Page MenuHomeFreeBSD
Files F115797526

D32107.id95641.diff
No OneTemporary
Actions

D32107.id95641.diff
View Options

Index: share/man/man4/crypto.4
===================================================================
--- share/man/man4/crypto.4
+++ share/man/man4/crypto.4
@@ -1,13 +1,16 @@
.\" $NetBSD: crypto.4,v 1.24 2014/01/27 21:23:59 pgoyette Exp $
.\"
.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
-.\" Copyright (c) 2014 The FreeBSD Foundation
+.\" Copyright (c) 2014-2021 The FreeBSD Foundation
.\" All rights reserved.
.\"
.\" Portions of this documentation were written by John-Mark Gurney
.\" under sponsorship of the FreeBSD Foundation and
.\" Rubicon Communications, LLC (Netgate).
.\"
+.\" Portions of this documentation were written by Ararat River
+.\" Consulting, LLC under sponsorship of the FreeBSD Foundation.
+.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Coyote Point Systems, Inc.
.\"
@@ -251,14 +254,27 @@
uint32_t ses; /* returns: ses # */
int crid; /* driver id + flags (rw) */
- int pad[4]; /* for future expansion */
+ int ivlen; /* length of nonce/IV */
+ int maclen; /* length of MAC/tag */
+ int pad[2]; /* for future expansion */
};
.Ed
-This request is similar to CIOGSESSION except that
+This request is similar to CIOGSESSION but adds additional fields.
+.Pp
.Fa sessp-\*[Gt]crid
requests either a specific crypto device or a class of devices (software vs
hardware).
+.Pp
+.Fa sessp-\*[Gt]ivlen
+specifies the length of the IV or nonce supplied with each request.
+If this field is set to zero, the default IV or nonce length is used.
+.Pp
+.Fa sessp-\*[Gt]maclen
+specifies the length of the MAC or authentication tag supplied or computed by
+each request.
+If this field is set to zero, the full MAC is used.
+.Pp
The
.Fa sessp-\*[Gt]pad
field must be initialized to zero.
Index: sys/opencrypto/cryptodev.h
===================================================================
--- sys/opencrypto/cryptodev.h
+++ sys/opencrypto/cryptodev.h
@@ -23,13 +23,16 @@
* PURPOSE.
*
* Copyright (c) 2001 Theo de Raadt
- * Copyright (c) 2014 The FreeBSD Foundation
+ * Copyright (c) 2014-2021 The FreeBSD Foundation
* All rights reserved.
*
* Portions of this software were developed by John-Mark Gurney
* under sponsorship of the FreeBSD Foundation and
* Rubicon Communications, LLC (Netgate).
*
+ * Portions of this software were developed by Ararat River
+ * Consulting, LLC under sponsorship of the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -241,7 +244,9 @@
uint32_t ses; /* returns: session # */
int crid; /* driver id + flags (rw) */
- int pad[4]; /* for future expansion */
+ int ivlen; /* length of nonce/IV */
+ int maclen; /* length of MAC/tag */
+ int pad[2]; /* for future expansion */
};
struct crypt_op {
Index: sys/opencrypto/cryptodev.c
===================================================================
--- sys/opencrypto/cryptodev.c
+++ sys/opencrypto/cryptodev.c
@@ -103,7 +103,9 @@
uint32_t mackey;
uint32_t ses;
int crid;
- int pad[4];
+ int ivlen;
+ int maclen;
+ int pad[2];
};
struct crypt_op32 {
@@ -156,6 +158,8 @@
session_op_from_32((const struct session_op32 *)from, to);
CP(*from, *to, crid);
+ CP(*from, *to, ivlen);
+ CP(*from, *to, maclen);
}
static void
@@ -591,12 +595,33 @@
csp.csp_auth_key = mackey;
}
+ csp.csp_auth_mlen = sop->maclen;
+
if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC)
csp.csp_ivlen = AES_GCM_IV_LEN;
if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC)
csp.csp_ivlen = AES_CCM_IV_LEN;
}
+ if (sop->ivlen != 0) {
+ if (csp.csp_ivlen == 0) {
+ CRYPTDEB("does not support an IV");
+ error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ goto bail;
+ }
+ csp.csp_ivlen = sop->ivlen;
+ }
+ if (sop->maclen != 0) {
+ if (!(thash != NULL || csp.csp_mode == CSP_MODE_AEAD)) {
+ CRYPTDEB("does not support a MAC");
+ error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ goto bail;
+ }
+ csp.csp_auth_mlen = sop->maclen;
+ }
+
crid = sop->crid;
error = checkforsoftware(&crid);
if (error) {
@@ -618,7 +643,9 @@
cse->mackey = mackey;
cse->cses = cses;
cse->txform = txform;
- if (thash != NULL)
+ if (sop->maclen != 0)
+ cse->hashsize = sop->maclen;
+ else if (thash != NULL)
cse->hashsize = thash->hashsize;
else if (csp.csp_cipher_alg == CRYPTO_AES_NIST_GCM_16)
cse->hashsize = AES_GMAC_HASH_LEN;

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 29, 7:32 PM (15 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17845128
Default Alt Text
D32107.id95641.diff (4 KB)

Event Timeline