src - FreeBSD source tree

diff options


context:
space:
mode:

author	John Baldwin <jhb@FreeBSD.org>	2020-05-11 21:34:29 +0000
committer	John Baldwin <jhb@FreeBSD.org>	2020-05-11 21:34:29 +0000
commit	0e00c709d7f1cdaeb584d244df9534bcdd0ac527 (patch)
tree	23d89d0624d4de7dca540e363018ca0c9bfdcb2e /sys
parent	32075647ef7fedb53479d3872960d9ae40e86491 (diff)
download	src-0e00c709d7f1cdaeb584d244df9534bcdd0ac527.tar.gz src-0e00c709d7f1cdaeb584d244df9534bcdd0ac527.zip

Notes

Diffstat (limited to 'sys')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

sys/conf/files.powerpc

-rw-r--r--

sys/conf/files.riscv

-rw-r--r--

sys/dev/cesa/cesa.c

-rw-r--r--

sys/dev/hifn/hifn7751.c

-rw-r--r--

sys/dev/safe/safe.c

-rw-r--r--

sys/dev/sec/sec.c

-rw-r--r--

sys/mips/cavium/cryptocteon/cavium_crypto.c

708

-rw-r--r--

sys/mips/cavium/cryptocteon/cryptocteon.c

-rw-r--r--

sys/mips/cavium/cryptocteon/cryptocteonvar.h

-rw-r--r--

sys/mips/nlm/dev/sec/nlmsec.c

-rw-r--r--

sys/mips/nlm/dev/sec/nlmseclib.c

-rw-r--r--

sys/opencrypto/crypto.c

-rw-r--r--

sys/opencrypto/cryptodev.h

-rw-r--r--

sys/opencrypto/xform.c

-rw-r--r--

sys/opencrypto/xform_des1.c

114

-rw-r--r--

sys/opencrypto/xform_des3.c

117

-rw-r--r--

sys/opencrypto/xform_enc.h

23 files changed, 11 insertions, 1173 deletions

diff --git a/sys/conf/files b/sys/conf/files
index 03f365bcd7da..56acd0ddc4af 100644
--- a/sys/conf/files
+++ b/sys/conf/files

@@ -684,8 +684,8 @@ crypto/camellia/camellia.c optional crypto | ipsec | ipsec_support

crypto/camellia/camellia-api.c optional crypto | ipsec | ipsec_support

crypto/chacha20/chacha.c standard

crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support

-crypto/des/des_ecb.c optional crypto | ipsec | ipsec_support | netsmb

-crypto/des/des_setkey.c optional crypto | ipsec | ipsec_support | netsmb

+crypto/des/des_ecb.c optional netsmb

+crypto/des/des_setkey.c optional netsmb

crypto/rc4/rc4.c optional netgraph_mppc_encryption | kgssapi

crypto/rijndael/rijndael-alg-fst.c optional crypto | ekcd | geom_bde | \

ipsec | ipsec_support | !random_loadable | wlan_ccmp

diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64
index 72ca22070a87..e6d91e96b423 100644
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64

@@ -136,8 +136,7 @@ amd64/pci/pci_cfgreg.c optional pci

cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"

cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"

crypto/aesni/aeskeys_amd64.S optional aesni

-crypto/des/des_enc.c optional crypto | ipsec | \

- ipsec_support | netsmb

+crypto/des/des_enc.c optional netsmb

dev/acpi_support/acpi_wmi_if.m standard

dev/agp/agp_amd64.c optional agp

dev/agp/agp_i810.c optional agp

diff --git a/sys/conf/files.arm b/sys/conf/files.arm
index 5d7900121a2f..11a357364fda 100644
--- a/sys/conf/files.arm
+++ b/sys/conf/files.arm

@@ -91,7 +91,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c optional !armv7 !armv6 zfs | !

cddl/dev/dtrace/arm/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"

cddl/dev/dtrace/arm/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"

cddl/dev/fbt/arm/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"

-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb

+crypto/des/des_enc.c optional netsmb

dev/cpufreq/cpufreq_dt.c optional cpufreq fdt

dev/dwc/if_dwc.c optional dwc

dev/dwc/if_dwc_if.m optional dwc

diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64
index 2bfa9ea8015a..3477292bda44 100644
--- a/sys/conf/files.arm64
+++ b/sys/conf/files.arm64

@@ -221,7 +221,7 @@ armv8_crypto_wrap.o optional armv8crypto \

compile-with "${CC} -c ${CFLAGS:C/^-O2$/-O3/:N-nostdinc:N-mgeneral-regs-only} -I$S/crypto/armv8/ ${WERROR} ${NO_WCAST_QUAL} ${PROF} -march=armv8-a+crypto ${.IMPSRC}" \

no-implicit-rule \

clean "armv8_crypto_wrap.o"

-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb

+crypto/des/des_enc.c optional netsmb

dev/acpica/acpi_bus_if.m optional acpi

dev/acpica/acpi_if.m optional acpi

dev/acpica/acpi_pci_link.c optional acpi pci

diff --git a/sys/conf/files.i386 b/sys/conf/files.i386
index 97946cdbb904..30dedced8813 100644
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386

@@ -76,7 +76,7 @@ compat/linux/linux_vdso.c optional compat_linux

compat/linux/linux.c optional compat_linux

compat/ndis/winx32_wrap.S optional ndisapi pci

crypto/aesni/aeskeys_i386.S optional aesni

-crypto/des/arch/i386/des_enc.S optional crypto | ipsec | ipsec_support | netsmb

+crypto/des/arch/i386/des_enc.S optional netsmb

dev/agp/agp_ali.c optional agp

dev/agp/agp_amd.c optional agp

dev/agp/agp_amd64.c optional agp

diff --git a/sys/conf/files.mips b/sys/conf/files.mips
index 150878a88032..496352c63090 100644
--- a/sys/conf/files.mips
+++ b/sys/conf/files.mips

@@ -82,8 +82,7 @@ mips/mips/sc_machdep.c optional sc

dev/uart/uart_cpu_fdt.c optional uart fdt

# crypto support -- use generic

-crypto/des/des_enc.c optional crypto | ipsec | \

- ipsec_support | netsmb

+crypto/des/des_enc.c optional netsmb

# AP common nvram interface MIPS specific, but maybe should be more generic

dev/nvram2env/nvram2env_mips.c optional nvram2env

diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc
index 1d611fc13af4..4359279c9c73 100644
--- a/sys/conf/files.powerpc
+++ b/sys/conf/files.powerpc

@@ -14,7 +14,7 @@ cddl/compat/opensolaris/kern/opensolaris_atomic.c optional zfs powerpc | dtrac

cddl/dev/dtrace/powerpc/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"

cddl/dev/dtrace/powerpc/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"

cddl/dev/fbt/powerpc/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"

-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb

+crypto/des/des_enc.c optional netsmb

dev/aacraid/aacraid_endian.c optional aacraid

dev/adb/adb_bus.c optional adb

dev/adb/adb_kbd.c optional adb

diff --git a/sys/conf/files.riscv b/sys/conf/files.riscv
index 7659db79c741..b59141e27750 100644
--- a/sys/conf/files.riscv
+++ b/sys/conf/files.riscv

@@ -2,7 +2,7 @@

cddl/dev/dtrace/riscv/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"

cddl/dev/dtrace/riscv/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"

cddl/dev/fbt/riscv/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}"

-crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb

+crypto/des/des_enc.c optional netsmb

dev/ofw/ofw_cpu.c optional fdt

dev/ofw/ofwpci.c optional pci fdt

dev/pci/pci_host_generic.c optional pci

diff --git a/sys/dev/cesa/cesa.c b/sys/dev/cesa/cesa.c
index eb7ef532ab76..782a37cdc8e2 100644
--- a/sys/dev/cesa/cesa.c
+++ b/sys/dev/cesa/cesa.c

@@ -1577,14 +1577,6 @@ cesa_cipher_supported(const struct crypto_session_params *csp)

if (csp->csp_ivlen != AES_BLOCK_LEN)

return (false);

break;

- case CRYPTO_DES_CBC:

- if (csp->csp_ivlen != DES_BLOCK_LEN)

- return (false);

- break;

- case CRYPTO_3DES_CBC:

- if (csp->csp_ivlen != DES3_BLOCK_LEN)

- return (false);

- break;

default:

return (false);

}

@@ -1673,15 +1665,6 @@ cesa_newsession(device_t dev, crypto_session_t cses,

cs->cs_config |= CESA_CSHD_AES | CESA_CSHD_CBC;

cs->cs_ivlen = AES_BLOCK_LEN;

break;

- case CRYPTO_DES_CBC:

- cs->cs_config |= CESA_CSHD_DES | CESA_CSHD_CBC;

- cs->cs_ivlen = DES_BLOCK_LEN;

- break;

- case CRYPTO_3DES_CBC:

- cs->cs_config |= CESA_CSHD_3DES | CESA_CSHD_3DES_EDE |

- CESA_CSHD_CBC;

- cs->cs_ivlen = DES3_BLOCK_LEN;

- break;

}

switch (csp->csp_auth_alg) {

diff --git a/sys/dev/hifn/hifn7751.c b/sys/dev/hifn/hifn7751.c
index b090316d86a3..bd234db134f3 100644
--- a/sys/dev/hifn/hifn7751.c
+++ b/sys/dev/hifn/hifn7751.c

@@ -1604,14 +1604,6 @@ hifn_write_command(struct hifn_command *cmd, u_int8_t *buf)

if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) {

switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) {

- case HIFN_CRYPT_CMD_ALG_3DES:

- bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH);

- buf_pos += HIFN_3DES_KEY_LENGTH;

- break;

- case HIFN_CRYPT_CMD_ALG_DES:

- bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH);

- buf_pos += HIFN_DES_KEY_LENGTH;

- break;

case HIFN_CRYPT_CMD_ALG_AES:

* AES keys are variable 128, 192 and

@@ -2328,8 +2320,6 @@ hifn_cipher_supported(struct hifn_softc *sc,

switch (sc->sc_ena) {

case HIFN_PUSTAT_ENA_2:

switch (csp->csp_cipher_alg) {

- case CRYPTO_3DES_CBC:

- break;

case CRYPTO_AES_CBC:

if ((sc->sc_flags & HIFN_HAS_AES) == 0)

return (false);

@@ -2343,13 +2333,6 @@ hifn_cipher_supported(struct hifn_softc *sc,

}

return (true);

}

- /*FALLTHROUGH*/

- case HIFN_PUSTAT_ENA_1:

- switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- return (true);

- }

- break;

}

return (false);

}

@@ -2448,16 +2431,6 @@ hifn_process(device_t dev, struct cryptop *crp, int hint)

cmd->base_masks |= HIFN_BASE_CMD_DECODE;

cmd->base_masks |= HIFN_BASE_CMD_CRYPT;

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES |

- HIFN_CRYPT_CMD_MODE_CBC |

- HIFN_CRYPT_CMD_NEW_IV;

- break;

- case CRYPTO_3DES_CBC:

- cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES |

- HIFN_CRYPT_CMD_MODE_CBC |

- HIFN_CRYPT_CMD_NEW_IV;

- break;

case CRYPTO_AES_CBC:

cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES |

HIFN_CRYPT_CMD_MODE_CBC |

diff --git a/sys/dev/safe/safe.c b/sys/dev/safe/safe.c
index 80e938155b09..48dfbf68130c 100644
--- a/sys/dev/safe/safe.c
+++ b/sys/dev/safe/safe.c

@@ -694,20 +694,6 @@ safe_cipher_supported(struct safe_softc *sc,

{

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- if ((sc->sc_devinfo & SAFE_DEVINFO_DES) == 0)

- return (false);

- if (csp->csp_ivlen != 8)

- return (false);

- if (csp->csp_cipher_alg == CRYPTO_DES_CBC) {

- if (csp->csp_cipher_klen != 8)

- return (false);

- } else {

- if (csp->csp_cipher_klen != 24)

- return (false);

- }

- break;

case CRYPTO_AES_CBC:

if ((sc->sc_devinfo & SAFE_DEVINFO_AES) == 0)

return (false);

@@ -866,14 +852,6 @@ safe_process(device_t dev, struct cryptop *crp, int hint)

safe_setup_enckey(ses, crp->crp_cipher_key);

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- cmd0 |= SAFE_SA_CMD0_DES;

- cmd1 |= SAFE_SA_CMD1_CBC;

- break;

- case CRYPTO_3DES_CBC:

- cmd0 |= SAFE_SA_CMD0_3DES;

- cmd1 |= SAFE_SA_CMD1_CBC;

- break;

case CRYPTO_AES_CBC:

cmd0 |= SAFE_SA_CMD0_AES;

cmd1 |= SAFE_SA_CMD1_CBC;

diff --git a/sys/dev/sec/sec.c b/sys/dev/sec/sec.c
index 1ea5039f18ae..9aec4163724f 100644
--- a/sys/dev/sec/sec.c
+++ b/sys/dev/sec/sec.c

@@ -106,12 +106,6 @@ static int sec_aesu_make_desc(struct sec_softc *sc,

const struct crypto_session_params *csp, struct sec_desc *desc,

struct cryptop *crp);

-/* DEU */

-static bool sec_deu_newsession(const struct crypto_session_params *csp);

-static int sec_deu_make_desc(struct sec_softc *sc,

- const struct crypto_session_params *csp, struct sec_desc *desc,

- struct cryptop *crp);

