@@ -142,7 +142,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
sym_op->auth.digest.data = test_vector->digest.data;
sym_op->auth.digest.phys_addr =
test_vector->digest.phys_addr;
- sym_op->auth.digest.length = options->auth_digest_sz;
} else {
uint32_t offset = options->test_buffer_size;
@@ -165,7 +164,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
uint8_t *, offset);
sym_op->auth.digest.phys_addr =
rte_pktmbuf_mtophys_offset(buf, offset);
- sym_op->auth.digest.length = options->auth_digest_sz;
sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
sym_op->auth.aad.data = test_vector->aad.data;
sym_op->auth.aad.length = options->auth_aad_sz;
@@ -221,7 +219,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
sym_op->auth.digest.data = test_vector->digest.data;
sym_op->auth.digest.phys_addr =
test_vector->digest.phys_addr;
- sym_op->auth.digest.length = options->auth_digest_sz;
} else {
uint32_t offset = options->test_buffer_size;
@@ -244,7 +241,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
uint8_t *, offset);
sym_op->auth.digest.phys_addr =
rte_pktmbuf_mtophys_offset(buf, offset);
- sym_op->auth.digest.length = options->auth_digest_sz;
sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr;
sym_op->auth.aad.data = test_vector->aad.data;
sym_op->auth.aad.length = options->auth_aad_sz;
@@ -298,7 +294,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
sym_op->auth.digest.data = test_vector->digest.data;
sym_op->auth.digest.phys_addr =
test_vector->digest.phys_addr;
- sym_op->auth.digest.length = options->auth_digest_sz;
} else {
uint32_t offset = sym_op->cipher.data.length +
@@ -322,8 +317,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
uint8_t *, offset);
sym_op->auth.digest.phys_addr =
rte_pktmbuf_mtophys_offset(buf, offset);
-
- sym_op->auth.digest.length = options->auth_digest_sz;
}
sym_op->auth.data.length = options->test_buffer_size;
@@ -77,6 +77,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
{
const struct rte_crypto_sym_xform *auth_xform;
const struct rte_crypto_sym_xform *cipher_xform;
+ uint16_t digest_length;
if (xform->next == NULL || xform->next->next != NULL) {
GCM_LOG_ERR("Two and only two chained xform required");
@@ -116,6 +117,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
return -EINVAL;
}
+ digest_length = auth_xform->auth.digest_length;
+
/* Check key length and calculate GCM pre-compute. */
switch (cipher_xform->cipher.key.length) {
case 16:
@@ -133,6 +136,15 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
return -EINVAL;
}
+ /* Digest check */
+ if (digest_length != 16 &&
+ digest_length != 12 &&
+ digest_length != 8) {
+ GCM_LOG_ERR("digest");
+ return -EINVAL;
+ }
+ sess->digest_length = digest_length;
+
return 0;
}
@@ -234,13 +246,6 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
*iv_padd = rte_bswap32(1);
}
- if (op->auth.digest.length != 16 &&
- op->auth.digest.length != 12 &&
- op->auth.digest.length != 8) {
- GCM_LOG_ERR("digest");
- return -1;
- }
-
if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
aesni_gcm_enc[session->key].init(&session->gdata,
@@ -270,11 +275,11 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
aesni_gcm_enc[session->key].finalize(&session->gdata,
op->auth.digest.data,
- (uint64_t)op->auth.digest.length);
+ (uint64_t)session->digest_length);
} else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */
uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ?
op->m_dst : op->m_src,
- op->auth.digest.length);
+ session->digest_length);
if (!auth_tag) {
GCM_LOG_ERR("auth_tag");
@@ -308,7 +313,7 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op,
aesni_gcm_dec[session->key].finalize(&session->gdata,
auth_tag,
- (uint64_t)op->auth.digest.length);
+ (uint64_t)session->digest_length);
}
return 0;
@@ -338,21 +343,21 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op)
if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
- m->data_len - op->sym->auth.digest.length);
+ m->data_len - session->digest_length);
#ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
rte_hexdump(stdout, "auth tag (orig):",
- op->sym->auth.digest.data, op->sym->auth.digest.length);
+ op->sym->auth.digest.data, session->digest_length);
rte_hexdump(stdout, "auth tag (calc):",
- tag, op->sym->auth.digest.length);
+ tag, session->digest_length);
#endif
if (memcmp(tag, op->sym->auth.digest.data,
- op->sym->auth.digest.length) != 0)
+ session->digest_length) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* trim area used for digest from mbuf */
- rte_pktmbuf_trim(m, op->sym->auth.digest.length);
+ rte_pktmbuf_trim(m, session->digest_length);
}
}
@@ -90,6 +90,8 @@ enum aesni_gcm_key {
/** AESNI GCM private session structure */
struct aesni_gcm_session {
+ uint16_t digest_length;
+ /**< Digest length */
enum aesni_gcm_operation op;
/**< GCM operation type */
enum aesni_gcm_key key;
@@ -451,6 +451,9 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
return -EINVAL;
}
+ /* Set the digest length */
+ sess->auth.digest_length = auth_xform->auth.digest_length;
+
/* Verify supported key lengths and extract proper algorithm */
switch (cipher_xform->cipher.key.length << 3) {
case 128:
@@ -645,7 +648,7 @@ process_armv8_chained_op
}
} else {
adst = (uint8_t *)rte_pktmbuf_append(m_asrc,
- op->sym->auth.digest.length);
+ sess->auth.digest_length);
}
if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
@@ -667,12 +670,12 @@ process_armv8_chained_op
op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
if (memcmp(adst, op->sym->auth.digest.data,
- op->sym->auth.digest.length) != 0) {
+ sess->auth.digest_length) != 0) {
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
/* Trim area used for digest from mbuf. */
rte_pktmbuf_trim(m_asrc,
- op->sym->auth.digest.length);
+ sess->auth.digest_length);
}
}
@@ -196,6 +196,8 @@ struct armv8_crypto_session {
/**< HMAC key (max supported length)*/
} hmac;
};
+ uint16_t digest_length;
+ /* Digest length */
} auth;
} __rte_cache_aligned;
@@ -84,7 +84,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
struct sec_flow_context *flc;
uint32_t auth_only_len = sym_op->auth.data.length -
sym_op->cipher.data.length;
- int icv_len = sym_op->auth.digest.length;
+ int icv_len = sess->digest_length;
uint8_t *old_icv;
uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len;
@@ -133,7 +133,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
"cipher_off: 0x%x/length %d, iv-len=%d data_off: 0x%x\n",
sym_op->auth.data.offset,
sym_op->auth.data.length,
- sym_op->auth.digest.length,
+ sess->digest_length,
sym_op->cipher.data.offset,
sym_op->cipher.data.length,
sym_op->cipher.iv.length,
@@ -159,7 +159,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
sge++;
DPAA2_SET_FLE_ADDR(sge,
DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
- sge->length = sym_op->auth.digest.length;
+ sge->length = sess->digest_length;
DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
sym_op->cipher.iv.length));
}
@@ -175,7 +175,7 @@ build_authenc_fd(dpaa2_sec_session *sess,
fle->length = (sess->dir == DIR_ENC) ?
(sym_op->auth.data.length + sym_op->cipher.iv.length) :
(sym_op->auth.data.length + sym_op->cipher.iv.length +
- sym_op->auth.digest.length);
+ sess->digest_length);
/* Configure Input SGE for Encap/Decap */
DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data));
@@ -190,12 +190,12 @@ build_authenc_fd(dpaa2_sec_session *sess,
sge++;
old_icv = (uint8_t *)(sge + 1);
memcpy(old_icv, sym_op->auth.digest.data,
- sym_op->auth.digest.length);
- memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+ sess->digest_length);
+ memset(sym_op->auth.digest.data, 0, sess->digest_length);
DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv));
- sge->length = sym_op->auth.digest.length;
+ sge->length = sess->digest_length;
DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length +
- sym_op->auth.digest.length +
+ sess->digest_length +
sym_op->cipher.iv.length));
}
DPAA2_SET_FLE_FIN(sge);
@@ -215,7 +215,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
uint32_t mem_len = (sess->dir == DIR_ENC) ?
(3 * sizeof(struct qbman_fle)) :
(5 * sizeof(struct qbman_fle) +
- sym_op->auth.digest.length);
+ sess->digest_length);
struct sec_flow_context *flc;
struct ctxt_priv *priv = sess->ctxt;
uint8_t *old_digest;
@@ -249,7 +249,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc));
DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data));
- fle->length = sym_op->auth.digest.length;
+ fle->length = sess->digest_length;
DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle));
DPAA2_SET_FD_COMPOUND_FMT(fd);
@@ -280,17 +280,17 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op,
sym_op->m_src->data_off);
DPAA2_SET_FD_LEN(fd, sym_op->auth.data.length +
- sym_op->auth.digest.length);
+ sess->digest_length);
sge->length = sym_op->auth.data.length;
sge++;
old_digest = (uint8_t *)(sge + 1);
rte_memcpy(old_digest, sym_op->auth.digest.data,
- sym_op->auth.digest.length);
- memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length);
+ sess->digest_length);
+ memset(sym_op->auth.digest.data, 0, sess->digest_length);
DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_digest));
- sge->length = sym_op->auth.digest.length;
+ sge->length = sess->digest_length;
fle->length = sym_op->auth.data.length +
- sym_op->auth.digest.length;
+ sess->digest_length;
DPAA2_SET_FLE_FIN(sge);
}
DPAA2_SET_FLE_FIN(fle);
@@ -904,6 +904,8 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
authdata.key_enc_flags = 0;
authdata.key_type = RTA_DATA_IMM;
+ session->digest_length = xform->auth.digest_length;
+
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_SHA1_HMAC:
authdata.algtype = OP_ALG_ALGSEL_SHA1;
@@ -1051,6 +1053,8 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
authdata.key_enc_flags = 0;
authdata.key_type = RTA_DATA_IMM;
+ session->digest_length = xform->auth.digest_length;
+
switch (auth_xform->algo) {
case RTE_CRYPTO_AUTH_SHA1_HMAC:
authdata.algtype = OP_ALG_ALGSEL_SHA1;
@@ -187,6 +187,7 @@ typedef struct dpaa2_sec_session_entry {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
} auth_key;
+ uint16_t digest_length;
uint8_t status;
union {
struct dpaa2_sec_cipher_ctxt cipher_ctxt;
@@ -124,6 +124,12 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
/* Only KASUMI F9 supported */
if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9)
return -EINVAL;
+
+ if (auth_xform->auth.digest_length != KASUMI_DIGEST_LENGTH) {
+ KASUMI_LOG_ERR("Wrong digest length");
+ return -EINVAL;
+ }
+
sess->auth_op = auth_xform->auth.op;
/* Initialize key */
sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
@@ -259,12 +265,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
break;
}
- if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) {
- ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- KASUMI_LOG_ERR("digest");
- break;
- }
-
/* Data must be byte aligned */
if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -285,19 +285,19 @@ process_kasumi_hash_op(struct rte_crypto_op **ops,
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
- ops[i]->sym->auth.digest.length);
+ KASUMI_DIGEST_LENGTH);
sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash,
IV, src,
length_in_bits, dst, direction);
/* Verify digest. */
if (memcmp(dst, ops[i]->sym->auth.digest.data,
- ops[i]->sym->auth.digest.length) != 0)
+ KASUMI_DIGEST_LENGTH) != 0)
ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* Trim area used for digest from mbuf. */
rte_pktmbuf_trim(ops[i]->sym->m_src,
- ops[i]->sym->auth.digest.length);
+ KASUMI_DIGEST_LENGTH);
} else {
dst = ops[i]->sym->auth.digest.data;
@@ -365,6 +365,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
return -EINVAL;
}
+ sess->auth.digest_length = xform->auth.digest_length;
+
return 0;
}
@@ -1116,7 +1118,7 @@ process_openssl_auth_op
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
- op->sym->auth.digest.length);
+ sess->auth.digest_length);
else {
dst = op->sym->auth.digest.data;
if (dst == NULL)
@@ -1144,11 +1146,11 @@ process_openssl_auth_op
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
if (memcmp(dst, op->sym->auth.digest.data,
- op->sym->auth.digest.length) != 0) {
+ sess->auth.digest_length) != 0) {
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
/* Trim area used for digest from mbuf. */
- rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);
+ rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length);
}
if (status != 0)
@@ -157,6 +157,9 @@ struct openssl_session {
/**< pointer to EVP context structure */
} hmac;
};
+
+ uint16_t digest_length;
+ /**< digest length */
} auth;
} __rte_cache_aligned;
@@ -127,6 +127,7 @@ struct qat_session {
struct icp_qat_fw_la_bulk_req fw_req;
uint32_t *aad_len;
struct qat_crypto_instance *inst;
+ uint16_t digest_length;
rte_spinlock_t lock; /* protects this struct */
};
@@ -1188,7 +1188,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data,
op->sym->cipher.iv.length);
rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
- op->sym->auth.digest.length);
+ ctx->digest_length);
rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
op->sym->auth.aad.length);
#endif
@@ -124,6 +124,12 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
/* Only SNOW 3G UIA2 supported */
if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
return -EINVAL;
+
+ if (auth_xform->auth.digest_length != SNOW3G_DIGEST_LENGTH) {
+ SNOW3G_LOG_ERR("Wrong digest length");
+ return -EINVAL;
+ }
+
sess->auth_op = auth_xform->auth.op;
/* Initialize key */
sso_snow3g_init_key_sched(auth_xform->auth.key.data,
@@ -254,12 +260,6 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
break;
}
- if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) {
- ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- SNOW3G_LOG_ERR("digest");
- break;
- }
-
/* Data must be byte aligned */
if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -274,19 +274,19 @@ process_snow3g_hash_op(struct rte_crypto_op **ops,
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
- ops[i]->sym->auth.digest.length);
+ SNOW3G_DIGEST_LENGTH);
sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
ops[i]->sym->auth.aad.data, src,
length_in_bits, dst);
/* Verify digest. */
if (memcmp(dst, ops[i]->sym->auth.digest.data,
- ops[i]->sym->auth.digest.length) != 0)
+ SNOW3G_DIGEST_LENGTH) != 0)
ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* Trim area used for digest from mbuf. */
rte_pktmbuf_trim(ops[i]->sym->m_src,
- ops[i]->sym->auth.digest.length);
+ SNOW3G_DIGEST_LENGTH);
} else {
dst = ops[i]->sym->auth.digest.data;
@@ -123,6 +123,12 @@ zuc_set_session_parameters(struct zuc_session *sess,
/* Only ZUC EIA3 supported */
if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3)
return -EINVAL;
+
+ if (auth_xform->auth.digest_length != ZUC_DIGEST_LENGTH) {
+ ZUC_LOG_ERR("Wrong digest length");
+ return -EINVAL;
+ }
+
sess->auth_op = auth_xform->auth.op;
/* Copy the key */
memcpy(sess->pKey_hash, auth_xform->auth.key.data,
@@ -245,12 +251,6 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
break;
}
- if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) {
- ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- ZUC_LOG_ERR("digest");
- break;
- }
-
/* Data must be byte aligned */
if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -265,19 +265,19 @@ process_zuc_hash_op(struct rte_crypto_op **ops,
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src,
- ops[i]->sym->auth.digest.length);
+ ZUC_DIGEST_LENGTH);
sso_zuc_eia3_1_buffer(session->pKey_hash,
ops[i]->sym->auth.aad.data, src,
length_in_bits, dst);
/* Verify digest. */
if (memcmp(dst, ops[i]->sym->auth.digest.data,
- ops[i]->sym->auth.digest.length) != 0)
+ ZUC_DIGEST_LENGTH) != 0)
ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* Trim area used for digest from mbuf. */
rte_pktmbuf_trim(ops[i]->sym->m_src,
- ops[i]->sym->auth.digest.length);
+ ZUC_DIGEST_LENGTH);
} else {
dst = (uint32_t *)ops[i]->sym->auth.digest.data;
@@ -305,7 +305,7 @@ struct rte_crypto_auth_xform {
* (for example RFC 2104, FIPS 198a).
*/
- uint32_t digest_length;
+ uint16_t digest_length;
/**< Length of the digest to be returned. If the verify option is set,
* this specifies the length of the digest to be compared for the
* session.
@@ -553,10 +553,6 @@ struct rte_crypto_sym_op {
*/
phys_addr_t phys_addr;
/**< Physical address of digest */
- uint16_t length;
- /**< Length of digest. This must be the same value as
- * @ref rte_crypto_auth_xform.digest_length.
- */
} digest; /**< Digest parameters */
struct {