Page MenuHomeFreeBSD
Differential D53181

random: remove safe(4)
Needs ReviewPublic
Actions

Authored by obrien on Sat, Oct 18, 1:36 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 19, 12:02 AM
Unknown Object (File)
Sun, Oct 19, 12:02 AM
Unknown Object (File)
Sat, Oct 18, 1:20 PM
Unknown Object (File)
Sat, Oct 18, 11:17 AM
Unknown Object (File)
Sat, Oct 18, 8:58 AM
Unknown Object (File)
Sat, Oct 18, 8:48 AM
Unknown Object (File)
Sat, Oct 18, 6:22 AM
Subscribers
cem
imp
jhb
ziaee

Details

Reviewers
None
Group Reviewers
csprng
Summary

The SafeNet SafeXcel 1141/1741 crypto accelerator only supports
deprecated & disallowed algorithms (NIST SP800-224idp): DES,
Triple-DES, MD5, SHA-1, SHA1-HMAC, and non-SP800-90B RNG.




Only the AES functionality is still NIST allowed.  However,

modern CPU's have higher software AES throughput than this

25 year old crypto accelerator.
Diff Detail
Repository 
rG FreeBSD src repository 
Lint 
Lint Skipped
 
Unit 
Tests Skipped
 
Build Status 
Buildable 67889
Build 64772: arc lint + arc unit
 
Event Timeline
obrien created this revision.Sat, Oct 18, 1:36 AM
Herald added subscribers: ziaee, imp.  ·  View Herald TranscriptSat, Oct 18, 1:36 AM
obrien requested review of this revision.Sat, Oct 18, 1:36 AM
Harbormaster completed remote builds in B67888: Diff 164467.Sat, Oct 18, 1:36 AM
obrien updated this revision to Diff 164468.Sat, Oct 18, 1:37 AM
tags
Harbormaster completed remote builds in B67889: Diff 164468.Sat, Oct 18, 1:37 AM
obrien added a comment.Sat, Oct 18, 1:48 AM
I could only find PCI cards with this chipset (SafeXcel 140-PCI, SafeXcel 141-PCI, SafeXcel 171-PCI, and SafeXcel 241-PCI), nothing newer to plug into a modern AMD64 system.  I haven't yet found any(which) SoC's may have the SafeXcel embedded, but I doubt they are 64-bit capable.
cem added a subscriber: cem.Sat, Oct 18, 3:12 AM
Hm, not sure I'd call AES deprecated or disallowed.  But no objection to removing.
cem added inline comments.Sat, Oct 18, 3:13 AM
sys/sys/random.h


93
I think this is an ABI change, and requires the usual ABI bump machinery / caution.
obrien updated this revision to Diff 164470.Sat, Oct 18, 4:08 AM
PBKAC
Harbormaster completed remote builds in B67891: Diff 164470.Sat, Oct 18, 4:08 AM
obrien updated this revision to Diff 164482.Sat, Oct 18, 5:30 AM
add more files
Harbormaster completed remote builds in B67893: Diff 164482.Sat, Oct 18, 5:30 AM
ziaee added a comment.Sat, Oct 18, 2:00 PM
Can we please do driver removals in a measured way, with a mail to an appropriate list issuing a schedule for deprecation and removal, and an entry in the release notes?



To be clear, I don't use/want this hardware and actually it's really ugly in the hardware release notes. I've tried rewriting the entry to fix it and failed, even.
obrien updated this revision to Diff 164511.Sat, Oct 18, 11:14 PM
embelish
Harbormaster completed remote builds in B67902: Diff 164511.Sat, Oct 18, 11:14 PM
obrien updated this revision to Diff 164710.Tue, Oct 21, 6:05 PM
update log message
Harbormaster completed remote builds in B67975: Diff 164710.Tue, Oct 21, 6:05 PM
obrien edited the summary of this revision. (Show Details)Tue, Oct 21, 7:52 PM


In D53181#1214931, @cem wrote:


Hm, not sure I'd call AES deprecated or disallowed.  But no objection to removing.





I've updated the log message to not claim AES is deprecated.  I've added my opinion on why we should still GC safe(4) for even AES use.
jhb added a subscriber: jhb.Tue, Oct 21, 8:26 PM
I already trimmed most of the algorithms from this driver after dropping several deprecated IPsec algorithms back in 2020.  We still support AES-CBC with a SHA1 HMAC for crufty IPsec setups (and in particular, when I last purged IPsec algorithms based on RFC 8221, that combination was not disallowed) and geli(4).



There is a newer RFC 9395 (published April 2023) which deprecate SHA1 HMAC for IPsec, so we could consider adopting that in 16, but we would need to add warnings, etc.  If we wanted to deprecate it from geli(4) that would also need warnings, etc.  I did this for MD5-HMAC before (rG5c420aae3b18027809507dc9142182d4290897bf).  Kerberos has not yet deprecated SHA1 it would seem (RFC 8429 remains the newest RFC there).
sys/conf/options


739 ↗(On Diff #164710)
hifi(4) is also of dubious usefulness


sys/sys/random.h


93
Is it private to the kernel?  OCTEON is also no longer present (was MIPS only) so should perhaps be removed as well, or if it is a user-facing ABI, just leave the value here as a placeholder.
obrien added inline comments.Tue, Oct 21, 9:03 PM
sys/conf/options


739 ↗(On Diff #164710)
Already posted as https://reviews.freebsd.org/D53182


sys/sys/random.h


93
Already posted as https://reviews.freebsd.org/D53146
obrien added a comment.Tue, Oct 21, 9:14 PM
One think specific to safe(4) is, does SafeXcel 1141/1741 cards / SoC's exist that would plug into any of the platforms listed on https://www.freebsd.org/platforms for 15.0?

I can't find any PCI-e (or even PCI), or USB cards with this HW one can buy.  I question how wide-spread safe(4) ever was.  I cannot figure out how Global Technology Associates, Inc. used this.

Even on eBay, in both current and completed auctions, there is only https://www.ebay.com/itm/365919401957 - which are just silicon chips from 2005.
Revision Contents
Changeset List
PathSize
share/
man/
man4/
sys/
dev/
random/
1 line
safe/
sys/
1 line
Diff 164468
View Options
share/man/man4/safe.4
Loading...
View Options
sys/dev/random/random_harvestq.c
Loading...
View Options
sys/dev/safe/safe.c
Loading...
View Options
sys/dev/safe/safereg.h
Loading...
View Options
sys/dev/safe/safevar.h
Loading...
View Options
sys/sys/random.h
Loading...