[dpdk-dev] [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality
Declan Doherty
declan.doherty at intel.com
Tue Dec 20 22:16:18 CET 2016
On 19/12/16 17:29, Pablo de Lara wrote:
> Update driver to use new AESNI Multibuffer IPSec library single
> operation functionality (cipher only and authentication only).
> This patch also adds tests for this new feature.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> ---
> app/test/test_cryptodev.c | 34 ++++++++
> app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
> app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
> doc/guides/cryptodevs/aesni_mb.rst | 2 -
> doc/guides/rel_notes/release_17_02.rst | 1 +
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 ++++++++++++++++------
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
> 7 files changed, 172 insertions(+), 59 deletions(-)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index f1f3542..5895d99 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
> }
>
> static int
> +test_AES_cipheronly_mb_all(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + int status;
> +
> + status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> + ts_params->op_mpool, ts_params->valid_devs[0],
> + RTE_CRYPTODEV_AESNI_MB_PMD,
> + BLKCIPHER_AES_CIPHERONLY_TYPE);
> +
> + TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> + return TEST_SUCCESS;
> +}
> +
> +static int
> +test_authonly_mb_all(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + int status;
> +
> + status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> + ts_params->op_mpool, ts_params->valid_devs[0],
> + RTE_CRYPTODEV_AESNI_MB_PMD,
> + BLKCIPHER_AUTHONLY_TYPE);
> +
> + TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> + return TEST_SUCCESS;
> +}
> +
> +static int
> test_AES_chain_mb_all(void)
> {
> struct crypto_testsuite_params *ts_params = &testsuite_params;
> @@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
> .teardown = testsuite_teardown,
> .unit_test_cases = {
> TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
> + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
> + TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
>
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
> index efbe7da..898aae1 100644
> --- a/app/test/test_cryptodev_aes_test_vectors.h
> +++ b/app/test/test_cryptodev_aes_test_vectors.h
> @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
> .test_data = &aes_test_data_4,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CBC Decryption",
> .test_data = &aes_test_data_4,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CBC Encryption",
> .test_data = &aes_test_data_10,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CBC Decryption",
> .test_data = &aes_test_data_10,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CBC Encryption",
> .test_data = &aes_test_data_11,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CBC Decryption",
> .test_data = &aes_test_data_11,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CTR Encryption",
> .test_data = &aes_test_data_1,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CTR Decryption",
> .test_data = &aes_test_data_1,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CTR Encryption",
> .test_data = &aes_test_data_2,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CTR Decryption",
> .test_data = &aes_test_data_2,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CTR Encryption",
> .test_data = &aes_test_data_3,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CTR Decryption",
> .test_data = &aes_test_data_3,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> };
>
> diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
> index 9f095cf..a8f9da0 100644
> --- a/app/test/test_cryptodev_hash_test_vectors.h
> +++ b/app/test/test_cryptodev_hash_test_vectors.h
> @@ -97,7 +97,8 @@ hmac_md5_test_vector = {
> 0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
> 0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
> },
> - .len = 16
> + .len = 16,
> + .truncated_len = 12
> }
> };
>
> @@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
> 0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
> 0x3F, 0x91, 0x64, 0x59
> },
> - .len = 20
> + .len = 20,
> + .truncated_len = 12
> }
> };
>
> @@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
> 0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
> 0x92, 0xF6, 0xAA, 0x19
> },
> - .len = 28
> + .len = 28,
> + .truncated_len = 14
> }
> };
>
> @@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
> 0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
> 0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
> },
> - .len = 32
> + .len = 32,
> + .truncated_len = 16
> }
> };
>
> @@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
> 0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
> 0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
> },
> - .len = 48
> + .len = 48,
> + .truncated_len = 24
> }
> };
>
> @@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
> 0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
> 0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
> },
> - .len = 64
> + .len = 64,
> + .truncated_len = 32
> }
> };
>
> @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-MD5 Digest",
> .test_data = &hmac_md5_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-MD5 Digest Verify",
> .test_data = &hmac_md5_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA1 Digest",
> @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA1 Digest",
> .test_data = &hmac_sha1_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA1 Digest Verify",
> .test_data = &hmac_sha1_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA224 Digest",
> @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA224 Digest",
> .test_data = &hmac_sha224_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA224 Digest Verify",
> .test_data = &hmac_sha224_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA256 Digest",
> @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA256 Digest",
> .test_data = &hmac_sha256_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA256 Digest Verify",
> .test_data = &hmac_sha256_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA384 Digest",
> @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA384 Digest",
> .test_data = &hmac_sha384_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA384 Digest Verify",
> .test_data = &hmac_sha384_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA512 Digest",
> @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA512 Digest",
> .test_data = &hmac_sha512_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA512 Digest Verify",
> .test_data = &hmac_sha512_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> };
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index b47cb6a..cb429d7 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -62,8 +62,6 @@ Limitations
> -----------
>
> * Chained mbufs are not supported.
> -* Hash only is not supported.
> -* Cipher only is not supported.
> * Only in-place is currently supported (destination address is the same as source address).
> * Only supports session-oriented API implementation (session-less APIs are not supported).
>
> diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
> index 4f666df..5aa8a94 100644
> --- a/doc/guides/rel_notes/release_17_02.rst
> +++ b/doc/guides/rel_notes/release_17_02.rst
> @@ -49,6 +49,7 @@ New Features
>
> * The Intel(R) Multi Buffer Crypto for IPsec library used in
> AESNI MB PMD has been moved to a new repository, in github.
> + * Support for single operations (cipher only and authentication only).
>
>
> Resolved Issues
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index 7443b47..bafd4d7 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
> }
>
> /** Get xform chain order */
> -static int
> +static enum aesni_mb_operation
> aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
> {
> - /*
> - * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
> - * operations, all other options are invalid, so we must have exactly
> - * 2 xform structs chained together
> - */
> - if (xform->next == NULL || xform->next->next != NULL)
> - return -1;
> -
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> - return HASH_CIPHER;
> + if (xform == NULL)
> + return AESNI_MB_OP_NOT_SUPPORTED;
> +
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> + if (xform->next == NULL)
> + return AESNI_MB_OP_CIPHER_ONLY;
> + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> + return AESNI_MB_OP_CIPHER_HASH;
> + }
>
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> - return CIPHER_HASH;
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> + if (xform->next == NULL)
> + return AESNI_MB_OP_HASH_ONLY;
> + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> + return AESNI_MB_OP_HASH_CIPHER;
> + }
>
> - return -1;
> + return AESNI_MB_OP_NOT_SUPPORTED;
> }
>
> /** Set session authentication parameters */
> @@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
> {
> hash_one_block_t hash_oneblock_fn;
>
> + if (xform == NULL) {
> + sess->auth.algo = NULL_HASH;
> + return 0;
> + }
> +
> if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
> MB_LOG_ERR("Crypto xform struct not of type auth");
> return -1;
> }
>
> + /* Select auth generate/verify */
> + sess->auth.operation = xform->auth.op;
> +
> /* Set Authentication Parameters */
> if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
> sess->auth.algo = AES_XCBC;
> @@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
> {
> aes_keyexp_t aes_keyexp_fn;
>
> + if (xform == NULL) {
> + sess->cipher.mode = NULL_CIPHER;
> + return 0;
> + }
> +
> if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
> MB_LOG_ERR("Crypto xform struct not of type cipher");
> return -1;
> @@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
>
> /* Select Crypto operation - hash then cipher / cipher then hash */
> switch (aesni_mb_get_chain_order(xform)) {
> - case HASH_CIPHER:
> + case AESNI_MB_OP_HASH_CIPHER:
> sess->chain_order = HASH_CIPHER;
> auth_xform = xform;
> cipher_xform = xform->next;
> break;
> - case CIPHER_HASH:
> + case AESNI_MB_OP_CIPHER_HASH:
> sess->chain_order = CIPHER_HASH;
> auth_xform = xform->next;
> cipher_xform = xform;
> break;
> + case AESNI_MB_OP_HASH_ONLY:
> + sess->chain_order = HASH_CIPHER;
> + auth_xform = xform;
> + cipher_xform = NULL;
> + break;
> + case AESNI_MB_OP_CIPHER_ONLY:
> + /*
> + * Multi buffer library operates only at two modes,
> + * CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
> + * chain order depends on cipher operation: encryption is always
> + * the first operation and decryption the last one.
> + */
> + if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
> + sess->chain_order = CIPHER_HASH;
> + else
> + sess->chain_order = HASH_CIPHER;
> + auth_xform = NULL;
> + cipher_xform = xform;
> + break;
> + case AESNI_MB_OP_NOT_SUPPORTED:
> default:
> MB_LOG_ERR("Unsupported operation chain order parameter");
> return -1;
> @@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
> }
>
> /* Set digest output location */
> - if (job->cipher_direction == DECRYPT) {
> + if (job->hash_alg != NULL_HASH &&
> + session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
> get_digest_byte_length(job->hash_alg));
>
> @@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
> (struct rte_crypto_op *)job->user_data;
> struct rte_mbuf *m_dst =
> (struct rte_mbuf *)job->user_data2;
> + struct aesni_mb_session *sess;
>
> if (op == NULL || m_dst == NULL)
> return NULL;
> @@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
> if (unlikely(job->status != STS_COMPLETED)) {
> op->status = RTE_CRYPTO_OP_STATUS_ERROR;
> return op;
> - } else if (job->chain_order == HASH_CIPHER) {
> - /* Verify digest if required */
> - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
> - job->auth_tag_output_len_in_bytes) != 0)
> - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> -
> - /* trim area used for digest from mbuf */
> - rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
> + } else if (job->hash_alg != NULL_HASH) {
> + sess = (struct aesni_mb_session *)op->sym->session->_private;
> + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> + /* Verify digest if required */
> + if (memcmp(job->auth_tag_output,
> + op->sym->auth.digest.data,
> + job->auth_tag_output_len_in_bytes) != 0)
> + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> +
> + /* trim area used for digest from mbuf */
> + rte_pktmbuf_trim(m_dst,
> + get_digest_byte_length(job->hash_alg));
> + }
> }
>
> /* Free session if a session-less crypto op */
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> index 17f367f..5f125b2 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> @@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
> return auth_digest_byte_lengths[algo];
> }
>
> +enum aesni_mb_operation {
> + AESNI_MB_OP_HASH_CIPHER,
> + AESNI_MB_OP_CIPHER_HASH,
> + AESNI_MB_OP_HASH_ONLY,
> + AESNI_MB_OP_CIPHER_ONLY,
> + AESNI_MB_OP_NOT_SUPPORTED
> +};
>
> /** private data structure for each virtual AESNI device */
> struct aesni_mb_private {
> @@ -185,6 +192,8 @@ struct aesni_mb_session {
> /** Authentication Parameters */
> struct {
> JOB_HASH_ALG algo; /**< Authentication Algorithm */
> + enum rte_crypto_auth_operation operation;
> + /**< auth operation generate or verify */
> union {
> struct {
> uint8_t inner[128] __rte_aligned(16);
>
Acked-by: Declan Doherty <declan.doherty at intel.com>
More information about the dev
mailing list