Page MenuHomeFreeBSD

crypto: Refactor software support for AEAD ciphers.
ClosedPublic

Authored by jhb on Nov 30 2021, 5:18 PM.
Tags
None
Referenced Files
F105274791: D33196.id99781.diff
Sat, Dec 14, 8:43 AM
Unknown Object (File)
Mon, Dec 9, 1:08 AM
Unknown Object (File)
Thu, Dec 5, 4:23 AM
Unknown Object (File)
Mon, Dec 2, 7:12 AM
Unknown Object (File)
Mon, Dec 2, 7:12 AM
Unknown Object (File)
Mon, Dec 2, 7:12 AM
Unknown Object (File)
Mon, Nov 25, 8:06 PM
Unknown Object (File)
Mon, Nov 25, 7:11 PM
Subscribers

Details

Summary

Extend struct enc_xform to add new members to handle auth operations
for AEAD ciphers. In particular, AEAD operations in cryptosoft no
longer use a struct auth_hash. Instead, the setkey and reinit methods
of struct enc_xform are responsible for initializing both the cipher
and auth state.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 43060
Build 39948: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Nov 30 2021, 5:18 PM
This revision is now accepted and ready to land.Dec 3 2021, 2:55 PM
sys/opencrypto/xform_aes_icm.c
129

So this was a bug (I forgot to change this to aes_ccm_setkey) that the compiler warned about (unused function).

I had used '-d soft' instead of '-d cryptosoft0' when testing and device aesni in GENERIC meant I was testing aesni originally.

When I retested in a VM to make sure this broke, I actually killed bhyve as the uninitialized AES_CBC_MAC state caused a wild pointer passed to a xor instruction to trigger an EPT page fault (maybe it was to an MMIO region?) and bhyve died with an abort trap. Fun times.