Date: Sat, 8 Feb 2003 11:23:27 -0800 (PST) From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 24832 for review Message-ID: <200302081923.h18JNRga040796@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=24832 Change 24832 by sam@sam_ebb on 2003/02/08 11:23:10 hook crypto drivers to FIPS 140-2 RNG data validater Affected files ... .. //depot/projects/crypto/dev/hifn/hifn7751.c#2 edit .. //depot/projects/crypto/dev/hifn/hifn7751var.h#2 edit .. //depot/projects/crypto/dev/ubsec/ubsec.c#2 edit .. //depot/projects/crypto/dev/ubsec/ubsecvar.h#2 edit Differences ... ==== //depot/projects/crypto/dev/hifn/hifn7751.c#2 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.9 2003/02/02 13:29:59 alfred Exp $ */ +/* $FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.8 2003/01/21 08:55:32 alfred Exp $ */ /* $OpenBSD: hifn7751.c,v 1.120 2002/05/17 00:33:34 deraadt Exp $ */ /* @@ -42,6 +42,7 @@ */ #define HIFN_DEBUG +#define HIFN_RNDTEST /* * Driver for the Hifn 7751 encryption processor. @@ -72,6 +73,10 @@ #include <pci/pcivar.h> #include <pci/pcireg.h> + +#ifdef HIFN_RNDTEST +#include <dev/rndtest/rndtest.h> +#endif #include <dev/hifn/hifn7751reg.h> #include <dev/hifn/hifn7751var.h> @@ -109,6 +114,9 @@ DRIVER_MODULE(hifn, pci, hifn_driver, hifn_devclass, 0, 0); MODULE_DEPEND(hifn, crypto, 1, 1, 1); +#ifdef HIFN_RNDTEST +MODULE_DEPEND(hifn, rndtest, 1, 1, 1); +#endif static void hifn_reset_board(struct hifn_softc *, int); static void hifn_reset_puc(struct hifn_softc *); @@ -230,6 +238,12 @@ return "Unknown-vendor unknown-part"; } +static void +default_harvest(struct rndtest_state *rsp, void *buf, u_int count) +{ + random_harvest(buf, count, count*NBBY, 0, RANDOM_PURE); +} + /* * Attach an interface that successfully probed. */ @@ -621,6 +635,16 @@ u_int32_t r; int i; +#ifdef HIFN_RNDTEST + sc->sc_rndtest = rndtest_attach(sc->sc_dev); + if (sc->sc_rndtest) + sc->sc_harvest = rndtest_harvest; + else + sc->sc_harvest = default_harvest; +#else + sc->sc_harvest = default_harvest; +#endif + if ((sc->sc_flags & HIFN_IS_7811) == 0) { /* Reset 7951 public key/rng engine */ WRITE_REG_1(sc, HIFN_1_PUB_RESET, @@ -705,7 +729,8 @@ if (sc->sc_rngfirst) sc->sc_rngfirst = 0; else - random_harvest(num, RANDOM_BITS(2), RANDOM_PURE); + (*sc->sc_harvest)(sc->sc_rndtest, + num, sizeof (num)); } } else { num[0] = READ_REG_1(sc, HIFN_1_RNG_DATA); @@ -714,7 +739,8 @@ if (sc->sc_rngfirst) sc->sc_rngfirst = 0; else - random_harvest(num, RANDOM_BITS(1), RANDOM_PURE); + (*sc->sc_harvest)(sc->sc_rndtest, + num, sizeof (num[0])); } callout_reset(&sc->sc_rngto, sc->sc_rnghz, hifn_rng, sc); @@ -1362,6 +1388,7 @@ static u_int hifn_write_command(struct hifn_command *cmd, u_int8_t *buf) { +#define MIN(a,b) ((a)<(b)?(a):(b)) u_int8_t *buf_pos; hifn_base_command_t *base_cmd; hifn_mac_command_t *mac_cmd; @@ -1455,6 +1482,7 @@ } return (buf_pos - buf); +#undef MIN } static int ==== //depot/projects/crypto/dev/hifn/hifn7751var.h#2 (text+ko) ==== @@ -133,6 +133,8 @@ #define HS_STATE_USED 1 /* allocated, but key not on card */ #define HS_STATE_KEY 2 /* allocated and key is on card */ +struct rndstate_test; + /* * Holds data specific to a single HIFN board. */ @@ -180,6 +182,9 @@ int sc_curbatch; /* # ops submitted w/o int */ int sc_suspended; struct hifn_session sc_sessions[2048]; + struct rndtest_state *sc_rndtest; /* RNG test state */ + void (*sc_harvest)(struct rndtest_state *, + void *, u_int); }; #define HIFN_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) ==== //depot/projects/crypto/dev/ubsec/ubsec.c#2 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/dev/ubsec/ubsec.c,v 1.14 2003/02/07 23:02:02 sam Exp $ */ +/* $FreeBSD: src/sys/dev/ubsec/ubsec.c,v 1.13 2003/01/21 08:55:43 alfred Exp $ */ /* $OpenBSD: ubsec.c,v 1.115 2002/09/24 