From patchwork Thu Jun  1 09:03:25 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Eremin-Solenikov
 <dmitry.ereminsolenikov@linaro.org>
X-Patchwork-Id: 100846
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp708098qge;
 Thu, 1 Jun 2017 02:10:39 -0700 (PDT)
X-Received: by 10.55.101.209 with SMTP id z200mr426080qkb.50.1496308239742; 
 Thu, 01 Jun 2017 02:10:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1496308239; cv=none;
 d=google.com; s=arc-20160816;
 b=JMcbDWTsDWRyCGzYMK+i1/OPAewJGg3uFrqk2Z6jDIEF4tO7dio1NWeqr05AF8t0FO
 d0mP89wB+Iac9propVnPozKyitNtXmXs8HeyWyqTZGTEcGG4olZtyREsVYF6xVjh/5xL
 uZg5B0GnSTuFf7cBM5doZbJcadVoekQZJgeRYuJEpv35FVr4tXhMjLj/WeT1swKbzOvI
 P4lpdojtOqoITRJEQhPi/QaXIYfyuxcS2YgBqMp6CeXTIho8lb/nv+9KSifDz3MNrYq/
 R0rJOAfsjwi80jHyU4GUzxovKSyJMXtbbmM1dtej49rQlQTrYwK7PSCGwKbTFIDdkGru
 +z6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:delivered-to:arc-authentication-results;
 bh=aaDht63rWicF6bPCJrNUMUIiYDsQRq2LZ96lyVms7bs=;
 b=r8UMHNdp8LfZ52183FUkf1iQYawyj8zpbzdUYOG4Z8M9JUV9rA+zb1ATZG//5ZOpA/
 Q9toijBbpIuDNzBgZ8U+Z4HlXNCi7YiLOdJ82awVxucW/tUjsH5/3yvai0xif7mRjTjY
 cKGrW4NtxBB2FPyQMxdBh1QS2acLlcrJatVl1yJv2C/vxrLfW/03GNCrn32YaAxJKszo
 RkwLjlTcWBM9siNZlpvqMOow3X6IlEr4ivXGLPtTfLb/1ysaxpV+ncDtI5PBrNLE367X
 4PfycFNuNzfjIKF86WaYOP5hey0C65EjRc7NKVeye0ELzznDqEuJUfIwdJoBxtHXhgvz
 i1Yg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.225.227.206 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <lng-odp-bounces@lists.linaro.org>
Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206])
 by mx.google.com with ESMTP id
 y54si18989557qtc.329.2017.06.01.02.10.39; 
 Thu, 01 Jun 2017 02:10:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.225.227.206 as permitted sender)
 client-ip=54.225.227.206; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.225.227.206 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id 568E160921; Thu,  1 Jun 2017 09:10:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, 
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_SORBS_SPAM,
 URIBL_BLOCKED autolearn=disabled version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id B95BC609DC;
 Thu,  1 Jun 2017 09:05:18 +0000 (UTC)
X-Original-To: lng-odp@lists.linaro.org
Delivered-To: lng-odp@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id ACED760972; Thu,  1 Jun 2017 09:05:14 +0000 (UTC)
Received: from mail-lf0-f54.google.com (mail-lf0-f54.google.com
 [209.85.215.54])
 by lists.linaro.org (Postfix) with ESMTPS id 3A765609F0
 for <lng-odp@lists.linaro.org>; Thu,  1 Jun 2017 09:03:53 +0000 (UTC)
Received: by mail-lf0-f54.google.com with SMTP id c184so17850340lfe.2
 for <lng-odp@lists.linaro.org>; Thu, 01 Jun 2017 02:03:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references;
 bh=aaDht63rWicF6bPCJrNUMUIiYDsQRq2LZ96lyVms7bs=;
 b=RuElGS8qeWGzq5YX8BCSNjzjTvo05psgnra6tUhqCJf+l4Y2Z3TWX5g1XCRJKKaHZx
 AvB+ZOV35SoYDSbsmh/llqMnZR+nTt5xxU1SU9WkYuWpccqTlt+GYqrKaVFB5uSrzuN8
 lofwiOYfwWmpSQrAqZhBHlNDYgF6E+/k/2bHuIB8JbmL1uJ9TFt+N1lAcmUU7rmPowxa
 8+d8nMaEy+r0zhN7ZBS5kjF1OYsF0Eq2N1mIf4U38zEwYtmHbN+A7WOLmBjPWq3bZ8nC
 53b0oITMz37cx6m2TslUd+VMGOCTFzHTOEh39lB5UrKWImdCFjcelx6plhHJxg+aqvFM
 0llQ==
X-Gm-Message-State: AODbwcC3kOytEErXCE/tNllPLdw74+E5R1g/fSQkWyRfclRjhOE4svfp
 gaUgbNB+YBvCyD4sQHXTfkEN
X-Received: by 10.25.149.202 with SMTP id x193mr205486lfd.100.1496307831806; 
 Thu, 01 Jun 2017 02:03:51 -0700 (PDT)
Received: from forlindon.lumag.auriga.ru ([188.162.64.12])
 by smtp.gmail.com with ESMTPSA id
 129sm4232819ljf.36.2017.06.01.02.03.50 for <lng-odp@lists.linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 01 Jun 2017 02:03:51 -0700 (PDT)
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
To: lng-odp@lists.linaro.org
Date: Thu,  1 Jun 2017 12:03:25 +0300
Message-Id: <20170601090339.9313-10-dmitry.ereminsolenikov@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170601090339.9313-1-dmitry.ereminsolenikov@linaro.org>
References: <20170601090339.9313-1-dmitry.ereminsolenikov@linaro.org>
Subject: [lng-odp] [PATCH API-NEXT v5 09/23] linux-generic: crypto: make
 AES-GCM thread safe
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "The OpenDataPlane \(ODP\) List" <lng-odp.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/lng-odp/>
List-Post: <mailto:lng-odp@lists.linaro.org>
List-Help: <mailto:lng-odp-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

Using single context for all operations is not thread safe: multiple
threads can access the same context in parallel, affecting its internal
state. Make AES-GCM functions use local context for en/decryption
operations.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
---
 .../linux-generic/include/odp_crypto_internal.h    |  2 +-
 platform/linux-generic/odp_crypto.c                | 84 ++++++++++------------
 2 files changed, 38 insertions(+), 48 deletions(-)

-- 
2.11.0

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h
index 515cefaa06cc..d1020dba3edd 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -53,7 +53,7 @@ struct odp_crypto_generic_session {
 				AES_KEY key;
 			} aes;
 			struct {
-				EVP_CIPHER_CTX *ctx;
+				uint8_t  key[EVP_MAX_KEY_LENGTH];
 			} aes_gcm;
 		} data;
 		crypto_func_t func;
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 3f298485caef..3deec7de3f7c 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -265,11 +265,13 @@ static
 odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 				     odp_crypto_generic_session_t *session)
 {
+	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
 	uint32_t plain_len   = param->cipher_range.length;
 	const uint8_t *aad_head = param->aad.ptr;
 	uint32_t aad_len = param->aad.length;
 	void *iv_ptr;
+	int cipher_len = 0;
 	uint8_t *tag = data + param->hash_result_offset;
 
 	if (param->override_iv_ptr)
@@ -280,12 +282,14 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
 	/* Adjust pointer for beginning of area to cipher/auth */
-	uint8_t *plaindata = data + param->cipher_range.offset;
+	data += param->cipher_range.offset;
 
 	/* Encrypt it */
-	EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
-	int cipher_len = 0;
-
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
+			   session->cipher.data.aes_gcm.key, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+			    session->p.iv.length, NULL);
 	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
 	/* Authenticate header data (if any) without encrypting them */
@@ -293,13 +297,14 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 		EVP_EncryptUpdate(ctx, NULL, &cipher_len,
 				  aad_head, aad_len);
 
-	EVP_EncryptUpdate(ctx, plaindata, &cipher_len,
-			  plaindata, plain_len);
+	EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
 
-	EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len);
+	EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
 	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
 			    session->p.auth_digest_len, tag);
 
