summaryrefslogtreecommitdiffstats
path: root/sys/crypto/via
Commit message (Collapse)AuthorAgeFilesLines
* Add some new modes to OpenCrypto. These modes are AES-ICM (can be usedjmg2014-12-121-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for counter mode), and AES-GCM. Both of these modes have been added to the aesni module. Included is a set of tests to validate that the software and aesni module calculate the correct values. These use the NIST KAT test vectors. To run the test, you will need to install a soon to be committed port, nist-kat that will install the vectors. Using a port is necessary as the test vectors are around 25MB. All the man pages were updated. I have added a new man page, crypto.7, which includes a description of how to use each mode. All the new modes and some other AES modes are present. It would be good for someone else to go through and document the other modes. A new ioctl was added to support AEAD modes which AES-GCM is one of them. Without this ioctl, it is not possible to test AEAD modes from userland. Add a timing safe bcmp for use to compare MACs. Previously we were using bcmp which could leak timing info and result in the ability to forge messages. Add a minor optimization to the aesni module so that single segment mbufs don't get copied and instead are updated in place. The aesni module needs to be updated to support blocked IO so segmented mbufs don't have to be copied. We require that the IV be specified for all calls for both GCM and ICM. This is to ensure proper use of these functions. Obtained from: p4: //depot/projects/opencrypto Relnotes: yes Sponsored by: FreeBSD Foundation Sponsored by: NetGate
* Add FPU_KERN_KTHR flag to fpu_kern_enter(9), which avoids saving FPUkib2014-06-233-33/+12
| | | | | | | | | | | | context into memory for the kernel threads which called fpu_kern_thread(9). This allows the fpu_kern_enter() callers to not check for is_fpu_kern_thread() to get the optimization. Apply the flag to padlock(4) and aesni(4). In aesni_cipher_process(), do not leak FPU context state on error. Sponsored by: The FreeBSD Foundation MFC after: 1 week
* Add support for the extended FPU states on amd64, both for nativekib2012-01-214-7/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 64bit and 32bit ABIs. As a side-effect, it enables AVX on capable CPUs. In particular: - Query the CPU support for XSAVE, list of the supported extensions and the required size of FPU save area. The hw.use_xsave tunable is provided for disabling XSAVE, and hw.xsave_mask may be used to select the enabled extensions. - Remove the FPU save area from PCB and dynamically allocate the (run-time sized) user save area on the top of the kernel stack, right above the PCB. Reorganize the thread0 PCB initialization to postpone it after BSP is queried for save area size. - The dumppcb, stoppcbs and susppcbs now do not carry the FPU state as well. FPU state is only useful for suspend, where it is saved in dynamically allocated suspfpusave area. - Use XSAVE and XRSTOR to save/restore FPU state, if supported and enabled. - Define new mcontext_t flag _MC_HASFPXSTATE, indicating that mcontext_t has a valid pointer to out-of-struct extended FPU state. Signal handlers are supplied with stack-allocated fpu state. The sigreturn(2) and setcontext(2) syscall honour the flag, allowing the signal handlers to inspect and manipilate extended state in the interrupted context. - The getcontext(2) never returns extended state, since there is no place in the fixed-sized mcontext_t to place variable-sized save area. And, since mcontext_t is embedded into ucontext_t, makes it impossible to fix in a reasonable way. Instead of extending getcontext(2) syscall, provide a sysarch(2) facility to query extended FPU state. - Add ptrace(2) support for getting and setting extended state; while there, implement missed PT_I386_{GET,SET}XMMREGS for 32bit binaries. - Change fpu_kern KPI to not expose struct fpu_kern_ctx layout to consumers, making it opaque. Internally, struct fpu_kern_ctx now contains a space for the extended state. Convert in-kernel consumers of fpu_kern KPI both on i386 and amd64. First version of the support for AVX was submitted by Tim Bird <tim.bird am sony com> on behalf of Sony. This version was written from scratch. Tested by: pho (previous version), Yamagi Burmeister <lists yamagi org> MFC after: 1 month
* MFaesni r215427:kib2010-11-263-9/+31
| | | | | | | | Only save FPU context when not executing in the context of the crypto thread. Tested by: Mike Tancsa MFC after: 1 week
* Use the fpu_kern_enter() interface to properly separate usermode FPUkib2010-06-054-3/+34
| | | | | | | | | | | | | | context from in-kernel execution of padlock instructions and to handle spurious FPUDNA exceptions that sometime are raised when doing padlock calculations. Globally mark crypto(9) kthread as using FPU. Reviewed by: pjd Hardware provided by: Sentex Communications Tested by: pho PR: amd64/135014 MFC after: 1 month
* Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(),vanhu2009-05-271-1/+3
| | | | | | | | as we already hold the non sleepable crypto_driver_mutex. Approved by: gnn(mentor) Obtained from: NETASQ MFC after: 2 weeks
* identify routine takes driver_t *, not device_t *.imp2009-02-051-1/+1
|
* Connect padlock(4) to amd64 build for VIA Nano processors.jkim2009-01-122-3/+3
|
* Fix a potential NULL-pointer dereference in padlock(4).philip2008-11-171-1/+5
| | | | | Spotted by: Coverity (via pjd) MFC after: 1 week
* Simplify session selection/allocation.pjd2008-08-091-10/+5
|
* - Fix freeing session on newsession failure.pjd2008-08-091-9/+24
| | | | - Update copyright years.
* Implify sessions freeing loop.pjd2008-08-091-2/+1
|
* We don't have to drop a lock around malloc(M_NOWAIT).pjd2008-08-091-4/+4
|
* When freeing session, restore its ID after zeroing memory.pjd2008-08-091-0/+1
| | | | Bug tracked down by: Patrick Lamaiziere <patfbsd@davenulle.org>
* Sessions in-use are at the end of the queue, so use TAILQ_FOREACH_REVERSE()pjd2008-08-091-3/+5
| | | | | | when looking for them. Idea from: Patrick Lamaiziere <patfbsd@davenulle.org>
* Convert lock that protects sessions list from a mutex to a rwlock.pjd2008-07-201-16/+16
| | | | Now we can use read lock in fast path (padlock_process()).
* Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSECgnn2007-07-031-1/+1
| | | | | | | | option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC. Approved by: re Sponsored by: Secure Computing
* Overhaul driver/subsystem api's:sam2007-03-211-74/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o make all crypto drivers have a device_t; pseudo drivers like the s/w crypto driver synthesize one o change the api between the crypto subsystem and drivers to use kobj; cryptodev_if.m defines this api o use the fact that all crypto drivers now have a device_t to add support for specifying which of several potential devices to use when doing crypto operations o add new ioctls that allow user apps to select a specific crypto device to use (previous ioctls maintained for compatibility) o overhaul crypto subsystem code to eliminate lots of cruft and hide implementation details from drivers o bring in numerous fixes from Michale Richardson/hifn; mostly for 795x parts o add an optional mechanism for mmap'ing the hifn 795x public key h/w to user space for use by openssl (not enabled by default) o update crypto test tools to use new ioctl's and add cmd line options to specify a device to use for tests These changes will also enable much future work on improving the core crypto subsystem; including proper load balancing and interposing code between the core and drivers to dispatch small operations to the s/w driver as appropriate. These changes were instigated by the work of Michael Richardson. Reviewed by: pjd Approved by: re
* Less magic.pjd2006-09-151-2/+3
| | | | MFC after: 3 days
* Remove trailing spaces.pjd2006-07-281-1/+1
|
* Use existing roundup2() macro.pjd2006-07-281-1/+1
| | | | Suggested by: njl
* Remove redundant check committed by accident.pjd2006-07-251-2/+0
|
* Avoid memory allocations when the given address is already 16 bytes aligned.pjd2006-07-251-6/+51
| | | | | | | | | | | | | | Such an address can be used directly in padlock's AES. This improves speed of geli(8) significantly: # sysctl kern.geom.zero.clear=0 # geli onetime -s 4096 gzero # dd if=/dev/gzero.eli of=/dev/null bs=1m count=1000 Before: 113MB/s After: 203MB/s BTW. If sector size is set to 128kB, I can read at 276MB/s :)
* Modify PADLOCK_ALIGN() macro, so when the given address is already 16 bytespjd2006-07-251-1/+1
| | | | aligned, it will be used directly, not 'address + 16'.
* Style fixes.pjd2006-07-254-10/+10
|
* Implement support for HMAC/SHA1 and HMAC/SHA256 acceleration found inpjd2006-07-224-335/+766
| | | | | | | | | | | new VIA CPUs. For older CPUs HMAC/SHA1 and HMAC/SHA256 (and others) will still be done in software. Move symmetric cryptography (currently only AES-CBC 128/192/256) to padlock_cipher.c file. Move HMAC cryptography to padlock_hash.c file. Hardware from: Centaur Technologies
* Correct few bzero()s.pjd2006-07-221-3/+3
| | | | MFC after: 3 days
* Set ses_ictx and ses_octx to NULL after freeing them, so we won't freepjd2006-07-221-0/+2
| | | | | | | | | them twice. This is possible for example in situation when session is used in authentication context, then freed and then used in encryption context and freed - in encryption context ses_ictx and ses_octx are not touched at newsession time, but padlock_freesession could still try to free them when they are not NULL.
* Use the already stored VIA RNG probe informationmr2006-07-131-16/+5
| | | | | | | | instead of probing again. Adjust style(9) somewhat in probe.c Reviewed by: pjd MFC after: 1 week
* Fix gratuitous compiler warning.pjd2006-06-081-1/+2
| | | | Reported by: Rong-en Fan <grafan@gmail.com>
* - Pretend to accelerate various HMAC algorithms, so padlock(4) can be usedpjd2006-06-051-91/+266
| | | | | | | | with fast_ipsec(4) and geli(8) authentication (comming soon). If consumer requests only for HMAC algorithm (without encryption), return EINVAL. - Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and authentication.
* padlock(4) doesn't support explicitly provided keys yet.pjd2006-04-201-0/+4
| | | | Return an error instead of encrypting/decrypting data with a wrong key.
* On padlock initialization, allocate memory with M_WAITOK.pjd2006-04-121-5/+1
|
* Add VIA/ACE "PadLock" support as a crypto(9) driver.pjd2005-08-181-0/+504
HW donated by: Mike Tancsa <mike@sentex.net> Most of the code obtained from: OpenBSD MFC after: 3 days
OpenPOWER on IntegriCloud