From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 32310A052B; Wed, 29 Jul 2020 16:36:35 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1B4EEE07; Wed, 29 Jul 2020 16:36:35 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id EFEB32AB for ; Wed, 29 Jul 2020 16:36:32 +0200 (CEST) IronPort-SDR: /H4DyRY0lIfub6XfrWyvQ7ynB9MSupojH7jNyWHlyk5AK44F5q4I54drYcGbVAqVW6pG1v50TX rop/7jzIei2Q== X-IronPort-AV: E=McAfee;i="6000,8403,9696"; a="139436729" X-IronPort-AV: E=Sophos;i="5.75,410,1589266800"; d="scan'208";a="139436729" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jul 2020 07:36:31 -0700 IronPort-SDR: FevQYU/uZ2+ysiIkWk02V9WoqNwRbmYo2fY/QeLxFD3+LcTfauU3Ed0ifMS+6mU28KVbZsLNZI 9bEX/TOFhu7A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,410,1589266800"; d="scan'208";a="290549598" Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132]) by orsmga006.jf.intel.com with ESMTP; 29 Jul 2020 07:36:31 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 29 Jul 2020 07:36:31 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.108) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 29 Jul 2020 07:36:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X6YjRYNsvqkab3m9CX7iN6RvGvf7mvwbFBS2AuQ04Po/zjTpvqgIkrqe/MqZSPgh70/ceUL89+X2JQ2e0GI5AxGtAckvJ0qBrOsPMofTY7ZRCTWInxBGWfAYlYYtzUYNMNDtomvxNAKyejMIm3MxKWcEwFcwTEAsatzTYUocFDIZ7Im0YB0Qvs92fid6RMm48OfReq9GOqDzZaO/C+M3c1DRC3W4dOe6Cd4vTC+5nFjS5zE2eCd9kEnG/jjtm6WO6iUmbgQLTk7PC7j4liXQa3NT7HOXJGB/cS7PCm4CpngUdIgwQovYfKPJFPqnxvXRWHNP+dBS01kr1S5Eqfvjjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m1wmjFLbGQhvZCs7MStKCw9bD8C/SToDpPNwTBZRvdk=; b=ZxT8+EZT2Q+l+XclzlhllDEehYKbIhgMZmIa/+NP92RHHrwGtG1jC0eiHwGYioWsd207FyNAslb4UkuB1AnHJmBF1xpznUr3pC4ECFRm5d3dbnHSUh317qU8dDx8ohPVIPhYUxNNVV8xkjdASPB7BjQpcPTpJPh3sWbsMI3Hr/wl8s6QO9smKgeCDK8uPIid9viaetAGVcc0UnDmBpvJUb7dW1z7GwJI5ZrwN8TsmGIaBQuoapFSVJtiklJi+z5iKJcQwdx7B3LvJdFttDbOO/zSitB4QvQoxJwi4VeIeq6GV1w8BxeMmU9mY+luFRsB+C1j2mYzT4c5FGmbnEORWA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m1wmjFLbGQhvZCs7MStKCw9bD8C/SToDpPNwTBZRvdk=; b=jEChIjFObmYopjSzGXVF728NuDHZx/Yiw/OfPIPltkjHtZ3oY+A7/U/+eM36XPxOyND07eLcBy8Xd1dVUmE0YzQ9IdZ89TVYbCUFxrjT0X97QFXUG8k+czE/RBGhJgm7BUAbQ4A3KP6+CvRKdM8rFf+10AtUMhJ09QImPCKokEY= Received: from CY4PR11MB1830.namprd11.prod.outlook.com (2603:10b6:903:125::21) by CY4PR11MB2039.namprd11.prod.outlook.com (2603:10b6:903:22::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.16; Wed, 29 Jul 2020 14:36:29 +0000 Received: from CY4PR11MB1830.namprd11.prod.outlook.com ([fe80::a836:3b83:3127:fe78]) by CY4PR11MB1830.namprd11.prod.outlook.com ([fe80::a836:3b83:3127:fe78%11]) with mapi id 15.20.3216.034; Wed, 29 Jul 2020 14:36:29 +0000 From: "Kusztal, ArkadiuszX" To: "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , "Trahe, Fiona" , "anoobj@marvell.com" , "shallyv@marvell.com" , "Doherty, Declan" , "Zhang, Roy Fan" , "Ananyev, Konstantin" Thread-Topic: [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms Thread-Index: AQHWZbPIeG55tpbpFkijdY5vSwhtAqkenM+Q Date: Wed, 29 Jul 2020 14:36:29 +0000 Message-ID: References: <20200729142219.13376-1-arkadiuszx.kusztal@intel.com> In-Reply-To: <20200729142219.13376-1-arkadiuszx.kusztal@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjM4YTEyMGUtMmIwYy00YzM3LTljMDctMzU5ZWZjYmM0ZGJjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoic0hENmFVZzJkaUZxUHkyRWxQWXBcL2R0cjBKSEtVWVZ0NDFGOHhoUWtnVlVabW9weUJiY0pMVGhzTEc3RmRCMW0ifQ== authentication-results: dpdk.org; dkim=none (message not signed) header.d=none;dpdk.org; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.151.36] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7579cf15-4c6f-4f4c-a618-08d833ccc7e3 x-ms-traffictypediagnostic: CY4PR11MB2039: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0YtT3RSYhng/EFkwy+Q67LDoP00uBfDUayq0gi8efWiR6I3IIWV3uL2eRDGCkq95x4sCTzCl9waReWKxA/mTEj1JOTj8KUOtj0H/AxNwkeZZ3kIm5zYtYpw7wKQrnig+sGucIv0y+QIPcXXCtFZ+r16OSP+U7B/JHCKIsi1OH34k+H5m7tylcwd2bcr0pYIGbE6rLb563ynT1yxj3/dvtCQTQ4fa1nqlGrabqLndtjEXC+AoXIxW60iZlPkDjFGx0zgmZ9pYK7QUnghFhJP6XwR80iPUUmhcPk/fF6OKVT/N4lMdiyrTq6YM/vUPSPi4SAtg9ZzX+31n3m+42VPibg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR11MB1830.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(396003)(376002)(366004)(39860400002)(107886003)(64756008)(4326008)(316002)(52536014)(6916009)(86362001)(9686003)(71200400001)(66556008)(8936002)(55016002)(2906002)(66446008)(478600001)(54906003)(7696005)(186003)(26005)(83380400001)(5660300002)(8676002)(53546011)(6506007)(33656002)(66476007)(66946007)(76116006); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: 62U6XnhSb+rmvnz0FyWAArYm1NtnBDsnxKVLFmDbV9KwKGgP30+1UNwRVVuxsHTw/8DeMHKsO3PVEPDofiz37GorA/FYwzoGhmcHndJ3V4epAsiX9pOn07GdRWrrgwIjhlKtLUxnuYJSPnpPeDH7LUtVTFmDhHZZLBbpdEHdNT9lMaZIcaP0dJSbx20kWc3B9agYRVtzPxbXPy/lA5mMJly3Hoo3XQirdZQQDxFwF3qCaZgHen213zHvhKsr+azJlG6fZqtOdH8kakk+kzGcN/JgU0Qh/WSAPjb6Uo+4NQ3KlyWFWqvAE3jiV8tHcLH668tzCE+Dsx/S+JJ5U6zCH2cHHJN5hqj/6IkjyAEHBB6anr+JSX2axVZt1NBeLmW+pu74Qt7d5JjczGoYhw4e1M+BAXuitePSMDYyDkcfrb7VZq12puVLwG4/n3lwfy7o6PB6YBSA364WbfJLWyodDI3KB9DGjvkQB9b4SC8lLn3Fos6H9PGXAYLiC11S03Z6lpcTkIMRfO4uR7GUdFP0X+uplAKUtRPUp89cbPtKM51WXSUknUg0wS9Ha/GqzGrGxTOwV+AhfftSZ6g3wH6ENc1aNUbNC9e+Lq6VM/M3ZOONeAQg21qSqn8qg/ZcLftScPc874njkVFqITSX3LnlOg== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1830.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7579cf15-4c6f-4f4c-a618-08d833ccc7e3 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2020 14:36:29.1026 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pkSu7MhGcRKGw1Fv+G0fwu/JVUzmhli7cuhJ78eVkVPYGqx0N2Vo13//Xa3UNnGhZuR3bRpyOpBQVyKg/HEcYMy1gQWmP8ItULeenCtrtVs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB2039 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi All, I would give bit more introduction to this change: Right now AES-GMAC is auth only algorithm (previously it was cipher+auth ->= GCM + GMAC), but since it is variant of AES-GCM implementation it should probably be AEA= D right now (people often wondering why at all it is auth instead of AEAD). There are few possible implementations let me introduce two of them: 1) As in this patch GMAC is added to AEAD enum, aad_len is set to 0, aad_po= inter is unused and authentication length is set in aead.data.length - this= is probably the easiest one, but not totally conformant to GMAC spec. 2) Another option could be to use GCM only and add new field aad_len in rte= _crypto_sym_op, so when cipher_len =3D=3D 0 GMAC is used -> this would be c= onformant implementation but bit trickier. Sorry if I not included someone in cc list. > -----Original Message----- > From: Kusztal, ArkadiuszX > Sent: Wednesday, July 29, 2020 4:22 PM > To: dev@dpdk.org > Cc: akhil.goyal@nxp.com; Trahe, Fiona ; > anoobj@marvell.com; shallyv@marvell.com; Doherty, Declan > ; Zhang, Roy Fan ; > Ananyev, Konstantin ; Kusztal, ArkadiuszX > > Subject: [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms >=20 > This is proposal to move AES-GMAC algorithm to AEAD set of algorithms. It= is > however not 100% conformant GMAC as instead of aad pointer data to be > authenticated is passed normally and aead.data.length field is used to > specify length of data to be authenticated. > Reason behind this move is that GMAC is variant of GCM so it may simplify > implementations that are using these algorithms (mainly IPsec). > AES-GMAC therefore needs to be removed from auth algorithms. >=20 > Signed-off-by: Arek Kusztal > --- > lib/librte_cryptodev/rte_crypto_sym.h | 15 +++++++++++---- > lib/librte_cryptodev/rte_cryptodev.c | 4 ++-- > 2 files changed, 13 insertions(+), 6 deletions(-) >=20 > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > b/lib/librte_cryptodev/rte_crypto_sym.h > index f29c980..1b43c6e 100644 > --- a/lib/librte_cryptodev/rte_crypto_sym.h > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > @@ -255,8 +255,6 @@ enum rte_crypto_auth_algorithm { > /**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */ > RTE_CRYPTO_AUTH_AES_CMAC, > /**< AES CMAC algorithm. */ > - RTE_CRYPTO_AUTH_AES_GMAC, > - /**< AES GMAC algorithm. */ > RTE_CRYPTO_AUTH_AES_XCBC_MAC, > /**< AES XCBC algorithm. */ >=20 > @@ -414,6 +412,8 @@ enum rte_crypto_aead_algorithm { > /**< AES algorithm in GCM mode. */ > RTE_CRYPTO_AEAD_CHACHA20_POLY1305, > /**< Chacha20 cipher with poly1305 authenticator */ > + RTE_CRYPTO_AEAD_AES_GMAC, > + /**< AES-GCM algorithm in GMAC mode. */ > RTE_CRYPTO_AEAD_LIST_END > }; >=20 > @@ -468,7 +468,7 @@ struct rte_crypto_aead_xform { > uint16_t length; > /**< Length of valid IV data. > * > - * - For GCM mode, this is either: > + * - For GCM and GMAC mode, this is either: > * 1) Number greater or equal to one, which means that IV > * is used and J0 will be computed internally, a minimum > * of 16 bytes must be allocated. > @@ -490,6 +490,8 @@ struct rte_crypto_aead_xform { > * For CCM mode, this is the length of the actual AAD, even though > * it is required to reserve 18 bytes before the AAD and padding > * at the end of it, so a multiple of 16 bytes is allocated. > + * > + * For RTE_CRYPTO_AEAD_AES_GMAC this field should be set to 0. > */ > }; >=20 > @@ -584,7 +586,10 @@ struct rte_crypto_sym_op { > uint32_t length; > /**< The message length, in bytes, of the > source buffer > * on which the cryptographic operation will > be > - * computed. This must be a multiple of the > block size > + * computed. > + * > + * For RTE_CRYPTO_AEAD_AES_GMAC this is > length of data to be > + * authenticated. > */ > } data; /**< Data offsets and length for AEAD */ > struct { > @@ -617,6 +622,8 @@ struct rte_crypto_sym_op { > * needed for authenticated cipher > mechanisms (CCM and > * GCM) > * > + * For GCM this field is unused > + * > * Specifically for CCM (@ref > RTE_CRYPTO_AEAD_AES_CCM), > * the caller should setup this field as follows: > * > diff --git a/lib/librte_cryptodev/rte_cryptodev.c > b/lib/librte_cryptodev/rte_cryptodev.c > index 1dd795b..e14fd09 100644 > --- a/lib/librte_cryptodev/rte_cryptodev.c > +++ b/lib/librte_cryptodev/rte_cryptodev.c > @@ -129,7 +129,6 @@ const char * > rte_crypto_auth_algorithm_strings[] =3D { > [RTE_CRYPTO_AUTH_AES_CBC_MAC] =3D "aes-cbc-mac", > [RTE_CRYPTO_AUTH_AES_CMAC] =3D "aes-cmac", > - [RTE_CRYPTO_AUTH_AES_GMAC] =3D "aes-gmac", > [RTE_CRYPTO_AUTH_AES_XCBC_MAC] =3D "aes-xcbc-mac", >=20 > [RTE_CRYPTO_AUTH_MD5] =3D "md5", > @@ -162,7 +161,8 @@ const char * > rte_crypto_aead_algorithm_strings[] =3D { > [RTE_CRYPTO_AEAD_AES_CCM] =3D "aes-ccm", > [RTE_CRYPTO_AEAD_AES_GCM] =3D "aes-gcm", > - [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] =3D "chacha20-poly1305" > + [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] =3D "chacha20-poly1305", > + [RTE_CRYPTO_AEAD_AES_GMAC] =3D "aes-gmac" > }; >=20 > /** > -- > 2.1.0