[dpdk-dev,v3,3/4] crypto/aesni_mb: add single operation functionality
Checks
Commit Message
Update driver to use new AESNI Multibuffer IPSec library single
operation functionality (cipher only and authentication only).
This patch also adds tests for this new feature.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
app/test/test_cryptodev.c | 34 ++++++++
app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
doc/guides/cryptodevs/aesni_mb.rst | 2 -
doc/guides/rel_notes/release_17_02.rst | 1 +
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 ++++++++++++++++------
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
7 files changed, 172 insertions(+), 59 deletions(-)
Comments
On 19/12/16 17:29, Pablo de Lara wrote:
> Update driver to use new AESNI Multibuffer IPSec library single
> operation functionality (cipher only and authentication only).
> This patch also adds tests for this new feature.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> app/test/test_cryptodev.c | 34 ++++++++
> app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
> app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
> doc/guides/cryptodevs/aesni_mb.rst | 2 -
> doc/guides/rel_notes/release_17_02.rst | 1 +
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 ++++++++++++++++------
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
> 7 files changed, 172 insertions(+), 59 deletions(-)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index f1f3542..5895d99 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
> }
>
> static int
> +test_AES_cipheronly_mb_all(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + int status;
> +
> + status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> + ts_params->op_mpool, ts_params->valid_devs[0],
> + RTE_CRYPTODEV_AESNI_MB_PMD,
> + BLKCIPHER_AES_CIPHERONLY_TYPE);
> +
> + TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> + return TEST_SUCCESS;
> +}
> +
> +static int
> +test_authonly_mb_all(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + int status;
> +
> + status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> + ts_params->op_mpool, ts_params->valid_devs[0],
> + RTE_CRYPTODEV_AESNI_MB_PMD,
> + BLKCIPHER_AUTHONLY_TYPE);
> +
> + TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> + return TEST_SUCCESS;
> +}
> +
> +static int
> test_AES_chain_mb_all(void)
> {
> struct crypto_testsuite_params *ts_params = &testsuite_params;
> @@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
> .teardown = testsuite_teardown,
> .unit_test_cases = {
> TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
> + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
> + TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
>
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
> index efbe7da..898aae1 100644
> --- a/app/test/test_cryptodev_aes_test_vectors.h
> +++ b/app/test/test_cryptodev_aes_test_vectors.h
> @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
> .test_data = &aes_test_data_4,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CBC Decryption",
> .test_data = &aes_test_data_4,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CBC Encryption",
> .test_data = &aes_test_data_10,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CBC Decryption",
> .test_data = &aes_test_data_10,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CBC Encryption",
> .test_data = &aes_test_data_11,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CBC Decryption",
> .test_data = &aes_test_data_11,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CTR Encryption",
> .test_data = &aes_test_data_1,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CTR Decryption",
> .test_data = &aes_test_data_1,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CTR Encryption",
> .test_data = &aes_test_data_2,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CTR Decryption",
> .test_data = &aes_test_data_2,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CTR Encryption",
> .test_data = &aes_test_data_3,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CTR Decryption",
> .test_data = &aes_test_data_3,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> };
>
> diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
> index 9f095cf..a8f9da0 100644
> --- a/app/test/test_cryptodev_hash_test_vectors.h
> +++ b/app/test/test_cryptodev_hash_test_vectors.h
> @@ -97,7 +97,8 @@ hmac_md5_test_vector = {
> 0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
> 0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
> },
> - .len = 16
> + .len = 16,
> + .truncated_len = 12
> }
> };
>
> @@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
> 0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
> 0x3F, 0x91, 0x64, 0x59
> },
> - .len = 20
> + .len = 20,
> + .truncated_len = 12
> }
> };
>
> @@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
> 0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
> 0x92, 0xF6, 0xAA, 0x19
> },
> - .len = 28
> + .len = 28,
> + .truncated_len = 14
> }
> };
>
> @@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
> 0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
> 0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
> },
> - .len = 32
> + .len = 32,
> + .truncated_len = 16
> }
> };
>
> @@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
> 0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
> 0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
> },
> - .len = 48
> + .len = 48,
> + .truncated_len = 24
> }
> };
>
> @@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
> 0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
> 0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
> },
> - .len = 64
> + .len = 64,
> + .truncated_len = 32
> }
> };
>
> @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-MD5 Digest",
> .test_data = &hmac_md5_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-MD5 Digest Verify",
> .test_data = &hmac_md5_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA1 Digest",
> @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA1 Digest",
> .test_data = &hmac_sha1_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA1 Digest Verify",
> .test_data = &hmac_sha1_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA224 Digest",
> @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA224 Digest",
> .test_data = &hmac_sha224_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA224 Digest Verify",
> .test_data = &hmac_sha224_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA256 Digest",
> @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA256 Digest",
> .test_data = &hmac_sha256_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA256 Digest Verify",
> .test_data = &hmac_sha256_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA384 Digest",
> @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA384 Digest",
> .test_data = &hmac_sha384_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA384 Digest Verify",
> .test_data = &hmac_sha384_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA512 Digest",
> @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA512 Digest",
> .test_data = &hmac_sha512_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA512 Digest Verify",
> .test_data = &hmac_sha512_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> };
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index b47cb6a..cb429d7 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -62,8 +62,6 @@ Limitations
> -----------
>
> * Chained mbufs are not supported.
