From patchwork Fri Dec 12 22:40:24 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taras Kondratiuk X-Patchwork-Id: 42200 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com [209.85.212.198]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id DE13D26C77 for ; Fri, 12 Dec 2014 22:40:59 +0000 (UTC) Received: by mail-wi0-f198.google.com with SMTP id r20sf1780644wiv.1 for ; Fri, 12 Dec 2014 14:40:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:subject:precedence:list-id:list-unsubscribe:list-archive :list-post:list-help:list-subscribe:mime-version:content-type :content-transfer-encoding:errors-to:sender:x-original-sender :x-original-authentication-results:mailing-list; bh=MEnd40pJiNpLEGDmvdDgY0hWILXhpkI8uSMNfIQCFHs=; b=eu0GO5tEQCg/MGjmy5Y++Man2XB9JpYEkxM3ebMh3pUlWNchCyyjSYv3mDK9DL+k73 NjwFK9a8Tsx7EJdAjV8fnmUQNqNszLirK0tq6JE/JX7wl55PjX9mD3erK4LPyuW8Dn7d ghQ+KC14EzmRtgKi34UnJY15heeTj/SGq+b8Xg4Pubk3IpnM/0jgsTMEq+WFcIl37DLk lGieRhxEVBBuy1PbiMmRuoj2NJ2GlD4SUi8extBnZCaRqXTbEKalPpt5GxxaX3HdrRqI w5Hq9NDm4k3gmFkuUG8Zm5iLDqdgijAfbP9LpcX1R4p9AWum48Si3IVvXLN7u9mM/739 jSow== X-Gm-Message-State: ALoCoQknZOL5iqJo2v93QtTHiB2vyHGG0KZFiERj//TmHdmu+9XotgsrC2w2Q31hWOhCxZy39hlz X-Received: by 10.181.13.147 with SMTP id ey19mr1075819wid.2.1418424059194; Fri, 12 Dec 2014 14:40:59 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.153.11.6 with SMTP id ee6ls514939lad.7.gmail; Fri, 12 Dec 2014 14:40:58 -0800 (PST) X-Received: by 10.112.166.5 with SMTP id zc5mr17980330lbb.20.1418424058937; Fri, 12 Dec 2014 14:40:58 -0800 (PST) Received: from mail-lb0-f169.google.com (mail-lb0-f169.google.com. [209.85.217.169]) by mx.google.com with ESMTPS id ny5si2763702lbb.77.2014.12.12.14.40.58 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 12 Dec 2014 14:40:58 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.169 as permitted sender) client-ip=209.85.217.169; Received: by mail-lb0-f169.google.com with SMTP id p9so6698385lbv.0 for ; Fri, 12 Dec 2014 14:40:58 -0800 (PST) X-Received: by 10.112.170.36 with SMTP id aj4mr17741658lbc.3.1418424058852; Fri, 12 Dec 2014 14:40:58 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.142.69 with SMTP id ru5csp116666lbb; Fri, 12 Dec 2014 14:40:57 -0800 (PST) X-Received: by 10.224.38.71 with SMTP id a7mr35938596qae.24.1418424057069; Fri, 12 Dec 2014 14:40:57 -0800 (PST) Received: from ip-10-35-177-41.ec2.internal (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTPS id h10si3033271qgh.119.2014.12.12.14.40.56 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 12 Dec 2014 14:40:57 -0800 (PST) Received-SPF: none (google.com: lng-odp-bounces@lists.linaro.org does not designate permitted sender hosts) client-ip=54.225.227.206; Received: from localhost ([127.0.0.1] helo=ip-10-35-177-41.ec2.internal) by ip-10-35-177-41.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1XzYtK-0001dQ-ON; Fri, 12 Dec 2014 22:40:54 +0000 Received: from mail-la0-f44.google.com ([209.85.215.44]) by ip-10-35-177-41.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1XzYt8-0001as-Pq for lng-odp@lists.linaro.org; Fri, 12 Dec 2014 22:40:42 +0000 Received: by mail-la0-f44.google.com with SMTP id gd6so6963465lab.17 for ; Fri, 12 Dec 2014 14:40:36 -0800 (PST) X-Received: by 10.112.42.198 with SMTP id q6mr17801174lbl.69.1418424036896; Fri, 12 Dec 2014 14:40:36 -0800 (PST) Received: from localhost.localdomain ([80.77.38.170]) by mx.google.com with ESMTPSA id kt7sm745502lac.4.2014.12.12.14.40.35 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Dec 2014 14:40:36 -0800 (PST) From: Taras Kondratiuk To: lng-odp@lists.linaro.org, robking@cisco.com Date: Sat, 13 Dec 2014 00:40:24 +0200 Message-Id: <1418424026-4526-2-git-send-email-taras.kondratiuk@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1418424026-4526-1-git-send-email-taras.kondratiuk@linaro.org> References: <1418424026-4526-1-git-send-email-taras.kondratiuk@linaro.org> X-Topics: crypto patch Subject: [lng-odp] [PATCH 1/3] linux-generic: crypto: always make a copy of IV X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: lng-odp-bounces@lists.linaro.org Sender: lng-odp-bounces@lists.linaro.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: taras.kondratiuk@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.169 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 DES library modifies IV buffer in-place. Current code handles this correctly only in case of encryption operation with session IV. To prevent user buffer modifications always make a copy of a provided IV. Signed-off-by: Taras Kondratiuk --- platform/linux-generic/odp_crypto.c | 50 +++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index d3cdec7..a2d4ab8 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -147,30 +147,25 @@ enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params, { uint8_t *data = odp_packet_addr(params->out_pkt); uint32_t len = params->cipher_range.length; - DES_cblock *iv = NULL; - DES_cblock iv_temp; + DES_cblock iv; + void *iv_ptr; + + if (params->override_iv_ptr) + iv_ptr = params->override_iv_ptr; + else if (session->cipher.iv.data) + iv_ptr = session->cipher.iv.data; + else + return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; /* * Create a copy of the IV. The DES library modifies IV * and if we are processing packets on parallel threads * we could get corruption. */ - if (session->cipher.iv.data) { - memcpy(iv_temp, session->cipher.iv.data, sizeof(iv_temp)); - iv = &iv_temp; - } + memcpy(iv, iv_ptr, sizeof(iv)); /* Adjust pointer for beginning of area to cipher */ data += params->cipher_range.offset; - - /* Override IV if requested */ - if (params->override_iv_ptr) - iv = (DES_cblock *)params->override_iv_ptr; - - /* No session or operation IV */ - if (!iv) - return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; - /* Encrypt it */ DES_ede3_cbc_encrypt(data, data, @@ -178,7 +173,7 @@ enum crypto_alg_err des_encrypt(odp_crypto_op_params_t *params, &session->cipher.data.des.ks1, &session->cipher.data.des.ks2, &session->cipher.data.des.ks3, - iv, + &iv, 1); return ODP_CRYPTO_ALG_ERR_NONE; @@ -190,15 +185,26 @@ enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params, { uint8_t *data = odp_packet_addr(params->out_pkt); uint32_t len = params->cipher_range.length; - DES_cblock *iv = (DES_cblock *)session->cipher.iv.data; + DES_cblock iv; + void *iv_ptr; + + if (params->override_iv_ptr) + iv_ptr = params->override_iv_ptr; + else if (session->cipher.iv.data) + iv_ptr = session->cipher.iv.data; + else + return ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + + /* + * Create a copy of the IV. The DES library modifies IV + * and if we are processing packets on parallel threads + * we could get corruption. + */ + memcpy(iv, iv_ptr, sizeof(iv)); /* Adjust pointer for beginning of area to cipher */ data += params->cipher_range.offset; - /* Override IV if requested */ - if (params->override_iv_ptr) - iv = (DES_cblock *)params->override_iv_ptr; - /* Decrypt it */ DES_ede3_cbc_encrypt(data, data, @@ -206,7 +212,7 @@ enum crypto_alg_err des_decrypt(odp_crypto_op_params_t *params, &session->cipher.data.des.ks1, &session->cipher.data.des.ks2, &session->cipher.data.des.ks3, - iv, + &iv, 0); return ODP_CRYPTO_ALG_ERR_NONE;