Date: Fri, 17 Aug 2018 00:30:05 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337939 - in head/sys: conf modules/crypto opencrypto Message-ID: <201808170030.w7H0U5rt027737@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Fri Aug 17 00:30:04 2018 New Revision: 337939 URL: https://svnweb.freebsd.org/changeset/base/337939 Log: Add xform-conforming auth_hash wrapper for Poly-1305 The wrapper is a thin shim around libsodium's Poly-1305 implementation. For now, we just use the C algorithm and do not attempt to build the SSE-optimized variant for x86 processors. The algorithm support has not yet been plumbed through cryptodev, or added to cryptosoft. Added: head/sys/opencrypto/xform_poly1305.c (contents, props changed) head/sys/opencrypto/xform_poly1305.h (contents, props changed) Modified: head/sys/conf/files head/sys/modules/crypto/Makefile head/sys/opencrypto/cryptodev.h head/sys/opencrypto/xform_auth.h Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/conf/files Fri Aug 17 00:30:04 2018 (r337939) @@ -4819,6 +4819,21 @@ opencrypto/gfmult.c optional crypto | ipsec | ipsec_s opencrypto/rmd160.c optional crypto | ipsec | ipsec_support opencrypto/skipjack.c optional crypto | ipsec | ipsec_support opencrypto/xform.c optional crypto | ipsec | ipsec_support +opencrypto/xform_poly1305.c optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium" +contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c \ + optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium" +contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c \ + optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium" +contrib/libsodium/src/libsodium/crypto_verify/sodium/verify.c \ + optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium" +crypto/libsodium/randombytes.c optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium" +crypto/libsodium/utils.c optional crypto \ + compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium" rpc/auth_none.c optional krpc | nfslockd | nfscl | nfsd rpc/auth_unix.c optional krpc | nfslockd | nfscl | nfsd rpc/authunix_prot.c optional krpc | nfslockd | nfscl | nfsd Modified: head/sys/modules/crypto/Makefile ============================================================================== --- head/sys/modules/crypto/Makefile Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/modules/crypto/Makefile Fri Aug 17 00:30:04 2018 (r337939) @@ -1,5 +1,7 @@ # $FreeBSD$ +LIBSODIUM=${SRCTOP}/sys/contrib/libsodium/src/libsodium + .PATH: ${SRCTOP}/sys/opencrypto .PATH: ${SRCTOP}/sys/crypto .PATH: ${SRCTOP}/sys/crypto/blowfish @@ -12,6 +14,10 @@ .PATH: ${SRCTOP}/sys/crypto/blake2 .PATH: ${SRCTOP}/sys/crypto/chacha20 .PATH: ${SRCTOP}/sys/contrib/libb2 +.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305 +.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305/donna +.PATH: ${LIBSODIUM}/crypto_verify/sodium +.PATH: ${SRCTOP}/sys/crypto/libsodium KMOD = crypto SRCS = crypto.c cryptodev_if.c @@ -44,6 +50,22 @@ CWARNFLAGS.blake2b-ref.c += -Wno-cast-qual -Wno-unused CWARNFLAGS.blake2s-ref.c += -Wno-cast-qual -Wno-unused-function SRCS += chacha.c SRCS += chacha-sw.c + +LIBSODIUM_INC=${LIBSODIUM}/include +LIBSODIUM_COMPAT=${SRCTOP}/sys/crypto/libsodium +SRCS += xform_poly1305.c +CFLAGS.xform_poly1305.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT} +SRCS += onetimeauth_poly1305.c +CFLAGS.onetimeauth_poly1305.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT} +SRCS += poly1305_donna.c +CFLAGS.poly1305_donna.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT} +SRCS += verify.c +CFLAGS.verify.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT} +SRCS += randombytes.c +CFLAGS.randombytes.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT} +SRCS += utils.c +CFLAGS.utils.