Page MenuHomeFreeBSD

cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.
ClosedPublic

Authored by jhb on Jan 5 2022, 10:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 26, 6:05 PM
Unknown Object (File)
Sun, Jan 26, 6:05 PM
Unknown Object (File)
Fri, Jan 17, 10:50 AM
Unknown Object (File)
Fri, Jan 17, 6:52 AM
Unknown Object (File)
Wed, Jan 15, 1:48 AM
Unknown Object (File)
Thu, Jan 9, 5:40 PM
Unknown Object (File)
Thu, Jan 2, 2:41 AM
Unknown Object (File)
Dec 7 2024, 4:03 AM
Subscribers

Details

Summary

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 43745
Build 40633: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Jan 5 2022, 10:14 PM
markj added inline comments.
sys/opencrypto/cryptosoft.c
444–447
460
488

Couldn't this be a for-loop as well? for (resid = crp->crp_payload_length; resid >= blksz; resid -= todo)

535

Suppose todo == inlen, so the current input segment is a multiple of the block size. Then, on the next iteration we'll bounce the first block of the next segment through blk, even though that's not necessarily required. I don't think there's a correctness problem there, just seems suboptimal.

572

Again, seems like this should be a for-loop.

603

Same comment about not reloading the segment if outlen == 0 after subtracting todo.

This revision is now accepted and ready to land.Jan 6 2022, 3:09 PM
jhb marked 2 inline comments as done.Jan 6 2022, 7:21 PM
jhb added inline comments.
sys/opencrypto/cryptosoft.c
488

I did this more to match swcr_encdec(), but I could make it a for loop. I think I want all of them to be the same though, so I might go back and adjust swcr_encdec() then.

535

I think in the chacha20_poly1305 case I noticed this and fixed it. Part of the problem is that the GCM update routine wants blocks except for the last update. I think though I could handle this case by just checking for 'inlen == todo' here.

sys/opencrypto/cryptosoft.c
535

Actually, this suboptimal behavior is present even in swcr_encdec(), so I will have to go back and fix them all.

  • Use for loop instead of while.
  • Handle boundary conditions when segment ends on a block boundary.
This revision now requires review to proceed.Jan 6 2022, 9:55 PM
This revision is now accepted and ready to land.Jan 7 2022, 2:11 PM