From: Fan Zhang Date: Thu, 20 Dec 2018 12:22:15 +0000 (+0000) Subject: crypto/aesni_mb: support plain SHA X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=11fdbf1b78660e058a059b02504065935b9ff730;p=dpdk.git crypto/aesni_mb: support plain SHA This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support to AESNI-MB PMD. The cryptodev unit test and documentation are updated accordingly. Signed-off-by: Damian Nowak Signed-off-by: Lukasz Krakowiak Signed-off-by: Fan Zhang Acked-by: Fiona Trahe --- diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 1d6ebbad20..47f2ecc2f6 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -41,6 +41,11 @@ Hash algorithms: * RTE_CRYPTO_HASH_AES_XCBC_HMAC * RTE_CRYPTO_HASH_AES_CMAC * RTE_CRYPTO_HASH_AES_GMAC +* RTE_CRYPTO_HASH_SHA1 +* RTE_CRYPTO_HASH_SHA224 +* RTE_CRYPTO_HASH_SHA256 +* RTE_CRYPTO_HASH_SHA384 +* RTE_CRYPTO_HASH_SHA512 AEAD algorithms: @@ -55,6 +60,7 @@ Limitations * RTE_CRYPTO_AEAD_AES_GCM only works properly when the multi-buffer library is 0.51.0 or newer. * RTE_CRYPTO_HASH_AES_GMAC is supported by library version v0.51 or later. +* RTE_CRYPTO_HASH_SHA* is supported by library version v0.52 or later. Installation diff --git a/doc/guides/rel_notes/release_19_02.rst b/doc/guides/rel_notes/release_19_02.rst index 4b244114c2..662fdd0e13 100644 --- a/doc/guides/rel_notes/release_19_02.rst +++ b/doc/guides/rel_notes/release_19_02.rst @@ -104,6 +104,7 @@ New Features * Add support for intel-ipsec-mb version 0.52. * Add AES-GMAC algorithm support. + * Add Plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support. * **Enabled checksum support in the ISA-L compressdev driver.** diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index d34cbc36ad..4e31735caa 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -107,6 +107,7 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, hash_one_block_t hash_oneblock_fn; unsigned int key_larger_block_size = 0; uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 }; + uint32_t auth_precompute = 1; if (xform == NULL) { sess->auth.algo = NULL_HASH; @@ -237,6 +238,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA1: + sess->auth.algo = PLAIN_SHA1; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA224_HMAC: sess->auth.algo = SHA_224; hash_oneblock_fn = mb_mgr->sha224_one_block; @@ -248,6 +253,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA224: + sess->auth.algo = PLAIN_SHA_224; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA256_HMAC: sess->auth.algo = SHA_256; hash_oneblock_fn = mb_mgr->sha256_one_block; @@ -259,6 +268,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA256: + sess->auth.algo = PLAIN_SHA_256; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA384_HMAC: sess->auth.algo = SHA_384; hash_oneblock_fn = mb_mgr->sha384_one_block; @@ -270,6 +283,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA384: + sess->auth.algo = PLAIN_SHA_384; + auth_precompute = 0; + break; case RTE_CRYPTO_AUTH_SHA512_HMAC: sess->auth.algo = SHA_512; hash_oneblock_fn = mb_mgr->sha512_one_block; @@ -281,6 +298,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, key_larger_block_size = 1; } break; + case RTE_CRYPTO_AUTH_SHA512: + sess->auth.algo = PLAIN_SHA_512; + auth_precompute = 0; + break; default: AESNI_MB_LOG(ERR, "Unsupported authentication algorithm selection"); return -ENOTSUP; @@ -302,6 +323,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, else sess->auth.gen_digest_len = sess->auth.req_digest_len; + /* Plain SHA does not require precompute key */ + if (auth_precompute == 0) + return 0; + /* Calculate Authentication precomputes */ if (key_larger_block_size) { calculate_auth_precomputes(hash_oneblock_fn, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 56d409b4bd..c90f6baa3b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -54,6 +54,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA1 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 20, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA224 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -75,6 +96,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 28, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA256 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -96,6 +138,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 32, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA384 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -117,6 +180,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384, + .block_size = 128, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 48, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* SHA512 HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { @@ -138,6 +222,27 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { }, } }, } }, + { /* SHA512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512, + .block_size = 128, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* AES XCBC HMAC */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h index d61abfe4f7..cdbe7f520b 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h @@ -109,6 +109,13 @@ static const unsigned auth_digest_byte_lengths[] = { [AES_CMAC] = 16, [AES_GMAC] = 12, [NULL_HASH] = 0, +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + [PLAIN_SHA1] = 20, + [PLAIN_SHA_224] = 28, + [PLAIN_SHA_256] = 32, + [PLAIN_SHA_384] = 48, + [PLAIN_SHA_512] = 64 +#endif /**< Vector mode dependent pointer table of the multi-buffer APIs */ }; diff --git a/test/test/test_cryptodev_hash_test_vectors.h b/test/test/test_cryptodev_hash_test_vectors.h index 8964a3bac7..d3a26609c9 100644 --- a/test/test/test_cryptodev_hash_test_vectors.h +++ b/test/test/test_cryptodev_hash_test_vectors.h @@ -96,7 +96,8 @@ sha1_test_vector = { 0x35, 0x62, 0xFB, 0xFA, 0x93, 0xFD, 0x7D, 0x70, 0xA6, 0x7D, 0x45, 0xCA }, - .len = 20 + .len = 20, + .truncated_len = 20 } }; @@ -140,7 +141,8 @@ sha224_test_vector = { 0x39, 0x26, 0xDF, 0xB5, 0x78, 0x62, 0xB2, 0x6E, 0x5E, 0x8F, 0x25, 0x84 }, - .len = 28 + .len = 28, + .truncated_len = 28 } }; @@ -186,7 +188,8 @@ sha256_test_vector = { 0x1F, 0xC7, 0x84, 0xEE, 0x76, 0xA6, 0x39, 0x15, 0x76, 0x2F, 0x87, 0xF9, 0x01, 0x06, 0xF3, 0xB7 }, - .len = 32 + .len = 32, + .truncated_len = 32 } }; @@ -234,7 +237,8 @@ sha384_test_vector = { 0xAD, 0x41, 0xAB, 0x15, 0xB0, 0x03, 0x15, 0xEC, 0x9E, 0x3D, 0xED, 0xCB, 0x80, 0x7B, 0xF4, 0xB6 }, - .len = 48 + .len = 48, + .truncated_len = 48 } }; @@ -288,7 +292,8 @@ sha512_test_vector = { 0x64, 0x4E, 0x15, 0x68, 0x12, 0x67, 0x26, 0x0F, 0x2C, 0x3C, 0x83, 0x25, 0x27, 0x86, 0xF0, 0xDB }, - .len = 64 + .len = 64, + .truncated_len = 64 } }; @@ -428,6 +433,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -437,6 +445,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -496,6 +507,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -505,6 +519,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -542,6 +559,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -551,6 +571,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -590,6 +613,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -599,6 +625,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -638,6 +667,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, { @@ -647,6 +679,9 @@ static const struct blockcipher_test_case hash_test_cases[] = { .pmd_mask = BLOCKCIPHER_TEST_TARGET_PMD_OPENSSL | BLOCKCIPHER_TEST_TARGET_PMD_CCP | BLOCKCIPHER_TEST_TARGET_PMD_MVSAM | +#if IMB_VERSION_NUM >= IMB_VERSION(0, 52, 0) + BLOCKCIPHER_TEST_TARGET_PMD_MB | +#endif BLOCKCIPHER_TEST_TARGET_PMD_OCTEONTX }, {