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT} + SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h SRCS += opt_ddb.h Modified: head/sys/opencrypto/cryptodev.h ============================================================================== --- head/sys/opencrypto/cryptodev.h Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/opencrypto/cryptodev.h Fri Aug 17 00:30:04 2018 (r337939) @@ -85,6 +85,7 @@ #define MD5_KPDK_HASH_LEN 16 #define SHA1_KPDK_HASH_LEN 20 #define AES_GMAC_HASH_LEN 16 +#define POLY1305_HASH_LEN 16 /* Maximum hash algorithm result length */ #define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ @@ -107,6 +108,8 @@ #define AES_192_GMAC_KEY_LEN 24 #define AES_256_GMAC_KEY_LEN 32 +#define POLY1305_KEY_LEN 32 + /* Encryption algorithm block sizes */ #define NULL_BLOCK_LEN 4 /* IPsec to maintain alignment */ #define DES_BLOCK_LEN 8 @@ -195,7 +198,8 @@ #define CRYPTO_SHA2_256 35 #define CRYPTO_SHA2_384 36 #define CRYPTO_SHA2_512 37 -#define CRYPTO_ALGORITHM_MAX 37 /* Keep updated - see below */ +#define CRYPTO_POLY1305 38 +#define CRYPTO_ALGORITHM_MAX 38 /* Keep updated - see below */ #define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \ (x) <= CRYPTO_ALGORITHM_MAX) Modified: head/sys/opencrypto/xform_auth.h ============================================================================== --- head/sys/opencrypto/xform_auth.h Fri Aug 17 00:27:56 2018 (r337938) +++ head/sys/opencrypto/xform_auth.h Fri Aug 17 00:30:04 2018 (r337939) @@ -83,6 +83,7 @@ extern struct auth_hash auth_hash_nist_gmac_aes_192; extern struct auth_hash auth_hash_nist_gmac_aes_256; extern struct auth_hash auth_hash_blake2b; extern struct auth_hash auth_hash_blake2s; +extern struct auth_hash auth_hash_poly1305; union authctx { MD5_CTX md5ctx; Added: head/sys/opencrypto/xform_poly1305.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/opencrypto/xform_poly1305.c Fri Aug 17 00:30:04 2018 (r337939) @@ -0,0 +1,91 @@ +/* This file is in the public domain. */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <opencrypto/xform_auth.h> +#include <opencrypto/xform_poly1305.h> + +#include <sodium/crypto_onetimeauth_poly1305.h> + +struct poly1305_xform_ctx { + struct crypto_onetimeauth_poly1305_state state; +}; +CTASSERT(sizeof(union authctx) >= sizeof(struct poly1305_xform_ctx)); + +CTASSERT(POLY1305_KEY_LEN == crypto_onetimeauth_poly1305_KEYBYTES); +CTASSERT(POLY1305_HASH_LEN == crypto_onetimeauth_poly1305_BYTES); + +void +Poly1305_Init(struct poly1305_xform_ctx *polyctx) +{ + /* Nop */ +} + +void +Poly1305_Setkey(struct poly1305_xform_ctx *polyctx, + const uint8_t key[__min_size(POLY1305_KEY_LEN)], size_t klen) +{ + int rc; + + if (klen != POLY1305_KEY_LEN) + panic("%s: Bogus keylen: %u bytes", __func__, (unsigned)klen); + + rc = crypto_onetimeauth_poly1305_init(&polyctx->state, key); + if (rc != 0) + panic("%s: Invariant violated: %d", __func__, rc); +} + +static void +xform_Poly1305_Setkey(void *ctx, const uint8_t *key, uint16_t klen) +{ + Poly1305_Setkey(ctx, key, klen); +} + +int +Poly1305_Update(struct poly1305_xform_ctx *polyctx, const void *data, + size_t len) +{ + int rc; + + rc = crypto_onetimeauth_poly1305_update(&polyctx->state, data, len); + if (rc != 0) + panic("%s: Invariant violated: %d", __func__, rc); + return (0); +} + +static int +xform_Poly1305_Update(void *ctx, const uint8_t *data, uint16_t len) +{ + return (Poly1305_Update(ctx, data, len)); +} + +void +Poly1305_Final(uint8_t digest[__min_size(POLY1305_HASH_LEN)], + struct poly1305_xform_ctx *polyctx) +{ + int rc; + + rc = crypto_onetimeauth_poly1305_final(&polyctx->state, digest); + if (rc != 0) + panic("%s: Invariant violated: %d", __func__, rc); +} + +static void +xform_Poly1305_Final(uint8_t *digest, void *ctx) +{ + Poly1305_Final(digest, ctx); +} + +struct auth_hash auth_hash_poly1305 = { + .type = CRYPTO_POLY1305, + .name = "Poly-1305", + .keysize = POLY1305_KEY_LEN, + .hashsize = POLY1305_HASH_LEN, + .ctxsize = sizeof(struct poly1305_xform_ctx), + .blocksize = crypto_onetimeauth_poly1305_BYTES, + .Init = (void *)Poly1305_Init, + .Setkey = xform_Poly1305_Setkey, + .Update = xform_Poly1305_Update, + .Final = xform_Poly1305_Final, +}; Added: head/sys/opencrypto/xform_poly1305.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/opencrypto/xform_poly1305.h Fri Aug 17 00:30:04 2018 (r337939) @@ -0,0 +1,16 @@ +/* This file is in the public domain. */ +/* $FreeBSD$ */ +#pragma once + +#include <sys/types.h> + +struct poly1305_xform_ctx; + +void Poly1305_Init(struct poly1305_xform_ctx *); + +void Poly1305_Setkey(struct poly1305_xform_ctx *, + const uint8_t [__min_size(32)], size_t); + +int Poly1305_Update(struct poly1305_xform_ctx *, const void *, size_t); + +void Poly1305_Final(uint8_t [__min_size(16)], struct poly1305_xform_ctx *);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808170030.w7H0U5rt027737>