aboutsummaryrefslogtreecommitdiff
path: root/sys/opencrypto
Commit message (Collapse)AuthorAgeFilesLines
* sys: Automated cleanup of cdefs and other formattingWarner Losh2023-11-2714-14/+0
| | | | | | | | | | | | | | | | Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
* sys: Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-161-1/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* sys: Remove $FreeBSD$: one-line .c patternWarner Losh2023-08-1620-40/+0
| | | | Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
* sys: Remove $FreeBSD$: one-line .c comment patternWarner Losh2023-08-167-7/+0
| | | | Remove /^/[*/]\s*\$FreeBSD\$.*\n/
* sys: Remove $FreeBSD$: one-line .h patternWarner Losh2023-08-161-1/+0
| | | | Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/
* sys: Remove $FreeBSD$: two-line .h patternWarner Losh2023-08-165-10/+0
| | | | Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
* opencrypto: Respect alignment constraints in xor_and_encrypt()Mark Johnston2023-07-271-11/+8
| | | | | | | | | | | | Copy operands to an aligned buffer before performing operations which require alignment. Otherwise it's possible for this code to trigger an alignment fault on armv7. Reviewed by: jhb MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D41211
* crypto: Advance the correct pointer in crypto_cursor_copydata()Mark Johnston2023-06-121-1/+1
| | | | | | | | PR: 271766 Reported by: Michael Laß <bevan@bi-co.net> MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40468
* opencrypto: Handle end-of-cursor conditions in crypto_cursor_segment()Mark Johnston2023-06-121-7/+27
| | | | | | | | | | | | | | | | | | | | | | Some consumers, e.g., swcr_encdec(), may call crypto_cursor_segment() after having advanced the cursor to the end of the buffer. In this case I believe the right behaviour is to return NULL and a length of 0. When this occurs with a CRYPTO_BUF_VMPAGE buffer, the cc_vmpage pointer will point past the end of the page pointer array, so crypto_cursor_segment() ends up dereferencing a random pointer before the function returns a length of 0. The uio-backed cursor has a similar problem. Address this by keeping track of the residual buffer length and returning immediately once the length is zero. PR: 271766 Reported by: Andrew "RhodiumToad" Gierth <andrew@tao11.riddles.org.uk> Reviewed by: jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40428
* spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSDWarner Losh2023-05-122-2/+2
| | | | | | | | | The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
* Complete removal of opt_compat.hDmitry Chagin2023-02-131-1/+0
| | | | | | | | | Since Linux emulation layer build options was removed there is no reason to keep opt_compat.h. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D38548 MFC after: 2 weeks
* crypto: move all zeroing into crypto_getreqMateusz Guzik2022-11-221-9/+3
| | | | | | Reviewed by: jhb, markj Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D36774
* ktls_ocf: Reject encrypted TLS records using AEAD that are too small.John Baldwin2022-11-151-9/+28
| | | | | | | | | | | | If a TLS record is too small to contain the required explicit IV, record_type (TLS 1.3), and MAC, reject attempts to decrypt it with EMSGSIZE without submitting it to OCF. OCF drivers may not properly detect that regions in the crypto request are outside the bounds of the mbuf chain. The caller isn't supposed to submit such requests. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37372
* ktls: Add software support for AES-CBC decryption for TLS 1.1+.John Baldwin2022-11-151-3/+130
| | | | | | | | | | This is mainly intended to provide a fallback for TOE TLS which may need to use software decryption for an initial record at the start of a connection. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37370
* [skip ci] Remove obsolete references in crypto_request(9)Alan Somers2022-11-021-2/+2
| | | | | | | | | They were missed by 68f6800ce05c3. Sponsored by: Axcient MFC with: 68f6800ce05c3 Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D37239
* opencrypto: fix null esp cryptKonstantin Belousov2022-10-251-1/+5
| | | | | | | | Fixes: 3e9470482a1357eef90d007b27ec5d9725ae1111 Reviewed by: jhb Sponsored by: Nvidia networking MFC after: 1 week Differential revision: https://reviews.freebsd.org/D37113
* opencrypto: mark INVARIANTS variables as __diagusedEd Maste2022-08-101-3/+3
| | | | | | | | Fixes INVARIANTS build with Clang 15, which previously failed due to set-but-not-used variable warnings. MFC after: 1 week Sponsored by: The FreeBSD Foundation
* ddb: annotate some commands with DB_CMD_MEMSAFEMitchell Horne2022-07-181-1/+1
| | | | | | | | | | This is not completely exhaustive, but covers a large majority of commands in the tree. Reviewed by: markj Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D35583
* crypto: Validate return values from CRYPTODEV_PROCESS()Mark Johnston2022-07-011-3/+10
| | | | | | | | | | | | Errors are always handled by the completion callback, so we should check that they're not also passed back to the caller. No functional change intended. Reviewed by: kp, mav, jhb MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35382
* crypto: Fix the NULL_HMAC finalizerMark Johnston2022-07-011-2/+1
| | | | | | | | | | | The current implementation leaves the digest buffer partially uninitialized. Reported by: syzkaller Reviewed by: jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35547
* crypto: Fix assertions for digest-only sessions with separate output.John Baldwin2022-06-301-0/+5
| | | | | | | | | | | | | | | | Digest-only sessions do not generate modified payload as an output, so don't bother asserting anything about the payload with respect to the output buffer other than the payload output start being zero. In addition, a verify request on a digest-only session doesn't generate any output at all so should never have a separate output buffer. PR: 252316 Reviewed by: markj Co-authored-by: Jeremy Faulkner <gldisater@gmail.com> MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D35578
* crypto: Remove unused devclass arguments to DRIVER_MODULE.John Baldwin2022-05-061-2/+1
|
* KTLS: Add a new recrypt operation to the software backend.John Baldwin2022-04-222-1/+178
| | | | | | | | | | | | | | | | | | | | | | | | When using NIC TLS RX, packets that are dropped and retransmitted are not decrypted by the NIC but are passed along as-is. As a result, a received TLS record might contain a mix of encrypted and decrypted data. If this occurs, the already-decrypted data needs to be re-encrypted so that the resulting record can then be decrypted normally. Add support for this for sessions using AES-GCM with TLS 1.2 or TLS 1.3. For the recrypt operation, allocate a temporary buffer and encrypt the the payload portion of the TLS record with AES-CTR with an initial IV constructed from the AES-GCM nonce. Then fixup the original mbuf chain by copying the results from the temporary buffer back into the original mbufs for any mbufs containing decrypted data. Once it has been recrypted, the mbuf chain can then be decrypted via the normal software decryption path. Co-authored by: Hans Petter Selasky <hselasky@FreeBSD.org> Reviewed by: hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D35012
* KTLS: Construct IV directly in crp.crp_iv for TLS 1.3 AEAD encryption.John Baldwin2022-04-221-5/+2
| | | | | | | | | | Previously this used a temporary nonce[] buffer. The decrypt hook for TLS 1.3 as well as the hooks for TLS 1.2 already constructed the IV directly in crp.crp_iv. Reviewed by: hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D35027
* KTLS: Move OCF function pointers out of ktls_session.John Baldwin2022-04-222-12/+54
| | | | | | | | | | | Instead, create a switch structure private to ktls_ocf.c and store a pointer to the switch in the ocf_session. This will permit adding an additional function pointer needed for NIC TLS RX without further bloating ktls_session. Reviewed by: hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D35011
* KTLS: Free the MAC session when destroying AES-CBC software sessions.John Baldwin2022-04-211-0/+1
| | | | | | | Reviewed by: hselasky MFC after: 1 week Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D35013
* crypto: hide crypto_destroyreq behind a tunableMateusz Guzik2022-02-161-0/+10
| | | | | | Reviewed by: jhb, markj Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32084
* opencrypto: Add a routine to copy a crypto buffer cursorMark Johnston2022-02-161-0/+7
| | | | | | | | | | This was useful in converting armv8crypto to use buffer cursors. There are some cases where one wants to make two passes over data, and this provides a way to "reset" a cursor. Reviewed by: jhb MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D28949
* opencrypto/xform_*.h: Trim scope of included headers.John Baldwin2022-01-253-6/+4
| | | | | | Reviewed by: markj, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34022
* opencrypto/cryptodev.h: Add includes to make more self-contained.John Baldwin2022-01-251-0/+4
| | | | | | Reviewed by: markj, emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34021
* crypto: Remove xform.c and compile xform_*.c standalone.John Baldwin2022-01-241-87/+0
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33995
* xform_*.c: Add headers when needed to compile standalone.John Baldwin2022-01-247-0/+7
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33994
* Retire now-unused M_XDATA.John Baldwin2022-01-242-6/+0
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33993
* cryptodev: Use a private malloc type (M_CRYPTODEV) instead of M_XDATA.John Baldwin2022-01-241-19/+23
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33991
* cryptosoft: Avoid referencing end-of-buffer cursorsMark Johnston2022-01-181-50/+43
| | | | | | | | | | | | | | Once a crypto cursor has reached the end of its buffer, it is invalid to call crypto_cursor_segment() for at least some crypto buffer types. Reorganize loops to avoid this. Fixes: cfb7b942bed7 ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.") Fixes: a221a8f4a0de ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.") Fixes: f8580fcaa1e1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.") Fixes: 5022c68732e6 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.") Reported and tested by: madpilot Discussed with: jhb Sponsored by: The FreeBSD Foundation
* stand: Fix KASSERT useWarner Losh2022-01-111-2/+1
| | | | | | | | Explicitly include sys/systm.h to pull in KASSERT. Sponsored by: Netflix Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D33855
* cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.John Baldwin2022-01-111-40/+92
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33758
* cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.John Baldwin2022-01-111-25/+79
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33757
* cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.John Baldwin2022-01-111-39/+91
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33756
* swcr_encdec: Rename blks to blksz.John Baldwin2022-01-111-12/+12
| | | | | | | | | | This better reflects the variables purpose and matches other functions in this file. Requested by: markj Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33755
* cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.John Baldwin2022-01-111-16/+23
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33531
* crypto: Re-add encrypt/decrypt_multi hooks to enc_xform.John Baldwin2022-01-117-41/+222
| | | | | | | | | | | | | These callbacks allow multiple contiguous blocks to be manipulated in a single call. Note that any trailing partial block for a stream cipher must still be passed to encrypt/decrypt_last. While here, document the setkey and reinit hooks and reorder the hooks in 'struct enc_xform' to better reflect the life cycle. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33529
* crypto: Add support for the XChaCha20-Poly1305 AEAD cipher.John Baldwin2022-01-115-1/+82
| | | | | | | | | | | | | This cipher is a wrapper around the ChaCha20-Poly1305 AEAD cipher which accepts a larger nonce. Part of the nonce is used along with the key as an input to HChaCha20 to generate a derived key used for ChaCha20-Poly1305. This cipher is used by WireGuard. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33523
* OCF: Add crypto_clonereq().John Baldwin2022-01-042-0/+25
| | | | | | | | | | | This function clones an existing crypto request, but associates the new request with a specified session. The intended use case is for drivers to be able to fall back to software by cloning a request and dispatch it to an internally allocated software session. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D33607
* /dev/crypto: Store blocksize in cse rather than txform pointer.John Baldwin2021-12-301-9/+20
| | | | | | Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D33614
* /dev/crypto: Minimize cipher-specific logic.John Baldwin2021-12-301-177/+33
| | | | | | | | | | | Rather than duplicating the switches in crypto_auth_hash() and crypto_cipher(), copy the algorithm constants from the new session ioctl into a csp directly which permits using the functions in crypto.c. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D33613
* OCF: Hook up plain RIPEMD160 in cryptosoft and /dev/crypto.John Baldwin2021-12-305-0/+19
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33612
* cryptodev.h: Drop 'extern' from function prototypes.John Baldwin2021-12-211-19/+18
| | | | Sponsored by: Chelsio Communications
* crypto: Encrypt the XORed input block for Camellia-CBC.John Baldwin2021-12-181-1/+1
| | | | | | | | | | | This fixes a regression in the previous change to move CBC chaining into enc_xform_camellia which passed the raw input into the encrypt function (thus not actually doing the chaining). This still works when using the same buffer for input and output which is why my initial testing with cryptocheck didn't catch it. Fixes: f84d708b484b crypto: Move CBC handling into enc_xform_camellia. Sponsored by: The FreeBSD Foundation
* cryptosoft: Use POLY1305_BLOCK_LEN instead of a magic number.John Baldwin2021-12-171-6/+8
| | | | | | Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33528
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 17:34:08 +0000