From patchwork Thu Nov 9 02:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118363 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6013917qgn; Wed, 8 Nov 2017 18:01:04 -0800 (PST) X-Google-Smtp-Source: ABhQp+TP4aOISzFb1+SQs0Kvo7m9+NmUVtUDEUIvauhFAhVoAmX/jWkj9lwAmykkZ8vZDJnmp163 X-Received: by 10.200.34.45 with SMTP id o42mr4141946qto.18.1510192864058; Wed, 08 Nov 2017 18:01:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510192864; cv=none; d=google.com; s=arc-20160816; b=JzpEML7dtl3T8sbF0dZBq0z+zVJBxPNkQRGzFzxrQQj6mjv+RV8wWG+JVDsVqKQFp+ 8nUHuxru28f4UEvGSPCVkMf65nYmHxPTmzAJmZlilPKdL2xoDOTExA6TQnEa+FgOdWx8 MpEvZ0+MGUFt909jCJuE2yVI/3KkQzLDEPCKLDjulDa+WJAZ8jqW0QgwCDkh2fQPzHdi o+I2e5Bl62KXuH5zgM6Def0T5G7y/yj7viKEl9Bdp912VZpDKN/aAekRmJ1WJqsG8Tp2 Vf8CNS+V8VQ3avjbiy7hy4rqD4uYHdRw6VjJagznrjR0showwV1g8h1lLagKX+h33Xek ukng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=vQHKryjTEUz6IRO3nsp401DodyowBjClKe7HTBXW0As=; b=EIeC5FvL1IsXoZcjek/uIGWWii8TfDm1N3qxGyPweFfV+zobwZV/kmayNl+Yh+LXNK cbaaKoAlXMgVnevem/yvovuqSoheEKM96HF/rl3Q8RizdNPwb0ocG3nC6zVo+vOBTdI+ 8tl3c12P3/GvaWNrfXCERE7tcz4YcqmeR7svwFdPTmz/ou5mztIknU+/Yl6u1fEfhRM0 NM4zJE+mMu1wk2yyeiEYAAvN9fEeKwtHRjDjqusiM6bSuZPzITBvnUBkxPuNIj6UYxro S+eEfaavS+KtwfaMUF7DjpXOPzqD2wIEpsCySkNK1M7bi6wUgJQHsNQ5PnUICk2YYuS1 R4FQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id s4si380369qkh.289.2017.11.08.18.01.03; Wed, 08 Nov 2017 18:01:04 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id BAB9160C6A; Thu, 9 Nov 2017 02:01:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3369260605; Thu, 9 Nov 2017 02:00:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6C8986013B; Thu, 9 Nov 2017 02:00:12 +0000 (UTC) Received: from forward103p.mail.yandex.net (forward103p.mail.yandex.net [77.88.28.106]) by lists.linaro.org (Postfix) with ESMTPS id 6D2E460856 for ; Thu, 9 Nov 2017 02:00:10 +0000 (UTC) Received: from mxback10o.mail.yandex.net (mxback10o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::24]) by forward103p.mail.yandex.net (Yandex) with ESMTP id DF4E52184F5F for ; Thu, 9 Nov 2017 05:00:08 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback10o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id ieJKYYlwR3-08JO84cZ; Thu, 09 Nov 2017 05:00:08 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-08EWti51; Thu, 09 Nov 2017 05:00:08 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:00 +0300 Message-Id: <1510192807-13538-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 1/8] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ platform/linux-generic/include/odp_ipsec_internal.h | 16 +++++++++++++--- platform/linux-generic/odp_ipsec.c | 19 ++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 6 ++++++ 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..1aa437b8e 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + param.override_iv_ptr = iv; + } else if (ipsec_sa->esp_iv_len) { uint32_t len; len = odp_random_data(iv + ipsec_sa->salt_length, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..5d20bb66c 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Thu Nov 9 02:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118364 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6014461qgn; Wed, 8 Nov 2017 18:01:37 -0800 (PST) X-Google-Smtp-Source: ABhQp+Swnc3Ii/WZ0sfEug7z5wLu+7l0DUTiWmg1KiEtUsSsT0eaG8jKewYS+ZB3DIphtdrJ6JCf X-Received: by 10.55.156.17 with SMTP id f17mr4015025qke.217.1510192896899; Wed, 08 Nov 2017 18:01:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510192896; cv=none; d=google.com; s=arc-20160816; b=ytEm/ykctrGo3Kw4H2mjgMesgJaBaYVSh3zpVOQbw1c+6eoaAsFhcolyWn9eu+tPrm nrJYPAwEAoRL8LeGIACIHCf4jjHOQrAK1h/D9nMFQ/u5OnvGtyAz2+x+5iBpWlTkQuWx e0msfKBEJ7W2n6KiWJOAv6stqBqePeB6dVX8HrF1Pn2jE/j9C4QyVsFkRKZR7U+5/zQ8 b57BXxKvroJ/CWzOPn8PWq16d+k06KNwn8dwSPkka6N4UZOJlb+JJtz/rFNpEGikBphe 0hNRYlVKueoWnABETSWwE0FbiKGZPINnQ0Z3GsW60FBboX7j7qJXI48bG6OaJNQbNKC1 39nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=CXydMsaETdVu1UkdrHr3/nUexXLPXAcBnv8wtnZtP6k=; b=jYpuJHqhvPvkqeMw7qgki+AV5uoTBR9nlCjNNUHVu2e6R8xrB58sh4b0vj4/SIvTYy sqP/up5piE2Ea0+H5GVpcMyGE4ViKcQoqLNC/BTZcK1o2JxczPAAebzkYgBmuaP1mOPV oeEVofcThdwogxZAkTeXxIWZMf+LMhTc9mVSkaBY9ZLmojvRlUeRYIEM5k/SaBFjj9Il /JxXjWjAbV3FKVLO6Hi27kxeeR6eQqVihT78UjLbmWjvv65KyBl4aUA/bjX9c3PTKKtn jazyHFIaEjhtC2+Ze4pFxBMGRKLDECXXHfOSKa8WqSHtxwlfppd/qItXKdSFzsM7G3sb sR/A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id y17si5325973qtk.145.2017.11.08.18.01.36; Wed, 08 Nov 2017 18:01:36 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 917EE60631; Thu, 9 Nov 2017 02:01:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 9862260634; Thu, 9 Nov 2017 02:00:23 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BB6B960631; Thu, 9 Nov 2017 02:00:13 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 0544E60890 for ; Thu, 9 Nov 2017 02:00:11 +0000 (UTC) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 58C21183E8C for ; Thu, 9 Nov 2017 05:00:09 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Q994oupUNX-09m83sYP; Thu, 09 Nov 2017 05:00:09 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-08Eqs9YC; Thu, 09 Nov 2017 05:00:08 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:01 +0300 Message-Id: <1510192807-13538-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 2/8] linux-gen: ipsec: don't leak SA on creation error X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 5d20bb66c..457b81d04 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -292,7 +292,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -322,7 +322,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv && From patchwork Thu Nov 9 02:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118365 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6014977qgn; Wed, 8 Nov 2017 18:02:09 -0800 (PST) X-Google-Smtp-Source: AGs4zMau8eHu/jy+meZP+Zys/n8nSy5et1GtVKJmcqHr8y2G/2Q/3rz7z+SVQw1nh6mIRngVLeGQ X-Received: by 10.233.232.213 with SMTP id a204mr4082447qkg.264.1510192928951; Wed, 08 Nov 2017 18:02:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510192928; cv=none; d=google.com; s=arc-20160816; b=zXCiONc1a/W2Z/oSXdBGWgLR2DVT9Um8A4VqiLbv/PR08ryCIrV/ysx5q/XFtTJ+Hq FhFYIyS97VdzYWPPlrjXN7/Jigq0W+w9fFE32FgJ0sbhAI6tw7XQ+Tf8oIn3yGtVcQpB RQbopf6JNXDZpRBRBHG958EiTjXLJkK9pK4uM/0LDW2zV0wFKHjZVygritaONThUfEbP Mqc+m+7SVWwvGkR2QLy6Uv4YSyftSnZkK7khsVLTGpUKWd7LnQpEGloPeK2Jms2taRxu TY0tFV5tZciV6tNWF1Oc5y7A9N3GeB65bhmmLqkFMFyISeknTF+WmlnSXYyb8gEiKuw/ BeSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=99H/95upEUJjDtPsnt/MQWmTGlsTXuHb3QWiMILqLDI=; b=fDr9+VOB2DnNG/MZZxZnyor2v4JRokkrtHlUl/P/psAczJJL9jUWJWFe1Ube4+OHc8 sg8e9P+Bw9D3q7tSeP6dEVmOAQz3TQXduvukh7/k2zxIiVNQuAydWlqySoSRTm0W/ycT ccBwS9fVZgLYIlC83CeTLVm71HT69j54Hxz4B/n9w5KbTolXXLvUgtQUg5Qa7jQRN3iI KEAGBhIra6YUC8HVkzYAoM5V0q7JaJOguA4MYgRypc2SKQQR921ZOeEk3IM7sWfjaewo fCWG0M9XMApR228KVJDChY/iMwt3HuSspw/JVZFoh5AMcJGeViRRgOLQc+2pOMIier2e kbfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a9si1036781qtg.397.2017.11.08.18.02.08; Wed, 08 Nov 2017 18:02:08 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id A7A4960631; Thu, 9 Nov 2017 02:02:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EC5DA60934; Thu, 9 Nov 2017 02:00:26 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E1E0D60634; Thu, 9 Nov 2017 02:00:14 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id 0C501608AA for ; Thu, 9 Nov 2017 02:00:11 +0000 (UTC) Received: from mxback5g.mail.yandex.net (mxback5g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:166]) by forward102o.mail.yandex.net (Yandex) with ESMTP id E5C175A023B3 for ; Thu, 9 Nov 2017 05:00:09 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id aJaexLMFmK-09seBtAL; Thu, 09 Nov 2017 05:00:09 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-09E4UtJ3; Thu, 09 Nov 2017 05:00:09 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:02 +0300 Message-Id: <1510192807-13538-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 3/8] api: crypto: add AES-GMAC declarations X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add AES-GMAC declarations to support RFC4543. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ include/odp/api/spec/crypto.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index 7dcb71264..8da23c039 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -131,6 +131,12 @@ typedef enum { */ ODP_AUTH_ALG_AES_GCM, + /** AES in Galois/Counter MAC Mode + * + * @note Must be paired with cipher ODP_CIPHER_ALG_NULL + */ + ODP_AUTH_ALG_AES_GMAC, + /** @deprecated Use ODP_AUTH_ALG_MD5_HMAC instead */ ODP_DEPRECATE(ODP_AUTH_ALG_MD5_96), @@ -202,6 +208,9 @@ typedef union odp_crypto_auth_algos_t { /** ODP_AUTH_ALG_AES_GCM */ uint32_t aes_gcm : 1; + /** ODP_AUTH_ALG_AES_GMAC*/ + uint32_t aes_gmac : 1; + /** @deprecated Use md5_hmac instead */ uint32_t ODP_DEPRECATE(md5_96) : 1; From patchwork Thu Nov 9 02:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118366 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6015179qgn; Wed, 8 Nov 2017 18:02:24 -0800 (PST) X-Google-Smtp-Source: ABhQp+Si08IJQql5/VpM5wOHzCk5h04L4heCE1K4VHCQBBW8/nWWOPkVWA4RZA1QejI51vdkoAPf X-Received: by 10.55.165.213 with SMTP id o204mr3873399qke.314.1510192944455; Wed, 08 Nov 2017 18:02:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510192944; cv=none; d=google.com; s=arc-20160816; b=aenF0FVNZCkRBhsmFClAqlWD9g2j6wLPHtFo8zK564H0g7UpqmCQ5mkZbutVLQKLwT 6DpxZuOM6FWyJZXURm3XXi+U2h7WSycknZUE2acPVgFqP5idFENh9+cuMoDJUUjWrza3 H5pBl/PGNaNSsBRYvajqYk4k4EUm7LzNZDC9uVPGIOie8t+LuXg9ms/fJZAU7pdg+HKf g1sytS6F/Lr9qK0yzTJm7Ws4DOpWOnKGAyNGSZ5dbdIADEzKQX7wnT0H1jD/32JkKljr LbvbAbZw6En6gxrvXVbDcIMk2Mc8P+6IOyzAtOHctLHzTqP3LB7IwbUO/+4KEWB/rK2s A/xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=a5q2VQQIZMETdKxJ8a7OxExdPtWOAinwL9uHvnhbJf4=; b=YLLRuF+TmaC71CsOWrfy3OJctEA7V3jgZMPPiXl0mNqav7TLC4G1H6mRe03gYDUjpa qI9KN86xHIOyQTMMGNLgvvtecC58KbLB93BnunPvBdaZD8Za+3zQUO19eCilOELSKc8T iToKm3nw7/6rPSljVDC+aoFXbiUPEmdJug1o5WrRzg3KEcI3lppCnPXe08zZaN4J/YOe lZdXyQvLvR1Wk421CsEvL7I05LcaPeAtAN+MVJ7wqrI8Naq2HFj2doJCLH3GtqqNPx9Q RhL6AyLdLuu+PLXZDC42rA793yxVKFzyjUC/yfn8m1pWWkGWD+ednXeF/4P6BGh2hQry DJ2w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a136si2432734qkc.304.2017.11.08.18.02.24; Wed, 08 Nov 2017 18:02:24 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2C8D060890; Thu, 9 Nov 2017 02:02:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3CDA260AC5; Thu, 9 Nov 2017 02:00:31 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 326EF60637; Thu, 9 Nov 2017 02:00:16 +0000 (UTC) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) by lists.linaro.org (Postfix) with ESMTPS id DFFED60821 for ; Thu, 9 Nov 2017 02:00:11 +0000 (UTC) Received: from mxback6o.mail.yandex.net (mxback6o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::20]) by forward104o.mail.yandex.net (Yandex) with ESMTP id 7DBC5701D56 for ; Thu, 9 Nov 2017 05:00:10 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback6o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 9kpSM4Hptk-0A70kaO9; Thu, 09 Nov 2017 05:00:10 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-09EWEsKa; Thu, 09 Nov 2017 05:00:09 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:03 +0300 Message-Id: <1510192807-13538-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 4/8] validation: crypto: add AES-GMAC testcase X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add AES-GMAC test vector based on draft-mcgrew-gcm-test-01. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ test/validation/api/crypto/crypto.h | 2 ++ test/validation/api/crypto/odp_crypto_test_inp.c | 46 ++++++++++++++++++++++++ test/validation/api/crypto/test_vectors.h | 33 +++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/test/validation/api/crypto/crypto.h b/test/validation/api/crypto/crypto.h index 71f862ec3..550d2bbff 100644 --- a/test/validation/api/crypto/crypto.h +++ b/test/validation/api/crypto/crypto.h @@ -32,6 +32,8 @@ void crypto_test_gen_alg_hmac_sha256(void); void crypto_test_check_alg_hmac_sha256(void); void crypto_test_gen_alg_hmac_sha512(void); void crypto_test_check_alg_hmac_sha512(void); +void crypto_test_gen_alg_aes_gmac(void); +void crypto_test_check_alg_aes_gmac(void); /* test arrays: */ extern odp_testinfo_t crypto_suite[]; diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c index f05780377..596c8370b 100644 --- a/test/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/validation/api/crypto/odp_crypto_test_inp.c @@ -50,6 +50,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth) return "ODP_AUTH_ALG_SHA512_HMAC"; case ODP_AUTH_ALG_AES_GCM: return "ODP_AUTH_ALG_AES_GCM"; + case ODP_AUTH_ALG_AES_GMAC: + return "ODP_AUTH_ALG_AES_GMAC"; default: return "Unknown"; } @@ -341,6 +343,9 @@ static void alg_test(odp_crypto_op_t op, if (auth_alg == ODP_AUTH_ALG_AES_GCM && !(capa.auths.bit.aes_gcm)) rc = -1; + if (auth_alg == ODP_AUTH_ALG_AES_GMAC && + !(capa.auths.bit.aes_gmac)) + rc = -1; if (auth_alg == ODP_AUTH_ALG_MD5_HMAC && !(capa.auths.bit.md5_hmac)) rc = -1; @@ -581,6 +586,10 @@ static int check_alg_support(odp_cipher_alg_t cipher, odp_auth_alg_t auth) if (!capability.auths.bit.aes_gcm) return ODP_TEST_INACTIVE; break; + case ODP_AUTH_ALG_AES_GMAC: + if (!capability.auths.bit.aes_gmac) + return ODP_TEST_INACTIVE; + break; default: fprintf(stderr, "Unsupported authentication algorithm\n"); return ODP_TEST_INACTIVE; @@ -1025,6 +1034,39 @@ void crypto_test_check_alg_hmac_sha512(void) false); } +static int check_alg_aes_gmac(void) +{ + return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_AES_GMAC); +} + +void crypto_test_gen_alg_aes_gmac(void) +{ + unsigned int test_vec_num = (sizeof(aes_gmac_reference) / + sizeof(aes_gmac_reference[0])); + unsigned int i; + + for (i = 0; i < test_vec_num; i++) + alg_test(ODP_CRYPTO_OP_ENCODE, + ODP_CIPHER_ALG_NULL, + ODP_AUTH_ALG_AES_GMAC, + &aes_gmac_reference[i], + false); +} + +void crypto_test_check_alg_aes_gmac(void) +{ + unsigned int test_vec_num = (sizeof(aes_gmac_reference) / + sizeof(aes_gmac_reference[0])); + unsigned int i; + + for (i = 0; i < test_vec_num; i++) + alg_test(ODP_CRYPTO_OP_DECODE, + ODP_CIPHER_ALG_NULL, + ODP_AUTH_ALG_AES_GMAC, + &aes_gmac_reference[i], + false); +} + int crypto_suite_sync_init(void) { suite_context.pool = odp_pool_lookup("packet_pool"); @@ -1122,6 +1164,10 @@ odp_testinfo_t crypto_suite[] = { check_alg_hmac_sha512), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha512, check_alg_hmac_sha512), + ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_aes_gmac, + check_alg_aes_gmac), + ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_aes_gmac, + check_alg_aes_gmac), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/crypto/test_vectors.h b/test/validation/api/crypto/test_vectors.h index 652968be7..5cc143660 100644 --- a/test/validation/api/crypto/test_vectors.h +++ b/test/validation/api/crypto/test_vectors.h @@ -361,6 +361,39 @@ static crypto_test_reference_t aes_gcm_reference[] = { } }; +static crypto_test_reference_t aes_gmac_reference[] = { + { + .auth_key_length = AES128_GCM_KEY_LEN, + .auth_key = { 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda, + 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34}, + .iv_length = AES_GCM_IV_LEN, + .iv = { 0x22, 0x43, 0x3c, 0x64, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }, + .length = 68, + .plaintext = { 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00, + 0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05, + 0xc0, 0xa8, 0x00, 0x01, 0x08, 0x00, 0xc6, 0xcd, + 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, + 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, + 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, + 0x01, 0x02, 0x02, 0x01 }, + .ciphertext = { 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00, + 0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05, + 0xc0, 0xa8, 0x00, 0x01, 0x08, 0x00, 0xc6, 0xcd, + 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, + 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, + 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, + 0x01, 0x02, 0x02, 0x01 }, + .digest_length = AES_GCM_DIGEST_LEN, + .digest = { 0xf2, 0xa9, 0xa8, 0x36, 0xe1, 0x55, 0x10, 0x6a, + 0xa8, 0xdc, 0xd6, 0x18, 0xe4, 0x09, 0x9a, 0xaa } + }, +}; + static crypto_test_reference_t hmac_md5_reference[] = { { .auth_key_length = HMAC_MD5_KEY_LEN, From patchwork Thu Nov 9 02:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118367 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6016174qgn; Wed, 8 Nov 2017 18:03:36 -0800 (PST) X-Google-Smtp-Source: ABhQp+R32bVdmZ83KWsOhIHzH5y13bzyyiyKLFleVv144IR4AbiS0AI0gmLwSbfHTA6BYXec+hHM X-Received: by 10.200.37.199 with SMTP id f7mr4121071qtf.83.1510193016119; Wed, 08 Nov 2017 18:03:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510193016; cv=none; d=google.com; s=arc-20160816; b=nmav8s7SUnRtQTwBgFdCtEw8Myo8k5o5pMHKtszi3EzHtjFtFRKw8c6maYhbdD7yw6 L5zcgi4pW4XOo3Z4VEql89+FZJTj9/iskyjtwU+fH4P5oaIbUNO8oiC7b+dctx5Ch7yE sxPCc6DtoTS8pBnY84FLBVU7B0Vy/fC177wUU1BxqW6SW5n4tK9jUqml25NrDpcpU4Nu qIsIHMVTZPQHBEmgCSC74eBvkHZRMXZMRPyFT4JGU4WDWMk390/O8MAfwQIGqOfBwA8p A6cDHdELbzGevBxAeFW2ZoWFbTyoKPxbXbxOKPWgEjKr8BnlE5X6QidWuGz/UagrSaGM Nflw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=AIfF80+otbRzaYWfU+NC9dbb/HBR+48EUXRrFmx2yxc=; b=Oi6NK+Lv/GrB9gQjQsNbiedo/bQSP9E4AxLaT4CwFSaOUCzyyaPT6Pqluvpz5XhodZ /JfzwDzdZvgSwMC12q5L5RWz/64zis4NCzg8/FBq2N4GY0Lm8JDzZWfHJsPpqLq3bhnh PCZlGkL0gvjpl55jFPAyO5vbKbHSd9WVpGpViRccVQRAZQqA8iqpOy3mXCYBSdeIh4Sn nwYSy9OoATwOSPUFmYtt3wQp8Qe2H1/9Cn+O70mfcd9428rpwGSA60EHqpHc0wFZfo/I 3OdYmsPffbPyQl2NKLrcht6EvzaOK0b4HNhO76scXnik+ykZvna7n2ay+8FIZumuY6/T hFqw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t2si814092qke.63.2017.11.08.18.03.35; Wed, 08 Nov 2017 18:03:36 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B115660AF8; Thu, 9 Nov 2017 02:03:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 84CF460B59; Thu, 9 Nov 2017 02:00:35 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 463FB608AA; Thu, 9 Nov 2017 02:00:17 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id 9BED3605D7 for ; Thu, 9 Nov 2017 02:00:12 +0000 (UTC) Received: from mxback3g.mail.yandex.net (mxback3g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:164]) by forward105j.mail.yandex.net (Yandex) with ESMTP id F118E183D98 for ; Thu, 9 Nov 2017 05:00:10 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback3g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id vBvjs1SHBZ-0AgqNe8H; Thu, 09 Nov 2017 05:00:10 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-0AESPOjL; Thu, 09 Nov 2017 05:00:10 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:04 +0300 Message-Id: <1510192807-13538-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 5/8] linux-gen: crypto: add AES-GMAC implementation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement AES-GMAC on top of OpenSSL AES-GCM with all text going into AAD part. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ .../linux-generic/include/odp_crypto_internal.h | 5 +- platform/linux-generic/odp_crypto.c | 149 ++++++++++++++++++++- 2 files changed, 152 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index 12d1720b7..21174daa4 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -51,7 +51,10 @@ struct odp_crypto_generic_session { uint8_t key[EVP_MAX_KEY_LENGTH]; uint32_t key_length; uint32_t bytes; - const EVP_MD *evp_md; + union { + const EVP_MD *evp_md; + const EVP_CIPHER *evp_cipher; + }; crypto_func_t func; } auth; }; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 3174feee0..ac0fa337b 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -38,7 +38,9 @@ * Keep sorted: first by key length, then by IV length */ static const odp_crypto_cipher_capability_t cipher_capa_null[] = { -{.key_len = 0, .iv_len = 0} }; +{.key_len = 0, .iv_len = 0}, +/* Special case for GMAC */ +{.key_len = 0, .iv_len = 12} }; static const odp_crypto_cipher_capability_t cipher_capa_des[] = { {.key_len = 24, .iv_len = 8} }; @@ -83,6 +85,9 @@ static const odp_crypto_auth_capability_t auth_capa_sha512_hmac[] = { static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } }; +static const odp_crypto_auth_capability_t auth_capa_aes_gmac[] = { +{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; + typedef struct odp_crypto_global_s odp_crypto_global_t; struct odp_crypto_global_s { @@ -235,6 +240,33 @@ odp_crypto_alg_err_t auth_check(odp_packet_t pkt, } static +int internal_aad(EVP_CIPHER_CTX *ctx, + odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param) +{ + uint32_t offset = param->auth_range.offset; + uint32_t len = param->auth_range.length; + int dummy_len; + int ret; + + ODP_ASSERT(offset + len <= odp_packet_len(pkt)); + + while (len > 0) { + uint32_t seglen = 0; /* GCC */ + void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL); + uint32_t maclen = len > seglen ? seglen : len; + + EVP_EncryptUpdate(ctx, NULL, &dummy_len, mapaddr, maclen); + offset += maclen; + len -= maclen; + } + + ret = EVP_EncryptFinal_ex(ctx, NULL, &dummy_len); + + return ret; +} + +static int internal_encrypt(EVP_CIPHER_CTX *ctx, odp_packet_t pkt, const odp_crypto_packet_op_param_t *param) @@ -555,6 +587,106 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session, return 0; } +static +odp_crypto_alg_err_t aes_gmac_gen(odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param, + odp_crypto_generic_session_t *session) +{ + EVP_CIPHER_CTX *ctx; + void *iv_ptr; + uint8_t block[EVP_MAX_MD_SIZE]; + int ret; + + if (param->override_iv_ptr) + iv_ptr = param->override_iv_ptr; + else if (session->p.iv.data) + iv_ptr = session->cipher.iv_data; + else + return ODP_CRYPTO_ALG_ERR_IV_INVALID; + + /* Encrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL, + session->auth.key, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, + session->p.iv.length, NULL); + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + ret = internal_aad(ctx, pkt, param); + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, + session->p.auth_digest_len, block); + odp_packet_copy_from_mem(pkt, param->hash_result_offset, + session->p.auth_digest_len, block); + + EVP_CIPHER_CTX_free(ctx); + + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE : + ODP_CRYPTO_ALG_ERR_NONE; +} + +static +odp_crypto_alg_err_t aes_gmac_check(odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param, + odp_crypto_generic_session_t *session) +{ + EVP_CIPHER_CTX *ctx; + void *iv_ptr; + uint8_t block[EVP_MAX_MD_SIZE]; + int ret; + + if (param->override_iv_ptr) + iv_ptr = param->override_iv_ptr; + else if (session->p.iv.data) + iv_ptr = session->cipher.iv_data; + else + return ODP_CRYPTO_ALG_ERR_IV_INVALID; + + /* Decrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, session->auth.evp_cipher, NULL, + session->auth.key, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, + session->p.iv.length, NULL); + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + odp_packet_copy_to_mem(pkt, param->hash_result_offset, + session->p.auth_digest_len, block); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, + session->p.auth_digest_len, block); + + ret = internal_aad(ctx, pkt, param); + + EVP_CIPHER_CTX_free(ctx); + + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK : + ODP_CRYPTO_ALG_ERR_NONE; +} + +static int process_aes_gmac_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) +{ + /* Verify Key len is valid */ + if ((uint32_t)EVP_CIPHER_key_length(cipher) != + session->p.auth_key.length) + return -1; + + memcpy(session->auth.key, session->p.auth_key.data, + session->p.auth_key.length); + + session->auth.evp_cipher = cipher; + + /* Set function */ + if (ODP_CRYPTO_OP_ENCODE == session->p.op) + session->auth.func = aes_gmac_gen; + else + session->auth.func = aes_gmac_check; + + return 0; +} + static int process_auth_param(odp_crypto_generic_session_t *session, uint32_t key_length, const EVP_MD *evp_md) @@ -600,6 +732,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa) capa->auths.bit.sha256_hmac = 1; capa->auths.bit.sha512_hmac = 1; capa->auths.bit.aes_gcm = 1; + capa->auths.bit.aes_gmac = 1; #if ODP_DEPRECATED_API capa->ciphers.bit.aes128_cbc = 1; @@ -687,6 +820,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, src = auth_capa_aes_gcm; num = sizeof(auth_capa_aes_gcm) / size; break; + case ODP_AUTH_ALG_AES_GMAC: + src = auth_capa_aes_gmac; + num = sizeof(auth_capa_aes_gmac) / size; + break; default: return -1; } @@ -849,6 +986,16 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, rc = -1; } break; + case ODP_AUTH_ALG_AES_GMAC: + if (param->auth_key.length == 16) + rc = process_aes_gmac_param(session, EVP_aes_128_gcm()); + else if (param->auth_key.length == 24) + rc = process_aes_gmac_param(session, EVP_aes_192_gcm()); + else if (param->auth_key.length == 32) + rc = process_aes_gmac_param(session, EVP_aes_256_gcm()); + else + rc = -1; + break; default: rc = -1; } From patchwork Thu Nov 9 02:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118368 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6016297qgn; Wed, 8 Nov 2017 18:03:45 -0800 (PST) X-Google-Smtp-Source: ABhQp+SAXA/Aok7zjZ8plyKgzgvrHHz/nSjuRg6cRrWKjPjKSvyC1PgoW85bO1q1k5JNPWIYcgV0 X-Received: by 10.200.33.199 with SMTP id 7mr4160757qtz.35.1510193025120; Wed, 08 Nov 2017 18:03:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510193025; cv=none; d=google.com; s=arc-20160816; b=twFhUZ69Ntm/FgLVlaU/PbhSn23oyzOPZQ8rFwx/f0J4NEGAYInRKa3Fo6huS8pJSg Jz6f7vQ1Pj5p3J1XwdcwZ0XW01kCaonZUqSIABh6omaFModrlMjMC7YYohkB6GCDLb5d n8eh2SpPynfAQVoew6nKSf8LQ8aSQfNd9tKZj+Mcbvql1t40Z5lQvjO0OhjeZAKKSzMH sGOqDvuCo0/tb4y+cLcbR7Y6Se0CoXMcFBneeODI0j/oNMPpofPdy4M1qj/TGCES42Eh yqroeyp9Yi5PbTb7+V2DXWWPzTg6IfChzVj06rppYqR/OcujNlMNqV7SDijbAX7Z42vO hSHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ebboOqeZPS7sLJnxSsiKxdMupjzAsGMBV+XSyNnGuIk=; b=SAqQBP2yYlIh/sFEZWsr17Bn4+n4AiPviQ7W1QCxkL2KKvumX3j5H2EHwAA2uTkWAO kYvOfNEwga9sZnDANLwn/jIQXVF2+zDg9Fmc/eBDIlVDbi/93RE0RMCAY9NRcg9ppUqR rpYJywmxHey/lNNsQFLqF1A53E5P/6i9BPmSCDFM6YwRChToTYSA/OicY/8xZTY6omai pPraRyuv0TR8sWXXeGmQ799Y3PrtjjkEorW+PdVXDLnT1dYqeubnQ1CC7ktdtowlI4u3 3F58m1WFUbDg+i9jg+/Gq6h1vLlk6uy+lo99uUTjzxh44gdU1yPOEKj+q1CfuWHDrbCs ktyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id d31si5723000qkh.314.2017.11.08.18.03.44; Wed, 08 Nov 2017 18:03:45 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CFF3860AF8; Thu, 9 Nov 2017 02:03:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D6E8060B5E; Thu, 9 Nov 2017 02:00:38 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0121260890; Thu, 9 Nov 2017 02:00:17 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id D905860605 for ; Thu, 9 Nov 2017 02:00:12 +0000 (UTC) Received: from mxback5g.mail.yandex.net (mxback5g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:166]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 8C50C134508A for ; Thu, 9 Nov 2017 05:00:11 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id mRVfX6L3m9-0BsemBko; Thu, 09 Nov 2017 05:00:11 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-0BEq9REr; Thu, 09 Nov 2017 05:00:11 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:05 +0300 Message-Id: <1510192807-13538-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 6/8] linux-gen: ipsec: add support for AES-GMAC-ESP X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Implement AES-GMAC-ESP support. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ platform/linux-generic/odp_ipsec_sad.c | 60 +++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 457b81d04..369d927ee 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -263,6 +263,36 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.auth_alg = param->crypto.auth_alg; crypto_param.auth_key = param->crypto.auth_key; + switch (crypto_param.cipher_alg) { + case ODP_CIPHER_ALG_NULL: + ipsec_sa->esp_iv_len = 0; + ipsec_sa->esp_block_len = 1; + break; + case ODP_CIPHER_ALG_DES: + case ODP_CIPHER_ALG_3DES_CBC: + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 8; + break; +#if ODP_DEPRECATED_API + case ODP_CIPHER_ALG_AES128_CBC: +#endif + case ODP_CIPHER_ALG_AES_CBC: + ipsec_sa->esp_iv_len = 16; + ipsec_sa->esp_block_len = 16; + break; +#if ODP_DEPRECATED_API + case ODP_CIPHER_ALG_AES128_GCM: +#endif + case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 16; + ipsec_sa->icv_len = 16; + break; + default: + goto error; + } + switch (crypto_param.auth_alg) { case ODP_AUTH_ALG_NULL: ipsec_sa->icv_len = 0; @@ -291,35 +321,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_AUTH_ALG_AES_GCM: ipsec_sa->icv_len = 16; break; - default: - goto error; - } - - switch (crypto_param.cipher_alg) { - case ODP_CIPHER_ALG_NULL: - ipsec_sa->esp_iv_len = 0; - ipsec_sa->esp_block_len = 1; - break; - case ODP_CIPHER_ALG_DES: - case ODP_CIPHER_ALG_3DES_CBC: - ipsec_sa->esp_iv_len = 8; - ipsec_sa->esp_block_len = 8; - break; -#if ODP_DEPRECATED_API - case ODP_CIPHER_ALG_AES128_CBC: -#endif - case ODP_CIPHER_ALG_AES_CBC: - ipsec_sa->esp_iv_len = 16; - ipsec_sa->esp_block_len = 16; - break; -#if ODP_DEPRECATED_API - case ODP_CIPHER_ALG_AES128_GCM: -#endif - case ODP_CIPHER_ALG_AES_GCM: + case ODP_AUTH_ALG_AES_GMAC: + if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg) + return ODP_IPSEC_SA_INVALID; ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; - crypto_param.iv.length = 12; + ipsec_sa->icv_len = 16; break; default: goto error; From patchwork Thu Nov 9 02:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118369 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6017518qgn; Wed, 8 Nov 2017 18:05:07 -0800 (PST) X-Google-Smtp-Source: ABhQp+TWzVYNdLNy8MPjaDBoP2qqdYgGHLeQ2PJ9zUYjDB+jeORc0UbqpUMcQ/IZ5z//H+YbE7+Q X-Received: by 10.107.222.17 with SMTP id v17mr3320559iog.283.1510193107405; Wed, 08 Nov 2017 18:05:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510193107; cv=none; d=google.com; s=arc-20160816; b=WcVb83K1E4Q70CDoyMyAB066o1++wUvToGV4T7R5xCoyewnctCYzWQWlQk+EDTgsEt SDHbVnEzT5kqNSR/ghJFr3tZTd+DMBN+MzZanfunZH3poQ6f9D3czD3tJ3SP//buewA9 hVILC71NHFFEH3vECMclnR0ylOLDr6QRreTlusnNVJXG+J7YLgyKU4hsB13HzmiV7U6U OzFZ2Gi2tqi7gPpcfBBLgTGyVh35UTGSXxCD1CHs9FkCxOKh54+PW3DTDMzM91mf3lRi JohhvNL+Qx3zfPaxILeON4m3bWcsKMUCVoUcw8WksDpDB7pjKgo4insVEr5RQGhbnfWu htjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=mrfozFaI6Zmk3U+zn9r9asXKmVJs8Dq+uvfxu3FljGs=; b=UPGm30ozIaVALm3fuwd/5iS+5+sMAjYtq8gfZiraSherY6+rrQ8r9zKOwxUjnMdH5H ulucvxtjcGrIT8hLeew+PKgaHrjMqM0Ffu2/0L4Z7wDn3B9Amy+jCfxSuCM9kjr/s81k gpci8JVUFOdx1ZM9t5F6ky49SCsCbJ0zz5Te32XR75O0lHEVD8RgGCeCNj0DWcPBXsb8 cJac5RGP16IovEA/L55O9EIL6SDM1oepx8SD37iggoqgM26sBvZJDft40dGvEupNGnHL GbRL79aPz7656xE+Oa1qObEPaVUXOls3k4GKvdApUFdJHgBtktYQOwTbFiQsVEoEKuO0 1pZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id i189si5210380itb.65.2017.11.08.18.05.06; Wed, 08 Nov 2017 18:05:07 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4233E60C9F; Thu, 9 Nov 2017 02:05:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 2C1A960C1C; Thu, 9 Nov 2017 02:00:42 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6342A60605; Thu, 9 Nov 2017 02:00:18 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id 492DF60628 for ; Thu, 9 Nov 2017 02:00:14 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 387925A0228A for ; Thu, 9 Nov 2017 05:00:13 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id cDJX8aYz1Z-0BKK3Wi6; Thu, 09 Nov 2017 05:00:13 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-0BEK4eac; Thu, 09 Nov 2017 05:00:11 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:06 +0300 Message-Id: <1510192807-13538-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 7/8] validation: ipsec: check authentication key length is supported X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add check through auth capabilities, verifying that key length is supported. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ test/validation/api/ipsec/ipsec.c | 32 ++++++++++++++++++++++++-------- test/validation/api/ipsec/ipsec.h | 11 ++++++----- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..fb5f7863e 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -119,13 +119,14 @@ static void pktio_stop(odp_pktio_t pktio) int ipsec_check(odp_bool_t ah, odp_cipher_alg_t cipher, uint32_t cipher_bits, - odp_auth_alg_t auth) + odp_auth_alg_t auth, + uint32_t auth_bits) { odp_ipsec_capability_t capa; odp_crypto_cipher_capability_t cipher_capa[MAX_ALG_CAPA]; odp_crypto_auth_capability_t auth_capa[MAX_ALG_CAPA]; int i, num; - odp_bool_t found = false; + odp_bool_t found; if (odp_ipsec_capability(&capa) < 0) return ODP_TEST_INACTIVE; @@ -212,6 +213,7 @@ int ipsec_check(odp_bool_t ah, } /* Search for the test case */ + found = false; for (i = 0; i < num; i++) { if (cipher_capa[i].key_len == cipher_bits / 8) { found = 1; @@ -230,42 +232,56 @@ int ipsec_check(odp_bool_t ah, return ODP_TEST_INACTIVE; } + /* Search for the test case */ + found = false; + for (i = 0; i < num; i++) { + if (auth_capa[i].key_len == auth_bits / 8) { + found = 1; + break; + } + } + + if (!found) { + fprintf(stderr, "Unsupported auth key length\n"); + return ODP_TEST_INACTIVE; + } + return ODP_TEST_ACTIVE; } int ipsec_check_ah_sha256(void) { - return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC); + return ipsec_check_ah(ODP_AUTH_ALG_SHA256_HMAC, 256); } int ipsec_check_esp_null_sha256(void) { return ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0, - ODP_AUTH_ALG_SHA256_HMAC); + ODP_AUTH_ALG_SHA256_HMAC, 256); } int ipsec_check_esp_aes_cbc_128_null(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128, - ODP_AUTH_ALG_NULL); + ODP_AUTH_ALG_NULL, 0); } int ipsec_check_esp_aes_cbc_128_sha256(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_CBC, 128, - ODP_AUTH_ALG_SHA256_HMAC); + ODP_AUTH_ALG_SHA256_HMAC, 256); } int ipsec_check_esp_aes_gcm_128(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128, - ODP_AUTH_ALG_AES_GCM); + ODP_AUTH_ALG_AES_GCM, 0); } int ipsec_check_esp_aes_gcm_256(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 256, - ODP_AUTH_ALG_AES_GCM); + ODP_AUTH_ALG_AES_GCM, 0); } void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..9dd0feabf 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -74,11 +74,12 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, int ipsec_check(odp_bool_t ah, odp_cipher_alg_t cipher, uint32_t cipher_bits, - odp_auth_alg_t auth); -#define ipsec_check_ah(auth) \ - ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth) -#define ipsec_check_esp(cipher, cipher_bits, auth) \ - ipsec_check(false, cipher, cipher_bits, auth) + odp_auth_alg_t auth, + uint32_t auth_bits); +#define ipsec_check_ah(auth, auth_bits) \ + ipsec_check(true, ODP_CIPHER_ALG_NULL, 0, auth, auth_bits) +#define ipsec_check_esp(cipher, cipher_bits, auth, auth_bits) \ + ipsec_check(false, cipher, cipher_bits, auth, auth_bits) int ipsec_check_ah_sha256(void); int ipsec_check_esp_null_sha256(void); int ipsec_check_esp_aes_cbc_128_null(void); From patchwork Thu Nov 9 02:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118370 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp6018127qgn; Wed, 8 Nov 2017 18:05:48 -0800 (PST) X-Google-Smtp-Source: ABhQp+QO0P1IK1SW3LCN8YC7Ge+nVsptBHJFjkLiyZkSGx47Y6Uxd9mFmRJ334JhTBMi9n/0kO0J X-Received: by 10.107.11.27 with SMTP id v27mr3269576ioi.179.1510193148203; Wed, 08 Nov 2017 18:05:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510193148; cv=none; d=google.com; s=arc-20160816; b=fOvPI6qcXvbnfs/iKSQW9E99qaDBK1b5HHsMxukxEZOFdSKb1QC58OuSB67Xw/p9qF 3s2Z5fhmLyM9ja1ICnAkkJtf7bukQY5nmBBwa0P8fKWsvYncNwEMK0qDLbzg/zWN3BAM d9Hx3xD4pKIJmTgZDHZBecOPdszyfY45Jb7wLQJHBCu/w7fZP+CjHFxI25O4u13JeZwK f8rFUPHinhdg41Yo+k/ZPf0c/ImzxB3+eVBnLflB2P838oalh0+7TBNYiP3vy1DTE0ET zC/7M26FTcQ/EHXEfLu5oolYjfpM49kjxESG0LCqNK5JgFGJehENVrSt/EIqc2C0WQcu 5CMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=eCsvyOvPfNf6i69Zv6CRH+2bR0uDuzdUPOMlNfYETYo=; b=0dWVzTdLtp4bOholEiS+vCyegdSDVEHnVYLhPlLMU9/lQfjcS7qFl3ooRdGy2lm+MH XJUHgPG27Qu76rdT8+7XuKWlzNM0pRafB4ZgyP6KkPPs3GI/+W9iiMx3OiU3aoUFS5Bb 3u0ivFaC+8oKW3173iTMkzHcJHrzapcciRJb++ia71kFRVJckHpLShN9MV7cSwq45+PY vRUBvV9DzRs7g4qKrS1OAdSaTqGXdQGvv0iAlR9Cb/VEgNf7eJJscRJPvrJVm80KfLI9 7dE5j2M1XbNinIop1qhHlfctry/S6pC60hV2HDn/U957oV5HjL3IVbTm6zygniVvbarC EAPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n9si5198436ita.169.2017.11.08.18.05.47; Wed, 08 Nov 2017 18:05:48 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 99C676098D; Thu, 9 Nov 2017 02:05:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 72C1460C2F; Thu, 9 Nov 2017 02:00:47 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7B76D608FF; Thu, 9 Nov 2017 02:00:21 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id 665C160631 for ; Thu, 9 Nov 2017 02:00:15 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward100o.mail.yandex.net (Yandex) with ESMTP id 0D8002A21F4D for ; Thu, 9 Nov 2017 05:00:14 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 5nsV7xVCCz-0D84kji1; Thu, 09 Nov 2017 05:00:13 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ftGesT1mbP-0DEeXoZk; Thu, 09 Nov 2017 05:00:13 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 9 Nov 2017 05:00:07 +0300 Message-Id: <1510192807-13538-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> References: <1510192807-13538-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 288 Subject: [lng-odp] [PATCH API-NEXT v2 8/8] validation: ipsec: support AES-GMAC-ESP validation X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add AES-GMAC-ESP testcase based on draft-mcgrew-gcm-test-01. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 288 (lumag:gmac) ** https://github.com/Linaro/odp/pull/288 ** Patch: https://github.com/Linaro/odp/pull/288.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: d0ac0597cf696e17a40a8eba131ad379ba0fa08f **/ test/validation/api/ipsec/ipsec.c | 10 +++++ test/validation/api/ipsec/ipsec.h | 1 + test/validation/api/ipsec/ipsec_test_in.c | 33 ++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 44 ++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 60 ++++++++++++++++++++++++++++++ 5 files changed, 148 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index fb5f7863e..8d63c36a1 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -201,6 +201,10 @@ int ipsec_check(odp_bool_t ah, if (!capa.auths.bit.aes_gcm) return ODP_TEST_INACTIVE; break; + case ODP_AUTH_ALG_AES_GMAC: + if (!capa.auths.bit.aes_gmac) + return ODP_TEST_INACTIVE; + break; default: fprintf(stderr, "Unsupported authentication algorithm\n"); return ODP_TEST_INACTIVE; @@ -284,6 +288,12 @@ int ipsec_check_esp_aes_gcm_256(void) ODP_AUTH_ALG_AES_GCM, 0); } +int ipsec_check_esp_null_aes_gmac_128(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_NULL, 0, + ODP_AUTH_ALG_AES_GMAC, 128); +} + void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, odp_bool_t in, odp_bool_t ah, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 9dd0feabf..4532fe7ce 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -86,5 +86,6 @@ int ipsec_check_esp_aes_cbc_128_null(void); int ipsec_check_esp_aes_cbc_128_sha256(void); int ipsec_check_esp_aes_gcm_128(void); int ipsec_check_esp_aes_gcm_256(void); +int ipsec_check_esp_null_aes_gmac_128(void); #endif diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..8e692f678 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -752,6 +752,37 @@ static void test_in_mcgrew_gcm_12_esp(void) ipsec_sa_destroy(sa); } +static void test_in_mcgrew_gcm_15_esp(void) +{ + odp_ipsec_tunnel_param_t tunnel = {}; + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 0x00004321, &tunnel, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_AES_GMAC, &key_mcgrew_gcm_15, + &key_mcgrew_gcm_salt_15); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_mcgrew_gcm_test_15_esp, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_mcgrew_gcm_test_15}, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -779,6 +810,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_gcm_128), ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_12_esp, ipsec_check_esp_aes_gcm_128), + ODP_TEST_INFO_CONDITIONAL(test_in_mcgrew_gcm_15_esp, + ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_tun, diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 39a3c30ff..7be07d095 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -319,6 +319,48 @@ static void test_out_esp_aes_gcm128(void) ipsec_sa_destroy(sa); } +static void test_out_esp_aes_null_gmac128(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_AES_GMAC, &key_a5_128, + &key_mcgrew_gcm_salt_2); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_AES_GMAC, &key_a5_128, + &key_mcgrew_gcm_salt_2); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + static void ipsec_test_capability(void) { odp_ipsec_capability_t capa; @@ -344,5 +386,7 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_aes_cbc_128_sha256), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_null_gmac128, + ipsec_check_esp_null_aes_gmac_128), ODP_TEST_INFO_NULL, }; diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 2fb06b2b7..20e737c99 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -45,6 +45,9 @@ KEY(key_mcgrew_gcm_salt_4, 0x00, 0x00, 0x00, 0x00); KEY(key_mcgrew_gcm_12, 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47); KEY(key_mcgrew_gcm_salt_12, 0xd9, 0x66, 0x42, 0x67); +KEY(key_mcgrew_gcm_15, 0x4c, 0x80, 0xcd, 0xef, 0xbb, 0x5d, 0x10, 0xda, + 0x90, 0x6a, 0xc7, 0x3c, 0x36, 0x13, 0xa6, 0x34); +KEY(key_mcgrew_gcm_salt_15, 0x22, 0x43, 0x3c, 0x64); static const ODP_UNUSED ipsec_test_packet pkt_icmp_0 = { .len = 142, @@ -962,4 +965,61 @@ static const ipsec_test_packet pkt_mcgrew_gcm_test_12_esp = { }, }; +static const ipsec_test_packet pkt_mcgrew_gcm_test_15 = { + .len = 62, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00, + 0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05, + 0xc0, 0xa8, 0x00, 0x01, + + /* ICMP */ + 0x08, 0x00, 0xc6, 0xcd, 0x02, 0x00, 0x07, 0x00, + 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, + 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, + 0x71, 0x72, 0x73, 0x74, + }, +}; + +static const ipsec_test_packet pkt_mcgrew_gcm_test_15_esp = { + .len = 118, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH - not a part of RFC, added for simplicity */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP - not a part of RFC, added for simplicity */ + 0x45, 0x00, 0x00, 0x68, 0x69, 0x8f, 0x00, 0x00, + 0x80, 0x32, 0x4d, 0xb2, 0xc0, 0xa8, 0x01, 0x02, + 0xc0, 0xa8, 0x01, 0x01, + + /* ESP */ + 0x00, 0x00, 0x43, 0x21, 0x00, 0x00, 0x00, 0x07, + + /* IV */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x30, 0xda, 0x3a, 0x00, 0x00, + 0x80, 0x01, 0xdf, 0x3b, 0xc0, 0xa8, 0x00, 0x05, + 0xc0, 0xa8, 0x00, 0x01, 0x08, 0x00, 0xc6, 0xcd, + 0x02, 0x00, 0x07, 0x00, 0x61, 0x62, 0x63, 0x64, + 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, + 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, + 0x01, 0x02, 0x02, 0x01, 0xf2, 0xa9, 0xa8, 0x36, + 0xe1, 0x55, 0x10, 0x6a, 0xa8, 0xdc, 0xd6, 0x18, + 0xe4, 0x09, 0x9a, 0xaa, + }, +}; + #endif