From acd33505541dd7324d6f30f13d952f0c477f30a9 Mon Sep 17 00:00:00 2001 From: anjiahao Date: Sat, 22 Oct 2022 15:50:43 +0800 Subject: [PATCH] crypto:Sync version differences 1.fix type warning for compile 2.hamc key can less than specified length 3.add new version algorithms to cryptodev sha256hmac sha384hmac sha512hmac aes128gmac Signed-off-by: anjiahao --- crypto/aes.c | 3 +- crypto/cast.c | 2 +- crypto/chachapoly.c | 27 +++--- crypto/cryptodev.c | 44 ++++----- crypto/cryptosoft.c | 173 +++++++++++------------------------- crypto/des_locl.h | 2 +- crypto/ecb3_enc.c | 4 +- crypto/ecb_enc.c | 2 +- crypto/key_wrap.c | 4 +- crypto/poly1305.c | 2 +- crypto/xform.c | 6 +- include/crypto/cryptodev.h | 53 +++++------ include/crypto/cryptosoft.h | 6 +- 13 files changed, 128 insertions(+), 200 deletions(-) diff --git a/crypto/aes.c b/crypto/aes.c index f885e145cb..adc03449a5 100644 --- a/crypto/aes.c +++ b/crypto/aes.c @@ -28,8 +28,7 @@ #include #include #include - -#include "aes.h" +#include static inline void enc32le(void *dst, uint32_t x) diff --git a/crypto/cast.c b/crypto/cast.c index 378d157662..cf3e908ac4 100644 --- a/crypto/cast.c +++ b/crypto/cast.c @@ -10,7 +10,7 @@ #include #include #include -#include +#include "castsb.h" /* Macros to access 8-bit bytes out of a 32-bit word */ #define U_INT8_Ta(x) ( (u_int8_t) (x>>24) ) diff --git a/crypto/chachapoly.c b/crypto/chachapoly.c index b4cdbea7b2..348435b1e5 100644 --- a/crypto/chachapoly.c +++ b/crypto/chachapoly.c @@ -19,7 +19,6 @@ #include #include -#include #include #include @@ -90,7 +89,7 @@ Chacha20_Poly1305_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen) int Chacha20_Poly1305_Update(void *xctx, const uint8_t *data, uint16_t len) { - static const char zeroes[POLY1305_BLOCK_LEN]; + static const unsigned char zeroes[POLY1305_BLOCK_LEN]; CHACHA20_POLY1305_CTX *ctx = xctx; size_t rem; @@ -126,22 +125,22 @@ chacha20poly1305_encrypt( const uint8_t key[CHACHA20POLY1305_KEY_SIZE] ) { poly1305_state poly1305_ctx; - chacha_ctx chacha_ctx; + chacha_ctx ctx; union { uint8_t b0[CHACHA20POLY1305_KEY_SIZE]; uint64_t lens[2]; } b = { { 0 } }; uint64_t le_nonce = htole64(nonce); - chacha_keysetup(&chacha_ctx, key, CHACHA20POLY1305_KEY_SIZE * 8); - chacha_ivsetup(&chacha_ctx, (uint8_t *) &le_nonce, NULL); - chacha_encrypt_bytes(&chacha_ctx, b.b0, b.b0, sizeof(b.b0)); + chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8); + chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL); + chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0)); poly1305_init(&poly1305_ctx, b.b0); poly1305_update(&poly1305_ctx, ad, ad_len); poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf); - chacha_encrypt_bytes(&chacha_ctx, (uint8_t *) src, dst, src_len); + chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, src_len); poly1305_update(&poly1305_ctx, dst, src_len); poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf); @@ -152,7 +151,7 @@ chacha20poly1305_encrypt( poly1305_finish(&poly1305_ctx, dst + src_len); - explicit_bzero(&chacha_ctx, sizeof(chacha_ctx)); + explicit_bzero(&ctx, sizeof(chacha_ctx)); explicit_bzero(&b, sizeof(b)); } @@ -167,7 +166,7 @@ chacha20poly1305_decrypt( const uint8_t key[CHACHA20POLY1305_KEY_SIZE] ) { poly1305_state poly1305_ctx; - chacha_ctx chacha_ctx; + chacha_ctx ctx; int ret; size_t dst_len; union { @@ -180,9 +179,9 @@ chacha20poly1305_decrypt( if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE) return 0; - chacha_keysetup(&chacha_ctx, key, CHACHA20POLY1305_KEY_SIZE * 8); - chacha_ivsetup(&chacha_ctx, (uint8_t *) &le_nonce, NULL); - chacha_encrypt_bytes(&chacha_ctx, b.b0, b.b0, sizeof(b.b0)); + chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8); + chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL); + chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0)); poly1305_init(&poly1305_ctx, b.b0); poly1305_update(&poly1305_ctx, ad, ad_len); @@ -200,9 +199,9 @@ chacha20poly1305_decrypt( ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE); if (!ret) - chacha_encrypt_bytes(&chacha_ctx, (uint8_t *) src, dst, dst_len); + chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, dst_len); - explicit_bzero(&chacha_ctx, sizeof(chacha_ctx)); + explicit_bzero(&ctx, sizeof(ctx)); explicit_bzero(&b, sizeof(b)); return !ret; diff --git a/crypto/cryptodev.c b/crypto/cryptodev.c index b704aac212..7b9f27c7bb 100644 --- a/crypto/cryptodev.c +++ b/crypto/cryptodev.c @@ -59,9 +59,9 @@ struct csession { u_int32_t ses; u_int32_t cipher; - struct enc_xform *txform; + const struct enc_xform *txform; u_int32_t mac; - struct auth_hash *thash; + const struct auth_hash *thash; caddr_t key; int keylen; @@ -105,8 +105,8 @@ struct csession *csefind(struct fcrypt *, u_int); int csedelete(struct fcrypt *, struct csession *); struct csession *cseadd(struct fcrypt *, struct csession *); struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t, - caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *, - struct auth_hash *); + caddr_t, u_int64_t, u_int32_t, u_int32_t, const struct enc_xform *, + const struct auth_hash *); int csefree(struct csession *); int cryptodev_op(struct csession *, struct crypt_op *, struct proc *); @@ -143,8 +143,8 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) struct csession *cse; struct session_op *sop; struct crypt_op *cop; - struct enc_xform *txform = NULL; - struct auth_hash *thash = NULL; + const struct enc_xform *txform = NULL; + const struct auth_hash *thash = NULL; u_int64_t sid; u_int32_t ses; int error = 0; @@ -155,9 +155,6 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) switch (sop->cipher) { case 0: break; - case CRYPTO_DES_CBC: - txform = &enc_xform_des; - break; case CRYPTO_3DES_CBC: txform = &enc_xform_3des; break; @@ -168,7 +165,7 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) txform = &enc_xform_cast5; break; case CRYPTO_AES_CBC: - txform = &enc_xform_rijndael128; + txform = &enc_xform_aes; break; case CRYPTO_AES_CTR: txform = &enc_xform_aes_ctr; @@ -176,9 +173,6 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) case CRYPTO_AES_XTS: txform = &enc_xform_aes_xts; break; - case CRYPTO_ARC4: - txform = &enc_xform_arc4; - break; case CRYPTO_NULL: txform = &enc_xform_null; break; @@ -189,7 +183,6 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) switch (sop->mac) { case 0: break; -#if 0 case CRYPTO_MD5_HMAC: thash = &auth_hash_hmac_md5_96; break; @@ -199,13 +192,18 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) case CRYPTO_RIPEMD160_HMAC: thash = &auth_hash_hmac_ripemd_160_96; break; - case CRYPTO_MD5: - thash = &auth_hash_md5; + case CRYPTO_SHA2_256_HMAC: + thash = &auth_hash_hmac_sha2_256_128; break; - case CRYPTO_SHA1: - thash = &auth_hash_sha1; + case CRYPTO_SHA2_384_HMAC: + thash = &auth_hash_hmac_sha2_384_192; + break; + case CRYPTO_SHA2_512_HMAC: + thash = &auth_hash_hmac_sha2_512_256; + break; + case CRYPTO_AES_128_GMAC: + thash = &auth_hash_gmac_aes_128; break; -#endif default: return (EINVAL); } @@ -234,7 +232,7 @@ cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) if (thash) { cria.cri_alg = thash->type; cria.cri_klen = sop->mackeylen * 8; - if (sop->mackeylen != thash->keysize) { + if (sop->mackeylen > thash->keysize) { error = EINVAL; goto bail; } @@ -660,7 +658,8 @@ cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) { struct file *f; struct fcrypt *fcr; - int fd, error; + int fd; + int error = 0; switch (cmd) { case CRIOGET: @@ -725,7 +724,7 @@ cseadd(struct fcrypt *fcr, struct csession *cse) struct csession * csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac, - struct enc_xform *txform, struct auth_hash *thash) + const struct enc_xform *txform, const struct auth_hash *thash) { struct csession *cse; @@ -741,6 +740,7 @@ csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen, cse->mac = mac; cse->txform = txform; cse->thash = thash; + cse->error = 0; cseadd(fcr, cse); return (cse); } diff --git a/crypto/cryptosoft.c b/crypto/cryptosoft.c index 8715bed9e4..912f67d914 100644 --- a/crypto/cryptosoft.c +++ b/crypto/cryptosoft.c @@ -103,7 +103,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, { unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; unsigned char *ivp, *nivp, iv2[EALG_MAX_BLOCK_LEN]; - struct enc_xform *exf; + const struct enc_xform *exf; int i, k, j, blks, ind, count, ivlen; struct mbuf *m = NULL; struct uio *uio = NULL; @@ -150,7 +150,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, * handling themselves. */ if (exf->reinit) - exf->reinit(sw->sw_kschedule, iv); + exf->reinit((caddr_t)sw->sw_kschedule, iv); if (outtype == CRYPTO_BUF_MBUF) { /* Find beginning of data */ @@ -171,10 +171,10 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, /* Actual encryption/decryption */ if (exf->reinit) { if (crd->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(sw->sw_kschedule, + exf->encrypt((caddr_t)sw->sw_kschedule, blk); } else { - exf->decrypt(sw->sw_kschedule, + exf->decrypt((caddr_t)sw->sw_kschedule, blk); } } else if (crd->crd_flags & CRD_F_ENCRYPT) { @@ -182,7 +182,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, for (j = 0; j < blks; j++) blk[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, blk); + exf->encrypt((caddr_t)sw->sw_kschedule, blk); /* * Keep encrypted block for XOR'ing @@ -198,7 +198,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, nivp = (ivp == iv) ? iv2 : iv; bcopy(blk, nivp, blks); - exf->decrypt(sw->sw_kschedule, blk); + exf->decrypt((caddr_t)sw->sw_kschedule, blk); /* XOR with previous block */ for (j = 0; j < blks; j++) @@ -422,7 +422,7 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, int outtype) { unsigned char aalg[AALG_MAX_RESULT_LEN]; - struct auth_hash *axf; + const struct auth_hash *axf; union authctx ctx; int err; @@ -464,27 +464,13 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, axf->Update(&ctx, aalg, axf->hashsize); axf->Final(aalg, &ctx); break; - - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - if (sw->sw_octx == NULL) - return EINVAL; - - axf->Update(&ctx, sw->sw_octx, sw->sw_klen); - axf->Final(aalg, &ctx); - break; - - case CRYPTO_MD5: - case CRYPTO_SHA1: - axf->Final(aalg, &ctx); - break; } /* Inject the authentication data */ if (outtype == CRYPTO_BUF_MBUF) - COPYBACK(outtype, buf, crd->crd_inject, axf->authsize, aalg); + COPYBACK(outtype, buf, crd->crd_inject, axf->hashsize, aalg); else - bcopy(aalg, crp->crp_mac, axf->authsize); + bcopy(aalg, crp->crp_mac, axf->hashsize); return 0; } @@ -502,8 +488,8 @@ swcr_authenc(struct cryptop *crp) union authctx ctx; struct cryptodesc *crd, *crda = NULL, *crde = NULL; struct swcr_data *sw, *swa, *swe = NULL; - struct auth_hash *axf = NULL; - struct enc_xform *exf = NULL; + const struct auth_hash *axf = NULL; + const struct enc_xform *exf = NULL; struct mbuf *m = NULL; struct uio *uio = NULL; caddr_t buf = (caddr_t)crp->crp_buf; @@ -523,6 +509,7 @@ swcr_authenc(struct cryptop *crp) switch (sw->sw_alg) { case CRYPTO_AES_GCM_16: case CRYPTO_AES_GMAC: + case CRYPTO_CHACHA20_POLY1305: swe = sw; crde = crd; exf = swe->sw_exf; @@ -531,6 +518,7 @@ swcr_authenc(struct cryptop *crp) case CRYPTO_AES_128_GMAC: case CRYPTO_AES_192_GMAC: case CRYPTO_AES_256_GMAC: + case CRYPTO_CHACHA20_POLY1305_MAC: swa = sw; crda = crd; axf = swa->sw_axf; @@ -609,7 +597,7 @@ swcr_authenc(struct cryptop *crp) } if (exf->reinit) - exf->reinit(swe->sw_kschedule, iv); + exf->reinit((caddr_t)swe->sw_kschedule, iv); /* Do encryption/decryption with MAC */ for (i = 0; i < crde->crd_len; i += blksz) { @@ -618,11 +606,11 @@ swcr_authenc(struct cryptop *crp) bzero(blk, blksz); COPYDATA(outtype, buf, crde->crd_skip + i, len, blk); if (crde->crd_flags & CRD_F_ENCRYPT) { - exf->encrypt(swe->sw_kschedule, blk); + exf->encrypt((caddr_t)swe->sw_kschedule, blk); axf->Update(&ctx, blk, len); } else { axf->Update(&ctx, blk, len); - exf->decrypt(swe->sw_kschedule, blk); + exf->decrypt((caddr_t)swe->sw_kschedule, blk); } COPYBACK(outtype, buf, crde->crd_skip + i, len, blk); } @@ -640,6 +628,15 @@ swcr_authenc(struct cryptop *crp) *blkp = htobe32(crde->crd_len * 8); axf->Update(&ctx, blk, blksz); break; + case CRYPTO_CHACHA20_POLY1305_MAC: + /* length block */ + bzero(blk, axf->hashsize); + blkp = (uint32_t *)blk; + *blkp = htole32(aadlen); + blkp = (uint32_t *)blk + 2; + *blkp = htole32(crde->crd_len); + axf->Update(&ctx, blk, axf->hashsize); + break; } /* Finalize MAC */ @@ -662,7 +659,7 @@ swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, int outtype) { u_int8_t *data, *out; - struct comp_algo *cxf; + const struct comp_algo *cxf; int adj; u_int32_t result; @@ -737,9 +734,9 @@ int swcr_newsession(u_int32_t *sid, struct cryptoini *cri) { struct swcr_data **swd; - struct auth_hash *axf; - struct enc_xform *txf; - struct comp_algo *cxf; + const struct auth_hash *axf; + const struct enc_xform *txf; + const struct comp_algo *cxf; u_int32_t i; int k; @@ -792,9 +789,6 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) } switch (cri->cri_alg) { - case CRYPTO_DES_CBC: - txf = &enc_xform_des; - goto enccommon; case CRYPTO_3DES_CBC: txf = &enc_xform_3des; goto enccommon; @@ -804,8 +798,8 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) case CRYPTO_CAST_CBC: txf = &enc_xform_cast5; goto enccommon; - case CRYPTO_RIJNDAEL128_CBC: - txf = &enc_xform_rijndael128; + case CRYPTO_AES_CBC: + txf = &enc_xform_aes; goto enccommon; case CRYPTO_AES_CTR: txf = &enc_xform_aes_ctr; @@ -820,6 +814,9 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) txf = &enc_xform_aes_gmac; (*swd)->sw_exf = txf; break; + case CRYPTO_CHACHA20_POLY1305: + txf = &enc_xform_chacha20_poly1305; + goto enccommon; case CRYPTO_NULL: txf = &enc_xform_null; goto enccommon; @@ -832,8 +829,9 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) return EINVAL; } } - if (txf->setkey((*swd)->sw_kschedule, cri->cri_key, - cri->cri_klen / 8) < 0) { + if (txf->setkey((*swd)->sw_kschedule, + (uint8_t *)cri->cri_key, + cri->cri_klen / 8) < 0) { swcr_freesession(i); return EINVAL; } @@ -876,7 +874,7 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) cri->cri_key[k] ^= HMAC_IPAD_VAL; axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, + axf->Update((*swd)->sw_ictx, (uint8_t *)cri->cri_key, cri->cri_klen / 8); axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, axf->blocksize - (cri->cri_klen / 8)); @@ -885,7 +883,7 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); axf->Init((*swd)->sw_octx); - axf->Update((*swd)->sw_octx, cri->cri_key, + axf->Update((*swd)->sw_octx, (uint8_t *)cri->cri_key, cri->cri_klen / 8); axf->Update((*swd)->sw_octx, hmac_opad_buffer, axf->blocksize - (cri->cri_klen / 8)); @@ -895,55 +893,6 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) (*swd)->sw_axf = axf; break; - case CRYPTO_MD5_KPDK: - axf = &auth_hash_key_md5; - goto auth2common; - - case CRYPTO_SHA1_KPDK: - axf = &auth_hash_key_sha1; - auth2common: - (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_ictx == NULL) { - swcr_freesession(i); - return ENOBUFS; - } - - /* Store the key so we can "append" it to the payload */ - (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_octx == NULL) { - swcr_freesession(i); - return ENOBUFS; - } - - (*swd)->sw_klen = cri->cri_klen / 8; - bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Final(NULL, (*swd)->sw_ictx); - (*swd)->sw_axf = axf; - break; - - case CRYPTO_MD5: - axf = &auth_hash_md5; - goto auth3common; - - case CRYPTO_SHA1: - axf = &auth_hash_sha1; - auth3common: - (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_ictx == NULL) { - swcr_freesession(i); - return ENOBUFS; - } - - axf->Init((*swd)->sw_ictx); - (*swd)->sw_axf = axf; - break; - case CRYPTO_AES_128_GMAC: axf = &auth_hash_gmac_aes_128; goto auth4common; @@ -954,6 +903,11 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) case CRYPTO_AES_256_GMAC: axf = &auth_hash_gmac_aes_256; + goto auth4common; + + case CRYPTO_CHACHA20_POLY1305_MAC: + axf = &auth_hash_chacha20_poly1305; + auth4common: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); @@ -962,7 +916,7 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) return ENOBUFS; } axf->Init((*swd)->sw_ictx); - axf->Setkey((*swd)->sw_ictx, cri->cri_key, + axf->Setkey((*swd)->sw_ictx, (uint8_t *)cri->cri_key, cri->cri_klen / 8); (*swd)->sw_axf = axf; break; @@ -993,8 +947,8 @@ int swcr_freesession(u_int64_t tid) { struct swcr_data *swd; - struct enc_xform *txf; - struct auth_hash *axf; + const struct enc_xform *txf; + const struct auth_hash *axf; u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; if (sid > swcr_sesnum || swcr_sessions == NULL || @@ -1009,7 +963,6 @@ swcr_freesession(u_int64_t tid) swcr_sessions[sid] = swd->sw_next; switch (swd->sw_alg) { - case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_BLF_CBC: case CRYPTO_CAST_CBC: @@ -1018,6 +971,7 @@ swcr_freesession(u_int64_t tid) case CRYPTO_AES_XTS: case CRYPTO_AES_GCM_16: case CRYPTO_AES_GMAC: + case CRYPTO_CHACHA20_POLY1305: case CRYPTO_NULL: txf = swd->sw_exf; @@ -1045,25 +999,10 @@ swcr_freesession(u_int64_t tid) } break; - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - axf = swd->sw_axf; - - if (swd->sw_ictx) { - explicit_bzero(swd->sw_ictx, axf->ctxsize); - free(swd->sw_ictx, M_CRYPTO_DATA, 0); - } - if (swd->sw_octx) { - explicit_bzero(swd->sw_octx, swd->sw_klen); - free(swd->sw_octx, M_CRYPTO_DATA, 0); - } - break; - case CRYPTO_AES_128_GMAC: case CRYPTO_AES_192_GMAC: case CRYPTO_AES_256_GMAC: - case CRYPTO_MD5: - case CRYPTO_SHA1: + case CRYPTO_CHACHA20_POLY1305_MAC: axf = swd->sw_axf; if (swd->sw_ictx) { @@ -1135,7 +1074,6 @@ swcr_process(struct cryptop *crp) switch (sw->sw_alg) { case CRYPTO_NULL: break; - case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_BLF_CBC: case CRYPTO_CAST_CBC: @@ -1152,10 +1090,6 @@ swcr_process(struct cryptop *crp) case CRYPTO_SHA2_256_HMAC: case CRYPTO_SHA2_384_HMAC: case CRYPTO_SHA2_512_HMAC: - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - case CRYPTO_MD5: - case CRYPTO_SHA1: if ((crp->crp_etype = swcr_authcompute(crp, crd, sw, crp->crp_buf, type)) != 0) goto done; @@ -1166,6 +1100,8 @@ swcr_process(struct cryptop *crp) case CRYPTO_AES_128_GMAC: case CRYPTO_AES_192_GMAC: case CRYPTO_AES_256_GMAC: + case CRYPTO_CHACHA20_POLY1305: + case CRYPTO_CHACHA20_POLY1305_MAC: crp->crp_etype = swcr_authenc(crp); goto done; @@ -1207,17 +1143,12 @@ swcr_init(void) bzero(algs, sizeof(algs)); - algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_BLF_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_CAST_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_RIPEMD160_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_MD5_KPDK] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_SHA1_KPDK] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_MD5] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_SHA1] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_RIJNDAEL128_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_CTR] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_XTS] = CRYPTO_ALG_FLAG_SUPPORTED; @@ -1231,6 +1162,8 @@ swcr_init(void) algs[CRYPTO_AES_128_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_192_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_AES_256_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_CHACHA20_POLY1305] = CRYPTO_ALG_FLAG_SUPPORTED; + algs[CRYPTO_CHACHA20_POLY1305_MAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_ESN] = CRYPTO_ALG_FLAG_SUPPORTED; crypto_register(swcr_id, algs, swcr_newsession, diff --git a/crypto/des_locl.h b/crypto/des_locl.h index a9f3801069..3373336105 100644 --- a/crypto/des_locl.h +++ b/crypto/des_locl.h @@ -68,7 +68,7 @@ typedef struct des_ks_struct #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) -void des_encrypt2(u_int32_t *data,des_key_schedule ks, int enc); +void des_encrypt2(u_int32_t *data,caddr_t ks, int enc); #define ITERATIONS 16 diff --git a/crypto/ecb3_enc.c b/crypto/ecb3_enc.c index 6fdb9f9d4d..50cf7a837a 100644 --- a/crypto/ecb3_enc.c +++ b/crypto/ecb3_enc.c @@ -50,8 +50,8 @@ #include "des_locl.h" void -des_ecb3_encrypt(des_cblock (*input), des_cblock (*output), - des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, +des_ecb3_encrypt(caddr_t (*input), caddr_t (*output), + caddr_t ks1, caddr_t ks2, caddr_t ks3, int encrypt) { register u_int32_t l0, l1; diff --git a/crypto/ecb_enc.c b/crypto/ecb_enc.c index fa20c81f4f..5b08c59a74 100644 --- a/crypto/ecb_enc.c +++ b/crypto/ecb_enc.c @@ -51,7 +51,7 @@ #include "spr.h" void -des_encrypt2(u_int32_t *data, des_key_schedule ks, int encrypt) +des_encrypt2(u_int32_t *data, caddr_t ks, int encrypt) { register u_int32_t l, r, t, u; #ifdef DES_USE_PTR diff --git a/crypto/key_wrap.c b/crypto/key_wrap.c index adbc11bc54..bb7a737578 100644 --- a/crypto/key_wrap.c +++ b/crypto/key_wrap.c @@ -61,7 +61,7 @@ aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C) memcpy(&B[0], A, 8); memcpy(&B[1], R, 8); /* B = AES(K, B) */ - AES_Encrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B); + AES_Encrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B); /* MSB(64, B) = MSB(64, B) ^ t */ B[0] ^= htobe64(t); /* A = MSB(64, B) */ @@ -96,7 +96,7 @@ aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n) /* B = MSB(64, B) | R[i] */ memcpy(&B[1], R, 8); /* B = AES-1(K, B) */ - AES_Decrypt(&ctx->ctx, (caddr_t)B, (caddr_t)B); + AES_Decrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B); /* A = MSB(64, B) */ memcpy(A, &B[0], 8); /* R[i] = LSB(64, B) */ diff --git a/crypto/poly1305.c b/crypto/poly1305.c index 3f7aec4442..ce33b0fde9 100644 --- a/crypto/poly1305.c +++ b/crypto/poly1305.c @@ -8,7 +8,7 @@ #include #include -#include "poly1305.h" +#include /* * poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication diff --git a/crypto/xform.c b/crypto/xform.c index 5b22ce02e2..f36c99e140 100644 --- a/crypto/xform.c +++ b/crypto/xform.c @@ -66,6 +66,8 @@ #include #include +#include "des_locl.h" + extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int); int des_set_key(void *, caddr_t); @@ -311,13 +313,13 @@ const struct comp_algo comp_algo_deflate = { void des3_encrypt(caddr_t key, u_int8_t *blk) { - des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1); + des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key, key + 128, key + 256, 1); } void des3_decrypt(caddr_t key, u_int8_t *blk) { - des_ecb3_encrypt(blk, blk, key + 256, key + 128, key, 0); + des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key + 256, key + 128, key, 0); } int diff --git a/include/crypto/cryptodev.h b/include/crypto/cryptodev.h index 69911e7e0e..501d0f005e 100644 --- a/include/crypto/cryptodev.h +++ b/include/crypto/cryptodev.h @@ -82,35 +82,30 @@ /* Maximum hash algorithm result length */ #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */ -#define CRYPTO_DES_CBC 1 -#define CRYPTO_3DES_CBC 2 -#define CRYPTO_BLF_CBC 3 -#define CRYPTO_CAST_CBC 4 -#define CRYPTO_MD5_HMAC 6 -#define CRYPTO_SHA1_HMAC 7 -#define CRYPTO_RIPEMD160_HMAC 8 -#define CRYPTO_MD5_KPDK 9 -#define CRYPTO_SHA1_KPDK 10 -#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ -#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ -#define CRYPTO_ARC4 12 -#define CRYPTO_MD5 13 -#define CRYPTO_SHA1 14 -#define CRYPTO_DEFLATE_COMP 15 /* Deflate compression algorithm */ -#define CRYPTO_NULL 16 -#define CRYPTO_LZS_COMP 17 /* LZS compression algorithm */ -#define CRYPTO_SHA2_256_HMAC 18 -#define CRYPTO_SHA2_384_HMAC 19 -#define CRYPTO_SHA2_512_HMAC 20 -#define CRYPTO_AES_CTR 21 -#define CRYPTO_AES_XTS 22 -#define CRYPTO_AES_GCM_16 23 -#define CRYPTO_AES_128_GMAC 24 -#define CRYPTO_AES_192_GMAC 25 -#define CRYPTO_AES_256_GMAC 26 -#define CRYPTO_AES_GMAC 27 -#define CRYPTO_ESN 28 /* Support for Extended Sequence Numbers */ -#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated */ +#define CRYPTO_3DES_CBC 1 +#define CRYPTO_BLF_CBC 2 +#define CRYPTO_CAST_CBC 3 +#define CRYPTO_MD5_HMAC 4 +#define CRYPTO_SHA1_HMAC 5 +#define CRYPTO_RIPEMD160_HMAC 6 +#define CRYPTO_RIJNDAEL128_CBC 7 /* 128 bit blocksize */ +#define CRYPTO_AES_CBC 7 /* 128 bit blocksize -- the same as above */ +#define CRYPTO_DEFLATE_COMP 8 /* Deflate compression algorithm */ +#define CRYPTO_NULL 9 +#define CRYPTO_SHA2_256_HMAC 11 +#define CRYPTO_SHA2_384_HMAC 12 +#define CRYPTO_SHA2_512_HMAC 13 +#define CRYPTO_AES_CTR 14 +#define CRYPTO_AES_XTS 15 +#define CRYPTO_AES_GCM_16 16 +#define CRYPTO_AES_128_GMAC 17 +#define CRYPTO_AES_192_GMAC 18 +#define CRYPTO_AES_256_GMAC 19 +#define CRYPTO_AES_GMAC 20 +#define CRYPTO_CHACHA20_POLY1305 21 +#define CRYPTO_CHACHA20_POLY1305_MAC 22 +#define CRYPTO_ESN 23 /* Support for Extended Sequence Numbers */ +#define CRYPTO_ALGORITHM_MAX 23 /* Keep updated */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ diff --git a/include/crypto/cryptosoft.h b/include/crypto/cryptosoft.h index 070b974abc..4faef578f7 100644 --- a/include/crypto/cryptosoft.h +++ b/include/crypto/cryptosoft.h @@ -32,15 +32,15 @@ struct swcr_data { u_int8_t *SW_ictx; u_int8_t *SW_octx; u_int32_t SW_klen; - struct auth_hash *SW_axf; + const struct auth_hash *SW_axf; } SWCR_AUTH; struct { u_int8_t *SW_kschedule; - struct enc_xform *SW_exf; + const struct enc_xform *SW_exf; } SWCR_ENC; struct { u_int32_t SW_size; - struct comp_algo *SW_cxf; + const struct comp_algo *SW_cxf; } SWCR_COMP; } SWCR_UN;