* [PATCH v2 0/3] AESNI MB PMD updates
@ 2016-12-15 16:00 Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 1/3] doc: update AESNI MB PMD guide Pablo de Lara
` (3 more replies)
0 siblings, 4 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-15 16:00 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
The library used in AESNI MB PMD, Intel Multi Buffer Crypto for IPsec,
has been migrated to a new location, in github (see documentation patch
for the link).
The library has also been updated, so single crypto operations
are supported (cipher and authentication only). Therefore, the PMD
has been updated to support these operations.
This patchset depends on patchset "Add scatter-gather list capability to
Intel QuickAssist Technology driver" (http://dpdk.org/ml/archives/dev/2016-November/050947.html)
Changes in v2:
- Fixed hash only tests, including truncated digest length
Pablo de Lara (3):
doc: update AESNI MB PMD guide
crypto/aesni_mb: add single operation functionality
doc: add missing supported algos for AESNI MB PMD
app/test/test_cryptodev.c | 34 ++++++++++++++++++
app/test/test_cryptodev_aes_test_vectors.h | 36 ++++++++++++-------
app/test/test_cryptodev_hash_test_vectors.h | 54 +++++++++++++++++++----------
doc/guides/cryptodevs/aesni_mb.rst | 14 +++-----
doc/guides/rel_notes/release_17_02.rst | 8 +++++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 49 +++++++++++++++++---------
6 files changed, 140 insertions(+), 55 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v2 1/3] doc: update AESNI MB PMD guide
2016-12-15 16:00 [PATCH v2 0/3] AESNI MB PMD updates Pablo de Lara
@ 2016-12-15 16:00 ` Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 2/3] crypto/aesni_mb: add single operation functionality Pablo de Lara
` (2 subsequent siblings)
3 siblings, 0 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-15 16:00 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
The Intel(R) Multi Buffer Crypto library used in the AESNI MB PMD
has been moved to a new repository, in github.
This patch updates the link where it can be downloaded.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 10 +++-------
doc/guides/rel_notes/release_17_02.rst | 7 +++++++
2 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index e812e95..b47cb6a 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -66,21 +66,17 @@ Limitations
* Cipher only is not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).
-* Not performance tuned.
Installation
------------
To build DPDK with the AESNI_MB_PMD the user is required to download the mult-
-buffer library from `here <https://downloadcenter.intel.com/download/22972>`_
-and compile it on their user system before building DPDK. When building the
-multi-buffer library it is necessary to have YASM package installed and also
-requires the overriding of YASM path when building, as a path is hard coded in
-the Makefile of the release package.
+buffer library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
.. code-block:: console
- make YASM=/usr/bin/yasm
+ make
Initialization
--------------
diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
index 873333b..4f666df 100644
--- a/doc/guides/rel_notes/release_17_02.rst
+++ b/doc/guides/rel_notes/release_17_02.rst
@@ -44,6 +44,13 @@ New Features
* Scatter-gather list (SGL) support.
+
+* **Updated the AESNI MB PMD.**
+
+ * The Intel(R) Multi Buffer Crypto for IPsec library used in
+ AESNI MB PMD has been moved to a new repository, in github.
+
+
Resolved Issues
---------------
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v2 2/3] crypto/aesni_mb: add single operation functionality
2016-12-15 16:00 [PATCH v2 0/3] AESNI MB PMD updates Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 1/3] doc: update AESNI MB PMD guide Pablo de Lara
@ 2016-12-15 16:00 ` Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 3/3] doc: add missing supported algos for AESNI MB PMD Pablo de Lara
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
3 siblings, 0 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-15 16:00 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
Update driver to use new AESNI Multibuffer IPSec library single
operation functionality (cipher only and authentication only).
This patch also adds tests for this new feature.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
app/test/test_cryptodev.c | 34 ++++++++++++++++++
app/test/test_cryptodev_aes_test_vectors.h | 36 ++++++++++++-------
app/test/test_cryptodev_hash_test_vectors.h | 54 +++++++++++++++++++----------
doc/guides/cryptodevs/aesni_mb.rst | 2 --
doc/guides/rel_notes/release_17_02.rst | 1 +
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 49 +++++++++++++++++---------
6 files changed, 128 insertions(+), 48 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f1f3542..5895d99 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
}
static int
+test_AES_cipheronly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool, ts_params->valid_devs[0],
+ RTE_CRYPTODEV_AESNI_MB_PMD,
+ BLKCIPHER_AES_CIPHERONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
+
+static int
+test_authonly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool, ts_params->valid_devs[0],
+ RTE_CRYPTODEV_AESNI_MB_PMD,
+ BLKCIPHER_AUTHONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
+
+static int
test_AES_chain_mb_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
.teardown = testsuite_teardown,
.unit_test_cases = {
TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
TEST_CASES_END() /**< NULL terminate unit test array */
}
diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
index efbe7da..898aae1 100644
--- a/app/test/test_cryptodev_aes_test_vectors.h
+++ b/app/test/test_cryptodev_aes_test_vectors.h
@@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CBC Decryption",
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Encryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Decryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Encryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Decryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Encryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Decryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Encryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Decryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Encryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Decryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};
diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
index 9f095cf..a8f9da0 100644
--- a/app/test/test_cryptodev_hash_test_vectors.h
+++ b/app/test/test_cryptodev_hash_test_vectors.h
@@ -97,7 +97,8 @@ hmac_md5_test_vector = {
0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
},
- .len = 16
+ .len = 16,
+ .truncated_len = 12
}
};
@@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
0x3F, 0x91, 0x64, 0x59
},
- .len = 20
+ .len = 20,
+ .truncated_len = 12
}
};
@@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
0x92, 0xF6, 0xAA, 0x19
},
- .len = 28
+ .len = 28,
+ .truncated_len = 14
}
};
@@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
},
- .len = 32
+ .len = 32,
+ .truncated_len = 16
}
};
@@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
},
- .len = 48
+ .len = 48,
+ .truncated_len = 24
}
};
@@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
},
- .len = 64
+ .len = 64,
+ .truncated_len = 32
}
};
@@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-MD5 Digest",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-MD5 Digest Verify",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA1 Digest",
@@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA1 Digest",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA1 Digest Verify",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA224 Digest",
@@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA224 Digest",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA224 Digest Verify",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA256 Digest",
@@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA256 Digest",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA256 Digest Verify",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA384 Digest",
@@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA384 Digest",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA384 Digest Verify",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA512 Digest",
@@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA512 Digest",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA512 Digest Verify",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index b47cb6a..cb429d7 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -62,8 +62,6 @@ Limitations
-----------
* Chained mbufs are not supported.
-* Hash only is not supported.
-* Cipher only is not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).
diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
index 4f666df..5aa8a94 100644
--- a/doc/guides/rel_notes/release_17_02.rst
+++ b/doc/guides/rel_notes/release_17_02.rst
@@ -49,6 +49,7 @@ New Features
* The Intel(R) Multi Buffer Crypto for IPsec library used in
AESNI MB PMD has been moved to a new repository, in github.
+ * Support for single operations (cipher only and authentication only).
Resolved Issues
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index f07cd07..7591cc5 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -110,21 +110,22 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
static int
aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
{
- /*
- * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
- * operations, all other options are invalid, so we must have exactly
- * 2 xform structs chained together
- */
- if (xform->next == NULL || xform->next->next != NULL)
+ if (xform == NULL)
return -1;
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
- return HASH_CIPHER;
-
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ if ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
+ (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) &&
+ ((xform->next == NULL) ||
+ (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)))
return CIPHER_HASH;
+ if ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
+ (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) &&
+ (xform->next == NULL))
+ return HASH_CIPHER;
+ if ((xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
+ (xform->next == NULL ||
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER))
+ return HASH_CIPHER;
return -1;
}
@@ -137,6 +138,11 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
{
hash_one_block_t hash_oneblock_fn;
+ if (xform == NULL) {
+ sess->auth.algo = NULL_HASH;
+ return 0;
+ }
+
if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
MB_LOG_ERR("Crypto xform struct not of type auth");
return -1;
@@ -199,6 +205,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
{
aes_keyexp_t aes_keyexp_fn;
+ if (xform == NULL) {
+ sess->cipher.mode = NULL_CIPHER;
+ return 0;
+ }
+
if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
MB_LOG_ERR("Crypto xform struct not of type cipher");
return -1;
@@ -270,8 +281,13 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
switch (aesni_mb_get_chain_order(xform)) {
case HASH_CIPHER:
sess->chain_order = HASH_CIPHER;
- auth_xform = xform;
- cipher_xform = xform->next;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ auth_xform = xform;
+ cipher_xform = xform->next;
+ } else {
+ cipher_xform = xform;
+ auth_xform = xform->next;
+ }
break;
case CIPHER_HASH:
sess->chain_order = CIPHER_HASH;
@@ -396,7 +412,7 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
}
/* Set digest output location */
- if (job->cipher_direction == DECRYPT) {
+ if (job->cipher_direction == DECRYPT && job->hash_alg != NULL_HASH) {
job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
get_digest_byte_length(job->hash_alg));
@@ -471,7 +487,8 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
return op;
} else if (job->chain_order == HASH_CIPHER) {
/* Verify digest if required */
- if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
+ if (job->hash_alg != NULL_HASH && memcmp(job->auth_tag_output,
+ op->sym->auth.digest.data,
job->auth_tag_output_len_in_bytes) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v2 3/3] doc: add missing supported algos for AESNI MB PMD
2016-12-15 16:00 [PATCH v2 0/3] AESNI MB PMD updates Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 1/3] doc: update AESNI MB PMD guide Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 2/3] crypto/aesni_mb: add single operation functionality Pablo de Lara
@ 2016-12-15 16:00 ` Pablo de Lara
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
3 siblings, 0 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-15 16:00 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
AESNI MB PMD supports SHA224-HMAC and SHA384-HMAC,
but the documentation was not updated with this.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index cb429d7..8b18eba 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -55,7 +55,9 @@ Cipher algorithms:
Hash algorithms:
* RTE_CRYPTO_HASH_SHA1_HMAC
+* RTE_CRYPTO_HASH_SHA224_HMAC
* RTE_CRYPTO_HASH_SHA256_HMAC
+* RTE_CRYPTO_HASH_SHA384_HMAC
* RTE_CRYPTO_HASH_SHA512_HMAC
Limitations
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v3 0/4] AESNI MB PMD updates
2016-12-15 16:00 [PATCH v2 0/3] AESNI MB PMD updates Pablo de Lara
` (2 preceding siblings ...)