/* MDEU */

static bool sec_mdeu_can_handle(u_int alg);

static int sec_mdeu_config(const struct crypto_session_params *csp,

@@ -154,10 +148,6 @@ static struct sec_eu_methods sec_eus[] = {

sec_aesu_make_desc,

{

- sec_deu_newsession,

- sec_deu_make_desc,

- },

- {

sec_mdeu_newsession,

sec_mdeu_make_desc,

@@ -1147,12 +1137,6 @@ sec_cipher_supported(const struct crypto_session_params *csp)

if (csp->csp_ivlen != AES_BLOCK_LEN)

return (false);

break;

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- /* DEU */

- if (csp->csp_ivlen != DES_BLOCK_LEN)

- return (false);

- break;

default:

return (false);

}

@@ -1474,55 +1458,6 @@ sec_aesu_make_desc(struct sec_softc *sc,

return (error);

}

-/* DEU */

-static bool

-sec_deu_newsession(const struct crypto_session_params *csp)

- switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- return (true);

- default:

- return (false);

- }

-static int

-sec_deu_make_desc(struct sec_softc *sc, const struct crypto_session_params *csp,

- struct sec_desc *desc, struct cryptop *crp)

- struct sec_hw_desc *hd = desc->sd_desc;

- int error;

- hd->shd_eu_sel0 = SEC_EU_DEU;

- hd->shd_mode0 = SEC_DEU_MODE_CBC;

- switch (csp->csp_cipher_alg) {

- case CRYPTO_3DES_CBC:

- hd->shd_mode0 |= SEC_DEU_MODE_TS;

- break;

- case CRYPTO_DES_CBC:

- break;

- default:

- return (EINVAL);

- }

- if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {

- hd->shd_mode0 |= SEC_DEU_MODE_ED;

- hd->shd_dir = 0;

- } else

- hd->shd_dir = 1;

- if (csp->csp_mode == CSP_MODE_ETA)

- error = sec_build_common_s_desc(sc, desc, csp, crp);

- else

- error = sec_build_common_ns_desc(sc, desc, csp, crp);

- return (error);

/* MDEU */

static bool

diff --git a/sys/mips/cavium/cryptocteon/cavium_crypto.c b/sys/mips/cavium/cryptocteon/cavium_crypto.c
index e68a2757b466..ac15c2974274 100644
--- a/sys/mips/cavium/cryptocteon/cavium_crypto.c
+++ b/sys/mips/cavium/cryptocteon/cavium_crypto.c

@@ -90,12 +90,10 @@ __FBSDID("$FreeBSD$");

} while (0)

#define ESP_HEADER_LENGTH 8

-#define DES_CBC_IV_LENGTH 8

#define AES_CBC_IV_LENGTH 16

#define ESP_HMAC_LEN 12

#define ESP_HEADER_LENGTH 8

-#define DES_CBC_IV_LENGTH 8

/****************************************************************************/

@@ -320,125 +318,6 @@ octo_calc_hash(uint8_t auth, unsigned char *key, uint64_t *inner, uint64_t *oute

}

/****************************************************************************/

-/* DES functions */

-int

-octo_des_cbc_encrypt(

- struct octo_sess *od,

- struct iovec *iov, size_t iovcnt, size_t iovlen,

- int auth_off, int auth_len,

- int crypt_off, int crypt_len,

- uint8_t *icv, uint8_t *ivp)

- uint64_t *data;

- int data_i, data_l;

- dprintf("%s()\n", __func__);

- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||

- (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) {

- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "

- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "

- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,

- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);

- return -EINVAL;

- }

- IOV_INIT(iov, data, data_i, data_l);

- CVMX_PREFETCH0(ivp);

- CVMX_PREFETCH0(od->octo_enckey);

- /* load 3DES Key */

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);

- if (od->octo_encklen == 24) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);

- } else if (od->octo_encklen == 8) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);

- } else {

- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);

- return -EINVAL;

- }

- CVMX_MT_3DES_IV(* (uint64_t *) ivp);

- while (crypt_off > 0) {

- IOV_CONSUME(iov, data, data_i, data_l);

- crypt_off -= 8;

- }

- while (crypt_len > 0) {

- CVMX_MT_3DES_ENC_CBC(*data);

- CVMX_MF_3DES_RESULT(*data);

- IOV_CONSUME(iov, data, data_i, data_l);

- crypt_len -= 8;

- }

- return 0;

-int

-octo_des_cbc_decrypt(

- struct octo_sess *od,

- struct iovec *iov, size_t iovcnt, size_t iovlen,

- int auth_off, int auth_len,

- int crypt_off, int crypt_len,

- uint8_t *icv, uint8_t *ivp)

- uint64_t *data;

- int data_i, data_l;

- dprintf("%s()\n", __func__);

- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||

- (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) {

- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "

- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "

- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,

- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);

- return -EINVAL;

- }

- IOV_INIT(iov, data, data_i, data_l);

- CVMX_PREFETCH0(ivp);

- CVMX_PREFETCH0(od->octo_enckey);

- /* load 3DES Key */

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);

- if (od->octo_encklen == 24) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);

- } else if (od->octo_encklen == 8) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);

- } else {

- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);

- return -EINVAL;

- }

- CVMX_MT_3DES_IV(* (uint64_t *) ivp);

- while (crypt_off > 0) {

- IOV_CONSUME(iov, data, data_i, data_l);

- crypt_off -= 8;

- }

- while (crypt_len > 0) {

- CVMX_MT_3DES_DEC_CBC(*data);

- CVMX_MF_3DES_RESULT(*data);

- IOV_CONSUME(iov, data, data_i, data_l);

- crypt_len -= 8;

- }

- return 0;

-/****************************************************************************/

/* AES functions */

int

@@ -778,593 +657,6 @@ octo_null_sha1_encrypt(

}

/****************************************************************************/

-/* DES MD5 */

-int

-octo_des_cbc_md5_encrypt(

- struct octo_sess *od,

- struct iovec *iov, size_t iovcnt, size_t iovlen,

- int auth_off, int auth_len,

- int crypt_off, int crypt_len,

- uint8_t *icv, uint8_t *ivp)

- int next = 0;

- union {

- uint32_t data32[2];

- uint64_t data64[1];

- } mydata;

- uint64_t *data = &mydata.data64[0];

- uint32_t *data32;

- uint64_t tmp1, tmp2;

- int data_i, data_l, alen = auth_len;

- dprintf("%s()\n", __func__);

- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||

- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||

- (crypt_len & 0x7) ||

- (auth_len & 0x7) ||

- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {

- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "

- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "

- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,

- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);

- return -EINVAL;

- }

- IOV_INIT(iov, data32, data_i, data_l);

- CVMX_PREFETCH0(ivp);

- CVMX_PREFETCH0(od->octo_enckey);

- /* load 3DES Key */

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);

- if (od->octo_encklen == 24) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);

- } else if (od->octo_encklen == 8) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);

- } else {

- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);

- return -EINVAL;

- }

- CVMX_MT_3DES_IV(* (uint64_t *) ivp);

- /* Load MD5 IV */

- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);

- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);

- while (crypt_off > 0 && auth_off > 0) {

- IOV_CONSUME(iov, data32, data_i, data_l);

- crypt_off -= 4;

- auth_off -= 4;

- }

- while (crypt_len > 0 || auth_len > 0) {

- uint32_t *first = data32;

- mydata.data32[0] = *first;

- IOV_CONSUME(iov, data32, data_i, data_l);

- mydata.data32[1] = *data32;

- if (crypt_off <= 0) {

- if (crypt_len > 0) {

- CVMX_MT_3DES_ENC_CBC(*data);

- CVMX_MF_3DES_RESULT(*data);

- crypt_len -= 8;

- }

- } else

- crypt_off -= 8;

- if (auth_off <= 0) {

- if (auth_len > 0) {

- CVM_LOAD_MD5_UNIT(*data, next);

- auth_len -= 8;

- }

- } else

- auth_off -= 8;

- *first = mydata.data32[0];

- *data32 = mydata.data32[1];

- IOV_CONSUME(iov, data32, data_i, data_l);

- }

- /* finish the hash */

- CVMX_PREFETCH0(od->octo_hmouter);

-#if 0

- if (__predict_false(inplen)) {

- uint64_t tmp = 0;

- uint8_t *p = (uint8_t *) & tmp;

- p[inplen] = 0x80;

- do {

- inplen--;

- p[inplen] = ((uint8_t *) data)[inplen];

- } while (inplen);

- CVM_LOAD_MD5_UNIT(tmp, next);

- } else {

- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);

- }

-#else

- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);

-#endif

- /* Finish Inner hash */

- while (next != 7) {

- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);

- }

- CVMX_ES64(tmp1, ((alen + 64) << 3));

- CVM_LOAD_MD5_UNIT(tmp1, next);

- /* Get the inner hash of HMAC */

- CVMX_MF_HSH_IV(tmp1, 0);

- CVMX_MF_HSH_IV(tmp2, 1);

- /* Initialize hash unit */

- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);

- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);

- CVMX_MT_HSH_DAT(tmp1, 0);

- CVMX_MT_HSH_DAT(tmp2, 1);

- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);

- CVMX_MT_HSH_DATZ(3);

- CVMX_MT_HSH_DATZ(4);

- CVMX_MT_HSH_DATZ(5);

- CVMX_MT_HSH_DATZ(6);

- CVMX_ES64(tmp1, ((64 + 16) << 3));

- CVMX_MT_HSH_STARTMD5(tmp1);

- /* save the HMAC */

- data32 = (uint32_t *)icv;

- CVMX_MF_HSH_IV(tmp1, 0);

- *data32 = (uint32_t) (tmp1 >> 32);

- data32++;

- *data32 = (uint32_t) tmp1;

- data32++;

- CVMX_MF_HSH_IV(tmp1, 1);

- *data32 = (uint32_t) (tmp1 >> 32);

- return 0;

-int

-octo_des_cbc_md5_decrypt(

- struct octo_sess *od,

- struct iovec *iov, size_t iovcnt, size_t iovlen,

- int auth_off, int auth_len,

- int crypt_off, int crypt_len,

- uint8_t *icv, uint8_t *ivp)

- int next = 0;

- union {

- uint32_t data32[2];

- uint64_t data64[1];

- } mydata;

- uint64_t *data = &mydata.data64[0];

- uint32_t *data32;

- uint64_t tmp1, tmp2;

- int data_i, data_l, alen = auth_len;

- dprintf("%s()\n", __func__);

- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||

- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||

- (crypt_len & 0x7) ||

- (auth_len & 0x7) ||

- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {

- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "

- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "

- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,

- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);

- return -EINVAL;

- }

- IOV_INIT(iov, data32, data_i, data_l);

- CVMX_PREFETCH0(ivp);

- CVMX_PREFETCH0(od->octo_enckey);

- /* load 3DES Key */

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);

- if (od->octo_encklen == 24) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);

- } else if (od->octo_encklen == 8) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);

- } else {

- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);

- return -EINVAL;

- }

- CVMX_MT_3DES_IV(* (uint64_t *) ivp);

- /* Load MD5 IV */

- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);

- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);

- while (crypt_off > 0 && auth_off > 0) {

- IOV_CONSUME(iov, data32, data_i, data_l);

- crypt_off -= 4;

- auth_off -= 4;

- }

- while (crypt_len > 0 || auth_len > 0) {

- uint32_t *first = data32;

- mydata.data32[0] = *first;

- IOV_CONSUME(iov, data32, data_i, data_l);

- mydata.data32[1] = *data32;

- if (auth_off <= 0) {

- if (auth_len > 0) {

- CVM_LOAD_MD5_UNIT(*data, next);

- auth_len -= 8;

- }

- } else

- auth_off -= 8;

- if (crypt_off <= 0) {

- if (crypt_len > 0) {

- CVMX_MT_3DES_DEC_CBC(*data);

- CVMX_MF_3DES_RESULT(*data);

- crypt_len -= 8;

- }

- } else

- crypt_off -= 8;

- *first = mydata.data32[0];

- *data32 = mydata.data32[1];

- IOV_CONSUME(iov, data32, data_i, data_l);

- }

- /* finish the hash */

- CVMX_PREFETCH0(od->octo_hmouter);

-#if 0

- if (__predict_false(inplen)) {

- uint64_t tmp = 0;

- uint8_t *p = (uint8_t *) & tmp;

- p[inplen] = 0x80;

- do {

- inplen--;

- p[inplen] = ((uint8_t *) data)[inplen];

- } while (inplen);

- CVM_LOAD_MD5_UNIT(tmp, next);

- } else {

- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);

- }

-#else

- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);

-#endif

- /* Finish Inner hash */

- while (next != 7) {

- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);

- }

- CVMX_ES64(tmp1, ((alen + 64) << 3));

- CVM_LOAD_MD5_UNIT(tmp1, next);

- /* Get the inner hash of HMAC */

- CVMX_MF_HSH_IV(tmp1, 0);

- CVMX_MF_HSH_IV(tmp2, 1);

- /* Initialize hash unit */

- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);

- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);

- CVMX_MT_HSH_DAT(tmp1, 0);

- CVMX_MT_HSH_DAT(tmp2, 1);

- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);

- CVMX_MT_HSH_DATZ(3);

- CVMX_MT_HSH_DATZ(4);

