static int
g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize)
{
struct cryptoini cri;
struct cryptop *crp;
struct cryptodesc *crd;
uint64_t sid;
u_char *p;
int error;
KASSERT(algo != CRYPTO_AES_XTS,
("%s: CRYPTO_AES_XTS unexpected here", __func__));
bzero(&cri, sizeof(cri));
cri.cri_alg = algo;
cri.cri_key = __DECONST(void *, key);
cri.cri_klen = keysize;
error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE);
if (error != 0)
return (error);
p = malloc(sizeof(*crp) + sizeof(*crd), M_ELI, M_NOWAIT | M_ZERO);
if (p == NULL) {
crypto_freesession(sid);
return (ENOMEM);
}
crp = (struct cryptop *)p; p += sizeof(*crp);
crd = (struct cryptodesc *)p; p += sizeof(*crd);
crd->crd_skip = 0;
crd->crd_len = datasize;
crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
if (enc)
crd->crd_flags |= CRD_F_ENCRYPT;
crd->crd_alg = algo;
crd->crd_key = __DECONST(void *, key);
crd->crd_klen = keysize;
bzero(crd->crd_iv, sizeof(crd->crd_iv));
crd->crd_next = NULL;
crp->crp_sid = sid;
crp->crp_ilen = datasize;
crp->crp_olen = datasize;
crp->crp_opaque = NULL;
crp->crp_callback = g_eli_crypto_done;
crp->crp_buf = (void *)data;
crp->crp_flags = CRYPTO_F_CBIFSYNC;
crp->crp_desc = crd;
error = crypto_dispatch(crp);
if (error == 0) {
while (crp->crp_opaque == NULL)
tsleep(crp, PRIBIO, "geli", hz / 5);
error = crp->crp_etype;
}
free(crp, M_ELI);
crypto_freesession(sid);
return (error);
}
static void
aes_destroy(struct krb5_key_state *ks)
{
struct aes_state *as = ks->ks_priv;
if (as->as_session_aes != 0)
crypto_freesession(as->as_session_aes);
if (as->as_session_sha1 != 0)
crypto_freesession(as->as_session_sha1);
mtx_destroy(&as->as_lock);
free(ks->ks_priv, M_GSSAPI);
}
static void
aes_set_key(struct krb5_key_state *ks, const void *in)
{
void *kp = ks->ks_key;
struct aes_state *as = ks->ks_priv;
struct cryptoini cri[2];
if (kp != in)
bcopy(in, kp, ks->ks_class->ec_keylen);
if (as->as_session)
crypto_freesession(as->as_session);
bzero(cri, sizeof(cri));
/*
* We only want the first 96 bits of the HMAC.
*/
cri[0].cri_alg = CRYPTO_SHA1_HMAC;
cri[0].cri_klen = ks->ks_class->ec_keybits;
cri[0].cri_mlen = 12;
cri[0].cri_key = ks->ks_key;
cri[0].cri_next = &cri[1];
cri[1].cri_alg = CRYPTO_AES_CBC;
cri[1].cri_klen = ks->ks_class->ec_keybits;
cri[1].cri_mlen = 0;
cri[1].cri_key = ks->ks_key;
cri[1].cri_next = NULL;
crypto_newsession(&as->as_session, cri,
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
}
static void
des3_set_key(struct krb5_key_state *ks, const void *in)
{
void *kp = ks->ks_key;
struct des3_state *ds = ks->ks_priv;
struct cryptoini cri[2];
if (kp != in)
bcopy(in, kp, ks->ks_class->ec_keylen);
if (ds->ds_session)
crypto_freesession(ds->ds_session);
bzero(cri, sizeof(cri));
cri[0].cri_alg = CRYPTO_SHA1_HMAC;
cri[0].cri_klen = 192;
cri[0].cri_mlen = 0;
cri[0].cri_key = ks->ks_key;
cri[0].cri_next = &cri[1];
cri[1].cri_alg = CRYPTO_3DES_CBC;
cri[1].cri_klen = 192;
cri[1].cri_mlen = 0;
cri[1].cri_key = ks->ks_key;
cri[1].cri_next = NULL;
crypto_newsession(&ds->ds_session, cri,
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
}
static void
des3_destroy(struct krb5_key_state *ks)
{
struct des3_state *ds = ks->ks_priv;
if (ds->ds_session)
crypto_freesession(ds->ds_session);
mtx_destroy(&ds->ds_lock);
free(ks->ks_priv, M_GSSAPI);
}
int ipsec_ocf_sa_free(struct ipsec_sa *ipsp)
{
KLIPS_PRINT(debug_pfkey, "klips_debug:ipsec_ocf_sa_free()\n");
if (!ipsp->ocf_in_use)
printk("KLIPS: ipsec_ocf_sa_free received SA that is not initted?\n");
crypto_freesession(ipsp->ocf_cryptoid);
ipsp->ocf_cryptoid = -1;
ipsp->ocf_in_use = 0;
return 1;
}
/*
* Paranoia.
