DPDK patches and discussions
 help / color / Atom feed
* [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
@ 2020-07-29 14:22 Arek Kusztal
  2020-07-29 14:36 ` Kusztal, ArkadiuszX
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Arek Kusztal @ 2020-07-29 14:22 UTC (permalink / raw)
  To: dev
  Cc: akhil.goyal, fiona.trahe, anoobj, shallyv, declan.doherty,
	roy.fan.zhang, konstantin.ananyev, Arek Kusztal

This is proposal to move AES-GMAC algorithm to AEAD set
of algorithms. It is however not 100% conformant GMAC as instead of aad pointer
data to be authenticated is passed normally and  aead.data.length field
is used to specify length of data to be authenticated.
Reason behind this move is that GMAC is variant of GCM so it may
simplify implementations that are using these algorithms (mainly IPsec).
AES-GMAC therefore needs to be removed from auth algorithms.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 15 +++++++++++----
 lib/librte_cryptodev/rte_cryptodev.c  |  4 ++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f29c980..1b43c6e 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -255,8 +255,6 @@ enum rte_crypto_auth_algorithm {
 	/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
 	RTE_CRYPTO_AUTH_AES_CMAC,
 	/**< AES CMAC algorithm. */
-	RTE_CRYPTO_AUTH_AES_GMAC,
-	/**< AES GMAC algorithm. */
 	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
 	/**< AES XCBC algorithm. */
 
@@ -414,6 +412,8 @@ enum rte_crypto_aead_algorithm {
 	/**< AES algorithm in GCM mode. */
 	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
 	/**< Chacha20 cipher with poly1305 authenticator */
+	RTE_CRYPTO_AEAD_AES_GMAC,
+	/**< AES-GCM algorithm in GMAC mode. */
 	RTE_CRYPTO_AEAD_LIST_END
 };
 
@@ -468,7 +468,7 @@ struct rte_crypto_aead_xform {
 		uint16_t length;
 		/**< Length of valid IV data.
 		 *
-		 * - For GCM mode, this is either:
+		 * - For GCM and GMAC mode, this is either:
 		 * 1) Number greater or equal to one, which means that IV
 		 *    is used and J0 will be computed internally, a minimum
 		 *    of 16 bytes must be allocated.
@@ -490,6 +490,8 @@ struct rte_crypto_aead_xform {
 	 * For CCM mode, this is the length of the actual AAD, even though
 	 * it is required to reserve 18 bytes before the AAD and padding
 	 * at the end of it, so a multiple of 16 bytes is allocated.
+	 *
+	 * For RTE_CRYPTO_AEAD_AES_GMAC this field should be set to 0.
 	 */
 };
 
@@ -584,7 +586,10 @@ struct rte_crypto_sym_op {
 				uint32_t length;
 				 /**< The message length, in bytes, of the source buffer
 				  * on which the cryptographic operation will be
-				  * computed. This must be a multiple of the block size
+				  * computed.
+				  *
+				  * For RTE_CRYPTO_AEAD_AES_GMAC this is length of data to be
+				  * authenticated.
 				  */
 			} data; /**< Data offsets and length for AEAD */
 			struct {
@@ -617,6 +622,8 @@ struct rte_crypto_sym_op {
 				 * needed for authenticated cipher mechanisms (CCM and
 				 * GCM)
 				 *
+				 * For GCM this field is unused
+				 *
 				 * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM),
 				 * the caller should setup this field as follows:
 				 *
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 1dd795b..e14fd09 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -129,7 +129,6 @@ const char *
 rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_AES_CBC_MAC]	= "aes-cbc-mac",
 	[RTE_CRYPTO_AUTH_AES_CMAC]	= "aes-cmac",
-	[RTE_CRYPTO_AUTH_AES_GMAC]	= "aes-gmac",
 	[RTE_CRYPTO_AUTH_AES_XCBC_MAC]	= "aes-xcbc-mac",
 
 	[RTE_CRYPTO_AUTH_MD5]		= "md5",
@@ -162,7 +161,8 @@ const char *
 rte_crypto_aead_algorithm_strings[] = {
 	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
-	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305"
+	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305",
+	[RTE_CRYPTO_AEAD_AES_GMAC] = "aes-gmac"
 };
 
 /**
-- 
2.1.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
  2020-07-29 14:22 [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms Arek Kusztal
@ 2020-07-29 14:36 ` Kusztal, ArkadiuszX
  2020-07-29 16:20 ` Trahe, Fiona
  2020-07-31 14:33 ` Doherty, Declan
  2 siblings, 0 replies; 5+ messages in thread
From: Kusztal, ArkadiuszX @ 2020-07-29 14:36 UTC (permalink / raw)
  To: dev
  Cc: akhil.goyal, Trahe, Fiona, anoobj, shallyv, Doherty, Declan,
	Zhang, Roy Fan, Ananyev, Konstantin

Hi All,

I would give bit more introduction to this change:
Right now AES-GMAC is auth only algorithm (previously it was cipher+auth -> GCM + GMAC),
but since it is variant of AES-GCM implementation it should probably be AEAD right now (people often wondering why at all it is auth instead of AEAD).
There are few possible implementations let me introduce two of them:
1) As in this patch GMAC is added to AEAD enum, aad_len is set to 0, aad_pointer is unused and authentication length is set in aead.data.length - this is probably the easiest one, but not totally conformant to GMAC spec.
2) Another option could be to use GCM only and add new field aad_len in rte_crypto_sym_op, so when cipher_len == 0 GMAC is used -> this would be conformant implementation but bit trickier.

Sorry if I not included someone in cc list.

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 29, 2020 4:22 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>;
> anoobj@marvell.com; shallyv@marvell.com; Doherty, Declan
> <declan.doherty@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> Ananyev, Konstantin <konstantin.ananyev@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
> 
> This is proposal to move AES-GMAC algorithm to AEAD set of algorithms. It is
> however not 100% conformant GMAC as instead of aad pointer data to be
> authenticated is passed normally and  aead.data.length field is used to
> specify length of data to be authenticated.
> Reason behind this move is that GMAC is variant of GCM so it may simplify
> implementations that are using these algorithms (mainly IPsec).
> AES-GMAC therefore needs to be removed from auth algorithms.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_sym.h | 15 +++++++++++----
> lib/librte_cryptodev/rte_cryptodev.c  |  4 ++--
>  2 files changed, 13 insertions(+), 6 deletions(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> b/lib/librte_cryptodev/rte_crypto_sym.h
> index f29c980..1b43c6e 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -255,8 +255,6 @@ enum rte_crypto_auth_algorithm {
>  	/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
>  	RTE_CRYPTO_AUTH_AES_CMAC,
>  	/**< AES CMAC algorithm. */
> -	RTE_CRYPTO_AUTH_AES_GMAC,
> -	/**< AES GMAC algorithm. */
>  	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
>  	/**< AES XCBC algorithm. */
> 
> @@ -414,6 +412,8 @@ enum rte_crypto_aead_algorithm {
>  	/**< AES algorithm in GCM mode. */
>  	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
>  	/**< Chacha20 cipher with poly1305 authenticator */
> +	RTE_CRYPTO_AEAD_AES_GMAC,
> +	/**< AES-GCM algorithm in GMAC mode. */
>  	RTE_CRYPTO_AEAD_LIST_END
>  };
> 
> @@ -468,7 +468,7 @@ struct rte_crypto_aead_xform {
>  		uint16_t length;
>  		/**< Length of valid IV data.
>  		 *
> -		 * - For GCM mode, this is either:
> +		 * - For GCM and GMAC mode, this is either:
>  		 * 1) Number greater or equal to one, which means that IV
>  		 *    is used and J0 will be computed internally, a minimum
>  		 *    of 16 bytes must be allocated.
> @@ -490,6 +490,8 @@ struct rte_crypto_aead_xform {
>  	 * For CCM mode, this is the length of the actual AAD, even though
>  	 * it is required to reserve 18 bytes before the AAD and padding
>  	 * at the end of it, so a multiple of 16 bytes is allocated.
> +	 *
> +	 * For RTE_CRYPTO_AEAD_AES_GMAC this field should be set to 0.
>  	 */
>  };
> 
> @@ -584,7 +586,10 @@ struct rte_crypto_sym_op {
>  				uint32_t length;
>  				 /**< The message length, in bytes, of the
> source buffer
>  				  * on which the cryptographic operation will
> be
> -				  * computed. This must be a multiple of the
> block size
> +				  * computed.
> +				  *
> +				  * For RTE_CRYPTO_AEAD_AES_GMAC this is
> length of data to be
> +				  * authenticated.
>  				  */
>  			} data; /**< Data offsets and length for AEAD */
>  			struct {
> @@ -617,6 +622,8 @@ struct rte_crypto_sym_op {
>  				 * needed for authenticated cipher
> mechanisms (CCM and
>  				 * GCM)
>  				 *
> +				 * For GCM this field is unused
> +				 *
>  				 * Specifically for CCM (@ref
> RTE_CRYPTO_AEAD_AES_CCM),
>  				 * the caller should setup this field as follows:
>  				 *
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c
> b/lib/librte_cryptodev/rte_cryptodev.c
> index 1dd795b..e14fd09 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -129,7 +129,6 @@ const char *
>  rte_crypto_auth_algorithm_strings[] = {
>  	[RTE_CRYPTO_AUTH_AES_CBC_MAC]	= "aes-cbc-mac",
>  	[RTE_CRYPTO_AUTH_AES_CMAC]	= "aes-cmac",
> -	[RTE_CRYPTO_AUTH_AES_GMAC]	= "aes-gmac",
>  	[RTE_CRYPTO_AUTH_AES_XCBC_MAC]	= "aes-xcbc-mac",
> 
>  	[RTE_CRYPTO_AUTH_MD5]		= "md5",
> @@ -162,7 +161,8 @@ const char *
>  rte_crypto_aead_algorithm_strings[] = {
>  	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
>  	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
> -	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305"
> +	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305",
> +	[RTE_CRYPTO_AEAD_AES_GMAC] = "aes-gmac"
>  };
> 
>  /**
> --
> 2.1.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
  2020-07-29 14:22 [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms Arek Kusztal
  2020-07-29 14:36 ` Kusztal, ArkadiuszX
@ 2020-07-29 16:20 ` Trahe, Fiona
  2020-07-31 14:33 ` Doherty, Declan
  2 siblings, 0 replies; 5+ messages in thread
From: Trahe, Fiona @ 2020-07-29 16:20 UTC (permalink / raw)
  To: Kusztal, ArkadiuszX, dev
  Cc: akhil.goyal, anoobj, shallyv, Doherty, Declan, Zhang, Roy Fan,
	Ananyev, Konstantin, Trahe, Fiona

Hi Arek, 
Small typo below.

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 29, 2020 3:22 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; anoobj@marvell.com;
> shallyv@marvell.com; Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
> 
> This is proposal to move AES-GMAC algorithm to AEAD set
> of algorithms. It is however not 100% conformant GMAC as instead of aad pointer
> data to be authenticated is passed normally and  aead.data.length field
> is used to specify length of data to be authenticated.
> Reason behind this move is that GMAC is variant of GCM so it may
> simplify implementations that are using these algorithms (mainly IPsec).
> AES-GMAC therefore needs to be removed from auth algorithms.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_sym.h | 15 +++++++++++----
>  lib/librte_cryptodev/rte_cryptodev.c  |  4 ++--
>  2 files changed, 13 insertions(+), 6 deletions(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
> index f29c980..1b43c6e 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -255,8 +255,6 @@ enum rte_crypto_auth_algorithm {
>  	/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
>  	RTE_CRYPTO_AUTH_AES_CMAC,
>  	/**< AES CMAC algorithm. */
> -	RTE_CRYPTO_AUTH_AES_GMAC,
> -	/**< AES GMAC algorithm. */
>  	RTE_CRYPTO_AUTH_AES_XCBC_MAC,
>  	/**< AES XCBC algorithm. */
> 
> @@ -414,6 +412,8 @@ enum rte_crypto_aead_algorithm {
>  	/**< AES algorithm in GCM mode. */
>  	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
>  	/**< Chacha20 cipher with poly1305 authenticator */
> +	RTE_CRYPTO_AEAD_AES_GMAC,
> +	/**< AES-GCM algorithm in GMAC mode. */
>  	RTE_CRYPTO_AEAD_LIST_END
>  };
> 
> @@ -468,7 +468,7 @@ struct rte_crypto_aead_xform {
>  		uint16_t length;
>  		/**< Length of valid IV data.
>  		 *
> -		 * - For GCM mode, this is either:
> +		 * - For GCM and GMAC mode, this is either:
>  		 * 1) Number greater or equal to one, which means that IV
>  		 *    is used and J0 will be computed internally, a minimum
>  		 *    of 16 bytes must be allocated.
> @@ -490,6 +490,8 @@ struct rte_crypto_aead_xform {
>  	 * For CCM mode, this is the length of the actual AAD, even though
>  	 * it is required to reserve 18 bytes before the AAD and padding
>  	 * at the end of it, so a multiple of 16 bytes is allocated.
> +	 *
> +	 * For RTE_CRYPTO_AEAD_AES_GMAC this field should be set to 0.
>  	 */
>  };
> 
> @@ -584,7 +586,10 @@ struct rte_crypto_sym_op {
>  				uint32_t length;
>  				 /**< The message length, in bytes, of the source buffer
>  				  * on which the cryptographic operation will be
> -				  * computed. This must be a multiple of the block size
> +				  * computed.
> +				  *
> +				  * For RTE_CRYPTO_AEAD_AES_GMAC this is length of data to be
> +				  * authenticated.
>  				  */
>  			} data; /**< Data offsets and length for AEAD */
>  			struct {
> @@ -617,6 +622,8 @@ struct rte_crypto_sym_op {
>  				 * needed for authenticated cipher mechanisms (CCM and
>  				 * GCM)
>  				 *
> +				 * For GCM this field is unused
[Fiona] typo GCM->GMAC 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
  2020-07-29 14:22 [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms Arek Kusztal
  2020-07-29 14:36 ` Kusztal, ArkadiuszX
  2020-07-29 16:20 ` Trahe, Fiona
@ 2020-07-31 14:33 ` Doherty, Declan
  2020-08-05  4:27   ` Kusztal, ArkadiuszX
  2 siblings, 1 reply; 5+ messages in thread
From: Doherty, Declan @ 2020-07-31 14:33 UTC (permalink / raw)
  To: Arek Kusztal, dev
  Cc: akhil.goyal, fiona.trahe, anoobj, shallyv, roy.fan.zhang,
	konstantin.ananyev

On 29/07/2020 3:22 PM, Arek Kusztal wrote:
> This is proposal to move AES-GMAC algorithm to AEAD set
> of algorithms. It is however not 100% conformant GMAC as instead of aad pointer
> data to be authenticated is passed normally and  aead.data.length field
> is used to specify length of data to be authenticated.
> Reason behind this move is that GMAC is variant of GCM so it may
> simplify implementations that are using these algorithms (mainly IPsec).
> AES-GMAC therefore needs to be removed from auth algorithms.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
..
> 

I think  this makes sense in light of how AES-GMAC support is specified 
in the IPsec GMAC rfc (https://tools.ietf.org/html/rfc4543)

Acked-by: Declan Doherty <declan.doherty@intel.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms
  2020-07-31 14:33 ` Doherty, Declan
@ 2020-08-05  4:27   ` Kusztal, ArkadiuszX
  0 siblings, 0 replies; 5+ messages in thread
From: Kusztal, ArkadiuszX @ 2020-08-05  4:27 UTC (permalink / raw)
  To: Doherty, Declan, dev, akhil.goyal
  Cc: Trahe, Fiona, anoobj, shallyv, Zhang, Roy Fan, Ananyev, Konstantin

Hi Akhil,

@Akhil: Is there a chance getting this change into 20.11?

Any more comments or anyone see any potential issues with this approach?

Regards,
Arek

-----Original Message-----
From: Doherty, Declan <declan.doherty@intel.com> 
Sent: piątek, 31 lipca 2020 16:34
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; anoobj@marvell.com; shallyv@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>
Subject: Re: [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms

On 29/07/2020 3:22 PM, Arek Kusztal wrote:
> This is proposal to move AES-GMAC algorithm to AEAD set of algorithms. 
> It is however not 100% conformant GMAC as instead of aad pointer data 
> to be authenticated is passed normally and  aead.data.length field is 
> used to specify length of data to be authenticated.
> Reason behind this move is that GMAC is variant of GCM so it may 
> simplify implementations that are using these algorithms (mainly IPsec).
> AES-GMAC therefore needs to be removed from auth algorithms.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
..
> 

I think  this makes sense in light of how AES-GMAC support is specified in the IPsec GMAC rfc (https://tools.ietf.org/html/rfc4543)

Acked-by: Declan Doherty <declan.doherty@intel.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-29 14:22 [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms Arek Kusztal
2020-07-29 14:36 ` Kusztal, ArkadiuszX
2020-07-29 16:20 ` Trahe, Fiona
2020-07-31 14:33 ` Doherty, Declan
2020-08-05  4:27   ` Kusztal, ArkadiuszX

DPDK patches and discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox