Date: Mon, 8 Sep 2014 04:48:23 GMT From: John-Mark Gurney <jmg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 1198591 for review Message-ID: <201409080448.s884mNox019758@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@1198591?ac=10 Change 1198591 by jmg@jmg_carbon2 on 2014/08/11 21:14:53 back out previous change so that I can continue working... Affected files ... .. //depot/projects/opencrypto/sys/crypto/via/padlock.h#3 edit .. //depot/projects/opencrypto/sys/crypto/via/padlock_hash.c#4 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#5 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptosoft.c#5 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptosoft.h#3 edit .. //depot/projects/opencrypto/sys/opencrypto/xform.c#6 edit .. //depot/projects/opencrypto/sys/opencrypto/xform.h#6 edit Differences ... ==== //depot/projects/opencrypto/sys/crypto/via/padlock.h#3 (text+ko) ==== @@ -64,17 +64,12 @@ #define cw_filler2 __field.filler2 #define cw_filler3 __field.filler3 -struct auth_hash_comb { - struct auth_hash axf; - struct auth_hash_funcs axff; -}; - struct padlock_session { union padlock_cw ses_cw __aligned(16); uint32_t ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */ uint32_t ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */ uint8_t ses_iv[16] __aligned(16); /* 128 bit aligned */ - struct auth_hash_comb *ses_axfc; + struct auth_hash *ses_axf; uint8_t *ses_ictx; uint8_t *ses_octx; int ses_mlen; ==== //depot/projects/opencrypto/sys/crypto/via/padlock_hash.c#4 (text+ko) ==== @@ -80,21 +80,17 @@ static void padlock_sha1_final(uint8_t *hash, struct padlock_sha_ctx *ctx); static void padlock_sha256_final(uint8_t *hash, struct padlock_sha_ctx *ctx); -static struct auth_hash_comb padlock_hmac_sha1 = { - { CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, - sizeof(struct padlock_sha_ctx), }, - { (void (*)(void *))padlock_sha_init, NULL, NULL, - (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, - (void (*)(uint8_t *, void *))padlock_sha1_final }, +static struct auth_hash padlock_hmac_sha1 = { + CRYPTO_SHA1_HMAC, "HMAC-SHA1", + 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx), + (void (*)(void *))padlock_sha_init, NULL, NULL, + (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, + (void (*)(uint8_t *, void *))padlock_sha1_final }; static struct auth_hash padlock_hmac_sha256 = { CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", 32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx), -}; - -static struct auth_hash_funcs padlock_hmac_sha256_funcs = { (void (*)(void *))padlock_sha_init, NULL, NULL, (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, (void (*)(uint8_t *, void *))padlock_sha256_final @@ -247,15 +243,11 @@ static void padlock_hash_key_setup(struct padlock_session *ses, caddr_t key, int klen) { - struct auth_hash_comb *axfc; struct auth_hash *axf; - struct auth_hash_funcs *axff; int i; klen /= 8; - axfc = ses->ses_axfc; - axf = &axfc->axf; - axff = &axfc->axff; + axf = ses->ses_axf; /* * Try to free contexts before using them, because @@ -268,16 +260,16 @@ for (i = 0; i < klen; i++) key[i] ^= HMAC_IPAD_VAL; - axff->Init(ses->ses_ictx); - axff->Update(ses->ses_ictx, key, klen); - axff->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen); + axf->Init(ses->ses_ictx); + axf->Update(ses->ses_ictx, key, klen); + axf->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen); for (i = 0; i < klen; i++) key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - axff->Init(ses->ses_octx); - axff->Update(ses->ses_octx, key, klen); - axff->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen); + axf->Init(ses->ses_octx); + axf->Update(ses->ses_octx, key, klen); + axf->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen); for (i = 0; i < klen; i++) key[i] ^= HMAC_OPAD_VAL; @@ -295,7 +287,7 @@ union authctx ctx; int error; - axfc = ses->ses_axfc; + axf = ses->ses_axf; padlock_copy_ctx(axf, ses->ses_ictx, &ctx); error = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len, ==== //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#5 (text+ko) ==== @@ -271,9 +271,9 @@ struct mtx lock; /* for op submission */ u_int32_t cipher; - const struct enc_xform *txform; + struct enc_xform *txform; u_int32_t mac; - const struct auth_hash *thash; + struct auth_hash *thash; caddr_t key; int keylen; @@ -322,8 +322,8 @@ static int csedelete(struct fcrypt *, struct csession *); static struct csession *cseadd(struct fcrypt *, struct csession *); static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, - u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, - const struct enc_xform *, const struct auth_hash *); + u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, + struct auth_hash *); static int csefree(struct csession *); static int cryptodev_op(struct csession *, struct crypt_op *, @@ -391,8 +391,8 @@ struct session_op *sop; struct crypt_op *cop; struct crypt_aead *caead; - const struct enc_xform *txform = NULL; - const struct auth_hash *thash = NULL; + struct enc_xform *txform = NULL; + struct auth_hash *thash = NULL; struct crypt_kop *kop; u_int64_t sid; u_int32_t ses; @@ -418,25 +418,96 @@ } else #endif sop = (struct session_op *)data; - if (sop->cipher != 0) { - if (CRYPTO_ALGO_VALID(sop->cipher) && - oc_enc_xform_array[sop->cipher].type == - sop->cipher) { - txform = &oc_enc_xform_array[sop->cipher]; - } else { - CRYPTDEB("invalid cipher"); - return (EINVAL); - } + switch (sop->cipher) { + case 0: + break; + case CRYPTO_DES_CBC: + txform = &enc_xform_des; + break; + case CRYPTO_3DES_CBC: + txform = &enc_xform_3des; + break; + case CRYPTO_BLF_CBC: + txform = &enc_xform_blf; + break; + case CRYPTO_CAST_CBC: + txform = &enc_xform_cast5; + break; + case CRYPTO_SKIPJACK_CBC: + txform = &enc_xform_skipjack; + break; + case CRYPTO_AES_CBC: + txform = &enc_xform_rijndael128; + break; + case CRYPTO_AES_XTS: + txform = &enc_xform_aes_xts; + break; + case CRYPTO_NULL_CBC: + txform = &enc_xform_null; + break; + case CRYPTO_ARC4: + txform = &enc_xform_arc4; + break; + case CRYPTO_CAMELLIA_CBC: + txform = &enc_xform_camellia; + break; + case CRYPTO_AES_ICM: + txform = &enc_xform_aes_icm; + break; + case CRYPTO_AES_NIST_GCM_16: + txform = &enc_xform_aes_nist_gcm; + break; + + default: + CRYPTDEB("invalid cipher"); + return (EINVAL); } - if (sop->mac != 0) { - if (CRYPTO_ALGO_VALID(sop->cipher) && - oc_auth_hash_array[sop->cipher].type == sop->mac) { - thash = &oc_auth_hash_array[sop->cipher]; - } else { - CRYPTDEB("invalid hash"); - return (EINVAL); - } + switch (sop->mac) { + case 0: + break; + case CRYPTO_MD5_HMAC: + thash = &auth_hash_hmac_md5; + break; + case CRYPTO_SHA1_HMAC: + thash = &auth_hash_hmac_sha1; + break; + case CRYPTO_SHA2_256_HMAC: + thash = &auth_hash_hmac_sha2_256; + break; + case CRYPTO_SHA2_384_HMAC: + thash = &auth_hash_hmac_sha2_384; + break; + case CRYPTO_SHA2_512_HMAC: + thash = &auth_hash_hmac_sha2_512; + break; + case CRYPTO_RIPEMD160_HMAC: + thash = &auth_hash_hmac_ripemd_160; + break; + case CRYPTO_AES_128_NIST_GMAC: + thash = &auth_hash_nist_gmac_aes_128; + break; + case CRYPTO_AES_192_NIST_GMAC: + thash = &auth_hash_nist_gmac_aes_192; + break; + case CRYPTO_AES_256_NIST_GMAC: + thash = &auth_hash_nist_gmac_aes_256; + break; + +#ifdef notdef + case CRYPTO_MD5: + thash = &auth_hash_md5; + break; + case CRYPTO_SHA1: + thash = &auth_hash_sha1; + break; +#endif + case CRYPTO_NULL_HMAC: + thash = &auth_hash_null; + break; + default: + CRYPTDEB("invalid mac"); + return (EINVAL); } bzero(&crie, sizeof(crie)); @@ -1195,7 +1266,7 @@ struct csession * csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, - const struct enc_xform *txform, const struct auth_hash *thash) + struct enc_xform *txform, struct auth_hash *thash) { struct csession *cse; ==== //depot/projects/opencrypto/sys/opencrypto/cryptosoft.c#5 (text+ko) ==== @@ -84,12 +84,10 @@ { unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN]; - const struct enc_xform *exf; - const struct enc_xform_funcs *exff; + struct enc_xform *exf; int i, k, j, blks; exf = sw->sw_exf; - exff = &oc_enc_xform_funcs[exf->type]; blks = exf->blocksize; /* Check for non-padded data */ @@ -122,8 +120,8 @@ int error; if (sw->sw_kschedule) - exff->zerokey(&(sw->sw_kschedule)); - error = exff->setkey(&sw->sw_kschedule, + exf->zerokey(&(sw->sw_kschedule)); + error = exf->setkey(&sw->sw_kschedule, crd->crd_key, crd->crd_klen / 8); if (error) return (error); @@ -135,8 +133,8 @@ * xforms that provide a reinit method perform all IV * handling themselves. */ - if (exff->reinit != NULL) - exff->reinit(sw->sw_kschedule, iv); + if (exf->reinit) + exf->reinit(sw->sw_kschedule, iv); if (flags & CRYPTO_F_IMBUF) { struct mbuf *m = (struct mbuf *) buf; @@ -157,12 +155,12 @@ m_copydata(m, k, blks, blk); /* Actual encryption/decryption */ - if (exff->reinit != NULL) { + if (exf->reinit) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exff->encrypt(sw->sw_kschedule, + exf->encrypt(sw->sw_kschedule, blk); } else { - exff->decrypt(sw->sw_kschedule, + exf->decrypt(sw->sw_kschedule, blk); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -170,7 +168,7 @@ for (j = 0; j < blks; j++) blk[j] ^= ivp[j]; - exff->encrypt(sw->sw_kschedule, blk); + exf->encrypt(sw->sw_kschedule, blk); /* * Keep encrypted block for XOR'ing @@ -188,7 +186,7 @@ else bcopy(blk, iv, blks); - exff->decrypt(sw->sw_kschedule, blk); + exf->decrypt(sw->sw_kschedule, blk); /* XOR with previous block */ for (j = 0; j < blks; j++) @@ -235,12 +233,12 @@ idat = mtod(m, unsigned char *) + k; while (m->m_len >= k + blks && i > 0) { - if (exff->reinit != NULL) { + if (exf->reinit) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exff->encrypt(sw->sw_kschedule, + exf->encrypt(sw->sw_kschedule, idat); } else { - exff->decrypt(sw->sw_kschedule, + exf->decrypt(sw->sw_kschedule, idat); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -248,7 +246,7 @@ for (j = 0; j < blks; j++) idat[j] ^= ivp[j]; - exff->encrypt(sw->sw_kschedule, idat); + exf->encrypt(sw->sw_kschedule, idat); ivp = idat; } else { /* decrypt */ /* @@ -260,7 +258,7 @@ else bcopy(idat, iv, blks); - exff->decrypt(sw->sw_kschedule, idat); + exf->decrypt(sw->sw_kschedule, idat); /* XOR with previous block/IV */ for (j = 0; j < blks; j++) @@ -299,12 +297,12 @@ cuio_copydata(uio, k, blks, blk); /* Actual encryption/decryption */ - if (exff->reinit != NULL) { + if (exf->reinit) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exff->encrypt(sw->sw_kschedule, + exf->encrypt(sw->sw_kschedule, blk); } else { - exff->decrypt(sw->sw_kschedule, + exf->decrypt(sw->sw_kschedule, blk); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -312,7 +310,7 @@ for (j = 0; j < blks; j++) blk[j] ^= ivp[j]; - exff->encrypt(sw->sw_kschedule, blk); + exf->encrypt(sw->sw_kschedule, blk); /* * Keep encrypted block for XOR'ing @@ -330,7 +328,7 @@ else bcopy(blk, iv, blks); - exff->decrypt(sw->sw_kschedule, blk); + exf->decrypt(sw->sw_kschedule, blk); /* XOR with previous block */ for (j = 0; j < blks; j++) @@ -365,12 +363,12 @@ idat = (char *)iov->iov_base + k; while (iov->iov_len >= k + blks && i > 0) { - if (exff->reinit != NULL) { + if (exf->reinit) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exff->encrypt(sw->sw_kschedule, + exf->encrypt(sw->sw_kschedule, idat); } else { - exff->decrypt(sw->sw_kschedule, + exf->decrypt(sw->sw_kschedule, idat); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -378,7 +376,7 @@ for (j = 0; j < blks; j++) idat[j] ^= ivp[j]; - exff->encrypt(sw->sw_kschedule, idat); + exf->encrypt(sw->sw_kschedule, idat); ivp = idat; } else { /* decrypt */ /* @@ -390,7 +388,7 @@ else bcopy(idat, iv, blks); - exff->decrypt(sw->sw_kschedule, idat); + exf->decrypt(sw->sw_kschedule, idat); /* XOR with previous block/IV */ for (j = 0; j < blks; j++) @@ -414,13 +412,13 @@ return 0; /* Done with iovec encryption/decryption */ } else { /* contiguous buffer */ - if (exff->reinit != NULL) { + if (exf->reinit) { for (i = crd->crd_skip; i < crd->crd_skip + crd->crd_len; i += blks) { if (crd->crd_flags & CRD_F_ENCRYPT) - exff->encrypt(sw->sw_kschedule, buf + i); + exf->encrypt(sw->sw_kschedule, buf + i); else - exff->decrypt(sw->sw_kschedule, buf + i); + exf->decrypt(sw->sw_kschedule, buf + i); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { for (i = crd->crd_skip; @@ -432,7 +430,7 @@ else for (k = 0; k < blks; k++) buf[i + k] ^= buf[i + k - blks]; - exff->encrypt(sw->sw_kschedule, buf + i); + exf->encrypt(sw->sw_kschedule, buf + i); } } else { /* Decrypt */ /* @@ -441,7 +439,7 @@ */ for (i = crd->crd_skip + crd->crd_len - blks; i >= crd->crd_skip; i -= blks) { - exff->decrypt(sw->sw_kschedule, buf + i); + exf->decrypt(sw->sw_kschedule, buf + i); /* XOR with the IV/previous block, as appropriate */ if (i == crd->crd_skip) @@ -461,13 +459,11 @@ } static void -swcr_authprepare(const struct auth_hash *axf, struct swcr_data *sw, u_char *key, +swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key, int klen) { - const struct auth_hash_funcs *axff; int k; - axff = &oc_auth_hash_funcs[axf->type]; klen /= 8; switch (axf->type) { @@ -481,16 +477,16 @@ for (k = 0; k < klen; k++) key[k] ^= HMAC_IPAD_VAL; - axff->Init(sw->sw_ictx); - axff->Update(sw->sw_ictx, key, klen); - axff->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); for (k = 0; k < klen; k++) key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - axff->Init(sw->sw_octx); - axff->Update(sw->sw_octx, key, klen); - axff->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); + axf->Init(sw->sw_octx); + axf->Update(sw->sw_octx, key, klen); + axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); for (k = 0; k < klen; k++) key[k] ^= HMAC_OPAD_VAL; @@ -512,9 +508,9 @@ sw->sw_klen = klen; bcopy(key, sw->sw_octx, klen); - axff->Init(sw->sw_ictx); - axff->Update(sw->sw_ictx, key, klen); - axff->Final(buf, sw->sw_ictx); + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Final(buf, sw->sw_ictx); break; } default: @@ -531,8 +527,7 @@ int flags) { unsigned char aalg[HASH_MAX_LEN]; - const struct auth_hash *axf; - const struct auth_hash_funcs *axff; + struct auth_hash *axf; union authctx ctx; int err; @@ -540,7 +535,6 @@ return EINVAL; axf = sw->sw_axf; - axff = &oc_auth_hash_funcs[axf->type]; if (crd->crd_flags & CRD_F_KEY_EXPLICIT) swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen); @@ -548,7 +542,7 @@ bcopy(sw->sw_ictx, &ctx, axf->ctxsize); err = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len, - (int (*)(void *, void *, unsigned int))axff->Update, (caddr_t)&ctx); + (int (*)(void *, void *, unsigned int))axf->Update, (caddr_t)&ctx); if (err) return err; @@ -562,10 +556,10 @@ if (sw->sw_octx == NULL) return EINVAL; - axff->Final(aalg, &ctx); + axf->Final(aalg, &ctx); bcopy(sw->sw_octx, &ctx, axf->ctxsize); - axff->Update(&ctx, aalg, axf->hashsize); - axff->Final(aalg, &ctx); + axf->Update(&ctx, aalg, axf->hashsize); + axf->Final(aalg, &ctx); break; case CRYPTO_MD5_KPDK: @@ -581,12 +575,12 @@ * and let Final() do the proper, natural "algofill" * padding. */ - axff->Update(&ctx, sw->sw_octx, sw->sw_klen); - axff->Final(aalg, &ctx); + axf->Update(&ctx, sw->sw_octx, sw->sw_klen); + axf->Final(aalg, &ctx); break; case CRYPTO_NULL_HMAC: - axff->Final(aalg, &ctx); + axf->Final(aalg, &ctx); break; } @@ -610,10 +604,8 @@ union authctx ctx; struct cryptodesc *crd, *crda = NULL, *crde = NULL; struct swcr_data *sw, *swa, *swe = NULL; - const struct auth_hash *axf = NULL; - const struct auth_hash_funcs *axff = NULL; - const struct enc_xform *exf = NULL; - struct enc_xform_funcs *exff = NULL; + struct auth_hash *axf = NULL; + struct enc_xform *exf = NULL; caddr_t buf = (caddr_t)crp->crp_buf; uint32_t *blkp; int aadlen, blksz, i, ivlen, len, iskip, oskip, r; @@ -678,11 +670,9 @@ } } - axff = &oc_auth_hash_funcs[axf->type]; - /* Supply MAC with IV */ - if (axff->Reinit != NULL) - axff->Reinit(&ctx, iv, ivlen); + if (axf->Reinit) + axf->Reinit(&ctx, iv, ivlen); /* Supply MAC with AAD */ aadlen = crda->crd_len; @@ -692,12 +682,12 @@ crypto_copydata(crp->crp_flags, buf, crda->crd_skip + i, len, blk + oskip); bzero(blk + len + oskip, blksz - len - oskip); - axff->Update(&ctx, blk, blksz); + axf->Update(&ctx, blk, blksz); oskip = 0; /* reset initial output offset */ } - if (exff->reinit != NULL) - exff->reinit(swe->sw_kschedule, iv); + if (exf->reinit) + exf->reinit(swe->sw_kschedule, iv); /* Do encryption/decryption with MAC */ for (i = 0; i < crde->crd_len; i += blksz) { @@ -707,12 +697,12 @@ crypto_copydata(crp->crp_flags, buf, crde->crd_skip + i, len, blk); if (crde->crd_flags & CRD_F_ENCRYPT) { - exff->encrypt(swe->sw_kschedule, blk); - axff->Update(&ctx, blk, len); + exf->encrypt(swe->sw_kschedule, blk); + axf->Update(&ctx, blk, len); crypto_copyback(crp->crp_flags, buf, crde->crd_skip + i, len, blk); } else { - axff->Update(&ctx, blk, len); + axf->Update(&ctx, blk, len); } } @@ -727,12 +717,12 @@ *blkp = htobe32(aadlen * 8); blkp = (uint32_t *)blk + 3; *blkp = htobe32(crde->crd_len * 8); - axff->Update(&ctx, blk, blksz); + axf->Update(&ctx, blk, blksz); break; } /* Finalize MAC */ - axff->Final(aalg, &ctx); + axf->Final(aalg, &ctx); /* Validate tag */ crypto_copydata(crp->crp_flags, buf, crda->crd_inject, axf->hashsize, @@ -750,7 +740,7 @@ crypto_copydata(crp->crp_flags, buf, crde->crd_skip + i, len, blk); if (!(crde->crd_flags & CRD_F_ENCRYPT)) { - exff->decrypt(swe->sw_kschedule, blk); + exf->decrypt(swe->sw_kschedule, blk); } crypto_copyback(crp->crp_flags, buf, crde->crd_skip + i, len, blk); @@ -772,13 +762,11 @@ caddr_t buf, int flags) { u_int8_t *data, *out; - const struct comp_algo *cxf; - const struct comp_algo_funcs *cxff; + struct comp_algo *cxf; int adj; u_int32_t result; cxf = sw->sw_cxf; - cxff = &oc_comp_algo_funcs[cxf->type]; /* We must handle the whole buffer of data in one time * then if there is not all the data in the mbuf, we must @@ -791,9 +779,9 @@ crypto_copydata(flags, buf, crd->crd_skip, crd->crd_len, data); if (crd->crd_flags & CRD_F_COMP) - result = cxff->compress(data, crd->crd_len, &out); + result = cxf->compress(data, crd->crd_len, &out); else - result = cxff->decompress(data, crd->crd_len, &out); + result = cxf->decompress(data, crd->crd_len, &out); free(data, M_CRYPTO_DATA); if (result == 0) @@ -849,11 +837,9 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) { struct swcr_data **swd; - const struct auth_hash *axf; - const struct auth_hash_funcs *axff; - const struct enc_xform *txf; - const struct enc_xform_funcs *txff; - const struct comp_algo *cxf; + struct auth_hash *axf; + struct enc_xform *txf; + struct comp_algo *cxf; u_int32_t i; int error; @@ -911,25 +897,46 @@ } switch (cri->cri_alg) { - case CRYPTO_AES_NIST_GMAC: - txf = &oc_enc_xform_array[cri->cri_alg]; - (*swd)->sw_exf = txf; - break; case CRYPTO_DES_CBC: + txf = &enc_xform_des; + goto enccommon; case CRYPTO_3DES_CBC: + txf = &enc_xform_3des; + goto