1 From 1a8886909afc7e4c9e8539644c815baee8ee4816 Mon Sep 17 00:00:00 2001
2 From: Cristian Stoica <cristian.stoica@freescale.com>
3 Date: Thu, 29 Aug 2013 16:51:18 +0300
4 Subject: [PATCH][fsl 03/15] add support for TLS algorithms offload
6 Upstream-status: Pending
8 Requires TLS patches on cryptodev and TLS algorithm support in Linux
11 Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
13 crypto/engine/eng_cryptodev.c | 204 ++++++++++++++++++++++++++++++++++++++---
14 1 file changed, 193 insertions(+), 11 deletions(-)
16 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
17 index 5a715ac..123613d 100644
18 --- a/crypto/engine/eng_cryptodev.c
19 +++ b/crypto/engine/eng_cryptodev.c
20 @@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
21 struct dev_crypto_state {
22 struct session_op d_sess;
25 + unsigned int aad_len;
28 #ifdef USE_CRYPTODEV_DIGESTS
29 char dummy_mac_key[HASH_MAX_LEN];
30 @@ -140,17 +143,19 @@ static struct {
36 - { CRYPTO_ARC4, NID_rc4, 0, 16, },
37 - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
38 - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
39 - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
40 - { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
41 - { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
42 - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
43 - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
44 - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
45 - { 0, NID_undef, 0, 0, },
46 + { CRYPTO_ARC4, NID_rc4, 0, 16, 0},
47 + { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0},
48 + { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0},
49 + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0},
50 + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0},
51 + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0},
52 + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
53 + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
54 + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
55 + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
56 + { 0, NID_undef, 0, 0, 0},
59 #ifdef USE_CRYPTODEV_DIGESTS
60 @@ -250,13 +255,15 @@ get_cryptodev_ciphers(const int **cnids)
62 memset(&sess, 0, sizeof(sess));
63 sess.key = (caddr_t)"123456789abcdefghijklmno";
64 + sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
66 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
67 if (ciphers[i].nid == NID_undef)
69 sess.cipher = ciphers[i].id;
70 sess.keylen = ciphers[i].keylen;
72 + sess.mackeylen = ciphers[i].mackeylen;
74 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
75 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
76 nids[count++] = ciphers[i].nid;
77 @@ -414,6 +421,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
82 +static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
83 + const unsigned char *in, size_t len)
85 + struct crypt_auth_op cryp;
86 + struct dev_crypto_state *state = ctx->cipher_data;
87 + struct session_op *sess = &state->d_sess;
89 + unsigned char save_iv[EVP_MAX_IV_LENGTH];
91 + if (state->d_fd < 0)
95 + if ((len % ctx->cipher->block_size) != 0)
98 + memset(&cryp, 0, sizeof(cryp));
100 + /* TODO: make a seamless integration with cryptodev flags */
101 + switch (ctx->cipher->nid) {
102 + case NID_aes_128_cbc_hmac_sha1:
103 + cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
105 + cryp.ses = sess->ses;
106 + cryp.len = state->len;
107 + cryp.dst_len = len;
108 + cryp.src = (caddr_t) in;
109 + cryp.dst = (caddr_t) out;
110 + cryp.auth_src = state->aad;
111 + cryp.auth_len = state->aad_len;
113 + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
115 + if (ctx->cipher->iv_len) {
116 + cryp.iv = (caddr_t) ctx->iv;
117 + if (!ctx->encrypt) {
118 + iiv = in + len - ctx->cipher->iv_len;
119 + memcpy(save_iv, iiv, ctx->cipher->iv_len);
124 + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
125 + /* XXX need better errror handling
126 + * this can fail for a number of different reasons.
131 + if (ctx->cipher->iv_len) {
133 + iiv = out + len - ctx->cipher->iv_len;
136 + memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
143 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
144 const unsigned char *iv, int enc)
145 @@ -452,6 +520,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
149 +/* Save the encryption key provided by upper layers.
151 + * This function is called by EVP_CipherInit_ex to initialize the algorithm's
152 + * extra data. We can't do much here because the mac key is not available.
153 + * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
154 + * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
155 + * with both the crypto and hmac keys.
157 +static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
158 + const unsigned char *key, const unsigned char *iv, int enc)
160 + struct dev_crypto_state *state = ctx->cipher_data;
161 + struct session_op *sess = &state->d_sess;
162 + int cipher = -1, i;
164 + for (i = 0; ciphers[i].id; i++)
165 + if (ctx->cipher->nid == ciphers[i].nid &&
166 + ctx->cipher->iv_len <= ciphers[i].ivmax &&
167 + ctx->key_len == ciphers[i].keylen) {
168 + cipher = ciphers[i].id;
172 + if (!ciphers[i].id) {
177 + memset(sess, 0, sizeof(struct session_op));
179 + sess->key = (caddr_t)key;
180 + sess->keylen = ctx->key_len;
181 + sess->cipher = cipher;
183 + /* for whatever reason, (1) means success */
189 * free anything we allocated earlier when initting a
190 * session, and close the session.
191 @@ -488,6 +595,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
195 +static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
199 + case EVP_CTRL_AEAD_SET_MAC_KEY:
201 + /* TODO: what happens with hmac keys larger than 64 bytes? */
202 + struct dev_crypto_state *state = ctx->cipher_data;
203 + struct session_op *sess = &state->d_sess;
205 + if ((state->d_fd = get_dev_crypto()) < 0)
208 + /* the rest should have been set in cryptodev_init_aead_key */
209 + sess->mackey = ptr;
210 + sess->mackeylen = arg;
212 + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
213 + put_dev_crypto(state->d_fd);
219 + case EVP_CTRL_AEAD_TLS1_AAD:
221 + /* ptr points to the associated data buffer of 13 bytes */
222 + struct dev_crypto_state *state = ctx->cipher_data;
223 + unsigned char *p = ptr;
224 + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
225 + unsigned int maclen, padlen;
226 + unsigned int bs = ctx->cipher->block_size;
230 + state->aad_len = arg;
231 + state->len = cryptlen;
233 + /* TODO: this should be an extension of EVP_CIPHER struct */
234 + switch (ctx->cipher->nid) {
235 + case NID_aes_128_cbc_hmac_sha1:
236 + maclen = SHA_DIGEST_LENGTH;
239 + /* space required for encryption (not only TLS padding) */
241 + if (ctx->encrypt) {
242 + cryptlen += maclen;
243 + padlen += bs - (cryptlen % bs);
253 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
254 * gets called when libcrypto requests a cipher NID.
255 @@ -600,6 +764,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
259 +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
260 + NID_aes_128_cbc_hmac_sha1,
262 + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
263 + cryptodev_init_aead_key,
264 + cryptodev_aead_cipher,
266 + sizeof(struct dev_crypto_state),
267 + EVP_CIPHER_set_asn1_iv,
268 + EVP_CIPHER_get_asn1_iv,
269 + cryptodev_cbc_hmac_sha1_ctrl,
274 * Registered by the ENGINE when used to find out how to deal with
275 * a particular NID in the ENGINE. this says what we'll do at the
276 @@ -637,6 +815,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
277 case NID_aes_256_cbc:
278 *cipher = &cryptodev_aes_256_cbc;
280 + case NID_aes_128_cbc_hmac_sha1:
281 + *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
286 @@ -1384,6 +1565,7 @@ ENGINE_load_cryptodev(void)
290 + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
291 if (!ENGINE_set_id(engine, "cryptodev") ||
292 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
293 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
