d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/opencrypto
History
John Baldwin cc05c7d256 Support AEAD requests with non-GCM algorithms. 
In particular, support chaining an AES cipher with an HMAC for a request
including AAD.  This permits submitting requests from userland to encrypt
objects like IPSec packets using these algorithms.

In the non-GCM case, the authentication crypto descriptor covers both the
AAD and the ciphertext.  The GCM case remains unchanged.  This matches
the requests created internally in IPSec.  For the non-GCM case, the
COP_F_CIPHER_FIRST is also supported since the ordering matters.

Note that while this can be used to simulate IPSec requests from userland,
this ioctl cannot currently be used to perform TLS requests using AES-CBC
and MAC-before-encrypt.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11759
2017-09-22 00:34:46 +00:00
..
cast.c
cast.h
castsb.h
criov.c
Use const with some read-only buffers in opencrypto APIs.
2017-05-09 18:28:42 +00:00
crypto.c
remove machine/metadata.h from sys/opencrypto/crypto.c
2017-04-04 04:01:02 +00:00
cryptodeflate.c
cryptodev_if.m
cryptodev.c
Support AEAD requests with non-GCM algorithms.
2017-09-22 00:34:46 +00:00
cryptodev.h
Add a new COP_F_CIPHER_FIRST flag for struct crypt_op.
2017-09-22 00:21:58 +00:00
cryptosoft.c
Don't leak a session and lock if a GMAC key has an invalid length.
2017-04-05 01:46:41 +00:00
cryptosoft.h
deflate.h
gfmult.c
gfmult.h
gmac.c
gmac.h
rmd160.c
rmd160.h
skipjack.c
skipjack.h
xform_aes_icm.c
xform_aes_xts.c
xform_auth.h
xform_blf.c
xform_cast5.c
xform_cml.c
xform_comp.h
xform_deflate.c
xform_des1.c
xform_des3.c
xform_enc.h
xform_gmac.c
xform_md5.c
xform_null.c
xform_rijndael.c
xform_rmd160.c
xform_sha1.c
xform_sha2.c
xform_skipjack.c
xform_userland.h
xform.c
xform.h