freebsd-nq/sys/opencrypto
Sean Eric Fagan f42230d856 Fix another bug introduced during the review process of r344140:
the tag wasn't being computed properly due to chaning a >= comparison
to an == comparison.

Specifically:  CBC-MAC encodes the length of the authorization data
into the the stream to be encrypted/hashed.  For short data, this is
two bytes (big-endian 16 bit value); for larger data, it's 6 bytes
(a prefix of 0xff, 0xfe, followed by a 32-bit big-endian length).  And
there's a larger size, which is 10 bytes.  These extra bytes weren't
being accounted for with the post-review code.  The other bit that then came
into play was that OCF only calls the Update code with blksiz=16, which
meant that I had to ignore the length variable.  (It also means that it
can't be called with a single buffer containing the AAD and payload;
however, OCF doesn't do this for the software-only algorithsm.)

I tested with this script:

ALG=aes-ccm
DEV=soft

for aad in 0 1 2 3 4 14 16 24 30 32 34 36 1020
do
        for dln in 16 32 1024 2048 10240
        do
                echo "Testing AAD length ${aad} data length ${dln}"
                /root/cryptocheck -A ${aad} -a ${ALG} -d ${DEV} ${dln}
        done
done

Reviewed by:	cem
Sponsored by:	iXsystems Inc.
2019-02-25 19:14:16 +00:00
..
_cryptodev.h OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
cast.c
cast.h
castsb.h
cbc_mac.c Fix another bug introduced during the review process of r344140: 2019-02-25 19:14:16 +00:00
cbc_mac.h Add CBC-MAC authentication. 2019-02-15 03:46:39 +00:00
criov.c Generalize AES iov optimization 2018-12-13 04:40:53 +00:00
crypto.c Make timespecadd(3) and friends public 2018-07-30 15:46:40 +00:00
cryptodeflate.c
cryptodev_if.m OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
cryptodev.c Add AES-CCM encryption, and plumb into OCF. 2019-02-15 03:53:03 +00:00
cryptodev.h Add AES-CCM encryption, and plumb into OCF. 2019-02-15 03:53:03 +00:00
cryptosoft.c Add AES-CCM encryption, and plumb into OCF. 2019-02-15 03:53:03 +00:00
cryptosoft.h Add per-session locking to cryptosoft (swcr). 2018-09-26 20:23:12 +00:00
deflate.h
gfmult.c
gfmult.h
gmac.c
gmac.h
rmd160.c
rmd160.h
skipjack.c
skipjack.h
xform_aes_icm.c Add AES-CCM encryption, and plumb into OCF. 2019-02-15 03:53:03 +00:00
xform_aes_xts.c
xform_auth.h Add AES-CCM encryption, and plumb into OCF. 2019-02-15 03:53:03 +00:00
xform_blf.c
xform_cast5.c
xform_cbc_mac.c Add CBC-MAC authentication. 2019-02-15 03:46:39 +00:00
xform_cml.c
xform_comp.h
xform_deflate.c
xform_des1.c
xform_des3.c
xform_enc.h Add AES-CCM encryption, and plumb into OCF. 2019-02-15 03:53:03 +00:00
xform_gmac.c
xform_md5.c Remove "HMAC" from <HASH>_HMAC_BLOCK_LEN macro names 2018-07-09 07:21:37 +00:00
xform_null.c opencrypto: Use C99 initializers for auth_hash instances 2017-09-26 17:52:52 +00:00
xform_poly1305.c Add xform-conforming auth_hash wrapper for Poly-1305 2018-08-17 00:30:04 +00:00
xform_poly1305.h Add xform-conforming auth_hash wrapper for Poly-1305 2018-08-17 00:30:04 +00:00
xform_rijndael.c
xform_rmd160.c Remove "HMAC" from <HASH>_HMAC_BLOCK_LEN macro names 2018-07-09 07:21:37 +00:00
xform_sha1.c OCF: Add plain hash modes 2018-07-09 07:28:13 +00:00
xform_sha2.c OCF: Add plain hash modes 2018-07-09 07:28:13 +00:00
xform_skipjack.c
xform_userland.h We don't need both _STAND and _STANDALONE. There's more places that 2017-12-02 00:07:09 +00:00
xform.c
xform.h