Support AEAD requests with non-GCM algorithms.
In particular, support chaining an AES cipher with an HMAC for a request including AAD. This permits submitting requests from userland to encrypt objects like IPSec packets using these algorithms. In the non-GCM case, the authentication crypto descriptor covers both the AAD and the ciphertext. The GCM case remains unchanged. This matches the requests created internally in IPSec. For the non-GCM case, the COP_F_CIPHER_FIRST is also supported since the ordering matters. Note that while this can be used to simulate IPSec requests from userland, this ioctl cannot currently be used to perform TLS requests using AES-CBC and MAC-before-encrypt. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D11759
This commit is contained in:
parent
bee88d82bb
commit
3c2af9be8d
@ -917,8 +917,13 @@ cryptodev_aead(
|
||||
goto bail;
|
||||
}
|
||||
|
||||
crda = crp->crp_desc;
|
||||
crde = crda->crd_next;
|
||||
if (caead->flags & COP_F_CIPHER_FIRST) {
|
||||
crde = crp->crp_desc;
|
||||
crda = crde->crd_next;
|
||||
} else {
|
||||
crda = crp->crp_desc;
|
||||
crde = crda->crd_next;
|
||||
}
|
||||
|
||||
if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base,
|
||||
caead->aadlen)))
|
||||
@ -928,8 +933,16 @@ cryptodev_aead(
|
||||
caead->aadlen, caead->len)))
|
||||
goto bail;
|
||||
|
||||
/*
|
||||
* For GCM, crd_len covers only the AAD. For other ciphers
|
||||
* chained with an HMAC, crd_len covers both the AAD and the
|
||||
* cipher text.
|
||||
*/
|
||||
crda->crd_skip = 0;
|
||||
crda->crd_len = caead->aadlen;
|
||||
if (cse->cipher == CRYPTO_AES_NIST_GCM_16)
|
||||
crda->crd_len = caead->aadlen;
|
||||
else
|
||||
crda->crd_len = caead->aadlen + caead->len;
|
||||
crda->crd_inject = caead->aadlen + caead->len;
|
||||
|
||||
crda->crd_alg = cse->mac;
|
||||
|
Loading…
Reference in New Issue
Block a user