[API-NEXT,v5,13/23] linux-generic: crypto: merge AES-CBC and 3DES-CBC support

Message ID 20170601090339.9313-14-dmitry.ereminsolenikov@linaro.org
State Accepted
Commit 2210dc7d26125ac9b8b51fa4de7b2b72e4e8f13e
Headers show
Series
  • Major cryptography code rework
Related show

Commit Message

Dmitry Eremin-Solenikov June 1, 2017, 9:03 a.m.
There is now nearly no difference between AES-CBC and 3DES-CBC code.
Merge it into generic 'cipher' support, easing adding support for other
ciphers in future.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
 .../linux-generic/include/odp_crypto_internal.h    |  13 +-
 platform/linux-generic/odp_crypto.c                | 153 +++++----------------
 2 files changed, 40 insertions(+), 126 deletions(-)

-- 
2.11.0

Patch

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h
index f4f1948f898d..c3b70b23142c 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -40,18 +40,9 @@  struct odp_crypto_generic_session {
 	struct {
 		/* Copy of session IV data */
 		uint8_t iv_data[MAX_IV_LEN];
+		uint8_t key_data[EVP_MAX_KEY_LENGTH];
 
-		union {
-			struct {
-				uint8_t  key[EVP_MAX_KEY_LENGTH];
-			} des;
-			struct {
-				uint8_t  key[EVP_MAX_KEY_LENGTH];
-			} aes;
-			struct {
-				uint8_t  key[EVP_MAX_KEY_LENGTH];
-			} aes_gcm;
-		} data;
+		const EVP_CIPHER *evp_cipher;
 		crypto_func_t func;
 	} cipher;
 
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index bff712d18cdf..2ba077f9dcd9 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -178,8 +178,8 @@  odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param,
 }
 
 static
-odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param,
+				    odp_crypto_generic_session_t *session)
 {
 	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
@@ -199,8 +199,8 @@  odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
 
 	/* Encrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-			   session->cipher.data.aes.key, NULL);
+	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
@@ -214,8 +214,8 @@  odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
 }
 
 static
-odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param,
+				    odp_crypto_generic_session_t *session)
 {
 	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
@@ -235,8 +235,8 @@  odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
 
 	/* Decrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-			   session->cipher.data.aes.key, NULL);
+	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
@@ -249,20 +249,29 @@  odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
-static int process_aes_param(odp_crypto_generic_session_t *session)
+static int process_cipher_param(odp_crypto_generic_session_t *session,
+				const EVP_CIPHER *cipher)
 {
-	/* Verify IV len is either 0 or 16 */
-	if (!((0 == session->p.iv.length) || (16 == session->p.iv.length)))
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.cipher_key.length)
 		return -1;
 
-	memcpy(session->cipher.data.aes.key, session->p.cipher_key.data,
+	/* Verify IV len is correct */
+	if (!((0 == session->p.iv.length) ||
+	      ((uint32_t)EVP_CIPHER_iv_length(cipher) == session->p.iv.length)))
+		return -1;
+
+	session->cipher.evp_cipher = cipher;
+
+	memcpy(session->cipher.key_data, session->p.cipher_key.data,
 	       session->p.cipher_key.length);
 
 	/* Set function */
 	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->cipher.func = aes_encrypt;
+		session->cipher.func = cipher_encrypt;
 	else
-		session->cipher.func = aes_decrypt;
+		session->cipher.func = cipher_decrypt;
 
 	return 0;
 }
@@ -292,8 +301,8 @@  odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 
 	/* Encrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
-			   session->cipher.data.aes_gcm.key, NULL);
+	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
 			    session->p.iv.length, NULL);
 	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
@@ -340,8 +349,8 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 
 	/* Decrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
-			   session->cipher.data.aes_gcm.key, NULL);
+	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
 			    session->p.iv.length, NULL);
 	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
@@ -365,15 +374,19 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
-static int process_aes_gcm_param(odp_crypto_generic_session_t *session)
+static int process_aes_gcm_param(odp_crypto_generic_session_t *session,
+				 const EVP_CIPHER *cipher)
 {
-	/* Verify Key len is 16 */
-	if (session->p.cipher_key.length != 16)
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.cipher_key.length)
 		return -1;
 
-	memcpy(session->cipher.data.aes_gcm.key, session->p.cipher_key.data,
+	memcpy(session->cipher.key_data, session->p.cipher_key.data,
 	       session->p.cipher_key.length);
 
+	session->cipher.evp_cipher = cipher;
+
 	/* Set function */
 	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
 		session->cipher.func = aes_gcm_encrypt;
@@ -383,96 +396,6 @@  static int process_aes_gcm_param(odp_crypto_generic_session_t *session)
 	return 0;
 }
 
-static
-odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
-{
-	EVP_CIPHER_CTX *ctx;
-	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint32_t plain_len   = param->cipher_range.length;
-	void *iv_ptr;
-	int cipher_len = 0;
-
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
-	else
-		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
-
-	/* Adjust pointer for beginning of area to cipher/auth */
-	data += param->cipher_range.offset;
-
-	/* Encrypt it */
-	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
-			   session->cipher.data.des.key, NULL);
-	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-	EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
-
-	EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
-
-	EVP_CIPHER_CTX_cleanup(ctx);
-
-	return ODP_CRYPTO_ALG_ERR_NONE;
-}
-
-static
-odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
-{
-	EVP_CIPHER_CTX *ctx;
-	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint32_t cipher_len   = param->cipher_range.length;
-	int plain_len = 0;
-	void *iv_ptr;
-
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
-	else
-		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
-
-	/* Adjust pointer for beginning of area to cipher/auth */
-	data += param->cipher_range.offset;
-
-	/* Decrypt it */
-	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
-			   session->cipher.data.des.key, NULL);
-	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-	EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len);
-
-	EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len);
-
-	EVP_CIPHER_CTX_cleanup(ctx);
-
-	return ODP_CRYPTO_ALG_ERR_NONE;
-}
-
-static int process_des_param(odp_crypto_generic_session_t *session)
-{
-	/* Verify IV len is either 0 or 8 */
-	if (!((0 == session->p.iv.length) || (8 == session->p.iv.length)))
-		return -1;
-
-	memcpy(session->cipher.data.des.key, session->p.cipher_key.data,
-	       session->p.cipher_key.length);
-
-	/* Set function */
-	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->cipher.func = des_encrypt;
-	else
-		session->cipher.func = des_decrypt;
-
-	return 0;
-}
-
 static int process_auth_param(odp_crypto_generic_session_t *session,
 			      uint32_t key_length,
 			      const EVP_MD *evp_md)
@@ -656,13 +579,13 @@  odp_crypto_session_create(odp_crypto_session_param_t *param,
 		break;
 	case ODP_CIPHER_ALG_DES:
 	case ODP_CIPHER_ALG_3DES_CBC:
-		rc = process_des_param(session);
+		rc = process_cipher_param(session, EVP_des_ede3_cbc());
 		break;
 	case ODP_CIPHER_ALG_AES_CBC:
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_CBC:
 #endif
-		rc = process_aes_param(session);
+		rc = process_cipher_param(session, EVP_aes_128_cbc());
 		break;
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_GCM:
@@ -674,7 +597,7 @@  odp_crypto_session_create(odp_crypto_session_param_t *param,
 		/* AES-GCM requires to do both auth and
 		 * cipher at the same time */
 		if (param->auth_alg == ODP_AUTH_ALG_AES_GCM || aes_gcm)
-			rc = process_aes_gcm_param(session);
+			rc = process_aes_gcm_param(session, EVP_aes_128_gcm());
 		else
 			rc = -1;
 		break;