From owner-svn-src-head@freebsd.org Fri Sep 22 00:15:55 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 450A8E02D90; Fri, 22 Sep 2017 00:15:55 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F60671866; Fri, 22 Sep 2017 00:15:55 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8M0Fs0f024462; Fri, 22 Sep 2017 00:15:54 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8M0FsJ9024461; Fri, 22 Sep 2017 00:15:54 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201709220015.v8M0FsJ9024461@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Fri, 22 Sep 2017 00:15:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r323889 - head/sys/opencrypto X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: head/sys/opencrypto X-SVN-Commit-Revision: 323889 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 00:15:55 -0000 Author: jhb Date: Fri Sep 22 00:15:54 2017 New Revision: 323889 URL: https://svnweb.freebsd.org/changeset/base/323889 Log: Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD. Software crypto implementations don't care how the buffer is laid out, but hardware implementations may assume that the AAD is always before the plain/cipher text and that the hash/tag is immediately after the end of the plain/cipher text. In particular, this arrangement matches the layout of both IPSec packets and TLS frames. Linux's crypto framework also assumes this layout for AEAD requests. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D11758 Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Thu Sep 21 23:32:44 2017 (r323888) +++ head/sys/opencrypto/cryptodev.c Fri Sep 22 00:15:54 2017 (r323889) @@ -898,7 +898,7 @@ cryptodev_aead( uio->uio_iov = &cse->iovec; uio->uio_iovcnt = 1; uio->uio_offset = 0; - uio->uio_resid = caead->len + caead->aadlen + cse->thash->hashsize; + uio->uio_resid = caead->aadlen + caead->len + cse->thash->hashsize; uio->uio_segflg = UIO_SYSSPACE; uio->uio_rw = UIO_WRITE; uio->uio_td = td; @@ -916,17 +916,17 @@ cryptodev_aead( crda = crp->crp_desc; crde = crda->crd_next; - if ((error = copyin(caead->src, cse->uio.uio_iov[0].iov_base, - caead->len))) + if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base, + caead->aadlen))) goto bail; - if ((error = copyin(caead->aad, (char *)cse->uio.uio_iov[0].iov_base + - caead->len, caead->aadlen))) + if ((error = copyin(caead->src, (char *)cse->uio.uio_iov[0].iov_base + + caead->aadlen, caead->len))) goto bail; - crda->crd_skip = caead->len; + crda->crd_skip = 0; crda->crd_len = caead->aadlen; - crda->crd_inject = caead->len + caead->aadlen; + crda->crd_inject = caead->aadlen + caead->len; crda->crd_alg = cse->mac; crda->crd_key = cse->mackey; @@ -936,15 +936,15 @@ cryptodev_aead( crde->crd_flags |= CRD_F_ENCRYPT; else crde->crd_flags &= ~CRD_F_ENCRYPT; - /* crde->crd_skip set below */ + crde->crd_skip = caead->aadlen; crde->crd_len = caead->len; - crde->crd_inject = 0; + crde->crd_inject = caead->aadlen; crde->crd_alg = cse->cipher; crde->crd_key = cse->key; crde->crd_klen = cse->keylen * 8; - crp->crp_ilen = caead->len + caead->aadlen; + crp->crp_ilen = caead->aadlen + caead->len; crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM | (caead->flags & COP_F_BATCH); crp->crp_buf = (caddr_t)&cse->uio.uio_iov; @@ -962,10 +962,9 @@ cryptodev_aead( goto bail; bcopy(cse->tmp_iv, crde->crd_iv, caead->ivlen); crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; - crde->crd_skip = 0; } else { crde->crd_flags |= CRD_F_IV_PRESENT; - crde->crd_skip = cse->txform->blocksize; + crde->crd_skip += cse->txform->blocksize; crde->crd_len -= cse->txform->blocksize; } @@ -1005,12 +1004,13 @@ again: goto bail; } - if (caead->dst && (error = copyout(cse->uio.uio_iov[0].iov_base, - caead->dst, caead->len))) + if (caead->dst && (error = copyout( + (caddr_t)cse->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst, + caead->len))) goto bail; if ((error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base + - caead->len + caead->aadlen, caead->tag, cse->thash->hashsize))) + caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) goto bail; bail: