* [dpdk-users] AES GCM PMD Driver IV length support
@ 2016-12-08 9:20 Nubin Stanley
2016-12-08 10:56 ` Trahe, Fiona
0 siblings, 1 reply; 3+ messages in thread
From: Nubin Stanley @ 2016-12-08 9:20 UTC (permalink / raw)
To: users; +Cc: martin.varghese
Hi All
I see that the only IV size supported in AES GCM driver is 16bytes. For
using AES-GCM-128 in IPsec, the IV length has to be 12 bytes ( 4 (salt)
+ 8 (iv)).
How should I handle this IPsec case with AES GCM PMD driver.
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_AES_GCM,
.block_size = 16,
.key_size = {
.min = 16,
.max = 16,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
Regards,
Nubin Stanley
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-users] AES GCM PMD Driver IV length support
2016-12-08 9:20 [dpdk-users] AES GCM PMD Driver IV length support Nubin Stanley
@ 2016-12-08 10:56 ` Trahe, Fiona
0 siblings, 0 replies; 3+ messages in thread
From: Trahe, Fiona @ 2016-12-08 10:56 UTC (permalink / raw)
To: Nubin Stanley, users; +Cc: martin.varghese, Trahe, Fiona
Hi Nubin,
> -----Original Message-----
> From: users [mailto:users-bounces@dpdk.org] On Behalf Of Nubin Stanley
> Sent: Thursday, December 8, 2016 9:21 AM
> To: users@dpdk.org
> Cc: martin.varghese@nokia.com
> Subject: [dpdk-users] AES GCM PMD Driver IV length support
>
> Hi All
>
>
>
> I see that the only IV size supported in AES GCM driver is 16bytes. For
> using AES-GCM-128 in IPsec, the IV length has to be 12 bytes ( 4 (salt)
> + 8 (iv)).
>
>
> How should I handle this IPsec case with AES GCM PMD driver.
>
>
>
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>
> {.sym = {
>
> .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
>
> {.cipher = {
>
> .algo = RTE_CRYPTO_CIPHER_AES_GCM,
>
> .block_size = 16,
>
> .key_size = {
>
> .min = 16,
>
> .max = 16,
>
> .increment = 0
>
> },
>
> .iv_size = {
>
> .min = 16,
>
> .max = 16,
>
> .increment = 0
>
> }
>
> }, }
>
> }, }
>
>
>
> Regards,
> Nubin Stanley
I found the following code in the PMD to handle an iv length of 12, so this looks like a bug in the capability data.
/* sanity checks */
if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
op->cipher.iv.length != 0) {
GCM_LOG_ERR("iv");
return -1;
}
/*
* GCM working in 12B IV mode => 16B pre-counter block we need
* to set BE LSB to 1, driver expects that 16B is allocated
*/
if (op->cipher.iv.length == 12) {
op->cipher.iv.data[15] = 1;
}
Have you tried passing a 12-byte iv to the driver ?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-users] AES GCM PMD Driver IV length support
@ 2016-12-09 11:00 Nubin Stanley
0 siblings, 0 replies; 3+ messages in thread
From: Nubin Stanley @ 2016-12-09 11:00 UTC (permalink / raw)
To: Trahe, Fiona, users; +Cc: martin.varghese
Hi Fiona
Thank you for the info.
And, I am adding the mailing list again. Sorry, I missed earlier.
Regards
Nubin Stanley
On Fri, Dec 9, 2016 at 3:41 PM, Trahe, Fiona <fiona.trahe@intel.com> wrote:
> I’m looking at version 16.11
>
> I think that code accepting 16 bytes padded and the 15th byte set may be
> removed in next release so only 12 bytes iv will be accepted.
>
> So keep an eye out for that patch as you’ll have to revert back.
>
> Btw- it’s better to keep these mails on the forum, with inline answers,
> cause others may have the same problem and benefit from this J
>
>
>
> *From:* Nubin Stanley [mailto:nubinstanley@gmail.com]
> *Sent:* Friday, December 9, 2016 8:22 AM
> *To:* Trahe, Fiona <fiona.trahe@intel.com>
> *Subject:* Re: [dpdk-users] AES GCM PMD Driver IV length support
>
>
>
> Hi Fiona
>
> Thanks for the quick response.
>
> It seems the DPDK version I am using is different (16.07).
>
>
>
> The sanity code in the PMD code does not accept an IV len of 12.
>
>
>
> if (op->cipher.iv.length != 16 && op->cipher.iv.length != 0) {
>
> GCM_LOG_ERR("iv");
>
> return -1;
>
> }
>
>
>
> Anyways, I have circumvented the problem by padding the IV data in my
> application and it works.
>
>
>
> * iv_pad_len = RTE_ALIGN_CEIL(entry->iv.length, 16);*
>
> * op->sym->cipher.iv.data = rte_malloc("iv", iv_pad_len, 0);*
>
> * memcpy(op->sym->cipher.iv.data, entry->iv.data, entry->iv.length);*
>
> * op->sym->cipher.iv.phys_addr =
> rte_malloc_virt2phy(op->sym->cipher.iv.data);*
>
> * op->sym->cipher.iv.length = iv_pad_len;*
>
> * op->sym->cipher.iv.data[15] = 1;*
>
>
>
> Could you please let me know the version of DPDK you are using.
>
> Thanks again for the support.
>
>
>
> Regards
>
> Nubin Stanley
>
>
>
> On Thu, Dec 8, 2016 at 4:26 PM, Trahe, Fiona <fiona.trahe@intel.com>
> wrote:
>
> Hi Nubin,
>
>
> > -----Original Message-----
> > From: users [mailto:users-bounces@dpdk.org] On Behalf Of Nubin Stanley
> > Sent: Thursday, December 8, 2016 9:21 AM
> > To: users@dpdk.org
> > Cc: martin.varghese@nokia.com
> > Subject: [dpdk-users] AES GCM PMD Driver IV length support
> >
> > Hi All
> >
> >
> >
> > I see that the only IV size supported in AES GCM driver is 16bytes. For
> > using AES-GCM-128 in IPsec, the IV length has to be 12 bytes ( 4
> (salt)
> > + 8 (iv)).
> >
> >
> > How should I handle this IPsec case with AES GCM PMD driver.
> >
> >
> >
> > .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> >
> > {.sym = {
> >
> > .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> >
> > {.cipher = {
> >
> > .algo = RTE_CRYPTO_CIPHER_AES_GCM,
> >
> > .block_size = 16,
> >
> > .key_size = {
> >
> > .min = 16,
> >
> > .max = 16,
> >
> > .increment = 0
> >
> > },
> >
> > .iv_size = {
> >
> > .min = 16,
> >
> > .max = 16,
> >
> > .increment = 0
> >
> > }
> >
> > }, }
> >
> > }, }
> >
> >
> >
> > Regards,
> > Nubin Stanley
>
> I found the following code in the PMD to handle an iv length of 12, so
> this looks like a bug in the capability data.
> /* sanity checks */
> if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
> op->cipher.iv.length != 0) {
> GCM_LOG_ERR("iv");
> return -1;
> }
>
> /*
> * GCM working in 12B IV mode => 16B pre-counter block we need
> * to set BE LSB to 1, driver expects that 16B is allocated
> */
> if (op->cipher.iv.length == 12) {
> op->cipher.iv.data[15] = 1;
> }
>
> Have you tried passing a 12-byte iv to the driver ?
>
>
>
>
>
> --
>
> Nubin Stanley
> Electronics and Biomedical Engineering
> Batch of 2009
> Model Engineering College, Kochi
> Phone : +918147742665 <081477%2042665>
> Email : nubinstanley@gmail.com
>
--
Nubin Stanley
Electronics and Biomedical Engineering
Batch of 2009
Model Engineering College, Kochi
Phone : +918147742665
Email : nubinstanley@gmail.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-12-09 11:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-08 9:20 [dpdk-users] AES GCM PMD Driver IV length support Nubin Stanley
2016-12-08 10:56 ` Trahe, Fiona
2016-12-09 11:00 Nubin Stanley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).