Page MenuHomeFreeBSD
Differential D32108

cryptodev: Permit CIOCCRYPT for AEAD ciphers.
ClosedPublic
Actions

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
F153468891: D32108.diff
Tue, Apr 21, 8:30 AM
F153443774: D32108.diff
Tue, Apr 21, 5:15 AM
Unknown Object (File)
Mon, Apr 20, 1:03 PM
Unknown Object (File)
Mon, Apr 20, 4:19 AM
Unknown Object (File)
Fri, Apr 10, 7:33 PM
Unknown Object (File)
Tue, Apr 7, 6:23 PM
Unknown Object (File)
Tue, Apr 7, 11:44 AM
Unknown Object (File)
Fri, Apr 3, 6:21 AM
View All Files
Subscribers
emaste
imp
jmg

Details

Reviewers
markj
Commits
rGac648e3affe3: cryptodev: Permit CIOCCRYPT for AEAD ciphers.
rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers.
Summary

A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 41906
Build 38794: arc lint + arc unit

Event Timeline

jhb created this revision.Sep 24 2021, 6:04 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptSep 24 2021, 6:04 PM
jhb requested review of this revision.Sep 24 2021, 6:04 PM
jhb added a parent revision: D32107: cryptodev: Permit explicit IV/nonce and MAC/tag lengths..
jhb added a child revision: D32109: cryptodev: Allow some CIOCCRYPT operations with an empty payload..
Harbormaster completed remote builds in B41709: Diff 95642.Sep 24 2021, 6:05 PM
jhb added a comment.Sep 24 2021, 6:07 PM

This was triggered by cryptotest.py since it uses CIOCCRYPT for requests without AAD and some of the AES-CCM tests use empty AAD.

jhb mentioned this in D32109: cryptodev: Allow some CIOCCRYPT operations with an empty payload..Sep 24 2021, 6:08 PM
jhb added a reviewer: markj.Sep 27 2021, 9:33 PM
markj added a comment.Sep 28 2021, 2:44 PM

crp_sanity() asserts that for AEAD requests the IV must be in a separate buffer, i.e., CRYPTO_F_IV_SEPARATE is set. cryptodev_aead() ensures this, but cryptodev_op() does not.

jhb added a comment.Oct 1 2021, 9:08 PM

Mmm, true. I will add a test that rejects AEAD requests without a separate IV.

jhb updated this revision to Diff 96112.Oct 1 2021, 9:23 PM
  • Reject AEAD requests without an explicit IV.
Harbormaster completed remote builds in B41906: Diff 96112.Oct 1 2021, 9:23 PM
markj accepted this revision.Oct 1 2021, 9:41 PM
This revision is now accepted and ready to land.Oct 1 2021, 9:41 PM
Closed by commit rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers. (authored by jhb). · Explain WhyOct 6 2021, 9:11 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers..
jhb added a commit: rGac648e3affe3: cryptodev: Permit CIOCCRYPT for AEAD ciphers..Oct 21 2021, 10:04 PM

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
7 lines

Diff 96112

View Options

sys/opencrypto/cryptodev.c

Loading...