crypto: Refactor software support for AEAD ciphers.
ClosedPublic
Actions

Authored by jhb on Nov 30 2021, 5:18 PM.

Details

Reviewers

markj

Commits

rGab91fb6c2155: crypto: Refactor software support for AEAD ciphers.

Summary

Extend struct enc_xform to add new members to handle auth operations
for AEAD ciphers. In particular, AEAD operations in cryptosoft no
longer use a struct auth_hash. Instead, the setkey and reinit methods
of struct enc_xform are responsible for initializing both the cipher
and auth state.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Nov 30 2021, 5:18 PM

Herald added subscribers: jmg, imp. · View Herald TranscriptNov 30 2021, 5:18 PM

jhb requested review of this revision.Nov 30 2021, 5:18 PM

Harbormaster completed remote builds in B43060: Diff 99249.Nov 30 2021, 5:18 PM

jhb added a parent revision: D33195: cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths..Nov 30 2021, 5:18 PM

jhb added a child revision: D33197: cryptosoft: Rename sw_kschedule member to sw_ctx..

markj accepted this revision.Dec 3 2021, 2:55 PM

This revision is now accepted and ready to land.Dec 3 2021, 2:55 PM

jhb added inline comments.Dec 4 2021, 12:50 AM

sys/opencrypto/xform_aes_icm.c
129	So this was a bug (I forgot to change this to `aes_ccm_setkey`) that the compiler warned about (unused function). I had used '-d soft' instead of '-d cryptosoft0' when testing and `device aesni` in GENERIC meant I was testing aesni originally. When I retested in a VM to make sure this broke, I actually killed bhyve as the uninitialized AES_CBC_MAC state caused a wild pointer passed to a `xor` instruction to trigger an EPT page fault (maybe it was to an MMIO region?) and bhyve died with an abort trap. Fun times.