From owner-svn-src-head@freebsd.org  Sat Jun 23 17:24:20 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87B361027FF6;
 Sat, 23 Jun 2018 17:24:20 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 394A58B545;
 Sat, 23 Jun 2018 17:24:20 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1901312DBE;
 Sat, 23 Jun 2018 17:24:20 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5NHOJ8d024886;
 Sat, 23 Jun 2018 17:24:19 GMT (envelope-from cem@FreeBSD.org)
Received: (from cem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5NHOJWV024885;
 Sat, 23 Jun 2018 17:24:19 GMT (envelope-from cem@FreeBSD.org)
Message-Id: <201806231724.w5NHOJWV024885@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org
 using -f
From: Conrad Meyer <cem@FreeBSD.org>
Date: Sat, 23 Jun 2018 17:24:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r335583 - head/sys/crypto/aesni
X-SVN-Group: head
X-SVN-Commit-Author: cem
X-SVN-Commit-Paths: head/sys/crypto/aesni
X-SVN-Commit-Revision: 335583
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jun 2018 17:24:20 -0000

Author: cem
Date: Sat Jun 23 17:24:19 2018
New Revision: 335583
URL: https://svnweb.freebsd.org/changeset/base/335583

Log:
  aesni(4): Support CRD_F_KEY_EXPLICIT OCF mode
  
  PR:		227788
  Reported by:	eadler@

Modified:
  head/sys/crypto/aesni/aesni.c

Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c	Sat Jun 23 15:05:21 2018	(r335582)
+++ head/sys/crypto/aesni/aesni.c	Sat Jun 23 17:24:19 2018	(r335583)
@@ -555,24 +555,36 @@ MODULE_VERSION(aesni, 1);
 MODULE_DEPEND(aesni, crypto, 1, 1, 1);
 
 static int
+aesni_authprepare(struct aesni_session *ses, int klen, const void *cri_key)
+{
+	int keylen;
+
+	if (klen % 8 != 0)
+		return (EINVAL);
+	keylen = klen / 8;
+	if (keylen > sizeof(ses->hmac_key))
+		return (EINVAL);
+	if (ses->auth_algo == CRYPTO_SHA1 && keylen > 0)
+		return (EINVAL);
+	memcpy(ses->hmac_key, cri_key, keylen);
+	return (0);
+}
+
+static int
 aesni_cipher_setup(struct aesni_session *ses, struct cryptoini *encini,
     struct cryptoini *authini)
 {
 	struct fpu_kern_ctx *ctx;
-	int kt, ctxidx, keylen, error;
+	int kt, ctxidx, error;
 
 	switch (ses->auth_algo) {
 	case CRYPTO_SHA1:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_256_HMAC:
-		if (authini->cri_klen % 8 != 0)
-			return (EINVAL);
-		keylen = authini->cri_klen / 8;
-		if (keylen > sizeof(ses->hmac_key))
-			return (EINVAL);
-		if (ses->auth_algo == CRYPTO_SHA1 && keylen > 0)
-			return (EINVAL);
-		memcpy(ses->hmac_key, authini->cri_key, keylen);
+		error = aesni_authprepare(ses, authini->cri_klen,
+		    authini->cri_key);
+		if (error != 0)
+			return (error);
 		ses->mlen = authini->cri_mlen;
 	}
 
@@ -899,10 +911,18 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
 		struct sha1_ctxt sha1 __aligned(16);
 	} sctx;
 	uint32_t res[SHA2_256_HASH_LEN / sizeof(uint32_t)];
-	int hashlen;
+	int hashlen, error;
 
-	if (crd->crd_flags != 0)
+	if ((crd->crd_flags & ~CRD_F_KEY_EXPLICIT) != 0) {
+		CRYPTDEB("%s: Unsupported MAC flags: 0x%x", __func__,
+		    (crd->crd_flags & ~CRD_F_KEY_EXPLICIT));
 		return (EINVAL);
+	}
+	if ((crd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) {
+		error = aesni_authprepare(ses, crd->crd_klen, crd->crd_key);
+		if (error != 0)
+			return (error);
+	}
 
 	switch (ses->auth_algo) {
 	case CRYPTO_SHA1_HMAC: