| History log of /src/sys/opencrypto/xform.c |
| Revision | | Date | Author | Comments |
| 1.31 |
| 30-Jun-2020 |
riastradh | Rename enc_xform_rijndael128 -> enc_xform_aes.
Update netipsec dependency.
|
| 1.30 |
| 29-Jun-2020 |
riastradh | opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size
of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this
doesn't break any kernel ABI.
|
| 1.29 |
| 06-Jul-2017 |
ozaki-r | Apply C99-style struct initialization to enc_xform, auth_hash and comp_algo
|
| 1.28 |
| 26-May-2011 |
drochner | branches: 1.28.14; 1.28.32; 1.28.48;
pull in AES-GCM/GMAC support from OpenBSD
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
|
| 1.27 |
| 24-May-2011 |
drochner | copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
|
| 1.26 |
| 24-May-2011 |
drochner | move the "context size" struct member (which is a pure software
implementation thing) from the abstract xform descriptor to
the cryptosoft implementation part -- for sanity, and now clients
of opencrypto don't depend on headers of cipher implementations anymore
|
| 1.25 |
| 23-May-2011 |
drochner | add an AES-CTR xform, from OpenBSD
|
| 1.24 |
| 23-May-2011 |
drochner | -in the descriptor for encryption xforms, split the "blocksize" field
into "blocksize" and "IV size"
-add an "reinit" function pointer which, if set, means that the xform
does its IV handling itself and doesn't want the default CBC handling
by the framework (poor name, but left that way to avoid unecessary
differences)
This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms.
Refer to ivsize instead of blocksize where appropriate.
(At this point, blocksize and ivsize are identical.)
|
| 1.23 |
| 21-May-2011 |
drochner | sync minimum key size for AES with reality
|
| 1.22 |
| 05-May-2011 |
drochner | make camellia-cbc known to the opencrypto framework
|
| 1.21 |
| 09-Mar-2011 |
drochner | const'fy algorithm descriptors
|
| 1.20 |
| 25-Feb-2011 |
drochner | make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards:
-RFC2104 says that the block size of the hash algorithm must be used
for key/ipad/opad calculations. While formerly all ciphers used a block
length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the
HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash"
for the per-cipher blocksize.
-Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name
anymore. Replace this by 3 for the 3 different keysizes.
This was done by Open/FreeBSD before.
-Also fix the number of authenticator bits used tor ESP and AH to
conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did
assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used,
because the latter doesn't implement these standards. It should
interoperate with at least modern Free/OpenBSD now.
(I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
| 1.19 |
| 24-Feb-2011 |
drochner | small modifications in dealing with the unknown result size of compression/
decompression:
-seperate the IPCOMP specific rule that compression must not grow the
data from general compression semantics: Introduce a special name
CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe
the IPCOMP semantics and use it there. (being here, fix the check
so that equal size is considered failure as well as required by
RFC2393)
Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get
deflated data back, even if they are not smaller than the original.
-allow to pass a "size hint" to the DEFLATE decompression function
which is used for the initial buffer allocation. Due to the changes
done there, additional allocations and extra copies are avoided if the
initial allocation is sufficient. Set the size hint to MCLBYTES (=2k)
in IPCOMP which should be good for many use cases.
|
| 1.18 |
| 25-Mar-2009 |
darran | branches: 1.18.4; 1.18.6; 1.18.8;
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be
specified when its not the same size as the input buffer (i.e. for
operations like compress and decompress).
The crypto_op and crypt_n_op structures gain a u_int dst_len field.
The session_op structure gains a comp_alg field to specify a compression
algorithm.
Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT,
and CIOCNCRYPTM.
Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION,
OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which
implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally
useful and provide a place to start normalizing the various crc32 routines
in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
| 1.17 |
| 28-Feb-2008 |
tls | branches: 1.17.4; 1.17.12; 1.17.14; 1.17.18; 1.17.22;
From Darran Hunt: you can't just specify the "wrong" underlying algorithm
with the "right" output size in the xform declaration and have the _96
HMAC variants work -- the actual algorithm machinery (hardware or software)
ignores the output-size parameter, it's just there to inform the interface
consumer.
This should fix FAST_IPSEC.
|
| 1.16 |
| 02-Feb-2008 |
tls | branches: 1.16.2; 1.16.6;
From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless
actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
| 1.15 |
| 25-Nov-2005 |
thorpej | branches: 1.15.46; 1.15.52;
- De-couple the software crypto implementation from the rest of the
framework. There is no need to waste the space if you are only using
algoritms provided by hardware accelerators. To get the software
implementations, add "pseudo-device swcr" to your kernel config.
