Commit Graph

140 Commits

Author SHA1 Message Date
riastradh
f3d2f6ec55 clang can't handle __aligned on anonymous structure initializers. 2020-08-20 13:33:54 +00:00
mlelstv
8f599c8a78 Plaintext buffers are used directly for write() operations to the raw device.
Align them to the needs of cgd(4).
2020-08-15 10:03:10 +00:00
riastradh
64af5d547a Missed a spot -- one more 32-bit sign-compare issue. 2020-06-30 04:17:31 +00:00
riastradh
6a40410cdc Fix sign-compare issue on 32-bit systems.
Built fine on amd64, where all unsigned values are representable in
ssize_t, but I didn't try building on i386, where they're not.
2020-06-30 04:15:46 +00:00
riastradh
04a6492d1e New cgd cipher adiantum.
Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

   Paul Crowley and Eric Biggers, `Adiantum: length-preserving
   encryption for entry-level processors', IACR Transactions on
   Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before.  (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector.  It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size.  (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC.  The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)).  NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12.  We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.
2020-06-29 23:44:01 +00:00
jruoho
55908713e4 Reference PRs consistently. 2020-06-26 07:50:11 +00:00
christos
e81cd2ea14 LIBISPRIVATE=yes 2020-06-01 14:42:03 +00:00
christos
2e98ca8c7c Set LIBISPRIVATE=yes 2020-06-01 14:41:25 +00:00
isaki
e1f09352b2 Fix two tests.
- kqueue_mode_{RDONLY,RDWR}_READ: Fix expected value.
  This is rest of rev1.9.
- AUDIO_SETINFO_params_simul: Fix condition.
  This happens on full-duplex, not bi-directional.
These affect only standalone test, not atf.
2020-05-01 05:45:57 +00:00
isaki
1088ff9364 Add tests for poll(POLLIN) before read().
This affects only standalone test, not atf.
2020-03-26 13:43:10 +00:00
isaki
08c0ee5cd7 Sync with sys/dev/audio/audio.c rev1.65.
> Fix to start recording immediately when open() with READ mode is called.
This affects only standalone test, not atf.
2020-03-26 13:37:44 +00:00
isaki
05b122f3e6 Use exact match to search testname.
This didn't affect test results.
2020-03-25 13:07:04 +00:00
pgoyette
9c5430b66e These test cases should now succeed, after fixing rump kernel to handle
modules that establish their sysctls via SYSCTL_SETUP()
2020-03-21 04:50:21 +00:00
pgoyette
00ff0f5d11 Mark the swsensor tests "expected failure" since the rump world doesn't
seem to handle the SYSCTL_SETUP stuff.  PR kern/55088
2020-03-19 20:10:49 +00:00
isaki
889e75ac54 Sync with sys/dev/audio/audio.c rev1.62.
> Restore backward compatibility with netbsd-7 audio.
2020-03-04 14:20:44 +00:00
isaki
37e454b408 Re-add -lrumpdev dropped in the previous commit. 2020-03-02 04:25:08 +00:00
christos
638ad1a643 fix build by adding a Makefile.inc that chains up. 2020-03-01 20:19:54 +00:00
christos
0dc8cda9a3 Centralize the base rump libraries into a variable used by all the other
Makefiles so that we can make changes to it centrally as needed and have
less mess. Fixes the sun2 build that needs rumpvfs after librump after
the latest changes.
2020-03-01 18:08:12 +00:00
christos
43a5e20952 librump depends on vfs so add a dependency on for sun2. 2020-03-01 17:06:26 +00:00
isaki
a05df8ab92 Update AUDIO_SETINFO_channels test.
The kernel limits the number of channels that userland apps can set to
the number of channels supported by the hardware or less.
2020-02-22 05:53:19 +00:00
isaki
da6e9a93eb Add tests.
AUDIO_SETINFO_channels
 AUDIO_SETINFO_sample_rate
 AUDIO_SETINFO_sample_rate_0
2020-02-18 12:11:26 +00:00
isaki
27995e7e3a Improve around {audioctl_,}open_multiuser.
- Make multiuser bool and remove newval.
- try_audioctl_open_multiuser() doesn't need multiuser argument.
2020-02-14 13:20:48 +00:00
tnn
8097da4b67 don't use variable 'newval' uninitialized when multiuser mode unchanged 2020-02-13 18:06:26 +00:00
martin
830be2f838 Add sentinel to the testtable[] array. 2020-02-12 07:02:21 +00:00
isaki
e758b536e1 Add ATF tests for audio(4).
91 passed test cases
    0 failed test cases.
    0 expected failed test cases.
    62 skipped test cases.

There are many skipped tests, because the test itself supports full-
duplex, half-duplex and uni-directional devices but pad(4) used in ATF
tests is uni-directional device.
2020-02-11 07:03:16 +00:00
martin
0509bcf964 Gracefully skip test if not enough space in temporary directory. 2019-07-10 06:21:40 +00:00
martin
33a5a5b239 Reduce disk image size for tests (PR 44239 has been fixed) 2019-07-10 06:10:54 +00:00
isaki
e0eeaafc81 Rewrite t_pad test.
Previous version compared the pad's output binary passed mulaw-slinear
conversion and frequency conversion with the prepared "good result".
In such case, a test may fail when the implemantation changes.  In fact,
the frequency conversion algorithm was changed in isaki-audio2, so
output waveforms is not completely the same (but that's no problem with
the audio waveforms).
New version uses slinear_le/2ch/44100Hz input data and compares the
output binary with the input data.  pad with no conversions should
output the same binary.
Fix PR kern/54187.
2019-06-20 12:14:46 +00:00
kre
9c62ddd5c1 Deal with fallout from the addition of
KERN_PROC_CWD in sysctl(3)
That is kern.proc.$$.KERN_PROC_CWD (I think - not that it matters here)

The effect is that -lrump now requires -lrumpvfs

This set of changes fixes (I believe) regular dynamic builds,
more might be required for static builds (will be verified soon).
2019-06-01 06:59:17 +00:00
kre
49b4b2e530 Fix quoting (quotes really do not nest...) and remove a bunch of it
that is harmless, but also pointless (in sh, quotes do not make strings,
everything is a string, rather they hide characters which would have
some other meaning unquoted (like spaces) - quotes are not needed around
strings like "descr" so remove them...

Be more consistent with line wrap style, try to avoid wrapping in the
middle of a (sh) word where possible.   Avoid \ use when it is not needed.

Un-KNF (C style) - sh has no declarations, there is no need to leave
blank lines at the head of a function to mark the end of the declarations.

This should be a NFC - but the quoting really was broken before, just
was probably harmless breakage.
2019-04-10 06:13:21 +00:00
kre
c2cf8ad6d4 PR bin/53999 from rudolf (eq.cz)
Fix cgdconfig to report verification failures with gpt and mbr
verification methods (and not treat them as silent hard errors).
This also causes the cgd to be unconfigured when one of those
verification methods fails.

Add ATF tests to check that bad verification is reported, and
does not leave the cgd configured.

Patches from the PR applied.
2019-04-10 06:09:39 +00:00
mrg
7081cfef47 use strncpy() into a buffer that may not be nul terminated. 2019-02-06 09:16:49 +00:00
mrg
f2b04ca083 implement 32-bit compat support for raidframe.
convert several raidframe ioctls to be bitsize idempotent so that
they work the same in 32 and 64 bit worlds, allowing netbsd32 to
configure and query raid properly.  remove useless 'row' in a few
places.  add COMPAT_80 and put the old ioctls there.

raidframeio.h:
  RAIDFRAME_TEST_ACC
  - remove, unused
  RAIDFRAME_GET_COMPONENT_LABEL
  - convert to label not pointer to label
  RAIDFRAME_CHECK_RECON_STATUS_EXT
  RAIDFRAME_CHECK_PARITYREWRITE_STATUS_EXT
  RAIDFRAME_CHECK_COPYBACK_STATUS_EXT
  - convert to progress info not pointer to info
  RAIDFRAME_GET_INFO
  - version entirely.
raidframevar.h:
  - rf_recon_req{} has row, flags and raidPtr removed (they're
    not a useful part of this interface.)
  - RF_Config_s{} and RF_DeviceConfig_s{} have numRow/rows removed.
  - RF_RaidDisk_s{} is re-ordered slightly to fix alignment
    padding - the actual data was already OK.
  - InstallSpareTable() loses row argument

rf_compat32.c has code for RF_Config_s{} in 32 bit mode, used
by RAIDFRAME_CONFIGURE and RAIDFRAME_GET_INFO32.

rf_compat80.c has code for rf_recon_req{}, RF_RaidDisk_s{} and
RF_DeviceConfig_s{} to handle RAIDFRAME_FAIL_DISK,
RAIDFRAME_GET_COMPONENT_LABEL, RAIDFRAME_CHECK_RECON_STATUS_EXT,
RAIDFRAME_CHECK_PARITYREWRITE_STATUS_EXT,
RAIDFRAME_CHECK_COPYBACK_STATUS_EXT, RAIDFRAME_GET_INFO.

move several of the per-ioctl code blocks into separate functions.

add rf_recon_req_internal{} to replace old usage of global
rf_recon_req{} that had unused void * in the structure, ruining
it's 32/64 bit ABI.

add missing case for RAIDFRAME_GET_INFO50.

adjust raid tests to use the new .conf format, and add a case to
test the old method as well.

raidctl:
deal with lack of 'row' members in a couple of places.
fail request no longer takes row.
handle "START array" sections with just "numCol numSpare", ie
no "numRow" specified.  for now, generate old-style configuration
but update raidctl.8 to specify the new style (keeping reference
to the old style.)

note that: RF_ComponentLabel_s::{row,num_rows} and
RF_SingleComponent_s::row are obsolete but not removed yet.
2018-01-18 00:32:48 +00:00
bouyer
878cb1cfc5 Fix fallout from hid factorisation:
- need to install sys/dev/hid/hid.h for userland
- include it where needed - most of the time in place if usb/usbhid.h
2017-12-10 20:38:13 +00:00
riastradh
ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
martin
55e87a2ae4 Do not assume an all-zeroes disk label will read back as a disk with
an 'a'  partition covering the whole disk, instead use the raw partition.
Also skip this test if the fss device is not available.
With lots of help from pgoyette.
2017-03-15 10:53:15 +00:00
nat
712047004e Revert to previous. Audio passes the test properly again. 2017-01-27 05:14:54 +00:00
christos
c54cb81102 Don't play with "../.." in includes for h_macros.h; deal with it centrally.
Minor fixes.
2017-01-13 21:30:39 +00:00
nat
baaaeb8681 Update test output to reflect audio changes. 2016-12-11 08:09:29 +00:00
alnsn
826f45ea87 AES XTS unit tests should now pass. 2016-12-11 00:23:44 +00:00
alnsn
e771598c7d Switch to CHECK_LIBC for writing. 2016-11-24 22:42:16 +00:00
alnsn
0fb91146db Add 3des-cbc tests with 192 bits key. 2016-11-11 07:39:58 +00:00
alnsn
b0f6fce42a Add blowfish-cbc tests for 128, 256 and 448 bits keys. 2016-11-10 23:44:36 +00:00
alnsn
911f4379f3 Add aes-cbc tests. 2016-11-09 22:01:15 +00:00
alnsn
54ef2b1942 Don't use mktemp. 2016-11-07 18:11:45 +00:00
scole
282adaf8f0 Only build t_cgd_aes if MKCRYPTO==yes and MKRUMP==yes. 2016-11-07 16:33:37 +00:00
alnsn
acc218101f Don't build t_cgd_aes if ${MKCRYPTO} == "no". 2016-11-06 21:29:54 +00:00
alnsn
838eb24361 Add tests for not-yet-committed cgd algorithm AES-XTS.
The tests are marked as expected failures.
2016-11-06 10:54:42 +00:00
nat
333b297cf7 pad(4) must be open before corresponding audio device is opened.
OK christos@
2016-10-15 07:08:06 +00:00
jakllsch
d0b2f20734 These clock_subr tests are no longer expected to fail. 2016-08-17 12:06:49 +00:00