From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 57C42B33E for ; Tue, 20 Dec 2016 22:24:15 +0100 (CET) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP; 20 Dec 2016 13:24:14 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,380,1477983600"; d="scan'208";a="44775368" Received: from dwdohert-dpdk.ir.intel.com ([163.33.210.152]) by orsmga005.jf.intel.com with ESMTP; 20 Dec 2016 13:24:13 -0800 To: Pablo de Lara References: <1481817632-183082-1-git-send-email-pablo.de.lara.guarch@intel.com> <1482168543-40289-1-git-send-email-pablo.de.lara.guarch@intel.com> <1482168543-40289-4-git-send-email-pablo.de.lara.guarch@intel.com> Cc: dev@dpdk.org From: Declan Doherty Message-ID: <8a72d410-75df-224f-9e3b-5c5503065c75@intel.com> Date: Tue, 20 Dec 2016 21:16:18 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <1482168543-40289-4-git-send-email-pablo.de.lara.guarch@intel.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2016 21:24:16 -0000 On 19/12/16 17:29, Pablo de Lara wrote: > Update driver to use new AESNI Multibuffer IPSec library single > operation functionality (cipher only and authentication only). > This patch also adds tests for this new feature. > > Signed-off-by: Pablo de Lara > --- > app/test/test_cryptodev.c | 34 ++++++++ > app/test/test_cryptodev_aes_test_vectors.h | 36 +++++--- > app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++---- > doc/guides/cryptodevs/aesni_mb.rst | 2 - > doc/guides/rel_notes/release_17_02.rst | 1 + > drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 ++++++++++++++++------ > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++ > 7 files changed, 172 insertions(+), 59 deletions(-) > > diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c > index f1f3542..5895d99 100644 > --- a/app/test/test_cryptodev.c > +++ b/app/test/test_cryptodev.c > @@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, > } > > static int > +test_AES_cipheronly_mb_all(void) > +{ > + struct crypto_testsuite_params *ts_params = &testsuite_params; > + int status; > + > + status = test_blockcipher_all_tests(ts_params->mbuf_pool, > + ts_params->op_mpool, ts_params->valid_devs[0], > + RTE_CRYPTODEV_AESNI_MB_PMD, > + BLKCIPHER_AES_CIPHERONLY_TYPE); > + > + TEST_ASSERT_EQUAL(status, 0, "Test failed"); > + > + return TEST_SUCCESS; > +} > + > +static int > +test_authonly_mb_all(void) > +{ > + struct crypto_testsuite_params *ts_params = &testsuite_params; > + int status; > + > + status = test_blockcipher_all_tests(ts_params->mbuf_pool, > + ts_params->op_mpool, ts_params->valid_devs[0], > + RTE_CRYPTODEV_AESNI_MB_PMD, > + BLKCIPHER_AUTHONLY_TYPE); > + > + TEST_ASSERT_EQUAL(status, 0, "Test failed"); > + > + return TEST_SUCCESS; > +} > + > +static int > test_AES_chain_mb_all(void) > { > struct crypto_testsuite_params *ts_params = &testsuite_params; > @@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { > .teardown = testsuite_teardown, > .unit_test_cases = { > TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), > + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), > + TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all), > > TEST_CASES_END() /**< NULL terminate unit test array */ > } > diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h > index efbe7da..898aae1 100644 > --- a/app/test/test_cryptodev_aes_test_vectors.h > +++ b/app/test/test_cryptodev_aes_test_vectors.h > @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = { > .test_data = &aes_test_data_4, > .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-128-CBC Decryption", > .test_data = &aes_test_data_4, > .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-192-CBC Encryption", > .test_data = &aes_test_data_10, > .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-192-CBC Decryption", > .test_data = &aes_test_data_10, > .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-256-CBC Encryption", > .test_data = &aes_test_data_11, > .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-256-CBC Decryption", > .test_data = &aes_test_data_11, > .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-128-CTR Encryption", > .test_data = &aes_test_data_1, > .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-128-CTR Decryption", > .test_data = &aes_test_data_1, > .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-192-CTR Encryption", > .test_data = &aes_test_data_2, > .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-192-CTR Decryption", > .test_data = &aes_test_data_2, > .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-256-CTR Encryption", > .test_data = &aes_test_data_3, > .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "AES-256-CTR Decryption", > .test_data = &aes_test_data_3, > .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, > .