Date: Fri, 22 May 2020 20:52:37 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361404 - head/sys/crypto/ccp Message-ID: <202005222052.04MKqbJW065912@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Fri May 22 20:52:36 2020 New Revision: 361404 URL: https://svnweb.freebsd.org/changeset/base/361404 Log: Remove a workaround for GCM requests with an empty payload. This was copied from ccr(4) (which does require the workaround), but is reportedly not needed for ccp(4). Discussed with: cem Sponsored by: Netflix Modified: head/sys/crypto/ccp/ccp.c Modified: head/sys/crypto/ccp/ccp.c ============================================================================== --- head/sys/crypto/ccp/ccp.c Fri May 22 19:09:43 2020 (r361403) +++ head/sys/crypto/ccp/ccp.c Fri May 22 20:52:36 2020 (r361404) @@ -113,67 +113,6 @@ ccp_populate_sglist(struct sglist *sg, struct cryptop return (error); } -/* - * Handle a GCM request with an empty payload by performing the - * operation in software. - */ -static void -ccp_gcm_soft(struct ccp_session *s, struct cryptop *crp) -{ - struct aes_gmac_ctx gmac_ctx; - char block[GMAC_BLOCK_LEN]; - char digest[GMAC_DIGEST_LEN]; - char iv[AES_BLOCK_LEN]; - int i, len; - - /* - * This assumes a 12-byte IV from the crp. See longer comment - * above in ccp_gcm() for more details. - */ - if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) { - crp->crp_etype = EINVAL; - goto out; - } - memcpy(iv, crp->crp_iv, 12); - *(uint32_t *)&iv[12] = htobe32(1); - - /* Initialize the MAC. */ - AES_GMAC_Init(&gmac_ctx); - AES_GMAC_Setkey(&gmac_ctx, s->blkcipher.enckey, s->blkcipher.key_len); - AES_GMAC_Reinit(&gmac_ctx, iv, sizeof(iv)); - - /* MAC the AAD. */ - for (i = 0; i < crp->crp_aad_length; i += sizeof(block)) { - len = imin(crp->crp_aad_length - i, sizeof(block)); - crypto_copydata(crp, crp->crp_aad_start + i, len, block); - bzero(block + len, sizeof(block) - len); - AES_GMAC_Update(&gmac_ctx, block, sizeof(block)); - } - - /* Length block. */ - bzero(block, sizeof(block)); - ((uint32_t *)block)[1] = htobe32(crp->crp_aad_length * 8); - AES_GMAC_Update(&gmac_ctx, block, sizeof(block)); - AES_GMAC_Final(digest, &gmac_ctx); - - if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { - crypto_copyback(crp, crp->crp_digest_start, sizeof(digest), - digest); - crp->crp_etype = 0; - } else { - char digest2[GMAC_DIGEST_LEN]; - - crypto_copydata(crp, crp->crp_digest_start, sizeof(digest2), - digest2); - if (timingsafe_bcmp(digest, digest2, sizeof(digest)) == 0) - crp->crp_etype = 0; - else - crp->crp_etype = EBADMSG; - } -out: - crypto_done(crp); -} - static int ccp_probe(device_t dev) { @@ -643,11 +582,6 @@ ccp_process(device_t dev, struct cryptop *crp, int hin error = ccp_authenc(qp, s, crp); break; case GCM: - if (crp->crp_payload_length == 0) { - mtx_unlock(&qp->cq_lock); - ccp_gcm_soft(s, crp); - return (0); - } if (s->pending != 0) { error = EAGAIN; break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005222052.04MKqbJW065912>