From patchwork Mon Jan 22 08:00:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 125344 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp1025985ljf; Mon, 22 Jan 2018 00:11:17 -0800 (PST) X-Google-Smtp-Source: AH8x224QdR6CwMFBi/rmM+shnYEexBJUHyaY/lpiPnd21kgxCrZs9VIdjn0oJXYAd9pRPx9K9rbF X-Received: by 10.55.20.155 with SMTP id 27mr8973234qku.58.1516608677338; Mon, 22 Jan 2018 00:11:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516608677; cv=none; d=google.com; s=arc-20160816; b=ilwhAOVTbFuPUIR6ZI80DLNHgMr6FeSGfavAy8Ur6XGFVRDxXGpFW4ISSAzwZ+8hv6 afXNdhSfpPphX9lqDUcy7Uv2uEMbzlRbG3tiwqltQZNhCm6KVrMMIG9s5v8qusHuu8E9 YKcnu4MqM+OM0rMbpefDSw6k5Jsc9VSwh/B0suWgkfy8OmYRkQxMWdjCkZ8hMcYL/zOb YUTtea4hj8GUKdZ8rD+i4A+m1X6/76poqWV95W5g1c0FgzmLhZwyA3MBYXW4bPp7BhYS 1MVOYhXvmaCCiaFcofdEYfoHRMCrxrbrUxf68N4pvmbiSCRVpqGIS5+MxgbjMcq9BAHJ hXLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Nhjjk0hsjzIHb7TheeqV6Vi00h94ci+WMlTDpoU0kK0=; b=ZS2R9sD5O14y8AfuHvde/Q+BicXdoTMAtcsXpDv2IqvyeXbWNJt/ULG+3uyQgu8cpN 5dCB56rZdjc8fseKOD6/FuXOHHF29BMOgihSUOUDxCMkgm1OLQ9dnrgdlUkzngT6uHgu 8Av36RVvLVdGI7DibXwdanF8vNDRFdvSvZ+nstwJB9QJ92QDe3/MnxZbKA1gkVYHqRmv RvejbTNEpBYnAAOn4jvRXdRj/iFkDOrLXrfeRpKrZ1mc75h/pjH/7ijme1qEvJDF76Ub Sd+q9gPzhiRZgSKqkdPWMkbqfduFiTTI1VMrF0qzB0K3vwm5/W8hjjBqC4vBVjl8fnfE xNNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 32si882320qku.219.2018.01.22.00.11.17; Mon, 22 Jan 2018 00:11:17 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 084D8617FC; Mon, 22 Jan 2018 08:11:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2 autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 2D5E1619C0; Mon, 22 Jan 2018 08:01:55 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5C348616FC; Mon, 22 Jan 2018 08:00:47 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id 7FBA761747 for ; Mon, 22 Jan 2018 08:00:19 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 25C25134341B for ; Mon, 22 Jan 2018 11:00:18 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id QkRyP4iiGd-0INOQS5V; Mon, 22 Jan 2018 11:00:18 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yORTcTkY7i-0HHmCYuB; Mon, 22 Jan 2018 11:00:17 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 22 Jan 2018 11:00:05 +0300 Message-Id: <1516608010-2535-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516608010-2535-1-git-send-email-odpbot@yandex.ru> References: <1516608010-2535-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 413 Subject: [lng-odp] [PATCH v1 7/12] linux-gen: crypto, ipsec: use auth_iv X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate handling of authentication IV data. Signed-off-by: Dmitry Eremin-Solenikov Reviewed-by: Bill Fischofer Reviewed-by: Petri Savolainen Signed-off-by: Maxim Uvarov --- /** Email created from pull request 413 (SonicwallYhe:api-next) ** https://github.com/Linaro/odp/pull/413 ** Patch: https://github.com/Linaro/odp/pull/413.patch ** Base sha: 5a4502fc6bc53e6503169da3028f456b64811a0b ** Merge commit sha: 6669be7b55ab094f9e27d2101a6bb005ca87e405 **/ platform/linux-generic/odp_crypto.c | 35 ++++++++++++++++++++++------------ platform/linux-generic/odp_ipsec.c | 6 ++++-- platform/linux-generic/odp_ipsec_sad.c | 2 +- 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 35a83ce0f..b7065e73c 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -36,9 +36,7 @@ * Keep sorted: first by key length, then by IV length */ static const odp_crypto_cipher_capability_t cipher_capa_null[] = { -{.key_len = 0, .iv_len = 0}, -/* Special case for GMAC */ -{.key_len = 0, .iv_len = 12} }; +{.key_len = 0, .iv_len = 0} }; static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = { {.key_len = 24, .iv_len = 8} }; @@ -86,7 +84,8 @@ static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } }; static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = { -{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; +{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0}, + .iv_len = 12 } }; /** Forward declaration of session structure */ typedef struct odp_crypto_generic_session_t odp_crypto_generic_session_t; @@ -121,6 +120,7 @@ struct odp_crypto_generic_session_t { struct { uint8_t key[EVP_MAX_KEY_LENGTH]; + uint8_t iv_data[EVP_MAX_IV_LENGTH]; uint32_t key_length; uint32_t bytes; union { @@ -641,10 +641,10 @@ odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt, uint8_t block[EVP_MAX_MD_SIZE]; int ret; - if (param->cipher_iv_ptr) - iv_ptr = param->cipher_iv_ptr; - else if (session->p.cipher_iv.data) - iv_ptr = session->cipher.iv_data; + if (param->auth_iv_ptr) + iv_ptr = param->auth_iv_ptr; + else if (session->p.auth_iv.data) + iv_ptr = session->auth.iv_data; else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -680,10 +680,10 @@ odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt, uint8_t block[EVP_MAX_MD_SIZE]; int ret; - if (param->cipher_iv_ptr) - iv_ptr = param->cipher_iv_ptr; - else if (session->p.cipher_iv.data) - iv_ptr = session->cipher.iv_data; + if (param->auth_iv_ptr) + iv_ptr = param->auth_iv_ptr; + else if (session->p.auth_iv.data) + iv_ptr = session->auth.iv_data; else return ODP_CRYPTO_ALG_ERR_IV_INVALID; @@ -909,11 +909,21 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, goto err; } + if (session->p.auth_iv.length > EVP_MAX_IV_LENGTH) { + ODP_DBG("Maximum auth IV length exceeded\n"); + *status = ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER; + goto err; + } + /* Copy IV data */ if (session->p.cipher_iv.data) memcpy(session->cipher.iv_data, session->p.cipher_iv.data, session->p.cipher_iv.length); + if (session->p.auth_iv.data) + memcpy(session->auth.iv_data, session->p.auth_iv.data, + session->p.auth_iv.length); + /* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) session->do_cipher_first = param->auth_cipher_text; @@ -1102,6 +1112,7 @@ odp_crypto_operation(odp_crypto_op_param_t *param, packet_param.session = param->session; packet_param.cipher_iv_ptr = param->cipher_iv_ptr; + packet_param.auth_iv_ptr = param->auth_iv_ptr; packet_param.hash_result_offset = param->hash_result_offset; packet_param.aad_ptr = param->aad_ptr; packet_param.cipher_range = param->cipher_range; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index ab4fb5543..e19907a5f 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -478,6 +478,7 @@ static int ipsec_in_esp(odp_packet_t *pkt, state->in.hdr_len - ipsec_sa->icv_len; param->cipher_iv_ptr = state->iv; + param->auth_iv_ptr = state->iv; state->esp.aad.spi = esp.spi; state->esp.aad.seq_no = esp.seq_no; @@ -560,7 +561,7 @@ static int ipsec_in_ah(odp_packet_t *pkt, return -1; } - param->cipher_iv_ptr = state->iv; + param->auth_iv_ptr = state->iv; state->in.hdr_len = (ah.ah_len + 2) * 4; state->in.trl_len = 0; @@ -1080,6 +1081,7 @@ static int ipsec_out_esp(odp_packet_t *pkt, } param->cipher_iv_ptr = state->iv; + param->auth_iv_ptr = state->iv; memset(&esp, 0, sizeof(esp)); esp.spi = odp_cpu_to_be_32(ipsec_sa->spi); @@ -1229,7 +1231,7 @@ static int ipsec_out_ah(odp_packet_t *pkt, return -1; } - param->cipher_iv_ptr = state->iv; + param->auth_iv_ptr = state->iv; if (odp_packet_extend_head(pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 11227a5fc..38cf77557 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -409,7 +409,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; - crypto_param.cipher_iv.length = 12; + crypto_param.auth_iv.length = 12; break; default: break;