From nobody Thu Oct 21 22:04:17 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BE97C1801469; Thu, 21 Oct 2021 22:04:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hb1jG3dRFz3tf8; Thu, 21 Oct 2021 22:04:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0502522C5E; Thu, 21 Oct 2021 22:04:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LM4HpN079554; Thu, 21 Oct 2021 22:04:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LM4HV3079553; Thu, 21 Oct 2021 22:04:17 GMT (envelope-from git) Date: Thu, 21 Oct 2021 22:04:17 GMT Message-Id: <202110212204.19LM4HV3079553@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 4cce6043c7d9 - stable/13 - aesni: Support multiple nonce lengths for AES-CCM. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 4cce6043c7d9be191883ad3a7ed46e8e4a1709af Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=4cce6043c7d9be191883ad3a7ed46e8e4a1709af commit 4cce6043c7d9be191883ad3a7ed46e8e4a1709af Author: John Baldwin AuthorDate: 2021-10-06 21:08:47 +0000 Commit: John Baldwin CommitDate: 2021-10-21 21:07:45 +0000 aesni: Support multiple nonce lengths for AES-CCM. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32112 (cherry picked from commit 8e6af6adfc2cc3d0ea89c20eaa5914e453c48b49) --- sys/crypto/aesni/aesni.c | 13 +++++++++---- sys/crypto/aesni/aesni_ccm.c | 32 ++++++++------------------------ 2 files changed, 17 insertions(+), 28 deletions(-) diff --git a/sys/crypto/aesni/aesni.c b/sys/crypto/aesni/aesni.c index 4debbae12c2b..67dcef123429 100644 --- a/sys/crypto/aesni/aesni.c +++ b/sys/crypto/aesni/aesni.c @@ -1,7 +1,7 @@ /*- * Copyright (c) 2005-2008 Pawel Jakub Dawidek * Copyright (c) 2010 Konstantin Belousov - * Copyright (c) 2014 The FreeBSD Foundation + * Copyright (c) 2014-2021 The FreeBSD Foundation * Copyright (c) 2017 Conrad Meyer * All rights reserved. * @@ -9,6 +9,9 @@ * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * + * Portions of this software were developed by Ararat River + * Consulting, LLC under sponsorship of the FreeBSD Foundation. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -319,8 +322,7 @@ aesni_probesession(device_t dev, const struct crypto_session_params *csp) if (csp->csp_auth_mlen != 0 && csp->csp_auth_mlen != AES_CBC_MAC_HASH_LEN) return (EINVAL); - if (csp->csp_ivlen != AES_CCM_IV_LEN || - !sc->has_aes) + if (!sc->has_aes) return (EINVAL); break; default: @@ -639,9 +641,12 @@ aesni_cipher_process(struct aesni_session *ses, struct cryptop *crp) csp = crypto_get_params(crp->crp_session); switch (csp->csp_cipher_alg) { + case CRYPTO_AES_CCM_16: + if (crp->crp_payload_length > ccm_max_payload_length(csp)) + return (EMSGSIZE); + /* FALLTHROUGH */ case CRYPTO_AES_ICM: case CRYPTO_AES_NIST_GCM_16: - case CRYPTO_AES_CCM_16: if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) return (EINVAL); break; diff --git a/sys/crypto/aesni/aesni_ccm.c b/sys/crypto/aesni/aesni_ccm.c index fc01e92c697f..9e2fa317b2ed 100644 --- a/sys/crypto/aesni/aesni_ccm.c +++ b/sys/crypto/aesni/aesni_ccm.c @@ -1,11 +1,15 @@ /*- - * Copyright (c) 2014 The FreeBSD Foundation + * Copyright (c) 2014-2021 The FreeBSD Foundation * Copyright (c) 2018 iXsystems, Inc * All rights reserved. * - * This software was developed by John-Mark Gurney under - * the sponsorship of the FreeBSD Foundation and + * Portions of this software were developed by John-Mark Gurney + * under the sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). + * + * Portions of this software were developed by Ararat River + * Consulting, LLC under sponsorship of the FreeBSD Foundation. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -185,12 +189,7 @@ cbc_mac_start(const unsigned char *auth_data, size_t auth_len, * however, they're always truncated from 16 bytes, and the tag * length isn't passed in. (This could be fixed by changing the * code in aesni.c:aesni_cipher_crypt().) - * Similarly, although the nonce length is passed in, the - * OpenCrypto API that calls us doesn't have a way to set the nonce - * other than by having different crypto algorithm types. As a result, - * this is currently always called with nlen=12; this means that we - * also have a maximum message length of 16 megabytes. And similarly, - * since abytes is limited to a 32 bit value here, the AAD is + * Since abytes is limited to a 32 bit value here, the AAD is * limited to 4 gigabytes or less. */ void @@ -222,14 +221,6 @@ AES_CCM_encrypt(const unsigned char *in, unsigned char *out, */ L = sizeof(__m128i) - 1 - nlen; - /* - * Now, this shouldn't happen, but let's make sure that - * the data length isn't too big. - */ - KASSERT(nbytes <= ((1 << (8 * L)) - 1), - ("%s: nbytes is %u, but length field is %d bytes", - __FUNCTION__, nbytes, L)); - /* * Clear out the blocks */ @@ -399,13 +390,6 @@ AES_CCM_decrypt(const unsigned char *in, unsigned char *out, */ L = sizeof(__m128i) - 1 - nlen; - /* - * Now, this shouldn't happen, but let's make sure that - * the data length isn't too big. - */ - if (nbytes > ((1 << (8 * L)) - 1)) - panic("%s: nbytes is %u, but length field is %d bytes", - __FUNCTION__, nbytes, L); /* * Clear out the blocks */