From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 2EFE91B6EF for ; Wed, 17 Apr 2019 17:38:36 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Apr 2019 08:38:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,362,1549958400"; d="scan'208";a="136603707" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga006.jf.intel.com with ESMTP; 17 Apr 2019 08:38:34 -0700 Received: from lcsmsx153.ger.corp.intel.com (10.186.165.228) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 17 Apr 2019 08:38:32 -0700 Received: from HASMSX109.ger.corp.intel.com ([169.254.3.144]) by LCSMSX153.ger.corp.intel.com ([169.254.8.148]) with mapi id 14.03.0415.000; Wed, 17 Apr 2019 18:38:29 +0300 From: "Kusztal, ArkadiuszX" To: "Trahe, Fiona" , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , "De Lara Guarch, Pablo" Thread-Topic: [PATCH] cryptodev: add an option to support both iv and J0 for GCM Thread-Index: AQHU9PDhg7SqaaafPUSd/sOmE8kVvaZAB9yAgABy1eA= Date: Wed, 17 Apr 2019 15:38:29 +0000 Message-ID: <06EE24DD0B19E248B53F6DC8657831551B153CD9@hasmsx109.ger.corp.intel.com> References: <20190417073641.2436-1-arkadiuszx.kusztal@intel.com> <348A99DA5F5B7549AA880327E580B43589743C51@IRSMSX101.ger.corp.intel.com> In-Reply-To: <348A99DA5F5B7549AA880327E580B43589743C51@IRSMSX101.ger.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.104.12.183] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] cryptodev: add an option to support both iv and J0 for GCM X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2019 15:38:36 -0000 Hi Fiona, > [Fiona] IVs greater than 16 bytes can be used, right? If so change to "a = minimum of 16 bytes must be >allocated". Same below. [AK] - yes, this comment may be misleading, of course it means 16 bytes min= imum. This is because of legacy reasons, i.e. aesni-gcm once had formation = of pre-counter block inside the PMD using the existing buffer (when len(iv)= =3D=3D12), hence need for 16 bytes allocation. Some other drivers still can= behave in similar fashion so it probably has to stay for a while. I will send v2. > -----Original Message----- > From: Trahe, Fiona > Sent: Wednesday, April 17, 2019 1:38 PM > To: Kusztal, ArkadiuszX ; dev@dpdk.org > Cc: akhil.goyal@nxp.com; De Lara Guarch, Pablo > ; Trahe, Fiona > Subject: RE: [PATCH] cryptodev: add an option to support both iv and J0 f= or > GCM >=20 > Hi Arek, >=20 > > -----Original Message----- > > From: Kusztal, ArkadiuszX > > Sent: Wednesday, April 17, 2019 8:37 AM > > To: dev@dpdk.org > > Cc: akhil.goyal@nxp.com; Trahe, Fiona ; De Lara > > Guarch, Pablo ; Kusztal, ArkadiuszX > > > > Subject: [PATCH] cryptodev: add an option to support both iv and J0 > > for GCM > > > > This patch adds an option to support both IV (of all supported sizes) > > and J0 when using Galois Counter Mode of crypto operation. > > > > Signed-off-by: Arek Kusztal > > --- > > lib/librte_cryptodev/rte_crypto_sym.h | 37 > > ++++++++++++++++++----------------- > > 1 file changed, 19 insertions(+), 18 deletions(-) > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > b/lib/librte_cryptodev/rte_crypto_sym.h > > index c80e90e..126d9f3 100644 > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > @@ -152,11 +152,6 @@ struct rte_crypto_cipher_xform { > > * > > * - For block ciphers in CTR mode, this is the counter. > > * > > - * - For GCM mode, this is either the IV (if the length > > - * is 96 bits) or J0 (for other sizes), where J0 is as > > - * defined by NIST SP800-38D. Regardless of the IV > > - * length, a full 16 bytes needs to be allocated. > > - * > > * - For CCM mode, the first byte is reserved, and the > > * nonce should be written starting at &iv[1] (to allow > > * space for the implementation to write in the flags @@ - > 184,9 > > +179,6 @@ struct rte_crypto_cipher_xform { > > * of the counter (which must be the same as the block > > * length of the cipher). > > * > > - * - For GCM mode, this is either 12 (for 96-bit IVs) > > - * or 16, in which case data points to J0. > > - * > > * - For CCM mode, this is the length of the nonce, > > * which can be in the range 7 to 13 inclusive. > > */ > > @@ -306,9 +298,10 @@ struct rte_crypto_auth_xform { > > * specified as number of bytes from start of crypto > > * operation (rte_crypto_op). > > * > > - * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode and > > - * for AES-GMAC, this is the authentication > > - * Initialisation Vector (IV) value. > > + * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode > > + * this is the authentication Initialisation Vector > > + * (IV) value. For