From: Naveen Kumar <Naveen.Kumar@commagility.com>
To: "Dybkowski, AdamX" <adamx.dybkowski@intel.com>,
"users@dpdk.org" <users@dpdk.org>
Cc: "Trahe, Fiona" <fiona.trahe@intel.com>
Subject: Re: [dpdk-users] AES "Digest-encrypted" crypto chain case.
Date: Thu, 17 Oct 2019 15:30:13 +0000 [thread overview]
Message-ID: <683218edf0b342c8a94486d84c29b16e@de-mta1.commagility.com> (raw)
In-Reply-To: <9836169a72be40328d96c3c08e78ad3d@de-mta1.commagility.com>
Hi Adam,
I configured the lengths as mentioned in comment you pointed and verified it carefully.
Is the test suite with digest-encrypted combination you tested available in public?
Can you share the QAT device information (hardware, firmware versions etc) you used?
Note:
I have done some experiments to conclude the overwriting issue:
Configured “auth_xform->auth.digest_length = 4” and expecting 4 bytes of CMAC. Digest data location is configured immediately after data.
Just for experiment purpose, I increased the length by 4 bytes more than the actual data length to be ciphered (on top of data_length + digest_length).
The sample result is as below, where “raw” digest overwritten on the highlighted location. (It also confirms my data length configuration is intact)
00000090: 00 00 00 00 00 00 00 00 87 4D 61 91 B6 20 E3 26 | .........Ma.. .&
000000A0: 1B EF 68 64 99 0D B6 CE 98 06 F6 6B 79 70 FD FF | ..hd.......kyp..
000000B0: 86 17 18 7B B9 FF FD FF 5A E4 DF 3E DB D5 D3 5E | ...{....Z..>...^
000000C0: 5B 4F 09 02 0D B0 3E AB 1E 03 1D DA 2F BE 03 D1 | [O....>...../...
000000D0: 79 21 70 A0 F3 00 9C EE "E8 1E 96 D6" 14 8A 91 0E | y!p.............
Regards,
Naveen
--
Naveen Kumar
Senior Engineer
CommAgility is a http://wirelesstelecomgroup.com/ company
T: +49 (0)203 306 4537 | http://www.commagility.com
Registered in England, Company No. 05914025. VAT No. DE299686390
CommAgility is an ISO 9001:2015-certified company
This email is confidential, for recipient’s use only.
--
Naveen Kumar
Senior Engineer
CommAgility is a Wireless Telecom Group company
T: +49 (0)203 306 4537 | www.commagility.com
Registered in England, Company No. 05914025. VAT No. DE299686390
CommAgility is an ISO 9001:2015-certified company
This email is confidential, for recipient’s use only.
From: Dybkowski, AdamX <mailto:adamx.dybkowski@intel.com>
Sent: Wednesday, October 16, 2019 2:49 PM
To: mailto:users@dpdk.org; Naveen Kumar <mailto:Naveen.Kumar@commagility.com>
Cc: Trahe, Fiona <mailto:fiona.trahe@intel.com>
Subject: Re: [dpdk-users] AES "Digest-encrypted" crypto chain case.
Hi Naveen.
Regarding your message sent to dpdk-users mailing list:
https://mails.dpdk.org/archives/users/2019-September/004382.html
We’ve tested here at Intel the digest-encrypted combination you wrote about, with auth.algo = AES-CMAC and cipher.algo = AES-CTR, and it seems everything works fine.
Do you set the length fields properly when creating the operation? According to the header file rte_crypto_sym.h, in the structure rte_crypto_sym_op, the field cipher.data.length should be written in bits for the SNOW 3G, KASUMI and ZUC ciphers, and in bytes for other.
Have a look what the header file says:
uint32_t length;
/**< The message length, in bytes, of the
* source buffer on which the cryptographic
* operation will be computed.
* This must be a multiple of the block size
* if a block cipher is being used. This is
* also the same as the result length.
*
* @note
* For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
* KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
* and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
* this field should be in bits.
*/
This also gets built into the documentation available here:
https://doc.dpdk.org/api-19.08/structrte__crypto__sym__op.html#aebb70c2aab3407a9f05334c47131a43b
Maybe that’s why SNOW3G and ZUC were working for you, while AES-CTR did not?
The same applies to the offset field and to digest.data.offset and digest.data.length fields.
Please verify in your code how you set these all offset and length fields and check if you write the number of bits or the number of bytes in them.
Adam
next prev parent reply other threads:[~2019-10-17 15:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-16 12:48 Dybkowski, AdamX
[not found] ` <9836169a72be40328d96c3c08e78ad3d@de-mta1.commagility.com>
2019-10-17 15:30 ` Naveen Kumar [this message]
2019-10-18 13:19 ` Dybkowski, AdamX
2019-11-05 11:17 ` Naveen Kumar
-- strict thread matches above, loose matches on Subject: below --
2019-09-09 9:15 Naveen Kumar
2019-09-09 14:08 ` Trahe, Fiona
2019-09-09 14:27 ` Naveen Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=683218edf0b342c8a94486d84c29b16e@de-mta1.commagility.com \
--to=naveen.kumar@commagility.com \
--cc=adamx.dybkowski@intel.com \
--cc=fiona.trahe@intel.com \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).