KumiSystems/openwrtv4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ocf-linux: version bump to 20110720

Browse source 
Fixes problem with TFM allocation in cryptosoft.c

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

Hauke:
 * remove ubsec_ssb package and take it from ocf-linux
 * use patches from ocf-linux package
 * refresh all patches
 * readd some build fixes for OpenWrt.
 * readd CRYPTO_MANAGER dependency

SVN-Revision: 27753
This commit is contained in:
Hauke Mehrtens 2011-07-24 14:17:58 +00:00
parent 8ecad9c51a
commit 00dd85d8f6
63 changed files with 1264 additions and 2768 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
package/kernel/modules/crypto.mk
View file

@ -455,3 +455,19 @@ define KernelPackage/crypto-mv-cesa
endef
$(eval $(call KernelPackage,crypto-mv-cesa))
define KernelPackage/ocf-ubsec-ssb
TITLE:=BCM5365P IPSec Core driver
DEPENDS:=@TARGET_brcm47xx +kmod-crypto-ocf
KCONFIG:=CONFIG_OCF_UBSEC_SSB
FILES:=$(LINUX_DIR)/crypto/ocf/ubsec_ssb/ubsec_ssb.ko
AUTOLOAD:=$(call AutoLoad,10,ubsec_ssb)
$(call AddDepends/crypto)
endef
define KernelPackage/ocf-ubsec-ssb/description
This package contains the OCF driver for the BCM5365p IPSec Core
endef
$(eval $(call KernelPackage,ocf-ubsec-ssb))

2
package/ocf-crypto-headers/Makefile
View file

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ocf-crypto-headers
PKG_VERSION:=20080917
PKG_VERSION:=20110720
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)

8
package/ocf-crypto-headers/src/cryptodev.h
View file

@ -2,8 +2,8 @@
/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
/*-
* Linux port done by David McCullough <david_mccullough@securecomputing.com>
* Copyright (C) 2006-2007 David McCullough
* Linux port done by David McCullough <david_mccullough@mcafee.com>
* Copyright (C) 2006-2010 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
* The license and original author are listed below.
*
@ -156,7 +156,8 @@
#define CRYPTO_SHA2_384 23
#define CRYPTO_SHA2_512 24
#define CRYPTO_RIPEMD160 25
#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */
#define CRYPTO_LZS_COMP 26
#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
@ -336,6 +337,7 @@ struct cryptodesc {
#define crd_key CRD_INI.cri_key
#define crd_alg CRD_INI.cri_alg
#define crd_klen CRD_INI.cri_klen
#define crd_mlen CRD_INI.cri_mlen
struct cryptodesc *crd_next;
};

48
package/ubsec_ssb/Makefile
View file

@ -1,48 +0,0 @@
#
# Copyright (C) 2008 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ubsec-ssb
PKG_VERSION:=2009-02-21
PKG_RELEASE:=1
CRYPTO_MENU:=OCF Configuration
include $(INCLUDE_DIR)/package.mk
define KernelPackage/ocf-ubsec-ssb
SUBMENU:=$(CRYPTO_MENU)
DEPENDS:=@TARGET_brcm47xx +kmod-crypto-core +kmod-crypto-ocf
TITLE:=BCM5365P IPSec Core driver
FILES:=$(PKG_BUILD_DIR)/src/ubsec_ssb.ko
AUTOLOAD:=$(call AutoLoad,09,ubsec_ssb)
endef
define KernelPackage/ocf-ubsec-ssb/description
This package contains the OCF driver for the BCM5365p IPSec Core
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
$(CP) -r ./src $(PKG_BUILD_DIR)/
endef
LINUX_PATCHLEVEL:=$(shell echo "$(LINUX_VERSION)" | cut -d. -f2)
define Build/Compile
$(MAKE) -C $(LINUX_DIR) \
ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
PATCHLEVEL="$(LINUX_PATCHLEVEL)" \
KERNDIR="$(LINUX_DIR)" \
SUBDIRS="$(PKG_BUILD_DIR)/src" \
modules
endef
$(eval $(call KernelPackage,ocf-ubsec-ssb))

19
package/ubsec_ssb/src/Makefile
View file

@ -1,19 +0,0 @@
#
# Makefile for b5365ips driver
#
# Copyright (C) 2007 Daniel Mueller <daniel@danm.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version
# 2 of the License, or (at your option) any later version.
#
obj-m := ubsec_ssb.o
obj ?= .
ifeq ($(MAKING_MODULES),1)
-include $(TOPDIR)/Rules.make
endif

478
package/ubsec_ssb/src/cryptodev.h
View file

@ -1,478 +0,0 @@
/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */
/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
/*-
* Linux port done by David McCullough <david_mccullough@securecomputing.com>
* Copyright (C) 2006-2007 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
* The license and original author are listed below.
*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
* Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
*
* This code was written by Angelos D. Keromytis in Athens, Greece, in
* February 2000. Network Security Technologies Inc. (NSTI) kindly
* supported the development of this code.
*
* Copyright (c) 2000 Angelos D. Keromytis
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all source code copies of any software which is or includes a copy or
* modification of this software.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*
* Copyright (c) 2001 Theo de Raadt
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Effort sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F30602-01-2-0537.
*
*/
#ifndef _CRYPTO_CRYPTO_H_
#define _CRYPTO_CRYPTO_H_
/* Some initial values */
#define CRYPTO_DRIVERS_INITIAL 4
#define CRYPTO_SW_SESSIONS 32
/* Hash values */
#define NULL_HASH_LEN 0
#define MD5_HASH_LEN 16
#define SHA1_HASH_LEN 20
#define RIPEMD160_HASH_LEN 20
#define SHA2_256_HASH_LEN 32
#define SHA2_384_HASH_LEN 48
#define SHA2_512_HASH_LEN 64
#define MD5_KPDK_HASH_LEN 16
#define SHA1_KPDK_HASH_LEN 20
/* Maximum hash algorithm result length */
#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */
/* HMAC values */
#define NULL_HMAC_BLOCK_LEN 1
#define MD5_HMAC_BLOCK_LEN 64
#define SHA1_HMAC_BLOCK_LEN 64
#define RIPEMD160_HMAC_BLOCK_LEN 64
#define SHA2_256_HMAC_BLOCK_LEN 64
#define SHA2_384_HMAC_BLOCK_LEN 128
#define SHA2_512_HMAC_BLOCK_LEN 128
/* Maximum HMAC block length */
#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
/* Encryption algorithm block sizes */
#define NULL_BLOCK_LEN 1
#define DES_BLOCK_LEN 8
#define DES3_BLOCK_LEN 8
#define BLOWFISH_BLOCK_LEN 8
#define SKIPJACK_BLOCK_LEN 8
#define CAST128_BLOCK_LEN 8
#define RIJNDAEL128_BLOCK_LEN 16
#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
#define CAMELLIA_BLOCK_LEN 16
#define ARC4_BLOCK_LEN 1
#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
/* Encryption algorithm min and max key sizes */
#define NULL_MIN_KEY_LEN 0
#define NULL_MAX_KEY_LEN 0
#define DES_MIN_KEY_LEN 8
#define DES_MAX_KEY_LEN 8
#define DES3_MIN_KEY_LEN 24
#define DES3_MAX_KEY_LEN 24
#define BLOWFISH_MIN_KEY_LEN 4
#define BLOWFISH_MAX_KEY_LEN 56
#define SKIPJACK_MIN_KEY_LEN 10
#define SKIPJACK_MAX_KEY_LEN 10
#define CAST128_MIN_KEY_LEN 5
#define CAST128_MAX_KEY_LEN 16
#define RIJNDAEL128_MIN_KEY_LEN 16
#define RIJNDAEL128_MAX_KEY_LEN 32
#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN
#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN
#define CAMELLIA_MIN_KEY_LEN 16
#define CAMELLIA_MAX_KEY_LEN 32
#define ARC4_MIN_KEY_LEN 1
#define ARC4_MAX_KEY_LEN 256
/* Max size of data that can be processed */
#define CRYPTO_MAX_DATA_LEN 64*1024 - 1
#define CRYPTO_ALGORITHM_MIN 1
#define CRYPTO_DES_CBC 1
#define CRYPTO_3DES_CBC 2
#define CRYPTO_BLF_CBC 3
#define CRYPTO_CAST_CBC 4
#define CRYPTO_SKIPJACK_CBC 5
#define CRYPTO_MD5_HMAC 6
#define CRYPTO_SHA1_HMAC 7
#define CRYPTO_RIPEMD160_HMAC 8
#define CRYPTO_MD5_KPDK 9
#define CRYPTO_SHA1_KPDK 10
#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
#define CRYPTO_ARC4 12
#define CRYPTO_MD5 13
#define CRYPTO_SHA1 14
#define CRYPTO_NULL_HMAC 15
#define CRYPTO_NULL_CBC 16
#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */
#define CRYPTO_SHA2_256_HMAC 18
#define CRYPTO_SHA2_384_HMAC 19
#define CRYPTO_SHA2_512_HMAC 20
#define CRYPTO_CAMELLIA_CBC 21
#define CRYPTO_SHA2_256 22
#define CRYPTO_SHA2_384 23
#define CRYPTO_SHA2_512 24
#define CRYPTO_RIPEMD160 25
#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
/*
* Crypto driver/device flags. They can set in the crid
* parameter when creating a session or submitting a key
* op to affect the device/driver assigned. If neither
* of these are specified then the crid is assumed to hold
* the driver id of an existing (and suitable) device that
* must be used to satisfy the request.
*/
#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */
#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */
/* NB: deprecated */
struct session_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
u_int32_t keylen; /* cipher key */
caddr_t key;
int mackeylen; /* mac key */
caddr_t mackey;
u_int32_t ses; /* returns: session # */
};
struct session2_op {
u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
u_int32_t keylen; /* cipher key */
caddr_t key;
int mackeylen; /* mac key */
caddr_t mackey;
u_int32_t ses; /* returns: session # */
int crid; /* driver id + flags (rw) */
int pad[4]; /* for future expansion */
};
struct crypt_op {
u_int32_t ses;
u_int16_t op; /* i.e. COP_ENCRYPT */
#define COP_NONE 0
#define COP_ENCRYPT 1
#define COP_DECRYPT 2
u_int16_t flags;
#define COP_F_BATCH 0x0008 /* Batch op if possible */
u_int len;
caddr_t src, dst; /* become iov[] inside kernel */
caddr_t mac; /* must be big enough for chosen MAC */
caddr_t iv;
};
/*
* Parameters for looking up a crypto driver/device by
* device name or by id. The latter are returned for
* created sessions (crid) and completed key operations.
*/
struct crypt_find_op {
int crid; /* driver id + flags */
char name[32]; /* device/driver name */
};
/* bignum parameter, in packed bytes, ... */
struct crparam {
caddr_t crp_p;
u_int crp_nbits;
};
#define CRK_MAXPARAM 8
struct crypt_kop {
u_int crk_op; /* ie. CRK_MOD_EXP or other */
u_int crk_status; /* return status */
u_short crk_iparams; /* # of input parameters */
u_short crk_oparams; /* # of output parameters */
u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */
struct crparam crk_param[CRK_MAXPARAM];
};
#define CRK_ALGORITM_MIN 0
#define CRK_MOD_EXP 0
#define CRK_MOD_EXP_CRT 1
#define CRK_DSA_SIGN 2
#define CRK_DSA_VERIFY 3
#define CRK_DH_COMPUTE_KEY 4
#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */
#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
/*
* done against open of /dev/crypto, to get a cloned descriptor.
* Please use F_SETFD against the cloned descriptor.
*/
#define CRIOGET _IOWR('c', 100, u_int32_t)
#define CRIOASYMFEAT CIOCASYMFEAT
#define CRIOFINDDEV CIOCFINDDEV
/* the following are done against the cloned descriptor */
#define CIOCGSESSION _IOWR('c', 101, struct session_op)
#define CIOCFSESSION _IOW('c', 102, u_int32_t)
#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op)
#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop)
#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op)
struct cryptotstat {
struct timespec acc; /* total accumulated time */
struct timespec min; /* min time */
struct timespec max; /* max time */
u_int32_t count; /* number of observations */
};
struct cryptostats {
u_int32_t cs_ops; /* symmetric crypto ops submitted */
u_int32_t cs_errs; /* symmetric crypto ops that failed */
u_int32_t cs_kops; /* asymetric/key ops submitted */
u_int32_t cs_kerrs; /* asymetric/key ops that failed */
u_int32_t cs_intrs; /* crypto swi thread activations */
u_int32_t cs_rets; /* crypto return thread activations */
u_int32_t cs_blocks; /* symmetric op driver block */
u_int32_t cs_kblocks; /* symmetric op driver block */
/*
* When CRYPTO_TIMING is defined at compile time and the
* sysctl debug.crypto is set to 1, the crypto system will
* accumulate statistics about how long it takes to process
* crypto requests at various points during processing.
*/
struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */
struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */
struct cryptotstat cs_cb; /* crypto_done -> callback */
struct cryptotstat cs_finis; /* callback -> callback return */
u_int32_t cs_drops; /* crypto ops dropped due to congestion */
};
#ifdef __KERNEL__
/* Standard initialization structure beginning */
struct cryptoini {
int cri_alg; /* Algorithm to use */
int cri_klen; /* Key length, in bits */
int cri_mlen; /* Number of bytes we want from the
entire hash. 0 means all. */
caddr_t cri_key; /* key to use */
u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
struct cryptoini *cri_next;
};
/* Describe boundaries of a single crypto operation */
struct cryptodesc {
int crd_skip; /* How many bytes to ignore from start */
int crd_len; /* How many bytes to process */
int crd_inject; /* Where to inject results, if applicable */
int crd_flags;
#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
place, so don't copy. */
#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */
#define CRD_F_COMP 0x0f /* Set when doing compression */
struct cryptoini CRD_INI; /* Initialization/context data */
#define crd_iv CRD_INI.cri_iv
#define crd_key CRD_INI.cri_key
#define crd_alg CRD_INI.cri_alg
#define crd_klen CRD_INI.cri_klen
struct cryptodesc *crd_next;
};
/* Structure describing complete operation */
struct cryptop {
struct list_head crp_next;
wait_queue_head_t crp_waitq;
u_int64_t crp_sid; /* Session ID */
int crp_ilen; /* Input data total length */
int crp_olen; /* Result total length */
int crp_etype; /*
* Error type (zero means no error).
* All error codes except EAGAIN
* indicate possible data corruption (as in,
* the data have been touched). On all
* errors, the crp_sid may have changed
* (reset to a new one), so the caller
* should always check and use the new
* value on future requests.
*/
int crp_flags;
#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */
#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */
#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */
#define CRYPTO_F_DONE 0x0020 /* Operation completed */
#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */
caddr_t crp_buf; /* Data to be processed */
caddr_t crp_opaque; /* Opaque pointer, passed along */
struct cryptodesc *crp_desc; /* Linked list of processing descriptors */
int (*crp_callback)(struct cryptop *); /* Callback function */
};
#define CRYPTO_BUF_CONTIG 0x0
#define CRYPTO_BUF_IOV 0x1
#define CRYPTO_BUF_SKBUF 0x2
#define CRYPTO_OP_DECRYPT 0x0
#define CRYPTO_OP_ENCRYPT 0x1
/*
* Hints passed to process methods.
*/
#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */
struct cryptkop {
struct list_head krp_next;
wait_queue_head_t krp_waitq;
int krp_flags;
#define CRYPTO_KF_DONE 0x0001 /* Operation completed */
#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */
u_int krp_op; /* ie. CRK_MOD_EXP or other */
u_int krp_status; /* return status */
u_short krp_iparams; /* # of input parameters */
u_short krp_oparams; /* # of output parameters */
u_int krp_crid; /* desired device, etc. */
u_int32_t krp_hid;
struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
int (*krp_callback)(struct cryptkop *);
};
#include "ocf-compat.h"
/*
* Session ids are 64 bits. The lower 32 bits contain a "local id" which
* is a driver-private session identifier. The upper 32 bits contain a
* "hardware id" used by the core crypto code to identify the driver and
* a copy of the driver's capabilities that can be used by client code to
* optimize operation.
*/
#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff)
#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000)
#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
extern int crypto_freesession(u_int64_t sid);
#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE
#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE
#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */
extern int32_t crypto_get_driverid(device_t dev, int flags);
extern int crypto_find_driver(const char *);
extern device_t crypto_find_device_byhid(int hid);
extern int crypto_getcaps(int hid);
extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
u_int32_t flags);
extern int crypto_kregister(u_int32_t, int, u_int32_t);
extern int crypto_unregister(u_int32_t driverid, int alg);
extern int crypto_unregister_all(u_int32_t driverid);
extern int crypto_dispatch(struct cryptop *crp);
extern int crypto_kdispatch(struct cryptkop *);
#define CRYPTO_SYMQ 0x1
#define CRYPTO_ASYMQ 0x2
extern int crypto_unblock(u_int32_t, int);
extern void crypto_done(struct cryptop *crp);
extern void crypto_kdone(struct cryptkop *);
extern int crypto_getfeat(int *);
extern void crypto_freereq(struct cryptop *crp);
extern struct cryptop *crypto_getreq(int num);
extern int crypto_usercrypto; /* userland may do crypto requests */
extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */
extern int crypto_devallowsoft; /* only use hardware crypto */
/*
* random number support, crypto_unregister_all will unregister
*/
extern int crypto_rregister(u_int32_t driverid,
int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg);
extern int crypto_runregister_all(u_int32_t driverid);
/*
* Crypto-related utility routines used mainly by drivers.
*
* XXX these don't really belong here; but for now they're
* kept apart from the rest of the system.
*/
struct uio;
extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
extern void crypto_copyback(int flags, caddr_t buf, int off, int size,
caddr_t in);
extern void crypto_copydata(int flags, caddr_t buf, int off, int size,
caddr_t out);
extern int crypto_apply(int flags, caddr_t buf, int off, int len,
int (*f)(void *, void *, u_int), void *arg);
#endif /* __KERNEL__ */
#endif /* _CRYPTO_CRYPTO_H_ */

308
package/ubsec_ssb/src/md5.c
View file

@ -1,308 +0,0 @@
/* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#if 0
#include <sys/cdefs.h>
__FBSDID("$FreeBSD: src/sys/crypto/md5.c,v 1.9 2004/01/27 19:49:19 des Exp $");
#include <sys/types.h>
#include <sys/cdefs.h>
#include <sys/time.h>
#include <sys/systm.h>
#include <crypto/md5.h>
#endif
#define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s))))
#define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z)))
#define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z)))
#define H(X, Y, Z) ((X) ^ (Y) ^ (Z))
#define I(X, Y, Z) ((Y) ^ ((X) | (~Z)))
#define ROUND1(a, b, c, d, k, s, i) { \
(a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \
(a) = SHIFT((a), (s)); \
(a) = (b) + (a); \
}
#define ROUND2(a, b, c, d, k, s, i) { \
(a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \
(a) = SHIFT((a), (s)); \
(a) = (b) + (a); \
}
#define ROUND3(a, b, c, d, k, s, i) { \
(a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \
(a) = SHIFT((a), (s)); \
(a) = (b) + (a); \
}
#define ROUND4(a, b, c, d, k, s, i) { \
(a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \
(a) = SHIFT((a), (s)); \
(a) = (b) + (a); \
}
#define Sa 7
#define Sb 12
#define Sc 17
#define Sd 22
#define Se 5
#define Sf 9
#define Sg 14
#define Sh 20
#define Si 4
#define Sj 11
#define Sk 16
#define Sl 23
#define Sm 6
#define Sn 10
#define So 15
#define Sp 21
#define MD5_A0 0x67452301
#define MD5_B0 0xefcdab89
#define MD5_C0 0x98badcfe
#define MD5_D0 0x10325476
/* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */
static const u_int32_t T[65] = {
0,
0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391,
};
static const u_int8_t md5_paddat[MD5_BUFLEN] = {
0x80, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
};
static void md5_calc(u_int8_t *, md5_ctxt *);
void md5_init(ctxt)
md5_ctxt *ctxt;
{
ctxt->md5_n = 0;
ctxt->md5_i = 0;
ctxt->md5_sta = MD5_A0;
ctxt->md5_stb = MD5_B0;
ctxt->md5_stc = MD5_C0;
ctxt->md5_std = MD5_D0;
bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf));
}
void md5_loop(ctxt, input, len)
md5_ctxt *ctxt;
u_int8_t *input;
u_int len; /* number of bytes */
{
u_int gap, i;
ctxt->md5_n += len * 8; /* byte to bit */
gap = MD5_BUFLEN - ctxt->md5_i;
if (len >= gap) {
bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
gap);
md5_calc(ctxt->md5_buf, ctxt);
for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) {
md5_calc((u_int8_t *)(input + i), ctxt);
}
ctxt->md5_i = len - i;
bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
} else {
bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
len);
ctxt->md5_i += len;
}
}
void md5_pad(ctxt)
md5_ctxt *ctxt;
{
u_int gap;
/* Don't count up padding. Keep md5_n. */
gap = MD5_BUFLEN - ctxt->md5_i;
if (gap > 8) {
bcopy(md5_paddat,
(void *)(ctxt->md5_buf + ctxt->md5_i),
gap - sizeof(ctxt->md5_n));
} else {
/* including gap == 8 */
bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
gap);
md5_calc(ctxt->md5_buf, ctxt);
bcopy((md5_paddat + gap),
(void *)ctxt->md5_buf,
MD5_BUFLEN - sizeof(ctxt->md5_n));
}
/* 8 byte word */
#if BYTE_ORDER == LITTLE_ENDIAN
bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
#endif
#if BYTE_ORDER == BIG_ENDIAN
ctxt->md5_buf[56] = ctxt->md5_n8[7];
ctxt->md5_buf[57] = ctxt->md5_n8[6];
ctxt->md5_buf[58] = ctxt->md5_n8[5];
ctxt->md5_buf[59] = ctxt->md5_n8[4];
ctxt->md5_buf[60] = ctxt->md5_n8[3];
ctxt->md5_buf[61] = ctxt->md5_n8[2];
ctxt->md5_buf[62] = ctxt->md5_n8[1];
ctxt->md5_buf[63] = ctxt->md5_n8[0];
#endif
md5_calc(ctxt->md5_buf, ctxt);
}
void md5_result(digest, ctxt)
u_int8_t *digest;
md5_ctxt *ctxt;
{
/* 4 byte words */
#if BYTE_ORDER == LITTLE_ENDIAN
bcopy(&ctxt->md5_st8[0], digest, 16);
#endif
#if BYTE_ORDER == BIG_ENDIAN
digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2];
digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0];
digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6];
digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4];
digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10];
digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8];
digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14];
digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12];
#endif
}
static void md5_calc(b64, ctxt)
u_int8_t *b64;
md5_ctxt *ctxt;
{
u_int32_t A = ctxt->md5_sta;
u_int32_t B = ctxt->md5_stb;
u_int32_t C = ctxt->md5_stc;
u_int32_t D = ctxt->md5_std;
#if BYTE_ORDER == LITTLE_ENDIAN
u_int32_t *X = (u_int32_t *)b64;
#endif
#if BYTE_ORDER == BIG_ENDIAN
/* 4 byte words */
/* what a brute force but fast! */
u_int32_t X[16];
u_int8_t *y = (u_int8_t *)X;
y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0];
y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4];
y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8];
y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12];
y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16];
y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20];
y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24];
y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28];
y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32];
y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36];
y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40];
y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44];
y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48];
y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52];
y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56];
y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60];
#endif
ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2);
ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4);
ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6);
ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8);
ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10);
ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12);
ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14);
ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16);
ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18);
ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20);
ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22);
ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24);
ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26);
ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28);
ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30);
ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32);
ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34);
ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36);
ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38);
ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40);
ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42);
ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44);
ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46);
ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48);
ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50);
ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52);
ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54);
ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56);
ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58);
ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60);
ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62);
ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64);
ctxt->md5_sta += A;
ctxt->md5_stb += B;
ctxt->md5_stc += C;
ctxt->md5_std += D;
}

76
package/ubsec_ssb/src/md5.h
View file

@ -1,76 +0,0 @@
/* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */
/* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef _NETINET6_MD5_H_
#define _NETINET6_MD5_H_
#define MD5_BUFLEN 64
typedef struct {
union {
u_int32_t md5_state32[4];
u_int8_t md5_state8[16];
} md5_st;
#define md5_sta md5_st.md5_state32[0]
#define md5_stb md5_st.md5_state32[1]
#define md5_stc md5_st.md5_state32[2]
#define md5_std md5_st.md5_state32[3]
#define md5_st8 md5_st.md5_state8
union {
u_int64_t md5_count64;
u_int8_t md5_count8[8];
} md5_count;
#define md5_n md5_count.md5_count64
#define md5_n8 md5_count.md5_count8
u_int md5_i;
u_int8_t md5_buf[MD5_BUFLEN];
} md5_ctxt;
extern void md5_init(md5_ctxt *);
extern void md5_loop(md5_ctxt *, u_int8_t *, u_int);
extern void md5_pad(md5_ctxt *);
extern void md5_result(u_int8_t *, md5_ctxt *);
/* compatibility */
#define MD5_CTX md5_ctxt
#define MD5Init(x) md5_init((x))
#define MD5Update(x, y, z) md5_loop((x), (y), (z))
#define MD5Final(x, y) \
do { \
md5_pad((y)); \
md5_result((x), (y)); \
} while (0)
#endif /* ! _NETINET6_MD5_H_*/

270
package/ubsec_ssb/src/ocf-compat.h
View file

@ -1,270 +0,0 @@
#ifndef _BSD_COMPAT_H_
#define _BSD_COMPAT_H_ 1
/****************************************************************************/
/*
* Provide compat routines for older linux kernels and BSD kernels
*
* Written by David McCullough <david_mccullough@securecomputing.com>
* Copyright (C) 2007 David McCullough <david_mccullough@securecomputing.com>
*
* LICENSE TERMS
*
* The free distribution and use of this software in both source and binary
* form is allowed (with or without changes) provided that:
*
* 1. distributions of this source code include the above copyright
* notice, this list of conditions and the following disclaimer;
*
* 2. distributions in binary form include the above copyright
* notice, this list of conditions and the following disclaimer
* in the documentation and/or other associated materials;
*
* 3. the copyright holder's name is not used to endorse products
* built using this software without specific written permission.
*
* ALTERNATIVELY, provided that this notice is retained in full, this file
* may be distributed under the terms of the GNU General Public License (GPL),
* in which case the provisions of the GPL apply INSTEAD OF those given above.
*
* DISCLAIMER
*
* This software is provided 'as is' with no explicit or implied warranties
* in respect of its properties, including, but not limited to, correctness
* and/or fitness for purpose.
*/
/****************************************************************************/
#ifdef __KERNEL__
/*
* fake some BSD driver interface stuff specifically for OCF use
*/
typedef struct ocf_device *device_t;
typedef struct {
int (*cryptodev_newsession)(device_t dev, u_int32_t *sidp, struct cryptoini *cri);
int (*cryptodev_freesession)(device_t dev, u_int64_t tid);
int (*cryptodev_process)(device_t dev, struct cryptop *crp, int hint);
int (*cryptodev_kprocess)(device_t dev, struct cryptkop *krp, int hint);
} device_method_t;
#define DEVMETHOD(id, func) id: func
struct ocf_device {
char name[32]; /* the driver name */
char nameunit[32]; /* the driver name + HW instance */
int unit;
device_method_t methods;
void *softc;
};
#define CRYPTODEV_NEWSESSION(dev, sid, cri) \
((*(dev)->methods.cryptodev_newsession)(dev,sid,cri))
#define CRYPTODEV_FREESESSION(dev, sid) \
((*(dev)->methods.cryptodev_freesession)(dev, sid))
#define CRYPTODEV_PROCESS(dev, crp, hint) \
((*(dev)->methods.cryptodev_process)(dev, crp, hint))
#define CRYPTODEV_KPROCESS(dev, krp, hint) \
((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint))
#define device_get_name(dev) ((dev)->name)
#define device_get_nameunit(dev) ((dev)->nameunit)
#define device_get_unit(dev) ((dev)->unit)
#define device_get_softc(dev) ((dev)->softc)
#define softc_device_decl \
struct ocf_device _device; \
device_t
#define softc_device_init(_sc, _name, _unit, _methods) \
if (1) {\
strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \
snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \
(_sc)->_device.unit = _unit; \
(_sc)->_device.methods = _methods; \
(_sc)->_device.softc = (void *) _sc; \
*(device_t *)((softc_get_device(_sc))+1) = &(_sc)->_device; \
} else
#define softc_get_device(_sc) (&(_sc)->_device)
/*
* iomem support for 2.4 and 2.6 kernels
*/
#include <linux/version.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
#define ocf_iomem_t unsigned long
/*
* implement simple workqueue like support for older kernels
*/
#include <linux/tqueue.h>
#define work_struct tq_struct
#define INIT_WORK(wp, fp, ap) \
do { \
(wp)->sync = 0; \
(wp)->routine = (fp); \
(wp)->data = (ap); \
} while (0)
#define schedule_work(wp) \
do { \
queue_task((wp), &tq_immediate); \
mark_bh(IMMEDIATE_BH); \
} while (0)
#define flush_scheduled_work() run_task_queue(&tq_immediate)
#else
#define ocf_iomem_t void __iomem *
#include <linux/workqueue.h>
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
#include <linux/fdtable.h>
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11)
#define files_fdtable(files) (files)
#endif
#ifdef MODULE_PARM
#undef module_param /* just in case */
#define module_param(a,b,c) MODULE_PARM(a,"i")
#endif
#define bzero(s,l) memset(s,0,l)
#define bcopy(s,d,l) memcpy(d,s,l)
#define bcmp(x, y, l) memcmp(x,y,l)
#define MIN(x,y) ((x) < (y) ? (x) : (y))
#define device_printf(dev, a...) ({ \
printk("%s: ", device_get_nameunit(dev)); printk(a); \
})
#undef printf
#define printf(fmt...) printk(fmt)
#define KASSERT(c,p) if (!(c)) { printk p ; } else
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
#define ocf_daemonize(str) \
daemonize(); \
spin_lock_irq(&current->sigmask_lock); \
sigemptyset(&current->blocked); \
recalc_sigpending(current); \
spin_unlock_irq(&current->sigmask_lock); \
sprintf(current->comm, str);
#else
#define ocf_daemonize(str) daemonize(str);
#endif
#define TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q))
#define TAILQ_EMPTY(q) list_empty(q)
#define TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m)
#define read_random(p,l) get_random_bytes(p,l)
#define DELAY(x) ((x) > 2000 ? mdelay((x)/1000) : udelay(x))
#define strtoul simple_strtoul
#define pci_get_vendor(dev) ((dev)->vendor)
#define pci_get_device(dev) ((dev)->device)
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
#define pci_set_consistent_dma_mask(dev, mask) (0)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
#define pci_dma_sync_single_for_cpu pci_dma_sync_single
#endif
#ifndef DMA_32BIT_MASK
#define DMA_32BIT_MASK 0x00000000ffffffffULL
#endif
#define htole32(x) cpu_to_le32(x)
#define htobe32(x) cpu_to_be32(x)
#define htole16(x) cpu_to_le16(x)
#define htobe16(x) cpu_to_be16(x)
/* older kernels don't have these */
#ifndef IRQ_NONE
#define IRQ_NONE
#define IRQ_HANDLED
#define irqreturn_t void
#endif
#ifndef IRQF_SHARED
#define IRQF_SHARED SA_SHIRQ
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
# define strlcpy(dest,src,len) \
({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; })
#endif
#ifndef MAX_ERRNO
#define MAX_ERRNO 4095
#endif
#ifndef IS_ERR_VALUE
#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO)
#endif
/*
* common debug for all
*/
#if 1
#define dprintk(a...) do { if (debug) printk(a); } while(0)
#else
#define dprintk(a...)
#endif
#ifndef SLAB_ATOMIC
/* Changed in 2.6.20, must use GFP_ATOMIC now */
#define SLAB_ATOMIC GFP_ATOMIC
#endif
/*
* need some additional support for older kernels */
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2)
#define pci_register_driver_compat(driver, rc) \
do { \
if ((rc) > 0) { \
(rc) = 0; \
} else if (rc == 0) { \
(rc) = -ENODEV; \
} else { \
pci_unregister_driver(driver); \
} \
} while (0)
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0)
#else
#define pci_register_driver_compat(driver,rc)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
#include <asm/scatterlist.h>
static inline void sg_set_page(struct scatterlist *sg, struct page *page,
unsigned int len, unsigned int offset)
{
sg->page = page;
sg->offset = offset;
sg->length = len;
}
static inline void *sg_virt(struct scatterlist *sg)
{
return page_address(sg->page) + sg->offset;
}
#endif
#endif /* __KERNEL__ */
/****************************************************************************/
#endif /* _BSD_COMPAT_H_ */

279
package/ubsec_ssb/src/sha1.c
View file

@ -1,279 +0,0 @@
/* $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
* based on: http://csrc.nist.gov/fips/fip180-1.txt
* implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
*/
#if 0
#include <sys/cdefs.h>
__FBSDID("$FreeBSD: src/sys/crypto/sha1.c,v 1.9 2003/06/10 21:36:57 obrien Exp $");
#include <sys/types.h>
#include <sys/cdefs.h>
#include <sys/time.h>
#include <sys/systm.h>
#include <crypto/sha1.h>
#endif
/* sanity check */
#if BYTE_ORDER != BIG_ENDIAN
# if BYTE_ORDER != LITTLE_ENDIAN
# define unsupported 1
# endif
#endif
#ifndef unsupported
/* constant table */
static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 };
#define K(t) _K[(t) / 20]
#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
#define F1(b, c, d) (((b) ^ (c)) ^ (d))
#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
#define F3(b, c, d) (((b) ^ (c)) ^ (d))
#define S(n, x) (((x) << (n)) | ((x) >> (32 - n)))
#undef H
#define H(n) (ctxt->h.b32[(n)])
#define COUNT (ctxt->count)
#define BCOUNT (ctxt->c.b64[0] / 8)
#define W(n) (ctxt->m.b32[(n)])
#define PUTBYTE(x) { \
ctxt->m.b8[(COUNT % 64)] = (x); \
COUNT++; \
COUNT %= 64; \
ctxt->c.b64[0] += 8; \
if (COUNT % 64 == 0) \
sha1_step(ctxt); \
}
#define PUTPAD(x) { \
ctxt->m.b8[(COUNT % 64)] = (x); \
COUNT++; \
COUNT %= 64; \
if (COUNT % 64 == 0) \
sha1_step(ctxt); \
}
static void sha1_step(struct sha1_ctxt *);
static void
sha1_step(ctxt)
struct sha1_ctxt *ctxt;
{
u_int32_t a, b, c, d, e;
size_t t, s;
u_int32_t tmp;
#if BYTE_ORDER == LITTLE_ENDIAN
struct sha1_ctxt tctxt;
bcopy(&ctxt->m.b8[0], &tctxt.m.b8[0], 64);
ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2];
ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0];
ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6];
ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4];
ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10];
ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8];
ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14];
ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12];
ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18];
ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16];
ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22];
ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20];
ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26];
ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24];
ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30];
ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28];
ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34];
ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32];
ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38];
ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36];
ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42];
ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40];
ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46];
ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44];
ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50];
ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48];
ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54];
ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52];
ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58];
ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56];
ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62];
ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60];
#endif
a = H(0); b = H(1); c = H(2); d = H(3); e = H(4);
for (t = 0; t < 20; t++) {
s = t & 0x0f;
if (t >= 16) {
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
}
tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
for (t = 20; t < 40; t++) {
s = t & 0x0f;
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
for (t = 40; t < 60; t++) {
s = t & 0x0f;
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
for (t = 60; t < 80; t++) {
s = t & 0x0f;
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
H(0) = H(0) + a;
H(1) = H(1) + b;
H(2) = H(2) + c;
H(3) = H(3) + d;
H(4) = H(4) + e;
bzero(&ctxt->m.b8[0], 64);
}
/*------------------------------------------------------------*/
void
sha1_init(ctxt)
struct sha1_ctxt *ctxt;
{
bzero(ctxt, sizeof(struct sha1_ctxt));
H(0) = 0x67452301;
H(1) = 0xefcdab89;
H(2) = 0x98badcfe;
H(3) = 0x10325476;
H(4) = 0xc3d2e1f0;
}
void
sha1_pad(ctxt)
struct sha1_ctxt *ctxt;
{
size_t padlen; /*pad length in bytes*/
size_t padstart;
PUTPAD(0x80);
padstart = COUNT % 64;
padlen = 64 - padstart;
if (padlen < 8) {
bzero(&ctxt->m.b8[padstart], padlen);
COUNT += padlen;
COUNT %= 64;
sha1_step(ctxt);
padstart = COUNT % 64; /* should be 0 */
padlen = 64 - padstart; /* should be 64 */
}
bzero(&ctxt->m.b8[padstart], padlen - 8);
COUNT += (padlen - 8);
COUNT %= 64;
#if BYTE_ORDER == BIG_ENDIAN
PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]);
PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]);
PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]);
PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]);
#else
PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]);
PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]);
PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]);
PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]);
#endif
}
void
sha1_loop(ctxt, input, len)
struct sha1_ctxt *ctxt;
const u_int8_t *input;
size_t len;
{
size_t gaplen;
size_t gapstart;
size_t off;
size_t copysiz;
off = 0;
while (off < len) {
gapstart = COUNT % 64;
gaplen = 64 - gapstart;
copysiz = (gaplen < len - off) ? gaplen : len - off;
bcopy(&input[off], &ctxt->m.b8[gapstart], copysiz);
COUNT += copysiz;
COUNT %= 64;
ctxt->c.b64[0] += copysiz * 8;
if (COUNT % 64 == 0)
sha1_step(ctxt);
off += copysiz;
}
}
void
sha1_result(ctxt, digest0)
struct sha1_ctxt *ctxt;
caddr_t digest0;
{
u_int8_t *digest;
digest = (u_int8_t *)digest0;
sha1_pad(ctxt);
#if BYTE_ORDER == BIG_ENDIAN
bcopy(&ctxt->h.b8[0], digest, 20);
#else
digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2];
digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0];
digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6];
digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4];
digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10];
digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8];
digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14];
digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12];
digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18];
digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16];
#endif
}
#endif /*unsupported*/

72
package/ubsec_ssb/src/sha1.h
View file

@ -1,72 +0,0 @@
/* $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $ */
/* $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
* based on: http://csrc.nist.gov/fips/fip180-1.txt
* implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
*/
#ifndef _NETINET6_SHA1_H_
#define _NETINET6_SHA1_H_
struct sha1_ctxt {
union {
u_int8_t b8[20];
u_int32_t b32[5];
} h;
union {
u_int8_t b8[8];
u_int64_t b64[1];
} c;
union {
u_int8_t b8[64];
u_int32_t b32[16];
} m;
u_int8_t count;
};
#ifdef __KERNEL__
extern void sha1_init(struct sha1_ctxt *);
extern void sha1_pad(struct sha1_ctxt *);
extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t);
extern void sha1_result(struct sha1_ctxt *, caddr_t);
/* compatibilty with other SHA1 source codes */
typedef struct sha1_ctxt SHA1_CTX;
#define SHA1Init(x) sha1_init((x))
#define SHA1Update(x, y, z) sha1_loop((x), (y), (z))
#define SHA1Final(x, y) sha1_result((y), (x))
#endif /* __KERNEL__ */
#define SHA1_RESULTLEN (160/8)
#endif /*_NETINET6_SHA1_H_*/

54
package/ubsec_ssb/src/uio.h
View file

@ -1,54 +0,0 @@
#ifndef _OCF_UIO_H_
#define _OCF_UIO_H_
#include <linux/uio.h>
/*
* The linux uio.h doesn't have all we need. To be fully api compatible
* with the BSD cryptodev, we need to keep this around. Perhaps this can
* be moved back into the linux/uio.h
*
* Linux port done by David McCullough <david_mccullough@securecomputing.com>
* Copyright (C) 2006-2007 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
*
* LICENSE TERMS
*
* The free distribution and use of this software in both source and binary
* form is allowed (with or without changes) provided that:
*
* 1. distributions of this source code include the above copyright
* notice, this list of conditions and the following disclaimer;
*
* 2. distributions in binary form include the above copyright
* notice, this list of conditions and the following disclaimer
* in the documentation and/or other associated materials;
*
* 3. the copyright holder's name is not used to endorse products
* built using this software without specific written permission.
*
* ALTERNATIVELY, provided that this notice is retained in full, this product
* may be distributed under the terms of the GNU General Public License (GPL),
* in which case the provisions of the GPL apply INSTEAD OF those given above.
*
* DISCLAIMER
*
* This software is provided 'as is' with no explicit or implied warranties
* in respect of its properties, including, but not limited to, correctness
* and/or fitness for purpose.
* ---------------------------------------------------------------------------
*/
struct uio {
struct iovec *uio_iov;
int uio_iovcnt;
off_t uio_offset;
int uio_resid;
#if 0
enum uio_seg uio_segflg;
enum uio_rw uio_rw;
struct thread *uio_td;
#endif
};
#endif

1
target/linux/generic/config-2.6.30
View file

@ -1555,6 +1555,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OMFS_FS is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_P54_COMMON is not set

1
target/linux/generic/config-2.6.31
View file

@ -1553,6 +1553,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OMFS_FS is not set
# CONFIG_OPROFILE is not set
# CONFIG_OSF_PARTITION is not set

1
target/linux/generic/config-2.6.32
View file

@ -1636,6 +1636,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set
# CONFIG_OSF_PARTITION is not set

1
target/linux/generic/config-2.6.36
View file

@ -1679,6 +1679,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set

1
target/linux/generic/config-2.6.37
View file

@ -1718,6 +1718,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set

1
target/linux/generic/config-2.6.38
View file

@ -1750,6 +1750,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set

1
target/linux/generic/config-2.6.39
View file

@ -1785,6 +1785,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set

1
target/linux/generic/config-3.0
View file

@ -1797,6 +1797,7 @@ CONFIG_NLS_DEFAULT="iso8859-1"
# CONFIG_OCF_OCFNULL is not set
# CONFIG_OCF_SAFE is not set
# CONFIG_OCF_TALITOS is not set
# CONFIG_OCF_UBSEC_SSB is not set
# CONFIG_OC_ETM is not set
# CONFIG_OMFS_FS is not set
# CONFIG_ORION_WATCHDOG is not set

2
target/linux/generic/files/crypto/ocf/Config.in
View file

@ -27,6 +27,8 @@ dep_tristate ' ep80579 (HW crypto engine)' \
CONFIG_OCF_EP80579 $CONFIG_OCF_OCF
dep_tristate ' Micronas c7108 (HW crypto engine)' \
CONFIG_OCF_C7108 $CONFIG_OCF_OCF
dep_tristate ' uBsec BCM5365 (HW crypto engine)'
CONFIG_OCF_UBSEC_SSB $CONFIG_OCF_OCF
dep_tristate ' ocfnull (does no crypto)' \
CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF
dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \

6
target/linux/generic/files/crypto/ocf/Kconfig
View file

@ -103,6 +103,12 @@ config OCF_C7108
help
OCF driver for the Microna 7108 Cipher processors.
config OCF_UBSEC_SSB
tristate "uBsec BCM5365 (HW crypto engine)"
depends on OCF_OCF
help
OCF driver for uBsec BCM5365 hardware crypto accelerator.
config OCF_OCFNULL
tristate "ocfnull (fake crypto engine)"
depends on OCF_OCF

101
target/linux/generic/files/crypto/ocf/Makefile
View file

@ -47,9 +47,19 @@ $(_obj)-$(CONFIG_OCF_CRYPTOCTEON) += cryptocteon$(_slash)
$(_obj)-$(CONFIG_OCF_KIRKWOOD) += kirkwood$(_slash)
$(_obj)-$(CONFIG_OCF_OCFNULL) += ocfnull$(_slash)
$(_obj)-$(CONFIG_OCF_C7108) += c7108$(_slash)
$(_obj)-$(CONFIG_OCF_UBSEC_SSB) += ubsec_ssb$(_slash)
ocf-objs := $(OCF_OBJS)
dummy:
@echo "Please consult the README for how to build OCF."
@echo "If you can't wait then the following should do it:"
@echo ""
@echo " make ocf_modules"
@echo " sudo make ocf_install"
@echo ""
@exit 1
$(list-multi) dummy1: $(ocf-objs)
$(LD) -r -o $@ $(ocf-objs)
@ -57,21 +67,44 @@ $(list-multi) dummy1: $(ocf-objs)
clean:
rm -f *.o *.ko .*.o.flags .*.ko.cmd .*.o.cmd .*.mod.o.cmd *.mod.c
rm -f */*.o */*.ko */.*.o.cmd */.*.ko.cmd */.*.mod.o.cmd */*.mod.c */.*.o.flags
rm -f */modules.order */modules.builtin modules.order modules.builtin
ifdef TOPDIR
-include $(TOPDIR)/Rules.make
endif
#
# release gen targets
# targets to build easily on the current machine
#
ocf_make:
make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m
make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_CRYPTOSOFT=m
-make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_BENCH=m
-make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_OCFNULL=m
-make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_HIFN=m
ocf_modules:
$(MAKE) ocf_make OCF_TARGET=modules
ocf_install:
$(MAKE) ocf_make OCF_TARGET="modules modules_install"
depmod
mkdir -p /usr/include/crypto
cp cryptodev.h /usr/include/crypto/.
#
# generate full kernel patches for 2.4 and 2.6 kernels to make patching
# your kernel easier
#
.PHONY: patch
patch:
REL=`date +%Y%m%d`; \
patch=ocf-linux-$$REL.patch; \
patch24=ocf-linux-24-$$REL.patch; \
patch26=ocf-linux-26-$$REL.patch; \
patchbase=.; \
[ -d $$patchbase/patches ] || patchbase=..; \
patch=ocf-linux-base.patch; \
patch24=ocf-linux-24.patch; \
patch26=ocf-linux-26.patch; \
( \
find . -name Makefile; \
find . -name Config.in; \
@ -81,44 +114,32 @@ patch:
) | while read t; do \
diff -Nau /dev/null $$t | sed 's?^+++ \./?+++ linux/crypto/ocf/?'; \
done > $$patch; \
cat patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \
cat patches/linux-2.6.33-ocf.patch $$patch > $$patch26
cat $$patchbase/patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \
cat $$patchbase/patches/linux-2.6.38-ocf.patch $$patch > $$patch26; \
.PHONY: tarball
tarball:
#
# this target probably does nothing for anyone but me - davidm
#
.PHONY: release
release:
REL=`date +%Y%m%d`; RELDIR=/tmp/ocf-linux-$$REL; \
CURDIR=`pwd`; \
rm -rf /tmp/ocf-linux-$$REL*; \
mkdir -p $$RELDIR/tools; \
cp README* $$RELDIR; \
cp patches/openss*.patch $$RELDIR; \
cp patches/crypto-tools.patch $$RELDIR; \
cp tools/[!C]* $$RELDIR/tools; \
cd ..; \
tar cvf $$RELDIR/ocf-linux.tar \
--exclude=CVS \
--exclude=.* \
--exclude=*.o \
--exclude=*.ko \
--exclude=*.mod.* \
--exclude=README* \
--exclude=ocf-*.patch \
--exclude=ocf/patches/openss*.patch \
--exclude=ocf/patches/crypto-tools.patch \
--exclude=ocf/tools \
ocf; \
gzip -9 $$RELDIR/ocf-linux.tar; \
cd /tmp; \
mkdir -p $$RELDIR/ocf; \
mkdir -p $$RELDIR/patches; \
mkdir -p $$RELDIR/crypto-tools; \
cp README* $$RELDIR/.; \
cp patches/[!C]* $$RELDIR/patches/.; \
cp tools/[!C]* $$RELDIR/crypto-tools/.; \
cp -r [!C]* Config.in $$RELDIR/ocf/.; \
rm -rf $$RELDIR/ocf/patches $$RELDIR/ocf/tools; \
rm -f $$RELDIR/ocf/README*; \
cp $$CURDIR/../../user/crypto-tools/[!C]* $$RELDIR/crypto-tools/.; \
make -C $$RELDIR/crypto-tools clean; \
make -C $$RELDIR/ocf clean; \
find $$RELDIR/ocf -name CVS | xargs rm -rf; \
cd $$RELDIR/..; \
tar cvf ocf-linux-$$REL.tar ocf-linux-$$REL; \
gzip -9 ocf-linux-$$REL.tar; \
cd $$CURDIR/../../user; \
rm -rf /tmp/crypto-tools-$$REL*; \
tar cvf /tmp/crypto-tools-$$REL.tar \
--exclude=CVS \
--exclude=.* \
--exclude=*.o \
--exclude=cryptotest \
--exclude=cryptokeytest \
crypto-tools; \
gzip -9 /tmp/crypto-tools-$$REL.tar
gzip -9 ocf-linux-$$REL.tar

