[dpdk-dev] [PATCH 16/22] cryptodev: remove AAD length from crypto op
Pablo de Lara
pablo.de.lara.guarch at intel.com
Wed Jun 21 09:47:25 CEST 2017
Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.
Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
app/test-crypto-perf/cperf_ops.c | 3 ---
drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 6 +++--
drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 2 ++
drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++-
drivers/crypto/openssl/rte_openssl_pmd_private.h | 3 +++
drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 1 +
drivers/crypto/qat/qat_crypto.c | 4 +--
examples/ipsec-secgw/esp.c | 2 --
examples/l2fwd-crypto/main.c | 4 ---
lib/librte_cryptodev/rte_crypto_sym.h | 6 +----
test/test/test_cryptodev.c | 10 +++-----
test/test/test_cryptodev_perf.c | 31 +++++++++++++-----------
12 files changed, 36 insertions(+), 40 deletions(-)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 6c06ce5..6af7694 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -180,7 +180,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
sym_op->auth.digest.length = options->auth_digest_sz;
sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
sym_op->auth.aad.data = test_vector->aad.data;
- sym_op->auth.aad.length = options->auth_aad_sz;
}
@@ -269,7 +268,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
sym_op->auth.digest.length = options->auth_digest_sz;
sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
sym_op->auth.aad.data = test_vector->aad.data;
- sym_op->auth.aad.length = options->auth_aad_sz;
}
if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -314,7 +312,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
- sym_op->auth.aad.length = options->auth_aad_sz;
/* authentication parameters */
if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 65e074a..d2346a1 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -144,6 +144,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
return -EINVAL;
}
+ sess->aad_length = auth_xform->auth.add_auth_data_length;
+
return 0;
}
@@ -254,7 +256,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
aesni_gcm_enc[session->key].init(&session->gdata,
IV_ptr,
sym_op->auth.aad.data,
- (uint64_t)sym_op->auth.aad.length);
+ (uint64_t)session->aad_length);
aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
(uint64_t)part_len);
@@ -292,7 +294,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
aesni_gcm_dec[session->key].init(&session->gdata,
IV_ptr,
sym_op->auth.aad.data,
- (uint64_t)sym_op->auth.aad.length);
+ (uint64_t)session->aad_length);
aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
(uint64_t)part_len);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 2ed96f8..bfd4d1c 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -99,6 +99,8 @@ struct aesni_gcm_session {
/**< GCM operation type */
enum aesni_gcm_key key;
/**< GCM key type */
+ uint16_t aad_length;
+ /**< AAD length */
struct gcm_data gdata __rte_cache_aligned;
/**< GCM parameters */
};
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 20b8881..8808013 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -369,6 +369,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
return -EINVAL;
}
+ sess->auth.aad_length = xform->auth.add_auth_data_length;
+
return 0;
}
@@ -933,7 +935,7 @@ process_openssl_combined_op
sess->iv.offset);
ivlen = sess->iv.length;
aad = op->sym->auth.aad.data;
- aadlen = op->sym->auth.aad.length;
+ aadlen = sess->auth.aad_length;
tag = op->sym->auth.digest.data;
if (tag == NULL)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 3a64853..045e532 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -162,6 +162,9 @@ struct openssl_session {
/**< pointer to EVP context structure */
} hmac;
};
+
+ uint16_t aad_length;
+ /**< AAD length */
} auth;
} __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 5bf9c86..4df57aa 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
ICP_QAT_HW_GALOIS_128_STATE1_SZ +
ICP_QAT_HW_GALOIS_H_SZ);
*aad_len = rte_bswap32(add_auth_data_length);
+ cdesc->aad_len = add_auth_data_length;
break;
case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 1206839..eb19f1c 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1197,7 +1197,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
cipher_param->cipher_length = 0;
cipher_param->cipher_offset = 0;
auth_param->u1.aad_adr = 0;
- auth_param->auth_len = op->sym->auth.aad.length;
+ auth_param->auth_len = ctx->aad_len;
auth_param->auth_off = op->sym->auth.data.offset;
auth_param->u2.aad_sz = 0;
}
@@ -1224,7 +1224,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
op->sym->auth.digest.length);
rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
- op->sym->auth.aad.length);
+ ctx->aad_len);
}
#endif
return 0;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 2919ab7..36d4704 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
sym_cop->auth.aad.data = aad;
sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
aad - rte_pktmbuf_mtod(m, uint8_t *));
- sym_cop->auth.aad.length = 8;
break;
default:
RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
@@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
sym_cop->auth.aad.data = aad;
sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
aad - rte_pktmbuf_mtod(m, uint8_t *));
- sym_cop->auth.aad.length = 8;
break;
default:
RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6c21c0e..ac60054 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -495,11 +495,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
if (cparams->aad.length) {
op->sym->auth.aad.data = cparams->aad.data;
op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
- op->sym->auth.aad.length = cparams->aad.length;
} else {
op->sym->auth.aad.data = NULL;
op->sym->auth.aad.phys_addr = 0;
- op->sym->auth.aad.length = 0;
}
}
@@ -707,8 +705,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
options->auth_xform.auth.digest_length;
if (options->auth_xform.auth.add_auth_data_length) {
port_cparams[i].aad.data = options->aad.data;
- port_cparams[i].aad.length =
- options->auth_xform.auth.add_auth_data_length;
port_cparams[i].aad.phys_addr = options->aad.phys_addr;
if (!options->aad_param)
generate_random_key(port_cparams[i].aad.data,
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 4a5e2dc..da63f0a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -365,7 +365,7 @@ struct rte_crypto_auth_xform {
* the result shall be truncated.
*/
- uint32_t add_auth_data_length;
+ uint16_t add_auth_data_length;
/**< The length of the additional authenticated data (AAD) in bytes.
* The maximum permitted value is 65535 (2^16 - 1) bytes, unless
* otherwise specified below.
@@ -653,10 +653,6 @@ struct rte_crypto_sym_op {
* operation, this field is used to pass plaintext.
*/
phys_addr_t phys_addr; /**< physical address */
- uint16_t length;
- /**< Length of additional authenticated data (AAD)
- * in bytes
- */
} aad;
/**< Additional authentication parameters */
} auth;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 866d0d7..5b1b543 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4638,7 +4638,7 @@ test_3DES_cipheronly_openssl_all(void)
static int
create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
const uint8_t *key, const uint8_t key_len,
- const uint8_t aad_len, const uint8_t auth_len,
+ const uint16_t aad_len, const uint8_t auth_len,
uint8_t iv_len,
enum rte_crypto_auth_operation auth_op)
{
@@ -4752,12 +4752,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
"no room to append aad");
- sym_op->auth.aad.length = tdata->aad.len;
sym_op->auth.aad.phys_addr =
rte_pktmbuf_mtophys(ut_params->ibuf);
memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
- sym_op->auth.aad.length);
+ tdata->aad.len);
/* Append IV at the end of the crypto operation*/
uint8_t *IV_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6316,7 +6315,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
"no room to append aad");
- sym_op->auth.aad.length = tdata->aad.len;
sym_op->auth.aad.phys_addr =
rte_pktmbuf_mtophys(ut_params->ibuf);
memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
@@ -6381,7 +6379,7 @@ static int create_gmac_session(uint8_t dev_id,
ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
ut_params->auth_xform.auth.op = auth_op;
ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
- ut_params->auth_xform.auth.add_auth_data_length = 0;
+ ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
ut_params->auth_xform.auth.key.length = 0;
ut_params->auth_xform.auth.key.data = NULL;
@@ -6861,7 +6859,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
- sym_op->auth.aad.length = reference->aad.len;
/* digest */
sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -7195,7 +7192,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
"no room to prepend aad");
sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
ut_params->ibuf);
- sym_op->auth.aad.length = aad_len;
memset(sym_op->auth.aad.data, 0, aad_len);
rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index da0f8a8..3844148 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -45,6 +45,7 @@
#define AES_CIPHER_IV_LENGTH 16
#define TRIPLE_DES_CIPHER_IV_LENGTH 8
+#define AES_GCM_AAD_LENGTH 16
#define PERF_NUM_OPS_INFLIGHT (128)
#define DEFAULT_NUM_REQS_TO_SUBMIT (10000000)
@@ -70,7 +71,6 @@ enum chain_mode {
struct symmetric_op {
const uint8_t *aad_data;
- uint32_t aad_len;
const uint8_t *p_data;
uint32_t p_len;
@@ -97,6 +97,7 @@ struct symmetric_session_attrs {
const uint8_t *iv_data;
uint16_t iv_len;
+ uint16_t aad_len;
uint32_t digest_len;
};
@@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
break;
case RTE_CRYPTO_AUTH_AES_GCM:
auth_xform.auth.key.data = NULL;
+ auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
break;
default:
return NULL;
@@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
}
}
-#define AES_GCM_AAD_LENGTH 16
-
static struct rte_mbuf *
test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
{
@@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
op->sym->auth.digest.phys_addr = 0;
op->sym->auth.digest.length = 0;
op->sym->auth.aad.data = NULL;
- op->sym->auth.aad.length = 0;
op->sym->auth.data.offset = 0;
op->sym->auth.data.length = 0;
} else {
@@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
rte_pktmbuf_mtophys_offset(m, data_len);
op->sym->auth.digest.length = digest_len;
op->sym->auth.aad.data = aes_gcm_aad;
- op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
/* Copy IV at the end of the crypto operation */
rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
+ /* Cipher Parameters */
op->sym->cipher.data.offset = 0;
op->sym->cipher.data.length = data_len << 3;
+ rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+ snow3g_iv,
+ SNOW3G_CIPHER_IV_LENGTH);
+
op->sym->m_src = m;
return op;
@@ -4133,6 +4136,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
auth_xform.auth.op = pparams->session_attrs->auth;
auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
+ auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
@@ -4168,17 +4172,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
op->sym->auth.digest.data = m_hlp->digest;
op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
m,
- params->symmetric_op->aad_len +
+ params->session_attrs->aad_len +
params->symmetric_op->p_len);
op->sym->auth.digest.length = params->symmetric_op->t_len;
op->sym->auth.aad.data = m_hlp->aad;
- op->sym->auth.aad.length = params->symmetric_op->aad_len;
op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
- params->symmetric_op->aad_len);
+ params->session_attrs->aad_len);
rte_memcpy(IV_ptr, params->session_attrs->iv_data,
params->session_attrs->iv_len);
@@ -4186,11 +4189,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
IV_ptr[15] = 1;
op->sym->auth.data.offset =
- params->symmetric_op->aad_len;
+ params->session_attrs->aad_len;
op->sym->auth.data.length = params->symmetric_op->p_len;
op->sym->cipher.data.offset =
- params->symmetric_op->aad_len;
+ params->session_attrs->aad_len;
op->sym->cipher.data.length = params->symmetric_op->p_len;
op->sym->m_src = m;
@@ -4204,7 +4207,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
unsigned buf_sz, struct crypto_params *m_hlp)
{
struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
- uint16_t aad_len = params->symmetric_op->aad_len;
+ uint16_t aad_len = params->session_attrs->aad_len;
uint16_t digest_size = params->symmetric_op->t_len;
char *p;
@@ -4340,14 +4343,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
TEST_ASSERT_BUFFERS_ARE_EQUAL(
pparams->symmetric_op->c_data,
pkt +
- pparams->symmetric_op->aad_len,
+ pparams->session_attrs->aad_len,
pparams->symmetric_op->c_len,
"GCM Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
pparams->symmetric_op->t_data,
pkt +
- pparams->symmetric_op->aad_len +
+ pparams->session_attrs->aad_len +
pparams->symmetric_op->c_len,
pparams->symmetric_op->t_len,
"GCM MAC data not as expected");
@@ -4419,13 +4422,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
RTE_CRYPTO_AUTH_OP_GENERATE;
session_attrs[i].key_auth_data = NULL;
session_attrs[i].key_auth_len = 0;
+ session_attrs[i].aad_len = gcm_test->aad.len;
session_attrs[i].digest_len =
gcm_test->auth_tag.len;
session_attrs[i].iv_len = gcm_test->iv.len;
session_attrs[i].iv_data = gcm_test->iv.data;
ops_set[i].aad_data = gcm_test->aad.data;
- ops_set[i].aad_len = gcm_test->aad.len;
ops_set[i].p_data = gcm_test->plaintext.data;
ops_set[i].p_len = buf_lengths[i];
ops_set[i].c_data = gcm_test->ciphertext.data;
--
2.9.4
More information about the dev
mailing list