From patchwork Tue Jan 30 17:00:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 126288 Delivered-To: patch@linaro.org Received: by 10.46.84.92 with SMTP id y28csp3543352ljd; Tue, 30 Jan 2018 09:10:08 -0800 (PST) X-Google-Smtp-Source: AH8x227bDKHZTP5kDBiFKGpj1GUprBRHEQzi23ETK3YaUuuXwtgYDnaeJHzFqfv80xvFEtvXz89s X-Received: by 10.37.96.9 with SMTP id u9mr1737703ybb.345.1517332208810; Tue, 30 Jan 2018 09:10:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517332208; cv=none; d=google.com; s=arc-20160816; b=QT9qCihBozdZvvctnVmyzaKlFfzgzTRzBktzago92PTTrf1XgWMRYhN6jWMBwaI4Bm Xc/q2oo03EuYrJOnIoeL0jhTsGVdvmutGc/1RCQUPm0BZ0WlUUDw+wfXST6hyOqvD6lC blzCrTApf7fBRgKcf8KU+IyG0tfRc2IkHjEfIqHuUziUxDoQg8ygh7NGSsNzCKlZU+1w xJvo6QX8SzvGW78q9XanFUN/CcIEEjFVa8XkX8e0AoetUB/30GnU2lwMZHgPv2gt5nlX ndMPas8nqRk4rSxFnnEkkg9asHFo0RmPoa6ZwgkvWZgXZU6I1ZXV+dHkXN4AZ4/vaV+N eTxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=OGlNEacHeJh2iFT5rfVKUA7aUojAJlOpl1+xJ5tQBsI=; b=VB4L24VtWoIDrGWMHKw1NkACg/sVrThC/O9j1SDbJnrImkncz2uSfQ0MQqccVZJxka 3RkcEFU97+h0fHNsZUBcXZppc4amwpDbla++3sCtdufs49ssBl4Txd8DGzHjX2koj1kw zA37ykbMEoCAzR8yfxTMeep/YQsDh72mRmaFu5MCkD0j8uQa2WeqFJB3v7M6GIKquGMD 9ZgD0ZTiGrEoa3AT/FQ+CysFPzrWT7cDUIE0Ph28nEDiuyieIVFNnJEUgFE0AmnRxUzy YiuQ3dQZw1XfMXyrhrnhOWtEHgaLuwynR/R6sp3pA+31rsW/x8YgfGoo9wRFWlzLX+ME FPAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o33si50228qta.203.2018.01.30.09.10.08; Tue, 30 Jan 2018 09:10:08 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5FE3060946; Tue, 30 Jan 2018 17:10:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7753361765; Tue, 30 Jan 2018 17:03:08 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 2D899616DF; Tue, 30 Jan 2018 17:02:14 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 53529616F5 for ; Tue, 30 Jan 2018 17:00:43 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 260AB5602489 for ; Tue, 30 Jan 2018 20:00:42 +0300 (MSK) Received: from smtp1p.mail.yandex.net (smtp1p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:6]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id P194lMFvSu-0gdWJlx3; Tue, 30 Jan 2018 20:00:42 +0300 Received: by smtp1p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3C5hSSv4xg-0frKI3jv; Tue, 30 Jan 2018 20:00:41 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 30 Jan 2018 20:00:15 +0300 Message-Id: <1517331619-18755-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517331619-18755-1-git-send-email-odpbot@yandex.ru> References: <1517331619-18755-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 434 Subject: [lng-odp] [PATCH API-NEXT v4 11/15] linux-gen: crypto: provide AES-CCM implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov AES-CCM support in OpenSSL is quite unique: it requires whole data to be passed in single EVP_EncryptUpdate/EVP_DecryptUpdate call. Supporting this requires copying data back-and-forth between packet and temporary buffer. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 434 (lumag:crypto-upd) ** https://github.com/Linaro/odp/pull/434 ** Patch: https://github.com/Linaro/odp/pull/434.patch ** Base sha: 5718327018debbb02aacb464493504c95fbe57a3 ** Merge commit sha: c5d9389a8d3b1a532e290aff4508756a920173ee **/ platform/linux-generic/odp_crypto.c | 192 ++++++++++++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 66dc8f236..e9d436198 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -61,6 +61,14 @@ static const odp_crypto_cipher_capability_t cipher_capa_aes_gcm[] = { {.key_len = 24, .iv_len = 12}, {.key_len = 32, .iv_len = 12} }; +static const odp_crypto_cipher_capability_t cipher_capa_aes_ccm[] = { +{.key_len = 16, .iv_len = 11}, +{.key_len = 16, .iv_len = 13}, +{.key_len = 24, .iv_len = 11}, +{.key_len = 24, .iv_len = 13}, +{.key_len = 32, .iv_len = 11}, +{.key_len = 32, .iv_len = 13} }; + #if _ODP_HAVE_CHACHA20_POLY1305 static const odp_crypto_cipher_capability_t cipher_capa_chacha20_poly1305[] = { {.key_len = 32, .iv_len = 12} }; @@ -93,6 +101,9 @@ static const odp_crypto_auth_capability_t auth_capa_sha512_hmac[] = { static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } }; +static const odp_crypto_auth_capability_t auth_capa_aes_ccm[] = { +{.digest_len = 8, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } }; + static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = { {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0}, .iv_len = 12 } }; @@ -813,6 +824,153 @@ static int process_aes_gmac_param(odp_crypto_generic_session_t *session, return 0; } +static +odp_crypto_alg_err_t aes_ccm_encrypt(odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param, + odp_crypto_generic_session_t *session) +{ + EVP_CIPHER_CTX *ctx; + const uint8_t *aad_head = param->aad_ptr; + uint32_t aad_len = session->p.auth_aad_len; + void *iv_ptr; + int dummy_len = 0; + int cipher_len; + uint32_t in_len = param->cipher_range.length; + uint8_t data[in_len]; + uint8_t block[EVP_MAX_MD_SIZE]; + int ret; + + if (param->cipher_iv_ptr) + iv_ptr = param->cipher_iv_ptr; + else if (session->p.cipher_iv.data) + iv_ptr = session->cipher.iv_data; + else + return ODP_CRYPTO_ALG_ERR_IV_INVALID; + + /* Encrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + NULL, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, + session->p.cipher_iv.length, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, + session->p.auth_digest_len, NULL); + EVP_EncryptInit_ex(ctx, NULL, NULL, session->cipher.key_data, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* Set len */ + EVP_EncryptUpdate(ctx, NULL, &dummy_len, NULL, in_len); + + /* Authenticate header data (if any) without encrypting them */ + if (aad_len > 0) + EVP_EncryptUpdate(ctx, NULL, &dummy_len, + aad_head, aad_len); + + odp_packet_copy_to_mem(pkt, param->cipher_range.offset, in_len, + data); + + EVP_EncryptUpdate(ctx, data, &cipher_len, data, in_len); + + ret = EVP_EncryptFinal_ex(ctx, data + cipher_len, &dummy_len); + cipher_len += dummy_len; + + odp_packet_copy_from_mem(pkt, param->cipher_range.offset, in_len, + data); + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, + session->p.auth_digest_len, block); + odp_packet_copy_from_mem(pkt, param->hash_result_offset, + session->p.auth_digest_len, block); + + EVP_CIPHER_CTX_free(ctx); + + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE : + ODP_CRYPTO_ALG_ERR_NONE; +} + +static +odp_crypto_alg_err_t aes_ccm_decrypt(odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param, + odp_crypto_generic_session_t *session) +{ + EVP_CIPHER_CTX *ctx; + const uint8_t *aad_head = param->aad_ptr; + uint32_t aad_len = session->p.auth_aad_len; + void *iv_ptr; + int dummy_len = 0; + int cipher_len; + uint32_t in_len = param->cipher_range.length; + uint8_t data[in_len]; + uint8_t block[EVP_MAX_MD_SIZE]; + int ret; + + if (param->cipher_iv_ptr) + iv_ptr = param->cipher_iv_ptr; + else if (session->p.cipher_iv.data) + iv_ptr = session->cipher.iv_data; + else + return ODP_CRYPTO_ALG_ERR_IV_INVALID; + + /* Decrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + NULL, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, + session->p.cipher_iv.length, NULL); + odp_packet_copy_to_mem(pkt, param->hash_result_offset, + session->p.auth_digest_len, block); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, + session->p.auth_digest_len, block); + EVP_DecryptInit_ex(ctx, NULL, NULL, session->cipher.key_data, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + /* Set len */ + EVP_DecryptUpdate(ctx, NULL, &dummy_len, NULL, in_len); + + /* Authenticate header data (if any) without encrypting them */ + if (aad_len > 0) + EVP_DecryptUpdate(ctx, NULL, &dummy_len, + aad_head, aad_len); + + odp_packet_copy_to_mem(pkt, param->cipher_range.offset, in_len, + data); + + ret = EVP_DecryptUpdate(ctx, data, &cipher_len, data, in_len); + + EVP_DecryptFinal_ex(ctx, data + cipher_len, &dummy_len); + cipher_len += dummy_len; + + odp_packet_copy_from_mem(pkt, param->cipher_range.offset, in_len, + data); + + EVP_CIPHER_CTX_free(ctx); + + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK : + ODP_CRYPTO_ALG_ERR_NONE; +} + +static int process_aes_ccm_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) +{ + /* Verify Key len is valid */ + if ((uint32_t)EVP_CIPHER_key_length(cipher) != + session->p.cipher_key.length) + return -1; + + memcpy(session->cipher.key_data, session->p.cipher_key.data, + session->p.cipher_key.length); + + session->cipher.evp_cipher = cipher; + + /* Set function */ + if (ODP_CRYPTO_OP_ENCODE == session->p.op) + session->cipher.func = aes_ccm_encrypt; + else + session->cipher.func = aes_ccm_decrypt; + + return 0; +} + static int process_auth_param(odp_crypto_generic_session_t *session, uint32_t key_length, const EVP_MD *evp_md) @@ -854,6 +1012,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa) capa->ciphers.bit.aes_cbc = 1; capa->ciphers.bit.aes_ctr = 1; capa->ciphers.bit.aes_gcm = 1; + capa->ciphers.bit.aes_ccm = 1; #if _ODP_HAVE_CHACHA20_POLY1305 capa->ciphers.bit.chacha20_poly1305 = 1; #endif @@ -864,6 +1023,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa) capa->auths.bit.sha256_hmac = 1; capa->auths.bit.sha512_hmac = 1; capa->auths.bit.aes_gcm = 1; + capa->auths.bit.aes_ccm = 1; capa->auths.bit.aes_gmac = 1; #if _ODP_HAVE_CHACHA20_POLY1305 capa->auths.bit.chacha20_poly1305 = 1; @@ -911,6 +1071,10 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher, src = cipher_capa_aes_gcm; num = sizeof(cipher_capa_aes_gcm) / size; break; + case ODP_CIPHER_ALG_AES_CCM: + src = cipher_capa_aes_ccm; + num = sizeof(cipher_capa_aes_ccm) / size; + break; #if _ODP_HAVE_CHACHA20_POLY1305 case ODP_CIPHER_ALG_CHACHA20_POLY1305: src = cipher_capa_chacha20_poly1305; @@ -965,6 +1129,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, src = auth_capa_aes_gmac; num = sizeof(auth_capa_aes_gmac) / size; break; + case ODP_AUTH_ALG_AES_CCM: + src = auth_capa_aes_ccm; + num = sizeof(auth_capa_aes_ccm) / size; + break; #if _ODP_HAVE_CHACHA20_POLY1305 case ODP_AUTH_ALG_CHACHA20_POLY1305: src = auth_capa_chacha20_poly1305; @@ -1093,6 +1261,20 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, else rc = -1; break; + case ODP_CIPHER_ALG_AES_CCM: + /* AES-CCM requires to do both auth and + * cipher at the same time */ + if (param->auth_alg != ODP_AUTH_ALG_AES_CCM) + rc = -1; + else if (param->cipher_key.length == 16) + rc = process_aes_ccm_param(session, EVP_aes_128_ccm()); + else if (param->cipher_key.length == 24) + rc = process_aes_ccm_param(session, EVP_aes_192_ccm()); + else if (param->cipher_key.length == 32) + rc = process_aes_ccm_param(session, EVP_aes_256_ccm()); + else + rc = -1; + break; #if _ODP_HAVE_CHACHA20_POLY1305 case ODP_CIPHER_ALG_CHACHA20_POLY1305: /* ChaCha20_Poly1305 requires to do both auth and @@ -1176,6 +1358,16 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, else rc = -1; break; + case ODP_AUTH_ALG_AES_CCM: + /* AES-CCM requires to do both auth and + * cipher at the same time */ + if (param->cipher_alg == ODP_CIPHER_ALG_AES_CCM) { + session->auth.func = null_crypto_routine; + rc = 0; + } else { + rc = -1; + } + break; #if _ODP_HAVE_CHACHA20_POLY1305 case ODP_AUTH_ALG_CHACHA20_POLY1305: /* ChaCha20_Poly1305 requires to do both auth and