From patchwork Fri Dec 12 22:40:24 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Taras Kondratiuk <taras.kondratiuk@linaro.org>
X-Patchwork-Id: 42200
Return-Path: <patchwork-forward+bncBDVZ52OWS4KRB665VWSAKGQE3IIM66Q@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com
 [209.85.212.198])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id DE13D26C77
 for <linaro@patches.linaro.org>; Fri, 12 Dec 2014 22:40:59 +0000 (UTC)
Received: by mail-wi0-f198.google.com with SMTP id r20sf1780644wiv.1
 for <linaro@patches.linaro.org>; Fri, 12 Dec 2014 14:40:59 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to
 :references:subject:precedence:list-id:list-unsubscribe:list-archive
 :list-post:list-help:list-subscribe:mime-version:content-type
 :content-transfer-encoding:errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=MEnd40pJiNpLEGDmvdDgY0hWILXhpkI8uSMNfIQCFHs=;
 b=eu0GO5tEQCg/MGjmy5Y++Man2XB9JpYEkxM3ebMh3pUlWNchCyyjSYv3mDK9DL+k73
 NjwFK9a8Tsx7EJdAjV8fnmUQNqNszLirK0tq6JE/JX7wl55PjX9mD3erK4LPyuW8Dn7d
 ghQ+KC14EzmRtgKi34UnJY15heeTj/SGq+b8Xg4Pubk3IpnM/0jgsTMEq+WFcIl37DLk
 lGieRhxEVBBuy1PbiMmRuoj2NJ2GlD4SUi8extBnZCaRqXTbEKalPpt5GxxaX3HdrRqI
 w5Hq9NDm4k3gmFkuUG8Zm5iLDqdgijAfbP9LpcX1R4p9AWum48Si3IVvXLN7u9mM/739
 jSow==
X-Gm-Message-State: ALoCoQknZOL5iqJo2v93QtTHiB2vyHGG0KZFiERj//TmHdmu+9XotgsrC2w2Q31hWOhCxZy39hlz
X-Received: by 10.181.13.147 with SMTP id ey19mr1075819wid.2.1418424059194; 
 Fri, 12 Dec 2014 14:40:59 -0800 (PST)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.153.11.6 with SMTP id ee6ls514939lad.7.gmail;
 Fri, 12 Dec 2014 14:40:58 -0800 (PST)
X-Received: by 10.112.166.5 with SMTP id zc5mr17980330lbb.20.1418424058937; 
 Fri, 12 Dec 2014 14:40:58 -0800 (PST)
Received: from mail-lb0-f169.google.com (mail-lb0-f169.google.com.
 [209.85.217.169]) by mx.google.com with ESMTPS id
 ny5si2763702lbb.77.2014.12.12.14.40.58
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 12 Dec 2014 14:40:58 -0800 (PST)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.169 as permitted sender) client-ip=209.85.217.169; 
Received: by mail-lb0-f169.google.com with SMTP id p9so6698385lbv.0
 for <patchwork-forward@linaro.org>;
 Fri, 12 Dec 2014 14:40:58 -0800 (PST)
X-Received: by 10.112.170.36 with SMTP id aj4mr17741658lbc.3.1418424058852; 
 Fri, 12 Dec 2014 14:40:58 -0800 (PST)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.142.69 with SMTP id ru5csp116666lbb;
 Fri, 12 Dec 2014 14:40:57 -0800 (PST)
X-Received: by 10.224.38.71 with SMTP id a7mr35938596qae.24.1418424057069;
 Fri, 12 Dec 2014 14:40:57 -0800 (PST)
Received: from ip-10-35-177-41.ec2.internal (lists.linaro.org.
 [54.225.227.206]) by mx.google.com with ESMTPS id
 h10si3033271qgh.119.2014.12.12.14.40.56 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Fri, 12 Dec 2014 14:40:57 -0800 (PST)
Received-SPF: none (google.com: lng-odp-bounces@lists.linaro.org does not
 designate permitted sender hosts) client-ip=54.225.227.206; 
Received: from localhost ([127.0.0.1] helo=ip-10-35-177-41.ec2.internal)
 by ip-10-35-177-41.ec2.internal with esmtp (Exim 4.76)
 (envelope-from <lng-odp-bounces@lists.linaro.org>)
 id 1XzYtK-0001dQ-ON; Fri, 12 Dec 2014 22:40:54 +0000
Received: from mail-la0-f44.google.com ([209.85.215.44])
 by ip-10-35-177-41.ec2.internal with esmtp (Exim 4.76)
 (envelope-from <taras.kondratiuk@linaro.org>) id 1XzYt8-0001as-Pq
 for lng-odp@lists.linaro.org; Fri, 12 Dec 2014 22:40:42 +0000
Received: by mail-la0-f44.google.com with SMTP id gd6so6963465lab.17
 for <lng-odp@lists.linaro.org>; Fri, 12 Dec 2014 14:40:36 -0800 (PST)
X-Received: by 10.112.42.198 with SMTP id q6mr17801174lbl.69.1418424036896; 
 Fri, 12 Dec 2014 14:40:36 -0800 (PST)
Received: from localhost.localdomain ([80.77.38.170])
 by mx.google.com with ESMTPSA id kt7sm745502lac.4.2014.12.12.14.40.35
 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Fri, 12 Dec 2014 14:40:36 -0800 (PST)
From: Taras Kondratiuk <taras.kondratiuk@linaro.org>
To: lng-odp@lists.linaro.org,
	robking@cisco.com
Date: Sat, 13 Dec 2014 00:40:24 +0200
Message-Id: <1418424026-4526-2-git-send-email-taras.kondratiuk@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1418424026-4526-1-git-send-email-taras.kondratiuk@linaro.org>
References: <1418424026-4526-1-git-send-email-taras.kondratiuk@linaro.org>
X-Topics: crypto
	patch
Subject: [lng-odp] [PATCH 1/3] linux-generic: crypto: always make a copy of IV
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: lng-odp-bounces@lists.linaro.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: taras.kondratiuk@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.169 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

