This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "".
The branch, next has been updated via 008a23fcbc95191f7569df8e0deb4228e32b82cb (commit) via ca5dce2a7988212c5c409ea5e6c73614e6856536 (commit) via 7dd6b62bd918a3c9c48b45fa3a8fc4057bba9ee0 (commit) via 6c49c6e8b2201e41213b5399c9fc1b4203df6612 (commit) via dbed4b92dd4431c43271167ff8bf84f5e2877ced (commit) via 3187310d67e8810c67168e004bd9e056ae0dc213 (commit) via c8b13fd727910b4606d0712c5116006aed1792d8 (commit) via 67e3173ae6c966c5d722cc89c838126385f77fec (commit) via 2e59669a8746a54f04b9036ec8c2758f1a4c18c8 (commit) via e6396aa4d737fdce41c22628f9f77bb5a4ef3d3e (commit) via 95696c71a245dc045953a7d75dfc209ac1692ffe (commit) via 7f13493f5b8c41c8a83c65ecc6bb5763b84d4225 (commit) via af566ae11d48162d21c1e2648fa0b32d189067f8 (commit) via df537d430d94f85de8d6e1d0643e4c65387cf392 (commit) via 2d25eca61e25d099017ec2924278dcea6c4b821f (commit) via 71cfbe6fe938f7351b0c7637f290ae823132c207 (commit) via 30bf39b9afb2ee5703bac4227effc5808bb337d7 (commit) via aeb33071432c5d4d3c83f4556199fabdbc540164 (commit) via f0968cf3a4281cd45f7c490e1cfc84f93d2a37b6 (commit) via 798182b6930bc70fb759516dd8a3964bcf1812a8 (commit) via 0ee8b0ec8668734a43b57b3d76f37a1bdddf03fb (commit) via 196521caf9adb8eea4e0b2c79d6aa2f3240c3944 (commit) via 60b2c5a0bb2595f7ef5ca3bbc59097674a28ae1d (commit) via 562059f5d7841f30eab228ac218a46d1c3110010 (commit) from 14bebe8bac40b2b0f4a00cce4ef9a7031cc1b8cc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 008a23fcbc95191f7569df8e0deb4228e32b82cb Author: Maxim Uvarov maxim.uvarov@linaro.org Date: Fri Jun 2 15:58:52 2017 +0300
update API version number from v1.14.0.0 to v1.15.0.0
Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/configure.ac b/configure.ac index 58682564..bea4e1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.5]) # Set correct API version ########################################################################## m4_define([odpapi_generation_version], [1]) -m4_define([odpapi_major_version], [14]) +m4_define([odpapi_major_version], [15]) m4_define([odpapi_minor_version], [0]) m4_define([odpapi_point_version], [0]) m4_define([odpapi_version], @@ -39,10 +39,10 @@ AM_SILENT_RULES([yes]) # 3. if interfaces were removed, then use C+1:0:0 ##########################################################################
-ODP_LIBSO_VERSION=114:0:1 +ODP_LIBSO_VERSION=115:0:2 AC_SUBST(ODP_LIBSO_VERSION)
-ODPHELPER_LIBSO_VERSION=112:0:0 +ODPHELPER_LIBSO_VERSION=112:1:0 AC_SUBST(ODPHELPER_LIBSO_VERSION)
# Checks for programs.
commit ca5dce2a7988212c5c409ea5e6c73614e6856536 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:39 2017 +0300
linux-generic: crypto: add HMAC-SHA-512 authentication support
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 3117f65d..6fc1907d 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -69,6 +69,10 @@ static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = { {.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} }, {.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+static const odp_crypto_auth_capability_t auth_capa_sha512_hmac[] = { +{.digest_len = 32, .key_len = 64, .aad_len = {.min = 0, .max = 0, .inc = 0} }, +{.digest_len = 64, .key_len = 64, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; + static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
@@ -555,7 +559,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa) capa->auths.bit.md5_hmac = 1; capa->auths.bit.sha1_hmac = 1; capa->auths.bit.sha256_hmac = 1; - capa->auths.bit.sha512_hmac = 0; + capa->auths.bit.sha512_hmac = 1; capa->auths.bit.aes_gcm = 1;
#if ODP_DEPRECATED_API @@ -636,6 +640,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, src = auth_capa_sha256_hmac; num = sizeof(auth_capa_sha256_hmac) / size; break; + case ODP_AUTH_ALG_SHA512_HMAC: + src = auth_capa_sha512_hmac; + num = sizeof(auth_capa_sha512_hmac) / size; + break; case ODP_AUTH_ALG_AES_GCM: src = auth_capa_aes_gcm; num = sizeof(auth_capa_aes_gcm) / size; @@ -761,6 +769,9 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, case ODP_AUTH_ALG_SHA256_HMAC: rc = process_auth_param(session, 32, EVP_sha256()); break; + case ODP_AUTH_ALG_SHA512_HMAC: + rc = process_auth_param(session, 64, EVP_sha512()); + break; #if ODP_DEPRECATED_API case ODP_AUTH_ALG_AES128_GCM: if (param->cipher_alg == ODP_CIPHER_ALG_AES128_GCM)
commit 7dd6b62bd918a3c9c48b45fa3a8fc4057bba9ee0 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:38 2017 +0300
linux-generic: crypto: add SHA-1 authentication support
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 9e5a1190..3117f65d 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -61,6 +61,10 @@ static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = { {.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} }, {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+static const odp_crypto_auth_capability_t auth_capa_sha1_hmac[] = { +{.digest_len = 12, .key_len = 20, .aad_len = {.min = 0, .max = 0, .inc = 0} }, +{.digest_len = 20, .key_len = 20, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; + static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = { {.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} }, {.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; @@ -549,7 +553,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
capa->auths.bit.null = 1; capa->auths.bit.md5_hmac = 1; - capa->auths.bit.sha1_hmac = 0; + capa->auths.bit.sha1_hmac = 1; capa->auths.bit.sha256_hmac = 1; capa->auths.bit.sha512_hmac = 0; capa->auths.bit.aes_gcm = 1; @@ -624,6 +628,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, src = auth_capa_md5_hmac; num = sizeof(auth_capa_md5_hmac) / size; break; + case ODP_AUTH_ALG_SHA1_HMAC: + src = auth_capa_sha1_hmac; + num = sizeof(auth_capa_sha1_hmac) / size; + break; case ODP_AUTH_ALG_SHA256_HMAC: src = auth_capa_sha256_hmac; num = sizeof(auth_capa_sha256_hmac) / size; @@ -741,6 +749,9 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, case ODP_AUTH_ALG_MD5_HMAC: rc = process_auth_param(session, 16, EVP_md5()); break; + case ODP_AUTH_ALG_SHA1_HMAC: + rc = process_auth_param(session, 20, EVP_sha1()); + break; #if ODP_DEPRECATED_API case ODP_AUTH_ALG_SHA256_128: /* Fixed digest tag length with deprecated algo */
commit 6c49c6e8b2201e41213b5399c9fc1b4203df6612 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:37 2017 +0300
validation: crypto: add HMAC-SHA-512 test cases
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/validation/api/crypto/crypto.h b/test/common_plat/validation/api/crypto/crypto.h index 84e67379..dd15b448 100644 --- a/test/common_plat/validation/api/crypto/crypto.h +++ b/test/common_plat/validation/api/crypto/crypto.h @@ -30,7 +30,8 @@ void crypto_test_gen_alg_hmac_sha1(void); void crypto_test_check_alg_hmac_sha1(void); void crypto_test_gen_alg_hmac_sha256(void); void crypto_test_check_alg_hmac_sha256(void); -void crypto_test_alg_hmac_sha512(void); +void crypto_test_gen_alg_hmac_sha512(void); +void crypto_test_check_alg_hmac_sha512(void);
/* test arrays: */ extern odp_testinfo_t crypto_suite[]; diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index 6129d82d..ae600e23 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -32,6 +32,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth) return "ODP_AUTH_ALG_SHA1_HMAC"; case ODP_AUTH_ALG_SHA256_HMAC: return "ODP_AUTH_ALG_SHA256_HMAC"; + case ODP_AUTH_ALG_SHA512_HMAC: + return "ODP_AUTH_ALG_SHA512_HMAC"; case ODP_AUTH_ALG_AES_GCM: return "ODP_AUTH_ALG_AES_GCM"; default: @@ -139,6 +141,9 @@ static void alg_test(odp_crypto_op_t op, if (auth_alg == ODP_AUTH_ALG_SHA256_HMAC && !(capa.auths.bit.sha256_hmac)) rc = -1; + if (auth_alg == ODP_AUTH_ALG_SHA512_HMAC && + !(capa.auths.bit.sha512_hmac)) + rc = -1;
CU_ASSERT(!rc); CU_ASSERT((~capa.auths.all_bits & capa.hw_auths.all_bits) == 0); @@ -1391,9 +1396,106 @@ static int check_alg_hmac_sha512(void) return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA512_HMAC); }
-void crypto_test_alg_hmac_sha512(void) +/* This test verifies the correctness of HMAC_SHA512 digest operation. + * The output check length is truncated to 32 bytes (256 bits) as + * returned by the crypto operation API call. + * Note that hash digest is a one-way operation. + * In addition the test verifies if the implementation can use the + * packet buffer as completion event buffer. + * */ +void crypto_test_gen_alg_hmac_sha512(void) { - printf(" TEST NOT IMPLEMENTED YET "); + odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, + auth_key = { .data = NULL, .length = 0 }; + odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; + + unsigned int test_vec_num = (sizeof(hmac_sha512_reference_length) / + sizeof(hmac_sha512_reference_length[0])); + + unsigned int i; + + for (i = 0; i < test_vec_num; i++) { + auth_key.data = hmac_sha512_reference_key[i]; + auth_key.length = sizeof(hmac_sha512_reference_key[i]); + + if (!check_auth_options(ODP_AUTH_ALG_SHA512_HMAC, + auth_key.length, + HMAC_SHA512_256_CHECK_LEN)) + continue; + + alg_test(ODP_CRYPTO_OP_ENCODE, + 0, + ODP_CIPHER_ALG_NULL, + iv, + iv.data, + cipher_key, + ODP_AUTH_ALG_SHA512_HMAC, + auth_key, + NULL, NULL, + NULL, 0, + hmac_sha512_reference_plaintext[i], + hmac_sha512_reference_length[i], + NULL, 0, + hmac_sha512_reference_digest[i], + HMAC_SHA512_256_CHECK_LEN); + } +} + +void crypto_test_check_alg_hmac_sha512(void) +{ + odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, + auth_key = { .data = NULL, .length = 0 }; + odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; + uint8_t wrong_digest[HMAC_SHA512_DIGEST_LEN]; + + unsigned int test_vec_num = (sizeof(hmac_sha512_reference_length) / + sizeof(hmac_sha512_reference_length[0])); + + unsigned int i; + + memset(wrong_digest, 0xa5, sizeof(wrong_digest)); + + for (i = 0; i < test_vec_num; i++) { + auth_key.data = hmac_sha512_reference_key[i]; + auth_key.length = sizeof(hmac_sha512_reference_key[i]); + + if (!check_auth_options(ODP_AUTH_ALG_SHA512_HMAC, + auth_key.length, + HMAC_SHA512_256_CHECK_LEN)) + continue; + + alg_test(ODP_CRYPTO_OP_DECODE, + 0, + ODP_CIPHER_ALG_NULL, + iv, + iv.data, + cipher_key, + ODP_AUTH_ALG_SHA512_HMAC, + auth_key, + NULL, NULL, + NULL, 0, + hmac_sha512_reference_plaintext[i], + hmac_sha512_reference_length[i], + NULL, 0, + hmac_sha512_reference_digest[i], + HMAC_SHA512_256_CHECK_LEN); + + alg_test(ODP_CRYPTO_OP_DECODE, + 1, + ODP_CIPHER_ALG_NULL, + iv, + iv.data, + cipher_key, + ODP_AUTH_ALG_SHA512_HMAC, + auth_key, + NULL, NULL, + NULL, 0, + hmac_sha512_reference_plaintext[i], + hmac_sha512_reference_length[i], + NULL, 0, + wrong_digest, + HMAC_SHA512_256_CHECK_LEN); + } }
int crypto_suite_sync_init(void) @@ -1461,7 +1563,9 @@ odp_testinfo_t crypto_suite[] = { check_alg_hmac_sha256), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha256, check_alg_hmac_sha256), - ODP_TEST_INFO_CONDITIONAL(crypto_test_alg_hmac_sha512, + ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_sha512, + check_alg_hmac_sha512), + ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha512, check_alg_hmac_sha512), ODP_TEST_INFO_NULL, }; diff --git a/test/common_plat/validation/api/crypto/test_vectors.h b/test/common_plat/validation/api/crypto/test_vectors.h index 1de54964..bd8bf347 100644 --- a/test/common_plat/validation/api/crypto/test_vectors.h +++ b/test/common_plat/validation/api/crypto/test_vectors.h @@ -397,4 +397,54 @@ static uint8_t hmac_sha1_reference_digest[][HMAC_SHA1_DIGEST_LEN] = { 0x11, 0xcd, 0x91, 0xa3, 0x9a, 0xf4 }, };
+static uint8_t hmac_sha512_reference_key[][HMAC_SHA512_KEY_LEN] = { + { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b }, + + /* "Jefe" */ + { 0x4a, 0x65, 0x66, 0x65 }, + + { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa } +}; + +static uint32_t hmac_sha512_reference_length[] = { 8, 28, 50 }; + +static uint8_t +hmac_sha512_reference_plaintext[][HMAC_SHA512_MAX_DATA_LEN] = { + /* "Hi There" */ + { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, + + /* what do ya want for nothing?*/ + { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f }, + + { 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd } +}; + +static uint8_t hmac_sha512_reference_digest[][HMAC_SHA512_DIGEST_LEN] = { + { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, + 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, + 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, + 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde }, + + { 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, + 0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3, + 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, + 0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54 }, + + { 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, + 0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9, + 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, + 0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39 } +}; + #endif diff --git a/test/common_plat/validation/api/crypto/test_vectors_len.h b/test/common_plat/validation/api/crypto/test_vectors_len.h index 5c3ddcee..20a7ddba 100644 --- a/test/common_plat/validation/api/crypto/test_vectors_len.h +++ b/test/common_plat/validation/api/crypto/test_vectors_len.h @@ -41,4 +41,10 @@ #define HMAC_SHA1_DIGEST_LEN 20 #define HMAC_SHA1_96_CHECK_LEN 12
+/* HMAC-SHA512 */ +#define HMAC_SHA512_KEY_LEN 64 +#define HMAC_SHA512_MAX_DATA_LEN 128 +#define HMAC_SHA512_DIGEST_LEN 64 +#define HMAC_SHA512_256_CHECK_LEN 32 + #endif
commit dbed4b92dd4431c43271167ff8bf84f5e2877ced Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:36 2017 +0300
validation: crypto: add HMAC-SHA-1 test cases
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/validation/api/crypto/crypto.h b/test/common_plat/validation/api/crypto/crypto.h index 2a491c3c..84e67379 100644 --- a/test/common_plat/validation/api/crypto/crypto.h +++ b/test/common_plat/validation/api/crypto/crypto.h @@ -26,7 +26,8 @@ void crypto_test_dec_alg_aes128_gcm(void); void crypto_test_dec_alg_aes128_gcm_ovr_iv(void); void crypto_test_gen_alg_hmac_md5(void); void crypto_test_check_alg_hmac_md5(void); -void crypto_test_alg_hmac_sha1(void); +void crypto_test_gen_alg_hmac_sha1(void); +void crypto_test_check_alg_hmac_sha1(void); void crypto_test_gen_alg_hmac_sha256(void); void crypto_test_check_alg_hmac_sha256(void); void crypto_test_alg_hmac_sha512(void); diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index 4d8f7b54..6129d82d 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -28,6 +28,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth) return "ODP_AUTH_ALG_NULL"; case ODP_AUTH_ALG_MD5_HMAC: return "ODP_AUTH_ALG_MD5_HMAC"; + case ODP_AUTH_ALG_SHA1_HMAC: + return "ODP_AUTH_ALG_SHA1_HMAC"; case ODP_AUTH_ALG_SHA256_HMAC: return "ODP_AUTH_ALG_SHA256_HMAC"; case ODP_AUTH_ALG_AES_GCM: @@ -131,6 +133,9 @@ static void alg_test(odp_crypto_op_t op, if (auth_alg == ODP_AUTH_ALG_NULL && !(capa.auths.bit.null)) rc = -1; + if (auth_alg == ODP_AUTH_ALG_SHA1_HMAC && + !(capa.auths.bit.sha1_hmac)) + rc = -1; if (auth_alg == ODP_AUTH_ALG_SHA256_HMAC && !(capa.auths.bit.sha256_hmac)) rc = -1; @@ -1167,6 +1172,113 @@ void crypto_test_check_alg_hmac_md5(void) } }
+static int check_alg_hmac_sha1(void) +{ + return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA1_HMAC); +} + +/* This test verifies the correctness of HMAC_SHA1 digest operation. + * The output check length is truncated to 12 bytes (96 bits) as + * returned by the crypto operation API call. + * Note that hash digest is a one-way operation. + * In addition the test verifies if the implementation can use the + * packet buffer as completion event buffer. + * */ +void crypto_test_gen_alg_hmac_sha1(void) +{ + odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, + auth_key = { .data = NULL, .length = 0 }; + odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; + + unsigned int test_vec_num = (sizeof(hmac_sha1_reference_length) / + sizeof(hmac_sha1_reference_length[0])); + + unsigned int i; + + for (i = 0; i < test_vec_num; i++) { + auth_key.data = hmac_sha1_reference_key[i]; + auth_key.length = sizeof(hmac_sha1_reference_key[i]); + + if (!check_auth_options(ODP_AUTH_ALG_SHA1_HMAC, + auth_key.length, + HMAC_SHA1_96_CHECK_LEN)) + continue; + + alg_test(ODP_CRYPTO_OP_ENCODE, + 0, + ODP_CIPHER_ALG_NULL, + iv, + iv.data, + cipher_key, + ODP_AUTH_ALG_SHA1_HMAC, + auth_key, + NULL, NULL, + NULL, 0, + hmac_sha1_reference_plaintext[i], + hmac_sha1_reference_length[i], + NULL, 0, + hmac_sha1_reference_digest[i], + HMAC_SHA1_96_CHECK_LEN); + } +} + +void crypto_test_check_alg_hmac_sha1(void) +{ + odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, + auth_key = { .data = NULL, .length = 0 }; + odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; + uint8_t wrong_digest[HMAC_SHA1_DIGEST_LEN]; + + unsigned int test_vec_num = (sizeof(hmac_sha1_reference_length) / + sizeof(hmac_sha1_reference_length[0])); + + unsigned int i; + + memset(wrong_digest, 0xa5, sizeof(wrong_digest)); + + for (i = 0; i < test_vec_num; i++) { + auth_key.data = hmac_sha1_reference_key[i]; + auth_key.length = sizeof(hmac_sha1_reference_key[i]); + + if (!check_auth_options(ODP_AUTH_ALG_SHA1_HMAC, + auth_key.length, + HMAC_SHA1_96_CHECK_LEN)) + continue; + + alg_test(ODP_CRYPTO_OP_DECODE, + 0, + ODP_CIPHER_ALG_NULL, + iv, + iv.data, + cipher_key, + ODP_AUTH_ALG_SHA1_HMAC, + auth_key, + NULL, NULL, + NULL, 0, + hmac_sha1_reference_plaintext[i], + hmac_sha1_reference_length[i], + NULL, 0, + hmac_sha1_reference_digest[i], + HMAC_SHA1_96_CHECK_LEN); + + alg_test(ODP_CRYPTO_OP_DECODE, + 1, + ODP_CIPHER_ALG_NULL, + iv, + iv.data, + cipher_key, + ODP_AUTH_ALG_SHA1_HMAC, + auth_key, + NULL, NULL, + NULL, 0, + hmac_sha1_reference_plaintext[i], + hmac_sha1_reference_length[i], + NULL, 0, + wrong_digest, + HMAC_SHA1_96_CHECK_LEN); + } +} + static int check_alg_hmac_sha256(void) { return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA256_HMAC); @@ -1274,16 +1386,6 @@ void crypto_test_check_alg_hmac_sha256(void) } }
-static int check_alg_hmac_sha1(void) -{ - return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA1_HMAC); -} - -void crypto_test_alg_hmac_sha1(void) -{ - printf(" TEST NOT IMPLEMENTED YET "); -} - static int check_alg_hmac_sha512(void) { return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA512_HMAC); @@ -1351,7 +1453,9 @@ odp_testinfo_t crypto_suite[] = { check_alg_hmac_md5), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_md5, check_alg_hmac_md5), - ODP_TEST_INFO_CONDITIONAL(crypto_test_alg_hmac_sha1, + ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_sha1, + check_alg_hmac_sha1), + ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha1, check_alg_hmac_sha1), ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_sha256, check_alg_hmac_sha256), diff --git a/test/common_plat/validation/api/crypto/test_vectors.h b/test/common_plat/validation/api/crypto/test_vectors.h index 6d568b91..1de54964 100644 --- a/test/common_plat/validation/api/crypto/test_vectors.h +++ b/test/common_plat/validation/api/crypto/test_vectors.h @@ -353,4 +353,48 @@ static uint32_t hmac_sha256_reference_digest_length[] = { 16, 16, 16 };
+static uint8_t hmac_sha1_reference_key[][HMAC_SHA1_KEY_LEN] = { + { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b }, + + /* "Jefe" */ + { 0x4a, 0x65, 0x66, 0x65 }, + + { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa } +}; + +static uint32_t hmac_sha1_reference_length[] = { 8, 28, 50 }; + +static uint8_t +hmac_sha1_reference_plaintext[][HMAC_SHA1_MAX_DATA_LEN] = { + /* "Hi There" */ + { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65}, + + /* what do ya want for nothing?*/ + { 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f }, + + { 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd } +}; + +static uint8_t hmac_sha1_reference_digest[][HMAC_SHA1_DIGEST_LEN] = { + { 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, + 0x72, 0x64, 0xe2, 0x8b, 0xc0, 0xb6 }, + + { 0xef, 0xfc, 0xdf, 0x6a, 0xe5, 0xeb, + 0x2f, 0xa2, 0xd2, 0x74, 0x16, 0xd5 }, + + { 0x12, 0x5d, 0x73, 0x42, 0xb9, 0xac, + 0x11, 0xcd, 0x91, 0xa3, 0x9a, 0xf4 }, +}; + #endif diff --git a/test/common_plat/validation/api/crypto/test_vectors_len.h b/test/common_plat/validation/api/crypto/test_vectors_len.h index c1521dd7..5c3ddcee 100644 --- a/test/common_plat/validation/api/crypto/test_vectors_len.h +++ b/test/common_plat/validation/api/crypto/test_vectors_len.h @@ -35,4 +35,10 @@ #define HMAC_SHA256_MAX_DATA_LEN 128 #define HMAC_SHA256_DIGEST_LEN 32
+/* HMAC-SHA1 */ +#define HMAC_SHA1_KEY_LEN 20 +#define HMAC_SHA1_MAX_DATA_LEN 128 +#define HMAC_SHA1_DIGEST_LEN 20 +#define HMAC_SHA1_96_CHECK_LEN 12 + #endif
commit 3187310d67e8810c67168e004bd9e056ae0dc213 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:35 2017 +0300
validation: crypto: add tests for NULL cipher
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/validation/api/crypto/crypto.h b/test/common_plat/validation/api/crypto/crypto.h index 4d810f62..2a491c3c 100644 --- a/test/common_plat/validation/api/crypto/crypto.h +++ b/test/common_plat/validation/api/crypto/crypto.h @@ -10,6 +10,8 @@ #include "odp_cunit_common.h"
/* test functions: */ +void crypto_test_enc_alg_null(void); +void crypto_test_dec_alg_null(void); void crypto_test_enc_alg_3des_cbc(void); void crypto_test_enc_alg_3des_cbc_ovr_iv(void); void crypto_test_dec_alg_3des_cbc(void); diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index 470c5bc5..4d8f7b54 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -430,6 +430,73 @@ static int check_auth_options(odp_auth_alg_t auth, uint32_t key_len, return 1; }
+static int check_alg_null(void) +{ + return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_NULL); +} + +void crypto_test_enc_alg_null(void) +{ + odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, + auth_key = { .data = NULL, .length = 0 }; + odp_crypto_iv_t iv = { .data = NULL, .length = 0}; + unsigned int test_vec_num = (sizeof(null_reference_length) / + sizeof(null_reference_length[0])); + unsigned int i; + + for (i = 0; i < test_vec_num; i++) { + if (!check_cipher_options(ODP_CIPHER_ALG_NULL, + cipher_key.length, iv.length)) + continue; + + alg_test(ODP_CRYPTO_OP_ENCODE, + 0, + ODP_CIPHER_ALG_NULL, + iv, + NULL, + cipher_key, + ODP_AUTH_ALG_NULL, + auth_key, + NULL, NULL, + NULL, 0, + null_reference_plaintext[i], + null_reference_length[i], + null_reference_plaintext[i], + null_reference_length[i], NULL, 0); + } +} + +void crypto_test_dec_alg_null(void) +{ + odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 }, + auth_key = { .data = NULL, .length = 0 }; + odp_crypto_iv_t iv = { .data = NULL, .length = 0 }; + unsigned int test_vec_num = (sizeof(null_reference_length) / + sizeof(null_reference_length[0])); + unsigned int i; + + for (i = 0; i < test_vec_num; i++) { + if (!check_cipher_options(ODP_CIPHER_ALG_NULL, + cipher_key.length, iv.length)) + continue; + + alg_test(ODP_CRYPTO_OP_DECODE, + 0, + ODP_CIPHER_ALG_NULL, + iv, + NULL, + cipher_key, + ODP_AUTH_ALG_NULL, + auth_key, + NULL, NULL, + NULL, 0, + null_reference_plaintext[i], + null_reference_length[i], + null_reference_plaintext[i], + null_reference_length[i], NULL, 0); + } +} + static int check_alg_3des_cbc(void) { return check_alg_support(ODP_CIPHER_ALG_3DES_CBC, ODP_AUTH_ALG_NULL); @@ -1252,6 +1319,10 @@ int crypto_suite_async_init(void) }
odp_testinfo_t crypto_suite[] = { + ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_null, + check_alg_null), + ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_null, + check_alg_null), ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_3des_cbc, check_alg_3des_cbc), ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc, diff --git a/test/common_plat/validation/api/crypto/test_vectors.h b/test/common_plat/validation/api/crypto/test_vectors.h index 0d36c249..6d568b91 100644 --- a/test/common_plat/validation/api/crypto/test_vectors.h +++ b/test/common_plat/validation/api/crypto/test_vectors.h @@ -8,6 +8,18 @@ #define _ODP_TEST_CRYPTO_VECTORS_H_
#include "test_vectors_len.h" + +/** length in bytes */ +static uint32_t null_reference_length[] = { 8, 16 }; + +static uint8_t +null_reference_plaintext[][NULL_MAX_DATA_LEN] = { + {0x32, 0x6a, 0x49, 0x4c, 0xd3, 0x3f, 0xe7, 0x56}, + + {0x84, 0x40, 0x1f, 0x78, 0xfe, 0x6c, 0x10, 0x87, 0x6d, 0x8e, 0xa2, 0x30, + 0x94, 0xea, 0x53, 0x09} +}; + /* TDES-CBC reference vectors, according to * "http://csrc.nist.gov/groups/STM/cavp/documents/des/DESMMT.pdf" */ diff --git a/test/common_plat/validation/api/crypto/test_vectors_len.h b/test/common_plat/validation/api/crypto/test_vectors_len.h index 80fd927b..c1521dd7 100644 --- a/test/common_plat/validation/api/crypto/test_vectors_len.h +++ b/test/common_plat/validation/api/crypto/test_vectors_len.h @@ -6,6 +6,9 @@ #ifndef TEST_VECTORS_LEN_ #define TEST_VECTORS_LEN_
+/* NULL */ +#define NULL_MAX_DATA_LEN 16 + /* TDES-CBC */ #define TDES_CBC_KEY_LEN 24 #define TDES_CBC_IV_LEN 8
commit c8b13fd727910b4606d0712c5116006aed1792d8 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:34 2017 +0300
crypto: linux-generic: add capabilities for CIPHER_NULL and AUTH_NULL
There is no point in having separate cases for NULL algorithms. Add capabilities returning 0 key/digest/iv length.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 32fece30..9e5a1190 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -34,6 +34,9 @@ * * Keep sorted: first by key length, then by IV length */ +static const odp_crypto_cipher_capability_t cipher_capa_null[] = { +{.key_len = 0, .iv_len = 0} }; + static const odp_crypto_cipher_capability_t cipher_capa_des[] = { {.key_len = 24, .iv_len = 8} };
@@ -51,6 +54,9 @@ static const odp_crypto_cipher_capability_t cipher_capa_aes_gcm[] = { * * Keep sorted: first by digest length, then by key length */ +static const odp_crypto_auth_capability_t auth_capa_null[] = { +{.digest_len = 0, .key_len = 0, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; + static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = { {.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} }, {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; @@ -571,8 +577,8 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher,
switch (cipher) { case ODP_CIPHER_ALG_NULL: - src = NULL; - num = 0; + src = cipher_capa_null; + num = sizeof(cipher_capa_null) / size; break; case ODP_CIPHER_ALG_DES: src = cipher_capa_des; @@ -611,8 +617,8 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
switch (auth) { case ODP_AUTH_ALG_NULL: - src = NULL; - num = 0; + src = auth_capa_null; + num = sizeof(auth_capa_null) / size; break; case ODP_AUTH_ALG_MD5_HMAC: src = auth_capa_md5_hmac; diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index c89d04f9..470c5bc5 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -141,13 +141,8 @@ static void alg_test(odp_crypto_op_t op, num = odp_crypto_cipher_capability(cipher_alg, cipher_capa, MAX_ALG_CAPA);
- if (cipher_alg != ODP_CIPHER_ALG_NULL) { - CU_ASSERT(num > 0); - found = 0; - } else { - CU_ASSERT(num == 0); - found = 1; - } + CU_ASSERT(num > 0); + found = 0;
CU_ASSERT(num <= MAX_ALG_CAPA);
@@ -167,13 +162,8 @@ static void alg_test(odp_crypto_op_t op,
num = odp_crypto_auth_capability(auth_alg, auth_capa, MAX_ALG_CAPA);
- if (auth_alg != ODP_AUTH_ALG_NULL) { - CU_ASSERT(num > 0); - found = 0; - } else { - CU_ASSERT(num == 0); - found = 1; - } + CU_ASSERT(num > 0); + found = 0;
CU_ASSERT(num <= MAX_ALG_CAPA);
commit 67e3173ae6c966c5d722cc89c838126385f77fec Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:33 2017 +0300
test: odp_crypto: bail out if odp_crypto_session_create failed
If odp_crypto_session_create() failed, there is no point in checking/freeing session, as it might not have been updated.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/performance/odp_crypto.c b/test/common_plat/performance/odp_crypto.c index 6a58294a..c3dd6d38 100644 --- a/test/common_plat/performance/odp_crypto.c +++ b/test/common_plat/performance/odp_crypto.c @@ -665,34 +665,32 @@ run_measure_one_config(crypto_args_t *cargs, int rc = 0;
if (create_session_from_config(&session, config, cargs)) - rc = -1; - - if (!rc) { - if (cargs->payload_length) { - rc = run_measure_one(cargs, config, &session, - cargs->payload_length, &result); - if (!rc) { - print_result_header(); - print_result(cargs, cargs->payload_length, - config, &result); - } - } else { - unsigned i; + return -1;
+ if (cargs->payload_length) { + rc = run_measure_one(cargs, config, &session, + cargs->payload_length, &result); + if (!rc) { print_result_header(); - for (i = 0; i < num_payloads; i++) { - rc = run_measure_one(cargs, config, &session, - payloads[i], &result); - if (rc) - break; - print_result(cargs, payloads[i], - config, &result); - } + print_result(cargs, cargs->payload_length, + config, &result); + } + } else { + unsigned i; + + print_result_header(); + for (i = 0; i < num_payloads; i++) { + rc = run_measure_one(cargs, config, &session, + payloads[i], &result); + if (rc) + break; + print_result(cargs, payloads[i], + config, &result); } }
- if (session != ODP_CRYPTO_SESSION_INVALID) - odp_crypto_session_destroy(session); + odp_crypto_session_destroy(session); + return rc; }
commit 2e59669a8746a54f04b9036ec8c2758f1a4c18c8 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:32 2017 +0300
linux-generic: crypto: NULL session->next pointer on session allocation
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index ea7c7026..32fece30 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -88,8 +88,10 @@ odp_crypto_generic_session_t *alloc_session(void)
odp_spinlock_lock(&global->lock); session = global->free; - if (session) + if (session) { global->free = session->next; + session->next = NULL; + } odp_spinlock_unlock(&global->lock);
return session;
commit e6396aa4d737fdce41c22628f9f77bb5a4ef3d3e Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:31 2017 +0300
linux-generic: crypto: make en/decryption work across packet segments
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 7ea90fb9..ea7c7026 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -190,14 +190,122 @@ odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param, }
static +int internal_encrypt(EVP_CIPHER_CTX *ctx, odp_crypto_op_param_t *param) +{ + odp_packet_t pkt = param->out_pkt; + unsigned in_pos = param->cipher_range.offset; + unsigned out_pos = param->cipher_range.offset; + unsigned in_len = param->cipher_range.length; + uint8_t block[2 * EVP_MAX_BLOCK_LENGTH]; + unsigned block_len = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ctx)); + int cipher_len; + int ret; + + while (in_len > 0) { + uint32_t seglen = 0; /* GCC */ + uint8_t *insegaddr = odp_packet_offset(pkt, in_pos, + &seglen, NULL); + unsigned inseglen = in_len < seglen ? in_len : seglen; + + /* There should be at least 1 additional block in out buffer */ + if (inseglen > block_len) { + unsigned part = inseglen - block_len; + + EVP_EncryptUpdate(ctx, insegaddr, &cipher_len, + insegaddr, part); + in_pos += part; + in_len -= part; + insegaddr += part; + inseglen -= part; + + out_pos += cipher_len; + } + + /* Use temporal storage */ + if (inseglen > 0) { + unsigned part = inseglen; + + EVP_EncryptUpdate(ctx, block, &cipher_len, + insegaddr, part); + in_pos += part; + in_len -= part; + insegaddr += part; + inseglen -= part; + + odp_packet_copy_from_mem(pkt, out_pos, + cipher_len, block); + out_pos += cipher_len; + } + } + + ret = EVP_EncryptFinal_ex(ctx, block, &cipher_len); + odp_packet_copy_from_mem(pkt, out_pos, cipher_len, block); + + return ret; +} + +static +int internal_decrypt(EVP_CIPHER_CTX *ctx, odp_crypto_op_param_t *param) +{ + odp_packet_t pkt = param->out_pkt; + unsigned in_pos = param->cipher_range.offset; + unsigned out_pos = param->cipher_range.offset; + unsigned in_len = param->cipher_range.length; + uint8_t block[2 * EVP_MAX_BLOCK_LENGTH]; + unsigned block_len = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ctx)); + int cipher_len; + int ret; + + while (in_len > 0) { + uint32_t seglen = 0; /* GCC */ + uint8_t *insegaddr = odp_packet_offset(pkt, in_pos, + &seglen, NULL); + unsigned inseglen = in_len < seglen ? in_len : seglen; + + /* There should be at least 1 additional block in out buffer */ + if (inseglen > block_len) { + unsigned part = inseglen - block_len; + + EVP_DecryptUpdate(ctx, insegaddr, &cipher_len, + insegaddr, part); + in_pos += part; + in_len -= part; + insegaddr += part; + inseglen -= part; + + out_pos += cipher_len; + } + + /* Use temporal storage */ + if (inseglen > 0) { + unsigned part = inseglen; + + EVP_DecryptUpdate(ctx, block, &cipher_len, + insegaddr, part); + in_pos += part; + in_len -= part; + insegaddr += part; + inseglen -= part; + + odp_packet_copy_from_mem(pkt, out_pos, + cipher_len, block); + out_pos += cipher_len; + } + } + + ret = EVP_DecryptFinal_ex(ctx, block, &cipher_len); + odp_packet_copy_from_mem(pkt, out_pos, cipher_len, block); + + return ret; +} + +static odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t plain_len = param->cipher_range.length; void *iv_ptr; - int cipher_len = 0; + int ret;
if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -206,9 +314,6 @@ odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - /* Encrypt it */ ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, @@ -216,13 +321,12 @@ odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param, EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0);
- EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); - - EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); + ret = internal_encrypt(ctx, param);
EVP_CIPHER_CTX_free(ctx);
- return ODP_CRYPTO_ALG_ERR_NONE; + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE : + ODP_CRYPTO_ALG_ERR_NONE; }
static @@ -230,10 +334,8 @@ odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t cipher_len = param->cipher_range.length; - int plain_len = 0; void *iv_ptr; + int ret;
if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -242,9 +344,6 @@ odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - /* Decrypt it */ ctx = EVP_CIPHER_CTX_new(); EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, @@ -252,13 +351,12 @@ odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param, EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0);
- EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); - - EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); + ret = internal_decrypt(ctx, param);
EVP_CIPHER_CTX_free(ctx);
- return ODP_CRYPTO_ALG_ERR_NONE; + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE : + ODP_CRYPTO_ALG_ERR_NONE; }
static int process_cipher_param(odp_crypto_generic_session_t *session, @@ -293,13 +391,12 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t plain_len = param->cipher_range.length; const uint8_t *aad_head = param->aad.ptr; uint32_t aad_len = param->aad.length; void *iv_ptr; - int cipher_len = 0; - uint8_t *tag = data + param->hash_result_offset; + int dummy_len = 0; + uint8_t block[EVP_MAX_MD_SIZE]; + int ret;
if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -308,9 +405,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - /* Encrypt it */ ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, @@ -322,18 +416,20 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
/* Authenticate header data (if any) without encrypting them */ if (aad_len > 0) - EVP_EncryptUpdate(ctx, NULL, &cipher_len, + EVP_EncryptUpdate(ctx, NULL, &dummy_len, aad_head, aad_len);
- EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); + ret = internal_encrypt(ctx, param);
- EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, - session->p.auth_digest_len, tag); + session->p.auth_digest_len, block); + odp_packet_copy_from_mem(param->out_pkt, param->hash_result_offset, + session->p.auth_digest_len, block);
EVP_CIPHER_CTX_free(ctx);
- return ODP_CRYPTO_ALG_ERR_NONE; + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_DATA_SIZE : + ODP_CRYPTO_ALG_ERR_NONE; }
static @@ -341,13 +437,12 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t cipher_len = param->cipher_range.length; const uint8_t *aad_head = param->aad.ptr; uint32_t aad_len = param->aad.length; - int plain_len = 0; + int dummy_len = 0; void *iv_ptr; - uint8_t *tag = data + param->hash_result_offset; + uint8_t block[EVP_MAX_MD_SIZE]; + int ret;
if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -356,9 +451,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - /* Decrypt it */ ctx = EVP_CIPHER_CTX_new(); EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, @@ -368,22 +460,22 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0);
+ odp_packet_copy_to_mem(param->out_pkt, param->hash_result_offset, + session->p.auth_digest_len, block); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, - session->p.auth_digest_len, tag); + session->p.auth_digest_len, block);
/* Authenticate header data (if any) without encrypting them */ if (aad_len > 0) - EVP_DecryptUpdate(ctx, NULL, &plain_len, + EVP_DecryptUpdate(ctx, NULL, &dummy_len, aad_head, aad_len);
- EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); - - if (EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len) <= 0) - return ODP_CRYPTO_ALG_ERR_ICV_CHECK; + ret = internal_decrypt(ctx, param);
EVP_CIPHER_CTX_free(ctx);
- return ODP_CRYPTO_ALG_ERR_NONE; + return ret <= 0 ? ODP_CRYPTO_ALG_ERR_ICV_CHECK : + ODP_CRYPTO_ALG_ERR_NONE; }
static int process_aes_gcm_param(odp_crypto_generic_session_t *session,
commit 95696c71a245dc045953a7d75dfc209ac1692ffe Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:30 2017 +0300
linux-generic: crypto: make HMAC work across segmented packets
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 2ba077f9..7ea90fb9 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -112,29 +112,53 @@ null_crypto_routine(odp_crypto_op_param_t *param ODP_UNUSED, }
static +void packet_hmac(odp_crypto_op_param_t *param, + odp_crypto_generic_session_t *session, + uint8_t *hash) +{ + odp_packet_t pkt = param->out_pkt; + uint32_t offset = param->auth_range.offset; + uint32_t len = param->auth_range.length; + HMAC_CTX ctx; + + ODP_ASSERT(offset + len <= odp_packet_len(pkt)); + + /* Hash it */ + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, + session->auth.key, + session->auth.key_length, + session->auth.evp_md, + NULL); + + while (len > 0) { + uint32_t seglen = 0; /* GCC */ + void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL); + uint32_t maclen = len > seglen ? seglen : len; + + HMAC_Update(&ctx, mapaddr, maclen); + offset += maclen; + len -= maclen; + } + + HMAC_Final(&ctx, hash, NULL); + HMAC_CTX_cleanup(&ctx); +} + +static odp_crypto_alg_err_t auth_gen(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { - uint8_t *data = odp_packet_data(param->out_pkt); - uint8_t *icv = data; - uint32_t len = param->auth_range.length; uint8_t hash[EVP_MAX_MD_SIZE];
- /* Adjust pointer for beginning of area to auth */ - data += param->auth_range.offset; - icv += param->hash_result_offset; - /* Hash it */ - HMAC(session->auth.evp_md, - session->auth.key, - session->auth.key_length, - data, - len, - hash, - NULL); + packet_hmac(param, session, hash);
/* Copy to the output location */ - memcpy(icv, hash, session->auth.bytes); + odp_packet_copy_from_mem(param->out_pkt, + param->hash_result_offset, + session->auth.bytes, + hash);
return ODP_CRYPTO_ALG_ERR_NONE; } @@ -143,31 +167,19 @@ static odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { - uint8_t *data = odp_packet_data(param->out_pkt); - uint8_t *icv = data; - uint32_t len = param->auth_range.length; uint32_t bytes = session->auth.bytes; uint8_t hash_in[EVP_MAX_MD_SIZE]; uint8_t hash_out[EVP_MAX_MD_SIZE];
- /* Adjust pointer for beginning of area to auth */ - data += param->auth_range.offset; - icv += param->hash_result_offset; - /* Copy current value out and clear it before authentication */ - memset(hash_in, 0, sizeof(hash_in)); - memcpy(hash_in, icv, bytes); - memset(icv, 0, bytes); - memset(hash_out, 0, sizeof(hash_out)); + odp_packet_copy_to_mem(param->out_pkt, param->hash_result_offset, + bytes, hash_in); + + _odp_packet_set_data(param->out_pkt, param->hash_result_offset, + 0, bytes);
/* Hash it */ - HMAC(session->auth.evp_md, - session->auth.key, - session->auth.key_length, - data, - len, - hash_out, - NULL); + packet_hmac(param, session, hash_out);
/* Verify match */ if (0 != memcmp(hash_in, hash_out, bytes))
commit 7f13493f5b8c41c8a83c65ecc6bb5763b84d4225 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:29 2017 +0300
linux-generic: crypto: merge AES-CBC and 3DES-CBC support
There is now nearly no difference between AES-CBC and 3DES-CBC code. Merge it into generic 'cipher' support, easing adding support for other ciphers in future.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index f4f1948f..c3b70b23 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -40,18 +40,9 @@ struct odp_crypto_generic_session { struct { /* Copy of session IV data */ uint8_t iv_data[MAX_IV_LEN]; + uint8_t key_data[EVP_MAX_KEY_LENGTH];
- union { - struct { - uint8_t key[EVP_MAX_KEY_LENGTH]; - } des; - struct { - uint8_t key[EVP_MAX_KEY_LENGTH]; - } aes; - struct { - uint8_t key[EVP_MAX_KEY_LENGTH]; - } aes_gcm; - } data; + const EVP_CIPHER *evp_cipher; crypto_func_t func; } cipher;
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index bff712d1..2ba077f9 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -178,8 +178,8 @@ odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param, }
static -odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) +odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param, + odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); @@ -199,8 +199,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
/* Encrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, - session->cipher.data.aes.key, NULL); + EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -214,8 +214,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, }
static -odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) +odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param, + odp_crypto_generic_session_t *session) { EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); @@ -235,8 +235,8 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
/* Decrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, - session->cipher.data.aes.key, NULL); + EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -249,20 +249,29 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, return ODP_CRYPTO_ALG_ERR_NONE; }
-static int process_aes_param(odp_crypto_generic_session_t *session) +static int process_cipher_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) { - /* Verify IV len is either 0 or 16 */ - if (!((0 == session->p.iv.length) || (16 == session->p.iv.length))) + /* Verify Key len is valid */ + if ((uint32_t)EVP_CIPHER_key_length(cipher) != + session->p.cipher_key.length) return -1;
- memcpy(session->cipher.data.aes.key, session->p.cipher_key.data, + /* Verify IV len is correct */ + if (!((0 == session->p.iv.length) || + ((uint32_t)EVP_CIPHER_iv_length(cipher) == session->p.iv.length))) + return -1; + + session->cipher.evp_cipher = cipher; + + memcpy(session->cipher.key_data, session->p.cipher_key.data, session->p.cipher_key.length);
/* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) - session->cipher.func = aes_encrypt; + session->cipher.func = cipher_encrypt; else - session->cipher.func = aes_decrypt; + session->cipher.func = cipher_decrypt;
return 0; } @@ -292,8 +301,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
/* Encrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, - session->cipher.data.aes_gcm.key, NULL); + EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, session->p.iv.length, NULL); EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); @@ -340,8 +349,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
/* Decrypt it */ ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, - session->cipher.data.aes_gcm.key, NULL); + EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL, + session->cipher.key_data, NULL); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, session->p.iv.length, NULL); EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); @@ -365,15 +374,19 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, return ODP_CRYPTO_ALG_ERR_NONE; }
-static int process_aes_gcm_param(odp_crypto_generic_session_t *session) +static int process_aes_gcm_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) { - /* Verify Key len is 16 */ - if (session->p.cipher_key.length != 16) + /* Verify Key len is valid */ + if ((uint32_t)EVP_CIPHER_key_length(cipher) != + session->p.cipher_key.length) return -1;
- memcpy(session->cipher.data.aes_gcm.key, session->p.cipher_key.data, + memcpy(session->cipher.key_data, session->p.cipher_key.data, session->p.cipher_key.length);
+ session->cipher.evp_cipher = cipher; + /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = aes_gcm_encrypt; @@ -383,96 +396,6 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session) return 0; }
-static -odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) -{ - EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t plain_len = param->cipher_range.length; - void *iv_ptr; - int cipher_len = 0; - - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; - else - return ODP_CRYPTO_ALG_ERR_IV_INVALID; - - /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - - /* Encrypt it */ - ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, - session->cipher.data.des.key, NULL); - EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); - EVP_CIPHER_CTX_set_padding(ctx, 0); - - EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); - - EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); - - EVP_CIPHER_CTX_cleanup(ctx); - - return ODP_CRYPTO_ALG_ERR_NONE; -} - -static -odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) -{ - EVP_CIPHER_CTX *ctx; - uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t cipher_len = param->cipher_range.length; - int plain_len = 0; - void *iv_ptr; - - if (param->override_iv_ptr) - iv_ptr = param->override_iv_ptr; - else if (session->p.iv.data) - iv_ptr = session->cipher.iv_data; - else - return ODP_CRYPTO_ALG_ERR_IV_INVALID; - - /* Adjust pointer for beginning of area to cipher/auth */ - data += param->cipher_range.offset; - - /* Decrypt it */ - ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, - session->cipher.data.des.key, NULL); - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); - EVP_CIPHER_CTX_set_padding(ctx, 0); - - EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); - - EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); - - EVP_CIPHER_CTX_cleanup(ctx); - - return ODP_CRYPTO_ALG_ERR_NONE; -} - -static int process_des_param(odp_crypto_generic_session_t *session) -{ - /* Verify IV len is either 0 or 8 */ - if (!((0 == session->p.iv.length) || (8 == session->p.iv.length))) - return -1; - - memcpy(session->cipher.data.des.key, session->p.cipher_key.data, - session->p.cipher_key.length); - - /* Set function */ - if (ODP_CRYPTO_OP_ENCODE == session->p.op) - session->cipher.func = des_encrypt; - else - session->cipher.func = des_decrypt; - - return 0; -} - static int process_auth_param(odp_crypto_generic_session_t *session, uint32_t key_length, const EVP_MD *evp_md) @@ -656,13 +579,13 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, break; case ODP_CIPHER_ALG_DES: case ODP_CIPHER_ALG_3DES_CBC: - rc = process_des_param(session); + rc = process_cipher_param(session, EVP_des_ede3_cbc()); break; case ODP_CIPHER_ALG_AES_CBC: #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: #endif - rc = process_aes_param(session); + rc = process_cipher_param(session, EVP_aes_128_cbc()); break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: @@ -674,7 +597,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* AES-GCM requires to do both auth and * cipher at the same time */ if (param->auth_alg == ODP_AUTH_ALG_AES_GCM || aes_gcm) - rc = process_aes_gcm_param(session); + rc = process_aes_gcm_param(session, EVP_aes_128_gcm()); else rc = -1; break;
commit af566ae11d48162d21c1e2648fa0b32d189067f8 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:28 2017 +0300
linux-generic: crypto: rewrite 3DES-CBC support using EVP functions
Rewrite 3DES-CBC to use generic EVP interface following AES-GCM implementation.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index d6fd0400..f4f1948f 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -11,7 +11,6 @@ extern "C" { #endif
-#include <openssl/des.h> #include <openssl/evp.h>
#define MAX_IV_LEN 64 @@ -44,9 +43,7 @@ struct odp_crypto_generic_session {
union { struct { - DES_key_schedule ks1; - DES_key_schedule ks2; - DES_key_schedule ks3; + uint8_t key[EVP_MAX_KEY_LENGTH]; } des; struct { uint8_t key[EVP_MAX_KEY_LENGTH]; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index f503bd98..bff712d1 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -387,10 +387,11 @@ static odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - DES_cblock iv; + uint32_t plain_len = param->cipher_range.length; void *iv_ptr; + int cipher_len = 0;
if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -399,24 +400,21 @@ odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv, iv_ptr, sizeof(iv)); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; + /* Encrypt it */ - DES_ede3_cbc_encrypt(data, - data, - len, - &session->cipher.data.des.ks1, - &session->cipher.data.des.ks2, - &session->cipher.data.des.ks3, - &iv, - 1); + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, + session->cipher.data.des.key, NULL); + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); + + EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); + + EVP_CIPHER_CTX_cleanup(ctx);
return ODP_CRYPTO_ALG_ERR_NONE; } @@ -425,9 +423,10 @@ static odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - DES_cblock iv; + uint32_t cipher_len = param->cipher_range.length; + int plain_len = 0; void *iv_ptr;
if (param->override_iv_ptr) @@ -437,25 +436,21 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv, iv_ptr, sizeof(iv)); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset;
/* Decrypt it */ - DES_ede3_cbc_encrypt(data, - data, - len, - &session->cipher.data.des.ks1, - &session->cipher.data.des.ks2, - &session->cipher.data.des.ks3, - &iv, - 0); + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, + session->cipher.data.des.key, NULL); + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); + + EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); + + EVP_CIPHER_CTX_cleanup(ctx);
return ODP_CRYPTO_ALG_ERR_NONE; } @@ -466,20 +461,15 @@ static int process_des_param(odp_crypto_generic_session_t *session) if (!((0 == session->p.iv.length) || (8 == session->p.iv.length))) return -1;
+ memcpy(session->cipher.data.des.key, session->p.cipher_key.data, + session->p.cipher_key.length); + /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = des_encrypt; else session->cipher.func = des_decrypt;
- /* Convert keys */ - DES_set_key((DES_cblock *)&session->p.cipher_key.data[0], - &session->cipher.data.des.ks1); - DES_set_key((DES_cblock *)&session->p.cipher_key.data[8], - &session->cipher.data.des.ks2); - DES_set_key((DES_cblock *)&session->p.cipher_key.data[16], - &session->cipher.data.des.ks3); - return 0; }
commit df537d430d94f85de8d6e1d0643e4c65387cf392 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:27 2017 +0300
linux-generic: crypto: rewrite AES-CBC support using EVP functions
Rewrite AES-CBC to use generic EVP interface following AES-GCM implementation.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index d1020dba..d6fd0400 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -12,7 +12,6 @@ extern "C" { #endif
#include <openssl/des.h> -#include <openssl/aes.h> #include <openssl/evp.h>
#define MAX_IV_LEN 64 @@ -50,7 +49,7 @@ struct odp_crypto_generic_session { DES_key_schedule ks3; } des; struct { - AES_KEY key; + uint8_t key[EVP_MAX_KEY_LENGTH]; } aes; struct { uint8_t key[EVP_MAX_KEY_LENGTH]; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index ff3f1ac7..f503bd98 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -181,10 +181,11 @@ static odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - unsigned char iv_enc[AES_BLOCK_SIZE]; + uint32_t plain_len = param->cipher_range.length; void *iv_ptr; + int cipher_len = 0;
if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -193,18 +194,21 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; + /* Encrypt it */ - AES_cbc_encrypt(data, data, len, &session->cipher.data.aes.key, - iv_enc, AES_ENCRYPT); + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + session->cipher.data.aes.key, NULL); + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); + + EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); + + EVP_CIPHER_CTX_free(ctx);
return ODP_CRYPTO_ALG_ERR_NONE; } @@ -213,9 +217,10 @@ static odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - unsigned char iv_enc[AES_BLOCK_SIZE]; + uint32_t cipher_len = param->cipher_range.length; + int plain_len = 0; void *iv_ptr;
if (param->override_iv_ptr) @@ -225,18 +230,21 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; - /* Encrypt it */ - AES_cbc_encrypt(data, data, len, &session->cipher.data.aes.key, - iv_enc, AES_DECRYPT); + + /* Decrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, + session->cipher.data.aes.key, NULL); + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); + + EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); + + EVP_CIPHER_CTX_free(ctx);
return ODP_CRYPTO_ALG_ERR_NONE; } @@ -247,16 +255,14 @@ static int process_aes_param(odp_crypto_generic_session_t *session) if (!((0 == session->p.iv.length) || (16 == session->p.iv.length))) return -1;
+ memcpy(session->cipher.data.aes.key, session->p.cipher_key.data, + session->p.cipher_key.length); + /* Set function */ - if (ODP_CRYPTO_OP_ENCODE == session->p.op) { + if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = aes_encrypt; - AES_set_encrypt_key(session->p.cipher_key.data, 128, - &session->cipher.data.aes.key); - } else { + else session->cipher.func = aes_decrypt; - AES_set_decrypt_key(session->p.cipher_key.data, 128, - &session->cipher.data.aes.key); - }
return 0; }
commit 2d25eca61e25d099017ec2924278dcea6c4b821f Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:26 2017 +0300
linux-generic: crypto: explicitly disable padding for AES-GCM
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 3deec7de..ff3f1ac7 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -291,6 +291,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, session->p.iv.length, NULL); EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0);
/* Authenticate header data (if any) without encrypting them */ if (aad_len > 0) @@ -338,6 +339,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, session->p.iv.length, NULL); EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, session->p.auth_digest_len, tag);
commit 71cfbe6fe938f7351b0c7637f290ae823132c207 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:25 2017 +0300
linux-generic: crypto: make AES-GCM thread safe
Using single context for all operations is not thread safe: multiple threads can access the same context in parallel, affecting its internal state. Make AES-GCM functions use local context for en/decryption operations.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index 515cefaa..d1020dba 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -53,7 +53,7 @@ struct odp_crypto_generic_session { AES_KEY key; } aes; struct { - EVP_CIPHER_CTX *ctx; + uint8_t key[EVP_MAX_KEY_LENGTH]; } aes_gcm; } data; crypto_func_t func; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 3f298485..3deec7de 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -265,11 +265,13 @@ static odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); uint32_t plain_len = param->cipher_range.length; const uint8_t *aad_head = param->aad.ptr; uint32_t aad_len = param->aad.length; void *iv_ptr; + int cipher_len = 0; uint8_t *tag = data + param->hash_result_offset;
if (param->override_iv_ptr) @@ -280,12 +282,14 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, return ODP_CRYPTO_ALG_ERR_IV_INVALID;
/* Adjust pointer for beginning of area to cipher/auth */ - uint8_t *plaindata = data + param->cipher_range.offset; + data += param->cipher_range.offset;
/* Encrypt it */ - EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx; - int cipher_len = 0; - + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, + session->cipher.data.aes_gcm.key, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, + session->p.iv.length, NULL); EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
/* Authenticate header data (if any) without encrypting them */ @@ -293,13 +297,14 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, EVP_EncryptUpdate(ctx, NULL, &cipher_len, aad_head, aad_len);
- EVP_EncryptUpdate(ctx, plaindata, &cipher_len, - plaindata, plain_len); + EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
- EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len); + EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, session->p.auth_digest_len, tag);
+ EVP_CIPHER_CTX_free(ctx); + return ODP_CRYPTO_ALG_ERR_NONE; }
@@ -307,10 +312,12 @@ static odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); uint32_t cipher_len = param->cipher_range.length; const uint8_t *aad_head = param->aad.ptr; uint32_t aad_len = param->aad.length; + int plain_len = 0; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset;
@@ -322,11 +329,14 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, return ODP_CRYPTO_ALG_ERR_IV_INVALID;
/* Adjust pointer for beginning of area to cipher/auth */ - uint8_t *cipherdata = data + param->cipher_range.offset; - /* Encrypt it */ - EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx; - int plain_len = 0; + data += param->cipher_range.offset;
+ /* Decrypt it */ + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, + session->cipher.data.aes_gcm.key, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, + session->p.iv.length, NULL); EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, @@ -337,12 +347,13 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, EVP_DecryptUpdate(ctx, NULL, &plain_len, aad_head, aad_len);
- EVP_DecryptUpdate(ctx, cipherdata, &plain_len, - cipherdata, cipher_len); + EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len);
- if (EVP_DecryptFinal_ex(ctx, cipherdata + plain_len, &plain_len) <= 0) + if (EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len) <= 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
+ EVP_CIPHER_CTX_free(ctx); + return ODP_CRYPTO_ALG_ERR_NONE; }
@@ -352,27 +363,14 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session) if (session->p.cipher_key.length != 16) return -1;
- /* Set function */ - EVP_CIPHER_CTX *ctx = - session->cipher.data.aes_gcm.ctx = EVP_CIPHER_CTX_new(); + memcpy(session->cipher.data.aes_gcm.key, session->p.cipher_key.data, + session->p.cipher_key.length);
- if (ODP_CRYPTO_OP_ENCODE == session->p.op) { + /* Set function */ + if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = aes_gcm_encrypt; - EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL); - } else { + else session->cipher.func = aes_gcm_decrypt; - EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL); - } - - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, - session->p.iv.length, NULL); - if (ODP_CRYPTO_OP_ENCODE == session->p.op) { - EVP_EncryptInit_ex(ctx, NULL, NULL, - session->p.cipher_key.data, NULL); - } else { - EVP_DecryptInit_ex(ctx, NULL, NULL, - session->p.cipher_key.data, NULL); - }
return 0; } @@ -635,17 +633,16 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, /* Copy parameters */ session->p = *param;
- /* Copy IV data */ - if (session->p.iv.data) { - if (session->p.iv.length > MAX_IV_LEN) { - ODP_DBG("Maximum IV length exceeded\n"); - free_session(session); - return -1; - } + if (session->p.iv.length > MAX_IV_LEN) { + ODP_DBG("Maximum IV length exceeded\n"); + free_session(session); + return -1; + }
+ /* Copy IV data */ + if (session->p.iv.data) memcpy(session->cipher.iv_data, session->p.iv.data, session->p.iv.length); - }
/* Derive order */ if (ODP_CRYPTO_OP_ENCODE == param->op) @@ -757,15 +754,8 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, int odp_crypto_session_destroy(odp_crypto_session_t session) { odp_crypto_generic_session_t *generic; - int aes_gcm = 0;
generic = (odp_crypto_generic_session_t *)(intptr_t)session; -#if ODP_DEPRECATED_API - if (generic->p.cipher_alg == ODP_CIPHER_ALG_AES128_GCM) - aes_gcm = 1; -#endif - if (generic->p.cipher_alg == ODP_CIPHER_ALG_AES_GCM || aes_gcm) - EVP_CIPHER_CTX_free(generic->cipher.data.aes_gcm.ctx); memset(generic, 0, sizeof(*generic)); free_session(generic); return 0;
commit 30bf39b9afb2ee5703bac4227effc5808bb337d7 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:24 2017 +0300
linux-generic: crypto: remote extra memcpy in AES-GCM
There is no need to memcpy IV if it gets passed to EVP functions.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 352cfa53..3f298485 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -269,7 +269,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, uint32_t plain_len = param->cipher_range.length; const uint8_t *aad_head = param->aad.ptr; uint32_t aad_len = param->aad.length; - unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset;
@@ -280,13 +279,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE); - /* Adjust pointer for beginning of area to cipher/auth */ uint8_t *plaindata = data + param->cipher_range.offset;
@@ -294,7 +286,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx; int cipher_len = 0;
- EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
/* Authenticate header data (if any) without encrypting them */ if (aad_len > 0) @@ -319,7 +311,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, uint32_t cipher_len = param->cipher_range.length; const uint8_t *aad_head = param->aad.ptr; uint32_t aad_len = param->aad.length; - unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset;
@@ -330,20 +321,13 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE); - /* Adjust pointer for beginning of area to cipher/auth */ uint8_t *cipherdata = data + param->cipher_range.offset; /* Encrypt it */ EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx; int plain_len = 0;
- EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, session->p.auth_digest_len, tag);
commit aeb33071432c5d4d3c83f4556199fabdbc540164 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:23 2017 +0300
linux-generic: crypto: update AES-GCM support to reflect aad and auth_digest_len
Make AES-GCM use recently introduced aad and auth_digest_len fields.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 91ef05ae..352cfa53 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -267,10 +267,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, { uint8_t *data = odp_packet_data(param->out_pkt); uint32_t plain_len = param->cipher_range.length; - uint8_t *aad_head = data + param->auth_range.offset; - uint8_t *aad_tail = data + param->cipher_range.offset + - param->cipher_range.length; - uint32_t auth_len = param->auth_range.length; + const uint8_t *aad_head = param->aad.ptr; + uint32_t aad_len = param->aad.length; unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; @@ -282,12 +280,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* All cipher data must be part of the authentication */ - if (param->auth_range.offset > param->cipher_range.offset || - param->auth_range.offset + auth_len < - param->cipher_range.offset + plain_len) - return ODP_CRYPTO_ALG_ERR_DATA_SIZE; - /* * Create a copy of the IV. The DES library modifies IV * and if we are processing packets on parallel threads @@ -305,23 +297,16 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param, EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
/* Authenticate header data (if any) without encrypting them */ - if (aad_head < plaindata) { + if (aad_len > 0) EVP_EncryptUpdate(ctx, NULL, &cipher_len, - aad_head, plaindata - aad_head); - } + aad_head, aad_len);
EVP_EncryptUpdate(ctx, plaindata, &cipher_len, plaindata, plain_len); - cipher_len = plain_len; - - /* Authenticate footer data (if any) without encrypting them */ - if (aad_head + auth_len > plaindata + plain_len) { - EVP_EncryptUpdate(ctx, NULL, NULL, aad_tail, - auth_len - (aad_tail - aad_head)); - }
EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, + session->p.auth_digest_len, tag);
return ODP_CRYPTO_ALG_ERR_NONE; } @@ -332,10 +317,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, { uint8_t *data = odp_packet_data(param->out_pkt); uint32_t cipher_len = param->cipher_range.length; - uint8_t *aad_head = data + param->auth_range.offset; - uint8_t *aad_tail = data + param->cipher_range.offset + - param->cipher_range.length; - uint32_t auth_len = param->auth_range.length; + const uint8_t *aad_head = param->aad.ptr; + uint32_t aad_len = param->aad.length; unsigned char iv_enc[AES_BLOCK_SIZE]; void *iv_ptr; uint8_t *tag = data + param->hash_result_offset; @@ -347,12 +330,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID;
- /* All cipher data must be part of the authentication */ - if (param->auth_range.offset > param->cipher_range.offset || - param->auth_range.offset + auth_len < - param->cipher_range.offset + cipher_len) - return ODP_CRYPTO_ALG_ERR_DATA_SIZE; - /* * Create a copy of the IV. The DES library modifies IV * and if we are processing packets on parallel threads @@ -368,25 +345,18 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, + session->p.auth_digest_len, tag);
/* Authenticate header data (if any) without encrypting them */ - if (aad_head < cipherdata) { + if (aad_len > 0) EVP_DecryptUpdate(ctx, NULL, &plain_len, - aad_head, cipherdata - aad_head); - } + aad_head, aad_len);
EVP_DecryptUpdate(ctx, cipherdata, &plain_len, cipherdata, cipher_len); - plain_len = cipher_len; - - /* Authenticate footer data (if any) without encrypting them */ - if (aad_head + auth_len > cipherdata + cipher_len) { - EVP_DecryptUpdate(ctx, NULL, NULL, aad_tail, - auth_len - (aad_tail - aad_head)); - }
- if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) <= 0) + if (EVP_DecryptFinal_ex(ctx, cipherdata + plain_len, &plain_len) <= 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK;
return ODP_CRYPTO_ALG_ERR_NONE; @@ -770,6 +740,8 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, case ODP_AUTH_ALG_AES128_GCM: if (param->cipher_alg == ODP_CIPHER_ALG_AES128_GCM) aes_gcm = 1; + /* Fixed digest tag length with deprecated algo */ + session->p.auth_digest_len = 16; /* Fallthrough */ #endif case ODP_AUTH_ALG_AES_GCM:
commit f0968cf3a4281cd45f7c490e1cfc84f93d2a37b6 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:22 2017 +0300
linux-generic: crypto: add SHA* capabilities for full length digests
In addition to truncated digests (used by IPsec) add full-length capabilities to SHA* algos.
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 472ee310..91ef05ae 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -52,10 +52,12 @@ static const odp_crypto_cipher_capability_t cipher_capa_aes_gcm[] = { * Keep sorted: first by digest length, then by key length */ static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = { -{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; +{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} }, +{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = { -{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } }; +{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} }, +{.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = { {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } };
commit 798182b6930bc70fb759516dd8a3964bcf1812a8 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:21 2017 +0300
linux-generic: crypto: use auth_digest_len when calculating HMACs
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index a993542f..472ee310 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -522,7 +522,6 @@ static int process_des_param(odp_crypto_generic_session_t *session) }
static int process_auth_param(odp_crypto_generic_session_t *session, - uint32_t bits, uint32_t key_length, const EVP_MD *evp_md) { @@ -535,7 +534,9 @@ static int process_auth_param(odp_crypto_generic_session_t *session, session->auth.evp_md = evp_md;
/* Number of valid bytes */ - session->auth.bytes = bits / 8; + session->auth.bytes = session->p.auth_digest_len; + if (session->auth.bytes < (unsigned)EVP_MD_size(evp_md) / 2) + return -1;
/* Convert keys */ session->auth.key_length = key_length; @@ -745,17 +746,23 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, session->auth.func = null_crypto_routine; rc = 0; break; - case ODP_AUTH_ALG_MD5_HMAC: #if ODP_DEPRECATED_API case ODP_AUTH_ALG_MD5_96: + /* Fixed digest tag length with deprecated algo */ + session->p.auth_digest_len = 96 / 8; + /* Fallthrough */ #endif - rc = process_auth_param(session, 96, 16, EVP_md5()); + case ODP_AUTH_ALG_MD5_HMAC: + rc = process_auth_param(session, 16, EVP_md5()); break; - case ODP_AUTH_ALG_SHA256_HMAC: #if ODP_DEPRECATED_API case ODP_AUTH_ALG_SHA256_128: + /* Fixed digest tag length with deprecated algo */ + session->p.auth_digest_len = 128 / 8; + /* Fallthrough */ #endif - rc = process_auth_param(session, 128, 32, EVP_sha256()); + case ODP_AUTH_ALG_SHA256_HMAC: + rc = process_auth_param(session, 32, EVP_sha256()); break; #if ODP_DEPRECATED_API case ODP_AUTH_ALG_AES128_GCM:
commit 0ee8b0ec8668734a43b57b3d76f37a1bdddf03fb Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:20 2017 +0300
example: ipsec: set auth_digest_len
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c index b2a91c24..dba0ea0a 100644 --- a/example/ipsec/odp_ipsec_cache.c +++ b/example/ipsec/odp_ipsec_cache.c @@ -100,6 +100,7 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, params.auth_alg = auth_sa->alg.u.auth; params.auth_key.data = auth_sa->key.data; params.auth_key.length = auth_sa->key.length; + params.auth_digest_len = auth_sa->icv_len; mode = auth_sa->mode; } else { params.auth_alg = ODP_AUTH_ALG_NULL;
commit 196521caf9adb8eea4e0b2c79d6aa2f3240c3944 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:19 2017 +0300
test: odp_crypto: update performance test to set auth_digest_length
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/performance/odp_crypto.c b/test/common_plat/performance/odp_crypto.c index b3857973..6a58294a 100644 --- a/test/common_plat/performance/odp_crypto.c +++ b/test/common_plat/performance/odp_crypto.c @@ -50,7 +50,6 @@ static uint8_t test_key24[24] = { 0x01, 0x02, 0x03, 0x04, 0x05, typedef struct { const char *name; /**< Algorithm name */ odp_crypto_session_param_t session; /**< Prefilled crypto session params */ - unsigned int hash_adjust; /**< Size of hash */ } crypto_alg_config_t;
/** @@ -209,9 +208,9 @@ static crypto_alg_config_t algs_config[] = { .auth_key = { .data = test_key16, .length = sizeof(test_key16) - } + }, + .auth_digest_len = 12, }, - .hash_adjust = 12 }, { .name = "null-hmac-md5-96", @@ -221,9 +220,9 @@ static crypto_alg_config_t algs_config[] = { .auth_key = { .data = test_key16, .length = sizeof(test_key16) - } + }, + .auth_digest_len = 12, }, - .hash_adjust = 12 }, };
@@ -578,7 +577,7 @@ run_measure_one(crypto_args_t *cargs, mem = odp_packet_data(params.out_pkt); print_mem("Immediately encrypted packet", mem, payload_length + - config->hash_adjust); + config->session.auth_digest_len); } if (!cargs->in_place) { if (cargs->reuse_packet) { @@ -611,7 +610,8 @@ run_measure_one(crypto_args_t *cargs, print_mem("Receieved encrypted packet", mem, payload_length + - config->hash_adjust); + config-> + session.auth_digest_len); } if (cargs->reuse_packet) { params.pkt = out_pkt;
commit 60b2c5a0bb2595f7ef5ca3bbc59097674a28ae1d Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:18 2017 +0300
validation: crypto: explicitly pass AAD to crypto subsystem
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index 3d09e374..c89d04f9 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -74,6 +74,8 @@ static void alg_test(odp_crypto_op_t op, odp_crypto_key_t auth_key, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, + uint8_t *aad, + uint32_t aad_len, const uint8_t *plaintext, unsigned int plaintext_len, const uint8_t *ciphertext, @@ -240,6 +242,9 @@ static void alg_test(odp_crypto_op_t op, if (op_iv_ptr) op_params.override_iv_ptr = op_iv_ptr;
+ op_params.aad.ptr = aad; + op_params.aad.length = aad_len; + op_params.hash_result_offset = plaintext_len; if (0 != digest_len) { memcpy(data_addr + op_params.hash_result_offset, @@ -472,6 +477,7 @@ void crypto_test_enc_alg_3des_cbc(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, tdes_cbc_reference_plaintext[i], tdes_cbc_reference_length[i], tdes_cbc_reference_ciphertext[i], @@ -508,6 +514,7 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, tdes_cbc_reference_plaintext[i], tdes_cbc_reference_length[i], tdes_cbc_reference_ciphertext[i], @@ -548,6 +555,7 @@ void crypto_test_dec_alg_3des_cbc(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, tdes_cbc_reference_ciphertext[i], tdes_cbc_reference_length[i], tdes_cbc_reference_plaintext[i], @@ -586,6 +594,7 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, tdes_cbc_reference_ciphertext[i], tdes_cbc_reference_length[i], tdes_cbc_reference_plaintext[i], @@ -634,7 +643,9 @@ void crypto_test_enc_alg_aes128_gcm(void) ODP_AUTH_ALG_AES_GCM, auth_key, &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], + &aes128_gcm_cipher_range[i], + aes128_gcm_reference_aad[i], + aes128_gcm_reference_aad_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i], @@ -679,7 +690,9 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void) ODP_AUTH_ALG_AES_GCM, auth_key, &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], + &aes128_gcm_cipher_range[i], + aes128_gcm_reference_aad[i], + aes128_gcm_reference_aad_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i], @@ -730,10 +743,11 @@ void crypto_test_dec_alg_aes128_gcm(void) ODP_AUTH_ALG_AES_GCM, auth_key, &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], + &aes128_gcm_cipher_range[i], + aes128_gcm_reference_aad[i], + aes128_gcm_reference_aad_length[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + - aes128_gcm_reference_tag_length[i], + aes128_gcm_reference_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i] + @@ -749,10 +763,11 @@ void crypto_test_dec_alg_aes128_gcm(void) ODP_AUTH_ALG_AES_GCM, auth_key, &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], + &aes128_gcm_cipher_range[i], + aes128_gcm_reference_aad[i], + aes128_gcm_reference_aad_length[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + - aes128_gcm_reference_tag_length[i], + aes128_gcm_reference_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], wrong_digest, @@ -798,10 +813,11 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) ODP_AUTH_ALG_AES_GCM, auth_key, &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], + &aes128_gcm_cipher_range[i], + aes128_gcm_reference_aad[i], + aes128_gcm_reference_aad_length[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + - aes128_gcm_reference_tag_length[i], + aes128_gcm_reference_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i] + @@ -817,10 +833,11 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) ODP_AUTH_ALG_AES_GCM, auth_key, &aes128_gcm_cipher_range[i], - &aes128_gcm_auth_range[i], + &aes128_gcm_cipher_range[i], + aes128_gcm_reference_aad[i], + aes128_gcm_reference_aad_length[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + - aes128_gcm_reference_tag_length[i], + aes128_gcm_reference_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], wrong_digest, @@ -865,6 +882,7 @@ void crypto_test_enc_alg_aes128_cbc(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, aes128_cbc_reference_plaintext[i], aes128_cbc_reference_length[i], aes128_cbc_reference_ciphertext[i], @@ -901,6 +919,7 @@ void crypto_test_enc_alg_aes128_cbc_ovr_iv(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, aes128_cbc_reference_plaintext[i], aes128_cbc_reference_length[i], aes128_cbc_reference_ciphertext[i], @@ -941,6 +960,7 @@ void crypto_test_dec_alg_aes128_cbc(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, aes128_cbc_reference_ciphertext[i], aes128_cbc_reference_length[i], aes128_cbc_reference_plaintext[i], @@ -979,6 +999,7 @@ void crypto_test_dec_alg_aes128_cbc_ovr_iv(void) ODP_AUTH_ALG_NULL, auth_key, NULL, NULL, + NULL, 0, aes128_cbc_reference_ciphertext[i], aes128_cbc_reference_length[i], aes128_cbc_reference_plaintext[i], @@ -1025,6 +1046,7 @@ void crypto_test_gen_alg_hmac_md5(void) ODP_AUTH_ALG_MD5_HMAC, auth_key, NULL, NULL, + NULL, 0, hmac_md5_reference_plaintext[i], hmac_md5_reference_length[i], NULL, 0, @@ -1063,6 +1085,7 @@ void crypto_test_check_alg_hmac_md5(void) ODP_AUTH_ALG_MD5_HMAC, auth_key, NULL, NULL, + NULL, 0, hmac_md5_reference_plaintext[i], hmac_md5_reference_length[i], NULL, 0, @@ -1078,6 +1101,7 @@ void crypto_test_check_alg_hmac_md5(void) ODP_AUTH_ALG_MD5_HMAC, auth_key, NULL, NULL, + NULL, 0, hmac_md5_reference_plaintext[i], hmac_md5_reference_length[i], NULL, 0, @@ -1127,6 +1151,7 @@ void crypto_test_gen_alg_hmac_sha256(void) ODP_AUTH_ALG_SHA256_HMAC, auth_key, NULL, NULL, + NULL, 0, hmac_sha256_reference_plaintext[i], hmac_sha256_reference_length[i], NULL, 0, @@ -1167,6 +1192,7 @@ void crypto_test_check_alg_hmac_sha256(void) ODP_AUTH_ALG_SHA256_HMAC, auth_key, NULL, NULL, + NULL, 0, hmac_sha256_reference_plaintext[i], hmac_sha256_reference_length[i], NULL, 0, @@ -1182,6 +1208,7 @@ void crypto_test_check_alg_hmac_sha256(void) ODP_AUTH_ALG_SHA256_HMAC, auth_key, NULL, NULL, + NULL, 0, hmac_sha256_reference_plaintext[i], hmac_sha256_reference_length[i], NULL, 0, diff --git a/test/common_plat/validation/api/crypto/test_vectors.h b/test/common_plat/validation/api/crypto/test_vectors.h index defbda45..0d36c249 100644 --- a/test/common_plat/validation/api/crypto/test_vectors.h +++ b/test/common_plat/validation/api/crypto/test_vectors.h @@ -137,31 +137,31 @@ static uint8_t aes128_gcm_reference_iv[][AES128_GCM_IV_LEN] = { 0xa2, 0xfc, 0xa1, 0xa3 } };
-static uint32_t aes128_gcm_reference_length[] = { 84, 72, 72, 40}; +static uint32_t aes128_gcm_reference_length[] = { 72, 64, 64, 28};
static uint32_t aes128_gcm_reference_tag_length[] = { 16, 16, 16, 16};
+static uint32_t aes128_gcm_reference_aad_length[] = { 12, 8, 8, 12}; + static odp_packet_data_range_t aes128_gcm_cipher_range[] = { - { .offset = 12, .length = 72 }, - { .offset = 8, .length = 64 }, - { .offset = 8, .length = 64 }, - { .offset = 12, .length = 28 }, + { .offset = 0, .length = 72 }, + { .offset = 0, .length = 64 }, + { .offset = 0, .length = 64 }, + { .offset = 0, .length = 28 }, };
-static odp_packet_data_range_t aes128_gcm_auth_range[] = { - { .offset = 0, .length = 84 }, - { .offset = 0, .length = 72 }, - { .offset = 0, .length = 72 }, - { .offset = 0, .length = 40 }, +static uint8_t aes128_gcm_reference_aad[][AES128_GCM_MAX_DATA_LEN] = { + { 0x00, 0x00, 0x43, 0x21, 0x87, 0x65, 0x43, 0x21, + 0x00, 0x00, 0x00, 0x00, }, + { 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x0a, }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, }, + { 0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, + 0x10, 0x10, 0x10, 0x10, }, };
static uint8_t aes128_gcm_reference_plaintext[][AES128_GCM_MAX_DATA_LEN] = { - { /* Aad */ - 0x00, 0x00, 0x43, 0x21, 0x87, 0x65, 0x43, 0x21, - 0x00, 0x00, 0x00, 0x00, - /* Plain */ - 0x45, 0x00, 0x00, 0x48, 0x69, 0x9a, 0x00, 0x00, + { 0x45, 0x00, 0x00, 0x48, 0x69, 0x9a, 0x00, 0x00, 0x80, 0x11, 0x4d, 0xb7, 0xc0, 0xa8, 0x01, 0x02, 0xc0, 0xa8, 0x01, 0x01, 0x0a, 0x9b, 0xf1, 0x56, 0x38, 0xd3, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, @@ -171,10 +171,7 @@ aes128_gcm_reference_plaintext[][AES128_GCM_MAX_DATA_LEN] = { 0x63, 0x69, 0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x21, 0x00, 0x01, 0x01, 0x02, 0x02, 0x01 },
- { /* Aad */ - 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x0a, - /* Plain */ - 0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00, + { 0x45, 0x00, 0x00, 0x3e, 0x69, 0x8f, 0x00, 0x00, 0x80, 0x11, 0x4d, 0xcc, 0xc0, 0xa8, 0x01, 0x02, 0xc0, 0xa8, 0x01, 0x01, 0x0a, 0x98, 0x00, 0x35, 0x00, 0x2a, 0x23, 0x43, 0xb2, 0xd0, 0x01, 0x00, @@ -183,10 +180,7 @@ aes128_gcm_reference_plaintext[][AES128_GCM_MAX_DATA_LEN] = { 0x65, 0x72, 0x63, 0x69, 0x74, 0x79, 0x02, 0x64, 0x6b, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01 },
- { /* Aad */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* Plain */ - 0x45, 0x00, 0x00, 0x3c, 0x99, 0xc5, 0x00, 0x00, + { 0x45, 0x00, 0x00, 0x3c, 0x99, 0xc5, 0x00, 0x00, 0x80, 0x01, 0xcb, 0x7a, 0x40, 0x67, 0x93, 0x18, 0x01, 0x01, 0x01, 0x01, 0x08, 0x00, 0x07, 0x5c, 0x02, 0x00, 0x44, 0x00, 0x61, 0x62, 0x63, 0x64, @@ -195,11 +189,7 @@ aes128_gcm_reference_plaintext[][AES128_GCM_MAX_DATA_LEN] = { 0x75, 0x76, 0x77, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x01, 0x02, 0x02, 0x01 },
- { /* Aad */ - 0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, - 0x10, 0x10, 0x10, 0x10, - /* Plain */ - 0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, + { 0x45, 0x00, 0x00, 0x1c, 0x42, 0xa2, 0x00, 0x00, 0x80, 0x01, 0x44, 0x1f, 0x40, 0x67, 0x93, 0xb6, 0xe0, 0x00, 0x00, 0x02, 0x0a, 0x00, 0xf5, 0xff, 0x01, 0x02, 0x02, 0x01 } @@ -207,10 +197,7 @@ aes128_gcm_reference_plaintext[][AES128_GCM_MAX_DATA_LEN] = {
static uint8_t aes128_gcm_reference_ciphertext[][AES128_GCM_MAX_DATA_LEN] = { - { /* Aad */ - 0x00, 0x00, 0x43, 0x21, 0x87, 0x65, 0x43, 0x21, - 0x00, 0x00, 0x00, 0x00, - /* Plain */ + { /* Plain */ 0xfe, 0xcf, 0x53, 0x7e, 0x72, 0x9d, 0x5b, 0x07, 0xdc, 0x30, 0xdf, 0x52, 0x8d, 0xd2, 0x2b, 0x76, 0x8d, 0x1b, 0x98, 0x73, 0x66, 0x96, 0xa6, 0xfd, @@ -224,9 +211,7 @@ aes128_gcm_reference_ciphertext[][AES128_GCM_MAX_DATA_LEN] = { 0x45, 0x90, 0x18, 0x14, 0x8f, 0x6c, 0xbe, 0x72, 0x2f, 0xd0, 0x47, 0x96, 0x56, 0x2d, 0xfd, 0xb4 },
- { /* Aad */ - 0x00, 0x00, 0xa5, 0xf8, 0x00, 0x00, 0x00, 0x0a, - /* Plain */ + { /* Plain */ 0xde, 0xb2, 0x2c, 0xd9, 0xb0, 0x7c, 0x72, 0xc1, 0x6e, 0x3a, 0x65, 0xbe, 0xeb, 0x8d, 0xf3, 0x04, 0xa5, 0xa5, 0x89, 0x7d, 0x33, 0xae, 0x53, 0x0f, @@ -238,9 +223,8 @@ aes128_gcm_reference_ciphertext[][AES128_GCM_MAX_DATA_LEN] = { /* Digest */ 0x83, 0xb7, 0x0d, 0x3a, 0xa8, 0xbc, 0x6e, 0xe4, 0xc3, 0x09, 0xe9, 0xd8, 0x5a, 0x41, 0xad, 0x4a }, - { /* Aad */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* Plain */ + + { /* Plain */ 0x46, 0x88, 0xda, 0xf2, 0xf9, 0x73, 0xa3, 0x92, 0x73, 0x29, 0x09, 0xc3, 0x31, 0xd5, 0x6d, 0x60, 0xf6, 0x94, 0xab, 0xaa, 0x41, 0x4b, 0x5e, 0x7f, @@ -253,10 +237,7 @@ aes128_gcm_reference_ciphertext[][AES128_GCM_MAX_DATA_LEN] = { 0xf8, 0x21, 0xd4, 0x96, 0xee, 0xb0, 0x96, 0xe9, 0x8a, 0xd2, 0xb6, 0x9e, 0x47, 0x99, 0xc7, 0x1d },
- { /* Aad */ - 0x42, 0xf6, 0x7e, 0x3f, 0x10, 0x10, 0x10, 0x10, - 0x10, 0x10, 0x10, 0x10, - /* Plain */ + { /* Plain */ 0xfb, 0xa2, 0xca, 0x84, 0x5e, 0x5d, 0xf9, 0xf0, 0xf2, 0x2c, 0x3e, 0x6e, 0x86, 0xdd, 0x83, 0x1e, 0x1f, 0xc6, 0x57, 0x92, 0xcd, 0x1a, 0xf9, 0x13,
commit 562059f5d7841f30eab228ac218a46d1c3110010 Author: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Date: Thu Jun 1 12:03:17 2017 +0300
validation: crypto: explicitly pass auth_digest_len to crypto subsystem
Signed-off-by: Dmitry Eremin-Solenikov dmitry.ereminsolenikov@linaro.org Reviewed-by: Petri Savolainen petri.savolainen@linaro.org Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c index bfc9da3c..3d09e374 100644 --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c @@ -201,6 +201,7 @@ static void alg_test(odp_crypto_op_t op, ses_params.cipher_key = cipher_key; ses_params.iv = ses_iv; ses_params.auth_key = auth_key; + ses_params.auth_digest_len = digest_len;
rc = odp_crypto_session_create(&ses_params, &session, &status); CU_ASSERT_FATAL(!rc); @@ -620,7 +621,8 @@ void crypto_test_enc_alg_aes128_gcm(void) cipher_key.length, iv.length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) + auth_key.length, + aes128_gcm_reference_tag_length[i])) continue;
alg_test(ODP_CRYPTO_OP_ENCODE, @@ -639,7 +641,7 @@ void crypto_test_enc_alg_aes128_gcm(void) aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i] + aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); + aes128_gcm_reference_tag_length[i]); } }
@@ -664,7 +666,8 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void) cipher_key.length, iv.length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) + auth_key.length, + aes128_gcm_reference_tag_length[i])) continue;
alg_test(ODP_CRYPTO_OP_ENCODE, @@ -683,7 +686,7 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void) aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i] + aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); + aes128_gcm_reference_tag_length[i]); } }
@@ -714,7 +717,8 @@ void crypto_test_dec_alg_aes128_gcm(void) cipher_key.length, iv.length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) + auth_key.length, + aes128_gcm_reference_tag_length[i])) continue;
alg_test(ODP_CRYPTO_OP_DECODE, @@ -728,12 +732,13 @@ void crypto_test_dec_alg_aes128_gcm(void) &aes128_gcm_cipher_range[i], &aes128_gcm_auth_range[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN, + aes128_gcm_reference_length[i] + + aes128_gcm_reference_tag_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i] + aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); + aes128_gcm_reference_tag_length[i]);
alg_test(ODP_CRYPTO_OP_DECODE, 1, @@ -746,11 +751,12 @@ void crypto_test_dec_alg_aes128_gcm(void) &aes128_gcm_cipher_range[i], &aes128_gcm_auth_range[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN, + aes128_gcm_reference_length[i] + + aes128_gcm_reference_tag_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], wrong_digest, - AES128_GCM_CHECK_LEN); + aes128_gcm_reference_tag_length[i]); } }
@@ -779,7 +785,8 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) cipher_key.length, iv.length)) continue; if (!check_auth_options(ODP_AUTH_ALG_AES_GCM, - auth_key.length, AES128_GCM_CHECK_LEN)) + auth_key.length, + aes128_gcm_reference_tag_length[i])) continue;
alg_test(ODP_CRYPTO_OP_DECODE, @@ -793,12 +800,13 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) &aes128_gcm_cipher_range[i], &aes128_gcm_auth_range[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN, + aes128_gcm_reference_length[i] + + aes128_gcm_reference_tag_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], aes128_gcm_reference_ciphertext[i] + aes128_gcm_reference_length[i], - AES128_GCM_CHECK_LEN); + aes128_gcm_reference_tag_length[i]);
alg_test(ODP_CRYPTO_OP_DECODE, 1, @@ -811,11 +819,12 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void) &aes128_gcm_cipher_range[i], &aes128_gcm_auth_range[i], aes128_gcm_reference_ciphertext[i], - aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN, + aes128_gcm_reference_length[i] + + aes128_gcm_reference_tag_length[i], aes128_gcm_reference_plaintext[i], aes128_gcm_reference_length[i], wrong_digest, - AES128_GCM_CHECK_LEN); + aes128_gcm_reference_tag_length[i]); } }
@@ -1004,7 +1013,7 @@ void crypto_test_gen_alg_hmac_md5(void) auth_key.length = sizeof(hmac_md5_reference_key[i]);
if (!check_auth_options(ODP_AUTH_ALG_MD5_HMAC, auth_key.length, - HMAC_MD5_96_CHECK_LEN)) + hmac_md5_reference_digest_length[i])) continue;
alg_test(ODP_CRYPTO_OP_ENCODE, @@ -1020,7 +1029,7 @@ void crypto_test_gen_alg_hmac_md5(void) hmac_md5_reference_length[i], NULL, 0, hmac_md5_reference_digest[i], - HMAC_MD5_96_CHECK_LEN); + hmac_md5_reference_digest_length[i]); } }
@@ -1042,7 +1051,7 @@ void crypto_test_check_alg_hmac_md5(void) auth_key.length = sizeof(hmac_md5_reference_key[i]);
if (!check_auth_options(ODP_AUTH_ALG_MD5_HMAC, auth_key.length, - HMAC_MD5_96_CHECK_LEN)) + hmac_md5_reference_digest_length[i])) continue;
alg_test(ODP_CRYPTO_OP_DECODE, @@ -1058,7 +1067,7 @@ void crypto_test_check_alg_hmac_md5(void) hmac_md5_reference_length[i], NULL, 0, hmac_md5_reference_digest[i], - HMAC_MD5_96_CHECK_LEN); + hmac_md5_reference_digest_length[i]);
alg_test(ODP_CRYPTO_OP_DECODE, 1, @@ -1073,7 +1082,7 @@ void crypto_test_check_alg_hmac_md5(void) hmac_md5_reference_length[i], NULL, 0, wrong_digest, - HMAC_MD5_96_CHECK_LEN); + hmac_md5_reference_digest_length[i]); } }
@@ -1106,7 +1115,7 @@ void crypto_test_gen_alg_hmac_sha256(void)
if (!check_auth_options(ODP_AUTH_ALG_SHA256_HMAC, auth_key.length, - HMAC_SHA256_128_CHECK_LEN)) + hmac_sha256_reference_digest_length[i])) continue;
alg_test(ODP_CRYPTO_OP_ENCODE, @@ -1122,7 +1131,7 @@ void crypto_test_gen_alg_hmac_sha256(void) hmac_sha256_reference_length[i], NULL, 0, hmac_sha256_reference_digest[i], - HMAC_SHA256_128_CHECK_LEN); + hmac_sha256_reference_digest_length[i]); } }
@@ -1146,7 +1155,7 @@ void crypto_test_check_alg_hmac_sha256(void)
if (!check_auth_options(ODP_AUTH_ALG_SHA256_HMAC, auth_key.length, - HMAC_SHA256_128_CHECK_LEN)) + hmac_sha256_reference_digest_length[i])) continue;
alg_test(ODP_CRYPTO_OP_DECODE, @@ -1162,7 +1171,7 @@ void crypto_test_check_alg_hmac_sha256(void) hmac_sha256_reference_length[i], NULL, 0, hmac_sha256_reference_digest[i], - HMAC_SHA256_128_CHECK_LEN); + hmac_sha256_reference_digest_length[i]);
alg_test(ODP_CRYPTO_OP_DECODE, 1, @@ -1177,7 +1186,7 @@ void crypto_test_check_alg_hmac_sha256(void) hmac_sha256_reference_length[i], NULL, 0, wrong_digest, - HMAC_SHA256_128_CHECK_LEN); + hmac_sha256_reference_digest_length[i]); } }
diff --git a/test/common_plat/validation/api/crypto/test_vectors.h b/test/common_plat/validation/api/crypto/test_vectors.h index a1cf4faf..defbda45 100644 --- a/test/common_plat/validation/api/crypto/test_vectors.h +++ b/test/common_plat/validation/api/crypto/test_vectors.h @@ -139,6 +139,8 @@ static uint8_t aes128_gcm_reference_iv[][AES128_GCM_IV_LEN] = {
static uint32_t aes128_gcm_reference_length[] = { 84, 72, 72, 40};
+static uint32_t aes128_gcm_reference_tag_length[] = { 16, 16, 16, 16}; + static odp_packet_data_range_t aes128_gcm_cipher_range[] = { { .offset = 12, .length = 72 }, { .offset = 8, .length = 64 }, @@ -306,6 +308,10 @@ static uint8_t hmac_md5_reference_digest[][HMAC_MD5_DIGEST_LEN] = { 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 } };
+static uint32_t hmac_md5_reference_digest_length[] = { + 12, 12, 12 +}; + static uint8_t hmac_sha256_reference_key[][HMAC_SHA256_KEY_LEN] = { { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, @@ -350,4 +356,8 @@ static uint8_t hmac_sha256_reference_digest[][HMAC_SHA256_DIGEST_LEN] = { 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7 } };
+static uint32_t hmac_sha256_reference_digest_length[] = { + 16, 16, 16 +}; + #endif diff --git a/test/common_plat/validation/api/crypto/test_vectors_len.h b/test/common_plat/validation/api/crypto/test_vectors_len.h index 4fbb5cd7..80fd927b 100644 --- a/test/common_plat/validation/api/crypto/test_vectors_len.h +++ b/test/common_plat/validation/api/crypto/test_vectors_len.h @@ -21,18 +21,15 @@ #define AES128_GCM_IV_LEN 12 #define AES128_GCM_MAX_DATA_LEN 106 #define AES128_GCM_DIGEST_LEN 16 -#define AES128_GCM_CHECK_LEN 16
/* HMAC-MD5 */ #define HMAC_MD5_KEY_LEN 16 #define HMAC_MD5_MAX_DATA_LEN 128 #define HMAC_MD5_DIGEST_LEN 16 -#define HMAC_MD5_96_CHECK_LEN 12
/* HMAC-SHA256 */ #define HMAC_SHA256_KEY_LEN 32 #define HMAC_SHA256_MAX_DATA_LEN 128 #define HMAC_SHA256_DIGEST_LEN 32 -#define HMAC_SHA256_128_CHECK_LEN 16
#endif
-----------------------------------------------------------------------
Summary of changes: configure.ac | 6 +- example/ipsec/odp_ipsec_cache.c | 1 + .../linux-generic/include/odp_crypto_internal.h | 17 +- platform/linux-generic/odp_crypto.c | 628 +++++++++++---------- test/common_plat/performance/odp_crypto.c | 58 +- test/common_plat/validation/api/crypto/crypto.h | 8 +- .../validation/api/crypto/odp_crypto_test_inp.c | 417 ++++++++++++-- .../validation/api/crypto/test_vectors.h | 181 ++++-- .../validation/api/crypto/test_vectors_len.h | 18 +- 9 files changed, 874 insertions(+), 460 deletions(-)
hooks/post-receive