* [dpdk-dev] [PATCH v1] crypto/aesni_mb: support 3DES
@ 2018-06-08 9:10 Kovacevic, Marko
2018-07-23 8:49 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 3+ messages in thread
From: Kovacevic, Marko @ 2018-06-08 9:10 UTC (permalink / raw)
To: dev; +Cc: pablo.de.lara.guarch, deepak.k.jain, Marko Kovacevic
From: Marko Kovacevic <marko.kovacevic@intel.com>
Added support for 3DES cipher algorithm which
will support 8, 16 and 24 byte keys, which also has been
added in the v0.50 of the IPSec Multi-buffer lib.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 1 +
doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
doc/guides/rel_notes/release_18_08.rst | 5 ++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 68 +++++++++++++++++++++-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 20 +++++++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 18 ++++--
test/test/test_cryptodev.c | 20 +++++++
test/test/test_cryptodev_des_test_vectors.h | 48 +++++++++++++--
8 files changed, 169 insertions(+), 12 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 236828c..e53b121 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -27,6 +27,7 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_AES256_CTR
* RTE_CRYPTO_CIPHER_AES_DOCSISBPI
* RTE_CRYPTO_CIPHER_DES_CBC
+* RTE_CRYPTO_CIPHER_3DES_CBC
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI
Hash algorithms:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 1e263c2..f729574 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -24,6 +24,7 @@ AES CTR (192) = Y
AES CTR (256) = Y
AES DOCSIS BPI = Y
DES CBC = Y
+3DES CBC = Y
DES DOCSIS BPI = Y
;
diff --git a/doc/guides/rel_notes/release_18_08.rst b/doc/guides/rel_notes/release_18_08.rst
index 5bc23c5..b931665 100644
--- a/doc/guides/rel_notes/release_18_08.rst
+++ b/doc/guides/rel_notes/release_18_08.rst
@@ -41,6 +41,11 @@ New Features
Also, make sure to start the actual text at the margin.
=========================================================
+* **Updated the AESNI MB PMD.**
+
+ The AESNI MB PMD has been updated with additional support for:
+
+ * 3DES for 8, 16 and 24 byte keys.
API Changes
-----------
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index bb35c66..80a0372 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -182,6 +182,7 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
const struct rte_crypto_sym_xform *xform)
{
uint8_t is_aes = 0;
+ uint8_t is_3DES = 0;
aes_keyexp_t aes_keyexp_fn;
if (xform == NULL) {
@@ -227,6 +228,10 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
sess->cipher.mode = DOCSIS_DES;
break;
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ sess->cipher.mode = DES3;
+ is_3DES = 1;
+ break;
default:
MB_LOG_ERR("Unsupported cipher mode parameter");
return -ENOTSUP;
@@ -261,11 +266,58 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
+ } else if (is_3DES) {
+
+ uint64_t *keys[3] = {sess->cipher.exp_3des_keys.key[0],
+ sess->cipher.exp_3des_keys.key[1],
+ sess->cipher.exp_3des_keys.key[2]};
+
+ switch (xform->cipher.key.length) {
+
+ case 24:
+ des_key_schedule(keys[0], xform->cipher.key.data);
+ des_key_schedule(keys[1], xform->cipher.key.data+8);
+ des_key_schedule(keys[2], xform->cipher.key.data+16);
+
+ /* Initialize keys - 24 bytes: [K1-K2-K3] */
+ sess->cipher.exp_3des_keys.ks_ptr[0] = keys[0];
+ sess->cipher.exp_3des_keys.ks_ptr[1] = keys[1];
+ sess->cipher.exp_3des_keys.ks_ptr[2] = keys[2];
+ break;
+
+ case 16:
+ des_key_schedule(keys[0], xform->cipher.key.data);
+ des_key_schedule(keys[1], xform->cipher.key.data+8);
+
+ /* Initialize keys - 16 bytes: [K1=K1,K2=K2,K3=K1] */
+ sess->cipher.exp_3des_keys.ks_ptr[0] = keys[0];
+ sess->cipher.exp_3des_keys.ks_ptr[1] = keys[1];
+ sess->cipher.exp_3des_keys.ks_ptr[2] = keys[0];
+ break;
+
+ case 8:
+ des_key_schedule(keys[0], xform->cipher.key.data);
+
+ /* Initialize keys - 8 bytes: [K1 = K2 = K3] */
+ sess->cipher.exp_3des_keys.ks_ptr[0] = keys[0];
+ sess->cipher.exp_3des_keys.ks_ptr[1] = keys[0];
+ sess->cipher.exp_3des_keys.ks_ptr[2] = keys[0];
+ break;
+
+ default:
+ MB_LOG_ERR("Invalid cipher key length");
+ return -EINVAL;
