Commit Graph

154 Commits

Author SHA1 Message Date
Konstantin Belousov
93ed70f9b4 Fix a bug in the result of manual assembly.
Reported by:	Stefan Grundmann <sg2342 googlemail com>
PR:	kern/155118
MFC after:	3 days
2011-03-02 14:56:58 +00:00
Rebecca Cran
3283511248 Make private functions static.
PR:		kern/43611
Submitted by:	Matt Emmerton <matt at gsicomp.on.ca>
Reviewed by:	kib
MFC after:	3 days
2011-02-21 16:21:43 +00:00
Konstantin Belousov
17ca6d98e1 Remove DEBUG sections.
MFC after:	3 days
2010-11-27 15:41:44 +00:00
Konstantin Belousov
3e07b6217f MFaesni r215427:
Only save FPU context when not executing in the context of the crypto
thread.

Tested by:	Mike Tancsa
MFC after:	1 week
2010-11-26 14:35:20 +00:00
Konstantin Belousov
1563ee36b9 Only save FPU context when not executing in the context of the crypto
thread.

Tested by:	Mike Tancsa
2010-11-17 16:17:15 +00:00
Dimitry Andric
235610273e Change two missed instances of 'retq' in aeskeys_i386.S to 'retl', which
makes it possible to assemble this file with gas from newer binutils.

Reviewed by:	kib
2010-10-13 17:55:53 +00:00
Pawel Jakub Dawidek
c979bd5e06 Fix two copy&paste bugs.
MFC after:	2 weeks
2010-09-25 10:32:52 +00:00
Pawel Jakub Dawidek
ac970319ff Add support for CRYPTO_AES_XTS.
MFC after:	1 week
2010-09-23 11:57:25 +00:00
Pawel Jakub Dawidek
30bd3bb07b Add support for CRD_F_KEY_EXPLICIT flag.
MFC after:	1 week
2010-09-23 11:46:53 +00:00
Pawel Jakub Dawidek
745eb0ccb6 Simplify code a bit.
MFC after:	1 week
2010-09-23 11:26:38 +00:00
Konstantin Belousov
5f270659fd Crypto(4) driver for AESNI.
The aeskeys_{amd64,i386}.S content was mostly obtained from OpenBSD,
no objections to the license from core.

Hardware provided by:	Sentex Communications
Tested by:	fabient, pho (previous versions)
MFC after:	1 month
2010-07-23 11:00:46 +00:00
Konstantin Belousov
04c49e68de Use the fpu_kern_enter() interface to properly separate usermode FPU
context from in-kernel execution of padlock instructions and to handle
spurious FPUDNA exceptions that sometime are raised when doing padlock
calculations.

Globally mark crypto(9) kthread as using FPU.

Reviewed by:	pjd
Hardware provided by:	Sentex Communications
Tested by:	  pho
PR:    amd64/135014
MFC after:    1 month
2010-06-05 16:00:53 +00:00
VANHULLEBUS Yvan
081b9301bf Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(),
as we already hold the non sleepable crypto_driver_mutex.

Approved by:	gnn(mentor)
Obtained from:	NETASQ
MFC after:	2 weeks
2009-05-27 09:52:12 +00:00
Warner Losh
a4958494e8 identify routine takes driver_t *, not device_t *. 2009-02-05 19:30:28 +00:00
Jung-uk Kim
9045c73682 Connect padlock(4) to amd64 build for VIA Nano processors. 2009-01-12 19:23:46 +00:00
Alexander Motin
f2831a952d Avoid 256 integer divisions per rc4_init() call. Replace it with using
separate index variable.

