From patchwork Fri May 19 23:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 100218 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp534380qge; Fri, 19 May 2017 16:04:09 -0700 (PDT) X-Received: by 10.237.59.20 with SMTP id p20mr11436932qte.95.1495235049334; Fri, 19 May 2017 16:04:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1495235049; cv=none; d=google.com; s=arc-20160816; b=Zgo3kDFivQTFxm3UqqabKDgOK/1qeDB0+utjhc9YKbhujL/LT1zcQ2aDH4zV3JSdw8 zNJiKiyaHsGdID4xdjbt587IQBIV8qmKJLLRcM+wcKesDdXGJXvu1iRLjDYWVupAD/H0 2jYo5QSs+n3ciPEFqgyhNW/fQlR6NgxSk0dLILf4M4y3afyJ9Vpn65oUgdICetMctbGp GqTU8QapCwtPG5s/HuIVu470d8Ax5h4j4qlieau+P00GUYlzubg25/km7fvDjrtUWOHK 9PfGCZvJyKvt+EpGVrG6Eoc+6/NxrbZ1qud/c/QrRe4YhTyiB/KyYpicpGX9LzPalabI qU3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=yKdEfZ8c9Are312ghRl1Jga4rTZ1wgqsKR6r5xHmS5Y=; b=PFmcw10/WNgnDHCSGqFhpVARamRiwFSClne4bPvL7QWOsyljznRf/nshgRLf9Jj6Kp u4VyWrpNTwjM3PvabzFYvGXgHJP9gmFZs6w3tk91YGyd56RFgtTZfSJWDYI4Clp+ifMH Pp/5WN1czhnfaumfsOmJO9JNdRnRS6vK7j5MC7UTgamt4ylax7f7CFze2bItetB77R7s 2CfcWc7nDuwEqKdIzLsHtcE4LQ+YZ8/gzc+J0vzdQTZ3EoZhJv/sq2BS8wfvMBaQLHL1 06jn6uIdmiwovIE16ZTS3VRnpipveYNtGKR8zLQGyaU3xrDyehybR3K9z69n+J0dno/f La6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id q1si10355382qte.107.2017.05.19.16.04.08; Fri, 19 May 2017 16:04:09 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5FDF960EA7; Fri, 19 May 2017 23:04:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id A5AA260865; Fri, 19 May 2017 23:01:05 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 9619360840; Fri, 19 May 2017 23:00:54 +0000 (UTC) Received: from forward5m.cmail.yandex.net (forward5m.cmail.yandex.net [5.255.216.23]) by lists.linaro.org (Postfix) with ESMTPS id 94D0F60E9A for ; Fri, 19 May 2017 23:00:21 +0000 (UTC) Received: from smtp2j.mail.yandex.net (smtp2j.mail.yandex.net [IPv6:2a02:6b8:0:801::ac]) by forward5m.cmail.yandex.net (Yandex) with ESMTP id 3E31B219D2 for ; Sat, 20 May 2017 02:00:20 +0300 (MSK) Received: from smtp2j.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp2j.mail.yandex.net (Yandex) with ESMTP id 1A1413EC1158 for ; Sat, 20 May 2017 02:00:19 +0300 (MSK) Received: by smtp2j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id upK1d19rxX-0Jx0pohM; Sat, 20 May 2017 02:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sat, 20 May 2017 02:00:07 +0300 Message-Id: <1495234807-19672-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1495234807-19672-1-git-send-email-odpbot@yandex.ru> References: <1495234807-19672-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 24 Subject: [lng-odp] [PATCH API-NEXT v3 5/5] linux: crypto: update AES-GCM support to reflect aad and auth_digest_len X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Make AES-GCM use recently introduced aad and auth_digest_len fields. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 24 (lumag:crypto-dal) ** https://github.com/Linaro/odp/pull/24 ** Patch: https://github.com/Linaro/odp/pull/24.patch ** Base sha: 826ee894aa0ebd09d42a17e1de077c46bc5b366a ** Merge commit sha: 78b12f0da50bf257f978a197b2667405a94a4938 **/ platform/linux-generic/odp_crypto.c | 60 ++++++++++--------------------------- 1 file changed, 16 insertions(+), 44 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 2fdcfa3f..0ca3e110 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -267,10 +267,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, { uint8_t *data = odp_packet_data(param->out_pkt); uint32_t plain_len = param->cipher_range.length; - uint8_t *aad_head = data + param->auth_range.offset; - uint8_t *aad_tail = data + param->cipher_range.offset + - param->cipher_range.length; - uint32_t auth_len = param->auth_range.length; + const uint8_t *aad_head = param->aad.ptr; + uint32_t aad_len = param->aad.length; unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; @@ -282,12 +280,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID; - /* All cipher data must be part of the authentication */ - if (param->auth_range.offset > param->cipher_range.offset || - param->auth_range.offset + auth_len < - param->cipher_range.offset + plain_len) - return ODP_CRYPTO_ALG_ERR_DATA_SIZE; - /* * Create a copy of the IV. The DES library modifies IV * and if we are processing packets on parallel threads @@ -305,23 +297,16 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); /* Authenticate header data (if any) without encrypting them */ - if (aad_head < plaindata) { + if (aad_len > 0) EVP_EncryptUpdate(ctx, NULL, &cipher_len, - aad_head, plaindata - aad_head); - } + aad_head, aad_len); EVP_EncryptUpdate(ctx, plaindata, &cipher_len, plaindata, plain_len); - cipher_len = plain_len; - - /* Authenticate footer data (if any) without encrypting them */ - if (aad_head + auth_len > plaindata + plain_len) { - EVP_EncryptUpdate(ctx, NULL, NULL, aad_tail, - auth_len - (aad_tail - aad_head)); - } EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, + session->p.auth_digest_len, tag); return ODP_CRYPTO_ALG_ERR_NONE; } @@ -332,10 +317,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, { uint8_t *data = odp_packet_data(param->out_pkt); uint32_t cipher_len = param->cipher_range.length; - uint8_t *aad_head = data + param->auth_range.offset; - uint8_t *aad_tail = data + param->cipher_range.offset + - param->cipher_range.length; - uint32_t auth_len = param->auth_range.length; + const uint8_t *aad_head = param->aad.ptr; + uint32_t aad_len = param->aad.length; unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; @@ -347,12 +330,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID; - /* All cipher data must be part of the authentication */ - if (param->auth_range.offset > param->cipher_range.offset || - param->auth_range.offset + auth_len < - param->cipher_range.offset + cipher_len) - return ODP_CRYPTO_ALG_ERR_DATA_SIZE; - /* * Create a copy of the IV. The DES library modifies IV * and if we are processing packets on parallel threads @@ -368,25 +345,18 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, + session->p.auth_digest_len, tag); /* Authenticate header data (if any) without encrypting them */ - if (aad_head < cipherdata) { + if (aad_len > 0) EVP_DecryptUpdate(ctx, NULL, &plain_len, - aad_head, cipherdata - aad_head); - } + aad_head, aad_len); EVP_DecryptUpdate(ctx, cipherdata, &plain_len, cipherdata, cipher_len); - plain_len = cipher_len; - - /* Authenticate footer data (if any) without encrypting them */ - if (aad_head + auth_len > cipherdata + cipher_len) { - EVP_DecryptUpdate(ctx, NULL, NULL, aad_tail, - auth_len - (aad_tail - aad_head)); - } - if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) <= 0) + if (EVP_DecryptFinal_ex(ctx, cipherdata + plain_len, &plain_len) <= 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; return ODP_CRYPTO_ALG_ERR_NONE; @@ -768,12 +738,14 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, case ODP_AUTH_ALG_AES128_GCM: if (param->cipher_alg == ODP_CIPHER_ALG_AES128_GCM) aes_gcm = 1; + session->p.auth_digest_len = 128 / 8; /* Fallthrough */ #endif case ODP_AUTH_ALG_AES_GCM: /* AES-GCM requires to do both auth and * cipher at the same time */ - if (param->cipher_alg == ODP_CIPHER_ALG_AES_GCM || aes_gcm) { + if ((param->cipher_alg == ODP_CIPHER_ALG_AES_GCM || aes_gcm) && + session->p.auth_digest_len == 128 / 8) { session->auth.func = null_crypto_routine; rc = 0; } else {