[dpdk-dev] [PATCH 3/8] crypto/openssl: do not append digest

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: declan.doherty@intel.com, jerin.jacob@caviumnetworks.com
Cc: dev@dpdk.org, Pablo de Lara <pablo.de.lara.guarch@intel.com>
Subject: [dpdk-dev] [PATCH 3/8] crypto/openssl: do not append digest
Date: Fri, 18 Aug 2017 08:20:58 +0100	[thread overview]
Message-ID: <20170818072103.1416-4-pablo.de.lara.guarch@intel.com> (raw)
In-Reply-To: <20170818072103.1416-1-pablo.de.lara.guarch@intel.com>

When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c         | 19 ++++++++-----------
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  7 +++++++
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bd5f98..b72d1f4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1237,9 +1237,9 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 
 /** Process auth operation */
 static void
-process_openssl_auth_op
-		(struct rte_crypto_op *op, struct openssl_session *sess,
-		struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)
+process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+		struct openssl_session *sess, struct rte_mbuf *mbuf_src,
+		struct rte_mbuf *mbuf_dst)
 {
 	uint8_t *dst;
 	int srclen, status;
@@ -1247,8 +1247,7 @@ process_openssl_auth_op
 	srclen = op->sym->auth.data.length;
 
 	if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
-		dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
-				sess->auth.digest_length);
+		dst = (uint8_t *)&qp->temp_digest;
 	else {
 		dst = op->sym->auth.digest.data;
 		if (dst == NULL)
@@ -1279,8 +1278,6 @@ process_openssl_auth_op
 				sess->auth.digest_length) != 0) {
 			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 		}
-		/* Trim area used for digest from mbuf. */
-		rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length);
 	}
 
 	if (status != 0)
@@ -1289,7 +1286,7 @@ process_openssl_auth_op
 
 /** Process crypto operation for mbuf */
 static int
-process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
+process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		struct openssl_session *sess)
 {
 	struct rte_mbuf *msrc, *mdst;
@@ -1305,14 +1302,14 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
 		process_openssl_cipher_op(op, sess, msrc, mdst);
 		break;
 	case OPENSSL_CHAIN_ONLY_AUTH:
-		process_openssl_auth_op(op, sess, msrc, mdst);
+		process_openssl_auth_op(qp, op, sess, msrc, mdst);
 		break;
 	case OPENSSL_CHAIN_CIPHER_AUTH:
 		process_openssl_cipher_op(op, sess, msrc, mdst);
-		process_openssl_auth_op(op, sess, mdst, mdst);
+		process_openssl_auth_op(qp, op, sess, mdst, mdst);
 		break;
 	case OPENSSL_CHAIN_AUTH_CIPHER:
-		process_openssl_auth_op(op, sess, msrc, mdst);
+		process_openssl_auth_op(qp, op, sess, msrc, mdst);
 		process_openssl_cipher_op(op, sess, msrc, mdst);
 		break;
 	case OPENSSL_CHAIN_COMBINED:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index b7f7475..93937d5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -59,6 +59,8 @@
 #define OPENSSL_LOG_DBG(fmt, args...)
 #endif
 
+/* Maximum length for digest (SHA-512 needs 64 bytes) */
+#define DIGEST_LENGTH_MAX 64
 
 /** OPENSSL operation order mode enumerator */
 enum openssl_chain_order {
@@ -103,6 +105,11 @@ struct openssl_qp {
 	/**< Session Mempool */
 	struct rte_cryptodev_stats stats;
 	/**< Queue pair statistics */
+	uint8_t temp_digest[DIGEST_LENGTH_MAX];
+	/**< Buffer used to store the digest generated
+	 * by the driver when verifying a digest provided
+	 * by the user (using authentication verify operation)
+	 */
 } __rte_cache_aligned;
 
 /** OPENSSL crypto private session structure */
-- 
2.9.4

next prev parent reply	other threads:[~2017-08-18 15:21 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-18  7:20 [dpdk-dev] [PATCH 0/8] Remove temporary digest allocation Pablo de Lara
2017-08-18  7:20 ` [dpdk-dev] [PATCH 1/8] crypto/aesni_gcm: do not append digest Pablo de Lara
2017-09-04 10:07   ` Zhang, Roy Fan
2017-09-05  8:49     ` De Lara Guarch, Pablo
2017-08-18  7:20 ` [dpdk-dev] [PATCH 2/8] crypto/armv8: " Pablo de Lara
2017-09-11  5:22   ` Jerin Jacob
2017-08-18  7:20 ` Pablo de Lara [this message]
2017-08-18  7:20 ` [dpdk-dev] [PATCH 4/8] crypto/kasumi: " Pablo de Lara
2017-08-18  7:21 ` [dpdk-dev] [PATCH 5/8] crypto/snow3g: " Pablo de Lara
2017-08-18  7:21 ` [dpdk-dev] [PATCH 6/8] crypto/zuc: " Pablo de Lara
2017-08-18  7:21 ` [dpdk-dev] [PATCH 7/8] crypto/aesni_mb: " Pablo de Lara
2017-08-18  7:21 ` [dpdk-dev] [PATCH 8/8] test/crypto: do not allocate extra memory for digest Pablo de Lara
2017-09-05  2:19 ` [dpdk-dev] [PATCH v2 0/8] Remove temporary digest allocation Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 1/8] crypto/aesni_gcm: do not append digest Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 2/8] crypto/armv8: " Pablo de Lara
2017-09-06  9:02     ` De Lara Guarch, Pablo
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 3/8] crypto/openssl: " Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 4/8] crypto/kasumi: " Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 5/8] crypto/snow3g: " Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 6/8] crypto/zuc: " Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 7/8] crypto/aesni_mb: " Pablo de Lara
2017-09-05  2:20   ` [dpdk-dev] [PATCH v2 8/8] test/crypto: do not allocate extra memory for digest Pablo de Lara
2017-09-05 12:38   ` [dpdk-dev] [PATCH v2 0/8] Remove temporary digest allocation Zhang, Roy Fan
2017-09-11  9:39     ` De Lara Guarch, Pablo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170818072103.1416-4-pablo.de.lara.guarch@intel.com \
    --to=pablo.de.lara.guarch@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=jerin.jacob@caviumnetworks.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).