AES-GMAC IV description please refer > > + * to the field `length` in iv struct. > > * > > * - For KASUMI in F9 mode and other authentication > > * algorithms, this field is not used. > > @@ -325,6 +318,14 @@ struct rte_crypto_auth_xform { > > * - For KASUMI in F9 mode and other authentication > > * algorithms, this field is not used. > > * > > + * - For GMAC mode, this is either: > > + * 1) Number greater or equal to one, which means that IV > > + * is used and J0 will be computed internally, 16 bytes > > + * needs to be allocated. > [Fiona] IVs greater than 16 bytes can be used, right? If so change to "a > minimum of 16 bytes must be allocated". Same below. >=20 > > + * 2) Zero, in which case data points to J0. In this case > > + * 16 bytes of J0 should be passed where J0 is defined > > + * by NIST SP800-38D. > > + * > > */ > > } iv; /**< Initialisation vector parameters */ > > > > @@ -383,11 +384,6 @@ struct rte_crypto_aead_xform { > > * specified as number of bytes from start of crypto > > * operation (rte_crypto_op). > > * > > - * - For GCM mode, this is either the IV (if the length > > - * is 96 bits) or J0 (for other sizes), where J0 is as > > - * defined by NIST SP800-38D. Regardless of the IV > > - * length, a full 16 bytes needs to be allocated. > > - * > > * - For CCM mode, the first byte is reserved, and the > > * nonce should be written starting at &iv[1] (to allow > > * space for the implementation to write in the flags @@ - > 401,8 > > +397,13 @@ struct rte_crypto_aead_xform { > > uint16_t length; > > /**< Length of valid IV data. > > * > > - * - For GCM mode, this is either 12 (for 96-bit IVs) > > - * or 16, in which case data points to J0. > > + * - For GCM mode, this is either: > > + * 1) Number greater or equal to one, which means that IV > > + * is used and J0 will be computed internally, 16 bytes > > + * needs to be allocated. > > + * 2) Zero, in which case data points to J0. In this case > > + * 16 bytes of J0 should be passed where J0 is defined > > + * by NIST SP800-38D. > > * > > * - For CCM mode, this is the length of the nonce, > > * which can be in the range 7 to 13 inclusive. > > -- > > 2.1.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 311C9A00E6 for ; Wed, 17 Apr 2019 17:38:39 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E3D631B6F0; Wed, 17 Apr 2019 17:38:37 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 2EFE91B6EF for ; Wed, 17 Apr 2019 17:38:36 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Apr 2019 08:38:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,362,1549958400"; d="scan'208";a="136603707" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga006.jf.intel.com with ESMTP; 17 Apr 2019 08:38:34 -0700 Received: from lcsmsx153.ger.corp.intel.com (10.186.165.228) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 17 Apr 2019 08:38:32 -0700 Received: from HASMSX109.ger.corp.intel.com ([169.254.3.144]) by LCSMSX153.ger.corp.intel.com ([169.254.8.148]) with mapi id 14.03.0415.000; Wed, 17 Apr 2019 18:38:29 +0300 From: "Kusztal, ArkadiuszX" To: "Trahe, Fiona" , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , "De Lara Guarch, Pablo" Thread-Topic: [PATCH] cryptodev: add an option to support both iv and J0 for GCM Thread-Index: AQHU9PDhg7SqaaafPUSd/sOmE8kVvaZAB9yAgABy1eA= Date: Wed, 17 Apr 2019 15:38:29 +0000 Message-ID: <06EE24DD0B19E248B53F6DC8657831551B153CD9@hasmsx109.ger.corp.intel.com> References: <20190417073641.2436-1-arkadiuszx.kusztal@intel.com> <348A99DA5F5B7549AA880327E580B43589743C51@IRSMSX101.ger.corp.intel.com> In-Reply-To: <348A99DA5F5B7549AA880327E580B43589743C51@IRSMSX101.ger.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.104.12.183] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] cryptodev: add an option to support both iv and J0 for GCM X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190417153829.9FLkElUvPqaPFaeYKR76QQsPA_MBWqZmieNwqnpS4d0@z> Hi Fiona, > [Fiona] IVs greater than 16 bytes can be used, right? If so change to "a = minimum of 16 bytes must be >allocated". Same below. [AK] - yes, this comment may be misleading, of course it means 16 bytes min= imum. This is because of legacy reasons, i.e. aesni-gcm once had formation = of pre-counter block inside the PMD using the existing buffer (when len(iv)= =3D=3D12), hence need for 16 bytes allocation. Some other drivers still can= behave in similar fashion so it probably has to stay for a while. I will send v2. > -----Original Message----- > From: Trahe, Fiona > Sent: Wednesday, April 17, 2019 1:38 PM > To: Kusztal, ArkadiuszX ; dev@dpdk.org > Cc: akhil.goyal@nxp.com; De Lara Guarch, Pablo > ; Trahe, Fiona > Subject: RE: [PATCH] cryptodev: add an option to support both iv and J0 f= or > GCM >=20 > Hi Arek, >=20 > > -----Original Message----- > > From: Kusztal, ArkadiuszX > > Sent: Wednesday, April 17, 2019 8:37 AM > > To: dev@dpdk.org > > Cc: akhil.goyal@nxp.com; Trahe, Fiona ; De Lara > > Guarch, Pablo ; Kusztal, ArkadiuszX > > > > Subject: [PATCH] cryptodev: add an option to support both iv and J0 > > for GCM > > > > This patch adds an option to support both IV (of all supported sizes) > > and J0 when using Galois Counter Mode of crypto operation. > > > > Signed-off-by: Arek Kusztal > > --- > > lib/librte_cryptodev/rte_crypto_sym.h | 37 > > ++++++++++++++++++----------------- > > 1 file changed, 19 insertions(+), 18 deletions(-) > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > b/lib/librte_cryptodev/rte_crypto_sym.h > > index c80e90e..126d9f3 100644 > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > @@ -152,11 +152,6 @@ struct rte_crypto_cipher_xform { > > * > > * - For block ciphers in CTR mode, this is the counter. > > * > > - * - For GCM mode, this is either the IV (if the length > > - * is 96 bits) or J0 (for other sizes), where J0 is as > > - * defined by NIST SP800-38D. Regardless of the IV > > - * length, a full 16 bytes needs to be allocated. > > - * > > * - For CCM mode, the first byte is reserved, and the > > * nonce should be written starting at &iv[1] (to allow > > * space for the implementation to write in the flags @@ - > 184,9 > > +179,6 @@ struct rte_crypto_cipher_xform { > > * of the counter (which must be the same as the block > > * length of the cipher). > > * > > - * - For GCM mode, this is either 12 (for 96-bit IVs) > > - * or 16, in which case data points to J0. > > - * > > * - For CCM mode, this is the length of the nonce, > > * which can be in the range 7 to 13 inclusive. > > */ > > @@ -306,9 +298,10 @@ struct rte_crypto_auth_xform { > > * specified as number of bytes from start of crypto > > * operation (rte_crypto_op). > > * > > - * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode and > > - * for AES-GMAC, this is the authentication > > - * Initialisation Vector (IV) value. > > + * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode > > + * this is the authentication Initialisation Vector > > + * (IV) value. For AES-GMAC IV description please refer > > + * to the field `length` in iv struct. > > * > > * - For KASUMI in F9 mode and other authentication > > * algorithms, this field is not used. > > @@ -325,6 +318,14 @@ struct rte_crypto_auth_xform { > > * - For KASUMI in F9 mode and other authentication > > * algorithms, this field is not used. > > * > > + * - For GMAC mode, this is either: > > + * 1) Number greater or equal to one, which means that IV > > + * is used and J0 will be computed internally, 16 bytes > > + * needs to be allocated. > [Fiona] IVs greater than 16 bytes can be used, right? If so change to "a > minimum of 16 bytes must be allocated". Same below. >=20 > > + * 2) Zero, in which case data points to J0. In this case > > + * 16 bytes of J0 should be passed where J0 is defined > > + * by NIST SP800-38D. > > + * > > */ > > } iv; /**< Initialisation vector parameters */ > > > > @@ -383,11 +384,6 @@ struct rte_crypto_aead_xform { > > * specified as number of bytes from start of crypto > > * operation (rte_crypto_op). > > * > > - * - For GCM mode, this is either the IV (if the length > > - * is 96 bits) or J0 (for other sizes), where J0 is as > > - * defined by NIST SP800-38D. Regardless of the IV > > - * length, a full 16 bytes needs to be allocated. > > - * > > * - For CCM mode, the first byte is reserved, and the > > * nonce should be written starting at &iv[1] (to allow > > * space for the implementation to write in the flags @@ - > 401,8 > > +397,13 @@ struct rte_crypto_aead_xform { > > uint16_t length; > > /**< Length of valid IV data. > > * > > - * - For GCM mode, this is either 12 (for 96-bit IVs) > > - * or 16, in which case data points to J0. > > + * - For GCM mode, this is either: > > + * 1) Number greater or equal to one, which means that IV > > + * is used and J0 will be computed internally, 16 bytes > > + * needs to be allocated. > > + * 2) Zero, in which case data points to J0. In this case > > + * 16 bytes of J0 should be passed where J0 is defined > > + * by NIST SP800-38D. > > * > > * - For CCM mode, this is the length of the nonce, > > * which can be in the range 7 to 13 inclusive. > > -- > > 2.1.0