git: e148e407df5c - main - ccr: Support AES-CCM requests with truncated tags.

Wed, 06 Oct 2021 14:16:12 -0700 

The branch main has been updated by jhb:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=e148e407df5c8b1c83bcd44da9f4837d94431d02

commit e148e407df5c8b1c83bcd44da9f4837d94431d02
Author:     John Baldwin <j...@freebsd.org>
AuthorDate: 2021-10-06 21:08:48 +0000
Commit:     John Baldwin <j...@freebsd.org>
CommitDate: 2021-10-06 21:08:48 +0000

    ccr: Support AES-CCM requests with truncated tags.
    
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D32117
---
 sys/dev/cxgbe/crypto/t4_crypto.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c
index ca6cd332fa24..b7fa048543b7 100644
--- a/sys/dev/cxgbe/crypto/t4_crypto.c
+++ b/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -1524,6 +1524,29 @@ out:
        crypto_done(crp);
 }
 
+static int
+ccr_ccm_hmac_ctrl(unsigned int authsize)
+{
+       switch (authsize) {
+       case 4:
+               return (SCMD_HMAC_CTRL_PL1);
+       case 6:
+               return (SCMD_HMAC_CTRL_PL2);
+       case 8:
+               return (SCMD_HMAC_CTRL_DIV2);
+       case 10:
+               return (SCMD_HMAC_CTRL_TRUNC_RFC4366);
+       case 12:
+               return (SCMD_HMAC_CTRL_IPSEC_96BIT);
+       case 14:
+               return (SCMD_HMAC_CTRL_PL3);
+       case 16:
+               return (SCMD_HMAC_CTRL_NO_TRUNC);
+       default:
+               __assert_unreachable();
+       }
+}
+
 static void
 generate_ccm_b0(struct cryptop *crp, u_int hash_size_in_response,
     const char *iv, char *b0)
@@ -1783,7 +1806,7 @@ ccr_ccm(struct ccr_softc *sc, struct ccr_session *s, 
struct cryptop *crp)
            V_CPL_TX_SEC_PDU_AUTHINSERT(auth_insert));
 
        /* These two flits are actually a CPL_TLS_TX_SCMD_FMT. */
-       hmac_ctrl = ccr_hmac_ctrl(AES_CBC_MAC_HASH_LEN, hash_size_in_response);
+       hmac_ctrl = ccr_ccm_hmac_ctrl(hash_size_in_response);
        crwr->sec_cpl.seqno_numivs = htobe32(
            V_SCMD_SEQ_NO_CTRL(0) |
            V_SCMD_PROTO_VERSION(SCMD_PROTO_VERSION_GENERIC) |
@@ -2459,9 +2482,6 @@ ccr_probesession(device_t dev, const struct 
crypto_session_params *csp)
                                return (EINVAL);
                        break;
                case CRYPTO_AES_CCM_16:
-                       if (csp->csp_auth_mlen < 0 ||
-                           csp->csp_auth_mlen > AES_CBC_MAC_HASH_LEN)
-                               return (EINVAL);
                        break;
                default:
                        return (EINVAL);

Reply via email to