Hi,
Thanks for digging into this issue! Could you propose a patch and associated
unit tests in gerrit?
Best
ben
> -----Original Message-----
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of ???
> Sent: lundi 10 août 2020 10:11
> To: Damjan Marion (damarion) <damar...@cisco.com>
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] vpp19.08.2 crypto_ia32 do not support aes-gcm
> icv_size 8/12 crypto
>
> I get it, in _mm_movemask_epi8, (r == T) should be replaced with
> _mm_cmpeq_epi8 (r, T)
>
>
> /* check tag */
>
> u16 tag_mask = tag_len ? (1 << tag_len) - 1 : 0xffff;
> r = _mm_loadu_si128 ((__m128i *) tag);
> if (_mm_movemask_epi8 (r == T) != tag_mask) { // what
> is this? it will return 0, when tag_len equals 12
> return 0;
> }
>
>
>
>
> -----原始邮件-----
> 发件人:"叶东岗" <y...@wangsu.com>
> 发送时间:2020-08-07 10:37:24 (星期五)
> 收件人: damar...@cisco.com
> 抄送: vpp-dev@lists.fd.io
> 主题: [vpp-dev] vpp19.08.2 crypto_ia32 do not support aes-gcm
> icv_size 8/12 crypto
>
>
>
>
>
>
> VPP19.08.2 crypto_ia32 do not support aes-gcm icv_size 8/12 crypto,
> any ideas?
>
>
>
>
>
>
>
> static_always_inline int
>
> aes_gcm (const u8 * in, u8 * out, const u8 * addt, const u8 * iv, u8
> * tag,
> u32 data_bytes, u32 aad_bytes, u8 tag_len, aes_gcm_key_data_t * kd,
> int aes_rounds, int is_encrypt)
> {
> int i;
> __m128i r, Y0, T = { };
> ghash_data_t _gd, *gd = &_gd;
>
> _mm_prefetch (iv, _MM_HINT_T0);
> _mm_prefetch (in, _MM_HINT_T0);
> _mm_prefetch (in + CLIB_CACHE_LINE_BYTES, _MM_HINT_T0);
>
> /* calculate ghash for AAD - optimized for ipsec common cases */
> if (aad_bytes == 8)
> T = aesni_gcm_ghash (T, kd, (__m128i *) addt, 8);
> else if (aad_bytes == 12)
> T = aesni_gcm_ghash (T, kd, (__m128i *) addt, 12);
> else
> T = aesni_gcm_ghash (T, kd, (__m128i *) addt, aad_bytes);
>
> /* initalize counter */
> Y0 = _mm_loadu_si128 ((__m128i *) iv);
> Y0 = _mm_insert_epi32 (Y0, clib_host_to_net_u32 (1), 3);
>
> /* ghash and encrypt/edcrypt */
> if (is_encrypt)
> T = aesni_gcm_enc (T, kd, Y0, in, out, data_bytes, aes_rounds);
> else
> T = aesni_gcm_dec (T, kd, Y0, in, out, data_bytes, aes_rounds);
>
> _mm_prefetch (tag, _MM_HINT_T0);
>
> /* Finalize ghash */
> r[0] = data_bytes;
> r[1] = aad_bytes;
>
> /* bytes to bits */
> r <<= 3;
>
> /* interleaved computation of final ghash and E(Y0, k) */
> ghash_mul_first (gd, r ^ T, kd->Hi[0]);
> r = kd->Ke[0] ^ Y0;
> for (i = 1; i < 5; i += 1)
> r = _mm_aesenc_si128 (r, kd->Ke[i]);
> ghash_reduce (gd);
> ghash_reduce2 (gd);
> for (; i < 9; i += 1)
> r = _mm_aesenc_si128 (r, kd->Ke[i]);
> T = ghash_final (gd);
> for (; i < aes_rounds; i += 1)
> r = _mm_aesenc_si128 (r, kd->Ke[i]);
> r = _mm_aesenclast_si128 (r, kd->Ke[aes_rounds]);
> T = aesni_gcm_bswap (T) ^ r;
>
> /* tag_len 16 -> 0 */
> tag_len &= 0xf;
>
> if (is_encrypt)
> {
> /* store tag */
> if (tag_len)
> aesni_gcm_store_partial ((__m128i *) tag, T, (1 << tag_len) - 1);
> // must be tag_en
> else
> _mm_storeu_si128 ((__m128i *) tag, T);
> }
> else
> {
> /* check tag */
> u16 tag_mask = tag_len ? (1 << tag_len) - 1 : 0xffff;
> r = _mm_loadu_si128 ((__m128i *) tag);
> if (_mm_movemask_epi8 (r == T) != tag_mask) {
> // what is this? it will return 0, when tag_len equals 12
> return 0;
> }
> }
> return 1;
> }
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#17180): https://lists.fd.io/g/vpp-dev/message/17180
Mute This Topic: https://lists.fd.io/mt/76100481/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
