From patchwork Tue Dec 19 23:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 122414 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp4794891qgn; Tue, 19 Dec 2017 15:03:46 -0800 (PST) X-Google-Smtp-Source: ACJfBovSYIEOzrmMEwJtUbgTufkGnfagaDqB+rE73OO2DsvWc90fxxRf/X7rHNKsRRzdK7KBtstA X-Received: by 10.55.72.66 with SMTP id v63mr7326240qka.92.1513724626699; Tue, 19 Dec 2017 15:03:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513724626; cv=none; d=google.com; s=arc-20160816; b=JAtkwDNyV3NbSp21PRo9gyU6/Z7v3bZ21SHMb9ZFp3v57gjK3b8PMUNtzmF3VV9BEA CbnEMrWrFq0xn0Vr1g0aAKtOmSQRkBZvBc7hYCYXOjg7/yTtXh4jlduTh+6TxvYfG5Mq Iiiwmuwr8VGrwnkxsWfCaQc702WphLXIj+Vx6iZSi0ypP44+rcl/b73CWOmJtdKV562W CukKHYzDtGApEafQQe5G+k9hI6HdvjtX2tqa1cQhhv8/eEjTRQUz/4bZ/isV1l3vQ85J 2RDLFW/GOJMFWW5XFoSwP5bk0bAx73fdg8wR3vJXfFKXrTAoL/Rk9bD+LQ4wrAZhBEU0 11Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=EAwkUQLZr1Cq56WopNSg01bzO+3VR/DUsXy2ELE2biw=; b=wCUdaVQRPeRlJi6wWoZBZ15444IdZEBuUeD+E4JdMqtNNZhAITVyA87BbQrc+42eqw tFrju65IuE4+yhii261Uc4+qDW/jfdW9gMEm96Hu+ClCRg8Z92C0XnK5GYydpl6GMtyz i1+yg3N+btOi6QsyRmQNia0jBhLrXr5G7fw9fU9bVNqRFKTCTRK5D+K0D/d+4gJ8yxEr jS/DePqbV2X4TPj8MvVTF7IPuInfPo/r84TclDi138E9XLZ6PLxd6NomrPlP64CI2PZT h/atZVcAlc5g11sLCdxsE7xTW5iIv5XWbIAVk1Zi4ZKEUCEJPdwgut1xS7XomR779KiX 28eQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id q73si137918qkq.4.2017.12.19.15.03.46; Tue, 19 Dec 2017 15:03:46 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 639466096B; Tue, 19 Dec 2017 23:03:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id F2CB060B0E; Tue, 19 Dec 2017 23:01:15 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 21EDF608E7; Tue, 19 Dec 2017 23:00:56 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 469B260859 for ; Tue, 19 Dec 2017 23:00:28 +0000 (UTC) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 925CF18029AF for ; Wed, 20 Dec 2017 02:00:24 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback7o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id YYIhmFWce5-0OFOrhNq; Wed, 20 Dec 2017 02:00:24 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id U73IVpNz26-0NNG30ew; Wed, 20 Dec 2017 02:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 20 Dec 2017 02:00:15 +0300 Message-Id: <1513724415-24899-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513724415-24899-1-git-send-email-odpbot@yandex.ru> References: <1513724415-24899-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 352 Subject: [lng-odp] [PATCH API-NEXT v1 4/4] linux-generic: crypto, ipsec: use auth_iv. X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate handling of authentication IV data. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 352 (lumag:crypto_gmac_iv) ** https://github.com/Linaro/odp/pull/352 ** Patch: https://github.com/Linaro/odp/pull/352.patch ** Base sha: 12fd3a9224a856271934986a1bad981843915d68 ** Merge commit sha: ceb7bff0f74da9fec7efa8d45d3078c2485ca305 **/ platform/linux-generic/odp_crypto.c | 35 ++++++++++++++++++++++------------ platform/linux-generic/odp_ipsec.c | 6 ++++-- platform/linux-generic/odp_ipsec_sad.c | 2 +- 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 811d3fc03..67f3a5787 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -36,9 +36,7 @@ * Keep sorted: first by key length, then by IV length */ static const odp_crypto_cipher_capability_t cipher_capa_null[] = { -{.key_len = 0, .iv_len = 0}, -/* Special case for GMAC */ -{.key_len = 0, .iv_len = 12} }; +{.key_len = 0, .iv_len = 0} }; static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = { {.key_len = 24, .iv_len = 8} }; @@ -86,7 +84,8 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } }; static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = { -{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; +{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0}, + .iv_len = 12 } }; /** Forward declaration of session structure */ typedef struct odp_crypto_generic_session_t odp_crypto_generic_session_t; @@ -121,6 +120,7 @@ struct odp_crypto_generic_session_t { struct { uint8_t key[EVP_MAX_KEY_LENGTH]; + uint8_t iv_data[EVP_MAX_IV_LENGTH]; uint32_t key_length; uint32_t bytes; union { @@ -640,10 +640,10 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt, uint8_t block[EVP_MAX_MD_SIZE]; int ret; - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; + if (param->override_auth_iv_ptr) + iv_ptr = param->override_auth_iv_ptr; + else if (session->p.auth_iv.data) + iv_ptr = session->auth.iv_data; else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -679,10 +679,10 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt, uint8_t block[EVP_MAX_MD_SIZE]; int ret; - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; + if (param->override_auth_iv_ptr) + iv_ptr = param->override_auth_iv_ptr; + else if (session->p.auth_iv.data) + iv_ptr = session->auth.iv_data; else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -905,11 +905,21 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, goto err; } + if (session->p.auth_iv.length > EVP_MAX_IV_LENGTH) { + ODP_DBG("Maximum auth IV length exceeded\n"); + *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + goto err; + } + /* Copy IV data */ if (session->p.iv.data) memcpy(session->cipher.iv_data, session->p.iv.data, session->p.iv.length); + if (session->p.auth_iv.data) + memcpy(session->auth.iv_data, session->p.auth_iv.data, + session->p.auth_iv.length); + /* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) session->do_cipher_first = param->auth_cipher_text; @@ -1098,6 +1108,7 @@ odp_crypto_operation(odp_crypto_op_param_t *param, packet_param.session = param->session; packet_param.override_iv_ptr = param->override_iv_ptr; + packet_param.override_auth_iv_ptr = param->override_auth_iv_ptr; packet_param.hash_result_offset = param->hash_result_offset; packet_param.aad.ptr = param->aad.ptr; packet_param.cipher_range = param->cipher_range; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 4f23eb17b..544dbf17c 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -419,6 +419,7 @@ static int ipsec_in_esp(odp_packet_t *pkt, state->in.hdr_len - ipsec_sa->icv_len; param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; state->esp.aad.spi = esp.spi; state->esp.aad.seq_no = esp.seq_no; @@ -501,7 +502,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, return -1; } - param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; @@ -1021,6 +1022,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, } param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; memset(&esp, 0, sizeof(esp)); esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); @@ -1170,7 +1172,7 @@ static int ipsec_out_ah(odp_packet_t *pkt, return -1; } - param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 2d6321166..e165e7437 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -373,7 +373,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; ipsec_sa->icv_len = 16; - crypto_param.iv.length = 12; + crypto_param.auth_iv.length = 12; break; default: goto error;