From: Marko Kovacevic Date: Fri, 8 Jun 2018 09:10:01 +0000 (+0100) Subject: crypto/aesni_mb: support 3DES X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=06c761d6fb50c8ba5990fa48838c478b5dbd89c0;p=dpdk.git crypto/aesni_mb: support 3DES Added support for 3DES cipher algorithm which will support 8, 16 and 24 byte keys, which also has been added in the v0.50 of the IPSec Multi-buffer lib. Signed-off-by: Marko Kovacevic Acked-by: Pablo de Lara --- diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index df3ed67da0..c29295002f 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -27,6 +27,7 @@ Cipher algorithms: * RTE_CRYPTO_CIPHER_AES256_CTR * RTE_CRYPTO_CIPHER_AES_DOCSISBPI * RTE_CRYPTO_CIPHER_DES_CBC +* RTE_CRYPTO_CIPHER_3DES_CBC * RTE_CRYPTO_CIPHER_DES_DOCSISBPI Hash algorithms: diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini index 1e263c2b30..f72957451f 100644 --- a/doc/guides/cryptodevs/features/aesni_mb.ini +++ b/doc/guides/cryptodevs/features/aesni_mb.ini @@ -24,6 +24,7 @@ AES CTR (192) = Y AES CTR (256) = Y AES DOCSIS BPI = Y DES CBC = Y +3DES CBC = Y DES DOCSIS BPI = Y ; diff --git a/doc/guides/rel_notes/release_18_08.rst b/doc/guides/rel_notes/release_18_08.rst index a2e5290014..1ca7cb948a 100644 --- a/doc/guides/rel_notes/release_18_08.rst +++ b/doc/guides/rel_notes/release_18_08.rst @@ -74,6 +74,12 @@ New Features * Add handlers to add/delete VxLAN port number. * Add devarg to specify ingress VLAN rewrite mode. +* **Updated the AESNI MB PMD.** + + The AESNI MB PMD has been updated with additional support for: + + * 3DES for 8, 16 and 24 byte keys. + * **Added a new compression PMD using Intel's QuickAssist (QAT) device family.** Added the new ``QAT`` compression driver, for compression and decompression diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index b1b6bb0762..93dc7a4432 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -182,6 +182,7 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops, const struct rte_crypto_sym_xform *xform) { uint8_t is_aes = 0; + uint8_t is_3DES = 0; aes_keyexp_t aes_keyexp_fn; if (xform == NULL) { @@ -227,6 +228,10 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops, case RTE_CRYPTO_CIPHER_DES_DOCSISBPI: sess->cipher.mode = DOCSIS_DES; break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + sess->cipher.mode = DES3; + is_3DES = 1; + break; default: AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter"); return -ENOTSUP; @@ -261,6 +266,49 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops, sess->cipher.expanded_aes_keys.encode, sess->cipher.expanded_aes_keys.decode); + } else if (is_3DES) { + uint64_t *keys[3] = {sess->cipher.exp_3des_keys.key[0], + sess->cipher.exp_3des_keys.key[1], + sess->cipher.exp_3des_keys.key[2]}; + + switch (xform->cipher.key.length) { + case 24: + des_key_schedule(keys[0], xform->cipher.key.data); + des_key_schedule(keys[1], xform->cipher.key.data+8); + des_key_schedule(keys[2], xform->cipher.key.data+16); + + /* Initialize keys - 24 bytes: [K1-K2-K3] */ + sess->cipher.exp_3des_keys.ks_ptr[0] = keys[0]; + sess->cipher.exp_3des_keys.ks_ptr[1] = keys[1]; + sess->cipher.exp_3des_keys.ks_ptr[2] = keys[2]; + break; + case 16: + des_key_schedule(keys[0], xform->cipher.key.data); + des_key_schedule(keys[1], xform->cipher.key.data+8); + + /* Initialize keys - 16 bytes: [K1=K1,K2=K2,K3=K1] */ + sess->cipher.exp_3des_keys.ks_ptr[0] = keys[0]; + sess->cipher.exp_3des_keys.ks_ptr[1] = keys[1]; + sess->cipher.exp_3des_keys.ks_ptr[2] = keys[0]; + break; + case 8: + des_key_schedule(keys[0], xform->cipher.key.data); + + /* Initialize keys - 8 bytes: [K1 = K2 = K3] */ + sess->cipher.exp_3des_keys.ks_ptr[0] = keys[0]; + sess->cipher.exp_3des_keys.ks_ptr[1] = keys[0]; + sess->cipher.exp_3des_keys.ks_ptr[2] = keys[0]; + break; + default: + AESNI_MB_LOG(ERR, "Invalid cipher key length"); + return -EINVAL; + } + +#if IMB_VERSION_NUM >= IMB_VERSION(0, 50, 0) + sess->cipher.key_length_in_bytes = 24; +#else + sess->cipher.key_length_in_bytes = 8; +#endif } else { if (xform->cipher.key.length != 8) { AESNI_MB_LOG(ERR, "Invalid cipher key length"); @@ -524,8 +572,20 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, job->cipher_mode = session->cipher.mode; job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes; - job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode; - job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode; + + if (job->cipher_mode == DES3) { + job->aes_enc_key_expanded = + session->cipher.exp_3des_keys.ks_ptr; + job->aes_dec_key_expanded = + session->cipher.exp_3des_keys.ks_ptr; + } else { + job->aes_enc_key_expanded = + session->cipher.expanded_aes_keys.encode; + job->aes_dec_key_expanded = + session->cipher.expanded_aes_keys.decode; + } + + /* Set authentication parameters */ diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index c3c349d5a7..ab26e5ae4c 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -239,6 +239,26 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* 3DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .block_size = 8, + .key_size = { + .min = 8, + .max = 24, + .increment = 8 + }, + .iv_size = { + .min = 8, + .max = 8, + .increment = 0 + } + }, } + }, } + }, { /* DES DOCSIS BPI */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h index d355315212..70e9d18e56 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h @@ -169,12 +169,18 @@ struct aesni_mb_session { uint64_t key_length_in_bytes; - struct { - uint32_t encode[60] __rte_aligned(16); - /**< encode key */ - uint32_t decode[60] __rte_aligned(16); - /**< decode key */ - } expanded_aes_keys; + union { + struct { + uint32_t encode[60] __rte_aligned(16); + /**< encode key */ + uint32_t decode[60] __rte_aligned(16); + /**< decode key */ + } expanded_aes_keys; + struct { + const void *ks_ptr[3]; + uint64_t key[3][16]; + } exp_3des_keys; + }; /**< Expanded AES keys - Allocating space to * contain the maximum expanded key size which * is 240 bytes for 256 bit AES, calculate by: diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index cbbdb15185..a6044b261e 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -5020,6 +5020,24 @@ test_DES_cipheronly_mb_all(void) return TEST_SUCCESS; } +static int +test_3DES_cipheronly_mb_all(void) +{ + struct crypto_testsuite_params *ts_params = &testsuite_params; + int status; + + status = test_blockcipher_all_tests(ts_params->mbuf_pool, + ts_params->op_mpool, + ts_params->session_mpool, + ts_params->valid_devs[0], + rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)), + BLKCIPHER_3DES_CIPHERONLY_TYPE); + + TEST_ASSERT_EQUAL(status, 0, "Test failed"); + + return TEST_SUCCESS; +} static int test_DES_docsis_mb_all(void) @@ -9032,6 +9050,8 @@ static struct unit_test_suite cryptodev_aesni_mb_testsuite = { test_DES_cipheronly_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_DES_docsis_mb_all), + TEST_CASE_ST(ut_setup, ut_teardown, + test_3DES_cipheronly_mb_all), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_CCM_authenticated_encryption_test_case_128_1), TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/test/test/test_cryptodev_des_test_vectors.h b/test/test/test_cryptodev_des_test_vectors.h index 43be83d648..4217b72a0a 100644 --- a/test/test/test_cryptodev_des_test_vectors.h +++ b/test/test/test_cryptodev_des_test_vectors.h @@ -792,6 +792,30 @@ triple_des192cbc_hmac_sha1_test_vector = { .len = 20 } }; +static const struct blockcipher_test_data +triple_des64cbc_test_vector = { + .crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .cipher_key = { + .data = { + 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2 + }, + .len = 8 + }, + .iv = { + .data = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + }, + .len = 8 + }, + .plaintext = { + .data = plaintext_des, + .len = 512 + }, + .ciphertext = { + .data = ciphertext512_des, + .len = 512 + }, +}; static const struct blockcipher_test_data des_cbc_test_vector = { @@ -1204,6 +1228,18 @@ static const struct blockcipher_test_case triple_des_chain_test_cases[] = { }; static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = { + { + .test_descr = "3DES-64-CBC Encryption", + .test_data = &triple_des64cbc_test_vector, + .op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, + { + .test_descr = "3DES-64-CBC Decryption", + .test_data = &triple_des64cbc_test_vector, + .op_mask = BLOCKCIPHER_TEST_OP_DECRYPT, + .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_MB + }, { .test_descr = "3DES-128-CBC Encryption", .test_data = &triple_des128cbc_test_vector, @@ -1212,7 +1248,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = { BLOCKCIPHER_TEST_TARGET_PMD_QAT | BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC | BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC | - BLOCKCIPHER_TEST_TARGET_PMD_CCP + BLOCKCIPHER_TEST_TARGET_PMD_CCP | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "3DES-128-CBC Decryption", @@ -1222,7 +1259,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = { BLOCKCIPHER_TEST_TARGET_PMD_QAT | BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC | BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC | - BLOCKCIPHER_TEST_TARGET_PMD_CCP + BLOCKCIPHER_TEST_TARGET_PMD_CCP | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "3DES-192-CBC Encryption", @@ -1233,7 +1271,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = { BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC | BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | - BLOCKCIPHER_TEST_TARGET_PMD_CCP + BLOCKCIPHER_TEST_TARGET_PMD_CCP | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "3DES-192-CBC Decryption", @@ -1244,7 +1283,8 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = { BLOCKCIPHER_TEST_TARGET_PMD_DPAA2_SEC | BLOCKCIPHER_TEST_TARGET_PMD_DPAA_SEC | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | - BLOCKCIPHER_TEST_TARGET_PMD_CCP + BLOCKCIPHER_TEST_TARGET_PMD_CCP | + BLOCKCIPHER_TEST_TARGET_PMD_MB }, { .test_descr = "3DES-128-CTR Encryption",