#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
d7f0b3ce |
|
11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Re-add encrypt/decrypt_multi hooks to enc_xform. These callbacks allow multiple contiguous blocks to be manipulated in a single call. Note that any trailing partial block for a stream cipher must still be passed to encrypt/decrypt_last. While here, document the setkey and reinit hooks and reorder the hooks in 'struct enc_xform' to better reflect the life cycle. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33529
|
#
ab91fb6c |
|
09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Refactor software support for AEAD ciphers. Extend struct enc_xform to add new members to handle auth operations for AEAD ciphers. In particular, AEAD operations in cryptosoft no longer use a struct auth_hash. Instead, the setkey and reinit methods of struct enc_xform are responsible for initializing both the cipher and auth state. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33196
|
#
ae18720d |
|
06-Oct-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Support multiple nonce lengths for AES-CCM. Permit nonces of lengths 7 through 13 in the OCF framework and the cryptosoft driver. A helper function (ccm_max_payload_length) can be used in OCF drivers to reject CCM requests which are too large for the specified nonce length. Reviewed by: sef Sponsored by: Chelsio Communications, The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32111
|
#
1833d604 |
|
06-Oct-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Permit variable-sized IVs for ciphers with a reinit hook. Add a 'len' argument to the reinit hook in 'struct enc_xform' to permit support for AEAD ciphers such as AES-CCM and Chacha20-Poly1305 which support different nonce lengths. Reviewed by: markj Sponsored by: Chelsio Communications, The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32105
|
#
d8787d4f |
|
26-Jul-2021 |
Mark Johnston <markj@FreeBSD.org> |
crypto: Constify all transform descriptors No functional change intended. Reviewed by: ae, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31196
|
#
723d8764 |
|
22-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Improve support for stream ciphers in the software encryption interface. Add a 'native_blocksize' member to 'struct enc_xform' that ciphers can use if they support a partial final block. This is particular useful for stream ciphers, but can also apply to other ciphers. cryptosoft will only pass in native blocks to the encrypt and decrypt hooks. For the final partial block, 'struct enc_xform' now has new encrypt_last/decrypt_last hooks which accept the length of the final block. The multi_block methods are also retired. Mark AES-ICM (AES-CTR) as a stream cipher. This has some interesting effects on IPsec in that FreeBSD can now properly receive all packets sent by Linux when using AES-CTR, but FreeBSD can no longer interoperate with OpenBSD and older verisons of FreeBSD which assume AES-CTR packets have a payload padded to a 16-byte boundary. Kornel has offered to work on a patch to add a compatiblity sysctl to enforce additional padding for AES-CTR in esp_output to permit compatibility with OpenBSD and older versions of FreeBSD. AES-XTS continues to use a block size of a single AES block length. It is possible to adjust it to support partial final blocks by implementing cipher text stealing via encrypt_last/decrypt_last hooks, but I have not done so. Reviewed by: cem (earlier version) Tested by: Kornel Dulęba <mindal@semihalf.com> (AES-CTR with IPsec) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D24906
|
#
3e947048 |
|
20-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Various cleanups to the software encryption transform interface. - Consistently use 'void *' for key schedules / key contexts instead of a mix of 'caddr_t', 'uint8_t *', and 'void *'. - Add a ctxsize member to enc_xform similar to what auth transforms use and require callers to malloc/zfree the context. The setkey callback now supplies the caller-allocated context pointer and the zerokey callback is removed. Callers now always use zfree() to ensure key contexts are zeroed. - Consistently use C99 initializers for all statically-initialized instances of 'struct enc_xform'. - Change the encrypt and decrypt functions to accept separate in and out buffer pointers. Almost all of the backend crypto functions already supported separate input and output buffers and this makes it simpler to support separate buffers in OCF. - Remove xform_userland.h shim to permit transforms to be compiled in userland. Transforms no longer call malloc/free directly. Reviewed by: cem (earlier version) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D24855
|
#
821fe3d3 |
|
21-Aug-2019 |
John Baldwin <jhb@FreeBSD.org> |
Use 'const' for keys and IVs passed to software encryption algorithms. Specifically, use 'const' for the key passed to the 'setkey' method and 'const' for the 'iv' passed to the 'reinit' method. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D21347
|
#
507281e5 |
|
14-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
Add AES-CCM encryption, and plumb into OCF. This commit essentially has three parts: * Add the AES-CCM encryption hooks. This is in and of itself fairly small, as there is only a small difference between CCM and the other ICM-based algorithms. * Hook the code into the OpenCrypto framework. This is the bulk of the changes, as the algorithm type has to be checked for, and the differences between it and GCM dealt with. * Update the cryptocheck tool to be aware of it. This is invaluable for confirming that the code works. This is a software-only implementation, meaning that the performance is very low. Sponsored by: iXsystems Inc. Differential Revision: https://reviews.freebsd.org/D19090
|
#
bf4c239e |
|
01-Aug-2016 |
Conrad Meyer <cem@FreeBSD.org> |
opencrypto AES-ICM: Fix heap corruption typo This error looks like it was a simple copy-paste typo in the original commit for this code (r275732). PR: 204009 Reported by: Chang-Hsien Tsai <luke.tw AT gmail.com> Sponsored by: EMC / Isilon Storage Division
|
#
2155bb23 |
|
30-Dec-2015 |
Allan Jude <allanjude@FreeBSD.org> |
Break up opencrypto/xform.c so it can be reused piecemeal Keep xform.c as a meta-file including the broken out bits existing code that includes xform.c continues to work as normal Individual algorithms can now be reused elsewhere, including outside of the kernel Reviewed by: bapt (previous version), gnn, delphij Approved by: secteam MFC after: 1 week Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D4674
|