+++ /dev/null
-From 501988587567b996c9c4a14239f575e77ed27791 Mon Sep 17 00:00:00 2001
-From: Pankaj Gupta <pankaj.gupta@nxp.com>
-Date: Fri, 20 Sep 2019 12:18:16 +0530
-Subject: [PATCH 1/2] eng_devcrypto: add support for TLS algorithms offload
-
- - aes-128-cbc-hmac-sha1
- - aes-256-cbc-hmac-sha1
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
----
- crypto/engine/eng_devcrypto.c | 265 +++++++++++++++++++++++++++++-----
- 1 file changed, 231 insertions(+), 34 deletions(-)
-
-diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
-index 49e9ce1af3..727a660e75 100644
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -60,6 +60,9 @@ struct cipher_ctx {
- struct session_op sess;
- int op; /* COP_ENCRYPT or COP_DECRYPT */
- unsigned long mode; /* EVP_CIPH_*_MODE */
-+ unsigned char *aad;
-+ unsigned int aad_len;
-+ unsigned int len;
-
- /* to handle ctr mode being a stream cipher */
- unsigned char partial[EVP_MAX_BLOCK_LENGTH];
-@@ -73,49 +76,62 @@ static const struct cipher_data_st {
- int ivlen;
- int flags;
- int devcryptoid;
-+ int mackeylen;
- } cipher_data[] = {
- #ifndef OPENSSL_NO_DES
-- { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC },
-- { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC },
-+ { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC, 0 },
-+ { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC, 0 },
- #endif
- #ifndef OPENSSL_NO_BF
-- { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC },
-+ { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC, 0 },
- #endif
- #ifndef OPENSSL_NO_CAST
-- { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC },
-+ { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC, 0 },
- #endif
-- { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
-- { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
-- { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
-+ { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC, 0 },
-+ { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC, 0 },
-+ { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC, 0 },
-+ { NID_aes_128_cbc_hmac_sha1, 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, 20 },
-+ { NID_aes_256_cbc_hmac_sha1, 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, 20 },
- #ifndef OPENSSL_NO_RC4
-- { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
-+ { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4, 0 },
- #endif
- #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
-- { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
-- { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
-- { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
-+ { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR, 0 },
-+ { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR, 0 },
-+ { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR, 0 },
- #endif
- #if 0 /* Not yet supported */
-- { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
-- { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
-+ { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS,
-+ 0 },
-+ { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS,
-+ 0 },
- #endif
- #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
-- { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-- { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-- { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB, 0 },
-+ { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB, 0 },
-+ { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB, 0 },
- #endif
- #if 0 /* Not yet supported */
-- { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
-- { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
-- { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
-+ { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM, 0 },
-+ { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM, 0 },
-+ { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM, 0 },
-+#endif
-+#ifdef OPENSSL_NXP_CAAM
-+ { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM, 0 },
-+ { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM, 0 },
- #endif
- #ifndef OPENSSL_NO_CAMELLIA
- { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE,
-- CRYPTO_CAMELLIA_CBC },
-+ CRYPTO_CAMELLIA_CBC, 0 },
- { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE,
-- CRYPTO_CAMELLIA_CBC },
-+ CRYPTO_CAMELLIA_CBC, 0 },
- { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE,
-- CRYPTO_CAMELLIA_CBC },
-+ CRYPTO_CAMELLIA_CBC, 0 },
- #endif
- };
-
-@@ -141,6 +157,158 @@ static const struct cipher_data_st *get_cipher_data(int nid)
- return &cipher_data[get_cipher_data_index(nid)];
- }
-
-+/*
-+ * Save the encryption key provided by upper layers. This function is called
-+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
-+ * much here because the mac key is not available. The next call should/will
-+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
-+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
-+ * with both the crypto and hmac keys.
-+ */
-+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-+ const unsigned char *key, const unsigned char *iv, int enc)
-+{
-+ struct cipher_ctx *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ struct session_op *sess = &state->sess;
-+ int cipher = -1, i;
-+
-+ for (i = 0; cipher_data[i].devcryptoid; i++) {
-+ if (EVP_CIPHER_CTX_nid(ctx) == cipher_data[i].nid &&
-+ EVP_CIPHER_CTX_iv_length(ctx) <= cipher_data[i].ivlen &&
-+ EVP_CIPHER_CTX_key_length(ctx) == cipher_data[i].keylen) {
-+ cipher = cipher_data[i].devcryptoid;
-+ break;
-+ }
-+ }
-+
-+ if (!cipher_data[i].devcryptoid)
-+ return (0);
-+
-+ memset(sess, 0, sizeof(*sess));
-+
-+ sess->key = (void *) key;
-+ sess->keylen = EVP_CIPHER_CTX_key_length(ctx);
-+ sess->cipher = cipher;
-+
-+ /* for whatever reason, (1) means success */
-+ return 1;
-+}
-+
-+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t len)
-+{
-+ struct crypt_auth_op cryp;
-+ struct cipher_ctx *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ struct session_op *sess = &state->sess;
-+ const void *iiv;
-+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
-+
-+ if (cfd < 0)
-+ return (0);
-+ if (!len)
-+ return (1);
-+ if ((len % EVP_CIPHER_CTX_block_size(ctx)) != 0)
-+ return (0);
-+
-+ memset(&cryp, 0, sizeof(cryp));
-+
-+ /* TODO: make a seamless integration with cryptodev flags */
-+ switch (EVP_CIPHER_CTX_nid(ctx)) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
-+ }
-+ cryp.ses = sess->ses;
-+ cryp.len = state->len;
-+ cryp.src = (void *) in;
-+ cryp.dst = (void *) out;
-+ cryp.auth_src = state->aad;
-+ cryp.auth_len = state->aad_len;
-+
-+ cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
-+
-+ if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-+ cryp.iv = (void *) EVP_CIPHER_CTX_iv(ctx);
-+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-+ iiv = in + len - EVP_CIPHER_CTX_iv_length(ctx);
-+ memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
-+ }
-+ } else
-+ cryp.iv = NULL;
-+
-+ if (ioctl(cfd, CIOCAUTHCRYPT, &cryp) == -1) {
-+ /*
-+ * XXX need better errror handling this can fail for a number of
-+ * different reasons.
-+ */
-+ return 0;
-+ }
-+
-+ if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-+ if (EVP_CIPHER_CTX_encrypting(ctx))
-+ iiv = out + len - EVP_CIPHER_CTX_iv_length(ctx);
-+ else
-+ iiv = save_iv;
-+
-+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv,
-+ EVP_CIPHER_CTX_iv_length(ctx));
-+ }
-+ return 1;
-+}
-+
-+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
-+ int arg, void *ptr)
-+{
-+ switch (type) {
-+ case EVP_CTRL_AEAD_SET_MAC_KEY:
-+ {
-+ /* TODO: what happens with hmac keys larger than 64 bytes? */
-+ struct cipher_ctx *state =
-+ EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ struct session_op *sess = &state->sess;
-+
-+ /* the rest should have been set in cryptodev_init_aead_key */
-+ sess->mackey = ptr;
-+ sess->mackeylen = arg;
-+ if (ioctl(cfd, CIOCGSESSION, sess) == -1)
-+ return 0;
-+
-+ return 1;
-+ }
-+ case EVP_CTRL_AEAD_TLS1_AAD:
-+ {
-+ /* ptr points to the associated data buffer of 13 bytes */
-+ struct cipher_ctx *state =
-+ EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ unsigned char *p = ptr;
-+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-+ unsigned int maclen, padlen;
-+ unsigned int bs = EVP_CIPHER_CTX_block_size(ctx);
-+
-+ state->aad = ptr;
-+ state->aad_len = arg;
-+ state->len = cryptlen;
-+
-+ /* TODO: this should be an extension of EVP_CIPHER struct */
-+ switch (EVP_CIPHER_CTX_nid(ctx)) {
-+ case NID_aes_128_cbc_hmac_sha1:
-+ case NID_aes_256_cbc_hmac_sha1:
-+ maclen = SHA_DIGEST_LENGTH;
-+ }
-+
-+ /* space required for encryption (not only TLS padding) */
-+ padlen = maclen;
-+ if (EVP_CIPHER_CTX_encrypting(ctx)) {
-+ cryptlen += maclen;
-+ padlen += bs - (cryptlen % bs);
-+ }
-+ return padlen;
-+ }
-+ default:
-+ return -1;
-+ }
-+}
-+
- /*
- * Following are the three necessary functions to map OpenSSL functionality
- * with cryptodev.
-@@ -165,6 +333,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
- cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
- cipher_ctx->blocksize = cipher_d->blocksize;
-+
- if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
-@@ -180,6 +349,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- struct crypt_op cryp;
- unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
-+
- #if !defined(COP_FLAG_WRITE_IV)
- unsigned char saved_iv[EVP_MAX_IV_LENGTH];
- const unsigned char *ivptr;
-@@ -340,32 +510,59 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
- static int known_cipher_nids[OSSL_NELEM(cipher_data)];
- static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
- static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
-+int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
-
- static void prepare_cipher_methods(void)
- {
- size_t i;
- struct session_op sess;
- unsigned long cipher_mode;
-+ unsigned long flags;
-
- memset(&sess, 0, sizeof(sess));
- sess.key = (void *)"01234567890123456789012345678901234567890123456789";
-+ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
-
- for (i = 0, known_cipher_nids_amount = 0;
- i < OSSL_NELEM(cipher_data); i++) {
-
-+ init = cipher_init;
-+ ctrl = cipher_ctrl;
-+ flags = cipher_data[i].flags
-+ | EVP_CIPH_CUSTOM_COPY
-+ | EVP_CIPH_CTRL_INIT
-+ | EVP_CIPH_FLAG_DEFAULT_ASN1;
-+
- /*
- * Check that the algo is really availably by trying to open and close
- * a session.
- */
- sess.cipher = cipher_data[i].devcryptoid;
- sess.keylen = cipher_data[i].keylen;
-+ sess.mackeylen = cipher_data[i].mackeylen;
-+
-+ cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
-+
-+ do_cipher = (cipher_mode == EVP_CIPH_CTR_MODE ?
-+ ctr_do_cipher :
-+ cipher_do_cipher);
-+ if (cipher_data[i].nid == NID_aes_128_cbc_hmac_sha1
-+ || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha1) {
-+ init = cryptodev_init_aead_key;
-+ do_cipher = cryptodev_aead_cipher;
-+ ctrl = cryptodev_cbc_hmac_sha1_ctrl;
-+ flags = cipher_data[i].flags;
-+ }
-+
- if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
- continue;
-
-- cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
--
-- if ((known_cipher_methods[i] =
-+ if ((known_cipher_methods[i] =
- EVP_CIPHER_meth_new(cipher_data[i].nid,
- cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
- cipher_data[i].blocksize,
-@@ -373,16 +570,12 @@ static void prepare_cipher_methods(void)
- || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
- cipher_data[i].ivlen)
- || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
-- cipher_data[i].flags
-- | EVP_CIPH_CUSTOM_COPY
-- | EVP_CIPH_CTRL_INIT
-- | EVP_CIPH_FLAG_DEFAULT_ASN1)
-- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
-+ flags)
-+ || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-- cipher_mode == EVP_CIPH_CTR_MODE ?
-- ctr_do_cipher :
-- cipher_do_cipher)
-- || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
-+ do_cipher)
-+ /* AEAD Support to be added. */
-+ || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], ctrl)
- || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
- cipher_cleanup)
- || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
-@@ -393,6 +586,10 @@ static void prepare_cipher_methods(void)
- known_cipher_nids[known_cipher_nids_amount++] =
- cipher_data[i].nid;
- }
-+
-+ if (cipher_data[i].nid == NID_aes_128_cbc_hmac_sha1
-+ || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha1)
-+ EVP_add_cipher(known_cipher_methods[i]);
- }
- }
-
---
-2.17.1
-
+++ /dev/null
-From db9d8be9d0d81bdb2ddb78f8616243593a3d24c5 Mon Sep 17 00:00:00 2001
-From: Pankaj Gupta <pankaj.gupta@nxp.com>
-Date: Fri, 10 Jan 2020 15:38:38 +0530
-Subject: [PATCH 2/2] eng_devcrypto: add support for TLS1.2 algorithms offload
-
- - aes-128-cbc-hmac-sha256
- - aes-256-cbc-hmac-sha256
-
-Enabled the support of TLS1.1 algorithms offload
-
- - aes-128-cbc-hmac-sha1
- - aes-256-cbc-hmac-sha1
-
-Requires TLS patches on cryptodev and TLS algorithm support in Linux
-kernel driver.
-
-Fix: Remove the support for TLS1.0.
-
-Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
-Signed-off-by: Arun Pathak <arun.pathak@nxp.com>
----
- crypto/engine/eng_devcrypto.c | 133 +++++++++++++++++++++++-----------
- 1 file changed, 90 insertions(+), 43 deletions(-)
-
-diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
-index 727a660e75..be63f65e04 100644
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -25,6 +25,7 @@
- #include "crypto/engine.h"
-
- /* #define ENGINE_DEVCRYPTO_DEBUG */
-+#define TLS1_1_VERSION 0x0302
-
- #if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX
- # define CHECK_BSD_STYLE_MACROS
-@@ -67,6 +68,7 @@ struct cipher_ctx {
- /* to handle ctr mode being a stream cipher */
- unsigned char partial[EVP_MAX_BLOCK_LENGTH];
- unsigned int blocksize, num;
-+ unsigned int tls_ver;
- };
-
- static const struct cipher_data_st {
-@@ -92,11 +94,17 @@ static const struct cipher_data_st {
- { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC, 0 },
- { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC, 0 },
- { NID_aes_128_cbc_hmac_sha1, 16, 16, 16,
-- EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, 20 },
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, 20 },
- { NID_aes_256_cbc_hmac_sha1, 16, 32, 16,
-- EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, 20 },
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, 20 },
-+ { NID_aes_128_cbc_hmac_sha256, 16, 16, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, 32 },
-+ { NID_aes_256_cbc_hmac_sha256, 16, 32, 16,
-+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
-+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, 32 },
- #ifndef OPENSSL_NO_RC4
- { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4, 0 },
- #endif
-@@ -107,9 +115,9 @@ static const struct cipher_data_st {
- #endif
- #if 0 /* Not yet supported */
- { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS,
-- 0 },
-+ 0 },
- { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS,
-- 0 },
-+ 0 },
- #endif
- #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
- { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB, 0 },
-@@ -166,7 +174,7 @@ static const struct cipher_data_st *get_cipher_data(int nid)
- * with both the crypto and hmac keys.
- */
- static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
-- const unsigned char *key, const unsigned char *iv, int enc)
-+ const unsigned char *key, const unsigned char *iv, int enc)
- {
- struct cipher_ctx *state = EVP_CIPHER_CTX_get_cipher_data(ctx);
- struct session_op *sess = &state->sess;
-@@ -212,10 +220,29 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-
- memset(&cryp, 0, sizeof(cryp));
-
-+ if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-+ iiv = in + len - EVP_CIPHER_CTX_iv_length(ctx);
-+ memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
-+
-+ if (state->tls_ver >= TLS1_1_VERSION) {
-+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in,
-+ EVP_CIPHER_CTX_iv_length(ctx));
-+ in += EVP_CIPHER_CTX_iv_length(ctx);
-+ out += EVP_CIPHER_CTX_iv_length(ctx);
-+ len -= EVP_CIPHER_CTX_iv_length(ctx);
-+ }
-+ }
-+ cryp.iv = (void *) EVP_CIPHER_CTX_iv(ctx);
-+ } else
-+ cryp.iv = NULL;
-+
- /* TODO: make a seamless integration with cryptodev flags */
- switch (EVP_CIPHER_CTX_nid(ctx)) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
-+ case NID_aes_128_cbc_hmac_sha256:
-+ case NID_aes_256_cbc_hmac_sha256:
- cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
- }
- cryp.ses = sess->ses;
-@@ -227,15 +254,6 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-
- cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT;
-
-- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-- cryp.iv = (void *) EVP_CIPHER_CTX_iv(ctx);
-- if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-- iiv = in + len - EVP_CIPHER_CTX_iv_length(ctx);
-- memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx));
-- }
-- } else
-- cryp.iv = NULL;
--
- if (ioctl(cfd, CIOCAUTHCRYPT, &cryp) == -1) {
- /*
- * XXX need better errror handling this can fail for a number of
-@@ -262,7 +280,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- switch (type) {
- case EVP_CTRL_AEAD_SET_MAC_KEY:
- {
-- /* TODO: what happens with hmac keys larger than 64 bytes? */
-+ /* TODO: what happens with hmac keys larger than 64 bytes? */
- struct cipher_ctx *state =
- EVP_CIPHER_CTX_get_cipher_data(ctx);
- struct session_op *sess = &state->sess;
-@@ -282,27 +300,52 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
- EVP_CIPHER_CTX_get_cipher_data(ctx);
- unsigned char *p = ptr;
- unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
-- unsigned int maclen, padlen;
-- unsigned int bs = EVP_CIPHER_CTX_block_size(ctx);
-+ unsigned int maclen;
-+ unsigned int blocksize = EVP_CIPHER_CTX_block_size(ctx);
-+ int ret;
-
-+ state->tls_ver = p[arg - 4] << 8 | p[arg - 3];
- state->aad = ptr;
- state->aad_len = arg;
-- state->len = cryptlen;
-
- /* TODO: this should be an extension of EVP_CIPHER struct */
- switch (EVP_CIPHER_CTX_nid(ctx)) {
- case NID_aes_128_cbc_hmac_sha1:
- case NID_aes_256_cbc_hmac_sha1:
- maclen = SHA_DIGEST_LENGTH;
-+ break;
-+ case NID_aes_128_cbc_hmac_sha256:
-+ case NID_aes_256_cbc_hmac_sha256:
-+ maclen = SHA256_DIGEST_LENGTH;
-+ break;
-+ default:
-+ /*
-+ * Only above 4 supported NIDs are used to enter to this
-+ * function. If any other NID reaches this function,
-+ * there's a grave coding error further down.