2016-12-15 16:00 ` [PATCH v2 3/3] doc: add missing supported algos for AESNI MB PMD Pablo de Lara
@ 2016-12-19 17:28 ` Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session Pablo de Lara
` (4 more replies)
3 siblings, 5 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-19 17:28 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
The library used in AESNI MB PMD, Intel Multi Buffer Crypto for IPsec,
has been migrated to a new location, in github (see documentation patch
for the link).
The library has also been updated, so single crypto operations
are supported (cipher and authentication only). Therefore, the PMD
has been updated to support these operations.
This patchset depends on patchset "Add scatter-gather list capability to
Intel QuickAssist Technology driver" (http://dpdk.org/ml/archives/dev/2016-November/050947.html)
Changes in v3:
- Included authentication operation in private session,
since digest only has to be trimmed from buffer when digest is verified
- Fixed missing crypto session save in crypto operation when it is sessionless
- Made operation mode setting more clear (CIPHER_HASH, HASH_CIPHER)
Changes in v2:
- Fixed hash only tests, including truncated digest length
Pablo de Lara (4):
crypto/aesni_mb: fix incorrect crypto session
doc: update AESNI MB PMD guide
crypto/aesni_mb: add single operation functionality
doc: add missing supported algos for AESNI MB PMD
app/test/test_cryptodev.c | 34 ++++++++
app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
doc/guides/cryptodevs/aesni_mb.rst | 14 ++--
doc/guides/rel_notes/release_17_02.rst | 8 ++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 96 ++++++++++++++++------
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
7 files changed, 185 insertions(+), 66 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
@ 2016-12-19 17:29 ` Pablo de Lara
2016-12-20 21:18 ` Declan Doherty
2016-12-19 17:29 ` [PATCH v3 2/4] doc: update AESNI MB PMD guide Pablo de Lara
` (3 subsequent siblings)
4 siblings, 1 reply; 12+ messages in thread
From: Pablo de Lara @ 2016-12-19 17:29 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara, stable
When using sessionless crypto operations, crypto session
is obtained from a pool of sessions, when processing the
operation. Once the operation is processed, the session
is put back in the pool, but for the AESNI MB PMD, this
session was not being saved in the operation and therefore,
it did not return to the session pool.
Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto")
CC: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index f07cd07..7443b47 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -322,6 +322,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
rte_mempool_put(qp->sess_mp, _sess);
sess = NULL;
}
+ op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
}
return sess;
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v3 2/4] doc: update AESNI MB PMD guide
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session Pablo de Lara
@ 2016-12-19 17:29 ` Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality Pablo de Lara
` (2 subsequent siblings)
4 siblings, 0 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-19 17:29 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
The Intel(R) Multi Buffer Crypto library used in the AESNI MB PMD
has been moved to a new repository, in github.
This patch updates the link where it can be downloaded.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 10 +++-------
doc/guides/rel_notes/release_17_02.rst | 7 +++++++
2 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index e812e95..b47cb6a 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -66,21 +66,17 @@ Limitations
* Cipher only is not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).
-* Not performance tuned.
Installation
------------
To build DPDK with the AESNI_MB_PMD the user is required to download the mult-
-buffer library from `here <https://downloadcenter.intel.com/download/22972>`_
-and compile it on their user system before building DPDK. When building the
-multi-buffer library it is necessary to have YASM package installed and also
-requires the overriding of YASM path when building, as a path is hard coded in
-the Makefile of the release package.
+buffer library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
.. code-block:: console
- make YASM=/usr/bin/yasm
+ make
Initialization
--------------
diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
index 873333b..4f666df 100644
--- a/doc/guides/rel_notes/release_17_02.rst
+++ b/doc/guides/rel_notes/release_17_02.rst
@@ -44,6 +44,13 @@ New Features
* Scatter-gather list (SGL) support.
+
+* **Updated the AESNI MB PMD.**
+
+ * The Intel(R) Multi Buffer Crypto for IPsec library used in
+ AESNI MB PMD has been moved to a new repository, in github.
+
+
Resolved Issues
---------------
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 2/4] doc: update AESNI MB PMD guide Pablo de Lara
@ 2016-12-19 17:29 ` Pablo de Lara
2016-12-20 21:16 ` Declan Doherty
2016-12-19 17:29 ` [PATCH v3 4/4] doc: add missing supported algos for AESNI MB PMD Pablo de Lara
2016-12-26 16:29 ` [PATCH v3 0/4] AESNI MB PMD updates De Lara Guarch, Pablo
4 siblings, 1 reply; 12+ messages in thread
From: Pablo de Lara @ 2016-12-19 17:29 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
Update driver to use new AESNI Multibuffer IPSec library single
operation functionality (cipher only and authentication only).
