summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
0ff255e)
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
*/
static inline int
set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
*/
static inline int
set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
- struct rte_crypto_op *op)
+ struct rte_crypto_op *op, uint8_t *digest_idx)
{
struct rte_mbuf *m_src = op->sym->m_src, *m_dst;
struct aesni_mb_session *session;
{
struct rte_mbuf *m_src = op->sym->m_src, *m_dst;
struct aesni_mb_session *session;
/* Set digest output location */
if (job->hash_alg != NULL_HASH &&
session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
/* Set digest output location */
if (job->hash_alg != NULL_HASH &&
session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
- job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
- get_digest_byte_length(job->hash_alg));
-
- if (job->auth_tag_output == NULL) {
- MB_LOG_ERR("failed to allocate space in output mbuf "
- "for temp digest");
- op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- return -1;
- }
-
- memset(job->auth_tag_output, 0,
- sizeof(get_digest_byte_length(job->hash_alg)));
-
+ job->auth_tag_output = qp->temp_digests[*digest_idx];
+ *digest_idx = (*digest_idx + 1) % MAX_JOBS;
} else {
job->auth_tag_output = op->sym->auth.digest.data;
}
} else {
job->auth_tag_output = op->sym->auth.digest.data;
}
/* Set user data to be crypto operation data struct */
job->user_data = op;
/* Set user data to be crypto operation data struct */
job->user_data = op;
- job->user_data2 = m_dst;
return 0;
}
static inline void
return 0;
}
static inline void
-verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op) {
- struct rte_mbuf *m_dst = (struct rte_mbuf *)job->user_data2;
-
+verify_digest(struct aesni_mb_qp *qp __rte_unused, JOB_AES_HMAC *job,
+ struct rte_crypto_op *op) {
/* Verify digest if required */
if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
job->auth_tag_output_len_in_bytes) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* Verify digest if required */
if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
job->auth_tag_output_len_in_bytes) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-
- /* trim area used for digest from mbuf */
- rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
* @param job JOB_AES_HMAC job to process
*
* @return
* @param job JOB_AES_HMAC job to process
*
* @return
- * - Returns processed crypto operation which mbuf is trimmed of output digest
- * used in verification of supplied digest.
+ * - Returns processed crypto operation.
* - Returns NULL on invalid job
*/
static inline struct rte_crypto_op *
* - Returns NULL on invalid job
*/
static inline struct rte_crypto_op *
if (job->hash_alg != NULL_HASH) {
if (sess->auth.operation ==
RTE_CRYPTO_AUTH_OP_VERIFY)
if (job->hash_alg != NULL_HASH) {
if (sess->auth.operation ==
RTE_CRYPTO_AUTH_OP_VERIFY)
- verify_digest(job, op);
+ verify_digest(qp, job, op);
if (unlikely(nb_ops == 0))
return 0;
if (unlikely(nb_ops == 0))
return 0;
+ uint8_t digest_idx = qp->digest_idx;
do {
/* Get next operation to process from ingress queue */
retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
do {
/* Get next operation to process from ingress queue */
retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
job = (*qp->op_fns->job.get_next)(&qp->mb_mgr);
}
job = (*qp->op_fns->job.get_next)(&qp->mb_mgr);
}
- retval = set_mb_job_params(job, qp, op);
+ retval = set_mb_job_params(job, qp, op, &digest_idx);
if (unlikely(retval != 0)) {
qp->stats.dequeue_err_count++;
set_job_null_op(job);
if (unlikely(retval != 0)) {
qp->stats.dequeue_err_count++;
set_job_null_op(job);
} while (processed_jobs < nb_ops);
} while (processed_jobs < nb_ops);
+ qp->digest_idx = digest_idx;
+
if (processed_jobs < 1)
processed_jobs += flush_mb_mgr(qp,
&ops[processed_jobs],
if (processed_jobs < 1)
processed_jobs += flush_mb_mgr(qp,
&ops[processed_jobs],
memset(&qp->stats, 0, sizeof(qp->stats));
memset(&qp->stats, 0, sizeof(qp->stats));
+ char mp_name[RTE_MEMPOOL_NAMESIZE];
+
+ snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+ "digest_mp_%u_%u", dev->data->dev_id, qp_id);
+
/* Initialise multi-buffer manager */
(*qp->op_fns->job.init_mgr)(&qp->mb_mgr);
return 0;
/* Initialise multi-buffer manager */
(*qp->op_fns->job.init_mgr)(&qp->mb_mgr);
return 0;
#define HMAC_IPAD_VALUE (0x36)
#define HMAC_OPAD_VALUE (0x5C)
#define HMAC_IPAD_VALUE (0x36)
#define HMAC_OPAD_VALUE (0x5C)
+/* Maximum length for digest (SHA-512 truncated needs 32 bytes) */
+#define DIGEST_LENGTH_MAX 32
static const unsigned auth_blocksize[] = {
[MD5] = 64,
[SHA1] = 64,
static const unsigned auth_blocksize[] = {
[MD5] = 64,
[SHA1] = 64,
/**< Session Mempool */
struct rte_cryptodev_stats stats;
/**< Queue pair statistics */
/**< Session Mempool */
struct rte_cryptodev_stats stats;
/**< Queue pair statistics */
+ uint8_t digest_idx;
+ /**< Index of the next slot to be used in temp_digests,
+ * to store the digest for a given operation
+ */
+ uint8_t temp_digests[MAX_JOBS][DIGEST_LENGTH_MAX];
+ /**< Buffers used to store the digest generated
+ * by the driver when verifying a digest provided
+ * by the user (using authentication verify operation)
+ */
/** AES-NI multi-buffer private session structure */
struct aesni_mb_session {
JOB_CHAIN_ORDER chain_order;
/** AES-NI multi-buffer private session structure */
struct aesni_mb_session {
JOB_CHAIN_ORDER chain_order;