[PATCH v2 0/3] Fix iv sizes in crypto drivers capabilities

[PATCH v2 0/3] Fix iv sizes in crypto drivers capabilities

[Arek Kusztal]

This patchset fixes iv (initialization vector) size values in qat
and aesni gcm pmds to be conformant with nist SP800-38D.

v2:
- added missing signed-off-by line

Arek Kusztal (3):
  crypto/aesni_gcm: fix J0 padding bytes for GCM
  crypto/aesni_gcm: fix iv size in PMD capabilities
  crypto/qat: fix iv size in PMD capabilities

 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c     | 4 +++-
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
 drivers/crypto/qat/qat_crypto.c              | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

-- 
2.1.0

[PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes for GCM

[Arek Kusztal]

This commit fixes pre-counter block (J0) padding by clearing
four most significant bytes before setting initial counter value.

Fixes: b2bb3597470c ("crypto/aesni_gcm: move pre-counter block to driver")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
index dba5e15..af3d60f 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
@@ -40,6 +40,7 @@
 #include <rte_vdev.h>
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
+#include <rte_byteorder.h>
 
 #include "aesni_gcm_pmd_private.h"
 
@@ -241,7 +242,8 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp, struct rte_crypto_sym_op *op,
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
 	if (op->cipher.iv.length == 12) {
-		op->cipher.iv.data[15] = 1;
+		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
+		*iv_padd = rte_bswap32(1);
 	}
 
 	if (op->auth.aad.length != 12 && op->auth.aad.length != 8 &&
-- 
2.1.0

[PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD capabilities

[Arek Kusztal]

This patch sets iv size in aesni gcm PMD to 12 bytes to be
conformant with nist SP800-38D.

Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
index e824d4b..c51f82a 100644
--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
@@ -77,8 +77,8 @@ static const struct rte_cryptodev_capabilities aesni_gcm_pmd_capabilities[] = {
 					.increment = 0
 				},
 				.iv_size = {
-					.min = 16,
-					.max = 16,
+					.min = 12,
+					.max = 12,
 					.increment = 0
 				}
 			}, }
-- 
2.1.0

[PATCH v2 3/3] crypto/qat: fix iv size in PMD capabilities

[Arek Kusztal]

This patch sets iv size in qat PMD to 12 bytes to be
conformant with nist SP800-38D.

Fixes: 26c2e4ad5ad4 ("cryptodev: add capabilities discovery")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/qat/qat_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index fa78c60..0b714ad 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -303,8 +303,8 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.iv_size = {
-					.min = 16,
-					.max = 16,
+					.min = 12,
+					.max = 12,
 					.increment = 0
 				}
 			}, }
-- 
2.1.0

Re: [PATCH v2 3/3] crypto/qat: fix iv size in PMD capabilities

[Trahe, Fiona]

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, December 23, 2016 8:25 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Griffin, John <john.griffin@intel.com>;
> Jain, Deepak K <deepak.k.jain@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 3/3] crypto/qat: fix iv size in PMD capabilities
> 
> This patch sets iv size in qat PMD to 12 bytes to be
> conformant with nist SP800-38D.
> 
> Fixes: 26c2e4ad5ad4 ("cryptodev: add capabilities discovery")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

Re: [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes for GCM

[Azarewicz, PiotrX T]

Hi Arek,

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Arek Kusztal
> Sent: Friday, December 23, 2016 9:25 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Griffin, John <john.griffin@intel.com>;
> Jain, Deepak K <deepak.k.jain@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [dpdk-dev] [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes
> for GCM
> 
> This commit fixes pre-counter block (J0) padding by clearing four most
> significant bytes before setting initial counter value.
> 
> Fixes: b2bb3597470c ("crypto/aesni_gcm: move pre-counter block to driver")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> index dba5e15..af3d60f 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> @@ -40,6 +40,7 @@
>  #include <rte_vdev.h>
>  #include <rte_malloc.h>
>  #include <rte_cpuflags.h>
> +#include <rte_byteorder.h>
> 
>  #include "aesni_gcm_pmd_private.h"
> 
> @@ -241,7 +242,8 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> struct rte_crypto_sym_op *op,
>  	 * to set BE LSB to 1, driver expects that 16B is allocated

I think that 16B expected by driver while only 12B IV is supported is not clear from user perspective.
I think that we should expect 12B only and allocate 16B locally.

>  	 */
>  	if (op->cipher.iv.length == 12) {
> -		op->cipher.iv.data[15] = 1;
> +		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
> +		*iv_padd = rte_bswap32(1);

Should not be that the last byte (number 15) always be set to 1?

>  	}
> 
>  	if (op->auth.aad.length != 12 && op->auth.aad.length != 8 &&
> --
> 2.1.0

Re: [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD capabilities

[Azarewicz, PiotrX T]

> Subject: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD
> capabilities
> 
> This patch sets iv size in aesni gcm PMD to 12 bytes to be conformant with
> nist SP800-38D.
> 
> Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto
> operations")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> index e824d4b..c51f82a 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> @@ -77,8 +77,8 @@ static const struct rte_cryptodev_capabilities
> aesni_gcm_pmd_capabilities[] = {
>  					.increment = 0
>  				},
>  				.iv_size = {
> -					.min = 16,
> -					.max = 16,
> +					.min = 12,
> +					.max = 12,
>  					.increment = 0
>  				}
>  			}, }

I think that we should also remove 16 na 0 bytes allowed in process_gcm_crypto_op() function:
	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
			op->cipher.iv.length != 0) {
		GCM_LOG_ERR("iv");
		return -1;
	}

Regards,
Piotr

Re: [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes for GCM

[Azarewicz, PiotrX T]

Hi Arek,

> > Subject: [dpdk-dev] [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding
> > bytes for GCM
> >
> > This commit fixes pre-counter block (J0) padding by clearing four most
> > significant bytes before setting initial counter value.
> >
> > Fixes: b2bb3597470c ("crypto/aesni_gcm: move pre-counter block to
> > driver")
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> > index dba5e15..af3d60f 100644
> > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> > @@ -40,6 +40,7 @@
> >  #include <rte_vdev.h>
> >  #include <rte_malloc.h>
> >  #include <rte_cpuflags.h>
> > +#include <rte_byteorder.h>
> >
> >  #include "aesni_gcm_pmd_private.h"
> >
> > @@ -241,7 +242,8 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> > struct rte_crypto_sym_op *op,
> >  	 * to set BE LSB to 1, driver expects that 16B is allocated
> 
> I think that 16B expected by driver while only 12B IV is supported is not clear
> from user perspective.
> I think that we should expect 12B only and allocate 16B locally.

I didn't notice that this exception is also described in rte_crypto_sym.h, so this is fine.

> 
> >  	 */
> >  	if (op->cipher.iv.length == 12) {
> > -		op->cipher.iv.data[15] = 1;
> > +		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
> > +		*iv_padd = rte_bswap32(1);
> 
> Should not be that the last byte (number 15) always be set to 1?

I didn't notice that this code will always run in little-endian machine, so this is fine too.

> 
> >  	}
> >
> >  	if (op->auth.aad.length != 12 && op->auth.aad.length != 8 &&
> > --
> > 2.1.0

Acked-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>

Re: [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD capabilities

[Azarewicz, PiotrX T]

> Subject: Re: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD
> capabilities
> 
> > Subject: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in
> > PMD capabilities
> >
> > This patch sets iv size in aesni gcm PMD to 12 bytes to be conformant
> > with nist SP800-38D.
> >
> > Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto
> > operations")
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > index e824d4b..c51f82a 100644
> > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > @@ -77,8 +77,8 @@ static const struct rte_cryptodev_capabilities
> > aesni_gcm_pmd_capabilities[] = {
> >  					.increment = 0
> >  				},
> >  				.iv_size = {
> > -					.min = 16,
> > -					.max = 16,
> > +					.min = 12,
> > +					.max = 12,
> >  					.increment = 0
> >  				}
> >  			}, }
> 
> I think that we should also remove 16 na 0 bytes allowed in
> process_gcm_crypto_op() function:
> 	if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
> 			op->cipher.iv.length != 0) {
> 		GCM_LOG_ERR("iv");
> 		return -1;
> 	}

I found this notice about IV in rte_crypto_sym.h :
			 * - For GCM mode, this is either the IV (if the length
			 * is 96 bits) or J0 (for other sizes), where J0 is as
			 * defined by NIST SP800-38D. Regardless of the IV
			 * length, a full 16 bytes needs to be allocated.
So it is fine to leave unchanged above code.

Acked-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>

Re: [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes for GCM

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Azarewicz, PiotrX T
> Sent: Monday, January 02, 2017 8:51 AM
> To: Azarewicz, PiotrX T; Kusztal, ArkadiuszX; dev@dpdk.org
> Cc: Trahe, Fiona; De Lara Guarch, Pablo; Griffin, John; Jain, Deepak K;
> Doherty, Declan; Kusztal, ArkadiuszX
> Subject: RE: [dpdk-dev] [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding
> bytes for GCM
> 
> Hi Arek,
> 
> > > Subject: [dpdk-dev] [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding
> > > bytes for GCM
> > >
> > > This commit fixes pre-counter block (J0) padding by clearing four most
> > > significant bytes before setting initial counter value.
> > >
> > > Fixes: b2bb3597470c ("crypto/aesni_gcm: move pre-counter block to
> > > driver")
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

This should be CC'd to the stable subtree. I will do it for you this time.

Thanks,
Pablo

Re: [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes for GCM

[De Lara Guarch, Pablo]

CC'ing stable mailing list.

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, December 23, 2016 8:25 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona; De Lara Guarch, Pablo; Griffin, John; Jain, Deepak K;
> Doherty, Declan; Kusztal, ArkadiuszX
> Subject: [PATCH v2 1/3] crypto/aesni_gcm: fix J0 padding bytes for GCM
> 
> This commit fixes pre-counter block (J0) padding by clearing
> four most significant bytes before setting initial counter value.
> 
> Fixes: b2bb3597470c ("crypto/aesni_gcm: move pre-counter block to
> driver")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> index dba5e15..af3d60f 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> @@ -40,6 +40,7 @@
>  #include <rte_vdev.h>
>  #include <rte_malloc.h>
>  #include <rte_cpuflags.h>
> +#include <rte_byteorder.h>
> 
>  #include "aesni_gcm_pmd_private.h"
> 
> @@ -241,7 +242,8 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp,
> struct rte_crypto_sym_op *op,
>  	 * to set BE LSB to 1, driver expects that 16B is allocated
>  	 */
>  	if (op->cipher.iv.length == 12) {
> -		op->cipher.iv.data[15] = 1;
> +		uint32_t *iv_padd = (uint32_t *)&op->cipher.iv.data[12];
> +		*iv_padd = rte_bswap32(1);
>  	}
> 
>  	if (op->auth.aad.length != 12 && op->auth.aad.length != 8 &&
> --
> 2.1.0

Re: [PATCH v2 3/3] crypto/qat: fix iv size in PMD capabilities

[De Lara Guarch, Pablo]

CC'ing stable mailing list.

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, December 23, 2016 8:25 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona; De Lara Guarch, Pablo; Griffin, John; Jain, Deepak K;
> Doherty, Declan; Kusztal, ArkadiuszX
> Subject: [PATCH v2 3/3] crypto/qat: fix iv size in PMD capabilities
> 
> This patch sets iv size in qat PMD to 12 bytes to be
> conformant with nist SP800-38D.
> 
> Fixes: 26c2e4ad5ad4 ("cryptodev: add capabilities discovery")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  drivers/crypto/qat/qat_crypto.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/qat/qat_crypto.c
> b/drivers/crypto/qat/qat_crypto.c
> index fa78c60..0b714ad 100644
> --- a/drivers/crypto/qat/qat_crypto.c
> +++ b/drivers/crypto/qat/qat_crypto.c
> @@ -303,8 +303,8 @@ static const struct rte_cryptodev_capabilities
> qat_pmd_capabilities[] = {
>  					.increment = 8
>  				},
>  				.iv_size = {
> -					.min = 16,
> -					.max = 16,
> +					.min = 12,
> +					.max = 12,
>  					.increment = 0
>  				}
>  			}, }
> --
> 2.1.0

Re: [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD capabilities

[De Lara Guarch, Pablo]

CC'ing stable mailing list.

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, December 23, 2016 8:25 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona; De Lara Guarch, Pablo; Griffin, John; Jain, Deepak K;
> Doherty, Declan; Kusztal, ArkadiuszX
> Subject: [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD capabilities
> 
> This patch sets iv size in aesni gcm PMD to 12 bytes to be
> conformant with nist SP800-38D.
> 
> Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto
> operations")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> index e824d4b..c51f82a 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> @@ -77,8 +77,8 @@ static const struct rte_cryptodev_capabilities
> aesni_gcm_pmd_capabilities[] = {
>  					.increment = 0
>  				},
>  				.iv_size = {
> -					.min = 16,
> -					.max = 16,
> +					.min = 12,
> +					.max = 12,
>  					.increment = 0
>  				}
>  			}, }
> --
> 2.1.0

Re: [PATCH v2 0/3] Fix iv sizes in crypto drivers capabilities

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Friday, December 23, 2016 8:25 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona; De Lara Guarch, Pablo; Griffin, John; Jain, Deepak K;
> Doherty, Declan; Kusztal, ArkadiuszX
> Subject: [PATCH v2 0/3] Fix iv sizes in crypto drivers capabilities
> 
> This patchset fixes iv (initialization vector) size values in qat
> and aesni gcm pmds to be conformant with nist SP800-38D.
> 
> v2:
> - added missing signed-off-by line
> 
> Arek Kusztal (3):
>   crypto/aesni_gcm: fix J0 padding bytes for GCM
>   crypto/aesni_gcm: fix iv size in PMD capabilities
>   crypto/qat: fix iv size in PMD capabilities
> 
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c     | 4 +++-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
>  drivers/crypto/qat/qat_crypto.c              | 4 ++--
>  3 files changed, 7 insertions(+), 5 deletions(-)
> 
> --
> 2.1.0

Applied to dpdk-next-crypto.
Thanks,

Pablo