From: Pablo de Lara Date: Sun, 2 Jul 2017 05:41:17 +0000 (+0100) Subject: cryptodev: remove AAD length from crypto op X-Git-Tag: spdx-start~2683 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=12a4aaf1df41669caf25151d2495cc48341e3e9a;p=dpdk.git cryptodev: remove AAD length from crypto op Additional authenticated data (AAD) information was duplicated in the authentication transform and in the crypto operation structures. Since AAD length is not meant to be changed in a same session, it is removed from the crypto operation structure. Signed-off-by: Pablo de Lara Acked-by: Declan Doherty Acked-by: Akhil Goyal Acked-by: Fiona Trahe --- diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 60d55a0506..9405cefdd5 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -186,7 +186,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops, sym_op->auth.digest.length = options->auth_digest_sz; sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; sym_op->auth.aad.data = test_vector->aad.data; - sym_op->auth.aad.length = options->auth_aad_sz; } @@ -272,7 +271,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops, sym_op->auth.digest.length = options->auth_digest_sz; sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; sym_op->auth.aad.data = test_vector->aad.data; - sym_op->auth.aad.length = options->auth_aad_sz; } if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 || @@ -333,7 +331,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *); sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]); - sym_op->auth.aad.length = options->auth_aad_sz; /* authentication parameters */ if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst index 68890ffb76..ea8fc00d63 100644 --- a/doc/guides/prog_guide/cryptodev_lib.rst +++ b/doc/guides/prog_guide/cryptodev_lib.rst @@ -553,7 +553,6 @@ chain. struct { uint8_t *data; phys_addr_t phys_addr; - uint16_t length; } aad; /**< Additional authentication parameters */ } auth; } diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst index 561d464509..b0e9461441 100644 --- a/doc/guides/rel_notes/release_17_08.rst +++ b/doc/guides/rel_notes/release_17_08.rst @@ -93,6 +93,7 @@ New Features * Replaced pointer and physical address of IV with offset from the start of the crypto operation. * Moved length and offset of cipher IV to ``rte_crypto_cipher_xform``. + * Removed Additional Authentication Data (AAD) length. * **Reorganized the crypto operation structure.** @@ -199,6 +200,7 @@ ABI Changes * **Reorganized the ``rte_crypto_sym_auth_xform`` structure.** * Added authentication IV length and offset parameters. + * Changed field size of AAD length from uint32_t to uint16_t. Shared Library Versions diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c index f7758291f9..76c5b4d59c 100644 --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c @@ -145,6 +145,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess, return -EINVAL; } + sess->aad_length = auth_xform->auth.add_auth_data_length; + return 0; } @@ -255,7 +257,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op, aesni_gcm_enc[session->key].init(&session->gdata, iv_ptr, sym_op->auth.aad.data, - (uint64_t)sym_op->auth.aad.length); + (uint64_t)session->aad_length); aesni_gcm_enc[session->key].update(&session->gdata, dst, src, (uint64_t)part_len); @@ -293,7 +295,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op, aesni_gcm_dec[session->key].init(&session->gdata, iv_ptr, sym_op->auth.aad.data, - (uint64_t)sym_op->auth.aad.length); + (uint64_t)session->aad_length); aesni_gcm_dec[session->key].update(&session->gdata, dst, src, (uint64_t)part_len); diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h index 2ed96f8a33..b482d7456d 100644 --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h @@ -1,7 +1,7 @@ /*- * BSD LICENSE * - * Copyright(c) 2016 Intel Corporation. All rights reserved. + * Copyright(c) 2016-2017 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -95,6 +95,8 @@ struct aesni_gcm_session { uint16_t offset; } iv; /**< IV parameters */ + uint16_t aad_length; + /**< AAD length */ enum aesni_gcm_operation op; /**< GCM operation type */ enum aesni_gcm_key key; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 59d6915b8e..615763c006 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -370,6 +370,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, return -EINVAL; } + sess->auth.aad_length = xform->auth.add_auth_data_length; + return 0; } @@ -934,7 +936,7 @@ process_openssl_combined_op sess->iv.offset); ivlen = sess->iv.length; aad = op->sym->auth.aad.data; - aadlen = op->sym->auth.aad.length; + aadlen = sess->auth.aad_length; tag = op->sym->auth.digest.data; if (tag == NULL) diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 3a64853e1e..fa8cabc6f2 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -1,7 +1,7 @@ /*- * BSD LICENSE * - * Copyright(c) 2016 Intel Corporation. All rights reserved. + * Copyright(c) 2016-2017 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -162,6 +162,9 @@ struct openssl_session { /**< pointer to EVP context structure */ } hmac; }; + + uint16_t aad_length; + /**< AAD length */ } auth; } __rte_cache_aligned; diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c index 010b51e75e..596d8563b3 100644 --- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c +++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c @@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc, ICP_QAT_HW_GALOIS_128_STATE1_SZ + ICP_QAT_HW_GALOIS_H_SZ); *aad_len = rte_bswap32(add_auth_data_length); + cdesc->aad_len = add_auth_data_length; break; case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2: qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G; diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index 7a83eb20ff..2440846eed 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -1175,7 +1175,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, cipher_param->cipher_length = 0; cipher_param->cipher_offset = 0; auth_param->u1.aad_adr = 0; - auth_param->auth_len = op->sym->auth.aad.length; + auth_param->auth_len = ctx->aad_len; auth_param->auth_off = op->sym->auth.data.offset; auth_param->u2.aad_sz = 0; } @@ -1202,7 +1202,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, rte_hexdump(stdout, "digest:", op->sym->auth.digest.data, op->sym->auth.digest.length); rte_hexdump(stdout, "aad:", op->sym->auth.aad.data, - op->sym->auth.aad.length); + ctx->aad_len); } #endif return 0; diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index ead4071efa..a5f43a2001 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, sym_cop->auth.aad.data = aad; sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m, aad - rte_pktmbuf_mtod(m, uint8_t *)); - sym_cop->auth.aad.length = 8; break; default: RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n", @@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, sym_cop->auth.aad.data = aad; sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m, aad - rte_pktmbuf_mtod(m, uint8_t *)); - sym_cop->auth.aad.length = 8; break; default: RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n", diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index 8da8dbd2d9..776595d427 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -497,11 +497,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m, if (cparams->aad.length) { op->sym->auth.aad.data = cparams->aad.data; op->sym->auth.aad.phys_addr = cparams->aad.phys_addr; - op->sym->auth.aad.length = cparams->aad.length; } else { op->sym->auth.aad.data = NULL; op->sym->auth.aad.phys_addr = 0; - op->sym->auth.aad.length = 0; } } @@ -709,8 +707,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options) options->auth_xform.auth.digest_length; if (options->auth_xform.auth.add_auth_data_length) { port_cparams[i].aad.data = options->aad.data; - port_cparams[i].aad.length = - options->auth_xform.auth.add_auth_data_length; port_cparams[i].aad.phys_addr = options->aad.phys_addr; if (!options->aad_param) generate_random_key(port_cparams[i].aad.data, diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 56ef0c1136..1730b4bfce 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -365,7 +365,7 @@ struct rte_crypto_auth_xform { * the result shall be truncated. */ - uint32_t add_auth_data_length; + uint16_t add_auth_data_length; /**< The length of the additional authenticated data (AAD) in bytes. * The maximum permitted value is 65535 (2^16 - 1) bytes, unless * otherwise specified below. @@ -653,10 +653,6 @@ struct rte_crypto_sym_op { * operation, this field is used to pass plaintext. */ phys_addr_t phys_addr; /**< physical address */ - uint16_t length; - /**< Length of additional authenticated data (AAD) - * in bytes - */ } aad; /**< Additional authentication parameters */ } auth; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index b2026fbd28..204933a77a 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -4638,7 +4638,7 @@ test_3DES_cipheronly_openssl_all(void) static int create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op, const uint8_t *key, const uint8_t key_len, - const uint8_t aad_len, const uint8_t auth_len, + const uint16_t aad_len, const uint8_t auth_len, uint8_t iv_len, enum rte_crypto_auth_operation auth_op) { @@ -4752,12 +4752,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op, TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append aad"); - sym_op->auth.aad.length = tdata->aad.len; sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf); memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len); TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data, - sym_op->auth.aad.length); + tdata->aad.len); /* Append IV at the end of the crypto operation*/ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, @@ -6316,7 +6315,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op, TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data, "no room to append aad"); - sym_op->auth.aad.length = tdata->aad.len; sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf); memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len); @@ -6381,7 +6379,7 @@ static int create_gmac_session(uint8_t dev_id, ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC; ut_params->auth_xform.auth.op = auth_op; ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len; - ut_params->auth_xform.auth.add_auth_data_length = 0; + ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len; ut_params->auth_xform.auth.key.length = 0; ut_params->auth_xform.auth.key.data = NULL; @@ -6861,7 +6859,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params, TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len); sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf); - sym_op->auth.aad.length = reference->aad.len; /* digest */ sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append( @@ -7195,7 +7192,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op, "no room to prepend aad"); sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys( ut_params->ibuf); - sym_op->auth.aad.length = aad_len; memset(sym_op->auth.aad.data, 0, aad_len); rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len); diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c index 8805507a59..137983047a 100644 --- a/test/test/test_cryptodev_perf.c +++ b/test/test/test_cryptodev_perf.c @@ -45,6 +45,7 @@ #define AES_CIPHER_IV_LENGTH 16 #define TRIPLE_DES_CIPHER_IV_LENGTH 8 +#define AES_GCM_AAD_LENGTH 16 #define PERF_NUM_OPS_INFLIGHT (128) #define DEFAULT_NUM_REQS_TO_SUBMIT (10000000) @@ -70,7 +71,6 @@ enum chain_mode { struct symmetric_op { const uint8_t *aad_data; - uint32_t aad_len; const uint8_t *p_data; uint32_t p_len; @@ -97,6 +97,7 @@ struct symmetric_session_attrs { const uint8_t *iv_data; uint16_t iv_len; + uint16_t aad_len; uint32_t digest_len; }; @@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain, break; case RTE_CRYPTO_AUTH_AES_GCM: auth_xform.auth.key.data = NULL; + auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH; break; default: return NULL; @@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain, } } -#define AES_GCM_AAD_LENGTH 16 - static struct rte_mbuf * test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz) { @@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m, op->sym->auth.digest.phys_addr = 0; op->sym->auth.digest.length = 0; op->sym->auth.aad.data = NULL; - op->sym->auth.aad.length = 0; op->sym->auth.data.offset = 0; op->sym->auth.data.length = 0; } else { @@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m, rte_pktmbuf_mtophys_offset(m, data_len); op->sym->auth.digest.length = digest_len; op->sym->auth.aad.data = aes_gcm_aad; - op->sym->auth.aad.length = AES_GCM_AAD_LENGTH; /* Copy IV at the end of the crypto operation */ rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET), @@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op, rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET), snow3g_iv, SNOW3G_CIPHER_IV_LENGTH); + /* Cipher Parameters */ op->sym->cipher.data.offset = 0; op->sym->cipher.data.length = data_len << 3; + rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET), + snow3g_iv, + SNOW3G_CIPHER_IV_LENGTH); + op->sym->m_src = m; return op; @@ -4137,6 +4140,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams) auth_xform.auth.op = pparams->session_attrs->auth; auth_xform.auth.algo = pparams->session_attrs->auth_algorithm; + auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len; auth_xform.auth.digest_length = pparams->session_attrs->digest_len; auth_xform.auth.key.length = pparams->session_attrs->key_auth_len; @@ -4172,17 +4176,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m, op->sym->auth.digest.data = m_hlp->digest; op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( m, - params->symmetric_op->aad_len + + params->session_attrs->aad_len + params->symmetric_op->p_len); op->sym->auth.digest.length = params->symmetric_op->t_len; op->sym->auth.aad.data = m_hlp->aad; - op->sym->auth.aad.length = params->symmetric_op->aad_len; op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m); rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data, - params->symmetric_op->aad_len); + params->session_attrs->aad_len); rte_memcpy(iv_ptr, params->session_attrs->iv_data, params->session_attrs->iv_len); @@ -4190,11 +4193,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m, iv_ptr[15] = 1; op->sym->auth.data.offset = - params->symmetric_op->aad_len; + params->session_attrs->aad_len; op->sym->auth.data.length = params->symmetric_op->p_len; op->sym->cipher.data.offset = - params->symmetric_op->aad_len; + params->session_attrs->aad_len; op->sym->cipher.data.length = params->symmetric_op->p_len; op->sym->m_src = m; @@ -4208,7 +4211,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool, unsigned buf_sz, struct crypto_params *m_hlp) { struct rte_mbuf *m = rte_pktmbuf_alloc(mpool); - uint16_t aad_len = params->symmetric_op->aad_len; + uint16_t aad_len = params->session_attrs->aad_len; uint16_t digest_size = params->symmetric_op->t_len; char *p; @@ -4344,14 +4347,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id, TEST_ASSERT_BUFFERS_ARE_EQUAL( pparams->symmetric_op->c_data, pkt + - pparams->symmetric_op->aad_len, + pparams->session_attrs->aad_len, pparams->symmetric_op->c_len, "GCM Ciphertext data not as expected"); TEST_ASSERT_BUFFERS_ARE_EQUAL( pparams->symmetric_op->t_data, pkt + - pparams->symmetric_op->aad_len + + pparams->session_attrs->aad_len + pparams->symmetric_op->c_len, pparams->symmetric_op->t_len, "GCM MAC data not as expected"); @@ -4423,13 +4426,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size) RTE_CRYPTO_AUTH_OP_GENERATE; session_attrs[i].key_auth_data = NULL; session_attrs[i].key_auth_len = 0; + session_attrs[i].aad_len = gcm_test->aad.len; session_attrs[i].digest_len = gcm_test->auth_tag.len; session_attrs[i].iv_len = gcm_test->iv.len; session_attrs[i].iv_data = gcm_test->iv.data; ops_set[i].aad_data = gcm_test->aad.data; - ops_set[i].aad_len = gcm_test->aad.len; ops_set[i].p_data = gcm_test->plaintext.data; ops_set[i].p_len = buf_lengths[i]; ops_set[i].c_data = gcm_test->ciphertext.data;