[API-NEXT,5/8] linux-generic: crypto: unify auth code

Message ID	20170308094533.30795-6-dmitry.ereminsolenikov@linaro.org
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> To: lng-odp@lists.linaro.org Date: Wed, 8 Mar 2017 12:45:30 +0300 Message-Id: <20170308094533.30795-6-dmitry.ereminsolenikov@linaro.org> In-Reply-To: <20170308094533.30795-1-dmitry.ereminsolenikov@linaro.org> References: <20170308094533.30795-1-dmitry.ereminsolenikov@linaro.org> Subject: [lng-odp] [API-NEXT 5/8] linux-generic: crypto: unify auth code Precedence: list Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>
Series	crypto rework and support for SHA-1/-512 \| expand [API-NEXT,0/8] crypto rework and support for SHA-1/-512 [API-NEXT,1/8] validation: crypto: add tests for checking message digests [API-NEXT,2/8] validation: crypto: correct comment for HMAC-SHA-256 tests [API-NEXT,4/8] validation: crypto: add HMAC-SHA-512 test cases [API-NEXT,5/8] linux-generic: crypto: unify auth code [API-NEXT,6/8] linux-generic: crypto: switch to EVP interface for cipher algorithms [API-NEXT,7/8] linux-generic: crypto: add SHA-1 authentication support [API-NEXT,8/8] linux-generic: crypto: add HMAC-SHA-512 authentication support [API-NEXT,3/8] validation: crypto: add HMAC-SHA-1-96 test cases

Message ID

20170308094533.30795-6-dmitry.ereminsolenikov@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
	designates 54.225.227.206 as permitted sender)
	client-ip=54.225.227.206; 
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
To: lng-odp@lists.linaro.org
Date: Wed,  8 Mar 2017 12:45:30 +0300
Message-Id: <20170308094533.30795-6-dmitry.ereminsolenikov@linaro.org>
In-Reply-To: <20170308094533.30795-1-dmitry.ereminsolenikov@linaro.org>
References: <20170308094533.30795-1-dmitry.ereminsolenikov@linaro.org>
Subject: [lng-odp] [API-NEXT 5/8] linux-generic: crypto: unify auth code
Precedence: list
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

Series

crypto rework and support for SHA-1/-512 | expand

Commit Message

Dmitry Eremin-Solenikov March 8, 2017, 9:45 a.m. UTC

Authentication code contains similar functions. Instead of replicating
them further (e.g. for SHA-1 or SHA-3) factor out common code blocks,
moving all difference to session data.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
 .../linux-generic/include/odp_crypto_internal.h    |  14 +--
 platform/linux-generic/odp_crypto.c                | 126 ++++-----------------
 2 files changed, 28 insertions(+), 112 deletions(-)

-- 
2.11.0

Comments

Bill Fischofer March 9, 2017, 2:15 p.m. UTC | #1

Checkpatch issue with this part:

WARNING: Missing a blank line after declarations
#38: FILE: platform/linux-generic/include/odp_crypto_internal.h:66:
+ uint32_t bytes;
+ const EVP_MD *evp_md;

total: 0 errors, 1 warnings, 0 checks, 205 lines checked

NOTE: Ignored message types: BIT_MACRO COMPARISON_TO_NULL
DEPRECATED_VARIABLE NEW_TYPEDEFS SPLIT_STRING SSCANF_TO_KSTRTO

0005-linux-generic-crypto-unify-auth-code.patch has style problems, please
review.

On Wed, Mar 8, 2017 at 10:45 AM, Dmitry Eremin-Solenikov <
dmitry.ereminsolenikov@linaro.org> wrote:

> Authentication code contains similar functions. Instead of replicating

> them further (e.g. for SHA-1 or SHA-3) factor out common code blocks,

> moving all difference to session data.

>

> Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

> ---

>  .../linux-generic/include/odp_crypto_internal.h    |  14 +--

>  platform/linux-generic/odp_crypto.c                | 126

> ++++-----------------

>  2 files changed, 28 insertions(+), 112 deletions(-)

>

> diff --git a/platform/linux-generic/include/odp_crypto_internal.h

> b/platform/linux-generic/include/odp_crypto_internal.h

> index f85b76ea..515cefaa 100644

> --- a/platform/linux-generic/include/odp_crypto_internal.h

> +++ b/platform/linux-generic/include/odp_crypto_internal.h

> @@ -60,16 +60,10 @@ struct odp_crypto_generic_session {

>         } cipher;

>

>         struct {

> -               union {

> -                       struct {

> -                               uint8_t  key[16];

> -                               uint32_t bytes;

> -                       } md5;

> -                       struct {

> -                               uint8_t  key[32];

> -                               uint32_t bytes;

> -                       } sha256;

> -               } data;

> +               uint8_t  key[EVP_MAX_KEY_LENGTH];

> +               uint32_t key_length;

> +               uint32_t bytes;

> +               const EVP_MD *evp_md;

>                 crypto_func_t func;

>         } auth;

>  };

> diff --git a/platform/linux-generic/odp_crypto.c

> b/platform/linux-generic/odp_crypto.c

> index 2ba504b2..4d59b827 100644

> --- a/platform/linux-generic/odp_crypto.c

> +++ b/platform/linux-generic/odp_crypto.c

> @@ -110,8 +110,8 @@ null_crypto_routine(odp_crypto_op_param_t *param

> ODP_UNUSED,

>  }

>

>  static

> -odp_crypto_alg_err_t md5_gen(odp_crypto_op_param_t *param,

> -                            odp_crypto_generic_session_t *session)

> +odp_crypto_alg_err_t auth_gen(odp_crypto_op_param_t *param,

> +                             odp_crypto_generic_session_t *session)

>  {

>         uint8_t *data  = odp_packet_data(param->out_pkt);

>         uint8_t *icv   = data;

> @@ -123,94 +123,28 @@ odp_crypto_alg_err_t md5_gen(odp_crypto_op_param_t

> *param,

>         icv  += param->hash_result_offset;

>

>         /* Hash it */

> -       HMAC(EVP_md5(),

> -            session->auth.data.md5.key,

> -            16,

> +       HMAC(session->auth.evp_md,

> +            session->auth.key,

> +            session->auth.key_length,

>              data,

>              len,

>              hash,

>              NULL);

>

>         /* Copy to the output location */

> -       memcpy(icv, hash, session->auth.data.md5.bytes);

> +       memcpy(icv, hash, session->auth.bytes);

>

>         return ODP_CRYPTO_ALG_ERR_NONE;

>  }

>

>  static

> -odp_crypto_alg_err_t md5_check(odp_crypto_op_param_t *param,

> -                              odp_crypto_generic_session_t *session)

> -{

> -       uint8_t *data  = odp_packet_data(param->out_pkt);

> -       uint8_t *icv   = data;

> -       uint32_t len   = param->auth_range.length;

> -       uint32_t bytes = session->auth.data.md5.bytes;

> -       uint8_t  hash_in[EVP_MAX_MD_SIZE];

> -       uint8_t  hash_out[EVP_MAX_MD_SIZE];

> -

> -       /* Adjust pointer for beginning of area to auth */

> -       data += param->auth_range.offset;

> -       icv  += param->hash_result_offset;

> -

> -       /* Copy current value out and clear it before authentication */

> -       memset(hash_in, 0, sizeof(hash_in));

> -       memcpy(hash_in, icv, bytes);

> -       memset(icv, 0, bytes);

> -       memset(hash_out, 0, sizeof(hash_out));

> -

> -       /* Hash it */

> -       HMAC(EVP_md5(),

> -            session->auth.data.md5.key,

> -            16,

> -            data,

> -            len,

> -            hash_out,

> -            NULL);

> -

> -       /* Verify match */

> -       if (0 != memcmp(hash_in, hash_out, bytes))

> -               return ODP_CRYPTO_ALG_ERR_ICV_CHECK;

> -

> -       /* Matched */

> -       return ODP_CRYPTO_ALG_ERR_NONE;

> -}

> -

> -static

> -odp_crypto_alg_err_t sha256_gen(odp_crypto_op_param_t *param,

> +odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param,

>                                 odp_crypto_generic_session_t *session)

>  {

>         uint8_t *data  = odp_packet_data(param->out_pkt);

>         uint8_t *icv   = data;

>         uint32_t len   = param->auth_range.length;

> -       uint8_t  hash[EVP_MAX_MD_SIZE];

> -

> -       /* Adjust pointer for beginning of area to auth */

> -       data += param->auth_range.offset;

> -       icv  += param->hash_result_offset;

> -

> -       /* Hash it */

> -       HMAC(EVP_sha256(),

> -            session->auth.data.sha256.key,

> -            32,

> -            data,

> -            len,

> -            hash,

> -            NULL);

> -

> -       /* Copy to the output location */

> -       memcpy(icv, hash, session->auth.data.sha256.bytes);

> -

> -       return ODP_CRYPTO_ALG_ERR_NONE;

> -}

> -

> -static

> -odp_crypto_alg_err_t sha256_check(odp_crypto_op_param_t *param,

> -                                 odp_crypto_generic_session_t *session)

> -{

> -       uint8_t *data  = odp_packet_data(param->out_pkt);

> -       uint8_t *icv   = data;

> -       uint32_t len   = param->auth_range.length;

> -       uint32_t bytes = session->auth.data.sha256.bytes;

> +       uint32_t bytes = session->auth.bytes;

>         uint8_t  hash_in[EVP_MAX_MD_SIZE];

>         uint8_t  hash_out[EVP_MAX_MD_SIZE];

>

> @@ -225,9 +159,9 @@ odp_crypto_alg_err_t sha256_check(odp_crypto_op_param_t

> *param,

>         memset(hash_out, 0, sizeof(hash_out));

>

>         /* Hash it */

> -       HMAC(EVP_sha256(),

> -            session->auth.data.sha256.key,

> -            32,

> +       HMAC(session->auth.evp_md,

> +            session->auth.key,

> +            session->auth.key_length,

>              data,

>              len,

>              hash_out,

> @@ -587,38 +521,26 @@ static int process_des_param(odp_crypto_generic_session_t

> *session)

>         return 0;

>  }

>

> -static int process_md5_param(odp_crypto_generic_session_t *session,

> -                            uint32_t bits)

> +static int process_auth_param(odp_crypto_generic_session_t *session,

> +                             uint32_t bits,

> +                             uint32_t key_length,

> +                             const EVP_MD *evp_md)

>  {

>         /* Set function */

>         if (ODP_CRYPTO_OP_ENCODE == session->p.op)

> -               session->auth.func = md5_gen;

> +               session->auth.func = auth_gen;

>         else

> -               session->auth.func = md5_check;

> -

> -       /* Number of valid bytes */

> -       session->auth.data.md5.bytes = bits / 8;

> -

> -       /* Convert keys */

> -       memcpy(session->auth.data.md5.key, session->p.auth_key.data, 16);

> -

> -       return 0;

> -}

> +               session->auth.func = auth_check;

>

> -static int process_sha256_param(odp_crypto_generic_session_t *session,

> -                               uint32_t bits)

> -{

> -       /* Set function */

> -       if (ODP_CRYPTO_OP_ENCODE == session->p.op)

> -               session->auth.func = sha256_gen;

> -       else

> -               session->auth.func = sha256_check;

> +       session->auth.evp_md = evp_md;

>

>         /* Number of valid bytes */

> -       session->auth.data.sha256.bytes = bits / 8;

> +       session->auth.bytes = bits / 8;

>

>         /* Convert keys */

> -       memcpy(session->auth.data.sha256.key, session->p.auth_key.data,

> 32);

> +       session->auth.key_length = key_length;

> +       memcpy(session->auth.key, session->p.auth_key.data,

> +              session->auth.key_length);

>

>         return 0;

>  }

> @@ -816,12 +738,12 @@ odp_crypto_session_create(odp_crypto_session_param_t

> *param,

>         case ODP_AUTH_ALG_MD5_HMAC:

>              /* deprecated */

>         case ODP_AUTH_ALG_MD5_96:

> -               rc = process_md5_param(session, 96);

> +               rc = process_auth_param(session, 96, 16, EVP_md5());

>                 break;

>         case ODP_AUTH_ALG_SHA256_HMAC:

>              /* deprecated */

>         case ODP_AUTH_ALG_SHA256_128:

> -               rc = process_sha256_param(session, 128);

> +               rc = process_auth_param(session, 128, 32, EVP_sha256());

>                 break;

>         case ODP_AUTH_ALG_AES_GCM:

>              /* deprecated */

> --

> 2.11.0

>

>

Dmitry Eremin-Solenikov March 9, 2017, 2:17 p.m. UTC | #2

On 09.03.2017 17:15, Bill Fischofer wrote:
> Checkpatch issue with this part:

> 

> WARNING: Missing a blank line after declarations

> #38: FILE: platform/linux-generic/include/odp_crypto_internal.h:66:

> +uint32_t bytes;

> +const EVP_MD *evp_md;

> 

> total: 0 errors, 1 warnings, 0 checks, 205 lines checked


There is no 'after declarations' there. It's rather a checkpatch error. See:

>     diff --git a/platform/linux-generic/include/odp_crypto_internal.h

>     b/platform/linux-generic/include/odp_crypto_internal.h

>     index f85b76ea..515cefaa 100644

>     --- a/platform/linux-generic/include/odp_crypto_internal.h

>     +++ b/platform/linux-generic/include/odp_crypto_internal.h

>     @@ -60,16 +60,10 @@ struct odp_crypto_generic_session {

>             } cipher;

> 

>             struct {

>     -               union {

>     -                       struct {

>     -                               uint8_t  key[16];

>     -                               uint32_t bytes;

>     -                       } md5;

>     -                       struct {

>     -                               uint8_t  key[32];

>     -                               uint32_t bytes;

>     -                       } sha256;

>     -               } data;

>     +               uint8_t  key[EVP_MAX_KEY_LENGTH];

>     +               uint32_t key_length;

>     +               uint32_t bytes;

>     +               const EVP_MD *evp_md;

>                     crypto_func_t func;

>             } auth;

>      };


-- 
With best wishes
Dmitry

diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h
index f85b76ea..515cefaa 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -60,16 +60,10 @@  struct odp_crypto_generic_session {
 	} cipher;
 
 	struct {
-		union {
-			struct {
-				uint8_t  key[16];
-				uint32_t bytes;
-			} md5;
-			struct {
-				uint8_t  key[32];
-				uint32_t bytes;
-			} sha256;
-		} data;
+		uint8_t  key[EVP_MAX_KEY_LENGTH];
+		uint32_t key_length;
+		uint32_t bytes;
+		const EVP_MD *evp_md;
 		crypto_func_t func;
 	} auth;
 };
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index 2ba504b2..4d59b827 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -110,8 +110,8 @@  null_crypto_routine(odp_crypto_op_param_t *param ODP_UNUSED,
 }
 
 static
-odp_crypto_alg_err_t md5_gen(odp_crypto_op_param_t *param,
-			     odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t auth_gen(odp_crypto_op_param_t *param,
+			      odp_crypto_generic_session_t *session)
 {
 	uint8_t *data  = odp_packet_data(param->out_pkt);
 	uint8_t *icv   = data;
@@ -123,94 +123,28 @@  odp_crypto_alg_err_t md5_gen(odp_crypto_op_param_t *param,
 	icv  += param->hash_result_offset;
 
 	/* Hash it */
-	HMAC(EVP_md5(),
-	     session->auth.data.md5.key,
-	     16,
+	HMAC(session->auth.evp_md,
+	     session->auth.key,
+	     session->auth.key_length,
 	     data,
 	     len,
 	     hash,
 	     NULL);
 
 	/* Copy to the output location */
-	memcpy(icv, hash, session->auth.data.md5.bytes);
+	memcpy(icv, hash, session->auth.bytes);
 
 	return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
 static
-odp_crypto_alg_err_t md5_check(odp_crypto_op_param_t *param,
-			       odp_crypto_generic_session_t *session)
-{
-	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint8_t *icv   = data;
-	uint32_t len   = param->auth_range.length;
-	uint32_t bytes = session->auth.data.md5.bytes;
-	uint8_t  hash_in[EVP_MAX_MD_SIZE];
-	uint8_t  hash_out[EVP_MAX_MD_SIZE];
-
-	/* Adjust pointer for beginning of area to auth */
-	data += param->auth_range.offset;
-	icv  += param->hash_result_offset;
-
-	/* Copy current value out and clear it before authentication */
-	memset(hash_in, 0, sizeof(hash_in));
-	memcpy(hash_in, icv, bytes);
-	memset(icv, 0, bytes);
-	memset(hash_out, 0, sizeof(hash_out));
-
-	/* Hash it */
-	HMAC(EVP_md5(),
-	     session->auth.data.md5.key,
-	     16,
-	     data,
-	     len,
-	     hash_out,
-	     NULL);
-
-	/* Verify match */
-	if (0 != memcmp(hash_in, hash_out, bytes))
-		return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
-
-	/* Matched */
-	return ODP_CRYPTO_ALG_ERR_NONE;
-}
-
-static
-odp_crypto_alg_err_t sha256_gen(odp_crypto_op_param_t *param,
+odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param,
 				odp_crypto_generic_session_t *session)
 {
 	uint8_t *data  = odp_packet_data(param->out_pkt);
 	uint8_t *icv   = data;
 	uint32_t len   = param->auth_range.length;
-	uint8_t  hash[EVP_MAX_MD_SIZE];
-
-	/* Adjust pointer for beginning of area to auth */
-	data += param->auth_range.offset;
-	icv  += param->hash_result_offset;
-
-	/* Hash it */
-	HMAC(EVP_sha256(),
-	     session->auth.data.sha256.key,
-	     32,
-	     data,
-	     len,
-	     hash,
-	     NULL);
-
-	/* Copy to the output location */
-	memcpy(icv, hash, session->auth.data.sha256.bytes);
-
-	return ODP_CRYPTO_ALG_ERR_NONE;
-}
-
-static
-odp_crypto_alg_err_t sha256_check(odp_crypto_op_param_t *param,
-				  odp_crypto_generic_session_t *session)
-{
-	uint8_t *data  = odp_packet_data(param->out_pkt);
-	uint8_t *icv   = data;
-	uint32_t len   = param->auth_range.length;
-	uint32_t bytes = session->auth.data.sha256.bytes;
+	uint32_t bytes = session->auth.bytes;
 	uint8_t  hash_in[EVP_MAX_MD_SIZE];
 	uint8_t  hash_out[EVP_MAX_MD_SIZE];
 
@@ -225,9 +159,9 @@  odp_crypto_alg_err_t sha256_check(odp_crypto_op_param_t *param,
 	memset(hash_out, 0, sizeof(hash_out));
 
 	/* Hash it */
-	HMAC(EVP_sha256(),
-	     session->auth.data.sha256.key,
-	     32,
+	HMAC(session->auth.evp_md,
+	     session->auth.key,
+	     session->auth.key_length,
 	     data,
 	     len,
 	     hash_out,
@@ -587,38 +521,26 @@  static int process_des_param(odp_crypto_generic_session_t *session)
 	return 0;
 }
 
-static int process_md5_param(odp_crypto_generic_session_t *session,
-			     uint32_t bits)
+static int process_auth_param(odp_crypto_generic_session_t *session,
+			      uint32_t bits,
+			      uint32_t key_length,
+			      const EVP_MD *evp_md)
 {
 	/* Set function */
 	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->auth.func = md5_gen;
+		session->auth.func = auth_gen;
 	else
-		session->auth.func = md5_check;
-
-	/* Number of valid bytes */
-	session->auth.data.md5.bytes = bits / 8;
-
-	/* Convert keys */
-	memcpy(session->auth.data.md5.key, session->p.auth_key.data, 16);
-
-	return 0;
-}
+		session->auth.func = auth_check;
 
-static int process_sha256_param(odp_crypto_generic_session_t *session,
-				uint32_t bits)
-{
-	/* Set function */
-	if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-		session->auth.func = sha256_gen;
-	else
-		session->auth.func = sha256_check;
+	session->auth.evp_md = evp_md;
 
 	/* Number of valid bytes */
-	session->auth.data.sha256.bytes = bits / 8;
+	session->auth.bytes = bits / 8;
 
 	/* Convert keys */
-	memcpy(session->auth.data.sha256.key, session->p.auth_key.data, 32);
+	session->auth.key_length = key_length;
+	memcpy(session->auth.key, session->p.auth_key.data,
+	       session->auth.key_length);
 
 	return 0;
 }
@@ -816,12 +738,12 @@  odp_crypto_session_create(odp_crypto_session_param_t *param,
 	case ODP_AUTH_ALG_MD5_HMAC:
 	     /* deprecated */
 	case ODP_AUTH_ALG_MD5_96:
-		rc = process_md5_param(session, 96);
+		rc = process_auth_param(session, 96, 16, EVP_md5());
 		break;
 	case ODP_AUTH_ALG_SHA256_HMAC:
 	     /* deprecated */
 	case ODP_AUTH_ALG_SHA256_128:
-		rc = process_sha256_param(session, 128);
+		rc = process_auth_param(session, 128, 32, EVP_sha256());
 		break;
 	case ODP_AUTH_ALG_AES_GCM:
 	     /* deprecated */

[API-NEXT,5/8] linux-generic: crypto: unify auth code

Commit Message

Comments

Patch