From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4E492A055A; Fri, 27 May 2022 14:26:22 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2354440E78; Fri, 27 May 2022 14:26:22 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 9ABFC40E5A for ; Fri, 27 May 2022 14:26:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653654380; x=1685190380; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Wcbnhqj38mB8W5v62lLyD7z9jj4A/a8oahWP0yp91IA=; b=aGygLc5wUPFXeq/VX6OzhzhFDN1qwQtGq0GB6UfEuDW2MtGHWFQIUcd9 Xd/kTsGdETgiPQdAe/wFePu72q0VnP4Q4Iwm+HmPdyi1VxrMf3GCi8jSC jM+m6TgQANnqiPZ/WicdnicWcpSaisAZq+VCzwgiw0Y95C3ZW03DUPHZL umUdoptG2wU3mGmHu7dz90AfGUrmnlhrVyborb2O/FF98lv+y55sPfTfv 15jfBLLtTuN6LJ7GrgIq4JdaJRvQhOkstos4d6IixXMfWl/tJ1KqqS41X 9wkDGXKnwTkdtNAIFDhbPJ8vOZaaN5zgQ/xbsA7Lipm4VladWuXgfr/Vt g==; X-IronPort-AV: E=McAfee;i="6400,9594,10359"; a="337510763" X-IronPort-AV: E=Sophos;i="5.91,255,1647327600"; d="scan'208";a="337510763" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 May 2022 05:26:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,255,1647327600"; d="scan'208";a="631570248" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by fmsmga008.fm.intel.com with ESMTP; 27 May 2022 05:26:19 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Fri, 27 May 2022 05:26:18 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Fri, 27 May 2022 05:26:18 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Fri, 27 May 2022 05:26:18 -0700 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.49) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Fri, 27 May 2022 05:26:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gDPUuXjUS4OMDLQOZv0QRsoumMzZkYkuwgcu7e/0g+rflR9sEgLGtSeiVd80yNsi2lYnXJV45nG4qyb6GtkXZarLm39vpQSDpX1Y84khj/2b7Q3JAnF8geQi0v3T50KEal3SEP64GBxam5TLZBRikz5W28pRNfk1lZF4MwqgP/hZBgOaxfMyC0SznKuGu/0OU7deE8HJvkmIQOivTCZnvQAK/xD4N5p9yH/vz6Qsxawb//QeV4SgqqdzcN8xjSWooo2pJ2pewabGg/hriLcNond4FZwcYK/8jMR12etPJCJCBSQMB8efPk8ta0R0N9T96stQIOd13yX95E7IC1jD3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8mW1dJKwApDHAWv0p1p/KlGxjCphta7zgnoxB/fkuFQ=; b=OEiFVG4ul3rmiOuIlEpWcRN3oaRRpKssKIytCps5E18vU8fsQm4XJZ3+TMkNdVd5wLShSi8vJusMvZv3seydnPyjaChGEH2xVQ0Pi0kEDMeNI2stRxcWxDRR6ubHijk7Ykj0oSWx9kNxl9/vSKlnUwEFIXKjo923YcahSmo0paFBnCtCSq61tWXcX+Q3jgR64aaufPwKHD4Rxpc9/oEPcvaW3IkrUJIBiK0KFMisSYbCu/V9cg9HDKxtL9LfDfq1lqX0N2vAxEZ6EKDs9jmUXev1+P3ApX1morecoKyIbqTFatVHAMGSXMKbMlKJE4CDuA7rsKCN5KeL4aKMO7Jeug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW5PR11MB5809.namprd11.prod.outlook.com (2603:10b6:303:197::6) by BY5PR11MB4024.namprd11.prod.outlook.com (2603:10b6:a03:192::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.19; Fri, 27 May 2022 12:26:15 +0000 Received: from MW5PR11MB5809.namprd11.prod.outlook.com ([fe80::b9ba:9827:9cbd:9f37]) by MW5PR11MB5809.namprd11.prod.outlook.com ([fe80::b9ba:9827:9cbd:9f37%5]) with mapi id 15.20.5273.021; Fri, 27 May 2022 12:26:15 +0000 From: "Zhang, Roy Fan" To: "Ji, Kai" , "dev@dpdk.org" CC: "Richardson, Bruce" , "gakhil@marvell.com" Subject: RE: [dpdk-dev v5] crypto/qat: use intel-ipsec-mb for partial hash & aes Thread-Topic: [dpdk-dev v5] crypto/qat: use intel-ipsec-mb for partial hash & aes Thread-Index: AQHYcaeJPin5Wk+6tEKAeLPup6iIkq0yoFUg Date: Fri, 27 May 2022 12:26:15 +0000 Message-ID: References: <20220526104703.83605-1-kai.ji@intel.com> <20220527085512.21427-1-kai.ji@intel.com> In-Reply-To: <20220527085512.21427-1-kai.ji@intel.com> Accept-Language: zh-Hans-HK, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.500.17 dlp-reaction: no-action dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dddd001f-ad42-46a0-cdb1-08da3fdc17d3 x-ms-traffictypediagnostic: BY5PR11MB4024:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VpOIc20LScLhGiGdNA0vWpAcuyb+lOF9+0kkxceDouIHk5+ACjooL57TDu5pNkE3+EnmG6rWl9b9y/MVu7zm6A2RGowIp/KKtJctBr+GzkgTzEdjnwrKC65rgIB1XNUcr6r58rNhBtEnhEDG0KZ1jEYmuyWJ8uNE6/kOI6B93k9DdIjH1HYtiJMR0nk6O7SQyDjPiWiabjDSa6PRaMzP//GApBqzrgP24ZhmctDJjXglT1Dq4GHxAm8IS0TQzakPI3Fyy84jSTL5mUMXjFivHKoBznXHoPEOQAr5e0SVmr2Jqq29p5QVr8LTOUcSUvPABwX2GF3d86pErAOsek1WHUmvClvg8f0QmSTlfKPNnQACri0zfVWOjP5S0oKW27i5q3aQlrLSzzEjddHjdlMXuujWi6TyRFO0uskNqEE1SVVvy4jg2AsFOVVmTSVxSWomdTeUssmXt/6U0nfNTsI9iQgZ82wrO7nuIRy1EmHE5ZFU/tkEwLNdPU2Tog8q7xUu3hz0Fsd302snooSy4k/EZADM2zGRDL4I2YRgCW3sifxHhriP0TcaxGbmmHV2bAChWAZ8bvM/K3DPzWultofM4m3gfC312po6Cf2hyJsPcotB3AtVsgnc6SXu+FloCsMPsHazdYEBUwJ5K18L3E+HxA/NGO80Gtaq6yc49mg9qAIh6RArm4VxEGMMK/6LhZ0kMv609rA8Xr07KwgvQoIy5Q== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW5PR11MB5809.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(83380400001)(71200400001)(4326008)(86362001)(66946007)(76116006)(66476007)(64756008)(66446008)(66556008)(122000001)(8676002)(55016003)(186003)(2906002)(508600001)(54906003)(7696005)(9686003)(8936002)(53546011)(110136005)(30864003)(52536014)(38070700005)(33656002)(82960400001)(316002)(5660300002)(26005)(6506007)(38100700002)(579004)(559001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?0Wxg/JoUah/8v5BPpS2PAfAFNe8mX2ejoN55KM1K8zxLXDQfkk3Btf+m?= =?Windows-1252?Q?ZrdaNr0snc3cm/A6NCdWix45yVNdGf51yrkk97udrnz+2NsQRGNhWco6?= =?Windows-1252?Q?J6GbpEhVPSNuSXNDGPCC4bEusRiGI0FclwL2ug7N5iSPRwe15Aryc+T9?= =?Windows-1252?Q?QuwbEI6KYPQOZyvyvMmVEHZXRiQKwlSNe7ZYvkf/LSKrjOXWbO2/7vkc?= =?Windows-1252?Q?GZ20bNfAxe1DmzR9IG7tRT7v0jb5pI+C5Ns4DmGwd3KmYENWeWJE7Ec2?= =?Windows-1252?Q?LT9utTx0KXvat/jIcCwh8cp7thghQwHgAKhv39MhrVfkTTrXPZNrVOH4?= =?Windows-1252?Q?KB7fn3tccH7Q121BNtMVIyr784iOQUYXagYRjrf/DONAu9qQGM2n0A9D?= =?Windows-1252?Q?cb+vrjPfBG2MiGbRyQ70gY6w+Baf0mx0vDOR52ao89GfMLSGxk+PDtyL?= =?Windows-1252?Q?9MoFZqKWOT0rCuQbGjUrLbPZeLZSQbZje6i/AOzR6HOkVMplZtJTzxZl?= =?Windows-1252?Q?5/JZPM+gn1NI4JuYlpleQoRpULa2wzG7sjSr4dtLFD75jiFa2HThO4D4?= =?Windows-1252?Q?wTF0/tggwbBBreMvph38yxsMxXWL2sXDzCO/qL55AYu2E9GGN6DJ/ApG?= =?Windows-1252?Q?Asvh+iFgxok57hm/oRu++9YFg0DS+Up0k9NswSQsOkAqgRafAhdvNVuu?= =?Windows-1252?Q?NjxMMAl8SRmZA+OBY4Z2DnxvpYqy/3J4sxcoqS4d2tZgmpRfGLMaqqQq?= =?Windows-1252?Q?uDJBLf1tYyl7bsxxOErHG4DkejkSIL1IuKofAnvSNY5DWsEDysb9kpTw?= =?Windows-1252?Q?fJzMGPSGGpyRIgr6L9wqKbLOoGw/rMNMR4ayouohqk8MwfNT8jRn8uN2?= =?Windows-1252?Q?K0zvjzu/dqesBTR39GkUWXv/PQYvubth3YFYyhPt+e6XQGrRSwrzcJnc?= =?Windows-1252?Q?J6EHa9n6OthLIMjOR2YYXQivXWVqlW1Tf6lj+NnsNfmEGG/EmO7RSStg?= =?Windows-1252?Q?RzhCUC5mFXjoD4fdylPLmAhkVnmz/j3pqhUTJsQBU6HA9O7ioM64z3Fu?= =?Windows-1252?Q?1zCud+XveBPxtfcYXl/jrxi+o+JmXjO3dcBDMrFuqHOszNvIBOvKjZWq?= =?Windows-1252?Q?UVudY7do7GTAOzlVmoCCC1EBv44c/ldM19E/gzyqMgijd9bjFvsm86R3?= =?Windows-1252?Q?0PVLbnOcCAP2Wy8Cc4vuNhIie1K4WGYuzqR0gQn39MLF2GsiXrEauxkM?= =?Windows-1252?Q?oxj62H27KPFnh5447EO3v0hHSYsbwG3tBVuD8oZhN5+/ZZMzg6o/Rm8Y?= =?Windows-1252?Q?4YkRX0AWpq+/zC1eQW+tfmXyZBM+EAibI6k73AndkIfhA9dv35mLyfsh?= =?Windows-1252?Q?JXHSjR2BAvaMoPJLkD/yEuptST7c/PRGCpo31oronDX81WiBz/nXUECR?= =?Windows-1252?Q?j8D1aClg/t+Y/HPqQlHh5lGsMxBaeuAMvm6g9SyuqWhS4wS+de+4Z6ef?= =?Windows-1252?Q?XZMyJa7qW6a/LVY8tk8U14394zSL+JUU84RyIFe8Vii/pQOcGwEDvY/G?= =?Windows-1252?Q?D7cCWDIh/08NBI38JuGrnD4Mub8Z3LhuSt4R40ER05xA99WbSclNGrji?= =?Windows-1252?Q?GVNCBoCwGK+kxBxop/mDxRQSn4YDwRri7c55QZdDnTTK0C3rlWRqLwoy?= =?Windows-1252?Q?eJx3cRrMB2Tp+3cLcxRB18C2vwlCeoM1i+pH/EwW3RAc3PZK1EET/1Q6?= =?Windows-1252?Q?X0IQFtRi2RWHr1fMHVrF3/QcYHQn30xf74yiqQLsFdSZBfjMgQtM69Qh?= =?Windows-1252?Q?3F9X7UrNZB23R8tPMZPx03fGFG+J+ZUf50hAFlkrzTYoAmGeluHrM4IU?= =?Windows-1252?Q?ZRZWdM7ZYfq1yg=3D=3D?= Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW5PR11MB5809.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dddd001f-ad42-46a0-cdb1-08da3fdc17d3 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2022 12:26:15.1145 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JShuzEF7xHFvC7w2GPYC02g4BZJTKWkqprz6MnSBIR8o/LqK+1GXqU/1P7rcBPoLGdFATGZ90qSvjDPf2lseAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4024 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Ji, Kai > Sent: Friday, May 27, 2022 9:55 AM > To: dev@dpdk.org > Cc: Zhang, Roy Fan ; Richardson, Bruce > ; gakhil@marvell.com; Ji, Kai > Subject: [dpdk-dev v5] crypto/qat: use intel-ipsec-mb for partial hash & = aes >=20 > Since openssl 3.0 now deprecates the low level API QAT required to > perform partial hash & aes operation when creating the session. This > patch add in qat_ipsec_mb_lib driver parameter to allow QAT PMD to > switch APIs between openssl and intel ipsec-mb library. >=20 > Signed-off-by: Kai Ji > Signed-off-by: Fan Zhang >=20 [FAN: please keep the change log below the "---" line so it won't be captur= ed by git and keep it in the commit log forever]=20 > v5: > - fix of Intel IPSEC-MB lib version check >=20 > v4: > - fix of memory leak in IMB_MGR >=20 > v3: > - Add in qat_ipsec_mb_lib driver parameter >=20 > v2: > - Add AES ECB job function for precompute >=20 > --- > doc/guides/cryptodevs/qat.rst | 13 + > drivers/common/qat/meson.build | 13 + > drivers/common/qat/qat_device.c | 1 + > drivers/common/qat/qat_device.h | 1 + > drivers/crypto/qat/qat_sym.c | 3 + > drivers/crypto/qat/qat_sym_session.c | 503 > ++++++++++++++++++++++++--- > 6 files changed, 491 insertions(+), 43 deletions(-) >=20 > diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rs= t > index 785e041324..d92409b77e 100644 > --- a/doc/guides/cryptodevs/qat.rst > +++ b/doc/guides/cryptodevs/qat.rst > @@ -287,6 +287,19 @@ by comma. When the same parameter is used more > than once first occurrence of the > is used. > Maximum threshold that can be set is 32. >=20 > +Running QAT PMD with Intel IPSEC MB library for symmetric precomputes > function > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~~~~~~~~~~~~~~~~~~~~~ > + > +The QAT PMD use Openssl library for partial hash calculation in symmetir= c > precomputes function by > +default, the following parameter is allow QAT PMD switch over to multi- > buffer job API if Intel > +IPSEC MB library installed on system. > + > +- qat_ipsec_mb_lib > + > +To use this feature the user must set the parameter on process start as = a > device additional parameter:: > + > + -a 03:01.1,qat_ipsec_mb_lib=3D1 > + >=20 > Device and driver naming > ~~~~~~~~~~~~~~~~~~~~~~~~ > diff --git a/drivers/common/qat/meson.build > b/drivers/common/qat/meson.build > index b7027f3164..245c0fbe61 100644 > --- a/drivers/common/qat/meson.build > +++ b/drivers/common/qat/meson.build > @@ -35,6 +35,19 @@ if qat_crypto and not libcrypto.found() > 'missing dependency, libcrypto') > endif >=20 > +IMB_required_ver =3D '1.2.0' > +libipsecmb =3D cc.find_library('IPSec_MB', required: false) > +if libipsecmb.found() > + # version comes with quotes, so we split based on " and take the mid= dle > + imb_ver =3D cc.get_define('IMB_VERSION_STR', > + prefix : '#include').split('"')[1] > + > + if (imb_ver.version_compare('>=3D' + IMB_required_ver)) > + ext_deps +=3D libipsecmb > + dpdk_conf.set('RTE_QAT_LIBIPSECMB', true) > + endif > +endif > + > # The driver should not build if both compression and crypto are disable= d > #FIXME common code depends on compression files so check only > compress! > if not qat_compress # and not qat_crypto > diff --git a/drivers/common/qat/qat_device.c > b/drivers/common/qat/qat_device.c > index 6824d97050..db4b087d2b 100644 > --- a/drivers/common/qat/qat_device.c > +++ b/drivers/common/qat/qat_device.c > @@ -364,6 +364,7 @@ static int qat_pci_probe(struct rte_pci_driver > *pci_drv __rte_unused, > struct qat_pci_device *qat_pci_dev; > struct qat_dev_hw_spec_funcs *ops_hw; > struct qat_dev_cmd_param qat_dev_cmd_param[] =3D { > + { QAT_IPSEC_MB_LIB, 0 }, > { SYM_ENQ_THRESHOLD_NAME, 0 }, > { ASYM_ENQ_THRESHOLD_NAME, 0 }, > { COMP_ENQ_THRESHOLD_NAME, 0 }, > diff --git a/drivers/common/qat/qat_device.h > b/drivers/common/qat/qat_device.h > index 85fae7b7c7..e1a32a7e87 100644 > --- a/drivers/common/qat/qat_device.h > +++ b/drivers/common/qat/qat_device.h > @@ -16,6 +16,7 @@ >=20 > #define QAT_DEV_NAME_MAX_LEN 64 >=20 > +#define QAT_IPSEC_MB_LIB "qat_ipsec_mb_lib" > #define SYM_ENQ_THRESHOLD_NAME "qat_sym_enq_threshold" > #define ASYM_ENQ_THRESHOLD_NAME "qat_asym_enq_threshold" > #define COMP_ENQ_THRESHOLD_NAME "qat_comp_enq_threshold" > diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c > index ca8c9a8124..3477cd89ad 100644 > --- a/drivers/crypto/qat/qat_sym.c > +++ b/drivers/crypto/qat/qat_sym.c > @@ -15,6 +15,7 @@ > #include "qat_qp.h" >=20 > uint8_t qat_sym_driver_id; > +int qat_ipsec_mb_lib; >=20 > struct qat_crypto_gen_dev_ops qat_sym_gen_dev_ops[QAT_N_GENS]; >=20 > @@ -307,6 +308,8 @@ qat_sym_dev_create(struct qat_pci_device > *qat_pci_dev, > if (!strcmp(qat_dev_cmd_param[i].name, > SYM_ENQ_THRESHOLD_NAME)) > internals->min_enq_burst_threshold =3D > qat_dev_cmd_param[i].val; > + if (!strcmp(qat_dev_cmd_param[i].name, > QAT_IPSEC_MB_LIB)) > + qat_ipsec_mb_lib =3D qat_dev_cmd_param[i].val; > i++; > } >=20 > diff --git a/drivers/crypto/qat/qat_sym_session.c > b/drivers/crypto/qat/qat_sym_session.c > index 9d6a19c0be..69a97948f5 100644 > --- a/drivers/crypto/qat/qat_sym_session.c > +++ b/drivers/crypto/qat/qat_sym_session.c > @@ -7,6 +7,10 @@ > #include /* Needed to calculate pre-compute values > */ > #include /* Needed for bpi runt block processing */ >=20 > +#ifdef RTE_QAT_LIBIPSECMB > +#include > +#endif > + > #include > #include > #include > @@ -22,6 +26,12 @@ > #include "qat_sym_session.h" > #include "qat_sym.h" >=20 > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > +#include > +#endif > + > +extern int qat_ipsec_mb_lib; > + > /* SHA1 - 20 bytes - Initialiser state can be found in FIPS stds 180-2 *= / > static const uint8_t sha1InitialState[] =3D { > 0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, > @@ -470,6 +480,21 @@ qat_sym_session_configure(struct rte_cryptodev > *dev, > return -ENOMEM; > } >=20 > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + OSSL_PROVIDER * legacy; > + OSSL_PROVIDER *deflt; > + > + /* Load Multiple providers into the default (NULL) library context */ > + legacy =3D OSSL_PROVIDER_load(NULL, "legacy"); > + if (legacy =3D=3D NULL) > + return -EINVAL; > + > + deflt =3D OSSL_PROVIDER_load(NULL, "default"); > + if (deflt =3D=3D NULL) { > + OSSL_PROVIDER_unload(legacy); > + return -EINVAL; > + } > +#endif > ret =3D qat_sym_session_set_parameters(dev, xform, > sess_private_data); > if (ret !=3D 0) { > QAT_LOG(ERR, > @@ -483,6 +508,10 @@ qat_sym_session_configure(struct rte_cryptodev > *dev, > set_sym_session_private_data(sess, dev->driver_id, > sess_private_data); >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + OSSL_PROVIDER_unload(legacy); > + OSSL_PROVIDER_unload(deflt); > +# endif > return 0; > } >=20 > @@ -1057,6 +1086,293 @@ static int qat_hash_get_block_size(enum > icp_qat_hw_auth_algo qat_hash_alg) > return -EFAULT; > } >=20 > +#define HMAC_IPAD_VALUE 0x36 > +#define HMAC_OPAD_VALUE 0x5c > +#define HASH_XCBC_PRECOMP_KEY_NUM 3 > + > +static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ]; > + > +#ifdef RTE_QAT_LIBIPSECMB > +static int aes_ipsecmb_job(uint8_t *in, uint8_t *out, IMB_MGR *m, > + const uint8_t *key, uint16_t auth_keylen) > +{ > + int err; > + struct IMB_JOB *job; > + DECLARE_ALIGNED(uint32_t expkey[4*15], 16); > + DECLARE_ALIGNED(uint32_t dust[4*15], 16); > + > + if (auth_keylen =3D=3D ICP_QAT_HW_AES_128_KEY_SZ) > + IMB_AES_KEYEXP_128(m, key, expkey, dust); > + else if (auth_keylen =3D=3D ICP_QAT_HW_AES_192_KEY_SZ) > + IMB_AES_KEYEXP_192(m, key, expkey, dust); > + else if (auth_keylen =3D=3D ICP_QAT_HW_AES_256_KEY_SZ) > + IMB_AES_KEYEXP_256(m, key, expkey, dust); > + else > + return -EFAULT; > + > + job =3D IMB_GET_NEXT_JOB(m); > + > + job->src =3D in; > + job->dst =3D out; > + job->enc_keys =3D expkey; > + job->key_len_in_bytes =3D auth_keylen; > + job->msg_len_to_cipher_in_bytes =3D 16; > + job->iv_len_in_bytes =3D 0; > + job->cipher_direction =3D IMB_DIR_ENCRYPT; > + job->cipher_mode =3D IMB_CIPHER_ECB; > + job->hash_alg =3D IMB_AUTH_NULL; > + > + while (IMB_FLUSH_JOB(m) !=3D NULL) > + ; > + > + job =3D IMB_SUBMIT_JOB(m); > + if (job) { > + if (job->status =3D=3D IMB_STATUS_COMPLETED) > + return 0; > + } > + > + err =3D imb_get_errno(m); > + if (err) > + QAT_LOG(ERR, "Error: %s!\n", imb_get_strerror(err)); > + > + return -EFAULT; > +} > + > +static int > +partial_hash_compute_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg, > + uint8_t *data_in, uint8_t *data_out, IMB_MGR *m) > +{ > + int digest_size; > + uint8_t digest[qat_hash_get_digest_size( > + ICP_QAT_HW_AUTH_ALGO_DELIMITER)]; > + uint32_t *hash_state_out_be32; > + uint64_t *hash_state_out_be64; > + int i; > + > + /* Initialize to avoid gcc warning */ > + memset(digest, 0, sizeof(digest)); > + > + digest_size =3D qat_hash_get_digest_size(hash_alg); > + if (digest_size <=3D 0) > + return -EFAULT; > + > + hash_state_out_be32 =3D (uint32_t *)data_out; > + hash_state_out_be64 =3D (uint64_t *)data_out; > + > + switch (hash_alg) { > + case ICP_QAT_HW_AUTH_ALGO_SHA1: > + IMB_SHA1_ONE_BLOCK(m, data_in, digest); > + for (i =3D 0; i < digest_size >> 2; i++, hash_state_out_be32++) > + *hash_state_out_be32 =3D > + rte_bswap32(*(((uint32_t *)digest)+i)); > + break; > + case ICP_QAT_HW_AUTH_ALGO_SHA224: > + IMB_SHA224_ONE_BLOCK(m, data_in, digest); > + for (i =3D 0; i < digest_size >> 2; i++, hash_state_out_be32++) > + *hash_state_out_be32 =3D > + rte_bswap32(*(((uint32_t *)digest)+i)); > + break; > + case ICP_QAT_HW_AUTH_ALGO_SHA256: > + IMB_SHA256_ONE_BLOCK(m, data_in, digest); > + for (i =3D 0; i < digest_size >> 2; i++, hash_state_out_be32++) > + *hash_state_out_be32 =3D > + rte_bswap32(*(((uint32_t *)digest)+i)); > + break; > + case ICP_QAT_HW_AUTH_ALGO_SHA384: > + IMB_SHA384_ONE_BLOCK(m, data_in, digest); > + for (i =3D 0; i < digest_size >> 3; i++, hash_state_out_be64++) > + *hash_state_out_be64 =3D > + rte_bswap64(*(((uint64_t *)digest)+i)); > + break; > + case ICP_QAT_HW_AUTH_ALGO_SHA512: > + IMB_SHA512_ONE_BLOCK(m, data_in, digest); > + for (i =3D 0; i < digest_size >> 3; i++, hash_state_out_be64++) > + *hash_state_out_be64 =3D > + rte_bswap64(*(((uint64_t *)digest)+i)); > + break; > + case ICP_QAT_HW_AUTH_ALGO_MD5: > + IMB_MD5_ONE_BLOCK(m, data_in, data_out); > + break; > + default: > + QAT_LOG(ERR, "invalid hash alg %u", hash_alg); > + return -EFAULT; > + } > + > + return 0; > +} > + > +static int qat_sym_do_precomputes_ipsec_mb(enum > icp_qat_hw_auth_algo hash_alg, > + const uint8_t *auth_key, > + uint16_t auth_keylen, > + uint8_t *p_state_buf, > + uint16_t *p_state_len, > + uint8_t aes_cmac) > +{ > + int block_size; > + uint8_t > ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)]; > + uint8_t > opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)]; > + int i, ret =3D 0; > + > + IMB_MGR *m; > + m =3D alloc_mb_mgr(0); > + if (m =3D=3D NULL) > + return -ENOMEM; > + > + init_mb_mgr_auto(m, NULL); > + > + if (hash_alg =3D=3D ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC) { > + > + /* CMAC */ > + if (aes_cmac) { > + uint8_t *in =3D NULL; > + uint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ]; > + uint8_t *k1, *k2; > + > + auth_keylen =3D ICP_QAT_HW_AES_128_KEY_SZ; > + > + in =3D rte_zmalloc("AES CMAC K1", > + ICP_QAT_HW_AES_128_KEY_SZ, 16); [FAN: other than "in" is allocated and copied 16 bytes of seed, I don't see= it is used anywhere other than freed later. Any reason we need it?]=20 > + > + if (in =3D=3D NULL) { > + QAT_LOG(ERR, "Failed to alloc memory"); > + return -ENOMEM; > + } > + > + rte_memcpy(in, AES_CMAC_SEED, > + ICP_QAT_HW_AES_128_KEY_SZ); > + rte_memcpy(p_state_buf, auth_key, auth_keylen); > + > + DECLARE_ALIGNED(uint32_t expkey[4*15], 16); > + DECLARE_ALIGNED(uint32_t dust[4*15], 16); > + IMB_AES_KEYEXP_128(m, p_state_buf, expkey, > dust); > + k1 =3D p_state_buf + > ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ; > + k2 =3D k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ; > + > + IMB_AES_CMAC_SUBKEY_GEN_128(m, expkey, k1, > k2); > + memset(k0, 0, ICP_QAT_HW_AES_128_KEY_SZ); > + *p_state_len =3D > ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ; [FAN: if we initialize block_size as 0, we can simply set ret =3D 0 and jum= p to out here]=20 > + rte_free(in); > + free_mb_mgr(m); > + return 0; > + } > + > + static uint8_t qat_aes_xcbc_key_seed[ > + ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] > =3D { > + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, > + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, > + 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, > + 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, > + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, > + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, > + }; > + > + uint8_t *in =3D NULL; > + uint8_t *out =3D p_state_buf; > + int x; > + > + in =3D rte_zmalloc("working mem for key", > + ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, > 16); > + if (in =3D=3D NULL) { > + QAT_LOG(ERR, "Failed to alloc memory"); > + return -ENOMEM; > + } > + > + rte_memcpy(in, qat_aes_xcbc_key_seed, > + ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ); > + for (x =3D 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) { > + if (aes_ipsecmb_job(in, out, m, auth_key, > auth_keylen)) { > + rte_free(in - > + (x * > ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ)); > + memset(out - > + (x * > ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ), > + 0, > ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ); > + return -EFAULT; > + } > + > + in +=3D ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ; > + out +=3D ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ; > + } > + *p_state_len =3D ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ; > + rte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ); > + free_mb_mgr(m); > + return 0; > + > + } else if ((hash_alg =3D=3D ICP_QAT_HW_AUTH_ALGO_GALOIS_128) || > + (hash_alg =3D=3D ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) { > + uint8_t *in =3D NULL; > + uint8_t *out =3D p_state_buf; [FAN: doesn't feel we have to allocate "in" at all, why can't we declare in= as an array?] > + > + memset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ + > + ICP_QAT_HW_GALOIS_LEN_A_SZ + > + ICP_QAT_HW_GALOIS_E_CTR0_SZ); > + in =3D rte_zmalloc("working mem for key", > + ICP_QAT_HW_GALOIS_H_SZ, 16); > + if (in =3D=3D NULL) { > + QAT_LOG(ERR, "Failed to alloc memory"); > + return -ENOMEM; > + } > + > + memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ); > + if (aes_ipsecmb_job(in, out, m, auth_key, auth_keylen)) > + return -EFAULT; > + > + *p_state_len =3D ICP_QAT_HW_GALOIS_H_SZ + > + ICP_QAT_HW_GALOIS_LEN_A_SZ + > + ICP_QAT_HW_GALOIS_E_CTR0_SZ; > + rte_free(in); [FAN: if we initialize block_size as 0, we can simply set ret =3D 0 and jum= p to out here] =20 > + free_mb_mgr(m); > + return 0; > + } > + > + block_size =3D qat_hash_get_block_size(hash_alg); > + if (block_size < 0) > + return block_size; > + /* init ipad and opad from key and xor with fixed values */ > + memset(ipad, 0, block_size); > + memset(opad, 0, block_size); > + > + if (auth_keylen > (unsigned int)block_size) { > + QAT_LOG(ERR, "invalid keylen %u", auth_keylen); > + free_mb_mgr(m); > + return -EFAULT; > + } > + rte_memcpy(ipad, auth_key, auth_keylen); > + rte_memcpy(opad, auth_key, auth_keylen); > + > + for (i =3D 0; i < block_size; i++) { > + uint8_t *ipad_ptr =3D ipad + i; > + uint8_t *opad_ptr =3D opad + i; > + *ipad_ptr ^=3D HMAC_IPAD_VALUE; > + *opad_ptr ^=3D HMAC_OPAD_VALUE; > + } > + > + /* do partial hash of ipad and copy to state1 */ > + if (partial_hash_compute_ipsec_mb(hash_alg, ipad, p_state_buf, m)) > { > + QAT_LOG(ERR, "ipad precompute failed"); > + ret =3D -EFAULT; > + goto out; > + } > + > + /* > + * State len is a multiple of 8, so may be larger than the digest. > + * Put the partial hash of opad state_len bytes after state1 > + */ > + *p_state_len =3D qat_hash_get_state1_size(hash_alg); > + if (partial_hash_compute_ipsec_mb(hash_alg, opad, > + p_state_buf + *p_state_len, m)) { > + QAT_LOG(ERR, "opad precompute failed"); > + ret =3D -EFAULT; > + goto out; > + } > + > +out: > + /* don't leave data lying around */ > + memset(ipad, 0, block_size); > + memset(opad, 0, block_size); > + free_mb_mgr(m); > + return ret; > +} > +#endif > static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out) > { > SHA_CTX ctx; > @@ -1124,6 +1440,20 @@ static int partial_hash_md5(uint8_t *data_in, > uint8_t *data_out) > return 0; > } >=20 > +static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived) > +{ > + int i; > + > + derived[0] =3D base[0] << 1; > + for (i =3D 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) { > + derived[i] =3D base[i] << 1; > + derived[i - 1] |=3D base[i] >> 7; > + } > + > + if (base[0] & 0x80) > + derived[ICP_QAT_HW_AES_BLK_SZ - 1] ^=3D > QAT_AES_CMAC_CONST_RB; > +} > + > static int > partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg, > uint8_t *data_in, uint8_t *data_out) > @@ -1192,25 +1522,6 @@ partial_hash_compute(enum > icp_qat_hw_auth_algo hash_alg, >=20 > return 0; > } > -#define HMAC_IPAD_VALUE 0x36 > -#define HMAC_OPAD_VALUE 0x5c > -#define HASH_XCBC_PRECOMP_KEY_NUM 3 > - > -static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ]; > - > -static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived) > -{ > - int i; > - > - derived[0] =3D base[0] << 1; > - for (i =3D 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) { > - derived[i] =3D base[i] << 1; > - derived[i - 1] |=3D base[i] >> 7; > - } > - > - if (base[0] & 0x80) > - derived[ICP_QAT_HW_AES_BLK_SZ - 1] ^=3D > QAT_AES_CMAC_CONST_RB; > -} >=20 > static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, > const uint8_t *auth_key, > @@ -1695,6 +2006,7 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > uint32_t *aad_len =3D NULL; > uint32_t wordIndex =3D 0; > uint32_t *pTempKey; > + int ret =3D 0; >=20 > if (cdesc->qat_cmd =3D=3D ICP_QAT_FW_LA_CMD_AUTH) { > ICP_QAT_FW_COMN_CURR_ID_SET(hash_cd_ctrl, > @@ -1766,9 +2078,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > break; > } > /* SHA-1 HMAC */ > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey, > - authkeylen, cdesc->cd_cur_ptr, &state1_size, > - cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D > qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA1, > + authkey, authkeylen, cdesc->cd_cur_ptr, > &state1_size, > + cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey, > + authkeylen, cdesc->cd_cur_ptr, &state1_size, > + cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(SHA)precompute failed"); > return -EFAULT; > } > @@ -1784,9 +2109,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > break; > } > /* SHA-224 HMAC */ > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey, > - authkeylen, cdesc->cd_cur_ptr, &state1_size, > - cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D > qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA224, > + authkey, authkeylen, cdesc->cd_cur_ptr, > &state1_size, > + cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey, > + authkeylen, cdesc->cd_cur_ptr, &state1_size, > + cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(SHA)precompute failed"); > return -EFAULT; > } > @@ -1802,9 +2140,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > break; > } > /* SHA-256 HMAC */ > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey, > - authkeylen, cdesc->cd_cur_ptr, &state1_size, > - cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D > qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA256, > + authkey, authkeylen, cdesc->cd_cur_ptr, > &state1_size, > + cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey, > + authkeylen, cdesc->cd_cur_ptr, &state1_size, > + cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(SHA)precompute failed"); > return -EFAULT; > } > @@ -1820,9 +2171,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > break; > } > /* SHA-384 HMAC */ > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey, > - authkeylen, cdesc->cd_cur_ptr, &state1_size, > - cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D > qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA384, > + authkey, authkeylen, cdesc->cd_cur_ptr, > &state1_size, > + cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey, > + authkeylen, cdesc->cd_cur_ptr, &state1_size, > + cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(SHA)precompute failed"); > return -EFAULT; > } > @@ -1838,9 +2202,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > break; > } > /* SHA-512 HMAC */ > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey, > - authkeylen, cdesc->cd_cur_ptr, &state1_size, > - cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D > qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA512, > + authkey, authkeylen, cdesc->cd_cur_ptr, > &state1_size, > + cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey, > + authkeylen, cdesc->cd_cur_ptr, &state1_size, > + cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(SHA)precompute failed"); > return -EFAULT; > } > @@ -1851,9 +2228,23 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, >=20 > if (cdesc->aes_cmac) > memset(cdesc->cd_cur_ptr, 0, state1_size); > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC, > - authkey, authkeylen, cdesc->cd_cur_ptr + > state1_size, > - &state2_size, cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D qat_sym_do_precomputes_ipsec_mb( > + > ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC, > + authkey, authkeylen, cdesc->cd_cur_ptr + > state1_size, > + &state2_size, cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC, > + authkey, authkeylen, cdesc->cd_cur_ptr + > state1_size, > + &state2_size, cdesc->aes_cmac); > + } > + > + if (ret) { > cdesc->aes_cmac ? QAT_LOG(ERR, > "(CMAC)precompute failed") > : QAT_LOG(ERR, > @@ -1865,9 +2256,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, > case ICP_QAT_HW_AUTH_ALGO_GALOIS_64: > cdesc->qat_proto_flag =3D QAT_CRYPTO_PROTO_FLAG_GCM; > state1_size =3D ICP_QAT_HW_GALOIS_128_STATE1_SZ; > - if (qat_sym_do_precomputes(cdesc->qat_hash_alg, authkey, > - authkeylen, cdesc->cd_cur_ptr + state1_size, > - &state2_size, cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D qat_sym_do_precomputes_ipsec_mb(cdesc- > >qat_hash_alg, authkey, > + authkeylen, cdesc->cd_cur_ptr + state1_size, > + &state2_size, cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?"); > + return -EFAULT; > +#endif > + } else { > + ret =3D qat_sym_do_precomputes(cdesc- > >qat_hash_alg, authkey, > + authkeylen, cdesc->cd_cur_ptr + state1_size, > + &state2_size, cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(GCM)precompute failed"); > return -EFAULT; > } > @@ -1923,9 +2327,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session > *cdesc, >=20 > break; > case ICP_QAT_HW_AUTH_ALGO_MD5: > - if > (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey, > - authkeylen, cdesc->cd_cur_ptr, &state1_size, > - cdesc->aes_cmac)) { > + if (qat_ipsec_mb_lib) { > +#ifdef RTE_QAT_LIBIPSECMB > + ret =3D > qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_MD5, > + authkey, authkeylen, cdesc->cd_cur_ptr, > &state1_size, > + cdesc->aes_cmac); > +#else > + QAT_LOG(ERR, "Intel IPSEC-MB LIB missing"); > + return -EFAULT; > +#endif > + } else { > + ret =3D > qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey, > + authkeylen, cdesc->cd_cur_ptr, &state1_size, > + cdesc->aes_cmac); > + } > + > + if (ret) { > QAT_LOG(ERR, "(MD5)precompute failed"); > return -EFAULT; > } > -- > 2.17.1