361bfae5c2
64bit and 32bit ABIs. As a side-effect, it enables AVX on capable CPUs. In particular: - Query the CPU support for XSAVE, list of the supported extensions and the required size of FPU save area. The hw.use_xsave tunable is provided for disabling XSAVE, and hw.xsave_mask may be used to select the enabled extensions. - Remove the FPU save area from PCB and dynamically allocate the (run-time sized) user save area on the top of the kernel stack, right above the PCB. Reorganize the thread0 PCB initialization to postpone it after BSP is queried for save area size. - The dumppcb, stoppcbs and susppcbs now do not carry the FPU state as well. FPU state is only useful for suspend, where it is saved in dynamically allocated suspfpusave area. - Use XSAVE and XRSTOR to save/restore FPU state, if supported and enabled. - Define new mcontext_t flag _MC_HASFPXSTATE, indicating that mcontext_t has a valid pointer to out-of-struct extended FPU state. Signal handlers are supplied with stack-allocated fpu state. The sigreturn(2) and setcontext(2) syscall honour the flag, allowing the signal handlers to inspect and manipilate extended state in the interrupted context. - The getcontext(2) never returns extended state, since there is no place in the fixed-sized mcontext_t to place variable-sized save area. And, since mcontext_t is embedded into ucontext_t, makes it impossible to fix in a reasonable way. Instead of extending getcontext(2) syscall, provide a sysarch(2) facility to query extended FPU state. - Add ptrace(2) support for getting and setting extended state; while there, implement missed PT_I386_{GET,SET}XMMREGS for 32bit binaries. - Change fpu_kern KPI to not expose struct fpu_kern_ctx layout to consumers, making it opaque. Internally, struct fpu_kern_ctx now contains a space for the extended state. Convert in-kernel consumers of fpu_kern KPI both on i386 and amd64. First version of the support for AVX was submitted by Tim Bird <tim.bird am sony com> on behalf of Sony. This version was written from scratch. Tested by: pho (previous version), Yamagi Burmeister <lists yamagi org> MFC after: 1 month
407 lines
11 KiB
C
407 lines
11 KiB
C
/*-
|
|
* Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/module.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/libkern.h>
|
|
#include <sys/endian.h>
|
|
#include <sys/pcpu.h>
|
|
#if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
|
|
#include <machine/cpufunc.h>
|
|
#include <machine/cputypes.h>
|
|
#include <machine/md_var.h>
|
|
#include <machine/specialreg.h>
|
|
#endif
|
|
#include <machine/pcb.h>
|
|
|
|
#include <opencrypto/cryptodev.h>
|
|
#include <opencrypto/cryptosoft.h> /* for hmac_ipad_buffer and hmac_opad_buffer */
|
|
#include <opencrypto/xform.h>
|
|
|
|
#include <crypto/via/padlock.h>
|
|
|
|
/*
|
|
* Implementation notes.
|
|
*
|
|
* Some VIA CPUs provides SHA1 and SHA256 acceleration.
|
|
* We implement all HMAC algorithms provided by crypto(9) framework, but we do
|
|
* the crypto work in software unless this is HMAC/SHA1 or HMAC/SHA256 and
|
|
* our CPU can accelerate it.
|
|
*
|
|
* Additional CPU instructions, which preform SHA1 and SHA256 are one-shot
|
|
* functions - we have only one chance to give the data, CPU itself will add
|
|
* the padding and calculate hash automatically.
|
|
* This means, it is not possible to implement common init(), update(), final()
|
|
* methods.
|
|
* The way I've choosen is to keep adding data to the buffer on update()
|
|
* (reallocating the buffer if necessary) and call XSHA{1,256} instruction on
|
|
* final().
|
|
*/
|
|
|
|
struct padlock_sha_ctx {
|
|
uint8_t *psc_buf;
|
|
int psc_offset;
|
|
int psc_size;
|
|
};
|
|
CTASSERT(sizeof(struct padlock_sha_ctx) <= sizeof(union authctx));
|
|
|
|
static void padlock_sha_init(struct padlock_sha_ctx *ctx);
|
|
static int padlock_sha_update(struct padlock_sha_ctx *ctx, uint8_t *buf,
|
|
uint16_t bufsize);
|
|
static void padlock_sha1_final(uint8_t *hash, struct padlock_sha_ctx *ctx);
|
|
static void padlock_sha256_final(uint8_t *hash, struct padlock_sha_ctx *ctx);
|
|
|
|
static struct auth_hash padlock_hmac_sha1 = {
|
|
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
|
|
20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx),
|
|
(void (*)(void *))padlock_sha_init,
|
|
(int (*)(void *, uint8_t *, uint16_t))padlock_sha_update,
|
|
(void (*)(uint8_t *, void *))padlock_sha1_final
|
|
};
|
|
|
|
static struct auth_hash padlock_hmac_sha256 = {
|
|
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
|
|
32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx),
|
|
(void (*)(void *))padlock_sha_init,
|
|
(int (*)(void *, uint8_t *, uint16_t))padlock_sha_update,
|
|
(void (*)(uint8_t *, void *))padlock_sha256_final
|
|
};
|
|
|
|
MALLOC_DECLARE(M_PADLOCK);
|
|
|
|
static __inline void
|
|
padlock_output_block(uint32_t *src, uint32_t *dst, size_t count)
|
|
{
|
|
|
|
while (count-- > 0)
|
|
*dst++ = bswap32(*src++);
|
|
}
|
|
|
|
static void
|
|
padlock_do_sha1(const u_char *in, u_char *out, int count)
|
|
{
|
|
u_char buf[128+16]; /* PadLock needs at least 128 bytes buffer. */
|
|
u_char *result = PADLOCK_ALIGN(buf);
|
|
|
|
((uint32_t *)result)[0] = 0x67452301;
|
|
((uint32_t *)result)[1] = 0xEFCDAB89;
|
|
((uint32_t *)result)[2] = 0x98BADCFE;
|
|
((uint32_t *)result)[3] = 0x10325476;
|
|
((uint32_t *)result)[4] = 0xC3D2E1F0;
|
|
|
|
#ifdef __GNUCLIKE_ASM
|
|
__asm __volatile(
|
|
".byte 0xf3, 0x0f, 0xa6, 0xc8" /* rep xsha1 */
|
|
: "+S"(in), "+D"(result)
|
|
: "c"(count), "a"(0)
|
|
);
|
|
#endif
|
|
|
|
padlock_output_block((uint32_t *)result, (uint32_t *)out,
|
|
SHA1_HASH_LEN / sizeof(uint32_t));
|
|
}
|
|
|
|
static void
|
|
padlock_do_sha256(const char *in, char *out, int count)
|
|
{
|
|
char buf[128+16]; /* PadLock needs at least 128 bytes buffer. */
|
|
char *result = PADLOCK_ALIGN(buf);
|
|
|
|
((uint32_t *)result)[0] = 0x6A09E667;
|
|
((uint32_t *)result)[1] = 0xBB67AE85;
|
|
((uint32_t *)result)[2] = 0x3C6EF372;
|
|
((uint32_t *)result)[3] = 0xA54FF53A;
|
|
((uint32_t *)result)[4] = 0x510E527F;
|
|
((uint32_t *)result)[5] = 0x9B05688C;
|
|
((uint32_t *)result)[6] = 0x1F83D9AB;
|
|
((uint32_t *)result)[7] = 0x5BE0CD19;
|
|
|
|
#ifdef __GNUCLIKE_ASM
|
|
__asm __volatile(
|
|
".byte 0xf3, 0x0f, 0xa6, 0xd0" /* rep xsha256 */
|
|
: "+S"(in), "+D"(result)
|
|
: "c"(count), "a"(0)
|
|
);
|
|
#endif
|
|
|
|
padlock_output_block((uint32_t *)result, (uint32_t *)out,
|
|
SHA2_256_HASH_LEN / sizeof(uint32_t));
|
|
}
|
|
|
|
static void
|
|
padlock_sha_init(struct padlock_sha_ctx *ctx)
|
|
{
|
|
|
|
ctx->psc_buf = NULL;
|
|
ctx->psc_offset = 0;
|
|
ctx->psc_size = 0;
|
|
}
|
|
|
|
static int
|
|
padlock_sha_update(struct padlock_sha_ctx *ctx, uint8_t *buf, uint16_t bufsize)
|
|
{
|
|
|
|
if (ctx->psc_size - ctx->psc_offset < bufsize) {
|
|
ctx->psc_size = MAX(ctx->psc_size * 2, ctx->psc_size + bufsize);
|
|
ctx->psc_buf = realloc(ctx->psc_buf, ctx->psc_size, M_PADLOCK,
|
|
M_NOWAIT);
|
|
if(ctx->psc_buf == NULL)
|
|
return (ENOMEM);
|
|
}
|
|
bcopy(buf, ctx->psc_buf + ctx->psc_offset, bufsize);
|
|
ctx->psc_offset += bufsize;
|
|
return (0);
|
|
}
|
|
|
|
static void
|
|
padlock_sha_free(struct padlock_sha_ctx *ctx)
|
|
{
|
|
|
|
if (ctx->psc_buf != NULL) {
|
|
//bzero(ctx->psc_buf, ctx->psc_size);
|
|
free(ctx->psc_buf, M_PADLOCK);
|
|
ctx->psc_buf = NULL;
|
|
ctx->psc_offset = 0;
|
|
ctx->psc_size = 0;
|
|
}
|
|
}
|
|
|
|
static void
|
|
padlock_sha1_final(uint8_t *hash, struct padlock_sha_ctx *ctx)
|
|
{
|
|
|
|
padlock_do_sha1(ctx->psc_buf, hash, ctx->psc_offset);
|
|
padlock_sha_free(ctx);
|
|
}
|
|
|
|
static void
|
|
padlock_sha256_final(uint8_t *hash, struct padlock_sha_ctx *ctx)
|
|
{
|
|
|
|
padlock_do_sha256(ctx->psc_buf, hash, ctx->psc_offset);
|
|
padlock_sha_free(ctx);
|
|
}
|
|
|
|
static void
|
|
padlock_copy_ctx(struct auth_hash *axf, void *sctx, void *dctx)
|
|
{
|
|
|
|
if ((via_feature_xcrypt & VIA_HAS_SHA) != 0 &&
|
|
(axf->type == CRYPTO_SHA1_HMAC ||
|
|
axf->type == CRYPTO_SHA2_256_HMAC)) {
|
|
struct padlock_sha_ctx *spctx = sctx, *dpctx = dctx;
|
|
|
|
dpctx->psc_offset = spctx->psc_offset;
|
|
dpctx->psc_size = spctx->psc_size;
|
|
dpctx->psc_buf = malloc(dpctx->psc_size, M_PADLOCK, M_WAITOK);
|
|
bcopy(spctx->psc_buf, dpctx->psc_buf, dpctx->psc_size);
|
|
} else {
|
|
bcopy(sctx, dctx, axf->ctxsize);
|
|
}
|
|
}
|
|
|
|
static void
|
|
padlock_free_ctx(struct auth_hash *axf, void *ctx)
|
|
{
|
|
|
|
if ((via_feature_xcrypt & VIA_HAS_SHA) != 0 &&
|
|
(axf->type == CRYPTO_SHA1_HMAC ||
|
|
axf->type == CRYPTO_SHA2_256_HMAC)) {
|
|
padlock_sha_free(ctx);
|
|
}
|
|
}
|
|
|
|
static void
|
|
padlock_hash_key_setup(struct padlock_session *ses, caddr_t key, int klen)
|
|
{
|
|
struct auth_hash *axf;
|
|
int i;
|
|
|
|
klen /= 8;
|
|
axf = ses->ses_axf;
|
|
|
|
/*
|
|
* Try to free contexts before using them, because
|
|
* padlock_hash_key_setup() can be called twice - once from
|
|
* padlock_newsession() and again from padlock_process().
|
|
*/
|
|
padlock_free_ctx(axf, ses->ses_ictx);
|
|
padlock_free_ctx(axf, ses->ses_octx);
|
|
|
|
for (i = 0; i < klen; i++)
|
|
key[i] ^= HMAC_IPAD_VAL;
|
|
|
|
axf->Init(ses->ses_ictx);
|
|
axf->Update(ses->ses_ictx, key, klen);
|
|
axf->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen);
|
|
|
|
for (i = 0; i < klen; i++)
|
|
key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
|
|
|
|
axf->Init(ses->ses_octx);
|
|
axf->Update(ses->ses_octx, key, klen);
|
|
axf->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen);
|
|
|
|
for (i = 0; i < klen; i++)
|
|
key[i] ^= HMAC_OPAD_VAL;
|
|
}
|
|
|
|
/*
|
|
* Compute keyed-hash authenticator.
