crypto: remove software algorithm coupling in cryptodev

Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
makejian 2023-08-09 22:31:15 +08:00 committed by Xiang Xiao
parent 10f32910a9
commit 120aaf27b3
3 changed files with 52 additions and 74 deletions

View file

@ -78,9 +78,9 @@ struct csession
uint32_t ses;
uint32_t cipher;
FAR const struct enc_xform *txform;
uint32_t mac;
FAR const struct auth_hash *thash;
bool txform;
bool thash;
caddr_t key;
int keylen;
@ -167,8 +167,7 @@ FAR struct csession *cseadd(FAR struct fcrypt *, FAR struct csession *);
FAR struct csession *csecreate(FAR struct fcrypt *, uint64_t,
caddr_t, uint64_t,
caddr_t, uint64_t, uint32_t,
uint32_t, FAR const struct enc_xform *,
FAR const struct auth_hash *);
uint32_t, bool, bool);
int csefree(FAR struct csession *);
int cryptodev_op(FAR struct csession *,
@ -206,8 +205,8 @@ static int cryptof_ioctl(FAR struct file *filep,
FAR struct csession *cse;
FAR struct session_op *sop;
FAR struct crypt_op *cop;
FAR const struct enc_xform *txform = NULL;
FAR const struct auth_hash *thash = NULL;
bool txform = false;
bool thash = false;
uint64_t sid;
uint32_t ses;
int error = 0;
@ -221,25 +220,13 @@ static int cryptof_ioctl(FAR struct file *filep,
case 0:
break;
case CRYPTO_3DES_CBC:
txform = &enc_xform_3des;
break;
case CRYPTO_BLF_CBC:
txform = &enc_xform_blf;
break;
case CRYPTO_CAST_CBC:
txform = &enc_xform_cast5;
break;
case CRYPTO_AES_CBC:
txform = &enc_xform_aes;
break;
case CRYPTO_AES_CTR:
txform = &enc_xform_aes_ctr;
break;
case CRYPTO_AES_XTS:
txform = &enc_xform_aes_xts;
break;
case CRYPTO_NULL:
txform = &enc_xform_null;
txform = true;
break;
default:
return -EINVAL;
@ -250,43 +237,19 @@ static int cryptof_ioctl(FAR struct file *filep,
case 0:
break;
case CRYPTO_MD5_HMAC:
thash = &auth_hash_hmac_md5_96;
break;
case CRYPTO_SHA1_HMAC:
thash = &auth_hash_hmac_sha1_96;
break;
case CRYPTO_RIPEMD160_HMAC:
thash = &auth_hash_hmac_ripemd_160_96;
break;
case CRYPTO_SHA2_256_HMAC:
thash = &auth_hash_hmac_sha2_256_128;
break;
case CRYPTO_SHA2_384_HMAC:
thash = &auth_hash_hmac_sha2_384_192;
break;
case CRYPTO_SHA2_512_HMAC:
thash = &auth_hash_hmac_sha2_512_256;
break;
case CRYPTO_AES_128_GMAC:
thash = &auth_hash_gmac_aes_128;
break;
case CRYPTO_MD5:
thash = &auth_hash_md5;
break;
case CRYPTO_SHA1:
thash = &auth_hash_sha1;
break;
case CRYPTO_SHA2_224:
thash = &auth_hash_sha2_224;
break;
case CRYPTO_SHA2_256:
thash = &auth_hash_sha2_256;
break;
case CRYPTO_SHA2_384:
thash = &auth_hash_sha2_384;
break;
case CRYPTO_SHA2_512:
thash = &auth_hash_sha2_512;
thash = true;
break;
default:
return -EINVAL;
@ -297,14 +260,8 @@ static int cryptof_ioctl(FAR struct file *filep,
if (txform)
{
crie.cri_alg = txform->type;
crie.cri_alg = sop->cipher;
crie.cri_klen = sop->keylen * 8;
if (sop->keylen > txform->maxkey ||
sop->keylen < txform->minkey)
{
error = -EINVAL;
goto bail;
}
crie.cri_key = kmm_malloc(crie.cri_klen / 8);
if (crie.cri_key == NULL)
@ -322,13 +279,8 @@ static int cryptof_ioctl(FAR struct file *filep,
if (thash)
{
cria.cri_alg = thash->type;
cria.cri_alg = sop->mac;
cria.cri_klen = sop->mackeylen * 8;
if (sop->mackeylen > thash->keysize)
{
error = -EINVAL;
goto bail;
}
if (cria.cri_klen)
{
@ -431,7 +383,7 @@ int cryptodev_op(FAR struct csession *cse,
if (cse->txform)
{
if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0)
if (cop->len == 0)
{
return -EINVAL;
}
@ -439,7 +391,7 @@ int cryptodev_op(FAR struct csession *cse,
/* number of requests, not logical and */
crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
crp = crypto_getreq(cse->txform + cse->thash);
if (crp == NULL)
{
error = -ENOMEM;
@ -515,19 +467,7 @@ int cryptodev_op(FAR struct csession *cse,
goto bail;
}
if (!(crde->crd_flags & CRD_F_IV_EXPLICIT))
{
memcpy(cse->tmp_iv, cop->iv, cse->txform->ivsize);
bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->ivsize);
crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
crde->crd_skip = 0;
}
}
else if (crde)
{
crde->crd_flags |= CRD_F_IV_PRESENT;
crde->crd_skip = cse->txform->blocksize;
crde->crd_len -= cse->txform->blocksize;
crp->crp_iv = cop->iv;
}
if (cop->dst)
@ -859,8 +799,7 @@ FAR struct csession *csecreate(FAR struct fcrypt *fcr, uint64_t sid,
caddr_t key, uint64_t keylen,
caddr_t mackey, uint64_t mackeylen,
uint32_t cipher, uint32_t mac,
FAR const struct enc_xform *txform,
FAR const struct auth_hash *thash)
bool txform, bool thash)
{
FAR struct csession *cse;

View file

@ -681,6 +681,13 @@ int swcr_newsession(FAR uint32_t *sid, FAR struct cryptoini *cri)
}
}
if (cri->cri_klen / 8 > txf->maxkey ||
cri->cri_klen / 8 < txf->minkey)
{
swcr_freesession(i);
return -EINVAL;
}
if (txf->setkey((*swd)->sw_kschedule,
(FAR uint8_t *)cri->cri_key,
cri->cri_klen / 8) < 0)
@ -724,6 +731,12 @@ int swcr_newsession(FAR uint32_t *sid, FAR struct cryptoini *cri)
return -ENOBUFS;
}
if (cri->cri_klen / 8 > axf->keysize)
{
swcr_freesession(i);
return -EINVAL;
}
for (k = 0; k < cri->cri_klen / 8; k++)
{
cri->cri_key[k] ^= HMAC_IPAD_VAL;
@ -934,6 +947,7 @@ int swcr_freesession(uint64_t tid)
int swcr_process(struct cryptop *crp)
{
FAR const struct enc_xform *txf;
FAR struct cryptodesc *crd;
FAR struct swcr_data *sw;
uint32_t lid;
@ -996,6 +1010,30 @@ int swcr_process(struct cryptop *crp)
case CRYPTO_RIJNDAEL128_CBC:
case CRYPTO_AES_CTR:
case CRYPTO_AES_XTS:
txf = sw->sw_exf;
if ((crd->crd_len % txf->blocksize) != 0)
{
crp->crp_etype = -EINVAL;
goto done;
}
if (crp->crp_iv)
{
if (!(crd->crd_flags & CRD_F_IV_EXPLICIT))
{
bcopy(crp->crp_iv, crd->crd_iv, txf->ivsize);
crd->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
crd->crd_skip = 0;
}
}
else
{
crd->crd_flags |= CRD_F_IV_PRESENT;
crd->crd_skip = txf->blocksize;
crd->crd_len -= txf->blocksize;
}
if ((crp->crp_etype = swcr_encdec(crp, crd, sw,
crp->crp_buf)) != 0)
{

View file

@ -208,6 +208,7 @@ struct cryptop
caddr_t crp_mac;
caddr_t crp_dst;
caddr_t crp_iv;
};
#define CRYPTO_BUF_IOV 0x1