Changeset View
Changeset View
Standalone View
Standalone View
sys/opencrypto/cryptodev.c
| Show First 20 Lines • Show All 97 Lines • ▼ Show 20 Lines | struct session2_op32 { | ||||
| uint32_t cipher; | uint32_t cipher; | ||||
| uint32_t mac; | uint32_t mac; | ||||
| uint32_t keylen; | uint32_t keylen; | ||||
| uint32_t key; | uint32_t key; | ||||
| int mackeylen; | int mackeylen; | ||||
| uint32_t mackey; | uint32_t mackey; | ||||
| uint32_t ses; | uint32_t ses; | ||||
| int crid; | int crid; | ||||
| int pad[4]; | int ivlen; | ||||
| int maclen; | |||||
| int pad[2]; | |||||
| }; | }; | ||||
| struct crypt_op32 { | struct crypt_op32 { | ||||
| uint32_t ses; | uint32_t ses; | ||||
| uint16_t op; | uint16_t op; | ||||
| uint16_t flags; | uint16_t flags; | ||||
| u_int len; | u_int len; | ||||
| uint32_t src, dst; | uint32_t src, dst; | ||||
| Show All 36 Lines | |||||
| } | } | ||||
| static void | static void | ||||
| session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) | session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) | ||||
| { | { | ||||
| session_op_from_32((const struct session_op32 *)from, to); | session_op_from_32((const struct session_op32 *)from, to); | ||||
| CP(*from, *to, crid); | CP(*from, *to, crid); | ||||
| CP(*from, *to, ivlen); | |||||
| CP(*from, *to, maclen); | |||||
| } | } | ||||
| static void | static void | ||||
| session_op_to_32(const struct session2_op *from, struct session_op32 *to) | session_op_to_32(const struct session2_op *from, struct session_op32 *to) | ||||
| { | { | ||||
| CP(*from, *to, cipher); | CP(*from, *to, cipher); | ||||
| CP(*from, *to, mac); | CP(*from, *to, mac); | ||||
| ▲ Show 20 Lines • Show All 419 Lines • ▼ Show 20 Lines | if (csp.csp_auth_klen != 0) { | ||||
| CRYPTDEB("invalid mac key"); | CRYPTDEB("invalid mac key"); | ||||
| SDT_PROBE1(opencrypto, dev, ioctl, error, | SDT_PROBE1(opencrypto, dev, ioctl, error, | ||||
| __LINE__); | __LINE__); | ||||
| goto bail; | goto bail; | ||||
| } | } | ||||
| csp.csp_auth_key = mackey; | csp.csp_auth_key = mackey; | ||||
| } | } | ||||
| if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC) | if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC) | ||||
markj: Why is this assignment needed? It is done again below. | |||||
Done Inline ActionsOops, an earlier leftover from my first cut at doing this. jhb: Oops, an earlier leftover from my first cut at doing this. | |||||
| csp.csp_ivlen = AES_GCM_IV_LEN; | csp.csp_ivlen = AES_GCM_IV_LEN; | ||||
| if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC) | if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC) | ||||
| csp.csp_ivlen = AES_CCM_IV_LEN; | csp.csp_ivlen = AES_CCM_IV_LEN; | ||||
| } | } | ||||
| if (sop->ivlen != 0) { | |||||
| if (csp.csp_ivlen == 0) { | |||||
| CRYPTDEB("does not support an IV"); | |||||
| error = EINVAL; | |||||
| SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | |||||
| goto bail; | |||||
| } | |||||
| csp.csp_ivlen = sop->ivlen; | |||||
| } | |||||
| if (sop->maclen != 0) { | |||||
| if (!(thash != NULL || csp.csp_mode == CSP_MODE_AEAD)) { | |||||
| CRYPTDEB("does not support a MAC"); | |||||
| error = EINVAL; | |||||
| SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | |||||
| goto bail; | |||||
| } | |||||
| csp.csp_auth_mlen = sop->maclen; | |||||
| } | |||||
| crid = sop->crid; | crid = sop->crid; | ||||
| error = checkforsoftware(&crid); | error = checkforsoftware(&crid); | ||||
| if (error) { | if (error) { | ||||
| CRYPTDEB("checkforsoftware"); | CRYPTDEB("checkforsoftware"); | ||||
| SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
| goto bail; | goto bail; | ||||
| } | } | ||||
| error = crypto_newsession(&cses, &csp, crid); | error = crypto_newsession(&cses, &csp, crid); | ||||
| if (error) { | if (error) { | ||||
| CRYPTDEB("crypto_newsession"); | CRYPTDEB("crypto_newsession"); | ||||
| SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); | ||||
| goto bail; | goto bail; | ||||
| } | } | ||||
| cse = malloc(sizeof(struct csession), M_XDATA, M_WAITOK | M_ZERO); | cse = malloc(sizeof(struct csession), M_XDATA, M_WAITOK | M_ZERO); | ||||
| mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); | mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); | ||||
| refcount_init(&cse->refs, 1); | refcount_init(&cse->refs, 1); | ||||
| cse->key = key; | cse->key = key; | ||||
| cse->mackey = mackey; | cse->mackey = mackey; | ||||
| cse->cses = cses; | cse->cses = cses; | ||||
| cse->txform = txform; | cse->txform = txform; | ||||
| if (thash != NULL) | if (sop->maclen != 0) | ||||
| cse->hashsize = sop->maclen; | |||||
| else if (thash != NULL) | |||||
| cse->hashsize = thash->hashsize; | cse->hashsize = thash->hashsize; | ||||
| else if (csp.csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) | else if (csp.csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) | ||||
| cse->hashsize = AES_GMAC_HASH_LEN; | cse->hashsize = AES_GMAC_HASH_LEN; | ||||
| else if (csp.csp_cipher_alg == CRYPTO_AES_CCM_16) | else if (csp.csp_cipher_alg == CRYPTO_AES_CCM_16) | ||||
| cse->hashsize = AES_CBC_MAC_HASH_LEN; | cse->hashsize = AES_CBC_MAC_HASH_LEN; | ||||
| else if (csp.csp_cipher_alg == CRYPTO_CHACHA20_POLY1305) | else if (csp.csp_cipher_alg == CRYPTO_CHACHA20_POLY1305) | ||||
| cse->hashsize = POLY1305_HASH_LEN; | cse->hashsize = POLY1305_HASH_LEN; | ||||
| cse->ivsize = csp.csp_ivlen; | cse->ivsize = csp.csp_ivlen; | ||||
| ▲ Show 20 Lines • Show All 768 Lines • Show Last 20 Lines | |||||
Why is this assignment needed? It is done again below.