Date: Mon, 8 Sep 2014 04:48:23 GMT From: John-Mark Gurney <jmg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 1198590 for review Message-ID: <201409080448.s884mN1e019752@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@1198590?ac=10 Change 1198590 by jmg@jmg_carbon2 on 2014/08/11 21:11:42 save my work on trying to make xform.c be local to the software, but apparently via's padlock uses the software which IMO it shouldn't, at least not with out a proper public interface... Affected files ... .. //depot/projects/opencrypto/sys/crypto/via/padlock.h#2 edit .. //depot/projects/opencrypto/sys/crypto/via/padlock_hash.c#3 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#4 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptodev.h#4 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptosoft.c#4 edit .. //depot/projects/opencrypto/sys/opencrypto/cryptosoft.h#2 edit .. //depot/projects/opencrypto/sys/opencrypto/xform.c#5 edit .. //depot/projects/opencrypto/sys/opencrypto/xform.h#5 edit Differences ... ==== //depot/projects/opencrypto/sys/crypto/via/padlock.h#2 (text+ko) ==== @@ -64,12 +64,17 @@ #define cw_filler2 __field.filler2 #define cw_filler3 __field.filler3 +struct auth_hash_comb { + struct auth_hash axf; + struct auth_hash_funcs axff; +}; + struct padlock_session { union padlock_cw ses_cw __aligned(16); uint32_t ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */ uint32_t ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */ uint8_t ses_iv[16] __aligned(16); /* 128 bit aligned */ - struct auth_hash *ses_axf; + struct auth_hash_comb *ses_axfc; uint8_t *ses_ictx; uint8_t *ses_octx; int ses_mlen; ==== //depot/projects/opencrypto/sys/crypto/via/padlock_hash.c#3 (text+ko) ==== @@ -80,17 +80,21 @@ static void padlock_sha1_final(uint8_t *hash, struct padlock_sha_ctx *ctx); static void padlock_sha256_final(uint8_t *hash, struct padlock_sha_ctx *ctx); -static struct auth_hash padlock_hmac_sha1 = { - CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx), - (void (*)(void *))padlock_sha_init, NULL, NULL, - (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, - (void (*)(uint8_t *, void *))padlock_sha1_final +static struct auth_hash_comb padlock_hmac_sha1 = { + { CRYPTO_SHA1_HMAC, "HMAC-SHA1", + 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, + sizeof(struct padlock_sha_ctx), }, + { (void (*)(void *))padlock_sha_init, NULL, NULL, + (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, + (void (*)(uint8_t *, void *))padlock_sha1_final }, }; static struct auth_hash padlock_hmac_sha256 = { CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", 32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(struct padlock_sha_ctx), +}; + +static struct auth_hash_funcs padlock_hmac_sha256_funcs = { (void (*)(void *))padlock_sha_init, NULL, NULL, (int (*)(void *, const uint8_t *, uint16_t))padlock_sha_update, (void (*)(uint8_t *, void *))padlock_sha256_final @@ -243,11 +247,15 @@ static void padlock_hash_key_setup(struct padlock_session *ses, caddr_t key, int klen) { + struct auth_hash_comb *axfc; struct auth_hash *axf; + struct auth_hash_funcs *axff; int i; klen /= 8; - axf = ses->ses_axf; + axfc = ses->ses_axfc; + axf = &axfc->axf; + axff = &axfc->axff; /* * Try to free contexts before using them, because @@ -260,16 +268,16 @@ for (i = 0; i < klen; i++) key[i] ^= HMAC_IPAD_VAL; - axf->Init(ses->ses_ictx); - axf->Update(ses->ses_ictx, key, klen); - axf->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen); + axff->Init(ses->ses_ictx); + axff->Update(ses->ses_ictx, key, klen); + axff->Update(ses->ses_ictx, hmac_ipad_buffer, axf->blocksize - klen); for (i = 0; i < klen; i++) key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - axf->Init(ses->ses_octx); - axf->Update(ses->ses_octx, key, klen); - axf->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen); + axff->Init(ses->ses_octx); + axff->Update(ses->ses_octx, key, klen); + axff->Update(ses->ses_octx, hmac_opad_buffer, axf->blocksize - klen); for (i = 0; i < klen; i++) key[i] ^= HMAC_OPAD_VAL; @@ -287,7 +295,7 @@ union authctx ctx; int error; - axf = ses->ses_axf; + axfc = ses->ses_axfc; padlock_copy_ctx(axf, ses->ses_ictx, &ctx); error = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len, ==== //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#4 (text+ko) ==== @@ -271,9 +271,9 @@ struct mtx lock; /* for op submission */ u_int32_t cipher; - struct enc_xform *txform; + const struct enc_xform *txform; u_int32_t mac; - struct auth_hash *thash; + const struct auth_hash *thash; caddr_t key; int keylen; @@ -322,8 +322,8 @@ static int csedelete(struct fcrypt *, struct csession *); static struct csession *cseadd(struct fcrypt *, struct csession *); static struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, - u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, - struct auth_hash *); + u_int64_t, caddr_t, u_int64_t, u_int32_t, u_int32_t, + const struct enc_xform *, const struct auth_hash *); static int csefree(struct csession *); static int cryptodev_op(struct csession *, struct crypt_op *, @@ -391,8 +391,8 @@ struct session_op *sop; struct crypt_op *cop; struct crypt_aead *caead; - struct enc_xform *txform = NULL; - struct auth_hash *thash = NULL; + const struct enc_xform *txform = NULL; + const struct auth_hash *thash = NULL; struct crypt_kop *kop; u_int64_t sid; u_int32_t ses; @@ -418,96 +418,25 @@ } else #endif sop = (struct session_op *)data; - switch (sop->cipher) { - case 0: - break; - case CRYPTO_DES_CBC: - txform = &enc_xform_des; - break; - case CRYPTO_3DES_CBC: - txform = &enc_xform_3des; - break; - case CRYPTO_BLF_CBC: - txform = &enc_xform_blf; - break; - case CRYPTO_CAST_CBC: - txform = &enc_xform_cast5; - break; - case CRYPTO_SKIPJACK_CBC: - txform = &enc_xform_skipjack; - break; - case CRYPTO_AES_CBC: - txform = &enc_xform_rijndael128; - break; - case CRYPTO_AES_XTS: - txform = &enc_xform_aes_xts; - break; - case CRYPTO_NULL_CBC: - txform = &enc_xform_null; - break; - case CRYPTO_ARC4: - txform = &enc_xform_arc4; - break; - case CRYPTO_CAMELLIA_CBC: - txform = &enc_xform_camellia; - break; - case CRYPTO_AES_ICM: - txform = &enc_xform_aes_icm; - break; - case CRYPTO_AES_NIST_GCM_16: - txform = &enc_xform_aes_nist_gcm; - break; - - default: - CRYPTDEB("invalid cipher"); - return (EINVAL); + if (sop->cipher != 0) { + if (CRYPTO_ALGO_VALID(sop->cipher) && + oc_enc_xform_array[sop->cipher].type == + sop->cipher) { + txform = &oc_enc_xform_array[sop->cipher]; + } else { + CRYPTDEB("invalid cipher"); + return (EINVAL); + } } - switch (sop->mac) { - case 0: - break; - case CRYPTO_MD5_HMAC: - thash = &auth_hash_hmac_md5; - break; - case CRYPTO_SHA1_HMAC: - thash = &auth_hash_hmac_sha1; - break; - case CRYPTO_SHA2_256_HMAC: - thash = &auth_hash_hmac_sha2_256; - break; - case CRYPTO_SHA2_384_HMAC: - thash = &auth_hash_hmac_sha2_384; - break; - case CRYPTO_SHA2_512_HMAC: - thash = &auth_hash_hmac_sha2_512; - break; - case CRYPTO_RIPEMD160_HMAC: - thash = &auth_hash_hmac_ripemd_160; - break; - case CRYPTO_AES_128_NIST_GMAC: - thash = &auth_hash_nist_gmac_aes_128; - break; - case CRYPTO_AES_192_NIST_GMAC: - thash = &auth_hash_nist_gmac_aes_192; - break; - case CRYPTO_AES_256_NIST_GMAC: - thash = &auth_hash_nist_gmac_aes_256; - break; - -#ifdef notdef - case CRYPTO_MD5: - thash = &auth_hash_md5; - break; - case CRYPTO_SHA1: - thash = &auth_hash_sha1; - break; -#endif - case CRYPTO_NULL_HMAC: - thash = &auth_hash_null; - break; - default: - CRYPTDEB("invalid mac"); - return (EINVAL); + if (sop->mac != 0) { + if (CRYPTO_ALGO_VALID(sop->cipher) && + oc_auth_hash_array[sop->cipher].type == sop->mac) { + thash = &oc_auth_hash_array[sop->cipher]; + } else { + CRYPTDEB("invalid hash"); + return (EINVAL); + } } bzero(&crie, sizeof(crie)); @@ -1266,7 +1195,7 @@ struct csession * csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, - struct enc_xform *txform, struct auth_hash *thash) + const struct enc_xform *txform, const struct auth_hash *thash) { struct csession *cse; ==== //depot/projects/opencrypto/sys/opencrypto/cryptodev.h#4 (text+ko) ==== @@ -140,6 +140,9 @@ #define CRYPTO_AES_256_NIST_GMAC 28 /* auth side */ #define CRYPTO_ALGORITHM_MAX 28 /* Keep updated - see below */ +#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \ + (x) <= CRYPTO_ALGORITHM_MAX) + /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ #define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ ==== //depot/projects/opencrypto/sys/opencrypto/cryptosoft.c#4 (text+ko) ==== @@ -84,10 +84,12 @@ { unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; unsigned char *ivp, piv[EALG_MAX_BLOCK_LEN]; - struct enc_xform *exf; + const struct enc_xform *exf; + const struct enc_xform_funcs *exff; int i, k, j, blks; exf = sw->sw_exf; + exff = &oc_enc_xform_funcs[exf->type]; blks = exf->blocksize; /* Check for non-padded data */ @@ -120,8 +122,8 @@ int error; if (sw->sw_kschedule) - exf->zerokey(&(sw->sw_kschedule)); - error = exf->setkey(&sw->sw_kschedule, + exff->zerokey(&(sw->sw_kschedule)); + error = exff->setkey(&sw->sw_kschedule, crd->crd_key, crd->crd_klen / 8); if (error) return (error); @@ -133,8 +135,8 @@ * xforms that provide a reinit method perform all IV * handling themselves. */ - if (exf->reinit) - exf->reinit(sw->sw_kschedule, iv); + if (exff->reinit != NULL) + exff->reinit(sw->sw_kschedule, iv); if (flags & CRYPTO_F_IMBUF) { struct mbuf *m = (struct mbuf *) buf; @@ -155,12 +157,12 @@ m_copydata(m, k, blks, blk); /* Actual encryption/decryption */ - if (exf->reinit) { + if (exff->reinit != NULL) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(sw->sw_kschedule, + exff->encrypt(sw->sw_kschedule, blk); } else { - exf->decrypt(sw->sw_kschedule, + exff->decrypt(sw->sw_kschedule, blk); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -168,7 +170,7 @@ for (j = 0; j < blks; j++) blk[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, blk); + exff->encrypt(sw->sw_kschedule, blk); /* * Keep encrypted block for XOR'ing @@ -186,7 +188,7 @@ else bcopy(blk, iv, blks); - exf->decrypt(sw->sw_kschedule, blk); + exff->decrypt(sw->sw_kschedule, blk); /* XOR with previous block */ for (j = 0; j < blks; j++) @@ -233,12 +235,12 @@ idat = mtod(m, unsigned char *) + k; while (m->m_len >= k + blks && i > 0) { - if (exf->reinit) { + if (exff->reinit != NULL) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(sw->sw_kschedule, + exff->encrypt(sw->sw_kschedule, idat); } else { - exf->decrypt(sw->sw_kschedule, + exff->decrypt(sw->sw_kschedule, idat); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -246,7 +248,7 @@ for (j = 0; j < blks; j++) idat[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, idat); + exff->encrypt(sw->sw_kschedule, idat); ivp = idat; } else { /* decrypt */ /* @@ -258,7 +260,7 @@ else bcopy(idat, iv, blks); - exf->decrypt(sw->sw_kschedule, idat); + exff->decrypt(sw->sw_kschedule, idat); /* XOR with previous block/IV */ for (j = 0; j < blks; j++) @@ -297,12 +299,12 @@ cuio_copydata(uio, k, blks, blk); /* Actual encryption/decryption */ - if (exf->reinit) { + if (exff->reinit != NULL) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(sw->sw_kschedule, + exff->encrypt(sw->sw_kschedule, blk); } else { - exf->decrypt(sw->sw_kschedule, + exff->decrypt(sw->sw_kschedule, blk); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -310,7 +312,7 @@ for (j = 0; j < blks; j++) blk[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, blk); + exff->encrypt(sw->sw_kschedule, blk); /* * Keep encrypted block for XOR'ing @@ -328,7 +330,7 @@ else bcopy(blk, iv, blks); - exf->decrypt(sw->sw_kschedule, blk); + exff->decrypt(sw->sw_kschedule, blk); /* XOR with previous block */ for (j = 0; j < blks; j++) @@ -363,12 +365,12 @@ idat = (char *)iov->iov_base + k; while (iov->iov_len >= k + blks && i > 0) { - if (exf->reinit) { + if (exff->reinit != NULL) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(sw->sw_kschedule, + exff->encrypt(sw->sw_kschedule, idat); } else { - exf->decrypt(sw->sw_kschedule, + exff->decrypt(sw->sw_kschedule, idat); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -376,7 +378,7 @@ for (j = 0; j < blks; j++) idat[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, idat); + exff->encrypt(sw->sw_kschedule, idat); ivp = idat; } else { /* decrypt */ /* @@ -388,7 +390,7 @@ else bcopy(idat, iv, blks); - exf->decrypt(sw->sw_kschedule, idat); + exff->decrypt(sw->sw_kschedule, idat); /* XOR with previous block/IV */ for (j = 0; j < blks; j++) @@ -412,13 +414,13 @@ return 0; /* Done with iovec encryption/decryption */ } else { /* contiguous buffer */ - if (exf->reinit) { + if (exff->reinit != NULL) { for (i = crd->crd_skip; i < crd->crd_skip + crd->crd_len; i += blks) { if (crd->crd_flags & CRD_F_ENCRYPT) - exf->encrypt(sw->sw_kschedule, buf + i); + exff->encrypt(sw->sw_kschedule, buf + i); else - exf->decrypt(sw->sw_kschedule, buf + i); + exff->decrypt(sw->sw_kschedule, buf + i); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { for (i = crd->crd_skip; @@ -430,7 +432,7 @@ else for (k = 0; k < blks; k++) buf[i + k] ^= buf[i + k - blks]; - exf->encrypt(sw->sw_kschedule, buf + i); + exff->encrypt(sw->sw_kschedule, buf + i); } } else { /* Decrypt */ /* @@ -439,7 +441,7 @@ */ for (i = crd->crd_skip + crd->crd_len - blks; i >= crd->crd_skip; i -= blks) { - exf->decrypt(sw->sw_kschedule, buf + i); + exff->decrypt(sw->sw_kschedule, buf + i); /* XOR with the IV/previous block, as appropriate */ if (i == crd->crd_skip) @@ -459,11 +461,13 @@ } static void -swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key, +swcr_authprepare(const struct auth_hash *axf, struct swcr_data *sw, u_char *key, int klen) { + const struct auth_hash_funcs *axff; int k; + axff = &oc_auth_hash_funcs[axf->type]; klen /= 8; switch (axf->type) { @@ -477,16 +481,16 @@ for (k = 0; k < klen; k++) key[k] ^= HMAC_IPAD_VAL; - axf->Init(sw->sw_ictx); - axf->Update(sw->sw_ictx, key, klen); - axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); + axff->Init(sw->sw_ictx); + axff->Update(sw->sw_ictx, key, klen); + axff->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); for (k = 0; k < klen; k++) key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - axf->Init(sw->sw_octx); - axf->Update(sw->sw_octx, key, klen); - axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); + axff->Init(sw->sw_octx); + axff->Update(sw->sw_octx, key, klen); + axff->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); for (k = 0; k < klen; k++) key[k] ^= HMAC_OPAD_VAL; @@ -508,9 +512,9 @@ sw->sw_klen = klen; bcopy(key, sw->sw_octx, klen); - axf->Init(sw->sw_ictx); - axf->Update(sw->sw_ictx, key, klen); - axf->Final(buf, sw->sw_ictx); + axff->Init(sw->sw_ictx); + axff->Update(sw->sw_ictx, key, klen); + axff->Final(buf, sw->sw_ictx); break; } default: @@ -527,7 +531,8 @@ int flags) { unsigned char aalg[HASH_MAX_LEN]; - struct auth_hash *axf; + const struct auth_hash *axf; + const struct auth_hash_funcs *axff; union authctx ctx; int err; @@ -535,6 +540,7 @@ return EINVAL; axf = sw->sw_axf; + axff = &oc_auth_hash_funcs[axf->type]; if (crd->crd_flags & CRD_F_KEY_EXPLICIT) swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen); @@ -542,7 +548,7 @@ bcopy(sw->sw_ictx, &ctx, axf->ctxsize); err = crypto_apply(flags, buf, crd->crd_skip, crd->crd_len, - (int (*)(void *, void *, unsigned int))axf->Update, (caddr_t)&ctx); + (int (*)(void *, void *, unsigned int))axff->Update, (caddr_t)&ctx); if (err) return err; @@ -556,10 +562,10 @@ if (sw->sw_octx == NULL) return EINVAL; - axf->Final(aalg, &ctx); + axff->Final(aalg, &ctx); bcopy(sw->sw_octx, &ctx, axf->ctxsize); - axf->Update(&ctx, aalg, axf->hashsize); - axf->Final(aalg, &ctx); + axff->Update(&ctx, aalg, axf->hashsize); + axff->Final(aalg, &ctx); break; case CRYPTO_MD5_KPDK: @@ -575,12 +581,12 @@ * and let Final() do the proper, natural "algofill" * padding. */ - axf->Update(&ctx, sw->sw_octx, sw->sw_klen); - axf->Final(aalg, &ctx); + axff->Update(&ctx, sw->sw_octx, sw->sw_klen); + axff->Final(aalg, &ctx); break; case CRYPTO_NULL_HMAC: - axf->Final(aalg, &ctx); + axff->Final(aalg, &ctx); break; } @@ -604,8 +610,10 @@ union authctx ctx; struct cryptodesc *crd, *crda = NULL, *crde = NULL; struct swcr_data *sw, *swa, *swe = NULL; - struct auth_hash *axf = NULL; - struct enc_xform *exf = NULL; + const struct auth_hash *axf = NULL; + const struct auth_hash_funcs *axff = NULL; + const struct enc_xform *exf = NULL; + struct enc_xform_funcs *exff = NULL; caddr_t buf = (caddr_t)crp->crp_buf; uint32_t *blkp; int aadlen, blksz, i, ivlen, len, iskip, oskip, r; @@ -670,9 +678,11 @@ } } + axff = &oc_auth_hash_funcs[axf->type]; + /* Supply MAC with IV */ - if (axf->Reinit) - axf->Reinit(&ctx, iv, ivlen); + if (axff->Reinit != NULL) + axff->Reinit(&ctx, iv, ivlen); /* Supply MAC with AAD */ aadlen = crda->crd_len; @@ -682,12 +692,12 @@ crypto_copydata(crp->crp_flags, buf, crda->crd_skip + i, len, blk + oskip); bzero(blk + len + oskip, blksz - len - oskip); - axf->Update(&ctx, blk, blksz); + axff->Update(&ctx, blk, blksz); oskip = 0; /* reset initial output offset */ } - if (exf->reinit) - exf->reinit(swe->sw_kschedule, iv); + if (exff->reinit != NULL) + exff->reinit(swe->sw_kschedule, iv); /* Do encryption/decryption with MAC */ for (i = 0; i < crde->crd_len; i += blksz) { @@ -697,12 +707,12 @@ crypto_copydata(crp->crp_flags, buf, crde->crd_skip + i, len, blk); if (crde->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(swe->sw_kschedule, blk); - axf->Update(&ctx, blk, len); + exff->encrypt(swe->sw_kschedule, blk); + axff->Update(&ctx, blk, len); crypto_copyback(crp->crp_flags, buf, crde->crd_skip + i, len, blk); } else { - axf->Update(&ctx, blk, len); + axff->Update(&ctx, blk, len); } } @@ -717,12 +727,12 @@ *blkp = htobe32(aadlen * 8); blkp = (uint32_t *)blk + 3; *blkp = htobe32(crde->crd_len * 8); - axf->Update(&ctx, blk, blksz); + axff->Update(&ctx, blk, blksz); break; } /* Finalize MAC */ - axf->Final(aalg, &ctx); + axff->Final(aalg, &ctx); /* Validate tag */ crypto_copydata(crp->crp_flags, buf, crda->crd_inject, axf->hashsize, @@ -740,7 +750,7 @@ crypto_copydata(crp->crp_flags, buf, crde->crd_skip + i, len, blk); if (!(crde->crd_flags & CRD_F_ENCRYPT)) { - exf->decrypt(swe->sw_kschedule, blk); + exff->decrypt(swe->sw_kschedule, blk); } crypto_copyback(crp->crp_flags, buf, crde->crd_skip + i, len, blk); @@ -762,11 +772,13 @@ caddr_t buf, int flags) { u_int8_t *data, *out; - struct comp_algo *cxf; + const struct comp_algo *cxf; + const struct comp_algo_funcs *cxff; int adj; u_int32_t result; cxf = sw->sw_cxf; + cxff = &oc_comp_algo_funcs[cxf->type]; /* We must handle the whole buffer of data in one time * then if there is not all the data in the mbuf, we must @@ -779,9 +791,9 @@ crypto_copydata(flags, buf, crd->crd_skip, crd->crd_len, data); if (crd->crd_flags & CRD_F_COMP) - result = cxf->compress(data, crd->crd_len, &out); + result = cxff->compress(data, crd->crd_len, &out); else - result = cxf->decompress(data, crd->crd_len, &out); + result = cxff->decompress(data, crd->crd_len, &out); free(data, M_CRYPTO_DATA); if (result == 0) @@ -837,9 +849,11 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) { struct swcr_data **swd; - struct auth_hash *axf; - struct enc_xform *txf; - struct comp_algo *cxf; + const struct auth_hash *axf; + const struct auth_hash_funcs *axff; + const struct enc_xform *txf; + const struct enc_xform_funcs *txff; + const struct comp_algo *cxf; u_int32_t i; int error; @@ -897,46 +911,25 @@ } switch (cri->cri_alg) { + case CRYPTO_AES_NIST_GMAC: + txf = &oc_enc_xform_array[cri->cri_alg]; + (*swd)->sw_exf = txf; + break; case CRYPTO_DES_CBC: - txf = &enc_xform_des; - goto enccommon; case CRYPTO_3DES_CBC: - txf = &enc_xform_3des; - goto enccommon; case CRYPTO_BLF_CBC: - txf = &enc_xform_blf; - goto enccommon; case CRYPTO_CAST_CBC: - txf = &enc_xform_cast5; - goto enccommon; case CRYPTO_SKIPJACK_CBC: - txf = &enc_xform_skipjack; - goto enccommon; case CRYPTO_RIJNDAEL128_CBC: - txf = &enc_xform_rijndael128; - goto enccommon; case CRYPTO_AES_XTS: - txf = &enc_xform_aes_xts; - goto enccommon; case CRYPTO_AES_ICM: - txf = &enc_xform_aes_icm; - goto enccommon; case CRYPTO_AES_NIST_GCM_16: - txf = &enc_xform_aes_nist_gcm; - goto enccommon; - case CRYPTO_AES_NIST_GMAC: - txf = &enc_xform_aes_nist_gmac; - (*swd)->sw_exf = txf; - break; case CRYPTO_CAMELLIA_CBC: - txf = &enc_xform_camellia; - goto enccommon; case CRYPTO_NULL_CBC: - txf = &enc_xform_null; - goto enccommon; - enccommon: + txf = &oc_enc_xform_array[cri->cri_alg]; + txff = &oc_enc_xform_funcs[txf->type]; if (cri->cri_key != NULL) { - error = txf->setkey(&((*swd)->sw_kschedule), + error = txff->setkey(&((*swd)->sw_kschedule), cri->cri_key, cri->cri_klen / 8); if (error) { swcr_freesession_locked(dev, i); @@ -948,26 +941,13 @@ break; case CRYPTO_MD5_HMAC: - axf = &auth_hash_hmac_md5; - goto authcommon; case CRYPTO_SHA1_HMAC: - axf = &auth_hash_hmac_sha1; - goto authcommon; case CRYPTO_SHA2_256_HMAC: - axf = &auth_hash_hmac_sha2_256; - goto authcommon; case CRYPTO_SHA2_384_HMAC: - axf = &auth_hash_hmac_sha2_384; - goto authcommon; case CRYPTO_SHA2_512_HMAC: - axf = &auth_hash_hmac_sha2_512; - goto authcommon; case CRYPTO_NULL_HMAC: - axf = &auth_hash_null; - goto authcommon; case CRYPTO_RIPEMD160_HMAC: - axf = &auth_hash_hmac_ripemd_160; - authcommon: + axf = &oc_auth_hash_array[cri->cri_alg]; (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -994,12 +974,8 @@ break; case CRYPTO_MD5_KPDK: - axf = &auth_hash_key_md5; - goto auth2common; - case CRYPTO_SHA1_KPDK: - axf = &auth_hash_key_sha1; - auth2common: + axf = &oc_auth_hash_array[cri->cri_alg]; (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -1027,12 +1003,9 @@ break; #ifdef notdef case CRYPTO_MD5: - axf = &auth_hash_md5; - goto auth3common; - case CRYPTO_SHA1: - axf = &auth_hash_sha1; auth3common: + axf = &oc_auth_hash_array[cri->cri_alg]; (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -1048,16 +1021,10 @@ #endif case CRYPTO_AES_128_NIST_GMAC: - axf = &auth_hash_nist_gmac_aes_128; - goto auth4common; - case CRYPTO_AES_192_NIST_GMAC: - axf = &auth_hash_nist_gmac_aes_192; - goto auth4common; - case CRYPTO_AES_256_NIST_GMAC: - axf = &auth_hash_nist_gmac_aes_256; - auth4common: + axf = &oc_auth_hash_array[cri->cri_alg]; + axff = &oc_auth_hash_funcs[axf->type]; (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_ictx == NULL) { @@ -1065,14 +1032,14 @@ rw_runlock(&swcr_sessions_lock); return ENOBUFS; } - axf->Init((*swd)->sw_ictx); - axf->Setkey((*swd)->sw_ictx, cri->cri_key, + axff->Init((*swd)->sw_ictx); + axff->Setkey((*swd)->sw_ictx, cri->cri_key, cri->cri_klen / 8); (*swd)->sw_axf = axf; break; case CRYPTO_DEFLATE_COMP: - cxf = &comp_algo_deflate; + cxf = &oc_comp_algo_array[cri->cri_alg]; (*swd)->sw_cxf = cxf; break; default: @@ -1107,9 +1074,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid) { struct swcr_data *swd; - struct enc_xform *txf; - struct auth_hash *axf; - struct comp_algo *cxf; + const struct enc_xform *txf; + const struct enc_xform_funcs *txff; + const struct auth_hash *axf; + const struct comp_algo *cxf; u_int32_t sid = CRYPTO_SESID2LID(tid); if (sid > swcr_sesnum || swcr_sessions == NULL || @@ -1137,9 +1105,10 @@ case CRYPTO_CAMELLIA_CBC: case CRYPTO_NULL_CBC: txf = swd->sw_exf; + txff = &oc_enc_xform_funcs[txf->type]; if (swd->sw_kschedule) - txf->zerokey(&(swd->sw_kschedule)); + txff->zerokey(&(swd->sw_kschedule)); break; case CRYPTO_MD5_HMAC: ==== //depot/projects/opencrypto/sys/opencrypto/cryptosoft.h#2 (text+ko) ==== @@ -34,15 +34,15 @@ u_int8_t *SW_octx; u_int16_t SW_klen; u_int16_t SW_mlen; - struct auth_hash *SW_axf; + const struct auth_hash *SW_axf; } SWCR_AUTH; struct { u_int8_t *SW_kschedule; - struct enc_xform *SW_exf; + const struct enc_xform *SW_exf; } SWCR_ENC; struct { u_int32_t SW_size; - struct comp_algo *SW_cxf; + const struct comp_algo *SW_cxf; } SWCR_COMP; } SWCR_UN; ==== //depot/projects/opencrypto/sys/opencrypto/xform.c#5 (text+ko) ==== @@ -150,234 +150,264 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers"); /* Encryption instances */ -struct enc_xform enc_xform_null = { - CRYPTO_NULL_CBC, "NULL", - /* NB: blocksize of 4 is to generate a properly aligned ESP header */ - NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ - null_encrypt, - null_decrypt, - null_setkey, - null_zerokey, - NULL, +const struct enc_xform oc_enc_xform_array[CRYPTO_ALGORITHM_MAX + 1] = { + [CRYPTO_NULL_CBC] = { + CRYPTO_NULL_CBC, "NULL", + /* NB: blocksize of 4 is to generate a properly aligned ESP header */ + NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */ + }, + [CRYPTO_DES_CBC] = { + CRYPTO_DES_CBC, "DES", + DES_BLOCK_LEN, 8, 8, + }, + [CRYPTO_3DES_CBC] = { + CRYPTO_3DES_CBC, "3DES", + DES3_BLOCK_LEN, 24, 24, + }, + [CRYPTO_BLF_CBC] = { + CRYPTO_BLF_CBC, "Blowfish", + BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */, + }, + [CRYPTO_CAST_CBC] = { + CRYPTO_CAST_CBC, "CAST-128", + CAST128_BLOCK_LEN, 5, 16, + }, + [CRYPTO_SKIPJACK_CBC] = { + CRYPTO_SKIPJACK_CBC, "Skipjack", + SKIPJACK_BLOCK_LEN, 10, 10, + }, + [CRYPTO_RIJNDAEL128_CBC] = { + CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", + RIJNDAEL128_BLOCK_LEN, 16, 32, + }, + [CRYPTO_AES_ICM] = { + CRYPTO_AES_ICM, "AES-ICM", + RIJNDAEL128_BLOCK_LEN, 16, 32, + }, + [CRYPTO_AES_NIST_GCM_16] = { + CRYPTO_AES_NIST_GCM_16, "AES-GCM", + 1, 16, 32, + }, + [CRYPTO_AES_NIST_GMAC] = { + CRYPTO_AES_NIST_GMAC, "AES-GMAC", + 1, 16, 32, + }, + [CRYPTO_AES_XTS] = { + CRYPTO_AES_XTS, "AES-XTS", + RIJNDAEL128_BLOCK_LEN, 32, 64, + }, + [CRYPTO_ARC4] = { + CRYPTO_ARC4, "ARC4", + 1, 1, 32, + }, + [CRYPTO_CAMELLIA_CBC] = { + CRYPTO_CAMELLIA_CBC, "Camellia", + CAMELLIA_BLOCK_LEN, 8, 32, >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409080448.s884mN1e019752>