/freebsd/sys/opencrypto/ |
H A D | cbc_mac.h | 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
|
H A D | cbc_mac.c | 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
|
H A D | cryptosoft.c | 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
|
/freebsd/sys/dev/cxgbe/crypto/ |
H A D | t4_crypto.c | 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient.
To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback.
Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
|