311
target/linux/generic/files/crypto/ocf/README
View file

@ -1,167 +1,246 @@
README - ocf-linux-20100325
---------------------------
###########################
README - ocf-linux-20100530
###########################
This README provides instructions for getting ocf-linux compiled and
operating in a generic linux environment. For other information you
might like to visit the home page for this project:
operating in a generic linux environment. Other information on the project
can be found at the home page:
http://ocf-linux.sourceforge.net/
Adding OCF to linux
-------------------
Embedded systems and applications requiring userspace acceleration will need
to patch the kernel source to get full OCF support. See "Adding OCF to
linux source" below. Otherwise the "OCF Quickstart" that follows is the
easiest way to get started.
Not much in this file for now, just some notes. I usually build
the ocf support as modules but it can be built into the kernel as
well. To use it:
If your goal is to accelerate Openswan on Ubuntu or CentOS, you may find
that the required binaries are already available on openswan.org:
* mknod /dev/crypto c 10 70
ftp://ftp.openswan.org/ocf/
ftp://ftp.openswan.org/openswan/binaries/ubuntu/
* to add OCF to your kernel source, you have two options. Apply
the kernel specific patch:
#####################################################
OCF Quickstart for Ubuntu/Others (including Openswan)
#####################################################
cd linux-2.4*; gunzip < ocf-linux-24-XXXXXXXX.patch.gz | patch -p1
cd linux-2.6*; gunzip < ocf-linux-26-XXXXXXXX.patch.gz | patch -p1
if you do one of the above, then you can proceed to the next step,
or you can do the above process by hand with using the patches against
linux-2.4.35 and 2.6.33 to include the ocf code under crypto/ocf.
Here's how to add it:
This section provides instructions on how to quickly add kernel only support
for OCF to a GNU/Linux system. It is only suitable for in-kernel use such as
Openswan MAST/KLIPS.
for 2.4.35 (and later)
If the target is an embedded system, or, userspace acceleration of
applications such as OpenVPN and OpenSSL, the section below titled
"Adding OCF to linux source" is more appropriate.
cd linux-2.4.35/crypto
tar xvzf ocf-linux.tar.gz
cd ..
patch -p1 < crypto/ocf/patches/linux-2.4.35-ocf.patch
Before building kernel only support for OCF ensure that the appropriate
linux-headers package is installed:
for 2.6.23 (and later), find the kernel patch specific (or nearest)
to your kernel versions and then:
cd ocf
make ocf_modules
sudo make ocf_install
OCF_DIR=`pwd` # remember where OCF sources were built
cd linux-2.6.NN/crypto
tar xvzf ocf-linux.tar.gz
cd ..
patch -p1 < crypto/ocf/patches/linux-2.6.NN-ocf.patch
At this point the ocf, cryptosoft, ocfnull, hifn7751 and ocf-bench modules
should have been built and installed. The OCF installation can be tested
with the following commands:
It should be easy to take this patch and apply it to other more
recent versions of the kernels. The same patches should also work
relatively easily on kernels as old as 2.6.11 and 2.4.18.
* under 2.4 if you are on a non-x86 platform, you may need to:
modprobe ocf
modprobe cryptosoft
modprobe ocf-bench
dmesg | tail -5
cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY
The final modprobe of ocf-bench will fail, this is intentional as ocf-bench
is a short lived module that tests in-kernel performance of OCF. If
everything worked correctly the "dmesg | tail -5" should include a line
like:
so that you can build the kernel crypto support needed for the cryptosoft
driver.
[ 583.128741] OCF: 45133 requests of 1488 bytes in 251 jiffies (535.122 Mbps)
* For simplicity you should enable all the crypto support in your kernel
except for the test driver. Likewise for the OCF options. Do not
enable OCF crypto drivers for HW that you do not have (for example
ixp4xx will not compile on non-Xscale systems).
This shows the in-kernel performance of OCF using the cryptosoft driver.
For addition driver load options, see "How to load the OCF modules" below.
* make sure that cryptodev.h (from ocf-linux.tar.gz) is installed as
crypto/cryptodev.h in an include directory that is used for building
applications for your platform. For example on a host system that
might be:
If the intention is to run an OCF accelerated Openswan (KLIPS/MAST) then use
these steps to compile openswan downloaded from openswan.org (2.6.34 or later).
/usr/include/crypto/cryptodev.h
tar xf openswan-2.6.34.tar.gz
cd openswan-2.6.34
make programs
make KERNELSRC=/lib/modules/`uname -r`/build \
KBUILD_EXTRA_SYMBOLS=$OCF_DIR/Module.symvers \
MODULE_DEF_INCLUDE=`pwd`/packaging/ocf/config-all.hmodules \
MODULE_DEFCONFIG=`pwd`/packaging/ocf/defconfig \
module
sudo make KERNELSRC=/lib/modules/`uname -r`/build \
KBUILD_EXTRA_SYMBOLS=$OCF_DIR/Module.symvers \
MODULE_DEF_INCLUDE=`pwd`/packaging/ocf/config-all.hmodules \
MODULE_DEFCONFIG=`pwd`/packaging/ocf/defconfig \
install minstall
* patch your openssl-0.9.8n code with the openssl-0.9.8n.patch.
(NOTE: there is no longer a need to patch ssh). The patch is against:
openssl-0_9_8e
The rest of this document is only required for more complex build
requirements.
If you need a patch for an older version of openssl, you should look
to older OCF releases. This patch is unlikely to work on older
openssl versions.
##########################
Adding OCF to linux source
##########################
openssl-0.9.8n.patch
- enables --with-cryptodev for non BSD systems
- adds -cpu option to openssl speed for calculating CPU load
under linux
- fixes null pointer in openssl speed multi thread output.
- fixes test keys to work with linux crypto's more stringent
key checking.
- adds MD5/SHA acceleration (Ronen Shitrit), only enabled
with the --with-cryptodev-digests option
- fixes bug in engine code caching.
It is recommended that OCF be built as modules as it increases the
flexibility and ease of debugging the system.
* build crypto-tools-XXXXXXXX.tar.gz if you want to try some of the BSD
tools for testing OCF (ie., cryptotest).
Ensure that the system has /dev/crypto for userspace access to OCF:
How to load the OCF drivers
---------------------------
mknod /dev/crypto c 10 70
First insert the base modules:
Generate the kernel patches and apply the appropriate one.
insmod ocf
insmod cryptodev
cd ocf
make patch
You can then install the software OCF driver with:
This will provide three files:
insmod cryptosoft
linux-2.4.*-ocf.patch
linux-2.6.*-ocf.patch
ocf-linux-base.patch
and one or more of the OCF HW drivers with:
If either of the first two patches applies to the targets kernel, then one
of the following as required:
insmod safe
insmod hifn7751
insmod ixp4xx
...
cd linux-2.X.Y; patch -p1 < linux-2.4.*-ocf.patch
cd linux-2.6.Y; patch -p1 < linux-2.6.*-ocf.patch
all the drivers take a debug option to enable verbose debug so that
you can see what is going on. For debug you load them as:
Otherwise, locate the appropriate kernel patch in the patches directory and
apply that as well as the ocf-linux-base.patch using '-p1'.
insmod ocf crypto_debug=1
insmod cryptodev cryptodev_debug=1
insmod cryptosoft swcr_debug=1
When using a linux-2.4 system on a non-x86 platform, the following may be
required to build cryptosoft:
You may load more than one OCF crypto driver but then there is no guarantee
as to which will be used.
cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY
You can also enable debug at run time on 2.6 systems with the following:
When using cryptosoft, for simplicity, enable all the crypto support in the
kernel except for the test driver. Likewise for the OCF options. Do not
enable OCF crypto drivers for HW that is not present (for example the ixp4xx
driver will not compile on non-Xscale systems).
echo 1 > /sys/module/ocf/parameters/crypto_debug
echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug
echo 1 > /sys/module/cryptosoft/parameters/swcr_debug
echo 1 > /sys/module/hifn7751/parameters/hifn_debug
echo 1 > /sys/module/safe/parameters/safe_debug
echo 1 > /sys/module/ixp4xx/parameters/ixp_debug
...
Make sure that cryptodev.h from the ocf directory is installed as
crypto/cryptodev.h in an include directory that is used for building
applications for the target platform. For example on a host system that
might be:
/usr/include/crypto/cryptodev.h
Patch the openssl-0.9.8r code the openssl-0.9.8r.patch from the patches
directory. There are many older patch versions in the patches directory
if required.
The openssl patches provide the following functionality:
* enables --with-cryptodev for non BSD systems
* adds -cpu option to openssl speed for calculating CPU load under linux
* fixes null pointer in openssl speed multi thread output.
* fixes test keys to work with linux crypto's more stringent key checking.
* adds MD5/SHA acceleration (Ronen Shitrit), only enabled with the
--with-cryptodev-digests option
* fixes bug in engine code caching.
Build the crypto-tools directory for the target to obtain a userspace
testing tool call cryptotest.
###########################
How to load the OCF modules
###########################
First insert the base modules (cryptodev is optional, it is only used
for userspace acceleration):
modprobe ocf
modprobe cryptodev
Load the software OCF driver with:
modprobe cryptosoft
and zero or more of the OCF HW drivers with:
modprobe safe
modprobe hifn7751
modprobe ixp4xx
...
All the drivers take a debug option to enable verbose debug so that
OCF operation may be observed via "dmesg" or the console. For debug
load the modules as:
modprobe ocf crypto_debug=1
modprobe cryptodev cryptodev_debug=1
modprobe cryptosoft swcr_debug=1
More than one OCF crypto driver may be loaded but then there is no
guarantee as to which will be used (other than a preference for HW
drivers over SW drivers by most applications).
It is also possible to enable debug at run time on linux-2.6 systems
with the following:
echo 1 > /sys/module/ocf/parameters/crypto_debug
echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug
echo 1 > /sys/module/cryptosoft/parameters/swcr_debug
echo 1 > /sys/module/hifn7751/parameters/hifn_debug
echo 1 > /sys/module/safe/parameters/safe_debug
echo 1 > /sys/module/ixp4xx/parameters/ixp_debug
...
The ocf-bench driver accepts the following parameters:
request_q_len - Maximum number of outstanding requests to OCF
request_num - run for at least this many requests
request_size - size of each request (multiple of 16 bytes recommended)
request_batch - enable OCF request batching
request_cbimm - enable OCF immediate callback on completion
For example:
modprobe ocf-bench request_size=1024 request_cbimm=0
#######################
Testing the OCF support
-----------------------
#######################
run "cryptotest", it should do a short test for a couple of
des packets. If it does everything is working.
run "cryptotest", it should do a short test for a couple of
des packets. If it does everything is working.
If this works, then ssh will use the driver when invoked as:
If this works, then ssh will use the driver when invoked as:
ssh -c 3des username@host
ssh -c 3des username@host
to see for sure that it is operating, enable debug as defined above.
to see for sure that it is operating, enable debug as defined above.
To get a better idea of performance run:
To get a better idea of performance run:
cryptotest 100 4096
cryptotest 100 4096
There are more options to cryptotest, see the help.
There are more options to cryptotest, see the help.
It is also possible to use openssl to test the speed of the crypto
drivers.
It is also possible to use openssl to test the speed of the crypto
drivers.
openssl speed -evp des -engine cryptodev -elapsed
openssl speed -evp des3 -engine cryptodev -elapsed
openssl speed -evp aes128 -engine cryptodev -elapsed
openssl speed -evp des -engine cryptodev -elapsed
openssl speed -evp des3 -engine cryptodev -elapsed
openssl speed -evp aes128 -engine cryptodev -elapsed
and multiple threads (10) with:
and multiple threads (10) with:
openssl speed -evp des -engine cryptodev -elapsed -multi 10
openssl speed -evp des3 -engine cryptodev -elapsed -multi 10
openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10
openssl speed -evp des -engine cryptodev -elapsed -multi 10
openssl speed -evp des3 -engine cryptodev -elapsed -multi 10
openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10
for public key testing you can try:
for public key testing you can try:
cryptokeytest
openssl speed -engine cryptodev rsa -elapsed
openssl speed -engine cryptodev dsa -elapsed
cryptokeytest
openssl speed -engine cryptodev rsa -elapsed
openssl speed -engine cryptodev dsa -elapsed
David McCullough
david_mccullough@mcafee.com
#############################
#
# David McCullough
# david_mccullough@mcafee.com
#
#############################

6
target/linux/generic/files/crypto/ocf/criov.c
View file

@ -35,10 +35,8 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>

137
target/linux/generic/files/crypto/ocf/crypto.c
View file

@ -64,10 +64,8 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp E
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -76,7 +74,9 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp E
#include <linux/wait.h>
#include <linux/sched.h>
#include <linux/spinlock.h>
#include <linux/version.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,4)
#include <linux/kthread.h>
#endif
#include <cryptodev.h>
/*
@ -156,9 +156,8 @@ static int crypto_drivers_num = 0;
* have one per-queue but having one simplifies handling of block/unblock
* operations.
*/
static int crp_sleep = 0;
static LIST_HEAD(crp_q); /* request queues */
static LIST_HEAD(crp_kq);
static LIST_HEAD(crp_q); /* crypto request queue */
static LIST_HEAD(crp_kq); /* asym request queue */
static spinlock_t crypto_q_lock;
@ -213,11 +212,6 @@ static struct kmem_cache *cryptop_zone;
static struct kmem_cache *cryptodesc_zone;
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
#include <linux/sched.h>
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
#define debug crypto_debug
int crypto_debug = 0;
module_param(crypto_debug, int, 0644);
@ -278,11 +272,13 @@ module_param(crypto_max_loopcount, int, 0644);
MODULE_PARM_DESC(crypto_max_loopcount,
"Maximum number of crypto ops to do before yielding to other processes");
static pid_t cryptoproc = (pid_t) -1;
static struct completion cryptoproc_exited;
#ifndef CONFIG_NR_CPUS
#define CONFIG_NR_CPUS 1
#endif
static struct task_struct *cryptoproc[CONFIG_NR_CPUS];
static struct task_struct *cryptoretproc[CONFIG_NR_CPUS];
static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait);
static pid_t cryptoretproc = (pid_t) -1;
static struct completion cryptoretproc_exited;
static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait);
static int crypto_proc(void *arg);
@ -318,6 +314,7 @@ driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri)
return 1;
}
/*
* Select a driver for a new session that supports the specified
* algorithms and, optionally, is constrained according to the flags.
@ -791,8 +788,7 @@ crypto_unblock(u_int32_t driverid, int what)
cap->cc_unkqblocked = 0;
crypto_all_kqblocked = 0;
}
if (crp_sleep)
wake_up_interruptible(&cryptoproc_wait);
wake_up_interruptible(&cryptoproc_wait);
err = 0;
} else
err = EINVAL;
@ -817,8 +813,8 @@ crypto_dispatch(struct cryptop *crp)
CRYPTO_Q_LOCK();
if (crypto_q_cnt >= crypto_q_max) {
CRYPTO_Q_UNLOCK();
cryptostats.cs_drops++;
CRYPTO_Q_UNLOCK();
return ENOMEM;
}
crypto_q_cnt++;
@ -865,8 +861,7 @@ crypto_dispatch(struct cryptop *crp)
TAILQ_INSERT_TAIL(&crp_q, crp, crp_next);
result = 0;
}
if (crp_sleep)
wake_up_interruptible(&cryptoproc_wait);
wake_up_interruptible(&cryptoproc_wait);
CRYPTO_Q_UNLOCK();
return result;
}
@ -887,8 +882,7 @@ crypto_kdispatch(struct cryptkop *krp)
if (error == ERESTART) {
CRYPTO_Q_LOCK();
TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next);
if (crp_sleep)
wake_up_interruptible(&cryptoproc_wait);
wake_up_interruptible(&cryptoproc_wait);
CRYPTO_Q_UNLOCK();
error = 0;
}
@ -1186,8 +1180,7 @@ crypto_done(struct cryptop *crp)
* Normal case; queue the callback for the thread.
*/
CRYPTO_RETQ_LOCK();
if (CRYPTO_RETQ_EMPTY())
wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
CRYPTO_RETQ_UNLOCK();
}
@ -1237,8 +1230,7 @@ crypto_kdone(struct cryptkop *krp)
* Normal case; queue the callback for the thread.
*/
CRYPTO_RETQ_LOCK();
if (CRYPTO_RETQ_EMPTY())
wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next);
CRYPTO_RETQ_UNLOCK();
}
@ -1281,7 +1273,7 @@ crypto_proc(void *arg)
unsigned long q_flags;
int loopcount = 0;
ocf_daemonize("crypto");
set_current_state(TASK_INTERRUPTIBLE);
CRYPTO_Q_LOCK();
for (;;) {
@ -1435,12 +1427,10 @@ crypto_proc(void *arg)
list_empty(&crp_kq), crypto_all_kqblocked);
loopcount = 0;
CRYPTO_Q_UNLOCK();
crp_sleep = 1;
wait_event_interruptible(cryptoproc_wait,
!(list_empty(&crp_q) || crypto_all_qblocked) ||
!(list_empty(&crp_kq) || crypto_all_kqblocked) ||
cryptoproc == (pid_t) -1);
crp_sleep = 0;
kthread_should_stop());
if (signal_pending (current)) {
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
spin_lock_irq(&current->sigmask_lock);
@ -1452,7 +1442,7 @@ crypto_proc(void *arg)
}
CRYPTO_Q_LOCK();
dprintk("%s - awake\n", __FUNCTION__);
if (cryptoproc == (pid_t) -1)
if (kthread_should_stop())
break;
cryptostats.cs_intrs++;
} else if (loopcount > crypto_max_loopcount) {
@ -1461,12 +1451,14 @@ crypto_proc(void *arg)
* been using the CPU exclusively for a while.
*/
loopcount = 0;
CRYPTO_Q_UNLOCK();
schedule();
CRYPTO_Q_LOCK();
}
loopcount++;
}
CRYPTO_Q_UNLOCK();
complete_and_exit(&cryptoproc_exited, 0);
return 0;
}
/*
@ -1481,7 +1473,7 @@ crypto_ret_proc(void *arg)
struct cryptkop *krpt;
unsigned long r_flags;
ocf_daemonize("crypto_ret");
set_current_state(TASK_INTERRUPTIBLE);
CRYPTO_RETQ_LOCK();
for (;;) {
@ -1516,9 +1508,9 @@ crypto_ret_proc(void *arg)
dprintk("%s - sleeping\n", __FUNCTION__);
CRYPTO_RETQ_UNLOCK();
wait_event_interruptible(cryptoretproc_wait,
cryptoretproc == (pid_t) -1 ||
!list_empty(&crp_ret_q) ||
!list_empty(&crp_ret_kq));
!list_empty(&crp_ret_kq) ||
kthread_should_stop());
if (signal_pending (current)) {
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
spin_lock_irq(&current->sigmask_lock);
@ -1530,7 +1522,7 @@ crypto_ret_proc(void *arg)
}
CRYPTO_RETQ_LOCK();
dprintk("%s - awake\n", __FUNCTION__);
if (cryptoretproc == (pid_t) -1) {
if (kthread_should_stop()) {
dprintk("%s - EXITING!\n", __FUNCTION__);
break;
}
@ -1538,7 +1530,7 @@ crypto_ret_proc(void *arg)
}
}
CRYPTO_RETQ_UNLOCK();
complete_and_exit(&cryptoretproc_exited, 0);
return 0;
}
@ -1644,6 +1636,7 @@ static int
crypto_init(void)
{
int error;
unsigned long cpu;
dprintk("%s(%p)\n", __FUNCTION__, (void *) crypto_init);
@ -1686,25 +1679,28 @@ crypto_init(void)
memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap));
init_completion(&cryptoproc_exited);
init_completion(&cryptoretproc_exited);
cryptoproc = 0; /* to avoid race condition where proc runs first */
cryptoproc = kernel_thread(crypto_proc, NULL, CLONE_FS|CLONE_FILES);
if (cryptoproc < 0) {
error = cryptoproc;
printk("crypto: crypto_init cannot start crypto thread; error %d",
error);
goto bad;
}
cryptoretproc = 0; /* to avoid race condition where proc runs first */
cryptoretproc = kernel_thread(crypto_ret_proc, NULL, CLONE_FS|CLONE_FILES);
if (cryptoretproc < 0) {
error = cryptoretproc;
printk("crypto: crypto_init cannot start cryptoret thread; error %d",
ocf_for_each_cpu(cpu) {
cryptoproc[cpu] = kthread_create(crypto_proc, (void *) cpu,
"ocf_%d", (int) cpu);
if (IS_ERR(cryptoproc[cpu])) {
error = PTR_ERR(cryptoproc[cpu]);
printk("crypto: crypto_init cannot start crypto thread; error %d",
error);
goto bad;
goto bad;
}
kthread_bind(cryptoproc[cpu], cpu);
wake_up_process(cryptoproc[cpu]);
cryptoretproc[cpu] = kthread_create(crypto_ret_proc, (void *) cpu,
"ocf_ret_%d", (int) cpu);
if (IS_ERR(cryptoretproc[cpu])) {
error = PTR_ERR(cryptoretproc[cpu]);
printk("crypto: crypto_init cannot start cryptoret thread; error %d",
error);
goto bad;
}
kthread_bind(cryptoretproc[cpu], cpu);
wake_up_process(cryptoretproc[cpu]);
}
return 0;
@ -1717,34 +1713,17 @@ bad:
static void
crypto_exit(void)
{
pid_t p;
unsigned long d_flags;
int cpu;
dprintk("%s()\n", __FUNCTION__);
/*
* Terminate any crypto threads.
*/
CRYPTO_DRIVER_LOCK();
p = cryptoproc;
cryptoproc = (pid_t) -1;
kill_proc(p, SIGTERM, 1);
wake_up_interruptible(&cryptoproc_wait);
CRYPTO_DRIVER_UNLOCK();
wait_for_completion(&cryptoproc_exited);
CRYPTO_DRIVER_LOCK();
p = cryptoretproc;
cryptoretproc = (pid_t) -1;
kill_proc(p, SIGTERM, 1);
wake_up_interruptible(&cryptoretproc_wait);
CRYPTO_DRIVER_UNLOCK();
wait_for_completion(&cryptoretproc_exited);
/* XXX flush queues??? */
ocf_for_each_cpu(cpu) {
kthread_stop(cryptoproc[cpu]);
kthread_stop(cryptoretproc[cpu]);
}
/*
* Reclaim dynamically allocated resources.

42
target/linux/generic/files/crypto/ocf/cryptocteon/cryptocteon.c
View file

@ -28,10 +28,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -69,15 +67,6 @@ struct octo_sess {
int octo_mlen;
int octo_ivsize;
#if 0
int (*octo_decrypt)(struct scatterlist *sg, int sg_len,
uint8_t *key, int key_len, uint8_t * iv,
uint64_t *hminner, uint64_t *hmouter);
int (*octo_encrypt)(struct scatterlist *sg, int sg_len,
uint8_t *key, int key_len, uint8_t * iv,
uint64_t *hminner, uint64_t *hmouter);
#else
int (*octo_encrypt)(struct octo_sess *od,
struct scatterlist *sg, int sg_len,
int auth_off, int auth_len,
@ -88,7 +77,6 @@ struct octo_sess {
int auth_off, int auth_len,
int crypt_off, int crypt_len,
int icv_off, uint8_t *ivp);
#endif
uint64_t octo_hminner[3];
uint64_t octo_hmouter[3];
@ -264,7 +252,7 @@ octo_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
break;
case CRYPTO_SHA1_HMAC:
(*ocd)->octo_encrypt = octo_des_cbc_sha1_encrypt;
(*ocd)->octo_decrypt = octo_des_cbc_sha1_encrypt;
(*ocd)->octo_decrypt = octo_des_cbc_sha1_decrypt;
octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
(*ocd)->octo_hmouter);
break;
@ -305,13 +293,13 @@ octo_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
break;
case CRYPTO_MD5_HMAC:
(*ocd)->octo_encrypt = octo_null_md5_encrypt;
(*ocd)->octo_decrypt = octo_null_md5_encrypt;
(*ocd)->octo_decrypt = octo_null_md5_encrypt; /* encrypt == decrypt */
octo_calc_hash(0, macini->cri_key, (*ocd)->octo_hminner,
(*ocd)->octo_hmouter);
break;
case CRYPTO_SHA1_HMAC:
(*ocd)->octo_encrypt = octo_null_sha1_encrypt;
(*ocd)->octo_decrypt = octo_null_sha1_encrypt;
(*ocd)->octo_decrypt = octo_null_sha1_encrypt; /* encrypt == decrypt */
octo_calc_hash(1, macini->cri_key, (*ocd)->octo_hminner,
(*ocd)->octo_hmouter);
break;
@ -433,12 +421,22 @@ octo_process(device_t dev, struct cryptop *crp, int hint)
}
if (enccrd) {
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
ivp = enccrd->crd_iv;
if (enccrd->crd_flags & CRD_F_ENCRYPT) {
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
ivp = enccrd->crd_iv;
else
read_random((ivp = iv_data), od->octo_ivsize);
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
crypto_copyback(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, od->octo_ivsize, ivp);
} else {
ivp = iv_data;
crypto_copydata(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp);
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
ivp = enccrd->crd_iv;
} else {
ivp = iv_data;
crypto_copydata(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, od->octo_ivsize, (caddr_t) ivp);
}
}
if (maccrd) {

7
target/linux/generic/files/crypto/ocf/cryptodev.c
View file

@ -40,10 +40,8 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gn
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/types.h>
#include <linux/time.h>
@ -60,7 +58,6 @@ __FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gn
#include <linux/file.h>
#include <linux/mount.h>
#include <linux/miscdevice.h>
#include <linux/version.h>
#include <asm/uaccess.h>
#include <cryptodev.h>

3
target/linux/generic/files/crypto/ocf/cryptodev.h
View file

@ -156,7 +156,8 @@
#define CRYPTO_SHA2_384 23
#define CRYPTO_SHA2_512 24
#define CRYPTO_RIPEMD160 25
#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */
#define CRYPTO_LZS_COMP 26
#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */

169
target/linux/generic/files/crypto/ocf/cryptosoft.c
View file

@ -4,7 +4,7 @@
* but is mostly unrecognisable,
*
* Written by David McCullough <david_mccullough@mcafee.com>
* Copyright (C) 2004-2010 David McCullough
* Copyright (C) 2004-2011 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
*
* LICENSE TERMS
@ -35,10 +35,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -50,7 +48,8 @@
#include <linux/mm.h>
#include <linux/skbuff.h>
#include <linux/random.h>
#include <linux/version.h>
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
#include <linux/scatterlist.h>
#endif
@ -76,6 +75,8 @@ struct {
#define SW_TYPE_ASYNC 0x8000
#define SW_TYPE_INUSE 0x10000000
/* We change some of the above if we have an async interface */
#define SW_TYPE_ALG_AMASK (SW_TYPE_ALG_MASK | SW_TYPE_ASYNC)
@ -87,9 +88,11 @@ struct {
#define SCATTERLIST_MAX 16
struct swcr_data {
struct work_struct workq;
int sw_type;
int sw_alg;
struct crypto_tfm *sw_tfm;
spinlock_t sw_tfm_lock;
union {
struct {
char *sw_key;
@ -153,6 +156,9 @@ static struct kmem_cache *swcr_req_cache;
#define crypto_blkcipher_decrypt_iv(W, X, Y, Z) \
crypto_cipher_decrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info))
#define crypto_blkcipher_set_flags(x, y) /* nop */
#define crypto_free_blkcipher(x) crypto_free_tfm(x)
#define crypto_free_comp crypto_free_tfm
#define crypto_free_hash crypto_free_tfm
/* Hash/HMAC/Digest */
struct hash_desc
@ -278,6 +284,54 @@ MODULE_PARM_DESC(swcr_debug, "Enable debug");
static void swcr_process_req(struct swcr_req *req);
/*
* somethings just need to be run with user context no matter whether
* the kernel compression libs use vmalloc/vfree for example.
*/
typedef struct {
struct work_struct wq;
void (*func)(void *arg);
void *arg;
} execute_later_t;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
static void
doing_it_now(struct work_struct *wq)
{
execute_later_t *w = container_of(wq, execute_later_t, wq);
(w->func)(w->arg);
kfree(w);
}
#else
static void
doing_it_now(void *arg)
{
execute_later_t *w = (execute_later_t *) arg;
(w->func)(w->arg);
kfree(w);
}
#endif
static void
execute_later(void (fn)(void *), void *arg)
{
execute_later_t *w;
w = (execute_later_t *) kmalloc(sizeof(execute_later_t), SLAB_ATOMIC);
if (w) {
memset(w, '\0', sizeof(w));
w->func = fn;
w->arg = arg;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
INIT_WORK(&w->wq, doing_it_now);
#else
INIT_WORK(&w->wq, doing_it_now, w);
#endif
schedule_work(&w->wq);
}
}
/*
* Generate a new software session.
*/
@ -363,6 +417,8 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
(*swd)->sw_type = crypto_details[cri->cri_alg].sw_type;
(*swd)->sw_alg = cri->cri_alg;
spin_lock_init(&(*swd)->sw_tfm_lock);
/* Algorithm specific configuration */
switch (cri->cri_alg) {
case CRYPTO_NULL_CBC:
@ -379,19 +435,23 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
/* try async first */
(*swd)->sw_tfm = swcr_no_ablk ? NULL :
crypto_ablkcipher_tfm(crypto_alloc_ablkcipher(algo, 0, 0));
if ((*swd)->sw_tfm) {
if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) {
dprintk("%s %s cipher is async\n", __FUNCTION__, algo);
(*swd)->sw_type |= SW_TYPE_ASYNC;
} else {
dprintk("%s %s cipher is sync\n", __FUNCTION__, algo);
(*swd)->sw_tfm = crypto_blkcipher_tfm(
crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC));
if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm))
dprintk("%s %s cipher is sync\n", __FUNCTION__, algo);
}
if (!(*swd)->sw_tfm) {
if (!(*swd)->sw_tfm || IS_ERR((*swd)->sw_tfm)) {
int err;
dprintk("cryptosoft: crypto_alloc_blkcipher failed(%s, 0x%x)\n",
algo,mode);
err = IS_ERR((*swd)->sw_tfm) ? -(PTR_ERR((*swd)->sw_tfm)) : EINVAL;
(*swd)->sw_tfm = NULL; /* ensure NULL */
swcr_freesession(NULL, i);
return EINVAL;
return err;
}
if (debug) {
@ -536,7 +596,11 @@ swcr_freesession(device_t dev, u_int64_t tid)
crypto_free_hash(crypto_hash_cast(swd->sw_tfm));
break;
case SW_TYPE_COMP:
crypto_free_comp(crypto_comp_cast(swd->sw_tfm));
if (in_interrupt())
execute_later((void (*)(void *))crypto_free_comp, (void *)crypto_comp_cast(swd->sw_tfm));
else
crypto_free_comp(crypto_comp_cast(swd->sw_tfm));
break;
default:
crypto_free_tfm(swd->sw_tfm);
break;
@ -555,32 +619,40 @@ swcr_freesession(device_t dev, u_int64_t tid)
return 0;
}
#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH)
/* older kernels had no async interface */
static void swcr_process_callback(struct crypto_async_request *creq, int err)
static void swcr_process_req_complete(struct swcr_req *req)
{
struct swcr_req *req = creq->data;
dprintk("%s()\n", __FUNCTION__);
if (err) {
if (err == -EINPROGRESS)
return;
dprintk("%s() fail %d\n", __FUNCTION__, -err);
req->crp->crp_etype = -err;
goto done;
if (req->sw->sw_type & SW_TYPE_INUSE) {
unsigned long flags;
spin_lock_irqsave(&req->sw->sw_tfm_lock, flags);
req->sw->sw_type &= ~SW_TYPE_INUSE;
spin_unlock_irqrestore(&req->sw->sw_tfm_lock, flags);
}
if (req->crp->crp_etype)
goto done;
switch (req->sw->sw_type & SW_TYPE_ALG_AMASK) {
#if defined(HAVE_AHASH)
case SW_TYPE_AHMAC:
case SW_TYPE_AHASH:
crypto_copyback(req->crp->crp_flags, req->crp->crp_buf,
req->crd->crd_inject, req->sw->u.hmac.sw_mlen, req->result);
ahash_request_free(req->crypto_req);
break;
#endif
#if defined(HAVE_ABLKCIPHER)
case SW_TYPE_ABLKCIPHER:
ablkcipher_request_free(req->crypto_req);
break;
#endif
case SW_TYPE_CIPHER:
case SW_TYPE_HMAC:
case SW_TYPE_HASH:
case SW_TYPE_COMP:
case SW_TYPE_BLKCIPHER:
break;
default:
req->crp->crp_etype = EINVAL;
goto done;
@ -597,6 +669,22 @@ done:
crypto_done(req->crp);
kmem_cache_free(swcr_req_cache, req);
}
#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH)
static void swcr_process_callback(struct crypto_async_request *creq, int err)
{
struct swcr_req *req = creq->data;
dprintk("%s()\n", __FUNCTION__);
if (err) {
if (err == -EINPROGRESS)
return;
dprintk("%s() fail %d\n", __FUNCTION__, -err);
req->crp->crp_etype = -err;
}
swcr_process_req_complete(req);
}
#endif /* defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) */
@ -631,6 +719,29 @@ static void swcr_process_req(struct swcr_req *req)
goto done;
}
/*
* for some types we need to ensure only one user as info is stored in
* the tfm during an operation that can get corrupted
*/
switch (sw->sw_type & SW_TYPE_ALG_AMASK) {
#ifdef HAVE_AHASH
case SW_TYPE_AHMAC:
case SW_TYPE_AHASH:
#endif
case SW_TYPE_HMAC:
case SW_TYPE_HASH: {
unsigned long flags;
spin_lock_irqsave(&sw->sw_tfm_lock, flags);
if (sw->sw_type & SW_TYPE_INUSE) {
spin_unlock_irqrestore(&sw->sw_tfm_lock, flags);
execute_later((void (*)(void *))swcr_process_req, (void *)req);
return;
}
sw->sw_type |= SW_TYPE_INUSE;
spin_unlock_irqrestore(&sw->sw_tfm_lock, flags);
} break;
}
req->sw = sw;
skip = crd->crd_skip;
@ -722,7 +833,7 @@ static void swcr_process_req(struct swcr_req *req)
}
req->crypto_req =
ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_KERNEL);
ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_ATOMIC);
if (!req->crypto_req) {
crp->crp_etype = ENOMEM;
dprintk("%s,%d: ENOMEM ahash_request_alloc", __FILE__, __LINE__);
@ -747,7 +858,6 @@ static void swcr_process_req(struct swcr_req *req)
case 0:
dprintk("hash OP %s %d\n", ret ? "failed" : "success", ret);
crp->crp_etype = ret;
ahash_request_free(req->crypto_req);
goto done;
}
} break;
@ -776,7 +886,7 @@ static void swcr_process_req(struct swcr_req *req)
}
req->crypto_req = ablkcipher_request_alloc(
__crypto_ablkcipher_cast(sw->sw_tfm), GFP_KERNEL);
__crypto_ablkcipher_cast(sw->sw_tfm), GFP_ATOMIC);
if (!req->crypto_req) {
crp->crp_etype = ENOMEM;
dprintk("%s,%d: ENOMEM ablkcipher_request_alloc",
@ -1028,8 +1138,6 @@ static void swcr_process_req(struct swcr_req *req)
crd->crd_inject, olen, obuf);
crp->crp_olen = olen;
}
} break;
default:
@ -1040,8 +1148,7 @@ static void swcr_process_req(struct swcr_req *req)
}
done:
crypto_done(crp);
kmem_cache_free(swcr_req_cache, req);
swcr_process_req_complete(req);
}
@ -1209,5 +1316,5 @@ late_initcall(cryptosoft_init);
module_exit(cryptosoft_exit);
MODULE_LICENSE("Dual BSD/GPL");
MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>");
MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
MODULE_DESCRIPTION("Cryptosoft (OCF module for kernel crypto)");

