DPDK-dev Archive on lore.kernel.org
 help / color / Atom feed
* [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted
@ 2019-06-03 14:50 Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
                   ` (10 more replies)
  0 siblings, 11 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patchset adds digest appended and encrypted
auth-cipher operations support for QAT, with
dedicated feature flag and a set of tests
for KASUMI and SNOW3G in-place, out-of-place
and SGL using operations.

Damian Nowak (9):
  crypto/qat: check buffer size for oop auth-cipher
  test/crypto: add snow3g test cases for oop operation
  test/crypto: add kasumi test cases for oop operation
  test/crypto: add sgl test cases for ip and oop
  cryptodev: document usage of digest-appended operations
  cryptodev: add digest encrypted feature flag
  crypto/qat: add digest encrypted feature flag
  test/crypto: add digest encrypted feature flag check
  test/crypto: return correct value if feature not supported

 app/test/test_cryptodev.c                     | 668 ++++++++++++++++++++++----
 app/test/test_cryptodev_kasumi_test_vectors.h |  98 +++-
 app/test/test_cryptodev_snow3g_test_vectors.h | 167 ++++++-
 drivers/crypto/qat/qat_sym.c                  |  30 +-
 drivers/crypto/qat/qat_sym_pmd.c              |   3 +-
 lib/librte_cryptodev/rte_crypto_sym.h         |  43 ++
 lib/librte_cryptodev/rte_cryptodev.c          |   2 +
 lib/librte_cryptodev/rte_cryptodev.h          |   2 +
 8 files changed, 895 insertions(+), 118 deletions(-)

-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation Nowak
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch adds condition to be met when using
wireless algorithms (SNOW3G, KASUMI, ZUC) in
out-of-place auth-cipher operations. It verifies
if there is enough room for the digest in the
output buffer.

Conditions rewritten for better readibility and
possible SGL support.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 drivers/crypto/qat/qat_sym.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 8801ca5..4080c30 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -157,7 +157,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t wireless_auth = 0, in_place = 1;
+	uint8_t wireless_auth = 0, in_place = 1, digest_in_buffer = 0;
 	struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
 	struct qat_sym_op_cookie *cookie =
 				(struct qat_sym_op_cookie *)op_cookie;
@@ -513,6 +513,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 				qat_req->comn_mid.src_data_addr =
 				cookie->qat_sgl_src_phys_addr;
 		else {
+			in_place = 0;
 			ret = qat_sgl_fill_array(op->sym->m_dst,
 				(int64_t)(dst_buf_start -
 					  rte_pktmbuf_iova(op->sym->m_dst)),
@@ -533,18 +534,21 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	} else {
 		qat_req->comn_mid.src_data_addr = src_buf_start;
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
-		/* handle case of auth-gen-then-cipher with digest encrypted */
-		if (wireless_auth && in_place &&
-		    (op->sym->auth.digest.phys_addr ==
-				src_buf_start + auth_ofs + auth_len) &&
-		    (auth_ofs + auth_len + ctx->digest_length <=
-				cipher_ofs + cipher_len)) {
-			struct icp_qat_fw_comn_req_hdr *header =
-						&qat_req->comn_hdr;
-			ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
-				header->serv_specif_flags,
-				ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
-		}
+	}
+
+	/* Handle case of auth-gen-then-cipher with digest encrypted */
+	if (wireless_auth &&
+			(auth_ofs + auth_len + ctx->digest_length <=
+				cipher_ofs + cipher_len) &&
+			(op->sym->auth.digest.phys_addr ==
+				(in_place ? src_buf_start : dst_buf_start) +
+				auth_ofs + auth_len))
+		digest_in_buffer = 1;
+	if (digest_in_buffer) {
+		struct icp_qat_fw_comn_req_hdr *header = &qat_req->comn_hdr;
+		ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
+			header->serv_specif_flags,
+			ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
 	}
 
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi " Nowak
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch adds test cases for snow3g out of
place auth-cipher operations. Test cases include
digest generation with buffer encryption and
buffer decryption with digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 228 ++++++++++++++++++++------
 app/test/test_cryptodev_snow3g_test_vectors.h | 100 ++++++++++-
 2 files changed, 272 insertions(+), 56 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9f31aaa..56ab0cf 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2017 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <time.h>
@@ -40,7 +40,10 @@
 #include "test_cryptodev_hmac_test_vectors.h"
 
 #define VDEV_ARGS_SIZE 100
-#define MAX_NB_SESSIONS            4
+#define MAX_NB_SESSIONS 4
+
+#define IN_PLACE 0
+#define OUT_OF_PLACE 1
 
 static int gbl_driver_id;
 
@@ -2814,7 +2817,8 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 		const uint8_t *auth_iv, uint8_t auth_iv_len,
 		unsigned int data_pad_len,
 		unsigned int cipher_len, unsigned int cipher_offset,
-		unsigned int auth_len, unsigned int auth_offset)
+		unsigned int auth_len, unsigned int auth_offset,
+		uint8_t op_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2830,24 +2834,31 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 
 	struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
 
-	/* set crypto operation source mbuf */
+	/* set crypto operation mbufs */
 	sym_op->m_src = ut_params->ibuf;
+	if (op_mode == OUT_OF_PLACE)
+		sym_op->m_dst = ut_params->obuf;
 
 	/* digest */
-	sym_op->auth.digest.data = (uint8_t *) rte_pktmbuf_mtod_offset(
-			ut_params->ibuf, uint8_t *, data_pad_len);
+	sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(
+		(op_mode == IN_PLACE ?
+			ut_params->ibuf : ut_params->obuf),
+		uint8_t *, data_pad_len);
 
 	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
 			"no room to append auth tag");
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
-			ut_params->ibuf, data_pad_len);
+		(op_mode == IN_PLACE ?
+			ut_params->ibuf : ut_params->obuf),
+		data_pad_len);
 
 	memset(sym_op->auth.digest.data, 0, auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(
+			ut_params->op, uint8_t *, IV_OFFSET);
+
 	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
 	iv_ptr += cipher_iv_len;
 	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
@@ -4312,90 +4323,153 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Generated auth tag not as expected");
 	return 0;
 }
+
 static int
-test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
+test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	int retval;
 
-	uint8_t *plaintext, *ciphertext;
-	unsigned plaintext_pad_len;
-	unsigned plaintext_len;
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
 
 	/* Create SNOW 3G session */
-	retval = create_wireless_algo_auth_cipher_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
-			RTE_CRYPTO_AUTH_OP_GENERATE,
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
 			tdata->auth_iv.len, tdata->digest.len,
 			tdata->cipher_iv.len);
+
 	if (retval < 0)
 		return retval;
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
 	/* clear mbuf payload */
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
-			rte_pktmbuf_tailroom(ut_params->ibuf));
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
 
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	/* Append data which is padded to a multiple of */
 	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
 	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
-	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-				plaintext_pad_len);
-	memcpy(plaintext, tdata->plaintext.data, plaintext_len);
 
-	debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	}
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_auth_cipher_operation(
 		tdata->digest.len,
 		tdata->cipher_iv.data, tdata->cipher_iv.len,
 		tdata->auth_iv.data, tdata->auth_iv.len,
-		tdata->digest.offset_bytes == 0 ?
-		plaintext_pad_len : tdata->digest.offset_bytes,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
 		tdata->validCipherLenInBits.len,
 		tdata->cipher.offset_bits,
 		tdata->validAuthLenInBits.len,
-		tdata->auth.offset_bits);
+		tdata->auth.offset_bits,
+		op_mode);
 
 	if (retval < 0)
 		return retval;
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
+
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
-	ut_params->obuf = ut_params->op->sym->m_src;
-	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
-	else
-		ciphertext = plaintext;
 
-	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext +
+				(tdata->cipher.offset_bits >> 3);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
 			+ (tdata->digest.offset_bytes == 0 ?
-			plaintext_pad_len : tdata->digest.offset_bytes);
+		plaintext_pad_len : tdata->digest.offset_bytes);
 
-	debug_hexdump(stdout, "digest:", ut_params->digest, tdata->digest.len);
-	debug_hexdump(stdout, "ciphertext:", ciphertext, plaintext_len);
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:", tdata->digest.data,
+				tdata->digest.len);
+	}
 
 	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-		ciphertext,
-		tdata->ciphertext.data,
-		tdata->validDataLenInBits.len,
-		"SNOW 3G Ciphertext data not as expected");
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"SNOW 3G Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"SNOW 3G Ciphertext data not as expected");
 
-	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL(
-		ut_params->digest,
-		tdata->digest.data,
-		DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
-		"SNOW 3G Generated auth tag not as expected");
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			ut_params->digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+			"SNOW 3G Generated auth tag not as expected");
+	}
 	return 0;
 }
 
@@ -4447,8 +4521,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 				tdata->validCipherLenInBits.len,
 				tdata->validCipherOffsetInBits.len,
 				tdata->validAuthLenInBits.len,
-				0
-				);
+				0,
+				IN_PLACE);
 
 	if (retval < 0)
 		return retval;
@@ -5038,13 +5112,50 @@ test_snow3g_cipher_auth_test_case_1(void)
 static int
 test_snow3g_auth_cipher_test_case_1(void)
 {
-	return test_snow3g_auth_cipher(&snow3g_test_case_6);
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_2(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_2_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_1(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_2(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_2_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
 }
 
 static int
 test_snow3g_auth_cipher_with_digest_test_case_1(void)
 {
-	return test_snow3g_auth_cipher(&snow3g_test_case_7);
+	return test_snow3g_auth_cipher(
+		&snow3g_test_case_7, IN_PLACE, 0);
 }
 
 static int
@@ -8650,9 +8761,6 @@ test_authenticated_encryption_SGL(const struct aead_test_data *tdata,
 	return 0;
 }
 
-#define IN_PLACE	0
-#define OUT_OF_PLACE	1
-
 static int
 test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_400B(void)
 {
@@ -9189,6 +9297,22 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_decryption_test_case_1_oop),
 
+		/** SNOW 3G generate auth, then encrypt (UEA2) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2_oop),
+
+		/** SNOW 3G decrypt (UEA2), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2_oop),
+
 		/** SNOW 3G decrypt only (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_decryption_test_case_1),
@@ -9217,8 +9341,6 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_cipher_auth_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_snow3g_auth_cipher_test_case_1),
-		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_with_digest_test_case_1),
 
 		/** ZUC encrypt only (EEA3) */
diff --git a/app/test/test_cryptodev_snow3g_test_vectors.h b/app/test/test_cryptodev_snow3g_test_vectors.h
index 3e55ac1..191bae6 100644
--- a/app/test/test_cryptodev_snow3g_test_vectors.h
+++ b/app/test/test_cryptodev_snow3g_test_vectors.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2017 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #ifndef TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_
@@ -59,6 +59,7 @@ struct snow3g_test_data {
 		unsigned int offset_bits;
 	} auth;
 };
+
 struct snow3g_test_data snow3g_test_case_1 = {
 	.key = {
 		.data = {
@@ -347,7 +348,8 @@ struct snow3g_test_data snow3g_test_case_5 = {
 		.len = 840
 	},
 };
-struct snow3g_test_data snow3g_test_case_6 = {
+
+struct snow3g_test_data snow3g_auth_cipher_test_case_1 = {
 	.key = {
 		.data = {
 			0xC7, 0x36, 0xC6, 0xAA, 0xB2, 0x2B, 0xFF, 0xF9,
@@ -415,7 +417,6 @@ struct snow3g_test_data snow3g_test_case_6 = {
 	},
 };
 
-
 struct snow3g_test_data snow3g_test_case_7 = {
 	.key = {
 		.data = {
@@ -508,4 +509,97 @@ struct snow3g_test_data snow3g_test_case_7 = {
 	},
 };
 
+struct snow3g_test_data snow3g_auth_cipher_test_case_2 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x01,  0x02,  0x03,  0x04,
+
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A,  0x5A,  0xE4,  0xAD,  0x29,  0xA2,  0x6A,  0xA6,
+			0x20,  0x1D,  0xCD,  0x08,  0x50,  0xD6,  0xE6,  0x47,
+			0xBC,  0x88,  0x08,  0x01,  0x17,  0xFA,  0x47,  0x5B,
+			0x90,  0x40,  0xBA,  0x0C,  0xB5,  0x58,  0xF3,  0x0C,
+			0xA0,  0xD4,  0x98,  0x83,  0x1B,  0xCE,  0x54,  0xE3,
+			0x29,  0x00,  0x3C,  0xA4,  0xAD,  0x74,  0xEE,  0x05,
+			0xA3,  0x6C,  0xD4,  0xAC,  0xC6,  0x30,  0x33,  0xC9,
+			0x37,  0x57,  0x41,  0x9B,  0xD4,  0x73,  0xB9,  0x77,
+			0x70,  0x8B,  0x63,  0xDD,  0x22,  0xB8,  0xE1,  0x85,
+			0xB2,  0x92,  0x7C,  0x37,  0xD3,  0x2E,  0xD9,  0xF4,
+			0x4A,  0x69,  0x25,  0x30,  0xE3,  0x5B,  0x8B,  0xF6,
+			0x0F,  0xDE,  0x0B,  0x92,  0xD5,  0x25,  0x52,  0x6D,
+			0x26,  0xEB,  0x2F,  0x8A,  0x3B,  0x8B,  0x38,  0xE2,
+			0x48,  0xD3,  0x4A,  0x98,  0xF7,  0x3A,  0xC2,  0x46,
+			0x69,  0x8D,  0x73,  0x3E,  0x57,  0x88,  0x2C,  0x80,
+			0xF0,  0xF2,  0x75,  0xB8,  0x7D,  0x27,  0xC6,  0xDA,
+
+		},
+		.len = 128 << 3
+	},
+	.cipher = {
+		.len_bits = 126 << 3,
+		.offset_bits = 2 << 3
+	},
+	.auth = {
+		.len_bits = 124 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0x7D, 0x27, 0xC6, 0xDA
+		},
+		.len = 4,
+		.offset_bytes = 124
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi test cases for oop operation
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation Nowak
@ 2019-06-03 14:50 ` " Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop Nowak
                   ` (7 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch adds test cases for kasumi out of
place auth-cipher operations. Test cases include
digest generation with buffer encryption and
buffer decryption with digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 190 +++++++++++++++++++++-----
 app/test/test_cryptodev_kasumi_test_vectors.h |  98 +++++++++++--
 2 files changed, 241 insertions(+), 47 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 56ab0cf..ee08140 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4474,87 +4474,153 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 }
 
 static int
-test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
+test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	int retval;
 
-	uint8_t *plaintext, *ciphertext;
-	unsigned plaintext_pad_len;
-	unsigned plaintext_len;
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
 
 	/* Create KASUMI session */
 	retval = create_wireless_algo_auth_cipher_session(
 			ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
-			RTE_CRYPTO_AUTH_OP_GENERATE,
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
 			0, tdata->digest.len,
 			tdata->cipher_iv.len);
+
 	if (retval < 0)
 		return retval;
+
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
 	/* clear mbuf payload */
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
-			rte_pktmbuf_tailroom(ut_params->ibuf));
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
 
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	/* Append data which is padded to a multiple of */
 	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
 	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
-	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-				plaintext_pad_len);
-	memcpy(plaintext, tdata->plaintext.data, plaintext_len);
 
-	debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len,
-				tdata->cipher_iv.data, tdata->cipher_iv.len,
-				NULL, 0,
-				plaintext_pad_len,
-				tdata->validCipherLenInBits.len,
-				tdata->validCipherOffsetInBits.len,
-				tdata->validAuthLenInBits.len,
-				0,
-				IN_PLACE);
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		NULL, 0,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->validCipherOffsetInBits.len,
+		tdata->validAuthLenInBits.len,
+		0,
+		op_mode);
 
 	if (retval < 0)
 		return retval;
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
+
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
-	if (ut_params->op->sym->m_dst)
-		ut_params->obuf = ut_params->op->sym->m_dst;
-	else
-		ut_params->obuf = ut_params->op->sym->m_src;
 
-	ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *,
-				tdata->validCipherOffsetInBits.len >> 3);
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext;
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(
+			ut_params->obuf, uint8_t *) +
+			(tdata->digest.offset_bytes == 0 ?
+			plaintext_pad_len : tdata->digest.offset_bytes);
+
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
 
-	const uint8_t *reference_ciphertext = tdata->ciphertext.data +
-				(tdata->validCipherOffsetInBits.len >> 3);
 	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"KASUMI Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
 			ciphertext,
-			reference_ciphertext,
-			tdata->validCipherLenInBits.len,
+			tdata->ciphertext.data,
+			tdata->ciphertext.len >> 3,
 			"KASUMI Ciphertext data not as expected");
-	ut_params->digest = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *)
-	    + plaintext_pad_len;
 
-	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL(
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			ut_params->digest,
 			tdata->digest.data,
 			DIGEST_BYTE_LENGTH_KASUMI_F9,
 			"KASUMI Generated auth tag not as expected");
+	}
 	return 0;
 }
 
@@ -5161,7 +5227,43 @@ test_snow3g_auth_cipher_with_digest_test_case_1(void)
 static int
 test_kasumi_auth_cipher_test_case_1(void)
 {
-	return test_kasumi_auth_cipher(&kasumi_test_case_3);
+	return test_kasumi_auth_cipher(
+		&kasumi_test_case_3, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2_oop(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_1(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_test_case_3, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2_oop(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
 }
 
 static int
@@ -9419,9 +9521,23 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_encryption_test_case_3),
 		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_cipher_auth_test_case_1),
+
+		/** KASUMI generate auth, then encrypt (F8) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_kasumi_cipher_auth_test_case_1),
+			test_kasumi_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_oop),
+
+		/** KASUMI decrypt (F8), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_oop),
 
 		/** Negative tests */
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_cryptodev_kasumi_test_vectors.h b/app/test/test_cryptodev_kasumi_test_vectors.h
index 58a696a..f0a6d55 100644
--- a/app/test/test_cryptodev_kasumi_test_vectors.h
+++ b/app/test/test_cryptodev_kasumi_test_vectors.h
@@ -8,12 +8,12 @@
 struct kasumi_test_data {
 	struct {
 		uint8_t data[64];
-		unsigned len;
+		unsigned int len;
 	} key;
 
 	struct {
 		uint8_t data[64] __rte_aligned(16);
-		unsigned len;
+		unsigned int len;
 	} cipher_iv;
 
 	/*
@@ -23,20 +23,20 @@ struct kasumi_test_data {
 	 */
 	struct {
 		uint8_t data[1024];
-		unsigned len; /* length must be in Bits */
+		unsigned int len; /* length must be in Bits */
 	} plaintext;
 
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validDataLenInBits;
 
 	struct {
 		uint8_t data[1024];
-		unsigned len; /* length must be in Bits */
+		unsigned int len; /* length must be in Bits */
 	} ciphertext;
 
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validCipherLenInBits;
 
 	struct {
@@ -45,12 +45,13 @@ struct kasumi_test_data {
 
 	/* Actual length of data to be hashed */
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validAuthLenInBits;
 
 	struct {
 		uint8_t data[64];
-		unsigned len;
+		unsigned int len;
+		unsigned int offset_bytes; /* offset must be in Bytes */
 	} digest;
 
 };
@@ -205,7 +206,8 @@ struct kasumi_test_data kasumi_test_case_3 = {
 	},
 	.digest = {
 		.data = {0x87, 0x5F, 0xE4, 0x89},
-		.len  = 4
+		.len  = 4,
+		.offset_bytes = 0
 	}
 };
 
