crypto/aesni_mb: support AES-GMAC

This patch adds the AES-GMAC authentication only support to AESNI-MB
PMD, including the driver code, cryptodev unit test, and documentation
updates.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index df84c9c..1d6ebba 100644 (file)
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -40,6 +40,7 @@ Hash algorithms:
 * RTE_CRYPTO_HASH_SHA512_HMAC
 * RTE_CRYPTO_HASH_AES_XCBC_HMAC
 * RTE_CRYPTO_HASH_AES_CMAC
+* RTE_CRYPTO_HASH_AES_GMAC
 
 AEAD algorithms:
 
@@ -53,6 +54,7 @@ Limitations
 * Only in-place is currently supported (destination address is the same as source address).
 * RTE_CRYPTO_AEAD_AES_GCM only works properly when the multi-buffer library is
   0.51.0 or newer.
+* RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later.
 
 
 Installation

diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst
index f4e64b8..4b24411 100644 (file)
--- a/doc/guides/rel_notes/release_19_02.rst
+++ b/doc/guides/rel_notes/release_19_02.rst
@@ -103,6 +103,7 @@ New Features
 * **Updated the AESNI-MB PMD.**
 
   * Add support for intel-ipsec-mb version 0.52.
+  * Add AES-GMAC algorithm support.
 
 * **Enabled checksum support in the ISA-L compressdev driver.**
 

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 2c25b7b..d34cbc3 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -173,6 +173,54 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
                return 0;
        }
 
+       if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+               if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {
+                       sess->cipher.direction = ENCRYPT;
+                       sess->chain_order = CIPHER_HASH;
+               } else
+                       sess->cipher.direction = DECRYPT;
+
+               sess->auth.algo = AES_GMAC;
+               /*
+                * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
+                * If size requested is different, generate the full digest
+                * (16 bytes) in a temporary location and then memcpy
+                * the requested number of bytes.
+                */
+               if (sess->auth.req_digest_len != 16 &&
+                               sess->auth.req_digest_len != 12 &&
+                               sess->auth.req_digest_len != 8) {
+                       sess->auth.gen_digest_len = 16;
+               } else {
+                       sess->auth.gen_digest_len = sess->auth.req_digest_len;
+               }
+               sess->iv.length = xform->auth.iv.length;
+               sess->iv.offset = xform->auth.iv.offset;
+
+               switch (xform->auth.key.length) {
+               case AES_128_BYTES:
+                       IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
+                               &sess->cipher.gcm_key);
+                       sess->cipher.key_length_in_bytes = AES_128_BYTES;
+                       break;
+               case AES_192_BYTES:
+                       IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
+                               &sess->cipher.gcm_key);
+                       sess->cipher.key_length_in_bytes = AES_192_BYTES;
+                       break;
+               case AES_256_BYTES:
+                       IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
+                               &sess->cipher.gcm_key);
+                       sess->cipher.key_length_in_bytes = AES_256_BYTES;
+                       break;
+               default:
+                       RTE_LOG(ERR, PMD, "failed to parse test type\n");
+                       return -EINVAL;
+               }
+
+               return 0;
+       }
+
        switch (xform->auth.algo) {
        case RTE_CRYPTO_AUTH_MD5_HMAC:
                sess->auth.algo = MD5;
@@ -735,8 +783,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                break;
 
        case AES_GMAC:
-               job->u.GCM.aad = op->sym->aead.aad.data;
-               job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+               if (session->cipher.mode == GCM) {
+                       job->u.GCM.aad = op->sym->aead.aad.data;
+                       job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+               } else {
+                       /* For GMAC */
+                       job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,
+                                       uint8_t *, op->sym->auth.data.offset);
+                       job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;
+                       job->cipher_mode = GCM;
+               }
                job->aes_enc_key_expanded = &session->cipher.gcm_key;
                job->aes_dec_key_expanded = &session->cipher.gcm_key;
                break;
@@ -776,7 +832,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                                rte_pktmbuf_data_len(op->sym->m_src));
        } else {
                m_dst = m_src;
-               if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)
+               if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
+                               session->cipher.mode == GCM))
                        m_offset = op->sym->aead.data.offset;
                else
                        m_offset = op->sym->cipher.data.offset;
@@ -788,7 +845,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                job->auth_tag_output = qp->temp_digests[*digest_idx];
                *digest_idx = (*digest_idx + 1) % MAX_JOBS;
        } else {
-               if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)
+               if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
+                               session->cipher.mode == GCM))
                        job->auth_tag_output = op->sym->aead.digest.data;
                else
                        job->auth_tag_output = op->sym->auth.digest.data;
@@ -826,11 +884,24 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                break;
 
