Page MenuHomeFreeBSD
Differential D11758

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
ClosedPublic
Actions

Authored by jhb on Jul 27 2017, 9:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Sep 12, 10:34 PM
Unknown Object (File)
Fri, Sep 12, 7:55 PM
Unknown Object (File)
Wed, Sep 10, 8:42 PM
Unknown Object (File)
Wed, Sep 10, 6:59 PM
Unknown Object (File)
Aug 23 2025, 12:55 AM
Unknown Object (File)
Aug 14 2025, 10:36 PM
Unknown Object (File)
Jul 28 2025, 10:54 PM
Unknown Object (File)
Jul 28 2025, 3:44 PM
View All 69 Files
Subscribers
cperciva
jmg
np
pjd
secteam

Details

Reviewers
cem
Commits
rS323889: Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
Summary

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.

Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames. Linux's crypto framework also assumes this layout for
AEAD requests.

Test Plan
  • tested IPSec-like requests using the cryptocheck tool against the Chelsio ccr(4) driver and out-of-tree Intel qat(4) driver. Also verified no regressions with aesni0 or cryptosoft
  • note that I hacked ccr(4) to play crazy games with sglists to work around this issue (it will construct a S/G list that places the AAD first), but it is non-ideal as it results in more complicated S/G lists

Diff Detail

Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 10707
Build 11107: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
30 lines

Diff 31276

View Options

sys/opencrypto/cryptodev.c

Loading...