite(struct cdev *dev, struct uio *uio, int ioflag) 1379{ 1380 return (EIO); 1381} 1382 1383static int 1384cryptoioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) 1385{ 1386 struct file *f; 1387 struct fcrypt *fcr; 1388 int fd, error; 1389 1390 switch (cmd) { 1391 case CRIOGET: 1392 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK); 1393 TAILQ_INIT(&fcr->csessions); 1394 fcr->sesn = 0; 1395 1396 error = falloc(td, &f, &fd, 0); 1397 1398 if (error) { 1399 free(fcr, M_XDATA); 1400 return (error); 1401 } 1402 /* falloc automatically provides an extra reference to 'f'. */ 1403 finit(f, FREAD | FWRITE, DTYPE_CRYPTO, fcr, &cryptofops); 1404 *(u_int32_t *)data = fd; 1405 fdrop(f, td); 1406 break; 1407 case CRIOFINDDEV: 1408 error = cryptodev_find((struct crypt_find_op *)data); 1409 break; 1410 case CRIOASYMFEAT: 1411 error = crypto_getfeat((int *)data); 1412 break; 1413 default: 1414 error = EINVAL; 1415 break; 1416 } 1417 return (error); 1418} 1419 1420static struct cdevsw crypto_cdevsw = { 1421 .d_version = D_VERSION, 1422 .d_flags = D_NEEDGIANT, 1423 .d_open = cryptoopen, 1424 .d_read = cryptoread, 1425 .d_write = cryptowrite, 1426 .d_ioctl = cryptoioctl, 1427 .d_name = "crypto", 1428}; 1429static struct cdev *crypto_dev; 1430 1431/* 1432 * Initialization code, both for static and dynamic loading. 1433 */ 1434static int 1435cryptodev_modevent(module_t mod, int type, void *unused) 1436{ 1437 switch (type) { 1438 case MOD_LOAD: 1439 if (bootverbose) 1440 printf("crypto: <crypto device>\n"); 1441 crypto_dev = make_dev(&crypto_cdevsw, 0, 1442 UID_ROOT, GID_WHEEL, 0666, 1443 "crypto"); 1444 return 0; 1445 case MOD_UNLOAD: 1446 /*XXX disallow if active sessions */ 1447 destroy_dev(crypto_dev); 1448 return 0; 1449 } 1450 return EINVAL; 1451} 1452 1453static moduledata_t cryptodev_mod = { 1454 "cryptodev", 1455 cryptodev_modevent, 1456 0 1457}; 1458MODULE_VERSION(cryptodev, 1); 1459DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1460MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1461MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1462