@@ -121,9 +121,11 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
uint8_t *, iv_offset);
- memcpy(iv_ptr, test_vector->iv.data,
- test_vector->iv.length);
- } }
+ memcpy(iv_ptr, test_vector->cipher_iv.data,
+ test_vector->cipher_iv.length);
+
+ }
+ }
return 0;
}
@@ -134,7 +136,7 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
uint16_t nb_ops, struct rte_cryptodev_sym_session *sess,
const struct cperf_options *options,
const struct cperf_test_vector *test_vector,
- uint16_t iv_offset __rte_unused)
+ uint16_t iv_offset)
{
uint16_t i;
@@ -146,6 +148,14 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
sym_op->m_src = bufs_in[i];
sym_op->m_dst = bufs_out[i];
+ if (test_vector->auth_iv.length) {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+ uint8_t *,
+ iv_offset);
+ memcpy(iv_ptr, test_vector->auth_iv.data,
+ test_vector->auth_iv.length);
+ }
+
/* authentication parameters */
if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
sym_op->auth.digest.data = test_vector->digest.data;
@@ -190,6 +200,17 @@ cperf_set_ops_auth(struct rte_crypto_op **ops,
sym_op->auth.data.offset = 0;
}
+ if (options->test == CPERF_TEST_TYPE_VERIFY) {
+ if (test_vector->auth_iv.length) {
+ for (i = 0; i < nb_ops; i++) {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
+ uint8_t *, iv_offset);
+
+ memcpy(iv_ptr, test_vector->auth_iv.data,
+ test_vector->auth_iv.length);
+ }
+ }
+ }
return 0;
}
@@ -269,9 +290,19 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
uint8_t *, iv_offset);
- memcpy(iv_ptr, test_vector->iv.data,
- test_vector->iv.length);
+ memcpy(iv_ptr, test_vector->cipher_iv.data,
+ test_vector->cipher_iv.length);
+ if (test_vector->auth_iv.length) {
+ /*
+ * Copy IV after the crypto operation and
+ * the cipher IV
+ */
+ iv_ptr += test_vector->cipher_iv.length;
+ memcpy(iv_ptr, test_vector->auth_iv.data,
+ test_vector->auth_iv.length);
+ }
}
+
}
return 0;
@@ -345,8 +376,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
uint8_t *, iv_offset);
- memcpy(iv_ptr, test_vector->iv.data,
- test_vector->iv.length);
+ memcpy(iv_ptr, test_vector->cipher_iv.data,
+ test_vector->cipher_iv.length);
}
}
@@ -379,8 +410,8 @@ cperf_create_session(uint8_t dev_id,
test_vector->cipher_key.data;
cipher_xform.cipher.key.length =
test_vector->cipher_key.length;
- cipher_xform.cipher.iv.length = test_vector->iv.length;
-
+ cipher_xform.cipher.iv.length =
+ test_vector->cipher_iv.length;
} else {
cipher_xform.cipher.key.data = NULL;
cipher_xform.cipher.key.length = 0;
@@ -406,11 +437,14 @@ cperf_create_session(uint8_t dev_id,
auth_xform.auth.key.length =
test_vector->auth_key.length;
auth_xform.auth.key.data = test_vector->auth_key.data;
+ auth_xform.auth.iv.length =
+ test_vector->auth_iv.length;
} else {
auth_xform.auth.digest_length = 0;
auth_xform.auth.add_auth_data_length = 0;
auth_xform.auth.key.length = 0;
auth_xform.auth.key.data = NULL;
+ auth_xform.auth.iv.length = 0;
}
/* create crypto session */
sess = rte_cryptodev_sym_session_create(dev_id, &auth_xform);
@@ -436,7 +470,8 @@ cperf_create_session(uint8_t dev_id,
test_vector->cipher_key.data;
cipher_xform.cipher.key.length =
test_vector->cipher_key.length;
- cipher_xform.cipher.iv.length = test_vector->iv.length;
+ cipher_xform.cipher.iv.length =
+ test_vector->cipher_iv.length;
} else {
cipher_xform.cipher.key.data = NULL;
cipher_xform.cipher.key.length = 0;
@@ -461,17 +496,21 @@ cperf_create_session(uint8_t dev_id,
options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) {
auth_xform.auth.key.length = 0;
auth_xform.auth.key.data = NULL;
+ auth_xform.auth.iv.length = 0;
} else { /* auth options for others */
auth_xform.auth.key.length =
test_vector->auth_key.length;
auth_xform.auth.key.data =
test_vector->auth_key.data;
+ auth_xform.auth.iv.length =
+ test_vector->auth_iv.length;
}
} else {
auth_xform.auth.digest_length = 0;
auth_xform.auth.add_auth_data_length = 0;
auth_xform.auth.key.length = 0;
auth_xform.auth.key.data = NULL;
+ auth_xform.auth.iv.length = 0;
}
/* create crypto session for aes gcm */
@@ -28,6 +28,7 @@
#define CPERF_AUTH_ALGO ("auth-algo")
#define CPERF_AUTH_OP ("auth-op")
#define CPERF_AUTH_KEY_SZ ("auth-key-sz")
+#define CPERF_AUTH_IV_SZ ("auth-iv-sz")
#define CPERF_AUTH_DIGEST_SZ ("auth-digest-sz")
#define CPERF_AUTH_AAD_SZ ("auth-aad-sz")
#define CPERF_CSV ("csv-friendly")
@@ -76,6 +77,7 @@ struct cperf_options {
enum rte_crypto_auth_operation auth_op;
uint16_t auth_key_sz;
+ uint16_t auth_iv_sz;
uint16_t auth_digest_sz;
uint16_t auth_aad_sz;
@@ -549,6 +549,12 @@ parse_auth_digest_sz(struct cperf_options *opts, const char *arg)
}
static int
+parse_auth_iv_sz(struct cperf_options *opts, const char *arg)
+{
+ return parse_uint16_t(&opts->auth_iv_sz, arg);
+}
+
+static int
parse_auth_aad_sz(struct cperf_options *opts, const char *arg)
{
return parse_uint16_t(&opts->auth_aad_sz, arg);
@@ -651,6 +657,7 @@ cperf_options_default(struct cperf_options *opts)
opts->auth_key_sz = 64;
opts->auth_digest_sz = 12;
+ opts->auth_iv_sz = 0;
opts->auth_aad_sz = 0;
}
@@ -678,6 +685,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
{ CPERF_AUTH_ALGO, parse_auth_algo },
{ CPERF_AUTH_OP, parse_auth_op },
{ CPERF_AUTH_KEY_SZ, parse_auth_key_sz },
+ { CPERF_AUTH_IV_SZ, parse_auth_iv_sz },
{ CPERF_AUTH_DIGEST_SZ, parse_auth_digest_sz },
{ CPERF_AUTH_AAD_SZ, parse_auth_aad_sz },
{ CPERF_CSV, parse_csv_friendly},
@@ -914,6 +922,7 @@ cperf_options_dump(struct cperf_options *opts)
printf("# auth operation: %s\n",
rte_crypto_auth_operation_strings[opts->auth_op]);
printf("# auth key size: %u\n", opts->auth_key_sz);
+ printf("# auth iv size: %u\n", opts->auth_iv_sz);
printf("# auth digest size: %u\n", opts->auth_digest_sz);
printf("# auth aad size: %u\n", opts->auth_aad_sz);
printf("#\n");
@@ -285,7 +285,9 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
dev_id);
- uint16_t priv_size = sizeof(struct priv_op_data) + test_vector->iv.length;
+ uint16_t priv_size = sizeof(struct priv_op_data) +
+ test_vector->cipher_iv.length +
+ test_vector->auth_iv.length;
ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
512, priv_size, rte_socket_id());
@@ -266,7 +266,8 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
dev_id);
- uint16_t priv_size = test_vector->iv.length;
+ uint16_t priv_size = test_vector->cipher_iv.length +
+ test_vector->auth_iv.length;
ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
@@ -15,7 +15,8 @@ free_test_vector(struct cperf_test_vector *vector, struct cperf_options *opts)
if (vector == NULL || opts == NULL)
return -1;
- rte_free(vector->iv.data);
+ rte_free(vector->cipher_iv.data);
+ rte_free(vector->auth_iv.data);
rte_free(vector->aad.data);
rte_free(vector->digest.data);
@@ -84,15 +85,28 @@ show_test_vector(struct cperf_test_vector *test_vector)
printf("\n");
}
- if (test_vector->iv.data) {
- printf("\niv =\n");
- for (i = 0; i < test_vector->iv.length; ++i) {
+ if (test_vector->cipher_iv.data) {
+ printf("\ncipher_iv =\n");
+ for (i = 0; i < test_vector->cipher_iv.length; ++i) {
if ((i % wrap == 0) && (i != 0))
printf("\n");
- if (i == (uint32_t)(test_vector->iv.length - 1))
- printf("0x%02x", test_vector->iv.data[i]);
+ if (i == (uint32_t)(test_vector->cipher_iv.length - 1))
+ printf("0x%02x", test_vector->cipher_iv.data[i]);
else
- printf("0x%02x, ", test_vector->iv.data[i]);
+ printf("0x%02x, ", test_vector->cipher_iv.data[i]);
+ }
+ printf("\n");
+ }
+
+ if (test_vector->auth_iv.data) {
+ printf("\nauth_iv =\n");
+ for (i = 0; i < test_vector->auth_iv.length; ++i) {
+ if ((i % wrap == 0) && (i != 0))
+ printf("\n");
+ if (i == (uint32_t)(test_vector->auth_iv.length - 1))
+ printf("0x%02x", test_vector->auth_iv.data[i]);
+ else
+ printf("0x%02x, ", test_vector->auth_iv.data[i]);
}
printf("\n");
}
@@ -300,18 +314,32 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
vector->auth_key.length = opts->auth_key_sz;
}
- } else if (strstr(key_token, "iv")) {
- rte_free(vector->iv.data);
- vector->iv.data = data;
+ } else if (strstr(key_token, "cipher_iv")) {
+ rte_free(vector->cipher_iv.data);
+ vector->cipher_iv.data = data;
if (tc_found)
- vector->iv.length = data_length;
+ vector->cipher_iv.length = data_length;
else {
if (opts->cipher_iv_sz > data_length) {
- printf("Global iv shorter than "
+ printf("Global cipher iv shorter than "
"cipher_iv_sz\n");
return -1;
}
- vector->iv.length = opts->cipher_iv_sz;
+ vector->cipher_iv.length = opts->cipher_iv_sz;
+ }
+
+ } else if (strstr(key_token, "auth_iv")) {
+ rte_free(vector->auth_iv.data);
+ vector->auth_iv.data = data;
+ if (tc_found)
+ vector->auth_iv.length = data_length;
+ else {
+ if (opts->auth_iv_sz > data_length) {
+ printf("Global auth iv shorter than "
+ "auth_iv_sz\n");
+ return -1;
+ }
+ vector->auth_iv.length = opts->auth_iv_sz;
}
} else if (strstr(key_token, "ciphertext")) {
@@ -409,32 +409,34 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
t_vec->cipher_key.length = 0;
t_vec->ciphertext.data = plaintext;
t_vec->cipher_key.data = NULL;
- t_vec->iv.data = NULL;
+ t_vec->cipher_iv.data = NULL;
} else {
t_vec->cipher_key.length = options->cipher_key_sz;
t_vec->ciphertext.data = ciphertext;
t_vec->cipher_key.data = cipher_key;
- t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+ t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
16);
- if (t_vec->iv.data == NULL) {
+ if (t_vec->cipher_iv.data == NULL) {
rte_free(t_vec);
return NULL;
}
- memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
+ memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
}
t_vec->ciphertext.length = options->max_buffer_size;
+
/* Set IV parameters */
- t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
- 16);
- if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+ t_vec->cipher_iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+ 16);
+ if (options->cipher_iv_sz && t_vec->cipher_iv.data == NULL) {
rte_free(t_vec);
return NULL;
}
- memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
- t_vec->iv.length = options->cipher_iv_sz;
+ memcpy(t_vec->cipher_iv.data, iv, options->cipher_iv_sz);
+ t_vec->cipher_iv.length = options->cipher_iv_sz;
t_vec->data.cipher_offset = 0;
t_vec->data.cipher_length = options->max_buffer_size;
+
}
if (options->op_type == CPERF_AUTH_ONLY ||
@@ -476,7 +478,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
options->auth_aad_sz, 16);
if (t_vec->aad.data == NULL) {
if (options->op_type != CPERF_AUTH_ONLY)
- rte_free(t_vec->iv.data);
+ rte_free(t_vec->cipher_iv.data);
rte_free(t_vec);
return NULL;
}
@@ -485,13 +487,26 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
t_vec->aad.data = NULL;
}
+ /* Set IV parameters */
+ t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz,
+ 16);
+ if (options->auth_iv_sz && t_vec->auth_iv.data == NULL) {
+ if (options->op_type != CPERF_AUTH_ONLY)
+ rte_free(t_vec->cipher_iv.data);
+ rte_free(t_vec);
+ return NULL;
+ }
+ memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz);
+ t_vec->auth_iv.length = options->auth_iv_sz;
+
t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data);
t_vec->aad.length = options->auth_aad_sz;
t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz,
16);
if (t_vec->digest.data == NULL) {
if (options->op_type != CPERF_AUTH_ONLY)
- rte_free(t_vec->iv.data);
+ rte_free(t_vec->cipher_iv.data);
+ rte_free(t_vec->auth_iv.data);
rte_free(t_vec->aad.data);
rte_free(t_vec);
return NULL;
@@ -53,9 +53,13 @@ struct cperf_test_vector {
struct {
uint8_t *data;
- phys_addr_t phys_addr;
uint16_t length;
- } iv;
+ } cipher_iv;
+
+ struct {
+ uint8_t *data;
+ uint16_t length;
+ } auth_iv;
struct {
uint8_t *data;
@@ -270,7 +270,8 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
snprintf(pool_name, sizeof(pool_name), "cperf_op_pool_cdev_%d",
dev_id);
- uint16_t priv_size = test_vector->iv.length;
+ uint16_t priv_size = test_vector->cipher_iv.length +
+ test_vector->auth_iv.length;
ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
512, priv_size, rte_socket_id());
@@ -282,7 +282,7 @@ auth_key =
0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
-iv =
+cipher_iv =
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
