Page MenuHomeFreeBSD
Differential D11758

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
ClosedPublic
Actions

Authored by jhb on Jul 27 2017, 9:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 27, 7:24 AM
Unknown Object (File)
Fri, Nov 21, 9:04 AM
Unknown Object (File)
Fri, Nov 21, 9:03 AM
Unknown Object (File)
Fri, Nov 21, 9:02 AM
Unknown Object (File)
Fri, Nov 21, 9:01 AM
Unknown Object (File)
Thu, Nov 6, 5:17 PM
Unknown Object (File)
Thu, Nov 6, 5:17 PM
Unknown Object (File)
Thu, Nov 6, 5:17 PM
View All 81 Files
Subscribers
cperciva
jmg
np
pjd
secteam

Details

Reviewers
cem
Commits
rS323889: Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
Summary

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.

Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames. Linux's crypto framework also assumes this layout for
AEAD requests.

Test Plan
  • tested IPSec-like requests using the cryptocheck tool against the Chelsio ccr(4) driver and out-of-tree Intel qat(4) driver. Also verified no regressions with aesni0 or cryptosoft
  • note that I hacked ccr(4) to play crazy games with sglists to work around this issue (it will construct a S/G list that places the AAD first), but it is non-ideal as it results in more complicated S/G lists

Diff Detail

Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 10707
Build 11107: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
30 lines

Diff 31276

View Options

sys/opencrypto/cryptodev.c

Loading...