diff options
| author | Conrad Meyer <cem@FreeBSD.org> | 2018-06-23 17:24:19 +0000 |
|---|---|---|
| committer | Conrad Meyer <cem@FreeBSD.org> | 2018-06-23 17:24:19 +0000 |
| commit | 7d0ffa388e5084efb58e7f16259be9b08443bc56 (patch) | |
| tree | 4458304b84dea3b5bde114034eb117d103bf260f | |
| parent | 7e807acfee06cea4d7f5ac5f44a68366b80de0b3 (diff) | |
| download | src-7d0ffa388e5084efb58e7f16259be9b08443bc56.tar.gz src-7d0ffa388e5084efb58e7f16259be9b08443bc56.zip | |
aesni(4): Support CRD_F_KEY_EXPLICIT OCF mode
PR: 227788
Reported by: eadler@
Notes
Notes:
svn path=/head/; revision=335583
| -rw-r--r-- | sys/crypto/aesni/aesni.c | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c index 6a12eda38020..8a61a5ec9b6c 100644 --- a/sys/crypto/aesni/aesni.c +++ b/sys/crypto/aesni/aesni.c @@ -555,24 +555,36 @@ MODULE_VERSION(aesni, 1); MODULE_DEPEND(aesni, crypto, 1, 1, 1); static int +aesni_authprepare(struct aesni_session *ses, int klen, const void *cri_key) +{ + int keylen; + + if (klen % 8 != 0) + return (EINVAL); + keylen = klen / 8; + if (keylen > sizeof(ses->hmac_key)) + return (EINVAL); + if (ses->auth_algo == CRYPTO_SHA1 && keylen > 0) + return (EINVAL); + memcpy(ses->hmac_key, cri_key, keylen); + return (0); +} + +static int aesni_cipher_setup(struct aesni_session *ses, struct cryptoini *encini, struct cryptoini *authini) { struct fpu_kern_ctx *ctx; - int kt, ctxidx, keylen, error; + int kt, ctxidx, error; switch (ses->auth_algo) { case CRYPTO_SHA1: case CRYPTO_SHA1_HMAC: case CRYPTO_SHA2_256_HMAC: - if (authini->cri_klen % 8 != 0) - return (EINVAL); - keylen = authini->cri_klen / 8; - if (keylen > sizeof(ses->hmac_key)) - return (EINVAL); - if (ses->auth_algo == CRYPTO_SHA1 && keylen > 0) - return (EINVAL); - memcpy(ses->hmac_key, authini->cri_key, keylen); + error = aesni_authprepare(ses, authini->cri_klen, + authini->cri_key); + if (error != 0) + return (error); ses->mlen = authini->cri_mlen; } @@ -899,10 +911,18 @@ aesni_cipher_mac(struct aesni_session *ses, struct cryptodesc *crd, struct sha1_ctxt sha1 __aligned(16); } sctx; uint32_t res[SHA2_256_HASH_LEN / sizeof(uint32_t)]; - int hashlen; + int hashlen, error; - if (crd->crd_flags != 0) + if ((crd->crd_flags & ~CRD_F_KEY_EXPLICIT) != 0) { + CRYPTDEB("%s: Unsupported MAC flags: 0x%x", __func__, + (crd->crd_flags & ~CRD_F_KEY_EXPLICIT)); return (EINVAL); + } + if ((crd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) { + error = aesni_authprepare(ses, crd->crd_klen, crd->crd_key); + if (error != 0) + return (error); + } switch (ses->auth_algo) { case CRYPTO_SHA1_HMAC: |