From fd82b77d2fac177511baed153b22daa38563f8c1 Mon Sep 17 00:00:00 2001 From: mikeb Date: Wed, 20 Aug 2014 06:23:03 +0000 Subject: [PATCH] Bye bye /dev/crypto The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all. ok deraadt --- sys/conf/files | 3 +- sys/crypto/crypto.c | 127 +------ sys/crypto/cryptodev.c | 760 ----------------------------------------- sys/crypto/cryptodev.h | 66 +--- sys/kern/kern_sysctl.c | 17 +- sys/sys/conf.h | 10 +- sys/sys/sysctl.h | 14 +- 7 files changed, 12 insertions(+), 985 deletions(-) diff --git a/sys/conf/files b/sys/conf/files index 3941639281a..4c19a1d36ff 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $OpenBSD: files,v 1.575 2014/07/13 15:32:28 miod Exp $ +# $OpenBSD: files,v 1.576 2014/08/20 06:23:03 mikeb Exp $ # $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -872,7 +872,6 @@ file crypto/ecb_enc.c (inet & ipsec) | crypto file crypto/set_key.c (inet & ipsec) | crypto file crypto/ecb3_enc.c (inet & ipsec) | crypto file crypto/crypto.c (inet & ipsec) | crypto -file crypto/cryptodev.c ((inet & ipsec) | crypto) needs-flag file crypto/criov.c (inet & ipsec) | crypto file crypto/cryptosoft.c (inet & ipsec) | crypto file crypto/xform.c (inet & ipsec) | crypto diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c index f62752d278b..beac7c13d00 100644 --- a/sys/crypto/crypto.c +++ b/sys/crypto/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.65 2014/07/13 23:24:47 deraadt Exp $ */ +/* $OpenBSD: crypto.c,v 1.66 2014/08/20 06:23:03 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -282,35 +282,6 @@ crypto_get_driverid(u_int8_t flags) * supported by the driver. */ int -crypto_kregister(u_int32_t driverid, int *kalg, - int (*kprocess)(struct cryptkop *)) -{ - int s, i; - - if (driverid >= crypto_drivers_num || kalg == NULL || - crypto_drivers == NULL) - return EINVAL; - - s = splvm(); - - for (i = 0; i <= CRK_ALGORITHM_MAX; i++) { - /* - * XXX Do some performance testing to determine - * placing. We probably need an auxiliary data - * structure that describes relative performances. - */ - - crypto_drivers[driverid].cc_kalg[i] = kalg[i]; - } - - crypto_drivers[driverid].cc_kprocess = kprocess; - - splx(s); - return 0; -} - -/* Register a crypto driver. */ -int crypto_register(u_int32_t driverid, int *alg, int (*newses)(u_int32_t *, struct cryptoini *), int (*freeses)(u_int64_t), int (*process)(struct cryptop *)) @@ -412,67 +383,6 @@ crypto_dispatch(struct cryptop *crp) return 0; } -int -crypto_kdispatch(struct cryptkop *krp) -{ - if (crypto_taskq) { - task_set(&krp->krp_task, (void (*))crypto_kinvoke, krp, NULL); - task_add(crypto_taskq, &krp->krp_task); - } else { - crypto_kinvoke(krp); - } - - return 0; -} - -/* - * Dispatch an asymmetric crypto request to the appropriate crypto devices. - */ -int -crypto_kinvoke(struct cryptkop *krp) -{ - extern int cryptodevallowsoft; - u_int32_t hid; - int error; - int s; - - /* Sanity checks. */ - if (krp == NULL || krp->krp_callback == NULL) - return (EINVAL); - - s = splvm(); - for (hid = 0; hid < crypto_drivers_num; hid++) { - if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) && - cryptodevallowsoft == 0) - continue; - if (crypto_drivers[hid].cc_kprocess == NULL) - continue; - if ((crypto_drivers[hid].cc_kalg[krp->krp_op] & - CRYPTO_ALG_FLAG_SUPPORTED) == 0) - continue; - break; - } - - if (hid == crypto_drivers_num) { - krp->krp_status = ENODEV; - crypto_kdone(krp); - splx(s); - return (0); - } - - krp->krp_hid = hid; - - crypto_drivers[hid].cc_koperations++; - - error = crypto_drivers[hid].cc_kprocess(krp); - if (error) { - krp->krp_status = error; - crypto_kdone(krp); - } - splx(s); - return (0); -} - /* * Dispatch a crypto request to the appropriate crypto devices. */ @@ -626,38 +536,3 @@ crypto_done(struct cryptop *crp) task_add(crypto_taskq, &crp->crp_task); } } - -/* - * Invoke the callback on behalf of the driver. - */ -void -crypto_kdone(struct cryptkop *krp) -{ - task_set(&krp->krp_task, (void (*))krp->krp_callback, krp, NULL); - task_add(crypto_taskq, &krp->krp_task); -} - -int -crypto_getfeat(int *featp) -{ - extern int cryptodevallowsoft, userasymcrypto; - int hid, kalg, feat = 0; - - if (userasymcrypto == 0) - goto out; - for (hid = 0; hid < crypto_drivers_num; hid++) { - if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) && - cryptodevallowsoft == 0) { - continue; - } - if (crypto_drivers[hid].cc_kprocess == NULL) - continue; - for (kalg = 0; kalg <= CRK_ALGORITHM_MAX; kalg++) - if ((crypto_drivers[hid].cc_kalg[kalg] & - CRYPTO_ALG_FLAG_SUPPORTED) != 0) - feat |= 1 << kalg; - } -out: - *featp = feat; - return (0); -} diff --git a/sys/crypto/cryptodev.c b/sys/crypto/cryptodev.c index b704aac2123..e69de29bb2d 100644 --- a/sys/crypto/cryptodev.c +++ b/sys/crypto/cryptodev.c @@ -1,760 +0,0 @@ -/* $OpenBSD: cryptodev.c,v 1.82 2014/08/18 05:11:03 dlg Exp $ */ - -/* - * Copyright (c) 2001 Theo de Raadt - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Effort sponsored in part by the Defense Advanced Research Projects - * Agency (DARPA) and Air Force Research Laboratory, Air Force - * Materiel Command, USAF, under agreement number F30602-01-2-0537. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -extern struct cryptocap *crypto_drivers; -extern int crypto_drivers_num; - -struct csession { - TAILQ_ENTRY(csession) next; - u_int64_t sid; - u_int32_t ses; - - u_int32_t cipher; - struct enc_xform *txform; - u_int32_t mac; - struct auth_hash *thash; - - caddr_t key; - int keylen; - u_char tmp_iv[EALG_MAX_BLOCK_LEN]; - - caddr_t mackey; - int mackeylen; - u_char tmp_mac[CRYPTO_MAX_MAC_LEN]; - - struct iovec iovec[IOV_MAX]; - struct uio uio; - int error; -}; - -struct fcrypt { - TAILQ_HEAD(csessionlist, csession) csessions; - int sesn; -}; - -void cryptoattach(int); - -int cryptof_read(struct file *, off_t *, struct uio *, struct ucred *); -int cryptof_write(struct file *, off_t *, struct uio *, struct ucred *); -int cryptof_ioctl(struct file *, u_long, caddr_t, struct proc *p); -int cryptof_poll(struct file *, int, struct proc *); -int cryptof_kqfilter(struct file *, struct knote *); -int cryptof_stat(struct file *, struct stat *, struct proc *); -int cryptof_close(struct file *, struct proc *); - -static struct fileops cryptofops = { - cryptof_read, - cryptof_write, - cryptof_ioctl, - cryptof_poll, - cryptof_kqfilter, - cryptof_stat, - cryptof_close -}; - -struct csession *csefind(struct fcrypt *, u_int); -int csedelete(struct fcrypt *, struct csession *); -struct csession *cseadd(struct fcrypt *, struct csession *); -struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t, - caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, - struct auth_hash *); -int csefree(struct csession *); - -int cryptodev_op(struct csession *, struct crypt_op *, struct proc *); -int cryptodev_key(struct crypt_kop *); -int cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]); - -int cryptodev_cb(struct cryptop *); -int cryptodevkey_cb(struct cryptkop *); - -int usercrypto = 0; /* userland may do crypto requests */ -int userasymcrypto = 0; /* userland may do asymmetric crypto reqs */ -int cryptodevallowsoft = 0; /* only use hardware crypto */ - -/* ARGSUSED */ -int -cryptof_read(struct file *fp, off_t *poff, struct uio *uio, struct ucred *cred) -{ - return (EIO); -} - -/* ARGSUSED */ -int -cryptof_write(struct file *fp, off_t *poff, struct uio *uio, struct ucred *cred) -{ - return (EIO); -} - -/* ARGSUSED */ -int -cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) -{ - struct cryptoini cria, crie; - struct fcrypt *fcr = fp->f_data; - struct csession *cse; - struct session_op *sop; - struct crypt_op *cop; - struct enc_xform *txform = NULL; - struct auth_hash *thash = NULL; - u_int64_t sid; - u_int32_t ses; - int error = 0; - - switch (cmd) { - case CIOCGSESSION: - sop = (struct session_op *)data; - switch (sop->cipher) { - case 0: - break; - case CRYPTO_DES_CBC: - txform = &enc_xform_des; - break; - case CRYPTO_3DES_CBC: - txform = &enc_xform_3des; - break; - case CRYPTO_BLF_CBC: - txform = &enc_xform_blf; - break; - case CRYPTO_CAST_CBC: - txform = &enc_xform_cast5; - break; - case CRYPTO_AES_CBC: - txform = &enc_xform_rijndael128; - break; - case CRYPTO_AES_CTR: - txform = &enc_xform_aes_ctr; - break; - case CRYPTO_AES_XTS: - txform = &enc_xform_aes_xts; - break; - case CRYPTO_ARC4: - txform = &enc_xform_arc4; - break; - case CRYPTO_NULL: - txform = &enc_xform_null; - break; - default: - return (EINVAL); - } - - switch (sop->mac) { - case 0: - break; -#if 0 - case CRYPTO_MD5_HMAC: - thash = &auth_hash_hmac_md5_96; - break; - case CRYPTO_SHA1_HMAC: - thash = &auth_hash_hmac_sha1_96; - break; - case CRYPTO_RIPEMD160_HMAC: - thash = &auth_hash_hmac_ripemd_160_96; - break; - case CRYPTO_MD5: - thash = &auth_hash_md5; - break; - case CRYPTO_SHA1: - thash = &auth_hash_sha1; - break; -#endif - default: - return (EINVAL); - } - - bzero(&crie, sizeof(crie)); - bzero(&cria, sizeof(cria)); - - if (txform) { - crie.cri_alg = txform->type; - crie.cri_klen = sop->keylen * 8; - if (sop->keylen > txform->maxkey || - sop->keylen < txform->minkey) { - error = EINVAL; - goto bail; - } - - crie.cri_key = malloc(crie.cri_klen / 8, M_XDATA, - M_WAITOK); - if ((error = copyin(sop->key, crie.cri_key, - crie.cri_klen / 8))) - goto bail; - if (thash) - crie.cri_next = &cria; - } - - if (thash) { - cria.cri_alg = thash->type; - cria.cri_klen = sop->mackeylen * 8; - if (sop->mackeylen != thash->keysize) { - error = EINVAL; - goto bail; - } - - if (cria.cri_klen) { - cria.cri_key = malloc(cria.cri_klen / 8, - M_XDATA, M_WAITOK); - if ((error = copyin(sop->mackey, cria.cri_key, - cria.cri_klen / 8))) - goto bail; - } - } - - error = crypto_newsession(&sid, (txform ? &crie : &cria), - !cryptodevallowsoft); - - if (error) - goto bail; - - cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, - cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, - thash); - - if (cse == NULL) { - crypto_freesession(sid); - error = EINVAL; - goto bail; - } - sop->ses = cse->ses; - -bail: - if (error) { - if (crie.cri_key) { - explicit_bzero(crie.cri_key, crie.cri_klen / 8); - free(crie.cri_key, M_XDATA, 0); - } - if (cria.cri_key) { - explicit_bzero(cria.cri_key, cria.cri_klen / 8); - free(cria.cri_key, M_XDATA, 0); - } - } - break; - case CIOCFSESSION: - ses = *(u_int32_t *)data; - cse = csefind(fcr, ses); - if (cse == NULL) - return (EINVAL); - csedelete(fcr, cse); - error = csefree(cse); - break; - case CIOCCRYPT: - cop = (struct crypt_op *)data; - cse = csefind(fcr, cop->ses); - if (cse == NULL) - return (EINVAL); - error = cryptodev_op(cse, cop, p); - break; - case CIOCKEY: - error = cryptodev_key((struct crypt_kop *)data); - break; - case CIOCASYMFEAT: - error = crypto_getfeat((int *)data); - break; - default: - error = EINVAL; - } - return (error); -} - -int -cryptodev_op(struct csession *cse, struct crypt_op *cop, struct proc *p) -{ - struct cryptop *crp = NULL; - struct cryptodesc *crde = NULL, *crda = NULL; - int s, error; - u_int32_t hid; - - if (cop->len > 64*1024-4) - return (E2BIG); - - if (cse->txform) { - if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) - return (EINVAL); - } - - bzero(&cse->uio, sizeof(cse->uio)); - cse->uio.uio_iovcnt = 1; - cse->uio.uio_segflg = UIO_SYSSPACE; - cse->uio.uio_rw = UIO_WRITE; - cse->uio.uio_procp = p; - cse->uio.uio_iov = cse->iovec; - bzero(&cse->iovec, sizeof(cse->iovec)); - cse->uio.uio_iov[0].iov_len = cop->len; - cse->uio.uio_iov[0].iov_base = dma_alloc(cop->len, M_WAITOK); - cse->uio.uio_resid = cse->uio.uio_iov[0].iov_len; - - /* number of requests, not logical and */ - crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL)); - if (crp == NULL) { - error = ENOMEM; - goto bail; - } - - if (cse->thash) { - crda = crp->crp_desc; - if (cse->txform) - crde = crda->crd_next; - } else { - if (cse->txform) - crde = crp->crp_desc; - else { - error = EINVAL; - goto bail; - } - } - - if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len))) - goto bail; - - if (crda) { - crda->crd_skip = 0; - crda->crd_len = cop->len; - crda->crd_inject = 0; /* ??? */ - - crda->crd_alg = cse->mac; - crda->crd_key = cse->mackey; - crda->crd_klen = cse->mackeylen * 8; - } - - if (crde) { - if (cop->op == COP_ENCRYPT) - crde->crd_flags |= CRD_F_ENCRYPT; - else - crde->crd_flags &= ~CRD_F_ENCRYPT; - crde->crd_len = cop->len; - crde->crd_inject = 0; - - crde->crd_alg = cse->cipher; - crde->crd_key = cse->key; - crde->crd_klen = cse->keylen * 8; - } - - crp->crp_ilen = cop->len; - crp->crp_buf = (caddr_t)&cse->uio; - crp->crp_callback = cryptodev_cb; - crp->crp_sid = cse->sid; - crp->crp_opaque = cse; - - if (cop->iv) { - if (crde == NULL) { - error = EINVAL; - goto bail; - } - if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ - error = EINVAL; - goto bail; - } - if ((error = copyin(cop->iv, cse->tmp_iv, cse->txform->blocksize))) - goto bail; - bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize); - crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; - crde->crd_skip = 0; - } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ - crde->crd_skip = 0; - } else if (crde) { - crde->crd_flags |= CRD_F_IV_PRESENT; - crde->crd_skip = cse->txform->blocksize; - crde->crd_len -= cse->txform->blocksize; - } - - if (cop->mac) { - if (crda == NULL) { - error = EINVAL; - goto bail; - } - crp->crp_mac = cse->tmp_mac; - } - - /* try the fast path first */ - crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_NOQUEUE; - hid = (crp->crp_sid >> 32) & 0xffffffff; - if (hid >= crypto_drivers_num) - goto dispatch; - if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) - goto dispatch; - if (crypto_drivers[hid].cc_process == NULL) - goto dispatch; - error = crypto_drivers[hid].cc_process(crp); - if (error) { - /* clear error */ - crp->crp_etype = 0; - goto dispatch; - } - goto processed; - dispatch: - crp->crp_flags = CRYPTO_F_IOV; - crypto_dispatch(crp); - processed: - s = splnet(); - while (!