From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 0E38E2C4F for ; Thu, 15 Dec 2016 16:58:53 +0100 (CET) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga104.fm.intel.com with ESMTP; 15 Dec 2016 07:58:52 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,352,1477983600"; d="scan'208";a="1072444659" Received: from silpixa00381631.ir.intel.com (HELO silpixa00381631.ger.corp.intel.com) ([10.237.222.122]) by orsmga001.jf.intel.com with ESMTP; 15 Dec 2016 07:58:51 -0800 From: Pablo de Lara To: declan.doherty@intel.com Cc: dev@dpdk.org, Pablo de Lara Date: Thu, 15 Dec 2016 16:00:31 +0000 Message-Id: <1481817632-183082-3-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1481817632-183082-1-git-send-email-pablo.de.lara.guarch@intel.com> References: <1481817632-183082-1-git-send-email-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: add single operation functionality X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 15:58:55 -0000 Update driver to use new AESNI Multibuffer IPSec library single operation functionality (cipher only and authentication only). This patch also adds tests for this new feature. Signed-off-by: Pablo de Lara --- app/test/test_cryptodev.c | 34 ++++++++++++++++++ app/test/test_cryptodev_aes_test_vectors.h | 36 ++++++++++++------- app/test/test_cryptodev_hash_test_vectors.h | 54 +++++++++++++++++++---------- doc/guides/cryptodevs/aesni_mb.rst | 2 -- doc/guides/rel_notes/release_17_02.rst | 1 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 49 +++++++++++++++++--------- 6 files changed, 128 insertions(+), 48 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index f1f3542..5895d99 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, } static int +test_AES_cipheronly_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, ts_params->valid_devs[0], + RTE_CRYPTODEV_AESNI_MB_PMD, + BLKCIPHER_AES_CIPHERONLY_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + +static int +test_authonly_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, ts_params->valid_devs[0], + RTE_CRYPTODEV_AESNI_MB_PMD, + BLKCIPHER_AUTHONLY_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + +static int test_AES_chain_mb_all(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { .teardown = testsuite_teardown, .unit_test_cases = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all), TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h index efbe7da..898aae1 100644 --- a/app/test/test_cryptodev_aes_test_vectors.h +++ b/app/test/test_cryptodev_aes_test_vectors.h @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = { .test_data = &aes_test_data_4, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-128-CBC Decryption", .test_data = &aes_test_data_4, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CBC Encryption", .test_data = &aes_test_data_10, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CBC Decryption", .test_data = &aes_test_data_10, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CBC Encryption", .test_data = &aes_test_data_11, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CBC Decryption", .test_data = &aes_test_data_11, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-128-CTR Encryption", .test_data = &aes_test_data_1, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-128-CTR Decryption", .test_data = &aes_test_data_1, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CTR Encryption", .test_data = &aes_test_data_2, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CTR Decryption", .test_data = &aes_test_data_2, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CTR Encryption", .test_data = &aes_test_data_3, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CTR Decryption", .test_data = &aes_test_data_3, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, }; diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h index 9f095cf..a8f9da0 100644 --- a/app/test/test_cryptodev_hash_test_vectors.h +++ b/app/test/test_cryptodev_hash_test_vectors.h @@ -97,7 +97,8 @@ hmac_md5_test_vector = { 0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE, 0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B }, - .len = 16 + .len = 16, + .truncated_len = 12 } }; @@ -139,7 +140,8 @@ hmac_sha1_test_vector = { 0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17, 0x3F, 0x91, 0x64, 0x59 }, - .len = 20 + .len = 20, + .truncated_len = 12 } }; @@ -184,7 +186,8 @@ hmac_sha224_test_vector = { 0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F, 0x92, 0xF6, 0xAA, 0x19 }, - .len = 28 + .len = 28, + .truncated_len = 14 } }; @@ -229,7 +232,8 @@ hmac_sha256_test_vector = { 0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77, 0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17 }, - .len = 32 + .len = 32, + .truncated_len = 16 } }; @@ -280,7 +284,8 @@ hmac_sha384_test_vector = { 0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0, 0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E }, - .len = 48 + .len = 48, + .truncated_len = 24 } }; @@ -337,7 +342,8 @@ hmac_sha512_test_vector = { 0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87, 0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20 }, - .len = 64 + .len = 64, + .truncated_len = 32 } }; @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-MD5 Digest", .test_data = &hmac_md5_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-MD5 