Commit Graph

95 Commits

Author SHA1 Message Date
kib
a619846587 Crypto(4) driver for AESNI.
The aeskeys_{amd64,i386}.S content was mostly obtained from OpenBSD,
no objections to the license from core.

Hardware provided by:	Sentex Communications
Tested by:	fabient, pho (previous versions)
MFC after:	1 month
2010-07-23 11:00:46 +00:00
kib
6a41cd83d7 Use the fpu_kern_enter() interface to properly separate usermode FPU
context from in-kernel execution of padlock instructions and to handle
spurious FPUDNA exceptions that sometime are raised when doing padlock
calculations.

Globally mark crypto(9) kthread as using FPU.

Reviewed by:	pjd
Hardware provided by:	Sentex Communications
Tested by:	  pho
PR:    amd64/135014
MFC after:    1 month
2010-06-05 16:00:53 +00:00
vanhu
f484650153 Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(),
as we already hold the non sleepable crypto_driver_mutex.

Approved by:	gnn(mentor)
Obtained from:	NETASQ
MFC after:	2 weeks
2009-05-27 09:52:12 +00:00
imp
6388654b8d identify routine takes driver_t *, not device_t *. 2009-02-05 19:30:28 +00:00
jkim
926a84447a Connect padlock(4) to amd64 build for VIA Nano processors. 2009-01-12 19:23:46 +00:00
mav
f702951b49 Avoid 256 integer divisions per rc4_init() call. Replace it with using
separate index variable.

It gives more then double rc4_init() performance increase on tested i386 P4.
It also gives about 15% speedup to PPTP VPN with stateless MPPE encryption
(by ng_mppc) which calls rc4_init() for every packet.
2008-12-16 13:58:37 +00:00
philip
f3d74d62d3 Fix a potential NULL-pointer dereference in padlock(4).
Spotted by:	Coverity (via pjd)
MFC after:	1 week
2008-11-17 19:00:36 +00:00
pjd
dca2fd863d Simplify session selection/allocation. 2008-08-09 20:01:01 +00:00
pjd
c2715b68b6 - Fix freeing session on newsession failure.
- Update copyright years.
2008-08-09 19:48:59 +00:00
pjd
e3f8d38bb0 Implify sessions freeing loop. 2008-08-09 19:47:19 +00:00
pjd
6c7aca77a3 We don't have to drop a lock around malloc(M_NOWAIT). 2008-08-09 19:45:43 +00:00
pjd
c14f239009 When freeing session, restore its ID after zeroing memory.
Bug tracked down by:	Patrick Lamaiziere <patfbsd@davenulle.org>
2008-08-09 19:43:44 +00:00
pjd
1be547932b Sessions in-use are at the end of the queue, so use TAILQ_FOREACH_REVERSE()
when looking for them.

Idea from:	Patrick Lamaiziere <patfbsd@davenulle.org>
2008-08-09 19:42:37 +00:00
pjd
00602e0182 Convert lock that protects sessions list from a mutex to a rwlock.
Now we can use read lock in fast path (padlock_process()).
2008-07-20 07:34:00 +00:00
sobomax
ccb885253e Make test00 compilable again. 2008-01-15 18:34:47 +00:00
gnn
aeca69ded5 Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC
option is now deprecated, as well as the KAME IPsec code.
What was FAST_IPSEC is now IPSEC.

Approved by: re
Sponsored by: Secure Computing
2007-07-03 12:13:45 +00:00
gnn
38b76f0623 Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
2007-05-09 19:37:02 +00:00
sam
f96ba7ffda Overhaul driver/subsystem api's:
o make all crypto drivers have a device_t; pseudo drivers like the s/w
  crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
  cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
  for specifying which of several potential devices to use when doing
  crypto operations
o add new ioctls that allow user apps to select a specific crypto device
  to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
  implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
  795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
  to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
  to specify a device to use for tests

These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.

These changes were instigated by the work of Michael Richardson.

Reviewed by:	pjd
Approved by:	re
2007-03-21 03:42:51 +00:00
kevlo
94bc2d7409 Initialize T1 to silent gcc warning.
Approved by: cognet
2006-10-22 02:19:33 +00:00
pjd
8277c8e2a4 Less magic.
MFC after:	3 days
2006-09-15 10:44:55 +00:00
kan
6ef43dbb8f GCC 3.4.6 gets confused on this file and produces bogus warning.
Shut it up.
2006-08-26 21:48:00 +00:00
pjd
f422bef855 Remove trailing spaces. 2006-07-28 14:48:30 +00:00
pjd
cea88d1e47 Use existing roundup2() macro.
Suggested by:	njl
2006-07-28 14:46:19 +00:00
pjd
773098d748 Remove redundant check committed by accident. 2006-07-25 20:00:55 +00:00
pjd
054c4a83dd Avoid memory allocations when the given address is already 16 bytes aligned.
Such an address can be used directly in padlock's AES.
This improves speed of geli(8) significantly:

