* [dpdk-dev] [PATCH 0/4] Add support for AES-CCM
@ 2017-08-18 8:07 Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 1/4] crypto/openssl: fix AEAD parameters Pablo de Lara
` (5 more replies)
0 siblings, 6 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-08-18 8:07 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
AES-CCM support is added in the OpenSSL PMD.
The PMD and the test code have been reworked,
to avoid duplications with AES-GCM code,
as both algorithms are quite similar (both are AEAD algorithms).
Also, an optimization for AES-GCM (and AES-CCM after the last patch)
has been introduced, initializing the OpenSSL Context
with the key, at session creation, instead of for each operation.
Pablo de Lara (4):
crypto/openssl: fix AEAD parameters
crypto/openssl: init GCM key at session creation
test/crypto: rename GCM test code
crypto/openssl: add AES-CCM support
doc/guides/cryptodevs/features/default.ini | 3 +
doc/guides/cryptodevs/features/openssl.ini | 3 +
doc/guides/cryptodevs/openssl.rst | 1 +
doc/guides/rel_notes/release_17_11.rst | 6 +
drivers/crypto/openssl/rte_openssl_pmd.c | 375 ++++++++++++++-----
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 30 ++
lib/librte_cryptodev/rte_crypto_sym.h | 9 +-
test/test/test_cryptodev.c | 415 +++++++++++++--------
...ectors.h => test_cryptodev_aead_test_vectors.h} | 251 ++++++++++---
test/test/test_cryptodev_perf.c | 2 +-
10 files changed, 799 insertions(+), 296 deletions(-)
rename test/test/{test_cryptodev_gcm_test_vectors.h => test_cryptodev_aead_test_vectors.h} (95%)
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH 1/4] crypto/openssl: fix AEAD parameters
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
@ 2017-08-18 8:07 ` Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH] test/crypto: rename GCM test code Pablo de Lara
` (4 subsequent siblings)
5 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-08-18 8:07 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara, stable
When using AES-GCM with OpenSSL, cipher direction
and authentication operation were being set incorrectly,
as the PMD was looking at the cipher and authentication
transform, instead of the new AEAD.
Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bd5f98..2bc1570 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -425,8 +425,15 @@ static int
openssl_set_session_aead_parameters(struct openssl_session *sess,
const struct rte_crypto_sym_xform *xform)
{
- /* Select cipher direction */
- sess->cipher.direction = xform->cipher.op;
+ /* Select cipher direction and auth operation */
+ if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
+ } else {
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
+ }
+
/* Select cipher key */
sess->cipher.key.length = xform->aead.key.length;
@@ -434,10 +441,6 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
sess->iv.offset = xform->aead.iv.offset;
sess->iv.length = xform->aead.iv.length;
- /* Select auth generate/verify */
- sess->auth.operation = xform->auth.op;
- sess->auth.algo = xform->auth.algo;
-
/* Select auth algo */
switch (xform->aead.algo) {
case RTE_CRYPTO_AEAD_AES_GCM:
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH] test/crypto: rename GCM test code
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 1/4] crypto/openssl: fix AEAD parameters Pablo de Lara
@ 2017-08-18 8:07 ` Pablo de Lara
2017-08-18 16:09 ` De Lara Guarch, Pablo
2017-08-18 8:07 ` [dpdk-dev] [PATCH 2/4] crypto/openssl: init GCM key at session creation Pablo de Lara
` (3 subsequent siblings)
5 siblings, 1 reply; 21+ messages in thread
From: Pablo de Lara @ 2017-08-18 8:07 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
Before adding AES-CCM tests, some test code used
for AES-GCM can be renamed, so it can be reused
for AES-CCM, as both need similar parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
test/test/test_cryptodev.c | 245 +++++++++++----------
...ectors.h => test_cryptodev_aead_test_vectors.h} | 114 +++++-----
test/test/test_cryptodev_perf.c | 2 +-
3 files changed, 192 insertions(+), 169 deletions(-)
rename test/test/{test_cryptodev_gcm_test_vectors.h => test_cryptodev_aead_test_vectors.h} (97%)
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index a4116c6..0b7ca47 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -58,7 +58,7 @@
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_zuc_test_vectors.h"
-#include "test_cryptodev_gcm_test_vectors.h"
+#include "test_cryptodev_aead_test_vectors.h"
#include "test_cryptodev_hmac_test_vectors.h"
static int gbl_driver_id;
@@ -4785,10 +4785,11 @@ test_3DES_cipheronly_openssl_all(void)
return TEST_SUCCESS;
}
-/* ***** AES-GCM Tests ***** */
+/* ***** AEAD algorithm Tests ***** */
static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
+create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
+ enum rte_crypto_aead_operation op,
const uint8_t *key, const uint8_t key_len,
const uint16_t aad_len, const uint8_t auth_len,
uint8_t iv_len)
@@ -4803,7 +4804,7 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
/* Setup AEAD Parameters */
ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
ut_params->aead_xform.next = NULL;
- ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ ut_params->aead_xform.aead.algo = algo;
ut_params->aead_xform.aead.op = op;
ut_params->aead_xform.aead.key.data = aead_key;
ut_params->aead_xform.aead.key.length = key_len;
@@ -4827,7 +4828,8 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
}
static int
-create_gcm_xforms(struct rte_crypto_op *op,
+create_aead_xform(struct rte_crypto_op *op,
+ enum rte_crypto_aead_algorithm algo,
enum rte_crypto_aead_operation aead_op,
uint8_t *key, const uint8_t key_len,
const uint8_t aad_len, const uint8_t auth_len,
@@ -4841,7 +4843,7 @@ create_gcm_xforms(struct rte_crypto_op *op,
/* Setup AEAD Parameters */
sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
sym_op->xform->next = NULL;
- sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ sym_op->xform->aead.algo = algo;
sym_op->xform->aead.op = aead_op;
sym_op->xform->aead.key.data = key;
sym_op->xform->aead.key.length = key_len;
@@ -4856,8 +4858,8 @@ create_gcm_xforms(struct rte_crypto_op *op,
}
static int
-create_gcm_operation(enum rte_crypto_aead_operation op,
- const struct gcm_test_data *tdata)
+create_aead_operation(enum rte_crypto_aead_operation op,
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -4976,7 +4978,7 @@ create_gcm_operation(enum rte_crypto_aead_operation op,
}
static int
-test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
+test_authenticated_encryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -4986,8 +4988,9 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
uint16_t plaintext_pad_len;
uint32_t i;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -4998,7 +5001,7 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
/* Populate full size of add data */
- for (i = 32; i < GCM_MAX_AAD_LENGTH; i += 32)
+ for (i = 32; i < MAX_AAD_LENGTH; i += 32)
memcpy(&tdata->aad.data[i], &tdata->aad.data[0], 32);
} else
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5007,8 +5010,8 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
@@ -5045,13 +5048,13 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5060,143 +5063,143 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
static int
test_AES_GCM_authenticated_encryption_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_1);
+ return test_authenticated_encryption(&gcm_test_case_1);
}
static int
test_AES_GCM_authenticated_encryption_test_case_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_2);
+ return test_authenticated_encryption(&gcm_test_case_2);
}
static int
test_AES_GCM_authenticated_encryption_test_case_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_3);
+ return test_authenticated_encryption(&gcm_test_case_3);
}
static int
test_AES_GCM_authenticated_encryption_test_case_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_4);
+ return test_authenticated_encryption(&gcm_test_case_4);
}
static int
test_AES_GCM_authenticated_encryption_test_case_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_5);
+ return test_authenticated_encryption(&gcm_test_case_5);
}
static int
test_AES_GCM_authenticated_encryption_test_case_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_6);
+ return test_authenticated_encryption(&gcm_test_case_6);
}
static int
test_AES_GCM_authenticated_encryption_test_case_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_7);
+ return test_authenticated_encryption(&gcm_test_case_7);
}
static int
test_AES_GCM_auth_encryption_test_case_192_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_1);
+ return test_authenticated_encryption(&gcm_test_case_192_1);
}
static int
test_AES_GCM_auth_encryption_test_case_192_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_2);
+ return test_authenticated_encryption(&gcm_test_case_192_2);
}
static int
test_AES_GCM_auth_encryption_test_case_192_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_3);
+ return test_authenticated_encryption(&gcm_test_case_192_3);
}
static int
test_AES_GCM_auth_encryption_test_case_192_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_4);
+ return test_authenticated_encryption(&gcm_test_case_192_4);
}
static int
test_AES_GCM_auth_encryption_test_case_192_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_5);
+ return test_authenticated_encryption(&gcm_test_case_192_5);
}
static int
test_AES_GCM_auth_encryption_test_case_192_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_6);
+ return test_authenticated_encryption(&gcm_test_case_192_6);
}
static int
test_AES_GCM_auth_encryption_test_case_192_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_7);
+ return test_authenticated_encryption(&gcm_test_case_192_7);
}
static int
test_AES_GCM_auth_encryption_test_case_256_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_1);
+ return test_authenticated_encryption(&gcm_test_case_256_1);
}
static int
test_AES_GCM_auth_encryption_test_case_256_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_2);
+ return test_authenticated_encryption(&gcm_test_case_256_2);
}
static int
test_AES_GCM_auth_encryption_test_case_256_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_3);
+ return test_authenticated_encryption(&gcm_test_case_256_3);
}
static int
test_AES_GCM_auth_encryption_test_case_256_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_4);
+ return test_authenticated_encryption(&gcm_test_case_256_4);
}
static int
test_AES_GCM_auth_encryption_test_case_256_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_5);
+ return test_authenticated_encryption(&gcm_test_case_256_5);
}
static int
test_AES_GCM_auth_encryption_test_case_256_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_6);
+ return test_authenticated_encryption(&gcm_test_case_256_6);
}
static int
test_AES_GCM_auth_encryption_test_case_256_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_7);
+ return test_authenticated_encryption(&gcm_test_case_256_7);
}
static int
test_AES_GCM_auth_encryption_test_case_aad_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_aad_1);
+ return test_authenticated_encryption(&gcm_test_case_aad_1);
}
static int
test_AES_GCM_auth_encryption_test_case_aad_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_aad_2);
+ return test_authenticated_encryption(&gcm_test_case_aad_2);
}
static int
-test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
+test_authenticated_decryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5205,8 +5208,9 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
uint8_t *plaintext;
uint32_t i;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5218,7 +5222,7 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
/* Populate full size of add data */
- for (i = 32; i < GCM_MAX_AAD_LENGTH; i += 32)
+ for (i = 32; i < MAX_AAD_LENGTH; i += 32)
memcpy(&tdata->aad.data[i], &tdata->aad.data[0], 32);
} else
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5226,8 +5230,8 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
@@ -5257,154 +5261,154 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_1);
+ return test_authenticated_decryption(&gcm_test_case_1);
}
static int
test_AES_GCM_authenticated_decryption_test_case_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_2);
+ return test_authenticated_decryption(&gcm_test_case_2);
}
static int
test_AES_GCM_authenticated_decryption_test_case_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_3);
+ return test_authenticated_decryption(&gcm_test_case_3);
}
static int
test_AES_GCM_authenticated_decryption_test_case_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_4);
+ return test_authenticated_decryption(&gcm_test_case_4);
}
static int
test_AES_GCM_authenticated_decryption_test_case_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_5);
+ return test_authenticated_decryption(&gcm_test_case_5);
}
static int
test_AES_GCM_authenticated_decryption_test_case_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_6);
+ return test_authenticated_decryption(&gcm_test_case_6);
}
static int
test_AES_GCM_authenticated_decryption_test_case_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_7);
+ return test_authenticated_decryption(&gcm_test_case_7);
}
static int
test_AES_GCM_auth_decryption_test_case_192_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_1);
+ return test_authenticated_decryption(&gcm_test_case_192_1);
}
static int
test_AES_GCM_auth_decryption_test_case_192_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_2);
+ return test_authenticated_decryption(&gcm_test_case_192_2);
}
static int
test_AES_GCM_auth_decryption_test_case_192_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_3);
+ return test_authenticated_decryption(&gcm_test_case_192_3);
}
static int
test_AES_GCM_auth_decryption_test_case_192_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_4);
+ return test_authenticated_decryption(&gcm_test_case_192_4);
}
static int
test_AES_GCM_auth_decryption_test_case_192_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_5);
+ return test_authenticated_decryption(&gcm_test_case_192_5);
}
static int
test_AES_GCM_auth_decryption_test_case_192_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_6);
+ return test_authenticated_decryption(&gcm_test_case_192_6);
}
static int
test_AES_GCM_auth_decryption_test_case_192_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_7);
+ return test_authenticated_decryption(&gcm_test_case_192_7);
}
static int
test_AES_GCM_auth_decryption_test_case_256_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_1);
+ return test_authenticated_decryption(&gcm_test_case_256_1);
}
static int
test_AES_GCM_auth_decryption_test_case_256_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_2);
+ return test_authenticated_decryption(&gcm_test_case_256_2);
}
static int
test_AES_GCM_auth_decryption_test_case_256_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_3);
+ return test_authenticated_decryption(&gcm_test_case_256_3);
}
static int
test_AES_GCM_auth_decryption_test_case_256_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_4);
+ return test_authenticated_decryption(&gcm_test_case_256_4);
}
static int
test_AES_GCM_auth_decryption_test_case_256_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_5);
+ return test_authenticated_decryption(&gcm_test_case_256_5);
}
static int
test_AES_GCM_auth_decryption_test_case_256_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_6);
+ return test_authenticated_decryption(&gcm_test_case_256_6);
}
static int
test_AES_GCM_auth_decryption_test_case_256_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_7);
+ return test_authenticated_decryption(&gcm_test_case_256_7);
}
static int
test_AES_GCM_auth_decryption_test_case_aad_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_aad_1);
+ return test_authenticated_decryption(&gcm_test_case_aad_1);
}
static int
test_AES_GCM_auth_decryption_test_case_aad_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_aad_2);
+ return test_authenticated_decryption(&gcm_test_case_aad_2);
}
static int
-test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
+test_authenticated_encryption_oop(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5413,8 +5417,9 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
uint8_t *ciphertext, *auth_tag;
uint16_t plaintext_pad_len;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5431,8 +5436,8 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->obuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
@@ -5462,13 +5467,13 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5477,11 +5482,11 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
static int
test_AES_GCM_authenticated_encryption_oop_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption_oop(&gcm_test_case_5);
+ return test_authenticated_encryption_oop(&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
+test_authenticated_decryption_oop(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5489,8 +5494,9 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
int retval;
uint8_t *plaintext;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5507,8 +5513,8 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->obuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
@@ -5534,23 +5540,23 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_oop_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption_oop(&gcm_test_case_5);
+ return test_authenticated_decryption_oop(&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_encryption_sessionless(
- const struct gcm_test_data *tdata)
+test_authenticated_encryption_sessionless(
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5566,14 +5572,15 @@ test_AES_GCM_authenticated_encryption_sessionless(
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
- /* Create GCM xforms */
+ /* Create GCM xform */
memcpy(key, tdata->key.data, tdata->key.len);
- retval = create_gcm_xforms(ut_params->op,
+ retval = create_aead_xform(ut_params->op,
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5610,13 +5617,13 @@ test_AES_GCM_authenticated_encryption_sessionless(
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5625,13 +5632,13 @@ test_AES_GCM_authenticated_encryption_sessionless(
static int
test_AES_GCM_authenticated_encryption_sessionless_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption_sessionless(
+ return test_authenticated_encryption_sessionless(
&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_decryption_sessionless(
- const struct gcm_test_data *tdata)
+test_authenticated_decryption_sessionless(
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5646,14 +5653,15 @@ test_AES_GCM_authenticated_decryption_sessionless(
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
- /* Create GCM xforms */
+ /* Create AEAD xform */
memcpy(key, tdata->key.data, tdata->key.len);
- retval = create_gcm_xforms(ut_params->op,
+ retval = create_aead_xform(ut_params->op,
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5686,18 +5694,18 @@ test_AES_GCM_authenticated_decryption_sessionless(
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_sessionless_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption_sessionless(
+ return test_authenticated_decryption_sessionless(
&gcm_test_case_5);
}
@@ -7406,8 +7414,8 @@ test_authenticated_decryption_fail_when_corruption(
}
static int
-create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
- const struct gcm_test_data *tdata,
+create_aead_operation_SGL(enum rte_crypto_aead_operation op,
+ const struct aead_test_data *tdata,
void *digest_mem, uint64_t digest_phys)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7468,7 +7476,7 @@ create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
#define SGL_MAX_NO 16
static int
-test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
+test_authenticated_encryption_SGL(const struct aead_test_data *tdata,
const int oop, uint32_t fragsz, uint32_t fragsz_oop)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7513,8 +7521,9 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
buf_oop = ut_params->obuf;
}
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -7643,8 +7652,8 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
tdata->plaintext.len);
}
- /* Create GCM opertaion */
- retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
+ /* Create AEAD operation */
+ retval = create_aead_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata, digest_mem, digest_phys);
if (retval < 0)
@@ -7678,7 +7687,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
ciphertext,
tdata->ciphertext.data,
fragsz,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
buf = ut_params->op->sym->m_src->next;
if (oop)
@@ -7695,7 +7704,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
ciphertext,
tdata->ciphertext.data + off,
to_trn_tbl[ecx],
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
off += to_trn_tbl[ecx++];
buf = buf->next;
@@ -7706,7 +7715,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
}
@@ -7717,21 +7726,21 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_400B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, OUT_OF_PLACE, 400, 400);
}
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_1500B_2000B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, OUT_OF_PLACE, 1500, 2000);
}
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_8, OUT_OF_PLACE, 400,
gcm_test_case_8.plaintext.len);
}
@@ -7740,7 +7749,7 @@ static int
test_AES_GCM_auth_encrypt_SGL_in_place_1500B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, IN_PLACE, 1500, 0);
}
diff --git a/test/test/test_cryptodev_gcm_test_vectors.h b/test/test/test_cryptodev_aead_test_vectors.h
similarity index 97%
rename from test/test/test_cryptodev_gcm_test_vectors.h
rename to test/test/test_cryptodev_aead_test_vectors.h
index 7879c35..f43285f 100644
--- a/test/test/test_cryptodev_gcm_test_vectors.h
+++ b/test/test/test_cryptodev_aead_test_vectors.h
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,23 +30,25 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef TEST_CRYPTODEV_GCM_TEST_VECTORS_H_
-#define TEST_CRYPTODEV_GCM_TEST_VECTORS_H_
+#ifndef TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_
+#define TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_
#define GMAC_LARGE_PLAINTEXT_LENGTH 65344
-#define GCM_MAX_AAD_LENGTH 65536
+#define MAX_AAD_LENGTH 65536
#define GCM_LARGE_AAD_LENGTH 65296
-static uint8_t gcm_aad_zero_text[GCM_MAX_AAD_LENGTH] = { 0 };
+static uint8_t gcm_aad_zero_text[MAX_AAD_LENGTH] = { 0 };
-static uint8_t gcm_aad_text[GCM_MAX_AAD_LENGTH] = {
+static uint8_t gcm_aad_text[MAX_AAD_LENGTH] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0x00, 0xf1, 0xe2, 0xd3, 0xc4, 0xb5, 0xa6, 0x97,
0x88, 0x79, 0x6a, 0x5b, 0x4c, 0x3d, 0x2e, 0x1f };
-struct gcm_test_data {
+struct aead_test_data {
+ enum rte_crypto_aead_algorithm algo;
+
struct {
uint8_t data[64];
unsigned len;
@@ -101,8 +103,9 @@ struct gmac_test_data {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_1 = {
+/** AES-GCM-128 Test Vectors */
+static const struct aead_test_data gcm_test_case_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -138,8 +141,8 @@ static const struct gcm_test_data gcm_test_case_1 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_2 = {
+static const struct aead_test_data gcm_test_case_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -176,8 +179,8 @@ static const struct gcm_test_data gcm_test_case_2 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_3 = {
+static const struct aead_test_data gcm_test_case_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -227,8 +230,8 @@ static const struct gcm_test_data gcm_test_case_3 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_4 = {
+static const struct aead_test_data gcm_test_case_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -282,8 +285,8 @@ static const struct gcm_test_data gcm_test_case_4 = {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_5 = {
+static const struct aead_test_data gcm_test_case_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -337,8 +340,8 @@ static const struct gcm_test_data gcm_test_case_5 = {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_6 = {
+static const struct aead_test_data gcm_test_case_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -392,8 +395,8 @@ static const struct gcm_test_data gcm_test_case_6 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_7 = {
+static const struct aead_test_data gcm_test_case_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -447,7 +450,8 @@ static const struct gcm_test_data gcm_test_case_7 = {
}
};
-static const struct gcm_test_data gcm_test_case_8 = {
+static const struct aead_test_data gcm_test_case_8 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -997,8 +1001,9 @@ static const struct gcm_test_data gcm_test_case_8 = {
}
};
-/** AES-192 Test Vectors */
-static const struct gcm_test_data gcm_test_case_192_1 = {
+/** AES-GCM-192 Test Vectors */
+static const struct aead_test_data gcm_test_case_192_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1035,7 +1040,8 @@ static const struct gcm_test_data gcm_test_case_192_1 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_2 = {
+static const struct aead_test_data gcm_test_case_192_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1079,7 +1085,8 @@ static const struct gcm_test_data gcm_test_case_192_2 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_3 = {