37
target/linux/generic/files/crypto/ocf/hifn/hifn7751.c
View file

@ -47,10 +47,8 @@ __FBSDID("$FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.40 2007/03/21 03:42:49 sam E
* Driver for various Hifn encryption processors.
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -63,7 +61,6 @@ __FBSDID("$FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.40 2007/03/21 03:42:49 sam E
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/random.h>
#include <linux/version.h>
#include <linux/skbuff.h>
#include <asm/io.h>
@ -437,7 +434,7 @@ hifn_probe(struct pci_dev *dev, const struct pci_device_id *ent)
if (pci_enable_device(dev) < 0)
return(-ENODEV);
#ifdef CONFIG_HAVE_PCI_SET_MWI
#ifdef HAVE_PCI_SET_MWI
if (pci_set_mwi(dev))
return(-ENODEV);
#endif
@ -873,7 +870,7 @@ hifn_set_retry(struct hifn_softc *sc)
DPRINTF("%s()\n", __FUNCTION__);
/* NB: RETRY only responds to 8-bit reads/writes */
pci_write_config_byte(sc->sc_pcidev, HIFN_RETRY_TIMEOUT, 0);
pci_write_config_dword(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0);
pci_write_config_byte(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0);
/* piggy back the cache line setting here */
pci_write_config_byte(sc->sc_pcidev, PCI_CACHE_LINE_SIZE, hifn_cache_linesize);
}
@ -2380,11 +2377,6 @@ hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
case CRYPTO_AES_CBC:
/* XXX this may read fewer, does it matter? */
read_random(ses->hs_iv,
c->cri_alg == CRYPTO_AES_CBC ?
HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
/*FALLTHROUGH*/
case CRYPTO_ARC4:
if (cry) {
DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__);
@ -2580,8 +2572,7 @@ hifn_process(device_t dev, struct cryptop *crp, int hint)
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
bcopy(enccrd->crd_iv, cmd->iv, ivlen);
else
bcopy(sc->sc_sessions[session].hs_iv,
cmd->iv, ivlen);
read_random(cmd->iv, ivlen);
if ((enccrd->crd_flags & CRD_F_IV_PRESENT)
== 0) {
@ -2786,7 +2777,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf)
struct hifn_dma *dma = sc->sc_dma;
struct cryptop *crp = cmd->crp;
struct cryptodesc *crd;
int i, u, ivlen;
int i, u;
DPRINTF("%s()\n", __FUNCTION__);
@ -2851,22 +2842,6 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf)
hifnstats.hst_obytes += cmd->dst_mapsize;
if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) ==
HIFN_BASE_CMD_CRYPT) {
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
if (crd->crd_alg != CRYPTO_DES_CBC &&
crd->crd_alg != CRYPTO_3DES_CBC &&
crd->crd_alg != CRYPTO_AES_CBC)
continue;
ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ?
HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH);
crypto_copydata(crp->crp_flags, crp->crp_buf,
crd->crd_skip + crd->crd_len - ivlen, ivlen,
cmd->softc->sc_sessions[cmd->session_num].hs_iv);
break;
}
}
if (macbuf != NULL) {
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
int len;

1
target/linux/generic/files/crypto/ocf/hifn/hifn7751var.h
View file

@ -113,7 +113,6 @@ struct hifn_dma {
struct hifn_session {
int hs_used;
int hs_mlen;
u_int8_t hs_iv[HIFN_MAX_IV_LENGTH];
};
#define HIFN_RING_SYNC(sc, r, i, f) \

9
target/linux/generic/files/crypto/ocf/hifn/hifnHIPP.c
View file

@ -33,10 +33,8 @@
* Driver for various Hifn encryption processors.
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -49,7 +47,6 @@
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/random.h>
#include <linux/version.h>
#include <linux/skbuff.h>
#include <linux/uio.h>
#include <linux/sysfs.h>
@ -211,7 +208,7 @@ hipp_probe(struct pci_dev *dev, const struct pci_device_id *ent)
if (pci_enable_device(dev) < 0)
return(-ENODEV);
#ifdef CONFIG_HAVE_PCI_SET_MWI
#ifdef HAVE_PCI_SET_MWI
if (pci_set_mwi(dev))
return(-ENODEV);
#endif

36
target/linux/generic/files/crypto/ocf/ixp4xx/ixp4xx.c
View file

@ -4,7 +4,7 @@
* from Intel in order to operate (or compile).
*
* Written by David McCullough <david_mccullough@mcafee.com>
* Copyright (C) 2006-2010 David McCullough
* Copyright (C) 2006-2011 David McCullough
* Copyright (C) 2004-2005 Intel Corporation.
*
* LICENSE TERMS
@ -34,10 +34,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -448,14 +446,28 @@ ixp_q_process(struct ixp_q *q)
dprintk("%s(%p)\n", __FUNCTION__, q);
if (q->ixp_q_ccrd) {
if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) {
q->ixp_q_iv = q->ixp_q_ccrd->crd_iv;
if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) {
if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) {
q->ixp_q_iv = q->ixp_q_ccrd->crd_iv;
} else {
q->ixp_q_iv = q->ixp_q_iv_data;
read_random(q->ixp_q_iv, ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen);
}
if ((q->ixp_q_ccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
crypto_copyback(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf,
q->ixp_q_ccrd->crd_inject,
ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen,
(caddr_t) q->ixp_q_iv);
} else {
q->ixp_q_iv = q->ixp_q_iv_data;
crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf,
q->ixp_q_ccrd->crd_inject,
ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen,
(caddr_t) q->ixp_q_iv);
if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT)
q->ixp_q_iv = q->ixp_q_ccrd->crd_iv;
else {
q->ixp_q_iv = q->ixp_q_iv_data;
crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf,
q->ixp_q_ccrd->crd_inject,
ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen,
(caddr_t) q->ixp_q_iv);
}
}
if (q->ixp_q_acrd) {

123
target/linux/generic/files/crypto/ocf/kirkwood/cesa/AES/mvAesBoxes.dat Normal file
View file

@ -0,0 +1,123 @@
static MV_U8 mask[256] = {
0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
static MV_U8 Logtable[256] = {
0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7,
};
static MV_U8 Alogtable[512] = {
1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1,
3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1,
};
static MV_U8 S[256] = {
99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22,
};
static MV_U8 Si[256] = {
82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125,
};
/*
static MV_U8 iG[4][4] = {
{0x0e, 0x09, 0x0d, 0x0b},
{0x0b, 0x0e, 0x09, 0x0d},
{0x0d, 0x0b, 0x0e, 0x09},
{0x09, 0x0d, 0x0b, 0x0e},
};
*/
static MV_U32 rcon[30] = {
0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, };

8
target/linux/generic/files/crypto/ocf/kirkwood/cesa_ocf_drv.c
View file

@ -27,10 +27,8 @@ disclaimer.
*******************************************************************************/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -501,7 +499,7 @@ cesa_ocf_process(device_t dev, struct cryptop *crp, int hint)
if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
dprintk("%s,%d: copy the IV back to the buffer\n", __FILE__, __LINE__);
cesa_cmd->ivOffset = crd->crd_inject;
crypto_copy_bits_back(crp->crp_buf, crd->crd_inject, ivp, cesa_ocf_cur_ses->ivlen);
crypto_copyback(crp->crp_flags, crp->crp_buf, crd->crd_inject, cesa_ocf_cur_ses->ivlen, ivp);
}
else {
dprintk("%s,%d: don't copy the IV back to the buffer \n", __FILE__, __LINE__);

135
target/linux/generic/files/crypto/ocf/ocf-bench.c
View file

@ -31,10 +31,8 @@
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -43,7 +41,6 @@
#include <linux/wait.h>
#include <linux/sched.h>
#include <linux/spinlock.h>
#include <linux/version.h>
#include <linux/interrupt.h>
#include <cryptodev.h>
@ -70,22 +67,38 @@
/*
* the number of simultaneously active requests
*/
static int request_q_len = 20;
static int request_q_len = 40;
module_param(request_q_len, int, 0);
MODULE_PARM_DESC(request_q_len, "Number of outstanding requests");
/*
* how many requests we want to have processed
*/
static int request_num = 1024;
module_param(request_num, int, 0);
MODULE_PARM_DESC(request_num, "run for at least this many requests");
/*
* the size of each request
*/
static int request_size = 1500;
static int request_size = 1488;
module_param(request_size, int, 0);
MODULE_PARM_DESC(request_size, "size of each request");
/*
* OCF batching of requests
*/
static int request_batch = 1;
module_param(request_batch, int, 0);
MODULE_PARM_DESC(request_batch, "enable OCF request batching");
/*
* OCF immediate callback on completion
*/
static int request_cbimm = 1;
module_param(request_cbimm, int, 0);
MODULE_PARM_DESC(request_cbimm, "enable OCF immediate callback on completion");
/*
* a structure for each request
*/
@ -99,6 +112,7 @@ typedef struct {
static request_t *requests;
static spinlock_t ocfbench_counter_lock;
static int outstanding;
static int total;
@ -108,6 +122,8 @@ static int total;
*/
static uint64_t ocf_cryptoid;
static unsigned long jstart, jstop;
static int ocf_init(void);
static int ocf_cb(struct cryptop *crp);
static void ocf_request(void *arg);
@ -131,13 +147,15 @@ ocf_init(void)
cria.cri_klen = 20 * 8;
cria.cri_key = "0123456789abcdefghij";
crie.cri_alg = CRYPTO_3DES_CBC;
//crie.cri_alg = CRYPTO_3DES_CBC;
crie.cri_alg = CRYPTO_AES_CBC;
crie.cri_klen = 24 * 8;
crie.cri_key = "0123456789abcdefghijklmn";
crie.cri_next = &cria;
error = crypto_newsession(&ocf_cryptoid, &crie, 0);
error = crypto_newsession(&ocf_cryptoid, &crie,
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
if (error) {
printk("crypto_newsession failed %d\n", error);
return -1;
@ -149,23 +167,23 @@ static int
ocf_cb(struct cryptop *crp)
{
request_t *r = (request_t *) crp->crp_opaque;
unsigned long flags;
if (crp->crp_etype)
printk("Error in OCF processing: %d\n", crp->crp_etype);
total++;
crypto_freereq(crp);
crp = NULL;
if (total > request_num) {
/* do all requests but take at least 1 second */
spin_lock_irqsave(&ocfbench_counter_lock, flags);
total++;
if (total > request_num && jstart + HZ < jiffies) {
outstanding--;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return 0;
}
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
INIT_WORK(&r->work, ocf_request_wq);
#else
INIT_WORK(&r->work, ocf_request, r);
#endif
schedule_work(&r->work);
return 0;
}
@ -177,9 +195,12 @@ ocf_request(void *arg)
request_t *r = arg;
struct cryptop *crp = crypto_getreq(2);
struct cryptodesc *crde, *crda;
unsigned long flags;
if (!crp) {
spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding--;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
@ -198,12 +219,17 @@ ocf_request(void *arg)
crde->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_ENCRYPT;
crde->crd_len = request_size;
crde->crd_inject = request_size;
crde->crd_alg = CRYPTO_3DES_CBC;
//crde->crd_alg = CRYPTO_3DES_CBC;
crde->crd_alg = CRYPTO_AES_CBC;
crde->crd_key = "0123456789abcdefghijklmn";
crde->crd_klen = 24 * 8;
crp->crp_ilen = request_size + 64;
crp->crp_flags = CRYPTO_F_CBIMM;
crp->crp_flags = 0;
if (request_batch)
crp->crp_flags |= CRYPTO_F_BATCH;
if (request_cbimm)
crp->crp_flags |= CRYPTO_F_CBIMM;
crp->crp_buf = (caddr_t) r->buffer;
crp->crp_callback = ocf_cb;
crp->crp_sid = ocf_cryptoid;
@ -220,6 +246,12 @@ ocf_request_wq(struct work_struct *work)
}
#endif
static void
ocf_done(void)
{
crypto_freesession(ocf_cryptoid);
}
/*************************************************************************/
#ifdef BENCH_IXP_ACCESS_LIB
/*************************************************************************/
@ -306,24 +338,25 @@ ixp_perform_cb(
IxCryptoAccStatus status)
{
request_t *r = NULL;
unsigned long flags;
/* do all requests but take at least 1 second */
spin_lock_irqsave(&ocfbench_counter_lock, flags);
total++;
if (total > request_num) {
if (total > request_num && jstart + HZ < jiffies) {
outstanding--;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
if (!sbufp || !(r = IX_MBUF_PRIV(sbufp))) {
printk("crappo %p %p\n", sbufp, r);
outstanding--;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
INIT_WORK(&r->work, ixp_request_wq);
#else
INIT_WORK(&r->work, ixp_request, r);
#endif
schedule_work(&r->work);
}
@ -332,6 +365,7 @@ ixp_request(void *arg)
{
request_t *r = arg;
IxCryptoAccStatus status;
unsigned long flags;
memset(&r->mbuf, 0, sizeof(r->mbuf));
IX_MBUF_MLEN(&r->mbuf) = IX_MBUF_PKT_LEN(&r->mbuf) = request_size + 64;
@ -341,7 +375,9 @@ ixp_request(void *arg)
0, request_size, 0, request_size, request_size, r->buffer);
if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) {
printk("status1 = %d\n", status);
spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding--;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
return;
}
return;
@ -356,6 +392,12 @@ ixp_request_wq(struct work_struct *work)
}
#endif
static void
ixp_done(void)
{
/* we should free the session here but I am lazy :-) */
}
/*************************************************************************/
#endif /* BENCH_IXP_ACCESS_LIB */
/*************************************************************************/
@ -363,7 +405,9 @@ ixp_request_wq(struct work_struct *work)
int
ocfbench_init(void)
{
int i, jstart, jstop;
int i;
unsigned long mbps;
unsigned long flags;
printk("Crypto Speed tests\n");
@ -375,6 +419,11 @@ ocfbench_init(void)
for (i = 0; i < request_q_len; i++) {
/* +64 for return data */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
INIT_WORK(&requests[i].work, ocf_request_wq);
#else
INIT_WORK(&requests[i].work, ocf_request, &requests[i]);
#endif
requests[i].buffer = kmalloc(request_size + 128, GFP_DMA);
if (!requests[i].buffer) {
printk("malloc failed\n");
@ -387,19 +436,31 @@ ocfbench_init(void)
* OCF benchmark
*/
printk("OCF: testing ...\n");
ocf_init();
if (ocf_init() == -1)
return -EINVAL;
spin_lock_init(&ocfbench_counter_lock);
total = outstanding = 0;
jstart = jiffies;
for (i = 0; i < request_q_len; i++) {
spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding++;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
ocf_request(&requests[i]);
}
while (outstanding > 0)
schedule();
jstop = jiffies;
printk("OCF: %d requests of %d bytes in %d jiffies\n", total, request_size,
jstop - jstart);
mbps = 0;
if (jstop > jstart) {
mbps = (unsigned long) total * (unsigned long) request_size * 8;
mbps /= ((jstop - jstart) * 1000) / HZ;
}
printk("OCF: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
total, request_size, (int)(jstop - jstart),
((int)mbps) / 1000, ((int)mbps) % 1000);
ocf_done();
#ifdef BENCH_IXP_ACCESS_LIB
/*
@ -410,15 +471,29 @@ ocfbench_init(void)
total = outstanding = 0;
jstart = jiffies;
for (i = 0; i < request_q_len; i++) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
INIT_WORK(&requests[i].work, ixp_request_wq);
#else
INIT_WORK(&requests[i].work, ixp_request, &requests[i]);
#endif
spin_lock_irqsave(&ocfbench_counter_lock, flags);
outstanding++;
spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
ixp_request(&requests[i]);
}
while (outstanding > 0)
schedule();
jstop = jiffies;
printk("IXP: %d requests of %d bytes in %d jiffies\n", total, request_size,
jstop - jstart);
mbps = 0;
if (jstop > jstart) {
mbps = (unsigned long) total * (unsigned long) request_size * 8;
mbps /= ((jstop - jstart) * 1000) / HZ;
}
printk("IXP: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
total, request_size, jstop - jstart,
((int)mbps) / 1000, ((int)mbps) % 1000);
ixp_done();
#endif /* BENCH_IXP_ACCESS_LIB */
for (i = 0; i < request_q_len; i++)

