From patchwork Tue Nov 14 20:00:04 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Github ODP bot <odpbot@yandex.ru>
X-Patchwork-Id: 118882
Delivered-To: patch@linaro.org
Received: by 10.140.22.164 with SMTP id 33csp3459560qgn;
 Tue, 14 Nov 2017 12:01:12 -0800 (PST)
X-Google-Smtp-Source: AGs4zMZ3Y3HBDNOxj2iXlcX9YZ0VkMu438/+qG27wCR/fLtMz6gYinSrax2lPUvb7vSGACaNXKGy
X-Received: by 10.237.53.200 with SMTP id d8mr1799930qte.32.1510689672775;
 Tue, 14 Nov 2017 12:01:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510689672; cv=none;
 d=google.com; s=arc-20160816;
 b=kSAowcGdw+i92/0ZW4Xt1+AtOWYl7DQnAFr8z554gkhdC5mdGpDA3iVpQX/8WZDB7h
 Bet0yJu2/7AYjn510wYvKXOLV414wcjN7+SGtDEbPq+1lt0wT6GU3Tpos195ZNqvdNRV
 QzG1dulH2JcHzfuUjAXTxjv2LOzpKdkTP14HbrYnHLccYiu3PHvRXmp9FFA6HoUGtUA5
 JKE4JR3tSajtF5ZMDjxDOlDZZWwdom50R8OQD2WB6HfF1FbIjzE753L3IMsw1TLvM4iu
 Fh7Wh9EJEcSV/+2TgRuliVYoUhGmTxmR+m8erUO/v5HGZpAZikpqw3HJuvax6aeN+fho
 30dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:github-pr-num
 :references:in-reply-to:message-id:date:to:from:delivered-to
 :arc-authentication-results;
 bh=D/D4YwlNSNpbT58+DrE8m8ZC07OudGWu/t55Wudmc1c=;
 b=I7CiedKPcpvYJLfFJ8CF3jGzfti2Ko+nQdZxrWpNZRNmk991E+PzzOHKtfYAm1jlG5
 2d87rtNqWKW/XUR6FyXOecaW2YDm96+PdZXZLEHwoCSLbHT5yu+bxwMAzOXlEA6/QeIU
 Rke9wc5miDeHAIzGz8B0bDEB22kKwcKQLGHsx6QGtXkLtFnaLr+MxZ0f3GICUrmVcOqY
 L1463IkAV/Gd6CR5AuHjLINEu5WrcqR3xSzMktLvwj+lgkfSdBZKzT72+TUrMRycAMD1
 t97b4tD09raCzyGy/exz9Yhiv6dBU8SIQPeCIEtwcediey3LZJUlzgo6z93j8ukAGKn4
 mfAQ==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Return-Path: <lng-odp-bounces@lists.linaro.org>
Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com.
 [54.197.127.237]) by mx.google.com with ESMTP id
 c188si1718060qkd.228.2017.11.14.12.01.12; 
 Tue, 14 Nov 2017 12:01:12 -0800 (PST)
Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 client-ip=54.197.127.237; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: by lists.linaro.org (Postfix, from userid 109)
 id 6029060812; Tue, 14 Nov 2017 20:01:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED
 autolearn=disabled version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id A39E160606;
 Tue, 14 Nov 2017 20:00:26 +0000 (UTC)
X-Original-To: lng-odp@lists.linaro.org
Delivered-To: lng-odp@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id EEDEB60639; Tue, 14 Nov 2017 20:00:18 +0000 (UTC)
Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net
 [37.140.190.187])
 by lists.linaro.org (Postfix) with ESMTPS id 137CB60639
 for <lng-odp@lists.linaro.org>; Tue, 14 Nov 2017 20:00:15 +0000 (UTC)
Received: from mxback9g.mail.yandex.net (mxback9g.mail.yandex.net
 [IPv6:2a02:6b8:0:1472:2741:0:8b7:170])
 by forward106o.mail.yandex.net (Yandex) with ESMTP id BADB2783DBA
 for <lng-odp@lists.linaro.org>; Tue, 14 Nov 2017 23:00:13 +0300 (MSK)
Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net
 [2a02:6b8:0:1472:2741:0:8b6:8])
 by mxback9g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id
 AtbpJE8aui-0DgSZh5i; Tue, 14 Nov 2017 23:00:13 +0300
Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 ZsDLds7hfB-0DpGFHYQ; Tue, 14 Nov 2017 23:00:13 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
 (Client certificate not present)
From: Github ODP bot <odpbot@yandex.ru>
To: lng-odp@lists.linaro.org
Date: Tue, 14 Nov 2017 23:00:04 +0300
Message-Id: <1510689611-17861-4-git-send-email-odpbot@yandex.ru>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1510689611-17861-1-git-send-email-odpbot@yandex.ru>
References: <1510689611-17861-1-git-send-email-odpbot@yandex.ru>
Github-pr-num: 288
Subject: [lng-odp] [PATCH API-NEXT v8 3/10] linux-gen: crypto: add AES-GMAC
 implementation
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "The OpenDataPlane \(ODP\) List" <lng-odp.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/lng-odp/>
List-Post: <mailto:lng-odp@lists.linaro.org>
List-Help: <mailto:lng-odp-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

