PERFORCE change 1198591 for review
John-Mark Gurney
jmg at FreeBSD.org
Mon Sep 8 04:48:25 UTC 2014
http://p4web.freebsd.org/@@1198591?ac=10
Change 1198591 by jmg at jmg_carbon2 on 2014/08/11 21:14:53
back out previous change so that I can continue working...
Affected files ...
.. //depot/projects/opencrypto/sys/crypto/via/padlock.h#3 edit
.. //depot/projects/opencrypto/sys/crypto/via/padlock_hash.c#4 edit
.. //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#5 edit
.. //depot/projects/opencrypto/sys/opencrypto/cryptosoft.c#5 edit
.. //depot/projects/opencrypto/sys/opencrypto/cryptosoft.h#3 edit
.. //depot/projects/opencrypto/sys/opencrypto/xform.c#6 edit
.. //depot/projects/opencrypto/sys/opencrypto/xform.h#6 edit
Differences ...
==== //depot/projects/opencrypto/sys/crypto/via/padlock.h#3 (text+ko) ====
@@ -64,17 +64,12 @@
#define cw_filler2 __field.filler2
#define cw_filler3 __field.filler3
-struct auth_hash_comb {
- struct auth_hash axf;
- struct auth_hash_funcs axff;
-};
-
struct padlock_session {
union padlock_cw ses_cw __aligned(16);
uint32_t ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */
uint32_t ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */
uint8_t ses_iv[16] __aligned(16); /* 128 bit aligned */
- struct auth_hash_comb *ses_axfc;
+ struct auth_hash *ses_axf;
uint8_t *ses_ictx;
uint8_t *ses_octx;
int ses_mlen;
==== //depot/projects/opencrypto/sys/crypto/via/padlock_hash.c#4 (text+ko) ====
@@ -80,21 +80,17 @@
static void padlock_sha1_final(uint8_t *hash, struct padlock_sha_ctx *ctx);
static void padlock_sha256_final(uint8_t *hash, struct padlock_sha_ctx *ctx);
-static struct auth_hash_comb padlock_hmac_sha1 = {
- { CRYPTO_SHA1_HMAC, "HMAC-SHA1",
- 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN,
- sizeof(struct padlock_sha_ctx), },
- { (void (*)(void *))padlock_sha_init, NULL, NULL,
- (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update,
- (void (*)(uint8_t *, void *))padlock_sha1_final },
+static struct auth_hash padlock_hmac_sha1 = {
+ CRYPTO_SHA1_HMAC, "HMAC-SHA1",
+ 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx),
+ (void (*)(void *))padlock_sha_init, NULL, NULL,
+ (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update,
+ (void (*)(uint8_t *, void *))padlock_sha1_final
};
static struct auth_hash padlock_hmac_sha256 = {
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx),
-};
-
-static struct auth_hash_funcs padlock_hmac_sha256_funcs = {
(void (*)(void *))padlock_sha_init, NULL, NULL,
(int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update,
(void (*)(uint8_t *, void *))padlock_sha256_final
@@ -247,15 +243,11 @@
static void
padlock_hash_key_setup(struct padlock_session *ses, caddr_t key, int klen)
{
- struct auth_hash_comb *axfc;
struct auth_hash *axf;
- struct auth_hash_funcs *axff;
int i;
klen /= 8;
- axfc = ses->ses_axfc;
- axf = &axfc->axf;
- axff = &axfc->axff;
+ axf = ses->ses_axf;
/*
* Try to free contexts before using them, because
@@ -268,16 +260,16 @@
for (i = 0; i < klen; i++)
key[i] ^= HMAC_IPAD_VAL;
- axff->Init(ses->ses_ictx);
- axff->Update(ses->ses_ictx, key, klen);
- axff->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen);
+ axf->Init(ses->ses_ictx);
+ axf->Update(ses->ses_ictx, key, klen);
+ axf->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen);
for (i = 0; i < klen; i++)
key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
- axff->Init(ses->ses_octx);
- axff->Update(ses->ses_octx, key, klen);
- axff->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen);
+ axf->Init(ses->ses_octx);
+ axf->Update(ses->ses_octx, key, klen);
+ axf->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen);
for (i = 0; i < klen; i++)
key[i] ^= HMAC_OPAD_VAL;
@@ -295,7 +287,7 @@
union authctx ctx;
int error;
- axfc = ses->ses_axfc;
+ axf = ses->ses_axf;
padlock_copy_ctx(axf, ses->ses_ictx, &ctx);
error = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len,
==== //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#5 (text+ko) ====
@@ -271,9 +271,9 @@
struct mtx lock; /* for op submission */
u_int32_t cipher;
- const struct enc_xform *txform;
+ struct enc_xform *txform;
u_int32_t mac;
- const struct auth_hash *thash;
+ struct auth_hash *thash;
caddr_t key;
int keylen;
@@ -322,8 +322,8 @@
static int csedelete(struct fcrypt *, struct csession *);
static struct csession *cseadd(struct fcrypt *, struct csession *);
static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t,
- u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t,
- const struct enc_xform *, const struct auth_hash *);
+ u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
+ struct auth_hash *);
static int csefree(struct csession *);
static int cryptodev_op(struct csession *, struct crypt_op *,
@@ -391,8 +391,8 @@
struct session_op *sop;
struct crypt_op *cop;
struct crypt_aead *caead;
- const struct enc_xform *txform = NULL;
- const struct auth_hash *thash = NULL;
+ struct enc_xform *txform = NULL;
+ struct auth_hash *thash = NULL;
struct crypt_kop *kop;
u_int64_t sid;
u_int32_t ses;
@@ -418,25 +418,96 @@
} else
#endif
sop = (struct session_op *)data;
- if (sop->cipher != 0) {
- if (CRYPTO_ALGO_VALID(sop->cipher) &&
- oc_enc_xform_array[sop->cipher].type ==
- sop->cipher) {
- txform = &oc_enc_xform_array[sop->cipher];
- } else {
- CRYPTDEB("invalid cipher");
- return (EINVAL);
- }
+ switch (sop->cipher) {
+ case 0:
+ break;
+ case CRYPTO_DES_CBC:
+ txform = &enc_xform_des;
+ break;
+ case CRYPTO_3DES_CBC:
+ txform = &enc_xform_3des;
+ break;
+ case CRYPTO_BLF_CBC:
+ txform = &enc_xform_blf;
+ break;
+ case CRYPTO_CAST_CBC:
+ txform = &enc_xform_cast5;
+ break;
+ case CRYPTO_SKIPJACK_CBC:
+ txform = &enc_xform_skipjack;
+ break;
+ case CRYPTO_AES_CBC:
+ txform = &enc_xform_rijndael128;
+ break;
+ case CRYPTO_AES_XTS:
+ txform = &enc_xform_aes_xts;
+ break;
+ case CRYPTO_NULL_CBC:
+ txform = &enc_xform_null;
+ break;
+ case CRYPTO_ARC4:
+ txform = &enc_xform_arc4;
+ break;
+ case CRYPTO_CAMELLIA_CBC:
+ txform = &enc_xform_camellia;
+ break;
+ case CRYPTO_AES_ICM:
+ txform = &enc_xform_aes_icm;
+ break;
+ case CRYPTO_AES_NIST_GCM_16:
+ txform = &enc_xform_aes_nist_gcm;
+ break;
+
+ default:
+ CRYPTDEB("invalid cipher");
+ return (EINVAL);
}
- if (sop->mac != 0) {
- if (CRYPTO_ALGO_VALID(sop->cipher) &&