- CVMX_MT_HSH_DATZ(5);

- CVMX_MT_HSH_DATZ(6);

- CVMX_ES64(tmp1, ((64 + 16) << 3));

- CVMX_MT_HSH_STARTMD5(tmp1);

- /* save the HMAC */

- data32 = (uint32_t *)icv;

- CVMX_MF_HSH_IV(tmp1, 0);

- *data32 = (uint32_t) (tmp1 >> 32);

- data32++;

- *data32 = (uint32_t) tmp1;

- data32++;

- CVMX_MF_HSH_IV(tmp1, 1);

- *data32 = (uint32_t) (tmp1 >> 32);

- return 0;

-/****************************************************************************/

-/* DES SHA */

-int

-octo_des_cbc_sha1_encrypt(

- struct octo_sess *od,

- struct iovec *iov, size_t iovcnt, size_t iovlen,

- int auth_off, int auth_len,

- int crypt_off, int crypt_len,

- uint8_t *icv, uint8_t *ivp)

- int next = 0;

- union {

- uint32_t data32[2];

- uint64_t data64[1];

- } mydata;

- uint64_t *data = &mydata.data64[0];

- uint32_t *data32;

- uint64_t tmp1, tmp2, tmp3;

- int data_i, data_l, alen = auth_len;

- dprintf("%s()\n", __func__);

- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||

- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||

- (crypt_len & 0x7) ||

- (auth_len & 0x7) ||

- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {

- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "

- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "

- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,

- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);

- return -EINVAL;

- }

- IOV_INIT(iov, data32, data_i, data_l);

- CVMX_PREFETCH0(ivp);

- CVMX_PREFETCH0(od->octo_enckey);

- /* load 3DES Key */

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);

- if (od->octo_encklen == 24) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);

- } else if (od->octo_encklen == 8) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);

- } else {

- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);

- return -EINVAL;

- }

- CVMX_MT_3DES_IV(* (uint64_t *) ivp);

- /* Load SHA1 IV */

- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);

- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);

- CVMX_MT_HSH_IV(od->octo_hminner[2], 2);

- while (crypt_off > 0 && auth_off > 0) {

- IOV_CONSUME(iov, data32, data_i, data_l);

- crypt_off -= 4;

- auth_off -= 4;

- }

- while (crypt_len > 0 || auth_len > 0) {

- uint32_t *first = data32;

- mydata.data32[0] = *first;

- IOV_CONSUME(iov, data32, data_i, data_l);

- mydata.data32[1] = *data32;

- if (crypt_off <= 0) {

- if (crypt_len > 0) {

- CVMX_MT_3DES_ENC_CBC(*data);

- CVMX_MF_3DES_RESULT(*data);

- crypt_len -= 8;

- }

- } else

- crypt_off -= 8;

- if (auth_off <= 0) {

- if (auth_len > 0) {

- CVM_LOAD_SHA_UNIT(*data, next);

- auth_len -= 8;

- }

- } else

- auth_off -= 8;

- *first = mydata.data32[0];

- *data32 = mydata.data32[1];

- IOV_CONSUME(iov, data32, data_i, data_l);

- }

- /* finish the hash */

- CVMX_PREFETCH0(od->octo_hmouter);

-#if 0

- if (__predict_false(inplen)) {

- uint64_t tmp = 0;

- uint8_t *p = (uint8_t *) & tmp;

- p[inplen] = 0x80;

- do {

- inplen--;

- p[inplen] = ((uint8_t *) data)[inplen];

- } while (inplen);

- CVM_LOAD_SHA_UNIT(tmp, next);

- } else {

- CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);

- }

-#else

- CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);

-#endif

- /* Finish Inner hash */

- while (next != 7) {

- CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next);

- }

- CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next);

- /* Get the inner hash of HMAC */

- CVMX_MF_HSH_IV(tmp1, 0);

- CVMX_MF_HSH_IV(tmp2, 1);

- tmp3 = 0;

- CVMX_MF_HSH_IV(tmp3, 2);

- /* Initialize hash unit */

- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);

- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);

- CVMX_MT_HSH_IV(od->octo_hmouter[2], 2);

- CVMX_MT_HSH_DAT(tmp1, 0);

- CVMX_MT_HSH_DAT(tmp2, 1);

- tmp3 |= 0x0000000080000000;

- CVMX_MT_HSH_DAT(tmp3, 2);

- CVMX_MT_HSH_DATZ(3);

- CVMX_MT_HSH_DATZ(4);

- CVMX_MT_HSH_DATZ(5);

- CVMX_MT_HSH_DATZ(6);

- CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3));

- /* save the HMAC */

- data32 = (uint32_t *)icv;

- CVMX_MF_HSH_IV(tmp1, 0);

- *data32 = (uint32_t) (tmp1 >> 32);

- data32++;

- *data32 = (uint32_t) tmp1;

- data32++;

- CVMX_MF_HSH_IV(tmp1, 1);

- *data32 = (uint32_t) (tmp1 >> 32);

- return 0;

-int

-octo_des_cbc_sha1_decrypt(

- struct octo_sess *od,

- struct iovec *iov, size_t iovcnt, size_t iovlen,

- int auth_off, int auth_len,

- int crypt_off, int crypt_len,

- uint8_t *icv, uint8_t *ivp)

- int next = 0;

- union {

- uint32_t data32[2];

- uint64_t data64[1];

- } mydata;

- uint64_t *data = &mydata.data64[0];

- uint32_t *data32;

- uint64_t tmp1, tmp2, tmp3;

- int data_i, data_l, alen = auth_len;

- dprintf("%s()\n", __func__);

- if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||

- (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||

- (crypt_len & 0x7) ||

- (auth_len & 0x7) ||

- (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {

- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "

- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "

- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,

- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);

- return -EINVAL;

- }

- IOV_INIT(iov, data32, data_i, data_l);

- CVMX_PREFETCH0(ivp);

- CVMX_PREFETCH0(od->octo_enckey);

- /* load 3DES Key */

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0);

- if (od->octo_encklen == 24) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2);

- } else if (od->octo_encklen == 8) {

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1);

- CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2);

- } else {

- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);

- return -EINVAL;

- }

- CVMX_MT_3DES_IV(* (uint64_t *) ivp);

- /* Load SHA1 IV */

- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);

- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);

- CVMX_MT_HSH_IV(od->octo_hminner[2], 2);

- while (crypt_off > 0 && auth_off > 0) {

- IOV_CONSUME(iov, data32, data_i, data_l);

- crypt_off -= 4;

- auth_off -= 4;

- }

- while (crypt_len > 0 || auth_len > 0) {

- uint32_t *first = data32;

- mydata.data32[0] = *first;

- IOV_CONSUME(iov, data32, data_i, data_l);

- mydata.data32[1] = *data32;

- if (auth_off <= 0) {

- if (auth_len > 0) {

- CVM_LOAD_SHA_UNIT(*data, next);

- auth_len -= 8;

- }

- } else

- auth_off -= 8;

- if (crypt_off <= 0) {

- if (crypt_len > 0) {

- CVMX_MT_3DES_DEC_CBC(*data);

- CVMX_MF_3DES_RESULT(*data);

- crypt_len -= 8;

- }

- } else

- crypt_off -= 8;

- *first = mydata.data32[0];

- *data32 = mydata.data32[1];

- IOV_CONSUME(iov, data32, data_i, data_l);

- }

- /* finish the hash */

- CVMX_PREFETCH0(od->octo_hmouter);

-#if 0

- if (__predict_false(inplen)) {

- uint64_t tmp = 0;

- uint8_t *p = (uint8_t *) & tmp;

- p[inplen] = 0x80;

- do {

- inplen--;

- p[inplen] = ((uint8_t *) data)[inplen];

- } while (inplen);

- CVM_LOAD_SHA_UNIT(tmp, next);

- } else {

- CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);

- }

-#else

- CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next);

-#endif

- /* Finish Inner hash */

- while (next != 7) {

- CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next);

- }

- CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next);

- /* Get the inner hash of HMAC */

- CVMX_MF_HSH_IV(tmp1, 0);

- CVMX_MF_HSH_IV(tmp2, 1);

- tmp3 = 0;

- CVMX_MF_HSH_IV(tmp3, 2);

- /* Initialize hash unit */

- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);

- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);

- CVMX_MT_HSH_IV(od->octo_hmouter[2], 2);

- CVMX_MT_HSH_DAT(tmp1, 0);

- CVMX_MT_HSH_DAT(tmp2, 1);

- tmp3 |= 0x0000000080000000;

- CVMX_MT_HSH_DAT(tmp3, 2);

- CVMX_MT_HSH_DATZ(3);

- CVMX_MT_HSH_DATZ(4);

- CVMX_MT_HSH_DATZ(5);

- CVMX_MT_HSH_DATZ(6);

- CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3));

- /* save the HMAC */

- data32 = (uint32_t *)icv;

- CVMX_MF_HSH_IV(tmp1, 0);

- *data32 = (uint32_t) (tmp1 >> 32);

- data32++;

- *data32 = (uint32_t) tmp1;

- data32++;

- CVMX_MF_HSH_IV(tmp1, 1);

- *data32 = (uint32_t) (tmp1 >> 32);

- return 0;

-/****************************************************************************/

/* AES MD5 */

int

diff --git a/sys/mips/cavium/cryptocteon/cryptocteon.c b/sys/mips/cavium/cryptocteon/cryptocteon.c
index 56030979f24e..2fe2e9f29c63 100644
--- a/sys/mips/cavium/cryptocteon/cryptocteon.c
+++ b/sys/mips/cavium/cryptocteon/cryptocteon.c

@@ -121,14 +121,6 @@ cryptocteon_cipher_supported(const struct crypto_session_params *csp)

{

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- if (csp->csp_ivlen != 8)

- return (false);

- if (csp->csp_cipher_klen != 8 &&

- csp->csp_cipher_klen != 24)

- return (false);

- break;

case CRYPTO_AES_CBC:

if (csp->csp_ivlen != 16)

return (false);

@@ -229,11 +221,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t cses,

break;

case CSP_MODE_CIPHER:

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- ocd->octo_encrypt = octo_des_cbc_encrypt;

- ocd->octo_decrypt = octo_des_cbc_decrypt;

- break;

case CRYPTO_AES_CBC:

ocd->octo_encrypt = octo_aes_cbc_encrypt;

ocd->octo_decrypt = octo_aes_cbc_decrypt;

@@ -242,19 +229,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t cses,

break;

case CSP_MODE_ETA:

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- switch (csp->csp_auth_alg) {

- case CRYPTO_MD5_HMAC:

- ocd->octo_encrypt = octo_des_cbc_md5_encrypt;

- ocd->octo_decrypt = octo_des_cbc_md5_decrypt;

- break;

- case CRYPTO_SHA1_HMAC:

- ocd->octo_encrypt = octo_des_cbc_sha1_encrypt;

- ocd->octo_decrypt = octo_des_cbc_sha1_encrypt;

- break;

- }

- break;

case CRYPTO_AES_CBC:

switch (csp->csp_auth_alg) {

case CRYPTO_MD5_HMAC:

diff --git a/sys/mips/cavium/cryptocteon/cryptocteonvar.h b/sys/mips/cavium/cryptocteon/cryptocteonvar.h
index e7bc445deefb..2e071f7240b3 100644
--- a/sys/mips/cavium/cryptocteon/cryptocteonvar.h
+++ b/sys/mips/cavium/cryptocteon/cryptocteonvar.h

@@ -67,14 +67,6 @@ void octo_calc_hash(uint8_t, unsigned char *, uint64_t *, uint64_t *);

octo_encrypt_t octo_null_md5_encrypt;

octo_encrypt_t octo_null_sha1_encrypt;

-octo_encrypt_t octo_des_cbc_encrypt;

-octo_encrypt_t octo_des_cbc_md5_encrypt;

-octo_encrypt_t octo_des_cbc_sha1_encrypt;

-octo_decrypt_t octo_des_cbc_decrypt;

-octo_decrypt_t octo_des_cbc_md5_decrypt;

-octo_decrypt_t octo_des_cbc_sha1_decrypt;

octo_encrypt_t octo_aes_cbc_encrypt;

octo_encrypt_t octo_aes_cbc_md5_encrypt;

octo_encrypt_t octo_aes_cbc_sha1_encrypt;

diff --git a/sys/mips/nlm/dev/sec/nlmsec.c b/sys/mips/nlm/dev/sec/nlmsec.c
index b32ec3406bb4..52dd46429e8f 100644
--- a/sys/mips/nlm/dev/sec/nlmsec.c
+++ b/sys/mips/nlm/dev/sec/nlmsec.c

@@ -391,11 +391,6 @@ xlp_sec_cipher_supported(const struct crypto_session_params *csp)

{

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- case CRYPTO_3DES_CBC:

- if (csp->csp_ivlen != XLP_SEC_DES_IV_LENGTH)

- return (false);

- break;

case CRYPTO_AES_CBC:

if (csp->csp_ivlen != XLP_SEC_AES_IV_LENGTH)

return (false);

diff --git a/sys/mips/nlm/dev/sec/nlmseclib.c b/sys/mips/nlm/dev/sec/nlmseclib.c
index a613fe93509f..56de5b5cc022 100644
--- a/sys/mips/nlm/dev/sec/nlmseclib.c
+++ b/sys/mips/nlm/dev/sec/nlmseclib.c