This patch also adds tests for this new feature.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
app/test/test_cryptodev.c | 34 ++++++++
app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
doc/guides/cryptodevs/aesni_mb.rst | 2 -
doc/guides/rel_notes/release_17_02.rst | 1 +
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 ++++++++++++++++------
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
7 files changed, 172 insertions(+), 59 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f1f3542..5895d99 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
}
static int
+test_AES_cipheronly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool, ts_params->valid_devs[0],
+ RTE_CRYPTODEV_AESNI_MB_PMD,
+ BLKCIPHER_AES_CIPHERONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
+
+static int
+test_authonly_mb_all(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ int status;
+
+ status = test_blockcipher_all_tests(ts_params->mbuf_pool,
+ ts_params->op_mpool, ts_params->valid_devs[0],
+ RTE_CRYPTODEV_AESNI_MB_PMD,
+ BLKCIPHER_AUTHONLY_TYPE);
+
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ return TEST_SUCCESS;
+}
+
+static int
test_AES_chain_mb_all(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
.teardown = testsuite_teardown,
.unit_test_cases = {
TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
TEST_CASES_END() /**< NULL terminate unit test array */
}
diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
index efbe7da..898aae1 100644
--- a/app/test/test_cryptodev_aes_test_vectors.h
+++ b/app/test/test_cryptodev_aes_test_vectors.h
@@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CBC Decryption",
.test_data = &aes_test_data_4,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Encryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CBC Decryption",
.test_data = &aes_test_data_10,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Encryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CBC Decryption",
.test_data = &aes_test_data_11,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Encryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-128-CTR Decryption",
.test_data = &aes_test_data_1,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Encryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-192-CTR Decryption",
.test_data = &aes_test_data_2,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Encryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "AES-256-CTR Decryption",
.test_data = &aes_test_data_3,
.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
.pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
- BLOCKCIPHER_TEST_TARGET_PMD_QAT
+ BLOCKCIPHER_TEST_TARGET_PMD_QAT |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};
diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
index 9f095cf..a8f9da0 100644
--- a/app/test/test_cryptodev_hash_test_vectors.h
+++ b/app/test/test_cryptodev_hash_test_vectors.h
@@ -97,7 +97,8 @@ hmac_md5_test_vector = {
0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
},
- .len = 16
+ .len = 16,
+ .truncated_len = 12
}
};
@@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
0x3F, 0x91, 0x64, 0x59
},
- .len = 20
+ .len = 20,
+ .truncated_len = 12
}
};
@@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
0x92, 0xF6, 0xAA, 0x19
},
- .len = 28
+ .len = 28,
+ .truncated_len = 14
}
};
@@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
},
- .len = 32
+ .len = 32,
+ .truncated_len = 16
}
};
@@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
},
- .len = 48
+ .len = 48,
+ .truncated_len = 24
}
};
@@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
},
- .len = 64
+ .len = 64,
+ .truncated_len = 32
}
};
@@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-MD5 Digest",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-MD5 Digest Verify",
.test_data = &hmac_md5_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA1 Digest",
@@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA1 Digest",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA1 Digest Verify",
.test_data = &hmac_sha1_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA224 Digest",
@@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA224 Digest",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA224 Digest Verify",
.test_data = &hmac_sha224_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA256 Digest",
@@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA256 Digest",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA256 Digest Verify",
.test_data = &hmac_sha256_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA384 Digest",
@@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA384 Digest",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA384 Digest Verify",
.test_data = &hmac_sha384_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "SHA512 Digest",
@@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
.test_descr = "HMAC-SHA512 Digest",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
{
.test_descr = "HMAC-SHA512 Digest Verify",
.test_data = &hmac_sha512_test_vector,
.op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
- .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
+ .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
+ BLOCKCIPHER_TEST_TARGET_PMD_MB
},
};
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index b47cb6a..cb429d7 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -62,8 +62,6 @@ Limitations
-----------
* Chained mbufs are not supported.
-* Hash only is not supported.
-* Cipher only is not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).
diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
index 4f666df..5aa8a94 100644
--- a/doc/guides/rel_notes/release_17_02.rst
+++ b/doc/guides/rel_notes/release_17_02.rst
@@ -49,6 +49,7 @@ New Features
* The Intel(R) Multi Buffer Crypto for IPsec library used in
AESNI MB PMD has been moved to a new repository, in github.
+ * Support for single operations (cipher only and authentication only).
Resolved Issues
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 7443b47..bafd4d7 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
}
/** Get xform chain order */
-static int
+static enum aesni_mb_operation
aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
{
- /*
- * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
- * operations, all other options are invalid, so we must have exactly
- * 2 xform structs chained together
- */
- if (xform->next == NULL || xform->next->next != NULL)
- return -1;
-
- if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
- return HASH_CIPHER;
+ if (xform == NULL)
+ return AESNI_MB_OP_NOT_SUPPORTED;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ if (xform->next == NULL)
+ return AESNI_MB_OP_CIPHER_ONLY;
+ if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ return AESNI_MB_OP_CIPHER_HASH;
+ }
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
- return CIPHER_HASH;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ if (xform->next == NULL)
+ return AESNI_MB_OP_HASH_ONLY;
+ if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+ return AESNI_MB_OP_HASH_CIPHER;
+ }
- return -1;
+ return AESNI_MB_OP_NOT_SUPPORTED;
}
/** Set session authentication parameters */
@@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
{
hash_one_block_t hash_oneblock_fn;
+ if (xform == NULL) {
+ sess->auth.algo = NULL_HASH;
+ return 0;
+ }
+
if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
MB_LOG_ERR("Crypto xform struct not of type auth");
return -1;
}
+ /* Select auth generate/verify */
+ sess->auth.operation = xform->auth.op;
+
/* Set Authentication Parameters */
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
sess->auth.algo = AES_XCBC;
@@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
{
aes_keyexp_t aes_keyexp_fn;
+ if (xform == NULL) {
+ sess->cipher.mode = NULL_CIPHER;
+ return 0;
+ }
+
if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
MB_LOG_ERR("Crypto xform struct not of type cipher");
return -1;
@@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
/* Select Crypto operation - hash then cipher / cipher then hash */
switch (aesni_mb_get_chain_order(xform)) {
- case HASH_CIPHER:
+ case AESNI_MB_OP_HASH_CIPHER:
sess->chain_order = HASH_CIPHER;
auth_xform = xform;
cipher_xform = xform->next;
break;
- case CIPHER_HASH:
+ case AESNI_MB_OP_CIPHER_HASH:
sess->chain_order = CIPHER_HASH;
auth_xform = xform->next;
cipher_xform = xform;
break;
+ case AESNI_MB_OP_HASH_ONLY:
+ sess->chain_order = HASH_CIPHER;
+ auth_xform = xform;
+ cipher_xform = NULL;
+ break;
+ case AESNI_MB_OP_CIPHER_ONLY:
+ /*
+ * Multi buffer library operates only at two modes,
+ * CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
+ * chain order depends on cipher operation: encryption is always
+ * the first operation and decryption the last one.
