[dpdk-stable] [PATCH 0/5] Backported crypto patches to DPDK 16.11

[dpdk-stable] [PATCH 0/5] Backported crypto patches to DPDK 16.11

[Pablo de Lara]

Pablo de Lara (5):
  crypto/qat: fix HMAC supported key sizes
  crypto/qat: fix SHA384-HMAC block size
  doc: remove incorrect limitation on AESNI-MB PMD
  doc: remove incorrect limitation on QAT PMD
  test/crypto: fix wrong AAD setting

 app/test/test_cryptodev.c                   | 17 ++++++++++++++
 app/test/test_cryptodev_hash_test_vectors.h | 36 +++++++++++++++++++----------
 app/test/test_cryptodev_perf.c              | 15 ++++++------
 doc/guides/cryptodevs/aesni_mb.rst          |  1 -
 doc/guides/cryptodevs/qat.rst               |  1 -
 drivers/crypto/qat/qat_crypto.c             | 26 ++++++++++-----------
 6 files changed, 62 insertions(+), 34 deletions(-)

-- 
2.9.4

[dpdk-stable] [PATCH 1/5] crypto/qat: fix HMAC supported key sizes

[Pablo de Lara]

[ backported from upstream commit 5668da1eb5897a96b672ac3b610bd3542e3e5cbe ]

For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.

Fixes: 26c2e4ad5ad4 ("cryptodev: add capabilities discovery")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 drivers/crypto/qat/qat_crypto.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index 0fe0b23..dd869d0 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -76,9 +76,9 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 				.block_size = 64,
 				.key_size = {
-					.min = 64,
+					.min = 1,
 					.max = 64,
-					.increment = 0
+					.increment = 1
 				},
 				.digest_size = {
 					.min = 20,
@@ -97,9 +97,9 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 				.block_size = 64,
 					.key_size = {
-					.min = 64,
+					.min = 1,
 					.max = 64,
-					.increment = 0
+					.increment = 1
 				},
 				.digest_size = {
 					.min = 28,
@@ -118,9 +118,9 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 				.block_size = 64,
 				.key_size = {
-					.min = 64,
+					.min = 1,
 					.max = 64,
-					.increment = 0
+					.increment = 1
 				},
 				.digest_size = {
 					.min = 32,
@@ -139,9 +139,9 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 				.block_size = 64,
 				.key_size = {
-					.min = 128,
+					.min = 1,
 					.max = 128,
-					.increment = 0
+					.increment = 1
 				},
 				.digest_size = {
 					.min = 48,
@@ -160,9 +160,9 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 				.block_size = 128,
 				.key_size = {
-					.min = 128,
+					.min = 1,
 					.max = 128,
-					.increment = 0
+					.increment = 128
 				},
 				.digest_size = {
 					.min = 64,
@@ -181,9 +181,9 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 				.block_size = 64,
 				.key_size = {
-					.min = 8,
+					.min = 1,
 					.max = 64,
-					.increment = 8
+					.increment = 1
 				},
 				.digest_size = {
 					.min = 16,
-- 
2.9.4

[dpdk-stable] [PATCH 2/5] crypto/qat: fix SHA384-HMAC block size

[Pablo de Lara]

[ backported from upstream commit b5b047aa441adf5c13d25f0a5d3eb76787080903 ]

Block size of SHA384-HMAC algorithm is 128 bytes,
and not 64 bytes.

Fixes: d905ee32d0dc ("crypto/qat: add aes-sha384-hmac capability")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 drivers/crypto/qat/qat_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index dd869d0..f7fcece 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -137,7 +137,7 @@ static const struct rte_cryptodev_capabilities qat_pmd_capabilities[] = {
 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 			{.auth = {
 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
-				.block_size = 64,
+				.block_size = 128,
 				.key_size = {
 					.min = 1,
 					.max = 128,
-- 
2.9.4

[dpdk-stable] [PATCH 3/5] doc: remove incorrect limitation on AESNI-MB PMD

[Pablo de Lara]

[ backported from upstream commit 8082845f8aea8407a3741783951f182a48f2855f ]

AESNI MB PMD supports sessionless operations,
but the documentation was stating that only
operations with session were supported.

Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
---
 doc/guides/cryptodevs/aesni_mb.rst | 1 -
 1 file changed, 1 deletion(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index e812e95..10e5473 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -65,7 +65,6 @@ Limitations
 * Hash only is not supported.
 * Cipher only is not supported.
 * Only in-place is currently supported (destination address is the same as source address).
-* Only supports session-oriented API implementation (session-less APIs are not supported).
 *  Not performance tuned.
 
 Installation
-- 
2.9.4

[dpdk-stable] [PATCH 4/5] doc: remove incorrect limitation on QAT PMD

[Pablo de Lara]

[ backported from upstream commit de938b79b2fce7e15389aad1543e778a8721e3a5 ]

QAT supports authentication only operations,
for any authentication algorithm (such as SHA1-HMAC),
as long as it is supported by QAT, so it means
that it is not necessary to create a chained operation
in order to use these algorithms.

Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
---
 app/test/test_cryptodev.c                   | 17 ++++++++++++++
 app/test/test_cryptodev_hash_test_vectors.h | 36 +++++++++++++++++++----------
 doc/guides/cryptodevs/qat.rst               |  1 -
 3 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 2754653..b544ab9 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1545,6 +1545,22 @@ test_authonly_openssl_all(void)
 	return TEST_SUCCESS;
 }
 
+static int
+test_authonly_qat_all(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	int status;
+
+	status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+		ts_params->op_mpool, ts_params->valid_devs[0],
+		RTE_CRYPTODEV_QAT_SYM_PMD,
+		BLKCIPHER_AUTHONLY_TYPE);
+
+	TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+	return TEST_SUCCESS;
+}
+
 /* ***** SNOW 3G Tests ***** */
 static int
 create_wireless_algo_hash_session(uint8_t dev_id,
@@ -6034,6 +6050,7 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown, test_3DES_chain_qat_all),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 						test_3DES_cipheronly_qat_all),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_qat_all),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_stats),
 
 		/** AES GCM Authenticated Encryption */
diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
index 9f095cf..1daf681 100644
--- a/app/test/test_cryptodev_hash_test_vectors.h
+++ b/app/test/test_cryptodev_hash_test_vectors.h
@@ -358,13 +358,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.test_descr = "HMAC-MD5 Digest",
 		.test_data = &hmac_md5_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "HMAC-MD5 Digest Verify",
 		.test_data = &hmac_md5_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "SHA1 Digest",
@@ -382,13 +384,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.test_descr = "HMAC-SHA1 Digest",
 		.test_data = &hmac_sha1_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "HMAC-SHA1 Digest Verify",
 		.test_data = &hmac_sha1_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "SHA224 Digest",
@@ -406,13 +410,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.test_descr = "HMAC-SHA224 Digest",
 		.test_data = &hmac_sha224_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "HMAC-SHA224 Digest Verify",
 		.test_data = &hmac_sha224_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "SHA256 Digest",
@@ -430,13 +436,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.test_descr = "HMAC-SHA256 Digest",
 		.test_data = &hmac_sha256_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "HMAC-SHA256 Digest Verify",
 		.test_data = &hmac_sha256_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "SHA384 Digest",
@@ -454,13 +462,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.test_descr = "HMAC-SHA384 Digest",
 		.test_data = &hmac_sha384_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "HMAC-SHA384 Digest Verify",
 		.test_data = &hmac_sha384_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "SHA512 Digest",
@@ -478,13 +488,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
 		.test_descr = "HMAC-SHA512 Digest",
 		.test_data = &hmac_sha512_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 	{
 		.test_descr = "HMAC-SHA512 Digest Verify",
 		.test_data = &hmac_sha512_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
-		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+		.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+			BLOCKCIPHER_TEST_TARGET_PMD_QAT
 	},
 };
 
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index a7b28eb..2173819 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -74,7 +74,6 @@ Limitations
 -----------
 
 * Chained mbufs are not supported.
-* Hash only is not supported except SNOW 3G UIA2 and KASUMI F9.
 * Cipher only is not supported except SNOW 3G UEA2, KASUMI F8 and 3DES.
 * Only supports the session-oriented API implementation (session-less APIs are not supported).
 * SNOW 3G (UEA2) and KASUMI (F8) supported only if cipher length, cipher offset fields are byte-aligned.
-- 
2.9.4

[dpdk-stable] [PATCH 5/5] test/crypto: fix wrong AAD setting

[Pablo de Lara]

[ backported from upstream commit f2522ce5978e503a2b2c63220898cdffce257909 ]

AAD should not point at IV for AES algorithms.
For AES-GCM, AAD will point at additional data in the mbuf.
For the other algorithms (such as 3DES CBC), AAD is not used.

Fixes: ffbe3be0d4b5 ("app/test: add libcrypto")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
 app/test/test_cryptodev_perf.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/app/test/test_cryptodev_perf.c b/app/test/test_cryptodev_perf.c
index 89a6795..2a31349 100644
--- a/app/test/test_cryptodev_perf.c
+++ b/app/test/test_cryptodev_perf.c
@@ -2475,6 +2475,11 @@ static uint8_t aes_key[] = {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
+static uint8_t aes_gcm_aad[] = {
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
 static uint8_t aes_iv[] = {
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
@@ -2687,7 +2692,7 @@ test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
 
 #define AES_BLOCK_SIZE 16
 #define AES_CIPHER_IV_LENGTH 16
-
+#define AES_GCM_AAD_LENGTH 16
 #define TRIPLE_DES_BLOCK_SIZE 8
 #define TRIPLE_DES_CIPHER_IV_LENGTH 8
 
@@ -2722,8 +2727,6 @@ test_perf_set_crypto_op_aes(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 			AES_CIPHER_IV_LENGTH + data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = aes_iv;
-	op->sym->auth.aad.length = AES_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
 	op->sym->cipher.iv.data = rte_pktmbuf_mtod(m, uint8_t *);
@@ -2760,8 +2763,8 @@ test_perf_set_crypto_op_aes_gcm(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = aes_iv;
-	op->sym->auth.aad.length = AES_CIPHER_IV_LENGTH;
+	op->sym->auth.aad.data = aes_gcm_aad;
+	op->sym->auth.aad.length = AES_GCM_AAD_LENGTH;
 
 	/* Cipher Parameters */
 	op->sym->cipher.iv.data = aes_iv;
@@ -2893,8 +2896,6 @@ test_perf_set_crypto_op_3des(struct rte_crypto_op *op, struct rte_mbuf *m,
 	op->sym->auth.digest.phys_addr =
 				rte_pktmbuf_mtophys_offset(m, data_len);
 	op->sym->auth.digest.length = digest_len;
-	op->sym->auth.aad.data = triple_des_iv;
-	op->sym->auth.aad.length = TRIPLE_DES_CIPHER_IV_LENGTH;
 
 	/* Cipher Parameters */
 	op->sym->cipher.iv.data = triple_des_iv;
-- 
2.9.4

Re: [dpdk-stable] [PATCH 0/5] Backported crypto patches to DPDK 16.11

[Yuanhan Liu]

On Wed, Aug 16, 2017 at 01:16:11AM +0100, Pablo de Lara wrote:
> Pablo de Lara (5):
>   crypto/qat: fix HMAC supported key sizes
>   crypto/qat: fix SHA384-HMAC block size
>   doc: remove incorrect limitation on AESNI-MB PMD
>   doc: remove incorrect limitation on QAT PMD
>   test/crypto: fix wrong AAD setting

Pablo, thank you! Just hope you have done some tests :)

Seires applied to dpdk-stable/16.11.

	--yliu
> 
>  app/test/test_cryptodev.c                   | 17 ++++++++++++++
>  app/test/test_cryptodev_hash_test_vectors.h | 36 +++++++++++++++++++----------
>  app/test/test_cryptodev_perf.c              | 15 ++++++------
>  doc/guides/cryptodevs/aesni_mb.rst          |  1 -
>  doc/guides/cryptodevs/qat.rst               |  1 -
>  drivers/crypto/qat/qat_crypto.c             | 26 ++++++++++-----------
>  6 files changed, 62 insertions(+), 34 deletions(-)
> 
> -- 
> 2.9.4

Re: [dpdk-stable] [PATCH 0/5] Backported crypto patches to DPDK 16.11

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Yuanhan Liu [mailto:yliu@fridaylinux.org]
> Sent: Wednesday, August 16, 2017 9:24 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: stable@dpdk.org
> Subject: Re: [PATCH 0/5] Backported crypto patches to DPDK 16.11
> 
> On Wed, Aug 16, 2017 at 01:16:11AM +0100, Pablo de Lara wrote:
> > Pablo de Lara (5):
> >   crypto/qat: fix HMAC supported key sizes
> >   crypto/qat: fix SHA384-HMAC block size
> >   doc: remove incorrect limitation on AESNI-MB PMD
> >   doc: remove incorrect limitation on QAT PMD
> >   test/crypto: fix wrong AAD setting
> 
> Pablo, thank you! Just hope you have done some tests :)
> 

They are mostly doc and test changes, so it should be ok ;)

Pablo

> Seires applied to dpdk-stable/16.11.
> 
> 	--yliu
> >
> >  app/test/test_cryptodev.c                   | 17 ++++++++++++++
> >  app/test/test_cryptodev_hash_test_vectors.h | 36
> +++++++++++++++++++----------
> >  app/test/test_cryptodev_perf.c              | 15 ++++++------
> >  doc/guides/cryptodevs/aesni_mb.rst          |  1 -
> >  doc/guides/cryptodevs/qat.rst               |  1 -
> >  drivers/crypto/qat/qat_crypto.c             | 26 ++++++++++-----------
> >  6 files changed, 62 insertions(+), 34 deletions(-)
> >
> > --
> > 2.9.4