1 files changed, 317 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
new file mode 100644
index 0000000..ab2b7ea
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -0,0 +1,317 @@
+From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@freescale.com>
+Date: Thu, 29 Aug 2013 16:51:18 +0300
+Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
+- aes-128-cbc-hmac-sha1
+- aes-256-cbc-hmac-sha1
+Requires TLS patches on cryptodev and TLS algorithm support in Linux
+kernel driver.
+Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
+Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
+Reviewed-on: http://git.am.freescale.net:8181/17223
+---
+ crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 211 insertions(+), 11 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 5a715ac..7588a28 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
+ struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+       unsigned char *aad;
+       unsigned int aad_len;
+       unsigned int len;
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+@@ -140,17 +143,20 @@ static struct {
+        int     nid;
+        int     ivmax;
+        int     keylen;
+       int     mackeylen;
+ } ciphers[] = {
+-       { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
+-       { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+-       { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+-       { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+-       { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+-       { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+-       { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+-       { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+-       { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+-       { 0,                            NID_undef,              0,       0, },
+       { CRYPTO_ARC4,          NID_rc4,          0,  16, 0},
+       { CRYPTO_DES_CBC,       NID_des_cbc,      8,  8,  0},
+       { CRYPTO_3DES_CBC,      NID_des_ede3_cbc, 8,  24, 0},
+       { CRYPTO_AES_CBC,       NID_aes_128_cbc,  16, 16, 0},
+       { CRYPTO_AES_CBC,       NID_aes_192_cbc,  16, 24, 0},
+       { CRYPTO_AES_CBC,       NID_aes_256_cbc,  16, 32, 0},
+       { CRYPTO_BLF_CBC,       NID_bf_cbc,       8,  16, 0},
+       { CRYPTO_CAST_CBC,      NID_cast5_cbc,    8,  16, 0},
+       { CRYPTO_SKIPJACK_CBC,  NID_undef,        0,  0,  0},
+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
+       { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
+       { 0, NID_undef, 0, 0, 0},
+ };
+ 
+ #ifdef USE_CRYPTODEV_DIGESTS
+@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456789abcdefghijklmno";
+       sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
+ 
+        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].id;
+                sess.keylen = ciphers[i].keylen;
+-               sess.mac = 0;
+               sess.mackeylen = ciphers[i].mackeylen;
+
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].nid;
+@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        return (1);
+ }
+ 
+
+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+{
+       struct crypt_auth_op cryp;
+       struct dev_crypto_state *state = ctx->cipher_data;
+       struct session_op *sess = &state->d_sess;
+       const void *iiv;
+       unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+       if (state->d_fd < 0)
+               return (0);
+       if (!len)
+               return (1);
+       if ((len % ctx->cipher->block_size) != 0)
+               return (0);
+
+       memset(&cryp, 0, sizeof(cryp));
+
+       /* TODO: make a seamless integration with cryptodev flags */
+       switch (ctx->cipher->nid) {
+       case NID_aes_128_cbc_hmac_sha1:
+       case NID_aes_256_cbc_hmac_sha1:
+               cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
+       }
+       cryp.ses = sess->ses;
+       cryp.len = state->len;
+       cryp.src = (caddr_t) in;
+       cryp.dst = (caddr_t) out;
+       cryp.auth_src = state->aad;
+       cryp.auth_len = state->aad_len;
+
+       cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+       if (ctx->cipher->iv_len) {
+               cryp.iv = (caddr_t) ctx->iv;
+               if (!ctx->encrypt) {
+                       iiv = in + len - ctx->cipher->iv_len;
+                       memcpy(save_iv, iiv, ctx->cipher->iv_len);
+               }
+       } else
+               cryp.iv = NULL;
+
+       if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
+               /* XXX need better errror handling
+                * this can fail for a number of different reasons.