+ }
+
+ sess->cipher.key_length_in_bytes = 24;
+
} else {
+
if (xform->cipher.key.length != 8) {
MB_LOG_ERR("Invalid cipher key length");
return -EINVAL;
}
+
sess->cipher.key_length_in_bytes = 8;
des_key_schedule((uint64_t *)sess->cipher.expanded_aes_keys.encode,
@@ -524,8 +576,20 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
job->cipher_mode = session->cipher.mode;
job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes;
- job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode;
- job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode;
+
+ if (job->cipher_mode == DES3) {
+ job->aes_enc_key_expanded =
+ session->cipher.exp_3des_keys.ks_ptr;
+ job->aes_dec_key_expanded =
+ session->cipher.exp_3des_keys.ks_ptr;
+ } else {
+ job->aes_enc_key_expanded =
+ session->cipher.expanded_aes_keys.encode;
+ job->aes_dec_key_expanded =
+ session->cipher.expanded_aes_keys.decode;
+ }
+
+
/* Set authentication parameters */
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 0153052..a674afb 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -239,6 +239,26 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
+ { /* 3DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 24,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* DES DOCSIS BPI */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index a33b2f6..b6920bc 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -173,12 +173,18 @@ struct aesni_mb_session {
uint64_t key_length_in_bytes;
- struct {
- uint32_t encode[60] __rte_aligned(16);
- /**< encode key */
- uint32_t decode[60] __rte_aligned(16);
- /**< decode key */
- } expanded_aes_keys;
+ union {
+ struct {
+ uint32_t encode[60] __rte_aligned(16);
+ /**< encode key */
+ uint32_t decode[60] __rte_aligned(16);
+ /**< decode key */
+ } expanded_aes_keys;
+ struct {
+ const void *ks_ptr[3];
+ uint64_t key[3][16];
+ } exp_3des_keys;
+ };
/**< Expanded AES keys - Allocating space to
* contain the maximum expanded key size which
* is 240 bytes for 256 bit AES, calculate by:
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 389f796..feb3c13 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -4998,6 +4998,24 @@ test_DES_cipheronly_mb_all(void)
return TEST_SUCCESS;
}
+static int
+test_3DES_cipheronly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool,
+ ts_params->session_mpool,
+ ts_params->valid_devs[0],
+ rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)),
+ BLKCIPHER_3DES_CIPHERONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
static int
test_DES_docsis_mb_all(void)
@@ -9003,6 +9021,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_DES_docsis_mb_all),
TEST_CASE_ST(ut_setup, ut_teardown,
+ test_3DES_cipheronly_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_CCM_authenticated_encryption_test_case_128_1),
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_CCM_authenticated_decryption_test_case_128_1),
diff --git a/test/test/test_cryptodev_des_test_vectors.h b/test/test/test_cryptodev_des_test_vectors.h
index 43be83d..4217b72 100644
--- a/test/test/test_cryptodev_des_test_vectors.h
+++ b/test/test/test_cryptodev_des_test_vectors.h
@@ -792,6 +792,30 @@ triple_des192cbc_hmac_sha1_test_vector = {
.len = 20
}
};
+static const struct blockcipher_test_data
+triple_des64cbc_test_vector = {
+ .crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .cipher_key = {
+ .data = {
+ 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2
+ },
+ .len = 8
+ },
+ .iv = {
+ .data = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ },
+ .len = 8
+ },
+ .plaintext = {
+ .data = plaintext_des,
+ .len = 512
+ },
+ .ciphertext = {
+ .data = ciphertext512_des,
+ .len = 512
+ },
+};
static const struct blockcipher_test_data
des_cbc_test_vector = {
@@ -1205,6 +1229,18 @@ static const struct blockcipher_test_case triple_des_chain_test_cases[] = {
static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = {
{
+ .test_descr = "3DES-64-CBC Encryption",
+ .test_data = &triple_des64cbc_test_vector,
+ .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+ },
+ {
+ .test_descr = "3DES-64-CBC Decryption",
+ .test_data = &triple_des64cbc_test_vector,
+ .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB
+ },
+ {
.test_descr = "3DES-128-CBC Encryption",
.test_data = &triple_des128cbc_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
@@ -1212,7 +1248,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = {
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC |
BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC |
- BLOCKCIPHER_TEST_TARGET_PMD_CCP
+ BLOCKCIPHER_TEST_TARGET_PMD_CCP |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "3DES-128-CBC Decryption",
@@ -1222,7 +1259,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = {
BLOCKCIPHER_TEST_TARGET_PMD_QAT |
BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC |
BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC |
- BLOCKCIPHER_TEST_TARGET_PMD_CCP
+ BLOCKCIPHER_TEST_TARGET_PMD_CCP |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "3DES-192-CBC Encryption",
@@ -1233,7 +1271,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = {
BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC |
BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
- BLOCKCIPHER_TEST_TARGET_PMD_CCP
+ BLOCKCIPHER_TEST_TARGET_PMD_CCP |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "3DES-192-CBC Decryption",
@@ -1244,7 +1283,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = {
BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC |
BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC |
BLOCKCIPHER_TEST_TARGET_PMD_MVSAM |
- BLOCKCIPHER_TEST_TARGET_PMD_CCP
+ BLOCKCIPHER_TEST_TARGET_PMD_CCP |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "3DES-128-CTR Encryption",
--
2.9.5
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH v1] crypto/aesni_mb: support 3DES
2018-06-08 9:10 [dpdk-dev] [PATCH v1] crypto/aesni_mb: support 3DES Kovacevic, Marko
@ 2018-07-23 8:49 ` De Lara Guarch, Pablo
2018-07-23 8:56 ` De Lara Guarch, Pablo
0 siblings, 1 reply; 3+ messages in thread
From: De Lara Guarch, Pablo @ 2018-07-23 8:49 UTC (permalink / raw)
To: Kovacevic, Marko, dev; +Cc: Jain, Deepak K
> -----Original Message-----
> From: Kovacevic, Marko
> Sent: Friday, June 8, 2018 10:10 AM
> To: dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Jain, Deepak K
> <deepak.k.jain@intel.com>; Kovacevic, Marko <marko.kovacevic@intel.com>
> Subject: [PATCH v1] crypto/aesni_mb: support 3DES
>
> From: Marko Kovacevic <marko.kovacevic@intel.com>
>
> Added support for 3DES cipher algorithm which will support 8, 16 and 24 byte
> keys, which also has been added in the v0.50 of the IPSec Multi-buffer lib.
>
> Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH v1] crypto/aesni_mb: support 3DES
2018-07-23 8:49 ` De Lara Guarch, Pablo
@ 2018-07-23 8:56 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 3+ messages in thread
From: De Lara Guarch, Pablo @ 2018-07-23 8:56 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Kovacevic, Marko, dev; +Cc: Jain, Deepak K
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of De Lara Guarch, Pablo
> Sent: Monday, July 23, 2018 9:49 AM
> To: Kovacevic, Marko <marko.kovacevic@intel.com>; dev@dpdk.org
> Cc: Jain, Deepak K <deepak.k.jain@intel.com>
> Subject: Re: [dpdk-dev] [PATCH v1] crypto/aesni_mb: support 3DES
>
>
>
> > -----Original Message-----
> > From: Kovacevic, Marko
> > Sent: Friday, June 8, 2018 10:10 AM
> > To: dev@dpdk.org
> > Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Jain,
> > Deepak K <deepak.k.jain@intel.com>; Kovacevic, Marko
> > <marko.kovacevic@intel.com>
> > Subject: [PATCH v1] crypto/aesni_mb: support 3DES
> >
> > From: Marko Kovacevic <marko.kovacevic@intel.com>
> >
> > Added support for 3DES cipher algorithm which will support 8, 16 and
> > 24 byte keys, which also has been added in the v0.50 of the IPSec Multi-buffer
> lib.
> >
> > Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-23 8:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-08 9:10 [dpdk-dev] [PATCH v1] crypto/aesni_mb: support 3DES Kovacevic, Marko
2018-07-23 8:49 ` De Lara Guarch, Pablo
2018-07-23 8:56 ` De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).