@@ -172,18 +172,6 @@ nlm_crypto_do_cipher(struct xlp_sec_softc *sc, struct xlp_sec_command *cmd,

cipkey = cmd->crp->crp_cipher_key;

else

cipkey = csp->csp_cipher_key;

- if (cmd->cipheralg == NLM_CIPHER_3DES) {

- if (!CRYPTO_OP_IS_ENCRYPT(cmd->crp->crp_op)) {

- const uint64_t *k;

- uint64_t *tkey;

- k = (const uint64_t *)cipkey;

- tkey = (uint64_t *)cmd->des3key;

- tkey[2] = k[0];

- tkey[1] = k[1];

- tkey[0] = k[2];

- cipkey = (const unsigned char *)tkey;

- }

nlm_crypto_fill_pkt_ctrl(cmd->ctrlp, 0, NLM_HASH_BYPASS, 0,

cmd->cipheralg, cmd->ciphermode, cipkey,

csp->csp_cipher_klen, NULL, 0);

@@ -239,18 +227,6 @@ nlm_crypto_do_cipher_digest(struct xlp_sec_softc *sc,

authkey = cmd->crp->crp_auth_key;

else

authkey = csp->csp_auth_key;

- if (cmd->cipheralg == NLM_CIPHER_3DES) {

- if (!CRYPTO_OP_IS_ENCRYPT(cmd->crp->crp_op)) {

- const uint64_t *k;

- uint64_t *tkey;

- k = (const uint64_t *)cipkey;

- tkey = (uint64_t *)cmd->des3key;

- tkey[2] = k[0];

- tkey[1] = k[1];

- tkey[0] = k[2];

- cipkey = (const unsigned char *)tkey;

- }

nlm_crypto_fill_pkt_ctrl(cmd->ctrlp, csp->csp_auth_klen ? 1 : 0,

cmd->hashalg, cmd->hashmode, cmd->cipheralg, cmd->ciphermode,

cipkey, csp->csp_cipher_klen,

@@ -296,16 +272,6 @@ nlm_get_cipher_param(struct xlp_sec_command *cmd,

const struct crypto_session_params *csp)

{

switch(csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- cmd->cipheralg = NLM_CIPHER_DES;

- cmd->ciphermode = NLM_CIPHER_MODE_CBC;

- cmd->ivlen = XLP_SEC_DES_IV_LENGTH;

- break;

- case CRYPTO_3DES_CBC:

- cmd->cipheralg = NLM_CIPHER_3DES;

- cmd->ciphermode = NLM_CIPHER_MODE_CBC;

- cmd->ivlen = XLP_SEC_DES_IV_LENGTH;

- break;

case CRYPTO_AES_CBC:

cmd->cipheralg = NLM_CIPHER_AES128;

cmd->ciphermode = NLM_CIPHER_MODE_CBC;

diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index 2dee7477c713..c5aaec71f2a5 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c

@@ -594,10 +594,6 @@ crypto_cipher(const struct crypto_session_params *csp)

{

switch (csp->csp_cipher_alg) {

- case CRYPTO_DES_CBC:

- return (&enc_xform_des);

- case CRYPTO_3DES_CBC:

- return (&enc_xform_3des);

case CRYPTO_RIJNDAEL128_CBC:

return (&enc_xform_rijndael128);

case CRYPTO_AES_XTS:

@@ -678,8 +674,6 @@ static enum alg_type {

ALG_COMPRESSION,

ALG_AEAD

} alg_types[] = {

- [CRYPTO_DES_CBC] = ALG_CIPHER,

- [CRYPTO_3DES_CBC] = ALG_CIPHER,

[CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,

[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,

[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,

diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index 461145350eac..195df24b45d4 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h

@@ -113,8 +113,6 @@

/* Encryption algorithm block sizes */

#define NULL_BLOCK_LEN 4 /* IPsec to maintain alignment */

-#define DES_BLOCK_LEN 8

-#define DES3_BLOCK_LEN 8

#define RIJNDAEL128_BLOCK_LEN 16

#define AES_BLOCK_LEN 16

#define AES_ICM_BLOCK_LEN 1

@@ -132,10 +130,6 @@

/* Min and Max Encryption Key Sizes */

#define NULL_MIN_KEY 0

#define NULL_MAX_KEY 256 /* 2048 bits, max key */

-#define DES_MIN_KEY 8

-#define DES_MAX_KEY DES_MIN_KEY

-#define TRIPLE_DES_MIN_KEY 24

-#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY

#define RIJNDAEL_MIN_KEY 16

#define RIJNDAEL_MAX_KEY 32

#define AES_MIN_KEY RIJNDAEL_MIN_KEY

@@ -215,7 +209,7 @@

/* NB: deprecated */

struct session_op {

- u_int32_t cipher; /* ie. CRYPTO_DES_CBC */

+ u_int32_t cipher; /* ie. CRYPTO_AES_CBC */

u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */

u_int32_t keylen; /* cipher key */

@@ -232,7 +226,7 @@ struct session_op {

* "cryptop" (no underscore).

struct session2_op {

- u_int32_t cipher; /* ie. CRYPTO_DES_CBC */

+ u_int32_t cipher; /* ie. CRYPTO_AES_CBC */

u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */

u_int32_t keylen; /* cipher key */

diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c
index bfa97dca951e..117be15bf9f3 100644
--- a/sys/opencrypto/xform.c
+++ b/sys/opencrypto/xform.c

@@ -59,7 +59,6 @@ __FBSDID("$FreeBSD$");

#include <sys/kernel.h>

#include <machine/cpu.h>

-#include <crypto/des/des.h>

#include <crypto/rijndael/rijndael.h>

#include <crypto/camellia/camellia.h>

#include <crypto/sha1.h>

@@ -76,8 +75,6 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");

/* Include the encryption algorithms */

#include "xform_null.c"

-#include "xform_des1.c"

-#include "xform_des3.c"

#include "xform_rijndael.c"

#include "xform_aes_icm.c"

#include "xform_aes_xts.c"

diff --git a/sys/opencrypto/xform_des1.c b/sys/opencrypto/xform_des1.c
deleted file mode 100644
index 0a778eefb076..000000000000
--- a/sys/opencrypto/xform_des1.c
+++ /dev/null

@@ -1,114 +0,0 @@

-/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */

-/*-

- * The authors of this code are John Ioannidis (ji@tla.org),

- * Angelos D. Keromytis (kermit@csd.uch.gr),

- * Niels Provos (provos@physnet.uni-hamburg.de) and

- * Damien Miller (djm@mindrot.org).

- *

- * This code was written by John Ioannidis for BSD/OS in Athens, Greece,

- * in November 1995.

- *

- * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,

- * by Angelos D. Keromytis.

- *

- * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis

- * and Niels Provos.

- *

- * Additional features in 1999 by Angelos D. Keromytis.

- *

- * AES XTS implementation in 2008 by Damien Miller

- *

- * Angelos D. Keromytis and Niels Provos.

- *

- * Portions of this software were developed by John-Mark Gurney

- * under sponsorship of the FreeBSD Foundation and

- * Rubicon Communications, LLC (Netgate).

- *

- * Permission to use, copy, and modify this software with or without fee

- * is hereby granted, provided that this entire notice is included in

- * all copies of any software which is or includes a copy or

- * modification of this software.

- * You may use this code under the GNU public license if you so wish. Please

- * contribute changes back to the authors under this freer than GPL license

- * so that we may further the use of strong encryption without limitations to

- * all.

- *

- * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR

- * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY

- * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE

- * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR

- * PURPOSE.

- */

-#include <sys/cdefs.h>

-__FBSDID("$FreeBSD$");

-#include <crypto/des/des.h>

-#include <opencrypto/xform_enc.h>

-static int des1_setkey(u_int8_t **, const u_int8_t *, int);

-static void des1_encrypt(caddr_t, u_int8_t *);

-static void des1_decrypt(caddr_t, u_int8_t *);

-static void des1_zerokey(u_int8_t **);

-/* Encryption instances */

-struct enc_xform enc_xform_des = {

- CRYPTO_DES_CBC, "DES",

- DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY,

- des1_encrypt,

- des1_decrypt,

- des1_setkey,

- des1_zerokey,

- NULL,

-};

-/*

- * Encryption wrapper routines.

- */

-static void

-des1_encrypt(caddr_t key, u_int8_t *blk)

- des_key_schedule *p = (des_key_schedule *) key;

- des_ecb_encrypt(blk, blk, p[0], DES_ENCRYPT);

-static void

-des1_decrypt(caddr_t key, u_int8_t *blk)

- des_key_schedule *p = (des_key_schedule *) key;

- des_ecb_encrypt(blk, blk, p[0], DES_DECRYPT);

-static int

-des1_setkey(u_int8_t **sched, const u_int8_t *key, int len)

- des_key_schedule *p;

- int err;

- p = KMALLOC(sizeof (des_key_schedule),

- M_CRYPTO_DATA, M_NOWAIT|M_ZERO);

- if (p != NULL) {

- des_set_key(key, p[0]);

- err = 0;

- } else

- err = ENOMEM;

- *sched = (u_int8_t *) p;

- return err;

-static void

-des1_zerokey(u_int8_t **sched)

- bzero(*sched, sizeof (des_key_schedule));

- KFREE(*sched, M_CRYPTO_DATA);

- *sched = NULL;

diff --git a/sys/opencrypto/xform_des3.c b/sys/opencrypto/xform_des3.c
deleted file mode 100644
index ea32a1ab49ff..000000000000
--- a/sys/opencrypto/xform_des3.c
+++ /dev/null

@@ -1,117 +0,0 @@

-/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */

-/*-

- * The authors of this code are John Ioannidis (ji@tla.org),

- * Angelos D. Keromytis (kermit@csd.uch.gr),

- * Niels Provos (provos@physnet.uni-hamburg.de) and

- * Damien Miller (djm@mindrot.org).

- *

- * This code was written by John Ioannidis for BSD/OS in Athens, Greece,

- * in November 1995.

- *

- * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,

- * by Angelos D. Keromytis.

- *

- * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis

- * and Niels Provos.

- *

- * Additional features in 1999 by Angelos D. Keromytis.

- *

- * AES XTS implementation in 2008 by Damien Miller

- *

- * Angelos D. Keromytis and Niels Provos.

- *

- * Portions of this software were developed by John-Mark Gurney

- * under sponsorship of the FreeBSD Foundation and

- * Rubicon Communications, LLC (Netgate).

- *

- * Permission to use, copy, and modify this software with or without fee

- * is hereby granted, provided that this entire notice is included in

- * all copies of any software which is or includes a copy or

- * modification of this software.

- * You may use this code under the GNU public license if you so wish. Please

- * contribute changes back to the authors under this freer than GPL license

- * so that we may further the use of strong encryption without limitations to

- * all.

- *

- * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR

- * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY

- * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE

- * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR

- * PURPOSE.

- */

-#include <sys/cdefs.h>

-__FBSDID("$FreeBSD$");

-#include <crypto/des/des.h>

-#include <opencrypto/xform_enc.h>

-static int des3_setkey(u_int8_t **, const u_int8_t *, int);

-static void des3_encrypt(caddr_t, u_int8_t *);

-static void des3_decrypt(caddr_t, u_int8_t *);

-static void des3_zerokey(u_int8_t **);

-/* Encryption instances */

-struct enc_xform enc_xform_3des = {

- CRYPTO_3DES_CBC, "3DES",

- DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY,

- TRIPLE_DES_MAX_KEY,

- des3_encrypt,

- des3_decrypt,

- des3_setkey,

- des3_zerokey,

- NULL,

-};

-/*

- * Encryption wrapper routines.

- */

-static void

-des3_encrypt(caddr_t key, u_int8_t *blk)

- des_key_schedule *p = (des_key_schedule *) key;

- des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_ENCRYPT);

-static void

-des3_decrypt(caddr_t key, u_int8_t *blk)

- des_key_schedule *p = (des_key_schedule *) key;

- des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_DECRYPT);

-static int

-des3_setkey(u_int8_t **sched, const u_int8_t *key, int len)

- des_key_schedule *p;

- int err;

- p = KMALLOC(3*sizeof (des_key_schedule),

- M_CRYPTO_DATA, M_NOWAIT|M_ZERO);

- if (p != NULL) {

- des_set_key(key + 0, p[0]);

- des_set_key(key + 8, p[1]);

- des_set_key(key + 16, p[2]);

- err = 0;

- } else

- err = ENOMEM;

- *sched = (u_int8_t *) p;

- return err;

-static void

-des3_zerokey(u_int8_t **sched)

- bzero(*sched, 3*sizeof (des_key_schedule));

- KFREE(*sched, M_CRYPTO_DATA);

- *sched = NULL;

diff --git a/sys/opencrypto/xform_enc.h b/sys/opencrypto/xform_enc.h
index de47dc0a6998..6597ffb74205 100644
--- a/sys/opencrypto/xform_enc.h
+++ b/sys/opencrypto/xform_enc.h

@@ -68,8 +68,6 @@ struct enc_xform {

extern struct enc_xform enc_xform_null;

-extern struct enc_xform enc_xform_des;

-extern struct enc_xform enc_xform_3des;

extern struct enc_xform enc_xform_blf;

extern struct enc_xform enc_xform_rijndael128;

extern struct enc_xform enc_xform_aes_icm;