From owner-svn-src-head@freebsd.org Wed Jul 18 04:29:45 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F9E51033E40;
Wed, 18 Jul 2018 04:29:45 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
[IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mxrelay.nyi.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 12F6687265;
Wed, 18 Jul 2018 04:29:45 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DACE8154E2;
Wed, 18 Jul 2018 04:29:44 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6I4TiwY008799;
Wed, 18 Jul 2018 04:29:44 GMT (envelope-from cem@FreeBSD.org)
Received: (from cem@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6I4TimA008798;
Wed, 18 Jul 2018 04:29:44 GMT (envelope-from cem@FreeBSD.org)
Message-Id: <201807180429.w6I4TimA008798@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org
using -f
From: Conrad Meyer <cem@FreeBSD.org>
Date: Wed, 18 Jul 2018 04:29:44 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
svn-src-head@freebsd.org
Subject: svn commit: r336442 - head/sys/crypto/aesni
X-SVN-Group: head
X-SVN-Commit-Author: cem
X-SVN-Commit-Paths: head/sys/crypto/aesni
X-SVN-Commit-Revision: 336442
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
<svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 04:29:45 -0000
Author: cem
Date: Wed Jul 18 04:29:44 2018
New Revision: 336442
URL: https://svnweb.freebsd.org/changeset/base/336442
Log:
aesni(4): Abstract out hash/HMAC support
No functional change.
Verified with cryptocheck.
Modified:
head/sys/crypto/aesni/aesni.c
Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c Wed Jul 18 03:32:28 2018 (r336441)
+++ head/sys/crypto/aesni/aesni.c Wed Jul 18 04:29:44 2018 (r336442)
@@ -541,6 +541,12 @@ intel_sha1_update(void *vctx, const void *vdata, u_int
}
static void
+SHA1_Init_fn(void *ctx)
+{
+ sha1_init(ctx);
+}
+
+static void
SHA1_Finalize_fn(void *digest, void *ctx)
{
sha1_result(ctx, digest);
@@ -590,6 +596,12 @@ intel_sha256_update(void *vctx, const void *vdata, u_i
}
static void
+SHA256_Init_fn(void *ctx)
+{
+ SHA256_Init(ctx);
+}
+
+static void
SHA256_Finalize_fn(void *digest, void *ctx)
{
SHA256_Final(digest, ctx);
@@ -813,7 +825,13 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
} sctx;
uint32_t res[SHA2_256_HASH_LEN / sizeof(uint32_t)];
int hashlen, error;
+ void *ctx;
+ void (*InitFn)(void *);
+ int (*UpdateFn)(void *, const void *, unsigned);
+ void (*FinalizeFn)(void *, void *);
+ bool hmac;
+
if ((crd->crd_flags & ~CRD_F_KEY_EXPLICIT) != 0) {
CRYPTDEB("%s: Unsupported MAC flags: 0x%x", __func__,
(crd->crd_flags & ~CRD_F_KEY_EXPLICIT));
@@ -825,39 +843,26 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
return (error);
}
+ hmac = false;
switch (ses->auth_algo) {
case CRYPTO_SHA1_HMAC:
- hashlen = SHA1_HASH_LEN;
- /* Inner hash: (K ^ IPAD) || data */
- sha1_init(&sctx.sha1);
- hmac_internal(&sctx.sha1, res, intel_sha1_update,
- SHA1_Finalize_fn, ses->hmac_key, 0x36, crp->crp_buf,
- crd->crd_skip, crd->crd_len, crp->crp_flags);
- /* Outer hash: (K ^ OPAD) || inner hash */
- sha1_init(&sctx.sha1);
- hmac_internal(&sctx.sha1, res, intel_sha1_update,
- SHA1_Finalize_fn, ses->hmac_key, 0x5C, res, 0, hashlen, 0);
- break;
+ hmac = true;
+ /* FALLTHROUGH */
case CRYPTO_SHA1:
hashlen = SHA1_HASH_LEN;
- sha1_init(&sctx.sha1);
- crypto_apply(crp->crp_flags, crp->crp_buf, crd->crd_skip,
- crd->crd_len, __DECONST(int (*)(void *, void *, u_int),
- intel_sha1_update), &sctx.sha1);
- sha1_result(&sctx.sha1, (void *)res);
+ InitFn = SHA1_Init_fn;
+ UpdateFn = intel_sha1_update;
+ FinalizeFn = SHA1_Finalize_fn;
+ ctx = &sctx.sha1;
break;
+
case CRYPTO_SHA2_256_HMAC:
+ hmac = true;
hashlen = SHA2_256_HASH_LEN;
- /* Inner hash: (K ^ IPAD) || data */
- SHA256_Init(&sctx.sha2);
- hmac_internal(&sctx.sha2, res, intel_sha256_update,
- SHA256_Finalize_fn, ses->hmac_key, 0x36, crp->crp_buf,
- crd->crd_skip, crd->crd_len, crp->crp_flags);
- /* Outer hash: (K ^ OPAD) || inner hash */
- SHA256_Init(&sctx.sha2);
- hmac_internal(&sctx.sha2, res, intel_sha256_update,
- SHA256_Finalize_fn, ses->hmac_key, 0x5C, res, 0, hashlen,
- 0);
+ InitFn = SHA256_Init_fn;
+ UpdateFn = intel_sha256_update;
+ FinalizeFn = SHA256_Finalize_fn;
+ ctx = &sctx.sha2;
break;
default:
/*
@@ -865,6 +870,24 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
* enccrd
*/
return (0);
+ }
+
+ if (hmac) {
+ /* Inner hash: (K ^ IPAD) || data */
+ InitFn(ctx);
+ hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key,
+ 0x36, crp->crp_buf, crd->crd_skip, crd->crd_len,
+ crp->crp_flags);
+ /* Outer hash: (K ^ OPAD) || inner hash */
+ InitFn(ctx);
+ hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key,
+ 0x5C, res, 0, hashlen, 0);
+ } else {
+ InitFn(ctx);
+ crypto_apply(crp->crp_flags, crp->crp_buf, crd->crd_skip,
+ crd->crd_len, __DECONST(int (*)(void *, void *, u_int),
+ UpdateFn), ctx);
+ FinalizeFn(res, ctx);
}
if (ses->mlen != 0 && ses->mlen < hashlen)