From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 8ED967CC3 for ; Sun, 28 May 2017 23:05:18 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 May 2017 14:05:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,411,1491289200"; d="scan'208";a="1135678847" Received: from silpixa00381631.ir.intel.com (HELO silpixa00381631.ger.corp.intel.com) ([10.237.222.122]) by orsmga001.jf.intel.com with ESMTP; 28 May 2017 14:05:16 -0700 From: Pablo de Lara To: declan.doherty@intel.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com, zbigniew.bodek@caviumnetworks.com, jerin.jacob@caviumnetworks.com Cc: dev@dpdk.org, Pablo de Lara Date: Sun, 28 May 2017 22:05:16 +0100 Message-Id: <1496005522-134934-8-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com> References: <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH 07/13] cryptodev: remove digest length from crypto op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 May 2017 21:05:20 -0000 Digest length was duplicated in the authentication transform and the crypto operation structures. Since digest length is not expected to change in a same session, it is removed from the crypto operation. Also, the length has been shrunk to 16 bits, which should be sufficient for any digest. Signed-off-by: Pablo de Lara --- app/test-crypto-perf/cperf_ops.c | 7 ----- drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 35 ++++++++++++++---------- drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 2 ++ drivers/crypto/armv8/rte_armv8_pmd.c | 9 ++++-- drivers/crypto/armv8/rte_armv8_pmd_private.h | 2 ++ drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 34 +++++++++++++---------- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 1 + drivers/crypto/kasumi/rte_kasumi_pmd.c | 18 ++++++------ drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++++-- drivers/crypto/openssl/rte_openssl_pmd_private.h | 3 ++ drivers/crypto/qat/qat_adf/qat_algs.h | 1 + drivers/crypto/qat/qat_crypto.c | 2 +- drivers/crypto/snow3g/rte_snow3g_pmd.c | 18 ++++++------ drivers/crypto/zuc/rte_zuc_pmd.c | 18 ++++++------ lib/librte_cryptodev/rte_crypto_sym.h | 6 +--- 15 files changed, 88 insertions(+), 76 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 18a0c2c..a101ba1 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -142,7 +142,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops, sym_op->auth.digest.data = test_vector->digest.data; sym_op->auth.digest.phys_addr = test_vector->digest.phys_addr; - sym_op->auth.digest.length = options->auth_digest_sz; } else { uint32_t offset = options->test_buffer_size; @@ -165,7 +164,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops, uint8_t *, offset); sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(buf, offset); - sym_op->auth.digest.length = options->auth_digest_sz; sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; sym_op->auth.aad.data = test_vector->aad.data; sym_op->auth.aad.length = options->auth_aad_sz; @@ -221,7 +219,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops, sym_op->auth.digest.data = test_vector->digest.data; sym_op->auth.digest.phys_addr = test_vector->digest.phys_addr; - sym_op->auth.digest.length = options->auth_digest_sz; } else { uint32_t offset = options->test_buffer_size; @@ -244,7 +241,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops, uint8_t *, offset); sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(buf, offset); - sym_op->auth.digest.length = options->auth_digest_sz; sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; sym_op->auth.aad.data = test_vector->aad.data; sym_op->auth.aad.length = options->auth_aad_sz; @@ -298,7 +294,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, sym_op->auth.digest.data = test_vector->digest.data; sym_op->auth.digest.phys_addr = test_vector->digest.phys_addr; - sym_op->auth.digest.length = options->auth_digest_sz; } else { uint32_t offset = sym_op->cipher.data.length + @@ -322,8 +317,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, uint8_t *, offset); sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(buf, offset); - - sym_op->auth.digest.length = options->auth_digest_sz; } sym_op->auth.data.length = options->test_buffer_size; diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c index ec00d22..31e48aa 100644 --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c @@ -77,6 +77,7 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess, { const struct rte_crypto_sym_xform *auth_xform; const struct rte_crypto_sym_xform *cipher_xform; + uint16_t digest_length; if (xform->next == NULL || xform->next->next != NULL) { GCM_LOG_ERR("Two and only two chained xform required"); @@ -116,6 +117,8 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess, return -EINVAL; } + digest_length = auth_xform->auth.digest_length; + /* Check key length and calculate GCM pre-compute. */ switch (cipher_xform->cipher.key.length) { case 16: @@ -133,6 +136,15 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess, return -EINVAL; } + /* Digest check */ + if (digest_length != 16 && + digest_length != 12 && + digest_length != 8) { + GCM_LOG_ERR("digest"); + return -EINVAL; + } + sess->digest_length = digest_length; + return 0; } @@ -234,13 +246,6 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op, *iv_padd = rte_bswap32(1); } - if (op->auth.digest.length != 16 && - op->auth.digest.length != 12 && - op->auth.digest.length != 8) { - GCM_LOG_ERR("digest"); - return -1; - } - if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) { aesni_gcm_enc[session->key].init(&session->gdata, @@ -270,11 +275,11 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op, aesni_gcm_enc[session->key].finalize(&session->gdata, op->auth.digest.data, - (uint64_t)op->auth.digest.length); + (uint64_t)session->digest_length); } else { /* session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION */ uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(op->m_dst ? op->m_dst : op->m_src, - op->auth.digest.length); + session->digest_length); if (!auth_tag) { GCM_LOG_ERR("auth_tag"); @@ -308,7 +313,7 @@ process_gcm_crypto_op(struct rte_crypto_sym_op *op, aesni_gcm_dec[session->key].finalize(&session->gdata, auth_tag, - (uint64_t)op->auth.digest.length); + (uint64_t)session->digest_length); } return 0; @@ -338,21 +343,21 @@ post_process_gcm_crypto_op(struct rte_crypto_op *op) if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) { uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *, - m->data_len - op->sym->auth.digest.length); + m->data_len - session->digest_length); #ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG rte_hexdump(stdout, "auth tag (orig):", - op->sym->auth.digest.data, op->sym->auth.digest.length); + op->sym->auth.digest.data, session->digest_length); rte_hexdump(stdout, "auth tag (calc):", - tag, op->sym->auth.digest.length); + tag, session->digest_length); #endif if (memcmp(tag, op->sym->auth.digest.data, - op->sym->auth.digest.length) != 0) + session->digest_length) != 0) op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; /* trim area used for digest from mbuf */ - rte_pktmbuf_trim(m, op->sym->auth.digest.length); + rte_pktmbuf_trim(m, session->digest_length); } } diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h index 0496b44..b27ad40 100644 --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h @@ -90,6 +90,8 @@ enum aesni_gcm_key { /** AESNI GCM private session structure */ struct aesni_gcm_session { + uint16_t digest_length; + /**< Digest length */ enum aesni_gcm_operation op; /**< GCM operation type */ enum aesni_gcm_key key; diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c index 146e68a..3ca9007 100644 --- a/drivers/crypto/armv8/rte_armv8_pmd.c +++ b/drivers/crypto/armv8/rte_armv8_pmd.c @@ -451,6 +451,9 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess, return -EINVAL; } + /* Set the digest length */ + sess->auth.digest_length = auth_xform->auth.digest_length; + /* Verify supported key lengths and extract proper algorithm */ switch (cipher_xform->cipher.key.length << 3) { case 128: @@ -645,7 +648,7 @@ process_armv8_chained_op } } else { adst = (uint8_t *)rte_pktmbuf_append(m_asrc, - op->sym->auth.digest.length); + sess->auth.digest_length); } if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) { @@ -667,12 +670,12 @@ process_armv8_chained_op op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { if (memcmp(adst, op->sym->auth.digest.data, - op->sym->auth.digest.length) != 0) { + sess->auth.digest_length) != 0) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } /* Trim area used for digest from mbuf. */ rte_pktmbuf_trim(m_asrc, - op->sym->auth.digest.length); + sess->auth.digest_length); } } diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h index b75107f..ccd5fdc 100644 --- a/drivers/crypto/armv8/rte_armv8_pmd_private.h +++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h @@ -196,6 +196,8 @@ struct armv8_crypto_session { /**< HMAC key (max supported length)*/ } hmac; }; + uint16_t digest_length; + /* Digest length */ } auth; } __rte_cache_aligned; diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index ba0bfb3..336c281 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -84,7 +84,7 @@ build_authenc_fd(dpaa2_sec_session *sess, struct sec_flow_context *flc; uint32_t auth_only_len = sym_op->auth.data.length - sym_op->cipher.data.length; - int icv_len = sym_op->auth.digest.length; + int icv_len = sess->digest_length; uint8_t *old_icv; uint32_t mem_len = (7 * sizeof(struct qbman_fle)) + icv_len; @@ -133,7 +133,7 @@ build_authenc_fd(dpaa2_sec_session *sess, "cipher_off: 0x%x/length %d, iv-len=%d data_off: 0x%x\n", sym_op->auth.data.offset, sym_op->auth.data.length, - sym_op->auth.digest.length, + sess->digest_length, sym_op->cipher.data.offset, sym_op->cipher.data.length, sym_op->cipher.iv.length, @@ -159,7 +159,7 @@ build_authenc_fd(dpaa2_sec_session *sess, sge++; DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data)); - sge->length = sym_op->auth.digest.length; + sge->length = sess->digest_length; DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length + sym_op->cipher.iv.length)); } @@ -175,7 +175,7 @@ build_authenc_fd(dpaa2_sec_session *sess, fle->length = (sess->dir == DIR_ENC) ? (sym_op->auth.data.length + sym_op->cipher.iv.length) : (sym_op->auth.data.length + sym_op->cipher.iv.length + - sym_op->auth.digest.length); + sess->digest_length); /* Configure Input SGE for Encap/Decap */ DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(sym_op->cipher.iv.data)); @@ -190,12 +190,12 @@ build_authenc_fd(dpaa2_sec_session *sess, sge++; old_icv = (uint8_t *)(sge + 1); memcpy(old_icv, sym_op->auth.digest.data, - sym_op->auth.digest.length); - memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length); + sess->digest_length); + memset(sym_op->auth.digest.data, 0, sess->digest_length); DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv)); - sge->length = sym_op->auth.digest.length; + sge->length = sess->digest_length; DPAA2_SET_FD_LEN(fd, (sym_op->auth.data.length + - sym_op->auth.digest.length + + sess->digest_length + sym_op->cipher.iv.length)); } DPAA2_SET_FLE_FIN(sge); @@ -215,7 +215,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op, uint32_t mem_len = (sess->dir == DIR_ENC) ? (3 * sizeof(struct qbman_fle)) : (5 * sizeof(struct qbman_fle) + - sym_op->auth.digest.length); + sess->digest_length); struct sec_flow_context *flc; struct ctxt_priv *priv = sess->ctxt; uint8_t *old_digest; @@ -249,7 +249,7 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op, DPAA2_SET_FD_FLC(fd, DPAA2_VADDR_TO_IOVA(flc)); DPAA2_SET_FLE_ADDR(fle, DPAA2_VADDR_TO_IOVA(sym_op->auth.digest.data)); - fle->length = sym_op->auth.digest.length; + fle->length = sess->digest_length; DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(fle)); DPAA2_SET_FD_COMPOUND_FMT(fd); @@ -280,17 +280,17 @@ build_auth_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op, sym_op->m_src->data_off); DPAA2_SET_FD_LEN(fd, sym_op->auth.data.length + - sym_op->auth.digest.length); + sess->digest_length); sge->length = sym_op->auth.data.length; sge++; old_digest = (uint8_t *)(sge + 1); rte_memcpy(old_digest, sym_op->auth.digest.data, - sym_op->auth.digest.length); - memset(sym_op->auth.digest.data, 0, sym_op->auth.digest.length); + sess->digest_length); + memset(sym_op->auth.digest.data, 0, sess->digest_length); DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_digest)); - sge->length = sym_op->auth.digest.length; + sge->length = sess->digest_length; fle->length = sym_op->auth.data.length + - sym_op->auth.digest.length; + sess->digest_length; DPAA2_SET_FLE_FIN(sge); } DPAA2_SET_FLE_FIN(fle); @@ -904,6 +904,8 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev, authdata.key_enc_flags = 0; authdata.key_type = RTA_DATA_IMM; + session->digest_length = xform->auth.digest_length; + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_SHA1_HMAC: authdata.algtype = OP_ALG_ALGSEL_SHA1; @@ -1051,6 +1053,8 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev, authdata.key_enc_flags = 0; authdata.key_type = RTA_DATA_IMM; + session->digest_length = xform->auth.digest_length; + switch (auth_xform->algo) { case RTE_CRYPTO_AUTH_SHA1_HMAC: authdata.algtype = OP_ALG_ALGSEL_SHA1; diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h index f5c6169..d4ca86c 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h @@ -187,6 +187,7 @@ typedef struct dpaa2_sec_session_entry { uint8_t *data; /**< pointer to key data */ size_t length; /**< key length in bytes */ } auth_key; + uint16_t digest_length; uint8_t status; union { struct dpaa2_sec_cipher_ctxt cipher_ctxt; diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c index d089b0d..6407a7d 100644 --- a/drivers/crypto/kasumi/rte_kasumi_pmd.c +++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c @@ -124,6 +124,12 @@ kasumi_set_session_parameters(struct kasumi_session *sess, /* Only KASUMI F9 supported */ if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_KASUMI_F9) return -EINVAL; + + if (auth_xform->auth.digest_length != KASUMI_DIGEST_LENGTH) { + KASUMI_LOG_ERR("Wrong digest length"); + return -EINVAL; + } + sess->auth_op = auth_xform->auth.op; /* Initialize key */ sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data, @@ -259,12 +265,6 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, break; } - if (unlikely(ops[i]->sym->auth.digest.length != KASUMI_DIGEST_LENGTH)) { - ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; - KASUMI_LOG_ERR("digest"); - break; - } - /* Data must be byte aligned */ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; @@ -285,19 +285,19 @@ process_kasumi_hash_op(struct rte_crypto_op **ops, if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src, - ops[i]->sym->auth.digest.length); + KASUMI_DIGEST_LENGTH); sso_kasumi_f9_1_buffer_user(&session->pKeySched_hash, IV, src, length_in_bits, dst, direction); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, - ops[i]->sym->auth.digest.length) != 0) + KASUMI_DIGEST_LENGTH) != 0) ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; /* Trim area used for digest from mbuf. */ rte_pktmbuf_trim(ops[i]->sym->m_src, - ops[i]->sym->auth.digest.length); + KASUMI_DIGEST_LENGTH); } else { dst = ops[i]->sym->auth.digest.data; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index a92bd88..0333526 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -365,6 +365,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, return -EINVAL; } + sess->auth.digest_length = xform->auth.digest_length; + return 0; } @@ -1116,7 +1118,7 @@ process_openssl_auth_op if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) dst = (uint8_t *)rte_pktmbuf_append(mbuf_src, - op->sym->auth.digest.length); + sess->auth.digest_length); else { dst = op->sym->auth.digest.data; if (dst == NULL) @@ -1144,11 +1146,11 @@ process_openssl_auth_op if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { if (memcmp(dst, op->sym->auth.digest.data, - op->sym->auth.digest.length) != 0) { + sess->auth.digest_length) != 0) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } /* Trim area used for digest from mbuf. */ - rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length); + rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length); } if (status != 0) diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 4d820c5..28a8e36 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -157,6 +157,9 @@ struct openssl_session { /**< pointer to EVP context structure */ } hmac; }; + + uint16_t digest_length; + /**< digest length */ } auth; } __rte_cache_aligned; diff --git a/drivers/crypto/qat/qat_adf/qat_algs.h b/drivers/crypto/qat/qat_adf/qat_algs.h index b139007..9acd68a 100644 --- a/drivers/crypto/qat/qat_adf/qat_algs.h +++ b/drivers/crypto/qat/qat_adf/qat_algs.h @@ -127,6 +127,7 @@ struct qat_session { struct icp_qat_fw_la_bulk_req fw_req; uint32_t *aad_len; struct qat_crypto_instance *inst; + uint16_t digest_length; rte_spinlock_t lock; /* protects this struct */ }; diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index 35edfc9..329f88a 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -1188,7 +1188,7 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg, rte_hexdump(stdout, "iv:", op->sym->cipher.iv.data, op->sym->cipher.iv.length); rte_hexdump(stdout, "digest:", op->sym->auth.digest.data, - op->sym->auth.digest.length); + ctx->digest_length); rte_hexdump(stdout, "aad:", op->sym->auth.aad.data, op->sym->auth.aad.length); #endif diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c index d928ed2..75989da 100644 --- a/drivers/crypto/snow3g/rte_snow3g_pmd.c +++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c @@ -124,6 +124,12 @@ snow3g_set_session_parameters(struct snow3g_session *sess, /* Only SNOW 3G UIA2 supported */ if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2) return -EINVAL; + + if (auth_xform->auth.digest_length != SNOW3G_DIGEST_LENGTH) { + SNOW3G_LOG_ERR("Wrong digest length"); + return -EINVAL; + } + sess->auth_op = auth_xform->auth.op; /* Initialize key */ sso_snow3g_init_key_sched(auth_xform->auth.key.data, @@ -254,12 +260,6 @@ process_snow3g_hash_op(struct rte_crypto_op **ops, break; } - if (unlikely(ops[i]->sym->auth.digest.length != SNOW3G_DIGEST_LENGTH)) { - ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; - SNOW3G_LOG_ERR("digest"); - break; - } - /* Data must be byte aligned */ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; @@ -274,19 +274,19 @@ process_snow3g_hash_op(struct rte_crypto_op **ops, if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint8_t *)rte_pktmbuf_append(ops[i]->sym->m_src, - ops[i]->sym->auth.digest.length); + SNOW3G_DIGEST_LENGTH); sso_snow3g_f9_1_buffer(&session->pKeySched_hash, ops[i]->sym->auth.aad.data, src, length_in_bits, dst); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, - ops[i]->sym->auth.digest.length) != 0) + SNOW3G_DIGEST_LENGTH) != 0) ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; /* Trim area used for digest from mbuf. */ rte_pktmbuf_trim(ops[i]->sym->m_src, - ops[i]->sym->auth.digest.length); + SNOW3G_DIGEST_LENGTH); } else { dst = ops[i]->sym->auth.digest.data; diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 046c830..e7a3de8 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -123,6 +123,12 @@ zuc_set_session_parameters(struct zuc_session *sess, /* Only ZUC EIA3 supported */ if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3) return -EINVAL; + + if (auth_xform->auth.digest_length != ZUC_DIGEST_LENGTH) { + ZUC_LOG_ERR("Wrong digest length"); + return -EINVAL; + } + sess->auth_op = auth_xform->auth.op; /* Copy the key */ memcpy(sess->pKey_hash, auth_xform->auth.key.data, @@ -245,12 +251,6 @@ process_zuc_hash_op(struct rte_crypto_op **ops, break; } - if (unlikely(ops[i]->sym->auth.digest.length != ZUC_DIGEST_LENGTH)) { - ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; - ZUC_LOG_ERR("digest"); - break; - } - /* Data must be byte aligned */ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; @@ -265,19 +265,19 @@ process_zuc_hash_op(struct rte_crypto_op **ops, if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint32_t *)rte_pktmbuf_append(ops[i]->sym->m_src, - ops[i]->sym->auth.digest.length); + ZUC_DIGEST_LENGTH); sso_zuc_eia3_1_buffer(session->pKey_hash, ops[i]->sym->auth.aad.data, src, length_in_bits, dst); /* Verify digest. */ if (memcmp(dst, ops[i]->sym->auth.digest.data, - ops[i]->sym->auth.digest.length) != 0) + ZUC_DIGEST_LENGTH) != 0) ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; /* Trim area used for digest from mbuf. */ rte_pktmbuf_trim(ops[i]->sym->m_src, - ops[i]->sym->auth.digest.length); + ZUC_DIGEST_LENGTH); } else { dst = (uint32_t *)ops[i]->sym->auth.digest.data; diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 08f4d02..982a97c 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -305,7 +305,7 @@ struct rte_crypto_auth_xform { * (for example RFC 2104, FIPS 198a). */ - uint32_t digest_length; + uint16_t digest_length; /**< Length of the digest to be returned. If the verify option is set, * this specifies the length of the digest to be compared for the * session. @@ -553,10 +553,6 @@ struct rte_crypto_sym_op { */ phys_addr_t phys_addr; /**< Physical address of digest */ - uint16_t length; - /**< Length of digest. This must be the same value as - * @ref rte_crypto_auth_xform.digest_length. - */ } digest; /**< Digest parameters */ struct { -- 2.7.4