MFC r275732:

Add some new modes to OpenCrypto. These modes are AES-ICM (can be used for counter mode), and AES-GCM. Both of these modes have been added to the aesni module. Included is a set of tests to validate that the software and aesni module calculate the correct values. These use the NIST KAT test vectors. To run the test, you will need to install a soon to be committed port, nist-kat that will install the vectors. Using a port is necessary as the test vectors are around 25MB. All the man pages were updated. I have added a new man page, crypto.7, which includes a description of how to use each mode. All the new modes and some other AES modes are present. It would be good for someone else to go through and document the other modes. A new ioctl was added to support AEAD modes which AES-GCM is one of them. Without this ioctl, it is not possible to test AEAD modes from userland. Add a timing safe bcmp for use to compare MACs. Previously we were using bcmp which could leak timing info and result in the ability to forge messages. Add a minor optimization to the aesni module so that single segment mbufs don't get copied and instead are updated in place. The aesni module needs to be updated to support blocked IO so segmented mbufs don't have to be copied. We require that the IV be specified for all calls for both GCM and ICM. This is to ensure proper use of these functions. Obtained from: p4: //depot/projects/opencrypto Relnotes: yes Sponsored by: FreeBSD Foundation Sponsored by: NetGate TAG: IPSEC-HEAD Issue: #4841
author: Luiz Otavio O Souza <luiz@netgate.com> 2015-09-15 15:02:02 -0500
committer: Luiz Otavio O Souza <luiz@netgate.com> 2015-10-20 11:59:21 -0500
commit: 3e2955ce87fb70f51cb4d13cfa1956d43edc8e08 (patch)
tree: ca11dc259da2bb28d10458208d846a69cd16410a /sys/opencrypto/cryptodev.h
parent: 82ee4ca3e0bb2f1da94a38331871a29f2760aea8 (diff)
download: FreeBSD-src-3e2955ce87fb70f51cb4d13cfa1956d43edc8e08.zip
FreeBSD-src-3e2955ce87fb70f51cb4d13cfa1956d43edc8e08.tar.gz
1 files changed, 78 insertions, 32 deletions
diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index e299522..f434843 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h
@@ -23,6 +23,12 @@
  * PURPOSE.
  *
  * Copyright (c) 2001 Theo de Raadt
+ * Copyright (c) 2014 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * Portions of this software were developed by John-Mark Gurney
+ * under sponsorship of the FreeBSD Foundation and
+ * Rubicon Communications, LLC (Netgate).
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -100,20 +106,23 @@
 #define CAMELLIA_BLOCK_LEN	16
 #define EALG_MAX_BLOCK_LEN	AES_BLOCK_LEN /* Keep this updated */
 
+/* Maximum hash algorithm result length */
+#define AALG_MAX_RESULT_LEN	64 /* Keep this updated */
+
 #define	CRYPTO_ALGORITHM_MIN	1
-#define CRYPTO_DES_CBC		1
-#define CRYPTO_3DES_CBC		2
-#define CRYPTO_BLF_CBC		3
-#define CRYPTO_CAST_CBC		4
-#define CRYPTO_SKIPJACK_CBC	5
-#define CRYPTO_MD5_HMAC		6
-#define CRYPTO_SHA1_HMAC	7
-#define CRYPTO_RIPEMD160_HMAC	8
-#define CRYPTO_MD5_KPDK		9
-#define CRYPTO_SHA1_KPDK	10
-#define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
-#define CRYPTO_AES_CBC		11 /* 128 bit blocksize -- the same as above */
-#define CRYPTO_ARC4		12
+#define	CRYPTO_DES_CBC		1
+#define	CRYPTO_3DES_CBC		2
+#define	CRYPTO_BLF_CBC		3
+#define	CRYPTO_CAST_CBC		4
+#define	CRYPTO_SKIPJACK_CBC	5
+#define	CRYPTO_MD5_HMAC		6
+#define	CRYPTO_SHA1_HMAC	7
+#define	CRYPTO_RIPEMD160_HMAC	8
+#define	CRYPTO_MD5_KPDK		9
+#define	CRYPTO_SHA1_KPDK	10
+#define	CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
+#define	CRYPTO_AES_CBC		11 /* 128 bit blocksize -- the same as above */
+#define	CRYPTO_ARC4		12
 #define	CRYPTO_MD5		13
 #define	CRYPTO_SHA1		14
 #define	CRYPTO_NULL_HMAC	15
@@ -122,9 +131,18 @@
 #define	CRYPTO_SHA2_256_HMAC	18
 #define	CRYPTO_SHA2_384_HMAC	19
 #define	CRYPTO_SHA2_512_HMAC	20
-#define CRYPTO_CAMELLIA_CBC	21
+#define	CRYPTO_CAMELLIA_CBC	21
 #define	CRYPTO_AES_XTS		22
-#define	CRYPTO_ALGORITHM_MAX	22 /* Keep updated - see below */
+#define	CRYPTO_AES_ICM		23 /* commonly known as CTR mode */
+#define	CRYPTO_AES_NIST_GMAC	24 /* cipher side */
+#define	CRYPTO_AES_NIST_GCM_16	25 /* 16 byte ICV */
+#define	CRYPTO_AES_128_NIST_GMAC 26 /* auth side */
+#define	CRYPTO_AES_192_NIST_GMAC 27 /* auth side */
+#define	CRYPTO_AES_256_NIST_GMAC 28 /* auth side */
+#define	CRYPTO_ALGORITHM_MAX	28 /* Keep updated - see below */
+
+#define CRYPTO_ALGO_VALID(x)	((x) >= CRYPTO_ALGORITHM_MIN && \
+				 (x) <= CRYPTO_ALGORITHM_MAX)
 
 /* Algorithm flags */
 #define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
@@ -182,6 +200,20 @@ struct crypt_op {
 	caddr_t		iv;
 };
 
+/* op and flags the same as crypt_op */
+struct crypt_aead {
+	u_int32_t	ses;
+	u_int16_t	op;		/* i.e. COP_ENCRYPT */
+	u_int16_t	flags;
+	u_int		len;
+	u_int		aadlen;
+	u_int		ivlen;
+	caddr_t		src, dst;	/* become iov[] inside kernel */
+	caddr_t		aad;		/* additional authenticated data */
+	caddr_t		tag;		/* must fit for chosen TAG length */
+	caddr_t		iv;
+};
+
 /*
  * Parameters for looking up a crypto driver/device by
  * device name or by id.  The latter are returned for
@@ -239,6 +271,7 @@ struct crypt_kop {
 #define	CIOCGSESSION2	_IOWR('c', 106, struct session2_op)
 #define	CIOCKEY2	_IOWR('c', 107, struct crypt_kop)
 #define	CIOCFINDDEV	_IOWR('c', 108, struct crypt_find_op)
+#define	CIOCCRYPTAEAD	_IOWR('c', 109, struct crypt_aead)
 
 struct cryptotstat {
 	struct timespec	acc;		/* total accumulated time */
@@ -269,6 +302,14 @@ struct cryptostats {
 };
 
 #ifdef _KERNEL
+
+#if 0
+#define CRYPTDEB(s)	do { printf("%s:%d: %s\n", __FILE__, __LINE__, s); \
+			} while (0)
+#else
+#define CRYPTDEB(s)	do { } while (0)
+#endif
+
 /* Standard initialization structure beginning */
 struct cryptoini {
 	int		cri_alg;	/* Algorithm to use */
@@ -292,14 +333,15 @@ struct cryptodesc {
 					   place, so don't copy. */
 #define	CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
 #define	CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
+#define	CRD_F_COMP		0x0f    /* Set when doing compression */
 #define	CRD_F_KEY_EXPLICIT	0x10	/* Key explicitly provided */
-#define CRD_F_COMP		0x0f    /* Set when doing compression */
 
 	struct cryptoini	CRD_INI; /* Initialization/context data */
-#define crd_iv		CRD_INI.cri_iv
-#define crd_key		CRD_INI.cri_key
-#define crd_alg		CRD_INI.cri_alg
-#define crd_klen	CRD_INI.cri_klen
+#define	crd_esn		CRD_INI.cri_esn
+#define	crd_iv		CRD_INI.cri_iv
+#define	crd_key		CRD_INI.cri_key
+#define	crd_alg		CRD_INI.cri_alg
+#define	crd_klen	CRD_INI.cri_klen
 
 	struct cryptodesc *crd_next;
 };
@@ -324,9 +366,8 @@ struct cryptop {
 					 */
 	int		crp_flags;
 
