From 465321e3f43645efedb44168968f871fe5be4daa Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Sun, 12 Sep 2010 18:40:08 +0100 Subject: [PATCH] hcrypto: Add hcrypto EVP support to the Unix CM This commit adds the files which are necessary to support hcrypto's EVP interface to the Unix cache manager build. Only a small number of EVP ciphers and hashes are currently supported - * aes_128_cbc * aes_256_cbc * sha1 Note that the EVP interface is the only supported mechanism to use the AES cipher - directly calling the underlying crypto functions is not recommended and may break at any time. Change-Id: I662073e578b29db1707c6b6433209e75e4db455d Reviewed-on: http://gerrit.openafs.org/3945 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- Makefile.in | 8 +- src/crypto/hcrypto/kernel/alloc.c | 52 +++++++ src/crypto/hcrypto/kernel/assert.h | 1 + src/crypto/hcrypto/kernel/config.h | 38 +++++ src/crypto/hcrypto/kernel/evp-algs.c | 198 ++++++++++++++++++++++++ src/crypto/hcrypto/kernel/evp-hcrypto.h | 27 ++++ src/crypto/hcrypto/kernel/krb5-types.h | 0 src/crypto/hcrypto/kernel/rand.c | 18 +++ src/crypto/hcrypto/kernel/stdio.h | 1 + src/crypto/hcrypto/kernel/stdlib.h | 1 + src/crypto/hcrypto/kernel/string.h | 1 + src/libafs/Makefile.common.in | 42 ++++- src/libafs/MakefileProto.LINUX.in | 18 ++- src/libuafs/Makefile.common.in | 6 +- 14 files changed, 400 insertions(+), 11 deletions(-) create mode 100644 src/crypto/hcrypto/kernel/alloc.c create mode 100644 src/crypto/hcrypto/kernel/assert.h create mode 100644 src/crypto/hcrypto/kernel/evp-algs.c create mode 100644 src/crypto/hcrypto/kernel/evp-hcrypto.h create mode 100644 src/crypto/hcrypto/kernel/krb5-types.h create mode 100644 src/crypto/hcrypto/kernel/rand.c create mode 100644 src/crypto/hcrypto/kernel/stdio.h create mode 100644 src/crypto/hcrypto/kernel/stdlib.h create mode 100644 src/crypto/hcrypto/kernel/string.h diff --git a/Makefile.in b/Makefile.in index ef444ede4e..479fa4b22f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -479,8 +479,12 @@ ${DEST}/bin/dedebug: dedebug # # libafs build targets # -libafs: config export lwp_depinstall rx_depinstall vlserver_depinstall tvlserver_depinstall rxkad_depinstall fsint_depinstall \ - libacl_depinstall afs_depinstall dir_depinstall rxstat_depinstall sys_depinstall auth_depinstall rxosdsrc +libafs: config export hcrypto lwp_depinstall \ + rx_depinstall vlserver_depinstall tvlserver_depinstall \ + rxkad_depinstall fsint_depinstall \ + libacl_depinstall afs_depinstall dir_depinstall \ + rxstat_depinstall sys_depinstall auth_depinstall \ + rxosdsrc src/config/config src/libafs/MakefileProto.${MKAFS_OSTYPE} src/libafs/Makefile ${SYS_NAME} +${COMPILE_PART1} libafs ${COMPILE_PART2} diff --git a/src/crypto/hcrypto/kernel/alloc.c b/src/crypto/hcrypto/kernel/alloc.c new file mode 100644 index 0000000000..7ec6029037 --- /dev/null +++ b/src/crypto/hcrypto/kernel/alloc.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2010 Your File System Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +void * +_afscrypto_calloc(int num, size_t len) +{ + void *ptr; + + ptr = afs_osi_Alloc(num * len); + + return ptr; +} + +void * +_afscrypto_malloc(size_t len) +{ + void *ptr; + + ptr = afs_osi_Alloc(len); + + return ptr; +} + +void +_afscrypto_free(void *ptr) +{ + if (ptr != NULL) + afs_osi_Free(ptr, 0); +} diff --git a/src/crypto/hcrypto/kernel/assert.h b/src/crypto/hcrypto/kernel/assert.h new file mode 100644 index 0000000000..d1ab56ad58 --- /dev/null +++ b/src/crypto/hcrypto/kernel/assert.h @@ -0,0 +1 @@ +/* This file intentionally left blank */ diff --git a/src/crypto/hcrypto/kernel/config.h b/src/crypto/hcrypto/kernel/config.h index 9d60b48058..0d7adb1f95 100644 --- a/src/crypto/hcrypto/kernel/config.h +++ b/src/crypto/hcrypto/kernel/config.h @@ -1,4 +1,42 @@ +/* + * Copyright (c) 2010 Your File System Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + #include #include "afs/param.h" + +#include "afs/stds.h" #include "afs/sysincludes.h" #include "afsincludes.h" + +#define assert osi_Assert + +/* We need wrappers for the various memory management functions */ +#define calloc _afscrypto_calloc +void * _afscrypto_calloc(int, size_t); + +#define malloc _afscrypto_malloc +void * _afscrypto_malloc(size_t); + +#define free _afscrypto_free +void _afscrypto_free(void *); diff --git a/src/crypto/hcrypto/kernel/evp-algs.c b/src/crypto/hcrypto/kernel/evp-algs.c new file mode 100644 index 0000000000..290d743a64 --- /dev/null +++ b/src/crypto/hcrypto/kernel/evp-algs.c @@ -0,0 +1,198 @@ +/* A cut down set of hcrypto EVP ciphers for kernel use */ + +#include +#include +#include +#include +#include + +static int +aes_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); + else + AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +aes_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->flags & EVP_CIPH_CFB8_MODE) + AES_cfb8_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + else + AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +const EVP_CIPHER * +EVP_hckernel_aes_128_cbc(void) +{ + static const EVP_CIPHER aes_128_cbc = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + NULL, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + + return &aes_128_cbc; +} + +const EVP_CIPHER * +EVP_hckernel_aes_256_cbc(void) +{ + static const EVP_CIPHER aes_256_cbc = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + NULL, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_256_cbc; +} + +const EVP_MD * +EVP_hckernel_sha1(void) +{ + static const struct hc_evp_md sha1 = { + 20, + 64, + sizeof(SHA_CTX), + (hc_evp_md_init)SHA1_Init, + (hc_evp_md_update)SHA1_Update, + (hc_evp_md_final)SHA1_Final, + NULL + }; + return &sha1; +} + +const EVP_MD * +EVP_hckernel_sha256(void) { + return NULL; +} + +const EVP_MD * +EVP_hckernel_sha384(void) { + return NULL; +} + +const EVP_MD * +EVP_hckernel_sha512(void) { + return NULL; +} + +const EVP_MD * +EVP_hckernel_md5(void) { + return NULL; +} + +const EVP_MD * +EVP_hckernel_md4(void) { + return NULL; +} + +const EVP_MD * +EVP_hckernel_md2(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_rc2_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_rc2_40_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_rc2_64_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_rc4(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_rc4_40(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_des_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_des_ede3_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_aes_192_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_aes_128_cfb8(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_aes_192_cfb8(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_aes_256_cfb8(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_camellia_128_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_camellia_192_cbc(void) { + return NULL; +} + +const EVP_CIPHER * +EVP_hckernel_camellia_256_cbc(void) { + return NULL; +} + +void +hcrypto_validate(void) { + return; +} diff --git a/src/crypto/hcrypto/kernel/evp-hcrypto.h b/src/crypto/hcrypto/kernel/evp-hcrypto.h new file mode 100644 index 0000000000..bdbe26d8fe --- /dev/null +++ b/src/crypto/hcrypto/kernel/evp-hcrypto.h @@ -0,0 +1,27 @@ +#define