> -* Hash only is not supported.
> -* Cipher only is not supported.
> * Only in-place is currently supported (destination address is the same as source address).
> * Only supports session-oriented API implementation (session-less APIs are not supported).
>
> diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
> index 4f666df..5aa8a94 100644
> --- a/doc/guides/rel_notes/release_17_02.rst
> +++ b/doc/guides/rel_notes/release_17_02.rst
> @@ -49,6 +49,7 @@ New Features
>
> * The Intel(R) Multi Buffer Crypto for IPsec library used in
> AESNI MB PMD has been moved to a new repository, in github.
> + * Support for single operations (cipher only and authentication only).
>
>
> Resolved Issues
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index 7443b47..bafd4d7 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
> }
>
> /** Get xform chain order */
> -static int
> +static enum aesni_mb_operation
> aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
> {
> - /*
> - * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
> - * operations, all other options are invalid, so we must have exactly
> - * 2 xform structs chained together
> - */
> - if (xform->next == NULL || xform->next->next != NULL)
> - return -1;
> -
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> - return HASH_CIPHER;
> + if (xform == NULL)
> + return AESNI_MB_OP_NOT_SUPPORTED;
> +
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> + if (xform->next == NULL)
> + return AESNI_MB_OP_CIPHER_ONLY;
> + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> + return AESNI_MB_OP_CIPHER_HASH;
> + }
>
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> - return CIPHER_HASH;
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> + if (xform->next == NULL)
> + return AESNI_MB_OP_HASH_ONLY;
> + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> + return AESNI_MB_OP_HASH_CIPHER;
> + }
>
> - return -1;
> + return AESNI_MB_OP_NOT_SUPPORTED;
> }
>
> /** Set session authentication parameters */
> @@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
> {
> hash_one_block_t hash_oneblock_fn;
>
> + if (xform == NULL) {
> + sess->auth.algo = NULL_HASH;
> + return 0;
> + }
> +
> if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
> MB_LOG_ERR("Crypto xform struct not of type auth");
> return -1;
> }
>
> + /* Select auth generate/verify */
> + sess->auth.operation = xform->auth.op;
> +
> /* Set Authentication Parameters */
> if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
> sess->auth.algo = AES_XCBC;
> @@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
> {
> aes_keyexp_t aes_keyexp_fn;
>
> + if (xform == NULL) {
> + sess->cipher.mode = NULL_CIPHER;
> + return 0;
> + }
> +
> if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
> MB_LOG_ERR("Crypto xform struct not of type cipher");
> return -1;
> @@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
>
> /* Select Crypto operation - hash then cipher / cipher then hash */
> switch (aesni_mb_get_chain_order(xform)) {
> - case HASH_CIPHER:
> + case AESNI_MB_OP_HASH_CIPHER:
> sess->chain_order = HASH_CIPHER;
> auth_xform = xform;
> cipher_xform = xform->next;
> break;
> - case CIPHER_HASH:
> + case AESNI_MB_OP_CIPHER_HASH:
> sess->chain_order = CIPHER_HASH;
> auth_xform = xform->next;
> cipher_xform = xform;
> break;
> + case AESNI_MB_OP_HASH_ONLY:
> + sess->chain_order = HASH_CIPHER;
> + auth_xform = xform;
> + cipher_xform = NULL;
> + break;
> + case AESNI_MB_OP_CIPHER_ONLY:
> + /*
> + * Multi buffer library operates only at two modes,
> + * CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
> + * chain order depends on cipher operation: encryption is always
> + * the first operation and decryption the last one.
> + */
> + if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
> + sess->chain_order = CIPHER_HASH;
> + else
> + sess->chain_order = HASH_CIPHER;
> + auth_xform = NULL;
> + cipher_xform = xform;
> + break;
> + case AESNI_MB_OP_NOT_SUPPORTED:
> default:
> MB_LOG_ERR("Unsupported operation chain order parameter");
> return -1;
> @@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
> }
>
> /* Set digest output location */
> - if (job->cipher_direction == DECRYPT) {
> + if (job->hash_alg != NULL_HASH &&
> + session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
> get_digest_byte_length(job->hash_alg));
>
> @@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
> (struct rte_crypto_op *)job->user_data;
> struct rte_mbuf *m_dst =
> (struct rte_mbuf *)job->user_data2;
> + struct aesni_mb_session *sess;
>
> if (op == NULL || m_dst == NULL)
> return NULL;
> @@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
> if (unlikely(job->status != STS_COMPLETED)) {
> op->status = RTE_CRYPTO_OP_STATUS_ERROR;
> return op;
> - } else if (job->chain_order == HASH_CIPHER) {
> - /* Verify digest if required */
> - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
> - job->auth_tag_output_len_in_bytes) != 0)
> - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> -
> - /* trim area used for digest from mbuf */
> - rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
> + } else if (job->hash_alg != NULL_HASH) {
> + sess = (struct aesni_mb_session *)op->sym->session->_private;
> + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> + /* Verify digest if required */
> + if (memcmp(job->auth_tag_output,
> + op->sym->auth.digest.data,
> + job->auth_tag_output_len_in_bytes) != 0)
> + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> +
> + /* trim area used for digest from mbuf */
> + rte_pktmbuf_trim(m_dst,
> + get_digest_byte_length(job->hash_alg));
> + }
> }
>
> /* Free session if a session-less crypto op */
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> index 17f367f..5f125b2 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> @@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
> return auth_digest_byte_lengths[algo];
> }
>
> +enum aesni_mb_operation {
> + AESNI_MB_OP_HASH_CIPHER,
> + AESNI_MB_OP_CIPHER_HASH,
> + AESNI_MB_OP_HASH_ONLY,
> + AESNI_MB_OP_CIPHER_ONLY,
> + AESNI_MB_OP_NOT_SUPPORTED
> +};
>
> /** private data structure for each virtual AESNI device */
> struct aesni_mb_private {
> @@ -185,6 +192,8 @@ struct aesni_mb_session {
> /** Authentication Parameters */
> struct {
> JOB_HASH_ALG algo; /**< Authentication Algorithm */
> + enum rte_crypto_auth_operation operation;
> + /**< auth operation generate or verify */
> union {
> struct {
> uint8_t inner[128] __rte_aligned(16);
>
Acked-by: Declan Doherty <declan.doherty@intel.com>
@@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
}
static int
+test_AES_cipheronly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool, ts_params->valid_devs[0],
+ RTE_CRYPTODEV_AESNI_MB_PMD,
+ BLKCIPHER_AES_CIPHERONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
+
+static int
+test_authonly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool, ts_params->valid_devs[0],
+ RTE_CRYPTODEV_AESNI_MB_PMD,
+ BLKCIPHER_AUTHONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
+
+static int
test_AES_chain_mb_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
.teardown = testsuite_teardown,
.unit_test_cases = {
TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
TEST_CASES_END() /**< NULL terminate unit test array */
}
@@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CBC Decryption",
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Encryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Decryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Encryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Decryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Encryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Decryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Encryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Decryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Encryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Decryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};
@@ -97,7 +97,8 @@ hmac_md5_test_vector = {
0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
},
- .len = 16
+ .len = 16,
+ .truncated_len = 12
}
};
@@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
0x3F, 0x91, 0x64, 0x59
},
- .len = 20
+ .len = 20,
+ .truncated_len = 12
}
};
@@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
0x92, 0xF6, 0xAA, 0x19
},
- .len = 28
+ .len = 28,
+ .truncated_len = 14
}
};
@@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
},
- .len = 32
+ .len = 32,
+ .truncated_len = 16
}
};
@@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
},
- .len = 48
+ .len = 48,
+ .truncated_len = 24
}
};
@@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
},
- .len = 64
+ .len = 64,
+ .truncated_len = 32
}
};
@@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-MD5 Digest",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-MD5 Digest Verify",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA1 Digest",
@@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA1 Digest",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA1 Digest Verify",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA224 Digest",
@@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA224 Digest",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA224 Digest Verify",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA256 Digest",
@@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA256 Digest",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA256 Digest Verify",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA384 Digest",
@@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA384 Digest",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA384 Digest Verify",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA512 Digest",
@@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA512 Digest",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA512 Digest Verify",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};
@@ -62,8 +62,6 @@ Limitations
-----------
* Chained mbufs are not supported.
-* Hash only is not supported.
-* Cipher only is not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).
@@ -49,6 +49,7 @@ New Features
* The Intel(R) Multi Buffer Crypto for IPsec library used in
AESNI MB PMD has been moved to a new repository, in github.
+ * Support for single operations (cipher only and authentication only).
Resolved Issues
@@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
}
/** Get xform chain order */
-static int
+static enum aesni_mb_operation
aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
{
- /*
- * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
- * operations, all other options are invalid, so we must have exactly
- * 2 xform structs chained together
- */
- if (xform->next == NULL || xform->next->next != NULL)
- return -1;
-
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
- return HASH_CIPHER;
+ if (xform == NULL)
+ return AESNI_MB_OP_NOT_SUPPORTED;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ if (xform->next == NULL)
+ return AESNI_MB_OP_CIPHER_ONLY;
+ if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ return AESNI_MB_OP_CIPHER_HASH;
+ }
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
- return CIPHER_HASH;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ if (xform->next == NULL)
+ return AESNI_MB_OP_HASH_ONLY;
+ if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+ return AESNI_MB_OP_HASH_CIPHER;
+ }
- return -1;
+ return AESNI_MB_OP_NOT_SUPPORTED;
}
/** Set session authentication parameters */
@@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
{
hash_one_block_t hash_oneblock_fn;
+ if (xform == NULL) {
+ sess->auth.algo = NULL_HASH;
+ return 0;
+ }
+
if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
MB_LOG_ERR("Crypto xform struct not of type auth");
return -1;
}
+ /* Select auth generate/verify */
+ sess->auth.operation = xform->auth.op;
+
/* Set Authentication Parameters */
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
sess->auth.algo = AES_XCBC;
@@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
{
aes_keyexp_t aes_keyexp_fn;
+ if (xform == NULL) {
+ sess->cipher.mode = NULL_CIPHER;
+ return 0;
+ }
+
if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
MB_LOG_ERR("Crypto xform struct not of type cipher");
return -1;
@@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
/* Select Crypto operation - hash then cipher / cipher then hash */
switch (aesni_mb_get_chain_order(xform)) {
- case HASH_CIPHER:
+ case AESNI_MB_OP_HASH_CIPHER:
sess->chain_order = HASH_CIPHER;
auth_xform = xform;
cipher_xform = xform->next;
break;
- case CIPHER_HASH:
+ case AESNI_MB_OP_CIPHER_HASH:
sess->chain_order = CIPHER_HASH;
auth_xform = xform->next;
cipher_xform = xform;
break;
+ case AESNI_MB_OP_HASH_ONLY:
+ sess->chain_order = HASH_CIPHER;
+ auth_xform = xform;
+ cipher_xform = NULL;
+ break;
+ case AESNI_MB_OP_CIPHER_ONLY:
+ /*
+ * Multi buffer library operates only at two modes,
+ * CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
+ * chain order depends on cipher operation: encryption is always
+ * the first operation and decryption the last one.
+ */
+ if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ sess->chain_order = CIPHER_HASH;
+ else
+ sess->chain_order = HASH_CIPHER;
+ auth_xform = NULL;
+ cipher_xform = xform;
+ break;
+ case AESNI_MB_OP_NOT_SUPPORTED:
default:
MB_LOG_ERR("Unsupported operation chain order parameter");
return -1;
@@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
}
/* Set digest output location */
- if (job->cipher_direction == DECRYPT) {
+ if (job->hash_alg != NULL_HASH &&
+ session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
get_digest_byte_length(job->hash_alg));
@@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
(struct rte_crypto_op *)job->user_data;
struct rte_mbuf *m_dst =
(struct rte_mbuf *)job->user_data2;
+ struct aesni_mb_session *sess;
if (op == NULL || m_dst == NULL)
return NULL;
@@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
if (unlikely(job->status != STS_COMPLETED)) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return op;
- } else if (job->chain_order == HASH_CIPHER) {
- /* Verify digest if required */
- if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
- job->auth_tag_output_len_in_bytes) != 0)
- op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-
- /* trim area used for digest from mbuf */
- rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
+ } else if (job->hash_alg != NULL_HASH) {
+ sess = (struct aesni_mb_session *)op->sym->session->_private;
+ if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
+ /* Verify digest if required */
+ if (memcmp(job->auth_tag_output,
+ op->sym->auth.digest.data,
+ job->auth_tag_output_len_in_bytes) != 0)
+ op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+
+ /* trim area used for digest from mbuf */
+ rte_pktmbuf_trim(m_dst,
+ get_digest_byte_length(job->hash_alg));
+ }
}
/* Free session if a session-less crypto op */
@@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
return auth_digest_byte_lengths[algo];
}
+enum aesni_mb_operation {
+ AESNI_MB_OP_HASH_CIPHER,
+ AESNI_MB_OP_CIPHER_HASH,
+ AESNI_MB_OP_HASH_ONLY,
+ AESNI_MB_OP_CIPHER_ONLY,
+ AESNI_MB_OP_NOT_SUPPORTED
+};
/** private data structure for each virtual AESNI device */
struct aesni_mb_private {
@@ -185,6 +192,8 @@ struct aesni_mb_session {
/** Authentication Parameters */
struct {
JOB_HASH_ALG algo; /**< Authentication Algorithm */
+ enum rte_crypto_auth_operation operation;
+ /**< auth operation generate or verify */
union {
struct {
uint8_t inner[128] __rte_aligned(16);