lib/libtcplay/crypto-dev.c

*86d7f5d3SJohn Marino/*
*86d7f5d3SJohn Marino * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
*86d7f5d3SJohn Marino * All rights reserved.
*86d7f5d3SJohn Marino *
*86d7f5d3SJohn Marino * Redistribution and use in source and binary forms, with or without
*86d7f5d3SJohn Marino * modification, are permitted provided that the following conditions
*86d7f5d3SJohn Marino * are met:
*86d7f5d3SJohn Marino *
*86d7f5d3SJohn Marino * 1. Redistributions of source code must retain the above copyright
*86d7f5d3SJohn Marino *    notice, this list of conditions and the following disclaimer.
*86d7f5d3SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright
*86d7f5d3SJohn Marino *    notice, this list of conditions and the following disclaimer in
*86d7f5d3SJohn Marino *    the documentation and/or other materials provided with the
*86d7f5d3SJohn Marino *    distribution.
*86d7f5d3SJohn Marino *
*86d7f5d3SJohn Marino * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
*86d7f5d3SJohn Marino * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
*86d7f5d3SJohn Marino * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*86d7f5d3SJohn Marino * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
*86d7f5d3SJohn Marino * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
*86d7f5d3SJohn Marino * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
*86d7f5d3SJohn Marino * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
*86d7f5d3SJohn Marino * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
*86d7f5d3SJohn Marino * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
*86d7f5d3SJohn Marino * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
*86d7f5d3SJohn Marino * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
*86d7f5d3SJohn Marino * SUCH DAMAGE.
*86d7f5d3SJohn Marino */
*86d7f5d3SJohn Marino#include <sys/types.h>
*86d7f5d3SJohn Marino#include <sys/param.h>
*86d7f5d3SJohn Marino#include <sys/ioctl.h>
*86d7f5d3SJohn Marino#include <sys/sysctl.h>
*86d7f5d3SJohn Marino#include <crypto/cryptodev.h>
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino#include <fcntl.h>
*86d7f5d3SJohn Marino#include <unistd.h>
*86d7f5d3SJohn Marino#include <errno.h>
*86d7f5d3SJohn Marino#include <string.h>
*86d7f5d3SJohn Marino#include <stdio.h>
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino#include "tcplay.h"
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marinostatic
*86d7f5d3SJohn Marinoint
*86d7f5d3SJohn Marinogetallowsoft(void)
*86d7f5d3SJohn Marino{
*86d7f5d3SJohn Marino	int old;
*86d7f5d3SJohn Marino	size_t olen;
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	olen = sizeof(old);
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	if (sysctlbyname("kern.cryptodevallowsoft", &old, &olen, NULL, 0) < 0) {
*86d7f5d3SJohn Marino		perror("accessing sysctl kern.cryptodevallowsoft failed");
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	return old;
*86d7f5d3SJohn Marino}
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marinostatic
*86d7f5d3SJohn Marinovoid
*86d7f5d3SJohn Marinosetallowsoft(int new)
*86d7f5d3SJohn Marino{
*86d7f5d3SJohn Marino	int old;
*86d7f5d3SJohn Marino	size_t olen, nlen;
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	olen = nlen = sizeof(new);
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	if (sysctlbyname("kern.cryptodevallowsoft", &old, &olen, &new, nlen) < 0) {
*86d7f5d3SJohn Marino		perror("accessing sysctl kern.cryptodevallowsoft failed");
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino}
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marinostatic
*86d7f5d3SJohn Marinoint
*86d7f5d3SJohn Marinoget_cryptodev_cipher_id(struct tc_crypto_algo *cipher)
*86d7f5d3SJohn Marino{
*86d7f5d3SJohn Marino	if	(strcmp(cipher->name, "AES-128-XTS") == 0)
*86d7f5d3SJohn Marino		return CRYPTO_AES_XTS;
