Page MenuHomeFreeBSD
Differential D11759

Support AEAD requests with non-GCM algorithms.
ClosedPublic
Actions

Authored by jhb on Jul 27 2017, 9:50 PM.
Tags
None
Referenced Files
F133208245: D11759.diff
Thu, Oct 23, 11:48 PM
Unknown Object (File)
Sep 23 2025, 10:13 AM
Unknown Object (File)
Sep 9 2025, 3:31 AM
Unknown Object (File)
Sep 3 2025, 9:35 PM
Unknown Object (File)
Sep 3 2025, 7:36 AM
Unknown Object (File)
Aug 25 2025, 10:10 AM
Unknown Object (File)
Aug 20 2025, 8:02 AM
Unknown Object (File)
Aug 14 2025, 11:56 PM
View All 73 Files
Subscribers
cperciva
jmg
np
pjd
secteam

Details

Reviewers
cem
Commits
rS323892: Support AEAD requests with non-GCM algorithms.
Summary

Support AEAD requests with non-GCM algorithms.

In particular, support chaining an AES cipher with an HMAC for a request
including AAD. This permits submitting requests from userland to encrypt
objects like IPSec packets or TLS frames using these algorithms.

In the non-GCM case, the authentication crypto descriptor covers both the
AAD and the ciphertext. The GCM case remains unchanged. This matches
the requests created internally in IPSec. For the non-GCM case, the
COP_F_CIPHER_FIRST is also supported since the ordering matters.

Test Plan
  • using the cryptocheck tool referenced before to submit chained requests combining AES-CBC, AES-CTR, and AES-XTS with SHA HMACs on both ccr and cryptosoft.

Diff Detail

Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 10708
Build 11108: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
19 lines

Diff 31277

View Options

sys/opencrypto/cryptodev.c

Loading...