Project

General

Profile

« Previous | Next » 

Revision e01266c0

Added by Luiz Souza over 4 years ago

Improve the handling of crypto offload hardware.

Remove support to deprecated hardware.

Task: #11426

View differences:

src/usr/local/www/includes/functions.inc.php
224 224 
	return $out;
225 225 
}
226 226 

  		




  
  227
  
    
define("INTEL_C2000_IQIA_PHYS", "0x1f188086");


  		




  
  228
  
    
define("INTEL_C3K_QAT", "0x19e28086");


  		




  
  229
  
    
define("INTEL_C3K_QAT_VF", "0x19e38086");


  		




  
  230
  
    
define("INTEL_C620_QAT", "0x37c88086");


  		




  
  231
  
    
define("INTEL_C620_QAT_VF", "0x37c98086");


  		




  
  232
  
    
define("INTEL_XEOND_QAT", "0x6f548086");


  		




  
  233
  
    
define("INTEL_XEOND_QAT_VF", "0x6f558086");


  		




  
  234
  
    
define("INTEL_DH895XCC_QAT", "0x04358086");


  		




  
  235
  
    
define("INTEL_DH895XCC_QAT_VF", "0x04438086");


  		




  
  236
  
    
define("AESNI_ALGS", "AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS");


  		




  
  237
  
    
define("AESNI_ALGS_SHA", "SHA1,SHA256");


  		




  
  238
  
    
define("QAT_ALGS", "AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512");


  		




  
  239
  
    

  		




  
  240
  
    
function crypto_accel_new($name = "", $algs = "") {


  		




  
  241
  
    
	return (array("name" => $name, "present" => false, "enabled" => false, "algs" => explode(",", $algs)));


  		




  
  242
  
    
}


  		




  
  243
  
    

  		




  
  244
  
    
function crypto_accel_init() {


  		




  
  245
  
    
	$machine = get_single_sysctl('hw.machine');


  		




  
  246
  
    

  		




  
  247
  
    
	/* Defaults */


  		




  
  248
  
    
	$crypto = array();


  		




  
  249
  
    
	$crypto["accel"] = array();


  		




  
  250
  
    

  		




  
  251
  
    
	switch ($machine) {


  		




  
  252
  
    
	case 'amd64':


  		




  
  253
  
    
		$crypto["accel"][] = crypto_accel_new("AESNI", AESNI_ALGS);


  		




  
  254
  
    
		$crypto["accel"][] = crypto_accel_new("QAT", QAT_ALGS);


  		




  
  255
  
    
		break;


  		




  
  256
  
    
	}


  		




  
  257
  
    

  		




  
  258
  
    
	return ($crypto);


  		




  
  259
  
    
}


  		




  
  260
  
    

  		




  
  261
  
    
function crypto_accel_set_flags($crypto, $name, $present = false, $enabled = false) {


  		




  
  262
  
    

  		




  
  263
  
    
	foreach ($crypto["accel"] as $id => &$accel) {


  		




  
  264
  
    
		if ($accel["name"] != $name) {


  		




  
  265
  
    
			continue;


  		




  
  266
  
    
		}


  		




  
  267
  
    
		$accel["present"] = $present;


  		




  
  268
  
    
		$accel["enabled"] = $enabled;


  		




  
  269
  
    
	}


  		




  
  270
  
    

  		




  
  271
  
    
	return ($crypto);


  		




  
  272
  
    
}


  		




  
  273
  
    

  		




  
  274
  
    
function crypto_accel_get($crypto, $name, $key) {


  		




  
  275
  
    

  		




  
  276
  
    
	foreach ($crypto["accel"] as $id => $accel) {


  		




  
  277
  
    
		if ($accel["name"] != $name) {


  		




  
  278
  
    
			continue;


  		




  
  279
  
    
		}


  		




  
  280
  
    
                return ($accel[$key]);


  		




  
  281
  
    
	}


  		




  
  282
  
    

  		




  
  283
  
    
	return ("");


  		




  
  284
  
    
}


  		




  
  285
  
    

  		




  
  286
  
    
function crypto_accel_set_algs($crypto, $name, $algs) {


  		




  
  287
  
    

  		




  
  288
  
    
	foreach ($crypto["accel"] as $id => &$accel) {


  		




  
  289
  
    
		if ($accel["name"] != $name) {


  		




  
  290
  
    
			continue;


  		




  
  291
  
    
		}


  		




  
  292
  
    
		$a = explode(",", $algs);


  		




  
  293
  
    
		$m = array_merge($accel["algs"], $a);


  		




  
  294
  
    
		$accel["algs"] = array_unique($m, SORT_STRING);


  		




  
  295
  
    
	}


  		




  
  296
  
    

  		




  
  297
  
    
	return ($crypto);


  		




  
  298
  
    
}


  		




  
  299
  
    

  		




  
  300
  
    
function crypto_accel_get_algs($crypto) {


  		




  
  301
  
    
	$algs = array();


  		




  
  302
  
    
	$algs_str = "";


  		




  
  303
  
    

  		




  
  304
  
    
	foreach ($crypto["accel"] as $id => $accel) {


  		




  
  305
  
    
		if (!$accel["present"] || !$accel["enabled"]) {


  		




  
  306
  
    
			continue;


  		




  
  307
  
    
		}


  		




  
  308
  
    
		$algs = array_merge($accel["algs"], $algs);


  		




  
  309
  
    
	}


  		




  
  310
  
    
	foreach (array_unique($algs, SORT_STRING) as $id => $alg) {


  		




  
  311
  
    
		if (strlen($algs_str) > 0) {


  		




  
  312
  
    
			$algs_str .= ",";


  		




  
  313
  
    
		}


  		




  
  314
  
    
		$algs_str .= $alg;


  		




  
  315
  
    
	}


  		




  
  316
  
    

  		




  
  317
  
    
	return ($algs_str);


  		




  
  318
  
    
}


  		




  
  319
  
    

  		




  
  320
  
    

  		




  227
  321
  
    
function get_cpu_crypto_support() {


  		




  
  322
  
    
	global $g;


  		




  228
  323
  
    
	$machine = get_single_sysctl('hw.machine');


  		




  229
  
  
    
	$accelerated_arm_platforms = array('am335x');


  		




  230
  
  
    
	$cpucrypto_type = "";


  		




  
  324
  
    
	$QATIDS = array(INTEL_C2000_IQIA_PHYS, INTEL_C3K_QAT, INTEL_C3K_QAT_VF, INTEL_C620_QAT, INTEL_C620_QAT_VF,


  		




  
  325
  
    
			INTEL_XEOND_QAT, INTEL_XEOND_QAT_VF, INTEL_DH895XCC_QAT, INTEL_DH895XCC_QAT_VF);


  		




  
  326
  
    

  		




  
  327
  
    
	/* Defaults */


  		




  
  328
  
    
	$crypto = crypto_accel_init();


  		




  231
  329
  
    

  		




  232
  330
  
    
	switch ($machine) {


  		




  233
  331
  
    
	case 'amd64':


  		




  234
  
  
    
		$cpucrypto_type = "AES-NI CPU Crypto: ";


  		




  235
  
  
    
		exec("/usr/bin/grep -c '  Features.*AESNI' /var/log/dmesg.boot", $cpucrypto_present);


  		




  236
  
  
    
		if ($cpucrypto_present[0] > 0) {


  		




  237
  
  
    
			$cpucrypto_type .= "Yes ";


  		




  238
  
  
    
			$cpucrypto_type .= (is_module_loaded('aesni')) ? "(active)" : "(inactive)";


  		




  239
  
  
    
		} else {


  		




  240
  
  
    
			$cpucrypto_type .= "No";


  		




  
  332
  
    
		$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");


  		




  
  333
  
    
		while ($fd && !feof($fd)) {


  		




  
  334
  
    
			$dmesgl = fgets($fd);


  		




  
  335
  
    
			if (preg_match("/^  Features2.*AESNI/", $dmesgl, $matches)) {


  		




  
  336
  
    
				$crypto = crypto_accel_set_flags($crypto, "AESNI", true, (is_module_loaded('aesni')) ? true : false);


  		




  
  337
  
    
			}


  		




  
  338
  
    
			if (preg_match("/^  Structured Extended Features.*SHA/", $dmesgl, $matches)) {


  		




  
  339
  
    
				$crypto = crypto_accel_set_algs($crypto, "AESNI", AESNI_ALGS_SHA);


  		




  
  340
  
    
			}


  		




  
  341
  
    
		}


  		




  
  342
  
    
		if ($fd) {


  		




  
  343
  
    
			fclose($fd);


  		




  
  344
  
    
		}


  		




  
  345
  
    
		exec("/usr/sbin/pciconf -l | /usr/bin/awk '{ printf \"%s\\n\", $4 }' | /usr/bin/cut -f2 -d=", $pciids);


  		




  
  346
  
    
		if (isset($pciids) && is_array($pciids)) {


  		




  
  347
  
    
			foreach ($pciids as $id => $pciid) {


  		




  
  348
  
    
				if (in_array($pciid, $QATIDS)) {


  		




  
  349
  
    
					$crypto = crypto_accel_set_flags($crypto, "QAT", true, (is_module_loaded('qat')) ? true : false);


  		




  
  350
  
    
					break;


  		




  
  351
  
    
				}


  		




  
  352
  
    
			}


  		




  241
  353
  
    
		}


  		




  242
  354
  
    
		break;


  		




  243
  
  
    
	case 'arm':


  		




  244
  
  
    
		$armplatform = get_single_sysctl('hw.platform');


  		




  245
  
  
    
		if (in_array($armplatform, $accelerated_arm_platforms)) {


  		




  246
  
  
    
		/* No drivers yet, so mark inactive! */


  		




  247
  
  
    
			$cpucrypto_type = "{$armplatform} built-in CPU Crypto (inactive)";


  		




  248
  
  
    
			break;


  		




  
  355
  
    
	}


  		




  
  356
  
    

  		




  
  357
  
    
	return ($crypto);


  		




  
  358
  
    
}


  		




  
  359
  
    

  		




  
  360
  
    
function get_cpu_crypto_string($crypto) {


  		




  
  361
  
    
	$machine = get_single_sysctl('hw.machine');


  		




  
  362
  
    
	$string = "";


  		




  
  363
  
    

  		




  
  364
  
    
	switch ($machine) {


  		




  
  365
  
    
	case 'amd64':


  		




  
  366
  
    
		$string = "AES-NI CPU Crypto: ";


  		




  
  367
  
    
		if (crypto_accel_get($crypto, "AESNI", "present")) {


  		




  
  368
  
    
			$string .= "Yes ";


  		




  
  369
  
    
			$string .= crypto_accel_get($crypto, "AESNI", "enabled") ? "(active)" : "(inactive)";


  		




  
  370
  
    
		} else {


  		




  
  371
  
    
			$string .= "No";


  		




  249
  372
  
    
		}


  		




  250
  
  
    
		$armmv = get_single_sysctl('hw.mv_soc_model');


  		




  251
  
  
    
		if (strpos($armmv, "Marvell 88F682") != 0) {


  		




  252
  
  
    
			$cpucrypto_type = "Crypto: ". get_single_sysctl('dev.cesa.0.%desc');


  		




  
  373
  
    
		$string .= "<br>\n";


  		




  
  374
  
    
		$string .= "QAT Crypto: ";


  		




  
  375
  
    
		if (crypto_accel_get($crypto, "QAT", "present")) {


  		




  
  376
  
    
			$string .= "Yes ";


  		




  
  377
  
    
			$string .= crypto_accel_get($crypto, "QAT", "enabled") ? "(active)" : "(inactive)";


  		




  
  378
  
    
		} else {


  		




