Page MenuHomeFreeBSD

Support AEAD requests with non-GCM algorithms.
ClosedPublic

Authored by jhb on Jul 27 2017, 9:50 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 1 2024, 10:41 AM
Unknown Object (File)
Sep 24 2024, 5:31 PM
Unknown Object (File)
Sep 18 2024, 3:53 PM
Unknown Object (File)
Sep 8 2024, 11:07 PM
Unknown Object (File)
Sep 8 2024, 8:51 PM
Unknown Object (File)
Sep 8 2024, 8:49 AM
Unknown Object (File)
Aug 28 2024, 7:46 AM
Unknown Object (File)
Aug 18 2024, 4:23 PM

Details

Summary

Support AEAD requests with non-GCM algorithms.

In particular, support chaining an AES cipher with an HMAC for a request
including AAD. This permits submitting requests from userland to encrypt
objects like IPSec packets or TLS frames using these algorithms.

In the non-GCM case, the authentication crypto descriptor covers both the
AAD and the ciphertext. The GCM case remains unchanged. This matches
the requests created internally in IPSec. For the non-GCM case, the
COP_F_CIPHER_FIRST is also supported since the ordering matters.

Test Plan
  • using the cryptocheck tool referenced before to submit chained requests combining AES-CBC, AES-CTR, and AES-XTS with SHA HMACs on both ccr and cryptosoft.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable