From patchwork Mon May 22 22:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 100330 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp48601qge; Mon, 22 May 2017 15:12:42 -0700 (PDT) X-Received: by 10.55.132.196 with SMTP id g187mr24738703qkd.12.1495491162570; Mon, 22 May 2017 15:12:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1495491162; cv=none; d=google.com; s=arc-20160816; b=0GVhMvTxndZNo1iqghBr6wRHrT14cX4bT+5Y4K9sp+naDqClRfjKjaP8dBUEBkICA4 +xqZi1KTAKqzOfn7QDcvUnPyo7+ieOxIqjtDMyFA4iXYUSM+3U2b4Nv4HDQVF73ETNLJ 9cZJ+WTFnYsk1Jx/fHPenhIUIARSaiVXpJrek3MMnJKtlNfdc9M8FDntvoJ/1QRy4eJT xgKNbxT0eWWGZaZ8tT0MuCAc/qGYOVdw2JmLEiYXvhOBMHSLqt6bKf7rYdxYmoUZ3z+T 9T5s+j4TsiaSbxJ0QMj3FgfzsDOCbMVhWFAGFuGRPHbMjqjgwvuelrqUB7mQpH+POqsq NRMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=4B7K5oby8WhuHCuYeGo44map0BKjPy4BG8WPENB4oB8=; b=jXhBdf/DmxlX8V4bWwCivtEEalEMKs5EWoZUISWSI94xbwYOQ/6uPIx5JdTTueMRkV 2pnIPGvjZCVJmdR3FlNlxxxYscCBCouFP6ih9pJuCjZmghRurOzo8taWuc02Jq3r0+jN DziGJ2iIKHKnCR9tVaJxTWxp6QFTNsrbOXMzslIHYL9lDYyN3sXPm3Ak2Z7jVoVSAqUl 56BISrSSqaZE6udSizKrj+ddA9gsfba6tMd05kCBkKtmwmZqEzj1XAeQdISm7Ll/FdrW MIcDzjl+QAORhGnWMTj+fV9U8LOx3Plav9WplGx3p16Zg0lpD4xXNZdz08UKYBjUmNL9 Wiag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id b16si19053985qkj.311.2017.05.22.15.12.42; Mon, 22 May 2017 15:12:42 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3C0FC6067A; Mon, 22 May 2017 22:12:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 9AB9860C1D; Mon, 22 May 2017 22:02:16 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 69CA660C20; Mon, 22 May 2017 22:02:07 +0000 (UTC) Received: from forward3p.cmail.yandex.net (forward3p.cmail.yandex.net [77.88.31.18]) by lists.linaro.org (Postfix) with ESMTPS id B782360725 for ; Mon, 22 May 2017 22:00:27 +0000 (UTC) Received: from smtp3m.mail.yandex.net (smtp3m.mail.yandex.net [IPv6:2a02:6b8:0:2519::125]) by forward3p.cmail.yandex.net (Yandex) with ESMTP id 6A7BA20C70 for ; Tue, 23 May 2017 01:00:25 +0300 (MSK) Received: from smtp3m.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3m.mail.yandex.net (Yandex) with ESMTP id 493EC2840F06 for ; Tue, 23 May 2017 01:00:24 +0300 (MSK) Received: by smtp3m.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ll1QrMKPBI-0OEWGwWW; Tue, 23 May 2017 01:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 23 May 2017 01:00:02 +0300 Message-Id: <1495490409-30066-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1495490409-30066-1-git-send-email-odpbot@yandex.ru> References: <1495490409-30066-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 34 Subject: [lng-odp] [PATCH API-NEXT v2 13/20] linux-generic: crypto: rewrite AES-CBC support using EVP functions X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Rewrite AES-CBC to use generic EVP interface following AES-GCM implementation. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 34 (lumag:crypto-update-main-new) ** https://github.com/Linaro/odp/pull/34 ** Patch: https://github.com/Linaro/odp/pull/34.patch ** Base sha: 826ee894aa0ebd09d42a17e1de077c46bc5b366a ** Merge commit sha: 7c49c61063e2d57f049a5436cf12a3c36710bb34 **/ .../linux-generic/include/odp_crypto_internal.h | 3 +- platform/linux-generic/odp_crypto.c | 70 ++++++++++++---------- 2 files changed, 39 insertions(+), 34 deletions(-) diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index d1020dba..d6fd0400 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -12,7 +12,6 @@ extern "C" { #endif #include -#include #include #define MAX_IV_LEN 64 @@ -50,7 +49,7 @@ struct odp_crypto_generic_session { DES_key_schedule ks3; } des; struct { - AES_KEY key; + uint8_t key[EVP_MAX_KEY_LENGTH]; } aes; struct { uint8_t key[EVP_MAX_KEY_LENGTH]; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 93837215..a3f22020 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -187,10 +187,11 @@ static odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - unsigned char iv_enc[AES_BLOCK_SIZE]; + uint32_t plain_len = param->cipher_range.length; void *iv_ptr; + int cipher_len = 0; if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -199,18 +200,21 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID; - /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; + /* Encrypt it */ - AES_cbc_encrypt(data, data, len, &session->cipher.data.aes.key, - iv_enc, AES_ENCRYPT); + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + session->cipher.data.aes.key, NULL); + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); + + EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); + + EVP_CIPHER_CTX_free(ctx); return ODP_CRYPTO_ALG_ERR_NONE; } @@ -219,9 +223,10 @@ static odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - unsigned char iv_enc[AES_BLOCK_SIZE]; + uint32_t cipher_len = param->cipher_range.length; + int plain_len = 0; void *iv_ptr; if (param->override_iv_ptr) @@ -231,18 +236,21 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID; - /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; - /* Encrypt it */ - AES_cbc_encrypt(data, data, len, &session->cipher.data.aes.key, - iv_enc, AES_DECRYPT); + + /* Decrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + session->cipher.data.aes.key, NULL); + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); + + EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); + + EVP_CIPHER_CTX_free(ctx); return ODP_CRYPTO_ALG_ERR_NONE; } @@ -253,16 +261,14 @@ static int process_aes_param(odp_crypto_generic_session_t *session) if (!((0 == session->p.iv.length) || (16 == session->p.iv.length))) return -1; + memcpy(session->cipher.data.aes.key, session->p.cipher_key.data, + session->p.cipher_key.length); + /* Set function */ - if (ODP_CRYPTO_OP_ENCODE == session->p.op) { + if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = aes_encrypt; - AES_set_encrypt_key(session->p.cipher_key.data, 128, - &session->cipher.data.aes.key); - } else { + else session->cipher.func = aes_decrypt; - AES_set_decrypt_key(session->p.cipher_key.data, 128, - &session->cipher.data.aes.key); - } return 0; }