DES library modifies IV buffer in-place. Current code handles this
correctly only in case of encryption operation with session IV.
To prevent user buffer modifications always make a copy of a
provided IV.

Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
---
 platform/linux-generic/odp_crypto.c | 50 +++++++++++++++++++++----------------
 1 file changed, 28 insertions(+), 22 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index d3cdec7..a2d4ab8 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -147,30 +147,25 @@ enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params,
 {
 	uint8_t *data  = odp_packet_addr(params->out_pkt);
 	uint32_t len   = params->cipher_range.length;
-	DES_cblock *iv = NULL;
-	DES_cblock iv_temp;
+	DES_cblock iv;
+	void *iv_ptr;
+
+	if (params->override_iv_ptr)
+		iv_ptr = params->override_iv_ptr;
+	else if (session->cipher.iv.data)
+		iv_ptr = session->cipher.iv.data;
+	else
+		return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
 
 	/*
 	 * Create a copy of the IV.  The DES library modifies IV
 	 * and if we are processing packets on parallel threads
 	 * we could get corruption.
 	 */
-	if (session->cipher.iv.data) {
-		memcpy(iv_temp, session->cipher.iv.data, sizeof(iv_temp));
-		iv = &iv_temp;
-	}
+	memcpy(iv, iv_ptr, sizeof(iv));
 
 	/* Adjust pointer for beginning of area to cipher */
 	data += params->cipher_range.offset;
-
-	/* Override IV if requested */
-	if (params->override_iv_ptr)
-		iv = (DES_cblock *)params->override_iv_ptr;
-
-	/* No session or operation IV */
-	if (!iv)
-		return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
-
 	/* Encrypt it */
 	DES_ede3_cbc_encrypt(data,
 			     data,
@@ -178,7 +173,7 @@ enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params,
 			     &session->cipher.data.des.ks1,
 			     &session->cipher.data.des.ks2,
 			     &session->cipher.data.des.ks3,
-			     iv,
+			     &iv,
 			     1);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;
@@ -190,15 +185,26 @@ enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params,
 {
 	uint8_t *data  = odp_packet_addr(params->out_pkt);
 	uint32_t len   = params->cipher_range.length;
-	DES_cblock *iv = (DES_cblock *)session->cipher.iv.data;
+	DES_cblock iv;
+	void *iv_ptr;
+
+	if (params->override_iv_ptr)
+		iv_ptr = params->override_iv_ptr;
+	else if (session->cipher.iv.data)
+		iv_ptr = session->cipher.iv.data;
+	else
+		return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
+
+	/*
+	 * Create a copy of the IV.  The DES library modifies IV
+	 * and if we are processing packets on parallel threads
+	 * we could get corruption.
+	 */
+	memcpy(iv, iv_ptr, sizeof(iv));
 
 	/* Adjust pointer for beginning of area to cipher */
 	data += params->cipher_range.offset;
 
-	/* Override IV if requested */
-	if (params->override_iv_ptr)
-		iv = (DES_cblock *)params->override_iv_ptr;
-
 	/* Decrypt it */
 	DES_ede3_cbc_encrypt(data,
 			     data,
@@ -206,7 +212,7 @@ enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params,
 			     &session->cipher.data.des.ks1,
 			     &session->cipher.data.des.ks2,
 			     &session->cipher.data.des.ks3,
-			     iv,
+			     &iv,
 			     0);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;