crypto/aesni_mb: modify chain order for AES-CCM
Checks
Commit Message
Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.
Therefore, order is changed to be compatible with newer versions
of the library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
Comments
>
> Up to version 0.52 of the IPSec Multi buffer library,
> the chain order for AES-CCM was CIPHER_HASH when encrypting.
> However, after this version, the order has been reversed in the library
> since, when encrypting, hashing is done first and then ciphering.
>
> Therefore, order is changed to be compatible with newer versions
> of the library.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
Applied to dpdk-next-crypto
Thanks.
@@ -84,7 +84,25 @@ aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
return AESNI_MB_OP_HASH_CIPHER;
}
-
+#if IMB_VERSION_NUM > IMB_VERSION(0, 52, 0)
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+ /*
+ * CCM requires to hash first and cipher later
+ * when encrypting
+ */
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM)
+ return AESNI_MB_OP_AEAD_HASH_CIPHER;
+ else
+ return AESNI_MB_OP_AEAD_CIPHER_HASH;
+ } else {
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM)
+ return AESNI_MB_OP_AEAD_CIPHER_HASH;
+ else
+ return AESNI_MB_OP_AEAD_HASH_CIPHER;
+ }
+ }
+#else
if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM ||
xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
@@ -94,6 +112,7 @@ aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
return AESNI_MB_OP_AEAD_HASH_CIPHER;
}
}
+#endif
return AESNI_MB_OP_NOT_SUPPORTED;
}