[dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD capabilities

[Azarewicz, PiotrX T]

> Subject: Re: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD
> capabilities
> 
> > Subject: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in
> > PMD capabilities
> >
> > This patch sets iv size in aesni gcm PMD to 12 bytes to be conformant
> > with nist SP800-38D.
> >
> > Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto
> > operations")
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
> > ---
> >  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > index e824d4b..c51f82a 100644
> > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > @@ -77,8 +77,8 @@ static const struct rte_cryptodev_capabilities
> > aesni_gcm_pmd_capabilities[] = {
> >  					.increment = 0
> >  				},
> >  				.iv_size = {
> > -					.min = 16,
> > -					.max = 16,
> > +					.min = 12,
> > +					.max = 12,
> >  					.increment = 0
> >  				}
> >  			}, }
> 
> I think that we should also remove 16 na 0 bytes allowed in
> process_gcm_crypto_op() function:
> 	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
> 			op->cipher.iv.length != 0) {
> 		GCM_LOG_ERR("iv");
> 		return -1;
> 	}

I found this notice about IV in rte_crypto_sym.h :
			 * - For GCM mode, this is either the IV (if the length
			 * is 96 bits) or J0 (for other sizes), where J0 is as
			 * defined by NIST SP800-38D. Regardless of the IV
			 * length, a full 16 bytes needs to be allocated.
So it is fine to leave unchanged above code.

Acked-by: Piotr Azarewicz <piotrx.t.azarewicz at intel.com>