Date: Fri, 22 Sep 2017 00:34:46 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r323892 - head/sys/opencrypto Message-ID: <201709220034.v8M0Yk9H032684@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Fri Sep 22 00:34:46 2017 New Revision: 323892 URL: https://svnweb.freebsd.org/changeset/base/323892 Log: Support AEAD requests with non-GCM algorithms. In particular, support chaining an AES cipher with an HMAC for a request including AAD. This permits submitting requests from userland to encrypt objects like IPSec packets using these algorithms. In the non-GCM case, the authentication crypto descriptor covers both the AAD and the ciphertext. The GCM case remains unchanged. This matches the requests created internally in IPSec. For the non-GCM case, the COP_F_CIPHER_FIRST is also supported since the ordering matters. Note that while this can be used to simulate IPSec requests from userland, this ioctl cannot currently be used to perform TLS requests using AES-CBC and MAC-before-encrypt. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D11759 Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Fri Sep 22 00:21:58 2017 (r323891) +++ head/sys/opencrypto/cryptodev.c Fri Sep 22 00:34:46 2017 (r323892) @@ -917,8 +917,13 @@ cryptodev_aead( goto bail; } - crda = crp->crp_desc; - crde = crda->crd_next; + if (caead->flags & COP_F_CIPHER_FIRST) { + crde = crp->crp_desc; + crda = crde->crd_next; + } else { + crda = crp->crp_desc; + crde = crda->crd_next; + } if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base, caead->aadlen))) @@ -928,8 +933,16 @@ cryptodev_aead( caead->aadlen, caead->len))) goto bail; + /* + * For GCM, crd_len covers only the AAD. For other ciphers + * chained with an HMAC, crd_len covers both the AAD and the + * cipher text. + */ crda->crd_skip = 0; - crda->crd_len = caead->aadlen; + if (cse->cipher == CRYPTO_AES_NIST_GCM_16) + crda->crd_len = caead->aadlen; + else + crda->crd_len = caead->aadlen + caead->len; crda->crd_inject = caead->aadlen + caead->len; crda->crd_alg = cse->mac;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709220034.v8M0Yk9H032684>