Date: Mon, 11 May 2020 21:34:30 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360933 - in head: share/man/man4 share/man/man9 sys/conf sys/dev/cesa sys/dev/hifn sys/dev/safe sys/dev/sec sys/mips/cavium/cryptocteon sys/mips/nlm/dev/sec sys/opencrypto Message-ID: <202005112134.04BLYUpx047459@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Mon May 11 21:34:29 2020 New Revision: 360933 URL: https://svnweb.freebsd.org/changeset/base/360933 Log: Remove support for DES and Triple DES from OCF. It no longer has any in-kernel consumers via OCF. smbfs still uses single DES directly, so sys/crypto/des remains for that use case. Reviewed by: cem Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24773 Deleted: head/sys/opencrypto/xform_des1.c head/sys/opencrypto/xform_des3.c Modified: head/share/man/man4/hifn.4 head/share/man/man4/safe.4 head/share/man/man9/crypto.9 head/sys/conf/files head/sys/conf/files.amd64 head/sys/conf/files.arm head/sys/conf/files.arm64 head/sys/conf/files.i386 head/sys/conf/files.mips head/sys/conf/files.powerpc head/sys/conf/files.riscv head/sys/dev/cesa/cesa.c head/sys/dev/hifn/hifn7751.c head/sys/dev/safe/safe.c head/sys/dev/sec/sec.c head/sys/mips/cavium/cryptocteon/cavium_crypto.c head/sys/mips/cavium/cryptocteon/cryptocteon.c head/sys/mips/cavium/cryptocteon/cryptocteonvar.h head/sys/mips/nlm/dev/sec/nlmsec.c head/sys/mips/nlm/dev/sec/nlmseclib.c head/sys/opencrypto/crypto.c head/sys/opencrypto/cryptodev.h head/sys/opencrypto/xform.c head/sys/opencrypto/xform_enc.h Modified: head/share/man/man4/hifn.4 ============================================================================== --- head/share/man/man4/hifn.4 Mon May 11 21:24:22 2020 (r360932) +++ head/share/man/man4/hifn.4 Mon May 11 21:34:29 2020 (r360933) @@ -56,7 +56,7 @@ driver supports various cards containing the Hifn 7751 .Pp The .Nm -driver registers itself to accelerate DES, Triple-DES, +driver registers itself to accelerate AES (7955 and 7956 only), MD5-HMAC, SHA1, and SHA1-HMAC operations for .Xr ipsec 4 Modified: head/share/man/man4/safe.4 ============================================================================== --- head/share/man/man4/safe.4 Mon May 11 21:24:22 2020 (r360932) +++ head/share/man/man4/safe.4 Mon May 11 21:34:29 2020 (r360933) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\"/ -.Dd April 1, 2006 +.Dd May 11, 2020 .Dt SAFE 4 .Os .Sh NAME @@ -60,7 +60,7 @@ driver supports cards containing SafeNet crypto accele .Pp The .Nm -driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC, +driver registers itself to accelerate AES, MD5-HMAC, SHA1-HMAC, and NULL operations for .Xr ipsec 4 and Modified: head/share/man/man9/crypto.9 ============================================================================== --- head/share/man/man9/crypto.9 Mon May 11 21:24:22 2020 (r360932) +++ head/share/man/man9/crypto.9 Mon May 11 21:34:29 2020 (r360933) @@ -131,8 +131,6 @@ The following encryption algorithms are supported: .It Dv CRYPTO_AES_XTS .It Dv CRYPTO_CAMELLIA_CBC .It Dv CRYPTO_CHACHA20 -.It Dv CRYPTO_DES_CBC -.It Dv CRYPTO_3DES_CBC .It Dv CRYPTO_NULL_CBC .El .Pp Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files Mon May 11 21:34:29 2020 (r360933) @@ -684,8 +684,8 @@ crypto/camellia/camellia.c optional crypto | ipsec | i crypto/camellia/camellia-api.c optional crypto | ipsec | ipsec_support crypto/chacha20/chacha.c standard crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support -crypto/des/des_ecb.c optional crypto | ipsec | ipsec_support | netsmb -crypto/des/des_setkey.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_ecb.c optional netsmb +crypto/des/des_setkey.c optional netsmb crypto/rc4/rc4.c optional netgraph_mppc_encryption | kgssapi crypto/rijndael/rijndael-alg-fst.c optional crypto | ekcd | geom_bde | \ ipsec | ipsec_support | !random_loadable | wlan_ccmp Modified: head/sys/conf/files.amd64 ============================================================================== --- head/sys/conf/files.amd64 Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.amd64 Mon May 11 21:34:29 2020 (r360933) @@ -136,8 +136,7 @@ amd64/pci/pci_cfgreg.c optional pci cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" crypto/aesni/aeskeys_amd64.S optional aesni -crypto/des/des_enc.c optional crypto | ipsec | \ - ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/acpi_support/acpi_wmi_if.m standard dev/agp/agp_amd64.c optional agp dev/agp/agp_i810.c optional agp Modified: head/sys/conf/files.arm ============================================================================== --- head/sys/conf/files.arm Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.arm Mon May 11 21:34:29 2020 (r360933) @@ -91,7 +91,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c opti cddl/dev/dtrace/arm/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/arm/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/arm/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/cpufreq/cpufreq_dt.c optional cpufreq fdt dev/dwc/if_dwc.c optional dwc dev/dwc/if_dwc_if.m optional dwc Modified: head/sys/conf/files.arm64 ============================================================================== --- head/sys/conf/files.arm64 Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.arm64 Mon May 11 21:34:29 2020 (r360933) @@ -221,7 +221,7 @@ armv8_crypto_wrap.o optional armv8crypto \ compile-with "${CC} -c ${CFLAGS:C/^-O2$/-O3/:N-nostdinc:N-mgeneral-regs-only} -I$S/crypto/armv8/ ${WERROR} ${NO_WCAST_QUAL} ${PROF} -march=armv8-a+crypto ${.IMPSRC}" \ no-implicit-rule \ clean "armv8_crypto_wrap.o" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/acpica/acpi_bus_if.m optional acpi dev/acpica/acpi_if.m optional acpi dev/acpica/acpi_pci_link.c optional acpi pci Modified: head/sys/conf/files.i386 ============================================================================== --- head/sys/conf/files.i386 Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.i386 Mon May 11 21:34:29 2020 (r360933) @@ -76,7 +76,7 @@ compat/linux/linux_vdso.c optional compat_linux compat/linux/linux.c optional compat_linux compat/ndis/winx32_wrap.S optional ndisapi pci crypto/aesni/aeskeys_i386.S optional aesni -crypto/des/arch/i386/des_enc.S optional crypto | ipsec | ipsec_support | netsmb +crypto/des/arch/i386/des_enc.S optional netsmb dev/agp/agp_ali.c optional agp dev/agp/agp_amd.c optional agp dev/agp/agp_amd64.c optional agp Modified: head/sys/conf/files.mips ============================================================================== --- head/sys/conf/files.mips Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.mips Mon May 11 21:34:29 2020 (r360933) @@ -82,8 +82,7 @@ mips/mips/sc_machdep.c optional sc dev/uart/uart_cpu_fdt.c optional uart fdt # crypto support -- use generic -crypto/des/des_enc.c optional crypto | ipsec | \ - ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb # AP common nvram interface MIPS specific, but maybe should be more generic dev/nvram2env/nvram2env_mips.c optional nvram2env Modified: head/sys/conf/files.powerpc ============================================================================== --- head/sys/conf/files.powerpc Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.powerpc Mon May 11 21:34:29 2020 (r360933) @@ -14,7 +14,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c op cddl/dev/dtrace/powerpc/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/powerpc/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/powerpc/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/aacraid/aacraid_endian.c optional aacraid dev/adb/adb_bus.c optional adb dev/adb/adb_kbd.c optional adb Modified: head/sys/conf/files.riscv ============================================================================== --- head/sys/conf/files.riscv Mon May 11 21:24:22 2020 (r360932) +++ head/sys/conf/files.riscv Mon May 11 21:34:29 2020 (r360933) @@ -2,7 +2,7 @@ cddl/dev/dtrace/riscv/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/riscv/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/riscv/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/ofw/ofw_cpu.c optional fdt dev/ofw/ofwpci.c optional pci fdt dev/pci/pci_host_generic.c optional pci Modified: head/sys/dev/cesa/cesa.c ============================================================================== --- head/sys/dev/cesa/cesa.c Mon May 11 21:24:22 2020 (r360932) +++ head/sys/dev/cesa/cesa.c Mon May 11 21:34:29 2020 (r360933) @@ -1577,14 +1577,6 @@ cesa_cipher_supported(const struct crypto_session_para if (csp->csp_ivlen != AES_BLOCK_LEN) return (false); break; - case CRYPTO_DES_CBC: - if (csp->csp_ivlen != DES_BLOCK_LEN) - return (false); - break; - case CRYPTO_3DES_CBC: - if (csp->csp_ivlen != DES3_BLOCK_LEN) - return (false); - break; default: return (false); } @@ -1672,15 +1664,6 @@ cesa_newsession(device_t dev, crypto_session_t cses, case CRYPTO_AES_CBC: cs->cs_config |= CESA_CSHD_AES | CESA_CSHD_CBC; cs->cs_ivlen = AES_BLOCK_LEN; - break; - case CRYPTO_DES_CBC: - cs->cs_config |= CESA_CSHD_DES | CESA_CSHD_CBC; - cs->cs_ivlen = DES_BLOCK_LEN; - break; - case CRYPTO_3DES_CBC: - cs->cs_config |= CESA_CSHD_3DES | CESA_CSHD_3DES_EDE | - CESA_CSHD_CBC; - cs->cs_ivlen = DES3_BLOCK_LEN; break; } Modified: head/sys/dev/hifn/hifn7751.c ============================================================================== --- head/sys/dev/hifn/hifn7751.c Mon May 11 21:24:22 2020 (r360932) +++ head/sys/dev/hifn/hifn7751.c Mon May 11 21:34:29 2020 (r360933) @@ -1604,14 +1604,6 @@ hifn_write_command(struct hifn_command *cmd, u_int8_t if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) { switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) { - case HIFN_CRYPT_CMD_ALG_3DES: - bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH); - buf_pos += HIFN_3DES_KEY_LENGTH; - break; - case HIFN_CRYPT_CMD_ALG_DES: - bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH); - buf_pos += HIFN_DES_KEY_LENGTH; - break; case HIFN_CRYPT_CMD_ALG_AES: /* * AES keys are variable 128, 192 and @@ -2328,8 +2320,6 @@ hifn_cipher_supported(struct hifn_softc *sc, switch (sc->sc_ena) { case HIFN_PUSTAT_ENA_2: switch (csp->csp_cipher_alg) { - case CRYPTO_3DES_CBC: - break; case CRYPTO_AES_CBC: if ((sc->sc_flags & HIFN_HAS_AES) == 0) return (false); @@ -2343,13 +2333,6 @@ hifn_cipher_supported(struct hifn_softc *sc, } return (true); } - /*FALLTHROUGH*/ - case HIFN_PUSTAT_ENA_1: - switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - return (true); - } - break; } return (false); } @@ -2448,16 +2431,6 @@ hifn_process(device_t dev, struct cryptop *crp, int hi cmd->base_masks |= HIFN_BASE_CMD_DECODE; cmd->base_masks |= HIFN_BASE_CMD_CRYPT; switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES | - HIFN_CRYPT_CMD_MODE_CBC | - HIFN_CRYPT_CMD_NEW_IV; - break; - case CRYPTO_3DES_CBC: - cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES | - HIFN_CRYPT_CMD_MODE_CBC | - HIFN_CRYPT_CMD_NEW_IV; - break; case CRYPTO_AES_CBC: cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES | HIFN_CRYPT_CMD_MODE_CBC | Modified: head/sys/dev/safe/safe.c ============================================================================== --- head/sys/dev/safe/safe.c Mon May 11 21:24:22 2020 (r360932) +++ head/sys/dev/safe/safe.c Mon May 11 21:34:29 2020 (r360933) @@ -694,20 +694,6 @@ safe_cipher_supported(struct safe_softc *sc, { switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - if ((sc->sc_devinfo & SAFE_DEVINFO_DES) == 0) - return (false); - if (csp->csp_ivlen != 8) - return (false); - if (csp->csp_cipher_alg == CRYPTO_DES_CBC) { - if (csp->csp_cipher_klen != 8) - return (false); - } else { - if (csp->csp_cipher_klen != 24) - return (false); - } - break; case CRYPTO_AES_CBC: if ((sc->sc_devinfo & SAFE_DEVINFO_AES) == 0) return (false); @@ -866,14 +852,6 @@ safe_process(device_t dev, struct cryptop *crp, int hi safe_setup_enckey(ses, crp->crp_cipher_key); switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - cmd0 |= SAFE_SA_CMD0_DES; - cmd1 |= SAFE_SA_CMD1_CBC; - break; - case CRYPTO_3DES_CBC: - cmd0 |= SAFE_SA_CMD0_3DES; - cmd1 |= SAFE_SA_CMD1_CBC; - break; case CRYPTO_AES_CBC: cmd0 |= SAFE_SA_CMD0_AES; cmd1 |= SAFE_SA_CMD1_CBC; Modified: head/sys/dev/sec/sec.c ============================================================================== --- head/sys/dev/sec/sec.c Mon May 11 21:24:22 2020 (r360932) +++ head/sys/dev/sec/sec.c Mon May 11 21:34:29 2020 (r360933) @@ -106,12 +106,6 @@ static int sec_aesu_make_desc(struct sec_softc *sc, const struct crypto_session_params *csp, struct sec_desc *desc, struct cryptop *crp); -/* DEU */ -static bool sec_deu_newsession(const struct crypto_session_params *csp); -static int sec_deu_make_desc(struct sec_softc *sc, - const struct crypto_session_params *csp, struct sec_desc *desc, - struct cryptop *crp); - /* MDEU */ static bool sec_mdeu_can_handle(u_int alg); static int sec_mdeu_config(const struct crypto_session_params *csp, @@ -154,10 +148,6 @@ static struct sec_eu_methods sec_eus[] = { sec_aesu_make_desc, }, { - sec_deu_newsession, - sec_deu_make_desc, - }, - { sec_mdeu_newsession, sec_mdeu_make_desc, }, @@ -1147,12 +1137,6 @@ sec_cipher_supported(const struct crypto_session_param if (csp->csp_ivlen != AES_BLOCK_LEN) return (false); break; - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - /* DEU */ - if (csp->csp_ivlen != DES_BLOCK_LEN) - return (false); - break; default: return (false); } @@ -1462,55 +1446,6 @@ sec_aesu_make_desc(struct sec_softc *sc, if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { hd->shd_mode0 |= SEC_AESU_MODE_ED; - hd->shd_dir = 0; - } else - hd->shd_dir = 1; - - if (csp->csp_mode == CSP_MODE_ETA) - error = sec_build_common_s_desc(sc, desc, csp, crp); - else - error = sec_build_common_ns_desc(sc, desc, csp, crp); - - return (error); -} - -/* DEU */ - -static bool -sec_deu_newsession(const struct crypto_session_params *csp) -{ - - switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - return (true); - default: - return (false); - } -} - -static int -sec_deu_make_desc(struct sec_softc *sc, const struct crypto_session_params *csp, - struct sec_desc *desc, struct cryptop *crp) -{ - struct sec_hw_desc *hd = desc->sd_desc; - int error; - - hd->shd_eu_sel0 = SEC_EU_DEU; - hd->shd_mode0 = SEC_DEU_MODE_CBC; - - switch (csp->csp_cipher_alg) { - case CRYPTO_3DES_CBC: - hd->shd_mode0 |= SEC_DEU_MODE_TS; - break; - case CRYPTO_DES_CBC: - break; - default: - return (EINVAL); - } - - if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { - hd->shd_mode0 |= SEC_DEU_MODE_ED; hd->shd_dir = 0; } else hd->shd_dir = 1; Modified: head/sys/mips/cavium/cryptocteon/cavium_crypto.c ============================================================================== --- head/sys/mips/cavium/cryptocteon/cavium_crypto.c Mon May 11 21:24:22 2020 (r360932) +++ head/sys/mips/cavium/cryptocteon/cavium_crypto.c Mon May 11 21:34:29 2020 (r360933) @@ -90,12 +90,10 @@ __FBSDID("$FreeBSD$"); } while (0) #define ESP_HEADER_LENGTH 8 -#define DES_CBC_IV_LENGTH 8 #define AES_CBC_IV_LENGTH 16 #define ESP_HMAC_LEN 12 #define ESP_HEADER_LENGTH 8 -#define DES_CBC_IV_LENGTH 8 /****************************************************************************/ @@ -320,125 +318,6 @@ octo_calc_hash(uint8_t auth, unsigned char *key, uint6 } /****************************************************************************/ -/* DES functions */ - -int -octo_des_cbc_encrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - uint64_t *data; - int data_i, data_l; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - while (crypt_off > 0) { - IOV_CONSUME(iov, data, data_i, data_l); - crypt_off -= 8; - } - - while (crypt_len > 0) { - CVMX_MT_3DES_ENC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - IOV_CONSUME(iov, data, data_i, data_l); - crypt_len -= 8; - } - - return 0; -} - - -int -octo_des_cbc_decrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - uint64_t *data; - int data_i, data_l; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - while (crypt_off > 0) { - IOV_CONSUME(iov, data, data_i, data_l); - crypt_off -= 8; - } - - while (crypt_len > 0) { - CVMX_MT_3DES_DEC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - IOV_CONSUME(iov, data, data_i, data_l); - crypt_len -= 8; - } - - return 0; -} - -/****************************************************************************/ /* AES functions */ int @@ -773,593 +652,6 @@ octo_null_sha1_encrypt( data++; CVMX_MF_HSH_IV(tmp1, 1); *(uint32_t *)data = (uint32_t) (tmp1 >> 32); - - return 0; -} - -/****************************************************************************/ -/* DES MD5 */ - -int -octo_des_cbc_md5_encrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load MD5 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_ENC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_MD5_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_MD5_UNIT(tmp, next); - } else { - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); - } - CVMX_ES64(tmp1, ((alen + 64) << 3)); - CVM_LOAD_MD5_UNIT(tmp1, next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_ES64(tmp1, ((64 + 16) << 3)); - CVMX_MT_HSH_STARTMD5(tmp1); - - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); - - return 0; -} - -int -octo_des_cbc_md5_decrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load MD5 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_MD5_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_DEC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_MD5_UNIT(tmp, next); - } else { - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); - } - CVMX_ES64(tmp1, ((alen + 64) << 3)); - CVM_LOAD_MD5_UNIT(tmp1, next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_ES64(tmp1, ((64 + 16) << 3)); - CVMX_MT_HSH_STARTMD5(tmp1); - - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); - - return 0; -} - -/****************************************************************************/ -/* DES SHA */ - -int -octo_des_cbc_sha1_encrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2, tmp3; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load SHA1 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - CVMX_MT_HSH_IV(od->octo_hminner[2], 2); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_ENC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_SHA_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_SHA_UNIT(tmp, next); - } else { - CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); - } - CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - tmp3 = 0; - CVMX_MF_HSH_IV(tmp3, 2); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - tmp3 |= 0x0000000080000000; - CVMX_MT_HSH_DAT(tmp3, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); - - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); - - return 0; -} - -int -octo_des_cbc_sha1_decrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2, tmp3; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load SHA1 IV */ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005112134.04BLYUpx047459>