Page MenuHomeFreeBSD
Differential D11758

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
ClosedPublic
Actions

Authored by jhb on Jul 27 2017, 9:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 14, 10:50 AM
Unknown Object (File)
Mon, Apr 14, 4:04 AM
Unknown Object (File)
Sun, Apr 13, 10:25 PM
Unknown Object (File)
Sun, Apr 13, 10:19 PM
Unknown Object (File)
Mar 11 2025, 6:06 AM
Unknown Object (File)
Mar 11 2025, 5:51 AM
Unknown Object (File)
Mar 8 2025, 11:12 AM
Unknown Object (File)
Feb 28 2025, 7:27 AM
View All 52 Files
Subscribers
cperciva
jmg
np
pjd
secteam

Details

Reviewers
cem
Commits
rS323889: Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
Summary

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.

Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames. Linux's crypto framework also assumes this layout for
AEAD requests.

Test Plan
  • tested IPSec-like requests using the cryptocheck tool against the Chelsio ccr(4) driver and out-of-tree Intel qat(4) driver. Also verified no regressions with aesni0 or cryptosoft
  • note that I hacked ccr(4) to play crazy games with sglists to work around this issue (it will construct a S/G list that places the AAD first), but it is non-ideal as it results in more complicated S/G lists

Diff Detail

Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 10707
Build 11107: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
30 lines

Diff 31276

View Options

sys/opencrypto/cryptodev.c

Loading...