*86d7f5d3SJohn Marino	else if (strcmp(cipher->name, "AES-256-XTS") == 0)
*86d7f5d3SJohn Marino		return CRYPTO_AES_XTS;
*86d7f5d3SJohn Marino	else if (strcmp(cipher->name, "TWOFISH-128-XTS") == 0)
*86d7f5d3SJohn Marino		return CRYPTO_TWOFISH_XTS;
*86d7f5d3SJohn Marino	else if (strcmp(cipher->name, "TWOFISH-256-XTS") == 0)
*86d7f5d3SJohn Marino		return CRYPTO_TWOFISH_XTS;
*86d7f5d3SJohn Marino	else if (strcmp(cipher->name, "SERPENT-128-XTS") == 0)
*86d7f5d3SJohn Marino		return CRYPTO_SERPENT_XTS;
*86d7f5d3SJohn Marino	else if (strcmp(cipher->name, "SERPENT-256-XTS") == 0)
*86d7f5d3SJohn Marino		return CRYPTO_SERPENT_XTS;
*86d7f5d3SJohn Marino	else
*86d7f5d3SJohn Marino		return -1;
*86d7f5d3SJohn Marino}
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marinoint
*86d7f5d3SJohn Marinosyscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen, unsigned char *iv,
*86d7f5d3SJohn Marino    unsigned char *in, unsigned char *out, size_t len, int do_encrypt)
*86d7f5d3SJohn Marino{
*86d7f5d3SJohn Marino	struct session_op session;
*86d7f5d3SJohn Marino	struct crypt_op cryp;
*86d7f5d3SJohn Marino	int cipher_id;
*86d7f5d3SJohn Marino	int cryptodev_fd = -1, fd = -1;
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	cipher_id = get_cryptodev_cipher_id(cipher);
*86d7f5d3SJohn Marino	if (cipher_id < 0) {
*86d7f5d3SJohn Marino		tc_log(1, "Cipher %s not found\n",
*86d7f5d3SJohn Marino		    cipher->name);
*86d7f5d3SJohn Marino		return ENOENT;
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
*86d7f5d3SJohn Marino		perror("Could not open /dev/crypto");
*86d7f5d3SJohn Marino		goto err;
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino	if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
*86d7f5d3SJohn Marino		perror("CRIOGET failed");
*86d7f5d3SJohn Marino		goto err;
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino	memset(&session, 0, sizeof(session));
*86d7f5d3SJohn Marino	session.cipher = cipher_id;
*86d7f5d3SJohn Marino	session.key = (caddr_t) key;
*86d7f5d3SJohn Marino	session.keylen = klen;
*86d7f5d3SJohn Marino	if (ioctl(fd, CIOCGSESSION, &session) == -1) {
*86d7f5d3SJohn Marino		perror("CIOCGSESSION failed");
*86d7f5d3SJohn Marino		goto err;
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino	memset(&cryp, 0, sizeof(cryp));
*86d7f5d3SJohn Marino	cryp.ses = session.ses;
*86d7f5d3SJohn Marino	cryp.op = do_encrypt ? COP_ENCRYPT : COP_DECRYPT;
*86d7f5d3SJohn Marino	cryp.flags = 0;
*86d7f5d3SJohn Marino	cryp.len = len;
*86d7f5d3SJohn Marino	cryp.src = (caddr_t) in;
*86d7f5d3SJohn Marino	cryp.dst = (caddr_t) out;
*86d7f5d3SJohn Marino	cryp.iv = (caddr_t) iv;
*86d7f5d3SJohn Marino	cryp.mac = 0;
*86d7f5d3SJohn Marino	if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
*86d7f5d3SJohn Marino		perror("CIOCCRYPT failed");
*86d7f5d3SJohn Marino		goto err;
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino	if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) {
*86d7f5d3SJohn Marino		perror("CIOCFSESSION failed");
*86d7f5d3SJohn Marino		goto err;
*86d7f5d3SJohn Marino	}
*86d7f5d3SJohn Marino	close(fd);
*86d7f5d3SJohn Marino	close(cryptodev_fd);
*86d7f5d3SJohn Marino	return (0);
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marinoerr:
*86d7f5d3SJohn Marino	if (fd != -1)
*86d7f5d3SJohn Marino		close(fd);
*86d7f5d3SJohn Marino	if (cryptodev_fd != -1)
*86d7f5d3SJohn Marino		close(cryptodev_fd);
*86d7f5d3SJohn Marino	return (-1);
*86d7f5d3SJohn Marino}
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marinoint
*86d7f5d3SJohn Marinotc_crypto_init(void)
*86d7f5d3SJohn Marino{
*86d7f5d3SJohn Marino	int allowed;
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	allowed = getallowsoft();
*86d7f5d3SJohn Marino	if (allowed == 0)
*86d7f5d3SJohn Marino		setallowsoft(1);
*86d7f5d3SJohn Marino
*86d7f5d3SJohn Marino	return 0;
*86d7f5d3SJohn Marino}
*86d7f5d3SJohn Marino