Index: head/share/man/man4/hifn.4 =================================================================== --- head/share/man/man4/hifn.4 +++ head/share/man/man4/hifn.4 @@ -56,7 +56,7 @@ .Pp The .Nm -driver registers itself to accelerate DES, Triple-DES, +driver registers itself to accelerate AES (7955 and 7956 only), MD5-HMAC, SHA1, and SHA1-HMAC operations for .Xr ipsec 4 Index: head/share/man/man4/safe.4 =================================================================== --- head/share/man/man4/safe.4 +++ head/share/man/man4/safe.4 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\"/ -.Dd April 1, 2006 +.Dd May 11, 2020 .Dt SAFE 4 .Os .Sh NAME @@ -60,7 +60,7 @@ .Pp The .Nm -driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC, +driver registers itself to accelerate AES, MD5-HMAC, SHA1-HMAC, and NULL operations for .Xr ipsec 4 and Index: head/share/man/man9/crypto.9 =================================================================== --- head/share/man/man9/crypto.9 +++ head/share/man/man9/crypto.9 @@ -131,8 +131,6 @@ .It Dv CRYPTO_AES_XTS .It Dv CRYPTO_CAMELLIA_CBC .It Dv CRYPTO_CHACHA20 -.It Dv CRYPTO_DES_CBC -.It Dv CRYPTO_3DES_CBC .It Dv CRYPTO_NULL_CBC .El .Pp Index: head/sys/conf/files =================================================================== --- head/sys/conf/files +++ head/sys/conf/files @@ -684,8 +684,8 @@ crypto/camellia/camellia-api.c optional crypto | ipsec | ipsec_support crypto/chacha20/chacha.c standard crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support -crypto/des/des_ecb.c optional crypto | ipsec | ipsec_support | netsmb -crypto/des/des_setkey.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_ecb.c optional netsmb +crypto/des/des_setkey.c optional netsmb crypto/rc4/rc4.c optional netgraph_mppc_encryption | kgssapi crypto/rijndael/rijndael-alg-fst.c optional crypto | ekcd | geom_bde | \ ipsec | ipsec_support | !random_loadable | wlan_ccmp Index: head/sys/conf/files.amd64 =================================================================== --- head/sys/conf/files.amd64 +++ head/sys/conf/files.amd64 @@ -136,8 +136,7 @@ cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" crypto/aesni/aeskeys_amd64.S optional aesni -crypto/des/des_enc.c optional crypto | ipsec | \ - ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/acpi_support/acpi_wmi_if.m standard dev/agp/agp_amd64.c optional agp dev/agp/agp_i810.c optional agp Index: head/sys/conf/files.arm =================================================================== --- head/sys/conf/files.arm +++ head/sys/conf/files.arm @@ -91,7 +91,7 @@ cddl/dev/dtrace/arm/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/arm/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/arm/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/cpufreq/cpufreq_dt.c optional cpufreq fdt dev/dwc/if_dwc.c optional dwc dev/dwc/if_dwc_if.m optional dwc Index: head/sys/conf/files.arm64 =================================================================== --- head/sys/conf/files.arm64 +++ head/sys/conf/files.arm64 @@ -221,7 +221,7 @@ compile-with "${CC} -c ${CFLAGS:C/^-O2$/-O3/:N-nostdinc:N-mgeneral-regs-only} -I$S/crypto/armv8/ ${WERROR} ${NO_WCAST_QUAL} ${PROF} -march=armv8-a+crypto ${.IMPSRC}" \ no-implicit-rule \ clean "armv8_crypto_wrap.o" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/acpica/acpi_bus_if.m optional acpi dev/acpica/acpi_if.m optional acpi dev/acpica/acpi_pci_link.c optional acpi pci Index: head/sys/conf/files.i386 =================================================================== --- head/sys/conf/files.i386 +++ head/sys/conf/files.i386 @@ -76,7 +76,7 @@ compat/linux/linux.c optional compat_linux compat/ndis/winx32_wrap.S optional ndisapi pci crypto/aesni/aeskeys_i386.S optional aesni -crypto/des/arch/i386/des_enc.S optional crypto | ipsec | ipsec_support | netsmb +crypto/des/arch/i386/des_enc.S optional netsmb dev/agp/agp_ali.c optional agp dev/agp/agp_amd.c optional agp dev/agp/agp_amd64.c optional agp Index: head/sys/conf/files.mips =================================================================== --- head/sys/conf/files.mips +++ head/sys/conf/files.mips @@ -82,8 +82,7 @@ dev/uart/uart_cpu_fdt.c optional uart fdt # crypto support -- use generic -crypto/des/des_enc.c optional crypto | ipsec | \ - ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb # AP common nvram interface MIPS specific, but maybe should be more generic dev/nvram2env/nvram2env_mips.c optional nvram2env Index: head/sys/conf/files.powerpc =================================================================== --- head/sys/conf/files.powerpc +++ head/sys/conf/files.powerpc @@ -14,7 +14,7 @@ cddl/dev/dtrace/powerpc/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/powerpc/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/powerpc/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/aacraid/aacraid_endian.c optional aacraid dev/adb/adb_bus.c optional adb dev/adb/adb_kbd.c optional adb Index: head/sys/conf/files.riscv =================================================================== --- head/sys/conf/files.riscv +++ head/sys/conf/files.riscv @@ -2,7 +2,7 @@ cddl/dev/dtrace/riscv/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/riscv/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" cddl/dev/fbt/riscv/fbt_isa.c optional dtrace_fbt | dtraceall compile-with "${FBT_C}" -crypto/des/des_enc.c optional crypto | ipsec | ipsec_support | netsmb +crypto/des/des_enc.c optional netsmb dev/ofw/ofw_cpu.c optional fdt dev/ofw/ofwpci.c optional pci fdt dev/pci/pci_host_generic.c optional pci Index: head/sys/dev/cesa/cesa.c =================================================================== --- head/sys/dev/cesa/cesa.c +++ head/sys/dev/cesa/cesa.c @@ -1577,14 +1577,6 @@ if (csp->csp_ivlen != AES_BLOCK_LEN) return (false); break; - case CRYPTO_DES_CBC: - if (csp->csp_ivlen != DES_BLOCK_LEN) - return (false); - break; - case CRYPTO_3DES_CBC: - if (csp->csp_ivlen != DES3_BLOCK_LEN) - return (false); - break; default: return (false); } @@ -1672,15 +1664,6 @@ case CRYPTO_AES_CBC: cs->cs_config |= CESA_CSHD_AES | CESA_CSHD_CBC; cs->cs_ivlen = AES_BLOCK_LEN; - break; - case CRYPTO_DES_CBC: - cs->cs_config |= CESA_CSHD_DES | CESA_CSHD_CBC; - cs->cs_ivlen = DES_BLOCK_LEN; - break; - case CRYPTO_3DES_CBC: - cs->cs_config |= CESA_CSHD_3DES | CESA_CSHD_3DES_EDE | - CESA_CSHD_CBC; - cs->cs_ivlen = DES3_BLOCK_LEN; break; } Index: head/sys/dev/hifn/hifn7751.c =================================================================== --- head/sys/dev/hifn/hifn7751.c +++ head/sys/dev/hifn/hifn7751.c @@ -1604,14 +1604,6 @@ if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) { switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) { - case HIFN_CRYPT_CMD_ALG_3DES: - bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH); - buf_pos += HIFN_3DES_KEY_LENGTH; - break; - case HIFN_CRYPT_CMD_ALG_DES: - bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH); - buf_pos += HIFN_DES_KEY_LENGTH; - break; case HIFN_CRYPT_CMD_ALG_AES: /* * AES keys are variable 128, 192 and @@ -2328,8 +2320,6 @@ switch (sc->sc_ena) { case HIFN_PUSTAT_ENA_2: switch (csp->csp_cipher_alg) { - case CRYPTO_3DES_CBC: - break; case CRYPTO_AES_CBC: if ((sc->sc_flags & HIFN_HAS_AES) == 0) return (false); @@ -2343,13 +2333,6 @@ } return (true); } - /*FALLTHROUGH*/ - case HIFN_PUSTAT_ENA_1: - switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - return (true); - } - break; } return (false); } @@ -2448,16 +2431,6 @@ cmd->base_masks |= HIFN_BASE_CMD_DECODE; cmd->base_masks |= HIFN_BASE_CMD_CRYPT; switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES | - HIFN_CRYPT_CMD_MODE_CBC | - HIFN_CRYPT_CMD_NEW_IV; - break; - case CRYPTO_3DES_CBC: - cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES | - HIFN_CRYPT_CMD_MODE_CBC | - HIFN_CRYPT_CMD_NEW_IV; - break; case CRYPTO_AES_CBC: cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES | HIFN_CRYPT_CMD_MODE_CBC | Index: head/sys/dev/safe/safe.c =================================================================== --- head/sys/dev/safe/safe.c +++ head/sys/dev/safe/safe.c @@ -694,20 +694,6 @@ { switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - if ((sc->sc_devinfo & SAFE_DEVINFO_DES) == 0) - return (false); - if (csp->csp_ivlen != 8) - return (false); - if (csp->csp_cipher_alg == CRYPTO_DES_CBC) { - if (csp->csp_cipher_klen != 8) - return (false); - } else { - if (csp->csp_cipher_klen != 24) - return (false); - } - break; case CRYPTO_AES_CBC: if ((sc->sc_devinfo & SAFE_DEVINFO_AES) == 0) return (false); @@ -866,14 +852,6 @@ safe_setup_enckey(ses, crp->crp_cipher_key); switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - cmd0 |= SAFE_SA_CMD0_DES; - cmd1 |= SAFE_SA_CMD1_CBC; - break; - case CRYPTO_3DES_CBC: - cmd0 |= SAFE_SA_CMD0_3DES; - cmd1 |= SAFE_SA_CMD1_CBC; - break; case CRYPTO_AES_CBC: cmd0 |= SAFE_SA_CMD0_AES; cmd1 |= SAFE_SA_CMD1_CBC; Index: head/sys/dev/sec/sec.c =================================================================== --- head/sys/dev/sec/sec.c +++ head/sys/dev/sec/sec.c @@ -106,12 +106,6 @@ const struct crypto_session_params *csp, struct sec_desc *desc, struct cryptop *crp); -/* DEU */ -static bool sec_deu_newsession(const struct crypto_session_params *csp); -static int sec_deu_make_desc(struct sec_softc *sc, - const struct crypto_session_params *csp, struct sec_desc *desc, - struct cryptop *crp); - /* MDEU */ static bool sec_mdeu_can_handle(u_int alg); static int sec_mdeu_config(const struct crypto_session_params *csp, @@ -154,10 +148,6 @@ sec_aesu_make_desc, }, { - sec_deu_newsession, - sec_deu_make_desc, - }, - { sec_mdeu_newsession, sec_mdeu_make_desc, }, @@ -1147,12 +1137,6 @@ if (csp->csp_ivlen != AES_BLOCK_LEN) return (false); break; - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - /* DEU */ - if (csp->csp_ivlen != DES_BLOCK_LEN) - return (false); - break; default: return (false); } @@ -1462,55 +1446,6 @@ if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { hd->shd_mode0 |= SEC_AESU_MODE_ED; - hd->shd_dir = 0; - } else - hd->shd_dir = 1; - - if (csp->csp_mode == CSP_MODE_ETA) - error = sec_build_common_s_desc(sc, desc, csp, crp); - else - error = sec_build_common_ns_desc(sc, desc, csp, crp); - - return (error); -} - -/* DEU */ - -static bool -sec_deu_newsession(const struct crypto_session_params *csp) -{ - - switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - return (true); - default: - return (false); - } -} - -static int -sec_deu_make_desc(struct sec_softc *sc, const struct crypto_session_params *csp, - struct sec_desc *desc, struct cryptop *crp) -{ - struct sec_hw_desc *hd = desc->sd_desc; - int error; - - hd->shd_eu_sel0 = SEC_EU_DEU; - hd->shd_mode0 = SEC_DEU_MODE_CBC; - - switch (csp->csp_cipher_alg) { - case CRYPTO_3DES_CBC: - hd->shd_mode0 |= SEC_DEU_MODE_TS; - break; - case CRYPTO_DES_CBC: - break; - default: - return (EINVAL); - } - - if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { - hd->shd_mode0 |= SEC_DEU_MODE_ED; hd->shd_dir = 0; } else hd->shd_dir = 1; Index: head/sys/mips/cavium/cryptocteon/cavium_crypto.c =================================================================== --- head/sys/mips/cavium/cryptocteon/cavium_crypto.c +++ head/sys/mips/cavium/cryptocteon/cavium_crypto.c @@ -90,12 +90,10 @@ } while (0) #define ESP_HEADER_LENGTH 8 -#define DES_CBC_IV_LENGTH 8 #define AES_CBC_IV_LENGTH 16 #define ESP_HMAC_LEN 12 #define ESP_HEADER_LENGTH 8 -#define DES_CBC_IV_LENGTH 8 /****************************************************************************/ @@ -320,125 +318,6 @@ } /****************************************************************************/ -/* DES functions */ - -int -octo_des_cbc_encrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - uint64_t *data; - int data_i, data_l; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - while (crypt_off > 0) { - IOV_CONSUME(iov, data, data_i, data_l); - crypt_off -= 8; - } - - while (crypt_len > 0) { - CVMX_MT_3DES_ENC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - IOV_CONSUME(iov, data, data_i, data_l); - crypt_len -= 8; - } - - return 0; -} - - -int -octo_des_cbc_decrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - uint64_t *data; - int data_i, data_l; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x7) || (crypt_off + crypt_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - while (crypt_off > 0) { - IOV_CONSUME(iov, data, data_i, data_l); - crypt_off -= 8; - } - - while (crypt_len > 0) { - CVMX_MT_3DES_DEC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - IOV_CONSUME(iov, data, data_i, data_l); - crypt_len -= 8; - } - - return 0; -} - -/****************************************************************************/ /* AES functions */ int @@ -773,593 +652,6 @@ data++; CVMX_MF_HSH_IV(tmp1, 1); *(uint32_t *)data = (uint32_t) (tmp1 >> 32); - - return 0; -} - -/****************************************************************************/ -/* DES MD5 */ - -int -octo_des_cbc_md5_encrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load MD5 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_ENC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_MD5_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_MD5_UNIT(tmp, next); - } else { - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); - } - CVMX_ES64(tmp1, ((alen + 64) << 3)); - CVM_LOAD_MD5_UNIT(tmp1, next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_ES64(tmp1, ((64 + 16) << 3)); - CVMX_MT_HSH_STARTMD5(tmp1); - - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); - - return 0; -} - -int -octo_des_cbc_md5_decrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load MD5 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_MD5_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_DEC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_MD5_UNIT(tmp, next); - } else { - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next); - } - CVMX_ES64(tmp1, ((alen + 64) << 3)); - CVM_LOAD_MD5_UNIT(tmp1, next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_ES64(tmp1, ((64 + 16) << 3)); - CVMX_MT_HSH_STARTMD5(tmp1); - - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); - - return 0; -} - -/****************************************************************************/ -/* DES SHA */ - -int -octo_des_cbc_sha1_encrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2, tmp3; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load SHA1 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - CVMX_MT_HSH_IV(od->octo_hminner[2], 2); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_ENC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_SHA_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_SHA_UNIT(tmp, next); - } else { - CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); - } - CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - tmp3 = 0; - CVMX_MF_HSH_IV(tmp3, 2); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - tmp3 |= 0x0000000080000000; - CVMX_MT_HSH_DAT(tmp3, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); - - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); - - return 0; -} - -int -octo_des_cbc_sha1_decrypt( - struct octo_sess *od, - struct iovec *iov, size_t iovcnt, size_t iovlen, - int auth_off, int auth_len, - int crypt_off, int crypt_len, - uint8_t *icv, uint8_t *ivp) -{ - int next = 0; - union { - uint32_t data32[2]; - uint64_t data64[1]; - } mydata; - uint64_t *data = &mydata.data64[0]; - uint32_t *data32; - uint64_t tmp1, tmp2, tmp3; - int data_i, data_l, alen = auth_len; - - dprintf("%s()\n", __func__); - - if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL || - (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) || - (crypt_len & 0x7) || - (auth_len & 0x7) || - (auth_off & 0x3) || (auth_off + auth_len > iovlen))) { - dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd " - "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d " - "icv=%p ivp=%p\n", __func__, od, iov, iovlen, - auth_off, auth_len, crypt_off, crypt_len, icv, ivp); - return -EINVAL; - } - - IOV_INIT(iov, data32, data_i, data_l); - - CVMX_PREFETCH0(ivp); - CVMX_PREFETCH0(od->octo_enckey); - - /* load 3DES Key */ - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 0); - if (od->octo_encklen == 24) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[1], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[2], 2); - } else if (od->octo_encklen == 8) { - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 1); - CVMX_MT_3DES_KEY(((uint64_t *) od->octo_enckey)[0], 2); - } else { - dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen); - return -EINVAL; - } - - CVMX_MT_3DES_IV(* (uint64_t *) ivp); - - /* Load SHA1 IV */ - CVMX_MT_HSH_IV(od->octo_hminner[0], 0); - CVMX_MT_HSH_IV(od->octo_hminner[1], 1); - CVMX_MT_HSH_IV(od->octo_hminner[2], 2); - - while (crypt_off > 0 && auth_off > 0) { - IOV_CONSUME(iov, data32, data_i, data_l); - crypt_off -= 4; - auth_off -= 4; - } - - while (crypt_len > 0 || auth_len > 0) { - uint32_t *first = data32; - mydata.data32[0] = *first; - IOV_CONSUME(iov, data32, data_i, data_l); - mydata.data32[1] = *data32; - if (auth_off <= 0) { - if (auth_len > 0) { - CVM_LOAD_SHA_UNIT(*data, next); - auth_len -= 8; - } - } else - auth_off -= 8; - if (crypt_off <= 0) { - if (crypt_len > 0) { - CVMX_MT_3DES_DEC_CBC(*data); - CVMX_MF_3DES_RESULT(*data); - crypt_len -= 8; - } - } else - crypt_off -= 8; - *first = mydata.data32[0]; - *data32 = mydata.data32[1]; - IOV_CONSUME(iov, data32, data_i, data_l); - } - - /* finish the hash */ - CVMX_PREFETCH0(od->octo_hmouter); -#if 0 - if (__predict_false(inplen)) { - uint64_t tmp = 0; - uint8_t *p = (uint8_t *) & tmp; - p[inplen] = 0x80; - do { - inplen--; - p[inplen] = ((uint8_t *) data)[inplen]; - } while (inplen); - CVM_LOAD_SHA_UNIT(tmp, next); - } else { - CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); - } -#else - CVM_LOAD_SHA_UNIT(0x8000000000000000ULL, next); -#endif - - /* Finish Inner hash */ - while (next != 7) { - CVM_LOAD_SHA_UNIT(((uint64_t) 0x0ULL), next); - } - CVM_LOAD_SHA_UNIT((uint64_t) ((alen + 64) << 3), next); - - /* Get the inner hash of HMAC */ - CVMX_MF_HSH_IV(tmp1, 0); - CVMX_MF_HSH_IV(tmp2, 1); - tmp3 = 0; - CVMX_MF_HSH_IV(tmp3, 2); - - /* Initialize hash unit */ - CVMX_MT_HSH_IV(od->octo_hmouter[0], 0); - CVMX_MT_HSH_IV(od->octo_hmouter[1], 1); - CVMX_MT_HSH_IV(od->octo_hmouter[2], 2); - - CVMX_MT_HSH_DAT(tmp1, 0); - CVMX_MT_HSH_DAT(tmp2, 1); - tmp3 |= 0x0000000080000000; - CVMX_MT_HSH_DAT(tmp3, 2); - CVMX_MT_HSH_DATZ(3); - CVMX_MT_HSH_DATZ(4); - CVMX_MT_HSH_DATZ(5); - CVMX_MT_HSH_DATZ(6); - CVMX_MT_HSH_STARTSHA((uint64_t) ((64 + 20) << 3)); - /* save the HMAC */ - data32 = (uint32_t *)icv; - CVMX_MF_HSH_IV(tmp1, 0); - *data32 = (uint32_t) (tmp1 >> 32); - data32++; - *data32 = (uint32_t) tmp1; - data32++; - CVMX_MF_HSH_IV(tmp1, 1); - *data32 = (uint32_t) (tmp1 >> 32); return 0; } Index: head/sys/mips/cavium/cryptocteon/cryptocteon.c =================================================================== --- head/sys/mips/cavium/cryptocteon/cryptocteon.c +++ head/sys/mips/cavium/cryptocteon/cryptocteon.c @@ -121,14 +121,6 @@ { switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - if (csp->csp_ivlen != 8) - return (false); - if (csp->csp_cipher_klen != 8 && - csp->csp_cipher_klen != 24) - return (false); - break; case CRYPTO_AES_CBC: if (csp->csp_ivlen != 16) return (false); @@ -229,11 +221,6 @@ break; case CSP_MODE_CIPHER: switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - ocd->octo_encrypt = octo_des_cbc_encrypt; - ocd->octo_decrypt = octo_des_cbc_decrypt; - break; case CRYPTO_AES_CBC: ocd->octo_encrypt = octo_aes_cbc_encrypt; ocd->octo_decrypt = octo_aes_cbc_decrypt; @@ -242,19 +229,6 @@ break; case CSP_MODE_ETA: switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - switch (csp->csp_auth_alg) { - case CRYPTO_MD5_HMAC: - ocd->octo_encrypt = octo_des_cbc_md5_encrypt; - ocd->octo_decrypt = octo_des_cbc_md5_decrypt; - break; - case CRYPTO_SHA1_HMAC: - ocd->octo_encrypt = octo_des_cbc_sha1_encrypt; - ocd->octo_decrypt = octo_des_cbc_sha1_encrypt; - break; - } - break; case CRYPTO_AES_CBC: switch (csp->csp_auth_alg) { case CRYPTO_MD5_HMAC: Index: head/sys/mips/cavium/cryptocteon/cryptocteonvar.h =================================================================== --- head/sys/mips/cavium/cryptocteon/cryptocteonvar.h +++ head/sys/mips/cavium/cryptocteon/cryptocteonvar.h @@ -67,14 +67,6 @@ octo_encrypt_t octo_null_md5_encrypt; octo_encrypt_t octo_null_sha1_encrypt; -octo_encrypt_t octo_des_cbc_encrypt; -octo_encrypt_t octo_des_cbc_md5_encrypt; -octo_encrypt_t octo_des_cbc_sha1_encrypt; - -octo_decrypt_t octo_des_cbc_decrypt; -octo_decrypt_t octo_des_cbc_md5_decrypt; -octo_decrypt_t octo_des_cbc_sha1_decrypt; - octo_encrypt_t octo_aes_cbc_encrypt; octo_encrypt_t octo_aes_cbc_md5_encrypt; octo_encrypt_t octo_aes_cbc_sha1_encrypt; Index: head/sys/mips/nlm/dev/sec/nlmsec.c =================================================================== --- head/sys/mips/nlm/dev/sec/nlmsec.c +++ head/sys/mips/nlm/dev/sec/nlmsec.c @@ -391,11 +391,6 @@ { switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - case CRYPTO_3DES_CBC: - if (csp->csp_ivlen != XLP_SEC_DES_IV_LENGTH) - return (false); - break; case CRYPTO_AES_CBC: if (csp->csp_ivlen != XLP_SEC_AES_IV_LENGTH) return (false); Index: head/sys/mips/nlm/dev/sec/nlmseclib.c =================================================================== --- head/sys/mips/nlm/dev/sec/nlmseclib.c +++ head/sys/mips/nlm/dev/sec/nlmseclib.c @@ -172,18 +172,6 @@ cipkey = cmd->crp->crp_cipher_key; else cipkey = csp->csp_cipher_key; - if (cmd->cipheralg == NLM_CIPHER_3DES) { - if (!CRYPTO_OP_IS_ENCRYPT(cmd->crp->crp_op)) { - const uint64_t *k; - uint64_t *tkey; - k = (const uint64_t *)cipkey; - tkey = (uint64_t *)cmd->des3key; - tkey[2] = k[0]; - tkey[1] = k[1]; - tkey[0] = k[2]; - cipkey = (const unsigned char *)tkey; - } - } nlm_crypto_fill_pkt_ctrl(cmd->ctrlp, 0, NLM_HASH_BYPASS, 0, cmd->cipheralg, cmd->ciphermode, cipkey, csp->csp_cipher_klen, NULL, 0); @@ -239,18 +227,6 @@ authkey = cmd->crp->crp_auth_key; else authkey = csp->csp_auth_key; - if (cmd->cipheralg == NLM_CIPHER_3DES) { - if (!CRYPTO_OP_IS_ENCRYPT(cmd->crp->crp_op)) { - const uint64_t *k; - uint64_t *tkey; - k = (const uint64_t *)cipkey; - tkey = (uint64_t *)cmd->des3key; - tkey[2] = k[0]; - tkey[1] = k[1]; - tkey[0] = k[2]; - cipkey = (const unsigned char *)tkey; - } - } nlm_crypto_fill_pkt_ctrl(cmd->ctrlp, csp->csp_auth_klen ? 1 : 0, cmd->hashalg, cmd->hashmode, cmd->cipheralg, cmd->ciphermode, cipkey, csp->csp_cipher_klen, @@ -296,16 +272,6 @@ const struct crypto_session_params *csp) { switch(csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - cmd->cipheralg = NLM_CIPHER_DES; - cmd->ciphermode = NLM_CIPHER_MODE_CBC; - cmd->ivlen = XLP_SEC_DES_IV_LENGTH; - break; - case CRYPTO_3DES_CBC: - cmd->cipheralg = NLM_CIPHER_3DES; - cmd->ciphermode = NLM_CIPHER_MODE_CBC; - cmd->ivlen = XLP_SEC_DES_IV_LENGTH; - break; case CRYPTO_AES_CBC: cmd->cipheralg = NLM_CIPHER_AES128; cmd->ciphermode = NLM_CIPHER_MODE_CBC; Index: head/sys/opencrypto/crypto.c =================================================================== --- head/sys/opencrypto/crypto.c +++ head/sys/opencrypto/crypto.c @@ -594,10 +594,6 @@ { switch (csp->csp_cipher_alg) { - case CRYPTO_DES_CBC: - return (&enc_xform_des); - case CRYPTO_3DES_CBC: - return (&enc_xform_3des); case CRYPTO_RIJNDAEL128_CBC: return (&enc_xform_rijndael128); case CRYPTO_AES_XTS: @@ -678,8 +674,6 @@ ALG_COMPRESSION, ALG_AEAD } alg_types[] = { - [CRYPTO_DES_CBC] = ALG_CIPHER, - [CRYPTO_3DES_CBC] = ALG_CIPHER, [CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST, [CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST, [CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST, Index: head/sys/opencrypto/cryptodev.h =================================================================== --- head/sys/opencrypto/cryptodev.h +++ head/sys/opencrypto/cryptodev.h @@ -113,8 +113,6 @@ /* Encryption algorithm block sizes */ #define NULL_BLOCK_LEN 4 /* IPsec to maintain alignment */ -#define DES_BLOCK_LEN 8 -#define DES3_BLOCK_LEN 8 #define RIJNDAEL128_BLOCK_LEN 16 #define AES_BLOCK_LEN 16 #define AES_ICM_BLOCK_LEN 1 @@ -132,10 +130,6 @@ /* Min and Max Encryption Key Sizes */ #define NULL_MIN_KEY 0 #define NULL_MAX_KEY 256 /* 2048 bits, max key */ -#define DES_MIN_KEY 8 -#define DES_MAX_KEY DES_MIN_KEY -#define TRIPLE_DES_MIN_KEY 24 -#define TRIPLE_DES_MAX_KEY