From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> Add support for AES with keys of 192 and 256 bits.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> --- /** Email created from pull request 94 (lumag:crypto-long-keys) ** https://github.com/Linaro/odp/pull/94 ** Patch: https://github.com/Linaro/odp/pull/94.patch ** Base sha: c16f1363303cd5fc11324acbc4dfebe0a9680a41 ** Merge commit sha: bab24526ba91a4499aff896c5e82d4ac3f03fea9 **/ platform/linux-generic/odp_crypto.c | 44 ++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 6d7d0e2e..caf020f9 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -44,10 +44,14 @@ static const odp_crypto_cipher_capability_t cipher_capa_trides_cbc[] = { {.key_len = 24, .iv_len = 8} }; static const odp_crypto_cipher_capability_t cipher_capa_aes_cbc[] = { -{.key_len = 16, .iv_len = 16} }; +{.key_len = 16, .iv_len = 16}, +{.key_len = 24, .iv_len = 16}, +{.key_len = 32, .iv_len = 16} }; static const odp_crypto_cipher_capability_t cipher_capa_aes_gcm[] = { -{.key_len = 16, .iv_len = 12} }; +{.key_len = 16, .iv_len = 12}, +{.key_len = 24, .iv_len = 12}, +{.key_len = 32, .iv_len = 12} }; /* * Authentication algorithm capabilities @@ -737,23 +741,47 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, case ODP_CIPHER_ALG_3DES_CBC: rc = process_cipher_param(session, EVP_des_ede3_cbc()); break; - case ODP_CIPHER_ALG_AES_CBC: #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: + if (param->cipher_key.length == 16) + rc = process_cipher_param(session, EVP_aes_128_cbc()); + else + rc = -1; + break; #endif - rc = process_cipher_param(session, EVP_aes_128_cbc()); + case ODP_CIPHER_ALG_AES_CBC: + if (param->cipher_key.length == 16) + rc = process_cipher_param(session, EVP_aes_128_cbc()); + else if (param->cipher_key.length == 24) + rc = process_cipher_param(session, EVP_aes_192_cbc()); + else if (param->cipher_key.length == 32) + rc = process_cipher_param(session, EVP_aes_256_cbc()); + else + rc = -1; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: - if (param->auth_alg == ODP_AUTH_ALG_AES128_GCM) - aes_gcm = 1; - /* Fallthrough */ + /* AES-GCM requires to do both auth and + * cipher at the same time */ + if (param->auth_alg != ODP_AUTH_ALG_AES128_GCM) + rc = -1; + else if (param->cipher_key.length == 16) + rc = process_aes_gcm_param(session, EVP_aes_128_gcm()); + else + rc = -1; + break; #endif case ODP_CIPHER_ALG_AES_GCM: /* AES-GCM requires to do both auth and * cipher at the same time */ - if (param->auth_alg == ODP_AUTH_ALG_AES_GCM || aes_gcm) + if (param->auth_alg != ODP_AUTH_ALG_AES_GCM) + rc = -1; + else if (param->cipher_key.length == 16) rc = process_aes_gcm_param(session, EVP_aes_128_gcm()); + else if (param->cipher_key.length == 24) + rc = process_aes_gcm_param(session, EVP_aes_192_gcm()); + else if (param->cipher_key.length == 32) + rc = process_aes_gcm_param(session, EVP_aes_256_gcm()); else rc = -1; break;