18:33:26 jason Exp $ */ /* @@ -41,6 +41,7 @@ */ #define UBSEC_DEBUG +#define UBSEC_RNDTEST /* * uBsec 5[56]01, 58xx hardware crypto accelerator @@ -89,6 +90,9 @@ #define letoh16(x) le16toh(x) #define letoh32(x) le32toh(x) +#ifdef UBSEC_RNDTEST +#include <dev/rndtest/rndtest.h> +#endif #include <dev/ubsec/ubsecreg.h> #include <dev/ubsec/ubsecvar.h> @@ -126,6 +130,9 @@ DRIVER_MODULE(ubsec, pci, ubsec_driver, ubsec_devclass, 0, 0); MODULE_DEPEND(ubsec, crypto, 1, 1, 1); +#ifdef UBSEC_RNDTEST +MODULE_DEPEND(ubsec, rndtest, 1, 1, 1); +#endif static void ubsec_intr(void *); static int ubsec_newsession(void *, u_int32_t *, struct cryptoini *); @@ -246,6 +253,12 @@ return "Unknown-vendor unknown-part"; } +static void +default_harvest(struct rndtest_state *rsp, void *buf, u_int count) +{ + random_harvest(buf, count, count*NBBY, 0, RANDOM_PURE); +} + static int ubsec_attach(device_t dev) { @@ -419,6 +432,15 @@ #ifndef UBSEC_NO_RNG if (sc->sc_flags & UBS_FLAGS_RNG) { sc->sc_statmask |= BS_STAT_MCR2_DONE; +#ifdef UBSEC_RNDTEST + sc->sc_rndtest = rndtest_attach(dev); + if (sc->sc_rndtest) + sc->sc_harvest = rndtest_harvest; + else + sc->sc_harvest = default_harvest; +#else + sc->sc_harvest = default_harvest; +#endif if (ubsec_dma_malloc(sc, sizeof(struct ubsec_mcr), &sc->sc_rng.rng_q.q_mcr, 0)) @@ -491,6 +513,11 @@ crypto_unregister_all(sc->sc_cid); +#ifdef UBSEC_RNDTEST + if (sc->sc_rndtest) + rndtest_detach(sc->sc_rndtest); +#endif + while (!SIMPLEQ_EMPTY(&sc->sc_freequeue)) { struct ubsec_q *q; @@ -1669,14 +1696,14 @@ switch (q->q_type) { #ifndef UBSEC_NO_RNG + case UBS_CTXOP_RNGSHA1: case UBS_CTXOP_RNGBYPASS: { struct ubsec_q2_rng *rng = (struct ubsec_q2_rng *)q; ubsec_dma_sync(&rng->rng_buf, BUS_DMASYNC_POSTREAD); - random_harvest(rng->rng_buf.dma_vaddr, - UBSEC_RNG_BUFSIZ*sizeof (u_int32_t), - UBSEC_RNG_BUFSIZ*sizeof (u_int32_t)*NBBY, 0, - RANDOM_PURE); + (*sc->sc_harvest)(sc->sc_rndtest, + rng->rng_buf.dma_vaddr, + UBSEC_RNG_BUFSIZ*sizeof (u_int32_t)); rng->rng_used = 0; callout_reset(&sc->sc_rngto, sc->sc_rnghz, ubsec_rng, sc); break; @@ -1786,8 +1813,13 @@ mcr->mcr_opktbuf.pb_next = 0; ctx->rbp_len = htole16(sizeof(struct ubsec_ctx_rngbypass)); +#ifdef notdef + ctx->rbp_op = htole16(UBS_CTXOP_RNGSHA1); + rng->rng_q.q_type = UBS_CTXOP_RNGSHA1; +#else ctx->rbp_op = htole16(UBS_CTXOP_RNGBYPASS); rng->rng_q.q_type = UBS_CTXOP_RNGBYPASS; +#endif ubsec_dma_sync(&rng->rng_buf, BUS_DMASYNC_PREREAD); ==== //depot/projects/crypto/dev/ubsec/ubsecvar.h#2 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/dev/ubsec/ubsecvar.h,v 1.5 2003/02/07 21:44:52 sam Exp $ */ +/* $FreeBSD: src/sys/dev/ubsec/ubsecvar.h,v 1.4 2003/01/06 21:23:06 sam Exp $ */ /* $OpenBSD: ubsecvar.h,v 1.35 2002/09/24 18:33:26 jason Exp $ */ /* @@ -53,8 +53,6 @@ #define UBS_DEF_TOUT 0xff /* PCI TRDY Timeout */ #define UBS_DEF_CACHELINE 0x01 /* Cache Line setting */ -#ifdef _KERNEL - struct ubsec_dma_alloc { u_int32_t dma_paddr; caddr_t dma_vaddr; @@ -174,6 +172,8 @@ #define q_dst_segs q_dst.segs #define q_dst_mapsize q_dst.mapsize +struct rndstate_test; + struct ubsec_softc { device_t sc_dev; /* device backpointer */ struct mtx sc_mtx; /* per-driver lock */ @@ -204,6 +204,9 @@ struct ubsec_dma sc_dmaa[UBS_MAX_NQUEUE]; struct ubsec_q *sc_queuea[UBS_MAX_NQUEUE]; SIMPLEQ_HEAD(,ubsec_q2) sc_q2free; /* free list */ + struct rndtest_state *sc_rndtest; /* RNG test state */ + void (*sc_harvest)(struct rndtest_state *, + void *, u_int); }; #define UBSEC_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) @@ -218,7 +221,6 @@ u_int32_t ses_hmouter[5]; /* hmac outer state */ u_int32_t ses_iv[2]; /* [3]DES iv */ }; -#endif /* _KERNEL */ struct ubsec_stats { u_int64_t hst_ibytes; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302081923.h18JNRga040796>