From patchwork Sun May 28 21:05:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "De Lara Guarch, Pablo" X-Patchwork-Id: 24852 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id A143D7D14; Sun, 28 May 2017 23:05:39 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 434187CDC for ; Sun, 28 May 2017 23:05:27 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2017 14:05:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.38,411,1491289200"; d="scan'208"; a="1135678882" Received: from silpixa00381631.ir.intel.com (HELO silpixa00381631.ger.corp.intel.com) ([10.237.222.122]) by orsmga001.jf.intel.com with ESMTP; 28 May 2017 14:05:24 -0700 From: Pablo de Lara To: declan.doherty@intel.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com, zbigniew.bodek@caviumnetworks.com, jerin.jacob@caviumnetworks.com Cc: dev@dpdk.org, Pablo de Lara Date: Sun, 28 May 2017 22:05:20 +0100 Message-Id: <1496005522-134934-12-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com> References: <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH 11/13] drivers/crypto: do not use AAD in wireless algorithms X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" For wireless algorithms (SNOW3G, KASUMI, ZUC), the IV for the authentication algorithms (F9, UIA2 and EIA3) was taken from the AAD parameter, as there was no IV parameter in the authentication structure, and this was pointing at IV. Now that IV is available for all algorithms, there is need to keep doing this, so AAD is not used for these algorithms anymore. Signed-off-by: Pablo de Lara --- drivers/crypto/kasumi/rte_kasumi_pmd.c | 12 ++++------ drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 12 +++++----- drivers/crypto/qat/qat_crypto_capabilities.h | 36 ++++++++++++++-------------- drivers/crypto/snow3g/rte_snow3g_pmd.c | 13 ++++------ drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 12 +++++----- drivers/crypto/zuc/rte_zuc_pmd.c | 13 ++++------ drivers/crypto/zuc/rte_zuc_pmd_ops.c | 12 +++++----- lib/librte_cryptodev/rte_crypto_sym.h | 4 +--- 8 files changed, 51 insertions(+), 63 deletions(-) diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c index 056682b..57faa7a 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c @@ -251,6 +251,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, unsigned i; uint8_t processed_ops = 0; uint8_t *src, *dst; + uint8_t *IV_ptr; uint32_t length_in_bits; uint32_t num_bytes; uint32_t shift_bits; @@ -258,12 +259,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, uint8_t direction; for (i = 0; i < num_ops; i++) { - if (unlikely(ops[i]->sym->auth.aad.length != KASUMI_IV_LENGTH)) { - ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; - KASUMI_LOG_ERR("aad"); - break; - } - /* Data must be byte aligned */ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; @@ -275,8 +270,9 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); - /* IV from AAD */ - IV = *((uint64_t *)(ops[i]->sym->auth.aad.data)); + IV_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *, + session->iv_offset); + IV = *((uint64_t *)(IV_ptr)); /* Direction from next bit after end of message */ num_bytes = (length_in_bits >> 3) + 1; shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN; diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c index 3f587f5..c44c107 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c @@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = { .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, - .iv_size = { 0 }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + }, {.auth = { .algo = RTE_CRYPTO_AUTH_KASUMI_F9, .block_size = 8, @@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = { .max = 4, .increment = 0 }, - .aad_size = { - .min = 8, - .max = 8, - .increment = 0 - } + .aad_size = { 0 } }, } }, } }, diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h index 11f3687..56c0536 100644 --- a/drivers/crypto/qat/qat_crypto_capabilities.h +++ b/drivers/crypto/qat/qat_crypto_capabilities.h @@ -245,7 +245,11 @@ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ {.sym = { \ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \ - .iv_size = { 0 }, \ + .iv_size = { \ + .min = 16, \ + .max = 16, \ + .increment = 0 \ + }, \ {.auth = { \ .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, \ .block_size = 16, \ @@ -259,11 +263,7 @@ .max = 4, \ .increment = 0 \ }, \ - .aad_size = { \ - .min = 16, \ - .max = 16, \ - .increment = 0 \ - } \ + .aad_size = { 0 } \ }, } \ }, } \ }, \ @@ -429,7 +429,11 @@ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ {.sym = { \ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \ - .iv_size = { 0 }, \ + .iv_size = { \ + .min = 8, \ + .max = 8, \ + .increment = 0 \ + }, \ {.auth = { \ .algo = RTE_CRYPTO_AUTH_KASUMI_F9, \ .block_size = 8, \ @@ -443,11 +447,7 @@ .max = 4, \ .increment = 0 \ }, \ - .aad_size = { \ - .min = 8, \ - .max = 8, \ - .increment = 0 \ - } \ + .aad_size = { 0 } \ }, } \ }, } \ }, \ @@ -557,7 +557,11 @@ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ {.sym = { \ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \ - .iv_size = { 0 }, \ + .iv_size = { \ + .min = 16, \ + .max = 16, \ + .increment = 0 \ + }, \ {.auth = { \ .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, \ .block_size = 16, \ @@ -571,11 +575,7 @@ .max = 4, \ .increment = 0 \ }, \ - .aad_size = { \ - .min = 16, \ - .max = 16, \ - .increment = 0 \ - } \ + .aad_size = { 0 } \ }, } \ }, } \ } diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c index 30b9172..01e8d89 100644 --- a/drivers/crypto/snow3g/rte_snow3g_pmd.c +++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c @@ -247,14 +247,9 @@ process_snow3g_hash_op(struct rte_crypto_op **ops, uint8_t processed_ops = 0; uint8_t *src, *dst; uint32_t length_in_bits; + uint8_t *IV; for (i = 0; i < num_ops; i++) { - if (unlikely(ops[i]->sym->auth.aad.length != SNOW3G_IV_LENGTH)) { - ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; - SNOW3G_LOG_ERR("aad"); - break; - } - /* Data must be byte aligned */ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; @@ -266,13 +261,15 @@ process_snow3g_hash_op(struct rte_crypto_op **ops, src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); + IV = rte_crypto_op_ctod_offset(ops[i], uint8_t *, + session->iv_offset); if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src, SNOW3G_DIGEST_LENGTH); sso_snow3g_f9_1_buffer(&session->pKeySched_hash, - ops[i]->sym->auth.aad.data, src, + IV, src, length_in_bits, dst); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, @@ -286,7 +283,7 @@ process_snow3g_hash_op(struct rte_crypto_op **ops, dst = ops[i]->sym->auth.digest.data; sso_snow3g_f9_1_buffer(&session->pKeySched_hash, - ops[i]->sym->auth.aad.data, src, + IV, src, length_in_bits, dst); } processed_ops++; diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c index a0f1488..86c229a 100644 --- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c +++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c @@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = { .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, - .iv_size = { 0 }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, {.auth = { .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, .block_size = 16, @@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = { .max = 4, .increment = 0 }, - .aad_size = { - .min = 16, - .max = 16, - .increment = 0 - } + .aad_size = { 0 } }, } }, } }, diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 266882b..510cf26 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -244,14 +244,9 @@ process_zuc_hash_op(struct rte_crypto_op **ops, uint8_t *src; uint32_t *dst; uint32_t length_in_bits; + uint8_t *IV; for (i = 0; i < num_ops; i++) { - if (unlikely(ops[i]->sym->auth.aad.length != ZUC_IV_KEY_LENGTH)) { - ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; - ZUC_LOG_ERR("aad"); - break; - } - /* Data must be byte aligned */ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; @@ -263,13 +258,15 @@ process_zuc_hash_op(struct rte_crypto_op **ops, src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); + IV = rte_crypto_op_ctod_offset(ops[i], uint8_t *, + session->iv_offset); if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src, ZUC_DIGEST_LENGTH); sso_zuc_eia3_1_buffer(session->pKey_hash, - ops[i]->sym->auth.aad.data, src, + IV, src, length_in_bits, dst); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, @@ -283,7 +280,7 @@ process_zuc_hash_op(struct rte_crypto_op **ops, dst = (uint32_t *)ops[i]->sym->auth.digest.data; sso_zuc_eia3_1_buffer(session->pKey_hash, - ops[i]->sym->auth.aad.data, src, + IV, src, length_in_bits, dst); } processed_ops++; diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c index 4804bd1..271560d 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c +++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c @@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = { .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, - .iv_size = { 0 }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, {.auth = { .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, .block_size = 16, @@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = { .max = 4, .increment = 0 }, - .aad_size = { - .min = 16, - .max = 16, - .increment = 0 - } + .aad_size = { 0 } }, } }, } }, diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 9309a08..55e4a27 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -560,9 +560,7 @@ struct rte_crypto_sym_op { uint8_t *data; /**< Pointer to Additional Authenticated Data (AAD) * needed for authenticated cipher mechanisms (CCM and - * GCM), and to the IV for SNOW 3G authentication - * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other - * authentication mechanisms this pointer is ignored. + * GCM). * * The length of the data pointed to by this field is * set up for the session in the @ref