Changeset View
Changeset View
Standalone View
Standalone View
sys/crypto/openssl/ossl.c
| Show First 20 Lines • Show All 129 Lines • ▼ Show 20 Lines | ossl_lookup_hash(const struct crypto_session_params *csp) | ||||
| case CRYPTO_SHA2_256_HMAC: | case CRYPTO_SHA2_256_HMAC: | ||||
| return (&ossl_hash_sha256); | return (&ossl_hash_sha256); | ||||
| case CRYPTO_SHA2_384: | case CRYPTO_SHA2_384: | ||||
| case CRYPTO_SHA2_384_HMAC: | case CRYPTO_SHA2_384_HMAC: | ||||
| return (&ossl_hash_sha384); | return (&ossl_hash_sha384); | ||||
| case CRYPTO_SHA2_512: | case CRYPTO_SHA2_512: | ||||
| case CRYPTO_SHA2_512_HMAC: | case CRYPTO_SHA2_512_HMAC: | ||||
| return (&ossl_hash_sha512); | return (&ossl_hash_sha512); | ||||
| case CRYPTO_POLY1305: | |||||
| return (&ossl_hash_poly1305); | |||||
| default: | default: | ||||
| return (NULL); | return (NULL); | ||||
| } | } | ||||
| } | } | ||||
| static int | static int | ||||
| ossl_probesession(device_t dev, const struct crypto_session_params *csp) | ossl_probesession(device_t dev, const struct crypto_session_params *csp) | ||||
| { | { | ||||
| if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != | if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != | ||||
| 0) | 0) | ||||
| return (EINVAL); | return (EINVAL); | ||||
| switch (csp->csp_mode) { | switch (csp->csp_mode) { | ||||
| case CSP_MODE_DIGEST: | case CSP_MODE_DIGEST: | ||||
| if (ossl_lookup_hash(csp) == NULL) | if (ossl_lookup_hash(csp) == NULL) | ||||
| return (EINVAL); | return (EINVAL); | ||||
| break; | break; | ||||
| default: | default: | ||||
| return (EINVAL); | return (EINVAL); | ||||
| } | } | ||||
| return (CRYPTODEV_PROBE_ACCEL_SOFTWARE); | return (CRYPTODEV_PROBE_ACCEL_SOFTWARE); | ||||
| } | } | ||||
| static void | |||||
| ossl_setkey_hmac(struct ossl_session *s, const void *key, int klen) | |||||
| { | |||||
| hmac_init_ipad(s->hash.axf, key, klen, &s->hash.ictx); | |||||
| hmac_init_opad(s->hash.axf, key, klen, &s->hash.octx); | |||||
| } | |||||
| static int | static int | ||||
| ossl_newsession(device_t dev, crypto_session_t cses, | ossl_newsession(device_t dev, crypto_session_t cses, | ||||
| const struct crypto_session_params *csp) | const struct crypto_session_params *csp) | ||||
| { | { | ||||
| struct ossl_session *s; | struct ossl_session *s; | ||||
| struct auth_hash *axf; | struct auth_hash *axf; | ||||
| s = crypto_get_driver_session(cses); | s = crypto_get_driver_session(cses); | ||||
| axf = ossl_lookup_hash(csp); | axf = ossl_lookup_hash(csp); | ||||
| s->hash.axf = axf; | s->hash.axf = axf; | ||||
| if (csp->csp_auth_mlen == 0) | if (csp->csp_auth_mlen == 0) | ||||
| s->hash.mlen = axf->hashsize; | s->hash.mlen = axf->hashsize; | ||||
| else | else | ||||
| s->hash.mlen = csp->csp_auth_mlen; | s->hash.mlen = csp->csp_auth_mlen; | ||||
| if (csp->csp_auth_klen == 0) { | if (csp->csp_auth_klen == 0) { | ||||
| axf->Init(&s->hash.ictx); | axf->Init(&s->hash.ictx); | ||||
| } else { | } else { | ||||
| if (csp->csp_auth_key != NULL) { | if (csp->csp_auth_key != NULL) { | ||||
cem: It seems like we have an extra nest level here. csp_auth_key != NULL should be true IFF… | |||||
| fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | ||||
| ossl_setkey_hmac(s, csp->csp_auth_key, | if (axf->Setkey != NULL) { | ||||
| axf->Init(&s->hash.ictx); | |||||
| axf->Setkey(&s->hash.ictx, csp->csp_auth_key, | |||||
| csp->csp_auth_klen); | csp->csp_auth_klen); | ||||
| } else { | |||||
| hmac_init_ipad(axf, csp->csp_auth_key, | |||||
| csp->csp_auth_klen, &s->hash.ictx); | |||||
| hmac_init_opad(axf, csp->csp_auth_key, | |||||
| csp->csp_auth_klen, &s->hash.octx); | |||||
| } | |||||
Done Inline ActionsThe implication is that hash functions with a Setkey operation cannot be HMACs? That's probably fine. cem: The implication is that hash functions with a Setkey operation cannot be HMACs? That's… | |||||
Done Inline Actions
Correct. jhb: > The implication is that hash functions with a Setkey operation cannot be HMACs? That's… | |||||
| fpu_kern_leave(curthread, NULL); | fpu_kern_leave(curthread, NULL); | ||||
| } | } | ||||
| } | } | ||||
| return (0); | return (0); | ||||
| } | } | ||||
| static int | static int | ||||
| ossl_process(device_t dev, struct cryptop *crp, int hint) | ossl_process(device_t dev, struct cryptop *crp, int hint) | ||||
| Show All 12 Lines | ossl_process(device_t dev, struct cryptop *crp, int hint) | ||||
| if (is_fpu_kern_thread(0)) { | if (is_fpu_kern_thread(0)) { | ||||
| fpu_entered = false; | fpu_entered = false; | ||||
| } else { | } else { | ||||
| fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | ||||
| fpu_entered = true; | fpu_entered = true; | ||||
| } | } | ||||
| if (crp->crp_auth_key != NULL) | if (crp->crp_auth_key == NULL) { | ||||
| ossl_setkey_hmac(s, crp->crp_auth_key, csp->csp_auth_klen); | |||||
| ctx = s->hash.ictx; | ctx = s->hash.ictx; | ||||
| } else { | |||||
| if (axf->Setkey != NULL) { | |||||
| axf->Init(&ctx); | |||||
| axf->Setkey(&ctx, crp->crp_auth_key, | |||||
| csp->csp_auth_klen); | |||||
| } else { | |||||
| hmac_init_ipad(axf, crp->crp_auth_key, | |||||
| csp->csp_auth_klen, &ctx); | |||||
Done Inline ActionsWhy move opad initialization below instead of just doing it here? Avoid a copy? cem: Why move opad initialization below instead of just doing it here? Avoid a copy? | |||||
Done Inline Actions
It overwrites the single ctx. Basically, we have a single auth ctx on the stack. We either copy it from a saved context when using session keys, or we generate the context on the fly when using per-op keys. Moving opad here would mean having to store two copies on the stack. jhb: > Why move opad initialization below instead of just doing it here? Avoid a copy?
It… | |||||
Done Inline ActionsOk cem: Ok | |||||
| } | |||||
| } | |||||
| if (crp->crp_aad != NULL) | if (crp->crp_aad != NULL) | ||||
| error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); | error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); | ||||
| else | else | ||||
| error = crypto_apply(crp, crp->crp_aad_start, | error = crypto_apply(crp, crp->crp_aad_start, | ||||
| crp->crp_aad_length, axf->Update, &ctx); | crp->crp_aad_length, axf->Update, &ctx); | ||||
| if (error) | if (error) | ||||
| goto out; | goto out; | ||||
| error = crypto_apply(crp, crp->crp_payload_start, | error = crypto_apply(crp, crp->crp_payload_start, | ||||
| crp->crp_payload_length, axf->Update, &ctx); | crp->crp_payload_length, axf->Update, &ctx); | ||||
| if (error) | if (error) | ||||
| goto out; | goto out; | ||||
| axf->Final(digest, &ctx); | axf->Final(digest, &ctx); | ||||
| if (csp->csp_auth_klen != 0) { | if (csp->csp_auth_klen != 0 && axf->Setkey == NULL) { | ||||
| if (crp->crp_auth_key == NULL) | |||||
| ctx = s->hash.octx; | ctx = s->hash.octx; | ||||
| else | |||||
| hmac_init_opad(axf, crp->crp_auth_key, | |||||
| csp->csp_auth_klen, &ctx); | |||||
| axf->Update(&ctx, digest, axf->hashsize); | axf->Update(&ctx, digest, axf->hashsize); | ||||
| axf->Final(digest, &ctx); | axf->Final(digest, &ctx); | ||||
| } | } | ||||
| if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { | if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { | ||||
| char digest2[HASH_MAX_LEN]; | char digest2[HASH_MAX_LEN]; | ||||
| crypto_copydata(crp, crp->crp_digest_start, s->hash.mlen, | crypto_copydata(crp, crp->crp_digest_start, s->hash.mlen, | ||||
| ▲ Show 20 Lines • Show All 45 Lines • Show Last 20 Lines | |||||
It seems like we have an extra nest level here. csp_auth_key != NULL should be true IFF csp_auth_klen != 0, and vice versa? (During newsession.)
Nevermind, I guess we could be creating a keyed-hash session without any per-session key.