  
  379
  
    
			$string .= "No";


  		




  253
  380
  
    
		}


  		




  254
  381
  
    
		break;


  		




  255
  
  
    
	default:


  		




  256
  
  
    
		/* Unknown/unidentified platform */


  		




  257
  382
  
    
	}


  		




  258
  383
  
    

  		




  259
  
  
    
	if (!empty($cpucrypto_type)) {


  		




  260
  
  
    
		return $cpucrypto_type;


  		




  
  384
  
    
	if (strlen($string) == 0) {


  		




  
  385
  
    
		$string = "CPU Crypto: None/Unknown Platform";


  		




  261
  386
  
    
	}


  		




  262
  387
  
    

  		




  263
  
  
    
	return "CPU Crypto: None/Unknown Platform";


  		




  
  388
  
    
	return ($string);


  		




  264
  389
  
    
}


  		




  265
  390
  
    

  		




  266
  391
  
    
function get_cpu_count($show_detail = false) {


  		












  

    
      src/usr/local/www/index.php
    
  





  216
  216
  
    

  		




  217
  217
  
    
## Find out whether there's hardware encryption or not


  		




  218
  218
  
    
unset($hwcrypto);


  		




  219
  
  
    
$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");


  		




  220
  
  
    
if ($fd) {


  		




  221
  
  
    
	while (!feof($fd)) {


  		




  222
  
  
    
		$dmesgl = fgets($fd);


  		




  223
  
  
    
		if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)


  		




  224
  
  
    
			or preg_match("/.*(VIA Padlock)/", $dmesgl, $matches)


  		




  225
  
  
    
			or preg_match("/^safe.: (\w.*)/", $dmesgl, $matches)


  		




  226
  
  
    
			or preg_match("/^ubsec.: (.*?),/", $dmesgl, $matches)


  		




  227
  
  
    
			or preg_match("/^padlock.: <(.*?)>,/", $dmesgl, $matches)) {


  		




  228
  
  
    
			$hwcrypto = $matches[1];


  		




  229
  
  
    
			break;


  		




  230
  
  
    
		}


  		




  231
  
  
    
	}


  		




  232
  
  
    
	fclose($fd);


  		




  233
  
  
    
	if (!isset($hwcrypto) && get_single_sysctl("dev.aesni.0.%desc")) {


  		




  234
  
  
    
		$hwcrypto = get_single_sysctl("dev.aesni.0.%desc");


  		




  235
  
  
    
	}


  		




  236
  
  
    
}


  		




  
  219
  
    
$hwcrypto = get_cpu_crypto_support();


  		




  237
  220
  
    

  		




  238
  221
  
    
##build widget saved list information


  		




  239
  222
  
    
if ($user_settings['widgets']['sequence'] != "") {


  		












  

    
      src/usr/local/www/widgets/widgets/system_information.widget.php
    
  





  266
  266
  
    
				</div>


  		




  267
  267
  
    
		<?php endif; ?>


  		




  268
  268
  
    
				<div id="cpucrypto">


  		




  269
  
  
    
					<?= get_cpu_crypto_support(); ?>


  		




  
  269
  
    
					<?= get_cpu_crypto_string($hwcrypto); ?>


  		




  270
  270
  
    
				</div>


  		




  271
  271
  
    
			</td>


  		




  272
  272
  
    
		</tr>


  		




  ......




  278
  278
  
    
		<?php if ($hwcrypto): ?>


  		




  279
  279
  
    
		<tr>


  		




  280
  280
  
    
			<th><?=gettext("Hardware crypto");?></th>


  		




  281
  
  
    
			<td><?=htmlspecialchars($hwcrypto);?></td>


  		




  
  281
  
    
			<td><?=htmlspecialchars(crypto_accel_get_algs($hwcrypto));?></td>


  		




  282
  282
  
    
		</tr>


  		




  283
  283
  
    
		<?php endif; ?>


  		




  284
  284
  
    
<?php


  		












Also available in:  Unified diff