From: Brian Dooley <brian.dooley@intel.com>
To: Kai Ji <kai.ji@intel.com>,
Pablo de Lara <pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org, gakhil@marvell.com,
Brian Dooley <brian.dooley@intel.com>,
Ciara Power <ciara.power@intel.com>,
Wathsala Vithanage <wathsala.vithanage@arm.com>
Subject: [PATCH v5 3/4] crypto/ipsec_mb: use new ipad/opad calculation API
Date: Tue, 5 Mar 2024 17:42:26 +0000 [thread overview]
Message-ID: <20240305174227.1785111-3-brian.dooley@intel.com> (raw)
In-Reply-To: <20240305174227.1785111-1-brian.dooley@intel.com>
IPSec Multi-buffer library v1.4 added a new API to
calculate inner/outer padding for HMAC-SHAx/MD5.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
v5:
- Rebased and added to patchset
v2:
- Remove ipsec mb version checks
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 75 ++------------------------
1 file changed, 5 insertions(+), 70 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 2acd229268..92703a76f0 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -13,49 +13,6 @@ struct aesni_mb_op_buf_data {
uint32_t offset;
};
-/**
- * Calculate the authentication pre-computes
- *
- * @param one_block_hash Function pointer
- * to calculate digest on ipad/opad
- * @param ipad Inner pad output byte array
- * @param opad Outer pad output byte array
- * @param hkey Authentication key
- * @param hkey_len Authentication key length
- * @param blocksize Block size of selected hash algo
- */
-static void
-calculate_auth_precomputes(hash_one_block_t one_block_hash,
- uint8_t *ipad, uint8_t *opad,
- const uint8_t *hkey, uint16_t hkey_len,
- uint16_t blocksize)
-{
- uint32_t i, length;
-
- uint8_t ipad_buf[blocksize] __rte_aligned(16);
- uint8_t opad_buf[blocksize] __rte_aligned(16);
-
- /* Setup inner and outer pads */
- memset(ipad_buf, HMAC_IPAD_VALUE, blocksize);
- memset(opad_buf, HMAC_OPAD_VALUE, blocksize);
-
- /* XOR hash key with inner and outer pads */
- length = hkey_len > blocksize ? blocksize : hkey_len;
-
- for (i = 0; i < length; i++) {
- ipad_buf[i] ^= hkey[i];
- opad_buf[i] ^= hkey[i];
- }
-
- /* Compute partial hashes */
- (*one_block_hash)(ipad_buf, ipad);
- (*one_block_hash)(opad_buf, opad);
-
- /* Clean up stack */
- memset(ipad_buf, 0, blocksize);
- memset(opad_buf, 0, blocksize);
-}
-
static inline int
is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
{
@@ -66,12 +23,10 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
/** Set session authentication parameters */
static int
-aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform)
{
- hash_one_block_t hash_oneblock_fn = NULL;
- unsigned int key_larger_block_size = 0;
uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
uint32_t auth_precompute = 1;
@@ -263,18 +218,15 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
sess->template_job.hash_alg = IMB_AUTH_MD5;
- hash_oneblock_fn = mb_mgr->md5_one_block;
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
- hash_oneblock_fn = mb_mgr->sha1_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_1)) {
IMB_SHA1(mb_mgr,
xform->auth.key.data,
xform->auth.key.length,
hashed_key);
- key_larger_block_size = 1;
}
break;
case RTE_CRYPTO_AUTH_SHA1:
@@ -283,14 +235,12 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
- hash_oneblock_fn = mb_mgr->sha224_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_224)) {
IMB_SHA224(mb_mgr,
xform->auth.key.data,
xform->auth.key.length,
hashed_key);
- key_larger_block_size = 1;
}
break;
case RTE_CRYPTO_AUTH_SHA224:
@@ -299,14 +249,12 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
- hash_oneblock_fn = mb_mgr->sha256_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_256)) {
IMB_SHA256(mb_mgr,
xform->auth.key.data,
xform->auth.key.length,
hashed_key);
- key_larger_block_size = 1;
}
break;
case RTE_CRYPTO_AUTH_SHA256:
@@ -315,14 +263,12 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
- hash_oneblock_fn = mb_mgr->sha384_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_384)) {
IMB_SHA384(mb_mgr,
xform->auth.key.data,
xform->auth.key.length,
hashed_key);
- key_larger_block_size = 1;
}
break;
case RTE_CRYPTO_AUTH_SHA384:
@@ -331,14 +277,12 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
- hash_oneblock_fn = mb_mgr->sha512_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_512)) {
IMB_SHA512(mb_mgr,
xform->auth.key.data,
xform->auth.key.length,
hashed_key);
- key_larger_block_size = 1;
}
break;
case RTE_CRYPTO_AUTH_SHA512:
@@ -372,19 +316,10 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
return 0;
/* Calculate Authentication precomputes */
- if (key_larger_block_size) {
- calculate_auth_precomputes(hash_oneblock_fn,
- sess->auth.pads.inner, sess->auth.pads.outer,
- hashed_key,
- xform->auth.key.length,
- get_auth_algo_blocksize(sess->template_job.hash_alg));
- } else {
- calculate_auth_precomputes(hash_oneblock_fn,
- sess->auth.pads.inner, sess->auth.pads.outer,
- xform->auth.key.data,
- xform->auth.key.length,
- get_auth_algo_blocksize(sess->template_job.hash_alg));
- }
+ imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg,
+ xform->auth.key.data, xform->auth.key.length,
+ sess->auth.pads.inner, sess->auth.pads.outer);
+
sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
sess->auth.pads.inner;
sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
--
2.25.1
next prev parent reply other threads:[~2024-03-05 17:42 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-12 15:36 [PATCH v1] crypto/ipsec_mb: unified IPsec MB interface Brian Dooley
2023-12-14 15:15 ` [PATCH v2] " Brian Dooley
2024-01-18 12:00 ` [PATCH v3] " Brian Dooley
2024-02-28 11:33 ` [PATCH v4] " Brian Dooley
2024-02-28 11:50 ` Power, Ciara
2024-02-29 16:23 ` Dooley, Brian
2024-02-29 16:32 ` Akhil Goyal
2024-03-04 7:33 ` Akhil Goyal
2024-03-05 5:39 ` Honnappa Nagarahalli
2024-03-05 17:31 ` Wathsala Wathawana Vithanage
2024-03-05 15:21 ` Wathsala Wathawana Vithanage
2024-03-05 17:42 ` [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec Multi-buffer version Brian Dooley
2024-03-05 17:42 ` [PATCH v5 2/4] doc: remove outdated version details Brian Dooley
2024-03-05 17:42 ` Brian Dooley [this message]
2024-03-05 17:42 ` [PATCH v5 4/4] crypto/ipsec_mb: unified IPsec MB interface Brian Dooley
2024-03-15 18:25 ` Patrick Robb
2024-03-05 19:11 ` [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec Multi-buffer version Akhil Goyal
2024-03-05 19:50 ` Patrick Robb
2024-03-05 23:30 ` Patrick Robb
2024-03-06 3:57 ` Patrick Robb
2024-03-06 11:12 ` Power, Ciara
2024-03-06 14:59 ` Patrick Robb
2024-03-06 15:29 ` Power, Ciara
2024-03-07 16:21 ` Wathsala Wathawana Vithanage
2024-03-08 16:05 ` Power, Ciara
2024-03-12 16:26 ` Wathsala Wathawana Vithanage
2024-03-15 18:24 ` Patrick Robb
2024-03-12 13:50 ` [PATCH v6 1/5] ci: replace IPsec-mb package install Brian Dooley
2024-03-12 13:50 ` [PATCH v6 2/5] crypto/ipsec_mb: bump minimum IPsec Multi-buffer version Brian Dooley
2024-03-12 13:50 ` [PATCH v6 3/5] doc: remove outdated version details Brian Dooley
2024-03-12 13:50 ` [PATCH v6 4/5] crypto/ipsec_mb: use new ipad/opad calculation API Brian Dooley
2024-03-12 13:50 ` [PATCH v6 5/5] crypto/ipsec_mb: unify some IPsec MB PMDs Brian Dooley
2024-03-12 13:54 ` [PATCH v6 1/5] ci: replace IPsec-mb package install David Marchand
2024-03-12 15:26 ` Power, Ciara
2024-03-12 16:13 ` David Marchand
2024-03-12 17:07 ` Power, Ciara
2024-03-12 16:05 ` David Marchand
2024-03-12 16:16 ` Jack Bond-Preston
2024-03-12 17:08 ` Power, Ciara
2024-03-12 18:04 ` Power, Ciara
2024-03-15 18:26 ` Patrick Robb
2024-03-14 10:37 ` [PATCH v7 1/2] doc: remove outdated version details Brian Dooley
2024-03-14 10:37 ` [PATCH v7 2/2] doc: announce Intel IPsec MB version bump Brian Dooley
2024-03-14 12:04 ` Power, Ciara
2024-03-22 19:33 ` [EXTERNAL] [PATCH v7 1/2] doc: remove outdated version details Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240305174227.1785111-3-brian.dooley@intel.com \
--to=brian.dooley@intel.com \
--cc=ciara.power@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=wathsala.vithanage@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).