Page MenuHomeFreeBSD

crypto: Refactor software support for AEAD ciphers.
ClosedPublic

Authored by jhb on Nov 30 2021, 5:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 6:41 PM
Unknown Object (File)
Thu, Nov 7, 2:11 PM
Unknown Object (File)
Mon, Oct 21, 11:30 PM
Unknown Object (File)
Mon, Oct 21, 9:08 AM
Unknown Object (File)
Sep 27 2024, 6:28 AM
Unknown Object (File)
Sep 19 2024, 3:09 AM
Unknown Object (File)
Sep 18 2024, 12:41 PM
Unknown Object (File)
Sep 17 2024, 7:50 PM
Subscribers

Details

Summary

Extend struct enc_xform to add new members to handle auth operations
for AEAD ciphers. In particular, AEAD operations in cryptosoft no
longer use a struct auth_hash. Instead, the setkey and reinit methods
of struct enc_xform are responsible for initializing both the cipher
and auth state.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 43060
Build 39948: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Nov 30 2021, 5:18 PM
This revision is now accepted and ready to land.Dec 3 2021, 2:55 PM
sys/opencrypto/xform_aes_icm.c
129

So this was a bug (I forgot to change this to aes_ccm_setkey) that the compiler warned about (unused function).

I had used '-d soft' instead of '-d cryptosoft0' when testing and device aesni in GENERIC meant I was testing aesni originally.

When I retested in a VM to make sure this broke, I actually killed bhyve as the uninitialized AES_CBC_MAC state caused a wild pointer passed to a xor instruction to trigger an EPT page fault (maybe it was to an MMIO region?) and bhyve died with an abort trap. Fun times.