[PATCH API-NEXT v5] Major cryptography code update#34
Closed
lumag wants to merge 23 commits intoOpenDataPlane:api-nextfrom
Closed
[PATCH API-NEXT v5] Major cryptography code update#34lumag wants to merge 23 commits intoOpenDataPlane:api-nextfrom
lumag wants to merge 23 commits intoOpenDataPlane:api-nextfrom
Conversation
lumag
commented
May 22, 2017
lumag
commented
- incorporate [PATCH API-NEXT v4] Update Linux crypto implementation to support recent API additions #24
- fix AES-GCM thread safety
- unify cipher handling code
- make crypto code work across segmented packets
muvarov
changed the title
lumag
force-pushed
the
crypto-update-main-new
branch
from
a7c3ddf to
5ae6f6f
Compare
muvarov
changed the title
lumag
changed the title
lumag
force-pushed
the
crypto-update-main-new
branch
from
5ae6f6f to
a60e15c
Compare
muvarov
changed the title
muvarov
changed the title
lumag
changed the title
Contributor
From: Dmitry Eremin-Solenikov
On 31.05.2017 14:33, Savolainen, Petri (Nokia - FI/Espoo) wrote:
>
>
>> -----Original Message-----
>> From: lng-odp [mailto:lng-odp-bounces@lists.linaro.org] On Behalf Of
>> Github ODP bot
>> Sent: Tuesday, May 23, 2017 1:00 AM
>> To: lng-odp@lists.linaro.org
>> Subject: [lng-odp] [PATCH API-NEXT v2 2/20] test: crypto: explicitly pass
>> AAD to crypto subsystem
>>
>> From: Dmitry Eremin-Solenikov
>>
>> Signed-off-by: Dmitry Eremin-Solenikov
>> ---
>> /** Email created from pull request 34 (lumag:crypto-update-main-new)
>> ** https://github.com/Linaro/odp/pull/34
>> ** Patch: https://github.com/Linaro/odp/pull/34.patch
>> ** Base sha: 826ee894aa0ebd09d42a17e1de077c46bc5b366a
>> ** Merge commit sha: 7c49c61063e2d57f049a5436cf12a3c36710bb34
>> **/
>> .../validation/api/crypto/odp_crypto_test_inp.c | 37
>> ++++++++++++++++++++++
>> 1 file changed, 37 insertions(+)
>>
>> diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
>> b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
>> index 3d09e374..3f57a907 100644
>> --- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
>> +++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
>> @@ -74,6 +74,8 @@ static void alg_test(odp_crypto_op_t op,
>> odp_crypto_key_t auth_key,
>> odp_packet_data_range_t *cipher_range,
>> odp_packet_data_range_t *auth_range,
>> + uint8_t *aad,
>> + uint32_t aad_len,
>> const uint8_t *plaintext,
>> unsigned int plaintext_len,
>> const uint8_t *ciphertext,
>> @@ -240,6 +242,9 @@ static void alg_test(odp_crypto_op_t op,
>> if (op_iv_ptr)
>> op_params.override_iv_ptr = op_iv_ptr;
>>
>> + op_params.aad.ptr = aad;
>> + op_params.aad.length = aad_len;
>> +
>> op_params.hash_result_offset = plaintext_len;
>> if (0 != digest_len) {
>> memcpy(data_addr + op_params.hash_result_offset,
>> @@ -472,6 +477,7 @@ void crypto_test_enc_alg_3des_cbc(void)
>> ODP_AUTH_ALG_NULL,
>> auth_key,
>> NULL, NULL,
>> + NULL, 0,
>> tdes_cbc_reference_plaintext[i],
>> tdes_cbc_reference_length[i],
>> tdes_cbc_reference_ciphertext[i],
>> @@ -508,6 +514,7 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void)
>> ODP_AUTH_ALG_NULL,
>> auth_key,
>> NULL, NULL,
>> + NULL, 0,
>> tdes_cbc_reference_plaintext[i],
>> tdes_cbc_reference_length[i],
>> tdes_cbc_reference_ciphertext[i],
>> @@ -548,6 +555,7 @@ void crypto_test_dec_alg_3des_cbc(void)
>> ODP_AUTH_ALG_NULL,
>> auth_key,
>> NULL, NULL,
>> + NULL, 0,
>> tdes_cbc_reference_ciphertext[i],
>> tdes_cbc_reference_length[i],
>> tdes_cbc_reference_plaintext[i],
>> @@ -586,6 +594,7 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void)
>> ODP_AUTH_ALG_NULL,
>> auth_key,
>> NULL, NULL,
>> + NULL, 0,
>> tdes_cbc_reference_ciphertext[i],
>> tdes_cbc_reference_length[i],
>> tdes_cbc_reference_plaintext[i],
>> @@ -636,6 +645,9 @@ void crypto_test_enc_alg_aes128_gcm(void)
>> &aes128_gcm_cipher_range[i],
>> &aes128_gcm_auth_range[i],
>
> Shouldn't you insert the new parameters in her? Between auth_range and plaintext.
>
>> aes128_gcm_reference_plaintext[i],
>> + aes128_gcm_cipher_range[i].offset -
>> + aes128_gcm_auth_range[i].offset,
>
> Shouldn't this first added param be aad pointer ?
In fact I have reused original test vectors, which come in form of
packet ::= AAD DATA
with auth_range pointing to AAD start and cipher_range pointing to data.
If you think this is counterintuitive, I can split AAD away.
Probably I should do that, as the question arose.
>
>> + aes128_gcm_reference_plaintext[i],
>
> Shouldn't this second added param be aad length ?
>
>
> The same issues are copy-pasted to all aes128 gcm cases.
--
With best wishes
Dmitry
|
lumag
force-pushed
the
crypto-update-main-new
branch
from
951e361 to
ab422d6
Compare
muvarov
changed the title
Codecov Report
@@ Coverage Diff @@
## api-next #34 +/- ##
==============================================
- Coverage 75.979% 75.875% -0.105%
==============================================
Files 171 170 -1
Lines 29192 29165 -27
==============================================
- Hits 22180 22129 -51
- Misses 7012 7036 +24
|
added 2 commits
June 1, 2017 10:03
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
lumag
force-pushed
the
crypto-update-main-new
branch
from
ab422d6 to
d2995e6
Compare
muvarov
changed the title
added 9 commits
June 1, 2017 11:25
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
In addition to truncated digests (used by IPsec) add full-length capabilities to SHA* algos. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
…_digest_len Make AES-GCM use recently introduced aad and auth_digest_len fields. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
There is no need to memcpy IV if it gets passed to EVP functions. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Using single context for all operations is not thread safe: multiple threads can access the same context in parallel, affecting its internal state. Make AES-GCM functions use local context for en/decryption operations. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Rewrite AES-CBC to use generic EVP interface following AES-GCM implementation. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
added 12 commits
June 1, 2017 11:26
Rewrite 3DES-CBC to use generic EVP interface following AES-GCM implementation. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
There is now nearly no difference between AES-CBC and 3DES-CBC code. Merge it into generic 'cipher' support, easing adding support for other ciphers in future. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
If odp_crypto_session_create() failed, there is no point in checking/freeing session, as it might not have been updated. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
There is no point in having separate cases for NULL algorithms. Add capabilities returning 0 key/digest/iv length. Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
lumag
force-pushed
the
crypto-update-main-new
branch
from
d2995e6 to
4c2ebeb
Compare
muvarov
changed the title
Author
|
Merged |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.