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > - BLOCKCIPHER_TEST_TARGET_PMD_QAT > + BLOCKCIPHER_TEST_TARGET_PMD_QAT | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > }; > > diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h > index 9f095cf..a8f9da0 100644 > --- a/app/test/test_cryptodev_hash_test_vectors.h > +++ b/app/test/test_cryptodev_hash_test_vectors.h > @@ -97,7 +97,8 @@ hmac_md5_test_vector = { > 0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE, > 0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B > }, > - .len = 16 > + .len = 16, > + .truncated_len = 12 > } > }; > > @@ -139,7 +140,8 @@ hmac_sha1_test_vector = { > 0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17, > 0x3F, 0x91, 0x64, 0x59 > }, > - .len = 20 > + .len = 20, > + .truncated_len = 12 > } > }; > > @@ -184,7 +186,8 @@ hmac_sha224_test_vector = { > 0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F, > 0x92, 0xF6, 0xAA, 0x19 > }, > - .len = 28 > + .len = 28, > + .truncated_len = 14 > } > }; > > @@ -229,7 +232,8 @@ hmac_sha256_test_vector = { > 0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77, > 0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17 > }, > - .len = 32 > + .len = 32, > + .truncated_len = 16 > } > }; > > @@ -280,7 +284,8 @@ hmac_sha384_test_vector = { > 0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0, > 0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E > }, > - .len = 48 > + .len = 48, > + .truncated_len = 24 > } > }; > > @@ -337,7 +342,8 @@ hmac_sha512_test_vector = { > 0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87, > 0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20 > }, > - .len = 64 > + .len = 64, > + .truncated_len = 32 > } > }; > > @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { > .test_descr = "HMAC-MD5 Digest", > .test_data = &hmac_md5_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "HMAC-MD5 Digest Verify", > .test_data = &hmac_md5_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "SHA1 Digest", > @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { > .test_descr = "HMAC-SHA1 Digest", > .test_data = &hmac_sha1_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "HMAC-SHA1 Digest Verify", > .test_data = &hmac_sha1_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "SHA224 Digest", > @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { > .test_descr = "HMAC-SHA224 Digest", > .test_data = &hmac_sha224_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "HMAC-SHA224 Digest Verify", > .test_data = &hmac_sha224_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "SHA256 Digest", > @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { > .test_descr = "HMAC-SHA256 Digest", > .test_data = &hmac_sha256_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "HMAC-SHA256 Digest Verify", > .test_data = &hmac_sha256_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "SHA384 Digest", > @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { > .test_descr = "HMAC-SHA384 Digest", > .test_data = &hmac_sha384_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "HMAC-SHA384 Digest Verify", > .test_data = &hmac_sha384_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "SHA512 Digest", > @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { > .test_descr = "HMAC-SHA512 Digest", > .test_data = &hmac_sha512_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > { > .test_descr = "HMAC-SHA512 Digest Verify", > .test_data = &hmac_sha512_test_vector, > .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, > - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL > + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | > + BLOCKCIPHER_TEST_TARGET_PMD_MB > }, > }; > > diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst > index b47cb6a..cb429d7 100644 > --- a/doc/guides/cryptodevs/aesni_mb.rst > +++ b/doc/guides/cryptodevs/aesni_mb.rst > @@ -62,8 +62,6 @@ Limitations > ----------- > > * Chained mbufs are not supported. > -* Hash only is not supported. > -* Cipher only is not supported. > * Only in-place is currently supported (destination address is the same as source address). > * Only supports session-oriented API implementation (session-less APIs are not supported). > > diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst > index 4f666df..5aa8a94 100644 > --- a/doc/guides/rel_notes/release_17_02.rst > +++ b/doc/guides/rel_notes/release_17_02.rst > @@ -49,6 +49,7 @@ New Features > > * The Intel(R) Multi Buffer Crypto for IPsec library used in > AESNI MB PMD has been moved to a new repository, in github. > + * Support for single operations (cipher only and authentication only). > > > Resolved Issues > diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > index 7443b47..bafd4d7 100644 > --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > @@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash, > } > > /** Get xform chain order */ > -static int > +static enum aesni_mb_operation > aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform) > { > - /* > - * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained > - * operations, all other options are invalid, so we must have exactly > - * 2 xform structs chained together > - */ > - if (xform->next == NULL || xform->next->next != NULL) > - return -1; > - > - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && > - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) > - return HASH_CIPHER; > + if (xform == NULL) > + return AESNI_MB_OP_NOT_SUPPORTED; > + > + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { > + if (xform->next == NULL) > + return AESNI_MB_OP_CIPHER_ONLY; > + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) > + return AESNI_MB_OP_CIPHER_HASH; > + } > > - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && > - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) > - return CIPHER_HASH; > + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { > + if (xform->next == NULL) > + return AESNI_MB_OP_HASH_ONLY; > + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) > + return AESNI_MB_OP_HASH_CIPHER; > + } > > - return -1; > + return AESNI_MB_OP_NOT_SUPPORTED; > } > > /** Set session authentication parameters */ > @@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops, > { > hash_one_block_t hash_oneblock_fn; > > + if (xform == NULL) { > + sess->auth.algo = NULL_HASH; > + return 0; > + } > + > if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) { > MB_LOG_ERR("Crypto xform struct not of type auth"); > return -1; > } > > + /* Select auth generate/verify */ > + sess->auth.operation = xform->auth.op; > + > /* Set Authentication Parameters */ > if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) { > sess->auth.algo = AES_XCBC; > @@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops, > { > aes_keyexp_t aes_keyexp_fn; > > + if (xform == NULL) { > + sess->cipher.mode = NULL_CIPHER; > + return 0; > + } > + > if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) { > MB_LOG_ERR("Crypto xform struct not of type cipher"); > return -1; > @@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops, > > /* Select Crypto operation - hash then cipher / cipher then hash */ > switch (aesni_mb_get_chain_order(xform)) { > - case HASH_CIPHER: > + case AESNI_MB_OP_HASH_CIPHER: > sess->chain_order = HASH_CIPHER; > auth_xform = xform; > cipher_xform = xform->next; > break; > - case CIPHER_HASH: > + case AESNI_MB_OP_CIPHER_HASH: > sess->chain_order = CIPHER_HASH; > auth_xform = xform->next; > cipher_xform = xform; > break; > + case AESNI_MB_OP_HASH_ONLY: > + sess->chain_order = HASH_CIPHER; > + auth_xform = xform; > + cipher_xform = NULL; > + break; > + case AESNI_MB_OP_CIPHER_ONLY: > + /* > + * Multi buffer library operates only at two modes, > + * CIPHER_HASH and HASH_CIPHER. When doing ciphering only, > + * chain order depends on cipher operation: encryption is always > + * the first operation and decryption the last one. > + */ > + if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) > + sess->chain_order = CIPHER_HASH; > + else > + sess->chain_order = HASH_CIPHER; > + auth_xform = NULL; > + cipher_xform = xform; > + break; > + case AESNI_MB_OP_NOT_SUPPORTED: > default: > MB_LOG_ERR("Unsupported operation chain order parameter"); > return -1; > @@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op, > } > > /* Set digest output location */ > - if (job->cipher_direction == DECRYPT) { > + if (job->hash_alg != NULL_HASH && > + session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { > job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst, > get_digest_byte_length(job->hash_alg)); > > @@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) > (struct rte_crypto_op *)job->user_data; > struct rte_mbuf *m_dst = > (struct rte_mbuf *)job->user_data2; > + struct aesni_mb_session *sess; > > if (op == NULL || m_dst == NULL) > return NULL; > @@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) > if (unlikely(job->status != STS_COMPLETED)) { > op->status = RTE_CRYPTO_OP_STATUS_ERROR; > return op; > - } else if (job->chain_order == HASH_CIPHER) { > - /* Verify digest if required */ > - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, > - job->auth_tag_output_len_in_bytes) != 0) > - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; > - > - /* trim area used for digest from mbuf */ > - rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg)); > + } else if (job->hash_alg != NULL_HASH) { > + sess = (struct aesni_mb_session *)op->sym->session->_private; > + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { > + /* Verify digest if required */ > + if (memcmp(job->auth_tag_output, > + op->sym->auth.digest.data, > + job->auth_tag_output_len_in_bytes) != 0) > + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; > + > + /* trim area used for digest from mbuf */ > + rte_pktmbuf_trim(m_dst, > + get_digest_byte_length(job->hash_alg)); > + } > } > > /* Free session if a session-less crypto op */ > diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > index 17f367f..5f125b2 100644 > --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > @@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo) > return auth_digest_byte_lengths[algo]; > } > > +enum aesni_mb_operation { > + AESNI_MB_OP_HASH_CIPHER, > + AESNI_MB_OP_CIPHER_HASH, > + AESNI_MB_OP_HASH_ONLY, > + AESNI_MB_OP_CIPHER_ONLY, > + AESNI_MB_OP_NOT_SUPPORTED > +}; > > /** private data structure for each virtual AESNI device */ > struct aesni_mb_private { > @@ -185,6 +192,8 @@ struct aesni_mb_session { > /** Authentication Parameters */ > struct { > JOB_HASH_ALG algo; /**< Authentication Algorithm */ > + enum rte_crypto_auth_operation operation; > + /**< auth operation generate or verify */ > union { > struct { > uint8_t inner[128] __rte_aligned(16); > Acked-by: Declan Doherty