Date: Fri, 12 Aug 2005 15:45:11 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: FreeBSD-current <freebsd-current@FreeBSD.org> Subject: VIA/ACE PadLock integration with crypto(9). Message-ID: <20050812134511.GE25162@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--t4apE7yKrX2dGgJC Content-Type: multipart/mixed; boundary="NQTVMVnDVuULnIzU" Content-Disposition: inline --NQTVMVnDVuULnIzU Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. This is a call for testers. I integrated VIA/ACE PadLock with our crypto(9) subsystem, so now it can be used with things like fast_ipsec(4) and geli(8). I'm attaching three files: padlock.c - should be placed in sys/crypto/via/ Makefile - should be placed in sys/modules/padlock/ Makefile.patch - is a patch against sys/modules/Makefile You need to create sys/crypto/via and sys/modules/padlock directories first. This will allow to compile padlock.ko module. It works very well with GELI: # kldload geom_zero # sysctl kern.geom.zero.clear=3D0 # kldload padlock # geli onetime -s 16384 -a aes -l 128 gzero # dd if=3D/dev/gzero.eli of=3D/dev/null bs=3D128k count=3D2000 262144000 bytes transferred in 3.614664 secs (72522368 bytes/sec) Without padlock.ko loaded I get only 6415333 bytes/sec. The thing which interest me the most is how it works with fast_ipsec(4). --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --NQTVMVnDVuULnIzU Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: attachment; filename="padlock.c" Content-Transfer-Encoding: quoted-printable /*- * Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. *=20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPO= SE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTI= AL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRI= CT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $OpenBSD: via.c,v 1.3 2004/06/15 23:36:55 deraadt Exp $ */ /*- * Copyright (c) 2003 Jason Wright * Copyright (c) 2003, 2004 Theo de Raadt * All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> #include <sys/module.h> #include <sys/lock.h> #include <sys/mutex.h> #include <sys/sysctl.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/uio.h> #if defined(__i386__) && !defined(PC98) #include <machine/cpufunc.h> #include <machine/cputypes.h> #endif #include <opencrypto/cryptodev.h> #include <crypto/rijndael/rijndael.h> #define PADLOCK_ROUND_COUNT_AES128 10 #define PADLOCK_ROUND_COUNT_AES192 12 #define PADLOCK_ROUND_COUNT_AES256 14 #define PADLOCK_ALGORITHM_TYPE_AES 0 #define PADLOCK_KEY_GENERATION_HW 0 #define PADLOCK_KEY_GENERATION_SW 1 #define PADLOCK_DIRECTION_ENCRYPT 0 #define PADLOCK_DIRECTION_DECRYPT 1 #define PADLOCK_KEY_SIZE_128 0 #define PADLOCK_KEY_SIZE_192 1 #define PADLOCK_KEY_SIZE_256 2 union padlock_cw { uint64_t raw; struct { u_int round_count : 4; u_int algorithm_type : 3; u_int key_generation : 1; u_int intermediate : 1; u_int direction : 1; u_int key_size : 2; u_int filler0 : 20; u_int filler1 : 32; u_int filler2 : 32; u_int filler3 : 32; } __field; }; #define cw_round_count __field.round_count #define cw_algorithm_type __field.algorithm_type #define cw_key_generation __field.key_generation #define cw_intermediate __field.intermediate #define cw_direction __field.direction #define cw_key_size __field.key_size #define cw_filler0 __field.filler0 #define cw_filler1 __field.filler1 #define cw_filler2 __field.filler2 #define cw_filler3 __field.filler3 struct padlock_session { union padlock_cw ses_cw __aligned(16); uint32_t ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit = aligned */ uint32_t ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit = aligned */ uint8_t ses_iv[16] __aligned(16); /* 128 bit aligned */ int ses_used; uint32_t ses_id; TAILQ_ENTRY(padlock_session) ses_next; }; struct padlock_softc { int32_t sc_cid; uint32_t sc_sid; TAILQ_HEAD(, padlock_session) sc_sessions; struct mtx sc_sessions_mtx; }; static struct padlock_softc *padlock_sc; static int padlock_newsession(void *arg __unused, uint32_t *sidp, struct cryptoini *cri); static int padlock_freesession(void *arg __unused, uint64_t tid); static int padlock_process(void *arg __unused, struct cryptop *crp, int hint __unused); static __inline void padlock_cbc(void *in, void *out, size_t count, void *key, union padlock_cw = *cw, void *iv) { #ifdef __GNUCLIKE_ASM /* The .byte line is really VIA C3 "xcrypt-cbc" instruction */ __asm __volatile( "pushf \n\t" "popf \n\t" "rep \n\t" ".byte 0x0f, 0xa7, 0xd0" : "+a" (iv), "+c" (count), "+D" (out), "+S" (in) : "b" (key), "d" (cw) : "cc", "memory" ); #endif } static int padlock_init(void) { struct padlock_softc *sc; #if defined(__i386__) && !defined(PC98) u_int regs[4]; int has_ace =3D 0; if (cpu_class < CPUCLASS_586) return (EINVAL); do_cpuid(1, regs); if ((regs[0] & 0xf) >=3D 3) { do_cpuid(0xc0000000, regs); if (regs[0] =3D=3D 0xc0000001) { do_cpuid(0xc0000001, regs); if ((regs[3] & 0xc0) =3D=3D 0xc0) has_ace =3D 1; } } if (!has_ace) { printf("PADLOCK: No ACE support.\n"); return (EINVAL); } #else return (EINVAL); #endif padlock_sc =3D sc =3D malloc(sizeof(*padlock_sc), M_DEVBUF, M_NOWAIT | M_ZERO); if (padlock_sc =3D=3D NULL) { printf("PADLOCK: Could not allocate memory.\n"); return (ENOMEM); } TAILQ_INIT(&sc->sc_sessions); sc->sc_sid =3D 1; sc->sc_cid =3D crypto_get_driverid(0); if (sc->sc_cid < 0) { printf("PADLOCK: Could not get crypto driver id.\n"); free(padlock_sc, M_DEVBUF); padlock_sc =3D NULL; return (ENOMEM); } =20 mtx_init(&sc->sc_sessions_mtx, "padlock_mtx", NULL, MTX_DEF); crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0, padlock_newsession, padlock_freesession, padlock_process, NULL); return (0); } static int padlock_destroy(void) { struct padlock_softc *sc =3D padlock_sc; struct padlock_session *ses; u_int active =3D 0; if (sc =3D=3D NULL) return (0); mtx_lock(&sc->sc_sessions_mtx); TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) { if (ses->ses_used) active++; } if (active > 0) { mtx_unlock(&sc->sc_sessions_mtx); printf("PADLOCK: Cannot destroy, %u sessions active.\n", active); return (EBUSY); } for (ses =3D TAILQ_FIRST(&sc->sc_sessions); ses !=3D NULL; ses =3D TAILQ_FIRST(&sc->sc_sessions)) { TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); free(ses, M_DEVBUF); } mtx_destroy(&sc->sc_sessions_mtx); crypto_unregister_all(sc->sc_cid); return (0); } static int padlock_newsession(void *arg __unused, uint32_t *sidp, struct cryptoini *cr= i) { struct padlock_softc *sc =3D padlock_sc; struct padlock_session *ses =3D NULL; union padlock_cw *cw; int i; if (sc =3D=3D NULL || sidp =3D=3D NULL || cri =3D=3D NULL || cri->cri_next !=3D NULL || cri->cri_alg !=3D CRYPTO_AES_CBC) { return (EINVAL); } if (cri->cri_klen !=3D 128 && cri->cri_klen !=3D 192 && cri->cri_klen !