[meta-freescale.git] /

From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
From: Cristian Stoica <cristian.stoica@freescale.com>
Date: Thu, 29 Aug 2013 16:51:18 +0300
Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload

- aes-128-cbc-hmac-sha1
- aes-256-cbc-hmac-sha1

Requires TLS patches on cryptodev and TLS algorithm support in Linux
kernel driver.

Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Reviewed-on: http://git.am.freescale.net:8181/17223
---
 crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 211 insertions(+), 11 deletions(-)

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 5a715ac..7588a28 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
 struct dev_crypto_state {
        struct session_op d_sess;
        int d_fd;
+       unsigned char *aad;
+       unsigned int aad_len;
+       unsigned int len;
 
 #ifdef USE_CRYPTODEV_DIGESTS
        char dummy_mac_key[HASH_MAX_LEN];
@@ -140,17 +143,20 @@ static struct {
        int     nid;
        int     ivmax;
        int     keylen;
+       int     mackeylen;
 } ciphers[] = {
-       { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
-       { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
-       { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
-       { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
-       { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
-       { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
-       { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
-       { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
-       { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
-       { 0,                            NID_undef,              0,       0, },
+       { CRYPTO_ARC4,          NID_rc4,          0,  16, 0},
+       { CRYPTO_DES_CBC,       NID_des_cbc,      8,  8,  0},
+       { CRYPTO_3DES_CBC,      NID_des_ede3_cbc, 8,  24, 0},
+       { CRYPTO_AES_CBC,       NID_aes_128_cbc,  16, 16, 0},
+       { CRYPTO_AES_CBC,       NID_aes_192_cbc,  16, 24, 0},
+       { CRYPTO_AES_CBC,       NID_aes_256_cbc,  16, 32, 0},
+       { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
+       { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
+       { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+       { 0, NID_undef, 0, 0, 0},
 };
 
 #ifdef USE_CRYPTODEV_DIGESTS
@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
        }
        memset(&sess, 0, sizeof(sess));
        sess.key = (caddr_t)"123456789abcdefghijklmno";
+       sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
 
        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
                if (ciphers[i].nid == NID_undef)
                        continue;
                sess.cipher = ciphers[i].id;
                sess.keylen = ciphers[i].keylen;
-               sess.mac = 0;
+               sess.mackeylen = ciphers[i].mackeylen;
+
                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = ciphers[i].nid;
@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return (1);
 }
 
+
+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+{
+       struct crypt_auth_op cryp;
+       struct dev_crypto_state *state = ctx->cipher_data;
+       struct session_op *sess = &state->d_sess;
+       const void *iiv;
+       unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+       if (state->d_fd < 0)
+               return (0);
+       if (!len)
+               return (1);
+       if ((len % ctx->cipher->block_size) != 0)
+               return (0);
+
+       memset(&cryp, 0, sizeof(cryp));
+
+       /* TODO: make a seamless integration with cryptodev flags */
+       switch (ctx->cipher->nid) {
+       case NID_aes_128_cbc_hmac_sha1:
+       case NID_aes_256_cbc_hmac_sha1:
+               cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+       }
+       cryp.ses = sess->ses;
+       cryp.len = state->len;
+       cryp.src = (caddr_t) in;
+       cryp.dst = (caddr_t) out;
+       cryp.auth_src = state->aad;
+       cryp.auth_len = state->aad_len;
+
+       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+       if (ctx->cipher->iv_len) {
+               cryp.iv = (caddr_t) ctx->iv;
+               if (!ctx->encrypt) {
+                       iiv = in + len - ctx->cipher->iv_len;
+                       memcpy(save_iv, iiv, ctx->cipher->iv_len);
+               }
+       } else
+               cryp.iv = NULL;
+
+       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
+               /* XXX need better errror handling
+                * this can fail for a number of different reasons.
+                */
+               return (0);
+       }
+
+       if (ctx->cipher->iv_len) {
+               if (ctx->encrypt)
+                       iiv = out + len - ctx->cipher->iv_len;
+               else
+                       iiv = save_iv;
+               memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+       }
+       return (1);
+}
+
+
 static int
 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        return (1);
 }
 
+/* Save the encryption key provided by upper layers.
+ *
+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
+ * extra data. We can't do much here because the mac key is not available.
+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
+ * with both the crypto and hmac keys.
+ */
+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
+               const unsigned char *key, const unsigned char *iv, int enc)
+{
+       struct dev_crypto_state *state = ctx->cipher_data;
+       struct session_op *sess = &state->d_sess;
+       int cipher = -1, i;
+
+       for (i = 0; ciphers[i].id; i++)
+               if (ctx->cipher->nid == ciphers[i].nid &&
+                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
+                   ctx->key_len == ciphers[i].keylen) {
+                       cipher = ciphers[i].id;
+                       break;
+               }
+
+       if (!ciphers[i].id) {
+               state->d_fd = -1;
+               return (0);
+       }
+
+       memset(sess, 0, sizeof(struct session_op));
+
+       sess->key = (caddr_t)key;
+       sess->keylen = ctx->key_len;
+       sess->cipher = cipher;
+
+       /* for whatever reason, (1) means success */
+       return (1);
+}
+
+
 /*
  * free anything we allocated earlier when initting a
  * session, and close the session.
@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        return (ret);
 }
 
+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+               void *ptr)
+{
+       switch (type) {
+       case EVP_CTRL_AEAD_SET_MAC_KEY:
+       {
+               /* TODO: what happens with hmac keys larger than 64 bytes? */
+               struct dev_crypto_state *state = ctx->cipher_data;
+               struct session_op *sess = &state->d_sess;
+
+               if ((state->d_fd = get_dev_crypto()) < 0)
+                       return (0);
+
+               /* the rest should have been set in cryptodev_init_aead_key */
+               sess->mackey = ptr;
+               sess->mackeylen = arg;
+
+               if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                       put_dev_crypto(state->d_fd);
+                       state->d_fd = -1;
+                       return (0);
+               }
+               return (1);
+       }
+       case EVP_CTRL_AEAD_TLS1_AAD:
+       {
+               /* ptr points to the associated data buffer of 13 bytes */
+               struct dev_crypto_state *state = ctx->cipher_data;
+               unsigned char *p = ptr;
+               unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+               unsigned int maclen, padlen;
+               unsigned int bs = ctx->cipher->block_size;
+
+               state->aad = ptr;
+               state->aad_len = arg;
+               state->len = cryptlen;
+
+               /* TODO: this should be an extension of EVP_CIPHER struct */
+               switch (ctx->cipher->nid) {
+               case NID_aes_128_cbc_hmac_sha1:
+               case NID_aes_256_cbc_hmac_sha1:
+                       maclen = SHA_DIGEST_LENGTH;
+               }
+
+               /* space required for encryption (not only TLS padding) */
+               padlen = maclen;
+               if (ctx->encrypt) {
+                       cryptlen += maclen;
+                       padlen += bs - (cryptlen % bs);
+               }
+               return padlen;
+       }
+       default:
+               return -1;
+       }
+}
+
 /*
  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
  * gets called when libcrypto requests a cipher NID.
@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
        NULL
 };
 
+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+       NID_aes_128_cbc_hmac_sha1,
+       16, 16, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+       NID_aes_256_cbc_hmac_sha1,
+       16, 32, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
 /*
  * Registered by the ENGINE when used to find out how to deal with
  * a particular NID in the ENGINE. this says what we'll do at the
@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
        case NID_aes_256_cbc:
                *cipher = &cryptodev_aes_256_cbc;
                break;
+       case NID_aes_128_cbc_hmac_sha1:
+               *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
+               break;
+       case NID_aes_256_cbc_hmac_sha1:
+               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+               break;
        default:
                *cipher = NULL;
                break;
@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
        }
        put_dev_crypto(fd);
 
+       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
        if (!ENGINE_set_id(engine, "cryptodev") ||
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-- 
1.8.3.1