Date: Mon, 22 Jun 2020 23:41:34 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362519 - head/sys/dev/cxgbe/crypto Message-ID: <202006222341.05MNfY57032508@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Mon Jun 22 23:41:33 2020 New Revision: 362519 URL: https://svnweb.freebsd.org/changeset/base/362519 Log: Add support for requests with separate AAD to ccr(4). Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25290 Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c ============================================================================== --- head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Jun 22 23:22:13 2020 (r362518) +++ head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Jun 22 23:41:33 2020 (r362519) @@ -387,7 +387,6 @@ ccr_write_ulptx_sgl(struct ccr_softc *sc, void *dst, i usgl->sge[i / 2].addr[i & 1] = htobe64(ss->ss_paddr); ss++; } - } static bool @@ -919,8 +918,13 @@ ccr_eta(struct ccr_softc *sc, struct ccr_session *s, s imm_len = 0; sglist_reset(sc->sg_ulptx); if (crp->crp_aad_length != 0) { - error = sglist_append_sglist(sc->sg_ulptx, sc->sg_input, - crp->crp_aad_start, crp->crp_aad_length); + if (crp->crp_aad != NULL) + error = sglist_append(sc->sg_ulptx, + crp->crp_aad, crp->crp_aad_length); + else + error = sglist_append_sglist(sc->sg_ulptx, + sc->sg_input, crp->crp_aad_start, + crp->crp_aad_length); if (error) return (error); } @@ -938,11 +942,7 @@ ccr_eta(struct ccr_softc *sc, struct ccr_session *s, s sgl_len = ccr_ulptx_sgl_len(sgl_nsegs); } - /* - * Any auth-only data before the cipher region is marked as AAD. - * Auth-data that overlaps with the cipher region is placed in - * the auth section. - */ + /* Any AAD comes after the IV. */ if (crp->crp_aad_length != 0) { aad_start = iv_len + 1; aad_stop = aad_start + crp->crp_aad_length - 1; @@ -1054,8 +1054,11 @@ ccr_eta(struct ccr_softc *sc, struct ccr_session *s, s dst += iv_len; if (imm_len != 0) { if (crp->crp_aad_length != 0) { - crypto_copydata(crp, crp->crp_aad_start, - crp->crp_aad_length, dst); + if (crp->crp_aad != NULL) + memcpy(dst, crp->crp_aad, crp->crp_aad_length); + else + crypto_copydata(crp, crp->crp_aad_start, + crp->crp_aad_length, dst); dst += crp->crp_aad_length; } crypto_copydata(crp, crp->crp_payload_start, @@ -1224,8 +1227,13 @@ ccr_gcm(struct ccr_softc *sc, struct ccr_session *s, s imm_len = 0; sglist_reset(sc->sg_ulptx); if (crp->crp_aad_length != 0) { - error = sglist_append_sglist(sc->sg_ulptx, sc->sg_input, - crp->crp_aad_start, crp->crp_aad_length); + if (crp->crp_aad != NULL) + error = sglist_append(sc->sg_ulptx, + crp->crp_aad, crp->crp_aad_length); + else + error = sglist_append_sglist(sc->sg_ulptx, + sc->sg_input, crp->crp_aad_start, + crp->crp_aad_length); if (error) return (error); } @@ -1337,8 +1345,11 @@ ccr_gcm(struct ccr_softc *sc, struct ccr_session *s, s dst += iv_len; if (imm_len != 0) { if (crp->crp_aad_length != 0) { - crypto_copydata(crp, crp->crp_aad_start, - crp->crp_aad_length, dst); + if (crp->crp_aad != NULL) + memcpy(dst, crp->crp_aad, crp->crp_aad_length); + else + crypto_copydata(crp, crp->crp_aad_start, + crp->crp_aad_length, dst); dst += crp->crp_aad_length; } crypto_copydata(crp, crp->crp_payload_start, @@ -1438,11 +1449,24 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *cr axf->Reinit(auth_ctx, iv, sizeof(iv)); /* MAC the AAD. */ - for (i = 0; i < crp->crp_aad_length; i += sizeof(block)) { - len = imin(crp->crp_aad_length - i, sizeof(block)); - crypto_copydata(crp, crp->crp_aad_start + i, len, block); - bzero(block + len, sizeof(block) - len); - axf->Update(auth_ctx, block, sizeof(block)); + if (crp->crp_aad != NULL) { + len = rounddown(crp->crp_aad_length, sizeof(block)); + if (len != 0) + axf->Update(auth_ctx, crp->crp_aad, len); + if (crp->crp_aad_length != len) { + memset(block, 0, sizeof(block)); + memcpy(block, (char *)crp->crp_aad + len, + crp->crp_aad_length - len); + axf->Update(auth_ctx, block, sizeof(block)); + } + } else { + for (i = 0; i < crp->crp_aad_length; i += sizeof(block)) { + len = imin(crp->crp_aad_length - i, sizeof(block)); + crypto_copydata(crp, crp->crp_aad_start + i, len, + block); + bzero(block + len, sizeof(block) - len); + axf->Update(auth_ctx, block, sizeof(block)); + } } exf->reinit(kschedule, iv); @@ -1679,8 +1703,13 @@ ccr_ccm(struct ccr_softc *sc, struct ccr_session *s, s sglist_reset(sc->sg_ulptx); if (crp->crp_aad_length != 0) { - error = sglist_append_sglist(sc->sg_ulptx, sc->sg_input, - crp->crp_aad_start, crp->crp_aad_length); + if (crp->crp_aad != NULL) + error = sglist_append(sc->sg_ulptx, + crp->crp_aad, crp->crp_aad_length); + else + error = sglist_append_sglist(sc->sg_ulptx, + sc->sg_input, crp->crp_aad_start, + crp->crp_aad_length); if (error) return (error); } @@ -1788,8 +1817,11 @@ ccr_ccm(struct ccr_softc *sc, struct ccr_session *s, s if (sgl_nsegs == 0) { dst += b0_len; if (crp->crp_aad_length != 0) { - crypto_copydata(crp, crp->crp_aad_start, - crp->crp_aad_length, dst); + if (crp->crp_aad != NULL) + memcpy(dst, crp->crp_aad, crp->crp_aad_length); + else + crypto_copydata(crp, crp->crp_aad_start, + crp->crp_aad_length, dst); dst += crp->crp_aad_length; } crypto_copydata(crp, crp->crp_payload_start, @@ -1905,12 +1937,14 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *cr axf->Reinit(auth_ctx, iv, sizeof(iv)); /* MAC the AAD. */ - for (i = 0; i < crp->crp_aad_length; i += sizeof(block)) { - len = imin(crp->crp_aad_length - i, sizeof(block)); - crypto_copydata(crp, crp->crp_aad_start + i, len, block); - bzero(block + len, sizeof(block) - len); - axf->Update(auth_ctx, block, sizeof(block)); - } + if (crp->crp_aad != NULL) + error = axf->Update(auth_ctx, crp->crp_aad, + crp->crp_aad_length); + else + error = crypto_apply(crp, crp->crp_aad_start, + crp->crp_aad_length, axf->Update, auth_ctx); + if (error) + goto out; exf->reinit(kschedule, iv); @@ -2339,7 +2373,8 @@ ccr_probesession(device_t dev, const struct crypto_ses { unsigned int cipher_mode; - if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT)) != 0) + if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != + 0) return (EINVAL); switch (csp->csp_mode) { case CSP_MODE_DIGEST:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006222341.05MNfY57032508>