Dmitry Eremin-Solenikov(lumag) replied on github web page: platform/linux-generic/odp_crypto.c line 155 @@ -308,6 +319,142 @@ void packet_hmac(odp_packet_t pkt, HMAC_Final(ctx, hash, NULL); } +static void do_pad_xor(uint8_t *out, const uint8_t *in, int len) { + int pos=0; + for (pos=1; pos <= 16; pos++, in++, out++) { + if (pos <= len) + *out ^= *in; + if (pos > len) { + *out ^= 0x80; + break; + } + } +} +static void xor_block(aes_block res, const aes_block op) { + res[0] ^= op[0]; + res[1] ^= op[1]; + res[2] ^= op[2]; + res[3] ^= op[3]; +} + +static +odp_crypto_alg_err_t aesxcbc_gen(odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param, + odp_crypto_generic_session_t *session) +{ + aes_block e = {0, 0, 0, 0}; + uint8_t *data = odp_packet_data(pkt); + uint8_t *icv = data; + uint32_t len = param->auth_range.length; + uint8_t hash_out[16]; + EVP_CIPHER_CTX *ctx; + int dummy_len = 0; + /* Adjust pointer for beginning of area to auth */ + data += param->auth_range.offset; + icv += param->hash_result_offset; + + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, session->auth.key, NULL); + for (; len > AES_BLOCK_SIZE ; len -= AES_BLOCK_SIZE) { + xor_block(e, (const uint32_t*) data); + EVP_EncryptUpdate(ctx, (uint8_t *)e, &dummy_len, (uint8_t *)e, sizeof(e)); + data += AES_BLOCK_SIZE; + } + do_pad_xor((uint8_t *)e, data, len); + if (len == AES_BLOCK_SIZE) { + xor_block(e, (const uint32_t*) (session->auth.key + 16)); + } + else + { + xor_block(e, (const uint32_t*) (session->auth.key + 16*2)); + } + EVP_EncryptUpdate(ctx, hash_out, &dummy_len, (uint8_t *)e, sizeof(e)); + EVP_CIPHER_CTX_free(ctx); + memcpy (icv, hash_out, 12); + + return ODP_CRYPTO_ALG_ERR_NONE; +} + +static +odp_crypto_alg_err_t aesxcbc_check(odp_packet_t pkt, + const odp_crypto_packet_op_param_t *param, + odp_crypto_generic_session_t *session) +{ + aes_block e = {0, 0, 0, 0}; + uint8_t *data = odp_packet_data(pkt); + uint8_t *icv = data; + uint32_t len = param->auth_range.length; + uint8_t hash_in[12]; + uint8_t hash_out[12]; + EVP_CIPHER_CTX *ctx; + int dummy_len = 0; + + /* Adjust pointer for beginning of area to auth */ + data += param->auth_range.offset; + icv += param->hash_result_offset; + + /* Copy current value out and clear it before authentication */ + memset(hash_in, 0, sizeof(hash_in)); + memcpy(hash_in, icv, 12); + memset(hash_out, 0, sizeof(hash_out)); + + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, session->auth.key, NULL); + + for (; len > AES_BLOCK_SIZE ; len -= AES_BLOCK_SIZE) { + xor_block(e, (const uint32_t*) data); + EVP_EncryptUpdate(ctx, (uint8_t *)e, &dummy_len, (uint8_t *)e, sizeof(e)); + data += AES_BLOCK_SIZE; + } + do_pad_xor((uint8_t *)e, data, len); + if (len == AES_BLOCK_SIZE) { + xor_block(e, (const uint32_t*) (session->auth.key + 16)); + } + else + { + xor_block(e, (const uint32_t*) (session->auth.key + 16*2)); + } + EVP_EncryptUpdate(ctx, hash_out, &dummy_len, (uint8_t *)e, sizeof(e)); + EVP_CIPHER_CTX_free(ctx); + /* Verify match */ + if (0 != memcmp(hash_in, hash_out, 12)) + return ODP_CRYPTO_ALG_ERR_ICV_CHECK; + + /* Matched */ + return ODP_CRYPTO_ALG_ERR_NONE; +} + +static int process_aesxcbc_param(odp_crypto_generic_session_t *session) +{ + aes_block kn[3] = { + { 0x01010101, 0x01010101, 0x01010101, 0x01010101 }, + { 0x02020202, 0x02020202, 0x02020202, 0x02020202 }, + { 0x03030303, 0x03030303, 0x03030303, 0x03030303 }, + }; + EVP_CIPHER_CTX *ctx; + int dummy_len = 0; + + /* Set function */ + if (ODP_CRYPTO_OP_ENCODE == session->p.op) + session->auth.func = aesxcbc_gen; + else + session->auth.func = aesxcbc_check; + + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, session->p.auth_key.data, NULL);
Comment: `EVP_aes_128_ecb()` should become a parameter here that is stored as `session->auth.evp_cipher`. > Dmitry Eremin-Solenikov(lumag) wrote: > You also need to set auth.init func here. For now you can use nullinit > function >> Dmitry Eremin-Solenikov(lumag) wrote: >> XCBC-MAC computation should be extracted to a separate function. >>> Dmitry Eremin-Solenikov(lumag) wrote: >>> This will not work with segmented packets. >>>> Dmitry Eremin-Solenikov(lumag) wrote: >>>> Please use `uint32_t*` instead of adding new type. https://github.com/Linaro/odp/pull/470#discussion_r167568673 updated_at 2018-02-12 14:34:03