[dpdk-dev] [PATCH 16/22] cryptodev: remove AAD length from crypto op

Pablo de Lara pablo.de.lara.guarch at intel.com
Wed Jun 21 09:47:25 CEST 2017


Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.

Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
 app/test-crypto-perf/cperf_ops.c                 |  3 ---
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c         |  6 +++--
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h |  2 ++
 drivers/crypto/openssl/rte_openssl_pmd.c         |  4 ++-
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +++
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c |  1 +
 drivers/crypto/qat/qat_crypto.c                  |  4 +--
 examples/ipsec-secgw/esp.c                       |  2 --
 examples/l2fwd-crypto/main.c                     |  4 ---
 lib/librte_cryptodev/rte_crypto_sym.h            |  6 +----
 test/test/test_cryptodev.c                       | 10 +++-----
 test/test/test_cryptodev_perf.c                  | 31 +++++++++++++-----------
 12 files changed, 36 insertions(+), 40 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 6c06ce5..6af7694 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -180,7 +180,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 
 		}
 
@@ -269,7 +268,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 			sym_op->auth.digest.length = options->auth_digest_sz;
 			sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
 			sym_op->auth.aad.data = test_vector->aad.data;
-			sym_op->auth.aad.length = options->auth_aad_sz;
 		}
 
 		if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
@@ -314,7 +312,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 
 		sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
 		sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]);
-		sym_op->auth.aad.length = options->auth_aad_sz;
 
 		/* authentication parameters */
 		if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index 65e074a..d2346a1 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -144,6 +144,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	sess->aad_length = auth_xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -254,7 +256,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_enc[session->key].init(&session->gdata,
 				IV_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
@@ -292,7 +294,7 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 		aesni_gcm_dec[session->key].init(&session->gdata,
 				IV_ptr,
 				sym_op->auth.aad.data,
-				(uint64_t)sym_op->auth.aad.length);
+				(uint64_t)session->aad_length);
 
 		aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
 				(uint64_t)part_len);
diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
index 2ed96f8..bfd4d1c 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
@@ -99,6 +99,8 @@ struct aesni_gcm_session {
 	/**< GCM operation type */
 	enum aesni_gcm_key key;
 	/**< GCM key type */
+	uint16_t aad_length;
+	/**< AAD length */
 	struct gcm_data gdata __rte_cache_aligned;
 	/**< GCM parameters */
 };
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 20b8881..8808013 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -369,6 +369,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		return -EINVAL;
 	}
 
+	sess->auth.aad_length = xform->auth.add_auth_data_length;
+
 	return 0;
 }
 
@@ -933,7 +935,7 @@ process_openssl_combined_op
 			sess->iv.offset);
 	ivlen = sess->iv.length;
 	aad = op->sym->auth.aad.data;
-	aadlen = op->sym->auth.aad.length;
+	aadlen = sess->auth.aad_length;
 
 	tag = op->sym->auth.digest.data;
 	if (tag == NULL)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 3a64853..045e532 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -162,6 +162,9 @@ struct openssl_session {
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
+
+		uint16_t aad_length;
+		/**< AAD length */
 	} auth;
 
 } __rte_cache_aligned;
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 5bf9c86..4df57aa 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -817,6 +817,7 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
 					ICP_QAT_HW_GALOIS_128_STATE1_SZ +
 					ICP_QAT_HW_GALOIS_H_SZ);
 		*aad_len = rte_bswap32(add_auth_data_length);
+		cdesc->aad_len = add_auth_data_length;
 		break;
 	case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
 		qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 1206839..eb19f1c 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1197,7 +1197,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 			cipher_param->cipher_length = 0;
 			cipher_param->cipher_offset = 0;
 			auth_param->u1.aad_adr = 0;
-			auth_param->auth_len = op->sym->auth.aad.length;
+			auth_param->auth_len = ctx->aad_len;
 			auth_param->auth_off = op->sym->auth.data.offset;
 			auth_param->u2.aad_sz = 0;
 		}
@@ -1224,7 +1224,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
 				op->sym->auth.digest.length);
 		rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
-				op->sym->auth.aad.length);
+				ctx->aad_len);
 	}
 #endif
 	return 0;
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 2919ab7..36d4704 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -129,7 +129,6 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
@@ -358,7 +357,6 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 		sym_cop->auth.aad.data = aad;
 		sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				aad - rte_pktmbuf_mtod(m, uint8_t *));
-		sym_cop->auth.aad.length = 8;
 		break;
 	default:
 		RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6c21c0e..ac60054 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -495,11 +495,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		if (cparams->aad.length) {
 			op->sym->auth.aad.data = cparams->aad.data;
 			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-			op->sym->auth.aad.length = cparams->aad.length;
 		} else {
 			op->sym->auth.aad.data = NULL;
 			op->sym->auth.aad.phys_addr = 0;
-			op->sym->auth.aad.length = 0;
 		}
 	}
 
@@ -707,8 +705,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 					options->auth_xform.auth.digest_length;
 			if (options->auth_xform.auth.add_auth_data_length) {
 				port_cparams[i].aad.data = options->aad.data;
-				port_cparams[i].aad.length =
-					options->auth_xform.auth.add_auth_data_length;
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 4a5e2dc..da63f0a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -365,7 +365,7 @@ struct rte_crypto_auth_xform {
 	 * the result shall be truncated.
 	 */
 
-	uint32_t add_auth_data_length;
+	uint16_t add_auth_data_length;
 	/**< The length of the additional authenticated data (AAD) in bytes.
 	 * The maximum permitted value is 65535 (2^16 - 1) bytes, unless
 	 * otherwise specified below.
@@ -653,10 +653,6 @@ struct rte_crypto_sym_op {
 			 * operation, this field is used to pass plaintext.
 			 */
 			phys_addr_t phys_addr;	/**< physical address */
-			uint16_t length;
-			/**< Length of additional authenticated data (AAD)
-			 * in bytes
-			 */
 		} aad;
 		/**< Additional authentication parameters */
 	} auth;
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 866d0d7..5b1b543 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4638,7 +4638,7 @@ test_3DES_cipheronly_openssl_all(void)
 static int
 create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
 		const uint8_t *key, const uint8_t key_len,
-		const uint8_t aad_len, const uint8_t auth_len,
+		const uint16_t aad_len, const uint8_t auth_len,
 		uint8_t iv_len,
 		enum rte_crypto_auth_operation auth_op)
 {
@@ -4752,12 +4752,11 @@ create_gcm_operation(enum rte_crypto_cipher_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
 	TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
-		sym_op->auth.aad.length);
+		tdata->aad.len);
 
 	/* Append IV at the end of the crypto operation*/
 	uint8_t *IV_ptr = rte_crypto_op_ctod_offset(ut_params->op,
@@ -6316,7 +6315,6 @@ create_gmac_operation(enum rte_crypto_auth_operation op,
 	TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
 			"no room to append aad");
 
-	sym_op->auth.aad.length = tdata->aad.len;
 	sym_op->auth.aad.phys_addr =
 			rte_pktmbuf_mtophys(ut_params->ibuf);
 	memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
@@ -6381,7 +6379,7 @@ static int create_gmac_session(uint8_t dev_id,
 	ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GMAC;
 	ut_params->auth_xform.auth.op = auth_op;
 	ut_params->auth_xform.auth.digest_length = tdata->gmac_tag.len;
-	ut_params->auth_xform.auth.add_auth_data_length = 0;
+	ut_params->auth_xform.auth.add_auth_data_length = tdata->aad.len;
 	ut_params->auth_xform.auth.key.length = 0;
 	ut_params->auth_xform.auth.key.data = NULL;
 
@@ -6861,7 +6859,6 @@ create_auth_GMAC_operation(struct crypto_testsuite_params *ts_params,
 	TEST_HEXDUMP(stdout, "AAD:", sym_op->auth.aad.data, reference->aad.len);
 
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(ut_params->ibuf);
-	sym_op->auth.aad.length = reference->aad.len;
 
 	/* digest */
 	sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
@@ -7195,7 +7192,6 @@ create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
 			"no room to prepend aad");
 	sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
 			ut_params->ibuf);
-	sym_op->auth.aad.length = aad_len;
 
 	memset(sym_op->auth.aad.data, 0, aad_len);
 	rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index da0f8a8..3844148 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -45,6 +45,7 @@
 
 #define AES_CIPHER_IV_LENGTH 16
 #define TRIPLE_DES_CIPHER_IV_LENGTH 8
+#define AES_GCM_AAD_LENGTH 16
 
 #define PERF_NUM_OPS_INFLIGHT		(128)
 #define DEFAULT_NUM_REQS_TO_SUBMIT	(10000000)
@@ -70,7 +71,6 @@ enum chain_mode {
 
 struct symmetric_op {
 	const uint8_t *aad_data;
-	uint32_t aad_len;
 
 	const uint8_t *p_data;
 	uint32_t p_len;
@@ -97,6 +97,7 @@ struct symmetric_session_attrs {
 
 	const uint8_t *iv_data;
 	uint16_t iv_len;
+	uint16_t aad_len;
 	uint32_t digest_len;
 };
 
@@ -2779,6 +2780,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 		break;
 	case RTE_CRYPTO_AUTH_AES_GCM:
 		auth_xform.auth.key.data = NULL;
+		auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
 		break;
 	default:
 		return NULL;
@@ -2855,8 +2857,6 @@ test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
 	}
 }
 
-#define AES_GCM_AAD_LENGTH 16
-
 static struct rte_mbuf *
 test_perf_create_pktmbuf(struct rte_mempool *mpool, unsigned buf_sz)
 {
@@ -2888,7 +2888,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 		op->sym->auth.digest.phys_addr = 0;
 		op->sym->auth.digest.length = 0;
 		op->sym->auth.aad.data = NULL;
-		op->sym->auth.aad.length = 0;
 		op->sym->auth.data.offset = 0;
 		op->sym->auth.data.length = 0;
 	} else {
@@ -2932,7 +2931,6 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
 	op->sym->auth.aad.data = aes_gcm_aad;
-	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Copy IV at the end of the crypto operation */
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
@@ -2999,9 +2997,14 @@ test_perf_set_crypto_op_snow3g_cipher(struct rte_crypto_op *op,
 	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
 			snow3g_iv, SNOW3G_CIPHER_IV_LENGTH);
 
+	/* Cipher Parameters */
 	op->sym->cipher.data.offset = 0;
 	op->sym->cipher.data.length = data_len << 3;
 
+	rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
+			snow3g_iv,
+			SNOW3G_CIPHER_IV_LENGTH);
+
 	op->sym->m_src = m;
 
 	return op;
@@ -4133,6 +4136,7 @@ test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
 	auth_xform.auth.op = pparams->session_attrs->auth;
 	auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
 
+	auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
 	auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
 	auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
 
@@ -4168,17 +4172,16 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.data = m_hlp->digest;
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
 					  m,
-					  params->symmetric_op->aad_len +
+					  params->session_attrs->aad_len +
 					  params->symmetric_op->p_len);
 
 	op->sym->auth.digest.length = params->symmetric_op->t_len;
 
 	op->sym->auth.aad.data = m_hlp->aad;
-	op->sym->auth.aad.length = params->symmetric_op->aad_len;
 	op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
 
 	rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
-		       params->symmetric_op->aad_len);
+		       params->session_attrs->aad_len);
 
 	rte_memcpy(IV_ptr, params->session_attrs->iv_data,
 		       params->session_attrs->iv_len);
@@ -4186,11 +4189,11 @@ perf_gcm_set_crypto_op(struct rte_crypto_op *op, struct rte_mbuf *m,
 		IV_ptr[15] = 1;
 
 	op->sym->auth.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->auth.data.length = params->symmetric_op->p_len;
 
 	op->sym->cipher.data.offset =
-			params->symmetric_op->aad_len;
+			params->session_attrs->aad_len;
 	op->sym->cipher.data.length = params->symmetric_op->p_len;
 
 	op->sym->m_src = m;
@@ -4204,7 +4207,7 @@ test_perf_create_pktmbuf_fill(struct rte_mempool *mpool,
 		unsigned buf_sz, struct crypto_params *m_hlp)
 {
 	struct rte_mbuf *m = rte_pktmbuf_alloc(mpool);
-	uint16_t aad_len = params->symmetric_op->aad_len;
+	uint16_t aad_len = params->session_attrs->aad_len;
 	uint16_t digest_size = params->symmetric_op->t_len;
 	char *p;
 
@@ -4340,14 +4343,14 @@ perf_AES_GCM(uint8_t dev_id, uint16_t queue_id,
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->c_data,
 					pkt +
-					pparams->symmetric_op->aad_len,
+					pparams->session_attrs->aad_len,
 					pparams->symmetric_op->c_len,
 					"GCM Ciphertext data not as expected");
 
 				TEST_ASSERT_BUFFERS_ARE_EQUAL(
 					pparams->symmetric_op->t_data,
 					pkt +
-					pparams->symmetric_op->aad_len +
+					pparams->session_attrs->aad_len +
 					pparams->symmetric_op->c_len,
 					pparams->symmetric_op->t_len,
 					"GCM MAC data not as expected");
@@ -4419,13 +4422,13 @@ test_perf_AES_GCM(int continual_buf_len, int continual_size)
 			RTE_CRYPTO_AUTH_OP_GENERATE;
 		session_attrs[i].key_auth_data = NULL;
 		session_attrs[i].key_auth_len = 0;
+		session_attrs[i].aad_len = gcm_test->aad.len;
 		session_attrs[i].digest_len =
 				gcm_test->auth_tag.len;
 		session_attrs[i].iv_len = gcm_test->iv.len;
 		session_attrs[i].iv_data = gcm_test->iv.data;
 
 		ops_set[i].aad_data = gcm_test->aad.data;
-		ops_set[i].aad_len = gcm_test->aad.len;
 		ops_set[i].p_data = gcm_test->plaintext.data;
 		ops_set[i].p_len = buf_lengths[i];
 		ops_set[i].c_data = gcm_test->ciphertext.data;
-- 
2.9.4



More information about the dev mailing list