svn commit: r360562 - in head: sys/opencrypto tests/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Sat May 2 14:20:33 UTC 2020
Author: jhb
Date: Sat May 2 14:20:32 2020
New Revision: 360562
URL: https://svnweb.freebsd.org/changeset/base/360562
Log:
Remove support for the algorithms deprecated in r348876.
This removes support for the following algorithms:
- ARC4
- Blowfish
- CAST128
- DES
- 3DES
- MD5-HMAC
- Skipjack
Since /dev/crypto no longer supports 3DES, stop testing the 3DES KAT
vectors in cryptotest.py.
Reviewed by: cem (previous version)
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24346
Modified:
head/sys/opencrypto/cryptodev.c
head/tests/sys/opencrypto/cryptotest.py
Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c Sat May 2 13:42:03 2020 (r360561)
+++ head/sys/opencrypto/cryptodev.c Sat May 2 14:20:32 2020 (r360562)
@@ -291,11 +291,6 @@ struct fcrypt {
struct mtx lock;
};
-static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
-SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW,
- &warninterval,
- "Delay in seconds between warnings of deprecated /dev/crypto algorithms");
-
static int cryptof_ioctl(struct file *, u_long, void *,
struct ucred *, struct thread *);
static int cryptof_stat(struct file *, struct stat *,
@@ -408,21 +403,9 @@ cryptof_ioctl(
switch (sop->cipher) {
case 0:
break;
- case CRYPTO_DES_CBC:
- txform = &enc_xform_des;
- break;
case CRYPTO_3DES_CBC:
txform = &enc_xform_3des;
break;
- case CRYPTO_BLF_CBC:
- txform = &enc_xform_blf;
- break;
- case CRYPTO_CAST_CBC:
- txform = &enc_xform_cast5;
- break;
- case CRYPTO_SKIPJACK_CBC:
- txform = &enc_xform_skipjack;
- break;
case CRYPTO_AES_CBC:
txform = &enc_xform_rijndael128;
break;
@@ -432,9 +415,6 @@ cryptof_ioctl(
case CRYPTO_NULL_CBC:
txform = &enc_xform_null;
break;
- case CRYPTO_ARC4:
- txform = &enc_xform_arc4;
- break;
case CRYPTO_CAMELLIA_CBC:
txform = &enc_xform_camellia;
break;
@@ -460,9 +440,6 @@ cryptof_ioctl(
switch (sop->mac) {
case 0:
break;
- case CRYPTO_MD5_HMAC:
- thash = &auth_hash_hmac_md5;
- break;
case CRYPTO_POLY1305:
thash = &auth_hash_poly1305;
break;
@@ -847,49 +824,6 @@ cod_free(struct cryptop_data *cod)
free(cod, M_XDATA);
}
-static void
-cryptodev_warn(struct csession *cse)
-{
- static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
- static struct timeval skipwarn, tdeswarn;
- const struct crypto_session_params *csp;
-
- csp = crypto_get_params(cse->cses);
- switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- if (ratecheck(&deswarn, &warninterval))
- gone_in(13, "DES cipher via /dev/crypto");
- break;
- case CRYPTO_3DES_CBC:
- if (ratecheck(&tdeswarn, &warninterval))
- gone_in(13, "3DES cipher via /dev/crypto");
- break;
- case CRYPTO_BLF_CBC:
- if (ratecheck(&blfwarn, &warninterval))
- gone_in(13, "Blowfish cipher via /dev/crypto");
- break;
- case CRYPTO_CAST_CBC:
- if (ratecheck(&castwarn, &warninterval))
- gone_in(13, "CAST128 cipher via /dev/crypto");
- break;
- case CRYPTO_SKIPJACK_CBC:
- if (ratecheck(&skipwarn, &warninterval))
- gone_in(13, "Skipjack cipher via /dev/crypto");
- break;
- case CRYPTO_ARC4:
- if (ratecheck(&arc4warn, &warninterval))
- gone_in(13, "ARC4 cipher via /dev/crypto");
- break;
- }
-
- switch (csp->csp_auth_alg) {
- case CRYPTO_MD5_HMAC:
- if (ratecheck(&md5warn, &warninterval))
- gone_in(13, "MD5-HMAC authenticator via /dev/crypto");
- break;
- }
-}
-
static int
cryptodev_op(
struct csession *cse,
@@ -1040,7 +974,6 @@ cryptodev_op(
goto bail;
}
}
- cryptodev_warn(cse);
again:
/*
* Let the dispatch run unlocked, then, interlock against the
@@ -1231,7 +1164,6 @@ cryptodev_aead(
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
- cryptodev_warn(cse);
again:
/*
* Let the dispatch run unlocked, then, interlock against the
Modified: head/tests/sys/opencrypto/cryptotest.py
==============================================================================
--- head/tests/sys/opencrypto/cryptotest.py Sat May 2 13:42:03 2020 (r360561)
+++ head/tests/sys/opencrypto/cryptotest.py Sat May 2 14:20:32 2020 (r360562)
@@ -51,7 +51,6 @@ def katg(base, glob):
return iglob(os.path.join(katdir, base, glob))
aesmodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0' ]
-desmodules = [ 'cryptosoft0', ]
shamodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0' ]
def GenTestCase(cname):
@@ -331,46 +330,6 @@ def GenTestCase(cname):
" Actual: " + repr(binascii.hexlify(r)) + \
" Expected: " + repr(data) + \
" on " + cname)
-
- ###############
- ##### DES #####
- ###############
- @unittest.skipIf(cname not in desmodules, 'skipping DES on %s' % (cname))
- def test_tdes(self):
- for i in katg('KAT_TDES', 'TCBC[a-z]*.rsp'):
- self.runTDES(i)
-
- def runTDES(self, fname):
- columns = [ 'COUNT', 'KEYs', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]
- with cryptodev.KATParser(fname, columns) as parser:
- self.runTDESWithParser(parser)
-
- def runTDESWithParser(self, parser):
- curfun = None
- for mode, lines in next(parser):
- if mode == 'ENCRYPT':
- swapptct = False
- curfun = Crypto.encrypt
- elif mode == 'DECRYPT':
- swapptct = True
- curfun = Crypto.decrypt
- else:
- raise RuntimeError('unknown mode: %r' % repr(mode))
-
- for data in lines:
- curcnt = int(data['COUNT'])
- key = data['KEYs'] * 3
- cipherkey = binascii.unhexlify(key)
- iv = binascii.unhexlify(data['IV'])
- pt = binascii.unhexlify(data['PLAINTEXT'])
- ct = binascii.unhexlify(data['CIPHERTEXT'])
-
- if swapptct:
- pt, ct = ct, pt
- # run the fun
- c = Crypto(cryptodev.CRYPTO_3DES_CBC, cipherkey, crid=crid)
- r = curfun(c, pt, iv)
- self.assertEqual(r, ct)
###############
##### SHA #####
More information about the svn-src-all
mailing list