From: Pablo de Lara Date: Thu, 21 Sep 2017 13:11:14 +0000 (+0100) Subject: cryptodev: clarify API for AES-CCM X-Git-Tag: spdx-start~1408 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=36572831720450f3657480de36721fee7c65f92d;p=dpdk.git cryptodev: clarify API for AES-CCM AES-CCM algorithm has some restrictions when handling nonce (IV) and AAD information. As the API stated, the nonce needs to be place 1 byte after the start of the IV field. This field needs to be 16 bytes long, regardless the length of the nonce, but it is important to clarify that the first byte and the padding added after the nonce may be modified by the PMDs using this algorithm. Same happens with the AAD. It needs to be placed 18 bytes after the start of the AAD field. The field also needs to be multiple of 16 bytes long and all memory reserved (the first bytes and the padding (may be modified by the PMDs). Lastly, nonce is not needed to be placed in the first 16 bytes of the AAD, as the API stated, as that depends on the PMD used, so the comment has been removed. Signed-off-by: Pablo de Lara Acked-by: Fiona Trahe Acked-by: Fan Zhang --- diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 0ceaa9176e..5f859ec382 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -196,7 +196,9 @@ struct rte_crypto_cipher_xform { * space for the implementation to write in the flags * in the first byte). Note that a full 16 bytes should * be allocated, even though the length field will - * have a value less than this. + * have a value less than this. Note that the PMDs may + * modify the memory reserved (the first byte and the + * final padding) * * - For AES-XTS, this is the 128bit tweak, i, from * IEEE Std 1619-2007. @@ -555,20 +557,19 @@ struct rte_crypto_sym_op { * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM), * the caller should setup this field as follows: * - * - the nonce should be written starting at an offset - * of one byte into the array, leaving room for the - * implementation to write in the flags to the first - * byte. - * - * - the additional authentication data itself should + * - the additional authentication data itself should * be written starting at an offset of 18 bytes into - * the array, leaving room for the length encoding in - * the first two bytes of the second block. + * the array, leaving room for the first block (16 bytes) + * and the length encoding in the first two bytes of the + * second block. * * - the array should be big enough to hold the above - * fields, plus any padding to round this up to the - * nearest multiple of the block size (16 bytes). - * Padding will be added by the implementation. + * fields, plus any padding to round this up to the + * nearest multiple of the block size (16 bytes). + * Padding will be added by the implementation. + * + * - Note that PMDs may modify the memory reserved + * (first 18 bytes and the final padding). * * Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the * caller should setup this field as follows: