diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2008-09-19 10:44:12 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2008-09-19 10:44:12 +0000 |
| commit | 50fd91d29c98be39101df26bdc20cf29a7a93da8 (patch) | |
| tree | f70bbb13321517130135fa96c1f0833252a78e65 /sys/arch | |
| parent | 40613fd0d0c295f5f6801b0a1618a27cb91daf1a (diff) | |
AES with keysize != 128 bit is not supported in hardware, so we need
to switch to the software implementation; ok hshoexer, tom
Diffstat (limited to 'sys/arch')
| -rw-r--r-- | sys/arch/i386/pci/glxsb.c | 59 |
1 files changed, 50 insertions, 9 deletions
diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index 93cc40e0582..63a981c5681 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glxsb.c,v 1.14 2008/06/09 07:07:15 djm Exp $ */ +/* $OpenBSD: glxsb.c,v 1.15 2008/09/19 10:44:11 markus Exp $ */ /* * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> @@ -153,7 +153,8 @@ struct glxsb_session { uint8_t ses_iv[SB_AES_BLOCK_SIZE]; int ses_klen; int ses_used; - struct swcr_data *ses_swd; + struct swcr_data *ses_swd_auth; + struct swcr_data *ses_swd_enc; }; #endif /* CRYPTO */ @@ -339,6 +340,7 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) struct glxsb_softc *sc = glxsb_sc; struct glxsb_session *ses = NULL; struct auth_hash *axf; + struct enc_xform *txf; struct cryptoini *c; struct swcr_data *swd; int sesn, i; @@ -374,9 +376,23 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) for (c = cri; c != NULL; c = c->cri_next) { switch (c->cri_alg) { case CRYPTO_AES_CBC: + if (c->cri_klen != 128) { - glxsb_crypto_freesession(sesn); - return (EINVAL); + swd = malloc(sizeof(struct swcr_data), M_CRYPTO_DATA, + M_NOWAIT|M_ZERO); + if (swd == NULL) { + glxsb_crypto_freesession(sesn); + return (ENOMEM); + } + ses->ses_swd_enc = swd; + txf = &enc_xform_rijndael128; + if (txf->setkey(&(swd->sw_kschedule), c->cri_key, + c->cri_klen / 8) < 0) { + glxsb_crypto_freesession(sesn); + return (EINVAL); + } + swd->sw_exf = txf; + break; } arc4random_buf(ses->ses_iv, sizeof(ses->ses_iv)); @@ -410,7 +426,7 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) glxsb_crypto_freesession(sesn); return (ENOMEM); } - ses->ses_swd = swd; + ses->ses_swd_auth = swd; swd->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); @@ -466,6 +482,7 @@ glxsb_crypto_freesession(uint64_t tid) struct glxsb_softc *sc = glxsb_sc; struct swcr_data *swd; struct auth_hash *axf; + struct enc_xform *txf; int sesn; uint32_t sid = ((uint32_t)tid) & 0xffffffff; @@ -474,8 +491,14 @@ glxsb_crypto_freesession(uint64_t tid) sesn = GLXSB_SESSION(sid); if (sesn >= sc->sc_nsessions) return (EINVAL); - if (sc->sc_sessions[sesn].ses_swd) { - swd = sc->sc_sessions[sesn].ses_swd; + if ((swd = sc->sc_sessions[sesn].ses_swd_enc)) { + txf = swd->sw_exf; + + if (swd->sw_kschedule) + txf->zerokey(&(swd->sw_kschedule)); + free(swd, M_CRYPTO_DATA); + } + if ((swd = sc->sc_sessions[sesn].ses_swd_auth)) { axf = swd->sw_axf; if (swd->sw_ictx) { @@ -577,6 +600,20 @@ glxsb_crypto_swauth(struct cryptop *crp, struct cryptodesc *crd, } static int +glxsb_crypto_swenc(struct cryptop *crp, struct cryptodesc *crd, + struct swcr_data *sw, caddr_t buf) +{ + int type; + + if (crp->crp_flags & CRYPTO_F_IMBUF) + type = CRYPTO_BUF_MBUF; + else + type = CRYPTO_BUF_IOV; + + return (swcr_encdec(crd, sw, buf, type)); +} + +static int glxsb_crypto_encdec(struct cryptop *crp, struct cryptodesc *crd, struct glxsb_session *ses, struct glxsb_softc *sc, caddr_t buf) { @@ -745,7 +782,11 @@ glxsb_crypto_process(struct cryptop *crp) for (crd = crp->crp_desc; crd; crd = crd->crd_next) { switch (crd->crd_alg) { case CRYPTO_AES_CBC: - if ((err = glxsb_crypto_encdec(crp, crd, ses, sc, + if (ses->ses_swd_enc) { + if ((err = glxsb_crypto_swenc(crp, crd, ses->ses_swd_enc, + crp->crp_buf)) != 0) + goto out; + } else if ((err = glxsb_crypto_encdec(crp, crd, ses, sc, crp->crp_buf)) != 0) goto out; break; @@ -756,7 +797,7 @@ glxsb_crypto_process(struct cryptop *crp) case CRYPTO_SHA2_256_HMAC: case CRYPTO_SHA2_384_HMAC: case CRYPTO_SHA2_512_HMAC: - if ((err = glxsb_crypto_swauth(crp, crd, ses->ses_swd, + if ((err = glxsb_crypto_swauth(crp, crd, ses->ses_swd_auth, crp->crp_buf)) != 0) goto out; break; |