From nobody Thu Oct 21 22:04:23 2021
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C8C8C180163C;
	Thu, 21 Oct 2021 22:04:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Hb1jP1mNHz3tWR;
	Thu, 21 Oct 2021 22:04:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C0FFF22C5F;
	Thu, 21 Oct 2021 22:04:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LM4N10079680;
	Thu, 21 Oct 2021 22:04:23 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LM4Nbk079679;
	Thu, 21 Oct 2021 22:04:23 GMT
	(envelope-from git)
Date: Thu, 21 Oct 2021 22:04:23 GMT
Message-Id: <202110212204.19LM4Nbk079679@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 12d5e71fb5c3 - stable/13 - ccr: Support AES-CCM requests with truncated tags.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 12d5e71fb5c35113ca0ead049f7285a4e6fab30f
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=12d5e71fb5c35113ca0ead049f7285a4e6fab30f

commit 12d5e71fb5c35113ca0ead049f7285a4e6fab30f
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-10-06 21:08:48 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-10-21 21:17:09 +0000

    ccr: Support AES-CCM requests with truncated tags.
    
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D32117
    
    (cherry picked from commit e148e407df5c8b1c83bcd44da9f4837d94431d02)
---
 sys/dev/cxgbe/crypto/t4_crypto.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c
index 6d5f82f6857c..24287638b376 100644
--- a/sys/dev/cxgbe/crypto/t4_crypto.c
+++ b/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -1524,6 +1524,29 @@ out:
 	crypto_done(crp);
 }
 
+static int
+ccr_ccm_hmac_ctrl(unsigned int authsize)
+{
+	switch (authsize) {
+	case 4:
+		return (SCMD_HMAC_CTRL_PL1);
+	case 6:
+		return (SCMD_HMAC_CTRL_PL2);
+	case 8:
+		return (SCMD_HMAC_CTRL_DIV2);
+	case 10:
+		return (SCMD_HMAC_CTRL_TRUNC_RFC4366);
+	case 12:
+		return (SCMD_HMAC_CTRL_IPSEC_96BIT);
+	case 14:
+		return (SCMD_HMAC_CTRL_PL3);
+	case 16:
+		return (SCMD_HMAC_CTRL_NO_TRUNC);
+	default:
+		__assert_unreachable();
+	}
+}
+
 static void
 generate_ccm_b0(struct cryptop *crp, u_int hash_size_in_response,
     const char *iv, char *b0)
@@ -1783,7 +1806,7 @@ ccr_ccm(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp)
 	    V_CPL_TX_SEC_PDU_AUTHINSERT(auth_insert));
 
 	/* These two flits are actually a CPL_TLS_TX_SCMD_FMT. */
-	hmac_ctrl = ccr_hmac_ctrl(AES_CBC_MAC_HASH_LEN, hash_size_in_response);
+	hmac_ctrl = ccr_ccm_hmac_ctrl(hash_size_in_response);
 	crwr->sec_cpl.seqno_numivs = htobe32(
 	    V_SCMD_SEQ_NO_CTRL(0) |
 	    V_SCMD_PROTO_VERSION(SCMD_PROTO_VERSION_GENERIC) |
@@ -2459,9 +2482,6 @@ ccr_probesession(device_t dev, const struct crypto_session_params *csp)
 				return (EINVAL);
 			break;
 		case CRYPTO_AES_CCM_16:
-			if (csp->csp_auth_mlen < 0 ||
-			    csp->csp_auth_mlen > AES_CBC_MAC_HASH_LEN)
-				return (EINVAL);
 			break;
 		default:
 			return (EINVAL);