[dpdk-dev,v2] crypto/qat: fix authentication offset and length for GMAC
Checks
Commit Message
Authentication length and offset need to be set like for any other
authentication algorithms as it no longer uses aad pointer
Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
v2:
- optimized gcm/gmac logic
drivers/crypto/qat/qat_crypto.c | 54 +++++++++++++++++++++++------------------
1 file changed, 30 insertions(+), 24 deletions(-)
Comments
> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, July 14, 2017 9:49 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Griffin, John <john.griffin@intel.com>;
> Jain, Deepak K <deepak.k.jain@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2] crypto/qat: fix authentication offset and length for
> GMAC
>
> Authentication length and offset need to be set like for any other
> authentication algorithms as it no longer uses aad pointer
>
> Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Applied to dpdk-next-crypto.
Thanks,
Pablo
> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, July 14, 2017 9:49 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> Griffin, John <john.griffin@intel.com>; Jain, Deepak K <deepak.k.jain@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2] crypto/qat: fix authentication offset and length for GMAC
>
> Authentication length and offset need to be set like for any other
> authentication algorithms as it no longer uses aad pointer
>
> Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
@@ -1218,6 +1218,21 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
set_cipher_iv(ctx->auth_iv.length,
ctx->auth_iv.offset,
cipher_param, op, qat_req);
+ auth_ofs = op->sym->auth.data.offset;
+ auth_len = op->sym->auth.data.length;
+
+ auth_param->u1.aad_adr = 0;
+ auth_param->u2.aad_sz = 0;
+
+ /*
+ * If len(iv)==12B fw computes J0
+ */
+ if (ctx->auth_iv.length == 12) {
+ ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
+ qat_req->comn_hdr.serv_specif_flags,
+ ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
+
+ }
} else {
auth_ofs = op->sym->auth.data.offset;
auth_len = op->sym->auth.data.length;
@@ -1230,6 +1245,21 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
}
if (do_aead) {
+ if (ctx->qat_hash_alg ==
+ ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
+ ctx->qat_hash_alg ==
+ ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
+ /*
+ * If len(iv)==12B fw computes J0
+ */
+ if (ctx->cipher_iv.length == 12) {
+ ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
+ qat_req->comn_hdr.serv_specif_flags,
+ ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
+ }
+
+ }
+
cipher_len = op->sym->aead.data.length;
cipher_ofs = op->sym->aead.data.offset;
auth_len = op->sym->aead.data.length;
@@ -1347,30 +1377,6 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
qat_req->comn_mid.dest_data_addr = dst_buf_start;
}
- if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
- ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
- if (ctx->cipher_iv.length == 12 ||
- ctx->auth_iv.length == 12) {
- /*
- * For GCM a 12 byte IV is allowed,
- * but we need to inform the f/w
- */
- ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
- qat_req->comn_hdr.serv_specif_flags,
- ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
- }
- /* GMAC */
- if (!do_aead) {
- qat_req->comn_mid.dst_length =
- qat_req->comn_mid.src_length =
- rte_pktmbuf_data_len(op->sym->m_src);
- auth_param->u1.aad_adr = 0;
- auth_param->auth_len = op->sym->auth.data.length;
- auth_param->auth_off = op->sym->auth.data.offset;
- auth_param->u2.aad_sz = 0;
- }
- }
-
#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
rte_hexdump(stdout, "qat_req:", qat_req,
sizeof(struct icp_qat_fw_la_bulk_req));