- Lazily initialize the opencrypto framework when crypto drivers
(either hardware or swcr) register themselves with the framework.
|
| 1.14 |
| 29-May-2005 |
christos | branches: 1.14.2; 1.14.8;
Sprinkle const.
|
| 1.13 |
| 18-Nov-2003 |
jonathan | branches: 1.13.4;
Remove erroneous '2 *' from 'bzero(*sched, 2 * sizeof(rijndael_ctx));'
After using AES from sys/crypto, we only malloc sizeof(rijndael_ctx),
and we were bzero()ing past the end of the aes ctx, leading to panics.
|
| 1.12 |
| 16-Nov-2003 |
tls | Move the Skipjack algorithm from sys/opencrypto to sys/crypto/skipjack.
There are now no cryptographic algorithms in sys/opencrypto, which,
according to the comment formerly in files.opencrypto, was the original
intent.
|
| 1.11 |
| 27-Aug-2003 |
thorpej | Fix-up a few things missed in the rijndael_set_key() change.
|
| 1.10 |
| 27-Aug-2003 |
itojun | simplify rijndael.c API - always schedule encrypt/decrypt key.
reviewed by thorpej
|
| 1.9 |
| 27-Aug-2003 |
thorpej | Some const poisoning.
|
| 1.8 |
| 27-Aug-2003 |
thorpej | Use the Blowfish in crypto/blowfish, which has hooks for using tuned
assembly for the transform.
|
| 1.7 |
| 26-Aug-2003 |
thorpej | Move the opencrypto CAST-128 implementation to crypto/cast128, removing
the old one. Rename the functions/structures from cast_* to cast128_*.
Adapt the KAME IPsec to use the new CAST-128 code, which has a simpler
API and smaller footprint.
|
| 1.6 |
| 26-Aug-2003 |
thorpej | G/C extra /.
|
| 1.5 |
| 26-Aug-2003 |
thorpej | G/C opencrypto's local copy of rijndael. Adapt the extant rijndael
code for opencrypto's use by adding the simplified API that opencrypto
expects.
|
| 1.4 |
| 25-Aug-2003 |
thorpej | It's bad form to use the <opencrypto/rmd160.h> header file while
using the crypto/ripemd160/rmd160.c implementation. Remove the
opencrypto-local copies of these files entirely.
|
| 1.3 |
| 01-Aug-2003 |
itojun | keyed-{sha1,md5} should not be truncated to 96 bits. markus@openbsd
|
| 1.2 |
| 28-Jul-2003 |
jonathan | Remove vestiges of OpenBSD <sys/md5k.h> header.
|
| 1.1 |
| 25-Jul-2003 |
jonathan | Commit initial NetBSD port of the OpenCrypto Framework (OCF). This
code is derived from Sam Leffler's FreeBSD port of OCF, which is in
turn a port of Angelos Keromytis's OpenBSD work.
Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
| 1.13.4.6 |
| 11-Dec-2005 |
christos | Sync with head.
|
| 1.13.4.5 |
| 10-Nov-2005 |
skrll | Sync with HEAD. Here we go again...
|
| 1.13.4.4 |
| 21-Sep-2004 |
skrll | Fix the sync with head I botched.
|
| 1.13.4.3 |
| 18-Sep-2004 |
skrll | Sync with HEAD.
|
| 1.13.4.2 |
| 03-Aug-2004 |
skrll | Sync with HEAD
|
| 1.13.4.1 |
| 18-Nov-2003 |
skrll | file xform.c was added on branch ktrace-lwp on 2004-08-03 10:56:25 +0000
|
| 1.14.8.1 |
| 29-Nov-2005 |
yamt | sync with head.
|
| 1.14.2.3 |
| 17-Mar-2008 |
yamt | sync with head.
|
| 1.14.2.2 |
| 04-Feb-2008 |
yamt | sync with head.
|
| 1.14.2.1 |
| 21-Jun-2006 |
yamt | sync with head.
|
| 1.15.52.1 |
| 18-Feb-2008 |
mjf | Sync with HEAD.
|
| 1.15.46.1 |
| 23-Mar-2008 |
matt | sync with HEAD
|
| 1.16.6.1 |
| 03-Apr-2008 |
mjf | Sync with HEAD.
|
| 1.16.2.1 |
| 24-Mar-2008 |
keiichi | sync with head.
|
| 1.17.22.1 |
| 20-May-2011 |
matt | bring matt-nb5-mips64 up to date with netbsd-5-1-RELEASE (except compat).
|
| 1.17.18.1 |
| 13-May-2009 |
jym | Sync with HEAD.
Commit is split, to avoid a "too many arguments" protocol error.
|
| 1.17.14.1 |
| 03-May-2009 |
snj | Pull up following revision(s) (requested by tls in ticket #611):
sys/lib/libkern/Makefile: patch
sys/lib/libkern/crc32.c: revision 1.1
sys/lib/libkern/crc32.h: revision 1.1
sys/lib/libkern/libkern.h: revision 1.89
sys/lib/libkern/arch/i386/Makefile.inc: revision 1.28
sys/net/zlib.h: revision 1.14 via patch
sys/opencrypto/crypto.c: revision 1.33
sys/opencrypto/cryptodev.c: revision 1.46
sys/opencrypto/cryptodev.h: revision 1.16
sys/opencrypto/cryptosoft.c: revision 1.24
sys/opencrypto/cryptosoft.h: revision 1.6
sys/opencrypto/deflate.h: revision 1.6
sys/opencrypto/cryptosoft_xform.c: revision 1.12
sys/opencrypto/deflate.c: revision 1.13
sys/opencrypto/files.opencrypto: revision 1.20
sys/opencrypto/ocryptodev.c: revision 1.1
sys/opencrypto/ocryptodev.h: revision 1.1
sys/opencrypto/xform.c: revision 1.18
sys/opencrypto/xform.h: revision 1.10
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be
specified when its not the same size as the input buffer (i.e. for
operations like compress and decompress).
The crypto_op and crypt_n_op structures gain a u_int dst_len field.
The session_op structure gains a comp_alg field to specify a compression
algorithm.
Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT,
and CIOCNCRYPTM.
Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION,
OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which
implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally
useful and provide a place to start normalizing the various crc32 routines
in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
| 1.17.12.1 |
| 28-Apr-2009 |
skrll | Sync with HEAD.
|
| 1.17.4.1 |
| 04-May-2009 |
yamt | sync with head.
|
| 1.18.8.1 |
| 05-Mar-2011 |
bouyer | Sync with HEAD
|
| 1.18.6.1 |
| 06-Jun-2011 |
jruoho | Sync with HEAD.
|
| 1.18.4.3 |
| 31-May-2011 |
rmind | sync with head
|
| 1.18.4.2 |
| 21-Apr-2011 |
rmind | sync with head
|
| 1.18.4.1 |
| 05-Mar-2011 |
rmind | sync with head
|
| 1.28.48.1 |
| 05-Aug-2017 |
snj | Pull up following revision(s) (requested by knakahara in ticket #178):
sys/opencrypto/crypto.c: 1.92-1.100
sys/opencrypto/cryptodev.h: 1.38-1.39
sys/opencrypto/ocryptodev.c: 1.9-1.11
sys/opencrypto/xform.c: revision 1.29
sys/opencrypto/xform.h: revision 1.20
KNF
--
Apply C99-style struct initialization to enc_xform, auth_hash and comp_algo
--
make cryptoret() context softint to balance dequeuing crypto_ret_q with enqueuing it.
--
fix panic when using ecryption devices attached earlier than ipi_sysinit().
pointed out and tested by martin@n.o, thanks.
--
fix typo
--
make crp_{,k}q percpu to scale crypto_dispatch().
update locking note later.
--
divide crp_ret_{,k}q by CPU to avoid reordering.
update locking note later.
--
update locking notes of opencrypto(9)
--
Don't disclose uninitialized 32-bit word if cryptodev_session fails.
From Ilja Van Sprundel.
--
Avert userland-controlled integer overflow.
From Ilja Van Sprundel.
--
Avoid another userland-controlled integer overflow.
From Ilja Van Sprundel.
--
refactor: remove glue macros for FreeBSD code.
--
pack crypto_drivers variables to struct and add cacheline_aligned qualifier.
--
use kmem_alloc KPI instead of malloc KPI.
--
use pool_cache(9) instead of pool(9) as they can be called concurrently.
|
| 1.28.32.1 |
| 28-Aug-2017 |
skrll | Sync with HEAD
|
| 1.28.14.1 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
