Acked-by: Kai Ji ________________________________ From: Dooley, Brian Sent: 05 June 2024 09:48 To: Ji, Kai ; De Lara Guarch, Pablo Cc: dev@dpdk.org ; gakhil@marvell.com ; Dooley, Brian Subject: [PATCH v1] crypto/ipsec_mb: use new ipad/opad calculation API From: Pablo de Lara IPSec Multi-buffer library v1.4 added a new API to calculate inner/outer padding for HMAC-SHAx/MD5. Signed-off-by: Pablo de Lara Signed-off-by: Brian Dooley --- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 34 +++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index 69a546697b..b3fdea02ff 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -13,6 +13,7 @@ struct aesni_mb_op_buf_data { uint32_t offset; }; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM /** * Calculate the authentication pre-computes * @@ -55,6 +56,7 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash, memset(ipad_buf, 0, blocksize); memset(opad_buf, 0, blocksize); } +#endif static inline int is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode) @@ -66,12 +68,14 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode) /** Set session authentication parameters */ static int -aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, +aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr, struct aesni_mb_session *sess, const struct rte_crypto_sym_xform *xform) { +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_one_block_t hash_oneblock_fn = NULL; unsigned int key_larger_block_size = 0; +#endif uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 }; uint32_t auth_precompute = 1; @@ -267,18 +271,24 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->template_job.hash_alg = IMB_AUTH_MD5; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_oneblock_fn = mb_mgr->md5_one_block; +#endif break; case RTE_CRYPTO_AUTH_SHA1_HMAC: sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_oneblock_fn = mb_mgr->sha1_one_block; +#endif if (xform->auth.key.length > get_auth_algo_blocksize( IMB_AUTH_HMAC_SHA_1)) { IMB_SHA1(mb_mgr, xform->auth.key.data, xform->auth.key.length, hashed_key); +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM key_larger_block_size = 1; +#endif } break; case RTE_CRYPTO_AUTH_SHA1: @@ -287,14 +297,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, break; case RTE_CRYPTO_AUTH_SHA224_HMAC: sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_oneblock_fn = mb_mgr->sha224_one_block; +#endif if (xform->auth.key.length > get_auth_algo_blocksize( IMB_AUTH_HMAC_SHA_224)) { IMB_SHA224(mb_mgr, xform->auth.key.data, xform->auth.key.length, hashed_key); +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM key_larger_block_size = 1; +#endif } break; case RTE_CRYPTO_AUTH_SHA224: @@ -303,14 +317,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, break; case RTE_CRYPTO_AUTH_SHA256_HMAC: sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_oneblock_fn = mb_mgr->sha256_one_block; +#endif if (xform->auth.key.length > get_auth_algo_blocksize( IMB_AUTH_HMAC_SHA_256)) { IMB_SHA256(mb_mgr, xform->auth.key.data, xform->auth.key.length, hashed_key); +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM key_larger_block_size = 1; +#endif } break; case RTE_CRYPTO_AUTH_SHA256: @@ -319,14 +337,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, break; case RTE_CRYPTO_AUTH_SHA384_HMAC: sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_oneblock_fn = mb_mgr->sha384_one_block; +#endif if (xform->auth.key.length > get_auth_algo_blocksize( IMB_AUTH_HMAC_SHA_384)) { IMB_SHA384(mb_mgr, xform->auth.key.data, xform->auth.key.length, hashed_key); +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM key_larger_block_size = 1; +#endif } break; case RTE_CRYPTO_AUTH_SHA384: @@ -335,14 +357,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, break; case RTE_CRYPTO_AUTH_SHA512_HMAC: sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512; +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM hash_oneblock_fn = mb_mgr->sha512_one_block; +#endif if (xform->auth.key.length > get_auth_algo_blocksize( IMB_AUTH_HMAC_SHA_512)) { IMB_SHA512(mb_mgr, xform->auth.key.data, xform->auth.key.length, hashed_key); +#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM key_larger_block_size = 1; +#endif } break; case RTE_CRYPTO_AUTH_SHA512: @@ -376,6 +402,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, return 0; /* Calculate Authentication precomputes */ +#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM + imb_hmac_ipad_opad(mb_mgr, sess->template_job.hash_alg, + xform->auth.key.data, xform->auth.key.length, + sess->auth.pads.inner, sess->auth.pads.outer); +#else if (key_larger_block_size) { calculate_auth_precomputes(hash_oneblock_fn, sess->auth.pads.inner, sess->auth.pads.outer, @@ -389,6 +420,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, xform->auth.key.length, get_auth_algo_blocksize(sess->template_job.hash_alg)); } +#endif sess->template_job.u.HMAC._hashed_auth_key_xor_ipad = sess->auth.pads.inner; sess->template_job.u.HMAC._hashed_auth_key_xor_opad = -- 2.25.1