-#define CRYPTO_F_IMBUF		0x0001	/* Input/output are mbuf chains */
-#define CRYPTO_F_IOV		0x0002	/* Input/output are uio */
-#define CRYPTO_F_REL		0x0004	/* Must return data in same place */
+#define	CRYPTO_F_IMBUF		0x0001	/* Input/output are mbuf chains */
+#define	CRYPTO_F_IOV		0x0002	/* Input/output are uio */
 #define	CRYPTO_F_BATCH		0x0008	/* Batch op if possible */
 #define	CRYPTO_F_CBIMM		0x0010	/* Do callback immediately */
 #define	CRYPTO_F_DONE		0x0020	/* Operation completed */
@@ -341,12 +382,12 @@ struct cryptop {
 	struct bintime	crp_tstamp;	/* performance time stamp */
 };
 
-#define CRYPTO_BUF_CONTIG	0x0
-#define CRYPTO_BUF_IOV		0x1
-#define CRYPTO_BUF_MBUF		0x2
+#define	CRYPTO_BUF_CONTIG	0x0
+#define	CRYPTO_BUF_IOV		0x1
+#define	CRYPTO_BUF_MBUF		0x2
 
-#define CRYPTO_OP_DECRYPT	0x0
-#define CRYPTO_OP_ENCRYPT	0x1
+#define	CRYPTO_OP_DECRYPT	0x0
+#define	CRYPTO_OP_ENCRYPT	0x1
 
 /*
  * Hints passed to process methods.
@@ -381,9 +422,9 @@ MALLOC_DECLARE(M_CRYPTO_DATA);
 
 extern	int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
 extern	int crypto_freesession(u_int64_t sid);
-#define CRYPTOCAP_F_HARDWARE	CRYPTO_FLAG_HARDWARE
-#define CRYPTOCAP_F_SOFTWARE	CRYPTO_FLAG_SOFTWARE
-#define CRYPTOCAP_F_SYNC	0x04000000	/* operates synchronously */
+#define	CRYPTOCAP_F_HARDWARE	CRYPTO_FLAG_HARDWARE
+#define	CRYPTOCAP_F_SOFTWARE	CRYPTO_FLAG_SOFTWARE
+#define	CRYPTOCAP_F_SYNC	0x04000000	/* operates synchronously */
 extern	int32_t crypto_get_driverid(device_t dev, int flags);
 extern	int crypto_find_driver(const char *);
 extern	device_t crypto_find_device_byhid(int hid);
@@ -418,10 +459,15 @@ extern	int crypto_devallowsoft;	/* only use hardware crypto */
 struct uio;
 extern	void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
 extern	void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
-extern	struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
+extern	int cuio_getptr(struct uio *uio, int loc, int *off);
 extern	int cuio_apply(struct uio *uio, int off, int len,
 	    int (*f)(void *, void *, u_int), void *arg);
 
+struct mbuf;
+struct iovec;
+extern	void crypto_mbuftoiov(struct mbuf *mbuf, struct iovec **iovptr,
+	    int *cnt, int *allocated);
+
 extern	void crypto_copyback(int flags, caddr_t buf, int off, int size,
 	    caddr_t in);
 extern	void crypto_copydata(int flags, caddr_t buf, int off, int size,
author	Luiz Otavio O Souza <luiz@netgate.com>	2015-09-15 15:02:02 -0500
committer	Luiz Otavio O Souza <luiz@netgate.com>	2015-10-20 11:59:21 -0500
commit	3e2955ce87fb70f51cb4d13cfa1956d43edc8e08 (patch)
tree	ca11dc259da2bb28d10458208d846a69cd16410a /sys/opencrypto/cryptodev.h
parent	82ee4ca3e0bb2f1da94a38331871a29f2760aea8 (diff)
download	FreeBSD-src-3e2955ce87fb70f51cb4d13cfa1956d43edc8e08.zip FreeBSD-src-3e2955ce87fb70f51cb4d13cfa1956d43edc8e08.tar.gz