- oc_auth_hash_array[sop->cipher].type == sop->mac) {
- thash = &oc_auth_hash_array[sop->cipher];
- } else {
- CRYPTDEB("invalid hash");
- return (EINVAL);
- }
+ switch (sop->mac) {
+ case 0:
+ break;
+ case CRYPTO_MD5_HMAC:
+ thash = &auth_hash_hmac_md5;
+ break;
+ case CRYPTO_SHA1_HMAC:
+ thash = &auth_hash_hmac_sha1;
+ break;
+ case CRYPTO_SHA2_256_HMAC:
+ thash = &auth_hash_hmac_sha2_256;
+ break;
+ case CRYPTO_SHA2_384_HMAC:
+ thash = &auth_hash_hmac_sha2_384;
+ break;
+ case CRYPTO_SHA2_512_HMAC:
+ thash = &auth_hash_hmac_sha2_512;
+ break;
+ case CRYPTO_RIPEMD160_HMAC:
+ thash = &auth_hash_hmac_ripemd_160;
+ break;
+ case CRYPTO_AES_128_NIST_GMAC:
+ thash = &auth_hash_nist_gmac_aes_128;
+ break;
+ case CRYPTO_AES_192_NIST_GMAC:
+ thash = &auth_hash_nist_gmac_aes_192;
+ break;
+ case CRYPTO_AES_256_NIST_GMAC:
+ thash = &auth_hash_nist_gmac_aes_256;
+ break;
+
+#ifdef notdef
+ case CRYPTO_MD5:
+ thash = &auth_hash_md5;
+ break;
+ case CRYPTO_SHA1:
+ thash = &auth_hash_sha1;
+ break;
+#endif
+ case CRYPTO_NULL_HMAC:
+ thash = &auth_hash_null;
+ break;
+ default:
+ CRYPTDEB("invalid mac");
+ return (EINVAL);
}
bzero(&crie, sizeof(crie));
@@ -1195,7 +1266,7 @@
struct csession *
csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
- const struct enc_xform *txform, const struct auth_hash *thash)
+ struct enc_xform *txform, struct auth_hash *thash)
{
struct csession *cse;
==== //depot/projects/opencrypto/sys/opencrypto/cryptosoft.c#5 (text+ko) ====
@@ -84,12 +84,10 @@
{
unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN];
- const struct enc_xform *exf;
- const struct enc_xform_funcs *exff;
+ struct enc_xform *exf;
int i, k, j, blks;
exf = sw->sw_exf;
- exff = &oc_enc_xform_funcs[exf->type];
blks = exf->blocksize;
/* Check for non-padded data */
@@ -122,8 +120,8 @@
int error;
if (sw->sw_kschedule)
- exff->zerokey(&(sw->sw_kschedule));
- error = exff->setkey(&sw->sw_kschedule,
+ exf->zerokey(&(sw->sw_kschedule));
+ error = exf->setkey(&sw->sw_kschedule,
crd->crd_key, crd->crd_klen / 8);
if (error)
return (error);
@@ -135,8 +133,8 @@
* xforms that provide a reinit method perform all IV
* handling themselves.
*/
- if (exff->reinit != NULL)
- exff->reinit(sw->sw_kschedule, iv);
+ if (exf->reinit)
+ exf->reinit(sw->sw_kschedule, iv);
if (flags & CRYPTO_F_IMBUF) {
struct mbuf *m = (struct mbuf *) buf;
@@ -157,12 +155,12 @@
m_copydata(m, k, blks, blk);
/* Actual encryption/decryption */
- if (exff->reinit != NULL) {
+ if (exf->reinit) {
if (crd->crd_flags & CRD_F_ENCRYPT) {
- exff->encrypt(sw->sw_kschedule,
+ exf->encrypt(sw->sw_kschedule,
blk);
} else {
- exff->decrypt(sw->sw_kschedule,
+ exf->decrypt(sw->sw_kschedule,
blk);
}
} else if (crd->crd_flags & CRD_F_ENCRYPT) {
@@ -170,7 +168,7 @@
for (j = 0; j < blks; j++)
blk[j] ^= ivp[j];
- exff->encrypt(sw->sw_kschedule, blk);
+ exf->encrypt(sw->sw_kschedule, blk);
/*
* Keep encrypted block for XOR'ing
@@ -188,7 +186,7 @@
else
bcopy(blk, iv, blks);
- exff->decrypt(sw->sw_kschedule, blk);
+ exf->decrypt(sw->sw_kschedule, blk);
/* XOR with previous block */
for (j = 0; j < blks; j++)
@@ -235,12 +233,12 @@
idat = mtod(m, unsigned char *) + k;
