DPDK usage discussions
 help / color / Atom feed
From: Naveen Kumar <Naveen.Kumar@commagility.com>
To: "Dybkowski, AdamX" <adamx.dybkowski@intel.com>,
	"users@dpdk.org" <users@dpdk.org>
Cc: "Trahe, Fiona" <fiona.trahe@intel.com>
Subject: Re: [dpdk-users] AES "Digest-encrypted" crypto chain case.
Date: Thu, 17 Oct 2019 15:30:13 +0000
Message-ID: <683218edf0b342c8a94486d84c29b16e@de-mta1.commagility.com> (raw)
In-Reply-To: <9836169a72be40328d96c3c08e78ad3d@de-mta1.commagility.com>

Hi Adam,
I configured the lengths as mentioned in comment you pointed and verified it carefully.
Is the test suite with digest-encrypted combination you tested available in public?
Can you share the QAT device information (hardware, firmware versions etc) you used?

Note:
I have done some experiments to conclude the overwriting issue:
     Configured “auth_xform->auth.digest_length = 4” and expecting 4 bytes of CMAC. Digest data location is configured immediately after data.
     Just for experiment purpose, I increased the length by 4 bytes more than the actual data length to be ciphered (on top of data_length + digest_length).
    The sample result is as below, where “raw” digest overwritten on the highlighted location. (It also confirms my data length configuration is intact)

00000090: 00 00 00 00 00 00 00 00 87 4D 61 91 B6 20 E3 26 | .........Ma.. .&
000000A0: 1B EF 68 64 99 0D B6 CE 98 06 F6 6B 79 70 FD FF | ..hd.......kyp..
000000B0: 86 17 18 7B B9 FF FD FF 5A E4 DF 3E DB D5 D3 5E | ...{....Z..>...^
000000C0: 5B 4F 09 02 0D B0 3E AB 1E 03 1D DA 2F BE 03 D1 | [O....>...../...
000000D0: 79 21 70 A0 F3 00 9C EE "E8 1E 96 D6" 14 8A 91 0E | y!p.............

Regards,
Naveen

--
Naveen Kumar
Senior Engineer

CommAgility is a http://wirelesstelecomgroup.com/ company
T: +49 (0)203 306 4537 | http://www.commagility.com
Registered in England, Company No. 05914025. VAT No. DE299686390
CommAgility is an ISO 9001:2015-certified company
This email is confidential, for recipient’s use only.

--
Naveen Kumar
Senior Engineer

CommAgility is a Wireless Telecom Group company
T: +49 (0)203 306 4537 | www.commagility.com
Registered in England, Company No. 05914025. VAT No. DE299686390
CommAgility is an ISO 9001:2015-certified company
This email is confidential, for recipient’s use only.
From: Dybkowski, AdamX <mailto:adamx.dybkowski@intel.com>
Sent: Wednesday, October 16, 2019 2:49 PM
To: mailto:users@dpdk.org; Naveen Kumar <mailto:Naveen.Kumar@commagility.com>
Cc: Trahe, Fiona <mailto:fiona.trahe@intel.com>
Subject: Re: [dpdk-users] AES "Digest-encrypted" crypto chain case.

Hi Naveen.

Regarding your message sent to dpdk-users mailing list:
https://mails.dpdk.org/archives/users/2019-September/004382.html

We’ve tested here at Intel the digest-encrypted combination you wrote about, with auth.algo = AES-CMAC and cipher.algo = AES-CTR, and it seems everything works fine.
Do you set the length fields properly when creating the operation? According to the header file rte_crypto_sym.h, in the structure rte_crypto_sym_op, the field cipher.data.length should be written in bits for the SNOW 3G, KASUMI and ZUC ciphers, and in bytes for other.

Have a look what the header file says:

uint32_t length;
/**< The message length, in bytes, of the
  * source buffer on which the cryptographic
  * operation will be computed.
  * This must be a multiple of the block size
  * if a block cipher is being used. This is
  * also the same as the result length.
  *
  * @note
  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
  * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
  * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
  * this field should be in bits.
  */

This also gets built into the documentation available here:
https://doc.dpdk.org/api-19.08/structrte__crypto__sym__op.html#aebb70c2aab3407a9f05334c47131a43b

Maybe that’s why SNOW3G and ZUC were working for you, while AES-CTR did not?
The same applies to the offset field and to digest.data.offset and digest.data.length fields.

Please verify in your code how you set these all offset and length fields and check if you write the number of bits or the number of bytes in them.

Adam

  parent reply index

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-16 12:48 Dybkowski, AdamX
     [not found] ` <9836169a72be40328d96c3c08e78ad3d@de-mta1.commagility.com>
2019-10-17 15:30   ` Naveen Kumar [this message]
2019-10-18 13:19     ` Dybkowski, AdamX
2019-11-05 11:17       ` Naveen Kumar
  -- strict thread matches above, loose matches on Subject: below --
2019-09-09  9:15 Naveen Kumar
2019-09-09 14:08 ` Trahe, Fiona
2019-09-09 14:27   ` Naveen Kumar

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=683218edf0b342c8a94486d84c29b16e@de-mta1.commagility.com \
    --to=naveen.kumar@commagility.com \
    --cc=adamx.dybkowski@intel.com \
    --cc=fiona.trahe@intel.com \
    --cc=users@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK usage discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/users/0 users/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 users users/ http://inbox.dpdk.org/users \
		users@dpdk.org
	public-inbox-index users


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.users


AGPL code for this site: git clone https://public-inbox.org/ public-inbox