From owner-svn-src-all@freebsd.org Wed Jul 18 04:29:45 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F9E51033E40; Wed, 18 Jul 2018 04:29:45 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 12F6687265; Wed, 18 Jul 2018 04:29:45 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DACE8154E2; Wed, 18 Jul 2018 04:29:44 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6I4TiwY008799; Wed, 18 Jul 2018 04:29:44 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6I4TimA008798; Wed, 18 Jul 2018 04:29:44 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201807180429.w6I4TimA008798@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: Conrad Meyer Date: Wed, 18 Jul 2018 04:29:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336442 - head/sys/crypto/aesni X-SVN-Group: head X-SVN-Commit-Author: cem X-SVN-Commit-Paths: head/sys/crypto/aesni X-SVN-Commit-Revision: 336442 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2018 04:29:45 -0000 Author: cem Date: Wed Jul 18 04:29:44 2018 New Revision: 336442 URL: https://svnweb.freebsd.org/changeset/base/336442 Log: aesni(4): Abstract out hash/HMAC support No functional change. Verified with cryptocheck. Modified: head/sys/crypto/aesni/aesni.c Modified: head/sys/crypto/aesni/aesni.c ============================================================================== --- head/sys/crypto/aesni/aesni.c Wed Jul 18 03:32:28 2018 (r336441) +++ head/sys/crypto/aesni/aesni.c Wed Jul 18 04:29:44 2018 (r336442) @@ -541,6 +541,12 @@ intel_sha1_update(void *vctx, const void *vdata, u_int } static void +SHA1_Init_fn(void *ctx) +{ + sha1_init(ctx); +} + +static void SHA1_Finalize_fn(void *digest, void *ctx) { sha1_result(ctx, digest); @@ -590,6 +596,12 @@ intel_sha256_update(void *vctx, const void *vdata, u_i } static void +SHA256_Init_fn(void *ctx) +{ + SHA256_Init(ctx); +} + +static void SHA256_Finalize_fn(void *digest, void *ctx) { SHA256_Final(digest, ctx); @@ -813,7 +825,13 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry } sctx; uint32_t res[SHA2_256_HASH_LEN / sizeof(uint32_t)]; int hashlen, error; + void *ctx; + void (*InitFn)(void *); + int (*UpdateFn)(void *, const void *, unsigned); + void (*FinalizeFn)(void *, void *); + bool hmac; + if ((crd->crd_flags & ~CRD_F_KEY_EXPLICIT) != 0) { CRYPTDEB("%s: Unsupported MAC flags: 0x%x", __func__, (crd->crd_flags & ~CRD_F_KEY_EXPLICIT)); @@ -825,39 +843,26 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry return (error); } + hmac = false; switch (ses->auth_algo) { case CRYPTO_SHA1_HMAC: - hashlen = SHA1_HASH_LEN; - /* Inner hash: (K ^ IPAD) || data */ - sha1_init(&sctx.sha1); - hmac_internal(&sctx.sha1, res, intel_sha1_update, - SHA1_Finalize_fn, ses->hmac_key, 0x36, crp->crp_buf, - crd->crd_skip, crd->crd_len, crp->crp_flags); - /* Outer hash: (K ^ OPAD) || inner hash */ - sha1_init(&sctx.sha1); - hmac_internal(&sctx.sha1, res, intel_sha1_update, - SHA1_Finalize_fn, ses->hmac_key, 0x5C, res, 0, hashlen, 0); - break; + hmac = true; + /* FALLTHROUGH */ case CRYPTO_SHA1: hashlen = SHA1_HASH_LEN; - sha1_init(&sctx.sha1); - crypto_apply(crp->crp_flags, crp->crp_buf, crd->crd_skip, - crd->crd_len, __DECONST(int (*)(void *, void *, u_int), - intel_sha1_update), &sctx.sha1); - sha1_result(&sctx.sha1, (void *)res); + InitFn = SHA1_Init_fn; + UpdateFn = intel_sha1_update; + FinalizeFn = SHA1_Finalize_fn; + ctx = &sctx.sha1; break; + case CRYPTO_SHA2_256_HMAC: + hmac = true; hashlen = SHA2_256_HASH_LEN; - /* Inner hash: (K ^ IPAD) || data */ - SHA256_Init(&sctx.sha2); - hmac_internal(&sctx.sha2, res, intel_sha256_update, - SHA256_Finalize_fn, ses->hmac_key, 0x36, crp->crp_buf, - crd->crd_skip, crd->crd_len, crp->crp_flags); - /* Outer hash: (K ^ OPAD) || inner hash */ - SHA256_Init(&sctx.sha2); - hmac_internal(&sctx.sha2, res, intel_sha256_update, - SHA256_Finalize_fn, ses->hmac_key, 0x5C, res, 0, hashlen, - 0); + InitFn = SHA256_Init_fn; + UpdateFn = intel_sha256_update; + FinalizeFn = SHA256_Finalize_fn; + ctx = &sctx.sha2; break; default: /* @@ -865,6 +870,24 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry * enccrd */ return (0); + } + + if (hmac) { + /* Inner hash: (K ^ IPAD) || data */ + InitFn(ctx); + hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key, + 0x36, crp->crp_buf, crd->crd_skip, crd->crd_len, + crp->crp_flags); + /* Outer hash: (K ^ OPAD) || inner hash */ + InitFn(ctx); + hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key, + 0x5C, res, 0, hashlen, 0); + } else { + InitFn(ctx); + crypto_apply(crp->crp_flags, crp->crp_buf, crd->crd_skip, + crd->crd_len, __DECONST(int (*)(void *, void *, u_int), + UpdateFn), ctx); + FinalizeFn(res, ctx); } if (ses->mlen != 0 && ses->mlen < hashlen)