hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-25 10:01:02 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add support for requests with separate AAD to aesni(4).

Browse Source 
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25289
This commit is contained in:
John Baldwin 2020-06-22 23:22:13 +00:00
parent 9b774dc0c5
commit 604b021795
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=362518
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
sys/crypto/aesni/aesni.c
View File

@ -254,7 +254,8 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp)
struct aesni_softc *sc;
sc = device_get_softc(dev);
if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT)) != 0)
if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
0)
return (EINVAL);
switch (csp->csp_mode) {
case CSP_MODE_DIGEST:
@ -697,8 +698,11 @@ aesni_cipher_crypt(struct aesni_session *ses, struct cryptop *crp,
authbuf = NULL;
if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16 ||
csp->csp_cipher_alg == CRYPTO_AES_CCM_16) {
authbuf = aesni_cipher_alloc(crp, crp->crp_aad_start,
crp->crp_aad_length, &authallocated);
if (crp->crp_aad != NULL)
authbuf = crp->crp_aad;
else
authbuf = aesni_cipher_alloc(crp, crp->crp_aad_start,
crp->crp_aad_length, &authallocated);
if (authbuf == NULL) {
error = ENOMEM;
goto out;
@ -850,8 +854,12 @@ aesni_cipher_mac(struct aesni_session *ses, struct cryptop *crp,
hmac_key[i] = 0 ^ HMAC_IPAD_VAL;
ses->hash_update(&sctx, hmac_key, sizeof(hmac_key));
crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
ses->hash_update, &sctx);
if (crp->crp_aad != NULL)
ses->hash_update(&sctx, crp->crp_aad,
crp->crp_aad_length);
else
crypto_apply(crp, crp->crp_aad_start,
crp->crp_aad_length, ses->hash_update, &sctx);
if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
crypto_apply_buf(&crp->crp_obuf,
@ -876,8 +884,12 @@ aesni_cipher_mac(struct aesni_session *ses, struct cryptop *crp,
} else {
ses->hash_init(&sctx);
crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
ses->hash_update, &sctx);
if (crp->crp_aad != NULL)
ses->hash_update(&sctx, crp->crp_aad,
crp->crp_aad_length);
else
crypto_apply(crp, crp->crp_aad_start,
crp->crp_aad_length, ses->hash_update, &sctx);
if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
crypto_apply_buf(&crp->crp_obuf,