upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-17 11:39:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/dev/cxgbe/crypto
History
John Baldwin 9039a0fae4 cryptosoft: Fix support for variable tag lengths in AES-CCM. 
The tag length is included as one of the values in the flags byte of
block 0 passed to CBC_MAC, so merely copying the first N bytes is
insufficient.

To avoid adding more sideband data to the CBC MAC software context,
pull the generation of block 0, the AAD length, and AAD padding out of
cbc_mac.c and into cryptosoft.c.  This matches how GCM/GMAC are
handled where the length block is constructed in cryptosoft.c and
passed as an input to the Update callback.  As a result, the CBC MAC
Update() routine is now much simpler and simply performs the
XOR-and-encrypt step on each input block.

While here, avoid a copy to the staging block in the Update routine
when one or more full blocks are passed as input to the Update
callback.

Reviewed by:	sef
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32120

(cherry picked from commit 4361c4eb6e)
2021-10-21 14:19:04 -07:00
..
t4_crypto.c cryptosoft: Fix support for variable tag lengths in AES-CCM. 2021-10-21 14:19:04 -07:00
t4_crypto.h Add support for AES-CCM to ccr(4). 2019-04-24 23:31:46 +00:00
t4_kern_tls.c cxgbe(4): Overhaul CLIP (Compressed Local IPv6) table management. 2021-10-20 10:05:02 -07:00
t4_keyctx.c Explicitly zero AES key schedules on the stack. 2020-06-03 22:18:21 +00:00