+	EVP_CIPHER_CTX_free(ctx);
+
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
@@ -307,10 +312,12 @@ static
 odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 				     odp_crypto_generic_session_t *session)
 {
+	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
 	uint32_t cipher_len   = param->cipher_range.length;
 	const uint8_t *aad_head = param->aad.ptr;
 	uint32_t aad_len = param->aad.length;
+	int plain_len = 0;
 	void *iv_ptr;
 	uint8_t *tag   = data + param->hash_result_offset;
 
@@ -322,11 +329,14 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
 	/* Adjust pointer for beginning of area to cipher/auth */
-	uint8_t *cipherdata = data + param->cipher_range.offset;
-	/* Encrypt it */
-	EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
-	int plain_len = 0;
+	data += param->cipher_range.offset;
 
+	/* Decrypt it */
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
+			   session->cipher.data.aes_gcm.key, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+			    session->p.iv.length, NULL);
 	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
 	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
@@ -337,12 +347,13 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 		EVP_DecryptUpdate(ctx, NULL, &plain_len,
 				  aad_head, aad_len);
 
-	EVP_DecryptUpdate(ctx, cipherdata, &plain_len,
-			  cipherdata, cipher_len);
+	EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len);
 
-	if (EVP_DecryptFinal_ex(ctx, cipherdata + plain_len, &plain_len) <= 0)
+	if (EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len) <= 0)
 		return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
 
+	EVP_CIPHER_CTX_free(ctx);
+
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
@@ -352,27 +363,14 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session)
 	if (session->p.cipher_key.length != 16)
 		return -1;
 
-	/* Set function */
-	EVP_CIPHER_CTX *ctx =
-		session->cipher.data.aes_gcm.ctx = EVP_CIPHER_CTX_new();
+	memcpy(session->cipher.data.aes_gcm.key, session->p.cipher_key.data,
+	       session->p.cipher_key.length);
 
-	if (ODP_CRYPTO_OP_ENCODE == session->p.op) {
+	/* Set function */
+	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
 		session->cipher.func = aes_gcm_encrypt;
-		EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
-	} else {
+	else
 		session->cipher.func = aes_gcm_decrypt;
-		EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
-	}
-
-	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
-			    session->p.iv.length, NULL);
-	if (ODP_CRYPTO_OP_ENCODE == session->p.op) {
-		EVP_EncryptInit_ex(ctx, NULL, NULL,
-				   session->p.cipher_key.data, NULL);
-	} else {
-		EVP_DecryptInit_ex(ctx, NULL, NULL,
-				   session->p.cipher_key.data, NULL);
-	}
 
 	return 0;
 }
@@ -635,17 +633,16 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 	/* Copy parameters */
 	session->p = *param;
 
-	/* Copy IV data */
-	if (session->p.iv.data) {
-		if (session->p.iv.length > MAX_IV_LEN) {
-			ODP_DBG("Maximum IV length exceeded\n");
-			free_session(session);
-			return -1;
-		}
+	if (session->p.iv.length > MAX_IV_LEN) {
+		ODP_DBG("Maximum IV length exceeded\n");
+		free_session(session);
+		return -1;
+	}
 
+	/* Copy IV data */
+	if (session->p.iv.data)
 		memcpy(session->cipher.iv_data, session->p.iv.data,
 		       session->p.iv.length);
-	}
 
 	/* Derive order */
 	if (ODP_CRYPTO_OP_ENCODE == param->op)
@@ -757,15 +754,8 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 int odp_crypto_session_destroy(odp_crypto_session_t session)
 {
 	odp_crypto_generic_session_t *generic;
-	int aes_gcm = 0;
 
 	generic = (odp_crypto_generic_session_t *)(intptr_t)session;
-#if ODP_DEPRECATED_API
-	if (generic->p.cipher_alg == ODP_CIPHER_ALG_AES128_GCM)
-		aes_gcm = 1;
-#endif
-	if (generic->p.cipher_alg == ODP_CIPHER_ALG_AES_GCM || aes_gcm)
-		EVP_CIPHER_CTX_free(generic->cipher.data.aes_gcm.ctx);
 	memset(generic, 0, sizeof(*generic));
 	free_session(generic);
 	return 0;