Re: ipsec issue since at least 6.2 on VIA CPUs with padlock
On 02/14/2018 11:26 PM, Mike Belopuhov wrote: > > Hi, > > Thank you for your report, I think I forgot to convert bits to bytes. > Please test the diff below. > > Cheers, > Mike > > > diff --git sys/arch/amd64/amd64/via.c sys/arch/amd64/amd64/via.c > index c0e1e540b12..818c35f53d0 100644 > --- sys/arch/amd64/amd64/via.c > +++ sys/arch/amd64/amd64/via.c > @@ -177,13 +177,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct > cryptoini *cri) > ses->ses_klen = c->cri_klen; > ses->ses_cw0 = cw0; > > /* Build expanded keys for both directions */ > AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key, > - c->cri_klen); > + c->cri_klen / 8); > AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key, > - c->cri_klen); > + c->cri_klen / 8); > for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) { > ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]); > ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]); > } > > diff --git sys/arch/i386/i386/via.c sys/arch/i386/i386/via.c > index 860fa45c0ac..83a092c24b7 100644 > --- sys/arch/i386/i386/via.c > +++ sys/arch/i386/i386/via.c > @@ -178,13 +178,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct > cryptoini *cri) > ses->ses_klen = c->cri_klen; > ses->ses_cw0 = cw0; > > /* Build expanded keys for both directions */ > AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key, > - c->cri_klen); > + c->cri_klen / 8); > AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key, > - c->cri_klen); > + c->cri_klen / 8); > for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) { > ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]); > ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]); > } > > Hi Mike, That patch solved the issue. I was only able to test on i386, but I suppose it's the same for amd64. Thank you Cheers smime.p7s Description: S/MIME Cryptographic Signature
Re: ipsec issue since at least 6.2 on VIA CPUs with padlock
On Mon, Feb 12, 2018 at 15:47 +0100, Renaud Allard wrote: > > > On 02/12/2018 01:32 PM, Renaud Allard wrote: > > Hello, > > > > I am running OpenBSD 6.2 i386 on a VIA CPU with padlock. > > cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz > > cpu0: RNG AES AES-CTR SHA1 SHA256 RSA > > > > ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not > > reproduce this issue anywhere else than on that hardware. > > > > When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and > > SA with ipsecctl -s. But no packet ever goes through enc0. > > > > If I configure the tunnel to use hmac-md5 and 3des, for which there is > > no padlock support (everything else being the same), the tunnel just > > works fine. > > > > I am now running -current and the issue is still present. > > > > I suppose there is an issue that appeared some time between 6.1 and 6.2 > > which made the crypto acceleration fail with that CPU (and probably with > > other padlock enabled CPUs too). > > > > I tried multiple configurations, and actually, only AES doesn't work. > SHA1 till SHA2-512 work, 3DES and blowfish work. > Hi, Thank you for your report, I think I forgot to convert bits to bytes. Please test the diff below. Cheers, Mike diff --git sys/arch/amd64/amd64/via.c sys/arch/amd64/amd64/via.c index c0e1e540b12..818c35f53d0 100644 --- sys/arch/amd64/amd64/via.c +++ sys/arch/amd64/amd64/via.c @@ -177,13 +177,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) ses->ses_klen = c->cri_klen; ses->ses_cw0 = cw0; /* Build expanded keys for both directions */ AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key, - c->cri_klen); + c->cri_klen / 8); AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key, - c->cri_klen); + c->cri_klen / 8); for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) { ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]); ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]); } diff --git sys/arch/i386/i386/via.c sys/arch/i386/i386/via.c index 860fa45c0ac..83a092c24b7 100644 --- sys/arch/i386/i386/via.c +++ sys/arch/i386/i386/via.c @@ -178,13 +178,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) ses->ses_klen = c->cri_klen; ses->ses_cw0 = cw0; /* Build expanded keys for both directions */ AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key, - c->cri_klen); + c->cri_klen / 8); AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key, - c->cri_klen); + c->cri_klen / 8); for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) { ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]); ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]); }
Re: ipsec issue since at least 6.2 on VIA CPUs with padlock
On 02/12/2018 01:32 PM, Renaud Allard wrote: > Hello, > > I am running OpenBSD 6.2 i386 on a VIA CPU with padlock. > cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz > cpu0: RNG AES AES-CTR SHA1 SHA256 RSA > > ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not > reproduce this issue anywhere else than on that hardware. > > When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and > SA with ipsecctl -s. But no packet ever goes through enc0. > > If I configure the tunnel to use hmac-md5 and 3des, for which there is > no padlock support (everything else being the same), the tunnel just > works fine. > > I am now running -current and the issue is still present. > > I suppose there is an issue that appeared some time between 6.1 and 6.2 > which made the crypto acceleration fail with that CPU (and probably with > other padlock enabled CPUs too). > I tried multiple configurations, and actually, only AES doesn't work. SHA1 till SHA2-512 work, 3DES and blowfish work. smime.p7s Description: S/MIME Cryptographic Signature