[dpdk-dev] [PATCH 1/3] crypto/aesni_gcm: move pre-counter block to GCM driver

Wed, 21 Sep 2016 10:41:17 +0000 

Hi Pablo,

GCM works with two IV length modes:
First case if - If (len(IV) == 12B) => J0 = iv || 0^31 || 1 => Len = 16B

And according to the API comments rte_crypto_sym.h: 435 (iv.data)
                         * - For GCM mode, this is either the IV (if the length
                         * is 96 bits) or J0 (for other sizes), where J0 is as
                         * defined by NIST SP800-38D. Regardless of the IV
                         * length, a full 16 bytes needs to be allocated.
So there is no worry of overflowing.

Thanks,
Arek


-----Original Message-----
From: De Lara Guarch, Pablo 
Sent: Tuesday, September 20, 2016 10:38 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal at intel.com>; dev at dpdk.org
Cc: Trahe, Fiona <fiona.trahe at intel.com>; Jain, Deepak K <deepak.k.jain at 
intel.com>; Griffin, John <john.griffin at intel.com>
Subject: RE: [PATCH 1/3] crypto/aesni_gcm: move pre-counter block to GCM driver

Hi Arek,

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Thursday, August 25, 2016 5:03 AM
> To: dev at dpdk.org
> Cc: Trahe, Fiona; Jain, Deepak K; De Lara Guarch, Pablo; Griffin, 
> John; Kusztal, ArkadiuszX
> Subject: [PATCH 1/3] crypto/aesni_gcm: move pre-counter block to GCM 
> driver
> 
> This patch moves computing of pre-counter block into the AESNI-GCM 
> driver so it can be moved from test files.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
> ---
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> index dc0b033..d8b6287 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> @@ -230,11 +230,16 @@ process_gcm_crypto_op(struct aesni_gcm_qp *qp, 
> struct rte_crypto_sym_op *op,
>                                       op->cipher.data.offset);
> 
>       /* sanity checks */
> -     if (op->cipher.iv.length != 16 && op->cipher.iv.length != 0) {
> +     if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
> +                     op->cipher.iv.length != 0) {
>               GCM_LOG_ERR("iv");
>               return -1;
>       }
> 
> +     if (op->cipher.iv.length == 12) {
> +             op->cipher.iv.data[15] = 1;
> +     }

Is this correct? In the second patch, you are removing code that set this byte 
when IV length was 16, so I would expect this to be the same. Also, if length 
is 12, then data[15] looks like overflow.
Probably a comment would be useful here.

> +
>       if (op->auth.aad.length != 12 && op->auth.aad.length != 8 &&
>                       op->auth.aad.length != 0) {
>               GCM_LOG_ERR("iv");
> --
> 2.1.0

Reply via email to