HCRYPTO_DEF_PROVIDER hckernel + +const EVP_CIPHER *EVP_hckernel_aes_128_cbc(void); +const EVP_CIPHER *EVP_hckernel_aes_256_cbc(void); +const EVP_MD *EVP_hckernel_sha1(void); + +/* Stubs */ +const EVP_MD *EVP_hckernel_sha256(void); +const EVP_MD *EVP_hckernel_sha384(void); +const EVP_MD *EVP_hckernel_sha512(void); +const EVP_MD *EVP_hckernel_md5(void); +const EVP_MD *EVP_hckernel_md4(void); +const EVP_MD *EVP_hckernel_md2(void); +const EVP_CIPHER *EVP_hckernel_rc2_cbc(void); +const EVP_CIPHER *EVP_hckernel_rc2_40_cbc(void); +const EVP_CIPHER *EVP_hckernel_rc2_64_cbc(void); +const EVP_CIPHER *EVP_hckernel_rc4(void); +const EVP_CIPHER *EVP_hckernel_rc4_40(void); +const EVP_CIPHER *EVP_hckernel_des_cbc(void); +const EVP_CIPHER *EVP_hckernel_des_ede3_cbc(void); +const EVP_CIPHER *EVP_hckernel_aes_192_cbc(void); +const EVP_CIPHER *EVP_hckernel_aes_128_cfb8(void); +const EVP_CIPHER *EVP_hckernel_aes_192_cfb8(void); +const EVP_CIPHER *EVP_hckernel_aes_256_cfb8(void); +const EVP_CIPHER *EVP_hckernel_camellia_128_cbc(void); +const EVP_CIPHER *EVP_hckernel_camellia_192_cbc(void); +const EVP_CIPHER *EVP_hckernel_camellia_256_cbc(void); diff --git a/src/crypto/hcrypto/kernel/krb5-types.h b/src/crypto/hcrypto/kernel/krb5-types.h new file mode 100644 index 0000000000..e69de29bb2 diff --git a/src/crypto/hcrypto/kernel/rand.c b/src/crypto/hcrypto/kernel/rand.c new file mode 100644 index 0000000000..b0254f334f --- /dev/null +++ b/src/crypto/hcrypto/kernel/rand.c @@ -0,0 +1,18 @@ +/* A trivial implementation of hcrypto's RAND interface for + * kernel use */ + +#include +#include +#include +#include +#include + +int +RAND_bytes(void *outdata, size_t size) +{ + if (size == 0) + return 0; + if (osi_readRandom(outdata, size)) + return 0; + return 1; +} diff --git a/src/crypto/hcrypto/kernel/stdio.h b/src/crypto/hcrypto/kernel/stdio.h new file mode 100644 index 0000000000..d1ab56ad58 --- /dev/null +++ b/src/crypto/hcrypto/kernel/stdio.h @@ -0,0 +1 @@ +/* This file intentionally left blank */ diff --git a/src/crypto/hcrypto/kernel/stdlib.h b/src/crypto/hcrypto/kernel/stdlib.h new file mode 100644 index 0000000000..d1ab56ad58 --- /dev/null +++ b/src/crypto/hcrypto/kernel/stdlib.h @@ -0,0 +1 @@ +/* This file intentionally left blank */ diff --git a/src/crypto/hcrypto/kernel/string.h b/src/crypto/hcrypto/kernel/string.h new file mode 100644 index 0000000000..d1ab56ad58 --- /dev/null +++ b/src/crypto/hcrypto/kernel/string.h @@ -0,0 +1 @@ +/* This file intentionally left blank */ diff --git a/src/libafs/Makefile.common.in b/src/libafs/Makefile.common.in index 55419f566d..019a16db6e 100644 --- a/src/libafs/Makefile.common.in +++ b/src/libafs/Makefile.common.in @@ -29,14 +29,10 @@ COMMON_INCLUDE = -I. -I.. -I../nfs \ -I${TOP_SRCDIR}/afs/${MKAFS_OSTYPE} \ -I${TOP_SRCDIR}/config \ -I${TOP_SRCDIR}/rx/${MKAFS_OSTYPE} \ - -I${TOP_SRCDIR}/rxkad \ - -I${TOP_SRCDIR}/util \ -I${TOP_SRCDIR}/external/heimdal \ -I${TOP_OBJDIR}/src \ -I${TOP_OBJDIR}/src/afs \ -I${TOP_OBJDIR}/src/afs/${MKAFS_OSTYPE} \ - -I${TOP_OBJDIR}/src/util \ - -I${TOP_OBJDIR}/src/rxkad \ -I${TOP_OBJDIR}/src/config \ -I${TOP_OBJDIR}/src/fsint \ -I${TOP_OBJDIR}/src/vlserver \ @@ -172,6 +168,13 @@ AFSAOBJS = \ xdr.o \ Ktoken.xdr.o \ md5.o \ + evp.o \ + evp-algs.o \ + rand-kernel.o \ + alloc-kernel.o \ + aes.o \ + rijndael-alg-fst.o \ + sha.o \ afs_uuid.o $(AFS_OS_OBJS) # These next two allow nfs and nonfs builds to occur in the same directory. @@ -388,6 +391,12 @@ rxkad_client.o: $(TOP_SRC_RXKAD)/rxkad_client.c $(CRULE_NOOPT) rxkad_common.o: $(TOP_SRC_RXKAD)/rxkad_common.c $(CRULE_NOOPT) + +CFLAGS-fcrypt.