* [dpdk-dev] [PATCH] crypto/aesni_mb: add gmac support @ 2018-11-15 17:24 Fan Zhang 2018-12-11 14:24 ` [dpdk-dev] [PATCH v2] " Fan Zhang 0 siblings, 1 reply; 14+ messages in thread From: Fan Zhang @ 2018-11-15 17:24 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch adds AES-GMAC authentication only support to AESNI-MB PMD. The unit test is updated accordingly. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> --- This patch targets 19.02 release. drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 127 +++++++++++++++++++------ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 +++++ test/test/test_cryptodev.c | 13 +++ 3 files changed, 138 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 83250e32c..3ead8a61f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,11 +909,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..8b4694c13 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -9341,6 +9341,19 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2] crypto/aesni_mb: add gmac support 2018-11-15 17:24 [dpdk-dev] [PATCH] crypto/aesni_mb: add gmac support Fan Zhang @ 2018-12-11 14:24 ` Fan Zhang 2018-12-18 13:51 ` [dpdk-dev] [PATCH v3] " Fan Zhang 0 siblings, 1 reply; 14+ messages in thread From: Fan Zhang @ 2018-12-11 14:24 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch adds AES-GMAC authentication only support to AESNI-MB PMD. The unit test is updated accordingly. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> --- v2: - updated documentation doc/guides/cryptodevs/aesni_mb.rst | 3 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 127 +++++++++++++++++++------ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 +++++ test/test/test_cryptodev.c | 13 +++ 4 files changed, 141 insertions(+), 27 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 63e060d75..c7624fb00 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -40,6 +40,7 @@ Hash algorithms: * RTE_CRYPTO_HASH_SHA512_HMAC * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC AEAD algorithms: @@ -51,6 +52,8 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). +* RTE_CRYPTO_AUTH_AES_GMAC only works properly when Intel multi buffer library + is version 0.51.0 or older. Installation diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 83250e32c..3ead8a61f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,11 +909,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..8b4694c13 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -9341,6 +9341,19 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v3] crypto/aesni_mb: add gmac support 2018-12-11 14:24 ` [dpdk-dev] [PATCH v2] " Fan Zhang @ 2018-12-18 13:51 ` Fan Zhang 2018-12-18 15:22 ` Akhil Goyal 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang 0 siblings, 2 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-18 13:51 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch adds AES-GMAC authentication only support to AESNI-MB PMD. The unit test is updated accordingly. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- v3: - rebased on top of latest code. - updated release note. v2: - updated documentation. doc/guides/cryptodevs/aesni_mb.rst | 6 +- doc/guides/rel_notes/release_19_02.rst | 5 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 127 ++++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_next.c | 126 +++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_next.c | 25 ++++ test/test/test_cryptodev.c | 13 +++ 7 files changed, 272 insertions(+), 55 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 81183b606..71b2cf2c7 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -38,6 +38,7 @@ Hash algorithms: * RTE_CRYPTO_HASH_SHA256_HMAC * RTE_CRYPTO_HASH_SHA384_HMAC * RTE_CRYPTO_HASH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_GMAC * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC * RTE_CRYPTO_HASH_SHA1 @@ -46,6 +47,7 @@ Hash algorithms: * RTE_CRYPTO_HASH_SHA384 * RTE_CRYPTO_HASH_SHA512 + AEAD algorithms: * RTE_CRYPTO_AEAD_AES_CCM @@ -56,8 +58,8 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). -* RTE_CRYPTO_AEAD_AES_GCM only works properly when the multi-buffer library is - 0.51.0 or older. +* RTE_CRYPTO_AEAD_AES_GCM and RTE_CRYPTO_AUTH_AES_GMAC only works properly when + Intel multi buffer library is version 0.51.0 or older. Installation diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst index 0a39723b2..671e9c681 100644 --- a/doc/guides/rel_notes/release_19_02.rst +++ b/doc/guides/rel_notes/release_19_02.rst @@ -65,6 +65,11 @@ New Features Added a new performance test tool to test the compressdev PMD. The tool tests compression ratio and compression throughput. +* **Updated the AESNI MB PMD.** + + The AESNI MB PMD has been updated with additional support for the AES-GMAC + authentication only algorithm. + Removed Items ------------- diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 83250e32c..3ead8a61f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,11 +909,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_next.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_next.c index c794652ce..4e31735ca 100755 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_next.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_next.c @@ -174,6 +174,54 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_128_BYTES; + break; + case AES_192_BYTES: + IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_192_BYTES; + break; + case AES_256_BYTES: + IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_256_BYTES; + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,11 +909,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -879,19 +950,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +996,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_next.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_next.c index c57065d0f..c90f6baa3 100755 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_next.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_next.c @@ -465,6 +465,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..8b4694c13 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -9341,6 +9341,19 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [PATCH v3] crypto/aesni_mb: add gmac support 2018-12-18 13:51 ` [dpdk-dev] [PATCH v3] " Fan Zhang @ 2018-12-18 15:22 ` Akhil Goyal 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang 1 sibling, 0 replies; 14+ messages in thread From: Akhil Goyal @ 2018-12-18 15:22 UTC (permalink / raw) To: Fan Zhang, dev On 12/18/2018 7:21 PM, Fan Zhang wrote: > This patch adds AES-GMAC authentication only support to AESNI-MB > PMD. The unit test is updated accordingly. > > Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> > Acked-by: Damian Nowak <damianx.nowak@intel.com> > --- > v3: > - rebased on top of latest code. > - updated release note. > > v2: > - updated documentation. > Applied to dpdk-next-crypto ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v4 0/3] crypto/aesni_mb: add gmac support 2018-12-18 13:51 ` [dpdk-dev] [PATCH v3] " Fan Zhang 2018-12-18 15:22 ` Akhil Goyal @ 2018-12-19 21:42 ` Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 1/3] " Fan Zhang ` (3 more replies) 1 sibling, 4 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 21:42 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patchset adds the AES-GMAC authentication only support to AESNI-MB PMD, including the driver code, cryptodev unit test, and documentation updates. This patchset is built on top of the patchset "use architecure independent macros" (https://mails.dpdk.org/archives/dev/2018-December/121680.html) Acked-by: Damian Nowak <damianx.nowak@intel.com> v4: - rebased on top of latest "use architecure independent macros" patchset. - patch split. v3: - rebased on top of latest code. - updated release note. v2: - updated documentation. Fan Zhang (3): crypto/aesni_mb: add gmac support test: add aesni-mb gmac test doc: update release note and PMD information doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/rel_notes/release_19_02.rst | 5 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c | 127 ++++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c | 25 ++++ test/test/test_cryptodev.c | 24 ++++ 7 files changed, 281 insertions(+), 53 deletions(-) -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v4 1/3] crypto/aesni_mb: add gmac support 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang @ 2018-12-19 21:42 ` Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 2/3] test: add aesni-mb gmac test Fan Zhang ` (2 subsequent siblings) 3 siblings, 0 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 21:42 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch updates the AESNI-MB PMD to add AES-GMAC support. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c | 127 ++++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c | 25 ++++ 4 files changed, 250 insertions(+), 53 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 2c25b7b32..d34cbc36a 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -173,6 +173,54 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_128_BYTES; + break; + case AES_192_BYTES: + IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_192_BYTES; + break; + case AES_256_BYTES: + IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_256_BYTES; + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -735,8 +783,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -776,7 +832,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -788,7 +845,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -826,11 +884,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -854,19 +925,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -908,13 +971,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c index 83250e32c..56ce54946 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,13 +909,26 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); + break; default: @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 5788e37d1..56d409b4b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -360,6 +360,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v4 2/3] test: add aesni-mb gmac test 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 1/3] " Fan Zhang @ 2018-12-19 21:42 ` Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 3/3] doc: update release note and PMD information Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang 3 siblings, 0 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 21:42 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch adds the GMAC test cases to AESNI-MB crypto unit test. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- test/test/test_cryptodev.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..f17054520 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -21,6 +21,10 @@ #include <rte_cryptodev_scheduler_operations.h> #endif +#ifdef RTE_LIBRTE_PMD_AESNI_MB +#include <intel-ipsec-mb.h> +#endif + #include <rte_lcore.h> #include "test.h" @@ -41,6 +45,11 @@ #define VDEV_ARGS_SIZE 100 #define MAX_NB_SESSIONS 4 +#if !defined(IMB_VERSION_NUM) +#define IMB_VERSION(a, b, c) (((a) << 16) + ((b) << 8) + (c)) +#define IMB_VERSION_NUM IMB_VERSION(0, 49, 0) +#endif + static int gbl_driver_id; struct crypto_testsuite_params { @@ -9228,6 +9237,7 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { +#if IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_encryption_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, @@ -9341,6 +9351,20 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), +#endif /* IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v4 3/3] doc: update release note and PMD information 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 1/3] " Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 2/3] test: add aesni-mb gmac test Fan Zhang @ 2018-12-19 21:42 ` Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang 3 siblings, 0 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 21:42 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch updates the release note and AESNI-MD PMD documentation. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- doc/guides/cryptodevs/aesni_mb.rst | 2 ++ doc/guides/rel_notes/release_19_02.rst | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12532c63e..98082595d 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -40,6 +40,7 @@ Hash algorithms: * RTE_CRYPTO_HASH_SHA512_HMAC * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC +* RTE_CRYPTO_HASH_AES_GMAC AEAD algorithms: @@ -51,6 +52,7 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). +* RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later. Installation diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst index 8deb68b9a..48b183e81 100644 --- a/doc/guides/rel_notes/release_19_02.rst +++ b/doc/guides/rel_notes/release_19_02.rst @@ -60,6 +60,11 @@ New Features * Added the handler to get firmware version string. * Added support for multicast filtering. +* **Updated the AESNI MB PMD.** + + The AESNI MB PMD has been updated with additional support for the AES-GMAC + authentication only algorithm. + Removed Items ------------- -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang ` (2 preceding siblings ...) 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 3/3] doc: update release note and PMD information Fan Zhang @ 2018-12-19 22:04 ` Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 1/3] " Fan Zhang ` (3 more replies) 3 siblings, 4 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 22:04 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patchset adds the AES-GMAC authentication only support to AESNI-MB PMD, including the driver code, cryptodev unit test, and documentation updates. This patchset is built on top of the patchset "use architecure independent macros" (https://mails.dpdk.org/archives/dev/2018-December/121680.html) Acked-by: Damian Nowak <damianx.nowak@intel.com> v5: - changed IMB_VERSION_NUM definition place. v4: - rebased on top of latest "use architecure independent macros" patchset. - patch split. v3: - rebased on top of latest code. - updated release note. v2: - updated documentation. Fan Zhang (3): crypto/aesni_mb: add gmac support test: add aesni-mb gmac test doc: update release note and pmd info doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/rel_notes/release_19_02.rst | 5 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c | 127 ++++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c | 25 ++++ test/test/test_cryptodev.c | 15 +++ test/test/test_cryptodev_hash_test_vectors.h | 9 ++ 8 files changed, 281 insertions(+), 53 deletions(-) -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 1/3] crypto/aesni_mb: add gmac support 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang @ 2018-12-19 22:04 ` Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 2/3] test: add aesni-mb gmac test Fan Zhang ` (2 subsequent siblings) 3 siblings, 0 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 22:04 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch updates the AESNI-MB PMD to add AES-GMAC support. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c | 127 ++++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c | 25 ++++ 4 files changed, 250 insertions(+), 53 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 2c25b7b32..d34cbc36a 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -173,6 +173,54 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_128_BYTES; + break; + case AES_192_BYTES: + IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_192_BYTES; + break; + case AES_256_BYTES: + IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_256_BYTES; + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -735,8 +783,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -776,7 +832,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -788,7 +845,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -826,11 +884,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -854,19 +925,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -908,13 +971,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c index 83250e32c..56ce54946 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,13 +909,26 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); + break; default: @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 5788e37d1..56d409b4b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -360,6 +360,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 2/3] test: add aesni-mb gmac test 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 1/3] " Fan Zhang @ 2018-12-19 22:04 ` Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 3/3] doc: update release note and pmd info Fan Zhang 2018-12-20 12:07 ` [dpdk-dev] [PATCH v6] crypto/aesni_mb: support AES-GMAC Fan Zhang 3 siblings, 0 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 22:04 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch adds the GMAC test cases to AESNI-MB crypto unit test. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- test/test/test_cryptodev.c | 15 +++++++++++++++ test/test/test_cryptodev_hash_test_vectors.h | 9 +++++++++ 2 files changed, 24 insertions(+) diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..f437321ac 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -9228,6 +9228,7 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { +#if IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_encryption_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, @@ -9341,6 +9342,20 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), +#endif /* IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), diff --git a/test/test/test_cryptodev_hash_test_vectors.h b/test/test/test_cryptodev_hash_test_vectors.h index a02dfb3c3..8964a3bac 100644 --- a/test/test/test_cryptodev_hash_test_vectors.h +++ b/test/test/test_cryptodev_hash_test_vectors.h @@ -5,6 +5,15 @@ #ifndef TEST_CRYPTODEV_HASH_TEST_VECTORS_H_ #define TEST_CRYPTODEV_HASH_TEST_VECTORS_H_ +#ifdef RTE_LIBRTE_PMD_AESNI_MB +#include <intel-ipsec-mb.h> +#endif + +#if !defined(IMB_VERSION_NUM) +#define IMB_VERSION(a, b, c) (((a) << 16) + ((b) << 8) + (c)) +#define IMB_VERSION_NUM IMB_VERSION(0, 49, 0) +#endif + static const uint8_t plaintext_hash[] = { "What a lousy earth! He wondered how many people " "were destitute that same night even in his own " -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 3/3] doc: update release note and pmd info 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 1/3] " Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 2/3] test: add aesni-mb gmac test Fan Zhang @ 2018-12-19 22:04 ` Fan Zhang 2018-12-20 12:07 ` [dpdk-dev] [PATCH v6] crypto/aesni_mb: support AES-GMAC Fan Zhang 3 siblings, 0 replies; 14+ messages in thread From: Fan Zhang @ 2018-12-19 22:04 UTC (permalink / raw) To: dev; +Cc: akhil.goyal This patch updates the release note and AESNI-MD PMD documentation. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- doc/guides/cryptodevs/aesni_mb.rst | 2 ++ doc/guides/rel_notes/release_19_02.rst | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12532c63e..98082595d 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -40,6 +40,7 @@ Hash algorithms: * RTE_CRYPTO_HASH_SHA512_HMAC * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC +* RTE_CRYPTO_HASH_AES_GMAC AEAD algorithms: @@ -51,6 +52,7 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). +* RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later. Installation diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst index 8deb68b9a..48b183e81 100644 --- a/doc/guides/rel_notes/release_19_02.rst +++ b/doc/guides/rel_notes/release_19_02.rst @@ -60,6 +60,11 @@ New Features * Added the handler to get firmware version string. * Added support for multicast filtering. +* **Updated the AESNI MB PMD.** + + The AESNI MB PMD has been updated with additional support for the AES-GMAC + authentication only algorithm. + Removed Items ------------- -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v6] crypto/aesni_mb: support AES-GMAC 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang ` (2 preceding siblings ...) 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 3/3] doc: update release note and pmd info Fan Zhang @ 2018-12-20 12:07 ` Fan Zhang 2019-01-09 22:15 ` De Lara Guarch, Pablo 3 siblings, 1 reply; 14+ messages in thread From: Fan Zhang @ 2018-12-20 12:07 UTC (permalink / raw) To: dev; +Cc: akhil.goyal, pablo.de.lara.guarch This patchh adds the AES-GMAC authentication only support to AESNI-MB PMD, including the driver code, cryptodev unit test, and documentation updates. This patch depends on the following patchset "[PATCH v4 0/3] use architecure independent macros" (https://mails.dpdk.org/archives/dev/2018-December/121788.html) Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com> --- v6: - combined the patchset into one patch. v5: - changed IMB_VERSION_NUM definition place. v4: - rebased on top of latest "use architecure independent macros" patchset. - patch split. v3: - rebased on top of latest code. - updated release note. v2: - updated documentation. doc/guides/cryptodevs/aesni_mb.rst | 2 + doc/guides/rel_notes/release_19_02.rst | 1 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c | 127 ++++++++++++++++----- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 25 ++++ .../crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c | 25 ++++ test/test/test_cryptodev.c | 15 +++ test/test/test_cryptodev_hash_test_vectors.h | 9 ++ 8 files changed, 277 insertions(+), 53 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 12532c63e..98082595d 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -40,6 +40,7 @@ Hash algorithms: * RTE_CRYPTO_HASH_SHA512_HMAC * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC +* RTE_CRYPTO_HASH_AES_GMAC AEAD algorithms: @@ -51,6 +52,7 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). +* RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later. Installation diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst index 161974c77..3f513a914 100644 --- a/doc/guides/rel_notes/release_19_02.rst +++ b/doc/guides/rel_notes/release_19_02.rst @@ -67,6 +67,7 @@ New Features * **updated the AESNI-MB PMD.** * Added support for intel-ipsec-mb version 0.52. + * Added AES-GMAC algorithm support. Removed Items diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 2c25b7b32..d34cbc36a 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -173,6 +173,54 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_128_BYTES; + break; + case AES_192_BYTES: + IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_192_BYTES; + break; + case AES_256_BYTES: + IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data, + &sess->cipher.gcm_key); + sess->cipher.key_length_in_bytes = AES_256_BYTES; + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -735,8 +783,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -776,7 +832,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -788,7 +845,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -826,11 +884,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; @@ -854,19 +925,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -908,13 +971,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c index 83250e32c..56ce54946 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c @@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, return 0; } + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) { + sess->cipher.direction = ENCRYPT; + sess->chain_order = CIPHER_HASH; + } else + sess->cipher.direction = DECRYPT; + + sess->auth.algo = AES_GMAC; + /* + * Multi-buffer lib supports 8, 12 and 16 bytes of digest. + * If size requested is different, generate the full digest + * (16 bytes) in a temporary location and then memcpy + * the requested number of bytes. + */ + if (sess->auth.req_digest_len != 16 && + sess->auth.req_digest_len != 12 && + sess->auth.req_digest_len != 8) { + sess->auth.gen_digest_len = 16; + } else { + sess->auth.gen_digest_len = sess->auth.req_digest_len; + } + sess->iv.length = xform->auth.iv.length; + sess->iv.offset = xform->auth.iv.offset; + + switch (xform->auth.key.length) { + case AES_128_BYTES: + sess->cipher.key_length_in_bytes = AES_128_BYTES; + (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_192_BYTES: + sess->cipher.key_length_in_bytes = AES_192_BYTES; + (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + case AES_256_BYTES: + sess->cipher.key_length_in_bytes = AES_256_BYTES; + (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data, + &sess->cipher.gcm_key); + break; + default: + RTE_LOG(ERR, PMD, "failed to parse test type\n"); + return -EINVAL; + } + + return 0; + } + switch (xform->auth.algo) { case RTE_CRYPTO_AUTH_MD5_HMAC: sess->auth.algo = MD5; @@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (session->cipher.mode == GCM) { + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + } else { + /* For GMAC */ + job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, + uint8_t *, op->sym->auth.data.offset); + job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; + job->cipher_mode = GCM; + } job->aes_enc_key_expanded = &session->cipher.gcm_key; job->aes_dec_key_expanded = &session->cipher.gcm_key; break; @@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, rte_pktmbuf_data_len(op->sym->m_src)); } else { m_dst = m_src; - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) m_offset = op->sym->aead.data.offset; else m_offset = op->sym->cipher.data.offset; @@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->auth_tag_output = qp->temp_digests[*digest_idx]; *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) + if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC && + session->cipher.mode == GCM)) job->auth_tag_output = op->sym->aead.digest.data; else job->auth_tag_output = op->sym->auth.digest.data; @@ -851,13 +909,26 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, break; case AES_GMAC: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes; + if (session->cipher.mode == GCM) { + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = + op->sym->aead.data.length; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; + } else { + job->cipher_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_cipher_in_bytes = 0; + job->msg_len_to_hash_in_bytes = 0; + } job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); + break; default: @@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op, - struct aesni_mb_session *sess) +verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status) { - /* Verify digest if required */ - if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) { - if (memcmp(job->auth_tag_output, op->sym->aead.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - sess->auth.req_digest_len) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } + if (memcmp(job->auth_tag_output, digest, len) != 0) + *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } static inline void @@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) case STS_COMPLETED: op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (job->hash_alg != NULL_HASH) { - if (sess->auth.operation == - RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op, sess); + if (job->hash_alg == NULL_HASH) + break; + + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + if (job->hash_alg == AES_CCM || + (job->hash_alg == AES_GMAC && + sess->cipher.mode == GCM)) + verify_digest(job, + op->sym->aead.digest.data, + sess->auth.req_digest_len, + &op->status); else - generate_digest(job, op, sess); - } + verify_digest(job, + op->sym->auth.digest.data, + sess->auth.req_digest_len, + &op->status); + } else + generate_digest(job, op, sess); break; default: op->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 5788e37d1..56d409b4b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -360,6 +360,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c index f3eff2685..1ca6baafa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c @@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 84065eb49..f437321ac 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -9228,6 +9228,7 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { +#if IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_encryption_test_case_1), TEST_CASE_ST(ut_setup, ut_teardown, @@ -9341,6 +9342,20 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_sessionless_test_case_1), + /** AES GMAC Authentication */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_test_case_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GMAC_authentication_verify_test_case_3), +#endif /* IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), diff --git a/test/test/test_cryptodev_hash_test_vectors.h b/test/test/test_cryptodev_hash_test_vectors.h index a02dfb3c3..8964a3bac 100644 --- a/test/test/test_cryptodev_hash_test_vectors.h +++ b/test/test/test_cryptodev_hash_test_vectors.h @@ -5,6 +5,15 @@ #ifndef TEST_CRYPTODEV_HASH_TEST_VECTORS_H_ #define TEST_CRYPTODEV_HASH_TEST_VECTORS_H_ +#ifdef RTE_LIBRTE_PMD_AESNI_MB +#include <intel-ipsec-mb.h> +#endif + +#if !defined(IMB_VERSION_NUM) +#define IMB_VERSION(a, b, c) (((a) << 16) + ((b) << 8) + (c)) +#define IMB_VERSION_NUM IMB_VERSION(0, 49, 0) +#endif + static const uint8_t plaintext_hash[] = { "What a lousy earth! He wondered how many people " "were destitute that same night even in his own " -- 2.13.6 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [PATCH v6] crypto/aesni_mb: support AES-GMAC 2018-12-20 12:07 ` [dpdk-dev] [PATCH v6] crypto/aesni_mb: support AES-GMAC Fan Zhang @ 2019-01-09 22:15 ` De Lara Guarch, Pablo 0 siblings, 0 replies; 14+ messages in thread From: De Lara Guarch, Pablo @ 2019-01-09 22:15 UTC (permalink / raw) To: Zhang, Roy Fan, dev; +Cc: akhil.goyal > -----Original Message----- > From: Zhang, Roy Fan > Sent: Thursday, December 20, 2018 12:08 PM > To: dev@dpdk.org > Cc: akhil.goyal@nxp.com; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Subject: [PATCH v6] crypto/aesni_mb: support AES-GMAC > > This patchh adds the AES-GMAC authentication only support to AESNI-MB > PMD, including the driver code, cryptodev unit test, and documentation > updates. > > This patch depends on the following patchset "[PATCH v4 0/3] use > architecure independent macros" > (https://mails.dpdk.org/archives/dev/2018-December/121788.html) > > Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> > Acked-by: Damian Nowak <damianx.nowak@intel.com> Applied to dpdk-next-crypto. Thanks, Pablo ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-01-09 22:15 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-11-15 17:24 [dpdk-dev] [PATCH] crypto/aesni_mb: add gmac support Fan Zhang 2018-12-11 14:24 ` [dpdk-dev] [PATCH v2] " Fan Zhang 2018-12-18 13:51 ` [dpdk-dev] [PATCH v3] " Fan Zhang 2018-12-18 15:22 ` Akhil Goyal 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 0/3] " Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 1/3] " Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 2/3] test: add aesni-mb gmac test Fan Zhang 2018-12-19 21:42 ` [dpdk-dev] [PATCH v4 3/3] doc: update release note and PMD information Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 0/3] crypto/aesni_mb: add gmac support Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 1/3] " Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 2/3] test: add aesni-mb gmac test Fan Zhang 2018-12-19 22:04 ` [dpdk-dev] [PATCH v5 3/3] doc: update release note and pmd info Fan Zhang 2018-12-20 12:07 ` [dpdk-dev] [PATCH v6] crypto/aesni_mb: support AES-GMAC Fan Zhang 2019-01-09 22:15 ` De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).