AESNI GCM PMD has support for:
-Cipher algorithms:
-
-* RTE_CRYPTO_CIPHER_AES_GCM
-
Authentication algorithms:
-* RTE_CRYPTO_AUTH_AES_GCM
* RTE_CRYPTO_AUTH_AES_GMAC
+AEAD algorithms:
+
+* RTE_CRYPTO_AEAD_AES_GCM
+
+
Installation
------------
* ``RTE_CRYPTO_CIPHER_AES_CBC``
* ``RTE_CRYPTO_CIPHER_AES_CTR``
* ``RTE_CRYPTO_CIPHER_3DES_CTR``
-* ``RTE_CRYPTO_CIPHER_AES_GCM``
* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
Supported authentication algorithms:
* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
+Supported AEAD algorithms:
+* ``RTE_CRYPTO_AEAD_AES_GCM``
+
Installation
------------
* ``RTE_CRYPTO_CIPHER_AES192_CTR``
* ``RTE_CRYPTO_CIPHER_AES256_CTR``
* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
-* ``RTE_CRYPTO_CIPHER_AES_GCM``
* ``RTE_CRYPTO_CIPHER_NULL``
* ``RTE_CRYPTO_CIPHER_KASUMI_F8``
* ``RTE_CRYPTO_CIPHER_DES_CBC``
* ``RTE_CRYPTO_AUTH_AES_GMAC``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+Supported AEAD algorithms:
+* ``RTE_CRYPTO_AEAD_AES_GCM``
+
Limitations
-----------
* *null*: NULL algorithm
* *aes-128-cbc*: AES-CBC 128-bit algorithm
* *aes-128-ctr*: AES-CTR 128-bit algorithm
- * *aes-128-gcm*: AES-GCM 128-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
- * *aes-128-gcm*: AES-GCM 128-bit algorithm
``<auth_key>``
* Optional: Yes, unless <cipher_algo> and <auth_algo> are not used
+ * Available options:
+
+ * *aes-128-gcm*: AES-GCM 128-bit algorithm
+
* Syntax: *cipher_algo <your algorithm>*
``<aead_key>``
src 1111:1111:1111:1111:1111:1111:1111:5555 \
dst 2222:2222:2222:2222:2222:2222:2222:5555
- sa in 105 cipher_algo aes-128-gcm \
- cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
- auth_algo aes-128-gcm \
+ sa in 105 aead_algo aes-128-gcm \
+ aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
Routing rule syntax
Note that if --auth_iv is used, this will be ignored.
-* aead_algo: select the AEAD algorithm
+* aead_algo: select the AEAD algorithm (default is aes-gcm)
* aead_op: select the AEAD operation to perform: ENCRYPT or DECRYPT
3des-ecb
3des-ctr
aes-cbc
- aes-ccm
aes-ctr
aes-ecb
- aes-gcm
aes-f8
aes-xts
arc4
3des-cbc
aes-cbc-mac
- aes-ccm
aes-cmac
- aes-gcm
aes-gmac
aes-xcbc-mac
md5
const struct rte_crypto_sym_xform *xform)
{
const struct rte_crypto_sym_xform *auth_xform;
- const struct rte_crypto_sym_xform *cipher_xform;
+ const struct rte_crypto_sym_xform *aead_xform;
uint16_t digest_length;
uint8_t key_length;
uint8_t *key;
/* AES-GMAC */
- if (xform->next == NULL) {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = xform;
if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_AES_GMAC) {
GCM_LOG_ERR("Only AES GMAC is supported as an "
key_length = auth_xform->auth.key.length;
key = auth_xform->auth.key.data;
+ digest_length = auth_xform->auth.digest_length;
+
/* AES-GCM */
- } else {
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
- auth_xform = xform->next;
- cipher_xform = xform;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- auth_xform = xform;
- cipher_xform = xform->next;
- } else {
- GCM_LOG_ERR("Cipher and auth xform required "
- "when using AES GCM");
- return -EINVAL;
- }
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ aead_xform = xform;
- if (!(cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_GCM &&
- (auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GCM))) {
+ if (aead_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) {
GCM_LOG_ERR("The only combined operation "
"supported is AES GCM");
return -EINVAL;
}
/* Set IV parameters */
- sess->iv.offset = cipher_xform->cipher.iv.offset;
- sess->iv.length = cipher_xform->cipher.iv.length;
+ sess->iv.offset = aead_xform->aead.iv.offset;
+ sess->iv.length = aead_xform->aead.iv.length;
/* Select Crypto operation */
- if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
- auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+ if (aead_xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
sess->op = AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION;
- else if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
- auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+ else
sess->op = AESNI_GCM_OP_AUTHENTICATED_DECRYPTION;
- else {
- GCM_LOG_ERR("Cipher/Auth operations: Encrypt/Generate or"
- " Decrypt/Verify are valid only");
- return -EINVAL;
- }
- key_length = cipher_xform->auth.key.length;
- key = cipher_xform->auth.key.data;
+ key_length = aead_xform->aead.key.length;
+ key = aead_xform->aead.key.data;
- sess->aad_length = auth_xform->auth.add_auth_data_length;
+ sess->aad_length = aead_xform->aead.add_auth_data_length;
+ digest_length = aead_xform->aead.digest_length;
+ } else {
+ GCM_LOG_ERR("Wrong xform type, has to be AEAD or authentication");
+ return -EINVAL;
}
+
/* IV check */
if (sess->iv.length != 16 && sess->iv.length != 12 &&
sess->iv.length != 0) {
return -EINVAL;
}
- digest_length = auth_xform->auth.digest_length;
-
/* Check key length and calculate GCM pre-compute. */
switch (key_length) {
case 16:
break;
default:
- GCM_LOG_ERR("Unsupported cipher/auth key length");
+ GCM_LOG_ERR("Unsupported key length");
return -EINVAL;
}
if (session->op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION ||
session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
- offset = sym_op->cipher.data.offset;
+ offset = sym_op->aead.data.offset;
data_offset = offset;
- data_length = sym_op->cipher.data.length;
+ data_length = sym_op->aead.data.length;
} else {
offset = sym_op->auth.data.offset;
data_offset = offset;
aesni_gcm_enc[session->key].init(&session->gdata,
iv_ptr,
- sym_op->auth.aad.data,
+ sym_op->aead.aad.data,
(uint64_t)session->aad_length);
aesni_gcm_enc[session->key].update(&session->gdata, dst, src,
}
aesni_gcm_enc[session->key].finalize(&session->gdata,
- sym_op->auth.digest.data,
+ sym_op->aead.digest.data,
(uint64_t)session->digest_length);
} else if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION) {
uint8_t *auth_tag = (uint8_t *)rte_pktmbuf_append(sym_op->m_dst ?
aesni_gcm_dec[session->key].init(&session->gdata,
iv_ptr,
- sym_op->auth.aad.data,
+ sym_op->aead.aad.data,
(uint64_t)session->aad_length);
aesni_gcm_dec[session->key].update(&session->gdata, dst, src,
/* Verify digest if required */
if (session->op == AESNI_GCM_OP_AUTHENTICATED_DECRYPTION ||
session->op == AESNI_GMAC_OP_VERIFY) {
+ uint8_t *digest;
uint8_t *tag = rte_pktmbuf_mtod_offset(m, uint8_t *,
m->data_len - session->digest_length);
+ if (session->op == AESNI_GMAC_OP_VERIFY)
+ digest = op->sym->auth.digest.data;
+ else
+ digest = op->sym->aead.digest.data;
+
#ifdef RTE_LIBRTE_PMD_AESNI_GCM_DEBUG
rte_hexdump(stdout, "auth tag (orig):",
- op->sym->auth.digest.data, session->digest_length);
+ digest, session->digest_length);
rte_hexdump(stdout, "auth tag (calc):",
tag, session->digest_length);
#endif
- if (memcmp(tag, op->sym->auth.digest.data,
- session->digest_length) != 0)
+ if (memcmp(tag, digest, session->digest_length) != 0)
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
/* trim area used for digest from mbuf */
}, }
}, }
},
- { /* AES GCM (AUTH) */
+ { /* AES GCM */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
- .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
- {.auth = {
- .algo = RTE_CRYPTO_AUTH_AES_GCM,
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.block_size = 16,
.key_size = {
.min = 16,
.max = 65535,
.increment = 1
},
- .iv_size = { 0 }
- }, }
- }, }
- },
- { /* AES GCM (CIPHER) */
- .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
- {.sym = {
- .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
- {.cipher = {
- .algo = RTE_CRYPTO_CIPHER_AES_GCM,
- .block_size = 16,
- .key_size = {
- .min = 16,
- .max = 32,
- .increment = 16
- },
.iv_size = {
.min = 12,
.max = 12,
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
case RTE_CRYPTO_CIPHER_3DES_CTR:
- case RTE_CRYPTO_CIPHER_AES_GCM:
- case RTE_CRYPTO_CIPHER_AES_CCM:
case RTE_CRYPTO_CIPHER_AES_ECB:
case RTE_CRYPTO_CIPHER_3DES_ECB:
case RTE_CRYPTO_CIPHER_AES_XTS:
session->auth_alg = RTE_CRYPTO_AUTH_SHA224_HMAC;
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
- case RTE_CRYPTO_AUTH_AES_GCM:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_CCM:
case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_AES_CMAC:
session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
- case RTE_CRYPTO_AUTH_AES_GCM:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_CCM:
case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_AES_CMAC:
session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
ctxt->iv.length = TDES_CBC_IV_LEN;
break;
- case RTE_CRYPTO_CIPHER_AES_GCM:
case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
case RTE_CRYPTO_CIPHER_NULL:
case RTE_CRYPTO_CIPHER_3DES_ECB:
case RTE_CRYPTO_CIPHER_AES_ECB:
case RTE_CRYPTO_CIPHER_AES_CTR:
- case RTE_CRYPTO_CIPHER_AES_CCM:
case RTE_CRYPTO_CIPHER_KASUMI_F8:
RTE_LOG(ERR, PMD, "Crypto: Unsupported Cipher alg %u",
cipher_xform->algo);
else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
res = OPENSSL_CHAIN_CIPHER_AUTH;
}
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ res = OPENSSL_CHAIN_COMBINED;
}
return res;
res = -EINVAL;
}
break;
- case RTE_CRYPTO_CIPHER_AES_GCM:
- switch (keylen) {
- case 16:
- *algo = EVP_aes_128_gcm();
- break;
- case 24:
- *algo = EVP_aes_192_gcm();
- break;
- case 32:
- *algo = EVP_aes_256_gcm();
- break;
- default:
- res = -EINVAL;
- }
- break;
default:
res = -EINVAL;
break;
return res;
}
+/** Get adequate openssl function for input cipher algorithm */
+static uint8_t
+get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
+ const EVP_CIPHER **algo)
+{
+ int res = 0;
+
+ if (algo != NULL) {
+ switch (sess_algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ switch (keylen) {
+ case 16:
+ *algo = EVP_aes_128_gcm();
+ break;
+ case 24:
+ *algo = EVP_aes_192_gcm();
+ break;
+ case 32:
+ *algo = EVP_aes_256_gcm();
+ break;
+ default:
+ res = -EINVAL;
+ }
+ break;
+ default:
+ res = -EINVAL;
+ break;
+ }
+ } else {
+ res = -EINVAL;
+ }
+
+ return res;
+}
+
/** Set session cipher parameters */
static int
openssl_set_session_cipher_parameters(struct openssl_session *sess,
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
- case RTE_CRYPTO_CIPHER_AES_GCM:
sess->cipher.mode = OPENSSL_CIPHER_LIB;
sess->cipher.algo = xform->cipher.algo;
sess->cipher.ctx = EVP_CIPHER_CTX_new();
/* Select auth algo */
switch (xform->auth.algo) {
- case RTE_CRYPTO_AUTH_AES_GCM:
- /* Check additional condition for AES_GCM */
- if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM)
- return -EINVAL;
- sess->chain_order = OPENSSL_CHAIN_COMBINED;
- break;
case RTE_CRYPTO_AUTH_AES_GMAC:
sess->chain_order = OPENSSL_CHAIN_COMBINED;
sess->cipher.key.length = xform->auth.key.length;
sess->cipher.ctx = EVP_CIPHER_CTX_new();
- if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_GCM,
+ if (get_aead_algo(RTE_CRYPTO_AEAD_AES_GCM,
sess->cipher.key.length,
&sess->cipher.evp_algo) != 0)
return -EINVAL;
return 0;
}
+/* Set session AEAD parameters */
+static int
+openssl_set_session_aead_parameters(struct openssl_session *sess,
+ const struct rte_crypto_sym_xform *xform)
+{
+ /* Select cipher direction */
+ sess->cipher.direction = xform->cipher.op;
+ /* Select cipher key */
+ sess->cipher.key.length = xform->aead.key.length;
+
+ /* Set IV parameters */
+ sess->iv.offset = xform->aead.iv.offset;
+ sess->iv.length = xform->aead.iv.length;
+
+ /* Select auth generate/verify */
+ sess->auth.operation = xform->auth.op;
+ sess->auth.algo = xform->auth.algo;
+
+ /* Select auth algo */
+ switch (xform->aead.algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ sess->cipher.mode = OPENSSL_CIPHER_LIB;
+ sess->aead_algo = xform->aead.algo;
+ sess->cipher.ctx = EVP_CIPHER_CTX_new();
+
+ if (get_aead_algo(sess->aead_algo, sess->cipher.key.length,
+ &sess->cipher.evp_algo) != 0)
+ return -EINVAL;
+
+ get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
+ sess->cipher.key.data);
+
+ sess->chain_order = OPENSSL_CHAIN_COMBINED;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ sess->auth.aad_length = xform->aead.add_auth_data_length;
+ sess->auth.digest_length = xform->aead.digest_length;
+
+ return 0;
+}
+
/** Parse crypto xform chain and set private session parameters */
int
openssl_set_session_parameters(struct openssl_session *sess,
{
const struct rte_crypto_sym_xform *cipher_xform = NULL;
const struct rte_crypto_sym_xform *auth_xform = NULL;
+ const struct rte_crypto_sym_xform *aead_xform = NULL;
sess->chain_order = openssl_get_chain_order(xform);
switch (sess->chain_order) {
auth_xform = xform;
cipher_xform = xform->next;
break;
+ case OPENSSL_CHAIN_COMBINED:
+ aead_xform = xform;
+ break;
default:
return -EINVAL;
}
}
}
+ if (aead_xform) {
+ if (openssl_set_session_aead_parameters(sess, aead_xform)) {
+ OPENSSL_LOG_ERR(
+ "Invalid/unsupported auth parameters");
+ return -EINVAL;
+ }
+ }
+
return 0;
}
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
ivlen = sess->iv.length;
- tag = op->sym->auth.digest.data;
- if (tag == NULL)
- tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
- op->sym->cipher.data.offset +
- op->sym->cipher.data.length);
-
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
srclen = 0;
offset = op->sym->auth.data.offset;
aadlen = op->sym->auth.data.length;
aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
op->sym->auth.data.offset);
-
+ tag = op->sym->auth.digest.data;
+ if (tag == NULL)
+ tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+ offset + aadlen);
} else {
- srclen = op->sym->cipher.data.length;
+ srclen = op->sym->aead.data.length;
dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
- op->sym->cipher.data.offset);
- offset = op->sym->cipher.data.offset;
- aad = op->sym->auth.aad.data;
+ op->sym->aead.data.offset);
+ offset = op->sym->aead.data.offset;
+ aad = op->sym->aead.aad.data;
aadlen = sess->auth.aad_length;
+ tag = op->sym->aead.digest.data;
+ if (tag == NULL)
+ tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
+ offset + srclen);
}
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
}, }
}, }
},
- { /* AES GCM (AUTH) */
+ { /* AES GCM */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
- .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
- {.auth = {
- .algo = RTE_CRYPTO_AUTH_AES_GCM,
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
.block_size = 16,
.key_size = {
.min = 16,
.max = 65535,
.increment = 1
},
- .iv_size = { 0 }
- }, }
- }, }
- },
- { /* AES GCM (CIPHER) */
- .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
- {.sym = {
- .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
- {.cipher = {
- .algo = RTE_CRYPTO_CIPHER_AES_GCM,
- .block_size = 16,
- .key_size = {
- .min = 16,
- .max = 32,
- .increment = 8
- },
.iv_size = {
.min = 12,
.max = 16,
.increment = 4
- }
+ },
}, }
}, }
},
uint16_t offset;
} iv;
/**< IV parameters */
+
+ enum rte_crypto_aead_algorithm aead_algo;
+ /**< AEAD algorithm */
+
/** Cipher Parameters */
struct {
enum rte_crypto_cipher_operation direction;
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
return ICP_QAT_FW_LA_CMD_AUTH;
+ /* AEAD */
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+ return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
+ else
+ return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
+ }
+
if (xform->next == NULL)
return -1;
}
session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
break;
- case RTE_CRYPTO_CIPHER_AES_GCM:
- if (qat_alg_validate_aes_key(cipher_xform->key.length,
- &session->qat_cipher_alg) != 0) {
- PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
- goto error_out;
- }
- session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
- break;
case RTE_CRYPTO_CIPHER_AES_CTR:
if (qat_alg_validate_aes_key(cipher_xform->key.length,
&session->qat_cipher_alg) != 0) {
break;
case RTE_CRYPTO_CIPHER_3DES_ECB:
case RTE_CRYPTO_CIPHER_AES_ECB:
- case RTE_CRYPTO_CIPHER_AES_CCM:
case RTE_CRYPTO_CIPHER_AES_F8:
case RTE_CRYPTO_CIPHER_AES_XTS:
case RTE_CRYPTO_CIPHER_ARC4:
session = qat_crypto_sym_configure_session_auth(dev, xform, session);
break;
case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
- session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
- session = qat_crypto_sym_configure_session_auth(dev, xform, session);
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ session = qat_crypto_sym_configure_session_aead(xform,
+ session);
+ else {
+ session = qat_crypto_sym_configure_session_cipher(dev,
+ xform, session);
+ session = qat_crypto_sym_configure_session_auth(dev,
+ xform, session);
+ }
break;
case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
- session = qat_crypto_sym_configure_session_auth(dev, xform, session);
- session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ session = qat_crypto_sym_configure_session_aead(xform,
+ session);
+ else {
+ session = qat_crypto_sym_configure_session_auth(dev,
+ xform, session);
+ session = qat_crypto_sym_configure_session_cipher(dev,
+ xform, session);
+ }
break;
case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
case ICP_QAT_FW_LA_CMD_TRNG_TEST:
struct qat_session *session = session_private;
struct rte_crypto_auth_xform *auth_xform = NULL;
- struct rte_crypto_cipher_xform *cipher_xform = NULL;
struct qat_pmd_private *internals = dev->data->dev_private;
auth_xform = qat_get_auth_xform(xform);
uint8_t *key_data = auth_xform->key.data;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
break;
- case RTE_CRYPTO_AUTH_AES_GCM:
- cipher_xform = qat_get_cipher_xform(xform);
-
- session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
-
- key_data = cipher_xform->key.data;
- key_length = cipher_xform->key.length;
- break;
case RTE_CRYPTO_AUTH_AES_GMAC:
if (qat_alg_validate_aes_key(auth_xform->key.length,
&session->qat_cipher_alg) != 0) {
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_CCM:
case RTE_CRYPTO_AUTH_AES_CMAC:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
if (qat_alg_aead_session_create_content_desc_auth(session,
key_data,
key_length,
- auth_xform->add_auth_data_length,
+ 0,
auth_xform->digest_length,
auth_xform->op))
goto error_out;
return NULL;
}
+struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+ struct qat_session *session_private)
+{
+ struct qat_session *session = session_private;
+ struct rte_crypto_aead_xform *aead_xform = &xform->aead;
+
+ /*
+ * Store AEAD IV parameters as cipher IV,
+ * to avoid unnecessary memory usage
+ */
+ session->cipher_iv.offset = xform->aead.iv.offset;
+ session->cipher_iv.length = xform->aead.iv.length;
+
+ switch (aead_xform->algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ if (qat_alg_validate_aes_key(aead_xform->key.length,
+ &session->qat_cipher_alg) != 0) {
+ PMD_DRV_LOG(ERR, "Invalid AES key size");
+ goto error_out;
+ }
+ session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+ session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
+ break;
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported AEAD alg %u",
+ aead_xform->algo);
+ goto error_out;
+ default:
+ PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
+ aead_xform->algo);
+ goto error_out;
+ }
+
+ if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+ session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+ /*
+ * It needs to create cipher desc content first,
+ * then authentication
+ */
+ if (qat_alg_aead_session_create_content_desc_cipher(session,
+ aead_xform->key.data,
+ aead_xform->key.length))
+ goto error_out;
+
+ if (qat_alg_aead_session_create_content_desc_auth(session,
+ aead_xform->key.data,
+ aead_xform->key.length,
+ aead_xform->add_auth_data_length,
+ aead_xform->digest_length,
+ RTE_CRYPTO_AUTH_OP_GENERATE))
+ goto error_out;
+ } else {
+ session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+ /*
+ * It needs to create authentication desc content first,
+ * then cipher
+ */
+ if (qat_alg_aead_session_create_content_desc_auth(session,
+ aead_xform->key.data,
+ aead_xform->key.length,
+ aead_xform->add_auth_data_length,
+ aead_xform->digest_length,
+ RTE_CRYPTO_AUTH_OP_VERIFY))
+ goto error_out;
+
+ if (qat_alg_aead_session_create_content_desc_cipher(session,
+ aead_xform->key.data,
+ aead_xform->key.length))
+ goto error_out;
+ }
+
+ session->digest_length = aead_xform->digest_length;
+ return session;
+
+error_out:
+ return NULL;
+}
+
unsigned qat_crypto_sym_get_session_private_size(
struct rte_cryptodev *dev __rte_unused)
{
struct icp_qat_fw_la_cipher_req_params *cipher_param;
struct icp_qat_fw_la_auth_req_params *auth_param;
register struct icp_qat_fw_la_bulk_req *qat_req;
- uint8_t do_auth = 0, do_cipher = 0;
+ uint8_t do_auth = 0, do_cipher = 0, do_aead = 0;
uint32_t cipher_len = 0, cipher_ofs = 0;
uint32_t auth_len = 0, auth_ofs = 0;
uint32_t min_ofs = 0;
auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
- ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
- do_auth = 1;
- do_cipher = 1;
+ ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
+ /* AES-GCM */
+ if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
+ ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
+ do_aead = 1;
+ } else {
+ do_auth = 1;
+ do_cipher = 1;
+ }
} else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {
do_auth = 1;
do_cipher = 0;
ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
ctx->qat_hash_alg ==
ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
- /* AES-GCM */
- if (do_cipher) {
- auth_ofs = op->sym->cipher.data.offset;
- auth_len = op->sym->cipher.data.length;
-
- auth_param->u1.aad_adr = op->sym->auth.aad.phys_addr;
/* AES-GMAC */
- } else {
- set_cipher_iv(ctx->auth_iv.length,
- ctx->auth_iv.offset,
- cipher_param, op, qat_req);
- }
+ set_cipher_iv(ctx->auth_iv.length,
+ ctx->auth_iv.offset,
+ cipher_param, op, qat_req);
} else {
auth_ofs = op->sym->auth.data.offset;
auth_len = op->sym->auth.data.length;
}
+ if (do_aead) {
+ cipher_len = op->sym->aead.data.length;
+ cipher_ofs = op->sym->aead.data.offset;
+ auth_len = op->sym->aead.data.length;
+ auth_ofs = op->sym->aead.data.offset;
+
+ auth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;
+ auth_param->auth_res_addr = op->sym->aead.digest.phys_addr;
+ set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
+ cipher_param, op, qat_req);
+ min_ofs = op->sym->aead.data.offset;
+ }
+
if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
do_sgl = 1;
dst_buf_start = src_buf_start;
}
- if (do_cipher) {
+ if (do_cipher || do_aead) {
cipher_param->cipher_offset =
(uint32_t)rte_pktmbuf_mtophys_offset(
op->sym->m_src, cipher_ofs) - src_buf_start;
cipher_param->cipher_offset = 0;
cipher_param->cipher_length = 0;
}
- if (do_auth) {
+
+ if (do_auth || do_aead) {
auth_param->auth_off = (uint32_t)rte_pktmbuf_mtophys_offset(
op->sym->m_src, auth_ofs) - src_buf_start;
auth_param->auth_len = auth_len;
auth_param->auth_off = 0;
auth_param->auth_len = 0;
}
+
qat_req->comn_mid.dst_length =
qat_req->comn_mid.src_length =
(cipher_param->cipher_offset + cipher_param->cipher_length)
ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
}
/* GMAC */
- if (!do_cipher) {
+ if (!do_aead) {
qat_req->comn_mid.dst_length =
qat_req->comn_mid.src_length =
rte_pktmbuf_data_len(op->sym->m_src);
}
rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
ctx->digest_length);
- rte_hexdump(stdout, "aad:", op->sym->auth.aad.data,
+ }
+
+ if (do_aead) {
+ rte_hexdump(stdout, "digest:", op->sym->aead.digest.data,
+ ctx->digest_length);
+ rte_hexdump(stdout, "aad:", op->sym->aead.aad.data,
ctx->aad_len);
}
#endif
qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform, void *session_private);
+struct qat_session *
+qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
+ struct qat_session *session_private);
+
struct qat_session *
qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
}, } \
}, } \
}, \
- { /* AES GCM (AUTH) */ \
+ { /* AES GCM */ \
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
- .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, \
- {.auth = { \
- .algo = RTE_CRYPTO_AUTH_AES_GCM, \
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, \
+ {.aead = { \
+ .algo = RTE_CRYPTO_AEAD_AES_GCM, \
.block_size = 16, \
.key_size = { \
.min = 16, \
.max = 240, \
.increment = 1 \
}, \
- .iv_size = { 0 } \
+ .iv_size = { \
+ .min = 12, \
+ .max = 12, \
+ .increment = 0 \
+ }, \
}, } \
}, } \
}, \
}, } \
}, } \
}, \
- { /* AES GCM (CIPHER) */ \
- .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
- {.sym = { \
- .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, \
- {.cipher = { \
- .algo = RTE_CRYPTO_CIPHER_AES_GCM, \
- .block_size = 16, \
- .key_size = { \
- .min = 16, \
- .max = 32, \
- .increment = 8 \
- }, \
- .iv_size = { \
- .min = 12, \
- .max = 12, \
- .increment = 0 \
- } \
- }, } \
- }, } \
- }, \
{ /* AES CBC */ \
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
{.sym = { \
}
sym_cop = get_sym_cop(cop);
-
sym_cop->m_src = m;
- sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +
- sa->iv_len;
- sym_cop->cipher.data.length = payload_len;
-
- struct cnt_blk *icb;
- uint8_t *aad;
- uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
- uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
- uint8_t *, IV_OFFSET);
-
- switch (sa->cipher_algo) {
- case RTE_CRYPTO_CIPHER_NULL:
- case RTE_CRYPTO_CIPHER_AES_CBC:
- /* Copy IV at the end of crypto operation */
- rte_memcpy(iv_ptr, iv, sa->iv_len);
- break;
- case RTE_CRYPTO_CIPHER_AES_CTR:
- case RTE_CRYPTO_CIPHER_AES_GCM:
+
+ if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ sym_cop->aead.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +
+ sa->iv_len;
+ sym_cop->aead.data.length = payload_len;
+
+ struct cnt_blk *icb;
+ uint8_t *aad;
+ uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+
icb = get_cnt_blk(m);
icb->salt = sa->salt;
memcpy(&icb->iv, iv, 8);
icb->cnt = rte_cpu_to_be_32(1);
- break;
- default:
- RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
- sa->cipher_algo);
- return -EINVAL;
- }
- switch (sa->auth_algo) {
- case RTE_CRYPTO_AUTH_NULL:
- case RTE_CRYPTO_AUTH_SHA1_HMAC:
- case RTE_CRYPTO_AUTH_SHA256_HMAC:
- sym_cop->auth.data.offset = ip_hdr_len;
- sym_cop->auth.data.length = sizeof(struct esp_hdr) +
- sa->iv_len + payload_len;
- break;
- case RTE_CRYPTO_AUTH_AES_GCM:
aad = get_aad(m);
memcpy(aad, iv - sizeof(struct esp_hdr), 8);
- sym_cop->auth.aad.data = aad;
- sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ sym_cop->aead.aad.data = aad;
+ sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
aad - rte_pktmbuf_mtod(m, uint8_t *));
- break;
- default:
- RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
- sa->auth_algo);
- return -EINVAL;
- }
- sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
- rte_pktmbuf_pkt_len(m) - sa->digest_len);
- sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
- rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+ rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ } else {
+ sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) +
+ sa->iv_len;
+ sym_cop->cipher.data.length = payload_len;
+
+ struct cnt_blk *icb;
+ uint8_t *iv = RTE_PTR_ADD(ip4, ip_hdr_len + sizeof(struct esp_hdr));
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop,
+ uint8_t *, IV_OFFSET);
+
+ switch (sa->cipher_algo) {
+ case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ /* Copy IV at the end of crypto operation */
+ rte_memcpy(iv_ptr, iv, sa->iv_len);
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ icb = get_cnt_blk(m);
+ icb->salt = sa->salt;
+ memcpy(&icb->iv, iv, 8);
+ icb->cnt = rte_cpu_to_be_32(1);
+ break;
+ default:
+ RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+ sa->cipher_algo);
+ return -EINVAL;
+ }
+
+ switch (sa->auth_algo) {
+ case RTE_CRYPTO_AUTH_NULL:
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ sym_cop->auth.data.offset = ip_hdr_len;
+ sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+ sa->iv_len + payload_len;
+ break;
+ default:
+ RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+ sa->auth_algo);
+ return -EINVAL;
+ }
+
+ sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, void*,
+ rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ }
return 0;
}
sym_cop = get_sym_cop(cop);
sym_cop->m_src = m;
- switch (sa->cipher_algo) {
- case RTE_CRYPTO_CIPHER_NULL:
- case RTE_CRYPTO_CIPHER_AES_CBC:
- memset(iv, 0, sa->iv_len);
- sym_cop->cipher.data.offset = ip_hdr_len +
- sizeof(struct esp_hdr);
- sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
- break;
- case RTE_CRYPTO_CIPHER_AES_CTR:
- case RTE_CRYPTO_CIPHER_AES_GCM:
+
+ if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ uint8_t *aad;
+
*iv = sa->seq;
- sym_cop->cipher.data.offset = ip_hdr_len +
+ sym_cop->aead.data.offset = ip_hdr_len +
sizeof(struct esp_hdr) + sa->iv_len;
- sym_cop->cipher.data.length = pad_payload_len;
- break;
- default:
- RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
- sa->cipher_algo);
- return -EINVAL;
- }
+ sym_cop->aead.data.length = pad_payload_len;
+
+ /* Fill pad_len using default sequential scheme */
+ for (i = 0; i < pad_len - 2; i++)
+ padding[i] = i + 1;
+ padding[pad_len - 2] = pad_len - 2;
+ padding[pad_len - 1] = nlp;
+
+ struct cnt_blk *icb = get_cnt_blk(m);
+ icb->salt = sa->salt;
+ icb->iv = sa->seq;
+ icb->cnt = rte_cpu_to_be_32(1);
- /* Fill pad_len using default sequential scheme */
- for (i = 0; i < pad_len - 2; i++)
- padding[i] = i + 1;
- padding[pad_len - 2] = pad_len - 2;
- padding[pad_len - 1] = nlp;
-
- struct cnt_blk *icb = get_cnt_blk(m);
- icb->salt = sa->salt;
- icb->iv = sa->seq;
- icb->cnt = rte_cpu_to_be_32(1);
-
- uint8_t *aad;
-
- switch (sa->auth_algo) {
- case RTE_CRYPTO_AUTH_NULL:
- case RTE_CRYPTO_AUTH_SHA1_HMAC:
- case RTE_CRYPTO_AUTH_SHA256_HMAC:
- sym_cop->auth.data.offset = ip_hdr_len;
- sym_cop->auth.data.length = sizeof(struct esp_hdr) +
- sa->iv_len + pad_payload_len;
- break;
- case RTE_CRYPTO_AUTH_AES_GCM:
aad = get_aad(m);
memcpy(aad, esp, 8);
- sym_cop->auth.aad.data = aad;
- sym_cop->auth.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ sym_cop->aead.aad.data = aad;
+ sym_cop->aead.aad.phys_addr = rte_pktmbuf_mtophys_offset(m,
aad - rte_pktmbuf_mtod(m, uint8_t *));
- break;
- default:
- RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
- sa->auth_algo);
- return -EINVAL;
- }
- sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+ sym_cop->aead.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
rte_pktmbuf_pkt_len(m) - sa->digest_len);
- sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ sym_cop->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ } else {
+ switch (sa->cipher_algo) {
+ case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ memset(iv, 0, sa->iv_len);
+ sym_cop->cipher.data.offset = ip_hdr_len +
+ sizeof(struct esp_hdr);
+ sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ *iv = sa->seq;
+ sym_cop->cipher.data.offset = ip_hdr_len +
+ sizeof(struct esp_hdr) + sa->iv_len;
+ sym_cop->cipher.data.length = pad_payload_len;
+ break;
+ default:
+ RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
+ sa->cipher_algo);
+ return -EINVAL;
+ }
+
+ /* Fill pad_len using default sequential scheme */
+ for (i = 0; i < pad_len - 2; i++)
+ padding[i] = i + 1;
+ padding[pad_len - 2] = pad_len - 2;
+ padding[pad_len - 1] = nlp;
+
+ struct cnt_blk *icb = get_cnt_blk(m);
+ icb->salt = sa->salt;
+ icb->iv = sa->seq;
+ icb->cnt = rte_cpu_to_be_32(1);
+
+ switch (sa->auth_algo) {
+ case RTE_CRYPTO_AUTH_NULL:
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ sym_cop->auth.data.offset = ip_hdr_len;
+ sym_cop->auth.data.length = sizeof(struct esp_hdr) +
+ sa->iv_len + pad_payload_len;
+ break;
+ default:
+ RTE_LOG(ERR, IPSEC_ESP, "unsupported auth algorithm %u\n",
+ sa->auth_algo);
+ return -EINVAL;
+ }
+
+ sym_cop->auth.digest.data = rte_pktmbuf_mtod_offset(m, uint8_t *,
+ rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ rte_pktmbuf_pkt_len(m) - sa->digest_len);
+ }
return 0;
}
enum rte_crypto_auth_algorithm algo;
uint16_t digest_len;
uint16_t key_len;
- uint8_t aad_len;
uint8_t key_not_req;
};
.block_size = 16,
.key_len = 16
},
- {
- .keyword = "aes-128-gcm",
- .algo = RTE_CRYPTO_CIPHER_AES_GCM,
- .iv_len = 8,
- .block_size = 4,
- .key_len = 20
- },
{
.keyword = "aes-128-ctr",
.algo = RTE_CRYPTO_CIPHER_AES_CTR,
.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
.digest_len = 12,
.key_len = 32
- },
+ }
+};
+
+const struct supported_aead_algo aead_algos[] = {
{
.keyword = "aes-128-gcm",
- .algo = RTE_CRYPTO_AUTH_AES_GCM,
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .iv_len = 8,
+ .block_size = 4,
+ .key_len = 20,
.digest_len = 16,
.aad_len = 8,
- .key_not_req = 1
}
};
-const struct supported_aead_algo aead_algos[] = { { } };
-
struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
uint32_t nb_sa_out;
if (algo->algo == RTE_CRYPTO_CIPHER_AES_CBC)
rule->salt = (uint32_t)rte_rand();
- if ((algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) ||
- (algo->algo == RTE_CRYPTO_CIPHER_AES_GCM)) {
+ if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {
key_len -= 4;
rule->cipher_key_len = key_len;
memcpy(&rule->salt,
sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
}
- switch (sa->cipher_algo) {
- case RTE_CRYPTO_CIPHER_NULL:
- case RTE_CRYPTO_CIPHER_AES_CBC:
- iv_length = sa->iv_len;
- break;
- case RTE_CRYPTO_CIPHER_AES_CTR:
- case RTE_CRYPTO_CIPHER_AES_GCM:
+ if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
iv_length = 16;
- break;
- default:
- RTE_LOG(ERR, IPSEC_ESP, "unsupported cipher algorithm %u\n",
- sa->cipher_algo);
- return -EINVAL;
- }
- if (inbound) {
- sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
- sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
- sa_ctx->xf[idx].b.cipher.key.length =
- sa->cipher_key_len;
- sa_ctx->xf[idx].b.cipher.op =
- RTE_CRYPTO_CIPHER_OP_DECRYPT;
- sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
- sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
- sa_ctx->xf[idx].b.next = NULL;
+ if (inbound) {
+ sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+ sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+ sa_ctx->xf[idx].a.aead.key.length =
+ sa->cipher_key_len;
+ sa_ctx->xf[idx].a.aead.op =
+ RTE_CRYPTO_AEAD_OP_DECRYPT;
+ sa_ctx->xf[idx].a.next = NULL;
+ sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+ sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+ sa_ctx->xf[idx].a.aead.add_auth_data_length =
+ sa->aad_len;
+ sa_ctx->xf[idx].a.aead.digest_length =
+ sa->digest_len;
+ } else { /* outbound */
+ sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ sa_ctx->xf[idx].a.aead.algo = sa->aead_algo;
+ sa_ctx->xf[idx].a.aead.key.data = sa->cipher_key;
+ sa_ctx->xf[idx].a.aead.key.length =
+ sa->cipher_key_len;
+ sa_ctx->xf[idx].a.aead.op =
+ RTE_CRYPTO_AEAD_OP_ENCRYPT;
+ sa_ctx->xf[idx].a.next = NULL;
+ sa_ctx->xf[idx].a.aead.iv.offset = IV_OFFSET;
+ sa_ctx->xf[idx].a.aead.iv.length = iv_length;
+ sa_ctx->xf[idx].a.aead.add_auth_data_length =
+ sa->aad_len;
+ sa_ctx->xf[idx].a.aead.digest_length =
+ sa->digest_len;
+ }
- sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
- sa_ctx->xf[idx].a.auth.add_auth_data_length =
- sa->aad_len;
- sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
- sa_ctx->xf[idx].a.auth.key.length =
- sa->auth_key_len;
- sa_ctx->xf[idx].a.auth.digest_length =
- sa->digest_len;
- sa_ctx->xf[idx].a.auth.op =
- RTE_CRYPTO_AUTH_OP_VERIFY;
-
- } else { /* outbound */
- sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
- sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
- sa_ctx->xf[idx].a.cipher.key.length =
- sa->cipher_key_len;
- sa_ctx->xf[idx].a.cipher.op =
- RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
- sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
- sa_ctx->xf[idx].a.next = NULL;
-
- sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
- sa_ctx->xf[idx].b.auth.add_auth_data_length =
- sa->aad_len;
- sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
- sa_ctx->xf[idx].b.auth.key.length =
- sa->auth_key_len;
- sa_ctx->xf[idx].b.auth.digest_length =
- sa->digest_len;
- sa_ctx->xf[idx].b.auth.op =
- RTE_CRYPTO_AUTH_OP_GENERATE;
- }
+ sa->xforms = &sa_ctx->xf[idx].a;
- sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
- sa_ctx->xf[idx].b.next = NULL;
- sa->xforms = &sa_ctx->xf[idx].a;
+ print_one_sa_rule(sa, inbound);
+ } else {
+ switch (sa->cipher_algo) {
+ case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ iv_length = sa->iv_len;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ iv_length = 16;
+ break;
+ default:
+ RTE_LOG(ERR, IPSEC_ESP,
+ "unsupported cipher algorithm %u\n",
+ sa->cipher_algo);
+ return -EINVAL;
+ }
+
+ if (inbound) {
+ sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ sa_ctx->xf[idx].b.cipher.algo = sa->cipher_algo;
+ sa_ctx->xf[idx].b.cipher.key.data = sa->cipher_key;
+ sa_ctx->xf[idx].b.cipher.key.length =
+ sa->cipher_key_len;
+ sa_ctx->xf[idx].b.cipher.op =
+ RTE_CRYPTO_CIPHER_OP_DECRYPT;
+ sa_ctx->xf[idx].b.next = NULL;
+ sa_ctx->xf[idx].b.cipher.iv.offset = IV_OFFSET;
+ sa_ctx->xf[idx].b.cipher.iv.length = iv_length;
+
+ sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ sa_ctx->xf[idx].a.auth.algo = sa->auth_algo;
+ sa_ctx->xf[idx].a.auth.key.data = sa->auth_key;
+ sa_ctx->xf[idx].a.auth.key.length =
+ sa->auth_key_len;
+ sa_ctx->xf[idx].a.auth.digest_length =
+ sa->digest_len;
+ sa_ctx->xf[idx].a.auth.op =
+ RTE_CRYPTO_AUTH_OP_VERIFY;
+ } else { /* outbound */
+ sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ sa_ctx->xf[idx].a.cipher.algo = sa->cipher_algo;
+ sa_ctx->xf[idx].a.cipher.key.data = sa->cipher_key;
+ sa_ctx->xf[idx].a.cipher.key.length =
+ sa->cipher_key_len;
+ sa_ctx->xf[idx].a.cipher.op =
+ RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ sa_ctx->xf[idx].a.next = NULL;
+ sa_ctx->xf[idx].a.cipher.iv.offset = IV_OFFSET;
+ sa_ctx->xf[idx].a.cipher.iv.length = iv_length;
+
+ sa_ctx->xf[idx].b.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ sa_ctx->xf[idx].b.auth.algo = sa->auth_algo;
+ sa_ctx->xf[idx].b.auth.key.data = sa->auth_key;
+ sa_ctx->xf[idx].b.auth.key.length =
+ sa->auth_key_len;
+ sa_ctx->xf[idx].b.auth.digest_length =
+ sa->digest_len;
+ sa_ctx->xf[idx].b.auth.op =
+ RTE_CRYPTO_AUTH_OP_GENERATE;
+ }
- print_one_sa_rule(sa, inbound);
+ sa_ctx->xf[idx].a.next = &sa_ctx->xf[idx].b;
+ sa_ctx->xf[idx].b.next = NULL;
+ sa->xforms = &sa_ctx->xf[idx].a;
+
+ print_one_sa_rule(sa, inbound);
+ }
}
return 0;
options->aead_iv_random_size = -1;
options->aead_iv.length = 0;
+ options->auth_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ options->auth_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+
options->aad_param = 0;
options->aad_random_size = -1;
options->aad.length = 0;
RTE_CRYPTO_CIPHER_AES_CBC,
/**< AES algorithm in CBC mode */
- RTE_CRYPTO_CIPHER_AES_CCM,
- /**< AES algorithm in CCM mode. When this cipher algorithm is used the
- * *RTE_CRYPTO_AUTH_AES_CCM* element of the
- * *rte_crypto_hash_algorithm* enum MUST be used to set up the related
- * *rte_crypto_auth_xform* structure in the session context or in
- * the op_params of the crypto operation structure in the case of a
- * session-less crypto operation
- */
RTE_CRYPTO_CIPHER_AES_CTR,
/**< AES algorithm in Counter mode */
RTE_CRYPTO_CIPHER_AES_ECB,
/**< AES algorithm in ECB mode */
RTE_CRYPTO_CIPHER_AES_F8,
/**< AES algorithm in F8 mode */
- RTE_CRYPTO_CIPHER_AES_GCM,
- /**< AES algorithm in GCM mode. When this cipher algorithm is used the
- * *RTE_CRYPTO_AUTH_AES_GCM* element of the *rte_crypto_auth_algorithm*
- * enum MUST be used to set up the related *rte_crypto_auth_setup_data*
- * structure in the session context or in the op_params of the crypto
- * operation structure in the case of a session-less crypto operation.
- */
RTE_CRYPTO_CIPHER_AES_XTS,
/**< AES algorithm in XTS mode */
RTE_CRYPTO_AUTH_AES_CBC_MAC,
/**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
- RTE_CRYPTO_AUTH_AES_CCM,
- /**< AES algorithm in CCM mode. This is an authenticated cipher. When
- * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*
- * element of the *rte_crypto_cipher_algorithm* enum MUST be used to
- * set up the related rte_crypto_cipher_setup_data structure in the
- * session context or the corresponding parameter in the crypto
- * operation data structures op_params parameter MUST be set for a
- * session-less crypto operation.
- */
RTE_CRYPTO_AUTH_AES_CMAC,
/**< AES CMAC algorithm. */
- RTE_CRYPTO_AUTH_AES_GCM,
- /**< AES algorithm in GCM mode. When this hash algorithm
- * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
- * rte_crypto_cipher_algorithm enum MUST be used to set up the related
- * rte_crypto_cipher_setup_data structure in the session context, or
- * the corresponding parameter in the crypto operation data structures
- * op_params parameter MUST be set for a session-less crypto operation.
- */
RTE_CRYPTO_AUTH_AES_GMAC,
/**< AES GMAC algorithm. */
RTE_CRYPTO_AUTH_AES_XCBC_MAC,
* The maximum permitted value is 65535 (2^16 - 1) bytes, unless
* otherwise specified below.
*
- * This field must be specified when the hash algorithm is one of the
- * following:
- *
- * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM). In this case, this is
- * the length of the Additional Authenticated Data (called A, in NIST
- * SP800-38D).
- *
- * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM). In this case, this is
- * the length of the associated data (called A, in NIST SP800-38C).
- * Note that this does NOT include the length of any padding, or the
- * 18 bytes reserved at the start of the above field to store the
- * block B0 and the encoded length. The maximum permitted value in
- * this case is 222 bytes.
- *
*/
struct {
* also the same as the result length.
*
* @note
- * In the case of CCM
- * @ref RTE_CRYPTO_AUTH_AES_CCM, this value
- * should not include the length of the padding
- * or the length of the MAC; the driver will
- * compute the actual number of bytes over
- * which the encryption will occur, which will
- * include these values.
- *
- * @note
* For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
* KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8
* and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3,
* packet in source buffer.
*
* @note
- * For CCM and GCM modes of operation,
- * this field is ignored.
- * The field @ref aad field should be set
- * instead.
- *
- * @note
* For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
* KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
* and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
* buffer that the hash will be computed on.
*
* @note
- * For CCM and GCM modes of operation,
- * this field is ignored. The field @ref aad
- * field should be set instead.
- *
- * @note
* For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2,
* KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
* and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
* For digest generation, the digest result
* will overwrite any data at this location.
*
- * @note
- * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
- * "digest result" read "authentication tag T".
*/
phys_addr_t phys_addr;
/**< Physical address of digest */
* This length must not exceed 65535 (2^16-1)
* bytes.
*
- * Specifically for CCM
- * (@ref RTE_CRYPTO_AUTH_AES_CCM),
- * the caller should setup this field as follows:
- *
- * - the nonce should be written starting at
- * an offset of one byte into the array,
- * leaving room for the implementation to
- * write in the flags to the first byte.
- *
- * - the additional authentication data
- * itself should be written starting at
- * an offset of 18 bytes into the array,
- * leaving room for the length encoding in
- * the first two bytes of the second block.
- *
- * - the array should be big enough to hold
- * the above fields, plus any padding to
- * round this up to the nearest multiple of
- * the block size (16 bytes).
- * Padding will be added by the implementation.
- *
- * Finally, for GCM
- * (@ref RTE_CRYPTO_AUTH_AES_GCM), the
- * caller should setup this field as follows:
- *
- * - the AAD is written in starting at byte 0
- * - the array must be big enough to hold
- * the AAD, plus any space to round this up to
- * the nearest multiple of the block size
- * (16 bytes).
- *
*/
phys_addr_t phys_addr; /**< physical address */
} aad;
[RTE_CRYPTO_CIPHER_3DES_CTR] = "3des-ctr",
[RTE_CRYPTO_CIPHER_AES_CBC] = "aes-cbc",
- [RTE_CRYPTO_CIPHER_AES_CCM] = "aes-ccm",
[RTE_CRYPTO_CIPHER_AES_CTR] = "aes-ctr",
[RTE_CRYPTO_CIPHER_AES_DOCSISBPI] = "aes-docsisbpi",
[RTE_CRYPTO_CIPHER_AES_ECB] = "aes-ecb",
- [RTE_CRYPTO_CIPHER_AES_GCM] = "aes-gcm",
[RTE_CRYPTO_CIPHER_AES_F8] = "aes-f8",
[RTE_CRYPTO_CIPHER_AES_XTS] = "aes-xts",
const char *
rte_crypto_auth_algorithm_strings[] = {
[RTE_CRYPTO_AUTH_AES_CBC_MAC] = "aes-cbc-mac",
- [RTE_CRYPTO_AUTH_AES_CCM] = "aes-ccm",
[RTE_CRYPTO_AUTH_AES_CMAC] = "aes-cmac",
- [RTE_CRYPTO_AUTH_AES_GCM] = "aes-gcm",
[RTE_CRYPTO_AUTH_AES_GMAC] = "aes-gmac",
[RTE_CRYPTO_AUTH_AES_XCBC_MAC] = "aes-xcbc-mac",
struct crypto_unittest_params {
struct rte_crypto_sym_xform cipher_xform;
struct rte_crypto_sym_xform auth_xform;
+ struct rte_crypto_sym_xform aead_xform;
struct rte_cryptodev_sym_session *sess;
/* ***** AES-GCM Tests ***** */
static int
-create_gcm_session(uint8_t dev_id, enum rte_crypto_cipher_operation op,
+create_gcm_session(uint8_t dev_id, enum rte_crypto_aead_operation op,
const uint8_t *key, const uint8_t key_len,
const uint16_t aad_len, const uint8_t auth_len,
- uint8_t iv_len,
- enum rte_crypto_auth_operation auth_op)
+ uint8_t iv_len)
{
- uint8_t cipher_key[key_len];
+ uint8_t aead_key[key_len];
struct crypto_unittest_params *ut_params = &unittest_params;
- memcpy(cipher_key, key, key_len);
+ memcpy(aead_key, key, key_len);
- /* Setup Cipher Parameters */
- ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- ut_params->cipher_xform.next = NULL;
-
- ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
- ut_params->auth_xform.auth.op = auth_op;
- ut_params->cipher_xform.cipher.op = op;
- ut_params->cipher_xform.cipher.key.data = cipher_key;
- ut_params->cipher_xform.cipher.key.length = key_len;
- ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
- ut_params->cipher_xform.cipher.iv.length = iv_len;
+ /* Setup AEAD Parameters */
+ ut_params->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ ut_params->aead_xform.next = NULL;
+ ut_params->aead_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ ut_params->aead_xform.aead.op = op;
+ ut_params->aead_xform.aead.key.data = aead_key;
+ ut_params->aead_xform.aead.key.length = key_len;
+ ut_params->aead_xform.aead.iv.offset = IV_OFFSET;
+ ut_params->aead_xform.aead.iv.length = iv_len;
+ ut_params->aead_xform.aead.digest_length = auth_len;
+ ut_params->aead_xform.aead.add_auth_data_length = aad_len;
TEST_HEXDUMP(stdout, "key:", key, key_len);
- /* Setup Authentication Parameters */
- ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- ut_params->auth_xform.next = NULL;
-
- ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
-
- ut_params->auth_xform.auth.digest_length = auth_len;
- ut_params->auth_xform.auth.add_auth_data_length = aad_len;
- ut_params->auth_xform.auth.key.length = 0;
- ut_params->auth_xform.auth.key.data = NULL;
-
- if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
- ut_params->cipher_xform.next = &ut_params->auth_xform;
-
- /* Create Crypto session*/
- ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
- &ut_params->cipher_xform);
- } else {/* Create Crypto session*/
- ut_params->auth_xform.next = &ut_params->cipher_xform;
- ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
- &ut_params->auth_xform);
- }
+ /* Create Crypto session*/
+ ut_params->sess = rte_cryptodev_sym_session_create(dev_id,
+ &ut_params->aead_xform);
TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
static int
create_gcm_xforms(struct rte_crypto_op *op,
- enum rte_crypto_cipher_operation cipher_op,
+ enum rte_crypto_aead_operation aead_op,
uint8_t *key, const uint8_t key_len,
const uint8_t aad_len, const uint8_t auth_len,
- uint8_t iv_len,
- enum rte_crypto_auth_operation auth_op)
+ uint8_t iv_len)
{
- TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 2),
- "failed to allocate space for crypto transforms");
+ TEST_ASSERT_NOT_NULL(rte_crypto_op_sym_xforms_alloc(op, 1),
+ "failed to allocate space for crypto transform");
struct rte_crypto_sym_op *sym_op = op->sym;
- /* Setup Cipher Parameters */
- sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- sym_op->xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
- sym_op->xform->cipher.op = cipher_op;
- sym_op->xform->cipher.key.data = key;
- sym_op->xform->cipher.key.length = key_len;
- sym_op->xform->cipher.iv.offset = IV_OFFSET;
- sym_op->xform->cipher.iv.length = iv_len;
+ /* Setup AEAD Parameters */
+ sym_op->xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ sym_op->xform->next = NULL;
+ sym_op->xform->aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
+ sym_op->xform->aead.op = aead_op;
+ sym_op->xform->aead.key.data = key;
+ sym_op->xform->aead.key.length = key_len;
+ sym_op->xform->aead.iv.offset = IV_OFFSET;
+ sym_op->xform->aead.iv.length = iv_len;
+ sym_op->xform->aead.digest_length = auth_len;
+ sym_op->xform->aead.add_auth_data_length = aad_len;
TEST_HEXDUMP(stdout, "key:", key, key_len);
- /* Setup Authentication Parameters */
- sym_op->xform->next->type = RTE_CRYPTO_SYM_XFORM_AUTH;
- sym_op->xform->next->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
- sym_op->xform->next->auth.op = auth_op;
- sym_op->xform->next->auth.digest_length = auth_len;
- sym_op->xform->next->auth.add_auth_data_length = aad_len;
- sym_op->xform->next->auth.key.length = 0;
- sym_op->xform->next->auth.key.data = NULL;
- sym_op->xform->next->next = NULL;
-
return 0;
}
static int
-create_gcm_operation(enum rte_crypto_cipher_operation op,
+create_gcm_operation(enum rte_crypto_aead_operation op,
const struct gcm_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
/* Append aad data */
aad_pad_len = RTE_ALIGN_CEIL(tdata->aad.len, 16);
- sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
aad_pad_len);
- TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
