Project

General

Profile

Actions

Bug #12390

closed

AES: aes_mech_info_tab error

Added by jing zhang over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

This appears to be a syntax fix in relation to each block. It appears that the character should be a comma instead of a pipe. Testing before the change and after the change with crypto tests checks out in both forms.

usr/src/uts/common/crypto/io/aes.c
@@ -75,7 +75,7 @@ static crypto_mech_info_t aes_mech_info_tab[] = {
    /* AES_CMAC */
    {SUN_CKM_AES_CMAC, AES_CMAC_MECH_INFO_TYPE,
        CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
-        CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC |
+        CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC,
        AES_MIN_KEY_BYTES, AES_MAX_KEY_BYTES, CRYPTO_KEYSIZE_UNIT_IN_BYTES},
    /* AES_CTR */
    {SUN_CKM_AES_CTR, AES_CTR_MECH_INFO_TYPE,

Files

12390.crypto_test_log.tgz (274 KB) 12390.crypto_test_log.tgz Nick Ewins, 2020-06-09 03:34 PM
Actions #1

Updated by Nick Ewins over 1 year ago

  • Assignee set to Nick Ewins
Actions #2

Updated by Nick Ewins over 1 year ago

  • % Done changed from 0 to 90

To test, I built and booted a BE containing this change and then ran the crypto digest tests which all passed.

Actions #3

Updated by Brian Bennett over 1 year ago

I'd like to see some description of what exactly was wrong with the old code, other than a patch. What is it that misbehaves with the current code? How is it triggered, and under what circumstances?

The test suite passes after this change...was it failing before?

Actions #4

Updated by Nick Ewins over 1 year ago

  • Description updated (diff)
Actions #5

Updated by Jason King over 1 year ago

If you look at the definition of crypto_mech_info_t, it's fairly obviously wrong. The next field is a bitmap of the operations supported.. by wrongly bitwise-ORing the minimum key size in bytes (16) along with the rest of the supported operations, it was falsely advertising that AES supports CRYPTO_FG_SIGN_RECOVER.

It ends up being mostly a discovery problem where it's advertising incorrect values.

Actions #6

Updated by Electric Monk over 1 year ago

  • Status changed from New to Closed
  • % Done changed from 90 to 100

git commit 82c3f1a85d940e88355a055831c2d279c69c59e6

commit  82c3f1a85d940e88355a055831c2d279c69c59e6
Author: Nick Ewins <nick@krypton.computer>
Date:   2020-06-09T14:40:45.000Z

    12390 AES: aes_mech_info_tab error
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Reviewed by: Matt Barden <mbarden@tintri.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions #7

Updated by Nick Ewins over 1 year ago

crypto digest test log showing all passed.

Actions

Also available in: Atom PDF