ipsec issue since at least 6.2 on VIA CPUs with padlock

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ipsec issue since at least 6.2 on VIA CPUs with padlock

Renaud Allard-2
Hello,

I am running OpenBSD 6.2 i386 on a VIA CPU with padlock.
cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA

ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not
reproduce this issue anywhere else than on that hardware.

When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and
SA with ipsecctl -s. But no packet ever goes through enc0.

If I configure the tunnel to use hmac-md5 and 3des, for which there is
no padlock support (everything else being the same), the tunnel just
works fine.

I am now running -current and the issue is still present.

I suppose there is an issue that appeared some time between 6.1 and 6.2
which made the crypto acceleration fail with that CPU (and probably with
other padlock enabled CPUs too).

Best Regards


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ipsec issue since at least 6.2 on VIA CPUs with padlock

Renaud Allard-2


On 02/12/2018 01:32 PM, Renaud Allard wrote:

> Hello,
>
> I am running OpenBSD 6.2 i386 on a VIA CPU with padlock.
> cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz
> cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
>
> ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not
> reproduce this issue anywhere else than on that hardware.
>
> When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and
> SA with ipsecctl -s. But no packet ever goes through enc0.
>
> If I configure the tunnel to use hmac-md5 and 3des, for which there is
> no padlock support (everything else being the same), the tunnel just
> works fine.
>
> I am now running -current and the issue is still present.
>
> I suppose there is an issue that appeared some time between 6.1 and 6.2
> which made the crypto acceleration fail with that CPU (and probably with
> other padlock enabled CPUs too).
>
I tried multiple configurations, and actually, only AES doesn't work.
SHA1 till SHA2-512 work, 3DES and blowfish work.


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ipsec issue since at least 6.2 on VIA CPUs with padlock

Mike Belopuhov-5
On Mon, Feb 12, 2018 at 15:47 +0100, Renaud Allard wrote:

>
>
> On 02/12/2018 01:32 PM, Renaud Allard wrote:
> > Hello,
> >
> > I am running OpenBSD 6.2 i386 on a VIA CPU with padlock.
> > cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz
> > cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
> >
> > ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not
> > reproduce this issue anywhere else than on that hardware.
> >
> > When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and
> > SA with ipsecctl -s. But no packet ever goes through enc0.
> >
> > If I configure the tunnel to use hmac-md5 and 3des, for which there is
> > no padlock support (everything else being the same), the tunnel just
> > works fine.
> >
> > I am now running -current and the issue is still present.
> >
> > I suppose there is an issue that appeared some time between 6.1 and 6.2
> > which made the crypto acceleration fail with that CPU (and probably with
> > other padlock enabled CPUs too).
> >
>
> I tried multiple configurations, and actually, only AES doesn't work.
> SHA1 till SHA2-512 work, 3DES and blowfish work.
>


Hi,

Thank you for your report, I think I forgot to convert bits to bytes.
Please test the diff below.

Cheers,
Mike


diff --git sys/arch/amd64/amd64/via.c sys/arch/amd64/amd64/via.c
index c0e1e540b12..818c35f53d0 100644
--- sys/arch/amd64/amd64/via.c
+++ sys/arch/amd64/amd64/via.c
@@ -177,13 +177,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)
  ses->ses_klen = c->cri_klen;
  ses->ses_cw0 = cw0;
 
  /* Build expanded keys for both directions */
  AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key,
-    c->cri_klen);
+    c->cri_klen / 8);
  AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key,
-    c->cri_klen);
+    c->cri_klen / 8);
  for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) {
  ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
  ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
  }
 
diff --git sys/arch/i386/i386/via.c sys/arch/i386/i386/via.c
index 860fa45c0ac..83a092c24b7 100644
--- sys/arch/i386/i386/via.c
+++ sys/arch/i386/i386/via.c
@@ -178,13 +178,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)
  ses->ses_klen = c->cri_klen;
  ses->ses_cw0 = cw0;
 
  /* Build expanded keys for both directions */
  AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key,
-    c->cri_klen);
+    c->cri_klen / 8);
  AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key,
-    c->cri_klen);
+    c->cri_klen / 8);
  for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) {
  ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
  ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
  }
 

Reply | Threaded
Open this post in threaded view
|

Re: ipsec issue since at least 6.2 on VIA CPUs with padlock

Renaud Allard-2


On 02/14/2018 11:26 PM, Mike Belopuhov wrote:

>
> Hi,
>
> Thank you for your report, I think I forgot to convert bits to bytes.
> Please test the diff below.
>
> Cheers,
> Mike
>
>
> diff --git sys/arch/amd64/amd64/via.c sys/arch/amd64/amd64/via.c
> index c0e1e540b12..818c35f53d0 100644
> --- sys/arch/amd64/amd64/via.c
> +++ sys/arch/amd64/amd64/via.c
> @@ -177,13 +177,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)
>   ses->ses_klen = c->cri_klen;
>   ses->ses_cw0 = cw0;
>  
>   /* Build expanded keys for both directions */
>   AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key,
> -    c->cri_klen);
> +    c->cri_klen / 8);
>   AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key,
> -    c->cri_klen);
> +    c->cri_klen / 8);
>   for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) {
>   ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
>   ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
>   }
>  
> diff --git sys/arch/i386/i386/via.c sys/arch/i386/i386/via.c
> index 860fa45c0ac..83a092c24b7 100644
> --- sys/arch/i386/i386/via.c
> +++ sys/arch/i386/i386/via.c
> @@ -178,13 +178,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)
>   ses->ses_klen = c->cri_klen;
>   ses->ses_cw0 = cw0;
>  
>   /* Build expanded keys for both directions */
>   AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key,
> -    c->cri_klen);
> +    c->cri_klen / 8);
>   AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key,
> -    c->cri_klen);
> +    c->cri_klen / 8);
>   for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) {
>   ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
>   ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
>   }
>  
>
Hi Mike,

That patch solved the issue. I was only able to test on i386, but I
suppose it's the same for amd64.

Thank you
Cheers



smime.p7s (5K) Download Attachment