https://bugs.dpdk.org/show_bug.cgi?id=1669
Bug ID: 1669
Summary: Cannot use ESN with GMAC authentication
Product: DPDK
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: cryptodev
Assignee: dev@dpdk.org
Reporter: arieltra...@gmail.com
Target Milestone: ---
Hi all,
I want to use NULL encryption and AES GMAC with an Extended Sequence Number
(ESN), but it seems like DPDK doesn't support doing so.
According to RFC 4303, only the lower-order 32 bits of an ESN are stored in the
packet itself. The whole ESN is passed in separately, as part of the Additional
Authenticated Data (AAD).
DPDK allows you to set this AAD for AEAD encryption modes by adjusting
rte_crypto_op->sym->aead.aad.data and rte_crypto_op->sym->aead.aad.phys_addr.
However, DPDK treats AES GMAC as a separate authentication transform, not as an
AEAD transform with null plaintext. If you aren't using AEAD encryption, there
doesn't seem to be any way to include AAD, either in the crypto op or in the
rte_crypto_auth_xform struct.
As such, you can't supply an ESN without including it in the packet itself,
which violates RFC 4303:2.2.1, or copying the whole packet + ESN to another
buffer just to authenticate.
I'm a new DPDK developer, so apologies if I misunderstood the situation. I did
my best to carefully read all of the crypto examples and even investigated the
implementation of some of the drivers to see how they handle AES GMAC. So far I
have found no clues.
--
You are receiving this mail because:
You are the assignee for the bug.
