Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Add support for accelerated AES_CBC in ubsec(4) for BCM5823 ...
details: https://anonhg.NetBSD.org/src/rev/650616a9d94a
branches: trunk
changeset: 328822:650616a9d94a
user: bad <bad%NetBSD.org@localhost>
date: Sat Apr 19 12:29:24 2014 +0000
description:
Add support for accelerated AES_CBC in ubsec(4) for BCM5823 and newer.
Update man-page and bump date.
Adjust OpenBSD RCS IDs to reflect roughly the version we are in sync with.
diffstat:
doc/CHANGES | 4 +-
share/man/man4/ubsec.4 | 24 ++--
sys/dev/pci/ubsec.c | 263 +++++++++++++++++++++++++++++++++++-------------
sys/dev/pci/ubsecreg.h | 56 ++++++++-
sys/dev/pci/ubsecvar.h | 13 +-
5 files changed, 262 insertions(+), 98 deletions(-)
diffs (truncated from 649 to 300 lines):
diff -r 173af961b7f9 -r 650616a9d94a doc/CHANGES
--- a/doc/CHANGES Sat Apr 19 08:03:21 2014 +0000
+++ b/doc/CHANGES Sat Apr 19 12:29:24 2014 +0000
@@ -1,4 +1,4 @@
-# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.1915 $>
+# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.1916 $>
#
#
# [Note: This file does not mention every change made to the NetBSD source tree.
@@ -390,3 +390,5 @@
hp300: Add sti(4) at sgc screen console support to bootloader.
[tsutsui 20140413]
hp300: Add HP9000/425e RTC support. [tsutsui 20140419]
+ ubsec(4): Add support for AES-CBC modes and BCM586x chips.
+ [bad 20140419]
diff -r 173af961b7f9 -r 650616a9d94a share/man/man4/ubsec.4
--- a/share/man/man4/ubsec.4 Sat Apr 19 08:03:21 2014 +0000
+++ b/share/man/man4/ubsec.4 Sat Apr 19 12:29:24 2014 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ubsec.4,v 1.4 2004/04/29 19:42:29 jonathan Exp $
+.\" $NetBSD: ubsec.4,v 1.5 2014/04/19 12:29:24 bad Exp $
.\" $FreeBSD: src/share/man/man4/ubsec.4,v 1.1.2.1 2002/11/21 23:57:24 sam Exp $
.\" $OpenBSD: ubsec.4,v 1.26 2003/09/03 15:55:41 jason Exp $
.\"
@@ -26,7 +26,7 @@
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 10, 2000
+.Dd April 19, 2014
.Dt UBSEC 4
.Os
.Sh NAME
@@ -43,9 +43,6 @@
The original chipset, no longer made.
This extremely rare unit
was not very fast, lacked an RNG, and had a number of other bugs.
-.It Bluesteel 5601
-A faster and fixed version of the original, with a random number
-unit and large number engine added.
.It Broadcom BCM5801
A BCM5805 without public key engine or random number generator.
.It Broadcom BCM5802
@@ -56,13 +53,19 @@
64 bit version of the chip, and significantly more advanced.
.It Broadcom BCM5821
Faster version of the BCM5820.
-(This is the chip found on the Sun Crypto Accelerator 1000.)
+This is the chip found on the Sun Crypto Accelerator 1000.
.It Broadcom BCM5822
Faster version of the BCM5820.
.It Broadcom BCM5823
-Faster version of the BCM5822.
-.It Broadcom BCM5823
-Faster version of the BCM5821, with AES hardware.
+Faster version of the BCM5822 that also supports AES.
+.It Broadcom BCM5825
+Faster PCI Express or PCI-X version of the chip.
+.It Broadcom BCM5860
+IPSec/SSL Security Processor that is faster and has more features.
+.It Broadcom BCM5861
+Faster version of the BCM5860.
+.It Broadcom BCM5862
+Faster version of the BCM5861.
.El
.Pp
The
@@ -74,6 +77,7 @@
.Xr fast_ipsec 4
and
.Xr crypto 4 .
+The driver also supports acceleration of AES-CBC with the BCM5823 or newer.
.Pp
On those models which contain a public key engine (almost all of the
more recent ones), this feature is registered with the
@@ -105,5 +109,3 @@
.Nx 2.0 .
.Sh BUGS
The BCM5801 and BCM5802 have not actually been tested.
