From owner-svn-src-all@freebsd.org  Fri Sep 22 00:34:47 2017
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0A79E04099;
 Fri, 22 Sep 2017 00:34:47 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8E436724D3;
 Fri, 22 Sep 2017 00:34:47 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8M0YkiR032685;
 Fri, 22 Sep 2017 00:34:46 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8M0Yk9H032684;
 Fri, 22 Sep 2017 00:34:46 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201709220034.v8M0Yk9H032684@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Fri, 22 Sep 2017 00:34:46 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r323892 - head/sys/opencrypto
X-SVN-Group: head
X-SVN-Commit-Author: jhb
X-SVN-Commit-Paths: head/sys/opencrypto
X-SVN-Commit-Revision: 323892
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2017 00:34:47 -0000

Author: jhb
Date: Fri Sep 22 00:34:46 2017
New Revision: 323892
URL: https://svnweb.freebsd.org/changeset/base/323892

Log:
  Support AEAD requests with non-GCM algorithms.
  
  In particular, support chaining an AES cipher with an HMAC for a request
  including AAD.  This permits submitting requests from userland to encrypt
  objects like IPSec packets using these algorithms.
  
  In the non-GCM case, the authentication crypto descriptor covers both the
  AAD and the ciphertext.  The GCM case remains unchanged.  This matches
  the requests created internally in IPSec.  For the non-GCM case, the
  COP_F_CIPHER_FIRST is also supported since the ordering matters.
  
  Note that while this can be used to simulate IPSec requests from userland,
  this ioctl cannot currently be used to perform TLS requests using AES-CBC
  and MAC-before-encrypt.
  
  Reviewed by:	cem
  Sponsored by:	Chelsio Communications
  Differential Revision:	https://reviews.freebsd.org/D11759

Modified:
  head/sys/opencrypto/cryptodev.c

Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c	Fri Sep 22 00:21:58 2017	(r323891)
+++ head/sys/opencrypto/cryptodev.c	Fri Sep 22 00:34:46 2017	(r323892)
@@ -917,8 +917,13 @@ cryptodev_aead(
 		goto bail;
 	}
 
-	crda = crp->crp_desc;
-	crde = crda->crd_next;
+	if (caead->flags & COP_F_CIPHER_FIRST) {
+		crde = crp->crp_desc;
+		crda = crde->crd_next;
+	} else {
+		crda = crp->crp_desc;
+		crde = crda->crd_next;
+	}
 
 	if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base,
 	    caead->aadlen)))
@@ -928,8 +933,16 @@ cryptodev_aead(
 	    caead->aadlen, caead->len)))
 		goto bail;
 
+	/*
+	 * For GCM, crd_len covers only the AAD.  For other ciphers
+	 * chained with an HMAC, crd_len covers both the AAD and the
+	 * cipher text.
+	 */
 	crda->crd_skip = 0;
-	crda->crd_len = caead->aadlen;
+	if (cse->cipher == CRYPTO_AES_NIST_GCM_16)
+		crda->crd_len = caead->aadlen;
+	else
+		crda->crd_len = caead->aadlen + caead->len;
 	crda->crd_inject = caead->aadlen + caead->len;
 
 	crda->crd_alg = cse->mac;