git.droids-corp.org - dpdk.git/commit

author	Marcin Smoczynski <marcinx.smoczynski@intel.com>
	Thu, 31 Oct 2019 14:04:45 +0000 (15:04 +0100)
committer	Akhil Goyal <akhil.goyal@nxp.com>
	Fri, 8 Nov 2019 12:51:16 +0000 (13:51 +0100)
commit	ce00b504f19896604d60d121008b8a2df48ef114
tree	7168fa5fdacfbf88d1fa0832eecfcc9c7a7bccca	tree \| snapshot
parent	4bc65cf1190f3ba6b613dd4c76224c8d710c1d04	commit \| diff

examples/ipsec-secgw: fix GCM IV length

The example IPsec application does not work properly when using
AES-GCM with crypto_openssl.

ESP with AES-GCM uses standard 96bit long algorithm IV ([1]) which
later concatenated with be32(1) forms a J0 block. GCM specification
([2], chapter 7.1) states that when length of IV is different than
96b, in order to format a J0 block, GHASH function must be used.

According to specification ([2], chapter 5.1.1) GCM implementations
should support standard 96bit IVs, other lengths are optional. Every
DPDK cryptodev supports 96bit IV and few of them supports 128bit
IV as well (openssl, mrvl, ccp). When passing iv::length=16 to a
cryptodev which does support standard IVs only (e.g. qat) it
implicitly uses starting 96 bits. On the other hand, openssl follows
specification and uses GHASH to compute J0 for that case which results
in different than expected J0 values used for encryption/decryption.

Fix an inability to use AES-GCM with crypto_openssl by changing IV
length to the standard value of 12.

[1] RFC4106, section "4. Nonce format" and "3.1. Initialization Vector"
https://tools.ietf.org/html/rfc4106
[2] NIST SP800-38D
https://csrc.nist.gov/publications/detail/sp/800-38d/final

Fixes: 0fbd75a99f ("cryptodev: move IV parameters to session")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>