| #
fdafd315 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
|
| #
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| #
96c25381 |
|
27-Jul-2023 |
Mark Johnston <markj@FreeBSD.org> |
opencrypto: Respect alignment constraints in xor_and_encrypt()
Copy operands to an aligned buffer before performing operations which
require alignment. Otherwise it's possible for this code to trigger an
alignment fault on armv7.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D41211
|
| #
4361c4eb |
|
06-Oct-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of
block 0 passed to CBC_MAC, so merely copying the first N bytes is
insufficient.
To avoid adding more sideband data to the CBC MAC software context,
pull the generation of block 0, the AAD length, and AAD padding out of
cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are
handled where the length block is constructed in cryptosoft.c and
passed as an input to the Update callback. As a result, the CBC MAC
Update() routine is now much simpler and simply performs the
XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine
when one or more full blocks are passed as input to the Update
callback.
Reviewed by: sef
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32120
|
| #
9b6b2f86 |
|
10-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Adjust crypto_apply function callbacks for OCF.
- crypto_apply() is only used for reading a buffer to compute a
digest, so change the data pointer to a const pointer.
- To better match m_apply(), change the data pointer type to void *
and the length from uint16_t to u_int. The length field in
particular matters as none of the apply logic was splitting requests
larger than UINT16_MAX.
- Adjust the auth_xform Update callback to match the function
prototype passed to crypto_apply() and crypto_apply_buf(). This
removes the needs for casts when using the Update callback.
- Change the Reinit and Setkey callbacks to also use a u_int length
instead of uint16_t.
- Update auth transforms for the changes. While here, use C99
initializers for auth_hash structures and avoid casts on callbacks.
Reviewed by: cem
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25171
|
| #
8ccf3d97 |
|
24-Apr-2019 |
John Baldwin <jhb@FreeBSD.org> |
Don't panic for empty CCM requests.
A request to encrypt an empty payload without any AAD is unusual, but
it is defined behavior. Removing this assertion removes a panic and
instead returns the correct tag for an empty buffer.
Reviewed by: cem, sef
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D20043
|
| #
f42230d8 |
|
25-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
Fix another bug introduced during the review process of r344140:
the tag wasn't being computed properly due to chaning a >= comparison
to an == comparison.
Specifically: CBC-MAC encodes the length of the authorization data
into the the stream to be encrypted/hashed. For short data, this is
two bytes (big-endian 16 bit value); for larger data, it's 6 bytes
(a prefix of 0xff, 0xfe, followed by a 32-bit big-endian length). And
there's a larger size, which is 10 bytes. These extra bytes weren't
being accounted for with the post-review code. The other bit that then came
into play was that OCF only calls the Update code with blksiz=16, which
meant that I had to ignore the length variable. (It also means that it
can't be called with a single buffer containing the AAD and payload;
however, OCF doesn't do this for the software-only algorithsm.)
I tested with this script:
ALG=aes-ccm
DEV=soft
for aad in 0 1 2 3 4 14 16 24 30 32 34 36 1020
do
for dln in 16 32 1024 2048 10240
do
echo "Testing AAD length ${aad} data length ${dln}"
/root/cryptocheck -A ${aad} -a ${ALG} -d ${DEV} ${dln}
done
done
Reviewed by: cem
Sponsored by: iXsystems Inc.
|
| #
1357a3bc |
|
14-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
Fix another issue from r344141, having to do with size of a shift amount.
This did not show up in my testing.
Differential Revision: https://reviews.freebsd.org/D18592
|
| #
72309077 |
|
14-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
Pasting in a source control line missed the last quote. Fixed.
|
| #
a99bc4c3 |
|
14-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
Add CBC-MAC authentication.
This adds the CBC-MAC code to the kernel, but does not hook it up to
anything (that comes in the next commit).
https://tools.ietf.org/html/rfc3610 describes the algorithm.
Note that this is a software-only implementation, which means it is
fairly slow.
Sponsored by: iXsystems Inc
Differential Revision: https://reviews.freebsd.org/D18592
|