2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/types.h>
30 #include <sys/param.h>
31 #include <sys/ioctl.h>
32 #include <sys/sysctl.h>
33 #include <crypto/cryptodev.h>
52 if (sysctlbyname("kern.cryptodevallowsoft", &old, &olen, NULL, 0) < 0) {
53 perror("accessing sysctl kern.cryptodevallowsoft failed");
66 olen = nlen = sizeof(new);
68 if (sysctlbyname("kern.cryptodevallowsoft", &old, &olen, &new, nlen) < 0) {
69 perror("accessing sysctl kern.cryptodevallowsoft failed");
75 get_cryptodev_cipher_id(struct tc_crypto_algo *cipher)
77 if (strcmp(cipher->name, "AES-128-XTS") == 0)
78 return CRYPTO_AES_XTS;
79 else if (strcmp(cipher->name, "AES-256-XTS") == 0)
80 return CRYPTO_AES_XTS;
81 else if (strcmp(cipher->name, "TWOFISH-128-XTS") == 0)
82 return CRYPTO_TWOFISH_XTS;
83 else if (strcmp(cipher->name, "TWOFISH-256-XTS") == 0)
84 return CRYPTO_TWOFISH_XTS;
85 else if (strcmp(cipher->name, "SERPENT-128-XTS") == 0)
86 return CRYPTO_SERPENT_XTS;
87 else if (strcmp(cipher->name, "SERPENT-256-XTS") == 0)
88 return CRYPTO_SERPENT_XTS;
94 syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen, unsigned char *iv,
95 unsigned char *in, unsigned char *out, size_t len, int do_encrypt)
97 struct session_op session;
100 int cryptodev_fd = -1, fd = -1;
102 cipher_id = get_cryptodev_cipher_id(cipher);
104 tc_log(1, "Cipher %s not found\n",
109 if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
110 perror("Could not open /dev/crypto");
113 if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
114 perror("CRIOGET failed");
117 memset(&session, 0, sizeof(session));
118 session.cipher = cipher_id;
119 session.key = (caddr_t) key;
120 session.keylen = klen;
121 if (ioctl(fd, CIOCGSESSION, &session) == -1) {
122 perror("CIOCGSESSION failed");
125 memset(&cryp, 0, sizeof(cryp));
126 cryp.ses = session.ses;
127 cryp.op = do_encrypt ? COP_ENCRYPT : COP_DECRYPT;
130 cryp.src = (caddr_t) in;
131 cryp.dst = (caddr_t) out;
132 cryp.iv = (caddr_t) iv;
134 if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
135 perror("CIOCCRYPT failed");
138 if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) {
139 perror("CIOCFSESSION failed");
149 if (cryptodev_fd != -1)
159 allowed = getallowsoft();