From patchwork Wed May 17 03:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 99898 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp39050qge; Tue, 16 May 2017 20:00:56 -0700 (PDT) X-Received: by 10.55.215.65 with SMTP id m62mr883823qki.286.1494990056541; Tue, 16 May 2017 20:00:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494990056; cv=none; d=google.com; s=arc-20160816; b=JgL3Vf8v/X5tfl26fkums6wCcb6S79vm1bd9PFztuLxKKtOCTPZ7y+Y7A8Yqsz0HmE K6RB/ZJnQDaxJRKx91ICPSQxiN4f4E2YjTduQzLCLEMZC19Y61j3bu96zaKezr0mkxqJ KtOWeiWv+kjCvcXZbmB4KXZiyNhP3MidyYpSGtVUvavHgVbOVnfb6ZsiTprBhU6IYNyI WOf+X8/BKLA0A4V1OdH5TirxcRNe2PrzXJi14OamBocvo6D2rzezQz+OgZHQSKFAp6+p +hxIq9+xNsL0deqm/R0vMuRftLJBIea/Zn2RuBsQ1/4e3bX2jse7UnwfftPbMXTNByse F8/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=S591x/YLq+0GnE+iJ8tcUuqyu8LR92XAO4b3bChN6Qw=; b=MhfAwx+ExMW42HrRyzZvJk6D2kL/8uPP1RRfp72qODHHCovPFmyTgatic8fEZu+yll heZQMtYexnGqcIVk54FjHUVvlTyFoEgKvoGGa87C/7yOAkeMx8WDtbQQJn8nuQnbfjP/ qJ1D0sqJpUIyFKWDEqnMSerSgL/uSVwa7TTtpUAejTFvY0BB7NL+vh7TwkhAtO32OAPC 2ghFBVACPJ6PfEmO+Rq5Za9sLxfoM0MumI+q6/RMVoNqsyfY1uIvlTyEyQNXdwZecWo6 wplMb46300N/Pjg+C3Ku69Zivh8a3wAuwOU5dTUFVr4phJL+LgMPviyB25oJ5bVgwPgV /f9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 16si721352qtv.302.2017.05.16.20.00.56; Tue, 16 May 2017 20:00:56 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id E838360688; Wed, 17 May 2017 03:00:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5E4CE608CD; Wed, 17 May 2017 03:00:28 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0A11460BF6; Wed, 17 May 2017 03:00:19 +0000 (UTC) Received: from forward2o.cmail.yandex.net (forward2o.cmail.yandex.net [37.9.109.243]) by lists.linaro.org (Postfix) with ESMTPS id C4A59608BD for ; Wed, 17 May 2017 03:00:13 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20]) by forward2o.cmail.yandex.net (Yandex) with ESMTP id 4247B2115C for ; Wed, 17 May 2017 06:00:12 +0300 (MSK) Received: from smtp3h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id F02AC441018 for ; Wed, 17 May 2017 06:00:11 +0300 (MSK) Received: by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id DaItNhup6J-0AdGl65p; Wed, 17 May 2017 06:00:10 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 17 May 2017 06:00:06 +0300 Message-Id: <1494990006-20867-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1494990006-20867-1-git-send-email-odpbot@yandex.ru> References: <1494990006-20867-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 32 Subject: [lng-odp] [PATCH API-NEXT v1 1/1] api: crypto: deprecate per-session IV X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Per-session IV (in it's current form) are static IVs used (possibly) for several packets, and so they degradate security of genrated packets. Instead of modifying semantics of IV wrt processed packets, etc. let's deprecate (and in future remove) this IV altogether and enforce applications to always specify correct IV in the per-packet operation params. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 32 (lumag:crypto-no-iv) ** https://github.com/Linaro/odp/pull/32 ** Patch: https://github.com/Linaro/odp/pull/32.patch ** Base sha: f4c213cccc49b4b28557506ad19fba49b872d24f ** Merge commit sha: 276cbed78b033c6adb79f5ca173e0731a4e97450 **/ example/ipsec/odp_ipsec.c | 13 +- example/ipsec/odp_ipsec_cache.c | 15 +- example/ipsec/odp_ipsec_cache.h | 1 - include/odp/api/spec/crypto.h | 18 +- .../linux-generic/include/odp_crypto_internal.h | 4 + platform/linux-generic/odp_crypto.c | 65 +++- test/common_plat/performance/odp_crypto.c | 11 +- .../validation/api/crypto/odp_crypto_test_inp.c | 340 +++------------------ 8 files changed, 122 insertions(+), 345 deletions(-) diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c index 9ed3aa2..f211c9e 100644 --- a/example/ipsec/odp_ipsec.c +++ b/example/ipsec/odp_ipsec.c @@ -694,7 +694,7 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, if (esp) { params.cipher_range.offset = ipv4_data_p(ip) + hdr_len - buf; params.cipher_range.length = ipv4_data_len(ip) - hdr_len; - params.override_iv_ptr = esp->iv; + params.iv_ptr = esp->iv; } /* Issue crypto request */ @@ -884,7 +884,15 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, trl_len = encrypt_len - ip_data_len; esp->spi = odp_cpu_to_be_32(entry->esp.spi); - memcpy(esp + 1, entry->state.iv, entry->esp.iv_len); + + /* Generate an IV */ + if (entry->esp.iv_len) { + int32_t size = entry->esp.iv_len; + int32_t ret = odp_random_data(esp->iv, size, 1); + + if (ret != size) + abort(); + } esp_t = (odph_esptrl_t *)(ip_data + encrypt_len) - 1; esp_t->pad_len = trl_len - sizeof(*esp_t); @@ -894,6 +902,7 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, esp_t->next_header = ip->proto; ip->proto = ODPH_IPPROTO_ESP; + params.iv_ptr = esp->iv; params.cipher_range.offset = ip_data - buf; params.cipher_range.length = encrypt_len; } diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c index b2a91c2..b63791a 100644 --- a/example/ipsec/odp_ipsec_cache.c +++ b/example/ipsec/odp_ipsec_cache.c @@ -86,13 +86,11 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, params.cipher_alg = cipher_sa->alg.u.cipher; params.cipher_key.data = cipher_sa->key.data; params.cipher_key.length = cipher_sa->key.length; - params.iv.data = entry->state.iv; - params.iv.length = cipher_sa->iv_len; + params.iv_length = cipher_sa->iv_len; mode = cipher_sa->mode; } else { params.cipher_alg = ODP_CIPHER_ALG_NULL; - params.iv.data = NULL; - params.iv.length = 0; + params.iv_length = 0; } /* Auth */ @@ -105,15 +103,6 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, params.auth_alg = ODP_AUTH_ALG_NULL; } - /* Generate an IV */ - if (params.iv.length) { - int32_t size = params.iv.length; - - int32_t ret = odp_random_data(params.iv.data, size, 1); - if (ret != size) - return -1; - } - /* Synchronous session create for now */ if (odp_crypto_session_create(¶ms, &session, &ses_create_rc)) return -1; diff --git a/example/ipsec/odp_ipsec_cache.h b/example/ipsec/odp_ipsec_cache.h index 7a4b95c..53c9538 100644 --- a/example/ipsec/odp_ipsec_cache.h +++ b/example/ipsec/odp_ipsec_cache.h @@ -56,7 +56,6 @@ typedef struct ipsec_cache_entry_s { odp_crypto_session_t session; /**< Crypto session handle */ uint32_t esp_seq; /**< ESP TX sequence number */ uint32_t ah_seq; /**< AH TX sequence number */ - uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */ odp_u16be_t tun_hdr_id; /**< Tunnel header IP ID */ } state; } ipsec_cache_entry_t; diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index c47d314..19dd8b0 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -234,14 +234,14 @@ typedef struct odp_crypto_key { /** * Crypto API IV structure */ -typedef struct odp_crypto_iv { +typedef struct ODP_DEPRECATE(odp_crypto_iv) { /** IV data */ uint8_t *data; /** IV length in bytes */ uint32_t length; -} odp_crypto_iv_t; +} ODP_DEPRECATE(odp_crypto_iv_t); /** * Crypto API data range specifier @@ -285,8 +285,11 @@ typedef struct odp_crypto_session_param_t { */ odp_crypto_key_t cipher_key; - /** Cipher Initialization Vector (IV) */ - odp_crypto_iv_t iv; + /** @deprecated use iv_length and per-packet IV instead */ + ODP_DEPRECATE(odp_crypto_iv_t) ODP_DEPRECATE(iv); + + /** Cipher Initialization Vector (IV) length */ + uint32_t iv_length; /** Authentication algorithm * @@ -359,8 +362,11 @@ typedef struct odp_crypto_op_param_t { */ odp_packet_t out_pkt; - /** Override session IV pointer */ - uint8_t *override_iv_ptr; + /** @deprecated use iv_ptr instead */ + uint8_t *ODP_DEPRECATE(override_iv_ptr); + + /** IV pointer */ + uint8_t *iv_ptr; /** Offset from start of packet for hash result * diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index 515cefa..78f87e0 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -7,6 +7,8 @@ #ifndef ODP_CRYPTO_INTERNAL_H_ #define ODP_CRYPTO_INTERNAL_H_ +#include + #ifdef __cplusplus extern "C" { #endif @@ -40,8 +42,10 @@ struct odp_crypto_generic_session { odp_bool_t do_cipher_first; struct { +#if ODP_DEPRECATED_API /* Copy of session IV data */ uint8_t iv_data[MAX_IV_LEN]; +#endif union { struct { diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index dfeb9f3..bfbef38 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -184,10 +184,14 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -216,10 +220,14 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -241,9 +249,14 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, static int process_aes_param(odp_crypto_generic_session_t *session) { - /* Verify IV len is either 0 or 16 */ - if (!((0 == session->p.iv.length) || (16 == session->p.iv.length))) + /* Verify IV len is 16 */ +#if ODP_DEPRECATED_API + if (!((16 == session->p.iv_length) || (16 == session->p.iv.length))) + return -1; +#else + if (16 != session->p.iv_length) return -1; +#endif /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) { @@ -273,10 +286,14 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -338,10 +355,14 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -392,6 +413,13 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, static int process_aes_gcm_param(odp_crypto_generic_session_t *session) { + uint32_t iv_length = session->p.iv_length; + +#if ODP_DEPRECATED_API + if (0 != session->p.iv.length) + iv_length = session->p.iv.length; +#endif + /* Verify Key len is 16 */ if (session->p.cipher_key.length != 16) return -1; @@ -409,7 +437,7 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session) } EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, - session->p.iv.length, NULL); + iv_length, NULL); if (ODP_CRYPTO_OP_ENCODE == session->p.op) { EVP_EncryptInit_ex(ctx, NULL, NULL, session->p.cipher_key.data, NULL); @@ -430,10 +458,14 @@ odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, DES_cblock iv; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -468,10 +500,14 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, DES_cblock iv; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -500,9 +536,14 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, static int process_des_param(odp_crypto_generic_session_t *session) { - /* Verify IV len is either 0 or 8 */ - if (!((0 == session->p.iv.length) || (8 == session->p.iv.length))) + /* Verify IV len is 8 */ +#if ODP_DEPRECATED_API + if (!((8 == session->p.iv_length) || (8 == session->p.iv.length))) + return -1; +#else + if (8 != session->p.iv_length) return -1; +#endif /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) @@ -679,6 +720,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, session->p = *param; /* Copy IV data */ +#if ODP_DEPRECATED_API if (session->p.iv.data) { if (session->p.iv.length > MAX_IV_LEN) { ODP_DBG("Maximum IV length exceeded\n"); @@ -689,6 +731,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, memcpy(session->cipher.iv_data, session->p.iv.data, session->p.iv.length); } +#endif /* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) diff --git a/test/common_plat/performance/odp_crypto.c b/test/common_plat/performance/odp_crypto.c index b385797..fa4b817 100644 --- a/test/common_plat/performance/odp_crypto.c +++ b/test/common_plat/performance/odp_crypto.c @@ -186,10 +186,7 @@ static crypto_alg_config_t algs_config[] = { .data = test_key24, .length = sizeof(test_key24) }, - .iv = { - .data = test_iv, - .length = 8, - }, + .iv_length = 8, .auth_alg = ODP_AUTH_ALG_NULL }, }, @@ -201,10 +198,7 @@ static crypto_alg_config_t algs_config[] = { .data = test_key24, .length = sizeof(test_key24) }, - .iv = { - .data = test_iv, - .length = 8, - }, + .iv_length = 8, .auth_alg = ODP_AUTH_ALG_MD5_HMAC, .auth_key = { .data = test_key16, @@ -552,6 +546,7 @@ run_measure_one(crypto_args_t *cargs, } mem = odp_packet_data(newpkt); memset(mem, 1, payload_length); + params.iv_ptr = test_iv; params.pkt = newpkt; params.out_pkt = cargs->in_place ? newpkt : ODP_PACKET_INVALID; diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index 24ea493..6c7a91d 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -67,7 +67,7 @@ static const char *cipher_alg_name(odp_cipher_alg_t cipher) static void alg_test(odp_crypto_op_t op, odp_bool_t should_fail, odp_cipher_alg_t cipher_alg, - odp_crypto_iv_t ses_iv, + uint32_t iv_length, uint8_t *op_iv_ptr, odp_crypto_key_t cipher_key, odp_auth_alg_t auth_alg, @@ -155,7 +155,7 @@ static void alg_test(odp_crypto_op_t op, /* Search for the test case */ for (i = 0; i < num; i++) { if (cipher_capa[i].key_len == cipher_key.length && - cipher_capa[i].iv_len == ses_iv.length) { + cipher_capa[i].iv_len == iv_length) { found = 1; break; } @@ -199,7 +199,7 @@ static void alg_test(odp_crypto_op_t op, ses_params.compl_queue = suite_context.queue; ses_params.output_pool = suite_context.pool; ses_params.cipher_key = cipher_key; - ses_params.iv = ses_iv; + ses_params.iv_length = iv_length; ses_params.auth_key = auth_key; rc = odp_crypto_session_create(&ses_params, &session, &status); @@ -236,8 +236,7 @@ static void alg_test(odp_crypto_op_t op, op_params.auth_range.offset = data_off; op_params.auth_range.length = plaintext_len; } - if (op_iv_ptr) - op_params.override_iv_ptr = op_iv_ptr; + op_params.iv_ptr = op_iv_ptr; op_params.hash_result_offset = plaintext_len; if (0 != digest_len) { @@ -440,52 +439,13 @@ static int check_alg_3des_cbc(void) } /* This test verifies the correctness of encode (plaintext -> ciphertext) - * operation for 3DES_CBC algorithm. IV for the operation is the session IV. - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer.*/ -void crypto_test_enc_alg_3des_cbc(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv; - unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / - sizeof(tdes_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = tdes_cbc_reference_key[i]; - cipher_key.length = sizeof(tdes_cbc_reference_key[i]); - iv.data = tdes_cbc_reference_iv[i]; - iv.length = sizeof(tdes_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_ENCODE, - 0, - ODP_CIPHER_ALG_3DES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - tdes_cbc_reference_plaintext[i], - tdes_cbc_reference_length[i], - tdes_cbc_reference_ciphertext[i], - tdes_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of encode (plaintext -> ciphertext) * operation for 3DES_CBC algorithm. IV for the operation is the operation IV. * */ -void crypto_test_enc_alg_3des_cbc_ovr_iv(void) +void crypto_test_enc_alg_3des_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = TDES_CBC_IV_LEN }; + uint32_t iv_length = TDES_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / sizeof(tdes_cbc_reference_length[0])); unsigned int i; @@ -495,13 +455,13 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void) cipher_key.length = sizeof(tdes_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_3DES_CBC, - iv, + iv_length, tdes_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -523,47 +483,7 @@ void crypto_test_dec_alg_3des_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; - unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / - sizeof(tdes_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = tdes_cbc_reference_key[i]; - cipher_key.length = sizeof(tdes_cbc_reference_key[i]); - iv.data = tdes_cbc_reference_iv[i]; - iv.length = sizeof(tdes_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_DECODE, - 0, - ODP_CIPHER_ALG_3DES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - tdes_cbc_reference_ciphertext[i], - tdes_cbc_reference_length[i], - tdes_cbc_reference_plaintext[i], - tdes_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of decode (ciphertext -> plaintext) - * operation for 3DES_CBC algorithm. IV for the operation is the session IV - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer. - * */ -void crypto_test_dec_alg_3des_cbc_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = TDES_CBC_IV_LEN }; + uint32_t iv_length = TDES_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / sizeof(tdes_cbc_reference_length[0])); unsigned int i; @@ -573,13 +493,13 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void) cipher_key.length = sizeof(tdes_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_3DES_CBC, - iv, + iv_length, tdes_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -605,7 +525,7 @@ void crypto_test_enc_alg_aes128_gcm(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; + uint32_t iv_length = AES128_GCM_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / sizeof(aes128_gcm_reference_length[0])); unsigned int i; @@ -613,11 +533,9 @@ void crypto_test_enc_alg_aes128_gcm(void) for (i = 0; i < test_vec_num; i++) { cipher_key.data = aes128_gcm_reference_key[i]; cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - iv.data = aes128_gcm_reference_iv[i]; - iv.length = sizeof(aes128_gcm_reference_iv[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, auth_key.length, AES128_GCM_CHECK_LEN)) @@ -626,51 +544,7 @@ void crypto_test_enc_alg_aes128_gcm(void) alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_AES_GCM, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_AES_GCM, - auth_key, - &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], - aes128_gcm_reference_plaintext[i], - aes128_gcm_reference_length[i], - aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i], - aes128_gcm_reference_ciphertext[i] + - aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); - } -} - -/* This test verifies the correctness of encode (plaintext -> ciphertext) - * operation for AES128_GCM algorithm. IV for the operation is the session IV. - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer.*/ -void crypto_test_enc_alg_aes128_gcm_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; - unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / - sizeof(aes128_gcm_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_gcm_reference_key[i]; - cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) - continue; - if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) - continue; - - alg_test(ODP_CRYPTO_OP_ENCODE, - 0, - ODP_CIPHER_ALG_AES_GCM, - iv, + iv_length, aes128_gcm_reference_iv[i], cipher_key, ODP_AUTH_ALG_AES_GCM, @@ -696,7 +570,7 @@ void crypto_test_dec_alg_aes128_gcm(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; + uint32_t iv_length = AES128_GCM_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / sizeof(aes128_gcm_reference_length[0])); unsigned int i; @@ -704,11 +578,9 @@ void crypto_test_dec_alg_aes128_gcm(void) for (i = 0; i < test_vec_num; i++) { cipher_key.data = aes128_gcm_reference_key[i]; cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - iv.data = aes128_gcm_reference_iv[i]; - iv.length = sizeof(aes128_gcm_reference_iv[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, auth_key.length, AES128_GCM_CHECK_LEN)) @@ -717,52 +589,7 @@ void crypto_test_dec_alg_aes128_gcm(void) alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_AES_GCM, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_AES_GCM, - auth_key, - &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], - aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN, - aes128_gcm_reference_plaintext[i], - aes128_gcm_reference_length[i], - aes128_gcm_reference_ciphertext[i] + - aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); - } -} - -/* This test verifies the correctness of decode (ciphertext -> plaintext) - * operation for 3DES_CBC algorithm. IV for the operation is the session IV - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer. - * */ -void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; - unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / - sizeof(aes128_gcm_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_gcm_reference_key[i]; - cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) - continue; - if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) - continue; - - alg_test(ODP_CRYPTO_OP_DECODE, - 0, - ODP_CIPHER_ALG_AES_GCM, - iv, + iv_length, aes128_gcm_reference_iv[i], cipher_key, ODP_AUTH_ALG_AES_GCM, @@ -785,52 +612,13 @@ static int check_alg_aes_cbc(void) } /* This test verifies the correctness of encode (plaintext -> ciphertext) - * operation for AES128_CBC algorithm. IV for the operation is the session IV. - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer.*/ -void crypto_test_enc_alg_aes128_cbc(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv; - unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / - sizeof(aes128_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_cbc_reference_key[i]; - cipher_key.length = sizeof(aes128_cbc_reference_key[i]); - iv.data = aes128_cbc_reference_iv[i]; - iv.length = sizeof(aes128_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_ENCODE, - 0, - ODP_CIPHER_ALG_AES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - aes128_cbc_reference_plaintext[i], - aes128_cbc_reference_length[i], - aes128_cbc_reference_ciphertext[i], - aes128_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of encode (plaintext -> ciphertext) * operation for AES128_CBC algorithm. IV for the operation is the operation IV. * */ -void crypto_test_enc_alg_aes128_cbc_ovr_iv(void) +void crypto_test_enc_alg_aes128_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_CBC_IV_LEN }; + uint32_t iv_length = AES128_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / sizeof(aes128_cbc_reference_length[0])); unsigned int i; @@ -840,13 +628,13 @@ void crypto_test_enc_alg_aes128_cbc_ovr_iv(void) cipher_key.length = sizeof(aes128_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_AES_CBC, - iv, + iv_length, aes128_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -868,47 +656,7 @@ void crypto_test_dec_alg_aes128_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; - unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / - sizeof(aes128_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_cbc_reference_key[i]; - cipher_key.length = sizeof(aes128_cbc_reference_key[i]); - iv.data = aes128_cbc_reference_iv[i]; - iv.length = sizeof(aes128_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_DECODE, - 0, - ODP_CIPHER_ALG_AES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - aes128_cbc_reference_ciphertext[i], - aes128_cbc_reference_length[i], - aes128_cbc_reference_plaintext[i], - aes128_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of decode (ciphertext -> plaintext) - * operation for AES128_CBC algorithm. IV for the operation is the session IV - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer. - * */ -void crypto_test_dec_alg_aes128_cbc_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_CBC_IV_LEN }; + uint32_t iv_length = AES128_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / sizeof(aes128_cbc_reference_length[0])); unsigned int i; @@ -918,13 +666,13 @@ void crypto_test_dec_alg_aes128_cbc_ovr_iv(void) cipher_key.length = sizeof(aes128_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_AES_CBC, - iv, + iv_length, aes128_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -953,7 +701,6 @@ void crypto_test_gen_alg_hmac_md5(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; unsigned int test_vec_num = (sizeof(hmac_md5_reference_length) / sizeof(hmac_md5_reference_length[0])); @@ -970,8 +717,8 @@ void crypto_test_gen_alg_hmac_md5(void) alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_MD5_HMAC, auth_key, @@ -988,7 +735,6 @@ void crypto_test_check_alg_hmac_md5(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; uint8_t wrong_digest[HMAC_MD5_DIGEST_LEN]; unsigned int test_vec_num = (sizeof(hmac_md5_reference_length) / @@ -1008,8 +754,8 @@ void crypto_test_check_alg_hmac_md5(void) alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_MD5_HMAC, auth_key, @@ -1023,8 +769,8 @@ void crypto_test_check_alg_hmac_md5(void) alg_test(ODP_CRYPTO_OP_DECODE, 1, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_MD5_HMAC, auth_key, @@ -1053,7 +799,6 @@ void crypto_test_gen_alg_hmac_sha256(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; unsigned int test_vec_num = (sizeof(hmac_sha256_reference_length) / sizeof(hmac_sha256_reference_length[0])); @@ -1072,8 +817,8 @@ void crypto_test_gen_alg_hmac_sha256(void) alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_SHA256_HMAC, auth_key, @@ -1090,7 +835,6 @@ void crypto_test_check_alg_hmac_sha256(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; uint8_t wrong_digest[HMAC_SHA256_DIGEST_LEN]; unsigned int test_vec_num = (sizeof(hmac_sha256_reference_length) / @@ -1112,8 +856,8 @@ void crypto_test_check_alg_hmac_sha256(void) alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_SHA256_HMAC, auth_key, @@ -1127,8 +871,8 @@ void crypto_test_check_alg_hmac_sha256(void) alg_test(ODP_CRYPTO_OP_DECODE, 1, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_SHA256_HMAC, auth_key, @@ -1190,26 +934,14 @@ odp_testinfo_t crypto_suite[] = { check_alg_3des_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc, check_alg_3des_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_3des_cbc_ovr_iv, - check_alg_3des_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc_ovr_iv, - check_alg_3des_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_cbc, check_alg_aes_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_cbc, check_alg_aes_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_cbc_ovr_iv, - check_alg_aes_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_cbc_ovr_iv, - check_alg_aes_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_gcm, check_alg_aes_gcm), - ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_gcm_ovr_iv, - check_alg_aes_gcm), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_gcm, check_alg_aes_gcm), - ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_gcm_ovr_iv, - check_alg_aes_gcm), ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_md5, check_alg_hmac_md5), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_md5,