git: 5022c68732e6 - main - cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 11 Jan 2022 22:38:16 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=5022c68732e6afadf39bca3fe3e65ddc44410e84
commit 5022c68732e6afadf39bca3fe3e65ddc44410e84
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-01-11 22:21:31 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-01-11 22:21:31 +0000
cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33758
---
sys/opencrypto/cryptosoft.c | 132 ++++++++++++++++++++++++++++++--------------
1 file changed, 92 insertions(+), 40 deletions(-)
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index 93b2c76cde4e..4d0f7d8718cc 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -974,12 +974,12 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp)
struct crypto_buffer_cursor cc_in, cc_out;
const u_char *inblk;
u_char *outblk;
+ size_t inlen, outlen, todo;
uint64_t *blkp;
const struct swcr_auth *swa;
const struct swcr_encdec *swe;
const struct enc_xform *exf;
void *ctx;
- size_t len;
int blksz, error, r, resid;
swa = &ses->swcr_auth;
@@ -1017,45 +1017,71 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp)
/* Do encryption with MAC */
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_payload_start);
+ inblk = crypto_cursor_segment(&cc_in, &inlen);
if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) {
crypto_cursor_init(&cc_out, &crp->crp_obuf);
crypto_cursor_advance(&cc_out, crp->crp_payload_output_start);
} else
cc_out = cc_in;
- for (resid = crp->crp_payload_length; resid >= blksz; resid -= blksz) {
- inblk = crypto_cursor_segment(&cc_in, &len);
- if (len < blksz) {
- crypto_cursor_copydata(&cc_in, blksz, blk);
- inblk = blk;
- } else
- crypto_cursor_advance(&cc_in, blksz);
- if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
- outblk = crypto_cursor_segment(&cc_out, &len);
- if (len < blksz)
+ outblk = crypto_cursor_segment(&cc_out, &outlen);
+
+ if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
+ for (resid = crp->crp_payload_length; resid >= blksz;
+ resid -= todo) {
+ if (inlen < blksz) {
+ crypto_cursor_copydata(&cc_in, blksz, blk);
+ inblk = blk;
+ inlen = blksz;
+ }
+
+ if (outlen < blksz) {
outblk = blk;
- exf->encrypt(ctx, inblk, outblk);
- exf->update(ctx, outblk, blksz);
- if (outblk == blk)
+ outlen = blksz;
+ }
+
+ todo = rounddown2(MIN(resid, MIN(inlen, outlen)),
+ blksz);
+
+ exf->encrypt_multi(ctx, inblk, outblk, todo);
+ exf->update(ctx, outblk, todo);
+
+ if (inblk == blk) {
+ inblk = crypto_cursor_segment(&cc_in, &inlen);
+ } else {
+ crypto_cursor_advance(&cc_in, todo);
+ inlen -= todo;
+ inblk += todo;
+ if (inlen == 0)
+ inblk = crypto_cursor_segment(&cc_in,
+ &inlen);
+ }
+
+ if (outblk == blk) {
crypto_cursor_copyback(&cc_out, blksz, blk);
- else
- crypto_cursor_advance(&cc_out, blksz);
- } else {
- exf->update(ctx, inblk, blksz);
+ outblk = crypto_cursor_segment(&cc_out, &outlen);
+ } else {
+ crypto_cursor_advance(&cc_out, todo);
+ outlen -= todo;
+ outblk += todo;
+ if (outlen == 0)
+ outblk = crypto_cursor_segment(&cc_out,
+ &outlen);
+ }
}
- }
- if (resid > 0) {
- crypto_cursor_copydata(&cc_in, resid, blk);
- if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
+ if (resid > 0) {
+ crypto_cursor_copydata(&cc_in, resid, blk);
exf->encrypt_last(ctx, blk, blk, resid);
crypto_cursor_copyback(&cc_out, resid, blk);
+ exf->update(ctx, blk, resid);
}
- exf->update(ctx, blk, resid);
- if (resid % POLY1305_BLOCK_LEN != 0) {
- /* padding2 */
- memset(blk, 0, POLY1305_BLOCK_LEN);
- exf->update(ctx, blk, POLY1305_BLOCK_LEN -
- resid % POLY1305_BLOCK_LEN);
- }
+ } else
+ crypto_apply(crp, crp->crp_payload_start,
+ crp->crp_payload_length, exf->update, ctx);
+ if (crp->crp_payload_length % POLY1305_BLOCK_LEN != 0) {
+ /* padding2 */
+ memset(blk, 0, POLY1305_BLOCK_LEN);
+ exf->update(ctx, blk, POLY1305_BLOCK_LEN -
+ crp->crp_payload_length % POLY1305_BLOCK_LEN);
}
/* lengths */
@@ -1081,22 +1107,48 @@ swcr_chacha20_poly1305(const struct swcr_session *ses, struct cryptop *crp)
/* tag matches, decrypt data */
crypto_cursor_init(&cc_in, &crp->crp_buf);
crypto_cursor_advance(&cc_in, crp->crp_payload_start);
+ inblk = crypto_cursor_segment(&cc_in, &inlen);
+
for (resid = crp->crp_payload_length; resid > blksz;
- resid -= blksz) {
- inblk = crypto_cursor_segment(&cc_in, &len);
- if (len < blksz) {
+ resid -= todo) {
+ if (inlen < blksz) {
crypto_cursor_copydata(&cc_in, blksz, blk);
inblk = blk;
- } else
- crypto_cursor_advance(&cc_in, blksz);
- outblk = crypto_cursor_segment(&cc_out, &len);
- if (len < blksz)
+ inlen = blksz;
+ }
+ if (outlen < blksz) {
outblk = blk;
- exf->decrypt(ctx, inblk, outblk);
- if (outblk == blk)
+ outlen = blksz;
+ }
+
+ todo = rounddown2(MIN(resid, MIN(inlen, outlen)),
+ blksz);
+
+ exf->decrypt_multi(ctx, inblk, outblk, todo);
+
+ if (inblk == blk) {
+ inblk = crypto_cursor_segment(&cc_in, &inlen);
+ } else {
+ crypto_cursor_advance(&cc_in, todo);
+ inlen -= todo;
+ inblk += todo;
+ if (inlen == 0)
+ inblk = crypto_cursor_segment(&cc_in,
+ &inlen);
+ }
+
+ if (outblk == blk) {
crypto_cursor_copyback(&cc_out, blksz, blk);
- else
- crypto_cursor_advance(&cc_out, blksz);
+ outblk = crypto_cursor_segment(&cc_out,
+ &outlen);
+ } else {
+ crypto_cursor_advance(&cc_out, todo);
+ outlen -= todo;
+ outblk += todo;
+ if (outlen == 0)
+ outblk = crypto_cursor_segment(&cc_out,
+ &outlen);
+ }
}
if (resid > 0) {
crypto_cursor_copydata(&cc_in, resid, blk);