From: Ciara Power <ciara.power@intel.com>
To: dev@dpdk.org
Cc: kai.ji@intel.com, gakhil@marvell.com,
Pablo de Lara <pablo.de.lara.guarch@intel.com>,
Ciara Power <ciara.power@intel.com>
Subject: [PATCH v2 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms
Date: Tue, 16 May 2023 15:24:15 +0000 [thread overview]
Message-ID: <20230516152422.606617-2-ciara.power@intel.com> (raw)
In-Reply-To: <20230516152422.606617-1-ciara.power@intel.com>
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
AES-GMAC can be done with auth-only enums
IMB_AES_GMAC_128/192/256, which allows another cipher
algorithm to be used, instead of being part of AES-GCM.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 104 +++++++++++--------------
1 file changed, 47 insertions(+), 57 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ac20d01937..c53548aa3b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -57,8 +57,7 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
{
return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
hash_alg == IMB_AUTH_AES_CCM ||
- (hash_alg == IMB_AUTH_AES_GMAC &&
- cipher_mode == IMB_CIPHER_GCM));
+ cipher_mode == IMB_CIPHER_GCM);
}
/** Set session authentication parameters */
@@ -155,7 +154,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
} else
sess->cipher.direction = IMB_DIR_DECRYPT;
- sess->auth.algo = IMB_AUTH_AES_GMAC;
if (sess->auth.req_digest_len >
get_digest_byte_length(IMB_AUTH_AES_GMAC)) {
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
@@ -167,16 +165,19 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
switch (xform->auth.key.length) {
case IMB_KEY_128_BYTES:
+ sess->auth.algo = IMB_AUTH_AES_GMAC_128;
IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
&sess->cipher.gcm_key);
sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
break;
case IMB_KEY_192_BYTES:
+ sess->auth.algo = IMB_AUTH_AES_GMAC_192;
IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
&sess->cipher.gcm_key);
sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
break;
case IMB_KEY_256_BYTES:
+ sess->auth.algo = IMB_AUTH_AES_GMAC_256;
IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
&sess->cipher.gcm_key);
sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
@@ -1039,19 +1040,20 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
break;
case IMB_AUTH_AES_GMAC:
- if (session->cipher.mode == IMB_CIPHER_GCM) {
- job->u.GCM.aad = aad->va;
- job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
- } else {
- /* For GMAC */
- job->u.GCM.aad = buf;
- job->u.GCM.aad_len_in_bytes = len;
- job->cipher_mode = IMB_CIPHER_GCM;
- }
+ job->u.GCM.aad = aad->va;
+ job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
job->enc_keys = &session->cipher.gcm_key;
job->dec_keys = &session->cipher.gcm_key;
break;
+ case IMB_AUTH_AES_GMAC_128:
+ case IMB_AUTH_AES_GMAC_192:
+ case IMB_AUTH_AES_GMAC_256:
+ job->u.GMAC._key = &session->cipher.gcm_key;
+ job->u.GMAC._iv = iv->va;
+ job->u.GMAC.iv_len_in_bytes = session->iv.length;
+ break;
+
case IMB_AUTH_CHACHA20_POLY1305:
job->u.CHACHA20_POLY1305.aad = aad->va;
job->u.CHACHA20_POLY1305.aad_len_in_bytes =
@@ -1091,16 +1093,10 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
job->dst = (uint8_t *)buf + sofs.ofs.cipher.head;
job->cipher_start_src_offset_in_bytes = sofs.ofs.cipher.head;
job->hash_start_src_offset_in_bytes = sofs.ofs.auth.head;
- if (job->hash_alg == IMB_AUTH_AES_GMAC &&
- session->cipher.mode != IMB_CIPHER_GCM) {
- job->msg_len_to_hash_in_bytes = 0;
- job->msg_len_to_cipher_in_bytes = 0;
- } else {
- job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head -
- sofs.ofs.auth.tail;
- job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head -
- sofs.ofs.cipher.tail;
- }
+ job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head -
+ sofs.ofs.auth.tail;
+ job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head -
+ sofs.ofs.cipher.tail;
job->user_data = udata;
}
@@ -1184,8 +1180,6 @@ sgl_linear_cipher_auth_len(IMB_JOB *job, uint64_t *auth_len)
job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN)
*auth_len = (job->msg_len_to_hash_in_bits >> 3) +
job->hash_start_src_offset_in_bytes;
- else if (job->hash_alg == IMB_AUTH_AES_GMAC)
- *auth_len = job->u.GCM.aad_len_in_bytes;
else
*auth_len = job->msg_len_to_hash_in_bytes +
job->hash_start_src_offset_in_bytes;
@@ -1352,24 +1346,24 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
break;
case IMB_AUTH_AES_GMAC:
- if (session->cipher.mode == IMB_CIPHER_GCM) {
- job->u.GCM.aad = op->sym->aead.aad.data;
- job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
- if (sgl) {
- job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
- job->cipher_mode = IMB_CIPHER_GCM_SGL;
- job->hash_alg = IMB_AUTH_GCM_SGL;
- }
- } else {
- /* For GMAC */
- job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,
- uint8_t *, op->sym->auth.data.offset);
- job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;
- job->cipher_mode = IMB_CIPHER_GCM;
+ job->u.GCM.aad = op->sym->aead.aad.data;
+ job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+ if (sgl) {
+ job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
+ job->cipher_mode = IMB_CIPHER_GCM_SGL;
+ job->hash_alg = IMB_AUTH_GCM_SGL;
}
job->enc_keys = &session->cipher.gcm_key;
job->dec_keys = &session->cipher.gcm_key;
break;
+ case IMB_AUTH_AES_GMAC_128:
+ case IMB_AUTH_AES_GMAC_192:
+ case IMB_AUTH_AES_GMAC_256:
+ job->u.GMAC._key = &session->cipher.gcm_key;
+ job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+ session->auth_iv.offset);
+ job->u.GMAC.iv_len_in_bytes = session->auth_iv.length;
+ break;
case IMB_AUTH_ZUC_EIA3_BITLEN:
case IMB_AUTH_ZUC256_EIA3_BITLEN:
job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
@@ -1472,19 +1466,21 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
break;
case IMB_AUTH_AES_GMAC:
- if (session->cipher.mode == IMB_CIPHER_GCM) {
- job->hash_start_src_offset_in_bytes =
- op->sym->aead.data.offset;
- job->msg_len_to_hash_in_bytes =
- op->sym->aead.data.length;
- } else { /* AES-GMAC only, only AAD used */
- job->msg_len_to_hash_in_bytes = 0;
- job->hash_start_src_offset_in_bytes = 0;
- }
-
+ job->hash_start_src_offset_in_bytes =
+ op->sym->aead.data.offset;
+ job->msg_len_to_hash_in_bytes =
+ op->sym->aead.data.length;
job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->iv.offset);
break;
+ case IMB_AUTH_AES_GMAC_128:
+ case IMB_AUTH_AES_GMAC_192:
+ case IMB_AUTH_AES_GMAC_256:
+ job->hash_start_src_offset_in_bytes =
+ op->sym->auth.data.offset;
+ job->msg_len_to_hash_in_bytes =
+ op->sym->auth.data.length;
+ break;
case IMB_AUTH_GCM_SGL:
case IMB_AUTH_CHACHA20_POLY1305_SGL:
@@ -1567,15 +1563,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
op->sym->cipher.data.length;
break;
case IMB_CIPHER_GCM:
- if (session->cipher.mode == IMB_CIPHER_NULL) {
- /* AES-GMAC only (only AAD used) */
- job->msg_len_to_cipher_in_bytes = 0;
- job->cipher_start_src_offset_in_bytes = 0;
- } else {
- job->cipher_start_src_offset_in_bytes =
- op->sym->aead.data.offset;
- job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
- }
+ job->cipher_start_src_offset_in_bytes =
+ op->sym->aead.data.offset;
+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
break;
case IMB_CIPHER_CCM:
case IMB_CIPHER_CHACHA20_POLY1305:
--
2.25.1
next prev parent reply other threads:[~2023-05-16 15:24 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-21 13:12 [PATCH 0/8] add AESNI_MB optimisations Ciara Power
2023-04-21 13:12 ` [PATCH 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Ciara Power
2023-04-21 13:12 ` [PATCH 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-04-21 13:12 ` [PATCH 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-04-21 13:12 ` [PATCH 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-04-21 13:12 ` [PATCH 5/8] crypto/ipsec_mb: store template job Ciara Power
2023-04-21 13:12 ` [PATCH 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-04-21 13:12 ` [PATCH 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-04-21 13:12 ` [PATCH 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2024-02-22 20:52 ` Wathsala Wathawana Vithanage
2023-05-16 12:25 ` [EXT] [PATCH 0/8] add AESNI_MB optimisations Akhil Goyal
2023-05-16 12:54 ` Power, Ciara
2023-05-16 15:24 ` [PATCH v2 " Ciara Power
2023-05-16 15:24 ` Ciara Power [this message]
2023-05-16 15:24 ` [PATCH v2 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-05-16 15:24 ` [PATCH v2 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-05-16 15:24 ` [PATCH v2 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-05-16 15:24 ` [PATCH v2 5/8] crypto/ipsec_mb: store template job Ciara Power
2023-05-16 15:24 ` [PATCH v2 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-05-16 15:24 ` [PATCH v2 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-05-16 15:24 ` [PATCH v2 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2023-06-10 20:15 ` Thomas Monjalon
2023-06-14 5:35 ` [EXT] " Akhil Goyal
2023-06-15 2:46 ` Fangming Fang
2023-06-15 4:47 ` Akhil Goyal
2023-06-16 9:25 ` De Lara Guarch, Pablo
2023-06-16 9:38 ` Akhil Goyal
2023-06-20 6:32 ` Fangming Fang
2024-02-21 5:01 ` Patrick Robb
2024-02-21 5:10 ` [EXT] " Honnappa Nagarahalli
2024-02-21 5:23 ` Patrick Robb
2024-02-21 9:50 ` Power, Ciara
2024-02-21 19:09 ` Patrick Robb
2024-02-22 1:55 ` [EXT] " Wathsala Wathawana Vithanage
2024-02-26 23:23 ` Wathsala Wathawana Vithanage
2024-02-27 1:05 ` Patrick Robb
2024-02-27 6:13 ` Akhil Goyal
2024-03-05 17:36 ` Wathsala Wathawana Vithanage
2023-06-20 14:41 ` Thomas Monjalon
2023-06-21 19:11 ` De Lara Guarch, Pablo
2023-05-17 16:44 ` [PATCH v2 0/8] add AESNI_MB optimisations Ji, Kai
2023-05-24 11:44 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230516152422.606617-2-ciara.power@intel.com \
--to=ciara.power@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).