Implement AES-GMAC on top of OpenSSL AES-GCM with all text going into
AAD part.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
---
/** Email created from pull request 288 (lumag:gmac)
 ** https://github.com/Linaro/odp/pull/288
 ** Patch: https://github.com/Linaro/odp/pull/288.patch
 ** Base sha: ba93e355ddf151215aa18b59cbfca08fe175fe65
 ** Merge commit sha: 8363c3a4073075d0f3dd68864b9a33819005aab4
 **/
 .../linux-generic/include/odp_crypto_internal.h    |   5 +-
 platform/linux-generic/odp_crypto.c                | 151 ++++++++++++++++++++-
 2 files changed, 154 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h
index 12d1720b7..21174daa4 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -51,7 +51,10 @@ struct odp_crypto_generic_session {
 		uint8_t  key[EVP_MAX_KEY_LENGTH];
 		uint32_t key_length;
 		uint32_t bytes;
-		const EVP_MD *evp_md;
+		union {
+			const EVP_MD *evp_md;
+			const EVP_CIPHER *evp_cipher;
+		};
 		crypto_func_t func;
 	} auth;
 };
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index f34863bf2..1cc2d7018 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -37,7 +37,9 @@
  * Keep sorted: first by key length, then by IV length
  */
 static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
-{.key_len = 0, .iv_len = 0} };
+{.key_len = 0, .iv_len = 0},
+/* Special case for GMAC */
+{.key_len = 0, .iv_len = 12} };
 
 static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = {
 {.key_len = 24, .iv_len = 8} };
@@ -84,6 +86,9 @@ static const odp_crypto_auth_capability_t auth_capa_sha512_hmac[] = {
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
 
+static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+
 typedef struct odp_crypto_global_s odp_crypto_global_t;
 
 struct odp_crypto_global_s {
@@ -236,6 +241,33 @@ odp_crypto_alg_err_t auth_check(odp_packet_t pkt,
 }
 
 static
+int internal_aad(EVP_CIPHER_CTX *ctx,
+		 odp_packet_t pkt,
+		 const odp_crypto_packet_op_param_t *param)
+{
+	uint32_t offset = param->auth_range.offset;
+	uint32_t len   = param->auth_range.length;
+	int dummy_len;
+	int ret;
+
+	ODP_ASSERT(offset + len <= odp_packet_len(pkt));
+
+	while (len > 0) {
+		uint32_t seglen = 0; /* GCC */
+		void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
+		uint32_t maclen = len > seglen ? seglen : len;
+
+		EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen);
+		offset  += maclen;
+		len     -= maclen;
+	}
+
+	ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len);
+
+	return ret;
+}
+
+static
 int internal_encrypt(EVP_CIPHER_CTX *ctx,
 		     odp_packet_t pkt,
 		     const odp_crypto_packet_op_param_t *param)
@@ -556,6 +588,108 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session,
 	return 0;
 }
 
