summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2003-08-07 16:27:48 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2003-08-07 16:27:48 +0000
commitda30cfc4ec73dd8f4dfdead849b85494783aaffa (patch)
tree49953a882ee843f211d6122d2092abae239f07a9 /lib
parent52b3963176d2d179110459c2db064b8673a5cab9 (diff)
support AES with 192 and 256 bit keys, too.
tested with kern.cryptodevallowsoft=1; ok deraadt@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/src/crypto/engine/hw_cryptodev.c118
1 files changed, 60 insertions, 58 deletions
diff --git a/lib/libssl/src/crypto/engine/hw_cryptodev.c b/lib/libssl/src/crypto/engine/hw_cryptodev.c
index 21a1c523d40..b502d12b6d1 100644
--- a/lib/libssl/src/crypto/engine/hw_cryptodev.c
+++ b/lib/libssl/src/crypto/engine/hw_cryptodev.c
@@ -68,14 +68,19 @@ struct dev_crypto_state {
int d_fd;
};
+struct dev_crypto_cipher {
+ int c_id;
+ int c_nid;
+ int c_ivmax;
+ int c_keylen;
+};
+
static u_int32_t cryptodev_asymfeat = 0;
static int get_asym_dev_crypto(void);
static int open_dev_crypto(void);
static int get_dev_crypto(void);
-static int cryptodev_max_iv(int cipher);
-static int cryptodev_key_length_valid(int cipher, int len);
-static int cipher_nid_to_cryptodev(int nid);
+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
static int get_cryptodev_ciphers(const int **cnids);
static int get_cryptodev_digests(const int **cnids);
static int cryptodev_usable_ciphers(const int **nids);
@@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
{ 0, NULL, NULL, 0 }
};
-static struct {
- int id;
- int nid;
- int ivmax;
- int keylen;
-} ciphers[] = {
+static struct dev_crypto_cipher ciphers[] = {
{ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
{ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
{ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
{ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
{ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
{ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
@@ -200,48 +202,16 @@ get_asym_dev_crypto(void)
return fd;
}
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card.
- */
-static int
-cryptodev_max_iv(int cipher)
-{
- int i;
-
- for (i = 0; ciphers[i].id; i++)
- if (ciphers[i].id == cipher)
- return (ciphers[i].ivmax);
- return (0);
-}
-
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card. For now, fake it out - but most of these
- * for real devices should return 1 for the supported key
- * sizes the device can handle.
- */
-static int
-cryptodev_key_length_valid(int cipher, int len)
-{
- int i;
-
- for (i = 0; ciphers[i].id; i++)
- if (ciphers[i].id == cipher)
- return (ciphers[i].keylen == len);
- return (0);
-}
-
/* convert libcrypto nids to cryptodev */
-static int
+static struct dev_crypto_cipher *
cipher_nid_to_cryptodev(int nid)
{
int i;
- for (i = 0; ciphers[i].id; i++)
- if (ciphers[i].nid == nid)
- return (ciphers[i].id);
- return (0);
+ for (i = 0; ciphers[i].c_id; i++)
+ if (ciphers[i].c_nid == nid)
+ return (&ciphers[i]);
+ return (NULL);
}
/*
@@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids)
memset(&sess, 0, sizeof(sess));
sess.key = (caddr_t)"123456781234567812345678";
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
+ for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (ciphers[i].c_nid == NID_undef)
continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
+ sess.cipher = ciphers[i].c_id;
+ sess.keylen = ciphers[i].c_keylen;
sess.mac = 0;
if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
+ nids[count++] = ciphers[i].c_nid;
}
close(fd);
@@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
{
struct dev_crypto_state *state = ctx->cipher_data;
struct session_op *sess = &state->d_sess;
- int cipher;
+ struct dev_crypto_cipher *cipher;
- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+ if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
return (0);
- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+ if (ctx->cipher->iv_len > cipher->c_ivmax)
return (0);
- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+ if (ctx->key_len != cipher->c_keylen)
return (0);
memset(sess, 0, sizeof(struct session_op));
@@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
sess->key = (unsigned char *)key;
sess->keylen = ctx->key_len;
- sess->cipher = cipher;
+ sess->cipher = cipher->c_id;
if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
close(state->d_fd);
@@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
NULL
};
-const EVP_CIPHER cryptodev_aes_cbc = {
+const EVP_CIPHER cryptodev_aes_128_cbc = {
NID_aes_128_cbc,
16, 16, 16,
EVP_CIPH_CBC_MODE,
@@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
NULL
};
+const EVP_CIPHER cryptodev_aes_192_cbc = {
+ NID_aes_192_cbc,
+ 16, 24, 16,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+const EVP_CIPHER cryptodev_aes_256_cbc = {
+ NID_aes_256_cbc,
+ 16, 32, 16,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
/*
* Registered by the ENGINE when used to find out how to deal with
* a particular NID in the ENGINE. this says what we'll do at the
@@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
*cipher = &cryptodev_cast_cbc;
break;
case NID_aes_128_cbc:
- *cipher = &cryptodev_aes_cbc;
+ *cipher = &cryptodev_aes_128_cbc;
+ break;
+ case NID_aes_192_cbc:
+ *cipher = &cryptodev_aes_192_cbc;
+ break;
+ case NID_aes_256_cbc:
+ *cipher = &cryptodev_aes_256_cbc;
break;
default:
*cipher = NULL;