*
* NB: public for use by esp_zeroize (XXX).
*/
int
ah_zeroize(struct secasvar *sav)
{
int err;
if (sav->key_auth)
bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
err = crypto_freesession(sav->tdb_cryptoid);
sav->tdb_cryptoid = 0;
sav->tdb_authalgxform = NULL;
sav->tdb_xform = NULL;
return err;
}
/*
* Paranoia.
*/
int
ah_zeroize(struct tdb *tdbp)
{
int err;
if (tdbp->tdb_amxkey) {
explicit_bzero(tdbp->tdb_amxkey, tdbp->tdb_amxkeylen);
free(tdbp->tdb_amxkey, M_XDATA);
tdbp->tdb_amxkey = NULL;
}
err = crypto_freesession(tdbp->tdb_cryptoid);
tdbp->tdb_cryptoid = 0;
return err;
}
static int
g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize)
{
struct cryptoini cri;
struct cryptop *crp;
struct cryptodesc *crd;
struct uio *uio;
struct iovec *iov;
uint64_t sid;
u_char *p;
int error;
bzero(&cri, sizeof(cri));
cri.cri_alg = algo;
cri.cri_key = __DECONST(void *, key);
cri.cri_klen = keysize;
error = crypto_newsession(&sid, &cri, CRYPTOCAP_F_SOFTWARE);
if (error != 0)
return (error);
p = malloc(sizeof(*crp) + sizeof(*crd) + sizeof(*uio) + sizeof(*iov),
M_ELI, M_NOWAIT | M_ZERO);
if (p == NULL) {
crypto_freesession(sid);
return (ENOMEM);
}
crp = (struct cryptop *)p;
p += sizeof(*crp);
crd = (struct cryptodesc *)p;
p += sizeof(*crd);
uio = (struct uio *)p;
p += sizeof(*uio);
iov = (struct iovec *)p;
p += sizeof(*iov);
iov->iov_len = datasize;
iov->iov_base = data;
uio->uio_iov = iov;
uio->uio_iovcnt = 1;
uio->uio_segflg = UIO_SYSSPACE;
uio->uio_resid = datasize;
crd->crd_skip = 0;
crd->crd_len = datasize;
crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
if (enc)
crd->crd_flags |= CRD_F_ENCRYPT;
crd->crd_alg = algo;
crd->crd_key = __DECONST(void *, key);
crd->crd_klen = keysize;
bzero(crd->crd_iv, sizeof(crd->crd_iv));
crd->crd_next = NULL;
crp->crp_sid = sid;
crp->crp_ilen = datasize;
crp->crp_olen = datasize;
crp->crp_opaque = NULL;
crp->crp_callback = g_eli_crypto_done;
crp->crp_buf = (void *)uio;
crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIFSYNC | CRYPTO_F_REL;
crp->crp_desc = crd;
error = crypto_dispatch(crp);
if (error == 0) {
while (crp->crp_opaque == NULL)
tsleep(crp, PRIBIO, "geli", hz / 5);
error = crp->crp_etype;
}
free(crp, M_ELI);
crypto_freesession(sid);
return (error);
}
int
ocfbench_init(void)
{
int i,j, jstart, jstop;
printk("Crypto Speed tests\n");
requests = kmalloc(sizeof(request_t) * request_q_len, GFP_KERNEL);
if (!requests) {
printk("malloc failed\n");
return -EINVAL;
}
if(request_size %8 != 0) {
printk("request_size must be a multiple of 8!!! \n");
}
for (i = 0; i < request_q_len; i++) {
/* +64 for return data */
requests[i].buffer = kmalloc(request_size + 128, GFP_DMA);
if (!requests[i].buffer) {
printk("malloc failed\n");
return -EINVAL;
}
#ifdef DECC
requests[i].encrypt = 1;
requests[i].index = i;
#endif
for(j=0; j < request_size + 128; j++)
*(char *)(((char *)requests[i].buffer) + j ) = 0x2;
}
#ifdef DECC
requests2 = kmalloc(sizeof(request_t) * request_q_len, GFP_KERNEL);
if (!requests) {
printk("malloc failed\n");
return -EINVAL;
}
for (i = 0; i < request_q_len; i++) {
/* +64 for return data */
requests2[i].buffer = kmalloc(request_size + 128, GFP_DMA);
if (!requests2[i].buffer) {
printk("malloc failed\n");
return -EINVAL;
}
memcpy(requests2[i].buffer, requests[i].buffer, request_size);
}
#endif
/*
* OCF benchmark
*/
printk("OCF: testing ...\n");
ocf_init();
total = outstanding = 0;
jstart = jiffies;
for (i = 0; i < request_q_len; i++) {
outstanding++;
ocf_request(&requests[i]);
}
while (outstanding > 0) {
#if 0
if(jiffies - jstart > 500){
return -EINVAL;
}
#endif
schedule();
}
jstop = jiffies;
printk("OCF: %d requests of %d bytes in %d jiffies\n", total, request_size,
jstop - jstart);
#ifdef DECC
for (i = 0; i < request_q_len; i++) {
if(memcmp(requests2[i].buffer, requests[i].buffer, request_size) != 0){
printk("buf %d is differnt \n",i);
printk("ORIGINAL: \n");
hexdump(requests2[i].buffer, request_size);
printk("AFTER \n");
hexdump(requests[i].buffer, request_size);
break;
}
}
#ifdef BOTH
for (i = 0; i < request_q_len; i++) {
if(memcmp(requests[i].buffer + request_size + 32, requests[i].buffer + request_size + 64, 16) != 0){
printk("buf %d is differnt \n",i);
printk("ORIGINAL: \n");
hexdump(requests[i].buffer + request_size + 32, 16);
printk("AFTER \n");
hexdump(requests[i].buffer + request_size + 64, 16);
break;
}
}
#endif
#endif
for (i = 0; i < request_q_len; i++)
kfree(requests[i].buffer);
kfree(requests);
#ifdef DECC
for (i = 0; i < request_q_len; i++)
kfree(requests2[i].buffer);
kfree(requests2);
#endif
crypto_freesession(ocf_cryptoid);
return -EINVAL; /* always fail to load so it can be re-run quickly ;-) */
}
static void
ocf_done(void)
{
crypto_freesession(ocf_cryptoid);
}
/*
* ESP input callback from the crypto driver.
*/
static int
esp_input_cb(struct cryptop *crp)
{
IPSEC_DEBUG_DECLARE(char buf[128]);
u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN];
const struct auth_hash *esph;
const struct enc_xform *espx;
struct mbuf *m;
struct cryptodesc *crd;
struct xform_data *xd;
struct secasvar *sav;
struct secasindex *saidx;
caddr_t ptr;
uint64_t cryptoid;
int hlen, skip, protoff, error, alen;
crd = crp->crp_desc;
IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!"));
m = (struct mbuf *) crp->crp_buf;
xd = (struct xform_data *) crp->crp_opaque;
sav = xd->sav;
skip = xd->skip;
protoff = xd->protoff;
cryptoid = xd->cryptoid;
saidx = &sav->sah->saidx;
esph = sav->tdb_authalgxform;
espx = sav->tdb_encalgxform;
/* Check for crypto errors */
if (crp->crp_etype) {
if (crp->crp_etype == EAGAIN) {
/* Reset the session ID */
if (ipsec_updateid(sav, &crp->crp_sid, &cryptoid) != 0)
crypto_freesession(cryptoid);
xd->cryptoid = crp->crp_sid;
return (crypto_dispatch(crp));
}
ESPSTAT_INC(esps_noxform);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
/* Shouldn't happen... */
if (m == NULL) {
ESPSTAT_INC(esps_crypto);
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
ESPSTAT_INC(esps_hist[sav->alg_enc]);
/* If authentication was performed, check now. */
if (esph != NULL) {
alen = xform_ah_authsize(esph);
AHSTAT_INC(ahs_hist[sav->alg_auth]);
/* Copy the authenticator from the packet */
m_copydata(m, m->m_pkthdr.len - alen, alen, aalg);
ptr = (caddr_t) (xd + 1);
/* Verify authenticator */
if (timingsafe_bcmp(ptr, aalg, alen) != 0) {
DPRINTF(("%s: authentication hash mismatch for "
"packet in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
ESPSTAT_INC(esps_badauth);
error = EACCES;
goto bad;
}
m->m_flags |= M_AUTHIPDGM;
/* Remove trailing authenticator */
m_adj(m, -alen);
}
/* Release the crypto descriptors */
free(xd, M_XDATA), xd = NULL;
crypto_freereq(crp), crp = NULL;
/*
* Packet is now decrypted.
*/
m->m_flags |= M_DECRYPTED;
/*
* Update replay sequence number, if appropriate.
*/
if (sav->replay) {
u_int32_t seq;
m_copydata(m, skip + offsetof(struct newesp, esp_seq),
sizeof (seq), (caddr_t) &seq);
SECASVAR_LOCK(sav);
if (ipsec_updatereplay(ntohl(seq), sav)) {
SECASVAR_UNLOCK(sav);
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_sa2str(sav, buf, sizeof(buf))));
ESPSTAT_INC(esps_replay);
error = EACCES;
goto bad;
}
SECASVAR_UNLOCK(sav);
}