####################
@@ -283,7 +283,7 @@ auth_key =
0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
-iv =
+cipher_iv =
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
####################
@@ -283,7 +283,7 @@ auth_key =
0xe8, 0x38, 0x36, 0x58, 0x39, 0xd9, 0x9a, 0xc5, 0xe7, 0x3b, 0xc4, 0x47, 0xe2, 0xbd, 0x80, 0x73,
0xf8, 0xd1, 0x9a, 0x5e, 0x4b, 0xfb, 0x52, 0x6b, 0x50, 0xaf, 0x8b, 0xb7, 0xb5, 0x2c, 0x52, 0x84
-iv =
+cipher_iv =
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
####################
@@ -138,7 +138,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
capability,
opts->auth_key_sz,
opts->auth_digest_sz,
- opts->auth_aad_sz);
+ opts->auth_aad_sz,
+ opts->auth_iv_sz);
if (ret != 0)
return ret;
}
@@ -185,9 +186,9 @@ cperf_check_test_vector(struct cperf_options *opts,
return -1;
if (test_vec->ciphertext.length < opts->max_buffer_size)
return -1;
- if (test_vec->iv.data == NULL)
+ if (test_vec->cipher_iv.data == NULL)
return -1;
- if (test_vec->iv.length != opts->cipher_iv_sz)
+ if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
return -1;
if (test_vec->cipher_key.data == NULL)
return -1;
@@ -204,6 +205,11 @@ cperf_check_test_vector(struct cperf_options *opts,
return -1;
if (test_vec->auth_key.length != opts->auth_key_sz)
return -1;
+ if (test_vec->auth_iv.length != opts->auth_iv_sz)
+ return -1;
+ /* Auth IV is only required for some algorithms */
+ if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+ return -1;
if (test_vec->digest.data == NULL)
return -1;
if (test_vec->digest.length < opts->auth_digest_sz)
@@ -226,9 +232,9 @@ cperf_check_test_vector(struct cperf_options *opts,
return -1;
if (test_vec->ciphertext.length < opts->max_buffer_size)
return -1;
- if (test_vec->iv.data == NULL)
+ if (test_vec->cipher_iv.data == NULL)
return -1;
- if (test_vec->iv.length != opts->cipher_iv_sz)
+ if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
return -1;
if (test_vec->cipher_key.data == NULL)
return -1;
@@ -240,6 +246,11 @@ cperf_check_test_vector(struct cperf_options *opts,
return -1;
if (test_vec->auth_key.length != opts->auth_key_sz)
return -1;
+ if (test_vec->auth_iv.length != opts->auth_iv_sz)
+ return -1;
+ /* Auth IV is only required for some algorithms */
+ if (opts->auth_iv_sz && test_vec->auth_iv.data == NULL)
+ return -1;
if (test_vec->digest.data == NULL)
return -1;
if (test_vec->digest.length < opts->auth_digest_sz)
@@ -254,6 +265,10 @@ cperf_check_test_vector(struct cperf_options *opts,
return -1;
if (test_vec->ciphertext.length < opts->max_buffer_size)
return -1;
+ if (test_vec->cipher_iv.data == NULL)
+ return -1;
+ if (test_vec->cipher_iv.length != opts->cipher_iv_sz)
+ return -1;
if (test_vec->aad.data == NULL)
return -1;
if (test_vec->aad.length != opts->auth_aad_sz)
@@ -245,7 +245,8 @@ algorithm AES_CBC.
.max = 12,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}
}
},
@@ -161,6 +161,8 @@ API Changes
offset from the start of the crypto operation.
* Moved length and offset of cipher IV from ``rte_crypto_sym_op`` to
``rte_crypto_cipher_xform``.
+ * Added authentication IV parameters (offset and length) in
+ ``rte_crypto_auth_xform``.
ABI Changes
@@ -86,9 +86,10 @@ The application requires a number of command line options:
./build/l2fwd-crypto [EAL options] -- [-p PORTMASK] [-q NQ] [-s] [-T PERIOD] /
[--cdev_type HW/SW/ANY] [--chain HASH_CIPHER/CIPHER_HASH/CIPHER_ONLY/HASH_ONLY] /
[--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_key KEY] /
- [--cipher_key_random_size SIZE] [--iv IV] [--iv_random_size SIZE] /
+ [--cipher_key_random_size SIZE] [--cipher_iv IV] [--cipher_iv_random_size SIZE] /
[--auth_algo ALGO] [--auth_op GENERATE/VERIFY] [--auth_key KEY] /
- [--auth_key_random_size SIZE] [--aad AAD] [--aad_random_size SIZE] /
+ [--auth_key_random_size SIZE] [--auth_iv IV] [--auth_iv_random_size SIZE] /
+ [--aad AAD] [--aad_random_size SIZE] /
[--digest size SIZE] [--sessionless] [--cryptodev_mask MASK]
where,
@@ -127,11 +128,11 @@ where,
Note that if --cipher_key is used, this will be ignored.
-* iv: set the IV to be used. Bytes has to be separated with ":"
+* cipher_iv: set the cipher IV to be used. Bytes has to be separated with ":"
-* iv_random_size: set the size of the IV, which will be generated randomly.
+* cipher_iv_random_size: set the size of the cipher IV, which will be generated randomly.
- Note that if --iv is used, this will be ignored.
+ Note that if --cipher_iv is used, this will be ignored.
* auth_algo: select the authentication algorithm (default is sha1-hmac)
@@ -147,6 +148,12 @@ where,
Note that if --auth_key is used, this will be ignored.
+* auth_iv: set the auth IV to be used. Bytes has to be separated with ":"
+
+* auth_iv_random_size: set the size of the auth IV, which will be generated randomly.
+
+ Note that if --auth_iv is used, this will be ignored.
+
* aad: set the AAD to be used. Bytes has to be separated with ":"
* aad_random_size: set the size of the AAD, which will be generated randomly.
@@ -290,6 +290,10 @@ The following are the appication command-line options:
Set the size of authentication key.
+* ``--auth-iv-sz <n>``
+
+ Set the size of auth iv.
+
* ``--auth-digest-sz <n>``
Set the size of authentication digest.
@@ -345,9 +349,13 @@ a string of bytes in C byte array format::
Key used in auth operation.
-* ``iv``
+* ``cipher_iv``
+
+ Cipher Initial Vector.
+
+* ``auth_iv``
- Initial vector.
+ Auth Initial Vector.
* ``aad``
@@ -412,7 +420,7 @@ Test vector file for cipher algorithm aes cbc 256 with authorization sha::
0xf5, 0x0c, 0xe7, 0xa2, 0xa6, 0x23, 0xd5, 0x3d, 0x95, 0xd8, 0xcd, 0x86, 0x79, 0xf5, 0x01, 0x47,
0x4f, 0xf9, 0x1d, 0x9d, 0x36, 0xf7, 0x68, 0x1a, 0x64, 0x44, 0x58, 0x5d, 0xe5, 0x81, 0x15, 0x2a,
0x41, 0xe4, 0x0e, 0xaa, 0x1f, 0x04, 0x21, 0xff, 0x2c, 0xf3, 0x73, 0x2b, 0x48, 0x1e, 0xd2, 0xf7
- iv =
+ cipher_iv =
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
# Section sha 1 hmac buff 32
[sha1_hmac_buff_32]
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
.min = 0,
.max = 65535,
.increment = 1
- }
+ },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -85,7 +86,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
.min = 0,
.max = 65535,
.increment = 1
- }
+ },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 12,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 12,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 14,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 16,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 24,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 32,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -183,7 +189,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.max = 12,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -59,7 +59,8 @@ static const struct rte_cryptodev_capabilities
.max = 20,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -80,7 +81,8 @@ static const struct rte_cryptodev_capabilities
.max = 32,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -217,7 +217,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
.max = 16,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -238,7 +239,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
.max = 20,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -259,7 +261,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
.max = 28,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -280,7 +283,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
.max = 32,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -301,7 +305,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
.max = 48,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -322,7 +327,8 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
.max = 64,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities kasumi_pmd_capabilities[] = {
.min = 8,
.max = 8,
.increment = 0
- }
+ },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -56,7 +56,8 @@ static const struct rte_cryptodev_capabilities null_crypto_pmd_capabilities[] =
.max = 0,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, },
}, },
},
@@ -57,7 +57,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 16,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -78,7 +79,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 16,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -99,7 +101,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 20,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -120,7 +123,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 20,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -141,7 +145,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 28,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -162,7 +167,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 28,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -183,31 +189,33 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 32,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
{ /* SHA256 */
- .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
- {.sym = {
- .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
- {.auth = {
- .algo = RTE_CRYPTO_AUTH_SHA256,
- .block_size = 64,
- .key_size = {
- .min = 0,
- .max = 0,
- .increment = 0
- },
- .digest_size = {
- .min = 32,
- .max = 32,
- .increment = 0
- },
- .aad_size = { 0 }
- }, }
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
- },
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -225,7 +233,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 48,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -246,7 +255,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 48,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -267,7 +277,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 64,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -288,7 +299,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.max = 64,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -353,7 +365,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.min = 0,
.max = 65535,
.increment = 1
- }
+ },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -398,7 +411,8 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.min = 8,
.max = 65532,
.increment = 4
- }
+ },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -52,7 +52,8 @@
.max = 20, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -73,7 +74,8 @@
.max = 28, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -94,7 +96,8 @@
.max = 32, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -114,8 +117,9 @@
.min = 48, \
.max = 48, \
.increment = 0 \
- }, \
- .aad_size = { 0 } \
+ }, \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -136,7 +140,8 @@
.max = 64, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -157,7 +162,8 @@
.max = 16, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -178,7 +184,8 @@
.max = 16, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -203,7 +210,8 @@
.min = 0, \
.max = 240, \
.increment = 1 \
- } \
+ }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -228,7 +236,8 @@
.min = 1, \
.max = 65535, \
.increment = 1 \
- } \
+ }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -253,7 +262,8 @@
.min = 16, \
.max = 16, \
.increment = 0 \
- } \
+ }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -374,7 +384,8 @@
.max = 0, \
.increment = 0 \
}, \
- .aad_size = { 0 } \
+ .aad_size = { 0 }, \
+ .iv_size = { 0 } \
}, }, \
}, }, \
}, \
@@ -439,7 +450,8 @@
.min = 8, \
.max = 8, \
.increment = 0 \
- } \
+ }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}, \
@@ -566,7 +578,8 @@
.min = 16, \
.max = 16, \
.increment = 0 \
- } \
+ }, \
+ .iv_size = { 0 } \
}, } \
}, } \
}
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities snow3g_pmd_capabilities[] = {
.min = 16,
.max = 16,
.increment = 0
- }
+ },
+ .iv_size = { 0 },
}, }
}, }
},
@@ -60,7 +60,8 @@ static const struct rte_cryptodev_capabilities zuc_pmd_capabilities[] = {
.min = 16,
.max = 16,
.increment = 0
- }
+ },
+ .iv_size = { 0 }
}, }
}, }
},
@@ -160,14 +160,18 @@ struct l2fwd_crypto_options {
unsigned ckey_param;
int ckey_random_size;
- struct l2fwd_iv iv;
- unsigned int iv_param;
- int iv_random_size;
+ struct l2fwd_iv cipher_iv;
+ unsigned int cipher_iv_param;
+ int cipher_iv_random_size;
struct rte_crypto_sym_xform auth_xform;
uint8_t akey_param;
int akey_random_size;
+ struct l2fwd_iv auth_iv;
+ unsigned int auth_iv_param;
+ int auth_iv_random_size;
+
struct l2fwd_key aad;
unsigned aad_param;
int aad_random_size;
@@ -188,7 +192,8 @@ struct l2fwd_crypto_params {
unsigned digest_length;
unsigned block_size;
- struct l2fwd_iv iv;
+ struct l2fwd_iv cipher_iv;
+ struct l2fwd_iv auth_iv;
struct l2fwd_key aad;
struct rte_cryptodev_sym_session *session;
@@ -453,6 +458,18 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
rte_crypto_op_attach_sym_session(op, cparams->session);
if (cparams->do_hash) {
+ if (cparams->auth_iv.length) {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
+ uint8_t *,
+ IV_OFFSET +
+ cparams->cipher_iv.length);
+ /*
+ * Copy IV at the end of the crypto operation,
+ * after the cipher IV, if added
+ */
+ rte_memcpy(iv_ptr, cparams->auth_iv.data,
+ cparams->auth_iv.length);
+ }
if (!cparams->hash_verify) {
/* Append space for digest to end of packet */
op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
@@ -492,7 +509,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
IV_OFFSET);
/* Copy IV at the end of the crypto operation */
- rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
+ rte_memcpy(iv_ptr, cparams->cipher_iv.data,
+ cparams->cipher_iv.length);
/* For wireless algorithms, offset/length must be in bits */
if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
@@ -675,6 +693,18 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
port_cparams[i].block_size = options->block_size;
if (port_cparams[i].do_hash) {
+ port_cparams[i].auth_iv.data = options->auth_iv.data;
+ port_cparams[i].auth_iv.length = options->auth_iv.length;
+ if (!options->auth_iv_param)
+ generate_random_key(port_cparams[i].auth_iv.data,
+ port_cparams[i].auth_iv.length);
+ /* Set IV parameters */
+ if (options->auth_iv.length) {
+ options->auth_xform.auth.iv.offset =
+ IV_OFFSET + options->cipher_iv.length;
+ options->auth_xform.auth.iv.length =
+ options->auth_iv.length;
+ }
port_cparams[i].digest_length =
options->auth_xform.auth.digest_length;
if (options->auth_xform.auth.add_auth_data_length) {
@@ -698,16 +728,17 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
}
if (port_cparams[i].do_cipher) {
- port_cparams[i].iv.data = options->iv.data;
- port_cparams[i].iv.length = options->iv.length;
- if (!options->iv_param)
- generate_random_key(port_cparams[i].iv.data,
- port_cparams[i].iv.length);
+ port_cparams[i].cipher_iv.data = options->cipher_iv.data;
+ port_cparams[i].cipher_iv.length = options->cipher_iv.length;
+ if (!options->cipher_iv_param)
+ generate_random_key(port_cparams[i].cipher_iv.data,
+ port_cparams[i].cipher_iv.length);
port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
/* Set IV parameters */
options->cipher_xform.cipher.iv.offset = IV_OFFSET;
- options->cipher_xform.cipher.iv.length = options->iv.length;
+ options->cipher_xform.cipher.iv.length =
+ options->cipher_iv.length;
}
port_cparams[i].session = initialize_crypto_session(options,
@@ -861,13 +892,15 @@ l2fwd_crypto_usage(const char *prgname)
" --cipher_op ENCRYPT / DECRYPT\n"
" --cipher_key KEY (bytes separated with \":\")\n"
" --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
- " --iv IV (bytes separated with \":\")\n"
- " --iv_random_size SIZE: size of IV when generated randomly\n"
+ " --cipher_iv IV (bytes separated with \":\")\n"
+ " --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
" --auth_algo ALGO\n"
" --auth_op GENERATE / VERIFY\n"
" --auth_key KEY (bytes separated with \":\")\n"
" --auth_key_random_size SIZE: size of auth key when generated randomly\n"
+ " --auth_iv IV (bytes separated with \":\")\n"
+ " --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
" --aad AAD (bytes separated with \":\")\n"
" --aad_random_size SIZE: size of AAD when generated randomly\n"
" --digest_size SIZE: size of digest to be generated/verified\n"
@@ -1078,18 +1111,18 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
return parse_size(&options->ckey_random_size, optarg);
- else if (strcmp(lgopts[option_index].name, "iv") == 0) {
- options->iv_param = 1;
- options->iv.length =
- parse_key(options->iv.data, optarg);
- if (options->iv.length > 0)
+ else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
+ options->cipher_iv_param = 1;
+ options->cipher_iv.length =
+ parse_key(options->cipher_iv.data, optarg);
+ if (options->cipher_iv.length > 0)
return 0;
else
return -1;
}
- else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
- return parse_size(&options->iv_random_size, optarg);
+ else if (strcmp(lgopts[option_index].name, "cipher_iv_random_size") == 0)
+ return parse_size(&options->cipher_iv_random_size, optarg);
/* Authentication options */
else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
@@ -1115,6 +1148,20 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
return parse_size(&options->akey_random_size, optarg);
}
+
+ else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
+ options->auth_iv_param = 1;
+ options->auth_iv.length =
+ parse_key(options->auth_iv.data, optarg);
+ if (options->auth_iv.length > 0)
+ return 0;
+ else
+ return -1;
+ }
+
+ else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
+ return parse_size(&options->auth_iv_random_size, optarg);
+
else if (strcmp(lgopts[option_index].name, "aad") == 0) {
options->aad_param = 1;
options->aad.length =
@@ -1233,9 +1280,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
options->ckey_param = 0;
options->ckey_random_size = -1;
options->cipher_xform.cipher.key.length = 0;
- options->iv_param = 0;
- options->iv_random_size = -1;
- options->iv.length = 0;
+ options->cipher_iv_param = 0;
+ options->cipher_iv_random_size = -1;
+ options->cipher_iv.length = 0;
options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1246,6 +1293,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
options->akey_param = 0;
options->akey_random_size = -1;
options->auth_xform.auth.key.length = 0;
+ options->auth_iv_param = 0;
+ options->auth_iv_random_size = -1;
+ options->auth_iv.length = 0;
options->aad_param = 0;
options->aad_random_size = -1;
options->aad.length = 0;
@@ -1267,7 +1317,7 @@ display_cipher_info(struct l2fwd_crypto_options *options)
rte_hexdump(stdout, "Cipher key:",
options->cipher_xform.cipher.key.data,
options->cipher_xform.cipher.key.length);
- rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+ rte_hexdump(stdout, "IV:", options->cipher_iv.data, options->cipher_iv.length);
}
static void
@@ -1279,6 +1329,7 @@ display_auth_info(struct l2fwd_crypto_options *options)
rte_hexdump(stdout, "Auth key:",
options->auth_xform.auth.key.data,
options->auth_xform.auth.key.length);
+ rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
}
@@ -1316,8 +1367,11 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
if (options->akey_param && (options->akey_random_size != -1))
printf("Auth key already parsed, ignoring size of random key\n");
- if (options->iv_param && (options->iv_random_size != -1))
- printf("IV already parsed, ignoring size of random IV\n");
+ if (options->cipher_iv_param && (options->cipher_iv_random_size != -1))
+ printf("Cipher IV already parsed, ignoring size of random IV\n");
+
+ if (options->auth_iv_param && (options->auth_iv_random_size != -1))
+ printf("Auth IV already parsed, ignoring size of random IV\n");
if (options->aad_param && (options->aad_random_size != -1))
printf("AAD already parsed, ignoring size of random AAD\n");
@@ -1365,14 +1419,16 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
{ "cipher_op", required_argument, 0, 0 },
{ "cipher_key", required_argument, 0, 0 },
{ "cipher_key_random_size", required_argument, 0, 0 },
+ { "cipher_iv", required_argument, 0, 0 },
+ { "cipher_iv_random_size", required_argument, 0, 0 },
{ "auth_algo", required_argument, 0, 0 },
{ "auth_op", required_argument, 0, 0 },
{ "auth_key", required_argument, 0, 0 },
{ "auth_key_random_size", required_argument, 0, 0 },
+ { "auth_iv", required_argument, 0, 0 },
+ { "auth_iv_random_size", required_argument, 0, 0 },
- { "iv", required_argument, 0, 0 },
- { "iv_random_size", required_argument, 0, 0 },
{ "aad", required_argument, 0, 0 },
{ "aad_random_size", required_argument, 0, 0 },
{ "digest_size", required_argument, 0, 0 },
@@ -1660,8 +1716,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
options->block_size = cap->sym.cipher.block_size;
- check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
- options->iv_random_size, &options->iv.length);
+ check_iv_param(&cap->sym.cipher.iv_size,
+ options->cipher_iv_param,
+ options->cipher_iv_random_size,
+ &options->cipher_iv.length);
/*
* Check if length of provided cipher key is supported
@@ -1731,6 +1789,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
continue;
}
+ check_iv_param(&cap->sym.auth.iv_size,
+ options->auth_iv_param,
+ options->auth_iv_random_size,
+ &options->auth_iv.length);
/*
* Check if length of provided AAD is supported
* by the algorithm chosen.
@@ -1972,9 +2034,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
if (options->auth_xform.auth.key.data == NULL)
rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
- options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
- if (options->iv.data == NULL)
- rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
+ options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
+ if (options->cipher_iv.data == NULL)
+ rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
+
+ options->auth_iv.data = rte_malloc("auth iv", MAX_KEY_SIZE, 0);
+ if (options->auth_iv.data == NULL)
+ rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
if (options->aad.data == NULL)
@@ -393,6 +393,30 @@ struct rte_crypto_auth_xform {
* of the AAD data is specified in additional authentication data
* length field of the rte_crypto_sym_op_data structure
*/
+
+ struct {
+ uint16_t offset;
+ /**< Starting point for Initialisation Vector or Counter,
+ * specified as number of bytes from start of crypto
+ * operation (rte_crypto_op).
+ *
+ * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode,
+ * for ZUC in EIA3 mode and for AES-GMAC, this is the
+ * authentication Initialisation Vector (IV) value.
+ *
+ *
+ * For optimum performance, the data pointed to SHOULD
+ * be 8-byte aligned.
+ */
+ uint16_t length;
+ /**< Length of valid IV data.
+ *
+ * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for
+ * ZUC in EIA3 mode and for AES-GMAC, this is the length
+ * of the IV.
+ *
+ */
+ } iv; /**< Initialisation vector parameters */
};
/** Crypto transformation types */
@@ -272,7 +272,8 @@ rte_cryptodev_sym_capability_check_cipher(
int
rte_cryptodev_sym_capability_check_auth(
const struct rte_cryptodev_symmetric_capability *capability,
- uint16_t key_size, uint16_t digest_size, uint16_t aad_size)
+ uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+ uint16_t iv_size)
{
if (param_range_check(key_size, capability->auth.key_size))
return -1;
@@ -283,6 +284,9 @@ rte_cryptodev_sym_capability_check_auth(
if (param_range_check(aad_size, capability->auth.aad_size))
return -1;
+ if (param_range_check(iv_size, capability->auth.iv_size))
+ return -1;
+
return 0;
}
@@ -184,6 +184,8 @@ struct rte_cryptodev_symmetric_capability {
/**< digest size range */
struct rte_crypto_param_range aad_size;
/**< Additional authentication data size range */
+ struct rte_crypto_param_range iv_size;
+ /**< Initialisation vector data size range */
} auth;
/**< Symmetric Authentication transform capabilities */
struct {
@@ -260,6 +262,7 @@ rte_cryptodev_sym_capability_check_cipher(
* @param key_size Auth key size.
* @param digest_size Auth digest size.
* @param aad_size Auth aad size.
+ * @param iv_size Auth initial vector size.
*
* @return
* - Return 0 if the parameters are in range of the capability.
@@ -268,7 +271,8 @@ rte_cryptodev_sym_capability_check_cipher(
int
rte_cryptodev_sym_capability_check_auth(
const struct rte_cryptodev_symmetric_capability *capability,
- uint16_t key_size, uint16_t digest_size, uint16_t aad_size);
+ uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+ uint16_t iv_size);
/**
* Provide the cipher algorithm enum, given an algorithm string