-.Pp
-Whilst some of the newer chips support AES, AES is not supported by the driver.
diff -r 173af961b7f9 -r 650616a9d94a sys/dev/pci/ubsec.c
--- a/sys/dev/pci/ubsec.c Sat Apr 19 08:03:21 2014 +0000
+++ b/sys/dev/pci/ubsec.c Sat Apr 19 12:29:24 2014 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: ubsec.c,v 1.39 2014/04/18 22:25:58 bad Exp $ */
+/* $NetBSD: ubsec.c,v 1.40 2014/04/19 12:29:24 bad Exp $ */
/* $FreeBSD: src/sys/dev/ubsec/ubsec.c,v 1.6.2.6 2003/01/23 21:06:43 sam Exp $ */
-/* $OpenBSD: ubsec.c,v 1.127 2003/06/04 14:04:58 jason Exp $ */
+/* $OpenBSD: ubsec.c,v 1.143 2009/03/27 13:31:30 reyk Exp$ */
/*
* Copyright (c) 2000 Jason L. Wright (jason%thought.net@localhost)
@@ -35,12 +35,12 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ubsec.c,v 1.39 2014/04/18 22:25:58 bad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ubsec.c,v 1.40 2014/04/19 12:29:24 bad Exp $");
#undef UBSEC_DEBUG
/*
- * uBsec 5[56]01, bcm580xx, bcm582x hardware crypto accelerator
+ * uBsec 5[56]01, 58xx hardware crypto accelerator
*/
#include <sys/param.h>
@@ -270,7 +270,7 @@
{ PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5823,
UBS_FLAGS_KEY | UBS_FLAGS_RNG | UBS_FLAGS_LONGCTX |
- UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY,
+ UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY | UBS_FLAGS_AES,
BS_STAT_MCR1_DONE | BS_STAT_DMAERR |
BS_STAT_MCR1_ALLEMPTY | BS_STAT_MCR2_ALLEMPTY,
UBS_MIN_AGGR,
@@ -279,7 +279,7 @@
{ PCI_VENDOR_BROADCOM, PCI_PRODUCT_BROADCOM_5825,
UBS_FLAGS_KEY | UBS_FLAGS_RNG | UBS_FLAGS_LONGCTX |
- UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY,
+ UBS_FLAGS_HWNORM | UBS_FLAGS_BIGKEY | UBS_FLAGS_AES,
BS_STAT_MCR1_DONE | BS_STAT_DMAERR |
BS_STAT_MCR1_ALLEMPTY | BS_STAT_MCR2_ALLEMPTY,
UBS_MIN_AGGR,
@@ -290,7 +290,7 @@
UBS_FLAGS_MULTIMCR | UBS_FLAGS_HWNORM |
UBS_FLAGS_LONGCTX |
UBS_FLAGS_RNG | UBS_FLAGS_RNG4 |
- UBS_FLAGS_KEY | UBS_FLAGS_BIGKEY,
+ UBS_FLAGS_KEY | UBS_FLAGS_BIGKEY | UBS_FLAGS_AES,
BS_STAT_MCR1_DONE | BS_STAT_DMAERR |
BS_STAT_MCR1_ALLEMPTY | BS_STAT_MCR2_ALLEMPTY |
BS_STAT_MCR3_ALLEMPTY | BS_STAT_MCR4_ALLEMPTY,
@@ -302,7 +302,7 @@
UBS_FLAGS_MULTIMCR | UBS_FLAGS_HWNORM |
UBS_FLAGS_LONGCTX |
UBS_FLAGS_RNG | UBS_FLAGS_RNG4 |
- UBS_FLAGS_KEY | UBS_FLAGS_BIGKEY,
+ UBS_FLAGS_KEY | UBS_FLAGS_BIGKEY | UBS_FLAGS_AES,
BS_STAT_MCR1_DONE | BS_STAT_DMAERR |
BS_STAT_MCR1_ALLEMPTY | BS_STAT_MCR2_ALLEMPTY |
BS_STAT_MCR3_ALLEMPTY | BS_STAT_MCR4_ALLEMPTY,
@@ -314,7 +314,7 @@
UBS_FLAGS_MULTIMCR | UBS_FLAGS_HWNORM |
UBS_FLAGS_LONGCTX |
UBS_FLAGS_RNG | UBS_FLAGS_RNG4 |
- UBS_FLAGS_KEY | UBS_FLAGS_BIGKEY,
+ UBS_FLAGS_KEY | UBS_FLAGS_BIGKEY | UBS_FLAGS_AES,
BS_STAT_MCR1_DONE | BS_STAT_DMAERR |
BS_STAT_MCR1_ALLEMPTY | BS_STAT_MCR2_ALLEMPTY |
BS_STAT_MCR3_ALLEMPTY | BS_STAT_MCR4_ALLEMPTY,
@@ -463,6 +463,10 @@
ubsec_newsession, ubsec_freesession, ubsec_process, sc);
crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC_96, 0, 0,
ubsec_newsession, ubsec_freesession, ubsec_process, sc);
+ if (sc->sc_flags & UBS_FLAGS_AES) {
+ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0,
+ ubsec_newsession, ubsec_freesession, ubsec_process, sc);
+ }
/*
* Reset Broadcom chip
@@ -1000,7 +1004,8 @@
return (EINVAL);
macini = c;
} else if (c->cri_alg == CRYPTO_DES_CBC ||
- c->cri_alg == CRYPTO_3DES_CBC) {
+ c->cri_alg == CRYPTO_3DES_CBC ||
+ c->cri_alg == CRYPTO_AES_CBC) {
if (encini)
return (EINVAL);
encini = c;
@@ -1010,6 +1015,17 @@
if (encini == NULL && macini == NULL)
return (EINVAL);
+ if (encini && encini->cri_alg == CRYPTO_AES_CBC) {
+ switch (encini->cri_klen) {
+ case 128:
+ case 192:
+ case 256:
+ break;
+ default:
+ return (EINVAL);
+ }
+ }
+
if (sc->sc_sessions == NULL) {
ses = sc->sc_sessions = (struct ubsec_session *)malloc(
sizeof(struct ubsec_session), M_DEVBUF, M_NOWAIT);
@@ -1053,19 +1069,23 @@
#endif
/* Go ahead and compute key in ubsec's byte order */
+ if (encini->cri_alg == CRYPTO_AES_CBC) {
+ memcpy(ses->ses_key, encini->cri_key,
+ encini->cri_klen / 8);
+ }
if (encini->cri_alg == CRYPTO_DES_CBC) {
- memcpy(&ses->ses_deskey[0], encini->cri_key, 8);
- memcpy(&ses->ses_deskey[2], encini->cri_key, 8);
- memcpy(&ses->ses_deskey[4], encini->cri_key, 8);
+ memcpy(&ses->ses_key[0], encini->cri_key, 8);
+ memcpy(&ses->ses_key[2], encini->cri_key, 8);
+ memcpy(&ses->ses_key[4], encini->cri_key, 8);
} else
- memcpy(ses->ses_deskey, encini->cri_key, 24);
-
- SWAP32(ses->ses_deskey[0]);
- SWAP32(ses->ses_deskey[1]);
- SWAP32(ses->ses_deskey[2]);
- SWAP32(ses->ses_deskey[3]);
- SWAP32(ses->ses_deskey[4]);
- SWAP32(ses->ses_deskey[5]);
+ memcpy(ses->ses_key, encini->cri_key, 24);
+
+ SWAP32(ses->ses_key[0]);
+ SWAP32(ses->ses_key[1]);
+ SWAP32(ses->ses_key[2]);
+ SWAP32(ses->ses_key[3]);
+ SWAP32(ses->ses_key[4]);
+ SWAP32(ses->ses_key[5]);
}
if (macini) {
@@ -1172,9 +1192,10 @@
int encoffset = 0, macoffset = 0, cpskip, cpoffset;
int sskip, dskip, stheend, dtheend;
int16_t coffset;
- struct ubsec_session *ses;
- struct ubsec_pktctx ctx;
+ struct ubsec_session *ses, key;
struct ubsec_dma *dmap = NULL;
+ u_int16_t flags = 0;
+ int ivlen = 0, keylen = 0;
sc = arg;
KASSERT(sc != NULL /*, ("ubsec_process: null softc")*/);
@@ -1204,7 +1225,7 @@
dmap = q->q_dma; /* Save dma pointer */
/* don't lose the cached dmamaps q_src_map and q_cached_dst_map */
memset(q, 0, offsetof(struct ubsec_q, q_src_map));
- memset(&ctx, 0, sizeof(ctx));
+ memset(&key, 0, sizeof(key));
q->q_sesn = UBSEC_SESSION(crp->crp_sid);
q->q_dma = dmap;
@@ -1242,7 +1263,8 @@
maccrd = crd1;
enccrd = NULL;
} else if (crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC) {
+ crd1->crd_alg == CRYPTO_3DES_CBC ||
+ crd1->crd_alg == CRYPTO_AES_CBC) {
maccrd = NULL;
enccrd = crd1;
} else {
@@ -1254,14 +1276,16 @@
if ((crd1->crd_alg == CRYPTO_MD5_HMAC_96 ||
crd1->crd_alg == CRYPTO_SHA1_HMAC_96) &&
(crd2->crd_alg == CRYPTO_DES_CBC ||
- crd2->crd_alg == CRYPTO_3DES_CBC) &&
+ crd2->crd_alg == CRYPTO_3DES_CBC ||
+ crd2->crd_alg == CRYPTO_AES_CBC) &&
((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
maccrd = crd1;
enccrd = crd2;
} else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC) &&
+ crd1->crd_alg == CRYPTO_3DES_CBC ||
+ crd1->crd_alg == CRYPTO_AES_CBC) &&
(crd2->crd_alg == CRYPTO_MD5_HMAC_96 ||
- crd2->crd_alg == CRYPTO_SHA1_HMAC_96) &&
+ crd2->crd_alg == CRYPTO_SHA1_HMAC_96) &&
(crd1->crd_flags & CRD_F_ENCRYPT)) {
enccrd = crd1;
maccrd = crd2;
@@ -1276,67 +1300,89 @@
}
if (enccrd) {
+ if (enccrd->crd_alg == CRYPTO_AES_CBC) {
+ if ((sc->sc_flags & UBS_FLAGS_AES) == 0) {
+ /*
+ * We cannot order the ubsec as requested
+ */
+ ubsecstats.hst_badalg++;
+ err = EINVAL;
+ goto errout;
+ }
+ flags |= htole16(UBS_PKTCTX_ENC_AES);
+ switch (enccrd->crd_klen) {
+ case 128:
+ case 192:
+ case 256:
+ keylen = enccrd->crd_klen / 8;
+ break;
+ default:
Home |
Main Index |
Thread Index |
Old Index