(crp->crp_flags & CRYPTO_F_DONE)) { - error = tsleep(cse, PSOCK, "crydev", 0); - } - splx(s); - if (error) { - /* XXX can this happen? if so, how do we recover? */ - goto bail; - } - - if (cse->error) { - error = cse->error; - goto bail; - } - if (crp->crp_etype != 0) { - error = crp->crp_etype; - goto bail; - } - - - if (cop->dst && - (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len))) - goto bail; - - if (cop->mac && - (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) - goto bail; - -bail: - if (crp) - crypto_freereq(crp); - if (cse->uio.uio_iov[0].iov_base) - dma_free(cse->uio.uio_iov[0].iov_base, cop->len); - - return (error); -} - -int -cryptodev_cb(struct cryptop *crp) -{ - struct csession *cse = crp->crp_opaque; - - cse->error = crp->crp_etype; - if (crp->crp_etype == EAGAIN) { - crp->crp_flags = CRYPTO_F_IOV; - return crypto_dispatch(crp); - } - wakeup(cse); - return (0); -} - -int -cryptodevkey_cb(struct cryptkop *krp) -{ - - wakeup(krp); - return (0); -} - -int -cryptodev_key(struct crypt_kop *kop) -{ - struct cryptkop *krp = NULL; - int error = EINVAL; - int in, out, size, i; - - if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { - return (EFBIG); - } - - in = kop->crk_iparams; - out = kop->crk_oparams; - switch (kop->crk_op) { - case CRK_MOD_EXP: - if (in == 3 && out == 1) - break; - return (EINVAL); - case CRK_MOD_EXP_CRT: - if (in == 6 && out == 1) - break; - return (EINVAL); - case CRK_DSA_SIGN: - if (in == 5 && out == 2) - break; - return (EINVAL); - case CRK_DSA_VERIFY: - if (in == 7 && out == 0) - break; - return (EINVAL); - case CRK_DH_COMPUTE_KEY: - if (in == 3 && out == 1) - break; - return (EINVAL); - default: - return (EINVAL); - } - - krp = malloc(sizeof *krp, M_XDATA, M_WAITOK | M_ZERO); - krp->krp_op = kop->crk_op; - krp->krp_status = kop->crk_status; - krp->krp_iparams = kop->crk_iparams; - krp->krp_oparams = kop->crk_oparams; - krp->krp_status = 0; - krp->krp_callback = cryptodevkey_cb; - - for (i = 0; i < CRK_MAXPARAM; i++) { - krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; - if (kop->crk_param[i].crp_nbits > 65536) { - /* XXX how big do we need to support? */ - goto fail; - } - } - for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { - size = (krp->krp_param[i].crp_nbits + 7) / 8; - if (size == 0) - continue; - krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK); - if (i >= krp->krp_iparams) - continue; - error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); - if (error) - goto fail; - } - - error = crypto_kdispatch(krp); - if (error) - goto fail; - error = tsleep(krp, PSOCK, "crydev", 0); - if (error) { - /* XXX can this happen? if so, how do we recover? */ - goto fail; - } - - if (krp->krp_status != 0) { - error = krp->krp_status; - goto fail; - } - - for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { - size = (krp->krp_param[i].crp_nbits + 7) / 8; - if (size == 0) - continue; - error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); - if (error) - goto fail; - } - -fail: - if (krp) { - kop->crk_status = krp->krp_status; - for (i = 0; i < CRK_MAXPARAM; i++) { - if (krp->krp_param[i].crp_p) { - explicit_bzero(krp->krp_param[i].crp_p, - (krp->krp_param[i].crp_nbits + 7) / 8); - free(krp->krp_param[i].crp_p, M_XDATA, 0); - } - } - free(krp, M_XDATA, 0); - } - return (error); -} - -/* ARGSUSED */ -int -cryptof_poll(struct file *fp, int events, struct proc *p) -{ - return (0); -} - -/* ARGSUSED */ -int -cryptof_kqfilter(struct file *fp, struct knote *kn) -{ - return (0); -} - -/* ARGSUSED */ -int -cryptof_stat(struct file *fp, struct stat *sb, struct proc *p) -{ - return (EOPNOTSUPP); -} - -/* ARGSUSED */ -int -cryptof_close(struct file *fp, struct proc *p) -{ - struct fcrypt *fcr = fp->f_data; - struct csession *cse; - - while ((cse = TAILQ_FIRST(&fcr->csessions))) { - TAILQ_REMOVE(&fcr->csessions, cse, next); - (void)csefree(cse); - } - free(fcr, M_XDATA, 0); - fp->f_data = NULL; - return 0; -} - -void -cryptoattach(int n) -{ -} - -int -cryptoopen(dev_t dev, int flag, int mode, struct proc *p) -{ - if (usercrypto == 0) - return (ENXIO); -#ifdef CRYPTO - return (0); -#else - return (ENXIO); -#endif -} - -int -cryptoclose(dev_t dev, int flag, int mode, struct proc *p) -{ - return (0); -} - -int -cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) -{ - struct file *f; - struct fcrypt *fcr; - int fd, error; - - switch (cmd) { - case CRIOGET: - fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK); - TAILQ_INIT(&fcr->csessions); - fcr->sesn = 0; - - fdplock(p->p_fd); - error = falloc(p, &f, &fd); - fdpunlock(p->p_fd); - if (error) { - free(fcr, M_XDATA, 0); - return (error); - } - f->f_flag = FREAD | FWRITE; - f->f_type = DTYPE_CRYPTO; - f->f_ops = &cryptofops; - f->f_data = fcr; - *(u_int32_t *)data = fd; - FILE_SET_MATURE(f, p); - break; - default: - error = EINVAL; - break; - } - return (error); -} - -struct csession * -csefind(struct fcrypt *fcr, u_int ses) -{ - struct csession *cse; - - TAILQ_FOREACH(cse, &fcr->csessions, next) - if (cse->ses == ses) - return (cse); - return (NULL); -} - -int -csedelete(struct fcrypt *fcr, struct csession *cse_del) -{ - struct csession *cse; - - TAILQ_FOREACH(cse, &fcr->csessions, next) { - if (cse == cse_del) { - TAILQ_REMOVE(&fcr->csessions, cse, next); - return (1); - } - } - return (0); -} - -struct csession * -cseadd(struct fcrypt *fcr, struct csession *cse) -{ - TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); - cse->ses = fcr->sesn++; - return (cse); -} - -struct csession * -csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, - caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, - struct enc_xform *txform, struct auth_hash *thash) -{ - struct csession *cse; - - cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT); - if (cse == NULL) - return NULL; - cse->key = key; - cse->keylen = keylen/8; - cse->mackey = mackey; - cse->mackeylen = mackeylen/8; - cse->sid = sid; - cse->cipher = cipher; - cse->mac = mac; - cse->txform = txform; - cse->thash = thash; - cseadd(fcr, cse); - return (cse); -} - -int -csefree(struct csession *cse) -{ - int error; - - error = crypto_freesession(cse->sid); - if (cse->key) - free(cse->key, M_XDATA, 0); - if (cse->mackey) - free(cse->mackey, M_XDATA, 0); - free(cse, M_XDATA, 0); - return (error); -} diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h index 69911e7e0e1..be6a8b2aebc 100644 --- a/sys/crypto/cryptodev.h +++ b/sys/crypto/cryptodev.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.59 2014/08/20 06:23:03 mikeb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -200,47 +200,6 @@ struct cryptop { #define CRYPTO_OP_DECRYPT 0x0 #define CRYPTO_OP_ENCRYPT 0x1 -/* bignum parameter, in packed bytes, ... */ -struct crparam { - caddr_t crp_p; - u_int crp_nbits; -}; - -#define CRK_MAXPARAM 8 - -struct crypt_kop { - u_int crk_op; /* ie. CRK_MOD_EXP or other */ - u_int crk_status; /* return status */ - u_short crk_iparams; /* # of input parameters */ - u_short crk_oparams; /* # of output parameters */ - u_int crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -}; -#define CRK_MOD_EXP 0 -#define CRK_MOD_EXP_CRT 1 -#define CRK_DSA_SIGN 2 -#define CRK_DSA_VERIFY 3 -#define CRK_DH_COMPUTE_KEY 4 -#define CRK_ALGORITHM_MAX 4 /* Keep updated */ - -#define CRF_MOD_EXP (1 << CRK_MOD_EXP) -#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) -#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) -#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) - -struct cryptkop { - struct task krp_task; - - u_int krp_op; /* ie. CRK_MOD_EXP or other */ - u_int krp_status; /* return status */ - u_short krp_iparams; /* # of input parameters */ - u_short krp_oparams; /* # of output parameters */ - u_int32_t krp_hid; - struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ - int (*krp_callback)(struct cryptkop *); -}; - /* Crypto capabilities structure */ struct cryptocap { u_int64_t cc_operations; /* Counter of how many ops done */ @@ -252,9 +211,6 @@ struct cryptocap { /* Symmetric/hash algorithms supported */ int cc_alg[CRYPTO_ALGORITHM_MAX + 1]; - /* Asymmetric algorithms supported */ - int cc_kalg[CRK_ALGORITHM_MAX + 1]; - int cc_queued; /* Operations queued */ u_int8_t cc_flags; @@ -266,7 +222,6 @@ struct cryptocap { int (*cc_newsession) (u_int32_t *, struct cryptoini *); int (*cc_process) (struct cryptop *); int (*cc_freesession) (u_int64_t); - int (*cc_kprocess) (struct cryptkop *); }; /* @@ -302,36 +257,17 @@ struct crypt_op { #define CRYPTO_MAX_MAC_LEN 20 -/* - * done against open of /dev/crypto, to get a cloned descriptor. - * Please use F_SETFD against the cloned descriptor. - */ -#define CRIOGET _IOWR('c', 100, u_int32_t) - -/* the following are done against the cloned descriptor */ -#define CIOCGSESSION _IOWR('c', 101, struct session_op) -#define CIOCFSESSION _IOW('c', 102, u_int32_t) -#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) -#define CIOCKEY _IOWR('c', 104, struct crypt_kop) - -#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) - #ifdef _KERNEL int crypto_newsession(u_int64_t *, struct cryptoini *, int); int crypto_freesession(u_int64_t); int crypto_dispatch(struct cryptop *); -int crypto_kdispatch(struct cryptkop *); int crypto_register(u_int32_t, int *, int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t), int (*)(struct cryptop *)); -int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *)); int crypto_unregister(u_int32_t, int); int32_t crypto_get_driverid(u_int8_t); int crypto_invoke(struct cryptop *); -int crypto_kinvoke(struct cryptkop *); void crypto_done(struct cryptop *); -void crypto_kdone(struct cryptkop *); -int crypto_getfeat(int *); void cuio_copydata(struct uio *, int, int, caddr_t); void cuio_copyback(struct uio *, int, int, const void *); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index d0cd8afbabd..8d77365808d 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.261 2014/08/18 05:11:03 dlg Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.262 2014/08/20 06:23:03 mikeb Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -268,11 +268,6 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, extern int usermount, nosuidcoredump; extern long cp_time[CPUSTATES]; extern int stackgap_random; -#ifdef CRYPTO - extern int usercrypto; - extern int userasymcrypto; - extern int cryptodevallowsoft; -#endif extern int maxlocksperuid; extern int pool_debug; @@ -518,16 +513,6 