[API-NEXT,v5,13/23] linux-generic: crypto: merge AES-CBC and 3DES-CBC support

Message ID	20170601090339.9313-14-dmitry.ereminsolenikov@linaro.org
State	Accepted
Commit	2210dc7d26125ac9b8b51fa4de7b2b72e4e8f13e
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> To: lng-odp@lists.linaro.org Date: Thu, 1 Jun 2017 12:03:29 +0300 Message-Id: <20170601090339.9313-14-dmitry.ereminsolenikov@linaro.org> In-Reply-To: <20170601090339.9313-1-dmitry.ereminsolenikov@linaro.org> References: <20170601090339.9313-1-dmitry.ereminsolenikov@linaro.org> Subject: [lng-odp] [PATCH API-NEXT v5 13/23] linux-generic: crypto: merge AES-CBC and 3DES-CBC support Precedence: list Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>
Series	Major cryptography code rework \| expand [API-NEXT,v5,00/23] Major cryptography code rework [API-NEXT,v5,01/23] validation: crypto: explicitly pass auth_digest_len to crypto subsystem [API-NEXT,v5,02/23] validation: crypto: explicitly pass AAD to crypto subsystem [API-NEXT,v5,03/23] test: odp_crypto: update performance test to set auth_digest_length [API-NEXT,v5,04/23] example: ipsec: set auth_digest_len [API-NEXT,v5,05/23] linux-generic: crypto: use auth_digest_len when calculating HMACs [API-NEXT,v5,06/23] linux-generic: crypto: add SHA* capabilities for full length digests [API-NEXT,v5,07/23] linux-generic: crypto: update AES-GCM support to reflect aad and auth_digest_len [API-NEXT,v5,08/23] linux-generic: crypto: remote extra memcpy in AES-GCM [API-NEXT,v5,09/23] linux-generic: crypto: make AES-GCM thread safe [API-NEXT,v5,10/23] linux-generic: crypto: explicitly disable padding for AES-GCM [API-NEXT,v5,11/23] linux-generic: crypto: rewrite AES-CBC support using EVP functions [API-NEXT,v5,12/23] linux-generic: crypto: rewrite 3DES-CBC support using EVP functions [API-NEXT,v5,13/23] linux-generic: crypto: merge AES-CBC and 3DES-CBC support [API-NEXT,v5,14/23] linux-generic: crypto: make HMAC work across segmented packets [API-NEXT,v5,15/23] linux-generic: crypto: make en/decryption work across packet segments [API-NEXT,v5,16/23] linux-generic: crypto: NULL session->next pointer on session allocation [API-NEXT,v5,17/23] test: odp_crypto: bail out if odp_crypto_session_create failed [API-NEXT,v5,18/23] crypto: linux-generic: add capabilities for CIPHER_NULL and AUTH_NULL [API-NEXT,v5,19/23] validation: crypto: add tests for NULL cipher [API-NEXT,v5,20/23] validation: crypto: add HMAC-SHA-1 test cases [API-NEXT,v5,21/23] validation: crypto: add HMAC-SHA-512 test cases [API-NEXT,v5,22/23] linux-generic: crypto: add SHA-1 authentication support [API-NEXT,v5,23/23] linux-generic: crypto: add HMAC-SHA-512 authentication support

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index f4f1948f898d..c3b70b23142c 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -40,18 +40,9 @@ struct odp_crypto_generic_session { struct { /* Copy of session IV data */ uint8_t iv_data[MAX_IV_LEN]; + uint8_t key_data[EVP_MAX_KEY_LENGTH]; - union { - struct { - uint8_t key[EVP_MAX_KEY_LENGTH]; - } des; - struct { - uint8_t key[EVP_MAX_KEY_LENGTH]; - } aes; - struct { - uint8_t key[EVP_MAX_KEY_LENGTH]; - } aes_gcm; - } data; + const EVP_CIPHER *evp_cipher; crypto_func_t func; } cipher; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index bff712d18cdf..2ba077f9dcd9 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -178,8 +178,8 @@ odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param, } static -odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) +odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param, + odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); @@ -199,8 +199,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, /* Encrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, - session->cipher.data.aes.key, NULL); + EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -214,8 +214,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, } static -odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) +odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param, + odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); @@ -235,8 +235,8 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, /* Decrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, - session->cipher.data.aes.key, NULL); + EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -249,20 +249,29 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, return ODP_CRYPTO_ALG_ERR_NONE; } -static int process_aes_param(odp_crypto_generic_session_t *session) +static int process_cipher_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) { - /* Verify IV len is either 0 or 16 */ - if (!((0 == session->p.iv.length) || (16 == session->p.iv.length))) + /* Verify Key len is valid */ + if ((uint32_t)EVP_CIPHER_key_length(cipher) != + session->p.cipher_key.length) return -1; - memcpy(session->cipher.data.aes.key, session->p.cipher_key.data, + /* Verify IV len is correct */ + if (!((0 == session->p.iv.length) || + ((uint32_t)EVP_CIPHER_iv_length(cipher) == session->p.iv.length))) + return -1; + + session->cipher.evp_cipher = cipher; + + memcpy(session->cipher.key_data, session->p.cipher_key.data, session->p.cipher_key.length); /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) - session->cipher.func = aes_encrypt; + session->cipher.func = cipher_encrypt; else - session->cipher.func = aes_decrypt; + session->cipher.func = cipher_decrypt; return 0; } @@ -292,8 +301,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, /* Encrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, - session->cipher.data.aes_gcm.key, NULL); + EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, session->p.iv.length, NULL); EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); @@ -340,8 +349,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, /* Decrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, - session->cipher.data.aes_gcm.key, NULL); + EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, session->p.iv.length, NULL); EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); @@ -365,15 +374,19 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, return ODP_CRYPTO_ALG_ERR_NONE; } -static int process_aes_gcm_param(odp_crypto_generic_session_t *session) +static int process_aes_gcm_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) { - /* Verify Key len is 16 */ - if (session->p.cipher_key.length != 16) + /* Verify Key len is valid */ + if ((uint32_t)EVP_CIPHER_key_length(cipher) != + session->p.cipher_key.length) return -1; - memcpy(session->cipher.data.aes_gcm.key, session->p.cipher_key.data, + memcpy(session->cipher.key_data, session->p.cipher_key.data, session->p.cipher_key.length); + session->cipher.evp_cipher = cipher; + /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = aes_gcm_encrypt; @@ -383,96 +396,6 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session) return 0; } -static -odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) -{ - EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t plain_len = param->cipher_range.length; - void *iv_ptr; - int cipher_len = 0; - - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; - else - return ODP_CRYPTO_ALG_ERR_IV_INVALID; - - /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - - /* Encrypt it */ - ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, - session->cipher.data.des.key, NULL); - EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); - EVP_CIPHER_CTX_set_padding(ctx, 0); - - EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); - - EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); - - EVP_CIPHER_CTX_cleanup(ctx); - - return ODP_CRYPTO_ALG_ERR_NONE; -} - -static -odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) -{ - EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t cipher_len = param->cipher_range.length; - int plain_len = 0; - void *iv_ptr; - - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; - else - return ODP_CRYPTO_ALG_ERR_IV_INVALID; - - /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - - /* Decrypt it */ - ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, - session->cipher.data.des.key, NULL); - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); - EVP_CIPHER_CTX_set_padding(ctx, 0); - - EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); - - EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); - - EVP_CIPHER_CTX_cleanup(ctx); - - return ODP_CRYPTO_ALG_ERR_NONE; -} - -static int process_des_param(odp_crypto_generic_session_t *session) -{ - /* Verify IV len is either 0 or 8 */ - if (!((0 == session->p.iv.length) || (8 == session->p.iv.length))) - return -1; - - memcpy(session->cipher.data.des.key, session->p.cipher_key.data, - session->p.cipher_key.length); - - /* Set function */ - if (ODP_CRYPTO_OP_ENCODE == session->p.op) - session->cipher.func = des_encrypt; - else - session->cipher.func = des_decrypt; - - return 0; -} - static int process_auth_param(odp_crypto_generic_session_t *session, uint32_t key_length, const EVP_MD *evp_md) @@ -656,13 +579,13 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, break; case ODP_CIPHER_ALG_DES: case ODP_CIPHER_ALG_3DES_CBC: - rc = process_des_param(session); + rc = process_cipher_param(session, EVP_des_ede3_cbc()); break; case ODP_CIPHER_ALG_AES_CBC: #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: #endif - rc = process_aes_param(session); + rc = process_cipher_param(session, EVP_aes_128_cbc()); break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: @@ -674,7 +597,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* AES-GCM requires to do both auth and * cipher at the same time */ if (param->auth_alg == ODP_AUTH_ALG_AES_GCM || aes_gcm) - rc = process_aes_gcm_param(session); + rc = process_aes_gcm_param(session, EVP_aes_128_gcm()); else rc = -1; break;

[API-NEXT,v5,13/23] linux-generic: crypto: merge AES-CBC and 3DES-CBC support

Commit Message

Patch