Page MenuHomeFreeBSD
Differential D33613

/dev/crypto: Minimize cipher-specific logic.
ClosedPublic
Actions

Authored by jhb on Dec 22 2021, 1:01 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jan 16, 2:42 PM
Unknown Object (File)
Nov 26 2024, 4:07 AM
Unknown Object (File)
Nov 26 2024, 4:02 AM
Unknown Object (File)
Nov 26 2024, 4:02 AM
Unknown Object (File)
Nov 26 2024, 3:53 AM
Unknown Object (File)
Nov 24 2024, 2:59 AM
Unknown Object (File)
Oct 29 2024, 8:13 AM
Unknown Object (File)
Oct 3 2024, 12:44 AM
View All 70 Files
Subscribers
imp
jmg

Details

Reviewers
markj
Commits
rGc3907ef4826f: /dev/crypto: Minimize cipher-specific logic.
Summary

Rather than duplicating the switches in crypto_auth_hash() and
crypto_cipher(), copy the algorithm constants from the new session
ioctl into a csp directly which permits using the functions in
crypto.c.

Sponsored by: Chelsio Communications

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Dec 22 2021, 1:01 AM
Herald added subscribers: jmg, imp. · View Herald TranscriptDec 22 2021, 1:01 AM
jhb requested review of this revision.Dec 22 2021, 1:01 AM
Harbormaster completed remote builds in B43536: Diff 100440.Dec 22 2021, 1:01 AM
jhb added a child revision: D33614: /dev/crypto: Store blocksize in cse rather than txform pointer..Dec 22 2021, 1:02 AM
jhb added inline comments.Dec 22 2021, 1:05 AM
sys/opencrypto/cryptodev.c
397–398

Almost worth exporting alg_is_aead from crypto.c for this check.

418

I don't really like this check, or at least, I think I'd like to move it into check_csp in crypto.c so that all calls to crypto_newsession validate the key lengths rather than the logic living here. The whole minkey/maxkey thing is kind of bonkers though as ciphers that accept more than one key size that we support all support discrete values (like AES) rather than an inclusive range.

438

Similarly, this check really belongs in check_csp I think.

457

Possibly worth adding an 'ivsize' member to 'struct auth_hash' to remove this special knowledge.

jhb added inline comments.Dec 22 2021, 1:07 AM
sys/opencrypto/cryptodev.c
397–398

I guess I could actually check 'txform->macsize' to determine if this is an AEAD cipher. Would just need to setup most of the rest of the csp before the mode.

markj accepted this revision.Dec 29 2021, 2:43 PM
markj added inline comments.
sys/opencrypto/cryptodev.c
397–398

Seems reasonable: we don't use the mode for most of the setup.

418

Should we add an array of valid key sizes to each txform?

uint16_t keysizes[CRYPTO_MAX_KEYSIZES] = { 16, 24, 32 };

and treat a keysize of zero as invalid.

I definitely agree that check_csp() is a better place to validate the key size.

This revision is now accepted and ready to land.Dec 29 2021, 2:43 PM
jhb added inline comments.Dec 30 2021, 12:51 AM
sys/opencrypto/cryptodev.c
438

Actually, this check is kind of bogus. You can pass larger keys in to a HMAC. The key is hashed and the result of that hash is used as the key. hmac_init_pad already handles this, so could probably just remove this particular check entirely.

Closed by commit rGc3907ef4826f: /dev/crypto: Minimize cipher-specific logic. (authored by jhb). · Explain WhyDec 30 2021, 1:51 AM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGc3907ef4826f: /dev/crypto: Minimize cipher-specific logic..

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
210 lines

Diff 100741

View Options

sys/opencrypto/cryptodev.c

Loading...