+                */
+               return (0);
+       }
+
+       if (ctx->cipher->iv_len) {
+               if (ctx->encrypt)
+                       iiv = out + len - ctx->cipher->iv_len;
+               else
+                       iiv = save_iv;
+               memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+       }
+       return (1);
+}
+
+
+ static int
+ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+     const unsigned char *iv, int enc)
+@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        return (1);
+ }
+ 
+/* Save the encryption key provided by upper layers.
+ *
+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
+ * extra data. We can't do much here because the mac key is not available.
+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
+ * with both the crypto and hmac keys.
+ */
+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
+               const unsigned char *key, const unsigned char *iv, int enc)
+{
+       struct dev_crypto_state *state = ctx->cipher_data;
+       struct session_op *sess = &state->d_sess;
+       int cipher = -1, i;
+
+       for (i = 0; ciphers[i].id; i++)
+               if (ctx->cipher->nid == ciphers[i].nid &&
+                   ctx->cipher->iv_len <= ciphers[i].ivmax &&
+                   ctx->key_len == ciphers[i].keylen) {
+                       cipher = ciphers[i].id;
+                       break;
+               }
+
+       if (!ciphers[i].id) {
+               state->d_fd = -1;
+               return (0);
+       }
+
+       memset(sess, 0, sizeof(struct session_op));
+
+       sess->key = (caddr_t)key;
+       sess->keylen = ctx->key_len;
+       sess->cipher = cipher;
+
+       /* for whatever reason, (1) means success */
+       return (1);
+}
+
+
+ /*
+  * free anything we allocated earlier when initting a
+  * session, and close the session.
+@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+        return (ret);
+ }
+ 
+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+               void *ptr)
+{
+       switch (type) {
+       case EVP_CTRL_AEAD_SET_MAC_KEY:
+       {
+               /* TODO: what happens with hmac keys larger than 64 bytes? */
+               struct dev_crypto_state *state = ctx->cipher_data;
+               struct session_op *sess = &state->d_sess;
+
+               if ((state->d_fd = get_dev_crypto()) < 0)
+                       return (0);
+
+               /* the rest should have been set in cryptodev_init_aead_key */
+               sess->mackey = ptr;
+               sess->mackeylen = arg;
+
+               if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                       put_dev_crypto(state->d_fd);
+                       state->d_fd = -1;
+                       return (0);
+               }
+               return (1);
+       }
+       case EVP_CTRL_AEAD_TLS1_AAD:
+       {
+               /* ptr points to the associated data buffer of 13 bytes */
+               struct dev_crypto_state *state = ctx->cipher_data;
+               unsigned char *p = ptr;
+               unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
+               unsigned int maclen, padlen;
+               unsigned int bs = ctx->cipher->block_size;
+
+               state->aad = ptr;
+               state->aad_len = arg;
+               state->len = cryptlen;
+
+               /* TODO: this should be an extension of EVP_CIPHER struct */
+               switch (ctx->cipher->nid) {
+               case NID_aes_128_cbc_hmac_sha1:
+               case NID_aes_256_cbc_hmac_sha1:
+                       maclen = SHA_DIGEST_LENGTH;
+               }
+
+               /* space required for encryption (not only TLS padding) */
+               padlen = maclen;
+               if (ctx->encrypt) {
+                       cryptlen += maclen;
+                       padlen += bs - (cryptlen % bs);
+               }
+               return padlen;
+       }
+       default:
+               return -1;
+       }
+}
+
+ /*
+  * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+  * gets called when libcrypto requests a cipher NID.
+@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NULL
+ };
+ 
+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
+       NID_aes_128_cbc_hmac_sha1,
+       16, 16, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+
+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
+       NID_aes_256_cbc_hmac_sha1,
+       16, 32, 16,
+       EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
+       cryptodev_init_aead_key,
+       cryptodev_aead_cipher,
+       cryptodev_cleanup,
+       sizeof(struct dev_crypto_state),
+       EVP_CIPHER_set_asn1_iv,
+       EVP_CIPHER_get_asn1_iv,
+       cryptodev_cbc_hmac_sha1_ctrl,
+       NULL
+};
+ /*
+  * Registered by the ENGINE when used to find out how to deal with
+  * a particular NID in the ENGINE. this says what we'll do at the
+@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+       case NID_aes_128_cbc_hmac_sha1:
+               *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
+               break;
+       case NID_aes_256_cbc_hmac_sha1:
+               *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
+               break;
+        default:
+                *cipher = NULL;
+                break;
+@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
+        }
+        put_dev_crypto(fd);
+ 
+       EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
+       EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+-- 
+2.3.5

diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch new file mode 100644 index 0000000..ab2b7ea --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -0,0 +1,317 @@
	1	From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
	2	From: Cristian Stoica <cristian.stoica@freescale.com>
	3	Date: Thu, 29 Aug 2013 16:51:18 +0300
	4	Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload
	5
	6	- aes-128-cbc-hmac-sha1
	7	- aes-256-cbc-hmac-sha1
	8
	9	Requires TLS patches on cryptodev and TLS algorithm support in Linux
	10	kernel driver.
	11
	12	Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
	13	Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
	14	Reviewed-on: http://git.am.freescale.net:8181/17223
	15	---
	16	crypto/engine/eng_cryptodev.c \| 222 +++++++++++++++++++++++++++++++++++++++---
	17	1 file changed, 211 insertions(+), 11 deletions(-)
	18
	19	diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
	20	index 5a715ac..7588a28 100644
	21	--- a/crypto/engine/eng_cryptodev.c
	22	+++ b/crypto/engine/eng_cryptodev.c
	23	@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
	24	struct dev_crypto_state {
	25	struct session_op d_sess;
	26	int d_fd;
	27	+ unsigned char *aad;
	28	+ unsigned int aad_len;
	29	+ unsigned int len;
	30
	31	#ifdef USE_CRYPTODEV_DIGESTS
	32	char dummy_mac_key[HASH_MAX_LEN];
	33	@@ -140,17 +143,20 @@ static struct {
	34	int nid;
	35	int ivmax;
	36	int keylen;
	37	+ int mackeylen;
	38	} ciphers[] = {
	39	- { CRYPTO_ARC4, NID_rc4, 0, 16, },
	40	- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
	41	- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
	42	- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
	43	- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
	44	- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
	45	- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
	46	- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
	47	- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
	48	- { 0, NID_undef, 0, 0, },
	49	+ { CRYPTO_ARC4, NID_rc4, 0, 16, 0},
	50	+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0},
	51	+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0},
	52	+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0},
	53	+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0},
	54	+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0},
	55	+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
	56	+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
	57	+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
	58	+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
	59	+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
	60	+ { 0, NID_undef, 0, 0, 0},
	61	};