-+ */
-+ assert("Code that never should be reached" == NULL);
-+ return -1;
- }
-
- /* space required for encryption (not only TLS padding) */
-- padlen = maclen;
- if (EVP_CIPHER_CTX_encrypting(ctx)) {
-- cryptlen += maclen;
-- padlen += bs - (cryptlen % bs);
-+ if (state->tls_ver >= TLS1_1_VERSION) {
-+ p[arg - 2] = (cryptlen - blocksize) >> 8;
-+ p[arg - 1] = (cryptlen - blocksize);
-+ }
-+ ret = (int)(((cryptlen + maclen +
-+ blocksize) & -blocksize) - cryptlen);
-+ } else {
-+ if (state->tls_ver >= TLS1_1_VERSION) {
-+ cryptlen -= blocksize;
-+ p[arg - 2] = cryptlen >> 8;
-+ p[arg - 1] = cryptlen;
-+ }
-+ ret = maclen;
- }
-- return padlen;
-+ state->len = cryptlen;
-+ return ret;
- }
- default:
- return -1;
-@@ -510,11 +553,11 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
- static int known_cipher_nids[OSSL_NELEM(cipher_data)];
- static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
- static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
--int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
-- const unsigned char *iv, int enc);
--int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
-- const unsigned char *in, size_t inl);
--int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
-+int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc);
-+int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl);
-+int (*ctrl)(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-
- static void prepare_cipher_methods(void)
- {
-@@ -543,26 +586,28 @@ static void prepare_cipher_methods(void)
- */
- sess.cipher = cipher_data[i].devcryptoid;
- sess.keylen = cipher_data[i].keylen;
-- sess.mackeylen = cipher_data[i].mackeylen;
-+ sess.mackeylen = cipher_data[i].mackeylen;
-
- cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
-
-- do_cipher = (cipher_mode == EVP_CIPH_CTR_MODE ?
-+ do_cipher = (cipher_mode == EVP_CIPH_CTR_MODE ?
- ctr_do_cipher :
- cipher_do_cipher);
-- if (cipher_data[i].nid == NID_aes_128_cbc_hmac_sha1
-- || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha1) {
-- init = cryptodev_init_aead_key;
-- do_cipher = cryptodev_aead_cipher;
-- ctrl = cryptodev_cbc_hmac_sha1_ctrl;
-- flags = cipher_data[i].flags;
-- }
-+ if (cipher_data[i].nid == NID_aes_128_cbc_hmac_sha1
-+ || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha1
-+ || cipher_data[i].nid == NID_aes_128_cbc_hmac_sha256
-+ || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha256) {
-+ init = cryptodev_init_aead_key;
-+ do_cipher = cryptodev_aead_cipher;
-+ ctrl = cryptodev_cbc_hmac_sha1_ctrl;
-+ flags = cipher_data[i].flags;
-+ }
-
- if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
- continue;
-
-- if ((known_cipher_methods[i] =
-+ if ((known_cipher_methods[i] =
- EVP_CIPHER_meth_new(cipher_data[i].nid,
- cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
- cipher_data[i].blocksize,
-@@ -574,7 +619,7 @@ static void prepare_cipher_methods(void)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
- do_cipher)
-- /* AEAD Support to be added. */
-+ /* AEAD Support to be added. */
- || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], ctrl)
- || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
- cipher_cleanup)
-@@ -587,9 +632,11 @@ static void prepare_cipher_methods(void)
- cipher_data[i].nid;
- }
-
-- if (cipher_data[i].nid == NID_aes_128_cbc_hmac_sha1
-- || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha1)
-- EVP_add_cipher(known_cipher_methods[i]);
-+ if (cipher_data[i].nid == NID_aes_128_cbc_hmac_sha1
-+ || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha1
-+ || cipher_data[i].nid == NID_aes_128_cbc_hmac_sha256
-+ || cipher_data[i].nid == NID_aes_256_cbc_hmac_sha256)
-+ EVP_add_cipher(known_cipher_methods[i]);
- }
- }
-
---
-2.17.1
-
