From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id EA1C61BC1A for ; Thu, 20 Dec 2018 13:22:18 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Dec 2018 04:22:17 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,376,1539673200"; d="scan'208";a="260999219" Received: from silpixa00398673.ir.intel.com (HELO silpixa00398673.ger.corp.intel.com) ([10.237.223.54]) by orsmga004.jf.intel.com with ESMTP; 20 Dec 2018 04:22:15 -0800 From: Fan Zhang To: dev@dpdk.org Cc: akhil.goyal@nxp.com, pablo.de.lara.guarch@intel.com, Damian Nowak , Lukasz Krakowiak Date: Thu, 20 Dec 2018 12:22:15 +0000 Message-Id: <20181220122215.38943-1-roy.fan.zhang@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20181219232416.38542-1-roy.fan.zhang@intel.com> References: <20181219232416.38542-1-roy.fan.zhang@intel.com> Subject: [dpdk-dev] [PATCH v4] crypto/aesni_mb: support plain SHA X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2018 12:22:19 -0000 This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support to AESNI-MB PMD. The cryptodev unit test and documentation are updated accordingly. This patch depends on "[v6] crypto/aesni_mb: support AES-GMAC" (http://patchwork.dpdk.org/patch/49180/) Signed-off-by: Damian Nowak Signed-off-by: Lukasz Krakowiak Signed-off-by: Fan Zhang --- v4: - combined patches into one. - changed title. v3: - rebased on top of latest code. - avoided test for unsupported library versions. v2: - added implementation. doc/guides/cryptodevs/aesni_mb.rst | 6 ++ doc/guides/rel_notes/release_19_02.rst | 2 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 25 +++++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 105 +++++++++++++++++++++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 7 ++ test/test/test_cryptodev_hash_test_vectors.h | 65 ++++++++++++- 6 files changed, 205 insertions(+), 5 deletions(-) diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 98082595d..26cb4d5b2 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -41,6 +41,11 @@ Hash algorithms: * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC * RTE_CRYPTO_HASH_AES_GMAC +* RTE_CRYPTO_HASH_SHA1 +* RTE_CRYPTO_HASH_SHA224 +* RTE_CRYPTO_HASH_SHA256 +* RTE_CRYPTO_HASH_SHA384 +* RTE_CRYPTO_HASH_SHA512 AEAD algorithms: @@ -53,6 +58,7 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). * RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later. +* RTE_CRYPTO_HASH_SHA* is supported by library version v0.52 or later. Installation diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst index 3f513a914..104b3a8c7 100644 --- a/doc/guides/rel_notes/release_19_02.rst +++ b/doc/guides/rel_notes/release_19_02.rst @@ -66,8 +66,10 @@ New Features compression ratio and compression throughput. * **updated the AESNI-MB PMD.** + * Added support for intel-ipsec-mb version 0.52. * Added AES-GMAC algorithm support. + * Added Plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support. Removed Items diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index d34cbc36a..4e31735ca 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -107,6 +107,7 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, hash_one_block_t hash_oneblock_fn; unsigned int key_larger_block_size = 0; uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 }; + uint32_t auth_precompute = 1; if (xform == NULL) { sess->auth.algo = NULL_HASH; @@ -237,6 +238,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA1: + sess->auth.algo = PLAIN_SHA1; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA224_HMAC: sess->auth.algo = SHA_224; hash_oneblock_fn = mb_mgr->sha224_one_block; @@ -248,6 +253,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA224: + sess->auth.algo = PLAIN_SHA_224; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA256_HMAC: sess->auth.algo = SHA_256; hash_oneblock_fn = mb_mgr->sha256_one_block; @@ -259,6 +268,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA256: + sess->auth.algo = PLAIN_SHA_256; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA384_HMAC: sess->auth.algo = SHA_384; hash_oneblock_fn = mb_mgr->sha384_one_block; @@ -270,6 +283,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA384: + sess->auth.algo = PLAIN_SHA_384; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA512_HMAC: sess->auth.algo = SHA_512; hash_oneblock_fn = mb_mgr->sha512_one_block; @@ -281,6 +298,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA512: + sess->auth.algo = PLAIN_SHA_512; + auth_precompute = 0; + break; default: AESNI_MB_LOG(ERR, "Unsupported authentication algorithm selection"); return -ENOTSUP; @@ -302,6 +323,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, else sess->auth.gen_digest_len = sess->auth.req_digest_len; + /* Plain SHA does not require precompute key */ + if (auth_precompute == 0) + return 0; + /* Calculate Authentication precomputes */ if (key_larger_block_size) { calculate_auth_precomputes(hash_oneblock_fn, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 56d409b4b..c90f6baa3 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -54,6 +54,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA1 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 20, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA224 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -75,6 +96,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA256 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -96,6 +138,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA384 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -117,6 +180,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384, + .block_size = 128, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA512 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -138,6 +222,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512, + .block_size = 128, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES XCBC HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h index d61abfe4f..cdbe7f520 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h @@ -109,6 +109,13 @@ static const unsigned auth_digest_byte_lengths[] = { [AES_CMAC] = 16, [AES_GMAC] = 12, [NULL_HASH] = 0, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; diff --git a/test/test/test_cryptodev_hash_test_vectors.h b/test/test/test_cryptodev_hash_test_vectors.h index 8964a3bac..21bf347f6 100644 --- a/test/test/test_cryptodev_hash_test_vectors.h +++ b/test/test/test_cryptodev_hash_test_vectors.h @@ -96,7 +96,8 @@ sha1_test_vector = { 0x35, 0x62, 0xFB, 0xFA, 0x93, 0xFD, 0x7D, 0x70, 0xA6, 0x7D, 0x45, 0xCA }, - .len = 20 + .len = 20, + .truncated_len = 20 } }; @@ -140,7 +141,8 @@ sha224_test_vector = { 0x39, 0x26, 0xDF, 0xB5, 0x78, 0x62, 0xB2, 0x6E, 0x5E, 0x8F, 0x25, 0x84 }, - .len = 28 + .len = 28, + .truncated_len = 28 } }; @@ -186,7 +188,8 @@ sha256_test_vector = { 0x1F, 0xC7, 0x84, 0xEE, 0x76, 0xA6, 0x39, 0x15, 0x76, 0x2F, 0x87, 0xF9, 0x01, 0x06, 0xF3, 0xB7 }, - .len = 32 + .len = 32, + .truncated_len = 32 } }; @@ -234,7 +237,8 @@ sha384_test_vector = { 0xAD, 0x41, 0xAB, 0x15, 0xB0, 0x03, 0x15, 0xEC, 0x9E, 0x3D, 0xED, 0xCB, 0x80, 0x7B, 0xF4, 0xB6 }, - .len = 48 + .len = 48, + .truncated_len = 48 } }; @@ -288,7 +292,8 @@ sha512_test_vector = { 0x64, 0x4E, 0x15, 0x68, 0x12, 0x67, 0x26, 0x0F, 0x2C, 0x3C, 0x83, 0x25, 0x27, 0x86, 0xF0, 0xDB }, - .len = 64 + .len = 64, + .truncated_len = 64 } }; @@ -428,7 +433,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "SHA1 Digest Verify", @@ -437,7 +447,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "HMAC-SHA1 Digest", @@ -496,7 +511,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "SHA224 Digest Verify", @@ -505,7 +525,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "HMAC-SHA224 Digest", @@ -542,7 +567,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "SHA256 Digest Verify", @@ -551,7 +581,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "HMAC-SHA256 Digest", @@ -590,7 +625,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "SHA384 Digest Verify", @@ -599,7 +639,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "HMAC-SHA384 Digest", @@ -638,7 +683,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "SHA512 Digest Verify", @@ -647,7 +697,12 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION(0, 52, 0) > IMB_VERSION_NUM BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX +#else + BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX | + BLOCKCIPHER_TEST_TARGET_PMD_MB +#endif }, { .test_descr = "HMAC-SHA512 Digest", -- 2.13.6