Index: head/share/man/man9/Makefile =================================================================== --- head/share/man/man9/Makefile +++ head/share/man/man9/Makefile @@ -904,6 +904,7 @@ crypto_driver.9 crypto_done.9 \ crypto_driver.9 crypto_get_driverid.9 \ crypto_driver.9 crypto_get_driver_session.9 \ + crypto_driver.9 crypto_read_iv.9 \ crypto_driver.9 crypto_unblock.9 \ crypto_driver.9 crypto_unregister_all.9 \ crypto_driver.9 CRYPTODEV_FREESESSION.9 \ Index: head/share/man/man9/crypto_driver.9 =================================================================== --- head/share/man/man9/crypto_driver.9 +++ head/share/man/man9/crypto_driver.9 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 27, 2020 +.Dd April 20, 2020 .Dt CRYPTO_DRIVER 9 .Os .Sh NAME @@ -62,6 +62,8 @@ .Fn crypto_get_driverid "device_t dev" "size_t session_size" "int flags" .Ft void * .Fn crypto_get_driver_session "crypto_session_t crypto_session" +.Ft void +.Fn crypto_read_iv "struct cryptop *crp" "void *iv" .Ft int .Fn crypto_unblock "uint32_t driverid" "int what" .Ft int @@ -260,6 +262,12 @@ The bytes are written starting at an offset of .Fa off bytes in the request's data buffer. +.Pp +.Fn crypto_read_iv +copies the IV or nonce for +.Fa crp +into the the local buffer pointed to by +.Fa iv . .Pp A driver calls .Fn crypto_done Index: head/share/man/man9/crypto_request.9 =================================================================== --- head/share/man/man9/crypto_request.9 +++ head/share/man/man9/crypto_request.9 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 27, 2020 +.Dd April 20, 2020 .Dt CRYPTO_REQUEST 9 .Os .Sh NAME @@ -225,16 +225,6 @@ and .Fa crp_digest_start should be left as zero. -.Pp -An encryption request using an IV stored in the IV region may set -.Dv CRYPTO_F_IV_GENERATE -in -.Fa crp_flags -to request that the driver generate a random IV. -Note that -.Dv CRYPTO_F_IV_GENERATE -cannot be used with decryption operations or in combination with -.Dv CRYPTO_F_IV_SEPARATE . .Pp Requests that store part, but not all, of the IV in the data buffer should store the partial IV in the data buffer and pass the full IV separately in Index: head/sys/crypto/aesni/aesni.c =================================================================== --- head/sys/crypto/aesni/aesni.c +++ head/sys/crypto/aesni/aesni.c @@ -704,14 +704,7 @@ aesni_cipher_setup_common(ses, csp, crp->crp_cipher_key, csp->csp_cipher_klen); - /* Setup iv */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); + crypto_read_iv(crp, iv); switch (csp->csp_cipher_alg) { case CRYPTO_AES_CBC: Index: head/sys/crypto/armv8/armv8_crypto.c =================================================================== --- head/sys/crypto/armv8/armv8_crypto.c +++ head/sys/crypto/armv8/armv8_crypto.c @@ -335,14 +335,7 @@ panic("armv8: new cipher key"); } - /* Setup iv */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); + crypto_read_iv(crp, iv); /* Do work */ switch (csp->csp_cipher_alg) { Index: head/sys/crypto/ccp/ccp_hardware.c =================================================================== --- head/sys/crypto/ccp/ccp_hardware.c +++ head/sys/crypto/ccp/ccp_hardware.c @@ -1353,13 +1353,7 @@ char *iv) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); + crypto_read_iv(crp, iv); /* * If the input IV is 12 bytes, append an explicit counter of 1. Index: head/sys/crypto/via/padlock_cipher.c =================================================================== --- head/sys/crypto/via/padlock_cipher.c +++ head/sys/crypto/via/padlock_cipher.c @@ -209,13 +209,7 @@ cw->cw_filler2 = 0; cw->cw_filler3 = 0; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, AES_BLOCK_LEN, 0); - crypto_copyback(crp, crp->crp_iv_start, AES_BLOCK_LEN, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, AES_BLOCK_LEN); - else - crypto_copydata(crp, crp->crp_iv_start, AES_BLOCK_LEN, iv); + crypto_read_iv(crp, iv); if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { cw->cw_direction = PADLOCK_DIRECTION_ENCRYPT; Index: head/sys/dev/cesa/cesa.c =================================================================== --- head/sys/dev/cesa/cesa.c +++ head/sys/dev/cesa/cesa.c @@ -1791,17 +1791,8 @@ CESA_LOCK(sc, sessions); cesa_sync_desc(sc, BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); - if (csp->csp_cipher_alg != 0) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(cr->cr_csd->csd_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - cr->cr_csd->csd_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(cr->cr_csd->csd_iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - cr->cr_csd->csd_iv); - } + if (csp->csp_cipher_alg != 0) + crypto_read_iv(crp, cr->cr_csd->csd_iv); if (crp->crp_cipher_key != NULL) { memcpy(cs->cs_key, crp->crp_cipher_key, Index: head/sys/dev/cxgbe/crypto/t4_crypto.c =================================================================== --- head/sys/dev/cxgbe/crypto/t4_crypto.c +++ head/sys/dev/cxgbe/crypto/t4_crypto.c @@ -665,19 +665,7 @@ crwr = wrtod(wr); memset(crwr, 0, wr_len); - /* - * Read the existing IV from the request or generate a random - * one if none is provided. - */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, s->blkcipher.iv_len, 0); - crypto_copyback(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, s->blkcipher.iv_len); - else - crypto_copydata(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); + crypto_read_iv(crp, iv); /* Zero the remainder of the IV for AES-XTS. */ memset(iv + s->blkcipher.iv_len, 0, iv_len - s->blkcipher.iv_len); @@ -968,19 +956,7 @@ crwr = wrtod(wr); memset(crwr, 0, wr_len); - /* - * Read the existing IV from the request or generate a random - * one if none is provided. - */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, s->blkcipher.iv_len, 0); - crypto_copyback(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, s->blkcipher.iv_len); - else - crypto_copydata(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); + crypto_read_iv(crp, iv); /* Zero the remainder of the IV for AES-XTS. */ memset(iv + s->blkcipher.iv_len, 0, iv_len - s->blkcipher.iv_len); Index: head/sys/dev/glxsb/glxsb.c =================================================================== --- head/sys/dev/glxsb/glxsb.c +++ head/sys/dev/glxsb/glxsb.c @@ -659,13 +659,7 @@ else control = SB_CTL_DEC; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(op_iv, sizeof(op_iv), 0); - crypto_copyback(crp, crp->crp_iv_start, sizeof(op_iv), op_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(op_iv, crp->crp_iv, sizeof(op_iv)); - else - crypto_copydata(crp, crp->crp_iv_start, sizeof(op_iv), op_iv); + crypto_read_iv(crp, op_iv); offset = 0; tlen = crp->crp_payload_length; Index: head/sys/dev/hifn/hifn7751.c =================================================================== --- head/sys/dev/hifn/hifn7751.c +++ head/sys/dev/hifn/hifn7751.c @@ -2431,7 +2431,7 @@ struct hifn_softc *sc = device_get_softc(dev); struct hifn_command *cmd = NULL; const void *mackey; - int err, ivlen, keylen; + int err, keylen; struct hifn_session *ses; ses = crypto_get_driver_session(crp->crp_session); @@ -2485,18 +2485,8 @@ err = EINVAL; goto errout; } - if (csp->csp_cipher_alg != CRYPTO_ARC4) { - ivlen = csp->csp_ivlen; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(cmd->iv, ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, ivlen, - cmd->iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(cmd->iv, crp->crp_iv, ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, ivlen, - cmd->iv); - } + if (csp->csp_cipher_alg != CRYPTO_ARC4) + crypto_read_iv(crp, cmd->iv); if (crp->crp_cipher_key != NULL) cmd->ck = crp->crp_cipher_key; Index: head/sys/dev/safe/safe.c =================================================================== --- head/sys/dev/safe/safe.c +++ head/sys/dev/safe/safe.c @@ -894,16 +894,7 @@ * in the state record and set the hash/crypt offset to * copy both the header+IV. */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(re->re_sastate.sa_saved_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - re->re_sastate.sa_saved_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(re->re_sastate.sa_saved_iv, crp->crp_iv, - csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - re->re_sastate.sa_saved_iv); + crypto_read_iv(crp, re->re_sastate.sa_saved_iv); cmd0 |= SAFE_SA_CMD0_IVLD_STATE; if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { Index: head/sys/dev/sec/sec.c =================================================================== --- head/sys/dev/sec/sec.c +++ head/sys/dev/sec/sec.c @@ -1285,18 +1285,8 @@ desc->sd_error = 0; desc->sd_crp = crp; - if (csp->csp_cipher_alg != 0) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(desc->sd_desc->shd_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - desc->sd_desc->shd_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(desc->sd_desc->shd_iv, crp->crp_iv, - csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - desc->sd_desc->shd_iv); - } + if (csp->csp_cipher_alg != 0) + crypto_read_iv(crp, desc->sd_desc->shd_iv); if (crp->crp_cipher_key != NULL) memcpy(ses->ss_key, crp->crp_cipher_key, csp->csp_cipher_klen); Index: head/sys/dev/ubsec/ubsec.c =================================================================== --- head/sys/dev/ubsec/ubsec.c +++ head/sys/dev/ubsec/ubsec.c @@ -1043,15 +1043,7 @@ ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES); - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(ctx.pc_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, - csp->csp_ivlen, ctx.pc_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(ctx.pc_iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - ctx.pc_iv); + crypto_read_iv(crp, ctx.pc_iv); if (!CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND); Index: head/sys/mips/cavium/cryptocteon/cryptocteon.c =================================================================== --- head/sys/mips/cavium/cryptocteon/cryptocteon.c +++ head/sys/mips/cavium/cryptocteon/cryptocteon.c @@ -365,12 +365,7 @@ } if (csp->csp_cipher_alg != 0) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv_data, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - iv_data); - ivp = iv_data; - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) + if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) ivp = crp->crp_iv; else { crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, Index: head/sys/mips/nlm/dev/sec/nlmsec.c =================================================================== --- head/sys/mips/nlm/dev/sec/nlmsec.c +++ head/sys/mips/nlm/dev/sec/nlmsec.c @@ -470,11 +470,7 @@ crp = cmd->crp; if (csp->csp_cipher_alg != CRYPTO_ARC4) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(cmd->iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - cmd->iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) + if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) memcpy(cmd->iv, crp->crp_iv, csp->csp_ivlen); } } Index: head/sys/opencrypto/crypto.c =================================================================== --- head/sys/opencrypto/crypto.c +++ head/sys/opencrypto/crypto.c @@ -1280,14 +1280,6 @@ ("invalid ETA op %x", crp->crp_op)); break; } - KASSERT((crp->crp_flags & CRYPTO_F_IV_GENERATE) == 0 || - crp->crp_op == CRYPTO_OP_ENCRYPT || - crp->crp_op == (CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST), - ("IV_GENERATE set for non-encryption operation %x", crp->crp_op)); - KASSERT((crp->crp_flags & - (CRYPTO_F_IV_SEPARATE | CRYPTO_F_IV_GENERATE)) != - (CRYPTO_F_IV_SEPARATE | CRYPTO_F_IV_GENERATE), - ("crp with both IV_SEPARATE and IV_GENERATE set")); KASSERT(crp->crp_buf_type >= CRYPTO_BUF_CONTIG && crp->crp_buf_type <= CRYPTO_BUF_MBUF, ("invalid crp buffer type %d", crp->crp_buf_type)); @@ -1305,9 +1297,8 @@ ("AAD region in request not supporting AAD")); } if (csp->csp_ivlen == 0) { - KASSERT((crp->crp_flags & - (CRYPTO_F_IV_SEPARATE | CRYPTO_F_IV_GENERATE)) == 0, - ("IV_GENERATE or IV_SEPARATE set when IV isn't used")); + KASSERT((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0, + ("IV_SEPARATE set when IV isn't used")); KASSERT(crp->crp_iv_start == 0, ("crp_iv_start set when IV isn't used")); } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) { @@ -1360,8 +1351,6 @@ #ifdef INVARIANTS crp_sanity(crp); #endif - - /* TODO: Handle CRYPTO_F_IV_GENERATE so drivers don't have to. */ cryptostats.cs_ops++; Index: head/sys/opencrypto/cryptodev.h =================================================================== --- head/sys/opencrypto/cryptodev.h +++ head/sys/opencrypto/cryptodev.h @@ -454,7 +454,6 @@ * if CRYPTO_F_ASYNC flags is set */ #define CRYPTO_F_IV_SEPARATE 0x0200 /* Use crp_iv[] as IV. */ -#define CRYPTO_F_IV_GENERATE 0x0400 /* Generate a random IV and store. */ int crp_op; @@ -610,6 +609,18 @@ int (*f)(void *, void *, u_int), void *arg); void *crypto_contiguous_subsegment(struct cryptop *crp, size_t skip, size_t len); + +static __inline void +crypto_read_iv(struct cryptop *crp, void *iv) +{ + const struct crypto_session_params *csp; + + csp = crypto_get_params(crp->crp_session); + if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) + memcpy(iv, crp->crp_iv, csp->csp_ivlen); + else + crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); +} #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ Index: head/sys/opencrypto/cryptosoft.c =================================================================== --- head/sys/opencrypto/cryptosoft.c +++ head/sys/opencrypto/cryptosoft.c @@ -133,14 +133,7 @@ (crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) return (EINVAL); - /* IV explicitly provided ? */ - if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - bcopy(crp->crp_iv, iv, ivlen); - else if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, ivlen, iv); - } else - crypto_copydata(crp, crp->crp_iv_start, ivlen, iv); + crypto_read_iv(crp, iv); if (crp->crp_cipher_key != NULL) { if (sw->sw_kschedule) @@ -510,15 +503,9 @@ bcopy(swa->sw_ictx, &ctx, axf->ctxsize); blksz = axf->blocksize; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) - return (EINVAL); - /* Initialize the IV */ ivlen = AES_GCM_IV_LEN; - if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - bcopy(crp->crp_iv, iv, ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, ivlen, iv); + crypto_read_iv(crp, iv); axf->Reinit(&ctx, iv, ivlen); for (i = 0; i < crp->crp_payload_length; i += blksz) { @@ -669,15 +656,9 @@ bcopy(swa->sw_ictx, &ctx, axf->ctxsize); blksz = axf->blocksize; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) - return (EINVAL); - /* Initialize the IV */ ivlen = AES_CCM_IV_LEN; - if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - bcopy(crp->crp_iv, iv, ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, ivlen, iv); + crypto_read_iv(crp, iv); /* * AES CCM-CBC-MAC needs to know the length of both the auth