upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove support for DES and Triple DES from OCF.

Browse source 
It no longer has any in-kernel consumers via OCF.  smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24773
This commit is contained in:
John Baldwin 2020-05-11 21:34:29 +00:00
parent 32075647ef
commit 0e00c709d7
26 changed files with 14 additions and 1178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
share/man/man4/hifn.4
View file

@ -56,7 +56,7 @@ driver supports various cards containing the Hifn 7751, 7951,
.Pp
The
.Nm
driver registers itself to accelerate DES, Triple-DES,
driver registers itself to accelerate
AES (7955 and 7956 only),
MD5-HMAC, SHA1, and SHA1-HMAC operations for
.Xr ipsec 4

4
share/man/man4/safe.4
View file

@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"/
.Dd April 1, 2006
.Dd May 11, 2020
.Dt SAFE 4
.Os
.Sh NAME
@ -60,7 +60,7 @@ driver supports cards containing SafeNet crypto accelerator chips.
.Pp
The
.Nm
driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC,
driver registers itself to accelerate AES, MD5-HMAC,
SHA1-HMAC, and NULL operations for
.Xr ipsec 4
and

2
share/man/man9/crypto.9
View file

@ -131,8 +131,6 @@ The following encryption algorithms are supported:
.It Dv CRYPTO_AES_XTS
.It Dv CRYPTO_CAMELLIA_CBC
.It Dv CRYPTO_CHACHA20
.It Dv CRYPTO_DES_CBC
.It Dv CRYPTO_3DES_CBC
.It Dv CRYPTO_NULL_CBC
.El
.Pp

4
sys/conf/files
View file

@ -684,8 +684,8 @@ crypto/camellia/camellia.c optional crypto | ipsec | ipsec_support
crypto/camellia/camellia-api.c optional crypto | ipsec | ipsec_support
crypto/chacha20/chacha.c standard
crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support
crypto/des/des_ecb.c optional crypto | ipsec | ipsec_support | netsmb
crypto/des/des_setkey.c optional crypto | ipsec | ipsec_support | netsmb
crypto/des/des_ecb.c optional netsmb
crypto/des/des_setkey.c optional netsmb
crypto/rc4/rc4.c optional netgraph_mppc_encryption | kgssapi
crypto/rijndael/rijndael-alg-fst.c optional crypto | ekcd | geom_bde | \
ipsec | ipsec_support | !random_loadable | wlan_ccmp

3
sys/conf/files.amd64
View file

@ -136,8 +136,7 @@ amd64/pci/pci_cfgreg.c optional pci
cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
crypto/aesni/aeskeys_amd64.S optional aesni
crypto/des/des_enc.c optional crypto | ipsec | \
ipsec_support | netsmb
crypto/des/des_enc.c optional netsmb
dev/acpi_support/acpi_wmi_if.m standard
dev/agp/agp_amd64.c optional agp
dev/agp/agp_i810.c optional agp

2
sys/conf/files.arm
View file

@ -91,7 +91,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c optional !armv7 !armv6 zfs | !
cddl/dev/dtrace/arm/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/arm/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
cddl/dev/fbt/arm/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"
crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
crypto/des/des_enc.c optional netsmb
dev/cpufreq/cpufreq_dt.c optional cpufreq fdt
dev/dwc/if_dwc.c optional dwc
dev/dwc/if_dwc_if.m optional dwc

2
sys/conf/files.arm64
View file

@ -221,7 +221,7 @@ armv8_crypto_wrap.o optional armv8crypto \
compile-with "${CC} -c ${CFLAGS:C/^-O2$/-O3/:N-nostdinc:N-mgeneral-regs-only} -I$S/crypto/armv8/ ${WERROR} ${NO_WCAST_QUAL} ${PROF} -march=armv8-a+crypto ${.IMPSRC}" \
no-implicit-rule \
clean "armv8_crypto_wrap.o"
crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
crypto/des/des_enc.c optional netsmb
dev/acpica/acpi_bus_if.m optional acpi
dev/acpica/acpi_if.m optional acpi
dev/acpica/acpi_pci_link.c optional acpi pci

2
sys/conf/files.i386
View file

@ -76,7 +76,7 @@ compat/linux/linux_vdso.c optional compat_linux
compat/linux/linux.c optional compat_linux
compat/ndis/winx32_wrap.S optional ndisapi pci
crypto/aesni/aeskeys_i386.S optional aesni
crypto/des/arch/i386/des_enc.S optional crypto | ipsec | ipsec_support | netsmb
crypto/des/arch/i386/des_enc.S optional netsmb
dev/agp/agp_ali.c optional agp
dev/agp/agp_amd.c optional agp
dev/agp/agp_amd64.c optional agp

3
sys/conf/files.mips
View file

@ -82,8 +82,7 @@ mips/mips/sc_machdep.c optional sc
dev/uart/uart_cpu_fdt.c optional uart fdt
# crypto support -- use generic
crypto/des/des_enc.c optional crypto | ipsec | \
ipsec_support | netsmb
crypto/des/des_enc.c optional netsmb
# AP common nvram interface MIPS specific, but maybe should be more generic
dev/nvram2env/nvram2env_mips.c optional nvram2env

2
sys/conf/files.powerpc
View file

@ -14,7 +14,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c optional zfs powerpc | dtrac
cddl/dev/dtrace/powerpc/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/powerpc/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
cddl/dev/fbt/powerpc/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"
crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
crypto/des/des_enc.c optional netsmb
dev/aacraid/aacraid_endian.c optional aacraid
dev/adb/adb_bus.c optional adb
dev/adb/adb_kbd.c optional adb

2
sys/conf/files.riscv
View file

@ -2,7 +2,7 @@
cddl/dev/dtrace/riscv/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/riscv/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
cddl/dev/fbt/riscv/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"
crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
crypto/des/des_enc.c optional netsmb
dev/ofw/ofw_cpu.c optional fdt
dev/ofw/ofwpci.c optional pci fdt
dev/pci/pci_host_generic.c optional pci

17
sys/dev/cesa/cesa.c
View file

@ -1577,14 +1577,6 @@ cesa_cipher_supported(const struct crypto_session_params *csp)
if (csp->csp_ivlen != AES_BLOCK_LEN)
return (false);
break;
case CRYPTO_DES_CBC:
if (csp->csp_ivlen != DES_BLOCK_LEN)
return (false);
break;
case CRYPTO_3DES_CBC:
if (csp->csp_ivlen != DES3_BLOCK_LEN)
return (false);
break;
default:
return (false);
}
@ -1673,15 +1665,6 @@ cesa_newsession(device_t dev, crypto_session_t cses,
cs->cs_config |= CESA_CSHD_AES | CESA_CSHD_CBC;
cs->cs_ivlen = AES_BLOCK_LEN;
break;
case CRYPTO_DES_CBC:
cs->cs_config |= CESA_CSHD_DES | CESA_CSHD_CBC;
cs->cs_ivlen = DES_BLOCK_LEN;
break;
case CRYPTO_3DES_CBC:
cs->cs_config |= CESA_CSHD_3DES | CESA_CSHD_3DES_EDE |
CESA_CSHD_CBC;
cs->cs_ivlen = DES3_BLOCK_LEN;
break;
}
switch (csp->csp_auth_alg) {

27
sys/dev/hifn/hifn7751.c
View file

@ -1604,14 +1604,6 @@ hifn_write_command(struct hifn_command *cmd, u_int8_t *buf)
if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) {
switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) {
case HIFN_CRYPT_CMD_ALG_3DES:
bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH);
buf_pos += HIFN_3DES_KEY_LENGTH;
break;
case HIFN_CRYPT_CMD_ALG_DES:
bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH);
buf_pos += HIFN_DES_KEY_LENGTH;
break;
case HIFN_CRYPT_CMD_ALG_AES:
/*
* AES keys are variable 128, 192 and
@ -2328,8 +2320,6 @@ hifn_cipher_supported(struct hifn_softc *sc,
switch (sc->sc_ena) {
case HIFN_PUSTAT_ENA_2:
switch (csp->csp_cipher_alg) {
case CRYPTO_3DES_CBC:
break;
case CRYPTO_AES_CBC:
if ((sc->sc_flags & HIFN_HAS_AES) == 0)
return (false);
@ -2343,13 +2333,6 @@ hifn_cipher_supported(struct hifn_softc *sc,
}
return (true);
}
/*FALLTHROUGH*/
case HIFN_PUSTAT_ENA_1:
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
return (true);
}
break;
}
return (false);
}
@ -2448,16 +2431,6 @@ hifn_process(device_t dev, struct cryptop *crp, int hint)
cmd->base_masks |= HIFN_BASE_CMD_DECODE;
cmd->base_masks |= HIFN_BASE_CMD_CRYPT;
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES |
HIFN_CRYPT_CMD_MODE_CBC |
HIFN_CRYPT_CMD_NEW_IV;
break;
case CRYPTO_3DES_CBC:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES |
HIFN_CRYPT_CMD_MODE_CBC |
HIFN_CRYPT_CMD_NEW_IV;
break;
case CRYPTO_AES_CBC:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES |
HIFN_CRYPT_CMD_MODE_CBC |

22
sys/dev/safe/safe.c
View file

@ -694,20 +694,6 @@ safe_cipher_supported(struct safe_softc *sc,
{
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
if ((sc->sc_devinfo & SAFE_DEVINFO_DES) == 0)
return (false);
if (csp->csp_ivlen != 8)
return (false);
if (csp->csp_cipher_alg == CRYPTO_DES_CBC) {
if (csp->csp_cipher_klen != 8)
return (false);
} else {
if (csp->csp_cipher_klen != 24)
return (false);
}
break;
case CRYPTO_AES_CBC:
if ((sc->sc_devinfo & SAFE_DEVINFO_AES) == 0)
return (false);
@ -866,14 +852,6 @@ safe_process(device_t dev, struct cryptop *crp, int hint)
safe_setup_enckey(ses, crp->crp_cipher_key);
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
cmd0 |= SAFE_SA_CMD0_DES;
cmd1 |= SAFE_SA_CMD1_CBC;
break;
case CRYPTO_3DES_CBC:
cmd0 |= SAFE_SA_CMD0_3DES;
cmd1 |= SAFE_SA_CMD1_CBC;
break;
case CRYPTO_AES_CBC:
cmd0 |= SAFE_SA_CMD0_AES;
cmd1 |= SAFE_SA_CMD1_CBC;

65
sys/dev/sec/sec.c
View file

@ -106,12 +106,6 @@ static int sec_aesu_make_desc(struct sec_softc *sc,
const struct crypto_session_params *csp, struct sec_desc *desc,
struct cryptop *crp);
/* DEU */
static bool sec_deu_newsession(const struct crypto_session_params *csp);
static int sec_deu_make_desc(struct sec_softc *sc,
const struct crypto_session_params *csp, struct sec_desc *desc,
struct cryptop *crp);
/* MDEU */
static bool sec_mdeu_can_handle(u_int alg);
static int sec_mdeu_config(const struct crypto_session_params *csp,
@ -153,10 +147,6 @@ static struct sec_eu_methods sec_eus[] = {
sec_aesu_newsession,
sec_aesu_make_desc,
},
{
sec_deu_newsession,
sec_deu_make_desc,
},
{
sec_mdeu_newsession,
sec_mdeu_make_desc,
@ -1147,12 +1137,6 @@ sec_cipher_supported(const struct crypto_session_params *csp)
if (csp->csp_ivlen != AES_BLOCK_LEN)
return (false);
break;
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
/* DEU */
if (csp->csp_ivlen != DES_BLOCK_LEN)
return (false);
break;
default:
return (false);
}
@ -1474,55 +1458,6 @@ sec_aesu_make_desc(struct sec_softc *sc,
return (error);
}
/* DEU */
static bool
sec_deu_newsession(const struct crypto_session_params *csp)
{
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
return (true);
default:
return (false);
}
}
static int
sec_deu_make_desc(struct sec_softc *sc, const struct crypto_session_params *csp,
struct sec_desc *desc, struct cryptop *crp)
{
struct sec_hw_desc *hd = desc->sd_desc;
int error;
hd->shd_eu_sel0 = SEC_EU_DEU;
hd->shd_mode0 = SEC_DEU_MODE_CBC;
switch (csp->csp_cipher_alg) {
case CRYPTO_3DES_CBC:
hd->shd_mode0 |= SEC_DEU_MODE_TS;
break;
case CRYPTO_DES_CBC:
break;
default:
return (EINVAL);
}
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
hd->shd_mode0 |= SEC_DEU_MODE_ED;
hd->shd_dir = 0;
} else
hd->shd_dir = 1;
if (csp->csp_mode == CSP_MODE_ETA)
error = sec_build_common_s_desc(sc, desc, csp, crp);
else
error = sec_build_common_ns_desc(sc, desc, csp, crp);
return (error);
}
/* MDEU */
static bool

708
sys/mips/cavium/cryptocteon/cavium_crypto.c
View file

@ -90,12 +90,10 @@ __FBSDID("$FreeBSD$");
} while (0)
#define ESP_HEADER_LENGTH 8
#define DES_CBC_IV_LENGTH 8
#define AES_CBC_IV_LENGTH 16
#define ESP_HMAC_LEN 12
#define ESP_HEADER_LENGTH 8
#define DES_CBC_IV_LENGTH 8
/****************************************************************************/
@ -319,125 +317,6 @@ octo_calc_hash(uint8_t auth, unsigned char *key, uint64_t *inner, uint64_t *oute
return;
}
/****************************************************************************/
/* DES functions */
int
octo_des_cbc_encrypt(
struct octo_sess *od,
struct iovec *iov, size_t iovcnt, size_t iovlen,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
uint8_t *icv, uint8_t *ivp)
{
uint64_t *data;
int data_i, data_l;
dprintf("%s()\n", __func__);
if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
(crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) {
dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
return -EINVAL;
}
IOV_INIT(iov, data, data_i, data_l);
CVMX_PREFETCH0(ivp);
CVMX_PREFETCH0(od->octo_enckey);
/* load 3DES Key */
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
if (od->octo_encklen == 24) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
} else if (od->octo_encklen == 8) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
} else {
dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
return -EINVAL;
}
CVMX_MT_3DES_IV(* (uint64_t *) ivp);
while (crypt_off > 0) {
IOV_CONSUME(iov, data, data_i, data_l);
crypt_off -= 8;
}
while (crypt_len > 0) {
CVMX_MT_3DES_ENC_CBC(*data);
CVMX_MF_3DES_RESULT(*data);
IOV_CONSUME(iov, data, data_i, data_l);
crypt_len -= 8;
}
return 0;
}
int
octo_des_cbc_decrypt(
struct octo_sess *od,
struct iovec *iov, size_t iovcnt, size_t iovlen,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
uint8_t *icv, uint8_t *ivp)
{
uint64_t *data;
int data_i, data_l;
dprintf("%s()\n", __func__);
if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
(crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) {
dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
return -EINVAL;
}
IOV_INIT(iov, data, data_i, data_l);
CVMX_PREFETCH0(ivp);
CVMX_PREFETCH0(od->octo_enckey);
/* load 3DES Key */
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
if (od->octo_encklen == 24) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
} else if (od->octo_encklen == 8) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
} else {
dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
return -EINVAL;
}
CVMX_MT_3DES_IV(* (uint64_t *) ivp);
while (crypt_off > 0) {
IOV_CONSUME(iov, data, data_i, data_l);
crypt_off -= 8;
}
while (crypt_len > 0) {
CVMX_MT_3DES_DEC_CBC(*data);
CVMX_MF_3DES_RESULT(*data);
IOV_CONSUME(iov, data, data_i, data_l);
crypt_len -= 8;
}
return 0;
}
/****************************************************************************/
/* AES functions */
@ -777,593 +656,6 @@ octo_null_sha1_encrypt(
return 0;
}
/****************************************************************************/
/* DES MD5 */
int
octo_des_cbc_md5_encrypt(
struct octo_sess *od,
struct iovec *iov, size_t iovcnt, size_t iovlen,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
uint8_t *icv, uint8_t *ivp)
{
int next = 0;
union {
uint32_t data32[2];
uint64_t data64[1];
} mydata;
uint64_t *data = &mydata.data64[0];
uint32_t *data32;
uint64_t tmp1, tmp2;
int data_i, data_l, alen = auth_len;
dprintf("%s()\n", __func__);
if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
(crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
(crypt_len & 0x7) ||
(auth_len & 0x7) ||
(auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
return -EINVAL;
}
IOV_INIT(iov, data32, data_i, data_l);
CVMX_PREFETCH0(ivp);
CVMX_PREFETCH0(od->octo_enckey);
/* load 3DES Key */
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
if (od->octo_encklen == 24) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
} else if (od->octo_encklen == 8) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
} else {
dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
return -EINVAL;
}
CVMX_MT_3DES_IV(* (uint64_t *) ivp);
/* Load MD5 IV */
CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
while (crypt_off > 0 && auth_off > 0) {
IOV_CONSUME(iov, data32, data_i, data_l);
crypt_off -= 4;
auth_off -= 4;
}
while (crypt_len > 0 || auth_len > 0) {
uint32_t *first = data32;
mydata.data32[0] = *first;
IOV_CONSUME(iov, data32, data_i, data_l);
mydata.data32[1] = *data32;
if (crypt_off <= 0) {
if (crypt_len > 0) {
CVMX_MT_3DES_ENC_CBC(*data);
CVMX_MF_3DES_RESULT(*data);
crypt_len -= 8;
}
} else
crypt_off -= 8;
if (auth_off <= 0) {
if (auth_len > 0) {
CVM_LOAD_MD5_UNIT(*data, next);
auth_len -= 8;
}
} else
auth_off -= 8;
*first = mydata.data32[0];
*data32 = mydata.data32[1];
IOV_CONSUME(iov, data32, data_i, data_l);
}
/* finish the hash */
CVMX_PREFETCH0(od->octo_hmouter);
#if 0
if (__predict_false(inplen)) {
uint64_t tmp = 0;
uint8_t *p = (uint8_t *) & tmp;
p[inplen] = 0x80;
do {
inplen--;
p[inplen] = ((uint8_t *) data)[inplen];
} while (inplen);
CVM_LOAD_MD5_UNIT(tmp, next);
} else {
CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
}
#else
CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
#endif
/* Finish Inner hash */
while (next != 7) {
CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
}
CVMX_ES64(tmp1, ((alen + 64) << 3));
CVM_LOAD_MD5_UNIT(tmp1, next);
/* Get the inner hash of HMAC */
CVMX_MF_HSH_IV(tmp1, 0);
CVMX_MF_HSH_IV(tmp2, 1);
/* Initialize hash unit */
CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
CVMX_MT_HSH_DAT(tmp1, 0);
CVMX_MT_HSH_DAT(tmp2, 1);
CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
CVMX_MT_HSH_DATZ(3);
CVMX_MT_HSH_DATZ(4);
CVMX_MT_HSH_DATZ(5);
CVMX_MT_HSH_DATZ(6);
CVMX_ES64(tmp1, ((64 + 16) << 3));
CVMX_MT_HSH_STARTMD5(tmp1);
/* save the HMAC */
data32 = (uint32_t *)icv;
CVMX_MF_HSH_IV(tmp1, 0);
*data32 = (uint32_t) (tmp1 >> 32);
data32++;
*data32 = (uint32_t) tmp1;
data32++;
CVMX_MF_HSH_IV(tmp1, 1);
*data32 = (uint32_t) (tmp1 >> 32);
return 0;
}
int
octo_des_cbc_md5_decrypt(
struct octo_sess *od,
struct iovec *iov, size_t iovcnt, size_t iovlen,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
uint8_t *icv, uint8_t *ivp)
{
int next = 0;
union {
uint32_t data32[2];
uint64_t data64[1];
} mydata;
uint64_t *data = &mydata.data64[0];
uint32_t *data32;
uint64_t tmp1, tmp2;
int data_i, data_l, alen = auth_len;
dprintf("%s()\n", __func__);
if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
(crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
(crypt_len & 0x7) ||
(auth_len & 0x7) ||
(auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
return -EINVAL;
}
IOV_INIT(iov, data32, data_i, data_l);
CVMX_PREFETCH0(ivp);
CVMX_PREFETCH0(od->octo_enckey);
/* load 3DES Key */
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
if (od->octo_encklen == 24) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
} else if (od->octo_encklen == 8) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
} else {
dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
return -EINVAL;
}
CVMX_MT_3DES_IV(* (uint64_t *) ivp);
/* Load MD5 IV */
CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
while (crypt_off > 0 && auth_off > 0) {
IOV_CONSUME(iov, data32, data_i, data_l);
crypt_off -= 4;
auth_off -= 4;
}
while (crypt_len > 0 || auth_len > 0) {
uint32_t *first = data32;
mydata.data32[0] = *first;
IOV_CONSUME(iov, data32, data_i, data_l);
mydata.data32[1] = *data32;
if (auth_off <= 0) {
if (auth_len > 0) {
CVM_LOAD_MD5_UNIT(*data, next);
auth_len -= 8;
}
} else
auth_off -= 8;
if (crypt_off <= 0) {
if (crypt_len > 0) {
CVMX_MT_3DES_DEC_CBC(*data);
CVMX_MF_3DES_RESULT(*data);
crypt_len -= 8;
}
} else
crypt_off -= 8;