=3D 256) { return (EINVAL); } /* * Let's look for a free session structure. */ mtx_lock(&sc->sc_sessions_mtx); /* * Free sessions goes first, so if first session is used, we need to * allocate one. */ ses =3D TAILQ_FIRST(&sc->sc_sessions); if (ses =3D=3D NULL || ses->ses_used) ses =3D NULL; else { TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); ses->ses_used =3D 1; TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); } mtx_unlock(&sc->sc_sessions_mtx); if (ses =3D=3D NULL) { ses =3D malloc(sizeof(*ses), M_DEVBUF, M_NOWAIT | M_ZERO); if (ses =3D=3D NULL) return (ENOMEM); ses->ses_used =3D 1; mtx_lock(&sc->sc_sessions_mtx); ses->ses_id =3D sc->sc_sid; sc->sc_sid++; TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); mtx_unlock(&sc->sc_sessions_mtx); } cw =3D &ses->ses_cw; bzero(cw, sizeof(*cw)); cw->cw_algorithm_type =3D PADLOCK_ALGORITHM_TYPE_AES; cw->cw_key_generation =3D PADLOCK_KEY_GENERATION_SW; cw->cw_intermediate =3D 0; switch (cri->cri_klen) { case 128: cw->cw_round_count =3D PADLOCK_ROUND_COUNT_AES128; cw->cw_key_size =3D PADLOCK_KEY_SIZE_128; #ifdef HW_KEY_GENERATION /* This doesn't buy us much, that's why it is commented out. */ cw->cw_key_generation =3D PADLOCK_KEY_GENERATION_HW; #endif break; case 192: cw->cw_round_count =3D PADLOCK_ROUND_COUNT_AES192; cw->cw_key_size =3D PADLOCK_KEY_SIZE_192; break; case 256: cw->cw_round_count =3D PADLOCK_ROUND_COUNT_AES256; cw->cw_key_size =3D PADLOCK_KEY_SIZE_256; break; } /* TODO: get_random_bytes(ses->ses_iv, sizeof(ses->ses_iv)); */ if (cw->cw_key_generation =3D=3D PADLOCK_KEY_GENERATION_SW) { /* Build expanded keys for both directions */ rijndaelKeySetupEnc(ses->ses_ekey, cri->cri_key, cri->cri_klen); rijndaelKeySetupDec(ses->ses_dkey, cri->cri_key, cri->cri_klen); for (i =3D 0; i < 4 * (RIJNDAEL_MAXNR + 1); i++) { ses->ses_ekey[i] =3D ntohl(ses->ses_ekey[i]); ses->ses_dkey[i] =3D ntohl(ses->ses_dkey[i]); } } else { bcopy(cri->cri_key, ses->ses_ekey, cri->cri_klen); bcopy(cri->cri_key, ses->ses_dkey, cri->cri_klen); } *sidp =3D ses->ses_id; return (0); } static int padlock_freesession(void *arg __unused, uint64_t tid) { struct padlock_softc *sc =3D padlock_sc; struct padlock_session *ses; uint32_t sid =3D ((uint32_t)tid) & 0xffffffff; if (sc =3D=3D NULL) return (EINVAL); mtx_lock(&sc->sc_sessions_mtx); TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) { if (ses->ses_id =3D=3D sid) break; } if (ses =3D=3D NULL) { mtx_unlock(&sc->sc_sessions_mtx); return (EINVAL); } TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); bzero(ses, sizeof(ses)); ses->ses_used =3D 0; TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); mtx_unlock(&sc->sc_sessions_mtx); return (0); } static int padlock_process(void *arg __unused, struct cryptop *crp, int hint __unused) { struct padlock_softc *sc =3D padlock_sc; struct padlock_session *ses; union padlock_cw *cw; struct cryptodesc *crd =3D NULL; uint32_t *key; u_char *buf, *abuf; int err =3D 0; buf =3D NULL; if (crp =3D=3D NULL || crp->crp_callback =3D=3D NULL) { err =3D EINVAL; goto out; } crd =3D crp->crp_desc; if (crd =3D=3D NULL || crd->crd_next !=3D NULL || crd->crd_alg !=3D CRYPTO_AES_CBC ||=20 (crd->crd_len % 16) !=3D 0) { err =3D EINVAL; goto out; } mtx_lock(&sc->sc_sessions_mtx); TAILQ_FOREACH(ses, &sc->sc_sessions, ses_next) { if (ses->ses_id =3D=3D (crp->crp_sid & 0xffffffff)) break; } mtx_unlock(&sc->sc_sessions_mtx); if (ses =3D=3D NULL) { err =3D EINVAL; goto out; } buf =3D malloc(crd->crd_len + 16, M_DEVBUF, M_NOWAIT); if (buf =3D=3D NULL) { err =3D ENOMEM; goto out; } abuf =3D buf + 16 - ((uintptr_t)buf % 16); cw =3D &ses->ses_cw; cw->cw_filler0 =3D 0; cw->cw_filler1 =3D 0; cw->cw_filler2 =3D 0; cw->cw_filler3 =3D 0; if ((crd->crd_flags & CRD_F_ENCRYPT) !=3D 0) { cw->cw_direction =3D PADLOCK_DIRECTION_ENCRYPT; key =3D ses->ses_ekey; if ((crd->crd_flags & CRD_F_IV_EXPLICIT) !=3D 0) bcopy(crd->crd_iv, ses->ses_iv, 16); if ((crd->crd_flags & CRD_F_IV_PRESENT) =3D=3D 0) { if ((crp->crp_flags & CRYPTO_F_IMBUF) !