@@ -353,7 +355,83 @@ struct kasumi_test_data kasumi_test_case_6 = {
 	},
 	.digest = {
 		.data = {0x0F, 0xD2, 0xAA, 0xB5},
-		.len  = 4
+		.len  = 4,
+		.offset_bytes = 0
+	}
+};
+
+struct kasumi_test_data kasumi_auth_cipher_test_case_2 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10
+		},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 8
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0xFA, 0xC6, 0xA9, 0x09, 0x91, 0x74,
+			0x35, 0xAA, 0x85, 0xB0, 0xE0, 0x07, 0x78, 0xDA,
+			0x05, 0x88, 0x4E, 0x8D, 0xEC, 0x41, 0xF3, 0xBC,
+			0x0D, 0x9F, 0xE3, 0xEF, 0x8E, 0x33, 0x22, 0xF3,
+			0x15, 0x4B, 0x12, 0xC2, 0x22, 0x12, 0xD6, 0x46,
+			0xD7, 0x27, 0x20, 0x1D, 0x50, 0x60, 0x9D, 0x42,
+			0xF6, 0x73, 0xF5, 0x28, 0x88, 0xBE, 0x60, 0xEC,
+			0x9C, 0x18, 0x81, 0xC4, 0x0A, 0xF4, 0xD5, 0x7A,
+			0xB5, 0x3F, 0x1A, 0x79, 0xAB, 0x79, 0xDB, 0x24,
+			0xF9, 0x6E, 0x86, 0x78, 0x10, 0x19, 0xAE, 0xD8,
+			0xB2, 0xCA, 0x32, 0x8D, 0xD8, 0x28, 0x8B, 0x2F,
+			0x5B, 0x3C, 0xE3, 0x7D, 0xD3, 0x70, 0x11, 0xDE,
+			0x2C, 0xDC, 0xC1, 0xC6, 0xB6, 0xFD, 0xF3, 0x7D,
+			0x38, 0x97, 0x8B, 0x81, 0x02, 0x88, 0x62, 0x3C,
+			0x1E, 0x1A, 0x93, 0x21, 0xE3, 0x6D, 0xD7, 0x20,
+			0x80, 0xA8, 0xDA, 0x18, 0x8F, 0x58, 0x0F, 0x4E
+		},
+		.len = 128 << 3
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+	.validCipherOffsetInBits = {
+		.len = 2 << 3
+	},
+	.digest = {
+		.data = {0x8F, 0x58, 0x0F, 0x4E},
+		.len  = 4,
+		.offset_bytes = 124
 	}
 };
 #endif /* TEST_CRYPTODEV_KASUMI_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (2 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi " Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch adds test cases for snow3g in-place
and out-of-place auth-cipher operations with
scatter-gather lists as input and output mbufs.
Test cases include digest generation with buffer
encryption and buffer decryption with digest
verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 220 ++++++++++++++++++++++++++
 app/test/test_cryptodev_snow3g_test_vectors.h |  67 ++++++++
 2 files changed, 287 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index ee08140..231039f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4474,6 +4474,190 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 }
 
 static int
+test_snow3g_auth_cipher_sgl(const struct snow3g_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+
+	const uint8_t *plaintext = NULL;
+	const uint8_t *ciphertext = NULL;
+	const uint8_t *digest = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+	uint8_t buffer[10000];
+	uint8_t digest_buffer[10000];
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == IN_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+			printf("Device doesn't support in-place scatter-gather "
+					"in both input and output mbufs. "
+					"Test Skipped.\n");
+			return 0;
+		}
+	} else {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
+			printf("Device doesn't support out-of-place scatter-gather "
+					"in both input and output mbufs. "
+					"Test Skipped.\n");
+			return 0;
+		}
+	}
+
+	/* Create SNOW 3G session */
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
+			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+			tdata->key.data, tdata->key.len,
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
+
+	if (retval < 0)
+		return retval;
+
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
+	plaintext_len = ceil_byte_length(tdata->plaintext.len);
+	/* Append data which is padded to a multiple of */
+	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+	ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
+			plaintext_pad_len, 15, 0);
+	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
+			"Failed to allocate input buffer in mempool");
+
+	if (op_mode == OUT_OF_PLACE) {
+		ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool,
+				plaintext_pad_len, 15, 0);
+		TEST_ASSERT_NOT_NULL(ut_params->obuf,
+				"Failed to allocate output buffer in mempool");
+	}
+
+	if (verify) {
+		pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
+			tdata->ciphertext.data);
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
+			tdata->plaintext.data);
+		plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Create SNOW 3G operation */
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->cipher.offset_bits,
+		tdata->validAuthLenInBits.len,
+		tdata->auth.offset_bits,
+		op_mode);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+			ut_params->op);
+
+	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
+					plaintext_len, buffer);
+		else
+			plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
+					ciphertext_len, buffer);
+		else
+			ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		if (ut_params->obuf)
+			digest = rte_pktmbuf_read(ut_params->obuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+		else
+			digest = rte_pktmbuf_read(ut_params->ibuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+
+		debug_hexdump(stdout, "digest:", digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
+
+	/* Validate obuf */
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"SNOW 3G Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"SNOW 3G Ciphertext data not as expected");
+
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+			"SNOW 3G Generated auth tag not as expected");
+	}
+	return 0;
+}
+
+static int
 test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 	uint8_t op_mode, uint8_t verify)
 {
@@ -5197,6 +5381,20 @@ test_snow3g_auth_cipher_test_case_2_oop(void)
 }
 
 static int
+test_snow3g_auth_cipher_test_case_3_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_3_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, OUT_OF_PLACE, 0);
+}
+
+static int
 test_snow3g_auth_cipher_verify_test_case_1(void)
 {
 	return test_snow3g_auth_cipher(
@@ -5218,6 +5416,20 @@ test_snow3g_auth_cipher_verify_test_case_2_oop(void)
 }
 
 static int
+test_snow3g_auth_cipher_verify_test_case_3_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_3_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, OUT_OF_PLACE, 1);
+}
+
+static int
 test_snow3g_auth_cipher_with_digest_test_case_1(void)
 {
 	return test_snow3g_auth_cipher(
@@ -9406,6 +9618,10 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_snow3g_auth_cipher_test_case_2),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_oop_sgl),
 
 		/** SNOW 3G decrypt (UEA2), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9414,6 +9630,10 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_snow3g_auth_cipher_verify_test_case_2),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_verify_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_oop_sgl),
 
 		/** SNOW 3G decrypt only (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_cryptodev_snow3g_test_vectors.h b/app/test/test_cryptodev_snow3g_test_vectors.h
index 191bae6..8e96782 100644
--- a/app/test/test_cryptodev_snow3g_test_vectors.h
+++ b/app/test/test_cryptodev_snow3g_test_vectors.h
@@ -602,4 +602,71 @@ struct snow3g_test_data snow3g_auth_cipher_test_case_2 = {
 	},
 };
 
+struct snow3g_test_data snow3g_auth_cipher_test_case_3 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+		},
+		.len = 32 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A,  0x5A,  0xE4,  0xAD,  0x29,  0xA2,  0x6A,  0xA6,
+			0x20,  0x1D,  0xCD,  0x08,  0x50,  0xD6,  0xE6,  0x47,
+			0xBC,  0x88,  0x08,  0x01,  0x17,  0xFA,  0x47,  0x5B,
+			0x90,  0x40,  0xBA,  0x0C,  0xBA,  0x6D,  0x6A,  0x5E,
+		},
+		.len = 32 << 3
+	},
+	.cipher = {
+		.len_bits = 30 << 3,
+		.offset_bits = 2 << 3
+	},
+	.auth = {
+		.len_bits = 28 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0xBA, 0x6D, 0x6A, 0x5E
+		},
+		.len = 4,
+		.offset_bytes = 28
+	},
+	.validDataLenInBits = {
+		.len = 32 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 30 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 28 << 3
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (3 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-04  9:11   ` Mcnamara, John
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag Nowak
                   ` (5 subsequent siblings)
  10 siblings, 1 reply; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch explains what are the conditions
and how to use digest appended for auth-cipher
operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c80e90e..b211bf5 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -662,6 +662,49 @@ struct rte_crypto_sym_op {
 					 * physically contiguous memory at this
 					 * location.
 					 *
+					 * @note
+					 * Digest can be generated, appended to
+					 * the end of raw data and encrypted
+					 * together using chained digest
+					 * generation
+					 * (@ref RTE_CRYPTO_AUTH_OP_GENERATE)
+					 * and encryption
+					 * (@ref RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+					 * xforms. Similarly, authentication
+					 * of the raw data against appended,
+					 * decrypted digest, can be performed
+					 * using decryption
+					 * (@ref RTE_CRYPTO_CIPHER_OP_DECRYPT)
+					 * and digest verification
+					 * (@ref RTE_CRYPTO_AUTH_OP_VERIFY)
+					 * chained xforms.
+					 * To perform those operations, a few
+					 * additional conditions must be met:
+					 * - caller must allocate at least
+					 * digest_length of memory at the end of
+					 * source and (in case of out-of-place
+					 * operations) destination buffer; those
+					 * buffers can be linear or split using
+					 * scatter-gather lists,
+					 * - digest data pointer must point to
+					 * the end of source or (in case of
+					 * out-of-place operations) destination
+					 * data, which is pointer to the raw
+					 * data buffer + auth.data.offset +
+					 * auth.data.length,
+					 * - cipher.data.offset +
+					 * cipher.data.length must be greater
+					 * than auth.data.offset +
+					 * auth.data.length and is typically
+					 * equal to auth.data.offset +
+					 * auth.data.length + digest_length.
+					 *
+					 * Note, that for security reasons, it
+					 * is PMDs' responsibility to not
+					 * leave an unencrypted digest in any
+					 * buffer after performing auth-cipher
+					 * operations.
+					 *
 					 * For digest generation, the digest result
 					 * will overwrite any data at this location.
 					 *
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (4 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
                   ` (4 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

Some PMDs can only support digest being
encrypted separately in auth-cipher operations.
Thus it is required to add feature flag in PMD
to reflect if it does support digest-appended
both: digest generation with encryption and
decryption with digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.c | 2 ++
 lib/librte_cryptodev/rte_cryptodev.h | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 00c2cf4..f657192 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -490,6 +490,8 @@ rte_cryptodev_get_feature_name(uint64_t flag)
 		return "RSA_PRIV_OP_KEY_EXP";
 	case RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT:
 		return "RSA_PRIV_OP_KEY_QT";
+	case RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED:
+		return "DIGEST_ENCRYPTED";
 	default:
 		return NULL;
 	}
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 2d4f6d7..c0d406e 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -442,6 +442,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
 /**< Support RSA Private Key OP with exponent */
 #define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT		(1ULL << 18)
 /**< Support RSA Private Key OP with CRT (quintuple) Keys */
+#define RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED		(1ULL << 19)
+/**< Support digest appended auth-cipher operations */
 
 
 /**
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 7/9] crypto/qat: add digest encrypted feature flag
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (5 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag Nowak
@ 2019-06-03 14:50 ` " Nowak
  2019-06-04 13:45   ` Trahe, Fiona
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check Nowak
                   ` (3 subsequent siblings)
  10 siblings, 1 reply; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 drivers/crypto/qat/qat_sym_pmd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index af21270..71f21ce 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev)
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
-			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
+			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
+			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
 
 	internals = cryptodev->data->dev_private;
 	internals->qat_dev = qat_pci_dev;
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (6 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported Nowak
                   ` (2 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch adds checking of digest encrypted
feature flag for auth-cipher out-of-place
operations test cases to determine if the
operations are supported.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c | 40 ++++++++++++++++++++++++++++++++++------
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 231039f..937849e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4339,6 +4339,19 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 	unsigned int ciphertext_pad_len;
 	unsigned int ciphertext_len;
 
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
 	/* Create SNOW 3G session */
 	retval = create_wireless_algo_auth_cipher_session(
 			ts_params->valid_devs[0],
@@ -4501,16 +4514,18 @@ test_snow3g_auth_cipher_sgl(const struct snow3g_test_data *tdata,
 	if (op_mode == IN_PLACE) {
 		if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 			printf("Device doesn't support in-place scatter-gather "
-					"in both input and output mbufs. "
-					"Test Skipped.\n");
-			return 0;
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
 		}
 	} else {
 		if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
 			printf("Device doesn't support out-of-place scatter-gather "
-					"in both input and output mbufs. "
-					"Test Skipped.\n");
-			return 0;
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
 		}
 	}
 
@@ -4672,6 +4687,19 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 	unsigned int ciphertext_pad_len;
 	unsigned int ciphertext_len;
 
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
 	/* Create KASUMI session */
 	retval = create_wireless_algo_auth_cipher_session(
 			ts_params->valid_devs[0],
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (7 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check Nowak
@ 2019-06-03 14:50 ` Nowak
  2019-06-04 13:16 ` [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Trahe, Fiona
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
  10 siblings, 0 replies; 42+ messages in thread
From: Nowak @ 2019-06-03 14:50 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

From: Damian Nowak <damianx.nowak@intel.com>

This patch makes unsupported tests visible in
the testsuite summary.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 937849e..5d72bb4 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -3341,7 +3341,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 		printf("Device doesn't support in-place scatter-gather. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create KASUMI session */
@@ -3492,7 +3492,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 		printf("Device doesn't support out-of-place scatter-gather "
 				"in both input and output mbufs. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create KASUMI session */
@@ -3847,7 +3847,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 		printf("Device doesn't support out-of-place scatter-gather "
 				"in both input and output mbufs. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create SNOW 3G session */
@@ -5029,7 +5029,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 		printf("Device doesn't support in-place scatter-gather. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
@ 2019-06-04  9:11   ` Mcnamara, John
  0 siblings, 0 replies; 42+ messages in thread
From: Mcnamara, John @ 2019-06-04  9:11 UTC (permalink / raw)
  To: Nowak, DamianX, dev; +Cc: Trahe, Fiona, Kusztal, ArkadiuszX, Nowak, DamianX



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Nowak
> Sent: Monday, June 3, 2019 3:51 PM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; Nowak, DamianX <damianx.nowak@intel.com>
> Subject: [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-
> appended operations
> 
> From: Damian Nowak <damianx.nowak@intel.com>
> 
> This patch explains what are the conditions and how to use digest appended
> for auth-cipher operations.

Acked-by: John McNamara <john.mcnamara@intel.com>



^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (8 preceding siblings ...)
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported Nowak
@ 2019-06-04 13:16 ` Trahe, Fiona
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
  10 siblings, 0 replies; 42+ messages in thread
From: Trahe, Fiona @ 2019-06-04 13:16 UTC (permalink / raw)
  To: Nowak, DamianX, dev; +Cc: Kusztal, ArkadiuszX, Trahe, Fiona, akhil.goyal

Hi Damian,

> -----Original Message-----
> From: Nowak, DamianX
> Sent: Monday, June 3, 2019 3:51 PM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>
> Subject: [PATCH 0/9] add QAT support for digest encrypted
> 
> From: Damian Nowak <damianx.nowak@intel.com>
> 
> This patchset adds digest appended and encrypted
> auth-cipher operations support for QAT, with
> dedicated feature flag and a set of tests
> for KASUMI and SNOW3G in-place, out-of-place
> and SGL using operations. 
[Fiona] As this patchset is not just QAT changes, but includes an API clarification and extension
it should be renamed something like 
cryptodev: support encrypted-digest use-cases
and patches should be ordered:
 - API patches
 - QAT driver patches
 - Test code patches
 - Documentation patches - release note patch should be added

> Damian Nowak (9):
>   crypto/qat: check buffer size for oop auth-cipher
>   test/crypto: add snow3g test cases for oop operation
>   test/crypto: add kasumi test cases for oop operation
>   test/crypto: add sgl test cases for ip and oop
>   cryptodev: document usage of digest-appended operations
>   cryptodev: add digest encrypted feature flag
>   crypto/qat: add digest encrypted feature flag
>   test/crypto: add digest encrypted feature flag check
>   test/crypto: return correct value if feature not supported
> 
>  app/test/test_cryptodev.c                     | 668 ++++++++++++++++++++++----
>  app/test/test_cryptodev_kasumi_test_vectors.h |  98 +++-
>  app/test/test_cryptodev_snow3g_test_vectors.h | 167 ++++++-
>  drivers/crypto/qat/qat_sym.c                  |  30 +-
>  drivers/crypto/qat/qat_sym_pmd.c              |   3 +-
>  lib/librte_cryptodev/rte_crypto_sym.h         |  43 ++
>  lib/librte_cryptodev/rte_cryptodev.c          |   2 +
>  lib/librte_cryptodev/rte_cryptodev.h          |   2 +
>  8 files changed, 895 insertions(+), 118 deletions(-)
> 
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH 7/9] crypto/qat: add digest encrypted feature flag
  2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
@ 2019-06-04 13:45   ` Trahe, Fiona
  0 siblings, 0 replies; 42+ messages in thread
From: Trahe, Fiona @ 2019-06-04 13:45 UTC (permalink / raw)
  To: Nowak, DamianX, dev; +Cc: Kusztal, ArkadiuszX, Trahe, Fiona, akhil.goyal

Hi Damian,

> -----Original Message-----
> From: Nowak, DamianX
> Sent: Monday, June 3, 2019 3:51 PM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>
> Subject: [PATCH 7/9] crypto/qat: add digest encrypted feature flag
> 
> From: Damian Nowak <damianx.nowak@intel.com>
> 
> This patch adds feature flag for QuickAssist
> Technology to emphasize it's support for digest
> appended auth-cipher operations.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  drivers/crypto/qat/qat_sym_pmd.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
> index af21270..71f21ce 100644
> --- a/drivers/crypto/qat/qat_sym_pmd.c
> +++ b/drivers/crypto/qat/qat_sym_pmd.c
> @@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev)
>  			RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
>  			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
>  			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
> -			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
> +			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
> +			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
[Fiona] As this feature in QAT is currently limited to wireless algorithms you should add a line
about this limitation in the QAT sym crypto doc.
Note, we should remove the limitation - but that can be a future patch.

^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases
  2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
                   ` (9 preceding siblings ...)
  2019-06-04 13:16 ` [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Trahe, Fiona
@ 2019-06-07 10:05 ` Damian Nowak
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
                     ` (10 more replies)
  10 siblings, 11 replies; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:05 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patchset adds support for digest appended
and encrypted auth-cipher operations on QAT, API
clarification and extension with dedicated
feature flag and a set of tests for KASUMI and
SNOW3G in-place, out-of-place and SGL using
operations.

---
v2:
- extend support for partial digest encryption
- add release notes
- document limitations on QAT
- reorder patches
- update patchset name

Damian Nowak (10):
  cryptodev: document usage of digest-appended operations
  cryptodev: add digest encrypted feature flag
  crypto/qat: handle buffer size for digest-encrypted auth-cipher
  crypto/qat: add digest encrypted feature flag
  test/crypto: add snow3g test cases for auth-cipher
  test/crypto: add kasumi test cases for auth-cipher
  test/crypto: add sgl test cases for ip and oop
  test/crypto: return correct value if feature not supported
  doc/crypto: document digest-encrypted limitations in qat
  doc: update release notes for 19.08

 app/test/test_cryptodev.c                     | 748 ++++++++++++++++++++++----
 app/test/test_cryptodev_kasumi_test_vectors.h |  98 +++-
 app/test/test_cryptodev_snow3g_test_vectors.h | 234 +++++++-
 doc/guides/cryptodevs/qat.rst                 |   1 +
 doc/guides/rel_notes/release_19_08.rst        |   8 +
 drivers/crypto/qat/qat_sym.c                  |  31 +-
 drivers/crypto/qat/qat_sym_pmd.c              |   3 +-
 lib/librte_cryptodev/rte_crypto_sym.h         |  43 ++
 lib/librte_cryptodev/rte_cryptodev.c          |   2 +
 lib/librte_cryptodev/rte_cryptodev.h          |   2 +
 10 files changed, 1053 insertions(+), 117 deletions(-)

-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
@ 2019-06-07 10:05   ` Damian Nowak
  2019-06-13 13:56     ` Trahe, Fiona
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
                     ` (9 subsequent siblings)
  10 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:05 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch explains what are the conditions
and how to use digest appended for auth-cipher
operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c80e90e..b211bf5 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -662,6 +662,49 @@ struct rte_crypto_sym_op {
 					 * physically contiguous memory at this
 					 * location.
 					 *
+					 * @note
+					 * Digest can be generated, appended to
+					 * the end of raw data and encrypted
+					 * together using chained digest
+					 * generation
+					 * (@ref RTE_CRYPTO_AUTH_OP_GENERATE)
+					 * and encryption
+					 * (@ref RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+					 * xforms. Similarly, authentication
+					 * of the raw data against appended,
+					 * decrypted digest, can be performed
+					 * using decryption
+					 * (@ref RTE_CRYPTO_CIPHER_OP_DECRYPT)
+					 * and digest verification
+					 * (@ref RTE_CRYPTO_AUTH_OP_VERIFY)
+					 * chained xforms.
+					 * To perform those operations, a few
+					 * additional conditions must be met:
+					 * - caller must allocate at least
+					 * digest_length of memory at the end of
+					 * source and (in case of out-of-place
+					 * operations) destination buffer; those
+					 * buffers can be linear or split using
+					 * scatter-gather lists,
+					 * - digest data pointer must point to
+					 * the end of source or (in case of
+					 * out-of-place operations) destination
+					 * data, which is pointer to the raw
+					 * data buffer + auth.data.offset +
+					 * auth.data.length,
+					 * - cipher.data.offset +
+					 * cipher.data.length must be greater
+					 * than auth.data.offset +
+					 * auth.data.length and is typically
+					 * equal to auth.data.offset +
+					 * auth.data.length + digest_length.
+					 *
+					 * Note, that for security reasons, it
+					 * is PMDs' responsibility to not
+					 * leave an unencrypted digest in any
+					 * buffer after performing auth-cipher
+					 * operations.
+					 *
 					 * For digest generation, the digest result
 					 * will overwrite any data at this location.
 					 *
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
@ 2019-06-07 10:05   ` Damian Nowak
  2019-06-13 14:16     ` Trahe, Fiona
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher Damian Nowak
                     ` (8 subsequent siblings)
  10 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:05 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

Some PMDs can only support digest being
encrypted separately in auth-cipher operations.
Thus it is required to add feature flag in PMD
to reflect if it does support digest-appended
both: digest generation with encryption and
decryption with digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 lib/librte_cryptodev/rte_cryptodev.c | 2 ++
 lib/librte_cryptodev/rte_cryptodev.h | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 00c2cf4..f657192 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -490,6 +490,8 @@ rte_cryptodev_get_feature_name(uint64_t flag)
 		return "RSA_PRIV_OP_KEY_EXP";
 	case RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT:
 		return "RSA_PRIV_OP_KEY_QT";
+	case RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED:
+		return "DIGEST_ENCRYPTED";
 	default:
 		return NULL;
 	}
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 2d4f6d7..c0d406e 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -442,6 +442,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
 /**< Support RSA Private Key OP with exponent */
 #define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT		(1ULL << 18)
 /**< Support RSA Private Key OP with CRT (quintuple) Keys */
+#define RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED		(1ULL << 19)
+/**< Support digest appended auth-cipher operations */
 
 
 /**
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
                     ` (7 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds condition to be met when using
wireless algorithms (SNOW3G, KASUMI, ZUC) in
out-of-place auth-cipher operations. It checks
if the digest location overlaps with the data to
be encrypted or decrypted and if so, treats as a
digest-encrypted case.
It also checks if the digest is being encrypted
or decrypted partially and extends PMD buffers
accordingly.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 drivers/crypto/qat/qat_sym.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 8801ca5..90b0ba4 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -493,6 +493,25 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		(cipher_param->cipher_offset + cipher_param->cipher_length)
 		: (auth_param->auth_off + auth_param->auth_len);
 
+	/* Handle case of auth-gen-then-cipher with digest encrypted */
+	if (wireless_auth &&
+			(auth_ofs + auth_len < cipher_ofs + cipher_len) &&
+			(op->sym->auth.digest.phys_addr ==
+				(in_place ? src_buf_start : dst_buf_start) +
+				auth_ofs + auth_len)) {
+		/* Handle partial digest encryption */
+		if (cipher_ofs + cipher_len <
+				auth_ofs + auth_len + ctx->digest_length)
+			qat_req->comn_mid.dst_length =
+				qat_req->comn_mid.src_length +=
+				auth_ofs + auth_len + ctx->digest_length -
+				cipher_ofs - cipher_len;
+		struct icp_qat_fw_comn_req_hdr *header = &qat_req->comn_hdr;
+		ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
+			header->serv_specif_flags,
+			ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
+	}
+
 	if (do_sgl) {
 
 		ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags,
@@ -533,18 +552,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	} else {
 		qat_req->comn_mid.src_data_addr = src_buf_start;
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
-		/* handle case of auth-gen-then-cipher with digest encrypted */
-		if (wireless_auth && in_place &&
-		    (op->sym->auth.digest.phys_addr ==
-				src_buf_start + auth_ofs + auth_len) &&
-		    (auth_ofs + auth_len + ctx->digest_length <=
-				cipher_ofs + cipher_len)) {
-			struct icp_qat_fw_comn_req_hdr *header =
-						&qat_req->comn_hdr;
-			ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
-				header->serv_specif_flags,
-				ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
-		}
 	}
 
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (2 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-13  8:18     ` Akhil Goyal
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
                     ` (6 subsequent siblings)
  10 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 drivers/crypto/qat/qat_sym_pmd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index af21270..71f21ce 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev)
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
-			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
+			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
+			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
 
 	internals = cryptodev->data->dev_private;
 	internals->qat_dev = qat_pci_dev;
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (3 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi " Damian Nowak
                     ` (5 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for snow3g in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.
It also adds cases where digest is encrypted
only partially.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 281 +++++++++++++++++++++-----
 app/test/test_cryptodev_snow3g_test_vectors.h | 167 ++++++++++++++-
 2 files changed, 392 insertions(+), 56 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9f31aaa..08023a5 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2017 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <time.h>
@@ -40,7 +40,10 @@
 #include "test_cryptodev_hmac_test_vectors.h"
 
 #define VDEV_ARGS_SIZE 100
-#define MAX_NB_SESSIONS            4
+#define MAX_NB_SESSIONS 4
+
+#define IN_PLACE 0
+#define OUT_OF_PLACE 1
 
 static int gbl_driver_id;
 
@@ -2814,7 +2817,8 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 		const uint8_t *auth_iv, uint8_t auth_iv_len,
 		unsigned int data_pad_len,
 		unsigned int cipher_len, unsigned int cipher_offset,
-		unsigned int auth_len, unsigned int auth_offset)
+		unsigned int auth_len, unsigned int auth_offset,
+		uint8_t op_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2830,24 +2834,31 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 
 	struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
 
-	/* set crypto operation source mbuf */
+	/* set crypto operation mbufs */
 	sym_op->m_src = ut_params->ibuf;
+	if (op_mode == OUT_OF_PLACE)
+		sym_op->m_dst = ut_params->obuf;
 
 	/* digest */
-	sym_op->auth.digest.data = (uint8_t *) rte_pktmbuf_mtod_offset(
-			ut_params->ibuf, uint8_t *, data_pad_len);
+	sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(
+		(op_mode == IN_PLACE ?
+			ut_params->ibuf : ut_params->obuf),
+		uint8_t *, data_pad_len);
 
 	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
 			"no room to append auth tag");
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
-			ut_params->ibuf, data_pad_len);
+		(op_mode == IN_PLACE ?
+			ut_params->ibuf : ut_params->obuf),
+		data_pad_len);
 
 	memset(sym_op->auth.digest.data, 0, auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(
+			ut_params->op, uint8_t *, IV_OFFSET);
+
 	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
 	iv_ptr += cipher_iv_len;
 	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
@@ -4312,90 +4323,166 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Generated auth tag not as expected");
 	return 0;
 }
+
 static int
-test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
+test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	int retval;
 
-	uint8_t *plaintext, *ciphertext;
-	unsigned plaintext_pad_len;
-	unsigned plaintext_len;
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
 
 	/* Create SNOW 3G session */
-	retval = create_wireless_algo_auth_cipher_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
-			RTE_CRYPTO_AUTH_OP_GENERATE,
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
 			tdata->auth_iv.len, tdata->digest.len,
 			tdata->cipher_iv.len);
+
 	if (retval < 0)
 		return retval;
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
 	/* clear mbuf payload */
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
-			rte_pktmbuf_tailroom(ut_params->ibuf));
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
 
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	/* Append data which is padded to a multiple of */
 	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
 	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
-	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-				plaintext_pad_len);
-	memcpy(plaintext, tdata->plaintext.data, plaintext_len);
 
-	debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	}
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_auth_cipher_operation(
 		tdata->digest.len,
 		tdata->cipher_iv.data, tdata->cipher_iv.len,
 		tdata->auth_iv.data, tdata->auth_iv.len,
-		tdata->digest.offset_bytes == 0 ?
-		plaintext_pad_len : tdata->digest.offset_bytes,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
 		tdata->validCipherLenInBits.len,
 		tdata->cipher.offset_bits,
 		tdata->validAuthLenInBits.len,
-		tdata->auth.offset_bits);
+		tdata->auth.offset_bits,
+		op_mode);
 
 	if (retval < 0)
 		return retval;
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
+
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
-	ut_params->obuf = ut_params->op->sym->m_src;
-	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
-	else
-		ciphertext = plaintext;
 
-	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext +
+				(tdata->cipher.offset_bits >> 3);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
 			+ (tdata->digest.offset_bytes == 0 ?
-			plaintext_pad_len : tdata->digest.offset_bytes);
+		plaintext_pad_len : tdata->digest.offset_bytes);
 
-	debug_hexdump(stdout, "digest:", ut_params->digest, tdata->digest.len);
-	debug_hexdump(stdout, "ciphertext:", ciphertext, plaintext_len);
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:", tdata->digest.data,
+				tdata->digest.len);
+	}
 
 	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-		ciphertext,
-		tdata->ciphertext.data,
-		tdata->validDataLenInBits.len,
-		"SNOW 3G Ciphertext data not as expected");
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"SNOW 3G Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"SNOW 3G Ciphertext data not as expected");
 
-	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL(
-		ut_params->digest,
-		tdata->digest.data,
-		DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
-		"SNOW 3G Generated auth tag not as expected");
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			ut_params->digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+			"SNOW 3G Generated auth tag not as expected");
+	}
 	return 0;
 }
 
@@ -4447,8 +4534,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 				tdata->validCipherLenInBits.len,
 				tdata->validCipherOffsetInBits.len,
 				tdata->validAuthLenInBits.len,
-				0
-				);
+				0,
+				IN_PLACE);
 
 	if (retval < 0)
 		return retval;
@@ -5038,13 +5125,82 @@ test_snow3g_cipher_auth_test_case_1(void)
 static int
 test_snow3g_auth_cipher_test_case_1(void)
 {
-	return test_snow3g_auth_cipher(&snow3g_test_case_6);
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_2(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_2_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_1(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_2(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_2_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 1);
 }
 
 static int
 test_snow3g_auth_cipher_with_digest_test_case_1(void)
 {
-	return test_snow3g_auth_cipher(&snow3g_test_case_7);
+	return test_snow3g_auth_cipher(
+		&snow3g_test_case_7, IN_PLACE, 0);
 }
 
 static int
@@ -8650,9 +8806,6 @@ test_authenticated_encryption_SGL(const struct aead_test_data *tdata,
 	return 0;
 }
 
-#define IN_PLACE	0
-#define OUT_OF_PLACE	1
-
 static int
 test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_400B(void)
 {
@@ -9189,6 +9342,30 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_decryption_test_case_1_oop),
 
+		/** SNOW 3G generate auth, then encrypt (UEA2) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_oop),
+
+		/** SNOW 3G decrypt (UEA2), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_oop),
+
 		/** SNOW 3G decrypt only (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_decryption_test_case_1),
@@ -9217,8 +9394,6 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_cipher_auth_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_snow3g_auth_cipher_test_case_1),
-		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_with_digest_test_case_1),
 
 		/** ZUC encrypt only (EEA3) */
diff --git a/app/test/test_cryptodev_snow3g_test_vectors.h b/app/test/test_cryptodev_snow3g_test_vectors.h
index 3e55ac1..3abc037 100644
--- a/app/test/test_cryptodev_snow3g_test_vectors.h
+++ b/app/test/test_cryptodev_snow3g_test_vectors.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2017 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #ifndef TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_
@@ -59,6 +59,7 @@ struct snow3g_test_data {
 		unsigned int offset_bits;
 	} auth;
 };
+
 struct snow3g_test_data snow3g_test_case_1 = {
 	.key = {
 		.data = {
@@ -347,7 +348,8 @@ struct snow3g_test_data snow3g_test_case_5 = {
 		.len = 840
 	},
 };
-struct snow3g_test_data snow3g_test_case_6 = {
+
+struct snow3g_test_data snow3g_auth_cipher_test_case_1 = {
 	.key = {
 		.data = {
 			0xC7, 0x36, 0xC6, 0xAA, 0xB2, 0x2B, 0xFF, 0xF9,
@@ -415,7 +417,6 @@ struct snow3g_test_data snow3g_test_case_6 = {
 	},
 };
 
-
 struct snow3g_test_data snow3g_test_case_7 = {
 	.key = {
 		.data = {
@@ -508,4 +509,164 @@ struct snow3g_test_data snow3g_test_case_7 = {
 	},
 };
 
+struct snow3g_test_data snow3g_auth_cipher_test_case_2 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x01,  0x02,  0x03,  0x04,
+
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A,  0x5A,  0xE4,  0xAD,  0x29,  0xA2,  0x6A,  0xA6,
+			0x20,  0x1D,  0xCD,  0x08,  0x50,  0xD6,  0xE6,  0x47,
+			0xBC,  0x88,  0x08,  0x01,  0x17,  0xFA,  0x47,  0x5B,
+			0x90,  0x40,  0xBA,  0x0C,  0xB5,  0x58,  0xF3,  0x0C,
+			0xA0,  0xD4,  0x98,  0x83,  0x1B,  0xCE,  0x54,  0xE3,
+			0x29,  0x00,  0x3C,  0xA4,  0xAD,  0x74,  0xEE,  0x05,
+			0xA3,  0x6C,  0xD4,  0xAC,  0xC6,  0x30,  0x33,  0xC9,
+			0x37,  0x57,  0x41,  0x9B,  0xD4,  0x73,  0xB9,  0x77,
+			0x70,  0x8B,  0x63,  0xDD,  0x22,  0xB8,  0xE1,  0x85,
+			0xB2,  0x92,  0x7C,  0x37,  0xD3,  0x2E,  0xD9,  0xF4,
+			0x4A,  0x69,  0x25,  0x30,  0xE3,  0x5B,  0x8B,  0xF6,
+			0x0F,  0xDE,  0x0B,  0x92,  0xD5,  0x25,  0x52,  0x6D,
+			0x26,  0xEB,  0x2F,  0x8A,  0x3B,  0x8B,  0x38,  0xE2,
+			0x48,  0xD3,  0x4A,  0x98,  0xF7,  0x3A,  0xC2,  0x46,
+			0x69,  0x8D,  0x73,  0x3E,  0x57,  0x88,  0x2C,  0x80,
+			0xF0,  0xF2,  0x75,  0xB8,  0x7D,  0x27,  0xC6,  0xDA,
+
+		},
+		.len = 128 << 3
+	},
+	.cipher = {
+		.len_bits = 126 << 3,
+		.offset_bits = 2 << 3
+	},
+	.auth = {
+		.len_bits = 124 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0x7D, 0x27, 0xC6, 0xDA
+		},
+		.len = 4,
+		.offset_bytes = 124
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+};
+
+struct snow3g_test_data snow3g_auth_cipher_partial_digest_encryption = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A
+		},
+		.len = 32 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0xE4, 0xAD,
+			0x29, 0xA2, 0x6A, 0xA6, 0x20, 0x1D, 0xCD, 0x08,
+			0x50, 0xD6, 0xE6, 0x47, 0xB3, 0xBD, 0xC3, 0x08
+		},
+		.len = 32 << 3
+	},
+	.cipher = {
+		.len_bits = 16 << 3,
+		.offset_bits = 14 << 3
+	},
+	.auth = {
+		.len_bits = 28 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0xB3, 0xBD, 0xC3, 0x08
+		},
+		.len = 4,
+		.offset_bytes = 28
+	},
+	.validDataLenInBits = {
+		.len = 32 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 16 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 28 << 3
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi test cases for auth-cipher
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (4 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
@ 2019-06-07 10:06   ` " Damian Nowak
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop Damian Nowak
                     ` (4 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for kasumi in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 203 +++++++++++++++++++++-----
 app/test/test_cryptodev_kasumi_test_vectors.h |  98 +++++++++++--
 2 files changed, 254 insertions(+), 47 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 08023a5..c8ea5b5 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4487,87 +4487,166 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 }
 
 static int
-test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
+test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	int retval;
 
-	uint8_t *plaintext, *ciphertext;
-	unsigned plaintext_pad_len;
-	unsigned plaintext_len;
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
 
 	/* Create KASUMI session */
 	retval = create_wireless_algo_auth_cipher_session(
 			ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
-			RTE_CRYPTO_AUTH_OP_GENERATE,
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
 			0, tdata->digest.len,
 			tdata->cipher_iv.len);
+
 	if (retval < 0)
 		return retval;
+
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
 	/* clear mbuf payload */
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
-			rte_pktmbuf_tailroom(ut_params->ibuf));
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
 
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
 	/* Append data which is padded to a multiple of */
 	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
 	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
-	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-				plaintext_pad_len);
-	memcpy(plaintext, tdata->plaintext.data, plaintext_len);
 
-	debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len,
-				tdata->cipher_iv.data, tdata->cipher_iv.len,
-				NULL, 0,
-				plaintext_pad_len,
-				tdata->validCipherLenInBits.len,
-				tdata->validCipherOffsetInBits.len,
-				tdata->validAuthLenInBits.len,
-				0,
-				IN_PLACE);
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		NULL, 0,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->validCipherOffsetInBits.len,
+		tdata->validAuthLenInBits.len,
+		0,
+		op_mode);
 
 	if (retval < 0)
 		return retval;
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
+
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
-	if (ut_params->op->sym->m_dst)
-		ut_params->obuf = ut_params->op->sym->m_dst;
-	else
-		ut_params->obuf = ut_params->op->sym->m_src;
 
-	ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *,
-				tdata->validCipherOffsetInBits.len >> 3);
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext;
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(
+			ut_params->obuf, uint8_t *) +
+			(tdata->digest.offset_bytes == 0 ?
+			plaintext_pad_len : tdata->digest.offset_bytes);
+
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
 
-	const uint8_t *reference_ciphertext = tdata->ciphertext.data +
-				(tdata->validCipherOffsetInBits.len >> 3);
 	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"KASUMI Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
 			ciphertext,
-			reference_ciphertext,
-			tdata->validCipherLenInBits.len,
+			tdata->ciphertext.data,
+			tdata->ciphertext.len >> 3,
 			"KASUMI Ciphertext data not as expected");
-	ut_params->digest = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *)
-	    + plaintext_pad_len;
 
