From: yhe <y...@sonicwall.com> --- /** Email created from pull request 470 (SonicwallYhe:api-next-seperate) ** https://github.com/Linaro/odp/pull/470 ** Patch: https://github.com/Linaro/odp/pull/470.patch ** Base sha: af7be638ef9ac98bdb1f2e4917f152889eb1850f ** Merge commit sha: f30e7ae4157bae994d5734b8917d2dd31dbf201e **/ platform/linux-generic/odp_crypto.c | 71 +++++++++++++----------- test/validation/api/crypto/odp_crypto_test_inp.c | 4 +- test/validation/api/crypto/test_vectors.h | 8 +-- 3 files changed, 45 insertions(+), 38 deletions(-)
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 16ec25d67..174d0cf38 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -319,9 +319,11 @@ void packet_hmac(odp_packet_t pkt, HMAC_Final(ctx, hash, NULL); } -static void do_pad_xor(uint8_t *out, const uint8_t *in, int len) { - int pos=0; - for (pos=1; pos <= 16; pos++, in++, out++) { +static void do_pad_xor(uint8_t *out, const uint8_t *in, int len) +{ + int pos = 0; + + for (pos = 1; pos <= 16; pos++, in++, out++) { if (pos <= len) *out ^= *in; if (pos > len) { @@ -330,7 +332,9 @@ static void do_pad_xor(uint8_t *out, const uint8_t *in, int len) { } } } -static void xor_block(aes_block res, const aes_block op) { + +static void xor_block(uint32_t *res, const uint32_t *op) +{ res[0] ^= op[0]; res[1] ^= op[1]; res[2] ^= op[2]; @@ -342,7 +346,7 @@ odp_crypto_alg_err_t aesxcbc_gen(odp_packet_t pkt, const odp_crypto_packet_op_param_t *param, odp_crypto_generic_session_t *session) { - aes_block e = {0, 0, 0, 0}; + uint32_t e[4] = {0, 0, 0, 0}; uint8_t *data = odp_packet_data(pkt); uint8_t *icv = data; uint32_t len = param->auth_range.length; @@ -354,22 +358,20 @@ odp_crypto_alg_err_t aesxcbc_gen(odp_packet_t pkt, icv += param->hash_result_offset; ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, session->auth.key, NULL); + EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL, session->auth.key, NULL); for (; len > AES_BLOCK_SIZE ; len -= AES_BLOCK_SIZE) { - xor_block(e, (const uint32_t*) data); + xor_block(e, (const uint32_t *)data); EVP_EncryptUpdate(ctx, (uint8_t *)e, &dummy_len, (uint8_t *)e, sizeof(e)); data += AES_BLOCK_SIZE; } do_pad_xor((uint8_t *)e, data, len); - if (len == AES_BLOCK_SIZE) { - xor_block(e, (const uint32_t*) (session->auth.key + 16)); - } + if (len == AES_BLOCK_SIZE) + xor_block(e, (const uint32_t *)(session->auth.key + 16)); else - { - xor_block(e, (const uint32_t*) (session->auth.key + 16*2)); - } + xor_block(e, (const uint32_t *)(session->auth.key + 16 * 2)); + EVP_EncryptUpdate(ctx, hash_out, &dummy_len, (uint8_t *)e, sizeof(e)); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(ctx); memcpy (icv, hash_out, 12); return ODP_CRYPTO_ALG_ERR_NONE; @@ -380,7 +382,7 @@ odp_crypto_alg_err_t aesxcbc_check(odp_packet_t pkt, const odp_crypto_packet_op_param_t *param, odp_crypto_generic_session_t *session) { - aes_block e = {0, 0, 0, 0}; + uint32_t e[4] = {0, 0, 0, 0}; uint8_t *data = odp_packet_data(pkt); uint8_t *icv = data; uint32_t len = param->auth_range.length; @@ -399,23 +401,21 @@ odp_crypto_alg_err_t aesxcbc_check(odp_packet_t pkt, memset(hash_out, 0, sizeof(hash_out)); ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, session->auth.key, NULL); + EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL, session->auth.key, NULL); for (; len > AES_BLOCK_SIZE ; len -= AES_BLOCK_SIZE) { - xor_block(e, (const uint32_t*) data); + xor_block(e, (const uint32_t *) data); EVP_EncryptUpdate(ctx, (uint8_t *)e, &dummy_len, (uint8_t *)e, sizeof(e)); data += AES_BLOCK_SIZE; } do_pad_xor((uint8_t *)e, data, len); - if (len == AES_BLOCK_SIZE) { - xor_block(e, (const uint32_t*) (session->auth.key + 16)); - } + if (len == AES_BLOCK_SIZE) + xor_block(e, (const uint32_t *)(session->auth.key + 16)); else - { - xor_block(e, (const uint32_t*) (session->auth.key + 16*2)); - } + xor_block(e, (const uint32_t *)(session->auth.key + 16 * 2)); + EVP_EncryptUpdate(ctx, hash_out, &dummy_len, (uint8_t *)e, sizeof(e)); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(ctx); /* Verify match */ if (0 != memcmp(hash_in, hash_out, 12)) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; @@ -424,9 +424,10 @@ odp_crypto_alg_err_t aesxcbc_check(odp_packet_t pkt, return ODP_CRYPTO_ALG_ERR_NONE; } -static int process_aesxcbc_param(odp_crypto_generic_session_t *session) +static int process_aesxcbc_param(odp_crypto_generic_session_t *session, + const EVP_CIPHER *cipher) { - aes_block kn[3] = { + uint32_t kn[12] = { { 0x01010101, 0x01010101, 0x01010101, 0x01010101 }, { 0x02020202, 0x02020202, 0x02020202, 0x02020202 }, { 0x03030303, 0x03030303, 0x03030303, 0x03030303 }, @@ -439,19 +440,25 @@ static int process_aesxcbc_param(odp_crypto_generic_session_t *session) session->auth.func = aesxcbc_gen; else session->auth.func = aesxcbc_check; + session->auth.init = null_crypto_init_routine; + session->auth.evp_cipher = cipher; ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, session->p.auth_key.data, NULL); + EVP_EncryptInit_ex(ctx, session->auth.evp_cipher, NULL, + session->p.auth_key.data, NULL); /* K1 = 0x01010101010101010101010101010101 encrypted with Key K */ - EVP_EncryptUpdate(ctx, session->auth.key, &dummy_len, (uint8_t *)kn[0], 16); + EVP_EncryptUpdate(ctx, session->auth.key, + &dummy_len, (uint8_t *)kn[0], 16); /* K2 = 0x02020202020202020202020202020202 encrypted with Key K */ - EVP_EncryptUpdate(ctx, session->auth.key+16, &dummy_len, (uint8_t *)kn[1], 16); + EVP_EncryptUpdate(ctx, session->auth.key + 16, + &dummy_len, (uint8_t *)kn[4], 16); /* K3 = 0x03030303030303030303030303030303 encrypted with Key K */ - EVP_EncryptUpdate(ctx, session->auth.key+16*2, &dummy_len, (uint8_t *)kn[2], 16); + EVP_EncryptUpdate(ctx, session->auth.key + 16 * 2, + &dummy_len, (uint8_t *)kn[8], 16); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(ctx); return 0; } @@ -1627,7 +1634,7 @@ odp_crypto_session_create(odp_crypto_session_param_t *param, break; case ODP_AUTH_ALG_AES_XCBC_MAC: - rc = process_aesxcbc_param(session); + rc = process_aesxcbc_param(session, EVP_aes_128_ecb()); break; #if ODP_DEPRECATED_API case ODP_AUTH_ALG_AES128_GCM: diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c index 2316f2798..96d2f8f76 100644 --- a/test/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/validation/api/crypto/odp_crypto_test_inp.c @@ -1499,9 +1499,9 @@ odp_testinfo_t crypto_suite[] = { ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha256, check_alg_hmac_sha256), ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_sha384, - check_alg_hmac_sha384), + check_alg_hmac_sha384), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha384, - check_alg_hmac_sha384), + check_alg_hmac_sha384), ODP_TEST_INFO_CONDITIONAL(crypto_test_gen_alg_hmac_sha512, check_alg_hmac_sha512), ODP_TEST_INFO_CONDITIONAL(crypto_test_check_alg_hmac_sha512, diff --git a/test/validation/api/crypto/test_vectors.h b/test/validation/api/crypto/test_vectors.h index 700c5c047..6756afbc4 100644 --- a/test/validation/api/crypto/test_vectors.h +++ b/test/validation/api/crypto/test_vectors.h @@ -1281,7 +1281,7 @@ static crypto_test_reference_t hmac_sha384_reference[] = { .digest_length = HMAC_SHA384_CHECK_LEN, .digest = { 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b, - 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, + 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 } @@ -1309,7 +1309,7 @@ static crypto_test_reference_t hmac_sha384_reference[] = { .digest_length = HMAC_SHA384_CHECK_LEN, .digest = {0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f, - 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, + 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27 } @@ -1490,7 +1490,7 @@ static crypto_test_reference_t aes_xcbc_reference[] = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }, .digest_length = AES_XCBC_MAC_96_CHECK_LEN, - .digest = { 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15, + .digest = { 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15, 0xb8, 0x98, 0x5c, 0x63 } }, { @@ -1529,7 +1529,7 @@ static crypto_test_reference_t aes_xcbc_reference[] = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }, .digest_length = AES_XCBC_MAC_CHECK_LEN, - .digest = { 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15, + .digest = { 0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15, 0xb8, 0x98, 0x5c, 0x63, 0x05, 0x5e, 0xd3, 0x08 } } };