svn commit: r360933 - in head: share/man/man4 share/man/man9 sys/conf sys/dev/cesa sys/dev/hifn sys/dev/safe sys/dev/sec sys/mips/cavium/cryptocteon sys/mips/nlm/dev/sec sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Mon May 11 21:34:33 UTC 2020
Author: jhb
Date: Mon May 11 21:34:29 2020
New Revision: 360933
URL: https://svnweb.freebsd.org/changeset/base/360933
Log:
Remove support for DES and Triple DES from OCF.
It no longer has any in-kernel consumers via OCF. smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24773
Deleted:
head/sys/opencrypto/xform_des1.c
head/sys/opencrypto/xform_des3.c
Modified:
head/share/man/man4/hifn.4
head/share/man/man4/safe.4
head/share/man/man9/crypto.9
head/sys/conf/files
head/sys/conf/files.amd64
head/sys/conf/files.arm
head/sys/conf/files.arm64
head/sys/conf/files.i386
head/sys/conf/files.mips
head/sys/conf/files.powerpc
head/sys/conf/files.riscv
head/sys/dev/cesa/cesa.c
head/sys/dev/hifn/hifn7751.c
head/sys/dev/safe/safe.c
head/sys/dev/sec/sec.c
head/sys/mips/cavium/cryptocteon/cavium_crypto.c
head/sys/mips/cavium/cryptocteon/cryptocteon.c
head/sys/mips/cavium/cryptocteon/cryptocteonvar.h
head/sys/mips/nlm/dev/sec/nlmsec.c
head/sys/mips/nlm/dev/sec/nlmseclib.c
head/sys/opencrypto/crypto.c
head/sys/opencrypto/cryptodev.h
head/sys/opencrypto/xform.c
head/sys/opencrypto/xform_enc.h
Modified: head/share/man/man4/hifn.4
==============================================================================
--- head/share/man/man4/hifn.4 Mon May 11 21:24:22 2020 (r360932)
+++ head/share/man/man4/hifn.4 Mon May 11 21:34:29 2020 (r360933)
@@ -56,7 +56,7 @@ driver supports various cards containing the Hifn 7751
.Pp
The
.Nm
-driver registers itself to accelerate DES, Triple-DES,
+driver registers itself to accelerate
AES (7955 and 7956 only),
MD5-HMAC, SHA1, and SHA1-HMAC operations for
.Xr ipsec 4
Modified: head/share/man/man4/safe.4
==============================================================================
--- head/share/man/man4/safe.4 Mon May 11 21:24:22 2020 (r360932)
+++ head/share/man/man4/safe.4 Mon May 11 21:34:29 2020 (r360933)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"/
-.Dd April 1, 2006
+.Dd May 11, 2020
.Dt SAFE 4
.Os
.Sh NAME
@@ -60,7 +60,7 @@ driver supports cards containing SafeNet crypto accele
.Pp
The
.Nm
-driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC,
+driver registers itself to accelerate AES, MD5-HMAC,
SHA1-HMAC, and NULL operations for
.Xr ipsec 4
and
Modified: head/share/man/man9/crypto.9
==============================================================================
--- head/share/man/man9/crypto.9 Mon May 11 21:24:22 2020 (r360932)
+++ head/share/man/man9/crypto.9 Mon May 11 21:34:29 2020 (r360933)
@@ -131,8 +131,6 @@ The following encryption algorithms are supported:
.It Dv CRYPTO_AES_XTS
.It Dv CRYPTO_CAMELLIA_CBC
.It Dv CRYPTO_CHACHA20
-.It Dv CRYPTO_DES_CBC
-.It Dv CRYPTO_3DES_CBC
.It Dv CRYPTO_NULL_CBC
.El
.Pp
Modified: head/sys/conf/files
==============================================================================
--- head/sys/conf/files Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files Mon May 11 21:34:29 2020 (r360933)
@@ -684,8 +684,8 @@ crypto/camellia/camellia.c optional crypto | ipsec | i
crypto/camellia/camellia-api.c optional crypto | ipsec | ipsec_support
crypto/chacha20/chacha.c standard
crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support
-crypto/des/des_ecb.c optional crypto | ipsec | ipsec_support | netsmb
-crypto/des/des_setkey.c optional crypto | ipsec | ipsec_support | netsmb
+crypto/des/des_ecb.c optional netsmb
+crypto/des/des_setkey.c optional netsmb
crypto/rc4/rc4.c optional netgraph_mppc_encryption | kgssapi
crypto/rijndael/rijndael-alg-fst.c optional crypto | ekcd | geom_bde | \
ipsec | ipsec_support | !random_loadable | wlan_ccmp
Modified: head/sys/conf/files.amd64
==============================================================================
--- head/sys/conf/files.amd64 Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.amd64 Mon May 11 21:34:29 2020 (r360933)
@@ -136,8 +136,7 @@ amd64/pci/pci_cfgreg.c optional pci
cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
crypto/aesni/aeskeys_amd64.S optional aesni
-crypto/des/des_enc.c optional crypto | ipsec | \
- ipsec_support | netsmb
+crypto/des/des_enc.c optional netsmb
dev/acpi_support/acpi_wmi_if.m standard
dev/agp/agp_amd64.c optional agp
dev/agp/agp_i810.c optional agp
Modified: head/sys/conf/files.arm
==============================================================================
--- head/sys/conf/files.arm Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.arm Mon May 11 21:34:29 2020 (r360933)
@@ -91,7 +91,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c opti
cddl/dev/dtrace/arm/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/arm/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
cddl/dev/fbt/arm/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"
-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
+crypto/des/des_enc.c optional netsmb
dev/cpufreq/cpufreq_dt.c optional cpufreq fdt
dev/dwc/if_dwc.c optional dwc
dev/dwc/if_dwc_if.m optional dwc
Modified: head/sys/conf/files.arm64
==============================================================================
--- head/sys/conf/files.arm64 Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.arm64 Mon May 11 21:34:29 2020 (r360933)
@@ -221,7 +221,7 @@ armv8_crypto_wrap.o optional armv8crypto \
compile-with "${CC} -c ${CFLAGS:C/^-O2$/-O3/:N-nostdinc:N-mgeneral-regs-only} -I$S/crypto/armv8/ ${WERROR} ${NO_WCAST_QUAL} ${PROF} -march=armv8-a+crypto ${.IMPSRC}" \
no-implicit-rule \
clean "armv8_crypto_wrap.o"
-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
+crypto/des/des_enc.c optional netsmb
dev/acpica/acpi_bus_if.m optional acpi
dev/acpica/acpi_if.m optional acpi
dev/acpica/acpi_pci_link.c optional acpi pci
Modified: head/sys/conf/files.i386
==============================================================================
--- head/sys/conf/files.i386 Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.i386 Mon May 11 21:34:29 2020 (r360933)
@@ -76,7 +76,7 @@ compat/linux/linux_vdso.c optional compat_linux
compat/linux/linux.c optional compat_linux
compat/ndis/winx32_wrap.S optional ndisapi pci
crypto/aesni/aeskeys_i386.S optional aesni
-crypto/des/arch/i386/des_enc.S optional crypto | ipsec | ipsec_support | netsmb
+crypto/des/arch/i386/des_enc.S optional netsmb
dev/agp/agp_ali.c optional agp
dev/agp/agp_amd.c optional agp
dev/agp/agp_amd64.c optional agp
Modified: head/sys/conf/files.mips
==============================================================================
--- head/sys/conf/files.mips Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.mips Mon May 11 21:34:29 2020 (r360933)
@@ -82,8 +82,7 @@ mips/mips/sc_machdep.c optional sc
dev/uart/uart_cpu_fdt.c optional uart fdt
# crypto support -- use generic
-crypto/des/des_enc.c optional crypto | ipsec | \
- ipsec_support | netsmb
+crypto/des/des_enc.c optional netsmb
# AP common nvram interface MIPS specific, but maybe should be more generic
dev/nvram2env/nvram2env_mips.c optional nvram2env
Modified: head/sys/conf/files.powerpc
==============================================================================
--- head/sys/conf/files.powerpc Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.powerpc Mon May 11 21:34:29 2020 (r360933)
@@ -14,7 +14,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c op
cddl/dev/dtrace/powerpc/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/powerpc/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
cddl/dev/fbt/powerpc/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"
-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
+crypto/des/des_enc.c optional netsmb
dev/aacraid/aacraid_endian.c optional aacraid
dev/adb/adb_bus.c optional adb
dev/adb/adb_kbd.c optional adb
Modified: head/sys/conf/files.riscv
==============================================================================
--- head/sys/conf/files.riscv Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/conf/files.riscv Mon May 11 21:34:29 2020 (r360933)
@@ -2,7 +2,7 @@
cddl/dev/dtrace/riscv/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"
cddl/dev/dtrace/riscv/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"
cddl/dev/fbt/riscv/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"
-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb
+crypto/des/des_enc.c optional netsmb
dev/ofw/ofw_cpu.c optional fdt
dev/ofw/ofwpci.c optional pci fdt
dev/pci/pci_host_generic.c optional pci
Modified: head/sys/dev/cesa/cesa.c
==============================================================================
--- head/sys/dev/cesa/cesa.c Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/dev/cesa/cesa.c Mon May 11 21:34:29 2020 (r360933)
@@ -1577,14 +1577,6 @@ cesa_cipher_supported(const struct crypto_session_para
if (csp->csp_ivlen != AES_BLOCK_LEN)
return (false);
break;
- case CRYPTO_DES_CBC:
- if (csp->csp_ivlen != DES_BLOCK_LEN)
- return (false);
- break;
- case CRYPTO_3DES_CBC:
- if (csp->csp_ivlen != DES3_BLOCK_LEN)
- return (false);
- break;
default:
return (false);
}
@@ -1672,15 +1664,6 @@ cesa_newsession(device_t dev, crypto_session_t cses,
case CRYPTO_AES_CBC:
cs->cs_config |= CESA_CSHD_AES | CESA_CSHD_CBC;
cs->cs_ivlen = AES_BLOCK_LEN;
- break;
- case CRYPTO_DES_CBC:
- cs->cs_config |= CESA_CSHD_DES | CESA_CSHD_CBC;
- cs->cs_ivlen = DES_BLOCK_LEN;
- break;
- case CRYPTO_3DES_CBC:
- cs->cs_config |= CESA_CSHD_3DES | CESA_CSHD_3DES_EDE |
- CESA_CSHD_CBC;
- cs->cs_ivlen = DES3_BLOCK_LEN;
break;
}
Modified: head/sys/dev/hifn/hifn7751.c
==============================================================================
--- head/sys/dev/hifn/hifn7751.c Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/dev/hifn/hifn7751.c Mon May 11 21:34:29 2020 (r360933)
@@ -1604,14 +1604,6 @@ hifn_write_command(struct hifn_command *cmd, u_int8_t
if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) {
switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) {
- case HIFN_CRYPT_CMD_ALG_3DES:
- bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH);
- buf_pos += HIFN_3DES_KEY_LENGTH;
- break;
- case HIFN_CRYPT_CMD_ALG_DES:
- bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH);
- buf_pos += HIFN_DES_KEY_LENGTH;
- break;
case HIFN_CRYPT_CMD_ALG_AES:
/*
* AES keys are variable 128, 192 and
@@ -2328,8 +2320,6 @@ hifn_cipher_supported(struct hifn_softc *sc,
switch (sc->sc_ena) {
case HIFN_PUSTAT_ENA_2:
switch (csp->csp_cipher_alg) {
- case CRYPTO_3DES_CBC:
- break;
case CRYPTO_AES_CBC:
if ((sc->sc_flags & HIFN_HAS_AES) == 0)
return (false);
@@ -2343,13 +2333,6 @@ hifn_cipher_supported(struct hifn_softc *sc,
}
return (true);
}
- /*FALLTHROUGH*/
- case HIFN_PUSTAT_ENA_1:
- switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- return (true);
- }
- break;
}
return (false);
}
@@ -2448,16 +2431,6 @@ hifn_process(device_t dev, struct cryptop *crp, int hi
cmd->base_masks |= HIFN_BASE_CMD_DECODE;
cmd->base_masks |= HIFN_BASE_CMD_CRYPT;
switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES |
- HIFN_CRYPT_CMD_MODE_CBC |
- HIFN_CRYPT_CMD_NEW_IV;
- break;
- case CRYPTO_3DES_CBC:
- cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES |
- HIFN_CRYPT_CMD_MODE_CBC |
- HIFN_CRYPT_CMD_NEW_IV;
- break;
case CRYPTO_AES_CBC:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES |
HIFN_CRYPT_CMD_MODE_CBC |
Modified: head/sys/dev/safe/safe.c
==============================================================================
--- head/sys/dev/safe/safe.c Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/dev/safe/safe.c Mon May 11 21:34:29 2020 (r360933)
@@ -694,20 +694,6 @@ safe_cipher_supported(struct safe_softc *sc,
{
switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- case CRYPTO_3DES_CBC:
- if ((sc->sc_devinfo & SAFE_DEVINFO_DES) == 0)
- return (false);
- if (csp->csp_ivlen != 8)
- return (false);
- if (csp->csp_cipher_alg == CRYPTO_DES_CBC) {
- if (csp->csp_cipher_klen != 8)
- return (false);
- } else {
- if (csp->csp_cipher_klen != 24)
- return (false);
- }
- break;
case CRYPTO_AES_CBC:
if ((sc->sc_devinfo & SAFE_DEVINFO_AES) == 0)
return (false);
@@ -866,14 +852,6 @@ safe_process(device_t dev, struct cryptop *crp, int hi
safe_setup_enckey(ses, crp->crp_cipher_key);
switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- cmd0 |= SAFE_SA_CMD0_DES;
- cmd1 |= SAFE_SA_CMD1_CBC;
- break;
- case CRYPTO_3DES_CBC:
- cmd0 |= SAFE_SA_CMD0_3DES;
- cmd1 |= SAFE_SA_CMD1_CBC;
- break;
case CRYPTO_AES_CBC:
cmd0 |= SAFE_SA_CMD0_AES;
cmd1 |= SAFE_SA_CMD1_CBC;
Modified: head/sys/dev/sec/sec.c
==============================================================================
--- head/sys/dev/sec/sec.c Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/dev/sec/sec.c Mon May 11 21:34:29 2020 (r360933)
@@ -106,12 +106,6 @@ static int sec_aesu_make_desc(struct sec_softc *sc,
const struct crypto_session_params *csp, struct sec_desc *desc,
struct cryptop *crp);
-/* DEU */
-static bool sec_deu_newsession(const struct crypto_session_params *csp);
-static int sec_deu_make_desc(struct sec_softc *sc,
- const struct crypto_session_params *csp, struct sec_desc *desc,
- struct cryptop *crp);
-
/* MDEU */
static bool sec_mdeu_can_handle(u_int alg);
static int sec_mdeu_config(const struct crypto_session_params *csp,
@@ -154,10 +148,6 @@ static struct sec_eu_methods sec_eus[] = {
sec_aesu_make_desc,
},
{
- sec_deu_newsession,
- sec_deu_make_desc,
- },
- {
sec_mdeu_newsession,
sec_mdeu_make_desc,
},
@@ -1147,12 +1137,6 @@ sec_cipher_supported(const struct crypto_session_param
if (csp->csp_ivlen != AES_BLOCK_LEN)
return (false);
break;
- case CRYPTO_DES_CBC:
- case CRYPTO_3DES_CBC:
- /* DEU */
- if (csp->csp_ivlen != DES_BLOCK_LEN)
- return (false);
- break;
default:
return (false);
}
@@ -1462,55 +1446,6 @@ sec_aesu_make_desc(struct sec_softc *sc,
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
hd->shd_mode0 |= SEC_AESU_MODE_ED;
- hd->shd_dir = 0;
- } else
- hd->shd_dir = 1;
-
- if (csp->csp_mode == CSP_MODE_ETA)
- error = sec_build_common_s_desc(sc, desc, csp, crp);
- else
- error = sec_build_common_ns_desc(sc, desc, csp, crp);
-
- return (error);
-}
-
-/* DEU */
-
-static bool
-sec_deu_newsession(const struct crypto_session_params *csp)
-{
-
- switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- case CRYPTO_3DES_CBC:
- return (true);
- default:
- return (false);
- }
-}
-
-static int
-sec_deu_make_desc(struct sec_softc *sc, const struct crypto_session_params *csp,
- struct sec_desc *desc, struct cryptop *crp)
-{
- struct sec_hw_desc *hd = desc->sd_desc;
- int error;
-
- hd->shd_eu_sel0 = SEC_EU_DEU;
- hd->shd_mode0 = SEC_DEU_MODE_CBC;
-
- switch (csp->csp_cipher_alg) {
- case CRYPTO_3DES_CBC:
- hd->shd_mode0 |= SEC_DEU_MODE_TS;
- break;
- case CRYPTO_DES_CBC:
- break;
- default:
- return (EINVAL);
- }
-
- if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
- hd->shd_mode0 |= SEC_DEU_MODE_ED;
hd->shd_dir = 0;
} else
hd->shd_dir = 1;
Modified: head/sys/mips/cavium/cryptocteon/cavium_crypto.c
==============================================================================
--- head/sys/mips/cavium/cryptocteon/cavium_crypto.c Mon May 11 21:24:22 2020 (r360932)
+++ head/sys/mips/cavium/cryptocteon/cavium_crypto.c Mon May 11 21:34:29 2020 (r360933)
@@ -90,12 +90,10 @@ __FBSDID("$FreeBSD$");
} while (0)
#define ESP_HEADER_LENGTH 8
-#define DES_CBC_IV_LENGTH 8
#define AES_CBC_IV_LENGTH 16
#define ESP_HMAC_LEN 12
#define ESP_HEADER_LENGTH 8
-#define DES_CBC_IV_LENGTH 8
/****************************************************************************/
@@ -320,125 +318,6 @@ octo_calc_hash(uint8_t auth, unsigned char *key, uint6
}
/****************************************************************************/
-/* DES functions */
-
-int
-octo_des_cbc_encrypt(
- struct octo_sess *od,
- struct iovec *iov, size_t iovcnt, size_t iovlen,
- int auth_off, int auth_len,
- int crypt_off, int crypt_len,
- uint8_t *icv, uint8_t *ivp)
-{
- uint64_t *data;
- int data_i, data_l;
-
- dprintf("%s()\n", __func__);
-
- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
- (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) {
- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
- return -EINVAL;
- }
-
- IOV_INIT(iov, data, data_i, data_l);
-
- CVMX_PREFETCH0(ivp);
- CVMX_PREFETCH0(od->octo_enckey);
-
-
- /* load 3DES Key */
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
- if (od->octo_encklen == 24) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
- } else if (od->octo_encklen == 8) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
- } else {
- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
- return -EINVAL;
- }
-
- CVMX_MT_3DES_IV(* (uint64_t *) ivp);
-
- while (crypt_off > 0) {
- IOV_CONSUME(iov, data, data_i, data_l);
- crypt_off -= 8;
- }
-
- while (crypt_len > 0) {
- CVMX_MT_3DES_ENC_CBC(*data);
- CVMX_MF_3DES_RESULT(*data);
- IOV_CONSUME(iov, data, data_i, data_l);
- crypt_len -= 8;
- }
-
- return 0;
-}
-
-
-int
-octo_des_cbc_decrypt(
- struct octo_sess *od,
- struct iovec *iov, size_t iovcnt, size_t iovlen,
- int auth_off, int auth_len,
- int crypt_off, int crypt_len,
- uint8_t *icv, uint8_t *ivp)
-{
- uint64_t *data;
- int data_i, data_l;
-
- dprintf("%s()\n", __func__);
-
- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
- (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) {
- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
- return -EINVAL;
- }
-
- IOV_INIT(iov, data, data_i, data_l);
-
- CVMX_PREFETCH0(ivp);
- CVMX_PREFETCH0(od->octo_enckey);
-
- /* load 3DES Key */
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
- if (od->octo_encklen == 24) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
- } else if (od->octo_encklen == 8) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
- } else {
- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
- return -EINVAL;
- }
-
- CVMX_MT_3DES_IV(* (uint64_t *) ivp);
-
- while (crypt_off > 0) {
- IOV_CONSUME(iov, data, data_i, data_l);
- crypt_off -= 8;
- }
-
- while (crypt_len > 0) {
- CVMX_MT_3DES_DEC_CBC(*data);
- CVMX_MF_3DES_RESULT(*data);
- IOV_CONSUME(iov, data, data_i, data_l);
- crypt_len -= 8;
- }
-
- return 0;
-}
-
-/****************************************************************************/
/* AES functions */
int
@@ -773,593 +652,6 @@ octo_null_sha1_encrypt(
data++;
CVMX_MF_HSH_IV(tmp1, 1);
*(uint32_t *)data = (uint32_t) (tmp1 >> 32);
-
- return 0;
-}
-
-/****************************************************************************/
-/* DES MD5 */
-
-int
-octo_des_cbc_md5_encrypt(
- struct octo_sess *od,
- struct iovec *iov, size_t iovcnt, size_t iovlen,
- int auth_off, int auth_len,
- int crypt_off, int crypt_len,
- uint8_t *icv, uint8_t *ivp)
-{
- int next = 0;
- union {
- uint32_t data32[2];
- uint64_t data64[1];
- } mydata;
- uint64_t *data = &mydata.data64[0];
- uint32_t *data32;
- uint64_t tmp1, tmp2;
- int data_i, data_l, alen = auth_len;
-
- dprintf("%s()\n", __func__);
-
- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
- (crypt_len & 0x7) ||
- (auth_len & 0x7) ||
- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
- return -EINVAL;
- }
-
- IOV_INIT(iov, data32, data_i, data_l);
-
- CVMX_PREFETCH0(ivp);
- CVMX_PREFETCH0(od->octo_enckey);
-
- /* load 3DES Key */
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
- if (od->octo_encklen == 24) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
- } else if (od->octo_encklen == 8) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
- } else {
- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
- return -EINVAL;
- }
-
- CVMX_MT_3DES_IV(* (uint64_t *) ivp);
-
- /* Load MD5 IV */
- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
-
- while (crypt_off > 0 && auth_off > 0) {
- IOV_CONSUME(iov, data32, data_i, data_l);
- crypt_off -= 4;
- auth_off -= 4;
- }
-
- while (crypt_len > 0 || auth_len > 0) {
- uint32_t *first = data32;
- mydata.data32[0] = *first;
- IOV_CONSUME(iov, data32, data_i, data_l);
- mydata.data32[1] = *data32;
- if (crypt_off <= 0) {
- if (crypt_len > 0) {
- CVMX_MT_3DES_ENC_CBC(*data);
- CVMX_MF_3DES_RESULT(*data);
- crypt_len -= 8;
- }
- } else
- crypt_off -= 8;
- if (auth_off <= 0) {
- if (auth_len > 0) {
- CVM_LOAD_MD5_UNIT(*data, next);
- auth_len -= 8;
- }
- } else
- auth_off -= 8;
- *first = mydata.data32[0];
- *data32 = mydata.data32[1];
- IOV_CONSUME(iov, data32, data_i, data_l);
- }
-
- /* finish the hash */
- CVMX_PREFETCH0(od->octo_hmouter);
-#if 0
- if (__predict_false(inplen)) {
- uint64_t tmp = 0;
- uint8_t *p = (uint8_t *) & tmp;
- p[inplen] = 0x80;
- do {
- inplen--;
- p[inplen] = ((uint8_t *) data)[inplen];
- } while (inplen);
- CVM_LOAD_MD5_UNIT(tmp, next);
- } else {
- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
- }
-#else
- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-#endif
-
- /* Finish Inner hash */
- while (next != 7) {
- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
- }
- CVMX_ES64(tmp1, ((alen + 64) << 3));
- CVM_LOAD_MD5_UNIT(tmp1, next);
-
- /* Get the inner hash of HMAC */
- CVMX_MF_HSH_IV(tmp1, 0);
- CVMX_MF_HSH_IV(tmp2, 1);
-
- /* Initialize hash unit */
- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
-
- CVMX_MT_HSH_DAT(tmp1, 0);
- CVMX_MT_HSH_DAT(tmp2, 1);
- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
- CVMX_MT_HSH_DATZ(3);
- CVMX_MT_HSH_DATZ(4);
- CVMX_MT_HSH_DATZ(5);
- CVMX_MT_HSH_DATZ(6);
- CVMX_ES64(tmp1, ((64 + 16) << 3));
- CVMX_MT_HSH_STARTMD5(tmp1);
-
- /* save the HMAC */
- data32 = (uint32_t *)icv;
- CVMX_MF_HSH_IV(tmp1, 0);
- *data32 = (uint32_t) (tmp1 >> 32);
- data32++;
- *data32 = (uint32_t) tmp1;
- data32++;
- CVMX_MF_HSH_IV(tmp1, 1);
- *data32 = (uint32_t) (tmp1 >> 32);
-
- return 0;
-}
-
-int
-octo_des_cbc_md5_decrypt(
- struct octo_sess *od,
- struct iovec *iov, size_t iovcnt, size_t iovlen,
- int auth_off, int auth_len,
- int crypt_off, int crypt_len,
- uint8_t *icv, uint8_t *ivp)
-{
- int next = 0;
- union {
- uint32_t data32[2];
- uint64_t data64[1];
- } mydata;
- uint64_t *data = &mydata.data64[0];
- uint32_t *data32;
- uint64_t tmp1, tmp2;
- int data_i, data_l, alen = auth_len;
-
- dprintf("%s()\n", __func__);
-
- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
- (crypt_len & 0x7) ||
- (auth_len & 0x7) ||
- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
- return -EINVAL;
- }
-
- IOV_INIT(iov, data32, data_i, data_l);
-
- CVMX_PREFETCH0(ivp);
- CVMX_PREFETCH0(od->octo_enckey);
-
- /* load 3DES Key */
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
- if (od->octo_encklen == 24) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
- } else if (od->octo_encklen == 8) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
- } else {
- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
- return -EINVAL;
- }
-
- CVMX_MT_3DES_IV(* (uint64_t *) ivp);
-
- /* Load MD5 IV */
- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
-
- while (crypt_off > 0 && auth_off > 0) {
- IOV_CONSUME(iov, data32, data_i, data_l);
- crypt_off -= 4;
- auth_off -= 4;
- }
-
- while (crypt_len > 0 || auth_len > 0) {
- uint32_t *first = data32;
- mydata.data32[0] = *first;
- IOV_CONSUME(iov, data32, data_i, data_l);
- mydata.data32[1] = *data32;
- if (auth_off <= 0) {
- if (auth_len > 0) {
- CVM_LOAD_MD5_UNIT(*data, next);
- auth_len -= 8;
- }
- } else
- auth_off -= 8;
- if (crypt_off <= 0) {
- if (crypt_len > 0) {
- CVMX_MT_3DES_DEC_CBC(*data);
- CVMX_MF_3DES_RESULT(*data);
- crypt_len -= 8;
- }
- } else
- crypt_off -= 8;
- *first = mydata.data32[0];
- *data32 = mydata.data32[1];
- IOV_CONSUME(iov, data32, data_i, data_l);
- }
-
- /* finish the hash */
- CVMX_PREFETCH0(od->octo_hmouter);
-#if 0
- if (__predict_false(inplen)) {
- uint64_t tmp = 0;
- uint8_t *p = (uint8_t *) & tmp;
- p[inplen] = 0x80;
- do {
- inplen--;
- p[inplen] = ((uint8_t *) data)[inplen];
- } while (inplen);
- CVM_LOAD_MD5_UNIT(tmp, next);
- } else {
- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
- }
-#else
- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-#endif
-
- /* Finish Inner hash */
- while (next != 7) {
- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
- }
- CVMX_ES64(tmp1, ((alen + 64) << 3));
- CVM_LOAD_MD5_UNIT(tmp1, next);
-
- /* Get the inner hash of HMAC */
- CVMX_MF_HSH_IV(tmp1, 0);
- CVMX_MF_HSH_IV(tmp2, 1);
-
- /* Initialize hash unit */
- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
-
- CVMX_MT_HSH_DAT(tmp1, 0);
- CVMX_MT_HSH_DAT(tmp2, 1);
- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
- CVMX_MT_HSH_DATZ(3);
- CVMX_MT_HSH_DATZ(4);
- CVMX_MT_HSH_DATZ(5);
- CVMX_MT_HSH_DATZ(6);
- CVMX_ES64(tmp1, ((64 + 16) << 3));
- CVMX_MT_HSH_STARTMD5(tmp1);
-
- /* save the HMAC */
- data32 = (uint32_t *)icv;
- CVMX_MF_HSH_IV(tmp1, 0);
- *data32 = (uint32_t) (tmp1 >> 32);
- data32++;
- *data32 = (uint32_t) tmp1;
- data32++;
- CVMX_MF_HSH_IV(tmp1, 1);
- *data32 = (uint32_t) (tmp1 >> 32);
-
- return 0;
-}
-
-/****************************************************************************/
-/* DES SHA */
-
-int
-octo_des_cbc_sha1_encrypt(
- struct octo_sess *od,
- struct iovec *iov, size_t iovcnt, size_t iovlen,
- int auth_off, int auth_len,
- int crypt_off, int crypt_len,
- uint8_t *icv, uint8_t *ivp)
-{
- int next = 0;
- union {
- uint32_t data32[2];
- uint64_t data64[1];
- } mydata;
- uint64_t *data = &mydata.data64[0];
- uint32_t *data32;
- uint64_t tmp1, tmp2, tmp3;
- int data_i, data_l, alen = auth_len;
-
- dprintf("%s()\n", __func__);
-
- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
- (crypt_len & 0x7) ||
- (auth_len & 0x7) ||
- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
- return -EINVAL;
- }
-
- IOV_INIT(iov, data32, data_i, data_l);
-
- CVMX_PREFETCH0(ivp);
- CVMX_PREFETCH0(od->octo_enckey);
-
- /* load 3DES Key */
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
- if (od->octo_encklen == 24) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
