Page MenuHomeFreeBSD

crypto: Permit variable-sized IVs for ciphers with a reinit hook.
ClosedPublic

Authored by jhb on Sep 24 2021, 6:04 PM.

Details

Summary

Add a 'len' argument to the reinit hook in 'struct enc_xform' to
permit support for AEAD ciphers such as AES-CCM and Chacha20-Poly1305
which support different nonce lengths.

Sponsored by: Chelsio Communications, The FreeBSD Foundation

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

sys/opencrypto/xform_aes_icm.c
117

I think it'd be a bit nicer to call it ivlen here and below.

sys/opencrypto/xform_aes_xts.c
93

Perhaps assert that AES_XTS_IVSIZE == len? Here and elsewhere where we don't actually handle a variable length IV. (I know that CCM gets updated in a follow-up commit.)

jhb marked 2 inline comments as done.Oct 1 2021, 8:10 PM
jhb added inline comments.
sys/opencrypto/xform_aes_xts.c
93

I've actually added assertions to all of the reinit routines.

jhb marked an inline comment as done.
  • Rename 'len' to 'ivlen' in a few places.
  • Add assertions for IV / nonce lengths.
markj added inline comments.
sys/crypto/chacha20/chacha-sw.c
21

Still len here, would be nice to be consistent.

sys/opencrypto/xform_aes_xts.c
80

Ditto.

sys/opencrypto/xform_chacha20_poly1305.c
53

And here.

This revision is now accepted and ready to land.Oct 6 2021, 2:03 AM
jhb marked 3 inline comments as done.Oct 6 2021, 8:01 PM