From patchwork Wed Jun 21 07:47:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "De Lara Guarch, Pablo" X-Patchwork-Id: 25593 Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id EAD297D7F; Wed, 21 Jun 2017 17:47:57 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id A875F7CE4 for ; Wed, 21 Jun 2017 17:47:33 +0200 (CEST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jun 2017 08:47:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.39,369,1493708400"; d="scan'208";a="100153543" Received: from silpixa00399464.ir.intel.com (HELO silpixa00399464.ger.corp.intel.com) ([10.237.222.157]) by orsmga004.jf.intel.com with ESMTP; 21 Jun 2017 08:47:32 -0700 From: Pablo de Lara To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org Date: Wed, 21 Jun 2017 08:47:25 +0100 Message-Id: <20170621074731.45013-16-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.9.4 In-Reply-To: <20170621074731.45013-1-pablo.de.lara.guarch@intel.com> References: <20170621074731.45013-1-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH 16/22] cryptodev: remove AAD length from crypto op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Additional authenticated data (AAD) information was duplicated in the authentication transform and in the crypto operation structures. Since AAD length is not meant to be changed in a same session, it is removed from the crypto operation structure. Signed-off-by: Pablo de Lara --- app/test-crypto-perf/cperf_ops.c | 3 --- drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 6 +++-- drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 2 ++ drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++- drivers/crypto/openssl/rte_openssl_pmd_private.h | 3 +++ drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 1 + drivers/crypto/qat/qat_crypto.c | 4 +-- examples/ipsec-secgw/esp.c | 2 -- examples/l2fwd-crypto/main.c | 4 --- lib/librte_cryptodev/rte_crypto_sym.h | 6 +---- test/test/test_cryptodev.c | 10 +++----- test/test/test_cryptodev_perf.c | 31 +++++++++++++----------- 12 files changed, 36 insertions(+), 40 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 6c06ce5..6af7694 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -180,7 +180,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops, sym_op->auth.digest.length = options->auth_digest_sz; sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; sym_op->auth.aad.data = test_vector->aad.data; - sym_op->auth.aad.length = options->auth_aad_sz; } @@ -269,7 +268,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops, sym_op->auth.digest.length = options->auth_digest_sz; sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; sym_op->auth.aad.data = test_vector->aad.data; - sym_op->auth.aad.length = options->auth_aad_sz; } if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 || @@ -314,7 +312,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *); sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]); - sym_op->auth.aad.length = options->auth_aad_sz; /* authentication parameters */ if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c index 65e074a..d2346a1 100644 --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c @@ -144,6 +144,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess, return -EINVAL; } + sess->aad_length = auth_xform->auth.add_auth_data_length; + return 0; } @@ -254,7 +256,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op, aesni_gcm_enc[session->key].init(&session->gdata, IV_ptr, sym_op->auth.aad.data, - (uint64_t)sym_op->auth.aad.length); + (uint64_t)session->aad_length); aesni_gcm_enc[session->key].update(&session->gdata, dst, src, (uint64_t)part_len); @@ -292,7 +294,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op, aesni_gcm_dec[session->key].init(&session->gdata, IV_ptr, sym_op->auth.aad.data, - (uint64_t)sym_op->auth.aad.length); + (uint64_t)session->aad_length); aesni_gcm_dec[session->key].update(&session->gdata, dst, src, (uint64_t)part_len); diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h index 2ed96f8..bfd4d1c 100644 --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h @@ -99,6 +99,8 @@ struct aesni_gcm_session { /**< GCM operation type */ enum aesni_gcm_key key; /**< GCM key type */ + uint16_t aad_length; + /**< AAD length */ struct gcm_data gdata __rte_cache_aligned; /**< GCM parameters */ }; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 20b8881..8808013 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -369,6 +369,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, return -EINVAL; } + sess->auth.aad_length = xform->auth.add_auth_data_length; + return 0; } @@ -933,7 +935,7 @@ process_openssl_combined_op sess->iv.offset); ivlen = sess->iv.length; aad = op->sym->auth.aad.data; - aadlen = op->sym->auth.aad.length; + aadlen = sess->auth.aad_length; tag = op->sym->auth.digest.data; if (tag == NULL) diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 3a64853..045e532 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -162,6 +162,9 @@ struct openssl_session { /**< pointer to EVP context structure */ } hmac; }; + + uint16_t aad_length; + /**< AAD length */ } auth; } __rte_cache_aligned; diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c index 5bf9c86..4df57aa 100644 --- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c +++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c @@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc, ICP_QAT_HW_GALOIS_128_STATE1_SZ + ICP_QAT_HW_GALOIS_H_SZ); *aad_len = rte_bswap32(add_auth_data_length); + cdesc->aad_len = add_auth_data_length; break; case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2: qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G; diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index 1206839..eb19f1c 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -1197,7 +1197,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, cipher_param->cipher_length = 0; cipher_param->cipher_offset = 0; auth_param->u1.aad_adr = 0; - auth_param->auth_len = op->sym->auth.aad.length; + auth_param->auth_len = ctx->aad_len; auth_param->auth_off = op->sym->auth.data.offset; auth_param->u2.aad_sz = 0; } @@ -1224,7 +1224,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, rte_hexdump(stdout, "digest:", op->sym->auth.digest.data, op->sym->auth.digest.length); rte_hexdump(stdout, "aad:", op->sym->auth.aad.data, - op->sym->auth.aad.length); + ctx->aad_len); } #endif return 0; diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index 2919ab7..36d4704 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, sym_cop->auth.aad.data = aad; sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m, aad - rte_pktmbuf_mtod(m, uint8_t *)); - sym_cop->auth.aad.length = 8; break; default: RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n", @@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, sym_cop->auth.aad.data = aad; sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m, aad - rte_pktmbuf_mtod(m, uint8_t *)); - sym_cop->auth.aad.length = 8; break; default: RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n", diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index 6c21c0e..ac60054 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -495,11 +495,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m, if (cparams->aad.length) { op->sym->auth.aad.data = cparams->aad.data; op->sym->auth.aad.phys_addr = cparams->aad.phys_addr; - op->sym->auth.aad.length = cparams->aad.length; } else { op->sym->auth.aad.data = NULL; op->sym->auth.aad.phys_addr = 0; - op->sym->auth.aad.length = 0; } } @@ -707,8 +705,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options) options->auth_xform.auth.digest_length; if (options->auth_xform.auth.add_auth_data_length) { port_cparams[i].aad.data = options->aad.data; - port_cparams[i].aad.length = - options->auth_xform.auth.add_auth_data_length; port_cparams[i].aad.phys_addr = options->aad.phys_addr; if (!options->aad_param) generate_random_key(port_cparams[i].aad.data, diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 4a5e2dc..da63f0a 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -365,7 +365,7 @@ struct rte_crypto_auth_xform { * the result shall be truncated. */ - uint32_t add_auth_data_length; + uint16_t add_auth_data_length; /**< The length of the additional authenticated data (AAD) in bytes. * The maximum permitted value is 65535 (2^16 - 1) bytes, unless * otherwise specified below. @@ -653,10 +653,6 @@ struct rte_crypto_sym_op { * operation, this field is used to pass plaintext. */ phys_addr_t phys_addr; /**< physical address */ - uint16_t length; - /**< Length of additional authenticated data (AAD) - * in bytes - */ } aad; /**< Additional authentication parameters */ } auth; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 866d0d7..5b1b543 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -4638,7 +4638,7 @@ test_3DES_cipheronly_openssl_all(void) static int create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op, const uint8_t *key, const uint8_t key_len, - const uint8_t aad_len, const uint8_t auth_len, + const uint16_t aad_len, const uint8_t auth_len, uint8_t iv_len, enum rte_crypto_auth_operation auth_op) { @@ -4752,12 +4752,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op, TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append aad"); - sym_op->auth.aad.length = tdata->aad.len; sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf); memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len); TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, - sym_op->auth.aad.length); + tdata->aad.len); /* Append IV at the end of the crypto operation*/ uint8_t *IV_ptr = rte_crypto_op_ctod_offset(ut_params->op, @@ -6316,7 +6315,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op, TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append aad"); - sym_op->auth.aad.length = tdata->aad.len; sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf); memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len); @@ -6381,7 +6379,7 @@ static int create_gmac_session(uint8_t dev_id, ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC; ut_params->auth_xform.auth.op = auth_op; ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len; - ut_params->auth_xform.auth.add_auth_data_length = 0; + ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len; ut_params->auth_xform.auth.key.length = 0; ut_params->auth_xform.auth.key.data = NULL; @@ -6861,7 +6859,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params, TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len); sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf); - sym_op->auth.aad.length = reference->aad.len; /* digest */ sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append( @@ -7195,7 +7192,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op, "no room to prepend aad"); sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys( ut_params->ibuf); - sym_op->auth.aad.length = aad_len; memset(sym_op->auth.aad.data, 0, aad_len); rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len); diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c index da0f8a8..3844148 100644 --- a/test/test/test_cryptodev_perf.c +++ b/test/test/test_cryptodev_perf.c @@ -45,6 +45,7 @@ #define AES_CIPHER_IV_LENGTH 16 #define TRIPLE_DES_CIPHER_IV_LENGTH 8 +#define AES_GCM_AAD_LENGTH 16 #define PERF_NUM_OPS_INFLIGHT (128) #define DEFAULT_NUM_REQS_TO_SUBMIT (10000000) @@ -70,7 +71,6 @@ enum chain_mode { struct symmetric_op { const uint8_t *aad_data; - uint32_t aad_len; const uint8_t *p_data; uint32_t p_len; @@ -97,6 +97,7 @@ struct symmetric_session_attrs { const uint8_t *iv_data; uint16_t iv_len; + uint16_t aad_len; uint32_t digest_len; }; @@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain, break; case RTE_CRYPTO_AUTH_AES_GCM: auth_xform.auth.key.data = NULL; + auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH; break; default: return NULL; @@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain, } } -#define AES_GCM_AAD_LENGTH 16 - static struct rte_mbuf * test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz) { @@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m, op->sym->auth.digest.phys_addr = 0; op->sym->auth.digest.length = 0; op->sym->auth.aad.data = NULL; - op->sym->auth.aad.length = 0; op->sym->auth.data.offset = 0; op->sym->auth.data.length = 0; } else { @@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m, rte_pktmbuf_mtophys_offset(m, data_len); op->sym->auth.digest.length = digest_len; op->sym->auth.aad.data = aes_gcm_aad; - op->sym->auth.aad.length = AES_GCM_AAD_LENGTH; /* Copy IV at the end of the crypto operation */ rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET), @@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op, rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET), snow3g_iv, SNOW3G_CIPHER_IV_LENGTH); + /* Cipher Parameters */ op->sym->cipher.data.offset = 0; op->sym->cipher.data.length = data_len << 3; + rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET), + snow3g_iv, + SNOW3G_CIPHER_IV_LENGTH); + op->sym->m_src = m; return op; @@ -4133,6 +4136,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams) auth_xform.auth.op = pparams->session_attrs->auth; auth_xform.auth.algo = pparams->session_attrs->auth_algorithm; + auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len; auth_xform.auth.digest_length = pparams->session_attrs->digest_len; auth_xform.auth.key.length = pparams->session_attrs->key_auth_len; @@ -4168,17 +4172,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m, op->sym->auth.digest.data = m_hlp->digest; op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( m, - params->symmetric_op->aad_len + + params->session_attrs->aad_len + params->symmetric_op->p_len); op->sym->auth.digest.length = params->symmetric_op->t_len; op->sym->auth.aad.data = m_hlp->aad; - op->sym->auth.aad.length = params->symmetric_op->aad_len; op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m); rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data, - params->symmetric_op->aad_len); + params->session_attrs->aad_len); rte_memcpy(IV_ptr, params->session_attrs->iv_data, params->session_attrs->iv_len); @@ -4186,11 +4189,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m, IV_ptr[15] = 1; op->sym->auth.data.offset = - params->symmetric_op->aad_len; + params->session_attrs->aad_len; op->sym->auth.data.length = params->symmetric_op->p_len; op->sym->cipher.data.offset = - params->symmetric_op->aad_len; + params->session_attrs->aad_len; op->sym->cipher.data.length = params->symmetric_op->p_len; op->sym->m_src = m; @@ -4204,7 +4207,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool, unsigned buf_sz, struct crypto_params *m_hlp) { struct rte_mbuf *m = rte_pktmbuf_alloc(mpool); - uint16_t aad_len = params->symmetric_op->aad_len; + uint16_t aad_len = params->session_attrs->aad_len; uint16_t digest_size = params->symmetric_op->t_len; char *p; @@ -4340,14 +4343,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id, TEST_ASSERT_BUFFERS_ARE_EQUAL( pparams->symmetric_op->c_data, pkt + - pparams->symmetric_op->aad_len, + pparams->session_attrs->aad_len, pparams->symmetric_op->c_len, "GCM Ciphertext data not as expected"); TEST_ASSERT_BUFFERS_ARE_EQUAL( pparams->symmetric_op->t_data, pkt + - pparams->symmetric_op->aad_len + + pparams->session_attrs->aad_len + pparams->symmetric_op->c_len, pparams->symmetric_op->t_len, "GCM MAC data not as expected"); @@ -4419,13 +4422,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size) RTE_CRYPTO_AUTH_OP_GENERATE; session_attrs[i].key_auth_data = NULL; session_attrs[i].key_auth_len = 0; + session_attrs[i].aad_len = gcm_test->aad.len; session_attrs[i].digest_len = gcm_test->auth_tag.len; session_attrs[i].iv_len = gcm_test->iv.len; session_attrs[i].iv_data = gcm_test->iv.data; ops_set[i].aad_data = gcm_test->aad.data; - ops_set[i].aad_len = gcm_test->aad.len; ops_set[i].p_data = gcm_test->plaintext.data; ops_set[i].p_len = buf_lengths[i]; ops_set[i].c_data = gcm_test->ciphertext.data;