diff mbox series

[API-NEXT,v2,15/20] linux-generic: crypto: merge AES-CBC and 3DES-CBC support

Message ID 1495490409-30066-16-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v2,1/20] test: crypto: explicitly pass auth_digest_len to crypto subsystem | expand

Commit Message

Github ODP bot May 22, 2017, 10 p.m. UTC
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


There is now nearly no difference between AES-CBC and 3DES-CBC code.
Merge it into generic 'cipher' support, easing adding support for other
ciphers in future.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 34 (lumag:crypto-update-main-new)
 ** https://github.com/Linaro/odp/pull/34
 ** Patch: https://github.com/Linaro/odp/pull/34.patch
 ** Base sha: 826ee894aa0ebd09d42a17e1de077c46bc5b366a
 ** Merge commit sha: 7c49c61063e2d57f049a5436cf12a3c36710bb34
 **/
 .../linux-generic/include/odp_crypto_internal.h    |  14 +-
 platform/linux-generic/odp_crypto.c                | 153 +++++----------------
 2 files changed, 40 insertions(+), 127 deletions(-)
diff mbox series

Patch

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h
index f4f1948f..7fe9289b 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -40,18 +40,8 @@  struct odp_crypto_generic_session {
 	struct {
 		/* Copy of session IV data */
 		uint8_t iv_data[MAX_IV_LEN];
-
-		union {
-			struct {
-				uint8_t  key[EVP_MAX_KEY_LENGTH];
-			} des;
-			struct {
-				uint8_t  key[EVP_MAX_KEY_LENGTH];
-			} aes;
-			struct {
-				uint8_t  key[EVP_MAX_KEY_LENGTH];
-			} aes_gcm;
-		} data;
+		uint8_t key_data[EVP_MAX_KEY_LENGTH];
+		const EVP_CIPHER *evp_cipher;
 		crypto_func_t func;
 	} cipher;
 
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index e09a35d9..25f2e231 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -184,8 +184,8 @@  odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param,
 }
 
 static
-odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param,
+				    odp_crypto_generic_session_t *session)
 {
 	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
@@ -205,8 +205,8 @@  odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
 
 	/* Encrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-			   session->cipher.data.aes.key, NULL);
+	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
@@ -220,8 +220,8 @@  odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
 }
 
 static
-odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param,
+				    odp_crypto_generic_session_t *session)
 {
 	EVP_CIPHER_CTX *ctx;
 	uint8_t *data  = odp_packet_data(param->out_pkt);
@@ -241,8 +241,8 @@  odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
 
 	/* Decrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-			   session->cipher.data.aes.key, NULL);
+	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
 
@@ -255,20 +255,29 @@  odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
-static int process_aes_param(odp_crypto_generic_session_t *session)
+static int process_cipher_param(odp_crypto_generic_session_t *session,
+				const EVP_CIPHER *cipher)
 {
-	/* Verify IV len is either 0 or 16 */
-	if (!((0 == session->p.iv.length) || (16 == session->p.iv.length)))
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.cipher_key.length)
 		return -1;
 
-	memcpy(session->cipher.data.aes.key, session->p.cipher_key.data,
+	/* Verify IV len is correct */
+	if (!((0 == session->p.iv.length) ||
+	      ((uint32_t)EVP_CIPHER_iv_length(cipher) == session->p.iv.length)))
+		return -1;
+
+	session->cipher.evp_cipher = cipher;
+
+	memcpy(session->cipher.key_data, session->p.cipher_key.data,
 	       session->p.cipher_key.length);
 
 	/* Set function */
 	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->cipher.func = aes_encrypt;
+		session->cipher.func = cipher_encrypt;
 	else
-		session->cipher.func = aes_decrypt;
+		session->cipher.func = cipher_decrypt;
 
 	return 0;
 }
@@ -298,8 +307,8 @@  odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 
 	/* Encrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
-			   session->cipher.data.aes_gcm.key, NULL);
+	EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
 			    session->p.iv.length, NULL);
 	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
@@ -346,8 +355,8 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 
 	/* Decrypt it */
 	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
-			   session->cipher.data.aes_gcm.key, NULL);
+	EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+			   session->cipher.key_data, NULL);
 	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
 			    session->p.iv.length, NULL);
 	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
@@ -371,15 +380,19 @@  odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
-static int process_aes_gcm_param(odp_crypto_generic_session_t *session)
+static int process_aes_gcm_param(odp_crypto_generic_session_t *session,
+				 const EVP_CIPHER *cipher)
 {
-	/* Verify Key len is 16 */
-	if (session->p.cipher_key.length != 16)
+	/* Verify Key len is valid */
+	if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+	    session->p.cipher_key.length)
 		return -1;
 
-	memcpy(session->cipher.data.aes_gcm.key, session->p.cipher_key.data,
+	memcpy(session->cipher.key_data, session->p.cipher_key.data,
 	       session->p.cipher_key.length);
 
+	session->cipher.evp_cipher = cipher;
+
 	/* Set function */
 	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
 		session->cipher.func = aes_gcm_encrypt;
@@ -389,96 +402,6 @@  static int process_aes_gcm_param(odp_crypto_generic_session_t *session)
 	return 0;
 }
 
-static
-odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
-{
-	EVP_CIPHER_CTX *ctx;
-	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint32_t plain_len   = param->cipher_range.length;
-	void *iv_ptr;
-	int cipher_len = 0;
-
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
-	else
-		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
-
-	/* Adjust pointer for beginning of area to cipher/auth */
-	data += param->cipher_range.offset;
-
-	/* Encrypt it */
-	ctx = EVP_CIPHER_CTX_new();
-	EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
-			   session->cipher.data.des.key, NULL);
-	EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-	EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
-
-	EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
-
-	EVP_CIPHER_CTX_cleanup(ctx);
-
-	return ODP_CRYPTO_ALG_ERR_NONE;
-}
-
-static
-odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param,
-				 odp_crypto_generic_session_t *session)
-{
-	EVP_CIPHER_CTX *ctx;
-	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint32_t cipher_len   = param->cipher_range.length;
-	int plain_len = 0;
-	void *iv_ptr;
-
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
-	else
-		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
-
-	/* Adjust pointer for beginning of area to cipher/auth */
-	data += param->cipher_range.offset;
-
-	/* Decrypt it */
-	ctx = EVP_CIPHER_CTX_new();
-	EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
-			   session->cipher.data.des.key, NULL);
-	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-	EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len);
-
-	EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len);
-
-	EVP_CIPHER_CTX_cleanup(ctx);
-
-	return ODP_CRYPTO_ALG_ERR_NONE;
-}
-
-static int process_des_param(odp_crypto_generic_session_t *session)
-{
-	/* Verify IV len is either 0 or 8 */
-	if (!((0 == session->p.iv.length) || (8 == session->p.iv.length)))
-		return -1;
-
-	memcpy(session->cipher.data.des.key, session->p.cipher_key.data,
-	       session->p.cipher_key.length);
-
-	/* Set function */
-	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->cipher.func = des_encrypt;
-	else
-		session->cipher.func = des_decrypt;
-
-	return 0;
-}
-
 static int process_auth_param(odp_crypto_generic_session_t *session,
 			      uint32_t key_length,
 			      const EVP_MD *evp_md)
@@ -662,13 +585,13 @@  odp_crypto_session_create(odp_crypto_session_param_t *param,
 		break;
 	case ODP_CIPHER_ALG_DES:
 	case ODP_CIPHER_ALG_3DES_CBC:
-		rc = process_des_param(session);
+		rc = process_cipher_param(session, EVP_des_ede3_cbc());
 		break;
 	case ODP_CIPHER_ALG_AES_CBC:
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_CBC:
 #endif
-		rc = process_aes_param(session);
+		rc = process_cipher_param(session, EVP_aes_128_cbc());
 		break;
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_GCM:
@@ -680,7 +603,7 @@  odp_crypto_session_create(odp_crypto_session_param_t *param,
 		/* AES-GCM requires to do both auth and
 		 * cipher at the same time */
 		if (param->auth_alg == ODP_AUTH_ALG_AES_GCM || aes_gcm)
-			rc = process_aes_gcm_param(session);
+			rc = process_aes_gcm_param(session, EVP_aes_128_gcm());
 		else
 			rc = -1;
 		break;