diff options
author | John Baldwin <jhb@FreeBSD.org> | 2021-10-06 21:08:46 +0000 |
---|---|---|
committer | John Baldwin <jhb@FreeBSD.org> | 2021-10-06 21:08:46 +0000 |
commit | 1833d6042c9a0116e8a1198256fd8fbc99cb11ad (patch) | |
tree | 153cabff0be6b97e480addd4eeafc719b697e783 /sys/opencrypto/xform_aes_xts.c | |
parent | cb128893b92994456107d6ca722fdf6e5028eacc (diff) | |
download | src-1833d6042c9a0116e8a1198256fd8fbc99cb11ad.tar.gz src-1833d6042c9a0116e8a1198256fd8fbc99cb11ad.zip |
crypto: Permit variable-sized IVs for ciphers with a reinit hook.
Add a 'len' argument to the reinit hook in 'struct enc_xform' to
permit support for AEAD ciphers such as AES-CCM and Chacha20-Poly1305
which support different nonce lengths.
Reviewed by: markj
Sponsored by: Chelsio Communications, The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32105
Diffstat (limited to 'sys/opencrypto/xform_aes_xts.c')
-rw-r--r-- | sys/opencrypto/xform_aes_xts.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/opencrypto/xform_aes_xts.c b/sys/opencrypto/xform_aes_xts.c index 457535621511..7a79d4685d21 100644 --- a/sys/opencrypto/xform_aes_xts.c +++ b/sys/opencrypto/xform_aes_xts.c @@ -56,7 +56,7 @@ __FBSDID("$FreeBSD$"); static int aes_xts_setkey(void *, const uint8_t *, int); static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *); static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *); -static void aes_xts_reinit(void *, const uint8_t *); +static void aes_xts_reinit(void *, const uint8_t *, size_t); /* Encryption instances */ const struct enc_xform enc_xform_aes_xts = { @@ -77,12 +77,15 @@ const struct enc_xform enc_xform_aes_xts = { * Encryption wrapper routines. */ static void -aes_xts_reinit(void *key, const uint8_t *iv) +aes_xts_reinit(void *key, const uint8_t *iv, size_t ivlen) { struct aes_xts_ctx *ctx = key; uint64_t blocknum; u_int i; + KASSERT(ivlen == sizeof(blocknum), + ("%s: invalid IV length", __func__)); + /* * Prepare tweak as E_k2(IV). IV is specified as LE representation * of a 64-bit block number which we allow to be passed in directly. |