From nobody Thu Oct 21 17:07:06 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0BB0318070A9; Thu, 21 Oct 2021 17:07:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HZv6P0c5Tz4hCN; Thu, 21 Oct 2021 17:07:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 16A2A1EFB5; Thu, 21 Oct 2021 17:07:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LH76bS080429; Thu, 21 Oct 2021 17:07:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LH765L080428; Thu, 21 Oct 2021 17:07:06 GMT (envelope-from git) Date: Thu, 21 Oct 2021 17:07:06 GMT Message-Id: <202110211707.19LH765L080428@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 83b3e8e05ad9 - stable/13 - ccp, ccr: Simplify drivers to assume an AES-GCM IV length of 12. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 83b3e8e05ad9bab3f6cd79cc7842c37fa5f84951 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=83b3e8e05ad9bab3f6cd79cc7842c37fa5f84951 commit 83b3e8e05ad9bab3f6cd79cc7842c37fa5f84951 Author: John Baldwin AuthorDate: 2021-10-06 21:08:46 +0000 Commit: John Baldwin CommitDate: 2021-10-21 15:51:25 +0000 ccp, ccr: Simplify drivers to assume an AES-GCM IV length of 12. While here, use crypto_read_iv() in a few more places in ccr(4) that I missed previously. Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D32104 (cherry picked from commit cb128893b92994456107d6ca722fdf6e5028eacc) --- sys/crypto/ccp/ccp_hardware.c | 5 ++--- sys/dev/cxgbe/crypto/t4_crypto.c | 36 ++++++------------------------------ 2 files changed, 8 insertions(+), 33 deletions(-) diff --git a/sys/crypto/ccp/ccp_hardware.c b/sys/crypto/ccp/ccp_hardware.c index a2ca8e1cb71a..68f46a553f3c 100644 --- a/sys/crypto/ccp/ccp_hardware.c +++ b/sys/crypto/ccp/ccp_hardware.c @@ -1356,10 +1356,9 @@ ccp_collect_iv(struct cryptop *crp, const struct crypto_session_params *csp, crypto_read_iv(crp, iv); /* - * If the input IV is 12 bytes, append an explicit counter of 1. + * Append an explicit counter of 1 for GCM. */ - if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16 && - csp->csp_ivlen == 12) + if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) *(uint32_t *)&iv[12] = htobe32(1); if (csp->csp_cipher_alg == CRYPTO_AES_XTS && diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c index cdd14fcee2f9..a3c25eb7df47 100644 --- a/sys/dev/cxgbe/crypto/t4_crypto.c +++ b/sys/dev/cxgbe/crypto/t4_crypto.c @@ -1133,26 +1133,7 @@ ccr_gcm(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp) else op_type = CHCR_DECRYPT_OP; - /* - * The IV handling for GCM in OCF is a bit more complicated in - * that IPSec provides a full 16-byte IV (including the - * counter), whereas the /dev/crypto interface sometimes - * provides a full 16-byte IV (if no IV is provided in the - * ioctl) and sometimes a 12-byte IV (if the IV was explicit). - * - * When provided a 12-byte IV, assume the IV is really 16 bytes - * with a counter in the last 4 bytes initialized to 1. - * - * While iv_len is checked below, the value is currently - * always set to 12 when creating a GCM session in this driver - * due to limitations in OCF (there is no way to know what the - * IV length of a given request will be). This means that the - * driver always assumes as 12-byte IV for now. - */ - if (s->blkcipher.iv_len == 12) - iv_len = AES_BLOCK_LEN; - else - iv_len = s->blkcipher.iv_len; + iv_len = AES_BLOCK_LEN; /* * GCM requests should always provide an explicit IV. @@ -1290,9 +1271,8 @@ ccr_gcm(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp) crwr = wrtod(wr); memset(crwr, 0, wr_len); - memcpy(iv, crp->crp_iv, s->blkcipher.iv_len); - if (s->blkcipher.iv_len == 12) - *(uint32_t *)&iv[12] = htobe32(1); + crypto_read_iv(crp, iv); + *(uint32_t *)&iv[12] = htobe32(1); ccr_populate_wreq(sc, s, crwr, kctx_len, wr_len, imm_len, sgl_len, 0, crp); @@ -1445,15 +1425,11 @@ ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp) if (error) goto out; - /* - * This assumes a 12-byte IV from the crp. See longer comment - * above in ccr_gcm() for more details. - */ if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) { error = EINVAL; goto out; } - memcpy(iv, crp->crp_iv, 12); + crypto_read_iv(crp, iv); *(uint32_t *)&iv[12] = htobe32(1); axf->Reinit(auth_ctx, iv, sizeof(iv)); @@ -1767,7 +1743,7 @@ ccr_ccm(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp) */ memset(iv, 0, iv_len); iv[0] = (15 - AES_CCM_IV_LEN) - 1; - memcpy(iv + 1, crp->crp_iv, AES_CCM_IV_LEN); + crypto_read_iv(crp, iv + 1); ccr_populate_wreq(sc, s, crwr, kctx_len, wr_len, imm_len, sgl_len, 0, crp); @@ -1940,7 +1916,7 @@ ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp) error = EINVAL; goto out; } - memcpy(iv, crp->crp_iv, AES_CCM_IV_LEN); + crypto_read_iv(crp, iv); auth_ctx->aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length; auth_ctx->aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length;