git: 5ae5ed5b8fd2 - main - cryptosoft, ccr: Use crp_iv directly for AES-CCM and AES-GCM.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Wed, 06 Oct 2021 21:10:25 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=5ae5ed5b8fd2955378ab67ba127cad8c981678ab

commit 5ae5ed5b8fd2955378ab67ba127cad8c981678ab
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-10-06 21:08:46 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-10-06 21:08:46 +0000

    cryptosoft, ccr: Use crp_iv directly for AES-CCM and AES-GCM.
    
    Rather than copying crp_iv to a local array on the stack that is then
    passed to xform reinit routines, pass crp_iv directly and remove the
    local copy.
    
    Reviewed by:    markj
    Sponsored by:   Chelsio Communications, The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D32106
---
 sys/dev/cxgbe/crypto/t4_crypto.c | 17 +++++------------
 sys/opencrypto/cryptosoft.c      | 18 +++++-------------
 2 files changed, 10 insertions(+), 25 deletions(-)

diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c
index 845bc3c29e38..30d168b60777 100644
--- a/sys/dev/cxgbe/crypto/t4_crypto.c
+++ b/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -1391,7 +1391,6 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp)
 	void *auth_ctx, *kschedule;
 	char block[GMAC_BLOCK_LEN];
 	char digest[GMAC_DIGEST_LEN];
-	char iv[AES_BLOCK_LEN];
 	int error, i, len;
 
 	auth_ctx = NULL;
@@ -1436,10 +1435,8 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp)
 		error = EINVAL;
 		goto out;
 	}
-	crypto_read_iv(crp, iv);
-	*(uint32_t *)&iv[12] = htobe32(1);
 
-	axf->Reinit(auth_ctx, iv, sizeof(iv));
+	axf->Reinit(auth_ctx, crp->crp_iv, AES_GCM_IV_LEN);
 
 	/* MAC the AAD. */
 	if (crp->crp_aad != NULL) {
@@ -1462,7 +1459,7 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp)
 		}
 	}
 
-	exf->reinit(kschedule, iv, sizeof(iv));
+	exf->reinit(kschedule, crp->crp_iv, AES_GCM_IV_LEN);
 
 	/* Do encryption with MAC */
 	for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) {
@@ -1522,7 +1519,6 @@ out:
 	zfree(kschedule, M_CCR);
 	zfree(auth_ctx, M_CCR);
 	explicit_bzero(block, sizeof(block));
-	explicit_bzero(iv, sizeof(iv));
 	explicit_bzero(digest, sizeof(digest));
 	crp->crp_etype = error;
 	crypto_done(crp);
@@ -1878,7 +1874,6 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp)
 	void *kschedule;
 	char block[CCM_CBC_BLOCK_LEN];
 	char digest[AES_CBC_MAC_HASH_LEN];
-	char iv[AES_CCM_IV_LEN];
 	int error, i, len;
 
 	auth_ctx = NULL;
@@ -1923,11 +1918,10 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp)
 		error = EINVAL;
 		goto out;
 	}
-	crypto_read_iv(crp, iv);
 
 	auth_ctx->aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length;
 	auth_ctx->aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length;
-	axf->Reinit(auth_ctx, iv, sizeof(iv));
+	axf->Reinit(auth_ctx, crp->crp_iv, AES_CCM_IV_LEN);
 
 	/* MAC the AAD. */
 	if (crp->crp_aad != NULL)
@@ -1939,7 +1933,7 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp)
 	if (error)
 		goto out;
 
-	exf->reinit(kschedule, iv, sizeof(iv));
+	exf->reinit(kschedule, crp->crp_iv, AES_CCM_IV_LEN);
 
 	/* Do encryption/decryption with MAC */
 	for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) {
@@ -1974,7 +1968,7 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp)
 			error = 0;
 
 			/* Tag matches, decrypt data. */
-			exf->reinit(kschedule, iv, sizeof(iv));
+			exf->reinit(kschedule, crp->crp_iv, AES_CCM_IV_LEN);
 			for (i = 0; i < crp->crp_payload_length;
 			     i += sizeof(block)) {
 				len = imin(crp->crp_payload_length - i,
@@ -1995,7 +1989,6 @@ out:
 	zfree(kschedule, M_CCR);
 	zfree(auth_ctx, M_CCR);
 	explicit_bzero(block, sizeof(block));
-	explicit_bzero(iv, sizeof(iv));
 	explicit_bzero(digest, sizeof(digest));
 	crp->crp_etype = error;
 	crypto_done(crp);
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index 04a2b004799a..19092e56b004 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -463,7 +463,6 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp)
 	uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char tag[GMAC_DIGEST_LEN];
-	u_char iv[AES_BLOCK_LEN];
 	struct crypto_buffer_cursor cc_in, cc_out;
 	const u_char *inblk;
 	u_char *outblk;
@@ -492,12 +491,10 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp)
 	if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
 		return (EINVAL);
 
-	/* Initialize the IV */
 	ivlen = AES_GCM_IV_LEN;
-	bcopy(crp->crp_iv, iv, ivlen);
 
 	/* Supply MAC with IV */
-	axf->Reinit(&ctx, iv, ivlen);
+	axf->Reinit(&ctx, crp->crp_iv, ivlen);
 
 	/* Supply MAC with AAD */
 	if (crp->crp_aad != NULL) {
@@ -536,7 +533,7 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp)
 	if (crp->crp_cipher_key != NULL)
 		exf->setkey(swe->sw_kschedule, crp->crp_cipher_key,
 		    crypto_get_params(crp->crp_session)->csp_cipher_klen);
-	exf->reinit(swe->sw_kschedule, iv, ivlen);
+	exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen);
 
 	/* Do encryption with MAC */
 	crypto_cursor_init(&cc_in, &crp->crp_buf);
@@ -635,7 +632,6 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp)
 out:
 	explicit_bzero(blkbuf, sizeof(blkbuf));
 	explicit_bzero(tag, sizeof(tag));
-	explicit_bzero(iv, sizeof(iv));
 
 	return (error);
 }
@@ -701,7 +697,6 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 	uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char tag[AES_CBC_MAC_HASH_LEN];
-	u_char iv[AES_BLOCK_LEN];
 	struct crypto_buffer_cursor cc_in, cc_out;
 	const u_char *inblk;
 	u_char *outblk;
@@ -729,9 +724,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 	if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
 		return (EINVAL);
 
-	/* Initialize the IV */
 	ivlen = AES_CCM_IV_LEN;
-	bcopy(crp->crp_iv, iv, ivlen);
 
 	/*
 	 * AES CCM-CBC-MAC needs to know the length of both the auth
@@ -741,7 +734,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 	ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length;
 
 	/* Supply MAC with IV */
-	axf->Reinit(&ctx, iv, ivlen);
+	axf->Reinit(&ctx, crp->crp_iv, ivlen);
 
 	/* Supply MAC with AAD */
 	if (crp->crp_aad != NULL)
@@ -755,7 +748,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 	if (crp->crp_cipher_key != NULL)
 		exf->setkey(swe->sw_kschedule, crp->crp_cipher_key,
 		    crypto_get_params(crp->crp_session)->csp_cipher_klen);
-	exf->reinit(swe->sw_kschedule, iv, ivlen);
+	exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen);
 
 	/* Do encryption/decryption with MAC */
 	crypto_cursor_init(&cc_in, &crp->crp_buf);
@@ -826,7 +819,7 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 		}
 
 		/* tag matches, decrypt data */
-		exf->reinit(swe->sw_kschedule, iv, ivlen);
+		exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen);
 		crypto_cursor_init(&cc_in, &crp->crp_buf);
 		crypto_cursor_advance(&cc_in, crp->crp_payload_start);
 		for (resid = crp->crp_payload_length; resid > blksz;
@@ -859,7 +852,6 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 out:
 	explicit_bzero(blkbuf, sizeof(blkbuf));
 	explicit_bzero(tag, sizeof(tag));
-	explicit_bzero(iv, sizeof(iv));
 	return (error);
 }