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad +CFLAGS-crypt_conn.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad +CFLAGS-rxkad_client.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad +CFLAGS-rxkad_common.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad + afs_exporter.o: $(TOP_SRC_AFS)/afs_exporter.c $(CRULE_NOOPT) afs_nfsclnt.o: $(TOP_SRC_AFS)/afs_nfsclnt.c @@ -490,6 +499,31 @@ rx_pag_knet.o: $(TOP_SRC_RX)/${MKAFS_OSTYPE}/rx_knet.c md5.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/md5.c $(CRULE_OPT) +evp.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/evp.c + $(CRULE_OPT) +CFLAGS-evp.o= -I$(TOP_INCDIR)/hcrypto \ + -DHAVE_CONFIG_H + +evp-algs.o: $(TOP_SRCDIR)/crypto/hcrypto/kernel/evp-algs.c + $(CRULE_OPT) +CFLAGS-evp-algs.o = -I$(TOP_INCDIR)/hcrypto + +rand-kernel.o: $(TOP_SRCDIR)/crypto/hcrypto/kernel/rand.c + $(CRULE_OPT) +CFLAGS-rand-kernel.o = -I$(TOP_INCDIR)/hcrypto + +alloc-kernel.o: $(TOP_SRCDIR)/crypto/hcrypto/kernel/alloc.c + $(CRULE_OPT) + +aes.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/aes.c + $(CRULE_OPT) + +rijndael-alg-fst.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/rijndael-alg-fst.c + $(CRULE_OPT) + +sha.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/sha.c + $(CRULE_OPT) + # Files which are specific to particular architectures/targets # but have common build rules. Place here instead of duplicating # in the per-platform Makefiles. diff --git a/src/libafs/MakefileProto.LINUX.in b/src/libafs/MakefileProto.LINUX.in index e4f0d6708e..048cc791a7 100644 --- a/src/libafs/MakefileProto.LINUX.in +++ b/src/libafs/MakefileProto.LINUX.in @@ -80,8 +80,22 @@ COMMON_DEFINES=-D__KERNEL__ -DKERNEL -D_KERNEL -DMODULE ${SMP_DEF} LINUX_KERNEL_PATH=@LINUX_KERNEL_PATH@ LINUX_KERNEL_BUILD=@LINUX_KERNEL_BUILD@ -CFLAGS_md5.o = -I$(TOP_SRCDIR)/crypto/kernel \ - -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_fcrypt.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad +CFLAGS_crypt_conn.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad +CFLAGS_rxkad_client.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad +CFLAGS_rxkad_common.o = -I${TOP_SRCDIR}/rxkad -I$(TOP_OBJDIR)/src/rxkad + +CFLAGS_evp.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto \ + -DHAVE_CONFIG_H +CFLAGS_evp-algs.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_evp-kernel.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_rand-kernel.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_aes.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_rijndael-alg-fst.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto \ + -DNO_CONFIG_H +CFLAGS_sha.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_md5.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +CFLAGS_random.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto # System specific build commands and flags diff --git a/src/libuafs/Makefile.common.in b/src/libuafs/Makefile.common.in index be816649e4..0ee875fadf 100644 --- a/src/libuafs/Makefile.common.in +++ b/src/libuafs/Makefile.common.in @@ -43,17 +43,17 @@ COMMON_INCLUDE = -I. -I.. -I../nfs \ -I${TOP_SRCDIR}/rxkad \ -I${TOP_SRCDIR}/util \ -I${TOP_OBJDIR}/src \ + -I${TOP_OBJDIR}/src/afs \ -I${TOP_OBJDIR}/src/afs/UKERNEL \ - -I${TOP_OBJDIR}/src/afs \ - -I${TOP_OBJDIR}/src/util \ -I${TOP_OBJDIR}/src/rxkad \ -I${TOP_OBJDIR}/src/config \ -I${TOP_OBJDIR}/src/fsint \ -I${TOP_OBJDIR}/src/vlserver \ -I${TOP_OBJDIR}/src/libuafs \ -I${TOP_OBJDIR}/src/auth \ + -I${TOP_INCDIR}/afs \ -I${TOP_INCDIR} \ - -I${TOP_INCDIR}/afs @INCLUDE_libintl@ + @INCLUDE_libintl@ # Build rules - CC and CFLAGS are defined in system specific MakefileProtos.