-	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL(
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			ut_params->digest,
 			tdata->digest.data,
 			DIGEST_BYTE_LENGTH_KASUMI_F9,
 			"KASUMI Generated auth tag not as expected");
+	}
 	return 0;
 }
 
@@ -5206,7 +5285,43 @@ test_snow3g_auth_cipher_with_digest_test_case_1(void)
 static int
 test_kasumi_auth_cipher_test_case_1(void)
 {
-	return test_kasumi_auth_cipher(&kasumi_test_case_3);
+	return test_kasumi_auth_cipher(
+		&kasumi_test_case_3, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2_oop(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_1(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_test_case_3, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2_oop(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
 }
 
 static int
@@ -9472,9 +9587,23 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_encryption_test_case_3),
 		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_cipher_auth_test_case_1),
+
+		/** KASUMI generate auth, then encrypt (F8) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_kasumi_cipher_auth_test_case_1),
+			test_kasumi_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_oop),
+
+		/** KASUMI decrypt (F8), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_oop),
 
 		/** Negative tests */
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_cryptodev_kasumi_test_vectors.h b/app/test/test_cryptodev_kasumi_test_vectors.h
index 58a696a..f0a6d55 100644
--- a/app/test/test_cryptodev_kasumi_test_vectors.h
+++ b/app/test/test_cryptodev_kasumi_test_vectors.h
@@ -8,12 +8,12 @@
 struct kasumi_test_data {
 	struct {
 		uint8_t data[64];
-		unsigned len;
+		unsigned int len;
 	} key;
 
 	struct {
 		uint8_t data[64] __rte_aligned(16);
-		unsigned len;
+		unsigned int len;
 	} cipher_iv;
 
 	/*
@@ -23,20 +23,20 @@ struct kasumi_test_data {
 	 */
 	struct {
 		uint8_t data[1024];
-		unsigned len; /* length must be in Bits */
+		unsigned int len; /* length must be in Bits */
 	} plaintext;
 
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validDataLenInBits;
 
 	struct {
 		uint8_t data[1024];
-		unsigned len; /* length must be in Bits */
+		unsigned int len; /* length must be in Bits */
 	} ciphertext;
 
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validCipherLenInBits;
 
 	struct {
@@ -45,12 +45,13 @@ struct kasumi_test_data {
 
 	/* Actual length of data to be hashed */
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validAuthLenInBits;
 
 	struct {
 		uint8_t data[64];
-		unsigned len;
+		unsigned int len;
+		unsigned int offset_bytes; /* offset must be in Bytes */
 	} digest;
 
 };
@@ -205,7 +206,8 @@ struct kasumi_test_data kasumi_test_case_3 = {
 	},
 	.digest = {
 		.data = {0x87, 0x5F, 0xE4, 0x89},
-		.len  = 4
+		.len  = 4,
+		.offset_bytes = 0
 	}
 };
 
@@ -353,7 +355,83 @@ struct kasumi_test_data kasumi_test_case_6 = {
 	},
 	.digest = {
 		.data = {0x0F, 0xD2, 0xAA, 0xB5},
-		.len  = 4
+		.len  = 4,
+		.offset_bytes = 0
+	}
+};
+
+struct kasumi_test_data kasumi_auth_cipher_test_case_2 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10
+		},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 8
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0xFA, 0xC6, 0xA9, 0x09, 0x91, 0x74,
+			0x35, 0xAA, 0x85, 0xB0, 0xE0, 0x07, 0x78, 0xDA,
+			0x05, 0x88, 0x4E, 0x8D, 0xEC, 0x41, 0xF3, 0xBC,
+			0x0D, 0x9F, 0xE3, 0xEF, 0x8E, 0x33, 0x22, 0xF3,
+			0x15, 0x4B, 0x12, 0xC2, 0x22, 0x12, 0xD6, 0x46,
+			0xD7, 0x27, 0x20, 0x1D, 0x50, 0x60, 0x9D, 0x42,
+			0xF6, 0x73, 0xF5, 0x28, 0x88, 0xBE, 0x60, 0xEC,
+			0x9C, 0x18, 0x81, 0xC4, 0x0A, 0xF4, 0xD5, 0x7A,
+			0xB5, 0x3F, 0x1A, 0x79, 0xAB, 0x79, 0xDB, 0x24,
+			0xF9, 0x6E, 0x86, 0x78, 0x10, 0x19, 0xAE, 0xD8,
+			0xB2, 0xCA, 0x32, 0x8D, 0xD8, 0x28, 0x8B, 0x2F,
+			0x5B, 0x3C, 0xE3, 0x7D, 0xD3, 0x70, 0x11, 0xDE,
+			0x2C, 0xDC, 0xC1, 0xC6, 0xB6, 0xFD, 0xF3, 0x7D,
+			0x38, 0x97, 0x8B, 0x81, 0x02, 0x88, 0x62, 0x3C,
+			0x1E, 0x1A, 0x93, 0x21, 0xE3, 0x6D, 0xD7, 0x20,
+			0x80, 0xA8, 0xDA, 0x18, 0x8F, 0x58, 0x0F, 0x4E
+		},
+		.len = 128 << 3
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+	.validCipherOffsetInBits = {
+		.len = 2 << 3
+	},
+	.digest = {
+		.data = {0x8F, 0x58, 0x0F, 0x4E},
+		.len  = 4,
+		.offset_bytes = 124
 	}
 };
 #endif /* TEST_CRYPTODEV_KASUMI_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (5 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi " Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported Damian Nowak
                     ` (3 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for snow3g in-place
and out-of-place auth-cipher operations with
scatter-gather lists as input and output mbufs.
Test cases include buffer appended digest
generation with encryption and buffer decryption
with appended digest verification.
It also adds cases where digest is encrypted
only partially.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 262 ++++++++++++++++++++++++++
 app/test/test_cryptodev_snow3g_test_vectors.h |  67 +++++++
 2 files changed, 329 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index c8ea5b5..fa2b5df 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4487,6 +4487,192 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 }
 
 static int
+test_snow3g_auth_cipher_sgl(const struct snow3g_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+
+	const uint8_t *plaintext = NULL;
+	const uint8_t *ciphertext = NULL;
+	const uint8_t *digest = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+	uint8_t buffer[10000];
+	uint8_t digest_buffer[10000];
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == IN_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+			printf("Device doesn't support in-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+	} else {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
+			printf("Device doesn't support out-of-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
+	/* Create SNOW 3G session */
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
+			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+			tdata->key.data, tdata->key.len,
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
+
+	if (retval < 0)
+		return retval;
+
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
+	plaintext_len = ceil_byte_length(tdata->plaintext.len);
+	/* Append data which is padded to a multiple of */
+	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+	ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
+			plaintext_pad_len, 15, 0);
+	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
+			"Failed to allocate input buffer in mempool");
+
+	if (op_mode == OUT_OF_PLACE) {
+		ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool,
+				plaintext_pad_len, 15, 0);
+		TEST_ASSERT_NOT_NULL(ut_params->obuf,
+				"Failed to allocate output buffer in mempool");
+	}
+
+	if (verify) {
+		pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
+			tdata->ciphertext.data);
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
+			tdata->plaintext.data);
+		plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Create SNOW 3G operation */
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->cipher.offset_bits,
+		tdata->validAuthLenInBits.len,
+		tdata->auth.offset_bits,
+		op_mode);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+			ut_params->op);
+
+	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
+					plaintext_len, buffer);
+		else
+			plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
+					ciphertext_len, buffer);
+		else
+			ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		if (ut_params->obuf)
+			digest = rte_pktmbuf_read(ut_params->obuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+		else
+			digest = rte_pktmbuf_read(ut_params->ibuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+
+		debug_hexdump(stdout, "digest:", digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
+
+	/* Validate obuf */
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"SNOW 3G Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"SNOW 3G Ciphertext data not as expected");
+
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+			"SNOW 3G Generated auth tag not as expected");
+	}
+	return 0;
+}
+
+static int
 test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 	uint8_t op_mode, uint8_t verify)
 {
@@ -5239,6 +5425,36 @@ test_snow3g_auth_cipher_part_digest_enc_oop(void)
 }
 
 static int
+test_snow3g_auth_cipher_test_case_3_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_3_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 0);
+}
+
+static int
 test_snow3g_auth_cipher_verify_test_case_1(void)
 {
 	return test_snow3g_auth_cipher(
@@ -5276,6 +5492,36 @@ test_snow3g_auth_cipher_verify_part_digest_enc_oop(void)
 }
 
 static int
+test_snow3g_auth_cipher_verify_test_case_3_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_3_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, OUT_OF_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 1);
+}
+
+static int
 test_snow3g_auth_cipher_with_digest_test_case_1(void)
 {
 	return test_snow3g_auth_cipher(
@@ -9468,6 +9714,14 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_snow3g_auth_cipher_part_digest_enc),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_part_digest_enc_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_oop_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_oop_sgl),
 
 		/** SNOW 3G decrypt (UEA2), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9480,6 +9734,14 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_snow3g_auth_cipher_verify_part_digest_enc),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_verify_part_digest_enc_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_oop_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_oop_sgl),
 
 		/** SNOW 3G decrypt only (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
diff --git a/app/test/test_cryptodev_snow3g_test_vectors.h b/app/test/test_cryptodev_snow3g_test_vectors.h
index 3abc037..bbe0566 100644
--- a/app/test/test_cryptodev_snow3g_test_vectors.h
+++ b/app/test/test_cryptodev_snow3g_test_vectors.h
@@ -602,6 +602,73 @@ struct snow3g_test_data snow3g_auth_cipher_test_case_2 = {
 	},
 };
 
+struct snow3g_test_data snow3g_auth_cipher_test_case_3 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+		},
+		.len = 32 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0xE4, 0xAD, 0x29, 0xA2, 0x6A, 0xA6,
+			0x20, 0x1D, 0xCD, 0x08, 0x50, 0xD6, 0xE6, 0x47,
+			0xBC, 0x88, 0x08, 0x01, 0x17, 0xFA, 0x47, 0x5B,
+			0x90, 0x40, 0xBA, 0x0C, 0xBA, 0x6D, 0x6A, 0x5E,
+		},
+		.len = 32 << 3
+	},
+	.cipher = {
+		.len_bits = 30 << 3,
+		.offset_bits = 2 << 3
+	},
+	.auth = {
+		.len_bits = 28 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0xBA, 0x6D, 0x6A, 0x5E
+		},
+		.len = 4,
+		.offset_bytes = 28
+	},
+	.validDataLenInBits = {
+		.len = 32 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 30 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 28 << 3
+	},
+};
+
 struct snow3g_test_data snow3g_auth_cipher_partial_digest_encryption = {
 	.key = {
 		.data = {
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (6 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
                     ` (2 subsequent siblings)
  10 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch makes unsupported tests visible in
the testsuite summary.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index fa2b5df..ac63bc6 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -3341,7 +3341,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 		printf("Device doesn't support in-place scatter-gather. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create KASUMI session */
@@ -3492,7 +3492,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 		printf("Device doesn't support out-of-place scatter-gather "
 				"in both input and output mbufs. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create KASUMI session */
@@ -3847,7 +3847,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 		printf("Device doesn't support out-of-place scatter-gather "
 				"in both input and output mbufs. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create SNOW 3G session */
@@ -5029,7 +5029,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 		printf("Device doesn't support in-place scatter-gather. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (7 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-13  8:12     ` Akhil Goyal
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
  10 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds description of limitation when
using digest-appended auth-cipher operations
on QuickAssist Technology driver.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 doc/guides/cryptodevs/qat.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index e905f6d..7b57035 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -82,6 +82,7 @@ Limitations
 * ZUC EEA3/EIA3 is not supported by dh895xcc devices
 * Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros.
 * Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
+* Only SNOW 3G (UIA2), KASUMI (F9) and ZUC (EIA3) are supported, when using hash-cipher with digest appended and encrypted operations.
 
 Extra notes on KASUMI F9
 ~~~~~~~~~~~~~~~~~~~~~~~~
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (8 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
@ 2019-06-07 10:06   ` Damian Nowak
  2019-06-13  8:14     ` Akhil Goyal
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
  10 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-06-07 10:06 UTC (permalink / raw)
  To: dev; +Cc: fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds release note entries for
hash-cipher digest-encrypted operations
and new digest_encrypted feature flag.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 doc/guides/rel_notes/release_19_08.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/guides/rel_notes/release_19_08.rst b/doc/guides/rel_notes/release_19_08.rst
index b9510f9..1c85a2e 100644
--- a/doc/guides/rel_notes/release_19_08.rst
+++ b/doc/guides/rel_notes/release_19_08.rst
@@ -54,6 +54,11 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the QuickAssist Technology (QAT) symmetric crypto PMD.**
+
+  Added support for hash-cipher with digest encrypted, when using
+  out-of-place operations.
+
 
 Removed Items
 -------------
@@ -83,6 +88,9 @@ API Changes
    Also, make sure to start the actual text at the margin.
    =========================================================
 
+* cryptodev: ``RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED`` feature flag
+  has been introduced.
+
 
 ABI Changes
 -----------
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
@ 2019-06-13  8:12     ` Akhil Goyal
  0 siblings, 0 replies; 42+ messages in thread
From: Akhil Goyal @ 2019-06-13  8:12 UTC (permalink / raw)
  To: Damian Nowak, dev; +Cc: fiona.trahe, arkadiuszx.kusztal

Hi Damian,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Damian Nowak
> Sent: Friday, June 7, 2019 3:36 PM
> To: dev@dpdk.org
> Cc: fiona.trahe@intel.com; arkadiuszx.kusztal@intel.com; Damian Nowak
> <damianx.nowak@intel.com>
> Subject: [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted
> limitations in qat
> 
> This patch adds description of limitation when
> using digest-appended auth-cipher operations
> on QuickAssist Technology driver.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  doc/guides/cryptodevs/qat.rst | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
> index e905f6d..7b57035 100644
> --- a/doc/guides/cryptodevs/qat.rst
> +++ b/doc/guides/cryptodevs/qat.rst
> @@ -82,6 +82,7 @@ Limitations
>  * ZUC EEA3/EIA3 is not supported by dh895xcc devices
>  * Maximum additional authenticated data (AAD) for GCM is 240 bytes long and
> must be passed to the device in a buffer rounded up to the nearest block-size
> multiple (x16) and padded with zeros.
>  * Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX
> from different lcores is not supported).
> +* Only SNOW 3G (UIA2), KASUMI (F9) and ZUC (EIA3) are supported, when
> using hash-cipher with digest appended and encrypted operations.
> 
>  Extra notes on KASUMI F9
>  ~~~~~~~~~~~~~~~~~~~~~~~~
> --
> 2.7.4

This patch can be squashed to the driver patch which support this feature.

-Akhil

^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
@ 2019-06-13  8:14     ` Akhil Goyal
  0 siblings, 0 replies; 42+ messages in thread
From: Akhil Goyal @ 2019-06-13  8:14 UTC (permalink / raw)
  To: Damian Nowak, dev; +Cc: fiona.trahe, arkadiuszx.kusztal

Hi Damian,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Damian Nowak
> Sent: Friday, June 7, 2019 3:36 PM
> To: dev@dpdk.org
> Cc: fiona.trahe@intel.com; arkadiuszx.kusztal@intel.com; Damian Nowak
> <damianx.nowak@intel.com>
> Subject: [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08
> 
> This patch adds release note entries for
> hash-cipher digest-encrypted operations
> and new digest_encrypted feature flag.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  doc/guides/rel_notes/release_19_08.rst | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/doc/guides/rel_notes/release_19_08.rst
> b/doc/guides/rel_notes/release_19_08.rst
> index b9510f9..1c85a2e 100644
> --- a/doc/guides/rel_notes/release_19_08.rst
> +++ b/doc/guides/rel_notes/release_19_08.rst
> @@ -54,6 +54,11 @@ New Features
>       Also, make sure to start the actual text at the margin.
>       =========================================================
> 
> +* **Updated the QuickAssist Technology (QAT) symmetric crypto PMD.**
> +
> +  Added support for hash-cipher with digest encrypted, when using
> +  out-of-place operations.
> +
> 
>  Removed Items
>  -------------
> @@ -83,6 +88,9 @@ API Changes
>     Also, make sure to start the actual text at the margin.
>     =========================================================
> 
> +* cryptodev: ``RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED`` feature flag
> +  has been introduced.
> +
> 
>  ABI Changes
>  -----------
> --
> 2.7.4
Split this patch in two and squash both of them in the patches which enables these features.

^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
@ 2019-06-13  8:18     ` Akhil Goyal
  0 siblings, 0 replies; 42+ messages in thread
From: Akhil Goyal @ 2019-06-13  8:18 UTC (permalink / raw)
  To: Damian Nowak, dev; +Cc: fiona.trahe, arkadiuszx.kusztal

Hi Damian,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Damian Nowak
> Sent: Friday, June 7, 2019 3:36 PM
> To: dev@dpdk.org
> Cc: fiona.trahe@intel.com; arkadiuszx.kusztal@intel.com; Damian Nowak
> <damianx.nowak@intel.com>
> Subject: [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature
> flag
> 
> This patch adds feature flag for QuickAssist
> Technology to emphasize it's support for digest
> appended auth-cipher operations.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  drivers/crypto/qat/qat_sym_pmd.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/qat/qat_sym_pmd.c
> b/drivers/crypto/qat/qat_sym_pmd.c
> index af21270..71f21ce 100644
> --- a/drivers/crypto/qat/qat_sym_pmd.c
> +++ b/drivers/crypto/qat/qat_sym_pmd.c
> @@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device
> *qat_pci_dev)
>  			RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
>  			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
>  			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
> -			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
> +			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
> +			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
> 
>  	internals = cryptodev->data->dev_private;
>  	internals->qat_dev = qat_pci_dev;
> --
> 2.7.4
This patch may be squashed with your 3/10 if I am not wrong.

^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
@ 2019-06-13 13:56     ` Trahe, Fiona
  0 siblings, 0 replies; 42+ messages in thread
From: Trahe, Fiona @ 2019-06-13 13:56 UTC (permalink / raw)
  To: Nowak, DamianX, dev, De Lara Guarch, Pablo
  Cc: Kusztal, ArkadiuszX, Trahe, Fiona, Akhil Goyal

Hi Damian,

> -----Original Message-----
> From: Nowak, DamianX
> Sent: Friday, June 7, 2019 11:06 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>
> Subject: [PATCH v2 01/10] cryptodev: document usage of digest-appended operations
> 
> This patch explains what are the conditions
> and how to use digest appended for auth-cipher
> operations.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++++++++++++++
>  1 file changed, 43 insertions(+)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
> index c80e90e..b211bf5 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -662,6 +662,49 @@ struct rte_crypto_sym_op {
>  					 * physically contiguous memory at this
>  					 * location.
>  					 *
> +					 * @note
[Fiona] I suggest adding "Digest-encrypted case." at start of this note. 
> +					 * Digest can be generated, appended to
> +					 * the end of raw data and encrypted
> +					 * together using chained digest
> +					 * generation
> +					 * (@ref RTE_CRYPTO_AUTH_OP_GENERATE)
> +					 * and encryption
> +					 * (@ref RTE_CRYPTO_CIPHER_OP_ENCRYPT)
> +					 * xforms. Similarly, authentication
> +					 * of the raw data against appended,
> +					 * decrypted digest, can be performed
> +					 * using decryption
> +					 * (@ref RTE_CRYPTO_CIPHER_OP_DECRYPT)
> +					 * and digest verification
> +					 * (@ref RTE_CRYPTO_AUTH_OP_VERIFY)
> +					 * chained xforms.
> +					 * To perform those operations, a few
> +					 * additional conditions must be met:
> +					 * - caller must allocate at least
> +					 * digest_length of memory at the end of
> +					 * source and (in case of out-of-place
> +					 * operations) destination buffer; those
> +					 * buffers can be linear or split using
> +					 * scatter-gather lists,
> +					 * - digest data pointer must point to
> +					 * the end of source or (in case of
> +					 * out-of-place operations) destination
> +					 * data, which is pointer to the raw
> +					 * data buffer + auth.data.offset +
> +					 * auth.data.length,
[Fiona] The word raw is confusing here - better leave it out.
i.e. in auth-then-encrypt direction and OOP, the dest buffer doesn't hold raw data, it holds encrypted data.
Copying Pablo - this is slightly different to what we suggested in RFC - can you review for the aesni-mb PMD please.

 
> +					 * - cipher.data.offset +
> +					 * cipher.data.length must be greater
> +					 * than auth.data.offset +
> +					 * auth.data.length and is typically
> +					 * equal to auth.data.offset +
> +					 * auth.data.length + digest_length.
> +					 *
> +					 * Note, that for security reasons, it
> +					 * is PMDs' responsibility to not
> +					 * leave an unencrypted digest in any
> +					 * buffer after performing auth-cipher
> +					 * operations.
> +					 *
[Fiona] below this is a separate note, which applies to all cases, not just to digest-encrypted case
so better move it back to above the digest-encrypted note
>  					 * For digest generation, the digest result
>  					 * will overwrite any data at this location.
>  					 *
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag
  2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
@ 2019-06-13 14:16     ` Trahe, Fiona
  0 siblings, 0 replies; 42+ messages in thread
From: Trahe, Fiona @ 2019-06-13 14:16 UTC (permalink / raw)
  To: Nowak, DamianX, dev
  Cc: Kusztal, ArkadiuszX, Akhil Goyal, De Lara Guarch, Pablo, Trahe, Fiona

Hi Damian,

> -----Original Message-----
> From: Nowak, DamianX
> Sent: Friday, June 7, 2019 11:06 AM
> To: dev@dpdk.org
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>
> Subject: [PATCH v2 02/10] cryptodev: add digest encrypted feature flag
> 
> Some PMDs can only support digest being
> encrypted separately in auth-cipher operations.
> Thus it is required to add feature flag in PMD
> to reflect if it does support digest-appended
> both: digest generation with encryption and
> decryption with digest verification.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> ---
>  lib/librte_cryptodev/rte_cryptodev.c | 2 ++
>  lib/librte_cryptodev/rte_cryptodev.h | 2 ++
>  2 files changed, 4 insertions(+)
> 
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index 00c2cf4..f657192 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -490,6 +490,8 @@ rte_cryptodev_get_feature_name(uint64_t flag)
>  		return "RSA_PRIV_OP_KEY_EXP";
>  	case RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT:
>  		return "RSA_PRIV_OP_KEY_QT";
> +	case RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED:
> +		return "DIGEST_ENCRYPTED";
[Fiona] This feature flag should be added to the matrix here:
http://doc.dpdk.org/guides/cryptodevs/overview.html#supported-feature-flags



^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases
  2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
                     ` (9 preceding siblings ...)
  2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
@ 2019-07-03 11:15   ` Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
                       ` (8 more replies)
  10 siblings, 9 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patchset adds support for digest appended
and encrypted auth-cipher operations on QAT, API
clarification and extension with dedicated
feature flag and a set of tests for KASUMI and
SNOW3G in-place, out-of-place and SGL using
operations.

---
v3:
- reorder and squash patches
- change semantics in comments and documentation
- add zuc test cases
- add support for partial digest encryption
- update support for sgl buffers

v2:
- extend support for partial digest encryption
- add release notes
- document limitations on QAT
- reorder patches
- update patchset name

Damian Nowak (8):
  cryptodev: document usage of digest-appended operations
  cryptodev: add digest encrypted feature flag
  crypto/qat: extend support for digest-encrypted auth-cipher
  test/crypto: add snow3g test cases for auth-cipher
  test/crypto: add zuc test cases for auth-cipher
  test/crypto: add kasumi test cases for auth-cipher
  test/crypto: add sgl test cases for ip and oop
  test/crypto: return correct value if feature not supported

 app/test/test_cryptodev.c                     | 1573 ++++++++++++++++++++++---
 app/test/test_cryptodev_kasumi_test_vectors.h |   98 +-
 app/test/test_cryptodev_snow3g_test_vectors.h |  234 +++-
 app/test/test_cryptodev_zuc_test_vectors.h    |   89 ++
 doc/guides/cryptodevs/features/default.ini    |    1 +
 doc/guides/cryptodevs/features/qat.ini        |    1 +
 doc/guides/cryptodevs/overview.rst            |    3 +
 doc/guides/rel_notes/release_19_08.rst        |    8 +
 drivers/crypto/qat/qat_sym.c                  |   63 +-
 drivers/crypto/qat/qat_sym_pmd.c              |    3 +-
 lib/librte_cryptodev/rte_crypto_sym.h         |   44 +
 lib/librte_cryptodev/rte_cryptodev.c          |    2 +
 lib/librte_cryptodev/rte_cryptodev.h          |    2 +
 13 files changed, 1948 insertions(+), 173 deletions(-)

-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
@ 2019-07-03 11:15     ` Damian Nowak
  2019-07-03 16:13       ` De Lara Guarch, Pablo
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
                       ` (7 subsequent siblings)
  8 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch explains what are the conditions
and how to use digest appended for auth-cipher
operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 44 +++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 4a6adbe..bc8da24 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -666,6 +666,50 @@ struct rte_crypto_sym_op {
 					 * For digest generation, the digest result
 					 * will overwrite any data at this location.
 					 *
+					 * @note
+					 * Digest-encrypted case.
+					 * Digest can be generated, appended to
+					 * the end of raw data and encrypted
+					 * together using chained digest
+					 * generation
+					 * (@ref RTE_CRYPTO_AUTH_OP_GENERATE)
+					 * and encryption
+					 * (@ref RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+					 * xforms. Similarly, authentication
+					 * of the raw data against appended,
+					 * decrypted digest, can be performed
+					 * using decryption
+					 * (@ref RTE_CRYPTO_CIPHER_OP_DECRYPT)
+					 * and digest verification
+					 * (@ref RTE_CRYPTO_AUTH_OP_VERIFY)
+					 * chained xforms.
+					 * To perform those operations, a few
+					 * additional conditions must be met:
+					 * - caller must allocate at least
+					 * digest_length of memory at the end of
+					 * source and (in case of out-of-place
+					 * operations) destination buffer; those
+					 * buffers can be linear or split using
+					 * scatter-gather lists,
+					 * - digest data pointer must point to
+					 * the end of source or (in case of
+					 * out-of-place operations) destination
+					 * data, which is pointer to the
+					 * data buffer + auth.data.offset +
+					 * auth.data.length,
+					 * - cipher.data.offset +
+					 * cipher.data.length must be greater
+					 * than auth.data.offset +
+					 * auth.data.length and is typically
+					 * equal to auth.data.offset +
+					 * auth.data.length + digest_length.
+					 *
+					 * Note, that for security reasons, it
+					 * is PMDs' responsibility to not
+					 * leave an unencrypted digest in any
+					 * buffer after performing auth-cipher
+					 * operations.
+					 *
 					 */
 					rte_iova_t phys_addr;
 					/**< Physical address of digest */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
@ 2019-07-03 11:15     ` Damian Nowak
  2019-07-03 16:14       ` De Lara Guarch, Pablo
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher Damian Nowak
                       ` (6 subsequent siblings)
  8 siblings, 1 reply; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

Some PMDs can only support digest being
encrypted separately in auth-cipher operations.
Thus it is required to add feature flag in PMD
to reflect if it does support digest-appended
both: digest generation with encryption and
decryption with digest verification.
This patch also adds information about new
feature flag to the release notes.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 doc/guides/cryptodevs/features/default.ini | 1 +
 doc/guides/cryptodevs/overview.rst         | 3 +++
 doc/guides/rel_notes/release_19_08.rst     | 3 +++
 lib/librte_cryptodev/rte_cryptodev.c       | 2 ++
 lib/librte_cryptodev/rte_cryptodev.h       | 2 ++
 5 files changed, 11 insertions(+)

diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 0e06261..d3ee1af 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -25,6 +25,7 @@ OOP LB  In SGL Out     =
 OOP LB  In LB  Out     =
 RSA PRIV OP KEY EXP    =
 RSA PRIV OP KEY QT     =
+Digest encrypted       =
 
 ;
 ; Supported crypto algorithms of a default crypto driver.
diff --git a/doc/guides/cryptodevs/overview.rst b/doc/guides/cryptodevs/overview.rst
index a972c79..e2a1e08 100644
--- a/doc/guides/cryptodevs/overview.rst
+++ b/doc/guides/cryptodevs/overview.rst
@@ -43,6 +43,9 @@ Supported Feature Flags
    - "RSA PRIV OP KEY QT" feature flag means PMD support RSA private key
      operation (Sign and Decrypt) using quintuple (crt) type key only.
 
+   - "Digest encrypted" feature flag means PMD support hash-cipher cases,
+     where generated digest is appended to and encrypted with the data.
+
 
 Supported Cipher Algorithms
 ---------------------------
diff --git a/doc/guides/rel_notes/release_19_08.rst b/doc/guides/rel_notes/release_19_08.rst
index 644a74b..c82b7f5 100644
--- a/doc/guides/rel_notes/release_19_08.rst
+++ b/doc/guides/rel_notes/release_19_08.rst
@@ -169,6 +169,9 @@ API Changes
   structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
   ``rte_crypto_aead_xform``) have been changed to ``const uint8_t *data``.
 
+* cryptodev: ``RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED`` feature flag
+  has been introduced.
+
 
 ABI Changes
 -----------
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 240b849..43bc335 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -490,6 +490,8 @@ rte_cryptodev_get_feature_name(uint64_t flag)
 		return "RSA_PRIV_OP_KEY_EXP";
 	case RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT:
 		return "RSA_PRIV_OP_KEY_QT";
+	case RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED:
+		return "DIGEST_ENCRYPTED";
 	default:
 		return NULL;
 	}
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index d701eea..e175b83 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -446,6 +446,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
 /**< Support RSA Private Key OP with exponent */
 #define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT		(1ULL << 18)
 /**< Support RSA Private Key OP with CRT (quintuple) Keys */
+#define RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED		(1ULL << 19)
+/**< Support encrypted-digest operations where digest is appended to data */
 
 
 /**
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
@ 2019-07-03 11:15     ` Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
                       ` (5 subsequent siblings)
  8 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds condition to be met when using
out-of-place auth-cipher operations. It checks
if the digest location overlaps with the data to
be encrypted or decrypted and if so, treats as a
digest-encrypted case.
Patch adds checking, if the digest is being
encrypted or decrypted partially and extends PMD
buffers accordingly.
It also adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 doc/guides/cryptodevs/features/qat.ini |  1 +
 doc/guides/rel_notes/release_19_08.rst |  5 +++
 drivers/crypto/qat/qat_sym.c           | 63 ++++++++++++++++++++++++++--------
 drivers/crypto/qat/qat_sym_pmd.c       |  3 +-
 4 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index e8f9060..0832e59 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -12,6 +12,7 @@ OOP SGL In SGL Out     = Y
 OOP SGL In LB  Out     = Y
 OOP LB  In SGL Out     = Y
 OOP LB  In LB  Out     = Y
+Digest encrypted       = Y
 
 ;
 ; Supported crypto algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_19_08.rst b/doc/guides/rel_notes/release_19_08.rst
index c82b7f5..8cf4067 100644
--- a/doc/guides/rel_notes/release_19_08.rst
+++ b/doc/guides/rel_notes/release_19_08.rst
@@ -126,6 +126,11 @@ New Features
   Added telemetry mode to l3fwd-power application to report
   application level busyness, empty and full polls of rte_eth_rx_burst().
 
+* **Updated the QuickAssist Technology (QAT) symmetric crypto PMD.**
+
+  Added support for digest-encrypted cases where digest is appended
+  to the data.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 7515a55..2dc0614 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -156,8 +156,9 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	uint32_t auth_len = 0, auth_ofs = 0;
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
+	uint64_t digest_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t wireless_auth = 0, in_place = 1;
+	uint8_t in_place = 1;
 	struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
 	struct qat_sym_op_cookie *cookie =
 				(struct qat_sym_op_cookie *)op_cookie;
@@ -270,7 +271,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 			}
 			auth_ofs = op->sym->auth.data.offset >> 3;
 			auth_len = op->sym->auth.data.length >> 3;
-			wireless_auth = 1;
 
 			auth_param->u1.aad_adr =
 					rte_crypto_op_ctophys_offset(op,
@@ -493,6 +493,53 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		(cipher_param->cipher_offset + cipher_param->cipher_length)
 		: (auth_param->auth_off + auth_param->auth_len);
 
+	if (do_auth && do_cipher) {
+		if (do_sgl) {
+			uint32_t remaining_off = auth_param->auth_off +
+				auth_param->auth_len;
+			struct rte_mbuf *sgl_buf =
+				(in_place ?
+				op->sym->m_src : op->sym->m_dst);
+			while (remaining_off >= rte_pktmbuf_data_len(
+					sgl_buf)) {
+				remaining_off -= rte_pktmbuf_data_len(
+						sgl_buf);
+				sgl_buf = sgl_buf->next;
+			}
+			digest_start = (uint64_t)rte_pktmbuf_iova_offset(
+				sgl_buf, remaining_off);
+		} else {
+			digest_start = (in_place ?
+				src_buf_start : dst_buf_start) +
+				auth_param->auth_off + auth_param->auth_len;
+		}
+		/* Handle cases of auth-gen-then-cipher and
+		 * cipher-decrypt-then-auth-verify with digest encrypted
+		 */
+		if ((auth_param->auth_off + auth_param->auth_len <
+					cipher_param->cipher_offset +
+					cipher_param->cipher_length) &&
+				(op->sym->auth.digest.phys_addr ==
+					digest_start)) {
+			/* Handle partial digest encryption */
+			if (cipher_param->cipher_offset +
+					cipher_param->cipher_length <
+					auth_param->auth_off +
+					auth_param->auth_len +
+					ctx->digest_length)
+				qat_req->comn_mid.dst_length =
+					qat_req->comn_mid.src_length =
+					auth_param->auth_off +
+					auth_param->auth_len +
+					ctx->digest_length;
+			struct icp_qat_fw_comn_req_hdr *header =
+				&qat_req->comn_hdr;
+			ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
+				header->serv_specif_flags,
+				ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
+		}
+	}
+
 	if (do_sgl) {
 
 		ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags,
@@ -535,18 +582,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	} else {
 		qat_req->comn_mid.src_data_addr = src_buf_start;
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
-		/* handle case of auth-gen-then-cipher with digest encrypted */
-		if (wireless_auth && in_place &&
-		    (op->sym->auth.digest.phys_addr ==
-				src_buf_start + auth_ofs + auth_len) &&
-		    (auth_ofs + auth_len + ctx->digest_length <=
-				cipher_ofs + cipher_len)) {
-			struct icp_qat_fw_comn_req_hdr *header =
-						&qat_req->comn_hdr;
-			ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
-				header->serv_specif_flags,
-				ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
-		}
 	}
 
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index af21270..71f21ce 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev)
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
-			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
+			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
+			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
 
 	internals = cryptodev->data->dev_private;
 	internals->qat_dev = qat_pci_dev;
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
                       ` (2 preceding siblings ...)
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher Damian Nowak
@ 2019-07-03 11:15     ` Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc " Damian Nowak
                       ` (4 subsequent siblings)
  8 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for snow3g in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.
It also adds cases where digest is encrypted
only partially.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 305 +++++++++++++++++++++-----
 app/test/test_cryptodev_snow3g_test_vectors.h | 167 +++++++++++++-
 2 files changed, 414 insertions(+), 58 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 7a3a3d1..4508941 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2017 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <time.h>
@@ -40,7 +40,10 @@
 #include "test_cryptodev_hmac_test_vectors.h"
 
 #define VDEV_ARGS_SIZE 100
-#define MAX_NB_SESSIONS            4
+#define MAX_NB_SESSIONS 4
+
+#define IN_PLACE 0
+#define OUT_OF_PLACE 1
 
 static int gbl_driver_id;
 
@@ -2874,7 +2877,8 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 		const uint8_t *auth_iv, uint8_t auth_iv_len,
 		unsigned int data_pad_len,
 		unsigned int cipher_len, unsigned int cipher_offset,
-		unsigned int auth_len, unsigned int auth_offset)
+		unsigned int auth_len, unsigned int auth_offset,
+		uint8_t op_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2890,24 +2894,31 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 
 	struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
 
-	/* set crypto operation source mbuf */
+	/* set crypto operation mbufs */
 	sym_op->m_src = ut_params->ibuf;
+	if (op_mode == OUT_OF_PLACE)
+		sym_op->m_dst = ut_params->obuf;
 
 	/* digest */
-	sym_op->auth.digest.data = (uint8_t *) rte_pktmbuf_mtod_offset(
-			ut_params->ibuf, uint8_t *, data_pad_len);
+	sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(
+		(op_mode == IN_PLACE ?
+			ut_params->ibuf : ut_params->obuf),
+		uint8_t *, data_pad_len);
 
 	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
 			"no room to append auth tag");
 
 	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
-			ut_params->ibuf, data_pad_len);
+		(op_mode == IN_PLACE ?
+			ut_params->ibuf : ut_params->obuf),
+		data_pad_len);
 
 	memset(sym_op->auth.digest.data, 0, auth_tag_len);
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
-	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
-						IV_OFFSET);
+	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(
+			ut_params->op, uint8_t *, IV_OFFSET);
+
 	rte_memcpy(iv_ptr, cipher_iv, cipher_iv_len);
 	iv_ptr += cipher_iv_len;
 	rte_memcpy(iv_ptr, auth_iv, auth_iv_len);
@@ -4372,90 +4383,164 @@ test_snow3g_cipher_auth(const struct snow3g_test_data *tdata)
 			"SNOW 3G Generated auth tag not as expected");
 	return 0;
 }
+
 static int
-test_snow3g_auth_cipher(const struct snow3g_test_data *tdata)
+test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	int retval;
 
-	uint8_t *plaintext, *ciphertext;
-	unsigned plaintext_pad_len;
-	unsigned plaintext_len;
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
 
 	/* Create SNOW 3G session */
-	retval = create_wireless_algo_auth_cipher_session(ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
-			RTE_CRYPTO_AUTH_OP_GENERATE,
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
 			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
 			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 			tdata->key.data, tdata->key.len,
 			tdata->auth_iv.len, tdata->digest.len,
 			tdata->cipher_iv.len);
+
 	if (retval < 0)
 		return retval;
 
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
 	/* clear mbuf payload */
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
-			rte_pktmbuf_tailroom(ut_params->ibuf));
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
 
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
-	/* Append data which is padded to a multiple of */
-	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
 	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
-	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-				plaintext_pad_len);
-	memcpy(plaintext, tdata->plaintext.data, plaintext_len);
 
-	debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	}
 
 	/* Create SNOW 3G operation */
 	retval = create_wireless_algo_auth_cipher_operation(
 		tdata->digest.len,
 		tdata->cipher_iv.data, tdata->cipher_iv.len,
 		tdata->auth_iv.data, tdata->auth_iv.len,
-		tdata->digest.offset_bytes == 0 ?
-		plaintext_pad_len : tdata->digest.offset_bytes,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
 		tdata->validCipherLenInBits.len,
 		tdata->cipher.offset_bits,
 		tdata->validAuthLenInBits.len,
-		tdata->auth.offset_bits);
+		tdata->auth.offset_bits,
+		op_mode);
 
 	if (retval < 0)
 		return retval;
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
+
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
-	ut_params->obuf = ut_params->op->sym->m_src;
-	if (ut_params->obuf)
-		ciphertext = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *);
-	else
-		ciphertext = plaintext;
 
-	ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext +
+				(tdata->cipher.offset_bits >> 3);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(ut_params->obuf, uint8_t *)
 			+ (tdata->digest.offset_bytes == 0 ?
-			plaintext_pad_len : tdata->digest.offset_bytes);
+		plaintext_pad_len : tdata->digest.offset_bytes);
 
-	debug_hexdump(stdout, "digest:", ut_params->digest, tdata->digest.len);
-	debug_hexdump(stdout, "ciphertext:", ciphertext, plaintext_len);
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:", tdata->digest.data,
+				tdata->digest.len);
+	}
 
 	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
-		ciphertext,
-		tdata->ciphertext.data,
-		tdata->validDataLenInBits.len,
-		"SNOW 3G Ciphertext data not as expected");
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"SNOW 3G Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"SNOW 3G Ciphertext data not as expected");
 
-	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL(
-		ut_params->digest,
-		tdata->digest.data,
-		DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
-		"SNOW 3G Generated auth tag not as expected");
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			ut_params->digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+			"SNOW 3G Generated auth tag not as expected");
+	}
 	return 0;
 }
 
@@ -4507,8 +4592,8 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
 				tdata->validCipherLenInBits.len,
 				tdata->validCipherOffsetInBits.len,
 				tdata->validAuthLenInBits.len,
-				0
-				);
+				0,
+				IN_PLACE);
 
 	if (retval < 0)
 		return retval;
@@ -5098,13 +5183,82 @@ test_snow3g_cipher_auth_test_case_1(void)
 static int
 test_snow3g_auth_cipher_test_case_1(void)
 {
-	return test_snow3g_auth_cipher(&snow3g_test_case_6);
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_2(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_2_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_1(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_2(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_2_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc_oop(void)
+{
+	return test_snow3g_auth_cipher(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 1);
 }
 
 static int
 test_snow3g_auth_cipher_with_digest_test_case_1(void)
 {
-	return test_snow3g_auth_cipher(&snow3g_test_case_7);
+	return test_snow3g_auth_cipher(
+		&snow3g_test_case_7, IN_PLACE, 0);
 }
 
 static int
@@ -8710,9 +8864,6 @@ test_authenticated_encryption_SGL(const struct aead_test_data *tdata,
 	return 0;
 }
 
-#define IN_PLACE	0
-#define OUT_OF_PLACE	1
-
 static int
 test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_400B(void)
 {
@@ -9249,6 +9400,30 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_decryption_test_case_1_oop),
 
+		/** SNOW 3G generate auth, then encrypt (UEA2) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_oop),
+
+		/** SNOW 3G decrypt (UEA2), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_oop),
+
 		/** SNOW 3G decrypt only (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_decryption_test_case_1),
@@ -9277,8 +9452,6 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_cipher_auth_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_snow3g_auth_cipher_test_case_1),
-		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_with_digest_test_case_1),
 
 		/** ZUC encrypt only (EEA3) */
@@ -10046,8 +10219,30 @@ static struct unit_test_suite cryptodev_sw_snow3g_testsuite  = {
 			test_snow3g_hash_verify_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_cipher_auth_test_case_1),
+
+		/** SNOW 3G generate auth, then encrypt (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_oop),
+
+		/** SNOW 3G decrypt (UEA2), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_oop),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
diff --git a/app/test/test_cryptodev_snow3g_test_vectors.h b/app/test/test_cryptodev_snow3g_test_vectors.h
index 3e55ac1..3abc037 100644
--- a/app/test/test_cryptodev_snow3g_test_vectors.h
+++ b/app/test/test_cryptodev_snow3g_test_vectors.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2017 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #ifndef TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_
@@ -59,6 +59,7 @@ struct snow3g_test_data {
 		unsigned int offset_bits;
 	} auth;
 };
+
 struct snow3g_test_data snow3g_test_case_1 = {
 	.key = {
 		.data = {
@@ -347,7 +348,8 @@ struct snow3g_test_data snow3g_test_case_5 = {
 		.len = 840
 	},
 };
-struct snow3g_test_data snow3g_test_case_6 = {
+
+struct snow3g_test_data snow3g_auth_cipher_test_case_1 = {
 	.key = {
 		.data = {
 			0xC7, 0x36, 0xC6, 0xAA, 0xB2, 0x2B, 0xFF, 0xF9,
@@ -415,7 +417,6 @@ struct snow3g_test_data snow3g_test_case_6 = {
 	},
 };
 
-
 struct snow3g_test_data snow3g_test_case_7 = {
 	.key = {
 		.data = {
@@ -508,4 +509,164 @@ struct snow3g_test_data snow3g_test_case_7 = {
 	},
 };
 
+struct snow3g_test_data snow3g_auth_cipher_test_case_2 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,  0x5A,
+			0x5A,  0x5A,  0x5A,  0x5A,  0x01,  0x02,  0x03,  0x04,
+
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A,  0x5A,  0xE4,  0xAD,  0x29,  0xA2,  0x6A,  0xA6,
+			0x20,  0x1D,  0xCD,  0x08,  0x50,  0xD6,  0xE6,  0x47,
+			0xBC,  0x88,  0x08,  0x01,  0x17,  0xFA,  0x47,  0x5B,
+			0x90,  0x40,  0xBA,  0x0C,  0xB5,  0x58,  0xF3,  0x0C,
+			0xA0,  0xD4,  0x98,  0x83,  0x1B,  0xCE,  0x54,  0xE3,
+			0x29,  0x00,  0x3C,  0xA4,  0xAD,  0x74,  0xEE,  0x05,
+			0xA3,  0x6C,  0xD4,  0xAC,  0xC6,  0x30,  0x33,  0xC9,
+			0x37,  0x57,  0x41,  0x9B,  0xD4,  0x73,  0xB9,  0x77,
+			0x70,  0x8B,  0x63,  0xDD,  0x22,  0xB8,  0xE1,  0x85,
+			0xB2,  0x92,  0x7C,  0x37,  0xD3,  0x2E,  0xD9,  0xF4,
+			0x4A,  0x69,  0x25,  0x30,  0xE3,  0x5B,  0x8B,  0xF6,
+			0x0F,  0xDE,  0x0B,  0x92,  0xD5,  0x25,  0x52,  0x6D,
+			0x26,  0xEB,  0x2F,  0x8A,  0x3B,  0x8B,  0x38,  0xE2,
+			0x48,  0xD3,  0x4A,  0x98,  0xF7,  0x3A,  0xC2,  0x46,
+			0x69,  0x8D,  0x73,  0x3E,  0x57,  0x88,  0x2C,  0x80,
+			0xF0,  0xF2,  0x75,  0xB8,  0x7D,  0x27,  0xC6,  0xDA,
+
+		},
+		.len = 128 << 3
+	},
+	.cipher = {
+		.len_bits = 126 << 3,
+		.offset_bits = 2 << 3
+	},
+	.auth = {
+		.len_bits = 124 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0x7D, 0x27, 0xC6, 0xDA
+		},
+		.len = 4,
+		.offset_bytes = 124
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+};
+
+struct snow3g_test_data snow3g_auth_cipher_partial_digest_encryption = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A
+		},
+		.len = 32 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0xE4, 0xAD,
+			0x29, 0xA2, 0x6A, 0xA6, 0x20, 0x1D, 0xCD, 0x08,
+			0x50, 0xD6, 0xE6, 0x47, 0xB3, 0xBD, 0xC3, 0x08
+		},
+		.len = 32 << 3
+	},
+	.cipher = {
+		.len_bits = 16 << 3,
+		.offset_bits = 14 << 3
+	},
+	.auth = {
+		.len_bits = 28 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0xB3, 0xBD, 0xC3, 0x08
+		},
+		.len = 4,
+		.offset_bytes = 28
+	},
+	.validDataLenInBits = {
+		.len = 32 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 16 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 28 << 3
+	},
+};
+
 #endif /* TEST_CRYPTODEV_SNOW3G_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc test cases for auth-cipher
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
                       ` (3 preceding siblings ...)
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
@ 2019-07-03 11:15     ` " Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi " Damian Nowak
                       ` (3 subsequent siblings)
  8 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for zuc in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                  | 204 +++++++++++++++++++++++++++++
 app/test/test_cryptodev_zuc_test_vectors.h |  89 +++++++++++++
 2 files changed, 293 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 4508941..757722a 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4953,6 +4953,170 @@ test_zuc_authentication(const struct wireless_test_data *tdata)
 }
 
 static int
+test_zuc_auth_cipher(const struct wireless_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
+	/* Create KASUMI session */
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
+			RTE_CRYPTO_AUTH_ZUC_EIA3,
+			RTE_CRYPTO_CIPHER_ZUC_EEA3,
+			tdata->key.data, tdata->key.len,
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+
+	/* clear mbuf payload */
+	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
+
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
+	plaintext_len = ceil_byte_length(tdata->plaintext.len);
+	/* Append data which is padded to a multiple of */
+	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
+
+	/* Create ZUC operation */
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->validCipherOffsetInBits.len,
+		tdata->validAuthLenInBits.len,
+		0,
+		op_mode);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+			ut_params->op);
+
+	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext;
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(
+			ut_params->obuf, uint8_t *) +
+			(tdata->digest.offset_bytes == 0 ?
+			plaintext_pad_len : tdata->digest.offset_bytes);
+
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
+
+	/* Validate obuf */
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"ZUC Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->ciphertext.len >> 3,
+			"ZUC Ciphertext data not as expected");
+
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			ut_params->digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_KASUMI_F9,
+			"ZUC Generated auth tag not as expected");
+	}
+	return 0;
+}
+
+static int
 test_kasumi_encryption_test_case_1(void)
 {
 	return test_kasumi_encryption(&kasumi_test_case_1);
@@ -5370,6 +5534,34 @@ test_zuc_cipher_auth_test_case_2(void)
 }
 
 static int
+test_zuc_auth_cipher_test_case_1(void)
+{
+	return test_zuc_auth_cipher(
+		&zuc_auth_cipher_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_zuc_auth_cipher_test_case_1_oop(void)
+{
+	return test_zuc_auth_cipher(
+		&zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 0);
+}
+
+static int
+test_zuc_auth_cipher_verify_test_case_1(void)
+{
+	return test_zuc_auth_cipher(
+		&zuc_auth_cipher_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_zuc_auth_cipher_verify_test_case_1_oop(void)
+{
+	return test_zuc_auth_cipher(
+		&zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1);
+}
+
+static int
 test_3DES_chain_qat_all(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -9480,6 +9672,18 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_zuc_cipher_auth_test_case_2),
 
+		/** ZUC generate auth, then encrypt (EEA3) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_test_case_1_oop),
+
+		/** ZUC decrypt (EEA3), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_verify_test_case_1_oop),
+
 		/** HMAC_MD5 Authentication */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_MD5_HMAC_generate_case_1),
diff --git a/app/test/test_cryptodev_zuc_test_vectors.h b/app/test/test_cryptodev_zuc_test_vectors.h
index 9ff821a..cc2338e 100644
--- a/app/test/test_cryptodev_zuc_test_vectors.h
+++ b/app/test/test_cryptodev_zuc_test_vectors.h
@@ -35,6 +35,11 @@ struct wireless_test_data {
 	} validCipherLenInBits;
 
 	struct {
+		unsigned int len;
+	} validCipherOffsetInBits;
+
+
+	struct {
 		unsigned len;
 	} validAuthLenInBits;
 
@@ -46,6 +51,7 @@ struct wireless_test_data {
 	struct {
 		uint8_t data[64];
 		unsigned len;
+		unsigned int offset_bytes; /* offset must be in Bytes */
 	} digest;
 };
 static struct wireless_test_data zuc_test_case_cipher_193b = {
@@ -1040,4 +1046,87 @@ static struct wireless_test_data zuc_test_case_auth_584b = {
 	}
 };
 
+struct wireless_test_data zuc_auth_cipher_test_case_1 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10
+		},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0xDB, 0x3D, 0xD5, 0xB7, 0xB9, 0x58,
+			0xA5, 0xD3, 0xE3, 0xF9, 0x18, 0x73, 0xB4, 0x74,
+			0x05, 0xF0, 0xE9, 0xB6, 0x5D, 0x9A, 0xE3, 0xFA,
+			0x5D, 0xFD, 0x24, 0x51, 0xAD, 0x73, 0xCA, 0x64,
+			0x91, 0xD5, 0xB3, 0x94, 0x10, 0x91, 0x89, 0xEA,
+			0x73, 0x6F, 0xB0, 0x2A, 0x0A, 0x63, 0x0F, 0x8D,
+			0x64, 0x87, 0xA3, 0x14, 0x6B, 0x93, 0x31, 0x0F,
+			0x14, 0xAD, 0xEA, 0x62, 0x80, 0x3F, 0x44, 0xDD,
+			0x4E, 0x30, 0xFA, 0xC8, 0x0E, 0x5F, 0x46, 0xE7,
+			0x60, 0xEC, 0xDF, 0x8B, 0x94, 0x7D, 0x2E, 0x63,
+			0x48, 0xD9, 0x69, 0x06, 0x13, 0xF2, 0x20, 0x49,
+			0x54, 0xA6, 0xD4, 0x98, 0xF4, 0xF6, 0x1D, 0x4A,
+			0xC9, 0xA5, 0xDA, 0x46, 0x3D, 0xD9, 0x02, 0x47,
+			0x1C, 0x20, 0x73, 0x35, 0x17, 0x1D, 0x81, 0x8D,
+			0x2E, 0xCD, 0x70, 0x37, 0x22, 0x55, 0x3C, 0xF3,
+			0xDA, 0x70, 0x42, 0x12, 0x0E, 0xAA, 0xC4, 0xAB
+		},
+		.len = 128 << 3
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+	.validCipherOffsetInBits = {
+		.len = 2 << 3
+	},
+	.digest = {
+		.data = {0x0E, 0xAA, 0xC4, 0xAB},
+		.len  = 4,
+		.offset_bytes = 124
+	}
+};
+
 #endif /* TEST_CRYPTODEV_ZUC_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi test cases for auth-cipher
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
                       ` (4 preceding siblings ...)
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc " Damian Nowak
@ 2019-07-03 11:15     ` " Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop Damian Nowak
                       ` (2 subsequent siblings)
  8 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for kasumi in-place
and out-of-place auth-cipher operations. Test
cases include buffer appended digest generation
with encryption and buffer decryption with
appended digest verification.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 221 +++++++++++++++++++++-----
 app/test/test_cryptodev_kasumi_test_vectors.h |  98 ++++++++++--
 2 files changed, 269 insertions(+), 50 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 757722a..518d3b5 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -4545,87 +4545,164 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 }
 
 static int
-test_kasumi_auth_cipher(const struct kasumi_test_data *tdata)
+test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
 
 	int retval;
 
-	uint8_t *plaintext, *ciphertext;
-	unsigned plaintext_pad_len;
-	unsigned plaintext_len;
+	uint8_t *plaintext = NULL, *ciphertext = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == OUT_OF_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
 
 	/* Create KASUMI session */
 	retval = create_wireless_algo_auth_cipher_session(
