D22365.id64312.diff
View Options

	Index: sys/crypto/aesni/aesni.c
	===================================================================
	--- sys/crypto/aesni/aesni.c
	+++ sys/crypto/aesni/aesni.c
	@@ -206,6 +206,10 @@
	crypto_register(sc->cid, CRYPTO_SHA2_256, 0, 0);
	crypto_register(sc->cid, CRYPTO_SHA2_256_HMAC, 0, 0);
	}
	+
	+ /* Support for Extended Sequence Number */
	+ crypto_register(sc->cid, CRYPTO_ESN, 0, 0);
	+
	return (0);
	}

	@@ -302,6 +306,9 @@
	}
	authini = cri;
	break;
	+ case CRYPTO_ESN:
	+ /* Nothing to do here */
	+ break;
	default:
	unhandled:
	CRYPTDEB("unhandled algorithm");
	@@ -434,18 +441,43 @@
	bool *allocated)
	{
	uint8_t *addr;
	+ int totallen, iskip, oskip;

	+ totallen = iskip = oskip = 0;
	+
	+ if (!(enccrd->crd_flags & CRD_F_ESN)) {
	addr = crypto_contiguous_subsegment(crp->crp_flags,
	crp->crp_buf, enccrd->crd_skip, enccrd->crd_len);
	if (addr != NULL) {
	*allocated = false;
	return (addr);
	}
	- addr = malloc(enccrd->crd_len, M_AESNI, M_NOWAIT);
	+ }
	+
	+ totallen = enccrd->crd_len;
	+ if (enccrd->crd_flags & CRD_F_ESN)
	+ totallen += 4;
	+
	+ addr = malloc(totallen, M_AESNI, M_NOWAIT);
	if (addr != NULL) {
	*allocated = true;
	- crypto_copydata(crp->crp_flags, crp->crp_buf, enccrd->crd_skip,
	- enccrd->crd_len, addr);
	+ if (enccrd->crd_flags & CRD_F_ESN) {
	+ /*
	+ * According to RFC4106, AAD in GCM mode consists of
	+ * data that are not encrypted: SPI,
	+ * ESN (only when enabled) and Sequence number
	+ */
	+ /* SPI */
	+ crypto_copydata(crp->crp_flags, crp->crp_buf,
	+ enccrd->crd_skip, 4, addr);
	+ iskip = 4;
	+ /* ESN */
	+ bcopy(enccrd->crd_esn, addr + 4, 4);
	+ oskip = iskip + 4;
	+ }
	+ crypto_copydata(crp->crp_flags, crp->crp_buf,
	+ enccrd->crd_skip + iskip, enccrd->crd_len - iskip,
	+ addr + oskip);
	} else
	*allocated = false;
	return (addr);
	@@ -651,8 +683,8 @@
	static void
	hmac_internal(void ctx, uint32_t res,
	int (update)(void , const void *, u_int),
	- void (finalize)(void , void ), uint8_t key, uint8_t xorbyte,
	- const void *buf, size_t off, size_t buflen, int crpflags)
	+ uint8_t key, uint8_t xorbyte, const void buf, size_t off,
	+ size_t buflen, int crpflags)
	{
	size_t i;

	@@ -664,7 +696,6 @@

	crypto_apply(crpflags, __DECONST(void *, buf), off, buflen,
	__DECONST(int ()(void , void *, u_int), update), ctx);
	- finalize(res, ctx);
	}

	static int
	@@ -728,7 +759,7 @@
	struct cryptodesc authcrd, struct cryptop crp)
	{
	uint8_t iv[AES_BLOCK_LEN], tag[GMAC_DIGEST_LEN], buf, authbuf;
	- int error, ivlen;
	+ int error, ivlen, authlen;
	bool encflag, allocated, authallocated;

	KASSERT((ses->algo != CRYPTO_AES_NIST_GCM_16 &&
	@@ -737,6 +768,7 @@

	ivlen = 0;
	authbuf = NULL;
	+ authlen = 0;

	buf = aesni_cipher_alloc(enccrd, crp, &allocated);
	if (buf == NULL)
	@@ -750,6 +782,10 @@
	error = ENOMEM;
	goto out;
	}
	+
	+ authlen = authcrd->crd_len;
	+ if (authcrd->crd_flags & CRD_F_ESN)
	+ authlen += 4;
	}

	error = 0;
	@@ -826,7 +862,7 @@

	if (encflag) {
	AES_GCM_encrypt(buf, buf, authbuf, iv, tag,
	- enccrd->crd_len, authcrd->crd_len, ivlen,
	+ enccrd->crd_len, authlen, ivlen,
	ses->enc_schedule, ses->rounds);

	if (authcrd != NULL)
	@@ -834,7 +870,7 @@
	authcrd->crd_inject, sizeof(tag), tag);
	} else {
	if (!AES_GCM_decrypt(buf, buf, authbuf, iv, tag,
	- enccrd->crd_len, authcrd->crd_len, ivlen,
	+ enccrd->crd_len, authlen, ivlen,
	ses->enc_schedule, ses->rounds))
	error = EBADMSG;
	}
	@@ -847,14 +883,14 @@
	bzero(tag, sizeof tag);
	if (encflag) {
	AES_CCM_encrypt(buf, buf, authbuf, iv, tag,
	- enccrd->crd_len, authcrd->crd_len, ivlen,
	+ enccrd->crd_len, authlen, ivlen,
	ses->enc_schedule, ses->rounds);
	if (authcrd != NULL)
	crypto_copyback(crp->crp_flags, crp->crp_buf,
	authcrd->crd_inject, sizeof(tag), tag);
	} else {
	if (!AES_CCM_decrypt(buf, buf, authbuf, iv, tag,
	- enccrd->crd_len, authcrd->crd_len, ivlen,
	+ enccrd->crd_len, authlen, ivlen,
	ses->enc_schedule, ses->rounds))
	error = EBADMSG;
	}
	@@ -870,7 +906,7 @@
	free(buf, M_AESNI);
	}
	if (authallocated) {
	- explicit_bzero(authbuf, authcrd->crd_len);
	+ explicit_bzero(authbuf, authlen);
	free(authbuf, M_AESNI);
	}
	return (error);
	@@ -893,9 +929,9 @@

	bool hmac;

	- if ((crd->crd_flags & ~CRD_F_KEY_EXPLICIT) != 0) {
	+ if ((crd->crd_flags & ~(CRD_F_KEY_EXPLICIT \| CRD_F_ESN)) != 0) {
	CRYPTDEB("%s: Unsupported MAC flags: 0x%x", __func__,
	- (crd->crd_flags & ~CRD_F_KEY_EXPLICIT));
	+ (crd->crd_flags & ~(CRD_F_KEY_EXPLICIT \| CRD_F_ESN)));
	return (EINVAL);
	}
	if ((crd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) {
	@@ -949,13 +985,19 @@
	if (hmac) {
	/* Inner hash: (K ^ IPAD) \|\| data */
	InitFn(ctx);
	- hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key,
	+ hmac_internal(ctx, res, UpdateFn, ses->hmac_key,
	0x36, crp->crp_buf, crd->crd_skip, crd->crd_len,
	crp->crp_flags);
	+ if (crd->crd_flags & CRD_F_ESN) {
	+ UpdateFn(ctx, crd->crd_esn, 4);
	+ }
	+ FinalizeFn(res, ctx);
	+
	/* Outer hash: (K ^ OPAD) \|\| inner hash */
	InitFn(ctx);
	- hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key,
	+ hmac_internal(ctx, res, UpdateFn, ses->hmac_key,
	0x5C, res, 0, hashlen, 0);
	+ FinalizeFn(res, ctx);
	} else {
	InitFn(ctx);
	crypto_apply(crp->crp_flags, crp->crp_buf, crd->crd_skip,

File Metadata

Mime Type: text/plain
Expires: Tue, Apr 21, 3:53 AM (10 h, 53 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31886281
Default Alt Text: D22365.id64312.diff (5 KB)

D22365.id64312.diff
No OneTemporary
Actions

D22365.id64312.diff
View Options

File Metadata

Event Timeline

D22365.id64312.diffNo OneTemporaryActions

D22365.id64312.diffView Options

File Metadata

Event Timeline

D22365.id64312.diff
No OneTemporary
Actions

D22365.id64312.diff
View Options