search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
corrected copyright notices
[gnutls.git] / lib / accelerated / cryptodev-gcm.c
blobfcd75bbcb4b5ded44256ca1778e1886050aaa99f
1 /*
2 * Copyright (C) 2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 *
21 */
22
23 #include <gnutls_errors.h>
24 #include <gnutls_int.h>
25 #include <gnutls/crypto.h>
26 #include <gnutls_errors.h>
27 #include <accelerated/cryptodev.h>
28
29 #ifdef ENABLE_CRYPTODEV
30
31 #include <fcntl.h>
32 #include <sys/ioctl.h>
33 #include <crypto/cryptodev.h>
34
35 #ifndef CRYPTO_CIPHER_MAX_KEY_LEN
36 #define CRYPTO_CIPHER_MAX_KEY_LEN 64
37 #endif
38
39 #ifndef EALG_MAX_BLOCK_LEN
40 #define EALG_MAX_BLOCK_LEN 16
41 #endif
42
43
44 #ifdef CIOCAUTHCRYPT
45
46 #define GCM_BLOCK_SIZE 16
47
48 struct cryptodev_gcm_ctx
49 {
50 struct session_op sess;
51 struct crypt_auth_op cryp;
52 uint8_t iv[GCM_BLOCK_SIZE];
53 uint8_t tag[GCM_BLOCK_SIZE];
54
55 void* auth_data;
56 unsigned int auth_data_size;
57
58 int op; /* whether encryption op has been executed */
59
60 int cfd;
61 };
62
63 static void
64 aes_gcm_deinit (void *_ctx)
65 {
66 struct cryptodev_gcm_ctx *ctx = _ctx;
67
68 ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
69 gnutls_free (ctx);
70 }
71
72 static const int cipher_map[] = {
73 [GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM,
74 [GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM,
75 };
76
77 static int
78 aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
79 {
80 struct cryptodev_gcm_ctx *ctx;
81
82 *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_gcm_ctx));
83 if (*_ctx == NULL)
84 {
85 gnutls_assert ();
86 return GNUTLS_E_MEMORY_ERROR;
87 }
88
89
90 ctx = *_ctx;
91
92 ctx->cfd = _gnutls_cryptodev_fd;
93 ctx->sess.cipher = cipher_map[algorithm];
94 ctx->cryp.iv = ctx->iv;
95
96 return 0;
97 }
98
99 static int
100 aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
101 {
102 struct cryptodev_gcm_ctx *ctx = _ctx;
103
104 ctx->sess.keylen = keysize;
105 ctx->sess.key = (void*)userkey;
106
107 if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
108 {
109 gnutls_assert ();
110 return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
111 }
112 ctx->cryp.ses = ctx->sess.ses;
113
114 return 0;
115 }
116
117 static int
118 aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
119 {
120 struct cryptodev_gcm_ctx *ctx = _ctx;
121
122 if (iv_size != GCM_BLOCK_SIZE - 4)
123 return GNUTLS_E_INVALID_REQUEST;
124
125 memcpy (ctx->iv, iv, GCM_BLOCK_SIZE - 4);
126
127 ctx->cryp.iv = (void*)ctx->iv;
128
129 return 0;
130 }
131
132 static int
133 aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
134 void *dst, size_t dst_size)
135 {
136 struct cryptodev_gcm_ctx *ctx = _ctx;
137
138 /* the GCM in kernel will place the tag after the
139 * encrypted data.
140 */
141 if (dst_size < src_size + GCM_BLOCK_SIZE)
142 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
143
144 ctx->cryp.len = src_size;
145 ctx->cryp.src = (void *) src;
146 ctx->cryp.dst = dst;
147 ctx->cryp.op = COP_ENCRYPT;
148
149 ctx->cryp.auth_len = ctx->auth_data_size;
150 ctx->cryp.auth_src = ctx->auth_data;
151
152 if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
153 {
154 gnutls_assert ();
155 return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
156 }
157
158 ctx->cryp.auth_len = 0;
159 ctx->op = 1;
160 memcpy(ctx->tag, &((uint8_t*)dst)[src_size], GCM_BLOCK_SIZE);
161 return 0;
162 }
163
164 static int
165 aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
166 void *dst, size_t dst_size)
167 {
168 struct cryptodev_gcm_ctx *ctx = _ctx;
169
170 /* the GCM in kernel will place the tag after the
171 * encrypted data.
172 */
173 ctx->cryp.len = src_size + GCM_BLOCK_SIZE;
174 ctx->cryp.src = (void *) src;
175 ctx->cryp.dst = dst;
176 ctx->cryp.op = COP_DECRYPT;
177
178 ctx->cryp.auth_len = ctx->auth_data_size;
179 ctx->cryp.auth_src = ctx->auth_data;
180
181 if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
182 {
183 gnutls_assert ();
184 return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
185 }
186
187 ctx->cryp.auth_len = 0;
188 ctx->op = 1;
189 memcpy(ctx->tag, &((uint8_t*)dst)[src_size], GCM_BLOCK_SIZE);
190 return 0;
191 }
192
193 static int
194 aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
195 {
196 struct cryptodev_gcm_ctx *ctx = _ctx;
197
198 ctx->op = 0;
199 ctx->auth_data = (void*)src;
200 ctx->auth_data_size = src_size;
201
202 return 0;
203 }
204
205 static void
206 aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
207 {
208 struct cryptodev_gcm_ctx *ctx = _ctx;
209
210 if (ctx->op == 0)
211 {
212 ctx->cryp.len = 0;
213 ctx->cryp.src = NULL;
214 ctx->cryp.dst = ctx->tag;
215 ctx->cryp.op = COP_ENCRYPT;
216
217 ctx->cryp.auth_len = ctx->auth_data_size;
218 ctx->cryp.auth_src = ctx->auth_data;
219
220 if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
221 {
222 gnutls_assert ();
223 return;
224 }
225 }
226
227 memcpy(tag, ctx->tag, tagsize);
228 ctx->op = 0;
229 }
230
231 static const gnutls_crypto_cipher_st cipher_struct = {
232 .init = aes_gcm_cipher_init,
233 .setkey = aes_gcm_cipher_setkey,
234 .setiv = aes_gcm_setiv,
235 .encrypt = aes_gcm_encrypt,
236 .decrypt = aes_gcm_decrypt,
237 .deinit = aes_gcm_deinit,
238 .tag = aes_gcm_tag,
239 .auth = aes_gcm_auth,
240 };
241
242 int
243 _cryptodev_register_gcm_crypto (int cfd)
244 {
245 struct session_op sess;
246 uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
247 unsigned int i;
248 int ret;
249 #ifdef CIOCGSESSINFO
250 struct session_info_op siop;
251
252 memset(&siop, 0, sizeof(siop));
253 #endif
254
255 memset (&sess, 0, sizeof (sess));
256
257 for (i = 0; i < sizeof (cipher_map) / sizeof (cipher_map[0]);
258 i++)
259 {
260 if (cipher_map[i] == 0)
261 continue;
262
263 /* test if a cipher is support it and if yes register it */
264 sess.cipher = cipher_map[i];
265 sess.keylen = gnutls_cipher_get_key_size (i);
266 sess.key = fake_key;
267
268 if (ioctl (cfd, CIOCGSESSION, &sess))
269 {
270 continue;
271 }
272
273 #ifdef CIOCGSESSINFO
274 siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
275 if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
276 {
277 if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
278 {
279 ioctl (cfd, CIOCFSESSION, &sess.ses);
280 continue;
281 }
282 }
283 #endif
284
285 ioctl (cfd, CIOCFSESSION, &sess.ses);
286
287 _gnutls_debug_log ("/dev/crypto: registering: %s\n",
288 gnutls_cipher_get_name (i));
289 ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
290 if (ret < 0)
291 {
292 gnutls_assert ();
293 return ret;
294 }
295
296 }
297
298 return 0;
299 }
300
301 #endif /* CIOCAUTHCRYPT */
302
303 #endif /* ENABLE_CRYPTODEV */
Implementation of the SSL/TLS protocol