2002-10-16 14:31:34 +00:00
|
|
|
# $FreeBSD$
|
|
|
|
|
2018-08-17 00:30:04 +00:00
|
|
|
LIBSODIUM=${SRCTOP}/sys/contrib/libsodium/src/libsodium
|
|
|
|
|
2017-03-04 10:10:17 +00:00
|
|
|
.PATH: ${SRCTOP}/sys/opencrypto
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/camellia
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/des
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/rijndael
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/sha2
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/siphash
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/skein
|
Import Blake2 algorithms (blake2b, blake2s) from libb2
The upstream repository is on github BLAKE2/libb2. Files landed in
sys/contrib/libb2 are the unmodified upstream files, except for one
difference: secure_zero_memory's contents have been replaced with
explicit_bzero() only because the previous implementation broke powerpc
link. Preferential use of explicit_bzero() is in progress upstream, so
it is anticipated we will be able to drop this diff in the future.
sys/crypto/blake2 contains the source files needed to port libb2 to our
build system, a wrapped (limited) variant of the algorithm to match the API
of our auth_transform softcrypto abstraction, incorporation into the Open
Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX
accelerated OCF driver, blake2(4).
Optimized variants of blake2 are compiled for a number of x86 machines
(anything from SSE2 to AVX + XOP). On those machines, FPU context will need
to be explicitly saved before using blake2(4)-provided algorithms directly.
Use via cryptodev / OCF saves FPU state automatically, and use via the
auth_transform softcrypto abstraction does not use FPU.
The intent of the OCF driver is mostly to enable testing in userspace via
/dev/crypto. ATF tests are added with published KAT test vectors to
validate correctness.
Reviewed by: jhb, markj
Obtained from: github BLAKE2/libb2
Differential Revision: https://reviews.freebsd.org/D14662
2018-03-21 16:18:14 +00:00
|
|
|
.PATH: ${SRCTOP}/sys/crypto/blake2
|
2018-03-29 04:02:50 +00:00
|
|
|
.PATH: ${SRCTOP}/sys/crypto/chacha20
|
Import Blake2 algorithms (blake2b, blake2s) from libb2
The upstream repository is on github BLAKE2/libb2. Files landed in
sys/contrib/libb2 are the unmodified upstream files, except for one
difference: secure_zero_memory's contents have been replaced with
explicit_bzero() only because the previous implementation broke powerpc
link. Preferential use of explicit_bzero() is in progress upstream, so
it is anticipated we will be able to drop this diff in the future.
sys/crypto/blake2 contains the source files needed to port libb2 to our
build system, a wrapped (limited) variant of the algorithm to match the API
of our auth_transform softcrypto abstraction, incorporation into the Open
Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX
accelerated OCF driver, blake2(4).
Optimized variants of blake2 are compiled for a number of x86 machines
(anything from SSE2 to AVX + XOP). On those machines, FPU context will need
to be explicitly saved before using blake2(4)-provided algorithms directly.
Use via cryptodev / OCF saves FPU state automatically, and use via the
auth_transform softcrypto abstraction does not use FPU.
The intent of the OCF driver is mostly to enable testing in userspace via
/dev/crypto. ATF tests are added with published KAT test vectors to
validate correctness.
Reviewed by: jhb, markj
Obtained from: github BLAKE2/libb2
Differential Revision: https://reviews.freebsd.org/D14662
2018-03-21 16:18:14 +00:00
|
|
|
.PATH: ${SRCTOP}/sys/contrib/libb2
|
2018-08-17 00:30:04 +00:00
|
|
|
.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305
|
|
|
|
.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305/donna
|
|
|
|
.PATH: ${LIBSODIUM}/crypto_verify/sodium
|
|
|
|
.PATH: ${SRCTOP}/sys/crypto/libsodium
|
2002-10-16 14:31:34 +00:00
|
|
|
|
|
|
|
KMOD = crypto
|
2007-03-21 14:39:39 +00:00
|
|
|
SRCS = crypto.c cryptodev_if.c
|
2003-12-15 21:49:41 +00:00
|
|
|
SRCS += criov.c cryptosoft.c xform.c
|
2020-05-11 20:52:18 +00:00
|
|
|
SRCS += cryptodeflate.c rmd160.c rijndael-alg-fst.c rijndael-api.c rijndael-api-fst.c
|
2014-03-06 00:37:16 +00:00
|
|
|
SRCS += camellia.c camellia-api.c
|
2002-10-16 14:31:34 +00:00
|
|
|
SRCS += des_ecb.c des_enc.c des_setkey.c
|
2015-12-27 17:33:59 +00:00
|
|
|
SRCS += sha1.c sha256c.c sha512c.c
|
2016-05-29 01:15:36 +00:00
|
|
|
SRCS += skein.c skein_block.c
|
2017-07-01 21:18:06 +00:00
|
|
|
# unroll the 256 and 512 loops, half unroll the 1024
|
2020-06-05 17:00:38 +00:00
|
|
|
CFLAGS.skein_block.c += -DSKEIN_LOOP=995
|
Rename skein_block_asm.s to .S and assemble using Clang IAS
Comparing the object files produced by GNU as 2.17.50 and Clang IAS
shows many immaterial changes in strtab etc., and one material change
in .text:
1bac: 4c 8b 4f 18 mov 0x18(%rdi),%r9
1bb0: eb 0e jmp 1bc0 <Skein1024_block_loop>
- 1bb2: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
- 1bb9: 00 00 00 00
- 1bbd: 0f 1f 00 nopl (%rax)
+ 1bb2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
+ 1bb9: 00 00 00
+ 1bbc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000001bc0 <Skein1024_block_loop>:
Skein1024_block_loop():
1bc0: 4c 8b 47 10 mov 0x10(%rdi),%r8
1bc4: 4c 03 85 c0 00 00 00 add 0xc0(%rbp),%r8
That is, GNU as and Clang's integrated assembler use different multi-
byte NOPs for alignment (GNU as emits an 11 byte NOP + a 3 byte NOP,
while Clang IAS emits a 10 byte NOP + a 4 byte NOP).
Dependency cleanup hacks are not required, because we do not create
.depend files from GNU as.
Reviewed by: allanjude, arichardson, cem, tsoome
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8434
2020-06-06 00:35:41 +00:00
|
|
|
.if exists(${MACHINE_ARCH}/skein_block_asm.S)
|
2017-03-04 10:10:17 +00:00
|
|
|
.PATH: ${SRCTOP}/sys/crypto/skein/${MACHINE_ARCH}
|
Rename skein_block_asm.s to .S and assemble using Clang IAS
Comparing the object files produced by GNU as 2.17.50 and Clang IAS
shows many immaterial changes in strtab etc., and one material change
in .text:
1bac: 4c 8b 4f 18 mov 0x18(%rdi),%r9
1bb0: eb 0e jmp 1bc0 <Skein1024_block_loop>
- 1bb2: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
- 1bb9: 00 00 00 00
- 1bbd: 0f 1f 00 nopl (%rax)
+ 1bb2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
+ 1bb9: 00 00 00
+ 1bbc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000001bc0 <Skein1024_block_loop>:
Skein1024_block_loop():
1bc0: 4c 8b 47 10 mov 0x10(%rdi),%r8
1bc4: 4c 03 85 c0 00 00 00 add 0xc0(%rbp),%r8
That is, GNU as and Clang's integrated assembler use different multi-
byte NOPs for alignment (GNU as emits an 11 byte NOP + a 3 byte NOP,
while Clang IAS emits a 10 byte NOP + a 4 byte NOP).
Dependency cleanup hacks are not required, because we do not create
.depend files from GNU as.
Reviewed by: allanjude, arichardson, cem, tsoome
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8434
2020-06-06 00:35:41 +00:00
|
|
|
SRCS += skein_block_asm.S
|
2016-05-29 01:15:36 +00:00
|
|
|
CFLAGS += -DSKEIN_ASM -DSKEIN_USE_ASM=1792 # list of block functions to replace with assembly: 256+512+1024 = 1792
|
|
|
|
ACFLAGS += -DELF -Wa,--noexecstack
|
2017-07-01 21:18:06 +00:00
|
|
|
# Fully unroll all loops in the assembly optimized version
|
Rename skein_block_asm.s to .S and assemble using Clang IAS
Comparing the object files produced by GNU as 2.17.50 and Clang IAS
shows many immaterial changes in strtab etc., and one material change
in .text:
1bac: 4c 8b 4f 18 mov 0x18(%rdi),%r9
1bb0: eb 0e jmp 1bc0 <Skein1024_block_loop>
- 1bb2: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
- 1bb9: 00 00 00 00
- 1bbd: 0f 1f 00 nopl (%rax)
+ 1bb2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
+ 1bb9: 00 00 00
+ 1bbc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000001bc0 <Skein1024_block_loop>:
Skein1024_block_loop():
1bc0: 4c 8b 47 10 mov 0x10(%rdi),%r8
1bc4: 4c 03 85 c0 00 00 00 add 0xc0(%rbp),%r8
That is, GNU as and Clang's integrated assembler use different multi-
byte NOPs for alignment (GNU as emits an 11 byte NOP + a 3 byte NOP,
while Clang IAS emits a 10 byte NOP + a 4 byte NOP).
Dependency cleanup hacks are not required, because we do not create
.depend files from GNU as.
Reviewed by: allanjude, arichardson, cem, tsoome
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8434
2020-06-06 00:35:41 +00:00
|
|
|
ACFLAGS += -DSKEIN_LOOP=0
|
2016-05-29 01:15:36 +00:00
|
|
|
.endif
|
2014-03-06 00:37:16 +00:00
|
|
|
SRCS += siphash.c
|
2014-12-12 19:56:36 +00:00
|
|
|
SRCS += gmac.c gfmult.c
|
Import Blake2 algorithms (blake2b, blake2s) from libb2
The upstream repository is on github BLAKE2/libb2. Files landed in
sys/contrib/libb2 are the unmodified upstream files, except for one
difference: secure_zero_memory's contents have been replaced with
explicit_bzero() only because the previous implementation broke powerpc
link. Preferential use of explicit_bzero() is in progress upstream, so
it is anticipated we will be able to drop this diff in the future.
sys/crypto/blake2 contains the source files needed to port libb2 to our
build system, a wrapped (limited) variant of the algorithm to match the API
of our auth_transform softcrypto abstraction, incorporation into the Open
Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX
accelerated OCF driver, blake2(4).
Optimized variants of blake2 are compiled for a number of x86 machines
(anything from SSE2 to AVX + XOP). On those machines, FPU context will need
to be explicitly saved before using blake2(4)-provided algorithms directly.
Use via cryptodev / OCF saves FPU state automatically, and use via the
auth_transform softcrypto abstraction does not use FPU.
The intent of the OCF driver is mostly to enable testing in userspace via
/dev/crypto. ATF tests are added with published KAT test vectors to
validate correctness.
Reviewed by: jhb, markj
Obtained from: github BLAKE2/libb2
Differential Revision: https://reviews.freebsd.org/D14662
2018-03-21 16:18:14 +00:00
|
|
|
SRCS += blake2b-ref.c
|
|
|
|
SRCS += blake2s-ref.c
|
|
|
|
SRCS += blake2-sw.c
|
|
|
|
CFLAGS.blake2b-ref.c += -I${SRCTOP}/sys/crypto/blake2 -DSUFFIX=_ref
|
|
|
|
CFLAGS.blake2s-ref.c += -I${SRCTOP}/sys/crypto/blake2 -DSUFFIX=_ref
|
|
|
|
CFLAGS.blake2-sw.c += -I${SRCTOP}/sys/crypto/blake2
|
2018-05-19 00:04:01 +00:00
|
|
|
CWARNFLAGS.blake2b-ref.c += -Wno-cast-qual -Wno-unused-function
|
|
|
|
CWARNFLAGS.blake2s-ref.c += -Wno-cast-qual -Wno-unused-function
|
2018-03-29 04:02:50 +00:00
|
|
|
SRCS += chacha.c
|
|
|
|
SRCS += chacha-sw.c
|
2018-08-17 00:30:04 +00:00
|
|
|
|
|
|
|
LIBSODIUM_INC=${LIBSODIUM}/include
|
|
|
|
LIBSODIUM_COMPAT=${SRCTOP}/sys/crypto/libsodium
|
|
|
|
SRCS += xform_poly1305.c
|
|
|
|
CFLAGS.xform_poly1305.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
|
|
|
|
SRCS += onetimeauth_poly1305.c
|
|
|
|
CFLAGS.onetimeauth_poly1305.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
|
|
|
|
SRCS += poly1305_donna.c
|
|
|
|
CFLAGS.poly1305_donna.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
|
|
|
|
SRCS += verify.c
|
|
|
|
CFLAGS.verify.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
|
|
|
|
SRCS += randombytes.c
|
|
|
|
CFLAGS.randombytes.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
|
|
|
|
SRCS += utils.c
|
|
|
|
CFLAGS.utils.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
|
|
|
|
|
2007-03-21 14:39:39 +00:00
|
|
|
SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h
|
2020-06-03 23:21:44 +00:00
|
|
|
SRCS += opt_compat.h
|
2013-11-25 07:38:45 +00:00
|
|
|
SRCS += opt_ddb.h
|
2019-02-15 03:46:39 +00:00
|
|
|
SRCS += cbc_mac.c
|
|
|
|
SRCS += xform_cbc_mac.c
|
2014-03-06 00:37:16 +00:00
|
|
|
|
2002-10-16 14:31:34 +00:00
|
|
|
.include <bsd.kmod.mk>
|