TRIPLE_DES_MIN_KEY #define RIJNDAEL_MIN_KEY 16 #define RIJNDAEL_MAX_KEY 32 #define AES_MIN_KEY RIJNDAEL_MIN_KEY @@ -215,7 +209,7 @@ /* NB: deprecated */ struct session_op { - u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t cipher; /* ie. CRYPTO_AES_CBC */ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ u_int32_t keylen; /* cipher key */ @@ -232,7 +226,7 @@ * "cryptop" (no underscore). */ struct session2_op { - u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t cipher; /* ie. CRYPTO_AES_CBC */ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ u_int32_t keylen; /* cipher key */ Index: head/sys/opencrypto/xform.c =================================================================== --- head/sys/opencrypto/xform.c +++ head/sys/opencrypto/xform.c @@ -59,7 +59,6 @@ #include #include -#include #include #include #include @@ -76,8 +75,6 @@ /* Include the encryption algorithms */ #include "xform_null.c" -#include "xform_des1.c" -#include "xform_des3.c" #include "xform_rijndael.c" #include "xform_aes_icm.c" #include "xform_aes_xts.c" Index: head/sys/opencrypto/xform_des1.c =================================================================== --- head/sys/opencrypto/xform_des1.c +++ head/sys/opencrypto/xform_des1.c @@ -1,114 +0,0 @@ -/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ -/*- - * The authors of this code are John Ioannidis (ji@tla.org), - * Angelos D. Keromytis (kermit@csd.uch.gr), - * Niels Provos (provos@physnet.uni-hamburg.de) and - * Damien Miller (djm@mindrot.org). - * - * This code was written by John Ioannidis for BSD/OS in Athens, Greece, - * in November 1995. - * - * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, - * by Angelos D. Keromytis. - * - * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis - * and Niels Provos. - * - * Additional features in 1999 by Angelos D. Keromytis. - * - * AES XTS implementation in 2008 by Damien Miller - * - * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, - * Angelos D. Keromytis and Niels Provos. - * - * Copyright (C) 2001, Angelos D. Keromytis. - * - * Copyright (C) 2008, Damien Miller - * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. - * - * Portions of this software were developed by John-Mark Gurney - * under sponsorship of the FreeBSD Foundation and - * Rubicon Communications, LLC (Netgate). - * - * Permission to use, copy, and modify this software with or without fee - * is hereby granted, provided that this entire notice is included in - * all copies of any software which is or includes a copy or - * modification of this software. - * You may use this code under the GNU public license if you so wish. Please - * contribute changes back to the authors under this freer than GPL license - * so that we may further the use of strong encryption without limitations to - * all. - * - * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY - * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE - * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR - * PURPOSE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -static int des1_setkey(u_int8_t **, const u_int8_t *, int); -static void des1_encrypt(caddr_t, u_int8_t *); -static void des1_decrypt(caddr_t, u_int8_t *); -static void des1_zerokey(u_int8_t **); - -/* Encryption instances */ -struct enc_xform enc_xform_des = { - CRYPTO_DES_CBC, "DES", - DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY, - des1_encrypt, - des1_decrypt, - des1_setkey, - des1_zerokey, - NULL, -}; - -/* - * Encryption wrapper routines. - */ -static void -des1_encrypt(caddr_t key, u_int8_t *blk) -{ - des_key_schedule *p = (des_key_schedule *) key; - - des_ecb_encrypt(blk, blk, p[0], DES_ENCRYPT); -} - -static void -des1_decrypt(caddr_t key, u_int8_t *blk) -{ - des_key_schedule *p = (des_key_schedule *) key; - - des_ecb_encrypt(blk, blk, p[0], DES_DECRYPT); -} - -static int -des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) -{ - des_key_schedule *p; - int err; - - p = KMALLOC(sizeof (des_key_schedule), - M_CRYPTO_DATA, M_NOWAIT|M_ZERO); - if (p != NULL) { - des_set_key(key, p[0]); - err = 0; - } else - err = ENOMEM; - *sched = (u_int8_t *) p; - return err; -} - -static void -des1_zerokey(u_int8_t **sched) -{ - bzero(*sched, sizeof (des_key_schedule)); - KFREE(*sched, M_CRYPTO_DATA); - *sched = NULL; -} Index: head/sys/opencrypto/xform_des3.c =================================================================== --- head/sys/opencrypto/xform_des3.c +++ head/sys/opencrypto/xform_des3.c @@ -1,117 +0,0 @@ -/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ -/*- - * The authors of this code are John Ioannidis (ji@tla.org), - * Angelos D. Keromytis (kermit@csd.uch.gr), - * Niels Provos (provos@physnet.uni-hamburg.de) and - * Damien Miller (djm@mindrot.org). - * - * This code was written by John Ioannidis for BSD/OS in Athens, Greece, - * in November 1995. - * - * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, - * by Angelos D. Keromytis. - * - * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis - * and Niels Provos. - * - * Additional features in 1999 by Angelos D. Keromytis. - * - * AES XTS implementation in 2008 by Damien Miller - * - * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, - * Angelos D. Keromytis and Niels Provos. - * - * Copyright (C) 2001, Angelos D. Keromytis. - * - * Copyright (C) 2008, Damien Miller - * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. - * - * Portions of this software were developed by John-Mark Gurney - * under sponsorship of the FreeBSD Foundation and - * Rubicon Communications, LLC (Netgate). - * - * Permission to use, copy, and modify this software with or without fee - * is hereby granted, provided that this entire notice is included in - * all copies of any software which is or includes a copy or - * modification of this software. - * You may use this code under the GNU public license if you so wish. Please - * contribute changes back to the authors under this freer than GPL license - * so that we may further the use of strong encryption without limitations to - * all. - * - * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY - * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE - * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR - * PURPOSE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -static int des3_setkey(u_int8_t **, const u_int8_t *, int); -static void des3_encrypt(caddr_t, u_int8_t *); -static void des3_decrypt(caddr_t, u_int8_t *); -static void des3_zerokey(u_int8_t **); - -/* Encryption instances */ -struct enc_xform enc_xform_3des = { - CRYPTO_3DES_CBC, "3DES", - DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY, - TRIPLE_DES_MAX_KEY, - des3_encrypt, - des3_decrypt, - des3_setkey, - des3_zerokey, - NULL, -}; - -/* - * Encryption wrapper routines. - */ -static void -des3_encrypt(caddr_t key, u_int8_t *blk) -{ - des_key_schedule *p = (des_key_schedule *) key; - - des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_ENCRYPT); -} - -static void -des3_decrypt(caddr_t key, u_int8_t *blk) -{ - des_key_schedule *p = (des_key_schedule *) key; - - des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_DECRYPT); -} - -static int -des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) -{ - des_key_schedule *p; - int err; - - p = KMALLOC(3*sizeof (des_key_schedule), - M_CRYPTO_DATA, M_NOWAIT|M_ZERO); - if (p != NULL) { - des_set_key(key + 0, p[0]); - des_set_key(key + 8, p[1]); - des_set_key(key + 16, p[2]); - err = 0; - } else - err = ENOMEM; - *sched = (u_int8_t *) p; - return err; -} - -static void -des3_zerokey(u_int8_t **sched) -{ - bzero(*sched, 3*sizeof (des_key_schedule)); - KFREE(*sched, M_CRYPTO_DATA); - *sched = NULL; -} Index: head/sys/opencrypto/xform_enc.h =================================================================== --- head/sys/opencrypto/xform_enc.h +++ head/sys/opencrypto/xform_enc.h @@ -68,8 +68,6 @@ extern struct enc_xform enc_xform_null; -extern struct enc_xform enc_xform_des; -extern struct enc_xform enc_xform_3des; extern struct enc_xform enc_xform_blf; extern struct enc_xform enc_xform_rijndael128; extern struct enc_xform enc_xform_aes_icm;