d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/dpaax_sec: enhance GCM descs to not skip AAD

Browse Source 
The GCM descriptors needlessly skip auth_only_len bytes from output
buffer. Due to this, workarounds have to be made in dpseci driver code.
Also this leads to failing of one cryptodev test case for gcm. In this
patch, we change the descriptor construction and adjust dpaaX_sec
accordingly. The test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg
now passes.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
Vakul Garg 2019-10-14 12:23:24 +05:30 committed by Akhil Goyal
parent 98e8427390
commit 7a4a6da470
3 changed files with 15 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
View File

@ -350,14 +350,13 @@ build_authenc_gcm_sg_fd(dpaa2_sec_session *sess,
DPAA2_SET_FLE_INTERNAL_JD(op_fle, auth_only_len);
op_fle->length = (sess->dir == DIR_ENC) ?
(sym_op->aead.data.length + icv_len + auth_only_len) :
sym_op->aead.data.length + auth_only_len;
(sym_op->aead.data.length + icv_len) :
sym_op->aead.data.length;
/* Configure Output SGE for Encap/Decap */
DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(mbuf));
DPAA2_SET_FLE_OFFSET(sge, mbuf->data_off +
RTE_ALIGN_CEIL(auth_only_len, 16) - auth_only_len);
sge->length = mbuf->data_len - sym_op->aead.data.offset + auth_only_len;
DPAA2_SET_FLE_OFFSET(sge, mbuf->data_off + sym_op->aead.data.offset);
sge->length = mbuf->data_len - sym_op->aead.data.offset;
mbuf = mbuf->next;
/* o/p segs */
@ -510,24 +509,21 @@ build_authenc_gcm_fd(dpaa2_sec_session *sess,
if (auth_only_len)
DPAA2_SET_FLE_INTERNAL_JD(fle, auth_only_len);
fle->length = (sess->dir == DIR_ENC) ?
(sym_op->aead.data.length + icv_len + auth_only_len) :
sym_op->aead.data.length + auth_only_len;
(sym_op->aead.data.length + icv_len) :
sym_op->aead.data.length;
DPAA2_SET_FLE_SG_EXT(fle);
/* Configure Output SGE for Encap/Decap */
DPAA2_SET_FLE_ADDR(sge, DPAA2_MBUF_VADDR_TO_IOVA(dst));
DPAA2_SET_FLE_OFFSET(sge, dst->data_off +
RTE_ALIGN_CEIL(auth_only_len, 16) - auth_only_len);
sge->length = sym_op->aead.data.length + auth_only_len;
DPAA2_SET_FLE_OFFSET(sge, dst->data_off + sym_op->aead.data.offset);
sge->length = sym_op->aead.data.length;
if (sess->dir == DIR_ENC) {
sge++;
DPAA2_SET_FLE_ADDR(sge,
DPAA2_VADDR_TO_IOVA(sym_op->aead.digest.data));
sge->length = sess->digest_length;
DPAA2_SET_FD_LEN(fd, (sym_op->aead.data.length +
sess->iv.length + auth_only_len));
}
DPAA2_SET_FLE_FIN(sge);
@ -566,10 +562,6 @@ build_authenc_gcm_fd(dpaa2_sec_session *sess,
sess->digest_length);
DPAA2_SET_FLE_ADDR(sge, DPAA2_VADDR_TO_IOVA(old_icv));
sge->length = sess->digest_length;
DPAA2_SET_FD_LEN(fd, (sym_op->aead.data.length +
sess->digest_length +
sess->iv.length +
auth_only_len));
}
DPAA2_SET_FLE_FIN(sge);
@ -578,6 +570,7 @@ build_authenc_gcm_fd(dpaa2_sec_session *sess,
DPAA2_SET_FD_INTERNAL_JD(fd, auth_only_len);
}
DPAA2_SET_FD_LEN(fd, fle->length);
return 0;
}

10
drivers/crypto/dpaa2_sec/hw/desc/algo.h
View File

@ -649,11 +649,6 @@ cnstr_shdsc_gcm_encap(uint32_t *descbuf, bool ps, bool swap,
MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
MATHB(p, ZERO, ADD, MATH3, VSEQOUTSZ, 4, 0);
/* skip assoc data */
SEQFIFOSTORE(p, SKIP, 0, 0, VLF);
/* cryptlen = seqinlen - assoclen */
MATHB(p, SEQINSZ, SUB, MATH3, VSEQOUTSZ, 4, 0);
@ -756,11 +751,6 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
MATHB(p, ZERO, ADD, MATH3, VSEQINSZ, 4, 0);
pzeroassocjump1 = JUMP(p, zeroassocjump1, LOCAL_JUMP, ALL_TRUE, MATH_Z);
MATHB(p, ZERO, ADD, MATH3, VSEQOUTSZ, 4, 0);
/* skip assoc data */
SEQFIFOSTORE(p, SKIP, 0, 0, VLF);
/* read assoc data */
SEQFIFOLOAD(p, AAD1, 0, CLASS1 | VLF | FLUSH1);

14
drivers/crypto/dpaa_sec/dpaa_sec.c
View File

@ -1180,10 +1180,9 @@ build_cipher_auth_gcm_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
out_sg = &cf->sg[0];
out_sg->extension = 1;
if (is_encode(ses))
out_sg->length = sym->aead.data.length + ses->auth_only_len
+ ses->digest_length;
out_sg->length = sym->aead.data.length + ses->digest_length;
else
out_sg->length = sym->aead.data.length + ses->auth_only_len;
out_sg->length = sym->aead.data.length;
/* output sg entries */
sg = &cf->sg[2];
@ -1192,9 +1191,8 @@ build_cipher_auth_gcm_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
/* 1st seg */
qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf));
sg->length = mbuf->data_len - sym->aead.data.offset +
ses->auth_only_len;
sg->offset = sym->aead.data.offset - ses->auth_only_len;
sg->length = mbuf->data_len - sym->aead.data.offset;
sg->offset = sym->aead.data.offset;
/* Successive segs */
mbuf = mbuf->next;
@ -1367,8 +1365,8 @@ build_cipher_auth_gcm(struct rte_crypto_op *op, dpaa_sec_session *ses)
sg++;
qm_sg_entry_set64(&cf->sg[0], dpaa_mem_vtop(sg));
qm_sg_entry_set64(sg,
dst_start_addr + sym->aead.data.offset - ses->auth_only_len);
sg->length = sym->aead.data.length + ses->auth_only_len;
dst_start_addr + sym->aead.data.offset);
sg->length = sym->aead.data.length;
length = sg->length;
if (is_encode(ses)) {
cpu_to_hw_sg(sg);