Page MenuHomeFreeBSD
Differential D32108

cryptodev: Permit CIOCCRYPT for AEAD ciphers.
ClosedPublic
Actions

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 21, 2:53 PM
Unknown Object (File)
Oct 12 2024, 11:05 AM
Unknown Object (File)
Oct 5 2024, 3:41 AM
Unknown Object (File)
Oct 4 2024, 8:50 AM
Unknown Object (File)
Oct 3 2024, 7:49 AM
Unknown Object (File)
Sep 27 2024, 5:33 PM
Unknown Object (File)
Sep 23 2024, 3:00 PM
Unknown Object (File)
Sep 17 2024, 9:08 PM
View All Files
Subscribers
emaste
imp
jmg

Details

Reviewers
markj
Commits
rGac648e3affe3: cryptodev: Permit CIOCCRYPT for AEAD ciphers.
rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers.
Summary

A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Sep 24 2021, 6:04 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptSep 24 2021, 6:04 PM
jhb requested review of this revision.Sep 24 2021, 6:04 PM
jhb added a parent revision: D32107: cryptodev: Permit explicit IV/nonce and MAC/tag lengths..
jhb added a child revision: D32109: cryptodev: Allow some CIOCCRYPT operations with an empty payload..
Harbormaster completed remote builds in B41709: Diff 95642.Sep 24 2021, 6:05 PM
jhb added a comment.Sep 24 2021, 6:07 PM

This was triggered by cryptotest.py since it uses CIOCCRYPT for requests without AAD and some of the AES-CCM tests use empty AAD.

jhb mentioned this in D32109: cryptodev: Allow some CIOCCRYPT operations with an empty payload..Sep 24 2021, 6:08 PM
jhb added a reviewer: markj.Sep 27 2021, 9:33 PM
markj added a comment.Sep 28 2021, 2:44 PM

crp_sanity() asserts that for AEAD requests the IV must be in a separate buffer, i.e., CRYPTO_F_IV_SEPARATE is set. cryptodev_aead() ensures this, but cryptodev_op() does not.

jhb added a comment.Oct 1 2021, 9:08 PM

Mmm, true. I will add a test that rejects AEAD requests without a separate IV.

jhb updated this revision to Diff 96112.Oct 1 2021, 9:23 PM
  • Reject AEAD requests without an explicit IV.
Harbormaster completed remote builds in B41906: Diff 96112.Oct 1 2021, 9:23 PM
markj accepted this revision.Oct 1 2021, 9:41 PM
This revision is now accepted and ready to land.Oct 1 2021, 9:41 PM
Closed by commit rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers. (authored by jhb). · Explain WhyOct 6 2021, 9:11 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers..
jhb added a commit: rGac648e3affe3: cryptodev: Permit CIOCCRYPT for AEAD ciphers..Oct 21 2021, 10:04 PM

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
7 lines

Diff 96377

View Options

sys/opencrypto/cryptodev.c

Loading...