[API-NEXT,v1,1/1] api: crypto: deprecate per-session IV

Message ID	1494990006-20867-2-git-send-email-odpbot@yandex.ru
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; From: Github ODP bot <odpbot@yandex.ru> To: lng-odp@lists.linaro.org Date: Wed, 17 May 2017 06:00:06 +0300 Message-Id: <1494990006-20867-2-git-send-email-odpbot@yandex.ru> In-Reply-To: <1494990006-20867-1-git-send-email-odpbot@yandex.ru> References: <1494990006-20867-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 32 Subject: [lng-odp] [PATCH API-NEXT v1 1/1] api: crypto: deprecate per-session IV Precedence: list Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>
Series	[API-NEXT,v1,1/1] api: crypto: deprecate per-session IV \| expand [API-NEXT,v1,1/1] api: crypto: deprecate per-session IV

diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c index 9ed3aa2..f211c9e 100644 --- a/example/ipsec/odp_ipsec.c +++ b/example/ipsec/odp_ipsec.c @@ -694,7 +694,7 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, if (esp) { params.cipher_range.offset = ipv4_data_p(ip) + hdr_len - buf; params.cipher_range.length = ipv4_data_len(ip) - hdr_len; - params.override_iv_ptr = esp->iv; + params.iv_ptr = esp->iv; } /* Issue crypto request */ @@ -884,7 +884,15 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, trl_len = encrypt_len - ip_data_len; esp->spi = odp_cpu_to_be_32(entry->esp.spi); - memcpy(esp + 1, entry->state.iv, entry->esp.iv_len); + + /* Generate an IV */ + if (entry->esp.iv_len) { + int32_t size = entry->esp.iv_len; + int32_t ret = odp_random_data(esp->iv, size, 1); + + if (ret != size) + abort(); + } esp_t = (odph_esptrl_t *)(ip_data + encrypt_len) - 1; esp_t->pad_len = trl_len - sizeof(*esp_t); @@ -894,6 +902,7 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, esp_t->next_header = ip->proto; ip->proto = ODPH_IPPROTO_ESP; + params.iv_ptr = esp->iv; params.cipher_range.offset = ip_data - buf; params.cipher_range.length = encrypt_len; } diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c index b2a91c2..b63791a 100644 --- a/example/ipsec/odp_ipsec_cache.c +++ b/example/ipsec/odp_ipsec_cache.c @@ -86,13 +86,11 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, params.cipher_alg = cipher_sa->alg.u.cipher; params.cipher_key.data = cipher_sa->key.data; params.cipher_key.length = cipher_sa->key.length; - params.iv.data = entry->state.iv; - params.iv.length = cipher_sa->iv_len; + params.iv_length = cipher_sa->iv_len; mode = cipher_sa->mode; } else { params.cipher_alg = ODP_CIPHER_ALG_NULL; - params.iv.data = NULL; - params.iv.length = 0; + params.iv_length = 0; } /* Auth */ @@ -105,15 +103,6 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, params.auth_alg = ODP_AUTH_ALG_NULL; } - /* Generate an IV */ - if (params.iv.length) { - int32_t size = params.iv.length; - - int32_t ret = odp_random_data(params.iv.data, size, 1); - if (ret != size) - return -1; - } - /* Synchronous session create for now */ if (odp_crypto_session_create(&params, &session, &ses_create_rc)) return -1; diff --git a/example/ipsec/odp_ipsec_cache.h b/example/ipsec/odp_ipsec_cache.h index 7a4b95c..53c9538 100644 --- a/example/ipsec/odp_ipsec_cache.h +++ b/example/ipsec/odp_ipsec_cache.h @@ -56,7 +56,6 @@ typedef struct ipsec_cache_entry_s { odp_crypto_session_t session; /**< Crypto session handle */ uint32_t esp_seq; /**< ESP TX sequence number */ uint32_t ah_seq; /**< AH TX sequence number */ - uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */ odp_u16be_t tun_hdr_id; /**< Tunnel header IP ID */ } state; } ipsec_cache_entry_t; diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index c47d314..19dd8b0 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -234,14 +234,14 @@ typedef struct odp_crypto_key { /** * Crypto API IV structure */ -typedef struct odp_crypto_iv { +typedef struct ODP_DEPRECATE(odp_crypto_iv) { /** IV data */ uint8_t *data; /** IV length in bytes */ uint32_t length; -} odp_crypto_iv_t; +} ODP_DEPRECATE(odp_crypto_iv_t); /** * Crypto API data range specifier @@ -285,8 +285,11 @@ typedef struct odp_crypto_session_param_t { */ odp_crypto_key_t cipher_key; - /** Cipher Initialization Vector (IV) */ - odp_crypto_iv_t iv; + /** @deprecated use iv_length and per-packet IV instead */ + ODP_DEPRECATE(odp_crypto_iv_t) ODP_DEPRECATE(iv); + + /** Cipher Initialization Vector (IV) length */ + uint32_t iv_length; /** Authentication algorithm * @@ -359,8 +362,11 @@ typedef struct odp_crypto_op_param_t { */ odp_packet_t out_pkt; - /** Override session IV pointer */ - uint8_t *override_iv_ptr; + /** @deprecated use iv_ptr instead */ + uint8_t *ODP_DEPRECATE(override_iv_ptr); + + /** IV pointer */ + uint8_t *iv_ptr; /** Offset from start of packet for hash result * diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index 515cefa..78f87e0 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -7,6 +7,8 @@ #ifndef ODP_CRYPTO_INTERNAL_H_ #define ODP_CRYPTO_INTERNAL_H_ +#include <odp/api/deprecated.h> + #ifdef __cplusplus extern "C" { #endif @@ -40,8 +42,10 @@ struct odp_crypto_generic_session { odp_bool_t do_cipher_first; struct { +#if ODP_DEPRECATED_API /* Copy of session IV data */ uint8_t iv_data[MAX_IV_LEN]; +#endif union { struct { diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index dfeb9f3..bfbef38 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -184,10 +184,14 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -216,10 +220,14 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -241,9 +249,14 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, static int process_aes_param(odp_crypto_generic_session_t *session) { - /* Verify IV len is either 0 or 16 */ - if (!((0 == session->p.iv.length) || (16 == session->p.iv.length))) + /* Verify IV len is 16 */ +#if ODP_DEPRECATED_API + if (!((16 == session->p.iv_length) || (16 == session->p.iv.length))) + return -1; +#else + if (16 != session->p.iv_length) return -1; +#endif /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) { @@ -273,10 +286,14 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -338,10 +355,14 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -392,6 +413,13 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, static int process_aes_gcm_param(odp_crypto_generic_session_t *session) { + uint32_t iv_length = session->p.iv_length; + +#if ODP_DEPRECATED_API + if (0 != session->p.iv.length) + iv_length = session->p.iv.length; +#endif + /* Verify Key len is 16 */ if (session->p.cipher_key.length != 16) return -1; @@ -409,7 +437,7 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session) } EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, - session->p.iv.length, NULL); + iv_length, NULL); if (ODP_CRYPTO_OP_ENCODE == session->p.op) { EVP_EncryptInit_ex(ctx, NULL, NULL, session->p.cipher_key.data, NULL); @@ -430,10 +458,14 @@ odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, DES_cblock iv; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -468,10 +500,14 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, DES_cblock iv; void *iv_ptr; - if (param->override_iv_ptr) + if (param->iv_ptr) + iv_ptr = param->iv_ptr; +#if ODP_DEPRECATED_API + else if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; else if (session->p.iv.data) iv_ptr = session->cipher.iv_data; +#endif else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -500,9 +536,14 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, static int process_des_param(odp_crypto_generic_session_t *session) { - /* Verify IV len is either 0 or 8 */ - if (!((0 == session->p.iv.length) || (8 == session->p.iv.length))) + /* Verify IV len is 8 */ +#if ODP_DEPRECATED_API + if (!((8 == session->p.iv_length) || (8 == session->p.iv.length))) + return -1; +#else + if (8 != session->p.iv_length) return -1; +#endif /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) @@ -679,6 +720,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, session->p = *param; /* Copy IV data */ +#if ODP_DEPRECATED_API if (session->p.iv.data) { if (session->p.iv.length > MAX_IV_LEN) { ODP_DBG("Maximum IV length exceeded\n"); @@ -689,6 +731,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, memcpy(session->cipher.iv_data, session->p.iv.data, session->p.iv.length); } +#endif /* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) diff --git a/test/common_plat/performance/odp_crypto.c b/test/common_plat/performance/odp_crypto.c index b385797..fa4b817 100644 --- a/test/common_plat/performance/odp_crypto.c +++ b/test/common_plat/performance/odp_crypto.c @@ -186,10 +186,7 @@ static crypto_alg_config_t algs_config[] = { .data = test_key24, .length = sizeof(test_key24) }, - .iv = { - .data = test_iv, - .length = 8, - }, + .iv_length = 8, .auth_alg = ODP_AUTH_ALG_NULL }, }, @@ -201,10 +198,7 @@ static crypto_alg_config_t algs_config[] = { .data = test_key24, .length = sizeof(test_key24) }, - .iv = { - .data = test_iv, - .length = 8, - }, + .iv_length = 8, .auth_alg = ODP_AUTH_ALG_MD5_HMAC, .auth_key = { .data = test_key16, @@ -552,6 +546,7 @@ run_measure_one(crypto_args_t *cargs, } mem = odp_packet_data(newpkt); memset(mem, 1, payload_length); + params.iv_ptr = test_iv; params.pkt = newpkt; params.out_pkt = cargs->in_place ? newpkt : ODP_PACKET_INVALID; diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index 24ea493..6c7a91d 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -67,7 +67,7 @@ static const char *cipher_alg_name(odp_cipher_alg_t cipher) static void alg_test(odp_crypto_op_t op, odp_bool_t should_fail, odp_cipher_alg_t cipher_alg, - odp_crypto_iv_t ses_iv, + uint32_t iv_length, uint8_t *op_iv_ptr, odp_crypto_key_t cipher_key, odp_auth_alg_t auth_alg, @@ -155,7 +155,7 @@ static void alg_test(odp_crypto_op_t op, /* Search for the test case */ for (i = 0; i < num; i++) { if (cipher_capa[i].key_len == cipher_key.length && - cipher_capa[i].iv_len == ses_iv.length) { + cipher_capa[i].iv_len == iv_length) { found = 1; break; } @@ -199,7 +199,7 @@ static void alg_test(odp_crypto_op_t op, ses_params.compl_queue = suite_context.queue; ses_params.output_pool = suite_context.pool; ses_params.cipher_key = cipher_key; - ses_params.iv = ses_iv; + ses_params.iv_length = iv_length; ses_params.auth_key = auth_key; rc = odp_crypto_session_create(&ses_params, &session, &status); @@ -236,8 +236,7 @@ static void alg_test(odp_crypto_op_t op, op_params.auth_range.offset = data_off; op_params.auth_range.length = plaintext_len; } - if (op_iv_ptr) - op_params.override_iv_ptr = op_iv_ptr; + op_params.iv_ptr = op_iv_ptr; op_params.hash_result_offset = plaintext_len; if (0 != digest_len) { @@ -440,52 +439,13 @@ static int check_alg_3des_cbc(void) } /* This test verifies the correctness of encode (plaintext -> ciphertext) - * operation for 3DES_CBC algorithm. IV for the operation is the session IV. - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer.*/ -void crypto_test_enc_alg_3des_cbc(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv; - unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / - sizeof(tdes_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = tdes_cbc_reference_key[i]; - cipher_key.length = sizeof(tdes_cbc_reference_key[i]); - iv.data = tdes_cbc_reference_iv[i]; - iv.length = sizeof(tdes_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_ENCODE, - 0, - ODP_CIPHER_ALG_3DES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - tdes_cbc_reference_plaintext[i], - tdes_cbc_reference_length[i], - tdes_cbc_reference_ciphertext[i], - tdes_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of encode (plaintext -> ciphertext) * operation for 3DES_CBC algorithm. IV for the operation is the operation IV. * */ -void crypto_test_enc_alg_3des_cbc_ovr_iv(void) +void crypto_test_enc_alg_3des_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = TDES_CBC_IV_LEN }; + uint32_t iv_length = TDES_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / sizeof(tdes_cbc_reference_length[0])); unsigned int i; @@ -495,13 +455,13 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void) cipher_key.length = sizeof(tdes_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_3DES_CBC, - iv, + iv_length, tdes_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -523,47 +483,7 @@ void crypto_test_dec_alg_3des_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; - unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / - sizeof(tdes_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = tdes_cbc_reference_key[i]; - cipher_key.length = sizeof(tdes_cbc_reference_key[i]); - iv.data = tdes_cbc_reference_iv[i]; - iv.length = sizeof(tdes_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_DECODE, - 0, - ODP_CIPHER_ALG_3DES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - tdes_cbc_reference_ciphertext[i], - tdes_cbc_reference_length[i], - tdes_cbc_reference_plaintext[i], - tdes_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of decode (ciphertext -> plaintext) - * operation for 3DES_CBC algorithm. IV for the operation is the session IV - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer. - * */ -void crypto_test_dec_alg_3des_cbc_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = TDES_CBC_IV_LEN }; + uint32_t iv_length = TDES_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(tdes_cbc_reference_length) / sizeof(tdes_cbc_reference_length[0])); unsigned int i; @@ -573,13 +493,13 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void) cipher_key.length = sizeof(tdes_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_3DES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_3DES_CBC, - iv, + iv_length, tdes_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -605,7 +525,7 @@ void crypto_test_enc_alg_aes128_gcm(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; + uint32_t iv_length = AES128_GCM_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / sizeof(aes128_gcm_reference_length[0])); unsigned int i; @@ -613,11 +533,9 @@ void crypto_test_enc_alg_aes128_gcm(void) for (i = 0; i < test_vec_num; i++) { cipher_key.data = aes128_gcm_reference_key[i]; cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - iv.data = aes128_gcm_reference_iv[i]; - iv.length = sizeof(aes128_gcm_reference_iv[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, auth_key.length, AES128_GCM_CHECK_LEN)) @@ -626,51 +544,7 @@ void crypto_test_enc_alg_aes128_gcm(void) alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_AES_GCM, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_AES_GCM, - auth_key, - &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], - aes128_gcm_reference_plaintext[i], - aes128_gcm_reference_length[i], - aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i], - aes128_gcm_reference_ciphertext[i] + - aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); - } -} - -/* This test verifies the correctness of encode (plaintext -> ciphertext) - * operation for AES128_GCM algorithm. IV for the operation is the session IV. - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer.*/ -void crypto_test_enc_alg_aes128_gcm_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; - unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / - sizeof(aes128_gcm_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_gcm_reference_key[i]; - cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) - continue; - if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) - continue; - - alg_test(ODP_CRYPTO_OP_ENCODE, - 0, - ODP_CIPHER_ALG_AES_GCM, - iv, + iv_length, aes128_gcm_reference_iv[i], cipher_key, ODP_AUTH_ALG_AES_GCM, @@ -696,7 +570,7 @@ void crypto_test_dec_alg_aes128_gcm(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; + uint32_t iv_length = AES128_GCM_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / sizeof(aes128_gcm_reference_length[0])); unsigned int i; @@ -704,11 +578,9 @@ void crypto_test_dec_alg_aes128_gcm(void) for (i = 0; i < test_vec_num; i++) { cipher_key.data = aes128_gcm_reference_key[i]; cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - iv.data = aes128_gcm_reference_iv[i]; - iv.length = sizeof(aes128_gcm_reference_iv[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, auth_key.length, AES128_GCM_CHECK_LEN)) @@ -717,52 +589,7 @@ void crypto_test_dec_alg_aes128_gcm(void) alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_AES_GCM, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_AES_GCM, - auth_key, - &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], - aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN, - aes128_gcm_reference_plaintext[i], - aes128_gcm_reference_length[i], - aes128_gcm_reference_ciphertext[i] + - aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); - } -} - -/* This test verifies the correctness of decode (ciphertext -> plaintext) - * operation for 3DES_CBC algorithm. IV for the operation is the session IV - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer. - * */ -void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN }; - unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) / - sizeof(aes128_gcm_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_gcm_reference_key[i]; - cipher_key.length = sizeof(aes128_gcm_reference_key[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_GCM, - cipher_key.length, iv.length)) - continue; - if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) - continue; - - alg_test(ODP_CRYPTO_OP_DECODE, - 0, - ODP_CIPHER_ALG_AES_GCM, - iv, + iv_length, aes128_gcm_reference_iv[i], cipher_key, ODP_AUTH_ALG_AES_GCM, @@ -785,52 +612,13 @@ static int check_alg_aes_cbc(void) } /* This test verifies the correctness of encode (plaintext -> ciphertext) - * operation for AES128_CBC algorithm. IV for the operation is the session IV. - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer.*/ -void crypto_test_enc_alg_aes128_cbc(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv; - unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / - sizeof(aes128_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_cbc_reference_key[i]; - cipher_key.length = sizeof(aes128_cbc_reference_key[i]); - iv.data = aes128_cbc_reference_iv[i]; - iv.length = sizeof(aes128_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_ENCODE, - 0, - ODP_CIPHER_ALG_AES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - aes128_cbc_reference_plaintext[i], - aes128_cbc_reference_length[i], - aes128_cbc_reference_ciphertext[i], - aes128_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of encode (plaintext -> ciphertext) * operation for AES128_CBC algorithm. IV for the operation is the operation IV. * */ -void crypto_test_enc_alg_aes128_cbc_ovr_iv(void) +void crypto_test_enc_alg_aes128_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_CBC_IV_LEN }; + uint32_t iv_length = AES128_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / sizeof(aes128_cbc_reference_length[0])); unsigned int i; @@ -840,13 +628,13 @@ void crypto_test_enc_alg_aes128_cbc_ovr_iv(void) cipher_key.length = sizeof(aes128_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_AES_CBC, - iv, + iv_length, aes128_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -868,47 +656,7 @@ void crypto_test_dec_alg_aes128_cbc(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; - unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / - sizeof(aes128_cbc_reference_length[0])); - unsigned int i; - - for (i = 0; i < test_vec_num; i++) { - cipher_key.data = aes128_cbc_reference_key[i]; - cipher_key.length = sizeof(aes128_cbc_reference_key[i]); - iv.data = aes128_cbc_reference_iv[i]; - iv.length = sizeof(aes128_cbc_reference_iv[i]); - - if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) - continue; - - alg_test(ODP_CRYPTO_OP_DECODE, - 0, - ODP_CIPHER_ALG_AES_CBC, - iv, - NULL, - cipher_key, - ODP_AUTH_ALG_NULL, - auth_key, - NULL, NULL, - aes128_cbc_reference_ciphertext[i], - aes128_cbc_reference_length[i], - aes128_cbc_reference_plaintext[i], - aes128_cbc_reference_length[i], NULL, 0); - } -} - -/* This test verifies the correctness of decode (ciphertext -> plaintext) - * operation for AES128_CBC algorithm. IV for the operation is the session IV - * In addition the test verifies if