- } else if (od->octo_encklen == 8) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
- } else {
- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
- return -EINVAL;
- }
-
- CVMX_MT_3DES_IV(* (uint64_t *) ivp);
-
- /* Load SHA1 IV */
- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
- CVMX_MT_HSH_IV(od->octo_hminner[2], 2);
-
- while (crypt_off > 0 && auth_off > 0) {
- IOV_CONSUME(iov, data32, data_i, data_l);
- crypt_off -= 4;
- auth_off -= 4;
- }
-
- while (crypt_len > 0 || auth_len > 0) {
- uint32_t *first = data32;
- mydata.data32[0] = *first;
- IOV_CONSUME(iov, data32, data_i, data_l);
- mydata.data32[1] = *data32;
- if (crypt_off <= 0) {
- if (crypt_len > 0) {
- CVMX_MT_3DES_ENC_CBC(*data);
- CVMX_MF_3DES_RESULT(*data);
- crypt_len -= 8;
- }
- } else
- crypt_off -= 8;
- if (auth_off <= 0) {
- if (auth_len > 0) {
- CVM_LOAD_SHA_UNIT(*data, next);
- auth_len -= 8;
- }
- } else
- auth_off -= 8;
- *first = mydata.data32[0];
- *data32 = mydata.data32[1];
- IOV_CONSUME(iov, data32, data_i, data_l);
- }
-
- /* finish the hash */
- CVMX_PREFETCH0(od->octo_hmouter);
-#if 0
- if (__predict_false(inplen)) {
- uint64_t tmp = 0;
- uint8_t *p = (uint8_t *) & tmp;
- p[inplen] = 0x80;
- do {
- inplen--;
- p[inplen] = ((uint8_t *) data)[inplen];
- } while (inplen);
- CVM_LOAD_SHA_UNIT(tmp, next);
- } else {
- CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);
- }
-#else
- CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);
-#endif
-
- /* Finish Inner hash */
- while (next != 7) {
- CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next);
- }
- CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next);
-
- /* Get the inner hash of HMAC */
- CVMX_MF_HSH_IV(tmp1, 0);
- CVMX_MF_HSH_IV(tmp2, 1);
- tmp3 = 0;
- CVMX_MF_HSH_IV(tmp3, 2);
-
- /* Initialize hash unit */
- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
- CVMX_MT_HSH_IV(od->octo_hmouter[2], 2);
-
- CVMX_MT_HSH_DAT(tmp1, 0);
- CVMX_MT_HSH_DAT(tmp2, 1);
- tmp3 |= 0x0000000080000000;
- CVMX_MT_HSH_DAT(tmp3, 2);
- CVMX_MT_HSH_DATZ(3);
- CVMX_MT_HSH_DATZ(4);
- CVMX_MT_HSH_DATZ(5);
- CVMX_MT_HSH_DATZ(6);
- CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3));
-
- /* save the HMAC */
- data32 = (uint32_t *)icv;
- CVMX_MF_HSH_IV(tmp1, 0);
- *data32 = (uint32_t) (tmp1 >> 32);
- data32++;
- *data32 = (uint32_t) tmp1;
- data32++;
- CVMX_MF_HSH_IV(tmp1, 1);
- *data32 = (uint32_t) (tmp1 >> 32);
-
- return 0;
-}
-
-int
-octo_des_cbc_sha1_decrypt(
- struct octo_sess *od,
- struct iovec *iov, size_t iovcnt, size_t iovlen,
- int auth_off, int auth_len,
- int crypt_off, int crypt_len,
- uint8_t *icv, uint8_t *ivp)
-{
- int next = 0;
- union {
- uint32_t data32[2];
- uint64_t data64[1];
- } mydata;
- uint64_t *data = &mydata.data64[0];
- uint32_t *data32;
- uint64_t tmp1, tmp2, tmp3;
- int data_i, data_l, alen = auth_len;
-
- dprintf("%s()\n", __func__);
-
- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
- (crypt_len & 0x7) ||
- (auth_len & 0x7) ||
- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
- return -EINVAL;
- }
-
- IOV_INIT(iov, data32, data_i, data_l);
-
- CVMX_PREFETCH0(ivp);
- CVMX_PREFETCH0(od->octo_enckey);
-
- /* load 3DES Key */
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
- if (od->octo_encklen == 24) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
- } else if (od->octo_encklen == 8) {
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);
- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);
- } else {
- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
- return -EINVAL;
- }
-
- CVMX_MT_3DES_IV(* (uint64_t *) ivp);
-
- /* Load SHA1 IV */
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list