|
|
*/
|
|
static int
|
|
padlock_authcompute(struct padlock_session *ses, struct cryptodesc *crd,
|
|
caddr_t buf, int flags)
|
|
{
|
|
u_char hash[HASH_MAX_LEN];
|
|
struct auth_hash *axf;
|
|
union authctx ctx;
|
|
int error;
|
|
|
|
axf = ses->ses_axf;
|
|
|
|
padlock_copy_ctx(axf, ses->ses_ictx, &ctx);
|
|
error = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len,
|
|
(int (*)(void *, void *, unsigned int))axf->Update, (caddr_t)&ctx);
|
|
if (error != 0) {
|
|
padlock_free_ctx(axf, &ctx);
|
|
return (error);
|
|
}
|
|
axf->Final(hash, &ctx);
|
|
|
|
padlock_copy_ctx(axf, ses->ses_octx, &ctx);
|
|
axf->Update(&ctx, hash, axf->hashsize);
|
|
axf->Final(hash, &ctx);
|
|
|
|
/* Inject the authentication data */
|
|
crypto_copyback(flags, buf, crd->crd_inject,
|
|
ses->ses_mlen == 0 ? axf->hashsize : ses->ses_mlen, hash);
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
padlock_hash_setup(struct padlock_session *ses, struct cryptoini *macini)
|
|
{
|
|
|
|
ses->ses_mlen = macini->cri_mlen;
|
|
|
|
/* Find software structure which describes HMAC algorithm. */
|
|
switch (macini->cri_alg) {
|
|
case CRYPTO_NULL_HMAC:
|
|
ses->ses_axf = &auth_hash_null;
|
|
break;
|
|
case CRYPTO_MD5_HMAC:
|
|
ses->ses_axf = &auth_hash_hmac_md5;
|
|
break;
|
|
case CRYPTO_SHA1_HMAC:
|
|
if ((via_feature_xcrypt & VIA_HAS_SHA) != 0)
|
|
ses->ses_axf = &padlock_hmac_sha1;
|
|
else
|
|
ses->ses_axf = &auth_hash_hmac_sha1;
|
|
break;
|
|
case CRYPTO_RIPEMD160_HMAC:
|
|
ses->ses_axf = &auth_hash_hmac_ripemd_160;
|
|
break;
|
|
case CRYPTO_SHA2_256_HMAC:
|
|
if ((via_feature_xcrypt & VIA_HAS_SHA) != 0)
|
|
ses->ses_axf = &padlock_hmac_sha256;
|
|
else
|
|
ses->ses_axf = &auth_hash_hmac_sha2_256;
|
|
break;
|
|
case CRYPTO_SHA2_384_HMAC:
|
|
ses->ses_axf = &auth_hash_hmac_sha2_384;
|
|
break;
|
|
case CRYPTO_SHA2_512_HMAC:
|
|
ses->ses_axf = &auth_hash_hmac_sha2_512;
|
|
break;
|
|
}
|
|
|
|
/* Allocate memory for HMAC inner and outer contexts. */
|
|
ses->ses_ictx = malloc(ses->ses_axf->ctxsize, M_PADLOCK,
|
|
M_ZERO | M_NOWAIT);
|
|
ses->ses_octx = malloc(ses->ses_axf->ctxsize, M_PADLOCK,
|
|
M_ZERO | M_NOWAIT);
|
|
if (ses->ses_ictx == NULL || ses->ses_octx == NULL)
|
|
return (ENOMEM);
|
|
|
|
/* Setup key if given. */
|
|
if (macini->cri_key != NULL) {
|
|
padlock_hash_key_setup(ses, macini->cri_key,
|
|
macini->cri_klen);
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
padlock_hash_process(struct padlock_session *ses, struct cryptodesc *maccrd,
|
|
struct cryptop *crp)
|
|
{
|
|
struct thread *td;
|
|
int error, saved_ctx;
|
|
|
|
td = curthread;
|
|
if (!is_fpu_kern_thread(0)) {
|
|
error = fpu_kern_enter(td, ses->ses_fpu_ctx, FPU_KERN_NORMAL);
|
|
saved_ctx = 1;
|
|
} else {
|
|
error = 0;
|
|
saved_ctx = 0;
|
|
}
|
|
if (error != 0)
|
|
return (error);
|
|
if ((maccrd->crd_flags & CRD_F_KEY_EXPLICIT) != 0)
|
|
padlock_hash_key_setup(ses, maccrd->crd_key, maccrd->crd_klen);
|
|
|
|
error = padlock_authcompute(ses, maccrd, crp->crp_buf, crp->crp_flags);
|
|
if (saved_ctx)
|
|
fpu_kern_leave(td, ses->ses_fpu_ctx);
|
|
return (error);
|
|
}
|
|
|
|
void
|
|
padlock_hash_free(struct padlock_session *ses)
|
|
{
|
|
|
|
if (ses->ses_ictx != NULL) {
|
|
padlock_free_ctx(ses->ses_axf, ses->ses_ictx);
|
|
bzero(ses->ses_ictx, ses->ses_axf->ctxsize);
|
|
free(ses->ses_ictx, M_PADLOCK);
|
|
ses->ses_ictx = NULL;
|
|
}
|
|
if (ses->ses_octx != NULL) {
|
|
padlock_free_ctx(ses->ses_axf, ses->ses_octx);
|
|
bzero(ses->ses_octx, ses->ses_axf->ctxsize);
|
|
free(ses->ses_octx, M_PADLOCK);
|
|
ses->ses_octx = NULL;
|
|
}
|
|
}
|