Digest Verify", .test_data = &hmac_md5_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA1 Digest", @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA1 Digest", .test_data = &hmac_sha1_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA1 Digest Verify", .test_data = &hmac_sha1_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA224 Digest", @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA224 Digest", .test_data = &hmac_sha224_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA224 Digest Verify", .test_data = &hmac_sha224_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA256 Digest", @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA256 Digest", .test_data = &hmac_sha256_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA256 Digest Verify", .test_data = &hmac_sha256_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA384 Digest", @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA384 Digest", .test_data = &hmac_sha384_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA384 Digest Verify", .test_data = &hmac_sha384_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA512 Digest", @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA512 Digest", .test_data = &hmac_sha512_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA512 Digest Verify", .test_data = &hmac_sha512_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, }; diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index b47cb6a..cb429d7 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -62,8 +62,6 @@ Limitations ----------- * Chained mbufs are not supported. -* Hash only is not supported. -* Cipher only is not supported. * Only in-place is currently supported (destination address is the same as source address). * Only supports session-oriented API implementation (session-less APIs are not supported). diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst index 4f666df..5aa8a94 100644 --- a/doc/guides/rel_notes/release_17_02.rst +++ b/doc/guides/rel_notes/release_17_02.rst @@ -49,6 +49,7 @@ New Features * The Intel(R) Multi Buffer Crypto for IPsec library used in AESNI MB PMD has been moved to a new repository, in github. + * Support for single operations (cipher only and authentication only). Resolved Issues diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index f07cd07..7591cc5 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -110,21 +110,22 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash, static int aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform) { - /* - * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained - * operations, all other options are invalid, so we must have exactly - * 2 xform structs chained together - */ - if (xform->next == NULL || xform->next->next != NULL) + if (xform == NULL) return -1; - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) - return HASH_CIPHER; - - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + if ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) && + (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) && + ((xform->next == NULL) || + (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH))) return CIPHER_HASH; + if ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) && + (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) && + (xform->next == NULL)) + return HASH_CIPHER; + if ((xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) && + (xform->next == NULL || + xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)) + return HASH_CIPHER; return -1; } @@ -137,6 +138,11 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops, { hash_one_block_t hash_oneblock_fn; + if (xform == NULL) { + sess->auth.algo = NULL_HASH; + return 0; + } + if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) { MB_LOG_ERR("Crypto xform struct not of type auth"); return -1; @@ -199,6 +205,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops, { aes_keyexp_t aes_keyexp_fn; + if (xform == NULL) { + sess->cipher.mode = NULL_CIPHER; + return 0; + } + if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) { MB_LOG_ERR("Crypto xform struct not of type cipher"); return -1; @@ -270,8 +281,13 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops, switch (aesni_mb_get_chain_order(xform)) { case HASH_CIPHER: sess->chain_order = HASH_CIPHER; - auth_xform = xform; - cipher_xform = xform->next; + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + auth_xform = xform; + cipher_xform = xform->next; + } else { + cipher_xform = xform; + auth_xform = xform->next; + } break; case CIPHER_HASH: sess->chain_order = CIPHER_HASH; @@ -396,7 +412,7 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op, } /* Set digest output location */ - if (job->cipher_direction == DECRYPT) { + if (job->cipher_direction == DECRYPT && job->hash_alg != NULL_HASH) { job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst, get_digest_byte_length(job->hash_alg)); @@ -471,7 +487,8 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) return op; } else if (job->chain_order == HASH_CIPHER) { /* Verify digest if required */ - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, + if (job->hash_alg != NULL_HASH && memcmp(job->auth_tag_output, + op->sym->auth.digest.data, job->auth_tag_output_len_in_bytes) != 0) op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; -- 2.7.4