From patchwork Wed Nov 15 14:00:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118950 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp4352157qgn; Wed, 15 Nov 2017 06:04:14 -0800 (PST) X-Google-Smtp-Source: AGs4zMZMwc44U19U4BAEmV2ugRfSEtWxhK9tABu8scIgY/L5i+FM46o7LtQQ4nen4rfiBb7q7XLF X-Received: by 10.200.20.146 with SMTP id l18mr24250460qtj.189.1510754654529; Wed, 15 Nov 2017 06:04:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510754654; cv=none; d=google.com; s=arc-20160816; b=uADL92j4f1TAH3Gc3K2HnvhxvBBvaW+cTLh3KSYQAG96XdD2NlFndNWTECoA5M6Ldh v1t0P/bCXeblpjnl+koG3sxUarLN6F2wKTseKO1B6iCcZhnhvPPdxqz9ZpYV6Fj173ai G/0EyyEfpVqgTlQvw3HM3eslhuum+cOT+cA7zfJb28Cul0bsgL1+6hPSu5Jz0E0vTV3x kaZ3CEAHn+1MxiynDy9ZVhUE9DY0MDRPHVWfD+dQ8rdIJvR4xBdmDz+GIgHSINHf7dwe F1PHuGheIfpbMc7CZ1dYvgFDMcODFJ5dTDy+XO6LPbVzMjvf9jk26SZLzowne+tK+NHF Yqtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=21nb33JFZmjOURefJm2FqQu7G+utIQuyrfg9P/daS2M=; b=FJ75ZO8K03jZlpnv1dW1Me52PASRcBvTiJMMpwWjHI3Ab4mvT9DluuYANg4V23lq/C uAST0qFKDn+TVAT/5tJ8pRy5B9yHoUl7MlxKbbaOpGwTS88jvyBI8tcc3kQFhCEbRQ5d E0uTmePdk4Ha2tn5NaA/VxMrc7R+rMcCBIRHaOs3bqq3j767bmFTltJRaZIj3CNthJqO 69yWAbzcUfj0i1hUi5aJshR7Aug+OESOJ/waJMFNcut0DQoQa3ClnsCPJow9cFUHrgWv DM+YDNN+ni/wr/d1exJ23h+LkAY9ZvyK+skSza7XjuETid511k/+UOcWBVrNf80qQOx0 ZvPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id g198si7191499qke.10.2017.11.15.06.04.14; Wed, 15 Nov 2017 06:04:14 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 24C5A6086F; Wed, 15 Nov 2017 14:04:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3D83E60765; Wed, 15 Nov 2017 14:00:36 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 9F52060765; Wed, 15 Nov 2017 14:00:32 +0000 (UTC) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [5.45.198.247]) by lists.linaro.org (Postfix) with ESMTPS id 4DCEF604A1 for ; Wed, 15 Nov 2017 14:00:20 +0000 (UTC) Received: from mxback8j.mail.yandex.net (mxback8j.mail.yandex.net [IPv6:2a02:6b8:0:1619::111]) by forward104j.mail.yandex.net (Yandex) with ESMTP id B18C4446DD for ; Wed, 15 Nov 2017 17:00:18 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback8j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GC5WCbQhiR-0IFGpnCw; Wed, 15 Nov 2017 17:00:18 +0300 Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 18N0vOFpqv-0Ih8RfvQ; Wed, 15 Nov 2017 17:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 15 Nov 2017 17:00:17 +0300 Message-Id: <1510754417-26068-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510754417-26068-1-git-send-email-odpbot@yandex.ru> References: <1510754417-26068-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 279 Subject: [lng-odp] [PATCH API-NEXT v2 1/1] api: crypto: move AAD length to session param X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Petri Savolainen Moved AAD length from crypto operation parameters to session parameters. AAD length is commonly constant per session. Also some implementations (such as DPDK) expect AAD length at session creation time. Signed-off-by: Petri Savolainen --- /** Email created from pull request 279 (psavol:next-crypto-aad-len) ** https://github.com/Linaro/odp/pull/279 ** Patch: https://github.com/Linaro/odp/pull/279.patch ** Base sha: ba93e355ddf151215aa18b59cbfca08fe175fe65 ** Merge commit sha: ff781f3e6226160b27c67e0099269f4189f3c2f4 **/ include/odp/api/spec/crypto.h | 22 ++++++++++++++-------- .../linux-generic/include/odp_ipsec_internal.h | 6 ++++++ platform/linux-generic/odp_crypto.c | 5 ++--- platform/linux-generic/odp_ipsec.c | 9 --------- platform/linux-generic/odp_ipsec_sad.c | 3 +++ test/validation/api/crypto/odp_crypto_test_inp.c | 16 ++++------------ 6 files changed, 29 insertions(+), 32 deletions(-) diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index ed1fd6784..d03392af4 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -316,6 +316,14 @@ typedef struct odp_crypto_session_param_t { */ uint32_t auth_digest_len; + /** Additional Authenticated Data (AAD) length in bytes + * + * AAD length is constant for all operations (packets) of the session. + * Set to zero when AAD is not used. Use odp_crypto_auth_capability() + * for supported AAD lengths. The default value is zero. + */ + uint32_t auth_aad_len; + /** Async mode completion event queue * * The completion queue is used to return completions from @@ -384,12 +392,11 @@ typedef struct odp_crypto_op_param_t { /** Additional Authenticated Data (AAD) */ struct { - /** Pointer to ADD */ + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ uint8_t *ptr; - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; } aad; /** Data range to apply cipher */ @@ -425,12 +432,11 @@ typedef struct odp_crypto_packet_op_param_t { /** Additional Authenticated Data (AAD) */ struct { - /** Pointer to ADD */ + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ uint8_t *ptr; - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; } aad; /** Data range to apply cipher */ diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b50b65be6..06447870b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -177,6 +177,12 @@ typedef struct odp_ipsec_sa_lookup_s { void *dst_addr; } ipsec_sa_lookup_t; +/** IPSEC AAD */ +typedef struct ODP_PACKED { + odp_u32be_t spi; /**< Security Parameter Index */ + odp_u32be_t seq_no; /**< Sequence Number */ +} ipsec_aad_t; + /** * Obtain SA reference */ diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index f34863bf2..aee2535a2 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -447,7 +447,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_packet_t pkt, { EVP_CIPHER_CTX *ctx; const uint8_t *aad_head = param->aad.ptr; - uint32_t aad_len = param->aad.length; + uint32_t aad_len = session->p.auth_aad_len; void *iv_ptr; int dummy_len = 0; uint8_t block[EVP_MAX_MD_SIZE]; @@ -494,7 +494,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_packet_t pkt, { EVP_CIPHER_CTX *ctx; const uint8_t *aad_head = param->aad.ptr; - uint32_t aad_len = param->aad.length; + uint32_t aad_len = session->p.auth_aad_len; int dummy_len = 0; void *iv_ptr; uint8_t block[EVP_MAX_MD_SIZE]; @@ -910,7 +910,6 @@ odp_crypto_operation(odp_crypto_op_param_t *param, packet_param.override_iv_ptr = param->override_iv_ptr; packet_param.hash_result_offset = param->hash_result_offset; packet_param.aad.ptr = param->aad.ptr; - packet_param.aad.length = param->aad.length; packet_param.cipher_range = param->cipher_range; packet_param.auth_range = param->auth_range; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 9533ca422..9535ba54d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -20,11 +20,6 @@ #include -typedef struct ODP_PACKED { - odp_u32be_t spi; /**< Security Parameter Index */ - odp_u32be_t seq_no; /**< Sequence Number */ -} ipsec_aad_t; - int odp_ipsec_capability(odp_ipsec_capability_t *capa) { int rc; @@ -358,7 +353,6 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, aad.seq_no = esp.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); param.auth_range.offset = ipsec_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - @@ -421,7 +415,6 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, aad.seq_no = ah.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); @@ -787,7 +780,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, aad.seq_no = esp.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -862,7 +854,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, aad.seq_no = ah.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 8eaa4f902..3626e2ee4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -195,6 +195,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa_t *ipsec_sa; odp_crypto_session_param_t crypto_param; odp_crypto_ses_create_err_t ses_create_rc; + uint32_t aad_len = 0; ipsec_sa = ipsec_sa_reserve(); if (NULL == ipsec_sa) { @@ -294,6 +295,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) #endif case ODP_AUTH_ALG_AES_GCM: ipsec_sa->icv_len = 16; + aad_len = sizeof(ipsec_aad_t); break; default: goto error; @@ -344,6 +346,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->out.counter, 1); crypto_param.auth_digest_len = ipsec_sa->icv_len; + crypto_param.auth_aad_len = aad_len; if (param->crypto.cipher_key_extra.length) { if (param->crypto.cipher_key_extra.length > diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c index 1f7523de2..32275e8c9 100644 --- a/test/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/validation/api/crypto/odp_crypto_test_inp.c @@ -80,7 +80,6 @@ static int alg_op(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -102,7 +101,6 @@ static int alg_op(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -157,7 +155,6 @@ static int alg_packet_op(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -176,7 +173,6 @@ static int alg_packet_op(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -213,7 +209,6 @@ static int alg_packet_op_enq(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -233,7 +228,6 @@ static int alg_packet_op_enq(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -430,6 +424,7 @@ static void alg_test(odp_crypto_op_t op, ses_params.iv = iv; ses_params.auth_key = auth_key; ses_params.auth_digest_len = ref->digest_length; + ses_params.auth_aad_len = ref->aad_length; rc = odp_crypto_session_create(&ses_params, &session, &status); CU_ASSERT_FATAL(!rc); @@ -466,20 +461,17 @@ static void alg_test(odp_crypto_op_t op, rc = alg_op(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); else if (ODP_CRYPTO_ASYNC == suite_context.op_mode) rc = alg_packet_op_enq(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); else rc = alg_packet_op(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); if (rc < 0) { goto cleanup; }