From 604b021795f78913ba972a7c13d203cbf91a6e93 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Mon, 22 Jun 2020 23:22:13 +0000 Subject: [PATCH] Add support for requests with separate AAD to aesni(4). Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25289 --- sys/crypto/aesni/aesni.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c index eb41babefdd1..376487edf39a 100644 --- a/sys/crypto/aesni/aesni.c +++ b/sys/crypto/aesni/aesni.c @@ -254,7 +254,8 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp) struct aesni_softc *sc; sc = device_get_softc(dev); - if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT)) != 0) + if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != + 0) return (EINVAL); switch (csp->csp_mode) { case CSP_MODE_DIGEST: @@ -697,8 +698,11 @@ aesni_cipher_crypt(struct aesni_session *ses, struct cryptop *crp, authbuf = NULL; if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16 || csp->csp_cipher_alg == CRYPTO_AES_CCM_16) { - authbuf = aesni_cipher_alloc(crp, crp->crp_aad_start, - crp->crp_aad_length, &authallocated); + if (crp->crp_aad != NULL) + authbuf = crp->crp_aad; + else + authbuf = aesni_cipher_alloc(crp, crp->crp_aad_start, + crp->crp_aad_length, &authallocated); if (authbuf == NULL) { error = ENOMEM; goto out; @@ -850,8 +854,12 @@ aesni_cipher_mac(struct aesni_session *ses, struct cryptop *crp, hmac_key[i] = 0 ^ HMAC_IPAD_VAL; ses->hash_update(&sctx, hmac_key, sizeof(hmac_key)); - crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, - ses->hash_update, &sctx); + if (crp->crp_aad != NULL) + ses->hash_update(&sctx, crp->crp_aad, + crp->crp_aad_length); + else + crypto_apply(crp, crp->crp_aad_start, + crp->crp_aad_length, ses->hash_update, &sctx); if (CRYPTO_HAS_OUTPUT_BUFFER(crp) && CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) crypto_apply_buf(&crp->crp_obuf, @@ -876,8 +884,12 @@ aesni_cipher_mac(struct aesni_session *ses, struct cryptop *crp, } else { ses->hash_init(&sctx); - crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length, - ses->hash_update, &sctx); + if (crp->crp_aad != NULL) + ses->hash_update(&sctx, crp->crp_aad, + crp->crp_aad_length); + else + crypto_apply(crp, crp->crp_aad_start, + crp->crp_aad_length, ses->hash_update, &sctx); if (CRYPTO_HAS_OUTPUT_BUFFER(crp) && CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) crypto_apply_buf(&crp->crp_obuf,