d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b40dd828bd
freebsd-dev/sys/dev/glxsb/glxsb_hash.c
John Baldwin 9b6b2f8608 Adjust crypto_apply function callbacks for OCF. 
- crypto_apply() is only used for reading a buffer to compute a
  digest, so change the data pointer to a const pointer.

- To better match m_apply(), change the data pointer type to void *
  and the length from uint16_t to u_int.  The length field in
  particular matters as none of the apply logic was splitting requests
  larger than UINT16_MAX.

- Adjust the auth_xform Update callback to match the function
  prototype passed to crypto_apply() and crypto_apply_buf().  This
  removes the needs for casts when using the Update callback.

- Change the Reinit and Setkey callbacks to also use a u_int length
  instead of uint16_t.

- Update auth transforms for the changes.  While here, use C99
  initializers for auth_hash structures and avoid casts on callbacks.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25171
2020-06-10 21:18:19 +00:00

158 lines
4.4 KiB
C
Raw Blame History

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <opencrypto/xform.h>
#include "glxsb.h"
/*
* Implementation notes.
*
* The Geode LX Security Block provides AES-128-CBC acceleration.
* We implement all HMAC algorithms provided by crypto(9) framework so glxsb can work
* with ipsec(4)
*
* This code was stolen from crypto/via/padlock_hash.c
*/
MALLOC_DECLARE(M_GLXSB);
static void
glxsb_hash_key_setup(struct glxsb_session *ses, const char *key, int klen)
{
struct auth_hash *axf;
axf = ses->ses_axf;
hmac_init_ipad(axf, key, klen, ses->ses_ictx);
hmac_init_opad(axf, key, klen, ses->ses_octx);
}
/*
* Compute keyed-hash authenticator.
*/
static int
glxsb_authcompute(struct glxsb_session *ses, struct cryptop *crp)
{
u_char hash[HASH_MAX_LEN], hash2[HASH_MAX_LEN];
struct auth_hash *axf;
union authctx ctx;
int error;
axf = ses->ses_axf;
bcopy(ses->ses_ictx, &ctx, axf->ctxsize);
error = crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
axf->Update, &ctx);
if (error != 0)
return (error);
error = crypto_apply(crp, crp->crp_payload_start,
crp->crp_payload_length, axf->Update, &ctx);
if (error != 0)
return (error);
axf->Final(hash, &ctx);
bcopy(ses->ses_octx, &ctx, axf->ctxsize);
axf->Update(&ctx, hash, axf->hashsize);
axf->Final(hash, &ctx);
/* Verify or inject the authentication data */
if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
crypto_copydata(crp, crp->crp_digest_start, ses->ses_mlen,
hash2);
if (timingsafe_bcmp(hash, hash2, ses->ses_mlen) != 0)
return (EBADMSG);
} else
crypto_copyback(crp, crp->crp_digest_start, ses->ses_mlen,
hash);
return (0);
}
int
glxsb_hash_setup(struct glxsb_session *ses,
const struct crypto_session_params *csp)
{
ses->ses_axf = crypto_auth_hash(csp);
if (csp->csp_auth_mlen == 0)
ses->ses_mlen = ses->ses_axf->hashsize;
else
ses->ses_mlen = csp->csp_auth_mlen;
/* Allocate memory for HMAC inner and outer contexts. */
ses->ses_ictx = malloc(ses->ses_axf->ctxsize, M_GLXSB,
M_ZERO | M_NOWAIT);
ses->ses_octx = malloc(ses->ses_axf->ctxsize, M_GLXSB,
M_ZERO | M_NOWAIT);
if (ses->ses_ictx == NULL || ses->ses_octx == NULL)
return (ENOMEM);
/* Setup key if given. */
if (csp->csp_auth_key != NULL) {
glxsb_hash_key_setup(ses, csp->csp_auth_key,
csp->csp_auth_klen);
}
return (0);
}
int
glxsb_hash_process(struct glxsb_session *ses,
const struct crypto_session_params *csp, struct cryptop *crp)
{
int error;
if (crp->crp_auth_key != NULL)
glxsb_hash_key_setup(ses, crp->crp_auth_key,
csp->csp_auth_klen);
error = glxsb_authcompute(ses, crp);
return (error);
}
void
glxsb_hash_free(struct glxsb_session *ses)
{
if (ses->ses_ictx != NULL) {
bzero(ses->ses_ictx, ses->ses_axf->ctxsize);
free(ses->ses_ictx, M_GLXSB);
ses->ses_ictx = NULL;
}
if (ses->ses_octx != NULL) {
bzero(ses->ses_octx, ses->ses_axf->ctxsize);
free(ses->ses_octx, M_GLXSB);
ses->ses_octx = NULL;
}
}
Reference in New Issue View Git Blame Copy Permalink