while (m->m_len >= k + blks && i > 0) {
- if (exff->reinit != NULL) {
+ if (exf->reinit) {
if (crd->crd_flags & CRD_F_ENCRYPT) {
- exff->encrypt(sw->sw_kschedule,
+ exf->encrypt(sw->sw_kschedule,
idat);
} else {
- exff->decrypt(sw->sw_kschedule,
+ exf->decrypt(sw->sw_kschedule,
idat);
}
} else if (crd->crd_flags & CRD_F_ENCRYPT) {
@@ -248,7 +246,7 @@
for (j = 0; j < blks; j++)
idat[j] ^= ivp[j];
- exff->encrypt(sw->sw_kschedule, idat);
+ exf->encrypt(sw->sw_kschedule, idat);
ivp = idat;
} else { /* decrypt */
/*
@@ -260,7 +258,7 @@
else
bcopy(idat, iv, blks);
- exff->decrypt(sw->sw_kschedule, idat);
+ exf->decrypt(sw->sw_kschedule, idat);
/* XOR with previous block/IV */
for (j = 0; j < blks; j++)
@@ -299,12 +297,12 @@
cuio_copydata(uio, k, blks, blk);
/* Actual encryption/decryption */
- if (exff->reinit != NULL) {
+ if (exf->reinit) {
if (crd->crd_flags & CRD_F_ENCRYPT) {
- exff->encrypt(sw->sw_kschedule,
+ exf->encrypt(sw->sw_kschedule,
blk);
} else {
- exff->decrypt(sw->sw_kschedule,
+ exf->decrypt(sw->sw_kschedule,
blk);
}
} else if (crd->crd_flags & CRD_F_ENCRYPT) {
@@ -312,7 +310,7 @@
for (j = 0; j < blks; j++)
blk[j] ^= ivp[j];
- exff->encrypt(sw->sw_kschedule, blk);
+ exf->encrypt(sw->sw_kschedule, blk);
/*
* Keep encrypted block for XOR'ing
@@ -330,7 +328,7 @@
else
bcopy(blk, iv, blks);
- exff->decrypt(sw->sw_kschedule, blk);
+ exf->decrypt(sw->sw_kschedule, blk);
/* XOR with previous block */
for (j = 0; j < blks; j++)
@@ -365,12 +363,12 @@
idat = (char *)iov->iov_base + k;
while (iov->iov_len >= k + blks && i > 0) {
- if (exff->reinit != NULL) {
+ if (exf->reinit) {
if (crd->crd_flags & CRD_F_ENCRYPT) {
- exff->encrypt(sw->sw_kschedule,
+ exf->encrypt(sw->sw_kschedule,
idat);
} else {
- exff->decrypt(sw->sw_kschedule,
+ exf->decrypt(sw->sw_kschedule,
idat);
}
} else if (crd->crd_flags & CRD_F_ENCRYPT) {
@@ -378,7 +376,7 @@
for (j = 0; j < blks; j++)
idat[j] ^= ivp[j];
- exff->encrypt(sw->sw_kschedule, idat);
+ exf->encrypt(sw->sw_kschedule, idat);
ivp = idat;
} else { /* decrypt */
/*
@@ -390,7 +388,7 @@
else
bcopy(idat, iv, blks);
- exff->decrypt(sw->sw_kschedule, idat);
+ exf->decrypt(sw->sw_kschedule, idat);
/* XOR with previous block/IV */
for (j = 0; j < blks; j++)
@@ -414,13 +412,13 @@
return 0; /* Done with iovec encryption/decryption */
} else { /* contiguous buffer */
- if (exff->reinit != NULL) {
+ if (exf->reinit) {
for (i = crd->crd_skip;
i < crd->crd_skip + crd->crd_len; i += blks) {
if (crd->crd_flags & CRD_F_ENCRYPT)
- exff->encrypt(sw->sw_kschedule, buf + i);
+ exf->encrypt(sw->sw_kschedule, buf + i);
else
- exff->decrypt(sw->sw_kschedule, buf + i);
+ exf->decrypt(sw->sw_kschedule, buf + i);
}
} else if (crd->crd_flags & CRD_F_ENCRYPT) {
for (i = crd->crd_skip;
@@ -432,7 +430,7 @@
else
for (k = 0; k < blks; k++)
buf[i + k] ^= buf[i + k - blks];
- exff->encrypt(sw->sw_kschedule, buf + i);
+ exf->encrypt(sw->sw_kschedule, buf + i);
}
} else { /* Decrypt */
/*
@@ -441,7 +439,7 @@
*/
for (i = crd->crd_skip + crd->crd_len - blks;
i >= crd->crd_skip; i -= blks) {
- exff->decrypt(sw->sw_kschedule, buf + i);
+ exf->decrypt(sw->sw_kschedule, buf + i);
/* XOR with the IV/previous block, as appropriate */