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, #if defined(SYSVMSG) || defined(SYSVSEM) || defined(SYSVSHM) case KERN_SYSVIPC_INFO: return (sysctl_sysvipc(name + 1, namelen - 1, oldp, oldlenp)); -#endif -#ifdef CRYPTO - case KERN_USERCRYPTO: - return (sysctl_int(oldp, oldlenp, newp, newlen, &usercrypto)); - case KERN_USERASYMCRYPTO: - return (sysctl_int(oldp, oldlenp, newp, newlen, - &userasymcrypto)); - case KERN_CRYPTODEVALLOWSOFT: - return (sysctl_int(oldp, oldlenp, newp, newlen, - &cryptodevallowsoft)); #endif case KERN_SPLASSERT: return (sysctl_int(oldp, oldlenp, newp, newlen, diff --git a/sys/sys/conf.h b/sys/sys/conf.h index 661a8093995..1880888b406 100644 --- a/sys/sys/conf.h +++ b/sys/sys/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.127 2014/03/14 23:42:41 kettenis Exp $ */ +/* $OpenBSD: conf.h,v 1.128 2014/08/20 06:23:03 mikeb Exp $ */ /* $NetBSD: conf.h,v 1.33 1996/05/03 20:03:32 christos Exp $ */ /*- @@ -247,12 +247,6 @@ extern struct cdevsw cdevsw[]; (dev_type_stop((*))) enodev, 0, seltrue, dev_init(c,n,mmap), \ 0, 0, seltrue_kqfilter } -/* open, close, read, write, ioctl, mmap */ -#define cdev_crypto_init(c,n) { \ - dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \ - (dev_type_write((*))) enodev, dev_init(c,n,ioctl), (dev_type_stop((*))) enodev, \ - 0, selfalse, (dev_type_mmap((*))) enodev } - /* open, close, read, write, ioctl */ #define cdev_systrace_init(c,n) { \ dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \ @@ -614,8 +608,6 @@ cdev_decl(wsmux); cdev_decl(ksyms); -cdev_decl(crypto); - cdev_decl(systrace); cdev_decl(bio); diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 889e997e0f3..8bb7f090cf3 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.148 2014/07/13 16:41:22 claudio Exp $ */ +/* $OpenBSD: sysctl.h,v 1.149 2014/08/20 06:23:03 mikeb Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -152,15 +152,15 @@ struct ctlname { #define KERN_POOL 49 /* struct: pool information */ #define KERN_STACKGAPRANDOM 50 /* int: stackgap_random */ #define KERN_SYSVIPC_INFO 51 /* struct: SysV sem/shm/msg info */ -#define KERN_USERCRYPTO 52 /* int: usercrypto */ -#define KERN_CRYPTODEVALLOWSOFT 53 /* int: cryptodevallowsoft */ +/* was define KERN_USERCRYPTO 52 */ +/* was define KERN_CRYPTODEVALLOWSOFT 53 */ #define KERN_SPLASSERT 54 /* int: splassert */ #define KERN_PROC_ARGS 55 /* node: proc args and env */ #define KERN_NFILES 56 /* int: number of open files */ #define KERN_TTYCOUNT 57 /* int: number of tty devices */ #define KERN_NUMVNODES 58 /* int: number of vnodes in use */ #define KERN_MBSTAT 59 /* struct: mbuf statistics */ -#define KERN_USERASYMCRYPTO 60 /* int: usercrypto */ +/* was define KERN_USERASYMCRYPTO 60 */ #define KERN_SEMINFO 61 /* struct: SysV struct seminfo */ #define KERN_SHMINFO 62 /* struct: SysV struct shminfo */ #define KERN_INTRCNT 63 /* node: interrupt counters */ @@ -235,15 +235,15 @@ struct ctlname { { "pool", CTLTYPE_NODE }, \ { "stackgap_random", CTLTYPE_INT }, \ { "sysvipc_info", CTLTYPE_INT }, \ - { "usercrypto", CTLTYPE_INT }, \ - { "cryptodevallowsoft", CTLTYPE_INT }, \ + { "gap", 0 }, \ + { "gap", 0 }, \ { "splassert", CTLTYPE_INT }, \ { "procargs", CTLTYPE_NODE }, \ { "nfiles", CTLTYPE_INT }, \ { "ttycount", CTLTYPE_INT }, \ { "numvnodes", CTLTYPE_INT }, \ { "mbstat", CTLTYPE_STRUCT }, \ - { "userasymcrypto", CTLTYPE_INT }, \ + { "gap", 0 }, \ { "seminfo", CTLTYPE_STRUCT }, \ { "shminfo", CTLTYPE_STRUCT }, \ { "intrcnt", CTLTYPE_NODE }, \ -- 2.20.1