[dpdk-dev] [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality

Declan Doherty declan.doherty at intel.com
Tue Dec 20 22:16:18 CET 2016
Previous message: [dpdk-dev] [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality
Next message: [dpdk-dev] [PATCH v3 4/4] doc: add missing supported algos for AESNI MB PMD
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 19/12/16 17:29, Pablo de Lara wrote:
> Update driver to use new AESNI Multibuffer IPSec library single
> operation functionality (cipher only and authentication only).
> This patch also adds tests for this new feature.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> ---
>  app/test/test_cryptodev.c                          | 34 ++++++++
>  app/test/test_cryptodev_aes_test_vectors.h         | 36 +++++---
>  app/test/test_cryptodev_hash_test_vectors.h        | 54 ++++++++----
>  doc/guides/cryptodevs/aesni_mb.rst                 |  2 -
>  doc/guides/rel_notes/release_17_02.rst             |  1 +
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         | 95 ++++++++++++++++------
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |  9 ++
>  7 files changed, 172 insertions(+), 59 deletions(-)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index f1f3542..5895d99 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
>  }
>
>  static int
> +test_AES_cipheronly_mb_all(void)
> +{
> +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> +	int status;
> +
> +	status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> +		ts_params->op_mpool, ts_params->valid_devs[0],
> +		RTE_CRYPTODEV_AESNI_MB_PMD,
> +		BLKCIPHER_AES_CIPHERONLY_TYPE);
> +
> +	TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> +	return TEST_SUCCESS;
> +}
> +
> +static int
> +test_authonly_mb_all(void)
> +{
> +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> +	int status;
> +
> +	status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> +		ts_params->op_mpool, ts_params->valid_devs[0],
> +		RTE_CRYPTODEV_AESNI_MB_PMD,
> +		BLKCIPHER_AUTHONLY_TYPE);
> +
> +	TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> +	return TEST_SUCCESS;
> +}
> +
> +static int
>  test_AES_chain_mb_all(void)
>  {
>  	struct crypto_testsuite_params *ts_params = &testsuite_params;
> @@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite  = {
>  	.teardown = testsuite_teardown,
>  	.unit_test_cases = {
>  		TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
> +		TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
> +		TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
>
>  		TEST_CASES_END() /**< NULL terminate unit test array */
>  	}
> diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
> index efbe7da..898aae1 100644
> --- a/app/test/test_cryptodev_aes_test_vectors.h
> +++ b/app/test/test_cryptodev_aes_test_vectors.h
> @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
>  		.test_data = &aes_test_data_4,
>  		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-128-CBC Decryption",
>  		.test_data = &aes_test_data_4,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-192-CBC Encryption",
>  		.test_data = &aes_test_data_10,
>  		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-192-CBC Decryption",
>  		.test_data = &aes_test_data_10,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-256-CBC Encryption",
>  		.test_data = &aes_test_data_11,
>  		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-256-CBC Decryption",
>  		.test_data = &aes_test_data_11,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-128-CTR Encryption",
>  		.test_data = &aes_test_data_1,
>  		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-128-CTR Decryption",
>  		.test_data = &aes_test_data_1,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-192-CTR Encryption",
>  		.test_data = &aes_test_data_2,
>  		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-192-CTR Decryption",
>  		.test_data = &aes_test_data_2,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-256-CTR Encryption",
>  		.test_data = &aes_test_data_3,
>  		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "AES-256-CTR Decryption",
>  		.test_data = &aes_test_data_3,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> -			BLOCKCIPHER_TEST_TARGET_PMD_QAT
> +			BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  };
>
> diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
> index 9f095cf..a8f9da0 100644
> --- a/app/test/test_cryptodev_hash_test_vectors.h
> +++ b/app/test/test_cryptodev_hash_test_vectors.h
> @@ -97,7 +97,8 @@ hmac_md5_test_vector = {
>  			0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
>  			0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
>  		},
> -		.len = 16
> +		.len = 16,
> +		.truncated_len = 12
>  	}
>  };
>
> @@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
>  			0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
>  			0x3F, 0x91, 0x64, 0x59
>  		},
> -		.len = 20
> +		.len = 20,
> +		.truncated_len = 12
>  	}
>  };
>
> @@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
>  			0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
>  			0x92, 0xF6, 0xAA, 0x19
>  		},
> -		.len = 28
> +		.len = 28,
> +		.truncated_len = 14
>  	}
>  };
>
> @@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
>  			0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
>  			0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
>  		},
> -		.len = 32
> +		.len = 32,
> +		.truncated_len = 16
>  	}
>  };
>
> @@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
>  			0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
>  			0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
>  		},
> -		.len = 48
> +		.len = 48,
> +		.truncated_len = 24
>  	}
>  };
>
> @@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
>  			0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
>  			0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
>  		},
> -		.len = 64
> +		.len = 64,
> +		.truncated_len = 32
>  	}
>  };
>
> @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
>  		.test_descr = "HMAC-MD5 Digest",
>  		.test_data = &hmac_md5_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "HMAC-MD5 Digest Verify",
>  		.test_data = &hmac_md5_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "SHA1 Digest",
> @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
>  		.test_descr = "HMAC-SHA1 Digest",
>  		.test_data = &hmac_sha1_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "HMAC-SHA1 Digest Verify",
>  		.test_data = &hmac_sha1_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "SHA224 Digest",
> @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
>  		.test_descr = "HMAC-SHA224 Digest",
>  		.test_data = &hmac_sha224_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "HMAC-SHA224 Digest Verify",
>  		.test_data = &hmac_sha224_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "SHA256 Digest",
> @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
>  		.test_descr = "HMAC-SHA256 Digest",
>  		.test_data = &hmac_sha256_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "HMAC-SHA256 Digest Verify",
>  		.test_data = &hmac_sha256_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "SHA384 Digest",
> @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
>  		.test_descr = "HMAC-SHA384 Digest",
>  		.test_data = &hmac_sha384_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "HMAC-SHA384 Digest Verify",
>  		.test_data = &hmac_sha384_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "SHA512 Digest",
> @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
>  		.test_descr = "HMAC-SHA512 Digest",
>  		.test_data = &hmac_sha512_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  	{
>  		.test_descr = "HMAC-SHA512 Digest Verify",
>  		.test_data = &hmac_sha512_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> -		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> +		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> +			BLOCKCIPHER_TEST_TARGET_PMD_MB
>  	},
>  };
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index b47cb6a..cb429d7 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -62,8 +62,6 @@ Limitations
>  -----------
>
>  * Chained mbufs are not supported.
> -* Hash only is not supported.
> -* Cipher only is not supported.
>  * Only in-place is currently supported (destination address is the same as source address).
>  * Only supports session-oriented API implementation (session-less APIs are not supported).
>
> diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
> index 4f666df..5aa8a94 100644
> --- a/doc/guides/rel_notes/release_17_02.rst
> +++ b/doc/guides/rel_notes/release_17_02.rst
> @@ -49,6 +49,7 @@ New Features
>
>    * The Intel(R) Multi Buffer Crypto for IPsec library used in
>      AESNI MB PMD has been moved to a new repository, in github.
> +  * Support for single operations (cipher only and authentication only).
>
>
>  Resolved Issues
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index 7443b47..bafd4d7 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
>  }
>
>  /** Get xform chain order */
> -static int
> +static enum aesni_mb_operation
>  aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
>  {
> -	/*
> -	 * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
> -	 * operations, all other options are invalid, so we must have exactly
> -	 * 2 xform structs chained together
> -	 */
> -	if (xform->next == NULL || xform->next->next != NULL)
> -		return -1;
> -
> -	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> -			xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> -		return HASH_CIPHER;
> +	if (xform == NULL)
> +		return AESNI_MB_OP_NOT_SUPPORTED;
> +
> +	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> +		if (xform->next == NULL)
> +			return AESNI_MB_OP_CIPHER_ONLY;
> +		if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> +			return AESNI_MB_OP_CIPHER_HASH;
> +	}
>
> -	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> -				xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> -		return CIPHER_HASH;
> +	if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> +		if (xform->next == NULL)
> +			return AESNI_MB_OP_HASH_ONLY;
> +		if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> +			return AESNI_MB_OP_HASH_CIPHER;
> +	}
>
> -	return -1;
> +	return AESNI_MB_OP_NOT_SUPPORTED;
>  }
>
>  /** Set session authentication parameters */
> @@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
>  {
>  	hash_one_block_t hash_oneblock_fn;
>
> +	if (xform == NULL) {
> +		sess->auth.algo = NULL_HASH;
> +		return 0;
> +	}
> +
>  	if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
>  		MB_LOG_ERR("Crypto xform struct not of type auth");
>  		return -1;
>  	}
>
> +	/* Select auth generate/verify */
> +	sess->auth.operation = xform->auth.op;
> +
>  	/* Set Authentication Parameters */
>  	if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
>  		sess->auth.algo = AES_XCBC;
> @@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
>  {
>  	aes_keyexp_t aes_keyexp_fn;
>
> +	if (xform == NULL) {
> +		sess->cipher.mode = NULL_CIPHER;
> +		return 0;
> +	}
> +
>  	if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
>  		MB_LOG_ERR("Crypto xform struct not of type cipher");
>  		return -1;
> @@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
>
>  	/* Select Crypto operation - hash then cipher / cipher then hash */
>  	switch (aesni_mb_get_chain_order(xform)) {
> -	case HASH_CIPHER:
> +	case AESNI_MB_OP_HASH_CIPHER:
>  		sess->chain_order = HASH_CIPHER;
>  		auth_xform = xform;
>  		cipher_xform = xform->next;
>  		break;
> -	case CIPHER_HASH:
> +	case AESNI_MB_OP_CIPHER_HASH:
>  		sess->chain_order = CIPHER_HASH;
>  		auth_xform = xform->next;
>  		cipher_xform = xform;
>  		break;
> +	case AESNI_MB_OP_HASH_ONLY:
> +		sess->chain_order = HASH_CIPHER;
> +		auth_xform = xform;
> +		cipher_xform = NULL;
> +		break;
> +	case AESNI_MB_OP_CIPHER_ONLY:
> +		/*
> +		 * Multi buffer library operates only at two modes,
> +		 * CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
> +		 * chain order depends on cipher operation: encryption is always
> +		 * the first operation and decryption the last one.
> +		 */
> +		if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
> +			sess->chain_order = CIPHER_HASH;
> +		else
> +			sess->chain_order = HASH_CIPHER;
> +		auth_xform = NULL;
> +		cipher_xform = xform;
> +		break;
> +	case AESNI_MB_OP_NOT_SUPPORTED:
>  	default:
>  		MB_LOG_ERR("Unsupported operation chain order parameter");
>  		return -1;
> @@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
>  	}
>
>  	/* Set digest output location */
> -	if (job->cipher_direction == DECRYPT) {
> +	if (job->hash_alg != NULL_HASH &&
> +			session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
>  		job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
>  				get_digest_byte_length(job->hash_alg));
>
> @@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
>  			(struct rte_crypto_op *)job->user_data;
>  	struct rte_mbuf *m_dst =
>  			(struct rte_mbuf *)job->user_data2;
> +	struct aesni_mb_session *sess;
>
>  	if (op == NULL || m_dst == NULL)
>  		return NULL;
> @@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
>  	if (unlikely(job->status != STS_COMPLETED)) {
>  		op->status = RTE_CRYPTO_OP_STATUS_ERROR;
>  		return op;
> -	} else if (job->chain_order == HASH_CIPHER) {
> -		/* Verify digest if required */
> -		if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
> -				job->auth_tag_output_len_in_bytes) != 0)
> -			op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> -
> -		/* trim area used for digest from mbuf */
> -		rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
> +	} else if (job->hash_alg != NULL_HASH) {
> +		sess = (struct aesni_mb_session *)op->sym->session->_private;
> +		if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> +			/* Verify digest if required */
> +			if (memcmp(job->auth_tag_output,
> +					op->sym->auth.digest.data,
> +					job->auth_tag_output_len_in_bytes) != 0)
> +				op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> +
> +			/* trim area used for digest from mbuf */
> +			rte_pktmbuf_trim(m_dst,
> +					get_digest_byte_length(job->hash_alg));
> +		}
>  	}
>
>  	/* Free session if a session-less crypto op */
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> index 17f367f..5f125b2 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> @@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
>  	return auth_digest_byte_lengths[algo];
>  }
>
> +enum aesni_mb_operation {
> +	AESNI_MB_OP_HASH_CIPHER,
> +	AESNI_MB_OP_CIPHER_HASH,
> +	AESNI_MB_OP_HASH_ONLY,
> +	AESNI_MB_OP_CIPHER_ONLY,
> +	AESNI_MB_OP_NOT_SUPPORTED
> +};
>
>  /** private data structure for each virtual AESNI device */
>  struct aesni_mb_private {
> @@ -185,6 +192,8 @@ struct aesni_mb_session {
>  	/** Authentication Parameters */
>  	struct {
>  		JOB_HASH_ALG algo; /**< Authentication Algorithm */
> +		enum rte_crypto_auth_operation operation;
> +		/**< auth operation generate or verify */
>  		union {
>  			struct {
>  				uint8_t inner[128] __rte_aligned(16);
>

Acked-by: Declan Doherty <declan.doherty at intel.com>
Previous message: [dpdk-dev] [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality
Next message: [dpdk-dev] [PATCH v3 4/4] doc: add missing supported algos for AESNI MB PMD
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list