From patchwork Mon Dec 25 23:00:15 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Github ODP bot <odpbot@yandex.ru>
X-Patchwork-Id: 122712
Delivered-To: patch@linaro.org
Received: by 10.140.22.227 with SMTP id 90csp308425qgn;
 Mon, 25 Dec 2017 15:03:39 -0800 (PST)
X-Google-Smtp-Source: ACJfBouU6ddDlJdLIk3N2tqzd0g8XjkFwIqgd2B6ceo1eL9R5JR6FT0nWuQvJp3KM1qDicCB720t
X-Received: by 10.55.174.134 with SMTP id x128mr32159213qke.167.1514243019098; 
 Mon, 25 Dec 2017 15:03:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1514243019; cv=none;
 d=google.com; s=arc-20160816;
 b=CAgbc4ZdQ5h1vV/NYRlZeOQwu2U6tdQfYknGnvIX6ufVrJssZETEtSUnwIBOBqANiA
 3oBUUN4aru1HTLVrqosXTs8F8UyySEkhf645GiLCDg5+2cMq5KTIRsBM0p78j8Ed4U+I
 w+ox4aMeLTM1CoVDcv1a0B2RYcxvdSpZvHRdtQi8wJqJ5OQsXYskWi5hS7l6T6scHb5V
 079Y8+YVmoReSUcaLEWLx2xsTLFcOauuiI3B30H2K4Xx1CUvU6qIZhkTVyD6HyfdEI2X
 eYBJZ+NWyY9yOdiz0SivqFHeShI0CCCL5jiCI7sndpPmCY6kjPjwWa/0nmPVr+0UTXmE
 00fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:github-pr-num
 :references:in-reply-to:message-id:date:to:from:delivered-to
 :arc-authentication-results;
 bh=9sRDnX5zWAHux5jMEKHtgFbWA9P1w4b/t1O7nIo67aY=;
 b=QRZ+htCvIraE5OYs+TVSP6t6E9948jINWWaBWYAV7UUVe5uuPKdJqQjjtpP0mxQA+U
 7WZeCwbgZNrR7f2svX7H7X9ywdP2OL8q8ZaSqfN7X1ZNffVGoa0NRJuG+4QLvOKoLyFr
 +GDphNlAZwcv8reqyRG3TgqtSVl/SdGvnBXWvEB3e63M/y6TIHB+B68YI7RCuSfpfnJP
 MxM2dpTy9QjA2Fdkj5XgI1Eydc2YFdIJjox8Tr1DQMa1BweN+4jQF/V4G0IkTUad1Fdb
 FB/h0+i77sg5UyJdL0b9DRkB1MUaXwI9wuVyBjqy9NqT7yiH0CcTwmGWWOmqXttILmic
 aa7w==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Return-Path: <lng-odp-bounces@lists.linaro.org>
Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com.
 [54.197.127.237])
 by mx.google.com with ESMTP id p70si2740761qka.3.2017.12.25.15.03.38; 
 Mon, 25 Dec 2017 15:03:39 -0800 (PST)
Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 client-ip=54.197.127.237; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: by lists.linaro.org (Postfix, from userid 109)
 id C8444608E8; Mon, 25 Dec 2017 23:03:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled
 version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id 7C03E60509;
 Mon, 25 Dec 2017 23:02:46 +0000 (UTC)
X-Original-To: lng-odp@lists.linaro.org
Delivered-To: lng-odp@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id 7F891608C9; Mon, 25 Dec 2017 23:02:38 +0000 (UTC)
Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net
 [5.45.198.240])
 by lists.linaro.org (Postfix) with ESMTPS id C413E608E6
 for <lng-odp@lists.linaro.org>; Mon, 25 Dec 2017 23:01:28 +0000 (UTC)
Received: from mxback7g.mail.yandex.net (mxback7g.mail.yandex.net
 [IPv6:2a02:6b8:0:1472:2741:0:8b7:168])
 by forward100j.mail.yandex.net (Yandex) with ESMTP id C8C255D830C7
 for <lng-odp@lists.linaro.org>; Tue, 26 Dec 2017 02:01:27 +0300 (MSK)
Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net
 [2a02:6b8:0:1472:2741:0:8b6:7])
 by mxback7g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id
 E3MinzYGXv-1R0K9SV7; Tue, 26 Dec 2017 02:01:27 +0300
Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 rho8WkqRtC-1LYies5o; Tue, 26 Dec 2017 02:01:21 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
 (Client certificate not present)
From: Github ODP bot <odpbot@yandex.ru>
To: lng-odp@lists.linaro.org
Date: Tue, 26 Dec 2017 02:00:15 +0300
Message-Id: <1514242817-22123-5-git-send-email-odpbot@yandex.ru>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1514242817-22123-1-git-send-email-odpbot@yandex.ru>
References: <1514242817-22123-1-git-send-email-odpbot@yandex.ru>
Github-pr-num: 352
Subject: [lng-odp] [PATCH API-NEXT v3 4/6] linux-generic: crypto,
 ipsec: use auth_iv.
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "The OpenDataPlane \(ODP\) List" <lng-odp.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/lng-odp/>
List-Post: <mailto:lng-odp@lists.linaro.org>
List-Help: <mailto:lng-odp-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

Separate handling of authentication IV data.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
---
/** Email created from pull request 352 (lumag:crypto_gmac_iv)
 ** https://github.com/Linaro/odp/pull/352
 ** Patch: https://github.com/Linaro/odp/pull/352.patch
 ** Base sha: a5f07dbf95f982b7c5898434e56164ff976c0a0f
 ** Merge commit sha: 17da319d68f1b79fbec6d76e925b5d4c9665aaf3
 **/
 platform/linux-generic/odp_crypto.c    | 35 ++++++++++++++++++++++------------
 platform/linux-generic/odp_ipsec.c     |  6 ++++--
 platform/linux-generic/odp_ipsec_sad.c |  2 +-
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index ea47f1de2..e3c30e841 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -36,9 +36,7 @@
  * Keep sorted: first by key length, then by IV length
  */
 static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
-{.key_len = 0, .iv_len = 0},
-/* Special case for GMAC */
-{.key_len = 0, .iv_len = 12} };
+{.key_len = 0, .iv_len = 0} };
 
 static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = {
 {.key_len = 24, .iv_len = 8} };
@@ -86,7 +84,8 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
 
 static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = {
-{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0},
+	.iv_len = 12 } };
 
 /** Forward declaration of session structure */
 typedef struct odp_crypto_generic_session_t odp_crypto_generic_session_t;
@@ -121,6 +120,7 @@ struct odp_crypto_generic_session_t {
 
 	struct {
 		uint8_t  key[EVP_MAX_KEY_LENGTH];
+		uint8_t  iv_data[EVP_MAX_IV_LENGTH];
 		uint32_t key_length;
 		uint32_t bytes;
 		union {
@@ -640,10 +640,10 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt,
 	uint8_t block[EVP_MAX_MD_SIZE];
 	int ret;
 
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
+	if (param->override_auth_iv_ptr)
+		iv_ptr = param->override_auth_iv_ptr;
+	else if (session->p.auth_iv.data)
+		iv_ptr = session->auth.iv_data;
 	else
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
@@ -679,10 +679,10 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt,
 	uint8_t block[EVP_MAX_MD_SIZE];
 	int ret;
 
-	if (param->override_iv_ptr)
-		iv_ptr = param->override_iv_ptr;
-	else if (session->p.iv.data)
-		iv_ptr = session->cipher.iv_data;
+	if (param->override_auth_iv_ptr)
+		iv_ptr = param->override_auth_iv_ptr;
+	else if (session->p.auth_iv.data)
+		iv_ptr = session->auth.iv_data;
 	else
 		return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
@@ -908,11 +908,21 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
 		goto err;
 	}
 
+	if (session->p.auth_iv.length > EVP_MAX_IV_LENGTH) {
+		ODP_DBG("Maximum auth IV length exceeded\n");
+		*status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER;
+		goto err;
+	}
+
 	/* Copy IV data */
 	if (session->p.iv.data)
 		memcpy(session->cipher.iv_data, session->p.iv.data,
 		       session->p.iv.length);
 
+	if (session->p.auth_iv.data)
+		memcpy(session->auth.iv_data, session->p.auth_iv.data,
+		       session->p.auth_iv.length);
+
 	/* Derive order */
 	if (ODP_CRYPTO_OP_ENCODE == param->op)
 		session->do_cipher_first =  param->auth_cipher_text;
@@ -1101,6 +1111,7 @@ odp_crypto_operation(odp_crypto_op_param_t *param,
 
 	packet_param.session = param->session;
 	packet_param.override_iv_ptr = param->override_iv_ptr;
+	packet_param.override_auth_iv_ptr = param->override_auth_iv_ptr;
 	packet_param.hash_result_offset = param->hash_result_offset;
 	packet_param.aad_ptr = param->aad_ptr;
 	packet_param.cipher_range = param->cipher_range;
diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index b023d308d..d8c8fc0f0 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -478,6 +478,7 @@ static int ipsec_in_esp(odp_packet_t *pkt,
 				    state->in.hdr_len -
 				    ipsec_sa->icv_len;
 	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	state->esp.aad.spi = esp.spi;
 	state->esp.aad.seq_no = esp.seq_no;
@@ -560,7 +561,7 @@ static int ipsec_in_ah(odp_packet_t *pkt,
 		return -1;
 	}
 
-	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	state->in.hdr_len = (ah.ah_len + 2) * 4;
 	state->in.trl_len = 0;
@@ -1080,6 +1081,7 @@ static int ipsec_out_esp(odp_packet_t *pkt,
 	}
 
 	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	memset(&esp, 0, sizeof(esp));
 	esp.spi = odp_cpu_to_be_32(ipsec_sa->spi);
@@ -1229,7 +1231,7 @@ static int ipsec_out_ah(odp_packet_t *pkt,
 		return -1;
 	}
 
-	param->override_iv_ptr = state->iv;
+	param->override_auth_iv_ptr = state->iv;
 
 	if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) {
 		status->error.alg = 1;
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 845a73dea..56a75f3e5 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -409,7 +409,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;
-		crypto_param.iv.length = 12;
+		crypto_param.auth_iv.length = 12;
 		break;
 	default:
 		break;