        case AES_GMAC:
-               job->cipher_start_src_offset_in_bytes =
-                               op->sym->aead.data.offset;
-               job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
-               job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
-               job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes;
+               if (session->cipher.mode == GCM) {
+                       job->cipher_start_src_offset_in_bytes =
+                                       op->sym->aead.data.offset;
+                       job->hash_start_src_offset_in_bytes =
+                                       op->sym->aead.data.offset;
+                       job->msg_len_to_cipher_in_bytes =
+                                       op->sym->aead.data.length;
+                       job->msg_len_to_hash_in_bytes =
+                                       op->sym->aead.data.length;
+               } else {
+                       job->cipher_start_src_offset_in_bytes =
+                                       op->sym->auth.data.offset;
+                       job->hash_start_src_offset_in_bytes =
+                                       op->sym->auth.data.offset;
+                       job->msg_len_to_cipher_in_bytes = 0;
+                       job->msg_len_to_hash_in_bytes = 0;
+               }
+
                job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
                                session->iv.offset);
                break;
@@ -854,19 +925,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 }
 
 static inline void
-verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op,
-               struct aesni_mb_session *sess)
+verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status)
 {
        /* Verify digest if required */
-       if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) {
-               if (memcmp(job->auth_tag_output, op->sym->aead.digest.data,
-                               sess->auth.req_digest_len) != 0)
-                       op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-       } else {
-               if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
-                               sess->auth.req_digest_len) != 0)
-                       op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-       }
+       if (memcmp(job->auth_tag_output, digest, len) != 0)
+               *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 }
 
 static inline void
@@ -908,13 +971,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
                case STS_COMPLETED:
                        op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
-                       if (job->hash_alg != NULL_HASH) {
-                               if (sess->auth.operation ==
-                                               RTE_CRYPTO_AUTH_OP_VERIFY)
-                                       verify_digest(job, op, sess);
+                       if (job->hash_alg == NULL_HASH)
+                               break;
+
+                       if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
+                               if (job->hash_alg == AES_CCM ||
+                                       (job->hash_alg == AES_GMAC &&
+                                               sess->cipher.mode == GCM))
+                                       verify_digest(job,
+                                               op->sym->aead.digest.data,
+                                               sess->auth.req_digest_len,
+                                               &op->status);
                                else
-                                       generate_digest(job, op, sess);
-                       }
+                                       verify_digest(job,
+                                               op->sym->auth.digest.data,
+                                               sess->auth.req_digest_len,
+                                               &op->status);
+                       } else
+                               generate_digest(job, op, sess);
                        break;
                default:
                        op->status = RTE_CRYPTO_OP_STATUS_ERROR;

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c
index 83250e3..56ce549 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_compat.c
@@ -177,6 +177,54 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops,
                return 0;
        }
 
+       if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+               if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {
+                       sess->cipher.direction = ENCRYPT;
+                       sess->chain_order = CIPHER_HASH;
+               } else
+                       sess->cipher.direction = DECRYPT;
+
+               sess->auth.algo = AES_GMAC;
+               /*
+                * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
+                * If size requested is different, generate the full digest
+                * (16 bytes) in a temporary location and then memcpy
+                * the requested number of bytes.
+                */
+               if (sess->auth.req_digest_len != 16 &&
+                               sess->auth.req_digest_len != 12 &&
+                               sess->auth.req_digest_len != 8) {
+                       sess->auth.gen_digest_len = 16;
+               } else {
+                       sess->auth.gen_digest_len = sess->auth.req_digest_len;
+               }
+               sess->iv.length = xform->auth.iv.length;
+               sess->iv.offset = xform->auth.iv.offset;
+
+               switch (xform->auth.key.length) {
+               case AES_128_BYTES:
+                       sess->cipher.key_length_in_bytes = AES_128_BYTES;
+                       (mb_ops->aux.keyexp.aes_gcm_128)(xform->auth.key.data,
+                               &sess->cipher.gcm_key);
+                       break;
+               case AES_192_BYTES:
+                       sess->cipher.key_length_in_bytes = AES_192_BYTES;
+                       (mb_ops->aux.keyexp.aes_gcm_192)(xform->auth.key.data,
+                               &sess->cipher.gcm_key);
+                       break;
+               case AES_256_BYTES:
+                       sess->cipher.key_length_in_bytes = AES_256_BYTES;
+                       (mb_ops->aux.keyexp.aes_gcm_256)(xform->auth.key.data,
+                               &sess->cipher.gcm_key);
+                       break;
+               default:
+                       RTE_LOG(ERR, PMD, "failed to parse test type\n");
+                       return -EINVAL;
+               }
+
+               return 0;
+       }
+
        switch (xform->auth.algo) {
        case RTE_CRYPTO_AUTH_MD5_HMAC:
                sess->auth.algo = MD5;
@@ -760,8 +808,16 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                break;
 
        case AES_GMAC:
-               job->u.GCM.aad = op->sym->aead.aad.data;
-               job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+               if (session->cipher.mode == GCM) {
+                       job->u.GCM.aad = op->sym->aead.aad.data;
+                       job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+               } else {
+                       /* For GMAC */
+                       job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,
+                                       uint8_t *, op->sym->auth.data.offset);
+                       job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;
+                       job->cipher_mode = GCM;
+               }
                job->aes_enc_key_expanded = &session->cipher.gcm_key;
                job->aes_dec_key_expanded = &session->cipher.gcm_key;
                break;
@@ -801,7 +857,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                                rte_pktmbuf_data_len(op->sym->m_src));
        } else {
                m_dst = m_src;
-               if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)
+               if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
+                               session->cipher.mode == GCM))
                        m_offset = op->sym->aead.data.offset;
                else
                        m_offset = op->sym->cipher.data.offset;
@@ -813,7 +870,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                job->auth_tag_output = qp->temp_digests[*digest_idx];
                *digest_idx = (*digest_idx + 1) % MAX_JOBS;
        } else {
-               if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC)
+               if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
+                               session->cipher.mode == GCM))
                        job->auth_tag_output = op->sym->aead.digest.data;
                else
                        job->auth_tag_output = op->sym->auth.digest.data;
@@ -851,13 +909,26 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
                break;
 
        case AES_GMAC:
-               job->cipher_start_src_offset_in_bytes =
-                               op->sym->aead.data.offset;
-               job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
-               job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
-               job->msg_len_to_hash_in_bytes = job->msg_len_to_cipher_in_bytes;
+               if (session->cipher.mode == GCM) {
+                       job->cipher_start_src_offset_in_bytes =
+                                       op->sym->aead.data.offset;
+                       job->hash_start_src_offset_in_bytes =
+                                       op->sym->aead.data.offset;
+                       job->msg_len_to_cipher_in_bytes =
+                                       op->sym->aead.data.length;
+                       job->msg_len_to_hash_in_bytes =
+                                       op->sym->aead.data.length;
+               } else {
+                       job->cipher_start_src_offset_in_bytes =
+                                       op->sym->auth.data.offset;
+                       job->hash_start_src_offset_in_bytes =
+                                       op->sym->auth.data.offset;
+                       job->msg_len_to_cipher_in_bytes = 0;
+                       job->msg_len_to_hash_in_bytes = 0;
+               }
                job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
                                session->iv.offset);
+
                break;
 
        default:
@@ -879,19 +950,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 }
 
 static inline void
-verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op,
-               struct aesni_mb_session *sess)
+verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status)
 {
-       /* Verify digest if required */
-       if (job->hash_alg == AES_CCM || job->hash_alg == AES_GMAC) {
-               if (memcmp(job->auth_tag_output, op->sym->aead.digest.data,
-                               sess->auth.req_digest_len) != 0)
-                       op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-       } else {
-               if (memcmp(job->auth_tag_output, op->sym->auth.digest.data,
-                               sess->auth.req_digest_len) != 0)
-                       op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-       }
+       if (memcmp(job->auth_tag_output, digest, len) != 0)
+               *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 }
 
 static inline void
@@ -933,13 +995,24 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
                case STS_COMPLETED:
                        op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
-                       if (job->hash_alg != NULL_HASH) {
-                               if (sess->auth.operation ==
-                                               RTE_CRYPTO_AUTH_OP_VERIFY)
-                                       verify_digest(job, op, sess);
+                       if (job->hash_alg == NULL_HASH)
+                               break;
+
+                       if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
+                               if (job->hash_alg == AES_CCM ||
+                                       (job->hash_alg == AES_GMAC &&
+                                               sess->cipher.mode == GCM))
+                                       verify_digest(job,
+                                               op->sym->aead.digest.data,
+                                               sess->auth.req_digest_len,
+                                               &op->status);
                                else
-                                       generate_digest(job, op, sess);
-                       }
+                                       verify_digest(job,
+                                               op->sym->auth.digest.data,
+                                               sess->auth.req_digest_len,
+                                               &op->status);
+                       } else
+                               generate_digest(job, op, sess);
                        break;
                default:
                        op->status = RTE_CRYPTO_OP_STATUS_ERROR;

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 5788e37..56d409b 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -360,6 +360,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
                        }, }
                }, }
        },
+       {       /* AES GMAC (AUTH) */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 32,
+                                       .increment = 8
+                               },
+                               .digest_size = {
+                                       .min = 8,
+                                       .max = 16,
+                                       .increment = 4
+                               },
+                               .iv_size = {
+                                       .min = 12,
+                                       .max = 12,
+                                       .increment = 0
+                               }
+                       }, }
+               }, }
+       },
        RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c
index f3eff26..1ca6baa 100644 (file)
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops_compat.c
@@ -416,6 +416,31 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
                        }, }
                }, }
        },
+       {       /* AES GMAC (AUTH) */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+                       {.auth = {
+                               .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 32,
+                                       .increment = 8
+                               },
+                               .digest_size = {
+                                       .min = 8,
+                                       .max = 16,
+                                       .increment = 4
+                               },
+                               .iv_size = {
+                                       .min = 12,
+                                       .max = 12,
+                                       .increment = 0
+                               }
+                       }, }
+               }, }
+       },
        RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 

diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 84065eb..f437321 100644 (file)
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -9228,6 +9228,7 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite  = {
        .setup = testsuite_setup,
        .teardown = testsuite_teardown,
        .unit_test_cases = {
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0)
                TEST_CASE_ST(ut_setup, ut_teardown,
                        test_AES_GCM_authenticated_encryption_test_case_1),
                TEST_CASE_ST(ut_setup, ut_teardown,
@@ -9341,6 +9342,20 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite  = {
                TEST_CASE_ST(ut_setup, ut_teardown,
                        test_AES_GCM_authenticated_decryption_sessionless_test_case_1),
 
+               /** AES GMAC Authentication */
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_AES_GMAC_authentication_test_case_1),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_AES_GMAC_authentication_verify_test_case_1),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_AES_GMAC_authentication_test_case_2),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_AES_GMAC_authentication_verify_test_case_2),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_AES_GMAC_authentication_test_case_3),
+               TEST_CASE_ST(ut_setup, ut_teardown,
+                       test_AES_GMAC_authentication_verify_test_case_3),
+#endif /* IMB_VERSION_NUM >= IMB_VERSION(0, 51, 0) */
 
                TEST_CASE_ST(ut_setup, ut_teardown, test_AES_chain_mb_all),
                TEST_CASE_ST(ut_setup, ut_teardown, test_AES_cipheronly_mb_all),

diff --git a/test/test/test_cryptodev_hash_test_vectors.h b/test/test/test_cryptodev_hash_test_vectors.h
index a02dfb3..8964a3b 100644 (file)
--- a/test/test/test_cryptodev_hash_test_vectors.h
+++ b/test/test/test_cryptodev_hash_test_vectors.h
@@ -5,6 +5,15 @@
 #ifndef TEST_CRYPTODEV_HASH_TEST_VECTORS_H_
 #define TEST_CRYPTODEV_HASH_TEST_VECTORS_H_
 
+#ifdef RTE_LIBRTE_PMD_AESNI_MB
+#include <intel-ipsec-mb.h>
+#endif
+
+#if !defined(IMB_VERSION_NUM)
+#define IMB_VERSION(a, b, c) (((a) << 16) + ((b) << 8) + (c))
+#define IMB_VERSION_NUM IMB_VERSION(0, 49, 0)
+#endif
+
 static const uint8_t plaintext_hash[] = {
        "What a lousy earth! He wondered how many people "
        "were destitute that same night even in his own "