Added support for new algorithm enumerations and algorithm
capability functions.
Signed-off-by: Petri Savolainen <petri.savolai...@nokia.com>
---
.../linux-generic/include/odp_crypto_internal.h | 19 +--
platform/linux-generic/odp_crypto.c | 180 +++++++++++----------
2 files changed, 107 insertions(+), 92 deletions(-)
diff --git a/platform/linux-generic/include/odp_crypto_internal.h
b/platform/linux-generic/include/odp_crypto_internal.h
index 7b104af..78feb3f 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -14,6 +14,7 @@ extern "C" {
#include <openssl/des.h>
#include <openssl/aes.h>
+#define MAX_IV_LEN 64
#define OP_RESULT_MAGIC 0x91919191
/** Forward declaration of session structure */
@@ -31,16 +32,16 @@ odp_crypto_alg_err_t
(*crypto_func_t)(odp_crypto_op_params_t *params,
*/
struct odp_crypto_generic_session {
struct odp_crypto_generic_session *next;
- odp_crypto_op_t op;
+
+ /* Session creation parameters */
+ odp_crypto_session_params_t p;
+
odp_bool_t do_cipher_first;
- odp_queue_t compl_queue;
- odp_pool_t output_pool;
+
struct {
- odp_cipher_alg_t alg;
- struct {
- uint8_t *data;
- size_t len;
- } iv;
+ /* Copy of session IV data */
+ uint8_t iv_data[MAX_IV_LEN];
+
union {
struct {
DES_key_schedule ks1;
@@ -56,8 +57,8 @@ struct odp_crypto_generic_session {
} data;
crypto_func_t func;
} cipher;
+
struct {
- odp_auth_alg_t alg;
union {
struct {
uint8_t key[16];
diff --git a/platform/linux-generic/odp_crypto.c
b/platform/linux-generic/odp_crypto.c
index 453d6b7..a64b5a2 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -249,8 +249,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_params_t
*params,
if (params->override_iv_ptr)
iv_ptr = params->override_iv_ptr;
- else if (session->cipher.iv.data)
- iv_ptr = session->cipher.iv.data;
+ else if (session->p.iv.data)
+ iv_ptr = session->cipher.iv_data;
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
@@ -281,8 +281,8 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_params_t
*params,
if (params->override_iv_ptr)
iv_ptr = params->override_iv_ptr;
- else if (session->cipher.iv.data)
- iv_ptr = session->cipher.iv.data;
+ else if (session->p.iv.data)
+ iv_ptr = session->cipher.iv_data;
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
@@ -302,22 +302,20 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_params_t
*params,
return ODP_CRYPTO_ALG_ERR_NONE;
}
-static
-int process_aes_params(odp_crypto_generic_session_t *session,
- odp_crypto_session_params_t *params)
+static int process_aes_params(odp_crypto_generic_session_t *session)
{
/* Verify IV len is either 0 or 16 */
- if (!((0 == params->iv.length) || (16 == params->iv.length)))
+ if (!((0 == session->p.iv.length) || (16 == session->p.iv.length)))
return -1;
/* Set function */
- if (ODP_CRYPTO_OP_ENCODE == params->op) {
+ if (ODP_CRYPTO_OP_ENCODE == session->p.op) {
session->cipher.func = aes_encrypt;
- AES_set_encrypt_key(params->cipher_key.data, 128,
+ AES_set_encrypt_key(session->p.cipher_key.data, 128,
&session->cipher.data.aes.key);
} else {
session->cipher.func = aes_decrypt;
- AES_set_decrypt_key(params->cipher_key.data, 128,
+ AES_set_decrypt_key(session->p.cipher_key.data, 128,
&session->cipher.data.aes.key);
}
@@ -340,8 +338,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_params_t
*params,
if (params->override_iv_ptr)
iv_ptr = params->override_iv_ptr;
- else if (session->cipher.iv.data)
- iv_ptr = session->cipher.iv.data;
+ else if (session->p.iv.data)
+ iv_ptr = session->cipher.iv_data;
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
@@ -405,8 +403,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t
*params,
if (params->override_iv_ptr)
iv_ptr = params->override_iv_ptr;
- else if (session->cipher.iv.data)
- iv_ptr = session->cipher.iv.data;
+ else if (session->p.iv.data)
+ iv_ptr = session->cipher.iv_data;
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
@@ -455,19 +453,17 @@ odp_crypto_alg_err_t
aes_gcm_decrypt(odp_crypto_op_params_t *params,
return ODP_CRYPTO_ALG_ERR_NONE;
}
-static
-int process_aes_gcm_params(odp_crypto_generic_session_t *session,
- odp_crypto_session_params_t *params)
+static int process_aes_gcm_params(odp_crypto_generic_session_t *session)
{
/* Verify Key len is 16 */
- if (params->cipher_key.length != 16)
+ if (session->p.cipher_key.length != 16)
return -1;
/* Set function */
EVP_CIPHER_CTX *ctx =
session->cipher.data.aes_gcm.ctx = EVP_CIPHER_CTX_new();
- if (ODP_CRYPTO_OP_ENCODE == params->op) {
+ if (ODP_CRYPTO_OP_ENCODE == session->p.op) {
session->cipher.func = aes_gcm_encrypt;
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
} else {
@@ -476,13 +472,13 @@ int process_aes_gcm_params(odp_crypto_generic_session_t
*session,
}
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
- params->iv.length, NULL);
- if (ODP_CRYPTO_OP_ENCODE == params->op) {
+ session->p.iv.length, NULL);
+ if (ODP_CRYPTO_OP_ENCODE == session->p.op) {
EVP_EncryptInit_ex(ctx, NULL, NULL,
- params->cipher_key.data, NULL);
+ session->p.cipher_key.data, NULL);
} else {
EVP_DecryptInit_ex(ctx, NULL, NULL,
- params->cipher_key.data, NULL);
+ session->p.cipher_key.data, NULL);
}
return 0;
@@ -499,8 +495,8 @@ odp_crypto_alg_err_t des_encrypt(odp_crypto_op_params_t
*params,
if (params->override_iv_ptr)
iv_ptr = params->override_iv_ptr;
- else if (session->cipher.iv.data)
- iv_ptr = session->cipher.iv.data;
+ else if (session->p.iv.data)
+ iv_ptr = session->cipher.iv_data;
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
@@ -537,8 +533,8 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_params_t
*params,
if (params->override_iv_ptr)
iv_ptr = params->override_iv_ptr;
- else if (session->cipher.iv.data)
- iv_ptr = session->cipher.iv.data;
+ else if (session->p.iv.data)
+ iv_ptr = session->cipher.iv_data;
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
@@ -565,38 +561,34 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_params_t
*params,
return ODP_CRYPTO_ALG_ERR_NONE;
}
-static
-int process_des_params(odp_crypto_generic_session_t *session,
- odp_crypto_session_params_t *params)
+static int process_des_params(odp_crypto_generic_session_t *session)
{
/* Verify IV len is either 0 or 8 */
- if (!((0 == params->iv.length) || (8 == params->iv.length)))
+ if (!((0 == session->p.iv.length) || (8 == session->p.iv.length)))
return -1;
/* Set function */
- if (ODP_CRYPTO_OP_ENCODE == params->op)
+ if (ODP_CRYPTO_OP_ENCODE == session->p.op)
session->cipher.func = des_encrypt;
else
session->cipher.func = des_decrypt;
/* Convert keys */
- DES_set_key((DES_cblock *)¶ms->cipher_key.data[0],
+ DES_set_key((DES_cblock *)&session->p.cipher_key.data[0],
&session->cipher.data.des.ks1);
- DES_set_key((DES_cblock *)¶ms->cipher_key.data[8],
+ DES_set_key((DES_cblock *)&session->p.cipher_key.data[8],
&session->cipher.data.des.ks2);
- DES_set_key((DES_cblock *)¶ms->cipher_key.data[16],
+ DES_set_key((DES_cblock *)&session->p.cipher_key.data[16],
&session->cipher.data.des.ks3);
return 0;
}
-static
-int process_md5_params(odp_crypto_generic_session_t *session,
- odp_crypto_session_params_t *params,
- uint32_t bits)
+static int process_md5_params(odp_crypto_generic_session_t *session,
+ uint32_t bits)
{
/* Set function */
- if (ODP_CRYPTO_OP_ENCODE == params->op)
+ if (ODP_CRYPTO_OP_ENCODE == session->p.op)
session->auth.func = md5_gen;
else
session->auth.func = md5_check;
@@ -605,18 +597,16 @@ int process_md5_params(odp_crypto_generic_session_t
*session,
session->auth.data.md5.bytes = bits / 8;
/* Convert keys */
- memcpy(session->auth.data.md5.key, params->auth_key.data, 16);
+ memcpy(session->auth.data.md5.key, session->p.auth_key.data, 16);
return 0;
}
-static
-int process_sha256_params(odp_crypto_generic_session_t *session,
- odp_crypto_session_params_t *params,
- uint32_t bits)
+static int process_sha256_params(odp_crypto_generic_session_t *session,
+ uint32_t bits)
{
/* Set function */
- if (ODP_CRYPTO_OP_ENCODE == params->op)
+ if (ODP_CRYPTO_OP_ENCODE == session->p.op)
session->auth.func = sha256_gen;
else
session->auth.func = sha256_check;
@@ -625,7 +615,7 @@ int process_sha256_params(odp_crypto_generic_session_t
*session,
session->auth.data.sha256.bytes = bits / 8;
/* Convert keys */
- memcpy(session->auth.data.sha256.key, params->auth_key.data, 32);
+ memcpy(session->auth.data.sha256.key, session->p.auth_key.data, 32);
return 0;
}
@@ -638,16 +628,23 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
/* Initialize crypto capability structure */
memset(capa, 0, sizeof(odp_crypto_capability_t));
- capa->ciphers.bit.null = 1;
- capa->ciphers.bit.des = 1;
- capa->ciphers.bit.trides_cbc = 1;
- capa->ciphers.bit.aes128_cbc = 1;
- capa->ciphers.bit.aes128_gcm = 1;
+ capa->ciphers.bit.null = 1;
+ capa->ciphers.bit.des = 1;
+ capa->ciphers.bit.trides_cbc = 1;
+ capa->ciphers.bit.aes_cbc = 1;
+ capa->ciphers.bit.aes_gcm = 1;
+
+ capa->auths.bit.null = 1;
+ capa->auths.bit.md5_hmac = 1;
+ capa->auths.bit.sha256_hmac = 1;
+ capa->auths.bit.aes_gcm = 1;
- capa->auths.bit.null = 1;
- capa->auths.bit.md5_96 = 1;
- capa->auths.bit.sha256_128 = 1;
- capa->auths.bit.aes128_gcm = 1;
+ /* Deprecated */
+ capa->ciphers.bit.aes128_cbc = 1;
+ capa->ciphers.bit.aes128_gcm = 1;
+ capa->auths.bit.md5_96 = 1;
+ capa->auths.bit.sha256_128 = 1;
+ capa->auths.bit.aes128_gcm = 1;
capa->max_sessions = MAX_SESSIONS;
@@ -748,21 +745,26 @@ odp_crypto_session_create(odp_crypto_session_params_t
*params,
return -1;
}
+ /* Copy parameters */
+ session->p = *params;
+
+ /* Copy IV data */
+ if (session->p.iv.data) {
+ if (session->p.iv.length > MAX_IV_LEN) {
+ ODP_DBG("Maximum IV length exceeded\n");
+ return -1;
+ }
+
+ memcpy(session->cipher.iv_data, session->p.iv.data,
+ session->p.iv.length);
+ }
+
/* Derive order */
if (ODP_CRYPTO_OP_ENCODE == params->op)
session->do_cipher_first = params->auth_cipher_text;
else
session->do_cipher_first = !params->auth_cipher_text;
- /* Copy stuff over */
- session->op = params->op;
- session->compl_queue = params->compl_queue;
- session->cipher.alg = params->cipher_alg;
- session->cipher.iv.data = params->iv.data;
- session->cipher.iv.len = params->iv.length;
- session->auth.alg = params->auth_alg;
- session->output_pool = params->output_pool;
-
/* Process based on cipher */
switch (params->cipher_alg) {
case ODP_CIPHER_ALG_NULL:
@@ -771,19 +773,23 @@ odp_crypto_session_create(odp_crypto_session_params_t
*params,
break;
case ODP_CIPHER_ALG_DES:
case ODP_CIPHER_ALG_3DES_CBC:
- rc = process_des_params(session, params);
+ rc = process_des_params(session);
break;
+ case ODP_CIPHER_ALG_AES_CBC:
+ /* deprecated */
case ODP_CIPHER_ALG_AES128_CBC:
- rc = process_aes_params(session, params);
+ rc = process_aes_params(session);
break;
+ case ODP_CIPHER_ALG_AES_GCM:
+ /* deprecated */
case ODP_CIPHER_ALG_AES128_GCM:
/* AES-GCM requires to do both auth and
* cipher at the same time */
- if (params->auth_alg != ODP_AUTH_ALG_AES128_GCM) {
+ if (params->auth_alg == ODP_AUTH_ALG_AES_GCM ||
+ params->auth_alg == ODP_AUTH_ALG_AES128_GCM)
+ rc = process_aes_gcm_params(session);
+ else
rc = -1;
- break;
- }
- rc = process_aes_gcm_params(session, params);
break;
default:
rc = -1;
@@ -801,21 +807,28 @@ odp_crypto_session_create(odp_crypto_session_params_t
*params,
session->auth.func = null_crypto_routine;
rc = 0;
break;
+ case ODP_AUTH_ALG_MD5_HMAC:
+ /* deprecated */
case ODP_AUTH_ALG_MD5_96:
- rc = process_md5_params(session, params, 96);
+ rc = process_md5_params(session, 96);
break;
+ case ODP_AUTH_ALG_SHA256_HMAC:
+ /* deprecated */
case ODP_AUTH_ALG_SHA256_128:
- rc = process_sha256_params(session, params, 128);
+ rc = process_sha256_params(session, 128);
break;
+ case ODP_AUTH_ALG_AES_GCM:
+ /* deprecated */
case ODP_AUTH_ALG_AES128_GCM:
/* AES-GCM requires to do both auth and
* cipher at the same time */
- if (params->cipher_alg != ODP_CIPHER_ALG_AES128_GCM) {
+ if (params->cipher_alg == ODP_CIPHER_ALG_AES_GCM ||
+ params->cipher_alg == ODP_CIPHER_ALG_AES128_GCM) {
+ session->auth.func = null_crypto_routine;
+ rc = 0;
+ } else {
rc = -1;
- break;
}
- session->auth.func = null_crypto_routine;
- rc = 0;
break;
default:
rc = -1;
@@ -837,7 +850,8 @@ int odp_crypto_session_destroy(odp_crypto_session_t session)
odp_crypto_generic_session_t *generic;
generic = (odp_crypto_generic_session_t *)(intptr_t)session;
- if (generic->cipher.alg == ODP_CIPHER_ALG_AES128_GCM)
+ if (generic->p.cipher_alg == ODP_CIPHER_ALG_AES128_GCM ||
+ generic->p.cipher_alg == ODP_CIPHER_ALG_AES_GCM)
EVP_CIPHER_CTX_free(generic->cipher.data.aes_gcm.ctx);
memset(generic, 0, sizeof(*generic));
free_session(generic);
@@ -858,8 +872,8 @@ odp_crypto_operation(odp_crypto_op_params_t *params,
/* Resolve output buffer */
if (ODP_PACKET_INVALID == params->out_pkt &&
- ODP_POOL_INVALID != session->output_pool)
- params->out_pkt = odp_packet_alloc(session->output_pool,
+ ODP_POOL_INVALID != session->p.output_pool)
+ params->out_pkt = odp_packet_alloc(session->p.output_pool,
odp_packet_len(params->pkt));
if (odp_unlikely(ODP_PACKET_INVALID == params->out_pkt)) {
@@ -899,7 +913,7 @@ odp_crypto_operation(odp_crypto_op_params_t *params,
(rc_auth == ODP_CRYPTO_ALG_ERR_NONE);
/* If specified during creation post event to completion queue */
- if (ODP_QUEUE_INVALID != session->compl_queue) {
+ if (ODP_QUEUE_INVALID != session->p.compl_queue) {
odp_event_t completion_event;
odp_crypto_generic_op_result_t *op_result;
@@ -912,7 +926,7 @@ odp_crypto_operation(odp_crypto_op_params_t *params,
op_result = get_op_result_from_event(completion_event);
op_result->magic = OP_RESULT_MAGIC;
op_result->result = local_result;
- if (odp_queue_enq(session->compl_queue, completion_event)) {
+ if (odp_queue_enq(session->p.compl_queue, completion_event)) {
odp_event_free(completion_event);
return -1;
}
--
2.8.1