It gives more then double rc4_init() performance increase on tested i386 P4.
It also gives about 15% speedup to PPTP VPN with stateless MPPE encryption
(by ng_mppc) which calls rc4_init() for every packet.
2008-12-16 13:58:37 +00:00
Philip Paeps
2bc989be4f Fix a potential NULL-pointer dereference in padlock(4).
Spotted by:	Coverity (via pjd)
MFC after:	1 week
2008-11-17 19:00:36 +00:00
Pawel Jakub Dawidek
b5207ec64a Simplify session selection/allocation. 2008-08-09 20:01:01 +00:00
Pawel Jakub Dawidek
ec7993f8b0 - Fix freeing session on newsession failure.
- Update copyright years.
2008-08-09 19:48:59 +00:00
Pawel Jakub Dawidek
f422e90330 Implify sessions freeing loop. 2008-08-09 19:47:19 +00:00
Pawel Jakub Dawidek
a05071e803 We don't have to drop a lock around malloc(M_NOWAIT). 2008-08-09 19:45:43 +00:00
Pawel Jakub Dawidek
eadca5921d When freeing session, restore its ID after zeroing memory.
Bug tracked down by:	Patrick Lamaiziere <patfbsd@davenulle.org>
2008-08-09 19:43:44 +00:00
Pawel Jakub Dawidek
7d8b54b5b5 Sessions in-use are at the end of the queue, so use TAILQ_FOREACH_REVERSE()
when looking for them.

Idea from:	Patrick Lamaiziere <patfbsd@davenulle.org>
2008-08-09 19:42:37 +00:00
Pawel Jakub Dawidek
48aadb632b Convert lock that protects sessions list from a mutex to a rwlock.
Now we can use read lock in fast path (padlock_process()).
2008-07-20 07:34:00 +00:00
Maxim Sobolev
dd8c2454a8 Make test00 compilable again. 2008-01-15 18:34:47 +00:00
George V. Neville-Neil
b2630c2934 Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC
option is now deprecated, as well as the KAME IPsec code.
What was FAST_IPSEC is now IPSEC.

Approved by: re
Sponsored by: Secure Computing
2007-07-03 12:13:45 +00:00
George V. Neville-Neil
559d3390d0 Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
2007-05-09 19:37:02 +00:00
Sam Leffler
6810ad6f2a Overhaul driver/subsystem api's:
o make all crypto drivers have a device_t; pseudo drivers like the s/w
  crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
  cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
  for specifying which of several potential devices to use when doing
  crypto operations
o add new ioctls that allow user apps to select a specific crypto device
  to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
  implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
  795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
  to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
  to specify a device to use for tests

These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.

These changes were instigated by the work of Michael Richardson.

Reviewed by:	pjd
Approved by:	re
2007-03-21 03:42:51 +00:00
Kevin Lo
4b29020487 Initialize T1 to silent gcc warning.
Approved by: cognet
2006-10-22 02:19:33 +00:00
Pawel Jakub Dawidek
ef7c47775f Less magic.
MFC after:	3 days
2006-09-15 10:44:55 +00:00
Alexander Kabaev
bcbd3d69bf GCC 3.4.6 gets confused on this file and produces bogus warning.
Shut it up.
2006-08-26 21:48:00 +00:00
Pawel Jakub Dawidek
6ea1a6d1ea Remove trailing spaces. 2006-07-28 14:48:30 +00:00
Pawel Jakub Dawidek
d5db4f4fe6 Use existing roundup2() macro.
Suggested by:	njl
2006-07-28 14:46:19 +00:00
Pawel Jakub Dawidek
23acde08e9 Remove redundant check committed by accident. 2006-07-25 20:00:55 +00:00
Pawel Jakub Dawidek
b623eec509 Avoid memory allocations when the given address is already 16 bytes aligned.
Such an address can be used directly in padlock's AES.
This improves speed of geli(8) significantly:

	# sysctl kern.geom.zero.clear=0
	# geli onetime -s 4096 gzero
	# dd if=/dev/gzero.eli of=/dev/null bs=1m count=1000

Before:	113MB/s
After:	203MB/s

BTW. If sector size is set to 128kB, I can read at 276MB/s :)
2006-07-25 19:32:58 +00:00
Pawel Jakub Dawidek
78c344f3da Modify PADLOCK_ALIGN() macro, so when the given address is already 16 bytes
aligned, it will be used directly, not 'address + 16'.
2006-07-25 19:06:54 +00:00
Pawel Jakub Dawidek
1fa760f7a0 Style fixes. 2006-07-25 19:04:26 +00:00
Pawel Jakub Dawidek
5333bd4763 Implement support for HMAC/SHA1 and HMAC/SHA256 acceleration found in
new VIA CPUs.
For older CPUs HMAC/SHA1 and HMAC/SHA256 (and others) will still be done
in software.

Move symmetric cryptography (currently only AES-CBC 128/192/256) to
padlock_cipher.c file. Move HMAC cryptography to padlock_hash.c file.

Hardware from:	Centaur Technologies
2006-07-22 16:18:47 +00:00
Pawel Jakub Dawidek
9f5dc73906 Correct few bzero()s.
MFC after:	3 days
2006-07-22 13:14:11 +00:00
Pawel Jakub Dawidek
5362e27b6d Set ses_ictx and ses_octx to NULL after freeing them, so we won't free
them twice.
This is possible for example in situation when session is used in
authentication context, then freed and then used in encryption context
and freed - in encryption context ses_ictx and ses_octx are not touched
at newsession time, but padlock_freesession could still try to free them
when they are not NULL.
2006-07-22 10:04:47 +00:00
Michael Reifenberger
4fd58e10b2 Use the already stored VIA RNG probe information
instead of probing again.
Adjust style(9) somewhat in probe.c

Reviewed by:	pjd
MFC after:	1 week
2006-07-13 09:15:14 +00:00
Pawel Jakub Dawidek
bb34821048 Fix gratuitous compiler warning.
Reported by:	Rong-en Fan <grafan@gmail.com>
2006-06-08 17:40:02 +00:00
Pawel Jakub Dawidek
64e18040cc - Pretend to accelerate various HMAC algorithms, so padlock(4) can be used
with fast_ipsec(4) and geli(8) authentication (comming soon).
  If consumer requests only for HMAC algorithm (without encryption), return
  EINVAL.
- Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and
  authentication.
2006-06-05 16:22:04 +00:00
Pawel Jakub Dawidek
eb340a613c padlock(4) doesn't support explicitly provided keys yet.
Return an error instead of encrypting/decrypting data with a wrong key.
2006-04-20 06:31:44 +00:00
Pawel Jakub Dawidek
f3b67db31a On padlock initialization, allocate memory with M_WAITOK. 2006-04-12 12:13:34 +00:00
Pawel Jakub Dawidek
ef0a6e203b Add VIA/ACE "PadLock" support as a crypto(9) driver.
HW donated by:			Mike Tancsa <mike@sentex.net>
Most of the code obtained from:	OpenBSD
MFC after:			3 days
2005-08-18 00:30:22 +00:00
Pawel Jakub Dawidek
12e755355b Assert proper key size also in userland by defining KASSERT in !_KERNEL case. 2005-08-17 07:59:07 +00:00
Colin Percival
751a4770f7 Unbreak the world build (in sbin/gbde). This file is used by both
kernel and world, so KASSERT() needs to be wrapped within an #ifdef
_KERNEL / #endif pair.

Reported by:	krion, tinderbox
2005-08-17 00:24:20 +00:00
Pawel Jakub Dawidek
36c51ae068 Check key size for rijndael, as invalid key size can lead to kernel panic.
It checked other algorithms against this bug and it seems they aren't
affected.

Reported by:	Mike Tancsa <mike@sentex.net>
PR:		i386/84860
Reviewed by:	phk, cperciva(x2)
2005-08-16 18:59:00 +00:00
Hajimu UMEMOTO
ff079c93f7 gbde(8) is also rejndael user.
Reported by:	phk
2005-03-11 22:07:04 +00:00
Hajimu UMEMOTO
df3c03a773 just use crypto/rijndael, and nuke opencrypto/rindael.[ch].
the two became almost identical since latest KAME merge.

Discussed with:	sam
2005-03-11 17:24:46 +00:00
Hajimu UMEMOTO
2dc7d840b7 integrate rijndael-alg-fst.h into rijndael.h. 2005-03-11 16:26:10 +00:00
Hajimu UMEMOTO
68527b3aad stop including rijndael-api-fst.h from rijndael.h.
this is required to integrate opencrypto into crypto.
2005-03-11 15:42:51 +00:00
Hajimu UMEMOTO
3984c5e1d6 sys/crypto/md5.[ch] is used from nowhere. So, just nuke them. 2005-03-11 12:56:15 +00:00
Hajimu UMEMOTO
9f65b10b0f refer opencrypto/cast.h directly. 2005-03-11 12:37:07 +00:00
Hajimu UMEMOTO
858ff96a88 use cast128 in opencrypto to nuke duplicate code. 2005-03-10 11:40:53 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
John Baldwin
2d68e3fb92 Initiate deorbit burn sequence for 80386 support in FreeBSD: Remove
80386 (I386_CPU) support from the kernel.
2004-11-16 20:42:32 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
David E. O'Brien
8c0866203c Use __FBSDID(). 2004-06-14 00:38:54 +00:00
Dag-Erling Smørgrav
2845024409 Fix a reentrancy issue in md5_calc(). 2004-01-27 18:57:21 +00:00
Hajimu UMEMOTO
543729cf93 avoid module name conflict with opencrypto/rijndael.c.
Reported by:	tinderbox
2003-11-12 04:22:37 +00:00
Hajimu UMEMOTO
34d78ec3f1 cleanup rijndael API.
since there are naming conflicts with opencrypto, #define was
added to rename functions intend to avoid conflicts.

Obtained from:	KAME
2003-11-11 18:58:54 +00:00
Hajimu UMEMOTO
5129dcfce7 rijndael-alg-fst.[ch]:
- redo updating.

rijndael-api-fst.[ch]:
  - switch to use new low level rijndael api.
  - stop using u8, u16 and u32.
  - space cleanup.

Tested by:	gbde(8) and phk's test program
2003-11-10 10:33:39 +00:00
Poul-Henning Kamp
0513e13e31 Add a testcase which validates that the same buffer can be passed to
rijndael_blockDecrypt() as both input and output.

This property is important because inside rijndael we can get away
with allocating just a 16 byte "work" buffer on the stack (which
is very cheap), whereas the calling code would need to allocate the
full sized buffer, and in all likelyhood would have to do so with
an expensive malloc(9).
2003-10-19 22:12:23 +00:00
Hajimu UMEMOTO
9132d5071c - revert to old rijndael code. new rijndael code broke gbde.
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
2003-10-19 21:28:34 +00:00
Hajimu UMEMOTO
3011d4b3e2 Fix alignment problem on 64 bit arch.
I only tested if it doesn't break anything on i368.  Since I
have no 64 bit machine, I cannot test it, actually.

Reported by:	jmallett
2003-10-14 13:37:37 +00:00
Hajimu UMEMOTO
66c7fe4056 use BF_ecb_encrypt().
Obtained from:	KAME
2003-10-13 19:26:08 +00:00
Hajimu UMEMOTO
8f21478b6a simplify and update rijndael code.
Obtained from:	KAME
2003-10-12 21:05:05 +00:00
Hajimu UMEMOTO
3dbacd2651 use opencrypto for RMD160.
Requested by:	sam
2003-10-12 18:25:38 +00:00
Hajimu UMEMOTO
d82a80a330 drop useless define. 2003-10-12 14:47:24 +00:00
Hajimu UMEMOTO
53e67fbf8e use bswap32() for big endian arch.
Reported by:	tinderbox via kris
2003-10-12 14:32:13 +00:00
Hajimu UMEMOTO
21669564bf RIPEMD160 support
Obtained from:	KAME
2003-10-12 09:43:48 +00:00
Hajimu UMEMOTO
7aab01fa76 switch cast128 implementation to implementation by Steve Reid;
smaller footprint.

Obtained from:	KAME
2003-10-10 15:06:16 +00:00
Hajimu UMEMOTO
66476d45b8 one more opossite conditiion.
Reported by:	"lg" <zevlg@yandex.ru>
2003-09-18 17:26:56 +00:00
Hajimu UMEMOTO
eb159f5b2e condition of padLen check was opposite.
Reported by:	"lg" <zevlg@yandex.ru>
Reviewed by:	Lev Walkin <vlm@netli.com>
2003-09-17 08:51:43 +00:00
Poul-Henning Kamp
5fdd8d28a3 Correctly bzero the entire context, not just the first sizeof(void *) bytes.
Found by:	Juergen Buchmueller <pullmoll@stop1984.com>
2003-09-08 18:32:33 +00:00
David E. O'Brien
ad39da7821 Use __FBSDID(). 2003-06-10 21:44:29 +00:00
David E. O'Brien
40373d8796 Assembly files put thru the C preprocessor need to have C style comments. 2003-04-21 16:30:12 +00:00
Mike Silbersack
641fe90c31 Remove some unnecessary casts. 2003-01-25 22:41:22 +00:00
Sam Leffler
50b25cd7d2 make rc4 crypto support a module so other modules can depend on it
Submitted by:	imp
Reviewed by:	imp
2003-01-15 19:55:17 +00:00
Poul-Henning Kamp
ba459bd472 Make this compilable from userland as well. 2002-11-01 08:56:39 +00:00
Poul-Henning Kamp
27da100965 Don't panic when we can just return an error code. 2002-10-14 11:21:05 +00:00
Mark Murray
d56fb9ceb0 Fix some really pedantic GCC warnings. 2002-07-15 13:45:15 +00:00
SUZUKI Shinsuke
db49169620 Fixed AES encryption algorithm bug
PR:             kern/38465
Obtained from:  Ramana Yarlagadda <ramana.yarlagadda@analog.com>
2002-05-24 07:26:17 +00:00
Mark Murray
83238851f8 Remove macros that are defined elsewhere. 2002-04-21 10:32:48 +00:00
SUZUKI Shinsuke
88ff5695c1 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
(based on freebsd4-snap-20020128)

Reviewed by:	ume
MFC after:	1 week
2002-04-19 04:46:24 +00:00
Alfred Perlstein
14e10f9952 Remove __P. 2002-03-20 05:14:42 +00:00
Hajimu UMEMOTO
b5a8f767a6 - Speedup 3DES by using assembly code for i386.
- Sync des/blowfish to more recent openssl.

Obtained from:	KAME/NetBSD
MFC after:	2 weeks
2002-03-05 09:19:02 +00:00
Hajimu UMEMOTO
e8647cfc81 off by one error in Aaron Gifford's code. KAME PR 393.
PR:		kern/34242
Submitted by:	Aaron D. Gifford <agifford@infowest.com>
MFC after:	1 week
2002-02-26 16:58:58 +00:00
Hajimu UMEMOTO
c79ae091de fixed the cast128 calculation with a short cipher key length.
the memory was overridden when the key length was less than 16 bytes.

Obtained from:	KAME
MFC after:	1 week
2001-11-27 14:11:47 +00:00
Hajimu UMEMOTO
aa62bfb629 properly check DES weak key. KAME PR 363.
Obtained from:	KAME
MFC after:	1 week
2001-07-03 17:46:48 +00:00
Hajimu UMEMOTO
c56df4e782 less warning
warning: cast discards qualifiers from pointer target type
2001-06-16 19:32:37 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Mark Murray
dafaee8183 Kernel crypto need binary key material, not symbolic ascii. 2001-03-10 13:02:58 +00:00
Kris Kennaway
fe2869c8fa Initial import of AES algorithm code (aka Rijndael) from KAME. 2000-10-30 11:03:32 +00:00
Archie Cobbs
8576ccb74b Fix broken const'ness in declaration of sha1_loop(). 2000-10-09 18:49:14 +00:00
Jun-ichiro itojun Hagino
686cdd19b1 sync with kame tree as of july00. tons of bug fixes/improvements.
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
  (also syntax change)
2000-07-04 16:35:15 +00:00
Poul-Henning Kamp
3389ae9350 Remove ~25 unneeded #include <sys/conf.h>
Remove ~60 unneeded #include <sys/malloc.h>
2000-04-19 14:58:28 +00:00
Archie Cobbs
018204af68 A simplified RC4 implementation for kernel use. 2000-04-09 21:01:01 +00:00