From: Nubin Stanley <nubinstanley@gmail.com>
To: "Trahe, Fiona" <fiona.trahe@intel.com>, users@dpdk.org
Cc: martin.varghese@nokia.com
Subject: Re: [dpdk-users] AES GCM PMD Driver IV length support
Date: Fri, 9 Dec 2016 16:30:53 +0530 [thread overview]
Message-ID: <CAL53N-nONJLg7vBuVEH_gqEE-hAwPSu=D9yqo84LgEmckpoc_g@mail.gmail.com> (raw)
Hi Fiona
Thank you for the info.
And, I am adding the mailing list again. Sorry, I missed earlier.
Regards
Nubin Stanley
On Fri, Dec 9, 2016 at 3:41 PM, Trahe, Fiona <fiona.trahe@intel.com> wrote:
> I’m looking at version 16.11
>
> I think that code accepting 16 bytes padded and the 15th byte set may be
> removed in next release so only 12 bytes iv will be accepted.
>
> So keep an eye out for that patch as you’ll have to revert back.
>
> Btw- it’s better to keep these mails on the forum, with inline answers,
> cause others may have the same problem and benefit from this J
>
>
>
> *From:* Nubin Stanley [mailto:nubinstanley@gmail.com]
> *Sent:* Friday, December 9, 2016 8:22 AM
> *To:* Trahe, Fiona <fiona.trahe@intel.com>
> *Subject:* Re: [dpdk-users] AES GCM PMD Driver IV length support
>
>
>
> Hi Fiona
>
> Thanks for the quick response.
>
> It seems the DPDK version I am using is different (16.07).
>
>
>
> The sanity code in the PMD code does not accept an IV len of 12.
>
>
>
> if (op->cipher.iv.length != 16 && op->cipher.iv.length != 0) {
>
> GCM_LOG_ERR("iv");
>
> return -1;
>
> }
>
>
>
> Anyways, I have circumvented the problem by padding the IV data in my
> application and it works.
>
>
>
> * iv_pad_len = RTE_ALIGN_CEIL(entry->iv.length, 16);*
>
> * op->sym->cipher.iv.data = rte_malloc("iv", iv_pad_len, 0);*
>
> * memcpy(op->sym->cipher.iv.data, entry->iv.data, entry->iv.length);*
>
> * op->sym->cipher.iv.phys_addr =
> rte_malloc_virt2phy(op->sym->cipher.iv.data);*
>
> * op->sym->cipher.iv.length = iv_pad_len;*
>
> * op->sym->cipher.iv.data[15] = 1;*
>
>
>
> Could you please let me know the version of DPDK you are using.
>
> Thanks again for the support.
>
>
>
> Regards
>
> Nubin Stanley
>
>
>
> On Thu, Dec 8, 2016 at 4:26 PM, Trahe, Fiona <fiona.trahe@intel.com>
> wrote:
>
> Hi Nubin,
>
>
> > -----Original Message-----
> > From: users [mailto:users-bounces@dpdk.org] On Behalf Of Nubin Stanley
> > Sent: Thursday, December 8, 2016 9:21 AM
> > To: users@dpdk.org
> > Cc: martin.varghese@nokia.com
> > Subject: [dpdk-users] AES GCM PMD Driver IV length support
> >
> > Hi All
> >
> >
> >
> > I see that the only IV size supported in AES GCM driver is 16bytes. For
> > using AES-GCM-128 in IPsec, the IV length has to be 12 bytes ( 4
> (salt)
> > + 8 (iv)).
> >
> >
> > How should I handle this IPsec case with AES GCM PMD driver.
> >
> >
> >
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> >
> > {.sym = {
> >
> > .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> >
> > {.cipher = {
> >
> > .algo = RTE_CRYPTO_CIPHER_AES_GCM,
> >
> > .block_size = 16,
> >
> > .key_size = {
> >
> > .min = 16,
> >
> > .max = 16,
> >
> > .increment = 0
> >
> > },
> >
> > .iv_size = {
> >
> > .min = 16,
> >
> > .max = 16,
> >
> > .increment = 0
> >
> > }
> >
> > }, }
> >
> > }, }
> >
> >
> >
> > Regards,
> > Nubin Stanley
>
> I found the following code in the PMD to handle an iv length of 12, so
> this looks like a bug in the capability data.
> /* sanity checks */
> if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
> op->cipher.iv.length != 0) {
> GCM_LOG_ERR("iv");
> return -1;
> }
>
> /*
> * GCM working in 12B IV mode => 16B pre-counter block we need
> * to set BE LSB to 1, driver expects that 16B is allocated
> */
> if (op->cipher.iv.length == 12) {
> op->cipher.iv.data[15] = 1;
> }
>
> Have you tried passing a 12-byte iv to the driver ?
>
>
>
>
>
> --
>
> Nubin Stanley
> Electronics and Biomedical Engineering
> Batch of 2009
> Model Engineering College, Kochi
> Phone : +918147742665 <081477%2042665>
> Email : nubinstanley@gmail.com
>
--
Nubin Stanley
Electronics and Biomedical Engineering
Batch of 2009
Model Engineering College, Kochi
Phone : +918147742665
Email : nubinstanley@gmail.com
next reply other threads:[~2016-12-09 11:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-09 11:00 Nubin Stanley [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-12-08 9:20 Nubin Stanley
2016-12-08 10:56 ` Trahe, Fiona
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAL53N-nONJLg7vBuVEH_gqEE-hAwPSu=D9yqo84LgEmckpoc_g@mail.gmail.com' \
--to=nubinstanley@gmail.com \
--cc=fiona.trahe@intel.com \
--cc=martin.varghese@nokia.com \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).