+static
+odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
+				  const odp_crypto_packet_op_param_t *param,
+				  odp_crypto_generic_session_t *session)
+{
+	EVP_CIPHER_CTX *ctx;
+	void *iv_ptr;
+	uint8_t block[EVP_MAX_MD_SIZE];
+	int ret;
+
+	if (param->override_iv_ptr)
+		iv_ptr = param->override_iv_ptr;
+	else if (session->p.iv.data)
+		iv_ptr = session->cipher.iv_data;
+	else
+		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
+
+	/* Encrypt it */
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL,
+			   session->auth.key, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+			    session->p.iv.length, NULL);
+	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+	ret = internal_aad(ctx, pkt, param);
+
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+			    session->p.auth_digest_len, block);
+	odp_packet_copy_from_mem(pkt, param->hash_result_offset,
+				 session->p.auth_digest_len, block);
+
+	EVP_CIPHER_CTX_free(ctx);
+
+	return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE :
+			  ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static
+odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt,
+				    const odp_crypto_packet_op_param_t *param,
+				    odp_crypto_generic_session_t *session)
+{
+	EVP_CIPHER_CTX *ctx;
+	void *iv_ptr;
+	uint8_t block[EVP_MAX_MD_SIZE];
+	int ret;
+
+	if (param->override_iv_ptr)
+		iv_ptr = param->override_iv_ptr;
+	else if (session->p.iv.data)
+		iv_ptr = session->cipher.iv_data;
+	else
+		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
+
+	/* Decrypt it */
+	ctx = EVP_CIPHER_CTX_new();
+	EVP_DecryptInit_ex(ctx, session->auth.evp_cipher, NULL,
+			   session->auth.key, NULL);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+			    session->p.iv.length, NULL);
+	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+	EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+	odp_packet_copy_to_mem(pkt, param->hash_result_offset,
+			       session->p.auth_digest_len, block);
+	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
+			    session->p.auth_digest_len, block);
+	_odp_packet_set_data(pkt, param->hash_result_offset,
+			     0, session->p.auth_digest_len);
+
+	ret = internal_aad(ctx, pkt, param);
+
+	EVP_CIPHER_CTX_free(ctx);
+
+	return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK :
+			  ODP_CRYPTO_ALG_ERR_NONE;
+}
+
+static int process_aes_gmac_param(odp_crypto_generic_session_t *session,
+				  const EVP_CIPHER *cipher)
+{
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.auth_key.length)
+		return -1;
+
+	memcpy(session->auth.key, session->p.auth_key.data,
+	       session->p.auth_key.length);
+
+	session->auth.evp_cipher = cipher;
+
+	/* Set function */
+	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
+		session->auth.func = aes_gmac_gen;
+	else
+		session->auth.func = aes_gmac_check;
+
+	return 0;
+}
+
 static int process_auth_param(odp_crypto_generic_session_t *session,
 			      uint32_t key_length,
 			      const EVP_MD *evp_md)
@@ -601,6 +735,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
 	capa->auths.bit.sha256_hmac  = 1;
 	capa->auths.bit.sha512_hmac  = 1;
 	capa->auths.bit.aes_gcm      = 1;
+	capa->auths.bit.aes_gmac     = 1;
 
 #if ODP_DEPRECATED_API
 	capa->ciphers.bit.aes128_cbc = 1;
@@ -688,6 +823,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
 		src = auth_capa_aes_gcm;
 		num = sizeof(auth_capa_aes_gcm) / size;
 		break;
+	case ODP_AUTH_ALG_AES_GMAC:
+		src = auth_capa_aes_gmac;
+		num = sizeof(auth_capa_aes_gmac) / size;
+		break;
 	default:
 		return -1;
 	}
@@ -859,6 +998,16 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 			rc = -1;
 		}
 		break;
+	case ODP_AUTH_ALG_AES_GMAC:
+		if (param->auth_key.length == 16)
+			rc = process_aes_gmac_param(session, EVP_aes_128_gcm());
+		else if (param->auth_key.length == 24)
+			rc = process_aes_gmac_param(session, EVP_aes_192_gcm());
+		else if (param->auth_key.length == 32)
+			rc = process_aes_gmac_param(session, EVP_aes_256_gcm());
+		else
+			rc = -1;
+		break;
 	default:
 		rc = -1;
 	}