+ */
+ if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ sess->chain_order = CIPHER_HASH;
+ else
+ sess->chain_order = HASH_CIPHER;
+ auth_xform = NULL;
+ cipher_xform = xform;
+ break;
+ case AESNI_MB_OP_NOT_SUPPORTED:
default:
MB_LOG_ERR("Unsupported operation chain order parameter");
return -1;
@@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
}
/* Set digest output location */
- if (job->cipher_direction == DECRYPT) {
+ if (job->hash_alg != NULL_HASH &&
+ session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
get_digest_byte_length(job->hash_alg));
@@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
(struct rte_crypto_op *)job->user_data;
struct rte_mbuf *m_dst =
(struct rte_mbuf *)job->user_data2;
+ struct aesni_mb_session *sess;
if (op == NULL || m_dst == NULL)
return NULL;
@@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
if (unlikely(job->status != STS_COMPLETED)) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return op;
- } else if (job->chain_order == HASH_CIPHER) {
- /* Verify digest if required */
- if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
- job->auth_tag_output_len_in_bytes) != 0)
- op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-
- /* trim area used for digest from mbuf */
- rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
+ } else if (job->hash_alg != NULL_HASH) {
+ sess = (struct aesni_mb_session *)op->sym->session->_private;
+ if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
+ /* Verify digest if required */
+ if (memcmp(job->auth_tag_output,
+ op->sym->auth.digest.data,
+ job->auth_tag_output_len_in_bytes) != 0)
+ op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+
+ /* trim area used for digest from mbuf */
+ rte_pktmbuf_trim(m_dst,
+ get_digest_byte_length(job->hash_alg));
+ }
}
/* Free session if a session-less crypto op */
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
index 17f367f..5f125b2 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
@@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
return auth_digest_byte_lengths[algo];
}
+enum aesni_mb_operation {
+ AESNI_MB_OP_HASH_CIPHER,
+ AESNI_MB_OP_CIPHER_HASH,
+ AESNI_MB_OP_HASH_ONLY,
+ AESNI_MB_OP_CIPHER_ONLY,
+ AESNI_MB_OP_NOT_SUPPORTED
+};
/** private data structure for each virtual AESNI device */
struct aesni_mb_private {
@@ -185,6 +192,8 @@ struct aesni_mb_session {
/** Authentication Parameters */
struct {
JOB_HASH_ALG algo; /**< Authentication Algorithm */
+ enum rte_crypto_auth_operation operation;
+ /**< auth operation generate or verify */
union {
struct {
uint8_t inner[128] __rte_aligned(16);
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v3 4/4] doc: add missing supported algos for AESNI MB PMD
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
` (2 preceding siblings ...)
2016-12-19 17:29 ` [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality Pablo de Lara
@ 2016-12-19 17:29 ` Pablo de Lara
2016-12-26 16:29 ` [PATCH v3 0/4] AESNI MB PMD updates De Lara Guarch, Pablo
4 siblings, 0 replies; 12+ messages in thread
From: Pablo de Lara @ 2016-12-19 17:29 UTC (permalink / raw)
To: declan.doherty; +Cc: dev, Pablo de Lara
AESNI MB PMD supports SHA224-HMAC and SHA384-HMAC,
but the documentation was not updated with this.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index cb429d7..8b18eba 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -55,7 +55,9 @@ Cipher algorithms:
Hash algorithms:
* RTE_CRYPTO_HASH_SHA1_HMAC
+* RTE_CRYPTO_HASH_SHA224_HMAC
* RTE_CRYPTO_HASH_SHA256_HMAC
+* RTE_CRYPTO_HASH_SHA384_HMAC
* RTE_CRYPTO_HASH_SHA512_HMAC
Limitations
--
2.7.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality
2016-12-19 17:29 ` [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality Pablo de Lara
@ 2016-12-20 21:16 ` Declan Doherty
0 siblings, 0 replies; 12+ messages in thread
From: Declan Doherty @ 2016-12-20 21:16 UTC (permalink / raw)
To: Pablo de Lara; +Cc: dev
On 19/12/16 17:29, Pablo de Lara wrote:
> Update driver to use new AESNI Multibuffer IPSec library single
> operation functionality (cipher only and authentication only).
