Author: cem
Date: Fri Aug 17 00:30:04 2018
New Revision: 337939
URL: https://svnweb.freebsd.org/changeset/base/337939
Log:
Add xform-conforming auth_hash wrapper for Poly-1305
The wrapper is a thin shim around libsodium's Poly-1305 implementation. For
now, we just use the C algorithm and do not attempt to build the
SSE-optimized variant for x86 processors.
The algorithm support has not yet been plumbed through cryptodev, or added
to cryptosoft.
Added:
head/sys/opencrypto/xform_poly1305.c (contents, props changed)
head/sys/opencrypto/xform_poly1305.h (contents, props changed)
Modified:
head/sys/conf/files
head/sys/modules/crypto/Makefile
head/sys/opencrypto/cryptodev.h
head/sys/opencrypto/xform_auth.h
Modified: head/sys/conf/files
==============================================================================
--- head/sys/conf/files Fri Aug 17 00:27:56 2018 (r337938)
+++ head/sys/conf/files Fri Aug 17 00:30:04 2018 (r337939)
@@ -4819,6 +4819,21 @@ opencrypto/gfmult.c optional crypto | ipsec
| ipsec_s
opencrypto/rmd160.c optional crypto | ipsec | ipsec_support
opencrypto/skipjack.c optional crypto | ipsec | ipsec_support
opencrypto/xform.c optional crypto | ipsec | ipsec_support
+opencrypto/xform_poly1305.c optional crypto \
+ compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include
-I$S/crypto/libsodium"
+contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c
\
+ optional crypto \
+ compile-with "${NORMAL_C}
-I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
+contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c
\
+ optional crypto \
+ compile-with "${NORMAL_C}
-I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
+contrib/libsodium/src/libsodium/crypto_verify/sodium/verify.c \
+ optional crypto \
+ compile-with "${NORMAL_C}
-I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
+crypto/libsodium/randombytes.c optional crypto \
+ compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include
-I$S/crypto/libsodium"
+crypto/libsodium/utils.c optional crypto \
+ compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include
-I$S/crypto/libsodium"
rpc/auth_none.c optional krpc | nfslockd | nfscl | nfsd
rpc/auth_unix.c optional krpc | nfslockd | nfscl | nfsd
rpc/authunix_prot.c optional krpc | nfslockd | nfscl | nfsd
Modified: head/sys/modules/crypto/Makefile
==============================================================================
--- head/sys/modules/crypto/Makefile Fri Aug 17 00:27:56 2018
(r337938)
+++ head/sys/modules/crypto/Makefile Fri Aug 17 00:30:04 2018
(r337939)
@@ -1,5 +1,7 @@
# $FreeBSD$
+LIBSODIUM=${SRCTOP}/sys/contrib/libsodium/src/libsodium
+
.PATH: ${SRCTOP}/sys/opencrypto
.PATH: ${SRCTOP}/sys/crypto
.PATH: ${SRCTOP}/sys/crypto/blowfish
@@ -12,6 +14,10 @@
.PATH: ${SRCTOP}/sys/crypto/blake2
.PATH: ${SRCTOP}/sys/crypto/chacha20
.PATH: ${SRCTOP}/sys/contrib/libb2
+.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305
+.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305/donna
+.PATH: ${LIBSODIUM}/crypto_verify/sodium
+.PATH: ${SRCTOP}/sys/crypto/libsodium
KMOD = crypto
SRCS = crypto.c cryptodev_if.c
@@ -44,6 +50,22 @@ CWARNFLAGS.blake2b-ref.c += -Wno-cast-qual -Wno-unused
CWARNFLAGS.blake2s-ref.c += -Wno-cast-qual -Wno-unused-function
SRCS += chacha.c
SRCS += chacha-sw.c
+
+LIBSODIUM_INC=${LIBSODIUM}/include
+LIBSODIUM_COMPAT=${SRCTOP}/sys/crypto/libsodium
+SRCS += xform_poly1305.c
+CFLAGS.xform_poly1305.c += -I${LIBSODIUM_INC}
-I${LIBSODIUM_COMPAT}
+SRCS += onetimeauth_poly1305.c
+CFLAGS.onetimeauth_poly1305.c += -I${LIBSODIUM_INC}/sodium
-I${LIBSODIUM_COMPAT}
+SRCS += poly1305_donna.c
+CFLAGS.poly1305_donna.c += -I${LIBSODIUM_INC}/sodium
-I${LIBSODIUM_COMPAT}
+SRCS += verify.c
+CFLAGS.verify.c += -I${LIBSODIUM_INC}/sodium
-I${LIBSODIUM_COMPAT}
+SRCS += randombytes.c
+CFLAGS.randombytes.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
+SRCS += utils.c
+CFLAGS.utils.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
+
SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h
SRCS += opt_ddb.h
Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h Fri Aug 17 00:27:56 2018
(r337938)
+++ head/sys/opencrypto/cryptodev.h Fri Aug 17 00:30:04 2018
(r337939)
@@ -85,6 +85,7 @@
#define MD5_KPDK_HASH_LEN 16
#define SHA1_KPDK_HASH_LEN 20
#define AES_GMAC_HASH_LEN 16
+#define POLY1305_HASH_LEN 16
/* Maximum hash algorithm result length */
#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated
*/
@@ -107,6 +108,8 @@
#define AES_192_GMAC_KEY_LEN 24
#define AES_256_GMAC_KEY_LEN 32
+#define POLY1305_KEY_LEN 32
+
/* Encryption algorithm block sizes */
#define NULL_BLOCK_LEN 4 /* IPsec to maintain alignment
*/
#define DES_BLOCK_LEN 8
@@ -195,7 +198,8 @@
#define CRYPTO_SHA2_256 35
#define CRYPTO_SHA2_384 36
#define CRYPTO_SHA2_512 37
-#define CRYPTO_ALGORITHM_MAX 37 /* Keep updated - see below */
+#define CRYPTO_POLY1305 38
+#define CRYPTO_ALGORITHM_MAX 38 /* Keep updated - see below */
#define CRYPTO_ALGO_VALID(x) ((x) >= CRYPTO_ALGORITHM_MIN && \
(x) <= CRYPTO_ALGORITHM_MAX)
Modified: head/sys/opencrypto/xform_auth.h
==============================================================================
--- head/sys/opencrypto/xform_auth.h Fri Aug 17 00:27:56 2018
(r337938)
+++ head/sys/opencrypto/xform_auth.h Fri Aug 17 00:30:04 2018
(r337939)
@@ -83,6 +83,7 @@ extern struct auth_hash auth_hash_nist_gmac_aes_192;
extern struct auth_hash auth_hash_nist_gmac_aes_256;
extern struct auth_hash auth_hash_blake2b;
extern struct auth_hash auth_hash_blake2s;
+extern struct auth_hash auth_hash_poly1305;
union authctx {
MD5_CTX md5ctx;
Added: head/sys/opencrypto/xform_poly1305.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sys/opencrypto/xform_poly1305.c Fri Aug 17 00:30:04 2018
(r337939)
@@ -0,0 +1,91 @@
+/* This file is in the public domain. */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <opencrypto/xform_auth.h>
+#include <opencrypto/xform_poly1305.h>
+
+#include <sodium/crypto_onetimeauth_poly1305.h>
+
+struct poly1305_xform_ctx {
+ struct crypto_onetimeauth_poly1305_state state;
+};
+CTASSERT(sizeof(union authctx) >= sizeof(struct poly1305_xform_ctx));
+
+CTASSERT(POLY1305_KEY_LEN == crypto_onetimeauth_poly1305_KEYBYTES);
+CTASSERT(POLY1305_HASH_LEN == crypto_onetimeauth_poly1305_BYTES);
+
+void
+Poly1305_Init(struct poly1305_xform_ctx *polyctx)
+{
+ /* Nop */
+}
+
+void
+Poly1305_Setkey(struct poly1305_xform_ctx *polyctx,
+ const uint8_t key[__min_size(POLY1305_KEY_LEN)], size_t klen)
+{
+ int rc;
+
+ if (klen != POLY1305_KEY_LEN)
+ panic("%s: Bogus keylen: %u bytes", __func__, (unsigned)klen);
+
+ rc = crypto_onetimeauth_poly1305_init(&polyctx->state, key);
+ if (rc != 0)
+ panic("%s: Invariant violated: %d", __func__, rc);
+}
+
+static void
+xform_Poly1305_Setkey(void *ctx, const uint8_t *key, uint16_t klen)
+{
+ Poly1305_Setkey(ctx, key, klen);
+}
+
+int
+Poly1305_Update(struct poly1305_xform_ctx *polyctx, const void *data,
+ size_t len)
+{
+ int rc;
+
+ rc = crypto_onetimeauth_poly1305_update(&polyctx->state, data, len);
+ if (rc != 0)
+ panic("%s: Invariant violated: %d", __func__, rc);
+ return (0);
+}
+
+static int
+xform_Poly1305_Update(void *ctx, const uint8_t *data, uint16_t len)
+{
+ return (Poly1305_Update(ctx, data, len));
+}
+
+void
+Poly1305_Final(uint8_t digest[__min_size(POLY1305_HASH_LEN)],
+ struct poly1305_xform_ctx *polyctx)
+{
+ int rc;
+
+ rc = crypto_onetimeauth_poly1305_final(&polyctx->state, digest);
+ if (rc != 0)
+ panic("%s: Invariant violated: %d", __func__, rc);
+}
+
+static void
+xform_Poly1305_Final(uint8_t *digest, void *ctx)
+{
+ Poly1305_Final(digest, ctx);
+}
+
+struct auth_hash auth_hash_poly1305 = {
+ .type = CRYPTO_POLY1305,
+ .name = "Poly-1305",
+ .keysize = POLY1305_KEY_LEN,
+ .hashsize = POLY1305_HASH_LEN,
+ .ctxsize = sizeof(struct poly1305_xform_ctx),
+ .blocksize = crypto_onetimeauth_poly1305_BYTES,
+ .Init = (void *)Poly1305_Init,
+ .Setkey = xform_Poly1305_Setkey,
+ .Update = xform_Poly1305_Update,
+ .Final = xform_Poly1305_Final,
+};
Added: head/sys/opencrypto/xform_poly1305.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sys/opencrypto/xform_poly1305.h Fri Aug 17 00:30:04 2018
(r337939)
@@ -0,0 +1,16 @@
+/* This file is in the public domain. */
+/* $FreeBSD$ */
+#pragma once
+
+#include <sys/types.h>
+
+struct poly1305_xform_ctx;
+
+void Poly1305_Init(struct poly1305_xform_ctx *);
+
+void Poly1305_Setkey(struct poly1305_xform_ctx *,
+ const uint8_t [__min_size(32)], size_t);
+
+int Poly1305_Update(struct poly1305_xform_ctx *, const void *, size_t);
+
+void Poly1305_Final(uint8_t [__min_size(16)], struct poly1305_xform_ctx *);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
