diff mbox series

[API-NEXT,v2,14/20] linux-generic: crypto: rewrite 3DES-CBC support using EVP functions

Message ID 1495490409-30066-15-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v2,1/20] test: crypto: explicitly pass auth_digest_len to crypto subsystem | expand

Commit Message

Github ODP bot May 22, 2017, 10 p.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Rewrite 3DES-CBC to use generic EVP interface following AES-GCM
implementation.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 34 (lumag:crypto-update-main-new)
 ** https://github.com/Linaro/odp/pull/34
 ** Patch: https://github.com/Linaro/odp/pull/34.patch
 ** Base sha: 826ee894aa0ebd09d42a17e1de077c46bc5b366a
 ** Merge commit sha: 7c49c61063e2d57f049a5436cf12a3c36710bb34
 **/
 .../linux-generic/include/odp_crypto_internal.h    |  5 +-
 platform/linux-generic/odp_crypto.c                | 78 ++++++++++------------
 2 files changed, 35 insertions(+), 48 deletions(-)
diff mbox series

Patch

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h
index d6fd0400..f4f1948f 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -11,7 +11,6 @@ 
 extern "C" {
 #endif
 
-#include <openssl/des.h>
 #include <openssl/evp.h>
 
 #define MAX_IV_LEN      64
@@ -44,9 +43,7 @@  struct odp_crypto_generic_session {
 
 		union {
 			struct {
-				DES_key_schedule ks1;
-				DES_key_schedule ks2;
-				DES_key_schedule ks3;
+				uint8_t  key[EVP_MAX_KEY_LENGTH];
 			} des;
 			struct {
 				uint8_t  key[EVP_MAX_KEY_LENGTH];
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index a3f22020..e09a35d9 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -393,10 +393,11 @@  static
 odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param,
 				 odp_crypto_generic_session_t *session)
 {
+	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint32_t len   = param->cipher_range.length;
-	DES_cblock iv;
+	uint32_t plain_len   = param->cipher_range.length;
 	void *iv_ptr;
+	int cipher_len = 0;
 
 	if (param->override_iv_ptr)
 		iv_ptr = param->override_iv_ptr;
@@ -405,24 +406,21 @@  odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param,
 	else
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-	/*
-	 * Create a copy of the IV.  The DES library modifies IV
-	 * and if we are processing packets on parallel threads
-	 * we could get corruption.
-	 */
-	memcpy(iv, iv_ptr, sizeof(iv));
-
-	/* Adjust pointer for beginning of area to cipher */
+	/* Adjust pointer for beginning of area to cipher/auth */
 	data += param->cipher_range.offset;
+
 	/* Encrypt it */
-	DES_ede3_cbc_encrypt(data,
-			     data,
-			     len,
-			     &session->cipher.data.des.ks1,
-			     &session->cipher.data.des.ks2,
-			     &session->cipher.data.des.ks3,
-			     &iv,
-			     1);
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
+			   session->cipher.data.des.key, NULL);
+	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+	EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
+
+	EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
+
+	EVP_CIPHER_CTX_cleanup(ctx);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -431,9 +429,10 @@  static
 odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param,
 				 odp_crypto_generic_session_t *session)
 {
+	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint32_t len   = param->cipher_range.length;
-	DES_cblock iv;
+	uint32_t cipher_len   = param->cipher_range.length;
+	int plain_len = 0;
 	void *iv_ptr;
 
 	if (param->override_iv_ptr)
@@ -443,25 +442,21 @@  odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param,
 	else
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-	/*
-	 * Create a copy of the IV.  The DES library modifies IV
-	 * and if we are processing packets on parallel threads
-	 * we could get corruption.
-	 */
-	memcpy(iv, iv_ptr, sizeof(iv));
-
-	/* Adjust pointer for beginning of area to cipher */
+	/* Adjust pointer for beginning of area to cipher/auth */
 	data += param->cipher_range.offset;
 
 	/* Decrypt it */
-	DES_ede3_cbc_encrypt(data,
-			     data,
-			     len,
-			     &session->cipher.data.des.ks1,
-			     &session->cipher.data.des.ks2,
-			     &session->cipher.data.des.ks3,
-			     &iv,
-			     0);
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
+			   session->cipher.data.des.key, NULL);
+	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+	EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len);
+
+	EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len);
+
+	EVP_CIPHER_CTX_cleanup(ctx);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -472,20 +467,15 @@  static int process_des_param(odp_crypto_generic_session_t *session)
 	if (!((0 == session->p.iv.length) || (8 == session->p.iv.length)))
 		return -1;
 
+	memcpy(session->cipher.data.des.key, session->p.cipher_key.data,
+	       session->p.cipher_key.length);
+
 	/* Set function */
 	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
 		session->cipher.func = des_encrypt;
 	else
 		session->cipher.func = des_decrypt;
 
-	/* Convert keys */
-	DES_set_key((DES_cblock *)&session->p.cipher_key.data[0],
-		    &session->cipher.data.des.ks1);
-	DES_set_key((DES_cblock *)&session->p.cipher_key.data[8],
-		    &session->cipher.data.des.ks2);
-	DES_set_key((DES_cblock *)&session->p.cipher_key.data[16],
-		    &session->cipher.data.des.ks3);
-
 	return 0;
 }