> Subject: Re: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in PMD
> capabilities
>
> > Subject: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_gcm: fix iv size in
> > PMD capabilities
> >
> > This patch sets iv size in aesni gcm PMD to 12 bytes to be conformant
> > with nist SP800-38D.
> >
> > Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto
> > operations")
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
> > ---
> > drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > index e824d4b..c51f82a 100644
> > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> > @@ -77,8 +77,8 @@ static const struct rte_cryptodev_capabilities
> > aesni_gcm_pmd_capabilities[] = {
> > .increment = 0
> > },
> > .iv_size = {
> > - .min = 16,
> > - .max = 16,
> > + .min = 12,
> > + .max = 12,
> > .increment = 0
> > }
> > }, }
>
> I think that we should also remove 16 na 0 bytes allowed in
> process_gcm_crypto_op() function:
> if (op->cipher.iv.length != 16 && op->cipher.iv.length != 12 &&
> op->cipher.iv.length != 0) {
> GCM_LOG_ERR("iv");
> return -1;
> }
I found this notice about IV in rte_crypto_sym.h :
* - For GCM mode, this is either the IV (if the length
* is 96 bits) or J0 (for other sizes), where J0 is as
* defined by NIST SP800-38D. Regardless of the IV
* length, a full 16 bytes needs to be allocated.
So it is fine to leave unchanged above code.
Acked-by: Piotr Azarewicz <piotrx.t.azarew...@intel.com>