> This patch also adds tests for this new feature.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> app/test/test_cryptodev.c | 34 ++++++++
> app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
> app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
> doc/guides/cryptodevs/aesni_mb.rst | 2 -
> doc/guides/rel_notes/release_17_02.rst | 1 +
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 ++++++++++++++++------
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
> 7 files changed, 172 insertions(+), 59 deletions(-)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index f1f3542..5895d99 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -1466,6 +1466,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess,
> }
>
> static int
> +test_AES_cipheronly_mb_all(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + int status;
> +
> + status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> + ts_params->op_mpool, ts_params->valid_devs[0],
> + RTE_CRYPTODEV_AESNI_MB_PMD,
> + BLKCIPHER_AES_CIPHERONLY_TYPE);
> +
> + TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> + return TEST_SUCCESS;
> +}
> +
> +static int
> +test_authonly_mb_all(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + int status;
> +
> + status = test_blockcipher_all_tests(ts_params->mbuf_pool,
> + ts_params->op_mpool, ts_params->valid_devs[0],
> + RTE_CRYPTODEV_AESNI_MB_PMD,
> + BLKCIPHER_AUTHONLY_TYPE);
> +
> + TEST_ASSERT_EQUAL(status, 0, "Test failed");
> +
> + return TEST_SUCCESS;
> +}
> +
> +static int
> test_AES_chain_mb_all(void)
> {
> struct crypto_testsuite_params *ts_params = &testsuite_params;
> @@ -6559,6 +6591,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = {
> .teardown = testsuite_teardown,
> .unit_test_cases = {
> TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
> + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),
> + TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all),
>
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
> index efbe7da..898aae1 100644
> --- a/app/test/test_cryptodev_aes_test_vectors.h
> +++ b/app/test/test_cryptodev_aes_test_vectors.h
> @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
> .test_data = &aes_test_data_4,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CBC Decryption",
> .test_data = &aes_test_data_4,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CBC Encryption",
> .test_data = &aes_test_data_10,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CBC Decryption",
> .test_data = &aes_test_data_10,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CBC Encryption",
> .test_data = &aes_test_data_11,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CBC Decryption",
> .test_data = &aes_test_data_11,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CTR Encryption",
> .test_data = &aes_test_data_1,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-128-CTR Decryption",
> .test_data = &aes_test_data_1,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CTR Encryption",
> .test_data = &aes_test_data_2,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-192-CTR Decryption",
> .test_data = &aes_test_data_2,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CTR Encryption",
> .test_data = &aes_test_data_3,
> .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "AES-256-CTR Decryption",
> .test_data = &aes_test_data_3,
> .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> - BLOCKCIPHER_TEST_TARGET_PMD_QAT
> + BLOCKCIPHER_TEST_TARGET_PMD_QAT |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> };
>
> diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h
> index 9f095cf..a8f9da0 100644
> --- a/app/test/test_cryptodev_hash_test_vectors.h
> +++ b/app/test/test_cryptodev_hash_test_vectors.h
> @@ -97,7 +97,8 @@ hmac_md5_test_vector = {
> 0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE,
> 0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B
> },
> - .len = 16
> + .len = 16,
> + .truncated_len = 12
> }
> };
>
> @@ -139,7 +140,8 @@ hmac_sha1_test_vector = {
> 0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17,
> 0x3F, 0x91, 0x64, 0x59
> },
> - .len = 20
> + .len = 20,
> + .truncated_len = 12
> }
> };
>
> @@ -184,7 +186,8 @@ hmac_sha224_test_vector = {
> 0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F,
> 0x92, 0xF6, 0xAA, 0x19
> },
> - .len = 28
> + .len = 28,
> + .truncated_len = 14
> }
> };
>
> @@ -229,7 +232,8 @@ hmac_sha256_test_vector = {
> 0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77,
> 0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17
> },
> - .len = 32
> + .len = 32,
> + .truncated_len = 16
> }
> };
>
> @@ -280,7 +284,8 @@ hmac_sha384_test_vector = {
> 0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0,
> 0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E
> },
> - .len = 48
> + .len = 48,
> + .truncated_len = 24
> }
> };
>
> @@ -337,7 +342,8 @@ hmac_sha512_test_vector = {
> 0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87,
> 0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20
> },
> - .len = 64
> + .len = 64,
> + .truncated_len = 32
> }
> };
>
> @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-MD5 Digest",
> .test_data = &hmac_md5_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-MD5 Digest Verify",
> .test_data = &hmac_md5_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA1 Digest",
> @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA1 Digest",
> .test_data = &hmac_sha1_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA1 Digest Verify",
> .test_data = &hmac_sha1_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA224 Digest",
> @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA224 Digest",
> .test_data = &hmac_sha224_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA224 Digest Verify",
> .test_data = &hmac_sha224_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA256 Digest",
> @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA256 Digest",
> .test_data = &hmac_sha256_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA256 Digest Verify",
> .test_data = &hmac_sha256_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA384 Digest",
> @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA384 Digest",
> .test_data = &hmac_sha384_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA384 Digest Verify",
> .test_data = &hmac_sha384_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "SHA512 Digest",
> @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = {
> .test_descr = "HMAC-SHA512 Digest",
> .test_data = &hmac_sha512_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> {
> .test_descr = "HMAC-SHA512 Digest Verify",
> .test_data = &hmac_sha512_test_vector,
> .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY,
> - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL
> + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL |
> + BLOCKCIPHER_TEST_TARGET_PMD_MB
> },
> };
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index b47cb6a..cb429d7 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -62,8 +62,6 @@ Limitations
> -----------
>
> * Chained mbufs are not supported.
> -* Hash only is not supported.
> -* Cipher only is not supported.
> * Only in-place is currently supported (destination address is the same as source address).
> * Only supports session-oriented API implementation (session-less APIs are not supported).
