Page MenuHomeFreeBSD

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
ClosedPublic

Authored by jhb on Jul 27 2017, 9:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 19, 5:53 PM
Unknown Object (File)
Thu, Dec 19, 3:02 PM
Unknown Object (File)
Fri, Nov 29, 7:56 PM
Unknown Object (File)
Mon, Nov 25, 5:18 AM
Unknown Object (File)
Nov 23 2024, 6:46 PM
Unknown Object (File)
Nov 17 2024, 7:21 AM
Unknown Object (File)
Nov 15 2024, 7:55 PM
Unknown Object (File)
Sep 18 2024, 6:36 PM

Details

Summary

Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.

Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames. Linux's crypto framework also assumes this layout for
AEAD requests.

Test Plan
  • tested IPSec-like requests using the cryptocheck tool against the Chelsio ccr(4) driver and out-of-tree Intel qat(4) driver. Also verified no regressions with aesni0 or cryptosoft
  • note that I hacked ccr(4) to play crazy games with sglists to work around this issue (it will construct a S/G list that places the AAD first), but it is non-ideal as it results in more complicated S/G lists

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable