[dpdk-dev] [PATCH 11/13] drivers/crypto: do not use AAD in wireless algorithms
Pablo de Lara
pablo.de.lara.guarch at intel.com
Sun May 28 23:05:20 CEST 2017
For wireless algorithms (SNOW3G, KASUMI, ZUC),
the IV for the authentication algorithms (F9, UIA2 and EIA3)
was taken from the AAD parameter, as there was no IV parameter
in the authentication structure, and this was pointing at IV.
Now that IV is available for all algorithms, there is need
to keep doing this, so AAD is not used for these algorithms
anymore.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
drivers/crypto/kasumi/rte_kasumi_pmd.c | 12 ++++------
drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 12 +++++-----
drivers/crypto/qat/qat_crypto_capabilities.h | 36 ++++++++++++++--------------
drivers/crypto/snow3g/rte_snow3g_pmd.c | 13 ++++------
drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 12 +++++-----
drivers/crypto/zuc/rte_zuc_pmd.c | 13 ++++------
drivers/crypto/zuc/rte_zuc_pmd_ops.c | 12 +++++-----
lib/librte_cryptodev/rte_crypto_sym.h | 4 +---
8 files changed, 51 insertions(+), 63 deletions(-)
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index 056682b..57faa7a 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -251,6 +251,7 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
unsigned i;
uint8_t processed_ops = 0;
uint8_t *src, *dst;
+ uint8_t *IV_ptr;
uint32_t length_in_bits;
uint32_t num_bytes;
uint32_t shift_bits;
@@ -258,12 +259,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
uint8_t direction;
for (i = 0; i < num_ops; i++) {
- if (unlikely(ops[i]->sym->auth.aad.length != KASUMI_IV_LENGTH)) {
- ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- KASUMI_LOG_ERR("aad");
- break;
- }
-
/* Data must be byte aligned */
if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -275,8 +270,9 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
(ops[i]->sym->auth.data.offset >> 3);
- /* IV from AAD */
- IV = *((uint64_t *)(ops[i]->sym->auth.aad.data));
+ IV_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+ session->iv_offset);
+ IV = *((uint64_t *)(IV_ptr));
/* Direction from next bit after end of message */
num_bytes = (length_in_bits >> 3) + 1;
shift_bits = (BYTE_LEN - 1 - length_in_bits) % BYTE_LEN;
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 3f587f5..c44c107 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
- .iv_size = { 0 },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
{.auth = {
.algo = RTE_CRYPTO_AUTH_KASUMI_F9,
.block_size = 8,
@@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
.max = 4,
.increment = 0
},
- .aad_size = {
- .min = 8,
- .max = 8,
- .increment = 0
- }
+ .aad_size = { 0 }
}, }
}, }
},
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 11f3687..56c0536 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -245,7 +245,11 @@
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \
- .iv_size = { 0 }, \
+ .iv_size = { \
+ .min = 16, \
+ .max = 16, \
+ .increment = 0 \
+ }, \
{.auth = { \
.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, \
.block_size = 16, \
@@ -259,11 +263,7 @@
.max = 4, \
.increment = 0 \
}, \
- .aad_size = { \
- .min = 16, \
- .max = 16, \
- .increment = 0 \
- } \
+ .aad_size = { 0 } \
}, } \
}, } \
}, \
@@ -429,7 +429,11 @@
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \
- .iv_size = { 0 }, \
+ .iv_size = { \
+ .min = 8, \
+ .max = 8, \
+ .increment = 0 \
+ }, \
{.auth = { \
.algo = RTE_CRYPTO_AUTH_KASUMI_F9, \
.block_size = 8, \
@@ -443,11 +447,7 @@
.max = 4, \
.increment = 0 \
}, \
- .aad_size = { \
- .min = 8, \
- .max = 8, \
- .increment = 0 \
- } \
+ .aad_size = { 0 } \
}, } \
}, } \
}, \
@@ -557,7 +557,11 @@
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \
- .iv_size = { 0 }, \
+ .iv_size = { \
+ .min = 16, \
+ .max = 16, \
+ .increment = 0 \
+ }, \
{.auth = { \
.algo = RTE_CRYPTO_AUTH_ZUC_EIA3, \
.block_size = 16, \
@@ -571,11 +575,7 @@
.max = 4, \
.increment = 0 \
}, \
- .aad_size = { \
- .min = 16, \
- .max = 16, \
- .increment = 0 \
- } \
+ .aad_size = { 0 } \
}, } \
}, } \
}
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 30b9172..01e8d89 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -247,14 +247,9 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
uint8_t processed_ops = 0;
uint8_t *src, *dst;
uint32_t length_in_bits;
+ uint8_t *IV;
for (i = 0; i < num_ops; i++) {
- if (unlikely(ops[i]->sym->auth.aad.length != SNOW3G_IV_LENGTH)) {
- ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- SNOW3G_LOG_ERR("aad");
- break;
- }
-
/* Data must be byte aligned */
if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -266,13 +261,15 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
(ops[i]->sym->auth.data.offset >> 3);
+ IV = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+ session->iv_offset);
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
SNOW3G_DIGEST_LENGTH);
sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
- ops[i]->sym->auth.aad.data, src,
+ IV, src,
length_in_bits, dst);
/* Verify digest. */
if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -286,7 +283,7 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
dst = ops[i]->sym->auth.digest.data;
sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
- ops[i]->sym->auth.aad.data, src,
+ IV, src,
length_in_bits, dst);
}
processed_ops++;
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index a0f1488..86c229a 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
- .iv_size = { 0 },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
{.auth = {
.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
.block_size = 16,
@@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
.max = 4,
.increment = 0
},
- .aad_size = {
- .min = 16,
- .max = 16,
- .increment = 0
- }
+ .aad_size = { 0 }
}, }
}, }
},
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 266882b..510cf26 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -244,14 +244,9 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
uint8_t *src;
uint32_t *dst;
uint32_t length_in_bits;
+ uint8_t *IV;
for (i = 0; i < num_ops; i++) {
- if (unlikely(ops[i]->sym->auth.aad.length != ZUC_IV_KEY_LENGTH)) {
- ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- ZUC_LOG_ERR("aad");
- break;
- }
-
/* Data must be byte aligned */
if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -263,13 +258,15 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
(ops[i]->sym->auth.data.offset >> 3);
+ IV = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+ session->iv_offset);
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
ZUC_DIGEST_LENGTH);
sso_zuc_eia3_1_buffer(session->pKey_hash,
- ops[i]->sym->auth.aad.data, src,
+ IV, src,
length_in_bits, dst);
/* Verify digest. */
if (memcmp(dst, ops[i]->sym->auth.digest.data,
@@ -283,7 +280,7 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
dst = (uint32_t *)ops[i]->sym->auth.digest.data;
sso_zuc_eia3_1_buffer(session->pKey_hash,
- ops[i]->sym->auth.aad.data, src,
+ IV, src,
length_in_bits, dst);
}
processed_ops++;
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 4804bd1..271560d 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -43,7 +43,11 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
- .iv_size = { 0 },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
{.auth = {
.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
.block_size = 16,
@@ -57,11 +61,7 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
.max = 4,
.increment = 0
},
- .aad_size = {
- .min = 16,
- .max = 16,
- .increment = 0
- }
+ .aad_size = { 0 }
}, }
}, }
},
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 9309a08..55e4a27 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -560,9 +560,7 @@ struct rte_crypto_sym_op {
uint8_t *data;
/**< Pointer to Additional Authenticated Data (AAD)
* needed for authenticated cipher mechanisms (CCM and
- * GCM), and to the IV for SNOW 3G authentication
- * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
- * authentication mechanisms this pointer is ignored.
+ * GCM).
*
* The length of the data pointed to by this field is
* set up for the session in the @ref
--
2.7.4
More information about the dev
mailing list