>
> diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst
> index 4f666df..5aa8a94 100644
> --- a/doc/guides/rel_notes/release_17_02.rst
> +++ b/doc/guides/rel_notes/release_17_02.rst
> @@ -49,6 +49,7 @@ New Features
>
> * The Intel(R) Multi Buffer Crypto for IPsec library used in
> AESNI MB PMD has been moved to a new repository, in github.
> + * Support for single operations (cipher only and authentication only).
>
>
> Resolved Issues
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index 7443b47..bafd4d7 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
> }
>
> /** Get xform chain order */
> -static int
> +static enum aesni_mb_operation
> aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform)
> {
> - /*
> - * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained
> - * operations, all other options are invalid, so we must have exactly
> - * 2 xform structs chained together
> - */
> - if (xform->next == NULL || xform->next->next != NULL)
> - return -1;
> -
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> - return HASH_CIPHER;
> + if (xform == NULL)
> + return AESNI_MB_OP_NOT_SUPPORTED;
> +
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> + if (xform->next == NULL)
> + return AESNI_MB_OP_CIPHER_ONLY;
> + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> + return AESNI_MB_OP_CIPHER_HASH;
> + }
>
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
> - return CIPHER_HASH;
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> + if (xform->next == NULL)
> + return AESNI_MB_OP_HASH_ONLY;
> + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
> + return AESNI_MB_OP_HASH_CIPHER;
> + }
>
> - return -1;
> + return AESNI_MB_OP_NOT_SUPPORTED;
> }
>
> /** Set session authentication parameters */
> @@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
> {
> hash_one_block_t hash_oneblock_fn;
>
> + if (xform == NULL) {
> + sess->auth.algo = NULL_HASH;
> + return 0;
> + }
> +
> if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
> MB_LOG_ERR("Crypto xform struct not of type auth");
> return -1;
> }
>
> + /* Select auth generate/verify */
> + sess->auth.operation = xform->auth.op;
> +
> /* Set Authentication Parameters */
> if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
> sess->auth.algo = AES_XCBC;
> @@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
> {
> aes_keyexp_t aes_keyexp_fn;
>
> + if (xform == NULL) {
> + sess->cipher.mode = NULL_CIPHER;
> + return 0;
> + }
> +
> if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
> MB_LOG_ERR("Crypto xform struct not of type cipher");
> return -1;
> @@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
>
> /* Select Crypto operation - hash then cipher / cipher then hash */
> switch (aesni_mb_get_chain_order(xform)) {
> - case HASH_CIPHER:
> + case AESNI_MB_OP_HASH_CIPHER:
> sess->chain_order = HASH_CIPHER;
> auth_xform = xform;
> cipher_xform = xform->next;
> break;
> - case CIPHER_HASH:
> + case AESNI_MB_OP_CIPHER_HASH:
> sess->chain_order = CIPHER_HASH;
> auth_xform = xform->next;
> cipher_xform = xform;
> break;
> + case AESNI_MB_OP_HASH_ONLY:
> + sess->chain_order = HASH_CIPHER;
> + auth_xform = xform;
> + cipher_xform = NULL;
> + break;
> + case AESNI_MB_OP_CIPHER_ONLY:
> + /*
> + * Multi buffer library operates only at two modes,
> + * CIPHER_HASH and HASH_CIPHER. When doing ciphering only,
> + * chain order depends on cipher operation: encryption is always
> + * the first operation and decryption the last one.
> + */
> + if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
> + sess->chain_order = CIPHER_HASH;
> + else
> + sess->chain_order = HASH_CIPHER;
> + auth_xform = NULL;
> + cipher_xform = xform;
> + break;
> + case AESNI_MB_OP_NOT_SUPPORTED:
> default:
> MB_LOG_ERR("Unsupported operation chain order parameter");
> return -1;
> @@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
> }
>
> /* Set digest output location */
> - if (job->cipher_direction == DECRYPT) {
> + if (job->hash_alg != NULL_HASH &&
> + session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst,
> get_digest_byte_length(job->hash_alg));
>
> @@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
> (struct rte_crypto_op *)job->user_data;
> struct rte_mbuf *m_dst =
> (struct rte_mbuf *)job->user_data2;
> + struct aesni_mb_session *sess;
>
> if (op == NULL || m_dst == NULL)
> return NULL;
> @@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
> if (unlikely(job->status != STS_COMPLETED)) {
> op->status = RTE_CRYPTO_OP_STATUS_ERROR;
> return op;
> - } else if (job->chain_order == HASH_CIPHER) {
> - /* Verify digest if required */
> - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
> - job->auth_tag_output_len_in_bytes) != 0)
> - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> -
> - /* trim area used for digest from mbuf */
> - rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg));
> + } else if (job->hash_alg != NULL_HASH) {
> + sess = (struct aesni_mb_session *)op->sym->session->_private;
> + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
> + /* Verify digest if required */
> + if (memcmp(job->auth_tag_output,
> + op->sym->auth.digest.data,
> + job->auth_tag_output_len_in_bytes) != 0)
> + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> +
> + /* trim area used for digest from mbuf */
> + rte_pktmbuf_trim(m_dst,
> + get_digest_byte_length(job->hash_alg));
> + }
> }
>
> /* Free session if a session-less crypto op */
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> index 17f367f..5f125b2 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
> @@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo)
> return auth_digest_byte_lengths[algo];
> }
>
> +enum aesni_mb_operation {
> + AESNI_MB_OP_HASH_CIPHER,
> + AESNI_MB_OP_CIPHER_HASH,
> + AESNI_MB_OP_HASH_ONLY,
> + AESNI_MB_OP_CIPHER_ONLY,
> + AESNI_MB_OP_NOT_SUPPORTED
> +};
>
> /** private data structure for each virtual AESNI device */
> struct aesni_mb_private {
> @@ -185,6 +192,8 @@ struct aesni_mb_session {
> /** Authentication Parameters */
> struct {
> JOB_HASH_ALG algo; /**< Authentication Algorithm */
> + enum rte_crypto_auth_operation operation;
> + /**< auth operation generate or verify */
> union {
> struct {
> uint8_t inner[128] __rte_aligned(16);
>
Acked-by: Declan Doherty <declan.doherty@intel.com>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session
2016-12-19 17:29 ` [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session Pablo de Lara
@ 2016-12-20 21:18 ` Declan Doherty
0 siblings, 0 replies; 12+ messages in thread
From: Declan Doherty @ 2016-12-20 21:18 UTC (permalink / raw)
To: Pablo de Lara; +Cc: dev, stable
On 19/12/16 17:29, Pablo de Lara wrote:
> When using sessionless crypto operations, crypto session
> is obtained from a pool of sessions, when processing the
> operation. Once the operation is processed, the session
> is put back in the pool, but for the AESNI MB PMD, this
> session was not being saved in the operation and therefore,
> it did not return to the session pool.
