Page MenuHomeFreeBSD
Differential D33756

cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.
ClosedPublic
Actions

Authored by jhb on Jan 5 2022, 10:14 PM.
Tags
None
Referenced Files
F148506404: D33756.id101330.diff
Wed, Mar 18, 8:05 AM
F148461347: D33756.id101017.diff
Wed, Mar 18, 1:24 AM
Unknown Object (File)
Sat, Mar 14, 11:56 AM
Unknown Object (File)
Fri, Mar 13, 11:51 PM
Unknown Object (File)
Mon, Mar 9, 5:29 PM
Unknown Object (File)
Sat, Mar 7, 2:30 PM
Unknown Object (File)
Wed, Mar 4, 7:43 AM
Unknown Object (File)
Sat, Feb 28, 5:25 PM
View All Files
Subscribers
imp
jmg

Details

Reviewers
markj
Commits
rGa221a8f4a0de: cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.
Summary

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Jan 5 2022, 10:14 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptJan 5 2022, 10:14 PM
jhb requested review of this revision.Jan 5 2022, 10:14 PM
Harbormaster completed remote builds in B43725: Diff 101017.Jan 5 2022, 10:14 PM
jhb added a parent revision: D33755: swcr_encdec: Rename blks to blksz..Jan 5 2022, 10:14 PM
jhb added a child revision: D33757: cryptosoft: Use multi-block encrypt/decrypt for AES-CCM..
markj accepted this revision.Jan 6 2022, 3:09 PM
markj added inline comments.
sys/opencrypto/cryptosoft.c
444–447
460
488

Couldn't this be a for-loop as well? for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo)

535

Suppose todo == inlen, so the current input segment is a multiple of the block size. Then, on the next iteration we'll bounce the first block of the next segment through blk, even though that's not necessarily required. I don't think there's a correctness problem there, just seems suboptimal.

572

Again, seems like this should be a for-loop.

603

Same comment about not reloading the segment if outlen == 0 after subtracting todo.

This revision is now accepted and ready to land.Jan 6 2022, 3:09 PM
markj mentioned this in D33757: cryptosoft: Use multi-block encrypt/decrypt for AES-CCM..Jan 6 2022, 3:16 PM
jhb marked 2 inline comments as done.Jan 6 2022, 7:21 PM
jhb added inline comments.
sys/opencrypto/cryptosoft.c
488

I did this more to match swcr_encdec(), but I could make it a for loop. I think I want all of them to be the same though, so I might go back and adjust swcr_encdec() then.

535

I think in the chacha20_poly1305 case I noticed this and fixed it. Part of the problem is that the GCM update routine wants blocks except for the last update. I think though I could handle this case by just checking for 'inlen == todo' here.

jhb added inline comments.Jan 6 2022, 8:35 PM
sys/opencrypto/cryptosoft.c
535

Actually, this suboptimal behavior is present even in swcr_encdec(), so I will have to go back and fix them all.

jhb updated this revision to Diff 101063.Jan 6 2022, 9:55 PM
  • Use for loop instead of while.
  • Handle boundary conditions when segment ends on a block boundary.
This revision now requires review to proceed.Jan 6 2022, 9:55 PM
Harbormaster completed remote builds in B43745: Diff 101063.Jan 6 2022, 9:55 PM
markj accepted this revision.Jan 7 2022, 2:11 PM
This revision is now accepted and ready to land.Jan 7 2022, 2:11 PM
Closed by commit rGa221a8f4a0de: cryptosoft: Use multi-block encrypt/decrypt for AES-GCM. (authored by jhb). · Explain WhyJan 11 2022, 10:39 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGa221a8f4a0de: cryptosoft: Use multi-block encrypt/decrypt for AES-GCM..

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
130 lines

Diff 101330

View Options

sys/opencrypto/cryptosoft.c

Loading...