Page MenuHomeFreeBSD

Add support to the crypto framework for separate AAD buffers.
ClosedPublic

Authored by jhb on Jun 15 2020, 10:48 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 4 2024, 7:08 PM
Unknown Object (File)
Jan 28 2024, 8:45 PM
Unknown Object (File)
Jan 28 2024, 8:45 PM
Unknown Object (File)
Jan 28 2024, 8:45 PM
Unknown Object (File)
Jan 28 2024, 8:28 PM
Unknown Object (File)
Dec 25 2023, 4:15 AM
Unknown Object (File)
Dec 20 2023, 6:29 AM
Unknown Object (File)
Nov 8 2023, 5:46 AM
Subscribers

Details

Summary

This permits requests to provide the AAD in a separate side buffer
instead of as a region in the crypto request input buffer. This is
useful when the main data buffer might not contain the full AAD
(e.g. for TLS or IPsec with ESN).

Unlike separate IVs which are constrained in size and stored in an
array in struct cryptop, separate AAD is provided by the caller
setting a new crp_aad pointer to the buffer. The caller must ensure
the pointer remains valid and the buffer contents static until the
request is completed (e.g. when the callback routine is invoked).

As with separate output buffers, not all drivers support this feature.
Consumers must request use of this feature via a new session flag.

To aid in driver testing, kern.crypto.cryptodev_separate_aad can be
set to force /dev/crypto requests to use a separate AAD buffer.

Test Plan
  • cryptocheck -a all -d soft -z for the 4 cases of separate output x separate aad via the kern.crypto.cryptodev_* sysctls

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 31727
Build 29295: arc lint + arc unit