Page MenuHomeFreeBSD

Add support to the crypto framework for separate AAD buffers.
ClosedPublic

Authored by jhb on Jun 15 2020, 10:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 23 2024, 4:07 AM
Unknown Object (File)
Oct 18 2024, 5:09 AM
Unknown Object (File)
Oct 6 2024, 10:55 AM
Unknown Object (File)
Oct 1 2024, 7:58 AM
Unknown Object (File)
Sep 19 2024, 8:44 AM
Unknown Object (File)
Aug 31 2024, 5:57 PM
Unknown Object (File)
Aug 17 2024, 11:05 AM
Unknown Object (File)
Aug 15 2024, 1:45 PM
Subscribers

Details

Summary

This permits requests to provide the AAD in a separate side buffer
instead of as a region in the crypto request input buffer. This is
useful when the main data buffer might not contain the full AAD
(e.g. for TLS or IPsec with ESN).

Unlike separate IVs which are constrained in size and stored in an
array in struct cryptop, separate AAD is provided by the caller
setting a new crp_aad pointer to the buffer. The caller must ensure
the pointer remains valid and the buffer contents static until the
request is completed (e.g. when the callback routine is invoked).

As with separate output buffers, not all drivers support this feature.
Consumers must request use of this feature via a new session flag.

To aid in driver testing, kern.crypto.cryptodev_separate_aad can be
set to force /dev/crypto requests to use a separate AAD buffer.

Test Plan
  • cryptocheck -a all -d soft -z for the 4 cases of separate output x separate aad via the kern.crypto.cryptodev_* sysctls

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 31727
Build 29295: arc lint + arc unit