From: Petri Savolainen <petri.savolai...@linaro.org> Moved AAD length from crypto operation parameters to session parameters. AAD length is commonly constant per session. Also some implementations (such as DPDK) expect AAD length at session creation time.
Signed-off-by: Petri Savolainen <petri.savolai...@linaro.org> --- /** Email created from pull request 279 (psavol:next-crypto-aad-len) ** https://github.com/Linaro/odp/pull/279 ** Patch: https://github.com/Linaro/odp/pull/279.patch ** Base sha: ba93e355ddf151215aa18b59cbfca08fe175fe65 ** Merge commit sha: ff781f3e6226160b27c67e0099269f4189f3c2f4 **/ include/odp/api/spec/crypto.h | 22 ++++++++++++++-------- .../linux-generic/include/odp_ipsec_internal.h | 6 ++++++ platform/linux-generic/odp_crypto.c | 5 ++--- platform/linux-generic/odp_ipsec.c | 9 --------- platform/linux-generic/odp_ipsec_sad.c | 3 +++ test/validation/api/crypto/odp_crypto_test_inp.c | 16 ++++------------ 6 files changed, 29 insertions(+), 32 deletions(-) diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index ed1fd6784..d03392af4 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -316,6 +316,14 @@ typedef struct odp_crypto_session_param_t { */ uint32_t auth_digest_len; + /** Additional Authenticated Data (AAD) length in bytes + * + * AAD length is constant for all operations (packets) of the session. + * Set to zero when AAD is not used. Use odp_crypto_auth_capability() + * for supported AAD lengths. The default value is zero. + */ + uint32_t auth_aad_len; + /** Async mode completion event queue * * The completion queue is used to return completions from @@ -384,12 +392,11 @@ typedef struct odp_crypto_op_param_t { /** Additional Authenticated Data (AAD) */ struct { - /** Pointer to ADD */ + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ uint8_t *ptr; - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; } aad; /** Data range to apply cipher */ @@ -425,12 +432,11 @@ typedef struct odp_crypto_packet_op_param_t { /** Additional Authenticated Data (AAD) */ struct { - /** Pointer to ADD */ + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ uint8_t *ptr; - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; } aad; /** Data range to apply cipher */ diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index b50b65be6..06447870b 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -177,6 +177,12 @@ typedef struct odp_ipsec_sa_lookup_s { void *dst_addr; } ipsec_sa_lookup_t; +/** IPSEC AAD */ +typedef struct ODP_PACKED { + odp_u32be_t spi; /**< Security Parameter Index */ + odp_u32be_t seq_no; /**< Sequence Number */ +} ipsec_aad_t; + /** * Obtain SA reference */ diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index f34863bf2..aee2535a2 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -447,7 +447,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_packet_t pkt, { EVP_CIPHER_CTX *ctx; const uint8_t *aad_head = param->aad.ptr; - uint32_t aad_len = param->aad.length; + uint32_t aad_len = session->p.auth_aad_len; void *iv_ptr; int dummy_len = 0; uint8_t block[EVP_MAX_MD_SIZE]; @@ -494,7 +494,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_packet_t pkt, { EVP_CIPHER_CTX *ctx; const uint8_t *aad_head = param->aad.ptr; - uint32_t aad_len = param->aad.length; + uint32_t aad_len = session->p.auth_aad_len; int dummy_len = 0; void *iv_ptr; uint8_t block[EVP_MAX_MD_SIZE]; @@ -910,7 +910,6 @@ odp_crypto_operation(odp_crypto_op_param_t *param, packet_param.override_iv_ptr = param->override_iv_ptr; packet_param.hash_result_offset = param->hash_result_offset; packet_param.aad.ptr = param->aad.ptr; - packet_param.aad.length = param->aad.length; packet_param.cipher_range = param->cipher_range; packet_param.auth_range = param->auth_range; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 9533ca422..9535ba54d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -20,11 +20,6 @@ #include <string.h> -typedef struct ODP_PACKED { - odp_u32be_t spi; /**< Security Parameter Index */ - odp_u32be_t seq_no; /**< Sequence Number */ -} ipsec_aad_t; - int odp_ipsec_capability(odp_ipsec_capability_t *capa) { int rc; @@ -358,7 +353,6 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, aad.seq_no = esp.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); param.auth_range.offset = ipsec_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len) - @@ -421,7 +415,6 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, aad.seq_no = ah.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); @@ -787,7 +780,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, aad.seq_no = esp.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); memset(&esptrl, 0, sizeof(esptrl)); esptrl.pad_len = encrypt_len - ip_data_len - _ODP_ESPTRL_LEN; @@ -862,7 +854,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, aad.seq_no = ah.seq_no; param.aad.ptr = (uint8_t *)&aad; - param.aad.length = sizeof(aad); odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 8eaa4f902..3626e2ee4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -195,6 +195,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa_t *ipsec_sa; odp_crypto_session_param_t crypto_param; odp_crypto_ses_create_err_t ses_create_rc; + uint32_t aad_len = 0; ipsec_sa = ipsec_sa_reserve(); if (NULL == ipsec_sa) { @@ -294,6 +295,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) #endif case ODP_AUTH_ALG_AES_GCM: ipsec_sa->icv_len = 16; + aad_len = sizeof(ipsec_aad_t); break; default: goto error; @@ -344,6 +346,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) odp_atomic_init_u64(&ipsec_sa->out.counter, 1); crypto_param.auth_digest_len = ipsec_sa->icv_len; + crypto_param.auth_aad_len = aad_len; if (param->crypto.cipher_key_extra.length) { if (param->crypto.cipher_key_extra.length > diff --git a/test/validation/api/crypto/odp_crypto_test_inp.c b/test/validation/api/crypto/odp_crypto_test_inp.c index 1f7523de2..32275e8c9 100644 --- a/test/validation/api/crypto/odp_crypto_test_inp.c +++ b/test/validation/api/crypto/odp_crypto_test_inp.c @@ -80,7 +80,6 @@ static int alg_op(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -102,7 +101,6 @@ static int alg_op(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -157,7 +155,6 @@ static int alg_packet_op(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -176,7 +173,6 @@ static int alg_packet_op(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -213,7 +209,6 @@ static int alg_packet_op_enq(odp_packet_t pkt, odp_packet_data_range_t *cipher_range, odp_packet_data_range_t *auth_range, uint8_t *aad, - uint32_t aad_len, unsigned int plaintext_len) { int rc; @@ -233,7 +228,6 @@ static int alg_packet_op_enq(odp_packet_t pkt, op_params.override_iv_ptr = op_iv_ptr; op_params.aad.ptr = aad; - op_params.aad.length = aad_len; op_params.hash_result_offset = plaintext_len; @@ -430,6 +424,7 @@ static void alg_test(odp_crypto_op_t op, ses_params.iv = iv; ses_params.auth_key = auth_key; ses_params.auth_digest_len = ref->digest_length; + ses_params.auth_aad_len = ref->aad_length; rc = odp_crypto_session_create(&ses_params, &session, &status); CU_ASSERT_FATAL(!rc); @@ -466,20 +461,17 @@ static void alg_test(odp_crypto_op_t op, rc = alg_op(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); else if (ODP_CRYPTO_ASYNC == suite_context.op_mode) rc = alg_packet_op_enq(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); else rc = alg_packet_op(pkt, &ok, session, ovr_iv ? ref->iv : NULL, &cipher_range, &auth_range, - ref->aad, ref->aad_length, - ref->length); + ref->aad, ref->length); if (rc < 0) { goto cleanup; }
