git: cfa1d2c9b987 - stable/13 - safexcel: Support multiple nonce lengths for AES-CCM.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 21 Oct 2021 22:04:24 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=cfa1d2c9b9876bc97322cd4e68bf10fbd0b0b6d4
commit cfa1d2c9b9876bc97322cd4e68bf10fbd0b0b6d4
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-10-06 21:08:48 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-10-21 21:17:14 +0000
safexcel: Support multiple nonce lengths for AES-CCM.
Reviewed by: markj
Sponsored by: Chelsio Communications, The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32118
(cherry picked from commit 2ec2e4df094ba632e5e74268a8818f71903a4537)
---
sys/dev/safexcel/safexcel.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/sys/dev/safexcel/safexcel.c b/sys/dev/safexcel/safexcel.c
index 71300dcb0393..9a9b0ab0cb74 100644
--- a/sys/dev/safexcel/safexcel.c
+++ b/sys/dev/safexcel/safexcel.c
@@ -2,6 +2,10 @@
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2020, 2021 Rubicon Communications, LLC (Netgate)
+ * Copyright (c) 2021 The FreeBSD Foundation
+ *
+ * Portions of this software were developed by Ararat River
+ * Consulting, LLC under sponsorship of the FreeBSD Foundation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1689,12 +1693,14 @@ static void
safexcel_instr_ccm(struct safexcel_request *req, struct safexcel_instr *instr,
struct safexcel_cmd_descr *cdesc)
{
+ const struct crypto_session_params *csp;
struct cryptop *crp;
struct safexcel_instr *start;
uint8_t *a0, *b0, *alenp, L;
int aalign, blen;
crp = req->crp;
+ csp = crypto_get_params(crp->crp_session);
start = instr;
/*
@@ -1703,17 +1709,17 @@ safexcel_instr_ccm(struct safexcel_request *req, struct safexcel_instr *instr,
* descriptor, and B0 is inserted directly into the data stream using
* instructions below.
*
- * OCF seems to assume a 12-byte IV, fixing L (the payload length size)
- * at 3 bytes due to the layout of B0. This is fine since the driver
- * has a maximum of 65535 bytes anyway.
+ * An explicit check for overflow of the length field is not
+ * needed since the maximum driver size of 65535 bytes fits in
+ * the smallest length field used for a 13-byte nonce.
*/
blen = AES_BLOCK_LEN;
- L = 3;
+ L = 15 - csp->csp_ivlen;
a0 = (uint8_t *)&cdesc->control_data.token[0];
memset(a0, 0, blen);
a0[0] = L - 1;
- memcpy(&a0[1], req->iv, AES_CCM_IV_LEN);
+ memcpy(&a0[1], req->iv, csp->csp_ivlen);
/*
* Insert B0 and the AAD length into the input stream.
@@ -1731,7 +1737,7 @@ safexcel_instr_ccm(struct safexcel_request *req, struct safexcel_instr *instr,
(L - 1) | /* payload length size */
((CCM_CBC_MAX_DIGEST_LEN - 2) / 2) << 3 /* digest length */ |
(crp->crp_aad_length > 0 ? 1 : 0) << 6 /* AAD present bit */;
- memcpy(&b0[1], req->iv, AES_CCM_IV_LEN);
+ memcpy(&b0[1], req->iv, csp->csp_ivlen);
b0[14] = crp->crp_payload_length >> 8;
b0[15] = crp->crp_payload_length & 0xff;
instr += blen / sizeof(*instr);
@@ -2308,7 +2314,8 @@ safexcel_probesession(device_t dev, const struct crypto_session_params *csp)
return (EINVAL);
break;
case CRYPTO_AES_CCM_16:
- if (csp->csp_ivlen != AES_CCM_IV_LEN)
+ if (csp->csp_auth_mlen != 0 &&
+ csp->csp_auth_mlen != AES_CBC_MAC_HASH_LEN)
return (EINVAL);
break;
default: