Changeset View
Changeset View
Standalone View
Standalone View
sys/crypto/openssl/ossl.c
Show First 20 Lines • Show All 129 Lines • ▼ Show 20 Lines | ossl_lookup_hash(const struct crypto_session_params *csp) | ||||
case CRYPTO_SHA2_256_HMAC: | case CRYPTO_SHA2_256_HMAC: | ||||
return (&ossl_hash_sha256); | return (&ossl_hash_sha256); | ||||
case CRYPTO_SHA2_384: | case CRYPTO_SHA2_384: | ||||
case CRYPTO_SHA2_384_HMAC: | case CRYPTO_SHA2_384_HMAC: | ||||
return (&ossl_hash_sha384); | return (&ossl_hash_sha384); | ||||
case CRYPTO_SHA2_512: | case CRYPTO_SHA2_512: | ||||
case CRYPTO_SHA2_512_HMAC: | case CRYPTO_SHA2_512_HMAC: | ||||
return (&ossl_hash_sha512); | return (&ossl_hash_sha512); | ||||
case CRYPTO_POLY1305: | |||||
return (&ossl_hash_poly1305); | |||||
default: | default: | ||||
return (NULL); | return (NULL); | ||||
} | } | ||||
} | } | ||||
static int | static int | ||||
ossl_probesession(device_t dev, const struct crypto_session_params *csp) | ossl_probesession(device_t dev, const struct crypto_session_params *csp) | ||||
{ | { | ||||
if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != | if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != | ||||
0) | 0) | ||||
return (EINVAL); | return (EINVAL); | ||||
switch (csp->csp_mode) { | switch (csp->csp_mode) { | ||||
case CSP_MODE_DIGEST: | case CSP_MODE_DIGEST: | ||||
if (ossl_lookup_hash(csp) == NULL) | if (ossl_lookup_hash(csp) == NULL) | ||||
return (EINVAL); | return (EINVAL); | ||||
break; | break; | ||||
default: | default: | ||||
return (EINVAL); | return (EINVAL); | ||||
} | } | ||||
return (CRYPTODEV_PROBE_ACCEL_SOFTWARE); | return (CRYPTODEV_PROBE_ACCEL_SOFTWARE); | ||||
} | } | ||||
static void | |||||
ossl_setkey_hmac(struct ossl_session *s, const void *key, int klen) | |||||
{ | |||||
hmac_init_ipad(s->hash.axf, key, klen, &s->hash.ictx); | |||||
hmac_init_opad(s->hash.axf, key, klen, &s->hash.octx); | |||||
} | |||||
static int | static int | ||||
ossl_newsession(device_t dev, crypto_session_t cses, | ossl_newsession(device_t dev, crypto_session_t cses, | ||||
const struct crypto_session_params *csp) | const struct crypto_session_params *csp) | ||||
{ | { | ||||
struct ossl_session *s; | struct ossl_session *s; | ||||
struct auth_hash *axf; | struct auth_hash *axf; | ||||
s = crypto_get_driver_session(cses); | s = crypto_get_driver_session(cses); | ||||
axf = ossl_lookup_hash(csp); | axf = ossl_lookup_hash(csp); | ||||
s->hash.axf = axf; | s->hash.axf = axf; | ||||
if (csp->csp_auth_mlen == 0) | if (csp->csp_auth_mlen == 0) | ||||
s->hash.mlen = axf->hashsize; | s->hash.mlen = axf->hashsize; | ||||
else | else | ||||
s->hash.mlen = csp->csp_auth_mlen; | s->hash.mlen = csp->csp_auth_mlen; | ||||
if (csp->csp_auth_klen == 0) { | if (csp->csp_auth_klen == 0) { | ||||
axf->Init(&s->hash.ictx); | axf->Init(&s->hash.ictx); | ||||
} else { | } else { | ||||
if (csp->csp_auth_key != NULL) { | if (csp->csp_auth_key != NULL) { | ||||
cem: It seems like we have an extra nest level here. csp_auth_key != NULL should be true IFF… | |||||
fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | ||||
ossl_setkey_hmac(s, csp->csp_auth_key, | if (axf->Setkey != NULL) { | ||||
axf->Init(&s->hash.ictx); | |||||
axf->Setkey(&s->hash.ictx, csp->csp_auth_key, | |||||
csp->csp_auth_klen); | csp->csp_auth_klen); | ||||
} else { | |||||
hmac_init_ipad(axf, csp->csp_auth_key, | |||||
csp->csp_auth_klen, &s->hash.ictx); | |||||
hmac_init_opad(axf, csp->csp_auth_key, | |||||
csp->csp_auth_klen, &s->hash.octx); | |||||
} | |||||
Done Inline ActionsThe implication is that hash functions with a Setkey operation cannot be HMACs? That's probably fine. cem: The implication is that hash functions with a Setkey operation cannot be HMACs? That's… | |||||
Done Inline Actions
Correct. jhb: > The implication is that hash functions with a Setkey operation cannot be HMACs? That's… | |||||
fpu_kern_leave(curthread, NULL); | fpu_kern_leave(curthread, NULL); | ||||
} | } | ||||
} | } | ||||
return (0); | return (0); | ||||
} | } | ||||
static int | static int | ||||
ossl_process(device_t dev, struct cryptop *crp, int hint) | ossl_process(device_t dev, struct cryptop *crp, int hint) | ||||
Show All 12 Lines | ossl_process(device_t dev, struct cryptop *crp, int hint) | ||||
if (is_fpu_kern_thread(0)) { | if (is_fpu_kern_thread(0)) { | ||||
fpu_entered = false; | fpu_entered = false; | ||||
} else { | } else { | ||||
fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); | ||||
fpu_entered = true; | fpu_entered = true; | ||||
} | } | ||||
if (crp->crp_auth_key != NULL) | if (crp->crp_auth_key == NULL) { | ||||
ossl_setkey_hmac(s, crp->crp_auth_key, csp->csp_auth_klen); | |||||
ctx = s->hash.ictx; | ctx = s->hash.ictx; | ||||
} else { | |||||
if (axf->Setkey != NULL) { | |||||
axf->Init(&ctx); | |||||
axf->Setkey(&ctx, crp->crp_auth_key, | |||||
csp->csp_auth_klen); | |||||
} else { | |||||
hmac_init_ipad(axf, crp->crp_auth_key, | |||||
csp->csp_auth_klen, &ctx); | |||||
Done Inline ActionsWhy move opad initialization below instead of just doing it here? Avoid a copy? cem: Why move opad initialization below instead of just doing it here? Avoid a copy? | |||||
Done Inline Actions
It overwrites the single ctx. Basically, we have a single auth ctx on the stack. We either copy it from a saved context when using session keys, or we generate the context on the fly when using per-op keys. Moving opad here would mean having to store two copies on the stack. jhb: > Why move opad initialization below instead of just doing it here? Avoid a copy?
It… | |||||
Done Inline ActionsOk cem: Ok | |||||
} | |||||
} | |||||
if (crp->crp_aad != NULL) | if (crp->crp_aad != NULL) | ||||
error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); | error = axf->Update(&ctx, crp->crp_aad, crp->crp_aad_length); | ||||
else | else | ||||
error = crypto_apply(crp, crp->crp_aad_start, | error = crypto_apply(crp, crp->crp_aad_start, | ||||
crp->crp_aad_length, axf->Update, &ctx); | crp->crp_aad_length, axf->Update, &ctx); | ||||
if (error) | if (error) | ||||
goto out; | goto out; | ||||
error = crypto_apply(crp, crp->crp_payload_start, | error = crypto_apply(crp, crp->crp_payload_start, | ||||
crp->crp_payload_length, axf->Update, &ctx); | crp->crp_payload_length, axf->Update, &ctx); | ||||
if (error) | if (error) | ||||
goto out; | goto out; | ||||
axf->Final(digest, &ctx); | axf->Final(digest, &ctx); | ||||
if (csp->csp_auth_klen != 0) { | if (csp->csp_auth_klen != 0 && axf->Setkey == NULL) { | ||||
if (crp->crp_auth_key == NULL) | |||||
ctx = s->hash.octx; | ctx = s->hash.octx; | ||||
else | |||||
hmac_init_opad(axf, crp->crp_auth_key, | |||||
csp->csp_auth_klen, &ctx); | |||||
axf->Update(&ctx, digest, axf->hashsize); | axf->Update(&ctx, digest, axf->hashsize); | ||||
axf->Final(digest, &ctx); | axf->Final(digest, &ctx); | ||||
} | } | ||||
if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { | if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { | ||||
char digest2[HASH_MAX_LEN]; | char digest2[HASH_MAX_LEN]; | ||||
crypto_copydata(crp, crp->crp_digest_start, s->hash.mlen, | crypto_copydata(crp, crp->crp_digest_start, s->hash.mlen, | ||||
▲ Show 20 Lines • Show All 45 Lines • Show Last 20 Lines |
It seems like we have an extra nest level here. csp_auth_key != NULL should be true IFF csp_auth_klen != 0, and vice versa? (During newsession.)
Nevermind, I guess we could be creating a keyed-hash session without any per-session key.