git: 048a71b46e81 - main - ossl: Add support for ETA mode
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 06 Nov 2021 08:11:28 UTC
The branch main has been updated by wma:
URL: https://cgit.FreeBSD.org/src/commit/?id=048a71b46e816de8fb95b553a8ad0e98c0d51e12
commit 048a71b46e816de8fb95b553a8ad0e98c0d51e12
Author: Kornel Duleba <mindal@semihalf.com>
AuthorDate: 2021-11-02 11:57:20 +0000
Commit: Wojciech Macek <wma@FreeBSD.org>
CommitDate: 2021-11-06 08:08:44 +0000
ossl: Add support for ETA mode
Now that the AES-CBC is supported we can handle ETA requests.
Sponsored by: Stormshield
Obtained from: Semihalf
Reviewed by: jhb(previous version)
Differential revision: https://reviews.freebsd.org/D32100
---
sys/crypto/openssl/ossl.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/sys/crypto/openssl/ossl.c b/sys/crypto/openssl/ossl.c
index f46b5a966bb1..f41ff09c371d 100644
--- a/sys/crypto/openssl/ossl.c
+++ b/sys/crypto/openssl/ossl.c
@@ -172,6 +172,13 @@ ossl_probesession(device_t dev, const struct crypto_session_params *csp)
if (ossl_lookup_cipher(csp) == NULL)
return (EINVAL);
break;
+ case CSP_MODE_ETA:
+ if (!sc->has_aes ||
+ csp->csp_cipher_alg == CRYPTO_CHACHA20 ||
+ ossl_lookup_hash(csp) == NULL ||
+ ossl_lookup_cipher(csp) == NULL)
+ return (EINVAL);
+ break;
case CSP_MODE_AEAD:
switch (csp->csp_cipher_alg) {
case CRYPTO_CHACHA20_POLY1305:
@@ -268,6 +275,10 @@ ossl_newsession(device_t dev, crypto_session_t cses,
case CSP_MODE_CIPHER:
error = ossl_newsession_cipher(s, csp);
break;
+ case CSP_MODE_ETA:
+ ossl_newsession_hash(s, csp);
+ error = ossl_newsession_cipher(s, csp);
+ break;
}
return (error);
@@ -341,6 +352,25 @@ out:
return (error);
}
+static int
+ossl_process_eta(struct ossl_session *s, struct cryptop *crp,
+ const struct crypto_session_params *csp)
+{
+ int error;
+
+ if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
+ error = s->cipher.cipher->process(&s->cipher, crp, csp);
+ if (error == 0)
+ error = ossl_process_hash(s, crp, csp);
+ } else {
+ error = ossl_process_hash(s, crp, csp);
+ if (error == 0)
+ error = s->cipher.cipher->process(&s->cipher, crp, csp);
+ }
+
+ return (error);
+}
+
static int
ossl_process(device_t dev, struct cryptop *crp, int hint)
{
@@ -366,6 +396,9 @@ ossl_process(device_t dev, struct cryptop *crp, int hint)
case CSP_MODE_CIPHER:
error = s->cipher.cipher->process(&s->cipher, crp, csp);
break;
+ case CSP_MODE_ETA:
+ error = ossl_process_eta(s, crp, csp);
+ break;
case CSP_MODE_AEAD:
if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
error = ossl_chacha20_poly1305_encrypt(crp, csp);