From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D529FA052B; Wed, 29 Jul 2020 16:22:56 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B50541C039; Wed, 29 Jul 2020 16:22:56 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 162AB1BE9A for ; Wed, 29 Jul 2020 16:22:54 +0200 (CEST) IronPort-SDR: 7SN+9/68eaa3wWr7+1gV5PVD1NO5FLERsrEdlwxr5rZIdjggdF/y6bivEA7Dk7JnJSy+PUXsEp 0ztLVJPIhz1w== X-IronPort-AV: E=McAfee;i="6000,8403,9696"; a="149260200" X-IronPort-AV: E=Sophos;i="5.75,410,1589266800"; d="scan'208";a="149260200" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jul 2020 07:22:54 -0700 IronPort-SDR: GguADdMm5xEbrXAYd1f9S+/5+GPFVC82n9ehj0x3yIRRSOZGnI13j/NqpY2a5KW4E7BKRqYQ/p 2A2PM6AVcq2A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,410,1589266800"; d="scan'208";a="304236018" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.125.76]) by orsmga002.jf.intel.com with ESMTP; 29 Jul 2020 07:22:50 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, anoobj@marvell.com, shallyv@marvell.com, declan.doherty@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com, Arek Kusztal Date: Wed, 29 Jul 2020 16:22:19 +0200 Message-Id: <20200729142219.13376-1-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] [RFC] cryptodev: move AES-GMAC to aead algorithms X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This is proposal to move AES-GMAC algorithm to AEAD set of algorithms. It is however not 100% conformant GMAC as instead of aad pointer data to be authenticated is passed normally and aead.data.length field is used to specify length of data to be authenticated. Reason behind this move is that GMAC is variant of GCM so it may simplify implementations that are using these algorithms (mainly IPsec). AES-GMAC therefore needs to be removed from auth algorithms. Signed-off-by: Arek Kusztal --- lib/librte_cryptodev/rte_crypto_sym.h | 15 +++++++++++---- lib/librte_cryptodev/rte_cryptodev.c | 4 ++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index f29c980..1b43c6e 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -255,8 +255,6 @@ enum rte_crypto_auth_algorithm { /**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */ RTE_CRYPTO_AUTH_AES_CMAC, /**< AES CMAC algorithm. */ - RTE_CRYPTO_AUTH_AES_GMAC, - /**< AES GMAC algorithm. */ RTE_CRYPTO_AUTH_AES_XCBC_MAC, /**< AES XCBC algorithm. */ @@ -414,6 +412,8 @@ enum rte_crypto_aead_algorithm { /**< AES algorithm in GCM mode. */ RTE_CRYPTO_AEAD_CHACHA20_POLY1305, /**< Chacha20 cipher with poly1305 authenticator */ + RTE_CRYPTO_AEAD_AES_GMAC, + /**< AES-GCM algorithm in GMAC mode. */ RTE_CRYPTO_AEAD_LIST_END }; @@ -468,7 +468,7 @@ struct rte_crypto_aead_xform { uint16_t length; /**< Length of valid IV data. * - * - For GCM mode, this is either: + * - For GCM and GMAC mode, this is either: * 1) Number greater or equal to one, which means that IV * is used and J0 will be computed internally, a minimum * of 16 bytes must be allocated. @@ -490,6 +490,8 @@ struct rte_crypto_aead_xform { * For CCM mode, this is the length of the actual AAD, even though * it is required to reserve 18 bytes before the AAD and padding * at the end of it, so a multiple of 16 bytes is allocated. + * + * For RTE_CRYPTO_AEAD_AES_GMAC this field should be set to 0. */ }; @@ -584,7 +586,10 @@ struct rte_crypto_sym_op { uint32_t length; /**< The message length, in bytes, of the source buffer * on which the cryptographic operation will be - * computed. This must be a multiple of the block size + * computed. + * + * For RTE_CRYPTO_AEAD_AES_GMAC this is length of data to be + * authenticated. */ } data; /**< Data offsets and length for AEAD */ struct { @@ -617,6 +622,8 @@ struct rte_crypto_sym_op { * needed for authenticated cipher mechanisms (CCM and * GCM) * + * For GCM this field is unused + * * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM), * the caller should setup this field as follows: * diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index 1dd795b..e14fd09 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -129,7 +129,6 @@ const char * rte_crypto_auth_algorithm_strings[] = { [RTE_CRYPTO_AUTH_AES_CBC_MAC] = "aes-cbc-mac", [RTE_CRYPTO_AUTH_AES_CMAC] = "aes-cmac", - [RTE_CRYPTO_AUTH_AES_GMAC] = "aes-gmac", [RTE_CRYPTO_AUTH_AES_XCBC_MAC] = "aes-xcbc-mac", [RTE_CRYPTO_AUTH_MD5] = "md5", @@ -162,7 +161,8 @@ const char * rte_crypto_aead_algorithm_strings[] = { [RTE_CRYPTO_AEAD_AES_CCM] = "aes-ccm", [RTE_CRYPTO_AEAD_AES_GCM] = "aes-gcm", - [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305" + [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305", + [RTE_CRYPTO_AEAD_AES_GMAC] = "aes-gmac" }; /** -- 2.1.0