71
target/linux/generic/files/crypto/ocf/ocf-compat.h
View file

@ -34,6 +34,11 @@
*/
/****************************************************************************/
#ifdef __KERNEL__
#include <linux/version.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
/*
* fake some BSD driver interface stuff specifically for OCF use
*/
@ -288,6 +293,72 @@ static inline void *sg_virt(struct scatterlist *sg)
#define late_initcall(init) module_init(init)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4) || !defined(CONFIG_SMP)
#define ocf_for_each_cpu(cpu) for ((cpu) = 0; (cpu) == 0; (cpu)++)
#else
#define ocf_for_each_cpu(cpu) for_each_present_cpu(cpu)
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
#include <linux/sched.h>
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
struct ocf_thread {
struct task_struct *task;
int (*func)(void *arg);
void *arg;
};
/* thread startup helper func */
static inline int ocf_run_thread(void *arg)
{
struct ocf_thread *t = (struct ocf_thread *) arg;
if (!t)
return -1; /* very bad */
t->task = current;
daemonize();
spin_lock_irq(&current->sigmask_lock);
sigemptyset(&current->blocked);
recalc_sigpending(current);
spin_unlock_irq(&current->sigmask_lock);
return (*t->func)(t->arg);
}
#define kthread_create(f,a,fmt...) \
({ \
struct ocf_thread t; \
pid_t p; \
t.task = NULL; \
t.func = (f); \
t.arg = (a); \
p = kernel_thread(ocf_run_thread, &t, CLONE_FS|CLONE_FILES); \
while (p != (pid_t) -1 && t.task == NULL) \
schedule(); \
if (t.task) \
snprintf(t.task->comm, sizeof(t.task->comm), fmt); \
(t.task); \
})
#define kthread_bind(t,cpu) /**/
#define kthread_should_stop() (strcmp(current->comm, "stopping") == 0)
#define kthread_stop(t) \
({ \
strcpy((t)->comm, "stopping"); \
kill_proc((t)->pid, SIGTERM, 1); \
do { \
schedule(); \
} while (kill_proc((t)->pid, SIGTERM, 1) == 0); \
})
#else
#include <linux/kthread.h>
#endif
#endif /* __KERNEL__ */
/****************************************************************************/

6
target/linux/generic/files/crypto/ocf/ocfnull/ocfnull.c
View file

@ -34,10 +34,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>

13
target/linux/generic/files/crypto/ocf/pasemi/pasemi.c
View file

@ -18,10 +18,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -240,11 +238,6 @@ pasemi_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
if (encini) {
ses->ccmd = ccmd;
/* get an IV */
/* XXX may read fewer than requested */
get_random_bytes(ses->civ, sizeof(ses->civ));
ses->keysz = (encini->cri_klen - 63) / 64;
memcpy(ses->key, encini->cri_key, (ses->keysz + 1) * 8);
@ -451,6 +444,8 @@ pasemi_process(device_t dev, struct cryptop *crp, int hint)
if (enccrd->crd_flags & CRD_F_ENCRYPT) {
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
memcpy(ivp, enccrd->crd_iv, ivsize);
else
read_random(ivp, ivsize);
/* If IV is not present in the buffer already, it has to be copied there */
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0)
crypto_copyback(crp->crp_flags, crp->crp_buf,

12
target/linux/generic/files/crypto/ocf/random.c
View file

@ -36,10 +36,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -48,7 +46,6 @@
#include <linux/wait.h>
#include <linux/sched.h>
#include <linux/spinlock.h>
#include <linux/version.h>
#include <linux/unistd.h>
#include <linux/poll.h>
#include <linux/random.h>
@ -62,11 +59,6 @@
#error "Please do not enable OCF_RANDOMHARVEST unless you have applied patches"
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
#include <linux/sched.h>
#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
#endif
/*
* a hack to access the debug levels from the crypto driver
*/

7
target/linux/generic/files/crypto/ocf/rndtest.c
View file

@ -37,16 +37,13 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/time.h>
#include <linux/version.h>
#include <linux/unistd.h>
#include <linux/kernel.h>
#include <linux/string.h>

1
package/ubsec_ssb/src/hmachack.h → target/linux/generic/files/crypto/ocf/safe/hmachack.h
View file

@ -2,7 +2,6 @@
* until we find a cleaner way, include the BSD md5/sha1 code
* here
*/
#define HMAC_HACK 1
#ifdef HMAC_HACK
#define LITTLE_ENDIAN 1234
#define BIG_ENDIAN 4321

73
target/linux/generic/files/crypto/ocf/safe/safe.c
View file

@ -32,10 +32,8 @@ __FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/kernel.h>
@ -49,7 +47,6 @@ __FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/random.h>
#include <linux/version.h>
#include <linux/skbuff.h>
#include <asm/io.h>
@ -80,40 +77,11 @@ __FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $
*/
#define HMAC_HACK 1
#ifdef HMAC_HACK
#define LITTLE_ENDIAN 1234
#define BIG_ENDIAN 4321
#ifdef __LITTLE_ENDIAN
#define BYTE_ORDER LITTLE_ENDIAN
#endif
#ifdef __BIG_ENDIAN
#define BYTE_ORDER BIG_ENDIAN
#endif
#include <safe/hmachack.h>
#include <safe/md5.h>
#include <safe/md5.c>
#include <safe/sha1.h>
#include <safe/sha1.c>
u_int8_t hmac_ipad_buffer[64] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
};
u_int8_t hmac_opad_buffer[64] = {
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
};
#endif /* HMAC_HACK */
/* add proc entry for this */
@ -564,10 +532,6 @@ safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
ses->ses_used = 1;
if (encini) {
/* get an IV */
/* XXX may read fewer than requested */
read_random(ses->ses_iv, sizeof(ses->ses_iv));
ses->ses_klen = encini->cri_klen;
if (encini->cri_key != NULL)
safe_setup_enckey(ses, encini->cri_key);
@ -630,7 +594,7 @@ safe_process(device_t dev, struct cryptop *crp, int hint)
struct safe_ringentry *re;
struct safe_sarec *sa;
struct safe_pdesc *pd;
u_int32_t cmd0, cmd1, staterec;
u_int32_t cmd0, cmd1, staterec, rand_iv[4];
unsigned long flags;
DPRINTF(("%s()\n", __FUNCTION__));
@ -779,7 +743,7 @@ safe_process(device_t dev, struct cryptop *crp, int hint)
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
iv = enccrd->crd_iv;
else
iv = (caddr_t) ses->ses_iv;
read_random((iv = (caddr_t) &rand_iv[0]), sizeof(rand_iv));
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
crypto_copyback(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, ivsize, iv);
@ -1129,31 +1093,6 @@ safe_callback(struct safe_softc *sc, struct safe_ringentry *re)
return;
}
if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) {
/* copy out IV for future use */
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
int i;
int ivsize;
if (crd->crd_alg == CRYPTO_DES_CBC ||
crd->crd_alg == CRYPTO_3DES_CBC) {
ivsize = 2*sizeof(u_int32_t);
} else if (crd->crd_alg == CRYPTO_AES_CBC) {
ivsize = 4*sizeof(u_int32_t);
} else
continue;
crypto_copydata(crp->crp_flags, crp->crp_buf,
crd->crd_skip + crd->crd_len - ivsize, ivsize,
(caddr_t)sc->sc_sessions[re->re_sesn].ses_iv);
for (i = 0;
i < ivsize/sizeof(sc->sc_sessions[re->re_sesn].ses_iv[0]);
i++)
sc->sc_sessions[re->re_sesn].ses_iv[i] =
cpu_to_le32(sc->sc_sessions[re->re_sesn].ses_iv[i]);
break;
}
}
if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) {
/* copy out ICV result */
for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
@ -2005,10 +1944,12 @@ static int safe_probe(struct pci_dev *dev, const struct pci_device_id *ent)
return(-ENODEV);
}
#ifdef HAVE_PCI_SET_MWI
if (pci_set_mwi(dev)) {
printk("safe: pci_set_mwi failed!");
return(-ENODEV);
}
#endif
sc = (struct safe_softc *) kmalloc(sizeof(*sc), GFP_KERNEL);
if (!sc)

1
target/linux/generic/files/crypto/ocf/safe/safevar.h
View file

@ -145,7 +145,6 @@ struct safe_session {
u_int32_t ses_mlen; /* hmac length in bytes */
u_int32_t ses_hminner[5]; /* hmac inner state */
u_int32_t ses_hmouter[5]; /* hmac outer state */
u_int32_t ses_iv[4]; /* DES/3DES/AES iv */
};
struct safe_pkq {

17
target/linux/generic/files/crypto/ocf/talitos/talitos.c
View file

@ -108,10 +108,8 @@
*/
#include <linux/version.h>
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,33))
#include <generated/autoconf.h>
#else
#include <linux/autoconf.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
#include <linux/config.h>
#endif
#include <linux/module.h>
#include <linux/init.h>
@ -123,7 +121,6 @@
#include <linux/dma-mapping.h> /* dma_map_single() */
#include <linux/moduleparam.h>
#include <linux/version.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15)
#include <linux/platform_device.h>
#endif
@ -421,10 +418,6 @@ talitos_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri)
ses->ses_used = 1;
if (encini) {
/* get an IV */
/* XXX may read fewer than requested */
read_random(ses->ses_iv, sizeof(ses->ses_iv));
ses->ses_klen = (encini->cri_klen + 7) / 8;
memcpy(ses->ses_key, encini->cri_key, ses->ses_klen);
if (macini) {
@ -514,6 +507,7 @@ talitos_process(device_t dev, struct cryptop *crp, int hint)
int hmac_key, hmac_data, cipher_iv, cipher_key,
in_fifo, out_fifo, cipher_iv_out;
static int chsel = -1;
u_int32_t rand_iv[4];
DPRINTF("%s()\n", __FUNCTION__);
@ -755,7 +749,7 @@ talitos_process(device_t dev, struct cryptop *crp, int hint)
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT)
iv = enccrd->crd_iv;
else
iv = (caddr_t) ses->ses_iv;
read_random((iv = (caddr_t) rand_iv), sizeof(rand_iv));
if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) {
crypto_copyback(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, ivsize, iv);
@ -764,9 +758,8 @@ talitos_process(device_t dev, struct cryptop *crp, int hint)
td->hdr |= TALITOS_DIR_INBOUND;
if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) {
iv = enccrd->crd_iv;
bcopy(enccrd->crd_iv, iv, ivsize);
} else {
iv = (caddr_t) ses->ses_iv;
iv = (caddr_t) rand_iv;
crypto_copydata(crp->crp_flags, crp->crp_buf,
enccrd->crd_inject, ivsize, iv);
}

1
target/linux/generic/files/crypto/ocf/talitos/talitos_soft.h
View file

@ -69,7 +69,6 @@ struct talitos_session {
u_int32_t ses_key[8]; /* DES/3DES/AES key */
u_int32_t ses_hmac[5]; /* hmac inner state */
u_int32_t ses_hmac_len; /* hmac length */
u_int32_t ses_iv[4]; /* DES/3DES/AES iv */
u_int32_t ses_mlen; /* desired hash result len (12=ipsec or 16) */
};

12
target/linux/generic/files/crypto/ocf/ubsec_ssb/Makefile Normal file
View file

@ -0,0 +1,12 @@
# for SGlinux builds
-include $(ROOTDIR)/modules/.config
obj-$(CONFIG_OCF_UBSEC_SSB) += ubsec_ssb.o
obj ?= .
EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/
ifdef TOPDIR
-include $(TOPDIR)/Rules.make
endif

0
package/ubsec_ssb/src/bsdqueue.h → target/linux/generic/files/crypto/ocf/ubsec_ssb/bsdqueue.h
View file

20
package/ubsec_ssb/src/ubsec_ssb.c → target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsec_ssb.c
View file

@ -62,24 +62,26 @@
/*
* BSD queue
*/
#include "bsdqueue.h"
//#include "bsdqueue.h"
/*
* OCF
*/
#include "cryptodev.h"
#include "uio.h"
#include <cryptodev.h>
#include <uio.h>
#define HMAC_HACK 1
#define HMAC_HACK 1
#ifdef HMAC_HACK
#include "hmachack.h"
#include "md5.h"
#include "md5.c"
#include "sha1.h"
#include "sha1.c"
#include <safe/hmachack.h>
#include <safe/md5.h>
#include <safe/md5.c>
#include <safe/sha1.h>
#include <safe/sha1.c>
#endif
#include "bsdqueue.h"
#include "ubsecreg.h"
#include "ubsecvar.h"
@ -503,7 +505,7 @@ __devinit ubsec_ssb_probe(struct ssb_device *sdev,
goto err_out_powerdown;
}
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,34))
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36))
err = dma_set_mask(sdev->dma_dev, DMA_BIT_MASK(32)) ||
dma_set_coherent_mask(sdev->dma_dev, DMA_BIT_MASK(32));
#else

0
package/ubsec_ssb/src/ubsecreg.h → target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecreg.h
View file

0
package/ubsec_ssb/src/ubsecvar.h → target/linux/generic/files/crypto/ocf/ubsec_ssb/ubsecvar.h
View file

132
target/linux/generic/patches-2.6.30/971-ocf_20110720.patch Normal file
View file

@ -0,0 +1,132 @@
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -129,6 +129,9 @@
* unsigned int value);
* void add_interrupt_randomness(int irq);
*
+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+ * int random_input_wait(void);
+ *
* add_input_randomness() uses the input layer interrupt timing, as well as
* the event type information from the hardware.
*
@@ -140,6 +143,13 @@
* a better measure, since the timing of the disk interrupts are more
* unpredictable.
*
+ * random_input_words() just provides a raw block of entropy to the input
+ * pool, such as from a hardware entropy generator.
+ *
+ * random_input_wait() suspends the caller until such time as the
+ * entropy pool falls below the write threshold, and returns a count of how
+ * much entropy (in bits) is needed to sustain the pool.
+ *
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
}
#endif
+/*
+ * random_input_words - add bulk entropy to pool
+ *
+ * @buf: buffer to add
+ * @wordcount: number of __u32 words to add
+ * @ent_count: total amount of entropy (in bits) to credit
+ *
+ * this provides bulk input of entropy to the input pool
+ *
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
+ */
+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
+ wake_up_interruptible(&random_read_wait);
+}
+EXPORT_SYMBOL(random_input_words);
+
+/*
+ * random_input_wait - wait until random needs entropy
+ *
+ * this function sleeps until the /dev/random subsystem actually
+ * needs more entropy, and then return the amount of entropy
+ * that it would be nice to have added to the system.
+ */
+int random_input_wait(void)
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
#define EXTRACT_SIZE 10
/*********************************************************************
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -196,6 +196,7 @@ static int setfl(int fd, struct file * f
out:
return error;
}
+EXPORT_SYMBOL(sys_dup);
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
uid_t uid, uid_t euid, int force)
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -12,6 +12,7 @@
#define APOLLO_MOUSE_MINOR 7
#define PC110PAD_MINOR 9
/*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
#define WATCHDOG_MINOR 130 /* Watchdog timer */
#define TEMP_MINOR 131 /* Temperature Sensor */
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
+extern int random_input_wait(void);
+#define HAS_RANDOM_INPUT_WAIT 1
+
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -383,6 +383,7 @@ struct task_struct *find_task_by_pid_typ
{
return pid_task(find_pid_ns(nr, ns), type);
}
+EXPORT_SYMBOL(find_task_by_vpid);
EXPORT_SYMBOL(find_task_by_pid_type_ns);

53
target/linux/generic/patches-2.6.31/971-ocf_20100325.patch → target/linux/generic/patches-2.6.31/971-ocf_20110720.patch
View file

@ -24,7 +24,7 @@
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
}
#endif
@ -88,14 +88,14 @@
/*********************************************************************
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -141,6 +141,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
}
return ret;
@@ -195,6 +195,7 @@ static int setfl(int fd, struct file * f
out:
return error;
}
+EXPORT_SYMBOL(sys_dup);
#define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -12,6 +12,7 @@
@ -108,46 +108,7 @@
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne
@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);

51
target/linux/generic/patches-2.6.32/971-ocf_20100325.patch → target/linux/generic/patches-2.6.32/971-ocf_20110720.patch
View file

@ -88,14 +88,14 @@
/*********************************************************************
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -141,6 +141,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
}
return ret;
@@ -195,6 +195,7 @@ static int setfl(int fd, struct file * f
out:
return error;
}
+EXPORT_SYMBOL(sys_dup);
#define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -12,6 +12,7 @@
@ -108,46 +108,7 @@
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne
@@ -50,6 +50,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);

2
target/linux/generic/patches-2.6.36/970-ocf_kbuild_integration.patch
View file

@ -1,6 +1,6 @@
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -849,3 +849,6 @@ config CRYPTO_ANSI_CPRNG
@@ -845,3 +845,6 @@ config CRYPTO_ANSI_CPRNG
source "drivers/crypto/Kconfig"
endif # if CRYPTO

170
target/linux/generic/patches-2.6.36/971-ocf_20100325.patch
View file

@ -1,170 +0,0 @@
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -129,6 +129,9 @@
* unsigned int value);
* void add_interrupt_randomness(int irq);
*
+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+ * int random_input_wait(void);
+ *
* add_input_randomness() uses the input layer interrupt timing, as well as
* the event type information from the hardware.
*
@@ -140,6 +143,13 @@
* a better measure, since the timing of the disk interrupts are more
* unpredictable.
*
+ * random_input_words() just provides a raw block of entropy to the input
+ * pool, such as from a hardware entropy generator.
+ *
+ * random_input_wait() suspends the caller until such time as the
+ * entropy pool falls below the write threshold, and returns a count of how
+ * much entropy (in bits) is needed to sustain the pool.
+ *
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk
}
#endif
+/*
+ * random_input_words - add bulk entropy to pool
+ *
+ * @buf: buffer to add
+ * @wordcount: number of __u32 words to add
+ * @ent_count: total amount of entropy (in bits) to credit
+ *
+ * this provides bulk input of entropy to the input pool
+ *
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
+ */
+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
+ wake_up_interruptible(&random_read_wait);
+}
+EXPORT_SYMBOL(random_input_words);
+
+/*
+ * random_input_wait - wait until random needs entropy
+ *
+ * this function sleeps until the /dev/random subsystem actually
+ * needs more entropy, and then return the amount of entropy
+ * that it would be nice to have added to the system.
+ */
+int random_input_wait(void)
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
/*********************************************************************
*
* Entropy extraction routines
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
}
return ret;
}
+EXPORT_SYMBOL(sys_dup);
#define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -18,6 +18,7 @@
#define APOLLO_MOUSE_MINOR 7
#define PC110PAD_MINOR 9
/*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
#define WATCHDOG_MINOR 130 /* Watchdog timer */
#define TEMP_MINOR 131 /* Temperature Sensor */
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
+extern int random_input_wait(void);
+#define HAS_RANDOM_INPUT_WAIT 1
+
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -423,6 +423,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{

61
target/linux/generic/patches-2.6.30/971-ocf_20100325.patch → target/linux/generic/patches-2.6.36/971-ocf_20110720.patch
View file

@ -1,3 +1,13 @@
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -423,6 +423,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -129,6 +129,9 @@
@ -24,7 +34,7 @@
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -712,6 +722,61 @@ void add_disk_randomness(struct gendisk
@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk
}
#endif
@ -83,9 +93,11 @@
+EXPORT_SYMBOL(random_input_wait);
+
+
#define EXTRACT_SIZE 10
+#define EXTRACT_SIZE 10
+
/*********************************************************************
*
* Entropy extraction routines
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
@ -98,7 +110,7 @@
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -12,6 +12,7 @@
@@ -18,6 +18,7 @@
#define APOLLO_MOUSE_MINOR 7
#define PC110PAD_MINOR 9
/*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
@ -108,46 +120,7 @@
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -50,6 +75,10 @@ extern void add_input_randomness(unsigne
@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);

85
target/linux/generic/patches-2.6.37/941-ocf_20100325.patch → target/linux/generic/patches-2.6.37/941-ocf_20110720.patch
View file

@ -1,3 +1,13 @@
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -424,6 +424,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -129,6 +129,9 @@
@ -24,7 +34,7 @@
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk
@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk
}
#endif
@ -40,12 +50,12 @@
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
@ -66,22 +76,24 @@
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
+#define EXTRACT_SIZE 10
+
/*********************************************************************
*
@ -108,46 +120,7 @@
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
@ -158,13 +131,3 @@
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -424,6 +424,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{

85
target/linux/generic/patches-2.6.38/941-ocf_20100325.patch → target/linux/generic/patches-2.6.38/941-ocf_20110720.patch
View file

@ -1,3 +1,13 @@
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -129,6 +129,9 @@
@ -24,7 +34,7 @@
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -715,6 +725,61 @@ void add_disk_randomness(struct gendisk
@@ -715,6 +725,63 @@ void add_disk_randomness(struct gendisk
}
#endif
@ -40,12 +50,12 @@
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
@ -66,22 +76,24 @@
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
+#define EXTRACT_SIZE 10
+
/*********************************************************************
*
@ -108,46 +120,7 @@
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
@ -158,13 +131,3 @@
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{

85
target/linux/generic/patches-2.6.39/941-ocf_20100325.patch → target/linux/generic/patches-2.6.39/941-ocf_20110720.patch
View file

@ -1,3 +1,13 @@
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -130,6 +130,9 @@
@ -24,7 +34,7 @@
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -722,6 +732,61 @@ void add_disk_randomness(struct gendisk
@@ -722,6 +732,63 @@ void add_disk_randomness(struct gendisk
}
#endif
@ -40,12 +50,12 @@
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
@ -66,22 +76,24 @@
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
+#define EXTRACT_SIZE 10
+
/*********************************************************************
*
@ -108,46 +120,7 @@
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
@ -158,13 +131,3 @@
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{

170
target/linux/generic/patches-3.0/941-ocf_20100325.patch
View file

@ -1,170 +0,0 @@
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -130,6 +130,9 @@
* void add_interrupt_randomness(int irq);
* void add_disk_randomness(struct gendisk *disk);
*
+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+ * int random_input_wait(void);
+ *
* add_input_randomness() uses the input layer interrupt timing, as well as
* the event type information from the hardware.
*
@@ -147,6 +150,13 @@
* seek times do not make for good sources of entropy, as their seek
* times are usually fairly consistent.
*
+ * random_input_words() just provides a raw block of entropy to the input
+ * pool, such as from a hardware entropy generator.
+ *
+ * random_input_wait() suspends the caller until such time as the
+ * entropy pool falls below the write threshold, and returns a count of how
+ * much entropy (in bits) is needed to sustain the pool.
+ *
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -722,6 +732,61 @@ void add_disk_randomness(struct gendisk
}
#endif
+/*
+ * random_input_words - add bulk entropy to pool
+ *
+ * @buf: buffer to add
+ * @wordcount: number of __u32 words to add
+ * @ent_count: total amount of entropy (in bits) to credit
+ *
+ * this provides bulk input of entropy to the input pool
+ *
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
+ */
+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
+ wake_up_interruptible(&random_read_wait);
+}
+EXPORT_SYMBOL(random_input_words);
+
+/*
+ * random_input_wait - wait until random needs entropy
+ *
+ * this function sleeps until the /dev/random subsystem actually
+ * needs more entropy, and then return the amount of entropy
+ * that it would be nice to have added to the system.
+ */
+int random_input_wait(void)
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
/*********************************************************************
*
* Entropy extraction routines
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
}
return ret;
}
+EXPORT_SYMBOL(sys_dup);
#define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -18,6 +18,7 @@
#define APOLLO_MOUSE_MINOR 7
#define PC110PAD_MINOR 9
/*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
#define WATCHDOG_MINOR 130 /* Watchdog timer */
#define TEMP_MINOR 131 /* Temperature Sensor */
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,7 @@
#include <linux/types.h>
#include <linux/ioctl.h>
+#include <linux/types.h> /* for __u32 in user space */
#include <linux/irqnr.h>
/* ioctl()'s for the random number generator */
@@ -34,6 +35,30 @@
/* Clear the entropy pool and associated counters. (Superuser only.) */
#define RNDCLEARPOOL _IO( 'R', 0x06 )
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES 16
+#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES 16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+ unsigned char key[KEY_SIZE_BYTES]; /* Input */
+ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */
+ unsigned char seed[SEED_SIZE_BYTES]; /* Input */
+ unsigned char result[SEED_SIZE_BYTES]; /* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
struct rand_pool_info {
int entropy_count;
int buf_size;
@@ -54,6 +79,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
+extern int random_input_wait(void);
+#define HAS_RANDOM_INPUT_WAIT 1
+
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{

133
target/linux/generic/patches-3.0/941-ocf_20110720.patch Normal file
View file

@ -0,0 +1,133 @@
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -427,6 +427,7 @@ struct task_struct *find_task_by_vpid(pi
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+EXPORT_SYMBOL(find_task_by_vpid);
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -130,6 +130,9 @@
* void add_interrupt_randomness(int irq);
* void add_disk_randomness(struct gendisk *disk);
*
+ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+ * int random_input_wait(void);
+ *
* add_input_randomness() uses the input layer interrupt timing, as well as
* the event type information from the hardware.
*
@@ -147,6 +150,13 @@
* seek times do not make for good sources of entropy, as their seek
* times are usually fairly consistent.
*
+ * random_input_words() just provides a raw block of entropy to the input
+ * pool, such as from a hardware entropy generator.
+ *
+ * random_input_wait() suspends the caller until such time as the
+ * entropy pool falls below the write threshold, and returns a count of how
+ * much entropy (in bits) is needed to sustain the pool.
+ *
* All of these routines try to estimate how many bits of randomness a
* particular randomness source. They do this by keeping track of the
* first and second order deltas of the event timings.
@@ -722,6 +732,63 @@ void add_disk_randomness(struct gendisk
}
#endif
+/*
+ * random_input_words - add bulk entropy to pool
+ *
+ * @buf: buffer to add
+ * @wordcount: number of __u32 words to add
+ * @ent_count: total amount of entropy (in bits) to credit
+ *
+ * this provides bulk input of entropy to the input pool
+ *
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+ mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+ credit_entropy_bits(&input_pool, ent_count);
+
+ DEBUG_ENT("crediting %d bits => %d\n",
+ ent_count, input_pool.entropy_count);
+ /*
+ * Wake up waiting processes if we have enough
+ * entropy.
+ */
+ if (input_pool.entropy_count >= random_read_wakeup_thresh)
+ wake_up_interruptible(&random_read_wait);
+}
+EXPORT_SYMBOL(random_input_words);
+
+/*
+ * random_input_wait - wait until random needs entropy
+ *
+ * this function sleeps until the /dev/random subsystem actually
+ * needs more entropy, and then return the amount of entropy
+ * that it would be nice to have added to the system.
+ */
+int random_input_wait(void)
+{
+ int count;
+
+ wait_event_interruptible(random_write_wait,
+ input_pool.entropy_count < random_write_wakeup_thresh);
+
+ count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+ /* likely we got woken up due to a signal */
+ if (count <= 0) count = random_read_wakeup_thresh;
+
+ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+ count,
+ input_pool.entropy_count, random_write_wakeup_thresh);
+
+ return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
+#define EXTRACT_SIZE 10
+
/*********************************************************************
*
* Entropy extraction routines
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -142,6 +142,7 @@ SYSCALL_DEFINE1(dup, unsigned int, filde
}
return ret;
}
+EXPORT_SYMBOL(sys_dup);
#define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -18,6 +18,7 @@
#define APOLLO_MOUSE_MINOR 7
#define PC110PAD_MINOR 9
/*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */
+#define CRYPTODEV_MINOR 70 /* /dev/crypto */
#define WATCHDOG_MINOR 130 /* Watchdog timer */
#define TEMP_MINOR 131 /* Temperature Sensor */
#define RTC_MINOR 135
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigne
unsigned int value);
extern void add_interrupt_randomness(int irq);
+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
+extern int random_input_wait(void);
+#define HAS_RANDOM_INPUT_WAIT 1
+
extern void get_random_bytes(void *buf, int nbytes);
void generate_random_uuid(unsigned char uuid_out[16]);