+static const struct aead_test_data gcm_test_case_192_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1134,7 +1141,8 @@ static const struct gcm_test_data gcm_test_case_192_3 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_4 = {
+static const struct aead_test_data gcm_test_case_192_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1189,7 +1197,8 @@ static const struct gcm_test_data gcm_test_case_192_4 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_5 = {
+static const struct aead_test_data gcm_test_case_192_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1244,7 +1253,8 @@ static const struct gcm_test_data gcm_test_case_192_5 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_6 = {
+static const struct aead_test_data gcm_test_case_192_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1299,7 +1309,8 @@ static const struct gcm_test_data gcm_test_case_192_6 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_7 = {
+static const struct aead_test_data gcm_test_case_192_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1354,8 +1365,9 @@ static const struct gcm_test_data gcm_test_case_192_7 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_1 = {
+/** AES-GCM-256 Test Vectors */
+static const struct aead_test_data gcm_test_case_256_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1390,8 +1402,8 @@ static const struct gcm_test_data gcm_test_case_256_1 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_2 = {
+static const struct aead_test_data gcm_test_case_256_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1430,8 +1442,8 @@ static const struct gcm_test_data gcm_test_case_256_2 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_3 = {
+static const struct aead_test_data gcm_test_case_256_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1482,8 +1494,8 @@ static const struct gcm_test_data gcm_test_case_256_3 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_4 = {
+static const struct aead_test_data gcm_test_case_256_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1535,8 +1547,8 @@ static const struct gcm_test_data gcm_test_case_256_4 = {
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_5 = {
+static const struct aead_test_data gcm_test_case_256_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1588,8 +1600,8 @@ static const struct gcm_test_data gcm_test_case_256_5 = {
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_6 = {
+static const struct aead_test_data gcm_test_case_256_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1640,8 +1652,8 @@ static const struct gcm_test_data gcm_test_case_256_6 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_7 = {
+static const struct aead_test_data gcm_test_case_256_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1692,8 +1704,9 @@ static const struct gcm_test_data gcm_test_case_256_7 = {
}
};
-/** variable AAD AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_aad_1 = {
+/** variable AAD AES-GCM-128 Test Vectors */
+static const struct aead_test_data gcm_test_case_aad_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1744,8 +1757,9 @@ static const struct gcm_test_data gcm_test_case_aad_1 = {
}
};
-/** variable AAD AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_aad_2 = {
+/** variable AAD AES-GCM-256 Test Vectors */
+static const struct aead_test_data gcm_test_case_aad_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -2567,7 +2581,7 @@ static const struct gmac_test_data gmac_test_case_4 = {
}
};
-static const struct gcm_test_data gcm_test_case_SGL_1 = {
+static const struct aead_test_data gcm_test_case_SGL_1 = {
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -3384,4 +3398,4 @@ static const struct gcm_test_data gcm_test_case_SGL_1 = {
}
};
-#endif /* TEST_CRYPTODEV_GCM_TEST_VECTORS_H_ */
+#endif /* TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_ */
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 3b57e6d..5e35c28 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -41,7 +41,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_gcm_test_vectors.h"
+#include "test_cryptodev_aead_test_vectors.h"
#define AES_CIPHER_IV_LENGTH 16
#define TRIPLE_DES_CIPHER_IV_LENGTH 8
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH 2/4] crypto/openssl: init GCM key at session creation
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 1/4] crypto/openssl: fix AEAD parameters Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH] test/crypto: rename GCM test code Pablo de Lara
@ 2017-08-18 8:07 ` Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 3/4] test/crypto: rename GCM test code Pablo de Lara
` (2 subsequent siblings)
5 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-08-18 8:07 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
When creating a session for AES-GCM, since the key is going
to be constant, the OpenSSL context can initialize the key
at that moment, leaving the setting of the IV for the
operation handling.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 208 +++++++++++++++++++------------
1 file changed, 128 insertions(+), 80 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 2bc1570..780bf66 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -278,6 +278,100 @@ get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
return res;
}
+/* Set session AEAD encryption parameters */
+static int
+openssl_set_sess_aead_enc_param(struct openssl_session *sess,
+ enum rte_crypto_aead_algorithm algo,
+ uint8_t tag_len, uint8_t *key)
+{
+ int iv_type = 0;
+
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
+
+ /* Select AEAD algo */
+ switch (algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ iv_type = EVP_CTRL_GCM_SET_IVLEN;
+ if (tag_len != 16)
+ return -EINVAL;
+ break;
+ default:
+ return -ENOTSUP;
+ }
+
+ sess->cipher.mode = OPENSSL_CIPHER_LIB;
+ sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+ if (get_aead_algo(algo, sess->cipher.key.length,
+ &sess->cipher.evp_algo) != 0)
+ return -EINVAL;
+
+ get_cipher_key(key, sess->cipher.key.length, sess->cipher.key.data);
+
+ sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+ if (EVP_EncryptInit_ex(sess->cipher.ctx, sess->cipher.evp_algo,
+ NULL, NULL, NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, iv_type, sess->iv.length,
+ NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_EncryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
+ return -EINVAL;
+
+ return 0;
+}
+
+/* Set session AEAD decryption parameters */
+static int
+openssl_set_sess_aead_dec_param(struct openssl_session *sess,
+ enum rte_crypto_aead_algorithm algo,
+ uint8_t tag_len, uint8_t *key)
+{
+ int iv_type = 0;
+
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
+
+ /* Select AEAD algo */
+ switch (algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ iv_type = EVP_CTRL_GCM_SET_IVLEN;
+ if (tag_len != 16)
+ return -EINVAL;
+ break;
+ default:
+ return -ENOTSUP;
+ }
+
+ sess->cipher.mode = OPENSSL_CIPHER_LIB;
+ sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+ if (get_aead_algo(algo, sess->cipher.key.length,
+ &sess->cipher.evp_algo) != 0)
+ return -EINVAL;
+
+ get_cipher_key(key, sess->cipher.key.length, sess->cipher.key.data);
+
+ sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+ if (EVP_DecryptInit_ex(sess->cipher.ctx, sess->cipher.evp_algo,
+ NULL, NULL, NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, iv_type,
+ sess->iv.length, NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_DecryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
+ return -EINVAL;
+
+ return 0;
+}
+
/** Set session cipher parameters */
static int
openssl_set_session_cipher_parameters(struct openssl_session *sess,
@@ -351,36 +445,31 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
sess->auth.operation = xform->auth.op;
sess->auth.algo = xform->auth.algo;
+ sess->auth.digest_length = xform->auth.digest_length;
+
/* Select auth algo */
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_AES_GMAC:
- sess->chain_order = OPENSSL_CHAIN_COMBINED;
-
- /* Set IV parameters */
- sess->iv.offset = xform->auth.iv.offset;
- sess->iv.length = xform->auth.iv.length;
-
/*
* OpenSSL requires GMAC to be a GCM operation
* with no cipher data length
*/
- sess->cipher.mode = OPENSSL_CIPHER_LIB;
- if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- else
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
-
sess->cipher.key.length = xform->auth.key.length;
- sess->cipher.ctx = EVP_CIPHER_CTX_new();
-
- if (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,
- sess->cipher.key.length,
- &sess->cipher.evp_algo) != 0)
- return -EINVAL;
- get_cipher_key(xform->auth.key.data, xform->auth.key.length,
- sess->cipher.key.data);
+ /* Set IV parameters */
+ sess->iv.offset = xform->auth.iv.offset;
+ sess->iv.length = xform->auth.iv.length;
+ if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
+ return openssl_set_sess_aead_enc_param(sess,
+ RTE_CRYPTO_AEAD_AES_GCM,
+ xform->auth.digest_length,
+ xform->auth.key.data);
+ else
+ return openssl_set_sess_aead_dec_param(sess,
+ RTE_CRYPTO_AEAD_AES_GCM,
+ xform->auth.digest_length,
+ xform->auth.key.data);
break;
case RTE_CRYPTO_AUTH_MD5:
@@ -415,8 +504,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
return -ENOTSUP;
}
- sess->auth.digest_length = xform->auth.digest_length;
-
return 0;
}
@@ -425,15 +512,6 @@ static int
openssl_set_session_aead_parameters(struct openssl_session *sess,
const struct rte_crypto_sym_xform *xform)
{
- /* Select cipher direction and auth operation */
- if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
- } else {
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
- sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
- }
-
/* Select cipher key */
sess->cipher.key.length = xform->aead.key.length;
@@ -441,30 +519,17 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
sess->iv.offset = xform->aead.iv.offset;
sess->iv.length = xform->aead.iv.length;
- /* Select auth algo */
- switch (xform->aead.algo) {
- case RTE_CRYPTO_AEAD_AES_GCM:
- sess->cipher.mode = OPENSSL_CIPHER_LIB;
- sess->aead_algo = xform->aead.algo;
- sess->cipher.ctx = EVP_CIPHER_CTX_new();
-
- if (get_aead_algo(sess->aead_algo, sess->cipher.key.length,
- &sess->cipher.evp_algo) != 0)
- return -EINVAL;
-
- get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
- sess->cipher.key.data);
-
- sess->chain_order = OPENSSL_CHAIN_COMBINED;
- break;
- default:
- return -ENOTSUP;
- }
-
sess->auth.aad_length = xform->aead.aad_length;
sess->auth.digest_length = xform->aead.digest_length;
- return 0;
+ sess->aead_algo = xform->aead.algo;
+ /* Select cipher direction */
+ if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+ return openssl_set_sess_aead_enc_param(sess, xform->aead.algo,
+ xform->aead.digest_length, xform->aead.key.data);
+ else
+ return openssl_set_sess_aead_dec_param(sess, xform->aead.algo,
+ xform->aead.digest_length, xform->aead.key.data);
}
/** Parse crypto xform chain and set private session parameters */
@@ -829,20 +894,13 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
/** Process auth/encription aes-gcm algorithm */
static int
process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
- int srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,
- uint8_t *key, uint8_t *dst, uint8_t *tag,
- EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
{
int len = 0, unused = 0;
uint8_t empty[] = {};
- if (EVP_EncryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0)
- goto process_auth_encryption_gcm_err;
-
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0)
- goto process_auth_encryption_gcm_err;
-
- if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
goto process_auth_encryption_gcm_err;
if (aadlen > 0)
@@ -873,23 +931,16 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
static int
process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
- int srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,
- uint8_t *key, uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *algo)
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
{
int len = 0, unused = 0;
uint8_t empty[] = {};
- if (EVP_DecryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0)
- goto process_auth_decryption_gcm_err;
-
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0)
- goto process_auth_decryption_gcm_err;
-
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) <= 0)
goto process_auth_decryption_gcm_err;
- if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
+ if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
goto process_auth_decryption_gcm_err;
if (aadlen > 0)
@@ -1035,7 +1086,7 @@ process_openssl_combined_op
{
/* cipher */
uint8_t *dst = NULL, *iv, *tag, *aad;
- int srclen, ivlen, aadlen, status = -1;
+ int srclen, aadlen, status = -1;
uint32_t offset;
/*
@@ -1049,7 +1100,6 @@ process_openssl_combined_op
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
- ivlen = sess->iv.length;
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
srclen = 0;
offset = op->sym->auth.data.offset;
@@ -1076,15 +1126,13 @@ process_openssl_combined_op
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_auth_encryption_gcm(
mbuf_src, offset, srclen,
- aad, aadlen, iv, ivlen, sess->cipher.key.data,
- dst, tag, sess->cipher.ctx,
- sess->cipher.evp_algo);
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
else
status = process_openssl_auth_decryption_gcm(
mbuf_src, offset, srclen,
- aad, aadlen, iv, ivlen, sess->cipher.key.data,
- dst, tag, sess->cipher.ctx,
- sess->cipher.evp_algo);
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
if (status != 0) {
if (status == (-EFAULT) &&
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH 3/4] test/crypto: rename GCM test code
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
` (2 preceding siblings ...)
2017-08-18 8:07 ` [dpdk-dev] [PATCH 2/4] crypto/openssl: init GCM key at session creation Pablo de Lara
@ 2017-08-18 8:07 ` Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 4/4] crypto/openssl: add AES-CCM support Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
5 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-08-18 8:07 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
Before adding AES-CCM tests, some test code used
for AES-GCM can be renamed, so it can be reused
for AES-CCM, as both need similar parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
test/test/test_cryptodev.c | 245 +++++++++++----------
...ectors.h => test_cryptodev_aead_test_vectors.h} | 115 +++++-----
test/test/test_cryptodev_perf.c | 2 +-
3 files changed, 193 insertions(+), 169 deletions(-)
rename test/test/{test_cryptodev_gcm_test_vectors.h => test_cryptodev_aead_test_vectors.h} (97%)
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index a4116c6..0b7ca47 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -58,7 +58,7 @@
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_zuc_test_vectors.h"
-#include "test_cryptodev_gcm_test_vectors.h"
+#include "test_cryptodev_aead_test_vectors.h"
#include "test_cryptodev_hmac_test_vectors.h"
static int gbl_driver_id;
@@ -4785,10 +4785,11 @@ test_3DES_cipheronly_openssl_all(void)
return TEST_SUCCESS;
}
-/* ***** AES-GCM Tests ***** */
+/* ***** AEAD algorithm Tests ***** */
static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
+create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
+ enum rte_crypto_aead_operation op,
const uint8_t *key, const uint8_t key_len,
const uint16_t aad_len, const uint8_t auth_len,
uint8_t iv_len)
@@ -4803,7 +4804,7 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
/* Setup AEAD Parameters */
ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
ut_params->aead_xform.next = NULL;
- ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ ut_params->aead_xform.aead.algo = algo;
ut_params->aead_xform.aead.op = op;
ut_params->aead_xform.aead.key.data = aead_key;
ut_params->aead_xform.aead.key.length = key_len;
@@ -4827,7 +4828,8 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
}
static int
-create_gcm_xforms(struct rte_crypto_op *op,
+create_aead_xform(struct rte_crypto_op *op,
+ enum rte_crypto_aead_algorithm algo,
enum rte_crypto_aead_operation aead_op,
uint8_t *key, const uint8_t key_len,
const uint8_t aad_len, const uint8_t auth_len,
@@ -4841,7 +4843,7 @@ create_gcm_xforms(struct rte_crypto_op *op,
/* Setup AEAD Parameters */
sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
sym_op->xform->next = NULL;
- sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ sym_op->xform->aead.algo = algo;
sym_op->xform->aead.op = aead_op;
sym_op->xform->aead.key.data = key;
sym_op->xform->aead.key.length = key_len;
@@ -4856,8 +4858,8 @@ create_gcm_xforms(struct rte_crypto_op *op,
}
static int
-create_gcm_operation(enum rte_crypto_aead_operation op,
- const struct gcm_test_data *tdata)
+create_aead_operation(enum rte_crypto_aead_operation op,
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -4976,7 +4978,7 @@ create_gcm_operation(enum rte_crypto_aead_operation op,
}
static int
-test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
+test_authenticated_encryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -4986,8 +4988,9 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
uint16_t plaintext_pad_len;
uint32_t i;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -4998,7 +5001,7 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
/* Populate full size of add data */
- for (i = 32; i < GCM_MAX_AAD_LENGTH; i += 32)
+ for (i = 32; i < MAX_AAD_LENGTH; i += 32)
memcpy(&tdata->aad.data[i], &tdata->aad.data[0], 32);
} else
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5007,8 +5010,8 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
@@ -5045,13 +5048,13 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5060,143 +5063,143 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
static int
test_AES_GCM_authenticated_encryption_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_1);
+ return test_authenticated_encryption(&gcm_test_case_1);
}
static int
test_AES_GCM_authenticated_encryption_test_case_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_2);
+ return test_authenticated_encryption(&gcm_test_case_2);
}
static int
test_AES_GCM_authenticated_encryption_test_case_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_3);
+ return test_authenticated_encryption(&gcm_test_case_3);
}
static int
test_AES_GCM_authenticated_encryption_test_case_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_4);
+ return test_authenticated_encryption(&gcm_test_case_4);
}
static int
test_AES_GCM_authenticated_encryption_test_case_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_5);
+ return test_authenticated_encryption(&gcm_test_case_5);
}
static int
test_AES_GCM_authenticated_encryption_test_case_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_6);
+ return test_authenticated_encryption(&gcm_test_case_6);
}
static int
test_AES_GCM_authenticated_encryption_test_case_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_7);
+ return test_authenticated_encryption(&gcm_test_case_7);
}
static int
test_AES_GCM_auth_encryption_test_case_192_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_1);
+ return test_authenticated_encryption(&gcm_test_case_192_1);
}
static int
test_AES_GCM_auth_encryption_test_case_192_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_2);
+ return test_authenticated_encryption(&gcm_test_case_192_2);
}
static int
test_AES_GCM_auth_encryption_test_case_192_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_3);
+ return test_authenticated_encryption(&gcm_test_case_192_3);
}
static int
test_AES_GCM_auth_encryption_test_case_192_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_4);
+ return test_authenticated_encryption(&gcm_test_case_192_4);
}
static int
test_AES_GCM_auth_encryption_test_case_192_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_5);
+ return test_authenticated_encryption(&gcm_test_case_192_5);
}
static int
test_AES_GCM_auth_encryption_test_case_192_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_6);
+ return test_authenticated_encryption(&gcm_test_case_192_6);
}
static int
test_AES_GCM_auth_encryption_test_case_192_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_7);
+ return test_authenticated_encryption(&gcm_test_case_192_7);
}
static int
test_AES_GCM_auth_encryption_test_case_256_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_1);
+ return test_authenticated_encryption(&gcm_test_case_256_1);
}
static int
test_AES_GCM_auth_encryption_test_case_256_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_2);
+ return test_authenticated_encryption(&gcm_test_case_256_2);
}
static int
test_AES_GCM_auth_encryption_test_case_256_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_3);
+ return test_authenticated_encryption(&gcm_test_case_256_3);
}
static int
test_AES_GCM_auth_encryption_test_case_256_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_4);
+ return test_authenticated_encryption(&gcm_test_case_256_4);
}
static int
test_AES_GCM_auth_encryption_test_case_256_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_5);
+ return test_authenticated_encryption(&gcm_test_case_256_5);
}
static int
test_AES_GCM_auth_encryption_test_case_256_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_6);
+ return test_authenticated_encryption(&gcm_test_case_256_6);
}
static int
test_AES_GCM_auth_encryption_test_case_256_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_7);
+ return test_authenticated_encryption(&gcm_test_case_256_7);
}
static int
test_AES_GCM_auth_encryption_test_case_aad_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_aad_1);
+ return test_authenticated_encryption(&gcm_test_case_aad_1);
}
static int
test_AES_GCM_auth_encryption_test_case_aad_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_aad_2);
+ return test_authenticated_encryption(&gcm_test_case_aad_2);
}
static int
-test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
+test_authenticated_decryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5205,8 +5208,9 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
uint8_t *plaintext;
uint32_t i;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5218,7 +5222,7 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
/* Populate full size of add data */
- for (i = 32; i < GCM_MAX_AAD_LENGTH; i += 32)
+ for (i = 32; i < MAX_AAD_LENGTH; i += 32)
memcpy(&tdata->aad.data[i], &tdata->aad.data[0], 32);
} else
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5226,8 +5230,8 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
@@ -5257,154 +5261,154 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_1);
+ return test_authenticated_decryption(&gcm_test_case_1);
}
static int
test_AES_GCM_authenticated_decryption_test_case_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_2);
+ return test_authenticated_decryption(&gcm_test_case_2);
}
static int
test_AES_GCM_authenticated_decryption_test_case_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_3);
+ return test_authenticated_decryption(&gcm_test_case_3);
}
static int
test_AES_GCM_authenticated_decryption_test_case_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_4);
+ return test_authenticated_decryption(&gcm_test_case_4);
}
static int
test_AES_GCM_authenticated_decryption_test_case_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_5);
+ return test_authenticated_decryption(&gcm_test_case_5);
}
static int
test_AES_GCM_authenticated_decryption_test_case_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_6);
+ return test_authenticated_decryption(&gcm_test_case_6);
}
static int
test_AES_GCM_authenticated_decryption_test_case_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_7);
+ return test_authenticated_decryption(&gcm_test_case_7);
}
static int
test_AES_GCM_auth_decryption_test_case_192_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_1);
+ return test_authenticated_decryption(&gcm_test_case_192_1);
}
static int
test_AES_GCM_auth_decryption_test_case_192_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_2);
+ return test_authenticated_decryption(&gcm_test_case_192_2);
}
static int
test_AES_GCM_auth_decryption_test_case_192_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_3);
+ return test_authenticated_decryption(&gcm_test_case_192_3);
}
static int
test_AES_GCM_auth_decryption_test_case_192_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_4);
+ return test_authenticated_decryption(&gcm_test_case_192_4);
}
static int
test_AES_GCM_auth_decryption_test_case_192_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_5);
+ return test_authenticated_decryption(&gcm_test_case_192_5);
}
static int
test_AES_GCM_auth_decryption_test_case_192_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_6);
+ return test_authenticated_decryption(&gcm_test_case_192_6);
}
static int
test_AES_GCM_auth_decryption_test_case_192_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_7);
+ return test_authenticated_decryption(&gcm_test_case_192_7);
}
static int
test_AES_GCM_auth_decryption_test_case_256_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_1);
+ return test_authenticated_decryption(&gcm_test_case_256_1);
}
static int
test_AES_GCM_auth_decryption_test_case_256_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_2);
+ return test_authenticated_decryption(&gcm_test_case_256_2);
}
static int
test_AES_GCM_auth_decryption_test_case_256_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_3);
