From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id C1B094CE4 for ; Thu, 15 Nov 2018 18:24:17 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Nov 2018 09:24:17 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,237,1539673200"; d="scan'208";a="86751198" Received: from silpixa00398673.ir.intel.com (HELO silpixa00398673.ger.corp.intel.com) ([10.237.223.54]) by fmsmga008.fm.intel.com with ESMTP; 15 Nov 2018 09:24:16 -0800 From: Fan Zhang To: dev@dpdk.org Cc: akhil.goyal@nxp.com Date: Thu, 15 Nov 2018 17:24:15 +0000 Message-Id: <20181115172415.67551-1-roy.fan.zhang@intel.com> X-Mailer: git-send-email 2.13.6 Subject: [dpdk-dev] [PATCH] crypto/aesni_mb: add gmac support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2018 17:24:18 -0000 This patch adds AES-GMAC authentication only support to AESNI-MB PMD. The unit test is updated accordingly. Signed-off-by: Fan Zhang --- This patch targets 19.02 release. drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 127 +++++++++++++++++++------ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 +++++ test/test/test_cryptodev.c | 13 +++ 3 files changed, 138 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 83250e32c..3ead8a61f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,11 +909,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..8b4694c13 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -9341,6 +9341,19 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), -- 2.13.6