svn commit: r323891 - in head: share/man/man4 sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Fri Sep 22 00:22:00 UTC 2017
Author: jhb
Date: Fri Sep 22 00:21:58 2017
New Revision: 323891
URL: https://svnweb.freebsd.org/changeset/base/323891
Log:
Add a new COP_F_CIPHER_FIRST flag for struct crypt_op.
This requests that the cipher be performed before rather than after
the HMAC when both are specified for a single operation.
Reviewed by: cem
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D11757
Modified:
head/share/man/man4/crypto.4
head/sys/opencrypto/cryptodev.c
head/sys/opencrypto/cryptodev.h
Modified: head/share/man/man4/crypto.4
==============================================================================
--- head/share/man/man4/crypto.4 Fri Sep 22 00:16:46 2017 (r323890)
+++ head/share/man/man4/crypto.4 Fri Sep 22 00:21:58 2017 (r323891)
@@ -60,7 +60,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 15, 2015
+.Dd September 21, 2017
.Dt CRYPTO 4
.Os
.Sh NAME
@@ -127,7 +127,9 @@ Asymmetric operations do not use sessions.
.It
Submit requests, synchronously with
.Dv CIOCCRYPT
-(symmetric)
+(symmetric),
+.Dv CIOCCRYPTAEAD
+(symmetric),
or
.Dv CIOCKEY
(asymmetric).
@@ -279,6 +281,16 @@ supplies the length of the input buffer; the fields
.Fa cr_op-\*[Gt]iv
supply the addresses of the input buffer, output buffer,
one-way hash, and initialization vector, respectively.
+If a session is using both a privacy algorithm and a hash algorithm,
+the request will generate a hash of the input buffer before
+generating the output buffer by default.
+If the
+.Dv COP_F_CIPHER_FIRST
+flag is included in the
+.Fa cr_op-\*[Gt]flags
+field,
+then the request will generate a hash of the output buffer after
+executing the privacy algorithm.
.It Dv CIOCCRYPTAEAD Fa struct crypt_aead *cr_aead
.Bd -literal
struct crypt_aead {
Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c Fri Sep 22 00:16:46 2017 (r323890)
+++ head/sys/opencrypto/cryptodev.c Fri Sep 22 00:21:58 2017 (r323891)
@@ -731,18 +731,22 @@ cryptodev_op(
goto bail;
}
- if (cse->thash) {
- crda = crp->crp_desc;
- if (cse->txform)
- crde = crda->crd_next;
- } else {
- if (cse->txform)
+ if (cse->thash && cse->txform) {
+ if (cop->flags & COP_F_CIPHER_FIRST) {
crde = crp->crp_desc;
- else {
- SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
- error = EINVAL;
- goto bail;
+ crda = crde->crd_next;
+ } else {
+ crda = crp->crp_desc;
+ crde = crda->crd_next;
}
+ } else if (cse->thash) {
+ crda = crp->crp_desc;
+ } else if (cse->txform) {
+ crde = crp->crp_desc;
+ } else {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ error = EINVAL;
+ goto bail;
}
if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base,
Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h Fri Sep 22 00:16:46 2017 (r323890)
+++ head/sys/opencrypto/cryptodev.h Fri Sep 22 00:21:58 2017 (r323891)
@@ -238,7 +238,8 @@ struct crypt_op {
#define COP_ENCRYPT 1
#define COP_DECRYPT 2
u_int16_t flags;
-#define COP_F_BATCH 0x0008 /* Batch op if possible */
+#define COP_F_CIPHER_FIRST 0x0001 /* Cipher before MAC. */
+#define COP_F_BATCH 0x0008 /* Batch op if possible */
u_int len;
c_caddr_t src; /* become iov[] inside kernel */
caddr_t dst;
More information about the svn-src-head
mailing list