From nobody Thu Dec 30 01:50:46 2021
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id F0F12191B571;
	Thu, 30 Dec 2021 01:50:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JPWSk4pHhz4l1m;
	Thu, 30 Dec 2021 01:50:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8689E7E68;
	Thu, 30 Dec 2021 01:50:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BU1okoX013259;
	Thu, 30 Dec 2021 01:50:46 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BU1okXF013258;
	Thu, 30 Dec 2021 01:50:46 GMT
	(envelope-from git)
Date: Thu, 30 Dec 2021 01:50:46 GMT
Message-Id: <202112300150.1BU1okXF013258@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: c3907ef4826f - main - /dev/crypto: Minimize cipher-specific logic.
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c3907ef4826f195b0409e89003da6ed88418cd48
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1640829046;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=m+Epg0soQz65atgxPuewcIQ+yLsRqQJ/a6T/Iru5ITs=;
	b=aLaFVlYU7g3iNMOdMQwLP7XPLlJhhiU6R3ys7KfFl5Gc+B1t++Z+0I76Sqw7PSCsszQhaX
	KdeIcqdGViQ+9gh+1fYjvHytXwJqtoiNVIx2pMElDOm+h11pdmJriHrk7AEFDFMBgcRTo6
	gugiNQHwGyJghPSWyuoQzGhe3hBMxt2QPT/+bQjxHs5TKMiV+UNoZwSSAZHWNnU3Z+ED0x
	is3w0nFTU04pyrXeXlnaYow4/cqhqJUXtjFR82tSAoLe8BzP52SXx2NX32JFdadfMFWiyp
	CCF2WTbokJyBuLHaM7+qId44YFpCcAwollrfSIrPwPzAab3Q4y7BnDOi/1z1ZA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640829046; a=rsa-sha256; cv=none;
	b=PAW029z7Jd22czAZF2UmPsbIIkEp4vOSFBsiLYeim7FhHfC09vrN94WCTQ0SjCrnTsMfND
	9MaY1PK2Z7zr7F82ZVhXizUPDZW+b1PPbfXL3a7OgL59xLv+IAIzFEPq8GFNcUX8ywIrA2
	08iI7r98KSRxRTg+UK3AQuooSbTXoYTh0riFiPVZ2x+FMkZI8ycthSoPBm/xtC2VOI24C6
	kCz4nxeojuITtGs72SGwg4DmrkhYThnsr5SeuSe1whq9cNpcgBhRGvYlHUvaY9/NKDhM1o
	7InWbgmCXYa1V/MEFYv0mJnQ5uhO9ztOMpRbHDSyQlB6zAB1idrmjnsVYp0EpQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=c3907ef4826f195b0409e89003da6ed88418cd48

commit c3907ef4826f195b0409e89003da6ed88418cd48
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-12-30 01:50:03 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-12-30 01:50:03 +0000

    /dev/crypto: Minimize cipher-specific logic.
    
    Rather than duplicating the switches in crypto_auth_hash() and
    crypto_cipher(), copy the algorithm constants from the new session
    ioctl into a csp directly which permits using the functions in
    crypto.c.
    
    Reviewed by:    markj
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D33613
---
 sys/opencrypto/cryptodev.c | 210 +++++++--------------------------------------
 1 file changed, 33 insertions(+), 177 deletions(-)

diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index 6e943735242d..b8b727653847 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -339,71 +339,11 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop)
 	void *key = NULL;
 	void *mackey = NULL;
 	crypto_session_t cses;
-	int crid, error;
+	int crid, error, mac;
 