>
> Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto")
>
> CC: stable@dpdk.org
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index f07cd07..7443b47 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -322,6 +322,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
> rte_mempool_put(qp->sess_mp, _sess);
> sess = NULL;
> }
> + op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
> }
>
> return sess;
>
Acked-by: Declan Doherty <declan.doherty@intel.com>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v3 0/4] AESNI MB PMD updates
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
` (3 preceding siblings ...)
2016-12-19 17:29 ` [PATCH v3 4/4] doc: add missing supported algos for AESNI MB PMD Pablo de Lara
@ 2016-12-26 16:29 ` De Lara Guarch, Pablo
4 siblings, 0 replies; 12+ messages in thread
From: De Lara Guarch, Pablo @ 2016-12-26 16:29 UTC (permalink / raw)
To: Doherty, Declan; +Cc: dev
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Monday, December 19, 2016 5:29 PM
> To: Doherty, Declan
> Cc: dev@dpdk.org; De Lara Guarch, Pablo
> Subject: [PATCH v3 0/4] AESNI MB PMD updates
>
> The library used in AESNI MB PMD, Intel Multi Buffer Crypto for IPsec,
> has been migrated to a new location, in github (see documentation patch
> for the link).
>
> The library has also been updated, so single crypto operations
> are supported (cipher and authentication only). Therefore, the PMD
> has been updated to support these operations.
>
> This patchset depends on patchset "Add scatter-gather list capability to
> Intel QuickAssist Technology driver"
> (http://dpdk.org/ml/archives/dev/2016-November/050947.html)
>
> Changes in v3:
> - Included authentication operation in private session,
> since digest only has to be trimmed from buffer when digest is verified
> - Fixed missing crypto session save in crypto operation when it is
> sessionless
> - Made operation mode setting more clear (CIPHER_HASH, HASH_CIPHER)
>
> Changes in v2:
> - Fixed hash only tests, including truncated digest length
>
> Pablo de Lara (4):
> crypto/aesni_mb: fix incorrect crypto session
> doc: update AESNI MB PMD guide
> crypto/aesni_mb: add single operation functionality
> doc: add missing supported algos for AESNI MB PMD
>
> app/test/test_cryptodev.c | 34 ++++++++
> app/test/test_cryptodev_aes_test_vectors.h | 36 +++++---
> app/test/test_cryptodev_hash_test_vectors.h | 54 ++++++++----
> doc/guides/cryptodevs/aesni_mb.rst | 14 ++--
> doc/guides/rel_notes/release_17_02.rst | 8 ++
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 96
> ++++++++++++++++------
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++
> 7 files changed, 185 insertions(+), 66 deletions(-)
>
> --
> 2.7.4
Applied to dpdk-next-crypto.
Pablo
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2016-12-26 16:29 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-15 16:00 [PATCH v2 0/3] AESNI MB PMD updates Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 1/3] doc: update AESNI MB PMD guide Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 2/3] crypto/aesni_mb: add single operation functionality Pablo de Lara
2016-12-15 16:00 ` [PATCH v2 3/3] doc: add missing supported algos for AESNI MB PMD Pablo de Lara
2016-12-19 17:28 ` [PATCH v3 0/4] AESNI MB PMD updates Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 1/4] crypto/aesni_mb: fix incorrect crypto session Pablo de Lara
2016-12-20 21:18 ` Declan Doherty
2016-12-19 17:29 ` [PATCH v3 2/4] doc: update AESNI MB PMD guide Pablo de Lara
2016-12-19 17:29 ` [PATCH v3 3/4] crypto/aesni_mb: add single operation functionality Pablo de Lara
2016-12-20 21:16 ` Declan Doherty
2016-12-19 17:29 ` [PATCH v3 4/4] doc: add missing supported algos for AESNI MB PMD Pablo de Lara
2016-12-26 16:29 ` [PATCH v3 0/4] AESNI MB PMD updates De Lara Guarch, Pablo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.