enccommon; case CRYPTO_BLF_CBC: + txf = &enc_xform_blf; + goto enccommon; case CRYPTO_CAST_CBC: + txf = &enc_xform_cast5; + goto enccommon; case CRYPTO_SKIPJACK_CBC: + txf = &enc_xform_skipjack; + goto enccommon; case CRYPTO_RIJNDAEL128_CBC: + txf = &enc_xform_rijndael128; + goto enccommon; case CRYPTO_AES_XTS: + txf = &enc_xform_aes_xts; + goto enccommon; case CRYPTO_AES_ICM: + txf = &enc_xform_aes_icm; + goto enccommon; case CRYPTO_AES_NIST_GCM_16: + txf = &enc_xform_aes_nist_gcm; + goto enccommon; + case CRYPTO_AES_NIST_GMAC: + txf = &enc_xform_aes_nist_gmac; + (*swd)->sw_exf = txf; + break; case CRYPTO_CAMELLIA_CBC: + txf = &enc_xform_camellia; + goto enccommon; case CRYPTO_NULL_CBC: - txf = &oc_enc_xform_array[cri->cri_alg]; - txff = &oc_enc_xform_funcs[txf->type]; + txf = &enc_xform_null; + goto enccommon; + enccommon: if (cri->cri_key != NULL) { - error = txff->setkey(&((*swd)->sw_kschedule), + error = txf->setkey(&((*swd)->sw_kschedule), cri->cri_key, cri->cri_klen / 8); if (error) { swcr_freesession_locked(dev, i); @@ -941,13 +948,26 @@ break; case CRYPTO_MD5_HMAC: + axf = &auth_hash_hmac_md5; + goto authcommon; case CRYPTO_SHA1_HMAC: + axf = &auth_hash_hmac_sha1; + goto authcommon; case CRYPTO_SHA2_256_HMAC: + axf = &auth_hash_hmac_sha2_256; + goto authcommon; case CRYPTO_SHA2_384_HMAC: + axf = &auth_hash_hmac_sha2_384; + goto authcommon; case CRYPTO_SHA2_512_HMAC: + axf = &auth_hash_hmac_sha2_512; + goto authcommon; case CRYPTO_NULL_HMAC: + axf = &auth_hash_null; + goto authcommon; case CRYPTO_RIPEMD160_HMAC: - axf = &oc_auth_hash_array[cri->cri_alg]; + axf = &auth_hash_hmac_ripemd_160; + authcommon: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -974,8 +994,12 @@ break; case CRYPTO_MD5_KPDK: + axf = &auth_hash_key_md5; + goto auth2common; + case CRYPTO_SHA1_KPDK: - axf = &oc_auth_hash_array[cri->cri_alg]; + axf = &auth_hash_key_sha1; + auth2common: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -1003,9 +1027,12 @@ break; #ifdef notdef case CRYPTO_MD5: + axf = &auth_hash_md5; + goto auth3common; + case CRYPTO_SHA1: + axf = &auth_hash_sha1; auth3common: - axf = &oc_auth_hash_array[cri->cri_alg]; (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -1021,10 +1048,16 @@ #endif case CRYPTO_AES_128_NIST_GMAC: + axf = &auth_hash_nist_gmac_aes_128; + goto auth4common; + case CRYPTO_AES_192_NIST_GMAC: + axf = &auth_hash_nist_gmac_aes_192; + goto auth4common; + case CRYPTO_AES_256_NIST_GMAC: - axf = &oc_auth_hash_array[cri->cri_alg]; - axff = &oc_auth_hash_funcs[axf->type]; + axf = &auth_hash_nist_gmac_aes_256; + auth4common: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -1032,14 +1065,14 @@ rw_runlock(&swcr_sessions_lock); return ENOBUFS; } - axff->Init((*swd)->sw_ictx); - axff->Setkey((*swd)->sw_ictx, cri->cri_key, + axf->Init((*swd)->sw_ictx); + axf->Setkey((*swd)->sw_ictx, cri->cri_key, cri->cri_klen / 8); (*swd)->sw_axf = axf; break; case CRYPTO_DEFLATE_COMP: - cxf = &oc_comp_algo_array[cri->cri_alg]; + cxf = &comp_algo_deflate; (*swd)->sw_cxf = cxf; break; default: @@ -1074,10 +1107,9 @@ swcr_freesession_locked(device_t dev, u_int64_t tid) { struct swcr_data *swd; - const struct enc_xform *txf; - const struct enc_xform_funcs *txff; - const struct auth_hash *axf; - const struct comp_algo *cxf; + struct enc_xform *txf; + struct auth_hash *axf; + struct comp_algo *cxf; u_int32_t sid = CRYPTO_SESID2LID(tid); if (sid > swcr_sesnum || swcr_sessions == NULL || @@ -1105,10 +1137,9 @@ case CRYPTO_CAMELLIA_CBC: case CRYPTO_NULL_CBC: txf = swd->sw_exf; - txff = &oc_enc_xform_funcs[txf->type]; if (swd->sw_kschedule) - txff->zerokey(&(swd->sw_kschedule)); + txf->zerokey(&(swd->sw_kschedule)); break; case CRYPTO_MD5_HMAC: ==== //depot/projects/opencrypto/sys/opencrypto/cryptosoft.h#3 (text+ko) ==== @@ -34,15 +34,15 @@ u_int8_t *SW_octx; u_int16_t SW_klen; u_int16_t SW_mlen; - const struct auth_hash *SW_axf; + struct auth_hash *SW_axf; } SWCR_AUTH; struct { u_int8_t *SW_kschedule; - const struct enc_xform *SW_exf; + struct enc_xform *SW_exf; } SWCR_ENC; struct { u_int32_t SW_size; - const struct comp_algo *SW_cxf; + struct comp_algo *SW_cxf; } SWCR_COMP; } SWCR_UN; ==== //depot/projects/opencrypto/sys/opencrypto/xform.c#6 (text+ko) ==== @@ -150,262 +150,232 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers"); /* Encryption instances */ -const struct enc_xform oc_enc_xform_array[CRYPTO_ALGORITHM_MAX + 1] = { - [CRYPTO_NULL_CBC] = { - CRYPTO_NULL_CBC, "NULL", - /* NB: blocksize of 4 is to generate a properly aligned ESP header */ - NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ - }, - [CRYPTO_DES_CBC] = { - CRYPTO_DES_CBC, "DES", - DES_BLOCK_LEN, 8, 8, - }, - [CRYPTO_3DES_CBC] = { - CRYPTO_3DES_CBC, "3DES", - DES3_BLOCK_LEN, 24, 24, - }, - [CRYPTO_BLF_CBC] = { - CRYPTO_BLF_CBC, "Blowfish", - BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */, - }, - [CRYPTO_CAST_CBC] = { - CRYPTO_CAST_CBC, "CAST-128", - CAST128_BLOCK_LEN, 5, 16, - }, - [CRYPTO_SKIPJACK_CBC] = { - CRYPTO_SKIPJACK_CBC, "Skipjack", - SKIPJACK_BLOCK_LEN, 10, 10, - }, - [CRYPTO_RIJNDAEL128_CBC] = { - CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", - RIJNDAEL128_BLOCK_LEN, 16, 32, - }, - [CRYPTO_AES_ICM] = { - CRYPTO_AES_ICM, "AES-ICM", - RIJNDAEL128_BLOCK_LEN, 16, 32, - }, - [CRYPTO_AES_NIST_GCM_16] = { - CRYPTO_AES_NIST_GCM_16, "AES-GCM", - 1, 16, 32, - }, - [CRYPTO_AES_NIST_GMAC] = { - CRYPTO_AES_NIST_GMAC, "AES-GMAC", - 1, 16, 32, - }, - [CRYPTO_AES_XTS] = { - CRYPTO_AES_XTS, "AES-XTS", - RIJNDAEL128_BLOCK_LEN, 32, 64, - }, - [CRYPTO_ARC4] = { - CRYPTO_ARC4, "ARC4", - 1, 1, 32, - }, - [CRYPTO_CAMELLIA_CBC] = { - CRYPTO_CAMELLIA_CBC, "Camellia", - CAMELLIA_BLOCK_LEN, 8, 32, - }, +struct enc_xform enc_xform_null = { + CRYPTO_NULL_CBC, "NULL", + /* NB: blocksize of 4 is to generate a properly aligned ESP header */ + NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ + null_encrypt, + null_decrypt, + null_setkey, + null_zerokey, + NULL, +}; + +struct enc_xform enc_xform_des = { + CRYPTO_DES_CBC, "DES", + DES_BLOCK_LEN, 8, 8, + des1_encrypt, + des1_decrypt, + des1_setkey, + des1_zerokey, + NULL, +}; + +struct enc_xform enc_xform_3des = { + CRYPTO_3DES_CBC, "3DES", + DES3_BLOCK_LEN, 24, 24, >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409080448.s884mNox019758>