if (i == crd->crd_skip)
@@ -461,13 +459,11 @@
}
static void
-swcr_authprepare(const struct auth_hash *axf, struct swcr_data *sw, u_char *key,
+swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key,
int klen)
{
- const struct auth_hash_funcs *axff;
int k;
- axff = &oc_auth_hash_funcs[axf->type];
klen /= 8;
switch (axf->type) {
@@ -481,16 +477,16 @@
for (k = 0; k < klen; k++)
key[k] ^= HMAC_IPAD_VAL;
- axff->Init(sw->sw_ictx);
- axff->Update(sw->sw_ictx, key, klen);
- axff->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen);
+ axf->Init(sw->sw_ictx);
+ axf->Update(sw->sw_ictx, key, klen);
+ axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen);
for (k = 0; k < klen; k++)
key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
- axff->Init(sw->sw_octx);
- axff->Update(sw->sw_octx, key, klen);
- axff->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen);
+ axf->Init(sw->sw_octx);
+ axf->Update(sw->sw_octx, key, klen);
+ axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen);
for (k = 0; k < klen; k++)
key[k] ^= HMAC_OPAD_VAL;
@@ -512,9 +508,9 @@
sw->sw_klen = klen;
bcopy(key, sw->sw_octx, klen);
- axff->Init(sw->sw_ictx);
- axff->Update(sw->sw_ictx, key, klen);
- axff->Final(buf, sw->sw_ictx);
+ axf->Init(sw->sw_ictx);
+ axf->Update(sw->sw_ictx, key, klen);
+ axf->Final(buf, sw->sw_ictx);
break;
}
default:
@@ -531,8 +527,7 @@
int flags)
{
unsigned char aalg[HASH_MAX_LEN];
- const struct auth_hash *axf;
- const struct auth_hash_funcs *axff;
+ struct auth_hash *axf;
union authctx ctx;
int err;
@@ -540,7 +535,6 @@
return EINVAL;
axf = sw->sw_axf;
- axff = &oc_auth_hash_funcs[axf->type];
if (crd->crd_flags & CRD_F_KEY_EXPLICIT)
swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen);
@@ -548,7 +542,7 @@
bcopy(sw->sw_ictx, &ctx, axf->ctxsize);
err = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len,
- (int (*)(void *, void *, unsigned int))axff->Update, (caddr_t)&ctx);
+ (int (*)(void *, void *, unsigned int))axf->Update, (caddr_t)&ctx);
if (err)
return err;
@@ -562,10 +556,10 @@
if (sw->sw_octx == NULL)
return EINVAL;
- axff->Final(aalg, &ctx);
+ axf->Final(aalg, &ctx);
bcopy(sw->sw_octx, &ctx, axf->ctxsize);
- axff->Update(&ctx, aalg, axf->hashsize);
- axff->Final(aalg, &ctx);
+ axf->Update(&ctx, aalg, axf->hashsize);
+ axf->Final(aalg, &ctx);
break;
case CRYPTO_MD5_KPDK:
@@ -581,12 +575,12 @@
* and let Final() do the proper, natural "algofill"
* padding.
*/
- axff->Update(&ctx, sw->sw_octx, sw->sw_klen);
- axff->Final(aalg, &ctx);
+ axf->Update(&ctx, sw->sw_octx, sw->sw_klen);
+ axf->Final(aalg, &ctx);
break;
case CRYPTO_NULL_HMAC:
- axff->Final(aalg, &ctx);
+ axf->Final(aalg, &ctx);
break;
}
@@ -610,10 +604,8 @@
union authctx ctx;
struct cryptodesc *crd, *crda = NULL, *crde = NULL;
struct swcr_data *sw, *swa, *swe = NULL;
- const struct auth_hash *axf = NULL;
- const struct auth_hash_funcs *axff = NULL;
- const struct enc_xform *exf = NULL;
- struct enc_xform_funcs *exff = NULL;
+ struct auth_hash *axf = NULL;
+ struct enc_xform *exf = NULL;
caddr_t buf = (caddr_t)crp->crp_buf;
uint32_t *blkp;
int aadlen, blksz, i, ivlen, len, iskip, oskip, r;
@@ -678,11 +670,9 @@
}
}
- axff = &oc_auth_hash_funcs[axf->type];
-
/* Supply MAC with IV */
- if (axff->Reinit != NULL)
- axff->Reinit(&ctx, iv, ivlen);
+ if (axf->Reinit)
+ axf->Reinit(&ctx, iv, ivlen);
/* Supply MAC with AAD */
aadlen = crda->crd_len;
@@ -692,12 +682,12 @@
crypto_copydata(crp->crp_flags, buf, crda->crd_skip + i, len,
blk + oskip);
bzero(blk + len + oskip, blksz - len - oskip);
- axff->Update(&ctx, blk, blksz);
+ axf->Update(&ctx, blk, blksz);
oskip = 0; /* reset initial output offset */
}
- if (exff->reinit != NULL)
- exff->reinit(swe->sw_kschedule, iv);
+ if (exf->reinit)
+ exf->reinit(swe->sw_kschedule, iv);
/* Do encryption/decryption with MAC */
for (i = 0; i < crde->crd_len; i += blksz) {
@@ -707,12 +697,12 @@
crypto_copydata(crp->crp_flags, buf, crde->crd_skip + i, len,
blk);
if (crde->crd_flags & CRD_F_ENCRYPT) {
- exff->encrypt(swe->sw_kschedule, blk);
- axff->Update(&ctx, blk, len);
+ exf->encrypt(swe->sw_kschedule, blk);
+ axf->Update(&ctx, blk, len);
crypto_copyback(crp->crp_flags, buf,
crde->crd_skip + i, len, blk);
} else {
- axff->Update(&ctx, blk, len);
+ axf->Update(&ctx, blk, len);
}
}
@@ -727,12 +717,12 @@
*blkp = htobe32(aadlen * 8);
blkp = (uint32_t *)blk + 3;
*blkp = htobe32(crde->crd_len * 8);
- axff->Update(&ctx, blk, blksz);
+ axf->Update(&ctx, blk, blksz);
break;
}
/* Finalize MAC */
- axff->Final(aalg, &ctx);
+ axf->Final(aalg, &ctx);
/* Validate tag */
crypto_copydata(crp->crp_flags, buf, crda->crd_inject, axf->hashsize,
@@ -750,7 +740,7 @@
crypto_copydata(crp->crp_flags, buf,
crde->crd_skip + i, len, blk);
if (!(crde->crd_flags & CRD_F_ENCRYPT)) {
- exff->decrypt(swe->sw_kschedule, blk);
+ exf->decrypt(swe->sw_kschedule, blk);
}
crypto_copyback(crp->crp_flags, buf,
crde->crd_skip + i, len, blk);
@@ -772,13 +762,11 @@
caddr_t buf, int flags)
{
u_int8_t *data, *out;
- const struct comp_algo *cxf;
- const struct comp_algo_funcs *cxff;
+ struct comp_algo *cxf;
int adj;
u_int32_t result;
cxf = sw->sw_cxf;
- cxff = &oc_comp_algo_funcs[cxf->type];
/* We must handle the whole buffer of data in one time
* then if there is not all the data in the mbuf, we must
@@ -791,9 +779,9 @@
crypto_copydata(flags, buf, crd->crd_skip, crd->crd_len, data);
if (crd->crd_flags & CRD_F_COMP)
- result = cxff->compress(data, crd->crd_len, &out);
+ result = cxf->compress(data, crd->crd_len, &out);
else
- result = cxff->decompress(data, crd->crd_len, &out);
+ result = cxf->decompress(data, crd->crd_len, &out);
free(data, M_CRYPTO_DATA);
if (result == 0)
@@ -849,11 +837,9 @@
swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
{
struct swcr_data **swd;
- const struct auth_hash *axf;
- const struct auth_hash_funcs *axff;
- const struct enc_xform *txf;
- const struct enc_xform_funcs *txff;
- const struct comp_algo *cxf;
+ struct auth_hash *axf;
+ struct enc_xform *txf;
+ struct comp_algo *cxf;
u_int32_t i;
int error;
@@ -911,25 +897,46 @@
}
switch (cri->cri_alg) {
- case CRYPTO_AES_NIST_GMAC:
- txf = &oc_enc_xform_array[cri->cri_alg];
- (*swd)->sw_exf = txf;
- break;
case CRYPTO_DES_CBC:
+ txf = &enc_xform_des;
+ goto enccommon;
case CRYPTO_3DES_CBC:
+ txf = &enc_xform_3des;
+ goto enccommon;
case CRYPTO_BLF_CBC:
+ txf = &enc_xform_blf;
+ goto enccommon;
case CRYPTO_CAST_CBC:
+ txf = &enc_xform_cast5;
+ goto enccommon;
case CRYPTO_SKIPJACK_CBC:
+ txf = &enc_xform_skipjack;
+ goto enccommon;
case CRYPTO_RIJNDAEL128_CBC:
+ txf = &enc_xform_rijndael128;
+ goto enccommon;
case CRYPTO_AES_XTS:
+ txf = &enc_xform_aes_xts;
+ goto enccommon;
case CRYPTO_AES_ICM:
+ txf = &enc_xform_aes_icm;
+ goto enccommon;
case CRYPTO_AES_NIST_GCM_16:
+ txf = &enc_xform_aes_nist_gcm;
+ goto enccommon;
+ case CRYPTO_AES_NIST_GMAC:
+ txf = &enc_xform_aes_nist_gmac;
+ (*swd)->sw_exf = txf;
+ break;
case CRYPTO_CAMELLIA_CBC:
+ txf = &enc_xform_camellia;
+ goto enccommon;
case CRYPTO_NULL_CBC:
- txf = &oc_enc_xform_array[cri->cri_alg];
- txff = &oc_enc_xform_funcs[txf->type];
+ txf = &enc_xform_null;
+ goto enccommon;
+ enccommon:
if (cri->cri_key != NULL) {
- error = txff->setkey(&((*swd)->sw_kschedule),
+ error = txf->setkey(&((*swd)->sw_kschedule),
cri->cri_key, cri->cri_klen / 8);
if (error) {
swcr_freesession_locked(dev, i);
@@ -941,13 +948,26 @@
break;
case CRYPTO_MD5_HMAC:
+ axf = &auth_hash_hmac_md5;
+ goto authcommon;
case CRYPTO_SHA1_HMAC:
+ axf = &auth_hash_hmac_sha1;
+ goto authcommon;
case CRYPTO_SHA2_256_HMAC:
+ axf = &auth_hash_hmac_sha2_256;
+ goto authcommon;
case CRYPTO_SHA2_384_HMAC:
+ axf = &auth_hash_hmac_sha2_384;
+ goto authcommon;
case CRYPTO_SHA2_512_HMAC:
+ axf = &auth_hash_hmac_sha2_512;
+ goto authcommon;
case CRYPTO_NULL_HMAC:
+ axf = &auth_hash_null;
+ goto authcommon;
case CRYPTO_RIPEMD160_HMAC:
- axf = &oc_auth_hash_array[cri->cri_alg];
+ axf = &auth_hash_hmac_ripemd_160;
+ authcommon:
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
@@ -974,8 +994,12 @@
break;
case CRYPTO_MD5_KPDK:
+ axf = &auth_hash_key_md5;
+ goto auth2common;
+
case CRYPTO_SHA1_KPDK:
- axf = &oc_auth_hash_array[cri->cri_alg];
+ axf = &auth_hash_key_sha1;
+ auth2common:
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
@@ -1003,9 +1027,12 @@
break;
#ifdef notdef
case CRYPTO_MD5:
+ axf = &auth_hash_md5;
+ goto auth3common;
+
case CRYPTO_SHA1:
+ axf = &auth_hash_sha1;
auth3common:
- axf = &oc_auth_hash_array[cri->cri_alg];
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
@@ -1021,10 +1048,16 @@
#endif
case CRYPTO_AES_128_NIST_GMAC:
+ axf = &auth_hash_nist_gmac_aes_128;
+ goto auth4common;
+
case CRYPTO_AES_192_NIST_GMAC:
+ axf = &auth_hash_nist_gmac_aes_192;
+ goto auth4common;
+
case CRYPTO_AES_256_NIST_GMAC:
- axf = &oc_auth_hash_array[cri->cri_alg];
- axff = &oc_auth_hash_funcs[axf->type];
+ axf = &auth_hash_nist_gmac_aes_256;
+ auth4common:
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
@@ -1032,14 +1065,14 @@
rw_runlock(&swcr_sessions_lock);
return ENOBUFS;
}
- axff->Init((*swd)->sw_ictx);
- axff->Setkey((*swd)->sw_ictx, cri->cri_key,
+ axf->Init((*swd)->sw_ictx);
+ axf->Setkey((*swd)->sw_ictx, cri->cri_key,
cri->cri_klen / 8);
(*swd)->sw_axf = axf;
break;
case CRYPTO_DEFLATE_COMP:
- cxf = &oc_comp_algo_array[cri->cri_alg];
+ cxf = &comp_algo_deflate;
(*swd)->sw_cxf = cxf;
break;
default:
@@ -1074,10 +1107,9 @@
swcr_freesession_locked(device_t dev, u_int64_t tid)
{
struct swcr_data *swd;
- const struct enc_xform *txf;
- const struct enc_xform_funcs *txff;
- const struct auth_hash *axf;
- const struct comp_algo *cxf;
+ struct enc_xform *txf;
+ struct auth_hash *axf;
+ struct comp_algo *cxf;
u_int32_t sid = CRYPTO_SESID2LID(tid);
if (sid > swcr_sesnum || swcr_sessions == NULL ||
@@ -1105,10 +1137,9 @@
case CRYPTO_CAMELLIA_CBC:
case CRYPTO_NULL_CBC:
txf = swd->sw_exf;
- txff = &oc_enc_xform_funcs[txf->type];
if (swd->sw_kschedule)
- txff->zerokey(&(swd->sw_kschedule));
+ txf->zerokey(&(swd->sw_kschedule));
break;
case CRYPTO_MD5_HMAC:
==== //depot/projects/opencrypto/sys/opencrypto/cryptosoft.h#3 (text+ko) ====
@@ -34,15 +34,15 @@
u_int8_t *SW_octx;
u_int16_t SW_klen;
u_int16_t SW_mlen;
- const struct auth_hash *SW_axf;
+ struct auth_hash *SW_axf;
} SWCR_AUTH;
struct {
u_int8_t *SW_kschedule;
- const struct enc_xform *SW_exf;
+ struct enc_xform *SW_exf;
} SWCR_ENC;
struct {
u_int32_t SW_size;
- const struct comp_algo *SW_cxf;
+ struct comp_algo *SW_cxf;
} SWCR_COMP;
} SWCR_UN;
==== //depot/projects/opencrypto/sys/opencrypto/xform.c#6 (text+ko) ====
@@ -150,262 +150,232 @@
MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
/* Encryption instances */
-const struct enc_xform oc_enc_xform_array[CRYPTO_ALGORITHM_MAX + 1] = {
- [CRYPTO_NULL_CBC] = {
- CRYPTO_NULL_CBC, "NULL",
- /* NB: blocksize of 4 is to generate a properly aligned ESP header */
- NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
- },
- [CRYPTO_DES_CBC] = {
- CRYPTO_DES_CBC, "DES",
- DES_BLOCK_LEN, 8, 8,
- },
- [CRYPTO_3DES_CBC] = {
- CRYPTO_3DES_CBC, "3DES",
- DES3_BLOCK_LEN, 24, 24,
- },
- [CRYPTO_BLF_CBC] = {
- CRYPTO_BLF_CBC, "Blowfish",
- BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
- },
- [CRYPTO_CAST_CBC] = {
- CRYPTO_CAST_CBC, "CAST-128",
- CAST128_BLOCK_LEN, 5, 16,
- },
- [CRYPTO_SKIPJACK_CBC] = {
- CRYPTO_SKIPJACK_CBC, "Skipjack",
- SKIPJACK_BLOCK_LEN, 10, 10,
- },
- [CRYPTO_RIJNDAEL128_CBC] = {
- CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
- RIJNDAEL128_BLOCK_LEN, 16, 32,
- },
- [CRYPTO_AES_ICM] = {
- CRYPTO_AES_ICM, "AES-ICM",
- RIJNDAEL128_BLOCK_LEN, 16, 32,
- },
- [CRYPTO_AES_NIST_GCM_16] = {
- CRYPTO_AES_NIST_GCM_16, "AES-GCM",
- 1, 16, 32,
- },
- [CRYPTO_AES_NIST_GMAC] = {
- CRYPTO_AES_NIST_GMAC, "AES-GMAC",
- 1, 16, 32,
- },
- [CRYPTO_AES_XTS] = {
- CRYPTO_AES_XTS, "AES-XTS",
- RIJNDAEL128_BLOCK_LEN, 32, 64,
- },
- [CRYPTO_ARC4] = {
- CRYPTO_ARC4, "ARC4",
- 1, 1, 32,
- },
- [CRYPTO_CAMELLIA_CBC] = {
- CRYPTO_CAMELLIA_CBC, "Camellia",
- CAMELLIA_BLOCK_LEN, 8, 32,
- },
+struct enc_xform enc_xform_null = {
+ CRYPTO_NULL_CBC, "NULL",
+ /* NB: blocksize of 4 is to generate a properly aligned ESP header */
+ NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
+ null_encrypt,
+ null_decrypt,
+ null_setkey,
+ null_zerokey,
+ NULL,
+};
+
+struct enc_xform enc_xform_des = {
+ CRYPTO_DES_CBC, "DES",
+ DES_BLOCK_LEN, 8, 8,
+ des1_encrypt,
+ des1_decrypt,
+ des1_setkey,
+ des1_zerokey,
+ NULL,
+};
+
+struct enc_xform enc_xform_3des = {
+ CRYPTO_3DES_CBC, "3DES",
+ DES3_BLOCK_LEN, 24, 24,
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list