From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B129BA04A2; Wed, 6 Nov 2019 00:00:54 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 959401BF95; Wed, 6 Nov 2019 00:00:54 +0100 (CET) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50040.outbound.protection.outlook.com [40.107.5.40]) by dpdk.org (Postfix) with ESMTP id A7F3E1BF8E; Wed, 6 Nov 2019 00:00:51 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U37GWtbXjcb0IT0QXNxfiArpyGpISd5cgSJwUwrgyVSJcfmswUAiT8JUlriORELwPvAuxPawdwJs20EVnbtzekyD6ZN6om/sSXMKM0nPObWIS/ySOIYSmvuHRtb4gZutnU6mzuEsZDXt4qmq9FGkJ59IHGGRTnVwNjRqDze56i0r0eAQFVdtW0qicJO00X6BqkskOTYq5+oASgM0xKeb/VkNXMYIX3/ew+Pqyz99V9oBmhVdIwgwxMO8BScyoYOpah9ktsFZwynocxLNPdaqe0TpmNSXrGQl7igPiJOS2TcFaTfZf8tQo1nxd+Dl+ASFTXsj7DC7HLpKytXN8lLjxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ywe343uaM45t4iVjW/b8QuHJLtADjCzeoUzduCfFtMw=; b=lnnI6BTg//NoQh6Y9z5kv7FSc3TmFsYN8LqOfcQ/eQqphZJDrZgu4O0EJJ8DwMpSqsN31OIFHHKrmJAPki6+D4KMMRdAelk+jSCTpTxzXGFXsz2sBOfbUagTHLm3zZdh2fhxTrKatAXU7IogNvHCDjsXN7nxh3cExwRfN0Epf4bcLCg8Wmbp7fnzo7k3//8hGM5o1os47u50B2Ij3zhpqJPt6dR0o3xHcoL+lYzKUPRPSdgL75mpgpPTE5t5+icJ2tDDHvuZuJu6jPlP5cgyi+XIxIG5JmjQU+Nlc1YNt8M/MokzPM3IoKkeZ6djhAlgMWnXVjCUx77hOPHHxNHojg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ywe343uaM45t4iVjW/b8QuHJLtADjCzeoUzduCfFtMw=; b=BEnC3i0rdbHyFZu4FI5KGiVsnV77j844a5eOMibPGDlGHfgjdbqSrdmtz4BKD9tRaDZY80nLMIZPR7U32VbOei8IE+pETrgGv4fDYnLvN4flq+z9/OrVCRFxg1p+32jf4+Xu3Zdx1e+RLVUR7lwoJk8Sp4DAiWS8dXuUL4JBHwg= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6720.eurprd04.prod.outlook.com (20.179.234.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 23:00:51 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561%6]) with mapi id 15.20.2408.024; Tue, 5 Nov 2019 23:00:51 +0000 From: Akhil Goyal To: Marcin Smoczynski , "konstantin.ananyev@intel.com" , "pablo.de.lara.guarch@intel.com" CC: "dev@dpdk.org" , "stable@dpdk.org" , "fiona.trahe@intel.com" Thread-Topic: [PATCH] examples/ipsec-secgw: fix gcm iv length Thread-Index: AQHVj/SJ1vFzg3jV0EqYSx93noZzb6d9OZkw Date: Tue, 5 Nov 2019 23:00:50 +0000 Message-ID: References: <20191031140445.4564-1-marcinx.smoczynski@intel.com> In-Reply-To: <20191031140445.4564-1-marcinx.smoczynski@intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [223.190.56.205] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 69326ffc-d68d-4eaf-16a4-08d7624400fe x-ms-traffictypediagnostic: VE1PR04MB6720: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0212BDE3BE x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(39860400002)(376002)(136003)(366004)(199004)(189003)(5660300002)(4326008)(52536014)(9686003)(81156014)(33656002)(446003)(6116002)(3846002)(486006)(476003)(11346002)(966005)(66066001)(186003)(74316002)(54906003)(2906002)(2501003)(14454004)(110136005)(7736002)(305945005)(478600001)(316002)(6246003)(45080400002)(14444005)(66476007)(86362001)(71200400001)(71190400001)(99286004)(26005)(76176011)(229853002)(2201001)(102836004)(64756008)(66446008)(8676002)(76116006)(25786009)(44832011)(66946007)(8936002)(66556008)(81166006)(55016002)(7696005)(6306002)(256004)(6436002)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6720; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 3bd9CAPzgFX4cZO1kG1SmRns34Q0nymphApx/O2QB9AGPJz8NSjmGB+4KcTNhZZq+dg0HKwnwuQxmwgnDDbIyeJt7xa8lDSfWjr6ZaYSdN103s3n4NkW0VP10nfrjwkSN3MTAZSLy2V6dTZv8+7fKj59eqolVk2bWbqDV7t4AfJ1b5CSVZHCsoo7elhqN4xgQwEZ3vd2MscD7bgDniOBlZVoydrsltwUcFIks8MekAzOhWqTF2bzoqBGBa11uWMVvKtC2QY5ZJZikwMTjKWzwifVS9pnbniLK4E6ebN+jKNU8X4EkO7FEuAUbaYwoK3n5+unnsChy9pxau7RmRtYCCRcagC8oiMT0GZiZ0CRXebNlRAX+rDV8sm+n4DqJqrH/syCrcQsesjWGwT03WBqWNIJFauULdlcg0+Pr1sy3SPciWIOBrgnKc2V4a44Di+15kcBGKIF0JK1Dmh+YxqFaEkwvXYUdZ9xRAnQzJLuM1E= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 69326ffc-d68d-4eaf-16a4-08d7624400fe X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2019 23:00:50.9145 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Il/TzuyAnocWbL4yL4SUX9H9o77YKJHZEKD9eNP8HOIFgk3wfoMmngFxJXCwilm40JnFWIc3jmuoe2vEy84PDQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6720 Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix gcm iv length X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > The example IPsec application does not work properly when using > AES-GCM with crypto_openssl. >=20 > ESP with AES-GCM uses standard 96bit long algorithm IV ([1]) which > later concatenated with be32(1) forms a J0 block. GCM specification > ([2], chapter 7.1) states that when length of IV is different than > 96b, in order to format a J0 block, GHASH function must be used. >=20 > According to specification ([2], chapter 5.1.1) GCM implementations > should support standard 96bit IVs, other lengths are optional. Every > DPDK cryptodev supports 96bit IV and few of them supports 128bit > IV as well (openssl, mrvl, ccp). When passing iv::length=3D16 to a > cryptodev which does support standard IVs only (e.g. qat) it > implicitly uses starting 96 bits. On the other hand, openssl follows > specification and uses GHASH to compute J0 for that case which results > in different than expected J0 values used for encryption/decryption. >=20 > Fix an inability to use AES-GCM with crypto_openssl by changing IV > length to the standard value of 12. >=20 > [1] RFC4106, section "4. Nonce format" and "3.1. Initialization Vector" >=20 > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Ftools= .ietf > .org%2Fhtml%2Frfc4106&data=3D02%7C01%7Cakhil.goyal%40nxp.com%7Cd > 24096cff31845d1619e08d75e0babaa%7C686ea1d3bc2b4c6fa92cd99c5c301635 > %7C0%7C0%7C637081276526121698&sdata=3DDInvN3miogcG9WqkuRlUQ% > 2BzuqMRs2P63CJA%2BojPx6vU%3D&reserved=3D0 > [2] NIST SP800-38D >=20 > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fcsrc.= nist. > gov%2Fpublications%2Fdetail%2Fsp%2F800- > 38d%2Ffinal&data=3D02%7C01%7Cakhil.goyal%40nxp.com%7Cd24096cff318 > 45d1619e08d75e0babaa%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > 7C637081276526121698&sdata=3DEU6tJ9qvzpzh1b8j%2BsPjc18E3CUrXkSZ7c > O6xvOmv1U%3D&reserved=3D0 >=20 > Fixes: 0fbd75a99f ("cryptodev: move IV parameters to session") > Cc: stable@dpdk.org >=20 > Signed-off-by: Marcin Smoczynski > --- Acked-by: Akhil Goyal Applied to dpdk-next-crypto Thanks.