From patchwork Thu Dec 21 23:00:23 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Github ODP bot <odpbot@yandex.ru>
X-Patchwork-Id: 122608
Delivered-To: patch@linaro.org
Received: by 10.140.22.227 with SMTP id 90csp1512567qgn;
 Thu, 21 Dec 2017 15:05:57 -0800 (PST)
X-Google-Smtp-Source: ACJfBot618f5bSrv+uCBUPo0hDFdnAlCSwaKORSCy4vjND/KUSCzSnemv7z3/RCt7gnLCTstzykq
X-Received: by 10.200.48.51 with SMTP id f48mr16748554qte.262.1513897557326; 
 Thu, 21 Dec 2017 15:05:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1513897557; cv=none;
 d=google.com; s=arc-20160816;
 b=p3lgT95XGAxZlqss6aveulP/WaFdepiww5V0WDa/9v/7jcnsZ8jo+1sQ7oaNQgdZnj
 e1FXEugnjf7BRn411e8183v46fCgfDIh2lCcUCV3P+nX2X+iZZflyR35JYzfkgmRJYxC
 DGJDEbWi11tRS15pChNWl2gDyX+POa0kGc+ZuQtccU4AEf/K4Rp81zwg+0ZzWQHALWXG
 lRRANscvxGzjDkKIMgYGwd6IK4dnvWLYBJTO8wq0FdspobQ0GlR5dGeOzna5RVuj/dYC
 XWYqOzjqPKTMDVZY21ys2BVuKNSOk0/MRBvYi4vjwkBPQkzITMUytfNy/3PYI+2JkCdf
 f3FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:github-pr-num
 :references:in-reply-to:message-id:date:to:from:delivered-to
 :arc-authentication-results;
 bh=+7VTSJ8G0N5niTbPhmfMSc2J88F8Y5j3UW9vWbwgGoM=;
 b=BOuPO0NXWalXqJXjY1zKU0krWiTmblk2SkHhxC9chq4fZ2ImKu/PSO/BY9lzdywsWz
 UJUwnuXZJcljhC7qctxfAer93eIr/DxvTUARtkBnnUdj7VmjM4tLcvGzP9LDW2Jp72Jt
 UXLiis4e2/DXj11oRFs+somrzMZUykzKa5qUrR3sVwFDRYVgiynZhJQyRXIc+KoDMtJg
 xDeD7KkusDtaUm90Ty9rj7HllTuEqMiCTNjmX8hzAicg4wb2aVj5qMOeFqi8qWlSvKHB
 78z2jdx9w40cT+silKE75GfFmANaXuKu2WNr8nR0Bs4/GzP/9uxqzWuD1av3yhzN4CCE
 2dYQ==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Return-Path: <lng-odp-bounces@lists.linaro.org>
Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com.
 [54.197.127.237]) by mx.google.com with ESMTP id
 p24si3270135qtp.376.2017.12.21.15.05.57; 
 Thu, 21 Dec 2017 15:05:57 -0800 (PST)
Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 client-ip=54.197.127.237; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: by lists.linaro.org (Postfix, from userid 109)
 id 0F2A661528; Thu, 21 Dec 2017 23:05:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled
 version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id 67548616E4;
 Thu, 21 Dec 2017 23:01:37 +0000 (UTC)
X-Original-To: lng-odp@lists.linaro.org
Delivered-To: lng-odp@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id AB9B16150E; Thu, 21 Dec 2017 23:01:23 +0000 (UTC)
Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net
 [5.45.198.241])
 by lists.linaro.org (Postfix) with ESMTPS id 46E186150B
 for <lng-odp@lists.linaro.org>; Thu, 21 Dec 2017 23:00:28 +0000 (UTC)
Received: from mxback13g.mail.yandex.net (mxback13g.mail.yandex.net
 [IPv6:2a02:6b8:0:1472:2741:0:8b7:92])
 by forward101j.mail.yandex.net (Yandex) with ESMTP id F1B3D124277E
 for <lng-odp@lists.linaro.org>; Fri, 22 Dec 2017 02:00:26 +0300 (MSK)
Received: from smtp4o.mail.yandex.net (smtp4o.mail.yandex.net
 [2a02:6b8:0:1a2d::28])
 by mxback13g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id
 l9nymyRNXx-0QVKBTUv; Fri, 22 Dec 2017 02:00:26 +0300
Received: by smtp4o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 B287xXhYac-0QVKVZSi; Fri, 22 Dec 2017 02:00:26 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
 (Client certificate not present)
From: Github ODP bot <odpbot@yandex.ru>
To: lng-odp@lists.linaro.org
Date: Fri, 22 Dec 2017 02:00:23 +0300
Message-Id: <1513897223-21131-5-git-send-email-odpbot@yandex.ru>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1513897223-21131-1-git-send-email-odpbot@yandex.ru>
References: <1513897223-21131-1-git-send-email-odpbot@yandex.ru>
Github-pr-num: 352
Subject: [lng-odp] [PATCH API-NEXT v2 4/4] linux-generic: crypto,
 ipsec: use auth_iv.
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "The OpenDataPlane \(ODP\) List" <lng-odp.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/lng-odp/>
List-Post: <mailto:lng-odp@lists.linaro.org>
List-Help: <mailto:lng-odp-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

Separate handling of authentication IV data.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
---
/** Email created from pull request 352 (lumag:crypto_gmac_iv)
 ** https://github.com/Linaro/odp/pull/352
 ** Patch: https://github.com/Linaro/odp/pull/352.patch
 ** Base sha: 177eeff39e19289e771119cfdffc515cb16f9db5
 ** Merge commit sha: ea71bf34033ee74ce7f090f0212b9285ca13b1fe
 **/
 platform/linux-generic/odp_crypto.c    | 35 ++++++++++++++++++++++------------
 platform/linux-generic/odp_ipsec.c     |  6 ++++--
 platform/linux-generic/odp_ipsec_sad.c |  2 +-
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 4cc01845a..f56aabc4a 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -36,9 +36,7 @@
  * Keep sorted: first by key length, then by IV length
  */
 static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
-{.key_len = 0, .iv_len = 0},
-/* Special case for GMAC */
-{.key_len = 0, .iv_len = 12} };
+{.key_len = 0, .iv_len = 0} };
 
 static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = {
 {.key_len = 24, .iv_len = 8} };
@@ -86,7 +84,8 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
 
 static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
-{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0},
+	.iv_len = 12 } };
 
 /** Forward declaration of session structure */
 typedef struct odp_crypto_generic_session_t odp_crypto_generic_session_t;
@@ -121,6 +120,7 @@ struct odp_crypto_generic_session_t {
 
 	struct {
 		uint8_t  key[EVP_MAX_KEY_LENGTH];
+		uint8_t  iv_data[EVP_MAX_IV_LENGTH];
 		uint32_t key_length;
 		uint32_t bytes;
 		union {
@@ -640,10 +640,10 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
 	uint8_t block[EVP_MAX_MD_SIZE];
 	int ret;
 
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
+	if (param->override_auth_iv_ptr)
+		iv_ptr = param->override_auth_iv_ptr;
+	else if (session->p.auth_iv.data)
+		iv_ptr = session->auth.iv_data;
 	else
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
@@ -679,10 +679,10 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt,
 	uint8_t block[EVP_MAX_MD_SIZE];
 	int ret;
 
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
+	if (param->override_auth_iv_ptr)
+		iv_ptr = param->override_auth_iv_ptr;
+	else if (session->p.auth_iv.data)
+		iv_ptr = session->auth.iv_data;
 	else
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
@@ -905,11 +905,21 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 		goto err;
 	}
 
+	if (session->p.auth_iv.length > EVP_MAX_IV_LENGTH) {
+		ODP_DBG("Maximum auth IV length exceeded\n");
+		*status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
+		goto err;
+	}
+
 	/* Copy IV data */
 	if (session->p.iv.data)
 		memcpy(session->cipher.iv_data, session->p.iv.data,
 		       session->p.iv.length);
 
+	if (session->p.auth_iv.data)
+		memcpy(session->auth.iv_data, session->p.auth_iv.data,
+		       session->p.auth_iv.length);
+
 	/* Derive order */
 	if (ODP_CRYPTO_OP_ENCODE == param->op)
 		session->do_cipher_first =  param->auth_cipher_text;
@@ -1098,6 +1108,7 @@ odp_crypto_operation(odp_crypto_op_param_t *param,
 
 	packet_param.session = param->session;
 	packet_param.override_iv_ptr = param->override_iv_ptr;
+	packet_param.override_auth_iv_ptr = param->override_auth_iv_ptr;
 	packet_param.hash_result_offset = param->hash_result_offset;
 	packet_param.aad_ptr = param->aad_ptr;
 	packet_param.cipher_range = param->cipher_range;
diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index b023d308d..d8c8fc0f0 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -478,6 +478,7 @@ static int ipsec_in_esp(odp_packet_t *pkt,
 				    state->in.hdr_len -
 				    ipsec_sa->icv_len;
 	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	state->esp.aad.spi = esp.spi;
 	state->esp.aad.seq_no = esp.seq_no;
@@ -560,7 +561,7 @@ static int ipsec_in_ah(odp_packet_t *pkt,
 		return -1;
 	}
 
-	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	state->in.hdr_len = (ah.ah_len + 2) * 4;
 	state->in.trl_len = 0;
@@ -1080,6 +1081,7 @@ static int ipsec_out_esp(odp_packet_t *pkt,
 	}
 
 	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	memset(&esp, 0, sizeof(esp));
 	esp.spi = odp_cpu_to_be_32(ipsec_sa->spi);
@@ -1229,7 +1231,7 @@ static int ipsec_out_ah(odp_packet_t *pkt,
 		return -1;
 	}
 
-	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) {
 		status->error.alg = 1;
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 845a73dea..56a75f3e5 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -409,7 +409,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;
-		crypto_param.iv.length = 12;
+		crypto_param.auth_iv.length = 12;
 		break;
 	default:
 		break;