When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
#define KASUMI_KEY_LENGTH 16
#define KASUMI_IV_LENGTH 8
#define KASUMI_KEY_LENGTH 16
#define KASUMI_IV_LENGTH 8
-#define KASUMI_DIGEST_LENGTH 4
#define KASUMI_MAX_BURST 4
#define BYTE_LEN 8
#define KASUMI_MAX_BURST 4
#define BYTE_LEN 8
/** Generate/verify hash from mbufs with same hash key. */
static int
/** Generate/verify hash from mbufs with same hash key. */
static int
-process_kasumi_hash_op(struct rte_crypto_op **ops,
+process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
struct kasumi_session *session,
uint8_t num_ops)
{
struct kasumi_session *session,
uint8_t num_ops)
{
num_bytes = length_in_bits >> 3;
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
num_bytes = length_in_bits >> 3;
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
- dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
- KASUMI_DIGEST_LENGTH);
sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
num_bytes, dst);
sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
num_bytes, dst);
if (memcmp(dst, ops[i]->sym->auth.digest.data,
KASUMI_DIGEST_LENGTH) != 0)
ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
if (memcmp(dst, ops[i]->sym->auth.digest.data,
KASUMI_DIGEST_LENGTH) != 0)
ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-
- /* Trim area used for digest from mbuf. */
- rte_pktmbuf_trim(ops[i]->sym->m_src,
- KASUMI_DIGEST_LENGTH);
} else {
dst = ops[i]->sym->auth.digest.data;
} else {
dst = ops[i]->sym->auth.digest.data;
session, num_ops);
break;
case KASUMI_OP_ONLY_AUTH:
session, num_ops);
break;
case KASUMI_OP_ONLY_AUTH:
- processed_ops = process_kasumi_hash_op(ops, session,
+ processed_ops = process_kasumi_hash_op(qp, ops, session,
num_ops);
break;
case KASUMI_OP_CIPHER_AUTH:
processed_ops = process_kasumi_cipher_op(ops, session,
num_ops);
num_ops);
break;
case KASUMI_OP_CIPHER_AUTH:
processed_ops = process_kasumi_cipher_op(ops, session,
num_ops);
- process_kasumi_hash_op(ops, session, processed_ops);
+ process_kasumi_hash_op(qp, ops, session, processed_ops);
break;
case KASUMI_OP_AUTH_CIPHER:
break;
case KASUMI_OP_AUTH_CIPHER:
- processed_ops = process_kasumi_hash_op(ops, session,
+ processed_ops = process_kasumi_hash_op(qp, ops, session,
num_ops);
process_kasumi_cipher_op(ops, session, processed_ops);
break;
num_ops);
process_kasumi_cipher_op(ops, session, processed_ops);
break;
session);
break;
case KASUMI_OP_ONLY_AUTH:
session);
break;
case KASUMI_OP_ONLY_AUTH:
- processed_op = process_kasumi_hash_op(&op, session, 1);
+ processed_op = process_kasumi_hash_op(qp, &op, session, 1);
break;
case KASUMI_OP_CIPHER_AUTH:
processed_op = process_kasumi_cipher_op_bit(op, session);
if (processed_op == 1)
break;
case KASUMI_OP_CIPHER_AUTH:
processed_op = process_kasumi_cipher_op_bit(op, session);
if (processed_op == 1)
- process_kasumi_hash_op(&op, session, 1);
+ process_kasumi_hash_op(qp, &op, session, 1);
break;
case KASUMI_OP_AUTH_CIPHER:
break;
case KASUMI_OP_AUTH_CIPHER:
- processed_op = process_kasumi_hash_op(&op, session, 1);
+ processed_op = process_kasumi_hash_op(qp, &op, session, 1);
if (processed_op == 1)
process_kasumi_cipher_op_bit(op, session);
break;
if (processed_op == 1)
process_kasumi_cipher_op_bit(op, session);
break;
#define KASUMI_LOG_DBG(fmt, args...)
#endif
#define KASUMI_LOG_DBG(fmt, args...)
#endif
+#define KASUMI_DIGEST_LENGTH 4
+
/** private data structure for each virtual KASUMI device */
struct kasumi_private {
unsigned max_nb_queue_pairs;
/** private data structure for each virtual KASUMI device */
struct kasumi_private {
unsigned max_nb_queue_pairs;
/**< Session Mempool */
struct rte_cryptodev_stats qp_stats;
/**< Queue pair statistics */
/**< Session Mempool */
struct rte_cryptodev_stats qp_stats;
/**< Queue pair statistics */
+ uint8_t temp_digest[KASUMI_DIGEST_LENGTH];
+ /**< Buffer used to store the digest generated
+ * by the driver when verifying a digest provided
+ * by the user (using authentication verify operation)
+ */
} __rte_cache_aligned;
enum kasumi_operation {
} __rte_cache_aligned;
enum kasumi_operation {