=3D 0) { m_copyback((struct mbuf *)crp->crp_buf, crd->crd_inject, 16, ses->ses_iv); } else if ((crp->crp_flags & CRYPTO_F_IOV) !=3D 0) { cuio_copyback((struct uio *)crp->crp_buf, crd->crd_inject, 16, ses->ses_iv); } else { bcopy(ses->ses_iv, crp->crp_buf + crd->crd_inject, 16); } } } else { cw->cw_direction =3D PADLOCK_DIRECTION_DECRYPT; key =3D ses->ses_dkey; if ((crd->crd_flags & CRD_F_IV_EXPLICIT) !=3D 0) bcopy(crd->crd_iv, ses->ses_iv, 16); else { if ((crp->crp_flags & CRYPTO_F_IMBUF) !=3D 0) { m_copydata((struct mbuf *)crp->crp_buf, crd->crd_inject, 16, ses->ses_iv); } else if ((crp->crp_flags & CRYPTO_F_IOV) !=3D 0) { cuio_copydata((struct uio *)crp->crp_buf, crd->crd_inject, 16, ses->ses_iv); } else { bcopy(crp->crp_buf + crd->crd_inject, ses->ses_iv, 16); } } } if ((crp->crp_flags & CRYPTO_F_IMBUF) !=3D 0) { m_copydata((struct mbuf *)crp->crp_buf, crd->crd_skip, crd->crd_len, abuf); } else if ((crp->crp_flags & CRYPTO_F_IOV) !=3D 0) { cuio_copydata((struct uio *)crp->crp_buf, crd->crd_skip, crd->crd_len, abuf); } else { bcopy(crp->crp_buf + crd->crd_skip, abuf, crd->crd_len); } padlock_cbc(abuf, abuf, crd->crd_len / 16, key, cw, ses->ses_iv); if ((crp->crp_flags & CRYPTO_F_IMBUF) !=3D 0) { m_copyback((struct mbuf *)crp->crp_buf, crd->crd_skip, crd->crd_len, abuf); } else if ((crp->crp_flags & CRYPTO_F_IOV) !=3D 0) { cuio_copyback((struct uio *)crp->crp_buf, crd->crd_skip, crd->crd_len, abuf); } else { bcopy(abuf, crp->crp_buf + crd->crd_skip, crd->crd_len); } /* copy out last block for use as next session IV */ if ((crd->crd_flags & CRD_F_ENCRYPT) !=3D 0) { if ((crp->crp_flags & CRYPTO_F_IMBUF) !=3D 0) { m_copydata((struct mbuf *)crp->crp_buf, crd->crd_skip + crd->crd_len - 16, 16, ses->ses_iv); } else if ((crp->crp_flags & CRYPTO_F_IOV) !=3D 0) { cuio_copydata((struct uio *)crp->crp_buf, crd->crd_skip + crd->crd_len - 16, 16, ses->ses_iv); } else { bcopy(crp->crp_buf + crd->crd_skip + crd->crd_len - 16, ses->ses_iv, 16); } } out: if (buf !=3D NULL) { bzero(buf, crd->crd_len + 16); free(buf, M_DEVBUF); } crp->crp_etype =3D err; crypto_done(crp); return (err); } static int padlock_modevent(module_t mod, int type, void *unused __unused) { int error; error =3D EOPNOTSUPP; switch (type) { case MOD_LOAD: error =3D padlock_init(); break; case MOD_UNLOAD: error =3D padlock_destroy(); break; } return (error); } static moduledata_t padlock_mod =3D { "padlock", padlock_modevent, 0 }; DECLARE_MODULE(padlock, padlock_mod, SI_SUB_DRIVERS, SI_ORDER_ANY); MODULE_VERSION(padlock, 1); MODULE_DEPEND(padlock, crypto, 1, 1, 1); --NQTVMVnDVuULnIzU Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: attachment; filename=Makefile # $FreeBSD$ .PATH: ${.CURDIR}/../../crypto/via KMOD= padlock SRCS= padlock.c CFLAGS+=-DINVARIANTS -DINVARIANT_SUPPORT .include <bsd.kmod.mk> --NQTVMVnDVuULnIzU Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: attachment; filename="Makefile.patch" --- Makefile.old Fri Aug 12 15:21:37 2005 +++ Makefile Fri Aug 12 15:12:43 2005 @@ -173,6 +173,7 @@ ${_nwfs} \ ${_oltr} \ ${_osf1} \ + ${_padlock} \ patm \ ${_pccard} \ ${_pcfclock} \ @@ -394,6 +395,11 @@ _ips= ips _mly= mly _nve= nve +.if !defined(NO_CRYPT) || defined(ALL_MODULES) +.if exists(${.CURDIR}/../crypto/via) +_padlock= padlock +.endif +.endif _s3= s3 _twa= twa _vesa= vesa --NQTVMVnDVuULnIzU-- --t4apE7yKrX2dGgJC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC/KfnForvXbEpPzQRAr7KAJ0dA8qK8MXD8GOOKr/YgV2f5o2LHQCfRWD2 FZNJzCJMshB4+xSJCJXO+VQ= =H4LX -----END PGP SIGNATURE----- --t4apE7yKrX2dGgJC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050812134511.GE25162>