From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id E2AB332A5 for ; Tue, 8 Mar 2016 17:27:57 +0100 (CET) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga103.fm.intel.com with ESMTP; 08 Mar 2016 08:23:03 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.22,557,1449561600"; d="scan'208";a="929441216" Received: from sie-lab-212-151.ir.intel.com (HELO silpixa00389525.ir.intel.com) ([10.237.212.151]) by orsmga002.jf.intel.com with ESMTP; 08 Mar 2016 08:23:03 -0800 From: John Griffin To: dev@dpdk.org Date: Tue, 8 Mar 2016 16:22:15 +0000 Message-Id: <1457454137-22315-2-git-send-email-john.griffin@intel.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1457454137-22315-1-git-send-email-john.griffin@intel.com> References: <1457454137-22315-1-git-send-email-john.griffin@intel.com> Subject: [dpdk-dev] [PATCH 1/3] qat: fix AES GCM decryption X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2016 16:27:58 -0000 AES GCM on the cryptodev API was giving invalid results in some cases, due to an incorrect IV setting. Added AES GCM in the QAT supported algorithms, as encryption/decryption is fully functional. Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices") Signed-off-by: John Griffin --- doc/guides/cryptodevs/qat.rst | 1 + doc/guides/rel_notes/release_16_04.rst | 5 +++++ drivers/crypto/qat/qat_crypto.c | 22 +++++++++++++++++++--- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index af52047..ec4d6c6 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -48,6 +48,7 @@ Cipher algorithms: * ``RTE_CRYPTO_SYM_CIPHER_AES192_CBC`` * ``RTE_CRYPTO_SYM_CIPHER_AES256_CBC`` * ``RTE_CRYPTO_SYM_CIPHER_SNOW3G_UEA2`` +* ``RTE_CRYPTO_CIPHER_AES_GCM`` Hash algorithms: diff --git a/doc/guides/rel_notes/release_16_04.rst b/doc/guides/rel_notes/release_16_04.rst index d7a264a..ee8d141 100644 --- a/doc/guides/rel_notes/release_16_04.rst +++ b/doc/guides/rel_notes/release_16_04.rst @@ -99,6 +99,11 @@ Drivers This made impossible the creation of more than one aesni_mb device from command line. +* **qat: Fixed AES GCM decryption.** + + Allowed AES GCM on the cryptodev API, but in some cases gave invalid results + due to incorrect IV setting. + Libraries ~~~~~~~~~ diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index cb16aae..48e810f 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -529,11 +529,27 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg) auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr; /* (GCM) aad length(240 max) will be at this location after precompute */ if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 || - ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) { - auth_param->u2.aad_sz = - ALIGN_POW2_ROUNDUP(ctx->cd.hash.sha.state1[ + ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) { + struct icp_qat_hw_auth_algo_blk *hash; + + if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER) + hash = (struct icp_qat_hw_auth_algo_blk *)((char *)&ctx->cd); + else + hash = (struct icp_qat_hw_auth_algo_blk *)((char *)&ctx->cd + + sizeof(struct icp_qat_hw_cipher_algo_blk)); + + auth_param->u2.aad_sz = ALIGN_POW2_ROUNDUP(hash->sha.state1[ ICP_QAT_HW_GALOIS_128_STATE1_SZ + ICP_QAT_HW_GALOIS_H_SZ + 3], 16); + if (op->sym->cipher.iv.length == 12) { + /* + * For GCM a 12 bit IV is allowed, + * but we need to inform the f/w + */ + ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET( + qat_req->comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS); + } } auth_param->hash_state_sz = (auth_param->u2.aad_sz) >> 3; -- 2.1.0