hcrypto: Add hcrypto EVP support to the Unix CM

This commit adds the files which are necessary to support hcrypto's
EVP interface to the Unix cache manager build. Only a small number
of EVP ciphers and hashes are currently supported -
    * aes_128_cbc
    * aes_256_cbc
    * sha1

Note that the EVP interface is the only supported mechanism to use
the AES cipher - directly calling the underlying crypto functions
is not recommended and may break at any time.

Change-Id: I662073e578b29db1707c6b6433209e75e4db455d
Reviewed-on: http://gerrit.openafs.org/3945
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

Makefile.in

@@ -479,8 +479,12 @@ ${DEST}/bin/dedebug: dedebug
 #
 # libafs build targets
 #
-libafs: config export lwp_depinstall rx_depinstall vlserver_depinstall tvlserver_depinstall rxkad_depinstall fsint_depinstall \
-		libacl_depinstall afs_depinstall dir_depinstall rxstat_depinstall sys_depinstall auth_depinstall rxosdsrc
+libafs: config export hcrypto lwp_depinstall \
+	rx_depinstall vlserver_depinstall tvlserver_depinstall \
+	rxkad_depinstall fsint_depinstall \
+	libacl_depinstall afs_depinstall dir_depinstall \
+	rxstat_depinstall sys_depinstall auth_depinstall \
+	rxosdsrc
 	src/config/config src/libafs/MakefileProto.${MKAFS_OSTYPE} src/libafs/Makefile ${SYS_NAME}
 	+${COMPILE_PART1} libafs ${COMPILE_PART2}
 

src/crypto/hcrypto/kernel/alloc.c

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2010 Your File System Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+void *
+_afscrypto_calloc(int num, size_t len)
+{
+    void *ptr;
+
+    ptr = afs_osi_Alloc(num * len);
+
+    return ptr;
+}
+
+void *
+_afscrypto_malloc(size_t len)
+{
+    void *ptr;
+
+    ptr = afs_osi_Alloc(len);
+
+    return ptr;
+}
+
+void
+_afscrypto_free(void *ptr)
+{
+    if (ptr != NULL)
+	afs_osi_Free(ptr, 0);
+}

src/crypto/hcrypto/kernel/assert.h

@@ -0,0 +1 @@
+/* This file intentionally left blank */

src/crypto/hcrypto/kernel/config.h

@@ -1,4 +1,42 @@
+/*
+ * Copyright (c) 2010 Your File System Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 #include <afsconfig.h>
 #include "afs/param.h"
+
+#include "afs/stds.h"
 #include "afs/sysincludes.h"
 #include "afsincludes.h"
+
+#define assert osi_Assert
+
+/* We need wrappers for the various memory management functions */
+#define calloc _afscrypto_calloc
+void * _afscrypto_calloc(int, size_t);
+
+#define malloc _afscrypto_malloc
+void * _afscrypto_malloc(size_t);
+
+#define free _afscrypto_free
+void _afscrypto_free(void *);

src/crypto/hcrypto/kernel/evp-algs.c

@@ -0,0 +1,198 @@
+/* A cut down set of hcrypto EVP ciphers for kernel use */
+
+#include <config.h>
+#include <evp.h>
+#include <evp-hcrypto.h>
+#include <aes.h>
+#include <sha.h>
+
+static int
+aes_init(EVP_CIPHER_CTX *ctx,
+	 const unsigned char * key,
+	 const unsigned char * iv,
+	 int encp)
+{
+    AES_KEY *k = ctx->cipher_data;
+    if (ctx->encrypt)
+	AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k);
+    else
+	AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k);
+    return 1;
+}
+
+static int
+aes_do_cipher(EVP_CIPHER_CTX *ctx,
+	      unsigned char *out,
+	      const unsigned char *in,
+	      unsigned int size)
+{
+    AES_KEY *k = ctx->cipher_data;
+    if (ctx->flags & EVP_CIPH_CFB8_MODE)
+        AES_cfb8_encrypt(in, out, size, k, ctx->iv, ctx->encrypt);
+    else
+        AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt);
+    return 1;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_aes_128_cbc(void)
+{
+    static const EVP_CIPHER aes_128_cbc = {
+	0,
+	16,
+	16,
+	16,
+	EVP_CIPH_CBC_MODE,
+	aes_init,
+	aes_do_cipher,
+	NULL,
+	sizeof(AES_KEY),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+    };
+
+    return &aes_128_cbc;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_aes_256_cbc(void)
+{
+    static const EVP_CIPHER aes_256_cbc = {
+	0,
+	16,
+	32,
+	16,
+	EVP_CIPH_CBC_MODE,
+	aes_init,
+	aes_do_cipher,
+	NULL,
+	sizeof(AES_KEY),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+    };
+    return &aes_256_cbc;
+}
+
+const EVP_MD *
+EVP_hckernel_sha1(void)
+{
+    static const struct hc_evp_md sha1 = {
+	20,
+	64,
+	sizeof(SHA_CTX),
+	(hc_evp_md_init)SHA1_Init,
+	(hc_evp_md_update)SHA1_Update,
+	(hc_evp_md_final)SHA1_Final,
+	NULL
+    };
+    return &sha1;
+}
+
+const EVP_MD *
+EVP_hckernel_sha256(void) {
+    return NULL;
+}
+
+const EVP_MD *
+EVP_hckernel_sha384(void) {
+    return NULL;
+}
+
+const EVP_MD *
+EVP_hckernel_sha512(void) {
+    return NULL;
+}
+
+const EVP_MD *
+EVP_hckernel_md5(void) {
+    return NULL;
+}
+
+const EVP_MD *
+EVP_hckernel_md4(void) {
+    return NULL;
+}
+
+const EVP_MD *
+EVP_hckernel_md2(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_rc2_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_rc2_40_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_rc2_64_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_rc4(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_rc4_40(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_des_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_des_ede3_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_aes_192_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_aes_128_cfb8(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_aes_192_cfb8(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_aes_256_cfb8(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_camellia_128_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_camellia_192_cbc(void) {
+    return NULL;
+}
+
+const EVP_CIPHER *
+EVP_hckernel_camellia_256_cbc(void) {
+    return NULL;
+}
+
+void
+hcrypto_validate(void) {
+    return;
+}

src/crypto/hcrypto/kernel/evp-hcrypto.h

@@ -0,0 +1,27 @@
+#define HCRYPTO_DEF_PROVIDER hckernel
+
+const EVP_CIPHER *EVP_hckernel_aes_128_cbc(void);
+const EVP_CIPHER *EVP_hckernel_aes_256_cbc(void);
+const EVP_MD *EVP_hckernel_sha1(void);
+
+/* Stubs */
+const EVP_MD *EVP_hckernel_sha256(void);
+const EVP_MD *EVP_hckernel_sha384(void);
+const EVP_MD *EVP_hckernel_sha512(void);
+const EVP_MD *EVP_hckernel_md5(void);
+const EVP_MD *EVP_hckernel_md4(void);
+const EVP_MD *EVP_hckernel_md2(void);
+const EVP_CIPHER *EVP_hckernel_rc2_cbc(void);
+const EVP_CIPHER *EVP_hckernel_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_hckernel_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_hckernel_rc4(void);
+const EVP_CIPHER *EVP_hckernel_rc4_40(void);
+const EVP_CIPHER *EVP_hckernel_des_cbc(void);
+const EVP_CIPHER *EVP_hckernel_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_hckernel_aes_192_cbc(void);
+const EVP_CIPHER *EVP_hckernel_aes_128_cfb8(void);
+const EVP_CIPHER *EVP_hckernel_aes_192_cfb8(void);
+const EVP_CIPHER *EVP_hckernel_aes_256_cfb8(void);
+const EVP_CIPHER *EVP_hckernel_camellia_128_cbc(void);
+const EVP_CIPHER *EVP_hckernel_camellia_192_cbc(void);
+const EVP_CIPHER *EVP_hckernel_camellia_256_cbc(void);

src/crypto/hcrypto/kernel/rand.c

@@ -0,0 +1,18 @@
+/* A trivial implementation of hcrypto's RAND interface for
+ * kernel use */
+
+#include <config.h>
+#include <evp.h>
+#include <evp-hcrypto.h>
+#include <aes.h>
+#include <sha.h>
+
+int
+RAND_bytes(void *outdata, size_t size)
+{
+    if (size == 0)
+	return 0;
+    if (osi_readRandom(outdata, size))
+	return 0;
+    return 1;
+}

src/crypto/hcrypto/kernel/stdio.h

@@ -0,0 +1 @@
+/* This file intentionally left blank */

src/crypto/hcrypto/kernel/stdlib.h

@@ -0,0 +1 @@
+/* This file intentionally left blank */

src/crypto/hcrypto/kernel/string.h

@@ -0,0 +1 @@
+/* This file intentionally left blank */

src/libafs/Makefile.common.in

@@ -29,14 +29,10 @@ COMMON_INCLUDE = -I. -I.. -I../nfs \
 	-I${TOP_SRCDIR}/afs/${MKAFS_OSTYPE} \
 	-I${TOP_SRCDIR}/config \
 	-I${TOP_SRCDIR}/rx/${MKAFS_OSTYPE} \
-	-I${TOP_SRCDIR}/rxkad \
-	-I${TOP_SRCDIR}/util \
 	-I${TOP_SRCDIR}/external/heimdal \
 	-I${TOP_OBJDIR}/src \
 	-I${TOP_OBJDIR}/src/afs \
 	-I${TOP_OBJDIR}/src/afs/${MKAFS_OSTYPE} \
-	-I${TOP_OBJDIR}/src/util \
-	-I${TOP_OBJDIR}/src/rxkad \
 	-I${TOP_OBJDIR}/src/config \
 	-I${TOP_OBJDIR}/src/fsint \
 	-I${TOP_OBJDIR}/src/vlserver \
@@ -172,6 +168,13 @@ AFSAOBJS = \
 	xdr.o		\
 	Ktoken.xdr.o	\
 	md5.o		\
+	evp.o		\
+	evp-algs.o    	\
+	rand-kernel.o   \
+	alloc-kernel.o	\
+	aes.o		\
+	rijndael-alg-fst.o \
+	sha.o		\
 	afs_uuid.o $(AFS_OS_OBJS)
 
 # These next two allow nfs and nonfs builds to occur in the same directory.
@@ -388,6 +391,12 @@ rxkad_client.o: $(TOP_SRC_RXKAD)/rxkad_client.c
 	$(CRULE_NOOPT)
 rxkad_common.o: $(TOP_SRC_RXKAD)/rxkad_common.c
 	$(CRULE_NOOPT)
+
+CFLAGS-fcrypt.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+CFLAGS-crypt_conn.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+CFLAGS-rxkad_client.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+CFLAGS-rxkad_common.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+
 afs_exporter.o: $(TOP_SRC_AFS)/afs_exporter.c
 	$(CRULE_NOOPT)
 afs_nfsclnt.o: $(TOP_SRC_AFS)/afs_nfsclnt.c
@@ -490,6 +499,31 @@ rx_pag_knet.o: $(TOP_SRC_RX)/${MKAFS_OSTYPE}/rx_knet.c
 md5.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/md5.c
 	$(CRULE_OPT)
 
+evp.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/evp.c
+	$(CRULE_OPT)
+CFLAGS-evp.o= -I$(TOP_INCDIR)/hcrypto \
+	      -DHAVE_CONFIG_H
+
+evp-algs.o: $(TOP_SRCDIR)/crypto/hcrypto/kernel/evp-algs.c
+	$(CRULE_OPT)
+CFLAGS-evp-algs.o = -I$(TOP_INCDIR)/hcrypto
+
+rand-kernel.o: $(TOP_SRCDIR)/crypto/hcrypto/kernel/rand.c
+	$(CRULE_OPT)
+CFLAGS-rand-kernel.o = -I$(TOP_INCDIR)/hcrypto
+
+alloc-kernel.o: $(TOP_SRCDIR)/crypto/hcrypto/kernel/alloc.c
+	$(CRULE_OPT)
+
+aes.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/aes.c
+	$(CRULE_OPT)
+
+rijndael-alg-fst.o:  $(TOP_SRCDIR)/external/heimdal/hcrypto/rijndael-alg-fst.c
+	$(CRULE_OPT)
+
+sha.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/sha.c
+	$(CRULE_OPT)
+
 # Files which are specific to particular architectures/targets
 # but have common build rules. Place here instead of duplicating
 # in the per-platform Makefiles.

src/libafs/MakefileProto.LINUX.in

@@ -80,8 +80,22 @@ COMMON_DEFINES=-D__KERNEL__ -DKERNEL -D_KERNEL -DMODULE ${SMP_DEF}
 LINUX_KERNEL_PATH=@LINUX_KERNEL_PATH@
 LINUX_KERNEL_BUILD=@LINUX_KERNEL_BUILD@
 
-CFLAGS_md5.o = -I$(TOP_SRCDIR)/crypto/kernel \
-	       -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_fcrypt.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+CFLAGS_crypt_conn.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+CFLAGS_rxkad_client.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+CFLAGS_rxkad_common.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad
+
+CFLAGS_evp.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto \
+	       -DHAVE_CONFIG_H
+CFLAGS_evp-algs.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_evp-kernel.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_rand-kernel.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_aes.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_rijndael-alg-fst.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto \
+			    -DNO_CONFIG_H
+CFLAGS_sha.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_md5.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+CFLAGS_random.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
 
 # System specific build commands and flags
 <linux26 linux_26>

src/libuafs/Makefile.common.in

@@ -43,17 +43,17 @@ COMMON_INCLUDE = -I. -I.. -I../nfs \
         -I${TOP_SRCDIR}/rxkad \
         -I${TOP_SRCDIR}/util \
         -I${TOP_OBJDIR}/src \
+	-I${TOP_OBJDIR}/src/afs \
         -I${TOP_OBJDIR}/src/afs/UKERNEL \
-        -I${TOP_OBJDIR}/src/afs \
-        -I${TOP_OBJDIR}/src/util \
         -I${TOP_OBJDIR}/src/rxkad \
         -I${TOP_OBJDIR}/src/config \
         -I${TOP_OBJDIR}/src/fsint \
         -I${TOP_OBJDIR}/src/vlserver \
 	-I${TOP_OBJDIR}/src/libuafs \
 	-I${TOP_OBJDIR}/src/auth \
+	-I${TOP_INCDIR}/afs \
         -I${TOP_INCDIR} \
-        -I${TOP_INCDIR}/afs @INCLUDE_libintl@
+        @INCLUDE_libintl@
 
 # Build rules - CC and CFLAGS are defined in system specific MakefileProtos.