[COMMIT] branch api-next updated. v1.14.0.0-375-g826ee894 - git-lng-odp

19 May 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, api-next has been updated
       via  826ee894aa0ebd09d42a17e1de077c46bc5b366a (commit)
       via  191ee818e5951e8334ec54d40d5b02065ee33c5c (commit)
      from  f4c213cccc49b4b28557506ad19fba49b872d24f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 826ee894aa0ebd09d42a17e1de077c46bc5b366a
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Fri May 5 04:14:34 2017 +0300
linux: crypto: fix checking of GCM tags
Currently odp_crypto code will happily accept wrong tags, because the
    check for EVP_DecryptFinal_ex return code is incorrect. This function
    returns 0 if tag is incorrect, not < 0.
    https://bugs.linaro.org/show_bug.cgi?id=3003
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-and-tested-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org

diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c
index dfeb9f3f..a993542f 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -384,7 +384,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
    			  auth_len - (aad_tail - aad_head));
    }
-	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0)
+	if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) <= 0)
    	return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
return ODP_CRYPTO_ALG_ERR_NONE;
commit 191ee818e5951e8334ec54d40d5b02065ee33c5c
Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
Date:   Fri May 5 04:13:15 2017 +0300
test: crypto: add AES-GCM tests with wrong tag value
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org
    Reviewed-and-tested-by: Bill Fischofer bill.fischofer@linaro.org
    Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 24ea4932..bfc9da3c 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -697,10 +697,13 @@ void crypto_test_dec_alg_aes128_gcm(void)
    odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
    		 auth_key   = { .data = NULL, .length = 0 };
    odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN };
+	uint8_t wrong_digest[AES128_GCM_DIGEST_LEN];
    unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) /
    			     sizeof(aes128_gcm_reference_length[0]));
    unsigned int i;
+	memset(wrong_digest, 0xa5, sizeof(wrong_digest));
+
    for (i = 0; i < test_vec_num; i++) {
    	cipher_key.data = aes128_gcm_reference_key[i];
    	cipher_key.length = sizeof(aes128_gcm_reference_key[i]);
@@ -731,6 +734,23 @@ void crypto_test_dec_alg_aes128_gcm(void)
    		 aes128_gcm_reference_ciphertext[i] +
    		 aes128_gcm_reference_length[i],
    		 AES128_GCM_CHECK_LEN);
+
+		alg_test(ODP_CRYPTO_OP_DECODE,
+			 1,
+			 ODP_CIPHER_ALG_AES_GCM,
+			 iv,
+			 NULL,
+			 cipher_key,
+			 ODP_AUTH_ALG_AES_GCM,
+			 auth_key,
+			 &aes128_gcm_cipher_range[i],
+			 &aes128_gcm_auth_range[i],
+			 aes128_gcm_reference_ciphertext[i],
+			 aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+			 aes128_gcm_reference_plaintext[i],
+			 aes128_gcm_reference_length[i],
+			 wrong_digest,
+			 AES128_GCM_CHECK_LEN);
    }
 }
@@ -744,10 +764,13 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void)
    odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
    		 auth_key   = { .data = NULL, .length = 0 };
    odp_crypto_iv_t iv = { .data = NULL, .length = AES128_GCM_IV_LEN };
+	uint8_t wrong_digest[AES128_GCM_DIGEST_LEN];
    unsigned int test_vec_num = (sizeof(aes128_gcm_reference_length) /
    			     sizeof(aes128_gcm_reference_length[0]));
    unsigned int i;
+	memset(wrong_digest, 0xa5, sizeof(wrong_digest));
+
    for (i = 0; i < test_vec_num; i++) {
    	cipher_key.data = aes128_gcm_reference_key[i];
    	cipher_key.length = sizeof(aes128_gcm_reference_key[i]);
@@ -776,6 +799,23 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void)
    		 aes128_gcm_reference_ciphertext[i] +
    		 aes128_gcm_reference_length[i],
    		 AES128_GCM_CHECK_LEN);
+
+		alg_test(ODP_CRYPTO_OP_DECODE,
+			 1,
+			 ODP_CIPHER_ALG_AES_GCM,
+			 iv,
+			 aes128_gcm_reference_iv[i],
+			 cipher_key,
+			 ODP_AUTH_ALG_AES_GCM,
+			 auth_key,
+			 &aes128_gcm_cipher_range[i],
+			 &aes128_gcm_auth_range[i],
+			 aes128_gcm_reference_ciphertext[i],
+			 aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+			 aes128_gcm_reference_plaintext[i],
+			 aes128_gcm_reference_length[i],
+			 wrong_digest,
+			 AES128_GCM_CHECK_LEN);
    }
 }
-----------------------------------------------------------------------
Summary of changes:
 platform/linux-generic/odp_crypto.c                |  2 +-
 .../validation/api/crypto/odp_crypto_test_inp.c    | 40 ++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)
hooks/post-receive
-- 


    