	62
	63	#ifdef USE_CRYPTODEV_DIGESTS
	64	@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
	65	}
	66	memset(&sess, 0, sizeof(sess));
	67	sess.key = (caddr_t)"123456789abcdefghijklmno";
	68	+ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
	69
	70	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
	71	if (ciphers[i].nid == NID_undef)
	72	continue;
	73	sess.cipher = ciphers[i].id;
	74	sess.keylen = ciphers[i].keylen;
	75	- sess.mac = 0;
	76	+ sess.mackeylen = ciphers[i].mackeylen;
	77	+
	78	if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
	79	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
	80	nids[count++] = ciphers[i].nid;
	81	@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
	82	return (1);
	83	}
	84
	85	+
	86	+static int cryptodev_aead_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
	87	+ const unsigned char *in, size_t len)
	88	+{
	89	+ struct crypt_auth_op cryp;
	90	+ struct dev_crypto_state *state = ctx->cipher_data;
	91	+ struct session_op *sess = &state->d_sess;
	92	+ const void *iiv;
	93	+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
	94	+
	95	+ if (state->d_fd < 0)
	96	+ return (0);
	97	+ if (!len)
	98	+ return (1);
	99	+ if ((len % ctx->cipher->block_size) != 0)
	100	+ return (0);
	101	+
	102	+ memset(&cryp, 0, sizeof(cryp));
	103	+
	104	+ /* TODO: make a seamless integration with cryptodev flags */
	105	+ switch (ctx->cipher->nid) {
	106	+ case NID_aes_128_cbc_hmac_sha1:
	107	+ case NID_aes_256_cbc_hmac_sha1:
	108	+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
	109	+ }
	110	+ cryp.ses = sess->ses;
	111	+ cryp.len = state->len;
	112	+ cryp.src = (caddr_t) in;
	113	+ cryp.dst = (caddr_t) out;
	114	+ cryp.auth_src = state->aad;
	115	+ cryp.auth_len = state->aad_len;
	116	+
	117	+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
	118	+
	119	+ if (ctx->cipher->iv_len) {
	120	+ cryp.iv = (caddr_t) ctx->iv;
	121	+ if (!ctx->encrypt) {
	122	+ iiv = in + len - ctx->cipher->iv_len;
	123	+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
	124	+ }
	125	+ } else
	126	+ cryp.iv = NULL;
	127	+
	128	+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
	129	+ /* XXX need better errror handling
	130	+ * this can fail for a number of different reasons.
	131	+ */
	132	+ return (0);
	133	+ }
	134	+
	135	+ if (ctx->cipher->iv_len) {
	136	+ if (ctx->encrypt)
	137	+ iiv = out + len - ctx->cipher->iv_len;
	138	+ else
	139	+ iiv = save_iv;
	140	+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
	141	+ }
	142	+ return (1);
	143	+}
	144	+
	145	+
	146	static int
	147	cryptodev_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
	148	const unsigned char *iv, int enc)
	149	@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
	150	return (1);
	151	}
	152
	153	+/* Save the encryption key provided by upper layers.
	154	+ *
	155	+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
	156	+ * extra data. We can't do much here because the mac key is not available.
	157	+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
	158	+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
	159	+ * with both the crypto and hmac keys.
	160	+ */
	161	+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
	162	+ const unsigned char key, const unsigned char iv, int enc)
	163	+{
	164	+ struct dev_crypto_state *state = ctx->cipher_data;
	165	+ struct session_op *sess = &state->d_sess;
	166	+ int cipher = -1, i;
	167	+
	168	+ for (i = 0; ciphers[i].id; i++)
	169	+ if (ctx->cipher->nid == ciphers[i].nid &&
	170	+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
	171	+ ctx->key_len == ciphers[i].keylen) {
	172	+ cipher = ciphers[i].id;
	173	+ break;
	174	+ }
	175	+
	176	+ if (!ciphers[i].id) {
	177	+ state->d_fd = -1;
	178	+ return (0);
	179	+ }
	180	+
	181	+ memset(sess, 0, sizeof(struct session_op));
	182	+
	183	+ sess->key = (caddr_t)key;
	184	+ sess->keylen = ctx->key_len;
	185	+ sess->cipher = cipher;
	186	+
	187	+ /* for whatever reason, (1) means success */
	188	+ return (1);
	189	+}
	190	+
	191	+
	192	/*
	193	* free anything we allocated earlier when initting a
	194	* session, and close the session.
	195	@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
	196	return (ret);
	197	}
	198
	199	+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
	200	+ void *ptr)
	201	+{
	202	+ switch (type) {
	203	+ case EVP_CTRL_AEAD_SET_MAC_KEY:
	204	+ {
	205	+ /* TODO: what happens with hmac keys larger than 64 bytes? */
	206	+ struct dev_crypto_state *state = ctx->cipher_data;
	207	+ struct session_op *sess = &state->d_sess;
	208	+
	209	+ if ((state->d_fd = get_dev_crypto()) < 0)
	210	+ return (0);
	211	+
	212	+ /* the rest should have been set in cryptodev_init_aead_key */
	213	+ sess->mackey = ptr;
	214	+ sess->mackeylen = arg;
	215	+
	216	+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
	217	+ put_dev_crypto(state->d_fd);
	218	+ state->d_fd = -1;
	219	+ return (0);
	220	+ }
	221	+ return (1);
	222	+ }
	223	+ case EVP_CTRL_AEAD_TLS1_AAD:
	224	+ {
	225	+ /* ptr points to the associated data buffer of 13 bytes */
	226	+ struct dev_crypto_state *state = ctx->cipher_data;
	227	+ unsigned char *p = ptr;
	228	+ unsigned int cryptlen = p[arg - 2] << 8 \| p[arg - 1];
	229	+ unsigned int maclen, padlen;
	230	+ unsigned int bs = ctx->cipher->block_size;
	231	+
	232	+ state->aad = ptr;
	233	+ state->aad_len = arg;
	234	+ state->len = cryptlen;
	235	+
	236	+ /* TODO: this should be an extension of EVP_CIPHER struct */
	237	+ switch (ctx->cipher->nid) {
	238	+ case NID_aes_128_cbc_hmac_sha1:
	239	+ case NID_aes_256_cbc_hmac_sha1:
	240	+ maclen = SHA_DIGEST_LENGTH;
	241	+ }
	242	+
	243	+ /* space required for encryption (not only TLS padding) */
	244	+ padlen = maclen;
	245	+ if (ctx->encrypt) {
	246	+ cryptlen += maclen;
	247	+ padlen += bs - (cryptlen % bs);
	248	+ }
	249	+ return padlen;
	250	+ }
	251	+ default:
	252	+ return -1;
	253	+ }
	254	+}
	255	+
	256	/*
	257	* libcrypto EVP stuff - this is how we get wired to EVP so the engine
	258	* gets called when libcrypto requests a cipher NID.
	259	@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
	260	NULL
	261	};
	262
	263	+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
	264	+ NID_aes_128_cbc_hmac_sha1,
	265	+ 16, 16, 16,
	266	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
	267	+ cryptodev_init_aead_key,
	268	+ cryptodev_aead_cipher,
	269	+ cryptodev_cleanup,
	270	+ sizeof(struct dev_crypto_state),
	271	+ EVP_CIPHER_set_asn1_iv,
	272	+ EVP_CIPHER_get_asn1_iv,
	273	+ cryptodev_cbc_hmac_sha1_ctrl,
	274	+ NULL
	275	+};
	276	+
	277	+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
	278	+ NID_aes_256_cbc_hmac_sha1,
	279	+ 16, 32, 16,
	280	+ EVP_CIPH_CBC_MODE \| EVP_CIPH_FLAG_AEAD_CIPHER,
	281	+ cryptodev_init_aead_key,
	282	+ cryptodev_aead_cipher,
	283	+ cryptodev_cleanup,
	284	+ sizeof(struct dev_crypto_state),
	285	+ EVP_CIPHER_set_asn1_iv,
	286	+ EVP_CIPHER_get_asn1_iv,
	287	+ cryptodev_cbc_hmac_sha1_ctrl,
	288	+ NULL
	289	+};
	290	/*
	291	* Registered by the ENGINE when used to find out how to deal with
	292	* a particular NID in the ENGINE. this says what we'll do at the
	293	@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE e, const EVP_CIPHER *cipher,
	294	case NID_aes_256_cbc:
	295	*cipher = &cryptodev_aes_256_cbc;
	296	break;
	297	+ case NID_aes_128_cbc_hmac_sha1:
	298	+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
	299	+ break;
	300	+ case NID_aes_256_cbc_hmac_sha1:
	301	+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
	302	+ break;
	303	default:
	304	*cipher = NULL;
	305	break;
	306	@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
	307	}
	308	put_dev_crypto(fd);
	309
	310	+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
	311	+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
	312	if (!ENGINE_set_id(engine, "cryptodev") \|\|
	313	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|
	314	!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) \|\|
	315	--
	316	2.3.5
	317