From patchwork Tue Nov 21 09:00:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 119346 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5001488qgn; Tue, 21 Nov 2017 01:12:37 -0800 (PST) X-Google-Smtp-Source: AGs4zMYrycL+NPAQx6VJFNj41/jsLWS1SkYqCc+WCWGJ3ZGUPODEJmnz85P1MDf2Se+GcSZxcEuv X-Received: by 10.55.181.1 with SMTP id e1mr10188701qkf.19.1511255557695; Tue, 21 Nov 2017 01:12:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511255557; cv=none; d=google.com; s=arc-20160816; b=IQowlMo1i2HJyQcuEI1QgzgNLZYE1OGiHNN+yy84TaMpVYJ+Nqew2aICNdCezsLOvU MEc6YRwo3+E+Kjozzwhw0COZbz/tS4thQ/NbEBdnPyqQvSEHjOP0dNFM7Hp6z49xAXdB p6c6kDbj+m/nflk7ZJYd2cl3IWvwcgV5AiUdSEe7rB5zWoE7x9LpSWqO6Ls0eKbKScch gs6PbewKly40ypEAC0MjHwnjKEsyxNut4Y88juSQThvb7cpVr4qwJ1HG1UgHDUCUCzYW 8NgupAWg2h3eRKfQoyOVYnRiE4j+Cy0ieB6VUFedCjGR7p7nlckrzTeAc64aWBcKmyZd YOwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=00OxPv4H/1CxFM5gxj7qMhlMjzzwHSIc1Xi/+6eu1Yc=; b=w8AC9RL+81TtSj3W8ulTwSU7kHmU8sZ3eFBA/OmCz5y2BxPRFD5vjv+EWtEp1U4UhA 2HHOngaYeqtzDop3DYt5t4JQ4F/18FYETHhQWFuSf8X9XJjvP5pE/5HYYXhoUiY7I48s S/krg5SHY2anUWVsoO4TXVBfDQIE9M9NTiakTcnJtSmDpU+56zR9Letf8puyobUTgs7k wykMaHnpfXXIDWjt3dHG2nbMqHeauQ3b71I1LBQifAxNXso4t2IuSZrMk8Nog8G93j2N yz5V3wJUJ6/2m8FUpTk3LyLJMZG1TRh9clgBrtyNf8BHgDCS6LUTGdmsDXeftUeJ0FcH ID7g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id h184si3374678qkc.426.2017.11.21.01.12.37; Tue, 21 Nov 2017 01:12:37 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2BB20608DD; Tue, 21 Nov 2017 09:12:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 2EB3160973; Tue, 21 Nov 2017 09:03:14 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id EBFF9608E8; Tue, 21 Nov 2017 09:03:06 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id A126A608D5 for ; Tue, 21 Nov 2017 09:00:40 +0000 (UTC) Received: from mxback1j.mail.yandex.net (mxback1j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10a]) by forward101p.mail.yandex.net (Yandex) with ESMTP id CBC6B6A81EF8 for ; Tue, 21 Nov 2017 12:00:38 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback1j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id F83itrcNLS-0chm7YaW; Tue, 21 Nov 2017 12:00:38 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id RJqoPbcEPy-0bvaCCR8; Tue, 21 Nov 2017 12:00:37 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 21 Nov 2017 12:00:34 +0300 Message-Id: <1511254834-21284-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1511254834-21284-1-git-send-email-odpbot@yandex.ru> References: <1511254834-21284-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 279 Subject: [lng-odp] [PATCH API-NEXT v3 1/1] api: crypto: move AAD length to session param X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Petri Savolainen Moved AAD length from crypto operation parameters to session parameters. AAD length is commonly constant per session. Also some implementations (such as DPDK) expect AAD length at session creation time. Signed-off-by: Petri Savolainen --- /** Email created from pull request 279 (psavol:next-crypto-aad-len) ** https://github.com/Linaro/odp/pull/279 ** Patch: https://github.com/Linaro/odp/pull/279.patch ** Base sha: d4b364849c4abb4c71e0c5260e1a793ebb8dc97d ** Merge commit sha: 9c48c61576a7c4e1fcdace4ba118586be906d58f **/ include/odp/api/spec/crypto.h | 22 ++++++++++++++-------- .../linux-generic/include/odp_ipsec_internal.h | 6 ++++++ platform/linux-generic/odp_crypto.c | 5 ++--- platform/linux-generic/odp_ipsec.c | 9 --------- platform/linux-generic/odp_ipsec_sad.c | 3 +++ test/validation/api/crypto/odp_crypto_test_inp.c | 16 ++++------------ 6 files changed, 29 insertions(+), 32 deletions(-) diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index 6a4304d8b..2109509ff 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -333,6 +333,14 @@ typedef struct odp_crypto_session_param_t { */ uint32_t auth_digest_len; + /** Additional Authenticated Data (AAD) length in bytes + * + * AAD length is constant for all operations (packets) of the session. + * Set to zero when AAD is not used. Use odp_crypto_auth_capability() + * for supported AAD lengths. The default value is zero. + */ + uint32_t auth_aad_len; + /** Async mode completion event queue * * The completion queue is used to return completions from @@ -401,12 +409,11 @@ typedef struct odp_crypto_op_param_t { /** Additional Authenticated Data (AAD) */ struct { - /** Pointer to ADD */ + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ uint8_t *ptr; - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; } aad; /** Data range to apply cipher */ @@ -442,12 +449,11 @@ typedef struct odp_crypto_packet_op_param_t { /** Additional Authenticated Data (AAD) */ struct { - /** Pointer to ADD */ + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ uint8_t *ptr; - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; } aad; /** Data range to apply cipher */ diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b50b65be6..06447870b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -177,6 +177,12 @@ typedef struct odp_ipsec_sa_lookup_s { void *dst_addr; } ipsec_sa_lookup_t; +/** IPSEC AAD */ +typedef struct ODP_PACKED { + odp_u32be_t spi; /**< Security Parameter Index */ + odp_u32be_t seq_no; /**< Sequence Number */ +} ipsec_aad_t; + /** * Obtain SA reference */ diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index 67dd3249d..b5f538dd7 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -479,7 +479,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_packet_t pkt, { EVP_CIPHER_CTX *ctx; const uint8_t *aad_head = param->aad.ptr; - uint32_t aad_len = param->aad.length; + uint32_t aad_len = session->p.auth_aad_len; void *iv_ptr; int dummy_len = 0; uint8_t block[EVP_MAX_MD_SIZE]; @@ -526,7 +526,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_packet_t pkt, { EVP_CIPHER_CTX *ctx; const uint8_t *aad_head = param->aad.ptr; - uint32_t aad_len = param->aad.length; + uint32_t aad_len = session->p.auth_aad_len; int dummy_len = 0; void *iv_ptr; uint8_t block[EVP_MAX_MD_SIZE]; @@ -1058,7 +1058,6 @@ odp_crypto_operation(odp_crypto_op_param_t *param, packet_param.override_iv_ptr = param->override_iv_ptr; packet_param.hash_result_offset = param->hash_result_offset; packet_param.aad.ptr = param->aad.ptr; - packet_param.aad.length = param->aad.length; packet_param.cipher_range = param->cipher_range; packet_param.auth_range = param->auth_range; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 0ebc65341..aaa566ca8 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -20,11 +20,6 @@ #include -typedef struct ODP_PACKED { - odp_u32be_t spi; /**< Security Parameter Index */ - odp_u32be_t seq_no; /**< Sequence Number */ -} ipsec_aad_t; - int odp_ipsec_capability(odp_ipsec_capability_t *capa) { int rc; @@ -358,7 +353,6 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, aad.seq_no = esp.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); param.auth_range.offset = ipsec_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - @@ -431,7 +425,6 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, aad.seq_no = ah.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); @@ -798,7 +791,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, aad.seq_no = esp.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -874,7 +866,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, aad.seq_no = ah.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); /* For GMAC */ if (ipsec_sa->use_counter_iv) { diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f1fde5e69..0287d6f73 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -195,6 +195,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa_t *ipsec_sa; odp_crypto_session_param_t crypto_param; odp_crypto_ses_create_err_t ses_create_rc; + uint32_t aad_len = 0; ipsec_sa = ipsec_sa_reserve(); if (NULL == ipsec_sa) { @@ -334,6 +335,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) #endif case ODP_AUTH_ALG_AES_GCM: ipsec_sa->icv_len = 16; + aad_len = sizeof(ipsec_aad_t); break; case ODP_AUTH_ALG_AES_GMAC: if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg) @@ -353,6 +355,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->out.counter, 1); crypto_param.auth_digest_len = ipsec_sa->icv_len; + crypto_param.auth_aad_len = aad_len; if (param->crypto.cipher_key_extra.length) { if (param->crypto.cipher_key_extra.length > diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c index 87f0ed930..cba472ded 100644 --- a/test/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/validation/api/crypto/odp_crypto_test_inp.c @@ -82,7 +82,6 @@ static int alg_op(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -104,7 +103,6 @@ static int alg_op(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -159,7 +157,6 @@ static int alg_packet_op(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -178,7 +175,6 @@ static int alg_packet_op(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -218,7 +214,6 @@ static int alg_packet_op_enq(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -238,7 +233,6 @@ static int alg_packet_op_enq(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -440,6 +434,7 @@ static void alg_test(odp_crypto_op_t op, ses_params.iv = iv; ses_params.auth_key = auth_key; ses_params.auth_digest_len = ref->digest_length; + ses_params.auth_aad_len = ref->aad_length; rc = odp_crypto_session_create(&ses_params, &session, &status); CU_ASSERT_FATAL(!rc); @@ -476,20 +471,17 @@ static void alg_test(odp_crypto_op_t op, rc = alg_op(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); else if (ODP_CRYPTO_ASYNC == suite_context.op_mode) rc = alg_packet_op_enq(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); else rc = alg_packet_op(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); if (rc < 0) { goto cleanup; }