#
71625ec9 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c comment pattern Remove /^/[*/]\s*\$FreeBSD\$.*\n/
|
#
46f69eba |
|
25-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
opencrypto/xform_*.h: Trim scope of included headers. Reviewed by: markj, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34022
|
#
c3a688ef |
|
29-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
OCF: Hook up plain RIPEMD160 in cryptosoft and /dev/crypto. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33612
|
#
ab91fb6c |
|
09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Refactor software support for AEAD ciphers. Extend struct enc_xform to add new members to handle auth operations for AEAD ciphers. In particular, AEAD operations in cryptosoft no longer use a struct auth_hash. Instead, the setkey and reinit methods of struct enc_xform are responsible for initializing both the cipher and auth state. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33196
|
#
d8787d4f |
|
26-Jul-2021 |
Mark Johnston <markj@FreeBSD.org> |
crypto: Constify all transform descriptors No functional change intended. Reviewed by: ae, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31196
|
#
dd2e1352 |
|
18-Feb-2021 |
John Baldwin <jhb@FreeBSD.org> |
Add an implementation of CHACHA20_POLY1305 to cryptosoft. This uses the chacha20 IETF and poly1305 implementations from libsodium. A seperate auth_hash is created for the auth side whose Setkey method derives the poly1305 key from the AEAD key and nonce as described in RFC 8439. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D27837
|
#
d3d79e96 |
|
03-Nov-2020 |
John Baldwin <jhb@FreeBSD.org> |
Consistently use C99 fixed-width types in the in-kernel crypto code. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D27061
|
#
9b6b2f86 |
|
10-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Adjust crypto_apply function callbacks for OCF. - crypto_apply() is only used for reading a buffer to compute a digest, so change the data pointer to a const pointer. - To better match m_apply(), change the data pointer type to void * and the length from uint16_t to u_int. The length field in particular matters as none of the apply logic was splitting requests larger than UINT16_MAX. - Adjust the auth_xform Update callback to match the function prototype passed to crypto_apply() and crypto_apply_buf(). This removes the needs for casts when using the Update callback. - Change the Reinit and Setkey callbacks to also use a u_int length instead of uint16_t. - Update auth transforms for the changes. While here, use C99 initializers for auth_hash structures and avoid casts on callbacks. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25171
|
#
3e947048 |
|
20-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Various cleanups to the software encryption transform interface. - Consistently use 'void *' for key schedules / key contexts instead of a mix of 'caddr_t', 'uint8_t *', and 'void *'. - Add a ctxsize member to enc_xform similar to what auth transforms use and require callers to malloc/zfree the context. The setkey callback now supplies the caller-allocated context pointer and the zerokey callback is removed. Callers now always use zfree() to ensure key contexts are zeroed. - Consistently use C99 initializers for all statically-initialized instances of 'struct enc_xform'. - Change the encrypt and decrypt functions to accept separate in and out buffer pointers. Almost all of the backend crypto functions already supported separate input and output buffers and this makes it simpler to support separate buffers in OCF. - Remove xform_userland.h shim to permit transforms to be compiled in userland. Transforms no longer call malloc/free directly. Reviewed by: cem (earlier version) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D24855
|
#
63823cac |
|
11-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Remove MD5 HMAC from OCF. There are no in-kernel consumers. Reviewed by: cem Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24775
|
#
3a0b6a93 |
|
11-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Remove support for keyed MD5 and SHA1 authentication hashes. They no longer have any in-tree consumers. Note that these are a different from MD5-HMAC and SHA1-HMAC and were only used with IPsec. Reviewed by: cem Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24770
|
#
507281e5 |
|
14-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
Add AES-CCM encryption, and plumb into OCF. This commit essentially has three parts: * Add the AES-CCM encryption hooks. This is in and of itself fairly small, as there is only a small difference between CCM and the other ICM-based algorithms. * Hook the code into the OpenCrypto framework. This is the bulk of the changes, as the algorithm type has to be checked for, and the differences between it and GCM dealt with. * Update the cryptocheck tool to be aware of it. This is invaluable for confirming that the code works. This is a software-only implementation, meaning that the performance is very low. Sponsored by: iXsystems Inc. Differential Revision: https://reviews.freebsd.org/D19090
|
#
174a5014 |
|
23-Oct-2018 |
John Baldwin <jhb@FreeBSD.org> |
Add sha224 to the authctx union. MFC after: 2 months Sponsored by: Chelsio Communications
|
#
01d5de8f |
|
16-Aug-2018 |
Conrad Meyer <cem@FreeBSD.org> |
Add xform-conforming auth_hash wrapper for Poly-1305 The wrapper is a thin shim around libsodium's Poly-1305 implementation. For now, we just use the C algorithm and do not attempt to build the SSE-optimized variant for x86 processors. The algorithm support has not yet been plumbed through cryptodev, or added to cryptosoft.
|
#
c4729f6e |
|
09-Jul-2018 |
Conrad Meyer <cem@FreeBSD.org> |
OCF: Add plain hash modes In part, to support OpenSSL's use of cryptodev, which puts the HMAC pieces in software and only offloads the raw hash primitive. The following cryptodev identifiers are added: * CRYPTO_RIPEMD160 (not hooked up) * CRYPTO_SHA2_224 * CRYPTO_SHA2_256 * CRYPTO_SHA2_384 * CRYPTO_SHA2_512 The plain SHA1 and 2 hashes are plumbed through cryptodev (feels like there is a lot of redundancy here...) and cryptosoft. This adds new auth_hash implementations for the plain hashes, as well as SHA1 (which had a cryptodev.h identifier, but no implementation). Add plain SHA 1 and 2 hash tests to the cryptocheck tool. Motivation stems from John Baldwin's earlier OCF email, https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html .
|
#
c97f39ce |
|
09-Jul-2018 |
Conrad Meyer <cem@FreeBSD.org> |
OCF: Add CRYPTO_SHA2_224_HMAC mode Round out the complete set of basic SHA2 HMAC modes with SHA2-224. Support is added to the cryptocheck test tool.
|
#
0e33efe4 |
|
21-Mar-2018 |
Conrad Meyer <cem@FreeBSD.org> |
Import Blake2 algorithms (blake2b, blake2s) from libb2 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662
|
#
2155bb23 |
|
30-Dec-2015 |
Allan Jude <allanjude@FreeBSD.org> |
Break up opencrypto/xform.c so it can be reused piecemeal Keep xform.c as a meta-file including the broken out bits existing code that includes xform.c continues to work as normal Individual algorithms can now be reused elsewhere, including outside of the kernel Reviewed by: bapt (previous version), gnn, delphij Approved by: secteam MFC after: 1 week Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D4674
|