"no room to append aad");
- sym_op->auth.aad.phys_addr =
+ sym_op->aead.aad.phys_addr =
rte_pktmbuf_mtophys(ut_params->ibuf);
- memcpy(sym_op->auth.aad.data, tdata->aad.data, tdata->aad.len);
- TEST_HEXDUMP(stdout, "aad:", sym_op->auth.aad.data,
+ memcpy(sym_op->aead.aad.data, tdata->aad.data, tdata->aad.len);
+ TEST_HEXDUMP(stdout, "aad:", sym_op->aead.aad.data,
tdata->aad.len);
/* Append IV at the end of the crypto operation*/
tdata->iv.len);
/* Append plaintext/ciphertext */
- if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
plaintext_pad_len = RTE_ALIGN_CEIL(tdata->plaintext.len, 16);
plaintext = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
plaintext_pad_len);
}
/* Append digest data */
- if (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
- sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+ if (op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+ sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
ut_params->obuf ? ut_params->obuf :
ut_params->ibuf,
tdata->auth_tag.len);
- TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+ TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
"no room to append digest");
- memset(sym_op->auth.digest.data, 0, tdata->auth_tag.len);
- sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+ memset(sym_op->aead.digest.data, 0, tdata->auth_tag.len);
+ sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
ut_params->obuf ? ut_params->obuf :
ut_params->ibuf,
plaintext_pad_len +
aad_pad_len);
} else {
- sym_op->auth.digest.data = (uint8_t *)rte_pktmbuf_append(
+ sym_op->aead.digest.data = (uint8_t *)rte_pktmbuf_append(
ut_params->ibuf, tdata->auth_tag.len);
- TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+ TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
"no room to append digest");
- sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+ sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
ut_params->ibuf,
plaintext_pad_len + aad_pad_len);
- rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+ rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
tdata->auth_tag.len);
TEST_HEXDUMP(stdout, "digest:",
- sym_op->auth.digest.data,
+ sym_op->aead.digest.data,
tdata->auth_tag.len);
}
- sym_op->cipher.data.length = tdata->plaintext.len;
- sym_op->cipher.data.offset = aad_pad_len;
-
- sym_op->auth.data.length = tdata->plaintext.len;
- sym_op->auth.data.offset = aad_pad_len;
+ sym_op->aead.data.length = tdata->plaintext.len;
+ sym_op->aead.data.offset = aad_pad_len;
return 0;
}
/* Create GCM session */
retval = create_gcm_session(ts_params->valid_devs[0],
- RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_GENERATE);
+ tdata->iv.len);
if (retval < 0)
return retval;
rte_pktmbuf_tailroom(ut_params->ibuf));
/* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+ retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
/* Create GCM session */
retval = create_gcm_session(ts_params->valid_devs[0],
- RTE_CRYPTO_CIPHER_OP_DECRYPT,
+ RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_VERIFY);
+ tdata->iv.len);
if (retval < 0)
return retval;
rte_pktmbuf_tailroom(ut_params->ibuf));
/* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+ retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
/* Create GCM session */
retval = create_gcm_session(ts_params->valid_devs[0],
- RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_GENERATE);
+ tdata->iv.len);
if (retval < 0)
return retval;
rte_pktmbuf_tailroom(ut_params->obuf));
/* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+ retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
/* Create GCM session */
retval = create_gcm_session(ts_params->valid_devs[0],
- RTE_CRYPTO_CIPHER_OP_DECRYPT,
+ RTE_CRYPTO_AEAD_OP_DECRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_VERIFY);
+ tdata->iv.len);
if (retval < 0)
return retval;
rte_pktmbuf_tailroom(ut_params->obuf));
/* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+ retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
rte_pktmbuf_tailroom(ut_params->ibuf));
/* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_ENCRYPT, tdata);
+ retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_ENCRYPT, tdata);
if (retval < 0)
return retval;
/* Create GCM xforms */
memcpy(key, tdata->key.data, tdata->key.len);
retval = create_gcm_xforms(ut_params->op,
- RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ RTE_CRYPTO_AEAD_OP_ENCRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_GENERATE);
+ tdata->iv.len);
if (retval < 0)
return retval;
rte_pktmbuf_tailroom(ut_params->ibuf));
/* Create GCM operation */
- retval = create_gcm_operation(RTE_CRYPTO_CIPHER_OP_DECRYPT, tdata);
+ retval = create_gcm_operation(RTE_CRYPTO_AEAD_OP_DECRYPT, tdata);
if (retval < 0)
return retval;
/* Create GCM xforms */
memcpy(key, tdata->key.data, tdata->key.len);
retval = create_gcm_xforms(ut_params->op,
- RTE_CRYPTO_CIPHER_OP_DECRYPT,
+ RTE_CRYPTO_AEAD_OP_DECRYPT,
key, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_VERIFY);
+ tdata->iv.len);
if (retval < 0)
return retval;
}
static int
-create_gcm_operation_SGL(enum rte_crypto_cipher_operation op,
+create_gcm_operation_SGL(enum rte_crypto_aead_operation op,
const struct gcm_test_data *tdata,
void *digest_mem, uint64_t digest_phys)
{
struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
- sym_op->auth.digest.data = digest_mem;
+ sym_op->aead.digest.data = digest_mem;
- TEST_ASSERT_NOT_NULL(sym_op->auth.digest.data,
+ TEST_ASSERT_NOT_NULL(sym_op->aead.digest.data,
"no room to append digest");
- sym_op->auth.digest.phys_addr = digest_phys;
+ sym_op->aead.digest.phys_addr = digest_phys;
- if (op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
- rte_memcpy(sym_op->auth.digest.data, tdata->auth_tag.data,
+ if (op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
+ rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
auth_tag_len);
TEST_HEXDUMP(stdout, "digest:",
- sym_op->auth.digest.data,
+ sym_op->aead.digest.data,
auth_tag_len);
}
rte_memcpy(iv_ptr, tdata->iv.data, iv_len);
- sym_op->auth.aad.data = (uint8_t *)rte_pktmbuf_prepend(
+ sym_op->aead.aad.data = (uint8_t *)rte_pktmbuf_prepend(
ut_params->ibuf, aad_len);
- TEST_ASSERT_NOT_NULL(sym_op->auth.aad.data,
+ TEST_ASSERT_NOT_NULL(sym_op->aead.aad.data,
"no room to prepend aad");
- sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(
+ sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(
ut_params->ibuf);
- memset(sym_op->auth.aad.data, 0, aad_len);
- rte_memcpy(sym_op->auth.aad.data, tdata->aad.data, aad_len);
+ memset(sym_op->aead.aad.data, 0, aad_len);
+ rte_memcpy(sym_op->aead.aad.data, tdata->aad.data, aad_len);
TEST_HEXDUMP(stdout, "iv:", iv_ptr, iv_len);
TEST_HEXDUMP(stdout, "aad:",
- sym_op->auth.aad.data, aad_len);
+ sym_op->aead.aad.data, aad_len);
- sym_op->cipher.data.length = tdata->plaintext.len;
- sym_op->cipher.data.offset = aad_len;
-
- sym_op->auth.data.offset = aad_len;
- sym_op->auth.data.length = tdata->plaintext.len;
+ sym_op->aead.data.length = tdata->plaintext.len;
+ sym_op->aead.data.offset = aad_len;
return 0;
}
/* Create GCM session */
retval = create_gcm_session(ts_params->valid_devs[0],
- RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
- tdata->iv.len,
- RTE_CRYPTO_AUTH_OP_GENERATE);
+ tdata->iv.len);
if (retval < 0)
return retval;
}
/* Create GCM opertaion */
- retval = create_gcm_operation_SGL(RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+ retval = create_gcm_operation_SGL(RTE_CRYPTO_AEAD_OP_ENCRYPT,
tdata, digest_mem, digest_phys);
if (retval < 0)
CIPHER_HASH,
HASH_CIPHER,
CIPHER_ONLY,
- HASH_ONLY
+ HASH_ONLY,
+ AEAD
};
struct symmetric_session_attrs {
enum rte_crypto_cipher_operation cipher;
enum rte_crypto_auth_operation auth;
+ enum rte_crypto_aead_operation aead;
enum rte_crypto_cipher_algorithm cipher_algorithm;
const uint8_t *key_cipher_data;
const uint8_t *key_auth_data;
uint32_t key_auth_len;
+ enum rte_crypto_aead_algorithm aead_algorithm;
+ const uint8_t *key_aead_data;
+ uint32_t key_aead_len;
+
const uint8_t *iv_data;
uint16_t iv_len;
uint16_t aad_len;
enum chain_mode chain;
enum rte_crypto_cipher_algorithm cipher_algo;
- unsigned cipher_key_length;
+ unsigned int key_length;
enum rte_crypto_auth_algorithm auth_algo;
+ enum rte_crypto_aead_algorithm aead_algo;
struct symmetric_session_attrs *session_attrs;
test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
enum rte_crypto_cipher_algorithm cipher_algo,
unsigned int cipher_key_len,
- enum rte_crypto_auth_algorithm auth_algo);
+ enum rte_crypto_auth_algorithm auth_algo,
+ enum rte_crypto_aead_algorithm aead_algo);
static struct rte_cryptodev_sym_session *
test_perf_create_armv8_session(uint8_t dev_id, enum chain_mode chain,
enum rte_crypto_cipher_algorithm cipher_algo,
case HASH_CIPHER: return "hash_cipher"; break;
case CIPHER_ONLY: return "cipher_only"; break;
case HASH_ONLY: return "hash_only"; break;
+ case AEAD: return "aead"; break;
default: return ""; break;
}
}
/* Create Crypto session*/
sess = test_perf_create_snow3g_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate Crypto op data structure(s)*/
c_ops[i] = op;
}
- printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+ if (pparams->chain == AEAD)
+ printf("\nOn %s dev%u qp%u, %s, aead algo:%s, "
+ "Packet Size %u bytes",
+ pmd_name(gbl_cryptodev_perftest_devtype),
+ ts_params->dev_id, 0,
+ chain_mode_name(pparams->chain),
+ rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+ pparams->buf_size);
+ else
+ printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
"Packet Size %u bytes",
pmd_name(gbl_cryptodev_perftest_devtype),
ts_params->dev_id, 0,
{
.chain = CIPHER_ONLY,
.cipher_algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_NULL,
},
{
.chain = HASH_ONLY,
.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
.auth_algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
- .cipher_key_length = 16
+ .key_length = 16
},
};
/* Create Crypto session*/
sess = test_perf_create_openssl_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo,
+ pparams->aead_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate Crypto op data structure(s)*/
RTE_CRYPTO_OP_TYPE_SYMMETRIC);
TEST_ASSERT_NOT_NULL(op, "Failed to allocate op");
- switch (pparams->cipher_algo) {
- case RTE_CRYPTO_CIPHER_3DES_CBC:
- case RTE_CRYPTO_CIPHER_3DES_CTR:
- test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
- break;
- case RTE_CRYPTO_CIPHER_AES_CBC:
- case RTE_CRYPTO_CIPHER_AES_CTR:
- test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
- break;
- case RTE_CRYPTO_CIPHER_AES_GCM:
+ if (pparams->chain == AEAD)
test_perf_set_crypto_op =
test_perf_set_crypto_op_aes_gcm;
- break;
- default:
- return TEST_FAILED;
+ else {
+ switch (pparams->cipher_algo) {
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_3DES_CTR:
+ test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+ break;
+ default:
+ return TEST_FAILED;
+ }
}
op = test_perf_set_crypto_op(op, m, sess, pparams->buf_size,
c_ops[i] = op;
}
- printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, cipher key length:%u, "
- "auth_algo:%s, Packet Size %u bytes",
+ if (pparams->chain == AEAD)
+ printf("\nOn %s dev%u qp%u, %s, aead_algo:%s, "
+ "key length:%u, Packet Size %u bytes",
+ pmd_name(gbl_cryptodev_perftest_devtype),
+ ts_params->dev_id, 0,
+ chain_mode_name(pparams->chain),
+ rte_crypto_aead_algorithm_strings[pparams->aead_algo],
+ pparams->key_length,
+ pparams->buf_size);
+ else
+ printf("\nOn %s dev%u qp%u, %s, cipher algo:%s, auth_algo:%s, "
+ "key length:%u, Packet Size %u bytes",
pmd_name(gbl_cryptodev_perftest_devtype),
ts_params->dev_id, 0,
chain_mode_name(pparams->chain),
rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
- pparams->cipher_key_length,
rte_crypto_auth_algorithm_strings[pparams->auth_algo],
+ pparams->key_length,
pparams->buf_size);
printf("\nOps Tx\tOps Rx\tOps/burst ");
printf("Retries EmptyPolls\tIACycles/CyOp\tIACycles/Burst\t"
/* Create Crypto session*/
sess = test_perf_create_armv8_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate Crypto op data structure(s)*/
ts_params->dev_id, 0,
chain_mode_name(pparams->chain),
rte_crypto_cipher_algorithm_strings[pparams->cipher_algo],
- pparams->cipher_key_length,
+ pparams->key_length,
rte_crypto_auth_algorithm_strings[pparams->auth_algo],
pparams->buf_size);
printf("\nOps Tx\tOps Rx\tOps/burst ");
return 128;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
return 128;
- case RTE_CRYPTO_AUTH_AES_GCM:
- return 0;
default:
return 0;
}
return TRUNCATED_DIGEST_BYTE_LENGTH_SHA384;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
return TRUNCATED_DIGEST_BYTE_LENGTH_SHA512;
- case RTE_CRYPTO_AUTH_AES_GCM:
+ default:
+ return 0;
+ }
+}
+
+static uint32_t get_aead_digest_length(enum rte_crypto_aead_algorithm algo)
+{
+ switch (algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
return DIGEST_BYTE_LENGTH_AES_GCM;
default:
return 0;
static struct rte_cryptodev_sym_session *
test_perf_create_openssl_session(uint8_t dev_id, enum chain_mode chain,
enum rte_crypto_cipher_algorithm cipher_algo,
- unsigned int cipher_key_len,
- enum rte_crypto_auth_algorithm auth_algo)
+ unsigned int key_len,
+ enum rte_crypto_auth_algorithm auth_algo,
+ enum rte_crypto_aead_algorithm aead_algo)
{
struct rte_crypto_sym_xform cipher_xform = { 0 };
struct rte_crypto_sym_xform auth_xform = { 0 };
+ struct rte_crypto_sym_xform aead_xform = { 0 };
- /* Setup Cipher Parameters */
- cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cipher_xform.cipher.algo = cipher_algo;
- cipher_xform.cipher.iv.offset = IV_OFFSET;
- cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ if (chain == CIPHER_HASH || chain == HASH_CIPHER) {
+ /* Setup Cipher Parameters */
+ cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ cipher_xform.cipher.algo = cipher_algo;
+ cipher_xform.cipher.iv.offset = IV_OFFSET;
+ cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- switch (cipher_algo) {
- case RTE_CRYPTO_CIPHER_3DES_CBC:
- case RTE_CRYPTO_CIPHER_3DES_CTR:
- cipher_xform.cipher.key.data = triple_des_key;
- cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
- break;
- case RTE_CRYPTO_CIPHER_AES_CBC:
- case RTE_CRYPTO_CIPHER_AES_CTR:
- case RTE_CRYPTO_CIPHER_AES_GCM:
- cipher_xform.cipher.key.data = aes_key;
- cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
- break;
- default:
- return NULL;
- }
+ switch (cipher_algo) {
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_3DES_CTR:
+ cipher_xform.cipher.key.data = triple_des_key;
+ cipher_xform.cipher.iv.length = TRIPLE_DES_CIPHER_IV_LENGTH;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ cipher_xform.cipher.key.data = aes_key;
+ cipher_xform.cipher.iv.length = AES_CIPHER_IV_LENGTH;
+ break;
+ default:
+ return NULL;
+ }
- cipher_xform.cipher.key.length = cipher_key_len;
+ cipher_xform.cipher.key.length = key_len;
- /* Setup Auth Parameters */
- auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
- auth_xform.auth.algo = auth_algo;
+ /* Setup Auth Parameters */
+ auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+ auth_xform.auth.algo = auth_algo;
- switch (auth_algo) {
- case RTE_CRYPTO_AUTH_SHA1_HMAC:
- auth_xform.auth.key.data = hmac_sha_key;
- break;
- case RTE_CRYPTO_AUTH_AES_GCM:
- auth_xform.auth.key.data = NULL;
- auth_xform.auth.add_auth_data_length = AES_GCM_AAD_LENGTH;
- break;
- default:
- return NULL;
- }
+ switch (auth_algo) {
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ auth_xform.auth.key.data = hmac_sha_key;
+ break;
+ default:
+ return NULL;
+ }
- auth_xform.auth.key.length = get_auth_key_max_length(auth_algo);
- auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+ auth_xform.auth.key.length = get_auth_key_max_length(auth_algo);
+ auth_xform.auth.digest_length = get_auth_digest_length(auth_algo);
+ } else if (chain == AEAD) {
+ /* Setup AEAD Parameters */
+ aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ aead_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
+ aead_xform.aead.algo = aead_algo;
+ aead_xform.aead.iv.offset = IV_OFFSET;
+
+ switch (aead_algo) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ aead_xform.aead.key.data = aes_key;
+ aead_xform.aead.iv.length = AES_CIPHER_IV_LENGTH;
+ aead_xform.aead.add_auth_data_length = AES_GCM_AAD_LENGTH;
+ aead_xform.aead.digest_length = get_aead_digest_length(aead_algo);
+ break;
+ default:
+ return NULL;
+ }
+
+ aead_xform.aead.key.length = key_len;
+ }
switch (chain) {
case CIPHER_HASH:
cipher_xform.next = NULL;
/* Create Crypto session*/
return rte_cryptodev_sym_session_create(dev_id, &auth_xform);
+ case AEAD:
+ /* Create Crypto session*/
+ return rte_cryptodev_sym_session_create(dev_id, &aead_xform);
default:
return NULL;
}
}
/* Authentication Parameters */
- op->sym->auth.digest.data = (uint8_t *)m->buf_addr +
+ op->sym->aead.digest.data = (uint8_t *)m->buf_addr +
(m->data_off + data_len);
- op->sym->auth.digest.phys_addr =
+ op->sym->aead.digest.phys_addr =
rte_pktmbuf_mtophys_offset(m, data_len);
- op->sym->auth.aad.data = aes_gcm_aad;
+ op->sym->aead.aad.data = aes_gcm_aad;
/* Copy IV at the end of the crypto operation */
rte_memcpy(rte_crypto_op_ctod_offset(op, uint8_t *, IV_OFFSET),
aes_iv, AES_CIPHER_IV_LENGTH);
/* Data lengths/offsets Parameters */
- op->sym->auth.data.offset = 0;
- op->sym->auth.data.length = data_len;
-
- op->sym->cipher.data.offset = 0;
- op->sym->cipher.data.length = data_len;
+ op->sym->aead.data.offset = 0;
+ op->sym->aead.data.length = data_len;
op->sym->m_src = m;
/* Create Crypto session*/
sess = test_perf_create_aes_sha_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate a burst of crypto operations */
/* Create Crypto session*/
sess = test_perf_create_snow3g_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate a burst of crypto operations */
unsigned int,
enum chain_mode);
- switch (pparams->cipher_algo) {
- case RTE_CRYPTO_CIPHER_3DES_CBC:
- case RTE_CRYPTO_CIPHER_3DES_CTR:
- test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
- break;
- case RTE_CRYPTO_CIPHER_AES_CBC:
- case RTE_CRYPTO_CIPHER_AES_CTR:
- test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
- break;
- case RTE_CRYPTO_CIPHER_AES_GCM:
- test_perf_set_crypto_op = test_perf_set_crypto_op_aes_gcm;
- break;
- default:
- return TEST_FAILED;
+ if (pparams->chain == AEAD)
+ test_perf_set_crypto_op =
+ test_perf_set_crypto_op_aes_gcm;
+ else {
+ switch (pparams->cipher_algo) {
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_3DES_CTR:
+ test_perf_set_crypto_op = test_perf_set_crypto_op_3des;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ test_perf_set_crypto_op = test_perf_set_crypto_op_aes;
+ break;
+ default:
+ return TEST_FAILED;
+ }
}
if (rte_cryptodev_count() == 0) {
/* Create Crypto session*/
sess = test_perf_create_openssl_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo,
+ pparams->aead_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate a burst of crypto operations */
/* Create Crypto session*/
sess = test_perf_create_armv8_session(ts_params->dev_id,
pparams->chain, pparams->cipher_algo,
- pparams->cipher_key_length, pparams->auth_algo);
+ pparams->key_length, pparams->auth_algo);
TEST_ASSERT_NOT_NULL(sess, "Session creation failed");
/* Generate a burst of crypto operations */
{
.chain = CIPHER_ONLY,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_NULL
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 32,
+ .key_length = 32,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 32,
+ .key_length = 32,
.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 32,
+ .key_length = 32,
.auth_algo = RTE_CRYPTO_AUTH_SHA512_HMAC
},
};
chain_mode_name(params_set[i].chain),
rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
- params_set[i].cipher_key_length,
+ params_set[i].key_length,
burst_size);
printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
"Retries\tEmptyPolls\n");
{
.chain = CIPHER_ONLY,
.cipher_algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_NULL,
},
{
.chain = HASH_ONLY,
.cipher_algo = RTE_CRYPTO_CIPHER_NULL,
.auth_algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
- .cipher_key_length = 16
+ .key_length = 16
},
};
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
- .cipher_key_length = 24,
+ .key_length = 24,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,
- .cipher_key_length = 32,
+ .key_length = 32,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,
- .cipher_key_length = 24,
+ .key_length = 24,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
- .chain = CIPHER_HASH,
+ .chain = AEAD,
- .cipher_algo = RTE_CRYPTO_CIPHER_AES_GCM,
- .cipher_key_length = 16,
- .auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+ .aead_algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 16,
},
};
for (i = 0; i < RTE_DIM(params_set); i++) {
params_set[i].total_operations = total_operations;
params_set[i].burst_size = burst_size;
- printf("\n%s. cipher algo: %s auth algo: %s cipher key size=%u."
- " burst_size: %d ops\n",
- chain_mode_name(params_set[i].chain),
- rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
- rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
- params_set[i].cipher_key_length,
- burst_size);
+ if (params_set[i].chain == AEAD) {
+ enum rte_crypto_aead_algorithm aead_algo =
+ params_set[i].aead_algo;
+ printf("\n%s. aead algo: %s key size=%u."
+ " burst_size: %d ops\n",
+ chain_mode_name(params_set[i].chain),
+ rte_crypto_aead_algorithm_strings[aead_algo],
+ params_set[i].key_length,
+ burst_size);
+ } else {
+ enum rte_crypto_cipher_algorithm cipher_algo =
+ params_set[i].cipher_algo;
+ enum rte_crypto_auth_algorithm auth_algo =
+ params_set[i].auth_algo;
+ printf("\n%s. cipher algo: %s auth algo: %s key size=%u."
+ " burst_size: %d ops\n",
+ chain_mode_name(params_set[i].chain),
+ rte_crypto_cipher_algorithm_strings[cipher_algo],
+ rte_crypto_auth_algorithm_strings[auth_algo],
+ params_set[i].key_length,
+ burst_size);
+ }
printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
"EmptyPolls\n");
for (j = 0; j < RTE_DIM(buf_lengths); j++) {
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
- .cipher_key_length = 24,
+ .key_length = 24,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CTR,
- .cipher_key_length = 32,
+ .key_length = 32,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_3DES_CTR,
- .cipher_key_length = 24,
+ .key_length = 24,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
- .chain = CIPHER_HASH,
+ .chain = AEAD,
- .cipher_algo = RTE_CRYPTO_CIPHER_AES_GCM,
- .cipher_key_length = 16,
- .auth_algo = RTE_CRYPTO_AUTH_AES_GCM
+ .aead_algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .key_length = 16,
},
};
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = HASH_CIPHER,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
},
{
.chain = HASH_CIPHER,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
},
};
chain_mode_name(params_set[i].chain),
rte_crypto_cipher_algorithm_strings[params_set[i].cipher_algo],
rte_crypto_auth_algorithm_strings[params_set[i].auth_algo],
- params_set[i].cipher_key_length,
+ params_set[i].key_length,
burst_size);
printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\tRetries\t"
"EmptyPolls\n");
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = HASH_CIPHER,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
},
{
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
},
{
.chain = HASH_CIPHER,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA256_HMAC
},
};
test_perf_create_session(uint8_t dev_id, struct perf_test_params *pparams)
{
static struct rte_cryptodev_sym_session *sess;
- struct rte_crypto_sym_xform cipher_xform = { 0 };
- struct rte_crypto_sym_xform auth_xform = { 0 };
-
- uint8_t cipher_key[pparams->session_attrs->key_cipher_len];
- uint8_t auth_key[pparams->session_attrs->key_auth_len];
-
- memcpy(cipher_key, pparams->session_attrs->key_cipher_data,
- pparams->session_attrs->key_cipher_len);
- memcpy(auth_key, pparams->session_attrs->key_auth_data,
- pparams->session_attrs->key_auth_len);
-
- cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
- cipher_xform.next = NULL;
-
- cipher_xform.cipher.algo = pparams->session_attrs->cipher_algorithm;
- cipher_xform.cipher.op = pparams->session_attrs->cipher;
- cipher_xform.cipher.key.data = cipher_key;
- cipher_xform.cipher.key.length = pparams->session_attrs->key_cipher_len;
- cipher_xform.cipher.iv.length = pparams->session_attrs->iv_len;
- cipher_xform.cipher.iv.offset = IV_OFFSET;
+ struct rte_crypto_sym_xform aead_xform = { 0 };
- auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
- auth_xform.next = NULL;
+ uint8_t aead_key[pparams->session_attrs->key_aead_len];
- auth_xform.auth.op = pparams->session_attrs->auth;
- auth_xform.auth.algo = pparams->session_attrs->auth_algorithm;
+ memcpy(aead_key, pparams->session_attrs->key_aead_data,
+ pparams->session_attrs->key_aead_len);
- auth_xform.auth.add_auth_data_length = pparams->session_attrs->aad_len;
- auth_xform.auth.digest_length = pparams->session_attrs->digest_len;
- auth_xform.auth.key.length = pparams->session_attrs->key_auth_len;
+ aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ aead_xform.next = NULL;
+ aead_xform.aead.algo = pparams->session_attrs->aead_algorithm;
+ aead_xform.aead.op = pparams->session_attrs->aead;
+ aead_xform.aead.key.data = aead_key;
+ aead_xform.aead.key.length = pparams->session_attrs->key_aead_len;
+ aead_xform.aead.iv.length = pparams->session_attrs->iv_len;
+ aead_xform.aead.iv.offset = IV_OFFSET;
+ aead_xform.aead.add_auth_data_length = pparams->session_attrs->aad_len;
+ aead_xform.aead.digest_length = pparams->session_attrs->digest_len;
- cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- if (cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
- cipher_xform.next = &auth_xform;
- sess = rte_cryptodev_sym_session_create(dev_id,
- &cipher_xform);
- } else {
- auth_xform.next = &cipher_xform;
- sess = rte_cryptodev_sym_session_create(dev_id,
- &auth_xform);
- }
+ sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform);
return sess;
}
return NULL;
}
- op->sym->auth.digest.data = m_hlp->digest;
- op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(
+ op->sym->aead.digest.data = m_hlp->digest;
+ op->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(
m,
params->session_attrs->aad_len +
params->symmetric_op->p_len);
- op->sym->auth.aad.data = m_hlp->aad;
- op->sym->auth.aad.phys_addr = rte_pktmbuf_mtophys(m);
+ op->sym->aead.aad.data = m_hlp->aad;
+ op->sym->aead.aad.phys_addr = rte_pktmbuf_mtophys(m);
- rte_memcpy(op->sym->auth.aad.data, params->symmetric_op->aad_data,
+ rte_memcpy(op->sym->aead.aad.data, params->symmetric_op->aad_data,
params->session_attrs->aad_len);
rte_memcpy(iv_ptr, params->session_attrs->iv_data,
if (params->session_attrs->iv_len == 12)
iv_ptr[15] = 1;
- op->sym->auth.data.offset =
- params->session_attrs->aad_len;
- op->sym->auth.data.length = params->symmetric_op->p_len;
-
- op->sym->cipher.data.offset =
+ op->sym->aead.data.offset =
params->session_attrs->aad_len;
- op->sym->cipher.data.length = params->symmetric_op->p_len;
+ op->sym->aead.data.length = params->symmetric_op->p_len;
op->sym->m_src = m;
gcm_test = gcm_tests[i];
- session_attrs[i].cipher =
- RTE_CRYPTO_CIPHER_OP_ENCRYPT;
- session_attrs[i].cipher_algorithm =
- RTE_CRYPTO_CIPHER_AES_GCM;
- session_attrs[i].key_cipher_data =
+ session_attrs[i].aead =
+ RTE_CRYPTO_AEAD_OP_ENCRYPT;
+ session_attrs[i].aead_algorithm =
+ RTE_CRYPTO_AEAD_AES_GCM;
+ session_attrs[i].key_aead_data =
gcm_test->key.data;
- session_attrs[i].key_cipher_len =
+ session_attrs[i].key_aead_len =
gcm_test->key.len;
- session_attrs[i].auth_algorithm =
- RTE_CRYPTO_AUTH_AES_GCM;
- session_attrs[i].auth =
- RTE_CRYPTO_AUTH_OP_GENERATE;
- session_attrs[i].key_auth_data = NULL;
- session_attrs[i].key_auth_len = 0;
session_attrs[i].aad_len = gcm_test->aad.len;
session_attrs[i].digest_len =
gcm_test->auth_tag.len;
ops_set[i].t_data = gcm_test->auth_tags[i].data;
ops_set[i].t_len = gcm_test->auth_tags[i].len;
- params_set[i].chain = CIPHER_HASH;
+ params_set[i].chain = AEAD;
params_set[i].session_attrs = &session_attrs[i];
params_set[i].symmetric_op = &ops_set[i];
if (continual_buf_len)
.chain = CIPHER_HASH,
.cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
- .cipher_key_length = 16,
+ .key_length = 16,
.auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC
};
chain_mode_name(params_set.chain),
rte_crypto_cipher_algorithm_strings[params_set.cipher_algo],
rte_crypto_auth_algorithm_strings[params_set.auth_algo],
- params_set.cipher_key_length,
+ params_set.key_length,
burst_size);
printf("\nBuffer Size(B)\tOPS(M)\tThroughput(Gbps)\t"
"Retries\tEmptyPolls\n");
git.droids-corp.org / dpdk.git / commitdiff