diff mbox

[PATCHv2] linux-gen: crypto: fix aes gcm decryption

Message ID 1477925510-6974-1-git-send-email-maxim.uvarov@linaro.org
State Accepted
Commit f09c70ad34d98c5f834868c04a72733615cef88a
Headers show

Commit Message

Maxim Uvarov Oct. 31, 2016, 2:51 p.m. UTC 
We should first initialize, then set up decryption
and only then push blocks for decryption.
https://bugs.linaro.org/show_bug.cgi?id=2571

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>

---
 v2: clear reworking

 btw, it was tested here:
 https://s3.amazonaws.com/archive.travis-ci.org/jobs/171998583/log.txt

 platform/linux-generic/odp_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.7.1.250.gff4ea60

Comments

Maxim Uvarov Oct. 31, 2016, 2:53 p.m. UTC | #1 
On 31 October 2016 at 17:51, Maxim Uvarov <maxim.uvarov@linaro.org> wrote:

> We should first initialize, then set up decryption

> and only then push blocks for decryption.

> https://bugs.linaro.org/show_bug.cgi?id=2571

>

> Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>

> ---

>  v2: clear reworking

>

>

rewording :)



>  btw, it was tested here:

>  https://s3.amazonaws.com/archive.travis-ci.org/jobs/171998583/log.txt

>

>  platform/linux-generic/odp_crypto.c | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

>

> diff --git a/platform/linux-generic/odp_crypto.c

> b/platform/linux-generic/odp_crypto.c

> index c7431e6..9e09d42 100644

> --- a/platform/linux-generic/odp_crypto.c

> +++ b/platform/linux-generic/odp_crypto.c

> @@ -398,6 +398,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t

> *params,

>

>         EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);

>

> +       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);

> +

>         /* Authenticate header data (if any) without encrypting them */

>         if (aad_head < cipherdata) {

>                 EVP_DecryptUpdate(ctx, NULL, &plain_len,

> @@ -414,8 +416,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t

> *params,

>                                   auth_len - (aad_tail - aad_head));

>         }

>

> -       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);

> -

>         if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len)

> < 0)

>                 return ODP_CRYPTO_ALG_ERR_ICV_CHECK;

>

> --

> 2.7.1.250.gff4ea60

>

>
Balakrishna Garapati Nov. 4, 2016, 4:21 p.m. UTC | #2 
Reviewed-by: Balakrishna Garapati <balakrishna.garapati@linaro.org>


/Krishna

On 31 October 2016 at 15:53, Maxim Uvarov <maxim.uvarov@linaro.org> wrote:

> On 31 October 2016 at 17:51, Maxim Uvarov <maxim.uvarov@linaro.org> wrote:

>

> > We should first initialize, then set up decryption

> > and only then push blocks for decryption.

> > https://bugs.linaro.org/show_bug.cgi?id=2571

> >

> > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>

> > ---

> >  v2: clear reworking

> >

> >

> rewording :)

>

>

>

> >  btw, it was tested here:

> >  https://s3.amazonaws.com/archive.travis-ci.org/jobs/171998583/log.txt

> >

> >  platform/linux-generic/odp_crypto.c | 4 ++--

> >  1 file changed, 2 insertions(+), 2 deletions(-)

> >

> > diff --git a/platform/linux-generic/odp_crypto.c

> > b/platform/linux-generic/odp_crypto.c

> > index c7431e6..9e09d42 100644

> > --- a/platform/linux-generic/odp_crypto.c

> > +++ b/platform/linux-generic/odp_crypto.c

> > @@ -398,6 +398,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_

> params_t

> > *params,

> >

> >         EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);

> >

> > +       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);

> > +

> >         /* Authenticate header data (if any) without encrypting them */

> >         if (aad_head < cipherdata) {

> >                 EVP_DecryptUpdate(ctx, NULL, &plain_len,

> > @@ -414,8 +416,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_

> params_t

> > *params,

> >                                   auth_len - (aad_tail - aad_head));

> >         }

> >

> > -       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);

> > -

> >         if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len)

> > < 0)

> >                 return ODP_CRYPTO_ALG_ERR_ICV_CHECK;

> >

> > --

> > 2.7.1.250.gff4ea60

> >

> >

>
Maxim Uvarov Nov. 7, 2016, 1:44 p.m. UTC | #3 
Merged,
Maxim.

On 11/04/16 19:21, Krishna Garapati wrote:
> Reviewed-by: Balakrishna Garapati <balakrishna.garapati@linaro.org 

> <mailto:balakrishna.garapati@linaro.org>>

>

> /Krishna

>

> On 31 October 2016 at 15:53, Maxim Uvarov <maxim.uvarov@linaro.org 

> <mailto:maxim.uvarov@linaro.org>> wrote:

>

>     On 31 October 2016 at 17:51, Maxim Uvarov <maxim.uvarov@linaro.org

>     <mailto:maxim.uvarov@linaro.org>> wrote:

>

>     > We should first initialize, then set up decryption

>     > and only then push blocks for decryption.

>     > https://bugs.linaro.org/show_bug.cgi?id=2571

>     <https://bugs.linaro.org/show_bug.cgi?id=2571>

>     >

>     > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org

>     <mailto:maxim.uvarov@linaro.org>>

>     > ---

>     >  v2: clear reworking

>     >

>     >

>     rewording :)

>

>

>

>     >  btw, it was tested here:

>     >

>     https://s3.amazonaws.com/archive.travis-ci.org/jobs/171998583/log.txt

>     <https://s3.amazonaws.com/archive.travis-ci.org/jobs/171998583/log.txt>

>     >

>     >  platform/linux-generic/odp_crypto.c | 4 ++--

>     >  1 file changed, 2 insertions(+), 2 deletions(-)

>     >

>     > diff --git a/platform/linux-generic/odp_crypto.c

>     > b/platform/linux-generic/odp_crypto.c

>     > index c7431e6..9e09d42 100644

>     > --- a/platform/linux-generic/odp_crypto.c

>     > +++ b/platform/linux-generic/odp_crypto.c

>     > @@ -398,6 +398,8 @@ odp_crypto_alg_err_t

>     aes_gcm_decrypt(odp_crypto_op_params_t

>     > *params,

>     >

>     >         EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);

>     >

>     > +       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);

>     > +

>     >         /* Authenticate header data (if any) without encrypting

>     them */

>     >         if (aad_head < cipherdata) {

>     >                 EVP_DecryptUpdate(ctx, NULL, &plain_len,

>     > @@ -414,8 +416,6 @@ odp_crypto_alg_err_t

>     aes_gcm_decrypt(odp_crypto_op_params_t

>     > *params,

>     >                                   auth_len - (aad_tail - aad_head));

>     >         }

>     >

>     > -       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);

>     > -

>     >         if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len,

>     &plain_len)

>     > < 0)

>     >                 return ODP_CRYPTO_ALG_ERR_ICV_CHECK;

>     >

>     > --

>     > 2.7.1.250.gff4ea60

>     >

>     >

>

>
diff mbox

Patch

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index c7431e6..9e09d42 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -398,6 +398,8 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params,
 
 	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
+
 	/* Authenticate header data (if any) without encrypting them */
 	if (aad_head < cipherdata) {
 		EVP_DecryptUpdate(ctx, NULL, &plain_len,
@@ -414,8 +416,6 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params,
 				  auth_len - (aad_tail - aad_head));
 	}
 
-	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
-
 	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0)
 		return ODP_CRYPTO_ALG_ERR_ICV_CHECK;