From patchwork Tue Dec 26 00:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 122719 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp346535qgn; Mon, 25 Dec 2017 16:04:24 -0800 (PST) X-Google-Smtp-Source: ACJfBovvfWGyuRbEZkNYb39QImkVDaXWn9EmJ8UUsCPp1Tu6hhtrFV330OGOO/FbDyiwRXtHEVgA X-Received: by 10.55.22.72 with SMTP id g69mr24096qkh.172.1514246664636; Mon, 25 Dec 2017 16:04:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1514246664; cv=none; d=google.com; s=arc-20160816; b=r6+ZarHtOXQT9OgQNJWRy7+Bgg3mf/RHzlurcg5D22L4+nnEoITq2DFtaSP48AIXC7 wycs2Y+Tpvpa6Nh0qjwsP29movBQXLLsjWek1OCkptH8qFovz3puy+pP+CSHsSBF8fHu vSqx13c+krztuaMKh7wU3LrCoCpBhgFS8LIevpTiWQ+QwzeLZD8+jgVGQYvHHAcVGHvZ fSTVTcC8pYKPgqlpmzU9WQSroxrdS0dNj81wYWqHwX3X/drVxSJt5m1ISAbxJfmKLRO+ Do1W1PPA3rBuljwL5EHC1aCzvDa+YhiwFmTxZbuoTvyPJZzMhToS7miYmu69f5PeabK2 b9Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=RJ6Ljp5WVVAOysaH96xquRnXRDWKQ3/JMr9ohqcpilk=; b=FB5v2aFxSiZH/VzJhFcFe1cx0t21fhcA82ZGnaVniniJWM2l7Sd0ht6flrFyy8VwI+ EWsyllrOKHmclR1O2jSZa1MfKlk8FowSQyw9gFetB7+8ujPhQgAb+8G2EipQbIHqnpKO prD3bJAOwwu8hXWWzNTPr3FN45yBE/A27BImRVjSg7YGiCswFkSvmOxTXzYAClKKXyOV zZMFW2fjrOWgY75l7WBnmYqpGCbXCPre0GSjk5GxjsdzagPLGnXF+oSaO/on0If/4OuG iOeYBEGxZR92Dl4CKRDODgOawbEQ0vui5sZudwfJ9GX3slHWyTs12+Rd69I76Fp9lvVH Yfaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 6si6496953qkw.219.2017.12.25.16.04.24; Mon, 25 Dec 2017 16:04:24 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5FD9C608E8; Tue, 26 Dec 2017 00:04:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 58B1B60916; Tue, 26 Dec 2017 00:00:42 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B198060509; Tue, 26 Dec 2017 00:00:24 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 0EE1260509 for ; Tue, 26 Dec 2017 00:00:18 +0000 (UTC) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 1908C6A835F6 for ; Tue, 26 Dec 2017 03:00:17 +0300 (MSK) Received: from smtp1p.mail.yandex.net (smtp1p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:6]) by mxback20j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id qpu1hfN0aK-0HYGdnkK; Tue, 26 Dec 2017 03:00:17 +0300 Received: by smtp1p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id KJPc042sLp-0G4C00wP; Tue, 26 Dec 2017 03:00:16 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 26 Dec 2017 03:00:13 +0300 Message-Id: <1514246413-23329-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514246413-23329-1-git-send-email-odpbot@yandex.ru> References: <1514246413-23329-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 352 Subject: [lng-odp] [PATCH API-NEXT v4 5/5] linux-gen: crypto, ipsec: use auth_iv. X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate handling of authentication IV data. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 352 (lumag:crypto_gmac_iv) ** https://github.com/Linaro/odp/pull/352 ** Patch: https://github.com/Linaro/odp/pull/352.patch ** Base sha: a5f07dbf95f982b7c5898434e56164ff976c0a0f ** Merge commit sha: f8286ad8cd8b0ed8d10af7071eaa5c8cb28520a0 **/ platform/linux-generic/odp_crypto.c | 35 ++++++++++++++++++++++------------ platform/linux-generic/odp_ipsec.c | 6 ++++-- platform/linux-generic/odp_ipsec_sad.c | 2 +- 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index ea47f1de2..e3c30e841 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -36,9 +36,7 @@ * Keep sorted: first by key length, then by IV length */ static const odp_crypto_cipher_capability_t cipher_capa_null[] = { -{.key_len = 0, .iv_len = 0}, -/* Special case for GMAC */ -{.key_len = 0, .iv_len = 12} }; +{.key_len = 0, .iv_len = 0} }; static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = { {.key_len = 24, .iv_len = 8} }; @@ -86,7 +84,8 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } }; static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = { -{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; +{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0}, + .iv_len = 12 } }; /** Forward declaration of session structure */ typedef struct odp_crypto_generic_session_t odp_crypto_generic_session_t; @@ -121,6 +120,7 @@ struct odp_crypto_generic_session_t { struct { uint8_t key[EVP_MAX_KEY_LENGTH]; + uint8_t iv_data[EVP_MAX_IV_LENGTH]; uint32_t key_length; uint32_t bytes; union { @@ -640,10 +640,10 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt, uint8_t block[EVP_MAX_MD_SIZE]; int ret; - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; + if (param->override_auth_iv_ptr) + iv_ptr = param->override_auth_iv_ptr; + else if (session->p.auth_iv.data) + iv_ptr = session->auth.iv_data; else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -679,10 +679,10 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt, uint8_t block[EVP_MAX_MD_SIZE]; int ret; - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; + if (param->override_auth_iv_ptr) + iv_ptr = param->override_auth_iv_ptr; + else if (session->p.auth_iv.data) + iv_ptr = session->auth.iv_data; else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -908,11 +908,21 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, goto err; } + if (session->p.auth_iv.length > EVP_MAX_IV_LENGTH) { + ODP_DBG("Maximum auth IV length exceeded\n"); + *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + goto err; + } + /* Copy IV data */ if (session->p.iv.data) memcpy(session->cipher.iv_data, session->p.iv.data, session->p.iv.length); + if (session->p.auth_iv.data) + memcpy(session->auth.iv_data, session->p.auth_iv.data, + session->p.auth_iv.length); + /* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) session->do_cipher_first = param->auth_cipher_text; @@ -1101,6 +1111,7 @@ odp_crypto_operation(odp_crypto_op_param_t *param, packet_param.session = param->session; packet_param.override_iv_ptr = param->override_iv_ptr; + packet_param.override_auth_iv_ptr = param->override_auth_iv_ptr; packet_param.hash_result_offset = param->hash_result_offset; packet_param.aad_ptr = param->aad_ptr; packet_param.cipher_range = param->cipher_range; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index b023d308d..d8c8fc0f0 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -478,6 +478,7 @@ static int ipsec_in_esp(odp_packet_t *pkt, state->in.hdr_len - ipsec_sa->icv_len; param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; state->esp.aad.spi = esp.spi; state->esp.aad.seq_no = esp.seq_no; @@ -560,7 +561,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, return -1; } - param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; @@ -1080,6 +1081,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, } param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; memset(&esp, 0, sizeof(esp)); esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); @@ -1229,7 +1231,7 @@ static int ipsec_out_ah(odp_packet_t *pkt, return -1; } - param->override_iv_ptr = state->iv; + param->override_auth_iv_ptr = state->iv; if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 845a73dea..56a75f3e5 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -409,7 +409,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; - crypto_param.iv.length = 12; + crypto_param.auth_iv.length = 12; break; default: break;