+ return test_authenticated_decryption(&gcm_test_case_256_3);
}
static int
test_AES_GCM_auth_decryption_test_case_256_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_4);
+ return test_authenticated_decryption(&gcm_test_case_256_4);
}
static int
test_AES_GCM_auth_decryption_test_case_256_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_5);
+ return test_authenticated_decryption(&gcm_test_case_256_5);
}
static int
test_AES_GCM_auth_decryption_test_case_256_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_6);
+ return test_authenticated_decryption(&gcm_test_case_256_6);
}
static int
test_AES_GCM_auth_decryption_test_case_256_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_7);
+ return test_authenticated_decryption(&gcm_test_case_256_7);
}
static int
test_AES_GCM_auth_decryption_test_case_aad_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_aad_1);
+ return test_authenticated_decryption(&gcm_test_case_aad_1);
}
static int
test_AES_GCM_auth_decryption_test_case_aad_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_aad_2);
+ return test_authenticated_decryption(&gcm_test_case_aad_2);
}
static int
-test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
+test_authenticated_encryption_oop(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5413,8 +5417,9 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
uint8_t *ciphertext, *auth_tag;
uint16_t plaintext_pad_len;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5431,8 +5436,8 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->obuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
@@ -5462,13 +5467,13 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5477,11 +5482,11 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
static int
test_AES_GCM_authenticated_encryption_oop_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption_oop(&gcm_test_case_5);
+ return test_authenticated_encryption_oop(&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
+test_authenticated_decryption_oop(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5489,8 +5494,9 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
int retval;
uint8_t *plaintext;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5507,8 +5513,8 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->obuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
@@ -5534,23 +5540,23 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_oop_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption_oop(&gcm_test_case_5);
+ return test_authenticated_decryption_oop(&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_encryption_sessionless(
- const struct gcm_test_data *tdata)
+test_authenticated_encryption_sessionless(
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5566,14 +5572,15 @@ test_AES_GCM_authenticated_encryption_sessionless(
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
- /* Create GCM xforms */
+ /* Create GCM xform */
memcpy(key, tdata->key.data, tdata->key.len);
- retval = create_gcm_xforms(ut_params->op,
+ retval = create_aead_xform(ut_params->op,
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5610,13 +5617,13 @@ test_AES_GCM_authenticated_encryption_sessionless(
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5625,13 +5632,13 @@ test_AES_GCM_authenticated_encryption_sessionless(
static int
test_AES_GCM_authenticated_encryption_sessionless_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption_sessionless(
+ return test_authenticated_encryption_sessionless(
&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_decryption_sessionless(
- const struct gcm_test_data *tdata)
+test_authenticated_decryption_sessionless(
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5646,14 +5653,15 @@ test_AES_GCM_authenticated_decryption_sessionless(
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
- /* Create GCM xforms */
+ /* Create AEAD xform */
memcpy(key, tdata->key.data, tdata->key.len);
- retval = create_gcm_xforms(ut_params->op,
+ retval = create_aead_xform(ut_params->op,
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5686,18 +5694,18 @@ test_AES_GCM_authenticated_decryption_sessionless(
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_sessionless_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption_sessionless(
+ return test_authenticated_decryption_sessionless(
&gcm_test_case_5);
}
@@ -7406,8 +7414,8 @@ test_authenticated_decryption_fail_when_corruption(
}
static int
-create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
- const struct gcm_test_data *tdata,
+create_aead_operation_SGL(enum rte_crypto_aead_operation op,
+ const struct aead_test_data *tdata,
void *digest_mem, uint64_t digest_phys)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7468,7 +7476,7 @@ create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
#define SGL_MAX_NO 16
static int
-test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
+test_authenticated_encryption_SGL(const struct aead_test_data *tdata,
const int oop, uint32_t fragsz, uint32_t fragsz_oop)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7513,8 +7521,9 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
buf_oop = ut_params->obuf;
}
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -7643,8 +7652,8 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
tdata->plaintext.len);
}
- /* Create GCM opertaion */
- retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
+ /* Create AEAD operation */
+ retval = create_aead_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata, digest_mem, digest_phys);
if (retval < 0)
@@ -7678,7 +7687,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
ciphertext,
tdata->ciphertext.data,
fragsz,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
buf = ut_params->op->sym->m_src->next;
if (oop)
@@ -7695,7 +7704,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
ciphertext,
tdata->ciphertext.data + off,
to_trn_tbl[ecx],
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
off += to_trn_tbl[ecx++];
buf = buf->next;
@@ -7706,7 +7715,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
}
@@ -7717,21 +7726,21 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_400B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, OUT_OF_PLACE, 400, 400);
}
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_1500B_2000B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, OUT_OF_PLACE, 1500, 2000);
}
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_8, OUT_OF_PLACE, 400,
gcm_test_case_8.plaintext.len);
}
@@ -7740,7 +7749,7 @@ static int
test_AES_GCM_auth_encrypt_SGL_in_place_1500B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, IN_PLACE, 1500, 0);
}
diff --git a/test/test/test_cryptodev_gcm_test_vectors.h b/test/test/test_cryptodev_aead_test_vectors.h
similarity index 97%
rename from test/test/test_cryptodev_gcm_test_vectors.h
rename to test/test/test_cryptodev_aead_test_vectors.h
index 7879c35..e9f13dd 100644
--- a/test/test/test_cryptodev_gcm_test_vectors.h
+++ b/test/test/test_cryptodev_aead_test_vectors.h
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,23 +30,25 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef TEST_CRYPTODEV_GCM_TEST_VECTORS_H_
-#define TEST_CRYPTODEV_GCM_TEST_VECTORS_H_
+#ifndef TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_
+#define TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_
#define GMAC_LARGE_PLAINTEXT_LENGTH 65344
-#define GCM_MAX_AAD_LENGTH 65536
+#define MAX_AAD_LENGTH 65536
#define GCM_LARGE_AAD_LENGTH 65296
-static uint8_t gcm_aad_zero_text[GCM_MAX_AAD_LENGTH] = { 0 };
+static uint8_t gcm_aad_zero_text[MAX_AAD_LENGTH] = { 0 };
-static uint8_t gcm_aad_text[GCM_MAX_AAD_LENGTH] = {
+static uint8_t gcm_aad_text[MAX_AAD_LENGTH] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0x00, 0xf1, 0xe2, 0xd3, 0xc4, 0xb5, 0xa6, 0x97,
0x88, 0x79, 0x6a, 0x5b, 0x4c, 0x3d, 0x2e, 0x1f };
-struct gcm_test_data {
+struct aead_test_data {
+ enum rte_crypto_aead_algorithm algo;
+
struct {
uint8_t data[64];
unsigned len;
@@ -101,8 +103,9 @@ struct gmac_test_data {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_1 = {
+/** AES-GCM-128 Test Vectors */
+static const struct aead_test_data gcm_test_case_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -138,8 +141,8 @@ static const struct gcm_test_data gcm_test_case_1 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_2 = {
+static const struct aead_test_data gcm_test_case_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -176,8 +179,8 @@ static const struct gcm_test_data gcm_test_case_2 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_3 = {
+static const struct aead_test_data gcm_test_case_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -227,8 +230,8 @@ static const struct gcm_test_data gcm_test_case_3 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_4 = {
+static const struct aead_test_data gcm_test_case_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -282,8 +285,8 @@ static const struct gcm_test_data gcm_test_case_4 = {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_5 = {
+static const struct aead_test_data gcm_test_case_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -337,8 +340,8 @@ static const struct gcm_test_data gcm_test_case_5 = {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_6 = {
+static const struct aead_test_data gcm_test_case_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -392,8 +395,8 @@ static const struct gcm_test_data gcm_test_case_6 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_7 = {
+static const struct aead_test_data gcm_test_case_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -447,7 +450,8 @@ static const struct gcm_test_data gcm_test_case_7 = {
}
};
-static const struct gcm_test_data gcm_test_case_8 = {
+static const struct aead_test_data gcm_test_case_8 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -997,8 +1001,9 @@ static const struct gcm_test_data gcm_test_case_8 = {
}
};
-/** AES-192 Test Vectors */
-static const struct gcm_test_data gcm_test_case_192_1 = {
+/** AES-GCM-192 Test Vectors */
+static const struct aead_test_data gcm_test_case_192_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1035,7 +1040,8 @@ static const struct gcm_test_data gcm_test_case_192_1 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_2 = {
+static const struct aead_test_data gcm_test_case_192_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1079,7 +1085,8 @@ static const struct gcm_test_data gcm_test_case_192_2 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_3 = {
+static const struct aead_test_data gcm_test_case_192_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1134,7 +1141,8 @@ static const struct gcm_test_data gcm_test_case_192_3 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_4 = {
+static const struct aead_test_data gcm_test_case_192_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1189,7 +1197,8 @@ static const struct gcm_test_data gcm_test_case_192_4 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_5 = {
+static const struct aead_test_data gcm_test_case_192_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1244,7 +1253,8 @@ static const struct gcm_test_data gcm_test_case_192_5 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_6 = {
+static const struct aead_test_data gcm_test_case_192_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1299,7 +1309,8 @@ static const struct gcm_test_data gcm_test_case_192_6 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_7 = {
+static const struct aead_test_data gcm_test_case_192_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1354,8 +1365,9 @@ static const struct gcm_test_data gcm_test_case_192_7 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_1 = {
+/** AES-GCM-256 Test Vectors */
+static const struct aead_test_data gcm_test_case_256_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1390,8 +1402,8 @@ static const struct gcm_test_data gcm_test_case_256_1 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_2 = {
+static const struct aead_test_data gcm_test_case_256_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1430,8 +1442,8 @@ static const struct gcm_test_data gcm_test_case_256_2 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_3 = {
+static const struct aead_test_data gcm_test_case_256_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1482,8 +1494,8 @@ static const struct gcm_test_data gcm_test_case_256_3 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_4 = {
+static const struct aead_test_data gcm_test_case_256_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1535,8 +1547,8 @@ static const struct gcm_test_data gcm_test_case_256_4 = {
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_5 = {
+static const struct aead_test_data gcm_test_case_256_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1588,8 +1600,8 @@ static const struct gcm_test_data gcm_test_case_256_5 = {
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_6 = {
+static const struct aead_test_data gcm_test_case_256_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1640,8 +1652,8 @@ static const struct gcm_test_data gcm_test_case_256_6 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_7 = {
+static const struct aead_test_data gcm_test_case_256_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1692,8 +1704,9 @@ static const struct gcm_test_data gcm_test_case_256_7 = {
}
};
-/** variable AAD AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_aad_1 = {
+/** variable AAD AES-GCM-128 Test Vectors */
+static const struct aead_test_data gcm_test_case_aad_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1744,8 +1757,9 @@ static const struct gcm_test_data gcm_test_case_aad_1 = {
}
};
-/** variable AAD AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_aad_2 = {
+/** variable AAD AES-GCM-256 Test Vectors */
+static const struct aead_test_data gcm_test_case_aad_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -2567,7 +2581,8 @@ static const struct gmac_test_data gmac_test_case_4 = {
}
};
-static const struct gcm_test_data gcm_test_case_SGL_1 = {
+static const struct aead_test_data gcm_test_case_SGL_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -3384,4 +3399,4 @@ static const struct gcm_test_data gcm_test_case_SGL_1 = {
}
};
-#endif /* TEST_CRYPTODEV_GCM_TEST_VECTORS_H_ */
+#endif /* TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_ */
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 3b57e6d..5e35c28 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -41,7 +41,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_gcm_test_vectors.h"
+#include "test_cryptodev_aead_test_vectors.h"
#define AES_CIPHER_IV_LENGTH 16
#define TRIPLE_DES_CIPHER_IV_LENGTH 8
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH 4/4] crypto/openssl: add AES-CCM support
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
` (3 preceding siblings ...)
2017-08-18 8:07 ` [dpdk-dev] [PATCH 3/4] test/crypto: rename GCM test code Pablo de Lara
@ 2017-08-18 8:07 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
5 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-08-18 8:07 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
Add support to AES-CCM, for 128, 192 and 256-bit keys.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
doc/guides/cryptodevs/features/default.ini | 3 +
doc/guides/cryptodevs/features/openssl.ini | 3 +
doc/guides/cryptodevs/openssl.rst | 1 +
doc/guides/rel_notes/release_17_11.rst | 6 +
drivers/crypto/openssl/rte_openssl_pmd.c | 178 ++++++++++++++++++++++++---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 30 +++++
lib/librte_cryptodev/rte_crypto_sym.h | 9 +-
test/test/test_cryptodev.c | 170 ++++++++++++++++++++-----
test/test/test_cryptodev_aead_test_vectors.h | 136 ++++++++++++++++++++
9 files changed, 482 insertions(+), 54 deletions(-)
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 0926887..c98717a 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -68,3 +68,6 @@ ZUC EIA3 =
AES GCM (128) =
AES GCM (192) =
AES GCM (256) =
+AES CCM (128) =
+AES CCM (192) =
+AES CCM (256) =
diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index aeb2a50..385ec4e 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -45,3 +45,6 @@ AES GMAC = Y
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index f18a456..243ea36 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -67,6 +67,7 @@ Supported authentication algorithms:
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
Installation
diff --git a/doc/guides/rel_notes/release_17_11.rst b/doc/guides/rel_notes/release_17_11.rst
index 170f4f9..0d15046 100644
--- a/doc/guides/rel_notes/release_17_11.rst
+++ b/doc/guides/rel_notes/release_17_11.rst
@@ -41,6 +41,12 @@ New Features
Also, make sure to start the actual text at the margin.
=========================================================
+* **Updated the OpenSSL PMD.**
+
+ The OpenSSL PMD has been updated with additional support for:
+
+ * AES-CCM algorithm.
+
Resolved Issues
---------------
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 780bf66..3119501 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -267,6 +267,21 @@ get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
res = -EINVAL;
}
break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ switch (keylen) {
+ case 16:
+ *algo = EVP_aes_128_ccm();
+ break;
+ case 24:
+ *algo = EVP_aes_192_ccm();
+ break;
+ case 32:
+ *algo = EVP_aes_256_ccm();
+ break;
+ default:
+ res = -EINVAL;
+ }
+ break;
default:
res = -EINVAL;
break;
@@ -285,6 +300,7 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
uint8_t tag_len, uint8_t *key)
{
int iv_type = 0;
+ unsigned int do_ccm;
sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
@@ -295,6 +311,14 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
iv_type = EVP_CTRL_GCM_SET_IVLEN;
if (tag_len != 16)
return -EINVAL;
+ do_ccm = 0;
+ break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ iv_type = EVP_CTRL_CCM_SET_IVLEN;
+ /* Digest size can be 4, 6, 8, 10, 12, 14 or 16 bytes */
+ if (tag_len < 4 || tag_len > 16 || (tag_len & 1) == 1)
+ return -EINVAL;
+ do_ccm = 1;
break;
default:
return -ENOTSUP;
@@ -319,6 +343,10 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
NULL) <= 0)
return -EINVAL;
+ if (do_ccm)
+ EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, EVP_CTRL_CCM_SET_TAG,
+ tag_len, NULL);
+
if (EVP_EncryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
return -EINVAL;
@@ -332,6 +360,7 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,
uint8_t tag_len, uint8_t *key)
{
int iv_type = 0;
+ unsigned int do_ccm = 0;
sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
@@ -343,6 +372,13 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,
if (tag_len != 16)
return -EINVAL;
break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ iv_type = EVP_CTRL_CCM_SET_IVLEN;
+ /* Digest size can be 4, 6, 8, 10, 12, 14 or 16 bytes */
+ if (tag_len < 4 || tag_len > 16 || (tag_len & 1) == 1)
+ return -EINVAL;
+ do_ccm = 1;
+ break;
default:
return -ENOTSUP;
}
@@ -366,6 +402,10 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,
sess->iv.length, NULL) <= 0)
return -EINVAL;
+ if (do_ccm)
+ EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, EVP_CTRL_CCM_SET_TAG,
+ tag_len, NULL);
+
if (EVP_DecryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
return -EINVAL;
@@ -516,7 +556,16 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
sess->cipher.key.length = xform->aead.key.length;
/* Set IV parameters */
- sess->iv.offset = xform->aead.iv.offset;
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM)
+ /*
+ * For AES-CCM, the actual IV is placed
+ * one byte after the start of the IV field,
+ * according to the API.
+ */
+ sess->iv.offset = xform->aead.iv.offset + 1;
+ else
+ sess->iv.offset = xform->aead.iv.offset;
+
sess->iv.length = xform->aead.iv.length;
sess->auth.aad_length = xform->aead.aad_length;
@@ -891,7 +940,7 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
return -EINVAL;
}
-/** Process auth/encription aes-gcm algorithm */
+/** Process AES-GCM encrypt algorithm */
static int
process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
@@ -929,6 +978,48 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
return -EINVAL;
}
+/** Process AES-CCM encrypt algorithm */
+static int
+process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, uint8_t taglen, EVP_CIPHER_CTX *ctx)
+{
+ int len = 0;
+
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (EVP_EncryptUpdate(ctx, NULL, &len, NULL, srclen) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (aadlen > 0)
+ /*
+ * For AES-CCM, the actual AAD is placed
+ * 18 bytes after the start of the AAD field,
+ * according to the API.
+ */
+ if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (srclen > 0)
+ if (process_openssl_encryption_update(mbuf_src, offset, &dst,
+ srclen, ctx))
+ goto process_auth_encryption_ccm_err;
+
+ if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, taglen, tag) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ return 0;
+
+process_auth_encryption_ccm_err:
+ OPENSSL_LOG_ERR("Process openssl auth encryption ccm failed");
+ return -EINVAL;
+}
+
+/** Process AES-GCM decrypt algorithm */
static int
process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
@@ -957,16 +1048,52 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
goto process_auth_decryption_gcm_err;
if (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0)
- goto process_auth_decryption_gcm_final_err;
+ return -EFAULT;
return 0;
process_auth_decryption_gcm_err:
- OPENSSL_LOG_ERR("Process openssl auth description gcm failed");
+ OPENSSL_LOG_ERR("Process openssl auth decryption gcm failed");
return -EINVAL;
+}
-process_auth_decryption_gcm_final_err:
- return -EFAULT;
+/** Process AES-CCM decrypt algorithm */
+static int
+process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, uint8_t tag_len,
+ EVP_CIPHER_CTX *ctx)
+{
+ int len = 0;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_len, tag) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (EVP_DecryptUpdate(ctx, NULL, &len, NULL, srclen) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (aadlen > 0)
+ /*
+ * For AES-CCM, the actual AAD is placed
+ * 18 bytes after the start of the AAD field,
+ * according to the API.
+ */
+ if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (srclen > 0)
+ if (process_openssl_decryption_update(mbuf_src, offset, &dst,
+ srclen, ctx))
+ return -EFAULT;
+
+ return 0;
+
+process_auth_decryption_ccm_err:
+ OPENSSL_LOG_ERR("Process openssl auth decryption ccm failed");
+ return -EINVAL;
}
/** Process standard openssl auth algorithms */
@@ -1088,6 +1215,7 @@ process_openssl_combined_op
uint8_t *dst = NULL, *iv, *tag, *aad;
int srclen, aadlen, status = -1;
uint32_t offset;
+ uint8_t taglen;
/*
* Segmented destination buffer is not supported for
@@ -1123,16 +1251,34 @@ process_openssl_combined_op
offset + srclen);
}
- if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
- status = process_openssl_auth_encryption_gcm(
- mbuf_src, offset, srclen,
- aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
- else
- status = process_openssl_auth_decryption_gcm(
- mbuf_src, offset, srclen,
- aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ taglen = sess->auth.digest_length;
+
+ if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
+ sess->aead_algo == RTE_CRYPTO_AEAD_AES_GCM)
+ status = process_openssl_auth_encryption_gcm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
+ else
+ status = process_openssl_auth_encryption_ccm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, taglen, sess->cipher.ctx);
+
+ } else {
+ if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
+ sess->aead_algo == RTE_CRYPTO_AEAD_AES_GCM)
+ status = process_openssl_auth_decryption_gcm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
+ else
+ status = process_openssl_auth_decryption_ccm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, taglen, sess->cipher.ctx);
+ }
if (status != 0) {
if (status == (-EFAULT) &&
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 8cdd0b2..cccb7ca 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -362,6 +362,36 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ { /* AES CCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 2
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 7,
+ .max = 13,
+ .increment = 1
+ },
+ }, }
+ }, }
+ },
{ /* AES GMAC (AUTH) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 0ceaa91..880ebf7 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -160,9 +160,6 @@ struct rte_crypto_cipher_xform {
* Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
* 192 bits (24 bytes) or 256 bits (32 bytes).
*
- * For the CCM mode of operation, the only supported key length is 128
- * bits (16 bytes).
- *
* For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length
* should be set to the combined length of the encryption key and the
* keymask. Since the keymask and the encryption key are the same size,
@@ -427,7 +424,11 @@ struct rte_crypto_aead_xform {
uint16_t digest_length;
uint16_t aad_length;
- /**< The length of the additional authenticated data (AAD) in bytes. */
+ /**< The length of the additional authenticated data (AAD) in bytes.
+ * For CCM mode, this is the length of the actual AAD, even though
+ * it is required to reserve 18 bytes before the AAD and padding
+ * at the end of it, so a multiple of 16 bytes is allocated.