-	switch (sop->cipher) {
-	case 0:
-		txform = NULL;
-		break;
-	case CRYPTO_AES_CBC:
-		txform = &enc_xform_aes_cbc;
-		break;
-	case CRYPTO_AES_XTS:
-		txform = &enc_xform_aes_xts;
-		break;
-	case CRYPTO_NULL_CBC:
-		txform = &enc_xform_null;
-		break;
-	case CRYPTO_CAMELLIA_CBC:
-		txform = &enc_xform_camellia;
-		break;
-	case CRYPTO_AES_ICM:
-		txform = &enc_xform_aes_icm;
-		break;
-	case CRYPTO_AES_NIST_GCM_16:
-		txform = &enc_xform_aes_nist_gcm;
-		break;
-	case CRYPTO_CHACHA20:
-		txform = &enc_xform_chacha20;
-		break;
-	case CRYPTO_AES_CCM_16:
-		txform = &enc_xform_ccm;
-		break;
-	case CRYPTO_CHACHA20_POLY1305:
-		txform = &enc_xform_chacha20_poly1305;
-		break;
-	default:
-		CRYPTDEB("invalid cipher");
-		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
-		return (EINVAL);
-	}
-
-	switch (sop->mac) {
-	case 0:
-		thash = NULL;
-		break;
-	case CRYPTO_POLY1305:
-		thash = &auth_hash_poly1305;
-		break;
-	case CRYPTO_SHA1_HMAC:
-		thash = &auth_hash_hmac_sha1;
-		break;
-	case CRYPTO_SHA2_224_HMAC:
-		thash = &auth_hash_hmac_sha2_224;
-		break;
-	case CRYPTO_SHA2_256_HMAC:
-		thash = &auth_hash_hmac_sha2_256;
-		break;
-	case CRYPTO_SHA2_384_HMAC:
-		thash = &auth_hash_hmac_sha2_384;
-		break;
-	case CRYPTO_SHA2_512_HMAC:
-		thash = &auth_hash_hmac_sha2_512;
-		break;
-	case CRYPTO_RIPEMD160_HMAC:
-		thash = &auth_hash_hmac_ripemd_160;
-		break;
+	mac = sop->mac;
 #ifdef COMPAT_FREEBSD12
+	switch (sop->mac) {
 	case CRYPTO_AES_128_NIST_GMAC:
 	case CRYPTO_AES_192_NIST_GMAC:
 	case CRYPTO_AES_256_NIST_GMAC:
@@ -413,138 +353,58 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop)
 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}
-		break;
-#endif
-	case CRYPTO_AES_NIST_GMAC:
-		switch (sop->mackeylen * 8) {
-		case 128:
-			thash = &auth_hash_nist_gmac_aes_128;
-			break;
-		case 192:
-			thash = &auth_hash_nist_gmac_aes_192;
-			break;
-		case 256:
-			thash = &auth_hash_nist_gmac_aes_256;
-			break;
-		default:
-			CRYPTDEB("invalid GMAC key length");
+		if (sop->keylen != sop->mackeylen) {
 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}
+		mac = 0;
 		break;
 	case CRYPTO_AES_CCM_CBC_MAC:
-		switch (sop->mackeylen) {
-		case 16:
-			thash = &auth_hash_ccm_cbc_mac_128;
-			break;
-		case 24:
-			thash = &auth_hash_ccm_cbc_mac_192;
-			break;
-		case 32:
-			thash = &auth_hash_ccm_cbc_mac_256;
-			break;
-		default:
-			CRYPTDEB("Invalid CBC MAC key size %d", sop->keylen);
+		/* Should always be paired with CCM. */
+		if (sop->cipher != CRYPTO_AES_CCM_16) {
+			CRYPTDEB("CBC-MAC without CCM");
 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}
+		if (sop->keylen != sop->mackeylen) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+			return (EINVAL);
+		}
+		mac = 0;
 		break;
-	case CRYPTO_RIPEMD160:
-		thash = &auth_hash_ripemd_160;
-		break;
-	case CRYPTO_SHA1:
-		thash = &auth_hash_sha1;
-		break;
-	case CRYPTO_SHA2_224:
-		thash = &auth_hash_sha2_224;
-		break;
-	case CRYPTO_SHA2_256:
-		thash = &auth_hash_sha2_256;
-		break;
-	case CRYPTO_SHA2_384:
-		thash = &auth_hash_sha2_384;
-		break;
-	case CRYPTO_SHA2_512:
-		thash = &auth_hash_sha2_512;
-		break;
-
-	case CRYPTO_NULL_HMAC:
-		thash = &auth_hash_null;
-		break;
-
-	case CRYPTO_BLAKE2B:
-		thash = &auth_hash_blake2b;
-		break;
-	case CRYPTO_BLAKE2S:
-		thash = &auth_hash_blake2s;
-		break;
-
-	default:
-		CRYPTDEB("invalid mac");
-		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
-		return (EINVAL);
-	}
-
-	if (txform == NULL && thash == NULL) {
-		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
-		return (EINVAL);
 	}
+#endif
 
 	memset(&csp, 0, sizeof(csp));
 	if (use_outputbuffers)
 		csp.csp_flags |= CSP_F_SEPARATE_OUTPUT;
+	if (mac != 0) {
+		csp.csp_auth_alg = mac;
+		csp.csp_auth_klen = sop->mackeylen;
+	}
+	if (sop->cipher != 0) {
+		csp.csp_cipher_alg = sop->cipher;
+		csp.csp_cipher_klen = sop->keylen;
+	}
+	thash = crypto_auth_hash(&csp);
+	txform = crypto_cipher(&csp);
 
-	if (sop->cipher == CRYPTO_AES_NIST_GCM_16) {
-		switch (sop->mac) {
-#ifdef COMPAT_FREEBSD12
-		case CRYPTO_AES_128_NIST_GMAC:
-		case CRYPTO_AES_192_NIST_GMAC:
-		case CRYPTO_AES_256_NIST_GMAC:
-			if (sop->keylen != sop->mackeylen) {
-				SDT_PROBE1(opencrypto, dev, ioctl, error,
-				    __LINE__);
-				return (EINVAL);
-			}
-			break;
-#endif
-		case 0:
-			break;
-		default:
+	if (txform != NULL && txform->macsize != 0) {
+		if (mac != 0) {
 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}
 		csp.csp_mode = CSP_MODE_AEAD;
-	} else if (sop->cipher == CRYPTO_AES_CCM_16) {
-		switch (sop->mac) {
-#ifdef COMPAT_FREEBSD12
-		case CRYPTO_AES_CCM_CBC_MAC:
-			if (sop->keylen != sop->mackeylen) {
-				SDT_PROBE1(opencrypto, dev, ioctl, error,
-				    __LINE__);
-				return (EINVAL);
-			}
-			thash = NULL;
-			break;
-#endif
-		case 0:
-			break;
-		default:
-			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
-			return (EINVAL);
-		}
-		csp.csp_mode = CSP_MODE_AEAD;
-	} else if (sop->cipher == CRYPTO_CHACHA20_POLY1305) {
-		if (sop->mac != 0) {
-			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
-			return (EINVAL);
-		}
-		csp.csp_mode = CSP_MODE_AEAD;
-	} else if (txform != NULL && thash != NULL)
+	} else if (txform != NULL && thash != NULL) {
 		csp.csp_mode = CSP_MODE_ETA;
-	else if (txform != NULL)
+	} else if (txform != NULL) {
 		csp.csp_mode = CSP_MODE_CIPHER;
-	else
+	} else if (thash != NULL) {
 		csp.csp_mode = CSP_MODE_DIGEST;
+	} else {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+		return (EINVAL);
+	}
 
 	switch (csp.csp_mode) {
 	case CSP_MODE_AEAD:
@@ -555,8 +415,6 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop)
 	}
 
 	if (txform != NULL) {
-		csp.csp_cipher_alg = txform->type;
-		csp.csp_cipher_klen = sop->keylen;
 		if (sop->keylen > txform->maxkey ||
 		    sop->keylen < txform->minkey) {
 			CRYPTDEB("invalid cipher parameters");
@@ -577,8 +435,6 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop)
 	}
 
 	if (thash != NULL) {
-		csp.csp_auth_alg = thash->type;
-		csp.csp_auth_klen = sop->mackeylen;
 		if (sop->mackeylen > thash->keysize || sop->mackeylen < 0) {
 			CRYPTDEB("invalid mac key length");
 			error = EINVAL;