From nobody Thu Oct 21 22:04:11 2021 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8C3CA1801206; Thu, 21 Oct 2021 22:04:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hb1j72R1dz3tKb; Thu, 21 Oct 2021 22:04:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2B9EC22F9E; Thu, 21 Oct 2021 22:04:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LM4BlK079403; Thu, 21 Oct 2021 22:04:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LM4BAo079402; Thu, 21 Oct 2021 22:04:11 GMT (envelope-from git) Date: Thu, 21 Oct 2021 22:04:11 GMT Message-Id: <202110212204.19LM4BAo079402@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: d1d4ac2dbd70 - stable/13 - cryptosoft, ccr: Use crp_iv directly for AES-CCM and AES-GCM. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d1d4ac2dbd70e6f71be236cec3e9d743e6d54692 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=d1d4ac2dbd70e6f71be236cec3e9d743e6d54692 commit d1d4ac2dbd70e6f71be236cec3e9d743e6d54692 Author: John Baldwin AuthorDate: 2021-10-06 21:08:46 +0000 Commit: John Baldwin CommitDate: 2021-10-21 21:03:45 +0000 cryptosoft, ccr: Use crp_iv directly for AES-CCM and AES-GCM. Rather than copying crp_iv to a local array on the stack that is then passed to xform reinit routines, pass crp_iv directly and remove the local copy. Reviewed by: markj Sponsored by: Chelsio Communications, The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32106 (cherry picked from commit 5ae5ed5b8fd2955378ab67ba127cad8c981678ab) --- sys/dev/cxgbe/crypto/t4_crypto.c | 17 +++++------------ sys/opencrypto/cryptosoft.c | 18 +++++------------- 2 files changed, 10 insertions(+), 25 deletions(-) diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c index 9d410da6e030..33c03c3903e5 100644 --- a/sys/dev/cxgbe/crypto/t4_crypto.c +++ b/sys/dev/cxgbe/crypto/t4_crypto.c @@ -1391,7 +1391,6 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp) void *auth_ctx, *kschedule; char block[GMAC_BLOCK_LEN]; char digest[GMAC_DIGEST_LEN]; - char iv[AES_BLOCK_LEN]; int error, i, len; auth_ctx = NULL; @@ -1436,10 +1435,8 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp) error = EINVAL; goto out; } - crypto_read_iv(crp, iv); - *(uint32_t *)&iv[12] = htobe32(1); - axf->Reinit(auth_ctx, iv, sizeof(iv)); + axf->Reinit(auth_ctx, crp->crp_iv, AES_GCM_IV_LEN); /* MAC the AAD. */ if (crp->crp_aad != NULL) { @@ -1462,7 +1459,7 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp) } } - exf->reinit(kschedule, iv, sizeof(iv)); + exf->reinit(kschedule, crp->crp_iv, AES_GCM_IV_LEN); /* Do encryption with MAC */ for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) { @@ -1522,7 +1519,6 @@ out: zfree(kschedule, M_CCR); zfree(auth_ctx, M_CCR); explicit_bzero(block, sizeof(block)); - explicit_bzero(iv, sizeof(iv)); explicit_bzero(digest, sizeof(digest)); crp->crp_etype = error; crypto_done(crp); @@ -1878,7 +1874,6 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp) void *kschedule; char block[CCM_CBC_BLOCK_LEN]; char digest[AES_CBC_MAC_HASH_LEN]; - char iv[AES_CCM_IV_LEN]; int error, i, len; auth_ctx = NULL; @@ -1923,11 +1918,10 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp) error = EINVAL; goto out; } - crypto_read_iv(crp, iv); auth_ctx->aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; auth_ctx->aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; - axf->Reinit(auth_ctx, iv, sizeof(iv)); + axf->Reinit(auth_ctx, crp->crp_iv, AES_CCM_IV_LEN); /* MAC the AAD. */ if (crp->crp_aad != NULL) @@ -1939,7 +1933,7 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp) if (error) goto out; - exf->reinit(kschedule, iv, sizeof(iv)); + exf->reinit(kschedule, crp->crp_iv, AES_CCM_IV_LEN); /* Do encryption/decryption with MAC */ for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) { @@ -1974,7 +1968,7 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp) error = 0; /* Tag matches, decrypt data. */ - exf->reinit(kschedule, iv, sizeof(iv)); + exf->reinit(kschedule, crp->crp_iv, AES_CCM_IV_LEN); for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) { len = imin(crp->crp_payload_length - i, @@ -1995,7 +1989,6 @@ out: zfree(kschedule, M_CCR); zfree(auth_ctx, M_CCR); explicit_bzero(block, sizeof(block)); - explicit_bzero(iv, sizeof(iv)); explicit_bzero(digest, sizeof(digest)); crp->crp_etype = error; crypto_done(crp); diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index a85d7d6d3b7b..77df37420bf5 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -463,7 +463,6 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp) uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))]; u_char *blk = (u_char *)blkbuf; u_char tag[GMAC_DIGEST_LEN]; - u_char iv[AES_BLOCK_LEN]; struct crypto_buffer_cursor cc_in, cc_out; const u_char *inblk; u_char *outblk; @@ -492,12 +491,10 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp) if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) return (EINVAL); - /* Initialize the IV */ ivlen = AES_GCM_IV_LEN; - bcopy(crp->crp_iv, iv, ivlen); /* Supply MAC with IV */ - axf->Reinit(&ctx, iv, ivlen); + axf->Reinit(&ctx, crp->crp_iv, ivlen); /* Supply MAC with AAD */ if (crp->crp_aad != NULL) { @@ -536,7 +533,7 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp) if (crp->crp_cipher_key != NULL) exf->setkey(swe->sw_kschedule, crp->crp_cipher_key, crypto_get_params(crp->crp_session)->csp_cipher_klen); - exf->reinit(swe->sw_kschedule, iv, ivlen); + exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen); /* Do encryption with MAC */ crypto_cursor_init(&cc_in, &crp->crp_buf); @@ -635,7 +632,6 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp) out: explicit_bzero(blkbuf, sizeof(blkbuf)); explicit_bzero(tag, sizeof(tag)); - explicit_bzero(iv, sizeof(iv)); return (error); } @@ -701,7 +697,6 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp) uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))]; u_char *blk = (u_char *)blkbuf; u_char tag[AES_CBC_MAC_HASH_LEN]; - u_char iv[AES_BLOCK_LEN]; struct crypto_buffer_cursor cc_in, cc_out; const u_char *inblk; u_char *outblk; @@ -729,9 +724,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp) if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) return (EINVAL); - /* Initialize the IV */ ivlen = AES_CCM_IV_LEN; - bcopy(crp->crp_iv, iv, ivlen); /* * AES CCM-CBC-MAC needs to know the length of both the auth @@ -741,7 +734,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp) ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length; /* Supply MAC with IV */ - axf->Reinit(&ctx, iv, ivlen); + axf->Reinit(&ctx, crp->crp_iv, ivlen); /* Supply MAC with AAD */ if (crp->crp_aad != NULL) @@ -755,7 +748,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp) if (crp->crp_cipher_key != NULL) exf->setkey(swe->sw_kschedule, crp->crp_cipher_key, crypto_get_params(crp->crp_session)->csp_cipher_klen); - exf->reinit(swe->sw_kschedule, iv, ivlen); + exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen); /* Do encryption/decryption with MAC */ crypto_cursor_init(&cc_in, &crp->crp_buf); @@ -826,7 +819,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp) } /* tag matches, decrypt data */ - exf->reinit(swe->sw_kschedule, iv, ivlen); + exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen); crypto_cursor_init(&cc_in, &crp->crp_buf); crypto_cursor_advance(&cc_in, crp->crp_payload_start); for (resid = crp->crp_payload_length; resid > blksz; @@ -859,7 +852,6 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp) out: explicit_bzero(blkbuf, sizeof(blkbuf)); explicit_bzero(tag, sizeof(tag)); - explicit_bzero(iv, sizeof(iv)); return (error); }