Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/arch/x86 padlock(4): Remove legacy rijndael API use.



details:   https://anonhg.NetBSD.org/src/rev/cc5301e54a6a
branches:  trunk
changeset: 935310:cc5301e54a6a
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Mon Jun 29 23:38:02 2020 +0000

description:
padlock(4): Remove legacy rijndael API use.

This doesn't actually need to compute AES -- it just needs the
standard AES key schedule, so use the BearSSL constant-time key
schedule implementation.

XXX Compile-tested only.
XXX The byte-order business here seems highly questionable.

diffstat:

 sys/arch/x86/conf/files.x86        |   4 ++--
 sys/arch/x86/include/via_padlock.h |  10 +++++-----
 sys/arch/x86/x86/via_padlock.c     |  31 +++++++++++++++++++++----------
 3 files changed, 28 insertions(+), 17 deletions(-)

diffs (130 lines):

diff -r 029ba5b3e0c6 -r cc5301e54a6a sys/arch/x86/conf/files.x86
--- a/sys/arch/x86/conf/files.x86       Mon Jun 29 23:36:59 2020 +0000
+++ b/sys/arch/x86/conf/files.x86       Mon Jun 29 23:38:02 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: files.x86,v 1.112 2020/06/29 23:29:39 riastradh Exp $
+#      $NetBSD: files.x86,v 1.113 2020/06/29 23:38:02 riastradh Exp $
 
 # options for MP configuration through the MP spec
 defflag opt_mpbios.h MPBIOS MPDEBUG MPBIOS_SCANPCI
@@ -59,7 +59,7 @@
 attach odcm at cpufeaturebus
 file   arch/x86/x86/odcm.c             odcm
 
-device padlock: opencrypto, rijndael
+device padlock: opencrypto, aes
 attach padlock at cpufeaturebus
 file   arch/x86/x86/via_padlock.c      padlock
 
diff -r 029ba5b3e0c6 -r cc5301e54a6a sys/arch/x86/include/via_padlock.h
--- a/sys/arch/x86/include/via_padlock.h        Mon Jun 29 23:36:59 2020 +0000
+++ b/sys/arch/x86/include/via_padlock.h        Mon Jun 29 23:38:02 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: via_padlock.h,v 1.9 2016/02/27 00:54:59 tls Exp $      */
+/*     $NetBSD: via_padlock.h,v 1.10 2020/06/29 23:38:02 riastradh Exp $       */
 
 /*-
  * Copyright (c) 2003 Jason Wright
@@ -25,7 +25,8 @@
 
 #include <sys/rndsource.h>
 #include <sys/callout.h>
-#include <crypto/rijndael/rijndael.h>
+
+#include <crypto/aes/aes.h>
 
 /* VIA C3 xcrypt-* instruction context control options */
 #define C3_CRYPT_CWLO_ROUND_M          0x0000000f
@@ -43,9 +44,8 @@
 #define C3_CRYPT_CWLO_KEY256           0x0000080e      /* 256bit, 15 rds */
 
 struct via_padlock_session {
-        uint32_t       ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4]; /* 128 bit aligned */
-        uint32_t       ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4]; /* 128 bit aligned */
-        uint8_t        ses_iv[16];                             /* 128 bit aligned */
+        uint32_t       ses_ekey[4*(AES_256_NROUNDS + 1)];
+        uint32_t       ses_dkey[4*(AES_256_NROUNDS + 1)];
         uint32_t       ses_cw0;
         struct swcr_data       *swd;
         int    ses_klen;
diff -r 029ba5b3e0c6 -r cc5301e54a6a sys/arch/x86/x86/via_padlock.c
--- a/sys/arch/x86/x86/via_padlock.c    Mon Jun 29 23:36:59 2020 +0000
+++ b/sys/arch/x86/x86/via_padlock.c    Mon Jun 29 23:38:02 2020 +0000
@@ -1,5 +1,5 @@
 /*     $OpenBSD: via.c,v 1.8 2006/11/17 07:47:56 tom Exp $     */
-/*     $NetBSD: via_padlock.c,v 1.29 2020/06/14 23:20:15 riastradh Exp $ */
+/*     $NetBSD: via_padlock.c,v 1.30 2020/06/29 23:38:02 riastradh Exp $ */
 
 /*-
  * Copyright (c) 2003 Jason Wright
@@ -20,7 +20,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: via_padlock.c,v 1.29 2020/06/14 23:20:15 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: via_padlock.c,v 1.30 2020/06/29 23:38:02 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -37,10 +37,11 @@
 #include <machine/cpufunc.h>
 #include <machine/cpuvar.h>
 
+#include <crypto/aes/aes_bear.h>
+
 #include <opencrypto/cryptodev.h>
 #include <opencrypto/cryptosoft.h>
 #include <opencrypto/xform.h>
-#include <crypto/rijndael/rijndael.h>
 
 #include <opencrypto/cryptosoft_xform.c>
 
@@ -174,14 +175,29 @@
        for (c = cri; c != NULL; c = c->cri_next) {
                switch (c->cri_alg) {
                case CRYPTO_AES_CBC:
+                       memset(ses->ses_ekey, 0, sizeof(ses->ses_ekey));
+                       memset(ses->ses_dkey, 0, sizeof(ses->ses_dkey));
+
                        switch (c->cri_klen) {
                        case 128:
+                               br_aes_ct_keysched_stdenc(ses->ses_ekey,
+                                   c->cri_key, 16);
+                               br_aes_ct_keysched_stddec(ses->ses_dkey,
+                                   c->cri_key, 16);
                                cw0 = C3_CRYPT_CWLO_KEY128;
                                break;
                        case 192:
+                               br_aes_ct_keysched_stdenc(ses->ses_ekey,
+                                   c->cri_key, 24);
+                               br_aes_ct_keysched_stddec(ses->ses_dkey,
+                                   c->cri_key, 24);
                                cw0 = C3_CRYPT_CWLO_KEY192;
                                break;
                        case 256:
+                               br_aes_ct_keysched_stdenc(ses->ses_ekey,
+                                   c->cri_key, 32);
+                               br_aes_ct_keysched_stddec(ses->ses_dkey,
+                                   c->cri_key, 32);
                                cw0 = C3_CRYPT_CWLO_KEY256;
                                break;
                        default:
@@ -194,16 +210,11 @@
                        ses->ses_klen = c->cri_klen;
                        ses->ses_cw0 = cw0;
 
-                       /* Build expanded keys for both directions */
-                       rijndaelKeySetupEnc(ses->ses_ekey, c->cri_key,
-                           c->cri_klen);
-                       rijndaelKeySetupDec(ses->ses_dkey, c->cri_key,
-                           c->cri_klen);
-                       for (i = 0; i < 4 * (RIJNDAEL_MAXNR + 1); i++) {
+                       /* Convert words to host byte order (???) */
+                       for (i = 0; i < 4*(AES_256_NROUNDS + 1); i++) {
                                ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
                                ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
                        }
-
                        break;
 
                /* Use hashing implementations from the cryptosoft code. */



Home | Main Index | Thread Index | Old Index