+ */
};
/** Crypto transformation types */
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0b7ca47..b5a2885 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4876,25 +4876,49 @@ create_aead_operation(enum rte_crypto_aead_operation op,
struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
/* Append aad data */
- aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
- sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
- aad_pad_len);
- TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
- "no room to append aad");
-
- sym_op->aead.aad.phys_addr =
- rte_pktmbuf_mtophys(ut_params->ibuf);
- memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
- TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
- tdata->aad.len);
-
- /* Append IV at the end of the crypto operation*/
- uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
- uint8_t *, IV_OFFSET);
-
- rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
- TEST_HEXDUMP(stdout, "iv:", iv_ptr,
- tdata->iv.len);
+ if (tdata->algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len + 18, 16);
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ aad_pad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to append aad");
+
+ sym_op->aead.aad.phys_addr =
+ rte_pktmbuf_mtophys(ut_params->ibuf);
+ /* Copy AAD 18 bytes after the AAD pointer, according to the API */
+ memcpy(sym_op->aead.aad.data + 18, tdata->aad.data, tdata->aad.len);
+ TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
+ tdata->aad.len);
+
+ /* Append IV at the end of the crypto operation*/
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
+
+ /* Copy IV 1 byte after the IV pointer, according to the API */
+ rte_memcpy(iv_ptr + 1, tdata->iv.data, tdata->iv.len);
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr,
+ tdata->iv.len);
+ } else {
+ aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ aad_pad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to append aad");
+
+ sym_op->aead.aad.phys_addr =
+ rte_pktmbuf_mtophys(ut_params->ibuf);
+ memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
+ TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
+ tdata->aad.len);
+
+ /* Append IV at the end of the crypto operation*/
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
+
+ rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr,
+ tdata->iv.len);
+ }
/* Append plaintext/ciphertext */
if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
@@ -5710,6 +5734,42 @@ test_AES_GCM_authenticated_decryption_sessionless_test_case_1(void)
}
static int
+test_AES_CCM_authenticated_encryption_test_case_1(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_1);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_2(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_2);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_3(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_3);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_1(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_1);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_2(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_2);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_3(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_3);
+}
+
+static int
test_stats(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7423,7 +7483,7 @@ create_aead_operation_SGL(enum rte_crypto_aead_operation op,
const unsigned int auth_tag_len = tdata->auth_tag.len;
const unsigned int iv_len = tdata->iv.len;
- const unsigned int aad_len = tdata->aad.len;
+ unsigned int aad_len = tdata->aad.len;
/* Generate Crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -7448,24 +7508,50 @@ create_aead_operation_SGL(enum rte_crypto_aead_operation op,
auth_tag_len);
}
- uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
- uint8_t *, IV_OFFSET);
+ /* Append aad data */
+ if (tdata->algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
- rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
+ /* Copy IV 1 byte after the IV pointer, according to the API */
+ rte_memcpy(iv_ptr + 1, tdata->iv.data, iv_len);
- sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
- ut_params->ibuf, aad_len);
- TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
- "no room to prepend aad");
- sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
- ut_params->ibuf);
+ aad_len = RTE_ALIGN_CEIL(aad_len + 18, 16);
- memset(sym_op->aead.aad.data, 0, aad_len);
- rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+ ut_params->ibuf, aad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to prepend aad");
+ sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
+ ut_params->ibuf);
+
+ memset(sym_op->aead.aad.data, 0, aad_len);
+ /* Copy AAD 18 bytes after the AAD pointer, according to the API */
+ rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
+
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
+ TEST_HEXDUMP(stdout, "aad:",
+ sym_op->aead.aad.data, aad_len);
+ } else {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
- TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
- TEST_HEXDUMP(stdout, "aad:",
- sym_op->aead.aad.data, aad_len);
+ rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
+
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+ ut_params->ibuf, aad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to prepend aad");
+ sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
+ ut_params->ibuf);
+
+ memset(sym_op->aead.aad.data, 0, aad_len);
+ rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
+
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
+ TEST_HEXDUMP(stdout, "aad:",
+ sym_op->aead.aad.data, aad_len);
+ }
sym_op->aead.data.length = tdata->plaintext.len;
sym_op->aead.data.offset = aad_len;
@@ -8439,6 +8525,22 @@ static struct unit_test_suite cryptodev_openssl_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GMAC_authentication_verify_test_case_4),
+ /** AES CCM Authenticated Encryption */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_3),
+
+ /** AES CCM Authenticated Decryption */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_3),
+
/** Scatter-Gather */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg),
diff --git a/test/test/test_cryptodev_aead_test_vectors.h b/test/test/test_cryptodev_aead_test_vectors.h
index e9f13dd..3eccd69 100644
--- a/test/test/test_cryptodev_aead_test_vectors.h
+++ b/test/test/test_cryptodev_aead_test_vectors.h
@@ -45,6 +45,15 @@ static uint8_t gcm_aad_text[MAX_AAD_LENGTH] = {
0x00, 0xf1, 0xe2, 0xd3, 0xc4, 0xb5, 0xa6, 0x97,
0x88, 0x79, 0x6a, 0x5b, 0x4c, 0x3d, 0x2e, 0x1f };
+static uint8_t ccm_aad_test_1[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+};
+
+static uint8_t ccm_aad_test_2[22] = {
+ 0x08, 0x40, 0x0F, 0xD2, 0xE1, 0x28, 0xA5, 0x7C,
+ 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xAB, 0xAE,
+ 0xA5, 0xB8, 0xFC, 0xBA, 0x00, 0x00
+};
struct aead_test_data {
enum rte_crypto_aead_algorithm algo;
@@ -3399,4 +3408,131 @@ static const struct aead_test_data gcm_test_case_SGL_1 = {
}
};
+/** AES-CCM-128 Test Vectors */
+static const struct aead_test_data ccm_test_case_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
+ },
+ .len = 7
+ },
+ .aad = {
+ .data = ccm_aad_test_1,
+ .len = 8
+ },
+ .plaintext = {
+ .data = {
+ 0x20, 0x21, 0x22, 0x23
+ },
+ .len = 4
+ },
+ .ciphertext = {
+ .data = {
+ 0x71, 0x62, 0x01, 0x5b
+ },
+ .len = 4
+ },
+ .auth_tag = {
+ .data = {
+ 0x4d, 0xac, 0x25, 0x5d
+ },
+ .len = 4
+ }
+};
+
+static const struct aead_test_data ccm_test_case_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = ccm_aad_test_2,
+ .len = 22
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0xF3, 0xD0, 0xA2, 0xFE, 0x9A, 0x3D, 0xBF, 0x23,
+ 0x42, 0xA6, 0x43, 0xE4, 0x32, 0x46, 0xE8, 0x0C,
+ 0x3C, 0x04, 0xD0, 0x19
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x78, 0x45, 0xCE, 0x0B, 0x16, 0xF9, 0x76, 0x23
+ },
+ .len = 8
+ }
+};
+
+static const struct aead_test_data ccm_test_case_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = gcm_aad_zero_text,
+ .len = 0
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0xF3, 0xD0, 0xA2, 0xFE, 0x9A, 0x3D, 0xBF, 0x23,
+ 0x42, 0xA6, 0x43, 0xE4, 0x32, 0x46, 0xE8, 0x0C,
+ 0x3C, 0x04, 0xD0, 0x19
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x41, 0x83, 0x21, 0x89, 0xA3, 0xD3, 0x1B, 0x43
+ },
+ .len = 8
+ }
+};
#endif /* TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_ */
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [dpdk-dev] [PATCH] test/crypto: rename GCM test code
2017-08-18 8:07 ` [dpdk-dev] [PATCH] test/crypto: rename GCM test code Pablo de Lara
@ 2017-08-18 16:09 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 21+ messages in thread
From: De Lara Guarch, Pablo @ 2017-08-18 16:09 UTC (permalink / raw)
To: Doherty, Declan; +Cc: dev
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Friday, August 18, 2017 9:07 AM
> To: Doherty, Declan <declan.doherty@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH] test/crypto: rename GCM test code
>
> Before adding AES-CCM tests, some test code used for AES-GCM can be
> renamed, so it can be reused for AES-CCM, as both need similar parameters.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Self-NACK. This is already included in the patchset that I just sent.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
` (4 preceding siblings ...)
2017-08-18 8:07 ` [dpdk-dev] [PATCH 4/4] crypto/openssl: add AES-CCM support Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API " Pablo de Lara
` (10 more replies)
5 siblings, 11 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
AES-CCM support is added in the OpenSSL and QAT PMDs.
The PMDs and the test code have been reworked, to avoid duplications
with AES-GCM code, as both algorithms are quite similar (both are AEAD algorithms).
Also, an optimization for AES-GCM (and AES-CCM after the last patch)
has been introduced, initializing the OpenSSL Context with the key,
at session creation, instead of for each operation.
Changes in v2:
- Clarified API for AES-CCM
- Modified OpenSSL PMD and sample apps to comply with API
- Added support for AES-CCM in QAT
- Extended test cases for 192 and 256 bit keys
Arek Kusztal (1):
crypto/qat: add AES-CCM support
Pablo de Lara (8):
cryptodev: clarify API for AES-CCM
examples/l2fwd-crypto: add AES-CCM support
app/crypto-perf: add AES-CCM support
crypto/openssl: fix AEAD parameters
crypto/openssl: init GCM key at session creation
crypto/openssl: add AES-CCM support
test/crypto: rename GCM test code
test/crypto: add AES-CCM tests
app/test-crypto-perf/cperf_ops.c | 21 +-
app/test-crypto-perf/cperf_test_latency.c | 34 +-
app/test-crypto-perf/cperf_test_throughput.c | 34 +-
app/test-crypto-perf/cperf_test_verify.c | 35 +-
doc/guides/cryptodevs/features/default.ini | 3 +
doc/guides/cryptodevs/features/openssl.ini | 3 +
doc/guides/cryptodevs/openssl.rst | 1 +
doc/guides/rel_notes/release_17_11.rst | 6 +
drivers/crypto/openssl/rte_openssl_pmd.c | 375 +++++++++++----
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 30 ++
drivers/crypto/qat/qat_adf/icp_qat_hw.h | 20 +
drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 28 ++
drivers/crypto/qat/qat_crypto.c | 169 ++++++-
drivers/crypto/qat/qat_crypto_capabilities.h | 30 ++
examples/l2fwd-crypto/main.c | 44 +-
lib/librte_cryptodev/rte_crypto_sym.h | 34 +-
test/test/test_cryptodev.c | 535 +++++++++++++++------
...ectors.h => test_cryptodev_aead_test_vectors.h} | 516 ++++++++++++++++++--
test/test/test_cryptodev_perf.c | 2 +-
19 files changed, 1570 insertions(+), 350 deletions(-)
rename test/test/{test_cryptodev_gcm_test_vectors.h => test_cryptodev_aead_test_vectors.h} (92%)
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API for AES-CCM
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-10-09 9:57 ` Trahe, Fiona
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 2/9] examples/l2fwd-crypto: add AES-CCM support Pablo de Lara
` (9 subsequent siblings)
10 siblings, 1 reply; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
AES-CCM algorithm has some restrictions when
handling nonce (IV) and AAD information.
As the API stated, the nonce needs to be place 1 byte
after the start of the IV field. This field needs
to be 16 bytes long, regardless the length of the nonce,
but it is important to clarify that the first byte
and the padding added after the nonce may be modified
by the PMDs using this algorithm.
Same happens with the AAD. It needs to be placed 18 bytes
after the start of the AAD field. The field also needs
to be multiple of 16 bytes long and all memory reserved
(the first bytes and the padding (may be modified by the PMDs).
Lastly, nonce is not needed to be placed in the first 16 bytes
of the AAD, as the API stated, as that depends on the PMD
used, so the comment has been removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
lib/librte_cryptodev/rte_crypto_sym.h | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 0ceaa91..5f859ec 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -196,7 +196,9 @@ struct rte_crypto_cipher_xform {
* space for the implementation to write in the flags
* in the first byte). Note that a full 16 bytes should
* be allocated, even though the length field will
- * have a value less than this.
+ * have a value less than this. Note that the PMDs may
+ * modify the memory reserved (the first byte and the
+ * final padding)
*
* - For AES-XTS, this is the 128bit tweak, i, from
* IEEE Std 1619-2007.
@@ -555,20 +557,19 @@ struct rte_crypto_sym_op {
* Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM),
* the caller should setup this field as follows:
*
- * - the nonce should be written starting at an offset
- * of one byte into the array, leaving room for the
- * implementation to write in the flags to the first
- * byte.
- *
- * - the additional authentication data itself should
+ * - the additional authentication data itself should
* be written starting at an offset of 18 bytes into
- * the array, leaving room for the length encoding in
- * the first two bytes of the second block.
+ * the array, leaving room for the first block (16 bytes)
+ * and the length encoding in the first two bytes of the
+ * second block.
*
* - the array should be big enough to hold the above
- * fields, plus any padding to round this up to the
- * nearest multiple of the block size (16 bytes).
- * Padding will be added by the implementation.
+ * fields, plus any padding to round this up to the
+ * nearest multiple of the block size (16 bytes).
+ * Padding will be added by the implementation.
+ *
+ * - Note that PMDs may modify the memory reserved
+ * (first 18 bytes and the final padding).
*
* Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the
* caller should setup this field as follows:
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 2/9] examples/l2fwd-crypto: add AES-CCM support
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API " Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 3/9] app/crypto-perf: " Pablo de Lara
` (8 subsequent siblings)
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
examples/l2fwd-crypto/main.c | 44 +++++++++++++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 11 deletions(-)
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 17673a3..5aa71c8 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -86,6 +86,8 @@ enum cdev_type {
#define MAX_STR_LEN 32
#define MAX_KEY_SIZE 128
+#define MAX_IV_SIZE 16
+#define MAX_AAD_SIZE 65535
#define MAX_PKT_BURST 32
#define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
#define MAX_SESSIONS 32
@@ -534,7 +536,16 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
IV_OFFSET);
/* Copy IV at the end of the crypto operation */
- rte_memcpy(iv_ptr, cparams->aead_iv.data, cparams->aead_iv.length);
+ /*
+ * If doing AES-CCM, nonce is copied one byte
+ * after the start of IV field
+ */
+ if (cparams->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ rte_memcpy(iv_ptr + 1, cparams->aead_iv.data,
+ cparams->aead_iv.length);
+ else
+ rte_memcpy(iv_ptr, cparams->aead_iv.data,
+ cparams->aead_iv.length);
op->sym->aead.data.offset = ipdata_offset;
op->sym->aead.data.length = data_len;
@@ -796,6 +807,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
if (!options->aad_param)
generate_random_key(port_cparams[i].aad.data,
port_cparams[i].aad.length);
+ /*
+ * If doing AES-CCM, first 18 bytes has to be reserved,
+ * and actual AAD should start from byte 18
+ */
+ if (port_cparams[i].aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ memmove(port_cparams[i].aad.data + 18,
+ port_cparams[i].aad.data,
+ port_cparams[i].aad.length);
} else
port_cparams[i].aad.length = 0;
@@ -1081,16 +1100,16 @@ parse_cipher_op(enum rte_crypto_cipher_operation *op, char *optarg)
return -1;
}
-/** Parse crypto key command line argument */
+/** Parse bytes from command line argument */
static int
-parse_key(uint8_t *data, char *input_arg)
+parse_bytes(uint8_t *data, char *input_arg, uint16_t max_size)
{
unsigned byte_count;
char *token;
errno = 0;
for (byte_count = 0, token = strtok(input_arg, ":");
- (byte_count < MAX_KEY_SIZE) && (token != NULL);
+ (byte_count < max_size) && (token != NULL);
token = strtok(NULL, ":")) {
int number = (int)strtol(token, NULL, 16);
@@ -1230,7 +1249,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
options->ckey_param = 1;
options->cipher_xform.cipher.key.length =
- parse_key(options->cipher_xform.cipher.key.data, optarg);
+ parse_bytes(options->cipher_xform.cipher.key.data, optarg,
+ MAX_KEY_SIZE);
if (options->cipher_xform.cipher.key.length > 0)
return 0;
else
@@ -1243,7 +1263,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
options->cipher_iv_param = 1;
options->cipher_iv.length =
- parse_key(options->cipher_iv.data, optarg);
+ parse_bytes(options->cipher_iv.data, optarg, MAX_IV_SIZE);
if (options->cipher_iv.length > 0)
return 0;
else
@@ -1266,7 +1286,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
options->akey_param = 1;
options->auth_xform.auth.key.length =
- parse_key(options->auth_xform.auth.key.data, optarg);
+ parse_bytes(options->auth_xform.auth.key.data, optarg,
+ MAX_KEY_SIZE);
if (options->auth_xform.auth.key.length > 0)
return 0;
else
@@ -1280,7 +1301,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
options->auth_iv_param = 1;
options->auth_iv.length =
- parse_key(options->auth_iv.data, optarg);
+ parse_bytes(options->auth_iv.data, optarg, MAX_IV_SIZE);
if (options->auth_iv.length > 0)
return 0;
else
@@ -1303,7 +1324,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
options->aead_key_param = 1;
options->aead_xform.aead.key.length =
- parse_key(options->aead_xform.aead.key.data, optarg);
+ parse_bytes(options->aead_xform.aead.key.data, optarg,
+ MAX_KEY_SIZE);
if (options->aead_xform.aead.key.length > 0)
return 0;
else
@@ -1317,7 +1339,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
options->aead_iv_param = 1;
options->aead_iv.length =
- parse_key(options->aead_iv.data, optarg);
+ parse_bytes(options->aead_iv.data, optarg, MAX_IV_SIZE);
if (options->aead_iv.length > 0)
return 0;
else
@@ -1330,7 +1352,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
else if (strcmp(lgopts[option_index].name, "aad") == 0) {
options->aad_param = 1;
options->aad.length =
- parse_key(options->aad.data, optarg);
+ parse_bytes(options->aad.data, optarg, MAX_AAD_SIZE);
if (options->aad.length > 0)
return 0;
else
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 3/9] app/crypto-perf: add AES-CCM support
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API " Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 2/9] examples/l2fwd-crypto: add AES-CCM support Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 4/9] crypto/openssl: fix AEAD parameters Pablo de Lara
` (7 subsequent siblings)
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
app/test-crypto-perf/cperf_ops.c | 21 +++++++++++++++--
app/test-crypto-perf/cperf_test_latency.c | 34 +++++++++++++++++++++++----
app/test-crypto-perf/cperf_test_throughput.c | 34 +++++++++++++++++++++++----
app/test-crypto-perf/cperf_test_verify.c | 35 ++++++++++++++++++++++++----
4 files changed, 107 insertions(+), 17 deletions(-)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 88fb972..df579f8 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -318,7 +318,15 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
/* AEAD parameters */
sym_op->aead.data.length = options->test_buffer_size;
- sym_op->aead.data.offset =
+ /*
+ * If doing AES-CCM, first 18 bytes has to be reserved,
+ * and actual AAD should start from byte 18
+ */
+ if (options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ sym_op->aead.data.offset =
+ RTE_ALIGN_CEIL(options->aead_aad_sz + 18, 16);
+ else
+ sym_op->aead.data.offset =
RTE_ALIGN_CEIL(options->aead_aad_sz, 16);
sym_op->aead.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *);
@@ -358,8 +366,17 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i],
uint8_t *, iv_offset);
- memcpy(iv_ptr, test_vector->aead_iv.data,
+ /*
+ * If doing AES-CCM, nonce is copied one byte
+ * after the start of IV field
+ */
+ if (options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ memcpy(iv_ptr + 1, test_vector->aead_iv.data,
test_vector->aead_iv.length);
+ else
+ memcpy(iv_ptr, test_vector->aead_iv.data,
+ test_vector->aead_iv.length);
+
}
}
diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 58b21ab..0e21092 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -175,13 +175,29 @@ cperf_mbuf_create(struct rte_mempool *mempool,
}
if (options->op_type == CPERF_AEAD) {
- uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
- RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
+ /*
+ * If doing AES-CCM, first 18 bytes has to be reserved,
+ * and actual AAD should start from byte 18
+ */
+ if (options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ uint8_t *aad = (uint8_t *)rte_pktmbuf_prepend(mbuf,
+ RTE_ALIGN_CEIL(options->aead_aad_sz + 18, 16));
+
+ if (aad == NULL)
+ goto error;
+
+ memcpy(aad + 18, test_vector->aad.data,
+ test_vector->aad.length);
+ } else {
+ uint8_t *aad = (uint8_t *)rte_pktmbuf_prepend(mbuf,
+ RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
- if (aead == NULL)
- goto error;
+ if (aad == NULL)
+ goto error;
- memcpy(aead, test_vector->aad.data, test_vector->aad.length);
+ memcpy(aad, test_vector->aad.data,
+ test_vector->aad.length);
+ }
}
return mbuf;
@@ -293,6 +309,14 @@ cperf_latency_test_constructor(struct rte_mempool *sess_mp,
test_vector->cipher_iv.length +
test_vector->auth_iv.length +
test_vector->aead_iv.length;
+ /*
+ * If doing AES-CCM, 16 bytes need to be reserved,
+ * regardless the IV length
+ */
+ if (options->op_type == CPERF_AEAD &&
+ options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ priv_size = 16;
+
ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
512, priv_size, rte_socket_id());
diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
index 3bb1cb0..6f34708 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -159,13 +159,29 @@ cperf_mbuf_create(struct rte_mempool *mempool,
}
if (options->op_type == CPERF_AEAD) {
- uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
- RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
+ /*
+ * If doing AES-CCM, first 18 bytes has to be reserved,
+ * and actual AAD should start from byte 18
+ */
+ if (options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ uint8_t *aad = (uint8_t *)rte_pktmbuf_prepend(mbuf,
+ RTE_ALIGN_CEIL(options->aead_aad_sz + 18, 16));
+
+ if (aad == NULL)
+ goto error;
+
+ memcpy(aad + 18, test_vector->aad.data,
+ test_vector->aad.length);
+ } else {
+ uint8_t *aad = (uint8_t *)rte_pktmbuf_prepend(mbuf,
+ RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
- if (aead == NULL)
- goto error;
+ if (aad == NULL)
+ goto error;
- memcpy(aead, test_vector->aad.data, test_vector->aad.length);
+ memcpy(aad, test_vector->aad.data,
+ test_vector->aad.length);
+ }
}
return mbuf;
@@ -273,6 +289,14 @@ cperf_throughput_test_constructor(struct rte_mempool *sess_mp,
uint16_t priv_size = test_vector->cipher_iv.length +
test_vector->auth_iv.length + test_vector->aead_iv.length;
+ /*
+ * If doing AES-CCM, 16 bytes need to be reserved,
+ * regardless the IV length
+ */
+ if (options->op_type == CPERF_AEAD &&
+ options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ priv_size = 16;
+
ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
512, priv_size, rte_socket_id());
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index a314646..32818fe 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -163,13 +163,29 @@ cperf_mbuf_create(struct rte_mempool *mempool,
}
if (options->op_type == CPERF_AEAD) {
- uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf,
- RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
+ /*
+ * If doing AES-CCM, first 18 bytes has to be reserved,
+ * and actual AAD should start from byte 18
+ */
+ if (options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ uint8_t *aad = (uint8_t *)rte_pktmbuf_prepend(mbuf,
+ RTE_ALIGN_CEIL(options->aead_aad_sz + 18, 16));
- if (aead == NULL)
- goto error;
+ if (aad == NULL)
+ goto error;
+
+ memcpy(aad + 18, test_vector->aad.data,
+ test_vector->aad.length);
+ } else {
+ uint8_t *aad = (uint8_t *)rte_pktmbuf_prepend(mbuf,
+ RTE_ALIGN_CEIL(options->aead_aad_sz, 16));
- memcpy(aead, test_vector->aad.data, test_vector->aad.length);
+ if (aad == NULL)
+ goto error;
+
+ memcpy(aad, test_vector->aad.data,
+ test_vector->aad.length);
+ }
}
return mbuf;
@@ -276,6 +292,15 @@ cperf_verify_test_constructor(struct rte_mempool *sess_mp,
uint16_t priv_size = test_vector->cipher_iv.length +
test_vector->auth_iv.length + test_vector->aead_iv.length;
+
+ /*
+ * If doing AES-CCM, 16 bytes need to be reserved,
+ * regardless the IV length
+ */
+ if (options->op_type == CPERF_AEAD &&
+ options->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ priv_size = 16;
+
ctx->crypto_op_pool = rte_crypto_op_pool_create(pool_name,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, options->pool_sz,
512, priv_size, rte_socket_id());
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 4/9] crypto/openssl: fix AEAD parameters
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (2 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 3/9] app/crypto-perf: " Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 5/9] crypto/openssl: init GCM key at session creation Pablo de Lara
` (6 subsequent siblings)
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara, stable
When using AES-GCM with OpenSSL, cipher direction
and authentication operation were being set incorrectly,
as the PMD was looking at the cipher and authentication
transform, instead of the new AEAD.
Fixes: b79e4c00af0e ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 280148e..f89322d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -482,8 +482,15 @@ static int
openssl_set_session_aead_parameters(struct openssl_session *sess,
const struct rte_crypto_sym_xform *xform)
{
- /* Select cipher direction */
- sess->cipher.direction = xform->cipher.op;
+ /* Select cipher direction and auth operation */
+ if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
+ } else {
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
+ }
+
/* Select cipher key */
sess->cipher.key.length = xform->aead.key.length;
@@ -491,10 +498,6 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
sess->iv.offset = xform->aead.iv.offset;
sess->iv.length = xform->aead.iv.length;
- /* Select auth generate/verify */
- sess->auth.operation = xform->auth.op;
- sess->auth.algo = xform->auth.algo;
-
/* Select auth algo */
switch (xform->aead.algo) {
case RTE_CRYPTO_AEAD_AES_GCM:
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 5/9] crypto/openssl: init GCM key at session creation
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (3 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 4/9] crypto/openssl: fix AEAD parameters Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 6/9] crypto/openssl: add AES-CCM support Pablo de Lara
` (5 subsequent siblings)
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
When creating a session for AES-GCM, since the key is going
to be constant, the OpenSSL context can initialize the key
at that moment, leaving the setting of the IV for the
operation handling.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 208 +++++++++++++++++++------------
1 file changed, 128 insertions(+), 80 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index f89322d..b6ccd8b 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -298,6 +298,100 @@ get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
return res;
}
+/* Set session AEAD encryption parameters */
+static int
+openssl_set_sess_aead_enc_param(struct openssl_session *sess,
+ enum rte_crypto_aead_algorithm algo,
+ uint8_t tag_len, uint8_t *key)
+{
+ int iv_type = 0;
+
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
+
+ /* Select AEAD algo */
+ switch (algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ iv_type = EVP_CTRL_GCM_SET_IVLEN;
+ if (tag_len != 16)
+ return -EINVAL;
+ break;
+ default:
+ return -ENOTSUP;
+ }
+
+ sess->cipher.mode = OPENSSL_CIPHER_LIB;
+ sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+ if (get_aead_algo(algo, sess->cipher.key.length,
+ &sess->cipher.evp_algo) != 0)
+ return -EINVAL;
+
+ get_cipher_key(key, sess->cipher.key.length, sess->cipher.key.data);
+
+ sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+ if (EVP_EncryptInit_ex(sess->cipher.ctx, sess->cipher.evp_algo,
+ NULL, NULL, NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, iv_type, sess->iv.length,
+ NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_EncryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
+ return -EINVAL;
+
+ return 0;
+}
+
+/* Set session AEAD decryption parameters */
+static int
+openssl_set_sess_aead_dec_param(struct openssl_session *sess,
+ enum rte_crypto_aead_algorithm algo,
+ uint8_t tag_len, uint8_t *key)
+{
+ int iv_type = 0;
+
+ sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
+
+ /* Select AEAD algo */
+ switch (algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ iv_type = EVP_CTRL_GCM_SET_IVLEN;
+ if (tag_len != 16)
+ return -EINVAL;
+ break;
+ default:
+ return -ENOTSUP;
+ }
+
+ sess->cipher.mode = OPENSSL_CIPHER_LIB;
+ sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+ if (get_aead_algo(algo, sess->cipher.key.length,
+ &sess->cipher.evp_algo) != 0)
+ return -EINVAL;
+
+ get_cipher_key(key, sess->cipher.key.length, sess->cipher.key.data);
+
+ sess->chain_order = OPENSSL_CHAIN_COMBINED;
+
+ if (EVP_DecryptInit_ex(sess->cipher.ctx, sess->cipher.evp_algo,
+ NULL, NULL, NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, iv_type,
+ sess->iv.length, NULL) <= 0)
+ return -EINVAL;
+
+ if (EVP_DecryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
+ return -EINVAL;
+
+ return 0;
+}
+
/** Set session cipher parameters */
static int
openssl_set_session_cipher_parameters(struct openssl_session *sess,
@@ -404,36 +498,31 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
sess->auth.operation = xform->auth.op;
sess->auth.algo = xform->auth.algo;
+ sess->auth.digest_length = xform->auth.digest_length;
+
/* Select auth algo */
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_AES_GMAC:
- sess->chain_order = OPENSSL_CHAIN_COMBINED;
-
- /* Set IV parameters */
- sess->iv.offset = xform->auth.iv.offset;
- sess->iv.length = xform->auth.iv.length;
-
/*
* OpenSSL requires GMAC to be a GCM operation
* with no cipher data length
*/
- sess->cipher.mode = OPENSSL_CIPHER_LIB;
- if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- else
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
-
sess->cipher.key.length = xform->auth.key.length;
- sess->cipher.ctx = EVP_CIPHER_CTX_new();
- if (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,
- sess->cipher.key.length,
- &sess->cipher.evp_algo) != 0)
- return -EINVAL;
-
- get_cipher_key(xform->auth.key.data, xform->auth.key.length,
- sess->cipher.key.data);
+ /* Set IV parameters */
+ sess->iv.offset = xform->auth.iv.offset;
+ sess->iv.length = xform->auth.iv.length;
+ if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE)
+ return openssl_set_sess_aead_enc_param(sess,
+ RTE_CRYPTO_AEAD_AES_GCM,
+ xform->auth.digest_length,
+ xform->auth.key.data);
+ else
+ return openssl_set_sess_aead_dec_param(sess,
+ RTE_CRYPTO_AEAD_AES_GCM,
+ xform->auth.digest_length,
+ xform->auth.key.data);
break;
case RTE_CRYPTO_AUTH_MD5:
@@ -472,8 +561,6 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
return -ENOTSUP;
}
- sess->auth.digest_length = xform->auth.digest_length;
-
return 0;
}
@@ -482,15 +569,6 @@ static int
openssl_set_session_aead_parameters(struct openssl_session *sess,
const struct rte_crypto_sym_xform *xform)
{
- /* Select cipher direction and auth operation */
- if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
- } else {
- sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
- sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
- }
-
/* Select cipher key */
sess->cipher.key.length = xform->aead.key.length;
@@ -498,30 +576,17 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
sess->iv.offset = xform->aead.iv.offset;
sess->iv.length = xform->aead.iv.length;
- /* Select auth algo */
- switch (xform->aead.algo) {
- case RTE_CRYPTO_AEAD_AES_GCM:
- sess->cipher.mode = OPENSSL_CIPHER_LIB;
- sess->aead_algo = xform->aead.algo;
- sess->cipher.ctx = EVP_CIPHER_CTX_new();
-
- if (get_aead_algo(sess->aead_algo, sess->cipher.key.length,
- &sess->cipher.evp_algo) != 0)
- return -EINVAL;
-
- get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
- sess->cipher.key.data);
-
- sess->chain_order = OPENSSL_CHAIN_COMBINED;
- break;
- default:
- return -ENOTSUP;
- }
-
sess->auth.aad_length = xform->aead.aad_length;
sess->auth.digest_length = xform->aead.digest_length;
- return 0;
+ sess->aead_algo = xform->aead.algo;
+ /* Select cipher direction */
+ if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+ return openssl_set_sess_aead_enc_param(sess, xform->aead.algo,
+ xform->aead.digest_length, xform->aead.key.data);
+ else
+ return openssl_set_sess_aead_dec_param(sess, xform->aead.algo,
+ xform->aead.digest_length, xform->aead.key.data);
}
/** Parse crypto xform chain and set private session parameters */
@@ -884,20 +949,13 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
/** Process auth/encription aes-gcm algorithm */
static int
process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
- int srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,
- uint8_t *key, uint8_t *dst, uint8_t *tag,
- EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
{
int len = 0, unused = 0;
uint8_t empty[] = {};
- if (EVP_EncryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0)
- goto process_auth_encryption_gcm_err;
-
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0)
- goto process_auth_encryption_gcm_err;
-
- if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
goto process_auth_encryption_gcm_err;
if (aadlen > 0)
@@ -928,23 +986,16 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
static int
process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
- int srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,
- uint8_t *key, uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *algo)
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
{
int len = 0, unused = 0;
uint8_t empty[] = {};
- if (EVP_DecryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0)
- goto process_auth_decryption_gcm_err;
-
- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0)
- goto process_auth_decryption_gcm_err;
-
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) <= 0)
goto process_auth_decryption_gcm_err;
- if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
+ if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
goto process_auth_decryption_gcm_err;
if (aadlen > 0)
@@ -1089,7 +1140,7 @@ process_openssl_combined_op
{
/* cipher */
uint8_t *dst = NULL, *iv, *tag, *aad;
- int srclen, ivlen, aadlen, status = -1;
+ int srclen, aadlen, status = -1;
uint32_t offset;
/*
@@ -1103,7 +1154,6 @@ process_openssl_combined_op
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
- ivlen = sess->iv.length;
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
srclen = 0;
offset = op->sym->auth.data.offset;
@@ -1130,15 +1180,13 @@ process_openssl_combined_op
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_auth_encryption_gcm(
mbuf_src, offset, srclen,
- aad, aadlen, iv, ivlen, sess->cipher.key.data,
- dst, tag, sess->cipher.ctx,
- sess->cipher.evp_algo);
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
else
status = process_openssl_auth_decryption_gcm(
mbuf_src, offset, srclen,
- aad, aadlen, iv, ivlen, sess->cipher.key.data,
- dst, tag, sess->cipher.ctx,
- sess->cipher.evp_algo);
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
if (status != 0) {
if (status == (-EFAULT) &&
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 6/9] crypto/openssl: add AES-CCM support
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (4 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 5/9] crypto/openssl: init GCM key at session creation Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 7/9] crypto/qat: " Pablo de Lara
` (4 subsequent siblings)
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
Add support to AES-CCM, for 128, 192 and 256-bit keys.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
doc/guides/cryptodevs/features/default.ini | 3 +
doc/guides/cryptodevs/features/openssl.ini | 3 +
doc/guides/cryptodevs/openssl.rst | 1 +
doc/guides/rel_notes/release_17_11.rst | 6 +
drivers/crypto/openssl/rte_openssl_pmd.c | 178 ++++++++++++++++++++++++---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 30 +++++
lib/librte_cryptodev/rte_crypto_sym.h | 9 +-
7 files changed, 210 insertions(+), 20 deletions(-)
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 0926887..c98717a 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -68,3 +68,6 @@ ZUC EIA3 =
AES GCM (128) =
AES GCM (192) =
AES GCM (256) =
+AES CCM (128) =
+AES CCM (192) =
+AES CCM (256) =
diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index aeb2a50..385ec4e 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -45,3 +45,6 @@ AES GMAC = Y
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index 08cc9ba..1270dc1 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -67,6 +67,7 @@ Supported authentication algorithms:
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
Installation
diff --git a/doc/guides/rel_notes/release_17_11.rst b/doc/guides/rel_notes/release_17_11.rst
index ebb5021..63cd1b5 100644
--- a/doc/guides/rel_notes/release_17_11.rst
+++ b/doc/guides/rel_notes/release_17_11.rst
@@ -49,6 +49,12 @@ New Features
* Coalesce writes to HEAD CSR on response processing.
* Coalesce writes to TAIL CSR on request processing.
+* **Updated the OpenSSL PMD.**
+
+ The OpenSSL PMD has been updated with additional support for:
+
+ * AES-CCM algorithm.
+
* **Add new benchmarking mode to dpdk-test-crypto-perf application.**
Added new "PMD cyclecount" benchmark mode to dpdk-test-crypto-perf application
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index b6ccd8b..9993d89 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -287,6 +287,21 @@ get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
res = -EINVAL;
}
break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ switch (keylen) {
+ case 16:
+ *algo = EVP_aes_128_ccm();
+ break;
+ case 24:
+ *algo = EVP_aes_192_ccm();
+ break;
+ case 32:
+ *algo = EVP_aes_256_ccm();
+ break;
+ default:
+ res = -EINVAL;
+ }
+ break;
default:
res = -EINVAL;
break;
@@ -305,6 +320,7 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
uint8_t tag_len, uint8_t *key)
{
int iv_type = 0;
+ unsigned int do_ccm;
sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
@@ -315,6 +331,14 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
iv_type = EVP_CTRL_GCM_SET_IVLEN;
if (tag_len != 16)
return -EINVAL;
+ do_ccm = 0;
+ break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ iv_type = EVP_CTRL_CCM_SET_IVLEN;
+ /* Digest size can be 4, 6, 8, 10, 12, 14 or 16 bytes */
+ if (tag_len < 4 || tag_len > 16 || (tag_len & 1) == 1)
+ return -EINVAL;
+ do_ccm = 1;
break;
default:
return -ENOTSUP;
@@ -339,6 +363,10 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
NULL) <= 0)
return -EINVAL;
+ if (do_ccm)
+ EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, EVP_CTRL_CCM_SET_TAG,
+ tag_len, NULL);
+
if (EVP_EncryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
return -EINVAL;
@@ -352,6 +380,7 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,
uint8_t tag_len, uint8_t *key)
{
int iv_type = 0;
+ unsigned int do_ccm = 0;
sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
@@ -363,6 +392,13 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,
if (tag_len != 16)
return -EINVAL;
break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ iv_type = EVP_CTRL_CCM_SET_IVLEN;
+ /* Digest size can be 4, 6, 8, 10, 12, 14 or 16 bytes */
+ if (tag_len < 4 || tag_len > 16 || (tag_len & 1) == 1)
+ return -EINVAL;
+ do_ccm = 1;
+ break;
default:
return -ENOTSUP;
}
@@ -386,6 +422,10 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,
sess->iv.length, NULL) <= 0)
return -EINVAL;
+ if (do_ccm)
+ EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, EVP_CTRL_CCM_SET_TAG,
+ tag_len, NULL);
+
if (EVP_DecryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)
return -EINVAL;
@@ -573,7 +613,16 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
sess->cipher.key.length = xform->aead.key.length;
/* Set IV parameters */
- sess->iv.offset = xform->aead.iv.offset;
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM)
+ /*
+ * For AES-CCM, the actual IV is placed
+ * one byte after the start of the IV field,
+ * according to the API.
+ */
+ sess->iv.offset = xform->aead.iv.offset + 1;
+ else
+ sess->iv.offset = xform->aead.iv.offset;
+
sess->iv.length = xform->aead.iv.length;
sess->auth.aad_length = xform->aead.aad_length;
@@ -946,7 +995,7 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
return -EINVAL;
}
-/** Process auth/encription aes-gcm algorithm */
+/** Process AES-GCM encrypt algorithm */
static int
process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
@@ -984,6 +1033,48 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
return -EINVAL;
}
+/** Process AES-CCM encrypt algorithm */
+static int
+process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, uint8_t taglen, EVP_CIPHER_CTX *ctx)
+{
+ int len = 0;
+
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (EVP_EncryptUpdate(ctx, NULL, &len, NULL, srclen) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (aadlen > 0)
+ /*
+ * For AES-CCM, the actual AAD is placed
+ * 18 bytes after the start of the AAD field,
+ * according to the API.
+ */
+ if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (srclen > 0)
+ if (process_openssl_encryption_update(mbuf_src, offset, &dst,
+ srclen, ctx))
+ goto process_auth_encryption_ccm_err;
+
+ if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, taglen, tag) <= 0)
+ goto process_auth_encryption_ccm_err;
+
+ return 0;
+
+process_auth_encryption_ccm_err:
+ OPENSSL_LOG_ERR("Process openssl auth encryption ccm failed");
+ return -EINVAL;
+}
+
+/** Process AES-GCM decrypt algorithm */
static int
process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
@@ -1012,16 +1103,52 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
goto process_auth_decryption_gcm_err;
if (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0)
- goto process_auth_decryption_gcm_final_err;
+ return -EFAULT;
return 0;
process_auth_decryption_gcm_err:
- OPENSSL_LOG_ERR("Process openssl auth description gcm failed");
+ OPENSSL_LOG_ERR("Process openssl auth decryption gcm failed");
return -EINVAL;
+}
-process_auth_decryption_gcm_final_err:
- return -EFAULT;
+/** Process AES-CCM decrypt algorithm */
+static int
+process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+ int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
+ uint8_t *dst, uint8_t *tag, uint8_t tag_len,
+ EVP_CIPHER_CTX *ctx)
+{
+ int len = 0;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_len, tag) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (EVP_DecryptUpdate(ctx, NULL, &len, NULL, srclen) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (aadlen > 0)
+ /*
+ * For AES-CCM, the actual AAD is placed
+ * 18 bytes after the start of the AAD field,
+ * according to the API.
+ */
+ if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
+ goto process_auth_decryption_ccm_err;
+
+ if (srclen > 0)
+ if (process_openssl_decryption_update(mbuf_src, offset, &dst,
+ srclen, ctx))
+ return -EFAULT;
+
+ return 0;
+
+process_auth_decryption_ccm_err:
+ OPENSSL_LOG_ERR("Process openssl auth decryption ccm failed");
+ return -EINVAL;
}
/** Process standard openssl auth algorithms */
@@ -1142,6 +1269,7 @@ process_openssl_combined_op
uint8_t *dst = NULL, *iv, *tag, *aad;
int srclen, aadlen, status = -1;
uint32_t offset;
+ uint8_t taglen;
/*
* Segmented destination buffer is not supported for
@@ -1177,16 +1305,34 @@ process_openssl_combined_op
offset + srclen);
}
- if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
- status = process_openssl_auth_encryption_gcm(
- mbuf_src, offset, srclen,
- aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
- else
- status = process_openssl_auth_decryption_gcm(
- mbuf_src, offset, srclen,
- aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ taglen = sess->auth.digest_length;
+
+ if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
+ sess->aead_algo == RTE_CRYPTO_AEAD_AES_GCM)
+ status = process_openssl_auth_encryption_gcm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
+ else
+ status = process_openssl_auth_encryption_ccm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, taglen, sess->cipher.ctx);
+
+ } else {
+ if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
+ sess->aead_algo == RTE_CRYPTO_AEAD_AES_GCM)
+ status = process_openssl_auth_decryption_gcm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, sess->cipher.ctx);
+ else
+ status = process_openssl_auth_decryption_ccm(
+ mbuf_src, offset, srclen,
+ aad, aadlen, iv,
+ dst, tag, taglen, sess->cipher.ctx);
+ }
if (status != 0) {
if (status == (-EFAULT) &&
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 8cdd0b2..cccb7ca 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -362,6 +362,36 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ { /* AES CCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 2
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 7,
+ .max = 13,
+ .increment = 1
+ },
+ }, }
+ }, }
+ },
{ /* AES GMAC (AUTH) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 5f859ec..0a0ea59 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -160,9 +160,6 @@ struct rte_crypto_cipher_xform {
* Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
* 192 bits (24 bytes) or 256 bits (32 bytes).
*
- * For the CCM mode of operation, the only supported key length is 128
- * bits (16 bytes).
- *
* For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length
* should be set to the combined length of the encryption key and the
* keymask. Since the keymask and the encryption key are the same size,
@@ -429,7 +426,11 @@ struct rte_crypto_aead_xform {
uint16_t digest_length;
uint16_t aad_length;
- /**< The length of the additional authenticated data (AAD) in bytes. */
+ /**< The length of the additional authenticated data (AAD) in bytes.
+ * For CCM mode, this is the length of the actual AAD, even though
+ * it is required to reserve 18 bytes before the AAD and padding
+ * at the end of it, so a multiple of 16 bytes is allocated.
+ */
};
/** Crypto transformation types */
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 7/9] crypto/qat: add AES-CCM support
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (5 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 6/9] crypto/openssl: add AES-CCM support Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-10-09 9:55 ` Trahe, Fiona
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 8/9] test/crypto: rename GCM test code Pablo de Lara
` (3 subsequent siblings)
10 siblings, 1 reply; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Arek Kusztal
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
This patch adds AES-CCM AEAD cipher and hash algorithm to
Intel QuickAssist Technology driver.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/crypto/qat/qat_adf/icp_qat_hw.h | 20 +++
drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 28 ++++
drivers/crypto/qat/qat_crypto.c | 169 +++++++++++++++++++++--
drivers/crypto/qat/qat_crypto_capabilities.h | 30 ++++
4 files changed, 233 insertions(+), 14 deletions(-)
diff --git a/drivers/crypto/qat/qat_adf/icp_qat_hw.h b/drivers/crypto/qat/qat_adf/icp_qat_hw.h
index ebe245f..d03688c 100644
--- a/drivers/crypto/qat/qat_adf/icp_qat_hw.h
+++ b/drivers/crypto/qat/qat_adf/icp_qat_hw.h
@@ -301,6 +301,26 @@ enum icp_qat_hw_cipher_convert {
#define ICP_QAT_HW_CIPHER_MAX_KEY_SZ ICP_QAT_HW_AES_256_F8_KEY_SZ
+/* These defines describe position of the bit-fields
+ * in the flags byte in B0
+ */
+#define ICP_QAT_HW_CCM_B0_FLAGS_ADATA_SHIFT 6
+#define ICP_QAT_HW_CCM_B0_FLAGS_T_SHIFT 3
+
+#define ICP_QAT_HW_CCM_BUILD_B0_FLAGS(Adata, t, q) \
+ ((((Adata) > 0 ? 1 : 0) << ICP_QAT_HW_CCM_B0_FLAGS_ADATA_SHIFT) \
+ | ((((t) - 2) >> 1) << ICP_QAT_HW_CCM_B0_FLAGS_T_SHIFT) \
+ | ((q) - 1))
+
+#define ICP_QAT_HW_CCM_NQ_CONST 15
+#define ICP_QAT_HW_CCM_AAD_B0_LEN 16
+#define ICP_QAT_HW_CCM_AAD_LEN_INFO 2
+#define ICP_QAT_HW_CCM_AAD_DATA_OFFSET (ICP_QAT_HW_CCM_AAD_B0_LEN + \
+ ICP_QAT_HW_CCM_AAD_LEN_INFO)
+#define ICP_QAT_HW_CCM_AAD_ALIGNMENT 16
+#define ICP_QAT_HW_CCM_MSG_LEN_MAX_FIELD_SIZE 4
+#define ICP_QAT_HW_CCM_NONCE_OFFSET 1
+
struct icp_qat_hw_cipher_algo_blk {
struct icp_qat_hw_cipher_config cipher_config;
uint8_t key[ICP_QAT_HW_CIPHER_MAX_KEY_SZ];
diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index 2d16c9e..db6c9a3 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -124,6 +124,9 @@ static int qat_hash_get_state1_size(enum icp_qat_hw_auth_algo qat_hash_alg)
case ICP_QAT_HW_AUTH_ALGO_NULL:
return QAT_HW_ROUND_UP(ICP_QAT_HW_NULL_STATE1_SZ,
QAT_HW_DEFAULT_ALIGNMENT);
+ case ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC:
+ return QAT_HW_ROUND_UP(ICP_QAT_HW_AES_CBC_MAC_STATE1_SZ,
+ QAT_HW_DEFAULT_ALIGNMENT);
case ICP_QAT_HW_AUTH_ALGO_DELIMITER:
/* return maximum state1 size in this case */
return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA512_STATE1_SZ,
@@ -876,6 +879,31 @@ int qat_alg_aead_session_create_content_desc_auth(struct qat_session *cdesc,
ICP_QAT_HW_AUTH_ALGO_NULL);
state2_size = ICP_QAT_HW_NULL_STATE2_SZ;
break;
+ case ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC:
+ qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_CCM;
+ state1_size = qat_hash_get_state1_size(
+ ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC);
+ state2_size = ICP_QAT_HW_AES_CBC_MAC_KEY_SZ +
+ ICP_QAT_HW_AES_CCM_CBC_E_CTR0_SZ;
+
+ if (aad_length > 0) {
+ aad_length += ICP_QAT_HW_CCM_AAD_B0_LEN +
+ ICP_QAT_HW_CCM_AAD_LEN_INFO;
+ auth_param->u2.aad_sz =
+ RTE_ALIGN_CEIL(aad_length,
+ ICP_QAT_HW_CCM_AAD_ALIGNMENT);
+ } else {
+ auth_param->u2.aad_sz = ICP_QAT_HW_CCM_AAD_B0_LEN;
+ }
+
+ cdesc->aad_len = aad_length;
+ hash->auth_counter.counter = 0;
+
+ hash_cd_ctrl->outer_prefix_sz = digestsize;
+ auth_param->hash_state_sz = digestsize;
+
+ memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
+ break;
case ICP_QAT_HW_AUTH_ALGO_KASUMI_F9:
state1_size = qat_hash_get_state1_size(
ICP_QAT_HW_AUTH_ALGO_KASUMI_F9);
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index a2b202f..ae73c78 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -59,6 +59,7 @@
#include <rte_hexdump.h>
#include <rte_crypto_sym.h>
#include <rte_cryptodev_pci.h>
+#include <rte_byteorder.h>
#include <openssl/evp.h>
#include "qat_logs.h"
@@ -251,10 +252,21 @@ qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
/* AEAD */
if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ /* AES-GCM and AES-CCM works with different direction
+ * GCM first encrypts and generate hash where AES-CCM
+ * first generate hash and encrypts. Similar relation
+ * applies to decryption.
+ */
if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
- return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
+ return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+ else
+ return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
else
- return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
+ return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+ else
+ return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
}
if (xform->next == NULL)
@@ -734,6 +746,7 @@ qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
struct qat_session *session)
{
struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+ enum rte_crypto_auth_operation crypto_operation;
/*
* Store AEAD IV parameters as cipher IV,
@@ -753,21 +766,33 @@ qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
break;
case RTE_CRYPTO_AEAD_AES_CCM:
- PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported AEAD alg %u",
- aead_xform->algo);
- return -ENOTSUP;
+ if (qat_alg_validate_aes_key(aead_xform->key.length,
+ &session->qat_cipher_alg) != 0) {
+ PMD_DRV_LOG(ERR, "Invalid AES key size");
+ return -EINVAL;
+ }
+ session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+ session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC;
+ break;
default:
PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
aead_xform->algo);
return -EINVAL;
}
- if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+ if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT &&
+ aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ||
+ (aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT &&
+ aead_xform->algo == RTE_CRYPTO_AEAD_AES_CCM)) {
session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
/*
* It needs to create cipher desc content first,
* then authentication
*/
+
+ crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
+ RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
+
if (qat_alg_aead_session_create_content_desc_cipher(session,
aead_xform->key.data,
aead_xform->key.length))
@@ -778,7 +803,7 @@ qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
aead_xform->key.length,
aead_xform->aad_length,
aead_xform->digest_length,
- RTE_CRYPTO_AUTH_OP_GENERATE))
+ crypto_operation))
return -EINVAL;
} else {
session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
@@ -786,12 +811,16 @@ qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
* It needs to create authentication desc content first,
* then cipher
*/
+
+ crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
+ RTE_CRYPTO_AUTH_OP_VERIFY : RTE_CRYPTO_AUTH_OP_GENERATE;
+
if (qat_alg_aead_session_create_content_desc_auth(session,
aead_xform->key.data,
aead_xform->key.length,
aead_xform->aad_length,
aead_xform->digest_length,
- RTE_CRYPTO_AUTH_OP_VERIFY))
+ crypto_operation))
return -EINVAL;
if (qat_alg_aead_session_create_content_desc_cipher(session,
@@ -1043,7 +1072,6 @@ qat_pmd_dequeue_op_burst(void *qp, struct rte_crypto_op **ops,
#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
rte_hexdump(stdout, "qat_response:", (uint8_t *)resp_msg,
sizeof(struct icp_qat_fw_comn_resp));
-
#endif
if (ICP_QAT_FW_COMN_STATUS_FLAG_OK !=
ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET(
@@ -1153,6 +1181,29 @@ set_cipher_iv(uint16_t iv_length, uint16_t iv_offset,
}
}
+/** Set IV for CCM is special case, 0th byte is set to q-1
+ * where q is padding of nonce in 16 byte block
+ */
+static inline void
+set_cipher_iv_ccm(uint16_t iv_length, uint16_t iv_offset,
+ struct icp_qat_fw_la_cipher_req_params *cipher_param,
+ struct rte_crypto_op *op, uint8_t q, uint8_t aad_len_field_sz)
+{
+ rte_memcpy(((uint8_t *)cipher_param->u.cipher_IV_array) +
+ ICP_QAT_HW_CCM_NONCE_OFFSET,
+ rte_crypto_op_ctod_offset(op, uint8_t *,
+ iv_offset) + ICP_QAT_HW_CCM_NONCE_OFFSET,
+ iv_length);
+ *(uint8_t *)&cipher_param->u.cipher_IV_array[0] =
+ q - ICP_QAT_HW_CCM_NONCE_OFFSET;
+
+ if (aad_len_field_sz)
+ rte_memcpy(&op->sym->aead.aad.data[ICP_QAT_HW_CCM_NONCE_OFFSET],
+ rte_crypto_op_ctod_offset(op, uint8_t *,
+ iv_offset) + ICP_QAT_HW_CCM_NONCE_OFFSET,
+ iv_length);
+}
+
static inline int
qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
struct qat_crypto_op_cookie *qat_op_cookie, struct qat_qp *qp)
@@ -1197,6 +1248,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
return -EINVAL;
}
+
+
qat_req = (struct icp_qat_fw_la_bulk_req *)out_msg;
rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req));
qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op;
@@ -1205,9 +1258,13 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
- /* AES-GCM */
+ /* AES-GCM or AES-CCM */
if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
- ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
+ ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64 ||
+ (ctx->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_AES128
+ && ctx->qat_mode == ICP_QAT_HW_CIPHER_CTR_MODE
+ && ctx->qat_hash_alg ==
+ ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC)) {
do_aead = 1;
} else {
do_auth = 1;
@@ -1314,6 +1371,11 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
}
if (do_aead) {
+ /*
+ * This address may used for setting AAD physical pointer
+ * into IV offset from op
+ */
+ phys_addr_t aad_phys_addr_aead = op->sym->aead.aad.phys_addr;
if (ctx->qat_hash_alg ==
ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
ctx->qat_hash_alg ==
@@ -1327,6 +1389,87 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
}
+ set_cipher_iv(ctx->cipher_iv.length,
+ ctx->cipher_iv.offset,
+ cipher_param, op, qat_req);
+
+ } else if (ctx->qat_hash_alg ==
+ ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC) {
+
+ /* In case of AES-CCM this may point to user selected memory
+ * or iv offset in cypto_op
+ */
+ uint8_t *aad_data = op->sym->aead.aad.data;
+ /* This is true AAD length, it not includes 18 bytes of
+ * preceding data
+ */
+ uint8_t aad_ccm_real_len = 0;
+
+ uint8_t aad_len_field_sz = 0;
+ uint32_t msg_len_be =
+ rte_bswap32(op->sym->aead.data.length);
+
+ if (ctx->aad_len > ICP_QAT_HW_CCM_AAD_DATA_OFFSET) {
+ aad_len_field_sz = ICP_QAT_HW_CCM_AAD_LEN_INFO;
+ aad_ccm_real_len = ctx->aad_len -
+ ICP_QAT_HW_CCM_AAD_B0_LEN -
+ ICP_QAT_HW_CCM_AAD_LEN_INFO;
+ } else {
+ /*
+ * aad_len not greater than 18, so no actual aad data,
+ * then use IV after op for B0 block
+ */
+ aad_data = rte_crypto_op_ctod_offset(op, uint8_t *,
+ ctx->cipher_iv.offset);
+ aad_phys_addr_aead =
+ rte_crypto_op_ctophys_offset(op,
+ ctx->cipher_iv.offset);
+ }
+
+ uint8_t q = ICP_QAT_HW_CCM_NQ_CONST - ctx->cipher_iv.length;
+
+ aad_data[0] = ICP_QAT_HW_CCM_BUILD_B0_FLAGS(aad_len_field_sz,
+ ctx->digest_length, q);
+
+ if (q > ICP_QAT_HW_CCM_MSG_LEN_MAX_FIELD_SIZE) {
+ memcpy(aad_data + ctx->cipher_iv.length +
+ ICP_QAT_HW_CCM_NONCE_OFFSET
+ + (q - ICP_QAT_HW_CCM_MSG_LEN_MAX_FIELD_SIZE),
+ (uint8_t *)&msg_len_be,
+ ICP_QAT_HW_CCM_MSG_LEN_MAX_FIELD_SIZE);
+ } else {
+ memcpy(aad_data + ctx->cipher_iv.length +
+ ICP_QAT_HW_CCM_NONCE_OFFSET,
+ (uint8_t *)&msg_len_be
+ + (ICP_QAT_HW_CCM_MSG_LEN_MAX_FIELD_SIZE
+ - q), q);
+ }
+
+ if (aad_len_field_sz > 0) {
+ *(uint16_t *)&aad_data[ICP_QAT_HW_CCM_AAD_B0_LEN]
+ = rte_bswap16(aad_ccm_real_len);
+
+ if ((aad_ccm_real_len + aad_len_field_sz)
+ % ICP_QAT_HW_CCM_AAD_B0_LEN) {
+ uint8_t pad_len = 0;
+ uint8_t pad_idx = 0;
+
+ pad_len = ICP_QAT_HW_CCM_AAD_B0_LEN -
+ ((aad_ccm_real_len + aad_len_field_sz) %
+ ICP_QAT_HW_CCM_AAD_B0_LEN);
+ pad_idx = ICP_QAT_HW_CCM_AAD_B0_LEN +
+ aad_ccm_real_len + aad_len_field_sz;
+ memset(&aad_data[pad_idx],
+ 0, pad_len);
+ }
+
+ }
+
+ set_cipher_iv_ccm(ctx->cipher_iv.length,
+ ctx->cipher_iv.offset,
+ cipher_param, op, q,
+ aad_len_field_sz);
+
}
cipher_len = op->sym->aead.data.length;
@@ -1334,10 +1477,8 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
auth_len = op->sym->aead.data.length;
auth_ofs = op->sym->aead.data.offset;
- auth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;
+ auth_param->u1.aad_adr = aad_phys_addr_aead;
auth_param->auth_res_addr = op->sym->aead.digest.phys_addr;
- set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
- cipher_param, op, qat_req);
min_ofs = op->sym->aead.data.offset;
}
diff --git a/drivers/crypto/qat/qat_crypto_capabilities.h b/drivers/crypto/qat/qat_crypto_capabilities.h
index 7012007..d8d3fa1 100644
--- a/drivers/crypto/qat/qat_crypto_capabilities.h
+++ b/drivers/crypto/qat/qat_crypto_capabilities.h
@@ -183,6 +183,36 @@
}, } \
}, } \
}, \
+ { /* AES CCM */ \
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
+ {.sym = { \
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, \
+ {.aead = { \
+ .algo = RTE_CRYPTO_AEAD_AES_CCM, \
+ .block_size = 16, \
+ .key_size = { \
+ .min = 16, \
+ .max = 16, \
+ .increment = 0 \
+ }, \
+ .digest_size = { \
+ .min = 4, \
+ .max = 16, \
+ .increment = 2 \
+ }, \
+ .aad_size = { \
+ .min = 0, \
+ .max = 224, \
+ .increment = 1 \
+ }, \
+ .iv_size = { \
+ .min = 7, \
+ .max = 13, \
+ .increment = 1 \
+ }, \
+ }, } \
+ }, } \
+ }, \
{ /* AES GCM */ \
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 8/9] test/crypto: rename GCM test code
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (6 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 7/9] crypto/qat: " Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 9/9] test/crypto: add AES-CCM tests Pablo de Lara
` (2 subsequent siblings)
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara
Before adding AES-CCM tests, some test code used
for AES-GCM can be renamed, so it can be reused
for AES-CCM, as both need similar parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
test/test/test_cryptodev.c | 245 +++++++++++----------
...ectors.h => test_cryptodev_aead_test_vectors.h} | 115 +++++-----
test/test/test_cryptodev_perf.c | 2 +-
3 files changed, 193 insertions(+), 169 deletions(-)
rename test/test/{test_cryptodev_gcm_test_vectors.h => test_cryptodev_aead_test_vectors.h} (97%)
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index a4116c6..0b7ca47 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -58,7 +58,7 @@
#include "test_cryptodev_snow3g_test_vectors.h"
#include "test_cryptodev_snow3g_hash_test_vectors.h"
#include "test_cryptodev_zuc_test_vectors.h"
-#include "test_cryptodev_gcm_test_vectors.h"
+#include "test_cryptodev_aead_test_vectors.h"
#include "test_cryptodev_hmac_test_vectors.h"
static int gbl_driver_id;
@@ -4785,10 +4785,11 @@ test_3DES_cipheronly_openssl_all(void)
return TEST_SUCCESS;
}
-/* ***** AES-GCM Tests ***** */
+/* ***** AEAD algorithm Tests ***** */
static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
+create_aead_session(uint8_t dev_id, enum rte_crypto_aead_algorithm algo,
+ enum rte_crypto_aead_operation op,
const uint8_t *key, const uint8_t key_len,
const uint16_t aad_len, const uint8_t auth_len,
uint8_t iv_len)
@@ -4803,7 +4804,7 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
/* Setup AEAD Parameters */
ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
ut_params->aead_xform.next = NULL;
- ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ ut_params->aead_xform.aead.algo = algo;
ut_params->aead_xform.aead.op = op;
ut_params->aead_xform.aead.key.data = aead_key;
ut_params->aead_xform.aead.key.length = key_len;
@@ -4827,7 +4828,8 @@ create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
}
static int
-create_gcm_xforms(struct rte_crypto_op *op,
+create_aead_xform(struct rte_crypto_op *op,
+ enum rte_crypto_aead_algorithm algo,
enum rte_crypto_aead_operation aead_op,
uint8_t *key, const uint8_t key_len,
const uint8_t aad_len, const uint8_t auth_len,
@@ -4841,7 +4843,7 @@ create_gcm_xforms(struct rte_crypto_op *op,
/* Setup AEAD Parameters */
sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
sym_op->xform->next = NULL;
- sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ sym_op->xform->aead.algo = algo;
sym_op->xform->aead.op = aead_op;
sym_op->xform->aead.key.data = key;
sym_op->xform->aead.key.length = key_len;
@@ -4856,8 +4858,8 @@ create_gcm_xforms(struct rte_crypto_op *op,
}
static int
-create_gcm_operation(enum rte_crypto_aead_operation op,
- const struct gcm_test_data *tdata)
+create_aead_operation(enum rte_crypto_aead_operation op,
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -4976,7 +4978,7 @@ create_gcm_operation(enum rte_crypto_aead_operation op,
}
static int
-test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
+test_authenticated_encryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -4986,8 +4988,9 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
uint16_t plaintext_pad_len;
uint32_t i;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -4998,7 +5001,7 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
/* Populate full size of add data */
- for (i = 32; i < GCM_MAX_AAD_LENGTH; i += 32)
+ for (i = 32; i < MAX_AAD_LENGTH; i += 32)
memcpy(&tdata->aad.data[i], &tdata->aad.data[0], 32);
} else
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5007,8 +5010,8 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
@@ -5045,13 +5048,13 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5060,143 +5063,143 @@ test_AES_GCM_authenticated_encryption(const struct gcm_test_data *tdata)
static int
test_AES_GCM_authenticated_encryption_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_1);
+ return test_authenticated_encryption(&gcm_test_case_1);
}
static int
test_AES_GCM_authenticated_encryption_test_case_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_2);
+ return test_authenticated_encryption(&gcm_test_case_2);
}
static int
test_AES_GCM_authenticated_encryption_test_case_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_3);
+ return test_authenticated_encryption(&gcm_test_case_3);
}
static int
test_AES_GCM_authenticated_encryption_test_case_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_4);
+ return test_authenticated_encryption(&gcm_test_case_4);
}
static int
test_AES_GCM_authenticated_encryption_test_case_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_5);
+ return test_authenticated_encryption(&gcm_test_case_5);
}
static int
test_AES_GCM_authenticated_encryption_test_case_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_6);
+ return test_authenticated_encryption(&gcm_test_case_6);
}
static int
test_AES_GCM_authenticated_encryption_test_case_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_7);
+ return test_authenticated_encryption(&gcm_test_case_7);
}
static int
test_AES_GCM_auth_encryption_test_case_192_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_1);
+ return test_authenticated_encryption(&gcm_test_case_192_1);
}
static int
test_AES_GCM_auth_encryption_test_case_192_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_2);
+ return test_authenticated_encryption(&gcm_test_case_192_2);
}
static int
test_AES_GCM_auth_encryption_test_case_192_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_3);
+ return test_authenticated_encryption(&gcm_test_case_192_3);
}
static int
test_AES_GCM_auth_encryption_test_case_192_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_4);
+ return test_authenticated_encryption(&gcm_test_case_192_4);
}
static int
test_AES_GCM_auth_encryption_test_case_192_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_5);
+ return test_authenticated_encryption(&gcm_test_case_192_5);
}
static int
test_AES_GCM_auth_encryption_test_case_192_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_6);
+ return test_authenticated_encryption(&gcm_test_case_192_6);
}
static int
test_AES_GCM_auth_encryption_test_case_192_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_192_7);
+ return test_authenticated_encryption(&gcm_test_case_192_7);
}
static int
test_AES_GCM_auth_encryption_test_case_256_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_1);
+ return test_authenticated_encryption(&gcm_test_case_256_1);
}
static int
test_AES_GCM_auth_encryption_test_case_256_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_2);
+ return test_authenticated_encryption(&gcm_test_case_256_2);
}
static int
test_AES_GCM_auth_encryption_test_case_256_3(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_3);
+ return test_authenticated_encryption(&gcm_test_case_256_3);
}
static int
test_AES_GCM_auth_encryption_test_case_256_4(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_4);
+ return test_authenticated_encryption(&gcm_test_case_256_4);
}
static int
test_AES_GCM_auth_encryption_test_case_256_5(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_5);
+ return test_authenticated_encryption(&gcm_test_case_256_5);
}
static int
test_AES_GCM_auth_encryption_test_case_256_6(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_6);
+ return test_authenticated_encryption(&gcm_test_case_256_6);
}
static int
test_AES_GCM_auth_encryption_test_case_256_7(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_256_7);
+ return test_authenticated_encryption(&gcm_test_case_256_7);
}
static int
test_AES_GCM_auth_encryption_test_case_aad_1(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_aad_1);
+ return test_authenticated_encryption(&gcm_test_case_aad_1);
}
static int
test_AES_GCM_auth_encryption_test_case_aad_2(void)
{
- return test_AES_GCM_authenticated_encryption(&gcm_test_case_aad_2);
+ return test_authenticated_encryption(&gcm_test_case_aad_2);
}
static int
-test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
+test_authenticated_decryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5205,8 +5208,9 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
uint8_t *plaintext;
uint32_t i;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5218,7 +5222,7 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
/* Populate full size of add data */
- for (i = 32; i < GCM_MAX_AAD_LENGTH; i += 32)
+ for (i = 32; i < MAX_AAD_LENGTH; i += 32)
memcpy(&tdata->aad.data[i], &tdata->aad.data[0], 32);
} else
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
@@ -5226,8 +5230,8 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
@@ -5257,154 +5261,154 @@ test_AES_GCM_authenticated_decryption(const struct gcm_test_data *tdata)
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_1);
+ return test_authenticated_decryption(&gcm_test_case_1);
}
static int
test_AES_GCM_authenticated_decryption_test_case_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_2);
+ return test_authenticated_decryption(&gcm_test_case_2);
}
static int
test_AES_GCM_authenticated_decryption_test_case_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_3);
+ return test_authenticated_decryption(&gcm_test_case_3);
}
static int
test_AES_GCM_authenticated_decryption_test_case_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_4);
+ return test_authenticated_decryption(&gcm_test_case_4);
}
static int
test_AES_GCM_authenticated_decryption_test_case_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_5);
+ return test_authenticated_decryption(&gcm_test_case_5);
}
static int
test_AES_GCM_authenticated_decryption_test_case_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_6);
+ return test_authenticated_decryption(&gcm_test_case_6);
}
static int
test_AES_GCM_authenticated_decryption_test_case_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_7);
+ return test_authenticated_decryption(&gcm_test_case_7);
}
static int
test_AES_GCM_auth_decryption_test_case_192_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_1);
+ return test_authenticated_decryption(&gcm_test_case_192_1);
}
static int
test_AES_GCM_auth_decryption_test_case_192_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_2);
+ return test_authenticated_decryption(&gcm_test_case_192_2);
}
static int
test_AES_GCM_auth_decryption_test_case_192_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_3);
+ return test_authenticated_decryption(&gcm_test_case_192_3);
}
static int
test_AES_GCM_auth_decryption_test_case_192_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_4);
+ return test_authenticated_decryption(&gcm_test_case_192_4);
}
static int
test_AES_GCM_auth_decryption_test_case_192_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_5);
+ return test_authenticated_decryption(&gcm_test_case_192_5);
}
static int
test_AES_GCM_auth_decryption_test_case_192_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_6);
+ return test_authenticated_decryption(&gcm_test_case_192_6);
}
static int
test_AES_GCM_auth_decryption_test_case_192_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_192_7);
+ return test_authenticated_decryption(&gcm_test_case_192_7);
}
static int
test_AES_GCM_auth_decryption_test_case_256_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_1);
+ return test_authenticated_decryption(&gcm_test_case_256_1);
}
static int
test_AES_GCM_auth_decryption_test_case_256_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_2);
+ return test_authenticated_decryption(&gcm_test_case_256_2);
}
static int
test_AES_GCM_auth_decryption_test_case_256_3(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_3);
+ return test_authenticated_decryption(&gcm_test_case_256_3);
}
static int
test_AES_GCM_auth_decryption_test_case_256_4(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_4);
+ return test_authenticated_decryption(&gcm_test_case_256_4);
}
static int
test_AES_GCM_auth_decryption_test_case_256_5(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_5);
+ return test_authenticated_decryption(&gcm_test_case_256_5);
}
static int
test_AES_GCM_auth_decryption_test_case_256_6(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_6);
+ return test_authenticated_decryption(&gcm_test_case_256_6);
}
static int
test_AES_GCM_auth_decryption_test_case_256_7(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_256_7);
+ return test_authenticated_decryption(&gcm_test_case_256_7);
}
static int
test_AES_GCM_auth_decryption_test_case_aad_1(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_aad_1);
+ return test_authenticated_decryption(&gcm_test_case_aad_1);
}
static int
test_AES_GCM_auth_decryption_test_case_aad_2(void)
{
- return test_AES_GCM_authenticated_decryption(&gcm_test_case_aad_2);
+ return test_authenticated_decryption(&gcm_test_case_aad_2);
}
static int
-test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
+test_authenticated_encryption_oop(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5413,8 +5417,9 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
uint8_t *ciphertext, *auth_tag;
uint16_t plaintext_pad_len;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5431,8 +5436,8 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->obuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
@@ -5462,13 +5467,13 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5477,11 +5482,11 @@ test_AES_GCM_authenticated_encryption_oop(const struct gcm_test_data *tdata)
static int
test_AES_GCM_authenticated_encryption_oop_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption_oop(&gcm_test_case_5);
+ return test_authenticated_encryption_oop(&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
+test_authenticated_decryption_oop(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5489,8 +5494,9 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
int retval;
uint8_t *plaintext;
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5507,8 +5513,8 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->obuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
@@ -5534,23 +5540,23 @@ test_AES_GCM_authenticated_decryption_oop(const struct gcm_test_data *tdata)
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_oop_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption_oop(&gcm_test_case_5);
+ return test_authenticated_decryption_oop(&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_encryption_sessionless(
- const struct gcm_test_data *tdata)
+test_authenticated_encryption_sessionless(
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5566,14 +5572,15 @@ test_AES_GCM_authenticated_encryption_sessionless(
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
- /* Create GCM xforms */
+ /* Create GCM xform */
memcpy(key, tdata->key.data, tdata->key.len);
- retval = create_gcm_xforms(ut_params->op,
+ retval = create_aead_xform(ut_params->op,
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5610,13 +5617,13 @@ test_AES_GCM_authenticated_encryption_sessionless(
ciphertext,
tdata->ciphertext.data,
tdata->ciphertext.len,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
TEST_ASSERT_BUFFERS_ARE_EQUAL(
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
@@ -5625,13 +5632,13 @@ test_AES_GCM_authenticated_encryption_sessionless(
static int
test_AES_GCM_authenticated_encryption_sessionless_test_case_1(void)
{
- return test_AES_GCM_authenticated_encryption_sessionless(
+ return test_authenticated_encryption_sessionless(
&gcm_test_case_5);
}
static int
-test_AES_GCM_authenticated_decryption_sessionless(
- const struct gcm_test_data *tdata)
+test_authenticated_decryption_sessionless(
+ const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
@@ -5646,14 +5653,15 @@ test_AES_GCM_authenticated_decryption_sessionless(
memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
rte_pktmbuf_tailroom(ut_params->ibuf));
- /* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
+ /* Create AEAD operation */
+ retval = create_aead_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
- /* Create GCM xforms */
+ /* Create AEAD xform */
memcpy(key, tdata->key.data, tdata->key.len);
- retval = create_gcm_xforms(ut_params->op,
+ retval = create_aead_xform(ut_params->op,
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_DECRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -5686,18 +5694,18 @@ test_AES_GCM_authenticated_decryption_sessionless(
plaintext,
tdata->plaintext.data,
tdata->plaintext.len,
- "GCM plaintext data not as expected");
+ "Plaintext data not as expected");
TEST_ASSERT_EQUAL(ut_params->op->status,
RTE_CRYPTO_OP_STATUS_SUCCESS,
- "GCM authentication failed");
+ "Authentication failed");
return 0;
}
static int
test_AES_GCM_authenticated_decryption_sessionless_test_case_1(void)
{
- return test_AES_GCM_authenticated_decryption_sessionless(
+ return test_authenticated_decryption_sessionless(
&gcm_test_case_5);
}
@@ -7406,8 +7414,8 @@ test_authenticated_decryption_fail_when_corruption(
}
static int
-create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
- const struct gcm_test_data *tdata,
+create_aead_operation_SGL(enum rte_crypto_aead_operation op,
+ const struct aead_test_data *tdata,
void *digest_mem, uint64_t digest_phys)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7468,7 +7476,7 @@ create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
#define SGL_MAX_NO 16
static int
-test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
+test_authenticated_encryption_SGL(const struct aead_test_data *tdata,
const int oop, uint32_t fragsz, uint32_t fragsz_oop)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7513,8 +7521,9 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
buf_oop = ut_params->obuf;
}
- /* Create GCM session */
- retval = create_gcm_session(ts_params->valid_devs[0],
+ /* Create AEAD session */
+ retval = create_aead_session(ts_params->valid_devs[0],
+ tdata->algo,
RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
@@ -7643,8 +7652,8 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
tdata->plaintext.len);
}
- /* Create GCM opertaion */
- retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
+ /* Create AEAD operation */
+ retval = create_aead_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata, digest_mem, digest_phys);
if (retval < 0)
@@ -7678,7 +7687,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
ciphertext,
tdata->ciphertext.data,
fragsz,
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
buf = ut_params->op->sym->m_src->next;
if (oop)
@@ -7695,7 +7704,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
ciphertext,
tdata->ciphertext.data + off,
to_trn_tbl[ecx],
- "GCM Ciphertext data not as expected");
+ "Ciphertext data not as expected");
off += to_trn_tbl[ecx++];
buf = buf->next;
@@ -7706,7 +7715,7 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
auth_tag,
tdata->auth_tag.data,
tdata->auth_tag.len,
- "GCM Generated auth tag not as expected");
+ "Generated auth tag not as expected");
return 0;
}
@@ -7717,21 +7726,21 @@ test_AES_GCM_authenticated_encryption_SGL(const struct gcm_test_data *tdata,
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_400B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, OUT_OF_PLACE, 400, 400);
}
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_1500B_2000B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, OUT_OF_PLACE, 1500, 2000);
}
static int
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_8, OUT_OF_PLACE, 400,
gcm_test_case_8.plaintext.len);
}
@@ -7740,7 +7749,7 @@ static int
test_AES_GCM_auth_encrypt_SGL_in_place_1500B(void)
{
- return test_AES_GCM_authenticated_encryption_SGL(
+ return test_authenticated_encryption_SGL(
&gcm_test_case_SGL_1, IN_PLACE, 1500, 0);
}
diff --git a/test/test/test_cryptodev_gcm_test_vectors.h b/test/test/test_cryptodev_aead_test_vectors.h
similarity index 97%
rename from test/test/test_cryptodev_gcm_test_vectors.h
rename to test/test/test_cryptodev_aead_test_vectors.h
index 7879c35..e9f13dd 100644
--- a/test/test/test_cryptodev_gcm_test_vectors.h
+++ b/test/test/test_cryptodev_aead_test_vectors.h
@@ -1,7 +1,7 @@
/*-
* BSD LICENSE
*
- * Copyright(c) 2015 Intel Corporation. All rights reserved.
+ * Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,23 +30,25 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef TEST_CRYPTODEV_GCM_TEST_VECTORS_H_
-#define TEST_CRYPTODEV_GCM_TEST_VECTORS_H_
+#ifndef TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_
+#define TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_
#define GMAC_LARGE_PLAINTEXT_LENGTH 65344
-#define GCM_MAX_AAD_LENGTH 65536
+#define MAX_AAD_LENGTH 65536
#define GCM_LARGE_AAD_LENGTH 65296
-static uint8_t gcm_aad_zero_text[GCM_MAX_AAD_LENGTH] = { 0 };
+static uint8_t gcm_aad_zero_text[MAX_AAD_LENGTH] = { 0 };
-static uint8_t gcm_aad_text[GCM_MAX_AAD_LENGTH] = {
+static uint8_t gcm_aad_text[MAX_AAD_LENGTH] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0x00, 0xf1, 0xe2, 0xd3, 0xc4, 0xb5, 0xa6, 0x97,
0x88, 0x79, 0x6a, 0x5b, 0x4c, 0x3d, 0x2e, 0x1f };
-struct gcm_test_data {
+struct aead_test_data {
+ enum rte_crypto_aead_algorithm algo;
+
struct {
uint8_t data[64];
unsigned len;
@@ -101,8 +103,9 @@ struct gmac_test_data {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_1 = {
+/** AES-GCM-128 Test Vectors */
+static const struct aead_test_data gcm_test_case_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -138,8 +141,8 @@ static const struct gcm_test_data gcm_test_case_1 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_2 = {
+static const struct aead_test_data gcm_test_case_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -176,8 +179,8 @@ static const struct gcm_test_data gcm_test_case_2 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_3 = {
+static const struct aead_test_data gcm_test_case_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -227,8 +230,8 @@ static const struct gcm_test_data gcm_test_case_3 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_4 = {
+static const struct aead_test_data gcm_test_case_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -282,8 +285,8 @@ static const struct gcm_test_data gcm_test_case_4 = {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_5 = {
+static const struct aead_test_data gcm_test_case_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -337,8 +340,8 @@ static const struct gcm_test_data gcm_test_case_5 = {
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_6 = {
+static const struct aead_test_data gcm_test_case_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -392,8 +395,8 @@ static const struct gcm_test_data gcm_test_case_6 = {
}
};
-/** AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_7 = {
+static const struct aead_test_data gcm_test_case_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -447,7 +450,8 @@ static const struct gcm_test_data gcm_test_case_7 = {
}
};
-static const struct gcm_test_data gcm_test_case_8 = {
+static const struct aead_test_data gcm_test_case_8 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -997,8 +1001,9 @@ static const struct gcm_test_data gcm_test_case_8 = {
}
};
-/** AES-192 Test Vectors */
-static const struct gcm_test_data gcm_test_case_192_1 = {
+/** AES-GCM-192 Test Vectors */
+static const struct aead_test_data gcm_test_case_192_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1035,7 +1040,8 @@ static const struct gcm_test_data gcm_test_case_192_1 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_2 = {
+static const struct aead_test_data gcm_test_case_192_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1079,7 +1085,8 @@ static const struct gcm_test_data gcm_test_case_192_2 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_3 = {
+static const struct aead_test_data gcm_test_case_192_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1134,7 +1141,8 @@ static const struct gcm_test_data gcm_test_case_192_3 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_4 = {
+static const struct aead_test_data gcm_test_case_192_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1189,7 +1197,8 @@ static const struct gcm_test_data gcm_test_case_192_4 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_5 = {
+static const struct aead_test_data gcm_test_case_192_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1244,7 +1253,8 @@ static const struct gcm_test_data gcm_test_case_192_5 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_6 = {
+static const struct aead_test_data gcm_test_case_192_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1299,7 +1309,8 @@ static const struct gcm_test_data gcm_test_case_192_6 = {
}
};
-static const struct gcm_test_data gcm_test_case_192_7 = {
+static const struct aead_test_data gcm_test_case_192_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C,
@@ -1354,8 +1365,9 @@ static const struct gcm_test_data gcm_test_case_192_7 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_1 = {
+/** AES-GCM-256 Test Vectors */
+static const struct aead_test_data gcm_test_case_256_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1390,8 +1402,8 @@ static const struct gcm_test_data gcm_test_case_256_1 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_2 = {
+static const struct aead_test_data gcm_test_case_256_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1430,8 +1442,8 @@ static const struct gcm_test_data gcm_test_case_256_2 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_3 = {
+static const struct aead_test_data gcm_test_case_256_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1482,8 +1494,8 @@ static const struct gcm_test_data gcm_test_case_256_3 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_4 = {
+static const struct aead_test_data gcm_test_case_256_4 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1535,8 +1547,8 @@ static const struct gcm_test_data gcm_test_case_256_4 = {
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_5 = {
+static const struct aead_test_data gcm_test_case_256_5 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1588,8 +1600,8 @@ static const struct gcm_test_data gcm_test_case_256_5 = {
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_6 = {
+static const struct aead_test_data gcm_test_case_256_6 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1640,8 +1652,8 @@ static const struct gcm_test_data gcm_test_case_256_6 = {
}
};
-/** AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_256_7 = {
+static const struct aead_test_data gcm_test_case_256_7 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1692,8 +1704,9 @@ static const struct gcm_test_data gcm_test_case_256_7 = {
}
};
-/** variable AAD AES-128 Test Vectors */
-static const struct gcm_test_data gcm_test_case_aad_1 = {
+/** variable AAD AES-GCM-128 Test Vectors */
+static const struct aead_test_data gcm_test_case_aad_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -1744,8 +1757,9 @@ static const struct gcm_test_data gcm_test_case_aad_1 = {
}
};
-/** variable AAD AES-256 Test Vectors */
-static const struct gcm_test_data gcm_test_case_aad_2 = {
+/** variable AAD AES-GCM-256 Test Vectors */
+static const struct aead_test_data gcm_test_case_aad_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -2567,7 +2581,8 @@ static const struct gmac_test_data gmac_test_case_4 = {
}
};
-static const struct gcm_test_data gcm_test_case_SGL_1 = {
+static const struct aead_test_data gcm_test_case_SGL_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.key = {
.data = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
@@ -3384,4 +3399,4 @@ static const struct gcm_test_data gcm_test_case_SGL_1 = {
}
};
-#endif /* TEST_CRYPTODEV_GCM_TEST_VECTORS_H_ */
+#endif /* TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_ */
diff --git a/test/test/test_cryptodev_perf.c b/test/test/test_cryptodev_perf.c
index 3b57e6d..5e35c28 100644
--- a/test/test/test_cryptodev_perf.c
+++ b/test/test/test_cryptodev_perf.c
@@ -41,7 +41,7 @@
#include "test.h"
#include "test_cryptodev.h"
-#include "test_cryptodev_gcm_test_vectors.h"
+#include "test_cryptodev_aead_test_vectors.h"
#define AES_CIPHER_IV_LENGTH 16
#define TRIPLE_DES_CIPHER_IV_LENGTH 8
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* [dpdk-dev] [PATCH v2 9/9] test/crypto: add AES-CCM tests
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (7 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 8/9] test/crypto: rename GCM test code Pablo de Lara
@ 2017-09-21 13:11 ` Pablo de Lara
2017-10-05 9:12 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Zhang, Roy Fan
2017-10-09 10:10 ` De Lara Guarch, Pablo
10 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2017-09-21 13:11 UTC (permalink / raw)
To: declan.doherty, fiona.trahe, deepak.k.jain, john.griffin
Cc: dev, Pablo de Lara, Arek Kusztal
Added AES-CCM tests for Intel QAT PMD and OpenSSL PMD.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
test/test/test_cryptodev.c | 290 ++++++++++++++++---
test/test/test_cryptodev_aead_test_vectors.h | 401 +++++++++++++++++++++++++++
2 files changed, 657 insertions(+), 34 deletions(-)
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0b7ca47..60f30ce 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4876,25 +4876,49 @@ create_aead_operation(enum rte_crypto_aead_operation op,
struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
/* Append aad data */
- aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
- sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
- aad_pad_len);
- TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
- "no room to append aad");
-
- sym_op->aead.aad.phys_addr =
- rte_pktmbuf_mtophys(ut_params->ibuf);
- memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
- TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
- tdata->aad.len);
-
- /* Append IV at the end of the crypto operation*/
- uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
- uint8_t *, IV_OFFSET);
-
- rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
- TEST_HEXDUMP(stdout, "iv:", iv_ptr,
- tdata->iv.len);
+ if (tdata->algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len + 18, 16);
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ aad_pad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to append aad");
+
+ sym_op->aead.aad.phys_addr =
+ rte_pktmbuf_mtophys(ut_params->ibuf);
+ /* Copy AAD 18 bytes after the AAD pointer, according to the API */
+ memcpy(sym_op->aead.aad.data + 18, tdata->aad.data, tdata->aad.len);
+ TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
+ tdata->aad.len);
+
+ /* Append IV at the end of the crypto operation*/
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
+
+ /* Copy IV 1 byte after the IV pointer, according to the API */
+ rte_memcpy(iv_ptr + 1, tdata->iv.data, tdata->iv.len);
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr,
+ tdata->iv.len);
+ } else {
+ aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ aad_pad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to append aad");
+
+ sym_op->aead.aad.phys_addr =
+ rte_pktmbuf_mtophys(ut_params->ibuf);
+ memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
+ TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
+ tdata->aad.len);
+
+ /* Append IV at the end of the crypto operation*/
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
+
+ rte_memcpy(iv_ptr, tdata->iv.data, tdata->iv.len);
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr,
+ tdata->iv.len);
+ }
/* Append plaintext/ciphertext */
if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
@@ -5710,6 +5734,114 @@ test_AES_GCM_authenticated_decryption_sessionless_test_case_1(void)
}
static int
+test_AES_CCM_authenticated_encryption_test_case_128_1(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_128_1);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_128_2(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_128_2);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_128_3(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_128_3);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_128_1(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_128_1);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_128_2(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_128_2);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_128_3(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_128_3);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_192_1(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_192_1);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_192_2(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_192_2);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_192_3(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_192_3);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_192_1(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_192_1);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_192_2(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_192_2);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_192_3(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_192_3);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_256_1(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_256_1);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_256_2(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_256_2);
+}
+
+static int
+test_AES_CCM_authenticated_encryption_test_case_256_3(void)
+{
+ return test_authenticated_encryption(&ccm_test_case_256_3);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_256_1(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_256_1);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_256_2(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_256_2);
+}
+
+static int
+test_AES_CCM_authenticated_decryption_test_case_256_3(void)
+{
+ return test_authenticated_decryption(&ccm_test_case_256_3);
+}
+
+static int
test_stats(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -7423,7 +7555,7 @@ create_aead_operation_SGL(enum rte_crypto_aead_operation op,
const unsigned int auth_tag_len = tdata->auth_tag.len;
const unsigned int iv_len = tdata->iv.len;
- const unsigned int aad_len = tdata->aad.len;
+ unsigned int aad_len = tdata->aad.len;
/* Generate Crypto op data structure */
ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
@@ -7448,24 +7580,50 @@ create_aead_operation_SGL(enum rte_crypto_aead_operation op,
auth_tag_len);
}
- uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
- uint8_t *, IV_OFFSET);
+ /* Append aad data */
+ if (tdata->algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
- rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
+ /* Copy IV 1 byte after the IV pointer, according to the API */
+ rte_memcpy(iv_ptr + 1, tdata->iv.data, iv_len);
- sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
- ut_params->ibuf, aad_len);
- TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
- "no room to prepend aad");
- sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
- ut_params->ibuf);
+ aad_len = RTE_ALIGN_CEIL(aad_len + 18, 16);
- memset(sym_op->aead.aad.data, 0, aad_len);
- rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+ ut_params->ibuf, aad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to prepend aad");
+ sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
+ ut_params->ibuf);
- TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
- TEST_HEXDUMP(stdout, "aad:",
- sym_op->aead.aad.data, aad_len);
+ memset(sym_op->aead.aad.data, 0, aad_len);
+ /* Copy AAD 18 bytes after the AAD pointer, according to the API */
+ rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
+
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
+ TEST_HEXDUMP(stdout, "aad:",
+ sym_op->aead.aad.data, aad_len);
+ } else {
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op,
+ uint8_t *, IV_OFFSET);
+
+ rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
+
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+ ut_params->ibuf, aad_len);
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
+ "no room to prepend aad");
+ sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
+ ut_params->ibuf);
+
+ memset(sym_op->aead.aad.data, 0, aad_len);
+ rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
+
+ TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
+ TEST_HEXDUMP(stdout, "aad:",
+ sym_op->aead.aad.data, aad_len);
+ }
sym_op->aead.data.length = tdata->plaintext.len;
sym_op->aead.data.offset = aad_len;
@@ -8046,6 +8204,22 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_qat_all),
TEST_CASE_ST(ut_setup, ut_teardown, test_stats),
+ /** AES CCM Authenticated Encryption 128 bits key */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_128_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_128_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_128_3),
+
+ /** AES CCM Authenticated Decryption 128 bits key*/
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_128_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_128_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_128_3),
+
/** AES GCM Authenticated Encryption */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_auth_encrypt_SGL_in_place_1500B),
@@ -8439,6 +8613,54 @@ static struct unit_test_suite cryptodev_openssl_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GMAC_authentication_verify_test_case_4),
+ /** AES CCM Authenticated Encryption 128 bits key */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_128_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_128_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_128_3),
+
+ /** AES CCM Authenticated Decryption 128 bits key*/
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_128_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_128_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_128_3),
+
+ /** AES CCM Authenticated Encryption 192 bits key */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_192_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_192_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_192_3),
+
+ /** AES CCM Authenticated Decryption 192 bits key*/
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_192_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_192_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_192_3),
+
+ /** AES CCM Authenticated Encryption 256 bits key */
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_256_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_256_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_encryption_test_case_256_3),
+
+ /** AES CCM Authenticated Decryption 256 bits key*/
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_256_1),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_256_2),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CCM_authenticated_decryption_test_case_256_3),
+
/** Scatter-Gather */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg),
diff --git a/test/test/test_cryptodev_aead_test_vectors.h b/test/test/test_cryptodev_aead_test_vectors.h
index e9f13dd..e760ef9 100644
--- a/test/test/test_cryptodev_aead_test_vectors.h
+++ b/test/test/test_cryptodev_aead_test_vectors.h
@@ -45,6 +45,15 @@ static uint8_t gcm_aad_text[MAX_AAD_LENGTH] = {
0x00, 0xf1, 0xe2, 0xd3, 0xc4, 0xb5, 0xa6, 0x97,
0x88, 0x79, 0x6a, 0x5b, 0x4c, 0x3d, 0x2e, 0x1f };
+static uint8_t ccm_aad_test_1[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+};
+
+static uint8_t ccm_aad_test_2[22] = {
+ 0x08, 0x40, 0x0F, 0xD2, 0xE1, 0x28, 0xA5, 0x7C,
+ 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xAB, 0xAE,
+ 0xA5, 0xB8, 0xFC, 0xBA, 0x00, 0x00
+};
struct aead_test_data {
enum rte_crypto_aead_algorithm algo;
@@ -3399,4 +3408,396 @@ static const struct aead_test_data gcm_test_case_SGL_1 = {
}
};
+/** AES-CCM-128 Test Vectors */
+static const struct aead_test_data ccm_test_case_128_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
+ },
+ .len = 7
+ },
+ .aad = {
+ .data = ccm_aad_test_1,
+ .len = 8
+ },
+ .plaintext = {
+ .data = {
+ 0x20, 0x21, 0x22, 0x23
+ },
+ .len = 4
+ },
+ .ciphertext = {
+ .data = {
+ 0x71, 0x62, 0x01, 0x5B
+ },
+ .len = 4
+ },
+ .auth_tag = {
+ .data = {
+ 0x4D, 0xAC, 0x25, 0x5D
+ },
+ .len = 4
+ }
+};
+
+static const struct aead_test_data ccm_test_case_128_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = ccm_aad_test_2,
+ .len = 22
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0xF3, 0xD0, 0xA2, 0xFE, 0x9A, 0x3D, 0xBF, 0x23,
+ 0x42, 0xA6, 0x43, 0xE4, 0x32, 0x46, 0xE8, 0x0C,
+ 0x3C, 0x04, 0xD0, 0x19
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x78, 0x45, 0xCE, 0x0B, 0x16, 0xF9, 0x76, 0x23
+ },
+ .len = 8
+ }
+};
+
+static const struct aead_test_data ccm_test_case_128_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F
+ },
+ .len = 16
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = gcm_aad_zero_text,
+ .len = 0
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0xF3, 0xD0, 0xA2, 0xFE, 0x9A, 0x3D, 0xBF, 0x23,
+ 0x42, 0xA6, 0x43, 0xE4, 0x32, 0x46, 0xE8, 0x0C,
+ 0x3C, 0x04, 0xD0, 0x19
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x41, 0x83, 0x21, 0x89, 0xA3, 0xD3, 0x1B, 0x43
+ },
+ .len = 8
+ }
+};
+
+/** AES-CCM-192 Test Vectors */
+static const struct aead_test_data ccm_test_case_192_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57
+ },
+ .len = 24
+ },
+ .iv = {
+ .data = {
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
+ },
+ .len = 7
+ },
+ .aad = {
+ .data = ccm_aad_test_1,
+ .len = 8
+ },
+ .plaintext = {
+ .data = {
+ 0x20, 0x21, 0x22, 0x23
+ },
+ .len = 4
+ },
+ .ciphertext = {
+ .data = {
+ 0x18, 0xEE, 0x17, 0x30
+ },
+ .len = 4
+ },
+ .auth_tag = {
+ .data = {
+ 0xC8, 0xC3, 0x26, 0xD5
+ },
+ .len = 4
+ }
+};
+
+static const struct aead_test_data ccm_test_case_192_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57
+ },
+ .len = 24
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = ccm_aad_test_2,
+ .len = 22
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0x41, 0xC6, 0x2D, 0xD5, 0x31, 0xF2, 0xD5, 0xC8,
+ 0xCC, 0x57, 0x01, 0x2E, 0x7E, 0x2B, 0xF1, 0x26,
+ 0x6A, 0xC7, 0xCB, 0xA5
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x77, 0xA3, 0x41, 0xD5, 0x2A, 0xE3, 0x25, 0x37
+ },
+ .len = 8
+ }
+};
+
+static const struct aead_test_data ccm_test_case_192_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57
+ },
+ .len = 24
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = gcm_aad_zero_text,
+ .len = 0
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0x41, 0xC6, 0x2D, 0xD5, 0x31, 0xF2, 0xD5, 0xC8,
+ 0xCC, 0x57, 0x01, 0x2E, 0x7E, 0x2B, 0xF1, 0x26,
+ 0x6A, 0xC7, 0xCB, 0xA5
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x84, 0x72, 0x6E, 0xE7, 0x8E, 0x8E, 0x3A, 0xC6
+ },
+ .len = 8
+ }
+};
+
+/** AES-CCM-256 Test Vectors */
+static const struct aead_test_data ccm_test_case_256_1 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
+ },
+ .len = 32
+ },
+ .iv = {
+ .data = {
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
+ },
+ .len = 7
+ },
+ .aad = {
+ .data = ccm_aad_test_1,
+ .len = 8
+ },
+ .plaintext = {
+ .data = {
+ 0x20, 0x21, 0x22, 0x23
+ },
+ .len = 4
+ },
+ .ciphertext = {
+ .data = {
+ 0x8A, 0xB1, 0xA8, 0x74
+ },
+ .len = 4
+ },
+ .auth_tag = {
+ .data = {
+ 0x95, 0xFC, 0x08, 0x20
+ },
+ .len = 4
+ }
+};
+
+static const struct aead_test_data ccm_test_case_256_2 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
+ },
+ .len = 32
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = ccm_aad_test_2,
+ .len = 22
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0x25, 0x82, 0x89, 0x09, 0x3E, 0x39, 0x1F, 0x16,
+ 0xD2, 0x82, 0x3D, 0xF6, 0xCE, 0x97, 0x72, 0x07,
+ 0xEC, 0x23, 0x17, 0x98
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0xAB, 0x02, 0xE9, 0xD1, 0x16, 0x69, 0xED, 0x0A
+ },
+ .len = 8
+ }
+};
+
+static const struct aead_test_data ccm_test_case_256_3 = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .key = {
+ .data = {
+ 0xC9, 0x7C, 0x1F, 0x67, 0xCE, 0x37, 0x11, 0x85,
+ 0x51, 0x4A, 0x8A, 0x19, 0xF2, 0xBD, 0xD5, 0x2F,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
+ },
+ .len = 32
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x50, 0x30, 0xF1, 0x84, 0x44, 0x08, 0xB5,
+ 0x03, 0x97, 0x76, 0xE7, 0x0C
+ },
+ .len = 13
+ },
+ .aad = {
+ .data = gcm_aad_zero_text,
+ .len = 0
+ },
+ .plaintext = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .ciphertext = {
+ .data = {
+ 0x25, 0x82, 0x89, 0x09, 0x3E, 0x39, 0x1F, 0x16,
+ 0xD2, 0x82, 0x3D, 0xF6, 0xCE, 0x97, 0x72, 0x07,
+ 0xEC, 0x23, 0x17, 0x98
+ },
+ .len = 20
+ },
+ .auth_tag = {
+ .data = {
+ 0x15, 0x80, 0xC4, 0xC9, 0x3F, 0xAB, 0x2A, 0xFD
+ },
+ .len = 8
+ }
+};
#endif /* TEST_CRYPTODEV_AEAD_TEST_VECTORS_H_ */
--
2.9.4
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (8 preceding siblings ...)
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 9/9] test/crypto: add AES-CCM tests Pablo de Lara
@ 2017-10-05 9:12 ` Zhang, Roy Fan
2017-10-09 10:10 ` De Lara Guarch, Pablo
10 siblings, 0 replies; 21+ messages in thread
From: Zhang, Roy Fan @ 2017-10-05 9:12 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Doherty, Declan, Trahe, Fiona, Jain,
Deepak K, Griffin, John
Cc: dev, De Lara Guarch, Pablo
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Pablo de Lara
> Sent: Thursday, September 21, 2017 2:11 PM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Jain, Deepak K <deepak.k.jain@intel.com>; Griffin,
> John <john.griffin@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM
>
> AES-CCM support is added in the OpenSSL and QAT PMDs.
> The PMDs and the test code have been reworked, to avoid duplications with
> AES-GCM code, as both algorithms are quite similar (both are AEAD
> algorithms).
>
> Also, an optimization for AES-GCM (and AES-CCM after the last patch) has
> been introduced, initializing the OpenSSL Context with the key, at session
> creation, instead of for each operation.
>
> Changes in v2:
> - Clarified API for AES-CCM
> - Modified OpenSSL PMD and sample apps to comply with API
> - Added support for AES-CCM in QAT
> - Extended test cases for 192 and 256 bit keys
Series Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [dpdk-dev] [PATCH v2 7/9] crypto/qat: add AES-CCM support
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 7/9] crypto/qat: " Pablo de Lara
@ 2017-10-09 9:55 ` Trahe, Fiona
0 siblings, 0 replies; 21+ messages in thread
From: Trahe, Fiona @ 2017-10-09 9:55 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Doherty, Declan, Jain, Deepak K, Griffin, John
Cc: dev, Kusztal, ArkadiuszX
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, September 21, 2017 2:11 PM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; Jain, Deepak K
> <deepak.k.jain@intel.com>; Griffin, John <john.griffin@intel.com>
> Cc: dev@dpdk.org; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 7/9] crypto/qat: add AES-CCM support
>
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>
> This patch adds AES-CCM AEAD cipher and hash algorithm to
> Intel QuickAssist Technology driver.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API for AES-CCM
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API " Pablo de Lara
@ 2017-10-09 9:57 ` Trahe, Fiona
0 siblings, 0 replies; 21+ messages in thread
From: Trahe, Fiona @ 2017-10-09 9:57 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Doherty, Declan, Jain, Deepak K, Griffin, John; +Cc: dev
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, September 21, 2017 2:11 PM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; Jain, Deepak K
> <deepak.k.jain@intel.com>; Griffin, John <john.griffin@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH v2 1/9] cryptodev: clarify API for AES-CCM
>
> AES-CCM algorithm has some restrictions when
> handling nonce (IV) and AAD information.
>
> As the API stated, the nonce needs to be place 1 byte
> after the start of the IV field. This field needs
> to be 16 bytes long, regardless the length of the nonce,
> but it is important to clarify that the first byte
> and the padding added after the nonce may be modified
> by the PMDs using this algorithm.
>
> Same happens with the AAD. It needs to be placed 18 bytes
> after the start of the AAD field. The field also needs
> to be multiple of 16 bytes long and all memory reserved
> (the first bytes and the padding (may be modified by the PMDs).
>
> Lastly, nonce is not needed to be placed in the first 16 bytes
> of the AAD, as the API stated, as that depends on the PMD
> used, so the comment has been removed.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
` (9 preceding siblings ...)
2017-10-05 9:12 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Zhang, Roy Fan
@ 2017-10-09 10:10 ` De Lara Guarch, Pablo
10 siblings, 0 replies; 21+ messages in thread
From: De Lara Guarch, Pablo @ 2017-10-09 10:10 UTC (permalink / raw)
To: Doherty, Declan, Trahe, Fiona, Jain, Deepak K, Griffin, John; +Cc: dev
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, September 21, 2017 2:11 PM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>; Jain, Deepak K <deepak.k.jain@intel.com>;
> Griffin, John <john.griffin@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH v2 0/9] Add support for AES-CCM
>
> AES-CCM support is added in the OpenSSL and QAT PMDs.
> The PMDs and the test code have been reworked, to avoid duplications with
> AES-GCM code, as both algorithms are quite similar (both are AEAD
> algorithms).
>
> Also, an optimization for AES-GCM (and AES-CCM after the last patch) has
> been introduced, initializing the OpenSSL Context with the key, at session
> creation, instead of for each operation.
>
> Changes in v2:
> - Clarified API for AES-CCM
> - Modified OpenSSL PMD and sample apps to comply with API
> - Added support for AES-CCM in QAT
> - Extended test cases for 192 and 256 bit keys
>
> Arek Kusztal (1):
> crypto/qat: add AES-CCM support
>
> Pablo de Lara (8):
> cryptodev: clarify API for AES-CCM
> examples/l2fwd-crypto: add AES-CCM support
> app/crypto-perf: add AES-CCM support
> crypto/openssl: fix AEAD parameters
> crypto/openssl: init GCM key at session creation
> crypto/openssl: add AES-CCM support
> test/crypto: rename GCM test code
> test/crypto: add AES-CCM tests
>
> app/test-crypto-perf/cperf_ops.c | 21 +-
> app/test-crypto-perf/cperf_test_latency.c | 34 +-
> app/test-crypto-perf/cperf_test_throughput.c | 34 +-
> app/test-crypto-perf/cperf_test_verify.c | 35 +-
> doc/guides/cryptodevs/features/default.ini | 3 +
> doc/guides/cryptodevs/features/openssl.ini | 3 +
> doc/guides/cryptodevs/openssl.rst | 1 +
> doc/guides/rel_notes/release_17_11.rst | 6 +
> drivers/crypto/openssl/rte_openssl_pmd.c | 375 +++++++++++----
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 30 ++
> drivers/crypto/qat/qat_adf/icp_qat_hw.h | 20 +
> drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 28 ++
> drivers/crypto/qat/qat_crypto.c | 169 ++++++-
> drivers/crypto/qat/qat_crypto_capabilities.h | 30 ++
> examples/l2fwd-crypto/main.c | 44 +-
> lib/librte_cryptodev/rte_crypto_sym.h | 34 +-
> test/test/test_cryptodev.c | 535 +++++++++++++++------
> ...ectors.h => test_cryptodev_aead_test_vectors.h} | 516
> ++++++++++++++++++--
> test/test/test_cryptodev_perf.c | 2 +-
> 19 files changed, 1570 insertions(+), 350 deletions(-) rename
> test/test/{test_cryptodev_gcm_test_vectors.h =>
> test_cryptodev_aead_test_vectors.h} (92%)
>
> --
> 2.9.4
Applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-10-09 10:10 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-18 8:07 [dpdk-dev] [PATCH 0/4] Add support for AES-CCM Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 1/4] crypto/openssl: fix AEAD parameters Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH] test/crypto: rename GCM test code Pablo de Lara
2017-08-18 16:09 ` De Lara Guarch, Pablo
2017-08-18 8:07 ` [dpdk-dev] [PATCH 2/4] crypto/openssl: init GCM key at session creation Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 3/4] test/crypto: rename GCM test code Pablo de Lara
2017-08-18 8:07 ` [dpdk-dev] [PATCH 4/4] crypto/openssl: add AES-CCM support Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 1/9] cryptodev: clarify API " Pablo de Lara
2017-10-09 9:57 ` Trahe, Fiona
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 2/9] examples/l2fwd-crypto: add AES-CCM support Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 3/9] app/crypto-perf: " Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 4/9] crypto/openssl: fix AEAD parameters Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 5/9] crypto/openssl: init GCM key at session creation Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 6/9] crypto/openssl: add AES-CCM support Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 7/9] crypto/qat: " Pablo de Lara
2017-10-09 9:55 ` Trahe, Fiona
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 8/9] test/crypto: rename GCM test code Pablo de Lara
2017-09-21 13:11 ` [dpdk-dev] [PATCH v2 9/9] test/crypto: add AES-CCM tests Pablo de Lara
2017-10-05 9:12 ` [dpdk-dev] [PATCH v2 0/9] Add support for AES-CCM Zhang, Roy Fan
2017-10-09 10:10 ` De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).