src/sys/opencrypto/cryptodev.c, branch releng/14.3

sys: Remove $FreeBSD$: one-line .c pattern

2023-08-16T17:54:36+00:00

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

cryptodev: Use a private malloc type (M_CRYPTODEV) instead of M_XDATA.

2022-01-24T23:27:39+00:00

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33991

/dev/crypto: Store blocksize in cse rather than txform pointer.

2021-12-30T01:50:23+00:00

Reviewed by:	markj
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D33614

/dev/crypto: Minimize cipher-specific logic.

2021-12-30T01:50:03+00:00

Rather than duplicating the switches in crypto_auth_hash() and
crypto_cipher(), copy the algorithm constants from the new session
ioctl into a csp directly which permits using the functions in
crypto.c.

Reviewed by:	markj
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D33613

OCF: Hook up plain RIPEMD160 in cryptosoft and /dev/crypto.

2021-12-30T00:46:48+00:00

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33612

crypto: Consistently use AES instead of Rijndael128 for the AES-CBC cipher.

2021-12-16T21:47:27+00:00

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33486

crypto: Refactor software support for AEAD ciphers.

2021-12-09T19:52:42+00:00

Extend struct enc_xform to add new members to handle auth operations
for AEAD ciphers.  In particular, AEAD operations in cryptosoft no
longer use a struct auth_hash.  Instead, the setkey and reinit methods
of struct enc_xform are responsible for initializing both the cipher
and auth state.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33196

cryptodev: Allow some CIOCCRYPT operations with an empty payload.

2021-10-06T21:08:47+00:00

If an operation would generate a MAC output (e.g. for digest operation
or for an AEAD or EtA operation), then an empty payload buffer is
valid.  Only reject requests with an empty buffer for "plain" cipher
sessions.

Some of the AES-CCM NIST KAT vectors use an empty payload.

While here, don't advance crp_payload_start for requests that use an
empty payload with an inline IV. (*)

Reported by:	syzbot+d4b94fbd9a44b032f428@syzkaller.appspotmail.com (*)
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32109

cryptodev: Permit CIOCCRYPT for AEAD ciphers.

2021-10-06T21:08:47+00:00

A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32108

cryptodev: Permit explicit IV/nonce and MAC/tag lengths.

2021-10-06T21:08:46+00:00

Add 'ivlen' and 'maclen' fields to the structure used for CIOGSESSION2
to specify the explicit IV/nonce and MAC/tag lengths for crypto
sessions.  If these fields are zero, the default lengths are used.

This permits selecting an alternate nonce length for AEAD ciphers such
as AES-CCM which support multiple nonce leengths.  It also supports
truncated MACs as input to AEAD or ETA requests.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32107