the implementation can use the - * packet buffer as completion event buffer. - * */ -void crypto_test_dec_alg_aes128_cbc_ovr_iv(void) -{ - odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, - auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = AES128_CBC_IV_LEN }; + uint32_t iv_length = AES128_CBC_IV_LEN; unsigned int test_vec_num = (sizeof(aes128_cbc_reference_length) / sizeof(aes128_cbc_reference_length[0])); unsigned int i; @@ -918,13 +666,13 @@ void crypto_test_dec_alg_aes128_cbc_ovr_iv(void) cipher_key.length = sizeof(aes128_cbc_reference_key[i]); if (!check_cipher_options(ODP_CIPHER_ALG_AES_CBC, - cipher_key.length, iv.length)) + cipher_key.length, iv_length)) continue; alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_AES_CBC, - iv, + iv_length, aes128_cbc_reference_iv[i], cipher_key, ODP_AUTH_ALG_NULL, @@ -953,7 +701,6 @@ void crypto_test_gen_alg_hmac_md5(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; unsigned int test_vec_num = (sizeof(hmac_md5_reference_length) / sizeof(hmac_md5_reference_length[0])); @@ -970,8 +717,8 @@ void crypto_test_gen_alg_hmac_md5(void) alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_MD5_HMAC, auth_key, @@ -988,7 +735,6 @@ void crypto_test_check_alg_hmac_md5(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; uint8_t wrong_digest[HMAC_MD5_DIGEST_LEN]; unsigned int test_vec_num = (sizeof(hmac_md5_reference_length) / @@ -1008,8 +754,8 @@ void crypto_test_check_alg_hmac_md5(void) alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_MD5_HMAC, auth_key, @@ -1023,8 +769,8 @@ void crypto_test_check_alg_hmac_md5(void) alg_test(ODP_CRYPTO_OP_DECODE, 1, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_MD5_HMAC, auth_key, @@ -1053,7 +799,6 @@ void crypto_test_gen_alg_hmac_sha256(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; unsigned int test_vec_num = (sizeof(hmac_sha256_reference_length) / sizeof(hmac_sha256_reference_length[0])); @@ -1072,8 +817,8 @@ void crypto_test_gen_alg_hmac_sha256(void) alg_test(ODP_CRYPTO_OP_ENCODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_SHA256_HMAC, auth_key, @@ -1090,7 +835,6 @@ void crypto_test_check_alg_hmac_sha256(void) { odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, auth_key = { .data = NULL, .length = 0 }; - odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; uint8_t wrong_digest[HMAC_SHA256_DIGEST_LEN]; unsigned int test_vec_num = (sizeof(hmac_sha256_reference_length) / @@ -1112,8 +856,8 @@ void crypto_test_check_alg_hmac_sha256(void) alg_test(ODP_CRYPTO_OP_DECODE, 0, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_SHA256_HMAC, auth_key, @@ -1127,8 +871,8 @@ void crypto_test_check_alg_hmac_sha256(void) alg_test(ODP_CRYPTO_OP_DECODE, 1, ODP_CIPHER_ALG_NULL, - iv, - iv.data, + 0, + NULL, cipher_key, ODP_AUTH_ALG_SHA256_HMAC, auth_key, @@ -1190,26 +934,14 @@ odp_testinfo_t crypto_suite[] = { check_alg_3des_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc, check_alg_3des_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_3des_cbc_ovr_iv, - check_alg_3des_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc_ovr_iv, - check_alg_3des_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_cbc, check_alg_aes_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_cbc, check_alg_aes_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_cbc_ovr_iv, - check_alg_aes_cbc), - ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_cbc_ovr_iv, - check_alg_aes_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_gcm, check_alg_aes_gcm), - ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_aes128_gcm_ovr_iv, - check_alg_aes_gcm), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_gcm, check_alg_aes_gcm), - ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_aes128_gcm_ovr_iv, - check_alg_aes_gcm), ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_md5, check_alg_hmac_md5), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_md5,

[API-NEXT,v1,1/1] api: crypto: deprecate per-session IV

Commit Message

Patch