	# sysctl kern.geom.zero.clear=0
	# geli onetime -s 4096 gzero
	# dd if=/dev/gzero.eli of=/dev/null bs=1m count=1000

Before:	113MB/s
After:	203MB/s

BTW. If sector size is set to 128kB, I can read at 276MB/s :)
2006-07-25 19:32:58 +00:00
pjd
90aa974bdf Modify PADLOCK_ALIGN() macro, so when the given address is already 16 bytes
aligned, it will be used directly, not 'address + 16'.
2006-07-25 19:06:54 +00:00
pjd
1bdee6da83 Style fixes. 2006-07-25 19:04:26 +00:00
pjd
90eb685fca Implement support for HMAC/SHA1 and HMAC/SHA256 acceleration found in
new VIA CPUs.
For older CPUs HMAC/SHA1 and HMAC/SHA256 (and others) will still be done
in software.

Move symmetric cryptography (currently only AES-CBC 128/192/256) to
padlock_cipher.c file. Move HMAC cryptography to padlock_hash.c file.

Hardware from:	Centaur Technologies
2006-07-22 16:18:47 +00:00
pjd
361a0884e4 Correct few bzero()s.
MFC after:	3 days
2006-07-22 13:14:11 +00:00
pjd
0495e43729 Set ses_ictx and ses_octx to NULL after freeing them, so we won't free
them twice.
This is possible for example in situation when session is used in
authentication context, then freed and then used in encryption context
and freed - in encryption context ses_ictx and ses_octx are not touched
at newsession time, but padlock_freesession could still try to free them
when they are not NULL.
2006-07-22 10:04:47 +00:00
mr
4af607ffd5 Use the already stored VIA RNG probe information
instead of probing again.
Adjust style(9) somewhat in probe.c

Reviewed by:	pjd
MFC after:	1 week
2006-07-13 09:15:14 +00:00
pjd
e9425270e5 Fix gratuitous compiler warning.
Reported by:	Rong-en Fan <grafan@gmail.com>
2006-06-08 17:40:02 +00:00
pjd
87e654aa04 - Pretend to accelerate various HMAC algorithms, so padlock(4) can be used
with fast_ipsec(4) and geli(8) authentication (comming soon).
  If consumer requests only for HMAC algorithm (without encryption), return
  EINVAL.
- Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and
  authentication.
2006-06-05 16:22:04 +00:00
pjd
a4071b836a padlock(4) doesn't support explicitly provided keys yet.
Return an error instead of encrypting/decrypting data with a wrong key.
2006-04-20 06:31:44 +00:00
pjd
7f664ed13a On padlock initialization, allocate memory with M_WAITOK. 2006-04-12 12:13:34 +00:00
pjd
352b6c307b Add VIA/ACE "PadLock" support as a crypto(9) driver.
HW donated by:			Mike Tancsa <mike@sentex.net>
Most of the code obtained from:	OpenBSD
MFC after:			3 days
2005-08-18 00:30:22 +00:00
pjd
bb000dd3d5 Assert proper key size also in userland by defining KASSERT in !_KERNEL case. 2005-08-17 07:59:07 +00:00
cperciva
bdfa6fbbb1 Unbreak the world build (in sbin/gbde). This file is used by both
kernel and world, so KASSERT() needs to be wrapped within an #ifdef
_KERNEL / #endif pair.

Reported by:	krion, tinderbox
2005-08-17 00:24:20 +00:00
pjd
372c5a7d07 Check key size for rijndael, as invalid key size can lead to kernel panic.
It checked other algorithms against this bug and it seems they aren't
affected.

Reported by:	Mike Tancsa <mike@sentex.net>
PR:		i386/84860
Reviewed by:	phk, cperciva(x2)
2005-08-16 18:59:00 +00:00
ume
5f96af1a75 gbde(8) is also rejndael user.
Reported by:	phk
2005-03-11 22:07:04 +00:00
ume
5ce7e2e80a just use crypto/rijndael, and nuke opencrypto/rindael.[ch].
the two became almost identical since latest KAME merge.

Discussed with:	sam
2005-03-11 17:24:46 +00:00
ume
8a8b13dab5 integrate rijndael-alg-fst.h into rijndael.h. 2005-03-11 16:26:10 +00:00
ume
73402ef817 stop including rijndael-api-fst.h from rijndael.h.
this is required to integrate opencrypto into crypto.
2005-03-11 15:42:51 +00:00
ume
f61af04d95 sys/crypto/md5.[ch] is used from nowhere. So, just nuke them. 2005-03-11 12:56:15 +00:00
ume
4319b5fb5e refer opencrypto/cast.h directly. 2005-03-11 12:37:07 +00:00
ume
4bc4328cd1 use cast128 in opencrypto to nuke duplicate code. 2005-03-10 11:40:53 +00:00
ru
cec60429bb Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
jhb
cc03c9de7d Initiate deorbit burn sequence for 80386 support in FreeBSD: Remove
80386 (I386_CPU) support from the kernel.
2004-11-16 20:42:32 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
obrien
18012715d9 Use __FBSDID(). 2004-06-14 00:38:54 +00:00