*first = mydata.data32[0];
*data32 = mydata.data32[1];
IOV_CONSUME(iov, data32, data_i, data_l);
}
/* finish the hash */
CVMX_PREFETCH0(od->octo_hmouter);
#if 0
if (__predict_false(inplen)) {
uint64_t tmp = 0;
uint8_t *p = (uint8_t *) & tmp;
p[inplen] = 0x80;
do {
inplen--;
p[inplen] = ((uint8_t *) data)[inplen];
} while (inplen);
CVM_LOAD_MD5_UNIT(tmp, next);
} else {
CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
}
#else
CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
#endif
/* Finish Inner hash */
while (next != 7) {
CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
}
CVMX_ES64(tmp1, ((alen + 64) << 3));
CVM_LOAD_MD5_UNIT(tmp1, next);
/* Get the inner hash of HMAC */
CVMX_MF_HSH_IV(tmp1, 0);
CVMX_MF_HSH_IV(tmp2, 1);
/* Initialize hash unit */
CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
CVMX_MT_HSH_DAT(tmp1, 0);
CVMX_MT_HSH_DAT(tmp2, 1);
CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
CVMX_MT_HSH_DATZ(3);
CVMX_MT_HSH_DATZ(4);
CVMX_MT_HSH_DATZ(5);
CVMX_MT_HSH_DATZ(6);
CVMX_ES64(tmp1, ((64 + 16) << 3));
CVMX_MT_HSH_STARTMD5(tmp1);
/* save the HMAC */
data32 = (uint32_t *)icv;
CVMX_MF_HSH_IV(tmp1, 0);
*data32 = (uint32_t) (tmp1 >> 32);
data32++;
*data32 = (uint32_t) tmp1;
data32++;
CVMX_MF_HSH_IV(tmp1, 1);
*data32 = (uint32_t) (tmp1 >> 32);
return 0;
}
/****************************************************************************/
/* DES SHA */
int
octo_des_cbc_sha1_encrypt(
struct octo_sess *od,
struct iovec *iov, size_t iovcnt, size_t iovlen,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
uint8_t *icv, uint8_t *ivp)
{
int next = 0;
union {
uint32_t data32[2];
uint64_t data64[1];
} mydata;
uint64_t *data = &mydata.data64[0];
uint32_t *data32;
uint64_t tmp1, tmp2, tmp3;
int data_i, data_l, alen = auth_len;
dprintf("%s()\n", __func__);
if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
(crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
(crypt_len & 0x7) ||
(auth_len & 0x7) ||
(auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
return -EINVAL;
}
IOV_INIT(iov, data32, data_i, data_l);
CVMX_PREFETCH0(ivp);
CVMX_PREFETCH0(od->octo_enckey);
/* load 3DES Key */
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
if (od->octo_encklen == 24) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
} else if (od->octo_encklen == 8) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
} else {
dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
return -EINVAL;
}
CVMX_MT_3DES_IV(* (uint64_t *) ivp);
/* Load SHA1 IV */
CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
CVMX_MT_HSH_IV(od->octo_hminner[2], 2);
while (crypt_off > 0 && auth_off > 0) {
IOV_CONSUME(iov, data32, data_i, data_l);
crypt_off -= 4;
auth_off -= 4;
}
while (crypt_len > 0 || auth_len > 0) {
uint32_t *first = data32;
mydata.data32[0] = *first;
IOV_CONSUME(iov, data32, data_i, data_l);
mydata.data32[1] = *data32;
if (crypt_off <= 0) {
if (crypt_len > 0) {
CVMX_MT_3DES_ENC_CBC(*data);
CVMX_MF_3DES_RESULT(*data);
crypt_len -= 8;
}
} else
crypt_off -= 8;
if (auth_off <= 0) {
if (auth_len > 0) {
CVM_LOAD_SHA_UNIT(*data, next);
auth_len -= 8;
}
} else
auth_off -= 8;
*first = mydata.data32[0];
*data32 = mydata.data32[1];
IOV_CONSUME(iov, data32, data_i, data_l);
}
/* finish the hash */
CVMX_PREFETCH0(od->octo_hmouter);
#if 0
if (__predict_false(inplen)) {
uint64_t tmp = 0;
uint8_t *p = (uint8_t *) & tmp;
p[inplen] = 0x80;
do {
inplen--;
p[inplen] = ((uint8_t *) data)[inplen];
} while (inplen);
CVM_LOAD_SHA_UNIT(tmp, next);
} else {
CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);
}
#else
CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);
#endif
/* Finish Inner hash */
while (next != 7) {
CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next);
}
CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next);
/* Get the inner hash of HMAC */
CVMX_MF_HSH_IV(tmp1, 0);
CVMX_MF_HSH_IV(tmp2, 1);
tmp3 = 0;
CVMX_MF_HSH_IV(tmp3, 2);
/* Initialize hash unit */
CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
CVMX_MT_HSH_IV(od->octo_hmouter[2], 2);
CVMX_MT_HSH_DAT(tmp1, 0);
CVMX_MT_HSH_DAT(tmp2, 1);
tmp3 |= 0x0000000080000000;
CVMX_MT_HSH_DAT(tmp3, 2);
CVMX_MT_HSH_DATZ(3);
CVMX_MT_HSH_DATZ(4);
CVMX_MT_HSH_DATZ(5);
CVMX_MT_HSH_DATZ(6);
CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3));
/* save the HMAC */
data32 = (uint32_t *)icv;
CVMX_MF_HSH_IV(tmp1, 0);
*data32 = (uint32_t) (tmp1 >> 32);
data32++;
*data32 = (uint32_t) tmp1;
data32++;
CVMX_MF_HSH_IV(tmp1, 1);
*data32 = (uint32_t) (tmp1 >> 32);
return 0;
}
int
octo_des_cbc_sha1_decrypt(
struct octo_sess *od,
struct iovec *iov, size_t iovcnt, size_t iovlen,
int auth_off, int auth_len,
int crypt_off, int crypt_len,
uint8_t *icv, uint8_t *ivp)
{
int next = 0;
union {
uint32_t data32[2];
uint64_t data64[1];
} mydata;
uint64_t *data = &mydata.data64[0];
uint32_t *data32;
uint64_t tmp1, tmp2, tmp3;
int data_i, data_l, alen = auth_len;
dprintf("%s()\n", __func__);
if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
(crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
(crypt_len & 0x7) ||
(auth_len & 0x7) ||
(auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
return -EINVAL;
}
IOV_INIT(iov, data32, data_i, data_l);
CVMX_PREFETCH0(ivp);
CVMX_PREFETCH0(od->octo_enckey);
/* load 3DES Key */
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
if (od->octo_encklen == 24) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
} else if (od->octo_encklen == 8) {
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
} else {
dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
return -EINVAL;
}
CVMX_MT_3DES_IV(* (uint64_t *) ivp);
/* Load SHA1 IV */
CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
CVMX_MT_HSH_IV(od->octo_hminner[2], 2);
while (crypt_off > 0 && auth_off > 0) {
IOV_CONSUME(iov, data32, data_i, data_l);
crypt_off -= 4;
auth_off -= 4;
}
while (crypt_len > 0 || auth_len > 0) {
uint32_t *first = data32;
mydata.data32[0] = *first;
IOV_CONSUME(iov, data32, data_i, data_l);
mydata.data32[1] = *data32;
if (auth_off <= 0) {
if (auth_len > 0) {
CVM_LOAD_SHA_UNIT(*data, next);
auth_len -= 8;
}
} else
auth_off -= 8;
if (crypt_off <= 0) {
if (crypt_len > 0) {
CVMX_MT_3DES_DEC_CBC(*data);
CVMX_MF_3DES_RESULT(*data);
crypt_len -= 8;
}
} else
crypt_off -= 8;
*first = mydata.data32[0];
*data32 = mydata.data32[1];
IOV_CONSUME(iov, data32, data_i, data_l);
}
/* finish the hash */
CVMX_PREFETCH0(od->octo_hmouter);
#if 0
if (__predict_false(inplen)) {
uint64_t tmp = 0;
uint8_t *p = (uint8_t *) & tmp;
p[inplen] = 0x80;
do {
inplen--;
p[inplen] = ((uint8_t *) data)[inplen];
} while (inplen);
CVM_LOAD_SHA_UNIT(tmp, next);
} else {
CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);
}
#else
CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);
#endif
/* Finish Inner hash */
while (next != 7) {
CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next);
}
CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next);
/* Get the inner hash of HMAC */
CVMX_MF_HSH_IV(tmp1, 0);
CVMX_MF_HSH_IV(tmp2, 1);
tmp3 = 0;
CVMX_MF_HSH_IV(tmp3, 2);
/* Initialize hash unit */
CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
CVMX_MT_HSH_IV(od->octo_hmouter[2], 2);
CVMX_MT_HSH_DAT(tmp1, 0);
CVMX_MT_HSH_DAT(tmp2, 1);
tmp3 |= 0x0000000080000000;
CVMX_MT_HSH_DAT(tmp3, 2);
CVMX_MT_HSH_DATZ(3);
CVMX_MT_HSH_DATZ(4);
CVMX_MT_HSH_DATZ(5);
CVMX_MT_HSH_DATZ(6);
CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3));
/* save the HMAC */
data32 = (uint32_t *)icv;
CVMX_MF_HSH_IV(tmp1, 0);
*data32 = (uint32_t) (tmp1 >> 32);
data32++;
*data32 = (uint32_t) tmp1;
data32++;
CVMX_MF_HSH_IV(tmp1, 1);
*data32 = (uint32_t) (tmp1 >> 32);
return 0;
}
/****************************************************************************/
/* AES MD5 */

26
sys/mips/cavium/cryptocteon/cryptocteon.c
View file

@ -121,14 +121,6 @@ cryptocteon_cipher_supported(const struct crypto_session_params *csp)
{
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
if (csp->csp_ivlen != 8)
return (false);
if (csp->csp_cipher_klen != 8 &&
csp->csp_cipher_klen != 24)
return (false);
break;
case CRYPTO_AES_CBC:
if (csp->csp_ivlen != 16)
return (false);
@ -229,11 +221,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t cses,
break;
case CSP_MODE_CIPHER:
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
ocd->octo_encrypt = octo_des_cbc_encrypt;
ocd->octo_decrypt = octo_des_cbc_decrypt;
break;
case CRYPTO_AES_CBC:
ocd->octo_encrypt = octo_aes_cbc_encrypt;
ocd->octo_decrypt = octo_aes_cbc_decrypt;
@ -242,19 +229,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t cses,
break;
case CSP_MODE_ETA:
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
switch (csp->csp_auth_alg) {
case CRYPTO_MD5_HMAC:
ocd->octo_encrypt = octo_des_cbc_md5_encrypt;
ocd->octo_decrypt = octo_des_cbc_md5_decrypt;
break;
case CRYPTO_SHA1_HMAC:
ocd->octo_encrypt = octo_des_cbc_sha1_encrypt;
ocd->octo_decrypt = octo_des_cbc_sha1_encrypt;
break;
}
break;
case CRYPTO_AES_CBC:
switch (csp->csp_auth_alg) {
case CRYPTO_MD5_HMAC:

8
sys/mips/cavium/cryptocteon/cryptocteonvar.h
View file

@ -67,14 +67,6 @@ void octo_calc_hash(uint8_t, unsigned char *, uint64_t *, uint64_t *);
octo_encrypt_t octo_null_md5_encrypt;
octo_encrypt_t octo_null_sha1_encrypt;
octo_encrypt_t octo_des_cbc_encrypt;
octo_encrypt_t octo_des_cbc_md5_encrypt;
octo_encrypt_t octo_des_cbc_sha1_encrypt;
octo_decrypt_t octo_des_cbc_decrypt;
octo_decrypt_t octo_des_cbc_md5_decrypt;
octo_decrypt_t octo_des_cbc_sha1_decrypt;
octo_encrypt_t octo_aes_cbc_encrypt;
octo_encrypt_t octo_aes_cbc_md5_encrypt;
octo_encrypt_t octo_aes_cbc_sha1_encrypt;

5
sys/mips/nlm/dev/sec/nlmsec.c
View file

@ -391,11 +391,6 @@ xlp_sec_cipher_supported(const struct crypto_session_params *csp)
{
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
if (csp->csp_ivlen != XLP_SEC_DES_IV_LENGTH)
return (false);
break;
case CRYPTO_AES_CBC:
if (csp->csp_ivlen != XLP_SEC_AES_IV_LENGTH)
return (false);

34
sys/mips/nlm/dev/sec/nlmseclib.c
View file

@ -172,18 +172,6 @@ nlm_crypto_do_cipher(struct xlp_sec_softc *sc, struct xlp_sec_command *cmd,
cipkey = cmd->crp->crp_cipher_key;
else
cipkey = csp->csp_cipher_key;
if (cmd->cipheralg == NLM_CIPHER_3DES) {
if (!CRYPTO_OP_IS_ENCRYPT(cmd->crp->crp_op)) {
const uint64_t *k;
uint64_t *tkey;
k = (const uint64_t *)cipkey;
tkey = (uint64_t *)cmd->des3key;
tkey[2] = k[0];
tkey[1] = k[1];
tkey[0] = k[2];
cipkey = (const unsigned char *)tkey;
}
}
nlm_crypto_fill_pkt_ctrl(cmd->ctrlp, 0, NLM_HASH_BYPASS, 0,
cmd->cipheralg, cmd->ciphermode, cipkey,
csp->csp_cipher_klen, NULL, 0);
@ -239,18 +227,6 @@ nlm_crypto_do_cipher_digest(struct xlp_sec_softc *sc,
authkey = cmd->crp->crp_auth_key;
else
authkey = csp->csp_auth_key;
if (cmd->cipheralg == NLM_CIPHER_3DES) {
if (!CRYPTO_OP_IS_ENCRYPT(cmd->crp->crp_op)) {
const uint64_t *k;
uint64_t *tkey;
k = (const uint64_t *)cipkey;
tkey = (uint64_t *)cmd->des3key;
tkey[2] = k[0];
tkey[1] = k[1];
tkey[0] = k[2];
cipkey = (const unsigned char *)tkey;
}
}
nlm_crypto_fill_pkt_ctrl(cmd->ctrlp, csp->csp_auth_klen ? 1 : 0,
cmd->hashalg, cmd->hashmode, cmd->cipheralg, cmd->ciphermode,
cipkey, csp->csp_cipher_klen,
@ -296,16 +272,6 @@ nlm_get_cipher_param(struct xlp_sec_command *cmd,
const struct crypto_session_params *csp)
{
switch(csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
cmd->cipheralg = NLM_CIPHER_DES;
cmd->ciphermode = NLM_CIPHER_MODE_CBC;
cmd->ivlen = XLP_SEC_DES_IV_LENGTH;
break;
case CRYPTO_3DES_CBC:
cmd->cipheralg = NLM_CIPHER_3DES;
cmd->ciphermode = NLM_CIPHER_MODE_CBC;
cmd->ivlen = XLP_SEC_DES_IV_LENGTH;
break;
case CRYPTO_AES_CBC:
cmd->cipheralg = NLM_CIPHER_AES128;
cmd->ciphermode = NLM_CIPHER_MODE_CBC;

6
sys/opencrypto/crypto.c
View file

@ -594,10 +594,6 @@ crypto_cipher(const struct crypto_session_params *csp)
{
switch (csp->csp_cipher_alg) {
case CRYPTO_DES_CBC:
return (&enc_xform_des);
case CRYPTO_3DES_CBC:
return (&enc_xform_3des);
case CRYPTO_RIJNDAEL128_CBC:
return (&enc_xform_rijndael128);
case CRYPTO_AES_XTS:
@ -678,8 +674,6 @@ static enum alg_type {
ALG_COMPRESSION,
ALG_AEAD
} alg_types[] = {
[CRYPTO_DES_CBC] = ALG_CIPHER,
[CRYPTO_3DES_CBC] = ALG_CIPHER,
[CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,
[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,
[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,

10
sys/opencrypto/cryptodev.h
View file

@ -113,8 +113,6 @@
/* Encryption algorithm block sizes */
#define NULL_BLOCK_LEN 4 /* IPsec to maintain alignment */
#define DES_BLOCK_LEN 8
#define DES3_BLOCK_LEN 8
#define RIJNDAEL128_BLOCK_LEN 16
#define AES_BLOCK_LEN 16
#define AES_ICM_BLOCK_LEN 1
@ -132,10 +130,6 @@
/* Min and Max Encryption Key Sizes */
#define NULL_MIN_KEY 0
#define NULL_MAX_KEY 256 /* 2048 bits, max key */
#define DES_MIN_KEY 8
#define DES_MAX_KEY DES_MIN_KEY
#define TRIPLE_DES_MIN_KEY 24
#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY
#define RIJNDAEL_MIN_KEY 16
#define RIJNDAEL_MAX_KEY 32
#define AES_MIN_KEY RIJNDAEL_MIN_KEY
@ -215,7 +209,7 @@
/* NB: deprecated */
struct session_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t cipher; /* ie. CRYPTO_AES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
u_int32_t keylen; /* cipher key */
@ -232,7 +226,7 @@ struct session_op {
* "cryptop" (no underscore).
*/
struct session2_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t cipher; /* ie. CRYPTO_AES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
u_int32_t keylen; /* cipher key */

3
sys/opencrypto/xform.c
View file

@ -59,7 +59,6 @@ __FBSDID("$FreeBSD$");
#include <sys/kernel.h>
#include <machine/cpu.h>
#include <crypto/des/des.h>
#include <crypto/rijndael/rijndael.h>
#include <crypto/camellia/camellia.h>
#include <crypto/sha1.h>
@ -76,8 +75,6 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
/* Include the encryption algorithms */
#include "xform_null.c"
#include "xform_des1.c"
#include "xform_des3.c"
#include "xform_rijndael.c"
#include "xform_aes_icm.c"
#include "xform_aes_xts.c"

114
sys/opencrypto/xform_des1.c
View file

@ -1,114 +0,0 @@
/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */
/*-
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
* Niels Provos (provos@physnet.uni-hamburg.de) and
* Damien Miller (djm@mindrot.org).
*
* This code was written by John Ioannidis for BSD/OS in Athens, Greece,
* in November 1995.
*
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis.
*
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
* and Niels Provos.
*
* Additional features in 1999 by Angelos D. Keromytis.
*
* AES XTS implementation in 2008 by Damien Miller
*
* Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
* Angelos D. Keromytis and Niels Provos.
*
* Copyright (C) 2001, Angelos D. Keromytis.
*
* Copyright (C) 2008, Damien Miller
* Copyright (c) 2014 The FreeBSD Foundation
* All rights reserved.
*
* Portions of this software were developed by John-Mark Gurney
* under sponsorship of the FreeBSD Foundation and
* Rubicon Communications, LLC (Netgate).
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
* modification of this software.
* You may use this code under the GNU public license if you so wish. Please
* contribute changes back to the authors under this freer than GPL license
* so that we may further the use of strong encryption without limitations to
* all.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <crypto/des/des.h>
#include <opencrypto/xform_enc.h>
static int des1_setkey(u_int8_t **, const u_int8_t *, int);
static void des1_encrypt(caddr_t, u_int8_t *);
static void des1_decrypt(caddr_t, u_int8_t *);
static void des1_zerokey(u_int8_t **);
/* Encryption instances */
struct enc_xform enc_xform_des = {
CRYPTO_DES_CBC, "DES",
DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY,
des1_encrypt,
des1_decrypt,
des1_setkey,
des1_zerokey,
NULL,
};
/*
* Encryption wrapper routines.
*/
static void
des1_encrypt(caddr_t key, u_int8_t *blk)
{
des_key_schedule *p = (des_key_schedule *) key;
des_ecb_encrypt(blk, blk, p[0], DES_ENCRYPT);
}
static void
des1_decrypt(caddr_t key, u_int8_t *blk)
{
des_key_schedule *p = (des_key_schedule *) key;
des_ecb_encrypt(blk, blk, p[0], DES_DECRYPT);
}
static int
des1_setkey(u_int8_t **sched, const u_int8_t *key, int len)
{
des_key_schedule *p;
int err;
p = KMALLOC(sizeof (des_key_schedule),
M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
if (p != NULL) {
des_set_key(key, p[0]);
err = 0;
} else
err = ENOMEM;
*sched = (u_int8_t *) p;
return err;
}
static void
des1_zerokey(u_int8_t **sched)
{
bzero(*sched, sizeof (des_key_schedule));
KFREE(*sched, M_CRYPTO_DATA);
*sched = NULL;
}

117
sys/opencrypto/xform_des3.c
View file

@ -1,117 +0,0 @@
/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */
/*-
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
* Niels Provos (provos@physnet.uni-hamburg.de) and
* Damien Miller (djm@mindrot.org).
*
* This code was written by John Ioannidis for BSD/OS in Athens, Greece,
* in November 1995.
*
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis.
*
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
* and Niels Provos.
*
* Additional features in 1999 by Angelos D. Keromytis.
*
* AES XTS implementation in 2008 by Damien Miller
*
* Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
* Angelos D. Keromytis and Niels Provos.
*
* Copyright (C) 2001, Angelos D. Keromytis.
*
* Copyright (C) 2008, Damien Miller
* Copyright (c) 2014 The FreeBSD Foundation
* All rights reserved.
*
* Portions of this software were developed by John-Mark Gurney
* under sponsorship of the FreeBSD Foundation and
* Rubicon Communications, LLC (Netgate).
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
* modification of this software.
* You may use this code under the GNU public license if you so wish. Please
* contribute changes back to the authors under this freer than GPL license
* so that we may further the use of strong encryption without limitations to
* all.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <crypto/des/des.h>
#include <opencrypto/xform_enc.h>
static int des3_setkey(u_int8_t **, const u_int8_t *, int);
static void des3_encrypt(caddr_t, u_int8_t *);
static void des3_decrypt(caddr_t, u_int8_t *);
static void des3_zerokey(u_int8_t **);
/* Encryption instances */
struct enc_xform enc_xform_3des = {
CRYPTO_3DES_CBC, "3DES",
DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY,
TRIPLE_DES_MAX_KEY,
des3_encrypt,
des3_decrypt,
des3_setkey,
des3_zerokey,
NULL,
};
/*
* Encryption wrapper routines.
*/
static void
des3_encrypt(caddr_t key, u_int8_t *blk)
{
des_key_schedule *p = (des_key_schedule *) key;
des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_ENCRYPT);
}
static void
des3_decrypt(caddr_t key, u_int8_t *blk)
{
des_key_schedule *p = (des_key_schedule *) key;
des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_DECRYPT);
}
static int
des3_setkey(u_int8_t **sched, const u_int8_t *key, int len)
{
des_key_schedule *p;
int err;
p = KMALLOC(3*sizeof (des_key_schedule),
M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
if (p != NULL) {
des_set_key(key + 0, p[0]);
des_set_key(key + 8, p[1]);
des_set_key(key + 16, p[2]);
err = 0;
} else
err = ENOMEM;
*sched = (u_int8_t *) p;
return err;
}
static void
des3_zerokey(u_int8_t **sched)
{
bzero(*sched, 3*sizeof (des_key_schedule));
KFREE(*sched, M_CRYPTO_DATA);
*sched = NULL;
}

2
sys/opencrypto/xform_enc.h
View file

@ -68,8 +68,6 @@ struct enc_xform {
extern struct enc_xform enc_xform_null;
extern struct enc_xform enc_xform_des;
extern struct enc_xform enc_xform_3des;
extern struct enc_xform enc_xform_blf;
extern struct enc_xform enc_xform_rijndael128;
extern struct enc_xform enc_xform_aes_icm;