diff options
| author | Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> | 2017-06-01 12:03:28 +0300 |
|---|---|---|
| committer | Maxim Uvarov <maxim.uvarov@linaro.org> | 2017-06-16 17:01:10 +0300 |
| commit | c3d3787ae527291e969a60bc54dd4e2ab220251d (patch) | |
| tree | ed3aaaea3893275b1d7be3f6a87eb0dea16f7584 /platform/linux-generic | |
| parent | 14df663ba9534101305ea4f5201fc2a5e55a974f (diff) | |
linux-generic: crypto: rewrite 3DES-CBC support using EVP functions
Rewrite 3DES-CBC to use generic EVP interface following AES-GCM
implementation.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Reviewed-by: Petri Savolainen <petri.savolainen@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Diffstat (limited to 'platform/linux-generic')
| -rw-r--r-- | platform/linux-generic/include/odp_crypto_internal.h | 5 | ||||
| -rw-r--r-- | platform/linux-generic/odp_crypto.c | 78 |
2 files changed, 35 insertions, 48 deletions
diff --git a/platform/linux-generic/include/odp_crypto_internal.h b/platform/linux-generic/include/odp_crypto_internal.h index d6fd04003..f4f1948f8 100644 --- a/platform/linux-generic/include/odp_crypto_internal.h +++ b/platform/linux-generic/include/odp_crypto_internal.h @@ -11,7 +11,6 @@ extern "C" { #endif -#include <openssl/des.h> #include <openssl/evp.h> #define MAX_IV_LEN 64 @@ -44,9 +43,7 @@ struct odp_crypto_generic_session { union { struct { - DES_key_schedule ks1; - DES_key_schedule ks2; - DES_key_schedule ks3; + uint8_t key[EVP_MAX_KEY_LENGTH]; } des; struct { uint8_t key[EVP_MAX_KEY_LENGTH]; diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index f503bd983..bff712d18 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -387,10 +387,11 @@ static odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - DES_cblock iv; + uint32_t plain_len = param->cipher_range.length; void *iv_ptr; + int cipher_len = 0; if (param->override_iv_ptr) iv_ptr = param->override_iv_ptr; @@ -399,24 +400,21 @@ odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID; - /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv, iv_ptr, sizeof(iv)); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; + /* Encrypt it */ - DES_ede3_cbc_encrypt(data, - data, - len, - &session->cipher.data.des.ks1, - &session->cipher.data.des.ks2, - &session->cipher.data.des.ks3, - &iv, - 1); + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, + session->cipher.data.des.key, NULL); + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len); + + EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len); + + EVP_CIPHER_CTX_cleanup(ctx); return ODP_CRYPTO_ALG_ERR_NONE; } @@ -425,9 +423,10 @@ static odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, odp_crypto_generic_session_t *session) { + EVP_CIPHER_CTX *ctx; uint8_t *data = odp_packet_data(param->out_pkt); - uint32_t len = param->cipher_range.length; - DES_cblock iv; + uint32_t cipher_len = param->cipher_range.length; + int plain_len = 0; void *iv_ptr; if (param->override_iv_ptr) @@ -437,25 +436,21 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param, else return ODP_CRYPTO_ALG_ERR_IV_INVALID; - /* - * Create a copy of the IV. The DES library modifies IV - * and if we are processing packets on parallel threads - * we could get corruption. - */ - memcpy(iv, iv_ptr, sizeof(iv)); - - /* Adjust pointer for beginning of area to cipher */ + /* Adjust pointer for beginning of area to cipher/auth */ data += param->cipher_range.offset; /* Decrypt it */ - DES_ede3_cbc_encrypt(data, - data, - len, - &session->cipher.data.des.ks1, - &session->cipher.data.des.ks2, - &session->cipher.data.des.ks3, - &iv, - 0); + ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, + session->cipher.data.des.key, NULL); + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr); + EVP_CIPHER_CTX_set_padding(ctx, 0); + + EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len); + + EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len); + + EVP_CIPHER_CTX_cleanup(ctx); return ODP_CRYPTO_ALG_ERR_NONE; } @@ -466,20 +461,15 @@ static int process_des_param(odp_crypto_generic_session_t *session) if (!((0 == session->p.iv.length) || (8 == session->p.iv.length))) return -1; + memcpy(session->cipher.data.des.key, session->p.cipher_key.data, + session->p.cipher_key.length); + /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->cipher.func = des_encrypt; else session->cipher.func = des_decrypt; - /* Convert keys */ - DES_set_key((DES_cblock *)&session->p.cipher_key.data[0], - &session->cipher.data.des.ks1); - DES_set_key((DES_cblock *)&session->p.cipher_key.data[8], - &session->cipher.data.des.ks2); - DES_set_key((DES_cblock *)&session->p.cipher_key.data[16], - &session->cipher.data.des.ks3); - return 0; } |