generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update from 1.0.0-stable

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-07-01 15:37:17 +00:00
parent 0e698584a0
commit b53e076988
1 changed files with 63 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
crypto/engine/eng_cryptodev.c
View File

@ -75,9 +75,6 @@ static u_int32_t cryptodev_asymfeat = 0;
static int get_asym_dev_crypto(void); static int get_asym_dev_crypto(void);
static int open_dev_crypto(void); static int open_dev_crypto(void);
static int get_dev_crypto(void); static int get_dev_crypto(void);
static int cryptodev_max_iv(int cipher);
static int cryptodev_key_length_valid(int cipher, int len);
static int cipher_nid_to_cryptodev(int nid);
static int get_cryptodev_ciphers(const int **cnids); static int get_cryptodev_ciphers(const int **cnids);
static int get_cryptodev_digests(const int **cnids); static int get_cryptodev_digests(const int **cnids);
static int cryptodev_usable_ciphers(const int **nids); static int cryptodev_usable_ciphers(const int **nids);
@ -130,9 +127,12 @@ static struct {
int ivmax; int ivmax;
int keylen; int keylen;
} ciphers[] = { } ciphers[] = {
{ CRYPTO_ARC4, NID_rc4, 0, 16, },
{ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
{ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
{ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
{ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
{ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
{ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
{ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
{ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
@ -202,50 +202,6 @@ get_asym_dev_crypto(void)
return fd; return fd;
} }
/*
* XXXX this needs to be set for each alg - and determined from
* a running card.
*/
static int
cryptodev_max_iv(int cipher)
{
int i;
for (i = 0; ciphers[i].id; i++)
if (ciphers[i].id == cipher)
return (ciphers[i].ivmax);
return (0);
}
/*
* XXXX this needs to be set for each alg - and determined from
* a running card. For now, fake it out - but most of these
* for real devices should return 1 for the supported key
* sizes the device can handle.
*/
static int
cryptodev_key_length_valid(int cipher, int len)
{
int i;
for (i = 0; ciphers[i].id; i++)
if (ciphers[i].id == cipher)
return (ciphers[i].keylen == len);
return (0);
}
/* convert libcrypto nids to cryptodev */
static int
cipher_nid_to_cryptodev(int nid)
{
int i;
for (i = 0; ciphers[i].id; i++)
if (ciphers[i].nid == nid)
return (ciphers[i].id);
return (0);
}
/* /*
* Find out what ciphers /dev/crypto will let us have a session for. * Find out what ciphers /dev/crypto will let us have a session for.
* XXX note, that some of these openssl doesn't deal with yet! * XXX note, that some of these openssl doesn't deal with yet!
@ -427,16 +383,20 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
{ {
struct dev_crypto_state *state = ctx->cipher_data; struct dev_crypto_state *state = ctx->cipher_data;
struct session_op *sess = &state->d_sess; struct session_op *sess = &state->d_sess;
int cipher; int cipher, i;
if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) for (i = 0; ciphers[i].id; i++)
return (0); if (ctx->cipher->nid == ciphers[i].nid &&
ctx->cipher->iv_len <= ciphers[i].ivmax &&
ctx->key_len == ciphers[i].keylen) {
cipher = ciphers[i].id;
break;
}
if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) if (!ciphers[i].id) {
return (0); state->d_fd = -1;
if (!cryptodev_key_length_valid(cipher, ctx->key_len))
return (0); return (0);
}
memset(sess, 0, sizeof(struct session_op)); memset(sess, 0, sizeof(struct session_op));
@ -496,6 +456,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
* gets called when libcrypto requests a cipher NID. * gets called when libcrypto requests a cipher NID.
*/ */
/* RC4 */
const EVP_CIPHER cryptodev_rc4 = {
NID_rc4,
1, 16, 0,
EVP_CIPH_VARIABLE_LENGTH,
cryptodev_init_key,
cryptodev_cipher,
cryptodev_cleanup,
sizeof(struct dev_crypto_state),
NULL,
NULL,
NULL
};
/* DES CBC EVP */ /* DES CBC EVP */
const EVP_CIPHER cryptodev_des_cbc = { const EVP_CIPHER cryptodev_des_cbc = {
NID_des_cbc, NID_des_cbc,
@ -563,6 +537,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
NULL NULL
}; };
const EVP_CIPHER cryptodev_aes_192_cbc = {
NID_aes_192_cbc,
16, 24, 16,
EVP_CIPH_CBC_MODE,
cryptodev_init_key,
cryptodev_cipher,
cryptodev_cleanup,
sizeof(struct dev_crypto_state),
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
NULL
};
const EVP_CIPHER cryptodev_aes_256_cbc = {
NID_aes_256_cbc,
16, 32, 16,
EVP_CIPH_CBC_MODE,
cryptodev_init_key,
cryptodev_cipher,
cryptodev_cleanup,
sizeof(struct dev_crypto_state),
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
NULL
};
/* /*
* Registered by the ENGINE when used to find out how to deal with * Registered by the ENGINE when used to find out how to deal with
* a particular NID in the ENGINE. this says what we'll do at the * a particular NID in the ENGINE. this says what we'll do at the
@ -576,6 +576,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
return (cryptodev_usable_ciphers(nids)); return (cryptodev_usable_ciphers(nids));
switch (nid) { switch (nid) {
case NID_rc4:
*cipher = &cryptodev_rc4;
break;
case NID_des_ede3_cbc: case NID_des_ede3_cbc:
*cipher = &cryptodev_3des_cbc; *cipher = &cryptodev_3des_cbc;
break; break;
@ -591,6 +594,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
case NID_aes_128_cbc: case NID_aes_128_cbc:
*cipher = &cryptodev_aes_cbc; *cipher = &cryptodev_aes_cbc;
break; break;
case NID_aes_192_cbc:
*cipher = &cryptodev_aes_192_cbc;
break;
case NID_aes_256_cbc:
*cipher = &cryptodev_aes_256_cbc;
break;
default: default:
*cipher = NULL; *cipher = NULL;
break; break;