[dpdk-dev] [PATCH 1/8] crypto/aesni_gcm: do not append digest

Zhang, Roy Fan roy.fan.zhang at intel.com
Mon Sep 4 12:07:57 CEST 2017


Hi Pablo,

Thanks for the patch. It is very good idea of allocating only necessary buffer for digests in the operation.
Comments inline:

> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Pablo de Lara
> Sent: Friday, August 18, 2017 8:21 AM
> To: Doherty, Declan <declan.doherty at intel.com>;
> jerin.jacob at caviumnetworks.com
> Cc: dev at dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>
> Subject: [dpdk-dev] [PATCH 1/8] crypto/aesni_gcm: do not append digest
> 
> When performing an authentication verification, the PMD was using memory
> at the end of the input buffer, to store temporarily the digest.
> This operation requires the buffer to have enough tailroom unnecessarily.
> Instead, memory is allocated for each queue pair, to store temporarily the
> digest generated by the driver, so it can be compared with the one provided
> in the crypto operation, without needing to touch the input buffer.
> 
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> ---
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         | 31 +++++-------------------
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  7 ++++++
>  2 files changed, 13 insertions(+), 25 deletions(-)
> 
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> index d9c91d0..ae670a7 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> @@ -298,14 +298,7 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> struct rte_crypto_op *op,
>  				sym_op->aead.digest.data,
>  				(uint64_t)session->digest_length);
>  	} else if (session->op ==
> AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
> -		uint8_t *auth_tag = (uint8_t
> *)rte_pktmbuf_append(sym_op->m_dst ?
> -				sym_op->m_dst : sym_op->m_src,
> -				session->digest_length);
> -
> -		if (!auth_tag) {
> -			GCM_LOG_ERR("auth_tag");
> -			return -1;
> -		}

qp->tmp_digest has already the data type of uint8_t*, the casting is not necessary here. Although the "&" here seems to be wrong. auth_tag didn't point to qp->tmp_digest but a buffer with the address as &qp->tmp_digest.

> +		uint8_t *auth_tag = (uint8_t *)&qp->temp_digest;
>  		qp->ops[session->key].init(&session->gdata_key,
>  				&qp->gdata_ctx,
> @@ -350,14 +343,7 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> struct rte_crypto_op *op,
>  				sym_op->auth.digest.data,
>  				(uint64_t)session->digest_length);
>  	} else { /* AESNI_GMAC_OP_VERIFY */
> -		uint8_t *auth_tag = (uint8_t
> *)rte_pktmbuf_append(sym_op->m_dst ?
> -				sym_op->m_dst : sym_op->m_src,
> -				session->digest_length);
> -
> -		if (!auth_tag) {
> -			GCM_LOG_ERR("auth_tag");
> -			return -1;
> -		}

Same here. 

> +		uint8_t *auth_tag = (uint8_t *)&qp->temp_digest;
> 
>  		qp->ops[session->key].init(&session->gdata_key,
>  				&qp->gdata_ctx,
> @@ -385,11 +371,10 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> struct rte_crypto_op *op,
>   * - Returns NULL on invalid job
>   */
>  static void
> -post_process_gcm_crypto_op(struct rte_crypto_op *op,
> +post_process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> +		struct rte_crypto_op *op,
>  		struct aesni_gcm_session *session)
>  {
> -	struct rte_mbuf *m = op->sym->m_dst ? op->sym->m_dst : op-
> >sym->m_src;
> -
>  	op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
> 
>  	/* Verify digest if required */
> @@ -397,8 +382,7 @@ post_process_gcm_crypto_op(struct rte_crypto_op
> *op,
>  			session->op == AESNI_GMAC_OP_VERIFY) {
>  		uint8_t *digest;
> 

Same here.

> -		uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
> -				m->data_len - session->digest_length);
> +		uint8_t *tag = (uint8_t *)&qp->temp_digest;
> 

...

> 
> --
> 2.9.4

The same problem lies the rest of your patches in the patchset.

Regards,
Fan


More information about the dev mailing list