 			ts_params->valid_devs[0],
-			RTE_CRYPTO_CIPHER_OP_ENCRYPT,
-			RTE_CRYPTO_AUTH_OP_GENERATE,
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
 			RTE_CRYPTO_AUTH_KASUMI_F9,
 			RTE_CRYPTO_CIPHER_KASUMI_F8,
 			tdata->key.data, tdata->key.len,
 			0, tdata->digest.len,
 			tdata->cipher_iv.len);
+
 	if (retval < 0)
 		return retval;
+
 	ut_params->ibuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+	if (op_mode == OUT_OF_PLACE)
+		ut_params->obuf = rte_pktmbuf_alloc(ts_params->mbuf_pool);
 
 	/* clear mbuf payload */
 	memset(rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *), 0,
-			rte_pktmbuf_tailroom(ut_params->ibuf));
+		rte_pktmbuf_tailroom(ut_params->ibuf));
+	if (op_mode == OUT_OF_PLACE)
+		memset(rte_pktmbuf_mtod(ut_params->obuf, uint8_t *), 0,
+			rte_pktmbuf_tailroom(ut_params->obuf));
 
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
-	/* Append data which is padded to a multiple of */
-	/* the algorithms block size */
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
 	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
-	plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
-				plaintext_pad_len);
-	memcpy(plaintext, tdata->plaintext.data, plaintext_len);
 
-	debug_hexdump(stdout, "plaintext:", plaintext, plaintext_len);
+	if (verify) {
+		ciphertext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					ciphertext_pad_len);
+		memcpy(ciphertext, tdata->ciphertext.data, ciphertext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, ciphertext_pad_len);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+					plaintext_pad_len);
+		memcpy(plaintext, tdata->plaintext.data, plaintext_len);
+		if (op_mode == OUT_OF_PLACE)
+			rte_pktmbuf_append(ut_params->obuf, plaintext_pad_len);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
 
 	/* Create KASUMI operation */
-	retval = create_wireless_algo_auth_cipher_operation(tdata->digest.len,
-				tdata->cipher_iv.data, tdata->cipher_iv.len,
-				NULL, 0,
-				plaintext_pad_len,
-				tdata->validCipherLenInBits.len,
-				tdata->validCipherOffsetInBits.len,
-				tdata->validAuthLenInBits.len,
-				0,
-				IN_PLACE);
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		NULL, 0,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->validCipherOffsetInBits.len,
+		tdata->validAuthLenInBits.len,
+		0,
+		op_mode);
 
 	if (retval < 0)
 		return retval;
 
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
+
 	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
-	if (ut_params->op->sym->m_dst)
-		ut_params->obuf = ut_params->op->sym->m_dst;
-	else
-		ut_params->obuf = ut_params->op->sym->m_src;
 
-	ciphertext = rte_pktmbuf_mtod_offset(ut_params->obuf, uint8_t *,
-				tdata->validCipherOffsetInBits.len >> 3);
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			plaintext = ciphertext;
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_mtod(ut_params->obuf,
+							uint8_t *);
+		else
+			ciphertext = plaintext;
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		ut_params->digest = rte_pktmbuf_mtod(
+			ut_params->obuf, uint8_t *) +
+			(tdata->digest.offset_bytes == 0 ?
+			plaintext_pad_len : tdata->digest.offset_bytes);
+
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
 
-	const uint8_t *reference_ciphertext = tdata->ciphertext.data +
-				(tdata->validCipherOffsetInBits.len >> 3);
 	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"KASUMI Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
 			ciphertext,
-			reference_ciphertext,
-			tdata->validCipherLenInBits.len,
+			tdata->ciphertext.data,
+			tdata->ciphertext.len >> 3,
 			"KASUMI Ciphertext data not as expected");
-	ut_params->digest = rte_pktmbuf_mtod(ut_params->ibuf, uint8_t *)
-	    + plaintext_pad_len;
 
-	/* Validate obuf */
-	TEST_ASSERT_BUFFERS_ARE_EQUAL(
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			ut_params->digest,
 			tdata->digest.data,
 			DIGEST_BYTE_LENGTH_KASUMI_F9,
 			"KASUMI Generated auth tag not as expected");
+	}
 	return 0;
 }
 
@@ -5428,7 +5505,43 @@ test_snow3g_auth_cipher_with_digest_test_case_1(void)
 static int
 test_kasumi_auth_cipher_test_case_1(void)
 {
-	return test_kasumi_auth_cipher(&kasumi_test_case_3);
+	return test_kasumi_auth_cipher(
+		&kasumi_test_case_3, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2_oop(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_1(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_test_case_3, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2_oop(void)
+{
+	return test_kasumi_auth_cipher(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
 }
 
 static int
@@ -9728,9 +9841,23 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_encryption_test_case_3),
 		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_cipher_auth_test_case_1),
+
+		/** KASUMI generate auth, then encrypt (F8) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_kasumi_cipher_auth_test_case_1),
+			test_kasumi_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_oop),
+
+		/** KASUMI decrypt (F8), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_oop),
 
 		/** Negative tests */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10347,9 +10474,23 @@ static struct unit_test_suite cryptodev_sw_kasumi_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_hash_verify_test_case_5),
 		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_cipher_auth_test_case_1),
+
+		/** KASUMI generate auth, then encrypt (F8) */
+		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-			test_kasumi_cipher_auth_test_case_1),
+			test_kasumi_auth_cipher_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_oop),
+
+		/** KASUMI decrypt (F8), then verify auth */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_oop),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_kasumi_test_vectors.h b/app/test/test_cryptodev_kasumi_test_vectors.h
index 58a696a..f0a6d55 100644
--- a/app/test/test_cryptodev_kasumi_test_vectors.h
+++ b/app/test/test_cryptodev_kasumi_test_vectors.h
@@ -8,12 +8,12 @@
 struct kasumi_test_data {
 	struct {
 		uint8_t data[64];
-		unsigned len;
+		unsigned int len;
 	} key;
 
 	struct {
 		uint8_t data[64] __rte_aligned(16);
-		unsigned len;
+		unsigned int len;
 	} cipher_iv;
 
 	/*
@@ -23,20 +23,20 @@ struct kasumi_test_data {
 	 */
 	struct {
 		uint8_t data[1024];
-		unsigned len; /* length must be in Bits */
+		unsigned int len; /* length must be in Bits */
 	} plaintext;
 
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validDataLenInBits;
 
 	struct {
 		uint8_t data[1024];
-		unsigned len; /* length must be in Bits */
+		unsigned int len; /* length must be in Bits */
 	} ciphertext;
 
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validCipherLenInBits;
 
 	struct {
@@ -45,12 +45,13 @@ struct kasumi_test_data {
 
 	/* Actual length of data to be hashed */
 	struct {
-		unsigned len;
+		unsigned int len;
 	} validAuthLenInBits;
 
 	struct {
 		uint8_t data[64];
-		unsigned len;
+		unsigned int len;
+		unsigned int offset_bytes; /* offset must be in Bytes */
 	} digest;
 
 };
@@ -205,7 +206,8 @@ struct kasumi_test_data kasumi_test_case_3 = {
 	},
 	.digest = {
 		.data = {0x87, 0x5F, 0xE4, 0x89},
-		.len  = 4
+		.len  = 4,
+		.offset_bytes = 0
 	}
 };
 
@@ -353,7 +355,83 @@ struct kasumi_test_data kasumi_test_case_6 = {
 	},
 	.digest = {
 		.data = {0x0F, 0xD2, 0xAA, 0xB5},
-		.len  = 4
+		.len  = 4,
+		.offset_bytes = 0
+	}
+};
+
+struct kasumi_test_data kasumi_auth_cipher_test_case_2 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10
+		},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 8
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A
+		},
+		.len = 128 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0xFA, 0xC6, 0xA9, 0x09, 0x91, 0x74,
+			0x35, 0xAA, 0x85, 0xB0, 0xE0, 0x07, 0x78, 0xDA,
+			0x05, 0x88, 0x4E, 0x8D, 0xEC, 0x41, 0xF3, 0xBC,
+			0x0D, 0x9F, 0xE3, 0xEF, 0x8E, 0x33, 0x22, 0xF3,
+			0x15, 0x4B, 0x12, 0xC2, 0x22, 0x12, 0xD6, 0x46,
+			0xD7, 0x27, 0x20, 0x1D, 0x50, 0x60, 0x9D, 0x42,
+			0xF6, 0x73, 0xF5, 0x28, 0x88, 0xBE, 0x60, 0xEC,
+			0x9C, 0x18, 0x81, 0xC4, 0x0A, 0xF4, 0xD5, 0x7A,
+			0xB5, 0x3F, 0x1A, 0x79, 0xAB, 0x79, 0xDB, 0x24,
+			0xF9, 0x6E, 0x86, 0x78, 0x10, 0x19, 0xAE, 0xD8,
+			0xB2, 0xCA, 0x32, 0x8D, 0xD8, 0x28, 0x8B, 0x2F,
+			0x5B, 0x3C, 0xE3, 0x7D, 0xD3, 0x70, 0x11, 0xDE,
+			0x2C, 0xDC, 0xC1, 0xC6, 0xB6, 0xFD, 0xF3, 0x7D,
+			0x38, 0x97, 0x8B, 0x81, 0x02, 0x88, 0x62, 0x3C,
+			0x1E, 0x1A, 0x93, 0x21, 0xE3, 0x6D, 0xD7, 0x20,
+			0x80, 0xA8, 0xDA, 0x18, 0x8F, 0x58, 0x0F, 0x4E
+		},
+		.len = 128 << 3
+	},
+	.validDataLenInBits = {
+		.len = 128 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 126 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 124 << 3
+	},
+	.validCipherOffsetInBits = {
+		.len = 2 << 3
+	},
+	.digest = {
+		.data = {0x8F, 0x58, 0x0F, 0x4E},
+		.len  = 4,
+		.offset_bytes = 124
 	}
 };
 #endif /* TEST_CRYPTODEV_KASUMI_TEST_VECTORS_H_ */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
                       ` (5 preceding siblings ...)
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi " Damian Nowak
@ 2019-07-03 11:15     ` Damian Nowak
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported Damian Nowak
  2019-07-03 15:28     ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Trahe, Fiona
  8 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch adds test cases for wireless in-place
and out-of-place auth-cipher operations with
scatter-gather lists as input and output mbufs.
Test cases include buffer appended digest
generation with encryption and buffer decryption
with appended digest verification.
It also adds cases where digest is encrypted
only partially.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c                     | 783 +++++++++++++++++++++++++-
 app/test/test_cryptodev_snow3g_test_vectors.h |  67 +++
 2 files changed, 830 insertions(+), 20 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 518d3b5..336cfd0 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -2878,7 +2878,7 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 		unsigned int data_pad_len,
 		unsigned int cipher_len, unsigned int cipher_offset,
 		unsigned int auth_len, unsigned int auth_offset,
-		uint8_t op_mode)
+		uint8_t op_mode, uint8_t do_sgl)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -2900,20 +2900,39 @@ create_wireless_algo_auth_cipher_operation(unsigned int auth_tag_len,
 		sym_op->m_dst = ut_params->obuf;
 
 	/* digest */
-	sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(
-		(op_mode == IN_PLACE ?
-			ut_params->ibuf : ut_params->obuf),
-		uint8_t *, data_pad_len);
-
-	TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+	if (!do_sgl) {
+		sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(
+			(op_mode == IN_PLACE ?
+				ut_params->ibuf : ut_params->obuf),
+			uint8_t *, data_pad_len);
+		sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
+			(op_mode == IN_PLACE ?
+				ut_params->ibuf : ut_params->obuf),
+			data_pad_len);
+		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
 			"no room to append auth tag");
-
-	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
-		(op_mode == IN_PLACE ?
-			ut_params->ibuf : ut_params->obuf),
-		data_pad_len);
-
-	memset(sym_op->auth.digest.data, 0, auth_tag_len);
+		memset(sym_op->auth.digest.data, 0, auth_tag_len);
+	} else {
+		uint16_t remaining_off = (auth_offset >> 3) + (auth_len >> 3);
+		struct rte_mbuf *sgl_buf = (op_mode == IN_PLACE ?
+				sym_op->m_src : sym_op->m_dst);
+		while (remaining_off >= rte_pktmbuf_data_len(sgl_buf)) {
+			remaining_off -= rte_pktmbuf_data_len(sgl_buf);
+			sgl_buf = sgl_buf->next;
+		}
+		sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(sgl_buf,
+				uint8_t *, remaining_off);
+		sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(sgl_buf,
+				remaining_off);
+		TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+			"no room to append auth tag");
+		memset(sym_op->auth.digest.data, 0, remaining_off);
+		while (sgl_buf->next != NULL) {
+			memset(rte_pktmbuf_mtod(sgl_buf, uint8_t *),
+				0, rte_pktmbuf_data_len(sgl_buf));
+			sgl_buf = sgl_buf->next;
+		}
+	}
 
 	/* Copy cipher and auth IVs at the end of the crypto operation */
 	uint8_t *iv_ptr = rte_crypto_op_ctod_offset(
@@ -4473,7 +4492,7 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 		tdata->cipher.offset_bits,
 		tdata->validAuthLenInBits.len,
 		tdata->auth.offset_bits,
-		op_mode);
+		op_mode, 0);
 
 	if (retval < 0)
 		return retval;
@@ -4545,6 +4564,190 @@ test_snow3g_auth_cipher(const struct snow3g_test_data *tdata,
 }
 
 static int
+test_snow3g_auth_cipher_sgl(const struct snow3g_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+
+	const uint8_t *plaintext = NULL;
+	const uint8_t *ciphertext = NULL;
+	const uint8_t *digest = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+	uint8_t buffer[10000];
+	uint8_t digest_buffer[10000];
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == IN_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+			printf("Device doesn't support in-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+	} else {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
+			printf("Device doesn't support out-of-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
+	/* Create SNOW 3G session */
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
+			RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+			tdata->key.data, tdata->key.len,
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
+
+	if (retval < 0)
+		return retval;
+
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
+	plaintext_len = ceil_byte_length(tdata->plaintext.len);
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+	ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
+			plaintext_pad_len, 15, 0);
+	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
+			"Failed to allocate input buffer in mempool");
+
+	if (op_mode == OUT_OF_PLACE) {
+		ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool,
+				plaintext_pad_len, 15, 0);
+		TEST_ASSERT_NOT_NULL(ut_params->obuf,
+				"Failed to allocate output buffer in mempool");
+	}
+
+	if (verify) {
+		pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
+			tdata->ciphertext.data);
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
+			tdata->plaintext.data);
+		plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Create SNOW 3G operation */
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		tdata->auth_iv.data, tdata->auth_iv.len,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->cipher.offset_bits,
+		tdata->validAuthLenInBits.len,
+		tdata->auth.offset_bits,
+		op_mode, 1);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+			ut_params->op);
+
+	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
+					plaintext_len, buffer);
+		else
+			plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
+					ciphertext_len, buffer);
+		else
+			ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		if (ut_params->obuf)
+			digest = rte_pktmbuf_read(ut_params->obuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+		else
+			digest = rte_pktmbuf_read(ut_params->ibuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+
+		debug_hexdump(stdout, "digest:", digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
+
+	/* Validate obuf */
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"SNOW 3G Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"SNOW 3G Ciphertext data not as expected");
+
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_SNOW3G_UIA2,
+			"SNOW 3G Generated auth tag not as expected");
+	}
+	return 0;
+}
+
+static int
 test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 	uint8_t op_mode, uint8_t verify)
 {
@@ -4634,7 +4837,7 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 		tdata->validCipherOffsetInBits.len,
 		tdata->validAuthLenInBits.len,
 		0,
-		op_mode);
+		op_mode, 0);
 
 	if (retval < 0)
 		return retval;
@@ -4677,7 +4880,191 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 			(tdata->digest.offset_bytes == 0 ?
 			plaintext_pad_len : tdata->digest.offset_bytes);
 
-		debug_hexdump(stdout, "digest:", ut_params->digest,
+		debug_hexdump(stdout, "digest:", ut_params->digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
+
+	/* Validate obuf */
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"KASUMI Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->ciphertext.len >> 3,
+			"KASUMI Ciphertext data not as expected");
+
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			ut_params->digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_KASUMI_F9,
+			"KASUMI Generated auth tag not as expected");
+	}
+	return 0;
+}
+
+static int
+test_kasumi_auth_cipher_sgl(const struct kasumi_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+
+	const uint8_t *plaintext = NULL;
+	const uint8_t *ciphertext = NULL;
+	const uint8_t *digest = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+	uint8_t buffer[10000];
+	uint8_t digest_buffer[10000];
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == IN_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+			printf("Device doesn't support in-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+	} else {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
+			printf("Device doesn't support out-of-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
+	/* Create KASUMI session */
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
+			RTE_CRYPTO_AUTH_KASUMI_F9,
+			RTE_CRYPTO_CIPHER_KASUMI_F8,
+			tdata->key.data, tdata->key.len,
+			0, tdata->digest.len,
+			tdata->cipher_iv.len);
+
+	if (retval < 0)
+		return retval;
+
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
+	plaintext_len = ceil_byte_length(tdata->plaintext.len);
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+	ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
+			plaintext_pad_len, 15, 0);
+	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
+			"Failed to allocate input buffer in mempool");
+
+	if (op_mode == OUT_OF_PLACE) {
+		ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool,
+				plaintext_pad_len, 15, 0);
+		TEST_ASSERT_NOT_NULL(ut_params->obuf,
+				"Failed to allocate output buffer in mempool");
+	}
+
+	if (verify) {
+		pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
+			tdata->ciphertext.data);
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
+			tdata->plaintext.data);
+		plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Create SNOW 3G operation */
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		NULL, 0,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->validCipherOffsetInBits.len,
+		tdata->validAuthLenInBits.len,
+		0,
+		op_mode, 1);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+			ut_params->op);
+
+	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
+					plaintext_len, buffer);
+		else
+			plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
+					ciphertext_len, buffer);
+		else
+			ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		if (ut_params->obuf)
+			digest = rte_pktmbuf_read(ut_params->obuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+		else
+			digest = rte_pktmbuf_read(ut_params->ibuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+
+		debug_hexdump(stdout, "digest:", digest,
 			tdata->digest.len);
 		debug_hexdump(stdout, "digest expected:",
 			tdata->digest.data, tdata->digest.len);
@@ -4694,11 +5081,11 @@ test_kasumi_auth_cipher(const struct kasumi_test_data *tdata,
 		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
 			ciphertext,
 			tdata->ciphertext.data,
-			tdata->ciphertext.len >> 3,
+			tdata->validDataLenInBits.len,
 			"KASUMI Ciphertext data not as expected");
 
 		TEST_ASSERT_BUFFERS_ARE_EQUAL(
-			ut_params->digest,
+			digest,
 			tdata->digest.data,
 			DIGEST_BYTE_LENGTH_KASUMI_F9,
 			"KASUMI Generated auth tag not as expected");
@@ -5121,7 +5508,7 @@ test_zuc_auth_cipher(const struct wireless_test_data *tdata,
 		tdata->validCipherOffsetInBits.len,
 		tdata->validAuthLenInBits.len,
 		0,
-		op_mode);
+		op_mode, 0);
 
 	if (retval < 0)
 		return retval;
@@ -5194,6 +5581,190 @@ test_zuc_auth_cipher(const struct wireless_test_data *tdata,
 }
 
 static int
+test_zuc_auth_cipher_sgl(const struct wireless_test_data *tdata,
+	uint8_t op_mode, uint8_t verify)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+
+	const uint8_t *plaintext = NULL;
+	const uint8_t *ciphertext = NULL;
+	const uint8_t *digest = NULL;
+	unsigned int plaintext_pad_len;
+	unsigned int plaintext_len;
+	unsigned int ciphertext_pad_len;
+	unsigned int ciphertext_len;
+	uint8_t buffer[10000];
+	uint8_t digest_buffer[10000];
+
+	struct rte_cryptodev_info dev_info;
+
+	rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+
+	uint64_t feat_flags = dev_info.feature_flags;
+
+	if (op_mode == IN_PLACE) {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
+			printf("Device doesn't support in-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+	} else {
+		if (!(feat_flags & RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT)) {
+			printf("Device doesn't support out-of-place scatter-gather "
+					"in both input and output mbufs.\n");
+			return -ENOTSUP;
+		}
+		if (!(feat_flags & RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED)) {
+			printf("Device doesn't support digest encrypted.\n");
+			return -ENOTSUP;
+		}
+	}
+
+	/* Create ZUC session */
+	retval = create_wireless_algo_auth_cipher_session(
+			ts_params->valid_devs[0],
+			(verify ? RTE_CRYPTO_CIPHER_OP_DECRYPT
+					: RTE_CRYPTO_CIPHER_OP_ENCRYPT),
+			(verify ? RTE_CRYPTO_AUTH_OP_VERIFY
+					: RTE_CRYPTO_AUTH_OP_GENERATE),
+			RTE_CRYPTO_AUTH_ZUC_EIA3,
+			RTE_CRYPTO_CIPHER_ZUC_EEA3,
+			tdata->key.data, tdata->key.len,
+			tdata->auth_iv.len, tdata->digest.len,
+			tdata->cipher_iv.len);
+
+	if (retval < 0)
+		return retval;
+
+	ciphertext_len = ceil_byte_length(tdata->ciphertext.len);
+	plaintext_len = ceil_byte_length(tdata->plaintext.len);
+	ciphertext_pad_len = RTE_ALIGN_CEIL(ciphertext_len, 16);
+	plaintext_pad_len = RTE_ALIGN_CEIL(plaintext_len, 16);
+
+	ut_params->ibuf = create_segmented_mbuf(ts_params->mbuf_pool,
+			plaintext_pad_len, 15, 0);
+	TEST_ASSERT_NOT_NULL(ut_params->ibuf,
+			"Failed to allocate input buffer in mempool");
+
+	if (op_mode == OUT_OF_PLACE) {
+		ut_params->obuf = create_segmented_mbuf(ts_params->mbuf_pool,
+				plaintext_pad_len, 15, 0);
+		TEST_ASSERT_NOT_NULL(ut_params->obuf,
+				"Failed to allocate output buffer in mempool");
+	}
+
+	if (verify) {
+		pktmbuf_write(ut_params->ibuf, 0, ciphertext_len,
+			tdata->ciphertext.data);
+		ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+	} else {
+		pktmbuf_write(ut_params->ibuf, 0, plaintext_len,
+			tdata->plaintext.data);
+		plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			plaintext_len);
+	}
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Create ZUC operation */
+	retval = create_wireless_algo_auth_cipher_operation(
+		tdata->digest.len,
+		tdata->cipher_iv.data, tdata->cipher_iv.len,
+		NULL, 0,
+		(tdata->digest.offset_bytes == 0 ?
+		(verify ? ciphertext_pad_len : plaintext_pad_len)
+			: tdata->digest.offset_bytes),
+		tdata->validCipherLenInBits.len,
+		tdata->validCipherOffsetInBits.len,
+		tdata->validAuthLenInBits.len,
+		0,
+		op_mode, 1);
+
+	if (retval < 0)
+		return retval;
+
+	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
+			ut_params->op);
+
+	TEST_ASSERT_NOT_NULL(ut_params->op, "failed to retrieve obuf");
+
+	ut_params->obuf = (op_mode == IN_PLACE ?
+		ut_params->op->sym->m_src : ut_params->op->sym->m_dst);
+
+	if (verify) {
+		if (ut_params->obuf)
+			plaintext = rte_pktmbuf_read(ut_params->obuf, 0,
+					plaintext_len, buffer);
+		else
+			plaintext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					plaintext_len, buffer);
+
+		debug_hexdump(stdout, "plaintext:", plaintext,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+		debug_hexdump(stdout, "plaintext expected:",
+			tdata->plaintext.data,
+			(tdata->plaintext.len >> 3) - tdata->digest.len);
+	} else {
+		if (ut_params->obuf)
+			ciphertext = rte_pktmbuf_read(ut_params->obuf, 0,
+					ciphertext_len, buffer);
+		else
+			ciphertext = rte_pktmbuf_read(ut_params->ibuf, 0,
+					ciphertext_len, buffer);
+
+		debug_hexdump(stdout, "ciphertext:", ciphertext,
+			ciphertext_len);
+		debug_hexdump(stdout, "ciphertext expected:",
+			tdata->ciphertext.data, tdata->ciphertext.len >> 3);
+
+		if (ut_params->obuf)
+			digest = rte_pktmbuf_read(ut_params->obuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+		else
+			digest = rte_pktmbuf_read(ut_params->ibuf,
+				(tdata->digest.offset_bytes == 0 ?
+				plaintext_pad_len : tdata->digest.offset_bytes),
+				tdata->digest.len, digest_buffer);
+
+		debug_hexdump(stdout, "digest:", digest,
+			tdata->digest.len);
+		debug_hexdump(stdout, "digest expected:",
+			tdata->digest.data, tdata->digest.len);
+	}
+
+	/* Validate obuf */
+	if (verify) {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			plaintext,
+			tdata->plaintext.data,
+			tdata->plaintext.len >> 3,
+			"ZUC Plaintext data not as expected");
+	} else {
+		TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT(
+			ciphertext,
+			tdata->ciphertext.data,
+			tdata->validDataLenInBits.len,
+			"ZUC Ciphertext data not as expected");
+
+		TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			digest,
+			tdata->digest.data,
+			DIGEST_BYTE_LENGTH_KASUMI_F9,
+			"ZUC Generated auth tag not as expected");
+	}
+	return 0;
+}
+
+static int
 test_kasumi_encryption_test_case_1(void)
 {
 	return test_kasumi_encryption(&kasumi_test_case_1);
@@ -5459,6 +6030,36 @@ test_snow3g_auth_cipher_part_digest_enc_oop(void)
 }
 
 static int
+test_snow3g_auth_cipher_test_case_3_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_test_case_3_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, OUT_OF_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 0);
+}
+
+static int
+test_snow3g_auth_cipher_part_digest_enc_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 0);
+}
+
+static int
 test_snow3g_auth_cipher_verify_test_case_1(void)
 {
 	return test_snow3g_auth_cipher(
@@ -5496,6 +6097,36 @@ test_snow3g_auth_cipher_verify_part_digest_enc_oop(void)
 }
 
 static int
+test_snow3g_auth_cipher_verify_test_case_3_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_test_case_3_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_test_case_3, OUT_OF_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			IN_PLACE, 1);
+}
+
+static int
+test_snow3g_auth_cipher_verify_part_digest_enc_oop_sgl(void)
+{
+	return test_snow3g_auth_cipher_sgl(
+		&snow3g_auth_cipher_partial_digest_encryption,
+			OUT_OF_PLACE, 1);
+}
+
+static int
 test_snow3g_auth_cipher_with_digest_test_case_1(void)
 {
 	return test_snow3g_auth_cipher(
@@ -5524,6 +6155,20 @@ test_kasumi_auth_cipher_test_case_2_oop(void)
 }
 
 static int
+test_kasumi_auth_cipher_test_case_2_sgl(void)
+{
+	return test_kasumi_auth_cipher_sgl(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 0);
+}
+
+static int
+test_kasumi_auth_cipher_test_case_2_oop_sgl(void)
+{
+	return test_kasumi_auth_cipher_sgl(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 0);
+}
+
+static int
 test_kasumi_auth_cipher_verify_test_case_1(void)
 {
 	return test_kasumi_auth_cipher(
@@ -5545,6 +6190,20 @@ test_kasumi_auth_cipher_verify_test_case_2_oop(void)
 }
 
 static int
+test_kasumi_auth_cipher_verify_test_case_2_sgl(void)
+{
+	return test_kasumi_auth_cipher_sgl(
+		&kasumi_auth_cipher_test_case_2, IN_PLACE, 1);
+}
+
+static int
+test_kasumi_auth_cipher_verify_test_case_2_oop_sgl(void)
+{
+	return test_kasumi_auth_cipher_sgl(
+		&kasumi_auth_cipher_test_case_2, OUT_OF_PLACE, 1);
+}
+
+static int
 test_kasumi_cipher_auth_test_case_1(void)
 {
 	return test_kasumi_cipher_auth(&kasumi_test_case_6);
@@ -5661,6 +6320,20 @@ test_zuc_auth_cipher_test_case_1_oop(void)
 }
 
 static int
+test_zuc_auth_cipher_test_case_1_sgl(void)
+{
+	return test_zuc_auth_cipher_sgl(
+		&zuc_auth_cipher_test_case_1, IN_PLACE, 0);
+}
+
+static int
+test_zuc_auth_cipher_test_case_1_oop_sgl(void)
+{
+	return test_zuc_auth_cipher_sgl(
+		&zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 0);
+}
+
+static int
 test_zuc_auth_cipher_verify_test_case_1(void)
 {
 	return test_zuc_auth_cipher(
@@ -5675,6 +6348,20 @@ test_zuc_auth_cipher_verify_test_case_1_oop(void)
 }
 
 static int
+test_zuc_auth_cipher_verify_test_case_1_sgl(void)
+{
+	return test_zuc_auth_cipher_sgl(
+		&zuc_auth_cipher_test_case_1, IN_PLACE, 1);
+}
+
+static int
+test_zuc_auth_cipher_verify_test_case_1_oop_sgl(void)
+{
+	return test_zuc_auth_cipher_sgl(
+		&zuc_auth_cipher_test_case_1, OUT_OF_PLACE, 1);
+}
+
+static int
 test_3DES_chain_qat_all(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -9716,6 +10403,14 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_snow3g_auth_cipher_part_digest_enc),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_part_digest_enc_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_oop_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_oop_sgl),
 
 		/** SNOW 3G decrypt (UEA2), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9728,6 +10423,14 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_snow3g_auth_cipher_verify_part_digest_enc),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_verify_part_digest_enc_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_oop_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_oop_sgl),
 
 		/** SNOW 3G decrypt only (UEA2) */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9790,12 +10493,20 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_zuc_auth_cipher_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_zuc_auth_cipher_test_case_1_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_test_case_1_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_test_case_1_oop_sgl),
 
 		/** ZUC decrypt (EEA3), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_zuc_auth_cipher_verify_test_case_1),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_zuc_auth_cipher_verify_test_case_1_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_verify_test_case_1_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_zuc_auth_cipher_verify_test_case_1_oop_sgl),
 
 		/** HMAC_MD5 Authentication */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9850,6 +10561,10 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_kasumi_auth_cipher_test_case_2),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_oop_sgl),
 
 		/** KASUMI decrypt (F8), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9858,6 +10573,10 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_kasumi_auth_cipher_verify_test_case_2),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_verify_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_oop_sgl),
 
 		/** Negative tests */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10483,6 +11202,10 @@ static struct unit_test_suite cryptodev_sw_kasumi_testsuite  = {
 			test_kasumi_auth_cipher_test_case_2),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_test_case_2_oop_sgl),
 
 		/** KASUMI decrypt (F8), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10491,6 +11214,10 @@ static struct unit_test_suite cryptodev_sw_kasumi_testsuite  = {
 			test_kasumi_auth_cipher_verify_test_case_2),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_auth_cipher_verify_test_case_2_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_kasumi_auth_cipher_verify_test_case_2_oop_sgl),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
@@ -10576,6 +11303,14 @@ static struct unit_test_suite cryptodev_sw_snow3g_testsuite  = {
 			test_snow3g_auth_cipher_part_digest_enc),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_part_digest_enc_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_test_case_3_oop_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_part_digest_enc_oop_sgl),
 
 		/** SNOW 3G decrypt (UEA2), then verify auth */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10588,6 +11323,14 @@ static struct unit_test_suite cryptodev_sw_snow3g_testsuite  = {
 			test_snow3g_auth_cipher_verify_part_digest_enc),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_auth_cipher_verify_part_digest_enc_oop),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_test_case_3_oop_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_sgl),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_snow3g_auth_cipher_verify_part_digest_enc_oop_sgl),
 
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
diff --git a/app/test/test_cryptodev_snow3g_test_vectors.h b/app/test/test_cryptodev_snow3g_test_vectors.h
index 3abc037..bbe0566 100644
--- a/app/test/test_cryptodev_snow3g_test_vectors.h
+++ b/app/test/test_cryptodev_snow3g_test_vectors.h
@@ -602,6 +602,73 @@ struct snow3g_test_data snow3g_auth_cipher_test_case_2 = {
 	},
 };
 
+struct snow3g_test_data snow3g_auth_cipher_test_case_3 = {
+	.key = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
+
+			},
+		.len = 16
+	},
+	.cipher_iv = {
+		.data = {
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+		},
+		.len = 16
+	},
+	.auth_iv = {
+		.data = {
+			 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = {
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+			0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
+		},
+		.len = 32 << 3
+	},
+	.ciphertext = {
+		.data = {
+			0x5A, 0x5A, 0xE4, 0xAD, 0x29, 0xA2, 0x6A, 0xA6,
+			0x20, 0x1D, 0xCD, 0x08, 0x50, 0xD6, 0xE6, 0x47,
+			0xBC, 0x88, 0x08, 0x01, 0x17, 0xFA, 0x47, 0x5B,
+			0x90, 0x40, 0xBA, 0x0C, 0xBA, 0x6D, 0x6A, 0x5E,
+		},
+		.len = 32 << 3
+	},
+	.cipher = {
+		.len_bits = 30 << 3,
+		.offset_bits = 2 << 3
+	},
+	.auth = {
+		.len_bits = 28 << 3,
+		.offset_bits = 0
+	},
+	.digest = {
+		.data = {
+			0xBA, 0x6D, 0x6A, 0x5E
+		},
+		.len = 4,
+		.offset_bytes = 28
+	},
+	.validDataLenInBits = {
+		.len = 32 << 3
+	},
+	.validCipherLenInBits = {
+		.len = 30 << 3
+	},
+	.validAuthLenInBits = {
+		.len = 28 << 3
+	},
+};
+
 struct snow3g_test_data snow3g_auth_cipher_partial_digest_encryption = {
 	.key = {
 		.data = {
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
                       ` (6 preceding siblings ...)
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop Damian Nowak
@ 2019-07-03 11:15     ` Damian Nowak
  2019-07-03 15:28     ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Trahe, Fiona
  8 siblings, 0 replies; 42+ messages in thread
From: Damian Nowak @ 2019-07-03 11:15 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, arkadiuszx.kusztal, Damian Nowak

This patch makes unsupported tests visible in
the testsuite summary.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 app/test/test_cryptodev.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 336cfd0..05422da 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -3420,7 +3420,7 @@ test_kasumi_encryption_sgl(const struct kasumi_test_data *tdata)
 	if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 		printf("Device doesn't support in-place scatter-gather. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create KASUMI session */
@@ -3571,7 +3571,7 @@ test_kasumi_encryption_oop_sgl(const struct kasumi_test_data *tdata)
 		printf("Device doesn't support out-of-place scatter-gather "
 				"in both input and output mbufs. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create KASUMI session */
@@ -3926,7 +3926,7 @@ test_snow3g_encryption_oop_sgl(const struct snow3g_test_data *tdata)
 		printf("Device doesn't support out-of-place scatter-gather "
 				"in both input and output mbufs. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	/* Create SNOW 3G session */
@@ -5286,7 +5286,7 @@ test_zuc_encryption_sgl(const struct wireless_test_data *tdata)
 	if (!(feat_flags & RTE_CRYPTODEV_FF_IN_PLACE_SGL)) {
 		printf("Device doesn't support in-place scatter-gather. "
 				"Test Skipped.\n");
-		return 0;
+		return -ENOTSUP;
 	}
 
 	plaintext_len = ceil_byte_length(tdata->plaintext.len);
-- 
2.7.4


^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases
  2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
                       ` (7 preceding siblings ...)
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported Damian Nowak
@ 2019-07-03 15:28     ` Trahe, Fiona
  8 siblings, 0 replies; 42+ messages in thread
From: Trahe, Fiona @ 2019-07-03 15:28 UTC (permalink / raw)
  To: Nowak, DamianX, dev; +Cc: akhil.goyal, Kusztal, ArkadiuszX, Trahe, Fiona



> -----Original Message-----
> From: Nowak, DamianX
> Sent: Wednesday, July 3, 2019 12:16 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; Nowak, DamianX <damianx.nowak@intel.com>
> Subject: [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases
> 
> This patchset adds support for digest appended
> and encrypted auth-cipher operations on QAT, API
> clarification and extension with dedicated
> feature flag and a set of tests for KASUMI and
> SNOW3G in-place, out-of-place and SGL using
> operations.
> 
> ---
> v3:
> - reorder and squash patches
> - change semantics in comments and documentation
> - add zuc test cases
> - add support for partial digest encryption
> - update support for sgl buffers
> 
> v2:
> - extend support for partial digest encryption
> - add release notes
> - document limitations on QAT
> - reorder patches
> - update patchset name
> 
> Damian Nowak (8):
>   cryptodev: document usage of digest-appended operations
>   cryptodev: add digest encrypted feature flag
>   crypto/qat: extend support for digest-encrypted auth-cipher
>   test/crypto: add snow3g test cases for auth-cipher
>   test/crypto: add zuc test cases for auth-cipher
>   test/crypto: add kasumi test cases for auth-cipher
>   test/crypto: add sgl test cases for ip and oop
>   test/crypto: return correct value if feature not supported
> 
>  app/test/test_cryptodev.c                     | 1573 ++++++++++++++++++++++---
>  app/test/test_cryptodev_kasumi_test_vectors.h |   98 +-
>  app/test/test_cryptodev_snow3g_test_vectors.h |  234 +++-
>  app/test/test_cryptodev_zuc_test_vectors.h    |   89 ++
>  doc/guides/cryptodevs/features/default.ini    |    1 +
>  doc/guides/cryptodevs/features/qat.ini        |    1 +
>  doc/guides/cryptodevs/overview.rst            |    3 +
>  doc/guides/rel_notes/release_19_08.rst        |    8 +
>  drivers/crypto/qat/qat_sym.c                  |   63 +-
>  drivers/crypto/qat/qat_sym_pmd.c              |    3 +-
>  lib/librte_cryptodev/rte_crypto_sym.h         |   44 +
>  lib/librte_cryptodev/rte_cryptodev.c          |    2 +
>  lib/librte_cryptodev/rte_cryptodev.h          |    2 +
>  13 files changed, 1948 insertions(+), 173 deletions(-)
> 
> --
> 2.7.4
Series-acked-by: Fiona Trahe <fiona.trahe@intel.com>


^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
@ 2019-07-03 16:13       ` De Lara Guarch, Pablo
  0 siblings, 0 replies; 42+ messages in thread
From: De Lara Guarch, Pablo @ 2019-07-03 16:13 UTC (permalink / raw)
  To: Nowak, DamianX, dev
  Cc: akhil.goyal, Trahe, Fiona, Kusztal, ArkadiuszX, Nowak, DamianX



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Damian Nowak
> Sent: Wednesday, July 3, 2019 12:16 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal,
> ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak, DamianX
> <damianx.nowak@intel.com>
> Subject: [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-
> appended operations
> 
> This patch explains what are the conditions and how to use digest appended
> for auth-cipher operations.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag
  2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
@ 2019-07-03 16:14       ` De Lara Guarch, Pablo
  2019-07-05  7:10         ` Akhil Goyal
  0 siblings, 1 reply; 42+ messages in thread
From: De Lara Guarch, Pablo @ 2019-07-03 16:14 UTC (permalink / raw)
  To: Nowak, DamianX, dev
  Cc: akhil.goyal, Trahe, Fiona, Kusztal, ArkadiuszX, Nowak, DamianX



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Damian Nowak
> Sent: Wednesday, July 3, 2019 12:16 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal,
> ArkadiuszX <arkadiuszx.kusztal@intel.com>; Nowak, DamianX
> <damianx.nowak@intel.com>
> Subject: [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature
> flag
> 
> Some PMDs can only support digest being
> encrypted separately in auth-cipher operations.
> Thus it is required to add feature flag in PMD to reflect if it does support
> digest-appended
> both: digest generation with encryption and decryption with digest
> verification.
> This patch also adds information about new feature flag to the release
> notes.
> 
> Signed-off-by: Damian Nowak <damianx.nowak@intel.com>

Looks good. Just one comment below:

> +++ b/doc/guides/rel_notes/release_19_08.rst
> @@ -169,6 +169,9 @@ API Changes
>    structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
>    ``rte_crypto_aead_xform``) have been changed to ``const uint8_t *data``.
> 
> +* cryptodev: ``RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED`` feature flag
> +  has been introduced.

I don't think you need to add anything here, as you are extending the feature flags,
not changing any, so there is no API breakage.

Apart from this comment:

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

^ permalink raw reply	[flat|nested] 42+ messages in thread

* Re: [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag
  2019-07-03 16:14       ` De Lara Guarch, Pablo
@ 2019-07-05  7:10         ` Akhil Goyal
  0 siblings, 0 replies; 42+ messages in thread
From: Akhil Goyal @ 2019-07-05  7:10 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, Nowak, DamianX, dev
  Cc: Trahe, Fiona, Kusztal, ArkadiuszX, Nowak, DamianX



> >
> > Some PMDs can only support digest being
> > encrypted separately in auth-cipher operations.
> > Thus it is required to add feature flag in PMD to reflect if it does support
> > digest-appended
> > both: digest generation with encryption and decryption with digest
> > verification.
> > This patch also adds information about new feature flag to the release
> > notes.
> >
> > Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
> 
> Looks good. Just one comment below:
> 
> > +++ b/doc/guides/rel_notes/release_19_08.rst
> > @@ -169,6 +169,9 @@ API Changes
> >    structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
> >    ``rte_crypto_aead_xform``) have been changed to ``const uint8_t *data``.
> >
> > +* cryptodev: ``RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED`` feature flag
> > +  has been introduced.
> 
> I don't think you need to add anything here, as you are extending the feature
> flags,
> not changing any, so there is no API breakage.
> 
> Apart from this comment:
> 
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Removed changes in the release notes, as suggested by Pablo.

Series Applied to dpdk-next-crypto

Thanks.

^ permalink raw reply	[flat|nested] 42+ messages in thread

end of thread, back to index

Thread overview: 42+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi " Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
2019-06-04  9:11   ` Mcnamara, John
2019-06-03 14:50 ` [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
2019-06-04 13:45   ` Trahe, Fiona
2019-06-03 14:50 ` [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported Nowak
2019-06-04 13:16 ` [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Trahe, Fiona
2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
2019-06-13 13:56     ` Trahe, Fiona
2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
2019-06-13 14:16     ` Trahe, Fiona
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
2019-06-13  8:18     ` Akhil Goyal
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi " Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
2019-06-13  8:12     ` Akhil Goyal
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
2019-06-13  8:14     ` Akhil Goyal
2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
2019-07-03 16:13       ` De Lara Guarch, Pablo
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
2019-07-03 16:14       ` De Lara Guarch, Pablo
2019-07-05  7:10         ` Akhil Goyal
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc " Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi " Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported Damian Nowak
2019-07-03 15:28     ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Trahe, Fiona

DPDK-dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/dpdk-dev/0 dpdk-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dpdk-dev dpdk-dev/ https://lore.kernel.org/dpdk-dev \
		dev@dpdk.org dpdk-dev@archiver.kernel.org
	public-inbox-index dpdk-dev


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox