From 8772c3f713e268456a4dd597e782701ca6a98d0f Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Mon, 19 Dec 2016 17:29:02 +0000 Subject: [PATCH] crypto/aesni_mb: add single operation functionality Update driver to use new AESNI Multibuffer IPSec library single operation functionality (cipher only and authentication only). This patch also adds tests for this new feature. Signed-off-by: Pablo de Lara Acked-by: Declan Doherty --- app/test/test_cryptodev.c | 34 +++++++ app/test/test_cryptodev_aes_test_vectors.h | 36 ++++--- app/test/test_cryptodev_hash_test_vectors.h | 54 +++++++---- doc/guides/cryptodevs/aesni_mb.rst | 2 - doc/guides/rel_notes/release_17_02.rst | 1 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 95 +++++++++++++------ .../aesni_mb/rte_aesni_mb_pmd_private.h | 9 ++ 7 files changed, 172 insertions(+), 59 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index db4e251d7e..3eaf1b79ba 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -1465,6 +1465,38 @@ test_AES_CBC_HMAC_SHA512_decrypt_perform(struct rte_cryptodev_sym_session *sess, return TEST_SUCCESS; } +static int +test_AES_cipheronly_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, ts_params->valid_devs[0], + RTE_CRYPTODEV_AESNI_MB_PMD, + BLKCIPHER_AES_CIPHERONLY_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + +static int +test_authonly_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, ts_params->valid_devs[0], + RTE_CRYPTODEV_AESNI_MB_PMD, + BLKCIPHER_AUTHONLY_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} + static int test_AES_chain_mb_all(void) { @@ -6575,6 +6607,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { .teardown = testsuite_teardown, .unit_test_cases = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, test_authonly_mb_all), TEST_CASES_END() /**< NULL terminate unit test array */ } diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h index efbe7da6cd..898aae1f4b 100644 --- a/app/test/test_cryptodev_aes_test_vectors.h +++ b/app/test/test_cryptodev_aes_test_vectors.h @@ -1025,84 +1025,96 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = { .test_data = &aes_test_data_4, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-128-CBC Decryption", .test_data = &aes_test_data_4, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CBC Encryption", .test_data = &aes_test_data_10, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CBC Decryption", .test_data = &aes_test_data_10, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CBC Encryption", .test_data = &aes_test_data_11, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CBC Decryption", .test_data = &aes_test_data_11, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-128-CTR Encryption", .test_data = &aes_test_data_1, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-128-CTR Decryption", .test_data = &aes_test_data_1, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CTR Encryption", .test_data = &aes_test_data_2, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-192-CTR Decryption", .test_data = &aes_test_data_2, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CTR Encryption", .test_data = &aes_test_data_3, .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "AES-256-CTR Decryption", .test_data = &aes_test_data_3, .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | - BLOCKCIPHER_TEST_TARGET_PMD_QAT + BLOCKCIPHER_TEST_TARGET_PMD_QAT | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, }; diff --git a/app/test/test_cryptodev_hash_test_vectors.h b/app/test/test_cryptodev_hash_test_vectors.h index 9f095cf322..a8f9da0aa6 100644 --- a/app/test/test_cryptodev_hash_test_vectors.h +++ b/app/test/test_cryptodev_hash_test_vectors.h @@ -97,7 +97,8 @@ hmac_md5_test_vector = { 0x50, 0xE8, 0xDE, 0xC5, 0xC1, 0x76, 0xAC, 0xAE, 0x15, 0x4A, 0xF1, 0x7F, 0x7E, 0x04, 0x42, 0x9B }, - .len = 16 + .len = 16, + .truncated_len = 12 } }; @@ -139,7 +140,8 @@ hmac_sha1_test_vector = { 0x7E, 0x2E, 0x8F, 0xFC, 0x48, 0x39, 0x46, 0x17, 0x3F, 0x91, 0x64, 0x59 }, - .len = 20 + .len = 20, + .truncated_len = 12 } }; @@ -184,7 +186,8 @@ hmac_sha224_test_vector = { 0xF1, 0x8A, 0x63, 0xBB, 0x5D, 0x1D, 0xE3, 0x9F, 0x92, 0xF6, 0xAA, 0x19 }, - .len = 28 + .len = 28, + .truncated_len = 14 } }; @@ -229,7 +232,8 @@ hmac_sha256_test_vector = { 0x06, 0x4D, 0x64, 0x09, 0x0A, 0xCC, 0x02, 0x77, 0x71, 0x83, 0x48, 0x71, 0x07, 0x02, 0x25, 0x17 }, - .len = 32 + .len = 32, + .truncated_len = 16 } }; @@ -280,7 +284,8 @@ hmac_sha384_test_vector = { 0x10, 0x90, 0x0A, 0xE3, 0xF0, 0x59, 0xDD, 0xC0, 0x6F, 0xE6, 0x8C, 0x84, 0xD5, 0x03, 0xF8, 0x9E }, - .len = 48 + .len = 48, + .truncated_len = 24 } }; @@ -337,7 +342,8 @@ hmac_sha512_test_vector = { 0x97, 0x37, 0x0F, 0xBE, 0xC2, 0x45, 0xA0, 0x87, 0xAF, 0x24, 0x27, 0x0C, 0x78, 0xBA, 0xBE, 0x20 }, - .len = 64 + .len = 64, + .truncated_len = 32 } }; @@ -358,13 +364,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-MD5 Digest", .test_data = &hmac_md5_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-MD5 Digest Verify", .test_data = &hmac_md5_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA1 Digest", @@ -382,13 +390,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA1 Digest", .test_data = &hmac_sha1_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA1 Digest Verify", .test_data = &hmac_sha1_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA224 Digest", @@ -406,13 +416,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA224 Digest", .test_data = &hmac_sha224_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA224 Digest Verify", .test_data = &hmac_sha224_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA256 Digest", @@ -430,13 +442,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA256 Digest", .test_data = &hmac_sha256_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA256 Digest Verify", .test_data = &hmac_sha256_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA384 Digest", @@ -454,13 +468,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA384 Digest", .test_data = &hmac_sha384_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA384 Digest Verify", .test_data = &hmac_sha384_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "SHA512 Digest", @@ -478,13 +494,15 @@ static const struct blockcipher_test_case hash_test_cases[] = { .test_descr = "HMAC-SHA512 Digest", .test_data = &hmac_sha512_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_GEN, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "HMAC-SHA512 Digest Verify", .test_data = &hmac_sha512_test_vector, .op_mask = BLOCKCIPHER_TEST_OP_AUTH_VERIFY, - .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, }; diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index b47cb6a4f2..cb429d78b8 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -62,8 +62,6 @@ Limitations ----------- * Chained mbufs are not supported. -* Hash only is not supported. -* Cipher only is not supported. * Only in-place is currently supported (destination address is the same as source address). * Only supports session-oriented API implementation (session-less APIs are not supported). diff --git a/doc/guides/rel_notes/release_17_02.rst b/doc/guides/rel_notes/release_17_02.rst index 0fe0562870..68ca4ba32d 100644 --- a/doc/guides/rel_notes/release_17_02.rst +++ b/doc/guides/rel_notes/release_17_02.rst @@ -159,6 +159,7 @@ New Features * The Intel(R) Multi Buffer Crypto for IPsec library used in AESNI MB PMD has been moved to a new repository, in GitHub. + * Support for single operations (cipher only and authentication only). * **Added Elastic Flow Distributor library (rte_efd).** diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 7443b47b91..bafd4d723e 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -107,26 +107,27 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash, } /** Get xform chain order */ -static int +static enum aesni_mb_operation aesni_mb_get_chain_order(const struct rte_crypto_sym_xform *xform) { - /* - * Multi-buffer only supports HASH_CIPHER or CIPHER_HASH chained - * operations, all other options are invalid, so we must have exactly - * 2 xform structs chained together - */ - if (xform->next == NULL || xform->next->next != NULL) - return -1; - - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) - return HASH_CIPHER; + if (xform == NULL) + return AESNI_MB_OP_NOT_SUPPORTED; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + if (xform->next == NULL) + return AESNI_MB_OP_CIPHER_ONLY; + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + return AESNI_MB_OP_CIPHER_HASH; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) - return CIPHER_HASH; + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + if (xform->next == NULL) + return AESNI_MB_OP_HASH_ONLY; + if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) + return AESNI_MB_OP_HASH_CIPHER; + } - return -1; + return AESNI_MB_OP_NOT_SUPPORTED; } /** Set session authentication parameters */ @@ -137,11 +138,19 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops, { hash_one_block_t hash_oneblock_fn; + if (xform == NULL) { + sess->auth.algo = NULL_HASH; + return 0; + } + if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) { MB_LOG_ERR("Crypto xform struct not of type auth"); return -1; } + /* Select auth generate/verify */ + sess->auth.operation = xform->auth.op; + /* Set Authentication Parameters */ if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) { sess->auth.algo = AES_XCBC; @@ -199,6 +208,11 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops, { aes_keyexp_t aes_keyexp_fn; + if (xform == NULL) { + sess->cipher.mode = NULL_CIPHER; + return 0; + } + if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) { MB_LOG_ERR("Crypto xform struct not of type cipher"); return -1; @@ -268,16 +282,36 @@ aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops, /* Select Crypto operation - hash then cipher / cipher then hash */ switch (aesni_mb_get_chain_order(xform)) { - case HASH_CIPHER: + case AESNI_MB_OP_HASH_CIPHER: sess->chain_order = HASH_CIPHER; auth_xform = xform; cipher_xform = xform->next; break; - case CIPHER_HASH: + case AESNI_MB_OP_CIPHER_HASH: sess->chain_order = CIPHER_HASH; auth_xform = xform->next; cipher_xform = xform; break; + case AESNI_MB_OP_HASH_ONLY: + sess->chain_order = HASH_CIPHER; + auth_xform = xform; + cipher_xform = NULL; + break; + case AESNI_MB_OP_CIPHER_ONLY: + /* + * Multi buffer library operates only at two modes, + * CIPHER_HASH and HASH_CIPHER. When doing ciphering only, + * chain order depends on cipher operation: encryption is always + * the first operation and decryption the last one. + */ + if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + sess->chain_order = CIPHER_HASH; + else + sess->chain_order = HASH_CIPHER; + auth_xform = NULL; + cipher_xform = xform; + break; + case AESNI_MB_OP_NOT_SUPPORTED: default: MB_LOG_ERR("Unsupported operation chain order parameter"); return -1; @@ -397,7 +431,8 @@ process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op, } /* Set digest output location */ - if (job->cipher_direction == DECRYPT) { + if (job->hash_alg != NULL_HASH && + session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst, get_digest_byte_length(job->hash_alg)); @@ -459,6 +494,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) (struct rte_crypto_op *)job->user_data; struct rte_mbuf *m_dst = (struct rte_mbuf *)job->user_data2; + struct aesni_mb_session *sess; if (op == NULL || m_dst == NULL) return NULL; @@ -470,14 +506,19 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) if (unlikely(job->status != STS_COMPLETED)) { op->status = RTE_CRYPTO_OP_STATUS_ERROR; return op; - } else if (job->chain_order == HASH_CIPHER) { - /* Verify digest if required */ - if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, - job->auth_tag_output_len_in_bytes) != 0) - op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - - /* trim area used for digest from mbuf */ - rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg)); + } else if (job->hash_alg != NULL_HASH) { + sess = (struct aesni_mb_session *)op->sym->session->_private; + if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { + /* Verify digest if required */ + if (memcmp(job->auth_tag_output, + op->sym->auth.digest.data, + job->auth_tag_output_len_in_bytes) != 0) + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + + /* trim area used for digest from mbuf */ + rte_pktmbuf_trim(m_dst, + get_digest_byte_length(job->hash_alg)); + } } /* Free session if a session-less crypto op */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h index 17f367f43f..5f125b26ec 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h @@ -125,6 +125,13 @@ get_digest_byte_length(JOB_HASH_ALG algo) return auth_digest_byte_lengths[algo]; } +enum aesni_mb_operation { + AESNI_MB_OP_HASH_CIPHER, + AESNI_MB_OP_CIPHER_HASH, + AESNI_MB_OP_HASH_ONLY, + AESNI_MB_OP_CIPHER_ONLY, + AESNI_MB_OP_NOT_SUPPORTED +}; /** private data structure for each virtual AESNI device */ struct aesni_mb_private { @@ -185,6 +192,8 @@ struct aesni_mb_session { /** Authentication Parameters */ struct { JOB_HASH_ALG algo; /**< Authentication Algorithm */ + enum rte_crypto_auth_operation operation; + /**< auth operation generate or verify */ union { struct { uint8_t inner[128] __rte_aligned(16); -- 2.20.1