Authentication code contains similar functions. Instead of replicating them further (e.g. for SHA-1 or SHA-3) factor out common code blocks, moving all difference to session data.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> --- .../linux-generic/include/odp_crypto_internal.h | 14 +-- platform/linux-generic/odp_crypto.c | 126 ++++----------------- 2 files changed, 28 insertions(+), 112 deletions(-) diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index f85b76ea..515cefaa 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -60,16 +60,10 @@ struct odp_crypto_generic_session { } cipher; struct { - union { - struct { - uint8_t key[16]; - uint32_t bytes; - } md5; - struct { - uint8_t key[32]; - uint32_t bytes; - } sha256; - } data; + uint8_t key[EVP_MAX_KEY_LENGTH]; + uint32_t key_length; + uint32_t bytes; + const EVP_MD *evp_md; crypto_func_t func; } auth; }; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 2ba504b2..4d59b827 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -110,8 +110,8 @@ null_crypto_routine(odp_crypto_op_param_t *param ODP_UNUSED, } static -odp_crypto_alg_err_t md5_gen(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) +odp_crypto_alg_err_t auth_gen(odp_crypto_op_param_t *param, + odp_crypto_generic_session_t *session) { uint8_t *data = odp_packet_data(param->out_pkt); uint8_t *icv = data; @@ -123,94 +123,28 @@ odp_crypto_alg_err_t md5_gen(odp_crypto_op_param_t *param, icv += param->hash_result_offset; /* Hash it */ - HMAC(EVP_md5(), - session->auth.data.md5.key, - 16, + HMAC(session->auth.evp_md, + session->auth.key, + session->auth.key_length, data, len, hash, NULL); /* Copy to the output location */ - memcpy(icv, hash, session->auth.data.md5.bytes); + memcpy(icv, hash, session->auth.bytes); return ODP_CRYPTO_ALG_ERR_NONE; } static -odp_crypto_alg_err_t md5_check(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) -{ - uint8_t *data = odp_packet_data(param->out_pkt); - uint8_t *icv = data; - uint32_t len = param->auth_range.length; - uint32_t bytes = session->auth.data.md5.bytes; - uint8_t hash_in[EVP_MAX_MD_SIZE]; - uint8_t hash_out[EVP_MAX_MD_SIZE]; - - /* Adjust pointer for beginning of area to auth */ - data += param->auth_range.offset; - icv += param->hash_result_offset; - - /* Copy current value out and clear it before authentication */ - memset(hash_in, 0, sizeof(hash_in)); - memcpy(hash_in, icv, bytes); - memset(icv, 0, bytes); - memset(hash_out, 0, sizeof(hash_out)); - - /* Hash it */ - HMAC(EVP_md5(), - session->auth.data.md5.key, - 16, - data, - len, - hash_out, - NULL); - - /* Verify match */ - if (0 != memcmp(hash_in, hash_out, bytes)) - return ODP_CRYPTO_ALG_ERR_ICV_CHECK; - - /* Matched */ - return ODP_CRYPTO_ALG_ERR_NONE; -} - -static -odp_crypto_alg_err_t sha256_gen(odp_crypto_op_param_t *param, +odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { uint8_t *data = odp_packet_data(param->out_pkt); uint8_t *icv = data; uint32_t len = param->auth_range.length; - uint8_t hash[EVP_MAX_MD_SIZE]; - - /* Adjust pointer for beginning of area to auth */ - data += param->auth_range.offset; - icv += param->hash_result_offset; - - /* Hash it */ - HMAC(EVP_sha256(), - session->auth.data.sha256.key, - 32, - data, - len, - hash, - NULL); - - /* Copy to the output location */ - memcpy(icv, hash, session->auth.data.sha256.bytes); - - return ODP_CRYPTO_ALG_ERR_NONE; -} - -static -odp_crypto_alg_err_t sha256_check(odp_crypto_op_param_t *param, - odp_crypto_generic_session_t *session) -{ - uint8_t *data = odp_packet_data(param->out_pkt); - uint8_t *icv = data; - uint32_t len = param->auth_range.length; - uint32_t bytes = session->auth.data.sha256.bytes; + uint32_t bytes = session->auth.bytes; uint8_t hash_in[EVP_MAX_MD_SIZE]; uint8_t hash_out[EVP_MAX_MD_SIZE]; @@ -225,9 +159,9 @@ odp_crypto_alg_err_t sha256_check(odp_crypto_op_param_t *param, memset(hash_out, 0, sizeof(hash_out)); /* Hash it */ - HMAC(EVP_sha256(), - session->auth.data.sha256.key, - 32, + HMAC(session->auth.evp_md, + session->auth.key, + session->auth.key_length, data, len, hash_out, @@ -587,38 +521,26 @@ static int process_des_param(odp_crypto_generic_session_t *session) return 0; } -static int process_md5_param(odp_crypto_generic_session_t *session, - uint32_t bits) +static int process_auth_param(odp_crypto_generic_session_t *session, + uint32_t bits, + uint32_t key_length, + const EVP_MD *evp_md) { /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) - session->auth.func = md5_gen; + session->auth.func = auth_gen; else - session->auth.func = md5_check; - - /* Number of valid bytes */ - session->auth.data.md5.bytes = bits / 8; - - /* Convert keys */ - memcpy(session->auth.data.md5.key, session->p.auth_key.data, 16); - - return 0; -} + session->auth.func = auth_check; -static int process_sha256_param(odp_crypto_generic_session_t *session, - uint32_t bits) -{ - /* Set function */ - if (ODP_CRYPTO_OP_ENCODE == session->p.op) - session->auth.func = sha256_gen; - else - session->auth.func = sha256_check; + session->auth.evp_md = evp_md; /* Number of valid bytes */ - session->auth.data.sha256.bytes = bits / 8; + session->auth.bytes = bits / 8; /* Convert keys */ - memcpy(session->auth.data.sha256.key, session->p.auth_key.data, 32); + session->auth.key_length = key_length; + memcpy(session->auth.key, session->p.auth_key.data, + session->auth.key_length); return 0; } @@ -816,12 +738,12 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, case ODP_AUTH_ALG_MD5_HMAC: /* deprecated */ case ODP_AUTH_ALG_MD5_96: - rc = process_md5_param(session, 96); + rc = process_auth_param(session, 96, 16, EVP_md5()); break; case ODP_AUTH_ALG_SHA256_HMAC: /* deprecated */ case ODP_AUTH_ALG_SHA256_128: - rc = process_sha256_param(session, 128); + rc = process_auth_param(session, 128, 32, EVP_sha256()); break; case ODP_AUTH_ALG_AES_GCM: /* deprecated */ -- 2.11.0